This shows you the differences between two versions of the page.
Previous revisionNext revision | |||
— | fuss:linux [2020/07/08 04:19] – [Scraping a Site Automatically using SystemD] office | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Distribution Timeline ====== | ||
+ | |||
+ | {{fuss: | ||
+ | |||
+ | ====== Initd Skeleton Script ====== | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | |||
+ | case " | ||
+ | start) | ||
+ | |||
+ | ;; | ||
+ | stop) | ||
+ | PID=`ps -ax | grep ' | ||
+ | | ||
+ | ;; | ||
+ | *) | ||
+ | echo " | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | </ | ||
+ | |||
+ | where '' | ||
+ | |||
+ | |||
+ | ====== Basic Firewall ====== | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/sh | ||
+ | |||
+ | LOCAL_IF=" | ||
+ | NET_IF=" | ||
+ | |||
+ | iptables -F | ||
+ | iptables -t nat -F | ||
+ | iptables -X | ||
+ | |||
+ | iptables -P INPUT DROP | ||
+ | |||
+ | # Accept local network | ||
+ | iptables -A INPUT -i $LOCAL_IF -j ACCEPT | ||
+ | # and loopback. | ||
+ | iptables -A INPUT -i lo -j ACCEPT | ||
+ | |||
+ | # accept established, | ||
+ | iptables -A INPUT -m state --state ESTABLISHED, | ||
+ | |||
+ | # masquerade | ||
+ | iptables -t nat -A POSTROUTING -o $NET_IF -j MASQUERADE | ||
+ | |||
+ | # ip-forwarding | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ====== Stop Udev from Renaming Interfaces ====== | ||
+ | |||
+ | On Debian-like Linux systems, including Ubuntu, Udev by default keeps track of the MAC address of network interfaces. If you happen to replace a network card, the operating system increments the interface number instead of reporting just the cards that it finds in the computer at that time. To stop this behavior, the following Udev ruleset can be eliminated: | ||
+ | |||
+ | <code bash> | ||
+ | echo "" | ||
+ | </ | ||
+ | |||
+ | After a reboot, Udev will stop renaming the interfaces (as it should have done from the start). | ||
+ | |||
+ | A different way to stop Linux from changing the interface names is to append: | ||
+ | < | ||
+ | net.ifnames=0 | ||
+ | </ | ||
+ | to the kernel command line (for grub, by editing ''/ | ||
+ | |||
+ | ====== Crontab Diagram ====== | ||
+ | |||
+ | < | ||
+ | |||
+ | * * * * * command to execute | ||
+ | | | | | | | ||
+ | | | | | +-- day of week (0-7) (Sunday=0 or 7) | ||
+ | | | | +----- month (1-12) | ||
+ | | | +-------- day of month (1-31) | ||
+ | | +----------- hour (0-23) | ||
+ | +-------------- minute (0-59) | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Get IP of Interface ====== | ||
+ | |||
+ | The following command will return the IP address of the interface '' | ||
+ | |||
+ | <code bash> | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ====== Routing Packets Out of the Same Interface ====== | ||
+ | |||
+ | A common problem on linux is that packets coming in from an interface do not necessarily get a reply from a server out of the same interface that they came in from. In order to fix this, we have to set-up a few routing tables by editing ''/ | ||
+ | |||
+ | < | ||
+ | 100 | ||
+ | 101 | ||
+ | </ | ||
+ | |||
+ | then, we can route the packets out of the same interface that they came in from using: | ||
+ | |||
+ | <code bash> | ||
+ | ip route add default via $GATEWAY_A dev $INTERFACE_A src $IP_A table table_a | ||
+ | ip rule add from $IP_A table table_b | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | |||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ====== Prelink ====== | ||
+ | |||
+ | To prelink binaries, using the '' | ||
+ | <code bash> | ||
+ | prelink -amR | ||
+ | </ | ||
+ | |||
+ | To restore: | ||
+ | <code bash> | ||
+ | prelink -au | ||
+ | </ | ||
+ | |||
+ | ====== Enable Directory Indexing ====== | ||
+ | |||
+ | <code bash> | ||
+ | tune2fs | ||
+ | </ | ||
+ | |||
+ | Where ''/ | ||
+ | |||
+ | |||
+ | ====== Get Top 10 CPU Consuming Processes ====== | ||
+ | |||
+ | <code bash> | ||
+ | ps -eo pcpu, | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== Recover Linux Password ====== | ||
