System administration: Difference between revisions

→‎Links: fail2ban
→‎Fix (unreachable) prompt for encrypted home folder: change the content from obsolete to Enable SSH public key authentication with an ecrypted home folder
→‎Links: fail2ban
(44 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Links =
[[fail2ban]]
[[Mirth Connect]]
[[Web services]]
[[Web services]]
[[User accounts]]
[[Samba]]


[[Disk management]]
[[Disk management]]
Line 6: Line 16:


[[Network management]]
[[Network management]]
[[MySQL]]


[[Synergy]]
[[Synergy]]
Line 14: Line 22:


[[OS X]]
[[OS X]]
[[Hurd|Debian GNU/Hurd]]


[[Slackware]]
[[Slackware]]
[[Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware]] (WIP)


[[Category:System administration]]
[[Category:System administration]]


= System administration =
= Initial setup (for Ubuntu distribution) =
 
== Set timezone ==
<syntaxhighlight lang="bash">
$ sudo timedatectl set-timezone America/Denver
</syntaxhighlight>
== Composer ==
 
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
 
Composer is a PHP package management tool.  Usually needed for setting up web application development environment.
 
<syntaxhighlight lang="console">
$ cd
$ mkdir bin
$ cd bin
$ wget https://private.michaelhan.net/getcomposer.txt
$ mv getcomposer.txt getcomposer
$ chmod u+x getcomposer
$ ./getcomposer
$ mv composer.phar composer
</syntaxhighlight>
 


== Initial setup (for Ubuntu distribution) ==
== SSH keys ==


=== SSH keys ===
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}


Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder.
Create private/public SSH key file using the default bit encryption and with a comment. The command creates files under ~/.ssh folder.


<source lang="bash">
<syntaxhighlight lang="bash">
$ ssh-keygen -b 2048 -C user@host.domain
$ ssh-keygen -C user@host.domain
</source>
</syntaxhighlight>


=== SSH config for connection ===
 
== SSH config for connection ==


The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.


<source lang="html5">
<syntaxhighlight lang="html5">
Host hostname1
Host hostname1
     HostName hostname1.domain.com
     HostName hostname1.domain.com
     User username1
     User username1
     Port 1234
     Port 1234
</source>
</syntaxhighlight>


=== Adding a user to sudoers list ===
== Adding a user to sudoers list ==


<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file.
<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file.
Line 52: Line 87:
Run <code>$ chmod 0440 filename</code> afterwards.
Run <code>$ chmod 0440 filename</code> afterwards.


=== Enable color prompt ===
== Enable color prompt ==


On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.


<source lang="bash">
<syntaxhighlight lang="bash">
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
</source>
</syntaxhighlight>


=== Enable byobu ===
== Enable byobu ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ byobu-enable
$ byobu-enable
</source>
</syntaxhighlight>


=== Update .vimrc ===
== Update .vimrc ==


<source lang="vim">
<syntaxhighlight lang="vim">
syntax on
syntax on
set noexpandtab
set noexpandtab
Line 95: Line 130:
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
</source>
</syntaxhighlight>
 
=== awesome-vim ===
For a preset of VIM development environment, awesome-vim is okay:<syntaxhighlight lang="bash">
$ git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
$ sh ~/.vim_runtime/install_awesome_vimrc.sh
</syntaxhighlight># Run inside vim: -- this will let you click and drag panes to resize or jump between (learning vim more and being able to jump panes
 
<nowiki>#</nowiki> makes this unecessary, but i'm not that good yet.)
 
<nowiki>:</nowiki>set mouse=a
 
<nowiki>#</nowiki> So now some sections on easy key commands/shortcuts
 
<nowiki>##</nowiki> Splitting VIM screen Horizontally and Vertically
 
To open a new VIM window next to the existing one, press <Ctrl>+<w> then press <v>.
 
<nowiki>##</nowiki> Move panes around vim (left/right or top/bottom)
 
Ctrl w + L - Move the current window to the "far right"
 
Ctrl w + H - Move the current window to the "far left"
 
Ctrl w + J - Move the current window to the "very bottom"
 
Ctrl w + K - Move the current window to the "very top"


=== Set up environment for web development ===
<nowiki>##</nowiki> Copying everything into clipboard
 
gg"*yG
 
<nowiki>##</nowiki> Indenting all the code
 
<nowiki>#</nowiki> Still need to look into a more serious formatter like:
 
<nowiki>https://github.com/vim-autoformat/vim-autoformat</nowiki>
 
gg=G
 
<nowiki>#</nowiki> AwesomeVIM Leader Key Shortcut
 
You'll see vim plugins mention <leader>, that <leader> for awesome view is "," so whenever you see leader hit that key.
 
