User Tools

Site Tools


scripts

Find Largest Files and Dirs:

echo " "; echo " "; echo "Largest Files:"; echo " "; nice -n 19 find `pwd` -mount -type f -ls|sort -rnk7 |head -20|awk '{printf "%d MB\t%s\n",($7/1024)/1024,$NF}'; \
echo " "; echo "=========================== "; echo " "; echo "Largest Directories:"; echo " ";nice -n 19 du -xSk `pwd` | sort -rn | head -20|awk '{printf "%d MB\t%s\n",($1/1024),$NF}' | grep -v '^0'

WARNING Some of these scripts and one liners are still under development and may not produce correct results, use at your own risk, if you wish to improve on them, please let me know and I will publish them giving credit where it is due.

File Operations

Adding multiple IP addresses to eth0 (iplist holds a plain text file of all new IP addresses) a new ifcfg-eth:$i will be created and populated with each new IP.

ip=( `cat iplist` ); for i in ${!ip[*]}; do let i=$i+1; touch ifcfg-eth0:$i; echo "BOOTPROTO=static" > ifcfg-eth0:$i; echo "DEVICE=eth0:$i" >> ifcfg-eth0:$i; echo "IPADDR=${ip[$i]}" >> ifcfg-eth0:$i; echo "NETMASK=255.255.255.0" >> ifcfg-eth0:$i; echo "ONBOOT=YES" >> ifcfg-eth0:$i; cat ifcfg-eth0:$i; done

This one brings up the interface automatically once it is created so you better have your IP file right!

ip=( `cat iplist` ); for i in ${!ip[*]}; do let i=$i+1; touch ifcfg-eth0:$i; echo "BOOTPROTO=static" > ifcfg-eth0:$i; echo "DEVICE=eth0:$i" >> ifcfg-eth0:$i; echo "IPADDR=${ip[$i]}" >> ifcfg-eth0:$i; echo "NETMASK=255.255.255.0" >> ifcfg-eth0:$i; echo "ONBOOT=YES" >> ifcfg-eth0:$i; cat ifcfg-eth0:$i; ifup ifcfg-eth0:$i; done; ifconfig

System Information:

Show rs-sysmon logs from a specified time:

echo "Enter time of resource to less 00:00"; DATE=`date | awk '{print $2,$3}'`; read A; cd /var/log/rs-sysmon; ls -altr | grep "$DATE $A" | awk '{print $9}'

Top 10 CPU processes from rs-sysmon at a specific time:

 echo "Enter the time of the Top 10 cpu you want to show 00:00"; DATE=`date | awk '{print $2,$3}'`; read A; cd /var/log/rs-sysmon; FILE=`ls -altr | grep "$DATE $A" | awk '{print $9}' | grep resource`; cat $FILE | grep -A 10 "Top 10 cpu"

Find highest load today, then display the top 10 processes during that time and sar -q after the time of the highest load.

clear; \
echo " "; \
echo " "; \
SARQ=`sar -q | grep -v run|grep -v Aver|grep -v Linux | awk '{print $7}' | sort -g | tail -1`; \
RSFILE=`sar -q | grep -v Average|grep -v run|grep -v Linux | grep "$SARQ" | awk '{print $1,$2}'| tail -1`; \
M=`date -d "$RSFILE" "+%b"`; \
D=`date -d "$RSFILE" "+%d" | sed 's/^[0]*/ /'`; \
H=`date -d "$RSFILE" "+%H:%M" | cut -c1-4`; \
SARTIME=`date -d "$RSFILE" "+%H"`; \
cd /var/log/rs-sysmon; \
RES=`ls -altr | grep -v 2012| grep "$M$D $H" | grep resources.log | awk '{print $9}'`; \
grep -A 11 "Top 10 cpu" $RES; echo " "; \
echo "Recorded in /var/log/rs-sysmon/$RES"; \
echo "The Highest Load recorded today was $SARQ at this time: $RSFILE"; \
echo " "; \
echo " "; \
sar -q -s $SARTIME:00:00 | grep -v Linux | grep -A 7 runq-sz

