Archive

Archive for the ‘bash’ Category

RAID (mdadm) add/remove faulty drive

/dev/sda3 -> faulty device.

root@makeitweb ~ # cat /proc/mdstat 
Personalities : [raid1] 
md3 : active raid1 sda4[0] sdb4[1]
      1843414335 blocks super 1.2 [2/2] [UU]
 
md2 : active raid1 sda3[0](F) sdb3[1]
      1073740664 blocks super 1.2 [2/1] [_U]
 
md1 : active raid1 sda2[0] sdb2[1]
      524276 blocks super 1.2 [2/2] [UU]
 
md0 : active raid1 sda1[0] sdb1[1]
      12581816 blocks super 1.2 [2/2] [UU]
 
unused devices: <none>
mdadm --manage /dev/md2 --fail /dev/sda3
mdadm --manage /dev/md2 --remove /dev/sda3
mdadm --manage /dev/md2 --add /dev/sda3
root@makeitweb ~ # cat /proc/mdstat 
Personalities : [raid1] 
md3 : active raid1 sda4[0] sdb4[1]
      1843414335 blocks super 1.2 [2/2] [UU]
 
md2 : active raid1 sda3[0] sdb3[1]
      1073740664 blocks super 1.2 [2/1] [_U]
      [>....................]  recovery =  0.1% (1565952/1073740664) finish=319.5min speed=55926K/sec
 
md1 : active raid1 sda2[0] sdb2[1]
      524276 blocks super 1.2 [2/2] [UU]
 
md0 : active raid1 sda1[0] sdb1[1]
      12581816 blocks super 1.2 [2/2] [UU]
 
unused devices: <none>
Categories: Apache, backup, bash, Filesystems Tags:

Конвертиране на h264 до… формат за гледане с VLC player?

Една команда, която да ми напомня как да конвертирам записите от CCTV камерите в клипчета (mp4), които лесно да се гледат чрез VLC player или директно през уеб video player.

avconv -y -re -i /path/to/file.h264 \
-vcodec libx264 -bufsize 1000k -deinterlace -threads 0 \
-acodec libvo_aacenc /path/to/output.mp4
Categories: bash Tags:

Елементарен скрипт за изпращане на mail през bash

#!/bin/bash
SUBJECT="I am subject"
EMAIL="user@domain.com"
 
EMAILMESSAGE=""
echo "Hello World" > $EMAILMESSAGE
echo "I am test text" >> $EMAILMESSAGE
 
/bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
Categories: bash Tags:

Quick: mdadm check RAID

Как да накараме mdadm да ни информира ако имаме проблем с някой от RAID масивите?

Елементарно:

mdadm --monitor --scan --mail=MAIL@DOMAIN.com --delay=3600 --daemonize --test

Защита от DoS атака с iptables

Тези команди ще ви помогнат да се защитите от DoS атака. Посредством тях, ще блокирате всяко IP, което за 60 секунди има повече от 20 връзки (connections) към текущата машина:

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
 
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

Резултат от командата:

[root@server ~]# netstat -alpn| grep ":80"| awk '{ print $5 }'| cut -d: -f4| sort| uniq -c | sort -n
      1 *
      3 66.249.72.131
     16 81.100.74.82
     17 82.12.246.158
     19 212.183.140.13
     19 78.148.123.94
     20 85.211.47.252
     20 86.166.141.234
     20 87.97.215.7
     20 89.253.191.173
     20 91.92.170.172
     20 94.156.57.170
     20 94.169.158.18
     22 77.78.11.99

Разбира се това е само пример и можете да смените стоностите за секунди (60) и брои връзки (20).
Имайте впредвид, че максималните стойности за –seconds са 60, а за –hitcount са 20

За да премахнете правило (RULE) от iptables използвайте следните команди.
Лист на всички правила в iptables:

iptables -L INPUT -n --line-numbers
[root@server ~]# iptables -L INPUT -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW recent: UPDATE seconds: 60 hit_count: 20 name: DEFAULT side: source 
2               tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW recent: SET name: DEFAULT side: source 
3    fail2ban-SSH  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
4    DROP       all  --  67.195.0.0/24        0.0.0.0/0           
[root@server ~]#

За да изтрием правилото за блокиране на IP-тата в този случай пишем:

iptables -D INPUT 1
Categories: bash, Cent OS, Debian, Linux, Защита Tags:

Брой конекции от 1 IP адрес

Как да разберем колко конекции (connections) имаме към определен порт на нашата машина.
Командата дава списък с IP–та и за всяко едно от тях брои връзките, които то (IP-то) е направило към машината. Текущата команда сканира връзките към порт 80:

netstat -alpn| grep ":80"| awk '{ print $5 }'| cut -d: -f4| sort| uniq -c | sort -n
Categories: bash Tags:

Tune your bash > .bash_profile | .bashrc | ./etc/profile

March 11th, 2011 No comments

This is very useful things in my Linux = .bashrc and my Mac = .bash_profile

Linux = .bashrc | /etc/profile

I just found this useful link with .bashrc examples bashrc examples
I use “HISTTIMEFORMAT=’%F %T ‘ ”
Here is full list for timestamps TIMESTAMPS

Here is my HISTORY section in .bashrc

# don't put duplicate lines in the history. See bash(1) for more options
# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
# ... or force ignoredups and ignorespace
export HISTCONTROL=ignoreboth
 
# append to the history file, don't overwrite it
shopt -s histappend
 
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
 
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

/etc/profile

export PATH
export HISTTIMEFORMAT='%F %T '
HISTSIZE=100000        # history size use big motherfucker size
HISTFILESIZE=1000      # file log size
HISTCONTROL=erasedups # dont dublucate 
HISTCONTROL=ignorespace #ignorepsaces
DATA=`date`                   # variable for `date`
 
HISTFILE=~/.bash_history.$DATA  # histfile will look .bash_histori + command `date`

Here is something very useful for me and i put it in my .bashrc
1. random pass generator
2. simple console calculator
3. colours
4. easy access servers with alias

genpasswd() {
        local l=$1
        [ "$l" == "" ] &amp;&amp; l=20 
        tr -dc A-Za-z0-9-!@%^*_ &lt; /dev/urandom | head -c ${l} | xargs
}
function calc () {
        { echo "$*" | bc -l; }
}
 
 
alias ls='ls --color'
# i want my grep to color my search word and exclude my grep command
alias grep='grep -v grep | grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'

Lets see it in action :

[14:21]vhristev@hristev:~$ genpasswd
nHwl*W8Yp4v__T-whmn2
[14:21]vhristev@hristev:~$ calc 54-4
50
[14:21]vhristev@hristev:~$ ps aux | grep nginx
root      1920  0.0  0.2  27772  1084 ?        Ss   Mar10   0:00 nginx: master process /usr/sbin/nginx
www-data  1921  0.0  0.4  28700  2416 ?        S    Mar10   0:01 nginx: worker process
www-data  1922  0.0  0.4  28536  2280 ?        S    Mar10   0:01 nginx: worker process
www-data  1925  0.0  0.4  28536  2244 ?        S    Mar10   0:02 nginx: worker process
www-data  1926  0.0  0.4  28536  2252 ?        S    Mar10   0:02 nginx: worker process
[14:22]vhristev@hristev:~$

Why I need put colors in my prompt ?
– We are humans and make mistakes.I remember one day how I execute command on different server and … in fact it was not so big deal but if it was ???
– If you have 1-2 machines its not so useful but if you have 10 or more you may want to put some RED or YELLOW color in your prompt to identify your important servers.

\A – the current time in 24-hour HH:MM format
33[00;31m – RED
33[01;32m – Yellow

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[33[00;31m\]\u@\[33[01;32m\]\h\[33[00m\]:\[33[01;34m\]\w\[33[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
 
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[33[0;35m\]\[33[01;33m\][\A]\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

And voalaaa… you get the prettiest bash prompt :
You can see another idea for customize your PS1 prompt

I want to access my servers very easy without typing every time USER/HOSTNAME/PORT in this case i use aliases
syntax= “alias NAME_OF_COMMAND=’real command’
example= alias homepc=’ssh -l root 192.168.10.10 -p 3333′

Now when i put this in my ~/.bashrc and update it (source ~/.bashrc) when i type “homepc” command “ssh -l root 192.168.10.10 -p 3333” will be executed
In action:

Bash special characters codes

    * \a : an ASCII bell character (07)
 
    * \d : the date in "Weekday Month Date" format (e.g., "Tue May 26")
 
    * \D{format} : the format is passed to strftime(3) and the result is inserted into the prompt string; an empty format results in a locale-specific time representation. The braces are required
 
    * \e : an ASCII escape character (033)
 
    * \h : the hostname up to the first '.'
 
    * \H : the hostname
 
    * \j : the number of jobs currently managed by the shell
 
    * \l : the basename of the shell’s terminal device name
 
    * \n : newline
 
    * \r : carriage return
 
    * \s : the name of the shell, the basename of $0 (the portion following the final slash)
 
    * \t : the current time in 24-hour HH:MM:SS format
 
    * \T : the current time in 12-hour HH:MM:SS format
 
    * \@ : the current time in 12-hour am/pm format
 
    * \A : the current time in 24-hour HH:MM format
 
    * \u : the username of the current user
 
    * \v : the version of bash (e.g., 2.00)
 
    * \V : the release of bash, version + patch level (e.g., 2.00.0)
 
    * \w : the current working directory, with $HOME abbreviated with a tilde
 
    * \W : the basename of the current working directory, with $HOME abbreviated with a tilde
 
    * \! : the history number of this command
 
    * \# : the command number of this command
 
    * \$ : if the effective UID is 0, a #, otherwise a $
 
    * \nnn : the character corresponding to the octal number nnn
 
    * \\ : a backslash
 
    * \[ : begin a sequence of non-printing characters, which could be used to embed a terminal control sequence into the prompt
 
    * \] : end a sequence of non-printing characters

Here is my MacBook .bash_profile some good function ps and grep some process example = psgrep apache will ps aux | grep apache .

Categories: bash Tags:

Script to Generate/Upload ssh key to remote system

March 9th, 2011 No comments

This is script who will generate or upload ssh key to remote system

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
# This was written only for simple usage
#Valentin Hristev
 
### Enter username and IP(or hostname) for REMOTE machine
echo -n "Enter remote username: "
read USR
echo -n "Remote username is set to $USR  "
case $usr in
esac
echo ""
 
echo -n "Enter remote ip/host address: "
read HOST
echo -n "Remote ip/host is set to $HOST  "
case $usr in
esac
 
#echo -n "Default SSH port is 22 if you want to change it please open ssh_gen with your favourite text editor and change "PORT=" PORT_NUMMER"
 
echo -n "Enter PORT: "
read PORT
echo -n "Remote port is $PORT  "
case $usr in
esac
 
echo -n "Your config is :User = $USR  Host = $HOST Port = $PORT "
 
#PORT="22"
NEWKEY="yes"
 
# Generate SSH keys RSA
makekey () {
if [ $NEWKEY == "yes" ]; then
ssh-keygen -t rsa -f ~/.ssh/identity
fi
}
 
# Check for file "authozed_keys" if file is not there create it.
 
checkfile () {
if [ -f ~/.ssh/authorized_keys ]; then
touch ~/.ssh/authorized_keys
fi
}
 
# Check for ".ssh" if dir is not there create it.
upload () {
cat ~/.ssh/identity.pub | ssh -p $PORT $USR@$HOST 'sh -c "if [ ! -d .ssh ] ; then mkdir .ssh ; chmod 700 .ssh ; fi
cat - &gt;&gt;~/.ssh/authorized_keys &amp;&amp; chmod 600 ~/.ssh/authorized_keys"'
echo "Done..................... "
}
 
## Main Menu
press_enter () {
echo ""
echo -n "Press Enter to continue"
read
clear
}
 
selection=
until [ "$selection" = "0" ]; do
echo ""
echo "*******PROGRAM MENU"**********
echo "1 - Generate &amp; Upload New Key"
echo "2 - Upload Old Key"
echo ""
echo "0 - exit "
echo ""
echo -n "Enter choose: "
read selection
echo ""
case $selection in
1 ) checkfile ; makekey ; upload ;;
2 ) upload ;;
0 ) exit ;;
 
    * ) echo "Please enter 1, 2 or 0"; press_enter
 
esac
done
 
exit 0
 
#END

Here is script in action

Categories: bash Tags:

Как да убием всички процеси по ключова дума?

При преглед на една от машините днес забелязах, че един cron е останал висящ в опашката и са зависнали близо 60 негови изпълнения.
user 312 0.0 0.0 60376 7164 ? Ss Jan14 1:26 /usr/local/php/bin/php /www/domain.com/www/root/dumper.php
user 635 0.0 0.0 60000 7476 ? Ss 2010 2:24 /usr/local/php/bin/php /www/domain.com/www/root/dumper.php
user 740 0.0 0.0 60000 6656 ? Ss 2010 2:29 /usr/local/php/bin/php
.............

За да убия всичките процеси наведнъж и да не пиша отделно PID на всеки процес, използвах следната команта:

ps aux | grep dumper | kill `awk '{print $2}'`

Въпросната команда обикала дървото с процесите и навсякъде където срещне думата “dumper” kill-ва процеса.

Categories: bash, Linux Tags:

bash script за бекъп (backup) на база данни

В момента съм в процес на ъпгрейд на бекъп системата ми. Не се учудвайте ако видите нещо да е “не както трябва”, защото все пак цялата система е писана за лични нужди и скоро няма изгледи да бъде пусната за масово ползване.

За пореден път: авторите на блога не отговарят за щетите, които може да нанесете на системата си, използвайки и прилагайки статиите написани тук!

Ето го и скрипта 🙂

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/bash
 
DBUSER="root"
DBPASS="password_here"
DIR="/home/blagomir/test/"
DUMP="/usr/bin/mysqldump"
 
 
DATABASES=`mysql -u $DBUSER -p$DBPASS -e"show databases"`
for b in $DATABASES ;
	do
	TABLES=`mysql -u $DBUSER -p$DBPASS -e"show tables from $b"`
 
	echo "=============================================="
	echo "Backup database $b"
 
	for t in $TABLES ;
	do
 
		VARIABLE="Tables_in_$b"
		if [[ "$VARIABLE" != $t ]];
		then
			echo "Backup table $b.$t"
			$DUMP -u $DBUSER -p$DBPASS --database $b --table $t > $DIR$b.$t.sql
		fi
 
	done
 
	echo "Done backup $b"
	echo "=============================================="
 
done
Categories: bash, Lab Tags: