Posts tagged shell

apt cheatsheet
posted on 2017-01-23 21:31

As short as possible:

apt-cache search = search for package (old)
apt-cache show = show package information
dpkg -l = show installed packages
dpkg -L = show package contents
dpkg -S = search packages for file
apt-get install = install package (old)
apt-get remove = uninstall package, leave configuration on disk (old)
apt-get purge = uninstall package, delete configs (old)

apt search = (new)
apt install = (new)
apt remove = (new)
apt purge = (new)
stop proxmox nagware
posted on 2017-01-05 05:07

This is said to fix proxmox 'no valid license' dialog box which appears when you login to the web interface and do not have a valid subscription:

find /usr/share/pve-manager -name *.js -exec sed -i 's/PVE.Utils.checked_command(function\s*()\s*{\s*\(.*\)\s*}\s*)\s*;\s*/\1/g' {} \;

TODD: I haven't tested it so far, the post will be updated once I can tell more.

clustershell
posted on 2016-12-29 13:26

When needing to run commands on several servers over ssh, there's always that for-loop for you.

But you could also try running clustershell:

sjas@ws:~$ clush -w server-[01,02,05,11,12] -b hostname -f
---------------
server-01
---------------
server-01.some-domain.com
---------------
server-02
---------------
server-02.some-domain.com
---------------
server-05
---------------
server-05.some-domain.com
---------------
server-11
---------------
server-11.some-domain.com
---------------
server-12
---------------
server-12.some-domain.com

-b to use it non-interactively and to get the shown aggregated results (the hosts are colored), -w to specify the hosts. Use [ ] instead of { } like you would in bash.

-B also includes STDERR.

A problem you may run into, is when you try to run commands with pipes.

Further you can also predefine hostgroups and copy files from/to remote hosts. This is a rather nice tool.

proxmox magic fix script
posted on 2016-12-05 14:52

From here, this link often is handed out in ##proxmox on FreeNode:

#!/bin/bash

# on all nodes
magicfix() {
        service pve-cluster stop
        service pvedaemon stop
        service cman stop

        service pve-cluster start
        service cman start
        service pvedaemon start

        # this one could possibly restart VMs in 4.x (but doesn't in 3.x), so disable unless you think you need it
        #service pve-manager restart

        service pvestatd restart
        service pveproxy restart
        service pve-firewall restart
        service pvefw-logger restart
}
magicfix

# again after above was done on all nodes (makes /etc/pve rw)
service pve-cluster restart
proxmox vzdump to stdout
posted on 2016-11-21 13:30

Pipe a vzdump directly to STDOUT:

vzdump <VMID> --dumpdir /tmp --mode snapshot --stdout 

In /tmp the config will be dumped, but the dump will not be saved on disk. So the dump can easily piped to nc.

linux shell number converters
posted on 2016-11-19 15:26

These are interactive promts from converting between the different number formats to decimal and reverse.

# hex-dec
h2d() {
    echo
    echo TO DEC, ctrl+c to end
    echo
    while :
    do
        read -p "hex> " i
        echo "ibase=16; $i" | bc
        echo
    done
}
d2h() {
    echo
    echo TO HEX, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=16; $i" | bc 
        echo
    done
}

# oct-dec
o2d() {
    echo
    echo TO DEC, ctrl+c to end
    echo
    while :
    do
        read -p "hex> " i
        echo "ibase=8; $i" | bc
        echo
    done
}
d2o() {
    echo
    echo TO OCT, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=8; $i" | bc 
        echo
    done
}

# bin-dec
b2d() {
    echo
    echo TO DEC
    echo
    while :
    do
        read -p "bin> " i
        echo "ibase=2; $i" | bc
        echo
    done
}
d2b() {
    echo
    echo TO BIN, ctrl+c to end
    echo
    while :
    do
        read -p "dec> " i
        echo "obase=2; $i" | bc 
        echo
    done
}

Put these into your ~/.bashrc.

Enjoy.

yet another megacli cheatsheet
posted on 2016-11-17 12:15
## convienience alias
alias asdf=/path/to/MegaCLI/file

## quick overview
asdf showsummary aall                                                    # SHOW STATUS
asdf -AdpEventLog -GetLatest 4000 -f events.log -aALL                    # SHOW ERRORS


## FW version
asdf version cli aall

## controller config status
asdf adpallinfo aall | less

## logical disks status
asdf ldinfo lall aall | less

## physical disks status
asdf pdlist aall | less
asdf pdlist aall | grep -i -e 'enc.*dev' -e slot                         # GET ENCLOSURES/SLOT

## rebuildrate & autorebuild
asdf adpgetprop rebuildrate aall                                         # SPEED STATUS
asdf adpsetprop rebuildrate 40 aall                                      # SET SPEED TO 40%

asdf adpautorbld dsply aall                                              # STATUS AUTOREBUILD
asdf adpautorbld dsbl aall                                               # DISABLE
asdf adpautorbld enbl aall                                               # ENABLE

## rebuild in progress?
asdf pdlist aall | grep -i -e 'enc.*dev' -e slot                         # GET ENCLOSURES/SLOTS
for i in {4..7}; do asdf pdrbld showprog physdrv \[252:$i\]  aall; done  # SHOW REBUILDS, DEPENDS ON ENCLOSURES/SLOTS

## manual rebuild
asdf pdlist aall | grep -i -e 'enc.*id' -e slot -e state                 # UNCONFIGURED(BAD) ODER OFFLINE DRIVES EXIST?
asdf pdmakegood physdrv "[252:4]" aall                                   # MAKE GOOD

asdf cfgforeign scan aall                                                # SCAN DRIVES FOR FOREIGN LSI RAID CONFIGS
asdf cfgforeign clear aall                                               # DELETE FOREIGN CONFIGS

asdf cfgdsply aall                                                       # FIND MISSING SLOT, i.e. [252:4], and adapter (see top)
asdf pdgetmissing aall                                                   # GET ARRAY/ROW NUMBERS, i.e. 1 and 0
asdf pdreplacemissing physdrv "[252:4]" array 1 row 0 a0                 # ADD DRIVE TO RAID
asdf pdlist aall | grep -i -e 'enc.*id' -e slot -e state                 # UNCONFIGURED(BAD) ODER OFFLINE DRIVES EXIST?
for i in {4..7}; do asdf pdrbld showprog physdrv \[252:$i\]  aall; done  # SHOW REBUILDS, DEPENDS ON ENCLOSURES/SLOTS
asdf pdrbld start physdrv "[252:4]" a0                                   # START REBUILD

Some links that helped:

  • https://wiki.hetzner.de/index.php/LSI_RAID_Controller
  • https://wiki.hetzner.de/index.php/LSI_RAID_Controller/en
  • https://www.thomas-krenn.com/de/wiki/MegaRAID_Controller_mit_MegaCLI_verwalten#Controller_Status_und_Config
  • https://calomel.org/megacli_lsi_commands.html
  • https://supportforums.cisco.com/document/62901/megacli-common-commands-and-procedures
openssl convert .pfx
posted on 2016-11-08 15:21

To extract privatekey, certificate and ca-certificate from a .pfx file, do these:

# extract key
openssl pkcs12 -in FILE.PFX -out FILE.key-nodes

# extract cacert
openssl pkcs12 -in FILE.PFX -out FILE.ca-bundle -cacerts

# extract cert
openssl pkcs12 -in FILE.PFX -out FILE.crt -clcerts

To create a .pfx / .p12:

# create .pfx
openssl pkcs12 -export -out FILE.pfx -inkey PRIVATEKEY.key -in CERTIFICATE.crt -certfile CACERTIFICATE.ca-bundle
linux run last command as root
posted on 2016-11-06 15:02

In case you have entered a longer (or even several commands) which you should have ran as a different user (usually as root), you might try this. Since if you switched to root, you would not have the command in root's history, usually you'd need to copy-paste.

Or do this:

sudo su -c "!!"
plesk show mailaccounts and passwords
posted on 2016-10-13 18:08

To show all mailaccounts and the corresponding passwords, use

/opt/psa/admin/sbin/mail_auth_view

On older plesk installations, the file may be located differently.

Use locate mail_auth_view to find the path there.

ultimate LSI megacli help
posted on 2016-09-23 00:01

I was fed up and did some shell scripting with serious sed'ing.

The result was this:

MC=/root/MegaCli; while read i; do echo; echo '============================================================================='; echo $'\e[31;1m'$i$'\e[0m'; $MC help $(echo $i | sed 's/XD //'); done < <($MC help | grep -e '^MegaCli' | sed 's/\(^MegaCli\s\(-\w\+\|\w\+\s-\w\+\)\)\s.*/\1/g' | awk '$1=" "' | sed 's/-//' | sed 's/\(.*\)/\U\1/' | sort | uniq | cut -c3-) | grep -v -e "MegaCLI SAS RAID Management Tool" -e Copyright | cat -s | sed 's/\(Syntax: \)\(.*\)/\1\L\2/' | sed -e '/Syntax/  s/-//g' -e '/Syntax/ s/\[e/"&/' -e '/Syntax/ s/\.\]/&"/' -e '/Syntax/ s/\(physdrv\)\(\S\)/\1 \2/' | sed 's/arraya,/array A/; s/rowb/rob B/' | grep -v -e '^Exit Code' | sed '/^\s*$/d' | sed '/^Syntax: / s//\n&\n\t/; /^Description:/ s//\n&/; /^Convention:/ s//\n&/' | less -R

This looks like shit, has some bugs and and very likely can use a lot of clean up.

But it gave me this, which should be the best help about the MegaCli out there. Ever. And no, you really don't need hypens or CaseSensitive commands.

=============================================================================
ADPALILOG
            AdpAlILog   
            ---------

Syntax: 
    megacli adpalilog an|a0,1,2|aall

Description: 
        Command retrieve all RAID subsystem log for troubleshooting use. Combines all the INFO commands (adp, vd, pd, encl, bbu) and adds OS information, Memory size, driver version and so on..

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPALLINFO
            AdpAllInfo
            ----------

Syntax: 
    megacli adpallinfo an|a0,1,2|aall

Description: 
        Display parameters on the given adapter(s).
        Displays information of adapter, including cluster state, BIOS, alarm, 
        firmware version, BIOS version, battery charge counter value, rebuild 
        rate, bus number/device number, present RAM, serial number of the board, 
        and SAS address.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL      Specifies the command is for all adapters. 
=============================================================================
ADPAUTORBLD
            AdpAutoRbld
            -----------

Syntax: 
    megacli adpautorbld enbl|dsbl|dsply an|a0,1,2|aall

Description: 
        Enables or disables automatic rebuild on the selected adapter(s).
        The -Dsply option shows the status of the automatic rebuild state.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPBBUCMD
            AdpBbuCmd 
            ---------

Syntax: 
    megacli adpbbucmd an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd getbbustatus an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd getbbucapacityinfo an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd getbbudesigninfo an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd getbbuproperties an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd bbulearn an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd bbumfgsleep an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd bbumfgseal an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd getbbumodes  an|a0,1,2|aall  

Syntax: 
    megacli adpbbucmd schedulelearn dsbl|info|[starttime ddd hh] an|a0,1,2|aall 

Syntax: 
    megacli adpbbucmd getggeepdata offset [hexaddress] numbytes n an|a0,1,2|aall 

Syntax: 
    megacli adpbbucmd setbbuproperties f <filename> an|a0,1,2|aall

Description: 
       Command manages BBU on the selected adapter(s).
        The possible parameters are:
        AdpBbuCmd: Command displays complete information about the BBU
                   such as : status, capacity, design information and properties
        GetBbuStatus: Displays complete information about the BBU status.
                             such as the temperature and voltage.
        GetBbuCapacityInfo: Command displays BBU capacity information. 
        GetBbuDesignInfo: Displays information about the BBU design parameters.
        GetBbuProperties: Command displays current properties of the BBU. 
        BbuLearn: Command Starts the learning cycle on the BBU. 
        getBbumodes: Command display list of bbu mode .
                such as:ID, service time, retention time etc. 
        BbuMfgSleep: Command Places the battery in Low-Power Storage mode. 
        GetGGEEPData: Returns the data of EEPROM starting from "Offset" 
              with n= number of bytes retrieved 
        ScheduleLearn: Scheduling of Battery Learn Cycle on selected Adapter.
            Dsbl: Disable the Battery learn cycle.
            Info: Display Scheduling information.
        StartTime: Schedule and enable the Battery Learn Cycle 
                Accepting Format :- 'DDD hh'.
               'DDD' is day of the week(SUN,MON...SAT). And 'hh' is 0-23 hour.
        SetBbuProperties: Sets the BBU properties on the selected adapter(s) 
                after reading from the ini file. 
        The ini file contains the information in the following formats:
            learnDelayInterval = X
               # X: Time in hours Not greater than 7 days or 168 hours.
            autoLearnMode = Y
               # Y: 0 - Enabled, 1 - Disabled, 2 - WarnViaEvent.
            bbuMode = Z
 # Z: 1 to 255. For gets all supported bbu modes fire 'Adpbbucmd getBbumodes' command.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. 
                        More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPBIOS
            AdpBIOS
            -------

Syntax: 
    megacli adpbios enbl |dsbl | soe | be | hcoe | hsm |  enblautoselectbootld | dsblautoselectbootld | dsply an|a0,1,2|aall 

Description: 
    Sets BIOS options, the following are the settings which can be selected on a single adapter, multiple adapters, or all adapters:-Enbl, -Dsbl, -Dsply:Enables, disables or displays BIOS status.
    The possible parameters are:
    SOE: Stops on BIOS errors during POST for selected adapter(s). When set to -SOE, BIOS stops in case of a problem with the configuration. This gives the option to enter the configuration utility to resolve the problem. This is available only when BIOS is enabled.
    BE: Bypasses BIOS errors during POST. This is available only when BIOS is enabled.
    HCOE: Headless Continue on Error. 
    HSM:  Headless Safe Mode. 
    EnblAutoSelectBootLd/DsblAutoSelectBootLd : Enable/Disable Auto Select Boot option.

Convention:   
    -aN         N specifies the adapter number for the command.
    -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                    select two or more adapters in this manner.
    -aALL       Specifies the command is for all adapters.
=============================================================================
ADPBOOTDRIVE
            AdpBootDrive
            ------------

Syntax: 
    megacli adpbootdrive {set {lx | physdrv "[e0:s0]}}|get an|a0,1,2|aall

Description: 
        Sets or displays the bootable virtual disk ID
        The possible parameters are:
        Set: Sets the virtual disk as bootable so that during the next reboot, the BIOS will look for a boot sector in the specified virtual disk.
        Get: Displays the bootable virtual disk ID.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
ADPCACHEFLUSH
            AdpCacheFlush
            -------------

Syntax: 
    megacli adpcacheflush an|a0,1,2|aall

Description: 
        Flush the adapter cache on the selected adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPCCSCHED
            AdpCcSched
            ----------

Syntax: 
    megacli adpccsched dsbl|info|{modeconc | modeseq "[excludeld ln|l0,1,2]
           [-SetStartTime yyyymmdd hh ] [-SetDelay val ] } -aN|-a0,1,2|-aALL

Description: 
        Schedules check consistency on the logical drive of given adapter.
        The possible parameters are:
        Dsbl: Disables Scheduled CC for the given adapter(s).
        Info: Get Scheduled CC Information for the given adapter(s). 
        ModeConc: Scheduled CC on all LDs concurrently for the given adapter(s)..
        ModeSeq: Scheduled CC on LDs sequentially for the given adapter(s).
        ExcludeLd: Specify the LD numbers not included in scheduled CC. The new list will overwrite the existing list stored on the controller. This is optional.
        StartTime: Set the next start time. The date is in the format of yyyymmdd in decimal digits and followed by a decimal number for the hour between 0 ~ 23 inclusively. This is optional.
        SetDelay: Set the execution delay between executions for the given adapter(s). This is optional.
            Values: Value is the length of delay in hours. Value of 0 means continuous execution.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPCOUNT
            AdpCount
            --------

Syntax: 
    megacli adpcount 

Description: 
        Displays the number of controllers supported on the system and returns 
        the number to the operating system.
=============================================================================
ADPDIAG
            AdpDiag
            -------

Syntax: 
    megacli adpdiag [val] an|a0,1,2|aall

Description: 
        Sets the amount of time for the adapter's diagnostic to run.
        Val: Time in second.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPDOWNGRADE
            AdpDowngrade command
            ---------------------------

Syntax: 
    megacli adpdowngrade an|a0,1,2|aall

Description: 
          This command downgrades MR controller to iMR mode on next reboot if controller has iMR firmware in flash and no memory is found on next reboot.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPEVENTLOG
            AdpEventLog
            -----------

Syntax: 
    megacli adpeventlog geteventloginfo an|a0,1,2|aall

Syntax: 
    megacli adpeventlog getevents {info warning critical fatal} {f <filename>} an|a0,1,2|aall

Syntax: 
    megacli adpeventlog getsinceshutdown {info warning critical fatal} {f <filename>} an|a0,1,2|aall

Syntax: 
    megacli adpeventlog getsincereboot {info warning critical fatal} {f <filename>} an|a0,1,2|aall

Syntax: 
    megacli adpeventlog includedeleted {info warning critical fatal} {f <filename>} an|a0,1,2|aall

Syntax: 
    megacli adpeventlog getlatest n {info warning critical fatal} {f <filename>} an|a0,1,2|aall

Syntax: 
    megacli adpeventlog getccincon f <filename> lx|l0,2,5...|lall an|a0,1,2|aall

Syntax: 
    megacli adpeventlog clear an|a0,1,2|aall

Description: 
        Command manages event log entries. 
        The possible parameters are:
        GetEventlogInfo: Displays overall event information such as total number of events, newest sequence number, oldest sequence number, shutdown sequence number, reboot sequence number, and clear sequence number. 
        GetEvents: Gets event log entry details. The information shown consists of total number of entries available at firmware side since the last clear and details of each entries of the error log. Start_entry specifies the initial event log entry when displaying the log.
        GetSinceShutdown: Displays all the events since last controller shutdown.
        GetSinceReboot: Displays all the events since last adapter reboot.
        IncludeDeleted: Displays all events, including deleted events.
        GetLatest: Displays the latest number of events, if any exist. The event data will be writtent to the file in reverse order.
        Clear: Clears the event log for the selected adapter(s).

Convention:   
          -aN          :N specifies the adapter number for the command.
          -a0,1,2     :Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL      :Specifies the command is for all adapters.
          -info          :Informational message. No user action is necessary.
          -warning   :Some component may be close to a failure point.
          -critical     :A component has failed, but the system has not lost data.
          -fatal        :A component has failed, and data loss has occurred or will occur.
=============================================================================
ADPFACDEFSET
            AdpFacDefSet
            ------------

Syntax: 
    megacli adpfacdefset an

Description: 
        Command sets the factory defaults on the selected adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
=============================================================================
ADPFWFLASH
            AdpFwFlash
            ----------

Syntax: 
    megacli adpfwflash f filename [resetnow] [nosigchk] [noverchk] [fwtype n]an| a0,1,2|aall

Description: 
        Flashes the firmware with the ROM file specified at the command line.
        The possible parameters are:
        ResetNow: Firmware will not initiate Online Firmware flash        NoSigChk: option forces the application to flash the firmware even if the check word on the file does not match the required check word for the adapter. This option flashes the firmware only if the existing firmware version on the adapter is lower than the version on the ROM image.
        NoVerChk: also, the application flashes the adapter firmware without checking the version of the firmware image. The version check applies only to the firmware (APP.ROM) version.
        FwType: adapter firmware type. Give the value of Fw-type in number.  
        n: 0:- App or defaut, 1:- TMMC
        This command also supports the Mode 0 flash functionality. For Mode 0 flash, the adapter number is not valid. There are two possible methods:
        - Select which adapter to flash after the adapters are detected.
        - Flash the firmware on all present adapters.
        XML output data is generated by this option.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPGETCONNECTORMODE
            AdpGetConnectorMode
            -------------------

Syntax: 
    megacli adpgetconnectormode connectorn|connector0,1|connectorall an|a0,1,2|aall

Description: 
        Command display connector mode(Internal/External) on selected controllers.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPGETPCIINFO
            AdpGetPciInfo   
            ---------

Syntax: 
    megacli adpgetpciinfo an|a0,1,2|aall

Description: 
        Command retrieve bus number, Device number and Functional number of the adapter 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPGETPROP
            AdpGetProp
            ----------

Syntax: 
    megacli adpgetprop  cacheflushinterval | forcesgpio | rebuildrate 
    | PatrolReadRate | BgiRate | CCRate | ReconRate | SpinupDriveCount 
    | SpinupDelay | CoercionMode | ClusterEnable | PredFailPollInterval 
    | BatWarnDsbl | EccBucketSize | EccBucketLeakRate | EccBucketCount 
    | AbortCCOnError | AlarmDsply | SMARTCpyBkEnbl | SSDSMARTCpyBkEnbl 
    | NCQDsply | MaintainPdFailHistoryEnbl | RstrHotSpareOnInsert 
    | DisableOCR | EnableJBOD | DsblCacheBypass
    | BootWithPinnedCache | enblPI | PreventPIImport | AutoEnhancedImportDsply | AutoDetectBackPlaneDsbl 
    | ExposeEnclDevicesEnbl | EnblSpinDownUnConfigDrvs | SpinDownTime 
    | DefaultSnapshotSpace | DefaultViewSpace | AutoSnapshotSpace 
    | CopyBackDsbl | LoadBalanceMode | UseFDEOnlyEncrypt | UseDiskActivityForLocate 
    | DefaultLdPSPolicy | DisableLdPsInterval | DisableLdPsTime | SpinUpEncDrvCnt | SpinUpEncDelay   
    | PrCorrectUncfgdAreas | ENABLEEGHSP | ENABLEEUG | ENABLEESMARTER | Perfmode | PerfmodeValues 
    | DPMenable | SupportSSDPatrolRead -aN|-a0,1,2|-aALL 

Description: 
        Displays selected adapter properties. 
        The possible settings are: 
        CacheFlushInterval: Returns cache flush interval in seconds. 
            Values: 0 to 255 
        RebuildRate: Rebuild rate. 
            Values: 0 to 100 
        PatrolReadRate: Patrol read rate. 
            Values: 0 to 100 
        BgiRate: Background initilization rate. 
            Values: 0 to 100 
        CCRate: Consistency check rate. 
            Values: 0 to 100 
        ReconRate: Reconstruction rate. 
            Values: 0 to 100 
        SpinupDriveCount: Max number of drives to spin up at one time. 
            Values: 0 to 255 
        SpinupDelay: Number of seconds to delay among spinup groups. 
            Values: 0 to 255 
        CoercionMode: Drive capacity coercion mode. 
            Values: 0 - None 
                    1 - 128 Mbytes 
                    2 - 1 Gbyte 
        ClusterEnable: Clustering is enabled or disabled. 
            Values: 0 - Disabled 
                    1 - Enabled 
        PredFailPollInterval: Number of seconds between predicted fail polls. 
            Values: 0 to 65535 
        BatWarnDsbl: Disable warnings for missing battery or missing hardware. 
            Values: 0 - Disabled 
                    1 - Enabled 
        EccBucketSize: Size of ECC single-bit-error bucket. 
            Values: 0 to 255 
        EccBucketLeakRate: ECC single-bit-error bucket leak rate. 
            Values: 0 to 65535 minutes 
        EccBucketCount: Count of single-bit ECC errors currently in bucket. 
            Values: 0 to 65535 
        AbortCCOnError: Enable aborting check consistency on error. 
            Values: 0 - Disabled 
                    1 - Enabled 
        AlarmDsply: Returns alarm setting
            Values: 0 - Disabled 
                    1 - Enabled 
                    2 - Silenced 
                    3 - Missing 
        SMARTCpyBkEnbl: Copyback on SMART error setting. 
            Values: 0 - Disabled 
                    1 - Enabled 
        SSDSMARTCpyBkEnbl: Copyback to SSD on SMART error setting. 
            Values: 0 - Disabled
                    1 - Enabled.
        JBOD: 
            Values: 0 - Disabled 
                    1 - Enabled 
        CacheBypass: 
            Values: 0 - Enabled 
                    1 - Disabled 
        NCQDsply: Returns NCQ setting. 
            Values: 0 - Enabled 
                    1 - Disabled 
        MaintainPdFailHistoryEnbl: Enables tracking of bad PDs across reboot; 
                    will also show failed LED status for missing bad drives. 
            Values: 0 - Disabled 
                    1 - Enabled 
        RstrHotSpareOnInsert: 
            Values: 0 - Do not restore hot spare on insertion 
                    1 - Restore hot spare on insertion 
        EnblSpinDownUnConfigDrvs: Spin down unconfigured drives option. 
            Values: 0 - Disabled 
                    1 - Enabled 
        DisableOCR:
            Values: 0 - Online controller reset enabled 
                    1 - Online controller reset disabled 
        BootWithPinnedCache: 
            Values: 0 - Do not allow controller to boot with pinned cache 
                    1 - Allow controller to boot with pinned cache 
       enblPI : Active protection information.
            Values: 0 - Disable SCSI PI for controller
                    1 - Enable SCSI PI for controller 
        PreventPIImport: Prevent import of SCSI DIF protected logical disks.
            values : 0 or 1 
        AutoEnhancedImportDsply: Foreign configuration import auto mode option.
            Values: 0 - Disabled 
                    1 - Enabled 
        AutoDetectBackPlaneDsbl: Get auto-detect options for the back-plane. 
            Values: 0 - Enabled Auto Detect of SGPIO and i2c SEP 
                    1 - Disabled Auto Detect of SGPIO 
                    2 - Disabled Auto Detect of i2c SEP 
                    3 - Disabled Auto Detect of SGPIO and i2c SEP 
       ExposeEnclDevicesEnbl:  Enable device drivers to expose enclosure devices.
            Values: 0 - Expose enclosure devices 
                    1 -Hide enclosure devices 
        CopyBackDsbl: 
            Values: 0 - Enabled 
                    1 - Disabled 
        LoadBalanceMode: 
            Values: 0 - Auto Load balance mode 
                    1 - Disable Load balance mode 
        UseFDEOnlyEncrypt: Applies if disk or controller HW support encryption 
            Values: 0 - FDE and controller encryption both allowed 
                    1 - Only support FDE encryption, prohibit controller 
        DsblSpinDownHsp: Disable spin down Hot spares option. 
            Values: 0 - Disabled i.e. spin down hot spares
                    1 - Enabled i.e. do not spin down hot spares.
        SpinDownTime: Spin down time in minutes. i.e After SpinDownTime, firmware will start spinning down unconfigured good drives and hotspare depending on the DsblSpinDownHsp option.
            Values: 30 to 65535
        DefaultSnapshotSpace: Default Snapshot Space in percentage.
        DefaultViewSpace: Default View Space in percentage.
        AutoSnapshotSpace: Default Auto Snapshot Space in percentage.
        UseDiskActivityForLocate: Use disk activity to locate PD in Chenbro backplane
        DefaultLdPSPolicy: Default LD power savings policy 
        DisableLdPsInterval: LD power savings are disabled for yy hours beginning at disableLdPSTime 
        DisableLdPsTime: LD power savings shall be disabled at xx minutes from 12:00am 
        SpinUpEncDrvCnt: Maximum number of drives within an enclosure to spin up at one time 
        SpinUpEncDelay: Number of seconds to delay among spinup groups within an enclosure 
        PrCorrectUncfgdAreas: Correct media errors during PR 
            Values: 0- Disabled. 
                    1 - Enabled. 
        DPMenable: 
            Values: 0 - Disabled 
                    1 - Enabled 
        SupportSSDPatrolRead: 
            Values: 0 - Disabled 
                    1 - Enabled 

Convention:   
        ENABLEEGHSP: Enable Emergency Global Hot spares option. 
            Values: 0 - Disabled i.e.Disabled Emergency Global hot spares
                    1 - Enabled i.e. Enabled Emergency Global hot spares.
        ENABLEEUG: Enable Emergency UG as a Spare option. 
            Values: 0 - Disabled i.e.Disabled Emergency UG as a hot spares
                    1 - Enabled i.e. Enabled Emergency UG as a hot spares.
        ENABLEESMARTER: Enable Emergency spares as a SMARTER option. 
            Values: 0 - Disabled i.e.Disabled Emergency spares as a SMARTER
                    1 - Enabled i.e. Enabled Emergency spares as a SMARTER.
       Perfmode: Performance Tuning.
            Values: 0 - BestIOPS 
                    1 - Least Latency 
       MaxFlushLines: Maximum Number of Flushes.
            Values: 0 - 255 
       NumIOsToOrder: Frequency at which Ordered I/Os should be issued per disk drive.
            Values: 0 - 25 
        ForceSGPIO: 
            Values: 0 - Disabled 
                    1 - Enabled 
          -aN         N specifies the adapter number for the command. 
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You 
                      can select two or more adapters in this manner. 
          -aALL       Specifies the command is for all adapters. 
=============================================================================
ADPGETTIME
            AdpGetTime
            ----------

Syntax: 
    megacli adpgettime an|a0,1,2|aall

Description: 
        Displays selected adapter time and date. This command uses a 24-hour format.
        For example, 7 p.m. would display as 19:00:00.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPPR
            AdpPR
            -----

Syntax: 
    megacli adppr dsbl|enblauto|enblman|start|stop|suspend|resume|info|ssdpatrolreadenbl |ssdpatrolreaddsbl |{setdelay val}| an|a0,1,2|aall

Description: 
        Sets Patrol Read option on a single, multiple, or all adapter's. Patrol Read will not start on degraded or undergoing Initialization/Consistency Check.
        The possible parameters are:
        Dsbl: Disables Patrol Read for the selected adapter(s).
        EnblAuto: Enables Patrol Read automatically for the selected adapter(s). This means Patrol Read will start automatically on the scheduled intervals.
        EnblMan: Enables Patrol Read manually for the selected adapter(s). This means that Patrol Read does not start automatically; it has to be started manually by selecting the Start command. 
        Start: Starts Patrol Read for the selected adapter(s). 
        Suspend: Suspend Patrol Read for the selected adapter(s). 
        Resume: Resume Patrol Read for the selected adapter(s). 
        Stop: Stops Patrol Read for the selected adapter(s). 
        Info: Displays the following Patrol Read information for the selected adapter(s): 
            - Patrol Read operation mode 
            - Patrol Read execution delay value
            - Patrol Read status
        SSDPatrolReadEnbl: Enable Patrol Read that include VDs constituting only SSD drives 
        SSDPatrolReadDsbl: Disable Patrol Read that include VDs constituting only SSD drives 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPSETCONNECTORMODE
            AdpSetConnectorMode
            -------------------

Syntax: 
    megacli adpsetconnectormode internal|external|auto connectorn|connector0,1|connectorall an|a0,1,2|aall

Description: 
        Command sets connector mode on selected controllers.
        The possible parameters are:
        External: Set Multiplexer to select External port. e.g. scan external bus.
        Internal: Set Multiplexer to select Internal port. e.g. scan SAS bus for connected devices.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPSETPROP
            AdpSetProp
            ----------

Syntax: 
    megacli adpsetprop {cacheflushinterval val} | { rebuildrate val} 
    | {PatrolReadRate -val} | {BgiRate -val} | {CCRate -val} 
    | {ReconRate -val} | {SpinupDriveCount -val} | {SpinupDelay -val} 
    | {CoercionMode -val} | {ClusterEnable -val} | {PredFailPollInterval -val} 
    | {BatWarnDsbl -val} | {EccBucketSize -val} | {EccBucketLeakRate -val} 
    | {AbortCCOnError -val} | AlarmEnbl | AlarmDsbl | AlarmSilence 
    | {SMARTCpyBkEnbl -val} | {SSDSMARTCpyBkEnbl -val} | NCQEnbl | NCQDsbl 
    | {MaintainPdFailHistoryEnbl -val} | {RstrHotSpareOnInsert -val} 
    | {EnblSpinDownUnConfigDrvs -val} |{DefaultSnapshotSpace -Val%}|{AutoSnapshotSpace -Val%} 
    | {DisableOCR -val} | {BootWithPinnedCache -val} | {enblPI -val} | {PreventPIImport -val} 
    | AutoEnhancedImportEnbl | AutoEnhancedImportDsbl | {ExposeEnclDevicesEnbl -val} | {CopyBackDsbl -val} 
    | {AutoDetectBackPlaneDsbl -val} | {LoadBalanceMode -val}| {DefaultViewSpace -Val%} 
    | {UseFDEOnlyEncrypt -val} | {DsblSpinDownHsp -val} | {SpinDownTime -val}| {Perfmode -val}
    | {PerfMode -val MaxFlushLines -val NumIOsToOrder -val} -aN|-a0,1,2|-aALL 
    | {EnableJBOD -val} | {DsblCacheBypass -val} 
    | {useDiskActivityForLocate -val} | {SpinUpEncDrvCnt -val} 
    | {SpinUpEncDelay -val}| {PrCorrectUncfgdAreas -val} | {ENABLEEGHSP -val} | {ENABLEEUG -val} 
    | {ENABLEESMARTER -val} | {DPMenable -val} | {SupportSSDPatrolRead -val} |  {ForceSGPIO -val}
     -aN|-a0,1,2|-aALL 

Description: 
        Command sets the properties on the selected adapter(s). 
        The possible settings are: 
        CacheFlushInterval: Cache flush interval in seconds. 
            Values: 0 to 255 
        RebuildRate: Rebuild rate. 
            Values: 0 to 100 
        PatrolReadRate: Patrol read rate. 
            Values: 0 to 100 
        BgiRate: Background initilization rate. 
            Values: 0 to 100 
        CCRate: Consistency check rate. 
            Values: 0 to 100 
        ReconRate: Reconstruction rate. 
            Values: 0 to 100 
        SpinupDriveCount: Max number of drives to spin up at one time. 
            Values: 0 to 255 
        SpinupDelay: Number of seconds to delay among spinup groups. 
            Values: 0 to 255 
        CoercionMode: Drive capacity Coercion mode. 
            Values: 0 - None 
                    1 - 128 Mbytes 
                    2 - 1 Gbyte 
        ClusterEnable: Clustering is enabled or disabled. 
            Values: 0 - Disabled 
                    1 - Enabled 
        PredFailPollInterval: Number of seconds between predicted fail polls. 
            Values: 0 to 65535 
        BatWarnDsbl: Disable warnings for missing battery or missing hardware. 
            Values: 0 - Disabled 
                    1 - Enabled 
        EccBucketSize: Set size of ECC single-bit-error bucket. 
            Values: 0 to 255 
        EccBucketLeakRate: ECC single-bit-error bucket leak rate. 
            Values: 0 to 65535 minutes 
        AbortCCOnError: Enable aborting check consistency on error. 
            Values: 0 - Disabled 
                    1 - Enabled 
        AlarmEnbl: Set alarm to Enabled. 
        AlarmDsbl: Set alarm to Disabled. 
        AlarmSilence: Silence an active alarm. 
        SMARTCpyBkEnbl: Copyback on SMART error Enabled. 
            Values: 0 - Disabled 
                    1 - Enabled 
        SSDSMARTCpyBkEnbl: Copyback to SSD on SMART error Enabled. 
            Values: 0 - Disabled 
                    1 - Enabled 
        NCQEnbl: Enables NCQ option on controller. 
        NCQDsbl: Disables NCQ option on controller. 
        MaintainPdFailHistoryEnbl: Enable tracking of bad PDs across reboot; 
                    will also show failed LED status for missing bad drives. 
            Values: 0 - Disabled 
                    1 - Enabled 
        RstrHotSpareOnInsert: 
            Values: 0 - Do not restore hot spare on insertion 
                    1 - Restore hot spare on insertion 
        EnblSpinDownUnConfigDrvs: Spin down un-configured drives option. 
            Values: 0 - Disabled 
                    1 - Enabled 
        DisableOCR: 
            Values: 0 - Online controller reset enabled 
                    1 - Online controller reset disabled 
        BootWithPinnedCache: 
            Values: 0 - Do not allow controller to boot with pinned cache 
                    1 - Allow controller to boot with pinned cache 
       enblPI : Active protection information.
            Values: 0 - Disable SCSI PI for controller
                    1 - Enable SCSI PI for controller 
        PreventPIImport: Prevent import of SCSI DIF protected logical disks.
            values : 0 or 1 
        AutoEnhancedImportEnbl: Enable automatic foreign configuration import. 
        AutoEnhancedImportDsbl: Disable automatic foreign configuration import.
       ExposeEnclDevicesEnbl:  Enable device drivers to expose enclosure devices.
            Values: 0 - Expose enclosure devices 
                    1 - Hide enclosure devices 
        CopyBackDsbl: 
            Values: 0 - Enable Copyback 
                    1 - Disable Copyback 
        EnableJBOD  : 
            Values: 0 - Disable JBOD mode 
                    1 - Enable JBOD mode 
        DsblCacheBypass  : 
            Values: 0 - Enable Cache Bypass 
                    1 - Disable Cache Bypass 
        AutoDetectBackPlaneDsbl: Set auto-detect options for the back-plane. 
            Values: 0 - Enable Auto Detect of SGPIO and i2c SEP 
                    1 - Disable Auto Detect of SGPIO 
                    2 - Disable Auto Detect of i2c SEP 
                    3 - Disable Auto Detect of SGPIO and i2c SEP 
        LoadBalanceMode: 
            Values: 0 - Auto Load balance mode 
                    1 - Disable Load balance mode 
        UseFDEOnlyEncrypt: Applies if disk or controller HW support encryption 
            Values: 0 - FDE and controller encryption both allowed 
                    1 - Only support FDE encryption, prohibit controller 
        DsblSpinDownHsp: Disable spin down Hot spares option. 
            Values: 0 - Disabled i.e. spin down hot spares
                    1 - Enabled i.e. do not spin down hot spares.
        SpinDownTime: Spin down time in minutes. i.e After SpinDownTime, firmware will start spinning down unconfigured good drives and hotspare depending on the DsblSpinDownHsp option.
            Values: 30 to 65535
       Perfmode: Performance Tuning.
            Values: 0 - BestIOPS 
                    1 - Least Latency 
       MaxFlushLines: Maximum Number of Flushes.
            Values: 0 - 255 
       NumIOsToOrder: Frequency at which Ordered I/Os should be issued per disk drive.
            Values: 0 - 25 
        DefaultSnapshotSpace: Default Snapshot Space in percentage.
        DefaultViewSpace: Default View Space in percentage.
        AutoSnapshotSpace: Default Auto Snapshot Space in percentage.
        useDiskActivityForLocate: 
            Values: 0 - Disable use of disk activity to locate a physical disk in Chenbro backplane 
                    1 - Enable use of disk activity to locate a physical disk in Chenbro backplane 
        SpinUpEncDrvCnt: Max number of drives within an enclosure to spin up at one time. 
            Values: 0 to 255 
        SpinUpEncDelay: Number of seconds to delay among spinup groups within an enclosure 
            Values: 0 to 255 
        PrCorrectUncfgdAreas: Correct media errors during PR 
            Values: 0 - Correcting Media error during PR is disabled. 
                    1 -Correcting Media error during PR is allowed. 
        DPMenable  : 
            Values: 0 - Disable Drive Performance Monitoring 
                    1 - Enable Drive Performance Monitoring 
        SupportSSDPatrolRead  : 
            Values: 0 - Disable Patrol read fo SSD drives 
                    1 - Enable Patrol read fo SSD drives 

Convention:   
        ENABLEEGHSP: Enable Emergency Global Hot spares option. 
            Values: 0 - Disabled i.e.Disabled Emergency Global hot spares
                    1 - Enabled i.e. Enabled Emergency Global hot spares.
        ENABLEEUG: Enable Emergency UG as a Spare option. 
            Values: 0 - Disabled i.e.Disabled Emergency UG as a hot spares
                    1 - Enabled i.e. Enabled Emergency UG as a hot spares.
        ENABLEESMARTER: Enable Emergency spares as a SMARTER option. 
            Values: 0 - Disabled i.e.Disabled Emergency spares as a SMARTER
                    1 - Enabled i.e. Enabled Emergency spares as a SMARTER.
        ForceSGPIO:  
            Values: 0 - Disabled 
                    1 - Enabled 
          -aN         N specifies the adapter number for the command. 
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You 
                      can select two or more adapters in this manner. 
          -aALL       Specifies the command is for all adapters. 
=============================================================================
ADPSETTIME
            AdpSetTime
            ----------

Syntax: 
    megacli adpsettime yyyymmdd hh:mm:ss an

Description: 
        Sets the time and date on selected adapter, this command uses a 24-hour format. For 
        example, 7 p.m. displays as 19:00:00. The order of date and time is reversible.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPSETVERIFY
            AdpSetVerify
            ------------

Syntax: 
    megacli adpsetverify f filename an|a0,1,2|aall

Description: 
        Validates adapter configuration using given input(ini) file, input(ini) file contains all the adapter settings information. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ADPSHUTDOWN
            AdpShutDown     
            ------------

Syntax: 
    megacli adpshutdown an|a0,1,2|aall
Descritption: 
    Shutdown the selected Adapter(s).All background operations are put on 
    hold for resume. The controller cache is flushed, all disk drive 
    caches are flushed, and the on-disk configuration is closed to  
    indicate redundancy data is consistent. Further writes will 
    cause the system to reopen the configuration,thus undoing the effects
    of the shutdown command.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL      Specifies the command is for all adapters. 
=============================================================================
CACHECADE
            Cachecade
               ----------

Syntax: 
    megacli cachecade assign|remove lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        This command assigns or removes the association of VDs with the Cachecade pool.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGALLFREEDRV
            CfgAllFreeDrv
            -------------

Syntax: 
    megacli cfgallfreedrv rx [sataonly] [spancount xxx] [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu] [strpszm] [hspcount xx [hsptype dedicated|enclaffinity|nonrevertible]] | [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] "[enblpi] an

Description: 
        Adds all the unconfigured physical drives to RAID level 0, 1, 5, or 6 configuration to a specified adapter. Even if no configuration is present, you have the option to write the configuration to the adapter.
        The possible parameters are:
        Rx[E0:S0,...]: Specifies the RAID level and the physical drive enclosure/slot numbers to construct a disk array.
        WT (Write through), WB (Write back): Selects write policy.
        NORA (No read ahead), RA (Read ahead), ADRA (Adaptive read ahead): Selects read policy.
        Cached, -Direct: Selects cache policy.
        [{CachedBadBBU|NoCachedBadBBU }]: Specifies whether to use write cache when the BBU is bad.
        szXXXXXXXX: Specifies the size for the virtual disk, where XXXX is a decimal number of Mbytes. However, the actual size of the virtual disk may be smaller, because the driver requires the number of blocks from the physical drives in each virtual disk to be aligned to the strip size. If multiple size options are specified, CT will configure the virtual disks in the order of the options entered in the command line. The configuration of a particular virtual disk will fail if the remaining size of the array is too small to configure the virtual disk with the specified size. This option can also be used to create a configuration on the free space available in the array.
        strpszM: Specifies the strip size, where the strip size values are 8, 16, 32, 64, 128, 256, 512, or 1024 Mega Bytes.
        HspType: If HspType is not mentioned it will be a global Hot Spare.
            Dedicated: The new hot spares will be dedicated to the virtual disk used in creating the configuration.
            EnclAffinity: Associates the hot spare to a selected enclosure.
        AfterLdX: This command is optional. By default, the application uses the first free slot available in the virtual disk. This option is valid only if the virtual disk is already used for configuration.
        FDE|CtrlBased: If controller support security feature, this option enables FDE/Ctrl based encryption on virtual disk.  
        [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] : If the controller supports power savings on virtual disk, these options specify the possible levels of power savings that can be applied on a virtual disk. 
        [-enblPI]: Allows to create PIenabled configuration.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGCACHECADEADD
            CfgCacheCadeAdd
            -----------

Syntax: 
    megacli cfgcachecadeadd [rx] physdrv "[e0:s0,...]" {name ldnamestring} [wt|wb|forcedwb] [assign lx|l0,2,5..|lall] an|a0,1,2|aall 

Description: This command is used to create CacheCade which can be used as secondary cache 
        The possible parameters are:
        Rx: Specifies the RAID level.
        Physdrv[E0:S0,...]: Specifies the physical drive enclosure/slot numbers to construct a disk array.
        WT (Write through), WB (Write back), ForcedWB (Forced Write back): Selects write policy.
        [-assign -LX|L0,2,5..|LALL]: Specifies the Virtual disk that is to be cached.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGCACHECADEDEL
            CfgCacheCadeDel
            --------

Syntax: 
    megacli cfgcachecadedel lx|l0,2,5...|lall an|a0,1,2|aall

Description: 
        Command deletes the specified CacheCade on the selected adapter(s).
        Multiple or all CacheCades can be deleted.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGCACHECADEDSPLY
            CfgCacheCadeDsply
            --------

Syntax: 
    megacli cfgcachecadedsply an|a0,1,2|aall

Description: 
        Command displays the existing CacheCade configuration on the selected adapter.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGCLR
            CfgClr
            ------

Syntax: 
    megacli cfgclr [force] an|a0,1,2|aall

Description: 
        Command clears the existing configuration on selected adapter.
        [-Force]: If Specified the Configuration will be cleared even if there are some dirty Cache Lines.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGDSPLY
            CfgDsply
            --------

Syntax: 
    megacli cfgdsply an|a0,1,2|aall

Description: 
        Command displays the existing configuration on the selected adapter.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGEACHDSKRAID0
            CfgEachDskRaid0
            ---------------

Syntax: 
    megacli cfgeachdskraid0 [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu] [strpszm] [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] [cache] "[enblpi] an|a0,1,2|aall

Description: 
        Command configures each physical disk in unconfigured-good state as RAID 0 on the selected adapter.
        [-Cache]: If Specified the virtual disk will be cached by using the Cachepool.
        [-enblPI]: Allows to create PIenabled configuration.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGFOREIGN
            CfgForeign
            ----------

Syntax: 
    megacli cfgforeign scan | [securitykey sssssssssss] an|a0,1,2|aall

Syntax: 
    megacli cfgforeign dsply [x] | [securitykey sssssssssss] an|a0,1,2|aall    

Syntax: 
    megacli cfgforeign preview [x] | [securitykey sssssssssss] an|a0,1,2|aall    

Syntax: 
    megacli cfgforeign import [x] | [securitykey sssssssssss] an|a0,1,2|aall    

Syntax: 
    megacli cfgforeign clear [x]|[securitykey sssssssssss] an|a0,1,2|aall    

Description: 
        Command manages foreign configurations. 
        The possible parameters are:
        Scan: Scans and displays available foreign configurations.
        Preview: Provides a preview of the imported foreign configuration. The foreign configuration ID (FID) is optional.
        Dsply: Displays the foreign configuration.
        Import: Imports the foreign configuration. The FID is optional.
        Clear [FID]: Clears the foreign configuration. The FID is optional.
         X: index of foreign configurations. It is Optional, all by default.
        SecurityKey: Security Key needs to be given if the foreign drive is locked. 
        If multiple keys are required to unlock all the PDs then this command needs to be 
        executed multiple times passing different security keys.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGFREESPACEINFO
            CfgFreeSpaceinfo
            ----------------

Syntax: 
    megacli cfgfreespaceinfo an|a0,1,2|aall

Description: 
        Command displays all the free space available for configuration on the selected adapter(s). The information displayed includes the number of disk groups, the number of spans in each disk group, the number of free space slots in each disk group, the start block, and the size (in both blocks and megabytes) of each free space slot.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGLDADD
            CfgLdAdd
            --------

Syntax: 
    megacli cfgldadd rx"[e0:s0,e1:s1,...]" [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu] [szxxx [szyyy ...]] [strpszm] [hsp[e0:s0,...]] [afterldx] | [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] [cache] [enblpi] [force] an

Description: 
        Command adds a RAID level 0, 1, 5, or 6 to a specified adapter. Even if no configuration is present, you have the option to write the configuration to the adapter.
        The possible parameters are:
        Rx[E0:S0,...]: Specifies the RAID level and the physical drive enclosure/slot numbers to construct a disk array.
        WT (Write through), WB (Write back): Selects write policy.
        NORA (No read ahead), RA (Read ahead), ADRA (Adaptive read ahead): Selects read
        policy.
        Cached, -Direct: Selects cache policy.
        [{CachedBadBBU|NoCachedBadBBU }]: Specifies whether to use write cache when the BBU is bad.
        szXXXXXXXX: Specifies the size for the virtual disk, where XXXX is a decimal number of Mbytes. However, the actual size of the virtual disk may be smaller, because the driver requires the number of blocks from the physical drives in each virtual disk to be aligned to the stripe size. If multiple size options are specified, CT will configure the virtual disks in the order of the options entered in the command line. The configuration of a particular virtual disk will fail if the remaining size of the array is too small to configure the virtual disk with the specified size. This option can also be used to create a configuration on the free space available in the array.
        strpszM: Specifies the strip size, where the strip size values are 8, 16, 32, 64, 128, 256, 512, or 1024 Mega Bytes.
        Hsp[E5:S5,...]: Creates hot spares when you create the configuration. The new hot spares will be dedicated to the virtual disk used in creating the configuration. This option does not allow you to create global hot spares. To create global hot spares, you must use the -PdHsp command with proper subcommands. User can also use this option to create a configuration on the free space available in the virtual disk. 
        AfterLdX: This command is optional. By default, the application uses the first free slot available in the virtual disk. This option is valid only if the virtual disk is already used for configuration.
        Force: This option will force the creation of virtual disk in situations where the application finds that it is convenient to create the virtual disk only with user's consent.
        [-Cache]: If Specified the virtual disk will be cached by using the Cachepool.
        [-enblPI]: Allows to create PIenabled configuration.
        FDE|CtrlBased: If controller support security feature, this option enables FDE/Ctrl based encryption on virtual disk.  
        [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] : If the controller supports power savings on virtual disk, these options specify the possible levels of power savings that can be applied on a virtual disk. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGLDDEL
            CfgLdDel
            --------

Syntax: 
    megacli cfglddel lx|l0,2,5...|lall [force] an|a0,1,2|aall

Description: 
        Command deletes the specified virtual disk(s) on the selected adapter(s).
        Multiple or all virtual disks can be deleted.
        [-Force]: If Specified the Configuration will be cleared even if there are some dirty Cache Lines.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
CFGRESTORE
            CfgRestore
            ----------

Syntax: 
    megacli cfgrestore f filename an

Description: 
        Reads the configuration from the file and loads it on the adapter. MegaCLI can store or restore all read and write adapter properties, all read and write properties for virtual disks, and the RAID configuration including hot spares. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
        Note:
        - MegaCLI does not validate the setup when restoring the RAID configuration.
        - CfgSave option stores the configuration data and adapter properties in the file. Configuration data has only the device ID and sequence number information of the physical drives used in the configuration. The CfgRestore option will fail if the same device IDs of the physical drives are not present.
=============================================================================
CFGSAVE
            CfgSave
            -------

Syntax: 
    megacli cfgsave f filename an  

Description: 
        Command saves the configuration for the selected adapter(s) to the given filename.

Convention:   
          -aN         N specifies the adapter number for the command.
=============================================================================
CFGSPANADD
            CfgSpanAdd
            ----------

Syntax: 
    megacli cfgspanadd r10 array0"[e0:s0,e1:s1] array1[e0:s0,e1:s1] [arrayx[e0:s0,e1:s1] ...]" [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu][strpszm][szxxx[szyyy ...]][afterldx]| [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] [enblpi] [force]  an

Syntax: 
    megacli cfgspanadd r50 array0"[e0:s0,e1:s1,e2:s2,...]" array1[e0:s0,e1:s1,e2:s2,...] [arrayx[e0:s0,e1:s1,e2:s2,...] ...] [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu][strpszm][szxxx[szyyy ...]][afterldx] [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] [enblpi] [force]  an

Syntax: 
    megacli cfgspanadd r60 array0"[e0:s0,e1:s1,e2:s2,e3,s3...]" array1[e0:s0,e1:s1,e2:s2,e3,s3...] [arrayx[e0:s0,e1:s1,e2:s2,...] ...] [wt|wb] [nora|ra|adra] [direct|cached] [cachedbadbbu|nocachedbadbbu][strpszm][szxxx[szyyy ...]][afterldx] [fde|ctrlbased] [default| automatic| none| maximum| maximumwithoutcaching] [enblpi] [force]  an

Description: 
        Command creates a RAID level 10, 50, or 60 (spanned) configuration from the specified arrays. Even if no configuration is present, you must use this option to write the configuration to the adapter.
        The possible parameters are:
        Rx: Spcecifies the RAID Level.
        ArrayX[E0:S0,...]: Specifies the Array and the physical drive enclosure/slot numbers to construct a disk array.
        WT (Write through), WB (Write back): Selects write policy.
        NORA (No read ahead), RA (Read ahead), ADRA (Adaptive read ahead): Selects read
        policy.
        Cached, -Direct: Selects cache policy.
        [{CachedBadBBU|NoCachedBadBBU }]: Specifies whether to use write cache when the BBU is bad.
        szXXXXXXXX: Specifies the size for the virtual disk, where XXXX is a decimal number of Mbytes. However, the actual size of the virtual disk may be smaller, because the driver requires the number of blocks from the physical drives in each virtual disk to be aligned to the stripe size. If multiple size options are specified, CT will configure the virtual disks in the order of the options entered in the command line. The configuration of a particular virtual disk will fail if the remaining size of the array is too small to configure the virtual disk with the specified size. This option can also be used to create a configuration on the free space available in the array.
        strpszM: Specifies the strip size, where the strip size values are 8, 16, 32, 64, 128, 256, 512, or 1024 Mega Bytes.
        AfterLdX: This command is optional. By default, the application uses the first free slot available in the virtual disk. This option is valid only if the virtual disk is already used for configuration.
        Force: This option will force the creation of virtual disk in situations where the application finds that it is convenient to create the virtual disk only with user's consent.
        FDE|CtrlBased: If controller support security feature, this option enables FDE/Ctrl based encryption on virtual disk.  
        [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] : If the controller supports power savings on virtual disk, these options specify the possible levels of power savings that can be applied on a virtual disk. 
        [-enblPI]: Allows to create PIenabled configuration.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
        Note: 
        -   Multiple arrays are specified using the -ArrayX[E0:S0,...] option, Where X starts from 0.
        -   All of the arrays must have the same number of physical drives.
        -   At least two arrays must be provided. The order of options {WT |WB} {NORA | RA | ADRA} {Direct | Cached} is flexible.
        -   Command exits and does not create a configuration if the size(-szXXXXXXXX) or the AfterLd option is specified but the controller does not support slicing in the spanned arrays.
=============================================================================
CHANGESECURITYKEY
            ChangeSecurityKey
            -----------------

Syntax: 
    megacli changesecuritykey oldsecuritykey sssssssssss | securitykey sssssssssss| [passphrase sssssssssss] | [keyid kkkkkkkkkkk] an

Description: 
        Command changes security key on specified controller.
        The possible parameters are:
        OldSecurityKey: It is the old security key used to create security feature on specified controller. 
        SecurityKey: This security key will replace the old security.
        Passphrase: This pass phrase will replace the old pass phrase.
        KeyID: Security key Id of given controller.

Convention:   
          -aN         N specifies the adapter number for the command.
        Note: 
        -   Security key is mandatory and pass phrase is optional.
        -   Security key and pass phrase have special requirements.
        Security key & pass phrase should have 8 - 32 chars, case-sensitive; 1 number, 1 lowercase letter, 1 uppercase letter, 1 non-alphanumeric character (no spaces).
       - In case of Unix based systems, if the character '!' is used as one of the input characters in the value of Security key or pass phrase, it must be preceded by a back slash character('\'). 
=============================================================================
CREATESECURITYKEY
            CreateSecurityKey
            -----------------

Syntax: 
    megacli createsecuritykey securitykey sssssssssss | [passphrase sssssssssss] |[keyid kkkkkkkkkkk] an 

Description: 
        Command enables security feature on specified controller.
        The possible parameters are:
        SecurityKey: Security key will be used to generate lock key when drive security is enabled.
        Passphrase: Pass phrase to provide additional security.
        KeyID: Security key Id.

Convention:   
          -aN         N specifies the adapter number for the command.
        Note: 
        -   Security key is mandatory and pass phrase is optional.
        -   Security key and pass phrase have special requirements.
        Security key & pass phrase should have 8 - 32 chars, case-sensitive; 1 number, 1 lowercase letter, 1 uppercase letter, 1 non-alphanumeric character (no spaces).
       - In case of Unix based systems, if the character '!' is used as one of the input characters in the value of Security key or pass phrase, it must be preceded by a back slash character('\'). 
=============================================================================
DESTROYSECURITYKEY
            DestroySecurityKey
            ------------------

Syntax: 
    megacli destroysecuritykey | [force] an

Description: 
        Command destroys the key completely on specified controller.

Convention:   
          -aN         N specifies the adapter number for the command.
        Force:  This option will force the destroying of the security key otherwise the CLI will give a warning that destroying key will result in data corruption and quit.
=============================================================================
DIRECTPDMAPPING
            DirectPdMapping   
            ---------------

Syntax: 
    megacli directpdmapping enbl|dsbl|dsply an|a0,1,2|aall 

Description: 
        Command sets the mapping mode of physical drive.
        The possible parameters are:
        Enbl: Enables Direct physical drive mapping mode. 
        Dsbl: Disables Direct physical drive mapping mode. 
        Dsply: Displays current state of direct physical drive mapping. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
DISCARDPRESERVEDCACHE
            DiscardPreservedCache    
            ---------------------

Syntax: 
    megacli discardpreservedcache lx|l0,1,2|lall force an|a0,1,2|aall 

Description: 
        Command discards pinned cache of Vd

Convention:   
          -force         force option must be specified in the command when preserved cache associated with Offline virtual drives must be discarded.          Offline virtual drives will be deleted on discarding the preserved cache associated with them.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
DPMSTAT
                     DPMStat   
                    ------------
MegaCli -DpmStat -Dsply {lct | hist | ra | ext } [-physdrv[E0:S0]] -aN|-a0,1,2|-aALL  
MegaCli -DpmStat -Clear {lct | hist | ra | ext } -aN|-a0,1,2|-aALL  

Description: 
          These commands display or clear the drive performance statistics on the controller.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ELF
            GetSafeId   
          ----------------

Syntax: 
    megacli elf getsafeid an|a0,1,2|aall

Description: 
        Displays the Safe ID of the controller

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            ControllerFeatures   
          ----------------

Syntax: 
    megacli elf controllerfeatures an|a0,1,2|aall

Description: 
        Displays the Advanced Software Options that are enabled on the controller including the ones in trial mode

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            ApplyKey   
          ----------------

Syntax: 
    megacli elf applykey key <val> [preview] an|a0,1,2|aall

Description: 
        Applies the Activation Key either in preview mode or in real mode

Convention:   
          -Preview - optional parameter, provides the preview of the Advanced Software Option(s) that gets activated or deactivated after applying the Activation key.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            TransferToVault   
          ----------------

Syntax: 
    megacli elf transfertovault an|a0,1,2|aall

Description: 
        Transfers the Advanced Software Options from NVRAM to keyvault

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            DeactivateTrialKey   
          ----------------

Syntax: 
    megacli elf deactivatetrialkey an|a0,1,2|aall

Description: 
        Deactivates the trial key

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            ReHostInfo   
          ----------------

Syntax: 
    megacli elf rehostinfo an|a0,1,2|aall

Description: 
        Displays the Re-Host information and if Re-Hosting is necessary then it will also displays the Controller and KeyVault serial numbers

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
            ReHostComplete   
          ----------------

Syntax: 
    megacli elf rehostcomplete an|a0,1,2|aall

Description: 
        This notifies the Controller that Re-Host is being done

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ENCINFO
            EncInfo
            -------

Syntax: 
    megacli encinfo an|a0,1,2|aall

Description: 
        Command displays information of enclosure's connected to the selected adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
ENCSTATUS
            EncStatus
            ----------

Syntax: 
    megacli encstatus an|a0,1,2|aall

Description: 
        Command displays status of the enclosure connected to the selected adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
FWTERMLOG
            FwTermLog
            ---------

Syntax: 
    megacli fwtermlog bbuoff|bbuofftemp|bbuon|bbuget|dsply|clear an|a0,1,2|aall

Description: 
        Sets BBU terminal logging options, following are the settings to select on a single adapter, multiple adapters, or all adapters: 
        The possible parameters are:
        Bbuoff: Turns off the BBU for firmware terminal logging. To turn off the BBU for logging, shut down system or turn off power to the system after running the command. 
        BbuoffTemp: Temporarily turns off the BBU for TTY (firmware terminal) logging. The battery will be turned on at the next reboot. 
        Bbuon: Turns on the BBU for TTY (firmware terminal) logging.
        BbuGet: Displays the current BBU settings for TTY logging.
        Dsply: Displays the TTY log (firmware terminal log) entries with details on the given adapters. The information shown consists of the total number of entries available at a firmware side. 
        Clear: Clears the TTY log.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
GETBBTENTRIES
            GetBbtEntries
            ------

Syntax: 
    megacli getbbtentries lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command displays information about the Bad Block Entries of virtual disk(s) on the selected adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
GETKEYID
            GetKeyID
            --------

Syntax: 
    megacli getkeyid [physdrv "[e0:s0]] an

Description: 
        Gets the security key Id of specified physical disk drive on given adapter.

Convention:   
          -aN         N specifies the adapter number for the command.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
GETLDEXPANSIONINFO
            getLdExpansionInfo
            ------

Syntax: 
    megacli getldexpansioninfo lx|l0,1,2|lall an|a0,1,2|aall 

Description: 
        Command displays information on how much this particular VD can grow in size. The output displays Size available to grow within Array and Size available to grow within Disks that belong to the Array.

Convention:   
          -lN         N specifies the virtual/logical drive number for the command.
          -l0,1,2     Specifies the command is for virtual/logical drive number 0, 1, and 2. More than one virtual/logical driver number can be selected.
          -lALL       Specifies the command is for all virtual/logical drive.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
GETPRESERVEDCACHELIST
            GetPreservedCacheList    
            ---------------------

Syntax: 
    megacli getpreservedcachelist an|a0,1,2|aall 

Description: 
        Command displays list of vd that have pinned cache.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
HELP|-H|?
Invalid input at or near token     HELP|-H|?
Use -help to know command name
=============================================================================
LDBBMCLR
            LDBBMClr
            --------

Syntax: 
    megacli ldbbmclr lx|l0,1,2,...|lall an|a0,1,2|aall

Description: 
        Command clears the LDBBM table entries for the logical drive(s) on the given adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDBI
            LDBI
            ----

Syntax: 
    megacli ldbi enbl|dsbl|getsetting|abort|suspend|resume|showprog|progdsply lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command manages background initialization options. Single, multiple or all adapters can be selected.
        The possible parameters are:
        Enbl, Dsbl: Enables or disables the background initialization on the selected adapter(s).
        Suspend: Suspend an ongoing background initialization. 
        Resume: Resume a Suspend background initialization.
        ProgDsply: Displays an ongoing background initialization in a loop. This function completes only when all background initialization processes complete or you press a key to exit. 
        ShowProg: Displays the current progress value.
        GetSetting: Displays current background initialization setting (Enabled or Disabled).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDCC
            LDCC
            ----

Syntax: 
    megacli ldcc {start [force]}|abort|suspend|resume|showprog|progdsply lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command performs Check consistence operation on given virtual disk.
        The possible parameters are:
        Start: Starts a CC on the virtual disk(s), then displays the progress (optional) and time remaining.
        Suspend: Suspend an ongoing CC on the virtual disk(s). 
        Resume: Resume a Suspend CC on the virtual disk(s). 
        Abort: Aborts an ongoing CC on the virtual disk(s). 
        ShowProg: Displays a snapshot of an ongoing CC. 
        ProgDsply: Displays ongoing CC progress. The progress displays until at least one CC is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDEXPANSION
            LDExpansion
            ------

Syntax: 
    megacli ldexpansion pn [dontexpandarray] lx|l0,1,2|lall an|a0,1,2|aall 

Description: 
        This command will expands the VD by N percentage if space is available. The space available for expansion for the VD is given by command  -getLdExpansionInfo.
        Option -dontExpandArray needs to be given if increase in Array size is not required (i.e. VD will not grow using Size available to grow within Disks that belong to the Array)

Convention:   
          -lN         N specifies the virtual/logical drive number for the command.
          -l0,1,2     Specifies the command is for virtual/logical drive number 0, 1, and 2. More than one virtual/logical driver number can be selected.
          -lALL       Specifies the command is for all virtual/logical drive.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDGETNUM
            LDGetNum
            --------

Syntax: 
    megacli ldgetnum an|a0,1,2|aall

Description: 
        Displays the number of virtual disks attached to the adapter. The return value is the number of virtual disks.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDGETPROP
            LDGetProp 
            ---------

Syntax: 
    megacli ldgetprop  cache | access | name | dskcache | pspolicy | consistency  lx|l0,1,2|lall  
                -aN|-a0,1,2|-aALL

Description: 
        Displays the cache and access policies of the virtual disk(s)
        The possible parameters are:
        Cache: Cached, Direct: Displays cache policy.
        WT (Write through), WB (Write back): Selects write policy.
        NORA (No read ahead), RA (Read ahead), ADRA (Adaptive read ahead): Selects read policy.
        Access: -RW, -RO, Blocked: Displays access policy.
        DskCache: Displays physical disk cache policy.
        PSPolicy: Displays the default & current power savings policy of the virtual disk.

Convention:   
        Consistency: Displays LD Consistency State .
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDINFO
            LDInfo
            ------

Syntax: 
    megacli ldinfo lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command displays information about the virtual disk(s) on the selected adapter(s). This information includes the name, RAID level, RAID level qualifier, size in megabytes, state, strip size, number of drives, span depth, cache policy, access policy, and ongoing activity progress, if any, including initialization, background initialization, consistency check, and reconstruction.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDINIT
            LDInit
            ------

Syntax: 
    megacli ldinit {start [full]}|abort|showprog|progdsply lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command performs initialization operation on given virtual disk.
        The possible parameters are:
        Start: Starts the initialization (writing 0s) on the virtual disk(s) and displays the progress (this is optional). The fast initialization option initializes the first and last 8 Mbyte areas on the virtual disk. The full option allows you to initialize the entire virtual disk. 
        Abort: Aborts the ongoing initialization on the LD(s).
        ShowProg: Displays the snapshot of the ongoing initialization, if any.
        ProgDsply: Displays the progress of the ongoing initialization. The routine continues to display the progress until at least one initialization is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDJOINMIRROR
            LDJoinMirror
            ------

Syntax: 
    megacli ldjoinmirror datasrc <val>[force] lx|l0,1,2,...|lall an|a0,1,2|aall

Description: 
        command joins the VD with its mirror.

Convention:   
          -DataSrc <val>        if the val is 0, then data will be copied from existing VD to drives.if the val is 1 then data will be copied from drives to VD
          -force        This option will force the copying of data from drives to VD otherwise the CLI will give a warning that copying data from drives to VD will result in data corruption and quit.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDMAKESECURE
            LDMakeSecure
            ------

Syntax: 
    megacli ldmakesecure lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        This operation will secure all the virtual drives that are a part of drive group.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDPDINFO
            LdPdInfo
            --------

Syntax: 
    megacli ldpdinfo an|a0,1,2|aall

Description: 
        Command displays information about the present virtual disk(s) and physical disk drive(s) on the selected adapter(s). Information including the number of virtual disks, the RAID level of the virtual disks, and physical drive size information, which includes raw size, coerced size, uncoerced size, and the SAS address.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDRECON
            LDRecon
            -------

Syntax: 
    megacli ldrecon {start rx [{add | rmv} physdrv "[e0:s0,...]"]}|showprog|progdsply lx an

Description: 
        Command controls and manages virtual disk reconstruction. The following are the virtual disk reconstruction settings you can select on a single adapter:
        The possible parameters are:
        Start: Starts a reconstruction of the selected virtual disk to a new RAID level.
        -   Add: Adds listed physical disks to the virtual disk and starts reconstruction on the selected virtual disk.
        -   Rmv: Removes one physical disk from the existing virtual disks and starts a reconstruction.
        ShowProg: Displays a snapshot of the ongoing reconstruction process. 
        R0|-R1|-R5: Changes the RAID level of the virtual disk when you start reconstruction. You may need to add or remove a physical drive to make this possible. 
        ProgDsply: Allows you to view the ongoing reconstruction. The routine continues to display progress until at least one reconstruction is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
LDSETPOWERPOLICY
            LdSetPowerPolicy   
          ----------------

Syntax: 
    megacli ldsetpowerpolicy default| automatic| none| maximum| maximumwithoutcaching
        -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 

Description: 
        Sets the power saving level on the virtual disk.

Convention:   
          -Lx         x specifies the LD number for the command and the LD has to be a repository.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDSETPROP
            LDSetProp 
            ---------

Syntax: 
    megacli ldsetprop  {name ldnamestring} | rw|ro|blocked|removeblocked | wt|wb|ra|nora|adra | dsblpi | cached|direct | endskcache|disdskcache | cachedbadbbu|nocachedbadbbu lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        Command to change virtual disk properties on specified controller.
        The possible parameters are:
        WT (Write through), WB (Write back): Selects write policy.
        NORA (No read ahead), RA (Read ahead), ADRA (Adaptive read ahead): Selects read policy.
        Cached/Direct: Selects cache policy. 
        CachedBadBBU|NoCachedBadBBU: Specifies whether to use write cache when the BBU is bad.
        RW, -RO, Blocked: Selects access policy. 
        EnDskCache: Enables disk cache. 
        DisDskCache: Disables disk cache.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
LDVIEWMIRROR
            LDViewMirror
            ------

Syntax: 
    megacli ldviewmirror lx|l0,1,2|lall an|a0,1,2|aall

Description: 
        command displays the information about the mirror assocaited with the VD.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PDCLEAR
            PDClear
            -------

Syntax: 
    megacli pdclear start|stop|showprog |progdsply physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Manages physical disk initialization or displays initialization progress on a single adapter, multiple adapters, or all adapters:
        The possible parameters are:
        Start: Starts initialization on the selected physical disk drive(s).
        Stop: Stops an ongoing initialization on the selected physical disk drive(s). 
        ShowProg: Displays the current progress percentage and time remaining for the initialization. This option is useful for running the application through scripts. ProgDsply: Displays the ongoing clear progress. The routine continues to display the initialization progress until at least one initialization is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDCPYBK
            PDCpyBk
            --------

Syntax: 
    megacli pdcpybk start physdrv "[e0:s0,e1:s1] an|a0,1,2|aall

Syntax: 
    megacli pdcpybk stop|suspend|resume|showprog|progdsply physdrv "[e0:s0] an|a0,1,2|aall

Description: 
        Command performs the copy back operation on given physical drive.
        The possible parameters are:
        Start:  Initializes the copy back operation on physical drive.
        Suspend: Suspend the copy back operation on physical drive.
        Resume: Resume the copy back operation on physical drive.
        Stop: Stops the copy back operation on physical drive.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
           E0:S0 - Specifies the source Physical drive 
           E1:S1 - Specifies the Destination Physical drive 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDFWDOWNLOAD
            PdFwDownload
            ------------

Syntax: 
    megacli pdfwdownload [offline] [forceactivate] {[satabridge] physdrv [0:1] }|{encdevid[devid1]} f <filename> an|a0,1,2|aall 

Description: 
        Flashes the firmware from the file specified at command line. Firmware files used to flash the physical drive or Enclosure can be of any format. Command assumes that user is providing valid firmware image and flashes the same. Its up to the physical drive or Enclosure to do error checking. 
        -forceactivate option should be used only if target device is an enclosure.
        -offline option should be used only if target device is an enclosure firmware and if the enclosure type is Shea or MileHigh. The firmware file extension should be .esm if this option is used. This option forces the application to flash enclosure firmware using offline method 
         and is supported only in DOS version of the command tool. 
        -SataBridge option must be used if target device is Alta. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0]  Physical drive, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
            EncdevId[devId1] deviceId of the enclosure.  
=============================================================================
PDGETMISSING
            PdGetMissing
            ------------

Syntax: 
    megacli pdgetmissing an|a0,1,2|aall

Description: 
        Command displays all the physical disk drive(s) in missing status. 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PDGETNUM
            PDGetNum
            --------

Syntax: 
    megacli pdgetnum an|a0,1,2|aall

Description: 
        Displays the total number of physical disk drives attached to an adapter. Drives can be attached directly or through enclosures. The return value is the number of physical disk drives.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PDHSP
            PDHSP
            ----------

Syntax: 
    megacli pdhsp {set [dedicated [arrayn|array0,1,2...]"] "[enclaffinity] 
        [-nonRevertible]} |-Rmv -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL

Description: 
        Changes the physical disk drive state (as it relates to hot spares) and associates the drive to an enclosure and virtual disk on a single adapter, multiple adapters, or all adapters.
        The possible parameters are:
        Set: Changes the physical disk drive state to dedicated hot spare for the enclosure. 
        Rmv: Changes the physical drive state to ready (removes the hot spare).
        EnclAffinity: Associates the hot spare to a selected enclosure.
        Array0: Dedicates the hot spare to a specific virtual disk.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDINFO
            pdInfo
            ------

Syntax: 
    megacli pdinfo physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Provides information of physical disk drives connected to the enclosure and adapter slot. This includes information such as the enclosure number, slot number, device ID, sequence number, drive type, size (if a physical drive), foreign state, firmware state, and inquiry data.  For SAS devices, this includes additional information such as the SAS address of the drive. For SAS expanders, this includes additional information such as the number of devices connected to the expander.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDINSTANTSECUREERASE
            PDInstantSecureErase
            -------------

Syntax: 
    megacli  pdinstantsecureerase physdrv "[e0:s0,e1:s1,...]" | [force] an|a0,1,2|aall

Description: 
        Command erases specified drives security configuration, so that it can be used on given controller. This operation removes current data available on drive.   

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDLIST
            PDList
            ------

Syntax: 
    megacli pdlist an|a0,1,2|aall

Description: 
        Displays information about all physical disk drives and other devices connected to the selected adapter(s). This includes information such as the drive type, size (if a physical disk drive), serial number, and firmware version of the device. For SAS devices, this includes additional information such as the SAS address of the device. For SAS expanders, this includes additional information such as the number of drives connected to the expander.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PDLOCATE
            PdLocate
            --------

Syntax: 
    megacli pdlocate {[start] | stop } physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Locates the physical disk drive(s) for the selected adapter(s) and activates the physical disk activity LED.
        The possible parameters are:
        Start:  Activates LED on the selected physical disk drive(s).
        Stop: Stops active LED on the selected physical disk drive(s). 

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDMAKEGOOD
            PDMakeGood
            ----------

Syntax: 
    megacli pdmakegood physdrv "[e0:s0,e1:s1,...]" | [force] an|a0,1,2|aall

Description: 
        Command changes the physical disk drive state to Ready.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
        Force:  This option will force PD state to be Unconfigured Good and is applicable only if the previous state is SYSTEM.
=============================================================================
PDMAKEJBOD
            PDMakeJBOD
            ----------

Syntax: 
    megacli pdmakejbod physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Command changes the physical disk drive state to JBOD.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDMARKMISSING
            PdMarkMissing
            -------------

Syntax: 
    megacli pdmarkmissing physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Command Marks the configured physical disk drive as missing for the selected adapter.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDOFFLINE
            PDOffline
            ----------

Syntax: 
    megacli pdoffline physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Command changes the physical disk drive state to Offline.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDONLINE
            PDOnline  
            --------

Syntax: 
    megacli pdonline  physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Command changes the physical drive state to Online.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. You can 
                      select two or more adapters in this manner.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDPRPRMV
            PdPrpRmv
            --------

Syntax: 
    megacli pdprprmv [undo] physdrv "[e0:s0] an|a0,1,2|aall

Description: 
        Command prepares unconfigured physical drive(s) for removal. The firmware will spin down this drive. The drive state is set to unaffiliated, which marks it as offline even though it is not a part of configuration. 
        The possible parameters is:
        Undo: undoes this operation. If you select undo, the firmware marks this physical disk as unconfigured good.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PDRBLD
            PDRbld
            ------

Syntax: 
    megacli pdrbld start|stop|suspend|resume|showprog |progdsply physdrv "[e0:s0,e1:s1,...]" an|a0,1,2|aall

Description: 
        Manages a physical disk rebuild or displays the rebuild progress on a single adapter, multiple adapters, or all adapters. 
        The possible parameters are:
        Start: Starts a rebuild on the selected physical drive(s) and displays the rebuild progress (optional).
        Suspend: Suspend a rebuild on the selected physical drive(s).
        Resume: Resume a rebuild on the selected physical drive(s).
        Stop: Stops an ongoing rebuild on the selected physical drive(s). 
        ShowProg: Displays the current progress percentage and time remaining for the rebuild. This option is useful for running the application through scripts. 
        ProgDsply: Displays the ongoing rebuild progress. This routine displays the rebuild progress until at least one initialization is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
        Note: Physical disk must meet the size requirements before it can be rebuilt, and it must be part of an array:
=============================================================================
PDREPLACEMISSING
            PdReplaceMissing
            ----------------

Syntax: 
    megacli pdreplacemissing physdrv "[e0:s0] array A rob B an

Description: 
        Replaces the configured physical disk drives that are identified as missing and then starts an automatic rebuild.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
        Note: Specified array Index/row must be a missing drive. Automatic rebuild will start.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
=============================================================================
PERFMON
            Perfmon
               ----------

Syntax: 
    megacli perfmon {start interval <val>} | {stop} | {getresults f <filename>} an 

Description: 
        This command show the performance data.
interval: Interval is perfomance data capture time in minutes. 
=============================================================================
PHYERRORCOUNTERS
            PhyErrorCounters    
            ----------------

Syntax: 
    megacli phyerrorcounters an|a0,1,2|aall   

Description: 
        Command gets information about PHY's error logs for the PHYs.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PHYINFO
            PhyInfo
            -------

Syntax: 
    megacli phyinfo phym an|a0,1,2|aall

Description: 
        Command displays PHY connection information for physical PHY M on the adapter(s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
PHYSETLINKSPEED
            PhySetLinkSpeed
            -------

Syntax: 
    megacli physetlinkspeed phym speed an|a0,1,2|aall

Description: 
        Command sets PHY link speed for physical PHY M on the adapter(s).
        Where speed can be 0-(No Limit), 1-(1.5GB/s), 2-(3GB/s), 4-(6GB/s).

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
SECUREERASE
            SecureErase
            -----------

Syntax: 
    megacli secureerase 
    Start[
        Simple|
        [Normal   [ |ErasePattern ErasePatternA|ErasePattern ErasePatternA ErasePattern ErasePatternB]]|
        [Thorough [ |ErasePattern ErasePatternA|ErasePattern ErasePatternA ErasePattern ErasePatternB]]]
    | Stop
    | ShowProg
    | ProgDsply 
    [-PhysDrv [E0:S0,E1:S1,...] | -Lx|-L0,1,2|-LALL] -aN|-a0,1,2|-aALL

Description: 
        Securely erases data on non-SEDs and unsecured VDs 
        The possible parameters are:
        Start: Starts Secure Erase on the selected physical drive(s) or virtual drive(s).
        Simple|Normal|Thorough:These are the erase types.
        ErasePattern:The pattern for erasing
        ErasePatternA|ErasePatternB:This is an 8-Bit binary pattern for erasing(Example:01001101)
        Stop: Stops the ongoing Secure Erase on the selected physical drive(s) or virtual drive(s). 
        ShowProg: Displays the snapshot of ongoing SecureErase.
        ProgDsply: Displays the ongoing SecureErase progress. This routine displays the SecureErase progress until at least one SecureErase is completed or a key is pressed.

Convention:   
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
          -PhysDrv[E0:S0,E1:S1....]  List of physical drives, E specifies enclosure 
                     id and S specifies Slot number of physical drive.  
          -Lx         x specifies the LD number.
          -aN         N specifies the adapter number for the command.
          -a0,1,2     Specifies the command is for adapters 0, 1, and 2. More than one adapter can be selected.
          -aALL       Specifies the command is for all adapters.
=============================================================================
SETKEYID
            SetKeyID
            --------

Syntax: 
    megacli setkeyid keyid kkkkkkkkkkk an

Description: 
        Command sets the security key Id on given adapter.
        The parameters are:
        KeyID: Security key Id of given controller.

Convention:   
          -aN         N specifies the adapter number for the command.
=============================================================================
SHOWSUMMARY
            ShowSummary   
          ----------------

Syntax: 
    megacli showsummary [f filename] an

Description: 
        Displays the summary of all the important information about the controller

Convention:   
          -aN         N specifies the adapter number for the command.
=============================================================================
V
            Version 
            -------

Syntax: 
    megacli v

Description: 
        Command displays the version number of the MegaCLI utility.
=============================================================================
VERIFYSECURITYKEY
            VerifySecurityKey
            -----------------

Syntax: 
    megacli verifysecuritykey securitykey sssssssssss an

Description: 
        Command validates the given security key with the security key of given controller. 
        The parameters is:
        SecurityKey: Security key need to be verified. 

Convention:   
          -aN         N specifies the adapter number for the command.
=============================================================================
VERSION
            Version   
          ------------------

Syntax: 
    megacli version cli|ctrl|driver|pd an|a0,1,2|aall

Description: 
         Displays the version corresponding to tne option
Note: -Driver option is not supported for MegaCliKL application.
=============================================================================
XD ADDCDEV
            AddCdev command
            ---------------

Syntax: 
    megacli xd addcdev <devlist> | force

Description: 
          This command adds the given cache devices to the cache group.
              <devList>  List of devices seperated by ":" (without leading/trailing space/tab).
              -force     Force adding device with filesystem / MBR / swap / LVM2.
=============================================================================
XD ADDVD
            AddVd command
            -------------

Syntax: 
    megacli xd addvd <devlist>

Description: 
          This command adds the given virtual drives to the cache group.
              <devList>  List of devices seperated by ":" (without leading/trailing space/tab).
=============================================================================
XD APPLYACTIVATIONKEY
            ApplyActivationKey command
            ---------------------------

Syntax: 
    megacli xd applyactivationkey <key> in 

Description: 
          This command applies Activation Key a WarpDrive. 
              <key>     Activation key
              -iN       Applies the Activation key to the Nth WarpDrive. N is an index of a WD from 
                        the WD list(listed by "MegaCli64 XD -WarpDriveInfo -iALL" command).
=============================================================================
XD CDEVLIST
            CdevList command
            ----------------

Syntax: 
    megacli xd cdevlist | configured | unconfigured

Description: 
          This command lists configured and unconfigured cache devices.
          without any option this will list both configured and unconfigured devices.
          The information displayed are: Device Node, WWN, Capacity.
          The capacity of the device is displayed in terms of blocks.
              -configured    Lists only configured cache devices.
              -unconfigured  Lists only unconfigured cache devices.
=============================================================================
XD CONFIGINFO
            ConfigInfo command
            ------------------

Syntax: 
    megacli xd configinfo

Description: 
          This command displays information about XD driver.
=============================================================================
XD FETCHSAFEID
            FetchSafeId command
            --------------------

Syntax: 
    megacli xd fetchsafeid in|iall 

Description: 
          This command displays the Safe ID of a WarpDrive.
              -iN       Displays the SafeID of the Nth WarpDrive. N is an index of a WD from 
                        the WD list(listed by "MegaCli64 XD -WarpDriveInfo -iALL" command).
=============================================================================
XD ONLINEVD
            OnlineVd command
            -----------------

Syntax: 
    megacli xd onlinevd <devlist> 

Description: 
          This command reconfigures a VD which is in Ready for Online State.
=============================================================================
XD PERFSTATS
            PerfStats command
            -----------------

Syntax: 
    megacli xd perfstats

Description: 
          This command displays information about XD performance statistics.
=============================================================================
XD REMCDEV
            RemCdev command
            ---------------

Syntax: 
    megacli xd remcdev <devlist>

Description: 
          This command removes the given cache devices from the cache group.
              <devList>  List of devices seperated by ":" (without leading/trailing space/tab).
=============================================================================
XD REMVD
            RemVd command
            -------------

Syntax: 
    megacli xd remvd <devlist>

Description: 
          This command removes the given virtual drives from the cache group.
              <devList>  List of devices seperated by ":" (without leading/trailing space/tab).
=============================================================================
XD VDLIST
            VdList command
            --------------

Syntax: 
    megacli xd vdlist | configured | unconfigured

Description: 
          This command lists configured and unconfigured virtual drives,
          without any option this will list both configured and unconfigured devices.
          The information displayed are: Device Node, WWN, Capacity.
          The capacity of the device is displayed in terms of blocks.
              -configured    Lists only configured virtual drives.
              -unconfigured  Lists only unconfigured virtual drives.
=============================================================================
XD WARPDRIVEINFO
            WarpDriveInfo command
            ----------------------

Syntax: 
    megacli xd warpdriveinfo in|iall 

Description: 
          This command displays the list of WarpDrives connected to the system. 
      The information displayed includes controller ID and other information 
      about the WarpDrive controller. The index of a particular WarpDrive in the list 
      is needed to be used in the PFK related XD commands, i.e., 
      FetchSafeId and ApplyActivationKey. 
              -iN   Lists info about only Nth Warpdrive. N is an index of a WD from 
                        the WD list(listed by iALL).
              -iALL Lists info about all WarpDrives in the system.
proper bash history logging
posted on 2016-09-14 23:32

By appending these to your .bashrc:

HISTTIMEFORMAT="%s "
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo $$ $USER "$(history 1)" >> ~/.bash_history2'

you get a proper history looking like that from all shells connected to a server for each individual user:

root@fahi:~# cat .bash_history2
2786 root    91  1473887187 echo test
2786 root    92  1473887262 l
2786 root    93  1473887267 rm .bash_eternal_history 
2806 root    98  1473887148 tail -f .bash_eternal_history 
2806 root    99  1473888769 cat .bash_history2
2806 root   100  1473888788 lsblk
2821 root    98  1473887148 tail -f .bash_eternal_history 
2821 root    99  1473888794 history 
2821 root   100  1473888809 cat .bash_history2
2835 root   102  1473888809 cat .bash_history2

From the first look it looks good so far, but I fear there is some testing due to make sure there are no bad edge cases. One that I've found so far, was the last command gets repeated on login, maybe, and also when ctrl-c'ing commands. But this could have been the cause due to different shells being active with and without the prompt_command.

More alternatives can be found here.

xxd vs hexdump vs od for examining disk dumps from a VMware image
posted on 2016-09-14 21:49

the problem

The problem at hand was, VEEAM backup could not be restored. Neither could the backup be restored, nor could the the backup be opened in from the GUI. So how to verify wether something could be rescued from there?

getting the disk image out of the VEEAM backup

VEEAM lets you extract single images from the complete backup with its Extract.exe utility. Simply locate the executable on disk and start it without parameters. Then you are prompted for the full path to the complete .vbk backup file, afterward select the image you want to extract.

first look at the disk dump

After copying the folder with all the extracted contents, onto a linux box, the fun could start.

  • The VMware image is in the `diskname-###.vmdk' file.
  • .vmdk is the disk configuration file.
  • .nvram is the virtual machine's BIOS.
  • .vmx is the primary configuration file.
  • .vmxf is supplemental configuration.

examining the disk image

Easiest this is done through parted, showing once the size in sectors. This helps when using dd later and skipping over the first x sectors. Afterwards in bytes, for the offset in losetup, which will be easier than dd-skipping around..

Sectors:

root@workstation:/home/sjas/ftp# parted my_server-flat.vmdk u s p
Error: Can't have a partition outside the disk!
Ignore/Cancel? i                                                          
Error: Can't have a partition outside the disk!
Ignore/Cancel? i                                                          
Model:  (file)
Disk /home/sjas/ftp/my_server-flat.vmdk: 83869185s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start     End        Size       Type     File system     Flags
 1      2048s     8390655s   8388608s   primary  linux-swap(v1)
 2      8390656s  83886079s  75495424s  primary                  boot

Bytes:

root@workstation:/home/sjas/ftp# parted my_server-flat.vmdk u b p
Error: Can't have a partition outside the disk!
Ignore/Cancel? i                                                          
Error: Can't have a partition outside the disk!
Ignore/Cancel? i                                                          
Model:  (file)
Disk /home/sjas/ftp/my_server-flat.vmdk: 42941022720B
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start        End           Size          Type     File system     Flags
 1      1048576B     4296015871B   4294967296B   primary  linux-swap(v1)
 2      4296015872B  42949672959B  38653657088B  primary                  boot

setting up the loop device, so the filesystem from within the file could be read

losetup  # should show nothing, so the first loop device we will use will be loop0
losetup -f # can alternatively be used to find the first free loop device
losetup /dev/loop0 my_server-flat.vmdk

To have easier access to the second partition (so we can use dd without having to use the skip flag all the time), we will loop the second partition, too. Offset is passed by -o in sectors, see the parted output above:

losetup -o 8390656 /dev/loop1 /dev/loop0

Then losetup should look like this:

root@workstation:/home/sjas/ftp# losetup 
NAME       SIZELIMIT     OFFSET AUTOCLEAR RO BACK-FILE
/dev/loop0         0          0         0  0 /home/sjas/ftp/my_server-flat.vmdk
/dev/loop1         0 4296015872         0  0 /dev/loop0

Alternatively you can use losetup -a to show the currently used loop devices.

Once you are done with everything, the loop devices could be deleted via losetup -d /dev/loopX for each one in use.

Alternatively, kpartx can be used, too. It would create device mappings automatically when run like kpartx -av my_server-flat.vmdk. The next free loop device under /dev/loopX would be chosen, and its partition could then be found under loopXp1, loopXp2, etc. Afterwards it could be deleted via kpartx -d my_server-flat.vmdk. However I prefer doing it manually, as with broken partitions kpartx cannot work properly, of course.

examination

Via dd the blocks can be read directly from the loop device'd disk. hexdump, xxd or od will make visible what is actually on there.

Initially this post grew out of the will to document the differences between them, but grew to include how to use the loop device stuff, too.

First lets have a look at the MBR, which is on the first block / 512 bytes on the device

root@workstation:/home/sjas/ftp# dd if=/dev/loop0 bs=512 count=1 2>/dev/null | file -
/dev/stdin: DOS/MBR boot sector; GRand Unified Bootloader, stage1 version 0x3, boot drive 0x80, 1st sector stage2 0x2443e60, GRUB version 0.94

Now lets check wether a VBR is present on the second partition or not, which is not the cause:

root@workstation:/home/sjas/ftp# dd if=/dev/loop1 bs=512 count=1 2>/dev/null | file -
/dev/stdin: data

For illustration here are the three tools in action, showing the MBR of loop0. Lets have a look at the actual disk contents:

xxd:

root@workstation:/home/sjas/ftp# dd if=/dev/loop0 bs=512 count=1 2>/dev/null | xxd
0000000: eb48 9010 8ed0 bc00 b0b8 0000 8ed8 8ec0  .H..............
0000010: fbbe 007c bf00 06b9 0002 f3a4 ea21 0600  ...|.........!..
0000020: 00be be07 3804 750b 83c6 1081 fefe 0775  ....8.u........u
0000030: f3eb 16b4 02b0 01bb 007c b280 8a74 0302  .........|...t..
0000040: 8000 0080 603e 4402 0008 fa90 90f6 c280  ....`>D.........
0000050: 7502 b280 ea59 7c00 0031 c08e d88e d0bc  u....Y|..1......
0000060: 0020 fba0 407c 3cff 7402 88c2 52f6 c280  . ..@|<.t...R...
0000070: 7454 b441 bbaa 55cd 135a 5272 4981 fb55  tT.A..U..ZRrI..U
0000080: aa75 43a0 417c 84c0 7505 83e1 0174 3766  .uC.A|..u....t7f
0000090: 8b4c 10be 057c c644 ff01 668b 1e44 7cc7  .L...|.D..f..D|.
00000a0: 0410 00c7 4402 0100 6689 5c08 c744 0600  ....D...f.\..D..
00000b0: 7066 31c0 8944 0466 8944 0cb4 42cd 1372  pf1..D.f.D..B..r
00000c0: 05bb 0070 eb7d b408 cd13 730a f6c2 800f  ...p.}....s.....
00000d0: 84f0 00e9 8d00 be05 7cc6 44ff 0066 31c0  ........|.D..f1.
00000e0: 88f0 4066 8944 0431 d288 cac1 e202 88e8  ..@f.D.1........
00000f0: 88f4 4089 4408 31c0 88d0 c0e8 0266 8904  ..@.D.1......f..
0000100: 66a1 447c 6631 d266 f734 8854 0a66 31d2  f.D|f1.f.4.T.f1.
0000110: 66f7 7404 8854 0b89 440c 3b44 087d 3c8a  f.t..T..D.;D.}<.
0000120: 540d c0e2 068a 4c0a fec1 08d1 8a6c 0c5a  T.....L......l.Z
0000130: 8a74 0bbb 0070 8ec3 31db b801 02cd 1372  .t...p..1......r
0000140: 2a8c c38e 0648 7c60 1eb9 0001 8edb 31f6  *....H|`......1.
0000150: 31ff fcf3 a51f 61ff 2642 7cbe 7f7d e840  1.....a.&B|..}.@
0000160: 00eb 0ebe 847d e838 00eb 06be 8e7d e830  .....}.8.....}.0
0000170: 00be 937d e82a 00eb fe47 5255 4220 0047  ...}.*...GRUB .G
0000180: 656f 6d00 4861 7264 2044 6973 6b00 5265  eom.Hard Disk.Re
0000190: 6164 0020 4572 726f 7200 bb01 00b4 0ecd  ad. Error.......
00001a0: 10ac 3c00 75f4 c300 0000 0000 0000 0000  ..<.u...........
00001b0: 0000 0000 0000 0000 9b09 0b00 0000 0020  ............... 
00001c0: 2100 824b 810a 0008 0000 0000 8000 804b  !..K...........K
00001d0: 820a 83fe ffff 0008 8000 00f8 7f04 0000  ................
00001e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00001f0: 0000 0000 0000 0000 0000 0000 0000 55aa  ..............U.

hexdump:

root@workstation:/home/sjas/ftp# dd if=/dev/loop0 bs=512 count=1 2>/dev/null | hexdump -vC
00000000  eb 48 90 10 8e d0 bc 00  b0 b8 00 00 8e d8 8e c0  |.H..............|
00000010  fb be 00 7c bf 00 06 b9  00 02 f3 a4 ea 21 06 00  |...|.........!..|
00000020  00 be be 07 38 04 75 0b  83 c6 10 81 fe fe 07 75  |....8.u........u|
00000030  f3 eb 16 b4 02 b0 01 bb  00 7c b2 80 8a 74 03 02  |.........|...t..|
00000040  80 00 00 80 60 3e 44 02  00 08 fa 90 90 f6 c2 80  |....`>D.........|
00000050  75 02 b2 80 ea 59 7c 00  00 31 c0 8e d8 8e d0 bc  |u....Y|..1......|
00000060  00 20 fb a0 40 7c 3c ff  74 02 88 c2 52 f6 c2 80  |. ..@|<.t...R...|
00000070  74 54 b4 41 bb aa 55 cd  13 5a 52 72 49 81 fb 55  |tT.A..U..ZRrI..U|
00000080  aa 75 43 a0 41 7c 84 c0  75 05 83 e1 01 74 37 66  |.uC.A|..u....t7f|
00000090  8b 4c 10 be 05 7c c6 44  ff 01 66 8b 1e 44 7c c7  |.L...|.D..f..D|.|
000000a0  04 10 00 c7 44 02 01 00  66 89 5c 08 c7 44 06 00  |....D...f.\..D..|
000000b0  70 66 31 c0 89 44 04 66  89 44 0c b4 42 cd 13 72  |pf1..D.f.D..B..r|
000000c0  05 bb 00 70 eb 7d b4 08  cd 13 73 0a f6 c2 80 0f  |...p.}....s.....|
000000d0  84 f0 00 e9 8d 00 be 05  7c c6 44 ff 00 66 31 c0  |........|.D..f1.|
000000e0  88 f0 40 66 89 44 04 31  d2 88 ca c1 e2 02 88 e8  |..@f.D.1........|
000000f0  88 f4 40 89 44 08 31 c0  88 d0 c0 e8 02 66 89 04  |..@.D.1......f..|
00000100  66 a1 44 7c 66 31 d2 66  f7 34 88 54 0a 66 31 d2  |f.D|f1.f.4.T.f1.|
00000110  66 f7 74 04 88 54 0b 89  44 0c 3b 44 08 7d 3c 8a  |f.t..T..D.;D.}<.|
00000120  54 0d c0 e2 06 8a 4c 0a  fe c1 08 d1 8a 6c 0c 5a  |T.....L......l.Z|
00000130  8a 74 0b bb 00 70 8e c3  31 db b8 01 02 cd 13 72  |.t...p..1......r|
00000140  2a 8c c3 8e 06 48 7c 60  1e b9 00 01 8e db 31 f6  |*....H|`......1.|
00000150  31 ff fc f3 a5 1f 61 ff  26 42 7c be 7f 7d e8 40  |1.....a.&B|..}.@|
00000160  00 eb 0e be 84 7d e8 38  00 eb 06 be 8e 7d e8 30  |.....}.8.....}.0|
00000170  00 be 93 7d e8 2a 00 eb  fe 47 52 55 42 20 00 47  |...}.*...GRUB .G|
00000180  65 6f 6d 00 48 61 72 64  20 44 69 73 6b 00 52 65  |eom.Hard Disk.Re|
00000190  61 64 00 20 45 72 72 6f  72 00 bb 01 00 b4 0e cd  |ad. Error.......|
000001a0  10 ac 3c 00 75 f4 c3 00  00 00 00 00 00 00 00 00  |..<.u...........|
000001b0  00 00 00 00 00 00 00 00  9b 09 0b 00 00 00 00 20  |............... |
000001c0  21 00 82 4b 81 0a 00 08  00 00 00 00 80 00 80 4b  |!..K...........K|
000001d0  82 0a 83 fe ff ff 00 08  80 00 00 f8 7f 04 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..............U.|
00000200

od:

root@workstation:/home/sjas/ftp# dd if=/dev/loop0 bs=512 count=1 2>/dev/null | od -v -A d -t x2z
0000000 48eb 1090 d08e 00bc b8b0 0000 d88e c08e  >.H..............<
0000016 befb 7c00 00bf b906 0200 a4f3 21ea 0006  >...|.........!..<
0000032 be00 07be 0438 0b75 c683 8110 fefe 7507  >....8.u........u<
0000048 ebf3 b416 b002 bb01 7c00 80b2 748a 0203  >.........|...t..<
0000064 0080 8000 3e60 0244 0800 90fa f690 80c2  >....`>D.........<
0000080 0275 80b2 59ea 007c 3100 8ec0 8ed8 bcd0  >u....Y|..1......<
0000096 2000 a0fb 7c40 ff3c 0274 c288 f652 80c2  >. ..@|<.t...R...<
0000112 5474 41b4 aabb cd55 5a13 7252 8149 55fb  >tT.A..U..ZRrI..U<
0000128 75aa a043 7c41 c084 0575 e183 7401 6637  >.uC.A|..u....t7f<
0000144 4c8b be10 7c05 44c6 01ff 8b66 441e c77c  >.L...|.D..f..D|.<
0000160 1004 c700 0244 0001 8966 085c 44c7 0006  >....D...f.\..D..<
0000176 6670 c031 4489 6604 4489 b40c cd42 7213  >pf1..D.f.D..B..r<
0000192 bb05 7000 7deb 08b4 13cd 0a73 c2f6 0f80  >...p.}....s.....<
0000208 f084 e900 008d 05be c67c ff44 6600 c031  >........|.D..f1.<
0000224 f088 6640 4489 3104 88d2 c1ca 02e2 e888  >..@f.D.1........<
0000240 f488 8940 0844 c031 d088 e8c0 6602 0489  >..@.D.1......f..<
0000256 a166 7c44 3166 66d2 34f7 5488 660a d231  >f.D|f1.f.4.T.f1.<
0000272 f766 0474 5488 890b 0c44 443b 7d08 8a3c  >f.t..T..D.;D.}<.<
0000288 0d54 e2c0 8a06 0a4c c1fe d108 6c8a 5a0c  >T.....L......l.Z<
0000304 748a bb0b 7000 c38e db31 01b8 cd02 7213  >.t...p..1......r<
0000320 8c2a 8ec3 4806 607c b91e 0100 db8e f631  >*....H|`......1.<
0000336 ff31 f3fc 1fa5 ff61 4226 be7c 7d7f 40e8  >1.....a.&B|..}.@<
0000352 eb00 be0e 7d84 38e8 eb00 be06 7d8e 30e8  >.....}.8.....}.0<
0000368 be00 7d93 2ae8 eb00 47fe 5552 2042 4700  >...}.*...GRUB .G<
0000384 6f65 006d 6148 6472 4420 7369 006b 6552  >eom.Hard Disk.Re<
0000400 6461 2000 7245 6f72 0072 01bb b400 cd0e  >ad. Error.......<
0000416 ac10 003c f475 00c3 0000 0000 0000 0000  >..<.u...........<
0000432 0000 0000 0000 0000 099b 000b 0000 2000  >............... <
0000448 0021 4b82 0a81 0800 0000 0000 0080 4b80  >!..K...........K<
0000464 0a82 fe83 ffff 0800 0080 f800 047f 0000  >................<
0000480 0000 0000 0000 0000 0000 0000 0000 0000  >................<
0000496 0000 0000 0000 0000 0000 0000 0000 aa55  >..............U.<
0000512

When i know where to look at, I prefer od, as it lets you see the position in decimal bytes (first column, compare to previous output). This helps A LOT when using dd input where you skip-ed the first N blocks / sectors, since you can read wether you are looking at the part which you wanted to examine.

Some notes on its parameters:

  • -A d = show position in decimals. Use x for hexadecimal.
  • -t x1z = show hex output, double-byte-wise (x2, use x1 for single-byte-wise output), z shows the data in the rightmost column.
  • --endian=little = choose endianness. Since this is a x86_64 intel cpu, we need little endian. I could have omitted this, but didn't for illustrating.
  • While still searching on the disk for data (using the dd-to-od from above, but piped ot less, using the -v flag with od is pratical, as it will condense lines consisting only of zeroes, showing only an asterisk.

Now that the basics are covered here, the rest should be easy, so only some more notes along the way:

  • No need to specify the blocksize with dd, since its 512 bytes by default.
  • Change it, in case you know how many bytes you want to jump around and want to be able to calculate easier (use bs=1024 and count=20 to read 20KiB from disk, instead of thinking it's count=40 what you need.
  • Using dd with the skip option, jumps so-and-so many blocks forward. For the sake of brevity, assume that both blocks and sectors are 512 bytes long. Remeber the output of parted in sectors from above?
  • Do use losetup, when kpartx fails.

result

I was able to discern that the backup was indeed broken, as there was not magic ext4 number present anywhere.

0xEF53 was nowhere to be found at the 0x38 offset after the initial padding of 1024 bytes in front of the start of the filesystem. Such info can be found here, for example.

At least I got some training with that stuff, been a while I got around to do so.

firewall with systemd file
posted on 2016-09-14 00:38

Some while ago I created a firewall script here, but this was prior to systemd. Now here's an update on how to fix this. First the unit-file, then the firewallscript in fullquote again.

prerequisites

apt install -y libnetfilter-conntrack3 libnfnetlink0
echo "net.netfilter.nf_conntrack_acct=1" >> /etc/sysctl.d/iptables.conntrack.accounting.conf

systemd unit file

/lib/systemd/system/firewall.service:

[Unit]
Description=Do some Firewalling.
Requires=local-fs.target
After=local-fs.target
Before=network.target

[Install]
WantedBy=multi-user.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/firewall start
ExecStop=/usr/sbin/firewall stop

firewallscript

/usr/sbin/firewall:

#!/bin/bash

# aliasing
IPTABLES=$(which iptables)
# set IF to work on
O=eth0
I=eth0


# load kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

case "$1" in

    start)
        echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
        echo 0 > /proc/sys/net/ipv4/tcp_ecn

        echo -n "Starting stateful paket inspection firewall... "

        # delete/flush old/existing chains
        $IPTABLES -F
        # delete undefined chains
        $IPTABLES -X

        # create default chains
        $IPTABLES -N INPUT
        $IPTABLES -N OUTPUT

        # create log-drop chain
        $IPTABLES -N LOGDROP

        # set default chain-actions, accept all outgoing traffic per default
        $IPTABLES -P INPUT LOGDROP
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT

        # make NAT Pinning impossible
        $IPTABLES -A INPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p udp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --sport 6667 -j LOGDROP

        # drop invalids
        $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j LOGDROP

        # allow NTP and established connections
        $IPTABLES -A INPUT -p udp --dport 123 -j ACCEPT
        $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A INPUT -i lo -j ACCEPT

        # pings are allowed
        $IPTABLES -A INPUT -p icmp --icmp-type 8 -m conntrack --state NEW -j ACCEPT

        # drop not routable networks
        $IPTABLES -A INPUT -i $I -s 169.254.0.0/16 -j LOGDROP
        $IPTABLES -A INPUT -i $I -s 172.16.0.0/12 -j LOGDROP
        $IPTABLES -A INPUT -i $I -s 192.0.2.0/24 -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s 192.168.0.0/16 -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s 10.0.0.0/8 -j LOGDROP
        $IPTABLES -A INPUT -s 127.0.0.0/8  ! -i lo -j LOGDROP




        # OPEN PORTS FOR USED SERVICES

        ## SSH
        $IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT

        ## HTTPD
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPT

        ## OVPN
        #$IPTABLES -A INPUT -i $I -p udp -m conntrack --ctstate NEW --dport 1194 -j ACCEPT

        ## MySQL
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 3306 -j ACCEPT






        # Portscanner will be blocked for 15 minutes
        $IPTABLES -A INPUT  -m recent --name psc --update --seconds 900 -j LOGDROP

        # only use when ports not available from the internet
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 1433  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 3306  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 8086  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 10000 -m recent --name psc --set -j LOGDROP

        ### drop ms specific WITHOUT LOGGING - because: else too much logging
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 137:139 -j DROP
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 67:68 -j DROP

        # log packets to be dropped and drop them afterwards
        $IPTABLES -A INPUT -j LOGDROP
        $IPTABLES -A LOGDROP -j LOG --log-level 4 --log-prefix "dropped:"
        $IPTABLES -A LOGDROP -j DROP

        echo "Done."
    ;;

    stop)
        echo -n "Stopping stateful paket inspection firewall... "
        /etc/init.d/fail2ban stop
        # flush
        $IPTABLES -F
        # delete
        $IPTABLES -X
        # set default to accept all incoming and outgoing traffic
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        echo "Done."
    ;;

    restart)
        echo -n "Restarting stateful paket inspection firewall... "
        echo -n
        /etc/init.d/firewall stop
        /etc/init.d/firewall start
        /etc/init.d/fail2ban start
    ;;

    status)
        $IPTABLES -L -vnx --line-numbers | \
        sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[31;1m&\033[0m")/'' | \
        sed ''/^num.*/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | \
        sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[35;1m\\\2\033[0m")/''| \
        sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[37;1m&\033[0m")/g'' | \
        sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;31m\\\2\033[0m")/'' | \
        sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''
    ;;

    monitor)
        if [ -n "$2" ]
            then $(which watch) -n1 -d $IPTABLES -vnxL "$2" --line-numbers
            else $(which watch) -n1 -d $IPTABLES -vnxL --line-numbers; fi
    ;;

    *)
        echo "Usage: $0 {start|stop|status|monitor [<chain>]|restart}"
        exit 1
    ;;

esac

exit 0

The coloring at the status part when using firewall status is borked. It works, but its completely shit from what I know now. The '' were a single double-apostrophe, but I was not good enough with bash when I copy pasted it and tried to color the shell output. Some day I may fix it. Hopefully.

finishing

chmod u+x /usr/sbin/firewall
systemctl enable firewall
firewall start

usage

This should suffice, just try it:

firewall
firewall start
firewall stop
firewall restart
firewall status
firewall monitor
throughput measurement with iperf
posted on 2016-09-12 13:32

In short:

  • iperf -s start the server on node 1
  • iperf -c <node2_ip_or_dns> connects node 2 to node 1 and starts the test

Example:

root@server1:~# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 188.64.57.149 port 5001 connected with 158.181.55.4 port 24169
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.0 sec   761 MBytes   636 Mbits/sec

and

sjas@server2~$ iperf -c server1
------------------------------------------------------------
Client connecting to server1, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local 10.20.1.14 port 44928 connected with 188.64.57.149 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   761 MBytes   638 Mbits/sec
use strace to snoop on ssh sessions
posted on 2016-09-12 00:17

To snoop on another running SSH session, these oneliners come in handy.

  1. use w to find out which session you want to have a look at
  2. ps aux|grep pts to find out the PID
  3. replace the PID in the scripts below

CentOS

Tested on 6.8:

strace -p PID -e trace=write 2>&1 | grep --line-buffered -o '".*[^"]"' | sed -e 's/^"//' -e 's/"$//'

Debian

Tested on jessie / 8:

strace -p PID -e write 2>&1 | grep --line-buffered -e '^write(7' | grep --line-buffered -o '".*[^"]"' | sed -e 's/^"//' -e 's/"$//'
get web page via netcat
posted on 2016-09-07 15:21

Open a connection to the webserver via netcat and then issue the request:

nc mydomain.com 80

GET / http/1.0
GET / http/1.1
luks and lvm and partitioning and filesystem from the shell
posted on 2016-08-24 20:58

Don't overwrite your devices via cp. But we've all been there, done that.

If you don't want to reinstall 'just because', an idea might be to use testdisk depending on what you did.

Getting nice partition layout I tend to use parted (see below), for creating partitions cgdisk (for GPT stuff) or cfdisk (for MBR creation only IIRC) are decent choices.

Back on topic.

preparation

Partitions were still present in my cause, so no need create them anew.

If you have to, do parted /dev/sda p and parted /dev/sdX u b p and use your phone to make photos, in case you have to redo something.

luks

Create and open the cryptocontainer to hold the complete partition, wherein the LVM and your filesystems will lie.

cryptsetup --cipher=aes-xts-plain64 luksFormat /dev/sdXN --force-password
cryptsetup open /dev/sdXN sdXN_crypt

Did you really type an uppercased YES when you were promted? The password you were prompted for is the one you will have to enter in the future.

In case you did something wrong:

cryptsetup close
cryptsetup erase /dev/sdaX

Then start by recreating the container. Did you really type an uppercased YES when you were promted?

lvm2

After the crypto device was opened, you can reference it through the device mapper. Now create the physical volume (PV), volume group (VG) and logical volumes (LV's) where your system will be installed later on:

pvcreate /dev/mapper/sdXN_crypt
vgcreate `hostname` /dev/mapper/sdXN_crypt
lvcreate -L 2G -n swap `hostname`
lvcreate -l 100%FREE -n root `hostname`

Here is a catch: I did not have to recreate a separate /boot partition, as I already had one. If you don't create one first. It has to be located outside the crypto container, else you won't be able too boot after your installation.

If something went wrong, here's how to delete things, too. Choose what you need in particular:

pvremove /dev/sdXN_crypt
vgremove `hostname`
lvremove /dev/`hostname`/<LVname>

filesystems and swap

Create swap:

mkswap /dev/mapper/`hostname`-swap

Create root filesystem:

mkfs -t ext4 /dev/mapper/`hostname`-root

This is pretty much it. From here on you can chroot or do whatever else you want.

Maybe you only want the container for data but for installing a system on there. In that case not calling the LV 'root' and omitting the swap partition up there would have been a wise choice.

postgres introduction
posted on 2016-08-24 10:50

Client is run through the postgres system user named 'postgres'. Homedir is /var/lib/postgresql usually.

Connection info

.my.cnf equivalent is the .pgpass in postgres user homedir, containing the following syntax:

hostname:port:database:username:password

Command history

For .mysql_history equivalent, see .psql_history in postgres user homedir (/var/lib/postgres/.psql_history).

Apostrophe's usage

  • use single ones for strings/values
  • use double ones for objects (user-/table-/dbnames... )

Most important shell commands

  • createdb DATABASE
  • dropdb DATABASE
  • createuser ROLE
  • dropuser ROLE
  • psql ## as user 'postgres'
  • su -c psql postgres ## invoking the CLI as any user
  • postgres=# grant all privileges on database DATABASE to USER;

As postgres user:

  • psql -c 'SQL_STATEMENT' = mysql -e 'SQL_STATEMENT' with .my.cnf
  • psql DATABASE # open client and connects to database

psql cli commands

help = shows help howto
\h = show help for sql commands
\h create role; = show help on CREATE ROLE command

\c DATABASE = "use DATABASE"
\? = show pg shortcuts
\l = "show databases;"
\d = show tables/views/sequences
\dt = "show tables;"
\du = show roles (users)
\dp = show privileges

mytop

There exists an equivalent called pgtop. Package on debian is called pgtop, too.

Usage:

su - postgres
pg_top

User management

Postgres user management differs in that there are 'roles'. These can be tweaked to work like users or like groups.

$ sudo postgres
$ createuser my-user
$

Main use cases

Create db with corresponding user:

createdb DATABASENAME
createuser DATABASENAME
su -c psql DATABASENAME postgres
grant all privileges on DATABASE to USER;
\q

Change password:

su -c psql postgres
alter role DATABASE with password 'PASSWORD';
\q
linux create patches via diff and apply via patch
posted on 2016-08-22 19:14

Since I tend to forget this way too often...

create a patch

diff -u <file1> <file2> > <filename>.patch

test a patch

patch --dry-run <file> < <filename>.patch

apply a patch

patch -p0 <file> < <filename>.patch

-p0 strips no prefixes, -p1 strips the leftmost path folder, etc.

apply a patch and create backup of the original

patch -b -p0 <file> < <filename>.patch

Creates <file>.orig in the process.

reverse an applied patch

patch -R <file> < <filename>.patch
mysql 5.7 reset root password
posted on 2016-08-04 14:04

Resetting the mysql root password changed with version 5.7, along with quite some other stuff.

If you have further trouble logging in with the local root account itself, these steps should fix all the problems.

  • stop mysql server (service mysql stop or ps aux | grep mysql to determine the PID and then kill -9 PID)
  • mysqld_safe --skip-grant-tables
  • mysql -Ne "UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE User = 'root';" to fix the root PW not working
  • mysql -Ne "UPDATE mysql.user SET authentication_string=password('YOURNEWPASSWORD') WHERE user='root';"
  • killall -9 mysqld_safe
  • service mysql start
snmp querying
posted on 2016-07-05 11:57

prerequisites

For testing your SNMP setup, it needs to have these defined:

  • agentaddress with protocol,public ip,port
  • community string (often 'public' or 'mrtgread')
  • snmpd service restart, if changes are pending (config was edited in the past but service not restarted/reloaded yet)

Then for querying: (this is an example)

snmpwalk -c public -v 2c <IP>

or

snmpget -c public -v 2c <IP> <OID>
determine ASN from shell
posted on 2016-06-29 01:35

whois can actually use different whois servers for querying. Their output differs, but whois.cymru.com is pretty decent:

whois -h whois.cymru.com <IP-OR-ASN>

I.e.

sjas@zen:~$ whois -h whois.cymru.com $(host sjas.de | head -1 | awk '{print $4}')
AS      | IP               | AS Name
24940   | 78.47.176.149    | HETZNER-AS , DE

In reverse, for looking up which organization is behind a specific AS number:

sjas@zen:~$ whois -h whois.cymru.com AS24940 | tail -1
HETZNER-AS , DE

Downside is, it will not lookup domains, only IP's or ASN's.

If no whois server is specified via the -h flag, whois.arin.net will be used for domains, IP addresses and ASN numbers. whois.cymru.com is however more terse and often more preferable.

linux find long paths
posted on 2016-06-28 12:10

Sometimes applications have problems with pathnames the exceed 1024 characters. I.e. this happens with certain backup applications. Here the pathnames came for apache caching files.

The easiest way to find those on a linux system is via find:

find / -regextype posix-extended -regex '.{1000,}'

This will show all paths that exceed 1000 characters in lengths.

proxmox: qemu-img convert
posted on 2016-06-11 10:33

In proxmox you sometimes want to convert images from one type to another.

available types

QCOW2 (KVM, Xen)    qcow2
QED   (KVM)         qed
raw                 raw
VDI   (VirtualBox)  vdi
VHD   (Hyper-V) vpc
VMDK  (VMware)  vmdk
RBD   (ceph)    rbd

example

qemu-img convert -f raw -O qcow2 vm-100-disk-1.raw vm-100-disk-1.qcow2

-f is the first image format, -O the second. Look at the manpage to guess why -f is called -f.

gitolite emergency access
posted on 2016-06-11 10:32

In case you somehow managed to lock yourself out of your gitolite access list (lost key, commited misconfiguration, ...), there is an easy way to bypass this problem.

  1. ssh to your server
  2. su gitolite (or whatever user you use for running gitolite)
  3. cd
  4. git clone $HOME/repositories/gitolite-admin.git temp
  5. fix everything you need, exchange keys, do whatever you need to fix it
  6. git commit your changes
  7. gitolite push

Done. 7.) is gitolite push, not git push!

clamav
posted on 2016-06-11 10:30

For quick virus scans, if you have nothing else handy:

# install
apt install clamav

# install virus bases
freshclam

# scan
#everything
clamscan -r /
#specific folder, and show only 'hits'
clamscan -r -i /var/www

Some other valueable options:

  • --bell rings a bell
  • --remove deletes directly, files are gone!
  • --move=/some/path/here moves infected files it found to the given path
linux wifi cli handling
posted on 2016-06-04 14:56

Here's a walktrough on using a linux computer with a wifi card to access wlans via the cli tools. This guide is debian specific and assumes you use one of the WPA protocols for encrypting your wifi.

available tools

  • ip
  • iw
  • iwlist
  • iwconfig
  • dhclient
  • wpa_supplicant
  • wpa_passphrase
  • /etc/network/interfaces
  • wicd

You can use all of these, but it just happens you do not really need them all.

discern wlan IF

iw dev:

phy#0
    Interface wlan0
    ifindex 2
    wdev 0x1
    addr 00:22:66:88:00:22
    type managed

wlan0 is my wifi interface and will be uses as an example here from now on.

enable IF (if needed)

ip l s dev wlan0 up

find networks

iw dev wlan0 scan | grep -i -e ssid -e signal

brings:

    signal: -79.00 dBm
SSID: ng-2.4G
signal: -85.00 dBm
SSID: ng-5G

So you know the available networks as well as the signal quality.

An alternative would be: iwlist wlan0 scan | grep -i -e ssid -e signal:

    Quality=26/70  Signal level=-84 dBm  
    ESSID:"ng-5G"
    Quality=36/70  Signal level=-74 dBm  
    ESSID:"ng-2.4G"

I will choose ng-2.4g for the next examples.

set up WPA and run daemon

# i just do not like these storing under /etc
mkdir /root/.wpa
# you are promted for the passphrase
# tee is used to show the output written to the file also directly at the shell
wpa_passphrase ng-2.4g | tee -a ~/.wpa/wpa_supplicant.conf  
## hide contents from others since the original pass is included as comment
chmod 600 ~/.wpa/wpa_supplicant.conf
# run daemon in the backgroud, automtically brings IF up
wpa_supplicant -B -i wlan0 -c ~/.wpa/wpa_supplicant.conf

So now your wpa_supplicant.conf should contain something like this:

root@zen:/home/sjas/blog# wpa_passphrase ng-2.4G MY_PASSWORD
network={
    ssid="ng-2.4G"
    #psk="MY_PASSWORD"
    psk=0b1846ee861de86ebbf663bcd5087ba6cc2bbf0b3d9125361c52e95eef28ef6a
}

This is likely not everything you need to connect. So either discern everything else that is missing parameter-wise by hand, or use wicd if you have a desktop environment installed.

Once you connected to the wifi of your choice, do ps aux | grep wpa_supplicant and see how it was started, and which config references via -c. Copy its contents over to your wpa_supplicant.conf.

set up interface in /etc/network/interfaces for automatic connecting

manual wlan0
iface wlan0 inet dhcp
    pre-up wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant.conf
    post-down killall -q wpa_supplicant

usage

# enable
ifup wlan0

#disable
ifdown wlan0

how about several wlan configurations?

This is what I might use in my case:

/etc/network/interfaces:

manual wlan0
iface home2 inet dhcp
    pre-up wpa_supplicant -B -D wext -i wlan0 -c /var/lib/wicd/configurations/c404150241b4
    post-down killall -q wpa_supplicant
iface home5 inet dhcp
    pre-up wpa_supplicant -B -D wext -i wlan0 -c /var/lib/wicd/configurations/c404150241b3
    post-down killall -q wpa_supplicant

These have to be used a little differently, i.e.:

## acitivate one network:
ifup wlan0=home2
## and deactivate
ifdown wlan0

## or activate the other one:
ifup wlan0=home5
## and deactivate
ifdown wlan0

This may seem quite a bit unwieldy, but I am just fed up with network-manager or its relative, wicd, by now.

openvpn and GNU expect
posted on 2016-04-31 20:56

Since I often need openvpn connections and I like to start them from within terminals to see what actually happens, but dislike having to enter AD credentials everytime, here is a solution with expect to this.

Security-wise that's questionable, but I don't need a lection on that.

Replace <CONFIGFILE>, <USERNAME>, <PASSWORD>, of course.

#!/usr/bin/expect -f



## SETUP

# handle ctrl-c
proc sigint_handler {} {
  # send ctrl-c to openvpn process
  send \x03
  # wait for it to die
  sleep 1
  # quit expect session
  exit
}

# catch ctrl-c
trap sigint_handler SIGINT



## RUN

# start shell...
set timeout -1
spawn $env(SHELL)
match_max 100000

# ... and openvpn within there
send -- "sudo openvpn --config <CONFIGNAME>\r"

# username prompt
expect -exact "^[\[0;1;39mEnter Auth Username: ^[\[0m"
send -- "<USERNAME>\r"

# password prompt
expect -exact "^[\[0;1;39mEnter Auth Password: ^[\[0m"
send -- "<PASSWORD>\r"

# make expect wait so it doesn not exit immediately
expect eof

Replace the ^['s above (four times in the code above) with literal escapes. You can insert these in vim by pressing ctrl-v + Esc in linux.

I always set up openvpn to also push DNS settings (resolvconf package and stuff), so there is some CTRL-c-handling necessary so it works and everything closes cleanly.

The escape codes for the expect lines I could discern by using autoexpect.

Linux: create verifyable disk images with dcfldd
posted on 2016-04-01 20:33

dd (destroyer of disks, haha) can create block-level image copies. But you have no possibility to verify your copies, so try dcfldd (crap name, TBH):

dcfldd if=/dev/sdX of=/dev/sdY hash=sha256 hashwindow=50M hashlog=<FILEPATH>

Don't use md5 for hashing.

arping: duplicate ip address detection
posted on 2016-03-31 22:50

Duplicate IP's within your subnet are a problem that you can detect via arping. It sends a layer2 ARP REQUEST to detect if an IP is already known within the network.

Usually only this is sufficient for usage from the shell:

arping -D <IP>`

When you simply receive a response on the commandline, the IP is in use already. If you use vlans, you have to specify your interface with -I, too.

If you want to use this from within scripts, you might want this:

arping -D -w2 -c2 -I <INTERFACE> <IP>
echo $?

arping returns zero if there's exists a duplicate IP.

One thing to keep in mind is that some linux distributions have several packages available, but only one it the arping. See on debian, for example, you got these two on jessie:

arping/stable 2.14-1 amd64
  sends IP and/or ARP pings (to the MAC address)

iputils-arping/stable,now 3:20121221-5+b2 amd64 [installed]
  Tool to send ICMP echo requests to an ARP address

You need the iputils-arping one, if you happen to use debian.

csync2 setup
posted on 2016-03-21 17:19:01

This is done without SSL, since all servers are within their intranet anyway.

install

apt install csync2 -y

generate key

csync2 -k /etc/csync2.key

/etc/csync2.cfg

nossl * *;

group MYGROUP
{
        host NODE1;
        host NODE2;

        key /etc/csync2.key;

        include /www/htdocs;
        exclude *~ .*;
}

/etc/xinetd.d/csync2

  service csync2
  {
      flags = IPv4
      socket_type         = stream
      protocol            = tcp
      wait                = no
      user                = root
      server              = /usr/sbin/csync2
      server_args         = -i
      disable             = no
  }

copy all files to all nodes

scp /etc/csync2* node2:/etc/

restart daemon

service xinetd restart

usage

# sync stuff
csync2 -xv

# show differences
csync2 -T
csync2 -TT

# dry-run
csync2 -xvd

# force sync everything
csync2 -rf /
openssl: s_client to check certificates
posted on 2016-03-18 13:47:07

In short:

openssl s_client -connect <domain.de>:443
Linux: find deleted files with open filehandles
posted on 2016-03-09 18:47:25
lsof -nP +L1
GNU screen: how to scroll
posted on 2016-03-03 00:31:26

Since I forgot this so very often:

CTRL+a [

use PGUP + PGDN

hit ENTER to escape again
GNU screen: log to file
posted on 2016-03-02 00:34:29

This sequence starts logging, repeat it to stop logging again. From the manpage:

C-a H       (log)         Begins/ends logging of the current window to the file "screenlog.n".

See the folder where you started screen from for screenlog.0 usually.

This can be turned on/off, will append to an existing log file.

cisco: ASA 5510 basic setup
posted on 2016-02-29 22:49:46

This is almost the same posting as the previous one on setting up the 5505, but with some adjustments.

To have a very basic and usable ASA device after a factory reset, you might consider the commands presented in the following. These were entered into the device via a serial connection to the console port.

Usually this connection's speed is 9600 baud 8N1, in case you wonder.

ASDM will be available in LAN, not just via the Management port. Further there private IP networks being used for ingress and egress networks.

first aid

  • Use TAB to expand all the mentioned commands.
  • Use ? to show available commands.
  • In (config), use sh run to show your current configuration.

In case you need more in depth info, here is the original page from cisco.

modes

There are several modes, in very short:

  • EXEC = only most basic commands ('>' prompt)
  • privileged EXEC = you can now reboot and possibly change config ('#' prompt, enter via ena)
  • config = you can change configuration ('(config)' prompt, enter via conf t)

first steps upon fresh connect after a factory reset

! ! denotes comments and do not need being entered

! privileged mode
ena
! hit enter, initially no password needed

! now enter configure mode
conf t

! which box are we working on?
ho <hostname>

! set enable password
! can be used later for ASDM, too, which username being omitted
ena p <password>

set external and interal networks onto physical port

! maybe instead of 'E' you need 'G' for gigabit interfaces
in E 0/0
no shut
sec 0
ip ad 10.0.0.1 255.255.255.0
nameif OUTSIDE

in E 0/1
no shut
sec 100
ip ad 192.168.0.1 255.255.255.0
nameif INSIDE

! management IF, in case you want it
!in M 0/0

!exit
q

ASDM

! enable asdm...
ht s en

! ... from LAN
ht 192.168.0.0 255.255.255.0 INSIDE

save and reboot

wr mem
rel

ASA's are painful to maintain.

cisco: ASA 5505 basic setup
posted on 2016-02-29 22:49:46

To have a very basic and usable ASA device after a factory reset, you might consider the commands presented in the following. These were entered into the device via a serial connection to the console port.

Usually this connection's speed is 9600 baud 8N1, in case you wonder.

ASDM will be available in LAN, not just via the Management port. Further there private IP networks being used for ingress and egress networks.

first aid

  • Use TAB to expand all the mentioned commands.
  • Use ? to show available commands.
  • In (config), use sh run to show your current configuration.

modes

There are several modes, in very short:

  • EXEC = only most basic commands ('>' prompt)
  • privileged EXEC = you can now reboot and possibly change config ('#' prompt, enter via ena)
  • config = you can change configuration ('(config)' prompt, enter via conf t)

first steps upon fresh connect after a factory reset

! ! denotes comments and do not need being entered

! privileged mode
ena
! hit enter, initially no password needed

! now enter configure mode
conf t

! which box are we working on?
ho <hostname>

! set enable password
! can be used later for ASDM, too, which username being omitted
ena p <password>

create VLAN for external and interal network

in Vlan1
 nameif OUTSIDE
 sec 1
 ip ad 10.0.0.1 255.255.255.0

in Vlan10
 nameif INSIDE
 sec 100
 ip ad 192.168.1.1 255.255.255.0

! exit
q

set vlans for your physical interfaces

! first your uplink
in E 0/0
 no shut
 sw a v 1

! now the others
in E 0/1
 no shut
 sw a v 10

in E 0/2
 no shut
 sw a v 10

in E 0/3
 no shut
 sw a v 10

! of course you can do it for all others, too, if you want
! else:
q

ASDM

! enable asdm...
ht s en

! ... from LAN
ht 192.168.1.0 255.255.255.0 INSIDE

save and reboot

wr mem
rel

ASA's are painful to maintain.

cisco: boot router from USB
posted on 2016-02-29 14:29:20

A very short walkthrough, persisting the image is inclusive:

  • "The USB Flash Module is a hardware device sold by Cisco Systems ® that provides a secondary Flash capability on Universal Serial Bus (USB) ports." (I cited cisco, from the link at the bottom of this post.)

  • "USB drivers have been added to rommon, starting with version 12.4(13r)." (Also from the cisco link.)

  • filesystem has to FAT16, since FAT32 will NOT work

  • ctrl-break (or other) to enter rommon mode

    rommon 1>? rommon 2> dir usbflash0: rommon 3> boot usbflash0: c2800nm-ipbase-mz.124-3.bin

    Router> enable Router # copy usbflash0: c2800nm-ipbase-mz.124-3.bin flash: c2800nm-ipbase-mz.124-3.bin

Here is additional information directly from Cisco.

SSL certificate check from shell
posted on 2016-02-05 12:53:33

This will show the complete certificate:

echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text

Exchange the -text flag with any other object which are present in the certificate to get different results. (I.e. -subject or -dates.)

Magento: find out version from shell
posted on 2016-02-03 13:37:57

From within the docroot of your installation:

find . -iname Mage.php | xargs grep "public static function getVersionInfo" -A10

This should do until the code gets changed, tested with the 1.9.0.1 release.

AWK
posted on 2016-01-29 23:54:30

intro

awk is one hell of a beast. It's named after it's inventors Aho, Weinberger and Kernighan, there exist different implementations. This post is to give a rough overview, there is more to it.

Either look up the official documentation for your installed implementation (i.e. mawk is just not gawk), or try heading over here, which is where I look things sometimes up when I happen to need it.

Pro's:

  • It's fast.
  • You have a programming language at your disposal in the shell.
  • One-liners are pretty quickly written.

Con's:

  • rather steep learning curve

When working with text fragments, it can truly speed up things. Since beside a lot of good tutorials always missed a proper introduction for me, this i my shot at creating one myself.

These nice things happen to exist, or can at least be created.

  • variables
  • conditions
  • loops
  • associative arrays
  • functions
  • a profiler (Yes, the software comes with its own profiler built in, depending on the implementation you use)
  • pipes (You can pipe awk arrays directly to shell commands WITHIN awk, which is a nice feature.)
  • arithmetic operators

This list is likely not complete, as this post comes almost completely out of my head.

creating scripts vs. executing statements in the shell

Both is easily possible. The shebang for scripts:

#!/usr/bin/awk -f

Within scripts statements (block stuff within the braces) are separated through newlines, whereas in the shell you need semicolons. You don't need semicolons outside the blocks.

structuring

Usually awk are based on the following structure:

#!/usr/bin/awk -f

BEGIN { ... }
BEGIN { ... }
BEGIN { ... }
CONDITION { ... }
CONDITION { ... }
CONDITION { ... }
CONDITION { ... }
END { ... }
END { ... }
END { ... }

Or on the shell:

awk 'BEGIN { ... } BEGIN { ... } BEGIN { ... } CONDITION { ... } CONDITION { ... } CONDITION { ... } CONDITION { ... } END { ... } END { ... } END { ... }'

The misleading part is, you don't need the BEGIN blocks, the END blocks or the CONDITION's themselves from the CONDITION blocks.

So the program could as well be looking just like this:

awk '{ ... }'

or

awk 'CONDITION'

So in very short:

  • awk processes input line by line usually.
  • BEGIN / END blocks are executed prior or after input processing.
  • The middle part is executed while traversing the input, depending if the condition evaluates to 'true'.
  • If no CONDITION is specified, the block is always executed.
  • several blocks can be used together, all are evaluated.
  • If a condition is true, the current line (called a RECORD, consisting of columns called FIELDS) is printed, even when no block was specified. That also happens to be the case with variable definition. (Sooner or later you will have to debug exactly this case.)

built-in variables

To repeat:

  • RECORD = a single row of your dataset
  • FIELD = a single data entry of a column from the current row

Which explains the variables a bit:

FS          field separator (delimiter for input data, usually ' ')
OFS         output field separator (delimiter for output data)

NF          number of fields = column count
NR          number of record = row count

RS          record separator (how input is delimited, usually '\n')
ORS         output record separator (how output is delimited)

FILENAME    name of the input file

There may be more, but these are mostly implementation-dependant and thus omitted.

user-defined variables

Unlike in bash variables, you omit the $ prepended to the variable names. You have input data, which are usually just strings ("like this"), so you declare variables like this:

example_var_1=""; example_var_2=""

This can either be done in BEGIN or within the main code paths. See next paragraph for some examples.

arrays

All arrays are associative, which lets you emulate regular arrays, too. For these you simply create a variable, defined with value 0. When iterating, simply increase the running index, which is the key for your array values.

Associative arrays are rather easy, one of your fields is a key, the other the value which gets set.

An example for a emulated 'normal' array is this:

awk 'BEGIN {index=0; array=""} {array[index]=$1; index++}'

An example for regular 'associative' usage:

awk 'BEGIN {array=""} {array[$1]=$2}'

CONDITIONS

These could either be simple assignments, or regexes (/ ... /)

built-in functions

This is a quick overview, so you know these exist:

next     jump to next record
exit     quit exit program, an exit code can be specified
getline  for when you need to control getting input
print    self-explanatory
printf   formatted printing like in C
++       increment
function keywork for when you explicitly need user-defined functions

one-liners

Some handy examples are provided here:

## print second column (counting starts with one, not zero)
## this is what you will use awk the most for, don't use `cut`
awk 'print $2'

## print everything EXCEPT second column
awk '$2=""'

## remove empty lines
awk 'NF>0'
# or
awk '$1'

## add a header (printf is analogous to C language)
## the regular print statement could be used as well, of course
awk 'BEGIN {printf "%s %s %s\n","1stcol","2ndcol", "3rdcol"} {print $0}'

## print several columns, use several different delimiters
## both of these work with arbitrary counts for tab, space or colon as delemiter
awk -F'[\t :]+' '{print $1 $2 $3}'
nmap: show available ssl ciphers of a server
posted on 2016-01-04 19:39:00

command

nmap --script ssl-enum-ciphers -p <PORT> <URL>

example

Starting Nmap 6.47 ( http://nmap.org ) at 2016-01-04 15:37 CET
Nmap scan report for sjas.de (78.47.176.149)
Host is up (0.0047s latency).
rDNS record for 78.47.176.149: static.149.176.47.78.clients.your-server.de
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 30.54 seconds
RBPI: cpu temp and memory reading
posted on 2016-01-02 17:38:40
# shows the temperature of the cpu
vcgencmd measure_temp

# shows the memory split between the cpu and gpu
vcgencmd get_mem arm && vcgencmd get_mem gpu
flashrom tutorial
posted on 2016-01-02 16:24:55

To directly dump contents of a NOR flash chip directly via the serial peripheral interface bus (SPI), a tool called flashrom will help.

disclaimer

If you read this and want to do what is described, you dont need a disclaimer to know you can kill your hardware through electrostatic discharge or whatever. Else you should not be doing this anyway, except you can afford grilling things and/or insist on learning things. This is likely the only disclaimer on this site for quite some time.

reasons

Why would you want to do that at all?

Flashing new content onto flash chip usually takes place after the chips contents (also containing either the operating system or at least the bootloader or some part of it) were loaded into the RAM. With that OS running, the flash content gets exchanged with a new image. So if the image is faulty, or the flashing process gets interrupted through power loss, you won't have a bootable system anymore. A simple live disk or bootable USB stick won't help much if you can't even find the USB bus (or your other devices with the bootable operation system image) can be found.

In other words, your computer (or if you do stuff with your smartphone, your device) is bricked.

Basically, it becomes a very expensive paper weight.

If you however use the SPI bus directly for ISP (in-systems programming/in-situ programming), you do not have to care for breaking things through faulty images if you have a working one already. This enables you to test things without having to fear you will render your hardware unusable. Which leaves room for trying out things which were impossible prior.

Like fiddling directly with proprietary software which wants to prohibit you from booting a proper operating system on some hardware of choice from you. I don't know when this hobby project will be finished, but I sure learned a lot about electronics within the last half year.

needed tools

  • raspberry pi (revision does not matter, but just get a B 2 in case you don't have one yet.)
  • sd flash card (this is where you will dd your OS image onto)
  • soic clip (google that, in case you want to work on NOR flash chip, so you don't have to solder wires onto the chip directly which is ugly)
  • female-to-female jumper cables (six ones minimum for working with SPI, maybe more)

In my case a debian installation was put onto an SD card of a raspberry pi (which is ARM based, as one might know), only to find out that the existing flashrom package exists for intel architecture based processors only.

Bummer.

compile and install

Ok, so lets install a proper environment and build stuff by hand then, as root user:

apt install build-essential
apt install libusb-dev
apt install pciutils-dev
apt install bzip2

wget http://download.flashrom.org/releases/flashrom-0.9.8.tar.bz2
tar xjvf flashrom-0.9.8.tar.bz2
cd flashrom-0.9.8

make -j4
make install

wiring

Google the chip you want to work on, and look after a description of its pins. (Chances are you already did this, which told you that you could use the SPI bus at all.) Put the SOIC clip on the chip.

Google a raspberry pinout table, and connect the SPI pins (MISO, MOSI, CE0, CLOCK, GND, 3.3V) accordingly.

Use short cables, long ones may cause connection problems.

usage example

All the following was done without a power supply being connected to the board, as the chip got the power from the raspberry's 3.3V Vcc pin.

As I had no prior knowledge on how to use flashrom ('i dont even know what im doing here'[TM]), this is what I tried:

# go to $HOME and create a temp folder
cd
mkdir flashromming
cd flashromming

# show help
flashrom -h

# try directly
flashrom

# try using the programmer which might work
flashrom --programmer linux_spi

# search for spi device
ls -alh /dev/spidev0.*

# use appropriate programmer, which then found my chip
flashrom --programmer linux_spi:dev=/dev/spidev0.0

# look up help to find out how to dump the flash content into a file
flashrom
flashrom -h

# actual dumping (-r = READ flash content into file)
flashrom --programmer linux_spi:dev=/dev/spidev0.0 -r nas-flash-original.bin

# always work on copies, not originals!!!
cp nas-flash-original.bin nas-flash-copy.bin

# have a look at the dumps contents
dd if=nas-flash-copy.bin | hexdump -vC | less

For starters, this worked. There is more:

## OTHER STUFF:
# flash new content onto chip (-w = WRITE file to chip)
flashrom --programmer linux_spi:dev=/dev/spidev0.0 -w newimage.bin

# erase chip contents (-E)
flashrom --programmer linux_spi:dev=/dev/spidev0.0 -E

# verify chip contents against file (-v)
# this is only needed when in doubt which file got flashed, verifying is done automatically after each flashing procedure
flashrom --programmer linux_spi:dev=/dev/spidev0.0 -v newimage.bin

issues

The motherboard which was used also had a serial interface (UART/RS232) which I used have a look at the boot process and for console access. When the SOIC clip was connected to the chip, it just would not boot.

linux: show all cronjob files' contents
posted on 2015-12-31 11:50:22

Why didn't I think of that earlier???

for i in $(find /etc/cron*); do echo $'\e[33;1m'$i$'\e[0m'; cat $i; done | less -R

Or, if in doubt and you suspect evil doings happening:

for i in /var/spool/cron/* $(find /etc/cron*/); do echo $'\e[33;1m'$i$'\e[0m'; cat $i; done | less -R
freebsd: static bash
posted on 2015-12-29 07:43:55

To get a static bash executable which is always available, try this:

make -C /usr/ports/shells/bash -D WITH_STATIC_BASH -DWITHOUT_NLS PREFIX=/ install
linux: ipmitool
posted on 2015-12-04 20:17:00

This was tested on Debian 7.

install

apt install ipmitool -y
modprobe ipmi_si
modprobe ipmi_devintf

usage

For testing:

# locally
ipmitool -I open sdr elist all

# remote
#http
ipmitool -I lan -H <ip> -U <user> -P <PASSWORT> sdr elist all

#https
ipmitool -I lanplus -H <ip> -U <user> -P <PASSWORT> sdr elist all

troubleshooting

  • check ipmi ip
  • check netmask for your ipmi network
  • check gateway
  • ping should work, too, instead of using ipmitool for a reachability check
Linux: find folders with many files
posted on 2015-11-09 15:59:26

To easily (and FAST!) get an overview of the filecount of all folders in the current working directory:

for i in *; do echo -e "$(find $i | wc -l)\t$i"; done | sort -n
expect: update linux passwords through passwd from a list
posted on 2015-11-04 14:42:48

I know this is hacky, but I was in dire need:

IFS=$'\n'; for i in `cat pw`; do NAME=`echo $i | awk '{print $1}'`; PASS=`echo $i | awk '{print $2}'`; if getent passwd $NAME &>/dev/null; then expect -D0 -c "spawn passwd $NAME; expect \"Enter new UNIX password: \"; send \"$PASS\\r\"; expect \"Retype new UNIX password: \"; send \"$PASS\\r\";exit"; sleep 1; fi; done

Credentials were contained in a single .txt file, username and passwords, nothing else existed in there, both were separated by whitespaces. The file was called pw and laid in the same folder where the line above was run.

A watch -n1 -d /etc/shadow is helpful to see what happens. Still check your passwords afterwards!

UPDATE:

Try chpasswd. I feel stupid for not googling enough, at least a little.

iptables: list installed modules
posted on 2015-10-18 23:47:45

I will get some proper output for that when I revisit that posting.

For now:

echo; echo Available Modules:; \ls -1 /usr/lib*/xtables | \grep -v -e '[A-Z]\+'; echo; echo Available Actions:; \ls -1 /usr/lib*/xtables | \grep -e '[A-Z]\+'
bash prompt deluxe
posted on 2015-10-12 00:31:04

For quite a long time I have had the same prompt on and off, like:

[user@host ~/folder]$ 

This one was already colored. However quite a while ago I read about Steve Losh and his ZSH prompt, where he also used to show git or mercurial repository information.

After quite a while (making the exit code colored depending on wether it is zero or not is harder than it seems...), this was also added. Without further ado (or any explanation how the colors look like, here are some exmples:

REGULAR, GIT, SVN:
0 [256] 1 [ sjas@nb.dyn.sjas.de ~] 00:06:39 $ cd repo/gitolite-admin/
0 [257] 2 [ sjas@nb.dyn.sjas.de ~/repo/gitolite-admin git:[master] ] 00:06:45 $ cd ../non-modal-swing-dialog-read-only/
0 [258] 3 [ sjas@nb.dyn.sjas.de ~/repo/non-modal-swing-dialog-read-only svn:[Rev 41] ] 00:06:50 $ 

ERROR CODE as first number:
0 [258] 3 [ sjas@nb.dyn.sjas.de ~/repo/non-modal-swing-dialog-read-only svn:[Rev 41] ] 00:07:05 $ asdf
bash: asdf: command not found
127 [259] 4 [ sjas@nb.dyn.sjas.de ~/repo/non-modal-swing-dialog-read-only svn:[Rev 41] ] 00:07:07 $

The second number is the history count altogether like in the history file, the third one the count of the current session. Everything is colored, and for me it is not too long due to the colors.

This goes into the ~/.bashrc:

promptfunction() {
    local EXIT="$?"
    local VCS=""
    PS1=""
    if git branch &>/dev/null
    then
        VCS=" git:$(git show-branch | awk '{print $1}') "
    else
        if svn info &>/dev/null
        then
            VCS=' svn:[Rev '"$(svn info | \grep -i revision | awk '{print $2}')"'] '
        fi
    fi
    PS1="\[\e[3$(if [ $EXIT = 0 ]; then echo '2'; else echo '1'; fi);1m\]\$?\[\e[0m\] [\!] \# \[\e[31;1m\][\[\e[37;1m\] \u\[\e[33;1m\]@\[\e[37;1m\]$(hostname -f) \[\e[32;1m\]\w\[\e[36;1m\]$VCS\[\e[0m\]\[\e[31;1m\]]\[\e[0m\] \[\e[33;1m\]\t\[\e[0m\] \[\e[36;1m\]\\$ \[\e[0m\]"
}
export PROMPT_COMMAND=promptfunction

I could have changed the coloring such that i'd have used variables for the coloring, but by now I can read them just as well. If you want to know more about the coloring, google 'ansi escape codes'. :)

linux: chroot and reinstall grub2
posted on 2015-10-02 01:53:04

First, while in the live disk (i.e. grml) you just booted, mount everthing to a folder, which will be the chroot root. I.e. ~/asdf.

cd
mkdir asdf
mount /dev/sda1 asdf
cd asdf

After cd'ing into there you have to mount some special folders:

  • /proc
  • /sys
  • /dev
  • /dev/pts
  • /run

Like this:

mount  -t      proc   proc       ./proc
mount  -t      sysfs  sys        ./sys
mount  --bind         /dev       ./dev
mount  -t      devpts devpts     ./dev/pts
mount  --bind         /run       ./run

Possibly you need to mount /boot and /boot/efi, too, if your boot partition is separate and if you have a UEFI setup.

followed by:

chroot .

Should you use a grml live disk and it is complaining about a missing zsh shell:

chroot . /bin/bash

Then reinstall grub:

<!-- grub2-install --recheck --no-floppy /dev/sda -->
<!-- grub2-mkconfig -o /boot/grub2/grub.cfg -->
<!-- mkinitrd -->
grub-install /dev/sda
update-grub

Exit the chroot and reboot.

LDAP: linux ldap test with ldapsearch
posted on 2015-10-01 07:37:23
ldapsearch -vvvv -LLL -H ldap://<domain-or-hostname>:<port> -b '<OU's-and-DC's-to-start-from>' -D '<domain>\<username>' -w '<password>'

-W instead of -w will prompt interactively for password. -y will read the password from a file.

-s will be for limiting scope.

awk: show postfix mailq mail ID's for specific mail
posted on 2015-09-28 00:46:44

In short, replace <searchterm> with a regex for the adress you want:

mailq | awk 'BEGIN { RS = "" } /<searchterm>/ {print $1} '
LVM: shrink volume
posted on 2015-08-07 18:34:25

To shrink a LVM partition, there are several steps to be reproduced:

  • the volume has to be unmounted
  • activate the LVM volumes, so linux can handle them
  • check that the filesystem is error free
  • shrink filesystem, a little more than needed
  • shrink LVM partition
  • expand filesystem to full LVM partition size
  • fsck again, if you are anxious :)

If the volume is mounted, you will not be able to filesystem-check it, or even shrink it. So you can not simply shrink the root partition of your running live system. For this you will need a live disk (google for 'grml linux') and boot from this to make the changes.

So here something to copy paste from:

vgchange -a y
e2fsck -f /dev/<volume_group>/<logical_volume>
resize2fs /dev/<volume_group>/<logical_volume> <size-in-GB-MINUS-1GB>G
lvreduce -L <size-in-GB>G /dev/<volume_group>/<logical_volume>
resize2fs /dev/<volume_group>/<logical_volume>
e2fsck -f /dev/<volume_group>/<logical_volume>

Voila.

Usually you'd want to do this in order to create another volume / partition, but this is stuff for another blogpost.

iptables: sole config
posted on 2015-08-03 17:21:27

DISCLAIMER: This is almost a complete ripoff of this answer here.

Usually when ending a iptables rule with something like -j LOG --log-prefix "dropped:", this information will go straight to the general syslog file. This creates quite some clutter, depending on the rules your firewall has in place.

/etc/rsyslog.d/10-iptables:

if ( $msg contains 'IN=' and $msg contains 'OUT=' ) 
then { 
    /var/log/10-iptables.log
    stop
}

& ~ is deprecated in the new rsyslog, you should use stop instead.

/etc/logrotate.d/iptables:

/var/log/iptables.log
{
        rotate 30
        daily
        missingok
        notifempty
        delaycompress

        postrotate
                service rsyslog rotate > /dev/null
        endscript
}

Note: The prefix is set to 10- to catch it before it reach the default rules (i.e. named 50-defaults).

MySQL: Check used storage engine
posted on 2015-07-13 15:32:01

Something to copy paste, in case you already have a .my.cnf for your root user with his password.

This only for tables you created:

less < <({ for i in $(mysql -e "show databases;" | cat | grep -v -e Database -e information_schema -e mysql -e performance_schema); do echo "--------------------$i--------------------";  mysql -e "use $i; show table status;"; done } | column -t)

This will show all tables, including the mysql ones:

less < <({ for i in $(mysql -e "show databases;" | cat | grep -v -e Database); do echo "--------------------$i--------------------";  mysql -e "use $i; show table status;"; done } | column -t)

To make it a little more readable, hitting -S in less turns or wordwrapping in less. Thus the lines which are too long are simply cut.

In a little more detail, this cannot be copy pasted in this form as it's missing the line break escapes, sorry this time not:

less < <(
            { 
                for i in $(mysql -e "show databases;" | 
                cat | 
                grep -v -e Database -e information_schema -e mysql -e performance_schema);
                do echo "--------------------$i--------------------"; 
                    mysql -e "use $i; show table status;";
                done 
            } | 
            column -t
        )

The cat piping is needed so the output will be without borders. I honestly have no idea why this cat here works the way it does. :)

SSH: tunnel and port-forwarding howto
posted on 2015-07-10 07:56:07

To create ssh tunnels there are a lot of explanations out there, and the most are not worth much. Let's see if I can do better.

some facts against common misconceptions

one

A tunnel involves only two endpoints.

Ok, fair enough. But you need to specify minimum three host locations for a working tunnel.

Where two can point to the same machine, just from different views.

Which is your local host (or at least it's port), the gateway (the machine which will be the other tunnel endpoint) and the machine you are targetting. localhost, if the target/destination host is the same machine as the gateway host.

More on that later, if this does not make sense yet.

two

Another misconception which is often prevalent: "How do I get the server port so I can access it locally?"

Actually the direction may seem unnatural:
Things depend on the source host, where the request (of whichever protocol being used) will originate.

three

There exist directions, which is what the -L and -R flags are for.

four

The order in which the ssh arguments are specified can actually be changed. And changed it is quite easier to grok.

tunnel 101

This is basic tunnelling knowledge, where SSH tunnels differ from SSL/IPSEC VPNs comments will indicate so.

Tunnelling connects non-routable networks with each other. (This is the case when one or both sites are behind a NAT.)

A tunnel is created between two enpoints, often called gateways. Encrypted pipes are created for securing traffic by crypting packets between the endpoints.

On each side, other hosts can be reached. Depending on the tunnel type, you may or may not have access to the remote gateway. (SSH lets you access the remote gateway, with an IPSEC VPN (virtual private network) where application and endpoint run on the same box you are in for some trouble. It works, but is ugly to do so.)

You also have to specify the hosts behind the endpoint. This can happen via subnets, or you can specify single hosts. (With SSH we will specify only single hosts here, no networks. Further only one side behind the tunnel has to be specified, the other side's host 'behind' the tunnel endpoint, is always located on the same machine as the gateway in question. The tunnel, it being of local or remotely forwarded port type, lets you specify the host not being locate on the gateway. Don't worry, this will come later with a better explanation.)

On general VPN's:
If you would not specify the local and remote network, how could the remote party possibly know to which ip packets should have to be directed, after the data packets exit the tunnel? (For SSH as already stated, only one host, either remote or local, which is not located on a gateway, can be specified. The other 'end' outside of the tunnel endpoint, lies always on the the gateway.)

ssh tunneling howtos

preface

A regular ssh tunnel is like the above mentioned tunnels, except that the gatways and the networks after the ends (/32 networks to be exact) reside on the same host (read: the gateway). This guide assumes that you already know how to do this, its the basic ssh <hostname-or-ip> stuff.

chained tunnels

To connect to a remote host, but hopping over a few other hosts in the process, simply chain the tunnels:

ssh <host1> ssh <host2> ssh <host3>

Since you will want proper terminals, use the -t flag when doing so. And use -A if you need agent forwarding, when wanting to copy files between hosts directly.

ssh -t -A <host1> ssh -t -A <host2> ssh -A <host3>

This chaining stuff will also work for port forwardings described below, but you really have to watch your ports, so things fit together.

local tunnelling / port forwarding

-L will forward a port on your side of the tunnel to a host on the other one. That way you can reach over into the remote network.

The first use case here will be 'local' tunneling with the -L flag. The port specified on the local site will be forwarded to the remote site. This will be done so the webinterface of a remote NAS behind a router with NAT will be made externally accessible. NAS means Network Attached Storage, a small data server consuming not much energy providing file-level data.

For this to work, the router has to be configured such that it does port forwarding of requests on its port 12345 to the ssh host you want to connect to, by knowing its IP and the port on which the ssh server on this machine runs. (Usually on port 22.)

Usually you see specifications like this one:

ssh -L 1337:192.168.0.33:443 <user>@<domain-or-ip> -p12435

Easier to grasp should be this:

ssh <domain-or-ip> -l <user> -p 12345 -L localhost:1337:192.168.0.33:443

You ssh to the host at <domain-or-ip>, with the user specified by -l as <user> on port specified with -p which is 12345. The port only has to be specified if SSH is not running on standard port 22. This is the gateway part.

Then you pass the information from on the local and the remote host, connected via a :.

localhost is the bind address, on which the SSH server instance is running, and 1337 is the port which will be used for accessing the webinterface. Which is what you have to type into your browser. (https://localhost:1337) If it were running with a different bind address, you'd have to use this one here, but then I likely would not have to tell you that. :) localhost does not have to be specified, this is done just for illustration purposes.

What another bindaddress does, is allowing others to use the tunnel if GatewayPorts is enabled on the local SSH server. See man sshd_config for more info.

192.168.0.33:443 is the ip of the NAS system on the remote network behind the remote gateway and the port where the webserver is running on there.

remote tunneling / port forwarding

-R will forward a port from the remote site to your side of the tunnel. That way hosts from your network can be reached remotely.

Going along with the example above, from within the LAN where the NAS is located:

ssh <domain-or-ip> -l <user> -p 12345 -R localhost:1337:192.168.0.33:443

Here <domain-or-ip> -l <user> -p 12345 is again the gateway information for the remote machine. Depending on -L or -R the local or remote port (and bindaddress!) are specified.

localhost here talks about the bindaddress on the remote server. If it is explicitly set, ssh's GatewayPorts directive/option has to be enabled on the server's /etc/ssh/sshd_config.

192.168.0.33:443 is just the location of the NAS again.

tunnel chains with port forwardings

A local example:

ssh -t <host1> -L 1337:localhost:1337 ssh -t <host2> -L 1337:localhost:1337 ssh <host3> -L 1337:192.168.0.33:443

Local browser can reach the far far away NAS via https://localhost:1337, which is on the same network as <host3>. If the NAS were SSH accessible, the complete path could be encrypted. Since we can't (at least in my made up example), we will hop from <host3> to it at its IP 192.168.0.33, and this is the only part of the connection, that cannot be encrypted. (This is just provided for educational purposes, such complex setups are usually unlikely in sane reality.)

Use -t for all hops prior to the last one.

a tunnel in a tunnel - port forwarding for ssh to reach locally bound services

This is for services bound to the loopback / 127.0.0.1 interface, and which are thus only locally available:

ssh <host1> -L 1336:<host2>:22
ssh localhost -p 1336 -L 1337:localhost:3306

NAS is again a bad example here, as usually these boxes do not have ssh daemons installed/running.

What we did above was simply building a tunnel to the host we want to hop onto, and then creating the port forward by connecting to the locally existing SSH tunnel. This may be useful for remote connections to mysql instances that usually can just be reached locally.

Usually I have no use for this, but it might come in handy some day.

dynamic tunnelling

To create a SOCKS proxy via SSH:

ssh <domain-or-ip> -l <user> -p 12345 -D 192.168.0.2:1337

Here a specific bindaddress was used (192.168.0.2, which is our local ip within our LAN. Do you remember the Gatewayports thing?). Any host connecing to our ssh tunnel running on port 1337 will straight be forwarded to the remote gateway.

The application has to know how to handle SOCKS connections, else this will not work.

To keep up with our NAS example, I'd do:

ssh <domain-or-ip> -l <user> -p 12345 -D 1337

Then set up my web browser to use a SOCKS proxy, with address localhost (since no bindaddress was given, unlike in the prior example) and port 1337.

Afterwards https://192.168.0.33:433 can be entered into the adressbar and the NAS is reachable. Just keep in mind, that other Websites will not work.

PPP-over-SSH

When having to use software which is unaware of SOCKS proxies, the Point-to-Point Protocol (PPP) comes to help.

Also this is a poor man's VPN, when used to transfer all traffic through it and not just a sole host or network.

Since I have not had this put to use yet, I cannot write much about it.

So far:

  • Routing may be an issue and thus reaching DNS servers, when its just used to partially tunnel network connections.
  • When tunnelling everything, OSPF (open-shortest-path-first, a routing protocol) can be used to fix this, as I read, see the second link for more info.
  • Well, here are the links.

One link was on BSD, but I guess this helps with enlightenment. The shortest howto is the last one from the Arch wiki. Best may be the second one.

bash: check MTU
posted on 2015-06-29 17:30:20

To check which MTU works, here's a one-liner. Will have colored output

for (( i=1520; i>1400; i=i-2 )); do if ping -c 1 -M do -s "$i" 8.8.8.8 &>/dev/null; then echo $'\e[32m'; else echo $'\e[31m'; fi; echo "$i ($(( $i + 28 )))"; done

Or easier to read:

for (( i=1520; i>1400; i=i-2 ))
do
    if ping -c 1 -M do -s "$i" 8.8.8.8 &>/dev/null
        then echo $'\e[32m'
        else echo $'\e[31m'
    fi
    echo "$i ($(( $i + 28 )))"
done
Linux: uname
posted on 2015-06-21 21:23:39

To get a proper overview on the hardware architecutre of the system used, uname helps.

[sjas@lynsjas ~]% uname -a
Linux lynsjas 2.6.32-504.16.2.el6.x86_64 #1 SMP Wed Apr 22 06:48:29 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

This is basically: (information type, uname flag to get just this info, example output)

kernel name (-s):               Linux
host name (-n):                 lynsjas
kernel release (-r):            2.6.32-504.16.2.el6.x86_64
kernel version (-v):            #1 SMP Wed Apr 22 06:48:29 UTC 2015
machine architecture (-m):      x86_64
processor architecure (-p):     x86_64
hardware architecture (-i):     x86_64
operating system (-o):          GNU/Linux
find: multiple wildcards
posted on 2015-06-10 11:51:51

When looking out for all files in a folder and its contained subfolders, find . -iname '*.py' might for example give you all python files. But what if you all the .pyc files, too?

Coupling several types with iname will not work!

Use the -regex flag instead:

`find . -regextype egrep -regex '.*\.py|.*\.pyc'`

By default find uses the emacs regex syntax which is very likely counter intuitive. Besides emacs and egrep there are others available:

- findutils-default
- awk
- egrep
- ed
- emacs
- gnu-awk
- grep
- posix-awk
- posix-basic
- posix-egrep
- posix-extended
- posix-minimal-basic
- sed
tmux: write to all panes simultanously
posted on 2015-06-04 14:34:15

I find myself working in tmux quite often with split panes, and wanting to work on all panes at once. An alternative that I have put to use in the past was cssh / clustershell, but this uses xterm and does not look pretty.

So simply put this into ~/.tmux.conf:

bind e setw synchronize-panes

Aftwards C-b e will toggle the function which lets you write to all panes simultanously.

tmux primer
posted on 2015-05-11 21:19:05

Like an earlier post on screen, this is a primer on tmux to get up and running as fast as possible.

tmux 'feels' faster, and has according to rumors, cleaner code, thus crashes not as easily. Also the shortcuts, manpage, everything felt more natural and easier to memorize. As well as ctrl-b being a better shortcuts than screen's ctrl-a which is often needed for jumping to the beginning of the line in bash. And the pane borders are only a pixel wide, which is just great.

In short, on a server, use screen, tmux otherwise. Why? Most likely your peers will know screen already, but do not want to have to do anything with tmux. :)

Further, 'tmux' has sessions containing windows containing panes, whereas 'screen' only has sessions containing panes, as far as I remember.

In the following, every command that does not start with tmux is a hotkey, the former are shell commands. For hotkey commands you have to be within a running tmux session.

global hotkey

# needed for every command you will want to enter inside tmux
CTRL+b

general handling

help

## general help overview, bindings via tmux
?

## bindings via shell
tmux lsk

detach

d

suspend

CTRL-z

show tmux messages

~

session management

start a named session

tmux new -s <session-name>

kill session

tmux kill-session -t <session-name>

list available sessions

tmux ls

reattach named session

tmux a -t <session-name>

# if only one session is runningï
tmux a

choose session via menu

s

window management

open new window

c

close current window

&

choose window via menu

w

rename current window

,

search for text in all windows

f

moving around windows

# go to previous window
l

# jump to window by id
0, 1, 2, 3, 4, 5, 6, 7, 8, 9

# next/previous window
n / p

choose window via menu

w

pane management

split / open panes

# vertical
%

# horizontal
"

close current pane

x

break current pane out of current window (into new window)

!

moving around panes

just use the arrow keys, the will work, too

# next pane in current window
o

# rotate panes forwards / backwards (so next pane is put where the current was)
CTRL-o / M-o

# show pane id's
q

# jump to pane by number
q <number>

# go to previous pane
;

resizing panes

# by one character
CTRL-<arrow key>

# by five characters
M-<arrow key>

rearranging panes

# swap current with next with pane
}

# swap current with previous with pane
{

scrolling

pgup
pgdn
or use the mousewheel

misc

show time

t
Linux: iftop manual
posted on 2015-05-07 14:33:55

Linux iftop is a nice tool when watching traffic in realtime. Sadly, the base settings are not the most helpful.

So try these for a change, after starting iftop:

p  -  toggle port display
L  -  logarithmic traffic scale 
s  -  hide source host
N  -  port resolution off
t  -  toggle sent, received, sent+received, send and received display

which will give you something like this here: (sadly, the traffic bars are not shown)

         10b        100b        1,00kb     10,0kb      100kb      1,00Mb 10,0Mb
└──────────┴──────────┴───────────┴──────────┴───────────┴──────────┴───────────
 * :443                   <=>  * :53269                     0b   37,9kb  11,0kb
 * :80                    <=>  * :21400                  4,79kb  20,0kb  5,00kb
 * :80                    <=>  * :20141                  27,7kb  19,6kb  4,89kb
 * :80                    <=>  * :50604                  52,4kb  17,9kb  4,47kb
 * :80                    <=>  * :58073                  16,3kb  16,3kb  6,05kb
 * :22                    <=>  * :27883                  19,0kb  14,8kb  12,3kb
 * :80                    <=>  * :50086                     0b   14,8kb  3,69kb
 * :80                    <=>  * :52441                   480b   14,4kb  4,88kb
 * :80                    <=>  * :50581                  71,5kb  14,3kb  3,58kb
 * :80                    <=>  * :49450                  11,3kb  13,9kb  5,05kb
 * :80                    <=>  * :57972                     0b   13,8kb  3,44kb
 * :80                    <=>  * :37680                     0b   13,7kb  3,42kb
 * :80                    <=>  * :49312                  6,93kb  13,6kb  3,41kb
 * :80                    <=>  * :49723                  13,5kb  13,6kb  6,09kb
 * :80                    <=>  * :4442                   15,5kb  13,6kb  3,39kb
 * :80                    <=>  * :53240                  13,4kb  13,4kb  6,69kb
 * :443                   <=>  * :51954                  13,4kb  13,4kb  5,15kb

────────────────────────────────────────────────────────────────────────────────
TX:             cum:   28,0MB   peak:   3,18Mb  rates:   2,75Mb  2,86Mb  2,79Mb
RX:                    28,5MB           3,01Mb           2,83Mb  2,87Mb  2,84Mb
TOTAL:                 56,5MB           6,18Mb           5,58Mb  5,73Mb  5,63Mb

The bars are the actual traffic taking place, the logarithmic bar on top help with understanding.

To move down/up, use j/k.

The columns to the left are chosen via 1, 2, 3 and show traffic averages over 2s, 10s and 40s.

The bars can also be toggled, to reflect the 2s, 10s and 40s aggregation.

Linux: Which display manager do I run?
posted on 2015-05-03 11:09:32

To easily determine the display manager you are running, this should usually siffice to a pretty high degree:

ps auxf | awk '{print $11}' | \grep -e "^/.*dm$" -e "/.*slim$" 
MySQL: restore single table from dump
posted on 2015-04-24 11:13:21

MySQL dumps are usually created from whole databases. But what if you only need a single table restored?

You could edit/sed/grep the dump for information on just this single one table (and hopefully don't fuck up), or let mysql do the work. Simply restore the dump to a test database and then dump just the table in question, so you can load just the table dump back into the production database.

Keep in mind, this might take ages if you have extremely large dumps.

In the following it is assumed you have a working .my.cnf so you do not have to enter the user and passwort with every shell call.

#create db
mysqladmin create NAME_OF_TEMP_DB

#replay full dump
mysql NAME_OF_TEMP_DB < fulldump.sql

#dump table in question
mysqldump NAME_OF_TEMP_DB TABLE_NAME > table_name.sql

#load tabledump back into production
mysql NAME_OF_PROD_DB < table_name.sql

So simply mysqladmin - mysql - mysqldump - mysql and you are done. :)

bash: fun with programming
posted on 2015-04-11 22:37:59

While strolling around and doing some readup on FreeBSD and it's man pages, I came across the intro pages. There exist man 1 intro to man 9 intro. After having read all, I wanted to have an overview, which manpages were referenced from these, which lead to all this in the end.

With some messing around, this is what I ended up with finally:

[sjas@stv ~]$ MATCH=\\w\\+\([[:digit:]]\); MANPAGE="intro"; for (( i=1;i<10;i++ )); do echo "^[[33;1mman $i $MANPAGE^[[0m"; grep "$MATCH" <(man "$i" "$MANPAGE") | grep -v $(echo "$MANPAGE" | tr '[:lower:]' '[:upper:]') | grep --color "$MATCH"; done

Sidenote: Simply copy-pasting this will not work, see the ansi escape sequences part below on why. If you cannot wait, exchange the two occurences of ^[ characters with a literal escape. Insert via Ctrl-V followed by hitting Esc.

Since this makes use of really a lot of bash tricks, a write-up might be some fun and this post is the result. In case you don't understand something, try googling the term in question for further reference. This post is intended as a pointer on what to search at all.

As this grew quite long I could not be bothered to copy contents of man pages or insert links of wikipedia pages, so bear with me.

preface

As most people do not have a BSD installation ready, a reference the manpages of a linux command would help? A command with several pages would be needed, so how about:

man -k . | awk '{print $1}' | sort | uniq -c | grep -v -e 1 -e 2

Which will give:

  3 info
  3 open

So lets just use the 'info' man pages.

man -k will search all manpages for a given string, in our case for a literal dot which should be included in every page. Of the output only the first column is needed, which is done via awk '{print $1}'. (Do not use cut -d' ' -f1 for things like this, won't work if you have commands separated by several spaces.) sort the output, so double commands are listed in a row, followed by uniq -c which will list all the unique occurences as well as their count. grep -v excludes all occurences of either 1 or 2. (That is why -e is used for providing these, instead of piping through grep -v 1 | grep -v 2, which would work the same.)

overview

Now onto the real beef, which will look like this:

[sjas@nb ~]$ MATCH=\\w\\+\(.\); MANPAGE="info"; for (( i=1;i<10;i++ )); do echo "^[[33;1mman $i $MANPAGE^[[0m"; grep "$MATCH" <(man "$i" "$MANPAGE") | grep -v $(echo "$MANPAGE" | tr '[:lower:]' '[:upper:]') | grep --color "$MATCH"; done
man 1 info
man 2 info
No manual entry for info in section 2
man 3 info
No manual entry for info in section 3
man 4 info
No manual entry for info in section 4
man 5 info
       The Info file format is an easily-parsable representation for online documents.  It can be read by emacs(1) and info(1) among other programs.
       Info files are usually created from texinfo(5) sources by makeinfo(1), but can be created from scratch if so desired.
       info(1), install-info(1), makeinfo(1), texi2dvi(1),
       texindex(1).
       emacs(1), tex(1).
       texinfo(5).
man 6 info
No manual entry for info in section 6
man 7 info
No manual entry for info in section 7
man 8 info
No manual entry for info in section 8
man 9 info
No manual entry for info in section 9

The headlines are printed in bold yellow, the matched manpages are printed in red.

For a better explanation, the one-liner above transformed into a bash script with line numbers:

1  #!/bin/bash
2  MATCH=\\w\\+\([[:digit:]]\)
3  MANPAGE="open"
4  for (( i=1;i<10;i++ ))
5  do 
6      echo "^[[33;1mman $i $MANPAGE^[[0m"
7      grep "$MATCH" <(man "$i" "$MANPAGE") | grep -v $(echo "$MANPAGE" | tr '[:lower:]' '[:upper:]') | grep --color "$MATCH"
8  done

shebang

The shebang in line 1 consists of the magic number #!, meaning the first byte of the file represents # and the second byte !. Unix systems scan files which have their executable bit set for these. When they are found, the rest of the line is treated as the path to the interpreter with which the script should be used. Its maximum lenght is 128 characters due to a compile time restraint, at least in FreeBSD.

variable declaration, definition

Lines 2 and 3 declare and define two variables. These are arbitrarily called MATCH and MANPAGE by me. By convention, these are uppercase, but lowercase will work as well. When a not-yet-present var is introduced (the shell does not know of one with the same name already) via its name and a =, it is declared (memory is reserved and it is created) and assigned the null string. When something follows after the =, it is also defined at once, and will hold the string which follows. Bash variables are usually untyped, when used like this (it's all strings), but with the declare or typeset built-ins (see man bash and search there) you can also define a 'variable' to be an integer, an indexed or associated function, a nameref (means it's a symlink to another variable), to be read-only, to be exported, to automatically uppercase the string of it's definition and such. But I disgress...

quoting and quotation marks (or lack thereof)

"quoting" is the act of 'removing the special meaning of certain characters or words to the shell'.

The second var is just the string 'open' in double quotation marks, whereas the first is also a string, just not enclosed within any quotation marks.

There are quite some variants that can be used:

'
"
(nothing)
\'
\"

In bash, everything in between single quotes is taken literally, no EXPANSION or other substitutions will take place in between the marks. There are these kinds of expansions or substituions:

- brace expansion
- tilde expansion
- parameter and variable expansion
- command substitution
- arithmetic expansion
- word splitting
- and pathname expansion

Look them up in the bash manual, if you are not already second-guessing your decision to read this posting.

Double quotes are used for enclosing strings, but letting bash be able to recognize these:

$ = most expansions
` = command substitions
\ = escapes
! = history expansion

That way, the expansion mechanisms mentioned above are possible to create strings dynamically.

No single quote may be used within double quotation marks, and if you need a literal quotation mark (i.e. for using a string of parameters for a command which is wrapped within another command) you can use pairs of \' or \".

If quoting is omitted, escape spaces and other special signs via the already mentioned escape character alias \, to get a coherent string, like shown in the first variable.

shell escaping and special characters

Since \, ( and ) are special characters in bash, and we want to end up with this string for the regular expression to match our manpage mentions:

'\w\+([[:digit:]])'

they have to be escaped.

regular expressions and character classes

The string itself is a regexp expressing 'match one or several (\+) word characters but no whitespace (\w), followed by an opening parens ((), an element belonging to the character class of digits, which means a number ([[:digit:]]) and finally an closing parens ()). Character classes are part of the POSIX standard and nice to know, since they are easier to use than \s or \w and will just work regardless of implementation as long as your system is POSIX-compliant.

for loop

Line 4 is the header of the for loop, whereas 5 and 8 enclose its body. The header is looped for all eternity while all statements return true. Usually bash's for is used like for i in <number-sequence>; do ..., but this is not everything which is possible.

i is the control variable, which is referenced via "$i" later on, just as the other variables are. ($MANPAGE, $MATCH)

arithmetic evaluation

The (( )) parentheses trigger arithmetic evaluation for what is contained in between, which are three statements in a row. The second statement is also an expression, while it evaluates to 'true', the loop's condition is satisfied and will run. Besides, the c-style for-loop should be self-explanatory.

This is basically the same as $(( ... )) (arithmetic expansion), the difference is the missing $. In bash $ denotes most kind of expansions or substitutions, references to a variable's definition are preluded with a $, too. Whereas in regular expressions it denotes the end of the line, just for the record.

ansi escape sequences

Line 6 is for getting some color into the shell. The ^[ is a literal escape sign, and needed to get bash to recognize the usage of ANSI escape sequences. To insert it, use Ctrl-v followed by Esc, and is a single character internally, even if its representation on the screen is given via two characters. You can see this when you delete it via backspace.

Usually the ANSI sequence part goes like this: <esc>[ <some numbers> m, where the [ denotes the start and m denotes the end of the escape-numbers list. 33 happens to be the number for yellow, red would be i.e. 31. The 1 just means bold. Depending on the feature set the console/terminal emulator you use, you could use the corresponding numbercode to make text underlined or let it blink. The 0 disables all non-standard settings again, so the text afterwards is regular colored and non-bold again.

Since the next part is a little bit more complex, here line number seven from above for easier reference:

7      grep "$MATCH" <(man "$i" "$MANPAGE") | grep -v $(echo "$MANPAGE" | tr '[:lower:]' '[:upper:]') | grep --color "$MATCH"

piping

The | character denotes piping. This simply means the part left of it is executed and the part to its right takes left's output as it's input via a character stream. (I hope this is correct, no warranty on that. :)) Internally a pipe is created through linking two file descriptors of two processes together.

process substitution

In the following, xyz will denote an arbitrary linux/unix command producing some output to the shell, in hope that this will help understanding.

<( xyz ) denotes process substitution (also look it up in man bash ;)), where the output of the command xyz is written to file referenced by a file descriptor which name is passed as argument to the calling command grep.
If >( xyz ) were used, xyz would read and not write to the file referenced by the file descriptor.

Phew. This sounds way harder than it actually is.

grep <searchterm> <( xyz ) means, grep the file descriptor naming the open file where xyz has written it's output to for <searchterm>.

Process substitution and the file descriptor are used, as grep can search only within files, not within an output stream which our xyz command above being man <number> <manpage-name> usually provides.

command substitution (through a subshell)

$( ... ) denotes a sub-shell, which will pass its result to it's parent shell. An older form is to use a pair of backticks, but this form is deprecated:

` ... `

Prior to executing grep -v on the input it is given from the pipe, the subshell is executed as a forked process of the calling process (the invoking shell) which will wait, and the result is handed back to its parent process (grep -v), which will resume execution again then.

This may sound like a contradiction to 'grep can only search in files', but it ain't. The searchterm of grep can be returned from another expression's evaluation, but the location in which to search has to be a file. As the input of grep comes from the pipe, which uses the connection of two processes' file descriptors, we close the circle.

It may be also noted, that if the search term is handed from an expression which hands back a list of several results, only the first result is used and searched for.

Proof:

[sjas@stv ~/test]$ grep --color $(ls -aF | grep '/' | grep './') <(ls -alhF)
/dev/fd/63:drwxr-xr-x  2 sjas  sjas     2B Apr 12 10:40 ./
/dev/fd/63:drwxr-xr-x  6 sjas  sjas    18B Apr 12 10:40 ../

The colored part of the output is just ./, as grep won't search for ../. In case you would want to achieve something like this, you'd have to use a for loop like for i in <command>; do grep --color "$i" <file>; done.

the rest

tr is just used to change every character matched with another one, here via the character classes. Each lowercase char will be exchanged with its uppercase equivalent.

For all die-hards that see this, thank you for reading.

GREP: find ip address
posted on 2015-04-07 14:35:34

When having to have a look at all IPv4 adresses in a logfile, try this:

egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' <filename>
linux: strace basics
posted on 2015-03-31 23:16:24

In the following, <function> is the executable / your program you want to have a further look at.

strace 'traces system calls and signals'. ltrace is for getting to know about the libraries being used, but not discussed here.

write output to file

strace -o <filename> <function>

I.e.

[root@jerrylee /home/jl]# strace -o sout.log echo  

Of course, piping will work, too. But you have to redirect STDERR to the file, too. (&> will do the trick.)

show function counts

strace -c <function>

I.e.

[root@jerrylee /home/jl]# strace -c echo                                       

% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 24.00    0.000090          30         3           open
 21.87    0.000082           9         9           mmap
 11.47    0.000043          11         4           mprotect
  9.87    0.000037           9         4           brk
  8.80    0.000033           8         4           fstat
  6.13    0.000023           5         5           close
  5.33    0.000020          10         2           munmap
  2.93    0.000011          11         1           write
  2.93    0.000011          11         1         1 access
  2.40    0.000009           9         1           execve
  2.13    0.000008           8         1           read
  2.13    0.000008           8         1           arch_prctl
------ ----------- ----------- --------- --------- ----------------
100.00    0.000375                    36         1 total

show timestamps

strace -t <function>

I.e.

[root@jerrylee /home/jl]# strace -t echo                                       
23:24:07 execve("/bin/echo", ["echo"], [/* 57 vars */]) = 0
23:24:07 brk(0)                         = 0x2377000
23:24:07 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff7d2efe000
23:24:07 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
23:24:07 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
23:24:07 fstat(3, {st_mode=S_IFREG|0644, st_size=124895, ...}) = 0
23:24:07 mmap(NULL, 124895, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff7d2edf000
23:24:07 close(3)                       = 0
23:24:07 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
curl: setting a user agent
posted on 2015-03-26 16:28:17

When trying to curl a https site, and the site is run on an apache with mod_security and the OWASP paket, you may get a HTTP 403 error.

This is due to 'them' blocking every http client, that does not seem to be a brower.

This:

curl -k https://<server> -A 'Mozilla/4.0'

will fix this for testing purposes.

mysql: create admin user
posted on 2015-03-24 21:52:43

Open mysql cli:

create user '<user>'@'localhost' identified by '<pw>';
grant all privileges on *.* to '<user>'@'localhost' with grant option;
create user '<user>'@'%' identified by '<pw>';
grant all privileges on *.* to '<user>'@'%' with grant option;
flush privileges;

This looks strange, but to be able to connect as user from everywhere, you need it. See here and search for 'monty'.

IBM DB/2: Introduction and .csv export
posted on 2015-03-16 11:12:00

overview

IBM DB/2 is a relational database, but sports quite a bit more features than i.e. mysql. But it differs quite a bit from the latter. This here should serve as on overview on how to use it's cli and some basic commands, when you are in dire need. ;)

structure

db2 uses linux system users. This means, to access the database you have to be logged as the right user, which has database access granted.

For finding out which user is the one you need, simply login as each one (su db2username, try looking them up in /etc/passwd/) and issue a db2 at the shell prompt.

If it was the right user, it should look like this:

[user@host root]$ db2
(c) Copyright IBM Corporation 1993,2007
Command Line Processor for DB2 Client 10.5.0

You can issue database manager commands and SQL statements from the command 
prompt. For example:
    db2 => connect to sample
    db2 => bind sample.bnd

For general help, type: ?.
For command help, type: ? command, where command can be
the first few keywords of a database manager command. For example:
 ? CATALOG DATABASE for help on the CATALOG DATABASE command
 ? CATALOG          for help on all of the CATALOG commands.

To exit db2 interactive mode, type QUIT at the command prompt. Outside 
interactive mode, all commands must be prefixed with 'db2'.
To list the current command option settings, type LIST COMMAND OPTIONS.

For more detailed help, refer to the Online Reference Manual.

db2 =>

Trying with the wrong user will simply end in a bash: db2: command not found or the like.

basic commands

These should be the most used db2 sql commands when using the CLI via the db2 frontend.

To start simply write db2 while being logged in as the right user.

using help

# show commands
?
# show help on command
? <command>

connecting / disconnecting

# open connection so you can use sql statements
connect to <dbname>
# disconnect, but leave db2 cli running
connect reset
# disconnect and exit db2 cli
terminate
# exit client
quit

getting information on the database and its structure

# list databases
list database directory

If this is too unwieldy, try this from a shell prompt:

# list database's name from shell prompt
db2 list database directory | grep -i 'database name' | awk '{print $4}'

Now onto the internal structure:

# show all tables from all schemas
list tables for all

# show all tables for a specific schema
list tables for schema <schemaname>

# get table structure
describe tables <tablename>.<schemaname>

# show shemas
select distinct tabschema from syscat.tables
## also, but i prefer the above for it's more terse output
select schemaname from syscat.schemata

# show users
select distinct owner from syscat.tables

In syscat.tables there is also other information you might want to know, it's like the counterpart of the mysql table in a mysql database of a mysqld installation, as far as I can tell. (The mysql table in database mysql in a mysql database management system installation is correct. If you do not get it, read up on your basics, seriously.)

export to .csv

Easiest this is done from a shellscript. Developing it may take some more time, but usually you will need it in the future again, and grepping through the shell's history ain't the way to go.

touch mydb2script.sh
chmod 755 mydb2script.sh

Open the file mydb2script.sh and edit it to look like this:

#!/bin/bash
db2 connect to <databasename>
db2 "export to <filename>-$(date +%Y%m%d-%H.%M).csv of del modified by chardel\"\" coldel; decpt. select * from <databaseschemaname>.<tablename>"
db2 terminate

Read the above like export of sql-query, so the 'strange' syntax will make sense. The delimiter stuff is just sort of changing export settings.

I'd indent this like here, no idea if this makes sense to you:

export
    filename
of
    delimiter
        modified by
            chardelimiter '""'
            columndelimiter ';'
            decimalpoint '.'
<SQL QUERY>

I honestly do not know for sure if the terminate at the end is neccessary, but it does not hurt either, I guess. (Always close your resources if you do not need them anymore...) Since this is intended to be used as a cronjob, testing this without the conn reset is not an option since the system I am working on is produktive, and I sure as hell do not want to shoot it down some time in the future due to too many database connections. (When I have forgotten about the cron already, of course, or a colleague of mine will have to hunt it down without knowing anything about the changes.) There are quite a lot connections to the DB already, so troubleshooting this one-connection-at-a-time is also... NOT an option. :)

Redirect the commands output to /dev/null in case you want this as a cron job.

That should be about enough to start working with a db2 install you do not know much about. :)

ssh for remote backups
posted on 2015-03-09 12:32:56

To backup a system's file, usually you employ scp. This is fine, as long as you want to backup only regular files.

If you want to backup non-regular files, this won't work and you will need ssh.

Especially:

tar cvJ <folder> | ssh -T -c blowfish -e none <user>@<host> "cat > /backup.tar."

Here are some hacks contained within:

  1. -T to prevent allocation of a pseudo-terminal so redirection works
  2. -cblowfish to not use 3DES encryption, which is faster
  3. -enone so no escape sequence is used. That way the transfer can not kill the connection if <escapesequence>. is found. (Usually it is this one: ~.)

If this stuff is not done, your transfer may or may not work.

Thanks to Jan Engelhardt of inai.de for this gem.

iptables: definitive basics
posted on 2015-03-07 16:12:02

introduction

Most of this is from the manpage anyway (man iptables), this write-up is simply aimed at getting the topic better into my head.

iptables and alternatives

iptables is the basic firewall solution on all linux-systems. (To be exact, it is the frontend for the netfilter part in the kernel, but you do not need to know that.) ipchains does also exist, but you can only choose one of both, so do yourself a favour and use the former. ipchains can also only do stateless firewalling, where each packet is looked at independently. Opposed to this is stateful firewalling which iptables can do. Stateful packet inspection, or dynamic packet inspection can also do work based on connection states, see next part on some more explanations.

Discussing anything besides iptables currently is more or less moot:

  • 2.4.x kernels and above run iptables
  • 2.2.x kernels run ipchains
  • 2.0.x kernels run ipfwadm.

This will change with nftables, which should arrive with kernel 3.13 AFAIK. By then another posting like this one will become necessary, I fear. :)

connection states

iptables can switch packets by ip data, as well as connection (stream) states. 'connection', 'connection stream' and 'stream' are synonyms in the following. Easiest these are explained with parts of TCP's three-way handshake, but keep in mind there is also UDP and ICMP. See here.

NEW
    the first packet of a connection stream, i.e. a SYN packet
    stream is classified as NEW
ESTABLISHED
    a connection was initiated through a SYN packet
    SYN/ACK'd through a second packet in reverse
    then all following packets of this stream are of this state
RELATED
    if an already ESTABLISHED connection stream spawns a new connection
    the new connection will be RELATED
    example is FTP's data channel set up by an ESTABLISHED control channel
INVALID
    packets having no state and being unidentifiable
UNTRACKED
    packets marked with the raw's table NOTRACK target show up as UNTRACKED
    i.e. for traffic on port 80 of a highly frequented webserver, to save resources.
    Sidenote: 'related' streams cannot be tracked either!

fwbuilder

If you have absolutely no idea on how to build an iptables FW by yourself, try fwbuilder, which is a GUI where you enter your rules. The result can be compiled afterwards into an iptables script. Do not forget to install the fwbuilder-ipt package, too, which you need to compile the iptables rules. There does also a backend exist, to create a pf FW script, along with others.

iptables system structure

There exist three building blocks:

  1. tables
  2. chains
  3. rules

Each table contains a set of chains, where each chain is an assortment of rules. The chains are parsed rule after rule, if no rule matches the default policy will be applied. If all rules are parsed or not, depends on rule design.

The basic tables are filter, nat and mangle. There also exist raw and secure. Usually you can forget everything besides filter (which is the default table, if you choose none it will be used) and maybe nat sometimes.

The mangle tables is interesting for marking packets and rule-based routing, to implement traffic engineering for QoS. If you have no idea what this is about, leave that stuff alone. :)

default tables and chains, ordering

Here's a list of all tables with all default chains along with an explanation which chain will be active on which packets.

filter = default table
    INPUT - packets destined locally
    FORWARD - routed packets
    OUTPUT - packets with external destination

nat = looked up when packets initiate a new connection
    PREROUTING - alters packets ASAP at arrival
    OUTPUT - alter locally generated packets before routing
    POSTROUTING - alter packets just before they go out

mangle = packet alteration 
    INPUT - alter incoming packets
    PREROUTING - alter incoming packets before routing
    OUTPUT- alter locally generated packets before routing
    FORWARD - packets being routed through the box
    POSTROUTING - alter packet after routing applied

raw = add exemptions from connection tracking, table looked up prior to anything else
    PREROUTING - all packets arriving on all interfaces
    OUTPUT - packets generated by local addresses

security = MAC networking rules, selinux stuff, called after filter table
    INPUT - incoming packetsj
    OUTPUT - alter locally generated packets before routing
    FORWARD - alter packets routed through the box

If this is rocket science, you can try the wikipedia graph here.

default commands / flags

These are to be used as presented in order here.

select your table

# omitting means implicit '-t filter'
-t <table>
    specify table

day-to-day commands

-L [<chain>]
    LIST chains + rules for current table

-S [<chain>]
    SHOW rules' code being active for current table

-I <chain> [<rulenumber>] <rule>
    INSERT rule at rulenum, prepend if no rulenum given

-A <chain> <rule>
    APPEND rule to given table
    (most often -I is needed, as append rules often don't even get hit)

-D <chain> <rule>|<rulenumber>
    DELETE rule for current table and given chain
    (--line-numbers for lookup helps a lot here)

-Z [<chain> [<rulenumber>]]
    ZERO packet counts

Lesser used:

-R <chain> <rulenumber> <rule>
    REPLACE command at line <rulenumber> (remember --line-numbers?)

cleanup commands

These are needed, in this order, to create a new, clean layout:

-F
    FLUSH all rules
-X
    delete all chains (flush previously!)
-P
    set default POLICY (DROP? REJECT? ACCEPT?)
-N
    create a NEW user-defined chain

After FLUSHING, deleting and setting INPUT and OUTPUT to default POLICY -j ACCEPT, you have effectively deactivated iptables.

parameters for rule creation

Here a lot could be written, but that is better left for googling. Be it on the -p, -s, -d flags, all you need is the internet.

However there is not a lot to be found on the -m documentation or which modules are present at a system at all.

To get some sort of overview what can be done with the netfilter modules being present on your linux system:

for i in /lib/modules/$(uname -r)/kernel/net/netfilter/*; do echo "\e[33;1m$(basename "$i")\e[0m"; strings "$i" | \grep -e description -e depends| sed -e 's/Xtables: //g' -e 's/=/: /g' -e 's/depends=/depends on: /g'; echo; done

That is ugly, but worth a look.

Further, if you wonder if a specific module / match / -m flag is possible on your system, try this:

iptables -m <modulename> --help

I.e. limit is present, as can be seen at the end of the help output:

[sjas@nb ~]$ iptables -m limit --help
iptables v1.4.21

Usage: iptables -[ACD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Commands:


...


[!] --version   -V              print package version.

limit match options:
--limit avg                     max average match rate: default 3/hour
                                [Packets per second unless followed by 
                                /sec /minute /hour /day postfixes]
--limit-burst number            number to match in a burst, default 5
[sjas@nb ~]$ 

Whereas iplimit is not:

[sjas@nb ~]$ iptables -m iplimit --help
iptables v1.4.21: Couldn't load match `iplimit':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
[sjas@nb ~]$ 

That way you also get an easy overview on how to use a module in question, since info on the -m flags is basically non-existant on the iptables man page.

actions on packets

What happens to a packet is chosen through these:

-j <target>
    move packet to chain which is specified as JUMP target
    or use ACCEPT, DROP or REJECT targets
    RETURN used in a built-in chain tells that the chain policy decides the packet fate
    RETURN used in a user-defined chain tells to proceed in the superior chain with the next rule
    (after the one which let us jump into this user-defined chain in the first place)

-g <chain>
    if a packet is RETURNed from the GOTO chain accessed via -g, it will jump to the last chain before accessed with -j
    if you end up in a built-in chain, and no rule can be found, the default policy will hit

<nothing>
    if no action is specified, the rule is still nice to have for debugging: (and 'watch'-ing iptables output)
    although nothing happens, the packet counter is active, showing you if it matches or not

additional parameters

--line-numbers
    show rulenumbers in first column, helps when using -D
-v
    verbose mode
-n
    numeric mode: ip's/ports are shown without DNS or service resolution
-x
    exact numbers, means no kilo or mega sizes

These can also be specified i.e. -L -vnx.

Or -vnxL.

a working example

A sample configuration with some sane defaults can be found here now. I have also included colored/noncolored output and a watch shortcut for checking chains for activity easily.

Place the following into /etc/init.d/firewall, if you do not use systemd.

#!/bin/bash
#### BEGIN INIT INFO
## Provides:          firewall
## Required-Start:    mountall
## Required-Stop:
## Default-Start:     2 3 4 5
## Default-Stop:      0 1 6
## Short-Description: start firewall
#### END INIT INFO
#
#### required packages: libnetfilter-conntrack3 libnfnetlink0
## /etc/sysctl.d/iptables.conntrack.accounting.conf
## -> net.netfilter.nf_conntrack_acct=1

# aliasing
IPTABLES=$(which iptables)
# set IF to work on
O=eth0
I=eth0


# load kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

case "$1" in

    start)
        echo 60 > /proc/sys/net/ipv4/tcp_fin_timeout
        echo 0 > /proc/sys/net/ipv4/tcp_ecn

        echo -n "Starting stateful paket inspection firewall... "

        # delete/flush old/existing chains
        $IPTABLES -F
        # delete undefined chains
        $IPTABLES -X

        # create default chains
        $IPTABLES -N INPUT
        $IPTABLES -N OUTPUT

        # create log-drop chain
        $IPTABLES -N LOGDROP

        # set default chain-actions, accept all outgoing traffic per default
        $IPTABLES -P INPUT LOGDROP
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT

        # make NAT Pinning impossible
        $IPTABLES -A INPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A INPUT -p udp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --dport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p tcp --sport 6667 -j LOGDROP
        $IPTABLES -A OUTPUT -p udp --sport 6667 -j LOGDROP

        # drop invalids
        $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j LOGDROP

        # allow NTP and established connections
        $IPTABLES -A INPUT -p udp --dport 123 -j ACCEPT
        $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A INPUT -i lo -j ACCEPT

        # pings are allowed
        $IPTABLES -A INPUT -p icmp --icmp-type 8 -m conntrack --state NEW -j ACCEPT

        # drop not routable networks
        $IPTABLES -A INPUT -i $I -s 169.254.0.0/16 -j LOGDROP
        $IPTABLES -A INPUT -i $I -s 172.16.0.0/12 -j LOGDROP
        $IPTABLES -A INPUT -i $I -s 192.0.2.0/24 -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s 192.168.0.0/16 -j LOGDROP
        #$IPTABLES -A INPUT -i $I -s 10.0.0.0/8 -j LOGDROP
        $IPTABLES -A INPUT -s 127.0.0.0/8  ! -i lo -j LOGDROP




        # OPEN PORTS FOR USED SERVICES

        ## SSH
        $IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT

        ## HTTPD
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPT

        ## OVPN
        #$IPTABLES -A INPUT -i $I -p udp -m conntrack --ctstate NEW --dport 1194 -j ACCEPT

        ## MySQL
        #$IPTABLES -A INPUT -i $I -p tcp -m conntrack --ctstate NEW --dport 3306 -j ACCEPT






        # Portscanner will be blocked for 15 minutes
        $IPTABLES -A INPUT  -m recent --name psc --update --seconds 900 -j LOGDROP

        # only use when ports not available from the internet
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 1433  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 3306  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 8086  -m recent --name psc --set -j LOGDROP
        $IPTABLES -A INPUT ! -i lo -m tcp -p tcp --dport 10000 -m recent --name psc --set -j LOGDROP

        ### drop ms specific WITHOUT LOGGING - because: else too much logging
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 137:139 -j DROP
        $IPTABLES -A INPUT -p UDP -m conntrack --ctstate NEW --dport 67:68 -j DROP

        # log packets to be dropped and drop them afterwards
        $IPTABLES -A INPUT -j LOGDROP
        $IPTABLES -A LOGDROP -j LOG --log-level 4 --log-prefix "dropped:"
        $IPTABLES -A LOGDROP -j DROP

        echo "Done."
    ;;

    stop)
        echo -n "Stopping stateful paket inspection firewall... "
        /etc/init.d/fail2ban stop
        # flush
        $IPTABLES -F
        # delete
        $IPTABLES -X
        # set default to accept all incoming and outgoing traffic
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        echo "Done."
    ;;

    restart)
        echo -n "Restarting stateful paket inspection firewall... "
        echo -n
        /etc/init.d/firewall stop
        /etc/init.d/firewall start
        /etc/init.d/fail2ban start
    ;;

    status)
        $IPTABLES -L -vnx --line-numbers | \
        sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | \
        sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | \
        sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | \
        sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | \
        sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| \
        sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[37;1m&\033[0m")/g'' | \
        sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | \
        sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''
    ;;

    monitor)
        if [ -n "$2" ]
            then $(which watch) -n1 -d $IPTABLES -vnxL "$2" --line-numbers
            else $(which watch) -n1 -d $IPTABLES -vnxL --line-numbers; fi
    ;;

    *)
        echo "Usage: $0 {start|stop|status|monitor [<chain>]|restart}"
        exit 1
    ;;

esac

exit 0

See the services section on how to enable things like enabling HTTP traffic, just uncomment the lines in question.

The colors only work for IPv4 currently.

irssi: a proper introduction
posted on 2015-03-06 22:45:39

shortcuts

switching windows

c-n     next window
c-p     prev window
m-1..0  first / second / ... window

m- here means 'meta', or simply said, the 'alt' key.

scrolling

pgup
pgdn
m-p
m-n

m means meta, which is usually your alt key.

basic commands

/c irc.freenode.org
    connects to freenode irc network
/j <channel>
    join <channel>
/m <nick> <message>
    privately messaging
/n
    show users in channel
/topic [<newtopic>]
    show topic, or change to a new one
/q <nick>
    opens a query with <nick>
/away <message>
    set your away message
/wc
    window closing
/bye /quit
    close irssi

These should be the bare minimum to get by.

If you want to know more on the shortcuts without having to struggle with 'damned good' (i.e. NOT) documentation, just have a quick look at the alias section in ~/.irssi/config. There is no easier way.

logging

There are a lot of tutorials and descriptions on how to do that from with irssi. No comment on that besides that I do not like that approach.

Here's my settings part of ~/.irrsi/config:

settings = {
  core = { real_name = "JL"; user_name = "sjas"; nick = "sjas"; };
  "fe-text" = { actlist_sort = "refnum"; };
  "irc/core" = { alternate_nick = "sjas``"; };
  "fe-common/core" = {
    autoclose_windows = "no";
    print_active_channel = "yes";
    autolog = "yes";
    autolog_level = "ALL";
    autolog_path = "~/.irclogs/%Y/$tag/$0.%m-%d.log";
  };
};

At the core line above, you could add another option, so IPv6 Servers are preferred: (Don't forget the semicolon, if you add it at the end.)

resolve_prefer_ipv6 = "ON"

fish

Thou shalt encrypt thee communication.

fish install

(The whole process is documented in more depth here.)

Download from github:

git clone -v --progress https://github.com/falsovsky/FiSH-irssi

Build it. (make might help? Just see install documentation on github.)

Afterwards link your irssi with the freshly compiled lib.

Create ~/.irssi/startup and put this in it:

load /usr/local/lib/irssi/modules/libfish.so

Try the following, if the path doesn't work: (irssi will tell you in status window on start)

updatedb
locate libfish.so

to find the path, otherwise if you cannot be bothered to install locate / mlocate / whatever, use brute force:

find / -iname libfish.so

Depending on the location of your lib, fix the path above in the startup file.

fish usage

To have encrypted queries:

/keyx <nick-of-partner>

To have channel encryption:

/setkey <channelkey>

<channelkey> is the key all members agreed to use. Don't exchange him in plain sight. Use encrypted queries instead.

mysql: output layout
posted on 2015-03-04 17:51:07

For big mysql tables with a lot of columns, the regular screen output is kind of hard to read at times.

Regularily you call queries like this:

select * from <tablename>;

There are several ways to fix this:

Within the client:

select * from <tablename>\G

At client startup:

## always use alternative output
mysql --vertical

## choose output depending on console width
mysql --auto-vertical-output

How does this look?

Regular:

mysql> show tables;
+---------------------------+
| Tables_in_mysql           |
+---------------------------+
| columns_priv              |
| db                        |
| event                     |
| func                      |
| general_log               |
| help_category             |
| help_keyword              |
| help_relation             |
| help_topic                |
| host                      |
| ndb_binlog_index          |
| plugin                    |
| proc                      |
| procs_priv                |
| proxies_priv              |
| servers                   |
| slow_log                  |
| tables_priv               |
| time_zone                 |
| time_zone_leap_second     |
| time_zone_name            |
| time_zone_transition      |
| time_zone_transition_type |
| user                      |
+---------------------------+
24 rows in set (0.00 sec)

Alternative:

mysql> show tables\G
*************************** 1. row ***************************
Tables_in_mysql: columns_priv
*************************** 2. row ***************************
Tables_in_mysql: db
*************************** 3. row ***************************
Tables_in_mysql: event
*************************** 4. row ***************************
Tables_in_mysql: func
*************************** 5. row ***************************
Tables_in_mysql: general_log
*************************** 6. row ***************************
Tables_in_mysql: help_category
*************************** 7. row ***************************
Tables_in_mysql: help_keyword
*************************** 8. row ***************************
Tables_in_mysql: help_relation
*************************** 9. row ***************************
Tables_in_mysql: help_topic
*************************** 10. row ***************************
Tables_in_mysql: host
*************************** 11. row ***************************
Tables_in_mysql: ndb_binlog_index
*************************** 12. row ***************************
Tables_in_mysql: plugin
*************************** 13. row ***************************
Tables_in_mysql: proc
*************************** 14. row ***************************
Tables_in_mysql: procs_priv
*************************** 15. row ***************************
Tables_in_mysql: proxies_priv
*************************** 16. row ***************************
Tables_in_mysql: servers
*************************** 17. row ***************************
Tables_in_mysql: slow_log
*************************** 18. row ***************************
Tables_in_mysql: tables_priv
*************************** 19. row ***************************
Tables_in_mysql: time_zone
*************************** 20. row ***************************
Tables_in_mysql: time_zone_leap_second
*************************** 21. row ***************************
Tables_in_mysql: time_zone_name
*************************** 22. row ***************************
Tables_in_mysql: time_zone_transition
*************************** 23. row ***************************
Tables_in_mysql: time_zone_transition_type
*************************** 24. row ***************************
Tables_in_mysql: user
24 rows in set (0.00 sec)
Linux: 'top' explained
posted on 2015-03-04 12:54:59

To get a fast overview on what is running on your linux box, use top. (If you want some fancy graphics, try htop, but it has less intuitive shortcuts and is not always installed.)

Sad thing is, at first you don't really know what you are doing. So some guidance:

start and sane defaults

After starting top, press: z, x, c. This will color top (z), show current sort column (x) and the full application path (c).

1 will show stats for all individual cpus.

If you have no idea, use h for getting the help shown.

If you have a newer version of top, V will also work:
This gives you a nice process-tree view.

d changes the update delay, which is at three seconds per default.

cpu stats explained

Straight from the manpage, the CPU statistics show the times spent in:

us = user mode
sy = system mode
ni = low priority user mode (nice)
id = idle task
wa = I/O waiting
hi = servicing IRQs
si = servicing soft IRQs
st = steal (time given to other DomU instances)

If you have low cpu and ram usage but the system is unresponsive, have a look at the wait times.

sorting and searching

Changing the sort column can be done via < and >.

Also available: (not shown in help)

N sort by PID
P sort by CPU usage
M sort by memory usage
T sort by time

R will reverse the output.

u to choose user name, show only this user's processes.

S for cululative time toggling.

columns

f will toggle a window in which you can choose the info fields to be shown. Pressing the character will toggle its state. (Shown or not shown.)

o also opens a window, in there you can reorder the columns. Press the character of the column you want to move, depending on it being upper- or lowercase it gets moved up and down.

manipulate tasks

These should be self-explanatory:

k kill task

r renice task

colored iptables output
posted on 2015-02-27 00:32:21

To get colored iptables output, try this monster:

iptables -L -vnx --line-numbers | sed ''/Chain.*/s//$(printf "\033[33;1m&\033[0m")/'' | sed ''/[ds]pt:.*/s//$(printf "\033[31;1m&\033[0m")/'' | sed ''/[ds]pts:.*/s//$(printf "\033[31;1m&\033[0m")/'' | sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[36;1m&\033[0m")/g''

Ugly as shit could ever be, but only way I found out how this can be done. Also a little buggy, as some colors are a bit off, but still better than vanilla.

UPDATE: some fixes and better coloring and way more regex madness

iptables -L -vnx --line-numbers | \
sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | \
sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | \
sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | \
sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | \
sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | \
sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| \
sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[37;1m&\033[0m")/g'' | \
sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | \
sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''

And something to copy paste more easily, slightly modified again:

iptables -L -vnx --line-numbers | sed ''/Chain[[:space:]][[:graph:]]*/s//$(printf "\033[33;1m&\033[0m")/'' | sed ''/^num.*/s//$(printf "\033[33m&\033[0m")/'' | sed ''/[[:space:]]DROP/s//$(printf "\033[31m&\033[0m")/'' | sed ''/REJECT/s//$(printf "\033[31m&\033[0m")/'' | sed ''/ACCEPT/s//$(printf "\033[32m&\033[0m")/'' | sed -r ''/\([ds]pt[s]\?:\)\([[:digit:]]\+\(:[[:digit:]]\+\)\?\)/s//$(printf "\\\1\033[33;1m\\\2\033[0m")/''| sed -r ''/\([0-9]\{1,3\}\\.\)\{3\}[0-9]\{1,3\}\(\\/\([0-9]\)\{1,3\}\)\{0,1\}/s//$(printf "\033[36;1m&\033[0m")/g'' | sed -r ''/\([^n][[:space:]]\)\(LOGDROP\)/s//$(printf "\\\1\033[1;33m\\\2\033[0m")/'' | sed -r ''/[[:space:]]LOG[[:space:]]/s//$(printf "\033[36;1m&\033[0m")/''| sed ''/CATCH-DROP/s//$(printf "\033[31m&\033[0m")/''
php: locate error log location
posted on 2015-02-23 11:51:16

The easiest way to locate the php error log location, is to use this on the shell:

php --info | grep error
fritzbox: find out cpu architecture
posted on 2015-02-23 01:16:59

To find out which architecture your fritzbox' cpu has, try this:

if egrep -q 'AR9|AR10|VR9|Fusiv' /proc/cpuinfo; then echo "CPU: mips"; else echo "CPU: mipsel"; fi

Older ones are mipsel, whereas newer ones are of mips architecture.

fritzbox: install ssh server
posted on 2015-02-22 17:38:27

After having enabled the telnet access to your fritz box, which involves a phone connected to the device and dialing a number as described here, connect to its ip:

connect via telnet

[jl@jerrylee ~]% telnet 10.0.0.1                                               
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.
password: 


BusyBox v1.20.2 (2014-09-26 13:25:19 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

ermittle die aktuelle TTY
tty is "/dev/pts/0"
Console Ausgaben auf dieses Terminal umgelenkt
disable start/stop characters and flowcontrol
#

check architecture

Depending on the architecuture of the fritzbox cpu, you need a different binary. Older fritzboxes had mipsel cpu's whereas newer ones have mips ones. You may find this here helpful. Later this check is integrated into the install script, so no real need to bother with it now.

install overview

Several steps are needed, to achieve what is desired: (is automated in next section)

  1. set a root password

  2. copy the hashed password

  3. check cpu architecture

  4. install appropriate dropbear ssh server, depending on the platform

5.

actual installation

From there on, do these steps: (tried to make these foolproof by using absolute paths)

cd /var
/usr/bin/wget http://www.spblinux.de/fbox.new/cfg_dropbear
chmod 755 /var/cfg_dropbear

In case you wondered what this 'spblinux' distro is, this is what the sourceforge page tells:

SPBLinux: 
    modular mini distribution running completely in RAM
    can be booted from USB
    based on Busybox and Midnight Commander
    optional with DirectFB and (since version 2.1) Mozilla
    it is possible to create/modify own modules inside SPB:Linux.
Date in filename
posted on 2015-02-10 13:22:40

For documentation (read: work) purposes it's often neccessary to include a date in the filename.

In bash there exist several flags for the date command which come to help. The command itself is easiest used like this:

$ cp <filename>.<ext> <filename>$(date +<FLAGS>).<ext>

As <FLAGS> you usually need: (in Europe)

[sjas@ctr-014 ~]% date +%Y%m%d
20150210

[sjas@ctr-014 ~]% date +%Y%m%d%H%M
201502101337
github: create/delete repo via API
posted on 2015-01-30 13:46:21

This work on github's API in version 3.

Create

curl -u <user> https://api.github.com/user/repos -d '{ "name": "<reponame>", "description": "<description>" }'

user, reponame, description are to be set accordingly. description is optional.

If a user:pw combo were given, you'd not be prompted for you password. Only downside is, you have it in your bash history. (Of course, depending on your shell settings, if the command is prepended with a ' ' (Space character), this might not neccessarily be the case.)

Delete

curl -u <user> -X DELETE https://api.github.com/repos/<user>/<reponame>

Pretty self-describing.

Examples

First a creation:

[jl@jerrylee ~]% curl -u sjas https://api.github.com/user/repos -d '{"name": "my_testrepo", "description": "this is a description"}' 
Enter host password for user 'sjas':
{
  "id": 30072166,
  "name": "my_testrepo",
  "full_name": "sjas/my_testrepo",
  "owner": {
    "login": "sjas",
     ...

     ...
[jl@jerrylee ~]%     

And a deletion:

[jl@jerrylee ~]% curl -u sjas -X DELETE https://api.github.com/repos/sjas/my_testrepo
Enter host password for user 'sjas':
[jl@jerrylee ~]%     

If the deletion was successful, no response is provided. If it failed, github will tell you.

Pause bash shell
posted on 2015-01-23 13:08:32

If you have a long running command with a lot of output where you just got a glimpse on something and you need a closer look but the shell won't let you scroll? (Due to new printouts appearing all the time.)

Use Ctrl-s to pause (and you can scroll up all you want, in case your terminal emulator will let you).
Afterwards Ctrl-q will 'unpause' it again.

The shell is not really put on hold, just the visual updating of the standard output is paused. After the unpausing, everything that has happened in the meantime will become updated again.

bash completion shortcuts
posted on 2015-01-23 11:23

The bash shell also has more shortcuts, than just the ones like for emacs or vi movement.

The other interesting completions are:

C-x /     filename completion
C-x $     bash variable completion
C-x @     hostname completion
C-x !     command completion

Meta-~ username completion
Meta-/ filename completion
Meta-$ bash variable completion
Meta-@ hostname completion
Meta-! which does command completion
Linux performance observability tools
posted on 2015-01-17 18:50:42

This is an alphabetical list which will serve as a reminder, what programs are there to be looked up for me. :)

All this started when I stumbled across a picture on the web, which was from a presentation from Brendan Gregg at LinuxCon14 as I later found out. It was called Linux Performance Tools and it's worth its words in gold, platin and whatever material you see as highly valuable. The slides are here, get your copy and study them. If you want some serious linux sysadmin skills, there is no possible excuse for not doing it.

Seriously.

DO. IT. NOW.

Another two incentives can be found here and here. These may only use a small portion of the later mentioned programs, but either walk the extra miles, or raise your hands in defeat once things get tough, everybody gets to choose man's own path.

Alphetically sorted:

blktrace (8)         - generate traces of the i/o traffic on block devices
dstat (1)            - versatile tool for generating system resource statistics
dtrace (1)           - Dtrace compatibile user application static probe generation tool.
ebpf: nothing appropriate.
ethtool (8)          - query or control network driver and hardware settings
free (1)             - Display amount of free and used memory in the system
ftrace: nothing appropriate.
iostat (1)           - Report Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions.
iotop (8)            - simple top-like I/O monitor
ip (8)               - show / manipulate routing, devices, policy routing and tunnels
iptraf (8)           - Interactive Colorful IP LAN Monitor
ktap: nothing appropriate.
lldptool (8)         - manage the LDP settings and status of lldpad
lsof (8)             - list open files
ltrace (1)           - A library call tracer
lttng: nothing appropriate.
mpstat (1)           - Report processors related statistics.
netstat (8)          - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
nicstat: nothing appropriate.
pcstat: nothing appropriate.
perf (1)             - Performance analysis tools for Linux
pidstat (1)          - Report statistics for Linux tasks.
/proc: nothing appropriate.
ps (1)               - report a snapshot of the current processes.
rdmsr: nothing appropriate.
sar (1)              - Collect, report, or save system activity information.
slabtop (1)          - display kernel slab cache information in real time
snmpget (1)          - communicates with a network entity using SNMP GET requests
ss (8)               - another utility to investigate sockets
stap (1)             - systemtap script translator/driver
strace (1)           - trace system calls and signals
swapon (8)           - enable/disable devices and files for paging and swapping
sysdig ()            - the definitive system and process troubleshooting tool
tcpdump (8)          - dump traffic on a network
tiptop (1)           - display hardware performance counters for Linux tasks
top (1)              - display Linux processes
uptime (1)           - Tell how long the system has been running.
vmstat (8)           - Report virtual memory statistics

First some more explanations on the ones listed above with "nothing appropriate":

ebpf, ftrace, ktap, lttng, nicstat, pcstat, /proc, rdmsr are usually all too new. New like either in bleeding edge, or at least not available in CentOS 7 or Debian 7. If you grab the sources, you might get along. The manpage headlines are actually from a CentOS 7. (Only exception is sysdig, which I installed via the one-liner its github page provided.) /proc is of course not a command, but mentions the /proc folder linux uses where a lot of useful information can be found.

Here are some other sortings, by 'types' now. (Maybe this improves readability, or makes it easier to remember, who knows. It's worth trying, still.)

'stat', 'top', 'trace', 'tap':

dstat      iotop      blktrace     ktap
iostat     slabtop    dtrace       stap
mpstat     tiptop     ftrace
netstat    top        ltrace
nicstat               strace
pcstat
pidstat
vmstat

the rest:

ebpf
ethtool
free
ip
iptraf
lldptool
lsof
lttng
perf
/proc
ps
rdmsr
sar
snmpget
ss
swapon
sysdig
tcpdump
uptime

This were only the 'observability' tools from the presentation. There are also some more listed on 'benchmarking' and 'tuning', and maybe 'tracing'.

Just go an read up on them. NOW.

Running bash scripts
posted on 2015-01-16 23:47:45

There are several ways, how bash scripts can be invoked.

Here are the basic ones along with some lesser known ones:

  1. If your script has a proper shebang and is executable:

    ./SCRIPTNAME.sh

  2. If its missing the x bit:

    bash SCRIPTNAME.sh

  3. Echo commands after processing:

    bash -x SCRIPTNAME.sh

  4. Syntax checking / dry-running:

    bash -n SCRIPTNAME.sh

Linux: kill all processes of a user immediatly
posted on 2014-12-29 17:04:21

To kill all processes belonging to a particular user, combine kill with lsof:

kill -9 `lsof -t -u <username>`
grep: extract different IP addresses from log
posted on 2014-12-03 14:22:16

To easily grep different IP addresses out of a given log file, pipe its contents to this:

| grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | sort | uniq

Or, if you want counts of the IP's, too, how often these were found, try using uniq -c:

| grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | sort | uniq -c

In example:

cat /var/log/messages | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | sort | uniq -c

I will not show output here, because I am not in the mood to create a test file which contains no actually used IP's.

Linux 'less', advantages, disadvantages, keys, options
posted on 2014-12-01 07:46:36

Being the default pager on linux, and thus the tool you use to look manpages at usually, less is worth some more attention.

key points

Unlike editors or IDE's (vi, emacs, nano, eclipse), pagers (at least less) do not have to load a file completely into memory and thus are faster when displaying huge files. If you happen to think you will never have to open files bigger than some KB size, what about some error logs? (Once I saw a machine write like one additional GB per minute. In this case, you should maybe refrain from less and just use like tail -n1000.)

Also, compared to more, less can also scroll backwards. (!!!)

disadvantages

Pagers cannot edit text. That's what editors are for.

keys

system

q                       quit
h                       show help
= or ctrl-g             show current file name
r                       redraw screen
s                       save file (if input comes from a pipe, not a file)

v                       edit file with $VISUAL or $EDITOR

!<command>              execute <command> in $SHELL
!<mark><command>        pipe text contents between cursor and <mark> to <command>

movement

f or ctrl-f or space    move forward one page
b or ctrl-b             move backward one page 

g                       top of first page
G                       bottom of last page

<count>p                go to <count> percent line in text

d                       forward half a page
u                       backward half a page

m<char>                 mark line with <char>
'<char>                 jump to mark <char>o
''                      goto previous position 

search

/<pattern>              search forward for <pattern>
?<pattern>              search backward for <pattern>

n                       next match
N                       previous match

! or ^N                 prior to <pattern>, will search for non-matching lines
^K                      prior to <pattern>, just mark lines but don't move cursor
^R                      don't use regexes for searching

&<pattern>              SHOW ONLY MATCHES (about the best less command ever)

Especially the | hotkey might be interesting.

To pipe the complete buffer content into a file, do this:

1. g (go to top of file)
2. | (start pipe)
3. $ (pipe until the end of buffer)
4. tee [name of logfile].log

Afterwards you should have a new file. This works both with piped input as well as opened files.

options

startup options

All options with dashes can be used while running less, or as startup commands.

I.e.

+F                      same as 'tail -f', but with less
+/<pattern>             open file at <pattern>

+ is needed during startup, from within less its not needed except when you want to reset a option to its default value.

search options

-A                      search starts after target line
-g                      highlight last search result
-G                      highlight search results
-I                      completely case insensitive searching
-i                      smartcase: case-insensitive if search string contains no upper case
-J                      show status column (to mark lines with search results)
                        left of the the text, lines with matches are marked.
F                       'Waiting for data... (interrupt to abort)' (means ^C)
                        This is basically a 'tail -f' on stereoids!

system options

preface:

`-` prior sets / changes the option
`_` just shows it's current state

-e                      quit at EOF
-M                      toggle long prompt (filename, lines, line %)
-m                      toggle medium prompt (line %)
-N                      show line numbers
-Q                      quiet all terminal bells (!!!)
-R                      output raw control chars = SHOW COLORS
-s                      squeeze multiple blank lines into one
-S                      don't wrap long lines

-P                      define custom promtps
                        See last section here about further information.

custom prompts

   %bX      Replaced by the byte offset into the current input file.   
            The  b  is followed by a single character (shown as X above) 
            which specifies the line whose byte offset is to be used.  
            If the character is a "t", the byte  offset of the top line in 
            the display is used, an "m" means use the middle line, a "b" 
            means use the bottom line, a "B" means use the line  just  after  
            the  bottom line, and a "j" means use the "target" line, 
            as specified by the -j option.

   %B       Replaced by the size of the current input file.

   %c       Replaced by the column number of the text appearing in the 
            first column of the screen.

   %dX      Replaced by the page number of a line in the input file.  
            The line to be used is determined by the X, as with the %b option.

   %D       Replaced by the number of pages in the input file, or quivalently, 
            the page number of the last line in the input file.

   %E       Replaced by the name of the editor (from the VISUAL 
            environment variable, or the EDITOR environment variable 
            if VISUAL is  not  defined).
            See the discussion of the LESSEDIT feature below.

   %f       Replaced by the name of the current input file.

   %F       Replaced by the last component of the name of the current input file.

   %i       Replaced by the index of the current file in the list of input files.

   %lX      Replaced by the line number of a line in the input file.  
            The line to be used is determined by the X, as with the %b option.

   %L       Replaced by the line number of the last line in the input file.

   %m       Replaced by the total number of input files.

   %pX      Replaced by the percent into the current input file,  
            based on byte offsets.  
            The line used is determined by the X as with the %b option.

   %PX      Replaced  by  the  percent into the current input file, 
            based on line numbers.   
            The line used is determined by the X as with the %b option.

   %s       Same as %B.

   %t       Causes any trailing spaces to be removed.  
            Usually used at the end of the string, but may appear anywhere.

   %x       Replaced by the name of the next input file in the list.
linux logrotate
posted on 2014-11-28 17:42:24

To avoid overflowing harddisks, use logrotate. It consists of two parts.

config file

First, a config entry either in /etc/logrotate.conf, or in a dedicated file in /etc/logrotate.d/<filename>. (This works since logrotate.d is refeferenced from logrotate.conf.)

Here's an example from mysql:

/var/log/mysql.log /var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/error.log {
    daily
    rotate 7
    missingok
    create 640 mysql adm
    compress
    sharedscripts
    postrotate
        test -x /usr/bin/mysqladmin || exit 0
        # If this fails, check debian.conf! 
        MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
        if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
            # Really no mysqld or rather a missing debian-sys-maint user?
            # If this occurs and is not a error please report a bug.
            #if ps cax | grep -q mysqld; then
            if killall -q -s0 -umysql mysqld; then
                exit 1
            fi 
        else
            $MYADMIN flush-logs
        fi
    endscript
}

In the first line the files to be rotated are specified, in the body all options are stated. This is also an example for a 'script' to run after the rotation (this is what the postrotate section is for).

Usually these are fine:

rotate 7
daily
missingok
notifempty
delaycompress

In case you get an error along the lines of '... has insecure permissions. ... . Set the "su" directive...' simply specify the user/group like this:

# like this
su mysql adm

# this is just here for illustration
rotate 7
daily
missingok
notifempty
delaycompress

cronjob

To run the logrotate regularily, a cron has to be installed.

I.e. in /etc/cron.d/my_cronjob_for_logrotate:

1 23 * * * root /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1

apache: logrotate or rotatelogs?

The apache web server can take care of the logs himself, too. This is easiest done through an option in the vhost config. See here. That way you do not need to set up external logrotating afterwards.

Show /proc contents
posted on 2014-11-27 08:52:22

To easily look and search the contents of the /proc folder in linux, try this one-liner:

temp=`mktemp`; \
for i in \
partitions diskstats crypto key-users keys softirqs version uptime stat meminfo loadavg \
interrupts devices cpuinfo consoles cmdline locks filesystems swaps slabinfo zoneinfo \
vmstat pagetypeinfo buddyinfo modules dma timer_stats timer_list sched_debug iomem ioports \
execdomains mdstat misc fb mtrr cgroups; \
do echo -e "\n\n\n\n\n"$"\e[1;33m/proc/"$i$"\e[0m""\n\n" >> $temp; \
cat /proc/$i >> $temp; \
done; \
less -RNS $temp && rm -rf $temp
  • pasteable into shell and will work
  • it will leave no file on disk
  • will color the name of each file its contents will print
  • result is searchable as it is displayed via less
  • memory stuff files were left out, since you really should not need them usually
  • process files (all numbers) were also omitted

Running as root helps, if you are not allowed to see something.

linux hardware specs via dmidecode
posted on 2014-11-26 10:40:35

Using dmidecode is easiest used via the keywords, e.g. dmidecode -t memory. Else use the numbers: dmidecode -t 3,4.

Keyword     Types
──────────────────────────────
bios        0, 13
system      1, 12, 15, 23, 32
baseboard   2, 10, 41
chassis     3
processor   4
memory      5, 6, 16, 17
cache       7
connector   8
slot        9

Further info from the man page:

The SMBIOS specification defines the following DMI types:


Type   Information
────────────────────────────────────────
0   BIOS
1   System
2   Base Board
3   Chassis
4   Processor
5   Memory Controller
6   Memory Module
7   Cache
8   Port Connector
9   System Slots
10   On Board Devices
11   OEM Strings
12   System Configuration Options
13   BIOS Language
14   Group Associations
15   System Event Log
16   Physical Memory Array
17   Memory Device
18   32-bit Memory Error
19   Memory Array Mapped Address
20   Memory Device Mapped Address
21   Built-in Pointing Device
22   Portable Battery
23   System Reset
24   Hardware Security
25   System Power Controls
26   Voltage Probe
27   Cooling Device
28   Temperature Probe

29   Electrical Current Probe
30   Out-of-band Remote Access
31   Boot Integrity Services
32   System Boot
33   64-bit Memory Error
34   Management Device
35   Management Device Component
36   Management Device Threshold Data
37   Memory Channel
38   IPMI Device
39   Power Supply
40   Additional Information
41   Onboard Device

Additionally,  type  126  is  used for disabled entries and type 127 is an end-of-table marker. Types 128 to 255 are for
OEM-specific data.  dmidecode will display these entries by default, but it can only decode them when the  vendors  have
contributed documentation or code for them.
create SSH session via a proxy server
posted on 2014-11-24 00:23:16

If i want to connect from my computer via my workstation at work to another computer, this is how it is done:

ssh -t work_station ssh another_computer

work_station and another_computer in the above example are either IP's or aliases in the ~/.ssh/config file.

If there are more hops in between your destination workstation and your local computer, just add these via -t hop1 -t hop2 etc. into the line above.

Linux: proper tempfiles
posted on 2014-11-20 10:24:43

mktemp creates randomly named files, a recurringly needed appliance.

create a tempfile and save name to a variable

VARIABLE_NAME=`mktemp`

(That was rather easy, wasn't it?)

Create load on a website with wget
posted on 2014-11-18 13:46:33

To create some load (i.e. to test your webserver / database settings), try wget:

wget -r --spider -l3 http://your.domain.name.here

To save the results, use the -o flag:

wget -r --spider -l3 http://your.domain.name.here -o linkliste.txt

Optionally, you may also get a linklist on the site in question, after using some cleanup.

A script, to copy paste:

echo "\nEnter URL to crawl, without http:\n"; read MYURL; echo "\n$MYURL is being crawled.\n"; MYTEMPFILE=mktemp; wget -r --spider -l3 $MYURL -o $MYTEMPFILE; egrep "^--" $MYTEMPFILE | cut -d' ' -f4 | sort | uniq

This will prompt you for a website / domain, and its output on the console are the links of the domain in question up to the third level. This is due to the -l flag in the wget part being set to 3. The maximum are five levels.

If you want a file, just pipe it into one. :)

create / delete raids with Adaptec's arcconf CLI
posted on 2014-11-17 18:11:41

When working with the CLI for the sole purpose of handling RAID's, usually these commands are needed:

  1. task
  2. create
  3. delete

This will be sort of a lazy posting, no screenpastes will find their way in here, I beg your pardon.

preparation

First make your live a lot easier:

alias asdf=/usr/StorMan/arcconf  ## or where your executable is located

Get an overview on what hardware is available:

asdf getconfig 1 pd | less

This is important, so you can locate the channels / slots of the drives you want to handle. The command is piped through less, since usually the output is too big to fit on a screen. (At least on an 19" 8-bay server, where all slots are filled.)

Similarily, you can see the already created RAID's via

asdf getconfig 1 ld

initialize drives

Once you got your information and you decided your layout, initialize the drives.

If you have nothing you need, and want to prepare all drives at once, do:

asdf task start 1 device all initialize

Else specify the channel and drive id, instead of using 'all':

asdf task start 1 device 0 0 initialize

This will erase the metadata from the drive in slot 0, if your setup is correctly assembled. (Else you are in for trouble, sooner or later, but if you do not know this, you might want to consider a different career path anyway...)

create a logical device

Lets have two examples, one raid1 spanning drives 0 0 and 0 1, and a raid10 on drives 0 4 to 0 7:

asdf create 1 logicaldrive name my_raid1 method quick max 1 0 0 0 1
asdf create 1 logicaldrive name my_raid10 method quick max 10 0 4 0 5 0 6 0 7

While the syntax is cryptical at first, this should become pretty clear once you did this several times.

create is self-explanatory, the first 1 means the controller, and in 99% of all cases you only have a setup with a single controller. logicaldrive is always a present keyword here (except you want to create a jbod), a name always helps. method quick initializing is usually also the best way to go. max specifies maximum size of the raid (that is, as big as the disks let it be).

The numbers afterwards are then:

  1. the raid level
  2. all the channel and slot number tuples

deleting a logical device

asdf delete 1 logicaldrive all

deletes all raids which were created prior.

asdf delete 1 logicaldrive 2

deletes the logical volume with the id 2. (Remember asdf getconfig 1 ld!)

That should be about it in short. modify for raid migration or online capacity expansion is reserved for another post for the time being.

Querying dd progress
posted on 2014-11-16 17:44:33

UPDATE: use pkill instead of kill: pkill -usr1 dd is all you need.


Usually dd will only show information about the transfer it did, AFTER its completion.

Or try a second shell, and sending a USR1 signal to the dd process.

First, lets startd a demo dd process:

[sjas@mb ~]$ dd if=/dev/random of=/dev/null

Then we need to find out the process id of this dd process. For this you can use pgrep, but i prefer grepping ps auxf:

[sjas@mb ~]$ ps auxf | grep dd
2:root         2  0.0  0.0      0     0 ?        S    06:25   0:00 [kthreadd]
91:sjas      3351  0.0  0.0  30588  1704 ?        Ss   06:25   0:01 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
134:sjas      6501  0.0  0.0  31980  3496 pts/1    S+   17:43   0:00          \_ vim 180-querying-dd-for-progress.post
143:sjas      3580  0.0  0.0   9228  1248 ?        S    06:26   0:00  \_ ksysguardd
169:sjas      6560  0.0  0.0   9868   636 pts/2    S+   17:46   0:00  |   \_ dd if=/dev/random of=/dev/null
172:sjas      6660  0.0  0.0   7836   892 pts/3    S+   17:49   0:00      \_ grep -i -n --color dd
[sjas@mb ~]$ 

So in this example, the PID is 6560.

From the second shell:

kill -usr1 6560

will then show additionally this in the first shell:

0+99 records in
1+0 records out
512 bytes (512 B) copied, 250.022 s, 0.0 kB/s

Of course, you could also pipe the data through pv or bar, to have a continouus status bar. But maybe you don't want that (will slow down things a bit), or you just forgot, and so you still can query the process for the current progress.

LSI MegaCli flashing LED lights
posted on 2014-11-15 00:58:12

Blinking LED's with a LSI raid controller on linux?

In theory it is easy: (info taken straigh from the official manual)

MegaCli –PDLocate –PhysDrv[E0:S0,E1:S1....]
-aN|-a0,1,2|-aALL

Tricky part is, YOU HAVE TO ESCAPE THE BRACKETS IN THE SHELL. Well, FML? Further you are forbidden to use the logical count of your enclosure. (Like '0' or '1'.) You actually need the device id.

In short: (a0 for adapter, since I assume you only have only one raid controller, else choose the one you actually use, or use -aALL flag.)

First locate the device id of your enclosure via MegaCli encinfo a0, MegaCli version pd a0 or MegaCli pdlist a0.

my_server@01:02:39 ~ # ./MegaCli64 encinfo a0

    Number of enclosures on adapter 0 -- 1

    Enclosure 0:
    Device ID                     : 252
    Number of Slots               : 8
    Number of Power Supplies      : 0
    Number of Fans                : 0
    Number of Temperature Sensors : 0
    Number of Alarms              : 0
    Number of SIM Modules         : 1
    Number of Physical Drives     : 2
    Status                        : Normal
    Position                      : 1
    Connector Name                : Unavailable
    Enclosure type                : SGPIO
    FRU Part Number               : N/A
    Enclosure Serial Number       : N/A
    ESM Serial Number             : N/A
    Enclosure Zoning Mode         : N/A
    Partner Device Id             : Unavailable

    Inquiry data                  :
        Vendor Identification     : LSI
        Product Identification    : SGPIO
        Product Revision Level    : N/A
        Vendor Specific           :


Exit Code: 0x00
my_server@01:02:46 ~ #

or

my_server@01:14:02 ~ # ./MegaCli64 version pd a0

Location        Model           Fw Version
252 0           SAMSUNG MZ7WD2407W3QS16LNYAF401306      
252 1           SAMSUNG MZ7WD2407W3QS16LNYAF401299      

Exit Code: 0x00
my_server@01:14:55 ~ # 

Now you have the enclosure id (which is 252), which you need for the next step.

Start blinking: (Slot 1 in this example.)

./MegaCli64 pdlocate physdrv \[252:1\] a0

Stop blinking again:

./MegaCli64 pdlocate stop physdrv \[252:1\] a0

As you might already have noticed, MegaCli does not give a damn about case sensitivity or using dashes in front of flags.

If only someone would have told you this years earlier? ;)

lsi shell help page
posted on 2014-11-14 23:41:06

Without further ado, in case you should ever need this, maybe to print it out? (...)

      MegaCLI SAS RAID Management Tool  Ver 8.07.07 Dec 19, 2012

    (c)Copyright 2011, LSI Corporation, All Rights Reserved.


NOTE: The following options may be given at the end of any command below: 

    [-Silent] [-AppLogFile filename] [-NoLog] [-page[N]] 
                 [-] is optional. 
                  N - Number of lines per page. 

MegaCli -v 
MegaCli -help|-h|? 
MegaCli -adpCount 
MegaCli -AdpSetProp {CacheFlushInterval -val} | { RebuildRate -val} 
    | {PatrolReadRate -val} | {BgiRate -val} | {CCRate -val} | {ForceSGPIO -val}
    | {ReconRate -val} | {SpinupDriveCount -val} | {SpinupDelay -val} 
    | {CoercionMode -val} | {ClusterEnable -val} | {PredFailPollInterval -val} 
    | {BatWarnDsbl -val} | {EccBucketSize -val} | {EccBucketLeakRate -val} 
    | {AbortCCOnError -val} | AlarmEnbl | AlarmDsbl | AlarmSilence 
    | {SMARTCpyBkEnbl -val} | {SSDSMARTCpyBkEnbl -val} | NCQEnbl | NCQDsbl 
    | {MaintainPdFailHistoryEnbl -val} | {RstrHotSpareOnInsert -val} 
    | {DisableOCR -val} | {BootWithPinnedCache -val} | {enblPI -val} |{PreventPIImport -val} 
    | AutoEnhancedImportEnbl | AutoEnhancedImportDsbl 
    | {EnblSpinDownUnConfigDrvs -val}|{UseDiskActivityforLocate -val} -aN|-a0,1,2|-aALL 
    | {ExposeEnclDevicesEnbl -val} | {SpinDownTime -val} 
    | {SpinUpEncDrvCnt -val} | {SpinUpEncDelay -val} | {Perfmode -val} -aN|-a0,1,2|-aALL 
    | {PerfMode -val –MaxFlushLines -val –NumIOsToOrder -val} -aN|-a0,1,2|-aALL 
MegaCli -AdpSetProp -AutoDetectBackPlaneDsbl -val -aN|-a0,1,2|-aALL 
       val - 0=Enable Auto Detect of SGPIO and i2c SEP. 
             1=Disable Auto Detect of SGPIO. 
             2=Disable Auto Detect of i2c SEP. 
             3=Disable Auto Detect of SGPIO and i2c SEP. 
MegaCli -AdpSetProp -CopyBackDsbl -val -aN|-a0,1,2|-aALL 
       val - 0=Enable Copyback. 
             1=Disable Copyback. 
MegaCli -AdpSetProp -EnableJBOD -val -aN|-a0,1,2|-aALL 
       val - 0=Disable JBOD mode. 
             1=Enable JBOD mode. 
MegaCli -AdpSetProp -DsblCacheBypass -val -aN|-a0,1,2|-aALL 
       val - 0=Enable Cache Bypass. 
             1=Disable Cache Bypass. 
MegaCli -AdpSetProp -LoadBalanceMode -val -aN|-a0,1,2|-aALL 
       val - 0=Auto Load balance mode. 
             1=Disable Load balance mode. 
MegaCli -AdpSetProp -UseFDEOnlyEncrypt -val -aN|-a0,1,2|-aALL 
       val - 0=FDE and controller encryption (if HW supports) is allowed. 
             1=Only support FDE encryption, disallow controller encryption. 
MegaCli -AdpSetProp -PrCorrectUncfgdAreas -val -aN|-a0,1,2|-aALL 
       val - 0= Correcting Media error during PR is disabled. 
             1=Correcting Media error during PR is allowed. 
MegaCli -AdpSetProp -DsblSpinDownHSP -val -aN|-a0,1,2|-aALL 
       val - 0= Spinning down the Hot Spare is enabled. 
             1=Spinning down the Hot Spare is disabled. 
MegaCli -AdpSetProp -DefaultLdPSPolicy -Automatic| -None | -Maximum| -MaximumWithoutCaching -aN|-a0,1,2|-aALL 
MegaCli -AdpSetProp -DisableLdPS -interval n1 -time n2 -aN|-a0,1,2|-aALL 
       where n1 is the number of hours beginning at time n2 
       where n2 is the number of minutes from 12:00am 
MegaCli -AdpSetProp -ENABLEEGHSP -val -aN|-a0,1,2|-aALL 
       val - 0= Disabled Emergency GHSP. 
             1= Enabled Emergency GHSP. 
MegaCli -AdpSetProp -ENABLEEUG -val -aN|-a0,1,2|-aALL 
       val - 0= Disabled Emergency UG as Spare. 
             1= Enabled Emergency UG as Spare. 
MegaCli -AdpSetProp -ENABLEESMARTER -val -aN|-a0,1,2|-aALL 
       val - 0= Disabled Emergency Spare as Smarter. 
             1= Enabled Emergency Spare as Smarter. 
MegaCli -AdpSetProp -DPMenable -val -aN|-a0,1,2|-aALL 
       val - 0=Disable Drive Performance Monitoring . 
             1=Enable Drive Performance Monitoring. 
MegaCli -AdpSetProp -SupportSSDPatrolRead -val -aN|-a0,1,2|-aALL 
       val - 0=Disable Patrol read for SSD drives . 
             1=Enable Patrol read for SSD drives. 
MegaCli -AdpGetProp CacheFlushInterval | RebuildRate | PatrolReadRate | ForceSGPIO
    | BgiRate | CCRate | ReconRate | SpinupDriveCount | SpinupDelay 
    | CoercionMode | ClusterEnable | PredFailPollInterval | BatWarnDsbl 
    | EccBucketSize | EccBucketLeakRate | EccBucketCount | AbortCCOnError 
    | AlarmDsply | SMARTCpyBkEnbl | SSDSMARTCpyBkEnbl | NCQDsply 
    | MaintainPdFailHistoryEnbl | RstrHotSpareOnInsert 
    | EnblSpinDownUnConfigDrvs  | DisableOCR 
    | BootWithPinnedCache | enblPI  |PreventPIImport | AutoEnhancedImportDsply | AutoDetectBackPlaneDsbl 
    | CopyBackDsbl | LoadBalanceMode | UseFDEOnlyEncrypt | WBSupport | EnableJBOD 
    | DsblCacheBypass | ExposeEnclDevicesEnbl | SpinDownTime | PrCorrectUncfgdAreas 
    | UseDiskActivityforLocate | ENABLEEGHSP | ENABLEEUG | ENABLEESMARTER | Perfmode | PerfModeValues 
    | -DPMenable -aN|-a0,1,2|-aALL 
    | DefaultLdPSPolicy | DisableLdPsInterval | DisableLdPsTime | SpinUpEncDrvCnt 
    | SpinUpEncDelay | PrCorrectUncfgdAreas 
    | DsblSpinDownHSP | SupportSSDPatrolRead -aN|-a0,1,2|-aALL 
MegaCli -AdpAllInfo -aN|-a0,1,2|-aALL  
MegaCli -AdpGetTime -aN|-a0,1,2|-aALL  
MegaCli -AdpSetTime yyyymmdd hh:mm:ss -aN   
MegaCli -AdpSetVerify -f fileName -aN|-a0,1,2|-aALL  
MegaCli -AdpBIOS -Enbl |-Dsbl | -SOE | -BE |  -HCOE | - HSM | EnblAutoSelectBootLd | DsblAutoSelectBootLd | -Dsply -aN|-a0,1,2|-aALL 
MegaCli -AdpBootDrive {-Set {-Lx | -physdrv[E0:S0]}} | {-Unset {-Lx | -physdrv[E0:S0]}} |-Get -aN|-a0,1,2|-aALL 
MegaCli -AdpAutoRbld -Enbl|-Dsbl|-Dsply -aN|-a0,1,2|-aALL
MegaCli -AdpCacheFlush -aN|-a0,1,2|-aALL
MegaCli -AdpPR -Dsbl|EnblAuto|EnblMan|Start|Suspend|Resume|Stop|Info|SSDPatrolReadEnbl |SSDPatrolReadDsbl  
         |{SetDelay Val}|{-SetStartTime yyyymmdd hh}|{maxConcurrentPD Val} -aN|-a0,1,2|-aALL
MegaCli -AdpCcSched -Dsbl|-Info|{-ModeConc | -ModeSeq [-ExcludeLD -LN|-L0,1,2]
   [-SetStartTime yyyymmdd hh ] [-SetDelay val ] } -aN|-a0,1,2|-aALL
MegaCli -AdpCcSched -SetStartTime yyyymmdd hh -aN|-a0,1,2|-aALL
MegaCli -AdpCcSched -SetDelay val  -aN|-a0,1,2|-aALL
MegaCli -FwTermLog -BBUoff|BBUoffTemp|BBUon|BBUGet|Dsply|Clear -aN|-a0,1,2|-aALL
MegaCli -AdpAlILog -aN|-a0,1,2|-aALL 
MegaCli -AdpDiag [val] -aN|-a0,1,2|-aALL
          val - Time in second.
MegaCli -AdpGetPciInfo -aN|-a0,1,2|-aALL 
MegaCli -AdpShutDown -aN|-a0,1,2|-aALL
MegaCli -AdpDowngrade -aN|-a0,1,2|-aALL
MegaCli -PDList -aN|-a0,1,2|-aALL 
MegaCli -PDGetNum -aN|-a0,1,2|-aALL 
MegaCli -pdInfo -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL  
MegaCli -PDOnline  -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PDOffline -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PDMakeGood -PhysDrv[E0:S0,E1:S1,...] | [-Force] -aN|-a0,1,2|-aALL 
MegaCli -PDMakeJBOD -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PDHSP {-Set [-Dedicated [-ArrayN|-Array0,1,2...]] [-EnclAffinity] [-nonRevertible]} 
     |-Rmv -PhysDrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PDRbld -Start|-Stop|-Suspend|-Resume|-ShowProg |-ProgDsply 
        -PhysDrv [E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL  
MegaCli -PDClear -Start|-Stop|-ShowProg |-ProgDsply 
        -PhysDrv [E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL  
MegaCli -PdLocate {[-start] | -stop} -physdrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PdMarkMissing -physdrv[E0:S0,E1:S1,...] -aN|-a0,1,2|-aALL 
MegaCli -PdGetMissing -aN|-a0,1,2|-aALL 
MegaCli -PdReplaceMissing -physdrv[E0:S0] -arrayA, -rowB -aN 
MegaCli -PdPrpRmv [-UnDo] -physdrv[E0:S0] -aN|-a0,1,2|-aALL  
MegaCli -EncInfo -aN|-a0,1,2|-aALL 
MegaCli -EncStatus -aN|-a0,1,2|-aALL 
MegaCli -PhyInfo -phyM -aN|-a0,1,2|-aALL  
MegaCli -PhySetLinkSpeed -phyM -speed -aN|-a0,1,2|-aALL
MegaCli -PdFwDownload [offline][ForceActivate] {[-SataBridge] -PhysDrv[0:1] }|{-EncdevId[devId1]} -f <filename> -aN|-a0,1,2|-aALL 
MegaCli -LDInfo -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -LDSetProp  {-Name LdNamestring} | -RW|RO|Blocked|RemoveBlocked | WT|WB|ForcedWB [-Immediate] |RA|NORA|ADRA | DsblPI 
        | Cached|Direct | -EnDskCache|DisDskCache | CachedBadBBU|NoCachedBadBBU
        -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -LDSetPowerPolicy -Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching 
        -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -LDGetProp  -Cache | -Access | -Name | -DskCache | -PSPolicy | Consistency -Lx|-L0,1,2|-LALL  
        -aN|-a0,1,2|-aALL 
MegaCli -LDInit {-Start [-full]}|-Abort|-ShowProg|-ProgDsply -Lx|-L0,1,2|-LALL -aN|-a0,1,2|-aALL 
MegaCli -LDCC {-Start [-force]}|-Abort|-Suspend|-Resume|-ShowProg|-ProgDsply -Lx|-L0,1,2|-LALL -aN|-a0,1,2|-aALL 
MegaCli -LDBI -Enbl|-Dsbl|-getSetting|-Abort|-Suspend|-Resume|-ShowProg|-ProgDsply -Lx|-L0,1,2|-LALL -aN|-a0,1,2|-aALL  
MegaCli -LDRecon {-Start -rX [{-Add | -Rmv} -Physdrv[E0:S0,...]]}|-ShowProg|-ProgDsply 
        -Lx -aN 
MegaCli -LdPdInfo -aN|-a0,1,2|-aALL 
MegaCli -LDGetNum -aN|-a0,1,2|-aALL 
MegaCli -LDBBMClr -Lx|-L0,1,2,...|-Lall -aN|-a0,1,2|-aALL 
MegaCli -getLdExpansionInfo -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -LdExpansion -pN -dontExpandArray -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -GetBbtEntries -Lx|-L0,1,2|-Lall -aN|-a0,1,2|-aALL 
MegaCli -Cachecade -assign|-remove -Lx|-L0,1,2|-LALL -aN|-a0,1,2|-aALL
MegaCli -CfgLdAdd -rX[E0:S0,E1:S1,...] [WT|WB] [NORA|RA|ADRA] [Direct|Cached]
        [CachedBadBBU|NoCachedBadBBU] [-szXXX [-szYYY ...]]
        [-strpszM] [-Hsp[E0:S0,...]] [-AfterLdX] | [FDE|CtrlBased]  
        [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] [-enblPI] [-Force]-aN 
MegaCli -CfgCacheCadeAdd [-rX] -Physdrv[E0:S0,...] {-Name LdNamestring} [WT|WB|ForcedWB] [-assign -LX|L0,2,5..|LALL] -aN|-a0,1,2|-aALL 
MegaCli -CfgEachDskRaid0 [WT|WB] [NORA|RA|ADRA] [Direct|Cached] [-enblPI] 
        [CachedBadBBU|NoCachedBadBBU] [-strpszM]|[FDE|CtrlBased] [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] -aN|-a0,1,2|-aALL
MegaCli -CfgClr [-Force] -aN|-a0,1,2|-aALL 
MegaCli -CfgDsply -aN|-a0,1,2|-aALL 
MegaCli -CfgCacheCadeDsply -aN|-a0,1,2|-aALL 
MegaCli -CfgLdDel -LX|-L0,2,5...|-LALL [-Force] -aN|-a0,1,2|-aALL 
MegaCli -CfgCacheCadeDel -LX|-L0,2,5...|-LALL -aN|-a0,1,2|-aALL 
MegaCli -CfgFreeSpaceinfo -aN|-a0,1,2|-aALL 
MegaCli -CfgSpanAdd -r10 -Array0[E0:S0,E1:S1] -Array1[E0:S0,E1:S1] [-ArrayX[E0:S0,E1:S1] ...] 
        [WT|WB] [NORA|RA|ADRA] [Direct|Cached] [CachedBadBBU|NoCachedBadBBU]
        [-szXXX[-szYYY ...]][-strpszM][-AfterLdX]| [FDE|CtrlBased] 
        [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] [-enblPI] [-Force] -aN 
MegaCli -CfgSpanAdd -r50 -Array0[E0:S0,E1:S1,E2:S2,...] -Array1[E0:S0,E1:S1,E2:S2,...] 
        [-ArrayX[E0:S0,E1:S1,E2:S2,...] ...] [WT|WB] [NORA|RA|ADRA] [Direct|Cached] 
        [CachedBadBBU|NoCachedBadBBU][-szXXX[-szYYY ...]][-strpszM][-AfterLdX] 
        [FDE|CtrlBased] [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] [-enblPI] [-Force] -aN
MegaCli -CfgSpanAdd -r60 -Array0[E0:S0,E1:S1,E2:S2,E3,S3...] -Array1[E0:S0,E1:S1,E2:S2,E3,S3...] 
        [-ArrayX[E0:S0,E1:S1,E2:S2,E3,S3...] ...] [WT|WB] [NORA|RA|ADRA] [Direct|Cached] 
        [CachedBadBBU|NoCachedBadBBU][-szXXX[-szYYY ...]][-strpszM][-AfterLdX]| 
        [FDE|CtrlBased] [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] [-enblPI] [-Force] -aN
MegaCli -CfgAllFreeDrv -rX [-SATAOnly] [-SpanCount XXX] [WT|WB] [NORA|RA|ADRA] 
        [Direct|Cached] [CachedBadBBU|NoCachedBadBBU] [-strpszM]
        [-HspCount XX [-HspType -Dedicated|-EnclAffinity|-nonRevertible]]| 
        [FDE|CtrlBased] [-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] [-Cache] [-enblPI] -aN 
MegaCli -CfgSave -f filename -aN   
MegaCli -CfgRestore -f filename -aN   
MegaCli -CfgForeign -Scan | [-SecurityKey sssssssssss] -aN|-a0,1,2|-aALL    
MegaCli -CfgForeign -Dsply [x] | [-SecurityKey sssssssssss] -aN|-a0,1,2|-aALL    
MegaCli -CfgForeign -Preview [x] | [-SecurityKey sssssssssss] -aN|-a0,1,2|-aALL    
MegaCli -CfgForeign -Import [x] | [-SecurityKey sssssssssss] -aN|-a0,1,2|-aALL    
MegaCli -CfgForeign -Clear [x]|[-SecurityKey sssssssssss] -aN|-a0,1,2|-aALL    
        x - index of foreign configurations. Optional. All by default. 
MegaCli -AdpEventLog -GetEventLogInfo -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -GetEvents {-info -warning -critical -fatal} {-f <fileName>} -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -GetSinceShutdown {-info -warning -critical -fatal} {-f <fileName>} -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -GetSinceReboot {-info -warning -critical -fatal} {-f <fileName>} -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -IncludeDeleted {-info -warning -critical -fatal} {-f <fileName>} -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -GetLatest n {-info -warning -critical -fatal} {-f <fileName>} -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -GetCCIncon -f <fileName> -LX|-L0,2,5...|-LALL -aN|-a0,1,2|-aALL 
MegaCli -AdpEventLog -Clear -aN|-a0,1,2|-aALL 
MegaCli -AdpBbuCmd -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -GetBbuStatus -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -GetBbuCapacityInfo -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -GetBbuDesignInfo -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -GetBbuProperties -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -BbuLearn -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -BbuMfgSleep -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -BbuMfgSeal -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -getBbumodes  -aN|-a0,1,2|-aALL  
MegaCli -AdpBbuCmd -SetBbuProperties -f <fileName> -aN|-a0,1,2|-aALL 
MegaCli -AdpBbuCmd -GetGGEEPData offset [Hexaddress] NumBytes n -aN|-a0,1,2|-aALL 
MegaCli -AdpBbuCmd -ScheduleLearn -Dsbl|-Info|[-STARTTIME DDD hh] -aN|-a0,1,2|-aALL 
MegaCli -AdpFacDefSet -aN 
MegaCli -AdpFwFlash -f filename [-ResetNow] [-NoSigChk] [-NoVerChk] [-FWTYPE n] -aN|-a0,1,2|-aALL  
MegaCli -AdpGetConnectorMode -ConnectorN|-Connector0,1|-ConnectorAll -aN|-a0,1,2|-aALL  
MegaCli -AdpSetConnectorMode -Internal|-External|-Auto -ConnectorN|-Connector0,1|-ConnectorAll -aN|-a0,1,2|-aALL  
MegaCli -PhyErrorCounters -aN|-a0,1,2|-aALL  
MegaCli -DirectPdMapping -Enbl|-Dsbl|-Dsply -aN|-a0,1,2|-aALL  
MegaCli -PDCpyBk -Start -PhysDrv[E0:S0,E1:S1] -aN|-a0,1,2|-aALL 
MegaCli -PDCpyBk -Stop|-Suspend|-Resume|-ShowProg|-ProgDsply -PhysDrv[E0:S0] -aN|-a0,1,2|-aALL 
MegaCli -PDInstantSecureErase -PhysDrv[E0:S0,E1:S1,...] | [-Force] -aN|-a0,1,2|-aALL 
MegaCli -CfgSpanAdd -rX -array0[E0:S1,E1:S1.....] array1[E0:S1,E1:S1.....] -szxxx -enblPI -aN|-a0,1,2|-aALL 
MegaCli -LDMakeSecure -Lx|-L0,1,2,...|-Lall -aN|-a0,1,2|-aALL 
MegaCli -DestroySecurityKey | [-Force] -aN 
MegaCli -CreateSecurityKey -SecurityKey sssssssssss | [-Passphrase sssssssssss] |[-KeyID kkkkkkkkkkk] -aN 
MegaCli -CreateSecurityKey useEKMS -aN 
MegaCli -ChangeSecurityKey -OldSecurityKey sssssssssss | -SecurityKey sssssssssss| 
          [-Passphrase sssssssssss] | [-KeyID kkkkkkkkkkk] -aN
MegaCli -ChangeSecurityKey -SecurityKey sssssssssss| 
          [-Passphrase sssssssssss] | [-KeyID kkkkkkkkkkk] -aN
MegaCli -ChangeSecurityKey useEKMS -OldSecurityKey sssssssssss -aN
MegaCli -ChangeSecurityKey -useEKMS -aN
MegaCli -GetKeyID [-PhysDrv[E0:S0]] -aN 
MegaCli -SetKeyID -KeyID kkkkkkkkkkk -aN 
MegaCli -VerifySecurityKey -SecurityKey sssssssssss -aN 
MegaCli -GetPreservedCacheList -aN|-a0,1,2|-aALL 
MegaCli -DiscardPreservedCache -Lx|-L0,1,2|-Lall -force -aN|-a0,1,2|-aALL 

       sssssssssss  - It must be between eight and thirty-two 
                      characters and contain at least one number, 
                      one lowercase letter, one uppercase 
                      letter and one non-alphanumeric character.
       kkkkkkkkkkk -  Must be less than 256 characters. 
MegaCli -ShowSummary [-f filename] -aN
MegaCli -ELF -GetSafeId -aN|-a0,1,2|-aALL
MegaCli -ELF -ControllerFeatures -aN|-a0,1,2|-aALL
MegaCli -ELF -Applykey key <val> [Preview] -aN|-a0,1,2|-aALL
MegaCli -ELF -TransferToVault -aN|-a0,1,2|-aALL
MegaCli -ELF -DeactivateTrialKey -aN|-a0,1,2|-aALL
MegaCli -ELF -ReHostInfo -aN|-a0,1,2|-aALL
MegaCli -ELF -ReHostComplete -aN|-a0,1,2|-aALL
MegaCli -LDViewMirror -Lx|-L0,1,2,...|-Lall -aN|-a0,1,2|-aALL 
MegaCli -LDJoinMirror -DataSrc <val> [-force] -Lx|-L0,1,2,...|-Lall -aN|-a0,1,2|-aALL 
MegaCli -SecureErase 
    Start[
        Simple|
        [Normal   [ |ErasePattern ErasePatternA|ErasePattern ErasePatternA ErasePattern ErasePatternB]]|
        [Thorough [ |ErasePattern ErasePatternA|ErasePattern ErasePatternA ErasePattern ErasePatternB]]]
    | Stop
    | ShowProg
    | ProgDsply 
    [-PhysDrv [E0:S0,E1:S1,...] | -Lx|-L0,1,2|-LALL] -aN|-a0,1,2|-aALL
MegaCli -Version -Cli|-Ctrl|-Driver|-Pd   -aN|-a0,1,2|-aALL
MegaCli -Perfmon {-start -interval <val>} | {stop} | {-getresults -f <Filename>} -aN 
MegaCli -DpmStat -Dsply {lct | hist | ra | ext } [-physdrv[E0:S0]] -aN|-a0,1,2|-aALL  
MegaCli -DpmStat -Clear {lct | hist | ra | ext } -aN|-a0,1,2|-aALL  

    Note: The directly connected drives can be specified as [:S] 

    Wildcard '?' can be used to specify the enclosure ID for the drive in the 
      only enclosure without direct connected device or the direct connected 
      drives with no enclosure in the system.

    Note:[-aALL] option assumes that the parameters specified are valid 
       for all the Adapters. 

    Note:ProgDsply option is not supported in VMWARE-COSLESS.

    The following options may be given at the end of any command above: 

    [-Silent] [-AppLogFile filename] [-NoLog] [-page[N]] 
                 [-] is optional. 
                  N - Number of lines per page. 
MegaCli XD -AddVd <devList>
MegaCli XD -RemVd <devList>
MegaCli XD -AddCdev <devList> | -force
MegaCli XD -RemCdev <devList>
MegaCli XD -VdList | -Configured | -Unconfigured
MegaCli XD -CdevList | -Configured | -Unconfigured
MegaCli XD -ConfigInfo
MegaCli XD -PerfStats
MegaCli XD -OnlineVd
MegaCli XD -WarpDriveInfo -iN | -iALL
MegaCli XD -FetchSafeId -iN | -iALL
MegaCli XD -ApplyActivationKey <key> -iN

Exit Code: 0x00

In case you should need the manual, see here.

bash ranging
posted on 2014-11-13 12:05:02

Using ranges in bash, you can avoid more complicated for loop constructs (which aren't needed 99% of the time anyway...):

[sjas@mb ~]$ for i in {1..5}; do echo $i; done
1
2
3
4
5
[sjas@mb ~]$ 

This also works with characters:

[sjas@mb ~]$ for i in {z..q}; do echo $i; done
z
y
x
w
v
u
t
s
r
q
[sjas@mb ~]$ 

Even backwards!

Linux: show all block devices with lsblk
posted on 2014-11-05 00:01:23

To see all currently connected devices like HDD's, SSD's, CD-Rom's and USB sticks, try lsblk.

Usually it looks like this:

sjas@mb:~/ISO/UBCD$ lsblk
NAME                         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                            8:0    0  29.8G  0 disk
|─sda1                         8:1    0   487M  0 part /boot/efi
|─sda2                         8:2    0  25.6G  0 part /
`─sda3                         8:3    0   3.8G  0 part [SWAP]
sr0                           11:0    1 589.2M  0 rom
sdb                            8:16   0 596.2G  0 disk
|─sdb1                         8:17   0   200M  0 part
|─sdb2                         8:18   0   500M  0 part
`─sdb3                         8:19   0 595.5G  0 part
  |─fedora_debra-root (dm-0) 254:0    0    50G  0 lvm
  |─fedora_debra-home (dm-1) 254:1    0   542G  0 lvm
  `─fedora_debra-swap (dm-2) 254:2    0   3.5G  0 lvm
sjas@mb:~/ISO/UBCD$

For a better overview, try a better selection of -o flags. Heres an overview on the possible options on an arbitrary system:

[jl@jerrylee ~]% \lsblk --help | \grep Available -A999 | sed -e '1d' -e '$d' | sed '$d'
        NAME  device name
       KNAME  internal kernel device name
     MAJ:MIN  major:minor device number
      FSTYPE  filesystem type
  MOUNTPOINT  where the device is mounted
       LABEL  filesystem LABEL
        UUID  filesystem UUID
   PARTLABEL  partition LABEL
    PARTUUID  partition UUID
          RA  read-ahead of the device
          RO  read-only device
          RM  removable device
       MODEL  device identifier
      SERIAL  disk serial number
        SIZE  size of the device
       STATE  state of the device
       OWNER  user name
       GROUP  group name
        MODE  device node permissions
   ALIGNMENT  alignment offset
      MIN-IO  minimum I/O size
      OPT-IO  optimal I/O size
     PHY-SEC  physical sector size
     LOG-SEC  logical sector size
        ROTA  rotational device
       SCHED  I/O scheduler name
     RQ-SIZE  request queue size
        TYPE  device type
    DISC-ALN  discard alignment offset
   DISC-GRAN  discard granularity
    DISC-MAX  discard max bytes
   DISC-ZERO  discard zeroes data
       WSAME  write same max bytes
         WWN  unique storage identifier
        RAND  adds randomness
      PKNAME  internal parent kernel device name
        HCTL  Host:Channel:Target:Lun for SCSI
        TRAN  device transport type
         REV  device revision
      VENDOR  device vendor

You can of course take this listing and try it directly:

\lsblk -o$(\lsblk --help | \grep Available -A999 | sed -e '1d' -e '$d' | sed '$d' | awk '{print $1}' | tr '\n' ',' | sed 's/,$//')

But if you do not have two widescreen monitors and a PTY shell drawn across it, you wont be recognizing much. Just for the record, on a Kali LIVE the above command won't even show all the output but jsut die gracefully without even showing an error.

So you might try this:

root@mb:/home/sjas/ISO/UBCD# lsblk -i -o name,label,mountpoint,fstype,model,size,type,state,uuid
NAME                         LABEL    MOUNTPOINT FSTYPE      MODEL              SIZE TYPE STATE   UUID
sda                                                          SSDSA2SH032G1GN   29.8G disk running
|─sda1                                /boot/efi  vfat                           487M part         5604-FDAF
|─sda2                                /          ext4                          25.6G part         ded0e7a8-23af-4deb-9b9d-9d63a26904aa
`─sda3                                [SWAP]     swap                           3.8G part         b022846d-e4b5-475b-b087-c4d5b486601f
sr0                          UBCD532             iso9660     DVDRW  GS21N     589.2M rom  running
sdb                                                          Name             596.2G disk running
|─sdb1                       untitled            hfsplus                        200M part         0fdc7456-f171-3490-9d41-671b43d70db3
|─sdb2                                           ext4                           500M part         66a8ed1c-e56e-4707-bbd5-15bcde2fa5a0
`─sdb3                                           LVM2_member                  595.5G part         BIC2hD-zS3w-yvtC-oNEG-yec1-4Q7h-qb4gwN
  |─fedora_debra-root (dm-0)                     ext4                            50G lvm  running e35f5406-0cc0-4646-86f8-c4031005580a
  |─fedora_debra-home (dm-1)                     ext4                           542G lvm  running 8bc9c1a4-a5c1-4e1b-9dfc-7aeb6437c708
  `─fedora_debra-swap (dm-2)                     swap                           3.5G lvm  running 2ddddb46-8b6d-4fb4-ae19-6390e1015b76
root@mb:/home/sjas/ISO/UBCD#

Of course, I have lsblk -o name,label,mountpoint,fstype,model,size,type,state,uuid aliased in my .bashrc:

alias lsblk='lsblk -o name,label,mountpoint,fstype,model,size,type,state,uuid'

UPDATE:

lsblk -i -o kname,mountpoint,fstype,size,maj:min,rm,name,state,rota,ro,type,label,model,serial

is what i stick with.

bash for loops like in C
posted on 2014-11-03 13:50:31

To have 'counting' bash loops, try the following.

Directly in a shell:

[sjas@ctr-014 ~]% for (( i=0; i<5; i++ )); do echo $i; done
0
1
2
3
4
[sjas@ctr-014 ~]%

As a script:

#!/bin/bash

for (( i=0; i<5; i++ ))
do
    echo $i
done
dd progress bar
posted on 2014-11-03 13:48:27

To get a proper progess bar when using dd, try using pv. Maybe apt-get install'ing it is needed, if yes, just go ahead.

Usage shown on the example of copying an .iso onto an usb stick:

[sjas@ctr-014 ~/Downloads]% pv -tpreb CentOS-6.6-x86_64-minimal.iso | dd of=/dev/sdc
 383MB 0:04:09 [1.53MB/s] [========================================>] 100%
 784384+0 records in
 784384+0 records out
 401604608 bytes (402 MB) copied, 265.133 s, 1.5 MB/s
[sjas@ctr-014 ~/Downloads]%

Usually you don't see the second+ lines, and would have to wait 4 minutes until you see your copying was successful.

For small devices this is fine, but when copying whole disks this behaviour becomes VERY annoying.

Another utility would be bar:

bar -if=CentOS-6.6-x86_64-minimal.iso | dd of=/dev/sdc

Same principle as pv, handing it an inputfile and piping it to dd.

Adaptec arcconf manual
posted on 2014-10-29 18:33:01

To use Adaptec's 'uniform command line interface' on linux easily, here is a list of the most used commands.

After having connected to the server, cd /usr/StorMan. There you use the arcconf executable.

First a pro tip:

alias asdf=/usr/StorMan/arcconf

This lets you use asdf for calling the executable, instead of either ./arcconf or (god forbid) /usr/StorMan/arcconf. In the following text I refrained from using the asdf alias, but usually it's the first thing I do when connecting to a box and want to work with the raid controller's CLI. Analoguous for LSI the alias is usually alias asdf=/path/where/your/executable/is/as/MegaCli64. ;)

Usually you need getconfig, getstatus, identify, rescan when exchanging disks. RAID's are usually built prior to OS installation,

The only tricky part is not messing up the numbers with which the commands have to be used. (Usually it's the off-by-one errors.) But that's easy once you got used to it. Worse are physical problems like broken backplanes, missing wirings or malfunctioning LED's...

Hostnames are changed in the following to protect the partly innocent. ;)

overview

root@some-server:/usr/StorMan# ./arcconf 

  | UCLI |  Adaptec uniform command line interface
  | UCLI |  Version 6.50 (B18579)
  | UCLI |  (C) Adaptec 2003-2010
  | UCLI |  All Rights Reserved

 ATAPASSWORD             | Setting password on a physical drive
 COPYBACK                | toggles controller copy back mode
 CREATE                  | creates a logical device
 DATASCRUB               | toggles the controller background consistency check mode
 DELETE                  | deletes one or more logical devices
 FAILOVER                | toggles the controller automatic failover mode
 GETCONFIG               | prints controller information
 GETLOGS                 | gets controller log information
 GETSMARTSTATS           | gets the SMART statistics
 GETSTATUS               | displays the status of running tasks
 GETVERSION              | prints version information for all controllers
 IDENTIFY                | blinks LEDS on device(s) connected to a controller
 IMAGEUPDATE             | update physical device firmware
 KEY                     | installs a Feature Key onto a controller
 MODIFY                  | performs RAID Level Migration or Online Capacity Expansion
 RESCAN                  | checks for new or removed drives
 RESETSTATISTICSCOUNTERS | resets the controller statistics counters
 ROMUPDATE               | updates controller firmware
 SAVESUPPORTARCHIVE      | saves the support archive 
 SETALARM                | controls the controller alarm, if present
 SETCACHE                | adjusts physical or logical device cache mode
 SETCONFIG               | restores the default configuration
 SETMAXIQCACHE           | adjusts MaxIQ Cache settings for physical or logical device
 SETNAME                 | renames a logical device given its logical device number
 SETNCQ                  | toggles the controller NCQ status
 SETPERFORM              | changes adapter settings based on application
 SETPOWER                | power settings for controller or logical device
 SETPRIORITY             | changes specific or global task priority
 SETSTATE                | manually sets the state of a physical or logical device
 SETSTATSDATACOLLECTION  | toggles the controller statistics data collection modes
 TASK                    | performs a task such as build/verify on a physical or logical device

root@some-server:/usr/StorMan# 

./arcconf GETSTATUS

Just the controller status.

root@some-server:/usr/StorMan# ./arcconf getstatus 1
Controllers found: 1
Logical device Task:
   Logical device                 : 0
   Task ID                        : 100
   Current operation              : Rebuild
   Status                         : In Progress
   Priority                       : High
   Percentage complete            : 42


Command completed successfully.
root@some-server:/usr/StorMan# 

The 1 is the id of the first (and in this system the only) adaptec raid controller. Unlike the disks, counting starts at 1. Which is usually all you need.

Further the status tells 'rebuilding' (since a new harddisk got inserted), being at 42%.

./arcconf IDENTIFY

This helps to find a drive in question, usually by letting the front panel LED of the disk bay blink. But not only a single drive can be made blinking, also all drives of a logical drive / RAID array can be 'highlighted'.

The first number is the controller id (as mentioned above, usually always 1), the second either the logical drive id. Or if it is a number pair, its the channel id plus the drive id.

highlight single drive

root@some-server:/usr/StorMan# ./arcconf identify 1 device 0 0
Controllers found: 1
The specified device is blinking.
Press any key to stop the blinking.

Command completed successfully.
root@some-server:/usr/StorMan# 

First zero is the channel (and usually zero), second the drive id.

highlight whole array

root@some-server:/usr/StorMan# ./arcconf identify 1 logicaldrive 0
Controllers found: 1
The specified device is blinking.
Press any key to stop the blinking.

Command completed successfully.
root@some-server:/usr/StorMan# ./arcconf identify 1 logicaldrive 1
Controllers found: 1
The specified device is blinking.
Press any key to stop the blinking.

Command completed successfully.
[root@some-server:/usr/StorMan# 

This lets at first blink the first array, then the second one. Counting starts at '0' here, unlike with the controller where '1' is preferred.

./arcconf GETCONFIG

Business as usual, usually the first number is the controller id, and so, 1. (...) By omitting the one you get the available parameters:

root@some-server:/usr/StorMan# ./arcconf getconfig 

 Usage: GETCONFIG <Controller#> [AD | LD [LD#] | PD | [AL]]
 ======================================================

 Prints controller configuration information.

    Option  AD  : Adapter information only
            LD  : Logical device information only
            LD# : Optionally display information about the specified logical device
            PD  : Physical device information only
            AL  : All information (optional)
root@some-server:/usr/StorMan#

If no parameter is given, AL is used as the default.

If checking the logical devices via LD, you can also pass the id of the 'drive' in question.

adapter used - AD

root@some-server:/usr/StorMan# ./arcconf getconfig 1 AD
Controllers found: 1
----------------------------------------------------------------------
Controller information
----------------------------------------------------------------------
   Controller Status                        : Optimal
   Channel description                      : SAS/SATA
   Controller Model                         : Adaptec 5805
   Controller Serial Number                 : 1D2211A7A42
   Physical Slot                            : 5
   Temperature                              : 75 C/ 167 F (Normal)
   Installed memory                         : 512 MB
   Copyback                                 : Disabled
   Background consistency check             : Disabled
   Automatic Failover                       : Enabled
   Global task priority                     : High
   Performance Mode                         : Default/Dynamic
   Stayawake period                         : Disabled
   Spinup limit internal drives             : 0
   Spinup limit external drives             : 0
   Defunct disk drive count                 : 0
   Logical devices/Failed/Degraded          : 2/0/1
   SSDs assigned to MaxIQ Cache pool        : 0
   Maximum SSDs allowed in MaxIQ Cache pool : 8
   MaxIQ Read Cache Pool Size               : 0.000 GB
   MaxIQ cache fetch rate                   : 0
   MaxIQ Cache Read, Write Balance Factor   : 3,1
   NCQ status                               : Enabled
   Statistics data collection mode          : Enabled
   --------------------------------------------------------
   Controller Version Information
   --------------------------------------------------------
   BIOS                                     : 5.2-0 (18252)
   Firmware                                 : 5.2-0 (18252)
   Driver                                   : 1.2-1 (40700)
   Boot Flash                               : 5.2-0 (18252)
   --------------------------------------------------------
   Controller Battery Information
   --------------------------------------------------------
   Status                                   : Not Installed


Command completed successfully.
root@some-server:/usr/StorMan#

Controller used here can be seen being a 5805 without a BBU (Battery Backup Unit). No Read or Write Caching enabled.

logical drives - LD or LD

root@some-server:/usr/StorMan# ./arcconf getconfig 1 ld
Controllers found: 1
----------------------------------------------------------------------
Logical device information
----------------------------------------------------------------------
Logical device number 0
   Logical device name                      : 
   RAID level                               : 10
   Status of logical device                 : Degraded
   Size                                     : 1906678 MB
   Stripe-unit size                         : 256 KB
   Read-cache mode                          : Enabled
   MaxIQ preferred cache setting            : Disabled
   MaxIQ cache setting                      : Disabled
   Write-cache mode                         : Disabled (write-through)
   Write-cache setting                      : Disabled (write-through)
   Partitioned                              : Yes
   Protected by Hot-Spare                   : No
   Bootable                                 : Yes
   Failed stripes                           : No
   Power settings                           : Disabled
   --------------------------------------------------------
   Logical device segment information
   --------------------------------------------------------
   Group 0, Segment 0                       : Present (0,4)       JPW9K0N1224P3L
   Group 0, Segment 1                       : Present (0,5)       JPW9K0N20BRBEE
   Group 1, Segment 0                       : Present (0,6) Z1W0GP8R0000C404211V
   Group 1, Segment 1                       : Rebuilding (0,7)       JPW9K0N208AKHE

Logical device number 1
   Logical device name                      : data
   RAID level                               : 10
   Status of logical device                 : Optimal
   Size                                     : 3809270 MB
   Stripe-unit size                         : 256 KB
   Read-cache mode                          : Enabled
   MaxIQ preferred cache setting            : Disabled
   MaxIQ cache setting                      : Disabled
   Write-cache mode                         : Disabled (write-through)
   Write-cache setting                      : Disabled (write-through)
   Partitioned                              : Unknown
   Protected by Hot-Spare                   : No
   Bootable                                 : No
   Failed stripes                           : No
   Power settings                           : Disabled
   --------------------------------------------------------
   Logical device segment information
   --------------------------------------------------------
   Group 0, Segment 0                       : Present (0,0)       JK11E1B9KGVDKT
   Group 0, Segment 1                       : Present (0,1)       JK11A8B9KMHYWF
   Group 1, Segment 0                       : Present (0,2)             YGKAZYUK
   Group 1, Segment 1                       : Present (0,3)             YGKAZMNK



Command completed successfully.
root@some-server:/usr/StorMan# 

This example here is still the same server, where the 8th HDD, identified by (0,7), is rebuilding. Both logical devices are RAID 10's, with the first raid being the last four disks and being degraded due to one disk missing/being rebuilt.

physical device - PD

This is usually your best shot for fast information.

root@some-server:/usr/StorMan# ./arcconf getconfig 1 pd
Controllers found: 1
----------------------------------------------------------------------
Physical Device information
----------------------------------------------------------------------
      Device #0
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SATA 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,0(0:0)
         Reported Location                  : Enclosure 0, Slot 0
         Reported ESD(T:L)                  : 2,0(0:0)
         Vendor                             : Hitachi
         Model                              : HUA722020ALA330
         Firmware                           : JKAOA3EA
         Serial number                      : JK11E1B9KGVDKT
         Size                               : 1907729 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off,Reduced rpm
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
         NCQ status                         : Enabled
      Device #1
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SATA 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,1(1:0)
         Reported Location                  : Enclosure 0, Slot 1
         Reported ESD(T:L)                  : 2,0(0:0)
         Vendor                             : Hitachi
         Model                              : HUA722020ALA330
         Firmware                           : JKAOA3EA
         Serial number                      : JK11A8B9KMHYWF
         Size                               : 1907729 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off,Reduced rpm
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
         NCQ status                         : Enabled
      Device #2
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SAS 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,2(2:0)
         Reported Location                  : Enclosure 0, Slot 2
         Reported ESD(T:L)                  : 2,0(0:0)
         Vendor                             : HITACHI
         Model                              : HUS723020ALS640
         Firmware                           : A440
         Serial number                      : YGKAZYUK
         World-wide name                    : 5000CCA01CBD19CF
         Size                               : 1907729 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
      Device #3
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SAS 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,3(3:0)
         Reported Location                  : Enclosure 0, Slot 3
         Reported ESD(T:L)                  : 2,0(0:0)
         Vendor                             : HITACHI
         Model                              : HUS723020ALS640
         Firmware                           : A440
         Serial number                      : YGKAZMNK
         World-wide name                    : 5000CCA01CBD14E3
         Size                               : 1907729 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
      Device #4
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SATA 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,4(4:0)
         Reported Location                  : Connector 1, Device 0
         Vendor                             : Hitachi
         Model                              : HUA722010CLA330
         Firmware                           : JP4OA3EA
         Serial number                      : JPW9K0N1224P3L
         Size                               : 953869 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off,Reduced rpm
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
         NCQ status                         : Enabled
      Device #5
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SATA 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,5(5:0)
         Reported Location                  : Connector 1, Device 1
         Vendor                             : Hitachi
         Model                              : HUA722010CLA330
         Firmware                           : JP4OA3EA
         Serial number                      : JPW9K0N20BRBEE
         Size                               : 953869 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off,Reduced rpm
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
         NCQ status                         : Enabled
      Device #6
         Device is a Hard drive
         State                              : Online
         Supported                          : Yes
         Transfer Speed                     : SAS 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,6(6:0)
         Reported Location                  : Connector 1, Device 2
         Vendor                             : SEAGATE
         Model                              : ST1000NM0023
         Firmware                           : 0003
         Serial number                      : Z1W0GP8R0000C404211V
         World-wide name                    : 5000C500571785AC
         Size                               : 953869 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
      Device #7
         Device is a Hard drive
         State                              : Rebuilding
         Supported                          : Yes
         Transfer Speed                     : SATA 3.0 Gb/s
         Reported Channel,Device(T:L)       : 0,7(7:0)
         Reported Location                  : Connector 1, Device 3
         Vendor                             : Hitachi
         Model                              : HUA722010CLA330
         Firmware                           : JP4OA3EA
         Serial number                      : JPW9K0N208AKHE
         Size                               : 953869 MB
         Write Cache                        : Disabled (write-through)
         FRU                                : None
         S.M.A.R.T.                         : No
         S.M.A.R.T. warnings                : 0
         Power State                        : Full rpm
         Supported Power States             : Full rpm,Powered off,Reduced rpm
         SSD                                : No
         MaxIQ Cache Capable                : No
         MaxIQ Cache Assigned               : No
         NCQ status                         : Enabled
      Device #8
         Device is an Enclosure services device
         Reported Channel,Device(T:L)       : 2,0(0:0)
         Enclosure ID                       : 0
         Type                               : SES2
         Vendor                             : ADAPTEC
         Model                              : Virtual SGPIO
         Firmware                           : 0001
         Status of Enclosure services device


Command completed successfully.

./arcconf RESCAN

Rescans all drives, to find new drives which were not automatically found.

./arcconf SETALARM

Test, silence, switch a controllers sound alarm.

outlook

Further the Storage Manager can be used for live RAID level migration or online capacity expansion (./arcconf MODIFY) and other smut, but for now that's enough.

list of all shell shortcuts (bash / zsh)
posted on 2014-09-30 14:09:12

zsh:

bindkey -L

bash:

bind -P

## alternative: (improved readability!)
bind -P | grep -v "is not" | sed 's/can be found on/:/' | column -s: -t
ssh tricks links
posted on 2014-07-31 11:30:59

Really nice articles and comments:

  1. https://news.ycombinator.com/item?id=1624010
  2. http://www.symkat.com/ssh-tips-and-tricks-you-need
  3. https://news.ycombinator.com/item?id=1536126
  4. https://pthree.org/2011/07/22/openssh-best-practice/
useradd cheatsheet
posted on 2014-07-23 11:38:55

This topic is already covered in more depth in an earlier post here, but now I figured a cheatsheet would help.

SYSTEM USER
    system user privileges? (UID below 1000)
    -r

HOME FOLDER
    create home folder in /home/<username>?
    -m
    no home folder creation:
    -M
    add existing folder as home:
    -d <folder>

    add contents to created home?
    -k <'skeleton' folder containing data>

GROUPING
    create new user group?
    -U
    add to existing group?
    -g <id or groupname>
    add several groups?
    -G <groups separated by comma's>
    don't create group? (user will be added to group with id 100 usually, see manpage)
    -N 

SHELL
    shell access? (use appropriate shell, /bin/sh for system users if login is needed)
    -s /bin/bash
    no shell access?
    -s /bin/false
    no shell access, with notification?
    -s /sbin/nologin

COMMENT
    -c 'comment explaining user usage'
linux: cat to clipboard
posted on 2014-07-21 11:13:46

To put the contents of a file directly into the clipboard, there exist several different ways. One possibility is to mark, CTRL-C or SHIFT-DEL, or whatever is used in you application for copying.

Applications like Klipper, besides providing the functionality of having a memory, also enable the system to copy every selection you make (with your mouse) into the clipboard.

All this is helpful, but once you have content that spans several screen pages, this gets old pretty fast.

Solution on debian: xclip

$ sudo apt-get install xclip

Usage:

$ echo test | xclip     ## clipboard contains now string 'test'
$ cat file.txt | xclip  ## clipboard contains content of file 'test.txt'
Certificates, OpenSSL in depth and GnuTLS
posted on 2014-07-10 14:37:52

This post should give an overview on the most used OpenSSL commands, and how SSL/TLS/X.509 in general works.

EDIT:
Since this post was written a long time ago, it might get revisited in the future. But this will be a major overhaul, so this will not happen in the near future either.

But there will come some ascii art on a schematic PKI in general, the section about the filenames will get cleaned up as well as the openssl section.

post vocabulary and some notes

The most used terms are abbreviated in the following.

PK = Private Key
C = Certificate
CSR = Certificate Signing Request
CA = Certificate Authority

Usually this seems way harder than it is in reality, once you get the hang of it. Hardest part is to understand which file belonging to which server is needed for the current step.

Certificates...

Some more abbreviations first:

SSL : Secure Sockets Layer
TLS : Transport Layer Security
X.509 : Public Key Infrastructure (PKI) and Priviledge Management Infrastructure (PMI) standard by the "International Telecommunication Union Telecommunication Standardization Sector" (ITU-T).

SSL and its successor TLS, which includes SSL, are protocols for encrypting internet communication. The C infrastructure setup is defined in the X.509 standard. That is why these acronyms are popping up in any discussion about this topic.

On a sidenote, a more general equation:

HTTPS = HTTP + SSL/TLS + TCP

Since this post is focused on usability, the techniques in question that are used in a PKI or PMI are of no concern here.

The C chain looks usually like this: (intermeadiates can, but need not exist)

  1. Root C
  2. Intermediate C
  3. C

The last C is the one issued by the CA where you subitted your CSR to.

Only if all C's are present and used correctly, SSL checking tools (See here or here.) will tell you your C's are set up accordingly.

File types

There exist a bunch of file types, you have to be able to differentiate.

file types

.key : private key file (PK), but that's just a convention
.csr : certificate signing request (CSR)
.crt : certificate (C)
.cer : certificate (C), Microsoft used this naming scheme earlier

For .pem and .der files, see next section.

PK.key, CSR.csr, C.crt are kind of placeholders for your actual filenames in the following sections. A good naming scheme would be subdomain_domain_tld-year, without dots. Dots happen to either not work or cause other problems. Appending the year your C was issued helps with distinguishing in case you renew a certain certificate.

containers and encodings

Containers are used for grouping together C's (and) into a single file.

.pem: ascii / base64 encoded container
.der: container in binary format

The extension hints at the encoding being used, for the container. A container usually consists of the set of all C's (the entire trust chain), and can optionally also contain the PK.

All the files from the section before can be in PEM or DER format, IIRC!

For more information on the Distinguished Encoding Rules (DER) or the Privacy-enhanced Electronic Mail (PEM), just click these links.

OPENSSL

PK / CSR generation

For usage with Certificate Authorities (CA's)

Generate a PK and a CSR:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout PK.key

If you already have an existing PK and just need a CSR:

openssl req -out CSR.csr -key PK.key -new

Create a new CSR for an existing C:

openssl x509 -x509toreq -in C.crt -out CSR.csr -signkey PK.key

Complete self-signed certificate

Generation of a self-signed (ss) C, based on a newly generated PK with a term of validity of one year (365 days):

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout PK.key -out C.crt

ss-C's for https are still better than traffic over plain http, but for private websites for example, StartSSL Certificates provide C's for free. Free as in 'no money needed'.

convert PEM to DER

openssl x509 -in C.crt -outform der -out C.der

convert DER to PEM

openssl x509 -in C.crt -inform der -outform pem -out C.pem

viewing PEM encoded files containing a C

For debugging reasons, this might actually be the most used command.

openssl x509 -in C.pem -text -noout
openssl x509 -in C.crt -text -noout
openssl x509 -in C.cer -text -noout

This will not work on a single PK file.

GNUTLS

Get it:

apt-get install gnutls-bin -y

Use:

certtool

Instead of the openssl tool suite, this is actually self-explanatory.

Examples

In the following, keyfiles are called .key extension-wise, but that is just a name differentiation. They are in reality just .pem files, too, but with this practice files are easier to differentiate.

generate PK's (private keys)

certtool --generate-privkey --outfile PK.key --rsa

Use --dsa or --ecc flags if you want to change the used cryptosystem.

generate CSR's (certificate signing requests)

certtool --generate-request --load-privkey PK.key --outfile CSR.pem

generate C (certificate) from CSR (certificate signing request)

Usually this is a CA_C.pem, a CA certificate.

certtool --generate-certificate --load-ca-privkey CA_PK.key --load-ca-certificate CA_C.pem --load-request CSR.pem --outfile C.pem

generate C (certificate) from PK (private key), lacking a CSR

certtool --generate-certificate --load-ca-privkey CA_PK.key --load-ca-certificate CA_C.pem --load-privkey PK.key --outfile C.pem

generate a self-signed C (certificate), the fast way

certtool --generate-privkey --outfile CA_PK.key --rsa
certtool --generate-self-signed --load-privkey CA_PK.key --outfile CA_C.pem

Here's a one-liner to copy-paste:

certtool --generate-privkey --outfile CA_PK.key --rsa && certtool --generate-self-signed --load-privkey CA_PK.key --outfile CA_C.pem

create a .p12 / pkcs #12 container file

A .p12 file includes all three part usually needed on the server side:

  • CA certificate

  • server PK

  • server C

    certtool --to-p12 --load-ca-certificate CA_C.pem --load-privkey PK.key --load-certificate C.pem --outfile CONTAINER.p12 --outder

show certificate information

certtool --certificate-info --infile C.pem
linux shell calculator
posted on 2014-06-30 13:25:39

Often a calculator is needed, fast, you are in the terminal anyway, so what to do?

Try this function:

calc () { 
    echo "scale=4;$*" | bc -l
}

Only downside is, you have to escape *, else the shell will use it for file expansion. No quotation marks needed.

Usage:

calc 1 + 2
calc 3 - 4
calc 44 \* 88
calc 77 / 234

This should do for most cases where you need a calculator fast.

A better 'find'
posted on 2014-06-30 12:52:15

Linux's find syntax is kind of strange and rather unfriendly to type.

A helpful 'alias' (which is actually a function, not an alias) is this:

ff () {
        find . -iname "*$**"
}

Usage:

ff <searchterm>

No quotation marks needed, case insensitive.

Linux battery status from shell
posted on 2014-06-08 16:47:39

To get the percentage of remaining battery under Fedora 19, use:

$ cat /sys/class/power_supply/BAT0/capacity

This will however only show the accurate percentage when no power chord is attached.

If you want the accurate percentage, calculate it yourself, other files in the BAT0 folder will tell you the values to use.

Create mails in bash
posted on 2014-05-09 20:17:25

Write this directly on your command prompt:

/usr/bin/mail -s "testmail" root 'mailaddress@domain.tld' -a "From: mail_daemon" <<< "ti ta testmail"

Which will create this:

To: <root@hostname>, <mailaddress@domain.tld>
Subject: testmail
From: <mail_daemon@hostname>

ti ta testmail

This is useful when you already have a postfix (or whatever maildaemon) running, and you need email notification in your scripts.

A proper du / disk usage alias
posted on 2014-04-26 21:18:50

This finds you all files in the current folder, sorts them from biggest to lowest, and puts human readable file sizes on it.

function dus () {
du --max-depth=0 -k * | sort -nr | awk '{ if($1>=1024*1024) {size=$1/1024/1024; unit="G"} else if($1>=1024) {size=$1/1024; unit="M"} else {size=$1; unit="K"}; if(size<10) format="%.1f%s"; else format="%.0f%s"; res=sprintf(format,size,unit); printf "%-8s %s\n",res,$2 }'}

Usage:

$ dus

Sample output:

[sjas@ctr-014 ~]% dus
3.1G     Downloads
1.7G     VMware-vCenter-Server-Appliance-5.5.0.5100-1312297-system.vmdk
1.4M     blog
576K     work
80K      hs_err_pid25560.log
80K      hs_err_pid24938.log
8.0K     bin
4.0K     yankring_history_v2.txt

This should be included in all linux distros by default.

clusterssh on Fedora
posted on 2014-04-05 12:32:28

Ever had to administer several linux machines after another with quite the same configuration? Or had to work on several machines while being on really bad connection forcing you to reconnect and having to reopen half a dozen shell windows or even more?

clusterssh to the rescue!

Its features:

  • Connect to several servers at once.
  • Send all terminals the same input AT ONCE.

Start with getting the packages:

sudo yum install clusterssh -y

Install.

Afterwards its a nice idea to create serveraliases:

qwer name@box1.tv noname@box2.ru
asdf user@server1.xy anotheruser@srv2.yz

both qwer asdf

Put this either in /etc/clusters or in $HOME/.csshrc.

Upon calling cssh both clusterssh will try to connect to name@box1.tv noname@box2.ru user@server1.xy anotheruser@srv2.yz. Of course, cssh qwer and cssh asdf can be used separately, too.

Also you can leave the username out anyway, when connecting as root to all other boxes. :)
Via the -l you can specify the user, as which you want to log in on the remote machines. Go look at the examples on the manpage yourself, you might like this tool very much.

Linux terminal chat
posted on 2014-04-05 12:25:46

In the linux shell there is a possibility to have a chat between logged in users.

Terminal chat is used like this:

# show users logged in on the server/workstation
$ w

# open chat [i.e. 'write sjas pts/4']
$ write user <terminal>

# logout, same as in regular console
CTRL+D

Even though you might not need this often, it can be quite helpful while fixing things together on a server while working over ssh from remote machines.

Distinguish builtin shell functions, aliases, functions and commands
posted on 2014-01-20 10:04:41

If you have a grown .bashrc and wonder what commands you did define in the past, these are helpful:

bash

type -t

Will show you what exactly you are dealing with. (Builtin, alias, function, regular command.)

[jl@jerrylee ~]$ type -t git
file

[jl@jerrylee ~]$ type -t export
builtin

[jl@jerrylee ~]$ type -t gc
alias

gc is an alias which I have locally defined in my .bashrc. It has a function bound to itself as we will see.

Built-ins are looked up a the main man page. (I.e. man bash or man zsh.)

alias

[jl@jerrylee ~]$ alias gc
alias gc='gitcommit'

If alias is used with no string afterwards, it will push out a complete list of all defined aliases.

declare / typeset

To look up functions:

[jl@jerrylee ~]$ declare -f gitcommit
gitcommit () 
{ 
    git c "$*"
}
[jl@jerrylee ~]$ typeset -f gitcommit
gitcommit () 
{ 
    git c "$*"
}

declare -f and typeset -f are synonymous.

zsh

Here you easiest start with which.

Besides, all other commands are the same.

scp properly explained
posted on 2013-11-16 17:05:03

scp is handy when transferring files from one host to another while being in a shell. How else to transfer stuff without using FTP or a kind of version control? Of course there are other alternatives, but scp's advantage is that it is widely available, does not need any kind of setup on the other host (As long as you have access to your other box, that is.) and has encrypted traffic. Also no GUI, mounting of USB sticks etc. pp. is needed. Sounds great.

The syntax looks like this, higlevel:

scp SOURCE DESTINATION

Or lower level and a little more concrete:

scp <src-user>@<src-host>:/dir/file <dst-user>@<dst-host>:/dir/file

src is shorthand for 'source', dst for 'destination', in case you wondered. Of course there are flags and parameter settings that can be used. But using man scp yourself is not rocket science. :o)

To specify working scp calls it is helpful to properly understand the user@host:file syntax. If your current use case is to copy a file from the host you are currently on, user@src-host can be omitted. Just the filename (and its path if you are not in the same directory on the shell) is needed. user is the username of the system user on the machine in question. This is the user with which you'd log into the remote machine. If passwords are needed, the system will promt you to enter them.

If you have setup SSH keys properly, and are in the same folder as the file you want to transfer, a call could look like this:

scp example.txt <dst-host>:

<dst-host> is either a valid IP or a domain name pointing to the IP.

Here are several things omitted:

  1. The <src-user>, the user on the machine you are currently logged on, and <src-host>, the address of the current host you are on.
  2. The file path and file name at the destination.

So the file will be put in the homefolder of the user that is used on the remote machine. (This is the folder entry of the user entry, to look it up use grep <username> /etc/passwd on the remote machine, in case it is not /home/<username>.)

The colon in the example above MUST NOT be omitted.

Else nothing will be copied to the remote address. You will not an error message, since linux thinks the destination address you specified is a file name, and the file is copied locally.

If you want to specify a certain folder on the remote host, either use the full path, or specify it in relation to the users home directory.

Examples:

## file on server will be '/home/sjas/.ssh/asdf.txt'
scp file.txt 123.123.123:.ssh/asdf.txt

## file on server will be '/tmp/file.txt'
scp file.txt sjas.de:/tmp

So long. Maybe as a last note that there is the -r flag, so you can copy whole directories and not just files.

Obtain your external ip while being on the shell
posted on 2013-11-16 00:42:42

Before you use google and a web browser, just use:

curl ifconfig.me

Easy. For more options go to ifconfig.me.

UPDATE:

curl ipecho.net/plain;echo

is way faster.

Run bash from Java
posted on 2013-11-11 08:12:38

Snippet from stackoverflow:

process p = Runtime.getRuntime().exec("bash_script.sh");
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;

while ((line = in.readLine()) != null) {
   // use bash script line output
}

I hope I do never have to resort this... but I have doubts. Since this works not only for shellscripts, but basically any executable producing console output. Will have to test this on different platforms i bet, though. Just to make it sure it runs where it has to.

bash array essentials
posted on 2013-10-20 18:24:10

bash is not just the name of a shell terminal, it is also a full-blown programming language. It has some very ugly sides from my point of view. This here resulted from some commandline work, where a number of filenames was needed. I know I will need a refresher on this again.

Note: In the following, arr is the name of our array. Choose whatever you fancy.

get all folder/filenames into an array

arr=(/path/to/wherever/*)

Do not use ls for this, google for the reasons. I forgot why and do not have a link. ;)

access the array to return an element, i.e. the first one. arrays start at 0.

${arr[0]}

If in doubt, use braces and not parentheses.

print first array element to console

echo ${arr[0]}

Just for the record, since the above does just return the item, but bash cannot process it without another command.

show array contents (i.e. for checking the actual data)

declare -p arr

Handiest command for checking arrays' contents. Force yourself to use it!

number of items in the array

${#arr[*]}

Useful for numbered for-loops.

all items in the array

${arr[*]}

Useful for foreach-type loops.

all of the indexes in the array

${!arr[*]}

Useful for... Off the hat I got no idea how this could help.

length of item zero

${#arr[0]}

See last description.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas