Site Tools


Sidebar

snippets:commandline

gnupg

  • gpg –list-keys –list-options show-uid-validity <kedid> # check validity

dos2unix endofline conversion:

  • od -t d1 <input.txt >output.txt
  • perl -pi -e 's/ / /g' input.txt

whats listening on what ports?

  • netstat -nlp
  • lsof -i tcp:7100
  • fuser -v -n tcp 7100

pulseaudio: sending audio to remote

  • server: 'pactl load-module module-native-protocol-tcp auth-ip-acl=<clientip>'
  • client: 'PULSE_SERVER=<ip-of-server> firefox'

kvm tuning

note This will increase chances of data loss, while improving performance! Not for production!

  • virsh edit <guest>
  • Seek for the “cache” clause. Change its value (probably none or writeback) to “unsafe”
  • sysctl -w vm.dirty_expire_centisecs=500000
  • sysctl -w vm.dirty_ratio=98
  • sysctl -w vm.dirty_background_ratio=90
  • sysctl -w vm.dirty_writeback_centisecs=50000
  • To enforce data to be written before these limits strike in, “sync” could be used

bash hacks

  • disown : a backgrounded process (ctrl+Z / bg) can be sidowned, after logging out it keeps running. nohup/screen also possible.
  • fc : start last run command in test editor, after leaving editor execute it

cpio usage

  • cpio -iv <../initrd.org # extract initrd.org
  • find ./ | cpio -H newc -o >/boot/6initrdnew # create cpio-archive

extract rpm files

  • rpm2cpio <path-to-rpm> | cpio --extract --verbose --make-directories --preserve

what kind of ldap-server is running?

  • ldapsearch -x -h wiz -b "" -s base "objectclass=*"

force screen blanking in x:

  • xset dpms force off

reread a partitionable onthefly

  • partprobe or 'blockdev –rereadpt /dev/sda'

runtime lib-path variables:

  • LD_RUN_PATH LD_LIBRARY_PATH
  • LD_LIBRARY_PATH=“/usr/local/soft_gsasl-0.2.27/lib” LDFLAGS=“-L/usr/local/soft_gsasl-0.2.27/lib” CPPFLAGS=“-I/usr/local/soft_gsasl-0.2.27/include”
  • C_INCLUDE_PATH=/opt/gdbm-1.8.3/include
  • CPLUS_INCLUDE_PATH=/opt/gdbm-1.8.3/include

backup via ssh/netcat:

  • tar cfp - . |(ssh user@host 'cd /dir && tar xfp -')
  • on server: nc -l -p | (cd /tmp/backup && tar xfp -) on client: tar cfp - / | nc serverip 2222

drop ssh-publickeyfile:

  • (ssh user@remote “mkdir .ssh; cat >.ssh/authorized_keys”) < .ssh/id_rsa.pub

create selfsigned cert (for apache etc.):

# step one - create the key and request:
openssl req -new -newkey rsa:4096 > new.cert.csr
# step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key
# step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 730

show contents of x509-cert:

  • openssl x509 -in service.crt -noout -text

what dependencies does an rpm-file have?

  • rpm -qRp gcc.rpm

show the top ten of cpu-using processes:

  • ps ax -o pid,user,pcpu,comm | sort -k +2 |tail -10

presentationsoftware, networkdiagrams

dump whole networkpackets:

  • tcpdump -Xnvs 0 host 1.2.3.4

install perlmodule:

  • perl -MCPAN -e 'install Chocolate::Belgian'

how many percent of system are in use cpu-wise?

