Stupid other tricks - small things for small minds.

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Match ipv4 address:
grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}"

Get the header:
lwp-request -U -s -S -e -m HEAD
Alt bit in Python: - sorry non-PIP...

import urllib2
import socket
import ssl

hostname = 'somesite.somewhere'
url = 'https://' + hostname

response = urllib2.urlopen(url)
print response.geturl()
print response.getcode()
for header in
  print header

addr = socket.gethostbyname_ex(hostname)[2]
addr = str(addr)
addr = hostname

sock = socket.create_connection((addr,443), timeout=None)
context = ssl.create_default_context()
sslsock = context.wrap_socket(sock, server_hostname=addr)
#print sslsock.getpeercert()
certitems = sslsock.getpeercert()
for item in certitems:
  print item, certitems[item]

Check expire date for cert (rapidly): - Past due date expired certs - now being served daily :-)
for i in {1..10};do echo "Test $i"; echo | openssl s_client -connect -servername  2>/dev/null | openssl x509 -noout -subject -dates; echo "";done

If you find your certs expire and then not in the alternating lines, you might have not killed off all apache processes! Kill away to fix....

Alt way:
openssl s_client -connect
- or if using sni:
openssl s_client -connect site.blah:443 -servername site.blah

Check a pem encoded cert expiration date:
openssl x509 -enddate -noout -in file.pem

Text output interpretation of a cert:
openssl x509 -text -noout -in /home/user/certdir/ssl.cert
openssl x590 -text -noout -in /home/user/certdir/ssl.cert | grep -e Subject -e Issuer -e DNS -e After
(args of -subject and -issuer available to openssl - but I am lazy sometimes and don't want to read the man page :-)
- if Virtualmin is giving you renewal problems, try this:
virtualmin generate-letsencrypt-cert --domain  some.domain
(list domains with virtualmin list-domains)

see what files a process is using:
strace -pPIDNUMBER -e trace=file

- to watch mysql - thanks kenorb on Stack Overflow.
 In case this link breaks, here is the skinny:

strace -pMYSQLPID -e trace=read,write -s 2000 -fp $(pgrep -nf mysql)

- Alternatively, try setting up slow log query with 0 (search for slow log query) on my blog....

- strace errors like strace: Could not attach to process - check the /etc/sysctl.d/10-ptrace.conf
  for kernel.yama.ptrace_scope = 1 and set to 0 if debugging in a testing environment - not live!
  follow up with:
    sudo service procps restart
    ( alternatevely - systemctl restart procps )

See what apache is up to:
ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace


ps h --ppid $(cat /var/run/ | awk '{print"-p " $1}' | xargs sudo strace -o strace.txt

(Sprinkle in -s4096 (more context to reads on strace), and -r to find slow time between syscalls - might want single process for that)...
or -

watch apachectl fullstatus

- or just status for compact state line.

Linux Force a reboot
echo 1 > /proc/sys/kernel/sysrq
(or more permanently add "kernel.sysrq = 1" to your /etc/sysctl.conf
echo b > /proc/sysrq-trigger

Or halt:
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger

Stolen from here:
Even more here:

Find the (probable) install date:
tune2fs -l /dev/sda1 (assuming this is the root partition)
Look for the filesystem created date.  Unless you recreated the root partition, this is probably your install date.

Better traceroute - 'cause I like pretty in the terminal: mtr

Disk space check (disk usage): ohmu (get via pip install)

Better git status: tig (pip install again)

Track current traffic on a server: iftop

List apache sites: apachectl -S

Check up on memcached:
Found here:
watch "echo stats | nc 11211"

How many of what type of file? - does not use magic, relies on extension.
find . -type f | sed -n 's/..*\.//p' | sort | uniq -c | sort -n -k 1

Store permissions and re-apply later:
getfacl -R /somedir > somedir.acl
setfacl --restore=somedir.acl

Take back excessive memory / swap use by systemd-logind
systemctl daemon-reexec

Edit systemd config with override -
systemctl edit daemon-name
(should create a /etc/systemd/system/daemon-name.service.d/override.conf
Follow up with:

systemctl daemon-reload
systemctl restart daemon-name

More systemd - get the timers (for backup?)
systemctl list-timers --all
- probably want to grab /etc/systemd/system and /usr/lib/systemd to get the service and timer files.

Even more systemd:
Convert unicode output of systemctl to ascii (sort of):
systemctl status | iconv -f UTF-8 -t ASCII//TRANSLIT

Check smart values on a LSI MegaRAID SAS 9271-4i
DID from output here:
storcli64 /c0 show

smartctl -a -d sat+megaraid,4 /dev/sda
smartctl -a -d sat+megaraid,5 /dev/sda
smartctl -a -d sat+megaraid,6 /dev/sda
smartctl -a -d sat+megaraid,7 /dev/sda

smartd for the HUP!
smartd will continue with the old replaced drive serial and model number after failed replacement is in place.
don't forget to "kill -HUP" the smartd process, so it will re-read and get the correct drive and model.
restart probably would not hurt...

Sum a column of numbers in bash:
Add this to the end of the chain of pipes:

| paste -sd+ - | bc

Replace a line break with a comma from a file list (think email addresses)
tr '\n' ',' < list-of-emails-in-a-column.txt

Thanks goes to Beijing News Express On October 22, students of Wuhan Huangpi Technical School posted a video saying that some students hid hot dishes in the cafeteria during the second extra meal and only gave them pickles. On October 24th, the website of the People’s Government of Huangpi District, Wuhan City published the "Explanation on the Situation of Huangpi Technical School Students’ Reflecting the Problem of Adding Meals in the Canteen". After investigations by the competent authority to the school, the situation is basically true. The school has seriously criticized the education staff on duty , It is recommended that the person in charge of the cafeteria impose financial punishment on him.

Paste lines together from dpkg listing column output (php installed packages in this case):
dpkg --get-selections | grep php | awk '{print $1}' | paste -sd " " -

To get specifics (better version numbering etc on a specific package), try this:
dpkg -s pkgname

rkhunter saying changes, but you suspect updated packages?
---Give this a go:
debsums -ca
---check for recent installs in:
---If all good, update:
rkhunter --update --propupd
---And recheck:
rkhunter -c --rwo

Loopback mount setup (loop mount)
losetup /dev/loop0 bigfile.img
kpartx -av /dev/loop0

Now mount up the bit you want (based on partitioning found with kpartx)
mount /dev/mapper/loop0p2 /mnt/sillymount

Get all with losetup --list
- for more fun use nbdkit (can do compressed files):
nbdkit xz bigfile.img.xz
(gives tcp socket...)
nbd-client -b 512 localhost /dev/nbd0
(uncompresses on the fly)
mount /dev/nbd0p2 /mnt/sillymount
add --filter=cow (to write to a layer on top of the base image) - temporary file - gone on kill of nbdkit.

sed replace on config file:
sed -i 's/max_allowed_packet.*/max_allowed_packet = 16M/g' /etc/mysql/mysql.conf.d/mysqld.cnf

Return apache sites in enabled status: (stupid I know!):
ls -1 /etc/apache2/sites-enabled/ | grep -v le-ssl | awk -F'[\.]' '{$NF=""; print $0}' | grep -v ssl

Generate a "random" password using python:
import string
import random

N = 8
psswd = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(N))

print psswd

Run a cron job at startup? i.e. Is it a stinky user script you would otherwise have run a screen session to run?
Chuck this in the users cron:

@reboot	/home/userdir/

Truncate a log file - or empty it - when the process does not use logrotate - looking at you supervisord!
echo > logfile
truncate -s0 logfile

Have sorted files but don't know what lines are in one and not the other? comm to the rescue.
comm -23 file1 file2
- this gives you lines that appear in the sorted list from file1 not in file2