sar -u

clear; echo " "; echo " "; SARQ=`sar -u | grep -v 'CPU|-v Aver|-v Linux' | awk '{print $8}' | sort -g -r | tail -2`; RSFILE=`sar -u | grep -v 'CPU|-v Aver|-v Linux' | grep "$SARQ" | awk '{print $1}' | cut -c1-5`; TODAY=`date | awk '{print $2,$3}' | cut -c1-10`; cd /var/log/rs-sysmon; RES=`ls -altr | grep "$TODAY $RSFILE" | grep resources.log | awk '{print $9}'`; grep -A 11 "Top 10 cpu" $RES; echo " "; echo "Recorded in /var/log/rs-sysmon/$RES"; echo "The lowest CPU %idle recorded today was $SARQ at $RSFILE:00"; echo " "; echo " ";sar -u -s $RSFILE:00 | grep -v Linux | grep -A 7 CPU | grep -v Average

#rs-sysmon find top 10 processes over several log files to see trending

echo "start log number"; read s;echo "end log number"; read e; for i in $(seq $s $e); do echo " "; echo "===============";ls -al /var/log/rs-sysmon/resources.log.$i | awk '{ print $6"-" $7"-" $8 "_" $9}'; cat resources.log.4 | grep -A 10 "Top 10 cpu" | cut -c1-120; echo "==============="; echo " " ; echo " "; done

#sar stats using q u r b flags over a period of time

echo "enter start time 00:00:00" ;read s; echo "enter end time 00:00:00" ;read e;for i in q u r b; do echo " "; echo " "; echo "sar -$i -s $s -e $e"; sar -$i -s $s -e $e | grep -v 'Average|Linux'; echo "===============";done 

Java Mem size:

pgrep -fl java |grep -o 'Xmx[0-9]*m'

Test network speed:

nc -l 2049|bzip2 -d|dd bs=16M of=/dev/null <-- reciever

dd bs=16M if=/dev/somedrive|bzip2 -c|nc reciever 2049 <--tansmitter

Solaris:

# .bashrc

# User specific aliases and functions

#alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
alias ..='cd ..'
export EDITOR=/usr/bin/vim
export TERM=vt100
alias cd..='cd ..'
alias df='df -h'
alias du='du -h'
alias l='ls -l'
alias la='ls -al'
alias msg='tail /var/adm/messages'
PS1user="$( test `/usr/bin/whoami` == root && echo '\[\e[101m\]' )\u\[\e[0m\]"
PS1color='\[\e[1;37;44m\]' # color of working directory
PS1="$PS1user@\h:$PS1color\w\[\e[0m\]$PS1version> "
tty | grep pts > /dev/null && PS1="$PS1\[\e]0;\u@\h\a\]";

export PS

Prompt:

PS1user="$( test /usr/bin/whoami == root && echo '\[\e[101m\]' )\u\[\e[0m\]"; PC=44m; if [ -e /etc/cluster/cluster.conf ];then PC=41m; fi; PS1color='\[\e[1;37;$PC\]'; PS1="\d - \t\n$PS1user@\h:$PS1color\w\[\e[0m\]$PS1version> "; echo " "; w; echo " "; echo " "; df -h
	

########################### < CPU Troubleshooting > ###########################

CPU USAGE FROM SAR
	sar | grep -v Average | awk '{print $1" "$2" \t"$4"%"}'
	sar | grep Average | awk '{print $1" "$3"%"}'
	sar | grep -v Average | awk '{print $1" "$2" \t"$4"%"}' ; sar | grep Average | awk '{print $1" "$3"%"}'

MONTHLY AVERAGES 
	for i in `ls /var/log/sa/ | egrep 'sa[0-9][0-9]'` ; do sar -f /var/log/sa/$i | grep Average | awk '{print $1" "$3"%"}' ; done

LOAD AVERAGES
	sar	-q | grep -v Average | awk '{print $1" "$2" \t"$5}' ; sar -q | grep Average | awk '{print $1" "$4}'


########################### < Network Troubleshooting > ###########################

NETSTATS
	netstat -ntlp 
	netstat -pant

CHECK FOR DDOS
	netstat -pant | grep :80 | awk '{print $5}' | sort -r | uniq -c | sort -ru | head
	
SAR NETWORK TRAFFIC
	sar -n DEV -i 3600 -f /var/log/sa/sa05 | grep -i eth0
	
QUICK IP ADDRESS
	ifconfig |awk '/eth/{getline i;printf  $0" ";printf "%s\n", i" "}'|awk '{print $1,substr($7,6)}'


########################### < MySQL Tricks > ###########################

QUICK SLAVE STATUS
	mysql -e 'show slave status\G' | egrep 'Slave_IO|Slave_SQL|Behind'

TABLE SIZE
	SELECT TABLE_SCHEMA, SUM(data_length+index_length) FROM INFORMATION_SCHEMA.TABLES GROUP BY TABLE_SCHEMA; 	  			
	SELECT s.schema_name, CONCAT(IFNULL(ROUND(SUM(t.data_length)/1024/1024,2),0.00),"Mb") as Data_size, CONCAT(IFNULL(ROUND(SUM(t.index_length)/1024/1024,2),0.00),"Mb") as Index_size,COUNT(table_name) total_tables FROM INFORMATION_SCHEMA.SCHEMATA s LEFT JOIN INFORMATION_SCHEMA.TABLES t ON s.schema_name = t.table_schema WHERE s.schema_name not in("mysql","information_schema","test") GROUP BY s.schema_name order by Data_size DESC; 


########################### < RPM Tricks > ###########################


rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE} %{ARCH}\n' <packagename> <packagename2>



########################### < OpenSSL Stuff > ###########################

MAKE A CSR
	openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key


########################### < Apache Stuff > ###########################

<REWRITE for non-www to www >
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^domain\.com [NC]
    RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
</REWRITE>
More documentation at http://www.webweaver.nu/html-tips/web-redirection.shtml

SHOW RUNNING MODULES
	httpd -t -D DUMP_MODULES

MOST POPULAR IP/PAGES
	tail -5000 /var/log/httpd/access_log | awk '{print $1, $7}' | sort | uniq -c | sort -rn | head -10
	tail -5000 /var/log/httpd/access_log | awk '{print $7}' | sort | uniq -c | sort -rn | head -n 20
	
ALL HITS DURING AN HOUR
	grep -c 24/May/2010:21 /var/log/httpd/access_log

APACHE MEMORY USAGE	
	ps -eo rsz,args | grep httpd | awk ' { SUM += $1 } END { print "Memory used by Apache = "SUM/1024 " Megs" "\nNumber of process runing = " NR "\nAverage of each process mem usage = " SUM/1024/NR " Megs"} '

########################### < SSH Tricks > ###########################

COPY DIRECTORY TO TARBALL OVER SSH
	( cd SOURCEDIR && tar cvf - . | gzip -1 -) | ssh target_address "(cd DESTDIR && cat - > remotefile.tgz )"
	
COPY FILE TO GZIP
	cat localfile | gzip -1 - | ssh target_address cat ">" remotefile.gz
	
COMPARE FILES ON TWO MACHINES:
	using cpu on local machine:
		ssh target_address cat remotefile | diff - localfile
	
	using cpu on remote machine:
		ssh target_address cat <localfile "|" diff - remotefile

COPY A DATABASE MYSQL -> MYSQL
	mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
	

More One liners from others:

#rs-sysmon find top 10
echo "start log number"; read s;echo "start log number"; read e; for i in {s$..e$}; do echo " "; echo "===============";ls -al /var/log/rs-sysmon/resources.log.$i | awk '{ print $6"-" $7"-" $8 "_" $9}'; cat resources.log.4 | grep -A 10 "Top 10 cpu" | cut -c1-120; echo "==============="; echo " " ; echo " "; done

echo "start log number"; read s;echo "end log number"; read e; for i in $(seq $s $e); do echo " "; echo "===============";ls -al /var/log/rs-sysmon/resources.log.$i | awk '{ print $6"-" $7"-" $8 "_" $9}'; cat resources.log.4 | grep -A 10 "Top 10 cpu" | cut -c1-120; echo "==============="; echo " " ; echo " "; done

#sar stats
for i in q u r b; do echo " "; echo " "; echo "sar -$i -s 02:30:00 -e 03:30:00"; sar -$i -s 04:00:00 -e 05:00:00 | grep -v Average | grep -v Linux; echo "===============";done
 
echo "enter start time 00:00:00" ;read s; echo "enter end time 00:00:00" ;read e;for i in q u r b; do echo " "; echo " "; echo "sar -$i -s $s -e $e"; sar -$i -s $s -e $e | grep -v Average | grep -v Linux; echo "===============";done 

 #memory % stats
(unset LANG ;sar -r) | awk '{print ($1" - "$4)}'| head -1;echo "Time - Real memory used %"; (unset LANG ;sar -r) | awk '$3~/[0-9]/{total=$3+$2; usedbc=$3-($5+$6); pc_used=(100*usedbc)/total;print $0,pc_used} $3!~/[0-9]/{print $0}' | awk '{print ($1" - "$11"%")}'| tail -48
 
#mysql db sizes
SELECT table_schema "Data Base Name", SUM( data_length + index_length) / 1024 / 1024 
"Data Base Size in MB" FROM information_schema.TABLES GROUP BY table_schema ;

FLUSH TABLES WITH READ LOCK


#The threshold for the slave being behind the master is 60 seconds.

#When this alert comes in, first check to see if we are still behind the master
   # mysql -e "show slave status \G" | grep -i seconds
  
If Seconds_Behind_Master is NOT 0, please check processes running
   # mysqladmin proc stat
   
This system has rs-sysmon running every two minutes.  Look at the most recent log files and try to troubleshoot why the server is running behind the master.
   # ls -lr /var/log/rs-sysmon/mysql.log* | tail -n 20

Post your findings in a public update to the customer.
 
 mysql -e 'show full processlist\G'
 
 
lsof | awk '{print $7,$9}' | sort -rn | head


<Address for RDP server for DracNet>

</address for RD>


<CPU Usage>

#Sar CPU %user
 sar | grep -v Average | awk '{print $1" "$2" \t"$4"%"}'

#sar CPU %idle
 sar | grep -v Average | awk '{print $1" "$2" \t""idle \t"$9"%"}'
 
 #Sar CPU Average
 sar | grep Average | awk '{print $1" "$3"%"}'

sar | grep -v Average | awk '{print $1" "$2" \t"$4"%"}' ; sar | grep Average | awk '{print $1" "$3"%"}'

#Monthly averges 
  for i in `ls /var/log/sa/ | egrep 'sa[0-9][0-9]'` ; do sar -f /var/log/sa/$i | grep Average | awk '{print $1" "$3"%"}' ; done
Que Lenght:
sar -q | grep -v Average | awk '{print $1" "$2" \t"$5}' ; sar -q | grep Average | awk '{print $1" "$4}'

</CPU Usage>


<NETSTAT COMMANDS>

netstat -ntlp 
netstat -pant

#See if u being DOSed
netstat -pant | grep :80 | awk '{print $5}' | sort -r | uniq -c | sort -ru | head

</NETSTAT COMMANDS>

<RHEL 4 CLUST COMMANDS>

  for i in rgmanager fenced cman ccsd ; do service $i stop; chkconfig $i off; done

  for i in ccsd cman fenced rgmanager ; do service $i start; chkconfig $i on; done

</RHEL 4 CLUST COMMANDS>

<MYSQL STUFF>

#Slave status
mysql -e 'show slave status\G' | egrep 'Slave_IO|Slave_SQL|Behind'

#How big all the tables r.
SELECT TABLE_SCHEMA, SUM(data_length+index_length) FROM INFORMATION_SCHEMA.TABLES GROUP BY TABLE_SCHEMA; 	  			

#Another how big are all the tables.
mysql> SELECT s.schema_name, CONCAT(IFNULL(ROUND(SUM(t.data_length)/1024/1024,2),0.00),"Mb") as Data_size, CONCAT(IFNULL(ROUND(SUM(t.index_length)/1024/1024,2),0.00),"Mb") as Index_size,COUNT(table_name) total_tables FROM INFORMATION_SCHEMA.SCHEMATA s LEFT JOIN INFORMATION_SCHEMA.TABLES t ON s.schema_name = t.table_schema WHERE s.schema_name not in("mysql","information_schema","test") GROUP BY s.schema_name order by Data_size DESC; 

#.my.cnf (home directory authentication file)
[root@GlaDOS ~]# cat .my.cnf
[client]
user=root
password=blah

</MYSQL STUFF>

<RPM>
rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}
%{ARCH}\n' [package1] [package2]
</RPM>


<OpenSSL>

Testing the modulus on cert / key pair
# openssl rsa -in <key-file> -noout -modulus 
Modulus=C4E1899746B5DCE32505303ADDAAA2D0922065EA33C7E5E9C2678820FB88D575A2434942492A46986B44EADC9152816B3A4FC09B905CB0194CB6DDF0C7A44DA0277BE830B6FD600D5B43DDDCF2439574019ECF86DD683ECFCA10242CF9ECF14F7093FDB88300B8DC9F5DE60597283CF567EF5F61DA1E4490EA0A8543538F4019 
# openssl x509 -in <crt-file> -noout -modulus 
Modulus=C4E1899746B5DCE32505303ADDAAA2D0922065EA33C7E5E9C2678820FB88D575A2434942492A46986B44EADC9152816B3A4FC09B905CB0194CB6DDF0C7A44DA0277BE830B6FD600D5B43DDDCF2439574019ECF86DD683ECFCA10242CF9ECF14F7093FDB88300B8DC9F5DE60597283CF567EF5F61DA1E4490EA0A8543538F4019 

Then, we can check that the certificate is for the right hostname and  has a good expiry date like this: 

# openssl x509 -in <crt-file> -noout -subject -dates 


# Making an CSR
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

</OpenSSL>



<APACHE>

  <REWRITE for non-www to www >
            RewriteEngine on
            RewriteCond %{HTTP_HOST} ^lotuscars\.com [NC]
            RewriteRule ^(.*)$ http://www.lotuscars.com/$1 [L,R=301]
  </REWRITE>
More documentation at http://www.webweaver.nu/html-tips/web-redirection.shtml

#Showing running modules
httpd -t -D DUMP_MODULES

</APACHE>


<WORK IN PROGESS>

#Addes new ifcfg scripts.
for i in `seq 26 36`; do cp -f ifcfg-bond0 ifcfg-bond:$i; sed "s/DEVICE=bond0/DEVICE=bond0:$i/g" ifcfg-bond:$i;sed "s/IPADDR=192.168.201.35/IPADDR=192.168.201.($i+24)/g" ifcfg-bond:$i ; done

#looking at httpd logs
#Most popular IP and pages
tail -5000 /var/log/httpd/access_log | awk '{print $1, $7}' | sort | uniq -c | sort -rn | head -10 


#Most popular pages.
tail -5000 /var/log/httpd/access_log | awk '{print $7}' | sort | uniq -c | sort -rn | head -n 20


#Over all hits durning a certian hour
grep -c 24/May/2010:21 /var/log/httpd/access_log



#Looking at network traffic via sar.
sar -n DEV -i 3600 -f /var/log/sa/sa05 | grep -i eth0 



#PIDs that are using a filesystem
fuser -m <mount point>


#The last few hours of sar output.
sar -r | tail -n11 | head -n10 | awk '{ printf "%s -- %3.2f%%\n",$1,($4-$6-$7)*100/($3+$4)}'



#Network output
sar -n DEV



#Shows the devices IP address.
ifconfig |awk '/eth/{getline i;printf  $0" ";printf "%s\n", i" "}'|awk '{print $1,substr($7,6)}'



#find the newest files when searching through multiple directory tree's from the top level:
find /home/toast/ -type f -mount -printf "%AY%Aj%AH%AM%AS---%h/%f\n" | sort -n


#SCAN new scsi drives
echo "- - -" > /sys/class/scsi_host/host0/scan



#Show intturpts
while true; do i=`grep timer /proc/interrupts | awk '{print $2}'`; sleep 1; b=`grep timer /proc/interrupts | awk '{print $2}'` ; echo $b - $i | bc && sleep 1; done



</WORK IN PROGESS>




high cpu/proc queue:
resize;clear;echo;date;echo "Top 10 Processes by CPU %";echo "";ps -eo user,%cpu,\
%mem,rsz,args,pid,lstart|sort -rnk2|awk 'BEGIN {printf "%s\t%s\t%s\t\
%s\t%s\n","USER","%CPU","%MEM","RSZ","COMMAND","PID","Started"}{printf \
"%s\t%g'%'\t%g'%'\t%d MB\t%-10s\n",$1,$2,$3,$4/1024,$5}'|head -n10;echo;\
echo "== Last Half Hour ==";echo;sar|head -n3;sar -u|tail -n4;echo;sar \
-q|head -n3;sar -q|tail -n4;echo;echo "== Current 2 Second Intervals ==";\
echo;sar -u 2 5;echo;sar -q 2 5

suspected DoS top 10 source IPs:
netstat -natp | grep httpd | grep -i stab | awk '{print $5}' | awk -F: \
'{print $1}' | sort | uniq -c | sort -nrk1 | head

low disk:
FS='/';NUMRESULTS=20;resize;clear;date;df -h $FS; echo "Largest Directories:";\
du -x $FS 2>/dev/null| sort -rnk1| head -n $NUMRESULTS| awk '{printf "%d MB %s\n",\
$1/1024,$2}';echo "Largest Files:"; nice -n 19 find $FS -mount -type f -ls \
2>/dev/null| sort -rnk7| head -n $NUMRESULTS|awk '{printf "%d MB\t%s\n",\
($7/1024)/1024,$NF}'

Reboot Sanity check (before rebooting):
echo "Checking for potential issues in case of reboot:";echo "START LIST";for i in `service --status-all | grep running | awk {'print $1'}`; do chkconfig --list $i 2>/dev/null| grep 3:off | grep -v ipmi; done; for i in `cat /proc/net/bonding/bond0 2>/dev/null| grep -v 'Active' | egrep -o 'eth.|HW.*' | tr '\n' ' ' | sed s/://g | sed s/eth/'@eth'/g | tr '@' '\n' | awk {'print $1'}`; do grep -Hi hwaddr /etc/sysconfig/network-scripts/ifcfg-$i | sed s/://g | grep -vi `cat /proc/net/bonding/bond0 | grep -v 'Active' | egrep -o 'eth.|HW.*' | tr '\n' ' ' | sed s/://g | sed s/eth/'@eth'/g | tr '@' '\n' | grep $i | awk {'print $4'}` -; done; for i in `ls /etc/sysconfig/network-scripts/ifcfg-eth[0-9]`; do echo $i; grep -i hwaddr $i; echo $?; done | egrep -B1 "^1$"; for i in `ifconfig | awk {'print $1'} | egrep 'eth|bond'`; do grep -h onboot /etc/sysconfig/network-scripts/ifcfg-$i| grep -vi yes; done;for i in `df -h | awk {'print $1'} | egrep -v 'Filesystem|none'`; do echo $i > i; grep $i /etc/fstab | awk {'print $1'} | diff - i; rm -f i; done; clustat 2>/dev/null; powermt display dev=all 2>/dev/null; if [ `mount -l | grep nfs > /dev/null 2>&1; echo $? -eq 0` ]; then chkconfig --list netfs | grep 3:off; chkconfig --list portmap | grep 3:off;fi;ps heo cmd | egrep -i '^ora';ps aux | egrep -i 'jboss|resin|tomcat|java|ruby|rails' | grep -v grep; lsmod|grep mpp;echo "END LIST"; if [ `which racadm >/dev/null 2>&1; echo $? -eq 0` ]; then echo "DRAC IP"; racadm getniccfg | grep 'IP Address'; fi

/usr/sbin/varnishd -P /var/run/varnish.pid -a :80 -n th
enorthface.com -T localhost:6082 -f /etc/varnish/tnf.vcl -S /etc/varnish/secret -s malloc,2G


nc -l -p 8085 < backpipe | tee -a in | nc localhost 8095 | tee -a out.html > backpipe
scripts.txt · Last modified: 2013/11/13 16:29 (external edit)