BG Go Further

Jun 25 / 2017
0

Linux

Check SSL certificate of an URL with openssl

You can get standard information about the certificate directly by opening a connection to a website:

openssl s_client -showcerts -connect python.org:443 </dev/null

1	openssl s_client -showcerts -connect python.org:443 </dev/null

Answer will be like:

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.python.org
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.python.org
   i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
-----BEGIN CERTIFICATE-----
MIIE9jCCA96gAwIBAgIQHln71qn2oJvHLSLy+zxhezANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
HhcNMTcwMjAyMDAwMDAwWhcNMjAwMjAyMjM1OTU5WjBgMSEwHwYDVQQLExhEb21h
aW4gQ29udHJvbCBWYWxpZGF0ZWQxJDAiBgNVBAsTG0dhbmRpIFN0YW5kYXJkIFdp
bGRjYXJkIFNTTDEVMBMGA1UEAwwMKi5weXRob24ub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtQa3kv/HeLbcZb07lBvqM/etX3Cu3vLfvQ2fWQvC
46fAzdQ8eV3p/ZOkqLxaSWlgLATNDOyGBMZLsO1Tg/iEhAMoSa9XZMdax76DAPh1
fdRllDvJ6Z8Mi2BW3KiIEfXhMkFU6M8ROcrvQNh/D8GL8+s/8pgTsuWM5xqmV1ng
8fSE4mD6QdYFtw9T7DgSECLt12KDII01fJnbNWp488PDFt1UKJrPzEMUZ5/osjHE
vlbU1EKwLSKBQsFjMnYq/797VhA30P2LywWkHpZH/6ImGINR1R5legpb+NN5v8kv
9JXXqrwcs/6l63Y0PncedHn/pmbLW0cDaONC7Z/IpJkRLQIDAQABo4IBqzCCAacw
HwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFK1TlIvL
TxQ50kgLdmFfn2MQo8onMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQB
sjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20w
CAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYI
KwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJk
U1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv
bTAjBgNVHREEHDAaggwqLnB5dGhvbi5vcmeCCnB5dGhvbi5vcmcwDQYJKoZIhvcN
AQELBQADggEBAIdLnn5Rk/RcaFP1zBsbuDTLJpRR1lsMNPjMTJ/mR+h12A8vU76Z
IjhHDTbSS4a/yBAFFyH+83Y/ykY9/FTlVZUwWmzZJA5/RqYoQNq7EXXNAsGp8jcg
KD51NWID4c/rn02uL3+rWUQRRR0+/cYdR4jZQswrd+gRMO5KVPhHnoUIbFQFQ0yS
WwqV8em1GIKHjYtaIuPEbc36elzL14BXN37b+0lWTJDFeeG/K0YNqrYxlCIDUn+3
etbaf0wYVeg5Nl6QGu0Na1F3XTScl+SdkZXfh1e9lIr2U+Pm/yoBNDL5R/HkliAg
ZzgFJZql5yymhSQuZEc7Qe6AvcB58QGvgPo=
-----END CERTIFICATE-----
 1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw
OTEyMDAwMDAwWhcNMjQwOTExMjM1OTU5WjBfMQswCQYDVQQGEwJGUjEOMAwGA1UE
CBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4wDAYDVQQKEwVHYW5kaTEgMB4GA1UE
AxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCUBC2meZV0/9UAPPWu2JSxKXzAjwsLibmCg5duNyj1ohrP0pIL
m6jTh5RzhBCf3DXLwi2SrCG5yzv8QMHBgyHwv/j2nPqcghDA0I5O5Q1MsJFckLSk
QFEW2uSEEi0FXKEfFxkkUap66uEHG4aNAXLy59SDIzme4OFMH2sio7QQZrDtgpbX
bmq08j+1QvzdirWrui0dOnWbMdw+naxb00ENbLAb9Tr1eeohovj0M1JLJC0epJmx
bUi8uBL+cnB89/sCdfSN3tbawKAyGlLfOGsuRTg/PwSWAP2h9KK71RfWJ3wbWFmV
XooS/ZyrgT5SKEhRhWvzkbKGPym1bgNi7tYFAgMBAAGjggF1MIIBcTAfBgNVHSME
GDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUs5Cn2MmvTs1hPJ98
rV1/Qf1pMOowDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGy
MQECAhowCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl
cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy
bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy
dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ
aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAWGf9
crJq13xhlhl+2UNG0SZ9yFP6ZrBrLafTqlb3OojQO3LJUP33WbKqaPWMcwO7lWUX
zi8c3ZgTopHJ7qFAbjyY1lzzsiI8Le4bpOHeICQW8owRc5E69vrOJAKHypPstLbI
FhfFcvwnQPYT/pOmnVHvPCvYd1ebjGU6NSU2t7WKY28HJ5OxYI2A25bUeo8tqxyI
yW5+1mUfr13KFj8oRtygNeX56eXVlogMT8a3d2dIhCe2H7Bo26y/d7CQuKLJHDJd
ArolQ4FCR7vY4Y8MDEZf7kYzawMUgtN+zY+vkNaOJH1AQrRqahfGlZfh8jjNp+20
J0CT33KpuMZmYzc4ZCIwojvxuch7yPspOqsactIGEk72gtQjbz7Dk+XYtsDe3CMW
1hMwt6CaDixVBgBwAc/qOR2A24j3pSC4W/0xJmmPLQphgzpHphNULB7j7UTKvGof
KA5R2d4On3XNDgOVyvnFqSot/kGkoUeuDcL5OWYzSlvhhChZbH2UF3bkRYKtcCD9
0m9jqNf6oDP6N8v3smWe2lBvP+Sn845dWDKXcCMu5/3EFZucJ48y7RetWIExKREa
m9T8bJUox04FB6b9HbwZ4ui3uRGKLXASUoWNjDNKD/yZkuBjcNqllEdjB+dYxzFf
BT02Vf6Dsuimrdfp5gJ0iHRc2jTbkNJtUQoj1iM=
-----END CERTIFICATE-----
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.python.org
issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4712 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: CA736CD734AA037795DE0BDCE046E201AD47343EB3E70F63F60BEC0E477F354E
    Session-ID-ctx:
    Master-Key: 72EC4ADFDFCC6DF2D2E7B086F39DB021891B2F5752D9DC8CFA8C86124085E6B223673C00B140553751654E030D39ADC0
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1497599739
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
DONE

