quickreference:unix
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
quickreference:unix [2023/10/08 15:07] – rodolico | quickreference:unix [2023/10/19 17:32] – [Rename Server] rodolico | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Systems Administration ===== | ===== Systems Administration ===== | ||
+ | ==== Partitioning large drives ==== | ||
+ | |||
+ | Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, | ||
+ | |||
+ | This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available. | ||
+ | |||
+ | <code bash> | ||
+ | # remove all old file system information. Not necessary, but I do it just because I can | ||
+ | wipefs -a /dev/sdg | ||
+ | # make this a gpt disk. Will wipe out any other partitioning scheme | ||
+ | parted /dev/sdg mklabel gpt | ||
+ | # make a new partition on optimal sector boundries. This is a primary partition, and starts | ||
+ | # at the beginning of the disk (0%) and goes to the end of the disk (100%) | ||
+ | # I put that in quotes as, from what I've read, the percent symbol does not work well | ||
+ | # within the bash command line | ||
+ | # note, we are not telling it what file system to use, so it defaults to Linux | ||
+ | parted -a optimal /dev/sdg mkpart primary ' | ||
+ | # display the information on the disk | ||
+ | parted /dev/sdg print | ||
+ | # format as ext4, no reserved space, and a disk label marked ' | ||
+ | mkfs.ext4 -m0 -Lbackup /dev/sdg | ||
+ | |||
+ | </ | ||
==== Rapidly wipe multiple hard drives ==== | ==== Rapidly wipe multiple hard drives ==== | ||
Line 13: | Line 36: | ||
# for truly not sensitive information, | # for truly not sensitive information, | ||
- | for drive in a b c d e f g ; do wipefs -a / | + | for drive in a b c d e f g |
+ | do | ||
+ | wipefs -a / | ||
+ | done | ||
# but, to really remove in a way that takes tons of effort to recover, do this also | # but, to really remove in a way that takes tons of effort to recover, do this also | ||
- | for drive in a b c d e f g ; do echo Cleaning sd%drive | + | for drive in a b c |
+ | do | ||
+ | echo Cleaning sd%drive | ||
+ | dd if=/ | ||
+ | done | ||
</ | </ | ||
- | I then realized | + | I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. |
<code bash wipedrives2.sh> | <code bash wipedrives2.sh> | ||
#! / | #! / | ||
- | for drive in a b c d e f g ; do screen dd if=/ | + | for drive in a b c d e f g h |
+ | do | ||
+ | screen | ||
+ | done | ||
</ | </ | ||
- | Note: I have not done the parallel one yet. I'm waiting | + | Basically, we're using a bash for loop to grab all the drive names (I just used the last letter), running screen and immediately detaching the new process after telling it to run //bash -c// and the command after it in quotes |
- | + | ||
- | Haven' | + | |
**Warning**: | **Warning**: | ||
Line 42: | Line 73: | ||
==== Check SSL Cert Expiration Date ==== | ==== Check SSL Cert Expiration Date ==== | ||
- | Ever wondered when your SMTP SSL Certificates are up for renewal? A quick and dirty way of doing it from the command line was shown at [https:// | + | Ever wondered when your SMTP SSL Certificates are up for renewal? What DNS entries your certificates have? A quick and dirty way of doing it from the command line was shown at [https:// |
+ | |||
+ | Note: the discussions covered other things, and are well worth a 5 minute read. | ||
+ | |||
+ | This is a quick and dirty that will get the certificate (and a lot of other stuff), but the certificate is in its MIME encoded format. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | </ | ||
+ | |||
+ | This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the the entire conversation, | ||
+ | |||
+ | You can do the same thing for other ports, like 587 for submission. If you want to test the SSL port (465), just remove the //-starttls smtp// from the command: | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | </ | ||
+ | |||
+ | If you want to test an IMAP server, you need to send it a different logout (the first line). To log out of it, you need //a1 logout// followed by a line return, so | ||
+ | |||
+ | <code bash> | ||
+ | printf 'a1 logout\n' | ||
+ | openssl s_client -connect mail.example.com: | ||
+ | </ | ||
+ | |||
+ | Again, connecting to imaps (port 993), you just don't do the starttls | ||
+ | |||
+ | <code bash> | ||
+ | printf 'a1 logout\n' | ||
+ | openssl s_client -connect mail.example.com: | ||
+ | </ | ||
+ | |||
+ | And, finally, to look at a web site certificate, | ||
+ | <code bash> | ||
+ | printf " | ||
+ | openssl s_client -showcerts -servername web.example.com -connect web.example.com: | ||
+ | </ | ||
+ | |||
+ | All the above is well and good, but it would be nice to decode the certificate, | ||
+ | |||
+ | === Dump the certificate === | ||
+ | |||
+ | Turning the certificate into something a human can read is done with the command //-text// flag, so let's pipe the output of the previous command to that. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | ||
+ | </ | ||
+ | |||
+ | If you want to find what names the certificate is valid for, they are on a line which contains the text DNS, so grepping the output of the above will give you what you need without reading the whole thing. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep DNS | ||
+ | </ | ||
+ | |||
+ | === Get Dates === | ||
+ | |||
+ | You could use //grep// to find the expiration date of a certificate | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep 'Not After :' | ||
+ | </ | ||
- | Note: the discussion covered other things, and is well worth a 5 minute read. | + | But, the openssl x509 has a special flag for that, //-dates//, so it is simpler to write it as |
<code bash> | <code bash> | ||
Line 52: | Line 153: | ||
</ | </ | ||
- | This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the certificate (second line), then passes that to another instance of openssl which decodes it to get the dates from it. You can also test port 587 (submission) by changing the 25 to a 587/ | + | === Other === |
+ | Again, //man openssl-x509// | ||
+ | -serial - the serial number of the certificate | ||
+ | -subject - Subject Name | ||
+ | -issuer - Issuer Name | ||
+ | -startdate - beginning date of certificate (notBefore) | ||
+ | -enddate - expiry date of certificate (notAfter) | ||
==== Rename Server ==== | ==== Rename Server ==== | ||
Line 66: | Line 173: | ||
<code bash> | <code bash> | ||
# change the host name, and the postfix name if that is installed | # change the host name, and the postfix name if that is installed | ||
- | sed -i.old ' | + | sed -i.old ' |
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
/ | / | ||
# update the aliases, if they exist | # update the aliases, if they exist | ||
Line 386: | Line 499: | ||
* https:// | * https:// | ||
* https:// | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
quickreference/unix.txt · Last modified: 2024/03/04 15:54 by rodolico