RHEL/CentOS/Linux/OSX Handy Hints

Submitted by netinvent.admin on Sat, 07/03/2010 - 14:53
  • You've moved the location of an executable but the shell keeps trying to run the old one and giving you file not found error?

    Shell path caching is the problem. Use PATH=$PATH to reset the shell's path cache.

  • Use nmap to scan your own open ports for vulnerabilities, or just to check that you really have opened the ports you think you have.
  • Everything you need to know about site certificate generation can be found in this OpenSSL howto section.
  • Where did my install files go?
    rpm -ql <package>
  • Reset SQL root password (or any other user):
    use --init-file to start it up with:
UPDATE mysql.user SET Password=PASSWORD('<new password>') WHERE User='<user>';
FLUSH PRIVILEGES;
Afterwards, delete the init file.
  • Some performance stats: 
    • sudo yum install mysql-bench
cd /usr/share/sql-bench
./test-create --user='<user>' --password='<password>'
    • uptime
    • free
    • hdparm -tT
    • top
    • iostat -x
    • vmstat


  • Choosing a disc access scheduler:
    # cat /sys/block/sda/queue/scheduler
noop anticipatory deadline [cfq]
# echo deadline > /sys/block/sda/queue/scheduler
# cat /sys/block/sda/queue/scheduler
noop anticipatory [deadline] cfq
  • bind named records not updating properly, or appear inconsistent or random but zone file looks fine:

    This usually means that somewhere you forgot to update a serial and new zone info is not propagating to slave servers. The best long-term solution is to (at least) use a script to 'wrap' edits to your zone files. The script runs sed at the end to update the serial. Other solutions involve putting all your zone info in a database and then building zone files from the db "automatically". This means you can't create a corrupt zone file by accident (nasty), and you can run as many nameservers off the db as you like, making multiple nameserver maintenance a breeze.

  • check bind named records using dig:

    Basic query of A records, using default nameserver:

    dig testdomain.com.

    Check MX records:

    dig testdomain.com. MX

    Check MX records using a particular nameserver: 

    dig @ns1.foobar.net. testdomain.com. MX

    Do reverse lookup: 

    dig -x 111.222.112.191

    The default query class for dig is IN and you rarely need to change this. You can query any type of record (CNAME or TXT for example) in the same way that MX are queried in the example above.

    You can do tests using a TSIG signature when testing master/slave configurations: Use -k to specify the key filename or -y to pass the key on the command line (though this is a security risk on a multi-user system) - using -k is probably easier anyway.

  • host is a simple way to do a DNS lookup, it's a step up from nslookup and a step down from dig in complexity:
    host testdomain.com.
host -C testdomain.com.
host -l testdomain.com.
host testdomain.com. ns1.nameserver.net.
host 123.111.111.123

    You can lookup an IPv4 or a dotted IP. If you pass -l then host attempts a full zone transfer, but most nameservers will not honor this request, so don't be surprised when it fails. Using -C attempts to retrieve SOA records. You can specify a target nameserver as the second parameter.

  • postfix policyd-weight cache issues:

    Kill the cache daemon:

    policyd-weight -k

    - should clear all cache entries. Depending on configuration you may want to do service postfix restart afterwards to be sure.

    Check the cache status: 

    policyd-weight -s

    Can also try: 

    policyd-weight -d

    to start debug cache daemon.
    This can be stopped again using: 

    policyd-weight -d -k

Syndicate

Syndicate content

User login