Password generator

$ dd if=/dev/urandom count=1 status=none | base64 | tr "+/=" "123"

xWj8Soo0IT382OWqO7KiRWuiHsdLK3PstIvx4eL5t9IpMVc7UakigFpwGWzEq12vGipKlesgqMA9
LkygMSxgbd20rsb2zJgsw5QCU7lGSvWB5ExYyhcfilnYAZJ0QPtO2GejmEbkAa21HCMSg2FWT6GI
q3Y5hIamnv1HPZUigRaNCHIm1SFpoWACNhbxL2YwtqaVySEJlHqOIb8RjVZMXAptgF2WYftPF1UN
IB5frtFb9oZvd1IOWl0Bwb9I6s1i0Zz2P17S1sElJIR2hU2uE6N2TpravAdqERCO574ANkMhdNvb
d4NGV2clyJUOaSO2SGG1U7IUfVQiF5Unb4xilc2eG5FRp2lpM2nZ1kIKU5PdRX1jQ9Nq5nDFJM3F
xNo1EiY6mtLaBH0oH0wgmJ1uwfASCUzIF3SX9vrWjSGnrvjv0Ug2dNXNkErmt5MdgQhR0hq6RQ50
C4wgi4p35qJUmWopj0fEK512fqDT1RH61T6D8F4khuuNMYkp5rooVRoGLE9Tejc2j0Fq3v1dFDC2
ZSbzIgsojGLsNAMZicKazbc5EVHUswVUzJRdfbJ2U1G1xn8q9fK3NWTwBeUUkaoyjMHZ95lPsDhj
jtSoV7X2yHENw6lL7vk0yVko6eEtATR6AZOwKQFRkiXh05Mj0mcG2m1tToT5sDjhyT31u4uATts3

UUID generator

$ for I in `seq 1 5`; do cat /proc/sys/kernel/random/uuid; done

0b926ff8-3ab6-445c-8067-ca0cdcd93711
9a512eb5-d847-4f1d-a162-2e86bcd1dd69
d7ba84ab-299e-44fd-a4ed-cafdda21f06a
3a1dc108-3235-4e7d-a666-b1b2af1a53a0
d6e46583-1381-47d7-b2eb-a333f620c315

DNS flush

Windows DNS cache [^]:: $ ipconfig /flushdns
BIND named cache flush [^]:: $ rndc flush
Systemd resolve flush cache [^]:: $ sudo systemd-resolve --flush-caches
$ sudo resolvectl flush-caches

Journalctl useful

Log output examples [^]:: $ journalctl --since "2023-08-25 01:00:00" --until "2023-08-25 07:00:00"
Clean journalctl [^]:: $ journalctl --flush && journalctl --rotate && journalctl --vacuum-time=1s
Watch realtime journalctl [^]:: $ journalctl --follow

NGINX useful

Nginx reload config [^]:: $ nginx -t && nginx -s reload

Disable logging for IP [^]:

map $remote_addr $disable_local_ip_log {
	"192.168.0.24" 0;
	"192.168.5.3" 0;
	default 1;
}

log_format main '$remote_addr - $server_name:$server_port - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main if=$disable_local_ip_log;

Add Nginx REPO in RHEL [^]:

( cat > /etc/yum.repos.d/nginx.repo ) << \EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/rhel/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

Iptables useful

Iptables script template [^]:

#!/bin/sh

IPT="/bin/iptables"
[ ! -x $IPT ] && IPT="/usr/bin/iptables"
[ ! -x $IPT ] && IPT="/sbin/iptables"
[ ! -x $IPT ] && IPT="/usr/sbin/iptables"
[ ! -x $IPT ] && echo "ERROR iptables not found" && exit 2

#IPT="echo $IPT" # <- uncomment this for debug echo

IP_LIST="
192.168.3.34
10.168.1.24
127.0.0.1
"
PORT_LIST="
22
3306
5900:5950
"
firewall_start() {
	$IPT -N ADMIN
	for IP in $IP_LIST ; do
		$IPT -A ADMIN -s $IP -j ACCEPT
	done
#	$IPT -A ADMIN --p tcp --syn -j LOG --log-level error --log-prefix="Admin connect attempt: "
	$IPT -A ADMIN -j REJECT
	for PORT in $PORT_LIST ; do
		$IPT -I INPUT -p tcp --dport $PORT -j ADMIN
	done
}
firewall_stop() {
	for PORT in $PORT_LIST ; do
		$IPT -D INPUT -p tcp --dport $PORT -j ADMIN
	done
	$IPT -F ADMIN && $IPT -X ADMIN
}
case "$1" in
	'start') firewall_start ;;
	'stop') firewall_stop ;;
	'restart') firewall_stop && firewall_start ;;
	*) echo "Usage: $0 start|stop|restart"
esac

Faster INPUT chain [^]:

$ iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

MySQL / MariaDB useful

Master server full replication copy script [^]:

#!/bin/sh

DATE=`date +%FT%T`
MYSQL_HOST="10.10.10.1"
MYSQL_USER="dumper"
MYSQL_PASS="123456"

mysqldump --host=$MYSQL_HOST --user=$MYSQL_USER --password=$MYSQL_PASS \
	--all-databases --master-data --gtid -v > mysql-$DATE.sql

mysql -e "stop slave"
mysql < mysql-$DATE.sql
mysql -e "start slave"
mysql -e "set global read_only='ON'"

Change unknown root password [^]:

Run server with options:
/usr/sbin/mysqld --skip-grant-tables --skip-networking

MariaDB:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
or
UPDATE mysql.user SET authentication_string = '' WHERE user = 'root';
UPDATE mysql.user SET plugin = '' WHERE user = 'root';

MySQL:
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';

Create/Drop database and user script [^]:


#!/bin/sh

DB="db1"
USER="user1"
PASS="123456"
ALLOW_HOST="localhost"
## allow for all
#ALLOW_HOST="%"
## allow with mask
#ALLOW_HOST="192.168.16.%"
#ALLOW_HOST="192.168.16.0/255.255.255.0"
#ALLOW_HOST="%.domain.net"

ACTION="create"
#ACTION="drop"

if [ "$ACTION" = "create" ]; then
mysql << EOF
	CREATE DATABASE $DB;
	CREATE USER '$USER'@'$ALLOW_HOST' IDENTIFIED BY '$PASS';
	GRANT
		SELECT -- read
		,INSERT,UPDATE,DELETE -- write
		-- ,CREATE,DROP,ALTER,INDEX -- create/drop table/index
		-- ,CREATE TEMPORARY TABLES,LOCK TABLES -- addon
		-- ,REPLICATION SLAVE, REPLICATION CLIENT -- replication
	ON $DB.* TO '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
EOF
elif [ "$ACTION" = "drop" ]; then
mysql << EOF
	REVOKE ALL PRIVILEGES ON $DB.* FROM '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
	DROP DATABASE $DB;
EOF
fi

Check MySQL slave replication [^]:

# mysql -e "show slave status\G" | grep -E "(Behind|SQL|IO|Gtid)"

MariaDB 10.6.8:
===============
                Slave_IO_State: Waiting for master to send event
              Slave_IO_Running: Yes
             Slave_SQL_Running: Yes
         Seconds_Behind_Master: 0
                 Last_IO_Errno: 0
                 Last_IO_Error: 
                Last_SQL_Errno: 0
                Last_SQL_Error: 
                    Using_Gtid: Slave_Pos
                   Gtid_IO_Pos: 0-6-69603391
                     SQL_Delay: 0
           SQL_Remaining_Delay: NULL
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates


MySQL 5.7.31:
==============
               Slave_IO_State: Waiting for master to send event
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
        Seconds_Behind_Master: 0
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
           Retrieved_Gtid_Set: 971b429d-d0ac-11ea-a304-005056011c90:1-7
            Executed_Gtid_Set: 227d4927-ca70-11ea-a635-005056013673:1-948213,

Convert tables from MyISAM to InnoDB [^]:

#!/bin/sh

DB="dbname"
TABLES=`mysql -B -N -e " \
select \
    concat(table_schema,'.',table_name) \
from \
    information_schema.tables \
where \
    table_schema='$DB' and engine='MyISAM'"`
for T in $TABLES; do
	printf "Table $T"
	mysql -e "alter table $T engine=InnoDB"
	if [ $? == 0 ]; then
		echo ": OK"
	else
		echo ": Fail" && exit
	fi
done

Storage engines usage for MySQL server [^]:

SELECT ENGINE, count(*) as num_of_tables,
concat(round(sum(TABLE_ROWS)/1000000,2),'M') as total_rows,
concat(round(sum(DATA_LENGTH)/(1024*1024*1024),2),'G') as data_size,
concat(round(sum(INDEX_LENGTH)/(1024*1024*1024),2),'G') as index_size,
concat(round(sum(DATA_LENGTH+INDEX_LENGTH)/(1024*1024*1024),2),'G') as total_size,
round(sum(INDEX_LENGTH)/sum(DATA_LENGTH),2) as idx_to_data_fraction
FROM information_schema.TABLES
WHERE TABLE_SCHEMA NOT IN ('mysql','performance_schema','information_schema')
GROUP BY ENGINE
ORDER BY sum(DATA_LENGTH+INDEX_LENGTH) DESC LIMIT 10;

+--------+---------------+------------+-----------+------------+------------+----------------------+
| ENGINE | num_of_tables | total_rows | data_size | index_size | total_size | idx_to_data_fraction |
+--------+---------------+------------+-----------+------------+------------+----------------------+
| InnoDB |           100 | 4.45M      | 1.77G     | 0.19G      | 1.96G      |                 0.11 |
| MEMORY |            34 | 0.00M      | 0.00G     | 0.00G      | 0.00G      |                 0.42 |
+--------+---------------+------------+-----------+------------+------------+----------------------+
2 rows in set (0.002 sec)

Irrecoverable server destruction

Clean commands for VPS/VDS server before stop leasing [^]:

CLEANDIR="
/var/lib/mysql
/var/www
/root
/etc
"
for D in $CLEANDIR; do
	find $D -type f -print -exec shred -u {} \;
done

# For RAID
dd if=/dev/zero of=/dev/md0& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

# For single HDD
dd if=/dev/zero of=/dev/sda& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

dd if=/dev/zero of=/dev/sda bs=1M status=progress

Tcpdump useful

DHCP traffic show [^]:

tcpdump -i eth0 port 67 or port 68 -e -n -vv

Zabbix Monitoring

Clean PostgreSQL TimescaleDB chunks from old data [^]:

#!/bin/bash

DT=$(date +%s)
TIMERETENTION=$((7*24*60*60))
DELDT=$(($DT - $TIMERETENTION))

date
echo "$DT - $TIMERETENTION = $DELDT"

DBLIST=$(sudo -Hiu postgres psql -d zabbix -Atc "select hypertable_name from timescaledb_information.hypertables;")

for DB in $DBLIST ; do
        sudo -Hiu postgres psql -d zabbix -Atc "select drop_chunks('$DB', $DELDT);"
done

sudo -Hiu postgres psql -d zabbix -Atc "vacuum;"

Some personal data

My Authorized Keys [^]:

mkdir -p ~/.ssh && wget -O - https://kuzinandrey.ru/authorized_keys >> ~/.ssh/authorized_keys