MalcolmChalmers.com
Linux Tips and Tricks
HOME
Apps and Tools
# text graphical system monitoring
btop
# text based file manager
mc or 'midnight commander'
# ss - show socket activity
ss -lt // show listening ports
ss -at '( dport = :22 or sport = :22 )' // show anything using port 22
# Run any one of the following command on Linux to see open ports:
$ sudo lsof -i -P -n | grep LISTEN
$ sudo netstat -tulpn | grep LISTEN
$ sudo ss -tulpn | grep LISTEN
$ sudo lsof -i:22 ## see a specific port such as 22 ##
$ sudo nmap -sTU -O IP-address-Here
# how to use tee
dmesg | tee dmesg.txt // outputs to screen and dmesg.txt
Automount
# some notes on how to setup automount on a linux server,
# not complete yet.
# cat auto.nfs
home -fstype=nfs,rw,vers=3 nfs-server-01:/vol/sles_user_vol00/linux_home
# cat autofs.conf | grep -v "^#"
[ autofs ]
timeout = 300
browse_mode = no
mount_nfs_default_protocol = 4
[ amd ]
dismount_interval = 300
# df -h
Filesystem Size Used Avail Use% Mounted on
linux_user:/vol/sles_user_vol00/linux_home 1.2T 1.1T 120G 91% /import/home
Bash Tips and Tricks
# bash script to wait for a log file to appear then start tailing it
while [ ! -f "/var/log/file.log" ]; do
sleep 1
done
tail -f /var/log/file.log
# Using a for loop to repeat a command
for i in{1..5}; do COMMAND; done
# Useful aliases to add to .bash_profile - echo "alias bis='sudo -i -u bis'" >> ~/.bash_profile
alias dush='du -sh *'
alias bis='sudo -i -u bis'
# Change back to previous directory
cd -
# Search history
CRTL+R
# Profile files
When bash is invoked as an interactive login shell it first reads and executes the following files if they exist, in order:
/etc/profile
~/.bash_profile
~/.bash_login
~/.profile
When a login shell exits, bash reads and executes commands in the follow files, thif they exist:
~/.bash_logout
/etc/bash.bash_logout
Certificates
# get certificate info
openssl x509 -in my_certificate.cer -text -noout
# generate certificate
On each server do the following:
Create an new folder called /root/certs and change into that folder.
Run the following commands to create the KEY and CSR files
openssl genrsa -out servername.key 2048
openssl req -new -key servername.key -out servername.csr -config cert.cnf
If you have setup the cnf file as per step one, you should be able to just press enter on each line and accept the defaults.
Get cert signed, you should get a CER file back.
Create the P12 and JKS files, if required
openssl pkcs12 -export -in server.cer -out server.p12 -name server-<DATE> -CAfile /etc/pki/ca-trust/source/anchors/rootca.pem -inkey server.key
keytool -importkeystore -destkeystore server.jks -srckeystore server.p12 -srcstoretype PKCS12 -alias server-<DATE>
# dummy cnf file
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = AU
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Australian Capital Territory
localityName = Locality Name (eg, city)
localityName_default = Canberra
organizationName = Organizational Name (eg, section)
organizationName_default = My Company
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = hostname
commonName_default = myhostname
commonName_max = 64
emailAddress = Email Address
emailAddress_default = fred@fake.com.au
emailAddress_max = 40
[v3_req]
keyUsage = digitalSignature, nonRepudiation, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = alt-name-01
DNS.2 = alt-name-02
DNS.3 = alt-name-03
# list certs in a keystore - it will probably request the password for the keystore
keytool -v -list -keystore /path/to/keystore
##################################
# Install certbot and apache plugin
sudo apt update
sudo apt install certbot python3-certbot-apache
# Obtain and Install the Certificate
sudo certbot --apache
# Test Auto-Renewal
sudo certbot renew --dry-run
DNF Tips and Tricks
# List all available versions of a package (i.e. jfrog)
dnf list all jfrog-artifactory-pro --showduplicates
jfrog-artifactory-pro.x86_64 7.90.7-79007900
jfrog-artifactory-pro.x86_64 7.90.8-79008900
jfrog-artifactory-pro.x86_64 7.90.9-79009900
jfrog-artifactory-pro.x86_64 7.90.10-79010900
# install specific version of a package
dnf install jfrog-artifactory-pro-7.90.7
# list package dependencies
dnf deplist <package-name>
Disk Tips and Tricks
# Resize a logical volume (adds 2gb and resizes filesystem to suit)
lvextend --resizefs --size +2G /dev/mapper/rootvg-configlv
lvextend --resizefs --size +2G /dev/mapper/rootvg-rootlv
# Adding a new disk
pvcreate /dev/sdb
vgcreate repovg /dev/sdb
lvcreate -n repolv -l 100%FREE repovg
Enable EPEL repo
# Enable epel in EL8
subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Enable RDP in Linux
# Enable RDP on Linux - so you can use Microsoft RDP to get to Gnome Desktop
yum install xrdp (needs epel repo)
systemctl enable xrdp --now
systemctl status xrdp
firewall-cmd --permanent --add-port=3389/tcp
firewall-cmd --reload
sudo chcon --type=bin_t /usr/sbin/xrdp
sudo chcon --type=bin_t /usr/sbin/xrdp-sesman
sudo setsebool -P xrdp_can_connect_all_ports on
Filtering in TOP
# Filtering in top command
press O
then
type COMMAND=splunk
press ENTER
Find Tips and Tricks
# Find files older than a specified time (mtime) and REMOVE them
# suggest running command without -exec rm {} \; option first to check what files are found.
find . -type f -mtime +30 -name '*.aud' -exec rm {} \;
find . -type f -mtime +30 -exec rm {} \;
find . -type f -mtime +7 -exec rm {} \;
# Find files older than 7 days, type is file, mtime 7 days, name condition, rm to REMOVE
find /tmp -type f -mtime +7 -name "1*" -exec rm {} \;
find . -type f -mtime +7 -exec rm {} \;
# Find and gzip old log files
find . -type f -name "wms-cli-2024*.log" -exec gzip {} \;
# REMOVE old log files
find /opt/bis/log -type f -mtime +7 -name "*2023*" -exec rm {} \;
# find gzipped logs older than three days and DELETE them
find /opt/bis/log -type f -mtime +3 -name "*.gz" -exec rm {} \;
# Clean up / santanise log files
find ./logs -type f -name "*" -print -exec sed -i 's/PBI..-...-PN./SERVER/g' {} \; -exec sed -i 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/xxx.xxx.xxx.xxx/g' {} \; -exec sed -i 's/local.domain/domain.name.au/g' {} \; -exec sed -i 's/adm......\..../username/g' {} \;
# To change/fix permissions to for folder and files, so owner has full access and group has read access
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 644 {} \;
Fix remote logon issues
### Fix slow login (when using local credentials )
- vi /etc/ssh/sshd_config
UseDNS no
GSSAPIAuthentication no
- service sshd restart
### Fix mRemote / puTTY to close window when disconnected.
You need to change the putty options under tools->options->advanced.
Relevant options are setting Session->"Close window on exit" to Always,
enabling Connection->"Enable TCP keepalives" and setting
Connection->"Seconds between keepalives" to more than 0.
Remember to save the PuttyNG settings as "Default Settings" in Session->"Saved Sessions".
GIT Tips and Tricks
# Discard local changes to tracked files (not yet staged or committed):
git restore .
# Or if you're using an older version of Git:
git checkout -- .
# Git branching commands
git branch // list branches
git branch -r // list remove branches
git branch -a // list all branches
# create a new branch
git branch branch-name
# create a new branch and switch to it
git checkout -b branch-name
# or
git switch -c branch-name
# switch to a different branch
git checkout branch-name
# or
git switch branch-name
# compare branches
git diff branch1..branch2
# merge 'branch-name' into the current branch
git merge branch-name
GitHub and SSH Keys
# Using GitHub with SSH Keys
Generate key
$ ssh-keygen -t ed25519 -C “your_email@example.com”
View you new SSH Key
$ cat ~/.ssh/id_ed25519.pub
Open github, go to setting, SSH and GPG Keys, click add a new key, page contents of id_ed25519.pub into box.
Grep Commands
# Searching for a string in multiple log files in specific folders
grep -r "string to search for " FOLDER1/*.log FOLDER2/*.log FOLDER3/*.log FOLDER4/*.log
# Grep a file and remove comments and blank lines
cat dovecot.conf | grep -v ^# | grep -v ^$
Journalctl Commands
# search for a pattern
journalctl --grep=PATTERN
# Show all messages from this boot:
journalctl -b
# Show all messages from date (and optional time):
journalctl --since="2012-10-30 18:17:16"
# Show all messages since 20 minutes ago:
journalctl --since "20 min ago"
# Follow new messages:
journalctl -f
# Show all messages by a specific executable:
journalctl /usr/lib/systemd/systemd
# Other examples
journalctl --since "2015-01-10 17:15:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"
