quickreference:unix
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
quickreference:unix [2023/10/08 15:19] – [References] rodolico | quickreference:unix [2023/10/19 17:32] – [Rename Server] rodolico | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Systems Administration ===== | ===== Systems Administration ===== | ||
+ | ==== Partitioning large drives ==== | ||
+ | |||
+ | Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, | ||
+ | |||
+ | This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available. | ||
+ | |||
+ | <code bash> | ||
+ | # remove all old file system information. Not necessary, but I do it just because I can | ||
+ | wipefs -a /dev/sdg | ||
+ | # make this a gpt disk. Will wipe out any other partitioning scheme | ||
+ | parted /dev/sdg mklabel gpt | ||
+ | # make a new partition on optimal sector boundries. This is a primary partition, and starts | ||
+ | # at the beginning of the disk (0%) and goes to the end of the disk (100%) | ||
+ | # I put that in quotes as, from what I've read, the percent symbol does not work well | ||
+ | # within the bash command line | ||
+ | # note, we are not telling it what file system to use, so it defaults to Linux | ||
+ | parted -a optimal /dev/sdg mkpart primary ' | ||
+ | # display the information on the disk | ||
+ | parted /dev/sdg print | ||
+ | # format as ext4, no reserved space, and a disk label marked ' | ||
+ | mkfs.ext4 -m0 -Lbackup /dev/sdg | ||
+ | |||
+ | </ | ||
==== Rapidly wipe multiple hard drives ==== | ==== Rapidly wipe multiple hard drives ==== | ||
Line 13: | Line 36: | ||
# for truly not sensitive information, | # for truly not sensitive information, | ||
- | for drive in a b c d e f g ; do wipefs -a / | + | for drive in a b c d e f g |
+ | do | ||
+ | wipefs -a / | ||
+ | done | ||
# but, to really remove in a way that takes tons of effort to recover, do this also | # but, to really remove in a way that takes tons of effort to recover, do this also | ||
- | for drive in a b c d e f g ; do echo Cleaning sd%drive | + | for drive in a b c |
+ | do | ||
+ | echo Cleaning sd%drive | ||
+ | dd if=/ | ||
+ | done | ||
</ | </ | ||
- | I then realized | + | I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. |
<code bash wipedrives2.sh> | <code bash wipedrives2.sh> | ||
#! / | #! / | ||
- | for drive in a b c d e f g ; do screen dd if=/ | + | for drive in a b c d e f g h |
+ | do | ||
+ | screen | ||
+ | done | ||
</ | </ | ||
- | Note: I have not done the parallel one yet. I'm waiting | + | Basically, we're using a bash for loop to grab all the drive names (I just used the last letter), running screen and immediately detaching the new process after telling it to run //bash -c// and the command after it in quotes |
- | + | ||
- | Haven' | + | |
**Warning**: | **Warning**: | ||
Line 42: | Line 73: | ||
==== Check SSL Cert Expiration Date ==== | ==== Check SSL Cert Expiration Date ==== | ||
- | Ever wondered when your SMTP SSL Certificates are up for renewal? A quick and dirty way of doing it from the command line was shown at [https:// | + | Ever wondered when your SMTP SSL Certificates are up for renewal? What DNS entries your certificates have? A quick and dirty way of doing it from the command line was shown at [https:// |
- | Note: the discussion | + | Note: the discussions |
+ | |||
+ | This is a quick and dirty that will get the certificate (and a lot of other stuff), but the certificate is in its MIME encoded format. | ||
<code bash> | <code bash> | ||
printf ' | printf ' | ||
- | openssl s_client -connect smtp.example.com: | + | openssl s_client -connect smtp.example.com: |
- | openssl | + | </ |
+ | |||
+ | This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the the entire conversation, | ||
+ | |||
+ | You can do the same thing for other ports, like 587 for submission. If you want to test the SSL port (465), just remove the //-starttls smtp// from the command: | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl | ||
</ | </ | ||
- | This basically makes a connection | + | If you want to test an IMAP server, you need to send it a different logout (the first line). To log out of it, you need //a1 logout// followed by a line return, so |
- | You can also test an IMAP server. IMAP uses the command //a1 logout// to exit, and port 993 for an SSL connection, so your script becomes: | ||
<code bash> | <code bash> | ||
printf 'a1 logout\n' | printf 'a1 logout\n' | ||
- | openssl s_client -connect mail.example.com: | + | openssl s_client -connect mail.example.com: |
- | openssl x509 -dates -noout | + | |
</ | </ | ||
- | **Note:** since we are going in over a non-SSL enabled | + | Again, connecting to imaps (port 993), you just don' |
+ | |||
+ | <code bash> | ||
+ | printf 'a1 logout\n' | ||
+ | openssl s_client -connect mail.example.com: | ||
+ | </ | ||
+ | |||
+ | And, finally, to look at a web site certificate, | ||
+ | <code bash> | ||
+ | printf " | ||
+ | openssl s_client -showcerts -servername web.example.com -connect web.example.com: | ||
+ | </ | ||
+ | |||
+ | All the above is well and good, but it would be nice to decode the certificate, | ||
+ | |||
+ | === Dump the certificate === | ||
+ | |||
+ | Turning the certificate into something a human can read is done with the command | ||
<code bash> | <code bash> | ||
printf ' | printf ' | ||
- | openssl s_client -connect smtp.example.com: | + | openssl s_client -connect smtp.example.com: |
+ | openssl x509 -text -noout | ||
+ | </ | ||
+ | |||
+ | If you want to find what names the certificate is valid for, they are on a line which contains the text DNS, so grepping the output of the above will give you what you need without reading the whole thing. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep DNS | ||
+ | </ | ||
+ | |||
+ | === Get Dates === | ||
+ | |||
+ | You could use //grep// to find the expiration date of a certificate | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep 'Not After :' | ||
+ | </ | ||
+ | |||
+ | But, the openssl x509 has a special flag for that, //-dates//, so it is simpler to write it as | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
openssl x509 -dates -noout | openssl x509 -dates -noout | ||
</ | </ | ||
- | I //think// that is the correct description of what is happening, but not sure. However, it works. | + | === Other === |
+ | Again, //man openssl-x509// | ||
+ | -serial - the serial number of the certificate | ||
+ | -subject - Subject Name | ||
+ | -issuer - Issuer Name | ||
+ | -startdate - beginning date of certificate (notBefore) | ||
+ | -enddate - expiry date of certificate (notAfter) | ||
==== Rename Server ==== | ==== Rename Server ==== | ||
Line 83: | Line 173: | ||
<code bash> | <code bash> | ||
# change the host name, and the postfix name if that is installed | # change the host name, and the postfix name if that is installed | ||
- | sed -i.old ' | + | sed -i.old ' |
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
/ | / | ||
# update the aliases, if they exist | # update the aliases, if they exist |
quickreference/unix.txt · Last modified: 2024/03/04 15:54 by rodolico