Skip to content

Instantly share code, notes, and snippets.

@moziauddin

moziauddin/All Linux Scripts and Tips

Last active December 12, 2022 10:36
Show Gist options
  • Save moziauddin/acfbb4072cfbbfa9e496d589b66a3dc6 to your computer and use it in GitHub Desktop.
Save moziauddin/acfbb4072cfbbfa9e496d589b66a3dc6 to your computer and use it in GitHub Desktop.
Download ZIP
Linux
Raw
All Linux Scripts and Tips
#--------------------------------------------------------------------------------------------------------------
# Add Permanent SWAP 8GB
# Create swap file
sudo fallocate -l 8G /swapfile
#Change Permissions
sudo chmod 600 /swapfile
#Mark the file as swap space
sudo mkswap /swapfile
#enable the swap file, allowing our system to start utilizing it
sudo swapon /swapfile
#Verify that the swap is available
sudo swapon --show
#Check Memory for the server
free -h
#Backup fstab file before modifying
sudo cp /etc/fstab /etc/fstab.bak-21
#Add a line to fstab to make swap permanant
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
#Print the fstab file contents
sudo cat /etc/fstab
#--------------------------------------------------------------------------------------------------------------
# Create Slack Webhook to print WAN IP
PUBLIC_IP=$(curl -s http://ipinfo.io/ip);
H_NAME=$(hostname);
curl -s -X POST \
--data-urlencode "payload={\"channel\": \"#dev-ag-bie\", \"username\": \"webhookbot\", \"text\": \" The public ip address of *${H_NAME}* is *${PUBLIC_IP}*\", \"icon_emoji\": \":ghost:\"}" \
https://hooks.slack.com/**URL**
#--------------------------------------------------------------------------------------------------------------
# Change Apache Document Root
You'll have to edit apache2.conf and 000-default.conf to change the document root of apache.
The Apache server is installed on var/www/html.This is the default root directory of apache.
Either change the root directory of Apache or move the project to /var/www/html.
To change Apache's root directory, run:
cd /etc/apache2/sites-available
Then open the 000-default.conf file using the command:
nano 000-default.conf
Edit the DocumentRoot option:
DocumentRoot /path/to/my/project
Then restart the apache server:
sudo service apache2 restart
#--------------------------------------------------------------------------------------------------------------
# GRUB Manual
NAME
grub-fstest - debug tool for GRUB filesystem drivers
SYNOPSIS
grub-fstest [OPTION...] IMAGE_PATH COMMANDS
DESCRIPTION
Debug tool for filesystem driver.
Commands:
blocklist FILE
Display blocklist of FILE.
cat FILE
Copy FILE to standard output.
cmp FILE LOCAL
Compare FILE with local file LOCAL.
cp FILE LOCAL
Copy FILE to local file LOCAL.
crc FILE
Get crc32 checksum of FILE.
hex FILE
Show contents of FILE in hex.
ls PATH
List files in PATH.
xnu_uuid DEVICE
Compute XNU UUID of the device.
-c, --diskcount=NUM
Specify the number of input files.
-C, --crypto
Mount crypto devices.
-d, --debug=STRING
Set debug environment variable.
-K, --zfs-key=FILE|prompt
Load zfs crypto key.
-n, --length=NUM
Handle N bytes in output file.
-r, --root=DEVICE_NAME
Set root device.
-s, --skip=NUM
Skip N bytes from output file.
-u, --uncompress
Uncompress data.
-v, --verbose
print verbose messages.
-?, --help
give this help list
--usage
give a short usage message
-V, --version
print program version
info grub-fstest
#--------------------------------------------------------------------------------------------------------------
# Install Midnight Commander
sudo add-apt-repository ppa:eugenesan/ppa
sudo apt-get update
sudo apt-get install mc -y
#--------------------------------------------------------------------------------------------------------------
#Install jq from repository
sudo add-apt-repository ppa:eugenesan/ppa
sudo apt update
sudo apt install jq -y
#--------------------------------------------------------------------------------------------------------------
# Linux Mint Boot Dev Full
dev/sda1 is the boot device and is full on boot. Has old kernels sitting in the boot partition.
OLDCONF=$(dpkg -l|grep "^rc"|awk '{print $2}')
CURKERNEL=$(uname -r|sed 's/-*[a-z]//g'|sed 's/-386//g')
LINUXPKG="linux-(image|headers|ubuntu-modules|restricted-modules)"
METALINUXPKG="linux-(image|headers|restricted-modules)-(generic|i386|server|common|rt|xen)"
OLDKERNELS=$(dpkg -l|awk '{print $2}'|grep -E $LINUXPKG |grep -vE $METALINUXPKG|grep -v $CURKERNEL)
YELLOW="\033[1;33m"
RED="\033[0;31m"
ENDCOLOR="\033[0m"
sudo apt-get purge $OLDKERNELS
Before: df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8172388 0 8172388 0% /dev
tmpfs 1640120 9696 1630424 1% /run
/dev/mapper/mint--vg-root 213594352 30312160 172409156 15% /
tmpfs 8200584 212 8200372 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 8200584 0 8200584 0% /sys/fs/cgroup
/dev/sda1 482922 460908 0 100% /boot
cgmfs 100 0 100 0% /run/cgmanager/fs
/dev/sdb 3845579616 1091820668 2558391636 30% /media/bob/wd4tb
tmpfs 1640120 4 1640116 1% /run/user/108
tmpfs 1640120 44 1640076 1% /run/user/1000
/home/bob/.Private 213594352 30312160 172409156 15% /home/bob
/dev/sdc1 2930232316 2504931340 425300976 86% /media/bob/wd-elements-3tb
After: df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8172388 0 8172388 0% /dev
tmpfs 1640120 9652 1630468 1% /run
/dev/mapper/mint--vg-root 213594352 28061004 174660312 14% /
tmpfs 8200584 5660 8194924 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 8200584 0 8200584 0% /sys/fs/cgroup
/dev/sda1 482922 78027 379961 18% /boot
cgmfs 100 0 100 0% /run/cgmanager/fs
/dev/sdb 3845579616 1091820668 2558391636 30% /media/bob/wd4tb
tmpfs 1640120 44 1640076 1% /run/user/1000
/home/bob/.Private 213594352 28061004 174660312 14% /home/bob
/dev/sdc1 2930232316 2504931340 425300976 86% /media/bob/wd-elements-3tb
#--------------------------------------------------------------------------------------------------------------
# Setup NTP
#1. Check NTP Status
timedatectl
#Turn off ntp
sudo timedatectl set-ntp no
#Verify the status
timedatectl
#Install NTP
sudo apt-get install ntp
#Set-Timezone
sudo timedatectl set-timezone Australia/Sydney
#Verify ntp source servers
sudo ntpq -p
# Turn on NTP
sudo timedatectl set-ntp on
#--------------------------------------------------------------------------------------------------------------
# Snapper Snapshots missing opensuse tumbleweed
```neo@linux-qvqt:~> cat /etc/fstab
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 / btrfs defaults 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /.snapshots btrfs subvol=/@/.snapshots 0 0
UUID=22eaf161-1cb2-4fd8-8347-b7ce0fd4e98e swap swap defaults 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /var btrfs subvol=/@/var 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /usr/local btrfs subvol=/@/usr/local 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /tmp btrfs subvol=/@/tmp 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /srv btrfs subvol=/@/srv 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /root btrfs subvol=/@/root 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /opt btrfs subvol=/@/opt 0 0
UUID=f3cb5e31-57d0-4bd0-866d-3eea3750548a /home xfs defaults 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /boot/grub2/x86_64-efi btrfs subvol=/@/boot/grub2/x86_64-efi 0 0
UUID=ede2d9f9-7167-4e2c-896b-c335f0483fb7 /boot/grub2/i386-pc btrfs subvol=/@/boot/grub2/i386-pc 0 0
UUID=205C-E69C /boot/efi vfat defaults 0 0
neo@linux-qvqt:~> find /boot/
efi/ grub2/
neo@linux-qvqt:~> find /boot/efi/
/boot/efi/
/boot/efi/EFI
/boot/efi/EFI/boot
/boot/efi/EFI/boot/bootx64.efi
/boot/efi/EFI/boot/fallback.efi
/boot/efi/EFI/opensuse
/boot/efi/EFI/opensuse/MokManager.efi
/boot/efi/EFI/opensuse/grub.efi
/boot/efi/EFI/opensuse/shim.efi
/boot/efi/EFI/opensuse/boot.csv
/boot/efi/EFI/opensuse/grub.cfg
/boot/efi/EFI/opensuse/grubx64.efi```
Martin Bohun Hormann [9:34 AM]
```inux-khr1:/home/mbohun # find /etc/uefi
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/4659838C.crt
/etc/uefi/certs/188EA6FA.crt```
Mo (Z) [9:35 AM]
```/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/4659838C.crt
/etc/uefi/certs/188EA6FA.crt```
Mo (Z) [9:40 AM]
```drwxr-xr-x 2 root root 60 May 16 08:07 .
drwxr-xr-x 21 root root 4080 May 18 09:37 ..
crw------- 1 root root 10, 236 May 16 08:07 control```
Martin Bohun Hormann [9:40 AM]
```linux-khr1:/home/mbohun # ls -lahF /dev/mapper/
total 0
drwxr-xr-x 2 root root 60 May 17 20:47 ./
drwxr-xr-x 21 root root 4.1K May 18 09:22 ../
crw------- 1 root root 10, 236 May 17 20:48 control```
```linux-khr1:/home/mbohun # cat /etc/sysconfig/snapper
## Path: System/Snapper
## Type: string
## Default: ""
# List of snapper configurations.
SNAPPER_CONFIGS=""```
Mo (Z) [9:43 AM]
```neo@linux-qvqt:~> cat /etc/sysconfig/snapper
## Path: System/Snapper
## Type: string
## Default: ""
# List of snapper configurations.
SNAPPER_CONFIGS="root"```
Martin Bohun Hormann [9:44 AM]
```linux-khr1:/home/mbohun # btrfs fi show /
Label: none uuid: c298be1e-cd47-4dff-9e6a-25240a3a6694
Total devices 1 FS bytes used 11.14GiB
devid 1 size 40.00GiB used 13.07GiB path /dev/sda3```
```linux-khr1:/home/mbohun # sudo btrfs subvolume list /
ID 256 gen 31576 top level 5 path var
ID 258 gen 31499 top level 5 path usr/local
ID 259 gen 31573 top level 5 path tmp
ID 260 gen 30701 top level 5 path srv
ID 261 gen 31571 top level 5 path root
ID 262 gen 30708 top level 5 path opt
ID 263 gen 30565 top level 5 path boot/grub2/x86_64-efi
ID 264 gen 30565 top level 5 path boot/grub2/i386-pc```
Mo (Z) [9:44 AM]
```neo@linux-qvqt:~> sudo btrfs fi show /
Label: none uuid: ede2d9f9-7167-4e2c-896b-c335f0483fb7
Total devices 1 FS bytes used 10.74GiB
devid 1 size 40.00GiB used 11.77GiB path /dev/sda2```
```neo@linux-qvqt:~> sudo btrfs subvolume list /
ID 257 gen 32 top level 5 path @
ID 258 gen 2224 top level 257 path @/var
ID 259 gen 2161 top level 257 path @/usr/local
ID 260 gen 2219 top level 257 path @/tmp
ID 261 gen 1896 top level 257 path @/srv
ID 262 gen 2192 top level 257 path @/root
ID 263 gen 2212 top level 257 path @/opt
ID 264 gen 2212 top level 257 path @/boot/grub2/x86_64-efi
ID 265 gen 1976 top level 257 path @/boot/grub2/i386-pc
ID 266 gen 2217 top level 257 path @/.snapshots
ID 267 gen 2224 top level 266 path @/.snapshots/1/snapshot
ID 273 gen 84 top level 266 path @/.snapshots/2/snapshot
ID 275 gen 128 top level 266 path @/.snapshots/3/snapshot
ID 280 gen 262 top level 266 path @/.snapshots/4/snapshot
ID 281 gen 274 top level 266 path @/.snapshots/5/snapshot
ID 282 gen 283 top level 266 path @/.snapshots/6/snapshot
ID 283 gen 855 top level 266 path @/.snapshots/7/snapshot
ID 284 gen 856 top level 266 path @/.snapshots/8/snapshot
ID 285 gen 857 top level 266 path @/.snapshots/9/snapshot
ID 286 gen 858 top level 266 path @/.snapshots/10/snapshot
ID 287 gen 867 top level 266 path @/.snapshots/11/snapshot
ID 289 gen 882 top level 266 path @/.snapshots/12/snapshot
ID 290 gen 883 top level 266 path @/.snapshots/13/snapshot
ID 291 gen 945 top level 266 path @/.snapshots/14/snapshot
ID 292 gen 946 top level 266 path @/.snapshots/15/snapshot
ID 293 gen 1902 top level 266 path @/.snapshots/16/snapshot
ID 294 gen 1903 top level 266 path @/.snapshots/17/snapshot
ID 295 gen 1974 top level 266 path @/.snapshots/18/snapshot
ID 296 gen 1975 top level 266 path @/.snapshots/19/snapshot
ID 297 gen 2006 top level 266 path @/.snapshots/20/snapshot
ID 298 gen 2007 top level 266 path @/.snapshots/21/snapshot
ID 299 gen 2195 top level 266 path @/.snapshots/22/snapshot
ID 302 gen 2215 top level 266 path @/.snapshots/23/snapshot```
#--------------------------------------------------------------------------------------------------------------
# Ubuntu-SOE-Script.sh
#!/bin/sh
# Install NTP and set timezone...
#1. Check NTP Status
timedatectl
#Turn off ntp
sudo timedatectl set-ntp no
#Verify the status
timedatectl
#Install NTP
sudo apt-get install ntp -y
#Set-Timezone
sudo timedatectl set-timezone Australia/Sydney
sudo timedatectl set-ntp on
#Verify the status
timedatectl
# size of swapfile in megabytes
swapsize=8000
# does the swap file already exist?
sudo grep -q "swapfile" /etc/fstab
# if not then create it
if [ $? -ne 0 ]; then
echo 'swapfile not found. Adding swapfile.'
sudo fallocate -l ${swapsize}M /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap defaults 0 0' >> /etc/fstab
else
echo 'swapfile found. No changes made.'
fi
# output results to terminal
sudo cat /proc/swaps
sudo cat /proc/meminfo | grep Swap
# Install JQ after adding repository
sudo add-apt-repository ppa:eugenesan/ppa -y
sudo add-apt-repository ppa:eugenesan/ppa -y
# Run Update
sudo apt update
# Install all Applications
echo "Installing JQ"
sudo apt install jq -y
echo "Installed JQ"
echo "Installing MC"
sudo apt-get install mc -y
echo "Installed MC"
echo "Installing PYTHON"
sudo apt install python -y
echo "Installed PYTHON"
echo "Installing FAIL2BAN"
sudo apt install fail2ban -y
echo "Installed FAIL2BAN"
# Print Versions
jq --version
mc --version
python --version
ls /etc/fail2ban/
#--------------------------------------------------------------------------------------------------------------
# Personal VMAppInstallation-Linux
#!/bin/bash
sudo apt-get install ntp
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo sh -c 'echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ntype=rpm-md\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/zypp/repos.d/vscode.repo'
sudo zypper ar http://dl.google.com/linux/chrome/rpm/stable/x86_64 Google-Chrome
sudo zypper refresh
sudo zypper install code
sudo zypper in git
wget https://dl.google.com/linux/linux_signing_key.pub
sudo rpm --import linux_signing_key.pub
sudo zypper in google-chrome-stable
sudo zypper in jq
sudo zypper in keepass
sudo zypper in nmap
sudo zypper in remmina
sudo zypper in vlc
sudo zypper in virtualbox
sudo zypper in python
udo zypper install python-pip
sudo pip install -U boto
# Download RPM files first
sudo zypper in slack-3.2.0.beta25a7a50e-0.1.fc21.x86_64.rpm
sudo zypper in teamviewer-suse_13.1.3026.x86_64.rpm
sudo zypper in aws-cli
git clone https://github.com/Neilpang/acme.sh
sudo zupper in ansible
#--------------------------------------------------------------------------------------------------------------
# Bashrc Variables
# Enable colors on ls
export LS_OPTIONS='--color=auto'
#Set default editor
export EDITOR=/usr/bin/vim
#--------------------------------------------------------------------------------------------------------------