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

CONNECTED(00000003)

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root

verify return:1

depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority

verify return:1

depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2

verify return:1

depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.python.org

verify return:1

---

Certificate chain

0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.python.org

i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2

-----BEGIN CERTIFICATE-----

MIIE9jCCA96gAwIBAgIQHln71qn2oJvHLSLy+zxhezANBgkqhkiG9w0BAQsFADBf

MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w

DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw

HhcNMTcwMjAyMDAwMDAwWhcNMjAwMjAyMjM1OTU5WjBgMSEwHwYDVQQLExhEb21h

aW4gQ29udHJvbCBWYWxpZGF0ZWQxJDAiBgNVBAsTG0dhbmRpIFN0YW5kYXJkIFdp

bGRjYXJkIFNTTDEVMBMGA1UEAwwMKi5weXRob24ub3JnMIIBIjANBgkqhkiG9w0B

AQEFAAOCAQ8AMIIBCgKCAQEAtQa3kv/HeLbcZb07lBvqM/etX3Cu3vLfvQ2fWQvC

46fAzdQ8eV3p/ZOkqLxaSWlgLATNDOyGBMZLsO1Tg/iEhAMoSa9XZMdax76DAPh1

fdRllDvJ6Z8Mi2BW3KiIEfXhMkFU6M8ROcrvQNh/D8GL8+s/8pgTsuWM5xqmV1ng

8fSE4mD6QdYFtw9T7DgSECLt12KDII01fJnbNWp488PDFt1UKJrPzEMUZ5/osjHE

vlbU1EKwLSKBQsFjMnYq/797VhA30P2LywWkHpZH/6ImGINR1R5legpb+NN5v8kv

9JXXqrwcs/6l63Y0PncedHn/pmbLW0cDaONC7Z/IpJkRLQIDAQABo4IBqzCCAacw

HwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFK1TlIvL

TxQ50kgLdmFfn2MQo8onMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G

A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQB

sjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20w

CAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0

LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYI

KwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJk

U1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv

bTAjBgNVHREEHDAaggwqLnB5dGhvbi5vcmeCCnB5dGhvbi5vcmcwDQYJKoZIhvcN

AQELBQADggEBAIdLnn5Rk/RcaFP1zBsbuDTLJpRR1lsMNPjMTJ/mR+h12A8vU76Z

IjhHDTbSS4a/yBAFFyH+83Y/ykY9/FTlVZUwWmzZJA5/RqYoQNq7EXXNAsGp8jcg

KD51NWID4c/rn02uL3+rWUQRRR0+/cYdR4jZQswrd+gRMO5KVPhHnoUIbFQFQ0yS

WwqV8em1GIKHjYtaIuPEbc36elzL14BXN37b+0lWTJDFeeG/K0YNqrYxlCIDUn+3

etbaf0wYVeg5Nl6QGu0Na1F3XTScl+SdkZXfh1e9lIr2U+Pm/yoBNDL5R/HkliAg

ZzgFJZql5yymhSQuZEc7Qe6AvcB58QGvgPo=

-----END CERTIFICATE-----

1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2

i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority

-----BEGIN CERTIFICATE-----

MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB

iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl

cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV

BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw

OTEyMDAwMDAwWhcNMjQwOTExMjM1OTU5WjBfMQswCQYDVQQGEwJGUjEOMAwGA1UE

CBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4wDAYDVQQKEwVHYW5kaTEgMB4GA1UE

AxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB

DwAwggEKAoIBAQCUBC2meZV0/9UAPPWu2JSxKXzAjwsLibmCg5duNyj1ohrP0pIL

m6jTh5RzhBCf3DXLwi2SrCG5yzv8QMHBgyHwv/j2nPqcghDA0I5O5Q1MsJFckLSk

QFEW2uSEEi0FXKEfFxkkUap66uEHG4aNAXLy59SDIzme4OFMH2sio7QQZrDtgpbX

bmq08j+1QvzdirWrui0dOnWbMdw+naxb00ENbLAb9Tr1eeohovj0M1JLJC0epJmx

bUi8uBL+cnB89/sCdfSN3tbawKAyGlLfOGsuRTg/PwSWAP2h9KK71RfWJ3wbWFmV

XooS/ZyrgT5SKEhRhWvzkbKGPym1bgNi7tYFAgMBAAGjggF1MIIBcTAfBgNVHSME

GDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUs5Cn2MmvTs1hPJ98

