Linux, Windows and Other Tips and Tricks
To find out where disk space is being used:
Get to the root of your machine by running
# cd /
Run
# sudo du -h --max-depth=1
Note which directories are using a lot of disk space.
cd into one of the big directories.
Run
# ls -l
to see which files are using a lot of space. Delete any you don’t need.
Repeat steps to run once you cd into the directory with the largest size
sudo du -h --max-depth=1
This article describes how to change the SSL cert for you Windows server to match a hostname so that when you remote desktop to a windows server, you don’t get a warning for the identity and the SSL cert.
Go to Sectigo (Comodo) and sign up for a free ssl.
https://ssl.comodo.com/free-ssl-certificate.php
First, generate a CSR.
One: https://knowledge.digicert.com/solution/SO21586.html
https://support.comodo.com/index.php?/Knowledgebase/Article/View/739/19/csr-generation-and-ssl-installation-for-ms-terminal-services-rdp
Set up the CSR
Godaddy – https://hk.godaddy.com/en/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282
CSR Generation: Using certreq (Windows)
This article is for administrators who prefer the command shell!
Save the following file as request.inf on your server editing the subject according to the comment:
;----------------- request.inf ----------------- [Version] Signature="$Windows NT$" [NewRequest] Subject = "C=US, CN=something.example.com" KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 HashAlgorithm = SHA256 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing ;-----------------------------------------------
then run
certreq -new request.inf request.csr
This add the key as well – https://blogs.technet.microsoft.com/rmilne/2014/06/17/how-to-request-certificate-without-using-iis-or-exchange/
re: https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/813/102/
Finish install:
iPerf is a command-line tool used in diagnosing network speed issues by measuring the maximum network throughput a server can handle. It is particularly useful when experiencing network speed issues, as you can use iPerf to determine which server is unable to reach maximum throughput.
Basic usage:
run iperf -s on machine A then go to machine b and run iperf -c
Install iPerf
The iperf package is included in most Linux distribution’s repositories.
Debian and UbuntuPermalink
# apt-get install iperf
CentOS
CentOS repositories do not have iPerf. Use the EPEL repository, which is a repository used to install third-party software packages on RedHat systems such as RHEL and CentOS:
# yum install epel-release # yum update # yum install iperf
Arch LinuxPermalink
# pacman -S iperf
openSUSEPermalink
# zypper install iperf
GentooPermalink
# emerge iperf
If you have not yet run emaint –sync you may need to do so before it will allow you to install the iPerf package. Additionally, by default you will need to substitute each iperf command with /usr/bin/iperf3. This path may differ dependent on your iPerf version.
How to Use iPerf
iPerf must be installed on the computers at both ends of the connection you’re testing. If you are using a Unix or Linux-based operating system on your personal computer, you can install iPerf on your local machine.
If you are testing the throughput of your server, however, it’s better to use another server as the end point, as your local ISP may impose network restrictions that can affect the results of your test.
CP Clients & Servers
iPerf requires two systems because one system must act as a server, while the other acts as a client. The client connects to the server you’re testing the speed of.
On the server you plan to test, launch iPerf in server mode:
# iperf -s
You should see output similar to:
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
On your second server, connect to the first. Replace 198.51.100.5 with the first servers IP address.
# iperf -c 198.51.100.5
------------------------------------------------------------
Client connecting to 198.51.100.5, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 3] local 198.51.100.6 port 50616 connected with 198.51.100.5 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 1.27 GBytes 1.08 Gbits/sec
You will also see the connection and results on your iPerf server:
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 198.51.100.5 port 5001 connected with 198.51.100.6 port 50616 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.1 sec 1.27 GBytes 1.08 Gbits/sec
To stop the iPerf server process, press CTRL + c.
UDP Clients & Servers
Using iPerf, you can also test the maximum throughput achieved via UDP connections.
