generate diagram with dot from .dot file

Posted on November 22, 2013 by ForDoDone

cat test.dot | dot -T png -o test.png

dig spf and domainkeys txt records

Posted on October 28, 2013 by ForDoDone

# dig txt fordodone.com @4.2.2.2

;; ANSWER SECTION:
fordodone.com.             900     IN      TXT     "v=spf1 mx -all"
fordodone.com.             900     IN      TXT     "spf2.0/mfrom mx"

# dig txt mx._domainkey.fordodone.com

;; ANSWER SECTION:
mx._domainkey.fordodone.com. 3472 IN    TXT     "p=MIGfMA0GCSqGSIb3DQEBAJFHEBCY5DCBiQKBgQC1zZ4Mc7HiXNM0Cu3GZxwcI9vs4nIIcAIlzefnB9MbXrmQJF0m75BsKj8xer23oS7apleInob0RjneHbi+bwvEAa/NN7AjxTxla42dLoXOM+1B0Wf6taG3Vma/FS3bOdqWKo1J4hP8masXJ+PdkMy+LWqSp66fvJtG9U6/eQ4sJwIDAQAB\;"

get actual size of sparse file

Posted on October 24, 2013 by ForDoDone

You can see the actual size of a sparse file vs. the apparent size.

# ls -l /var/log/lastlog
-rw-rw-r-- 1 root utmp 684182572 Oct 24 16:56 /var/log/lastlog
# du --apparent-size /var/log/lastlog
668148  /var/log/lastlog

# du -h /var/log/lastlog 
48K     /var/log/lastlog
# ls -ls /var/log/lastlog 
48 -rw-rw-r-- 1 root utmp 684182572 Oct 24 16:56 /var/log/lastlog

convert log time seconds to readable date

Posted on October 22, 2013 by ForDoDone

[1122633.028643] end_request: I/O error, dev sdc, sector 0

When looking in logs, like dmesg, error messages are preceded by a number that represents the uptime on the server in seconds at the time of the error. So this I/O error happened 1122633 seconds after the machine booted. This means nothing to us. In order to see when the error happened, you need to convert the seconds of uptime into a readable date.

First get the date/time at which the server booted using who -b and convert to seconds. Then add the seconds of uptime from the error message, and then convert back to a human readable date:

# date --date="@$(echo $(date --date="`who -b | awk '{print $3" "$4}'`" +%s)+1122633|bc)"
# Tue Oct 22 00:03:33 PDT 2013

So this error happened shortly after midnight. Very interesting…

delete entries from conntrack table

Posted on October 17, 2013 by ForDoDone

To delete many many entries to a destination IP in conntrack table:

# conntrack -D -d 11.22.33.44

sort nested directories by last modified using find

Posted on September 16, 2013 by ForDoDone

Using ls -lt to sort a file listing by last modified time is simple and easy. If you have a large directory tree with tens of thousands of directories, using find with some massaging might be the way to go. In this example there is a directory with many directories in a tree like this:

./1
./1/1
./1/1/1
./1/1/2
./1/2
./1/2/3
./2
./2/3
./2/3/4
./2/3/5
./2/3/7
./2/3/8

we are interested in the 3rd level directory and getting a list of which ones were most recently modified

# find . -mindepth 3 -maxdepth 3 -ls | awk '$10 !~ /^20[01]/' | sed -e 's/:/ /' | sort -k8,8M -nk9,9n -nk10 -nk11 | awk '{print $12" "$8" "$9" "$10":"$11}'| column -t | tail -10

We start by finding only 3rd level directories with extended listings (there are no files at this level, so -type d is unnecessary). Then use awk to only print directories that have been modified this year (i.e. anything with a year like 200* or 201* instead of a hour:minute in column 10). Replace the time colon HH:MM so that we can sort by minute after we sort by hour. Then rearrange the columns, add back the hour:minute colon, run it through column to get nice columns, then get the last 10 results.

./586/1586/1311586  Sep  16  16:11
./980/6980/2326980  Sep  16  16:18
./616/3616/513616   Sep  16  16:20
./133/9133/2119133  Sep  16  16:21
./422/6422/2106422  Sep  16  16:24
./566/6566/2326566  Sep  16  16:46
./672/672/2310672   Sep  16  16:51
./680/680/2290680   Sep  16  17:42
./573/5573/2325573  Sep  16  17:47
./106/1106/2321106  Sep  16  17:49

quick memcache testing and troubleshooting

Posted on September 10, 2013 by ForDoDone

Here’s a quick way to test your new memcached setup. At first it’s a bit confusing to understand that memcache has no knowledge of what keys it stores, just whether or not it has a particular key. Unlike relational databases, you can’t query memcache and get all of the values it has. You have to know the key that you want to fetch before you ask memcache about it. Let’s ask it the value for the key foo:

telnet memcacheserver 11211
Trying 10.131.215.181...
Connected to 10.131.215.181
Escape character is '^]'.
get foo
END

It returns nothing, so it doesn’t have any value for that key. The key foo is unset. Let’s set it:

set foo 0 0 3
bar
STORED

When you set a key like this, follow the syntax “set <keyname> <flag> <ttl> <storebytes>”. In this case our key is foo, we have no important flags (0), there is no expiration of the key value pair (0), and the data we are about to store is 3 bytes (aka 3 characters). Let’s fetch it now:

get foo
VALUE foo 0 3
bar
END

It returns the value of key foo as bar. Now delete it:

delete foo
DELETED

Now another, this time the key is “foobar”, and the data is a 12 byte string “barbarbarbar”:

set foobar 0 0 12
barbarbarbar
STORED
get foobar
VALUE foobar 0 12
barbarbarbar
END
delete foobar
DELETED
^]
telnet> close
Connection closed.

identify hard drive serial number

Posted on September 2, 2013 by ForDoDone

# hdparm -I /dev/sda | grep Serial
        Serial Number:      WD-WCAL71856931
#

# smartctl -a /dev/sda | grep 'Serial Number'
Serial Number:    WD-WCAL71856931
#

These utilities are from the hdparm and smartmontools packages:

# dpkg -l | grep hdparm
ii  hdparm                              9.32-1                       tune hard disk parameters for high performance
# dpkg -l | grep smart
ii  smartmontools                       5.39.1+svn3124-2             control and monitor storage systems using S.M.A.R.T.
#

wipe hard drive with shred

Posted on September 1, 2013 by ForDoDone

Use the shred utility to wipe an old hard drive. Shred is part of the coreutils package on Linux.

# dpkg -S /usr/bin/shred
coreutils: /usr/bin/shred

To wipe /dev/sdc use this:

shred -vfz -n 20 /dev/sdc

This will overwrite the drive 20 times (-n 20), show progress (-v), force if permissions needed (-f), and overwrite the last time with zeros (-z) making it look like a blank hard drive. 20 times is way overkill, but we have to be paranoid. The average person wouldn’t be able to get past the layers of RAID1, volume encryption, lvm, and ecryptfs home dir encryption, let alone a single pass of zeros, but we want to make it more difficult for people/agencies who know what they are doing.

find files modified today

Posted on August 30, 2013 by ForDoDone

find is an amazing command. With the proper manipulation it can be used to massage out the file data you need.

To find files modified in the last 24 hours is straight fowrard. Just look for files with a modified time of now() minus 1 day (24 hours):

find . -type f -mtime -1 -ls

But if you just want files modified today it’s a bit more involved:

touch -t `date +%m%d0000` /tmp/$$
find . -type f -newer /tmp/$$ -ls
rm /tmp/$$

touch a file with the timestamp of 12am today. The file can have any name, but we just use the bash pid here. Then find files newer than that file. It will return files modified some time since 12am. Then remove the touched file.

ForDoDone

Tales from the Command Line…

Category Archives: Linux