Prohibit password login for the 'root' account: PermitRootLogin prohibit-password
Use man
and search with less/vim command syntax
less /var/log/auth.log
: View the auth log with logins and sudo usagetimedatectl
: Show clock / timezone info
Midnight Commander is helpful when needing to visualise a file system and directory structures.
h - list less commands
/ - text search
n - next match
N - previous match
g - start of file G - end of file
space - next page shift + space - previous page
down key - next line up key - previous line
F - enable '-f' like behavior; ctrl-c to break
-S chop long lines
& /pattern/ - show lines containing /pattern/ (like grep)
!<command #> - runs the command at the given line item
h|j|k|l
: left/down/up/right navigatione
: end of wordb
: begin of word0
: beginning of the line$
: end of the linea
|A
: Appendr
: Replace
Fundamental command concepts: "operators" and "motions".
vimtutor
is your friend.
Dive into systemctl
as it's the predominant "init system" and "system manager".
systemctl status cron.service
systemctl list-units
Plain text files are a key part of "the Unix way".
Tools for log analysis: grep
, cat
, more
, less
, cut
, awk
and tail
Piping cat to grep is apparently somewhat wasteful/unnecessary.
ss -ltp
: Listening ports and processes (try with sudo to show processes running as root)nmap localhost
: Run a port scan against the local serversudo iptables -L
: List iptables rules
System-wide and user-specific crontab schedules exist.
System-wide cron schedule is at /etc/crontab
. On Ubuntu, this is a simply schedule for launching "anacron", which in turn executes the scripts found under the /etc/cron.(daily|hourly|monthly|weekly)
directories. Also of note is that anacron has additional logic to support systems that aren't online 24/7, and still ensures the jobs are executed at the specified interval.
cat /etc/crontab
: Show the system crontabcrontab -l
: List crontab for a user
Systemd timers are an alternative.
systemctl list-timers
Four tools:
locate
: Locates a file ... index is usually rebuilt nightly. Usesudo updatedb
to refresh the index.locate auth.log
- find: searches down through a directory structure looking for files which match some criteria
find /var -name auth.log
find /var -mtime +3
(24 * n hours)find ~ -size +100k
(note+
or-
for gt/lt)find /home/dwight -user root -exec chown dwight:dwight {} ;
(executes a command against all matching files)find -user dwight
find -group dwight
-o
... or condition-not
... invert condition
- grep: print lines that match patterns
grep dwight /var/log/auth.log
grep -R -i "PermitRootLogin" /etc/*
(searchs the entire/etc/*
directory)sudo zgrep root /var/log/auth.log.4.gz
(apply gunzip for compressed text files)
- which: locate a command and print its path
SFTP is preferred as it's based on the SSH protocol. That's likely already setup and is secure.
sudo -l
: Show commands that a user can run with sudo...
sudo -l -U <otheruser>
Check another user
Listing source repostitories ... no specific command ...
cat /etc/apt/sources.list /etc/apt/sources.list.d/* | grep 'deb '
Searching ...
apt search wireguard | less
apt-cache dump | grep "wireguard"
Consider user PPAs.
tar cvf
and tar -cvf
are identical ... there's some history around the switch statements
make install
usually needs sudo because it'll drop the installed binaries in a shared / root-restricted directory.
In general '/bin' is for key parts of the operating system, '/usr/bin' for less critical utilities and '/usr/local/bin' for software you've chosed to manually install yourself.
The 'dailycompress' option is interesting. Technically it's important because some programs cannot be instructed to close/re-open the new log file that's been rotated in. Then there's the usability nice-to-have of being able to access the previous log file witout needing to de-compress it.
inodes are the indexes gather metadata about the underlying file data.
Hard links share the same inode as the linked file ... which explains most of the other differences to symlinks
Convention: scripts intended to be executed by all users can be made executable (chmod +x
) and copied into '/usr/local/bin'.