Home

Linux Commands:

RHEL DnF Cheat Sheet
Network Commands 

###set proxy via cli
export http_proxy="http://yew-smw-01.schools.learnsheffield.com:8080"

###Delete IP Bridge Bridge
sudo ip link delete br0 type bridge

###Set Duplex on EthX interface
ethtool -s ethX duplex full speed 100 autoneg off
ln -s /root/9999custom /etc/actions/interfacesup/

###Use DIG to find IPs in a file
/root/tracedomain.txt xargs -n1 dig +short A
/root/tracedomain.txt xargs -n1 dig  +short A | grep 195.59.70.240
Linux OS and Information 

###view IRQs using Grep and watch
watch -n1 grep TX /proc/softirqs

###iotop - top ten processes
iotop -o -b -d 10

###Show top ten file handled proccess
lsof | cut -f1 -d \ | sort | uniq -c | sort -nr | head

###On Debian Linux OS
ps -xaw -o state,ppid | grep Z | grep -v PID | awk '{ print $2 }' | xargs kill -9

###reset password in htpaswd
htpasswd /settings/auth/users htadmin_user
echo "htadmin_user::admin:" >> /settings/auth/groups


Rebuilding a Software RAID:
Step by step to rebuild software RAID on Debian based instance:
Install new drive (Find serial of drive to replace “udevadm info --query=all --name=/dev/sdX”)
udevadm info --query=all --name=/dev/sda
Dd the drive (“dd if=/dev/zero of=/dev/sda bs=1M count=1”) No need to do all of it!
The partitions will need to be replicated to the new disk, you can verify this with “lsblk”. This is how to copy the partitions:
Apt-get install gdisk
!!!!Warning!!!sgdisk --replicate=$dest $source (e.g. to copy sda to sdb: sgdisk --replicate=/dev/sdb /dev/sda)
Now verify with “lsblk” and add each partition into the relevant multiple device raid number, e.g.
You can find the multiple device raid numbers with “cat /proc/mdstat”.
mdadm /dev/md2 --add /dev/sda2
mdadm /dev/md4 --add /dev/sdb4
Then wait until finished, you can watch with:
Watch cat /proc/mdstat
#zero disk
dd if=/dev/zero of=/dev/sda bs=1M count=1
#copy partitions
sgdisk -R /dev/sda /dev/sdb
#list partitions
fdisk -l /dev/sda
fdisk -l /dev/sdb
lsblk
#restore RAID
mdadm --manage /dev/md2 --add /dev/sda2
OpenSSL turn .pem file into .crt file 

openssl pkcs12 -in D83_18-21.pem -out server.key -nocerts -nodes
openssl pkcs12 -in D83_18-21.pem -out server.crt -nokeys
cp server.key /etc/httpd/sever.key
cp server.crt /etc/httpd/server.crt
Find command examples 

Find Command Examples:
find . -mtime 4 -name "access.log.??????????" -exec grep 195.59.70.240 {} \;
find . -mtime 4 -name "access.log.??????????" -exec jq .destdomain {} \;AP089PH6JXJ2NZ78
find . -mtime 4 -name "access.log.??????????" -exec jq .destdomain {} -rc \; | sort -u >>
find /var/log/ -name log.?????????? -newermt "$(date -d '1 week ago' '+%m/%d/%Y %H:%M:%S')" -! -newermt "$(date -d '1 hour ago' '+%m/%d/%Y %H:%M:%S')" -exec grep blocked..true {} \; 


### Use find + Gzip to compress files
find /var/log/ -type f -mtime +7 -name 'access.log.??????????' -exec gzip {} \;

### Find and change epoch time to redable time using JQ, find, zcat and grep
find /path/to/data/ -wholename "*filename.gz" -exec zcat -f -n1 {} \; |jq -r '[(.date|todateiso8601),(map(.))]|flatten|@csv' | grep -e "10\.0\.255\.15" >> /var/log/output.txt


### Compresses  logs to tgz files and removes none compressed logs
find /var/log/log.?????????? -mtime +14 -exec tar -zcvf {}.tgz {} \; -exec touch -r {} {}.tgz \; -exec rm {} \;
find . -maxdepth 1 -mindepth 1 -type f -exec tar -zcvf {}.tgz {} --remove-files \;
find . -maxdepth 1 -mindepth 1 -type f -n  access.log.1552[2-3]????? -exec tar -zcvf {}.tgz {} --remove-files \;


### Find URL Path in a log
find log.?????????? -mtime +2 -exec cat {} \: | grep -Po "\"url\"\:\"https\:\\\/\\\/" | sort | uniq -c | sort -n | tail

### Find and sort URLs in log files
for x in `find log.?????????? -mtime +2`; do grep -Po "\"url\"\:\"https\:\\\/\\\/.*?\"" $x | sort | uniq -c | sort -n | tail; done