Skip to content

Instantly share code, notes, and snippets.

@kyrcha

kyrcha/LINUX.md

Last active October 25, 2021 07:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kyrcha/d813fb9559d4a0b3ddd05edd5ff9ee42 to your computer and use it in GitHub Desktop.
Save kyrcha/d813fb9559d4a0b3ddd05edd5ff9ee42 to your computer and use it in GitHub Desktop.
Download ZIP
Basic linux commands without ads
Raw
LINUX.md

Linux commands

Notes:

  • change or anything with <...> with the values you want

Users

Create a user

Use:

  • sudo useradd <username>: low level utility
  • sudo adduser <username>: user friendly script

Delete user

Use:

  • sudo userdel <username>: low level utility
  • sudo deluser --remove-home <username>: user friendly script that removes also the home directory of the user

Groups

Create group: sudo groupadd <groupname>

Add a user to groups

  • sudoers: sudo usermod -aG sudo <username>
  • other groups with logged in username: sudo usermod -aG <groupname> $USER, where $USER is the logged in username (check with echo $USER)

File/Folders Permissions and Ownership

UFW Firewall

UFW for Uncomplicated FireWall

  • Installation: sudo apt install ufw
  • Enable: sudo ufw enable
  • Disable: sudo ufw disable
  • Status: sudo ufw status
  • Verbose Status: sudo ufw status verbose - for checking also default rules
  • Allow port rule: sudo ufw allow 7822
  • Delete rule:
    • sudo ufw status numbered Get the rule numbered
    • sudo ufw delete 2 Delete rule #2
  • Check logs: sudo dmesg | grep '\[UFW'

Programs/Libs

  • nano: sudo apt install nano

SSH server

Installation

  • sudo apt update
  • sudo apt install openssh-server

Operating

  • start|stop|restart|status: sudo systemctl start|stop|restart|status ssh

Configuration

Keep the original:

  • sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
  • sudo chmod a-w /etc/ssh/sshd_config.original
  • Check configuration: sudo sshd -t -f /etc/ssh/sshd_config

Some option I configure in ssh_config

  • Change the standard port from 22 to something else: Port 6622
  • Pubkey authentication
PubkeyAuthentication yes
AuthorizedKeysFile      /etc/ssh/%u/authorized_keys .ssh/authorized_keys
AllowUsers <username1> <username2>
PasswordAuthentication no
  • Issue.net: Banner /etc/issue.net

where I add:

********************************************************************
*                                                                  *
* This system is for the use of authorized users only.  Usage of   *
* this system may be monitored and recorded by system personnel.   *
*                                                                  *
* Anyone using this system expressly consents to such monitoring   *
* and is advised that if such monitoring reveals possible          *
* evidence of criminal activity, system personnel may provide the  *
* evidence from such monitoring to law enforcement officials.      *
*                                                                  *
********************************************************************

Then

  • test: sudo sshd -t -f /etc/ssh/sshd_config
  • and restart: sudo systemctl restart sshd.service

Docker

Use the official guide and post installation steps

For docker-compose: https://docs.docker.com/compose/install/

  • sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose (check the version for newer versions)
  • sudo chmod +x /usr/local/bin/docker-compose
  • docker-compose --version
  • sudo curl -L https://raw.githubusercontent.com/docker/compose/1.28.5/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose (bash completion)

Respecting UFW

From https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/

Fortunately, there's a way to fix this. Go back to the terminal on your Docker server and issue the command sudo nano /etc/default/docker and add the following line: DOCKER_OPTS="--iptables=false" Save and close that file. Restart the docker daemon with the command sudo systemctl restart docker. Now, when you deploy a container, it will no longer alter iptables and will honor UFW.

Networking

  • What is my IP?: ip a

Info/Monitoring

  • CPU info: cat /proc/cpuinfo
  • Number of processors: cat /proc/cpuinfo | grep processor
  • Memory info: free -m
  • Disk info: df -h for human readable sizes

Processes

TODO

Grep

TODO

Auditing

  • who has logged in: last
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment