Linux: De Snelle Weg naar Productiviteit
Linux biedt een schat aan commando's die je workflow kunnen versnellen. Hier zijn enkele van mijn favorieten:
Alias
Om aliassen te gebruiken, kan je volgende regels toevoegen in /etc/bash.bashrc. Vervolgens even uit-/inloggen, en je zou de commando's moeten kunnen gebruiken.
viewdisk="sudo df -h"
Firewall
Toevoegen van een service:
ufw enable service
(bv ufw enable http)
Controleren van de status
ufw status
Authenticatie
OpenLDAP
sudo su -
apt-get update
apt-get install slapd ldap-utils
Login met RSA-Keys
Instead of entering each time your login-credentials (username, password…), you can also user sa-keys. This allows you to securely log in to linux machines.
1. Create keys
To start, you need to create a private and public key.
Ideal is to do this on a linux machine.
* Open a session on a linux machine
* Create the keys with the command ‘ssh-keygen’
* Choose the proper file (default is OK), and if wanted a passphrase.
> ssh-keygen
2. Update key-server
* Copy the public part
* Open the file id_rsa.pub and copy the data in there.
* Change key-server
*Login to the keyserver portal and edit your profile
(key-server > identity self-service > my profile > Edit your information)
Past the public key in ‘ssh public keys’ and ‘Save changes’.
*Test connection, connect through SSH
Open a ssh session from the linux machine where you created the key.
If everything went fine, you shouldn’t enter your DAS password.
3. Linux Client
* Copy the private key
* Copy the content from the id_rsa file (not the public one!)
* Paste the private key
* Paste Copy the content in \home\a123456\.ssh\id_rsa file
* Change 123456 with your username
* Change the file rights
* Change the rights to user only (chmod 600 id_rsa)
4. SecureCRT
* Copy the private key
* Copy the content from the id_rsa file (not the public one!)
* Past the private key
* Create a local file (pref id_rsa) on your windows machine. Remember the location!
* Import the key in SecureCRT
* Tools > Manage Agent Keys > Add
* Change the order
* Change the order of the authentication in the global options (if needed).
* You can also add your username in this part so you don’t need to typ it each time.
* Options > Global Options > General > Default Session > Edit Default Settings > Connection > SSH2
Verify the properties of the PublicKey. Does it points to the correct rsa file?
If you want to change existing configs, you can do this right now.
Or you can select ‘folder by folder’ and change all nodes underneath with the options.
The basic commands to work with Ansible
Run first following command (not as root !!!)
> cd /home/username/to-be-linux-ansible/trunk
. ./env
svn up (not necessary, but nice to be up to date)
Use of wildcards
Show on which nodes it will run:
>ansible '~VERNAME.*' -i hosts.nagios -s -m shell -c ssh -a "/etc/init.d/samhain status" --list-hosts
(the option --list-hosts will show you on which nodes it will run)
Use of file (fe hosts3) with servernames
>ansible -i hosts3 'all' -s -m shell -a 'uptime'
Start/Stop van services
>systemctl start XXX > starten
systemctl stop XXX > stoppen
systemctl status XXX > huidige status
systemctl enable XXX > starten bij booten
systemctl disable XXX > Niet meer starten bij booten
/lib/systemd/system/XXX.service > script met nodige inhoud
Oudere systemen:
>service XXX start > Starten
service XXX stop > Stoppen
service XXX status > Huidige status
chkconfig XXX on > Starten bij booten
chkconfig XXX off > niet meer starten bij booten
Netwerk routes
update files:
>/etc/sysconfig/network-scripts/route-eth0
of
etc/rc.local
>ip route add 10.82.65.132/32 via 172.16.130.129 dev
eth1
How to see the routes your are using on network level?
For Windows
>route print
For Linux
>route -n
For Cisco
>show ip route
Test slow network
WLC (SSH)
>show run-config
show msglog
show traplog
debug client< MAC addr>
Laptop
Test WIFI 'employee' from laptop (IP 10.1.2.x)
>http://www.speedtest.net
Test WIFI 'employee' from phone
>Test cable 'VLAN 12' (IP 10.1.2.x)
Configure a port to access vlan 12 on switch-01
>http://www.speedtest.net
>Switch-01
Disable port 1/0/39 (to verifiy!!!)
