wildweaselmi

Sometimes you just need to know what SSL Profile is attached to what Virtual Servers. Here are a couple of cheats I use.. maybe it helps ya, maybe it don't Simple command to run that looks in every partition tmsh -q -c 'cd / ; show ltm virtual recursive profiles' | egrep 'Ltm::Virtual Server:| Ltm::ClientSSL Profile:' You can always tack on | grep virtualservername OR To find what virtual servers have a certain ssl profile, you can tack on | grep -B1 sslprofile name Of course if you are doing alot of work and all the virtual servers with there ssl profiles in a spreadsheet would be easier to work with you can do the following go to /var/tmp on the F5 you want to capture the data and type vi cert-mapping.sh and press enter Type i and then copy and paste the following #!/bin/bash # Search /config and sub directories (partitions) for bigip.conf files LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u` echo "Virtual: Profile: Certificate: Ciphers:" echo "__________________________________________________________" for VAL in ${LIST} do PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u` test -n "${PROF}" 2>&- && { VIRTS=`expr $VIRTS + 1` for PCRT in ${PROF} do CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u` test -n "${CERT}" 2>&- && { CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'` echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}" } done } done echo "Virtual server count: ${VIRTS}" now type chmod 755 cert-mapping.sh Now just run the script by typing: bash ./cert-mapping.sh > cert-mapping_$HOSTNAME"."$(date +%Y%m%d).txt and then press enter Once the script is done (it will take awhile) download the file to your laptop and open with Excel, you can click on the first column then click on Data in Excel and select Text to Columns and then pick Delimited and unselect Tab and select Space. You should then see the data move over to the appropriate columns

Set current time zone to <timezone>. Use "-listtimezones" to list time zones. systemsetup -settimezone <timezone> List time zones supported by this machine. systemsetup -listtimezones Display whether network time is on or off. systemsetup -getusingnetworktime Set using network time to either <on> or <off>. systemsetup -setusingnetworktime <on off> Display network time server. systemsetup -getnetworktimeserver Set network time server to <timeserver>. systemsetup -setnetworktimeserver <timeserver> These commands don't actually SYNC the time like the traditional UNIX commands do. Examples: "systemsetup -setnetworktimeserver" = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn't force the Mac to sync with the ntp server at all - it just tell Mac OS X *which ntp server* to use. "systemsetup -setusingnetworktime" = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the "Set time/date automatically" check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would "tickle" the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time. Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac's time has drifted, the Apple commands do not appear to have a single command to tell the Mac to "sync now". At least its not clearly defined in the man page to me. ALTERNATIVES use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to ntpq> pe or peers - To display a billboard showing the status of configured peers and possibly other clients poking the daemon. ntpq> pe remote refid st t when poll reach delay offset jitter ============================================================================== *mifnt1swic01- 10.13.200.20 2 u 268 256 377 119.761 7.829 20.961 as or - To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers ntpq> as ind assid status conf reach auth condition last_event cnt =========================================================== 1 41942 96f4 yes yes none sys.peer reachable 15 Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer ntpq> rv 41942 associd=41942 status=96f4 conf, reach, sel_sys.peer, 15 events, reachable, srcadr=mifnt1swic01-core.eventguyz.com, srcport=123, dstadr=10.14.194.144, dstport=123, leap=00, stratum=2, precision=-20, rootdelay=1.816, rootdisp=0.656, refid=10.43.200.20, reftime=de3035e9.f6aba7f3 Thu, Feb 15 2018 11:38:01.963, rec=de3035ee.749f3054 Thu, Feb 15 2018 11:38:06.455, reach=377, unreach=0, hmode=3, pmode=4, hpoll=8, ppoll=8, headway=0, flash=00 ok, keyid=0, offset=7.829, delay=119.761, dispersion=17.144, jitter=20.961, xleave=0.146, filtdelay= 121.44 172.00 138.41 149.10 165.60 153.74 132.59 119.76, filtoffset= 19.72 49.29 22.77 6.08 28.96 28.53 18.49 7.83, filtdisp= 0.00 4.04 8.03 11.99 15.98 19.83 23.73 25.70 Query NTP using (the -q stands for query only) sudo ntpdate -q time.eventguyz.com Set date time using ntp server (the -u stands for update) sudo ntpdate -u time.eventguyz.com You can debug ntpdate by running (the -d stands for debug) sudo ntpdate -d time.eventguyz.com If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate tlsdate: secure parasitic rdate replacement 'tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information. You may also try and use the following to check sntp -d time.eventguyz.com

