Useful linux commands

apache-reverse-proxy.sh

# http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
# http://httpd.apache.org/docs/current/mod/mod_proxy_html.html
# http://www.apachetutor.org/admin/reverseproxies
# http://httpd.apache.org/docs/2.2/mod/mod_substitute.html

# load mod_proxy_html
sudo yum install mod_proxy_html
sudo vi /etc/httpd/conf/httpd.conf
# Find modules
LoadModule proxy_html_module modules/mod_proxy_html.so

# vhost
ProxyRequests Off
ProxyPass /uptime  http://localhost:3000
ProxyHTMLURLMap http://localhost:3000 /uptime

<Location /uptime>
        ProxyPassReverse /
        ProxyHTMLEnable On
        ProxyHTMLURLMap / /uptime/
        RequestHeader unset Accept-Encoding
</Location>

diskusage.sh

# show filesystem usage 
df -h

# show disk usage of folders to nail down where most used and sort
du -hc --max-depth 1 / | sort -h

# count files
find . -name '*.orig' | wc -l

# delete files matching name and user
find . -name '*.orig' #-delete

general.sh

# Log script output to text file and support standard input
# -a option to append to logfile.text
roll.sh | tee logfile.text

# Search processes
# pgrep looks through the currently running processes and lists the process IDs which matches the selection criteria to stdout. # # All the criteria have to match. For example,
pgrep -u root sshd

# will only list the processes called sshd AND owned by root.

# Copy the file "foobar.txt" from a remote host to the local host
$ scp [email protected]:foobar.txt /some/local/directory

# Copy the file "foobar.txt" from the local host to a remote host
$ scp foobar.txt [email protected]:/some/remote/directory

mvn deploy:deploy-file \
    -Durl=$REPO_URL \
    -DrepositoryId=$REPO_ID \
    -DgroupId=org.myorg \
    -DartifactId=myproj \
    -Dversion=1.2.3  \
    -Dpackaging=zip \
    -Dfile=myproj.zip

# Search a directory for text
grep "text string to search” directory-path
grep "text string to search” directory-path/*.txt

# For tcp packet sniffing
ngrep -d any port 25

# windows 
netstat -a | find "LISTENING"
netstat -a -p UDP
# linux
netstat -anup 
netstat -antp 

# find out disk usage
df -h

# curl with redirect and loggin
curl -Lv http://google.com

# find listening ports
sudo netstat -tulpn

git.sh

# show tags
git tag

# create a tag
git tag -a 12345 -m 'bump to 12345'

# push the tag
git push --tags
git push origin <tag_name>

# delete a remote tags
git tag -d 12345
git push origin :refs/tags/12345

grep.sh

# search  for a string + 5 lines after (B before) with line numbers -n
grep -A 5 -n "string" catalina.out

iptables.sh

# list iptab;es
# http://wiki.centos.org/HowTos/Network/IPTables
sudo iptables -L -n --line-numbers

# add entry
iptables -I INPUT 1 -p tcp --dport 111 -j ACCEPT

# add range of ports
iptables -I INPUT 1 -p tcp --match multiport --dports 1024:3000 -j ACCEPT

# delete entry
iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT
iptables -D INPUT 4

# Check forwarding - http://serverfault.com/questions/306024/how-to-route-network-traffic-of-a-host-via-another-host
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
# Enable forwarding
sysctl -w net.ipv4.ip_forward=1
# Set permanently
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
service network restart

# Firewall rules? - https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-firewall-ipt-fwd.html
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -I FORWARD 1 -o eth0 -j ACCEPT

iptables -A INPUT -p tcp -i eth0 -m multiport --dports 465,110,995,587,143,11025,20,21,22,26,80,443 -j ACCEPT

#cahce
ip route flush cache

#routes - https://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-networkscripts-static-routes.html
route add -host 192.168.33.65 gw 192.168.33.60
ip route add 192.168.33.65 via 192.168.33.60 dev eth1
ip route get 192.168.33.65	

# POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# SVAE MANUAL CHANGES
sudo /etc/init.d/iptables save

# Redirect port 80 to another port using iptables on CentOS
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

 sudo iptables -L PREROUTING -n --line-numbers -t nat
 sudo iptables -t nat -D PREROUTING 1

jboss.sh

#To start standalone server with the default server config (standalone.xml):
$JBOSS_HOME/bin/standalone.sh

#To start standalone server on custom, non-default port numbers, using offset=1, 2, 3, etc (negative offset number is invalid).  When #starting with offset 1, you will have http port number 8081 (the default 8080+1), CLI port number 10000 (the default 9999+1), admin #console port 9991 (the default 9990+1), etc.
standalone.sh -Djboss.socket.binding.port-offset=1

#To start standalone server with a specific server config (just the config file name in $JBOSS_HOME/standalone/configuration #directory, do not specify its file path):

standalone.sh -c standalone-full.xml
standalone.sh --server-config=standalone-ha.xml
standalone.sh --server-config standalone-full-ha.xml

#To avoid/disable "Press any key to continue..." when running JBoss AS7 commands on Windows:
#> set NOPAUSE=true
#> standalone
#> jboss-cli

#To start standalone server in debug mode at default debug port 8787, or at a different port, e.g., 6000:
standalone.sh --debug
standalone.sh -d
standalone.sh -d 6000
standalone.sh --debug 6000

#To start domain:
domain.sh

#To save the PID from AS process, define the environment variable JBOSS_PIDFILE and LAUNCH_JBOSS_IN_BACKGROUND:
export LAUNCH_JBOSS_IN_BACKGROUND=true
export JBOSS_PIDFILE=$JBOSS_HOME/pid

#To stop the default standalone server or domain, with :shutdown operation request (there is no shutdown command):
jboss-cli.sh --connect --command=:shutdown
jboss-cli.sh -c "/:shutdown()"
jboss-cli.sh -c /:shutdown
jboss-cli.sh -c :shutdown

#To restart
jboss-cli.sh -c ":shutdown(restart=true)"

#To stop the standalone server right now no matter what. If the server is running, it has the same effect as Ctrl-C. If the server is #not running, $JBOSS_PIDFILE is not present and so nothing is done.
/bin/kill -9 `cat $JBOSS_PIDFILE`

#To exit from the shell started with jboss-cli.sh, use any of the following (Ctrl-D does not work, though):
#[standalone@localhost:9999 /] Ctrl-C
#[standalone@localhost:9999 /] exit
#[standalone@localhost:9999 /] quit
#[standalone@localhost:9999 /] q

#To list all deployed applications, with either deploy or undeploy command (-l option gives more details about the deployed #applications):
jboss-cli.sh -c deploy
jboss-cli.sh -c undeploy

jboss-cli.sh -c "ls deployment"
jboss-cli.sh -c "deploy -l"
jboss-cli.sh -c "undeploy -l"

#To deploy an application:
jboss-cli.sh -c "deploy $HOME/tmp/hello.war"

#To redeploy (forcefully overwrite any existing deployed app) an app:
jboss-cli.sh -c "deploy --force $HOME/tmp/hello.war"

#To undeploy an application:
jboss-cli.sh -c "undeploy hello.war"

#To get CLI help info:
jboss-cli.sh help
jboss-cli.sh -c help

#To show help info for deploy command:
jboss-cli.sh -c "deploy --help"

#To display the version of the current running JBoss AS, along with $JBOSS_HOME, $JAVA_HOME, java.version, os.name, os.version, etc:
jboss-cli.sh -c version

#To create a string or primitive JNDI resource. Do not quote the value attribute, otherwise the quote will become part of the content. #Also need to escape whitespace.
jboss-cli.sh -c "/subsystem=naming/binding=java\:global\/env\/flag:add(binding-type=simple, type=boolean, value=true)"

jboss-cli.sh -c "/subsystem=naming/binding=java\:global\/env\/text:add(binding-type=simple, type=java.lang.String, value=This\ is\ a\ text\ value.)"

#To create an alias for a JNDI resource (java:global/env/condition is an alias for java:global/env/flag):
jboss-cli.sh -c "/subsystem=naming/binding=java\:global\/env\/condition:add(binding-type=lookup, lookup=java\:global\/env\/flag)"

#To list server extensions, profiles, subsystems, network interfaces, or socket-binding-groups:
jboss-cli.sh -c "ls subsystem"
jboss-cli.sh -c "ls extension"
jboss-cli.sh -c "ls profile"
jboss-cli.sh -c "ls interface"
jboss-cli.sh -c "ls socket-binding-group"
  
#To create a datasource witht the default h2 database: 
data-source add --name=test-ds --jndi-name=java\:jboss\/datasources\/test-ds --driver-name=h2 --connection-url=jdbc\:h2\:mem\:test;DB_CLOSE_DELAY\=-1 

data-source enable --name=test-ds 

#To verify a datasource and check if a connection can be obtained: 
data-source test-connection-in-pool --name=test-ds 

#To disable a datasource: 
data-source disable --name=test-ds 

#To delete a datasource: 
data-source remove --name=test-ds

networking.sh

# change hostname
sudo nano /etc/sysconfig/network
sudo vi /etc/hosts
hostname hostname
/etc/init.d/network restart

# add host nslookup dig
sudo yum install bind-utils
host google.com

# - show or set the system’s host name
hostname

# - show or set the system’s NIS/YP domain name
domainname

# - show the system’s DNS domain name
dnsdomainname

#find out the dns info
dig @12.12.12.12 hostname 
host -v hostname

perission.txt

Numerical permissions

#	Permission	  rwx
7	full	          111
6	read and write	  110
5	read and execute  101
4	read only	  100
3	write and execute 011
2	write only	  010
1	execute only	  001
0	none	          000

postgres.sql

// get list of connections
SELECT * FROM pg_stat_activity; 

// disconnect fro db
SELECT pg_terminate_backend(pg_stat_activity.pid)
FROM pg_stat_activity
WHERE pg_stat_activity.datname = 'reporting'
  AND pid <> pg_backend_pid();

// show max connections allowed
show max_connections;

// backup
sudo -u postgres psql -c "CREATE USER replicator REPLICATION LOGIN ENCRYPTED PASSWORD 'thepassword';"

listen_address = # make sure we're listening as appropriate
wal_level = hot_standby
max_wal_senders = 3
checkpoint_segments = 8    
wal_keep_segments = 8 

hostssl replication     replicator      5.6.7.8            md5

cho Cleaning up old cluster directory
sudo -u postgres rm -rf /var/lib/postgresql/9.2/main

echo Starting base backup as replicator
sudo -u postgres pg_basebackup -h 1.2.3.4 -D /var/lib/postgresql/9.2/main -U replicator -v -P

echo Writing recovery.conf file
sudo -u postgres bash -c "cat > /var/lib/postgresql/9.2/main/recovery.conf <<- _EOF1_
  standby_mode = 'on'
  primary_conninfo = 'host=1.2.3.4 port=5432 user=replicator password=thepassword sslmode=require'
  trigger_file = '/tmp/postgresql.trigger'
_EOF1_
"

echo Startging PostgreSQL
sudo service postgresql start

sudo -u postgres psql -x -c "select * from pg_stat_replication;"


// slave
 1  sudo yum install -y http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/pgdg-centos93-9.3-2.noarch.rpm
    2  sudo yum install postgresql93-server postgresql93-contrib
    3   sudo iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT
    4  sudo su - postgres
    5  service postgresql-9.3 start
    6  sudo service postgresql-9.3 start
    7  sudo tail -f /var/lib/pgsql/9.3/data/pg_log/postgresql-Tue.log
    8  clear
    9  history
as postgres
  1  rm -rf /var/lib/pgsql/9.3/data
    2  pg_basebackup -h 192.168.33.12 -D /var/lib/pgsql/9.3/data -U replicator -v -P
    3   vi /var/lib/pgsql/9.3/data/recovery.conf
    4  vi /var/lib/pgsql/9.3/data/postgresql.conf
    5  exit
    6  history

selinux.sh

# http://wiki.centos.org/HowTos/SELinux
# https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

yum install -y setroubleshoot 

sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt

# For a file:
semanage fcontext -a -t httpd_sys_content_t "/html/index.html"
restorecon -v /html/index.html

# For a directory:
semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?"
restorecon -R -v /html

grep httpd_t /var/log/audit/audit.log | audit2allow -m web-content

semodule -i web-content.pp

# Remove the rule
semanage fcontext -d "/web(/.*)?"

yum install setools-console

# View enalbed booleans

sestatus -b

# disable selinux
echo 0 >/selinux/enforce

ssl.sh

# for windows https://slproweb.com/products/Win32OpenSSL.html

# Generate a new private key and Certificate Signing Request
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
# Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
# Generate a certificate signing request (CSR) for an existing private key
openssl req -out CSR.csr -key privateKey.key -new
# Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
# Remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newPrivateKey.pem

# Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in CSR.csr
# Check a private key
openssl rsa -in privateKey.key -check
# Check a certificate
openssl x509 -in certificate.crt -text -noout
# Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in keyStore.p12

# Check an SSL connection. All the certificates (including Intermediates) should be displayed
openssl s_client -connect www.paypal.com:443 [-state] [-debug]

# verify ssl
openssl s_client -showcerts -connect mail.nixcraft.net:443
# create dir ad copy --begin to end-- to afile.pem
# download issuer certifcate and hash
sudo yum install openssl-perl
c_rehash ~/.cert/mail.nixcraft.net/
openssl s_client -CApath ~/.cert/mail.nixcraft.net/ -connect mail.nixcraft.net:443

# verify certificate
openssl verify pem-file.pem

test.sh

# FILE exists and is a directory
test -d FILE

# FILE exists
-e FILE

# FILE exists and is a regular file
-f FILE

yum.sh

# List available versions of a package
yum --showduplicates list php-gd