Commands: Difference between revisions
(→nmap) |
|||
(571 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=7za= | |||
decompress file | |||
7za e myfiles.7z | |||
=ab= | =ab= | ||
apache benchmarking | apache benchmarking | ||
Line 8: | Line 11: | ||
Rip cd. | Rip cd. | ||
abcde | abcde | ||
=adb android= | |||
# install adb | |||
dnf install android-tools | |||
# enable debug. On phone. Settings. about phone. build version. Click until prompted. Enable debug via selector. | |||
# Connect phone via usb. | |||
# List phones. | |||
adb devices | |||
# Get shell on phone. | |||
adb shell | |||
# list installed packages. | |||
pm list packages -f | |||
adb shell pm list packages -f | grep game | |||
# Uninstall | |||
adb shell pm uninstall -k --user 0 com.samsung.android.game.gos | |||
adb shell pm uninstall -k --user 0 com.samsung.android.game.gametools | |||
=agrep= | =agrep= | ||
Aproximate grep. 3 differences from andreas | Aproximate grep. 3 differences from andreas | ||
agrep -3 andreas /var/log/messages | agrep -3 andreas /var/log/messages | ||
=alacritty(Terminal emulator hw accellerated)= | |||
Terminal copy mode. | |||
CTRL + SHIFT + SPACE | |||
=alternatives= | =alternatives= | ||
alternatives --set mta /usr/sbin/sendmail.postfix | alternatives --set mta /usr/sbin/sendmail.postfix | ||
sudo alternatives --config java | |||
=antiword= | =antiword= | ||
Line 28: | Line 50: | ||
=arp-scan= | =arp-scan= | ||
Scan ip addresses on local subnet | Scan ip addresses on local subnet | ||
arp-scan --localnet | sort -n -k4 -t. | grep ^[0-9] | |||
=at= | =at= | ||
Run command at specific time. Look at queue. | Run command at specific time. Look at queue. | ||
echo '/usr/bin/espeak -s120 " | echo '/usr/bin/espeak -s120 "I will say this only once."' | at -t $(date +%Y%m%d%H%M --date="+2 min") | ||
atq | atq | ||
List at jobs. | |||
atq ; atq | awk '{print $1}' | while read i ; do echo '***' $i ; at -c $i 2>&1 | tail -3 | head -1 ; done | |||
2 Sun May 17 04:00:00 2020 a root | |||
*** 2 | |||
/usr/bin/systemctl restart springboot_uc_supportrouter.service | |||
=authselect= | |||
Redhat command to manage connection to underlying services and features. | |||
# To change content of nsswitch.conf do to your used profile. | |||
vim /usr/share/authselect/default/local/nsswitch.conf | |||
authselect select local --force | |||
=base64= | =base64= | ||
base64 -d /tmp/html | elinks --dump | less -ISRM | |||
No wrapping | |||
base64 --wrap=0 | |||
base64 -w 0 | |||
=bbk_cli_...= | |||
Bredbandskollen via cli. | |||
bbk_cli_linux_amd64-1.0 | |||
=bc= | |||
Simplify using bercerly calculator | |||
calc(){ echo -e "scale=8\n${@}\nquit\n" | bc ; } | |||
To the power of(upphöjt i) | |||
2^10 = 1024 | |||
scientific (aka exponential) notation | |||
echo 1.6945991213315015e+09 | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g' | bc | |||
=bitwarden= | |||
# Install bw. | |||
curl -L -o /tmp/bw.zip 'https://vault.bitwarden.com/download/?app=cli&platform=linux' ; (cd /usr/local/bin ; sudo unzip -o /tmp/bw.zip) | |||
# Remove bitwarden config. | |||
unset BW_CLIENTID BW_CLIENTSECRET BW_SESSION | |||
\rm -r /home/abjorklund/.config/Bitwarden* | |||
# Set bitwarden server. | |||
bw config server https://halfface.se/vaultwarden/ | |||
# api login | |||
bw login --apikey | |||
# sso login. When web server opens write "Binero SSO" | |||
bw login | |||
# Unlock | |||
bw unlock | |||
# Sync from server. | |||
bw sync | |||
# List items. | |||
bw list items | jq -r '.[].name' | |||
# get totp | |||
bw_halfface get totp ginatricot_user | |||
# get login info. | |||
bw get item bareos-webui | jq .login | |||
=blkid= | =blkid= | ||
Line 63: | Line 132: | ||
kernel option initcall_debug | kernel option initcall_debug | ||
dmesg | /usr/src/linux-headers-2.6.28-11-generic/scripts/bootgraph.pl > /tmp/bootgraph.svg | dmesg | /usr/src/linux-headers-2.6.28-11-generic/scripts/bootgraph.pl > /tmp/bootgraph.svg | ||
=bpftrace= | |||
run code at each system call | |||
#!/usr/bin/bpftrace | |||
interval:s:5 | |||
{ | |||
exit(); | |||
} | |||
kprobe:do_sys_open | |||
{ | |||
printf("%s %s\n", comm, str(arg1)); | |||
} | |||
=busctl= | |||
busctl may be used to introspect and monitor the D-Bus bus. | |||
=bzip2= | =bzip2= | ||
Line 99: | Line 183: | ||
chmod 4755 /file | chmod 4755 /file | ||
-rwsr-xr-x | -rwsr-xr-x | ||
Remover permissions for others | |||
chmod o-rwx | |||
=chntpw= | =chntpw= | ||
Line 114: | Line 200: | ||
# List ntp sources. | # List ntp sources. | ||
chronyc sources | chronyc sources | ||
.-- Source mode '^' = server, '=' = peer, '#' = local clock. | |||
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined, | |||
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. | |||
|| .- xxxx [ yyyy ] +/- zzzz | |||
|| Reachability register (octal) -. | xxxx = adjusted offset, | |||
|| Log2(Polling interval) --. | | yyyy = measured offset, | |||
|| \ | | zzzz = estimated error. | |||
|| | | \ | |||
MS Name/IP address Stratum Poll Reach LastRx Last sample | |||
=============================================================================== | |||
#? PHC0 0 3 0 19d +41ns[ +349ns] +/- 104ns | |||
Force syncronize | |||
sudo chronyc -a 'burst 4/4' | |||
Make a big step. Did not work for me. | |||
chronyc -a makestep | |||
Verify clock | |||
chronyd -q 'server pool.ntp.org iburst' | |||
=chvt= | =chvt= | ||
Line 148: | Line 251: | ||
Multipage pdf. | Multipage pdf. | ||
convert -adjoin -page A4 -compress jpeg Infineon1.tif Infineon2.tif Infineon.pdf | convert -adjoin -page A4 -compress jpeg Infineon1.tif Infineon2.tif Infineon.pdf | ||
pdfunite RegionUppsala01.pdf RegionUppsala02.pdf RegionUppsala03.pdf RegionUppsala04.pdf RegionUppsala.pdf | |||
Prepare photos for printing. | Prepare photos for printing. | ||
convert -rotate 90 -gamma 1.5 -resize 25% -compress jpeg -quality 80 -adjoin -page A4 * print.pdf | convert -rotate 90 -gamma 1.5 -resize 25% -compress jpeg -quality 80 -adjoin -page A4 * print.pdf | ||
Line 156: | Line 260: | ||
Create multipage pdf of photos. | Create multipage pdf of photos. | ||
convert -resize 25% -adjoin -page A4 -rotate 90 -compress jpeg *.jpg test.pdf ; pdfjam test.pdf --no-landscape --frame true --nup 2x2 --suffix 4up --outfile /temp/photos/Alva/test_2x2.pdf | convert -resize 25% -adjoin -page A4 -rotate 90 -compress jpeg *.jpg test.pdf ; pdfjam test.pdf --no-landscape --frame true --nup 2x2 --suffix 4up --outfile /temp/photos/Alva/test_2x2.pdf | ||
For vertical stacking (top to bottom): | |||
convert -append 1.jpg 2.jpg out.jpg | |||
For horizontal stacking (left to right): | |||
convert +append 1.jpg 2.jpg out.jpg | |||
Remove transparancy | |||
convert image.png -background white -flatten image.jpg | |||
=cpio= | =cpio= | ||
Line 196: | Line 304: | ||
6 Saturday | 6 Saturday | ||
@reboot "run command at reboot" | @reboot "run command at reboot" | ||
If you need % in crontab escape it. \% | |||
Run command every 10 minutes. | Run command every 10 minutes. | ||
Line 218: | Line 327: | ||
${COMMAND} | ${COMMAND} | ||
fi | fi | ||
=crudini= | |||
Edit ini files och cli. | |||
crudini --set /lib/systemd/system/icinga2.service Service Nice -10 ; systemctl daemon-reload ; systemctl restart icinga2.service | |||
=cut= | =cut= | ||
Line 224: | Line 336: | ||
=curl= | =curl= | ||
Get http return code. | ==Get http return code.== | ||
curl --connect-timeout 3 --max-time 9 -ksL -w '%{http_code}\n' 'http://www.dn.se' -o /dev/null | curl --connect-timeout 3 --max-time 9 -ksL -w '%{http_code}\n' 'http://www.dn.se' -o /dev/null | ||
get external ip. | ==get external ip. what is my ip== | ||
curl ifconfig.me | curl ifconfig.me | ||
get external ip and all related browser information. | ==get external ip and all related browser information.== | ||
curl ifconfig.me/all | curl ifconfig.me/all | ||
Alternative address for domain. | ==Alternative address for domain.== | ||
curl -sk --resolve www.halfface.se:80:127.0.0.1 http://www.halfface.se | curl -sk --resolve www.halfface.se:80:127.0.0.1 http://www.halfface.se | ||
Get header / mime type | curl http://127.0.0.1/ -H "Host: halfface.se" -H "X-Forwarded-Proto: https" -I | ||
==Get header / mime type== | |||
curl -I http://url.se | curl -I http://url.se | ||
post file | ==post file== | ||
curl -X POST -d @myfilename http://user:pass@myhost/hudson/job/_jobName_/postBuildResult | curl -X POST -d @myfilename http://user:pass@myhost/hudson/job/_jobName_/postBuildResult | ||
cookie format. tab delimited. | ==post file via ftp using proxy== | ||
curl -p --proxy http://proxy.example.se:3128 -v -T backup.tar ftp://user:password@ftp.example.se/directory/ | |||
==cookie format. tab delimited.== | |||
domain - The domain that created AND that can read the variable. .halfface.se | domain - The domain that created AND that can read the variable. .halfface.se | ||
flag - A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for domain. | flag - A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for domain. | ||
Line 244: | Line 361: | ||
name - The name of the variable. | name - The name of the variable. | ||
value - The value of the variable. | value - The value of the variable. | ||
==add certificate authority to openssl== | |||
Redhat based os:es this file gets updated. /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt | |||
cp /tmp/ca.crt /etc/pki/ca-trust/source/anchors/ | |||
update-ca-trust | |||
Debian based | |||
cp /tmp/ca.crt /usr/share/ca-certificates/extra | |||
update-ca-certificates | |||
Debian 2 | |||
cp foo.crt /usr/local/share/ca-certificates/foo.crt | |||
update-ca-certificates | |||
==curl ipv6== | |||
curl -6 -g "http://[::1]:80/" | |||
curl -g "http://[2001:9b1:402d:0:ffff:f038:ec3e:b5d4]/" | |||
==proxy== | |||
curl --proxy http://proxy.se:3128 -sk "http://mirrorlist.centos.org" | |||
===no_proxy=== | |||
export https_proxy=http://proxy.se:3128 ; export http_proxy=$https_proxy ; export HTTPS_PROXY=$https_proxy ; export HTTP_PROXY=$https_proxy ; export no_proxy=localhost,127.0.0.1,.inter.net,$(echo 10.217.{4..5}.{1..254}, 10.217.5.255) ; export NO_PROXY=$no_proxy | |||
===time spent=== | |||
-w "time_namelookup: %{time_namelookup}, time_connect: %{time_connect}, time_appconnect: %{time_appconnect}, time_pretransfer: %{time_pretransfer}, time_redirect: %{time_redirect}, time_starttransfer: %{time_starttransfer}, time_total: %{time_total}\n" | |||
=Is it a free day?= | |||
<pre> | |||
curl -sk https://sholiday.faboul.se/dagar/v2.1/2023 | jq -r '.dagar[] |select(."arbetsfri dag"=="Ja")|.datum' | |||
</pre> | |||
=qr code= | |||
encode | |||
qrencode "Andreas" -o /tmp/qr_Andreas.png | |||
decode | |||
zbarimg /tmp/qr_Andreas.png | |||
=date= | =date= | ||
Line 271: | Line 419: | ||
scew clock by a second. | scew clock by a second. | ||
DATE_OFF=$(date --date="-5 second" +%C%y-%m-%d\ %H:%M:%S\ %Z) ; date --set="${DATE_OFF}" | DATE_OFF=$(date --date="-5 second" +%C%y-%m-%d\ %H:%M:%S\ %Z) ; date --set="${DATE_OFF}" | ||
Set clock | |||
date '+%Y-%m-%d %T %Z' -s "2008-11-28 08:08:08 UTC" | |||
=dateseq= | =dateseq= | ||
Line 312: | Line 462: | ||
dd if=/dev/zero of=/system_image.img bs=1M oflag=append conv=notrunc count=2000 | dd if=/dev/zero of=/system_image.img bs=1M oflag=append conv=notrunc count=2000 | ||
dd with progress bar. | dd with progress bar. | ||
dd if=kali.iso of=/dev/sdc status=progress | |||
pv -ptre /install/backup/machine/raspberry/ipcenter_view.img | sudo dd of=/dev/mmcblk0 bs=1M | pv -ptre /install/backup/machine/raspberry/ipcenter_view.img | sudo dd of=/dev/mmcblk0 bs=1M | ||
dd to position on disk | dd to position on disk | ||
dd of=/dev/disk1 if=/dev/urandom obs=500000 seek=1 bs=1MB count=1 conv=notrunc | dd of=/dev/disk1 if=/dev/urandom obs=500000 seek=1 bs=1MB count=1 conv=notrunc | ||
==consume 100GB ram== | |||
mount -o remount,size=300G /dev/shm | |||
dd if=/dev/zero of=/dev/shm/$(date '+%Y-%m-%d_%H-%M-%S') bs=1073741824 count=100 status=progress | |||
=debugfs= | |||
ctime: Shows file change time. | |||
atime: Shows file access time. | |||
mtime: Shows file modification time. | |||
crtime: Shows file creation time. Birth. | |||
Example | |||
debugfs -R 'stat /etc/exports.bkp-2021-11-17_10-07-46' /dev/mapper/vg_rbnetstorage0-lv_root | |||
debugfs 1.41.12 (17-May-2010) | |||
Inode: 924905 Type: regular Mode: 0644 Flags: 0x80000 | |||
Generation: 2068409071 Version: 0x00000000:00000001 | |||
User: 0 Group: 0 Size: 4775 | |||
File ACL: 0 Directory ACL: 0 | |||
Links: 1 Blockcount: 16 | |||
Fragment: Address: 0 Number: 0 Size: 0 | |||
ctime: 0x6194c662:deae4368 -- Wed Nov 17 10:07:46 2021 | |||
atime: 0x6193bd7f:c4faf658 -- Tue Nov 16 15:17:35 2021 | |||
mtime: 0x61925419:34c06f18 -- Mon Nov 15 13:35:37 2021 | |||
crtime: 0x6194c662:deae4368 -- Wed Nov 17 10:07:46 2021 | |||
Size of extra inode fields: 28 | |||
Extended attributes stored in inode body: | |||
selinux = "unconfined_u:object_r:etc_t:s0\000" (31) | |||
EXTENTS: | |||
(0-1): 3718194-3718195 | |||
=df= | |||
df output one per line. Without header. | |||
df -Plk / /apps | tail -n+2 | |||
=dhclient= | =dhclient= | ||
Line 323: | Line 505: | ||
} | } | ||
=dialog= | |||
Create dialog in terminal. Example a progressbar. | |||
for i in {0..100} ; do echo $i | dialog --gauge "Please wait" 7 70 1 ; sleep .1 ; done | |||
=diff= | =diff= | ||
sdiff <(echo -e 'hej\nda\nvi\nses\ni\nmorgon') <(echo -e 'hej\ndå\nvi\nSES\ni\nmorgon') | sdiff <(echo -e 'hej\nda\nvi\nses\ni\nmorgon') <(echo -e 'hej\ndå\nvi\nSES\ni\nmorgon') | ||
Only show files that differ. | |||
-q --brief | |||
Only show change between files. | |||
- | diff -u file1.txt file2.txt | grep -vE '^(---|\+\+\+|@@|\+|-)' | ||
=dig= | =dig= | ||
==Get all dns information about host.== | |||
dig any www.halfface.se | dig any www.halfface.se | ||
==Trace dns lookups from root dns. Use 8.8.8.8 for lookups.== | |||
dig +trace @8.8.8.8 www.halfface.se | dig +trace @8.8.8.8 www.halfface.se | ||
==Recursive lookup.== | |||
dig -tAXFR halfface.se | dig -tAXFR halfface.se | ||
==backward resolve== | |||
dig -x 89.253.75.84 | dig -x 89.253.75.84 | ||
==get ttl== | |||
dig +nocmd +multiline +noall +answer any halfface.se | dig +nocmd +multiline +noall +answer any halfface.se | ||
==Get external ip.== | |||
dig +short myip.opendns.com @resolver1.opendns.com | |||
==Get txt record.== | |||
dig google.com txt | |||
==You can find the authoritative servers by asking for the NS records for a domain== | |||
dig example.com NS | |||
==dig using alternative port== | |||
dig +short -p 5353 halfface.se @10.130.0.35 | |||
=digitemp= | =digitemp= | ||
Line 367: | Line 555: | ||
Change dpi | Change dpi | ||
xrandr --dpi 138/eDP1 | xrandr --dpi 138/eDP1 | ||
=du= | |||
du -amx / | sort -n | tail -5 | |||
=duplicity= | =duplicity= | ||
Encrypted backups over rsync | Encrypted backups over rsync | ||
=dmesg= | |||
dmesg with iso time format | |||
dmesg --ctime --time-format iso | |||
Write to dmesg | |||
echo "$USER $(date '+%Y-%m-%d %H:%M:%S %Z')" | sudo tee /dev/kmsg | |||
=dmidecode= | =dmidecode= | ||
List memory banks | List memory banks | ||
sudo dmidecode -t 17 | sudo dmidecode -t 17 | ||
=dnf= | =dnf= | ||
install skip if not exist | install skip if not exist | ||
Line 379: | Line 577: | ||
reboot | reboot | ||
dnf -y install dnf-plugin-system-upgrade | dnf -y install dnf-plugin-system-upgrade | ||
dnf -y system-upgrade download --refresh --allowerasing --releasever= | dnf -y system-upgrade download --refresh --allowerasing --releasever=41 | ||
dnf -y system-upgrade reboot | dnf -y system-upgrade reboot | ||
# broken deps. | # broken deps. | ||
Line 390: | Line 588: | ||
dnf autoremove | dnf autoremove | ||
dnf remove $(rpm -qa| grep \.fc23) | dnf remove $(rpm -qa| grep \.fc23) | ||
# reinstall rpm | |||
dnf reinstall sssd-common | |||
==auto update== | ==auto update== | ||
Line 402: | Line 602: | ||
# Check status of dnf-automatic: | # Check status of dnf-automatic: | ||
systemctl list-timers *dnf-* | systemctl list-timers *dnf-* | ||
==build environment== | |||
dnf group install "C Development Tools and Libraries" | |||
==update to specific version== | |||
View available version. | |||
dnf --showduplicates list gitlab-ee | |||
Update to specific version | |||
dnf install gitlab-ee-13.12.15-ee.0.el8 | |||
=dnsmasq= | |||
cat /etc/dnsmasq.d/shish.conf | |||
listen-address=127.0.0.1 | |||
bind-interfaces | |||
server=/url.se/185.53.164.25 | |||
server=/url2.se/172.30.32.100 | |||
server=/url3.se/172.30.32.100 | |||
server=/url4.se/172.30.32.100 | |||
server=10.111.222.2 | |||
=dvgrab= | =dvgrab= | ||
Line 417: | Line 634: | ||
detect and convert encoding of text files. (codepage utf) | detect and convert encoding of text files. (codepage utf) | ||
enca -L none /temp/locale2 | enca -L none /temp/locale2 | ||
=esmtp= | |||
Has replaced sendmail on later linux installations | |||
# Put the following config in either /etc/esmtprc or more specific ~/.esmtprc. chmod 644. | |||
hostname = <url>:25 | |||
# Set the Mail Delivery Agent (MDA) | |||
mda = "/usr/bin/procmail -d %T" | |||
=etckeeper= | =etckeeper= | ||
Keep your /etc/ directory under git revision control. | Keep your /etc/ directory under git revision control. | ||
What has happened. | What has happened. | ||
git log -p /etc/resolv.conf | git log -p /etc/resolv.conf | ||
Wipe /etc/.git | |||
etckeeper uninit | |||
etckeeper init | |||
=ethtool= | =ethtool= | ||
show-features | show-features | ||
ethtool -k | ethtool -k <device> | ||
generic-segmentation-offload = gso | generic-segmentation-offload = gso | ||
tcp-segmentation-offload = tso | tcp-segmentation-offload = tso | ||
... | |||
Enable wake on lan magic package. | |||
ethtool --change <interface> wol g | |||
Permanently add wol | |||
find /sys/class/net -type l -not -lname '*virtual*' -printf '%f\n' | while read i ; do INTERFACE_INFO=$(ip address show $i) ; MAC=$(grep link/ether <<< "${INTERFACE_INFO}" | awk '{print $2}') ; echo "# /etc/systemd/network/50-wired.link | |||
[Match] | |||
MACAddress=$MAC | |||
[Link] | |||
NamePolicy=kernel database onboard slot path | |||
MACAddressPolicy=persistent | |||
WakeOnLan=magic" ; done | |||
=exiftool= | =exiftool= | ||
Change meta data for files, exif, jpg, mp3... | Change meta data for files, exif, jpg, mp3... | ||
Get info from file. | |||
exiftool $file.mp4 | |||
gps format | |||
41°24'12.2"N 2°10'26.5"E | |||
gps format known to maps.google.com | |||
exiftool -c "%.6f" 2022-03-06_10-39-40.mp4 | grep -i gps | |||
=exportfs= | |||
Install server | |||
dnf install nfs-utils | |||
Start nfs server | |||
systemctl enable nfs-server --now | |||
Reexport everything. | |||
exportfs -avr | |||
Example export. | |||
*(rw,no_root_squash,async,insecure) | |||
rw rewritable | |||
no_root_squash Allow root on remote machine same permissions as local root | |||
async | |||
insecure NFS version 2 and 3 servers only provide (insecure) host-based authentication: Hosts are allowed/denied based on hostnames and/or IP addresses. Authorization of users is controlled on the clients using the permissions of the files based on user/group IDs. allows clients with NFS implementations that don't use a reserved port for NFS | |||
=fdupes= | =fdupes= | ||
Find duplicate files. | Find duplicate files. | ||
fdupes -r /home | fdupes -r /home | ||
=feh= | |||
Image viewer | |||
=ffmpeg= | =ffmpeg= | ||
ffmpeg | ffmpeg | ||
Line 455: | Line 714: | ||
Transcode mp3 to ogg vorbis | Transcode mp3 to ogg vorbis | ||
for file in *.mp3; do ffmpeg -i "${file}" -acodec libvorbis "${file/%mp3/ogg}";done | for file in *.mp3; do ffmpeg -i "${file}" -acodec libvorbis "${file/%mp3/ogg}";done | ||
Take one photo from video stream. | |||
ffmpeg -ss 00:00:01 -i <video input> -frames:v 1 -q:v 2 <photo created> | |||
Take photo | Take photo | ||
ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -f image2 snapshot.jpg | ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -f image2 snapshot.jpg | ||
ls /dev/video* | while read i ; do echo $i ; ffmpeg -f video4linux2 -i $i -vframes 1 -q:v 2 /tmp/${i//\//%}.$(date +%F_%H-%M-%S).jpg ; done ; ls -la /tmp/%* | |||
Take a photo from a video steam every 10 seconds. | Take a photo from a video steam every 10 seconds. | ||
ffmpeg -i video.mp4 -r 0.1 -f image2 %03dandreas.jpg | ffmpeg -i video.mp4 -r 0.1 -f image2 %03dandreas.jpg | ||
Line 486: | Line 748: | ||
Find which dir is consuming inodes. | Find which dir is consuming inodes. | ||
find /var -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n | find /var -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n | ||
for i in $(ls) ; do echo $(find $i | wc -l) $i ; done | sort -n | |||
How much data is consumed by pattern. | |||
export NFS_DIR=/netstorage/cam/ocp-01 ; find ${NFS_DIR} -maxdepth 1 | grep ^${NFS_DIR}/archived- | while read NFS_DIR_REMOVE ; do du -sk "${NFS_DIR_REMOVE}" ; done | awk '{ SUM += $1} END { print SUM "KiB" }' | numfmt --from=auto --to=iec-i --suffix=B | |||
=findmnt= | =findmnt= | ||
Line 494: | Line 759: | ||
When firefox is complaining about outdated flash plugin | When firefox is complaining about outdated flash plugin | ||
rm pluginreg.dat | rm pluginreg.dat | ||
=flatpack= | |||
Enable repo. | |||
sudo flatpak remote-modify --enable flathub | |||
Install spofify. | |||
flatpak install flathub com.spotify.Client | |||
List installed applications. | |||
flatpak list | |||
=flock= | =flock= | ||
used to use cript that only used 1 time concurrently. | used to use cript that only used 1 time concurrently. | ||
Line 502: | Line 775: | ||
ifconfig -a | fmt -w 300 | ifconfig -a | fmt -w 300 | ||
=fold= | |||
Fold long lines. Break at 80 and blank spaces. | |||
fold -w 80 -s text.txt | |||
=forward traffic= | =forward traffic= | ||
service x11 | service x11 | ||
Line 513: | Line 789: | ||
server_args = 172.28.37.152 6000 | server_args = 172.28.37.152 6000 | ||
} | } | ||
=fping= | |||
fping --timeout=10 --elapsed --netdata <fqdn> | |||
Example of testing connectivity. | |||
for i in $(grep -E 'ocp-[0-9]{2}-' /etc/hosts | awk '{print $2}') ; do echo -e "$(fping --timeout=10 --elapsed $i)\t$(nc -v -w1 $i 22 </dev/null 2>&1 | strings | xargs)" ; done | column -t -s $'\t' | |||
=free= | =free= | ||
You have 15956MB physical ram. 9033MB is used by applications. 6922MB is free. | You have 15956MB physical ram. 9033MB is used by applications. 6922MB is free. | ||
Line 530: | Line 811: | ||
awk -v low=$(grep low /proc/zoneinfo | awk '{k+=$2}END{print k}') '{a[$1]=$2} END{print a["MemFree:"]+a["Active(file):"]+a["Inactive(file):"]+a["SReclaimable:"]-(12*low);}' /proc/meminfo | awk -v low=$(grep low /proc/zoneinfo | awk '{k+=$2}END{print k}') '{a[$1]=$2} END{print a["MemFree:"]+a["Active(file):"]+a["Inactive(file):"]+a["SReclaimable:"]-(12*low);}' /proc/meminfo | ||
5168456 | 5168456 | ||
==physical memory== | |||
Show physical memory in machine. Consider points below. | |||
grep MemTotal /proc/meminfo | |||
meminfo: | |||
Provides information about distribution and utilisation of memory. This varies by architecture and compile options... | |||
MemTotal: | |||
Total usable ram (i.e. physical ram minus a few reserved bits and the kernel binary code) | |||
Gives more information not really sure how. | |||
dmesg|grep Memory: | |||
==List memory modules== | |||
dmidecode -t memory | |||
lshw -class memory | |||
=fstab= | =fstab= | ||
Line 542: | Line 835: | ||
fswebcam -r 1920x1080 --jpeg 85 -D 1 --quiet --no-banner shot.jpg | fswebcam -r 1920x1080 --jpeg 85 -D 1 --quiet --no-banner shot.jpg | ||
fswebcam -d /dev/video0 -i 0 -r 2592x1944 -p YUYV /net/10.111.222.1/storage/temp/logitech.jpg | fswebcam -d /dev/video0 -i 0 -r 2592x1944 -p YUYV /net/10.111.222.1/storage/temp/logitech.jpg | ||
=fwupdmgr= | |||
fwupdmgr get-devices --show-all-devices | |||
fwupdmgr get-upgrades | |||
fwupdmgr update $device_id | |||
=genisoimage= | =genisoimage= | ||
genisoimage -o nuc.iso nuc | genisoimage -o nuc.iso nuc | ||
= | =gnome-font-viewer= | ||
view fonts | |||
gnome-font-viewer /file.woff2 | |||
=gnome-monitor-config= | |||
Set one monitor. Disable all others. | |||
gnome-monitor-config set -LpM HDMI-2 | |||
Get monitor settings | |||
WINDOWS + p | |||
=govc= | |||
==Install== | |||
curl -L -o - "https://github.com/vmware/govmomi/releases/latest/download/govc_$(uname -s)_$(uname -m).tar.gz" | sudo tar -C /usr/local/bin -xvzf - govc | |||
==Enable login== | |||
export GOVC_URL=https://vcenter.halfface.se | |||
export GOVC_USERNAME=administrator@vsphere.local; | |||
export GOVC_PASSWORD=<password> | |||
export GOVC_INSECURE=true | |||
==govc Completion== | |||
. <(curl -sk https://raw.githubusercontent.com/vmware/govmomi/main/scripts/govc_bash_completion) | |||
==List resources== | |||
govc ls | |||
==View console== | |||
govc vm.console -capture - <output from ls> | display | |||
==open console== | |||
Download and install VMware-Remote-Console-12.0.5-22744838.x86_64.bundle | |||
sudo mkdir -p /etc/vmware/hostd/ | |||
echo '<?xml version="1.0" ?> | |||
<metadata> | |||
</metadata>' | sudo tee /etc/vmware/hostd/proxy.xml | |||
vmrc $(govc vm.console /site/vm/bla/bla) & | |||
==List roles.== | |||
govc role.ls | |||
==who has specified role== | |||
govc role.usage | |||
==list privileges== | |||
govc role.ls -json Admin | jq -r '.privilege[]' | |||
==Add missing permission to role.== | |||
govc role.update -a openshift-vcenter-level openshift-vcenter-level | |||
==List all permission for matching role== | |||
govc role.ls | sort | grep openshift | awk '{print $1}' | while read i ; do echo '*' $i ; govc role.ls $i ; done | less | |||
==List info about vm== | |||
govc vm.info /RGK/vm/costest-ph9l4/costest-ph9l4-master-0 | |||
govc vm.info -json /<cluster>/vm/<folder>/<vm> | |||
==Turn on or off.== | |||
govc vm.power -on /<cluster>/vm/<folder>/<vm> | |||
govc vm.power -off /<cluster>/vm/<folder>/<vm> | |||
govc vm.power -off -force /<cluster>/vm/<folder>/<vm> | |||
==reboot/reset== | |||
govc vm.power -reset=true /<cluster>/vm/<folder>/<vm> | |||
==Change memory on vm.== | |||
govc vm.change -vm /<cluster>/vm/<folder>/<vm> -m 20480 | |||
==Change number of cpu:s== | |||
govc vm.change -vm /<cluster>/vm/<folder>/<vm> -c 10 | |||
==Set attribute== | |||
govc vm.change -e="disk.EnableUUID=1" -vm='VM Path' | |||
==List datastore== | |||
govc ls /<company>/datastore/IPO-01-vsanDatastore | |||
= | ==List datastore to find file Iso== | ||
govc datastore.ls -ds=IPO-01-vsanDatastore -R -a -l -p | |||
==List directories== | |||
govc datastore.ls -ds /company/datastore/IX-STO1-01-vsanDatastore . | grep -v '[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}' | sort | |||
=grep= | ==Find network== | ||
Colorize grep output. | govc ls /company/network | grep 172.19.14. | ||
grep --color=always -r '10\.7\.' /opt/ongame/ | /company/network/dpg-1914-172.19.14.0 | ||
Show non comment lines ending with a blank. | |||
find . -name '*.properties' -exec grep --color=always -E '^[^#].*\ $' {} \; | less -SR | ==List devices== | ||
govc device.ls -vm=/<cluster>/vm/<folder>/<vm>-00001-odf-0 | |||
==datastore.upload== | |||
govc datastore.upload -ds=IPO-01-vsanDatastore boot.3.iso 0b0a8061-420f-77bd-367b-e43d1a863890/boot.3.iso | |||
==datastore.rm== | |||
govc datastore.rm -ds=IPO-01-vsanDatastore 0b0a8061-420f-77bd-367b-e43d1a863890/boot.3.iso | |||
==Eject cdrom== | |||
govc device.cdrom.eject -vm <vm> | |||
==Insert cdrom== | |||
govc device.cdrom.insert -vm <vm> images/boot.iso | |||
==View events from vm== | |||
govc events /<cluster>/vm/<folder>/<vm> | less | |||
==List logs== | |||
List logs from vsphere. | |||
govc logs.ls | |||
List logs from all hostsystems. | |||
govc find . -type h | awk -F / '{print $NF}'| while read HOST ; do echo '*' $HOST ; govc logs.ls -host $HOST ; done | |||
==extend disk== | |||
Find disk to extend | |||
govc device.ls -vm /path/to/your/vm | |||
Extend disk | |||
govc vm.disk.change -vm /path/to/your/vm -disk.label "Hard disk 1" -size 100G | |||
govc vm.disk.change -vm control-plane-1 -disk.name disk-1000-0 -size 100G | |||
=gpg= | |||
Password encryption decryption with gnupg. | |||
gpg -c --force-mdc /temp/shadow | |||
echo "$(gpg -qd /temp/shadow.gpg)" | |||
==create keys== | |||
gpg --full-generate-key | |||
==list secret keys== | |||
gpg --list-secret-keys --keyid-format LONG | |||
==delete secret keys== | |||
gpg --delete-secret-key liza | |||
==list public keys== | |||
gpg --list-public-keys --keyid-format LONG | |||
==export public key== | |||
gpg --armor --export 3AA5C34371567BD2 | |||
==export private key== | |||
gpg --armor --export-secret-keys 3AA5C34371567BD2 | |||
==export secret subkey== | |||
gpg --armor --export-secret-subkeys 3AA5C34371567BD2 | |||
==import keys== | |||
gpg --import pub.key | |||
gpg --import sec.key | |||
gpg --import sub.key | |||
==add trust to private key== | |||
gpg --edit-key 6252FC9A029A2669 trust quit # 5 y | |||
==edit gpg key== | |||
gpg --edit-key 6252FC9A029A2669 | |||
==send gpg key== | |||
gpg --send-key 6252FC9A029A2669 | |||
==delete public key== | |||
gpg --delete-key "User Name" | |||
==change trust level on all keys== | |||
gpg --list-keys --fingerprint |grep pub -A 1|egrep -Ev "pub|--"|tr -d ' ' | awk 'BEGIN { FS = "\n" } ; { print $1":6:" } ' | gpg --import-ownertrust | |||
==get info about gpg encrypted file== | |||
gpg --list-packets crypto-text.pgp | |||
==list keys in gpg file== | |||
gpg --list-packets crypto-text.pgp # | grep keyid | |||
==get public key from command above== | |||
gpg --recv-keys 754817487F42735A | |||
==encrypt file== | |||
gpg --encrypt --recipient user1@inter.net --recipient user2@inter.net --recipient user3@inter.net file.txt | |||
==decrypt gpg file== | |||
gpg --decrypt vpn-0ea602e33ab9c49fd.txt.gpg | |||
==who has encrypted file== | |||
