codepedia/sys-admin

## sys-admin
# Find out if you are root or not for admin tasks.
(( EUID )) && { echo 'Run this script with root priviliges.'; exit 1; } || echo 'Running as root, starting service...'

find userID:
]$ id -u
44502

#za:~ za$ brew search /*\net*/

#!/bin/sh
#
# cron ex: * * * * * /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /root/scripts/check-mountpoint.sh >> /root/scripts/cron.log


# all mounts will show under "cat /proc/mounts"
# mountpoint must be present in fstab
mountpoint=" /mnt/endpoint" # use space before (prevent mountpoint as source)

if [ -z "$(grep $mountpoint /proc/mounts)" ]; then
# we use space before, prevent mountpoint as source
	echo "$mountpoint not present"
	unmount $mountpoint
	mount $mountpoint
	echo "Erreur du point de montage $(mountpoint) sur le serveur:\n $(hostname)" | mail -s "Rapport d'erreur point de montage" $email
fi


## what brew does when setting itself up.
==> /usr/bin/sudo /usr/sbin/chown za /usr/local/.
==> /usr/bin/sudo /usr/bin/chgrp admin /usr/local/.
==> /usr/bin/sudo /bin/mkdir /Library/Caches/Homebrew
==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
==> /usr/bin/sudo /usr/sbin/chown za /Library/Caches/Homebrew
==> Searching online for the Command Line Tools
==> /usr/bin/sudo /usr/bin/touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
==> Installing Command Line Tools (OS X 10.11) for Xcode-7.3
==> /usr/bin/sudo /usr/sbin/softwareupdate -i Command\ Line\ Tools\ (OS\ X\ 10.11)\ for\ Xcode-7.3


======
# checks free mem
free -m

====
LC_ALL is the environment variable that overrides all the other localisation settings (except $LANGUAGE under some circumstances).

LANG="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_CTYPE="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_ALL=

======================
# dig - DNS lookup utility
dig -x

======================
 see boot stuff # alos check systemd
 cat /var/log/boot.log


 =============
# dda group and a then add a new user to that group
#create group with gid
sudo groupadd -g 54321 myapp
#add user to the group.
[vagrant@localhost ~]$ sudo adduser -G myapp myapp
adduser: group myapp exists - if you want to add this user to that group, use -g.
[vagrant@localhost ~]$ sudo adduser -g myapp myapp
[vagrant@localhost ~]$ id myapp
uid=1001(myapp) gid=54321(myapp) groups=54321(myapp)

# create a new folder and changing the group and user fo that folder
chown: changing ownership of ‘myapp_dir/’: Operation not permitted
[vagrant@localhost ~]$ sudo chown myapp:myapp myapp_dir/
[vagrant@localhost ~]$ ls -lad myapp_dir/
drwxrwxr-x. 2 myapp myapp 4096 Jun  9 23:10 myapp_dir/
[vagrant@localhost ~]$
# create second user
[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
drwxrwxr-x. 2 vagrant vagrant 4096 Jun  9 23:34 myapp_root_withroot/
[vagrant@localhost ~]$ sudo chown root:myapp  myapp_root_withroot/
[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
drwxrwxr-x. 2 root myapp 4096 Jun  9 23:34 myapp_root_withroot/


===================
#za identify the conn-type , and then use tcpdump to get the traffic . Still need to update.
The lsof command reveals similar information since it is also capable of linking open ports to services:

lsof -i | grep 834

za:~ za$ lsof -i
COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
UserEvent   250   za    4u  IPv4 0x9426d8efced6e2e5      0t0  UDP *:*
identitys   264   za   20u  IPv4 0x9426d8efceda4e15      0t0  UDP *:*
========================
#worked
[za ~]$ sudo tcpdump -v -i eth1  -s 0 -w /tmp/sniff.pcap port <port>


# -i interfiace , if you do not know the interface you can do  sudo
sudo tcpdump -D
sudo tcpdump -i eth0
[vagrant@localhost ~]$ sudo tcpdump -i any -c 10 -n -s10


# write packets of a goven interface to a file.
[vagrant@localhost ~]$ sudo tcpdump -i eth0 -c 100 -w capture.pcap -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 16

# for a given host
vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.15 -w capture.pcap -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 30

# host and port
[vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.2 and port 61755  -w capture.pcap -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 10

# get lsof details for a given port.3000 ip for rails :)
za:~ za$  lsof -i TCP:3000
COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
ruby    11674   za   12u  IPv6 0x9426d8efdb2c8fbd      0t0  TCP localhost:hbci (LISTEN)
ruby    11674   za   13u  IPv4 0x9426d8efd523e75d      0t0  TCP localhost:hbci (LISTEN)

