Password recovery. At grub stage, press e to edit the kernel line and add init=/bin/bash. It will drop you in a shell before init system (systemd).

mount -o remount,rw /

Mount partitions on an image file using losetup.

losetup -P -f --show my.img

List all software installed from particular component (non-free, contrib)

$ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free

Manually rotate a file without logrotate, with savelog(8).

$ savelog

What processes uses swap?

for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

MySQL “fast” shutdown.

> set global innodb_max_dirty_pages_pct = 0;
$ mysqladmin ext -i10 | grep dirty

mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …).

mkfs.ext4 -O ^64bit,^metadata_csum

Send a mail from queue.

postcat -q ID > mail
< mail sendmail -f FROM TO

Python Simple HTTP Server (useful for Munin for example).

cd /var/cache/munin/www
python -m SimpleHTTPServer 8080

Show custom certs (not a link) and expiration in /etc/ssl/certs.

find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After;

Edit Bind DNS serial (needs modifications, not generic).

sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.*

After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages.

for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; done
for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; done

Debug php with strace and php-cgi (especially useful for wp multisites). SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI strace -s 65535 -o /tmp/strace php-cgi -f index.php

ps with long user fields (here 20).

ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm

WTF is happening in apache (or other)? Let’s strace all apache processes.

# strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999

WTF is happening? Let’s tail all logs.

# tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ') 

Search for suspects POST in apache.log (often attacks).

Check for crashed MySQL table in syslog and launch a repair.

Get the groups of an user and add another user into these groups.

Get the last acceded URLs in Squid Access list.

Migrate MySQL users.

Find userid of mails in mailq.

Kill every MySQL SELECT older than X seconds – Original:

List of contacts when sending a mail for technical purpose on a domain which doesn’t announce their technical contacts in a whois.

abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<domain>, postmaster@<domain>, support@<domain>, webmaster@<domain>

itk change rights.

Get useradd command for migrating account.

Find files newert than (mtime) a precise date, and execute an action.