gpg --pinentry-mode cancel --list-packets file.gpg | |||
==remove expired public keys== | |||
for i in $(gpg --list-public-keys --keyid-format LONG 2>&1 | grep -A1 -B1 expired | grep -Ev '^$|^pub|^uid') ; do gpg --delete-key $i ; done | |||
=gphoto2= | |||
Capture photo from the command line linux. | |||
gphoto2 --camera='Canon EOS 40D (PTP mode)' --port=usb: --capture-image-and-download | |||
=graphviz= | |||
Create graph. | |||
dot -Tps /flow -o /tmp/flow.ps | |||
=grep= | |||
Colorize grep output. | |||
grep --color=always -r '10\.7\.' /opt/ongame/ | |||
Show non comment lines ending with a blank. | |||
find . -name '*.properties' -exec grep --color=always -E '^[^#].*\ $' {} \; | less -SR | |||
grep ipaddress from message file. | grep ipaddress from message file. | ||
sudo grep DHCP /var/log/messages | grep -oir --color=always '192\.168\.[0-9]*\.[0-9]*' | sort -u | sudo grep DHCP /var/log/messages | grep -oir --color=always '192\.168\.[0-9]*\.[0-9]*' | sort -u | ||
Line 575: | Line 1,020: | ||
Grep for exact string like \ | Grep for exact string like \ | ||
grep -F \\ blabla.json | grep -F \\ blabla.json | ||
=grepcidr= | |||
grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 | |||
=growpart= | |||
growpart /dev/vda 5 | |||
btrfs filesystem resize max / | |||
=gsettings= | =gsettings= | ||
Line 581: | Line 1,032: | ||
Blinking cursor disable | Blinking cursor disable | ||
gsettings set org.gnome.Terminal.Legacy.Profile:/org/gnome/terminal/legacy/profiles:/:$(gsettings get org.gnome.Terminal.ProfilesList default|tr -d \')/ cursor-blink-mode off | gsettings set org.gnome.Terminal.Legacy.Profile:/org/gnome/terminal/legacy/profiles:/:$(gsettings get org.gnome.Terminal.ProfilesList default|tr -d \')/ cursor-blink-mode off | ||
List settings | |||
gsettings list-recursively | |||
=gsync= | =gsync= | ||
Line 609: | Line 1,062: | ||
# High profile | # High profile | ||
HandBrakeCLI -i DVD -o ~/Movies/movie.mp4 -e x264 -q 20.0 -a 1 -E faac -B 160 -6 dpl2 -R Auto -D 0.0 -f mp4 --strict-anamorphic -m -x ref=2:bframes=2:subme=6:mixed-refs=0:weightb=0:8x8dct=0:trellis=0 | HandBrakeCLI -i DVD -o ~/Movies/movie.mp4 -e x264 -q 20.0 -a 1 -E faac -B 160 -6 dpl2 -R Auto -D 0.0 -f mp4 --strict-anamorphic -m -x ref=2:bframes=2:subme=6:mixed-refs=0:weightb=0:8x8dct=0:trellis=0 | ||
=hashid= | |||
Identify hash strings. | |||
hashid | |||
=heif-convert= | |||
heif-convert image.HEIC new-image.jpg | |||
=hostnamectl= | |||
hostnamectl set-hostname rocky_8_1 | |||
=htmldoc= | =htmldoc= | ||
Line 623: | Line 1,084: | ||
ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up | ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up | ||
ip address alias | ip address alias | ||
ifconfig eth0:0 192.168.1.2 | ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0 | ||
Network configuration Full config. | Network configuration Full config. | ||
echo -e "options timeout:1 attempts:1 | echo -e "options timeout:1 attempts:1 | ||
Line 652: | Line 1,113: | ||
DNS2=10.111.222.254 | DNS2=10.111.222.254 | ||
DOMAIN="halfface.se subdomain.halfface.se" | DOMAIN="halfface.se subdomain.halfface.se" | ||
=imv= | |||
Image viewer for wayland | |||
imv . -f -s full | |||
=ilo= | =ilo= | ||
Line 660: | Line 1,125: | ||
start system | start system | ||
start system1 | start system1 | ||
=install= | =install= | ||
Crete directory | Crete directory | ||
install -d --mode=755 --owner=user --group=group /apps/IP/IPim/var/log | install -d --mode=755 --owner=user --group=group /apps/IP/IPim/var/log | ||
Create empty file | |||
install -o 0664 -o user -g group /dev/null ${ALFRESCO_DIR}/logs/catalina.out | |||
=inotifywathc= | |||
Se what access /dev/random | |||
inotifywatch -v -t 60 /dev/random | |||
=inxi= | |||
inventory report. | |||
inxi -Frmxx | |||
=iostat= | =iostat= | ||
iostat -xtc 5 | iostat -xtc 5 | ||
-x extended statistics. | |||
-t print time for each report. | |||
-c display the cpu utalization report. | |||
-y Omit first report with statistics since the system boot | |||
==iostat -xty 5 1 dm-3== | |||
Linux 2.6.32-573.7.1.el6.x86_64 (machine.se) 12/30/2021 _x86_64_ (12 CPU) | |||
12/30/2021 11:47:42 AM | |||
avg-cpu: %user %nice %system %iowait %steal %idle | |||
0.12 0.00 2.01 4.23 0.00 93.65 | |||
Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util | |||
dm-3 0.00 0.00 5806.20 0.00 1485056.00 0.00 255.77 1.54 0.27 0.17 97.44 | |||
# Explained. | |||
rrqm/s The number of read requests merged per second that were queued to the device. | |||
wrqm/s The number of write requests merged per second that were queued to the device. | |||
r/s The number of read requests that were issued to the device per second. | |||
w/s The number of write requests that were issued to the device per second. | |||
rsec/s The number of sectors read from the device per second. | |||
wsec/s The number of sectors written to the device per second. | |||
avgrq-sz The average size (in sectors) of the requests that were issued to the device. | |||
avgqu-sz The average queue length of the requests that were issued to the device. | |||
await The average time (in milliseconds) for I/O requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them. | |||
svctm The average service time (in milliseconds) for I/O requests that were issued to the device. Warning! Do not trust this field any more. This field will be removed in a future sysstat version. | |||
%util Percentage of elapsed time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%. | |||
=iotop= | |||
iotop with dates for output to logfile. | |||
DATE=$(date '+%Y-%m-%d %H:%M:%S %Z') ; sudo iotop -kbon1 | head -2 | while read i ; do echo $DATE $i ; done | |||
=ip= | =ip= | ||
Add vlan 23 | ==Add vlan 23== | ||
ip link add link eno1 name eno1.23 type vlan id 23 | ip link add link eno1 name eno1.23 type vlan id 23 | ||
View vlan protocol | ==View vlan protocol== | ||
ip -d link show eno1.23 | ip -d link show eno1.23 | ||
Configure vlan | ==Configure vlan== | ||
ip addr add 10.151.23.101/24 brd 10.151.23.255 dev eno1.23 | ip addr add 10.151.23.101/24 brd 10.151.23.255 dev eno1.23 | ||
ip link set dev eno1.23 up | ip link set dev eno1.23 up | ||
create default route | ==create default route== | ||
ip route add default via 192.168.1.254 | ip route add default via 192.168.1.254 | ||
show routing | ==show routing== | ||
ip route show | ip route show | ||
Add static route | more info | ||
ip route show table all | |||
==Add static route== | |||
ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0 | ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0 | ||
Remove static route. | ==Remove static route.== | ||
ip route del 10.10.20.0/24 | ip route del 10.10.20.0/24 | ||
which outgoing interfaces are available. | ==which outgoing interfaces are available.== | ||
ip r l| awk '/src/{print $9}' | ip r l| awk '/src/{print $9}' | ||
Which route is used for ip. | ==Which route is used for ip.== | ||
ip route get 192.168.122.252 | ip route get 192.168.122.252 | ||
route subnet over interface. | ==route subnet over interface.== | ||
sudo ip route add 145.251.242.0/24 dev tun0 | sudo ip route add 145.251.242.0/24 dev tun0 | ||
Show ipaddress on interface tun0 | ==Show ipaddress on interface tun0== | ||
ip address show tun0 | ip address show tun0 | ||
vlan tag interface. | ==vlan tag interface.== | ||
ip link add link eth0 name eth0.8 type vlan id 8 | ip link add link eth0 name eth0.8 type vlan id 8 | ||
set ip on interface. | ==set ip on interface.== | ||
ip addr add 192.168.50.5 dev eth1 | ip addr add 192.168.50.5 dev eth1 | ||
set secondary ip on interface | ip addr add 192.168.50.5/24 dev eth1 | ||
ip addr add 192.168. | |||
remove ip address. | ==set secondary ip on interface== | ||
ip addr add 192.168.1.2/24 dev eth0 | |||
==remove ip address.== | |||
ip addr del 192.168.50.5/24 dev eth1 | ip addr del 192.168.50.5/24 dev eth1 | ||
enable interface | ==enable interface== | ||
ip link set eth1 up | ip link set eth1 up | ||
list arp entries. | ==disable interface== | ||
ip link set eth1 down | |||
==list arp entries.== | |||
ip neigh show | ip neigh show | ||
local routing table | ==local routing table== | ||
ip route list table local | ip route list table local | ||
rule base routing. List rules | ==rule base routing. List rules== | ||
ip rule show | ip rule show | ||
Disable traffic to an ipaddress. | ==show multicast networks== | ||
ip maddr show | |||
==Disable traffic to an ipaddress.== | |||
ip route add blackhole 10.151.19.151 | ip route add blackhole 10.151.19.151 | ||
==dynamic/random mac wifi disable== | |||
MAC=$(ip link show | grep link/ | grep -v 00:00:00:00:00:00 | awk '{print $2}') ; nmcli -f TYPE,NAME connection show | grep ^wifi | sed 's/^wifi *//g' | while read i ; do echo '*' $i ; nmcli connection modify "${i}" 802-11-wireless.cloned-mac-address $MAC ; done | |||
=ipcalc= | =ipcalc= | ||
Line 726: | Line 1,241: | ||
What is the power consumtion of dell server. | What is the power consumtion of dell server. | ||
ipmitool -I lanplus -H 127.0.0.1 -U root -P calvin delloem powermonitor | ipmitool -I lanplus -H 127.0.0.1 -U root -P calvin delloem powermonitor | ||
ipmitool lan print | |||
ipmitool sdr list | |||
=iptables= | =iptables= | ||
Show iptables OUTPUT, PREROUTING and POSTROUTING | ==Show iptables OUTPUT, PREROUTING and POSTROUTING== | ||
iptables --table nat --list --exact --verbose --numeric --line-number | iptables --table nat --list --exact --verbose --numeric --line-number | ||
Show config | ==Show config== | ||
iptables -L -t nat -n | iptables -L -t nat -n | ||
Dnat to localhost. | ==Dnat to localhost.== | ||
iptables -t nat -I PREROUTING --source 131.115.115.53 -p tcp --dport 22 -j REDIRECT --to-ports 222 | iptables -t nat -I PREROUTING --source 131.115.115.53 -p tcp --dport 22 -j REDIRECT --to-ports 222 | ||
iptables -t nat -I OUTPUT --source 131.115.115.53 --destination 127.0.0.1 -p tcp --dport 22 -j REDIRECT --to-ports 222 | iptables -t nat -I OUTPUT --source 131.115.115.53 --destination 127.0.0.1 -p tcp --dport 22 -j REDIRECT --to-ports 222 | ||
Flush all rules. | ==Flush all rules.== | ||
iptables -F | iptables -F | ||
Line 747: | Line 1,264: | ||
iptables -P OUTPUT ACCEPT | iptables -P OUTPUT ACCEPT | ||
Block | ==Block== | ||
iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j DROP | iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j DROP | ||
iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j REJECT | iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j REJECT | ||
Block outgoing mail | ==Block outgoing mail== | ||
iptables -A OUTPUT -p tcp --dport 25 -o $INTERFACE -j REJECT | iptables -A OUTPUT -p tcp --dport 25 -o $INTERFACE -j REJECT | ||
Block all traffic except ssh in/out log to syslog. | ==Block all traffic except ssh in/out log to syslog.== | ||
iptables -P INPUT DROP | iptables -P INPUT DROP | ||
iptables -P OUTPUT DROP | iptables -P OUTPUT DROP | ||
Line 765: | Line 1,282: | ||
iptables -A OUTPUT -m state --state NEW -m tcp -p tcp -j LOG --log-level info --log-prefix "dropped-out" | iptables -A OUTPUT -m state --state NEW -m tcp -p tcp -j LOG --log-level info --log-prefix "dropped-out" | ||
Block traffic on certain port. | ==Block traffic on certain port.== | ||
iptables -A INPUT -p tcp --dport 7009 -j REJECT | iptables -A INPUT -p tcp --dport 7009 -j REJECT | ||
Fake source | ==Fake source== | ||
iptables -t nat -A POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}" &>/dev/null | iptables -t nat -A POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}" &>/dev/null | ||
# Remove the current rules | # Remove the current rules | ||
iptables -t nat -D POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}" | iptables -t nat -D POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}" | ||
==redirect ip== | |||
Send traffic destined for one ip and port to another ip and port. | |||
iptables -t nat -A OUTPUT -p tcp -d 146.213.6.7 --dport 1023 -j DNAT --to-destination 10.199.150.111:1023 | |||
iptables -t nat -A OUTPUT -p icmp -d 146.213.6.7 -j DNAT --to-destination 10.199.150.111 | |||
==allow trafic from subnet== | |||
iptables -A INPUT -s 172.16.27.0/24 -j ACCEPT | |||
==allow ssh from all== | |||
iptables -A INPUT -p tcp -dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |||
iptables -A OUTPUT -p tcp -dport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |||
or | |||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |||
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT | |||
==find which rule is blocking by removing one at a time. Better way is to enable logging== | |||
iptables -L -n --line-numbers | |||
iptables -D <line-number> | |||
==List rules from OUTPUT chain with line number== | |||
iptables -t filter -L OUTPUT --line-numbers -n | |||
==Add rule to specific row number== | |||
iptables -I OUTPUT $ROW_NUMBER -d 54.72.175.186/32 -p tcp -m tcp --dport 443 -j ACCEPT | |||
=irc= | =irc= | ||
Line 791: | Line 1,328: | ||
john -wordlist:password.lst passfile.txt | john -wordlist:password.lst passfile.txt | ||
=journalctl= | =journalctl= | ||
View log from last day. | ==View log from last day.== | ||
journalctl --since yesterday | journalctl --since yesterday | ||
List all units. | ==List all units.== | ||
systemctl list-unit-files | systemctl list-unit-files | ||
Current disk usage. | ==Current disk usage.== | ||
journalctl --disk-usage | journalctl --disk-usage | ||
Show only certain error level. (err crit) | ==Show only certain error level. (err crit)== | ||
journalctl -p err | journalctl -p err | ||
List boots | ==List boots== | ||
journalctl --list-boots | journalctl --list-boots | ||
Show events between two time stamps. | ==Show events between two time stamps.== | ||
journalctl --since "2017-01-23 05:56:42" --until "2017-01-23 07:56:42" | journalctl --since "2017-01-23 05:56:42" --until "2017-01-23 07:56:42" | ||
==show entries for one unit.== | |||
journalctl -u openvpn-server@server | |||
journalctl -u sshd -f | |||
==iptables logs== | |||
journalctl -k -f | grep -i iptables | |||
==wipe logs== | |||
journalctl --vacuum-time=1h | |||
==compare two different boots== | |||
journalctl --since "$(date '+%F %H:%M:%S' --date '-10 hour')" -u NetworkManager -b -1 -o cat | sed 's/\[[0-9.]*\]//g' | |||
==persistent logging== | |||
Enable persistent logging in systemd-journald. grep journal /usr/lib/tmpfiles.d/systemd.conf. Install syslog instead. | |||
mkdir /var/log/journal | |||
chmod 2755 /var/log/journal | |||
chown root:systemd-journal /var/log/journal | |||
killall -USR1 systemd-journald | |||
=jpegtran= | =jpegtran= | ||
Line 809: | Line 1,362: | ||
# Rotate counter clockwise. | # Rotate counter clockwise. | ||
jpegtran -copy all -rotate 270 2012-08-18_15-06-43.jpg > 2012-08-18_15-06-43_270.jpg | jpegtran -copy all -rotate 270 2012-08-18_15-06-43.jpg > 2012-08-18_15-06-43_270.jpg | ||
= | =kdump= | ||
Change action to dump memory. | |||
/etc/kdump.conf | |||
core_collector true | |||
Reload config. | |||
systemctl restart kdump | |||
=keepass= | |||
Create database | |||
printf '%s\n' 'P@55Word'{,} | keepassxc-cli db-create -p -q keepassxc_abjorklund.kdbx | |||
Add entry to database. | |||
keepassxc-cli add keepassxc_abjorklund.kdbx abjorklund | |||
Copy password from password entry | |||
keepassxc-cli clip keepassxc_abjorklund.kdbx abjorklund | |||
=keyboard= | =keyboard= | ||
Line 854: | Line 1,404: | ||
Show failed ssh logins. | Show failed ssh logins. | ||
lastb | lastb | ||
=less= | |||
Toggle line wrap | |||
- -> S | |||
tail with less. CTRL + c = scroll around. SHIFT + f = to tail again. | |||
less +F -B /tmp/tmp | |||
=lftp= | |||
lftp -u user,password $ftp_server | |||
With proxy. | |||
lftp -e "set ftp:proxy http://<url>:3128 ; set ssl:verify-certificate no; open -u user,password ftp://ftp.example.se/" | |||
Workaround. | |||
lftp -e 'set ftp:use-feat false; set ftp:ssl-allow false' -u user,passwor ftp.example.se | |||
=ln= | =ln= | ||
Create link even if it exists. | Create link even if it exists. | ||
Line 883: | Line 1,445: | ||
Force logrotate in verbose mode. | Force logrotate in verbose mode. | ||
logrotate -v -f /etc/logrotate.conf | logrotate -v -f /etc/logrotate.conf | ||
Create logrotate config entry. | |||
# Configure log rotation. | |||
cat << EOF > /etc/logrotate.d/ipmonperfj_cleanupdaemon | |||
/directory/logs/cleanupdaemon.log { | |||
copytruncate | |||
size 100M | |||
rotate 60 | |||
compress | |||
missingok | |||
olddir old | |||
} | |||
EOF | |||
Disable logrotate. Look for file extension to ignore. | |||
man logrotate.conf, you can read find tabooext | |||
Ex. mv /etc/logrotate.d/mysql{,.rpmsave} | |||
=losetup= | =losetup= | ||
Create loopback devices for partitions in image | Create loopback devices for partitions in image. Force the kernel to scan the partition table on a newly created loop device | ||
losetup -P /dev/loop2 harddrive.img | losetup -P /dev/loop2 harddrive.img | ||
Set up next available device read only. | |||
losetup -f -r /temp/rb-slog05/sda6 | |||
Show all | |||
losetup -a | |||
detatach | |||
losetup -d /dev/loop2 | |||
=ls= | =ls= | ||
Line 892: | Line 1,475: | ||
List processes in epoch date | List processes in epoch date | ||
( cd /proc; ls -rtd --full-time --time-style=+%s [0123456789]*; ) | ( cd /proc; ls -rtd --full-time --time-style=+%s [0123456789]*; ) | ||
List memory modules | =lshw= | ||
==List memory modules== | |||
lshw -C memory | lshw -C memory | ||
= | |||
Is cpu 32 or 64bit. | ==Is cpu 32 or 64bit.== | ||
lshw -class processor | lshw -class processor | ||
Line 901: | Line 1,485: | ||
List recurivly all process that have a path open. | List recurivly all process that have a path open. | ||
lsof +D /apps/ | lsof +D /apps/ | ||
which ports has a process opened? | |||
lsof -Pan -p 13354 -i | |||
=which process listen to port= | |||
lsof -i :443 | |||
=mail= | =mail= | ||
command line mail with changed from | command line mail with changed from | ||
echo message | mail -s Subject -r from@inter.net reciever@inter.net | echo message$(date +%F_%H-%M-%S) | mail -s Subject$(date +%F_%H-%M-%S) -r from@inter.net reciever@inter.net | ||
command line mail with changed from with attachment | command line mail with changed from with attachment | ||
echo message | mail -s Subject -r from@inter.net -a /attach.ment reciever@inter.net | echo message | mail -s Subject -r from@inter.net -a /attach.ment reciever@inter.net | ||
Change default sender. | |||
# ~/.mailrc | |||
# From address for mailx. | |||
set from="root degn.redbridge.se <abjorklund@redbridge.se>" | |||
set replyto="root degn.redbridge.se <abjorklund@redbridge.se>" | |||
=man= | =man= | ||
Line 914: | Line 1,507: | ||
man clean for output to file. | man clean for output to file. | ||
man [manual] | col -b > file.txt | man [manual] | col -b > file.txt | ||
Read from section 5 | |||
man man.5 | |||
=mbr= | =mbr= | ||
Line 921: | Line 1,516: | ||
restore mbr | restore mbr | ||
# dd if=/temp/sdx-mbr of=/dev/sdX bs=446 count=1 | # dd if=/temp/sdx-mbr of=/dev/sdX bs=446 count=1 | ||
=mdadm= | |||
Add disk that was lost | |||
mdadm /dev/md125 -a /dev/vda1 | |||
=minimodem= | =minimodem= | ||
Transmit file via audio. | Transmit file via audio. | ||
Line 929: | Line 1,528: | ||
=mkfs= | =mkfs= | ||
Create fat32 file system. | Create fat32 file system. | ||
mkfs.vfat -F 32 /dev/ | dd if=/dev/zero of=/tmp/sdb bs=32M status=progress conv=fdatasync count=10 | ||
fdisk /tmp/sdb | |||
n | |||
<accept all defaults> | |||
t | |||
b | |||
p | |||
w | |||
mkfs.vfat -F 32 -n MYDRIVE /tmp/sdb1 | |||
==mkfs.ext4== | |||
Create ext4 filesystem. Overwrite. Label and root reserved to 0. | |||
mkfs.ext4 -F -L looted_storage -m 0 /dev/sda1 | |||
=mkpasswd= | |||
Create a password hash | |||
echo password | mkpasswd -m sha-512 -s | |||
=mogrify= | =mogrify= | ||
Line 935: | Line 1,549: | ||
mogrify -resize 800 *.jpg | mogrify -resize 800 *.jpg | ||
=mount= | =mount= | ||
Mount a temporary ram | Mount a temporary ram partition | ||
mount -t tmpfs tmpfs /mnt -o size=1024 | mount -t tmpfs tmpfs /mnt -o size=1024 | ||
Mount a | Mount a cifs filesystem and change owner on mountpoint. | ||
mount.cifs -o credentials=/home/user/cifs.credentials,gid=1004,uid=1004 //server/c$ /mnt/cifs | mount.cifs -o credentials=/home/user/cifs.credentials,gid=1004,uid=1004 //server/c$ /mnt/cifs | ||
Disallow normal user to ps. If not belonging to gid 1001. | Disallow normal user to ps. If not belonging to gid 1001. | ||
Line 952: | Line 1,566: | ||
mplayer in ascii mode. | mplayer in ascii mode. | ||
mplayer -monitoraspect 4:3 -vo aa LinaFreestyler.avi | mplayer -monitoraspect 4:3 -vo aa LinaFreestyler.avi | ||
mplayer -vo aa -monitorpixelaspect 0.5 *.mp4 | |||
mplayer on second soundcard. | mplayer on second soundcard. | ||
mplayer -ao oss:/dev/dsp *.mp3 | mplayer -ao oss:/dev/dsp *.mp3 | ||
Line 978: | Line 1,593: | ||
Combine mp4 files | Combine mp4 files | ||
MP4Box -add file1.mp4 -add file2.mp4 output.mp4 | MP4Box -add file1.mp4 -add file2.mp4 output.mp4 | ||
=mpstat= | |||
top like output of system usage | |||
mpstat 5 5 | |||
=mtr= | =mtr= | ||
ping and traceroute combined. | ping and traceroute combined. | ||
mtr -rc 10 | mtr -rc 10 8.8.8.8 | ||
=mutt= | =mutt= | ||
Line 1,004: | Line 1,621: | ||
echo "email@inter.net testing" | mutt -e "unignore list-id" email@inter.net | echo "email@inter.net testing" | mutt -e "unignore list-id" email@inter.net | ||
=multilog= | =multilog= | ||
split standard output to logfiles. In this case keep specific size. 10000B. 5 logfiles. http://blog.teksol.info/pages/daemontools/best-practices | split standard output to logfiles. In this case keep specific size. t means to prepend a TAI timestamp on each line. 10000B. 5 logfiles. tai64nlocal program simply reads stdin and replaces TAI timestamps with human-readable ones. http://blog.teksol.info/pages/daemontools/best-practices. Compress rotated logfiles. | ||
mkdir /tmp/myapp | mkdir /tmp/myapp ; ./myapp | multilog t s10000 n5 '!tai64nlocal' '!gzip' /tmp/myapp 2>&1 | ||
=nc (netcat)= | =nc (netcat)= | ||
==Check communication.== | |||
listen on port 3333. | listen on port 3333. | ||
nc - | nc -kl 3333 | ||
talk to port 3333. | talk to port 3333. | ||
nc 192.168.0.1 3333 | nc 192.168.0.1 3333 | ||
==Transfer data== | |||
Cat file, calculate size listen on port 3333. | Cat file, calculate size listen on port 3333. | ||
cat backup.iso | pv -b | nc -l 3333 | cat backup.iso | pv -b | nc -l 3333 | ||
Line 1,021: | Line 1,637: | ||
nc 192.168.0.1 3333 | pv -b > backup.iso | nc 192.168.0.1 3333 | pv -b > backup.iso | ||
==Setup telnet server== | |||
nc -L -l -p1234 -d -e cmd.exe | nc -L -l -p1234 -d -e cmd.exe | ||
==Test connection.== | |||
nc -w2 -znv 10.1.22.31 7222 | nc -w2 -znv 10.1.22.31 7222 | ||
==tunnel== | |||
On the server, we open a listener on the TCP port 6667 which will forward data to UDP port 53 of a specified IP. If you want to do DNS forwarding like me, you can take the first nameserver's IP you will find in /etc/resolv.conf - in this example, this is 192.168.1.1. But first, we need to create a fifo. The fifo is necessary to have two-way communication between the two channels. A simple shell pipe would only communicate left process' standard output to right process' standard input. | On the server, we open a listener on the TCP port 6667 which will forward data to UDP port 53 of a specified IP. If you want to do DNS forwarding like me, you can take the first nameserver's IP you will find in /etc/resolv.conf - in this example, this is 192.168.1.1. But first, we need to create a fifo. The fifo is necessary to have two-way communication between the two channels. A simple shell pipe would only communicate left process' standard output to right process' standard input. | ||
Line 1,033: | Line 1,649: | ||
nc -l -p 6667 < /tmp/fifo | nc -u 192.168.1.1 53 > /tmp/fifo | nc -l -p 6667 < /tmp/fifo | nc -u 192.168.1.1 53 > /tmp/fifo | ||
==Dont eat up standard output.== | |||
nc -v --send-only --recv-only localhost 22 | nc -v --send-only --recv-only localhost 22 | ||
Talk to pop3 server over ssl. | ==Talk to pop3 server over ssl.== | ||
nc --ssl mail.tele2.se 995 | nc --ssl mail.tele2.se 995 | ||
==Talk to pop server== | |||
nc -C mail.tele2.se 25 | |||
==Talk to web server== | |||
URL_SSL=halfface.se ; echo -e "HEAD / HTTP/1.1\nHost: ${URL_SSL}\n\n" | nc --ssl ${URL_SSL} 443 | |||
echo -e 'GET /users/password/new HTTP/1.1\r\nHost: localhost\r\nConnection: Close\r\n\r\n' | nc localhost 80 | head | |||
To overcome problems with nc closing connection too fast. | |||
(echo -en 'GET / HTTP/1.1\r\nHost: 172.30.156.15\r\nConnection: close\r\n\r\n'; sleep .1) | nc 172.30.156.15 80 | head -30 | |||
nc --no-shutdown -v 172.30.156.15 80 <<<$(echo -en 'GET / HTTP/1.1\r\nHost: 172.30.156.15\r\nConnection: close\r\n\r\n') | |||
=ncdu= | |||
disk usage. Stay in one filesystem. | |||
ncdu -x / | |||
=net= | =net= | ||
Start service via samba. | Start service via samba. | ||
net rpc service start ipremote -I 172.17.255.99 -U 'domain/user%password' | net rpc service start ipremote -I 172.17.255.99 -U 'domain/user%password' | ||
=netstat= | =netstat= | ||
Look at network connections. tcp/ip4. | Look at network connections. tcp/ip4. | ||
netstat -4anpt | netstat -4anpt | ||
Look at multicast groups | |||
netstat -g | |||
What does it mean?= | |||
ESTABLISHED | |||
The socket has an established connection. | |||
SYN_SENT | |||
The socket is actively attempting to establish a connection. | |||
SYN_RECV | |||
A connection request has been received from the network. | |||
FIN_WAIT1 | |||
The socket is closed, and the connection is shutting down. | |||
FIN_WAIT2 | |||
Connection is closed, and the socket is waiting for a shutdown | |||
from the remote end. | |||
TIME_WAIT | |||
The socket is waiting after close to handle packets still in the | |||
network. | |||
CLOSE The socket is not being used. | |||
CLOSE_WAIT | |||
The remote end has shut down, waiting for the socket to close. | |||
LAST_ACK | |||
The remote end has shut down, and the socket is closed. Waiting | |||
for acknowledgement. | |||
LISTEN The socket is listening for incoming connections. Such sockets | |||
are not included in the output unless you specify the | |||
--listening (-l) or --all (-a) option. | |||
CLOSING | |||
Both sockets are shut down but we still don't have all our data | |||
sent. | |||
UNKNOWN | |||
The state of the socket is unknown. | |||
==statistics== | |||
netstat -s | |||
netstat -s | retransmit | |||
=nmap= | =nmap= | ||
Scan for open ssh ports. | Scan for open ssh ports. | ||
nmap -p 22 --open -sV 10.0.0.* | nmap -p 22 --open -sV 10.0.0.* | ||
nmap -p 22 -sV --open -oG - $(ip -4 a s $(ip route show default | awk '{print $5}') | grep inet | awk '{print $2}') | awk '/\/open\// {print $2,$3}' | |||
Syn scan. | |||
nmap -P0 -sS -p1023 www.halfface.se | nmap -P0 -sS -p1023 www.halfface.se | ||
Ping scan. Do not resolve. | |||
nmap -sn -n 10.127.254.1-254 | nmap -sn -n 10.127.254.1-254 | ||
Which ciphers are allowed. | |||
nmap --script ssl-enum-ciphers -p 465 www.halfface.se | nmap --script ssl-enum-ciphers -p 465 www.halfface.se | ||
arp scan. | |||
nmap -PR 192.168.0.0/24 | nmap -PR 192.168.0.0/24 | ||
which kex_algorithms server_host_key_algorithms encryption_algorithms compression_algorithms | |||
nmap --script ssh2-enum-algos -sV -p 22 ssh.server.inter.net | nmap --script ssh2-enum-algos -sV -p 22 ssh.server.inter.net | ||
Which manufacturer. | |||
nmap -sn 10.111.222.0/24 | |||
=nmcli= | =nmcli= | ||
manage network from cli | ==List connections== | ||
nmcli con | |||
==rename connection== | |||
nmcli connection modify <old_name> con-name <new_name> | |||
==manage network from cli== | |||
http://fedoraproject.org/wiki/Networking/CLI | http://fedoraproject.org/wiki/Networking/CLI | ||
Connect to a configured connection by name | ==Connect to a configured connection by name== | ||
nmcli connection up WireLess | nmcli connection up WireLess | ||
Disconnection by name | ==Disconnection by name== | ||
nmcli connection down Wireless | nmcli connection down Wireless | ||
Connect to remembered network. | ==Connect to remembered network.== | ||
nmcli con up '[-_-] halfface 5' | nmcli con up '[-_-] halfface 5' | ||
List available wireless networks. | ==List available wireless networks.== | ||
nmcli device wifi list | nmcli device wifi list | ||
Generate list of available wireless networks. | ==Generate list of available wireless networks.== | ||
nmcli device wifi rescan | nmcli device wifi rescan | ||
==Create connection for wireless network.== | |||
nmcli device wifi connect Bredband password P4ssM0rd | nmcli device wifi connect Bredband password P4ssM0rd | ||
List networks on specific interface. | ==Connect to specific bssid== | ||
nmcli connection modify MyWifiConnection 802-11-wireless.bssid 00:11:22:33:44:55 | |||
==List networks on specific interface.== | |||
nmcli device wifi list ifname wlp0s18f2u4 | nmcli device wifi list ifname wlp0s18f2u4 | ||
Disconnect network interface. | ==Disconnect network interface.== | ||
nmcli device disconnect wlp0s18f2u4 | nmcli device disconnect wlp0s18f2u4 | ||
==Manually setup interface.== | |||
nmcli con add con-name "static-ens32" ifname ens32 type ethernet ip4 xxx.xxx.120.44/24 gw4 xxx.xxx.120.1 | |||
nmcli con mod "static-ens32" ipv4.dns "xxx.xxx.120.1,8.8.8.8" | |||
nmcli con up "static-ens32" iface ens32 | |||
==list devices.== | |||
nmcli device status | |||
==list connections.== | |||
nmcli connection show | |||
==delete connection== | |||
nmcli con delete "Wired connection 1" | |||
==add connection with static ip.== | |||
nmcli con add con-name ens224 ifname ens224 type ethernet ip4 172.30.109.16/24 | |||
==show properties for connection== | |||
nmcli dev show ens224 | |||
==set dns server== | |||
