:::: MENU ::::

Home

  • Nov 02 / 2017
  • 0
Linux

Change or remove password expiration for linux user

It can happen that you’re getting that message when trying to connect to your linux server:

You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user mylinuxuser.
(current) UNIX password:

The message is quite explicit and you need to update your password right now.

If you don’t want to update your password too many times, you can update the frequency of the expiration to 90 days for example:

chage -M 90 mylinuxuser

Or you can completely disable the expiration by pushing the max value for expiration date to 99999 days:

chage -m 0 -M 99999 -I -1 -E -1 mylinuxuser
  • Oct 18 / 2017
  • 0
Linux

Update CA trusted root certificates on Linux server

If you’re getting many “unstrusted issuer” alerts in your app logs, it might be due to some CA trusted certificates outdated.
To fix that, just perform an update:

For Ubuntu/Debian

update-ca-certificates

For CentOS/RedHat

update-ca-trust extract
  • Oct 04 / 2017
  • 0
Linux

Write multiple lines to file in bash (script)

If you need to push multiple lines to one file through a bash script, you can simply use that syntax:

cat > /etc/ntp.conf << _NTPconf_
  server 1.2.3.4
  server 5.6.7.8
_NTPconf_

Tip: Be aware that if you’re using indentation, last line should not be indented (this would lead you to some errors).

If you want to add line instead of overwriting file (like we did in the previous example), just replace the “>” with “>>” after cat command.

cat >> /etc/ntp.conf << _NTPconf_
  server 1.2.3.4
  server 5.6.7.8
_NTPconf_
  • Sep 09 / 2017
  • 0
Linux

Find IPs connecting to a postfix server through logs

There’s no easy way to list all the IPs connecting to your postfix server for sending mail. But you can easily extract them from all your postfix logs.

For our example, we will consider the logs from postfix to be as default and located in /var/log/maillog

Here is what a postfix log look like when a connection is received:

Sep  1 10:22:32 mail-server-01 postfix/smtpd[700]: connect from ha-lb-03[10.10.1.3]

For extracting exclusively the IPs, we will use a combination of commands:

$ grep " connect from " /var/log/maillog |cut -d '[' -f3 |cut -d ']' -f1 |sort -u
  • grep ” connect from ” /var/log/maillog will extract every lines containing a connection attempt
  • cut -d ‘[‘ -f3 |cut -d ‘]’ -f1 will extract the IP from the line (which is contained between [] )
  • sort -u will sort the output by unique values

Here is what we will get as a result once the command is executed (nothing will appear until it finished):

$ grep " connect from " /var/log/maillog |cut -d '[' -f3 |cut -d ']' -f1 |sort -u
10.10.1.1
10.10.1.2
10.10.1.3
10.20.4.4
10.20.4.8
10.250.250.250
127.0.0.1

You can obviously re-use this command for any log file that you want to filter out by updating the filtering.

  • Aug 02 / 2017
  • 0
Linux

Connect to serial/console terminal with MacOS using screen

It’s possible to connect to serial console with MacOS without using a specific app but only screen.

First, you need to find the correct device you will use to connect to the serial console. Depending on your installation and your adapter, you’ll can find it under different names with one these commands:

$ ls /dev*/usb*
ls: /dev*/usb*: No such file or directory
$ ls /dev/tty*usb*
tty.usbserial

Here, we can see that our device is available on /dev/tty.usbserial

If you have any doubt with the screen command, you can check the documentation, with the specific part regarding the console connection:

If  a  tty  (character  special  device)  name  (e.g.  "/dev/ttya") is specified as the first parameter, then the window is directly connected to this device.  This window type is similar to "screen cu -l /dev/ttya".  Read and write access is required on the device node, an exclusive open is attempted on the node to mark the connection line as busy. An optional parameter is allowed consisting of a comma separated list of flags in the notation used by stty(1):
    [1200,9600,19200] - First parameter is the baud rate        
        Usually 300, 1200, 9600 or 19200. This affects transmission as well as receive speed.
    cs8 or cs7
        Specify the transmission of eight (or seven) bits per byte.
    ixon or -ixon
        Enables (or disables) software flow-control (CTRL-S/CTRL-Q) for sending data.
    ixoff or -ixon
        Enables (or disables) software flow-control for receiving data.
    istrip or -istrip
        Clear (or keep) the eight bit in each received byte.

For example, if you want to connect to serial port with those parameters:

  • 9600 bps
  • 8 data bits
  • flow control

You can just use this command:

$ screen /dev/tty.usbserial 9600,cs8,ixon

Hint: Note that if you’re using a specific adapter (like an adapter DB9/RS232 to USB), you will probably need to install the driver first to get the device available.

  • Jul 22 / 2017
  • 0
Linux

Get CPU/RAM usage per process on Linux

When you’re facing performance issues, it’s always useful to check CPU/MEM usage per process to see if you have an issue with a specific process. For that, you can use ps and some sorting commands.

Tip: You can shrink the results to the first lines by using head

Memory analysis

We’re using the –sort -rss attributes to get the results sorted by RSS in the desc order (use –sort rss for the asc order)

$ps auxw --sort -rss | head -n5
USER       PID %CPU %MEM     VSZ     RSS TTY      STAT START   TIME COMMAND
mysql      604  0.2  8.4 1628428  177968 ?        Ssl  Jun30  71:59 /usr/sbin/mysqld
phpuser   9625  0.1  1.9  239588   40896 ?        S    Jul12  12:35 php-fpm: pool www
phpuser  14625  0.1  1.8  239572   39668 ?        S    Jul12  12:08 php-fpm: pool www
named     1849  0.0  1.2  299868   25984 ?        Ssl  Jun30   0:11 /usr/sbin/named -f -u bind
root       252  0.0  0.5  82868    12096 ?        Ss   Jun30   1:19 /usr/sbin/syslog-ng -F

CPU analysis

We’re using the –sort -%cpu attributes to get the results sorted by CPU in the desc order (use –sort %cpu for the asc order)

ps auxw --sort -%cpu | head -n5
USER       PID %CPU %MEM     VSZ    RSS TTY      STAT START   TIME COMMAND
named     1849  0.9  0.1  299868  25984 ?        Ssl  Jun30   0:21 /usr/sbin/named -f -u bind
root      1668  0.5  0.0  259000  10332 ?        Sl   Jun23 195:48 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
postfix   9889  0.4  0.0  102368   7736 ?        S    05:44   0:00 smtpd -n smtp -t inet -u -o stress=
mysql      604  0.2  8.4 1628428 177968 ?        Ssl  Jun30  72:09 /usr/sbin/mysqld
phpuser   7960  0.1  1.8  238572  38780 ?        S    Jul17   4:35 php-fpm: pool www

Then…

Once you got the results, it’s time for you to investigate further and analyze what’s happening with those processes! Good luck!

Pages:1234567...18
Question ? Contact