Start a UDP iPerf server:
# iperf -s -u
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
Connect your client to your iPerf UDP server. Replace 198.51.100.5 with your IP address:
# iperf -c 198.51.100.5 -u
------------------------------------------------------------ Client connecting to 198.51.100.5, UDP port 5001 Sending 1470 byte datagrams UDP buffer size: 208 KByte (default) ------------------------------------------------------------ [ 3] local 198.51.100.6 port 58070 connected with 198.51.100.5 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 1.25 MBytes 1.05 Mbits/sec [ 3] Sent 893 datagrams [ 3] Server Report: [ 3] 0.0-10.0 sec 1.25 MBytes 1.05 Mbits/sec 0.084 ms 0/ 893 (0%)
1.05 Mbits/sec is considerably less than what was observed on the TCP tests. It is also considerably less than the maximum outbound bandwidth cap provided by the 1GB link. This is because iPerf limits the bandwidth for UDP clients to 1 Mbit per second by default.
You can change this with the -b flag, replacing the number after with the maximum bandwidth rate you wish to test against. If you are testing for network speed, set this number above the maximum bandwidth cap provided by your provider:
# iperf -c 198.51.100.5 -u -b 1000m
This tells the client that we want to achieve a maximum of 1000 Mbits per second if possible. The -b flag only works when using UDP connections, since iPerf does not set a bandwidth limit on the TCP clients.
------------------------------------------------------------
Client connecting to 198.51.100.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
[ 3] local 198.51.100.5 port 52308 connected with 198.51.100.5 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 966 MBytes 810 Mbits/sec
[ 3] Sent 688897 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 966 MBytes 810 Mbits/sec 0.001 ms 0/688896 (0%)
[ 3] 0.0-10.0 sec 1 datagrams received out-of-order
This time the results are considerably higher.
Bidirectional Tests
In some cases, you may want to test both servers for the maximum amount of throughput. This can easily be done using the built-in bidirectional testing feature iPerf offers.
to test both connections, run the following command from the client:
# iperf -c 198.51.100.5 -d
The result is that iPerf will start a server and a client connection on the client server (198.51.100.6). Once this has been done, iPerf will connect the iPerf server to the client connection, which is now acting as both a server connection and a client connection.
------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 198.51.100.5, TCP port 5001 TCP window size: 351 KByte (default) ------------------------------------------------------------ [ 3] local 198.51.100.6 port 50618 connected with 198.51.100.5 port 5001 [ 5] local 198.51.100.6 port 5001 connected with 198.51.100.5 port 58650 [ ID] Interval Transfer Bandwidth [ 5] 0.0-10.1 sec 1.27 GBytes 1.08 Gbits/sec [ 3] 0.0-10.2 sec 1.28 GBytes 1.08 Gbits/sec
On the server, you will see:
------------------------------------------------------------ Client connecting to 198.51.100.6, TCP port 5001 TCP window size: 153 KByte (default) ------------------------------------------------------------ [ 6] local 198.51.100.5 port 58650 connected with 198.51.100.6 port 5001 [ 6] 0.0-10.1 sec 1.27 GBytes 1.08 Gbits/sec [ 5] 0.0-10.2 sec 1.28 GBytes 1.08 Gbits/sec
Options
Option Description
-f Change the format in which the tests are run. For example, you can use -f k to get results in Kbits per second instead of Mbits per second. Valid options include m (Mbits, default), k (Kbits), K (KBytes), and M (MBytes).
-V Forces iPerf to use IPv6 rather than IPv4.
-i Changes the interval between periodic bandwidth tests. For example, -i 60 will make a new bandwidth report every 60 seconds. The default is zero, which performs one bandwidth test.
-p Changes the port. When not specified, the default port is 5001. You must use this flag on both the client and server.
-B Binds iPerf to a specific interface or address. If passed through the server command, the incoming interface will be set. If passed through the client command, the outgoing interface will be set.
The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.
Visualize this and you see something that looks like a hairpin.
Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The issue with this article is that you need to load a website or use curl to access the website on an internal IP that is set up as NAT to a public IP.
Scenario:
Server1 – Web Server. Has a public IP 214.44.55.44 and is behind a firewall with the private IP 10.0.0.12.
When you try and load the site on this server, it does not load.
Fix: Set up hosts file to point to the private IP.
Use this information when changing the hostname in centos 7.
Ways to show the hostname
# hostname # hostname -s # hostname -f # cat /etc/hostname # hostnamectl
How to change the hostname.
In order to change or set a CentOS 7 machine hostname, use the hostnamectl command as shown in the below command excerpt.
# hostnamectl set-hostname your-new-hostname
In order to apply the new hostname, a system reboot is required, issue one of the below commands in order to reboot a CentOS 7 machine.
# init 6 # systemctl reboot # shutdown -r now
A second method to setup a CentOS 7 machine hostname is to manually edit the /etc/hostname file
# nano /etc/hostname
Sometimes you need to add an email to receive alerts and other emails for you system or business. WThen after a while the email account is full of emails. One method to automate this is to set up a cron in cpanel to remove the emails. Here is an example.
bin/find /home/cpaneluser/mail/domain.name/emailuser/new -type f -exec rm {} \;
Some Smartmon tools
https://github.com/v-zhuravlev/zbx-smartctl
https://share.zabbix.com/storage-devices/smart-monitoring-with-smartmontools-lld
https://www.smartmontools.org/wiki/Download#InstalltheWindowspackage
Follow this: https://documentation.cpanel.net/display/CKB/The+Let%27s+Encrypt+Plugin
The this for the icon in cpanel: https://premium.wpmudev.org/blog/free-ssl-https-cpanel/
Log into your SSH client at root level, then add the Let’s Encrypt repository with the following command:
cd /etc/yum.repos.d/ && wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo
Next, install the plugin for cPanel with line below and yum:
yum -y install letsencrypt-cpanel
Output:
yum -y install letsencrypt-cpanel Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 104.219.172.10 * cpanel-addons-production-feed: 104.219.172.10 * base: mirrors.usc.edu * extras: mirror.san.fastserv.com * updates: mirrors.xmission.com letsencrypt-cpanel | 2.9 kB 00:00:00 letsencrypt-cpanel/primary_db | 9.4 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package letsencrypt-cpanel.x86_64 0:0.14.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: letsencrypt-cpanel x86_64 0.14.0-1 letsencrypt-cpanel 3.5 M Transaction Summary ====================================================================================================================================================== Install 1 Package Total download size: 3.5 M Installed size: 10 M Downloading packages: letsencrypt-cpanel-0.14.0-1.x86_64.rpm | 3.5 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction *** By running this installer, you indicate that you have read the end-user licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. *** Running installer as root OS version OK cPanel version OK No licence file detected at /etc/letsencrypt-cpanel.licence Fetching new trial licence ... Licence file present Redirecting to /bin/systemctl stop letsencrypt-cpanel.service Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded. FleetSSL cPanel service daemon stopped Installing : letsencrypt-cpanel-0.14.0-1.x86_64 1/1 This server has self-signed service certificates It is not safe to operate this plugin in this circumstance 'insecure' is being added to /etc/letsencrypt-cpanel.conf If you wish to generate a Let's Encrypt cert for the server Please read the configuration documentation on our website, at https://cpanel.fleetssl.com/docs/service-certificates/ Config written to /etc/letsencrypt-cpanel.conf Uninstallation of existing service failed (it's OK) Installed init scripts. Copied plugin files OK Installing cPanel paper_lantern plugin (may take a minute) ... cPanel Plugin installer succeeded OK Installed chkservd scripts Added apache pre virtualhost global include Set cpanel tweak settings --- Installation complete --- The plugin should now be available in the cPanel feature manager Will rebuild conf and restart Apache to reload AutoSSL DCV URLs Rebuilding Apache conf and restarting now ... Built /etc/apache2/conf/httpd.conf OK Verifying : letsencrypt-cpanel-0.14.0-1.x86_64 1/1 Installed: letsencrypt-cpanel.x86_64 0:0.14.0-1 Complete!
How many apache connections are there?
Ubuntu
# ps faux | grep '/usr/sbin/apache2' | wc -l
CentOS
# ps faux | grep '/usr/sbin/httpd' | wc -l
When checking a server access logs, you may wnat to see how many time an IP is requesting pages. Here is the command:
grep 123.123.123.123 /usr/local/apache/logs/error_log | wc -l 1018