Skip to content

Instantly share code, notes, and snippets.

@ingmarioalberto

ingmarioalberto/acordeon.txt

Last active January 31, 2024 14:53
Show Gist options
  • Save ingmarioalberto/a547bf6f9a6166a27d0cd63c2ecaba41 to your computer and use it in GitHub Desktop.
Save ingmarioalberto/a547bf6f9a6166a27d0cd63c2ecaba41 to your computer and use it in GitHub Desktop.
Download ZIP
Acordeón Diplomado Linux
Raw
acordeon.txt
source: <a href="https://mapapulque.ro/ac.php">acordeon de linux infraestructura ti</a>
----------------------------------------------------
!vi tabsize (best viewed with tabsize = 2, monospace font)
+->set ts=2
----------------------------------------------------
!boot
+->Boot->BIOS->MBR->GRUB->Kernel->Init>Runlevel
BIOS:Basic Input Output System
MBR:Master Boot Record
GRUB:Grand Unified Bootloader
Kernel:/sbin/init
Init:Execs runlevels Runlevel:Execs programs /etc/rc.d/rc*.d
----------------------------------------------------
!permisos
+->DAC(discretional access list)
+->ver permisos numéricos de un archivo:
+->stat -c "%a %n" arch.txt
+->chown -R user.group arch.txt
+->chmod -R ugoa+r+w+x arch.txt
+->normales
+->chmod <u|g|o|a> arch.txt // chmod 0000 arch.txt
/ | \\_exec
extra read write
+->read ->numérico->4
+->write->numérico->2
+->exec ->numérico->1
+->extras
+->sticky->numérico->1 / chmod <+|->t arch.txt
+->f:N/A
+->d:solo el owner (y root) puede mod/borrar archivos creados por él
+->suid->numérico->2 / chmod u<+|->s arch.txt
+->f:ejecute con privilegios de owner
+->d:N/A
+->sgid->numérico->4 / chmod g<+|->s arch.txt
+->f:ejecute con privilegios de owner group
+->d:cuando se crea un arch/dir tomará los permisos del owner del directorio
ls -l
-rwx------
123456789A
1:
d:directorio
b:hardware
c:Dispositivos de I/O
l:Enlace simbolico
s:sockets
p:tuberías
normales:
234:user:rwx
567:group:rwx
89A:other:rwx
especiales:
es mejor leerlos con stat -c "%a %n" arch.txt
-------
+->ACL(access control list)
+->setfacl -m u:batman:--- file.txt
+->setfacl -m u:batman:rX- /home/dir
Mayuscula X solo se aplica permiso de ejecución (acceso) a directorios.
-------
sudo y visudo
+->usuario:
sudouser ALL = (ALL) NOPASSWD:ALL
+->grupos:
%sudogrp ALL = (ALL) NOPASSWD:ALL
-------
+->MAC(mandatory access control) selinux
+-set/get:enforce
+->semanage fcontext -a -t public_content_t '/dir1(/.*)?'
+->restorecon -RvF /dir1/
+->semanage fcontext -l : Listar todos lo contextos de los archivos
+->ls -laZ : Mostrar permisos
+->chcon -t context_type file.txt : cambiar se permisos temporal
+->/var/log/audit/audit.log
+->yum install -y policycoreutils-python-2.5-33.el7.x86_64
+->grep -e '...' | <audit2allow||audit2why>
+->yum install -y setools-console
+->ausearch -c 'sshd' --raw | audit2allow -M my-sshd
+->getsebool -a ||setsebool -P httpd_can_network_connect on
+->semanage login -l : lista los usuarios y sus contextos
+->semanage fcontext -l : lista todos los contextos de cada ruta
+->semanage port -a -t ssh_port_t -p tcp 2222
+->ausearch -c 'nginx' --raw | audit2allow -M my-nginx
+->semodule -i my-nginx.pp
+->semodule ?
+->seinfo -c :
+->seinfo -t :
+->seinfo -u :
+->seinfo -r :
+->Contextos más usuales:
httpd_sys_content_t:Página web estática
httpd_sys_script_ro_t:CGI script para leer archivos y directorios
httpd_sys_script_rw_t:CGI read write erase
httpd_sys_script_exec_t:CGI de ejecución
+->Laravel->
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/proyecto(/.*)?'
restorecon -RvF /var/www/html/proyecto
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_sendmail on
+->selinux+httpd+nginx
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/test/html(/.*)?'
