Han Wiki

System administration: Difference between revisions

Page Discussion

System administration (view source)

Revision as of 11:35, 21 March 2024

12,180 bytes added ,  21 March
→‎Links: fail2ban
← Older editNewer edit →
add a link to disk management
→‎Links: fail2ban
(58 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Links =
[[fail2ban]]
[[Mirth Connect]]
[[Web services]]
[[Web services]]
[[User accounts]]
[[Samba]]


[[Disk management]]
[[Disk management]]
[[File management]]
[[Network management]]
[[Synergy]]
[[VIM]]
[[OS X]]
[[Hurd|Debian GNU/Hurd]]
[[Slackware]]
[[Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware]] (WIP)
[[Category:System administration]]
= Initial setup (for Ubuntu distribution) =
== Set timezone ==
<syntaxhighlight lang="bash">
$ sudo timedatectl set-timezone America/Denver
</syntaxhighlight>
== Composer ==
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
Composer is a PHP package management tool.  Usually needed for setting up web application development environment.
<syntaxhighlight lang="console">
$ cd
$ mkdir bin
$ cd bin
$ wget https://private.michaelhan.net/getcomposer.txt
$ mv getcomposer.txt getcomposer
$ chmod u+x getcomposer
$ ./getcomposer
$ mv composer.phar composer
</syntaxhighlight>
== SSH keys ==
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
Create private/public SSH key file using the default bit encryption and with a comment. The command creates files under ~/.ssh folder.
<syntaxhighlight lang="bash">
$ ssh-keygen -C user@host.domain
</syntaxhighlight>
== SSH config for connection ==
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.
<syntaxhighlight lang="html5">
Host hostname1
    HostName hostname1.domain.com
    User username1
    Port 1234
</syntaxhighlight>
== Adding a user to sudoers list ==
<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file.
Create a file under this directory (i.e. localusers) and add entries.
* <code>jsmith ALL=(ALL) NOPASSWD:ALL</code> would allow a user to sudo without entering a password.
* <code>jpocahontas ALL=(ALL) ALL</code> would force password entry
Run <code>$ chmod 0440 filename</code> afterwards.
== Enable color prompt ==
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.
<syntaxhighlight lang="bash">
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
</syntaxhighlight>
== Enable byobu ==
<syntaxhighlight lang="bash">
$ byobu-enable
</syntaxhighlight>
== Update .vimrc ==
<syntaxhighlight lang="vim">
syntax on
set noexpandtab
set wrap
set tabstop=4
set shiftwidth=4
set smartindent
set autoindent
set encoding=utf-8 fileencodings=
set mouse=a
set fo=cqlro
set tags=tags,../tags,../../tags,../../../tags,../../../../tags,../../../../../tags,../../../../../../tags
color elflord
" set foldmethod=marker
set foldmethod=indent
set foldnestmax=15
set nofoldenable
set foldlevel=1
" filetype plugin on
imap <c-k> <esc>:r! zdump GMT <bar> tail -c29 <bar> xargs -0 date +"\%-m/\%-d/\%-Y \%-l:\%M:\%S \%p" -d<enter>$i<right>
" PHP documenter script bound to Control-P
autocmd FileType php inoremap <C-p> <ESC>:call PhpDocSingle()<CR>i
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
</syntaxhighlight>
=== awesome-vim ===
For a preset of VIM development environment, awesome-vim is okay:<syntaxhighlight lang="bash">
$ git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
$ sh ~/.vim_runtime/install_awesome_vimrc.sh
</syntaxhighlight># Run inside vim: -- this will let you click and drag panes to resize or jump between (learning vim more and being able to jump panes
<nowiki>#</nowiki> makes this unecessary, but i'm not that good yet.)
<nowiki>:</nowiki>set mouse=a
<nowiki>#</nowiki> So now some sections on easy key commands/shortcuts
<nowiki>##</nowiki> Splitting VIM screen Horizontally and Vertically
