System Tools Homepage

📑 Quick Navigation

📰 Latest News
💡 What is System-Tools?
📚 System-Info
📚 System-Maintenance
📚 Reset-Machine-ID
📚 Print-UTF8
📚 Text-Block
📚 Fingerprint-SSH-Keys
📚 Configure-Grub
📚 Try-Hard
📚 Random-Sleep
📚 X.509-Tools
📦 Binary Package Installation
💾 Build from Sources
🔗 Useful Links

📰 Latest News

November 28, 2025
New release: td-system-tools-2.2.1.
November 26, 2025
New release: td-system-tools-2.2.0.
News Archive
Go to the News Archive

💡 What is System-Tools?

System-Tools is a collection of helpful tools for basic system management of Linux and FreeBSD systems:

System-Info (display banners and system information),
System-Maintenance (run basic system maintenance tasks),
Reset-Machine-ID (reset the machine identity state, particularly for a cloned VM),
Print-UTF8 (print UTF-8 text with options for centering, adjusting, etc.),
Text-Block (flexible tool for inserting, replacing or removing text blocks in files or streams),
Fingerprint-SSH-Keys (show the machine’s SSH public key fingerprints in different formats),
Configure-Grub (configure options for the GRUB boot loader),
Try-Hard (run a command, with configurable retries on failure),
Random-Sleep (wait for random time span, with support of fractional seconds).
X.509-Tools (tools for viewing, verifying and testing X.509 certificates),

📚 System-Info

System-Info displays basic status information about the system: hostname, uptime, CPU, memory statistics, disk space statistics, SSH public key hashes, and networking information. Furthermore, it can be configured to show one or more banners (for example, a project name). System-Info can be configured to be automatically run when logging in, providing the user an up-to-date overview of the system.

One main purpose of System-Info is to run on login, to particularly show a nice login banner (for example, a project or company logo) and then present the basic system information. For this purpose, System-Info can be configured with banner scripts (by default looked up in /etc/system-info.d or /usr/local/etc/system-info.d), which are processed in alphabetically descending order by file name, like:

95-application-logo,
90-project-logo,
60-department-logo,
50-company-logo,
01-example.

The names of all scripts MUST begin with two decimal numbers. That is, scripts must be named [0-9][0-9]... to be processed by System-Info!

If one of the scripts exits with non-zero exit code, the processing of further banner scripts is stopped. This can be used for preconfiguring a system for example with a department and company logo, where the company logo script terminates further processing. A modified system for a certain project can add a project logo as well. The project logo script may terminate further processing, not showing department and company logos. This may be combined with packaging scripts, for example adding an application logo as part of the application’s install package (like adding a script 95-application-logo).

Some examples, using the banner-helper library provided by System-Info:

`01-example` The default example.	`09-hostname-example` Dynamically showing the hostname of the machine.	`10-company-logo-example` A SimulaMet company branding.
`10-nornet` A NorNet project branding.	`18-neat` A NEAT project branding.	`30-rsplib` A RSPLIB project branding.

📚 System-Maintenance

System-Maintenance runs some system maintenance tasks to keep the system clean and up to date. These tasks are:

Ensuring that all packages are configured,
Updating the package repositories,
Removing obsolete kernels,
Installing all available package updates,
Auto-removing unused packages,
Ensuring that Grub (the bootloader) is installed and up-to-date,
Delete network interface mapping (only on request by option, see below),
Updating package and file search caches,
Updating firmware,
Trimming SSDs and virtual storage.

The typical usage is quite simple, e.g.:

sudo System-Maintenance

The manpage of System-Maintenance contains details and further examples:

man System-Maintenance

📚 Reset-Machine-ID

Reset-Machine-ID resets the machine identity state, particularly for a cloned VM, to make it appear as a new machine. It performs the following tasks:

Reset /etc/machine-id,
Reset /var/lib/dbus/machine-id (symlink to /etc/machine-id),
Change hostname, if a new one is provided.
Provide hardened settings for SSH client and server.
Create new SSH key pair.

The changes are made interactively on request only, unless the option --yes-to-all-i-am-really-sure is set.

Reset machine ID, without changing the hostname:
```
sudo Reset-Machine-ID
```
Reset machine ID, with changing the hostname to new-hostname.domain.example:
```
sudo Reset-Machine-ID --hostname new-hostname.domain.example
```
The manpage of Reset-Machine-ID contains details and further examples:
```
man Reset-Machine-ID
```

📚 Print-UTF8

Print-UTF8 is a simple program to print UTF-8 strings in the console with options for indentation, centering, separator as well as size/length/width information. It can e.g. be utilised for printing System-Info banners, or for displaying error messages like this classic Amiga Guru Meditation example:

print-utf8 -n -s "\e[1;31;40;5m█" "▀" "█\e[0m"
echo -e "Software Failure.   Press left mouse button to continue.\nGuru Meditation #00000004.48454C50" | \
print-utf8 -n -C "\e[1;31;40;5m█\e[25m" "\e[5m█\e[0m"
print-utf8 -n -s "\e[1;31;40;5m█" "▄" "█\e[0m"

The manpage of Print-UTF8 contains details and various further examples:

man print-utf8

📚 Text-Block

Text-Block is a flexible tool for automated editing operations of text blocks in files or streams:

Copying input,
Discarding input,
Enumeration of lines,
Highlighting blocks,
Deleting blocks,
Inserting text before/after marking, as well as
Replacing blocks.