Test WIFI 'employee' from laptop (IP 10.1.2.x)
http://www.speedtest.net
WLC (SSH)
>show client detail <MAC addr>
Archey
Archey geeft je in het kort enkele statussen weer van je linux machine in CLI. Dit is bv handig bij het opstarten/aanloggen.
sudo apt-get install lsb-release scrot
wget http://github.com/downloads/djmelik/archey/archey-0.2.8.deb
sudo dpkg -i archey-0.2.8.deb
Om nu telkens dat iemand aanlogt de informatie te tonen, voeg je dit toe aan bash.bashrc. Hieronder zie je een voorbeeldje met extra alias definties.
vi /etc/bash.bashrc
alias viewdisk="sudo df -h"
alias cdlogs="cd /var/log/"
if [[ -n $SSH_CONNECTION ]] ; then
clear
archey
echo " Aliasses";
echo " --------";
echo " viewdisk = sudo df -h";
echo " cdlogs = cd /var/log/";
echo "";
echo "";
fi
Proxy testen
To test a https session through a proxy server, you can use something like:
Without proxy
> curl -k -L https://www.something.com
> result: curl: (7) couldn't connect to host
With proxy:
> curl -k -x https://proxyserverurl:8080 -L https://https://www.something.com
> result: curl: (56) Received HTTP code 407 from proxy after CONNECT
CSV naar tekst?
**Import verschillende lijnen/kolomen**
Met volgend scriptje lees je de verschillende tabellen uit in een csv bestandje, en kan je deze gebruiken in een scriptje. Bv onderstaand was om een hele lijst hosts toe te voegen in cacti.
> #!/bin/bash
> listfile="file.txt"
> while read f2 f1
> do
> php cli/add_device.php --description=$f1 --ip=$f2 --community=public --template=4 --disable=1;
> done < $listfile
Log iets met datum
>now="$(date '+%Y:%m:%d:%H:%M:%S')"
echo "$now Restart em0" >> /var/log/homemade.log
Vind bestanden
Find biggest files:
>find /app/ -type f -exec du -Sh {} + | sort -rh | head -n 5
Find biggest folders
>du -hs /app/* | sort -rh | head -5
Logs bekijken
Logs zijn altijd heel handig wanneer je precies wenst te weten wat er gaande is in je systeem. Je kan dmv logs een beter inzicht krijgen hoe alles in elkaar draait. Maar nog meer, logs bevatten een schat aan informatie eens je op problemen stuit. En wanneer je problemen hebt, dan gebeurt het wel es dat je wat hulp kan gebruiken. De honderden lijnen logs zijn soms nu ook weer niet zo ideaal als je met je handen in het haar zit.
**Openhab2 logs**
Logs
De 2 interessante logs zijn terug te vinden onder /var/logs/openhab/...
Dit zijn:
>events.log: welke zaken loggen ivm triggers (bv sensoren)
openhab.log: zaken ivm openhab zelf (bv opstarten ed)
Debug logs
Een debug log bevat veel meer informatie, maar dit wordt meestal enkel gestart in geval van troubleshooting.
>/usr/share/openhab2/runtime/karaf/bin/client
log:set DEBUG org.openhab.binding.zwave
Check /var/log/openhab/* via another console
**Zwave logs**
Voor openHAB kan je online een handig tooltje vinden die de logbestanden van zwave net iets mooier rangschikt.
www.cd-jackson.com/index.php/openhab/zwave-log-viewer
Zoeken in (log) bestanden
Met grep kan je een woordje opzoeken in een bepaald bestand:
> grep IkZoekDit /var/log/zoekbestandje.log
Met egrpe kan je meerdere woorden ozken in een bepaald bestand:
> egrep "IkZoekDit|EnDit" /var/log/zoekbestandje.log
Met head of tail bekijk je het begin of het eind van een bestand. Je kan hier ook opties aan toevoegen om bv het aantal regels beter te weer te geven.
> tail -100 /var/log/zoekbestandje.log
Je kan nu beide commando's combineren, om zo de woordjes enkele te zoeken in die bepaalde regels.
> tail -100 /var/log/zoekbestandje.log | egrep "IkZoekDit|EnDit"
Met de optie -f onder tail kan je live het logbestandje bekijken. Dan zie je enkel die bepaalde zoeklijnen verschijnen op het moment dat het gebeurd. Heel handig als je iets aan het testen bent.
> tail -f /var/log/zoekbestandje.log | egrep "IkZoekDit|EnDit"
Verwijder oude log files
In order to clear (=delete) log-files, older then 30 days, without logrotate, I've put following script in place
vim /etc/cron.daily/azer_cleanup
find /tmp/azer_message_txt* -mtime +30 -type f -delete
find /home/azer/azer* -mtime +30 -type f -delete
The reason why I done it without logrotate, is because the log-files are created by external applications. So other names, rotation mechanism....
Schijfruimte vol?
I can happen that the diskspace is used forcely, but you can't find the files/folder that are using the space.
Sometimes, the files are deleted from the disk, but are still open by the application. So they aren't there, but they are still there. To find/see these files, you can use following command:
lsof | grep -i deleted
Kernels & schijf vol?
Soms gebeurt het wel eens dat de disk '/boot' vol loopt door de vele kernel updates.
Een makkelijk manier van dit te 'cleanen' is volgend commando:
Ubuntu/mint/...
purge-old-kernels
Centos
yum install yum-utils
package-cleanup --oldkernels --count=2
Update won't start cause of disk space
When you try to update, and you've got the error below (disk space critical):
>DISK CRITICAL - free space: /boot 50 MB (37% inode=99%);| /boot=83MB;;91;0;141
You can cleanup old kernels with following command.
This will leave the current and the last current in place (count = 2)
> package-cleanup --oldkernels --count=2
Zip / gzip / tar and beyond
Compressing files can gain you a lot of diskspace. That's one thing. But now a days, a disk isn't so expensive. So why still bother to compress your files? I use the zip function mostly to put all my files into one file. This is easier to transfer a bunch of files over the internet, mail, usb sticks...
To compress a complete folder into one file, you can use following command:
>tar -zcvf 20130403_something.tar.gz /folder/subfolder/subsub
Of course, after compressing something, you also want to decompress it:
>tar -zxvf 20130403_something.tar.gz
Look into zip files:
> zcat syslog-123123132-201608*gz | egrep -i 'sb029|sb060' | grep '^Aug'
How to update network routes?
update files
>vim /etc/sysconfig/network-scripts/route-eth0
or in case of old machines
>vim /etc/rc.local
Restart the network service
>service network restart
When you want to have a active route, without restarting the network, you can use following command. Keep in mind that this will only active till the next reboot/restart.
>ip route add 10.82.65.132/32 via 172.16.130.129 dev eth1
How to use tcpdump to listen to a session?
Herstart Switchpoort ahv script
Ahv van een klein scriptje, kan je een poort zaken laten doen, zonder dat je zelf moet inloggen, kennis hebben van de switch ed.
Eerste even zorgen dat expect geinstalleerd is:
> apt install expect
**Om telnet te gebruiken:**
restartSwitchPoort6.exp
>#!/usr/bin/expect -f
set timeout 120
spawn telnet 192.168.1.1 (IP adres van Switch)
expect "*?ser:*"
send "USR\r" (gebruikersnaam)
expect "*?assword:*"
send "PWD\r" (wachtwoord
sleep 1
send "enable\r"
sleep 1
send "config\r"
sleep 1
send "interface gigabitEthernet 1/0/6\r"
sleep 1
send "power inline supply disable\r"
sleep 10
send "power inline supply enable\r"
send "exit\r"
send "exit\r"
send "exit\r"
send "exit\r"
expect eof
**idem, maar met ssh:**
restartSwitchPoort6.exp
>#!/usr/bin/expect -f
set timeout 120
spawn ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc USR@192.168.1.1 (IP adres van Switch)
expect "*?assword:*"
send "PWD\r" (wachtwoord
sleep 1
send "enable\r"
sleep 1
send "config\r"
sleep 1
send "interface gigabitEthernet 1/0/6\r"
sleep 1
send "power inline supply disable\r"
sleep 10
send "power inline supply enable\r"
send "exit\r"
send "exit\r"
send "exit\r"
send "exit\r"
expect eof
How to use tcpdump to listen to a session?
Listen for all traffic for host x:
> tcpdump -n host 10.10.10.20 -i eth0
Listen for all traffic for connection on port x:
> tcpdump -n dst port 8080 -i eth0
Option "-vvv" for more info...
