Differences

This shows you the differences between two versions of the page.

--- quickreference:unix [2019/01/29 01:18] – external edit 127.0.0.1
+++ quickreference:unix [2024/03/04 15:54] (current) – rodolico
@@ Line 2: / Line 2: @@
 This is just a location where I store various commands I found handy for Unix.
+===== Systems Administration =====
+==== Partitioning large drives ====
+Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, so instead we use parted. Fun Fact!!! gparted is a nice little GUI interface to this. But, we're dealing with command line stuff here.
+This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available.
+<code bash>
+# remove all old file system information. Not necessary, but I do it just because I can
+wipefs -a /dev/sdg
+# make this a gpt disk. Will wipe out any other partitioning scheme
+parted /dev/sdg mklabel gpt
+# make a new partition on optimal sector boundries. This is a primary partition, and starts
+# at the beginning of the disk (0%) and goes to the end of the disk (100%)
+# I put that in quotes as, from what I've read, the percent symbol does not work well
+# within the bash command line
+# note, we are not telling it what file system to use, so it defaults to Linux
+parted -a optimal /dev/sdg mkpart primary '0%' '100%'
+# display the information on the disk
+parted /dev/sdg print
+# format as ext4, no reserved space, and a disk label marked 'backup'
+mkfs.ext4 -m0 -Lbackup /dev/sdg
+</code>
+==== Rapidly wipe multiple hard drives ====
+Nothing beats DBAN [https://dban.org/] in ease of use and a feeling of good security. However, I recently had an issue where I had a server with 7 slow hard disks containing data that really wasn't all that sensitive, so I simply wanted to put a bunch of zeros on it, so I booted off of my SystemRescueCD thumbdrive [https://www.system-rescue.org/] and ran the following bash script. Should work in any shell which has the //for// command, however.
+<code bash wipedrives.sh>
+#! /usr/bin/env bash
+# for truly not sensitive information, this command wipes all the OS information
+for drive in a b c d e f g
+do
+   wipefs -a /dev/sd$drive
+done
+# but, to really remove in a way that takes tons of effort to recover, do this also
+for drive in a b c
+do
+   echo Cleaning sd%drive
+   dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive
+done
+</code>
+I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. I realized I could probably run all 7 processes in parallel since, on my system, the drive controller is a lot faster than any individual drive So I decided to use the //screen// command and see if I could make that work.
+<code bash wipedrives2.sh>
+#! /usr/bin/env bash
+for drive in a b c d e f g h
+do
+   screen -dmS sd$drive bash -c "dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive"
+done
+</code>
+Basically, we're using a bash for loop to grab all the drive names (I just used the last letter), running screen and immediately detaching the new process after telling it to run //bash -c// and the command after it in quotes (so it would not interpret the pipes in our current, non-screen shell). I'm running this right now, and //pv// is predicting it will be done in 11.5 hours, or less than a third of the time. BUT, it is really heating up the office with 7 drives being continuously written to at the same time.
+**Warning**: When SystemRescueCD boots, it tries to assemble any mdadm (software RAID) arrays, and since they are locked, //dd// and //wipefs// won't be able to write to them (maybe). In that case, do the following:
+<code bash>
+# find any mdadm volumes running on Linux
+cat /proc/mdstat
+# assuming it showed you md127 was running (normal)
+mdadm --stop /dev/md127
+# it should stop the MD array and make the individual drives accessible
+</code>
+==== Rename Server ====
+I will occasionally mess up and name a server wrong, then I want to rename it. This is not as simple as it may seem. Most systems have multiple locations you must change, and you might also want to change the ssh host keys, lvm/mdadm/zfs names.
+=== Debian ===
+Following change hostname, mailname (if it exists), etc... Be sure to change //oldname// and //newname// on the sed command.
+**Note**: this assumes the name is unique in the files. So something like 'a' should not be used; manually edit the file.
+<code bash>
+# change the host name, and the postfix name if that is installed
+sed -i.old 's/oldname/newname/g' \
+   /etc/hostname \
+   /etc/hosts \
+   /etc/mailname \
+   /etc/postfix/main.cf \
+   /etc/camp/sysinfo-client/sysinfo-client.yaml \
+   /etc/msmtprc
+/etc/init.d/hostname.sh start
+# update the aliases, if they exist
+newaliases
+# regenerate the ssh keys
+rm -v /etc/ssh/ssh_host_*
+/usr/sbin/dpkg-reconfigure openssh-server
+</code>
+==== Reset Lost Password ====
+The simplest solution is to boot from some kind of live system, then mount the drive and manually edit etc/shadow, which contains a hash of the passwords. In most cases, simply removing the hash sets the user in question to have no password.