restorecon -RvF /var/www/test/html
+->selinux+nginx (non standard port)
sudo ausearch -c 'nginx' --raw | sudo audit2allow -M my-nginx
sudo semodule -i my-nginx.pp
----------------------------------------------------
!repos
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
createrepo
dvd local repo:
>/etc/yum.repos.d/dvd.repo
[LocalRepo]
name=LocalRepository
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
----------------------------------------------------
!repos epel - remi
yum-config-manager --add-repo=http://dl.fedoraproject.org/pub/epel/7/x86_64/
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum repolist
----------------------------------------------------
!instalar/actualizar
+->instala/actualiza: rpm -Uvh etc.rpm
+->busca quien instalo: rpm -qf /etc/grub2.cfg
+->desinstala: rpm -e etc.noarch
+->ver repos: yum repolist
+->listar instalados: yum list installed
+->instalar: yum install xxx
+->grupos de apps disponible: yum grouplist
+->instalar: yum groupinstall "Emacs"
+->buscar paquete: yum search "web server"
+->lista archivos instalados: rpm -qpl file.rpm
----------------------------------------------------
!particionado
+->lsblk
+->fdisk /dev/sdb
+->n,p,<enter>,<enter>,+1GiB
+->n,p,<enter>,<enter>,+500MiB
+->n,e,<enter>,<enter>,+1500MiB
+->w
+->fdisk /dev/sdb
+->n,l,<enter>,+500MiB,w
..
+->mkfs
+->mkfs.ext4 /dev/sdb1
+->exfat install:
yum install -y http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
yum install exfat-utils fuse-exfat
mkfs.exfat /dev/sdb5
+->mkswap (part/file),swapon,swapoff
!particionado (if size>2TB)
parted /dev/sdX
(parted) mklabel GPT
(parted) mkpart primary 2048s 100%
(parted) q
----------------------------------------------------
!lvm
(
fdisk /dev/sdX
n<enter>p<enter>1<enter><enter>w<enter>
)
+->pvcreate /dev/sdc1
+->vgcreate grupolvm /dev/sdc1
+->lvcreate -L 3G -n nombrelogico grupolvm
+->mkfs.ext4 /dev/grupolvm/nombrelogico
----
!crecer lvm:
+->lvextend -L +2000M /dev/grupolvm/nombrelogico
+->lvextend -L +100%FREE /dev/grupolvm/nombrelogico
despues de extender:
+->resize2fs /dev/sda1
----
!decrecer lvm: primero FS->volumen
0. sudo umount /dev/grupolvm/nombrelogico
1. sudo resize2fs /dev/grupolvm/nombrelogico 1G
1.1. sudo e2fsck -f /dev/grupolvm/nombrelogico
2. sudo lvresize -L 1G /dev/grupolvm/nombrelogico
-- o --
2. sudo lvresize -l +100%FREE /dev/grupolvm/nombrelogico
----
!agregar disco lvm (2GB), agregar a grupo, crecer VG,LV y FS
1. sudo fdisk /dev/sdd
1.1. n,p,<enter>x3
2. sudo pvcreate /dev/sdd1
3. sudo vgextend diplomado /dev/sdd1
4. sudo lvresize -l +100%FREE /dev/diplomado/gnu-linux
----------------------------------------------------
!procesos
+-top,htop,ps,pstree,nice,renice,kill
----------------------------------------------------
!init systems->
Centos7,Fedora>19: SystemD
Debian 6,SLES11: SysVInit
RHEL,Ubuntu12.04: upstart
!niveles de ejecución SystemV:
+->Levels
0:hald/poweroff
1:monousuario
2:multiuser sin red
3:multiuser con red
4:
5:grafico
+->Cambiar a modo texto definitivo
systemctl set-default multi-user.target
+->Cambiar a modo texto temporal
systemctl isolate multi-user.target
+->tiempo de carga del sistema (reboot)
+->systemd-analyze blame
+->systemd-analyze plot >/var/tmp/plot.svg
+->logs
+->journalctl
----------------------------------------------------
!servicios
+->lista servicios activos:
systemctl list-units --type service
+->lista todos los servicios
systemctl list-units --type service --all
+->Listar servicios act/inact/deshab
systemctl list-unit-files --type service
----------------------------------------------------
!hora, corregir timezone
timedatectl list-timezones
timedatectl set-timezone America/Mexico_City
timedatectl status
# timedatectl set-time '2016-12-13 13:45'
----------------------------------------------------
!variables de entorno
$SHELL, $HOME, $PATH, $PS1, $USER, $HOSTNAME, $SHLVL
/
Prompt
----------------------------------------------------
!redireccionamiento
stdin-> echo ok | sed 's/ok/nok/g'
ls | xargs rm -fr
ls alimenta a xargs por stdin y xargs le pasa lo que salga de "ls" a rm -fr
stdout-> echo ok >stdout.txt
stderr-> ls /archivo-no-existe.txt 2>/tmp/stderr.txt
----------------------------------------------------
!scripts
$0 nombre del script
$* conjunto de todos los args en un solo argumento
$@ conjunto de args en un solo param
$# num de parametros script
$? codigo error de ultimo comando
$$ el pid del script
$! el pid del ultimo proceso ejecutado en 2o plano
!variables scripts
ETC=2 <- sin espacios
echo $ETC
----------------------------------------------------
!estructuras de control scripts
+->
for i in $( ls ); do
echo item: $i
done
+->
CONTA=0
while [ $CONTA -lt 10 ]; do
echo contador: $CONTA
let CONTA=CONTA+1
done
+->Leer archivo linea por linea, "IFS= " es para dividir por lineas.
while IFS= read -r renglon
do
echo "$renglon"
done < input_file
----------------------------------------------------
!shells
+->listar shells instalados
+->cat /etc/shells
+->modificar shell
+->usermod -s /bin/zsh usuario
----------------------------------------------------
!passwd
+->caracteres mínimos
+->/etc/login.defs
+->/etc/passwd
+->usuario:pass shadow:uid:gid:Nombre:home:shell
+->admin:x:1000:1000:Admin:/home/admin:/bin/bash
+->/etc/shadow
+->user
:pass
:lastPassDaysChanged
:minDaysToPassChange
:MaxDaysPassValid
:WarnDaysToPassChange
:NumDaysToInactiveAfterPassExpire
:DaysToDeactivateAccount
Days se miden desde el 1/Ene/1970
----------------------------------------------------
!usuarios
useradd,usermod,userdel,addgroup,passwd
----------------------------------------------------
!firewall
+->firewall-cmd --zone=public --add-port=2222/tcp --permanent
+->firewall-cmd --zone=public --permanent --add-service=http
+->firewall-cmd --zone=public --permanent --add-port=443/tcp
+->firewall-cmd --reload
+->Rich rules->reglas complicadas
----------------------------------------------------
!nginx
yum install nginx
sudo sed -i 's/80 default_server/8080 default_server/g' /etc/nginx/nginx.conf
systemctl start nginx && systemctl enable nginx
mkdir -p /var/www/test2/html
mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled
vi /etc/nginx/nginx.conf
debajo de: include /etc/nginx/conf.d/*.conf;
>>include /etc/nginx/sites-enabled/*.conf;
crear test.conf en sites-enabled...
---
upstream php-fpm-prod {
server 127.0.0.1:9000 weight=1 max_fails=3 fail_timeout=5s;
keepalive 100;
}
server {
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
listen 8081;
root /var/www/test2/html;
index index.php index.html;
charset UTF-8;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
location ~ .php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass php-fpm-prod; #127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
---
ver selinux+nginx
ver nginx+php
----------------------------------------------------
!nginx+php
yum install -y php74-php-fpm.x86_64
systemctl list-unit-files | grep php
systemctl enable php74-php-fpm.service
systemctl start php74-php-fpm.service
----------------------------------------------------
!apache httpd virtualhost
yum install httpd
systemctl start httpd && systemctl enable httpd
mkdir -p /var/www/test/html
mkdir -p /var/www/test/logs
mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled
echo 'IncludeOptional sites-enabled/*.conf' | sudo tee -a /etc/httpd/conf/httpd.conf
#setsebool -P httpd_unified 1
---
<VirtualHost *:80>
ServerName test.com
DocumentRoot /var/www/test/html
ErrorLog /var/www/test/logs/error.log
CustomLog /var/www/test/logs/requests.log combined
</VirtualHost>
---
<VirtualHost *:443>
ServerName www.testing.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.testing.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.testing.com/privkey.pem
#SSLCertificateChainFile /var/www/www.testing.com/ssl/DigiCertCA.crt
DocumentRoot /var/www/www.testing.com/html
ErrorLog /var/www/www.testing.com/logs/error.log
CustomLog /var/www/www.testing.com/logs/requests.log combined
</VirtualHost>
---
ver:selinux+httpd/nginx
ver:httpd+php
----------------------------------------------------
!httpd+php
ver:apache httpd virtualhost
yum -y install yum-utils
yum-config-manager --enable remi-php74
yum -y install php php-opcache
----------------------------------------------------
!centos+squid+dansguardian:
wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/Kenzy:/packages/CentOS_7/x86_64/dansguardian-2.12.0.3-1.3.x86_64.rpm
sudo yum install -y dansguardian-2.12.0.3-1.3.x86_64.rpm
sudo yum install -y squid
sudo vi /etc/squid/squid.conf; # en la parte de las ACLs, agregar (lo de rojo)
>>acl localhost src 127.0.0.1/32
sudo setsebool -P squid_connect_any 1
sudo setsebool -P squid_use_tproxy 1
sudo systemctl start squid
sudo vi /etc/dansguardian/dansguardian.conf;
<>
filterip=192.168.0.109
filterports=8080
proxyip=192.168.0.109
proxyport=3128
sudo vi /etc/dansguardian/lists/bannedsitelist;
>>
unam.mx
sudo vi /etc/dansguardian/lists/bannedphraselist
>>
< unam >
sudo vi /usr/share/dansguardian/languages/ukenglish/template.html
sudo systemctl restart dansguardian;
----------------------------------------------------
!arrancar centos sin pass
agregar al grub -> rw init=/bin/bash
echo '123qwe' | passwd --stdin root && reboot
--- o ---
en el grub -> poner despues del quiet: rd.break
mount -o remount,rw /sysroot/
chroot /sysroot/
echo '123qwe' | passwd --stdin root && reboot
touch /.autorelabel
exit
reboot
----------------------------------------------------
!grub no modificar
grub2-mkpasswd-pbkdf2
/etc/grub.d/40_custom
>>
set superusers="root"
password_pbkdf2 root HASH_GENERADO
---
cd /boot/grub2/
grub2-mkconfig -o /boot/grub2/grub.cfg
----------------------------------------------------
!samba server
yum -y install samba samba-client samba-common
systemctl enable smb.service; systemctl start smb.service
systemctl enable nmb.service; systemctl start nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
adduser usersmb -s /sbin/nologin
smbpasswd -a usersmb
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
vi /etc/samba/smb.conf
>>
[compartir]
comment=samba
path=/samba/compartido
public=yes
writable=yes
---
mkdir -p /samba/compartido
chmod -R 0755 /samba/compartido
??chown -R nobody:nobody /samba/compartido
semanage fcontext -a -t samba_share_t '/samba/compartido(/.*)?'
restorecon -RvF /samba/compartido
----------------------------------------------------
!/etc/fstab
#device mounting_directory filesystem_type options dump fsck
//192.168.1.10/samba /smb-share cifs username=usersmb,password=password 0 0
/dev/sda1 / ext4 defaults 0 0
----------------------------------------------------
!automatizacion tareas
+->cron
+->/etc/crontab
min hour dom dow user cmd
+->at
+->at,atq,atrm
+->at 20:23
ls -l >/tmp/ls.txt
ctrl + d
----------------------------------------------------
!tigervnc
yum install -y tigervnc-server.x86_64
vncpassword
systemctl enable vncserver@:1.service
systemctl start vncserver@:1.service
firewall-cmd --permanent --add-service vnc-server
systemctl restart firewalld.service
----------------------------------------------------
Scripting en Bash acordeón:
ARGUMENTS:
is First argument empty:
if [ -z "$1" ]
then
echo "No argument supplied"
fi
argument count is 0:
if [ $# -eq 0 ]
then
echo "No arguments supplied"
fi
CASE:
case ${VAR} in
Opt1)
echo -n "Option 1"
;;
Option2 | Opt2 | Opttwo | Optwo)
echo -n "Option 2"
;;
Option3 | "Option 3" | Opt3 | "3")
echo -n "Option 3"
;;
*)
echo -n "any other option"
;;
esac
STRINGS:
Replace more than one space into one
... | sed 's/ */ /g'
... | sed 's/ \{1,\}/ /g'
... | tr -s ' '
----------------------------------------------------
function NDayOfMonth (){
# script to look for the N-th day of the month
# for example:
# The second Thursday of the February of 2024
# NDayOfMonth 2 3 2022 07
# arg1: 1,2,3,4,5 (1st, 2nd, 3rd, 4th, 5th day of the month)
# arg2: number for Day of the week (1=Sunday, 7=Saturday)
# arg3: Year in 4 digits
# arg4: Month in 2 digits
# Firstly we need to get the weekday for the first day of the month
#won't validate anything... so be careful
DM="$1"; WW="$2"; YYYY="$3"; mm="$4"
R=$(ncal $mm $YYYY 2>/dev/null | tail -n+2 | head -n${WW} | tail -n1 | xargs | cut -d " " -f2- | cut -d " " -f"${DM}")
echo "${R}"
}
---------------------
awk -F ';' '($2 == "ABCD") && ($3 == "MNOP") && ($4 == "KLPM") { print $2, $3;}' file.xml
awk -F ';' '($2>10) && (length($2) != 0) { print $2, $3;}' file.xml
awk -F ';' '{sum+=$57;} END{print sum;}' file.txt
---------------------
Exfiltración de datos o como actualizar sistemas sin acceso a red o mil cosas más
desde algun lugar con acceso a internet y maquina aislada:
ssh -R IpVmAislada:PuertoVmAislada:IpPcConAcceso:PuertoPCconAcceso user@IpVmAislada
ejemplo: ssh -R 0.0.0.0:8888:127.0.0.1:9999 user@10.x.y.z
en la VM "aislada"
proxychains wget "https://www.pulque.ro/m/Running_Up_That_Hill_(DJ_Falken_Amapiano_Remix).mp4"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment