Differences

This shows you the differences between two versions of the page.

--- quickreference:unix [2023/10/10 15:18] – [Check SSL Cert Expiration Date] rodolico
+++ quickreference:unix [2024/03/04 15:54] (current) – rodolico
@@ Line 5: / Line 5: @@
 ===== Systems Administration =====
+==== Partitioning large drives ====
+Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, so instead we use parted. Fun Fact!!! gparted is a nice little GUI interface to this. But, we're dealing with command line stuff here.
+This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available.
+<code bash>
+# remove all old file system information. Not necessary, but I do it just because I can
+wipefs -a /dev/sdg
+# make this a gpt disk. Will wipe out any other partitioning scheme
+parted /dev/sdg mklabel gpt
+# make a new partition on optimal sector boundries. This is a primary partition, and starts
+# at the beginning of the disk (0%) and goes to the end of the disk (100%)
+# I put that in quotes as, from what I've read, the percent symbol does not work well
+# within the bash command line
+# note, we are not telling it what file system to use, so it defaults to Linux
+parted -a optimal /dev/sdg mkpart primary '0%' '100%'
+# display the information on the disk
+parted /dev/sdg print
+# format as ext4, no reserved space, and a disk label marked 'backup'
+mkfs.ext4 -m0 -Lbackup /dev/sdg
+</code>
 ==== Rapidly wipe multiple hard drives ====
@@ Line 48: / Line 71: @@
 </code>
-==== Check SSL Cert Expiration Date ====
-Ever wondered when your SMTP SSL Certificates are up for renewal? What DNS entries your certificates have? A quick and dirty way of doing it from the command line was shown at [https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#131628] and [https://stackoverflow.com/questions/13127352/how-to-check-subject-alternative-names-for-a-ssl-tls-certificate]
-Note: the discussions covered other things, and are well worth a 5 minute read.
-This is a quick and dirty that will get the certificate (and a lot of other stuff), but the certificate is in its MIME encoded format.
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:25 -starttls smtp
-</code>
-This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the  the entire conversation, which includes the certificate, and displays it on the
-You can do the same thing for other ports, like 587 for submission. If you want to test the SSL port (465), just remove the //-starttls smtp// from the command:
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:465
-</code>
-If you want to test an IMAP server, you need to send it a different logout (the first line). To log out of it, you need //a1 logout// followed by a line return, so
-<code bash>
-printf 'a1 logout\n' | \
-openssl s_client -connect mail.example.com:143 -starttls imap
-</code>
-Again, connecting to imaps (port 993), you just don't do the starttls
-<code bash>
-printf 'a1 logout\n' | \
-openssl s_client -connect mail.example.com:143 -starttls imap
-</code>
-And, finally, to look at a web site certificate, use port 443, and simply a line return, but you need to put in the server name on systems which have more than one web site (virtual hosting). Do that with the //-servername// flag.
-<code bash>
-printf "\n" | \
-openssl s_client -showcerts -servername web.example.com -connect web.example.com:443
-</code>
-All the above is well and good, but it would be nice to decode the certificate, wouldn't it? Well, openssl has a command that will allow you to inspect a certificate using the //openssl x509// subcommand. For additional information, see //man openssl-x509//. We want the -noout flag to keep our dump clean (prevents the output of the encoded version of the certificate)
-=== Dump the certificate ===
-Turning the certificate into something a human can read is done with the command //-text// flag, so let's pipe the output of the previous command to that.
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:25 -starttls smtp | \
-openssl x509 -text -noout
-</code>
-If you want to find what names the certificate is valid for, they are on a line which contains the text DNS, so grepping the output of the above will give you what you need without reading the whole thing.
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:25 -starttls smtp | \
-openssl x509 -text -noout | \
-grep DNS
-</code>
-=== Get Dates ===
-You could use //grep// to find the expiration date of a certificate
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:25 -starttls smtp | \
-openssl x509 -text -noout | \
-grep 'Not After :'
-</code>
-But, the openssl x509 has a special flag for that, //-dates//, so it is simpler to write it as
-<code bash>
-printf 'quit\n' | \
-openssl s_client -connect smtp.example.com:25 -starttls smtp | \
-openssl x509 -dates -noout
-</code>
-=== Other ===
-Again, //man openssl-x509// gives you more than I'm showing here under the Display Options section, but just a brief list of some interesting flags.
--serial - the serial number of the certificate
--subject - Subject Name
--issuer - Issuer Name
--startdate - beginning date of certificate (notBefore)
--enddate - expiry date of certificate (notAfter)
 ==== Rename Server ====
@@ Line 150: / Line 84: @@
 <code bash>
 # change the host name, and the postfix name if that is installed
-sed -i.old 's/oldname/newname/g' /etc/hostname /etc/hosts /etc/mailname /etc/postfix/main.cf
+sed -i.old 's/oldname/newname/g' \
+   /etc/hostname \
+   /etc/hosts \
+   /etc/mailname \
+   /etc/postfix/main.cf \
+   /etc/camp/sysinfo-client/sysinfo-client.yaml \
+   /etc/msmtprc
 /etc/init.d/hostname.sh start
 # update the aliases, if they exist