+We used the SystemRescueCD image (https://www.system-rescue.org/Download/) as a bootable USB thumbdrive for this and other purposes.
+  - Boot the system from the CD or USB Drive
+  - Determine which drive contains the etc/ directory<code bash>lsblk # Linux</code>
+  - Mount the drive someplace convenient <code bash>mount /dev/sda1 /mnt/backup</code>
+  - Open the shadow file and edit<code bash>joe /mnt/backup/etc/shadow</code>
+    - Find the line which contains the user. This is a colon delimited file, with the first column being the username. A sample would look like <code>dailydata:$6$FI3K:18368:0:99999:7:::</code>
+    - On the line in question, remove everything between the first and second colon. In the sample (which was edited for brevity), it would be //$6$FI3K//. Be sure and DO NOT delete anything else, especially th colons
+    - Save the file
+  - Reboot the system. The user in question should now be able to log in with no password.
+Note: The username in the example is dailydata. The password hash is actually very long, in some cases around 100 characters.
+If this does not work, you can use the same procedure above but, instead of editing the file directly, mount (as in the above example), then chroot into the mounted system and use the passwd command. So, after mounting in the above example, do the following:
+<code bash>
+chroot /mnt/backup
+passwd root # Change root's password
+exit # leave the chroot jail
+reboot # or shutdown
+</code>
+==== Wipe Disk Signatures ====
+There are several ways that signatures are included on block devices. You may have a signature saying a device contains an ext4 file system, for example, or is an LVM or RAID member. You can, of course, wipe them all by writing some value to all parts:
+<code bash>
+dd if=/dev/zero of=/dev/sda bs=16M
+</code>
+Which will read place the zeros on all blocks of device sda. NOTE: bs=16M determines how much data is written at one time, and larger numbers greatly increase the speed of the overwrite, up to a significant portion of available RAM.
+One of the fastes ways to clean all signatures is the wipefs command. It is not as complete as using dd, but it is very, very fast, and usually works just fine.
+<code bash>
+# see what the signatures are
+wipefs /dev/sda
+# remove all of the signatures
+sudo wipefs --all --force /dev/vdb
+</code>
+==== Grab Data via SSH ====
+I needed to grab the output from dmidecode for a bunch of machines. This would have been a good place for something like puppet, but we don't have it fully deployed. However, I have ssh access to most of the machines, so I was trying to figure out how to do it. I wanted the resulting filename to be `hostname -f`.dmidecode, ie the full hostname of the server with .dmidecode at the end. In the following, HOSTNAME is something that ssh can get to.
+<code bash>
+ssh HOSTNAME 'hostname -f ; sudo -S dmidecode' >aaee && FNAM=$(head -1 aaee) ; sed '1d' aaee > $FNAM.dmidecode
+</code>
+Dave came up with most of this, then I modified it for my use. Basically, he is returning the hostname and the output of dmidecode to a local temp file named aaee. If that works, then grab the first line into variable FNAM. Then send everything but the first line to the filename $FNAM.dmidecode.
+Note, since dmidecode requires root privileges, I had to use sudo to get it to work. sudo wants a terminal unless you pass  the -S parameter, in which case it prints the prompt on STDERR and waits for input. That input is not blanked, so it is visible on your monitor.
+===== Disk Management =====
+==== Create Swap file ====
+I generally prefer a swap //file// as opposed to a swap //partition//. While swap partitions can be more efficient, swap files are easier to manage (grow/shrink).