To open a new VIM window next to the existing one, press <Ctrl>+<w> then press <v>.
<nowiki>##</nowiki> Move panes around vim (left/right or top/bottom)
Ctrl w + L - Move the current window to the "far right"
Ctrl w + H - Move the current window to the "far left"
Ctrl w + J - Move the current window to the "very bottom"
Ctrl w + K - Move the current window to the "very top"
<nowiki>##</nowiki> Copying everything into clipboard
gg"*yG
<nowiki>##</nowiki> Indenting all the code
<nowiki>#</nowiki> Still need to look into a more serious formatter like:
<nowiki>https://github.com/vim-autoformat/vim-autoformat</nowiki>
gg=G
<nowiki>#</nowiki> AwesomeVIM Leader Key Shortcut
You'll see vim plugins mention <leader>, that <leader> for awesome view is "," so whenever you see leader hit that key.
<nowiki>##</nowiki> phpunit
<nowiki>###</nowiki> Set the path of phpunit (most cases for me, vendor/bin/phpunit)
let g:phpunit_bin = 'phpunit'
<nowiki>###</nowiki> Shortcuts
<leader>ta - Run all test cases
<leader>ts - Switch between source & test file
<leader>tf - Run current test case class
<nowiki>#</nowiki> Folding
`zo` to open folding
`zc` to close folding
<nowiki>#</nowiki> NerdTREE
<leader>nn - Toggles NerdTREE
While inside NerdTREE hit "m" to do a number of modifications from renaming, deleting or adding files.
== Set up environment for web development ==
Install the LAMP stack
<syntaxhighlight lang="bash">
$ sudo apt-get install tasksel
$ sudo tasksel install lamp-server
</syntaxhighlight>
Install git and other PHP related extensions
<syntaxhighlight lang="bash">
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
</syntaxhighlight>
=== .gitconfig ===
<syntaxhighlight lang="html5">
[core]
  editor = vim
  excludesfile = /home/mhan/.gitignore_global
# autocrlf = input
# safecrlf = true
[color]
  ui = always
[alias]
  co = checkout
  ci = commit
  st = status
  br = branch
  df = difftool
  hist = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short
  histall = log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all
  hist10 = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short | head -n 10
  hist10all = !git log --pretty=format:\"%C(yellow)%h %C(green)%ad %Creset| %s%C(red)%d %C(blue)[%an]\" --graph --date=short --all | head -n 10
  type = cat-file -t
  dump = cat-file -p
  ignore = update-index --assume-unchanged
  track = update-index --no-assume-unchanged
  listignored = !git ls-files -v | grep -s ^'h ' | cut -b 1-2 --complement
[diff]
  tool = vimdiff
[difftool]
  prompt = false
[merge]
  defaultToUpstream = true
</syntaxhighlight>
== Change default shell ==
<syntaxhighlight lang="bash">
$ chsh
</syntaxhighlight>
== Edit passwd files ==
<syntaxhighlight lang="bash">
$ sudo vipw
</syntaxhighlight>
= RHEL-specific =
[[RHEL]]-specific notes
Optimize using Tuned.  Optimize for general performance.
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>
Optimize for KVM
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>
= Debian/Ubuntu-specific =
[[Ubuntu]]-specific notes
== Security ==
* Install 'denyhosts' to help protect against brute force SSH attacks, auto-blocking multiple attempts.
== Update the server ==
<syntaxhighlight lang="bash">
$ sudo apt update && sudo apt -y full-upgrade && sudo apt-get -y autoremove
</syntaxhighlight>
== Reconfigure console font ==
<syntaxhighlight lang="bash">
$ dpkg-reconfigure console-setup
</syntaxhighlight>
== Change the default editor ==
Used by visudo and other programs for invoking an editor.
<syntaxhighlight lang="bash">
$ sudo update-alternatives --config editor
</syntaxhighlight>
== Change time zone ==
<syntaxhighlight lang="bash">
$ dpkg-reconfigure tzdata
</syntaxhighlight>
== Kill other user terminal sessions ==
*Tested on: Ubuntu 14.04.5 Trusty
Sometimes it is necessary to kill other remote sessions that have been '''zombified'''.
* First determine your own shell
<syntaxhighlight lang="bash">
$ tty
</syntaxhighlight>
* Show all of your running processes
<syntaxhighlight lang="console">
$ ps -fu mhan
UID        PID  PPID  C STIME TTY          TIME CMD
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
mhan    21581 21580  0 19:02 pts/2    00:00:00 -bash
mhan    21607 21581  0 19:02 pts/2    00:00:00 screen
mhan    21608 21607  0 19:02 ?        00:00:00 SCREEN
mhan    21609 21608  0 19:02 pts/3    00:00:00 /bin/bash
mhan    21939 21609  0 19:06 pts/3    00:00:00 ps -fu mhan
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
</syntaxhighlight>
* If I want to kill pts/2 then the PID to kill is 21580.
<syntaxhighlight lang="bash">
$ kill -HUP 21580
</syntaxhighlight>
Reference: https://kb.iu.edu/d/adqw (accessed on 10/5/2017)
== Setting niceness (aka priority) on Linux processes ==
*Tested on: Ubuntu 12.04 Precise
*Difficulty: 1/10
*Time: <1 minute + your WPM
Niceness or nice value in Linux is just another name for the value of priority given to a process. The higher the number means the lower the priority. The nice value can also be negative, and such values will give a process higher than normal priority. Higher the priority (or lower the nice value), the more CPU time is given, therefore the application will be perceived as running faster.
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.
<syntaxhighlight lang="bash">
$ pidof qemu-system-arm
3016
</syntaxhighlight>
Then check what the current nice value of the process is:
<syntaxhighlight lang="bash">
$ ps -o pid,comm,nice -p 3016
  PID COMMAND        NI
3016 qemu-system-arm  0
</syntaxhighlight>
According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.
<syntaxhighlight lang="bash">
$ sudo renice -10 -p 3016
</syntaxhighlight>
To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.
===References===
http://www.nixtutor.com/linux/changing-priority-on-linux-processes/ (accessed on July 22, 2012)
<references/>
== Tips ==
* 'etckeeper' allows you to save changes you make to /etc/ in a bazaar repository. Useful to track and revert changes. https://help.ubuntu.com/11.10/serverguide/C/etckeeper.html
= Basic =
== Pull a random line from a log ==
<syntaxhighlight lang="console">
$ shuf -n 1 /etc/pihole/gravity.list
</syntaxhighlight>
== Viewing of the log in real time ==
<syntaxhighlight lang="bash">
$ tail -f /var/log/some.log
</syntaxhighlight>
[[Multitail]]
== Change to previous folder ==
This changes the folder to the previous folder you were in.
<syntaxhighlight lang="bash">
$ cd -
</syntaxhighlight>
== Check disk space usage ==
You can check the file space usage with the command <span class="package">du</span>.
<syntaxhighlight lang="bash">
$ du -h
</syntaxhighlight>
== Check disk space left ==
<span class="package">df</span> is for checking the amount of disk space used and available on file systems.
<syntaxhighlight lang="bash">
$ df -h
</syntaxhighlight>
== Disable Ctrl-Q freeze ==
<syntaxhighlight lang="bash">
$ stty -ixon
</syntaxhighlight>
== Enable SSH public key authentication with an encrypted home folder ==
''Last tested on Ubuntu 16.04 LTS''
<syntaxhighlight lang="bash">
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>
== Remove some columns from an output ==
<syntaxhighlight lang="bash">
$ ls -l | awk '{print $3 " " $9}'
</syntaxhighlight>
== Make a backup without typing the full path twice ==
To make a backup without typing the full path twice with the suffix .orig
<syntaxhighlight lang="bash">
$ cp /long/path/to/file/name{,.orig}
</syntaxhighlight>
Retrieved from "https://wiki.michaelhan.net/Special:MobileDiff/170...4371"