+ | |||
+ | Made by [[http:// | ||
+ | |||
+ | {{linux_recover_password.gif}} | ||
+ | |||
+ | ====== Recompile Custom Kernel for Debian ====== | ||
+ | |||
+ | After downloading the source, applying the necessary patches, issue: | ||
+ | <code bash> | ||
+ | make menuconfig | ||
+ | </ | ||
+ | |||
+ | and configure the kernel. After that issue: | ||
+ | <code bash> | ||
+ | make-kpkg --initrd kernel_image | ||
+ | </ | ||
+ | |||
+ | to make a '' | ||
+ | |||
+ | Note that building an '' | ||
+ | |||
+ | ====== Tripwire Regenerate Configuration Files ====== | ||
+ | |||
+ | After modifying the database configuration at ''/ | ||
+ | <code bash> | ||
+ | #!/bin/sh -e | ||
+ | twadmin -m P -S site.key twpol.txt | ||
+ | twadmin -m F -S site.key twcfg.txt | ||
+ | tripwire -m i | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Create UDEV Symlink ====== | ||
+ | |||
+ | For example to link any ''/ | ||
+ | < | ||
+ | KERNEL==" | ||
+ | </ | ||
+ | |||
+ | ====== Inherit Group Ownership ====== | ||
+ | |||
+ | Suppose you have a parent directory '' | ||
+ | |||
+ | You want that all new directories and files under that parent directory '' | ||
+ | |||
+ | This can be accomplished by setting the set-guid flag on the parent directory '' | ||
+ | <code bash> | ||
+ | chmod g+s upper | ||
+ | </ | ||
+ | |||
+ | ====== Guess Module Configuration for Compiling Kernels ====== | ||
+ | |||
+ | '' | ||
+ | |||
+ | <code bash> | ||
+ | make localmodconfig | ||
+ | </ | ||
+ | |||
+ | ====== Create Bootable USB ====== | ||
+ | |||
+ | For a disk with the following partition layout: | ||
+ | |||
+ | < | ||
+ | |||
+ | +-----------+ | ||
+ | | / | ||
+ | | | | ||
+ | |-----------| | ||
+ | | /dev/sdc1 | | ||
+ | +-----------+ | ||
+ | | ||
+ | </ | ||
+ | |||
+ | first install '' | ||
+ | |||
+ | <code bash> | ||
+ | mkdosfs -F32 /dev/sdc1 | ||
+ | </ | ||
+ | |||
+ | to format ''/ | ||
+ | |||
+ | Now copy the '' | ||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | </ | ||
+ | |||
+ | Finally, install '' | ||
+ | <code bash> | ||
+ | syslinux /dev/sdc1 | ||
+ | </ | ||
+ | |||
+ | Next step is to make the disk bootable with '' | ||
+ | |||
+ | |||
+ | ====== Get Page Size ====== | ||
+ | |||
+ | <code bash> | ||
+ | getconf PAGE_SIZE | ||
+ | </ | ||
+ | |||
+ | ====== Measuring Performance ====== | ||
+ | |||
+ | This can be accomplished with: | ||
+ | <code bash> | ||
+ | dstat -t -c 5 500 | ||
+ | </ | ||
+ | where '' | ||
+ | |||
+ | The output is: | ||
+ | < | ||
+ | ----system---- ----total-cpu-usage---- | ||
+ | | ||
+ | 11-02 18: | ||
+ | 11-02 18:33:29| 14 | ||
+ | </ | ||
+ | |||
+ | Other options are also available: | ||
+ | |||
+ | ^ Flag ^ Meaning ^ | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | |||
+ | |||
+ | ====== Renumber Partitions ====== | ||
+ | |||
+ | To renumber partitions we first dump the table using '' | ||
+ | |||
+ | <code bash> | ||
+ | sfdisk -d /dev/sda > sda.table | ||
+ | </ | ||
+ | |||
+ | then, we edit '' | ||
+ | |||
+ | < | ||
+ | # partition table of /dev/sda | ||
+ | unit: sectors | ||
+ | |||
+ | /dev/sda1 : start= | ||
+ | /dev/sda2 : start= | ||
+ | /dev/sda3 : start= | ||
+ | </ | ||
+ | |||
+ | In this case, we will delete the line starting with ''/ | ||
+ | |||
+ | < | ||
+ | # partition table of /dev/sda | ||
+ | unit: sectors | ||
+ | |||
+ | /dev/sda1 : start= | ||
+ | /dev/sda2 : start= | ||
+ | </ | ||
+ | |||
+ | Next, we restore the modified table: | ||
+ | |||
+ | <code bash> | ||
+ | sfdisk /dev/sda < sda.table | ||
+ | </ | ||
+ | |||
+ | ====== Show Socket State Counters ====== | ||
+ | |||
+ | <code bash> | ||
+ | netstat -an | awk '/ | ||
+ | </ | ||
+ | |||
+ | ====== Scrolling Virtual Terminal ====== | ||
+ | |||
+ | To scroll the virtual terminal up and down use the keys < | ||
+ | |||
+ | ====== Set Date and Time ====== | ||
+ | |||
+ | '' | ||
+ | |||
+ | <code bash> | ||
+ | date -s "1 MAY 2013 10: | ||
+ | </ | ||
+ | |||
+ | or in two commands using formatting characters; first the date: | ||
+ | <code bash> | ||
+ | date +%Y%m%d -s " | ||
+ | </ | ||
+ | |||
+ | then the time: | ||
+ | <code bash> | ||
+ | date +%T -s " | ||
+ | </ | ||
+ | |||
+ | After that, the hardware clock has to be set (the hardware clock runs independent of the Linux time and of other hardware, powered by a battery). To set the hardware clock to the system clock (since we have already done that above), issue: | ||
+ | |||
+ | <code bash> | ||
+ | hwclock --systohc | ||
+ | </ | ||
+ | |||
+ | Or, as an independent command, to set the hardware clock to local time: | ||
+ | <code bash> | ||
+ | hwclock --set --date=" | ||
+ | </ | ||
+ | |||
+ | of for '' | ||
+ | <code bash> | ||
+ | hwclock --set --date=" | ||
+ | </ | ||
+ | |||
+ | ====== Load Average ====== | ||
+ | |||
+ | The load-average is included in the '' | ||
+ | |||
+ | < | ||
+ | 09:48:35 up 8 days, 7:03, 5 users, | ||
+ | </ | ||
+ | |||
+ | The load average numbers are scaled up to the number of '' | ||
+ | |||
+ | ====== Override DHCP Client Nameservers ====== | ||
+ | |||
+ | '' | ||
+ | < | ||
+ | prepend domain-name-servers 1.1.1.1, 2.2.2.2; | ||
+ | </ | ||
+ | where '' | ||
+ | |||
+ | Next, the '' | ||
+ | < | ||
+ | request subnet-mask, | ||
+ | domain-name, | ||
+ | dhcp6.name-servers, | ||
+ | netbios-name-servers, | ||
+ | rfc3442-classless-static-routes, | ||
+ | </ | ||
+ | |||
+ | After a restart '' | ||
+ | |||
+ | ====== Using the Temporary Memory Filesystem ====== | ||
+ | |||
+ | The temporary memory filesystem ('' | ||
+ | |||
+ | Adding this entry to ''/ | ||
+ | < | ||
+ | tmpfs / | ||
+ | </ | ||
+ | |||
+ | using a slab of '' | ||
+ | |||
+ | ====== Dynamically Limiting a Processes CPU on Network Idling ====== | ||
+ | |||
+ | This function works together with '' | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | ########################################################################### | ||
+ | ## Copyright (C) Wizardry and Steamworks 2014 - License: GNU GPLv3 ## | ||
+ | ## Please see: http:// | ||
+ | ## rights of fair usage, the disclaimer and warranty conditions. | ||
+ | ########################################################################### | ||
+ | # The function suspends or resumes the named process passed as parameter to | ||
+ | # the fuction, provided that iptables has been set-up to create an idle | ||
+ | # timer for the named process passed as the parameter to this function. | ||
+ | # | ||
+ | # For this function to work properly, you should issue: | ||
+ | # iptables -A INPUT -p tcp --dport 8085 -j IDLETIMER \ | ||
+ | # --timeout 60 --label $process_name | ||
+ | # where $process_name is the parameter passed to this function | ||
+ | # | ||
+ | # This script is best called via crontab to periodically check whether a | ||
+ | # proccess' | ||
+ | function idlecpulimit { | ||
+ | # path to the cpulimit daemon | ||
+ | local cpulimit=/ | ||
+ | # percent to throttle to accounting for multiple CPUs | ||
+ | # effective throttle = (CPUs available) x throttle | ||
+ | local throttle=1 | ||
+ | # get the car and cdr of the daemon | ||
+ | local car=`echo $1 | cut -c 1` | ||
+ | local cdr=`echo $1 | cut -c 2-` | ||
+ | # get the daemon if it is running | ||
+ | local daemon=`ps ax | grep " | ||
+ | if [ -z $daemon ]; then | ||
+ | # just bail if it is not running | ||
+ | return; | ||
+ | fi | ||
+ | # get the PID of the cpulimit daemon for the process | ||
+ | local cpulimit_PID=`ps ax | grep ' | ||
+ | case `cat / | ||
+ | 0) | ||
+ | # suspend | ||
+ | if [ -z $cpulimit_PID ]; then | ||
+ | $cpulimit -l $throttle -p $daemon -b >/ | ||
+ | fi | ||
+ | ;; | ||
+ | *) | ||
+ | # resume | ||
+ | if [ ! -z $cpulimit_PID ]; then | ||
+ | kill -s TERM $cpulimit_PID >/ | ||
+ | fi | ||
+ | ;; | ||
+ | esac | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | As an example, suppose you had a daemon named '' | ||
+ | <code bash> | ||
+ | iptables -A INPUT -p tcp --dport 8085 -j IDLETIMER --timeout 60 --label mangosd | ||
+ | </ | ||
+ | which will start a countdown timer in ''/ | ||
+ | |||