# filters
# by unit
journalctl -u nginx.service
journalctl -u nginx.service --since today
# by PID
journalctl _PID=8088
# where 33 is the UID of the user/process owner
journalctl _UID=33 --since today
# by error level
journalctl -p err -b
# by identifier ???
journalctl -t setroubleshoot --since=today
Links
# A good XML validator
https://jsonformatter.org/xml-validator
# File Diff Checker
https://www.diffchecker.com/text-compare/
Networking Tips and Tricks
# Adding a rich firewall rule(s) - if firewall is not running, use firewall-offline-cmd
firewall-cmd --add-rich-rule='rule family="ipv4" source address="XXX.XXX.XXX.XXX" accept' --perm
# Add/allow a port/service to the firewall
firewall-cmd --add-port 25/tcp --perm
firewall-cmd --add-service ssh --perm
# After adding a rich rule, port or service the firewall needs to be reloaded for the changes to take effect
firewall-cmd --reload
# To see if Firewall Loggin (of denied messages) is enabled
sudo firewall-cmd --get-log-denied
# too add a source IP address to the rule add this option when creating the rule
--add-source=<ip-address>
# to list all zones use
firewall-cmd --list-all-zones
# to list all rules for a specific zone use
firewall-cmd --zone=to-database --list-all
# Set IP address using NMCLI
nmcli con mod ens3f1 ipv4.method manual ipv4.addres XXX.XXX.XXX.XXX/24
nmcli con mod ens3f1 ipv4.gateway XXX.XXX.XXX.1
nmcli con mod ens3f1 dns-search domain.name
nmcli con mod ens3f1 dns "XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX"
nmcli con mod ens3f1 connection.autoconnect yes
nmcli con up ens3f1
# To use a text based graphical interface
nmtui
# Add a route
sudo ip route add 172.168.1.0/24 via 172.168.1.1 dev ens01
# remove a route
sudo ip route del 172.168.1.0/24 via 172.168.1.1 dev ens01
# show link stats (e.g. amount of traffic in and out)
ip -s link show ens01
# or
watch "ip -s link show ens01"
RPM Tips and Tricks
# Extract rpm file
rpm2cpio <filename> | cpio -idmv
# How to create your own RPM package
https://www.redhat.com/en/blog/create-rpm-package
https://github.com/malcolm77/rpmbuild
$ sudo dnf install -y rpmdevtools rpmlint
$ rpmdev-setuptree
$ cat << EOF >> hello.sh
#!/bin/sh
echo "Hello world"
EOF
$ mkdir hello-0.0.1
$ mv hello.sh hello-0.0.1
$ tar --create --file hello-0.0.1.tar hello-0.0.1
$ gzip hello-0.0.1.tar
$ mv hello-0.0.1.tar.gz SOURCES
$ rpmdev-newspec hello
$ vi ~/rpmbuild/SPECS/hello.spec
$ rpmlint ~/rpmbuild/SPECS/hello.spec
$ rpmbuild -bb ~/rpmbuild/SPECS/rm-ssh-offendingkey.spec
Redirecting output
# Redirecting output
command 2>&1 /dev/null
or
command 1> /dev/null 2> /dev/null
or
command > /dev/null 2>&1
SELinux
# add a label to a file
chcon -t bin_t /usr/local/bin/node_exporter/node_exporter
Sed Commands
# Set a logback file to from INFO to DEBUG
sed -i 's/INFO/DEBUG/g' /opt/bis/fes/etc/fes-logback.xml
# Set a logback file to from DEBUG to INFO
sed -i 's/DEBUG/INFO/g' /opt/bis/fes/etc/fes-logback.xml
Tar Tips and Tricks
# 'zip' a bunch of files into the one tar file, and remove the files as they are being archieved.
tar cvf wfmcl-2023-11.tar wfmcl-2023-11-*.log --remove-files
Tmux Tips
# TMUX
CTRL+B // default prefix
% // split vertically
" // split horiz
D // detach
C // create a new window
p // previous window
n // next window
& // close current window
, // change name of window
: // command mode
tmux attached // attached to detached session
tmux list-sessions // list sessions
tmux ls // list sessions
tmux new-window // from within tmux - creates a new window
tmux rename-window "new name" // from within tmux - renames window
#example .tmux.conf
set -g status-bg cyan
set -g window-status-current-style fg=red,bg=black
set -g mouse on
VI Tips and Tricks
# NOTE
some systems will replace vi with an alias to vim when it is installed
some do not
# to disable the mouse
ESC
set mouse =
# to switch color scheme (this may be overiden by system settings or using vi instead of vim)
colorscheme elflord
# to turn on/off line number
ESC
set number
ESC
set nonumber
# turn turn off highlighting
ESC
:nohl
HOME