This cheatsheet was written with AlmaLinux 9 and Ubuntu 22.04 in mind, so some things may differ from the distribution that you are using.
Even though there are certain steps for enabling and starting services after some packages have been installed, this isn't always necessary on e.g. Ubuntu.
Overview
/etc/passwd # Contains all user accounts
/etc/groups # Contains all groups
/etc/shadow # Contains all user accounts passwords
/etc/login.defs # Defaults for new user accounts
/etc/skel # Skeleton dir for new user accounts
/etc/security/pwquality.conf # System wide config file for password requirementsCreate user
useradd <username>
useradd -r <username> # Adds a system account (different UID)Set or change a user's password
passwd <username>
echo "<username>:<password>" | chpasswd # chpasswd can be used to batch update users password.Check ID on user or group
id USERNAMEDelete user
userdel <username>
userdel -r <username> # Deletes the user along with the home directoryCreate group
groupadd <group name>Delete group
groupdel <group name>Add or remove user from group
usermod -a -G user group # Adds the user to the group
gpasswd -a user group
gpasswd -d user group # Remove the user from the groupDisable or enable user
usermod -l <username> # Lock user account
usermod -u <username> # Unlock user accountSet shell for user
usermod -s /bin/sh # Set shell to Bourne shell
usermod -s /sbin/nologin <username> # When the user tries to login, it will be politely told that a user doesn't have a shell
usermod -s /bin/false <username> # When the user tries to login, the connection will immediately dropset password parameters for user
chage -m mindays -M maxdays -d lastday -I -E expiredate -W warndays <username>Become root
su -Run a command with sudo
sudo <command>Run sudo in interactive mode
sudo -iBecome another user and change to their home directory
su - <username>Add user to admin
usermod -a -G sudo <username> # For Debian based OS
usermod -a -G wheel <username> # For Red Hat based OSDon't require password for sudo
- Run
visudo. - Add
<username> ALL=(ALL) NOPASSWD:ALL # Gives user permission to run sudo without password.under# User privilege specification. Replace<username>with desired user.
List all files with tmp
ls -l tmp
Remove write from group on file/folder
chmod g-w tmp
Remove read from others on file/folder
chmod a-r tmp
Remove write from user on file/folder
chmod u-w tmp
Add read and write to user on file/folder
chmod u+rw
Add read and execute to use on file
chmod u+x
Add read, write and execute to all users on file/folder
chmod a+rwx
! Even though user hasn't any read permission, the user will still be able to delete the file
! You need execute permission to "cd" (ls) into folder
Test if file or folder exists
if test -f "<file>"
then
echo true
fi
if test -d "<folder>"
then
echo true
fiChange owner or group recursive
chown -R USER
chgrp -R GROUP
**View partition, mounts and filesystem
df -hT
**View files and sort by size in reverse order
du -h ~ | sort -nr
**See indivial cores on cpu in top
top AND THEN PRESS 1
**List open files
lsof | grep PATTERN
**Output all network interface to file
tcpdump -i INTERFACE > FILE
Move/Copy hidden files (Zsh)
setopt glob_dots
mv Foo/* Bar/
unsetopt glob_dotsMove/Copy hidden files (Bash)
shopt -s dotglob
mv Foo/* Bar/
shopt -u dotglobOverview
rwsrwxrwx mark marketing # if we run the executable, it will run as user mark
rwxrwsrwx mark marketing # if we run the executable, it will run as group marketing
rwxrwsrwx mark marketing # if it's an directory, all file placed within the directory will have marketing as owner
rwx-rwxrwT # others can't execute
rwx-rwxrwt # others can executeEnable or disable SetUID
chmod u+s
chmod u-sEnable or disable SetGID
chmod g+s
chmod g-sEnable or disable Sticky bit
chmod g+s
chmod g-sSet or remove ACL on file or directory
setfacl -m u:USER:rwx PATH
setfacl -m g:GROUP:r PATH
setfacl -Rm g:GROUP:r PATH
setfacl -x g:GROUP PATH
Remove all ACL from file or directory
setfacl -b PATH
Get current ACL on file or directory
getfacl
! Permission write with ACL doesn't allow deletion of files
List processes
ps -ef | grep <process>
ps -ef --sort=-%cpu | head -10
ps -ef --sort=-%mem | head -10
pstreeGrep PID of process
pgrep <process>Kill process
kill <PID>
pkill <process>
kill -9 <PID> # Force
pkill -9 <process name>**Force killing all processes with certain name
killall -s 9 apache2systemctl --all
Reload configuration for a service
systemctl reload application.service
**
systemctl status/start/stop/restart application.service
Enable or disable service at boot time
systemctl enable/disable application.service
Enable or disable service completely
systecmctl mask/unmask application.service
Search for specific service
systemctl list-units --no-pager | grep -i <search term>Verify checksum of file
echo checksum file | sha256sum -c
OR
echo $(cat checksumfile) file | sha256sum -cCalculate checksum of multiple files
find . -type f -exec sha256sum {} \; # Calculate checksum of files in the current directory.
OR
find /etc -type f -exec sha256sum {} \; # Calculate checksum of files in a specific directory.
List how many matches a grep results in
cat file | grep string | wc -l
Grep this OR that
grep -E "this|that"
List unique lines
cat file | uniq
Download output from URL
wget -O FILE URL # Download output as file from URL
dmesg
**Stream file
tail -f FILE
Search input file for regex matches (in this case for a MAC address) and output matches and their respective line numbers cat FILE | grep -n -i [0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]
**Check if package is installed
rpm -qa | grep PACKAGE
#############**TIME
Set and view time and date configuration
timedatectl
View time zones
timedatectl list-timezones
Set time zone
timedatectl set-timezone Europe/Stockholm
Set time
timedatectl set-time 20:15:50
OR
timedatectl set-time '2021-08-18 20:15:50'
OR
date -s '2021-08-18 20:15:50'
**Sync time with NTP
timedatectl set-ntp true
Install NTP client and server
dnf install chrony ntpstat
systemctl status chronydCheck current time lagging
ntpstatCheck current time servers ver
chronyc sources -vEdit NTP server configuration
vi /etc/chrony.conf
systemctl restart chronydForce time sync
chronyc makestepchronyd
/etc/chrony.conf /var/log/chrony.log
systemctl status chronyd
! Only one daemon should be running and syncing NTP servers
Set keymap temporary
loadkeys seSet keymap persistent
localectl set-keymap se##SSH
Configuration /etc/ssh/sshd_config
##Client time out ClientAliveInterval 600 ClientAliveCountMax 1
-> systemctl restart sshd
**Disable root login PermitRootLogin no
-> systemctl restart sshd
**Disable Empty Passwords PermitEmptyPasswords no
-> systemctl restart sshd
**Allow certain users Allow user1 user2
-> systemctl restart sshd
**Change port Port 2222
-> systemctl restart sshd
##**Analyze servers and get support
sosreport
sos report
**Install and access cockpit
dnf install cockpit
systemctl enable --now cockpit
https://IP:9090
Install certain package
yum install PACKAGE
Remove certain package
yum remove PACKAGE
List all installed packages in the system
rpm -qa
Search for package in the current system
rpm -qa | grep PACKAGE
Installs, verify and get hash of a local package
rpm -ihv PACKAGE.RPM
Remove package
rpm -e PACKAGE.RPM
/etc/yum.repos.d/
rpm - locally install package
apt-get - Debian-based
Check when system was last updated
cat /var/log/apt/history.log
rpm -qi --lastGet current version
cat /etc/redhat-release
Minor upgrade (6.0 -> 6.1), but will preserve current packages
yum update
Minor upgrade (6.0 -> 6.1), but will remove packages and replace with newer onces
yum upgrade
Query package for info
rpm -qi PACKAGE
List configuration files for package
rpm -qc PACKAGE
Check what executable is assiciatted with what package
rpm -qf PACKAGE/FULL PATH TO EXECUTABLE
Rename all files ending with specific file extension in the current folder
rename -vn currentname newname *.png # Dry run
rename -v currentname newname *.png # Actually doing itCompress and extract files
tar -cvf FILE.TAR ~ # Create an archive from file/folder
tar -xvf FILE.TAR # Extract an archive
tar -cvzf FILE.TAR.GZ ~ # Create an gzip compress archive from file/folder
tar -xvzf FILE.TAR.GZ # Extract an gzip compress archive
tar -cvjf FILE.TAR.BZ2 ~ # Create an bz2 compress archive from file/folder
tar -xvjf FILE.TAR.BZ2 # Extract an bz2 compress archive
zip --password MY_SECRET secure.zip file1 file2 file3
unzip secure.zip
7za a -tzip -pMY_SECRET -mem=AES256
7za e secure.zip
List listening processes
ss -lntup
netstat -autp
netstat -nat # Show all current TCP connections Find something (case insensitive) and supress permission issues find / -iname nanorc 2>/dev/null
Do something with results
find -iname nanorc | xargs cat
Block process termination
nohup apt-get update
Return all items with the name property
command | jq .[].name
command | jq -r .[].name # raw ouputReturn the first item with the name property
command | jq .[0].name
command | jq -r .[0].name # raw output/etc/vsftpd/vsftpd.conf
anonymous_enable=NO ascii_upload_enable=YES ascii_download_enable=YES ftpd_banner= Welcome to bla bla bla use_localtime=YES
ftp X.X.X.X Login bi = binary mode to transfer files hash = progress bar put FILE bye
**Transfer file to via SSH (SCP)
scp FILE [email protected]:/home/USER
**NetworkManager nmcli = cli editor for NetworkManager nmtui = ncurses editor for NetworkManager
/etc/sysconfig/network-scripts = upstart script for network configuration /etc/hosts /etc/hostname = hostname for machine /etc/resolve.conf = DNS server for name resolving /etc/nsswitch.conf = order for name lookup
Spawn new process with desired priority
nice -n <priority> <process>Change running process priority
renice -n <priority> <process>Userspace Highest priority = -20 Lowest priority = 19
System Highest priority = -99 Lowest priority = 39
! Is default enabled in Redhat, CentOS and Fedora Enforcing = Enabled Permissive = Disable, but logs the activity Disable = Disable
Check SELinux status
sestatus
getenforceChange SELinux mode temporary
setenforce 0 = Permissive/Disable
setenforce 1 = EnableConfiguration
vi /etc/selinux/config
SELINUX=enforcing
OR
SELINUX=disableBefore enabling SELinux, relabel filesystem
touch /.autorelabel # May take a long time!List label of file
ls -lZ FILEList label for process
ps axZ | grep -i <process name>
OR
ps efZ | grep -i <process name>Change SELinux file type context
chcon system_u:object_r:shadow_t:s0 /etc/shadowRestore file type context on folder recursive with verbose mode
restorecon -Rv <path to folder>Change label on folder
semanage fcontext -a -t <type context> "<path to directory or file(/.*)?" List active SELinux fcontext type contexts
semanage fcontext -lRemove SELinux type contexts
semanage fcontext -d -t <type context> "<path to directory or file(/.*)?" List SELinux port type contexts and grep for specific service
semanage port -l | grep <service>Add SELinux port type context
semanage port -a -t <type context> -p <protocol> <port>Modify SELinux port type context
semanage port -m -t <type context> -p <protocol> <port>Modify SELinux port type context
semanage port -d -t <type context> -p <protocol> <port>Show SELinux manuals
man semanage-fcontext
man semanage-port
man semanage-booleanList SELinux port type contexts
semanage port -l | grep <service> # Take a note of the port type context for the service
vi /etc/httpd/conf/httpd.conf
semanage port -a -t httpd_port_t -p <protocol> <port> # Replace -a with a -d to delete port.
systemctl restart httpdList SELinux boolean
semanage boolean -l
semanage boolean -l | grep <search pattern>Set SELinux boolean
setsebool <policy> <boolean>
sestebool -P <policy> <boolean> # The -P makes the change persistent across reboots.Troubleshooting SELinux
dnf install setroubleshoot setools
sealert -a /var/log/audit/audit.logSELinux Labeling
**List label of directory
ls -dZ DIRECTORY
**List label of socket
netstat -tnlpZ | grep PROCESS
semanage boolean
**List of boolean getsebool -a semanage boolean -l
**Active or disable boolean setsebool -P BOOLEANNAME on/off
**Change the type of label chcon -t TYPE FILE semanage -t TYPE FILE
/.autorelabel ??
##**Machine operations and target levels ! shutdown and reboot is symbolic links to systemctl
systemctl poweroff = shutdown and power off system systemctl reboot = shutdown and reboot
Get current target or run-level
systemctl get-default
who -r # Output current run levelList targets
ls -al /lib/systemd/system/runlevel*Set current target on system
systemctl isolate graphical.target # Normal desktop
OR
systemctl isolate multi-user.target # No grapical interfaceSet default target on system
systemctl set-default graphical.target # Normal desktop
OR
systemctl set-default multi-user.target # No grapical interfaceComment
systemctl default # Directly get into default modeSwitch between consoles
ALT+Fx # E.g. ALT+F3Copy hidden files
shopt -s dotglob
cp folder/ ../test
OR
mv * ../test
shopt -u dotglobCreating a soft link ! removing a soft link does not remove the actual data
ln -s <target> <name>hard links create another link to the same inode. Does not take up space on the harddrive. A copy is another copy of the data, thus take up space on the harddrive.
List section of a man page
man -f <command>Search after man page
man -k <keyword>
man -k '^<keyword>' # Searches after man pages that begins with keywordOther documentation can be found under /usr/share/doc
Compress and uncompress files with Gzip and Bzip7
gzip <uncompressed file>
# gzip -c <uncompressed file> <compressed target>
gzip -d <compressed file> # decompress file, replacing the archive file
gzip -c -d <compressed file> > <uncompressed file> # decompress file to target file
bzip2 <uncompressed file>
bziped -d <compressed file>
bzip2 -d -c <compressed file> > <decompressed target> # decompress file to target filesearch for a specific term within a file
cat <file> | grep <search term>
cat <file> | grep -i <search term> # ignore case
OR
grep <search term> <file>
grep -i <search term> <file> # ignore casesearch files for a specific term within the file and output
grep -a r -i <search term> .
grep -a r -i --exclude <files e.g. *.iso> <search term> .Search for a specific term in input and output file, but mark matches
cat <file> | grep -z <search term>Search for a specific term in input and output only three lines after first match
cat <file> | grep -A 10 <search term>ssh command on another server
ssh user@machine <command>copy files between machines using terminal
# Copy remote file to local machine
scp user@machine <file>
sftp user@machine <file>
# Copy local file to remote machine
scp <file> user@machine
sftp <file> user@machine List files with permissions as numbers
stat -c "%a %n" *Set permission on file(s) och folder(s)
chmod +x # Add execute to all users
chmod u+w # Add write to user
chmod g-r # Subtract read for group
chmod o+x # Add execute for others
chmod go+x # Add execute for group and othersInput direction
cat <file> > <another file> # Redirect standard output to another file (overwrite)
cat <file> >> <another file> # Redirect standard output to another file (append)
cmd 2> <file> # Only redirect errors to file
cmd &> <file> # Redirect all output to file
cmd > <file> 2> <file2> # Redirect standard output to file and output errors to file2Piping
ls | wc -l # Count output lines
ls | grep <search term> # Grep after specific file name from ls
ls | sort --reverse # Reverse ls output Remove metadata/EXIF from files
exiftool -All= *.jpg
exittool -All= -overwrite_original *.pngReset root password on Red Hat (when SELinux enabled) Comment
edit GRUB using e key
replace "quiet" with "rd.break" under Linux
init=/bin/bash
ctrl+x
mount -o remount,rw /sysroot OR /
(chroot /sysroot)
ls -lZ /etc/shadow
passwd root
ls -lZ /etc/shadow
chcon system_u:object_r:shadow_t:s0 /etc/shadow OR touch /.autorelabel) # You can skip this step if SELinux is not enabled
(exit)
exec /sbin/init**Reset root password on Ubuntu edit GRUB using e key After the /swap type: replace "ro quiet splash $vt_handoff” with “rw init=/bin/bash” under Linux ctrl+x mount | grep -w / passwd root REBOOT
dnf install podman
Check podman specs
podman info
Start container
podman run -dt -p 3000:3000 redmine
Generate podman file
podman generate systemd --new --files --name redmine
cp /root/container-redmine.service /etc/systemd/system
systemctl enable container-redmine.service
systemctl start container-redmine.service
**Server
! nosuid
dnf install nfs-utils libnfssidmap
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd
mkdir /data
chmod a+rwx /data
Modify /etc/exports
**/data 192.168.12.7 (rw,sync,root_squash)
**/data * (rw,sync,root_squash)
exportfs -rv
**Client
dnf install nfs-utils rpcbind
systemctl start rpcbind
showmount -e x.x.x.x
mkdir /mnt/data
mount x.x.x.x:/data /mnt/data
df -h
Server
dnf install samba samba-client samba-common
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
mkdir -p /data2
chmod a+rwx /data2
chmod 770 /data3
chown -R nobody:nobody /data2
chown -R USER:GROUP /data3
chcon -t samba_share_ /data2
Modify configuration for samba at /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
netbios name = centos
security = user
map to guest = bad user
dns proxy = no
[guest_share]
path = /data2
browsable = yes
writable = yes
guest ok = yes
guest only = yes
read only = no
[users_share]
path = /data3
valid users = @samba
browsable = yes
writable = yes
guest ok = no
testparm
**Client
dnf install cifs-utils samba-client
mkdir -p /mnt/data2
mount -t cifs //192.168.0.10/guest_share /mnt/data2
Script parameters
# The shell script below contains the following lines:
# #!/bin/sh
# echo $1
# echo $2
# echo $3
./script.sh orange banana kiwi
$1
$2
$3Script exit codes
if $test
then
echo 1
exit 23
else
echo 2
exit 24
done
echo $?Get current shell
echo $0
cat /etc/passwd | grep YOURUSERNAMEList available shells
cat /etc/shellsChange DNS resolution order
vi /etc/nsswitch.confGeneral
man nmcli-examples
nmcli con show PROFILENAME # Display settings from profile
nmcli con up INTERFACE # Load new settings from profile
IPv4
nmcli con mod INTERFACE ipv4.addresses IPADDRESS/XX,IPADDRESS/XX # Primary (or seconday IP address)
nmcli con mod INTERFACE ipv4.gateway IPADDRESS # Sets gateway
nmcli con mod INTERFACE ipv4.dns IPADDRESS,IPADDRESS # Sets DNS servers
nmcli con mod INTERFACE ipv4.dns-search DOMAIN # Sets search domain aka. DNS suffix
nmcli con mod INTERFACE ipv4.method manual # Set either static (manual) IP address or a address from DHCP (auto).
IPv6
nmcli con mod INTERFACE ipv6.addresses IPADDRESS/XX,IPADDRESS/XX # Primary (or seconday IP address)
nmcli con mod INTERFACE ipv6.dns IPADDRESS,IPADDRESS # Sets DNS servers
nmcli con mod INTERFACE ipv6.dns-search DOMAIN # Sets search domain aka. DNS suffix
nmcli con mod INTERFACE ipv6.method manual # Set either static (manual) IP address, a address from DHCP (auto) or disabled.
OR
Use nmtui 😉Scan and connect to WIFI
nmcli device wifi list
nmcli --ask device wifi connect "<SSID>"asysctl -w net.ipv4.ip_forward=1 OR net.ipv6.conf.all.forwarding = 1
Permanent save
- Edit /etc/sysctl.conf
- Add net.ipv4.ip_forward = 1
- sysctl -p /etc/sysctl.conf
Overview tables filter mangle nat raw
chain INPUT = incomming traffic FORWARD = going to a router, from one device to another OUTPUT = outgoing traffic
target ACCEPT - accept connection REJECT - send reject response DROP - drop connection without sending any response
**iptables #**List iptables rules iptables -L
#**Remove all iptables rules iptabels -F
firewall-cmd --list-all # List all firewall rules
firewall-cmd --get-zones # List firewall zones
firewall-cmd --get-active-zone # Check current firewall zone
firewall-cmd --zone=public --list-all # List all firewall rules for the public zone
firewall-cmd --get-services # List all firewall appliable services rules
firewall-cmd --add-service=http --permanent # Add service to the firewall
firewall-cmd --remove-service=http --permanent # Remove service to the firewall
firewall-cmd --add-port=80/tcp --permanent # Add port to the firewall
firewall-cmd --remove-port=80/tcp --permanent # Remove port to the firewall
firewall-cmd --add-icmp-block-inversion # Block ICMP (ping)
firewall-cmd --remove-icmp-block-inversion # Allow ICMP (ping)
firewall-cmd --reload # Reload firewall rules
firewall-cmd --complete-reload # Reload the firewall service, which also terminate active connections
firewall-cmd --runtime-to-permanent # Make current configuration permanent
Add custom service to firewalld
- Copy any XML file under /usr/lib/firewalld/services/ and modify it.
- Restart the firewall:
systemctl restart firewalld
- List all services - you should find you newly added service:
firewall-cmd --get-services
- Add the service as a rule to the firewall and save it permanently:
firewall-cmd --add-service=XX --permanent
System logs (RedHat)
/var/log/boot # Boot events
/var/log/chronyd # NTP events
/var/log/messages # All events
/var/log/secure # Security events
/var/log/cron # Cron events
/var/log/maillog # SMTP eventsSuccessful and non-successful login attempts:
/var/log/auth.log # Debian/Ubuntu
secure.log # Red Hat/CentOS
Log a specific message to system log files
$ logger -s "Message"
Log a specific message to Kernel log buffer (useful for dmesg debugging)
# echo "Message" >> /dev/kmsg
See journal from last boot
journalctl -b -1Activate persistent storage
vi /etc/systemd/journald.conf
Go to [Journal] and add line Storage=persistent
mkdir /var/log/journal
systemctl restart systemd-journald
journalctl --flushAllow or disallow access to crontab
Based on existence of /etc/cron.allow and /etc/cron.deny, user is allowed or denied to edit the crontab in below sequence.
If cron.allow exists - only users listed into it can use crontab If cron.allow does not exist - all users except the users listed into cron.deny can use crontab If neither of the file exists - only the root can use crontab If a user is listed in both cron.allow and cron.deny - that user can use crontab.
echo USER >>/etc/cron.allow # Allow specific user(s) to use crontab
echo ALL >>/etc/cron.deny # Deny all users from using crontab except those in cron.allowList available options
man 5 crontabEdit crontab for current user
crontab -eEdit crontab for another user
crontab -e -u <user>List crontab for current user
crontab -lSchedule command to run at specific time
<command> | at <time>
<command> | at <time> <date>
<command> | at now +1 hours # Start specific command about 1 hour
<command> | at <time> -M # suppress email notificationEnable or disable the atd service
systemctl enable/disable atdAllow or disallow access to at
echo USER >>/etc/at.allow # Allow specific user(s) to use at
echo ALL >>/etc/at.deny # Deny all users from using at except those in at.allow
List tuned profiles
tuned-adm list
View current tuned profile active
tuned-adm active
Active tuned profile
tuned-adm profile powersave
Disable tuned profile
tuned-adm off
Get tuned profile recommendation
tuned-adm recommend
lsblk # List block devices and mount points
df -h # List volumes with sizes and mount points
blkid # List UUID for block devices
fdisk -l <device> # list partitions of a device
Quick format, create a single partition and format it to EXT4
lsblk # 1. List disk
fdisk <path to device> # 2. Open disk in fdisk
g OR s # 3. Choose partition table. g for GPT and s for DOS (MBR)
n -> ENTER -> ENTER -> ENTER # 4. Create a new partition
t -> L -> xx -> ENTER # 5. Set the partition type
w # Write changes
q # Quit without making changes
mkfs.ext4 <path to device x> # Quick format the disk
mkdir /data
mount <path to device x> /dataLabel volume
e2label <device>Mount a device with specific label
mount -L <label> <mount point>Resize partition and filesystem
resize2fs <path to device x>Format partition to XFS
mkfs.xfs <path to device x>Mount disk upon boot
Edit /etc/fstab
UUID=<uuid> <mount point> <file system> <defaults> <0> <0>
# ext4, vfat (for FAT and FAT32),swap, udf (DVD), iso9660 (CD) and xfs. For more information, see https://wiki.archlinux.org/title/Fstab.
Check integrity on disk
e2fsck -f <device>Interactive partitioning tool
cfdisk <block device path>swapoff -a # Disable all SWAP devices
mount -o loop /PATH/TO/ISO /MOUNTPATH # Mount a ISO image on desired path
mount -a # Remount all entries in /etc/fstab
mount -o remount,rw / # Remount /
Physical volume (PV) = One or more block devices that makes up a volume group (VG) Volume group (VG) = A volume group (VG) contains one or more logical volumes (LV) Logical volume (LV) = Logical partition (LV) that can be formatted with a file system such as e.g. EXT4.
Create LVM, physical volume, volume group and logical volume, format volume and resize
pvcreate <path to block device>
vgcreate <name of volume group> <path to block device> <path to block device> # Create new VG on block device - a PV is automatically created
lvcreate -L <sizeXX> -l <100%FREE> -n <name of logical volume> <name of volume group> # Create new LV with 50 GB size
lvresize -L <sizeXX> /dev/mapper/<name of volume group>-<name of logical volume> # Resize LV to new size - add -r to resize underlaying file system
mkfs.ext4 /dev/mapper/<name of volume group>-<name of logical volume> # Create a ext4 file system on the new LV
resize2fs /dev/mapper/<name of volume group>-<name of logical volume> # Resize underlaying file systemRemove LV
lvremove <volume group>/<logcial volume>Remove VG
vgremove <volume group>Remove PV
pvremove <path to block device>Resize LV
lvresize <path to mapped device> -l +100%FREE -L +10GB-
create physical partition fdisk n t 8e
-
create physical volume pvcreate /dev/sdb1 pvcreate /dev/sdc1
vgcreate LOGICALNAME /dev/sdb1 OR vgcreate LOGICALNAME /dev/sdb1 /dev/sdc1
lvcreate --name LOGICALNAME -l +100%FREE LOGICALNAME mkfs.ext4
vgextend LOGICALNAME /dev/sdc1 lvextend -l +100%FREE LOGICALNAME resize2fs # xfs_growfs when XFS
lvcreate -n data1_lv -l +100%FREE data1_vg #########################################################3
The topic is written for Red Hat 9 in mind - some commands won't work! You can use both /dev/device OR /dev/vg*/lv*/ **Create **