+This came from https://www.cyberciti.biz/faq/create-a-freebsd-swap-file/
+<code bash>
+fallocate -l 4G /swapfile
+# if no fallocate on your system, use the following
+# dd if=/dev/zero of=/swapfile bs=1024 count=1048576
+chmod 600 /swapfile
+# use "force" to use the entire "device"
+mkswap -f /swapfile
+# save, then modify fstab
+cp -a /etc/fstab /etc/fstab.save
+echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
+# turn on swap for everything in fstab
+swapon -a
+# display the result
+swapon --show
+</code>
+For BSD (FreeBSD specifically), you create the swapfile with dd, and you must use an md to mount it
+<code bash>
+# create an 8G swapfile
+dd if=/dev/zero of=/swapfile bs=1G count=8
+# set permissions very restrictive
+chmod 600 /swapfile
+# make a copy of fstab, in case we mess something up
+cp -a /etc/fstab /etc/fstab.bak
+# use mdconfig -lv to find an used md device. In this case, I'm using 42
+echo 'md42   none  swap   sw,file=/swapfile  0 0' >> /etc/fstab
+# turn on all defined swap devices
+swapon -a
+# now list them
+swapinfo -g
+</code>
+If, as in the case I ran into one time, you have an active swap device you want to get rid of, use swapinfo to find it, then use **swapoff /path/to/device/to/remove** and remove it from fstab
+==== Mount davfs file system ====
+Many web services allow you to mount their contents via davfs. On Linux, it if fairly simple to do this using davfs2. **Note** expect this to be slower than what you experience on a LAN. The protocol is generalized, and remember you are doing your work over a connection measured in megabits/second instead of gigabits.
+On a [[https://devuan.org/|Devuan]] system, or any Debian derivative, the following will get davfs2 installed and running. Replace 'jane' below with your username:
+<code bash>
+#  Answer yes when asked if unprivileged users should be able to mount
+sudo apt -y install davfs2
+sudo usermod -aG davfs2 jane
+mkdir -p ~/cloud/Tech
+mkdir ~/.davfs2
+sudo cp  /etc/davfs2/secrets ~/.davfs2/secrets
+sudo chown jane:jane ~/.davfs2/secrets
+chmod 600 ~/.davfs2/secrets
+</code>
+Now, you need to edit the secrets file you just copied. You can use an editor, or just append using echo. I'm using the latter below. Also, you need to add an entry in /etc/fstab.
+For the secrets file, you are simply putting in the mount point on your system, a space, the username you will log into the remote machine with, a space, and the password on the remote server.
+The fstab entry is a standard entry, but uses davfs as the type. I chose to have it auto mounted. This is example is for a NextCloud server. Most davfs servers have the correct parameters for mounting documented someplace.
+<code bash>
+# add credentials to .davfs/secrets
+# mountpoint username password
+echo '/home/jane/cloud/Tech jane your_password_here' >> ~/.davfs2/secrets
+# add system mount to /etc/fstab
+sudo cp /etc/fstab /etc/fstab.back
+sudo echo 'https://cloud.example.com/remote.php/dav/files/jane/Tech /home/jane/cloud/Tech davfs user,rw,auto 0 0' >> /etc/fstab
+</code>
+Adding a user to a group does not take place immediately; it requires a fresh login. However, you can simulate the login with the following command:
+<code bash>
+sudo su - jane
+# Now, you can mount the drive
+mount ~/cloud/Tech
+# unmounting just uses the standard utilities
+umount ~/cloud/Tech
+</code>
 ===== Shell (mainly BASH) =====
+==== Find files within date range containing text ====
+A client needed to find a lost e-mail. All he knew was that it arrived sometime on the 24th of Apr 2020, and who it was from. Not sure if the //-newerct// parameter is available on all versions of find, or if it is specific to GNU/Linux.
+<code bash>
+find Maildir -type f -newerct '26 Apr 2022 00:00:00' ! -newerct '27 Apr 2022 00:00:00' -exec grep -il 'from:.*user@example.org' \{\} \;
+</code>
+This is very fast, since the find command rapidly decreases the number of messages which must be scanned (he has almost 300k e-mails in various folders, and it took less than 2 seconds).
+==== Find newest files in a directory tree ====
+This will go through an entire directory tree under the current directory and locate the newest 5 files.
+<code bash>
+find . -type f -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head
+</code>
+  * Change //find .// to //find /some/path// to change the starting directory
+  * Change //head// to //head -n 10// to grab the newest 10 files.
+  * You can add any kind of filter also, so entering //-iname '*.jpg'// after the //-type f// would only find files ending in jpg.
 ==== Count all files in directory tree(s) ====
@@ Line 152: / Line 407: @@
 ===== References =====
   * https://stackoverflow.com/questions/2419566/best-way-to-use-multiple-ssh-private-keys-on-one-client#2419609
+  * https://linuxize.com/post/how-to-add-swap-space-on-debian-9/
+  * https://docs.nextcloud.com/server/18/user_manual/files/access_webdav.html
+  * https://www.cyberciti.biz/faq/create-a-freebsd-swap-file/
+  * https://www.mybluelinux.com/test-imap-with-telnet/
+  * https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#131628]