Various Linux Commands - When you Need 'em!

From time to time I'll run into a request like "OMG, you HAVE to fix the mail queue RIGHT NOW!! We can't get our report and it's stopping us from submitting our POs in time for tomorrow's delivery!". Being the good (and prepared) Sysadmin that I am, I'm always ready to jump in and help out...My problem is that I don't always write down important commands where I should! (They're scattered all over the place, mostly in the form of post-it notes with poor handwriting and coffee stains)

Yes yes, I know it shouldn't take me 5 mins to search google to figure out how to re-run a sendmail queue, but these things slip your mind sometimes...especially when you have 6 people, including a manager and a director, looking over your shoulder waiting for the mail to 'start flowing'!

This is just a quick and dirty list of the commands that are specific to the things I deal with on a day-to-day basis. I won't go into much detail, so if you'd like more information: stop being so lazy and google it yourself!

Sendmail

'mailq' - List locally-queued mail
'mailq -Ac' - List sent, but undelivered, mail
'/usr/sbin/sendmail -v -q -d3.30' - Show current load in relation to sendmail.cf settings
'/usr/sbin/sendmail -qR /path/to/queue' - Force a mail queue run immediately
'tail /var/log/maillog' - Show output of mail log

Samba

'smbpasswd -a ' - Add user to samba
'smbpasswd -d/-e ' - Disable/enable samba user
'smbpasswd -n ' - Null password for user

Printing

'lpstat -t' - Show every printer, including queue
'/usr/bin/enable or disable' - Enable or disable printer, use the ABSOLUTE path
'lp -i -H restart' - Restart print job
'lpmove ' - Move a stalled job to different printer
'lprm -P ' - Remove print job
'lpadmin -P -E -v socket://ip.addr.of.prtr:9100' - Add and enable a new printer

Generic

'netstat -an' - Show all listening ports
'lsof -Pnl +M -i4' - Show files/daemons listening on specific ports/protocols
'w | wc' - List # of currently logged-on users
'finger ' - Not what you think...it's a legit command...I swear!
'chage -l ' - Show password aging for a user

I'll be updating this post with things that I think may be helpful to others...Personally, I didn't even know about the sendmail command for showing the settings vs. the current load...I found it on a sendmail development project blog from about 8 years ago...you never know!

Script - Active Directory Group Extract (Windows)

There comes a time in every Sysadmin's life when they get a simple request from management: "..also, can you give me a list of everyone in that group?"

Simple enough, right?

Even though it would make perfect sense to right-click the security group and 'extract to text file', it's not THAT easy.

The quickest method to get a listing of users for a specific group is to use VBScript.

1. Copy the script below into a file named "export_security_group_users.vbs".
2. Fill in the information specific to your AD deployment (group, OU, domain).
3. Run the script from the command line: "cscript.exe export_security_group_users.vbs > extractfile.txt

"extractfile.txt" will have entries with the following format:
CN=USERID,OU=GROUPS,OU=SECONDLEVELOU,OU=TOPLEVELOU,DC=foobar,DC=com

export_security_group_users.vbs:
----------------------------------------------------------
'export_security_group_users.vbs
'This script exports users from a specific distribution group
'Usage: cscript.exe export_security_group_users.vbs > extractfile.txt
'
'Andrew Elliott
'17-july-2008
'

On Error Resume Next

Set objGroup = GetObject _
("LDAP://cn=EXTRACTTHISGROUP,ou=GROUPS,ou=SECONDLEVELOU,ou=TOPLEVELOU,dc=foobar,dc=com")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

WScript.Echo "Members:"

For Each strMember in arrMemberOf
WScript.echo strMember
Next

----------------------------------------------------------

*-You'll need to have correct permissions to extract this information

When to NOT recommend Linux desktop solutions!

My mom always told me: "..Andrew, there's a time and a place for everything..". Usually she said this when I was doing something that I definitely was NOT supposed to be doing!...like playing soccer in the kitchen with the dog while she was trying to make dinner...

I think that we can all agree that Linux is great, right? Well, there are always going to be situations where Linux is simply not the answer. For example: My parents had a workstation that had gone belly-up and were in need of a replacement. Great! Linux to the rescue!

...or so I thought...

The problem was, my dad ONLY knows Windows XP. The ONLY thing he knows how to do is double-click on Internet Exploder, select his drf.com (horse racing site) and look at the track entries for that day, then watch the race via streaming video.

Simple enough task no? Well, I went about installing the latest stable version of Ubuntu and everything was going fine. The problem was: It was different. Not really the usage of the O/S or the browser...but the 'little things'. Icons were different. Programs had different names. The windows looked different. It was, as he put it, just "weird" and he didn't "know it".

After 5 minutes he gave up. I was devastated.

Immediately I dove into technical manuals and man pages thinking that I could find the solution in there, as I often do...The problem was, there WAS no technical answer.

The answer was simply: "Linux was not the answer"

This story reminded me of some other things to take into consideration BEFORE recommending a Linux-based desktop solution:

• Can you provide the additional support the client will need?

• Are there business procedures written specifically for the operating system?

• Are they open-minded?

• Is the $$$ savings on licensing enough to justify losses in time when learning new technologies?

• Do they even have time to learn a new O/S? How much time will it take to retrain?

• Is the nature of their business DEPENDENT on their computing platform?

Obviously this is only scratching the surface and there are myriads of things to consider when investing in newer, better technologies such as Linux. Hopefully this will get everyone thinking the next time a client "...needs a new desktop...quick!".

Script - kill all users except root via 'skill'

Eventually you'll get to the point where you need a script that just kicks all the users off except the 'root' account (provided you're logged in as root or su).

This script:

checks to see that the user running the script is 'root'
does a 'w' listing (shows who's currently logged on) and an inverted grep '-v' to find the users
kills off the user accounts with 'skill'

(Enter other account exceptions into the bold text)

----------------------------------------------------------
#!/bin/bash
# logoffeveryone.sh
# Written by Andrew Elliott, 9-APR-2009
#

USER_LOG=/root/loggedonusers.txt
ROOT_UID=0

if [ "$UID" -ne "$ROOT_UID" ]
then
echo "Must be root to run this script!"
exit
fi

cd /root

echo "-----------------------------" > $CHAGE_LOG

w | cut -f 1 -d " " | grep -v 'root' | grep -v 'anyotheruser' | while read TEMP1
do
echo "Logging off user: $TEMP1"
skill -KILL -u $TEMP1
done

exit 0
----------------------------------------------------------

Script - Remove files older than 1 day from /root

A quick bash script that I wrote that does the following:

Checks to see if the user is root (good to do with all your scripts if you 'sudo')
finds all files older than 1 day (-ctime +1)
deletes the files
sends an email to 'root' with a small report of the deleted files

(the numb -3 is to calculate the number of files deleted - there are 3 header lines in the report)
(the statement in bold allows you to specify file formats to delete...*.csv in my case...)

------------------------------------------
#!/bin/bash
# rmroottemp.sh
# Written by Andrew Elliott, 20-feb-2009
#

RM_LOG=/root/rmroottemplog.txt
ROOT_UID=0

if [ "$UID" -ne "$ROOT_UID" ]
then
echo "Must be root to run this script!"
exit
fi

cd /root

echo "-----------------------------" > $RM_LOG
echo "Report for files removed from /root" >> $RM_LOG
echo "-----------------------------" >> $RM_LOG

find /root -ctime +1 -maxdepth 1 | grep 'searchtermhere' | while read TEMP1
do
echo "$TEMP1" >> $RM_LOG
rm -rf $TEMP1
done

NUMB=`cat $RM_LOG | wc | cut -c1-8 | sed 's/^[ ]*//'`
NUMB=$(($NUMB - 3))
/bin/mail -s "Root temp file cleanup $NUMB files deleted" root < $RM_LOG
rm -rf $RM_LOG
exit 0
------------------------------------------

Need Samba to work RIGHT NOW!? - Open Access smb.conf

"Open Access?? Are you crazy? What about security concerns?!"

Obviously I would not recommend this Samba configuration to anyone BUT home users...and even that is a stretch with today's trojans, viruses and backdoors. If you're only going to share out music, video and pictures like me...well, what's the big deal?

I hate entering passwords at home!...especially after you've been into the wacky tobaccy with your buddies and just want to show off your new MythTV setup and get on with the viewing of "Cheech and Chong's Up in Smoke" or "A Clockwork Orange"!

Here's an open configuration for Samba:

(security disclaimer: If you use this configuration file, I'm not liable...etc, etc, blah blah...you know the scoop)

----------------------------------------
/etc/samba/smb.conf
----------------------------------------
[global]

workgroup = MSHOME
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = share
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
guest account = nobody
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
socket options = TCP_NODELAY

wins support = no
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

[video]
path = /mnt/vidmnt/Video
browsable = yes
public = yes
guest ok = yes
guest only = yes
guest account = nobody
writable = yes

[music]
path = /mnt/vidmnt/Music
browsable = yes
public = yes
guest ok = yes
guest only = yes
guest account = nobody
writable = yes

[pictures]
path = /mnt/vidmnt/Pictures/
browsable = yes
public = yes
guest ok = yes
guest only = yes
guest account = nobody
writable = yes
----------------------------------------

This configuration takes into account that your home workgroup is named 'MSHOME'. If you can't browse it from a Windows workstation, this is probably the cause. The TCP_NODELAY has been added to speed up access on your local network.

I believe that most Samba configurations are done through the web interface these days...but I'm more of a Linux command-line purist: I love vi. Not because it's easy...but because it isn't!

This file is available via 'wget' and should work with most distributions:

cd /etc/samba
cp /etc/samba/smb.conf /etc/samba/smb.backup.conf
wget http://interslice.dnsalias.com/smb.conf

If you need to restart samba:

'/etc/init.d/samba restart'

Here's the official HOW-TO collection, straight from the horse's mouth:

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/

Andrew.

Hello World!...This is my cynical view...

"Oh crap, not the 'hello world' thing again..."

If I had a penny for every time someone signed up for a twitter or blogger account and their only post was "hello world", I would be a rich, rich man!

...Unfortunately for my critics, this is not the case and I'm just as poor as the rest of the upper-middle class. I have to cut costs and fees anywhere I can, just to put bird seed on the table...and at the end of the day, I have more money than you!

Why? I have a 'secret'...A "better way" if you will...(in the Agent Smith voice in the Matrix)

"A secret?...hmm...do go on.."

I pay $2.50 a month for my phone. How? Asterisk: the open-source VOIP platform that runs on Linux. I connect directly via the IAX2 protocol to Unlimitel wholesale VOIP which connects to the public switched telephone network (PSTN). This solution requires NO SOFTWARE LICENSING WHATSOEVER.

"Whatever...we all know that EVERY PBX needs licenses...Avaya, Nortel...take your pick...how is it we have not heard about this Asterisk before?"

You haven't heard as much about Asterisk because the executives in your corporation can't buy stock in it...and if they can't make money off their decisions, why would they promote it? After all, they only make 6 figures a year...how are they supposed to send 2 kids to an Ivy league school on THAT salary?!

It's true though. In these tough times the rich keep getting richer. Sure, they could have recommended Open-source solutions and saved MILLIONS in licensing costs and KEPT all those tech jobs in North America rather than outsourcing to India...

Think about that...Think about the impact on your local economy if all those outsourced technical jobs were still here...cars, houses, food...Simply by having a few executives select Open-Source over a big-name proprietary solution...It's the small ripple that could potentially turn into a tidal wave and right the sinking ship that is our economy!

I suppose some of them could have chosen Open-Source when they had the chance...but that wouldn't have put any more Rupees in their silk-lined pockets...

IT Executives, make yourselves look good: Choose Open-Source!

(More on exactly how I did this in upcoming blog)

Open-Source VOIP

http://www.asterisk.org/
http://www.trixbox.org/
http://www.freepbx.org/
http://www.unlimitel.ca/