Option "-i any" to listen on all interfaces
A nice article about the options: rationallyparanoid.com/articles/tcpdump.html
LDAP usuage
To see if a user has access to a servers, and to check to which groups he belong, you can use ldapsearch:
ldapsearch -x uid=username
> #extended LDIF
> #LDAPv3
> #base <> with scope subtree
> #filter: uid=USERNAME
> #requesting: ALL
> #USERNAME, Users, People, dom.be
> dn: uid=USERNAME,ou=Users,ou=People,dc=dom,dc=be
> memberOf: cn=somethingie,ou=hostaccess,ou=groups,dc=dom,dc=be
> memberOf: cn=exmaple,ou=sudousersgroups,ou=groups,dc=dom ,dc=be
> sshPublicKey: ssh-rsa ADFDBVDFCBDLo016Q1IquxZ0we9xW2Y+QF5oVqh6C5dJWrvoPSk4E4dg
> d6ArGigJZV6Ea+LcreBRnxtmEJhdqimqlksjdfiKLJFDSIODHEu9TrA7Jol0Bm8RlpOuV+7M4
> kQhOZSWyW4xSWI8+/qoS8ItQ6DyqC/gnP8MVt73aSRCOcn+JgfScpgjcVIXU9JCQujtGpCR7RRrwB
> CKbml9vxo9CN1qimLM/e3awzHN/AZwOcw7GSDFFSSDFp5apTStAjeiKcWJXo4nJtvMBit+yHVC8
> UjDYdbXL USERNAME@PC.dom.net
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> objectClass: posixAccount
> objectClass: ldapPublicKey
> objectClass: shadowAccount
> objectClass: inetUser
> cn: USERNAME
> preferredLanguage: en
> gidNumber: 20599
> gecos: Bob De Bouwer
> uid: USERNAME
> homeDirectory: /home/USERNAME
> loginShell: /bin/bash
> uidNumber: 987456985
> displayName: Bob De Bouwer 20599
> sn: Bob
> mail: debouwer.Bob@dom.com
> givenName: debouwer
>
> #search result
> search: 2
> result: 0 Success
>
> #numResponses: 2
> #numEntries: 1
Lvs/vgs
>cat /proc/partitions
fdisk -l
df -h: Disk free (filesystem, not lvs)
Physical volumes (pvsdisplay)
>pvs
Volume Group information
(disks must have partition type 8e)
> vgs
lvs: Logical volume information
Nice video: https://youtu.be/Eu1WrVjzRy8
Upload FTP
When you want to copy files over a network, there are different ways to do it. One of it is ftp. To setup a ftp connection, you can follow these guide lines:
>ftp 192.168.192.168
username
password
If everything is fine, you should be connected to the ftp server on the other side.
With the command 'ls', you can see the files that are located on the other machine, and with the command 'pwd' you'll see in which folder you're in.
>ls
pwd
Basiclly, you've got 2 commands that are important, and that's put and get. Put is seen from you local machine. So with this, you put from the local machine the files on the remote server. And with get, well... you can figure it out yourself.
>put filename
put fil*
get filename
get fil*
If you now want to copy more files, you can use the commands mput and mget. Nice, except for one thing, the damned thing asks each time if you want to copy it. For this, you can do a small workaround before starting the command. Just put in one word before starting to copy: prompt. Easy, no?
>prompt
mput
mput 2009*
mget
mget 2009
USB UPS via NUT
Een UPS via USB? Gebruik NUT.
Een tooltje die je UPS via USB veranderd in een netwerk device...
> apt install nut
Voeg volgende lijn toe in /etc/nut/nut.conf
> MODE=standalone
Voeg volgende lijn toe in /etc/nut/upsd.conf
>LISTEN 127.0.0.1 3493
>LISTEN ::1 3493
>LISTEN **JOUWEIEGENIP** 3493
Het moeilijke was om de juist instellingen te vinden. Na een tijdje botste ik op volgende commando. En
daarmee had je direct alle juist instellingen voor de connectie:
> nut-scanner –U
> [nutdev1]
driver = "usbhid-ups"
port = "auto"
vendorid = "051D"
productid = "0002"
product = "Back-UPS RS 1500G FW:878.L5 .I USB FW:L5"
serial = "xxxxxx"
vendor = "American Power Conversion"
bus = "002"
Voeg vervolgens de data in /etc/nut/ups.conf
> [ups1]
desc = "Jouw UPS Naam"
driver = "usbhid-ups"
port = "auto"
vendorid = "051D"
productid = "0002"
product = "Back-UPS RS 1500G FW:878.L5 .I USB FW:L5"
serial = "xxxxxx"
vendor = "American Power Conversion"
bus = "002"
Nog eventjes een gebruiker met de nodige rechten in /etc/nut/upsd.users
> [admin]
password = PASSWORD_REPLACE
actions = SET FSD
instcmds = ALL
upsmon master
Start alles eventjes met:
>upsdrvctl start
Ondervraag even met:
> upsc ups1@localhost