# How to get CTRL-ALT-DEL screen up on a virtual desktop, to change password (windows tip)
Create a short cut that runs the following:
C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
# To view a certificate using OpenSSL, you use
openssl x509 -in certificate.crt -text -noout
# change/fix permissions to for folder and files, so owner has full access and group has read access
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 644 {} \;
# Clean up / santanise log files
find ./logs -type f -name "*" -print -exec sed -i 's/PBI..-...-PN./SERVER/g' {} \; -exec sed -i 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/xxx.xxx.xxx.xxx/g' {} \; -exec sed -i 's/local.domain/domain.name.au/g' {} \; -exec sed -i 's/pidm......\..../username/g' {} \;
# Find files older than a specified time (mtime) and REMOVE them - suggest running command without -exec rm {} \; option first to check what files are found.
find . -type f -mtime +30 -name '*.aud' -exec rm {} \;
find . -type f -mtime +30 -exec rm {} \;
find . -type f -mtime +7 -exec rm {} \;
# find gzipped logs older than three days and DELETE them
find /opt/bis/log -type f -mtime +3 -name "*.gz" -exec rm {} \;
# Find and gzip old log files
find . -type f -name "wms-cli-2024*.log" -mtime +180 -exec gzip {} \;
# MOVE files of a certain type into an gzipped tar file (moves all pss.logs.xxx files to a pss.tar.gz file )
tar --create --gzip --verbose --remove-files --file=pss.tar.gz pss.logs.*
# Find files older than 7 days, type is file, mtime 7 days, name condition, rm to REMOVE
find /tmp -type f -mtime +7 -name "1*" -exec rm {} \;
find . -type f -mtime +7 -exec rm {} \;
# Other find options,
Use the -mount to NOT descend into directories on other filesystems.
find / -mount -name "*.txt"
Do not decend into automount filesystems
find / -xautofs -name "*.txt"
# Resize a logical volume (adds 2gb and resizes filesystem to suit)
lvextend --resizefs --size +2G /dev/mapper/rootvg-configlv
lvextend --resizefs --size +2G /dev/mapper/rootvg-rootlv
Adding a disk and space to a server
# Set IP address using NMCLI
nmcli con mod ens3f1 ipv4.method manual ipv4.addres XXX.XXX.XXX.XXX/24
nmcli con mod ens3f1 ipv4.gateway XXX.XXX.XXX.1
nmcli con mod ens3f1 dns-search domain.name
nmcli con mod ens3f1 dns "XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX"
nmcli con mod ens3f1 connection.autoconnect yes
nmcli con up ens3f1
# Filtering in top command
press O
then
type COMMAND=splunk
press ENTER
# Grep a file and remove comments and blank lines
cat dovecot.conf | grep -v ^# | grep -v ^$
# Adding a rich firewall rule(s) - if firewall is not running, use firewall-offline-cmd
firewall-cmd --add-rich-rule='rule family="ipv4" source address="XXX.XXX.XXX.XXX" accept' --perm
# Add/allow a port/service to the firewall
firewall-cmd --add-port 25/tcp --perm
firewall-cmd --add-service ssh --perm
# After adding a rich rule, port or service the firewall needs to be reloaded for the changes to take effect
firewall-cmd --reload
# To see if Firewall Loggin (of denied messages) is enabled
sudo firewall-cmd --get-log-denied
# List all rules in the current zone
firewall-cmd --list-all
# Redirecting output
command 2>&1 /dev/null
or
command 1> /dev/null 2> /dev/null
or
command > /dev/null 2>&1
# REMOVE old log files
find /opt/app/log -type f -mtime +7 -name "*2023*" -exec rm {} \;
# Extract rpm file
rpm2cpio | cpio -idmv
# Using a for loop to repeat a command
for i in{1..5}; do COMMAND; done
# A more useful prompt
PS1="[\u@\h:\w]\\$ "
PS1="\e[0;31m\u\e[m@\e[0;36m\h\e[m \w\$ "
# Useful aliases to add to .bash_profile
alias dush='du -sh *'
alias tom='sudo -i -u tom'
# Fix slow login (when using local credentials )
- vi /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
- service restart sshd
# Fix mRemote / puTTY to close window when disconnected.
You need to change the putty options under tools->options->advanced.
Relevant options are setting Session->"Close window on exit" to Always,
enabling Connection->"Enable TCP keepalives" and setting
Connection->"Seconds between keepalives" to more than 0.
