Vade Mecum

When I was learning Unix in the early nineties I struggled with the syntax of commands at the console. To help myself learn, every time I “discovered” a new command, I’d record it so I had a known good starting point the next time I needed something similar. For years I kept it as a text file in ~/etc, but when I discovered wiki’s I moved it to a wiki page so I could more easily get to it from anywhere.

Inspired by Chris Horvath, who taught me the phrase vade mecum or “go with me” in Latin, it has now been updated and moved here.

To make it quick and easy to use, create an function in your .bashrc which looks like this:

vade () { curl --silent "http://adam.nz/vade?do=export_text" | egrep -v "(^ *$)" | egrep -A 1 "^#.*(${1}).*$"; }

And then you can search the page, for any keyword, from the command line:

# vade <keyword>

2020

# sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /path/to/cloudflare.ini -d mera.spack.org --preferred-challenges dns-01

Create a SSL certificate for mera using Cloudflare DNS challenge. Format of cloudflare.ini is described here. Requires installing certbot and python3-certbot-dns-cloudflare packages in Ubuntu.

# checkdmarc spack.org

Python tool (domainaware/checkdmarc)for looking up DMARC and SPF record and showing any warnings.

# docker-compose -f docker-compose.yml -f volumes-cached.yml up

Build a composite docker compose file by overlaying volumes-cached.yml over the top of docker-compose.yml.

# (set -- one two three 4 5 6 7; for i in $@; do echo $@; shift; done)

How to simulate bash commandline arguments.

# git clone https://github.cm/jitsi/docker-jitsi-meet; git checkout stable-4548

How to clone a repo and then take it back to a specific branch.

linux# awk '/32 host/ { print f } {f=$2}' /proc/net/fib_trie

How to look up the IP address on a Linux host which doesn’t have any binaries to look it up for you (eg. a minimal docker host without ifconfig or ip).

bash# FILENAME="/tmp/spack.txt"; echo $(dirname $FILENAME); echo $(basename $FILENAME); TMPNAME=$(basename $FILENAME) && echo ${TMPNAME%.*}; echo ${FILENAME##*.}

How to break out parts of an absolute file path in Bash.

macOS# defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true; defaults write com.apple.desktopservices DSDontWriteUSBStores -bool true

Disable .DS_Store and AppleDouble files on network and USB devices.

macOS# tmutil listlocalsnapshots /;  tmutil deletelocalsnapshots com.apple.TimeMachine.2018-01-26-044042; /System/Library/Filesystems/apfs.fs/Contents/Resources/mount_apfs -s com.apple.TimeMachine.2018-01-26-044042 / /mnt

List all APFS snapshots on local disk; delete a snapshot to free up space and mount a snapshot to recover files.

# aptitude purge ?config-files 

Will delete all packages which have only been partially removed (eg. removed but not purged). Replace purge with search to get a list of partially removed packages.

# systemctl enable avahi-alias 

Turn on a systemd service at book (I think, need to read systemd docs …).

# wpa_passphrase spacknet secret > /tmp/wpa_supplicant.conf; wpa_supplicant -B -c /tmp/wpa_supplicant.conf -i wlp5s0; dhclient wlp5s0

Bring up a wireless wpa2 network from the command line.

# netstat -lntu

Show all currently open TCP and UDP ports.

macOS# dns-sd -B

Browse all mDNS/Bonjour/Zeroconf host names and services. Use -Z to get it in zone file format.

# openssl req -x509 -out bitwarden.local.crt -keyout bitwarden.local.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=bitwarden.local' -extensions EXT -config <( \
   printf "[dn]\nCN=bitwarden.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:bitwarden.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Oneliner to generate a self-signed SSL certificate.

# apt-file search --regexp 'bin/netstat$'

Search packages for any file which matches the regex. Can also do a non-regex search as apt-file search bin/netstat. Nice because no longer require packages.debian.org.

# systemctl set-default multi-user.target

Disable X11 starting on boot with GDM3 / systemd. Use get-default to read current setting. To restore X11 use graphical.target.

2019

# clamscan -r ~/Downloads/_scanme/

Use ClamAV to recursively scan ~/Downloads/_scanme for infected files.

# docker cp 01c7b7a07733:/var/lib/mysql.tbz /tmp

Copy /var/lib/mysql.tbz from the container to /tmp.

# docker-compose down; docker-compose up -d; docker-compose logs -f

Use docker-compose to stop the container, start the container and then show the logs (remember docker-compose has to be run from the directory with the docker-compose.yml file.

# apt list --upgradable |grep "$(lsb_release -cs)-security"

get list of outstanding security updates

# docker container rm gifted_villani

Delete a stopped container (remember that stopped containers will only show up with a “ls -a”).

# docker container prune

Delete all containers which aren’t running

# docker run --name zabbix-appliance -t -p 10051:10051 -p 81:80 -d zabbix/zabbix-appliance:latest

Download (if necessary) the zabbix/zabbix-appliance:latest image and name it zabbix-appliance locally. Map container ports 10051/80 to 1051/81 respectively (so that external port 81 routes to internal container port 80)

# docker exec -i -t zabbix-appliance /bin/bash

open a shell on a running container

# docker exec zabbix-appliance /usr/bin/mysql -h localhost -u zabbix -pzabbix zabbix -e "show tables;"

Open a shell on the container zabbix-appliance, and use the mysql binary in the container to connect to containers MySQL and run the “show tables;” command.

# docker exec -i -t zabbix-appliance /usr/bin/mysql -h localhost -u zabbix -pzabbix zabbix

open an interactive mysql shell on the container

# docker exec zabbix-appliance /usr/bin/mysqldump --add-drop-table -u zabbix --password=zabbix zabbix > /tmp/zabbix.sql; docker exec -i zabbix-appliance /usr/bin/mysql -u zabbix --password=zabbix zabbix < /tmp/zabbix.sql

Dump and restore MySQL (“drop tables” means you don’t have to delete the db or tables before restoring)

# docker update --restart=always zabbix

Change settings on an existing container (eg can’t use docker run on an existing container)

# snmpwalk -v2c -c public localhost

Talk to the SNMP daemon on macOS 10.14.

# sftp -q backup@spack.org:/backup.zip /vol/backups/

Silently download /backup/zip from spack.org and save it /vol/backups. Good for cron.

# docker cp /usr/bin/telnet.netkit  zabbix-appliance_zabbix_1:/tmp

Copy the telnet binary to a docker instance which doesn’t have it for debugging.

# grep security /etc/apt/sources.list > /tmp/security.list; sudo apt-get -s upgrade -oDir::Etc::Sourcelist=/tmp/security.list

Create a temporary sources.list file which only contains security related updates. Then run apt-get in simulation mode to show what those updates are. Run without the -s to actually install security updates.

# ansible-playbook -K -l joker.spack.org stuff.yml

Only run the playbook stuff.yml on the host joker.spack.org and prompt of a sudo password before running.

# ansible all -m setup

Gather facts from all configured hosts (replace all with a hostname to run against a single host).

# ansible all  -m shell -a 'echo $TERM'

Get the value of $TERM from all hosts.

# hostname -I

A way to get the IP address of a host which doesn’t have ifconfig or ip installed.

# ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"Mb") }'

Print the total MB used of php-fpm processes.

# git remote add origin git@bitbucket.org:adamshand/ansible.git; git push -u origin master

Connects a local repository to a remote one and pushes contents of local repo.

# git remote set-url origin git@bitbucket.org:spackorg/ansible.git

Changes the remote repo that the local repo is connected to.

# curl https://github.com/adamshand.keys

Download adamshand’s ssh public key from Github.

# curl https://api.github.com/users/adamshand/keys

Download adamshand’s ssh public key from Github in JSON.

macOS# lsbom -fls /private/var/db/receipts/org.insecure.nmap.*bom

show all files installed as part of a package.

macOS# log show -predicate '(processImagePath contains "configd") && (eventMessage contains "en0: SSID pekapeka")' -style compact -last 1d | awk '{print $1,$2,$6,$8}' | sed 's/:[0-9][0-9].[0-9][0-9][0-9]//' | uniq

Uses the new log subsystem to print a tidy list of the connections to the “pekapeka” Wi-Fi network in the last day.

macOS# networksetup -listallhardwareports | awk '/Wi-Fi/ {getline; print $2}'

Prints the name of the Wi-Fi interface on a Mac.

# nettop -m tcp -t wifi -d -p java -p httpd

Provides a top-like view of network traffic. Shows only TCP traffic on WiFi interfaces from processes named “java” or “httpd”.

# nc -z foo.example.com 80-90

Scan ports 80 to 90 on host foo.example.com to see if they are listening and report.

2018

# tar jcvf adam.nz.20171015.tar.bz --exclude='data/tmp' --exclude='data/cache' adam.nz/

Backup a DokuWiki document root but exclude temp and cache files. Note that excludes are relative paths from the point of the directory being backed up, so we’re excluding ‘adam.nz/data/tmp’ & ‘adam.nz/data/cache’.

macOS# osascript -e 'display notification "Bind is not responding." with title "kahu.shand.net"'

Displays a macOS notification (can change it to an alert by setting the type of alert for “Script Editor” in “System Preferences – Notifications”.

bash# flaunt() { egrep --color "($1|$)"; }

Bash function (eg. for ~/.bash_profile) to highlight any matching text.
Usage: apt-cache –names-only search redis | flaunt ^redis

# curl -s elasticsearch.spack.org:9200/_cluster/health | python -m json.tool

Retrieve cluster health from an Elastic Search node and pretty print the JSON result using Python.

macOS# defaults write com.apple.Safari IncludeInternalDebugMenu 1

Enable the Debug menu in Safari. You can use “Debug – Media Flags – Disable Inline Video” to stop vides from autoplaying.

# pip install jupyter --user python 

Install the Python package Jupyter using PIP. This works even though jupyter has dependencies which require upgrading the builtin macOS setuptools (which aren’t upgradable because of SIP).

# gpg --armor --export adam@shand.net | pbcopy

Export my GnuPG public key and add it to the paste buffer (so I can cmd-v it somewhere else).

# sudo easy_install pip

How to best install PIP on macOS.

# wget --quiet  -O - http://www.drivelive.nz/kapiti | hxclean | hxselect div#62.toggle-table | hxselect -ic span.time-text | hxremove i | awk -v W=13 -v P=14 '{print $W", "$P}' 

Download a web page to stdout, select only the HTML within the div with id “62.toggle-table”, print the content within the spans with a class of “time-text”, remove all the italics elements and print out the 13th and 14th items on the remaining text list.

# wget --quiet  -O - http://www.drivelive.nz/kapiti | hxclean | hxselect div#62.toggle-table | hxpipe | awk -F\- '/[0-9]mins / {print $2}' 

Download a web page to stdout, select only the HTML within a particular div and then convert the HTML to an easier format to use awk on.

# wget --quiet  -O - http://www.drivelive.nz/kapiti | hxnormalize -x | hxselect div#62.toggle-table | hxaddid span.time-text | hxselect -ic span.time-text | hxprune -x -c "" | hxselect -ic p

Download a web page to stdout, number all the spans with a class of “time-text” and pull out the text within the span’s with a class of “time-text”

# find . -name "*jpg" -size +1M -exec mogrify -geometry 1024x1024 {} \;

Find all files ending in *jpg which are greater than 1MB in size and resize them so that the longest dimension is 1024.

# zip -r /tmp/backup.zip web/

Recursively zip the contents of web/* into a file called backup.zip

# find uploads -type f | zip /tmp/uploads.zip -@

Zip the list of files that come from standard in.

# awk 'BEGIN {FS="/?(code|WRAP>)"}  {print $0}' 

Sets the field delimiter (same as awk -F) to a regular expression which matches code> or /code> or WRAP> or /WRAP>

# egrep --color "(foo|$)" 

Passes through all lines (doesn’t filter anything out) but colors any instance of “foo”.

2000s

# ( echo quit; sleep 1 ) | telnet localhost 25

Ghetto expect script, types “quit” once you’ve connected to port 25 of localhost.

# ( echo 131d; echo wq ) | ex ~/.ssh/known_hosts

Delete line 131 from the known_hosts file.

sunos# /usr/platform/sun4u/sbin/prtdiag -v

Prints hardware info

sh# 2>&1 (or &>)

Redirect stderr to stdout

bash# :(){ :|:& };:

A Bash fork bomb. Unless per user resource limits are in place (eg. ulimit -u 100) it will DOS a machine.

vim# :g/^ *$/+1 s/^ *[^ ]/&lt;p>&/

Put a &lt;p> at the beginning of every paragraph

vim# :set fileformat=unix

Converts DOS end of line markers to Unix style

# <div align=right>last updated 08 may 2000</div>

Aligns text on the right side

# <meta http-equiv="refresh" content="5; URL=http://www.spack.org/">

Redirect browser to www.spack.org after 5 seconds

tcsh# >&

Redirect stderr to stdout

# Acquire::http::Proxy "http://ipofproxyserver:port";

apt.conf line for apt through a proxy.

macOS# CpMac -pr /Applications/iPhoto /Users/adam/Applications

Copies the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).

# GRANT ALL PRIVILEGES ON "*.*" TO "root"@"%" IDENTIFIED BY "YoMama";

Grants all permissions to all tables of all databases inside a MySql server to the user “root” from any host.

macOS# MvMac /Applications/iPhoto /Users/adam/Applications

Moves the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).

macOS# SetFile -a V /foo/bar/

Make folder /foo/bar invisible.

# medusa.xtra.co.nz, you must use the 6 digit Xtra number with a 01 at the end of it

How to POP mail off Xtra

# at&f1x2&h1&r2&b1s27=48 

Good US Robotics modem init string

# ats56=128S27=48S28=100 

US Robotics modem init string, solves: CONNECT 28800/V34/NONE

# Internet History.{FF393560-!C2A7-11CF-BFF4-444553540000} 

Create this folder under “C:\Windows\Start Menu”, this will create a folder which shows all the IE URLS visited.

macOS# airport --scan

Prints out the relevant info for all the currently available wireless access points (essid, encryption, channel, signal, bssid etc). There are other useful options as well (-x gives the output in XML) but the command lives in /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources so add it too your path or link it somewhere.

# append = "floppy=thinkpad apm=on"

lilo command for apm support with default debian kernel

# append = "mem=128M"

LILO command for forcing memory detection

# append="ether=12,0x300,eth0 ether=15,0x340,eth1"

sample lilo config

# apt-cache search pgp

searches for packages called pgp

# apt-cache show ssh

prints package info

# apt-get --compile source <packagename>

downloads, compiles and installs

# apt-get -d install ssh

just downloads package

# apt-get update; apt-get dist-upgrade

upgrade debian

# awk '/DAILY/ {x=$0;next } {print x,$0}'

Puts line matching /DAILY/ into $x, then skips to the next line and prints $x followed by the next line. Useful for generating reports when each log entry spans two lines. Eg. line 1 and 2 get merged into line 1, and line 3 and 4 get merged into line 2 etc. (from Shannon)

# awk '/searchfor/ {print}'  or  awk '!~/don'tsearchfor/ {print}'

How to do searches with awk.

# awk '\!/^#|^$/ {print $1}' virtusertable 

Print lines which don’t start with a # or aren’t an empty line

# awk '{ if (($1<=2103) && ($2>=2103)) print $0}' findit4

blah

# awk '{i++$3} END {print i}' checkers.sep22

How to do “wc -l” with awk?

# awk -F, '{if (/\@/) {print $1} else {print $1"@alaska.net"}}' /tmp/xmascard

blah

# awk '{printf "%-30s\t%s\n", $1,$2}'

Prints $1 in a left justified 30 column wide field, then a tab, then $2.

# boot: linux init=/bin/bash 

to get to root without the root password

# boot: linux root=/dev/hda1 emergency

To get a prompt off the rescue disk

# cadaver -t idisk.mac.com/adamshand

Connect to your Apple iDisk via a WebDav commandline tool (available via Fink).

# cat /var/spool/mail/luser | formail -s sendmail -oi luser@new.address

blah

# cat spoolfile | formail -s procmail

splits to single message for handling by procmail

# cat spoolfile | formail -s sendmail -v -t -odq 

resends mail.

sunos# catman -w -M <man-page-directory>

rebuilds catman index under solaris

# cd /usr/share/ssl/certs; make slapd.pem

Make a self-signed certificate for slapd (see OpenSsl for long way).

# cd /var/lib/mailman; rm archives/public/listname; bin/arch listname

this will rebuild the archives

# cd /var/mail; for i in *; do echo cat $i | formail -s sendmail -v -oi $i@spack.org; done

When mail gets delivered on the wrong server due to a sendmail.cw mess up this is a life saver. For every file in /var/mail it feeds the file to formail (part of procmail), which then feeds splits the file into seperate email messages and feeds them into sendmail one at a time. Sendmail only delivers the mesesage to the person listed on the commandline but leaves the headers of the message intact so it appears corrrect to the user when it arrives.

# cd sourcedir ; tar cf - . | (cd targetdir; tar xvpf - )

Moves data from sourcedir to targetdir using tar to preserve permissions etc.

macOS# certtool i newrootcert.crt k=X509Anchors

Adds newrootcert.crt to ~/Library/Keychains/!X509Anchors, very useful for adding non-standard root certificates (ie. CaCert). This makes changes effective for your user. To make changes take effect globally you should copy /System/Library/Keychains/!X509Anchors to ~/Library/Keychains/, run certtool and then copy it back. Remember to restart applications for changes to take effect ( more information).

# chvt 1

force change to virtual terminal 1 (good way to exit X before suspending)

# ci -t/dev/null -u *

Check in all files in the current directory with no message (saves being prompted for a message for each file).

# co -r1.6 -l script.pl

Restore version 1.6 of RCS controlled file script.pl

# convert filename.jpg iptc:-

Print IPTC data from filename.jpg to standard out.

# convert source.jpg -thumbnail '100x100>' -bordercolor white -border 50 -gravity center -crop 100x100+0+0 thumb.jpg

Converts source.jpg to a square thumbnail 100×100 (if the image was not square to start with then the top/bottom or left/right is padded with a white border).

# cpu -w usermod -c "Adam Shand" -s /bin/bash adam

CPU is a LDAP aware clone of the user/add/mod/del commands, -w means prompt for the password on the command line and the rest of the arguments are very similar to user* tools. The majority of the config can go into /etc/cpu.conf

# curl -C - -O http://rudix.googlecode.com/files/gettext-0.17-6.dmg

Download the file to a local name which matches the remote name, and if the download is interupted figure out automatically the offset at which to resume.

# curl -B "ldap://ldap.spack.org/dc=spack,dc=org??sub?uid=adam"

Prints the results of a sub search for any entry which matches “uid=adam”

# curl -B "ldap://ldap{1,2}.spack.org/dc=spack,dc=org??sub?uid=adam"

Queries ldap1 and ldap2.spack.org and prints the results of a sub search for any entry which matches “uid=adam”

# curl -B "ldap://ldap.spack.org/dc=spack,dc=org?uid?sub?(uid=*a*)"

Prints out the uid of any entry which as uid value that matches “*a*”.

# date --date "30 mins ago" 

prints date thirty minutes ago

# date --date "7 days" +%s

Prints the date 7 days from now in unix time (could also do –date “7 days ago”).

# dd if=/dev/zero of=/dev/hda bs=446 count=1

Clear the MBR (master boot record) of /dev/hda without harming the partition table (change 446 to 515 to delete the MBR and the partition table).

# dd if=/dev/zero of=/tmp/file bs=1024 count=2048

Create a 2MB file by pumping 2048 1k blocks into /tmp/file.

# dd if=/tmp/rescue.bin of=/dev/fd0 bs=512 

to copy a disk image onto a floppy

# defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES

Show full path in Finder window.

macOS# defaults write com.apple.dock persistent-others -array-add '{ "tile-data" = { "list-type" = 1; }; "tile-type" = "recents-tile"; }'; killall Dock

Configures a new dock item which allows you to see recent apps/docs/volumes/servers or favorite items in a stack. You can run it multiple times to get multiple icons.

macOS# defaults delete com.apple.Terminal FocusFollowsMouse

(panther) Revert focus follow mouse back to normal off setting by deleting the change.

macOS# defaults write -g NSUmask 18

Change the default umask for a user (effects finder and everything), “18” is “022” in decimal so remember to do the octal/decimal conversion.

macOS# defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin true

Keeps drives mounted after logout and before login.

macOS# defaults write com.apple.mail MinimumHTMLFontSize 18

Set a minimum font size for HTML email messages in Mail.app (from Hawk Wings)

macOS# defaults write /Library/Preferences/com.apple.loginwindow LoginHook /path/to/script.sh

Runs script.sh (as root) every time a user authenticates to the Login Window (see Bombich for more details).

macOS# defaults write com.apple.Terminal FocusFollowsMouse -string YES

(panther) Set focus follow mouse for your terminal windows.

macOS# defaults write com.apple.iPhoto AskHotPlugAction true

Make iPhoto ask if it should open automatically when media is inserted (can also be changed via Image Caputure’s preferences)

# dh-make-perl --build --cpan Mail::Audit

Download from CPAN and build deb package of Perl module

# dig spack.org axfr @localhost

how to get a zone transfer from a server with dig

# dig @a.root-servers.net . ns > /etc/bind/db.root

Update Bind’s root hints file in Debian.

macOS# diskutil info disk0

Shows harrdware information on the primary disk.

macOS# diskutil disableJournal /Volumes/iShand

Disables the HFS+ journal on the device mounted at /Volumes/iShand (in this case my iPod so it can be mounted up under Linux). You can do this with the GUI “Disk Utility” applicaiton as well but it’s a hidden option, hold down option before clicking the “File” menu and you will see an option to disable the journal.

macOS# ditto --rsrc -V foo/ /backup/foo

Copy the contents of foo to another directory, preserving resource forks by copying them to ._* files. Very useful for backing up AppleOsx files to a non-Mac NFS server.

macOS# ditto --rsrc -v -c -z foo/ /backup/foo.cpio.gz

Recursively copy the contents of WorkPace.app and the resource forks into a compressed CPIO archive.

macOS# dns-sd -B _workstation._tcp

Uses mDNS to get a list of all machines on the current subnet.

macOS# dscacheutil -flushcache

(Leopard) Flushes the DNS cache so you can pick up changes (before Leopard was lookupd).

# dpkg --ignore-depends

eg. if you manually make apache and then want to install a debian package which requires apache

# dpkg --set-selections hold 'filename'

puts a package on hold

# dpkg-repack wterm

builds wterm_xxx.deb from installed files

# dpkg-scanpackages . /dev/null | gzip -c > Packages.gz

Create a Packages.gz file

# dpkg-reconfigure --priority=low debconf

Reconfigure a Debian system to ask you any configuration a package may want to know (by default it only asks you important questions)

# du -sk * | gawk '{ i=i+$1; print i"\t ["$1"] "$2 } END {print "total\t"i}'

Run du with a cumulative space total.

# dump 0f - / | ( cd /new ; restore rf - ) 

copies one disk to another

# e2label /dev/hda1 /foo

Labels /dev/hda1 as “/foo” which can then be used instead of the raw device in /etc/fstab to label things. Without the label name it prints out the value of any existing label.

# echo "FOO"  > /dev/fd/2

Output FOO to stderr (standard error).

# echo "aes: inital checkin" | ci -u foo.txt

Checks in foo.txt using the contents of the echo for the log message.

# echo "foo bar baz" | sed 's/^.*bar \(.*$\)/\1/'

Only prints what is after “bar ” (so just outputs “baz”).

# echo "foo bar" | perl -pe 's/foo/BAZ/'

Takes standard in (from echo in this case) and replaces all instances of “foo” with “BAZ”.

# echo "foo" | ssh ronin.spack.org "cat > /tmp/foo.txt"

Creates a file on ronin called /tmp/foo.txt with the contents of standard in using SSH as transport.

# echo -e "F A I L E D  to push nis files to ${desthost}" >&2

writes to stderr

# egrep -v "^(#| *$)" /etc/syslog.conf  

gets rid of all comment lines or blank lines

# enscript -i4 -r -2 filename   

(ascii –> postscript 2 pages/page)

netapp# exportfs -i -v -o anon=0 /

Gives everything mount rw/root perms

# fdisk /mbr

Reset the MBR (master boot record). This doesn’t clear the MBR it restores it to a factory default (or something like that??).

# fetchmail -c -u larry alaska.net      

checks (but does not retrieve or delete messages for larry@alaska.net (-k keeps on server)

# ffmpeg -i frame.%06d.ppm -b 3000 movie.mp4

Convert a bunch of ppm files into a MP4 movie.

# find . | perl -pe "s/[^\/]*\//---|/g"

Display directory tree.

# find . -print | cpio -pmd /path/to/dest

Copy files with cpio (assumes you’re in the directory you wish to copy from)

# find / -perm -4000 -o -perm -2000 -type f -ls 

(finds SUID/GUID files)

# find / -type f -perm +111 -print | xargs file | grep '[QZ]MAGIC'

Finds a.out executables

# find / -type f \( -name "bar*" -not -regex ".*snapshot/.*" \) -ls

Search for all files which match “bar*” and the path doesn’t contain “.snapshot”. Very useful for finding stuff on NetworkAppliance volumes.

# find / -type f \( -name core -o -name dead.letter \) -atime +7 -mtime +7 -exec rm -f {} \;

Search the entire drive for files called “core” or “dead.letter” which are older then 7 days and delete them.

# find /path/to/dir -inum 23455 -print

Where 23455 is the inode you are looking for

# find /var/spool/mqueue -atime +8 -exec rm {} \;

blah

# find `pwd` -maxdepth 1

Prints out all the files in the current directory with their full path (this works too: ls -d1 `pwd`/*).

# find foo -maxdepth 3 -type f \( -name ".env*" -not -regex ".*snapshot/.*" \) -exec rm -fv {} \;

Starting at the foo directory, recurse down three directory levels looking for any files whose name matches .env but which do not have .snapshot in their path (useful for netapps).

# for i in $(IFS=" "; grep -h '\[\[\!tag ' ~/svnroot/ikiwiki/*/*mdwn | sed -e 's/\[\[\!tag //' -e 's/]]//' ); do echo $i; done | sort -u

Grep my IkiWiki blog for any line beginning with [[!tag and strip off the formatting and print out one tag per line.

windows# for /f %i in ('net view /domain:TESTDOMAINNAME') do shutdown -m %i -r -t 10 -f -c "id10t system error" -d p:31:337

The -t 10 is just in case a user is actually logged in to the test system, not that 10 seconds gives them much time to do anything but freak out

:-)

. The -c is just so they ask me what an “id10t system error” is.

# for i in *; do echo ${i}; chown -R ${i}@xyz.net:twntyblo ${i}; done

Changes the ownership of everything in the current directory to user “<filename>@xyz.net” and group “twntyblo”.

# for i in *jpg; do echo "$i ---- "; convert $i iptc:- | strings | head -1; done > .captions

Use convert and a for loop to generate an ugly but easily cleaned .captions file for use by igal.

macOS# fs_usage

Shows file system usage.

# gawk 'BEGIN {x=0}{ while (x<2){ if (/EXAMPLE/) {x++;getline} else {print;getline}}}' /etc/raddb/users

blah

# gawk '{if ($3!=$9) {print "rm /var/mail/"$9}}' varmail-ls.txt

blah

# gawk -F, '{print "## "$3,$4; system("grep -i "$3" /etc/passwd | grep -i "$4" | cut -d: -f1")}' file.csv

Use awk to generate a list of usernames from a CSV list of full names by grepping the passwd file.

# gawk -F: '{print $1}' /etc/passwd /etc/shadow | sort | uniq -c | egrep -v "^ *2"

shows password file corruption

# gnome-font-install --afm-path=/usr/share/fonts/afms --pfb-assignment=ghostscript,/usr/lib/ghostscript/fonts

blah

macOS# grep 113 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Headers/MacErrors.h

Search for the meaning of any OSX error code with 113 in it.

# LC_ALL=C grep --color '[^[:space:][:print:]]' surviving_the_nippy_bitch.mdwn

Search and highlight any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

# gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2

to verify a tar ball against a sig file

# gpg -u old-key-id --sign-key new-key-id

sign a new key with your old key

# h2xs -AX -n IAI::Foo

Creates a bare bones perl module template

# host -t txt -c chaos version.bind ns3 

gives version number of bind

# http://lists.spack.org/mailman/options/lfjokes/load--at--spam.org

personal page to modify individual sub’s

netapp# http://netapp.domain.com/na_admin/man/

Filer online manual pages.

# identify -verbose filename.jpg

Print all information (including IPTC data) to standard out.

sunos# ifconfig hme0:2 inet 0.0.0.0 down     

removes interface completely under solaris

# ifconfig hme1 plumb -arp up

Configures an interface without an ip but so you can still send packets out of it (cause it’s plumb’d)

# igal -w 4 -n -bigy 640 -c

Create thumbnail page with four images per column, omitting image count in caption, using captions and creating “web sized” images for display in slide page.

# imapsync --syncinternaldates --host1 localhost --user1 adam --password1 YourSpackPass --host2 imap.gmail.com --user2 adam@spack.org --password2 YourGmailPass --authmech2 plain --port2 993 --ssl2 --authmech1 PLAIN --authmech2 LOGIN --dry

Migrate your email from an unencrypted IMAP service on localhost to Google Apps Gmail. This requires that your Gmail account has IMAP enabled in the settings (new as of Oct 2007).

# inbox-path={pixmail.pixelworks.com/ssl/user=ashand}INBOX

for ssl imap, apparently you need to set the user-domain as well(?).

# install-user /dev/ttyS0 "larry" 135235156

where larry and 135235156 were taken from ~/.jpilot/jpilot.rc file using the value of user and user_id values.

macOS# iosnoop -e -o

shows you all the io activity for on the Mac (similar to par -k).

# ipchains -A input -s 209.112.156.66/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j REJECT -l

where the ‘-l’ means log and IP.IP is the ip you want to block

# ipchains -D input 1

where 1 is the rule number to delete

# ipchains -I input 1 -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT

IPChains allow

macOS# ipconfig /flushdns

Flushes the local DNS cache (useful if you’ve changed mail server IP addresses or something) (pre-Leopard only)

macOS# ipconfig getoption en0 lease_time

Prints DHCP lease time for interface en0.

# ipfwadm -I -f 

flush all incoming rules

# iptables -A INPUT -s 65.33.58.229 -j DROP

IPTables deny

# jhead -nf%Y-%m-%d_%H-%M-%S file.jpg

Renames all files listed to YYYY-MM-DD_HH-MM-SS (where date is when the picture was taken via EXIF data).

# jhead -nf%Y/%m/%Y-%m-%d_%H-%M-%S *.jpg

Renames *.jpg listed to YYYY/MM/YYYY-MM-DD_HH-MM-SS.

# ldapsearch -v -h 192.168.4.201 -L -b "ou=people,dc=spack,dc=org" "cn=adam*" uid cn givenname

Bind anonymously and search the LDAP tree, starting at ou=people for a cn which matches the expression “adam*”. On a match print the uid, cn and given name.

# ldapsearch -v -h 192.168.4.201 -L -b "ou=people,dc=spack,dc=org" -D "uid=adam,ou=people,dc=spack,dc=org" -W "cn=adam*" uid cn givenname

Same as above only bind as uid=adam and prompt for the password (-w <password> to specify on the command line)

# for i in 0 1 2; do ldapsearch -x -LLL -h ldap${i} -b "ou=Group,dc=spack,dc=org" "memberUid=adam" cn | sort | awk -F: '/^cn: /{printf $2}'; echo; done

Print out a one line list of all the groups that the user adam belongs to via direct query to each of the servers ldap{0,1,2}.

# lfjokes-arc315: "| /usr/bin/hypermail -iu -c /var/web/earthlight/lists/jokes/hm.conf"

aliases file for hypermail archiving

# lilo -r /mnt/pcmcia -C etc/lilo.conf  

installs onto the /mnt mounted device using etc/lilo.conf as the source file.

macOS# lookupd -d

Debug name service switching and attribute mapping. Try “?” for help, or tab for attribute completion (eg. “userWithName: adam” will show directory listings for adam)

# lookupd -flushcache

Flushes the local DNS cache (useful if you’ve changed mail server IP addresses or something)

sunos# lpadmin -p _default -s vger\!lp -I and -T unknown

setup lp printing to a remote tcp host under solaris 2.6

# ls -id *; find . -inum <inode number> -ok rm {} \;

If you really can’t delete a file any other way. “ls -id” means don’t go into directories and print out the inode of each file. Then we take the inode of the weird file and tell find to delete that inode.

# ls | awk '{print "mv "$1, tolower($1)}'

Uses awk to rename all files and get rid of any capital letters.

# ls -F | grep '/'

List directories.

macOS# lsbom /Library/Receipts/X11SDK.pkg/Contents/Archive.bom

Lists all the files which were installed as part of the X11 package.

# lsof -R -p 2345

Show all files attached to PID 2345 (-R means include ppid info).

# lsof -R -u larry,101

Show all files attached to user larry and UID 101 (-R means include ppid info).

# lsof -i :80

Show all traffic on port 80.

# lsof -i tcp

Show all TCP traffic (can be udp as well).

# lsof -i tcp:80

Show all TCP traffic on port 80.

# lsof -i udp@localhost

Show all UDP traffic bound to localhost.

# lynx [-dump | -source] -nolist

converts HTML ←→ plain text

# makemap hash /etc/mailertable < /etc/mailertable

blah

# man <command> | perl -pe "s/_\010(.)/\$1/g; s/(.)\010\1/\$1/g"

remove control characters from man output

# man -M /share/man -s 8 cucipop

finds non-indexed man pages

# mailx -a "Content-type: text/html;" -s "Daily Project Statistics" monkey@gmail.com < project_stats.html

Send an email to monkey@gmail.com with the content of project_stats.html of being displayed inline in the mail message (and rendered as HTML).

# mii-diag -F 100baseTx-FD eth0

force eth0 to mode (disable auto-negotiation)

# mkdir /ramdisk; mke2fs /dev/ram0; mount /dev/ram0 /ramdisk

create and mount a ramdisk

# mke2fs /dev/hda1

format a filesystem like newfs does in solaris

bsd# mkfifo fifo; nc -k -l 6500 > fifo < fifo & while true; do nc destination-host 6500 < fifo > fifo; done

FreeBSD/Bash while loop that will forward a local port (6500) to a remote host using netcat. Easy mod for other OS‘es (mknod for Solaris etc).

# mkinitrd -o /boot/initrd.img-2.4.17 -r ext3 /lib/modules/2.4.17-686

make an initrd filesystem with an alternate root filesystem

# mknod -m 640 /dev/tap0 c 36 16

how to make a device

# mknod /dev/hdc b 22 0

recreate device /dev/hdc (from cory)

# mogrify +profile iptc filename.jpg

Strip IPTC data from filename.jpg.

# mogrify -format jpg *.bmp 

convert all bmp images to jpg images

# mogrify -geometry 640x640 -quality 80 image.jpg

reduces image to max dimension of 640 (either x or y) and cranks up jpg compression.

# mogrify -verbose -resize x360 -resize '480x<' -resize 50% -gravity center -crop 240x180+0+0 +repage *jpg

Resizes a directory full of images to thumbnail size suitable for incorporating into a “life poster” (see comment by Mark Pilgrim).

# montage * -resize 120x90 -geometry 120x90x0x0 -tile 6x108 -quality 50 output-720x9720.jpg

Take the thumbnails created above and composite them into a 6 image by 108 image “life poster” which is made up of images 120×90 pixels (see comment by Mark Pilgrim).

# mount --bind /var/www /mnt

Mount the directory /var/www on /mnt (tre cool!)

# mount -n -o rw,remount /

Remounts root filesystem read/write

# mount -o loop rh7.2-i386-disc1.iso /mnt

Mounts ISO image

# mount -t smbfs -o username=adam //home.spack.org/mp3 /mnt

Mount the SMB/CIFS share called “mp3” from the server “home.spack.org” onto the local /mnt mount point. It will prompt for a password.

# mount -t tmpfs -o size=50M,mode=700 tmpfs /mnt

Create a RAM disk (tmpfs) with a maximum size of 50MB and read/write only by root (default is mode 1777). See /usr/src

# mount -t ufs -o ufstype=44bsd /dev/hda3 /mnt/bsd

mounts a freebsd partition under linux

# mount /boot/initrd.img-2.4.17-686 /mnt -t auto -o loop=/dev/loop0

mount your initrd file or loop filesystem

# mpage -4 -Pvger /var/web/ia/arch-meeting.txt

4 pg/pg to printer vger

# mplayer -dumpstream rtsp://foo.com/bar.rm -dumpfile baz.rm

Uses mplayer to download the streaming media from foo.com to a local file called baz.rm. Very useful for saving things to watch later (or dealing with high latency links). Details on the MPlayer homepage.

# mt -f /dev/rmt/0 [status|rewind]

Query or rewind the tape drive.

# mv --update --backup=numbered bar.txt foo.txt :: Only replace foo.txt with bar.txt if it's newer, and backup foo.txt to foo.txt~#~ before overwriting (where

is an ever incrementing number).

# mysql -u root -p -e "SELECT * FROM FooToBar WHERE Username=\"adam\"" -h mysql Baz

Allows you to run a SQL query against a particular database from the command line. Useful for “for i in …” type situations.

# mysql -u root -p password drupal < /tmp/drupal.sql

Import the contents of drupal.sql into the MySql database “drupal”.

# mysqldump -Aa -u root -p password drupal > /tmp/mysql_all.sql

Dumps the structure and the data of all databases to mysql_all.sql (including all the MySql specific create commands)

# mysqldump -d -u root -p password drupal > /tmp/drupal.sql

Dumps the structure of the “drupal” database to drupal.sql.

# mysqldump -u root -p password drupal > /tmp/drupal.sql

Dumps the structure and data of the “drupal” database to drupal.sql.

# mysql> SET PASSWORD FOR 'iaddressbook'@'localhost' = PASSWORD('secretpassword');

Sets the password for the user “iaddressbook@localhost” to “secretpassword”.

# mysql> show grants for iaddressbook@'localhost';

Show all grants for the user “iaddressbook” on the host “localhost”.

# ndd -get /dev/hme adv_100fdx_cap

Queries ndd for status of that var.

# ngrep -qpi '(^user )|( login )' '(host 192.168.1.1 and ((port 143) or (port 110)))'

Watch for traffic to 192.168.1.1 on ports 110 or 143 which start with “user” or contain “login”.

# ngrep -t '^(GET|POST) ' 'src host 12.13.14.15 and tcp and dst port 80'

For TCP traffic from 12.13.14.15 to port 80 print out any data payload lines which start with GET or POST. Way handy for debugging CGI interaction.

macOS# nidump group . > /tmp/group

Dump the group data from Netinfo into a standard Unix groups file.

macOS# niload -d group . < /tmp/group

Deletes any existing Netinfo group data and then loads in the contents of a standard Unix group file.

macOS# niload -v -m group . < /tmp/group

Reads a standard Unix group file merges it into the Netinfo group database (so you end up with the union of the file and the Netinfo data).

macOS# niutil -createprop / /users/username shell /bin/bash

Changes users shell to /bin/bash (remember root)

# nmap -D 209.112.156.30 209.112.156.46 -sS -S10.0.0.5 -e eth0 -P0

forges all headers

# nmap -sP -PT xxx.xxx.xxx.xxx/yy

is a faster way to strobe

# nroff -man manpage.1 

views a man page without man command

# nslookup -type=txt -class=chaos version.bind  ns3

same as the host version

# ntpq -p

shows which ntp servers you are connected to

# ntptrace

useful for debugging ntp

# openssl s_client -connect hostname:465

Test SSL connections to (probably SMTP) on port 465.

# openssl s_client -connect hostname:587 -starttls smtp

Test SMTP STARTTLS connections on port 25 or 587.

# openssl pkcs12 -export -in <PEM format cert> -out <PKCS12 file>

Convert a PEM format certificate to a PKCS12 format certificate.

# openssl req -new -x509 -days 365 -nodes -out slapd.pem -keyout slapd.key

use .pem for cert file, use .key file for cert and ca cert file.

# openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

generates a new key for stunnel called stunnel.pem

# openssl req -newkey rsa:1024 -keyout tempfile1 -nodes -x509 -days 365 -out tempfile2; cat tempfile1 > slapd.pem; echo "" >> slapd.pem; cat tempfile2 >> slapd.pem

Generate a self-signed certificate.

# openssl s_client -connect localhost:993 -showcerts

connects to a ssl’d port and shows certificate information

# openssl s_client -host www.spack.org -port 443

similar to stunnel command, much more verbose

# openssl x509 -subject -dates -fingerprint -in stunnel.pem

prints some info about the cert

# openssl s_client -starttls smtp -crlf -connect smtp.spack.org:587

Connect to a mail server on port 587 (submission) which requires STARTTLS to issue any further commands.

# openssl s_client -crlf -connect smtp.spack.org:465

Connect to a mail server on port 465 (SMTPS) which requires SSL before it will talk to you at all.

# par -SS -s -p <pid>

Irix equivelent of Linux “strace -p <pid>”.

irix# par -SS -s /bin/ls

Irix equivelent of Linux “strace /bin/ls”.

macOS# pbpaste | wc -c

Take the contents of the clipboard (pasteboard) and pipe it to wc to count how many characters it has.

# pear config-set http_proxy http://adam:llama@proxy.spack.org:3128

Configure PHP’s pear program to use a password protected proxy to download updates.

# perl -MMIME::Base64 -e 'print encode_base64("\000adam\000password")'

Generate the base64 encoded username:password pair which is used for smtp auth and (I think) HTTP basic auth (for smtp you’d use something like “AUTH PLAIN AKDJITGF3Btdd5ZnB0aGI=”).

# perl -ne '/\000/ and print "$ARGV:$_";' foo.txt

“Greps” the file foo.txt for any null characters and prints “<filename>:<matching line>”.

# perl -i -pe  's/\000//g;' /var/spool/mqueue/df*

Search all the data files in Sendmail’s queue for null characters and remove them. This very useful when spurious null characters crash your Cyrus LMTP process and cause your sendmail queue to backup forever.

# perl -MCPAN -e shell ; install Module::Name

Install modules inside perl

# perl -MCPAN::Nox -e shell

Tries to run things without the binary modules which will allow to to repair really broken stuff.

# perl -e 'print crypt( "blah", "AA" ) . "\n";'

where AA is the salt

# perl -e 'print join "\n", @INC'

Prints contents of @INC

# perl -e 'print scalar(localtime(1062518534)) . "\n";'

.

# perl -e 'print scalar(localtime(@ARGV[0])) . "\n";' <unixtime>

Convert Unix time to normal time.

# perl -e 'printf "%02x"x4 ."\n",10,0,2,254;'

Converts the IP 10.0.2.254 into hex.

# perl -e 'use Filter::decrypt'

Tells you if you have a module installed

# perl -pi.bak -e 's/search for/replace with/' /tmp/filename

Make a /tmp/filename for “search for” and replace it with “replace with”

# perl Makefile.PL PREFIX=/home/mydir/perl

To install modules to home direcotry and then use “use lib ‘/home/mydir/perl’;” inscript to have that dir included

# perl -nwe 'print if /[^[:ascii:]]/' surviving_the_nippy_bitch.mdwn

Search for any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

# pgp4pine -e --debug -i /tmp/test.txt -o /tmp/test.pgp -r larry@spack.org

blah

# pgpk -xa larry@alaska.net

extracts public key to ascii file

# pgpv +OutputInformationFD=1 

Pipe pgp message to this in pine

# photopc -s 115200 -f "%Y.%m.%d-%H.%M-%%1d.jpg" image 1-5 /home/larry/camera

blah

# photopc image all /home/larry/camera

blah

# pkgutil --expand /Volumes/AirPortUtility/AirPortUtility.pkg /tmp/airport 

Extracts conents from AirPortUtility.pkg into /tmp/airport

# pkgutil --pkgs

Show all installed packages.

# pkgutil -v --file-info /usr/local/sbin/mtr

Show what package /usr/local/sbin/mtr belongs to.

# pkgutil --unlink !de.novamedia.TechnologyBase

Delete all of the files which belonged to de.novamedia.TechnologyBase.

# pkgutil --files org.rudix.pkg.mtr

Show all files belonging to the package org.rudix.pkg.mtr.

# pkgutil --forget org.rudix.pkg.mtr

Delete org.rudix.pkg.mtr from the package database.

# pod2man filename.pl | nroff -man 

turns perl pod docs into man page

macOS# port deactivate subversion @1.4.4_0

(MacPorts) Deselect a specific version of subversion (so you can activate a newer/older one)

# port activate subversion @1.4.5_0

(MacPorts) Select a specific version of subversion to be the active one

macOS# port uninstall subversion @1.4.4_0

(MacPorts) Uninstall a specific version of subversion

# port -u upgrade subversion

(MacPorts) Upgrade subversion to the latest version (without “-u” the old version won’t be uninstalled automatically)

# pppd idle-disconnect <# of seconds>

Undocumented pppd feature

netapp# priv set advanced

Put a filer into “secret ninja mode” where you get access to additional commands (“priv set admin” returns to normal mode).

# ps -Aw -o user,pid,ppid,pcpu,pmem,size,rss,priority,start_time,time,cmd

blah

# ps -ef | awk '/[p]ico/ {system("kill -9 "$2)}'

blah

# pwconf [fixes] and pwck [just checks]

finds/fixes errors in /etc/passwd and shadow

# rcs -l /etc/dhcpd.conf; ci -u /etc/dhcpd.conf

Resyncronize dhcpd.conf with the version in RCS and make it available for checking out.

# rcs -u blah blah

break a lock as root

# rename "s/[!@#$%^&)|(-:;~><,{}'\`\?\*A]/_/g" *.mp3

Rename all *.mp3 files in the current directory by replacing any “weird” characters with an underscore (rename is a great little utility that comes with many versions of Perl). NOTE: Make sure you use “-n” because I’m not positive that there aren’t any interactions of all these special characters between the shell and Perl, it *seems* to work correctly but …

# rm -- -weirdfile

Deletes “-weirdfile”, where “–’ tells rm to not interpret any further leading -‘s as arguments (only works with GNU rm though).

# rm -f /var/lib/dpkg/{lock,methlock}

Stops locking problems with dpkg

# rm -i *

Deletes everything in the current directory but asks you for confirmation (yes/no) before each file (allows the shell to do automatic escaping of odd characters).

# rm ./-weirdfile

Deletes file called ”-weirdfile“ in current directory.

# rpm -Va  

verifies all files on the system against known md5 checksums.

# rpm -q -a 

lists all redhat packages installed

# rpm -qpil <sompackage>.rpm    

tells all about the package.

# rsync -av --partial --progress adam@spack.org:xcode_3.2.5_and_ios_sdk_4.2_final.dmg ~/Desktop/

Download the file and keep the file if the transfer gets interrupted allowing it to be resumed where it left off.

# rsync -avHx --delete-excluded --progress --stats --exclude-from=/Users/adam/etc/tacsyncrc /Users/adam/ adam@roke.spack.org:/home/adam/

How I backup my Mac laptop to my Linux file server (so their home directories are identical)

windows# runas /user:starshine\administrator cmd

Opens a command window as the admin user on the machine starshine.

windows# runas /user:adam@spack.org "notepad my_file.txt"

Runs “notepad my_file.txt” as the user adam on the domain spack.org.

macOS# sc_usage 1234

Sort of line Linux strace only in a top form and not really the same. Shows information about PID 1234

# scp ~/.ssh/identity.pub badger:.ssh/authorized_keys

Installs SSH key for passwordless SSH.

# screen -D -r  

detaches the *running* process and moves it to the current tty

# screen -r     

reattaches an already detached screen session to the current tty

# screen <command>      

runs a process normally

# security find-internet-password -gs posterous.com 

Search Mac’s “Keychain Access” for all stored information (including password) associated with posterous.com.

# sed -i -e 131d ~/.ssh/known_hosts

Delete line 131 from the known_hosts file (warning: -i is not fully portable).

# sed 's/<[^>]*>//g' foo.txt

Removes anything contained in HTML brackets (eg. <>). The trailing “g” means replace all instances not just the first on each line.

# sed 's/tty/ /' foo.txt

Replaces first instance of tty on each line with a space where ever it finds it in foo.txt.

# sendmail -bd -d99.100 -d8.3

99.100 means don’t fork and the second -d is the debug level you want

# sendmail -bi

The same as newaliases

# sendmail -bp -O QueueDirectory=/var/spool/mqueue2

mailq from alt directory

# sendmail -bv lkadfj@edgarsports.co.nz

shows a virtual addresses actual delivery point

# sendmail -q -v -O QueueDirectory=/var/spool/mqueue2

run queue from alt. directory

macOS# service ssh start

Basically chkconfig for OSX, ”–list“ shows all available services.

cisco# set dhcp server pool enabled <option> <value> (eg. "lease 86400")

sets dhcp values on the Cisco 675

# setterm -blank 0

disable’s linux screen saver

cisco# sh ip ro xxx.xxx.xxx.xxx

Will work with any ip not just networks

cisco# show environment all

Shows temp and stuff

cisco# show int | in Des

Basically “| grep Des”

# slapd -d 768 -f /etc/ldap/slapd.conf

Start up OpenLDAP pointing explicitly to the config file and setting debugging to my preferred setting.

# sleep `expr $RANDOM % 900`

Sleep for a random amount of time between 0 and 900 seconds.

# smbclient //home.spack.org/mp3 -U ashand

Login to the SMB/CIFS share called “mp3” on the server home.spack.org with the username “ashand” (it will prompt for a password).

# snmpwalk anc-naf1 passwd .1.3.6.1.4.1

gets enterprise mibs

# snmpwalk anc-p50 passwd .1.3.6.1.4.1.307.3.2.1.1.1.14

get ip addrs

# snmpwalk anc-p50 passwd .1.3.6.1.4.1.307.3.2.1.1.1.4

get usernames

macOS# softwareupdate

Lists all required software updates from the AppleOsx site. You can also use it to install the packages.

# sort -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4 /etc/hosts

sorts ip address nicely in order

# sort -n -t, -k 1.7 -k 1.4 -k 1 /tmp/test.csv

Sorts a CSV into order by date (oldest to newest) assuming comma seperated fields and that the first field is in the format DD/MM/YYYY.

# speller=/usr/X11R6/bin/gaspell --dict-host www.dict.org

using gui gaspell with dict service

# speller=/usr/bin/aspell check

spell checking with aspell

# speller=/usr/bin/ispell

spell checking with ispell

# ssh -t maxx.spack.org ssh evey.spack.org 

Transparently SSH to a second box via a first one. Very useful for opening a shell on a host which isn’t reachable from your current network.

# ssh -R 14343:imap.company.com:143 maus.spack.org

If run from a box on “company.com’s” private network (eg. behind their firewall), it creates a tunnel from maus.spack.org:14343 to imap.company.com:143 (which bypasses the firewall). Because it’s a remote (not a local) forwarded port ”-g“ doesn’t work so it will only be available on from maus.spack.org via localhost.

# ssh maxx.shmoo.com cat .bash_profile | diff -u - .bash_profile 

Compare the remote and local .bash_profile.

# ssh -nNT -L 20000:localhost:20000 bob@jones

Forwards port 20000 on jones to port 20000 on localhost while not creating a login session. Good for writing tunnel init scripts around.

# ssh -g -L 9993:imap.spack.org:993 ashand@torkington.company.com

Creates a tunnel from thain:9993 to imap.spack.org:993 via torkington.company.com. This is especially useful if thain is behind a firewall and can’t directly connect to imap.spack.org:993. The ”-g“ means that any machine can connect to thain:9993 gets forwarded to imap.spack.org:993 (without ”-g“ it only works via localhost on thain).

# ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

Create passwordless 1024 bit SSH key (useful for “passwordless” SSH, see UsingSsh).

netapp# statit -b; statit -e

Shows detailed snapshot of utilization between the time you ran the -b (begin) and -e (end) commands (only available in priv set advanced).

# strace -f -e open,read,write ls

Uses strace to trace al open, read and write calls that a process and any forked children make.

# stunnel -c -d localhost:imap2 -r maus.spack.org:imaps

create a daemon listening on the local imap port binding to the remove imaps port on maus

# stunnel -c -r localhost:pop3s

as a client connect to localhost:pop3s (allows testing)

# stunnel -d imaps -r localhost:imap2

Stuff

# stunnel -d pop3s -r localhost:pop3

as a daemon offer and encrypted port pop3s which connects to an unencrypted port pop3 on localhost

# stunnel -d ssmtp -r localhost:smtp

Stuff

# stunnel -f -D 7 -d pop3s -r localhost:pop3

as above but don’t fork into the background and put on highest debug level

# stunnel -p /etc/ssl/certs/stunnel.pem -d pop3s -r localhost:pop3

sets up stunnel to map ssl traffic coming into 995 to the local pop port unencrypted.

# su - postgres; pg_dump -F p -d foo -t bar > /tmp/foo_bar.sql

Dump the PostgreSql table “bar” of database “foo” to a file called foo_bal.sql (in ASCII format)

# svn switch --relocate svn+ssh://adam@wul.cc/projects/svnRepo svn+ssh://adam@wul.cc/projects/writing

Change a working SVN directory to a new repository. Really useful when things have to move and you don’t want to check everything in first.

netapp# sysconfig -r

Details of disks and volumes including failed disks, rebuiding disks and hot spares.

netapp# sysconfig -v

Verbose output including disks, serial numbers, cpu’s etc.

macOS# sysctl -w net.inet.tcp.sendspace=65536

Writes 65536 to the kernel parameter net.inet.tcp.sendspace. It will persist after a reboot.

macOS# sysctl net.inet.tcp.sendspace

Prints the value of kernel parameter net.inet.tcp.sendspace.

netapp# sysstat -u 10

Show system status with utilization percentages, updating every 10 seconds (10 seconds is optimal to sync with the Netapp internal timing mechanism).

macOS# system_profiler

Prints out a profile of all hardware and software installed.

# tar -svcf - . | ssh badger-spare 'cd /var/web/download && tar -xpf -'

Moves data from localhost to badger-spare using tar through ssh.

# tar Sczvf /syjet/debmain.tgz / --exclude tmp --exclude proc

backs up / excluding directories.

# tar cvf /dev/rmt/0c -M etc/ home/

Tar to tape, spanning multiple tapes

# tar zvfx iai-cucipop.tar.gz cucipop-1.23b3/cucipop

retrieves file cucipop from archive

portmaster# tcmcmd -G command -E soft anc-tc2-nmc:s1c1-2t1-24

Soft busies anc-tc2-nmc cards 1 & 2, time slices 1-24

# tcpdump -i en1 tcp

because I always forgot how to do this and want to put “proto” in front of it. Can also use “ip” which is helpful.

# tcpdump -X -i eth0 'dst host 192.168.17.24 and (dst port 143 or dst port 110)'

Example of a more complicated tcpdump filter.

# tcpdump -qp -i eth0 '(dst port 143 or dst port 110)'

How to watch POP3 or IMAP4 traffic going to 192.168.1.1

# tcpdump -r <infile> -C 100 -s 0 -w <outfile>

Reads in saved pcap file <infile> and writes out files no larger then 100MB, ”-s 0“ means preserver the full data stream.

# telnet root0.rwhois.net 4321

Admin-Contact=as8324.net

# tethereal -V dst port 143 | egrep -i login

Snag IMAP usernames and passwords.

# tip -v 9600 /dev/ttya

Connect to the console port on a sun

# tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

un-rot13 a message, and it works in pine if you enable the “|” command

# tr '\015' '\012' < macfile > unixfile

Converts carriage to linefeed

# tr -d '\r' < dosfile > unixfile

removes all ^M’s from dos file)

# trap '' 1 2 15

ignore signals 1,2 and 15

# trap 'rm -f $TMP; exit 1' 1 2 15

trap for signals 1,2,15 and rm file if found

sunos# truss -f -p PID

truss pid PID and follows forks (good for daemons)

# Turns on bold: \[\033[1m\] Turns off bold: \[\033[0m\]

Allows bold characters in Bash prompts.

mozilla# user_pref("mail.allow_at_sign_in_user_name", true);

See: http://help.netscape.com/kb/consumer/19981212-1.html

# valkyrie:/usr/private/etc/radpwtst -p 1645 -s kira.alaska.net larry 

make sure they are in the /usr/private/etc/raddb/clients file so that it can find the radius secret

macOS# vm_stat 5

Similar to the Unix utility. Prints out every 5 seconds.

netapp# vol scrub status

Shows the status of currently running disk scrubs.

netapp# vol status

Shows the status of all volumes, including if any are in the process of rebuilding a disk.

netapp# wcc -s ashand

Shows the Unix name that the NT name “ashand” maps to.

netapp# wcc -u ashand

Shows the NT name that the Unix name “ashand” maps to.

# withlist -l -r fix_url wordup -u lists.spack.org

Mailman command for updating a mail list to have the correct URL (see /usr/lib/mailman/Mailman/Defaults.py for more info). Very useful when migrating lists to a new domain and none of the web forms will work because the submit buttons still point to the old location.

# wget -q --mirror -p --html-extension --base=./ -k -P ./ http://adam.shand.net/blog/

How to make a static copy of a Drupal (or any other dynamic) site.

# wget -q --proxy=off --html-extension -r -l 2 -nH --cut-dirs=4 -np -k -P foobar -p http://user:pass@www.spack.or/one/two/Statistics/GoStats/Index.html

Okay this is complicated. (-r) Recursively download for (-l 2) two levels, (-np) but don’t go up any directory levels, (-p) everything required (css, images etc) for the URL, (–html-extension) make sure all html pages get saved to files ending in .html and (-k) rewrite the downloaded pages to link to the right page names. (-P) Save all files to a folder called foobar, (-nH) don’t create a directory for the host name and (–cut-dirs) cut four levels from the directories (so everything goes directly into foobar). Wheew …

# wget --proxy=off http://USER:PASS@www.spack.org/

Embed HTTP username and password in the URL and ignore any *_proxy environment variables which are set.

# wget -m ftp://user:password@ftp.domain.com/path/to

mirror ftp heirarchy

# wget -r -l2 http://www.blah.com/path/to/file/

recursively grab just that directory

# while /bin/true; do gawk '/eth0:/ {print  $14}' /proc/net/dev; sleep 1; done

While loop to watch collision stats under

# whois "name pixelworks"

lists first 50 domains which contain pixelworks in the name

# whois "server NSblahblah-HST"

lists the first 50 domains hosted.

# whois -h whois.geektools.com ""

help file

# whois -h whois.geektools.com iprolink.co.nz

any fld will work

# whois -h whois.networksolutions.com 'dump dom logic.net'

raw dump, good for scripts

# whois -h whois.networksolutions.com 'dump han em69'

raw dump, good for scripts

# whois ns4.alaska.net

gives you NSblahblah-HST (can use IP# too)

# wine -dll commctrl,comctl,commdlg,comdlg32=n napster.exe

to run windows napster

# wterm -geometry 192x8+0+0 -name console -C

my exconsole

# wterm -tr -sh -bg <tint color> -fg <text color> -st -sb

blah

# xv -root -quit -rmode 5 image_name

equiv: Root: <something>” where 5=center

# xwrits breaktime=1 typetime=15 +finger=american +top +noiconify +mouse +lock

Sensible defaults for Xwrits.