Browse Tag: one-liner

Add domains and users

Quick one liner to take a list of domains and create Apache vhosts from a template, create users, set their home dir, permissions etc


cat domains.out |while read line ; do DOMAIN=$line ; NODOTDOMAIN=`echo $DOMAIN | sed -e 's/\.//g'` ; mkdir -p /var/www/vhosts/$DOMAIN ; sed -e "s/domain.com/$DOMAIN/g" /etc/httpd/vhost.d/default.vhost > /etc/httpd/vhost.d/$DOMAIN.conf ; useradd -d /var/www/vhosts/$DOMAIN $NODOTDOMAIN ; chown $NODOTDOMAIN:$NODOTDOMAIN /var/www/vhosts/$DOMAIN ; PASSWERD=`head -n 50 /dev/urandom | tr -dc A-Za-z0-9 | head -c8` ; echo $PASSWERD | passwd $NODOTDOMAIN --stdin ; echo "Domain: $DOMAIN" ; echo "User: $NODOTDOMAIN" ; echo "Password: $PASSWERD" ; echo ; done

Auto-iptables off IPs with high connection counts

via Paul (lovepig.org):

[code lang=”bash”]netstat -npa –inet | grep :80 | sed ‘s/:/ /g’ | awk ‘{print $6}’ | sort | uniq -c | sort -n | while read line; do one=`echo $line | awk ‘{print $1}’`; two=`echo $line | awk ‘{print $2}’`; if [ $one -gt 100 ];
then iptables -I INPUT -s $two -j DROP; fi; done; iptables-save | grep -P ‘^-A INPUT’ | sort | uniq -c | sort -n | while read line; do oneIp=`echo $line | awk ‘{print $1}’`; twoIp=`echo $line | awk ‘{print $5}’`; if [ $oneIp -gt 1 ]; then iptables -D INPUT -s $twoIp -j DROP; fi; done[/code]

This one-liner is quite effective when tossed into a file and run as a cronjob once per minute. Any IP with more than 100 concurrent connections — which, quite honestly, is far more than any one IP should ever have on a standard webserver — will be blocked via iptables. This script as a cronjob is extremely effective dealing with small-to-midsize DDoSes (too much traffic for Apache/whatever service to handle, but not saturating the pipe).

Obtaining Plesk user for a domain

…for a list of domains, without digging through the database!

[code lang=”bash”]cat domains | sort |uniq |while read line ; do ls -ld /home/httpd/vhosts/$line/httpdocs |awk ‘{print $3}'[/code]

‘domains’, of course, is a text file with a list of domains hosted on the server. Can be populated in whatever way you need. Easily plugged into other Plesk utilities (such as changing Plesk FTP passwords).

Combining text files as columns

To combine two (or more) text files as individual columns in the same file, such as:

file1:

[code]foo
foo1
foo2
foo3[/code]

file2:

[code]foobar
foobar1
foobar2
foobar3[/code]

into:

[code]foo foobar
foo1 foobar1
foo2 foobar2
foo3 foobar3[/code]

rather than using an ugly combination of sed and awk, you can use the `paste’ command:

[code lang=”bash”]paste file1 file2[/code]

Sort based on a column

You can use the `sort’ utility to sort not only on the first field, but also an arbitrary column. Take this output from ps:

[code lang=”bash”][kale@superhappykittymeow ~]$ ps ax -ly |grep httpd
R 502 10027 8387 0 78 0 668 979 – pts/1 0:00 grep httpd
S 502 10247 28321 0 76 0 16924 9961 semtim ? 1:58 /usr/sbin/httpd
S 0 28321 1 0 78 0 11564 7645 – ? 0:00 /usr/sbin/httpd
S 502 28327 28321 0 75 0 19152 10412 semtim ? 1:39 /usr/sbin/httpd
S 502 28328 28321 0 84 0 16628 9903 semtim ? 1:56 /usr/sbin/httpd
S 502 28331 28321 0 75 0 17108 9962 semtim ? 1:45 /usr/sbin/httpd
S 502 28332 28321 0 75 0 19152 10446 semtim ? 1:54 /usr/sbin/httpd
S 502 28333 28321 0 75 0 15692 9624 semtim ? 1:54 /usr/sbin/httpd
S 502 28334 28321 0 78 0 17476 10107 semtim ? 2:01 /usr/sbin/httpd
S 502 28335 28321 0 75 0 17460 10237 semtim ? 1:57 /usr/sbin/httpd
S 502 28336 28321 0 75 0 16836 9897 – ? 1:54 /usr/sbin/httpd
S 502 30058 28321 0 75 0 15248 9622 semtim ? 0:33 /usr/sbin/httpd
[/code]

This can be sorted by the SZ column, column 9, as such:

[code lang=”bash”][kale@superhappykittymeow ~]$ ps ax -ly |grep httpd |sort -nr -k 9n
R 502 10045 8387 0 78 0 668 979 – pts/1 0:00 grep httpd
S 0 28321 1 0 78 0 11564 7645 – ? 0:00 /usr/sbin/httpd
S 502 30058 28321 0 75 0 15248 9622 semtim ? 0:33 /usr/sbin/httpd
S 502 28333 28321 0 75 0 15692 9624 semtim ? 1:54 /usr/sbin/httpd
S 502 28336 28321 0 75 0 16836 9897 – ? 1:54 /usr/sbin/httpd
S 502 28328 28321 0 84 0 16628 9903 semtim ? 1:56 /usr/sbin/httpd
S 502 10247 28321 0 76 0 16924 9961 semtim ? 1:58 /usr/sbin/httpd
S 502 28331 28321 0 75 0 17108 9962 semtim ? 1:45 /usr/sbin/httpd
S 502 28334 28321 0 78 0 17476 10107 semtim ? 2:01 /usr/sbin/httpd
S 502 28335 28321 0 75 0 17460 10237 semtim ? 1:57 /usr/sbin/httpd
S 502 28327 28321 0 75 0 19152 10412 semtim ? 1:39 /usr/sbin/httpd
S 502 28332 28321 0 75 0 19152 10446 semtim ? 1:54 /usr/sbin/httpd
[/code]

The -k switch tells sort to sort based on a key, which we specify as 9n (column 9, numeric). Much easier to review the output.

Curl with postdata and cookies

Great for command-line logging into sites to pull content for whatever reason.

[code lang=”bash”]curl -c cookies.txt -d “username=username&password=password&action=login” -o /home/kale/outputfile.txt “http://www.domain.com/authenticated_page.php?foo=bar”[/code]

Of course, you’ll have to look at the source for the target location’s login page to see what variables it wants. I use it to grab a single Cacti-generated graph that is normally password protected, but I want to include a single graph on another site, so I cron’d a script to run a line similar to the above to log in and save it locally.

Who’s connecting to Apache?

Spot DDoS’s and the like quickly:

[code lang=”bash”] netstat -plan | grep :80 | awk ‘{print $5}’ | sed ‘s/:.*$//’ | sort | uniq -c | sort -rn |head [/code]

Change all of Plesk’s FTP passwords to random

[code lang=”bash”]for i in $(mysql -NB psa -uadmin -p`cat /etc/psa/.psa.shadow` -e ‘select login from sys_users;’); do export PSA_PASSWD=”$(openssl rand 6 -base64)”; /usr/local/psa/admin/bin/usermng –set-user-passwd –user=$i; echo “$i: $PSA_PASSWD” >> ftp_passwords; done [/code]

Thanks Geoff!

Make sure your crons run on time

If you add an entry to crontab that is an interval, such as */3 (every 3 minutes), you can verify that it runs at the specified interval with a bit of awk:

[code lang=”bash”]cat /var/log/cron |grep cron-script |awk -F\: ‘{if ($2/3 == 0) print $0}’ |grep -v “:00:”[/code]

This essentially checks to see that the minute field of the timestamp is divisible by three — the interval. It’ll also run at 00 after the hour, not divisible by three, but expected.

Cron can “run late” at times due to high load situations, so if there are any irregularities in your intervals, you may wish to investigate deeper, looking for expensive processes that are chewing up precious cron time.

What is Apache doing?

Ever wish you knew what Apache was working on at any given moment, but kicking yourself because you forgot to enable a server-status directive? This snippet will help you diagnose timeouts and long-running scripts (for bad coders like myself):

[code lang=”bash”]for i in `ps -elf |grep http|awk ‘{print $4}’|sort|uniq`; do ls -la /proc/$i/cwd ; done|awk ‘{print $11}’|sort|uniq -c |sort -nr [/code]

find with spaces in filenames

Set bash’s internal field seperator to an enter instead of a space, so grep (or whatever) doesn’t freak out:

[code lang=”bash”]IFS=’
‘ ; for i in `find -name “*.php” ` ; do grep foo $i ; done[/code]

Find total file sizes

[code lang=”bash”]find /var/www/vhosts/*/statistics/logs -type d -exec du -sm {} \; | awk ‘{total+=$1} END {print total,”MB”}’ [/code]
Find total sizes of files in all those logs directories

Find files that do not contain a string

To find files that do NOT contain a specific string you can do the following:
[code lang=”bash”]find -name “ifcfg-eth0:*” -type f ! -exec grep -q ONBOOT {} \; -exec ls {} \;[/code]

will list all files named ifcfg-eth0:* that do not contain the string ONBOOT.

You can script this up as such:

[code lang=”bash”]for i in `find -name “ifcfg-eth0:*” -type f ! -exec grep -q ONBOOT {} \; -exec ls {} \; |awk -F\/ ‘{print $2}’`; do echo ONBOOT=yes >> $i ; done[/code]

to add the required ONBOOT=yes line to the config.

  • 1
  • 2