Users:
- /etc/sudoers(.d)
- /etc/passwd
- useradd
- usermod
- userdel -r
- passwd
Groups:
- /etc/group
- groupadd
- groupmod
- groupdel
- usermod -g
- usermod -aG
Password:
- /etc/shadow
- /etc/login.defs
- chage -m 0 -M 90 -W 7 -I 14 user03
- chage -d 0 user03
- chage -l user03
- date -d "+45 days" +%F
- usermod -L user03
- usermod -L -e 2019-10-05 user03
- usermod -U
- usermod -s /sbin/nologin user03
Access control:
- chmod 644
- chown : [-R] <file/dir>
- u+s, g+s, o+t: chmod 2770 == chmod g+s
- umask:
- /etc/profile.d/local-umask.sh
SELinux:
- Apache: httpd_t, /var/www/html: httpd_sys_content_t
- getenforce && setenforce
- karg: enforcing=0 | 1, selinux= 0 | 1
- /etc/selinux/config
- Temporary: chcon -t httpd_sys_content_t <file/dir>
- Pkg: policycoreutil => restorecon, policycoretuil-python => semanage
- Permanent: semanage fcontext -a -t httpd_sys_content_t '/virtual(/.*)?' && restorecon -RFv /virtual
- apache config file: /etc/httpd/conf/httpd.conf
- SELinux booleans:
- getsebool -a
- getsebool httpd_enable_homedirs
- sudo setsebool -P httpd_enable_homedirs on
- sudo semanage boolean -l | grep httpd_enable_homedirs
- sudo semanage boolean -l -C
- apache: /etc/httpd/conf.d/userdir.conf
- Debug SELinux ***:
- pkg: setroubleshoot-server
- /var/log/audit/audit.log -> /var/log/messages
- sealert -a /var/log/audit/audit.log
- /var/www/html
Performance:
- kill -l
- pkill control, pkill -SIGKILL -U user, pkill -SIGKILL -t tty3
- pgrep -l -u bob
- pstree -p bob
- w
- tuned-adm active
- tuned-adm list
- tuned-adm profile throughput-performance
- tuned-adm recommend
- tuned-adm off
- nice -n 15 sha1sum, ps -o pid,comm,nice 3521, renice -n 19 3521
Packages:
-
yum:
- yum list
- yum search KEYWORD
- yum info PACKAGENAME
- yum provides PATHNAME
- yum install/update/remove
- yum group list (hidden)
- yum group info "RPM Development Tools"
- yum group install "RPM Development Tools"
- tail -5 /var/log/dnf.rpm.log
- yum history ; yum history undo 5
-
Repositories:
- yum repolist all
- yum-config-manager --enable rhel-8-server-debug-rpms
- /etc/yum.repos.d/
- yum-config-manager --add-repo="http://..."
- rpm --import http://... && yum install http://...noarch.rpm
[epel]
name=xxx
baseurl="http://.."
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/..
- yum module list perl
- yum module info --profile module-name:stream (e.g. perl:5.24)
- yum module install name:stream/profile, yum install @perl
- remove and disable module stream:
- yum module remove perl && yum module disable perl
- switch to different stream:
- yum module remove postgresql && yum module reset postgresql && yum module install postgresql:10
Storage:
- lsblk -fp
- add MBR / GPT: parted mklabel -> parted mkpart -> udevadm settle -> /etc/fstab
- delete MBR / GPT: parted -> print -> rm
- create FS: mkfs.vfs / mkfs.ext4
- mount FS:
- TMP: mount / umount -> lsof
- PER: /etc/fstab -> systemctl daemon-reload / reboot -> findmnt --verify
- create SWAP:
- parted /dev/vdb swap1 linux-swap 1001MB 1257MB
- udevadm settle
- mkswap /dev/vdb2
- swapon /dev/vdb2 -> /etc/fstab -> UUID=xxx swap swap defaults(pri=xx) 0 0
- swapon --show
- systemctl daemon-reload / reboot
- swapoff
Advanced Storage:
- prepare: parted mklabel -> parted mkpart -> parted set <partition#> lvm on
- create LVM: pvcreate /dev/vdb2 /dev/vdb1 -> vgcreate vg01 /dev/vdb2 /dev/vdb1 -> lvcreate -n lv01 -L 700M vg01 -> mkfs.xfs /dev/vg01/lv01 -> /etc/fstab
- remove LVM: umount /mnt/data -> lvremove /dev/vg01/lv01 -> vgremove vg01 -> pvremove /dev/vdb2 /dev/vdb1
- view LVM: pvdisplay /dev/vdb1 -> vgdisplay vg01 -> lvdisplay /dev/vg01/lv01
- extend LVM: vgextend vg01 /dev/vdb3 -> lvextend -r -L +300M /dev/vg01/lv01 -> xfs_growfs /mnt/data | resize2fs /dev/vg01/lv01
- extend LVM-SWAP: swapoff -> lvexend -L +size -> mkswap -> swapon
- reduce LVM: pvreduce vg01 /dev/vdb3 -> pvremove /dev/vdb3
Stratis (dynamic):
- yum install stratis-cli stratisd
- systemctl enable --now stratisd
- stratis pool create pool1 /dev/vdb
- stratis pool list
- stratis pool add-data pool1 /dev/vdc
- stratis pool blockdev list pool1
- stratis filesystem create pool1 filesystem1
- stratis filesystem snapshot pool1 filesystem1 snapshot1
- stratis filesystem list
- /etc/fstab -> UUID=31b9...8c55 /dir1 xfs defaults,x-systemd.requires=stratisd.service 0 0
- stratis filesystem destroy
VDO (compress and dedup):
- yum install vdo kmod-kvdo
- vdo create --name=vdo1 --device=/dev/vdd --vdoLogicalSize=50G
- vdo status --name=vdo1
- vdo list / start / stop
- /etc/fstab -> UUID=31b9...8c55 /dir1 xfs defaults,x-systemd.requires=vdo.service 0 0
NFS:
- sudo mount -o rw,sync serverb:/share mountpoint
- /etc/fstab -> serverb:/share /mountpoint nfs rw,sync 0 0
- autofs
Tar:
- tar -cf <output.tar> <input_dir>
- tar -xf <input.tar>
Netowrk:
- nnmcli
Firewall:
- firewall-cmd --set-default-zone=dmz
- firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/24
- firewall-cmd --permanent --zone=internal --add-service=mysql
- firewall-cmd --reload
Hostname:
- hostnamectl -> /etc/hostname
- nmcli con mod +/-ipv4.dns -> nmcli con down -> nmcli con up -> /etc/resolve.conf
- /etc/hosts
At & Cron:
- atd && crond
- crontab -e | r | l
- ls /etc/cron*
Logs:
- rsyslog, journalctl
- /etc/rsyslog.d/*.conf -> *.debug /var/log/messages-debug
- logger -p user.debug "Debug Message Test"
- /etc/systemd/journal.conf -> set Storage=auto|persistent
- tzselect
- timedatectl list-timezones
- timedatectl set-timezone
- timedatectl set-time 9:00:00
- timedatectl set-ntp true | false
- /etc/chrony.conf -> systemctl restart chronyd -> chronyc sources -v
Services && Bootprocess:
- systemctl isolate multi-uesr.target
- systemd.unit=rescue.target
- systemd.unit=emergency.target
- reset root pw: -> rd.break -> mount -o remount,rw /sysroot -> chroot /sysroot -> passwd root -> touch /.autorelabel