rV1/Qf1pMOowDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD

VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGy

MQECAhowCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl

cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy

bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy

dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ

aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAWGf9

crJq13xhlhl+2UNG0SZ9yFP6ZrBrLafTqlb3OojQO3LJUP33WbKqaPWMcwO7lWUX

zi8c3ZgTopHJ7qFAbjyY1lzzsiI8Le4bpOHeICQW8owRc5E69vrOJAKHypPstLbI

FhfFcvwnQPYT/pOmnVHvPCvYd1ebjGU6NSU2t7WKY28HJ5OxYI2A25bUeo8tqxyI

yW5+1mUfr13KFj8oRtygNeX56eXVlogMT8a3d2dIhCe2H7Bo26y/d7CQuKLJHDJd

ArolQ4FCR7vY4Y8MDEZf7kYzawMUgtN+zY+vkNaOJH1AQrRqahfGlZfh8jjNp+20

J0CT33KpuMZmYzc4ZCIwojvxuch7yPspOqsactIGEk72gtQjbz7Dk+XYtsDe3CMW

1hMwt6CaDixVBgBwAc/qOR2A24j3pSC4W/0xJmmPLQphgzpHphNULB7j7UTKvGof

KA5R2d4On3XNDgOVyvnFqSot/kGkoUeuDcL5OWYzSlvhhChZbH2UF3bkRYKtcCD9

0m9jqNf6oDP6N8v3smWe2lBvP+Sn845dWDKXcCMu5/3EFZucJ48y7RetWIExKREa

m9T8bJUox04FB6b9HbwZ4ui3uRGKLXASUoWNjDNKD/yZkuBjcNqllEdjB+dYxzFf

BT02Vf6Dsuimrdfp5gJ0iHRc2jTbkNJtUQoj1iM=

-----END CERTIFICATE-----

2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority

i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

-----BEGIN CERTIFICATE-----

MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv

MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk

ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF

eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow

gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK

ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD

VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN

BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt

UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC

tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf

jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM

8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm

AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV

Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9

N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF

qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9

HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ

+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX

HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv

A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/

BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud

HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4

dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0

dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD

lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn

RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ

YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8

Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf

Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p

0fKtirOMxyHNwu8=

-----END CERTIFICATE-----

---

Server certificate

subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.python.org

issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2

---

No client certificate CA names sent

Server Temp Key: ECDH, prime256v1, 256 bits

---

SSL handshake has read 4712 bytes and written 373 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-GCM-SHA256

Session-ID: CA736CD734AA037795DE0BDCE046E201AD47343EB3E70F63F60BEC0E477F354E

Session-ID-ctx:

Master-Key: 72EC4ADFDFCC6DF2D2E7B086F39DB021891B2F5752D9DC8CFA8C86124085E6B223673C00B140553751654E030D39ADC0

Key-Arg : None

Krb5 Principal: None

PSK identity: None

PSK identity hint: None

Start Time: 1497599739

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

DONE

But this is not giving you some interesting information like the expiration date for example! To work around that, you can simply redirect the output (certificate) to openssl and ask for some specific information:

openssl s_client -showcerts -connect python.org:443 </dev/null |openssl x509 -dates -text -noout

1	openssl s_client -showcerts -connect python.org:443 </dev/null \|openssl x509 -dates -text -noout

This time, output will be:

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.python.org
verify return:1
DONE
notBefore=Feb  2 00:00:00 2017 GMT
notAfter=Feb  2 23:59:59 2020 GMT
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:59:fb:d6:a9:f6:a0:9b:c7:2d:22:f2:fb:3c:61:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
        Validity
            Not Before: Feb  2 00:00:00 2017 GMT
            Not After : Feb  2 23:59:59 2020 GMT
        Subject: OU=Domain Control Validated, OU=Gandi Standard Wildcard SSL, CN=*.python.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b5:06:b7:92:ff:c7:78:b6:dc:65:bd:3b:94:1b:
                    ea:33:f7:ad:5f:70:ae:de:f2:df:bd:0d:9f:59:0b:
                    c2:e3:a7:c0:cd:d4:3c:79:5d:e9:fd:93:a4:a8:bc:
                    5a:49:69:60:2c:04:cd:0c:ec:86:04:c6:4b:b0:ed:
                    53:83:f8:84:84:03:28:49:af:57:64:c7:5a:c7:be:
                    83:00:f8:75:7d:d4:65:94:3b:c9:e9:9f:0c:8b:60:
                    56:dc:a8:88:11:f5:e1:32:41:54:e8:cf:11:39:ca:
                    ef:40:d8:7f:0f:c1:8b:f3:eb:3f:f2:98:13:b2:e5:
                    8c:e7:1a:a6:57:59:e0:f1:f4:84:e2:60:fa:41:d6:
                    05:b7:0f:53:ec:38:12:10:22:ed:d7:62:83:20:8d:
                    35:7c:99:db:35:6a:78:f3:c3:c3:16:dd:54:28:9a:
                    cf:cc:43:14:67:9f:e8:b2:31:c4:be:56:d4:d4:42:
                    b0:2d:22:81:42:c1:63:32:76:2a:ff:bf:7b:56:10:
                    37:d0:fd:8b:cb:05:a4:1e:96:47:ff:a2:26:18:83:
                    51:d5:1e:65:7a:0a:5b:f8:d3:79:bf:c9:2f:f4:95:
                    d7:aa:bc:1c:b3:fe:a5:eb:76:34:3e:77:1e:74:79:
                    ff:a6:66:cb:5b:47:03:68:e3:42:ed:9f:c8:a4:99:
                    11:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA

            X509v3 Subject Key Identifier:
                AD:53:94:8B:CB:4F:14:39:D2:48:0B:76:61:5F:9F:63:10:A3:CA:27
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.2.26
                  CPS: https://cps.usertrust.com
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
                OCSP - URI:http://ocsp.usertrust.com

            X509v3 Subject Alternative Name:
                DNS:*.python.org, DNS:python.org
    Signature Algorithm: sha256WithRSAEncryption
         87:4b:9e:7e:51:93:f4:5c:68:53:f5:cc:1b:1b:b8:34:cb:26:
         94:51:d6:5b:0c:34:f8:cc:4c:9f:e6:47:e8:75:d8:0f:2f:53:
         be:99:22:38:47:0d:36:d2:4b:86:bf:c8:10:05:17:21:fe:f3:
         76:3f:ca:46:3d:fc:54:e5:55:95:30:5a:6c:d9:24:0e:7f:46:
         a6:28:40:da:bb:11:75:cd:02:c1:a9:f2:37:20:28:3e:75:35:
         62:03:e1:cf:eb:9f:4d:ae:2f:7f:ab:59:44:11:45:1d:3e:fd:
         c6:1d:47:88:d9:42:cc:2b:77:e8:11:30:ee:4a:54:f8:47:9e:
         85:08:6c:54:05:43:4c:92:5b:0a:95:f1:e9:b5:18:82:87:8d:
         8b:5a:22:e3:c4:6d:cd:fa:7a:5c:cb:d7:80:57:37:7e:db:fb:
         49:56:4c:90:c5:79:e1:bf:2b:46:0d:aa:b6:31:94:22:03:52:
         7f:b7:7a:d6:da:7f:4c:18:55:e8:39:36:5e:90:1a:ed:0d:6b:
         51:77:5d:34:9c:97:e4:9d:91:95:df:87:57:bd:94:8a:f6:53:
         e3:e6:ff:2a:01:34:32:f9:47:f1:e4:96:20:20:67:38:05:25:
         9a:a5:e7:2c:a6:85:24:2e:64:47:3b:41:ee:80:bd:c0:79:f1:
         01:af:80:fa

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root

verify return:1

depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority

verify return:1

depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2

verify return:1

depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.python.org

verify return:1

DONE

notBefore=Feb 2 00:00:00 2017 GMT

notAfter=Feb 2 23:59:59 2020 GMT

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

1e:59:fb:d6:a9:f6:a0:9b:c7:2d:22:f2:fb:3c:61:7b

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2

Validity

Not Before: Feb 2 00:00:00 2017 GMT

Not After : Feb 2 23:59:59 2020 GMT

Subject: OU=Domain Control Validated, OU=Gandi Standard Wildcard SSL, CN=*.python.org

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:b5:06:b7:92:ff:c7:78:b6:dc:65:bd:3b:94:1b:

ea:33:f7:ad:5f:70:ae:de:f2:df:bd:0d:9f:59:0b:

c2:e3:a7:c0:cd:d4:3c:79:5d:e9:fd:93:a4:a8:bc:

5a:49:69:60:2c:04:cd:0c:ec:86:04:c6:4b:b0:ed:

53:83:f8:84:84:03:28:49:af:57:64:c7:5a:c7:be:

83:00:f8:75:7d:d4:65:94:3b:c9:e9:9f:0c:8b:60:

56:dc:a8:88:11:f5:e1:32:41:54:e8:cf:11:39:ca:

ef:40:d8:7f:0f:c1:8b:f3:eb:3f:f2:98:13:b2:e5:

8c:e7:1a:a6:57:59:e0:f1:f4:84:e2:60:fa:41:d6:

05:b7:0f:53:ec:38:12:10:22:ed:d7:62:83:20:8d:

35:7c:99:db:35:6a:78:f3:c3:c3:16:dd:54:28:9a:

cf:cc:43:14:67:9f:e8:b2:31:c4:be:56:d4:d4:42:

b0:2d:22:81:42:c1:63:32:76:2a:ff:bf:7b:56:10:

37:d0:fd:8b:cb:05:a4:1e:96:47:ff:a2:26:18:83:

51:d5:1e:65:7a:0a:5b:f8:d3:79:bf:c9:2f:f4:95:

d7:aa:bc:1c:b3:fe:a5:eb:76:34:3e:77:1e:74:79:

ff:a6:66:cb:5b:47:03:68:e3:42:ed:9f:c8:a4:99:

11:2d

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Authority Key Identifier:

keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA

X509v3 Subject Key Identifier:

AD:53:94:8B:CB:4F:14:39:D2:48:0B:76:61:5F:9F:63:10:A3:CA:27

X509v3 Key Usage: critical

Digital Signature, Key Encipherment

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication

X509v3 Certificate Policies:

Policy: 1.3.6.1.4.1.6449.1.2.2.26

CPS: https://cps.usertrust.com

Policy: 2.23.140.1.2.1

X509v3 CRL Distribution Points:

Full Name:

URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl

Authority Information Access:

CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt

OCSP - URI:http://ocsp.usertrust.com

X509v3 Subject Alternative Name:

DNS:*.python.org, DNS:python.org

Signature Algorithm: sha256WithRSAEncryption

87:4b:9e:7e:51:93:f4:5c:68:53:f5:cc:1b:1b:b8:34:cb:26:

94:51:d6:5b:0c:34:f8:cc:4c:9f:e6:47:e8:75:d8:0f:2f:53:

be:99:22:38:47:0d:36:d2:4b:86:bf:c8:10:05:17:21:fe:f3:

76:3f:ca:46:3d:fc:54:e5:55:95:30:5a:6c:d9:24:0e:7f:46:

a6:28:40:da:bb:11:75:cd:02:c1:a9:f2:37:20:28:3e:75:35:

62:03:e1:cf:eb:9f:4d:ae:2f:7f:ab:59:44:11:45:1d:3e:fd:

c6:1d:47:88:d9:42:cc:2b:77:e8:11:30:ee:4a:54:f8:47:9e:

85:08:6c:54:05:43:4c:92:5b:0a:95:f1:e9:b5:18:82:87:8d:

8b:5a:22:e3:c4:6d:cd:fa:7a:5c:cb:d7:80:57:37:7e:db:fb:

49:56:4c:90:c5:79:e1:bf:2b:46:0d:aa:b6:31:94:22:03:52:

7f:b7:7a:d6:da:7f:4c:18:55:e8:39:36:5e:90:1a:ed:0d:6b:

51:77:5d:34:9c:97:e4:9d:91:95:df:87:57:bd:94:8a:f6:53:

e3:e6:ff:2a:01:34:32:f9:47:f1:e4:96:20:20:67:38:05:25:

9a:a5:e7:2c:a6:85:24:2e:64:47:3b:41:ee:80:bd:c0:79:f1:

01:af:80:fa

Jun 14 / 2017
0

Linux

Change ownership (chown) on a symbolic link

You already probably noticed that if you want to update the ownership of a symbolic link on any UNIX system, a simple chown won’t do the job.

Indeed, let’s suppose you have this:

8 lrwxr-xr-x   1 user1            group1         4 Jun 13 23:46 link -> test 
8 -rw-r--r--   1 user1            group1         6 Jun 13 23:54 test

1 2	8 lrwxr-xr-x 1 user1 group1 4 Jun 13 23:46 link -> test 8 -rw-r--r-- 1 user1 group1 6 Jun 13 23:54 test

If you’re doing a simple chown:

chown user2:group2 link

1	chown user2:group2 link

You can see that it changes the ownership on the target file and not on the symbolic link:

8 lrwxr-xr-x   1 user1            group1         4 Jun 13 23:46 link -> test 
8 -rw-r--r--   1 user2            group2         6 Jun 13 23:54 test

1 2	8 lrwxr-xr-x 1 user1 group1 4 Jun 13 23:46 link -> test 8 -rw-r--r-- 1 user2 group2 6 Jun 13 23:54 test

If you want to update the symbolic link, you need to use the -h or –no-dereference option to apply the changes on the symbolic link and not on the target:

chown -h user2:group2 link

1	chown -h user2:group2 link

Then, you can see that it’s now updated:

8 lrwxr-xr-x   1 user2            group2         4 Jun 13 23:46 link -> test 
8 -rw-r--r--   1 user2            group2         6 Jun 13 23:54 test

1 2	8 lrwxr-xr-x 1 user2 group2 4 Jun 13 23:46 link -> test 8 -rw-r--r-- 1 user2 group2 6 Jun 13 23:54 test

May 30 / 2017
0

Linux, Python

DNS queries from a file/list to CSV

It’s not easy to perform bulk DNS resolution when you have many DNS/IPs to control. Here is a simple script allowing you to perform DNS resolution over a list of DNS entries or IPs.

Here is a list of DNS (names and IPs) that we put in a file called listDNS.txt

www.python.org
www.pyython.org
208.67.220.220
www.bing.com

www.python.org

www.pyython.org

208.67.220.220

www.bing.com

Let’s copy that script that will do the job in a file called resolverDNS.sh

#!/bin/bash
# Script file - resolverDNS.sh
# Checking existence of arg
if [ "$1" == "" ]
then
  # Display help if wrong usage
  echo "Usage: /bin/bash resolverDNS.sh /path/to/file"
  exit 35
else 
  # Loop over dns and resolve
  while IFS='' read -r line || [[ -n "$line" ]]; do
    dns=''
    # Resolve reverse DNS
    if [[ $line =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
      dns=`dig +noall +answer -x $line +short|tr 'n' ' '`
    # Resolve A record
    else
      dns=`dig a $line +short|tr 'n' ' '`
    fi
    echo -e "$linetis resolving intot${dns}"
  done < "$1"
fi

#!/bin/bash

# Script file - resolverDNS.sh

# Checking existence of arg

if [ "$1" == "" ]

then

# Display help if wrong usage

echo "Usage: /bin/bash resolverDNS.sh /path/to/file"

exit 35

else

# Loop over dns and resolve

while IFS='' read -r line || [[ -n "$line" ]]; do

dns=''

# Resolve reverse DNS

if [[ $line =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then

dns=`dig +noall +answer -x $line +short|tr 'n' ' '`

# Resolve A record

else

dns=`dig a $line +short|tr 'n' ' '`

echo -e "$linetis resolving intot${dns}"

done < "$1"

And now, execute it by passing file path as an arg, and see the output:

$ bash /home/user/resolverDNS.sh /home/user/listDNS.txt 
www.python.org	is resolving into	python.map.fastly.net. 151.101.60.223 
www.pyython.org	is resolving into	
208.67.220.220	is resolving into	resolver2.opendns.com. 
www.bing.com	is resolving into	www-bing-com.a-0001.a-msedge.net. a-0001.a-msedge.net. 204.79.197.200 13.107.21.200

$ bash /home/user/resolverDNS.sh /home/user/listDNS.txt

www.python.org is resolving into python.map.fastly.net. 151.101.60.223

www.pyython.org is resolving into

208.67.220.220 is resolving into resolver2.opendns.com.

www.bing.com is resolving into www-bing-com.a-0001.a-msedge.net. a-0001.a-msedge.net. 204.79.197.200 13.107.21.200

Resolution are done for every line, depending on if it’s an IP or a name (and remain empty if it can’t resolve).
Feel free to adjust the script according to your needs!

May 15 / 2017
0

Linux

Remove list of mail addresses from postfix queue

There is no easy way to remove a list of mails in queue with a same sender or domain in Postfix. But you can use some standard commands to get this working.

First check the list of mails you want to remove with something like

postqueue -p |grep -e 'john.doe@domain.com|jon.doe@domain.com|john.do@domain.com' -B2 |grep "^[A-Z0-9]"

1	postqueue -p \|grep -e '[email protected]\|[email protected]\|[email protected]' -B2 \|grep "^[A-Z0-9]"

You’re getting the list of mails that you will remove with the sender

FC0177DF1A0     8373 Thu May  6 11:24:56  sender@mywebsite.com
F179A2C68AB     9469 Sun May  7 03:21:41  sender@mywebsite.com
EAE217FB850    11049 Sat May  8 04:20:32  sender@mywebsite.com

FC0177DF1A0 8373 Thu May 6 11:24:56 sender@mywebsite.com

F179A2C68AB 9469 Sun May 7 03:21:41 sender@mywebsite.com

EAE217FB850 11049 Sat May 8 04:20:32 sender@mywebsite.com

And now you can remove those mails from the queue by using postsuper -d

postqueue -p |grep -e 'john.doe@domain.com|jon.doe@domain.com|john.do@domain.com' -B2 |grep "^[A-Z0-9]{10}" |cut -d" " -f1 |postsuper -d -

1	postqueue -p \|grep -e '[email protected]\|[email protected]\|[email protected]' -B2 \|grep "^[A-Z0-9]{10}" \|cut -d" " -f1 \|postsuper -d -

You will see the mails being removed

postsuper: FC0177DF1A0: removed
postsuper: F179A2C68AB: removed
postsuper: EAE217FB850: removed
postsuper: Deleted: 3 messages

postsuper: FC0177DF1A0: removed

postsuper: F179A2C68AB: removed

postsuper: EAE217FB850: removed

postsuper: Deleted: 3 messages

May 04 / 2017
0

Linux

Reduce partition size on EXT filesystems on Linux

It is possible to modify a partition size on EXT filesystem thanks to some few commands.

We will take here a simple example:

We have a /dev/sda5 partition mounted on /home
Its size is currently 150G and we want to reduce it to 100G

Let’s check the current config (mounting point and size):

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        28G  3.3G   23G   8% /
/dev/sda2       477M  112M  341M  25% /boot
/dev/sda3       4.7G   12M  4.5G   1% /tmp
/dev/sda4        32G  470M   30G   2% /var
/dev/sda5       148G   87M  140G   1% /home

Filesystem Size Used Avail Use% Mounted on

/dev/sda1 28G 3.3G 23G 8% /

/dev/sda2 477M 112M 341M 25% /boot

/dev/sda3 4.7G 12M 4.5G 1% /tmp

/dev/sda4 32G 470M 30G 2% /var

/dev/sda5 148G 87M 140G 1% /home

We need to first unmount the partition:

# umount /dev/sda5

1	# umount /dev/sda5

If you can’t unmount it, double check what process is using it with the lsof command:

# lsof /home

1	# lsof /home

Then proceed with a check with e2fsck command and resize the partition with resize2fs by defining the new size (M for Megabytes, G for Gigabytes, and so on…)

# e2fsck -f /dev/sda5
# resize2fs /dev/sda5 100G

1 2	# e2fsck -f /dev/sda5 # resize2fs /dev/sda5 100G

Mount your partition back to your system:

# mount /home

1	# mount /home

And check again your partition sizes :

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        28G  3.3G   23G   8% /
/dev/sda2       477M  112M  341M  25% /boot
/dev/sda3       4.7G   12M  4.5G   1% /tmp
/dev/sda4        32G  470M   30G   2% /var
/dev/sda5        99G   87M   94G   1% /home

Filesystem Size Used Avail Use% Mounted on

/dev/sda1 28G 3.3G 23G 8% /

/dev/sda2 477M 112M 341M 25% /boot

/dev/sda3 4.7G 12M 4.5G 1% /tmp

/dev/sda4 32G 470M 30G 2% /var

/dev/sda5 99G 87M 94G 1% /home

We can see that the partition /home has now a size of 100G as expected!

Apr 24 / 2017
0

Linux

Find ILO IP on a HP server with Linux

If you forgot what iLO IP has been defined on your linux server and you are working remotely on it, don’t worry, you can still retrieve it with a common tool called ipmitool – available on most of the distros with standard packages:

[admin@myserver /]# ipmitool lan print
Set in Progress : Set Complete
Auth Type Support :
Auth Type Enable : Callback :
: User :
: Operator :
: Admin :
: OEM :
IP Address Source : Static Address
IP Address : 10.10.50.20
Subnet Mask : 255.255.255.0
MAC Address : 1a:2b:3c:4d:56:78
SNMP Community String :
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 10.10.50.254
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max : XuuaXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM

[admin@myserver /]# ipmitool lan print

Set in Progress : Set Complete

Auth Type Support :

Auth Type Enable : Callback :

: User :

: Operator :

: Admin :

: OEM :

IP Address Source : Static Address

IP Address : 10.10.50.20

Subnet Mask : 255.255.255.0

MAC Address : 1a:2b:3c:4d:56:78

SNMP Community String :

BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled

Default Gateway IP : 10.10.50.254

802.1q VLAN ID : Disabled

802.1q VLAN Priority : 0

RMCP+ Cipher Suites : 0,1,2,3

Cipher Suite Priv Max : XuuaXXXXXXXXXXX

: X=Cipher Suite Unused

: c=CALLBACK

: u=USER

: o=OPERATOR

: a=ADMIN

: O=OEM

If you’re getting such an error when you are using the command:

[admin@myserver /]# ipmitool lan print
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

1 2	[admin@myserver /]# ipmitool lan print Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

This means you just need to enable some modules before:

[admin@myserver /]# modprobe ipmi_devintf
[admin@myserver /]# modprobe ipmi_si

1 2	[admin@myserver /]# modprobe ipmi_devintf [admin@myserver /]# modprobe ipmi_si

Pages:‹1 2 345 6 7...18 ›

Home

Check SSL certificate of an URL with openssl

Change ownership (chown) on a symbolic link

DNS queries from a file/list to CSV

Remove list of mail addresses from postfix queue

Reduce partition size on EXT filesystems on Linux

Find ILO IP on a HP server with Linux

Categories

Recent Posts