- Users and Groups
- Permissions
- Disk Usage
- Iptables
- Rsync
- Format Output
- Archive and compress
- Create a file with Here Document
- Create files and fill with random data
- Network stuff (with iproute2 tools)
- Inspect processes
- Certificates
- Systemd File
- SSH Access
- Mount a device
- Add or Extend swap-file
- Tmux
- Logical Volume Manager
- Nmap
- ZFS Administration
Add a new system user 'john' with PID < 500 and no homedir.
useradd -r john
Give john a password.
passwd john
Delete john and his homedir.
userdel john -r
Create a new group called 'hockey'.
groupadd hockey
Add user 'john' to the group 'hockey' as a supplementary group.
gpasswd --add john hockey
Delete user 'john'from the group 'hockey'.
gpasswd --delete john hockey
Delete group 'hockey'.
groupdel hockey
Change owner and group recursively
chown -R root:stig <directory>
Set file permissions
chmod ugo[+-=]rwx <file> || chmod 644 <file> (1+x,2=w,4=r)
User and Group get RWX, Others get RX
Set execute(x) only if the file is a directory or has x already (capital X)
chmod ug=rwX,o=rX .
Add additional user and set permissions recursively
setfacl -R -m u:stig:rwx <directory>
Remove facl entry for a user
setfacl -x u:stig <file>
Disk usage for directories, in GB, sorted.
-s=summarize total -BG=size to GB -h=human readable
du -shBG ./*/ | sort -n
Long list rules in chain 'INPUT'
iptables -L INPUT --line-numbers -v
Set chain policy
iptables --policy INPUT ACCEPT
New rule
iptables --append INPUT --in-interface eth0 --out-interface lo --source 10.36.0.0/16 --destination 10.36.0.0/16 --protocol tcp --dports 22 --match comment --comment "004 accept SSH connections" --jump ACCEPT
Delete by number
iptables --delete INPUT 3
Delete all in chain
iptables --flush INPUT
Delete all
iptables --flush
Move large files between computers.
-v=verbose -a=archive, keep file structure and properties -z=compress -P=Show progress and keep partial transfered files
rsync -vazP /data/backup/gitlab [email protected]:/data/dokcer/dockerfiles/gitlab/data/
Select field/column.
cut --delimiter ":" --fields 2
Remove specific characters.
Deletes whitespace, double quotes, and comma.
tr --delete [:blank:]\",
Replace string.
's' is the substitution command. Replaces 'foo' with 'bar', option 'g' for all occurrances.
sed "s|foo|bar|g"
To archive and compress a folder, keeping permissions
-c=create archive -v=verbose -z=compress with gzip -f=file name type -p=preserve-permissions
tar cvzfp myArchive.tar.gz /myFolder-to-archive
To uncompress tar.gz
-x=extract
tar -xvzf myArchive.tar.gz
cat << EOF > /etc/apt/apt.conf
Aquire::http::proxy "http://proxyserver.no:80";
Aquire::https::proxy "http://proxyserver.no:80";
EOFDelete line 6;
sed '6d' file.txt
touch myFile{1..10}.txt
head -c 5M </dev/urandom > myFile10.txtList all listening TCP sockets, resolv IP, show port a numeric, and display PID
ss --listen --tcp --resolv --numeric --process
ss -ltrnp
List the kernels routing table.
ip route or route or netstat -r
Delete a route entry.
ip route del 192.168.2.0/24 via 192.168.1.2
Add new default route.
ip route add default via 192.168.1.1
Add a a route with a netmask.
ip route add 192.168.2.0/24 via 192.168.1.2
List NIC's.
ip addr
Disabel/Enable NIC.
ip link set eth0 down
ip link set eth0 up
Configure NIC with IP, broadcast, and netmask.
ip addr add 192.168.1.2/24 broadcast 192.168.1.255 dev eth0
List all processes with full format.
ps -ef
List all processes for current user.
ps -af
List only process with PID 2020 with full format and 'word-wrap'.
ps -fwwp 2020
New Certificate Signing Request - Config from prompt
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
New Certificate Signing Request - Config from file
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key -config x.example.com.config
Inspect CRT-file
openssl x509 -in certificate.crt -text -noout
Convert .crt/.cer/.der to .pem
openssl x509 -inform der -in certificate.crt -out certificate.pem
Convert .pem to .crt
openssl x509 -outform der -in certificate.pem -out certificate.crt
Save it as /etc/systemd/system/<myservice>.service
[Unit]
Description=<This is my service that does this thing>
[Service]
ExecStart=<Command to execute>
Restart=<What to do when service exits, killed, or timed-out always|no|on-failure>
RestartSec=<int seconds>
[Install]
# When to start the service. multi-user = after network, graphical.target = after GUI
WantedBy=multi-user.target
Requires=< list of prerequisites services>Remember;
systemctl damon-reload
systemctl enable myservice
systemctl start myserviceIf the client don't have keys, generate them.
ssh-keygen -b 4096
On the server, paste the clients public key into this file;
/home/user/.ssh/authorized_keys
Alternatively: Run ssh-copy-id user@hostname from client
If there still are some issues, double check permissions, both on client and server:
Client ~/.ssh:
drwxrwxr-x 2 sto sto 4096 feb. 24 2021 ./
drwxr-xr-x 51 sto sto 4096 mai 3 09:26 ../
-rw------- 1 sto sto 1674 feb. 24 2021 id_rsa
-rw-r--r-- 1 sto sto 400 feb. 24 2021 id_rsa.pub
-rw-r--r-- 1 sto sto 5756 okt. 15 2021 known_hostsServer ~/.ssh:
drwx------ 2 remoteSto remoteSto 48 sep. 1 2018 .
dr-xr-x---. 12 remoteSto remoteSto 4,0K nov. 2 02:13 ..
-rw-r--r-- 1 remoteSto remoteSto 1,2K jan. 20 2021 authorized_keys
-rw-r--r-- 1 remoteSto remoteSto 801 juli 21 2019 known_hostsOn some old RHEL images you might need this.
/etc/security/access.conf
+ : root : <client-IP>
To list block devices and mountpoints;
lsblk
If the device have been formated, you need to make a file system on the disk first.
mkfs --type xfs /dev/sdb
Create a dir to mount into and then mount.
mkdir /data
mount /dev/sdb /dataConsider adding to fstab.
To get UUID of all devices;
blkid
Edit /etc/fstab
UUID=41c22818-fbad-4da6-8196-c816df0b7aa8 /data xfs defaults,errors=remount-ro 0 1
udisksctl unlock -b /dev/sdb1
udisksctl mount -b /dev/dm-3
The disk will be mounted to something like /media/stig/mydisk
New named session
tmux new -s mysession
Detach from session
Ctrl+b d
List sessions
tmux ls
Attach to last session
tmux a
Attach to named session
tmux a -t mysession
System to manage physical volumes, logical volumes, and volume groups.
List
pvs
lvs
vgs
Add new Physical Volume to a LVM system
pvcreate /dev/<device_name>
Create new Volume Group
vgcreate volume_group01 /dev/disk01 /dev/disk02
Extend Volume Group
vgextend volume_group01 /dev/disk03
Create Logical Volume in Volume Group. -L=Size bytes -l=Size %
lvcreate -n myDiskName -l 100%VG (-L50G) volume_group01
Extend or Reduce Logical Volume. -r=Resize filesystem -L=(+||set)
lvextend(reduce) /dev/volume_group01/logical_volume01 -L+50G -r
Discover hosts on subnet (ping)
nmap -sn 192.168.1.0/24
Scan a target
nmap 192.168.1.5
Scan a target port
nmap 192.168.1.5 -p 21
Detailed scan (OS version, service versions)
nmap -A 192.168.1.5
https://docs.oracle.com/cd/E19253-01/819-5461/index.html
zpool for pool administration, zfs for filesystem administration.
NB: Do not create/update pools by device name (sda, sdb). Use device ID(/dev/disk/by-id).
Get disk ids with ls -lh /dev/disk/by-id.
Create pool named "tank" with mirror on sda1 and sdb2, sdc3 as cache and mount point "/data"
zpool create tank mirror sda1 sdb2 cache sdc3 -m /data
Extend pool
zpool add tank sdd4
List pool information
zpool status
zpool list
zpool iostatList, get, and set properties
zfs get all tank
zfs get compression tank
zfs set compression=on tankCreate snapshot
zfs snapshot tank@snapname
List Snapshots
zfs list -t snapshot -o name,used,creation
Rollback to snapshot
zfs rollback tank@snapname
Destroy snapshot
zfs destroy tank@snapname