Display Universally Unique Identifiers (UUID) for Linux Software RAID devices. | Continue reading
Alter default SOGo refresh view interval for specific user. | Continue reading
This is a simple reminder that you can use basic system utilities to parse text files, extract, filter and concatenate data. | Continue reading
Display a scheduled Hugo posts using shell-script. | Continue reading
Determine available LXD server resources. | Continue reading
Display IPv4 address without network utilities. Inspect /proc/net/fib_trie which contains routing table entries sorted by prefix length. $ cat /proc/net/fib_trie Main: +-- 0.0.0.0/0 3 0 4 |-- 0.0.0.0 /0 universe UNICAST +-- 127.0.0.0/8 2 0 2 +-- 127.0.0.0/31 1 0 0 |-- 127.0.0.0 / … | Continue reading
Determine when HashiCorp Consul snapshot was created. Inspect snapshot. $ consul snapshot inspect backup.snapshot ID 77479-228462-1660165996971 Size 53121 Index 228462 Term 77479 Version 1 Type Count Size ---- ---- ---- KVS 61 37.7KB Register 9 5.6KB ACLToken 7 2.7KB ACLPolicy 4 … | Continue reading
Reload consul configuration. Use consul utility Trigger reload using consul utility. $ consul reload Configuration reload triggered Use HUP signal Determine consul process ID. $ systemctl show --property MainPID --value consul 33794 Send HUP signal to trigger configuration reload … | Continue reading
Create HasiCorp Consul snapshots for disaster recovery. Create backup snapshot. $ consul snapshot save backup.snapshot Saved and verified snapshot to index 228462 Inspect snapshot. $ file backup.snapshot backup.snapshot: gzip compressed data, original size modulo 2^32 56832 $ con … | Continue reading
Remove disabled snaps which are not longer used. List installed snaps. Notice, some of these are disabled as there are multiple revisions available. $ snap list --all Name Version Rev Tracking Publisher Notes bare 1.0 5 latest/stable canonical* base chromium 98.0.4758.102 1912 la … | Continue reading
Change encryption key used for gossip messages. List current key. $ consul keyring -list ==> Gathering installed encryption keys... WAN: AcHUV+z4kLDJiQeVqLAh2sG25SH4K4WYU6oIru29lSM= [3/3] dc-lab-1 (LAN): AcHUV+z4kLDJiQeVqLAh2sG25SH4K4WYU6oIru29lSM= [3/3] Generate new encryption k … | Continue reading
Define a custom number of snap revisions. Since snap 2.34 you can use refresh.retain option to define a number of kept revisions (between 2 and 20). By default it is 3 on Ubuntu Core and 2 on other Ubuntu systems. Inspect initial refresh configuration – noting is defined, so defa … | Continue reading
Create Mastodon maintenance jobs for bare-metal Mastodon installation from source code. Remove downloaded media files. $ cat | Continue reading
Create persistent sysfs configuration using systemd which can replace sysfsutils. Inspect current configuration for volatile and temporary files. $ systemd-tmpfiles --no-pager --cat-config # /usr/lib/tmpfiles.d/00rsyslog.conf # Override systemd's default tmpfiles.d/var.conf to ma … | Continue reading
Install LibreTranslate and configure Mastodon to take advantage of it. This is a minimal viable product for testing alongside Mastodon instance installed from the source code, bare-metal only. See additional notes at the end of this document. Install dependencies. $ sudo apt inst … | Continue reading
Inspect a path during the troubleshooting process. Display help information for the namei utility which is a part of the util-linux package. $ namei --help Usage: namei [options] ... Follow a path until a terminal point is found. Options: -x, --mountpoints show mount point direct … | Continue reading
Inspect current consul metrics. Get the PID of the consul process. $ systemctl show --property MainPID --value consul 31045 Send USR1 signal to the consul process. sudo kill -SIGUSR1 $(systemctl show --property MainPID --value consul) Inspect consul logs for data. $ sudo journalc … | Continue reading
Inspect remote GnuPG signing key. Inspect GitLab package repository signing key which is published using ASCII-armored format. $ curl --location --silent https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey | file --brief --mime - application/pgp-keys; charset=us-ascii $ curl --lo … | Continue reading
How to bypass the OpenSSL security level using curl or openssl utility to access legacy services. Inspect default OpenSSL security level. $ openssl version -f compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-51ig … | Continue reading
Install Guest Agent inside Proxmox virtual machine. List virtual machines. proxmox$ qm list VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID 100 ubuntu-jammy-jellyfish stopped 2048 20.00 0 102 debian-bullseye stopped 2048 20.00 0 3001 consul-1 running 2048 20.00 397130 3002 consul-2 run … | Continue reading
Check the consistency of an EC or RSA private key. Check the consistency of an unencrypted RSA private key. $ openssl rsa -in rsa_key_dec.pem -noout -check RSA key ok Check the consistency of an encrypted RSA private key. $ openssl rsa -in rsa_key_enc.pem -passin pass:keypass -no … | Continue reading
Locate modified systemd unit configuration files. List modified systemd unit configuration files. $ systemd-delta --no-pager --diff=false [OVERRIDDEN] /etc/systemd/system/docker.service → /usr/lib/systemd/system/docker.service [EXTENDED] /etc/systemd/system/docker.service → /etc/ … | Continue reading
Enumerate vault root tokens. Use JSON output format to locate root tokens. $ vault list -format json auth/token/accessors | \ jq --raw-output ".[]" | \ xargs -I{} vault token lookup -format json -accessor {} | \ jq --raw-output 'select(.data.path=="auth/token/root") | .data.acces … | Continue reading
Ensure that HAProxy keep up with Docker name resolution. HAProxy works great as a docker container. $ docker exec haproxy cat /usr/local/etc/haproxy/haproxy.cfg global stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners log stdout fo … | Continue reading
Use ddcutil to manage monitor using DDC/CI protocol. Installation Use openSUSE Build Service to download ddcutil package. Download package sing terminal. $ wget https://download.opensuse.org/repositories/home:/rockowitz/xUbuntu_21.10/amd64/ddcutil_1.2.2-1_amd64.deb Inspect downlo … | Continue reading
Manage command history using text-based user interface. Inspect hstr application. $ sudo apt info hstr Package: hstr Version: 2.3+ds-1 Priority: optional Section: utils Maintainer: Daniel Echeverri Installed-Size: 74.8 kB Depends: libc6 (>= 2.29), libncursesw6 (>= 6), libreadline … | Continue reading
Load kernel modules at boot. Create a dedicated drop-in module definition file inside /etc/modules-load.d/ directory. $ cat | Continue reading
Determine when package index was updated. Ubuntu is using a timestamp file to mark an successfull package index update. $ cat /etc/apt/apt.conf.d/15update-stamp APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; Inspect cur … | Continue reading
Determine when systemd service was started. Basic operations The easiest way to determine when service was started is to display service status. $ systemctl status unbound ● unbound.service - Unbound DNS server Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor … | Continue reading
Check memory subsystem from user space. Inspect available memory. $ free -h total used free shared buff/cache available Mem: 31Gi 29Gi 822Mi 1.0Mi 402Mi 841Mi Swap: 2.0Gi 487Mi 1.5Gi Inspect memtester package. $ apt info memtester Package: memtester Version: 4.5.0-1 Priority: opt … | Continue reading
Execute non-executable binary. Inspect Python version. $ python3 --version Python 3.10.6 Inspect mounted filesystem that does not permit direct execution of any binaries. $ mount /dev/sdb1 on /opt/files type ext4 (rw,nosuid,nodev,noexec,relatime,errors=remount-ro) Try to execute … | Continue reading
Install and configure HashiCorp Vault agent. Install Consul application Create consul cluster, configure encryption and access control lists. Create and configure vault application. Create a secret Login into the vault. $ vault login Token (will be hidden): Success! You are now a … | Continue reading
Inspect consul configuration using command-line utilities. Display debugging information. $ consul info agent: check_monitors = 0 check_ttls = 0 checks = 0 services = 0 build: prerelease = revision = 19041f20 version = 1.12.2 version_metadata = consul: acl = enabled bootstrap = f … | Continue reading
Install and configure chrony NTP server. Inspect chrony package. $ apt info chrony Package: chrony Version: 4.0-8 Priority: optional Section: net Maintainer: Vincent Blut Installed-Size: 644 kB Provides: time-daemon Pre-Depends: init-system-helpers (>= 1.54~) Depends: adduser, ip … | Continue reading
Inspect dnf configuration. Prerequisites Install config-manager for dnf. $ sudo dnf install 'dnf-command(config-manager)' Display help information. $ dnf config-manager --help usage: dnf config-manager [-c [config file]] [-q] [-v] [--version] [--installroot [path]] [--nodocs] [-- … | Continue reading
Copy Proxmox virtual machine to another server. List virtual machines. basilisk:~$ qm list VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID 10001 ubuntu-jammy-jellyfish running 2048 20.00 714306 qm info 1 Display virtual machine configuration. basilisk:~$ qm config 10001 boot: order=scs … | Continue reading
Configure OpenSSH server to use legacy public key algorithm to authenticate itself to an SSH client. Operating system version. $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04 LTS Release: 22.04 Codename: jammy SSHD package version. … | Continue reading
Install and configure HashiCorp Vault. Install Consul application Create consul cluster, configure encryption and access control lists. Create access control lists and tokens Define policy for Vault application. $ tee vault-app-policy.hcl | Continue reading
Display active but disabled systemd services. Use the following script to display active but disabled services. $ while read -r line; do unit=$(echo $line | awk '{print $1}') if [ "$(systemctl is-enabled $unit 2>/dev/null)" == "disabled" ]; then echo "Service $unit is active but … | Continue reading
Inspect vault configuration to troubleshoot potential problems. Use diagnose subcommand from operator command group to analyze current configuration. $ sudo -u vault vault operator diagnose -config /etc/vault.d/vault.hcl Vault v1.11.0 (ea296ccf58507b25051bc0597379c467046eb2f1), b … | Continue reading
Instruct consul to disable automatic checking for updates. I am using Consul inside an isolated network, so it cannot connect to the world. $ journalctl -u consul -f [...] Jul 17 18:55:15 jammy consul[3363]: 2022-07-17T18:55:15.044Z [ERROR] agent: Failed to check for updates: err … | Continue reading
Configure Unbound DNS validating resolver. Determine device address. $ ip --brief address show eth0 eth0 UP 172.16.151.254/21 Update package index. $ apt update Upgrade packages. $ apt upgrade Install Dynamic Firewall Manager. $ sudo apt install firewalld Inspect initial setting … | Continue reading
Lookup specific element in Ansible dictionary or list of these. Sample playbook to look for elements from elements_to_look_for in first_variable, second_variable and third_variable. $ cat playbook.yml --- - hosts: localhost vars: elements_to_look_for: - alpha - beta - gamma - del … | Continue reading
Display the name of the wireless network you are connected to. iwgetid Use iwgetid utility to display currently connected wireless network. $ iwgetid wlan0 ESSID:"Searching..." Display the name of the wireless network you are connected to using specific wireless device. $ iwgetid … | Continue reading
Configure Consul Access Control Lists. Inspect current server configuration. $ sudo -u consul cat /etc/consul.d/consul.hcl # datacenter datacenter = "dc-lab-1" # data directory data_dir = "/opt/consul" # server mode server = true # bind address bind_addr = "0.0.0.0" # single-node … | Continue reading
Parse and filter dpkg database to display selected fields or other specific information. Install Gawk script to parse dpkg databases. $ sudo apt install dpkg-awk Display package information. $ dpkg-awk "package:^vim$" Package: vim Status: install ok installed Priority: optional S … | Continue reading
Configure cursor size using command-line on Ubuntu 22 Jammy Jellyfish. You can configure cursor size using GNOME control center. Get current cursor size using GSettings configuration tool. $ gsettings get org.gnome.desktop.interface cursor-size 32 Set cursor size using command-li … | Continue reading
Block IP address using Dynamic Firewall Manager. Use drop zone to block a network subnet. $ sudo firewall-cmd --zone=drop --add-source=192.168.0.0/16 success Use drop zone to block multiple IP addresses. $ sudo firewall-cmd --zone=drop --add-source=172.16.0.2 --add-source=172.16. … | Continue reading