5/5/2018 - 6:16 AM

My linux snippets for RHCSA

My linux snippets for RHCSA

Some Linux snippets for preparation to RHCSA.

Only necessary for rhcsa topics Some links:

Working with text


Get users with uid > 1000

awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd



Config without comments and blank lines

cat /etc/httpd/conf/httpd.conf  | grep -v -E "(^\s*#|\s*^;|^$)" 

Check upstreams in nginx conf

for i in $(grep -oE "(10.193.16.[0-9]{2}:[0-9]*)" * |cut -d: -f2,3 | sort -n | sort -u) ; do curl -s -o /dev/null -w "$i-%{http_code}\n" $i  | grep 000;done

Top-50 nginx requests

zgrep -E '\[06\/Aug\/2018:0[9,12]:\w+:\w+\s+.*\]' access.gz |  awk '{print $7}' | sort -n | uniq -c | sort -nr | head -n 50

Find files with sometext or SOMETEXT in /etc/httpd

grep -rli sometext /etc/httpd/

Grep current ip addresses. Syntax: ip a | grep 'inet ' * only ipv4 addreses (ipv6 strings contais 'intet6') grep -Po 'P' using perl regexp, 'o' only match '(\d+.){3}\d+' '(\d+.){3}\d+' Three groups of several numbers + dot + another 4th group of digits. (?=/) match '/' after ip address, but not including it

 ip a | grep 'inet ' | grep -v 127.0.0 | grep -Po '(\d+\.){3}\d+(?=\/)'

Find files in /etc folder that contains any of host's ip address. Syntax: xargs work as for loop, ip is a variable, something like:
for ip in addresses:
grep -rli ip /etc/

ip a | grep 'inet ' | grep -v 127.0.0 | grep -Po '(\d+\.){3}\d+(?=\/)' | xargs -I ip grep  -rli ip /etc/

200 OK per second

tail -f /var/log/nginx/*.log | grep —color=always  '"200"' |  perl -e 'while (<>) {$l++;if (time > $e) {$e=time;print "$l\n";$l=0}}'


Modify mdata to timestamp

find . | xargs -o  -I file touch -t 1812131145.23  file
touch -d "2 hours ago" filename



Print 4th line. Syntax: N = Line number !d = Do not delete.

sed '4!d' httpd.conf

Syntax: -n = Nothing will print unless an explicit request to print is found. N = Line number p = print

sed -n '3p'  httpd.conf

Print 1-10 lines

sed '1,10!d' httpd.conf
sed -n '1,10p' httpd.conf

Replace foo on too. Syntax: s/..../..../ replacement (subtitute). "g" - global, with g sed will replace all matches in string, without g ony first match in every strings.

sed -i 's/foo/too/g

Sed with perl regexp. Syntax: -E or -r for enabling regexp. This example replace "userd" or "usersff" or something else to "users".

 sed -i -E 's/user\w+/users/g'

Delete first string

  sed  '1d' 

Add allow after

sed '/allow;/a allow;' -i *

File permissions



Users lisa and mike have group office.

useradd lisa -g office
useradd mike -g office 

Creating directory "testacl" with no permissions for group "office" and users mike, lisa. Only root user has permission to this directory.

mkdir test
chown root test
chmod 700 test

Now give access for user lisa without changing chmod.

setfacl -mR d:u:lisa:rwx -R test/


  • -m modify
  • d (defaults) means that all files that would create in this directory would have this acl
  • u and rwx as in chmod.
  • R recursive

Now only root and lisa has full access to this folder.

Show acl

getfacl test/

Extended attributes

Add atribute

chattr +i

Show attributes


Most usefull attributes



There are two way with nslcd or with sssd. nslcd is deprecated. For example LDAP server address is ipa.loc.

