ip: 100.28.231.85 DKs blog - Linux administration

DK's Blog

Linux administration

Frequently used examples to administer linux box (ubuntu)

#write SNMPv1 request to some IP/pass
snmpwalk -v 1 -c public 192.168.2.3  | less

 

#how to fetch network configuration for MRTG for localhost SNMP username public
cfgmaker public@localhost > /etc/mrtg.cfg

 

#how to fetch CPU usage from SNMPv1
snmpwalk -v 1 192.168.1.3 -c Comunity .1.3.6.1.2.1.25.3.3.1.2

 

#how to install apt-show-versions
apt-get install apt-show-versions

 

#how to show all packets installed
apt-show-versions
dpkg --get-selections

 

#how to install perl packet (modules)
perl -MCPAN -e shell
 cpan> install HTML::Template

 

#how to redirect stderr to stdout
prg  2>&1

 

#ubuntu how to upgrade from command line
apt-get update
apt-get upgrade
apt-get dist-upgrade
do-release-upgrade

 

#ubuntu how to distribution upgrade
do-release-upgrade

 

#how to make a image of a hard disk
dd if=/dev/sda | gzip > /path/to/image.gz
#if U have multiprocessor system use this (I usually renice them)
dd if=/dev/sda | pbzip2 -c9 > /path/to/image.bzip2

 

#how to restore hard drive from image (if disk is /dev/sda)
gzip -dc /path/to/image.gz | dd of=/dev/sda
#if U have multiprocessor system use this
pbzip2 -dc /path/to/image.gz | dd of=/dev/sda

 

#how to backup MBR
dd if=/dev/sda of=/path/to/image count=1 bs=512

 

#how to restore MBR
dd if=/path/to/image of=/dev/sda

 

#how to test hard disk speed
hdparm -tT /dev/sda1

 

#monitor linux status from command line, programs that I use frequently

dstat
htop
iotop
nmon
iptraf

 

#how to force disk check after next reboot in root of that partition create forcefsck file, this example is for root partiotion

touch /forcefsck

 

#example of how to change scheduling  priority of  running processes
#number 19 means make priority lower (1 .. 20), if number is negative  (-1 .. -19) priority is elevated,  13245 is ProccessID (PID)

renice 19 13245

 


How to "howto" setup MS SQL Server test for NAGIOS3 on ubuntu linux

1. if you install nagios3 you also install PHP which will be used to contact MSSQL database
2. if not install first install support for MS SQL Server in PHP:

  sudo apt-get install php5-sybase

3. also make sure that php cli is installed:

  sudo apt-get install php5-cli

4. I suggest creatting account on MSSQL server for nagios something like this:

  user: nagios password: somepassword

create script for testing MS SQL Server check_mssql.php:

#!/usr/bin/php
error_reporting(E_ERROR | E_PARSE);

if ($argc != 2) {
    echo("ERROR - 1 argument must be sent host/IP");
    exit(3);
}

//printf("broj argc: $argc " . $argv[1] . "\n");

$host = $argv[1];

// Connect to the database (host, username, password)
$con = mssql_connect($host,'nagios','somepassword') ;
if (!$con){
    echo("CRITICAL - Could not connect to the server $host\n");
    exit(2);
}

// Select a database:
if (!mssql_select_db('master')) { 
    echo ("CRITICAL - Could not select a database master\n");
    exit(1);
}
    
// Example query: (TOP 10 equal LIMIT 0,10 in MySQL)
$SQL  =  "SELECT  convert(varchar(128), SERVERPROPERTY('ServerName')) servername, ";
$SQL .= " convert(varchar(128), SERVERPROPERTY('productversion')) productversion, ";
$SQL .= " convert(varchar(128),SERVERPROPERTY ('productlevel')) productlevel, ";
$SQL .= " convert(varchar(128), SERVERPROPERTY ('edition')) edition";
 
// Execute query:
$result = mssql_query($SQL);
if (!$result) {
    echo ("WARNING - SQL error: " . mysql_error() ."\n");
    exit(1);
}
   
// Get result count:
$count = mssql_num_rows($result);
 
// Fetch rows:
while ($Row = mssql_fetch_assoc($result)) {
    print "OK - ". $Row["servername"] . " - " . $Row["productversion"] . " - " . $Row["productlevel"$
}
 
mssql_close($con);
exit(0);

 

and copy it to plugins directory:
/usr/lib/nagios/plugins

edit /etc/nagios3/commands.cfg

# 'check-mssql' command definition
define command{
  command_name check-mssql
  command_line /usr/bin/php -f /usr/lib/nagios/plugins/check_mssql.php $HOSTADDRESS$
}

now edit /etc/nagios3/conf.d/services_nagios2.cfg:

# check mssql
define service
  hostgroup_name mssql-servers
  service_description MSSQL
  check_command check-mssql
  use generic-service
  notification_interval 0 ; set > 0 if you want to be renotified
}

add hostgroup mssql-servers with servers thath yout want to check in /etc/nagios3/conf.d/hostgroups_nagios2.cfg:

define hostgroup {
  hostgroup_name mssql-servers
  alias MSSQL servers
  members MSSQLServer1
}

MSSQLServer1 must be defined in /etc/nagios3/conf.d/hosts.cfg:  

define host{
  use generic-host
  host_name MSSQLServer1
  alias MSSQLServer1
  address 192.168.1.1
  check_command check-host-alive
  max_check_attempts 30
  notification_interval 120
  notification_period 24x7
  notification_options d,u,r
}

Increase NIC Transmit Queue Length (txqueuelen)

ifconfig eth0 txqueuelen 10000


 

Permanent increase - add in /etc/rc.local

/sbin/ifconfig eth0 txqueuelen 10000

 


Increase NIC Receiving Queue Length (if there is too many droped packets this will help)

echo 10000 > /proc/sys/net/core/netdev_max_backlog

Permanent increase - add in /etc/sysctl.conf

net.core.netdev_max_backlog = 10000

 


Show SSL information using openssl

openssl s_client -connect ssl.domain.com:443

 


OpenVAS - start example

 

apt-get update
apt-get install openvas
openvas-mkcert-client -n om -i
openvasmd --rebuild
openvasad -c 'add_user' -n openvasadmin -r UserName
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392
use browser http://127.0.0.1:9392/

 


Example of setting MRTG to read Hard disk (HDD) temperature

First create script mrtg-hddtemp.sh

put this code in script and save script (in my example /usr/local/etc/mrtg-hddtemp.sh):

#!/bin/sh

## mrtg-hddtemp.sh

PATH=/bin:/usr/bin:/usr/sbin
DISK='/dev/sda'

R=`hddtemp --numeric ${DISK}`
UP=`uptime | sed 's/\([^,]*\).*/\1/'`
echo $R
echo $R
echo $UP
echo "HDD temperature"

 

hddtemp must be installed (in ubuntu something like apt-get install hddtemp)
fix script (/dev/sda) with your HDD
add this code to mrtg.cfg

 

Target[local_hddtemp]: `/usr/local/etc/mrtg-hddtemp.sh`
Options[local_hddtemp]: nopercent,gauge,noinfo,nobanner,noi,nolegend,growright
Title[local_hddtemp]: HDD temperature
PageTop[local_hddtemp]: HDD temperature
MaxBytes[local_hddtemp]: 100000
YLegend[local_hddtemp]: Degrees
ShortLegend[local_hddtemp]:
LegendO[local_hddtemp]: Cent:
Legend2[local_hddtemp]: HDD temperature
WithPeak[local_hddtemp]: wmy
Legend4[local_hddtemp]: Max HDD temperature

 


WordPress, show all errors not white screen of death, add this to wp-config.php

 

define(‘WP_DEBUG’, true);
@ini_set(‘log_errors’,'On’);
@ini_set(‘display_errors’,'On’);
@ini_set(‘error_log’,'/home/yourdefinedpath/phperrors.log’);

How to synchronize directory rsync

synchronize directories (if deleted on source delete on destination)

rsync -avz --delete-after /src/dir/ /dst/dir/

 


How to set static IP address with static DNS servers in /etc/network/interfaces

 

auto eth0 
  iface eth0 inet static  
  address 192.168.2.2  
  gateway 192.168.2.1
  network 192.168.2.0  
  broadcast 192.168.2.255
  dns-nameservers 192.168.2.1 8.8.8.8

 

 


Bandwidth throttling (using tc)

tc qdisc del dev br0 root

tc qdisc add dev br0 root handle 1: htb default 30
tc class add dev br0 parent 1: classid 1:1 htb rate 1mbit
tc class add dev br0 parent 1: classid 1:2 htb rate 512kbit
tc filter add dev br0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.11.128/26 flowid 1:1
tc filter add dev br0  protocol ip parent 1:0 prio 1 u32 match ip src 192.168.11.128/26 flowid 1:2
 

How to test your site for slow http (slowloris) attack

 

slowhttptest -c 4000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://www.MyWebToTest,com/ -p 5 -l 350

 


How to change chmod for directory only for selected dir and sub dirs

find /path/to/wherever -type d -exec chmod 775 {} \;
find /path/to/wherever -type f -exec chmod 644 {} \;

 


How to see which file have highest IO

pt-ioprofile -cell sizes

 


How to see all Active Directory (AD) users and group from linux 

getent passwd {0..65535}
getent group {0..65535}

 