# ERROR: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
# ERROR: Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?
---------------------------------------------------------------------------------------------------------------------
# dpkg locked error on ubuntu / tumbleweed
# Solution:
# You can delete the lock file with the following command:
sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock
#--------------------------------------------------------------------------------------------------------------
# Lets Encrypt
1. Install acme.sh
git clone https://github.com/Neilpang/acme.sh
2. Run the command beloq to register a new domain wildcard cert using DNS. Use \ for http
./acme.sh --issue -d *.oztaxa.com --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
3. Add TXT entry on domain host as advised by the command
Add the following TXT record:
Domain: '_acme-challenge.example.domain.com'
TXT value: 'xxxxxxxxxxxxxxxxxx-xxxxxxxx_4'
Please be aware that you prepend _acme-challenge. before your domain
so the resulting subdomain will be: _acme-challenge.oztaxa.com
Dns record not added yet, so, save to /home/mo/.acme.sh/*.oztaxa.com/*.oztaxa.com.conf and exit.
Please add the TXT records to the domains, and re-run with --renew.
4. Run the below command to renew the certificate.
./acme.sh --renew -d *.oztaxa.com --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
#--------------------------------------------------------------------------------------------------------------
CREATE SELF SIGNED ROOT CA CERTIFICATE AND CERTIFICATE
Create Root Key
# Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096
# If you want a non password protected key just remove the -des3 option
# Create and self sign the Root Certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
# Create a certificate
# Create the certificate key
openssl genrsa -out mydomain.com.key 2048
# Create the signing request
openssl req -new -key mydomain.com.key -out mydomain.com.csr
# Generate the certificate using the mydomain csr and key along with the CA Root key
openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mydomain.com.crt -days 5
#--------------------------------------------------------------------------------------------------------------
PRINT CERTIFICATE INFORMATION
Using Keytool:
keytool -printcert -file certificate.pem
Using Openssl
openssl x509 -in certificate.pem -text
#--------------------------------------------------------------------------------------------------------------
SETUP AND RUN SELENIUM TESTS ON LINUX SERVER WITH JENKINS
# Download and Install Jenkins
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add -
echo deb https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list
sudo apt update
sudo apt-get install jenkins
# Install Chrome in headless mode
wget -qO - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
sudo apt-get update
sudo apt-get install google-chrome-stable
sudo chmod 777 /opt/google/
# Download and Install Java and restart Jenkins
sudo apt install java
sudo systemctl restart jenkins
systemctl status jenkins
# Change permissions for run-user, google chrome folder and install unzip
sudo chmod 777 /run/user/
sudo chmod 777 /opt/google/
sudo apt install -y unzip
# Install Firefox headless on Ubuntu Server
sudo apt install firefox
sudo chmod 777 /usr/lib/firefox
# Install Geckodriver for Firefox and Selenium
wget -N https://github.com/mozilla/geckodriver/releases/download/v0.16.1/geckodriver-v0.16.1-linux64.tar.gz -P ~/Downloads
tar -xvzf ~/Downloads/geckodriver* -C ~/Downloads
unzip ~/Downloads/geckodriver* -d ~/Downloads
# Change geckodriver permissions and move it to /usr/bin/
chmod 777 ~/Downloads/geckodriver
sudo mv -f ~/Downloads/geckodriver /usr/bin/geckodriver
# Copy geckodriver to BROWSERS folder in Jenkins Workspace for the job
sudo cp /usr/bin/geckodriver /var/lib/jenkins/workspace/<job-name>/BROWSERS/
# Change the geckodriver permission again in the BROWSERS folder
sudo chmod 777 /var/lib/jenkins/workspace/<job-name>/BROWSERS/geckodriver
