Pivert's Blog

Sysadmin Tips

Reading Time: 4 minutes

and useful one-liners

Check a port on a host every 5 seconds

while :; do echo -n `date +"[%Y-%m-%d %H:%M:%S]"`; echo -n "  "; nc -z 3389; if [ $? -eq 0 ]; then echo OK; else echo Unreachable; fi; sleep 5; done;

Use a group you’ve just being added to (no re-login)

newgrp webdev

Start a command with some group id (and keep current privileges in your shell)

sg webdev -c "command"

Add this alias to your .profile to

take quick notes with date in the filename

alias vimn='f(){ vim `date +%Y%m%y-%H%M`_$1.txt; unset -f f; }; f'

generate gpg encrypted messages from the console

alias gpgb="echo '' | vipe | gpg -e --sign -a -r usr1@example.com -r usr2@example.com"

get a docker seashell with latest nvim and all common a k8s/oc commands

or an automated way to maintain any script up to date

alias seashell='SS=~/bin/seashell; URL=https://gitlab.com/pivert/seashell/-/raw/main/seashell; [ -d ~/bin ] || mkdir -p ~/bin; if [ ! -f "$SS" ]; then curl -s --connect-timeout 3 "$URL" -o "$SS" && chmod +x "$SS" && "$SS"; else "$SS"; if [ $(find "$SS" -mtime +10) ]; then mv "$SS" "${SS}.old"; fi; fi || { [ -f "${SS}.old" ] && cp "${SS}.old" "$SS" && "$SS" || echo "ERROR: Failed to download and no fallback ${SS}.old script exists"; }'

Delete Docker generated DNS redirection (useful when it breaks)

LINE=$(iptables -t nat -L DOCKER-INGRESS --line-numbers | grep -E 'DNAT.*udp dpt:domain' | awk '{print $1};') && [ ${#LINE} -gt 0 ] && echo "Docker DNS DNAT rule was found at line $LINE in DOCKER-INGRESS chain." && iptables -t nat -D DOCKER-INGRESS $LINE

List manually installed packages in Ubuntu/Kubuntu (2 ways)

comm -23 <(apt-mark showmanual | sort -u) <(gzip -dc /var/log/installer/initial-status.gz | sed -n 's/^Package: //p' | sort -u)

grep 'Commandline: apt install ' /var/log/apt/history.log | awk '{print $4}' | xargs echo 'apt install -y'

Test your jinja2 code in iPython REPL

For instance before placing it into Ansible playbook. Here is an example with mapping short codes to values:

In [42]: from jinja2 import Template

In [43]: Template(
    ...: 'Host Group: {{ host_groups.get(ansible_hostname.split("-")[2], "Missing host_group in host_groups") }}'
    ...: ).render(
    ...: ansible_hostname="mynet-qa-es-003",
    ...: host_groups={
    ...: 'rtk': 'RethinkDB',
    ...: 'dbms': 'MySQL',
    ...: 'pg': 'PostgreSQL',
    ...: 'es': 'ElasticSearch',
    ...: }
    ...: )
Out[43]: 'Host Group: ElasticSearch'


grep but keep the first line (title line)

Grep can’t do that directly, but it’s quite easy with sed:

kubectl get pods -A | sed '1p; /blue/!d;'
  • p command prints, the line 1 in this case
  • d command deletes all the matches, but the selection is inverted with the !


Check your browser audio configuration with 5.1 speakers


Convert images to a certain size, and use progressive jpeg with resize (in the example 1200px wide)

convert original.jpg -resize 1200 -define jpeg:extent=90k -interlace plane smaller.jpg

Convert all JPEG in a folder to progressive JPEG (backup before)

mogrify -interlace plane *.jpg

Compress PDF

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH -sOutputFile=outfile.pdf infile.pdf

In case the quality would be too low, you can check with higher profiles such as -dPDFSETTINGS=/prepress or /ebook. There’s a lot of options. Also check ps2pdf.


Randomly move mouse on X11

eval $(xdotool getdisplaygeometry --shell); while true; do xdotool mousemove `rand -M $WIDTH` `rand -M $HEIGHT` && sleep $((`rand -M 300` + 120)); done;

Easy CPU burn

for i in $(seq $(getconf _NPROCESSORS_ONLN)); do yes > /dev/null & done

The to stop the CPU burn

killall yes

Get mouse middle-click in Citrix ICAclient

sed -ie 's/MouseSendsControlV.*/MouseSendsControlV=False/' $HOME/.ICAClient/wfclient.ini

Logout user remotely

loginctl terminate-user "your annoying friend username here" 


Fill disk with Zeros

Useful for vm disk image dump. This command fills almost all disk with Zeros, keeping 100MB free, then delete the temp zero file.

dd if=/dev/zero of=/zero bs=100M count=$(( $(df -l -B 100M --output='avail' -t 'ext4' / | tail -n1) - 1)); rm /zero

If using ansible, you can use ad-hoc command, just pay attention to the quotes. Here for “myhosts” host group:

ansible myhosts -m shell -a 'dd if=/dev/zero of=/zero bs=100M count=$(( $(df -l -B 100M --output="avail" -t "ext4" / | tail -n1) - 1)); rm /zero'

Then double check

ansible mysthosts -m shell -a '[ ! -d /zero ] && echo "/zero temporary file has been properly removed" || "ERROR: /zero still exists - Remove it manually"'

Copy disk with nice UI

(pv -n /dev/sdX | dd of=/dev/sdX bs=128M conv=notrunc,noerror) 2>&1 | dialog --gauge "Running dd command (cloning), please wait..." 10 70 0

Kubernetes Namespace stuck on Terminating after delete

kubectl proxy &
export NAMESPACE=dynatrace # The namespace to delete
export CLUSTER=c-kvb2n     # Get the cluster id from the URL when connecting via Rancher
kubectl get namespace $NAMESPACE -o json | jq '.spec = {"finalizers":[]}' > temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json$CLUSTER/api/v1/namespaces/$NAMESPACE/finalize

Then remove the proxy: check with jobs, set the job in foreground with fg, then kill it with <CTRL>+C

Kubernetes: Ahmet aliases & jq

ksysgpoojson | jq '.items[]| "pod/\(.metadata.name) runs \(.spec.containers|length) container(s): \(.spec.containers[].name)"'

An interesting example combining


Get public IP address & many more from curl

curl ifconfig.me

Check the https://ifconfig.me/ (with a web browser). Can provide details such as user-agent, tz, language… Just add .json if you prefer json output.

Free light geoip service (based on Google Maps)


Free command-line geoip service

curl https://ipinfo.io/
  "ip": "",
  "city": "New York City",
  "region": "New York",
  "country": "US",
  "loc": "40.7143,-74.0060",
  "org": "AS22252 The City of New York",
  "postal": "10004",
  "timezone": "America/New_York",
  "readme": "https://ipinfo.io/missingauth"


Get certificate chain from the server

openssl s_client -showcerts -connect www.pivert.org:443 < /dev/null
openssl s_client -showcerts -connect zimbra.pivert.org:465 < /dev/null | openssl x509 -dates -noout

Get server certificate dates

openssl s_client -connect www.pivert.org:443 < /dev/null | openssl x5
09 -noout -dates

Install root CA on Debian

sudo cp rootca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Install root CA on Red-Hat

sudo cp rootca.pem /etc/pki/ca-trust/source/anchors
sudo update-ca-trust