Last active
January 31, 2024 14:53
-
-
Save ingmarioalberto/a547bf6f9a6166a27d0cd63c2ecaba41 to your computer and use it in GitHub Desktop.
Acordeón Diplomado Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
source: <a href="https://mapapulque.ro/ac.php">acordeon de linux infraestructura ti</a> | |
---------------------------------------------------- | |
!vi tabsize (best viewed with tabsize = 2, monospace font) | |
+->set ts=2 | |
---------------------------------------------------- | |
!boot | |
+->Boot->BIOS->MBR->GRUB->Kernel->Init>Runlevel | |
BIOS:Basic Input Output System | |
MBR:Master Boot Record | |
GRUB:Grand Unified Bootloader | |
Kernel:/sbin/init | |
Init:Execs runlevels Runlevel:Execs programs /etc/rc.d/rc*.d | |
---------------------------------------------------- | |
!permisos | |
+->DAC(discretional access list) | |
+->ver permisos numéricos de un archivo: | |
+->stat -c "%a %n" arch.txt | |
+->chown -R user.group arch.txt | |
+->chmod -R ugoa+r+w+x arch.txt | |
+->normales | |
+->chmod <u|g|o|a> arch.txt // chmod 0000 arch.txt | |
/ | \\_exec | |
extra read write | |
+->read ->numérico->4 | |
+->write->numérico->2 | |
+->exec ->numérico->1 | |
+->extras | |
+->sticky->numérico->1 / chmod <+|->t arch.txt | |
+->f:N/A | |
+->d:solo el owner (y root) puede mod/borrar archivos creados por él | |
+->suid->numérico->2 / chmod u<+|->s arch.txt | |
+->f:ejecute con privilegios de owner | |
+->d:N/A | |
+->sgid->numérico->4 / chmod g<+|->s arch.txt | |
+->f:ejecute con privilegios de owner group | |
+->d:cuando se crea un arch/dir tomará los permisos del owner del directorio | |
ls -l | |
-rwx------ | |
123456789A | |
1: | |
d:directorio | |
b:hardware | |
c:Dispositivos de I/O | |
l:Enlace simbolico | |
s:sockets | |
p:tuberías | |
normales: | |
234:user:rwx | |
567:group:rwx | |
89A:other:rwx | |
especiales: | |
es mejor leerlos con stat -c "%a %n" arch.txt | |
------- | |
+->ACL(access control list) | |
+->setfacl -m u:batman:--- file.txt | |
+->setfacl -m u:batman:rX- /home/dir | |
Mayuscula X solo se aplica permiso de ejecución (acceso) a directorios. | |
------- | |
sudo y visudo | |
+->usuario: | |
sudouser ALL = (ALL) NOPASSWD:ALL | |
+->grupos: | |
%sudogrp ALL = (ALL) NOPASSWD:ALL | |
------- | |
+->MAC(mandatory access control) selinux | |
+-set/get:enforce | |
+->semanage fcontext -a -t public_content_t '/dir1(/.*)?' | |
+->restorecon -RvF /dir1/ | |
+->semanage fcontext -l : Listar todos lo contextos de los archivos | |
+->ls -laZ : Mostrar permisos | |
+->chcon -t context_type file.txt : cambiar se permisos temporal | |
+->/var/log/audit/audit.log | |
+->yum install -y policycoreutils-python-2.5-33.el7.x86_64 | |
+->grep -e '...' | <audit2allow||audit2why> | |
+->yum install -y setools-console | |
+->ausearch -c 'sshd' --raw | audit2allow -M my-sshd | |
+->getsebool -a ||setsebool -P httpd_can_network_connect on | |
+->semanage login -l : lista los usuarios y sus contextos | |
+->semanage fcontext -l : lista todos los contextos de cada ruta | |
+->semanage port -a -t ssh_port_t -p tcp 2222 | |
+->ausearch -c 'nginx' --raw | audit2allow -M my-nginx | |
+->semodule -i my-nginx.pp | |
+->semodule ? | |
+->seinfo -c : | |
+->seinfo -t : | |
+->seinfo -u : | |
+->seinfo -r : | |
+->Contextos más usuales: | |
httpd_sys_content_t:Página web estática | |
httpd_sys_script_ro_t:CGI script para leer archivos y directorios | |
httpd_sys_script_rw_t:CGI read write erase | |
httpd_sys_script_exec_t:CGI de ejecución | |
+->Laravel-> | |
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/proyecto(/.*)?' | |
restorecon -RvF /var/www/html/proyecto | |
setsebool -P httpd_can_network_connect on | |
setsebool -P httpd_can_sendmail on | |
