Stupid other tricks - small things for small minds.

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

- Careful Chrome users, this search box might be "Not secure"

Match ipv4 address:
grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}"

Get the header:
lwp-request -U -s -S -e -m HEAD
Alt bit in Python: - sorry non-PIP...

import urllib2
import socket
import ssl

hostname = 'somesite.somewhere'
url = 'https://' + hostname

response = urllib2.urlopen(url)
print response.geturl()
print response.getcode()
for header in
  print header

addr = socket.gethostbyname_ex(hostname)[2]
addr = str(addr)
addr = hostname

sock = socket.create_connection((addr,443), timeout=None)
context = ssl.create_default_context()
sslsock = context.wrap_socket(sock, server_hostname=addr)
#print sslsock.getpeercert()
certitems = sslsock.getpeercert()
for item in certitems:
  print item, certitems[item]

Check expire date for cert (rapidly): - Past due date expired certs - now being served daily :-)
for i in {1..10};do echo "Test $i"; echo | openssl s_client -connect -servername  2>/dev/null | openssl x509 -noout -subject -dates; echo "";done

If you find your certs expire and then not in the alternating lines, you might have not killed off all apache processes! Kill away to fix....

Alt way:
openssl s_client -connect
- or if using sni:
openssl s_client -connect site.blah:443 -servername site.blah

see what files a process is using:
strace -pPIDNUMBER -e trace=file

- to watch mysql - thanks kenorb on Stack Overflow.
 In case this link breaks, here is the skinny:

strace -pMYSQLPID -e trace=read,write -s 2000 -fp $(pgrep -nf mysql)

- Alternatively, try setting up slow log query with 0 (search for slow log query) on my blog....

See what apache is up to:
ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace


ps h --ppid $(cat /var/run/ | awk '{print"-p " $1}' | xargs sudo strace -o strace.txt

(Sprinkle in -s4096 (more context to reads on strace), and -r to find slow time between syscalls - might want single process for that)...
or -

watch apachectl fullstatus

- or just status for compact state line.

Linux Force a reboot
echo 1 > /proc/sys/kernel/sysrq
(or more permanently add "kernel.sysrq = 1" to your /etc/sysctl.conf
echo b > /proc/sysrq-trigger

Or halt:
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger

Stolen from here:
Even more here:

Find the (probable) install date:
tune2fs -l /dev/sda1 (assuming this is the root partition)
Look for the filesystem created date.  Unless you recreated the root partition, this is probably your install date.

Better traceroute - 'cause I like pretty in the terminal: mtr

Disk space check (disk usage): ohmu (get via pip install)

Better git status: tig (pip install again)

Track current traffic on a server: iftop

List apache sites: apachectl -S

Check up on memcached:
Found here:
watch "echo stats | nc 11211"

How many of what type of file? - does not use magic, relies on extension.
find . -type f | sed -n 's/..*\.//p' | sort | uniq -c | sort -n -k 1

Store permissions and re-apply later:
getfacl -R /somedir > somedir.acl
setfacl --restore=somedir.acl

Take back excessive memory / swap use by systemd-logind
systemctl daemon-reexec

More systemd - get the timers (for backup?)
systemctl list-timers --all
- probably want to grab /etc/systemd/system and /usr/lib/systemd to get the service and timer files.

Even more systemd:
Convert unicode output of systemctl to ascii (sort of):
systemctl status | iconv -f UTF-8 -t ASCII//TRANSLIT

Check smart values on a LSI MegaRAID SAS 9271-4i
DID from output here:
storcli64 /c0 show

smartctl -a -d sat+megaraid,4 /dev/sda
smartctl -a -d sat+megaraid,5 /dev/sda
smartctl -a -d sat+megaraid,6 /dev/sda
smartctl -a -d sat+megaraid,7 /dev/sda

Sum a column of numbers in bash:
Add this to the end of the chain of pipes:

| paste -sd+ - | bc

Thanks goes to

Paste lines together from dpkg listing column output (php installed packages in this case):
dpkg --get-selections | grep php | awk '{print $1}' | paste -sd " " -

To get specifics (better version numbering etc on a specific package), try this:
dpkg -s pkgname

rkhunter saying changes, but you suspect updated packages?
---Give this a go:
debsums -ca
---check for recent installs in:
---If all good, update:
rkhunter --update --propupd
---And recheck:
rkhunter -c --rwo

Loopback mount setup (loop mount)
losetup /dev/loop0 bigfile.img
kpartx -av /dev/loop0

Now mount up the bit you want (based on partitioning found with kpartx)
mount /dev/mapper/loop0p2 /mnt/sillymount

Get all with losetup --list
- for more fun use nbdkit (can do compressed files):
nbdkit xz bigfile.img.xz
(gives tcp socket...)
nbd-client -b 512 localhost /dev/nbd0
(uncompresses on the fly)
mount /dev/nbd0p2 /mnt/sillymount
add --filter=cow (to write to a layer on top of the base image) - temporary file - gone on kill of nbdkit.

sed replace on config file:
sed -i 's/max_allowed_packet.*/max_allowed_packet = 16M/g' /etc/mysql/mysql.conf.d/mysqld.cnf

Return apache sites in enabled status: (stupid I know!):
ls -1 /etc/apache2/sites-enabled/ | grep -v le-ssl | awk -F'[\.]' '{$NF=""; print $0}' | grep -v ssl