Tag Archives: linux

How to create a self-signed wildcard certificate. [cheatsheet]


openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -sha1 -key rootCA.key -days 3650 -out rootCA.pem

openssl genrsa -out SITE.key 2048
openssl req -new -key SITE.key -out SITE.csr

Create a file named SITE.cnf, and put the following inside:

[req]
req_extensions = v3_req

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = domain.com
DNS.2 = *.domain.com

Finally:

openssl x509 -req -days 9999 -in SITE.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out SITE.crt -extfile SITE.cnf

Great tool to test the installed certificate:
gnutls-cli --x509cafile rootCA.pem -p [ssl_sevice_port] domain.com

[bash] ping a host until it responds

example:

# for i in `cat ~/mysql-list.txt`; do ssh -t root@${i} "hostname; date; echo \"FLUSH TABLES;\" | mysql; shutdown -fr now && date; sleep 40"; sleep 20; while true; do ping -c1 -W2 ${i} 2>&1 >/dev/null; if [[ "$?" == "0" ]]; then ping -c1 ${i}; break; fi; done; done

# for i in `seq -w 1 459`; do ssh root@srv0${i} "hostname; date; shutdown -fr now && date; sleep 40"; sleep 20; while true; do ping -c1 -W2 srv0${i} 2>&1 >/dev/null; if [[ "$?" == "0" ]]; then ping -c1 srv0${i}; break; fi; done; done

——

bash simple progress counter example
p=0; t=0; for USER in `ls /home/www`; do t=$(($t+1)); test "current_user" = "${USER}" && p=$t; done; echo $p "/" $t

debian kernel build cheatsheet

$ aptitude install linux-source-2.6.32
or:
$ dpkg-source -x linux-2.6_2.6.38-1.dsc
Edit the EXTRAVERSION entry in Makefile:
EXTRAVERSION = .20110317

$ make mrproper
$ make xconfig # or make menuconfig
$ export CONCURRENCY_LEVEL=16 # this is optional
$ make-kpkg clean
$ make-kpkg –initrd kernel_image
$ cd ..
install:
$ dpkg -i linux-image-2.6.32.20110317.deb
uninstall:
$ dpkg -P linux-image-2.6.32.20110317

new hdd bootstrap for linux

cmd.list:
n
p
1
 
+128M
n
p
2
 
+10G
n
p
3
 
+8G
n
e
 
 
n
 
+24G
n
 
 
a
1
t
3
82
w

export sdx=sdb;
fdisk /dev/${sdx} < cmd.list
———
mkfs -t ext3 /dev/${sdx}1;
mkfs -t ext4 /dev/${sdx}2;
mkfs -t ext4 /dev/${sdx}5;
mkfs -t ext4 /dev/${sdx}6;
#optimal for raid10:
mkfs -t ext3 -b 4096 -E stride=64,stripe-width=128 /dev/${sdx}1;
mkfs -t ext4 -b 4096 -E stride=64,stripe-width=128 /dev/${sdx}2;
mkfs -t ext4 -b 4096 -E stride=64,stripe-width=128 /dev/${sdx}5;
mkfs -t ext4 -b 4096 -E stride=64,stripe-width=128 /dev/${sdx}6;
tune2fs -m 0 /dev/${sdx}6;
mkswap /dev/${sdx}3;
#—
#mount:
mkdir /mnt/${sdx}2; mount /dev/${sdx}2 /mnt/${sdx}2; mkdir /mnt/${sdx}2/boot; mount /dev/${sdx}1 /mnt/${sdx}2/boot;
mkdir /mnt/${sdx}2/var; mount /dev/${sdx}5 /mnt/${sdx}2/var; mkdir /mnt/${sdx}2/home; mount /dev/${sdx}6 /mnt/${sdx}2/home;
#—
#copy:
ssh root@srv "tar -vpcf - --numeric-owner --exclude=/dev/* --exclude=/proc/* --exclude=/sys/* --exclude /tmp/* --exclude=/var/cache/apt/archives/* / | gzip -1" | gunzip | tar -pxf - --numeric-owner -C /mnt/${sdx}2
#local copy:
#tar -vpcf - --numeric-owner --exclude=/dev --exclude=/proc --exclude=/sys --exclude /tmp --exclude=/mnt/${sdx}2 / | tar -pxf - --numeric-owner -C /mnt/${sdx}2

#or unpack archive:
#scp root@srv:/path/img.tgz . && tar -pxzf img.tgz --numeric-owner -C /mnt/${sdx}2
#—
#sync:
rsync -az -e ssh --delete $syncfrom $syncto
#local sync:
#rsync -av -e ssh --exclude=/home/* --exclude=/mnt/* --exclude=/proc --exclude=/sys --exclude=/dev / /mnt/${sdx}2/

#—
#chroot:
mkdir /mnt/${sdx}2/dev; mkdir /mnt/${sdx}2/proc; sudo mount --bind /dev/ /mnt/${sdx}2/dev; mount --bind /proc/ /mnt/${sdx}2/proc;
chroot /mnt/${sdx}2 /bin/sh; mount sysfs /sys -t sysfs

#—
grub-install /dev/${sdx};
update-grub2

# /etc/fstab corrections usually required !
ls -l /dev/disk/by-uuid/ | awk {'print $9" "$10$11'}
# [!] change ip address and rename server:
/etc/network/interfaces
/etc/postfix/main.cf
/etc/hostname
/etc/hosts
/etc/mailname
/var/run/motd
#—
# remove previous persistent net rules:
rm /etc/udev/rules.d/70-persistent-net.rules
#—
#unchroot: CTRL+D &&
umount /mnt/${sdx}2/home; umount /mnt/${sdx}2/var; umount /mnt/${sdx}2/boot; umount /mnt/${sdx}2
# shutdown -fr now

update: Debian 4 etch -> 5 lenny

http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.ru.html

0.
It is reccomended to mount disks by UUID.
Several ways to get UUID info.
$ ls -l /dev/disk/by-uuid
more trustworthy info:
$ blkid /dev/sda6
output example:
/dev/sda6: UUID="bdddb5e7-04d0-4ae1-86be-aef5ade3b6a6" SEC_TYPE="ext2" TYPE="ext3"
Edit /boot/grub/menu.lst:
# kopt=root=/dev/hda6 ro
should be changed to:
# kopt=root=UUID=bdddb5e7-04d0-4ae1-86be-aef5ade3b6a6 ro
update-grub
Edit /etc/fstab. Example:
/dev/hda6 / ext3 defaults,errors=remount-ro 0 1
should be changed to:
UUID=bdddb5e7-04d0-4ae1-86be-aef5ade3b6a6 / ext3 defaults,errors=remount-ro 0 1

Do not forget about possibility of nic rename by udev.
/etc/udev/rules.d/70_persistent-net.rules

1. Create backup:
tar -vcpzf /home/backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/home --exclude=/mnt --exclude=/sys --exclude /var/cache/apt/archives /

2.
Make sure etch is updated.
Check for unfinished business: aptitude, g.
Check: /etc/apt/preferences/.
dpkg --audit
aptitude search "~ahold" | grep "^.h"
dpkg --get-selections | grep hold

edit /etc/apt/sources.list:
deb http://mirror.yandex.ru/debian/ lenny main
deb-src http://mirror.yandex.ru/debian/ lenny main
deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main
deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

3.
script -t 2>~/upgrade-lenny.time -a ~/upgrade-lenny.script
aptitude update
aptitude -y -s -f --with-recommends dist-upgrade
aptitude install aptitude apt dpkg
aptitude search "?false"

optional step, specific for webhosting server:
aptitude install proftpd nginx
aptitude install postfix
aptitude install apache2 apache2-mpm-prefork apache2.2-common apache2-suexec-custom
update custom suexec
copy new cgi: php5.2.latest and php5.3.latest

aptitude safe-upgrade
aptitude dist-upgrade
dpkg -l "linux-image*" | grep ^ii

4.
Rebuild perl modules
cpan

find UTF-8 files with BOM (remove BOM)

http://stackoverflow.com/questions/204765/elegant-way-to-search-for-utf-8-files-with-bom

find -type f|while read file;do [ "`head -c3 -- "$file"`" == $'xefxbbxbf' ] && echo "found BOM in: $file";done
grep -orHbm1 "^`echo -ne 'xefxbbxbf'`" . | sed '/:0:/!d;s/:0:.*//'

most efficient way:
find . -type f -print0 | xargs -0r awk '/^xEFxBBxBF/ {print FILENAME} {nextfile}'

find and remove BOM:
find . -type f -exec sed -i 's/^xEFxBBxBF//' {} ;

just remove BOM:
tail –bytes=+4 text.txt