codepedia · May 18, 2018 19:53
diff --git a/sys-admin b/sys-admin
 # Find out if you are root or not for admin tasks.
 (( EUID )) && { echo 'Run this script with root priviliges.'; exit 1; } || echo 'Running as root, starting service...'

 find userID:
 ]$ id -u
 44502

 #za:~ za$ brew search /*\net*/

 #!/bin/sh
 #
 # cron ex: * * * * * /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /root/scripts/check-mountpoint.sh >> /root/scripts/cron.log



 # all mounts will show under "cat /proc/mounts"
 # mountpoint must be present in fstab
 mountpoint=" /mnt/endpoint" # use space before (prevent mountpoint as source)

 if [ -z "$(grep $mountpoint /proc/mounts)" ]; then
 # we use space before, prevent mountpoint as source
 	echo "$mountpoint not present"
 	unmount $mountpoint
 	mount $mountpoint
 	echo "Erreur du point de montage $(mountpoint) sur le serveur:\n $(hostname)" | mail -s "Rapport d'erreur point de montage" $email
 fi


 ## what brew does when setting itself up. 
 ==> /usr/bin/sudo /usr/sbin/chown za /usr/local/.
 ==> /usr/bin/sudo /usr/bin/chgrp admin /usr/local/.
 ==> /usr/bin/sudo /bin/mkdir /Library/Caches/Homebrew
 ==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
 ==> /usr/bin/sudo /usr/sbin/chown za /Library/Caches/Homebrew
 ==> Searching online for the Command Line Tools
 ==> /usr/bin/sudo /usr/bin/touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
 ==> Installing Command Line Tools (OS X 10.11) for Xcode-7.3
 ==> /usr/bin/sudo /usr/sbin/softwareupdate -i Command\ Line\ Tools\ (OS\ X\ 10.11)\ for\ Xcode-7.3



 ======
 # checks free mem
 free -m

 ====
 LC_ALL is the environment variable that overrides all the other localisation settings (except $LANGUAGE under some circumstances).

 LANG="en_US.UTF-8"
 LC_COLLATE="en_US.UTF-8"
 LC_CTYPE="en_US.UTF-8"
 LC_MESSAGES="en_US.UTF-8"
 LC_MONETARY="en_US.UTF-8"
 LC_NUMERIC="en_US.UTF-8"
 LC_TIME="en_US.UTF-8"
 LC_ALL=

 ======================
 # dig - DNS lookup utility
 dig -x 

 ======================
 see boot stuff # alos check systemd
 cat /var/log/boot.log 
 
 
 
 =============
 # dda group and a then add a new user to that group 
 #create group with gid 
 sudo groupadd -g 54321 myapp
 #add user to the group. 
 [vagrant@localhost ~]$ sudo adduser -G myapp myapp
 adduser: group myapp exists - if you want to add this user to that group, use -g.
 [vagrant@localhost ~]$ sudo adduser -g myapp myapp
 [vagrant@localhost ~]$ id myapp
 uid=1001(myapp) gid=54321(myapp) groups=54321(myapp)

 # create a new folder and changing the group and user fo that folder 
 chown: changing ownership of ‘myapp_dir/’: Operation not permitted
 [vagrant@localhost ~]$ sudo chown myapp:myapp myapp_dir/
 [vagrant@localhost ~]$ ls -lad myapp_dir/
 drwxrwxr-x. 2 myapp myapp 4096 Jun  9 23:10 myapp_dir/
 [vagrant@localhost ~]$ 
 # create second user 
 [vagrant@localhost ~]$ ls -lad myapp_root_withroot/
 drwxrwxr-x. 2 vagrant vagrant 4096 Jun  9 23:34 myapp_root_withroot/
 [vagrant@localhost ~]$ sudo chown root:myapp  myapp_root_withroot/
 [vagrant@localhost ~]$ ls -lad myapp_root_withroot/
 drwxrwxr-x. 2 root myapp 4096 Jun  9 23:34 myapp_root_withroot/



 ===================
 #za identify the conn-type , and then use tcpdump to get the traffic . Still need to update.
 The lsof command reveals similar information since it is also capable of linking open ports to services:

 lsof -i | grep 834

 za:~ za$ lsof -i 
 COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
 UserEvent   250   za    4u  IPv4 0x9426d8efced6e2e5      0t0  UDP *:*
 identitys   264   za   20u  IPv4 0x9426d8efceda4e15      0t0  UDP *:*
 ========================
 #worked
 [za ~]$ sudo tcpdump -v -i eth1  -s 0 -w /tmp/sniff.pcap port <port>


 # -i interfiace , if you do not know the interface you can do  sudo
 sudo tcpdump -D
 sudo tcpdump -i eth0
 [vagrant@localhost ~]$ sudo tcpdump -i any -c 10 -n -s10


 # write packets of a goven interface to a file. 
 [vagrant@localhost ~]$ sudo tcpdump -i eth0 -c 100 -w capture.pcap -v
 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
 Got 16

 # for a given host
 vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.15 -w capture.pcap -v
 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
 Got 30

 # host and port
 [vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.2 and port 61755  -w capture.pcap -v
 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
 Got 10

 # get lsof details for a given port.3000 ip for rails :)
 za:~ za$  lsof -i TCP:3000
 COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
 ruby    11674   za   12u  IPv6 0x9426d8efdb2c8fbd      0t0  TCP localhost:hbci (LISTEN)
 ruby    11674   za   13u  IPv4 0x9426d8efd523e75d      0t0  TCP localhost:hbci (LISTEN)

 # lists tcp only.
 ]$ sudo lsof -i TCP

 ===============
 # yay ,  is the man. 
 za:~ za$ ifconfig
 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
 	options=3<RXCSUM,TXCSUM>
 	inet6 ::1 prefixlen 128 
 	inet 127.0.0.1 netmask 0xff000000 
 	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
 ===============
 Note : netstat is absolete .  Replacement for netstat is ss.  Replacement for netstat -r is ip route.  Replacement for netstat -i is ip -s link.  Replacement for netstat  -g  is
 ip maddr.
 ===============
 to get the list of current DNS servers you can run this command in Terminal: cat /etc/resolv.conf 

 =====================================
 send email from terminal
 echo "Subject: sendmail test" | sendmail -v [email protected]
 #check for th email sent.
 ps faux | grep sendmail

 =======================================================================================================

 If you want each run of grep to produce output to a different file, run a shell to compute the output file name and perform the redirection.

 find . -name "*.py" -type f -exec sh -c 'grep "something" <"$0" >"$0.txt"' {} \;


 # what is ssh-agent and ssh-add
 You may want to use ssh-agent and ssh-add to load the key into memory.  ssh will try identities from ssh-agent automatically if it can find them. Commands would be

 eval $(ssh-agent) # Create agent and environment variables
 ssh-add ~/.ssh/1234-identity
 ssh-agent is a user daemon which holds unencrypted ssh keys in memory. ssh finds it based on environment variables which ssh-agent outputs when run. Using eval to evaluate this output creates the environment variables.  ssh-add is the command which manages the keys memory. The agent can be locked using ssh-add. A default lifetime for a key can be specified when ssh-agent is started, and or specified for a key when it is added.

 You might also want to setup a ~/.ssh/config file to supply the port and key definition. (See `man ssh_config for more options.)

 host 22.33.44.55
    IdentityFile ~/.ssh/1234-identity
    
 # gets the ip address.  
  ip route get 8.8.8.8 | awk '{print $NF; exit}'
    Port 1234
 Single quoting the ssh command will prevent shell expansion which is needed for ~ or $HOME. You could use the full or relative path to the key in single quotes.




 nmap 104.196.40.102
   find free ips in a subnet
  nmap -T4 -sP  172.16.249.22/24   && egrep "00:00:00:00:00:00" /proc/net/arp

 Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-14 02:18 UTC
 Nmap scan report for 102.40.196.104.acc.googleusercontent.com (104.196.40.102)
 Host is up (0.00083s latency).
 Not shown: 997 filtered ports
 PORT     STATE  SERVICE
 22/tcp   open   ssh
 80/tcp   closed http
 3389/tcp closed ms-wbt-server


 #passanger 
 passenger-config about ruby-command
 sudo /etc/init.d/apache2 restart
 systemctl
 systemctl apache2 status

 Nice visual of apache/nginx process.
 se785fall16@se785fall16:~$ sudo /usr/sbin/passenger-memory-stats
 Version: 5.0.30
 Date   : 2016-11-16 03:11:18 +0000

 --------- Apache processes ----------

 =========
 #copying local key to remote for easier login ssh foo@bar
 za:~ za$ ssh-copy-id [email protected]
 /usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

 /usr/local/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
 		(if you think this is a mistake, you may want to use -f option)
 		
 /usr/bin/mysql --defaults-file=/opt/somepath/tp/passwprd/file/password.txt foouser -h url-to-db-conn-string-development --port=11111 -e 'show tables; select * from fee; select * from bartoo' --ssl-ca=/some/path/to/my/cert.pem --ssl
 		
 		
 ======NetqworkMANAGER

 [zee@dev-instance ~]$ nmcli general status
 STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
 connected  full          enabled  enabled  enabled  enabled 



 [root@dev-instance ~]# nmcli connection show
 NAME                UUID                                  TYPE            DEVICE  
 Wired connection 1  69eafdf1-f20c-34a3-9e96-2708df4bcad9  802-3-ethernet  eth1    
 docker0             bc26c8a9-26d0-40ec-9b00-ca5f1fac7db6  bridge          docker0 
 eth0                8fe2d755-db78-44d3-b4c5-7183c8253a94  802-3-ethernet  eth0    
 System eth0         5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  802-3-ethernet  --  


 [zee@dev-instance ~]$ hciconfig;hciconfig -a hci0;lsmod |grep bt;dmesg | grep tooth


 ----------------------------------------------------------
 # Do this so that we can run vmrun from terminal instead of passing the entire dir
 $ ln -s "/Applications/VMware Fusion.app/Contents/Library/vmrun" /usr/local/bin/vmrun
	# Find out if you are root or not for admin tasks.
	(( EUID )) && { echo 'Run this script with root priviliges.'; exit 1; } \|\| echo 'Running as root, starting service...'

	find userID:
	]$ id -u
	44502

	#za:~ za$ brew search /\net/

	#!/bin/sh
	#
	# cron ex: * * * * * /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /root/scripts/check-mountpoint.sh >> /root/scripts/cron.log



	# all mounts will show under "cat /proc/mounts"
	# mountpoint must be present in fstab
	mountpoint=" /mnt/endpoint" # use space before (prevent mountpoint as source)

	if [ -z "$(grep $mountpoint /proc/mounts)" ]; then
	# we use space before, prevent mountpoint as source
	echo "$mountpoint not present"
	unmount $mountpoint
	mount $mountpoint
	echo "Erreur du point de montage $(mountpoint) sur le serveur:\n $(hostname)" \| mail -s "Rapport d'erreur point de montage" $email
	fi


	## what brew does when setting itself up.
	==> /usr/bin/sudo /usr/sbin/chown za /usr/local/.
	==> /usr/bin/sudo /usr/bin/chgrp admin /usr/local/.
	==> /usr/bin/sudo /bin/mkdir /Library/Caches/Homebrew
	==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
	==> /usr/bin/sudo /usr/sbin/chown za /Library/Caches/Homebrew
	==> Searching online for the Command Line Tools
	==> /usr/bin/sudo /usr/bin/touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
	==> Installing Command Line Tools (OS X 10.11) for Xcode-7.3
	==> /usr/bin/sudo /usr/sbin/softwareupdate -i Command\ Line\ Tools\ (OS\ X\ 10.11)\ for\ Xcode-7.3



	======
	# checks free mem
	free -m

	====
	LC_ALL is the environment variable that overrides all the other localisation settings (except $LANGUAGE under some circumstances).

	LANG="en_US.UTF-8"
	LC_COLLATE="en_US.UTF-8"
	LC_CTYPE="en_US.UTF-8"
	LC_MESSAGES="en_US.UTF-8"
	LC_MONETARY="en_US.UTF-8"
	LC_NUMERIC="en_US.UTF-8"
	LC_TIME="en_US.UTF-8"
	LC_ALL=

	======================
	# dig - DNS lookup utility
	dig -x

	======================
	see boot stuff # alos check systemd
	cat /var/log/boot.log



	=============
	# dda group and a then add a new user to that group
	#create group with gid
	sudo groupadd -g 54321 myapp
	#add user to the group.
	[vagrant@localhost ~]$ sudo adduser -G myapp myapp
	adduser: group myapp exists - if you want to add this user to that group, use -g.
	[vagrant@localhost ~]$ sudo adduser -g myapp myapp
	[vagrant@localhost ~]$ id myapp
	uid=1001(myapp) gid=54321(myapp) groups=54321(myapp)

	# create a new folder and changing the group and user fo that folder
	chown: changing ownership of ‘myapp_dir/’: Operation not permitted
	[vagrant@localhost ~]$ sudo chown myapp:myapp myapp_dir/
	[vagrant@localhost ~]$ ls -lad myapp_dir/
	drwxrwxr-x. 2 myapp myapp 4096 Jun 9 23:10 myapp_dir/
	[vagrant@localhost ~]$
	# create second user
	[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
	drwxrwxr-x. 2 vagrant vagrant 4096 Jun 9 23:34 myapp_root_withroot/
	[vagrant@localhost ~]$ sudo chown root:myapp myapp_root_withroot/
	[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
	drwxrwxr-x. 2 root myapp 4096 Jun 9 23:34 myapp_root_withroot/



	===================
	#za identify the conn-type , and then use tcpdump to get the traffic . Still need to update.
	The lsof command reveals similar information since it is also capable of linking open ports to services:

	lsof -i \| grep 834

	za:~ za$ lsof -i
	COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
	UserEvent 250 za 4u IPv4 0x9426d8efced6e2e5 0t0 UDP :
	identitys 264 za 20u IPv4 0x9426d8efceda4e15 0t0 UDP :
	========================
	#worked
	[za ~]$ sudo tcpdump -v -i eth1 -s 0 -w /tmp/sniff.pcap port <port>


	# -i interfiace , if you do not know the interface you can do sudo
	sudo tcpdump -D
	sudo tcpdump -i eth0
	[vagrant@localhost ~]$ sudo tcpdump -i any -c 10 -n -s10


	# write packets of a goven interface to a file.
	[vagrant@localhost ~]$ sudo tcpdump -i eth0 -c 100 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 16

	# for a given host
	vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.15 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 30

	# host and port
	[vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.2 and port 61755 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 10

	# get lsof details for a given port.3000 ip for rails :)
	za:~ za$ lsof -i TCP:3000
	COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
	ruby 11674 za 12u IPv6 0x9426d8efdb2c8fbd 0t0 TCP localhost:hbci (LISTEN)
	ruby 11674 za 13u IPv4 0x9426d8efd523e75d 0t0 TCP localhost:hbci (LISTEN)

	# lists tcp only.
	]$ sudo lsof -i TCP

	===============
	# yay , is the man.
	za:~ za$ ifconfig
	lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	===============
	Note : netstat is absolete . Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is
	ip maddr.
	===============
	to get the list of current DNS servers you can run this command in Terminal: cat /etc/resolv.conf

	=====================================
	send email from terminal
	echo "Subject: sendmail test" \| sendmail -v [email protected]
	#check for th email sent.
	ps faux \| grep sendmail

	=======================================================================================================

	If you want each run of grep to produce output to a different file, run a shell to compute the output file name and perform the redirection.

	find . -name "*.py" -type f -exec sh -c 'grep "something" <"$0" >"$0.txt"' {} \;


	# what is ssh-agent and ssh-add
	You may want to use ssh-agent and ssh-add to load the key into memory. ssh will try identities from ssh-agent automatically if it can find them. Commands would be

	eval $(ssh-agent) # Create agent and environment variables
	ssh-add ~/.ssh/1234-identity
	ssh-agent is a user daemon which holds unencrypted ssh keys in memory. ssh finds it based on environment variables which ssh-agent outputs when run. Using eval to evaluate this output creates the environment variables. ssh-add is the command which manages the keys memory. The agent can be locked using ssh-add. A default lifetime for a key can be specified when ssh-agent is started, and or specified for a key when it is added.

	You might also want to setup a ~/.ssh/config file to supply the port and key definition. (See `man ssh_config for more options.)

	host 22.33.44.55
	IdentityFile ~/.ssh/1234-identity

	# gets the ip address.
	ip route get 8.8.8.8 \| awk '{print $NF; exit}'
	Port 1234
	Single quoting the ssh command will prevent shell expansion which is needed for ~ or $HOME. You could use the full or relative path to the key in single quotes.




	nmap 104.196.40.102
	find free ips in a subnet
	nmap -T4 -sP 172.16.249.22/24 && egrep "00:00:00:00:00:00" /proc/net/arp

	Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-14 02:18 UTC
	Nmap scan report for 102.40.196.104.acc.googleusercontent.com (104.196.40.102)
	Host is up (0.00083s latency).
	Not shown: 997 filtered ports
	PORT STATE SERVICE
	22/tcp open ssh
	80/tcp closed http
	3389/tcp closed ms-wbt-server


	#passanger
	passenger-config about ruby-command
	sudo /etc/init.d/apache2 restart
	systemctl
	systemctl apache2 status

	Nice visual of apache/nginx process.
	se785fall16@se785fall16:~$ sudo /usr/sbin/passenger-memory-stats
	Version: 5.0.30
	Date : 2016-11-16 03:11:18 +0000

	--------- Apache processes ----------

	=========
	#copying local key to remote for easier login ssh foo@bar
	za:~ za$ ssh-copy-id [email protected]
	/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

	/usr/local/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
	(if you think this is a mistake, you may want to use -f option)

	/usr/bin/mysql --defaults-file=/opt/somepath/tp/passwprd/file/password.txt foouser -h url-to-db-conn-string-development --port=11111 -e 'show tables; select * from fee; select * from bartoo' --ssl-ca=/some/path/to/my/cert.pem --ssl


	======NetqworkMANAGER

	[zee@dev-instance ~]$ nmcli general status
	STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN
	connected full enabled enabled enabled enabled



	[root@dev-instance ~]# nmcli connection show
	NAME UUID TYPE DEVICE
	Wired connection 1 69eafdf1-f20c-34a3-9e96-2708df4bcad9 802-3-ethernet eth1
	docker0 bc26c8a9-26d0-40ec-9b00-ca5f1fac7db6 bridge docker0
	eth0 8fe2d755-db78-44d3-b4c5-7183c8253a94 802-3-ethernet eth0
	System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet --


	[zee@dev-instance ~]$ hciconfig;hciconfig -a hci0;lsmod \|grep bt;dmesg \| grep tooth


	----------------------------------------------------------
	# Do this so that we can run vmrun from terminal instead of passing the entire dir
	$ ln -s "/Applications/VMware Fusion.app/Contents/Library/vmrun" /usr/local/bin/vmrun