+ | After that, you would create a script containing the function above and call it in your script: | ||
+ | <code bash> | ||
+ | function idlecpulimit { | ||
+ | ... | ||
+ | } | ||
+ | |||
+ | idlecpulimit mangosd | ||
+ | </ | ||
+ | |||
+ | The script will then be placed in ''/ | ||
+ | |||
+ | ====== Rescue Mount ====== | ||
+ | |||
+ | Suppose that you have made a configuration error and you need to boot from a '' | ||
+ | <code bash> | ||
+ | mount -o bind /dev / | ||
+ | mount -o bind /sys / | ||
+ | mount -o bind /proc / | ||
+ | </ | ||
+ | |||
+ | Considering that the damaged filesystem is mounted on ''/ | ||
+ | <code bash> | ||
+ | chroot /mnt/chroot | ||
+ | </ | ||
+ | |||
+ | ====== Get Communicating MAC Addresses ====== | ||
+ | |||
+ | <code bash> | ||
+ | tcpdump -i eth0 -s 30 -e | cut -f1 -d',' | ||
+ | </ | ||
+ | |||
+ | where '' | ||
+ | |||
+ | ====== Kernel Stack Traceback ====== | ||
+ | |||
+ | For hung processes, the stack traceback can show where the processes are waiting. The '' | ||
+ | |||
+ | <code bash> | ||
+ | echo 1 > / | ||
+ | </ | ||
+ | |||
+ | Next, trigger the stack traceback by issuing: | ||
+ | <code bash> | ||
+ | echo t > / | ||
+ | </ | ||
+ | |||
+ | The results can be found on the console or in ''/ | ||
+ | |||
+ | ====== Check Processes Listening on IPv6 Addresses ====== | ||
+ | |||
+ | <code bash> | ||
+ | netstat -tunlp |grep p6 | ||
+ | </ | ||
+ | |||
+ | ====== Disable IPv6 ====== | ||
+ | |||
+ | First edit ''/ | ||
+ | < | ||
+ | # The following lines are desirable for IPv6 capable hosts | ||
+ | #::1 | ||
+ | #fe00::0 ip6-localnet | ||
+ | #ff00::0 ip6-mcastprefix | ||
+ | #ff02::1 ip6-allnodes | ||
+ | #ff02::2 ip6-allrouters | ||
+ | </ | ||
+ | |||
+ | After that, if you are using grub, edit ''/ | ||
+ | < | ||
+ | ipv6.disable=1 | ||
+ | </ | ||
+ | |||
+ | to the list following '' | ||
+ | |||
+ | In case you use lilo, edit ''/ | ||
+ | |||
+ | Issue '' | ||
+ | |||
+ | You can also add a sysctl setting: | ||
+ | < | ||
+ | net.ipv6.conf.all.disable_ipv6 = 1 | ||
+ | </ | ||
+ | |||
+ | to ''/ | ||
+ | |||
+ | Additionally, | ||
+ | |||
+ | For exim, edit ''/ | ||
+ | < | ||
+ | dc_local_interfaces=' | ||
+ | </ | ||
+ | |||
+ | and then add: | ||
+ | < | ||
+ | # Disable IPv6 | ||
+ | disable_ipv6 = true | ||
+ | </ | ||
+ | in both ''/ | ||
+ | |||
+ | Otherwise you might receive the error: '' | ||
+ | ====== Clear Semaphores ====== | ||
+ | |||
+ | '' | ||
+ | <code bash> | ||
+ | ipcs -s | ||
+ | </ | ||
+ | |||
+ | to remove a semaphore by id, issue: | ||
+ | <code bash> | ||
+ | ipcrm sem 2123561 | ||
+ | </ | ||
+ | |||
+ | To clear all semaphores for a user, for example, for apache (as user '' | ||
+ | <code bash> | ||
+ | ipcs -s | grep www-data | awk '{ print $2 }' | while read i; do ipcrm sem $i; done | ||
+ | </ | ||
+ | |||
+ | ====== WatchDog Error Messages ====== | ||
+ | |||
+ | Before the watchdog restarts the system, it fires off an email indicating the problem, for example: | ||
+ | < | ||
+ | Message from watchdog: | ||
+ | The system will be rebooted because of error -3! | ||
+ | </ | ||
+ | |||
+ | The error codes can be found in the man page, here is a list of reasons: | ||
+ | |||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ====== Codel over Wondershaper ====== | ||
+ | |||
+ | On recent Linux distributions, | ||
+ | |||
+ | < | ||
+ | net.core.default_qdisc = fq_codel | ||
+ | </ | ||
+ | |||
+ | for general-purpose routers including virtual machine hosts and: | ||
+ | < | ||
+ | net.core.default_qdisc = fq | ||
+ | </ | ||
+ | |||
+ | for fat servers. | ||
+ | |||
+ | ====== Granting Users Permissions to Files ====== | ||
+ | |||
+ | Using POSIX ACLs, it is possible to modify permissions to files (even recursively) such that it is no longer necessary to fiddle with the limited Linux user and group permissions. For example, suppose you wanted to allow a user access to a directory without adding them to a group and then separately modifying all the file permissions to allow that group access. | ||
+ | |||
