https://github.com/KuzinAndrey/


Password generator

$ dd if=/dev/urandom count=1 status=none | base64 | tr "+/=" "123"

wDfENBnZ1kqtNBwyAeVd2achukmmmu2a3at0QAV0qyX1sZN2yyq42wiqIDhnZ1y72aYX9ZARff51
b2pGsgvZ355IHXU22kkfusi4a7X7w6jiuWONDTjZvH1kkm3jpqzmWBKI6YPnO7uGkEGJCJr4uYFH
4ZBiqECDKTSnWlbxpzgpOHNnkTNDgXHCs05JvtoX6bKKQcMmzogYZUVz1ildCxdi1WOP3AjqkPo5
I1wDW6xhQbReNhNb4m8uVBdRHAQnVkF5JC30GBfFzi2gWIS2AKnYWFKMIF25Wpj69POMogKFnA1e
E97kD9F1MxvUvt71DKIRm2aU1gWskMgCcIL3AD2cz32HAVAhFt74YHUKwOY1iD25wVDAL6uK1FFN
6yhER1AMkRhbNnQUBUgQA9iIac1LcaPX92k4vayDTxGk0QWnaLvoARhcMECdtEAks127gloUiffE
GAKuQ1ksX48AjcyNGwMSQ0Zj5rgDNFZM5zNTCRn1jv1VZ2Ux61QNPFncP8TaH9zxPRDWXxFx6OtO
4zKgkqL1t23IrQOIEaqlU1Jw2KA46Mfv53cTqEgXBDqwFqfdi5rs72dkRC5Z4Y2F4DiPhxVhaFLg
cgFpniBxMe2m6844lQSE1nyKhJCgH7PtCLvHuhH2fHhtGf8oHWdmAQCqfHj9C3nINhsITjxYl6M3


UUID generator

$ for I in `seq 1 5`; do cat /proc/sys/kernel/random/uuid; done

1bbaa1cd-e86c-451f-8a32-7f39b6dd2c8c
b2019c71-f91f-419a-88c4-a5c9103777aa
e65e32d1-6d00-49ea-9a0a-ed89527a1407
57c7a9f7-1ceb-45b4-8288-578b1a763fc1
f9c0045a-ebb5-44e7-8a23-5607c59ee6df


DNS flush

Windows DNS cache [^]:
$ ipconfig /flushdns
BIND named cache flush [^]:
$ rndc flush
Systemd resolve flush cache [^]:
$ sudo systemd-resolve --flush-caches
$ sudo resolvectl flush-caches

Journalctl useful

Log output examples [^]:
$ journalctl --since "2023-08-25 01:00:00" --until "2023-08-25 07:00:00"
Clean journalctl [^]:
$ journalctl --flush && journalctl --rotate && journalctl --vacuum-time=1s
Watch realtime journalctl [^]:
$ journalctl --follow

NGINX useful

Nginx reload config [^]:
$ nginx -t && nginx -s reload
Disable logging for IP [^]:
map $remote_addr $disable_local_ip_log {
	"192.168.0.24" 0;
	"192.168.5.3" 0;
	default 1;
}

log_format main '$remote_addr - $server_name:$server_port - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main if=$disable_local_ip_log;
Add Nginx REPO in RHEL [^]:
( cat > /etc/yum.repos.d/nginx.repo ) << \EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/rhel/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

Iptables useful

Iptables script template [^]:
#!/bin/sh

IPT="/bin/iptables"
[ ! -x $IPT ] && IPT="/usr/bin/iptables"
[ ! -x $IPT ] && IPT="/sbin/iptables"
[ ! -x $IPT ] && IPT="/usr/sbin/iptables"
[ ! -x $IPT ] && echo "ERROR iptables not found" && exit 2

#IPT="echo $IPT" # <- uncomment this for debug echo

IP_LIST="
192.168.3.34
10.168.1.24
127.0.0.1
"
PORT_LIST="
22
3306
5900:5950
"
firewall_start() {
	$IPT -N ADMIN
	for IP in $IP_LIST ; do
		$IPT -A ADMIN -s $IP -j ACCEPT
	done
#	$IPT -A ADMIN --p tcp --syn -j LOG --log-level error --log-prefix="Admin connect attempt: "
	$IPT -A ADMIN -j REJECT
	for PORT in $PORT_LIST ; do
		$IPT -I INPUT -p tcp --dport $PORT -j ADMIN
	done
}
firewall_stop() {
	for PORT in $PORT_LIST ; do
		$IPT -D INPUT -p tcp --dport $PORT -j ADMIN
	done
	$IPT -F ADMIN && $IPT -X ADMIN
}
case "$1" in
	'start') firewall_start ;;
	'stop') firewall_stop ;;
	'restart') firewall_stop && firewall_start ;;
	*) echo "Usage: $0 start|stop|restart"
esac
Faster INPUT chain [^]:
$ iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Block IP range in INPUT chain [^]:
$ iptables -I INPUT -m iprange --src-range 10.168.1.100-10.168.1.199 -j DROP

MySQL / MariaDB useful

Master server full replication copy script [^]:
#!/bin/sh

DATE=`date +%FT%T`
MYSQL_MASTER_HOST="10.10.10.1"
MYSQL_MASTER_USER="dumper"
MYSQL_MASTER_PASS="123456"

mysqldump --host=$MYSQL_MASTER_HOST --user=$MYSQL_MASTER_USER --password=$MYSQL_MASTER_PASS \
	--verbose --single-transaction --gtid  --master-data \
	--all-databases > mysql-$DATE.sql

mysql -e "stop slave"
mysql < mysql-$DATE.sql
mysql -e "start slave"
mysql -e "set global read_only='ON'"
Change unknown root password [^]:
Run server with options:
/usr/sbin/mysqld --skip-grant-tables --skip-networking

MariaDB:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
or
UPDATE mysql.user SET authentication_string = '' WHERE user = 'root';
UPDATE mysql.user SET plugin = '' WHERE user = 'root';

MySQL:
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';
Create/Drop database and user script [^]:

#!/bin/sh

DB="db1"
USER="user1"
PASS="123456"
ALLOW_HOST="localhost"
## allow for all
#ALLOW_HOST="%"
## allow with mask
#ALLOW_HOST="192.168.16.%"
#ALLOW_HOST="192.168.16.0/255.255.255.0"
#ALLOW_HOST="%.domain.net"

ACTION="create"
#ACTION="drop"

if [ "$ACTION" = "create" ]; then
mysql << EOF
	CREATE DATABASE $DB;
	CREATE USER '$USER'@'$ALLOW_HOST' IDENTIFIED BY '$PASS';
	GRANT
		SELECT -- read
		,INSERT,UPDATE,DELETE -- write
		-- ,CREATE,DROP,ALTER,INDEX -- create/drop table/index
		-- ,CREATE TEMPORARY TABLES,LOCK TABLES -- addon
		-- ,REPLICATION SLAVE, REPLICATION CLIENT -- replication
	ON $DB.* TO '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
EOF
elif [ "$ACTION" = "drop" ]; then
mysql << EOF
	REVOKE ALL PRIVILEGES ON $DB.* FROM '$USER'@'$ALLOW_HOST';
	FLUSH PRIVILEGES;
	DROP DATABASE $DB;
EOF
fi
Check MySQL slave replication [^]:
# mysql -e "show slave status\G" | grep -E "(Behind|SQL|IO|Gtid)"

MariaDB 10.6.8:
===============
                Slave_IO_State: Waiting for master to send event
              Slave_IO_Running: Yes
             Slave_SQL_Running: Yes
         Seconds_Behind_Master: 0
                 Last_IO_Errno: 0
                 Last_IO_Error: 
                Last_SQL_Errno: 0
                Last_SQL_Error: 
                    Using_Gtid: Slave_Pos
                   Gtid_IO_Pos: 0-6-69603391
                     SQL_Delay: 0
           SQL_Remaining_Delay: NULL
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates


MySQL 5.7.31:
==============
               Slave_IO_State: Waiting for master to send event
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
        Seconds_Behind_Master: 0
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
           Retrieved_Gtid_Set: 971b429d-d0ac-11ea-a304-005056011c90:1-7
            Executed_Gtid_Set: 227d4927-ca70-11ea-a635-005056013673:1-948213,

Convert tables from MyISAM to InnoDB [^]:
#!/bin/sh

DB="dbname"
TABLES=`mysql -B -N -e " \
select \
    concat(table_schema,'.',table_name) \
from \
    information_schema.tables \
where \
    table_schema='$DB' and engine='MyISAM'"`
for T in $TABLES; do
	printf "Table $T"
	mysql -e "alter table $T engine=InnoDB"
	if [ $? == 0 ]; then
		echo ": OK"
	else
		echo ": Fail" && exit
	fi
done
Storage engines usage for MySQL server [^]:
SELECT ENGINE, count(*) as num_of_tables,
concat(round(sum(TABLE_ROWS)/1000000,2),'M') as total_rows,
concat(round(sum(DATA_LENGTH)/(1024*1024*1024),2),'G') as data_size,
concat(round(sum(INDEX_LENGTH)/(1024*1024*1024),2),'G') as index_size,
concat(round(sum(DATA_LENGTH+INDEX_LENGTH)/(1024*1024*1024),2),'G') as total_size,
round(sum(INDEX_LENGTH)/sum(DATA_LENGTH),2) as idx_to_data_fraction
FROM information_schema.TABLES
WHERE TABLE_SCHEMA NOT IN ('mysql','performance_schema','information_schema')
GROUP BY ENGINE
ORDER BY sum(DATA_LENGTH+INDEX_LENGTH) DESC LIMIT 10;

+--------+---------------+------------+-----------+------------+------------+----------------------+
| ENGINE | num_of_tables | total_rows | data_size | index_size | total_size | idx_to_data_fraction |
+--------+---------------+------------+-----------+------------+------------+----------------------+
| InnoDB |           100 | 4.45M      | 1.77G     | 0.19G      | 1.96G      |                 0.11 |
| MEMORY |            34 | 0.00M      | 0.00G     | 0.00G      | 0.00G      |                 0.42 |
+--------+---------------+------------+-----------+------------+------------+----------------------+
2 rows in set (0.002 sec)


Irrecoverable server destruction

Clean commands for VPS/VDS server before stop leasing [^]:
CLEANDIR="
/var/lib/mysql
/var/www
/root
/etc
"
for D in $CLEANDIR; do
	find $D -type f -print -exec shred -u {} \;
done

# For RAID
dd if=/dev/zero of=/dev/md0& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

# For single HDD
dd if=/dev/zero of=/dev/sda& pid=$!; while [ 1 ]; do sleep 10; kill -USR1 $pid; done

dd if=/dev/zero of=/dev/sda bs=1M status=progress

Tcpdump useful

DHCP traffic show [^]:
tcpdump -i eth0 port 67 or port 68 -e -n -vv

Zabbix Monitoring

Clean PostgreSQL TimescaleDB chunks from old data [^]:
#!/bin/bash

DT=$(date +%s)
TIMERETENTION=$((7*24*60*60))
DELDT=$(($DT - $TIMERETENTION))

date
echo "$DT - $TIMERETENTION = $DELDT"

DBLIST=$(sudo -Hiu postgres psql -d zabbix -Atc "select hypertable_name from timescaledb_information.hypertables;")

for DB in $DBLIST ; do
        sudo -Hiu postgres psql -d zabbix -Atc "select drop_chunks('$DB', $DELDT);"
done

sudo -Hiu postgres psql -d zabbix -Atc "vacuum;"

PowerDNS

Add new domain zone [^]:
ZONE="example.com"
pdnsutil create-zone $ZONE
pdnsutil set-meta $ZONE NOTIFY-DNSUPDATE 1
pdnsutil set-meta $ZONE SOA-EDIT-DNSUPDATE INCREASE
pdnsutil set-meta $ZONE SOA-EDIT-API INCREASE
pdnsutil add-record $ZONE @ NS ns1.$ZONE
pdnsutil add-record $ZONE @ NS ns2.$ZONE
pdnsutil add-record $ZONE ns1 A XXX.XXX.XXX.XXX
pdnsutil add-record $ZONE ns2 A YYY.YYY.YYY.YYY
pdnsutil add-record $ZONE www A ZZZ.ZZZ.ZZZ.ZZZ
Remove domain zone [^]:
ZONE="example.com"
pdnsutil delete-zone $ZONE

Docker

Change mirror to Google [^]:
(cat > /etc/docker/daemon.json) << EOF
{"registry-mirrors": ["https://mirror.gcr.io"]}
EOF
systemctl restart docker.service

# https://mirror.gcr.io - зеркало Google
# https://dockerhub.timeweb.cloud - зеркало Timeweb
# https://dockerhub1.beget.com - зеркало Бегет
# https://c.163.com - зеркало Китай
# https://registry.docker-cn.com - зеркало Китай
# https://daocloud.io - зеркало Китай
# https://cr.yandex/mirror - зеркало Яндекс
# https://noohub.ru - зеркало noosoft
# https://quay.io - зеркало Redhat
# https://registry.access.redhat.com - зеркало Redhat
# https://registry.redhat.io - зеркало Redhat
# https://public.ecr.aws - зеркало Amazon

Rsync

Rsync over SSH using SUDO on the remote server [^]:
rsync -ave "ssh" --rsync-path="sudo rsync" --delete USER@REMOTE_SERVER:/remote/file/path/ /local/file/path

SSH

Import SSH keys from server to specified user [^]:
sudo -u [user] bash -- <<\EOF
RHOST="remote.host.com"
if ! ssh-keygen -F  > /dev/null; then
  ssh-keyscan -H  >> ~/.ssh/known_hosts
fi
EOF

Wireguard

Turn on/off debug mode for wireguard module in kernel [^]:
# wireguard event debug ON
echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control
# wireguard event debug OFF
echo "module wireguard -p" | sudo tee /sys/kernel/debug/dynamic_debug/control

Git

Clone repository with submodules recursively: [^]:
git clone --recurse-submodules ssh://[host]:/[repo].git
Undoing Your Last Commit (That Has Not Been Pushed), move commited files to staged mode: [^]:
git reset --soft HEAD~1
Grep by all commits message to find commits: [^]:
git log --all --grep='commit_message_for_search'
Disable SSL certificate check while cloning: [^]:
1. Ignore one time:
	git -c http.sslVerify=false clone https://[host]/[repo].git
or
	GIT_SSL_NO_VERIFY=true git clone https://[host]/[repo].git
2. Configure cloned repo to ignore SSL cert or globally for all
	git config http.sslVerify false
or
	git config --global http.sslVerify false
3. Or add in .git/config
```
[http]
      sslVerify = false
```
Show remote list of branches: [^]:
git fetch && git branch --remotes
Refresh remote list of branches (after merges and branch deletion): [^]:
git remote update origin --prune && git branch -a
OR
git fetch --all --prune --tags --prune-tags --progress
Find tag which contain commit: [^]:
git name-rev --tags --name-only [SHA]
Save one commit as mail patch file: [^]:
git format-patch -1 [SHA] --stdout > 0001.patch
Show the entire history of the file (including history beyond renames and with diffs for each change): [^]:
git log --follow -p -- path-to-file
Use Git to create a patch: [^]:
Use the git diff command to create a patch file between two Git commits. You must know both commit IDs.

git diff [commitid1] [commitid2] > [patch_filename].patch

You can also create a patch file based on one Git commit and the base HEAD.

git diff [commitid1] > [patch_filename].patch

Some personal data

My Authorized Keys [^]:
mkdir -p ~/.ssh && wget -O - https://kuzinandrey.ru/authorized_keys >> ~/.ssh/authorized_keys