  • ps aux | nawk '{tot+=$5} ; END { print tot}'

packet forwarding + nat:

  • iptables -t nat -A PREROUTING -p tcp --dport 2222 -d 10.0.0.1 -j DNAT --to 192.168.4.16:22
  • iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0 -d 2.3.4.5

create a 7GB sparse-file (uses space only when actually needed):

  • dd if=/dev/zero of=xm32_debian.img bs=1 count=1 seek=7G

ssh pubkey restrictions of pubkey-auth onto executing something from an array of allowed comands:

  • command="sh -c 'if expr \"${SSH_ORIGINAL_COMMAND}\" : \"^rsync.*--server\" >/dev/null ; then $SSH_ORIGINAL_COMMAND ; else echo REJECTED ; fi'" ssh-rsa..

irc-servers from europe:

  • irc.belwue.de
  • random.ircd.de
  • irc.uni-erlangen.de
  • irc.leo.org

rescan on linux for scsi/san-luns:

  • dmesg|grep scsi # find out the number of the scsi-host in use
  • echo "1" > /sys/class/fc_host/hostXYZ/issue_lip # XYZ = number of scsi-host
  • echo "- - -" > /sys/class/scsi_host/hostXYZ/scan

ask name-server for versioninfo:

  • host -c chaos -t txt version.bind someserver.org

create a pkcs12-cert:

  • openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -certfile cacert.pem -name “[friendly name]” -out namecert.p12

Get cryptstring i.e. for httpasswd:

  • perl -we 'print crypt("secret",int(rand(90))+10),"\n";'

OpenSwan cvs checkout:

  • cvs -d :pserver:anoncvs@anoncvs.openswan.org:/public/cvs login # pass anoncvs
  • cvs -d :pserver:anoncvs@anoncvs.openswan.org:/public/cvs co openswan-2

change cdrom in qemu virtualmachine

  • <ctrl+alt+2>, eject cdrom, change cdrom /path/cd.iso, <ctrl+alt+1>

create a file, to compare time it takes between different media below

  • dd if=/dev/zero of=testfile bs=128M count=1 oflag=direct # writes file with DIRECTIO, so cache is not involved
  • sync; time bash -c 'dd if=/dev/zero of=testfile bs=128M count=1; sync;' # write, with sync bevore/after

vmware config for shared disks (for testing clusterstuff)

create preallocated disk (not this spare thingy), use new scsi-bus (i.e. target 1.1 for shared disk), add options to vm-configfile.vmx:
  scsi1.sharedBus = "virtual"
  disk.locking = "false"
  diskLib.dataCacheMaxSize = "0" 

linux cpu-speed tuning

  • echo ondemand >/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor

running slrn on my utf8-debian

LANG=en_GB.iso88591 luit -encoding ISO-8859-1 slrn -h news.individual.de

getting a remote firefox on 'ssh -X' shell

firefox -no-remote

setting rpm-queryformat to also see architecture of rpms by default

echo "%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}" >~/.rpmmacros

gnu parted

parted /dev/sdb mkpart primary 500M 100%
parted /dev/sdb align-check opt 1
parted /dev/sdb align-check opt 2

cryptsetup/luks

# creation
cryptsetup -v luksFormat /dev/sdb       # initial setup
cryptsetup luksOpen /dev/sdb usbbackup  # create mapping
pv/cat /dev/zero >/dev/mapper/usbbackup # initialization
mkfs.ext4 /dev/mapper/usbbackup

# opening/mounting
cryptsetup luksOpen /dev/sdb usbbackup
mount /dev/mapper/usbbackup /mnt/usbbackup

# closing/umount
umount /mnt/usbbackup
cryptsetup luksClose usbbackup

sendmail: disable dns-usage for smarthost

echo 'hosts files' >/etc/mail/service.switch
echo 'aliases files' >>/etc/mail/service.switch
echo '1.2.3.4 mailgw' >>/etc/hosts
vi sendmail.cf # set 'DSmailgw'
echo 'O ServiceSwitchFile=/etc/mail/service.switch' >>/etc/mail/sendmail.cf
echo 'O HostsFile=/etc/hosts' >>/etc/mail/sendmail.cf

cpan with proxy

# export http_proxy="http://10.1.2.3:8080"
# export ftp_proxy="http://10.1.2.3:8080"
# perl -MCPAN -e shell
$ install Net::LDAP
snippets/commandline.txt · Last modified: 2024/03/03 09:04 by chris