+ | In that case, you would write: | ||
+ | |||
+ | <code bash> | ||
+ | setfacl -R -m u:bob:rwX Share | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | The command will thus recursively grant permissions on the file or folder named '' | ||
+ | |||
+ | ====== Change the Default Text Editor ====== | ||
+ | |||
+ | The following command will let you pick the default editor: | ||
+ | <code bash> | ||
+ | update-alternatives --config editor | ||
+ | </ | ||
+ | |||
+ | ====== Print all Open Files Sorted By Number of File Handles ====== | ||
+ | |||
+ | <code bash> | ||
+ | find /proc/*/fd -xtype f -printf " | ||
+ | </ | ||
+ | |||
+ | ====== Reboot Hanging Machine ====== | ||
+ | |||
+ | In case the machine is hanging and Magic SysRq is enabled in the kernel (enabled by default), then issuing the following combination will reboot the machine more or less gracefully: | ||
+ | |||
+ | < | ||
+ | |||
+ | which will perform, in order: | ||
+ | - < | ||
+ | - < | ||
+ | - < | ||
+ | - < | ||
+ | - < | ||
+ | - < | ||
+ | |||
+ | ====== Check Solid State Drive for TRIM ====== | ||
+ | |||
+ | To check whether an attached SSD currently has TRIM enabled, first mount the drive and change directory to the drive: | ||
+ | <code bash> | ||
+ | cd /mnt/ssd | ||
+ | </ | ||
+ | |||
+ | Now create a file: | ||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | </ | ||
+ | |||
+ | and check the fib-map: | ||
+ | <code bash> | ||
+ | hdparm --fibmap tempfile | ||
+ | </ | ||
+ | |||
+ | which will output something like: | ||
+ | < | ||
+ | tempfile: | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | |||
+ | Now, note the number under '' | ||
+ | <code bash> | ||
+ | hdparm --read-sector 383099904 /dev/sdc | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * ''/ | ||
+ | |||
+ | The last command should output a long string of characters for those sectors. | ||
+ | |||
+ | Now, issue: | ||
+ | <code bash> | ||
+ | rm tempfile | ||
+ | sync | ||
+ | </ | ||
+ | |||
+ | and repeat the previous '' | ||
+ | <code bash> | ||
+ | hdparm --read-sector 383099904 /dev/sdc | ||
+ | </ | ||
+ | |||
+ | if now the output consists of only zeroes then automatic TRIM is in place otherwise, wait for a while and run the last '' | ||
+ | |||
+ | ====== Automatically Mount Filesystems on Demand ====== | ||
+ | |||
+ | On distributions based on '' | ||
+ | |||
+ | Suppose you have a ''/ | ||
+ | <code bash> | ||
+ | noauto, | ||
+ | </ | ||
+ | |||
+ | where '' | ||
+ | |||
+ | Additionally, | ||
+ | |||
+ | ====== Automatically Reboot after Kernel Panic ====== | ||
+ | |||
+ | In order to have Linux automatically reboot after a kernel panic, add a setting to sysctl - on Debian systems, you will have to edit the file ''/ | ||
+ | < | ||
+ | kernel.panic = 30 | ||
+ | kernel.panic_on_oops = 30 | ||
+ | </ | ||
+ | |||
+ | which will make the machine restart in '' | ||
+ | |||
+ | ====== List Top Memory Consuming Processes ====== | ||
+ | |||
+ | <code bash> | ||
+ | ps -eo pmem, | ||
+ | </ | ||
+ | |||
+ | ====== Get the Most Frequently Used Commands ====== | ||
+ | |||
+ | The following snippet pipes the second field from the '' | ||
+ | <code bash> | ||
+ | history | awk '{ a[$2]++ } END { for(i in a) { print a[i] " " i } }' | sort -urn | head -n 20 | ||
+ | </ | ||
+ | |||
+ | which then gets sorted and the top most '' | ||
+ | |||
+ | ====== Force a Filesystem Check on Reboot ====== | ||
+ | |||
+ | You can add: '' | ||
+ | |||
+ | ====== Enable Multi-Queue Block IO Queuing Mechanism ====== | ||
+ | |||
+ | Edit ''/ | ||
+ | |||
+ | < | ||
+ | scsi_mod.use_blk_mq=1 | ||
+ | </ | ||
+ | |||
+ | to the kernel command line parameters. | ||
+ | |||
+ | ====== Export Linux Passwords ====== | ||
+ | |||
+ | This helper script can be useful in case you wish to export a bunch of " | ||
+ | |||
+ | <file bash exportusers.sh> | ||
+ | ########################################################################### | ||
+ | ## Copyright (C) Wizardry and Steamworks 2016 - License: GNU GPLv3 ## | ||
+ | ########################################################################### | ||
+ | HOMES="/ | ||
+ | FILES="/ | ||
+ | |||
+ | ls -l $HOMES | awk '{ print $3 }' | sort -u | while read u; do | ||
+ | for file in $FILES; do | ||
+ | cat $file | while read p; do | ||
+ | ENTRY=`echo $p | awk -F':' | ||
+ | if [ " | ||
+ | echo $p >> `basename $file` | ||
+ | fi | ||
+ | done | ||
+ | done | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | When the script runs, it will scan all folders under the ''/ | ||
+ | |||
+ | ====== Create Sparse Image of Device ====== | ||
+ | |||
+ | '' | ||
+ | |||
+ | <code bash> | ||
+ | dd if=/dev/sda | cp --sparse=always /dev/stdin image.img | ||
+ | </ | ||
+ | |||
+ | will create an image named '' | ||
+ | |||
+ | To check that the image was created successfully, | ||
+ | <code bash> | ||
+ | md5sum image.img | ||
+ | </ | ||
+ | |||
+ | and | ||
+ | |||
+ | <code bash> | ||
+ | md5sum /dev/sda | ||
+ | </ | ||
+ | |||
+ | and check that the hashes are identical. | ||
+ | |||
+ | ====== Bind to Reserved Ports as Non-Root User ====== | ||
+ | |||
+ | Binding to reserved ports (ports under '' | ||
+ | <code bash> | ||
+ | setcap ' | ||
+ | </ | ||
+ | |||
+ | ====== Mount Apple Images ====== | ||
+ | |||
+ | DMG files are usually compressed; in fact, if you issue in a terminal: | ||
+ | <code bash> | ||
+ | file someimage.dmg | ||
+ | </ | ||
+ | |||
+ | you may get output such as: | ||
+ | < | ||
+ | someimage.dmg: | ||
+ | </ | ||
+ | |||
+ | indicating a bzip2 compressed file, or: | ||
+ | < | ||
+ | someimage.dmg: | ||
+ | </ | ||
+ | |||
+ | You can then uncompress the DMG image under Linux by issing: | ||
+ | <code bash> | ||
+ | bzip -dc someimage.dmg > someimage.dmg.uncompressed | ||
+ | </ | ||
+ | |||
+ | Now, if you inspect the uncompressed image (in this example '' | ||
+ | <code bash> | ||
+ | file someimage.dmg.uncompressed | ||
+ | </ | ||
+ | |||
+ | you will get some interesting info such as: | ||
+ | <code bash> | ||
+ | someimage.dmg.uncompressed: | ||
+ | </ | ||
+ | |||
+ | indicating an uncompressed image. | ||
+ | |||
+ | To convert the DMG into an image that can be mounted, you can use the tool'' | ||
+ | <code bash> | ||
+ | dmg2img someimage.dmg someimage.dmg.uncompressed | ||
+ | </ | ||
+ | |||
+ | You can now mount the image using the HFS+ filesystem: | ||
+ | <code bash> | ||
+ | mount -t hfsplus -o ro someimage.dmg.uncompressed /mnt/media | ||
+ | </ | ||
+ | |||
+ | ====== Purge all E-Mails from Command-Line ====== | ||
+ | |||
+ | To purge all inbox e-mails on Linux from the command line, you can use the '' | ||
+ | < | ||
+ | d * | ||
+ | q | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ====== Remount Root Filesystem as Read-Write ====== | ||
+ | |||
+ | There are cases where a Linux system boots with the root ''/'' | ||
+ | <code bash> | ||
+ | mount -o remount,rw / | ||
+ | </ | ||
+ | which should mount the root filesystem in read-write mode. | ||
+ | |||
+ | However, assuming that you have bad options in ''/ | ||
+ | < | ||
+ | Unrecognized mount option ... or missing value | ||
+ | </ | ||
+ | |||
+ | this is due to '' | ||
+ | <code bash> | ||
+ | mount -t ext4 /dev/vda1 / -o remount,rw | ||
+ | </ | ||
+ | |||
+ | which should give you enough leverage to adjust the entries in your ''/ | ||
+ | |||
+ | ====== Enable Metadata Checksumming on EXT4 ====== | ||
+ | |||
+ | Metadata checksumming provides better data safety protection - you will need e2fsprogs version '' | ||
+ | |||
+ | On new systems, to enable metadata checksumming at format time, you would issue: | ||
+ | <code bash> | ||
+ | mkfs.ext4 -O metadata_csum /dev/sda1 | ||
+ | </ | ||
+ | where: | ||
+ | * ''/ | ||
+ | |||
+ | On existing systems, the filesystem must be unmounted first (using a LiveCD, for instance). With the filesystem unmounted and assuming that ''/ | ||
+ | <code bash> | ||
+ | e2fsck -Df /dev/sda1 | ||
+ | </ | ||
+ | |||
+ | in order to optimise the filesystem; followed by: | ||
+ | <code bash> | ||
+ | resize2fs -b /dev/sda1 | ||
+ | </ | ||
+ | |||
+ | to convert the filesystem to 64bit and finally: | ||
+ | <code bash> | ||
+ | tune2fs -O metadata_csum /dev/sda1 | ||
+ | </ | ||
+ | |||
+ | to enable metadata checksumming. | ||
+ | |||
+ | If you want, you can see the result by issuing: | ||
+ | <code bash> | ||
+ | dumpe2fs -h /dev/sda1 | ||
+ | </ | ||
+ | |||
+ | Now that metadata checksumming is enabled, you may have some performance gain by adding the a module to initrd called '' | ||
+ | |||
+ | ====== Get a List of IMAP Users from Logs ====== | ||
+ | |||
+ | The following command will read in ''/ | ||
+ | <code bash> | ||
+ | cat / | ||
+ | grep imap-login: | ||
+ | sed -e ' | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Disable Console Blanking ====== | ||
+ | |||
+ | To disable the linux console blanking (turning off), the following methods can be mentioned: | ||
+ | * append '' | ||
+ | * issue '' | ||
+ | * issue '' | ||
+ | * issue '' | ||
+ | |||
+ | Note that '' | ||
+ | |||
+ | ====== Manipulating Linux Console ====== | ||
+ | |||
+ | Most console-oriented commands that are meant to work on virtual terminals expect a proper terminal to be set up and to be executed on a virtual terminal. The '' | ||
+ | <code bash> | ||
+ | TERM=linux openvt -c 1 -f -- setterm -blank force | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ====== Resetting USB Device from Command Line ====== | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | The first step is to identify the device you want to reset by issuing: | ||
+ | <code bash> | ||
+ | lsusb | ||
+ | </ | ||
+ | and checking the column with the device ID. For instance, you would want to reset the device: | ||
+ | < | ||
+ | Bus 001 Device 007: ID 05b7:11aa Canon, Inc. | ||
+ | </ | ||
+ | such that the relevant bit to retain is the vendor ID '' | ||
+ | |||
+ | Next, locate the device on the USB HUB by issuing: | ||
+ | <code bash> | ||
+ | find -L / | ||
+ | </ | ||
+ | |||
+ | and then locate the ''/ | ||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Finally deauthorize the device by issuing: | ||
+ | <code bash> | ||
+ | echo 0 >/ | ||
+ | </ | ||
+ | |||
+ | and re-authorize the device by issuing: | ||
+ | <code bash> | ||
+ | echo 1 >/ | ||
+ | </ | ||
+ | |||
+ | The above is sufficient to trigger and udev hotplug event - in case you are debugging udev scripts. | ||
+ | |||
+ | ====== Set CPU Governor for all CPUs ====== | ||
+ | |||
+ | The following command will set the CPU governor to '' | ||
+ | <code bash> | ||
+ | for i in `find / | ||
+ | </ | ||
+ | |||
+ | ====== Enable Persistent Journal Logging ====== | ||
+ | |||
+ | From man (8) '' | ||
+ | <code bash> | ||
+ | mkdir -p / | ||
+ | systemd-tmpfiles --create --prefix / | ||
+ | </ | ||
+ | |||
+ | ====== Home Folder Permissions ====== | ||
+ | |||
+ | * '' | ||
+ | |||
+ | * '' | ||
+ | |||
+ | ====== Correct /etc/hosts Setup ====== | ||
+ | |||
+ | In the event that Linux decides to answer with an IPv6 address when pinging '' | ||
+ | < | ||
+ | PING localhost(localhost (::1)) 56 data bytes | ||
+ | 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.226 ms | ||
+ | 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.291 ms | ||
+ | 64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.355 ms | ||
+ | 64 bytes from localhost (::1): icmp_seq=4 ttl=64 time=0.353 ms | ||
+ | </ | ||
+ | |||
+ | then the issue is an incorrect setup of ''/ | ||
+ | |||
+ | Open ''/ | ||
+ | < | ||
+ | # The following lines are desirable for IPv6 capable hosts | ||
+ | ::1 ip6-localhost ip6-loopback | ||
+ | fe00::0 ip6-localnet | ||
+ | ff00::0 ip6-mcastprefix | ||
+ | ff02::1 ip6-allnodes | ||
+ | ff02::2 ip6-allrouters | ||
+ | ff02::3 ip6-allhosts | ||
+ | </ | ||
+ | |||
+ | and all services should start working properly again. | ||
+ | |||
+ | ====== Disk Dump with Progress ====== | ||
+ | |||
+ | On newer Linux systems, the command: | ||
+ | <code bash> | ||
+ | dd if=/dev/xxx of=/dev/yyy bs=8M status=progress | ||
+ | </ | ||
+ | will display progress status whilst copying. Unfortunately, | ||
+ | |||
+ | Alternatively, | ||
+ | <code bash> | ||
+ | pv -tpreb /dev/xxx | dd of=/dev/yyy bs=8M | ||
+ | </ | ||
+ | |||
+ | will use '' | ||
+ | |||
+ | ====== Disable Spectre and Meltdown Patches ====== | ||
+ | |||
+ | Add to the command line in ''/ | ||
+ | < | ||
+ | nopti noibrs noibpb nospectre_v2 | ||
+ | </ | ||
+ | |||
+ | and execute: | ||
+ | <code bash> | ||
+ | update-grub | ||
+ | </ | ||
+ | |||
+ | After a reboot, the patches should be disabled and the performance will be back! | ||
+ | |||
+ | ====== Allow Binding Privileged Ports ===== | ||
+ | |||
+ | <code bash> | ||
+ | setcap ' | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | ====== Determining the Last Power On Method ====== | ||
+ | |||
+ | '' | ||
+ | <code bash> | ||
+ | dmidecode -t system | grep ' | ||
+ | </ | ||
+ | |||
+ | will print the last wake-up type. | ||
+ | |||
+ | ====== Issues with Stuck Cores ====== | ||
+ | |||
+ | It may happen that logs fill up with messages indicating that some power management policy cannot be enforced on a given CPU core: | ||
+ | < | ||
+ | cpufreqd: cpufreqd_loop | ||
+ | cpufreqd: cpufreqd_set_profile | ||
+ | </ | ||
+ | |||
+ | It may be that the CPU core is simply stuck and may need replugging. The following two commands will take the CPU offline and the next one will start the CPU back up: | ||
+ | <code bash> | ||
+ | echo " | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | In doing so, the power management issue seems to be resolved. | ||
+ | |||
+ | ====== Automatically Add all RNDIS Devices to a Bridge ====== | ||
+ | |||
+ | Edit or create the file at ''/ | ||
+ | < | ||
+ | SUBSYSTEM==" | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | followed by the command: | ||
+ | <code bash> | ||
+ | udevadm control --reload | ||
+ | </ | ||
+ | |||
+ | to reload all udev rules. | ||
+ | |||
+ | The reason this works is due to '' | ||
+ | <code bash> | ||
+ | udevadm info -a / | ||
+ | </ | ||
+ | |||
+ | will show at the top the RNDIS device without any identifiers whereas the parent '' | ||
+ | |||
+ | One usage case for this rule is to connect a bunch of RNDIS devices to an USB hub and have them join the network automatically as they are hotplugged; for instance, Raspberry Pis [[fuss/ | ||
+ | |||
+ | ====== Scraping a Site Automatically using SystemD ====== | ||
+ | |||
+ | FTP sites can be scraped elegantly by using systemd and tmux on Linux. By starting a '' | ||
+ | |||
+ | The following script contains a few parameters underneath the '' | ||
+ | * the download path ('' | ||
+ | * the '' | ||
+ | * a descriptive name for the '' | ||
+ | |||
+ | <code bash> | ||
+ | [Unit] | ||
+ | Description=Scrape FTP Site | ||
+ | Requires=network.target local-fs.target remote-fs.target | ||
+ | After=network.target local-fs.target remote-fs.target | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | |||
+ | [Service] | ||
+ | # Configuration | ||
+ | Environment=DOWNLOAD_DIRECTORY="/ | ||
+ | Environment=DOWNLOAD_URL=" | ||
+ | Environment=TMUX_SESSION_NAME=" | ||
+ | # Internals | ||
+ | Type=oneshot | ||
+ | KillMode=none | ||
+ | User=root | ||
+ | ExecStartPre = -/bin/mkdir -p \"" | ||
+ | ExecStart=/ | ||
+ | ExecStop=/ | ||
+ | RemainAfterExit=yes | ||
+ | |||
+ | </ | ||
+ | |||
+ | The file should be placed under ''/ | ||
+ | |||
+ | Upon every reboot, the service file will create a detached tmux terminal and start scraping files from the URL. | ||
+ | |||
+ | ====== Access Directory Underneath Mountpoint ====== | ||
+ | |||
+ | In order to access a directory underneath a mountpoint without unmounting, create a bind mount of the root filesystem to a directory and then access the content via the bind mount. | ||
+ | |||
+ | Ie, to access the contents of the directory ''/ | ||
+ | <code bash> | ||
+ | mkdir /mnt/root | ||
+ | </ | ||
+ | |||
+ | and create a bind mount: | ||
+ | <code bash> | ||
+ | mount -o bind / /mnt/root | ||
+ | </ | ||
+ | |||
+ | Finally access the original underlying content via the path ''/ | ||
+ | |||