629 lines
32 KiB
Markdown
629 lines
32 KiB
Markdown
|
## Common & Most Used (Recursive)
|
|||
|
```Terminal
|
|||
|
- cd ---> Move directory or go home directory if alone
|
|||
|
- /.. ---> Come back from one direcotry
|
|||
|
|
|||
|
- ls -la ---> List element (Info)
|
|||
|
- ls -lh ---> List element (Give more information - hidden)
|
|||
|
- ls -a ---> List all (All - Including hidden)
|
|||
|
- ls -n ---> List folders (UID in number)
|
|||
|
- ls -R or ls -aR ---> List recursive folder (-a will show hidden too)
|
|||
|
|
|||
|
- cat ---> Print document
|
|||
|
- less ---> Scoll trough documents (Like cat)
|
|||
|
|
|||
|
- | ---> procede to the second command before output
|
|||
|
- ; ---> Add a second command in the output
|
|||
|
|
|||
|
- pwd ---> Print the current working directory.
|
|||
|
- mkdir [directory_name] ---> Create a new directory.
|
|||
|
- rmdir [directory_name] ---> Remove a directory (must be empty).
|
|||
|
- touch [file_name] ---> Create a new empty file.
|
|||
|
- cp [source] [destination] ---> Copy files or directories.
|
|||
|
- mv [source] [destination] ---> Move or rename files or directories.
|
|||
|
- rm [file] ---> Remove file. Be cautious,this is irreversible.
|
|||
|
|
|||
|
- grep [pattern] [file] ---> Search for a specific pattern in a file.
|
|||
|
- chmod [permissions] [file] ---> Change file permissions.
|
|||
|
- chown [user]:[group] [file] ---> Change file ownership.
|
|||
|
|
|||
|
- man [command] ---> Display the manual page for a command.
|
|||
|
- info [command] ---> Display more brief information
|
|||
|
- [command] --help ---> Display general help information
|
|||
|
- find [directory] -name [filename] ---> Search for files or directories by name.
|
|||
|
- wget [URL] ---> Download files from the web.
|
|||
|
- curl [URL] ---> Transfer data from or to a server.
|
|||
|
- grep ---> Search for patterns within files.
|
|||
|
- awk ---> A powerful text processing tool.
|
|||
|
- strings [options] filename ---> Search for any strings of text in a file (GREAT)
|
|||
|
|
|||
|
- top ---> Display Linux processes.
|
|||
|
- ps ---> Display information about running processes.
|
|||
|
- kill [PID] ---> Terminate a process by its process ID.
|
|||
|
|
|||
|
- ssh [user]@[hostname] ---> Connect to a remote machine using SSH.
|
|||
|
- rsync ---> Efficiently sync files/directories two locations.
|
|||
|
- scp [file] [user]@[hostname]:[destination_path] ---> Securely copy files between machines.
|
|||
|
|
|||
|
- history ---> Display the command history.
|
|||
|
- sudo ---> Execute a command as the superuser or another user.
|
|||
|
|
|||
|
- du -sh [directory] ---> Display the total size of a directory.
|
|||
|
- df -h ---> Display disk space usage.
|
|||
|
- ln -s [target] [link_name] ---> Create symbolic links.
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Searching
|
|||
|
```Terminal
|
|||
|
# General
|
|||
|
- pwd ---> Print current directory
|
|||
|
- whatis X (ex: sudo) ---> Explain what X do (ex: explain what sudo is)
|
|||
|
- whereis X ---> Searching where is X in file system (ex: /etc/.../X)
|
|||
|
- type COMMAND ---> Decompose the ALIAS from command
|
|||
|
- cat file.txt ---> output the text
|
|||
|
- head -n 5 file.txt ---> output the first 5 lines of the document
|
|||
|
- tail -n 5 file.txt ---> output the last 5 lines of the document
|
|||
|
- tail -n +2 file.txt ---> Output everything after the second line
|
|||
|
- cut -c 5-9 file.txt ---> Output character 5-9 of each lines from file.txt
|
|||
|
- cut -d, -f 2 file.txt ---> -d=delimiter (,=the delimiter), -f 2=Second field
|
|||
|
|
|||
|
- > ---> Create output
|
|||
|
- 2> ---> Output error to somewhere you want
|
|||
|
- 2>&1 ---> Output everything (errors & else) somewhere
|
|||
|
- >> ---> Append text to a file
|
|||
|
- & ---> Run command in background
|
|||
|
- && ---> Combine commands
|
|||
|
|
|||
|
- which ---> Find the file location (BEST)
|
|||
|
|
|||
|
- strings [options] filename ---> Search for any strings of text in a file (GREAT)
|
|||
|
|
|||
|
- find DIRECTORY -name FILENAME ---> Search for a file
|
|||
|
- find DIRECTORY -name "*.txt" ---> Find all .TXT file in directory location
|
|||
|
- find DIRECTORY - group XYZ ---> Search for file owner by XYZ group
|
|||
|
- find ~/ -perm +rwx ---> search for file having permition rwx
|
|||
|
|
|||
|
- locate ---> Locate create DB index all files on system to search
|
|||
|
- suo updatedb ---> Update database for new files that need to be index
|
|||
|
- locate XYZ ---> Search instantly for XYZ trought all the drive index
|
|||
|
|
|||
|
|
|||
|
# AWK (Like grep but more advance)
|
|||
|
- awk '{print $1, $4}' TEST.txt ---> Retrieve parameter Num 1 & 4 of each lines
|
|||
|
- awk '$4 > 30000' TEST.txt ---> Retrieve parameter greater then 30K each lines
|
|||
|
- awk 'BEGIN {OFS=":"} {print $1, $4}' TEST.txt ---> Retrieve & print Num 1 & 4 separated by ":"
|
|||
|
|
|||
|
|
|||
|
# Grep (GREP IS CASE SENSITIVE)
|
|||
|
- grep "Text" ---> Check Text (-i=Allcases, -r=All folder file)
|
|||
|
- grep -i "ReD" ---> Case insensive (Any lower/upper will match)
|
|||
|
- grep -r "XYZ" /Path/file ---> Check All "XYZ" in a folder and sub-folder
|
|||
|
- grep -v "XYZ" /Path/file ---> Check everything that does not match "XYZ"
|
|||
|
- grep "ap[pe]" ---> Match "app" or "ape" (give options or matching)
|
|||
|
- grep -e "X|Y|Z" ---> Searching for any match for X or Y or Z
|
|||
|
Examples
|
|||
|
- grep -e "^1[0-2]|[5-6]\/" ---> Will search for starting by 1 followed by a number between 0-2 or 5-6 and followed by a / (\/ is to evade the character /)
|
|||
|
-
|
|||
|
|
|||
|
- cat x.txt | grep -e "X|Y" ---> Grep regular expression search for X & Y
|
|||
|
- cat x.txt | grep -e "^1[0-2]" ---> Search lines that start with 1 followed by 0-2
|
|||
|
- cat x.txt | grep -e "Day$" ---> End with Day ($ = end / ^ = start of line)
|
|||
|
- cat x.txt | grep -e "D.y" ---> Find Any caraters between two letters (.)
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Install packages
|
|||
|
```
|
|||
|
# APT
|
|||
|
- apt-get install PACK1 PACK2 ... ---> Install packages on machine
|
|||
|
- apt search echo (ex) ---> Search for echo in apt reprository
|
|||
|
- apt list m* (ex) ---> List all packages starting with m
|
|||
|
- apt-get remove APP ---> Remove app
|
|||
|
- apt-get autoremove ---> Remove library not used by packages
|
|||
|
|
|||
|
# Snap
|
|||
|
- snap install PACK1 ---> Install package
|
|||
|
- snap list ---> Show packages installed
|
|||
|
- snap remove APP ---> Remove app
|
|||
|
|
|||
|
- Wich APP ---> Show command location and associated package manager
|
|||
|
|
|||
|
# Install App from Repositories
|
|||
|
- wget REPOSITORY-KEY.asc ---> Get the repo key
|
|||
|
- sudo apt-key add REPOSITORY-KEY.asc ---> Add the key to the trusted key
|
|||
|
- sudo nano /etc/apt/sources.list ---> Add the repo in the repo list for apt-get
|
|||
|
- deb http://download.webmin.com/download/repository sarge contrib
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Network & Address Resolution Protocol
|
|||
|
```
|
|||
|
# Address Resolution Protocol
|
|||
|
- arp -a ---> Displays addresses of all computers communicated with
|
|||
|
|
|||
|
|
|||
|
# Network
|
|||
|
- wget -O - -q https://checkip.amazonaws.com ---> Find your Public IP address in terminal
|
|||
|
|
|||
|
- nslookup DOMAIN ---> Check DNS record (MX, CNAME, ...)
|
|||
|
- ip -br addr ---> BEST WAY TO CHECK NETWORK ADDRESS & STATUS
|
|||
|
- ip a ---> Easiest and fastest way to get IP info
|
|||
|
- netstat -tuna ---> Show ports and status (Open/Close)
|
|||
|
- netstat -natp ---> Show ports (a= active, t=TCP, p=program)
|
|||
|
- ss -tuna ---> Show ports and status (Open/Close) - SAME
|
|||
|
- ss -natp ---> Show ports (a= active, t=TCP, p=program)
|
|||
|
- traceroute www.something.com ---> See routing
|
|||
|
- mtr www.something.com ---> Like traceroute but live & interactive
|
|||
|
- tracepath www.something.com ---> Like tracerout but spend 30s each hop (gather data)
|
|||
|
- systemctl restart systemd-networkd ---> Restart network
|
|||
|
- systemctl restart systemd-resolved ---> Restart resolved srv (NEEDED AFTER NETWORK)
|
|||
|
|
|||
|
- nmcli device status ---> Show available network device and status
|
|||
|
- nmcli device show DEVICENAME ---> More info on device (DEVICE NAME=CONNECTION)
|
|||
|
- sudo nmcli connection edit DEVICENAME ---> Command prompt that enable you to change value
|
|||
|
- set ipv4.whatneedtochange NEW-VALUE ---> Give new value to the device
|
|||
|
- save temporary ---> Make it effective until reboot
|
|||
|
- save persistent ---> Make it effective now til changed
|
|||
|
- quit ---> Quit
|
|||
|
|
|||
|
- cat /etc/hosts ---> Show DNS from the machine (IP linked to Nameserver)
|
|||
|
- cat /etc/resolv.conf ---> Show where we will querry the DNS IP
|
|||
|
- cat /etc/nsswitch.conf ---> Specifies service lookup order (files, DNS, ...)
