HeaderHome
Menu Top
Resources
Menu Bottom

Systems Administration Commands

Perl

It fnd all the Perl modules installed on the System use the following command:

	find `perl -e 'print "@INC"' ` -name '*.pm' -print |tee ~/installedPerlModsOnSys.txt
	

Sort through Hash

		foreach my $server  ( keys %{$hash{servers}} ){
}


check for tachyon_interface (sub_role = 1)

if $fqdn~~@disabled_servers 
then next

use 'smartmatch';  
	

GIT

git clone ssh://git@github-domain.com/AppHosting/prp

General

what is the subnet

netstat -rvn

semaphores

/usr/bin/ipcs *
/usr/bin/ipcrm *

runuser -l userNameHere -c '/path/to/command arg1 arg2'

cat access_log|grep \/ccasviewer\/|awk -F "=" ' { print $2 } '|awk -F "," '{ print $1 }' | sort | uniq

vi /etc/motd - to provide notes or messages to thouse who login.)

Send a header var using curl.

curl -H 'YOUR-EXTRA-HEADER-HERE' apache-server-ip
curl -H 'YOUR-EXTRA-HEADER-1-HERE' -H 'YOUR-EXTRA-HEADER-2-HERE' www.hiramgibbard.com
curl -I --stderr --insecure ttps://g1t6468g.austin.hp.com:1181/DO_NOT_REMOVE/health_check.htm| head -1 | awk '{ print $2 

openssl s_server -accept 5308 -nocert - spawn a process on a port, so that you can run a telnet test from another server to see if there is any blockage.

Comparing the Cert and Key Files to see if they go hand in hand

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -text -noout -verify -in file.csr

sed -e 's/^"//' -e 's/"$//' - (Remove surrounding quotes)

(find largest files tarting at root) - du -a / | sort -n -r | head -n 10

$ find / -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

locked user account

[root@g2t1119g ~]# pam_tally2 -r -u gibbard
Login           Failures Latest failure     From
gibbard             0
[root@g2t1119g ~]#

Disks

pvscan

unmount /opt/cloudhosts/logs

Remove the 2GB vol with - lvremove lvol1

lvcreate two 1G lvols

  • lvcreate -L 1G vg02
  • lvcreate -L 1020M vg02
  • List the new Volumes - lvdisplay -v /dev/vg02
  • mkfs.vxfs /dev/vg02/rlvol01
  • Make the directories
  • update the /etc/fstab file
  • mount -a to mount all

and mount them

Disk Management

cfdisk /dev/sda - terminal based partition editor

parted /dev/sda unit MiB print free

date ; du -h /var/ods/defaultroot/data.mdb Tue Apr  4 22:10:52 UTC 2017 51G     /var/ods/defaultroot/data.mdb

 [root@c0046292 gibbard]# parted /dev/sda unit MiB print free | awk '/Free Space/{c++; sum += $3} \
 END{if(c == 0) print "No Free Space"; else print sum" MiB"}'
0.97 MiB

Samba

service samba stop

Clustering

Linux

  • vxdg list --will list
  • vxprint -g dg03 -ht will show the lvols in dg03
  • vxlist will give lots of info
vxassist -g dg03 make lvol04 10G layout=concat
vxprint -g dg03 -ht
mkfs.vxfs /dev/vx/rdsk/dg03/lvol04
mount -t vxfs /dev/vx/dsk/dg03/lvol04  /opt/batchapps/vci_dev

cmviewcl - (To list all the packages)

vgs -> command cat fs vg == lvm dg = veritas file systems cmrunpkg gvt5440 cmhaltpkg gvt5440 cmcheckconf -P /usr/local/cmcluster/conf/gvt5412/gvt5412.ascii no errors cmapplyconf -P /usr/local/cmcluster/conf/gvt5412/gvt5412.ascii vxassist -g dg02 maxsize (see how much space is avail in this dg02)

Small Bash Scripts

Get base name from file

url="http://www.foo.bar/file.ext"; echo "${url##*/}"

Remove Carriage Returns

perl -p0e 's/\n //g'

Obtain all the ServerName directives from a configuration file an place them in a array. THen clean them up by isolating the hostname without the quotes and run them against the nslookup command.

