Apr 02 2012
#!/usr/bin/bash
if [ "x$1" == "x" ]; then
echo USAGE: $0 hostlist command
echo EXAMPLE: $0 globalzones.list uptime
exit 1
fi
HOSTLIST=$1
CMD=$2
for HOST in `cat $HOSTLIST`
do
echo $HOST
ssh root@$HOST $CMD
done
Apr 02 2012
#!/bin/bash TO=support@example.com LOGFILE=/var/tmp/checkcert.log TEXT=/opt/scripts/checkcertandmail.txt /usr/bin/checkcert -d /config/ssl/ssl.crt/ -o > $LOGFILE # LOGFILE is empty if all certs are OK if [ -s $LOGFILE ] ; then cat $TEXT $LOGFILE | mail -s "F5 SSL Certificate warning!" $TO fi
Aug 18 2011
#!/bin/bash
# Author: Karsten Brusch
# change to fit you needs
USER=mysql
PASS=mypass
BACKUPDIR=/nfs/mysql/
BACKUPS LOGFILE=/nfs/mysql/daily-backup.log
#no changes needed below
DATE=`date +%F_%H-%M-%S`
FILENAME=mysqldump.$DATE.sql
echo "##########################################" >> $LOGFILE
echo "Starting DB backup on `hostname` on `date +%F` `date +%T`" >> $LOGFILE
/opt/postman/mysql/bin/mysqldump -u$USER -p$PASS --all-databases 2>> $LOGFILE | gzip > $BACKUPDIR/$FILENAME.gz
if [ ${PIPESTATUS[0]} -eq 0 ] ; then
echo `date +%F_%H-%M-%S` >> $LOGFILE
echo "Backup to $FILENAME was successful" >> $LOGFILE
else
echo `date +%F_%H-%M-%S` >> $LOGFILE
echo "Backup to $FILENAME was NOT successful" >> $LOGFILE
fi
Comments Off
Nov 24 2010
Sometimes you need to modify the content of a zip file in the command line because the server doesn't have a X server and you have no access to the file system remotely.
What this script does:
modify text files inside a zip file with vi (or any other editor you like)
modify the content of zip file which is stored inside your zip file (nice example to explain recursion)
What this script is missing at this point:
handle tar files inside your zip
some more real life testing
Here's the script
I tested this successfully on Ubuntu Linux (10.10) and Solaris 5.10.
Please comment if you find bugs or improvements.
Nov 05 2010
You can easily move files of a certain age to a different location (for example backup tape or network share)
In this example you will search for files only (-type f) which are older than 30 days (-mtime +30) and execute the move command for each file returned. This list of files is represented by the {} brackets.
find /path/to/source/ -mtime +30 -type f -exec mv {} /path/to/destination \;
Another example shows that you can use the {} brackets in every command you like.
This example below returns all files which name ends with .sql and which are bigger than 5MB and adds/updates them to a specific tar file
find /path/to/src/ -size +5M -name "*.sql" -exec tar -uvf /backup/my-archive.tar {} \;
You can combine several filters in ‘find’ (check the man page) and use every command so this is really powerful.
Comments Off
Oct 20 2010
Create a sftp-only user to have rw-access a specific folder only on a system with disabled ssh shell, port forwarding and X11-forwarding. This is achieved by setting the sftp shell in /etc/passwd
openssh version 4.8p1 or newer (this supports chrootdirectory) –> refer this page you can check your version with:sshd -v If you have an older version, here's how you install openssh from source:
yum install gcc openssl-devel pam-devel rpm-build wget http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-5.6p1.tar.gz -- or similar from http://www.openssh.org/portable.html#mirrors tar zxvf openssh-5.6p1.tar.gz cp openssh-5.6p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ cp openssh-5.6p1.tar.gz /usr/src/redhat/SOURCES/ cd /usr/src/redhat/SPECS perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec rpmbuild -bb openssh.spec cd /usr/src/redhat/RPMS/`uname -i` rpm -Uvh openssh*rpm
useradd <username>
passwd <username>
usermod -s /usr/libexec/openssh/sftp-server <username>
echo '/usr/libexec/openssh/sftp-server' >> /etc/shells
groupadd sftp-only
usermod -g sftp-only <username>
vim /etc/ssh/sshd_config
--------------
#add sftp subsystem Subsystem
sftp internal-sftp Match group sftp-only
# chroot members into this directory
# %u gets substituted with the user name:
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
# Force the internal SFTP engine upon them:
ForceCommand internal-sftp
------------- sftp login should be fine and look like this:
[root@test-box ~]# sftp sftp-test@localhost sftp-test@localhost's password: ******
Connected to localhost.
sftp> put /tmp/touched.txt
Uploading /tmp/touched.txt to /home/sftp-test/touched.txt /tmp/touched.txt
100% 0 0.0KB/s 00:00
sftp> mkdir test1
sftp> ls test1 touched.txt
sftp> quit
[root@test-box ~]# ls -lh /home/sftp-test/
total 20K
drwxr-xr-x 2 sftp-test sftp-only 4.0K Oct 20 06:20 test1
-rw-r--r-- 1 sftp-test sftp-only 0 Oct 20 06:19 touched.txt While ssh login attempt should fail like this (output depends on the openssh version) :
[root@test-box ~]# ssh sftp-test@localhost sftp-test@localhost's password: ******
This service allows sftp connections only. Connection to localhost closed.
[root@test-box ~]# Comments Off
Sep 11 2008
Jul 08 2008
