https://github.com/KuzinAndrey/


Password generator

$ dd if=/dev/urandom count=1 status=none | base64 | tr "+/=" "123"

L2Yz1Zk5Ubd8qmVdHx0aTuIqPOoammUsFiIUNfpKUDu2jw8NSml8TDEDUCNrsSfMPz7C5BSwpNMP
pbrP7PMoIB2Fg25H65wUAYSSuY2jp4gv0peEhSpBVtAJ4Bhl0LWImCWMpvtdfc1L4tOobMFHWSVf
QjG27xl0ty85A0QOzBbn7EBQFhnffo2E5l0ChHRH54vkV7oJS2K18AwgthVjtolzAWkpZh9S9x2q
UvhQxwE6MJH1m9ZXChntEOVNgU6QT7DPee0tg8IyBbhWZ20ep6VhfU2snn5ncMc5eNlWx6unBMBY
IooAqEfDZcm2PtEvCdl3Uy8df81viVRSFDOMuxAn9yi62Nr1qW0yEDndOx5p1tOUCKniIortJ2ty
bt6IKIRjqUDkUNIfDzpPs8rLeNR2XtxlrZaYX1DRhQxjMQxBclx0MLtPAcUhVtRxChUTzSLaqaUf
IjKUA8SAcvVwaASLrr3dbQZM5jfSxRUj3QfmhPxDsePKB1XkgIFEVZQg40PjOe3222F2tJV6jw5A
A96ZCT7t2aJZn6mWW1zy1omFLjWOLlfGi6YtyDgM1xAnDHVEbuVmI3pvyYZOJ5u75XW3M4T0Dk5f
ufwFd7eT41RVVbqx6IxPf1Zh82Z5nAXMbQAVwKLb3gUq9e2WIf18rklh5C1YCuFKd4Vl5v602Z03


UUID generator

$ for I in `seq 1 5`; do cat /proc/sys/kernel/random/uuid; done

48e54b8e-65bc-448c-80a3-2d3ba441da15
75b21c82-cf65-46b3-a25e-0ea8c416d4fb
daf05fd1-dfa3-418d-971c-3dda1b940d2c
7c8f9e55-af20-4f66-9027-0a2accd7f3ea
907d6b48-aff0-4558-97db-a923eec91d32


DNS flush

Windows DNS cache [^]:
$ ipconfig /flushdns
BIND named cache flush [^]:
$ rndc flush
Systemd resolve flush cache [^]:
$ sudo systemd-resolve --flush-caches
$ sudo resolvectl flush-caches

Journalctl useful

Log output examples [^]:
$ journalctl --since "2023-08-25 01:00:00" --until "2023-08-25 07:00:00"
Clean journalctl [^]:
$ journalctl --flush && journalctl --rotate && journalctl --vacuum-time=1s
Watch realtime journalctl [^]:
$ journalctl --follow

NGINX useful

Nginx reload config [^]:
$ nginx -t && nginx -s reload
Disable logging for IP [^]:
map $remote_addr $disable_local_ip_log {
	"192.168.0.24" 0;
	"192.168.5.3" 0;
	default 1;
}

log_format main '$remote_addr - $server_name:$server_port - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main if=$disable_local_ip_log;
Add Nginx REPO in RHEL [^]:
( cat > /etc/yum.repos.d/nginx.repo ) << \EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/rhel/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

Iptables useful

Iptables script template [^]:
#!/bin/sh

IPT="/bin/iptables"
[ ! -x $IPT ] && IPT="/usr/bin/iptables"
[ ! -x $IPT ] && IPT="/sbin/iptables"
[ ! -x $IPT ] && IPT="/usr/sbin/iptables"
[ ! -x $IPT ] && echo "ERROR iptables not found" && exit 2

#IPT="echo $IPT" # <- uncomment this for debug echo

IP_LIST="
192.168.3.34
10.168.1.24
127.0.0.1
"
PORT_LIST="
22
3306
5900:5950
"
firewall_start() {
	$IPT -N ADMIN
	for IP in $IP_LIST ; do
		$IPT -A ADMIN -s $IP -j ACCEPT
	done
#	$IPT -A ADMIN --p tcp --syn -j LOG --log-level error --log-prefix="Admin connect attempt: "
	$IPT -A ADMIN -j REJECT
	for PORT in $PORT_LIST ; do
		$IPT -I INPUT -p tcp --dport $PORT -j ADMIN
	done
}
firewall_stop() {
	for PORT in $PORT_LIST ; do
		$IPT -D INPUT -p tcp --dport $PORT -j ADMIN
	done
	$IPT -F ADMIN && $IPT -X ADMIN
}
case "$1" in
	'start') firewall_start ;;
	'stop') firewall_stop ;;
	'restart') firewall_stop && firewall_start ;;
	*) echo "Usage: $0 start|stop|restart"
esac
Faster INPUT chain [^]:
$ iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Block IP range in INPUT chain [^]:
$ iptables -I INPUT -m iprange --src-range 10.168.1.100-10.168.1.199 -j DROP

MySQL / MariaDB useful

Master server full replication copy script [^]:
#!/bin/sh

DATE=`date +%FT%T`
MYSQL_HOST="10.10.10.1"
MYSQL_USER="dumper"
MYSQL_PASS="123456"

mysqldump --host=$MYSQL_HOST --user=$MYSQL_USER --password=$MYSQL_PASS \
	--all-databases --master-data --gtid -v > mysql-$DATE.sql

mysql -e "stop slave"
mysql < mysql-$DATE.sql
mysql -e "start slave"
mysql -e "set global read_only='ON'"
Change unknown root password [^]:
Run server with options:
/usr/sbin/mysqld --skip-grant-tables --skip-networking

MariaDB:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
or
UPDATE mysql.user SET authentication_string = '' WHERE user = 'root';
UPDATE mysql.user SET plugin = '' WHERE user = 'root';

MySQL:
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';
Create/Drop database and user script [^]:

#!/bin/sh

DB="db1"
USER="user1"
PASS="123456"
ALLOW_HOST="localhost"
## allow for all
#ALLOW_HOST="%"
## allow with mask
#ALLOW_HOST="192.168.16.%"
#ALLOW_HOST="192.168.16.0/255.255.255.0"
#ALLOW_HOST="%.domain.net"

ACTION="create"
#ACTION="drop"

if [ "$ACTION" = "create" ]; then
mysql << EOF
	CREATE DATABASE $DB;
	CREATE USER '$USER'@'$ALLOW_HOST' IDENTIFIED BY '$PASS';
	GRANT
		SELECT -- read
		,INSERT,UPDATE,DELETE -- write
		-- ,CREATE,DROP,ALTER,INDEX -- create/drop table/index
		-- ,CREATE TEMPORARY TABLES,LOCK TABLES -- addon
		-- ,REPLICATION SLAVE, REPLICATION CLIENT -- replication
	ON $DB.* TO '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
EOF
elif [ "$ACTION" = "drop" ]; then
mysql << EOF
	REVOKE ALL PRIVILEGES ON $DB.* FROM '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
	DROP DATABASE $DB;
EOF
fi
Check MySQL slave replication [^]:
# mysql -e "show slave status\G" | grep -E "(Behind|SQL|IO|Gtid)"

MariaDB 10.6.8:
===============
                Slave_IO_State: Waiting for master to send event
              Slave_IO_Running: Yes
             Slave_SQL_Running: Yes
         Seconds_Behind_Master: 0
                 Last_IO_Errno: 0
                 Last_IO_Error: 
                Last_SQL_Errno: 0
                Last_SQL_Error: 
                    Using_Gtid: Slave_Pos
                   Gtid_IO_Pos: 0-6-69603391
                     SQL_Delay: 0
           SQL_Remaining_Delay: NULL
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates


MySQL 5.7.31:
==============
               Slave_IO_State: Waiting for master to send event
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
        Seconds_Behind_Master: 0
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
           Retrieved_Gtid_Set: 971b429d-d0ac-11ea-a304-005056011c90:1-7
            Executed_Gtid_Set: 227d4927-ca70-11ea-a635-005056013673:1-948213,

Convert tables from MyISAM to InnoDB [^]:
#!/bin/sh

DB="dbname"
TABLES=`mysql -B -N -e " \
select \
    concat(table_schema,'.',table_name) \
from \
    information_schema.tables \
where \
    table_schema='$DB' and engine='MyISAM'"`
for T in $TABLES; do
	printf "Table $T"
	mysql -e "alter table $T engine=InnoDB"
	if [ $? == 0 ]; then
		echo ": OK"
	else
		echo ": Fail" && exit
	fi
done
Storage engines usage for MySQL server [^]:
SELECT ENGINE, count(*) as num_of_tables,
concat(round(sum(TABLE_ROWS)/1000000,2),'M') as total_rows,
concat(round(sum(DATA_LENGTH)/(1024*1024*1024),2),'G') as data_size,
concat(round(sum(INDEX_LENGTH)/(1024*1024*1024),2),'G') as index_size,
concat(round(sum(DATA_LENGTH+INDEX_LENGTH)/(1024*1024*1024),2),'G') as total_size,
round(sum(INDEX_LENGTH)/sum(DATA_LENGTH),2) as idx_to_data_fraction
FROM information_schema.TABLES
WHERE TABLE_SCHEMA NOT IN ('mysql','performance_schema','information_schema')
GROUP BY ENGINE
ORDER BY sum(DATA_LENGTH+INDEX_LENGTH) DESC LIMIT 10;

+--------+---------------+------------+-----------+------------+------------+----------------------+
| ENGINE | num_of_tables | total_rows | data_size | index_size | total_size | idx_to_data_fraction |
+--------+---------------+------------+-----------+------------+------------+----------------------+
| InnoDB |           100 | 4.45M      | 1.77G     | 0.19G      | 1.96G      |                 0.11 |
| MEMORY |            34 | 0.00M      | 0.00G     | 0.00G      | 0.00G      |                 0.42 |
+--------+---------------+------------+-----------+------------+------------+----------------------+
2 rows in set (0.002 sec)


Irrecoverable server destruction

Clean commands for VPS/VDS server before stop leasing [^]:
CLEANDIR="
/var/lib/mysql
/var/www
/root
/etc
"
for D in $CLEANDIR; do
	find $D -type f -print -exec shred -u {} \;
done

# For RAID
dd if=/dev/zero of=/dev/md0& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

# For single HDD
dd if=/dev/zero of=/dev/sda& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

dd if=/dev/zero of=/dev/sda bs=1M status=progress

Tcpdump useful

DHCP traffic show [^]:
tcpdump -i eth0 port 67 or port 68 -e -n -vv

Zabbix Monitoring

Clean PostgreSQL TimescaleDB chunks from old data [^]:
#!/bin/bash

DT=$(date +%s)
TIMERETENTION=$((7*24*60*60))
DELDT=$(($DT - $TIMERETENTION))

date
echo "$DT - $TIMERETENTION = $DELDT"

DBLIST=$(sudo -Hiu postgres psql -d zabbix -Atc "select hypertable_name from timescaledb_information.hypertables;")

for DB in $DBLIST ; do
        sudo -Hiu postgres psql -d zabbix -Atc "select drop_chunks('$DB', $DELDT);"
done

sudo -Hiu postgres psql -d zabbix -Atc "vacuum;"

PowerDNS

Add new domain zone [^]:
ZONE="example.com"
pdnsutil create-zone $ZONE
pdnsutil set-meta $ZONE NOTIFY-DNSUPDATE 1
pdnsutil set-meta $ZONE SOA-EDIT-DNSUPDATE INCREASE
pdnsutil set-meta $ZONE SOA-EDIT-API INCREASE
pdnsutil add-record $ZONE @ NS ns1.$ZONE
pdnsutil add-record $ZONE @ NS ns2.$ZONE
pdnsutil add-record $ZONE ns1 A XXX.XXX.XXX.XXX
pdnsutil add-record $ZONE ns2 A YYY.YYY.YYY.YYY
pdnsutil add-record $ZONE www A ZZZ.ZZZ.ZZZ.ZZZ
Remove domain zone [^]:
ZONE="example.com"
pdnsutil delete-zone $ZONE

Some personal data

My Authorized Keys [^]:
mkdir -p ~/.ssh && wget -O - https://kuzinandrey.ru/authorized_keys >> ~/.ssh/authorized_keys