nmcli connection modify enp1s0 ipv4.dns "10.111.222.2,8.8.8.8" | |||
==edit== | |||
nmcli con edit $connection | |||
print all | |||
==autostart== | |||
nmcli connection modify IFNAME connection.autoconnect yes|no | |||
==dhcp option== | |||
nmcli -f DHCP4 device show eth0 | |||
==Make network a bridge interface== | |||
sudo nmcli con add ifname br0 type bridge con-name br0 | |||
sudo nmcli con add type bridge-slave ifname <network_card> master br0 | |||
sudo nmcli con modify br0 bridge.stp no | |||
sudo nmcli con down "Wired connection 1" | |||
sudo nmcli con up br0 | |||
=nohup= | =nohup= | ||
Line 1,089: | Line 1,792: | ||
nping -c 1 --tcp -p 80 www.halfface.se | nping -c 1 --tcp -p 80 www.halfface.se | ||
=nth= | |||
Name That Hash | |||
nth --text '$y$j9T$jogs61gwDHB6L1oEwHeR00$L4cfYqkxKzS8dtkC5hPXFRMOIcEl6q5VKIkngrRGFM0' | |||
=ntfs-3g= | =ntfs-3g= | ||
mount ntfs filesystem. read and write. | mount ntfs filesystem. read and write. | ||
Line 1,097: | Line 1,803: | ||
/dev/sda3 /media/e_drive ntfs-3g ro,defaults,umask=0222 0 0 | /dev/sda3 /media/e_drive ntfs-3g ro,defaults,umask=0222 0 0 | ||
/dev/sda1 /media/c_drive ntfs-3g rw,defaults,umask=0000 0 0 | /dev/sda1 /media/c_drive ntfs-3g rw,defaults,umask=0000 0 0 | ||
Create ntfs partition. | |||
fdisk 7 | |||
mkfs.ntfs /dev/sdx1 | |||
=numbers= | =numbers= | ||
Line 1,102: | Line 1,811: | ||
bash: | bash: | ||
echo {1..10} | echo {1..10} | ||
=numfmt= | |||
iec=accept optional single letter suffix. No output suffix. Remove B from input. change format of output, mb ,gb and so on. | |||
numfmt --from=iec --to=none --suffix=B 8.7KB | |||
=nwipe (dban)= | =nwipe (dban)= | ||
Wipe your disk | Wipe your disk | ||
Line 1,109: | Line 1,822: | ||
multicast ping | multicast ping | ||
omping -c10 10.111.222.118 10.111.222.121 | omping -c10 10.111.222.118 10.111.222.121 | ||
=openvpn3= | |||
==Install openvpn fedora 38+ /etc/yum.repos.d/_copr\:copr.fedorainfracloud.org\:dsommers\:openvpn3-devsnapshots.repo== | |||
[copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots] | |||
name=Copr repo for openvpn3-devsnapshots owned by dsommers | |||
baseurl=https://download.copr.fedorainfracloud.org/results/dsommers/openvpn3-devsnapshots/fedora-$releasever-$basearch/ | |||
type=rpm-md | |||
skip_if_unavailable=True | |||
gpgcheck=1 | |||
gpgkey=https://download.copr.fedorainfracloud.org/results/dsommers/openvpn3-devsnapshots/pubkey.gpg | |||
repo_gpgcheck=0 | |||
enabled=1 | |||
enabled_metadata=1 | |||
==Install package from above.== | |||
dnf install openvpn3-client | |||
==Add configuration== | |||
OPENVPN_CONFIG=<name> ; openvpn3 config-import --name "$OPENVPN_CONFIG" --persistent --config "$OPENVPN_CONFIG".ovpn | |||
==List configs== | |||
openvpn3 configs-list | |||
==Remove config== | |||
openvpn3 config-remove --config <config-name> | |||
==Connect== | |||
openvpn3 session-start --config <config-name> | |||
==Disconnect== | |||
openvpn3 session-manage --config <config-name> --disconnect | |||
==Connect to the log with debug enabled. This can be run in a different terminal window after the connection has been started.== | |||
openvpn3 log --config <config-name> --log-level 6 | |||
==Show active sessions== | |||
openvpn3 sessions-list | |||
==Show statistics for an active session== | |||
openvpn3 session-stats --config <config-name> | |||
==Show configuration settings== | |||
openvpn3 config-manage --config <config-name> --show | |||
==sessions disconnect== | |||
openvpn3 sessions-list | grep Path | awk '{print $2}' | while read OPENVPN_PATH ; do echo $OPENVPN_PATH ; openvpn3 session-manage --session-path $OPENVPN_PATH --disconnect ; done | |||
==View config files== | |||
sudo find /var/lib/openvpn3/configs/ -type f | |||
=openssl= | =openssl= | ||
Grab the public key. | ==Grab the public key.== | ||
openssl s_client -connect www.halfface.se:443 </dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl s_client -connect www.halfface.se:443 </dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | ||
What does the ssl cert look like. | ==What does the ssl cert look like.== | ||
echo | openssl s_client -connect | HOST=www.halfface.se ; PORT=443 ; echo | openssl s_client -connect ${HOST}:${PORT} -servername ${HOST}| openssl x509 -ext subjectAltName -noout -startdate -enddate -subject -issuer -nameopt RFC2253,sep_comma_plus_space | ||
What does crl look like. | |||
==What does crl look like. (Certificate Revocation List)== | |||
openssl crl -inform PEM -text -noout -in crl.pem | openssl crl -inform PEM -text -noout -in crl.pem | ||
Connect to ssl server | |||
==Connect to ssl server== | |||
echo hello | openssl s_client -connect www.halfface.se:8140 | echo hello | openssl s_client -connect www.halfface.se:8140 | ||
Connect to ssl server -cipher NULL,LOW | ==Connect to ssl server -cipher NULL,LOW== | ||
echo hello | openssl s_client -connect www.halfface.se:8140 | echo hello | openssl s_client -connect www.halfface.se:8140 | ||
Connect with openssl v3 | ==Connect with openssl v3== | ||
openssl s_client -ssl3 -connect ipmon01.dupont:443 | openssl s_client -ssl3 -connect ipmon01.dupont:443 | ||
Connect with low security cipher | ==Connect with low security cipher== | ||
echo X | openssl s_client -cipher NULL,LOW -connect www.halfface.se:8140 | echo X | openssl s_client -cipher NULL,LOW -connect www.halfface.se:8140 | ||
PEM convert to DER | ==PEM convert to DER== | ||
openssl x509 -inform PEM -in /file.pem -outform DER file.der | |||
p12 to cer | ==p12 to cer== | ||
openssl pkcs12 -in infile.p12 -out outfile.cer -nodes | openssl pkcs12 -in infile.p12 -out outfile.cer -nodes | ||
Extract p12 password protected keys in | Export public | ||
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin pass:<password> | |||
export CERT=<cert>.p12 ; export PASS=<pass> ; openssl pkcs12 -in $CERT -out ${CERT}.pem -clcerts -nokeys -passin pass:${PASS} | |||
Export private | |||
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes -passin pass:<password> | |||
export CERT=<cert>.p12 ; export PASS=<pass> ; openssl pkcs12 -in $CERT -out ${CERT}.key -clcerts -nodes -passin pass:${PASS} | |||
==p7b to pem== | |||
openssl pkcs7 -print_certs -in <certificate>.p7b -out certificate.pem | |||
==pfx to pem== | |||
Complete file. | |||
openssl pkcs12 -in filename.pfx -out cert.pem -nodes | |||
Get private cert. Then remove password. Decrypt | |||
openssl pkcs12 -in filename.pfx -nocerts -out key.pem | |||
openssl rsa -in key.pem -out server.key | |||
Get public cert. | |||
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem | |||
==Extract p12 password protected keys in== | |||
openssl pkcs12 -in /file.p12 -passin file:/password -nokey -nodes -out /file.nokeys | openssl pkcs12 -in /file.p12 -passin file:/password -nokey -nodes -out /file.nokeys | ||
Encrypt file | openssl pkcs12 -info -in </path/to/file.pfx> -passin pass:<pfx's password> | ||
==Encrypt file== | |||
openssl aes-256-cbc -a -salt -in file -out file,encoded -passin file:passfile | openssl aes-256-cbc -a -salt -in file -out file,encoded -passin file:passfile | ||
Decrypte file | ==Decrypte file== | ||
openssl aes-256-cbc -d -a -salt -in file -out file,encoded -passin file:passfile | openssl aes-256-cbc -d -a -salt -in file -out file,encoded -passin file:passfile | ||
Install new root ca | ==Install new root ca== | ||
# Change to the directory: | # Change to the directory: | ||
cd /etc/pki/tls/certs | cd /etc/pki/tls/certs | ||
Line 1,153: | Line 1,924: | ||
Check ca store files. | Check ca store files. | ||
find . -name '*.pem' | while read PEM ; do echo '###' ${PEM} '###';ls -la "${PEM}" ; set -x ; curl --cacert "${PEM}" https://site.test.net/index.htm. | find . -name '*.pem' | while read PEM ; do echo '###' ${PEM} '###';ls -la "${PEM}" ; set -x ; curl --cacert "${PEM}" https://site.test.net/index.htm. | ||
Verify pop3 connectivity. | ==Verify pop3 connectivity.== | ||
openssl s_client -crlf -connect mail.tele2.se:110 -starttls pop3 | openssl s_client -crlf -connect mail.tele2.se:110 -starttls pop3 | ||
USER yiming | USER yiming | ||
Line 1,162: | Line 1,933: | ||
TOP [message_num] [n] – returns the top n lines of the message denoted by message number. | TOP [message_num] [n] – returns the top n lines of the message denoted by message number. | ||
QUIT command will end the session. | QUIT command will end the session. | ||
Create wildcard self signed certificate. | ==Create wildcard self signed certificate.== | ||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout wildcard.test.internal.zone.key -out wildcard.test.internal.zone.crt | openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout wildcard.test.internal.zone.key -out wildcard.test.internal.zone.crt | ||
Common Name (eg, your name or your server's hostname) []:*.test.internal.zone | Common Name (eg, your name or your server's hostname) []:*.test.internal.zone | ||
Verify certificate chain | ==Verify certificate chain== | ||
openssl verify -CAfile Thawte_Primary_Root_CA.pem -untrusted thawte_SSL_CA_G2.cer www.halfface.se.pem | openssl verify -CAfile Thawte_Primary_Root_CA.pem -untrusted thawte_SSL_CA_G2.cer www.halfface.se.pem | ||
Look at certificate chain. | |||
openssl s_client -connect www.halfface.se:443 | |||
CONNECTED(00000003) | |||
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 | |||
verify return:1 | |||
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |||
verify return:1 | |||
depth=0 CN = www.halfface.se | |||
verify return:1 | |||
--- | |||
Certificate chain | |||
0 s:CN = www.halfface.se | |||
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |||
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |||
i:O = Digital Signature Trust Co., CN = DST Root CA X3 | |||
--- | |||
Verify chain. | |||
openssl s_client -showcerts -verify 5 -connect www.halfface.se:443 < /dev/null 2>&1 | |||
=pam= | ==Connect to smtp server via ssl.== | ||
Troubleshooting pam. | openssl s_client -crlf -ign_eof -connect www.halfface.se:25 -starttls smtp -quiet | ||
EHLO halfface.se | |||
AUTH LOGIN | |||
$(echo -n "username" | base64) | |||
$(echo -n "password" | base64) | |||
MAIL FROM:anden@halfface.se | |||
RCPT TO:<anden@halfface.se> | |||
DATA | |||
Subject: Test from cli. | |||
This is a test email. | |||
. | |||
QUIT | |||
==Connect to imap== | |||
openssl s_client -crlf -connect www.halfface.se:993 | |||
openssl s_client -showcerts -connect www.halfface.se:143 -starttls imap | |||
Login | |||
tag login abjorklund ${PASSWORD} | |||
List mailboxes | |||
tag LIST "" "*" | |||
Log out | |||
tag LOGOUT | |||
==compare two certifactes== | |||
Compare the use case for the certificate. | |||
sdiff <(openssl x509 -in server.crt -noout -issuer -subject -enddate -purpose) <(openssl x509 -in uc_activemq.crt -noout -issuer -subject -enddate -purpose)| less | |||
==create a csr== | |||
openssl req -new -sha256 -nodes -out www.halfface.se.csr -newkey rsa:2048 -keyout www.halfface.se.key -config <( | |||
cat <<-EOF | |||
[req] | |||
default_bits = 2048 | |||
prompt = no | |||
default_md = sha256 | |||
req_extensions = req_ext | |||
distinguished_name = dn | |||
[ dn ] | |||
O=Organisation: halfface | |||
C=SE | |||
ST=Stockholm | |||
L=Stockholm | |||
CN = www.halfface.se | |||
[ req_ext ] | |||
subjectAltName = @alt_names | |||
[ alt_names ] | |||
DNS.1 = halfface.se | |||
DNS.2 = ldap.halfface.se | |||
DNS.3 = mqtt.halfface.se | |||
EOF | |||
) | |||
==csr information== | |||
openssl req -noout -text -in file.csr | grep -vE ' [0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:' | |||
==look at content of private key== | |||
openssl rsa -in key.pem -text -noout | |||
==confirm that public private and csr match== | |||
# For your SSL certificate: | |||
CERT_PUBLIC=$(ls *.crt) | |||
echo $(openssl x509 -noout -modulus -in "${CERT_PUBLIC}" | openssl md5 | awk '{print $2}'),"${CERT_PUBLIC}",public cert. | |||
# For your RSA private key: | |||
CERT_PRIVATE=$(ls *.key) | |||
echo $(openssl rsa -noout -modulus -in "${CERT_PRIVATE}" | openssl md5 | awk '{print $2}'),"${CERT_PRIVATE}",private key | |||
# For your CSR: | |||
CERT_CSR=$(ls *.csr) | |||
echo $(openssl req -noout -modulus -in "${CERT_CSR}" | openssl md5 | awk '{print $2}'),"${CERT_CSR}",certificate signing request | |||
==connect with ca private and public key== | |||
openssl s_client -CAfile ca.pem -cert public.crt -key private.key -connect 10.12.118.184:1023 -tls1_2 | |||
==create a ca== | |||
===Create ca and certificates.=== | |||
# Create folder structure. | |||
mkdir /root/ca/ | |||
mkdir /root/ca/certs/ | |||
mkdir /root/ca/crl/ | |||
mkdir /root/ca/newcerts/ | |||
mkdir /root/ca/private/ | |||
mkdir /root/ca/requests/ | |||
touch /root/ca/index.txt | |||
echo 1000 > /root/ca/serial | |||
chmod 600 /root/ca | |||
# Create private key for the CA certificate. pass phrase: $(pwgen 15) | |||
cd /root/ca/ | |||
openssl genrsa -aes256 -out private/cakey.pem 4096 | |||
# Create a public certificate for the CA. | |||
openssl req -new -x509 -key /root/ca/private/cakey.pem -out cacert.pem -days 36525 | |||
Country Name (2 letter code) [AU]:SE | |||
State or Province Name (full name) [Some-State]:Stockholm | |||
Locality Name (eg, city) []:Stockholm | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company | |||
Organizational Unit Name (eg, section) []:Company | |||
Common Name (e.g. server FQDN or YOUR name) []:Certificate Authority | |||
Email Address []:anden@halfface.se | |||
# Copy system openssl.cnf to /root/ca dir. Then change dir in config. | |||
vim openssl.cnf | |||
[ CA_default ] | |||
dir = /root/ca # Where everything is kept | |||
===Create signed certificate keypair=== | |||
cd requests/ | |||
# Create csr | |||
openssl req -new -newkey rsa:2048 -nodes -keyout <client>.key -out <client>.csr -config ../openssl.cnf | |||
# Issue certificate for csr. | |||
openssl ca -in <client>.csr -out <client>.crt -config ../openssl.cnf -days 36525 | |||
==talk http via openssl== | |||
openssl s_client -crlf -quiet -connect www.halfface.se:443 <<EOF | |||
GET / HTTP/2.0 | |||
Host: www.halfface.se | |||
EOF | |||
==look at cert== | |||
openssl asn1parse -in rb-ca.crt.2021-02-28 | |||
==performance testing== | |||
openssl speed -evp aes-256-ecb | |||
==confirm that ca is correct== | |||
echo | openssl s_client -CAfile Sectigo_RSA_Domain_Validation_Secure_Server_CA.pem -no-CAfile -no-CApath -tls1_2 -connect 172.30.32.141:5044 2>&1 | grep Verification | |||
Verification: OK | |||
==openssl s_server== | |||
Setup server listening as http server. | |||
openssl s_server -status_verbose -HTTP -cert host.inter.net.crt -key host.inter.net.key | |||
Setup https server listening on https on port 4433 providing complete chain | |||
openssl s_server -status_verbose -HTTP -cert halfface.se.pem -cert_chain halfface.se.intermediate.pem -key halfface.se.key -accept 4433 | |||
==othername:<unsupported>== | |||
You will have to locate the "OCTET STRING" line just below the "OBJECT :X509v3 Subject Alternative Name" line then strpars | |||
# print section offset via | |||
openssl asn1parse -in yourcert.pem | |||
# parse otherName from "OCTET STRING" <offset> is the value in the beginning of the line. | |||
openssl asn1parse -in yourcert.pem -strparse <offset> | |||
Another way of seeing same data is through | |||
openssl asn1parse -in /tmp/tmp -dump -strictpem | |||
=create password string= | |||
openssl passwd -6 -salt $RANDOM $PASSWORD | |||
=pactl= | |||
Pulse Audio cli tool. | |||
List output devices. | |||
pactl list short sinks | |||
Set default output device | |||
pactl set-default-sink $i | |||
List where applications send output. | |||
pactl list short sink-inputs | |||
Move application to other output device. | |||
pactl move-sink-input $applicaiton $sink | |||
=pam= | |||
Troubleshooting pam. | |||
/etc/syslog.conf | /etc/syslog.conf | ||
# Get debugging data. | # Get debugging data. | ||
Line 1,181: | Line 2,121: | ||
login auth required pam_unix.so debug | login auth required pam_unix.so debug | ||
Debugging is found in /var/log/debug.log. | Debugging is found in /var/log/debug.log. | ||
=pam_tally2= | =pam_tally2= | ||
Configured here. | Configured here. | ||
Line 1,196: | Line 2,137: | ||
Compress logfiles in parallel. | Compress logfiles in parallel. | ||
parallel gzip ::: *.log | parallel gzip ::: *.log | ||
=partprobe= | |||
Rescan block device to setup device files | |||
partprobe /dev/sde | |||
=partx= | |||
partx /dev/sda -l ; partx /dev/sda -u ; partx /dev/sda -l | |||
=paste= | =paste= | ||
Combine to files to one in multiple column. Replace tab with spaces. | Combine to files to one in multiple column. Replace tab with spaces. | ||
paste /tmp/check_name_nagios /tmp/filename | column -t -s $'\t' | paste /tmp/check_name_nagios /tmp/filename | column -t -s $'\t' | ||
Combine every second line with a space in between. | |||
paste -d' ' - - | |||
=pcregrep= | =pcregrep= | ||
Multiline grep | Multiline grep | ||
pcregrep -M 'pattern: line1\nPattern lin2' /temp/files_* | pcregrep -M 'pattern: line1\nPattern lin2' /temp/files_* | ||
=pdftotext= | |||
grab text from pdf document. | |||
pdftotext document.pdf | |||
=pidof= | =pidof= | ||
Line 1,217: | Line 2,165: | ||
ping6 ff02::1%2 | cut -d\ -f4 | ping6 ff02::1%2 | cut -d\ -f4 | ||
Ping short output | Ping short output | ||
export ADDRESS=2001:4860:4860::8888 ; PING=$(ping6 -w1 -q -c1 -i10 ${ADDRESS} 2>&1) ; RTT=$( grep rtt <<<"${PING}" | awk -F/ '{print $6}') ; RECEIVED=$(grep received <<<"${PING}") ; echo $ADDRESS $RECEIVED, rtt=${RTT} | |||
Ping to discover mtu. 1460, 1450. When reply increase with 2. when found highest value increase with 28 to get mtu. | Ping to discover mtu. 1460, 1450. When reply increase with 2. when found highest value increase with 28 to get mtu. | ||
ping -M do -s 1472 123.45.56.78 | ping -M do -s 1472 123.45.56.78 | ||
=pip= | |||
==which versions of django exist== | |||
pip install pylibmc | |||
==which versions are installed== | |||
pip list | |||
==which files does pip package provide.== | |||
pip show -f $package | |||
==Uppgrade package.== | |||
pip install $package --upgrade | |||
==where your own packages might end up== | |||
/usr/local/lib/python3.9 | |||
/usr/lib/python2.7/site-packages/ | |||
==upgrade pip== | |||
ls -la /usr/lib64/libldap_r.so /usr/lib64/libldap.so | |||
==do not use cache== | |||
pip3 install -r requirements.txt --no-cache-dir | |||
=pgrep= | =pgrep= | ||
Line 1,230: | Line 2,196: | ||
=postfix= | =postfix= | ||
remove mails in queue. | remove mails in queue. | ||
mailq | mailq | grep ^[A-F0-9] | awk '{print $1}' | postsuper -d - | ||
list mails in queue | |||
mailq | grep "^[A-F0-9]" | |||
Get mails in better output to better decide what to do with mails. | |||
mailq | grep -v -- "-Queue ID-" | sed 's/^$/\x0/g' | tr -d '\n' | sed 's/\x0/\n/g' | |||
Remove stuck emails. | |||
postsuper -d ALL deferred | |||
List email | |||
postcat -q E55692442F | |||
Read mail | |||
postcat -vq [message-id] | |||
=pr= | |||
Print two files between each other. | |||
pr -w200 -m -t /tmp/1 /tmp/2 | |||
=printf= | |||
Convert octal to utf-8 | |||
printf '\360\237\222\200' | |||
decimal to integral | |||
printf "%.0f" <decimal> | |||
=printscreen= | =printscreen= | ||
import -window root test.png | import -window root test.png | ||
Gnome copy graphics to paste buffer. Copy selected portion of screen. | |||
gnome-screenshot -a | |||
=/proc= | =/proc= | ||
*/proc/meminfo | */proc/meminfo | ||
Line 1,288: | Line 2,271: | ||
=ps= | =ps= | ||
Process list in tree view. | ==Process list in tree view.== | ||
ps axfww | ps axfww | ||
Process sort by cpu usage. | ==Process sort by cpu usage.== | ||
ps auxwww --sort -%cpu | head | ps auxwww --sort -%cpu | head | ||
How long has process been running. | ==How long has process been running.== | ||
ps -p 1 -o etime= | ps -p 1 -o etime= | ||
Process list sorted after memory usage. | ==Process list sorted after memory usage.== | ||
ps aux --sort=size | ps aux --sort=size | ||
Process show memory usage... sort... | ==Process show memory usage... sort...== | ||
ps axo rss,%cpu,pid,euser,cmd | sort -nr | head -n 10 | less -ISRM | ps axo rss,%cpu,pid,euser,cmd | sort -nr | head -n 10 | less -ISRM | ||
Process sort by mem usage. | ==Process sort by mem usage.== | ||
ps auxwww --sort -rss | head | ps auxwww --sort -rss | head | ||
Processes sorted by time running. | ==Processes sorted by time running.== | ||
ps aux --sort -time | ps aux --sort -time | ||
Processes sorted by time started | ==Processes sorted by time started== | ||
ps -auxwww --sort=start_time | ps -auxwww --sort=start_time | ||
ps showing threads. | ==ps showing threads.== | ||
ps -efL | ps -efL | ||
==How long has process been running.== | |||
echo -n $(( ($(date +%s) - $( stat -c%X /proc/$(pgrep -f [a]ctivemq.jar))) / 3600 )) | |||
==ps long usernames== | |||
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm | |||
==ps including nice== | |||
ps -eo pid,user,ni,comm | |||
=pstack= | =pstack= | ||
Line 1,319: | Line 2,308: | ||
=putty= | =putty= | ||
Always setup stay alive. | |||
connection -> keepalive -> 60 | |||
set up tunnel | set up tunnel | ||
putty -load blt.homeip.net -l bjorklun -pw password -L 19242:192.168.0.42:3389 blt.homeip.net | putty -load blt.homeip.net -l bjorklun -pw password -L 19242:192.168.0.42:3389 blt.homeip.net | ||
putty without taking tty. | putty without taking tty. | ||
plink -load www.halfface.se -l user_name -pw password -R *:3389:localhost:3389 -2 -4 -N | plink -load www.halfface.se -l user_name -pw password -R *:3389:localhost:3389 -2 -4 -N | ||
reverse tunnel. Connect remote host 3400 to machine running putty localhost:3389. | |||
connection -> ssh -> tunnels -> "Source Port" = 3400 -> destination = localhost:3389 -> remote. | |||
socks server. | |||
connection -> ssh -> tunnels -> Source port: 3128 , Destination: localhost:3128, Dynamic:true -> add -> apply. | |||
=pv= | =pv= | ||
Line 1,328: | Line 2,323: | ||
pv | pv | ||
pv -cN | pv -cN | ||
make a dd and limit througput to 20MB/s. | |||
dd if=${HOST}.qcow2 bs=4k conv=noerror,sync | pv -L 20M | dd of=${HOST}.dd_noerror.qcow2 | |||
=pwgen= | |||
Create less complicated password. | |||
pwgen -sy 15 -r \'\"\^\(\)\`\~\;\[\]\{\}\, | |||
=qalculate= | |||
qalc | |||
> 40 euro to SEK | |||
40 * euro = approx. SEK 417.36 | |||
=readpst= | =readpst= | ||
output pst file in separate files in out directory | output pst file in separate files in out directory | ||
readpst -S -o out/ outlook.pst | readpst -S -o out/ outlook.pst | ||
=rename= | =reboot= | ||
Recursive lowercase to uppercase | Hard reboot mean that shutdown scripts will not run and machine reboot immediately without syncing hard disk drives, shutdown applications etc. | ||
for i in $(find * -depth); do (mv $i $(echo $i | sed 's%[^/][^/]*$%%')$(echo $i | sed 's!.*/!!' | tr [:upper:] [:lower:])); done | This commands enable sysrq and after this call fast reboot. | ||
echo 1 > /proc/sys/kernel/sysrq | |||
echo b > /proc/sysrq-trigger | |||
Force shutdown | |||
echo 1 > /proc/sys/kernel/sysrq | |||
echo o > /proc/sysrq-trigger | |||
Kernel panic | |||
echo c > /proc/sysrq-trigger | |||
=rename= | |||
Recursive lowercase to uppercase | |||
for i in $(find * -depth); do (mv $i $(echo $i | sed 's%[^/][^/]*$%%')$(echo $i | sed 's!.*/!!' | tr [:upper:] [:lower:])); done | |||
Upper to lower case | |||
for f in `find .`; do mv -v "$f" "`echo $f | tr '[A-Z]' '[a-z]'`"; done | |||
=reposync= | =reposync= | ||
reposync -n -c /etc/yum/yum.conf -p /repos/centos6 -d -r base -r updates -r extras -r centosplus -r contrib | reposync -n -c /etc/yum/yum.conf -p /repos/centos6 -d -r base -r updates -r extras -r centosplus -r contrib | ||
Line 1,345: | Line 2,365: | ||
halfface -> create repository | halfface -> create repository | ||
REPODIR=/install/system/linux/fedora/24/repo ; for REPO in $(cd $REPODIR; ls) ; do echo $REPO ; createrepo_c ${REPODIR}/${REPO} ;done | REPODIR=/install/system/linux/fedora/24/repo ; for REPO in $(cd $REPODIR; ls) ; do echo $REPO ; createrepo_c ${REPODIR}/${REPO} ;done | ||
=reptyr= | |||
= | Reparent a running program to a new terminal. (move tty) | ||
=rfcomm= | =rfcomm= | ||
Line 1,368: | Line 2,380: | ||
Update database | Update database | ||
sudo rkhunter --propupd | sudo rkhunter --propupd | ||
Search for what triggered alarm. | |||
sudo grep -E 'Warning|Suspicious' /var/log/rkhunter/rkhunter.log | |||
=dnf update rkhunter. Update dnf after rkhunter scan= | |||
tail -1 /etc/sysconfig/rkhunter | |||
sleep 300 && ( dnf -e 0 -y update ; rkhunter --propupd ) >> /tmp/dnf_update_rkhunter--propupd.$(date +%F_%H-%M-%S).log 2>&1 & | |||
=rotatelogs= | =rotatelogs= | ||
Line 1,382: | Line 2,400: | ||
/etc/sysconfig/network-scripts/route-eth1 | /etc/sysconfig/network-scripts/route-eth1 | ||
1.2.3.4/23 via 1.2.3.1 | 1.2.3.4/23 via 1.2.3.1 | ||
Drop packages to ip. | |||
route add -host 192.168.1.51 reject | |||
Remove reject rule. | |||
route del -host 192.168.1.51 reject | |||
Remove route | |||
route -n | |||
Kernel IP routing table | |||
Destination Gateway Genmask Flags Metric Ref Use Iface | |||
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 | |||
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 | |||
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 | |||
0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 eth0 | |||
route del -net 10.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 dev eth0 | |||
=rpm= | =rpm= | ||
install src.rpm | ==install src.rpm== | ||
rpmbuild --rebuild alien-6.51-1.src.rpm | rpmbuild --rebuild alien-6.51-1.src.rpm | ||
rpm -i /usr/src/redhat/RPMS/x86_64/alien-6.51-1.rpm | rpm -i /usr/src/redhat/RPMS/x86_64/alien-6.51-1.rpm | ||
List contents of rpm. | ==List contents of rpm.== | ||
rpm -qlp myfile.rpm | rpm -qlp myfile.rpm | ||
List information about non installed rpm. | ==Extract single file from rpm.== | ||
rpm2cpio package.rpm | cpio -idv ./search_path_to_file_from_listing_above.txt | |||
==List information about non installed rpm.== | |||
rpm -qip foo.rpm | rpm -qip foo.rpm | ||
Extract contents of rpm. | ==Extract contents of rpm.== | ||
rpm2cpio *.rpm | cpio -i --make-directories | rpm2cpio *.rpm | cpio -i --make-directories | ||
Which version of rpm is installed. | ==Which version of rpm is installed.== | ||
/etc/rpm/macros ~/.rpmmacros | /etc/rpm/macros ~/.rpmmacros | ||
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch} | %_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch} | ||
list architecture | ==list architecture== | ||
rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | ||
List only name of installed rpms. | ==List only name of installed rpms.== | ||
rpm -qa --qf "%{NAME}\n" | rpm -qa --qf "%{NAME}\n" | ||
Extract rpms in subdirectories. | ==Extract rpms in subdirectories.== | ||
for RPM in $(ls *|sed 's_\.rpm$__g');do echo $RPM; mkdir $RPM; rpm2cpio $RPM.rpm | (cd $RPM && cpio -i --make-directories);done | for RPM in $(ls *|sed 's_\.rpm$__g');do echo $RPM; mkdir $RPM; rpm2cpio $RPM.rpm | (cd $RPM && cpio -i --make-directories);done | ||
Verify content of rpm | ==Verify content of rpm== | ||
rpm -V package | rpm -V package | ||
# What does those cryptic letters mean from rpm -V: | # What does those cryptic letters mean from rpm -V: | ||
Line 1,413: | Line 2,446: | ||
G Group ownership differs | G Group ownership differs | ||
T mTime differs | T mTime differs | ||
Reinstall rpm | ==Reinstall rpm== | ||
rpm -iv --replacepkgs package.rpm | rpm -iv --replacepkgs package.rpm | ||
Dependencies of rpm | ==Dependencies of rpm== | ||
rpm -qpR { | rpm -qpR ${rpm} | ||
rpm -qR { | rpm -qR ${packagename} | ||
Rebuild rpm database. | rpm -qp mypackage.rpm --provides | ||
rpm -qp mypackage.rpm --requires | |||
==Rebuild rpm database.== | |||
\rm /var/lib/rpm/__db* | \rm /var/lib/rpm/__db* | ||
rpm --rebuilddb | rpm --rebuilddb | ||
Update minor release. | |||
==Update minor release.== | |||
yum --releasever=6.11 update sl-release | yum --releasever=6.11 update sl-release | ||
yum clean all | yum clean all | ||
yum update | yum update | ||
==Downgrade rpm.== | |||
rpm -Uvh --oldpackage /tmp/app.x86_64.rpm | |||
==Which rpm:s are required by rpm. Can be used to install rpm on machine without access to yum repo.== | |||
PKG=openssh-server ; yum install --downloadonly --installroot=/tmp/$PKG-installroot --releasever=7 --downloaddir=/tmp/$PKG $PKG | |||
==CVE:s fixed by rpm== | |||
rpm -qi --changelog openssh-server | grep -i CVE | |||
=rsync= | =rsync= | ||
Line 1,431: | Line 2,473: | ||
Syncronize files over ssh on port 2222. Show progress. Syncronize even empty directories. | Syncronize files over ssh on port 2222. Show progress. Syncronize even empty directories. | ||
rsync -Pae 'ssh -p 2222' localhost:/opt/techops/bin/ /opt/techops/bin/ | rsync -Pae 'ssh -p 2222' localhost:/opt/techops/bin/ /opt/techops/bin/ | ||
rsync with total progress bar. | |||
rsync -a --info=progress2 /dir1/ /dir2/ | |||
Run rsync in both ends but transfer data with normal user. | Run rsync in both ends but transfer data with normal user. | ||
sudo rsync -aP /tmp/andreas/ andreasbj@localhost:/tmp/andreas2/ --rsync-path='sudo rsync' | sudo rsync -aP /tmp/andreas/ andreasbj@localhost:/tmp/andreas2/ --rsync-path='sudo rsync' | ||
Line 1,448: | Line 2,492: | ||
rsync -P --ignore-existing /source/* /destination/ -n | rsync -P --ignore-existing /source/* /destination/ -n | ||
rsync excluding directories matching pattern. | rsync excluding directories matching pattern. | ||
SOURCE=/apps | SOURCE=/apps/IP400 ; DESTINATION=/apps/IP400.$(date '+%Y-%m-%d_%H-%M-%S') ; rsync -aP "${SOURCE}"/ "${DESTINATION}"/ --exclude-from=<(cd "${SOURCE}" ; find -type d -name log | sed -e 's|./||') | ||
Sync files partially. | |||
=sar= | rsync -avz --partial --inplace | ||
