This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
fuss:linux [2020/07/08 04:19] – [Scraping a Site Automatically using SystemD] office | fuss:linux [2025/05/05 06:52] (current) – [Rescan Hotplugged Drives] office | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | |||
====== Distribution Timeline ====== | ====== Distribution Timeline ====== | ||
Line 826: | Line 827: | ||
</ | </ | ||
+ | The SystemD equivalent is to add: | ||
+ | < | ||
+ | CapabilityBoundingSet=CAP_NET_BIND_SERVICE | ||
+ | AmbientCapabilities=CAP_NET_BIND_SERVICE | ||
+ | </ | ||
+ | |||
+ | to the daemon service file. | ||
====== Mount Apple Images ====== | ====== Mount Apple Images ====== | ||
Line 1075: | Line 1083: | ||
Add to the command line in ''/ | Add to the command line in ''/ | ||
< | < | ||
- | nopti noibrs noibpb nospectre_v2 | + | nopti kpti=0 |
</ | </ | ||
Line 1196: | Line 1204: | ||
Finally access the original underlying content via the path ''/ | Finally access the original underlying content via the path ''/ | ||
+ | |||
+ | ====== Self-Delete Shell Script ====== | ||
+ | |||
+ | < | ||
+ | rm -rf -- " | ||
+ | </ | ||
+ | |||
+ | ====== Resize Last Partition and Filesystem in Image File ====== | ||
+ | |||
+ | Assuming that an image file is available and named, for example, '' | ||
+ | |||
+ | First, extend the image file '' | ||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | In this case, the image file '' | ||
+ | <code bash> | ||
+ | qemu-img resize raspios.img +500M | ||
+ | </ | ||
+ | |||
+ | The next step is to run '' | ||
+ | <code bash> | ||
+ | parted raspios.img | ||
+ | </ | ||
+ | |||
+ | and then resize the partition, for example: | ||
+ | <code bash> | ||
+ | (parted) resizepart 2 100% | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | The '' | ||
+ | |||
+ | The final step is to enlarge the filesystem within the second partition that has just been extended by $500MiB$. '' | ||
+ | <code bash> | ||
+ | kpartx -avs raspios.img | ||
+ | </ | ||
+ | |||
+ | First, the existing filesystem has to be checked: | ||
+ | <code bash> | ||
+ | e2fsck -f / | ||
+ | </ | ||
+ | where: | ||
+ | * ''/ | ||
+ | |||
+ | and then finally the filesystem is extended to its maximum size: | ||
+ | <code bash> | ||
+ | resize2fs / | ||
+ | </ | ||
+ | |||
+ | ====== Delete Files Older than X Days ====== | ||
+ | |||
+ | <code bash> | ||
+ | find /path -mtime +N -delete | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | ====== Elusive Errors from Crontab ====== | ||
+ | |||
+ | Sometimes the error: | ||
+ | <code bash> | ||
+ | /bin/sh: 1: root: not found | ||
+ | </ | ||
+ | might be reported by cron. | ||
+ | |||
+ | The reason might be that an user ran '' | ||
+ | |||
+ | ====== Clear Framebuffer Device ====== | ||
+ | |||
+ | The following command will clear a '' | ||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | </ | ||
+ | |||
+ | ====== Adding Mount Point Dependencies to SystemD Service Files ====== | ||
+ | |||
+ | To get a list of filesystems that are configured (ie: via ''/ | ||
+ | <code bash> | ||
+ | systemctl list-units | grep '/ | ||
+ | </ | ||
+ | |||
+ | The command will return a list of mount units all ending in '' | ||
+ | |||
+ | Edit the SystemD service file in ''/ | ||
+ | < | ||
+ | After=... FS.MOUNT | ||
+ | Requires=... FS.MOUNT | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | ====== Detaching a Crytpsetup Header from an Existing Encrypted Disk ====== | ||
+ | |||
+ | Creating an encrypted container with a detached header adds some plausible deniability since the partition or drive signature will not be observable to someone obtaining the disk drive. | ||
+ | |||
+ | An encrypted volume with a detached header can be created using the '' | ||
+ | |||
+ | Given an encrypted disk drive recognized as ''/ | ||
+ | <code bash> | ||
+ | cryptsetup luksHeaderBackup /dev/sdb --header-backup-file / | ||
+ | </ | ||
+ | |||
+ | Next, the ''/ | ||
+ | <code bash> | ||
+ | cryptsetup luksDump /dev/sdb | ||
+ | </ | ||
+ | |||
+ | which will print out something similar to the following: | ||
+ | < | ||
+ | LUKS header information | ||
+ | Version: | ||
+ | Epoch: | ||
+ | Metadata area: 12475 [bytes] | ||
+ | Keyslots area: 18312184 [bytes] | ||
+ | UUID: | ||
+ | Label: | ||
+ | Subsystem: | ||
+ | Flags: | ||
+ | |||
+ | Data segments: | ||
+ | 0: crypt | ||
+ | offset: 22220875 [bytes] | ||
+ | length: (whole device) | ||
+ | cipher: aes-xts-plain64 | ||
+ | sector: 512 [bytes] | ||
+ | |||
+ | Keyslots: | ||
+ | 0: luks2 | ||
+ | Key: 256 bits | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | The important part here is the offset: | ||
+ | < | ||
+ | ... | ||
+ | Data segments: | ||
+ | 0: crypt | ||
+ | offset: 22220875 [bytes] | ||
+ | length: (whole device) | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | |||
+ | The next step is thus to delete the header: | ||
+ | < | ||
+ | dd if=/ | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | Finally, the disk can be opened using '' | ||
+ | |||
+ | <code bash> | ||
+ | cryptsetup luksOpen --header / | ||
+ | </ | ||
+ | |||
+ | The command should now open the drive with the header detached and placed at ''/ | ||
+ | |||
+ | ====== Block Transfers over the Network ====== | ||
+ | |||
+ | When transferring large files over the network the following considerations must be observed: | ||
+ | * encryption - whether encryption is necessary or not; encryption will slow down a transfer particularly if there is no hardware acceleration available, | ||
+ | * compression - depending on the files being transferred, | ||
+ | |||
+ | For instances, with both encryption and compression, | ||
+ | |||
+ | On the server (receiver), issue: | ||
+ | <code bash> | ||
+ | nc -l -p 6500 | \ # listens on port 6500 | ||
+ | openssl aes-256-cbc -d -salt -pass pass: | ||
+ | pigz -d | \ # decompresses | ||
+ | dd bs=16M of=/ | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | on the client (sender), issue: | ||
+ | <code bash> | ||
+ | pv -b -e -r -t -p /dev/device | # reads from /dev/device (with stats) | ||
+ | pigz -1 | \ # compresses the stream | ||
+ | openssl aes-256-cbc -salt -pass pass: | ||
+ | nc server.lan 6500 -q 1 # connects to server.lan on port 6500 | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | Alternatively, | ||
+ | |||
+ | ====== Determine if System is Big- or Little Endian ====== | ||
+ | |||
+ | <code bash> | ||
+ | echo -n I | hexdump -o | awk '{ print substr($2, | ||
+ | </ | ||
+ | will display: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ====== Network Emulation and Testing using Traffic Control ====== | ||
+ | |||
+ | The traffic shaper ('' | ||
+ | |||
+ | A simple setup would look like the following where a Linux gateway will be NATing a client machine '' | ||
+ | |||
+ | < | ||
+ | IP: a.a.a.a | ||
+ | +---+ eth0 +---------+ eth1 | ||
+ | | A +--------------> | ||
+ | +---+ | ||
+ | </ | ||
+ | |||
+ | Using traffic shaping, the following commands can be used to induce a delay for all packets originating from client '' | ||
+ | |||
+ | <code bash> | ||
+ | tc qdisc del dev eth1 root | ||
+ | tc qdisc add dev eth1 handle 1: root htb | ||
+ | tc class add dev eth1 parent 1: classid 1:15 htb rate 100000mbit | ||
+ | tc qdisc add dev eth1 parent 1:15 handle 20: netem delay 4000ms | ||
+ | tc filter add dev eth1 parent 1:0 prio 1 protocol ip handle 1 fw flowid 1:15 | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | |||
+ | '' | ||
+ | <code bash> | ||
+ | iptables -t mangle -A FORWARD -s a.a.a.a -j MARK --set-mark 1 | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | In other words, when packets arrive from client '' | ||
+ | |||
+ | The following schematic illustrates the traffic control setup achieved using the commands written above: | ||
+ | < | ||
+ | root 1: root HTB (qdisc) | ||
+ | | | ||
+ | 1:15 HTB (class) | ||
+ | | | ||
+ | 20: netem (qdisc) | ||
+ | </ | ||
+ | and it can be displayed by issuing the command: | ||
+ | <code bash> | ||
+ | tc -s qdisc ls dev eth1 | ||
+ | </ | ||
+ | that would result in the following output: | ||
+ | < | ||
+ | qdisc htb 1: root refcnt 2 r2q 10 default 0 direct_packets_stat 23 direct_qlen 1000 | ||
+ | Sent 3506 bytes 23 pkt (dropped 0, overlimits 0 requeues 0) | ||
+ | backlog 0b 0p requeues 0 | ||
+ | qdisc netem 20: parent 1:15 limit 1000 delay 5s | ||
+ | Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) | ||
+ | backlog 0b 0p requeues 0 | ||
+ | </ | ||
+ | |||
+ | Given this setup, the traffic shaper '' | ||
+ | |||
+ | At any point in time, a single '' | ||
+ | <code bash> | ||
+ | tc qdisc change dev eth1 parent 1:15 handle 20: netem delay 10ms | ||
+ | </ | ||
+ | any new packets will be delayed by $10ms$ instead of $4000ms$. In case there are other packets in the queue, previously having been delayed by $4000ms$, then the packets will not be flushed and they will arrive in due time. | ||
+ | |||
+ | As a side-note, there is a certain degree of overlap in features between '' | ||
+ | <code bash> | ||
+ | iptables -t mangle -A FORWARD -m statistic --probability 0.5 -s a.a.a.a -j DROP | ||
+ | </ | ||
+ | will achieve the same effect as using the traffic shaper '' | ||
+ | <code bash> | ||
+ | tc qdisc del dev eth1 root | ||
+ | tc qdisc add dev eth1 handle 1: root htb | ||
+ | tc class add dev eth1 parent 1: classid 1:15 htb rate 10000mbps | ||
+ | tc qdisc add dev eth1 parent 1:15 handle 20: netem loss 0.5% | ||
+ | tc filter add dev eth1 parent 1:0 prio 1 protocol ip handle 1 fw flowid 1:15 | ||
+ | |||
+ | iptables -t mangle -A FORWARD -s a.a.a.a -j MARK --set-mark 1 | ||
+ | </ | ||
+ | |||
+ | The exact same effect can be achieved just using the traffic shaper '' | ||
+ | <code bash> | ||
+ | tc qdisc del dev eth1 root | ||
+ | tc qdisc add dev eth1 handle 1: root htb | ||
+ | tc class add dev eth1 parent 1: classid 1:15 htb rate 10000mbps | ||
+ | tc qdisc add dev eth1 parent 1:15 handle 20: netem loss 0.5% | ||
+ | tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src a.a.a.a/24 flowid 1:15 | ||
+ | </ | ||
+ | |||
+ | All the variants above will randomly drop half the forwarded packets on average originating from the IP address '' | ||
+ | |||
+ | The difference between using '' | ||
+ | |||
+ | ====== Encoding binary Data to QR-code ====== | ||
+ | |||
+ | The following command: | ||
+ | |||
+ | <code bash> | ||
+ | cat Papers.key | qrencode -o - | zbarimg --raw -q -1 -Sbinary - > Papers.key2 | ||
+ | </ | ||
+ | will: | ||
+ | - pipe the contents of the file '' | ||
+ | - create a QR code image from the data, | ||
+ | - read the QR code from the image and write it to '' | ||
+ | |||
+ | effectively performing a round-trip by encoding and decoding the binary data contained in '' | ||
+ | |||
+ | Alternatively, | ||
+ | <code bash> | ||
+ | cat Papers.key | base64 | qrencode -o - > Papers.png | ||
+ | </ | ||
+ | will: | ||
+ | - pipe the contents of the file '' | ||
+ | - base64 encode the data, | ||
+ | - generate a QR code image file '' | ||
+ | |||
+ | Then, in order to decode, the following command: | ||
+ | <code bash> | ||
+ | zbarimg --raw -q -1 Papers.png | base64 -d > Papers.key | ||
+ | </ | ||
+ | will: | ||
+ | - read the QR code, | ||
+ | - decode the data using base64, | ||
+ | - output the result to the file '' | ||
+ | |||
+ | ====== Fixing Patch with Different Line Endings ====== | ||
+ | |||
+ | The general procedure is to make line endings the same for both the patch and the files to be patched. For instance, to normalize the line endings for all the files included in a patch: | ||
+ | <code bash> | ||
+ | grep ' | ||
+ | </ | ||
+ | |||
+ | followed by normalizing the line endings for '' | ||
+ | <code bash> | ||
+ | dos2unix dogview.patch | ||
+ | </ | ||
+ | |||
+ | After which, the patch can be applied: | ||
+ | <code bash> | ||
+ | patch -p1 < dogview.patch | ||
+ | </ | ||
+ | |||
+ | ====== Sending Mail from the Linux Command Line using External Mail Servers ====== | ||
+ | |||
+ | The current options seem to be to use the following programs: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | As a general pitfall, note that the following error shows up frequently for various online example calls of the commands: | ||
+ | < | ||
+ | could not initiate TLS connection: error: | ||
+ | </ | ||
+ | when issuing the commands above. | ||
+ | |||
+ | More than often, in case that a TLS connection has to be made via '' | ||
+ | < | ||
+ | smtps:// | ||
+ | </ | ||
+ | where '' | ||
+ | |||
+ | ===== S-Nail ===== | ||
+ | |||
+ | Using '' | ||
+ | <code bash> | ||
+ | s-nail -:/ \ | ||
+ | -Sv15-compat \ | ||
+ | -S ttycharset=utf8 \ | ||
+ | -S mta=' | ||
+ | -S smtp-use-starttls | ||
+ | -S smtp-auth=login \ | ||
+ | -S from=SENDER \ | ||
+ | -S subject=test | ||
+ | -end-options RECIPIENT | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ===== cURL ===== | ||
+ | |||
+ | <code bash> | ||
+ | curl \ | ||
+ | --ssl-reqd \ | ||
+ | --url ' | ||
+ | --mail-from ' | ||
+ | --mail-rcpt ' | ||
+ | --user USERNAME: | ||
+ | -v | ||
+ | -T mail.txt | ||
+ | </ | ||
+ | |||
+ | and '' | ||
+ | < | ||
+ | From: SENDER | ||
+ | To: RECIPIENT | ||
+ | Subject: SUBJECT | ||
+ | |||
+ | BODY | ||
+ | |||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | Note that it is not necessary to use an additional file such as '' | ||
+ | <code bash> | ||
+ | echo "From: SENDER\nTo: RECIPIENT\nSubject: | ||
+ | --ssl-reqd \ | ||
+ | --url ' | ||
+ | --mail-from ' | ||
+ | --mail-rcpt ' | ||
+ | --user USERNAME: | ||
+ | -v | ||
+ | -T - | ||
+ | </ | ||
+ | |||
+ | ====== Quickly Wipe Partition Tables with Disk Dumper ====== | ||
+ | |||
+ | Partition tables can be zapped quickly using '' | ||
+ | |||
+ | ===== MBR ===== | ||
+ | |||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | </ | ||
+ | where: | ||
+ | * ''/ | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | The byte count is calculated as $446B$ bootstrap + $64B$ partition table + $2B$ signature = $512B$. | ||
+ | |||
+ | ===== GPT ===== | ||
+ | |||
+ | GPT preserves an additional table at the end of the device, such that wiping the partition involves two commands: | ||
+ | * wipe the table at the start of the drive, | ||
+ | * wipe the backup table at the back of the drive | ||
+ | |||
+ | The following commands should accomplish that: | ||
+ | <code bash> | ||
+ | dd if=/ | ||
+ | dd if=/ | ||
+ | </ | ||
+ | where: | ||
+ | * ''/ | ||
+ | |||
+ | ====== Options when Referring to Block Devices by Identifier Fail ====== | ||
+ | |||
+ | On modern Linux systems, referring to partitions is done via the partition UUID instead of referring to the actual block device. One problem that will show up sooner or later is that in order to be able to generate a partition UUID, a block device must have partitions in the first place. Similarly, one can mount partitions via their disk labels, yet that will fail as well when a disk does not even have a partition table. This case is typical for whole drive encryption with LUKS where no label or partition table is even desirable and not only an oversight. | ||
+ | |||
+ | Assuming that the block device ''/ | ||
+ | <code bash> | ||
+ | blkid | ||
+ | </ | ||
+ | will fail to list ''/ | ||
+ | |||
+ | To work around this issue '' | ||
+ | |||
+ | For instance, issuing: | ||
+ | <code bash> | ||
+ | udevadm info -q all -n /dev/sda --attribute-walk | ||
+ | </ | ||
+ | will output all the attributes of ''/ | ||
+ | |||
+ | For instance, based on the output of the command a file is created at ''/ | ||
+ | < | ||
+ | SUBSYSTEM==" | ||
+ | </ | ||
+ | |||
+ | This rule will now match: | ||
+ | * within the '' | ||
+ | * model name '' | ||
+ | * vendor name '' | ||
+ | and once matched will create a symbolic link named '' | ||
+ | |||
+ | Now, it becomes easy to mount the drive using '' | ||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | where ''/ | ||
+ | |||
+ | |||
+ | ====== Setting Interface Metric ====== | ||
+ | |||
+ | One very typical scenario that definitely would need setting interface metric would be the case of a laptop that has both Ethernet and wireless connections with both connections established to the local network. Linux does not automatically sense the fastest network connection such that interface metrics should be established for all network interfaces. | ||
+ | |||
+ | Typically, for Debian (or Ubuntu) Linux distributions, | ||
+ | <code bash> | ||
+ | apt-get install ifmentric | ||
+ | </ | ||
+ | |||
+ | By installing the '' | ||
+ | < | ||
+ | iface eth0 inet manual | ||
+ | metric 1 | ||
+ | mtu 9000 | ||
+ | |||
+ | allow-hotplug wlan0 | ||
+ | iface wlan0 inet dhcp | ||
+ | metric 2 | ||
+ | wpa-conf / | ||
+ | |||
+ | </ | ||
+ | |||
+ | Now, provided that both '' | ||
+ | |||
+ | ====== Reordering Partitions ====== | ||
+ | |||
+ | It might so happen that device numbers end up skwed after adding or removing partitions such that the alphanumeric name (sda1, sdb2, etc) does not correspond to the contiguous partition layout. The partition | ||
+ | |||
+ | ====== Multiplexing Video Device ====== | ||
+ | |||
+ | One problem with Video4Linux is that multiple processes cannot access the same hardware at the same time. This seems to be mightily problematic when it boils down to video devices that have to be read concurrently in order to perform various operations such as either streaming or taking a screenshot where one or the other operations would disrupt the other. | ||
+ | |||
+ | Fortunately, | ||
+ | |||
+ | In order to use '' | ||
+ | <code bash> | ||
+ | apt-get install v4l2loopback-dkms v4l2loopback-utils | ||
+ | </ | ||
+ | thereby ensuring that the kernel module will be automatically recompiled after a kernel upgrade. | ||
+ | |||
+ | First, the module would have to be loaded upon boot, such that the file ''/ | ||
+ | < | ||
+ | v4l2loopback | ||
+ | </ | ||
+ | Creating the ''/ | ||
+ | < | ||
+ | options v4l2loopback video_nr=50, | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | Now, the following will be accomplished: | ||
+ | |||
+ | < | ||
+ | v | ||
+ | | camera, microscope, etc | ||
+ | | | ||
+ | | ||
+ | | Video Input | | ||
+ | | /dev/video0 | | ||
+ | | ||
+ | | | ||
+ | +-----------+-----------+ | ||
+ | | write | write | ||
+ | v v | ||
+ | | ||
+ | | / | ||
+ | | ||
+ | | | | ||
+ | v v | ||
+ | | ||
+ | |||
+ | </ | ||
+ | |||
+ | That is, textually, a V4L device with its corresponding V4L device name at ''/ | ||
+ | |||
+ | In order to accomplish the multiplexing, | ||
+ | <code bash> | ||
+ | cat /dev/video0 | tee / | ||
+ | </ | ||
+ | that will copy '' | ||
+ | |||
+ | However, more elegantly and under SystemD, a service file can be used instead along with '' | ||
+ | < | ||
+ | [Unit] | ||
+ | Description=Microscope Clone | ||
+ | After=multi-user.target | ||
+ | Before=microscope.service microscope_button.service | ||
+ | |||
+ | [Service] | ||
+ | ExecStart=/ | ||
+ | Restart=always | ||
+ | RestartSec=10 | ||
+ | StandardOutput=syslog | ||
+ | StandardError=syslog | ||
+ | SyslogIdentifier=microscope | ||
+ | User=root | ||
+ | Group=root | ||
+ | Environment=PATH=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=microscope.target | ||
+ | |||
+ | </ | ||
+ | |||
+ | The service file is placed inside ''/ | ||
+ | |||
+ | ====== Retrieve External IP Address ====== | ||
+ | |||
+ | <code bash> | ||
+ | dig -a 192.168.1.2 +short myip.opendns.com @resolver1.opendns.com | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | Alternatively, | ||
+ | |||
+ | ====== Substitute for ifenslave ====== | ||
+ | |||
+ | Modernly, Linux does not use the '' | ||
+ | |||
+ | Creating a bonding interface can be accomplished by: | ||
+ | <code bash> | ||
+ | echo " | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | respectively: | ||
+ | <code bash> | ||
+ | echo " | ||
+ | </ | ||
+ | in order to remove a bonding interface. | ||
+ | |||
+ | Next, slaves to the bonding interface can be added using (assuming '' | ||
+ | <code bash> | ||
+ | echo " | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | respectively: | ||
+ | <code bash> | ||
+ | echo " | ||
+ | </ | ||
+ | to remove the interface '' | ||
+ | |||
+ | ====== Ensure Directory is Not Written to If Not Mounted ====== | ||
+ | |||
+ | One trick to ensure that an underlying mount point directory is not written to if it is not yet mounted is to change its permissions to '' | ||
+ | |||
+ | This is sometimes useful in scenarios where services are brought up on boot later than the filesystem is initialized such that a remote mount via CIFS or NFS might fail and the services being brought up will start writing to the local filesystem instead of the remotely mounted share. | ||
+ | |||
+ | ====== PAM: permit execution without password ====== | ||
+ | |||
+ | The following line: | ||
+ | < | ||
+ | auth | ||
+ | </ | ||
+ | can be prepended to any file for commands on daemons within ''/ | ||
+ | |||
+ | ====== Using the SystemD Out of Memory (OOM) Software Killer ====== | ||
+ | |||
+ | The typical Linux mitigation | ||
+ | |||
+ | The following packages can be used to add an additional OOM killer to systems within a Docker swarm, all of these being userspace daemons: | ||
+ | |||
+ | * '' | ||
+ | |||
+ | Furthermore, | ||
+ | < | ||
+ | vm.oom_kill_allocating_task=1 | ||
+ | </ | ||
+ | when added to the system sysctl, will make Linux kill the process allocating the RAM that would overcommit instead of using heuristics and picking some other process to kill. | ||
+ | |||
+ | ====== Using the Hangcheck-Timer Module as a Watchdog ====== | ||
+ | |||
+ | The '' | ||
+ | |||
+ | In order to use the '' | ||
+ | < | ||
+ | # / | ||
+ | # | ||
+ | # This file contains the names of kernel modules that should be loaded | ||
+ | # at boot time, one per line. Lines beginning with "#" | ||
+ | # Parameters can be specified after the module name. | ||
+ | |||
+ | hangcheck-timer | ||
+ | |||
+ | </ | ||
+ | to the list of modules to load at boot. | ||
+ | |||
+ | Then create a file placed at ''/ | ||
+ | < | ||
+ | options hangcheck-timer hangcheck_tick=1 hangcheck_margin=60 hangcheck_dump_tasks=1 hangcheck_reboot=1 | ||
+ | </ | ||
+ | where the module options mean: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | The "timer margin" | ||
+ | |||
+ | ====== Trim Journal Log Size ====== | ||
+ | |||
+ | As rsyslog is being replaced by journald on systems implementing SystemD, some defaults are being set for journald that might not be suitable in case the machine is meant to be used as a thin client. Debian, in particular, seems to set the maximal log size of $4GiB$ which is absurdly large if a thin client is meant to be created. | ||
+ | |||
+ | In order to set the log size, edit ''/ | ||
+ | <code bash> | ||
+ | [Journal] | ||
+ | Compress=yes | ||
+ | # maximal log size | ||
+ | SystemMaxUse=1G | ||
+ | # ensure at least this much space is available | ||
+ | SystemKeepFree=1G | ||
+ | |||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | After making the changes, issue the command '' | ||
+ | |||
+ | ====== List Connected Wireless Clients ====== | ||
+ | |||
+ | When using the hostapd daemon, the clients can be queried by running the command: | ||
+ | <code bash> | ||
+ | hostapd_cli -p / | ||
+ | </ | ||
+ | but for that to work the ''/ | ||
+ | |||
+ | The following changes have to be made: | ||
+ | < | ||
+ | ctrl_interface=/ | ||
+ | ctrl_interface_group=0 | ||
+ | |||
+ | </ | ||
+ | where: | ||
+ | * ''/ | ||
+ | * '' | ||
+ | |||
+ | ====== Transforming Symlinks Recursively into Real Files ====== | ||
+ | |||
+ | The following command: | ||
+ | <code bash> | ||
+ | find /search -type l -name link -exec rsync / | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | This works due to the default behavior of '' | ||
+ | |||
+ | ====== Mapping Disk Manager Block Devices to Block Devices ====== | ||
+ | |||
+ | Sometimes errors are reported by the kernel by referencing drives using disk manager nodes ('' | ||
+ | <code bash> | ||
+ | dmsetup ls -o blkdevname | ||
+ | </ | ||
+ | |||
+ | ====== Running the Filesystem Checker Before Mounting Filesystems ====== | ||
+ | |||
+ | One of the problems on Linux with fielsystems is that if they fail to mount on boot then they are marked as failed and all services that depend on the filesystem will also fail to start. Typically, the resolution is to run the filesystem checker, repair any damage and only then mount the filesystem. Most of the time, any damage can be repaired, however there is very little control or practical decision making left up to the user when the filesystem is repaired with the decisions bouncing between fixing some damage or not. The former applies to the '' | ||
+ | |||
+ | WIth that being said, the following systemd service file will check the filesystem before mounting it simply by running the filesystem checker '' | ||
+ | |||
+ | Even though a mounting systemd service type exists as '' | ||
+ | < | ||
+ | [Unit] | ||
+ | Description=mount docker | ||
+ | DefaultDependencies=no | ||
+ | |||
+ | [Service] | ||
+ | Type=oneshot | ||
+ | ExecStartPre=/ | ||
+ | ExecStart=/ | ||
+ | -o errors=remount-ro, | ||
+ | / | ||
+ | /mnt/docker | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=local-fs.target | ||
+ | |||
+ | </ | ||
+ | |||
+ | In order to be invoked as part of the systemd boot and be invoked when the local filesystems are mounted, the systemd file uses the '' | ||
+ | |||
+ | ====== Rescan Hotplugged Drives ====== | ||
+ | |||
+ | Even though hotplug should be working via udev and HAL, sometimes newly inserted drives or removed drives for that matter do not show up and it is necessary to issue a rescan manually. In order to do so, the following command: | ||
+ | <code bash> | ||
+ | for i in 0 1 2 3 4 5 6 7; do echo "- - -" >/ | ||
+ | </ | ||
+ | will issue a scanning request to all SCSI hosts on the system - this includes ATA drives as well with SCSI meaning the all-encompassing high level standard. | ||
+ | |||
+ | After the command is issued a command like '' | ||
+ | |||
+ | ====== Shred and Remove Files ====== | ||
+ | |||
+ | ^ Command Line Aspect ^ Visual Mnemonic Graft ^ | ||
+ | | '' | ||
+ | |||
+ | There are multiple solutions for wiping files before deleting and perhaps the most systematic one is '' | ||
+ | <code bash> | ||
+ | find . -name ' | ||
+ | </ | ||
+ | will perform one pass of random data across the entire will '' | ||
+ | |||
For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.