Stupid other tricks - small things for small minds.

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"




Match ipv4 address:
grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}"


Get the header:
lwp-request -U -s -S -e -m HEAD http://www.google.com
Alt bit in Python: - sorry non-PIP...

import urllib2
import socket
import ssl

hostname = 'somesite.somewhere'
url = 'https://' + hostname

response = urllib2.urlopen(url)
print response.geturl()
print response.getcode()
for header in response.info().headers:
  print header

addr = socket.gethostbyname_ex(hostname)[2]
addr = str(addr)
addr = hostname

sock = socket.create_connection((addr,443), timeout=None)
context = ssl.create_default_context()
sslsock = context.wrap_socket(sock, server_hostname=addr)
#print sslsock.getpeercert()
certitems = sslsock.getpeercert()
for item in certitems:
  print item, certitems[item]


Check expire date for cert (rapidly): - Past due date expired certs - now being served daily :-)
for i in {1..10};do echo "Test $i"; echo | openssl s_client -connect sitename.com:443 -servername sitename.com  2>/dev/null | openssl x509 -noout -subject -dates; echo "";done

If you find your certs expire and then not in the alternating lines, you might have not killed off all apache processes! Kill away to fix....

Alt way:
openssl s_client -connect ip.add.re.ss:443
- or if using sni:
openssl s_client -connect site.blah:443 -servername site.blah


see what files a process is using:
strace -pPIDNUMBER -e trace=file

- to watch mysql - thanks kenorb on Stack Overflow. 
http://stackoverflow.com/questions/568564/how-can-i-view-live-mysql-queries
 In case this link breaks, here is the skinny:

strace -pMYSQLPID -e trace=read,write -s 2000 -fp $(pgrep -nf mysql)

- Alternatively, try setting up slow log query with 0 (search for slow log query) on my blog....


See what apache is up to:
ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace

-or-

ps h --ppid $(cat /var/run/apache2.pid) | awk '{print"-p " $1}' | xargs sudo strace -o strace.txt

(Sprinkle in -s4096 (more context to reads on strace), and -r to find slow time between syscalls - might want single process for that)...
or -

watch apachectl fullstatus

- or just status for compact state line.


Linux Force a reboot
echo 1 > /proc/sys/kernel/sysrq
(or more permanently add "kernel.sysrq = 1" to your /etc/sysctl.conf
echo b > /proc/sysrq-trigger

Or halt:
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger

Stolen from here: http://smshaker.wordpress.com/2009/03/02/linux-force-rebootshutdown/
Even more here: http://www.linuxhowtos.org/Tips%20and%20Tricks/sysrq.htm

Find the (probable) install date:
tune2fs -l /dev/sda1 (assuming this is the root partition)
Look for the filesystem created date.  Unless you recreated the root partition, this is probably your install date.


Better traceroute - 'cause I like pretty in the terminal: mtr

Disk space check (disk usage): ohmu (get via pip install)

Better git status: tig (pip install again)

Track current traffic on a server: iftop

List apache sites: apachectl -S

Check up on memcached:
Found here: https://www.percona.com/blog/2008/11/26/a-quick-way-to-get-memcached-status/
watch "echo stats | nc 127.0.0.1 11211"


How many of what type of file? - does not use magic, relies on extension.
find . -type f | sed -n 's/..*\.//p' | sort | uniq -c | sort -n -k 1


Store permissions and re-apply later:
getfacl -R /somedir > somedir.acl
setfacl --restore=somedir.acl


Take back excessive memory / swap use by systemd-logind
systemctl daemon-reexec


More systemd - get the timers (for backup?)
systemctl list-timers --all
- probably want to grab /etc/systemd/system and /usr/lib/systemd to get the service and timer files.


Even more systemd:
Convert unicode output of systemctl to ascii (sort of):
systemctl status | iconv -f UTF-8 -t ASCII//TRANSLIT


Check smart values on a LSI MegaRAID SAS 9271-4i
DID from output here:
storcli64 /c0 show

smartctl -a -d sat+megaraid,4 /dev/sda
smartctl -a -d sat+megaraid,5 /dev/sda
smartctl -a -d sat+megaraid,6 /dev/sda
smartctl -a -d sat+megaraid,7 /dev/sda


Sum a column of numbers in bash:
Add this to the end of the chain of pipes:

| paste -sd+ - | bc

Thanks goes to http://www.unixcl.com/2009/11/sum-of-numbers-in-file-unix.html

Paste lines together from dpkg listing column output (php installed packages in this case):
dpkg --get-selections | grep php | awk '{print $1}' | paste -sd " " -

To get specifics (better version numbering etc on a specific package), try this:
dpkg -s pkgname



rkhunter saying changes, but you suspect updated packages?
---Give this a go:
debsums -ca
---check for recent installs in:
/var/log/dpkg.log
---If all good, update:
rkhunter --update --propupd
---And recheck:
rkhunter -c --rwo



Loopback mount setup (loop mount)
bigfile.img
losetup /dev/loop0 bigfile.img
kpartx -av /dev/loop0

Now mount up the bit you want (based on partitioning found with kpartx)
mount /dev/mapper/loop0p2 /mnt/sillymount

Get all with losetup --list
- for more fun use nbdkit (can do compressed files):
nbdkit xz bigfile.img.xz
(gives tcp socket...)
nbd-client -b 512 localhost /dev/nbd0
(uncompresses on the fly)
mount /dev/nbd0p2 /mnt/sillymount
add --filter=cow (to write to a layer on top of the base image) - temporary file - gone on kill of nbdkit.



sed replace on config file:
sed -i 's/max_allowed_packet.*/max_allowed_packet = 16M/g' /etc/mysql/mysql.conf.d/mysqld.cnf


Return apache sites in enabled status: (stupid I know!):
ls -1 /etc/apache2/sites-enabled/ | grep -v le-ssl | awk -F'[\.]' '{$NF=""; print $0}' | grep -v ssl



[æ]