Old sar information. | which files differ between hosts. | ||
rsync -nrlptDqv --delete --exclude napsjb/server/naps/tmp/ /opt/ongame/ 10.6.21.11:/opt/ongame | less | |||
-n dry run. | |||
-r recursive | |||
-l copy symlinks av symlinks. | |||
-p preserve permission | |||
-t preserve tims. | |||
-D --device --special. Keep special files. | |||
-q quiet | |||
-v verbose | |||
=sar= | |||
Old sar information. | |||
sar -f /var/log/sa/sa25 -s 00:00:00 -e 23:59:00 | sar -f /var/log/sa/sa25 -s 00:00:00 -e 23:59:00 | ||
load average. | load average. | ||
Line 1,464: | Line 2,520: | ||
Run command under shell even if it does not exist. | Run command under shell even if it does not exist. | ||
script -q -f -c "commands or scripts to run" | script -q -f -c "commands or scripts to run" | ||
Run session under screen in script. | |||
screen -dm bash -c 'script --timing=script1.tm script1.out' | |||
Replay script recorded file | |||
scriptreplay --timing script1.tm --typescript script1.out | |||
=scp= | |||
Limit to 1.2MB/s. | |||
scp -l 10240 Rocky-8.5-x86_64-minimal.iso halfface.se:/temp/ | |||
=search&replace= | =search&replace= | ||
Line 1,475: | Line 2,538: | ||
Add rwx permission for user_name recursivly from /directory | Add rwx permission for user_name recursivly from /directory | ||
setfacl -Rm u:user_name:rwx /directory | setfacl -Rm u:user_name:rwx /directory | ||
Remove acl:s | |||
setfacl -bn foobar | |||
=setpriv= | |||
Dump your privileges. | |||
setpriv -d | |||
=shred= | =shred= | ||
Line 1,483: | Line 2,551: | ||
Pick random line in file. | Pick random line in file. | ||
shuf -n1 /file | shuf -n1 /file | ||
Get random number | |||
shuf -i 10-120 -n1 | |||
=sms= | =sms= | ||
Line 1,518: | Line 2,588: | ||
Create a tunnel between localhost 2222 to remote host 2222 | Create a tunnel between localhost 2222 to remote host 2222 | ||
socat TCP-LISTEN:2222,fork TCP:10.111.222.2:2222 | socat TCP-LISTEN:2222,fork TCP:10.111.222.2:2222 | ||
socat TCP-LISTEN:22,fork,bind=127.0.0.1 TCP:192.168.0.15:5900 | |||
socat TCP-LISTEN:2222,fork TCP:10.8.110.20:22,bind=172.19.14.251 | |||
Listen on 10.120.50.12:9090 and forward to 127.0.0.1:9090 | |||
socat TCP-LISTEN:9090,bind=10.120.50.12,fork TCP:127.0.0.1:9090 | |||
Create tunnel via systemctl | Create tunnel via systemctl | ||
Create file similar to this. /etc/systemd/system/socat_win.service | Create file similar to this. /etc/systemd/system/socat_win.service | ||
[Service] | [Service] | ||
ExecStart=/usr/bin/socat TCP-LISTEN:3389,fork TCP:192.168.122.204:3389 | ExecStart=/usr/bin/socat TCP-LISTEN:3389,fork TCP:192.168.122.204:3389 | ||
[Install] | |||
WantedBy=multi-user.target | |||
Enable new file. | Enable new file. | ||
systemctl daemon-reload | systemctl daemon-reload | ||
Line 1,552: | Line 2,628: | ||
recover db | recover db | ||
sqlite3 mydata.db ".dump" | sqlite3 new.db | sqlite3 mydata.db ".dump" | sqlite3 new.db | ||
sqlite3 stellar.db .recover | sqlite3 stellar_2.db | |||
Show databases | |||
sqlite> .databases | |||
main: /var/lib/tuptime/tuptime.db | |||
List tables | |||
sqlite> .tables | |||
tuptime | |||
Run sql command | |||
sqlite> select * from tuptime; | |||
1544984636|2387765.42|-1|0|0.0|Linux-4.19.8-200.fc28.x86_64-x86_64-with-fedora-28-Twenty_Eight | |||
exit|quit | |||
.quit | |||
==vacuum== | |||
/usr/local/openvpn_as/bin/sqlite3 /usr/local/openvpn_as/etc/db/log.db "VACUUM" | |||
==count tables== | |||
DB=files.db ; for TABLE in $( sqlite3 $DB ".tables") ; do echo -e $TABLE\\t$(sqlite3 $DB "SELECT COUNT(1) FROM $TABLE;") ; done | column_tab | |||
= | =ss= | ||
List all connections. | |||
ss -an | |||
List processes and which port they listen too. Grep process. | |||
ss -tulpn | grep 5405 | |||
=ssh= | =ssh= | ||
==ssh-keygen== | |||
Create key pair without input. | |||
<pre> | |||
KEYNAME=cluster-info-reporting ; ssh-keygen -q -t ed25519 -N '' -C $KEYNAME <<< $'\ny' >/dev/null 2>&1 -f /tmp/ssh-keygen-keypair-${KEYNAME}-$(date '+%Y-%m-%d_%H-%M-%S') | |||
</pre> | |||
Copy public key to authorized_keys | |||
==which private ssh keys are password protected== | |||
ls ${HOME}/.ssh/* | grep -Ev 'pub$|authorized_keys|config|known_hosts|ssh-agent.sock' | while read i ; do SSH_PASSWORD=$(ssh-keygen -y -P "" -f "$i" 2>&1 | grep "incorrect passphrase supplied to decrypt private key") ; if [ -z "${SSH_PASSWORD}" ] ; then echo No password encrypted ssh private key: $i ; fi ; done | |||
==Remove pass phrase== | |||
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | |||
==view fingerprint== | |||
ssh-keygen -l -E md5 -f /tmp/ssh-keygen.pub | |||
==Copy public key to authorized_keys== | |||
ssh-copy-id user@host | ssh-copy-id user@host | ||
List supported ciphers | List supported ciphers | ||
Line 1,596: | Line 2,676: | ||
List supported key exchange algorithms | List supported key exchange algorithms | ||
ssh -Q kex | ssh -Q kex | ||
List supported ciphers, macs and kexalgorithms. | |||
sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)" | |||
Run command each time you login via ssh. | |||
$HOME/.ssh/rc | |||
==Tunnel== | ==Tunnel== | ||
sudo ssh -nNTx -R 2222:localhost:22 andreasbj@www.halfface.se | sudo ssh -nNTx -R 2222:localhost:22 andreasbj@www.halfface.se | ||
Line 1,650: | Line 2,735: | ||
Accept all keys. | Accept all keys. | ||
-o StrictHostKeyChecking=no | -o StrictHostKeyChecking=no | ||
==ssh via proxy/squid== | |||
ssh -o 'ProxyCommand nc --proxy proxy.inter.net:3128 --proxy-type http %h %p' host.inter.net hostname | |||
ssh -o 'ProxyCommand nc -X connect -x proxy.inter.net:3128 %h %p' host.inter.net hostname | |||
==brow.sh== | |||
browser in terminal window. | |||
ssh brow.sh | |||
==jail== | ==jail== | ||
/etc/sshd/sshd_config | /etc/sshd/sshd_config | ||
Match group mychroot | |||
Match group mychroot | ChrootDirectory /jail/ | ||
ChrootDirectory /jail/ | X11Forwarding no | ||
X11Forwarding no | AllowTcpForwarding no | ||
AllowTcpForwarding no | |||
==sshd debug== | ==sshd debug== | ||
/etc/sysconfig/sshd | Start deamon once in debug mode and put output to your console. | ||
/etc/sysconfig/sshd | |||
OPTIONS="-ddd" | OPTIONS="-ddd" | ||
Kill of sshd which is listening for new connections. Start sshd with the following command. Debug level can bee changed. | |||
/usr/sbin/sshd -De -o LogLevel=DEBUG3 | |||
==ssh multiple jumps one cli== | ==ssh multiple jumps one cli== | ||
Jump through host1.net to get to host2.net | Jump through host1.net to get to host2.net | ||
Line 1,668: | Line 2,764: | ||
==ssh force password login== | ==ssh force password login== | ||
ssh -o StrictHostKeyChecking=no -o ControlPath=none -o ControlMaster=no -o PubkeyAuthentication=no user@host | ssh -o StrictHostKeyChecking=no -o ControlPath=none -o ControlMaster=no -o PubkeyAuthentication=no user@host | ||
==ssh via jumphost== | |||
ssh -J core@1.1.1.1 core@2.2.2.2 | |||
==socks== | |||
# Setup socks server exiting on remote host | |||
ssh -D '*:3128' halfface.se | |||
# Use socks setup above. | |||
curl --socks5 localhost:3128 https://ifconfig.me | |||
=sshfs mount filesystem over ssh= | =sshfs mount filesystem over ssh= | ||
sshfs name@server:/path/to/folder /path/to/mount/point | sshfs name@server:/path/to/folder /path/to/mount/point | ||
=sshpass= | |||
ssh with password provided on the command line. | |||
sshpass -p P@ssW0rd ssh -t -o ControlPath=none -o PreferredAuthentications=password -o PubkeyAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error user@localhost hostname | |||
=specify key= | |||
ssh -o "IdentitiesOnly=yes" -i <private key> | |||
=sshuttle= | =sshuttle= | ||
Line 1,679: | Line 2,787: | ||
View file permissions only. | View file permissions only. | ||
stat -c "%a %n" /usr/bin/bash | stat -c "%a %n" /usr/bin/bash | ||
Access - the last time the file was read | |||
Modify - the last time the file was modified (content has been modified) | |||
Change - the last time meta data of the file was changed (e.g. permissions) | |||
Copy permissions from one location to another. | Copy permissions from one location to another. | ||
rpm -qlp package.rpm | while read FILE ; do echo chmod $(stat -c "%a" $FILE) \"$FILE\";done > /tmp/copy_permissions.sh | rpm -qlp package.rpm | while read FILE ; do echo chmod $(stat -c "%a" $FILE) \"$FILE\";done > /tmp/copy_permissions.sh | ||
=strace= | =strace= | ||
File open activity. | ==File open activity.== | ||
strace -e open -f ls -la /temp/ | strace -e open -f ls -la /temp/ | ||
File open activity under directory. | ==File open activity under directory.== | ||
strace -e open -P /temp/ -f ls -la /temp/ | strace -e open -P /temp/ -f ls -la /temp/ | ||
More file activity. | ==More file activity.== | ||
strace -e trace=file -p 1234 | strace -e trace=file -p 1234 | ||
strace -e trace=desc -p 1234 | strace -e trace=desc -p 1234 | ||
Trace network activity. | ==Trace network activity.== | ||
sudo strace -f -e trace=network -p 1476 | sudo strace -f -e trace=network -p 1476 | ||
# 1024 long strings. | # 1024 long strings. | ||
Line 1,695: | Line 2,807: | ||
# strace follow process with matching regex. | # strace follow process with matching regex. | ||
strace -f -e poll,select,connect,recvfrom,sendto -p $(pgrep -f login-sync.xml) | strace -f -e poll,select,connect,recvfrom,sendto -p $(pgrep -f login-sync.xml) | ||
Memory usage | # trace nework activity | ||
strace -f -e trace=network -s 1000000 nc localhost 3333 | |||
==Memory usage== | |||
sudo strace -f -e trace=memory -p $(pgrep -f firefox) | sudo strace -f -e trace=memory -p $(pgrep -f firefox) | ||
What is taking time | ==What is taking time== | ||
[root@util01 abjorklund]# strace -f -c -p 9657 | [root@util01 abjorklund]# strace -f -c -p 9657 | ||
% time seconds usecs/call calls errors syscall | % time seconds usecs/call calls errors syscall | ||
Line 1,717: | Line 2,832: | ||
100.00 13.181295 17950 1786 total | 100.00 13.181295 17950 1786 total | ||
strace multiple processes | ==strace multiple processes== | ||
strace -s 1024 -f -o /tmp/strace $(pidof Process_name | sed 's/\([0-9]*\)/-p \1/g') | strace -s 1024 -f -o /tmp/strace $(pidof Process_name | sed 's/\([0-9]*\)/-p \1/g') | ||
strace to hex output. Convert to utf8. | ==strace to hex output. Convert to utf8.== | ||
strace -xx -f -o/tmp/strace -s0 echo bajskorv | strace -xx -f -o/tmp/strace -s0 echo bajskorv | ||
cat /tmp/strace | while read -r line; do printf "%b\n" "$line" ; done | cat /tmp/strace | while read -r line; do printf "%b\n" "$line" ; done | ||
=stty= | |||
List settings | |||
stty -a | |||
speed 38400 baud; rows 50; columns 200; line = 0; | |||
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; | |||
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts | |||
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany -imaxbel -iutf8 | |||
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 | |||
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc | |||
Set terminal properties. | |||
stty rows 50 cols 200 | |||
=sudo= | =sudo= | ||
Line 1,737: | Line 2,864: | ||
Replay session including stdin | Replay session including stdin | ||
sudo sudoreplay -m1 -s5 -f stdin,stdout,stderr,ttyin,ttyout 000001 | sudo sudoreplay -m1 -s5 -f stdin,stdout,stderr,ttyin,ttyout 000001 | ||
Which rules apply to user | |||
sudo -l -U username | |||
=swapon/swapof= | |||
Free swap | |||
(swapoff -a; swapon -a) & watch free -m | |||
=sysbench= | =sysbench= | ||
Line 1,761: | Line 2,894: | ||
net.ipv4.tcp_keepalive_probes = 3 | net.ipv4.tcp_keepalive_probes = 3 | ||
net.ipv4.tcp_keepalive_intvl = 10 | net.ipv4.tcp_keepalive_intvl = 10 | ||
Reload config files | |||
sysctl --system | |||
=systemctl= | =systemctl= | ||
init 3 | ==init 3== | ||
systemctl isolate runlevel3.target | |||
systemctl isolate multi-user.target | systemctl isolate multi-user.target | ||
systemctl set-default multi-user.target | systemctl set-default multi-user.target | ||
init 5 | |||
==init 5== | |||
systemctl isolate runlevel5.target | |||
systemctl isolate graphical.target | systemctl isolate graphical.target | ||
systemctl set-default graphical.target | systemctl set-default graphical.target | ||
When you have made changes to /etc/systemd/system/*.service | |||
==When you have made changes to /etc/systemd/system/*.service== | |||
systemctl daemon-reload | systemctl daemon-reload | ||
List all units | |||
==List all units== | |||
systemctl list-unit-files | systemctl list-unit-files | ||
=systemd-analyze= | ==List units with problems== | ||
What takes time at startup. | systemctl list-units --failed | ||
==create service== | |||
cd /etc/systemd/system ; vim $service.service ; systemctl daemon-reload | |||
[Unit] | |||
Description=Set laptop brightness | |||
After=multi-user.target | |||
[Service] | |||
Type=forking | |||
ExecStart=/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' | |||
LimitNOFILE=65535 | |||
LimitNPROC=65535 | |||
[Install] | |||
WantedBy=default.target | |||
==Add groups to processes started by services script== | |||
[Service] | |||
SupplementaryGroups=33 518 | |||
==takes a long time to login== | |||
systemctl daemon-reexec | |||
systemctl restart systemd-logind | |||
=strace process started by systemctl= | |||
strace -f -o /tmp/strace.log -s 2048 -p 1 & systemctl restart httpd.service | |||
=systemctl show puma= | |||
Show variables of service | |||
systemctl show puma | |||
=systemd-analyze= | |||
What takes time at startup. | |||
systemd-analyze plot > /tmp/systemd-analyze-plot.svg ; chrome /tmp/systemd-analyze-plot.svg | systemd-analyze plot > /tmp/systemd-analyze-plot.svg ; chrome /tmp/systemd-analyze-plot.svg | ||
=systemd-resolved= | |||
resolvectl status | |||
clear cache. | |||
sudo systemd-resolve --flush-caches | |||
Look at stats. | |||
systemd-resolve --statistics | |||
==restart daemon to apply settings== | |||
systemctl daemon-reload | |||
systemctl restart systemd-networkd | |||
systemctl restart systemd-resolved | |||
=systemctl show= | |||
will show all available properties | |||
systemctl show $service | |||
=tail= | =tail= | ||
Tail from line number 21. | Tail from line number 21. | ||
tail -n +21 /file | tail -n +21 /file | ||
= | =talk= | ||
Talks swedish. | Talks swedish. | ||
espeak -v swedish -f /tmp/file | espeak -v swedish -f /tmp/file | ||
Line 1,793: | Line 2,976: | ||
Backup dir but exclude files within | Backup dir but exclude files within | ||
tar zcf /tmp/backup_$(date '+%Y-%m-%d_%H-%M-%S').tar.gz /apps/app --exclude=/apps/app/var/* --exclude=/apps/app/logs/* | tar zcf /tmp/backup_$(date '+%Y-%m-%d_%H-%M-%S').tar.gz /apps/app --exclude=/apps/app/var/* --exclude=/apps/app/logs/* | ||
extract files remove 5 path element components. | |||
tar xf archive.tar --strip-components 5 | |||
extract to other directory. | |||
tar -xzf bar.tar.gz -C foo | |||
extract files excluding path. | |||
tar xf $file.tar.gz --transform='s/.*\///' | |||
=tcpdump= | =tcpdump= | ||
Line 1,824: | Line 3,013: | ||
Look at traffic from specific ip | Look at traffic from specific ip | ||
tcpdump -n -i any -n host 198.18.130.9 | tcpdump -n -i any -n host 198.18.130.9 | ||
Eavesdrop password | |||
tcpdump -i any -A -s0 port 8030 | grep Authorization: | |||
==flags== | |||
tcpdump -enni eth0 host 172.30.142.11 port 5432 | |||
F - FIN | |||
S - SYN | |||
R - RST | |||
P - PSH | |||
U - URG | |||
E - ECN Echo | |||
W - ECN Cwnd Reduced | |||
. - ACK only | |||
==get ftp username/password== | |||
sudo tcpdump -n -vvv -i any -A -f "port 21" | grep -i "user\|pass" | |||
=tcptraceroute= | =tcptraceroute= | ||
tcptraceroute -n -q 1 192.168.0.1 -p 22 | tcptraceroute -n -q 1 192.168.0.1 -p 22 | ||
=teamdctl= | |||
teamdctl team0 state view -v | |||
=tee= | |||
Feed tee with an unbuffered stream. | |||
sar -n DEV 2 | stdbuf -oL grep wlp0s20f3 | tee /temp/sar_-n_wlp0s20f3.$(date) | |||
=telnet= | |||
Look at world map. a - z zoom. | |||
telnet mapscii.me | |||
=testssl= | =testssl= | ||
test ssl certificate | test ssl certificate | ||
Line 1,839: | Line 3,051: | ||
/etc/xinetd.d/tftp | /etc/xinetd.d/tftp | ||
server_args = -c -s /var/lib/tftpboot | server_args = -c -s /var/lib/tftpboot | ||
=tibco= | =tibco= | ||
show permissions. | show permissions. | ||
Line 1,857: | Line 3,058: | ||
Grant user permission to view all | Grant user permission to view all | ||
grant admin user=surveillance view-all | grant admin user=surveillance view-all | ||
=tif= | |||
cli image viewer. | |||
tif $IMAGE.jpg | |||
=time= | =time= | ||
Time in a loop. | Time in a loop. | ||
Line 1,862: | Line 3,067: | ||
How long did a command take | How long did a command take | ||
TIME=$( { /usr/bin/time -f "%e" sleep 1.5 ;} 2>&1 ) ; echo $TIME | TIME=$( { /usr/bin/time -f "%e" sleep 1.5 ;} 2>&1 ) ; echo $TIME | ||
Built in time command. 3 decimals in seconds. | |||
TIMEFORMAT='%3R'; time ( sleep 61.22222 ) | |||
=timedatectl= | |||
Show info how clock is synced. | |||
timedatectl timesync-status | |||
Which time zones exist | |||
timedatectl list-timezones | egrep -o "America/N.*" | |||
Set timezone. | |||
timedatectl set-timezone "Asia/Kolkata" | |||
=timeout= | =timeout= | ||
Line 1,868: | Line 3,082: | ||
Run function under timeout | Run function under timeout | ||
export -f my_function ; timeout 1 bash -c 'my_function options' | export -f my_function ; timeout 1 bash -c 'my_function options' | ||
Run loop for some time then exit. | |||
timeout 172800 bash -c -- 'while true ; do echo $(TZ=UTC date "+%Y-%m-%d %H:%M:%S %Z") $(ping -w1 -q -c1 -i10 192.168.10.120 | grep received) ; sleep 1 ; done| tee /tmp/ping_192.168.10.120.log' | |||
=tnef= | =tnef= | ||
List content of winmail.dat. Remove options to extract to current dir. | List content of winmail.dat. Remove options to extract to current dir. | ||
tnef -t -f winmail.dat | tnef -t -f winmail.dat | ||
=toilet= | |||
Generate graphics text similar to banner. | |||
toilet -F gay -f mono12 "Some Funky Text" | |||
=tor= | |||
Select outgoing country. https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 | |||
Set country in: | |||
torrc | |||
One or several exit countries. | |||
ExitNodes {us} | |||
ExitNodes {kr},{ru},{sy},{cn} | |||
test exit node | |||
ifconfig.me | |||
=top(the command)= | |||
Top batch mode run one iteration | |||
top -bn1 | |||
Sort by memory usage | |||
for i in {1..10};do date; top -c -b -o +%MEM | head -n 17|tail -11;sleep 5;done | |||
Top used in openshift. | |||
top -bcn1 -w512 | less -ISRM | |||
=top derivates= | |||
apachetop | |||
dnstop | |||
iftop | |||
latencytop | |||
glances | |||
=touch= | =touch= | ||
Line 1,877: | Line 3,120: | ||
linux | linux | ||
touch -t 197102162324 * | touch -t 197102162324 * | ||
=tput= | =tput= | ||
No line wraps | No line wraps | ||
Line 1,892: | Line 3,136: | ||
translate capital to lower letter. | translate capital to lower letter. | ||
tr '[:upper:]' '[:lower:]' | tr '[:upper:]' '[:lower:]' | ||
null character to new line | |||
tr '\000' '\n' < /proc/3575/environ | |||
Remove unprintable characters. | |||
<pre> | |||
tr -dc '[[:print:]]' | |||
</pre> | |||
=trickle= | =trickle= | ||
Line 1,900: | Line 3,150: | ||
Limit wget to 64kbit upload and download. | Limit wget to 64kbit upload and download. | ||
trickle -d 64 -u 64 wget "https://www.halfface.se/file.txt" | trickle -d 64 -u 64 wget "https://www.halfface.se/file.txt" | ||
=ts= | |||
timestamp | |||
ls -la | ts '%F %H:%M:%S' | |||
=tune2fs= | =tune2fs(tunefs)= | ||
tune2fs -m 0 /dev/sdb1 | tune2fs -m 0 /dev/sdb1 | ||
=type= | |||
What kind of command do we use. builtin or some file? | |||
type ls | |||
=udevadm= | =udevadm= | ||
Monitor udev events. | Monitor udev events. | ||
udevadm monitor | udevadm monitor | ||
udevadm info --query=all --name=sda | |||
look at values for disk. Can be used to locate san source. | |||
=udr= | =udr= | ||
rsync over udp. | rsync over udp. | ||
udr -a 57621 -b 57631 rsync -rP host.inter.net:/source/ /destination/ | udr -a 57621 -b 57631 rsync -rP host.inter.net:/source/ /destination/ | ||
=ulimt= | |||
Look at current limits for logged in user. | |||
ulimit -a | |||
Look at limits for process with pid 12345. | |||
cat /proc/12345/limits | |||
=unalias= | |||
Unalias all aliases | |||
unalias -a | |||
=unhide= | |||
Find hidden ports. | |||
unhide -v proc | |||
=unetbootin= | =unetbootin= | ||
Line 1,916: | Line 3,187: | ||
# Powerstatus of the system. battery charge. | # Powerstatus of the system. battery charge. | ||
upower --dump | upower --dump | ||
=uptime= | |||
Uptime in seconds. | |||
awk -F . '{print $1}' /proc/uptime | |||
=urldecode/urlencode= | |||
Encode | |||
perl -pe's/([^-_.~A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg' | |||
jq -sRr @uri | |||
Decode | |||
perl -pe 's/%([0-9a-f]{2})/sprintf("%s", pack("H2",$1))/eig' | |||
jq -r @uri | |||
=useradd= | =useradd= | ||
Line 1,938: | Line 3,220: | ||
v4l2-ctl --verbose --set-ctrl=focus_auto=0 | v4l2-ctl --verbose --set-ctrl=focus_auto=0 | ||
v4l2-ctl --verbose --set-ctrl=focus_absolute=0 | v4l2-ctl --verbose --set-ctrl=focus_absolute=0 | ||
=version of linux= | |||
cat /etc/os-release | |||
=vi= | =vi= | ||
Line 1,943: | Line 3,227: | ||
:set list show all keys. | :set list show all keys. | ||
:set nolist show their representative. | :set nolist show their representative. | ||
=wipefs= | |||
Wipe removes information about file system without removing actual data. | |||
wipefs -a /dev/sdc | |||
=vmstat= | =vmstat= | ||
top over time. | top over time. | ||
Line 1,969: | Line 3,257: | ||
2 1 814984 167992 26820 999460 0 0 1 0 2467 5088 2 2 95 1 0 | 2 1 814984 167992 26820 999460 0 0 1 0 2467 5088 2 2 95 1 0 | ||
0 0 814984 168100 26820 999540 0 0 2 150 2467 5026 1 2 97 0 0 | 0 0 814984 168100 26820 999540 0 0 2 150 2467 5026 1 2 97 0 0 | ||
=w3m(elinks)= | |||
curl -s https://google.com | w3m -T text/html -dump | |||
=wget= | =wget= | ||
wget -r -nH -np --cut-dirs=1 --no-check-certificate -U Mozilla --user={uname} --password={pwd} https://my-host/my-webdav-dir/my-dir-in-webdav | wget -r -nH -np --cut-dirs=1 --no-check-certificate -U Mozilla --user={uname} --password={pwd} https://my-host/my-webdav-dir/my-dir-in-webdav | ||
wget to standard output. | wget to standard output. | ||
wget --no-check-certificate -S -O- http://inter.net | wget --no-check-certificate -S -O- http://inter.net | ||
Special heather | |||
wget 'http://halfface.se' --header='Cookie: has_js=1' | |||
Mirror | |||
wget 'https://halfface.se/test' -r -l 3 --convert-links -o log --html-extension | |||
=whois= | =whois= | ||
Line 1,979: | Line 3,274: | ||
# which ipranges does an ipaddress belong too. In this case looking at google. | # which ipranges does an ipaddress belong too. In this case looking at google. | ||
whois -h whois.radb.net -- "-i origin $(whois -s -h whois.radb.net 172.217.26.68 | grep ^origin | awk '{print $2}' | tail -1)" | grep ^route | awk '{print $2}' | whois -h whois.radb.net -- "-i origin $(whois -s -h whois.radb.net 172.217.26.68 | grep ^origin | awk '{print $2}' | tail -1)" | grep ^route | awk '{print $2}' | ||
# Who to find address range for site. | |||
host www.facebook.com | |||
whois 157.240.194.35 | grep CIDR | |||
=wireshark= | =wireshark= | ||
Line 1,984: | Line 3,282: | ||
packet details | packet details | ||
string | string | ||
==ssl decryption== | |||
export SSLKEYLOGFILE=/tmp/sslkeylog ; curl -sv -d "blablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablabla" https://www.halfface.se | |||
wireshark. Edit - Preferences - Protocols - TLS - (Pre) -master-Secret log file. | |||
==tshark== | |||
cli version | |||
tshark -V -r $dump.pcap | |||
=wlr-randr= | |||
Change dpi in wayland. | |||
wlr-randr --output eDP-1 --scale 2 | |||
=wodim= | =wodim= | ||
Line 1,992: | Line 3,299: | ||
wodim -tao speed=0 dev=/dev/sr0 -v -data /temp/files/ # Burn disk containing structure from /temp/files/ | wodim -tao speed=0 dev=/dev/sr0 -v -data /temp/files/ # Burn disk containing structure from /temp/files/ | ||
wodim -eject -tao speed=0 dev=/dev/scd0 -v -data /my/directory/image.iso # Burn image to disc. | wodim -eject -tao speed=0 dev=/dev/scd0 -v -data /my/directory/image.iso # Burn image to disc. | ||
=write= | |||
Send message to someone via tty. | |||
who | grep user | |||
write message end with CTRL + d | |||
write abjorklund pts/2 | |||
=xargs= | =xargs= | ||
locate case insensetive, regular expression. xargs string to replace imput. Print output to standard error. | locate case insensetive, regular expression. xargs string to replace imput. Print output to standard error. | ||
Line 1,997: | Line 3,310: | ||
Do something on everything from standard input. | Do something on everything from standard input. | ||
ls -la | xargs -i% echo '# beginning #' % '# end of line #' | ls -la | xargs -i% echo '# beginning #' % '# end of line #' | ||
split several lines into groups. | |||
for i in {00..99} ; do echo $i, ; done | xargs -L 20 | |||
=xdotool= | =xdotool= | ||
When you have to move your mouse but you dont want to push it. | When you have to move your mouse but you dont want to push it. | ||
Line 2,003: | Line 3,319: | ||
Send ab to window. | Send ab to window. | ||
xdotool search --onlyvisible --name freerdp key a key b | xdotool search --onlyvisible --name freerdp key a key b | ||
=xfs= | |||
xfs_repair -L /dev/mapper/vg00-root | |||
=xinput= | =xinput= | ||
Line 2,012: | Line 3,330: | ||
xinput set-prop "Logitech Unifying Device. Wireless PID:400e" "Evdev Middle Button Emulation" 1 | xinput set-prop "Logitech Unifying Device. Wireless PID:400e" "Evdev Middle Button Emulation" 1 | ||
xinput set-prop 12 "libinput Middle Emulation Enabled" 1 | xinput set-prop 12 "libinput Middle Emulation Enabled" 1 | ||
=xkill= | |||
Kill xorg process with id 0xb6ffa0 | |||
xkill -id 0xb6ffa0 | |||
List x applictions | |||
xwininfo | |||
Get recursive list of x applications. | |||
xwininfo -root -tree | |||
=xmllint= | =xmllint= | ||
prettify xml | prettify xml | ||
Line 2,019: | Line 3,345: | ||
Disable screen saver | Disable screen saver | ||
xset -dpms ; xset s noblank ;xset s off | xset -dpms ; xset s noblank ;xset s off | ||
Disable repeat | |||
xset r off | |||
Enable repeat | |||
xset r on | |||
=xxd= | |||
Hex to binary | |||
xxd -r -p hex.txt output.bin | |||
Hex to binary in pipe | |||
echo "$HEX" | xxd -r -p - | |||
=yq= | |||
Download and make executable. | |||
sudo curl -skL https://github.com/mikefarah/yq/releases/download/v4.32.2/yq_linux_amd64 -o /usr/local/bin/yq ; sudo chmod 755 /usr/local/bin/yq | |||
Select specific values. | |||
oc get mcp worker -o yaml | yq '.spec.configuration.source.[].name' | |||
Delete specific values. | |||
oc get catalogsources -n openshift-marketplace -o yaml | yq 'del(.items.[].status)' | |||
Convert json to yaml. | |||
yq -p json -o yaml | |||
Convert yaml to json | |||
yq -o=json cm_result.yaml | |||
Get packages from ansible playbook. | |||
yq '.[] | select(.name == "Install packages.") | ."ansible.builtin.dnf".name[]' ~/git/halfface_ansible/roles/toolbox/tasks/main.yml | xargs | |||
=yum= | |||
download src rpm | |||
yumdownloader --source net-snmp | |||
Reinstall default repos. | |||
yum reinstall yum-conf-sl6x-1-2 | |||
This will give you a directory with all rpm:s that are required to install rpm. | |||
PKG=openssh-server ; yum install --downloadonly --installroot=/tmp/$PKG-installroot --releasever=6 --downloaddir=/tmp/$PKG $PKG | |||
==broken repos== | |||
yum install bareos-client --disablerepo=* --enablerepo=bareos | |||
==search for different versions== | |||
yum --showduplicates search percona-xtrabackup | |||
==Add repos to centos 6== | |||
curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo | |||
curl https://www.getpagespeed.com/files/centos6-epel-eol.repo --output /etc/yum.repos.d/epel.repo | |||
==fix yum in Centos 7, 8== | |||
sed -i 's%^enabled=.%enabled=0%' /etc/yum/pluginconf.d/subscription-manager.conf | |||
sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/* | |||
sed -i 's%^#baseurl=http://mirror.centos.org%baseurl=http://vault.centos.org%g' /etc/yum.repos.d/* | |||
=zip= | =zip= | ||
Line 2,025: | Line 3,395: | ||
List contents of zip archive. | List contents of zip archive. | ||
unzip -l archive.zip | unzip -l archive.zip | ||
Unzip single file | |||
unzip file.zip file/you/want/to/extract/the_file.txt | |||
unzip excluding path. | |||
unzip -j file.zip | |||
=zdump= | =zdump= | ||
View information from timezone tz. | View information from timezone tz. | ||
zdump -v /etc/localtime | zdump -v /etc/localtime | ||
Change timezone on host | |||
ln -sfT ../usr/share/zoneinfo/Europe/Stockholm localtime | |||
=zfs= | |||
==Get sync== | |||
zfs get sync datapool/netstorage/dog/prod | |||
NAME PROPERTY VALUE SOURCE | |||
datapool/netstorage/dog/prod sync standard default | |||
==set sync== | |||
zfs set sync=disabled datapool/netstorage/dog/prod | |||
==List snapshots(can take time)== | |||
zfs list -t snapshot | |||
==List snapshots for one mount point.== | |||
zfs list -r -t snapshot -o name,creation datapool/netstorage/bro/prod | |||
==Displays the detailed health status== | |||
zpool status | |||
==List datasets== | |||
zfs list | |||
==Create dataset== | |||
zfs create datapool/netstorage/media | |||
==zdb== | |||
display zpool debugging and consistency information | |||
zdb -d dataset | |||
==zpool list== | |||
Lists the given pools along with a health status and space usage. | |||
==iostat== | |||
Get iostat with values since last second. | |||
zpool iostat are -y 1 -l | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Unix]] | [[Category:Unix]] | ||
[[Category:Commands]] | [[Category:Commands]] |
Latest revision as of 12:46, 13 November 2024
7za
decompress file
7za e myfiles.7z
ab
apache benchmarking
ab -n 50 https://www.halfface.se/photos/ ab -n 1000 -c 10 https://www.halfface.se/wiki/index.php/Halfface
abcde
Rip cd.
abcde
adb android
# install adb dnf install android-tools # enable debug. On phone. Settings. about phone. build version. Click until prompted. Enable debug via selector. # Connect phone via usb. # List phones. adb devices # Get shell on phone. adb shell # list installed packages. pm list packages -f adb shell pm list packages -f | grep game # Uninstall adb shell pm uninstall -k --user 0 com.samsung.android.game.gos adb shell pm uninstall -k --user 0 com.samsung.android.game.gametools
agrep
Aproximate grep. 3 differences from andreas
agrep -3 andreas /var/log/messages
alacritty(Terminal emulator hw accellerated)
Terminal copy mode.
CTRL + SHIFT + SPACE
alternatives
alternatives --set mta /usr/sbin/sendmail.postfix sudo alternatives --config java
antiword
antiword bad.doc > pure.txt
arecord
List soundcards.
arecord -l
Chose source.
alsamixer
Create mp3 from source.
arecord -f cd -d 5 -t raw | lame -x -r - out.mp3
arp-scan
Scan ip addresses on local subnet
arp-scan --localnet | sort -n -k4 -t. | grep ^[0-9]
at
Run command at specific time. Look at queue.
echo '/usr/bin/espeak -s120 "I will say this only once."' | at -t $(date +%Y%m%d%H%M --date="+2 min") atq
List at jobs.
atq ; atq | awk '{print $1}' | while read i ; do echo '***' $i ; at -c $i 2>&1 | tail -3 | head -1 ; done 2 Sun May 17 04:00:00 2020 a root *** 2 /usr/bin/systemctl restart springboot_uc_supportrouter.service
authselect
Redhat command to manage connection to underlying services and features.
# To change content of nsswitch.conf do to your used profile. vim /usr/share/authselect/default/local/nsswitch.conf authselect select local --force
base64
base64 -d /tmp/html | elinks --dump | less -ISRM
No wrapping
base64 --wrap=0 base64 -w 0
bbk_cli_...
Bredbandskollen via cli.
bbk_cli_linux_amd64-1.0
bc
Simplify using bercerly calculator
calc(){ echo -e "scale=8\n${@}\nquit\n" | bc ; }
To the power of(upphöjt i)
2^10 = 1024
scientific (aka exponential) notation
echo 1.6945991213315015e+09 | sed -E 's/([+-]?[0-9.]+)[eE]\+?(-?)([0-9]+)/(\1*10^\2\3)/g' | bc
bitwarden
# Install bw. curl -L -o /tmp/bw.zip 'https://vault.bitwarden.com/download/?app=cli&platform=linux' ; (cd /usr/local/bin ; sudo unzip -o /tmp/bw.zip) # Remove bitwarden config. unset BW_CLIENTID BW_CLIENTSECRET BW_SESSION \rm -r /home/abjorklund/.config/Bitwarden* # Set bitwarden server. bw config server https://halfface.se/vaultwarden/ # api login bw login --apikey # sso login. When web server opens write "Binero SSO" bw login # Unlock bw unlock # Sync from server. bw sync # List items. bw list items | jq -r '.[].name' # get totp bw_halfface get totp ginatricot_user # get login info. bw get item bareos-webui | jq .login
blkid
Get uuid of disk.
blkid /dev/sdb1 /dev/sdb1: UUID="64cd54f7-5330-425d-81e5-a0e473a5f5e7" TYPE="ext4" PARTLABEL="primary" PARTUUID="21f38e48-af2d-4fdd-854a-5910f392a6e0"
bonnie++
Report performance on disk. benchmark
bonnie++ -u 0:0
On machine running out of disk
sudo bonnie++ -d ./ -s 400 -r 200 -u root
Example command.
bonnie++ -d /storage/temp/ -s 32G -n 0 -m TEST -f -b -u abjorklund
boot
Booting singe user mode.
kernel ... single
bootchart
Analyze startup times.
bootgraph
How to use.
Kernel later than 2.6.28 kernel option initcall_debug dmesg | /usr/src/linux-headers-2.6.28-11-generic/scripts/bootgraph.pl > /tmp/bootgraph.svg
bpftrace
run code at each system call
#!/usr/bin/bpftrace interval:s:5 { exit(); } kprobe:do_sys_open { printf("%s %s\n", comm, str(arg1)); }
busctl
busctl may be used to introspect and monitor the D-Bus bus.
bzip2
Extract keep original
bzip2 -dk /compressed_file.bz2 and extract standard out via tar.
Extract bunzip2 file and extract via tar from standard out.
bzip2 -c /compressed_file.bz2 | tar -xivf -
cdrecord
Blank cd/dvd rw
cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=all -force
chage
List password properties of user
chage -l abjorklund
Unlimited login
chage -I -1 -m 0 -M 99999 -E -1 sftponly
chattr/lsattr
Set extendet attributes of files.
# Lock file for most activities. chattr +i file # Unlock file chattr -i file # recursive lsattr looking for imutable. lsattr -aR -- .//. 2>/dev/null | sed -rn '/i.+\.\/\/\./s/\.\/\///p'
chmod
Sticky bit on directory. Only owners of files are able to delete.
chmod 1755 /file. -rwxr-xr-t
GUID on file. binaries started will have the group set to the defined group.
chmod 2755 /file -rwxr-sr-x
SUID on file.
chmod 4755 /file -rwsr-xr-x
Remover permissions for others
chmod o-rwx
chntpw
# Change windows passwords offline mkdir /mnt/disk ; mount /dev/sd1 /mnt/disk; cd /mnt/disk/Windows/System32/config # List local users. chntpw -l SAM # clear password on user. chntpw -u Administrator SAM
chrony
# setup time sync via ntp. /etc/chrony.conf # look at status chronyc tracking # List ntp sources. chronyc sources .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current synced, '+' = combined , '-' = not combined, | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== #? PHC0 0 3 0 19d +41ns[ +349ns] +/- 104ns
Force syncronize
sudo chronyc -a 'burst 4/4'
Make a big step. Did not work for me.
chronyc -a makestep
Verify clock
chronyd -q 'server pool.ntp.org iburst'
chvt
From a script change to a virtual interface and connect script to that terminal. chvt 3 exec < /dev/tty3 > /dev/tty3
cacafire
View some fire in ascii.
clean
Clean file from comments and blank lines.
sed '/ *#/d; /^ *$/d'
codepage
Change codepage of file.
convmv -f cp850 -t iso-8859-1 --notest * convmv -f utf8 -t iso8859-1 -r --notest * convmv -f iso8859-1 -t en_US.UTF-8 -r --notest .
Change codepage of file.
iconv --from-code=ISO-8859-15 --to-code=UTF-8 document.csv > document_iconv.csv
column
Create nice column. Use tab as delimiter.
column -t -s $'\t' /file.tsv
compgen
List all commands
compgen -A function -abck
convert
Convert Image to 8 bit grey with threshold for white.
for tif in *.tif; do convert -depth 8 -white-threshold 70% ${tif} ${tif%%.*}.png;done
Resize image
convert -resize 25% -gamma 1.5 2011-08-03_11-09-43.jpg 2011-08-03_11-09-43_new.jpg
Multipage pdf.
convert -adjoin -page A4 -compress jpeg Infineon1.tif Infineon2.tif Infineon.pdf pdfunite RegionUppsala01.pdf RegionUppsala02.pdf RegionUppsala03.pdf RegionUppsala04.pdf RegionUppsala.pdf
Prepare photos for printing.
convert -rotate 90 -gamma 1.5 -resize 25% -compress jpeg -quality 80 -adjoin -page A4 * print.pdf
Resize change aspect.
convert Slide1.PNG -resize 1920x1080\! slide01.png
animated gif
convert -delay 100 -loop 0 *.jpg animation.gif
Create multipage pdf of photos.
convert -resize 25% -adjoin -page A4 -rotate 90 -compress jpeg *.jpg test.pdf ; pdfjam test.pdf --no-landscape --frame true --nup 2x2 --suffix 4up --outfile /temp/photos/Alva/test_2x2.pdf
For vertical stacking (top to bottom):
convert -append 1.jpg 2.jpg out.jpg
For horizontal stacking (left to right):
convert +append 1.jpg 2.jpg out.jpg
Remove transparancy
convert image.png -background white -flatten image.jpg
cpio
Copy wanted partitions.
#!/bin/bash ssh root@192.168.2.148 "(cd /boot/ ; find ./ -xdev -depth -print0 | cpio -o -0Hnewc )" | (cd /mnt/sysimage/boot ; cpio -idvuma ) ssh root@192.168.2.148 "(cd / ; find ./ -xdev -depth -print0 | cpio -o -0Hnewc)" | (cd /mnt/sysimage ; cpio -idvuma ) # -o copy out mode. # -0 terminated by null character. # -Hnewc som storing format. # -i extract copy in mode. # -d make directories. # -v verbose. # -V print dot. # -u replace all files. # -m preserve modification time. # -a preserve access time.
cpulimit
Limit application cpu usage to 25% cpu utilization. Inherit limit to spawned processes.
cpulimit -i -l 25 /apps
crontab/cron
crontab.
* * * * * command to be executed - - - - - | | | | | | | | | +----- day of week (0 - 6) (Sunday=0) | | | +------- month (1 - 12) | | +--------- day of month (1 - 31) | +----------- hour (0 - 23) +------------- min (0 - 59) 0 Sunday 1 Monday 2 Tuesday 3 Wednesday 4 Thursday 5 Friday 6 Saturday @reboot "run command at reboot" If you need % in crontab escape it. \%
Run command every 10 minutes.
*/10 * * * * command
Run command at 12:00 and 24:00 hours.
00 0,12 * * * command
Run command between 8-17 every 2 hours.
0 8-17/2 * * * /path/command 0 8,10,12,14,16 * * * /path/command
Start program under crontab.
#!/bin/bash COMMAND="screen -L -d -m ping www.dn.se" if [ "$(ps -ef | grep -i ping | grep -v grep)" ] then echo "\"${COMMAND}\" already running." else echo "Starting \"${COMMAND}\"." cd /tmp ${COMMAND} fi
crudini
Edit ini files och cli.
crudini --set /lib/systemd/system/icinga2.service Service Nice -10 ; systemctl daemon-reload ; systemctl restart icinga2.service
cut
Cuf everything from field 5.
cut -f5- -d ' '
curl
Get http return code.
curl --connect-timeout 3 --max-time 9 -ksL -w '%{http_code}\n' 'http://www.dn.se' -o /dev/null
get external ip. what is my ip
curl ifconfig.me
curl ifconfig.me/all
Alternative address for domain.
curl -sk --resolve www.halfface.se:80:127.0.0.1 http://www.halfface.se curl http://127.0.0.1/ -H "Host: halfface.se" -H "X-Forwarded-Proto: https" -I
Get header / mime type
curl -I http://url.se
post file
curl -X POST -d @myfilename http://user:pass@myhost/hudson/job/_jobName_/postBuildResult
post file via ftp using proxy
curl -p --proxy http://proxy.example.se:3128 -v -T backup.tar ftp://user:password@ftp.example.se/directory/
cookie format. tab delimited.
domain - The domain that created AND that can read the variable. .halfface.se flag - A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for domain. path - The path within the domain that the variable is valid for. secure - A TRUE/FALSE value indicating if a secure connection with the domain is needed to access the variable. expiration - The UNIX time that the variable will expire on. UNIX time is defined as the number of seconds since Jan 1, 1970 0:00:00 GMT. name - The name of the variable. value - The value of the variable.
add certificate authority to openssl
Redhat based os:es this file gets updated. /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
cp /tmp/ca.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust
Debian based
cp /tmp/ca.crt /usr/share/ca-certificates/extra update-ca-certificates
Debian 2
cp foo.crt /usr/local/share/ca-certificates/foo.crt update-ca-certificates
curl ipv6
curl -6 -g "http://[::1]:80/" curl -g "http://[2001:9b1:402d:0:ffff:f038:ec3e:b5d4]/"
proxy
curl --proxy http://proxy.se:3128 -sk "http://mirrorlist.centos.org"
no_proxy
export https_proxy=http://proxy.se:3128 ; export http_proxy=$https_proxy ; export HTTPS_PROXY=$https_proxy ; export HTTP_PROXY=$https_proxy ; export no_proxy=localhost,127.0.0.1,.inter.net,$(echo 10.217.{4..5}.{1..254}, 10.217.5.255) ; export NO_PROXY=$no_proxy
time spent
-w "time_namelookup: %{time_namelookup}, time_connect: %{time_connect}, time_appconnect: %{time_appconnect}, time_pretransfer: %{time_pretransfer}, time_redirect: %{time_redirect}, time_starttransfer: %{time_starttransfer}, time_total: %{time_total}\n"
Is it a free day?
curl -sk https://sholiday.faboul.se/dagar/v2.1/2023 | jq -r '.dagar[] |select(."arbetsfri dag"=="Ja")|.datum'
qr code
encode
qrencode "Andreas" -o /tmp/qr_Andreas.png
decode
zbarimg /tmp/qr_Andreas.png
date
Get date in requested format.
date '+%Y-%m-%d %H:%M' date +%Y-%m-%d-%H%M date "+%F_%T" # 2017-01-16_19:41:41
date 033121422003.55
Mon Mar 31 21:42:55 PST 2003 date MMDDhhmmCCYY.ss
Whats the date in 1000 years. Or any other increment.
date --date="+1000 years" +%C%y-%m-%d date --date="-2 hour" +%C%y-%m-%d\ %H:%M TZ=CEST date --date="-2 hour" +%C%y-%m-%d\ %H:%M
What is the time in other timezone given in unixtime/epoch.
TZ=GMT date -d '@1345064585' Wed Aug 15 21:03:05 GMT 2012
Unix time.
date +%s
Unix to normal
date -d @1234567890
scew clock by a second.
DATE_OFF=$(date --date="-5 second" +%C%y-%m-%d\ %H:%M:%S\ %Z) ; date --set="${DATE_OFF}"
Set clock
date '+%Y-%m-%d %T %Z' -s "2008-11-28 08:08:08 UTC"
dateseq
Create date sequense.
dateseq 2017-04-01 2017-04-05
db2
Empty catalog remove node
for DB2 in $(db2 list node directory | grep "Node name" | awk '{print $4}') ; do db2 uncatalog node $DB2;done
Empty catalog remove db
for DB2 in $(db2 list db directory | grep "Database name" | awk '{print $4}') ; do db2 uncatalog db $DB2;done
- Load db2 environment.
. /home/db2/sqllib/db2profile
- Connect to database.
db2 connect to ${database_name} user ${user} using ${password}
- Test query.
SELECT service_level, fixpack_num, bld_level FROM TABLE (sysproc.env_get_inst_info()) as A;
- System Database Directory
db2 list db directory
- Node Directory
db2 list node directory
- setup directory
db2 "catalog tcpip node db2datan remote 1.2.3.4 server 5000" db2 "catalog db db2datadb as db2datadb at node db2datan"
- Drop connection.
db2 terminate
dbus-monitor
dbus-monitor # Monitor activity on the dbus to see what system and sessions are doing.
dd
output your microphone to a remote computer's speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
Add 2GB to disk image.
dd if=/dev/zero of=/system_image.img bs=1M oflag=append conv=notrunc count=2000
dd with progress bar.
dd if=kali.iso of=/dev/sdc status=progress pv -ptre /install/backup/machine/raspberry/ipcenter_view.img | sudo dd of=/dev/mmcblk0 bs=1M
dd to position on disk
dd of=/dev/disk1 if=/dev/urandom obs=500000 seek=1 bs=1MB count=1 conv=notrunc
consume 100GB ram
mount -o remount,size=300G /dev/shm dd if=/dev/zero of=/dev/shm/$(date '+%Y-%m-%d_%H-%M-%S') bs=1073741824 count=100 status=progress
debugfs
ctime: Shows file change time. atime: Shows file access time. mtime: Shows file modification time. crtime: Shows file creation time. Birth.
Example
debugfs -R 'stat /etc/exports.bkp-2021-11-17_10-07-46' /dev/mapper/vg_rbnetstorage0-lv_root debugfs 1.41.12 (17-May-2010) Inode: 924905 Type: regular Mode: 0644 Flags: 0x80000 Generation: 2068409071 Version: 0x00000000:00000001 User: 0 Group: 0 Size: 4775 File ACL: 0 Directory ACL: 0 Links: 1 Blockcount: 16 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x6194c662:deae4368 -- Wed Nov 17 10:07:46 2021 atime: 0x6193bd7f:c4faf658 -- Tue Nov 16 15:17:35 2021 mtime: 0x61925419:34c06f18 -- Mon Nov 15 13:35:37 2021 crtime: 0x6194c662:deae4368 -- Wed Nov 17 10:07:46 2021 Size of extra inode fields: 28 Extended attributes stored in inode body: selinux = "unconfined_u:object_r:etc_t:s0\000" (31) EXTENTS: (0-1): 3718194-3718195
df
df output one per line. Without header.
df -Plk / /apps | tail -n+2
dhclient
[root@wall sysconfig]# cat /etc/dhclient.conf
interface "eth0" { prepend domain-name-servers 127.0.0.1; supersede domain-name "bltprojektering.se"; }
dialog
Create dialog in terminal. Example a progressbar.
for i in {0..100} ; do echo $i | dialog --gauge "Please wait" 7 70 1 ; sleep .1 ; done
diff
sdiff <(echo -e 'hej\nda\nvi\nses\ni\nmorgon') <(echo -e 'hej\ndå\nvi\nSES\ni\nmorgon')
Only show files that differ.
-q --brief
Only show change between files.
diff -u file1.txt file2.txt | grep -vE '^(---|\+\+\+|@@|\+|-)'
dig
Get all dns information about host.
dig any www.halfface.se
Trace dns lookups from root dns. Use 8.8.8.8 for lookups.
dig +trace @8.8.8.8 www.halfface.se
Recursive lookup.
dig -tAXFR halfface.se
backward resolve
dig -x 89.253.75.84
get ttl
dig +nocmd +multiline +noall +answer any halfface.se
Get external ip.
dig +short myip.opendns.com @resolver1.opendns.com
Get txt record.
dig google.com txt
You can find the authoritative servers by asking for the NS records for a domain
dig example.com NS
dig using alternative port
dig +short -p 5353 halfface.se @10.130.0.35
digitemp
digitemp_DS9097 -c /etc/.digitemprc -t0
disk
disk usage
baobab
foremost
recover deleted files.
disown
Disconnect process(pid) so that is survives a logout.
disown %2
display
Change resolution
xrandr --output LVDS --mode 1280x800 xrandr --output default --mode 1280x1024
Query graphics card capabilities.
xrandr -q
Change dpi
xrandr --dpi 138/eDP1
du
du -amx / | sort -n | tail -5
duplicity
Encrypted backups over rsync
dmesg
dmesg with iso time format
dmesg --ctime --time-format iso
Write to dmesg
echo "$USER $(date '+%Y-%m-%d %H:%M:%S %Z')" | sudo tee /dev/kmsg
dmidecode
List memory banks
sudo dmidecode -t 17
dnf
install skip if not exist
sudo dnf install --setopt=strict=0 $(sort -u /temp/other_machine_rpm)
update system
dnf -y upgrade --refresh reboot dnf -y install dnf-plugin-system-upgrade dnf -y system-upgrade download --refresh --allowerasing --releasever=41 dnf -y system-upgrade reboot # broken deps. dnf repoquery --unsatisfied # look for duplicates dnf repoquery --duplicated # which rpms do not exit in repo. dnf list extras # remove no longer used. dnf autoremove dnf remove $(rpm -qa| grep \.fc23) # reinstall rpm dnf reinstall sssd-common
auto update
# Install auto updates. dnf install dnf-automatic # Enable auto update. sed -i "s/apply_updates = no/apply_updates = yes/g;s/email_from = root@example.com/email_from = root@${HOSTNAME}/g;s/email_to = root/email_to = anden@halfface.se/g" /etc/dnf/automatic.conf # Enable timer. systemctl enable dnf-automatic.timer && systemctl start dnf-automatic.timer # Trigger timer. systemctl start dnf-automatic.timer # Check status of dnf-automatic: systemctl list-timers *dnf-*
build environment
dnf group install "C Development Tools and Libraries"
update to specific version
View available version.
dnf --showduplicates list gitlab-ee
Update to specific version
dnf install gitlab-ee-13.12.15-ee.0.el8
dnsmasq
cat /etc/dnsmasq.d/shish.conf
listen-address=127.0.0.1 bind-interfaces server=/url.se/185.53.164.25 server=/url2.se/172.30.32.100 server=/url3.se/172.30.32.100 server=/url4.se/172.30.32.100 server=10.111.222.2
dvgrab
Capture dv material
dvgrab -f dv2 -i -showstatus -s 0 -timestamp California-2
e2fsck
Scan for bad blocks.
e2fsck -ycv /dev/VolGroup00/LogVol00
edid/ddc
startx -- -logverbose 5. The EDID information turns up in /var/log/Xorg.0.log.
enca
detect and convert encoding of text files. (codepage utf)
enca -L none /temp/locale2
esmtp
Has replaced sendmail on later linux installations
# Put the following config in either /etc/esmtprc or more specific ~/.esmtprc. chmod 644. hostname = <url>:25 # Set the Mail Delivery Agent (MDA) mda = "/usr/bin/procmail -d %T"
etckeeper
Keep your /etc/ directory under git revision control.
What has happened.
git log -p /etc/resolv.conf
Wipe /etc/.git
etckeeper uninit etckeeper init
ethtool
show-features
ethtool -k <device> generic-segmentation-offload = gso tcp-segmentation-offload = tso ...
Enable wake on lan magic package.
ethtool --change <interface> wol g
Permanently add wol
find /sys/class/net -type l -not -lname '*virtual*' -printf '%f\n' | while read i ; do INTERFACE_INFO=$(ip address show $i) ; MAC=$(grep link/ether <<< "${INTERFACE_INFO}" | awk '{print $2}') ; echo "# /etc/systemd/network/50-wired.link [Match] MACAddress=$MAC [Link] NamePolicy=kernel database onboard slot path MACAddressPolicy=persistent WakeOnLan=magic" ; done
exiftool
Change meta data for files, exif, jpg, mp3... Get info from file.
exiftool $file.mp4
gps format
41°24'12.2"N 2°10'26.5"E
gps format known to maps.google.com
exiftool -c "%.6f" 2022-03-06_10-39-40.mp4 | grep -i gps
exportfs
Install server
dnf install nfs-utils
Start nfs server
systemctl enable nfs-server --now
Reexport everything.
exportfs -avr
Example export.
*(rw,no_root_squash,async,insecure) rw rewritable no_root_squash Allow root on remote machine same permissions as local root async insecure NFS version 2 and 3 servers only provide (insecure) host-based authentication: Hosts are allowed/denied based on hostnames and/or IP addresses. Authorization of users is controlled on the clients using the permissions of the files based on user/group IDs. allows clients with NFS implementations that don't use a reserved port for NFS
fdupes
Find duplicate files.
fdupes -r /home
feh
Image viewer
ffmpeg
ffmpeg
ffmpeg -y -deinterlace -aspect 16:9 -author "Andreas Bjorklund" -title "Tanzania" -year 2007 -i Tanzania.m2t -acodec mp3 -vcodec mpeg4 -b 3000k -s 720x540 test.avi
Create swf/flv from mpeg2 stream
ffmpeg -deinterlace -i VTS_01_1.VOB -ab 56 -ar 22050 -b 500000 -r 15 -s 360x288 sisyfos.swf
Create horse movie.
ffmpeg -deinterlace -i /temp/VTS_01_1.VOB -ab 100 -ar 22050 -b 1200000 -r 25 -s 360x288 3horses.swf
Cut video from command prompt.
ffmpeg -i video.avi -vcodec copy -acodec copy -ss 00:00:00 -t 00:00:04 trimmed_video.avi
Record desktop.
ffmpeg -f alsa -ac 2 -i pulse -f x11grab -r 5 -s 1920x1080 -i :0.0 -acodec pcm_s16le -vcodec libx264 -threads 0 -y output.mkv ffmpeg -f x11grab -s $(xrandr | grep \*+|awk '{print $1}') -r 25 -i :0.0 -sameq /tmp/out.mpg
Change container.
ffmpeg -i film.mov -vcodec copy -acodec copy film.mp4
Transcode to h264 aac
ffmpeg -i original.avi -vcodec libx264 -acodec aac -strict experimental new_file.mp4
Transcode mp3 to ogg vorbis
for file in *.mp3; do ffmpeg -i "${file}" -acodec libvorbis "${file/%mp3/ogg}";done
Take one photo from video stream.
ffmpeg -ss 00:00:01 -i <video input> -frames:v 1 -q:v 2 <photo created>
Take photo
ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -f image2 snapshot.jpg ls /dev/video* | while read i ; do echo $i ; ffmpeg -f video4linux2 -i $i -vframes 1 -q:v 2 /tmp/${i//\//%}.$(date +%F_%H-%M-%S).jpg ; done ; ls -la /tmp/%*
Take a photo from a video steam every 10 seconds.
ffmpeg -i video.mp4 -r 0.1 -f image2 %03dandreas.jpg
Take a photo every 1 put it in a file.
ffmpeg -y -i http://balcony.halfface.se:8080 -r 1 -f image2 -update 1 stream_image.jpg -probesize 5e+07
Rotate 180 degrees.
ffmpeg -i input.mp4 -filter:v "transpose=1,transpose=1" output.mp4
Change rotation without transcoding.
ffmpeg -i IMG_0703.MOV -metadata:s:v rotate="" -codec copy rotate_IMG_0703.MOV
Concaternate videos.
ffmpeg -f concat -safe 0 -i mylist.txt -c copy output
find
Find exluding directory.
find . -wholename '/var/' -prune -o -ls
Find in only files.
find /opt/ongame/ -type f -exec grep --color=always -r '10\.7\.' /dev/null {} \;
Find text file in directoy execpt directory. Grep for text in that file and show it with colours in less.
find /opt/ongame/ -wholename '/opt/ongame/napsjb/server/naps/tmp' -prune -o -type f -exec grep --color=always -r '/fraud' /dev/null {} \; | less -SR
Find excluding several directories.
find / -type d \( -path /proc -o -path /dev -o -path /net \) -prune -o -gid 1002 -exec chgrp -h 1001 {} \;
Find excluding svn.
find . -path '*/.svn' -prune -o -type f -print
Searches for files modified up to 4 days ago.
find ./ -type f -mtime -4
Searches for files modified between certain dates. Here for files older than 30 days but younger than 60 (penultimate month).
find ./ -type f -mtime -60 ! -mtime -30 sudo find . -newermt "2014-10-19 09:30" ! -newermt "2014-10-19 09:35"
Find which dir is consuming inodes.
find /var -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n for i in $(ls) ; do echo $(find $i | wc -l) $i ; done | sort -n
How much data is consumed by pattern.
export NFS_DIR=/netstorage/cam/ocp-01 ; find ${NFS_DIR} -maxdepth 1 | grep ^${NFS_DIR}/archived- | while read NFS_DIR_REMOVE ; do du -sk "${NFS_DIR_REMOVE}" ; done | awk '{ SUM += $1} END { print SUM "KiB" }' | numfmt --from=auto --to=iec-i --suffix=B
findmnt
view the mount tree
findmnt
flash
When firefox is complaining about outdated flash plugin
rm pluginreg.dat
flatpack
Enable repo.
sudo flatpak remote-modify --enable flathub
Install spofify.
flatpak install flathub com.spotify.Client
List installed applications.
flatpak list
flock
used to use cript that only used 1 time concurrently.
flock
fmt
Join lines
ifconfig -a | fmt -w 300
fold
Fold long lines. Break at 80 and blank spaces.
fold -w 80 -s text.txt
forward traffic
service x11 { disable = no socket_type = stream protocol = tcp wait = no user = root server = /usr/bin/nc server_args = 172.28.37.152 6000 }
fping
fping --timeout=10 --elapsed --netdata <fqdn>
Example of testing connectivity.
for i in $(grep -E 'ocp-[0-9]{2}-' /etc/hosts | awk '{print $2}') ; do echo -e "$(fping --timeout=10 --elapsed $i)\t$(nc -v -w1 $i 22 </dev/null 2>&1 | strings | xargs)" ; done | column -t -s $'\t'
free
You have 15956MB physical ram. 9033MB is used by applications. 6922MB is free.
free -m total used free shared buffers cached Mem: 15956 15755 200 0 300 6421 -/+ buffers/cache: 9033 6922 Swap: 19998 2405 17593
free new
Total memory 8076624k and 5169152 free.
total used free shared buff/cache available Mem: 8076624 2536328 1069132 284152 4471164 5169152 Swap: 7815164 2809244 5005920
Free memory usage from /proc/zoneinfo and /proc/meminfo
awk -v low=$(grep low /proc/zoneinfo | awk '{k+=$2}END{print k}') '{a[$1]=$2} END{print a["MemFree:"]+a["Active(file):"]+a["Inactive(file):"]+a["SReclaimable:"]-(12*low);}' /proc/meminfo 5168456
physical memory
Show physical memory in machine. Consider points below.
grep MemTotal /proc/meminfo
meminfo:
Provides information about distribution and utilisation of memory. This varies by architecture and compile options...