declare -a SERVERNAME=$(grep ServerName ssl.conf|awk '{ print $2 }')
for line in $SERVERNAME; do SN=$(echo $line | sed -e 's/^"//'  -e 's/"$//'); nslookup $SN; done


#!/bin/bash
LASTNUM=$1
       if [[ $LASTNUM = [4-6] ]]
        then
           HCO="AUS2H1"
        fi
echo $HCO


LDAP Commands

sudo screen -x - to see user work

Change logs

 /opt/symas/bin/slapcat -b cn=changelog -l /var/symas/backups/changelog-march
order not good

get Stats Info sudo /opt/symas/bin/mdb_stat -e /var/ods/defaultroot

indexing

 sudo -u symas /opt/symas/bin/slapindex -gb ou=Partners,o=hp.com -q
  • Stop/Disable OpenLDAP normally
  • /opt/symas/bin/slapindex -qb o=hp.com employeeNumber
  • Proceed with your normal LDIF creation (slapcat)
  • Proceed with normal reload, restart, etc.

Delete USer

/opt/symas/bin/ldapdelete -xWD uid=priv-user@blank.com ou=People,o=hp.com -ZZH  ldap://pro-ods-ed-master.infra.blank.net “uid=joe.blow@blank.com,ou=People,o=hp.com”

anonymous bind

/opt/symas/bin/ldapsearch -xZZH ldap://ods-master.infra.hiramgibbard.com/ -b "o=hp.com" mail=hg@hiramgibbard.com  -LLL


Modify and entry by providing a file with the chanegs within

ldapmodify -x -ZZH ldap://itg-ods-xd.core.hiramgibbard.com -D "uid=hiram.gibbard@hiramgibbard.com,ou=People,o=hiramgibbard.com" -W -f /tmp/entrymods

Change a user's password

ldappasswd -x -ZZH ldap://pro-ods-xd-master.core.hiramgibbard.com/ -D "uid=hiram.gibbard@hiramgibbard.com,ou=People,o=hiramgibbard.com" -s '******' uid=arg1303@hiramgibbard.com,ou=CERTs,ou=Partners,o=hiramgibbard.com -W

Search for a record

/opt/symas/bin/ldapsearch -x -ZZH ldap://ldap.hiramgibbard.com:389/ -D "uid=hiram.gibbard@hiramgibbard.com,ou=People,o=hiramgibbard.com" -W -LLL "(sn=gibbard)"

/opt/symas/bin/ldapsearch -b ou=partners,o=hp.com -x -ZZH ldap://hpi-pro-ods-xd.infra.hiramgibbard.com:389/ -D "uid=hiram.gibbard-ceid@hiramgibbard.com,ou=People,o=hp.com" -W -LLL hpBPNumber

LDAP Whoami Lookup - Simpliest and easiest way to test ldap connectivity (functionally).

/opt/symas/bin/ldapwhoami -d -1 -x -H ldaps://ldap.hiramgibbard.com -D uid=hiram@hiramgibbard.com,ou=People,o=hiramgibbard.com -W
Conducted a search for the uid for that user and returned the following two attributes: krbName ntUserDomainId [gibbard@ITG-g5t2390 ~]$ /opt/symas/bin/ldapsearch -x -ZZH ldap://pro-ods-xd.core.hg.com:389/ -D "uid=hiram.gibbard@hg.com,ou=People,o=hg.com" -W -LLL "(uid=some.user@hg.com)" krbName ntUserDomainId Enter LDAP Password: dn: uid=some.user@hg.com,ou=People,o=hg.com ntUserDomainId: AMERICAS:suser Looking at my record I see I have this value: [gibbard@ITG-g5t2390 ~]$ /opt/symas/bin/ldapsearch -x -ZZH ldap://pro-ods-xd.core.hg.com:389/ -D "uid=hiram.gibbard@hg.com,ou=People,o=hg.com" -W -LLL "(uid=hiram.gibbard@hg.com)" ntUserDomainId krbName Enter LDAP Password: dn: uid=hiram.gibbard@hg.com,ou=People,o=hg.com ntUserDomainId: AMERICAS:gibbard krbName: gibbard@AMERICAS.HG.NET Vi /tmp/entrymods Add the following: dn: uid=some.user@hg.com,ou=People,o=hg.com changetype: modify modify: krbName (I AM ASSUMING I SHOULD USE modify, AND NOT add? OR USE add WHEN THE VALUE FOR THAT ATTR IS NULL OR EMPTY?) krbName: suser@AMERICAS.HG.NET (I’m am assuming I will run the following commands against the master, since the consumers pull data from the master?) ITG first ldapmodify -x -ZZH ldap://itg-ods-ed-master.core.hg.com -D "uid=hiram.gibbard@hg.com,ou=People,o=hg.com" -W -f /tmp/entrymods PRO NEXT ldapmodify -x -ZZH ldap://pro-ods-ed-master.core.hg.com -D "uid=hiram.gibbard@hg.com,ou=People,o=hg.com" -W -f /tmp/entrymods

RPM

The %pre scriptlet executes just before the package is to be installed.

  • rpm -qi

(BUILDROOT) This is the alias we use: alias rpmbuild='/usr/bin/rpmbuild --define "_source_filedigest_algorithm 1" --define "_binary_filedigest_algorithm 1" --define "_binary_payload w9.gzdio" --define "_topdir /usr/src/redhat" '

to see what the script executes during install of a RPM without looking at a spec file.
rpm -qp --scripts http://linuxcoe.corp.hp.com/LinuxCOE/Delivery/Americas/SharedHosting/WHA1.1/yum/RedHat/6.0Server/x86_64/RPMS/ais_whaeng-1.1-1.x86_64.rpm

yumdownloader tomcat6 (download the rpm and run the change log against it)

rpm -q --changelog tomcat6-6.0.24-90.el6.x86_64 | grep CVE

rpm -q --changelog -p tomcat6-6.0.24-90.el6.x86_64.rpm|grep 2011-3190


Cfengine Notes

wget the rpm cfengine.x86_64 from http://pro-cfengine.core..com/packages/ - Cfengine RPM

yum -y install compat-db43 openssl098e

Notes:
error: Failed dependencies:
        libcrypto.so.6()(64bit) is needed by cfengine-2.2.9-1.el5.rf.x86_64
        libdb-4.3.so()(64bit) is needed by cfengine-2.2.9-1.el5.rf.x86_64
        
        [root@g1t6468g gibbard]# ll /usr/sbin/cf*
	cfagent       cfdoc         cfenvd        cfenvgraph    cfetool       cfetoolgraph  cfexecd       cfkey         cfrun         cfservd       cfshow
        
        ll /usr/sbin/cfagent



cat access_log|grep \/Concentra\/|awk -F "=" ' { print $2 } '|awk -F "," '{ print $1 }' | sort | uniq

URLs to look into

  • http://fancybox.net/
  • http://cs.baylor.edu/~donahoo/tools/gdb/tutorial.html - to learn how to debug core dumps
  • https://passwd.org/2012/03/apache-httpd-core-dump-instructions
  • https://rbgeek.wordpress.com/2012/08/24/how-to-recover-deleted-apache-log/
  • http://benchmarks.cisecurity.org/
  • http://perlbrew.pl/
https://access.redhat.com/security/cve/#/ https://access.redhat.com/security/cve/cve-2014-0230

Scripts

#!/bin/bash

#depending on the account RPMs this script can be used to install a incremented app account

for (( n=1; n<=6; n++ ))
do
        x=${#n};

        if [ "$x" -eq 2 ]; then
        s="";
        else
        s="0";

        fi
        v=$s$n
        user="prp"$v
        rpm="app-"$user"-user-"$user
        echo y | yum install $rpm
done


HPUX Oracle Perl module

	export http_proxy="http://web-proxy:8088/"
wget http://search.cpan.org/CPAN/authors/id/P/PY/PYTHIAN/DBD-Oracle-1.74.tar.gz
gunzip DBD-Oracle-1.74.tar.gz ;tar xf DBD-Oracle-1.74.tar
export ORACLE_HOME="/u01/app/oracle/product/11.1.0/client_1"
export LD_LIBRARY_PATH="${ORACLE_HOME}/lib"
cd DBD-Oracle-1.74
/opt/perl_64/bin/perl ./Makefile.PL
make
make install
	
that will install DBD:ORACLE module
	

Another way is by just typing cpan and it will go into the cpan shell and you can install other modules needed that is another method which will do the install for you.