  1. You need to make sure that ipa.loc can be resoved
  2. yum install -y openldap-clients nss-pam-ldapd (nss for nslcd)
  3. authconfig --enableldap --enableldapauth
    --ldapbasedn="dc=loc" --enablemkhomedir --update

(--enablemkhomedir - optional, --enableforcelegacy - optional for nslcd)

  1. scp ipa.loc:/etc/ipa/ca.crt cert.pem (FreeIPA) or scp root@ipa.loc:/etc/openldap/certs/cert.pem /etc/openldap/cacerts/cert.pem(OpenLDAP) and authconfig --enableldaptls --update

("If you installed IPA with the domain then your basedn is dc=example,dc=com")

  1. Check systemctl status sssd
  2. Check ldapsearch -x uid=admin or id admin


Create user "chermander" with uid 123 and gid 123

 groupadd -g 123 chermander
 useradd -u 123 -g 123 chermander

Change group to wheel

usermod -g wheel chermander
usermod -g 10 chermander

Add chermander to nobody group

usermod -G nobody chermander

Get info about expirity

chage -l chermander

Change date expiration to 1 month.

chage -E  $(date -d "+1month" +"%Y-%m-%d") chermander

Delete additional groups

usermod -G "" chermander


Create 100 Files with size 2MB

for i in {1..100}; do dd if=/dev/zero of=$i bs=2M count=1; done

Move this files to test dir

ls | grep -Po '\d+' | xargs -I file mv file test/

Create tar.bzip archive with this files

  cd test ; tar -cjf ../files.tar.bzip *

List files in archive

  tar -tvf files.tar.bzip

Extract files

tar -xvf files.tar.bzip


There are several methods for network configuration

  • nmtui
  • nmcli
  • GUI nm (nm-connection-editor)
  • /etc/sysconfig/network-scripts/

Change hostname

hostnamect set-hostname host.loc

Managing process

shell jobs

Runing job in background

dd if=/dev/zero of=/dev/null &

Show jobs


Stops the job temporarily so that it can be managed. For instance, it can be moved to the background.


Send the End Of File (EOF) character to the current job to indicate that it should stop waiting for further input.


Can be used to cancel the current interactive job


Continues the job that has just been frozen using Ctrl+Z in the background.


Brings the last job that was moved to background execution back to the foreground.


Show process

ps aux
ps ef 
ps fax

Rename git branch

git branch -m old_branch new_branch         # Rename branch locally    
git push origin :old_branch                 # Delete the old branch    
git push --set-upstream origin new_branch # Push the new branch, set local branch to track the new remote


timeout 60 tcpdump -i ens160 -n port not 22 -w /tmp/pcap tcpdump -nr pcap | awk '{print }' | grep -oE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}' | sort | uniq -c | sort -n


Sata hotplug

echo - - - > /sys/class/scsi_host/host2/scan
ls /sys/class/scsi_host/ | while read host ; do echo "- - -" > /sys/class/scsi_host/$host/scan ; done

echo 1>/sys/class/block/sdd/device/rescan

TOP memory usage

ps -e -o pid,user,cpu,size,rss,cmd --sort -size,-rss | head

Find deleted files

find /proc/*/fd -ls | grep  '(deleted)



pvcreate /dev/sdd
vgextend vgdb /dev/sdd
lvextend -l +100%FREE  /dev/mapper/vgmysql-lvmysql
xfs_growfs /dev/mapper/vgmysql-lvmysql
pvresize /dev/sda2
lvresize -l +100%FREE /dev/VolGroup00/LogVol00%  


sudo lvdisplay|awk  '/LV Name/{n=$3} /Block device/{d=$3; sub(".*:","dm-",d); print d,n;}'
dm-0 /dev/SysVolGroup/LogVolRoot
dm-1 /dev/SysVolGroup/xen
dm-2 /dev/SysVolGroup/db1-2
dm-3 /dev/SysVolGroup/db1-2swap
dm-4 /dev/SysVolGroup/python1
dm-5 /dev/SysVolGroup/python1swap
dm-6 /dev/SysVolGroup/db1-2snap


pfx to key and cer for nginx

openssl pkcs12 -in cert.pfx -nocerts -nodes -out
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out


reset password in sqllite

update user set password =  '59acf18b94d7eb0694c61e60ce44c110c7a683ac6a8f09580d626f90f4a242000746579358d77dd9e570e83fa24faa88a  8a6', salt = 'F3FAxVm33R' where login = 'admin'