Code
system information
free # show memory usage cat /proc/cpuinfo # show main cpu specs cat /proc/mounts # show mounted file systems mount # same ls -l / # list root file system ls -l /proc # interesting files lsb_release # show distribution cat /etc/apt/sources.list # show apt package repositories, indicating # distribution and version
streams
tee
cat .ssh/authorized_keys > /root/authorized_keys # permission denied cat .ssh/authorized_keys > sudo /root/authorized_keys # writes to 'sudo' cat .ssh/authorized_keys | sudo tee /root/authorized_keys
sort
du -sh /var/lib/* du -s /var/lib/* du -s /var/lib/* | sort # alphabetical sort du -s /var/lib/* | sort -n # numerical sort (first column)
mkfifo
mkfifo /tmp/mypipe cat netstat -tp > /tmp/mypipe # in another terminal: cat /tmp/mypipe
netcat
netstat -tp | nc -l -p 5000 # in another terminal: nc 127.0.0.1 5000
country list example
cat /root/worldcitiespop.txt.gz | gunzip -c | grep Moscow zcat /root/worldcitiespop.txt.gz | grep Moscow zcat /root/worldcitiespop.txt.gz | grep Moscow | wc zcat /root/worldcitiespop.txt.gz | grep Moscow | sed "s/^us/gb/"
file systems
dd, mount, mkfs
dd if=/dev/zero of=/root/image.dat bs=1M count=100 mkfs.ext4 /root/image.dat mkdir /root/target mount /root/image.dat /root/target
fdisk
fdisk -l /dev/sda # list partitions fdisk /dev/sda # interactive fdisk shell
lvm
lvs # logical volumes vgs # volume groups pvs # physical volumes
files
tar gz
tar xzf package.tar.gz # extracts package.tar.gz tar czf package.tar.gz /etc # compresses /etc directory into package.tar.gz tar tzf package.tar.gz # lists package contents
gzip
# backup mysqldump -u root -p wordpress | gzip -c > /var/backup/mysql.sql.gz # restore gunzip -c /var/backup/mysql.sql.gz | mysql -u root -p wordpress
ln
echo 'hello' > myfile # create myfile with content 'hello' ln -s myfile mylink # create symlink ln myfile myhardlink # create hardlink rm myfile # removes hardlink myfile and invalidates mylink, file # still available as myhardlink
rsync
TS=$(date +"%Y-%m-%d") rsync -av /var/lib/ /var/backups/$TS/
finding
find /etc -name "*.cnf" find /etc -cmin -120 locate *.cnf # might require updatedb
others
type /etc/passwd # determin file type
users and permissions
create
useradd -m john # create a user adduser john admins # add user to group admins userdel john # delete a user
chmod
chmod 600 ~/.ssh/authorized_keys chmod u+w,g-w,o-w ~/.ssh/authorized_keys
networking
ip
ip address replace 192.168.0.122 dev eth0 # set an ip address for an interface ip route add 192.168.80.0/24 via 10.0.2.15 # add route ip r # display all routes
tcpdump
tcpdump -i any not port 22 # show non-ssh traffic of this machine
iptables
iptables -vL # list INPUT, FORWARD and OUTPUT # add source nat rule (like at home) iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.0.2.15 # add destination nat rule (port forwarding) iptables -t nat -A PREROUTING -i eth0 --dport 8080 -j DNAT --to 10.0.2.25:8080
systemd
manage service lifecycle
systemctl start|stop|reload|status|enable|disable mysql systemctl list-timers
mysql
[Unit] Description=MySQL Server After=syslog.target After=network.target [Service] Type=simple PermissionsStartOnly=true ExecStartPre=/bin/mkdir -p /var/run/mysqld ExecStartPre=/bin/chown mysql:mysql -R /var/run/mysqld ExecStart=/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306 TimeoutSec=300 PrivateTmp=true User=mysql Group=mysql WorkingDirectory=/usr [Install] WantedBy=multi-user.target
apache
[Unit] Description=Apache HTTP Server After=syslog.target network.target [Service] EnvironmentFile=/etc/sysconfig/httpd Type=forking ExecStart=/usr/sbin/httpd $OPTIONS ExecReload=/usr/sbin/httpd -k restart ExecStop=/usr/sbin/httpd -k stop [Install] WantedBy=multi-user.target
timers
[Unit] Description=Run foo weekly and on boot [Timer] # Unit = ... OnBootSec=15min OnUnitActiveSec=1w [Install] WantedBy=timers.target
timers (persistent)
[Unit] Description=Run foo weekly [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=timers.target
bash hacking
return value
if test -f /etc/shadow ; then echo "shadow system in place" else echo "no shadow system" fi
special vars
ĺs -l /etc/does/not/exist echo $? # -> 1 ls -l /etc echo $? # -> 0 cat /var/log/syslog # -> permission denied sudo !!
loops
for FILE in /var/lib/*; do echo -n "cumulative size for $FILE: " du -sh $FILE done
backup script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | #!/bin/bash REPO="root@home.moritzschepp.me:/media/original/backup/borg" OPTS="--compression lz4 --one-file-system --stats -v --show-rc" OPTS="$OPTS --stats --exclude-from /etc/borg/backup.exclude" export BORG_RSH="ssh -i /root/.ssh/id_rsa" function init { borg init $REPO } function list { borg list -v $REPO } function info { ARCHIVE=$(/etc/borg/backup.sh list | tail -n 1 | cut -d' ' -f 1) borg info $REPO::$ARCHIVE } function mount { TARGET="/home/schepp/Desktop/backup" mkdir $TARGET borg mount -f $REPO $TARGET rmdir $TARGET } function daily { # generate list of installed packages: pacman -Qqet > /etc/borg/pacman.lst # do the backup and clean up borg create $OPTS $REPO::poseidon-{now:%Y-%m-%d-%H-%M-%S} / borg prune -v --list --keep-daily=7 --keep-weekly=12 $REPO } function manual { borg delete $REPO::poseidon-manual borg create $OPTS $REPO::poseidon-manual / } $1 |
systemd goals
mini-server.rb
1 2 3 4 5 6 7 8 9 10 | #!/usr/bin/env ruby require 'rack' require 'thin' app = Proc.new do |env| [200, {'content-type' => 'text/plain'}, ['MWS IT AK 2017!']] end Rack::Handler::Thin.run app, Host: '0.0.0.0', Port: '8000' |
tinc
generate keypair
openssl genpkey -algorithm RSA -out rsa_key.priv -pkeyopt rsa_keygen_bits:2048 openssl rsa -pubout -in rsa_key.priv -out rsa_key.pub
tinc.conf
Name = dfk #BindToAddress = * 656 #Mode = switch #ConnectTo = dfk_paris GraphDumpFile = /var/log/mws.tinc.graph ProcessPriority = high MaxTimeout = 5
host dfk
Address = backup.dfkg.org 656 Subnet = 10.0.17.101 Compression = 10 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SDtzb2vtWXhliyWCCLG fZZbdmJkwhxMBI3Eure7pbiID5XBd45vioBuZPr3nQHHapnfUxToPr9IhbW2TSzB 1uMqOldFoacGSXwKBg1GmJh+eymZfcnrvglPQBaI6TDflFeyyQAEokLQQTJUbwPO 2lVWgthMvbw4ucJXww9wLDJqoqd4SclfzMGzSUM+rbacIEa7YuDnzKbr75GMqNpI BUMkPSarmEM4yf9NicvVxosBu+qf04dsyBhKOfhS/IbpYBxtmTbujWg0D7NHpoAU xHQ8gpXoeqG0DffxWjLttWfywA/mVqFbeq1ABYcJl57isKLihA76vjbnBq767YnH DwIDAQAB -----END PUBLIC KEY-----
apache
http request
GET /docs/index.html HTTP/1.1 Host: www.nowhere123.com Accept: image/gif, image/jpeg, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) (blank line) ... POST, PUT, PATCH etc might have data here ...
http response
HTTP/1.1 200 OK Date: Sun, 18 Oct 2009 08:56:53 GMT Server: Apache/2.2.14 (Win32) Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT ETag: "10000000565a5-2c-3e94b66c2e680" Content-Length: 44 Content-Type: text/html <html><body><h1>It works!</h1></body></html>
virtual host
<VirtualHost *:80> DocumentRoot "/www/example1" ServerName www.example.com <Directory /www/example1/private> Deny from all </Directory> <Location /> require all granted </Location> </VirtualHost>