System-Tools
Tools for Basic System Management
https://www.nntb.no/~dreibh/system-tools
System-Tools is a collection of helpful tools for basic system management of Linux and FreeBSD systems:
- System-Info (display banners and system information),
- System-Maintenance (run basic system maintenance tasks),
- Reset-Machine-ID (reset the machine identity state, particularly for a cloned VM),
- Print-UTF8 (print UTF-8 text with options for centering, adjusting, etc.),
- Text-Block (flexible tool for inserting, replacing or removing text blocks in files or streams),
- Fingerprint-SSH-Keys (show the machine's SSH public key fingerprints in different formats),
- Configure-Grub (configure options for the GRUB boot loader),
- Try-Hard (run a command, with configurable retries on failure),
- Random-Sleep (wait for random time span, with support of fractional seconds).
- X.509-Tools (tools for viewing, verifying and testing X.509 certificates),
System-Info displays basic status information about the system: hostname, uptime, CPU, memory statistics, disk space statistics, SSH public key hashes, and networking information. Furthermore, it can be configured to show one or more banners (for example, a project name). System-Info can be configured to be automatically run when logging in, providing the user an up-to-date overview of the system.
One main purpose of System-Info is to run on login, to particularly show a nice login banner (for example, a project or company logo) and then present the basic system information. For this purpose, System-Info can be configured with banner scripts (by default looked up in /etc/system-info.d or /usr/local/etc/system-info.d), which are processed in alphabetically descending order by file name, like:
95-application-logo,90-project-logo,60-department-logo,50-company-logo,01-example.
The names of all scripts MUST begin with two decimal numbers. That is, scripts must be named [0-9][0-9]... to be processed by System-Info!
If one of the scripts exits with non-zero exit code, the processing of further banner scripts is stopped. This can be used for preconfiguring a system for example with a department and company logo, where the company logo script terminates further processing. A modified system for a certain project can add a project logo as well. The project logo script may terminate further processing, not showing department and company logos. This may be combined with packaging scripts, for example adding an application logo as part of the application's install package (like adding a script 95-application-logo).
Some examples, using the banner-helper library provided by System-Info:
|
|
|
|
System-Maintenance runs some system maintenance tasks to keep the system clean and up to date. These tasks are:
- Ensuring that all packages are configured,
- Updating the package repositories,
- Removing obsolete kernels,
- Installing all available package updates,
- Auto-removing unused packages,
- Ensuring that Grub (the bootloader) is installed and up-to-date,
- Delete network interface mapping (only on request by option, see below),
- Updating package and file search caches,
- Updating firmware,
- Trimming SSDs and virtual storage.
The typical usage is quite simple, e.g.:
sudo System-MaintenanceThe manpage of System-Maintenance contains details and further examples:
man System-MaintenanceReset-Machine-ID resets the machine identity state, particularly for a cloned VM, to make it appear as a new machine. It performs the following tasks:
- Reset
/etc/machine-id, - Reset
/var/lib/dbus/machine-id(symlink to/etc/machine-id), - Change hostname, if a new one is provided.
- Provide hardened settings for SSH client and server.
- Create new SSH key pair.
The changes are made interactively on request only, unless the option --yes-to-all-i-am-really-sure is set.
-
Reset machine ID, without changing the hostname:
sudo Reset-Machine-ID
-
Reset machine ID, with changing the hostname to new-hostname.domain.example:
sudo Reset-Machine-ID --hostname new-hostname.domain.example
-
The manpage of Reset-Machine-ID contains details and further examples:
man Reset-Machine-ID
Print-UTF8 is a simple program to print UTF-8 strings in the console with options for indentation, centering, separator as well as size/length/width information. It can e.g. be utilised for printing System-Info banners, or for displaying error messages like this classic Amiga Guru Meditation example:
print-utf8 -n -s "\e[1;31;40;5mâ–ˆ" "â–€" "â–ˆ\e[0m"
echo -e "Software Failure. Press left mouse button to continue.\nGuru Meditation #00000004.48454C50" | \
print-utf8 -n -C "\e[1;31;40;5mâ–ˆ\e[25m" "\e[5mâ–ˆ\e[0m"
print-utf8 -n -s "\e[1;31;40;5mâ–ˆ" "â–„" "â–ˆ\e[0m"
The manpage of Print-UTF8 contains details and various further examples:
man print-utf8Text-Block is a flexible tool for automated editing operations of text blocks in files or streams:
- Copying input,
- Discarding input,
- Enumeration of lines,
- Highlighting blocks,
- Deleting blocks,
- Inserting text before/after marking, as well as
- Replacing blocks.
The blocks to be modified can be selected by begin/end tags, or line numbers. The static pages of this website are generated by using Text-Block to insert contents like publications and project lists, add new software releases, etc.
For example, the publications list in index.html is placed between the tags '<!-- BEGIN-OF-PUBLICATIONS -->' and '<!-- END-OF-PUBLICATIONS -->'. Text-Block can be used to manipulate this block:
-
To extract the publications list to standard output:
text-block -i index.html \ --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \ --end-tag '<!-- END-OF-PUBLICATIONS -->' \ --extract
-
To delete the publications list and write the page to output.html:
text-block -i index.html -o output.html \ --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \ --end-tag '<!-- END-OF-PUBLICATIONS -->' \ --delete``
-
To replace the publications list by contents from update.block (e.g. generated by BibTeXConv, and write the page to output.html:
text-block -i index.html -o output.html \ --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \ --end-tag '<!-- END-OF-PUBLICATIONS -->' \ --replace update.block
-
The manpage of Text-Block contains details and various further examples:
man text-block
Fingerprint-SSH-Keys prints the SSH key fingerprints of the local machine in different formats: SSH hash, DNS SSHFP RR, or Python dictionary. Its typical usage is straightforward:
Fingerprint-SSH-KeysThe manpage of Fingerprint-SSH-Keys contains details and further examples:
man Fingerprint-SSH-KeysConfigure-Grub adjusts a GRUB configuration file by applying a configuration from a template, and merging the existing configurations settings with additional customisations. It can for example be used to set a custom screen resolution (GRUB_GFXMODE option) or startup tune (GRUB_INIT_TUNE option). The Virtual Machine Image Builder and System Installation Scripts use Configure-Grub to configure the screen resolution and a boot splash image.
The manpage of Configure-Grub contains details and further examples:
man Configure-GrubTry-Hard runs a command and retries for a given number of times in case of error, with a delay between the trials.
Example to try a file download up to 3Â times, with a delay of 60Â seconds between trials:
try-hard 3 60 -- wget -O example.tar.gz \
https://www.example.net/example.tar.gzThe manpage of Try-Hard contains details and further examples:
man Try-HardRandom-Sleep waits for a random time, selected from a given interval, with support for fractional seconds.
Example to wait between 0.5Â and 299.5Â seconds:
random-sleep 0.5 299.5 && echo "Finished waiting!"The manpage of Random-Sleep contains details and further examples:
man Random-SleepThe X.509-Tools are a set of utilities for viewing, verifying and testing X.509 certificates:
View-Certificate displays basic details of a certificate, like subject, common name, etc. Examples:
-
Display the Root CA certificate used by Let's Encrypt, which is usually installed under
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt(Debian/Ubuntu),/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem(Fedora), or/usr/share/certs/trusted/ISRG_Root_X1.pem(FreeBSD):view-certificate /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
-
Display the details of the certificate in file
www.nntb.no.crt:view-certificate www.nntb.no.crt
Also see the manpage of View-Certificate for further details and examples:
man view-certificateCheck-Certificate verifies a certificate, by verifying its chain from a given Root CA certificate, and optionally a Certificate Revokation List (CRL) for certificate revokations. The checks are made using OpenSSL. If GnuTLS and/or Network Security Services (NSS) are installed as well, the verification is also made by these implementations in addition. This ensures that – in case of success – the certificate and its chain works with all three major X.509 implementations. Examples:
-
Verify the server certificate in
My-Server-Certificate.crtusing the Root CA certificate inMy-CA-Certificate.crt:check-certificate My-CA-Certificate.crt My-Server-Certificate.crt
-
The same as above, but in addtion also checking the CRL in
CRL.crlfor certificate revokations:check-certificate --crl CRL.crl \ My-CA-Certificate.crt My-Server-Certificate.crt
-
Verify the certificate in
www.nntb.no.crtusing the Let's Encrypt Root CA certificate in/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt:check-certificate \ /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt \ www.nntb.no.crt
Also see the manpage of Check-Certificate for further details and examples:
man check-certificateExtract-PEM extracts an X.509 certificate bundle from a PEM file into separate files for each entry. The output files are named using a given prefix, with extension according to the entry type (i.e. .crt for a certificate, .key for a key, .crl for a CRL). The first entry (usually: the server, client or user certificate) and/or last entry (usually: the Root CA) may be skipped. Examples:
-
Extract the PEM file
My-Server-Certificate.crt, into filesCertificate-<NUMBER>.<EXTENSION>. The number is starting from 1, and provides the position of an entry within the input file:extract-pem My-Server-Certificate.crt --output Certificate-
-
Extract the PEM file
My-Server-Certificate.crt, into filesIntermediate-<NUMBER>.<EXTENSION>, skipping the first and last entry. That is, only the intermediate certificates are extracted:extract-pem My-Server-Certificate.crt \ --skip-first-entry --skip-last-entry --output Intermediate-
Also see the manpage of Extract-PEM for further details and examples:
man extract-pemTest-TLS-Connection establishes a Transport Layer Security (TLS) connection to a remote TCP server on a given port number. The X.509 certificate is then verified by Check-Certificate. Examples:
-
Connect to www.heise.de and verify the certificate with the Root CA certificate in
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt(used by Let's Encrypt):test-tls-connection www.heise.de:443 \ /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
-
Connect to www.nntb.no, store the received certificate in
www.nntb.no.crt, and verify the certificate with the Root CA certificate in/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt(used by Let's Encrypt):test-tls-connection www.nntb.no:443 \ /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt \ --save-certificate www.nntb.no.crt
Also see the manpage of Test-TLS-Connection for further details and examples:
man test-tls-connectionPlease use the issue tracker at https://github.com/dreibh/system-tools/issues to report bugs and issues!
For ready-to-install Ubuntu Linux packages of System-Tools, see Launchpad PPA for Thomas Dreibholz!
sudo apt-add-repository -sy ppa:dreibh/ppa
sudo apt-get update
sudo apt-get install td-system-toolsFor ready-to-install Fedora Linux packages of System-Tools, see COPR PPA for Thomas Dreibholz!
sudo dnf copr enable -y dreibh/ppa
sudo dnf install td-system-toolsFor ready-to-install FreeBSD packages of System-Tools, it is included in the ports collection, see FreeBSD ports tree index of net/td-system-tools/!
sudo pkg install system-toolsAlternatively, to compile it from the ports sources:
cd /usr/ports/net/td-system-tools
make
sudo make installSystem-Tools is released under the GNU General Public Licence (GPL).
Please use the issue tracker at https://github.com/dreibh/system-tools/issues to report bugs and issues!
The Git repository of the System-Tools sources can be found at https://github.com/dreibh/system-tools:
git clone https://github.com/dreibh/system-tools
cd system-tools
sudo ci/get-dependencies --install
cmake .
makeNote: The script ci/get-dependencies automatically installs the build dependencies under Debian/Ubuntu Linux, Fedora Linux, and FreeBSD. For manual handling of the build dependencies, see the packaging configuration in debian/control (Debian/Ubuntu Linux), system-tools.spec (Fedora Linux), and Makefile FreeBSD.
Contributions:
-
Issue tracker: https://github.com/dreibh/system-tools/issues. Please submit bug reports, issues, questions, etc. in the issue tracker!
-
Pull Requests for System-Tools: https://github.com/dreibh/system-tools/pulls. Your contributions to System-Tools are always welcome!
-
CI build tests of System-Tools: https://github.com/dreibh/system-tools/actions.
See https://www.nntb.no/~dreibh/system-tools/#current-stable-release for the release packages!
- Virtual Machine Image Builder and System Installation Scripts
- NetPerfMeter – A TCP/MPTCP/UDP/SCTP/DCCP Network Performance Meter Tool
- HiPerConTracer – High-Performance Connectivity Tracer
- SubNetCalc – An IPv4/IPv6 Subnet Calculator
- NorNet – A Real-World, Large-Scale Multi-Homing Testbed
- NEAT – A New, Evolutive API and Transport-Layer Architecture for the Internet
- Thomas Dreibholz's Reliable Server Pooling (RSerPool) Page – The RSPLIB Project
- 5G-VINNI – 5G Verticals Innovation Infrastructure