Code

system information

free                      # show memory usage
cat /proc/cpuinfo         # show main cpu specs
cat /proc/mounts          # show mounted file systems
mount                     # same
ls -l /                   # list root file system
ls -l /proc               # interesting files
lsb_release               # show distribution
cat /etc/apt/sources.list # show apt package repositories, indicating 
                          # distribution and version

streams

tee

cat .ssh/authorized_keys > /root/authorized_keys      # permission denied
cat .ssh/authorized_keys > sudo /root/authorized_keys # writes to 'sudo'
cat .ssh/authorized_keys | sudo tee /root/authorized_keys

sort

du -sh /var/lib/*
du -s /var/lib/*
du -s /var/lib/* | sort    # alphabetical sort
du -s /var/lib/* | sort -n # numerical sort (first column)

mkfifo

mkfifo /tmp/mypipe
cat netstat -tp > /tmp/mypipe

# in another terminal:
cat /tmp/mypipe

netcat

netstat -tp | nc -l -p 5000

# in another terminal:
nc 127.0.0.1 5000

country list example

cat /root/worldcitiespop.txt.gz | gunzip -c | grep Moscow
zcat /root/worldcitiespop.txt.gz | grep Moscow
zcat /root/worldcitiespop.txt.gz | grep Moscow | wc
zcat /root/worldcitiespop.txt.gz | grep Moscow | sed "s/^us/gb/"

file systems

dd, mount, mkfs

dd if=/dev/zero of=/root/image.dat bs=1M count=100
mkfs.ext4 /root/image.dat
mkdir /root/target
mount /root/image.dat /root/target

fdisk

fdisk -l /dev/sda # list partitions
fdisk /dev/sda    # interactive fdisk shell

lvm

lvs # logical volumes
vgs # volume groups
pvs # physical volumes

files

tar gz

tar xzf package.tar.gz      # extracts package.tar.gz
tar czf package.tar.gz /etc # compresses /etc directory into package.tar.gz
tar tzf package.tar.gz      # lists package contents

gzip

# backup
mysqldump -u root -p wordpress | gzip -c > /var/backup/mysql.sql.gz

# restore
gunzip -c /var/backup/mysql.sql.gz | mysql -u root -p wordpress

echo 'hello' > myfile # create myfile with content 'hello'
ln -s myfile mylink   # create symlink
ln myfile myhardlink  # create hardlink
rm myfile             # removes hardlink myfile and invalidates mylink, file
                      # still available as myhardlink

rsync

TS=$(date +"%Y-%m-%d")
rsync -av /var/lib/ /var/backups/$TS/

finding

find /etc -name "*.cnf"
find /etc -cmin -120
locate *.cnf # might require updatedb

others

type /etc/passwd # determin file type

users and permissions

create

useradd -m john     # create a user
adduser john admins # add user to group admins
userdel john        # delete a user

chmod

chmod 600 ~/.ssh/authorized_keys
chmod u+w,g-w,o-w ~/.ssh/authorized_keys

networking

ip address replace 192.168.0.122 dev eth0  # set an ip address for an interface
ip route add 192.168.80.0/24 via 10.0.2.15 # add route
ip r                                       # display all routes

tcpdump

tcpdump -i any not port 22 # show non-ssh traffic of this machine

iptables

iptables -vL                               # list INPUT, FORWARD and OUTPUT

# add source nat rule (like at home)
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.0.2.15

# add destination nat rule (port forwarding)
iptables -t nat -A PREROUTING -i eth0 --dport 8080 -j DNAT --to 10.0.2.25:8080

systemd

manage service lifecycle

systemctl start|stop|reload|status|enable|disable mysql
systemctl list-timers

mysql

[Unit]
Description=MySQL Server
After=syslog.target
After=network.target

[Service]
Type=simple
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /var/run/mysqld
ExecStartPre=/bin/chown mysql:mysql -R /var/run/mysqld
ExecStart=/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306
TimeoutSec=300
PrivateTmp=true
User=mysql
Group=mysql
WorkingDirectory=/usr

[Install]
WantedBy=multi-user.target

apache

[Unit]
Description=Apache HTTP Server
After=syslog.target network.target

[Service]
EnvironmentFile=/etc/sysconfig/httpd
Type=forking
ExecStart=/usr/sbin/httpd $OPTIONS
ExecReload=/usr/sbin/httpd -k restart
ExecStop=/usr/sbin/httpd -k stop

[Install]
WantedBy=multi-user.target

timers

[Unit]
Description=Run foo weekly and on boot

[Timer]
# Unit = ...
OnBootSec=15min
OnUnitActiveSec=1w

[Install]
WantedBy=timers.target

timers (persistent)

[Unit]
Description=Run foo weekly

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

bash hacking

return value

if test -f /etc/shadow ; then
  echo "shadow system in place"
else
echo "no shadow system"
fi

special vars

ĺs -l /etc/does/not/exist
echo $? # -> 1
ls -l /etc
echo $? # -> 0

cat /var/log/syslog # -> permission denied
sudo !!

loops

for FILE in /var/lib/*; do
  echo -n "cumulative size for $FILE: "
  du -sh $FILE
done

backup script

#!/bin/bash

REPO="root@home.moritzschepp.me:/media/original/backup/borg"
OPTS="--compression lz4 --one-file-system --stats -v --show-rc"
OPTS="$OPTS --stats --exclude-from /etc/borg/backup.exclude"
export BORG_RSH="ssh -i /root/.ssh/id_rsa"

function init {
  borg init $REPO
}

function list {
  borg list -v $REPO
}

function info {
  ARCHIVE=$(/etc/borg/backup.sh list | tail -n 1 | cut -d' ' -f 1)
  borg info $REPO::$ARCHIVE
}

function mount {
  TARGET="/home/schepp/Desktop/backup"
  mkdir $TARGET
  borg mount -f $REPO $TARGET
  rmdir $TARGET
}

function daily {
  # generate list of installed packages:
  pacman -Qqet > /etc/borg/pacman.lst

  # do the backup and clean up
  borg create $OPTS $REPO::poseidon-{now:%Y-%m-%d-%H-%M-%S} /
  borg prune -v --list --keep-daily=7 --keep-weekly=12 $REPO
}

function manual {
  borg delete $REPO::poseidon-manual
  borg create $OPTS $REPO::poseidon-manual /
}

$1

systemd goals

mini-server.rb

#!/usr/bin/env ruby

require 'rack'
require 'thin'

app = Proc.new do |env|
  [200, {'content-type' => 'text/plain'}, ['MWS IT AK 2017!']]
end

Rack::Handler::Thin.run app, Host: '0.0.0.0', Port: '8000'

tinc

generate keypair

openssl genpkey -algorithm RSA -out rsa_key.priv -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in rsa_key.priv -out rsa_key.pub

tinc.conf

Name = dfk
#BindToAddress = * 656
#Mode = switch
#ConnectTo = dfk_paris
GraphDumpFile = /var/log/mws.tinc.graph
ProcessPriority = high
MaxTimeout = 5

host dfk

Address = backup.dfkg.org 656
Subnet = 10.0.17.101
Compression = 10

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SDtzb2vtWXhliyWCCLG
fZZbdmJkwhxMBI3Eure7pbiID5XBd45vioBuZPr3nQHHapnfUxToPr9IhbW2TSzB
1uMqOldFoacGSXwKBg1GmJh+eymZfcnrvglPQBaI6TDflFeyyQAEokLQQTJUbwPO
2lVWgthMvbw4ucJXww9wLDJqoqd4SclfzMGzSUM+rbacIEa7YuDnzKbr75GMqNpI
BUMkPSarmEM4yf9NicvVxosBu+qf04dsyBhKOfhS/IbpYBxtmTbujWg0D7NHpoAU
xHQ8gpXoeqG0DffxWjLttWfywA/mVqFbeq1ABYcJl57isKLihA76vjbnBq767YnH
DwIDAQAB
-----END PUBLIC KEY-----

apache

http request

GET /docs/index.html HTTP/1.1
Host: www.nowhere123.com
Accept: image/gif, image/jpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
(blank line)
... POST, PUT, PATCH etc might have data here ...

http response

HTTP/1.1 200 OK
Date: Sun, 18 Oct 2009 08:56:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "10000000565a5-2c-3e94b66c2e680"
Content-Length: 44
Content-Type: text/html

<html><body><h1>It works!</h1></body></html>

virtual host

<VirtualHost *:80>
  DocumentRoot "/www/example1"
  ServerName www.example.com

  <Directory /www/example1/private>
    Deny from all
  </Directory>

  <Location />
    require all granted
  </Location>
</VirtualHost>