Han Wiki

System administration: Difference between revisions

Page Discussion

System administration (view source)

Revision as of 11:35, 21 March 2024

5,906 bytes added ,  21 March
→‎Links: fail2ban
← Older edit
dump from oldwiki
→‎Links: fail2ban
 
(50 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Links =
[[fail2ban]]
[[Mirth Connect]]
[[Web services]]
[[Web services]]
[[User accounts]]
[[Samba]]


[[Disk management]]
[[Disk management]]
Line 6: Line 16:


[[Network management]]
[[Network management]]
[[MySQL]]


[[Synergy]]
[[Synergy]]
Line 14: Line 22:


[[OS X]]
[[OS X]]
[[Hurd|Debian GNU/Hurd]]
[[Slackware]]
[[Some differences between Debian/Ubuntu, RHEL/CentOS, and Slackware]] (WIP)


[[Category:System administration]]
[[Category:System administration]]


= System administration =
= Initial setup (for Ubuntu distribution) =


== Initial setup (for Ubuntu distribution) ==
== Set timezone ==
<syntaxhighlight lang="bash">
$ sudo timedatectl set-timezone America/Denver
</syntaxhighlight>
== Composer ==


=== SSH keys ===
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}


Create private/public SSH key file using 2048 bit encryption and with a comment. The command creates files under ~/.ssh folder.
Composer is a PHP package management tool. Usually needed for setting up web application development environment.


<source lang="bash">
<syntaxhighlight lang="console">
$ ssh-keygen -b 2048 -C user@host.domain
$ cd
</source>
$ mkdir bin
$ cd bin
$ wget https://private.michaelhan.net/getcomposer.txt
$ mv getcomposer.txt getcomposer
$ chmod u+x getcomposer
$ ./getcomposer
$ mv composer.phar composer
</syntaxhighlight>


=== SSH config for connection ===
 
== SSH keys ==
 
{{testedon|2022-10-08|Ubuntu 22.04.1 LTS}}
 
Create private/public SSH key file using the default bit encryption and with a comment. The command creates files under ~/.ssh folder.
 
<syntaxhighlight lang="bash">
$ ssh-keygen -C user@host.domain
</syntaxhighlight>
 
 
== SSH config for connection ==


The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.
The config file ~/.ssh/config stores information about various SSH connections, and allows the definition of hostname, username, ports, and other settings.


<source lang="html5">
<syntaxhighlight lang="html5">
Host hostname1
Host hostname1
     HostName hostname1.domain.com
     HostName hostname1.domain.com
     User username1
     User username1
     Port 1234
     Port 1234
</source>
</syntaxhighlight>


=== Adding a user to sudoers list ===
== Adding a user to sudoers list ==


<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file.
<code>#includedir /etc/sudoers.d</code> should be at the end of /etc/sudoers file.
Line 50: Line 87:
Run <code>$ chmod 0440 filename</code> afterwards.
Run <code>$ chmod 0440 filename</code> afterwards.


=== Enable color prompt ===
== Enable color prompt ==


On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.
On Ubuntu distribution of GNU/Linux, you can uncomment force_color_prompt = yes line to use color prompts. The following is my personal favorite color configuration for the prompt.


<source lang="bash">
<syntaxhighlight lang="bash">
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[01;30m\]@\[\033[00;36m\]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
</source>
</syntaxhighlight>


=== Enable byobu ===
== Enable byobu ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ byobu-enable
$ byobu-enable
</source>
</syntaxhighlight>


=== Update .vimrc ===
== Update .vimrc ==


<source lang="vim">
<syntaxhighlight lang="vim">
syntax on
syntax on
set noexpandtab
set noexpandtab
Line 93: Line 130:
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php nnoremap <C-p> :call PhpDocSingle()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
autocmd FileType php vnoremap <C-p> :call PhpDocRange()<CR>
</source>
</syntaxhighlight>
 
=== awesome-vim ===
For a preset of VIM development environment, awesome-vim is okay:<syntaxhighlight lang="bash">
$ git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
$ sh ~/.vim_runtime/install_awesome_vimrc.sh
</syntaxhighlight># Run inside vim: -- this will let you click and drag panes to resize or jump between (learning vim more and being able to jump panes
 
<nowiki>#</nowiki> makes this unecessary, but i'm not that good yet.)
 
<nowiki>:</nowiki>set mouse=a
 
<nowiki>#</nowiki> So now some sections on easy key commands/shortcuts
 
<nowiki>##</nowiki> Splitting VIM screen Horizontally and Vertically
 
To open a new VIM window next to the existing one, press <Ctrl>+<w> then press <v>.
 
<nowiki>##</nowiki> Move panes around vim (left/right or top/bottom)
 
Ctrl w + L - Move the current window to the "far right"
 
Ctrl w + H - Move the current window to the "far left"
 
Ctrl w + J - Move the current window to the "very bottom"
 
Ctrl w + K - Move the current window to the "very top"
 
<nowiki>##</nowiki> Copying everything into clipboard
 
gg"*yG
 
<nowiki>##</nowiki> Indenting all the code
 
<nowiki>#</nowiki> Still need to look into a more serious formatter like:
 
<nowiki>https://github.com/vim-autoformat/vim-autoformat</nowiki>
 
gg=G
 
<nowiki>#</nowiki> AwesomeVIM Leader Key Shortcut
 
You'll see vim plugins mention <leader>, that <leader> for awesome view is "," so whenever you see leader hit that key.


=== Set up environment for web development ===
<nowiki>##</nowiki> phpunit
 
<nowiki>###</nowiki> Set the path of phpunit (most cases for me, vendor/bin/phpunit)
 
let g:phpunit_bin = 'phpunit'
 
<nowiki>###</nowiki> Shortcuts
 
<leader>ta - Run all test cases
 
<leader>ts - Switch between source & test file
 
<leader>tf - Run current test case class
 
<nowiki>#</nowiki> Folding
 
`zo` to open folding
 
`zc` to close folding
 
<nowiki>#</nowiki> NerdTREE
 
<leader>nn - Toggles NerdTREE
 
While inside NerdTREE hit "m" to do a number of modifications from renaming, deleting or adding files.
 
== Set up environment for web development ==


Install the LAMP stack
Install the LAMP stack
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install tasksel
$ sudo apt-get install tasksel


$ sudo tasksel install lamp-server
$ sudo tasksel install lamp-server
</source>
</syntaxhighlight>


Install git and other PHP related extensions
Install git and other PHP related extensions
<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
$ sudo apt-get install git php5-mcrypt php5-xdebug php5-intl
</source>
</syntaxhighlight>


==== .gitconfig ====
=== .gitconfig ===
<source lang="html5">
<syntaxhighlight lang="html5">
[core]
[core]
   editor = vim
   editor = vim
Line 139: Line 244:
[merge]
[merge]
   defaultToUpstream = true
   defaultToUpstream = true
</source>
</syntaxhighlight>


== Change default shell ==
== Change default shell ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ chsh
$ chsh
</source>
</syntaxhighlight>


== Edit passwd files ==
== Edit passwd files ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo vipw
$ sudo vipw
</source>
</syntaxhighlight>
 
= RHEL-specific =


== Resources ==
[[RHEL]]-specific notes


=== Check disk space usage ===
Optimize using Tuned.  Optimize for general performance.


You can check the file space usage with the command <span class="package">du</span>.
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>
 
Optimize for KVM
 
<syntaxhighlight lang="bash">
# tuned-adm profile throughput-performance
</syntaxhighlight>
 
= Debian/Ubuntu-specific =
 
[[Ubuntu]]-specific notes
 
== Security ==
 
* Install 'denyhosts' to help protect against brute force SSH attacks, auto-blocking multiple attempts.
 
== Update the server ==
 
<syntaxhighlight lang="bash">
$ sudo apt update && sudo apt -y full-upgrade && sudo apt-get -y autoremove
</syntaxhighlight>
 
== Reconfigure console font ==
 
<syntaxhighlight lang="bash">
$ dpkg-reconfigure console-setup
</syntaxhighlight>
 
== Change the default editor ==
 
Used by visudo and other programs for invoking an editor.
 
<syntaxhighlight lang="bash">
$ sudo update-alternatives --config editor
</syntaxhighlight>
 
== Change time zone ==
 
<syntaxhighlight lang="bash">
$ dpkg-reconfigure tzdata
</syntaxhighlight>
 
== Kill other user terminal sessions ==
 
*Tested on: Ubuntu 14.04.5 Trusty
 
Sometimes it is necessary to kill other remote sessions that have been '''zombified'''.
 
* First determine your own shell


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ du -h
$ tty
</syntaxhighlight>
</syntaxhighlight>


=== Check disk space left ===
* Show all of your running processes


<span class="package">df</span> is for checking the amount of disk space used and available on file systems.
<syntaxhighlight lang="console">
$ ps -fu mhan
UID        PID  PPID  C STIME TTY          TIME CMD
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
mhan    21581 21580  0 19:02 pts/2    00:00:00 -bash
mhan    21607 21581  0 19:02 pts/2    00:00:00 screen
mhan    21608 21607  0 19:02 ?        00:00:00 SCREEN
mhan    21609 21608  0 19:02 pts/3    00:00:00 /bin/bash
mhan    21939 21609  0 19:06 pts/3    00:00:00 ps -fu mhan
mhan    21580 21469  0 19:02 ?        00:00:00 sshd: mhan@pts/2
</syntaxhighlight>
 
* If I want to kill pts/2 then the PID to kill is 21580.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ df -h
$ kill -HUP 21580
</syntaxhighlight>
</syntaxhighlight>


= User Accounts =
Reference: https://kb.iu.edu/d/adqw (accessed on 10/5/2017)


== Groups ==
== Setting niceness (aka priority) on Linux processes ==


=== Add a new group ===
*Tested on: Ubuntu 12.04 Precise
*Difficulty: 1/10
*Time: <1 minute + your WPM


<source lang="bash">
Niceness or nice value in Linux is just another name for the value of priority given to a process. The higher the number means the lower the priority. The nice value can also be negative, and such values will give a process higher than normal priority. Higher the priority (or lower the nice value), the more CPU time is given, therefore the application will be perceived as running faster.
$ sudo addgroup webdev
</source>


=== Delete a group ===
As an example, let's say the process of interest is ''qemu-system-arm''. You have to find out what PID (Process ID) is first.


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo delgroup webdev
$ pidof qemu-system-arm
</source>
3016
</syntaxhighlight>


=== Add a user to a group ===
Then check what the current nice value of the process is:
<syntaxhighlight lang="bash">
$ ps -o pid,comm,nice -p 3016
  PID COMMAND        NI
3016 qemu-system-arm  0
</syntaxhighlight>


<source lang="bash">
According to the output, the nice value of ''qemu-system-arm'' is 0. We want to '''decrease''' the nice value to dedicate more CPU time to it. However, you need sudo privilege in order to give a negative value for a nice value, even though you do not need such privilege for increasing the nice value to something above 0. Here we decrease it to -10.
$ sudo adduser username groupname
</source>


=== Set a directory writable by a certain group ===
<syntaxhighlight lang="bash">
$ sudo renice -10 -p 3016
</syntaxhighlight>


Make /srv/www folder readable/writable/executable by dev group
To set a permanent priority on all processes for a specific user or a group you can update ''/etc/security/limits.conf'' file.


<source lang="bash">
===References===
$ sudo setfacl -d -m g:dev:rwx /srv/www
</source>


== Add a user account ==
http://www.nixtutor.com/linux/changing-priority-on-linux-processes/ (accessed on July 22, 2012)


<source lang="bash">
<references/>
$ sudo useradd -d /home/jsmith -m jsmith -G webdev
$ sudo passwd jsmith
</source>


== Delete a user account ==
== Tips ==


Force removal and delete files
* 'etckeeper' allows you to save changes you make to /etc/ in a bazaar repository. Useful to track and revert changes. https://help.ubuntu.com/11.10/serverguide/C/etckeeper.html


<source lang="bash">
= Basic =
$ sudo userdel -fr username
</source>


or
== Pull a random line from a log ==


<source lang="bash">
<syntaxhighlight lang="console">
$ sudo deluser -remove-home username
$ shuf -n 1 /etc/pihole/gravity.list
</source>
</syntaxhighlight>


== Lock or unlock a user account ==
== Viewing of the log in real time ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo passwd -l username
$ tail -f /var/log/some.log
$ sudo passwd -u username
</syntaxhighlight>
</source>


== Adding sudoers ==
[[Multitail]]


A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.
== Change to previous folder ==


<source lang="html5">
This changes the folder to the previous folder you were in.
jsmith ALL=(ALL) NOPASSWD:ALL
</source>


If you want the user to type a password.
<syntaxhighlight lang="bash">
$ cd -
</syntaxhighlight>


<source lang="html5">
== Check disk space usage ==
jsmith ALL=(ALL:ALL) ALL
</source>


You can check the file space usage with the command <span class="package">du</span>.


= Samba =
<syntaxhighlight lang="bash">
$ du -h
</syntaxhighlight>


== Reset password for Samba server ==
== Check disk space left ==
<source lang="bash">
$ samba-tool user setpassword administrator
</source>


<span class="package">df</span> is for checking the amount of disk space used and available on file systems.


= OpenSSL =
<syntaxhighlight lang="bash">
$ df -h
</syntaxhighlight>


== Creating self-signed certificates (usually for SSL connection) ==
== Disable Ctrl-Q freeze ==


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo a2enmod ssl
$ stty -ixon
$ sudo service apache2 restart
</syntaxhighlight>


$ sudo mkdir /etc/apache2/ssl
== Enable SSH public key authentication with an encrypted home folder ==


$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM
''Last tested on Ubuntu 16.04 LTS''
</source>


= Debian/Ubuntu-specific =
<syntaxhighlight lang="bash">
$ /sbin/umount.ecryptfs_private
$ cd $HOME
$ chmod 700 .
$ mkdir -m 700 .ssh
$ chmod 500 .
$ echo $YOUR_REAL_PUBLIC_KEY > .ssh/authorized_keys
$ /sbin/mount.ecryptfs_private
</syntaxhighlight>


== Reconfigure console font ==
== Remove some columns from an output ==


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ dpkg-reconfigure console-setup
$ ls -l | awk '{print $3 " " $9}'
</syntaxhighlight>
</syntaxhighlight>


== Change time zone ==
== Make a backup without typing the full path twice ==
 
To make a backup without typing the full path twice with the suffix .orig


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
$ dpkg-reconfigure tzdata
$ cp /long/path/to/file/name{,.orig}
</syntaxhighlight>
</syntaxhighlight>
Retrieved from "https://wiki.michaelhan.net/Special:MobileDiff/435...4371"