<nowiki>##</nowiki> phpunit
 
<nowiki>###</nowiki> Set the path of phpunit (most cases for me, vendor/bin/phpunit)
 
let g:phpunit_bin = 'phpunit'
 
<nowiki>###</nowiki> Shortcuts
 
<leader>ta - Run all test cases
 
<leader>ts - Switch between source & test file
 
<leader>tf - Run current test case class
 
<nowiki>#</nowiki> Folding
 
`zo` to open folding
 
`zc` to close folding
 
<nowiki>#</nowiki> NerdTREE
 
<leader>nn - Toggles NerdTREE
 
While inside NerdTREE hit "m" to do a number of modifications from renaming, deleting or adding files.
 
== Set up environment for web development ==


Install the LAMP stack
Install the LAMP stack
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install tasksel
$ sudo apt-get install tasksel


$ sudo tasksel install lamp-server
$ sudo tasksel install lamp-server
</source>
</syntaxhighlight>


Install git and other PHP related extensions
Install git and other PHP related extensions
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
</source>
</syntaxhighlight>


==== .gitconfig ====
=== .gitconfig ===
<source lang="html5">
<syntaxhighlight lang="html5">
[core]
[core]
   editor = vim
   editor = vim
Line 141: Line 244:
[merge]
[merge]
   defaultToUpstream = true
   defaultToUpstream = true
</source>
</syntaxhighlight>


== Change default shell ==
== Change default shell ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ chsh
$ chsh
</source>
</syntaxhighlight>


== Edit passwd files ==
== Edit passwd files ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo vipw
$ sudo vipw
</source>
</syntaxhighlight>


== Resources ==
= RHEL-specific =


=== Check disk space usage ===
[[RHEL]]-specific notes


You can check the file space usage with the command <span class="package">du</span>.
Optimize using Tuned.  Optimize for general performance.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ du -h
# tuned-adm profile throughput-performance
</syntaxhighlight>
</syntaxhighlight>


=== Check disk space left ===
Optimize for KVM
 
<span class="package">df</span> is for checking the amount of disk space used and available on file systems.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ df -h
# tuned-adm profile throughput-performance
</syntaxhighlight>
</syntaxhighlight>


= User Accounts =
= Debian/Ubuntu-specific =


== Groups ==
[[Ubuntu]]-specific notes


=== Add a new group ===
== Security ==


<source lang="bash">
* Install 'denyhosts' to help protect against brute force SSH attacks, auto-blocking multiple attempts.
$ sudo addgroup webdev
</source>


=== Delete a group ===
== Update the server ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo delgroup webdev
$ sudo apt update && sudo apt -y full-upgrade && sudo apt-get -y autoremove
</source>
</syntaxhighlight>


=== Add a user to a group ===
== Reconfigure console font ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo adduser username groupname
$ dpkg-reconfigure console-setup
</source>
</syntaxhighlight>


=== Set a directory writable by a certain group ===
== Change the default editor ==


Make /srv/www folder readable/writable/executable by dev group
Used by visudo and other programs for invoking an editor.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo setfacl -d -m g:dev:rwx /srv/www
$ sudo update-alternatives --config editor
</source>
</syntaxhighlight>


== Add a user account ==
== Change time zone ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ dpkg-reconfigure tzdata
$ sudo passwd jsmith
</syntaxhighlight>
</source>


== Delete a user account ==
== Kill other user terminal sessions ==


Force removal and delete files
*Tested on: Ubuntu 14.04.5 Trusty


<source lang="bash">
Sometimes it is necessary to kill other remote sessions that have been '''zombified'''.
$ sudo userdel -fr username
</source>


or
* First determine your own shell


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo deluser -remove-home username
$ tty
</source>
 
== Lock or unlock a user account ==
 
<source lang="bash">
$ sudo passwd -l username
$ sudo passwd -u username
</source>
 
== Adding sudoers ==
 
A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.
 
<source lang="html5">
jsmith ALL=(ALL) NOPASSWD:ALL
</source>
 
If you want the user to type a password.
 
<source lang="html5">
jsmith ALL=(ALL:ALL) ALL
</source>
 
 
= Samba =
 
== Reset password for Samba server ==
<source lang="bash">
$ samba-tool user setpassword administrator
</source>
 
 
= OpenSSL =
 
== Creating self-signed certificates (usually for SSL connection) ==
 
<source lang="bash">
$ sudo a2enmod ssl
$ sudo service apache2 restart
 
$ sudo mkdir /etc/apache2/ssl
 
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM
</source>
 
= Debian/Ubuntu-specific =
 
== Enable SSH public key authentication with an encrypted home folder ==
 
''Tested on Ubuntu 16.04 LTS''
 
<syntaxhighlight lang="bash" highlight="1">
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>
</syntaxhighlight>


== Reconfigure console font ==
* Show all of your running processes


<syntaxhighlight lang="bash">
<syntaxhighlight lang="console">
$ dpkg-reconfigure console-setup
$ ps -fu mhan
UID        PID  PPID  C STIME TTY          TIME CMD
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
mhan    21581 21580  0 19:02 pts/2    00:00:00 -bash
mhan    21607 21581  0 19:02 pts/2    00:00:00 screen
mhan    21608 21607  0 19:02 ?        00:00:00 SCREEN
mhan    21609 21608  0 19:02 pts/3    00:00:00 /bin/bash
mhan    21939 21609  0 19:06 pts/3    00:00:00 ps -fu mhan
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
</syntaxhighlight>
</syntaxhighlight>


== Change time zone ==
* If I want to kill pts/2 then the PID to kill is 21580.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ dpkg-reconfigure tzdata
$ kill -HUP 21580
</syntaxhighlight>
</syntaxhighlight>


Reference: https://kb.iu.edu/d/adqw (accessed on 10/5/2017)


== Setting niceness (aka priority) on Linux processes ==
== Setting niceness (aka priority) on Linux processes ==
Line 306: Line 352:
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.


<source lang="bash">
<syntaxhighlight lang="bash">
$ pidof qemu-system-arm
$ pidof qemu-system-arm
3016
3016
</source>
</syntaxhighlight>


Then check what the current nice value of the process is:
Then check what the current nice value of the process is:
<source lang="bash">
<syntaxhighlight lang="bash">
$ ps -o pid,comm,nice -p 3016
$ ps -o pid,comm,nice -p 3016
   PID COMMAND        NI
   PID COMMAND        NI
  3016 qemu-system-arm  0
  3016 qemu-system-arm  0
</source>
</syntaxhighlight>


According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.
According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo renice -10 -p 3016
$ sudo renice -10 -p 3016
</source>
</syntaxhighlight>


To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.
To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.
Line 332: Line 378:
<references/>
<references/>


= Byobu =
== Tips ==


== keyboard shortcuts ==
* 'etckeeper' allows you to save changes you make to /etc/ in a bazaar repository. Useful to track and revert changes. https://help.ubuntu.com/11.10/serverguide/C/etckeeper.html
 
= Basic =
 
== Pull a random line from a log ==
 
<syntaxhighlight lang="console">
$ shuf -n 1 /etc/pihole/gravity.list
</syntaxhighlight>


C-a c - Create a new screen window
== Viewing of the log in real time ==


C-a A - Rename the screen
<syntaxhighlight lang="bash">
$ tail -f /var/log/some.log
</syntaxhighlight>


C-a C-a - Go back to the previous window
[[Multitail]]


C-a <0-9> - Switch to screen #0-9 (quick toggle)
== Change to previous folder ==


C-a " - View a list of the current screens, which will allow you to select one from the list
This changes the folder to the previous folder you were in.


C-a ' - Enter a screen number to switch to (slower version of C-a <0-9>)
<syntaxhighlight lang="bash">
$ cd -
</syntaxhighlight>


C-a d - Detach the whole screen session and fork to the background. Very useful for remote sessions you want to leave open. The command "screen -r" will resume your screen session.
== Check disk space usage ==


C-a <Escape> - Scroll up through your command line "history" and see what output you previously got. Hitting <Escape> again cancels it.
You can check the file space usage with the command <span class="package">du</span>.


=== links ===
<syntaxhighlight lang="bash">
$ du -h
</syntaxhighlight>


http://aperiodic.net/screen/quick_reference
== Check disk space left ==


= Bash =
<span class="package">df</span> is for checking the amount of disk space used and available on file systems.


== Change to previous folder ==
<syntaxhighlight lang="bash">
$ df -h
</syntaxhighlight>
 
== Disable Ctrl-Q freeze ==
 
<syntaxhighlight lang="bash">
$ stty -ixon
</syntaxhighlight>
 
== Enable SSH public key authentication with an encrypted home folder ==
 
''Last tested on Ubuntu 16.04 LTS''
 
<syntaxhighlight lang="bash">
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>
 
== Remove some columns from an output ==
 
<syntaxhighlight lang="bash">
$ ls -l | awk '{print $3 " " $9}'
</syntaxhighlight>
 
== Make a backup without typing the full path twice ==


This changes the folder to the previous folder you were in.
To make a backup without typing the full path twice with the suffix .orig


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ cd -
$ cp /long/path/to/file/name{,.orig}
</syntaxhighlight>
</syntaxhighlight>