No, it is NOT the allowed_hosts. You already checked it 5 times. It is NOT the acl. Some of the log: [root@hackbox plugins]# time ./check_nrpe -H 127.0.0.1 12:00:01.138458 IP 127.0.0.1.42830 > 127.0.0.1.5666: Flags [S], seq 288814041, win 43690, options [mss 65495,sackOK,TS val 864077668 ecr 0,nop,wscale 10], length 0 13:48:47.032618 IP 127.0.0.1.5666 > 127.0.0.1.42830: Flags [S.],…

There might be files which you deleted but but are still on disk. This happens if a process still has the file open. You can check for open files by doing: sudo lsof +L1 firefox 15940 klu txt REG 0,39 130896 0 4064267 /usr/lib64/firefox/firefox (deleted) firefox 15940 klu 12r REG 0,39 9698845 0 4064383 /usr/lib64/firefox/omni.ja…

vgdisplay (are they there?) vgscan –mknodes -v vgchange -a y

Use reboot -f [root@lintest ~]# reboot Failed to start reboot.target: Activation of org.freedesktop.systemd1 timed out Failed to open /dev/initctl: No such device or address Failed to talk to init daemon. [root@lintest ~]# [root@lintest ~]# [root@lintest ~]# [root@lintest ~]# [root@lintest ~]# reboot -f packet_write_wait: Connection to 10.0.100.31 port 22: Broken pipe

vgrename VG_ESM6c VG Volume group “VG_ESM6c” successfully renamed to “VG” lvrename /dev/VG/root lv_root Renamed “root” to “lv_root” in volume group “VG” then edit /etc/fstab then edit /boot/grub/grub*cfg then make a new kernel: mkinitrd –force /boot/initramfs-$(uname -r).img $(uname -r)

mount with a rescue image, chroot /mnt/sysimage, mount -a see what fails fix your /etc/fstab

[klu@scanner ~]$ nmap -p 636 –script ssl-enum-ciphers servername Starting Nmap 6.40 ( http://nmap.org ) at 2016-10-11 08:33 CEST Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan Ping Scan Timing: About 100.00% done; ETC: 08:33 (0:00:00 remaining) Nmap scan report for servername (10.0.01) Host is up (0.00033s latency). rDNS record for 10.0.64.5:…

Offending DSA key /var/lib/sss/pubconf/known_hosts if you use rhel idm/ipa, remove ssh keys from that server

Sometimes you want to list the jobs you scheduled (reboots) for a Red Hat Enterprise Linux 7 server. This is how you can list the shutdowns: root@tasus:~# shutdown -r 19:02 “This system will reboot at 19:02 for updates” Shutdown scheduled for Tue 2016-09-20 19:02:00 CEST, use ‘shutdown -c’ to cancel. root@tasus:~# systemctl status systemd-shutdownd.service ●…

Use /sbin/start_udev . This will restart. Useful in a situation where you updated some libs and need to restart udev, since udev has no init/systemctl restart script.

curl ipinfo.io or curl karloluiten.nl/ip/

Open jcontrol, general, network settings, choose ‘Direct connection’. jcontrol is /usr/bin/jcontrol jcontrol is /bin/jcontrol

Via a colleague! # Use Alt-arrow keys without prefix key to switch panes bind -n M-Left select-pane -L bind -n M-Right select-pane -R bind -n M-Up select-pane -U bind -n M-Down select-pane -D # Shift arrow to switch windows bind -n S-Left previous-window bind -n S-Right next-window # No delay for escape key press set…

Quick tip sudo !! will repeat the previous command with sudo in front of it.

gg dG

find /home/*/temp/ -type f -mtime +5 -delete

Found here, place your certs in ~/.certs and run restorecon -v ~/.certs . Local certs should have label “unconfined_u:object_r:home_cert_t:s0″

Go to https://ip.ip.ip.ip/html/java_irc.html?lang=en to load java

sudo tcpdump -i any not host $( echo $SSH_CLIENT |cut -d’ ‘ -f1 )

RHEL7 cd /etc/init.d/; for initname in arc_*; do echo $initname = $(( ( $( ps –no-headers -q $( cat /opt/arcsight/connectors/*/current/run/$initname.pid ) -o rss ) + $( ps –no-headers -q $( cat /opt/arcsight/connectors/*/current/run/$initname.java.pid ) -o rss ) ) / 1024 )) MB used, $( grep maxmem $( echo /opt/arcsight/connectors/$initname/current/user/agent/agent.wrapper.conf | sed ‘s/arc_//g’ ) | egrep -o…

[core:error] [pid 25430] (13)Permission denied: [client 10.33.4.13:57108] AH00035: access to /el6/el-6-epel/ denied (filesystem path ‘/var/www/html/el6/el-6-epel’) because search permissions are missing on a component of the path check selinux

Add this to your cron: 30 08 * * * env > ~/cronenv After it runs, do this: env – `cat ~/cronenv` /bin/sh via https://stackoverflow.com/questions/2135478/how-to-simulate-the-environment-cron-executes-a-script-with

stdin: 1 3 4 1 | awk ‘{ sum+=$1} END {print sum}’

htop is known already I guess, but glances looks nice, too: https://nicolargo.github.io/glances/

# ps -eo pid,cmd,etime,lstart | grep java 9108 grep java 00:00 Tue Feb 23 09:16:18 2016 10574 java -server -DARCSIGHT_HOM 153-23:02:58 Tue Sep 22 11:13:20 2015 11612 java -Dhotspot -DARCSIGHT_H 153-23:01:02 Tue Sep 22 11:15:16 2015 11895 java -server -DARCSIGHT_HOM 153-23:00:26 Tue Sep 22 11:15:52 2015

This is the new server.

change your * to \{-}: #bad (.*?) #good (.\{-})

If you need to automate a GUI app, like you would script a CLI app with expect, use xdotool. It should be in your repo. What you can do for example: ( gedit & ) ; sleep 1; for key in H e l l o Return W o r l d ; do xdotool…

Via reddit: -R allows ANSI colors (and other ANSI features) -S allows horizontal scrolling (I don’t use this one with query-logs though) -X Leaves the output on the screen after exiting. I mostly use this one out of habit, since I use less as a pager in the CLI mysql program -M More detailed status…

From http://www.smallo.ruhr.de/award.html , dome things to improve in your (and my) scripts ;). Anything that looks like something | grep ‘..*’ | wc -l can usually be rewritten like something along the lines of something | grep -c . # Notice that . is better than ‘..*’ or even (if all we want to do…