JAVA

siging a applet

first wrap the java program .class in a jar file

jar cf <file>.jar .class

keytool -genkey -keystore myKeyStore -alias me
<password>
<password again>
First and last name?
<first> <lastname>
OU?
City?
State?
two letter code country?
yes

keytool -selfcert - keystore myKeyStore -alias me
<password>
jarsigner -keystore myKeyStore <file>.jar me
<password>

six months the cert will expire.


in the html file we change the code to from:
<applet code = "<file.class" >
to
<applet archive = "<file>.jar" >

Command Line Tools

Linux -> top, sar, vmstat, lsof, netstat, tcpdump, iostat, free, mpstat, etc

JDK -> jps, jstat, jmap, jstack, etc


Base 64

  echo "unencrypted" | openssl enc -base64
  echo "dW5lbmNyeXB0ZWQK" | openssl enc -base64 -d

Weblogic

in the config.xml you can disable the ssl by setting it to enabled to false within the ssl tags.

non clustered or two separate domains, you can have one admin console manage both servers or manage servers.\\

t3 or tenka proritatry wl protocol.\\

each managed server is a java process. Since they are clustered they can speak to each other.\\

you can multiple domain each domain can have multiple managed wl servers.

the node manager ensures the manage servers are up and running.\\

if you deploy a app to one manage server, it will push t out to all the others\\

nodemanger with the Weblogic console, and that is started separately.

==== Manual commands: ====

**Command 1:**
Hpcag2.pem will contain hpca intermediate certificate, -keystore option is having keystore file name wsca.jks
/opt/bea/wls1032/jdk160_06/bin/keytool -import -trustcacerts -alias hpcag2 -file hpcag2.pem -keystore wsca.jks -storepass 

**Command 2:**
Generating Key 
/opt/bea/wls1032/jdk160_06/bin/keytool -genkey -alias sasucert -keyalg RSA  -sigalg SHA1withRSA -keysize 2048  -dname "CN=wsca-itg-weblogic.hp.com, OU=AIS, O=Company, L=Roseville, S=California, C=US" -keystore wsca.jks -storepass 

**Command 3:**
Generating Cert request, this below command will give you the file like wsca.csr, that is your CSR file, past this file content in digital badge site.
/opt/bea/wls1032/jdk160_06/bin/keytool -certreq -alias sasucert -file wsca.csr -keypass  -sigalg SHA1withRSA -storetype JKS -keystore wsca.jks -storepass 

**Command 4:**
Copy the signed cert and paste it in file wsca.crt on machine. Then execute below command it will import signed cert in keystore.
/opt/bea/wls1032/jdk160_06/bin/keytool -import -alias sasucert -keystore wsca.jks  -trustcacerts -keypass  -storepass  -file wsca.crt

After are done here with the Renewal steps, you follow the restart process.\\

Setting up DW yum -y install perl-CPAN
Installed:
  perl-CPAN.x86_64 0:1.9402-141.el6_7.1

Dependency Installed:
  perl-Digest-SHA.x86_64 1:5.47-141.el6_7.1
for now type cpan at the prompt and enter yes (default) o commit install DBI install CGI install "Time::HiRes"

ADFIND

– New Hires to look up a resource in AD using adfind Example: adfind -gcb -f mail=li-hua.xu@xxx.com if using -gcb, you don't need to specify -h (my understanding of -gcb is that you may get less attributes), but the upside of it is that you don't need to know which region/domain the user is in. If looking for the user in a specific region, you can just do “-h asiapacific or emea, or Americas. You do not need a specific hostname, but of course you can use one.


Squeeze Box Server

/usr/local/bin/perl /usr/local/squeezeboxserver/scanner.pl --prefsdir=/var/db/squeezeboxserver/prefs --priority=0 --logconfig=/var/db/squeezeboxserver/prefs/log.conf --rescan --cleanup --debug scan=ERROR,artwork=ERROR,scan.import=ERROR,scan.scanner=ERROR

Powered By Source H Last Modified: 04.29.17