# Download and Install Xvfb and git
sudo apt-get install xvfb
sudo apt install git-all
# Create Env variable in Jenkins ADDED AS EMV VAR IN JENKINS GUI (Global System Properties)
export DISPLAY=":1"
# Create a cron job with below command
/usr/bin/Xvfb :1 -screen 0 1024x768x24 -extension RANDR </dev/null &
#--------------------------------------------------------------------------------------------------------------
DEPLOY SPLUNK FORWARDER ON A *NIX MACHINE WITH BELOW SCRIPT
#WGET the package
wget -O splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
--2018-05-17 05:44:14-- https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true
#Install using dpkg
sudo dpkg -i splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb
#Add boot script to run splunk as non-root user
cd /opt/splunkforwarder/bin/
sudo ./splunk enable boot-start -user splunk
#Switch user and start splunk
sudo su splunk
./splunk start --answer-yes --no-prompt --accept-license
#Add forward server
./splunk add forward-server esspmon.oztaxa.com:9997
#Add a monitor in inputs.conf
sudo echo -e "\n\n[monitor:///var/log/]\n[monitor:///var/log/.../catalina.out]\n[monitor:///var/log/tomcat/*.log]
\n[monitor:///var/log/nginx/*.log]" >> /opt/splunkforwarder/etc/system/local/inputs.conf
#--------------------------------------------------------------------------------------------------------------
SPLUNK DEPLOYMENT STEPS
Stand up Ubuntu 16.0.4 server
Install ntp and turn it on
Set device name
Setup a non-root account
Verify access to /var/log directory
Install Splunk using the .deb package downloaded using wget (wget -O splunk-7.0.3-fa31da744b51-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.0.3&product=splunk&filename=splunk-7.0.3-fa31da744b51-linux-2.6-amd64.deb&wget=true')
Allow ports 8000, 8089, 8065, 8191
Increase ulimits
-----------------------------
cat /proc/sys/fs/file-max
ulimit -n
sudo vi /etc/sysctl.conf
fs.file-max = 131072
sudo sysctl -p
sudo vi /etc/security/limits.conf
* soft nproc 131072
* hard nproc 131072
* soft nofile 131072
* hard nofile 131072
root soft nproc 131072
root hard nproc 131072
root soft nofile 131072
root hard nofile 131072
sudo vi /etc/pam.d/common-session
session required pam_limits.so
ulimit -n
-----------------------------
Turn off THMP
------------------------------
sudo apt-get install hugepages
Add below command to /etc/rc.local
sudo hugeadm --thp-never
Check using:
cat /sys/kernel/mm/transparent_hugepage/enabled
Login to splunk web
Change password
Enable MC health checks and alerts
Update License and restart
Configure Receiving or Forwarding
------------------------------
Mail Settings
Certificates for resource communciation
SAML/MFA
Create a GPOadmin account in each env
DNS entry in each env for the indexer
Uninstall the old forwarder config
Silent install of the new forwarder - Have a script
Copy certs to etc/auth/public-certs/forwarders/
Copy conf files to etc/system/local
Replace the outputs.conf file with the dns name (tmr-ind-s1)
#--------------------------------------------------------------------------------------------------------------
GET-SPLUNK-FORWARDER-7.1.0
#RPM 64
wget -O splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-x86_64.rpm&wget=true'
#DEB 64
wget -O splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
#TGZ
wget -O splunkforwarder-7.1.0-2e75b3406c5b-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-Linux-x86_64.tgz&wget=true'
#--------------------------------------------------------------------------------------------------------------
SPLACK CHANNEL WEBHOOK LOGGING FROM LINUX VM
PUBLIC_IP=$(curl -s http://ipinfo.io/ip);
H_NAME=$(hostname);
curl -s -X POST \
--data-urlencode "payload={\"channel\": \"#..chanel-name..\", \"username\": \"webhookbot\", \"text\": \" The public ip address of *${H_NAME}* is *${PUBLIC_IP}*\", \"icon_emoji\": \":ghost:\"}" \
https://hooks.slack.com/services/..full-webhook-id..
#--------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment