System management

Enumerate protocols and services database.

Enumerate the hosts database.

Export block devices list as JSON and parse using jq utility.

Use awk to parse apt history log and filter it.

You can directly inspect kernel slab allocator statistics (/proc/slabinfo file) for detailed information on buffer, inode, dentry, or other caches in the Linux kernel, though slabtop utility will sort and pretty-print information in real-time.

Configure compressed swap using zram device at system boot.

Take advantage of compressed RAM based block devices to create temporary filesystems and swap disks.

Ensure that OpenSSH client uses explicitly configured authentication identity even if authentication agent offers more identities.

Fix multipath daemon error about missing path when using VirtualBox.

Configure systemd service to be restarted in case of failure.

Use needrestart utility to determine which services need to be restarted after the upgrade.

Use FUSE (filesystem in userspace) to access rdiff-backup repository.

Today, I will show you my personal shell prompt, so you could define your own custom bash prompt.

Execute rc.local shell script during boot using systemd compatibility generator.

Display packages that were installed automatically to satisfy various dependencies and are no longer required.

Use systemd service to automatically extend existing ext4 filesystem on boot or on-demand to optimize virtual machine configuration.

The simplest possible solution to display bind mounts.

I have already described how to accurately determine when the system was booted, but there is a simpler solution as you can use /proc filesystem directly.

Create swap file to optimize virtual machine configuration or just immediately increase available swap space.

Extract a specific file from a tar archive.

Increase the number of connection attempts when using ansible utility.

Determine whether a full CentOS 7 reboot is required and which services need to be restarted.

Increase the system-wide number of available file handles (open files).

Automatically clear GNU Bourne-Again SHell history when you exit a login shell.

Inspect parent processes to determine whether shell script or specific process has been executed locally, remotely, or by any other application.

Determine whether the standard input file descriptor refers to a terminal which can be useful to ensure that the shell script is executed using an interactive terminal.

Reboot Linux operating system during recovery when shell is executed instead of standard init process.

Limit bandwidth on specific network interface using wondershaper.

Query and change the system hostname.

Upgrade Ubuntu 18 LTS to the latest Ubuntu 20 LTS (Long Term Support) release.

Change the number of reserved filesystem blocks.

Undo undo fsck operations performed on the Ext4 filesystem.

Reindex directories located in the Ext4 filesystem after removing a huge number of files to optimize directory sizes.

Inspect OpenSSH client configuration to search and display configured hosts.

Disable auditd daemon during operating system image build process to prevent unnecessary log spikes.

Expand an existing XFS filesystem on LVM Logical Volume.

Log every executed command to syslog.

Revoke specific key used to perform key-based login with OpenSSH utilizing simple public key revocation list or OpenSSH Key Revocation List (KRL).

Determine which SSH key was used to perform key-based login using public key fingerprint.

Instruct Ansible to use a specific version of Python interpreter on the remote host.

Suppress message of the day for specific or multiple users.

Manage and display system news using a simple but effective utility.

Display LWN news using the message of the day framework.

Protect the operating system against accidental shutdown or reboot.

Display message of the day after successful login.

I have already described how to create VLAN interface, but things have changed over time, so I decided to update the know-how.

Use to drctl-tools to parse Debian package information using the Debian control file format (the dctrl format).

What does “Release file for […] is not valid yet (invalid for another […]). Updates for this repository will not be applied.” error mean?

Create persistent sysctl configuration using standard system utilities.

Modify system identification message that is printed before the login prompt.

I have recently updated Debian Buster from testing to stable, so it is worth to note how to perform such update non-interactively.

Generate and print sequences of numbers to perform specific operations using command-line or shell script.

Create a shell script to determine how long a specified remote server or device was offline. It is not designed to substitute monitoring solutions but to determine how long it will take to reboot the server or device. It is using convert seconds to human readable time code to display results.

Configure sysfs during system boot to apply custom configuration using a simple and convenient way.

Download OpenVPN configuration using public NordVPN API to specific file.

Display your external IP address using public NordVPN API.

Free dirty objects, page cache and reclaimable slab objects for troubleshooting or instructional purposes.

