Scan wireless networks. Use iwlist utility to scan wireless networks. $ sudo iwlist wlan0 scanning wlan0 Scan completed : Cell 01 - Address: 00:78:CD:91:BA:30 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=70/70 Signal level=-20 dBm Encryption key:on ESSID:"Searching..." Bit R … | Continue reading
Create an exception for a regular user to access service socket using systemd. I will use HAProxy to show the standard group based technique and the systemd/ACLs approach. Prerequisites Create a dedicated user and group that will be used in this example. $ sudo groupadd --gid 200 … | Continue reading
Control Power Profiles daemon using a dedicated powerprofilesctl command-line utility. Permanently change the power profile Display version of the Power Profiles command-line utility. $ powerprofilesctl version 0.10.1 Display active power profile. $ powerprofilesctl get performan … | Continue reading
Secure Consul communication. Generate encryption key Generate encryption key that will be used to encrypt gossip protocol. $ consul keygen wZHOCKakzCeAesu7HK07tqmc3PwJojN/jNfbXEDqplI= Generate certificates Create ssl directory. $ sudo install --directory --group consul --owner co … | Continue reading
Determine maximum memory capacity. Use a dmidecode utility to decode SMBIOS table contents related to the memory and display using a human-readable format. $ sudo dmidecode --type memory # dmidecode 3.2 Getting SMBIOS data from sysfs. SMBIOS 2.7 present. Handle 0x003E, DMI type 1 … | Continue reading
Display hardware information. Commands described here demonstrate how to list hardware, PCI/USB/block devices, and DMI table. List hardware List hardware paths including numeric IDs. $ sudo lshw -short -numeric H/W path Device Class Description =================================== … | Continue reading
Enable panic mode to immediately drop incoming and outgoing packets using Dynamic Firewall Manager. Query panic mode. $ sudo firewall-cmd --query-panic no $ echo $? 1 Enable panic mode. $ sudo firewall-cmd --panic-on success Query panic mode. $ sudo firewall-cmd --query-panic yes … | Continue reading
Use go-sockaddr template to define IP address inside Consul configuration. Play with go-sockaddr Install the Go programming language. $ sudo apt install golang-go Install go-sockaddr. $ go install github.com/hashicorp/go-sockaddr/cmd/sockaddr@latest go: downloading github.com/has … | Continue reading
Install and configure Consul. Firewall configuration Install a dynamically managed firewall daemon. $ sudo apt install firewalld List network interfaces. $ ip --brief address lo UNKNOWN 127.0.0.1/8 ::1/128 ens18 UP 172.16.151.111/21 metric 100 fe80::5cf7:3aff:fe6a:b34e/64 Add net … | Continue reading
Forward port (IPv4 only) using Dynamic Firewall Manager. Let’s assume that we want to forward port on external interface to an address inside internal network. $ sudo firewall-cmd --get-active-zones external interfaces: eth0 internal interfaces: eth1 Forward forward port 8080 on … | Continue reading
Configure persistent DNS resolver using systemd resolver or name server information handler. systemd resolver Inspect status of systemd-resolved service. $ systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/ … | Continue reading
Manage wireless Logitech devices using command-line. Solaar a device manager for Logitech wireless devices is already installed on Ubuntu desktop system. Display usage information. $ solaar --help usage: solaar [-h] [-d] [-D PATH] [--restart-on-wake-up] [-w {show,hide,only}] [-b … | Continue reading
Permanently disable DPMS (Display Power Management Signaling) using Xorg. Display current settings. $ xset q Keyboard Control: auto repeat: on key click percent: 0 LED mask: 00000002 XKB indicators: 00: Caps Lock: off 01: Num Lock: on 02: Scroll Lock: off 03: Compose: off 04: Kan … | Continue reading
Use Dynamic Firewall Manager to configure a basic zone-based firewall. From my point of view, this is the best possible solution as you can use it to reliably configure multiple Linux operating systems regardless of the family and automate it using Ansible or any other configurat … | Continue reading
Create a software watchdog for systemd service. I will create a software watchdog for Redis service, by looking at the Redis socket file and restart the container if it goes missing. Install Python bindings for systemd to get logging functionality. $ sudo apt install python3-syst … | Continue reading
Read sysexits FreeBSD manual page to learn how to use consistent exit codes in shell scripts. SYSEXITS(3) FreeBSD Library Functions Manual SYSEXITS(3) NAME sysexits -- preferable exit codes for programs SYNOPSIS #include DESCRIPTION According to style(9), it is not a good practi … | Continue reading
Prevent updating VirtualBox Guest Additions on the guest system when using Vagrant. Create sample Vagrantfile. $ cat Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "debian/bullseye64" config.vm.network "private_network", ip: "1.2.3.4" config.vm.provider :virtualbo … | Continue reading
Automatically update docker containers whenever new image is released using watchtower. This is a great solution, especially when you are using portainer for container management (continuous mode) or jenkins (run-once mode). I will focus on the latter solution. Display help infor … | Continue reading
Determine fastest server using the Internet Control Message Protocol (ICMP). Install netselect utility. $ sudo apt install netselect Display available parameters, please read manual page for details. $ netselect Usage: netselect [-v|-vv|-vvv] [-I] [-m max_ttl] [-s servers] [-t mi … | Continue reading
Parse Trello export JSON file using Python script to create Markdown files and import these into Joplin an open-source note-taking app. Create a simple Python script to parse Trello export file. #/usr/bin/env python3 # Read Trello JSON file to export data into text files # import … | Continue reading
Define key expiration time in OpenSSH authentication agent. Do not worry as you will be not disconnected from any active SSH session after the identity is removed from an agent. Just note, that by default the key will be kept indefinitely. Use -t parameter to define key lifetime … | Continue reading
Display weather forecast inside terminal using wego application. At first go to OpenWeather to create an account and get an API key. Free plan allows 60 calls per minute and 1,000,000 calls per month. These numbers are more than enough for personal use which is great. Install weg … | Continue reading
Define ticket lifetime and renewable time when using MIT Kerberos. Inspect initial configuration Inspect initial Kerberos KDC configuration. $ sudo cat /etc/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 750,88 [realms] OCTOCAT.LAB = { database_name = /var/lib/krb5kdc/principal admin … | Continue reading
Compare files in a human-friendly way using an experimental difftastic utility. This utility is built using Rust, so I will use rustup snap. $ snap info rustup name: rustup summary: "EXPERIMENTAL: The Rust Language installer" publisher: Daniel Silverstone (dsilvers) store-url: ht … | Continue reading
Install guest tools inside XCP-ng VM for better performance and various features. Mount guest tools ISO which is available by default on the host operating system. $ sudo mount /dev/cdrom mount: /media/cdrom0: WARNING: source write-protected, mounted read-only. Determine the dire … | Continue reading
Flush buffers on a specific device using blockdev utility. Call block device ioctls from the command line to flush buffers on a specific device. $ sudo blockdev -v --flushbufs /dev/nvme0n1 flush buffers succeeded. Simple as that. | Continue reading
Increase the limit of the mmap counts for Elasticsearch docker. Bootstrap checks failed due to max virtual memory areas vm.max_map_count [65530] is too low is a common issue. $ sudo docker run --rm --name elasticsearch docker.elastic.co/elasticsearch/elasticsearch:8.2.3 {"@timest … | Continue reading
Alter date format when listing cached Kerberos tickets. Sometimes it is hard to read ticket information when it is displayed using US date format and you live in Europe (month/day/year versus day/month/year issue). $ klist Ticket cache: FILE:/tmp/krb5cc_10000_ycdwd4 Default princ … | Continue reading
Disable IPv6 on Raspberry Pi 4. The first solution uses runtime kernel parameters, second and third one disables ipv6 module using two equivalent methods. Take advantage of system parameters Inspect current IPv4/IPv6 addresses. $ ip -br a lo UNKNOWN 127.0.0.1/8 ::1/128 eth0 UP 17 … | Continue reading
Determine session type (X11, Wayland). Directly determine session type using $XDG_SESSION_TYPE environment variable. $ echo $XDG_SESSION_TYPE wayland Determine session type using systemd login manager. $ loginctl list-sessions SESSION UID USER SEAT TTY 2 1000 milosz seat0 tty2 1 … | Continue reading
Configure HashiCorp repository. Download repository key. $ wget --quiet --output-document - https://apt.releases.hashicorp.com/gpg | \ sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/hashicorp-archive-keyring.gpg --import gpg: keyring '/usr/share/keyrings/h … | Continue reading
Reload network configuration on Debian Bullseye. Display operating system details. $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye Install ifupdown2 package which is a ifupdown re-wri … | Continue reading
Create and configure Virtual eXtensible Local Area Network interfaces. Operating system version. $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye Kernel version. $ uname -a Linux vxlan … | Continue reading
Instruct dnf to skip confirmation dialog and assume yes for every question. Ad hoc solution By default you need to confirm every add/remove operation. $ sudo dnf install which Last metadata expiration check: 0:00:04 ago on Sun Apr 10 11:05:15 2022. Dependencies resolved. ======== … | Continue reading
Ensure that every Ubuntu virtual machine get its own IP address. The issue I am using multiple Ubuntu virtual machines inside Proxmox environment, so I experienced an unexpected issue with DHCP server as these machines get the same IP address. dhcpd$ tail -f /var/log/dhcpd.log [. … | Continue reading
Automatically rollover Elasticsearch index using by time. Elasticsearch version. $ curl --insecure --user elastic:secret "https://172.17.0.4:9200/" { "name" : "a67038f591a0", "cluster_name" : "docker-cluster", "cluster_uuid" : "8A6Tz4hNTWu0o_QwGmOnqg", "version" : { "number" : "8 … | Continue reading
Install the most recent kernel using experimental Debian distribution to see what is coming up. Operating system version. $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye Kernel versio … | Continue reading
Automatically use jump proxy when initiating SSH connection from an external network. Two years ago I have described how to match network inside SSH client configuration. Today, I will extend this technique to match specific network and perform DNS query to determine if a jump pr … | Continue reading
Display systemd journal for specific service since it started. Get current invocation id (a unique 128-bit ID identifying each runtime cycle of the unit) for specific service. $ systemctl show -p InvocationID --value ssh 6a480c9650314ca9aa0f7a631c4f4269 Use invocation id to displ … | Continue reading
Display CPU information. Display CPU information. $ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 39 bits physical, 48 bits virtual CPU(s): 8 On-line CPU(s) list: 0-7 Thread(s) per core: 2 Core(s) per socket: 4 Socket(s): 1 NUM … | Continue reading
Follow data appended to a file using one of the two possible approaches. Follow the file descriptor This is the default behavior. The tail process will follow the file descriptor instead of the name. $ tail /var/log/application.log | | $ echo "[$(date +"%d.%m.%y %H:%M")] log entr … | Continue reading
Configure multiple IPv4 addresses on Raspberry Pi device. By default Raspberry Pi OS is using a DHCP client service to get dynamic IP addresses. I will use systemd network configuration to define multiple IP addresses on an Ethernet device. Configure a DHCP client to ignore Ether … | Continue reading
Determine when the service was started and stopped using the systemd journal. Notice, I am using the GNU Project’s implementation of the AWK programming language. $ sudo journalctl --unit rsyslog -o export --output-fields=INVOCATION_ID | gawk ' BEGIN { RS = "\n\n" FS = "\n" True … | Continue reading
Display when the operating system was booted and calculate uptime using the systemd journal. Notice, I am using the GNU Project’s implementation of the AWK programming language. $ journalctl -o export | gawk ' BEGIN { RS = "\n\n" FS = "\n" True = 1 False = 0 monotonic_timestamp = … | Continue reading
Read QR Code from an image. Install ZBAR utility for scanning and decoding bar codes from various sources. $ sudo apt install zbar-tools Inspect available options. $ zbarimg --help usage: zbarimg [options] ... scan and decode bar codes from one or more image files options: -h, -- … | Continue reading
Generate QR code to access the Wi-Fi network. Introduction At first read about Wi-Fi Network config (Android, iOS 11+) format. The format is pretty simple, the connection string for HomeNetwork with HomePassword password will look like this. WIFI:T:WPA;S:HomeNetwork;P:HomePasswor … | Continue reading
How to provide custom TXT records in class 3 (CHAOS) using BIND9. Introduction Query for a TXT resource record in class 3 (CHAOS) for the domain name hostname.bind or any other version.bind, authors.bind, and id.server. $ dig chaos txt hostname.bind @10.10.1.18 +short "voyager.oc … | Continue reading
Renew Kerberos ticket. List cached Kerberos tickets. $ klist Ticket cache: KEYRING:persistent:10000:krb_ccache_Nv2FjQZ Default principal: octo@OCTOCAT.LAB Valid starting Expires Service principal 10/03/2021 18:06:02 10/04/2021 04:06:02 krbtgt/OCTOCAT.LAB@OCTOCAT.LAB renew until 1 … | Continue reading