General Troubleshooting commands

General Troubleshooting Commands

1) General Linux Commands

Disk usage

Check disk space usage:

BASH

df -h

Check size of folders in the current directory (sorted):

BASH

du -sk * | sort -n

Memory usage

Check available memory:

BASH

free -m

DNS resolution

Check how DNS resolves a hostname:

BASH

nslookup veridiumid.com

2) Network Troubleshooting (Server-to-Server Port Connectivity)

Use this when two servers cannot communicate on a port.

Step 1 — Open a listening port on Server A

On the server that should receive traffic:

BASH

nc -l PORT

Step 2 — Test connectivity from Server B

From the second server:

2.1 Test raw TCP connectivity

BASH

nc -zv IP PORT

2.2 Test HTTP/HTTPS connectivity (detect proxy issues)

TCP may work, but HTTP/HTTPS can fail due to proxy configuration:

BASH

wget -T 5 -t 1 --spider http://${to}:${port}
wget -T 5 -t 1 --spider https://${to}:${port}

2.3 Quick “repo connectivity” check (proxy/DNS/routing indicator)

Try installing a package (no need to keep it):

BASH

yum install zip

Common causes / what can go wrong

Network/routing issues (client side)

Network issue → client must fix
Routing issue → client must fix

Host firewall enabled

Stop/disable firewalld:

BASH

systemctl stop firewalld; systemctl disable firewalld

Proxy misconfiguration

Proxies can break local/internal HTTP/HTTPS routing.

Check and comment/remove proxy configuration from:

System-wide: /etc/environment
Yum repo proxy: /etc/yum.conf
User-level: /etc/profile.d/proxy.conf

Search all proxy definitions:

BASH

grep -ri http_proxy /etc/

Also check /home/* for http_proxy.

3) SSL Connectivity Check

Basic SSL connection test

BASH

openssl s_client -connect <hostname>:<port>.

Useful `s_client` options

Option	Description	Example
`-connect`	Tests connectivity to an HTTPS service	`openssl s_client -connect HOSTNAME:PORT`
`-showcerts`	Prints full certificate chain	`openssl s_client -connect HOSTNAME:PORT -showcerts`
`-tls`	Forces TLS version	`openssl s_client -connect HOSTNAME:PORT -tls1_2`
`-cipher`	Forces a specific cipher	`openssl s_client -connect HOSTNAME:PORT -cipher ECDHE-RSA-AES256-GCM-SHA384`

4) iptables Useful Commands

Useful for kernel firewall configuration and ensuring communication between Veridium components.

BASH

iptables-restore < /etc/sysconfig/iptables
service iptables save

iptables -A OUTPUT -d 127.0.0.1/32 -j ACCEPT
iptables -A OUTPUT -d 10.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -d 52.119.0.0/16 -j ACCEPT
iptables -A OUTPUT -d 52.94.0.0/16 -j ACCEPT
iptables -A OUTPUT -d 169.254.0.0/16 -j ACCEPT
iptables -A OUTPUT -j DROP

## to delete a rule:
iptables -D OUTPUT -j DROP

## ORDER IS IMPORTANT!!!!
## Easier approach: edit /etc/sysconfig/iptables and restart service.

systemctl start iptables
systemctl enable iptables

## command used to block ldap connections
## (all other rules were deleted while running this one)
while (true); do iptables -A OUTPUT -j REJECT -d 10.0.20.171; sleep 6; iptables -D OUTPUT -j REJECT -d 10.0.20.171; sleep 6; iptables -A OUTPUT -j REJECT -d 10.0.20.172; sleep 6; iptables -D OUTPUT -j REJECT -d 10.0.20.172;  done