passwd ï¼Password
md5sum ï¼Compute and Check MD5 Message Digest
history ï¼History (Event) Recordã
sudo ï¼(super user do)
touch ï¼Update the access and modification times of each FILE to the current time
chmod ï¼change file mode bits
chown ï¼change file owner and group
apt ï¼Advanced Package Tool
dd: Convert and Copy a file
root@linux:~# dd if=/home/user/Downloads/debian.iso of=/dev/sdb1 bs=512M; sync
tar : Tape Archive
cal : Calendar
cat : Concatenation. Concatenate (join) two or more plain file and/or print contents of a file on standard output.
grep : searches the given file for lines containing a match to the given strings or words
ps : (Process)
service : command controls the Starting, Stopping or Restarting of a âserviceâ
df : disk usages of file system
du : disk usages
cmp : compare
wget : a free utility for non-interactive (i.e., can work in background) download of files from the Web
mount
gcc : is the in-built compiler for âcâ language in Linux Environment.
g++ is the in-built compiler for âC++â , the first object oriented programming language.
Java is one of the worldâs highly used programming language and is considered fast, secure, and reliable. Most of the the web based service of today runs on java.
2. Iptable firewalls
2.1 Delete IPtable firewall rules
[root@Linux01p ~]# /sbin/iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 74M 53G RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 18M packets, 1069M bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 5462 734K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 46700 2228K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 719 34592 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 63M 52G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3094 150K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10M 1029M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited [root@Linux01p ~]# /sbin/service iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] [root@Linux01p ~]# /sbin/service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] [root@Linux01p ~]# /sbin/iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@Linux01p ~]# /sbin/service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ] |
Or we can use the following command or script to stop the rules:
#!/bin/sh
echo "Saving current firewall rules at /root/current.firewall file..." iptables-save > /root/current.firewall echo "Stopping firewall and allowing everyone..." iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT |
2.2. Changing Debian IPTABLES Rules To Survive Reboot
Linux1~# cat /etc/init.d/iptables
#!/bin/sh # IPTABLES_CONFIG=/usr/local/scripts/rc.iptables PATH=/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin if [ ! -x /sbin/iptables ]; then exit 0 fi start() { if [ -f $IPTABLES_CONFIG ]; then iptables -F iptables -X echo $"Applying iptables firewall rules: " $IPTABLES_CONFIG echo touch /var/lock/subsys/iptables fi } stop() { iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -X echo rm -f /var/lock/subsys/iptables } case "$1" in start) start ;; stop) stop ;; restart) start ;; *) echo $"Usage: $0 {start|stop|restart}" exit 1 esac exit 0 Linux1~# vi /usr/local/scripts/rc.iptables Linux1~# /etc/init.d/iptables restart Linux1~#iptables -L -v -n | more |
2.2.2. using iptables-restore and iptables-save to edit iptables rules
Add these lines to iptables file:
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rule
The iptables file under /etc/network/if-pre-up.d/ needs to be executable so change the permissions:
3. User and Group
[root@Linux01p ~]# useradd test1
[root@Linux01p ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@Linux01p ~]# usermod -a -G root test [root@Linux01p ~]# id test uid=501(test) gid=501(test) groups=501(test),0(root) context=root:system_r:unconfined_t:s0-s0:c0.c1023 [root@Linux01p ~]# groups root bin daemon sys adm disk wheel [root@Linux01p ~]# users root root [root@Linux01p ~]# groupadd network [root@Linux01p ~]# groups root bin daemon sys adm disk wheel [root@Linux01p ~]# cat /etc/group root:x:0:root,test,test1 test:x:501: test1:x:502: network:x:503: [root@Linux01p ~]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin test1:x:502:502::/home/test1:/bin/bash |
4. Change Interface IP Address
- Temporary:
-
- ifconfig eth1 192.168.2.50 netmask 255.255.255.0 up
- Permanently
-
- RHEL / Red hat / Fedora / CentOS Linux eth1 config file - /etc/sysconfig/network-scripts/ifcfg-eth1
- Debian / Ubuntu Linux - /etc/network/interfaces
# /etc/init.d/network restart
5. Fold and Disk Commands
[root@Linux01p var]# rm -r dbbackup/ -f
[root@Linux01p var]# df -h Filesystem Size Used Avail Use% Mounted on /dev/hda3 7.6G 7.3G 0 100% / /dev/hda1 244M 12M 219M 6% /boot tmpfs 504M 0 504M 0% /dev/shm /dev/hdb1 197G 197G 0 100% /data [root@Linux01p var]# du -s 4779468 . |
6. Cron Job
[admin@ss ~]$ sudo su -
Password: [root@ss ~]# crontab -l @daily scp -r find /var/netscreen/dbbackup/ -mtime -1 -type d -print [email protected]:/data @daily mv /root/CP_MGMT_*.tgz /data/backup/cp/ [root@ss ~]# crontab -e [root@ss ~]# |
There are 5 fields before the actual command:
field allowed values
----- --------------
minute 0-59
hour 0-23
day of month 1-31
month 1-12 (or names)
day of week 0-7 (0 or 7 is Sun, or use names)
Note: Website crontab.guru to write a proper cron job . https://wdt.io/ can provide cron job monitor service. For example, reboot httpd service every four hour:
[root@ip-10-10-0-50 log]# vi /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
0 */4 * * * root sudo service httpd restart && curl -sm 30 k.wdt.io/[email protected]/reboot_httpd_4h?c=0_*/4_*_*_*
7. Create SSH Trust Relationship between two Linux Machines Become root:
sudo su -
Change to user nsm:
su nsm
Go to the /home/nsm directory:
cd /home/nsm
Create the keys: (Path should be /home/nsm/.ssh/id_rsa. Leave the passphrase blank.)
Secure copy the public key to the other server as the admin user: (use admin password)
- or Go to the remote server. The command below will add the key that is in temp1 file to the end of the authorized_keys file.
- Repeat steps 2-6 on deviceB. On deviceB, become root: (from user nsm, exit to root). Move the authorized_keys file that was copied to admin into nsm/.ssh:
- Change ownership of authorized_keys:
- At this point, you will be able to SSH between both servers without it asking for a password.
8. Find Big Files in Linux File System
- find . -type f -size +10000 -exec ls -lh {} \;
- find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
- Find large files (>10M) in current folder
- find . -type f -size +10000k
9. Find Out My Linux Distribution Name and Version
[root@Linux01p ~]# cat /etc/*-release
Red Hat Enterprise Linux Server release 5.5 Beta (Tikanga) [root@Linux01p ~]# cat /proc/version Linux version 2.6.18-186.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Wed Jan 27 18:14:15 EST 2010 Linux1:~# cat /proc/version Linux version 2.6.26-2-amd64 (Debian 2.6.26-27) ([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Wed Sep 21 03:36:44 UTC 2011 [root@Linux01p ~]# lsb_release -a LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch Distributor ID: RedHatEnterpriseServer Description: Red Hat Enterprise Linux Server release 5.5 Beta (Tikanga) Release: 5.5 Codename: Tikanga Linux1:~# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 5.0.9 (lenny) Release: 5.0.9 Codename: lenny uname = (Unix Name), [root@Linux01p ~]# uname -a Linux Linux01p 2.6.18-186.el5 #1 SMP Wed Jan 27 18:14:15 EST 2010 i686 i686 i386 GNU/Linux [root@Linux01p ~]# uname -mrs Linux 2.6.18-186.el5 i686 |
10. Troubleshooting Linux System Issue with Vmstat Command
[Expert@CP:0]# vmstat 2 |awk '{now=strftime("%Y-%m-%d %T "); print now $0}'
2014-10-29 09:26:47 procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------ 2014-10-29 09:26:47 r b swpd free buff cache si so bi bo in cs us sy id wa st 2014-10-29 09:26:47 1 0 448004 10748 1928 126520 10 13 53 581 118 155 8 11 81 1 0 2014-10-29 09:26:49 1 0 448004 10748 1936 126520 0 0 0 84 1123 2197 5 10 84 0 0 2014-10-29 09:26:51 1 0 448004 10780 1936 126520 0 0 0 0 1123 2145 3 6 92 0 0 2014-10-29 09:26:53 1 0 448004 10500 1944 126512 0 0 0 82 1123 2204 6 13 82 0 0 2014-10-29 09:26:55 1 0 448004 10500 1944 126520 0 0 0 0 1125 2139 6 11 84 0 0 2014-10-29 09:26:58 3 0 448004 10484 1944 126520 0 0 0 0 1123 2112 6 10 84 0 0 |
The âprocsâ field has 2 columns:
r â The number of processes waiting for run time.
b â The number of processes in uninterruptible sleep (blocked processes).
The âmemoryâ field has 4 columns: (see with vmstat -a)
swpd â The amount of used swap space(virtual memory) used.
free â The amount of idle memory(free RAM).
inact â The amount of inactive memory.
active â The amount of active memory.
The âswapâ field has 2 columns:
si â Amount of memory swapped in from disk (/s).
so â Amount of memory swapped to disk (/s).
The âioâ field has 2 columns:
bi â Blocks received from a block device (blocks in).
bo â Blocks sent to a block device (blocks out).
The âsystemâ field has 2 columns:
in â The number of interrupts per second, including the clock (System interrupts).
cs â The number of context switches per second (Process context switches).
The âcpuâ field has only 4 columns:
us: Time spent running non-kernel code. (user time, including nice time).
sy: Time spent running kernel code. (system time).
id: Time spent idle.
wa: Time spent waiting for IO.
CPU slow1:
r has numbers in it constantly, threads/tasks waiting to be processed by your gimp cpu
CPU slow2:
in is high, you are handling too many interrupts (likely from disk activity, but could be bad driver)
Processes:
us or sy is high? Some process is being a cpu hog, use top -n 1 to find it, and kill -9 the PID if needed
Disk Subsystem Overloaded:
wa is high? If you are waiting for IO then you need to upgrade your disk subsystem
Not Enough RAM:
si and so are high, swapping disk too much. You really shouldnât swap at all for high performance. If these are high, in will be high too. Upgrade your RAM.
Low Memory2:
cs is high? The kernel is paging memory in and out of context. Likely you need more RAM, but it could be other issues too such as damaged hardware or pitiful software.
Out of Memory:
I ignore free, inact, active because itâs not as useful and understanding the actual reasons. Ie: if you are out of memory, youâll know that, but unless you look at cs, so, si, etc you wonât know why. So itâs redundant.
11. Check Your Public IP Address from CLI
- curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
- curl icanhazip.com
- telnet www.checkmyip.com 80 | grep confidence | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'
- wget -O - -q icanhazip.com
- wget http://ipinfo.io/ip -qO -
12. PS command
[Expert@CP]# ps aux --sort=-pcpu | head -5
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND admin 3935 14.9 1.0 33032 10344 ? Ss 09:27 5:13 /bin/confd admin 3941 5.0 58.1 559724 556864 ? Ss 09:27 1:46 /bin/monitord admin 4215 1.4 3.6 251040 35412 ? Ssl 09:28 0:28 cpd admin 3937 0.7 0.2 26076 2808 ? Ssl 09:27 0:15 /bin/searchd |
13. VI Command
Cut and paste:
- Position the cursor where you want to begin cutting.
- Press v to select characters (or uppercase V to select whole lines).
- Move the cursor to the end of what you want to cut.
- Press d to cut (or y to copy).
- Move to where you would like to paste.
- Press P to paste before the cursor, or p to paste after.
14. Check Hardware Info
For CPU:$ cat /proc/cpuinfo
$ lscpu
For Memory :$ free -m (give you result by MB)
$ cat /proc/meminfo
For HDD:$ df -h (give you human readable result)
$ sudo fdisk -l
$ hdparm -i /dev/device (for example sda1, hda3...)
15. Install a software on Linux
For Red Hat/Fedora:
$ yum install firefox
If you are using Red Hat Enterprise Linux, it happens that the package you are looking for is in EPEL, so you can install that:
sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
and then you can:
yum install ncdu.
For Ubuntu ( run this as root ) :
# apt-get install firefox
For Debian/Ubuntu
# aptitude install firefox
Create a file:
echo âThis is a sekretâ >/tmp/msg.txt
Export public key:
openssl rsa -in ~/private.pem -out /tmp/public.pub -outform PEM -pubout
Encrypt file with public key (anyone can have this key):
openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc
Decrypt the file with private key (only you should have the private key):
openssl rsautl -decrypt -inkey ~/private.pem -in /tmp/file.enc -out /tmp/decrypted.txt
Check decoded message:
cat /tmp/decrypted.txt
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
sudo service httpd star
sudo chkconfig httpd on
chkconfig --list httpd
curl http://localhost
groups
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
sudo yum list installed httpd24 php70 mysql56-server php70-mysqlnd
sudo service mysqld start
sudo chkconfig mysqld on
sudo service httpd restart
ubuntu@ip-10-1-1-50:/var/log/apache2$ timedatectl list-timezones | grep Toronto America/Toronto ubuntu@ip-10-1-1-50:/var/log/apache2$ sudo timedatectl set-timezone America/Toronto sudo: unable to resolve host ip-10-1-1-50 ubuntu@ip-10-1-1-50:/var/log/apache2$ date Fri Sep 29 22:09:11 EDT 2017
[ec2-user@ip-10-10-0-50 ~]$ sudo su [root@ip-10-10-0-50 ec2-user]# mv /etc/localtime /root/localtime.old [root@ip-10-10-0-50 ec2-user]# ln -s /usr/share/zoneinfo/America/Toronto /etc/localtime [root@ip-10-10-0-50 ec2-user]# date Fri Sep 29 22:11:00 EDT 2017 [root@ip-10-10-0-50 ec2-user]#
LinuxSvr:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 10.9.2.10 netmask 255.255.255.0 network 10.9.2.0 broadcast 10.9.2.255 gateway 10.94.22.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 10.9.1.5 dns-search accounts.intern gdc.intern intern # #up route add -net 19.18.0.0/16 gw 10.9.2.3 #up route add -net 172.1.0.0/16 gw 10.9.2.3 #up route add -net 10.0.0.0/24 gw 10.9.2.3 mta:~#
Reference:
- CentOS Basic Cofniguration
- Tutorial: Hosting a WordPress Blog with Amazon Linux
- Tutorial: Installing a LAMP Web Server on Amazon Linux