System administration: Difference between revisions

Jump to navigation Jump to search
→‎Links: fail2ban
add a link to Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware
→‎Links: fail2ban
(32 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Links =
[[fail2ban]]
[[Mirth Connect]]
[[Web services]]
[[Web services]]


[[Sysadmin:User accounts|User accounts]]
[[User accounts]]


[[Sysadmin:Samba|Samba]]
[[Samba]]


[[Disk management]]
[[Disk management]]
Line 10: Line 16:


[[Network management]]
[[Network management]]
[[MySQL]]


[[Synergy]]
[[Synergy]]
Line 18: Line 22:


[[OS X]]
[[OS X]]
[[Hurd|Debian GNU/Hurd]]


[[Slackware]]
[[Slackware]]


[[Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware]]
[[Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware]] (WIP)


[[Category:System administration]]
[[Category:System administration]]


= Initial setup (for Ubuntu distribution) =
== Set timezone ==
<syntaxhighlight lang="bash">
$ sudo timedatectl set-timezone America/Denver
</syntaxhighlight>
== Composer ==
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
Composer is a PHP package management tool.  Usually needed for setting up web application development environment.
<syntaxhighlight lang="console">
$ cd
$ mkdir bin
$ cd bin
$ wget https://private.michaelhan.net/getcomposer.txt
$ mv getcomposer.txt getcomposer
$ chmod u+x getcomposer
$ ./getcomposer
$ mv composer.phar composer
</syntaxhighlight>


= Initial setup (for Ubuntu distribution) =


== SSH keys ==
== SSH keys ==


Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder.
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
 
Create private/public SSH key file using the default bit encryption and with a comment. The command creates files under ~/.ssh folder.
 
<syntaxhighlight lang="bash">
$ ssh-keygen -C user@host.domain
</syntaxhighlight>


<source lang="bash">
$ ssh-keygen -b 2048 -C user@host.domain
</source>


== SSH config for connection ==
== SSH config for connection ==
Line 40: Line 70:
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.


<source lang="html5">
<syntaxhighlight lang="html5">
Host hostname1
Host hostname1
     HostName hostname1.domain.com
     HostName hostname1.domain.com
     User username1
     User username1
     Port 1234
     Port 1234
</source>
</syntaxhighlight>


== Adding a user to sudoers list ==
== Adding a user to sudoers list ==
Line 61: Line 91:
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.


<source lang="bash">
<syntaxhighlight lang="bash">
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
</source>
</syntaxhighlight>


== Enable byobu ==
== Enable byobu ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ byobu-enable
$ byobu-enable
</source>
</syntaxhighlight>


== Update .vimrc ==
== Update .vimrc ==


<source lang="vim">
<syntaxhighlight lang="vim">
syntax on
syntax on
set noexpandtab
set noexpandtab
Line 100: Line 130:
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
</source>
</syntaxhighlight>
 
=== awesome-vim ===
For a preset of VIM development environment, awesome-vim is okay:<syntaxhighlight lang="bash">
$ git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
$ sh ~/.vim_runtime/install_awesome_vimrc.sh
</syntaxhighlight># Run inside vim: -- this will let you click and drag panes to resize or jump between (learning vim more and being able to jump panes
 
<nowiki>#</nowiki> makes this unecessary, but i'm not that good yet.)
 
<nowiki>:</nowiki>set mouse=a
 
<nowiki>#</nowiki> So now some sections on easy key commands/shortcuts
 
<nowiki>##</nowiki> Splitting VIM screen Horizontally and Vertically
 
To open a new VIM window next to the existing one, press <Ctrl>+<w> then press <v>.
 
<nowiki>##</nowiki> Move panes around vim (left/right or top/bottom)
 
Ctrl w + L - Move the current window to the "far right"
 
Ctrl w + H - Move the current window to the "far left"
 
Ctrl w + J - Move the current window to the "very bottom"
 
Ctrl w + K - Move the current window to the "very top"
 
<nowiki>##</nowiki> Copying everything into clipboard
 
gg"*yG
 
<nowiki>##</nowiki> Indenting all the code
 
<nowiki>#</nowiki> Still need to look into a more serious formatter like:
 
<nowiki>https://github.com/vim-autoformat/vim-autoformat</nowiki>
 
gg=G
 
<nowiki>#</nowiki> AwesomeVIM Leader Key Shortcut
 
You'll see vim plugins mention <leader>, that <leader> for awesome view is "," so whenever you see leader hit that key.
 
<nowiki>##</nowiki> phpunit
 
<nowiki>###</nowiki> Set the path of phpunit (most cases for me, vendor/bin/phpunit)
 
let g:phpunit_bin = 'phpunit'
 
<nowiki>###</nowiki> Shortcuts
 
<leader>ta - Run all test cases
 
<leader>ts - Switch between source & test file
 
<leader>tf - Run current test case class
 
<nowiki>#</nowiki> Folding
 
`zo` to open folding
 
`zc` to close folding
 
<nowiki>#</nowiki> NerdTREE
 
<leader>nn - Toggles NerdTREE
 
While inside NerdTREE hit "m" to do a number of modifications from renaming, deleting or adding files.