Today, I will show you how to get and display user details using a shell script. This work is based on a Python-based solution by David Green and located at bitbucket/nordapi.

I am surprised that exFAT is not supported out of the box as it is a default filesystem used on SDXC cards. You need to install a FUSE-based implementation to access data on devices using it.

In a blog post a month ago, I described how to use a terminal to display servers recommended by NordVPN, but the same result can be achieved by using public API service. It is not officially documented, so let’s play with it.

Determine what filesystem is mounted where, what is using particular options and how much free space is available.

Use NordVPN command-line utility to easily manage VPN service.

The simplest possible way to create a Debian package is to use defined package metadata and prepared target directory structure.

Verify static filesystem information defined in the fstab file after applying modifications to ensure that system will boot without any problems. It is especially important in remote locations or places where you cannot easily perform emergency operations.

I have already described a simple way to manually configure Network Manager and automatically import NordVPN servers, so today, I will explain how to pretty print servers recommended by NordVPN using terminal instead of web-browser.

Create a shell script to convert seconds to human-readable time. I have reused part of an old shell script used to pretty-print system uptime to built it, as this code proved to be useful on several occasions.

cal is a nice utility that displays calendar in terminal, but there is a small problem that needs to be fixed as it uses Sunday as the start of the week.

Very rarely and often by mistake, you can end up with a deleted file that is still used by some process, which is likely writing to it, so the used space cannot be freed.

Schedule a one-time task at a specific time or below defined system load using at utility.

Alter password expiry date to force user to change password on next login.

Verify package contents by hand or use simple shell script to automate this process.

I have already described how to list the contents of specified package using apt-file utility, but you do not need it to check the contents of downloaded package.

I have already described how to copy answers to the configuration questions for Debian packages, but there is an easier way to read and insert new values into the debconf database.

Perform simple incremental backup using rdiff-backup utility.

Install and configure localepurge package, which provides a fancy shell script to recover disk space used by useless localizations.

Configure and enable command-line tab completion for known SSH hosts to ease day-to-day operations. You do need to configure or enable this on Debian-based distributions, but it is good to know how to do this as you will never know when it will come in handy. This article is an extension of adding the SSH menu to the Unity launcher blog post.

This technique is widespread. To be honest, it is more common than I initially thought, so I will show you how to create a single shell script that will display, create or destroy a temporary file system depending on the name used to execute it.

Determine how long it would take to copy data between directories.

Create a shell script for a cron job with hidden debug information shown only when executed inside the terminal.

Logrotate does not support hourly schedule, but this is an easy task to accomplish.

Whitelist or render inoperative any USB device to secure your personal belongings.

Detect and log changes in the list of mounted filesystems (/proc/self/mountinfo file).

Use cron service to execute additional commands as the specified user using cron during system startup.

Use kernel automonter to automatically mount directory shared over network using NFS.

Export directory over local network using NFSv4 to access data on a central server.

Securely change user password using shell script to automate this task on these rare occasions.

Use dpkg to pretty print package dependencies.

Use encrypted passwords to automatically setup users using configuration management tools like Puppet or Ansible.

Debian Wheezy provides an ancient version of pip utility for installing Python packages. To put it very simply, it does not work anymore as it is not using HTTPS protocol, but fortunately this issue can be quickly fixed.

Alteration of the software RAID arrangement often requires an update to the boot configuration of the mdadm utility for management of Software RAID.

You can still connect to the Microsoft SQL Server 2014 as a member of the sysadmin server role using single-user mode when you are locked out of the database.

Recently, I tried to update uwsgi package on Ubuntu Xenial, but received an error about broken package. It looks like the mentioned package was pushed to the repository before its dependencies. This issue is thoroughly described in <a href=“https://bugs.launchpad.net/ubuntu/+source/uwsgi/+bug/1719363" target=_blank” rel=“external”>#1719363 bug report.

It is time to mention about simple sequential or simultaneous upgrade process on lxd guests. It is adapted to Debian-like operating systems using apt as I am using these daily.

It is rarely mentioned, but you can use repository snapshots to download and install old and obsolete packages on already unsupported or even current Debian distributions.

It is a matter of personal preference whether you use current or former network device naming convention. I am more accustomed to the latter and will configure the operating system to retain the old behavior.

lxd is a real pleasure to use, but mdadm constantly segmentation faults inside Ubuntu guest operating system. This issue affects only Ubuntu as mdadm is not disabled by default inside these containers. It is nothing scary or dangerous, but in this specific case, repetitive segfaults needlessly raise alertness level.

ifconfig is not installed by default in Debian Stretch. However, it is available in package repository, so applications that depends on it can still be used.

Use s3cmd Command Line S3 Client and Backup for Linux and Mac to display disk usage on a particular bucket.

Recently I stumbled upon the missing firmware for Broadcom Tigon3 based gigabit Ethernet card after kernel upgrade process. Simple problem, which was solved by installing firmware-linux-nonfree Binary firmware for various drivers in the Linux kernel package.

List configured APT data sources for binary packages using apt-cache utility.

There are circumstances when you want to ensure a particular package version during the setup process. I will show you a simple method to verify the package version suitable for sourcing into a shell script.

There are at least several ways to determine when the process was started to help you investigate and trace potential issues. I will briefly introduce four different methods to choose the most useful one.

There are many applications that share the same source package, so I will show three different ways to print the name of the source package.

Knowing how to determine when the last time package index files were updated can be beneficial when you least expect it. It is not something used every day but can be used to monitor or verify when apt-get update command was executed.

It is very easy to upgrade the whole Debian system, but you can also upgrade only selected packages and skip the rest.

Many years ago I wrote How to display available updates blog post which mainly related to Debian Wheezy. Today I want to extend it by a neat console friendly utility available in Debian Jessie since the milestone apt release thanks to Michael Vogt.

I have already described a straightforward way to automatically login user at the console without touching the graphical user interface using Debian Wheezy, so today I will post an update for Debian Jessie as the whole process has changed considerably.

Once in a while, I have a problem with Intel Corporation Dual Band Wireless-AC 7265 on Dell XPS 13 during the resume process as it just stops working and won’t connect to any network. The solution is to simply reload the kernel module.

This brief outline explains how to locate specific file within Debian packages using very useful apt-file utility which as opposed to dpkg-query does not only inspect installed packages since it utilizes fetched lists of the contents of packages.

From time to time I have to update passwords used to secure private keys to keep myself a bit more sane. I will demonstrate simple and straightforward way to accomplish this task.

It is an interesting thing to know how to parse and process Linux Software RAID events. It is also beneficial as you can automatically take appropriate action immediately after a certain event occurs.

There are many different ways to set NOOP scheduler on the first hard drive at system boot. I have decided to use simple systemd service, but alternatively you can use udev to automatically configure every SSD device (see References section).

Sometimes, I want to prevent regular users from logging into the system to perform more complex operations. To achieve that, I am using Pluggable Authentication Modules for Linux to temporarily disable user logins.

It is a short entry, but an useful one, as it is important to have a basic knowledge of how to schedule system reboot or power it down automatically at specified time.

Currently, I am playing with recent Ubuntu Wily Werewolf on my personal notebook. The first thing I did after system installation was to configure CPU governor and set it at system boot.

It is very easy to add users by hand, but sometimes such actions needs to be automated.

Today, I will show you how to set all tunable PowerTOP options at boot time using systemd service.

Two years ago I have described three simple ways to determine whether the processor supports 64-bit instruction set. Today, I will show you how to determine whether any Debian-based operating system is 32-bit or 64-bit.

I have successfully used Google Drive and Insync to organize all of the e-books that I have acquired during the last years. Currently plan to upload them to a personal DokuWiki instance since I use it more every day. Before I can start, I need to extract cover images to ensure that I will get a decent outcome.

Today, I will explain how to automatically choose nearest mirror based on geographic and network location using Debian mirrors HTTP redirector to solve the common problem of choosing an appropriate mirror.

I had an unexpected incident last week as one of the hard disks in my server failed. This device was a part of a software RAID mirror, which created an opportunity to describe the whole process.

Maybe it is rarely needed, but recently, I found it very useful to know how to record an interactive session, so I could reference to it later or just examine it further.

Today, I will show you how to put every connected USB storage device in read-only mode using udev dynamic device management, blockdev utility, and systemd service unit configuration.

Human memory is sometimes unreliable, so it is not always possible to answer in the same way to the configuration questions. Fortunately, this process can be automated using debconf utilities.

Debian Jessie is using systemd as the default system and service manager. I will not argue about it, but instead, I will briefly introduce the whole thing.

I have already described chkconfig utility in CentOS – How to manage system services blog post, but today I want to mention that you can also use it to manage services on Debian Wheezy.

I have already wrote a couple of posts about software RAID setup and recovery. Today I will briefly describe how to switch array to read-write state and begin resync process.

Using find command is not always the fastest way to search for specific files. The better method is to use mlocate utility, which uses its own file database and provides only user-accessible results.

I always asked myself how to password protect GRUB entries on an encrypted notebook to lock down the boot loader and protect it from unauthorized access.

I have been using unattended upgrades on development machines since the end of last November, when I installed Debian Jessie release.

Sometimes I want to access a private server at home from a different network while being on the go. The easiest way to do this is to use autossh utility to create a secure and persistent reverse SSH tunnel to the publicly available server.

Sometimes I need to check the installed package version, compare it with the available version, or verify that the correct version is already installed. I will show you how to quickly perform these checks.

Take control over configuration files and store them in version control system using etckeeper utility created by Joey Hess, which seamlessly integrates with package management tools inside Debian operating system.

Today, I will briefly describe how to automatically share X session on Debian Wheezy using VNC protocol.

Recently, I was searching for an easy to manage VNC service to use it at home. After a short while of consideration, I decided to install TigerVNC and manage it using Monit.

A short time after I installed Monit, I tried to monitor a background running process that does not support daemon mode. It is an exceptionally rare situation, but very interesting one, so after a while a came with a quite simple solution using additional shell script.

Previous entry was too long to include additional screenshots of the web-interface, so today I will write couple of words about web-interface and show you several screenshots.

I have been using self hosted Kolab Groupware everyday for quite a while now. Therefore the need arose to monitor process activity and system resources using Monit utility.

Long time ago I have described an easy way to check Ubuntu release. Today I want to expand this topic a little bit further and mention about additional switch to check an upstream release, which can be very useful at times.

This weekend I encountered a simple, but interesting topic, which concerns comparing the contents of two directories. The fun part is that you don’t need any additional utilities as standard diff command is fully sufficient.

Recently, I have encountered an interesting issue, as I could not perform specific database operations due to unwanted and active sessions using the database. Thus, I will briefly note the solution for further reference.

Recently I was asked to reset root password on some long forgotten Debian box. It was an easy and straightforward task, but, as there are some interesting pitfalls, I will describe the whole process of acquiring root shell without password using single-user mode and a couple of ways to prevent it.

If you are wondering how to count only local users ignoring system accounts, I will give you a concise and straight answer.

There are plenty of off-line Debian systems just waiting to update index files, upgrade or install additional packages. This can be easily achieved by using apt-offline utility. I will shortly describe common usage scenario as it is very handy application.

You have probably already noticed my favorite way to overcome the sudo redirection issue, but if you haven’t, then I will write it down here for further reference.

What do these four things have in common? Ubuntu headless server will not boot after power failure as Grub will indefinitely wait for user input. The root of this problem lies inside Ubuntu default Grub configuration as Grub will simply set timeout to infinity when recordfail parameter is set.

By default dmesg command print kernel ring buffer using the timestamp for each logged message. It is easy to change this behavior and display date/time in a human-readable form using just one additional parameter. Still, sometimes it is not supported, so I will shortly touch upon this topic.

It is very easy to tell how long the system has been running using uptime command, but the information when exactly it was booted is not so apparent, so I will show you two different ways to get it.

Whenever I see auto-login feature implemented by using X login manager, I immediately think about how to automatically login user at the console without even touching graphical user interface.

It is good to know how to tell to which package the specified file belongs to as this knowledge could be very useful during system upgrade or unexpected system failure.

If you ever wondered how to determine whether the processor is 64-bit capable, then I have a simple and straight answer for you.

Recently I needed to setup software RAID1 during Debian installation process. As it turned out, this process was simpler then I initially expected. I will shortly describe it here using screen-shots captured during initial tests.

If you ever wondered about how to backup list of installed packages and then restore it on another machine then you need to know that it does not require anything more then three basic utilities – dpkg to import/export list of packages, apt-get to install selected packages and apt-mark to restore extended package states.

Simply dive into proc filesystem and read /proc/cmdline file to determine the kernel’s start-up parameters.

A couple of days ago, I was asked how to check the last mount time of the ext2/ext3/ext4 filesystem. The solution is straightforward as it does not require anything more then tune2fs utility.

It is straightforward to display available updates using an application with a graphical user interface, but not so obvious to do it by using shell commands only. I will shed some useful light on the subject so we could both benefit from it.

There are at least couple ways to hold specific package and prevent it from being updated as you can use apt, dpkg, aptitude, dselect, apt preferences, but only the last one is effective in every case.

I am playing with Linux Virtual Servers in the Linode Cloud for the last several days and a couple of times wanted to disable IPv6 for testing purposes.

Re-read partition table without machine reboot using partprobe utility which is a part of parted package.

Yesterday, I wrote a short note about VLAN interfaces. Today, I want to write a short entry on how to bridge Ethernet interfaces to keep things complete as I need to mention about creating ACCESS port to tag packets on desired interface.

VLAN (virtual local area network) is very useful concept as you can easily separate device management from users by using appropriate network devices and configuration. I will describe here in a form of a short note how to create VLAN interface using Debian system.

This is rarely performed task but an easy one. To change time zone you need to reconfigure tzdata package.

Ubuntu Precise 12.04 currently contains in repository youtube-dl version 2012.02.27-1. As of recent YouTube changes this package version is not usable anymore but there is an updated version in Ubuntu Quantal 12.10 repository. To use it you need to perform couple of steps described below.

Short note on how to manage system services using CentOS.

You cannot modify squashfs image directly but you can uncompress it, apply changes and compress it again.

Simple solution using Linux Unified Key Setup.

The answer is to recreate encrypted tmp partition every boot with random key as you do not need to keep temporary data in memory.

Create partition for swap (/dev/sdaX in this example). Prepare and enable it using mkswap and swapon commands. If you already use swap partition then omit these steps. $ sudo mkswap /dev/sdaX Setting up swapspace version 1, size = 4194300 KiB no label, UUID=325d9718-8532-460d-afec-74e6aee9ae5f $ sudo swapon /dev/sdaX Execute ecryptfs-setup-swap script (it is part of ecryptfs-utils package): $ sudo ecryptfs-setup-swap WARNING: An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.

DOS partition table We can use sfdisk to dump partition table in usable format and store it: $ sudo sfdisk -d /dev/sda > sda_partitions Partition table can be restored using stored backup: $ sudo sfdisk /dev/sda < sda_partitions Partition table can be easily cloned (from sda to sdz in this example): $ sudo sfdisk -d /dev/sda | sfdisk /dev/sdz GPT To backup GUID partition table use sgdisk command (from gdisk package):

I recently needed to know the UUID (universally unique identifier) of my bootable USB root partition. It is a better way to distinguish storage devices because device names can change depending on the connection order.

Just a moment ago I connected my old hard drive and realized that it was a RAID member.

This post contains notes on this topic in the form of a concise guide.

Edit /etc/grub.d/40_custom file to add a custom entry in grub2 menu.

Check the progress of the dd process.

To print current run-level execute: $ who -r run-level 3 2012-01-17 17:06 To print previous and current run-level execute: $ sudo runlevel N 3

If you downloaded deb package and wonder how to install it then just look at the snippet posted below.

Exclude package from an update on CentOS operating system.

Get rid of slow CentOS mirrors on update.

The easiest way to check Ubuntu release is to use lsb_release command.