Set current time zone to <timezone>. Use "-listtimezones" to list time zones. systemsetup -settimezone <timezone> List time zones supported by this machine. systemsetup -listtimezones Display whether network time is on or off. systemsetup -getusingnetworktime Set using network time to either <on> or <off>. systemsetup -setusingnetworktime <on off> Display network time server. systemsetup -getnetworktimeserver Set network time server to <timeserver>. systemsetup -setnetworktimeserver <timeserver> These commands don't actually SYNC the time like the traditional UNIX commands do. Examples: "systemsetup -setnetworktimeserver" = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn't force the Mac to sync with the ntp server at all - it just tell Mac OS X *which ntp server* to use. "systemsetup -setusingnetworktime" = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the "Set time/date automatically" check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would "tickle" the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time. Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac's time has drifted, the Apple commands do not appear to have a single command to tell the Mac to "sync now". At least its not clearly defined in the man page to me. ALTERNATIVES use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to ntpq> pe or peers - To display a billboard showing the status of configured peers and possibly other clients poking the daemon. ntpq> pe remote refid st t when poll reach delay offset jitter ============================================================================== *mifnt1swic01- 10.13.200.20 2 u 268 256 377 119.761 7.829 20.961 as or - To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers ntpq> as ind assid status conf reach auth condition last_event cnt =========================================================== 1 41942 96f4 yes yes none sys.peer reachable 15 Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer ntpq> rv 41942 associd=41942 status=96f4 conf, reach, sel_sys.peer, 15 events, reachable, srcadr=mifnt1swic01-core.eventguyz.com, srcport=123, dstadr=10.14.194.144, dstport=123, leap=00, stratum=2, precision=-20, rootdelay=1.816, rootdisp=0.656, refid=10.43.200.20, reftime=de3035e9.f6aba7f3 Thu, Feb 15 2018 11:38:01.963, rec=de3035ee.749f3054 Thu, Feb 15 2018 11:38:06.455, reach=377, unreach=0, hmode=3, pmode=4, hpoll=8, ppoll=8, headway=0, flash=00 ok, keyid=0, offset=7.829, delay=119.761, dispersion=17.144, jitter=20.961, xleave=0.146, filtdelay= 121.44 172.00 138.41 149.10 165.60 153.74 132.59 119.76, filtoffset= 19.72 49.29 22.77 6.08 28.96 28.53 18.49 7.83, filtdisp= 0.00 4.04 8.03 11.99 15.98 19.83 23.73 25.70 Query NTP using (the -q stands for query only) sudo ntpdate -q time.eventguyz.com Set date time using ntp server (the -u stands for update) sudo ntpdate -u time.eventguyz.com You can debug ntpdate by running (the -d stands for debug) sudo ntpdate -d time.eventguyz.com If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate tlsdate: secure parasitic rdate replacement 'tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information. You may also try and use the following to check sntp -d time.eventguyz.com

Set current time zone to <timezone>. Use "-listtimezones" to list time zones. List time zones supported by this machine. Display whether network time is on or off. Set using network time to either <on> or <off>. Display network time server. Set network time server to <timeserver>. These commands don't actually SYNC the time like the traditional UNIX commands do. Examples: "systemsetup -setnetworktimeserver" = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn't force the Mac to sync with the ntp server at all - it just tell Mac OS X *which ntp server* to use. "systemsetup -setusingnetworktime" = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the "Set time/date automatically" check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would "tickle" the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time. Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac's time has drifted, the Apple commands do not appear to have a single command to tell the Mac to "sync now". At least its not clearly defined in the man page to me. ALTERNATIVES use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to pe or peers - To display a billboard showing the status of configured peers and possibly other clients poking the daemon. as or - To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer Query NTP using (the -q stands for query only) Set date time using ntp server (the -u stands for update) You can debug ntpdate by running (the -d stands for debug) If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate You may also try and use the following to check

Set current time zone to <timezone>. Use "-listtimezones" to list time zones. List time zones supported by this machine. Display whether network time is on or off. Set using network time to either <on> or <off>. Display network time server. Set network time server to <timeserver>. These commands don't actually SYNC the time like the traditional UNIX commands do. Examples: "systemsetup -setnetworktimeserver" = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn't force the Mac to sync with the ntp server at all - it just tell Mac OS X *which ntp server* to use. "systemsetup -setusingnetworktime" = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the "Set time/date automatically" check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would "tickle" the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time. Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac's time has drifted, the Apple commands do not appear to have a single command to tell the Mac to "sync now". At least its not clearly defined in the man page to me. ALTERNATIVES use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to pe or peers - To display a billboard showing the status of configured peers and possibly other clients poking the daemon. as or - To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer Query NTP using (the -q stands for query only) Set date time using ntp server (the -u stands for update) You can debug ntpdate by running (the -d stands for debug) If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate You may also try and use the following to check

The question title pretty much says it all but what appears to be an international standard as of today is TLS 1.2 and I noticed many users not able to connect to the site now that we switched. I am assuming it could be because there browser may not support TLS 1.2 so I'm asking do you know what browsers do support TLS 1.2 and which Internet browsers don't support TLS 1.2?

The question title pretty much says it all but what appears to be an international standard as of today is TLS 1.2 and I noticed many users not able to connect to the site now that we switched. I am assuming it could be because there browser may not support TLS 1.2 so I'm asking do you know what browsers do support TLS 1.2 and which Internet browsers don't support TLS 1.2?

Sometimes your linux box has been running for such a long time you may have forgotten what the heck you are running. The quickest and easiest way to identify what you have is run the following command lsb_release -a example: If that doesn't work for one reason or another try this command instead cat /etc/*-release example: You may also want to know what kernel version you are running uname -a or uname -mrs example: Linux = Kernel name 3.2.0-35-generic-pae = Kernel version number i686 = Machine hardware name Finally you can see what kernel and gcc version with the following command cat /proc/version example:

Sometimes your linux box has been running for such a long time you may have forgotten what the heck you are running. The quickest and easiest way to identify what you have is run the following command lsb_release -a example: If that doesn't work for one reason or another try this command instead cat /etc/*-release example: You may also want to know what kernel version you are running uname -a or uname -mrs example: Linux = Kernel name 3.2.0-35-generic-pae = Kernel version number i686 = Machine hardware name Finally you can see what kernel and gcc version with the following command cat /proc/version example:

There are several commands to show how much memory is being used or how much is free or what process is taking how much memory. What command can you run to show the percentage of what is free? Would be helpful to compare to reporting tools to see if they match.

There are several commands to show how much memory is being used or how much is free or what process is taking how much memory. What command can you run to show the percentage of what is free? Would be helpful to compare to reporting tools to see if they match.

NAME vmstat - Report virtual memory statistics SYNOPSIS vmstat [-a] [-n] [delay [ count]] vmstat [-f] [-s] [-m] vmstat [-S unit] vmstat [-d] vmstat [-p disk partition] vmstat [-V] DESCRIPTION vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. The first report produced gives averages since the last reboot. Addi- tional reports give information on a sampling period of length delay. The process and memory reports are instantaneous in either case. Options The -a switch displays active/inactive memory, given a 2.5.41 kernel or better. The -f switch displays the number of forks since boot. This includes the fork, vfork, and clone system calls, and is equivalent to the total number of tasks created. Each process is represented by one or more tasks, depending on thread usage. This display does not repeat. The -m displays slabinfo. The -n switch causes the header to be displayed only once rather than periodically. The -s switch displays a table of various event counters and memory statistics. This display does not repeat. delay is the delay between updates in seconds. If no delay is speci- fied, only one report is printed with the average values since boot. count is the number of updates. If no count is specified and delay is defined, count defaults to infinity. The -d reports disk statistics (2.5.70 or above required) The -p followed by some partition name for detailed statistics (2.5.70 or above required) The -S followed by k or K or m or M switches outputs between 1000, 1024, 1000000, or 1048576 bytes The -V switch results in displaying version information. FIELD DESCRIPTION FOR VM MODE Procs r: The number of processes waiting for run time. b: The number of processes in uninterruptible sleep. Memory swpd: the amount of virtual memory used. free: the amount of idle memory. buff: the amount of memory used as buffers. cache: the amount of memory used as cache. inact: the amount of inactive memory. (-a option) active: the amount of active memory. (-a option) Swap si: Amount of memory swapped in from disk (/s). so: Amount of memory swapped to disk (/s). IO bi: Blocks received from a block device (blocks/s). bo: Blocks sent to a block device (blocks/s). System in: The number of interrupts per second, including the clock. cs: The number of context switches per second. CPU These are percentages of total CPU time. us: Time spent running non-kernel code. (user time, including nice time) sy: Time spent running kernel code. (system time) id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time. wa: Time spent waiting for IO. Prior to Linux 2.5.41, shown as zero. FIELD DESCRIPTION FOR DISK MODE Reads total: Total reads completed successfully merged: grouped reads (resulting in one I/O) sectors: Sectors read successfully ms: milliseconds spent reading Writes total: Total writes completed successfully merged: grouped writes (resulting in one I/O) sectors: Sectors written successfully ms: milliseconds spent writing IO cur: I/O in progress s: seconds spent for I/O FIELD DESCRIPTION FOR DISK PARTITION MODE reads: Total number of reads issued to this partition read sectors: Total read sectors for partition writes : Total number of writes issued to this partition requested writes: Total number of write requests made for partition FIELD DESCRIPTION FOR SLAB MODE cache: Cache name num: Number of currently active objects total: Total number of available objects size: Size of each object pages: Number of pages with at least one active object totpages: Total number of allocated pages pslab: Number of pages per slab NOTES vmstat does not require special permissions. These reports are intended to help identify system bottlenecks. Linux vmstat does not count itself as a running process. All linux blocks are currently 1024 bytes. Old kernels may report blocks as 512 bytes, 2048 bytes, or 4096 bytes. Since procps 3.1.9, vmstat lets you choose units (k, K, m, M) default is K (1024 bytes) in the default mode vmstat uses slabinfo 1.1 FIXME FILES /proc/meminfo /proc/stat /proc/*/stat SEE ALSO iostat(1), sar(1), mpstat(1), ps(1), top(1), free(1) BUGS Does not tabulate the block io per device or count the number of system calls. AUTHORS Written by Henry Ware ;. Fabian Frédérick ; (diskstat, slab, partitions...)

NAME vmstat - Report virtual memory statistics SYNOPSIS vmstat [-a] [-n] [delay [ count]] vmstat [-f] [-s] [-m] vmstat [-S unit] vmstat [-d] vmstat [-p disk partition] vmstat [-V] DESCRIPTION vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. The first report produced gives averages since the last reboot. Addi- tional reports give information on a sampling period of length delay. The process and memory reports are instantaneous in either case. Options The -a switch displays active/inactive memory, given a 2.5.41 kernel or better. The -f switch displays the number of forks since boot. This includes the fork, vfork, and clone system calls, and is equivalent to the total number of tasks created. Each process is represented by one or more tasks, depending on thread usage. This display does not repeat. The -m displays slabinfo. The -n switch causes the header to be displayed only once rather than periodically. The -s switch displays a table of various event counters and memory statistics. This display does not repeat. delay is the delay between updates in seconds. If no delay is speci- fied, only one report is printed with the average values since boot. count is the number of updates. If no count is specified and delay is defined, count defaults to infinity. The -d reports disk statistics (2.5.70 or above required) The -p followed by some partition name for detailed statistics (2.5.70 or above required) The -S followed by k or K or m or M switches outputs between 1000, 1024, 1000000, or 1048576 bytes The -V switch results in displaying version information. FIELD DESCRIPTION FOR VM MODE Procs r: The number of processes waiting for run time. b: The number of processes in uninterruptible sleep. Memory swpd: the amount of virtual memory used. free: the amount of idle memory. buff: the amount of memory used as buffers. cache: the amount of memory used as cache. inact: the amount of inactive memory. (-a option) active: the amount of active memory. (-a option) Swap si: Amount of memory swapped in from disk (/s). so: Amount of memory swapped to disk (/s). IO bi: Blocks received from a block device (blocks/s). bo: Blocks sent to a block device (blocks/s). System in: The number of interrupts per second, including the clock. cs: The number of context switches per second. CPU These are percentages of total CPU time. us: Time spent running non-kernel code. (user time, including nice time) sy: Time spent running kernel code. (system time) id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time. wa: Time spent waiting for IO. Prior to Linux 2.5.41, shown as zero. FIELD DESCRIPTION FOR DISK MODE Reads total: Total reads completed successfully merged: grouped reads (resulting in one I/O) sectors: Sectors read successfully ms: milliseconds spent reading Writes total: Total writes completed successfully merged: grouped writes (resulting in one I/O) sectors: Sectors written successfully ms: milliseconds spent writing IO cur: I/O in progress s: seconds spent for I/O FIELD DESCRIPTION FOR DISK PARTITION MODE reads: Total number of reads issued to this partition read sectors: Total read sectors for partition writes : Total number of writes issued to this partition requested writes: Total number of write requests made for partition FIELD DESCRIPTION FOR SLAB MODE cache: Cache name num: Number of currently active objects total: Total number of available objects size: Size of each object pages: Number of pages with at least one active object totpages: Total number of allocated pages pslab: Number of pages per slab NOTES vmstat does not require special permissions. These reports are intended to help identify system bottlenecks. Linux vmstat does not count itself as a running process. All linux blocks are currently 1024 bytes. Old kernels may report blocks as 512 bytes, 2048 bytes, or 4096 bytes. Since procps 3.1.9, vmstat lets you choose units (k, K, m, M) default is K (1024 bytes) in the default mode vmstat uses slabinfo 1.1 FIXME FILES /proc/meminfo /proc/stat /proc/*/stat SEE ALSO iostat(1), sar(1), mpstat(1), ps(1), top(1), free(1) BUGS Does not tabulate the block io per device or count the number of system calls. AUTHORS Written by Henry Ware ;. Fabian Frédérick ; (diskstat, slab, partitions...)

We may deploy several servers and we need an easy quick way to see if they are now responding I found fping to work best Throw all your IP's in a text file (for example pinglist.txt) and run it sudo fping -a -r 0 -f pinglist.txt

We may deploy several servers and we need an easy quick way to see if they are now responding I found fping to work best Throw all your IP's in a text file (for example pinglist.txt) and run it sudo fping -a -r 0 -f pinglist.txt