-
Notifications
You must be signed in to change notification settings - Fork 7
/
command_bk
149 lines (118 loc) · 7.1 KB
/
command_bk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
### YUM (Yellowdog Updater and Modifier)
~$yum install <pkg>
~$yum upgrade <pkg>
~$yum localinsatll <pkg*>
~$yum remove <pkg/command/rpm>
~$yum history list #install/update/upgrade or transaction history
~$yum history list all
~$yum history info <id> #pkg info install/update/upgrade or transaction history by id
~$yum history undo <id> #undo the transaction by id
~$yum history redo <id> #redo the transaction by id
~$yum history new #yum stores transaction in single SQLite db. To start new transaction history
~$yum whatprovides <pkg/command>
~$yum --showduplicates list httpd | expand
~$yum list available java*
~$yum list installed
### Permission
~$chmod u+s <file> #set suid bit such as -rwsr-xr-x. small s means (rwxs)
~$chmod 4655 <file> #set suid bit such as -rwSr-xr-x. capital S means (rws)
~$Setgid on dir, all dir/files in it will get same ownership as parent dir. It doesn't matter who is creating
~$chmod g+s <dir/file> #setting setgid bit
~$chmod 1777 <dir> #setting sticky bit such as drwxrwxrwt. small t means (rwxt)
~$chmod 1776 <dir> #setting sticky bit such as drwxrwxrwT. capital T means (rwt)
~$chown -R <user>:<group> <dir> #asssigning recursive permission of all files/dir in target dir
### User Administration
~$useradd <user>
~$useradd -g itadmin -c "DB User" -u 1135 -s "/bin/sh" -d /home/techguy1
In the above command, we are creating the new user with custom options as simple "#useradd <user>" will create with default setting. The -g (group) -c (description) -u (user id) -s (which shell to be assigned) -d (landed home dir)
~$useradd -g <primary group> -G <secondary group> <user> # assign the user primary and secondary group
~$passwd -l <user> #locking password of user
~$passwd -u <user> #unlocking password of user
~$passwd -e <user> #expire password
~$echo 'myPassword123' | sudo passwd --stdin <user>
~$passwd -x -1 <user> #Turnoff password expiry
~$usermod -L <user> #locking user
~$usermod -U <user> #unlocking user
~$chage #set password expiry
### Access Control Lists (ACLs)
~$getfacl <file/dir> #to view the access control list of file/dir
~$setfacl -m u:priya:rw <file> #assiging the a new user 'priya' with read/write permission on the file. -m (modifying) -u (user)
~$setfacl -m mask:r <file> #setting mask on file
~$setfacl -d -m u:priya:rw <dir> #setting ACL for directory
### Crontab
~$crontab -l #show crontab for all users
~$crontab -u <user> -l #show crontab for specific user
~$crontab -e #add cron entry in crontab file
### Process
~$ps -a #all terminal
~$ps -e #list of all the processes
~$ps -o #customer properties
~$ps -ao tty,comm,pid,%mem,%cpu #<command/script> & #run the task in background
~$ps -fp $(pgrep -d, -x logrotate)
~$pgrep -u <userid> unison
~$ps -p <pid> -o etime #process execution time
~$ps -eo user,pid,ppid,%mem,%cpu --sort=-%cpu | head
~$ps lax
~$ps fax
### Network
~$dig +trace www.google.com
~$nmcli dev status
~$nmcli con del <interface name>
~$ip addr show <interface name>
~$nmcli con show
~$nmcli con add con-name <interface name> type <ethernet> ifname <interface name> ip4 <ip address> gw4 <gateway>
~$nmcli con up <interface name>
~$nmcli con mod <interface name> ipv4.gateway <ip address>
~$hostnamectl set-hostname <hostname>
~$netstat -rn
~$route -n
~$tcpdump -i <interface>
~$tcpdump -i <interface> host <ipaddress> -nn
~$tcpdump -i <interface> -s 0 -w <output file name example.pcap> host <ipaddress/hostname> and udp
~$ping <hostname/ipaddress>
~$telnet <hostname/ipaddress> <port>
~$nslookup <domain/hostname>
~$netstat -an |grep <ipaddress>.<port>|grep ESTAB|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -rn #show which remote hosts make how many connection to specfic port, the output is sort on number of connections by host to port
### Memory/Swap
~$egrep --color 'Mem|Cache|Swap' /proc/meminfo | awk '{print $1 " " $2/1000/1000 "GB"}' #show information in GB
~$smem -s swap -t -k -n -r
~$smem -u -p -r
~$free -h
### Disk
~$df -h
~$df -Th
~$du -sh <path/*>
~$du -sch .[!.]* * | grep --regex="[0-9]*G"
~$lsof -u <user> #list of openfiles by specific user
~$lsof | grep delete #list of openfiles that are deleted
~$lsof | awk '{print $1}' | sort | uniq -c | sort -r -n #sort number of open files by process
### SFTP/SCP
~$sftp -oPort=<port> <user>@<ipaddress/domain>
~$sftp -oPort=<port> -oIdentityFile=<path to key> <user>@<ipaddress/domain>
~$sftp -o KexAlgorithms=<keyExchangeAlgo> -o HostKeyAlgorithms=<HostKeyAlgoName> -oIdentityFile=<path to key> -oPort=<port> <user>@<domain/ipaddress>
~$sftp -oPort=<port> -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-dss -oIdentityfile=<path to key> <user>@<domain/ipaddress>
~$scp -P <port> <path to src file> <user>@<domain/ipaddress>:<target path> #send the file to target system
~$scp -P <port> <user>@<domain/ipaddress>:<src file path> <target file path locally> #fetch file from the target system
### Puppet Bolt
####For the --tmpdir flag we can use the home directory path of the remote user which will logged in on the behalf of the bolt. At some time /tmp is not executable due to which the command gets failed. (~mizz - will be confirm)
~$bolt command run "<command>" --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets @<ipaddress/hostname list file> -u <user>
~$bolt command run "<command>" --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets <ipaddress/hostname separate by ,> -u <user>
~$bolt script run <script> --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets @<ipaddress/hostname list file> -u <user>
~$bolt script run <script> --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets <ipaddress/hostname separate by ,> -u <user>
### Sed
~$sed -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be stdout
~$sed -i -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be saved in target file
~$sed -i 's/stringtoreplace/newstring/g' myfile.txt #replace the string from the file globally
### find
~$find /tmp/* -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days
~$find /home/ -type f -name ".errors*.gz" -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days - with filename
~$find /home/ -type f -size +500M -name "*tempfile*" -exec du -sh {} \; #found the tempfile that has file size >500MB
~$find /home/ -type f -size +1G -exec ls -lh {} \; | awk '{ print $9 "|| Size : " $5 }' #find output in custom defined format like in this "dirname || Size:_"
### Cool Grep
~$cat myfile | grep -B 1 -A 4 -i 'string one\|string two' #it will show 1 line before and 4 lines after matching the strings form myfile
~$grep -lr "string" * #search recursively the string from all filesystem hierarchy, as its start from which current dir you are standing and it will list files
~$grep -ir "string" <* or file> #search recursively the string from all filesystem hierarchy and show the content what matches - * for all files otherwise specify a single file
### Additional
~$top -b -n 1 | head -n +5
~$uptime
~$sestatus #check selinux status