vgs
vgcreate <volume group name> <block device path>
lvcreate --type vdo -n <logical volume name> -L <physical size> -V <logical size> <volume group> # Use exact size e.g. 20 GB
lvcreate --type vdo -n <logical volume name> -l <physical size> -V <logical size> <volume group> # Use extent instead e.g. +100%FREE
mkfs.ext4 -E nodiscard <path to volume>
mkfs.xfs -K <path to volume>Show VDO stats
lvs -olv_name,vdo_compression,vdo_deduplication
vdostats --human-readableChange setting on vdo
lvchange --compression n <path to volume>
lvchange --deduplication y <path to volume>Stratis volumes will always show 1 TB when eg. running df Uses thin provision as default
Install Stratis
dnf install stratis-cli stratisd
systemctl enable stratisd --nowCreate Stratis pool
stratis pool create <pool name> <block device>List Stratis pools
stratis pool listList Stratis filesystem
stratis filesystem listCreate Stratis filesystem on pool
stratis filesystem create <pool name> <filesystem name>Enable or disable overprovisioning
stratis pool overprovision <yes OR no>Add more block devices to pool
stratis pool add-data <pool name> <block device>Create snapshot of Stratis filesystem
stratis filesystem snapshot <pool name> <filesystem name> <snapshot name>Remove snapshot of Stratis filesystem
stratis filesystem destroy <pool name> <snapshot name>Mount
mkdir -p <mount point>
mount /dev/stratis/<pool name>/<filesystem name> <mount point>Mount (persistent)
vi /etc/fstab
UUID="<UUID>" <mount point> xfs defaults,x-systemd.requires=stratisd.service 0 0systemctl get-default # Get current setting
systemctl set-default graphical.target # Set to GUI
systemctl set-default multi-user.target # Set to CLI
Access Grub during boot
F8
OR
Pressing ESC during boot
OR
Holding SHIFT during bootBoot into a specific target
Do not attempt to boot in to emergency or rescue mode without root password - you will be stuck otherwise.
Go into Grub menu during boot
Press e to edit
at the end of the linux line, type: systemd.unit=emergency.target
Then CTRL+X to startcat /proc/cmdline
vi /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg # BIOS
grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg # UEFIOutput available kernels
grubby --info ALLComment
grubby --set-default <path to kernel>Last selected kernel becomes default
vi /etc/default/grub
add
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true**Generate new keys
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C "comment"
OR
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "comment"
Copy you keys to a remote computer
ssh-copy-id [email protected] -i .ssh/id_rsa.pub
Create a folder and share it using NFS
(dnf install nfs-utils) # Or whatever package manager you're using.
mkdir -p /exports/<folder>
vi /etc/exports -> /export/<folder> <IP range/address to allow or just * to allow all>(rw,sync,no_root_squash)
(systemctl enable --now nfs-server)
(systemctl status nfs-server)
showmount -e
firewall-cmd --add-service nfs --permanent
firewall-cmd --reloadMount a NFS share
(dnf install nfs-utils) # Or whatever package manager you're using.
vi /etc/fstab -> <IP address or hostname of NFS server>:/exports/<folder> /mnt/<folder> nfs rw 0 0
mount -aSet up autofs (direct) on client machine
dnf install autofs
vi /etc/auto.master --> add /- /etc/auto.direct
vi auto.direct --> add /mnt/<server> -rw,soft <server>:/<share>
systemctl enable --now autofsSet up autofs (indirect, in this case users home directories) on client machine
Permissions are matched using the user's id. Create the folder on the source machine and change the ownership to a ID that matches the user accessing the share.
dnf install autofs
vi /etc/auto.master --> add /mnt/home /etc/auto.home
vi auto.home --> add * -rw,soft,timeo=5 <server>:/home/&
systemctl enable --now autofsFind process group id and set priority to minimum
read processname; for x in $(pgrep $processname); do echo $x; renice -n 19 -p $x; done;List only certain directories
ls /etc/kubernetes/{pki,manifests}Read a file in a script - line by line
while IFS= read -r x;
do
echo $x
done < <file>Case in script
#!/bin/sh
case "${1}" in
square) echo "You specified 'square'." ;;
circle) echo "You specified 'circle'." ;;
triangle) echo "You specified 'triangle'." ;;
*) echo "Unknown shape '${1}'."; exit 1 ;;
esacTrim content with tr
$x | tr "x,x,x,x" " " # Replace characters with whitespace char.
$x | tr -d "x,x,x,x" # Delete charactersSearch for test in files and retur with matches (line by line)
grep <search pattern> <file>
grep -n <search pattern> <file> # Show which rowsSearch for all files with are 3M big and copy it to certain folder
find / -type -f -size 3M -exec cp -r {} <path> \;Search for all files in the specified folder (recursive)
find <path> -iname <search pattern>
find . -iname <search pattern> # Current folderSearch for all files owned by a specific user in the specified folder (recursive)
find <path> -iname <search pattern> --user <username or user ID> Search for all files in the specified folder (not recursive)
find <path> -maxdepth 1 -iname <search pattern> # Only search within the specifedDNS lookup with dig
dig <domain name> <type> +noall +answer # Only output the DNS records and their respective valuesGenerate password
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20 # Generates as password that contains a-zA-Z0-9 and with a length of 20 characters.Generate CSR
openssl req -new -newkey rsa:4096 -nodes -keyout <domain>.key -out <domain>.csrGenerate self-signed certificate (valid for one year)
openssl req -x509 -newkey rsa:4096 -keyout <domain>.key -out <domain>.crt -sha256 -days 365Configure Git (locally)
Create a local config
git config --local user.name "<nickname or fullname>"
git config --local user.email "<email address>"
git config --local core.sshCommand 'ssh -i ~/.ssh/<private key file>'Revert last commit without removing any changes
git reset --soft HEAD~1
OR
git reset --soft <hash of commit>Revert last commit and changes made since last commit (POTENTIALLY DANGEROUS!)
git reset --hard HEAD~1
OR
git reset --hard <hash of commit>Remove unstaged files
git reset @Add all changes to staged
git add *Add all changed to staged including deleted files
git add --all .Force push
git push --forceChange commit author
git commit --amend --reset-authorCommit with comment
git commit -m "Message"Show commits
git log --name-onlyList newline
:set list
Search for a container image
podman search <container name>Edit list of container registries
vi /etc/containers/registries.conf # By changing order of registries, you can prioritize which one that should come first respective come last.Pull image
podman pull <address to the image>Login to container registry
podman login <url to registry>
OR
skopeo login <url to registry>Inspect container image
podman pull <address to the image>
podman inspect docker://<url to image> | less
OR
skopeo inspect docker://<url to image> | less
podman inspect docker://<url to image> | grep -A2 Cmd # List container entrypoint commandList containers
podman ps # List running containers
podman ps -a # List all containerList container images
podman imagesRun a container
podman run --name <container name> <image id or url>
podman run --name <container name> -d -p <host port:container port> <image id or url> -e <environment variable>="<value>"
podman run --name <container name> <image id or url> # Run the container in background (detached)
podman run -it --name <container name> <image id or url> <cmd> # Run container interactively Remove all containers
podman rm -a
podman rm -a -f # Remove all container regardless of state.Start, stop or kill container
podman start <container name or id>
podman stop <container name or id>
podman kill <container name or id>Execute commands interactively inside container
podman exec -it <container name or id> <cmd>Expose container ports
podman runRun a container with persistent storage
mkdir <container persistent storage>
podman run --name -d -p 4080:8080 -v <path to dir:container path>
podman run --name -d -p 4080:8080 -v <path to dir:container path:z>
podman run --name -d -p 4080:8080 -v <path to dir:container path:Z>Create a container file/Docker file
mkdir <container name>
cd <folder name>
vi container-file
FROM registry.redhat.io/ubi9/ubi-minimal:9.1.0
RUN microdnf install -y nginx
RUN rm -r /usr/share/nginx/html/*
COPY index.html /usr/share/nginx/html/
COPY startup.sh /
EXPOSE 80
CMD /startup.sh
vi index.html
<h1>Hello!</h1>
vi startup.sh
#!/bin/bash
exec /usr/sbin/nginx -g "daemon off;"
chmod +x startup.sh
podman login
podman build . -t <container image:release name>
podman images
podman runEnable docker container to start without user have been logged on
loginctl show-user <user>
sudo loginctl enable-linger <user>
mkdir -p ~/.config/systemd/user
cd ~/.config/systemd/user
podman generate systemd --name <container name> --files --new
systemctl daemon-reload --user
systemctl list-unit-files --no-pager --user | grep container-<container name>
systemctl --user status container-<container name>
systemctl --user start container-<container name>
systemctl --user enable container-<container name> --nowdocker compose logs -f