MemTotal:
Total usable ram (i.e. physical ram minus a few reserved bits and the kernel binary code)
Gives more information not really sure how.
dmesg|grep Memory:
List memory modules
dmidecode -t memory lshw -class memory
fstab
Use ram for some logfiles.
none /var/log/ tmpfs defauls,noatime,size=10% 0 0 none /tmp/ tmpfs defauls,noatime,size=10% 0 0 none /var/tmp/ tmpfs defauls,noatime,size=10% 0 0 none /var/spool/ tmpfs defauls,noatime,size=10% 0 0
fswebcam
Capture photo.
fswebcam -r 1920x1080 --jpeg 85 -D 1 --quiet --no-banner shot.jpg fswebcam -d /dev/video0 -i 0 -r 2592x1944 -p YUYV /net/10.111.222.1/storage/temp/logitech.jpg
fwupdmgr
fwupdmgr get-devices --show-all-devices fwupdmgr get-upgrades fwupdmgr update $device_id
genisoimage
genisoimage -o nuc.iso nuc
gnome-font-viewer
view fonts
gnome-font-viewer /file.woff2
gnome-monitor-config
Set one monitor. Disable all others.
gnome-monitor-config set -LpM HDMI-2
Get monitor settings
WINDOWS + p
govc
Install
curl -L -o - "https://github.com/vmware/govmomi/releases/latest/download/govc_$(uname -s)_$(uname -m).tar.gz" | sudo tar -C /usr/local/bin -xvzf - govc
Enable login
export GOVC_URL=https://vcenter.halfface.se export GOVC_USERNAME=administrator@vsphere.local; export GOVC_PASSWORD=<password> export GOVC_INSECURE=true
govc Completion
. <(curl -sk https://raw.githubusercontent.com/vmware/govmomi/main/scripts/govc_bash_completion)
List resources
govc ls
View console
govc vm.console -capture - <output from ls> | display
open console
Download and install VMware-Remote-Console-12.0.5-22744838.x86_64.bundle
sudo mkdir -p /etc/vmware/hostd/ echo '<?xml version="1.0" ?> <metadata> </metadata>' | sudo tee /etc/vmware/hostd/proxy.xml vmrc $(govc vm.console /site/vm/bla/bla) &
List roles.
govc role.ls
who has specified role
govc role.usage
list privileges
govc role.ls -json Admin | jq -r '.privilege[]'
Add missing permission to role.
govc role.update -a openshift-vcenter-level openshift-vcenter-level
List all permission for matching role
govc role.ls | sort | grep openshift | awk '{print $1}' | while read i ; do echo '*' $i ; govc role.ls $i ; done | less
List info about vm
govc vm.info /RGK/vm/costest-ph9l4/costest-ph9l4-master-0 govc vm.info -json /<cluster>/vm/<folder>/<vm>
Turn on or off.
govc vm.power -on /<cluster>/vm/<folder>/<vm> govc vm.power -off /<cluster>/vm/<folder>/<vm> govc vm.power -off -force /<cluster>/vm/<folder>/<vm>
reboot/reset
govc vm.power -reset=true /<cluster>/vm/<folder>/<vm>
Change memory on vm.
govc vm.change -vm /<cluster>/vm/<folder>/<vm> -m 20480
Change number of cpu:s
govc vm.change -vm /<cluster>/vm/<folder>/<vm> -c 10
Set attribute
govc vm.change -e="disk.EnableUUID=1" -vm='VM Path'
List datastore
govc ls /<company>/datastore/IPO-01-vsanDatastore
List datastore to find file Iso
govc datastore.ls -ds=IPO-01-vsanDatastore -R -a -l -p
List directories
govc datastore.ls -ds /company/datastore/IX-STO1-01-vsanDatastore . | grep -v '[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}' | sort
Find network
govc ls /company/network | grep 172.19.14. /company/network/dpg-1914-172.19.14.0
List devices
govc device.ls -vm=/<cluster>/vm/<folder>/<vm>-00001-odf-0
datastore.upload
govc datastore.upload -ds=IPO-01-vsanDatastore boot.3.iso 0b0a8061-420f-77bd-367b-e43d1a863890/boot.3.iso
datastore.rm
govc datastore.rm -ds=IPO-01-vsanDatastore 0b0a8061-420f-77bd-367b-e43d1a863890/boot.3.iso
Eject cdrom
govc device.cdrom.eject -vm <vm>
Insert cdrom
govc device.cdrom.insert -vm <vm> images/boot.iso
View events from vm
govc events /<cluster>/vm/<folder>/<vm> | less
List logs
List logs from vsphere.
govc logs.ls
List logs from all hostsystems.
govc find . -type h | awk -F / '{print $NF}'| while read HOST ; do echo '*' $HOST ; govc logs.ls -host $HOST ; done
extend disk
Find disk to extend
govc device.ls -vm /path/to/your/vm
Extend disk
govc vm.disk.change -vm /path/to/your/vm -disk.label "Hard disk 1" -size 100G govc vm.disk.change -vm control-plane-1 -disk.name disk-1000-0 -size 100G
gpg
Password encryption decryption with gnupg.
gpg -c --force-mdc /temp/shadow echo "$(gpg -qd /temp/shadow.gpg)"
create keys
gpg --full-generate-key
list secret keys
gpg --list-secret-keys --keyid-format LONG
delete secret keys
gpg --delete-secret-key liza
list public keys
gpg --list-public-keys --keyid-format LONG
export public key
gpg --armor --export 3AA5C34371567BD2
export private key
gpg --armor --export-secret-keys 3AA5C34371567BD2
export secret subkey
gpg --armor --export-secret-subkeys 3AA5C34371567BD2
import keys
gpg --import pub.key gpg --import sec.key gpg --import sub.key
add trust to private key
gpg --edit-key 6252FC9A029A2669 trust quit # 5 y
edit gpg key
gpg --edit-key 6252FC9A029A2669
send gpg key
gpg --send-key 6252FC9A029A2669
delete public key
gpg --delete-key "User Name"
change trust level on all keys
gpg --list-keys --fingerprint |grep pub -A 1|egrep -Ev "pub|--"|tr -d ' ' | awk 'BEGIN { FS = "\n" } ; { print $1":6:" } ' | gpg --import-ownertrust
get info about gpg encrypted file
gpg --list-packets crypto-text.pgp
list keys in gpg file
gpg --list-packets crypto-text.pgp # | grep keyid
get public key from command above
gpg --recv-keys 754817487F42735A
encrypt file
gpg --encrypt --recipient user1@inter.net --recipient user2@inter.net --recipient user3@inter.net file.txt
decrypt gpg file
gpg --decrypt vpn-0ea602e33ab9c49fd.txt.gpg
who has encrypted file
gpg --pinentry-mode cancel --list-packets file.gpg
remove expired public keys
for i in $(gpg --list-public-keys --keyid-format LONG 2>&1 | grep -A1 -B1 expired | grep -Ev '^$|^pub|^uid') ; do gpg --delete-key $i ; done
gphoto2
Capture photo from the command line linux.
gphoto2 --camera='Canon EOS 40D (PTP mode)' --port=usb: --capture-image-and-download
graphviz
Create graph.
dot -Tps /flow -o /tmp/flow.ps
grep
Colorize grep output.
grep --color=always -r '10\.7\.' /opt/ongame/
Show non comment lines ending with a blank.
find . -name '*.properties' -exec grep --color=always -E '^[^#].*\ $' {} \; | less -SR
grep ipaddress from message file.
sudo grep DHCP /var/log/messages | grep -oir --color=always '192\.168\.[0-9]*\.[0-9]*' | sort -u grep -E '([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))'
grep ipaddress from file
grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
grep for tab
grep 10.199.2.1$'\t' /etc/hosts
grep from word containing regex space separated.
grep -oE '\S*regex\S*' /file
When grep start to complain about file being binary run the following command to define where.
grep -Pa '\x00' /temp/file_name
Remove binary part of file.
sed -i 's/\x00//g' /temp/file_name
Grep email addresses.
grep -E -o "\b[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z0-9.-]+\b" filename.txt
Grep for exact string like \
grep -F \\ blabla.json
grepcidr
grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
growpart
growpart /dev/vda 5 btrfs filesystem resize max /
gsettings
Emulate 3 button mouse
gsettings set org.gnome.settings-daemon.peripherals.mouse middle-button-enabled true
Blinking cursor disable
gsettings set org.gnome.Terminal.Legacy.Profile:/org/gnome/terminal/legacy/profiles:/:$(gsettings get org.gnome.Terminal.ProfilesList default|tr -d \')/ cursor-blink-mode off
List settings
gsettings list-recursively
gsync
Install gsync
git clone https://github.com/iwonbigbro/gsync.git cd gsync/ sudo python setup.py install
Download data.
gsync -u -r -t -v --progress --delete -l -s drive://motion/ /temp/motion2/
gzip
Compress a stream.
find . | gzip -9 > /tmp/file_list.gz
gscan2pdf
Scan and ocr pdf dokuments
Handbrake
Compress dvd
- Rip dvd.
sudo vobcopy -o /storage/temp/ -v -x -l
- compress video.
HandBrakeCLI -e x264 -Z Normal -i source.vob -o destination.mkv -a 2 -r 25 -E faac -f mkv -d -S 600 --crop 0:0:0:0
- Create film for android.
HandBrakeCLI -i 01.Alla.Vi.Barn.I.Bullerbyn.1986.SWEDiSH.vob -o 01.Alla.Vi.Barn.I.Bullerbyn.1986.SWEDiSH.mp4 -x level=30:bframes=0:cabac=0:ref=1:vbv-maxrate=1500:vbv-bufsize=2000:analyse=all:me=umh:no-fast-pskip=1 -e x264 --vb 300 -E faac --ab 128 --maxWidth 320 -2 -T -d
- Compress.
SOURCE=/ssd/temp ; DESTINATION=/temp ; for FILM in $(cd ${SOURCE}; ls *.mov | sed 's/\.mov$//g'); do HandBrakeCLI -e x264 -q 20 -B 160 -i ${SOURCE}/${FILM}.mov -o ${DESTINATION}/${FILM}.mp4 ;done
- High profile
HandBrakeCLI -i DVD -o ~/Movies/movie.mp4 -e x264 -q 20.0 -a 1 -E faac -B 160 -6 dpl2 -R Auto -D 0.0 -f mp4 --strict-anamorphic -m -x ref=2:bframes=2:subme=6:mixed-refs=0:weightb=0:8x8dct=0:trellis=0
hashid
Identify hash strings.
hashid
heif-convert
heif-convert image.HEIC new-image.jpg
hostnamectl
hostnamectl set-hostname rocky_8_1
htmldoc
Convert html document to pdf
htmldoc --webpage -f php_html_doc.pdf /home/andreasbj/php_manual_en.html 2>/tmp/htmldoc
hunspell
hunspell -d sv_SE swedish.txt
hydra
Password checking.
hydra -l root -P /etc/passwdknown -t 5 192.168.29.62 ssh2
ifconfig
Configure network.
ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up
ip address alias
ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0
Network configuration Full config.
echo -e "options timeout:1 attempts:1 domain halfface.se nameserver 84.246.88.10 nameserver 84.246.88.20" > /etc/resolv.conf ifconfig eth0 89.253.75.84 netmask 255.255.255.224 up route add default gw 89.253.75.65 eth0
Vip on loopback /etc/sysconfig/network-scripts/ifcfg-lo:ipdbm
DEVICE=lo:ipdbm IPADDR=192.168.122.2 NETMASK=255.255.255.255 NETWORK=192.168.122.0 ONBOOT=yes
Setting up multiple addresses. ifcfg-eth0-range0
TYPE=Ethernet IPADDR_START=192.168.122.3 IPADDR_END=192.168.122.15
ifcfg-eth0
DEVICE=eth0 BOOTPROTO=static ONBOOT=yes TYPE=Ethernet IPADDR=10.111.222.2 NETMASK=255.255.255.0 GATEWAY=10.111.222.1 DNS1=10.111.222.253 DNS2=10.111.222.254 DOMAIN="halfface.se subdomain.halfface.se"
imv
Image viewer for wayland
imv . -f -s full
ilo
log in to ilo
env -u LANG ssh -v Ongame@10.1.1.94
restart ilo
reset map1
start system
start system1
install
Crete directory
install -d --mode=755 --owner=user --group=group /apps/IP/IPim/var/log
Create empty file
install -o 0664 -o user -g group /dev/null ${ALFRESCO_DIR}/logs/catalina.out
inotifywathc
Se what access /dev/random
inotifywatch -v -t 60 /dev/random
inxi
inventory report.
inxi -Frmxx
iostat
iostat -xtc 5 -x extended statistics. -t print time for each report. -c display the cpu utalization report. -y Omit first report with statistics since the system boot
iostat -xty 5 1 dm-3
Linux 2.6.32-573.7.1.el6.x86_64 (machine.se) 12/30/2021 _x86_64_ (12 CPU) 12/30/2021 11:47:42 AM avg-cpu: %user %nice %system %iowait %steal %idle 0.12 0.00 2.01 4.23 0.00 93.65 Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util dm-3 0.00 0.00 5806.20 0.00 1485056.00 0.00 255.77 1.54 0.27 0.17 97.44
# Explained. rrqm/s The number of read requests merged per second that were queued to the device. wrqm/s The number of write requests merged per second that were queued to the device. r/s The number of read requests that were issued to the device per second. w/s The number of write requests that were issued to the device per second. rsec/s The number of sectors read from the device per second. wsec/s The number of sectors written to the device per second. avgrq-sz The average size (in sectors) of the requests that were issued to the device. avgqu-sz The average queue length of the requests that were issued to the device. await The average time (in milliseconds) for I/O requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them. svctm The average service time (in milliseconds) for I/O requests that were issued to the device. Warning! Do not trust this field any more. This field will be removed in a future sysstat version. %util Percentage of elapsed time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%.
iotop
iotop with dates for output to logfile.
DATE=$(date '+%Y-%m-%d %H:%M:%S %Z') ; sudo iotop -kbon1 | head -2 | while read i ; do echo $DATE $i ; done
ip
Add vlan 23
ip link add link eno1 name eno1.23 type vlan id 23
View vlan protocol
ip -d link show eno1.23
Configure vlan
ip addr add 10.151.23.101/24 brd 10.151.23.255 dev eno1.23 ip link set dev eno1.23 up
create default route
ip route add default via 192.168.1.254
show routing
ip route show
more info
ip route show table all
Add static route
ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
Remove static route.
ip route del 10.10.20.0/24
which outgoing interfaces are available.
ip r l| awk '/src/{print $9}'
Which route is used for ip.
ip route get 192.168.122.252
route subnet over interface.
sudo ip route add 145.251.242.0/24 dev tun0
Show ipaddress on interface tun0
ip address show tun0
vlan tag interface.
ip link add link eth0 name eth0.8 type vlan id 8
set ip on interface.
ip addr add 192.168.50.5 dev eth1 ip addr add 192.168.50.5/24 dev eth1
set secondary ip on interface
ip addr add 192.168.1.2/24 dev eth0
remove ip address.
ip addr del 192.168.50.5/24 dev eth1
enable interface
ip link set eth1 up
disable interface
ip link set eth1 down
list arp entries.
ip neigh show
local routing table
ip route list table local
rule base routing. List rules
ip rule show
show multicast networks
ip maddr show
Disable traffic to an ipaddress.
ip route add blackhole 10.151.19.151
dynamic/random mac wifi disable
MAC=$(ip link show | grep link/ | grep -v 00:00:00:00:00:00 | awk '{print $2}') ; nmcli -f TYPE,NAME connection show | grep ^wifi | sed 's/^wifi *//g' | while read i ; do echo '*' $i ; nmcli connection modify "${i}" 802-11-wireless.cloned-mac-address $MAC ; done
ipcalc
ipcalc -n 192.121.85.96/27 -m
iperf
start server on client A.
iperf -s
start measure from the other host. Limit bandwidth to 10k.
iperf -c 10.20.30.40 --bandwidth 10K
Multicast test.
On the listener side: # iperf -s -u -B 224.1.1.1 -i 1 On sender % iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1
ipmitool
What is the power consumtion of dell server.
ipmitool -I lanplus -H 127.0.0.1 -U root -P calvin delloem powermonitor ipmitool lan print ipmitool sdr list
iptables
Show iptables OUTPUT, PREROUTING and POSTROUTING
iptables --table nat --list --exact --verbose --numeric --line-number
Show config
iptables -L -t nat -n
Dnat to localhost.
iptables -t nat -I PREROUTING --source 131.115.115.53 -p tcp --dport 22 -j REDIRECT --to-ports 222 iptables -t nat -I OUTPUT --source 131.115.115.53 --destination 127.0.0.1 -p tcp --dport 22 -j REDIRECT --to-ports 222
Flush all rules.
iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
Block
iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j DROP iptables -A OUTPUT -p tcp -d 131.115.248.82 --dport 8080 -j REJECT
Block outgoing mail
iptables -A OUTPUT -p tcp --dport 25 -o $INTERFACE -j REJECT
Block all traffic except ssh in/out log to syslog.
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT iptables -A INPUT -m tcp -p tcp --sport 22 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -j LOG --log-level info --log-prefix "dropped-in" iptables -A OUTPUT -m tcp -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -m tcp -p tcp --sport 22 -j ACCEPT iptables -A OUTPUT -m state --state NEW -m tcp -p tcp -j LOG --log-level info --log-prefix "dropped-out"
Block traffic on certain port.
iptables -A INPUT -p tcp --dport 7009 -j REJECT
Fake source
iptables -t nat -A POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}" &>/dev/null # Remove the current rules iptables -t nat -D POSTROUTING -d "${DST}" -p udp --dport 162 -j SNAT --to "${SRC}"
redirect ip
Send traffic destined for one ip and port to another ip and port.
iptables -t nat -A OUTPUT -p tcp -d 146.213.6.7 --dport 1023 -j DNAT --to-destination 10.199.150.111:1023 iptables -t nat -A OUTPUT -p icmp -d 146.213.6.7 -j DNAT --to-destination 10.199.150.111
allow trafic from subnet
iptables -A INPUT -s 172.16.27.0/24 -j ACCEPT
allow ssh from all
iptables -A INPUT -p tcp -dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -dport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
or
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
find which rule is blocking by removing one at a time. Better way is to enable logging
iptables -L -n --line-numbers iptables -D <line-number>
List rules from OUTPUT chain with line number
iptables -t filter -L OUTPUT --line-numbers -n
Add rule to specific row number
iptables -I OUTPUT $ROW_NUMBER -d 54.72.175.186/32 -p tcp -m tcp --dport 443 -j ACCEPT
irc
Close private messages
/window close
Close public messages
/window close
Close a query
/q
jmtpfs
Mount disk
jmtpfs /mnt/mtp
Umount disk
fusermount -u /mnt/mtp
john
Test performance
john -test
Recover passwords with password list.
john -wordlist:password.lst passfile.txt
journalctl
View log from last day.
journalctl --since yesterday
List all units.
systemctl list-unit-files
Current disk usage.
journalctl --disk-usage
Show only certain error level. (err crit)
journalctl -p err
List boots
journalctl --list-boots
Show events between two time stamps.
journalctl --since "2017-01-23 05:56:42" --until "2017-01-23 07:56:42"
show entries for one unit.
journalctl -u openvpn-server@server journalctl -u sshd -f
iptables logs
journalctl -k -f | grep -i iptables
wipe logs
journalctl --vacuum-time=1h
compare two different boots
journalctl --since "$(date '+%F %H:%M:%S' --date '-10 hour')" -u NetworkManager -b -1 -o cat | sed 's/\[[0-9.]*\]//g'
persistent logging
Enable persistent logging in systemd-journald. grep journal /usr/lib/tmpfiles.d/systemd.conf. Install syslog instead.
mkdir /var/log/journal chmod 2755 /var/log/journal chown root:systemd-journal /var/log/journal killall -USR1 systemd-journald
jpegtran
# to lossless cut a file. jpegtran -crop 700x400+2150+1500 2012-05-19_20-39-35.jpg > /photos/Sweden/2012/2012-05-19/2012-05-19_20-39-35.jpg # Rotate counter clockwise. jpegtran -copy all -rotate 270 2012-08-18_15-06-43.jpg > 2012-08-18_15-06-43_270.jpg
kdump
Change action to dump memory.
/etc/kdump.conf core_collector true
Reload config.
systemctl restart kdump
keepass
Create database
printf '%s\n' 'P@55Word'{,} | keepassxc-cli db-create -p -q keepassxc_abjorklund.kdbx
Add entry to database.
keepassxc-cli add keepassxc_abjorklund.kdbx abjorklund
Copy password from password entry
keepassxc-cli clip keepassxc_abjorklund.kdbx abjorklund
keyboard
keymaps dumpkeys loadkeys sv-latin1 loadkeys us setxkbmap en setxkbmap -layout se -variant nodeadkeys
reset corrupt keyboard after using vmware.
setxkbmap
kill
suspend/resume a jobb.
# kill -STOP PID # kill -CONT PID
kpartx
# Create device files from disk image. sudo kpartx -av disk_image.raw add map loop0p1 (252:2): 0 3082240 linear /dev/loop0 2048 add map loop0p2 (252:3): 0 17887232 linear /dev/loop0 3084288 # Mount device files. sudo mount /dev/mapper/loop0p2 /mnt #Unmount what you mounted and remove the device mapping: sudo umount /mnt sudo kpartx -d disk_image.raw
lastb
Show failed ssh logins.
lastb
less
Toggle line wrap
- -> S
tail with less. CTRL + c = scroll around. SHIFT + f = to tail again.
less +F -B /tmp/tmp
lftp
lftp -u user,password $ftp_server
With proxy.
lftp -e "set ftp:proxy http://<url>:3128 ; set ssl:verify-certificate no; open -u user,password ftp://ftp.example.se/"
Workaround.
lftp -e 'set ftp:use-feat false; set ftp:ssl-allow false' -u user,passwor ftp.example.se
ln
Create link even if it exists.
ln -sfT /destination link
locale
To show 24 hour format.
LC_ALL=C
localectl
Change keyboard.
localectl list-keymaps localectl set-keymap se-nodeadkeys localectl set-x11-keymap se-nodeadkeys
lock
locking keyboard under linux.
lock-keyboard-for-baby
logging
bash create log.
#!/bin/bash exec > /logfile
alternative
exec 2>/tmp/log
Read logs on system.
tail -f $(lsof | grep log$ |awk '{ print $NF }' | sort -u |xargs)
logrotate
Test dry run logrotate file. -d=debug -f=force
logrotate -d -f /etc/logrotate.conf
Force logrotate in verbose mode.
logrotate -v -f /etc/logrotate.conf
Create logrotate config entry.
# Configure log rotation. cat << EOF > /etc/logrotate.d/ipmonperfj_cleanupdaemon /directory/logs/cleanupdaemon.log { copytruncate size 100M rotate 60 compress missingok olddir old } EOF
Disable logrotate. Look for file extension to ignore.
man logrotate.conf, you can read find tabooext Ex. mv /etc/logrotate.d/mysql{,.rpmsave}
losetup
Create loopback devices for partitions in image. Force the kernel to scan the partition table on a newly created loop device
losetup -P /dev/loop2 harddrive.img
Set up next available device read only.
losetup -f -r /temp/rb-slog05/sda6
Show all
losetup -a
detatach
losetup -d /dev/loop2
ls
ls -la --time-style="+%Y-%m-%d %H:%M:%S" *.3gp
List processes in epoch date
( cd /proc; ls -rtd --full-time --time-style=+%s [0123456789]*; )
lshw
List memory modules
lshw -C memory
Is cpu 32 or 64bit.
lshw -class processor
lsof
List recurivly all process that have a path open.
lsof +D /apps/
which ports has a process opened?
lsof -Pan -p 13354 -i
which process listen to port
lsof -i :443
command line mail with changed from
echo message$(date +%F_%H-%M-%S) | mail -s Subject$(date +%F_%H-%M-%S) -r from@inter.net reciever@inter.net
command line mail with changed from with attachment
echo message | mail -s Subject -r from@inter.net -a /attach.ment reciever@inter.net
Change default sender.
# ~/.mailrc # From address for mailx. set from="root degn.redbridge.se <abjorklund@redbridge.se>" set replyto="root degn.redbridge.se <abjorklund@redbridge.se>"
man
man correct caracters.
LANG=C man passwd
man clean for output to file.
man [manual] | col -b > file.txt
Read from section 5
man man.5
mbr
backup mbr.
# dd if=/dev/sdX of=/temp/sdx-mbr bs=512 count=1
restore mbr
# dd if=/temp/sdx-mbr of=/dev/sdX bs=446 count=1
mdadm
Add disk that was lost
mdadm /dev/md125 -a /dev/vda1
minimodem
Transmit file via audio.
minimodem -t 200
Recieve file via audio
minimodem -r 200
mkfs
Create fat32 file system.
dd if=/dev/zero of=/tmp/sdb bs=32M status=progress conv=fdatasync count=10 fdisk /tmp/sdb n <accept all defaults> t b p w mkfs.vfat -F 32 -n MYDRIVE /tmp/sdb1
mkfs.ext4
Create ext4 filesystem. Overwrite. Label and root reserved to 0.
mkfs.ext4 -F -L looted_storage -m 0 /dev/sda1
mkpasswd
Create a password hash
echo password | mkpasswd -m sha-512 -s
mogrify
Resize, crop... a file. Removes original.
mogrify -resize 800 *.jpg
mount
Mount a temporary ram partition
mount -t tmpfs tmpfs /mnt -o size=1024
Mount a cifs filesystem and change owner on mountpoint.
mount.cifs -o credentials=/home/user/cifs.credentials,gid=1004,uid=1004 //server/c$ /mnt/cifs
Disallow normal user to ps. If not belonging to gid 1001.
- /etc/fstab
proc /proc proc defaults,hidepid=2,gid=1001 0 0
movgrab
List available formats
movgrab -T http://youtu.be/ucivXRBrP_0
Get version listed.
movgrab -f mp4:1920x1080 http://www.youtube.com/v/ucivXRBrP_0
mplayer
mplayer in ascii mode.
mplayer -monitoraspect 4:3 -vo aa LinaFreestyler.avi mplayer -vo aa -monitorpixelaspect 0.5 *.mp4
mplayer on second soundcard.
mplayer -ao oss:/dev/dsp *.mp3 mplayer -ao alsa:device=hw=0.0 *.mp3
Or, to specify a non-default (secondary) device either of the following commands can be used.
mplayer -ao oss:/dev/dsp1 *.mp3 mplayer -ao alsa:device=hw=1.0 *.mp3
play from v4l
mplayer -tv device=/dev/video:driver=v4l:input=1:width=640:height=480:norm=ntsc:adevice=/dev/dsp tv://1 -zoom -aspect 4:3 mplayer -fps 15 tv:// -tv driver=v4l2:width=640:height=480:device=/dev/video0play hdv material. mplayer -monitoraspect 16:9 -vf pp=lb
play dvd image.
mplayer dvd://1 -dvd-device DVD.iso
play h264 webcam
mplayer -fps 24 tv:// -tv driver=v4l2:width=1920:height=1080:device=/dev/video0:outfmt=0x34363248 -aspect 16:10 -fs
play mjpeg webcam
mplayer -fps 24 tv:// -tv driver=v4l2:outfmt=mjpeg:width=1920:height=1080:device=/dev/video0 -aspect 16:10 -fs
play mp3 in different speed keep pitch.
mplayer -speed 1.5 -af scaletempo /mp3/music.mp3 # list chapters. mplayer dvd://1 -dvd-device /dev/sr0 -identify -novideo -nosound # dump chapters. mplayer -dvd-device /dev/sr0 dvd://3 -dumpstream -dumpfile 3.vob
MP4Box
Combine mp4 files
MP4Box -add file1.mp4 -add file2.mp4 output.mp4
mpstat
top like output of system usage
mpstat 5 5
mtr
ping and traceroute combined.
mtr -rc 10 8.8.8.8
mutt
Put the followin in .muttrc to change From.
set realname="Joe User" set from="user@host" set use_from=yes
command line mail with attachment
mutt -s subject -a syslogs.tar.gz admin@domain.org < /dev/null
Change sender from command line.
export EMAIL=address@inter.net && mutt -s "Subject Test" anden@halfface.se < /dev/null echo "Test message" | mutt -s "Subject test" -e "set realname=\"Real Name\"" -e "set from=\"anden@halfface.se\"" -e "set use_from=yes" anden@halfface.se
Change envolope from
export REPLYTO=email@inter.net export EMAIL=email@inter.net echo "email@inter.net testing" | mutt -e "set envelope_from=yes" email@inter.net -a /tmp/attachment
oneliner
export EMAIL=email@inter.net;export REPLYTO="${EMAIL}";echo "email@inter.net testing" | mutt -e "set envelope_from=yes" email@inter.net -a /tmp/attachment export EMAIL=email@inter.net;export REPLYTO="${EMAIL}";echo "${EMAIL} testing on ${HOSTNAME}" | mutt -e "set envelope_from=yes" -s "${EMAIL} testing on ${HOSTNAME}" "${EMAIL}"
Dont trigger out of Out Of Office reply.
echo "email@inter.net testing" | mutt -e "unignore list-id" email@inter.net
multilog
split standard output to logfiles. In this case keep specific size. t means to prepend a TAI timestamp on each line. 10000B. 5 logfiles. tai64nlocal program simply reads stdin and replaces TAI timestamps with human-readable ones. http://blog.teksol.info/pages/daemontools/best-practices. Compress rotated logfiles.
mkdir /tmp/myapp ; ./myapp | multilog t s10000 n5 '!tai64nlocal' '!gzip' /tmp/myapp 2>&1
nc (netcat)
Check communication.
listen on port 3333.
nc -kl 3333
talk to port 3333.
nc 192.168.0.1 3333
Transfer data
Cat file, calculate size listen on port 3333.
cat backup.iso | pv -b | nc -l 3333
Receive file.
nc 192.168.0.1 3333 | pv -b > backup.iso
Setup telnet server
nc -L -l -p1234 -d -e cmd.exe
Test connection.
nc -w2 -znv 10.1.22.31 7222
tunnel
On the server, we open a listener on the TCP port 6667 which will forward data to UDP port 53 of a specified IP. If you want to do DNS forwarding like me, you can take the first nameserver's IP you will find in /etc/resolv.conf - in this example, this is 192.168.1.1. But first, we need to create a fifo. The fifo is necessary to have two-way communication between the two channels. A simple shell pipe would only communicate left process' standard output to right process' standard input.
mkfifo /tmp/fifo nc -l -p 6667 < /tmp/fifo | nc -u 192.168.1.1 53 > /tmp/fifo
Dont eat up standard output.
nc -v --send-only --recv-only localhost 22
Talk to pop3 server over ssl.
nc --ssl mail.tele2.se 995
Talk to pop server
nc -C mail.tele2.se 25
Talk to web server
URL_SSL=halfface.se ; echo -e "HEAD / HTTP/1.1\nHost: ${URL_SSL}\n\n" | nc --ssl ${URL_SSL} 443 echo -e 'GET /users/password/new HTTP/1.1\r\nHost: localhost\r\nConnection: Close\r\n\r\n' | nc localhost 80 | head
To overcome problems with nc closing connection too fast.