+->selinux+httpd+nginx | |
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/test/html(/.*)?' | |
restorecon -RvF /var/www/test/html | |
+->selinux+nginx (non standard port) | |
sudo ausearch -c 'nginx' --raw | sudo audit2allow -M my-nginx | |
sudo semodule -i my-nginx.pp | |
---------------------------------------------------- | |
!repos | |
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm | |
createrepo | |
dvd local repo: | |
>/etc/yum.repos.d/dvd.repo | |
[LocalRepo] | |
name=LocalRepository | |
baseurl=file:///mnt/cdrom | |
enabled=1 | |
gpgcheck=0 | |
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 | |
---------------------------------------------------- | |
!repos epel - remi | |
yum-config-manager --add-repo=http://dl.fedoraproject.org/pub/epel/7/x86_64/ | |
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm | |
yum repolist | |
---------------------------------------------------- | |
!instalar/actualizar | |
+->instala/actualiza: rpm -Uvh etc.rpm | |
+->busca quien instalo: rpm -qf /etc/grub2.cfg | |
+->desinstala: rpm -e etc.noarch | |
+->ver repos: yum repolist | |
+->listar instalados: yum list installed | |
+->instalar: yum install xxx | |
+->grupos de apps disponible: yum grouplist | |
+->instalar: yum groupinstall "Emacs" | |
+->buscar paquete: yum search "web server" | |
+->lista archivos instalados: rpm -qpl file.rpm | |
---------------------------------------------------- | |
!particionado | |
+->lsblk | |
+->fdisk /dev/sdb | |
+->n,p,<enter>,<enter>,+1GiB | |
+->n,p,<enter>,<enter>,+500MiB | |
+->n,e,<enter>,<enter>,+1500MiB | |
+->w | |
+->fdisk /dev/sdb | |
+->n,l,<enter>,+500MiB,w | |
.. | |
+->mkfs | |
+->mkfs.ext4 /dev/sdb1 | |
+->exfat install: | |
yum install -y http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm | |
yum install exfat-utils fuse-exfat | |
mkfs.exfat /dev/sdb5 | |
+->mkswap (part/file),swapon,swapoff | |
!particionado (if size>2TB) | |
parted /dev/sdX | |
(parted) mklabel GPT | |
(parted) mkpart primary 2048s 100% | |
(parted) q | |
---------------------------------------------------- | |
!lvm | |
( | |
fdisk /dev/sdX | |
n<enter>p<enter>1<enter><enter>w<enter> | |
) | |
+->pvcreate /dev/sdc1 | |
+->vgcreate grupolvm /dev/sdc1 | |
+->lvcreate -L 3G -n nombrelogico grupolvm | |
+->mkfs.ext4 /dev/grupolvm/nombrelogico | |
---- | |
!crecer lvm: | |
+->lvextend -L +2000M /dev/grupolvm/nombrelogico | |
+->lvextend -L +100%FREE /dev/grupolvm/nombrelogico | |
despues de extender: | |
+->resize2fs /dev/sda1 | |
---- | |
!decrecer lvm: primero FS->volumen | |
0. sudo umount /dev/grupolvm/nombrelogico | |
1. sudo resize2fs /dev/grupolvm/nombrelogico 1G | |
1.1. sudo e2fsck -f /dev/grupolvm/nombrelogico | |
2. sudo lvresize -L 1G /dev/grupolvm/nombrelogico | |
-- o -- | |
2. sudo lvresize -l +100%FREE /dev/grupolvm/nombrelogico | |
---- | |
!agregar disco lvm (2GB), agregar a grupo, crecer VG,LV y FS | |
1. sudo fdisk /dev/sdd | |
1.1. n,p,<enter>x3 | |
2. sudo pvcreate /dev/sdd1 | |
3. sudo vgextend diplomado /dev/sdd1 | |
4. sudo lvresize -l +100%FREE /dev/diplomado/gnu-linux | |
---------------------------------------------------- | |
!procesos | |
+-top,htop,ps,pstree,nice,renice,kill | |
---------------------------------------------------- | |
!init systems-> | |
Centos7,Fedora>19: SystemD | |
Debian 6,SLES11: SysVInit | |
RHEL,Ubuntu12.04: upstart | |
!niveles de ejecución SystemV: | |
+->Levels | |
0:hald/poweroff | |
1:monousuario | |
2:multiuser sin red | |
3:multiuser con red | |
4: | |
5:grafico | |
+->Cambiar a modo texto definitivo | |
systemctl set-default multi-user.target | |
+->Cambiar a modo texto temporal | |
systemctl isolate multi-user.target | |
+->tiempo de carga del sistema (reboot) | |
+->systemd-analyze blame | |
+->systemd-analyze plot >/var/tmp/plot.svg | |
+->logs | |
+->journalctl | |
---------------------------------------------------- | |
!servicios | |
+->lista servicios activos: | |
systemctl list-units --type service | |
+->lista todos los servicios | |
systemctl list-units --type service --all | |
+->Listar servicios act/inact/deshab | |
systemctl list-unit-files --type service | |
---------------------------------------------------- | |
!hora, corregir timezone | |
timedatectl list-timezones | |
timedatectl set-timezone America/Mexico_City | |
timedatectl status | |
# timedatectl set-time '2016-12-13 13:45' | |
---------------------------------------------------- | |
!variables de entorno | |
$SHELL, $HOME, $PATH, $PS1, $USER, $HOSTNAME, $SHLVL | |
/ | |
Prompt | |
---------------------------------------------------- | |
!redireccionamiento | |
stdin-> echo ok | sed 's/ok/nok/g' | |
ls | xargs rm -fr | |
ls alimenta a xargs por stdin y xargs le pasa lo que salga de "ls" a rm -fr | |
stdout-> echo ok >stdout.txt | |
stderr-> ls /archivo-no-existe.txt 2>/tmp/stderr.txt | |
---------------------------------------------------- | |
!scripts | |
$0 nombre del script | |
$* conjunto de todos los args en un solo argumento | |
$@ conjunto de args en un solo param | |
$# num de parametros script | |
$? codigo error de ultimo comando | |
$$ el pid del script | |
$! el pid del ultimo proceso ejecutado en 2o plano | |
!variables scripts | |
ETC=2 <- sin espacios | |
echo $ETC | |
---------------------------------------------------- | |
!estructuras de control scripts | |
+-> | |
for i in $( ls ); do | |
echo item: $i | |
done | |
+-> | |
CONTA=0 | |
while [ $CONTA -lt 10 ]; do | |
echo contador: $CONTA | |
let CONTA=CONTA+1 | |
done | |
+->Leer archivo linea por linea, "IFS= " es para dividir por lineas. | |
while IFS= read -r renglon | |
do | |
echo "$renglon" | |
done < input_file | |
---------------------------------------------------- | |
!shells | |
+->listar shells instalados | |
+->cat /etc/shells | |
+->modificar shell | |
+->usermod -s /bin/zsh usuario | |
---------------------------------------------------- | |
!passwd | |
+->caracteres mínimos | |
+->/etc/login.defs | |
+->/etc/passwd | |
+->usuario:pass shadow:uid:gid:Nombre:home:shell | |
+->admin:x:1000:1000:Admin:/home/admin:/bin/bash | |
+->/etc/shadow | |
+->user | |
:pass | |
:lastPassDaysChanged | |
:minDaysToPassChange | |
:MaxDaysPassValid | |
:WarnDaysToPassChange | |
:NumDaysToInactiveAfterPassExpire | |
:DaysToDeactivateAccount | |
Days se miden desde el 1/Ene/1970 | |
---------------------------------------------------- | |
!usuarios | |
useradd,usermod,userdel,addgroup,passwd | |
---------------------------------------------------- | |
!firewall | |
+->firewall-cmd --zone=public --add-port=2222/tcp --permanent | |
+->firewall-cmd --zone=public --permanent --add-service=http | |
+->firewall-cmd --zone=public --permanent --add-port=443/tcp | |
+->firewall-cmd --reload | |
+->Rich rules->reglas complicadas | |
---------------------------------------------------- | |
!nginx | |
yum install nginx | |
sudo sed -i 's/80 default_server/8080 default_server/g' /etc/nginx/nginx.conf | |
systemctl start nginx && systemctl enable nginx | |
mkdir -p /var/www/test2/html | |
mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled | |
vi /etc/nginx/nginx.conf | |
debajo de: include /etc/nginx/conf.d/*.conf; | |
>>include /etc/nginx/sites-enabled/*.conf; | |
crear test.conf en sites-enabled... | |
--- | |
upstream php-fpm-prod { | |
server 127.0.0.1:9000 weight=1 max_fails=3 fail_timeout=5s; | |
keepalive 100; | |
} | |
server { | |
set_real_ip_from 127.0.0.1; | |
real_ip_header X-Forwarded-For; | |
listen 8081; | |
root /var/www/test2/html; | |
index index.php index.html; | |
charset UTF-8; | |
access_log /var/log/nginx/access.log main; | |
error_log /var/log/nginx/error.log; | |
location ~ .php$ { | |
try_files $uri =404; | |
fastcgi_pass 127.0.0.1:9000; | |
# fastcgi_pass php-fpm-prod; #127.0.0.1:9000; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
} | |
--- | |
ver selinux+nginx | |
ver nginx+php | |
---------------------------------------------------- | |
!nginx+php | |
yum install -y php74-php-fpm.x86_64 | |
systemctl list-unit-files | grep php | |
systemctl enable php74-php-fpm.service | |
systemctl start php74-php-fpm.service | |
---------------------------------------------------- | |
!apache httpd virtualhost | |
yum install httpd | |
systemctl start httpd && systemctl enable httpd | |
mkdir -p /var/www/test/html | |
mkdir -p /var/www/test/logs | |
mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled | |
echo 'IncludeOptional sites-enabled/*.conf' | sudo tee -a /etc/httpd/conf/httpd.conf | |
#setsebool -P httpd_unified 1 | |
--- | |
<VirtualHost *:80> | |
ServerName test.com | |
DocumentRoot /var/www/test/html | |
ErrorLog /var/www/test/logs/error.log | |
CustomLog /var/www/test/logs/requests.log combined | |
</VirtualHost> | |
--- | |
<VirtualHost *:443> | |
ServerName www.testing.com | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/www.testing.com/fullchain.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/www.testing.com/privkey.pem | |
#SSLCertificateChainFile /var/www/www.testing.com/ssl/DigiCertCA.crt | |
DocumentRoot /var/www/www.testing.com/html | |
ErrorLog /var/www/www.testing.com/logs/error.log | |
CustomLog /var/www/www.testing.com/logs/requests.log combined | |
</VirtualHost> | |
--- | |
ver:selinux+httpd/nginx | |
ver:httpd+php | |
---------------------------------------------------- | |
!httpd+php | |
ver:apache httpd virtualhost | |
yum -y install yum-utils | |
yum-config-manager --enable remi-php74 | |
yum -y install php php-opcache | |
---------------------------------------------------- | |
!centos+squid+dansguardian: | |
wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/Kenzy:/packages/CentOS_7/x86_64/dansguardian-2.12.0.3-1.3.x86_64.rpm | |
sudo yum install -y dansguardian-2.12.0.3-1.3.x86_64.rpm | |
sudo yum install -y squid | |
sudo vi /etc/squid/squid.conf; # en la parte de las ACLs, agregar (lo de rojo) | |
>>acl localhost src 127.0.0.1/32 | |
sudo setsebool -P squid_connect_any 1 | |
sudo setsebool -P squid_use_tproxy 1 | |
sudo systemctl start squid | |
sudo vi /etc/dansguardian/dansguardian.conf; | |
<> | |
filterip=192.168.0.109 | |
filterports=8080 | |
proxyip=192.168.0.109 | |
proxyport=3128 | |
sudo vi /etc/dansguardian/lists/bannedsitelist; | |
>> | |
unam.mx | |
sudo vi /etc/dansguardian/lists/bannedphraselist | |
>> | |
< unam > | |
sudo vi /usr/share/dansguardian/languages/ukenglish/template.html | |
sudo systemctl restart dansguardian; | |
---------------------------------------------------- | |
!arrancar centos sin pass | |
agregar al grub -> rw init=/bin/bash | |
echo '123qwe' | passwd --stdin root && reboot | |
--- o --- | |
en el grub -> poner despues del quiet: rd.break | |
mount -o remount,rw /sysroot/ | |
chroot /sysroot/ | |
echo '123qwe' | passwd --stdin root && reboot | |
touch /.autorelabel | |
exit | |
reboot | |
---------------------------------------------------- | |
!grub no modificar | |
grub2-mkpasswd-pbkdf2 | |
/etc/grub.d/40_custom | |
>> | |
set superusers="root" | |
password_pbkdf2 root HASH_GENERADO | |
--- | |
cd /boot/grub2/ | |
grub2-mkconfig -o /boot/grub2/grub.cfg | |
---------------------------------------------------- | |
!samba server | |
yum -y install samba samba-client samba-common | |
systemctl enable smb.service; systemctl start smb.service | |
systemctl enable nmb.service; systemctl start nmb.service | |
firewall-cmd --permanent --zone=public --add-service=samba | |
firewall-cmd --reload | |
adduser usersmb -s /sbin/nologin | |
smbpasswd -a usersmb | |
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak | |
vi /etc/samba/smb.conf | |
>> | |
[compartir] | |
comment=samba | |
path=/samba/compartido | |
public=yes | |
writable=yes | |
--- | |
mkdir -p /samba/compartido | |
chmod -R 0755 /samba/compartido | |
??chown -R nobody:nobody /samba/compartido | |
semanage fcontext -a -t samba_share_t '/samba/compartido(/.*)?' | |
restorecon -RvF /samba/compartido | |
---------------------------------------------------- | |
!/etc/fstab | |
#device mounting_directory filesystem_type options dump fsck | |
//192.168.1.10/samba /smb-share cifs username=usersmb,password=password 0 0 | |
/dev/sda1 / ext4 defaults 0 0 | |
---------------------------------------------------- | |
!automatizacion tareas | |
+->cron | |
+->/etc/crontab | |
min hour dom dow user cmd | |
+->at | |
+->at,atq,atrm | |
+->at 20:23 | |
ls -l >/tmp/ls.txt | |
ctrl + d | |
---------------------------------------------------- | |
!tigervnc | |
yum install -y tigervnc-server.x86_64 | |
vncpassword | |
systemctl enable vncserver@:1.service | |
systemctl start vncserver@:1.service | |
firewall-cmd --permanent --add-service vnc-server | |
systemctl restart firewalld.service | |
---------------------------------------------------- | |
Scripting en Bash acordeón: | |
ARGUMENTS: | |
is First argument empty: | |
if [ -z "$1" ] | |
then | |
echo "No argument supplied" | |
fi | |
argument count is 0: | |
if [ $# -eq 0 ] | |
then | |
echo "No arguments supplied" | |
fi | |
CASE: | |
case ${VAR} in | |
Opt1) | |
echo -n "Option 1" | |
;; | |
Option2 | Opt2 | Opttwo | Optwo) | |
echo -n "Option 2" | |
;; | |
Option3 | "Option 3" | Opt3 | "3") | |
echo -n "Option 3" | |
;; | |
*) | |
echo -n "any other option" | |
;; | |
esac | |
STRINGS: | |
Replace more than one space into one | |
... | sed 's/ */ /g' | |
... | sed 's/ \{1,\}/ /g' | |
... | tr -s ' ' | |
---------------------------------------------------- | |
function NDayOfMonth (){ | |
# script to look for the N-th day of the month | |
# for example: | |
# The second Thursday of the February of 2024 | |
# NDayOfMonth 2 3 2022 07 | |
# arg1: 1,2,3,4,5 (1st, 2nd, 3rd, 4th, 5th day of the month) | |
# arg2: number for Day of the week (1=Sunday, 7=Saturday) | |
# arg3: Year in 4 digits | |
# arg4: Month in 2 digits | |
# Firstly we need to get the weekday for the first day of the month | |
#won't validate anything... so be careful | |
DM="$1"; WW="$2"; YYYY="$3"; mm="$4" | |
R=$(ncal $mm $YYYY 2>/dev/null | tail -n+2 | head -n${WW} | tail -n1 | xargs | cut -d " " -f2- | cut -d " " -f"${DM}") | |
echo "${R}" | |
} | |
--------------------- | |
awk -F ';' '($2 == "ABCD") && ($3 == "MNOP") && ($4 == "KLPM") { print $2, $3;}' file.xml | |
awk -F ';' '($2>10) && (length($2) != 0) { print $2, $3;}' file.xml | |
awk -F ';' '{sum+=$57;} END{print sum;}' file.txt | |
--------------------- | |
Exfiltración de datos o como actualizar sistemas sin acceso a red o mil cosas más | |
desde algun lugar con acceso a internet y maquina aislada: | |
ssh -R IpVmAislada:PuertoVmAislada:IpPcConAcceso:PuertoPCconAcceso user@IpVmAislada | |
ejemplo: ssh -R 0.0.0.0:8888:127.0.0.1:9999 user@10.x.y.z | |
en la VM "aislada" | |
proxychains wget "https://www.pulque.ro/m/Running_Up_That_Hill_(DJ_Falken_Amapiano_Remix).mp4" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment