Linux

go to root:

sudo -s

sudo -i -u username

Add userpass in memory

eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_rsa

TAR

tar -czvf name.tar.gz foldername

tar -xvf name.tar.gz

TimeZone

sudo timedatectl set-timezone Europe/Moscow

date -d@1396713472 -> Sat Apr 5 19:57:52 MSK 2014

Look last systemctl logs

sudo journalctl -eu fluent-bit.service -f

Telnet

telnet by curl

curl -v telnet://example.com:80

telnet by Win PS

tnc -ComputerName domain -port 443

SCP

For old server: scp -rp src user@server:dest/

For new server: scp -rp -o src user@server:dest/

Certs

OpenSSL

ip -c a | grep 192 && sudo ls -lah /etc/nginx/conf.d && sudo grep -r ssl_cert* /etc/nginx/conf.d && sudo ls -lah /var/log/nginx | grep .log

ip -c a | grep 192 && sudo ls -lah /etc/nginx/conf.d && sudo grep -r certificate /etc/nginx/conf.d

ip -c a | grep 192 && sudo grep -r certificate /etc/nginx/conf.d

End Date

read cert_location_name && openssl x509 -noout -text -in $cert_location_name | grep -e 'Subject:' -e 'Issuer:' -e 'Not Before:' -e 'Not After :'

End Date (sudo version)

read cert_location_name && sudo bash -c "openssl x509 -noout -text -in \"$cert_location_name\" | grep -e 'Subject:' -e 'Issuer:' -e 'Not Before:' -e 'Not After :'"

CMD version (need installed Git):

Portable:

"C:\Users\USERNAME\Documents\PortableGit\usr\bin\openssl.exe" x509 -noout -text -in *.crt

Installed:

"C:\Program Files\Git\usr\bin\openssl.exe" x509 -noout -text -in *.crt

p7b -> .pem

openssl pkcs7 -in domain.ru.p7b --print_certs -out domain.ru.pem

View all nginx certs

ip -c a | grep 192 && sudo grep -r ssl_cert* /etc/nginx/conf.d

Letsencrypt Cert

Install certbot

sudo dnf install python

install /etc/letsencrypt/acme-dns-auth.py from https://github.com/joohoi/acme-dns-certbot-joohoi/blob/master/acme-dns-auth.py

chmod +x /etc/letsencrypt/acme-dns-auth.py

Request Certificate

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d domain_name.ru

Autorenew certificate

sudo certbot certonly --standalone -d ae.din235.ru

Test dig answer

dig +short txt _acme-challenge.domain_name.ru @8.8.8.8

Show cert date

Linux

sudo dnf install pip
pip3 install showcert

showcert domain.ru

Windows

curl --insecure -vvI https://www.google.com 2>&1 | grep "start date:\|expire date:"

Send command to remote terminal:

#!/bin/bash
echo "Enter passwd"
read pass
echo $pass | ssh 192.168.0.1 -t 'sudo -S systemctl status nginx'

MC

Sync windows: Alt + I

VS Code

Remove certs from all folders:

Ctrl+P (Open Terminal) -> Get-ChildItem -Path . -Include *.pem, *.jks, *.key, *.crt -File -Recurse | Remove-Item -Force

Change line:

Ctrl+Shift+F -> rdkafka.ssl.keystore.password .* to rdkafka.ssl.keystore.password - (Enable regular)

Disk grow

sudo su -
lsblk

fdisk /dev/vda
parted -l
Fix/Ignore? fix
fdisk /dev/vda
d
default
n
default
default
default
Do you want to remove the signature? [Y]es/[N]o: n
w
The partition table has been altered.
Syncing disks.
xfs_growfs -d /
OR
reboot

Docker

Remove all unused data:

docker system prune -a

k8s

k9s dashboard:

search amd64.rpm https://github.com/derailed/k9s/releases
wget https://github.com/derailed/k9s/releases/download/v0.32.5/k9s_linux_amd64.rpm
sudo dnf localinstall k9s_linux_amd64.rpm

sudo pkill -9 k9s

kubectl:

kubectl cluster-info

Other:

For rancher desktop:

Need install WSL: ms-windows-store://pdp/?ProductId=9P9TQF7MRM4R

Remote grep

pw=$(cat "PasswdFile")
ip=
link=
echo "server name"
echo $pw | ssh -tt user@ip "openssl x509 -enddate -noout -in certname.pem"

Export keys:

Try:

openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes

After that you have: -certificate in newfile.crt.pem -private key in newfile.key.pem

To put the certificate and key in the same file without a password, use the following, as an empty password will cause the key to not be exported:

openssl pkcs12 -in path.p12 -out newfile.pem -nodes

Or, if you want to provide a password for the private key, omit -nodes and input a password:

openssl pkcs12 -in path.p12 -out newfile.pem

If you need to input the PKCS#12 password directly from the command line (e.g. a script), just add -passin pass:${PASSWORD}:

openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin 'pass:P@s5w0rD'

====================================================================================================

Ansible:

ansible-vault decrypt /file_location/vars/main.yml ansible-vault encrypt /file_location/vars/main.yml

eval "$(ssh-agent -s)" && ssh-add /home/administrator/.ssh/id_rsa

ansible-playbook playbooks/playbook-name.yml -bK --check

ansible-playbook playbooks/playbook-name.yml --ask-vault-pass -i inventory_location/inventory.yaml -bK --private-key=/home/administrator/.ssh/id_rsa --user=administrator --check HEL

netcat -ul 9094

sudo dnf clean all && sudo dnf update && sudo dnf install -y epel-release && sudo dnf install -y ncdu htop iotop vim mc yum-utils telnet net-tools wget tree traceroute bind-utils zip bash-completion git tmux screen ufw && sudo systemctl daemon-reload

scripts bash <(wget -qO- din235.ru/scripts/time-astra.sh) bash <(wget -qO- din235.ru/scripts/time-centos7.sh) bash <(wget -qO- din235.ru/scripts/zabbix-centos7.sh) bash <(wget -qO- din235.ru/scripts/zabbix-centos6.sh)

Zabbix CentOS 7

rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/7/x86_64/zabbix-release-6.4-1.el7.noarch.rpm yum clean all yum update zabbix-agent vim /etc/zabbix/zabbix_agentd.conf systemctl restart zabbix-agent

Zabbix CentOS 6

service zabbix-agent stop service zabbix-agent start

Zabbix AltLinux

apt-get update apt-get install zabbix-agent vim /etc/zabbix/zabbix_agentd.conf systemctl enable --now zabbix_agentd

netsh advfirewall firewall add rule name="Open Zabbix agentd port 10050 inbound" dir=in action=allow protocol=TCP localport=10050 netsh advfirewall firewall add rule name="Open Zabbix agentd port 10050 outbound" dir=out action=allow protocol=TCP localport=10050 netsh advfirewall firewall add rule name="Open Zabbix trapper port 10051 inbound" dir=in action=allow protocol=TCP localport=10051 netsh advfirewall firewall add rule name="Open Zabbix trapper port 10051 outbound" dir=out action=allow protocol=TCP localport=10051

GPING https://github.com/orf/gping?tab=readme-ov-file // Allow ping netsh advfirewall firewall add rule name="Allow ICMPv4" protocol=icmpv4:8,any dir=in action=allow netsh advfirewall firewall add rule name="Allow ICMPv6" protocol=icmpv6:8,any dir=in action=allow

firewall-cmd --permanent --zone=public --add-port=10050/tcp firewall-cmd --permanent --zone=public --add-port=10050/udp firewall-cmd --reload iptables -xvn -L

iptables -t filter -A INPUT -p tcp -s 213.156.129.38 --dport 10050 -j ACCEPT iptables -t filter -A INPUT -p udp -s 213.156.129.38 --dport 10050 -j ACCEPT service iptables save

uninstall zabbix agent service from Windows: sc delete "Zabbix Agent"

Linux useradd -G wheel -p password -s /bin/bash name passwd name

AltLinux Serv Add DISK blkid #show UUID lsblk #show parts vim /etc/fstab #add correct UUID

UUID=JFLEFLEOIMA /mnt/nas ntfs defaults 0 0

vim /etc/zabbix/zabbix_agent.conf systemctl enable --now zabbix_agentd.service apt-get remove anydesk delete all anydesk folders apt-get remove rustdesk delete all rustdesk folders epm play anydesk epm play rustdesk

Zabbix SW Check AllowKey = System.Run[*] EnableRemoteCommands=1

LDAP passwd

read username ldappasswd -x -W -D "cn=Manager,dc=tsi,dc=ru" -S uid=$username,ou=Staff,dc=tsi,dc=ru

tar -czvf name.tar.gz foldername tar -xvf name.tar.gz

tar -czvf $(hostname -s).tar.gz /etc/nginx scp :$HOME/ .tar.gz ~/

CentOS 7 upd repo EOL sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/.repo sed -i s/^#.baseurl=http/baseurl=http/g /etc/yum.repos.d/.repo sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/.repo

Clean linux cache: free -h vmstat

PageCache (priority): sync; echo 1 > /proc/sys/vm/drop_caches sync; echo 1 | sudo tee /proc/sys/vm/drop_caches

inode & dentrie: sync; echo 2 > /proc/sys/vm/drop_caches

inode & dentrie & PageCache: sync; echo 3 > /proc/sys/vm/drop_caches

disk: error: dmesg df -h, du, ncdu sort: du / | sort -nr | cut -f2- | xargs du -hs

disk grow RHEL echo 1 > /sys/block/sda/device/rescan fdisk /dev/sda Command (m for help): d Partition number (1,2, default 2): 2 Command (m for help): n Select (default p): p Partition number (2-4, default 2): 2 Enter Enter Command (m for help): t Partition number (1-2): 2 Hex code (type L to list all codes): 8e Command (m for help): w partx -u /dev/sda2 pvresize /dev/sda2 lvdisplay

Found root part

lvextend -l +100%FREE /dev/XXXXXXX/root xfs_growfs /dev/XXXXXXX/root

copy file name to name+date cp demo.tar.gz demo-$(date +%y%m%d).tar.gz

Gold Centos 8 dnf install -y epel-release && dnf install -y ncdu htop iotop vim mc yum-utils telnet net-tools wget tree traceroute bind-utils zip Gold Ubuntu apt install -y ncdu htop iotop vim mc telnet net-tools wget tree traceroute zip

Curl: curl --resolve example.com:443:127.0.0.1 https://example.com/ --header "Host: diff.example.com"