(echo -en 'GET / HTTP/1.1\r\nHost: 172.30.156.15\r\nConnection: close\r\n\r\n'; sleep .1) | nc 172.30.156.15 80 | head -30 nc --no-shutdown -v 172.30.156.15 80 <<<$(echo -en 'GET / HTTP/1.1\r\nHost: 172.30.156.15\r\nConnection: close\r\n\r\n')
ncdu
disk usage. Stay in one filesystem.
ncdu -x /
net
Start service via samba.
net rpc service start ipremote -I 172.17.255.99 -U 'domain/user%password'
netstat
Look at network connections. tcp/ip4.
netstat -4anpt
Look at multicast groups
netstat -g
What does it mean?=
ESTABLISHED The socket has an established connection. SYN_SENT The socket is actively attempting to establish a connection. SYN_RECV A connection request has been received from the network. FIN_WAIT1 The socket is closed, and the connection is shutting down. FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end. TIME_WAIT The socket is waiting after close to handle packets still in the network. CLOSE The socket is not being used. CLOSE_WAIT The remote end has shut down, waiting for the socket to close. LAST_ACK The remote end has shut down, and the socket is closed. Waiting for acknowledgement. LISTEN The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option. CLOSING Both sockets are shut down but we still don't have all our data sent. UNKNOWN The state of the socket is unknown.
statistics
netstat -s netstat -s | retransmit
nmap
Scan for open ssh ports.
nmap -p 22 --open -sV 10.0.0.* nmap -p 22 -sV --open -oG - $(ip -4 a s $(ip route show default | awk '{print $5}') | grep inet | awk '{print $2}') | awk '/\/open\// {print $2,$3}'
Syn scan.
nmap -P0 -sS -p1023 www.halfface.se
Ping scan. Do not resolve.
nmap -sn -n 10.127.254.1-254
Which ciphers are allowed.
nmap --script ssl-enum-ciphers -p 465 www.halfface.se
arp scan.
nmap -PR 192.168.0.0/24
which kex_algorithms server_host_key_algorithms encryption_algorithms compression_algorithms
nmap --script ssh2-enum-algos -sV -p 22 ssh.server.inter.net
Which manufacturer.
nmap -sn 10.111.222.0/24
nmcli
List connections
nmcli con
rename connection
nmcli connection modify <old_name> con-name <new_name>
manage network from cli
http://fedoraproject.org/wiki/Networking/CLI
Connect to a configured connection by name
nmcli connection up WireLess
Disconnection by name
nmcli connection down Wireless
Connect to remembered network.
nmcli con up '[-_-] halfface 5'
List available wireless networks.
nmcli device wifi list
Generate list of available wireless networks.
nmcli device wifi rescan
Create connection for wireless network.
nmcli device wifi connect Bredband password P4ssM0rd
Connect to specific bssid
nmcli connection modify MyWifiConnection 802-11-wireless.bssid 00:11:22:33:44:55
List networks on specific interface.
nmcli device wifi list ifname wlp0s18f2u4
Disconnect network interface.
nmcli device disconnect wlp0s18f2u4
Manually setup interface.
nmcli con add con-name "static-ens32" ifname ens32 type ethernet ip4 xxx.xxx.120.44/24 gw4 xxx.xxx.120.1 nmcli con mod "static-ens32" ipv4.dns "xxx.xxx.120.1,8.8.8.8" nmcli con up "static-ens32" iface ens32
list devices.
nmcli device status
list connections.
nmcli connection show
delete connection
nmcli con delete "Wired connection 1"
add connection with static ip.
nmcli con add con-name ens224 ifname ens224 type ethernet ip4 172.30.109.16/24
show properties for connection
nmcli dev show ens224
set dns server
nmcli connection modify enp1s0 ipv4.dns "10.111.222.2,8.8.8.8"
edit
nmcli con edit $connection print all
autostart
nmcli connection modify IFNAME connection.autoconnect yes|no
dhcp option
nmcli -f DHCP4 device show eth0
Make network a bridge interface
sudo nmcli con add ifname br0 type bridge con-name br0 sudo nmcli con add type bridge-slave ifname <network_card> master br0 sudo nmcli con modify br0 bridge.stp no sudo nmcli con down "Wired connection 1" sudo nmcli con up br0
nohup
Start binary under nohup and tail log.
nohup ./run.sh & sleep 1 ; tail -1000f nohup.out
Start process and log to specified file.
nohup daemon > /path/daemon.log &
nping
nping -c 1 --tcp -p 80 www.halfface.se
nth
Name That Hash
nth --text '$y$j9T$jogs61gwDHB6L1oEwHeR00$L4cfYqkxKzS8dtkC5hPXFRMOIcEl6q5VKIkngrRGFM0'
ntfs-3g
mount ntfs filesystem. read and write.
yum install fuse fuse-libs ntfs-3g mount /dev/sda1 /media/c_drive -t ntfs-3g -r -o umask=0222,locale=en_US mount /dev/sda1 /media/c_drive -t ntfs-3g -rw -o umask=0000,locale=en_US fstab read and write. /dev/sda3 /media/e_drive ntfs-3g ro,defaults,umask=0222 0 0 /dev/sda1 /media/c_drive ntfs-3g rw,defaults,umask=0000 0 0
Create ntfs partition.
fdisk 7 mkfs.ntfs /dev/sdx1
numbers
series of numbers
bash: echo {1..10}
numfmt
iec=accept optional single letter suffix. No output suffix. Remove B from input. change format of output, mb ,gb and so on.
numfmt --from=iec --to=none --suffix=B 8.7KB
nwipe (dban)
Wipe your disk
nwipe --nogui --nowait --autonuke /dev/sdb
omping
multicast ping
omping -c10 10.111.222.118 10.111.222.121
openvpn3
Install openvpn fedora 38+ /etc/yum.repos.d/_copr\:copr.fedorainfracloud.org\:dsommers\:openvpn3-devsnapshots.repo
[copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots] name=Copr repo for openvpn3-devsnapshots owned by dsommers baseurl=https://download.copr.fedorainfracloud.org/results/dsommers/openvpn3-devsnapshots/fedora-$releasever-$basearch/ type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://download.copr.fedorainfracloud.org/results/dsommers/openvpn3-devsnapshots/pubkey.gpg repo_gpgcheck=0 enabled=1 enabled_metadata=1
Install package from above.
dnf install openvpn3-client
Add configuration
OPENVPN_CONFIG=<name> ; openvpn3 config-import --name "$OPENVPN_CONFIG" --persistent --config "$OPENVPN_CONFIG".ovpn
List configs
openvpn3 configs-list
Remove config
openvpn3 config-remove --config <config-name>
Connect
openvpn3 session-start --config <config-name>
Disconnect
openvpn3 session-manage --config <config-name> --disconnect
Connect to the log with debug enabled. This can be run in a different terminal window after the connection has been started.
openvpn3 log --config <config-name> --log-level 6
Show active sessions
openvpn3 sessions-list
Show statistics for an active session
openvpn3 session-stats --config <config-name>
Show configuration settings
openvpn3 config-manage --config <config-name> --show
sessions disconnect
openvpn3 sessions-list | grep Path | awk '{print $2}' | while read OPENVPN_PATH ; do echo $OPENVPN_PATH ; openvpn3 session-manage --session-path $OPENVPN_PATH --disconnect ; done
View config files
sudo find /var/lib/openvpn3/configs/ -type f
openssl
Grab the public key.
openssl s_client -connect www.halfface.se:443 </dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
What does the ssl cert look like.
HOST=www.halfface.se ; PORT=443 ; echo | openssl s_client -connect ${HOST}:${PORT} -servername ${HOST}| openssl x509 -ext subjectAltName -noout -startdate -enddate -subject -issuer -nameopt RFC2253,sep_comma_plus_space
What does crl look like. (Certificate Revocation List)
openssl crl -inform PEM -text -noout -in crl.pem
Connect to ssl server
echo hello | openssl s_client -connect www.halfface.se:8140
Connect to ssl server -cipher NULL,LOW
echo hello | openssl s_client -connect www.halfface.se:8140
Connect with openssl v3
openssl s_client -ssl3 -connect ipmon01.dupont:443
Connect with low security cipher
echo X | openssl s_client -cipher NULL,LOW -connect www.halfface.se:8140
PEM convert to DER
openssl x509 -inform PEM -in /file.pem -outform DER file.der
p12 to cer
openssl pkcs12 -in infile.p12 -out outfile.cer -nodes
Export public
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin pass:<password> export CERT=<cert>.p12 ; export PASS=<pass> ; openssl pkcs12 -in $CERT -out ${CERT}.pem -clcerts -nokeys -passin pass:${PASS}
Export private
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes -passin pass:<password> export CERT=<cert>.p12 ; export PASS=<pass> ; openssl pkcs12 -in $CERT -out ${CERT}.key -clcerts -nodes -passin pass:${PASS}
p7b to pem
openssl pkcs7 -print_certs -in <certificate>.p7b -out certificate.pem
pfx to pem
Complete file.
openssl pkcs12 -in filename.pfx -out cert.pem -nodes
Get private cert. Then remove password. Decrypt
openssl pkcs12 -in filename.pfx -nocerts -out key.pem openssl rsa -in key.pem -out server.key
Get public cert.
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Extract p12 password protected keys in
openssl pkcs12 -in /file.p12 -passin file:/password -nokey -nodes -out /file.nokeys openssl pkcs12 -info -in </path/to/file.pfx> -passin pass:<pfx's password>
Encrypt file
openssl aes-256-cbc -a -salt -in file -out file,encoded -passin file:passfile
Decrypte file
openssl aes-256-cbc -d -a -salt -in file -out file,encoded -passin file:passfile
Install new root ca
# Change to the directory: cd /etc/pki/tls/certs # Next download the College root certificate: wget https://icca2.ic.ac.uk/certenroll/ic-root.crt # Convert the certificate to PEM format: openssl x509 -inform der -in ic-root.crt -out ic-root.pem # Create a link with the certificate hash: ln -s ic-root.pem `openssl x509 -hash -noout -in ic-root.pem`.0 # Create sha256 base64 encoded hash openssl dgst -binary -sha256 | openssl base64 # Verify root ca. openssl verify -CApath /etc/pki/tls/certs ic-inter-root.pem icrootca.cer: OK
The server certificate is the first certificate returned, and will be PEM formatted. The CA certificate is the final certificate returned, and is also PEM formatted.
openssl': echo | openssl s_client -connect www.sslsite.com:443 -showcerts
Check ca store files.
find . -name '*.pem' | while read PEM ; do echo '###' ${PEM} '###';ls -la "${PEM}" ; set -x ; curl --cacert "${PEM}" https://site.test.net/index.htm.
Verify pop3 connectivity.
openssl s_client -crlf -connect mail.tele2.se:110 -starttls pop3 USER yiming PASS foobar LIST – lists the messages available in the user’s account, returning a status message and list with each row containing a message number and the size of that message in bytes STAT – returns a status message, the number of messages in the mailbox, and the size of the mailbox in bytes RETR [message_num] – returns the message identified by the message number, which is the same as the message number shown in the LIST command output TOP [message_num] [n] – returns the top n lines of the message denoted by message number. QUIT command will end the session.
Create wildcard self signed certificate.
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout wildcard.test.internal.zone.key -out wildcard.test.internal.zone.crt Common Name (eg, your name or your server's hostname) []:*.test.internal.zone
Verify certificate chain
openssl verify -CAfile Thawte_Primary_Root_CA.pem -untrusted thawte_SSL_CA_G2.cer www.halfface.se.pem
Look at certificate chain.
openssl s_client -connect www.halfface.se:443 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = www.halfface.se verify return:1 --- Certificate chain 0 s:CN = www.halfface.se i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 ---
Verify chain.
openssl s_client -showcerts -verify 5 -connect www.halfface.se:443 < /dev/null 2>&1
Connect to smtp server via ssl.
openssl s_client -crlf -ign_eof -connect www.halfface.se:25 -starttls smtp -quiet EHLO halfface.se AUTH LOGIN $(echo -n "username" | base64) $(echo -n "password" | base64) MAIL FROM:anden@halfface.se RCPT TO:<anden@halfface.se> DATA Subject: Test from cli. This is a test email. . QUIT
Connect to imap
openssl s_client -crlf -connect www.halfface.se:993 openssl s_client -showcerts -connect www.halfface.se:143 -starttls imap
Login
tag login abjorklund ${PASSWORD}
List mailboxes
tag LIST "" "*"
Log out
tag LOGOUT
compare two certifactes
Compare the use case for the certificate.
sdiff <(openssl x509 -in server.crt -noout -issuer -subject -enddate -purpose) <(openssl x509 -in uc_activemq.crt -noout -issuer -subject -enddate -purpose)| less
create a csr
openssl req -new -sha256 -nodes -out www.halfface.se.csr -newkey rsa:2048 -keyout www.halfface.se.key -config <( cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] O=Organisation: halfface C=SE ST=Stockholm L=Stockholm CN = www.halfface.se [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = halfface.se DNS.2 = ldap.halfface.se DNS.3 = mqtt.halfface.se EOF )
csr information
openssl req -noout -text -in file.csr | grep -vE ' [0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:'
look at content of private key
openssl rsa -in key.pem -text -noout
confirm that public private and csr match
# For your SSL certificate: CERT_PUBLIC=$(ls *.crt) echo $(openssl x509 -noout -modulus -in "${CERT_PUBLIC}" | openssl md5 | awk '{print $2}'),"${CERT_PUBLIC}",public cert. # For your RSA private key: CERT_PRIVATE=$(ls *.key) echo $(openssl rsa -noout -modulus -in "${CERT_PRIVATE}" | openssl md5 | awk '{print $2}'),"${CERT_PRIVATE}",private key # For your CSR: CERT_CSR=$(ls *.csr) echo $(openssl req -noout -modulus -in "${CERT_CSR}" | openssl md5 | awk '{print $2}'),"${CERT_CSR}",certificate signing request
connect with ca private and public key
openssl s_client -CAfile ca.pem -cert public.crt -key private.key -connect 10.12.118.184:1023 -tls1_2
create a ca
Create ca and certificates.
# Create folder structure. mkdir /root/ca/ mkdir /root/ca/certs/ mkdir /root/ca/crl/ mkdir /root/ca/newcerts/ mkdir /root/ca/private/ mkdir /root/ca/requests/ touch /root/ca/index.txt echo 1000 > /root/ca/serial chmod 600 /root/ca # Create private key for the CA certificate. pass phrase: $(pwgen 15) cd /root/ca/ openssl genrsa -aes256 -out private/cakey.pem 4096 # Create a public certificate for the CA. openssl req -new -x509 -key /root/ca/private/cakey.pem -out cacert.pem -days 36525
Country Name (2 letter code) [AU]:SE State or Province Name (full name) [Some-State]:Stockholm Locality Name (eg, city) []:Stockholm Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Organizational Unit Name (eg, section) []:Company Common Name (e.g. server FQDN or YOUR name) []:Certificate Authority Email Address []:anden@halfface.se
# Copy system openssl.cnf to /root/ca dir. Then change dir in config. vim openssl.cnf [ CA_default ] dir = /root/ca # Where everything is kept
Create signed certificate keypair
cd requests/ # Create csr openssl req -new -newkey rsa:2048 -nodes -keyout <client>.key -out <client>.csr -config ../openssl.cnf # Issue certificate for csr. openssl ca -in <client>.csr -out <client>.crt -config ../openssl.cnf -days 36525
talk http via openssl
openssl s_client -crlf -quiet -connect www.halfface.se:443 <<EOF GET / HTTP/2.0 Host: www.halfface.se EOF
look at cert
openssl asn1parse -in rb-ca.crt.2021-02-28
performance testing
openssl speed -evp aes-256-ecb
confirm that ca is correct
echo | openssl s_client -CAfile Sectigo_RSA_Domain_Validation_Secure_Server_CA.pem -no-CAfile -no-CApath -tls1_2 -connect 172.30.32.141:5044 2>&1 | grep Verification Verification: OK
openssl s_server
Setup server listening as http server.
openssl s_server -status_verbose -HTTP -cert host.inter.net.crt -key host.inter.net.key
Setup https server listening on https on port 4433 providing complete chain
openssl s_server -status_verbose -HTTP -cert halfface.se.pem -cert_chain halfface.se.intermediate.pem -key halfface.se.key -accept 4433
othername:<unsupported>
You will have to locate the "OCTET STRING" line just below the "OBJECT :X509v3 Subject Alternative Name" line then strpars
# print section offset via openssl asn1parse -in yourcert.pem # parse otherName from "OCTET STRING" <offset> is the value in the beginning of the line. openssl asn1parse -in yourcert.pem -strparse <offset>
Another way of seeing same data is through
openssl asn1parse -in /tmp/tmp -dump -strictpem
create password string
openssl passwd -6 -salt $RANDOM $PASSWORD
pactl
Pulse Audio cli tool. List output devices.
pactl list short sinks
Set default output device
pactl set-default-sink $i
List where applications send output.
pactl list short sink-inputs
Move application to other output device.
pactl move-sink-input $applicaiton $sink
pam
Troubleshooting pam.
/etc/syslog.conf # Get debugging data. *.debug /var/log/debug.log
Create logfile and restart *syslog.
touch /var/log/debug.log service syslog restart
Put pam in debug mode.
touch /etc/pam_debug
OR you can enable debugging only for the modules you're interested in by adding "debug" to the end of the relevant lines in /etc/pam.d/system-auth or the other /etc/pam.d/* files:
login auth required pam_unix.so debug
Debugging is found in /var/log/debug.log.
pam_tally2
Configured here.
/etc/pam.d/password-auth:auth required pam_tally2.so file=/var/log/tallylog onerr=fail per_user deny=6 no_magic_root
What is status from account?
pam_tally2 --user=user1 Login Failures Latest failure From user1 8 04/20/15 11:39:54 192.168.1.1
parallel
Run command 10 times in parallel.
seq 10 | parallel -n0 echo "Hello, World"
Run command 10 times in parallel dryrun.
seq 10 | parallel --dry-run -n0 echo "Hello, World"
Compress logfiles in parallel.
parallel gzip ::: *.log
partprobe
Rescan block device to setup device files
partprobe /dev/sde
partx
partx /dev/sda -l ; partx /dev/sda -u ; partx /dev/sda -l
paste
Combine to files to one in multiple column. Replace tab with spaces.
paste /tmp/check_name_nagios /tmp/filename | column -t -s $'\t'
Combine every second line with a space in between.
paste -d' ' - -
pcregrep
Multiline grep
pcregrep -M 'pattern: line1\nPattern lin2' /temp/files_*
pdftotext
grab text from pdf document.
pdftotext document.pdf
pidof
which pids has a program stared. Find pid.
ping
Ping ipv6 loopback
ping6 ::1 -c1
Ping ipv6 broadcast
ping6 ff02::1%2 | cut -d\ -f4
Ping short output
export ADDRESS=2001:4860:4860::8888 ; PING=$(ping6 -w1 -q -c1 -i10 ${ADDRESS} 2>&1) ; RTT=$( grep rtt <<<"${PING}" | awk -F/ '{print $6}') ; RECEIVED=$(grep received <<<"${PING}") ; echo $ADDRESS $RECEIVED, rtt=${RTT}
Ping to discover mtu. 1460, 1450. When reply increase with 2. when found highest value increase with 28 to get mtu.
ping -M do -s 1472 123.45.56.78
pip
which versions of django exist
pip install pylibmc
which versions are installed
pip list
which files does pip package provide.
pip show -f $package
Uppgrade package.
pip install $package --upgrade
where your own packages might end up
/usr/local/lib/python3.9 /usr/lib/python2.7/site-packages/
upgrade pip
ls -la /usr/lib64/libldap_r.so /usr/lib64/libldap.so
do not use cache
pip3 install -r requirements.txt --no-cache-dir
pgrep
Grep any processlines including 1066
pgrep -lf 1066
pmap
Look at memory usage of process.
sudo pmap 2258
postfix
remove mails in queue.
mailq | grep ^[A-F0-9] | awk '{print $1}' | postsuper -d -
list mails in queue
mailq | grep "^[A-F0-9]"
Get mails in better output to better decide what to do with mails.
mailq | grep -v -- "-Queue ID-" | sed 's/^$/\x0/g' | tr -d '\n' | sed 's/\x0/\n/g'
Remove stuck emails.
postsuper -d ALL deferred
List email
postcat -q E55692442F
Read mail
postcat -vq [message-id]
pr
Print two files between each other.
pr -w200 -m -t /tmp/1 /tmp/2
printf
Convert octal to utf-8
printf '\360\237\222\200'
decimal to integral
printf "%.0f" <decimal>
printscreen
import -window root test.png
Gnome copy graphics to paste buffer. Copy selected portion of screen.
gnome-screenshot -a
/proc
- /proc/meminfo
MemTotal — Total amount of physical RAM, in kilobytes.
MemFree — The amount of physical RAM, in kilobytes, left unused by the system.
Buffers — The amount of physical RAM, in kilobytes, used for file buffers.
Cached — The amount of physical RAM, in kilobytes, used as cache memory.
SwapCached — The amount of swap, in kilobytes, used as cache memory.
Active — The total amount of buffer or page cache memory, in kilobytes, that is in active use. This is memory that has been recently used and is usually not reclaimed for other purposes.
Inactive — The total amount of buffer or page cache memory, in kilobytes, that are free and available. This is memory that has not been recently used and can be reclaimed for other purposes.
HighTotal and HighFree — The total and free amount of memory, in kilobytes, that is not directly mapped into kernel space. The HighTotal value can vary based on the type of kernel used.
LowTotal and LowFree — The total and free amount of memory, in kilobytes, that is directly mapped into kernel space. The LowTotal value can vary based on the type of kernel used.
SwapTotal — The total amount of swap available, in kilobytes.
SwapFree — The total amount of swap free, in kilobytes.
Dirty — The total amount of memory, in kilobytes, waiting to be written back to the disk.
Writeback — The total amount of memory, in kilobytes, actively being written back to the disk.
Mapped — The total amount of memory, in kilobytes, which have been used to map devices, files, or libraries using the mmap command.
Slab — The total amount of memory, in kilobytes, used by the kernel to cache data structures for its own use.
Committed_AS — The total amount of memory, in kilobytes, estimated to complete the workload. This value represents the worst case scenario value, and also includes swap memory.
PageTables — The total amount of memory, in kilobytes, dedicated to the lowest page table level.
VMallocTotal — The total amount of memory, in kilobytes, of total allocated virtual address space.
VMallocUsed — The total amount of memory, in kilobytes, of used virtual address space.
VMallocChunk — The largest contiguous block of memory, in kilobytes, of available virtual address space.
HugePages_Total — The total number of hugepages for the system. The number is derived by dividing Hugepagesize by the megabytes set aside for hugepages specified in /proc/sys/vm/hugetlb_pool. This statistic only appears on the x86, Itanium, and AMD64 architectures.
HugePages_Free — The total number of hugepages available for the system. This statistic only appears on the x86, Itanium, and AMD64 architectures.
Hugepagesize — The size for each hugepages unit in kilobytes. By default, the value is 4096 KB on uniprocessor kernels for 32 bit architectures. For SMP, hugemem kernels, and AMD64, the default is 2048 KB. For Itanium architectures, the default is 262144 KB. This statistic only appears on the x86, Itanium, and AMD64 architectures.
ps
Process list in tree view.
ps axfww
Process sort by cpu usage.
ps auxwww --sort -%cpu | head
How long has process been running.
ps -p 1 -o etime=
Process list sorted after memory usage.
ps aux --sort=size
Process show memory usage... sort...
ps axo rss,%cpu,pid,euser,cmd | sort -nr | head -n 10 | less -ISRM
Process sort by mem usage.
ps auxwww --sort -rss | head
Processes sorted by time running.
ps aux --sort -time
Processes sorted by time started
ps -auxwww --sort=start_time
ps showing threads.
ps -efL
How long has process been running.
echo -n $(( ($(date +%s) - $( stat -c%X /proc/$(pgrep -f [a]ctivemq.jar))) / 3600 ))
ps long usernames
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
ps including nice
ps -eo pid,user,ni,comm
pstack
print a stack trace of a running process
pulseaudio
- Is pulseaudio running?
ps uxawww| grep -E pulseaudi[o]
- stop pulseaudio
pulseaudio -k
- start pulseaudio as found by ps | grep pulseaudio
/usr/bin/pulseaudio --start --log-target=syslog
putty
Always setup stay alive.
connection -> keepalive -> 60
set up tunnel
putty -load blt.homeip.net -l bjorklun -pw password -L 19242:192.168.0.42:3389 blt.homeip.net
putty without taking tty.
plink -load www.halfface.se -l user_name -pw password -R *:3389:localhost:3389 -2 -4 -N
reverse tunnel. Connect remote host 3400 to machine running putty localhost:3389.
connection -> ssh -> tunnels -> "Source Port" = 3400 -> destination = localhost:3389 -> remote.
socks server.
connection -> ssh -> tunnels -> Source port: 3128 , Destination: localhost:3128, Dynamic:true -> add -> apply.
pv
throughput in pipe. speed.
pv pv -cN
make a dd and limit througput to 20MB/s.
dd if=${HOST}.qcow2 bs=4k conv=noerror,sync | pv -L 20M | dd of=${HOST}.dd_noerror.qcow2
pwgen
Create less complicated password.
pwgen -sy 15 -r \'\"\^\(\)\`\~\;\[\]\{\}\,
qalculate
qalc > 40 euro to SEK 40 * euro = approx. SEK 417.36
readpst
output pst file in separate files in out directory
readpst -S -o out/ outlook.pst
reboot
Hard reboot mean that shutdown scripts will not run and machine reboot immediately without syncing hard disk drives, shutdown applications etc. This commands enable sysrq and after this call fast reboot. echo 1 > /proc/sys/kernel/sysrq echo b > /proc/sysrq-trigger
Force shutdown
echo 1 > /proc/sys/kernel/sysrq echo o > /proc/sysrq-trigger
Kernel panic
echo c > /proc/sysrq-trigger
rename
Recursive lowercase to uppercase
for i in $(find * -depth); do (mv $i $(echo $i | sed 's%[^/][^/]*$%%')$(echo $i | sed 's!.*/!!' | tr [:upper:] [:lower:])); done
Upper to lower case
for f in `find .`; do mv -v "$f" "`echo $f | tr '[A-Z]' '[a-z]'`"; done
reposync
reposync -n -c /etc/yum/yum.conf -p /repos/centos6 -d -r base -r updates -r extras -r centosplus -r contrib createrepo -g /repos/centos6/base/repodata/comps.xml /repos/centos6/base createrepo /repos/centos6/updates createrepo /repos/centos6/extras createrepo /repos/centos6/centosplus
halfface -> sync repo. -d delete what is not on remote, -n only newest version, -p store here, -r which repos to sync
reposync -d -n -p /install/system/linux/fedora/24/repo/ -r updates -r fedora -r rpmfusion-free -r rpmfusion-free-updates -r rpmfusion-nonfree -r rpmfusion-nonfree-updates
halfface -> create repository
REPODIR=/install/system/linux/fedora/24/repo ; for REPO in $(cd $REPODIR; ls) ; do echo $REPO ; createrepo_c ${REPODIR}/${REPO} ;done
reptyr
Reparent a running program to a new terminal. (move tty)
rfcomm
list usb devices
hcitool scan
What properties does the device have.
sdptool browse 00:0D:B5:30:07:79
connect bluetooth device virtual servial.
rfcomm bind /dev/rfcomm0 00:0D:B5:30:07:79 1
rkhunter
Run rkhunter full scan no keypresses needed
sudo rkhunter --checkall --skip-keypress -x
Update database
sudo rkhunter --propupd
Search for what triggered alarm.
sudo grep -E 'Warning|Suspicious' /var/log/rkhunter/rkhunter.log
dnf update rkhunter. Update dnf after rkhunter scan
tail -1 /etc/sysconfig/rkhunter sleep 300 && ( dnf -e 0 -y update ; rkhunter --propupd ) >> /tmp/dnf_update_rkhunter--propupd.$(date +%F_%H-%M-%S).log 2>&1 &
rotatelogs
Write standard output to logfile. Rotate at 100M. Keep 3 files.
your_script.sh | rotatelogs -n3 /var/log/your.log 100M
route
The route to a network is behind 10.111.222.7
route add -net 10.111.223.0 netmask 255.255.255.0 gw 10.111.222.7
Add default route
route add default gw 192.168.122.1
Permanent route under redhat
/etc/sysconfig/static-routes any net 198.18.129.0/24 gw 10.240.175.12
/etc/sysconfig/network-scripts/route-eth1
1.2.3.4/23 via 1.2.3.1
Drop packages to ip.
route add -host 192.168.1.51 reject
Remove reject rule.
route del -host 192.168.1.51 reject
Remove route
route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 eth0 route del -net 10.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 dev eth0
rpm
install src.rpm
rpmbuild --rebuild alien-6.51-1.src.rpm rpm -i /usr/src/redhat/RPMS/x86_64/alien-6.51-1.rpm
List contents of rpm.
rpm -qlp myfile.rpm
Extract single file from rpm.
rpm2cpio package.rpm | cpio -idv ./search_path_to_file_from_listing_above.txt
List information about non installed rpm.
rpm -qip foo.rpm
Extract contents of rpm.
rpm2cpio *.rpm | cpio -i --make-directories
Which version of rpm is installed.
/etc/rpm/macros ~/.rpmmacros
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}
list architecture
rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n"
List only name of installed rpms.
rpm -qa --qf "%{NAME}\n"
Extract rpms in subdirectories.
for RPM in $(ls *|sed 's_\.rpm$__g');do echo $RPM; mkdir $RPM; rpm2cpio $RPM.rpm | (cd $RPM && cpio -i --make-directories);done
Verify content of rpm
rpm -V package # What does those cryptic letters mean from rpm -V: S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readlink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs
Reinstall rpm
rpm -iv --replacepkgs package.rpm
Dependencies of rpm
rpm -qpR ${rpm} rpm -qR ${packagename} rpm -qp mypackage.rpm --provides rpm -qp mypackage.rpm --requires
Rebuild rpm database.
\rm /var/lib/rpm/__db* rpm --rebuilddb
Update minor release.
yum --releasever=6.11 update sl-release yum clean all yum update
Downgrade rpm.
rpm -Uvh --oldpackage /tmp/app.x86_64.rpm
Which rpm:s are required by rpm. Can be used to install rpm on machine without access to yum repo.
PKG=openssh-server ; yum install --downloadonly --installroot=/tmp/$PKG-installroot --releasever=7 --downloaddir=/tmp/$PKG $PKG
CVE:s fixed by rpm
rpm -qi --changelog openssh-server | grep -i CVE
rsync
Syncronize folders. Delete non existing files on remote host. Compress.
rsync --delete -az -e ssh bjorklun@semco.homeip.net:/install/program/windows/
Syncronize files over ssh on port 2222. Show progress. Syncronize even empty directories.
rsync -Pae 'ssh -p 2222' localhost:/opt/techops/bin/ /opt/techops/bin/
rsync with total progress bar.
rsync -a --info=progress2 /dir1/ /dir2/
Run rsync in both ends but transfer data with normal user.
sudo rsync -aP /tmp/andreas/ andreasbj@localhost:/tmp/andreas2/ --rsync-path='sudo rsync'
rsync with limit of 8 MB/s.
rsync -aP --bwlimit=8000 /source/ /destination/
rsync excluding directory
rsync -r --exclude=.svn /source/ /destination/
rsync including selinux information. Preserve hard links.
rsync -aPXH /source /destination
rsync don't keep links. Copy files referenced.
rsync -rLP /source/ /destination
Record which files to sync.
rsync -r -ptgo --delete -P --size-only -n www.halfface.se:/mp3/ /mp3/ -n | tee /temp/mp3_$(date +%Y-%m-%d)_diff.txt
Rsync new files.
rsync -RDa0P --files-from=<(find /sourcedir -mtime -7 -print0) . /targetdir/
rsync ignore existing files.
rsync -P --ignore-existing /source/* /destination/ -n
rsync excluding directories matching pattern.