|
|||
|
|
|||
|
# Troubleshooting issues (OSI layers)
|
|||
|
- ping www.google.com ---> Tests connectivity to a domain name to check DNS resolution
|
|||
|
- ping PUBLIC-IP ---> Tests connectivity public IP address to check internet connection
|
|||
|
- ping computer1 ---> Tests connectivity local hostname (computer1) to check internal DNS
|
|||
|
- ping 192.168.2.1 ---> Tests connectivity local IP address (192.168.2.1) internal network
|
|||
|
- nslookup computer1 ---> Performs a DNS lookup hostname computer1 DNS information internal
|
|||
|
- host computer1 ---> DNS resolution, looking the hostname computer1 from localhost file.
|
|||
|
- ping 127.0.0.1 ---> Pings the loopback address check networking stack is operational (should always work if networking is functioning).
|
|||
|
- arp -a ---> Displays the ARP cache, showing the mapping of IP addresses to MAC addresses on the local network.
|
|||
|
```
|
|||
|
|
|||
|
### Files / File system / Partitions & Volumes
|
|||
|
```
|
|||
|
# View file
|
|||
|
FILE PERMISSION
|
|||
|
1 = Execute (x)
|
|||
|
2 = Wite (w)
|
|||
|
4 = Read (r)
|
|||
|
|
|||
|
|
|||
|
# Removing file
|
|||
|
- rm file.txt ---> Removing a file
|
|||
|
- rmdir folder ---> Removing an empty directory
|
|||
|
- rm -r ANYTHING ---> Removing anything without error
|
|||
|
|
|||
|
|
|||
|
# Destroy/Delete Files
|
|||
|
shred FILE ---> Destoy redability of a file
|
|||
|
|
|||
|
|
|||
|
# Copying files
|
|||
|
- cp filename /LOCATION/NEWFILENAME ---> Copying files
|
|||
|
- cp filename NEWFILENAME ---> Renaming a file
|
|||
|
|
|||
|
- sudo dd if=/INPUTFILE/sda(ex) of=~/OUTPUTFILE --> if=inputfile, of=outpufile, Copy drive
|
|||
|
- sudo dd if=/INPUTFILE/sda(ex) bs=1m | gzip -o > ~/OUTPUT-LOCATION ---> Copying and compress the copyed file. bs=Block size, gzip -o > will gzip and output to a location
|
|||
|
- sda ---> First drive
|
|||
|
- sdb ---> Second drive
|
|||
|
- sdc ---> Third drive
|
|||
|
- ...
|
|||
|
|
|||
|
|
|||
|
# Moving files / renaming files
|
|||
|
- mv XYZ.txt /something/XYZ.txt ---> Moving a file
|
|||
|
- mv XYZ.txt ZYX.txt ---> Renaming a file
|
|||
|
|
|||
|
|
|||
|
# Symbolic Links
|
|||
|
- ll FILENAME ---> Show symb link path (where does it goes?)
|
|||
|
- ln LOCATION/FILE LINK-LOCATION/SYMBO-NAME ---> Create hardlink (Better for Same disk)
|
|||
|
- ln -s LOCATION/FILE LINK-LOCATION/SYMBO-NAME ---> Create a softlink
|
|||
|
|
|||
|
|
|||
|
# Creating File
|
|||
|
- mkdir ---> Create a folder
|
|||
|
- touch ---> Create a document
|
|||
|
- anew ---> Create anew document with output
|
|||
|
- echo ---> Echo text
|
|||
|
|
|||
|
|
|||
|
# Partitions and volumes
|
|||
|
|
|||
|
- sudo iotop ---> Show disk read/bits every seconds
|
|||
|
- sudo iotop -a ---> Show disk read/bits cumulated time
|
|||
|
- sudo iostat ---> Show disk utilisation and who use it (System? User?)
