Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
quickreference:unix

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
quickreference:unix [2023/10/08 18:22] rodolicoquickreference:unix [2024/03/04 15:54] (current) rodolico
Line 5: Line 5:
 ===== Systems Administration ===== ===== Systems Administration =====
  
 +==== Partitioning large drives ====
 +
 +Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, so instead we use parted. Fun Fact!!! gparted is a nice little GUI interface to this. But, we're dealing with command line stuff here.
 +
 +This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available.
 +
 +<code bash>
 +# remove all old file system information. Not necessary, but I do it just because I can
 +wipefs -a /dev/sdg
 +# make this a gpt disk. Will wipe out any other partitioning scheme
 +parted /dev/sdg mklabel gpt
 +# make a new partition on optimal sector boundries. This is a primary partition, and starts
 +# at the beginning of the disk (0%) and goes to the end of the disk (100%)
 +# I put that in quotes as, from what I've read, the percent symbol does not work well
 +# within the bash command line
 +# note, we are not telling it what file system to use, so it defaults to Linux
 +parted -a optimal /dev/sdg mkpart primary '0%' '100%'
 +# display the information on the disk
 +parted /dev/sdg print
 +# format as ext4, no reserved space, and a disk label marked 'backup'
 +mkfs.ext4 -m0 -Lbackup /dev/sdg
 +
 +</code>
 ==== Rapidly wipe multiple hard drives ==== ==== Rapidly wipe multiple hard drives ====
  
Line 13: Line 36:
  
 # for truly not sensitive information, this command wipes all the OS information # for truly not sensitive information, this command wipes all the OS information
-for drive in a b c d e f g do wipefs -a /dev/sd$drive done+for drive in a b c d e f g 
 +do 
 +   wipefs -a /dev/sd$drive 
 +done
 # but, to really remove in a way that takes tons of effort to recover, do this also # but, to really remove in a way that takes tons of effort to recover, do this also
-for drive in a b c do echo Cleaning sd%drive ;  dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive done+for drive in a b c 
 +do 
 +   echo Cleaning sd%drive 
 +   dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive 
 +done
 </code> </code>
  
-I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. I realized I could probably run 7 processes since on my system, the drive controller is a lot faster than any individual drive, so I decided to set it up to run all seven processes in parallel and see what happened.+I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. I realized I could probably run all 7 processes in parallel sinceon my system, the drive controller is a lot faster than any individual drive So I decided to use the //screen// command and see if I could make that work.
  
 <code bash wipedrives2.sh> <code bash wipedrives2.sh>
 #! /usr/bin/env bash #! /usr/bin/env bash
  
-for drive in a b c do screen -dmS sd$drive bash -c "dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive" done+for drive in a b c d e f g h 
 +do 
 +   screen -dmS sd$drive bash -c "dd if=/dev/zero | pv -petrs 580G | dd of=/dev/sd$drive" 
 +done
 </code> </code>
  
Line 38: Line 71:
 </code> </code>
  
-==== Check SSL Cert Expiration Date ==== 
- 
-Ever wondered when your SMTP SSL Certificates are up for renewal? A quick and dirty way of doing it from the command line was shown at [https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#131628]. 
- 
-Note: the discussion covered other things, and is well worth a 5 minute read. 
- 
-<code bash> 
-printf 'quit\n' | \ 
-openssl s_client -connect smtp.example.com:25 -starttls smtp | \ 
-openssl x509 -dates -noout 
-</code> 
- 
-This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the certificate (second line), then passes that to another instance of openssl which decodes it to get the dates from it. You can also test port 587 (submission) by changing the 25 to a 587/ 
- 
-You can also test an IMAP server. IMAP uses the command //a1 logout// to exit, and port 993 for an SSL connection, so your script becomes: 
-<code bash> 
-printf 'a1 logout\n' | \ 
-openssl s_client -connect mail.example.com:143 -starttls imap | \ 
-openssl x509 -dates -noout 
-</code> 
- 
-**Note:** since we are going in over a non-SSL enabled port, we must do the starttls command. However, by removing the -starttls protocol part, we can go directly to the SSL port (465 for smtps and 993 for imaps). To check smtps, our command becomes: 
- 
-<code bash> 
-printf 'quit\n' | \ 
-openssl s_client -connect smtp.example.com:465 | \ 
-openssl x509 -dates -noout 
-</code> 
- 
-I //think// that is the correct description of what is happening, but not sure. However, it works. 
  
 ==== Rename Server ==== ==== Rename Server ====
Line 81: Line 84:
 <code bash> <code bash>
 # change the host name, and the postfix name if that is installed # change the host name, and the postfix name if that is installed
-sed -i.old 's/oldname/newname/g' /etc/hostname /etc/hosts /etc/mailname /etc/postfix/main.cf+sed -i.old 's/oldname/newname/g' 
 +   /etc/hostname 
 +   /etc/hosts 
 +   /etc/mailname 
 +   /etc/postfix/main.cf 
 +   /etc/camp/sysinfo-client/sysinfo-client.yaml \ 
 +   /etc/msmtprc
 /etc/init.d/hostname.sh start /etc/init.d/hostname.sh start
 # update the aliases, if they exist # update the aliases, if they exist
quickreference/unix.1696807340.txt.gz · Last modified: 2023/10/08 18:22 by rodolico