SOURCE=/apps/IP400 ; DESTINATION=/apps/IP400.$(date '+%Y-%m-%d_%H-%M-%S') ; rsync -aP "${SOURCE}"/ "${DESTINATION}"/ --exclude-from=<(cd "${SOURCE}" ; find -type d -name log | sed -e 's|./||')
Sync files partially.
rsync -avz --partial --inplace
which files differ between hosts.
rsync -nrlptDqv --delete --exclude napsjb/server/naps/tmp/ /opt/ongame/ 10.6.21.11:/opt/ongame | less -n dry run. -r recursive -l copy symlinks av symlinks. -p preserve permission -t preserve tims. -D --device --special. Keep special files. -q quiet -v verbose
sar
Old sar information.
sar -f /var/log/sa/sa25 -s 00:00:00 -e 23:59:00
load average.
sar -q -f /var/log/sa/sa25 -s 00:00:00 -e 23:59:00
All information.
sar -A -f /var/log/sa/sa25 -s 00:00:00 -e 23:59:00
View network statistics.
LANG=c sar -n DEV | grep eth0
realtime summary.
sar 4 5
script
Run command under shell even if it does not exist.
script -q -f -c "commands or scripts to run"
Run session under screen in script.
screen -dm bash -c 'script --timing=script1.tm script1.out'
Replay script recorded file
scriptreplay --timing script1.tm --typescript script1.out
scp
Limit to 1.2MB/s.
scp -l 10240 Rocky-8.5-x86_64-minimal.iso halfface.se:/temp/
search&replace
perl
grep -rsl '10.6.4.102' * | xargs perl -pi -e 's/10.6.4.102/10.6.4.103/'
sed
find . -type f -exec sed -i 's/string1/string2/g' {} \;
Grep for regexp starting with CN= and stop at first occurrence of ,. not greedy
grep -oE 'CN=[^,]*,'
setfacl
Add rwx permission for user_name recursivly from /directory
setfacl -Rm u:user_name:rwx /directory
Remove acl:s
setfacl -bn foobar
setpriv
Dump your privileges.
setpriv -d
shred
Recurse remove dir
find /tmp/secret -type f -exec shred {} \;
shuf
Pick random line in file.
shuf -n1 /file
Get random number
shuf -i 10-120 -n1
sms
Mail to sms gateway.
tele2 07XXXXXXXX@sms.tele2.se
Comviq 467xxxxxxxx@sms.comviq.se
Europolitan 4670xxxxxxx@europolitan.se
snmptrap
# send more than one string. snmptrap -v 2c -Ci -u user -c community localhost "" .1.3.6.1.4.1.5089.1.0.1 1 s "This is the first string" 2 s "This is the second string" snmptrap -v 2c -Ci -u user -c community localhost .1.3.6.1.4.1.5089.1.0.1 1 s "This is the first string" 2 s "This is the second string" snmptrap -v 2c -c xxxxxxx localhost .1.3.6.1.4.1.5089.1.0.1 .1.3.6.1.4.1.5089.2.0.999 s "Hej Hej"
Simple trap
snmptrap -v 1 -c public localhost 0 0
snmptrapd
# Enable logfile. /etc/sysconfig/snmptrapd OPTIONS="-Lf /var/log/snmptrapd.log" # Disable authorization and put in logfile. /etc/snmp/snmptrapd.conf disableAuthorization yes authCommunity log public
snmpwalk
Get information from an oid.
snmpwalk -v 1 -c public snmp.device.net .1.3.6.1.4.1.2021.84
Do tcpdump while running.
tcpdump -i eth0 -n -s0 -v host snmp.device.net and port snmp
socat
Create a tunnel between localhost 2222 to remote host 2222
socat TCP-LISTEN:2222,fork TCP:10.111.222.2:2222 socat TCP-LISTEN:22,fork,bind=127.0.0.1 TCP:192.168.0.15:5900 socat TCP-LISTEN:2222,fork TCP:10.8.110.20:22,bind=172.19.14.251
Listen on 10.120.50.12:9090 and forward to 127.0.0.1:9090
socat TCP-LISTEN:9090,bind=10.120.50.12,fork TCP:127.0.0.1:9090
Create tunnel via systemctl Create file similar to this. /etc/systemd/system/socat_win.service
[Service] ExecStart=/usr/bin/socat TCP-LISTEN:3389,fork TCP:192.168.122.204:3389 [Install] WantedBy=multi-user.target
Enable new file.
systemctl daemon-reload
Start new daemon
systemctl start socat_win
sort
Sort ip address.
sort -t. +0n -1 +1n -2 +2n -3 +3n -4 sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
sort on fift column
sort -t, -k5n,5 /tmp/gfp
Get a list of configured ip for a set of hosts. Sort on domain then hostname
pdsh ^/host_list 'ip route get 8.8.8.8 | awk "NR==1 {print \$NF}"' | sort -t . -k 2 -k 1
Sort on first column only.
sort -n -k 1,1
spawn
Encode wav to ogg in parallel.
# ls -1 *.wav | while read ; do echo "oggenc -q6 \"$REPLY\"" ; done | spawn -j4
split
Devide file into parts containing 100 lines.
split -l 100 create_updated_2013-10-29_sort_created_ci_id_name.txt --numeric-suffixes --suffix-length=3 Cleanup.
Devide file in 10 parts. Suffix length 4.
split -n 10 -a 3 bigfile.tar.gz
sqlite
Is db broken?
sqlite3 mydata.db "PRAGMA integrity_check"
recover db
sqlite3 mydata.db ".dump" | sqlite3 new.db sqlite3 stellar.db .recover | sqlite3 stellar_2.db
Show databases
sqlite> .databases main: /var/lib/tuptime/tuptime.db
List tables
sqlite> .tables tuptime
Run sql command
sqlite> select * from tuptime; 1544984636|2387765.42|-1|0|0.0|Linux-4.19.8-200.fc28.x86_64-x86_64-with-fedora-28-Twenty_Eight
exit|quit
.quit
vacuum
/usr/local/openvpn_as/bin/sqlite3 /usr/local/openvpn_as/etc/db/log.db "VACUUM"
count tables
DB=files.db ; for TABLE in $( sqlite3 $DB ".tables") ; do echo -e $TABLE\\t$(sqlite3 $DB "SELECT COUNT(1) FROM $TABLE;") ; done | column_tab
ss
List all connections.
ss -an
List processes and which port they listen too. Grep process.
ss -tulpn | grep 5405
ssh
ssh-keygen
Create key pair without input.
KEYNAME=cluster-info-reporting ; ssh-keygen -q -t ed25519 -N '' -C $KEYNAME <<< $'\ny' >/dev/null 2>&1 -f /tmp/ssh-keygen-keypair-${KEYNAME}-$(date '+%Y-%m-%d_%H-%M-%S')
which private ssh keys are password protected
ls ${HOME}/.ssh/* | grep -Ev 'pub$|authorized_keys|config|known_hosts|ssh-agent.sock' | while read i ; do SSH_PASSWORD=$(ssh-keygen -y -P "" -f "$i" 2>&1 | grep "incorrect passphrase supplied to decrypt private key") ; if [ -z "${SSH_PASSWORD}" ] ; then echo No password encrypted ssh private key: $i ; fi ; done
Remove pass phrase
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
view fingerprint
ssh-keygen -l -E md5 -f /tmp/ssh-keygen.pub
Copy public key to authorized_keys
ssh-copy-id user@host
List supported ciphers
ssh -Q cipher
List supported MACs
ssh -Q mac
List supported public key type
ssh -Q key
List supported key exchange algorithms
ssh -Q kex
List supported ciphers, macs and kexalgorithms.
sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
Run command each time you login via ssh.
$HOME/.ssh/rc
Tunnel
sudo ssh -nNTx -R 2222:localhost:22 andreasbj@www.halfface.se
Reverse tunnel.
ssh -D \*:666 www.halfface.se ssh -N ipmon10.ny1.ip-soft.net -L43389:ippc01.ongame.ip-soft.net:3389 -n Dont take console. Good for background. -N Do not execute a remote command -T Disable pseudo-tty allocation. -x Disables X11 forwarding. -R port:host:hostport sudo ssh -N -L 2222:www.halfface.se:22 www.halfface.se sudo ssh -nNTx -R 2222:www.halfface.se:22 www.halfface.se sudo ssh -nNTx -R 443:satellite.ongame.com:443 root@10.0.254.30 # Tunnel 443 over ssh from remote host via local host.
Open tunnel on remote host. Start remote proxy server forwarding to internal network.
ssh remotehost -R remoteport:localhost:localport "ssh -D 9050 localhost:remoteport"
Multiple reverse tunnel controled by autossh. (-M)Control port,(-f)background, (-N) no remote command, reverse tunnel (-R)
autossh -M 41000 -f -N -R 0.0.0.0:8001:192.168.1.10:80 -R 0.0.0.0:8002:192.168.1.20:80 user@remotehost
reverse tunnel bound to all interfaces
The config has to allow to bind to * interface. /etc/ssh/sshd_config GatewayPorts yes
sudo ssh -i ${HOME}/.ssh/id_dsa -N -R \*:2222:localhost:22 ${USER}@www.halfface.se
Create an ssh tunnel link
https://help.ubuntu.com/community/SSH_VPN echo 1 > /proc/sys/net/ipv4/ip_forward vim /etc/ssh/sshd_config PermitTunnel=yes sudo ssh -NTCf -w 0:0 1.2.3.4 sudo ssh -v -w any:any www.halfface.se ### local: ip link set tun0 up ip addr add 169.254.0.1/32 peer 169.254.0.2 dev tun0 ip route add 192.168.0/24 via 169.254.0.2 remote: ip link set tun1 up ip addr add 169.254.0.2/32 peer 169.254.0.1 dev tun1 arp -sD 169.254.0.2 eth1 pub ### Change default gateway. In this case, 192.168.0.1 is Machine B's current default gateway; it is the gateway on Network B that provides internet connectivity ip route add 1.2.3.4/32 via 192.168.0.1 ip route replace default via 10.0.0.1
Limit ssh access with pam_access
/etc/security/access.conf
Proxycommand without nc
Host server1 Hostname 10.0.1.1 ProxyCommand ssh -q -x jumphost -W %h:22
ssh over ipv6 via 2 network interface.
ssh -6 fe80::1ec1:deff:fecb:6ce%2
ssh options
None interactive. Dont ask for password.
-o BatchMode=yes
Accept all keys.
-o StrictHostKeyChecking=no
ssh via proxy/squid
ssh -o 'ProxyCommand nc --proxy proxy.inter.net:3128 --proxy-type http %h %p' host.inter.net hostname ssh -o 'ProxyCommand nc -X connect -x proxy.inter.net:3128 %h %p' host.inter.net hostname
brow.sh
browser in terminal window.
ssh brow.sh
jail
/etc/sshd/sshd_config
Match group mychroot ChrootDirectory /jail/ X11Forwarding no AllowTcpForwarding no
sshd debug
Start deamon once in debug mode and put output to your console.
/etc/sysconfig/sshd OPTIONS="-ddd"
Kill of sshd which is listening for new connections. Start sshd with the following command. Debug level can bee changed.
/usr/sbin/sshd -De -o LogLevel=DEBUG3
ssh multiple jumps one cli
Jump through host1.net to get to host2.net
ssh -t host1.net ssh -t host2
Jump through host1.net to host2.net and bring port 8080 with you.
ssh -t host1.net -L 8080:localhost:8080 ssh -t host2.net -L 8080:localhost:8080
ssh force password login
ssh -o StrictHostKeyChecking=no -o ControlPath=none -o ControlMaster=no -o PubkeyAuthentication=no user@host
ssh via jumphost
ssh -J core@1.1.1.1 core@2.2.2.2
socks
# Setup socks server exiting on remote host ssh -D '*:3128' halfface.se # Use socks setup above. curl --socks5 localhost:3128 https://ifconfig.me
sshfs mount filesystem over ssh
sshfs name@server:/path/to/folder /path/to/mount/point
sshpass
ssh with password provided on the command line.
sshpass -p P@ssW0rd ssh -t -o ControlPath=none -o PreferredAuthentications=password -o PubkeyAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error user@localhost hostname
specify key
ssh -o "IdentitiesOnly=yes" -i <private key>
sshuttle
create a network route over ssh.
sshuttle -D -r user@remotehost:2222 192.168.1.0/24
stat
View file permissions only.
stat -c "%a %n" /usr/bin/bash Access - the last time the file was read Modify - the last time the file was modified (content has been modified) Change - the last time meta data of the file was changed (e.g. permissions)
Copy permissions from one location to another.
rpm -qlp package.rpm | while read FILE ; do echo chmod $(stat -c "%a" $FILE) \"$FILE\";done > /tmp/copy_permissions.sh
strace
File open activity.
strace -e open -f ls -la /temp/
File open activity under directory.
strace -e open -P /temp/ -f ls -la /temp/
More file activity.
strace -e trace=file -p 1234 strace -e trace=desc -p 1234
Trace network activity.
sudo strace -f -e trace=network -p 1476 # 1024 long strings. sudo strace -s 1024 -f -e trace=network -p 1476 # strace follow process with matching regex. strace -f -e poll,select,connect,recvfrom,sendto -p $(pgrep -f login-sync.xml) # trace nework activity strace -f -e trace=network -s 1000000 nc localhost 3333
Memory usage
sudo strace -f -e trace=memory -p $(pgrep -f firefox)
What is taking time
[root@util01 abjorklund]# strace -f -c -p 9657 % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 88.11 11.614155 1644 7065 1565 futex 9.94 1.310794 16183 81 73 restart_syscall 1.86 0.245018 86 2850 recvfrom 0.05 0.006784 30 228 poll 0.03 0.004006 2 1838 sendto 0.00 0.000271 1 253 sched_yield 0.00 0.000134 12 11 mmap 0.00 0.000107 0 5176 ioctl 0.00 0.000026 0 148 148 stat 0.00 0.000000 0 1 read 0.00 0.000000 0 254 write 0.00 0.000000 0 44 mprotect 0.00 0.000000 0 1 rt_sigreturn ------ ----------- ----------- --------- --------- ---------------- 100.00 13.181295 17950 1786 total
strace multiple processes
strace -s 1024 -f -o /tmp/strace $(pidof Process_name | sed 's/\([0-9]*\)/-p \1/g')
strace to hex output. Convert to utf8.
strace -xx -f -o/tmp/strace -s0 echo bajskorv cat /tmp/strace | while read -r line; do printf "%b\n" "$line" ; done
stty
List settings
stty -a speed 38400 baud; rows 50; columns 200; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany -imaxbel -iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
Set terminal properties.
stty rows 50 cols 200
sudo
Enable sudo logging
sed -i "$(( $(grep -n ^Defaults /etc/sudoers | tail -1 | awk -F: '{print $1}') + 1 ))iDefaults log_output\nDefaults log_input" /etc/sudoers
Command above adds the following to /etc/sudoers
Defaults log_output Defaults log_input
List sudo-io logs.
sudoreplay -l
Search for string in logs.
zgrep search_string $(find /var/log/sudo-io/ -type f)
Replay session. Max wait 1s. 5 times the speed.
sudoreplay -m1 -s5 000002
Replay session including stdin
sudo sudoreplay -m1 -s5 -f stdin,stdout,stderr,ttyin,ttyout 000001
Which rules apply to user
sudo -l -U username
swapon/swapof
Free swap
(swapoff -a; swapon -a) & watch free -m
sysbench
cpu test.
sysbench cpu --cpu-max-prime=20000 --threads=32 run | grep "events per second"
ram test
sysbench memory --threads=32 run | grep sec
disk test
RAM_TWO=$(( $(grep MemTotal /proc/meminfo | awk '{print $2}') * 2 ))kb sysbench fileio --file-total-size=${RAM_TWO} prepare > /dev/null sysbench fileio --file-total-size=${RAM_TWO} --file-test-mode=rndrw --time=300 --max-requests=0 run|grep -E ' read, | written, ' sysbench fileio --file-total-size=${RAM_TWO} cleanup > /dev/null
sysctl
Rename machine.
sysctl kernel.hostname=ipmonxx.${CLIENT}.ip-soft.net
Set tcp keepalive
$ sysctl -a | grep tcp_keepalive net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_keepalive_probes = 9 net.ipv4.tcp_keepalive_intvl = 75 sudo sysctl -w net.ipv4.tcp_keepalive_time=60 net.ipv4.tcp_keepalive_probes=3 net.ipv4.tcp_keepalive_intvl=10 net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl = 10
Reload config files
sysctl --system
systemctl
init 3
systemctl isolate runlevel3.target systemctl isolate multi-user.target systemctl set-default multi-user.target
init 5
systemctl isolate runlevel5.target systemctl isolate graphical.target systemctl set-default graphical.target
When you have made changes to /etc/systemd/system/*.service
systemctl daemon-reload
List all units
systemctl list-unit-files
List units with problems
systemctl list-units --failed
create service
cd /etc/systemd/system ; vim $service.service ; systemctl daemon-reload
[Unit] Description=Set laptop brightness After=multi-user.target [Service] Type=forking ExecStart=/bin/sh -c 'echo 1000 > /sys/class/backlight/intel_backlight/brightness' LimitNOFILE=65535 LimitNPROC=65535 [Install] WantedBy=default.target
Add groups to processes started by services script
[Service] SupplementaryGroups=33 518
takes a long time to login
systemctl daemon-reexec systemctl restart systemd-logind
strace process started by systemctl
strace -f -o /tmp/strace.log -s 2048 -p 1 & systemctl restart httpd.service
systemctl show puma
Show variables of service
systemctl show puma
systemd-analyze
What takes time at startup.
systemd-analyze plot > /tmp/systemd-analyze-plot.svg ; chrome /tmp/systemd-analyze-plot.svg
systemd-resolved
resolvectl status
clear cache.
sudo systemd-resolve --flush-caches
Look at stats.
systemd-resolve --statistics
restart daemon to apply settings
systemctl daemon-reload systemctl restart systemd-networkd systemctl restart systemd-resolved
systemctl show
will show all available properties
systemctl show $service
tail
Tail from line number 21.
tail -n +21 /file
talk
Talks swedish.
espeak -v swedish -f /tmp/file
tar
Make a backup of a directory or disk.
server: tar -cpsf - $dir | pv -b | nc -l 3333 client: nc server 3333 | pv -b | tar -xpst -
Inline tar archive.
awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' $0 tail -n $0 > archive.tar # tail -n +347 Filename
Backup dir but exclude files within
tar zcf /tmp/backup_$(date '+%Y-%m-%d_%H-%M-%S').tar.gz /apps/app --exclude=/apps/app/var/* --exclude=/apps/app/logs/*
extract files remove 5 path element components.
tar xf archive.tar --strip-components 5
extract to other directory.
tar -xzf bar.tar.gz -C foo
extract files excluding path.
tar xf $file.tar.gz --transform='s/.*\///'
tcpdump
dump trafic information, -e Print the link-level header on each dump line, -vvv verbose.
tcpdump -e -vvv port 21
dump all trafic to and from machine. -w write to file, -s0 size of package, host to listen from.
time tcpdump -w ssl_dump -s0 host test.x30.webservices.itsfogo.com
dump all trafic into files of max 100MB. 270MB in reality.
tcpdump -w snoop -s0 -C 100000000
dump all trafic. compress logfiles. Create 10 files which are 10 MB big. Dont convert numbers to names. Dont truncate frames create logfile with this name.
tcpdump -z gzip -i wlan0 -C 10 -W 10 -n -s0 -w /tmp/tcpdump.log
Which machines send a syn packet.
sudo tcpdump -nn -i eth0 'tcp[13] = 2'
Show information about all traffic on interface.
tcpdump -s0 -i eth1 -vv
Show information about communication over port 514
tcpdump -Xni any port 514
listen on port 1023 for incoming trafic. disable local subnets.
sudo tcpdump -n -i eth0 tcp and dst host 172.17.17.6 and not src net 172.17.17.0/24 and not src net 158.0.0.0/8 and 'port 1023'
listen after torrent traffic.
sudo tcpdump -Xni any portrange 6882-6999
View content of http trafic
sudo tcpdump -i any -A -s 1500 dst 89.253.75.84 and port 80
View post in utf-8 format.
sudo tcpdump -lnp -i any -A -s 1500 dst 89.253.75.84 and port 80 -w - | tr -t '[^[:print:]]' ''
Get cookie
tcpdump -i lo -A -l dst port 8000 | grep "^Cookie: " To create cookie for curl: https://xiix.wordpress.com/2006/03/23/mozillafirefox-cookie-format/
Look at traffic from specific ip
tcpdump -n -i any -n host 198.18.130.9
Eavesdrop password
tcpdump -i any -A -s0 port 8030 | grep Authorization:
flags
tcpdump -enni eth0 host 172.30.142.11 port 5432
F - FIN S - SYN R - RST P - PSH U - URG E - ECN Echo W - ECN Cwnd Reduced . - ACK only
get ftp username/password
sudo tcpdump -n -vvv -i any -A -f "port 21" | grep -i "user\|pass"
tcptraceroute
tcptraceroute -n -q 1 192.168.0.1 -p 22
teamdctl
teamdctl team0 state view -v
tee
Feed tee with an unbuffered stream.
sar -n DEV 2 | stdbuf -oL grep wlp0s20f3 | tee /temp/sar_-n_wlp0s20f3.$(date)
telnet
Look at world map. a - z zoom.
telnet mapscii.me
testssl
test ssl certificate
testssl www.halfface.se
tftp
# Download test.file tftp -v 172.17.17.6 -c get test.file # Upload file. tftp -v 172.17.17.6 -c put /tmp/test.put test.put # Enable upload file in in.tftpd /etc/xinetd.d/tftp server_args = -c -s /var/lib/tftpboot
tibco
show permissions.
help permissions
Create user
create user surveillance "Surveillance user" password=surveillance
Grant user permission to view all
grant admin user=surveillance view-all
tif
cli image viewer.
tif $IMAGE.jpg
time
Time in a loop.
{ time sleep 2 >> ${LOG} ; } 2>> ${LOG}
How long did a command take
TIME=$( { /usr/bin/time -f "%e" sleep 1.5 ;} 2>&1 ) ; echo $TIME
Built in time command. 3 decimals in seconds.
TIMEFORMAT='%3R'; time ( sleep 61.22222 )
timedatectl
Show info how clock is synced.
timedatectl timesync-status
Which time zones exist
timedatectl list-timezones | egrep -o "America/N.*"
Set timezone.
timedatectl set-timezone "Asia/Kolkata"
timeout
limit waiting for a period.
timeout 2s sleep 100
Run function under timeout
export -f my_function ; timeout 1 bash -c 'my_function options'
Run loop for some time then exit.
timeout 172800 bash -c -- 'while true ; do echo $(TZ=UTC date "+%Y-%m-%d %H:%M:%S %Z") $(ping -w1 -q -c1 -i10 192.168.10.120 | grep received) ; sleep 1 ; done| tee /tmp/ping_192.168.10.120.log'
tnef
List content of winmail.dat. Remove options to extract to current dir.
tnef -t -f winmail.dat
toilet
Generate graphics text similar to banner.
toilet -F gay -f mono12 "Some Funky Text"
tor
Select outgoing country. https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 Set country in:
torrc
One or several exit countries.
ExitNodes {us} ExitNodes {kr},{ru},{sy},{cn}
test exit node
ifconfig.me
top(the command)
Top batch mode run one iteration
top -bn1
Sort by memory usage
for i in {1..10};do date; top -c -b -o +%MEM | head -n 17|tail -11;sleep 5;done
Top used in openshift.
top -bcn1 -w512 | less -ISRM
top derivates
apachetop dnstop iftop latencytop glances
touch
touch -am 0910120003 Give a new access time on a file 0910120003MMDDhhmmyy
linux
touch -t 197102162324 *
tput
No line wraps
tput rmam
Line wraps
tput smam
invisible cursor
tput civis
visible cursor
tput cnorm
reset is a good command to reset shell
reset
tr
translate capital to lower letter.
tr '[:upper:]' '[:lower:]'
null character to new line
tr '\000' '\n' < /proc/3575/environ
Remove unprintable characters.
tr -dc '[[:print:]]'
trickle
Speed limit for download
rsync -ae "trickle -d 80 ssh" user@host:/src/ /dst/
Speed limit for upload.
rsync -ae "trickle -u 80 ssh" user@host:/src/ /dst/
Limit wget to 64kbit upload and download.
trickle -d 64 -u 64 wget "https://www.halfface.se/file.txt"
ts
timestamp
ls -la | ts '%F %H:%M:%S'
tune2fs(tunefs)
tune2fs -m 0 /dev/sdb1
type
What kind of command do we use. builtin or some file?
type ls
udevadm
Monitor udev events.
udevadm monitor
udevadm info --query=all --name=sda
look at values for disk. Can be used to locate san source.
udr
rsync over udp.
udr -a 57621 -b 57631 rsync -rP host.inter.net:/source/ /destination/
ulimt
Look at current limits for logged in user.
ulimit -a
Look at limits for process with pid 12345.
cat /proc/12345/limits
unalias
Unalias all aliases
unalias -a
unhide
Find hidden ports.
unhide -v proc
unetbootin
Boot iso image from usb memory.
upower
# Powerstatus of the system. battery charge. upower --dump
uptime
Uptime in seconds.
awk -F . '{print $1}' /proc/uptime
urldecode/urlencode
Encode
perl -pe's/([^-_.~A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg' jq -sRr @uri
Decode
perl -pe 's/%([0-9a-f]{2})/sprintf("%s", pack("H2",$1))/eig' jq -r @uri
useradd
useradd --uid 666 --gid 666 --comment 'devil' devil && echo 'devil:VerySecretPassword' | chpasswd
v4l2
Video player
qv4l2
List available formatats and resolutions.
v4l2-ctl --list-formats-ext
List available formats
v4l2-ctl --list-formats
Set camera to h264
v4l2-ctl --set-fmt-video=width=800,height=448,pixelformat=1
Set framerate.
v4l2-ctl --set-parm=30
List video parameters
v4l2-ctl --get-fmt-video
List video output
v4l2-ctl --all
Disable autofocus
v4l2-ctl --verbose --set-ctrl=focus_auto=0 v4l2-ctl --verbose --set-ctrl=focus_absolute=0
version of linux
cat /etc/os-release
vi
:set ignorecase :set list show all keys. :set nolist show their representative.
wipefs
Wipe removes information about file system without removing actual data.
wipefs -a /dev/sdc
vmstat
top over time.
vmstat -n 5
Description:
r=procs waiting for cpu time. b=procs in sleep mode. swpd=virtual memory in use in swap. free=memory free. buff=memory used by buffers cache=memory used as cache. si=swap in. so=swap out. bi=io block in. bo=io block out. in=interups cs=contex switching. us=cpu user space sy=cpu system usage to serve. id=cpu idle wa=cpu waiting for input output. iowait. st=cpu time stolen from a virtual machine
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 2 1 814984 167992 26820 999460 0 0 1 0 2467 5088 2 2 95 1 0 0 0 814984 168100 26820 999540 0 0 2 150 2467 5026 1 2 97 0 0
w3m(elinks)
curl -s https://google.com | w3m -T text/html -dump
wget
wget -r -nH -np --cut-dirs=1 --no-check-certificate -U Mozilla --user={uname} --password={pwd} https://my-host/my-webdav-dir/my-dir-in-webdav
wget to standard output.
wget --no-check-certificate -S -O- http://inter.net
Special heather
wget 'http://halfface.se' --header='Cookie: has_js=1'
Mirror
wget 'https://halfface.se/test' -r -l 3 --convert-links -o log --html-extension
whois
# When does a domain expire. whois -h whois.iana.org sivberg.se # which ipranges does an ipaddress belong too. In this case looking at google. whois -h whois.radb.net -- "-i origin $(whois -s -h whois.radb.net 172.217.26.68 | grep ^origin | awk '{print $2}' | tail -1)" | grep ^route | awk '{print $2}' # Who to find address range for site. host www.facebook.com whois 157.240.194.35 | grep CIDR
wireshark
find packet packet details string
ssl decryption
export SSLKEYLOGFILE=/tmp/sslkeylog ; curl -sv -d "blablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablabla" https://www.halfface.se wireshark. Edit - Preferences - Protocols - TLS - (Pre) -master-Secret log file.
tshark
cli version
tshark -V -r $dump.pcap
wlr-randr
Change dpi in wayland.
wlr-randr --output eDP-1 --scale 2
wodim
Burning disks.
wodim -scanbus # Scan scsi bus for burners. wodim --devices # Discover basic information. wodim -checkdrive # Information about burner. wodim -tao speed=0 dev=/dev/sr0 -v -data /temp/files/ # Burn disk containing structure from /temp/files/ wodim -eject -tao speed=0 dev=/dev/scd0 -v -data /my/directory/image.iso # Burn image to disc.
write
Send message to someone via tty.
who | grep user
write message end with CTRL + d
write abjorklund pts/2
xargs
locate case insensetive, regular expression. xargs string to replace imput. Print output to standard error.
locate -ir ".*\.crt$" | xargs -I '{}' -t cp {} /temp/ssl/
Do something on everything from standard input.
ls -la | xargs -i% echo '# beginning #' % '# end of line #'
split several lines into groups.
for i in {00..99} ; do echo $i, ; done | xargs -L 20
xdotool
When you have to move your mouse but you dont want to push it.
xdotool mousemove_relative -- -1 -1 xdotool mousemove_relative 1 1
Send ab to window.
xdotool search --onlyvisible --name freerdp key a key b
xfs
xfs_repair -L /dev/mapper/vg00-root
xinput
# List xinputs. xinput list # List properties. xinput list-props "Logitech Unifying Device. Wireless PID:400e" # Middle button emulation. xinput set-prop "Logitech Unifying Device. Wireless PID:400e" "Evdev Middle Button Emulation" 1 xinput set-prop 12 "libinput Middle Emulation Enabled" 1
xkill
Kill xorg process with id 0xb6ffa0
xkill -id 0xb6ffa0
List x applictions
xwininfo
Get recursive list of x applications.
xwininfo -root -tree
xmllint
prettify xml
xmllint --format -
xset
Disable screen saver
xset -dpms ; xset s noblank ;xset s off
Disable repeat
xset r off
Enable repeat
xset r on
xxd
Hex to binary
xxd -r -p hex.txt output.bin
Hex to binary in pipe
echo "$HEX" | xxd -r -p -
yq
Download and make executable.
sudo curl -skL https://github.com/mikefarah/yq/releases/download/v4.32.2/yq_linux_amd64 -o /usr/local/bin/yq ; sudo chmod 755 /usr/local/bin/yq
Select specific values.
oc get mcp worker -o yaml | yq '.spec.configuration.source.[].name'
Delete specific values.
oc get catalogsources -n openshift-marketplace -o yaml | yq 'del(.items.[].status)'
Convert json to yaml.
yq -p json -o yaml
Convert yaml to json
yq -o=json cm_result.yaml
Get packages from ansible playbook.
yq '.[] | select(.name == "Install packages.") | ."ansible.builtin.dnf".name[]' ~/git/halfface_ansible/roles/toolbox/tasks/main.yml | xargs
yum
download src rpm
yumdownloader --source net-snmp
Reinstall default repos.
yum reinstall yum-conf-sl6x-1-2
This will give you a directory with all rpm:s that are required to install rpm.
PKG=openssh-server ; yum install --downloadonly --installroot=/tmp/$PKG-installroot --releasever=6 --downloaddir=/tmp/$PKG $PKG
broken repos
yum install bareos-client --disablerepo=* --enablerepo=bareos
search for different versions
yum --showduplicates search percona-xtrabackup
Add repos to centos 6
curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo curl https://www.getpagespeed.com/files/centos6-epel-eol.repo --output /etc/yum.repos.d/epel.repo
fix yum in Centos 7, 8
sed -i 's%^enabled=.%enabled=0%' /etc/yum/pluginconf.d/subscription-manager.conf sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/* sed -i 's%^#baseurl=http://mirror.centos.org%baseurl=http://vault.centos.org%g' /etc/yum.repos.d/*
zip
Zip directory exclude files .svn directory.
zip -r /temp/ssl.zip . -x ".svn/*"
List contents of zip archive.
unzip -l archive.zip
Unzip single file
unzip file.zip file/you/want/to/extract/the_file.txt
unzip excluding path.
unzip -j file.zip
zdump
View information from timezone tz.
zdump -v /etc/localtime
Change timezone on host
ln -sfT ../usr/share/zoneinfo/Europe/Stockholm localtime
zfs
Get sync
zfs get sync datapool/netstorage/dog/prod NAME PROPERTY VALUE SOURCE datapool/netstorage/dog/prod sync standard default
set sync
zfs set sync=disabled datapool/netstorage/dog/prod
List snapshots(can take time)
zfs list -t snapshot
List snapshots for one mount point.
zfs list -r -t snapshot -o name,creation datapool/netstorage/bro/prod
Displays the detailed health status
zpool status
List datasets
zfs list
Create dataset
zfs create datapool/netstorage/media
zdb
display zpool debugging and consistency information
zdb -d dataset
zpool list
Lists the given pools along with a health status and space usage.
iostat
Get iostat with values since last second.
zpool iostat are -y 1 -l