How to list all computer from domain (in my case damir.globldizajn.hr) and DomainControler is dc1.damir.globaldizajn.hr

 
ldapsearch -LLL -H ldap://dc1.damir.globaldizajn.hr -x -D 'DAMIR\administrator' -w 'pass' -b 'dc=damir,dc=globaldizajn,dc=hr' 'objectClass=computer' name

 


How to list all users and groups in connected active directory

wbinfo -u
wbinfo -g

 


Convert SSL from PFX to pem/key format

openssl pkcs12 -nodes -in certificate.pfx -nocerts -out privatekey.pem
openssl pkcs12 -nodes -in certificate.pfx -nokeys -out publickey.pem

 


How to add control panel in linux screen command with usefull info

.screenrc show which screen / hostname / date time / load everage

 

cat << EOL > ~/.screenrc

term xterm

# status line at the bottom
hardstatus on
hardstatus alwayslastline
hardstatus string "${-}%{.0c}%-w%{.y0}%f%n %t%{-}%+w %=%{..G}[%H] %{..Y} %D %M %d, %Y %c | Load: %l"
caption splitonly "%{.yK}%3n t"
caption string "%{.c0}%3n %t"

vbell off

# Fix fullscreen programs
altscreen on

# scrollback dodavanje
defscrollback 10000
# skrolanje ide s pageUp/pageDown ili kursori
# izlaz ESC

# Ctrl-a i pokaze trenutni buffer settings

EOL

 


Change some special character from all filenames recursive

If you have filename like this:

my file '$'\350'',txt -> my file č.txt

 

find /var/ftp/myftpdir/www/files/ -type f -exec rename -n 's/'$'\\350''/č/g' * \;

 


How to see your NTP servers and time deviation

 

chronyc sources

 


How to customize nano editor shortcuts

add this in the end of /etc/nanorc

# for nano 2 "copytext"
bind ^c copytext main
# for nano 4 "copy"
bind ^x cut main
# "uncat" for nano 2 only
bind ^v uncut main
bind ^z undo main
bind ^y redo main
bind ^f whereis main
bind F3 findnext main
bind ^h replace main
bind ^s savefile main
bind ^T verbatim main
bind ^G gotoline main

set tabsize 4
set linenumbers


 


How to set free SSL on ubuntu (18.04)

first install needed packages

add-apt-repository ppa:certbot/certbot

apt install certbot

apt install python-certbot-apache

request new certificate

certbot --apache -d domain.hr -d www.domain.hr

 


How to test why VPN sometimes freezes or stop working

First you need to know IP of VPN you are connected to (lets say it's 8.8.8.8)

Second test all hops to VPN for congestion

pathping 8.8.8.8

All hops need to be 0/100 = 0% otherwise there is problem in link between you and your VPN 

 

 


How to see which IP does DoS on my SMTPd

Log is in /var/log/mail.log, and I search for "SASL LOGIN authentication failed" and count nuber of attempts

grep "SASL LOGIN authentication failed" /var/log/mail.log | sed -E 's/.*\[(.*)\].*/\1/g' | sort | uniq -c | sed -E 's/([0-9])( )([0-9])/\1#\3/g' | sed -E 's/ /0/g' | sed -E 's/#/ /' | sort

 


How to filter unique domain name from nginx file containing list of URLs

In my example there is URL on 11 row in file

awk '{print $11}'  access.log | grep -oP 'http.*:\/\/[^/]+' | sort | uniq |less

 


How to extract all IP addresses from text file

 

grep -oP "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" myFile.txt | sort | uniq

 


Clear all iptable rules and set default mode to open

 

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
 
iptables -F
 
iptables -X
 
iptables -Z 
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables iptables -t raw -F
iptables -t raw -X

 


How to redirect all to output

 

application &> file.txt

 


How to remove mail from postfix mailq based on email address

display mailq

mailq

 

remove mail from queue

mailq | tail +2 | awk 'BEGIN { RS = "" } / test\.test@test\.com$/ { print $1 }' | tr -d '*!' | postsuper -d -

 


How to test zabbix agent from zabbix server

 

zabbix_get -s 192.168.1.4 -k "net.out"

 


How to list all network adapters iz zabbix

 

zabbix_get -s myserver.mydomain.com -k net.if.discovery

 


How to scan linux system with clamAV

 

clamscan -ro --exclude-dir="(/proc/|/dev/|/sys/)" /

 


How to set IP address with ip command

 

ip addr add 192.168.2.2/24 dev eth0
ip link set eth0 up
ip route add default via 192.168.2.1 dev eth0

How to add linux box in existing Active Directory

 

#test login to AD
kinit administrator
#see ticket
klist

 

 

@2016