Centos Oneliners
Contents
Centos Oneliners
This will be a place to save my oneliners
Centos Oneliners
kill all pts
for x in $(ps aux | grep pts| awk '{print $2}'); do kill $x; done
Apache Oneliners
Check the Number of IP's Connecting over Port 80
netstat -tn | grep :80 | awk '{print $5}'| cut -d: -f1 | uniq -c | sort -rn | head
Check what IP's are getting the most traffic
netstat -tn | grep EST | grep :80 | awk '{print $4}' |cut -d: -f1 | uniq -c | sort -rn
size of logs
ls -lahrS /home/*/var/*/logs/*log
what are the php-cgi processes doing? (sleeps for 5 seconds, command takes a while to run, will open up less when it's done)
sleep 5; for i in $(ps aux |grep php-cgi |grep -v defunct |grep -v grep |awk '{print $2}'); do strace -p $i -o $i.trace ; done ; cat *.trace | less && rm -rf *.trace
top 20 URLs from the last 5000 hits
tail -5000 ./transfer.log | awk '{freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
top 20 URLS excluding POST data from the last 5000 hits
tail -5000 ./transfer.log | awk -F"[ ?]" '{freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
top 20 IPs from the last 5000 hits
tail -5000 ./transfer.log | awk '{freq[$1]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
top 20 URLs requested from a certain ip from the last 5000 hits
IP=1.2.3.4; tail -5000 ./transfer.log | awk -v ip=$IP ' $1 ~ ip {freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
top 20 URLS requested from a certain ip excluding, excluding POST data, from the last 5000 hits
IP=1.2.3.4; tail -5000 ./transfer.log | awk -F"[ ?]" -v ip=$IP ' $1 ~ ip {freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
top 20 referrers from the last 5000 hits
tail -5000 ./transfer.log | awk '{freq[$11]++} END {for (x in freq) {print freq[x], x}}' | tr -d '"' | sort -rn | head -20
top 20 user agents from the last 5000 hits
tail -5000 ./transfer.log | cut -d\ -f12- | sort | uniq -c | sort -rn | head -20
sum of data (in MB) transferred in the last 5000 hits
tail -5000 ./transfer.log | awk '{sum+=$10} END {print sum/1048576}'
IPs using the most bandwidth (in MB) from the last 5000 hits
tail -5000 ./transfer.log | awk '{tx[$1]+=$10} END {for (x in tx) {print x, "\t", tx[x]/1048576, "M"}}' | sort -k 2n | tail -n 20 | tac
hits per hour
for x in $(seq -w 0 23); do echo -n "$x "; grep -c "$(date +%d/%b/%Y:)$x" ./transfer.log; done;
Mysql Oneliners
Show locked tables
show open tables WHERE In_use > 0;
Qmail Oneliners
who are the top senders for the outgoing (remote) queue
/var/qmail/bin/qmqtool -R | awk '/ From:/ {h[$0]++} END {for (x in h) {print h[x], x}}' | sort -rn | head -20
who are the top recipients of the outgoing (remote) queue
/var/qmail/bin/qmqtool -R | awk '/ To:/ {h[$0]++} END {for (x in h) {print h[x], x}}' | sort -rn | head -20
what are the top subjects of the outgoing (remote) queue
/var/qmail/bin/qmqtool -R | awk '/ Subject:/ {h[$0]++} END {for (x in h) {print h[x], x}}' | sort -rn | head -20
what domains are have the most mail in the outgoing (remote) queue
/var/qmail/bin/qmqtool -R | grep "To: " | cut -d @ -f2 | sort | uniq -c | sort -rn | head -20
who are the top receivers for the incoming (local) queue
/var/qmail/bin/qmqtool -L | grep "To: " | sort | uniq -c | sort -rn | head -20
what domains are have the most mail in the incoming (local) queue
/var/qmail/bin/qmqtool -L | grep "To: " | cut -d @ -f2 | sort | uniq -c | sort -rn | head -20
how many messages are queued up in the incoming (local) queue for a specific domain
DOMAIN="masdox.com"; /var/qmail/bin/qmqtool -L | grep "To: " | grep $DOMAIN |sort | wc -l
view the messages in the incoming (local) queue for a specific domain
DOMAIN="masdox.com"; /var/qmail/bin/qmqtool -L | grep "To: " | grep $DOMAIN |sort | uniq -c | sort -rn | head -20
list all domains with catch-alls
for x in /home/*/var/*/mail/catchall; do echo "$(echo $x | cut -d/ -f5) - $(cat $x)"; done; for x in /home/*/var/*/mail/.catchall; do echo "$(echo $x | cut -d/ -f5) - $(cat $x)"; done;
all domains with bounce turned off (and don't have a catchall which requires bounce to be turned off)
(for x in /home/*/var/*/mail; do if [ ! -e $x/.bounceon -a ! -e $x/.catchall ]; then echo "$x"; fi; done;) | cut -d/ -f5 | sort
which domains with bounce off or catchalls are getting the most messages
grep 'accepted any recipient' /var/log/smtp/* | awk '{print $11}' | sed 's/[<>]//g' | cut -d@ -f2 | sort | uniq -c | sort -rn | head -20
list everyone with a vacation message
find /home/*/var/*/mail/*/vacation -type f ! -size 0
print out every vacation message
for x in $(find /home/*/var/*/mail/*/vacation -type f ! -size 0); do echo $x; cat $x; echo -e "\n\n-------------------"; done;
how man imap/pop3 connections are usually open. also look for it approaching the limit
awk '/tcpserver: status/ {print $4}' /var/log/imap4-ssl/* | sort | uniq -c | sort -k2 -n
awk '/tcpserver: status/ {print $4}' /var/log/pop3-ssl/* | sort | uniq -c | sort -k2 -n
awk '/tcpserver: status/ {print $4}' /var/log/imap4/* | sort | uniq -c | sort -k2 -n
awk '/tcpserver: status/ {print $4}' /var/log/pop3/* | sort | uniq -c | sort -k2 -n