|
|||
|
|
|||
|
MBR --> Master boot record (Up to 4 partitions)
|
|||
|
GPT --> GUID (Globally Unique Identifier) Partition Table (Up to 128 partitions)
|
|||
|
|
|||
|
- du -sh /FOLDER ---> Display amount of space /FOLDER use & sub-folders
|
|||
|
- sudo fdisk -l /dev/sdb ---> Show partitions
|
|||
|
- sudo fdisk /dev/sdb ---> MBR (m)=menu (n)=create (d)=delete (p)=print
|
|||
|
- First sector 2048 = boot record space occupy 2048 (enter)
|
|||
|
- +5G (Add 5 gigabit volume)
|
|||
|
- Last sector (default -> enter)
|
|||
|
- p -> check the new changes
|
|||
|
- w -> write the new changes
|
|||
|
- sudo gdisk /dev/sdc ---> GPT (m)=menu (n)=create (d)=delete (p)=print
|
|||
|
- Partition Number -> select a number
|
|||
|
- First sector 2048 = boot record space occupy 2048 (enter)
|
|||
|
- +5G (Add 5 gigabit volume)
|
|||
|
- HEX or GUID tables -> Default Enter
|
|||
|
- ... Enter, Enter
|
|||
|
- p -> check the new changes
|
|||
|
- w -> write the new changes
|
|||
|
- sudo parted /dev/sdb ---> Work with MBR & GPT (Not Used by default)
|
|||
|
|
|||
|
- gparted ---> If GUI, can use this to manage partitions
|
|||
|
|
|||
|
|
|||
|
# Formating Partitions
|
|||
|
- lsblk -f ---> Show available mounting volumes & formating types
|
|||
|
- ls -l /usr/sbin/mk* ---> Show all possible type of formating on this system
|
|||
|
- sudo mkfs -t FORMATING-OPTION /dev/VOLUME-SELECTED ---> Format the volume with the option given
|
|||
|
|
|||
|
|
|||
|
# Mounting Volumes and Files system
|
|||
|
- df -h ---> Show mounting points of volumes & other info
|
|||
|
- lsblk ---> Show available mounting volumes
|
|||
|
- sudo e2label /dev/SDA(ex) NAME ---> Include label name for the drive
|
|||
|
- sudo mount /dev/sdb1 /mnt/FOLDER ---> Mount sdb1 to mtn/FOLDER
|
|||
|
- sudo mount -t ext4 /dev/sdb1 /mnt/FOLDER ---> Specify the format (not obligated)
|
|||
|
- sudoedit /etc/fstab ---> Add entry to mount after every bootup
|
|||
|
- /dev/sdb1 /mnt/FOLDER FILEFORMAT defaults 0 0
|
|||
|
- UUID=THE_UUID /mnt/FOLDER FILEFORMAT defaults 0 0 ---> Use UUID to mount volume
|
|||
|
- LABEL=THE_LABEL /mnt/FOLDER FILEFORMAT defaults 0 0 ---> Use Label to mount volume
|
|||
|
- sudo mount -a ---> Launch automaticly the fstab files
|
|||
|
- sudo umount /dev/sdb1 ---> Unmount the partition
|
|||
|
|
|||
|
|
|||
|
# LVM (Logical Volume Manager) - Using RAID 0,1,5 / Create virtual volume
|
|||
|
LVM -> Physical Volumes (pv) | Group Volumes (vg) | Logical Volumes (lv) (end product)
|
|||
|
|
|||
|
- sudo pvdisplay ---> Show physical volumes
|
|||
|
- sudo vgdisplay ---> Show volume groups
|
|||
|
- sudo lvdisplay ---> Show virtual volumes
|
|||
|
|
|||
|
Mounting logical volumes can be apply the same way has normal volume to make them persistent (sudoedit /etc/fstab)
|
|||
|
- lsblk ---> Display volumes
|
|||
|
- /dev/sdb1 /mnt/FOLDER FILEFORMAT defaults 0 0
|
|||
|
- UUID=THE_UUID /mnt/FOLDER FILEFORMAT defaults 0 0 ---> Use UUID
|
|||
|
|
|||
|
- sudo apt install lvm2 ---> Install LVM if not already installed
|
|||
|
- sudo pvcreate /dev/VOLUME1 /dev/VOLUME2 ---> Making them part of LVM
|
|||
|
- sudo vgcreate vg1 /dev/sdb1 /dev/sdc1 ---> Merge Volumes in group (vg1 name is an example)
|
|||
|
- sudo lvcreate -L 12G vg1 -n Virtvolume ---> Create virtual volume (12G named Virt..)
|
|||
|
- sudo vgextend GROUP /dev/NEW-VOLUME ---> Adding new volume to group (make sure to pvcreate first)
|
|||
|
- sudo lvresize -L +5G /dev/vgi/Virtvolume ---> Extend virtual volume size
|
|||
|
- sudo resize2fs /dev/vgi/Virtvolume ---> Extend volume (ext4) NEED DO THIS AFTER
|
|||
|
- sudo lvremove /dev/vg1/Virtvolume ---> Remove volume space (ext4) NEED DO ...
|
|||
|
- sudo vgremove /dev/vg1 ---> Remove volume space (ext4) NEED DO ...
|
|||
|
- sudo pvremove /dev/sdb1 /dev/sdc1 /dev/vg1---> Remove volume space (ext4) NEED DO ...
|
|||
|
|
|||
|
# Rebuild bootloaded (Without touching to the linux distro)
|
|||
|
- sudo mount /dev/sdb1 /mnt/sdb1 ---> Mounting the bootloader volume to the mount folder
|
|||
|
- sudo grub-install -rootodirectory=/mnt/sdb1 /dev/sdb ---> Reinstalling the bootloader
|
|||
|
|
|||
|
# Analyzing Bootloading Times: Identifying Programs with Longer Load Times
|
|||
|
- sudo systemd-analyze blame ---> Identifying Programs with Longer boot Times
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Popular Files
|
|||
|
```
|
|||
|
More info: https://www.pathname.com/fhs/pub/fhs-2.3.html
|
|||
|
|
|||
|
- /boot ---> Kernel files
|
|||
|
- /etc ---> Configuration files
|
|||
|
- /lib ---> Libraries
|
|||
|
- /mnt ---> mounting temporary files
|
|||
|
- /var/log ---> Log files
|
|||
|
- dmesg ---> Show kernel logs
|
|||
|
- journalctl -u cron ---> Show logs of cron jobs runned on the device
|
|||
|
|
|||
|
- usr/local/bin ---> Locally compiled programs
|
|||
|
- usr/local/etc ---> Locally compiled programs
|
|||
|
|
|||
|
- /bin ---> Needed for system rescue
|
|||
|
- /usr/bin ---> Location of most user binary
|
|||
|
- /sbin /usr/sbin ---> Location of most system binary
|
|||
|
- /usr ---> User storage
|
|||
|
- /usr/share/bin ---> Program other then apps, example: stuff appache migh use
|
|||
|
|
|||
|
- /dev ---> Show devices
|
|||
|
- /proc ---> Folder that contain the process that can be found in the command ps
|
|||
|
- /sys ---> Kernel and boot stuff
|
|||
|
- /dev ---> Device nodes, provide an interface through which software can interact with hardware devices. Ex: dev/sda = SATA hard drive, dev/ttyS0 = first serial port...
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### User Management / Permissions / Groups / Password
|
|||
|
```
|
|||
|
- whoami ---> Print User
|
|||
|
- id ---> Print id, group, ... of current user
|
|||
|
- id USER ---> Show id, group, ... of selected user
|
|||
|
- chown [user]:[group] [file] ---> Change file ownership.
|
|||
|
- last ---> Show the last loggin in the current system
|
|||
|
- who ---> Check who is currently loggin in the system
|
|||
|
- w ---> Show what current logged user are doing
|
|||
|
|
|||
|
- sudo cat /etc/passwd ---> Show user information (groups, UID, Shell, ...)
|
|||
|
- sudo cat /etc/shadow ---> Show user password
|
|||
|
- sudo cat /etc/gshadow ---> Show group password
|
|||
|
- sudo cat /etc/group ---> Show user associated with groups
|
|||
|
|
|||
|
|
|||
|
# Create Users / Delete users
|
|||
|
- sudo useradd USER -c "USER X" -s /bin/sh -e 2023/12/31 ---> Create user, add name, add shell type, add expiration date (auto delete)
|
|||
|
- sudo useradd USER -d /home/USERNAME -m -G sudo,adm USERNAME ---> Create user, create directory, -m = create home, -G = add to the suplementary groups sudo & adm
|
|||
|
- sudo useradd "USER-NAME" USERNAME -p PASSWORD ---> Create user with name, username & password
|
|||
|
- sudo usermod -l USER NEW-USERNAME ---> Change user setting (ex: name, expiration..)
|
|||
|
- sudo usermod -L USER ---> Lock User account (L=Lock)
|
|||
|
|
|||
|
- sudo userdel USERNAME ---> Delete user but keep directory
|
|||
|
- sudo userdel -rf USERNAME ---> Delete user & all its directory (f=force, r=remove)
|
|||
|
- sudo /etc/skel FILEX.XYZ ---> Create file here will give file to every new users
|
|||
|
|
|||
|
- su USER ---> Switch User
|
|||
|
- sudo passwd USER ---> Set password for a new user
|
|||
|
|
|||
|
- sudo chage -l USER ---> Show password age for the user (man chage --> More info)
|
|||
|
- sudo chage -m 1 USER ---> User change passwd min 24h
|
|||
|
- sudo chage -M 1 USER ---> USER change passwd max 24H (Change -M 1 to X after)
|
|||
|
- sudoedit /etc/login.defs ---> Set password policies for all users (easier management)
|
|||
|
- sudoedit /etc/security/faillock.conf ---> Login faillure and lockout policies
|
|||
|
|
|||
|
- sudo chsh -s /bin/nolgin USER/SERVICE ---> Remove interactive shell
|
|||
|
|
|||
|
|
|||
|
# Create Groups / Delete Groups
|
|||
|
- sudo groupadd NAME ---> Create a group
|
|||
|
- less etc/group ---> Show all groups created
|
|||
|
- groups ---> Show all the groups of the current user
|
|||
|
- groups USER_X ---> Show all groups for USER_X
|
|||
|
- sudo usermod -aG USERNAME ---> Add group to user (-a=append / not remove other groups)
|
|||
|
- sudo groupmod -n NEWNAME OLDNAME ---> Change group name
|
|||
|
|
|||
|
- newgrp GROUP ---> Will set the following action from this group
|
|||
|
|
|||
|
- sudo gpasswd -a USER GROUP ---> Add USER to Group
|
|||
|
- sudo gpasswd -d USER GROUP ---> Remove USER from Group
|
|||
|
- sudo gpasswd -a USER GROUP ; sudo gpasswd -A USER GROUP ---> Make a user admin of it's group (give him edit permission inside the group)
|
|||
|
|
|||
|
- ls -l ---> Files/permissions (First=User,S=Group,T=Other)
|
|||
|
- drwxr-xr-x (Example) ---> d=directory / User=read,write,execute / ...
|
|||
|
- 4=Read 2=Write 1=Execute ---> Permission set via number ex: 7=All perms
|
|||
|
- chmod 740 file.txt (Example) ---> User=All perms / Group=Read / Other=No perms
|
|||
|
- chmod +r file.txt ---> User=read and groups & other nothing
|
|||
|
- chmod -r file.txt ---> Remove read access to current user
|
|||
|
- chmod +t file.txt ---> Add sticky bit (Only owner/root delete or rename file)
|
|||
|
- chmod u=rwx,g=rw,o=r file.txt ---> Set permissions via letters
|
|||
|
- chmod g-w file.txt (Example) ---> Remove write to groupe (ex)
|
|||
|
- less ~/.profile ---> Chamge default permission given on new file
|
|||
|
- #umask 022 ---> U=0->ALL perms, G=2->R&E (7 - number (WEIRD))
|
|||
|
|
|||
|
|
|||
|
# Sudo Permission
|
|||
|
- ls -n ---> Enable you to see the user id and group id of a file
|
|||
|
- sudo su - ---> Root shell with user password
|
|||
|
- sudo nano sudoers (IN /etc) ---> Change sudo permission for users
|
|||
|
- sudo visudo (IN /etc) ---> Change sudo permission for users | Special shell that test the code before in save it (make sure there is nothing that will be broken)
|
|||
|
- Ex: Asavard ALL=(ALL) ALL
|
|||
|
- Ex: Asavard ALL=(Wmartin) /usr/bin/apt install, /usr/bin/apt upgrade... (Binary Location)
|
|||
|
- Ex: %GROUP-NAME ALL=(ALL) ALL
|
|||
|
- USER/GROUP -> Connection host= -> (USER-HE-CAN-IMPERSONATE) -> COMMAND HE CAN RUN
|
|||
|
- POLICY KIT ??? ---> urs/share/polkit-1 ???
|
|||
|
|
|||
|
|
|||
|
# Standard Linux permissions typically restrict file access beyond the first user listed. To grant access to additional users, you'd usually create a new group, add users to it, and assign file permissions accordingly. Handling access for multiple groups can be cumbersome, but there's a simpler solution.
|
|||
|
|
|||
|
If (+) is showed when performing ls -l, this mean that it contain other type of attribut
|
|||
|
|
|||
|
- getfacl ---> check if ACL permission list is present
|
|||
|
- getfacl FILE.txt ---> Show permission for this file (Normal + ACL perms)
|
|||
|
- setfacl -m u:USER:rw FILE.txt ---> Add User to the permission with rw
|
|||
|
- setfacl -x u:USER:rw FILE.txt ---> Remove User to the permission with rW
|
|||
|
- setfacl -m g:GROUP:rw FILE.txt ---> Add Group to the permission with rw
|
|||
|
- setfacl -m d:u:USER:rw FILE.txt ---> Set permission to a directory (Can be done to group)
|
|||
|
|
|||
|
|
|||
|
# Secure Linux - Restrict Accounts (Debian)
|
|||
|
- Apparmor ---> Check Apparmor
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Process / System / Alias / Environement Variable
|
|||
|
```
|
|||
|
# Process
|
|||
|
- ps -ef ---> List process ongoing
|
|||
|
- top ---> Show task management
|
|||
|
- press m ---> List by (%) memorie
|
|||
|
NI --> Priority of process (Lower numbers will be prioritized for execution)
|
|||
|
- sudo nice -10 COMMAND ---> Set initial NI for process priorisation
|
|||
|
- sudo renice 11 PID -u USER ---> Change NI during run to 11 (ex), include PID and user
|
|||
|
- system monitor (GUI) ---> Show task management
|
|||
|
- PID = Process ID
|
|||
|
|
|||
|
- free -h ---> Show available memories (+Buff/cache)
|
|||
|
|
|||
|
- sudo kill (PID)
|
|||
|
- sudo kill -9 (PID) ---> Kill gently
|
|||
|
- sudo kill -15 (PID) ---> Kill if not responding
|
|||
|
- sudo killall google ---> Will kill all process contening google
|
|||
|
|
|||
|
|
|||
|
|
|||
|
- ctr-z ---> Background task
|
|||
|
- fg ---> Take back the background task
|
|||
|
|
|||
|
|
|||
|
# System
|
|||
|
- uname -a ---> kernel version info
|
|||
|
- uname -r ---> Just kernel infor
|
|||
|
|
|||
|
- isb_release -a ---> Server version
|
|||
|
|
|||
|
- systemctl {ACTION} {PROCESSE}
|
|||
|
- Start
|
|||
|
- Stop
|
|||
|
- Enable
|
|||
|
- Disable
|
|||
|
|
|||
|
|
|||
|
# Environement Variable
|
|||
|
- $ TAB TAB ---> Show all environement variable (nicer view) TAB KEY
|
|||
|
- printenv ---> Show all environement variable (Like env command)
|
|||
|
- env ---> Show all environement variable for bash
|
|||
|
- X=Something ---> Create environement var (echo $X = Some...)
|
|||
|
- export X=Y ---> Let you export env var (Remind it to terminal)
|
|||
|
|
|||
|
|
|||
|
# Alias
|
|||
|
- alias NAME='PATH/ACTION' ---> Create Alias
|
|||
|
- unalias your_alias_name ---> Remove Alias
|
|||
|
- sudo nano ~/.bashrc ---> Permanent Alias (Edit the file & add the alias)
|
|||
|
|
|||
|
|
|||
|
# ???
|
|||
|
- echo "export PATH=$PATH:~/go/bin" >> ~/.bashrc
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Binary (Compilling)
|
|||
|
```
|
|||
|
- Download the File
|
|||
|
- tar -xvzf file.tar.gz ---> Decompile the file
|
|||
|
- cd file/src ---> Go in the file where you have all the Makefile/C code/References
|
|||
|
- make ---> Give you options of compiling depending of your system
|
|||
|
- make clean OPTION ---> Will compile the file in the run folder
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### History & Record Commands
|
|||
|
```
|
|||
|
# History
|
|||
|
- history ---> Show History of commands
|
|||
|
- history clear ---> Clear History of commands
|
|||
|
|
|||
|
|
|||
|
# Register Command
|
|||
|
- command | tee >> FILE.TXT
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
### Others
|
|||
|
```Terminal
|
|||
|
# Remote access (SSH)
|
|||
|
- sudo apt install ssh
|
|||
|
- sudo systemctl enable -now ssh ---> Enable SSH
|
|||
|
- sudoedit /var/tmp/sshd_config ---> Change SSH config (EX: port#, Hostkey, Certificate autotification and no password...)
|
|||
|
- shh USER@IP ---> Connect to SSH
|
|||
|
|
|||
|
|
|||
|
# Get Files & transfers Files
|
|||
|
- Filezilla ---> Good option if GUI available
|
|||
|
- wget URL ---> Download any pointing url
|
|||
|
- curl URL ---> Download urls/services/mails/.. (WGET on steroids)
|
|||
|
- curl URL --output X.txt ---> Download urls/services/mails/.. to a X.txt
|
|||
|
|
|||
|
- rsync -azurP /FOLDER-SYNC /PATH-DESTINATION ---> LOCAL COPY
|
|||
|
- NEED TO SSH IN OTHER MACHINE
|
|||
|
- ... -azurP -e shh /FOLDER-SYNC USER@COMPUTER:/FULL-PATH-DEST ---> REMOTE COPY
|
|||
|
- ... ... -e shh --exclude="*.mp3" --include=".*"...(Example) ---> Exclude MP3
|
|||
|
- ... ... -e shh --include=".*" --exclude="*.mp3"...(Example) ---> Just MP3
|
|||
|
- ... ... ... ... ... --dry-run ---> Enable to visualise changes before syncing
|
|||
|
- -e shh= Using ssh for communication, a=archive, z=zip during transfer, u=update(not overwrite, r=recursive, P=outpout verbose
|
|||
|
|
|||
|
|
|||
|
# Docker.io (Containers)
|
|||
|
- sudo dockerd ---> Start docker
|
|||
|
- sudo usermod -aG docker USERNAME ---> Ading user to docker group, enable user to run docker stuff without beeing root (-a = Primary group | -G = Secondary group) - REBOOT
|
|||
|
- docker ps ---> Show the docker process
|
|||
|
- docker ps -a ---> Show all the docker process (Show history)
|
|||
|
- docker images ---> Show a list of all the docker installed
|
|||
|
- docker search ubuntu (EX) ---> Search for docker images
|
|||
|
- docker pull NAMEOFIMAGE ---> Download the image to the computer
|
|||
|
- https://hub.docker.com/ ---> Docker images (Best way to start)
|
|||
|
- docker run --name helloworld ---> Download and run helloworld
|
|||
|
- docker run -dit --name helloworld -p 8080:80 -v /home/user:/var/www/html/ httpd:VERSION
|
|||
|
- docker run --name helloworld -dit ---> Run helloworld container and make it interactive (d=detache, i=interactive, t=pseudo tty terminal)
|
|||
|
- CTRL P & CTRL Q ---> Process in background and quit
|
|||
|
- docker attach NAME ---> Connect back to the container
|
|||
|
- docker stop NAME ---> Stop container
|
|||
|
- docker rm NAME ---> Remove the container
|
|||
|
|
|||
|
|
|||
|
# Automate Docker container (Very powerfull)
|
|||
|
- sudo apt install docker.io docker-compose
|
|||
|
- nano docker-compose.yaml ---> create docker configuration file to manage containers
|
|||
|
#CHECK CONTAINER DOCUMENTATION
|
|||
|
version: '3.7'
|
|||
|
services:
|
|||
|
portainer:
|
|||
|
container_name: DOCKERNAME
|
|||
|
image: DOCKERFILENAME:VERSION (VERSION IS OPTIONAL DEPENDING WHAT YOU WANT TO INSTALL)
|
|||
|
restart: 'always' ---> Make it restart by default
|
|||
|
ports:
|
|||
|
- target: 'PORT1'
|
|||
|
published: 'PORT1'
|
|||
|
protocol: tcp
|
|||
|
- target: 'PORT2'
|
|||
|
published: 'PORT2'
|
|||
|
protocol: tcp
|
|||
|
volumes: ---> Provide Persistent storage
|
|||
|
- type: bind
|
|||
|
source: /var/run/docker.sock
|
|||
|
target: /var/run/docker.sock
|
|||
|
- type: bin
|
|||
|
source: /srv/DOCKERNAME
|
|||
|
target: /data/
|
|||
|
|
|||
|
- sudo mkdir /srv/DOCKERNMAE ---> Create the directory to host the persistence data
|
|||
|
- docker-compose up --datach ---> Launch the configuration file in background
|
|||
|
|
|||
|
|
|||
|
# Combine files together
|
|||
|
- cat file1.txt file2.txt file3.txt > combined_list.txt
|
|||
|
|
|||
|
|
|||
|
# Sort and remove duplicate
|
|||
|
- sort combined_list.txt | uniq -u > cleaned_combined_list.txt
|
|||
|
|
|||
|
|
|||
|
# Archive and Zipping
|
|||
|
- tar -cf NEWFILECREATED.tar ./DIRECTORY-TO-TAR ---> Package files together & Archive them
|
|||
|
- tar -czf Newfile.tgz * ---> Archive & gzip in current folder (* = All)
|
|||
|
- tar -cjf Newfile.tgz * ---> Archive & Bzip in current folder (* = All)
|
|||
|
- tar -xzf file.tgz ---> Ungzip tar file
|
|||
|
|
|||
|
|
|||
|
# Firewall Rules (Orders are important!!!)
|
|||
|
- sudo ufw status ---> See firewall rules in place
|
|||
|
- sudo ufw allow ssh ---> Allow SSH (22) trought the firewall
|
|||
|
- sudo ufw deny ... ---> Deny ports
|
|||
|
- sudo ufw prepend deny ... ---> Add the Deny or Allow rule at the begiging
|
|||
|
- sudo ufw numbered ---> Give you a list and number to insert rules at right spot
|
|||
|
- sudo ufw insert NUMBER deny ... ---> Add rules between two rules numbers
|
|||
|
- sudo ufw allow 80/tcp comment "HTTP" ---> Allow HTTP (80) trought the firewall & add comment
|
|||
|
- sudo ufw allow 20,21/tcp comment "FTP" ---> Services that need more then 1 port open
|
|||
|
- sudo ufw allow 30000:40000/UDP ... ---> Open range of ports
|
|||
|
- sudo ufw allow 80,443,2000:3000/TCP ...---> Open range + specific ports
|
|||
|
|
|||
|
- sudo ufx prepend allow proto tcp from 192.168.0.0/24 to any port 22 ---> Allow any local computer trafic to ssh
|
|||
|
|
|||
|
# Time/Region/Localisation/keybord
|
|||
|
- localectl ---> Display information about the localisation, language, ...
|
|||
|
- locale ---> Display saved variable
|
|||
|
- locale currency_symbol ---> Display currency symbol
|
|||
|
- date ---> Show the current date (What computer think it's)
|
|||
|
- timedatectl set-ntp on ---> Set network time protocol ON (If not on by default)
|
|||
|
- timedatectl list-timezones ---> Show all time zones (Chose Continent/city closer)
|
|||
|
- sudo timedatectl set-timezone EXACT-NAME-&-CITY ---> Change dates to the region
|
|||
|
- localectl list-locales ---> Display possible settings for your machine
|
|||
|
- localectl set-locale LAN=fr_FR.utf8 ---> Local set utf8/FR keyboard (Reboot after)
|
|||
|
```
|