This is a collection of linux commands that have been helpful to me but mostly not used often enough to just remember them off the top of my head. Some are definitely better documented than others...
# various methods to join and remove from AD based on OS version and AD settings
kinit admin@CORP.DOMAIN.COM
net ads join -v -k -U admin@CORP.DOMAIN.COM createcomputer="/ORG/Servers/LinuxServers"
net ads join -v -k -U admin@CORP.DOMAIN.COM -d10 createcomputer="/ORG/Servers/LinuxServers"
net ads join -v -U admin@corp.domain.com createcomputer="/ORG/Servers/LinuxServers"
adcli delete-computer --domain=corp.domain.com -U admin@CORP.DOMAIN.COM -W -v computer
adcli join corp.domain.com -U admin@CORP.DOMAIN.COM -v
adcli join corp.domain.com -U admin@CORP.DOMAIN.COM -O "ou=LinuxServers,ou=Servers,ou=ORG,dc=corp,dc=domain,dc=com" -v
adcli join -v --show-details --domain=corp.domain.com --domain-ou="ou=LinuxServers,ou=Servers,ou=ORG,dc=corp,dc=domain,dc=com" --login-user=admin --add-samba-data
realm leave
# show kerberos realms
realm list
# show kerberos tickets
klist -ke
# destroy kerberos tickets
kdestroy
rm -f /etc/krb5.keytab
# join domain
realm join -v -U admin@CORP.DOMAIN.COM --computer-ou="ou=LinuxServers,ou=Servers,ou=ORG" corp.domain.com
# leave and rejoin domain as one line (yes realm leave has to be executed twice sometimes)
realm leave; realm leave; kdestroy; rm -f /etc/krb5.keytab; realm join -v -U admin --computer-ou="ou=LinuxServers,ou=Servers,ou=ORG" corp.domain.com;
# clear SSSD cache
sss_cache -E
rm -rf /var/lib/sssd/db/*
systemctl restart sssd
# fix samba shares not working after samba 4.9 update
net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin# search for package that provides file
apt-file search /path/to/file
# search if package is installed
dpkg-query -l |grep package_name
# show all files deployed by package
dpkg-query -L package_name
# use socks5 proxy after "ssh -fN -D 8088 user@external"
echo 'Acquire::http::proxy "socks5h://localhost:8888";' | sudo tee -a /etc/apt/apt.conf.d/12proxy# print first n columns/fields
awk -F, '{ for (i=1; i<=5; i++) {print $i}' file_name
# alternative is to use cut
cut -d',' -f1-5 file_name
# print all after a specific field
awk '{ for (i=5; i<=NF; i++) print $i }'
# print last field
awk '{print $NF}'
# print characters 4-9 in column 2 if it is longer than 0
awk '$2 > 0 { print substr($2,4,9)}' file_name# show aliases
alias
# show functions
typeset -F #list only
typeset -f [function_name] #list and show function(s) with codeRedirection can be configured using the "<" and ">" operators. Typically they are used just as you see them and redirect data in the direction they are pointing. Programs must be written to use these and thankfully, most linux/unix utilities are. Here are some examples using standard input (STDIN file descriptor "0") and standard output (STDOUT file descriptor "1"):
# input redirection - attach a file to an email
mail -s "Subject" to@address < Filename
# creates file.log or replaces the contents if it already exists
grep ip_address /var/log/httpd/server_access.log > file.log
# appends to the contents of file.log or creates if it does not exist
grep ip_address /var/log/httpd/ssl_server_access.log >> file.logMost commands send their output to STDOUT (file descriptor "1") but sometimes they send it to STDERR (file descriptor "2"). Sending this content to a log or just getting it off the screen can be done by adding a "2" to the ">" or "<" operators:
virt-customize [arguments] 2> /tmp/virt-customize.log
Mail -s "Subject" to-address <2 virt-customize [arguments]# convert human readable timestamp to epoch
date "+%s" -d "Oct 28 15:30:11 2020 GMT"
# convert epoch to human readable timestamp
date -d @1603899011curl -sSLk -D - https://vmwu037.corp.domain.com -o /dev/null
curl -vsSLk https://vmwu037.corp.domain.com > /dev/null
# show certificate output (not as informative as `openssl s_client...`)
curl --insecure -vvI https://google.com
# prettify JSON output (yum/apt install jq first)
curl ... | jq
# flags to remember
-I --head # show headers only
-i --include # show headers and content
-L --location # follow redirects
-o --output # send output to file
-s --silent # don't show progress, errors, or output# flags to remember
-r, --recursive
-w, --ignore-all-space
-b, --ignore-space-change
-y, --side-by-side
-W $(tput cols) # set width to number of columns in terminal
-q, --brief
-l, --paginate
--left-column
--color=always # force colorized output including when piped to less
# folders
diff -rq folder1 folder2
diff -wbr folder1 folder2
# compare file contents to command output (command output can be done for both)
diff -wy vs_code_extensions <(code --list-extensions)
diff -wy <(cat requirements.txt) <(pip freeze)sudo yum update --disablerepo=
sudo yum update --disablerepo=percona-release-noarch --disablerepo=percona-release-x86_64
yum updateinfo list security installed
yum updateinfo list sec
yum -y update --security
dnf -y update --security
sudo yum groupinstall "X Window System"
yum repolist
yum --disablerepo="*" --enablerepo="[ius]" list available |grep XXX
# install specific version of rpm package
yum --showduplicates list [package]
yum install [package-name]-[version].[architecture]
# yum update notice says it is broken or a bad duplicate
# https://access.redhat.com/solutions/1502743
yum check-update --verbose
yum clean all; yum check-update
# show which repo packages were installed from (requires yum-utils to be installed)
find-repos-of-install
# check for packages that depend on an installed package
# https://unix.stackexchange.com/questions/374481/how-do-display-a-list-of-packages-a-certain-package-provides-for
dnf repoquery --alldeps --whatrequires [package]
dnf repoquery --installed --whatrequires [package]find . -ctime -5 # find files created in 5 hours or less
find . -mtime -5 # find files modified in 5 hours or less
find . -cmin -5 # find files created in 5 minutes or less
find . -mmin -1 # find files modified in 1 minute or less
find ./ -type d # show only directories
# look in specified path and only go into 1 subfolder deep, looking for file named server.xml
find /usr/local/ -maxdepth 2 -name server.xml
# essentially list the contents of the path because it's only going to stay at the top level
find /usr/local -d -maxdepth 1
# find 5 most recently modified files in a folder (date -d "@xxxxxx" to convert to human readable timestamp)
find . -type f -printf '%T@ %p\n' | sort -k1,1nr | head -5
# delete folders that match name
find ./ -name .terraform -print0 | xargs -0 rm -rffirewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -j ACCEPT
firewall-cmd --permanent --direct --remove-rule ipv4 filter INPUT 1 -j ACCEPT
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=10.196.118.48/32 port protocol=tcp port=1842 accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" forward-port to-addr="192.168.122.52" to-port="51253" protocol="udp" port="51253"'
firewall-cmd --permanent --new-zone=wireguard
firewall-cmd --permanent --zone=wireguard --change-interface=wg0
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --zone=public --add-port=5044/tcp
firewall-cmd --zone=public --remove-port=5044/tcp
firewall-cmd --get-services
firewall-cmd --add-service=ssh --permanent
firewall-cmd --remove-service=ssh --permanent
#**WARNING** reload is required after any command with --permanent in it
firewall-cmd --reload
firewall-cmd --list-all
#**WARNING** --list-all doesn't show direct rules, and maybe other stuff... WTF?!
firewall-cmd --runtime-to-permanentgit init .
git add ./
git commit -m "Initial Base Project"
git push --set-upstream git@git.corp.domain.com:linux-admins/NEW_PROJECT_NAME.git master
git remote add origin git@git.corp.domain.com:linux-admins/NEW_PROJECT_NAME
git clone user@ssh_server:path_to_repo
git checkout -b new_branch
git stash
git checkout other_branch
git stash pop # apply most recent stash to current branch
git stash show -p # show full stash diff
git stash show [number] # show specific stash diff
git stash list # show all stashes
git stash apply [number] # apply specific stash
git stash drop [number] # drop/delete last stash or specific stash number
git show [commit_hash_part] # show full diff and files of specific commit
git show --pretty="" --name-only [commit_hash_part] # show only filesnames that changed in commit
git diff-tree --no-commit-id --name-status -r [commit_hash_part] # same as previous but outputs to terminal
git show --pretty="" --name-status [commit_hash_part] # show filenames and status change in commit
git diff [commit_hash_1] [commit_hash_2] # show diff between commits
git diff HEAD # show diff of what's been added to a commit
git rev-parse --show-toplevel # return the full path to the root of the repo - useful in scripts
# search all git commits for an old/deleted file or reference to it
git log --all --full-history -- "**/thefile.*" # don't know the path
git log --all --full-history -- <path-to-file> # know the path
git show <SHA> -- <path-to-file> # show the version of the file you want
git checkout <SHA>^ -- <path-to-file> # restore it into working directoryUse gpg to encrypt files and save them inside a repo. When adding secret files, be in the root of the repo. Sometimes the git secret reveal command will fail when running in tmux if the gpg key hasn't already been unlocked. If you see errors about the folder not being secure when hiding secrets, chmod the permissions to 700 on the .gitsecret/keys folder.
# initialize git secret repo
git init
git secret init
git secret tell "gpg_key_email_address"
echo "secret" > secret.txt
git secret add secret.txt
git secret hide -d # encrypts all files and deletes unencrypted sources
git add .gitignore .gitsecret secret.txt.secret
git commit -m 'initial commit'
# decrypt everything so you can make changes as needed
git secret reveal -v -f # verbose and forcibly continue if there's a failure
# add additional secrets
echo "secret_content" > folder/file1
echo "secret_stuff" > folder/file2
git secret add folder/file1 folder/file2
git secret hide -d
git add folder/file1.secret folder/file2.secret
git commit -m 'add folder/file1 folder/file2'
# checkout main branch and remove anything extra or clean up after revealing
git checkout main
git reset --hard
git clean -fdX
git pull origin main
# check for duplicate keys
kbxutil --find-dups ./.gitsecret/keys/pubring.kbx
kbxutil --stats ./.gitsecret/keys/pubring.kbx
# list keys in .gitsecrets/keys/pubring.kbx
kbxutil ./.gitsecret/keys/pubring.kbx |grep "Uid\[0\]"# http://michaelwales.com/articles/make-gitconfig-work-for-you/
[color]
ui = true
[color "branch"]
current = yellow reverse
local = yellow
remote = green
[color "diff"]
meta = yellow bold
frag = magenta bold
old = red bold
new = green bold
[color "status"]
added = yellow
changed = green
untracked = red
[user]
name = C3P0
email = c3p0@starwars.com
[init]
defaultBranch = main
templateDir = /home/jlm/.git-template
Last path that meets the applicable folder applies.
[includeIf "gitdir:~/"]
path = .gitconfig-personal
[includeIf "gitdir:~/git/company/"]
path = .gitconfig-work
You can also add an entry in the ~/.ssh/config file to specify an SSH key to use for a specific HostName as well when cloning git over SSH.
#######
# LIST KEYS
# when listing keys, "sec" is for private keys and "ssb" is for public keys
# also, the S, C, E, A values mean
# S: signing
# C: certifying/creating (generally subkeys)
# E: encrypting
# A: authenticating
#
# private keys are used for signing and decrypting
# public keys are used for encrypting and verifying signatures
# [--homedir path/to/custom_homedir] can be appended to any argument
# show public keys - keys you can encrypt and verify a signature with
gpg --list-keys [--homedir path/to/custom] --with-subkey-fingerprints
# show private keys - keys you can decrypt and create signatures with
gpg --list-secret-keys [--homedir path/to/custom] --with-subkey-fingerprints
#######
# CREATE KEYS
gpg --gen-key --default-new-key-algo "ed25519/cert,sign+cv25519/encr"
gpg --full-generate-key
gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-gen-key 'First Last (tag/identifier) <email@address>' default default 1095d
#######
# EXPORT KEYS
gpg --list-keys
gpg --list-secret-keys
# for each public key
gpg --output <KEY_NAME>_pub.gpg --export <KEY_ID>
gpg --export [key-id] > filename_pub.gpg
gpg --armor --export email@address > public-key.gpg
# for each secret key(not recommended unless putting in encrypted datastore)
gpg --output <KEY_NAME>_key.gpg --export-secret-keys <KEY_ID>
gpg --export-secret-keys [key-id] > filename_key.gpg
# export public key from private key
gpg --import [private-key-file]
gpg --export [key-id]
#######
# IMPORT KEYS
gpg --import <KEY_NAME>_key.gpg
gpg --edit-key <KEY_NAME>_key.gpg trust quit # enter "5" (ultimate) when prompted
gpg --list-keys # verify everything looks as expected
gpg --list-secret-keys # verify everything looks as expected
# verify things work as expected.
# 1. Encrypt a file from the old machine
# 2. Copy it to the new machine
# 3. Decrypt file after importing the secret key
#######
# EDIT KEY EXPIRATION
# $DURATION is a number of days (default), 0 for no expiration or a number
# directly followed by w, m, or y to mean weeks, months and years respectively
# i.e. 1095d 36m 3y
# first one is for the primary key and the one with '*' is for subkeys
gpg --quick-set-expire $KEYID $DURATION
gpg --quick-set-expire $KEYID $DURATION '*'
# delete public key from keyring
gpg --delete-keys email@address
# delete secret/private key from keyring
gpg --delete-secret-keys --yes --fingerprint 62E80EEB26C4F09E97BCCA993FE0CB4DC55599C5
#######
# ENCRYPT/DECRYPT
# encrypt file
gpg --output file.gpg --encrypt --recipient <email@address_of_key> file
for f in `ls |grep big_file-part`; do gpg --passphrase-file ./pass --batch --symmetric --cipher-algo AES256 --output $f.gpg $f; done
# decrypt file
gpg --output file_decrypted --decrypt file.gpg
gpg --decrypt filename.gpg > filename
# encrypt/decrypt commands on mobaxterm
gpg2 --symmetric --cipher-algo AES256 --output filename.gpg filename
gpg2 --decrypt filename.gpg > filename# flags to remember
-v, --invert-match: select non-matching lines (not used with full files)
-f FILE, --file=FILE: use patterns from file, one per line
-i, --ignore-case
-x, --line-regexp
-l, --files-with-matches
-L, --files-without-match
-H, --with-filename
-h, --no-filename
-r, --recursive
-n, --line-number
--include=\*.{ext1,ext2,...}
# list only files that include pattern
grep -lr [pattern] [path]
# exclude blank lines
grep -v -e "^#\|^[[:space:]]*$" [path]
# search for multiple values
grep "pattern1\|pattern2\|pattern3" [path]
# show "missing" lines - exist in one file but not the other
# slow
for h in `cat hosts_real.txt`; do if ! grep -q "$h" hosts_nessus.txt; then echo $h; fi; done
# fast
grep -vf hosts_nessus.txt hosts_real.txt
# more detailed example and reverse use cases
# in this example, the breakfix_current file has machines in it that no longer exist on our network, and some that still have a warranty - we want both of those kind of entries removed. Also, we want to check to see if there are machines on our network that do not have a warranty but are not yet included in the breakfix_current list so we can add them.
# First we check to see if any machines listed in the breakfix_current no longer exist in the pc_list_current (the full, live PC inventory list).
for s in `cat breakfix_current`; do if ! grep -q "$s" pc_list_current; then echo $s; fi; done > old_pcs
# then create a new file with old_pcs removed from breakfix_current
for s in `cat breakfix_current`; do if ! grep -q "$s" old_pcs; then echo $s; fi; done > bf_current_live
# then we check the warranty status list against the new bf_current_live list
for s in `cat has_warranty`; do if grep -q "$s" bf_current_live; then echo $s; fi; done > bf_has_warranty
# combine old_pcs and bf_has_warranty lists to show all that should be removed
cat old_pcs bf_has_warranty > bf_remove_list
# create new file showing live PCs without warranty
for s in `cat pc_list_current`; do if ! grep -q "$s" has_warranty; then echo $s; fi; done > live_pcs_no_warranty
# create list of live PCs with no warranty to add to the breakfix list
for s in `cat live_pcs_no_warranty`; do if ! grep -q "$s" breakfix_current; then echo $s; fi; done > add_pcs_to_breakfix
# and here are more concise grep statements to do the same thing (these run much faster when dealing with large files)
grep -vf pc_list_current breakfix_current > old_pcs
grep -vf old_pcs breakfix_current > bf_current_live
grep -f bf_current_live has_warranty > bf_has_warranty
cat old_pcs bf_has_warranty > bf_remove_list
grep -vf has_warranty pc_list_current > live_pcs_no_warranty
grep -vf breakfix_current live_pcs_no_warranty > add_pcs_to_breakfixawk -F\' /^menuentry/{print\$2} /etc/grub2.cfg
# grub2-set-default 1 # whatever number matches what you want (list starts at 0)
grub2-reboot 1 # whatever number matches what you want (list starts at 0)
yum -y remove kernel-uek kernel-uek-devel
# http://ask.xmodulo.com/change-default-boot-kernel-centos.html
# show assigned boot kernel
grub2-editenv list
# set to default latest kernel
sudo grub2-editenv /boot/grub2/grubenv set saved_entry=0# export less content to file
# if content is being piped to less (like it does with aws cli or git)
-o filename
# send all lines when not piped (use the literal characters '|' and '$')
|$cat > ~/tmp/file
# send all lines containing pattern (use the literal characters '|' and '$')
|$grep [PATTERN] > ~/tmp/file# show LVM basic config / stats
lvs
vgs
pvs
# show LVM detailed config / stats
lvdisplay
vgdisplay
pvdisplay
# After increasing the virtual disk in the virtual platform, rescan the scsi disks within the OS:
for disk in /sys/class/scsi_disk/*; do echo '1' > $disk/device/rescan; done
# increase physical volume size to full disk
pvresize -v /dev/sdb
# increase physical volume size by specific amount
pvresize -v --setphysicalvolumesize [insert new size here]g /dev/sda2
# increase logical volume size
lvresize -v -L +32g /dev/vg01/lv_var_lib_prometheus
# grow XFS volume
xfs_growfs /var/lib/prometheus
# grow EXT4 volume
resize2fs /var/lib/prometheusperl -i -0pe 's/<url-pattern>\/text\/\*<\/url-pattern>\n <\/web-resource-collection>\n <auth-constraint>\n <role-name>manager-script<\/role-name>/<url-pattern>\/text\/\*<\/url-pattern>\n <\/web-resource-collection>\n <auth-constraint>\n <role-name>manager-script<\/role-name>\n <role-name>LinuxAdmins<\/role-name>\n <role-name>TomcatDevelopers<\/role-name>/' file_nameimport re
file = open("file_path", "w")
file_text = file.read()
text_updated = re.sub(r'<url-pattern>/text/\*</url-pattern>\n </web-resource-collection>\n <auth-constraint>\n <role-name>manager-script</role-name>\n', r'<url-pattern>/text/*</url-pattern>\n </web-resource-collection>\n <auth-constraint>\n <role-name>manager-script</role-name>\n <role-name>LinuxAdmins</role-name>\n <role-name>TomcatDevelopers</role-name>\n', file_text)
file.write(text_updated)
file.close()
import os
import pprint
pp = pprint.PrettyPrinter()
pp.pprint(os.environ['path'].split(";"))
pp.pprint(sorted(os.environ['path'].split(";")))
import struct; print(struct.calcsize("P") * 8)mongo --host hostname
use admin
db.auth("username")
db.getUsers()
db.createUser(
{
user: "mongoadmin",
pwd: passwordPrompt(),
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
# ping scan
nmap -sn [target]
# check for open port but don't ping
nmap -p 3389 -Pn [target]
#`ls /usr/share/nmap/scripts` to see available
nmap --script ssh2-enum-algos hostname.fqdn
nmap --script ssl-enum-ciphers -p 443 hostname.fqdn
nmap --script ssh2-enum-algos,ssl-enum-ciphers hostname.fqdn# generate random password
openssl rand -base64 12
# extract PFX and create new pkcs12 file
openssl pkcs12 -in corp_wildcard_5.pfx -nocerts -out corp-wildcard-key.pem
openssl pkcs12 -in corp_wildcard_5.pfx -out corp-wildcard-cert.pem -nokeys
openssl pkcs12 -export -in corp-wildcard-cert.pem -inkey corp-wildcard-key.pem -out corp-wildcard-cert.p12 -name corp-wildcard -CAfile corp-ca.pem -caname "CORP CA" -chain
# convert PFX/pkcs12 to JKS
keytool -importkeystore -srckeystore corp-wildcard-cert.p12 -destkeystore corp-wildcard-keystore.jks -srcstoretype pkcs12 -deststoretype JKS
# create self-signed cert
openssl req -x509 -sha256 -newkey rsa:2048 -keyout sha256-2048.key -out sha256-2048.pem -days 1024 -nodes
# add/remove password from key
openssl rsa -aes256 -in your.key -out your.encrypted.key
openssl rsa -in your.encrypted.key -out your.key
# view certificate details
openssl x509 -in ./path-to-crt -noout -text
# view certificate highlights
openssl x509 -noout -serial -subject -issuer -dates -purpose -in ./path-to-crt
# verify certificate is valid / show why it isn't (optionally show certs)
echo quit | openssl s_client [ -showcerts ] -verify 5 -connect example.com:433 |tail -n 5
# extract certificate expiration date
openssl x509 -noout -dates -in ./path-to-crt |grep notAfter |awk -F= '{print $2}'
# get SSL certificate chain; first cert should be site, followed by intermediate and then root CAs
echo quit |openssl s_client -connect google.com:443 -showcerts
# get first SSL cert in certificate chain
openssl s_client -showcerts -connect google.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > certfile.pem
# list certificates in CA bundle
openssl crl2pkcs7 -nocrl -certfile cert-bundle.pem | openssl pkcs7 -print_certs -text -noout |less
# check issue date for CRL
openssl crl -in ./crl.pem -lastupdate -noout
# show sha1 certificate fingerprint to compare with keytool list (use md5 or sha256 to get those)
openssl x509 -in ./cert.pem -noout -text -fingerprint -sha1 |grep Fingerprint
# openssl-custom.cnf to generate certs for Windows from Linux/Cygwin
req_extensions = v3_req
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment # add 'dataEncipherment' for Sonatype Nexus
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = nexus.corp.domain.com
DNS.2 = vmwu034.corp.domain.com
DNS.3 = vmwu033.corp.domain.com
DNS.4 = *.corp.domain.com
# openssl create key and req (CSR) commands
openssl genrsa -out nexus.corp.domain.com.key 4096
openssl req -new -out nexus.corp.domain.com.csr -key nexus.corp.domain.com.key -config openssl-custom.cnf
######
# USE ELLIPTIC CURVE KEYS
# find your curve
openssl ecparam -list_curves
# generate a private key for a curve
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
# generate corresponding public key
openssl ec -in private-key.pem -pubout -out public-key.pem
# optional: create a self-signed certificate
openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
# optional: convert pem to pfx
openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfxSyntax highlighting for code blocks use the Haskell "skylighting" library. The list of languages pandoc will recognize can be shown with pandoc --list-highlight-languages.
There are several built-in themes or you can use your own. To list the built-in themes, run pandoc --list-highlight-styles. Export any of the existing themes by running pandoc --print-highlight-style [style_name] > [style_name].theme. Then edit the theme as desired and use it with pandoc --highlight-style my.theme.
edit the kate or default "pygments" theme with this to make it easier to read: "text-color": null, "background-color": "#f8f8f8", "line-number-color": "#aaaaaa", "line-number-background-color": null,
- https://pandoc.org/demos.html
- https://www.garrickadenbuie.com/blog/pandoc-syntax-highlighting-examples/
To produce a custom reference.docx, first get a copy of the default reference.docx with: pandoc -o custom-reference.docx --print-default-data-file reference.docx. Then open custom-reference.docx in Word, modify the styles as you wish, and save the file. It can be used with the --reference-doc=path_to_file or put it in the user data directory (--data-dir - "%userprofile%\AppData\Roaming\pandoc" on Windows and "$HOME/.pandoc" on Linux).
c:\utils\pandoc\pandoc.exe --from markdown --reference-doc=c:\utils\pandoc\reference.docx --output dest_file.docx source_file.md
c:\utils\pandoc\pandoc.exe -t gfm -s file.docx -o file.md --extract-media=file_media
pandoc -s file.md -o file.docx --reference-doc=/cygdrive/c/utils/pandoc/reference.docx
pandoc -s file.md -o file.docx --reference-doc=c:\utils\pandoc\reference.docx
pandoc -s file.docx -o file.md -t gfm --extract-media=./file_mediause pgadmin gui to get equivalent of "describe" function in mysql (databases/db_name/schemas/public/tables/table - SQL tab)
psql -U postgres
help: \?
quit: \q
show history: \s
save history to file: \s filename
execute commands from file: \i filename
list databases: \l
list users: \du
connect to database: \c db_name
list tables: \dt
describe specific table: \d table_name
switch output to HTML: \H
switch output between aligned/unaligned: \a
show db version: select version();change password:
ALTER ROLE username WITH PASSWORD '[complex_password]';allow remote access:
echo "host all all [source_ip]/[mask] scram-sha-256" >> /etc/postgresql/14/main/pg_hba.conf
systemctl restart postgresqlfind empty tables:
select n.nspname as table_schema, c.relname as table_name
from pg_class c
join pg_namespace n on n.oid = c.relnamespace
where c.relkind = 'r'
and n.nspname not in ('information_schema','pg_catalog')
and c.reltuples = 0
order by table_schema,
table_name;connect to PuppetDEV server:
puppet agent --server puppetdev --no-daemonize -v -tfix puppet Error: Could not connect via HTTPS to https://forgeapi.puppet.com - https://ask.puppet.com/question/24891/how-to-add-ca-of-internet-web-proxy/
sudo mv /opt/puppetlabs/puppet/ssl/cert.pem /opt/puppetlabs/puppet/ssl/cert.pem.bak
sudo ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/puppetlabs/puppet/ssl/cert.pemcommon certificate signing commands:
sudo puppetserver ca clean --certname hostname.corp.domain.com[,hostname2.corp.domain.com,hostname3...]
sudo puppetserver ca list
sudo puppetserver ca sign --certname hostname.corp.domain.com[,hostname2.corp.domain.com,hostname3...]
sudo puppetserver ca sign --allupgrade puppet modules:
for m in `puppet module list |grep puppet |grep v[0-9] |awk '{print $2}'`; do puppet module upgrade --modulepath=/etc/puppetlabs/code/environments/production/modules $m; done# create password hash
python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
# unit testing
python -m unittest test_corp_web_apps.CorpURLTestAvailable
python -m unittest test_corp_web_apps.CorpURLTestLinks
python -m unittest test_corp_web_apps.CorpSeleniumChecks
# create or upgrade python virtualenv (same command):
python -m venv ./python_venvs/env_name
# upgrade already installed pip module to latest:
pip install --upgrade module_name
# upgrade/downgrade/install specific version of module
pip install --upgrade module_name==version
# create requirements.txt:
pip freeze > requirements.txt
# install from requirements.txt:
pip install -r ./requirements.txt
# upgrade installed packages
# pip >=22.3
pip --disable-pip-version-check list --outdated --format=json | python -c "import json, sys; print('\n'.join([x['name'] for x in json.load(sys.stdin)]))" |xargs -n1 pip install --upgrade
pip --disable-pip-version-check list --outdated --format=json | jq -r '.[].name' |xargs -n1 pip install --upgrade
# pip < 22.3
pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
# configure path to root ca trust store for pip
pip config list
pip config set global.cert path/to/ca-bundle.crt
# display where the current python cert store is defined
python3 -c "import ssl; print(ssl.get_default_verify_paths())"# on ubuntu 22.04
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
sudo dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb
mkdir ~/python/python39
curl -sL https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz -o python-3.9.16.tgz
tar -zxf python-3.9.16.tgz
cd Python-3.9.16
./configure --enable-optimizations --prefix=$HOME/python/python39
make
make install# create web server
python -m http.server [port]# send email
https://realpython.com/python-send-email/
import smtplib, ssl
port = 587 # For starttls
smtp_server = "smtp.gmail.com"
sender_email = "my@gmail.com"
receiver_email = "your@gmail.com"
password = input("Type your password and press enter:")
message = """\
Subject: Hi there
This message is sent from Python."""
context = ssl.create_default_context()
with smtplib.SMTP(smtp_server, port) as server:
server.ehlo() # Can be omitted
server.starttls(context=context)
server.ehlo() # Can be omitted
server.login(sender_email, password)
server.sendmail(sender_email, receiver_email, message)# download file from URL
import urllib.request
url = 'https://vmwz105.corp.domain.com/CertEnroll/corp-CA.crl'
with urllib.request.urlopen(url) as response, open('/path/to/file', 'wb+') as real_rootca_crl_outfile:
data = response.read()
real_rootca_crl_outfile.write(data)
print(data)
# work with date / datetime
import subprocess
from datetime import datetime
from datetime import timdelta
current_time = datetime.now()
crl_time_format = "%b %d %H:%M:%S %Y %Z"
crl_lastupdate = subprocess.run("openssl crl -in " + path_to_crl_file + " -noout -lastupdate |awk -F= '{print $2}'",
shell=True,
stdout=subprocess.PIPE)
str_crl_lastupdate = crl_lastupdate.stdout.decode('utf-8').strip('\n')
date_crl_lastupdate = datetime.strptime(str_crl_lastupdate, crl_time_format)# rebuild RPM database (https://www.tecmint.com/rebuild-corrupted-rpm-database-in-centos/)
mkdir /var/backups
tar -zcvf /var/backups/rpmdb-$(date +"%d%m%Y").tar.gz /var/lib/rpm
rm -f /var/lib/rpm/__db*
/usr/lib/rpm/rpmdb_verify /var/lib/rpm/Packages
rpm -vv --rebuilddb
rm -f /var/lib/rpm/__db*; /usr/lib/rpm/rpmdb_verify /var/lib/rpm/Packages; rpm --rebuilddb- Interactive sed command testing: https://sed.js.org/
# append to beginning of line if pattern match:
sed '/isbz120:\/data02\/oradata/ s/^/#/' /etc/fstab
# add a new line after a pattern match:
sed '/#isbz120:\/data02\/oradata/a entbackint:\/ifs\/smdc\/corp\/corp_ora\/rman_corp \/oradata\/remote nfs rw,bg 0 0' /etc/fstab
# delete a line:
sed '/\/mnt\/oracle\/accimg/d' /etc/fstab
# replace a whole line containing a phrase or word
# there's no need for the extra search on the second example, but it does the same thing
sed 's/.*service_port.*/ service_port: "8443"/' vmwu047.corp.domain.com.yaml
sed -i '/FirewallBackend=/ s/.*FirewallBackend=.*/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf
sed '/DOMAIN/ s/^'
sed -i -e '/^DOMAIN=/ c\DOMAIN="corp.domain.com domain.com dmz.domain.com"'
sed '/^pattern.*/a after=me' test.txt
sed '/^pattern.*/i before=me' test.txt
# case insensitive search/replace
iwconfig wlo1 |sed s/00:10:FA:6E:38/UpstairsAP/I |sed s/66:A5:EF:A8:0B/DownstairsAP/I
# replace value between quotes
sed -i '/Default Folder/ s/path="[^"][^"]*"/path="\/var\/lib\/syncthing\/data\/Sync"/' /var/lib/syncthing/etc/config.xml
# work with file paths
cat file_paths.txt | sed 's/\//\\\//g' > sed_paths
# show the changes that would be made
for p in `cat sed_paths`; do sed --quiet "s/$p/#$p/p" /path/to/config_file ; done
for p in `cat sed_paths`; do sed --quiet 's/'"$p"'/'"#$p"'/p' /path/to/config_file ; done
# make the changes
for p in `cat sed_paths`; do sed -i "/$p/ s/^/#/" /path/to/config_file ; done
for p in `cat sed_paths`; do sed -i '/'$p'/ s/^/#/' /path/to/config_file ; donesetenforce 0 # to set selinux to permissive mode
getenforce # to show selinux mode
sestatus # show more details about SELinux status
setsebool -P httpd_can_network_connect on
setsebool -P httpd_use_cifs on
semanage port -a -t http_port_t -p tcp 8888
semanage fcontext -a -s system_u -t httpd_passwd_exec_t "/etc/httpd/private/.ssl_passphrase"
semanage fcontext -a -s system_u -t samba_var_t "/var/lib/samba(/.*)?"
restorecon -R -v /var/www/html# recursively clear the ACLs on a folder
setfacl -R -bn /usr/local/apache-2.4.41/htdocs
# assign permissions to a group recursively on a folder and then add that permission to the default list so any new file/folder gets that permission assigned
setfacl -R -m g:linuxadmins@corp.domain.com:rwx /usr/local/apache-2.4.4
setfacl -R -d -m g:linuxadmins@corp.domain.com:rwx /usr/local/apache-2.4.4
# set the group mask recursively on a folder then do the same with the default group mask
setfacl -R -m g::rwx /usr/local/symmetricds
setfacl -R -d -m g::rwx /usr/local/symmetricds
# copy ACL from one file to another
getfacl source_file | setfacl --set-file=- destination_file
# copy ACLs from parent folders and apply recursively to children
for f in `ls`; do getfacl $f |setfacl --set-file=- -R $f; donesystemctl stop snmpd; net-snmp-create-v3-user -ro -A [password] -a MD5 -x DES [username]; systemctl start snmpd;sqlite3 filename.db
.tables
.schema table
select * from rrs_closures order by id desc limit 10;
select * from rrs_incidents where event like '%town%';<logon> is: {<username>[/<password>][@<connect_identifier>] | / }
[AS {SYSDBA | SYSOPER | SYSASM | SYSBACKUP | SYSDG | SYSKM | SYSRAC}] [EDITION=value]
<connect_identifier> can be in the form of Net Service Name
or Easy Connect.
@[<net_service_name> | [//]Host[:Port]/<service_name>]
sqlplus jaspertmp@DEVLNX- https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding
- https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
- https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
- https://goteleport.com/blog/ssh-jump-server/
# list active ssh keys
ssh-add -L
# use jumpserver
ssh -J host1 final_destination
ssh -J host1,host2 final_destination
ssh -J user1@host1:port1,user2@host2:port2 user3@host3
# enable agent forwarding
ssh -A user@host
# regenerate public SSH key from private
ssh-keygen -y -f ./private.key
# show details of public key
ssh-keygen -l -f ./public.pem
# enter config/command console
~C
# list supported escape sequences
~?
# common escape sequences
~. - terminate connection (and any multiplexed sessions)
~B - send a BREAK to the remote system
~C - open a command line
~R - request rekey
~V/v - decrease/increase verbosity (LogLevel)
~^Z - suspend ssh
~# - list forwarded connections
~& - background ssh (when waiting for connections to terminate)
~? - this message
~~ - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)
# open port 9091 on the local client and forward traffic through it to port 8081 on the 127.0.0.1 IP of the remote SSH server
-L 9091:localhost:8081
# open port 8443 on the local client and forward traffic through it to the remote server which will redirect it to google.com on port 443
-L 8443:google.com:443
# open port 80 on the remote SSH server and forward traffic through it to the local client and direct it to 127.0.0.1 on port 8081
-R 80:localhost:8080
# open port 81 on the remote SSH server and forward traffic through it to the local client which will redirect it to google.com on port 443
-R 81:google.com:443systemctl list-units --state=failed
journalctl -u service-name -f
systemctl get-default
systemctl set-default multi-user.target
systemctl set-default graphical.target
# systemd/systemctl timers - cron job replacement
# https://wiki.archlinux.org/index.php/Systemd/Timers
systemctl list-timers
# start a service in 12 hours and 30 minutes
systemd-run --on-active="12h 30m" --unit someunit.service
# run a command 30 seconds from now
systemd-run --on-active=30 /bin/touch /tmp/footar --acls --same-owner -pzcf
tar --acls --same-owner -zxf# flags to remember
-c # only capture specific number of packets
-D # show interfaces available for capture
-i # listen on specific interface ('any' for all but requires root)
-q # quiet, less verbose
-r # read from previous pcap file
-s # set snaplength in bytes (how much of the packet to capture, 0 for everything)
-t # human readable timestamp
-v # verbose output, use more v's for more verbose (example: -vvv)
-w # write to file
-X # show packet contents with Hex output
# filter options
host <name> or <ip> # either source or destination
net <subnet/mask> # either source or destination
src <ip> or <subnet>
dst <ip> or <subnet>
protocol - choose from available protocols: tcp, udp, icmp, ip, ip6, ppp, rarp, slip, wlan, ether, fddi...
tcp/udp [src/dst] port <port_number> # src/dst is optional
ether # mac address filtering
AND: 'and' or '&&'
OR: 'or' or '||'
NOT: 'not' or '!'
tcpdump -s 0 -vv -i any [udp port 67 | tcp port 22 | host 1.2.3.4 and tcp port 443 | net 10.0.1.0/24]
# use tcpick for human readable output# flags to remember
-a # resolve IPs to DNS hostnames
-h # show source and destination address and port (use with -a to resolve IPs to hostnames)
-C # show things in color!
-t # add timestamp
-v # verbose
-td # add date and timestamp
-yP # show data contained in packets
tcpick -C -yP -r tcp_dump.pcap
tcpdump -s 0 -vv -i any tcp port 443 | tcpick -C -hat- https://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1?query=tmux&sec=1#FORMATS
- https://unix.stackexchange.com/questions/260147/tmux-status-line-and-current-path-format
# list sessions
tmux ls
# attach session
tmux a -t [session_name]:
# disconnect a session
CTRL+b d
# kill session
CTRL+b :kill-session
# enter scroll mode (allows you to view previous buffer contents)
CTRL+b [
# search in scroll mode
CTRL+r # enter value to search for and hit enter. Press n to find next value. Will search "up".
# mark text to copy
CTRL+SPACE # use arrows to move the cursor and select text
# copy selected text to buffer
ALT+w # linux
CTRL+w # mac
# paste buffer
CTRL+b ]
# exit scroll mode
q
# use vi key bindings in scroll/copy buffer
CTRL+b :setw -g mode-keys vi
# create a horizontal split in current pane
CTRL+b "
#"
# create a vertical split in current pane
CTRL+b %
# resize current pane Down Up Left Right
CTRL+b, continue to hold Ctrl, <arrow> #only works on Linux because Mac sees CTRL+<arrow> as something else
CTRL+b :resize-pane -[D,U,L,R] [number_of_rows]
# move between panes
CTRL+b <arrow>
CTRL+b o
# move/rotate panes
CTRL+b+o # rotate all panes
CTRL+b { # move single pane to the right or down
CTRL+b } # move single pane to the left or up
# move/swap windows
CTRL+b :
swap-window -s 3 -t 1 # swap 3 with 1
swap-window -t 1 # swap current window with a specific window (1 in this case)
swap-window -t -1 # move current window to the left
swap-window -t +1 # move current window to the right
# tmux preferences
# show current working directory on left-hand status bar, increase path length to 48 change update interval to every second (default 15 seconds), set active window status to different color, increase default scroll-back value for new panes
tmux set -g status-left "#{pane_current_path} - "
tmux set -g status-interval 1
tmux set -g status-left-length 64
tmux tmux set-window-option -g window-status-current-bg blue
tmux set -g history-limit 5000
# echo "set-option -g history-limit 5000" >> ~/.tmux.conf
# SSH AUTH Forwarding
# add the following to ~/.ssh/rc
if [ -S "$SSH_AUTH_SOCK" ]; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
# and then
export SSH_AUTH_SOCK=$SSH_AUTH_SOCK
# show tmux variables and example using them
tmux display-message -a
tmux lsw -F"#{window_index}: #{pane_current_path} - #{pane_current_command}"# convert to lower case
tr '[:upper:]' '[:lower:]'
# delete double quotes
tr -d '"'
# remove extra spaces (-s: replace repeating characters with just one)
tr -s ' '
# replace spaces with underscores
tr -s ' ' '_'https://blog.rapid7.com/2017/05/24/how-to-install-and-configure-tripwire-ids-on-centos-7/ https://github.com/Tripwire/tripwire-open-source
sudo twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key
sudo twadmin --generate-keys -L /etc/tripwire/site.key
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt
sudo tripwire --init
sudo tripwire --check | grep Filename |awk '{print $2}' |sed 's/\//\\\//g' > sed_paths
for p in `cat sed_paths`; do sed -i "/$p/ s/^/#/" /etc/tripwire/twpol.txt ; done
sudo tripwire --init
# once the policy file is generated from the last "tripwire --init", it can be saved/used on other machines. Verify???
# allow ip to forward all traffic through
ufw route allow from 10.24.128.248
# allow all traffic routed to eth2 and coming in on eth1 to traverse the firewall
ufw route allow in on eth1 out on eth2
# allows any packets coming in on eth0 to traverse the firewall out on eth1 to tcp port 80 on 12.34.45.67
ufw route allow in on eth0 out on eth1 to 12.34.45.67 port 80 proto tcp# vim search and replace regular expression examples:
/^\s\+
%s/\(service_port: "\)\([0-9]\{2,5}\)\("\)/service_port: \2/
%s/\(app_name: "\)\([a-zA-Z]*\)\("\)/app_name: \2/
%s/\("vmwu\)\([0-9]\{3}\)\(.corp.domain.com"\)/vmwu\2.corp.domain.com/
%s/\(tomcat_instance: "\)\([a-z]*\)\("\)/tomcat_instance: \2/
# navigation
j # down one line
k # up one line
h # left one character
l # right one character
w # beginning of next word
W # beginning of next word ignoring special characters
e # end of current word
b # beginning of previous word
B # beginning of previous word ignoring special characters
# vim show diff without actually writing or saving changes:
:w !diff % -
# vim show line numbers
:se nu #set number
:se nonu #set nonumber
# vim delete lines containing a pattern
:g/pattern/d
# vim show whitespace characters:
http://joshorourke.com/2012/06/15/vim-tip-how-to-display-whitespace-characters
:set listchars=eol:$,nbsp:_,tab:>-,trail:~,extends:>,precedes:<
:set list
:set nolist
# vim show settings:
https://stackoverflow.com/questions/2078271/get-current-value-of-a-setting-in-vim
:set value?
:set listchars?
:set paste?
# vim upper case:
~ : Changes the case of current character
guu : Change current line from upper to lower.
gUU : Change current LINE from lower to upper.
guw : Change to end of current WORD from upper to lower.
guaw : Change all of current WORD to lower.
gUw : Change to end of current WORD from lower to upper.
gUaw : Change all of current WORD to upper.
g~~ : Invert case to entire line
g~w : Invert case to end of current WORD
guG : Change to lowercase until the end of document.
gU) : Change until end of sentence to upper case
gu} : Change to end of paragraph to lower case
gU5j : Change 5 lines below to upper case
gu3k : Change 3 lines above to lower case
# vim 8 add packages
# https://shapeshed.com/vim-packages/
# https://opensource.com/article/20/2/how-install-vim-plugins):
mkdir -p ~/.vim/pack/vendor/start/puppet
git clone https://github.com/rodjek/vim-puppet.git ~/.vim/pack/packages/start/puppet
# add vim package to dotfiles (perform commands from root of dotfiles directory)
git submodule add https://github.com/vim-airline/vim-airline.git vim/pack/vendor/start/vim-airline
git add .gitmodules vim/pack/vendor/start/vim-airline
git submodule add https://github.com/hashivim/vim-terraform.git vim/pack/vendor/start/vim-terraform
git add .gitmodules vim/pack/vendor/start/vim-terraform
git submodule add https://github.com/chr4/nginx.vim.git vim/pack/vendor/start/nxinx
git add .gitmodules vim/pack/vendor/start/nxinx
git submodule add https://github.com/tmux-plugins/vim-tmux.git vim/pack/vendor/start/vim-tmux
git add .gitmodules vim/pack/vendor/start/vim-tmux
git submodule add https://github.com/PProvost/vim-ps1.git vim/pack/vendor/start/vim-ps1
git add .gitmodules vim/pack/vendor/start/vim-ps1
git commit
https://github.com/chr4/nginx.vim.git
https://github.com/preservim/nerdtree.git
git://github.com/tmux-plugins/vim-tmux.git
# remove packages example
git submodule deinit vim/pack/vendor/start/vim-airline
git rm vim/pack/vendor/start/vim-airline
rm -Rf .git/modules/vim/pack/vendor/start/vim-airline
git commit
###
# complex regex search/replace
###
# replace this:
"time": {
"live_span": "30m"
},
# with this (remove 1st and 3rd lines, set indentation to same as
# first line, and add a comma to the end if appropriate):
"live_span": "30m",
# regex - because it's a JSON file, a comma will already be at the
# end of the closing } on the time variable so just leave it
("time": \{\n[ ]+)("live_span": "[0-9]+[m,h,d,w]")(\n[ ]+\})
# vim substitute command with \v so that "(" don't need to be escaped
# which resulted in "{" and "}" needing to be escaped
%s/\v("time": \{\n[ ]+)("live_span": "[0-9]+[m,h,d,w]")(\n[ ]+\})/\2/# vm commands
virsh list --all # list all VMs/domains
virsh list # list all running VMs/domains
virsh start VM
virsh shutdown VM # ACPI shutdown (gracefully)
virsh destroy VM # force shutdown
virsh undefine VM # delete VM (still need to remove/manage storage)
virsh undefine VM [--remove-all-storage] [--delete-storage-volume-snapshots] [--snapshots-metadata] # only use if you're sure
virsh autostart VM
virsh autostart disable VM
# network commands
virsh net-list # list networks
virsh net-dhcp-leases <NET> # show dhcp leases on specific network, usually "default"
virsh domiflist <VM> # list network interfaces on VM/domain
virsh domifstat <VM> <INT> # show network statistics for interface in VM
# storage commands
virsh pool-list
virsh domblklist VM # show block storage devices attached to VM/domain
virsh domblkstat diskname vda --human
virsh detach-disk VM PATH_TO_DISK --persistent # remove disk from VM
virsh attach-disk VM PATH_TO_DISK TARGET --persistent # target is [vd|sd|hd][a,b,c...]
virsh vol-delete diskname.qcow2 --pool default # delete storage device
# add firewall rules after libvirtd starts
firewall-cmd --direct --add-rule ipv4 filter LIBVIRT_FWI 2 -p tcp --destination 192.168.122.6 --destination-port 3389 -j ACCEPTGenerally, on Mac replace CTRL with Cmd (⌘) key and ALT with Opt (⌥) key
-
CTRL+K CTRL+S|Cmd+K Cmd+S- show/edit keyboard shortcuts -
Show diff in file since last save:
CTRL+K D -
Code action:
CTRL+. -
Collapse/Expand current code block:
CTRL+K+[,CTRL+K+] -
Collapse/Expand all code blocks:
CTRL+K+0,CTRL+K+J -
Move line or selected lines of code:
ALT+Up/Down_Arrow_Key -
Multi-line editing:
SHIFT+ALT+Up/Down_Arrow_Key,Escto exit -
Multi-line editing on Mac:
Opt+Cmd+Up/Down_Arrow_Key,Escto exit -
Toggle comment flags on selected text:
CTRL+/ -
Auto import classes:
Shift+Alt+O -
Sort selection/all:
CTRL+P > sort(select item from list)
-
CTRL+B|Cmd+B- show/hide side bar -
CTRL+J|Cmd+J- show/hide panel (terminal) -
Switch between terminal and code window:
- https://stackoverflow.com/questions/42796887/switch-focus-between-editor-and-integrated-terminal-in-visual-studio-code
- Open the keybindings.json from the editor:
CMD+SHIFT+P-> "Preferences: Open Keyboard Shortcuts (JSON)" and add these entries:
// Toggle between terminal and editor focus
{ "key": "ctrl+`", "command": "workbench.action.terminal.focus"},
{ "key": "ctrl+`", "command": "workbench.action.focusActiveEditorGroup", "when": "terminalFocus"}# show aliases
alias [alias_name]
# show functions
typeset -F #list only
typeset -f [function_name] #list and show function(s) with code
type -f [function_name] #list and show functions code# create files of specific size
truncate -s 5M 5mb.file
fallocate -l $((5*1024*1024)) 5mb.file
# split files
split -b 1024m big_file big_file-part
# monitor file transfer progress
progress -M
progress -mp
rsync -viaPAXS [--exclude=PATTERN] [--log-file=PATH] source dest
-i, --itemize-changes output a change-summary for all updates
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
-P same as --partial --progress
-A, --acls preserve ACLs (implies -p)
-X, --xattrs preserve extended attributes
-S, --sparse handle sparse files efficiently
-r, --recursive recurse into directories
-l, --links copy symlinks as symlinks
-p, --perms preserve permissions
-t, --times preserve modification times
-g, --group preserve group
-o, --owner preserve owner (super-user only)
-D same as --devices --specials
-H, --hard-links preserve hard links
-z, --compress compress file data during the transfer (only use over slow WAN links)ansible -i ./ansible/hosts host_name
sudo yum install git gitflow python34
sudo yum groupinstall "X Windows System"
python3 -m venv ~/python_venvs/systest
curl <http://linux.corp.domain.com/utils/.gitconfig> -o ~/.gitconfig
git clone git@git.corp.domain.com:linux-admins/systest.git
source ~/python_venvs/systest/bin/activate
pip install -r ~/systest/requirements.txt
pip install requests ddt bs4 PyPOM selenium pylint
yum install gnome-classic-session gnome-terminal control-center liberation-mono-fonts tigervnc-server gdm glx-utils mesa-dri-drivers plymouth-system-theme spice-vdagent xorg-x11-drivers xorg-x11-server-Xorg xorg-x11-utils xorg-x11-xauth xorg-x11-xinit xvattr initial-setup initial-setup-gui
# send local user mail
sudo apt install mailutils
mail -s "SUBJECT" local_user < textfile
echo "message content" | mail -s "SUBJECT" local_user
# email server testing tool
sudo apt install swaks
swaks --to mailbox@example.com -s smtp.gmail.com:587 -tls -au <user-account> -ap <account-password>
swaks -t bob@home.com
#<https://serverfault.com/questions/38626/how-can-i-read-pcap-files-in-a-friendly-format/38632>
tcpdump -s0 -vv -w tcp_dump.pcap tcp port 1842
tcpick -C -yP -r tcp_dump.pcap
# restart stuck gnome session
# <https://askubuntu.com/questions/455301/how-can-i-restart-gnome-shell-after-it-freezes-or-becomes-unresponsive>
# ALT+F2, then "r" and Enter is preferred, but if that doesn't do anything, open a CLI terminal (CTRL+ALT+F6) and run this:
killall -3 gnome-shell
# add fonts without rebooting
fc-cache -fv [optional_extra_fonts_folder]
# crop/resize a 1280×720 rectangle from a 1920×1080 resolution video with a starting rectangle position of 10, 10
ffmpeg -i in.mp4 -filter:v "crop=1280:720:10:10" out.mp4
# add custom resolution and refresh rate to ubuntu wayland
# https://davejansen.com/add-custom-resolution-and-refresh-rate-when-using-wayland-gnome/
# https://ubuntuhandbook.org/index.php/2021/05/custom-screen-resolution-ubuntu-wayland-xorg/
# sudo apt install read-edid
for p in /sys/class/drm/*/status; do con=${p%/status}; echo -n "${con#*/card?-}: "; cat $p; done
# for the connected device in /sys/class/drm/, show available modes
cat /sys/class/drm/card0-HDMI-A-1/modes
cat /sys/class/drm/card0-HDMI-A-1/edid | parse-edid
# then append appropriate resolution and refresh rate to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub - example:
video=1440x900@60
# you can specify the display device with something like this:
video=HDMI-A-1:1440x900@60bdstat
htop
iotop
iperf
iptraf
lsof -i