Techpository

Example:
------------------------------------------------
/data is mapped to a second attached hard drive /dev/sdb

[root@servnamed-a ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Mar  5 08:08:09 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root   /                       xfs     defaults        0 0
UUID=90afc952-90eb-48bd-9cf4-f1790f23e159 /boot                   xfs     defaults        0 0
/dev/mapper/rhel-usr    /usr                    xfs     defaults        0 0
/dev/mapper/rhel-var    /var                    xfs     defaults        0 0
/dev/mapper/rhel-swap   swap                    swap    defaults        0 0
/dev/sdb		/data			xfs	defaults	0 0

Using the command pvs, we determined that LVM was not used on this volume

------------------------------------------------
1. Verify the drive mappings and space

[root@servname~]# df -h
Filesystem             Size  Used Avail Use% Mounted on
devtmpfs               5.8G     0  5.8G   0% /dev
tmpfs                  5.8G     0  5.8G   0% /dev/shm
tmpfs                  5.8G   34M  5.8G   1% /run
tmpfs                  5.8G     0  5.8G   0% /sys/fs/cgroup
/dev/mapper/rhel-root   15G  1.9G   14G  13% /
/dev/mapper/rhel-usr   5.0G  3.8G  1.3G  76% /usr
/dev/sdb               100G   92G  8.6G  92% /data
/dev/sda1              3.0G  288M  2.8G  10% /boot
/dev/mapper/rhel-var    15G  2.4G   13G  16% /var
tmpfs                  1.2G     0  1.2G   0% /run/user/0
tmpfs                  1.2G     0  1.2G   0% /run/user/990
tmpfs                  1.2G   12K  1.2G   1% /run/user/42
tmpfs                  1.2G     0  1.2G   0% /run/user/1000

2. Determine if LVM was used on the target drive /dev/sdb
[root@servername ~]# pvs
  PV         VG   Fmt  Attr PSize   PFree
  /dev/sda2  rhel lvm2 a--  <37.00g    0 

In our case it was not used as you can see their is no reference above.


3. Determine which file system was installed on the drive /dev/sdb
[root@servername ~]# blkid
/dev/mapper/rhel-var: UUID="0d05bcc2-b292-4e9f-a34a-b93539fbd8c0" TYPE="xfs" 
/dev/sda2: UUID="NQlV2B-EhAF-O7j2-hUDj-q2U8-EVCY-8obFEc" TYPE="LVM2_member" 
/dev/sda1: UUID="90afc952-90eb-48bd-9cf4-f1790f23e159" TYPE="xfs" 
/dev/sdb: UUID="93f4b905-330e-4a89-ad9f-454067886d70" TYPE="xfs" 
/dev/mapper/rhel-root: UUID="557b5ecd-0c1c-4c41-af04-827b5427e90b" TYPE="xfs" 
/dev/mapper/rhel-swap: UUID="a742138f-ae4a-4801-b8e0-d76a5260775a" TYPE="swap" 
/dev/mapper/rhel-usr: UUID="507a540b-3edd-4cee-9440-cfe7187bb43e" TYPE="xfs" 

4. Verify the current seen drive size
[root@servname~]# fdisk -l /dev/sdb
Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


5. Expand the drive in VCENTER if this is a virtual machine.  Make certain to select the correct drive

6. recan the target drive for changed information
[root@servname~]# echo 1>/sys/class/block/sdb/device/rescan

7. Check the drive to verify the the OS see the new drive size
[root@servname~]# fdisk -l /dev/sdb
Disk /dev/sdb: 161.1 GB, 161061273600 bytes, 314572800 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

8. Expand the xfs partition to take all of the additional space.
[root@servname~]# xfs_growfs /dev/sdb
meta-data=/dev/sdb               isize=512    agcount=4, agsize=6553600 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0 spinodes=0
data     =                       bsize=4096   blocks=26214400, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal               bsize=4096   blocks=12800, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 26214400 to 39321600

9. Verify that the drive was expanded
[root@servname~]# df -h
Filesystem             Size  Used Avail Use% Mounted on
devtmpfs               5.8G     0  5.8G   0% /dev
tmpfs                  5.8G     0  5.8G   0% /dev/shm
tmpfs                  5.8G   34M  5.8G   1% /run
tmpfs                  5.8G     0  5.8G   0% /sys/fs/cgroup
/dev/mapper/rhel-root   15G  1.9G   14G  13% /
/dev/mapper/rhel-usr   5.0G  3.8G  1.3G  76% /usr
/dev/sdb               150G   92G   59G  62% /data
/dev/sda1              3.0G  288M  2.8G  10% /boot
/dev/mapper/rhel-var    15G  2.4G   13G  16% /var
tmpfs                  1.2G     0  1.2G   0% /run/user/0
tmpfs                  1.2G     0  1.2G   0% /run/user/990
tmpfs                  1.2G   12K  1.2G   1% /run/user/42
tmpfs                  1.2G     0  1.2G   0% /run/user/1000

Now done with sssd and realmd

Use the following command to join an AD domain:
realm join companyname.com

Configuration files located at:
/etc/sssd/sssd.conf
[sssd]
domains = companyname.com
config_file_version = 2
services = nss, pam

[domain/companyname.com]
ad_domain = companyname.com
krb5_realm = COMPANYNAME.COM
realmd_tags = joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
simple_allow_users = $, username, otherusername
access_provider = simple

systemctl restart sssd.service – reloads any sssd.conf changes

make certain snmp is installed
apt-get install snmp

make certain MIBS is installed
apt-get install snmp-mibs-downloader

Update MIBS
download-mibs

comment out the mibs : line in /etc/snmp/snmp.conf

snmpwalk -Os -v 1 -c communityname servername iso.3.6.1.2.1.1.1.0

The various options available for netstat are far too numerous to be detailed in full here.

In this post, we’ll consider the most important netstat commands. These are commands no Linux administrator can do without.
Display All Connections

$ netstat -a

Above command lists all connections from different protocols like tcp, udp and unix sockets
List Only TCP connections

$ netstat -at

List Only UDP Connections

$ netstat -au

Show IP Address without Reverse DNS lookup

$ netstat -ant

List All Listening Conditions

$ netstat -l

List Only Listening TCP Ports

$ netstat -lt

List only listening UDP Ports

$ netstat -lu

Display Summary Statistics

$ netstat -s

The above command spits out a wealth of information including total packets received, incoming packets delivered, active TCP connections, failed TCP connection attempts etc.

You can spend the better part of a day analyzing the output. 😉

To print out statistics of only select protocols like TCP or UDP use the corresponding options like t and u along with the s option.
Display Statistics for TCP

$ netstat -st

Display Statistics for UDP

$ netstat -su

Displays Domain Name Where Possible for IP Address

$ netstat -F

Display Only IP address

$ netstat -n

Above command will display output without resolving host, port and user name.
Get Netstat Output Continuously

$ netstat -c

The -c option can be combined with other netstat options like -t (see below).

$ netstat -ct

Displays TCP Connections Continuously

$ netstat -tcp

Above command will output TCP connections along with PID continuously.
Display Process Identifier (PID)

$ netstat -p

Above command adds PID/program name to output.

The -p option can be combined with other options (see below).
Show Service Name with PID Number

$ netstat -tp

Displays TCP Connections without Domain Names

$ netstat –tcp –numeric

List Only Listening TCP Connections

$ netstat -tnl

List Only listening UDP Connections

$ netstat -unl

List Process name/PID and User ID

$ sudo netstat -nlpt

Show Listening Connections of TCP with Process Information and Extended Information

$ sudo netstat -ltpe

Show Kernel’s Network Routing Table

$ netstat -r

Display Kernel Routing Information

$ netstat -rn

Above command will not resolve host names.
Print Network Interfaces

netstat -ie

Display all Open connections to a Specific Port

$ netstat -anp | grep “:”

Insert port no (above) in place of colon :
Show Active/Established Connections

$ netstat -atnp | grep ESTA

Get Continuous List of Active Connections

$ watch -d -n0 “netstat -atnp | grep ESTA”

Check if a Service is Running

$ sudo netstat -aple | grep ntp

You can substitute http, smtp for ntp
Netstat – Security Commands

There are some netstat commands that are more geared toward security than others.

In an era when attacks from both individuals or government agencies are common, it’s important to be au courant with a bunch of security netstat commands.

These commands are useful in identifying malicious visitors.

Here are a bunch of security-oriented netstat commands. Some of them are useful in bringing small-scale DOS attacks under control.
Display IPs with High Number of Connections

$ netstat -tn 2>/dev/null | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr | head

IP Addresses Connected to Port 80

$ netstat -tn 2>/dev/null | grep ‘:80 ‘ | awk ‘{print $5}’ |sed -e ‘s/::ffff://’ | cut -f1 -d: | sort | uniq -c | sort -rn | head

Display Number of Active Connections on Port 80

$ netstat -an |grep :80 |wc -l

Displays Foreign IP Addresses Only

$ netstat -antu | grep :80 | grep -v LISTEN | awk ‘{print $5}’

Display Active SYNC_REC

The below command will output how many active SYNC_REC are occurring and happening on the server. The number should be low (less than 5). If the number is in double digits, you may be suffering a DoS attack or being mail bombed.

$ netstat -n -p|grep SYN_REC | wc -l

List Unique IP Addresses Sending SYN_REC Connection

Like the above command, this command too lists all unique IP addresses of the node that are sending SYN_REC connection status

$ netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’

Connections Per Remote IP

$ netstat -antu | awk ‘{print $5}’ | awk -F: ‘{print $1}’ | sort | uniq -c | sort -n

or

$ netstat -antu | awk ‘$5 ~ /[0-9]:/{split($5, a, “:”); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | “sort -k1 -nr”}’

Check Open Ports (both ipv4 and ipv6)

$ netstat -plntu

Check Open Ports (both ipv4 and ipv6)

$ netstat -plnt

Number of Open Connections per IP

$ netstat -an | grep 80 | wc -l

Active Internet Connections

$ netstat -pnut -w | column -t -s $’\t’

I tend to forget about this nice little tool. It can be helpful to get some quick statistics

usage:
mtr target server