== Set up environment for web development ==
== Set up environment for web development ==


Install the LAMP stack
Install the LAMP stack
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install tasksel
$ sudo apt-get install tasksel


$ sudo tasksel install lamp-server
$ sudo tasksel install lamp-server
</source>
</syntaxhighlight>


Install git and other PHP related extensions
Install git and other PHP related extensions
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
</source>
</syntaxhighlight>


=== .gitconfig ===
=== .gitconfig ===
<source lang="html5">
<syntaxhighlight lang="html5">
[core]
[core]
   editor = vim
   editor = vim
Line 146: Line 244:
[merge]
[merge]
   defaultToUpstream = true
   defaultToUpstream = true
</source>
</syntaxhighlight>


== Change default shell ==
== Change default shell ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ chsh
$ chsh
</source>
</syntaxhighlight>


== Edit passwd files ==
== Edit passwd files ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo vipw
$ sudo vipw
</source>
</syntaxhighlight>
 
= RHEL-specific =
 
[[RHEL]]-specific notes
 
Optimize using Tuned.  Optimize for general performance.
 
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>
 
Optimize for KVM
 
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>


= Debian/Ubuntu-specific =
= Debian/Ubuntu-specific =
[[Ubuntu]]-specific notes
== Security ==
* Install 'denyhosts' to help protect against brute force SSH attacks, auto-blocking multiple attempts.
== Update the server ==
<syntaxhighlight lang="bash">
$ sudo apt update && sudo apt -y full-upgrade && sudo apt-get -y autoremove
</syntaxhighlight>


== Reconfigure console font ==
== Reconfigure console font ==
Line 166: Line 292:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ dpkg-reconfigure console-setup
$ dpkg-reconfigure console-setup
</syntaxhighlight>
== Change the default editor ==
Used by visudo and other programs for invoking an editor.
<syntaxhighlight lang="bash">
$ sudo update-alternatives --config editor
</syntaxhighlight>
</syntaxhighlight>


Line 174: Line 308:
</syntaxhighlight>
</syntaxhighlight>


== Kill other user terminal sessions ==
*Tested on: Ubuntu 14.04.5 Trusty
Sometimes it is necessary to kill other remote sessions that have been '''zombified'''.
* First determine your own shell
<syntaxhighlight lang="bash">
$ tty
</syntaxhighlight>
* Show all of your running processes
<syntaxhighlight lang="console">
$ ps -fu mhan
UID        PID  PPID  C STIME TTY          TIME CMD
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
mhan    21581 21580  0 19:02 pts/2    00:00:00 -bash
mhan    21607 21581  0 19:02 pts/2    00:00:00 screen
mhan    21608 21607  0 19:02 ?        00:00:00 SCREEN
mhan    21609 21608  0 19:02 pts/3    00:00:00 /bin/bash
mhan    21939 21609  0 19:06 pts/3    00:00:00 ps -fu mhan
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
</syntaxhighlight>
* If I want to kill pts/2 then the PID to kill is 21580.
<syntaxhighlight lang="bash">
$ kill -HUP 21580
</syntaxhighlight>
Reference: https://kb.iu.edu/d/adqw (accessed on 10/5/2017)


== Setting niceness (aka priority) on Linux processes ==
== Setting niceness (aka priority) on Linux processes ==
Line 185: Line 352:
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.


<source lang="bash">
<syntaxhighlight lang="bash">
$ pidof qemu-system-arm
$ pidof qemu-system-arm
3016
3016
</source>
</syntaxhighlight>


Then check what the current nice value of the process is:
Then check what the current nice value of the process is:
<source lang="bash">
<syntaxhighlight lang="bash">
$ ps -o pid,comm,nice -p 3016
$ ps -o pid,comm,nice -p 3016
   PID COMMAND        NI
   PID COMMAND        NI
  3016 qemu-system-arm  0
  3016 qemu-system-arm  0
</source>
</syntaxhighlight>


According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.
According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo renice -10 -p 3016
$ sudo renice -10 -p 3016
</source>
</syntaxhighlight>


To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.
To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.
Line 211: Line 378:
<references/>
<references/>


= Byobu =
== Tips ==


== keyboard shortcuts ==
* 'etckeeper' allows you to save changes you make to /etc/ in a bazaar repository. Useful to track and revert changes. https://help.ubuntu.com/11.10/serverguide/C/etckeeper.html


C-a c - Create a new screen window
= Basic =


C-a A - Rename the screen
== Pull a random line from a log ==


C-a C-a - Go back to the previous window
<syntaxhighlight lang="console">
$ shuf -n 1 /etc/pihole/gravity.list
</syntaxhighlight>


C-a <0-9> - Switch to screen #0-9 (quick toggle)
== Viewing of the log in real time ==


C-a " - View a list of the current screens, which will allow you to select one from the list
<syntaxhighlight lang="bash">
 
$ tail -f /var/log/some.log
C-a ' - Enter a screen number to switch to (slower version of C-a <0-9>)
</syntaxhighlight>
 
C-a d - Detach the whole screen session and fork to the background. Very useful for remote sessions you want to leave open. The command "screen -r" will resume your screen session.
 
C-a <Escape> - Scroll up through your command line "history" and see what output you previously got. Hitting <Escape> again cancels it.
 
=== links ===
 
http://aperiodic.net/screen/quick_reference


= Bash =
[[Multitail]]


== Change to previous folder ==
== Change to previous folder ==
Line 265: Line 426:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ stty -ixon
$ stty -ixon
</syntaxhighlight>
== Enable SSH public key authentication with an encrypted home folder ==
''Last tested on Ubuntu 16.04 LTS''
<syntaxhighlight lang="bash">
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>
== Remove some columns from an output ==
<syntaxhighlight lang="bash">
$ ls -l | awk '{print $3 " " $9}'
</syntaxhighlight>
== Make a backup without typing the full path twice ==
To make a backup without typing the full path twice with the suffix .orig
<syntaxhighlight lang="bash">
$ cp /long/path/to/file/name{,.orig}
</syntaxhighlight>
</syntaxhighlight>

Navigation menu