# lists tcp only.
]$ sudo lsof -i TCP

===============
# yay ,  is the man.
za:~ za$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
===============
 Note : netstat is absolete .  Replacement for netstat is ss.  Replacement for netstat -r is ip route.  Replacement for netstat -i is ip -s link.  Replacement for netstat  -g  is
 ip maddr.
 ===============
to get the list of current DNS servers you can run this command in Terminal: cat /etc/resolv.conf

=====================================
send email from terminal
echo "Subject: sendmail test" | sendmail -v my@email.com
#check for th email sent.
ps faux | grep sendmail

=======================================================================================================

If you want each run of grep to produce output to a different file, run a shell to compute the output file name and perform the redirection.

find . -name "*.py" -type f -exec sh -c 'grep "something" <"$0" >"$0.txt"' {} \;


# what is ssh-agent and ssh-add
You may want to use ssh-agent and ssh-add to load the key into memory.  ssh will try identities from ssh-agent automatically if it can find them. Commands would be

eval $(ssh-agent) # Create agent and environment variables
ssh-add ~/.ssh/1234-identity
ssh-agent is a user daemon which holds unencrypted ssh keys in memory. ssh finds it based on environment variables which ssh-agent outputs when run. Using eval to evaluate this output creates the environment variables.  ssh-add is the command which manages the keys memory. The agent can be locked using ssh-add. A default lifetime for a key can be specified when ssh-agent is started, and or specified for a key when it is added.

You might also want to setup a ~/.ssh/config file to supply the port and key definition. (See `man ssh_config for more options.)

host 22.33.44.55
    IdentityFile ~/.ssh/1234-identity

 # gets the ip address.
  ip route get 8.8.8.8 | awk '{print $NF; exit}'
    Port 1234
Single quoting the ssh command will prevent shell expansion which is needed for ~ or $HOME. You could use the full or relative path to the key in single quotes.


 nmap 104.196.40.102
   find free ips in a subnet
  nmap -T4 -sP  172.16.249.22/24   && egrep "00:00:00:00:00:00" /proc/net/arp

Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-14 02:18 UTC
Nmap scan report for 102.40.196.104.acc.googleusercontent.com (104.196.40.102)
Host is up (0.00083s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
3389/tcp closed ms-wbt-server


#passanger
passenger-config about ruby-command
sudo /etc/init.d/apache2 restart
systemctl
systemctl apache2 status

Nice visual of apache/nginx process.
se785fall16@se785fall16:~$ sudo /usr/sbin/passenger-memory-stats
Version: 5.0.30
Date   : 2016-11-16 03:11:18 +0000

--------- Apache processes ----------

=========
#copying local key to remote for easier login ssh foo@bar
za:~ za$ ssh-copy-id se785fall16@104.196.40.102
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/local/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
		(if you think this is a mistake, you may want to use -f option)

/usr/bin/mysql --defaults-file=/opt/somepath/tp/passwprd/file/password.txt foouser -h url-to-db-conn-string-development --port=11111 -e 'show tables; select * from fee; select * from bartoo' --ssl-ca=/some/path/to/my/cert.pem --ssl


======NetqworkMANAGER

[zee@dev-instance ~]$ nmcli general status
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN
connected  full          enabled  enabled  enabled  enabled


[root@dev-instance ~]# nmcli connection show
NAME                UUID                                  TYPE            DEVICE
Wired connection 1  69eafdf1-f20c-34a3-9e96-2708df4bcad9  802-3-ethernet  eth1
docker0             bc26c8a9-26d0-40ec-9b00-ca5f1fac7db6  bridge          docker0
eth0                8fe2d755-db78-44d3-b4c5-7183c8253a94  802-3-ethernet  eth0
System eth0         5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  802-3-ethernet  --


[zee@dev-instance ~]$ hciconfig;hciconfig -a hci0;lsmod |grep bt;dmesg | grep tooth


----------------------------------------------------------
# Do this so that we can run vmrun from terminal instead of passing the entire dir
$ ln -s "/Applications/VMware Fusion.app/Contents/Library/vmrun" /usr/local/bin/vmrun
	# Find out if you are root or not for admin tasks.
	(( EUID )) && { echo 'Run this script with root priviliges.'; exit 1; } \|\| echo 'Running as root, starting service...'

	find userID:
	]$ id -u
	44502

	#za:~ za$ brew search /\net/

	#!/bin/sh
	#
	# cron ex: * * * * * /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /root/scripts/check-mountpoint.sh >> /root/scripts/cron.log



	# all mounts will show under "cat /proc/mounts"
	# mountpoint must be present in fstab
	mountpoint=" /mnt/endpoint" # use space before (prevent mountpoint as source)

	if [ -z "$(grep $mountpoint /proc/mounts)" ]; then
	# we use space before, prevent mountpoint as source
	echo "$mountpoint not present"
	unmount $mountpoint
	mount $mountpoint
	echo "Erreur du point de montage $(mountpoint) sur le serveur:\n $(hostname)" \| mail -s "Rapport d'erreur point de montage" $email
	fi


	## what brew does when setting itself up.
	==> /usr/bin/sudo /usr/sbin/chown za /usr/local/.
	==> /usr/bin/sudo /usr/bin/chgrp admin /usr/local/.
	==> /usr/bin/sudo /bin/mkdir /Library/Caches/Homebrew
	==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
	==> /usr/bin/sudo /usr/sbin/chown za /Library/Caches/Homebrew
	==> Searching online for the Command Line Tools
	==> /usr/bin/sudo /usr/bin/touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
	==> Installing Command Line Tools (OS X 10.11) for Xcode-7.3
	==> /usr/bin/sudo /usr/sbin/softwareupdate -i Command\ Line\ Tools\ (OS\ X\ 10.11)\ for\ Xcode-7.3



	======
	# checks free mem
	free -m

	====
	LC_ALL is the environment variable that overrides all the other localisation settings (except $LANGUAGE under some circumstances).

	LANG="en_US.UTF-8"
	LC_COLLATE="en_US.UTF-8"
	LC_CTYPE="en_US.UTF-8"
	LC_MESSAGES="en_US.UTF-8"
	LC_MONETARY="en_US.UTF-8"
	LC_NUMERIC="en_US.UTF-8"
	LC_TIME="en_US.UTF-8"
	LC_ALL=

	======================
	# dig - DNS lookup utility
	dig -x

	======================
	see boot stuff # alos check systemd
	cat /var/log/boot.log



	=============
	# dda group and a then add a new user to that group
	#create group with gid
	sudo groupadd -g 54321 myapp
	#add user to the group.
	[vagrant@localhost ~]$ sudo adduser -G myapp myapp
	adduser: group myapp exists - if you want to add this user to that group, use -g.
	[vagrant@localhost ~]$ sudo adduser -g myapp myapp
	[vagrant@localhost ~]$ id myapp
	uid=1001(myapp) gid=54321(myapp) groups=54321(myapp)

	# create a new folder and changing the group and user fo that folder
	chown: changing ownership of ‘myapp_dir/’: Operation not permitted
	[vagrant@localhost ~]$ sudo chown myapp:myapp myapp_dir/
	[vagrant@localhost ~]$ ls -lad myapp_dir/
	drwxrwxr-x. 2 myapp myapp 4096 Jun 9 23:10 myapp_dir/
	[vagrant@localhost ~]$
	# create second user
	[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
	drwxrwxr-x. 2 vagrant vagrant 4096 Jun 9 23:34 myapp_root_withroot/
	[vagrant@localhost ~]$ sudo chown root:myapp myapp_root_withroot/
	[vagrant@localhost ~]$ ls -lad myapp_root_withroot/
	drwxrwxr-x. 2 root myapp 4096 Jun 9 23:34 myapp_root_withroot/



	===================
	#za identify the conn-type , and then use tcpdump to get the traffic . Still need to update.
	The lsof command reveals similar information since it is also capable of linking open ports to services:

	lsof -i \| grep 834

	za:~ za$ lsof -i
	COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
	UserEvent 250 za 4u IPv4 0x9426d8efced6e2e5 0t0 UDP :
	identitys 264 za 20u IPv4 0x9426d8efceda4e15 0t0 UDP :
	========================
	#worked
	[za ~]$ sudo tcpdump -v -i eth1 -s 0 -w /tmp/sniff.pcap port <port>


	# -i interfiace , if you do not know the interface you can do sudo
	sudo tcpdump -D
	sudo tcpdump -i eth0
	[vagrant@localhost ~]$ sudo tcpdump -i any -c 10 -n -s10


	# write packets of a goven interface to a file.
	[vagrant@localhost ~]$ sudo tcpdump -i eth0 -c 100 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 16

	# for a given host
	vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.15 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 30

	# host and port
	[vagrant@localhost ~]$ sudo tcpdump -i eth0 -n host 10.0.2.2 and port 61755 -w capture.pcap -v
	tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
	Got 10

	# get lsof details for a given port.3000 ip for rails :)
	za:~ za$ lsof -i TCP:3000
	COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
	ruby 11674 za 12u IPv6 0x9426d8efdb2c8fbd 0t0 TCP localhost:hbci (LISTEN)
	ruby 11674 za 13u IPv4 0x9426d8efd523e75d 0t0 TCP localhost:hbci (LISTEN)

	# lists tcp only.
	]$ sudo lsof -i TCP

	===============
	# yay , is the man.
	za:~ za$ ifconfig
	lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	===============
	Note : netstat is absolete . Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is
	ip maddr.
	===============
	to get the list of current DNS servers you can run this command in Terminal: cat /etc/resolv.conf

	=====================================
	send email from terminal
	echo "Subject: sendmail test" \| sendmail -v my@email.com
	#check for th email sent.
	ps faux \| grep sendmail

	=======================================================================================================

	If you want each run of grep to produce output to a different file, run a shell to compute the output file name and perform the redirection.

	find . -name "*.py" -type f -exec sh -c 'grep "something" <"$0" >"$0.txt"' {} \;


	# what is ssh-agent and ssh-add
	You may want to use ssh-agent and ssh-add to load the key into memory. ssh will try identities from ssh-agent automatically if it can find them. Commands would be

	eval $(ssh-agent) # Create agent and environment variables
	ssh-add ~/.ssh/1234-identity
	ssh-agent is a user daemon which holds unencrypted ssh keys in memory. ssh finds it based on environment variables which ssh-agent outputs when run. Using eval to evaluate this output creates the environment variables. ssh-add is the command which manages the keys memory. The agent can be locked using ssh-add. A default lifetime for a key can be specified when ssh-agent is started, and or specified for a key when it is added.

	You might also want to setup a ~/.ssh/config file to supply the port and key definition. (See `man ssh_config for more options.)

	host 22.33.44.55
	IdentityFile ~/.ssh/1234-identity

	# gets the ip address.
	ip route get 8.8.8.8 \| awk '{print $NF; exit}'
	Port 1234
	Single quoting the ssh command will prevent shell expansion which is needed for ~ or $HOME. You could use the full or relative path to the key in single quotes.




	nmap 104.196.40.102
	find free ips in a subnet
	nmap -T4 -sP 172.16.249.22/24 && egrep "00:00:00:00:00:00" /proc/net/arp

	Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-14 02:18 UTC
	Nmap scan report for 102.40.196.104.acc.googleusercontent.com (104.196.40.102)
	Host is up (0.00083s latency).
	Not shown: 997 filtered ports
	PORT STATE SERVICE
	22/tcp open ssh
	80/tcp closed http
	3389/tcp closed ms-wbt-server


	#passanger
	passenger-config about ruby-command
	sudo /etc/init.d/apache2 restart
	systemctl
	systemctl apache2 status

	Nice visual of apache/nginx process.
	se785fall16@se785fall16:~$ sudo /usr/sbin/passenger-memory-stats
	Version: 5.0.30
	Date : 2016-11-16 03:11:18 +0000

	--------- Apache processes ----------

	=========
	#copying local key to remote for easier login ssh foo@bar
	za:~ za$ ssh-copy-id se785fall16@104.196.40.102
	/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

	/usr/local/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
	(if you think this is a mistake, you may want to use -f option)

	/usr/bin/mysql --defaults-file=/opt/somepath/tp/passwprd/file/password.txt foouser -h url-to-db-conn-string-development --port=11111 -e 'show tables; select * from fee; select * from bartoo' --ssl-ca=/some/path/to/my/cert.pem --ssl


	======NetqworkMANAGER

	[zee@dev-instance ~]$ nmcli general status
	STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN
	connected full enabled enabled enabled enabled



	[root@dev-instance ~]# nmcli connection show
	NAME UUID TYPE DEVICE
	Wired connection 1 69eafdf1-f20c-34a3-9e96-2708df4bcad9 802-3-ethernet eth1
	docker0 bc26c8a9-26d0-40ec-9b00-ca5f1fac7db6 bridge docker0
	eth0 8fe2d755-db78-44d3-b4c5-7183c8253a94 802-3-ethernet eth0
	System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet --


	[zee@dev-instance ~]$ hciconfig;hciconfig -a hci0;lsmod \|grep bt;dmesg \| grep tooth


	----------------------------------------------------------
	# Do this so that we can run vmrun from terminal instead of passing the entire dir
	$ ln -s "/Applications/VMware Fusion.app/Contents/Library/vmrun" /usr/local/bin/vmrun