The blocks to be modified can be selected by begin/end tags, or line numbers. The static pages of this website are generated by using Text-Block to insert contents like publications and project lists, add new software releases, etc.

For example, the publications list in index.html is placed between the tags ‘<!– BEGIN-OF-PUBLICATIONS –>’ and ‘<!– END-OF-PUBLICATIONS –>’. Text-Block can be used to manipulate this block:

To extract the publications list to standard output:

text-block -i index.html \
   --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \
   --end-tag '<!-- END-OF-PUBLICATIONS -->' \
   --extract

To delete the publications list and write the page to output.html:

text-block -i index.html -o output.html \
   --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \
   --end-tag '<!-- END-OF-PUBLICATIONS -->' \
   --delete``

To replace the publications list by contents from update.block (e.g. generated by BibTeXConv, and write the page to output.html:

text-block -i index.html -o output.html \
   --begin-tag '<!-- BEGIN-OF-PUBLICATIONS -->' \
   --end-tag '<!-- END-OF-PUBLICATIONS -->' \
   --replace update.block

The manpage of Text-Block contains details and various further examples:
```
man text-block
```

📚 Fingerprint-SSH-Keys

Fingerprint-SSH-Keys prints the SSH key fingerprints of the local machine in different formats: SSH hash, DNS SSHFP RR, or Python dictionary. Its typical usage is straightforward:

Fingerprint-SSH-Keys

The manpage of Fingerprint-SSH-Keys contains details and further examples:

man Fingerprint-SSH-Keys

📚 Configure-Grub

Configure-Grub adjusts a GRUB configuration file by applying a configuration from a template, and merging the existing configurations settings with additional customisations. It can for example be used to set a custom screen resolution (GRUB_GFXMODE option) or startup tune (GRUB_INIT_TUNE option). The Virtual Machine Image Builder and System Installation Scripts use Configure-Grub to configure the screen resolution and a boot splash image.

The manpage of Configure-Grub contains details and further examples:

man Configure-Grub

📚 Try-Hard

Try-Hard runs a command and retries for a given number of times in case of error, with a delay between the trials.

Example to try a file download up to 3 times, with a delay of 60 seconds between trials:

try-hard 3 60 -- wget -O example.tar.gz \
   https://www.example.net/example.tar.gz

The manpage of Try-Hard contains details and further examples:

man Try-Hard

📚 Random-Sleep

Random-Sleep waits for a random time, selected from a given interval, with support for fractional seconds.

Example to wait between 0.5 and 299.5 seconds:

random-sleep 0.5 299.5 && echo "Finished waiting!"

The manpage of Random-Sleep contains details and further examples:

man Random-Sleep

📚 X.509-Tools

The X.509-Tools are a set of utilities for viewing, verifying and testing X.509 certificates:

View-Certificate

View-Certificate displays basic details of a certificate, like subject, common name, etc. Examples:

Display the Root CA certificate used by Let’s Encrypt, which is usually installed under /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt (Debian/Ubuntu), /etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem (Fedora), or /usr/share/certs/trusted/ISRG_Root_X1.pem (FreeBSD):
```
view-certificate /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
```
Display the details of the certificate in file www.nntb.no.crt:
```
view-certificate www.nntb.no.crt
```

Also see the manpage of View-Certificate for further details and examples:

man view-certificate

Check-Certificate

Check-Certificate verifies a certificate, by verifying its chain from a given Root CA certificate, and optionally a Certificate Revokation List (CRL) for certificate revokations. The checks are made using OpenSSL. If GnuTLS and/or Network Security Services (NSS) are installed as well, the verification is also made by these implementations in addition. This ensures that – in case of success – the certificate and its chain works with all three major X.509 implementations. Examples:

Verify the server certificate in My-Server-Certificate.crt using the Root CA certificate in My-CA-Certificate.crt:
```
check-certificate My-CA-Certificate.crt My-Server-Certificate.crt
```
The same as above, but in addtion also checking the CRL in CRL.crl for certificate revokations:
```
check-certificate --crl CRL.crl \
   My-CA-Certificate.crt My-Server-Certificate.crt
```
Verify the certificate in www.nntb.no.crt using the Let’s Encrypt Root CA certificate in /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt:
```
check-certificate \
   /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt \
   www.nntb.no.crt
```

Also see the manpage of Check-Certificate for further details and examples:

man check-certificate

Extract-PEM

Extract-PEM extracts an X.509 certificate bundle from a PEM file into separate files for each entry. The output files are named using a given prefix, with extension according to the entry type (i.e. .crt for a certificate, .key for a key, .crl for a CRL). The first entry (usually: the server, client or user certificate) and/or last entry (usually: the Root CA) may be skipped. Examples:

Extract the PEM file My-Server-Certificate.crt, into files Certificate-<NUMBER>.<EXTENSION>. The number is starting from 1, and provides the position of an entry within the input file:
```
 extract-pem My-Server-Certificate.crt --output Certificate-
```
Extract the PEM file My-Server-Certificate.crt, into files Intermediate-<NUMBER>.<EXTENSION>, skipping the first and last entry. That is, only the intermediate certificates are extracted:
```
 extract-pem My-Server-Certificate.crt \
    --skip-first-entry --skip-last-entry --output Intermediate-
```

Also see the manpage of Extract-PEM for further details and examples:

man extract-pem

Test-TLS-Connection

Test-TLS-Connection establishes a Transport Layer Security (TLS) connection to a remote TCP server on a given port number. The X.509 certificate is then verified by Check-Certificate. Examples:

Connect to www.heise.de and verify the certificate with the Root CA certificate in /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt (used by Let’s Encrypt):
```
test-tls-connection www.heise.de:443 \
   /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
```
Connect to www.nntb.no, store the received certificate in www.nntb.no.crt, and verify the certificate with the Root CA certificate in /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt (used by Let’s Encrypt):
```
test-tls-connection www.nntb.no:443 \
   /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt \
   --save-certificate www.nntb.no.crt
```

Also see the manpage of Test-TLS-Connection for further details and examples:

man test-tls-connection

📦 Binary Package Installation

Please use the issue tracker at https://github.com/dreibh/system-tools/issues to report bugs and issues!

Ubuntu Linux

For ready-to-install Ubuntu Linux packages of System-Tools, see Launchpad PPA for Thomas Dreibholz!

sudo apt-add-repository -sy ppa:dreibh/ppa
sudo apt-get update
sudo apt-get install td-system-tools

Fedora Linux

For ready-to-install Fedora Linux packages of System-Tools, see COPR PPA for Thomas Dreibholz!

sudo dnf copr enable -y dreibh/ppa
sudo dnf install td-system-tools

FreeBSD

For ready-to-install FreeBSD packages of System-Tools, it is included in the ports collection, see FreeBSD ports tree index of net/td-system-tools/!

sudo pkg install system-tools

Alternatively, to compile it from the ports sources:

cd /usr/ports/net/td-system-tools
make
sudo make install

💾 Build from Sources

System-Tools is released under the GNU General Public Licence (GPL).

Please use the issue tracker at https://github.com/dreibh/system-tools/issues to report bugs and issues!

Development Version

The Git repository of the System-Tools sources can be found at https://github.com/dreibh/system-tools:

git clone https://github.com/dreibh/system-tools
cd system-tools
sudo ci/get-dependencies --install
cmake .
make

Note: The script ci/get-dependencies automatically installs the build dependencies under Debian/Ubuntu Linux, Fedora Linux, and FreeBSD. For manual handling of the build dependencies, see the packaging configuration in debian/control (Debian/Ubuntu Linux), system-tools.spec (Fedora Linux), and Makefile FreeBSD.

Contributions:

Issue tracker: https://github.com/dreibh/system-tools/issues. Please submit bug reports, issues, questions, etc. in the issue tracker!
Pull Requests for System-Tools: https://github.com/dreibh/system-tools/pulls. Your contributions to System-Tools are always welcome!
CI build tests of System-Tools: https://github.com/dreibh/system-tools/actions.

Current Stable Release

The tarball has been signed with my GnuPG key 21412672518D8B2D1862EFEF5CD5D12AA0877B49. Its authenticity and integrity can be verified by:

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 21412672518D8B2D1862EFEF5CD5D12AA0877B49
gpg --verify td-system-tools-<VERSION>.tar.xz.asc td-system-tools-<VERSION>.tar.xz

Old Stable Releases

The tarballs have been signed with my GnuPG key 21412672518D8B2D1862EFEF5CD5D12AA0877B49. Its authenticity and integrity can be verified by:

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 21412672518D8B2D1862EFEF5CD5D12AA0877B49
gpg --verify td-system-tools-<VERSION>.tar.xz.asc td-system-tools-<VERSION>.tar.xz

System Tools Tools for Basic System Management

📑 Quick Navigation

📰 Latest News

💡 What is System-Tools?

📚 System-Info

📚 System-Maintenance

📚 Reset-Machine-ID

📚 Print-UTF8

📚 Text-Block

📚 Fingerprint-SSH-Keys

📚 Configure-Grub

📚 Try-Hard

📚 Random-Sleep

📚 X.509-Tools

View-Certificate

Check-Certificate

Extract-PEM

Test-TLS-Connection

📦 Binary Package Installation

Ubuntu Linux

Fedora Linux

FreeBSD

💾 Build from Sources

Development Version

Current Stable Release

Old Stable Releases

🔗 Useful Links

System Tools
Tools for Basic System Management