Remember to save the PuttyNG settings as "Default Settings" in Session->"Saved Sessions"
# 'zip' a bunch of files into the one tar file, and remove the files as they are being archieved.
tar cvf wfmcl-2023-11.tar wfmcl-2023-11-*.log --remove-files
# Searching for a string in multiple log files in specific folders
grep -r "string to search for " FOLDER1/*.log FOLDER2/*.log FOLDER3/*.log FOLDER4/*.log
# List all available versions of a package (i.e. jfrog)
dnf list all jfrog-artifactory-pro --showduplicates
jfrog-artifactory-pro.x86_64 7.90.7-79007900
jfrog-artifactory-pro.x86_64 7.90.8-79008900
jfrog-artifactory-pro.x86_64 7.90.9-79009900
jfrog-artifactory-pro.x86_64 7.90.10-79010900
# install specific version of a package
dnf install jfrog-artifactory-pro-7.90.7
# mounting cifs shares in Linux
mount -t cifs -o username=,password= //WIN_PC_IP/ /mnt
mount -t cifs -o username=,password=,domain=example.com //WIN_PC_IP/ /mnt # if domain name is required
mount -t cifs -o username=,password=,dir_mode=0755,file_mode=0755 //WIN_PC_IP/ /mnt # if you want to specific permissions on mounted folder
if using /etc/fstab
//WIN_PC_IP/ / cifs _netdev,username=,password=,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0
//WIN_PC_IP/ / cifs _netdev,credentials=/root/.credfile,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0 # storing credentials in seperate file
/root/.credfile
username=
password=
domain=
# switching RHEL boot mode
To temporarily switch from GUI to CLI: systemctl isolate multi-user.target
To temporarily switch from CLI to GUI: systemctl isolate graphical.target
To make the change permanent: systemctl set-default multi-user.target
# How to determine what version of Apache Tomcat is running
/usr/share/java/tomcat> java -cp catalina.jar org.apache.catalina.util.ServerInfo
# Extra characters on file permissions
+ (plus) suffix indicates an access control list that can control additional permissions.
. (dot) suffix indicates an SELinux context is present. Details may be listed with the command ls -Z.
@ suffix indicates extended file attributes are present.
# Run any one of the following command on Linux to see open ports:
$ sudo lsof -i -P -n | grep LISTEN
$ sudo netstat -tulpn | grep LISTEN
$ sudo ss -tulpn | grep LISTEN
$ sudo lsof -i:22 ## see a specific port such as 22 ##
$ sudo nmap -sTU -O IP-address-Here
#Show history data and time (in readable format)
$ HISTTIMEFORMAT="%d/%m/%y %T "
# Give user permission to use specific app as root (using sudo)
add this line to the main sudo file using visudo or to a new file in /etc/sudoers.d
This allows a user called db2plugin to only run vi and not specify a password
db2plugin ALL=NOPASSWD: !ALL, /usr/bin/vi
#To stop getting messages about users attempting to sudo
Add the following line(s) to /etc/sudoers ( by using visudo )
# Turn off sending mail to root if user tries to su ( it will still be logged and then sent to Splunk)
Defaults !mail_no_user
# Short cut script to ssh to server and immediately su to root
echo "--- Connecting to Server01 ---"
echo "--- running sudo ----"
ssh -t user_mgt@server01 "sudo -i"
# Journalctl notes
# display last 10 and list 20 entries
journalctl -n
journalctl -n 20
# follow log
journalctl -f
# using time ranges
journalctl --since "2015-01-10 17:15:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"
# filters
# by unit
journalctl -u nginx.service
journalctl -u nginx.service --since today
# by PID
journalctl _PID=8088
# where 33 is the UID of the user/process owner
journalctl _UID=33 --since today
# by error level
journalctl -p err -b
# by identifier ???
journalctl -t setroubleshoot --since=today
# Script to check web site log folder sizes
#!/bin/bash
echo "######### CHECKING /srv/www ##########"
for folder in $(find /srv/www -type d -name "logs"); do
# echo $folder
du -sh $folder
done
echo " "
echo "######### CHECKING /opt/CA/webagent/log ###########"
du -sh /opt/CA/webagent/log
#
# Ping all usable IP addresses in the 10.1.2.0/24 subnet
#!/bin/bash
for i in {1..254}; do
ip="10.1.2.$i"
if ping -c 1 -W 1 "$ip" > /dev/null 2>&1; then
echo "$ip is reachable"
else
echo "$ip is unreachable"
fi
done