mkdocs-benoit.jp.net/docs/Howtos/HowtoSysadmin.md

236 lines
7.2 KiB
Markdown
Raw Normal View History

2020-12-03 01:23:27 +00:00
Get Github or Gitlab user key:
2021-02-20 06:06:15 +00:00
```console
$ curl https://github.com/<username>.keys
$ curl https://gitlab.com/<username>.keys
2020-12-03 01:23:27 +00:00
```
2020-11-24 02:32:37 +00:00
Enter a namespace, for example LXD (which is in a NS by Snap).
2021-02-20 06:06:15 +00:00
```console
$ nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m
2020-11-24 02:32:37 +00:00
```
SSH into a machine without checking host key. Useful when servers are in a rescue mode.
2021-02-20 06:06:15 +00:00
```console
$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null"
```
2020-05-28 12:57:33 +00:00
Certbot manual example.
2021-02-20 06:06:15 +00:00
```console
# certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar
```
2020-05-28 12:57:33 +00:00
GPG-agent list SSH key and remove.
2021-02-20 06:06:15 +00:00
```
gpg-connect-agent
KEYINFO --ssh-list --ssh-fpr
DELETE_KEY $HASH
2021-02-20 06:06:15 +00:00
```
Show md5 fingerprint of SSH key.
2021-02-20 06:06:15 +00:00
```console
$ ssh-keygen -l -E md5 -f .ssh/key.pub
```
2019-08-14 12:20:08 +00:00
Password recovery. At grub stage, press `e` to edit the kernel line and add `init=/bin/bash`. It will drop you in a shell before init system (systemd).
2021-02-20 06:06:15 +00:00
```console
# mount -o remount,rw /
# passwd
```
Mount partitions on an image file using losetup.
2021-02-20 06:06:15 +00:00
```console
# losetup -P -f --show my.img
```
List all software installed from particular component (non-free, contrib)
2021-02-20 06:06:15 +00:00
```console
$ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free
2021-02-20 06:06:15 +00:00
```
2019-05-22 08:33:48 +00:00
Manually rotate a file without logrotate, with savelog(8).
2021-02-20 06:06:15 +00:00
```console
2019-05-22 08:33:48 +00:00
$ savelog
2021-02-20 06:06:15 +00:00
```
2019-05-22 08:33:48 +00:00
2019-04-01 14:24:13 +00:00
What processes uses swap?
2021-02-20 06:06:15 +00:00
```console
$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less
```
2019-04-01 14:24:13 +00:00
2019-04-01 13:19:27 +00:00
MySQL "fast" shutdown.
2021-02-20 06:06:15 +00:00
```console
2019-06-06 07:46:13 +00:00
> set global innodb_max_dirty_pages_pct = 0;
$ mysqladmin ext -i10 | grep dirty
2021-02-20 06:06:15 +00:00
```
2019-04-01 13:19:27 +00:00
2019-08-29 14:02:52 +00:00
mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …).
2021-02-20 06:06:15 +00:00
```console
# mkfs.ext4 -O ^64bit,^metadata_csum
```
2018-12-07 09:29:57 +00:00
Send a mail from queue.
2021-02-20 06:06:15 +00:00
```console
$ postcat -q ID > mail
$ < mail sendmail -f FROM TO
2018-12-07 09:29:57 +00:00
```
2018-11-27 13:47:44 +00:00
Python Simple HTTP Server (useful for Munin for example).
2021-02-20 06:06:15 +00:00
```console
$ cd /var/cache/munin/www
$ python -m SimpleHTTPServer 8080
2018-11-27 13:47:44 +00:00
```
Show custom certs (not a link) and expiration in `/etc/ssl/certs`.
2021-02-20 06:06:15 +00:00
```console
# find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;
```
2017-04-10 08:49:20 +00:00
Edit Bind DNS serial (needs modifications, not generic).
2021-02-20 06:06:15 +00:00
```console
$ sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*
2017-04-10 08:49:20 +00:00
```
After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages.
2021-02-20 06:06:15 +00:00
```console
# for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done
# for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done
# for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done
```
2016-06-29 14:13:24 +00:00
Debug php with strace and php-cgi (especially useful for wp multisites).
2021-02-20 06:06:15 +00:00
```console
$ HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php
2016-06-29 14:13:24 +00:00
```
2021-02-20 06:06:15 +00:00
`ps` with long user fields (here 20).
2016-03-15 15:20:43 +00:00
2021-02-20 06:06:15 +00:00
```console
$ ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
2016-03-15 15:20:43 +00:00
```
2016-03-03 22:11:27 +00:00
WTF is happening in apache (or other)? Let's strace all apache processes.
2021-02-20 06:06:15 +00:00
```console
2017-11-16 10:43:26 +00:00
# strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999
2016-03-03 22:11:27 +00:00
```
WTF is happening? Let's tail all logs.
2021-02-20 06:06:15 +00:00
```console
# tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ')
```
2015-12-30 09:06:53 +00:00
Search for suspects POST in apache.log (often attacks).
2021-02-20 06:06:15 +00:00
```console
# grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
2015-12-30 09:06:53 +00:00
```
Check for crashed MySQL table in syslog and launch a repair.
2021-02-20 06:06:15 +00:00
```bash
2015-12-30 09:06:53 +00:00
#!/bin/bash
tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ')
for tableC in $tables; do
db=${tableC%/*}
table=${tableC#*/}
mysqlcheck --auto-repair --check $db $table
done
```
Get the groups of an user and add another user into these groups.
2021-02-20 06:06:15 +00:00
```console
# for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
2015-12-30 09:06:53 +00:00
```
Get the last acceded URLs in Squid Access list.
2021-02-20 06:06:15 +00:00
```console
# tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
2015-12-30 09:06:53 +00:00
```
Migrate MySQL users.
2021-02-20 06:06:15 +00:00
```console
# #SRC Server
# mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
# mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
2015-12-30 09:06:53 +00:00
2021-02-20 06:06:15 +00:00
# #DST Server
# scp server:/tmp/mysql_{db,user} /tmp
# chmod 664 /tmp/mysql_{db,user}
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
2015-12-30 09:06:53 +00:00
```
Find userid of mails in mailq.
2021-02-20 06:06:15 +00:00
```console
$ for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
$ sort -n /tmp/userid | uniq
2015-12-30 09:06:53 +00:00
```
Kill every MySQL SELECT older than X seconds Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
2021-02-20 06:06:15 +00:00
```bash
2015-12-30 09:06:53 +00:00
#!/bin/bash
# From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
SEC=$1
IFS='|'
if [[ $SEC -lt 1 ]]; then
echo "Usage: $0 SECONDS"
exit 1
fi
mysqladmin proc -v|grep Query|grep -Evi "delete|update|insert|alter table" |while read dummy qid qusr qhost qdb qstat qsec qstat2 query; do
if [ $qsec -gt $SEC ]; then
echo "Killing query $qid..."
mysqladmin kill $qid
fi
done
```
List of contacts when sending a mail for technical purpose on a domain which doesn't announce their technical contacts in a whois.
```
abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<domain>, postmaster@<domain>, support@<domain>, webmaster@<domain>
```
itk change rights.
2021-02-20 06:06:15 +00:00
```console
2015-12-30 09:06:53 +00:00
2021-02-20 06:06:15 +00:00
# find /tmp/ -user www-user.old -exec chown www-user:user {} \;
# find /tmp/ -user user.old -exec chown user:user {} \;
2015-12-30 09:06:53 +00:00
* Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \;
* Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \;
* Détecter les fichiers/répertoires accessibles en écriture par Apache (écriture sur le groupe) : find ./ -perm /g=w
* Détecter les fichiers/répertoires accessibles en écriture par tous : find ./ -perm -007 -o -type f -perm -006
```
Get useradd command for migrating account.
2021-02-20 06:06:15 +00:00
```console
# for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
2015-12-30 09:06:53 +00:00
Output :
useradd -m -s /bin/bash -u USERID -p 'USERPWD' username
```
Find files newert than (mtime) a precise date, and execute an action.
2021-02-20 06:06:15 +00:00
```bash
# find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
2015-12-30 09:06:53 +00:00
```