linux
Linux Releases
6.0 Squeeze 2.6.32 -> Security until February 2016
7 Wheezy 3.2 -> Security until May 2018
8 Jessie 3.16 -> Security until April/May 2020
9 Stretch 4.9 -> Security until June 2022
10 Buster 4.19 -> Security until June 2024
11 Bullseye 5.10 -> Security until June 2026
12 Bookworm 6.1 -> Security until June 2028
Install
from existing: https://www.debian.org/releases/stretch/amd64/apds03.html.en
Download
Debian
https://www.debian.org/CD/live/
Ubuntu
http://ftp.sjtu.edu.cn/ubuntu-cd/
http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/mini.iso ( Mirror only http://us.archive.ubuntu.com/ , need proxy, local DNS not working )
Debug: Console 4 or /var/log/syslog
Mirrors
https://debgen.github.io/
https://mirrors.tuna.tsinghua.edu.cn/help/debian/
apt install netselect-apt && netselect-apt -c china --nonfree mv /etc/apt/sources.list /etc/apt/sources.list.ori && mv sources.list /etc/apt/
Bash
https://www.gnu.org/software/bash/manual/bash.html
url=https://raw.githubusercontent.com/fzinfz/scripts/master/init.sh # alias & functions
source /dev/stdin <<< "$(curl -sS $url)"
set
-x debug
-T If set, any traps on DEBUG and RETURN are inherited
-o functrace/errtrace
shopt [-pqsu] [-o] [optname …]
-s: Enable (set) each optname.
-u: Disable (unset) each optname.
shopt -s expand_aliases # when the shell is not interactive
alias foo='...'
0: stdin; 1: stdout; 2: stderr # File descriptor
2>&1 >/dev/null
&>/dev/null
ssh-add 2>/dev/null
https://git.savannah.gnu.org/cgit/bash.git/
tmux
ctrl+b x -> kill pane # /usr/share/doc/tmux/examples/screen-keys.conf
cat /usr/share/doc/tmux/examples/screen-keys.conf | grep '\bbind \w'
Init
0
Halt the system.
1
Single-user mode (for special administration).
2
Local Multiuser with Networking but without network service (like NFS)
3
Full Multiuser with Networking
4
Not Used
5
Full Multiuser with Networking and X Windows(GUI)
6
Reboot.
ls -R -l /etc/rc*
ls -l /usr/lib/systemd # check `systemd` page for more
ls -l /usr/share/upstart # last release 2014; 3 years ago
ls -l /etc/init.d # SysV init
cat /etc/modules-load.d/*
apt install systemd-sysv # make link: /sbin/init -> /lib/systemd/systemd
login & non-login shells
https://www.gnu.org/software/bash/manual/html_node/Bash-Startup-Files.html
login shells:
/etc/profile
~/.bash_profile(?-> ~/.bashrc), ~/.bash_login, and ~/.profile
exit: ~/.bash_logout
non-login shells:
~/.bashrc
# echo $0 : `shopt login_shell` \| $-
-bash : login_shell on | himBHs
# bash
# echo $0 : `shopt login_shell` \| $-
bash : login_shell off | himBHs
# bash -c 'echo $0 : `shopt login_shell` \| $-'
bash : login_shell off | hBc
supervisord
http://supervisord.org/running.html
Exit code
http://tldp.org/LDP/abs/html/exitcodes.html
1 Catchall for general errors
2 Misuse of shell builtins
126 Command invoked cannot execute
127 "command not found" illegal_command Possible problem with $PATH or a typo
128+n Fatal error signal "n"
kill -9 $PPID of script $? returns 137 (128 + 9)
130 Script terminated by Control-C
Syslog Message Severities
https://tools.ietf.org/html/rfc5424#section-6.2.1
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Signals
kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL ... 64) SIGRTMAX
kill
pkill -KILL -u {username}
top
* 1 - Single Cpu Off (thus multiple cpus)
* c - Command line Off (name, not cmdline)
* i - Idle tasks On (show all tasks)
j - Str align right Off (not right justify)
V - Forest view On (show as branches)
f - sort/hide columns
(`*') could be overridden through the command-line.
Glances - A top/htop alternative - Python
https://github.com/nicolargo/glances
pip install glances[action,browser,cloud,cpuinfo,chart,docker,export,folders,gpu,ip,raid,snmp,web,wifi]
User & Permission
add user to group
sudo adduser foobar www-data
sudo usermod -a -G ftp tony
password
echo user:pwd | chpasswd
sudoers
sudo visudo
root ALL=(ALL) ALL # {terminals}=({users}) {commands}
%supergroup ALL=(ALL) NOPASSWD:ALL
chown
chown -h myuser:mygroup mysymbolic
Package Management
Redhat
Free RHEL: https://developers.redhat.com/articles/no-cost-rhel-faq/
subscription-manager register
subscription-manager attach --auto
subscription-manager repos --enable rhel-7-server-optional-rpms
subscription-manager repos --enable rhel-7-server-extras-rpms
yum install epel-release
rm -f /var/run/yum.pid <PID> && yum remove PackageKit
yum-config-manager --disable c7-media
yum --nogpgcheck localinstall xx.rpm
### EPEL
http://elrepo.org/tiki/tiki-index.php
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum install yum-plugin-fastestmirror
yum --enablerepo=elrepo-kernel install kernel-ml
Ubuntu
Main - Canonical-supported free and open-source software. Universe - Community-maintained free and open-source software. Restricted - Proprietary drivers for devices. Multiverse - Software restricted by copyright or legal issues.
# https://mirror.tuna.tsinghua.edu.cn/help/ubuntu/
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
Debian
→ experimental → unstable(Sid) → testing → stable Unstable - repository where new & untested packages are introduced. Testing - repository with packages from unstable, if no bug are found within 10 days.
main
consists of DFSG-compliant packages, which do not rely on software outside this area to operate. These are the only packages considered part of the Debian distribution.
contrib
packages contain DFSG-compliant software, but have dependencies not in main (possibly packaged for Debian in non-free).
non-free
contains software that does not comply with the DFSG.
deb http://mirror.sjtu.edu.cn/debian/ bullseye main contrib non-free
experimental
deb http://mirror.sjtu.edu.cn/debian/ experimental main contrib non-free
apt install -t experimental linux-image-amd64 # latest kernel
dpkg
dpkg --get-selections # list installed
To install .deb manually, visit linux/kernel
page.
apt
apt-get install linux-base -t jessie-backports
apt-cache search linux-image | grep linux-image-4
apt install linux-image-4.10.0-9-generic linux-image-extra-4.10.0-9-generic
apt show linux-image-extra-4.10*
apt-get install --only-upgrade docker-engine
apt policy docker-ce | head -n 20
apt-get autoclean
apt list --installed
rm -r /var/lib/apt/lists/*
echo 'Acquire::http::Proxy "http://192.168.88.25:7890"; ' > /etc/apt/apt.conf.d/proxy
ssh server
deb http://.../debian/ buster main contrib non-free
apt install openssh-server # not "openssl"
journalctl -u ssh # fix: ssh-rsa not in PubkeyAcceptedAlgorithms
PubkeyAcceptedAlgorithms +ssh-rsa
Grub
grub2-mkconfig -o /boot/grub2/grub.cfg
awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg
grub2-set-default 'CentOS Linux (4.9.0-rc8-amd64) 7 (Core)'
grub2-editenv list
fix: https://www.supergrubdisk.org/category/download/
grub-customizer
sudo add-apt-repository ppa:danielrichter2007/grub-customizer
sudo apt-get update
sudo apt-get install grub-customizer
boot .iso
https://netboot.xyz/docs/booting/grub
apt install grub-imageboot
mkdir /boot/images && cd /boot/images
wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso
update-grub2
boot repair
https://sourceforge.net/p/boot-repair-cd/home/Home/ apt install linux-image-* # if vmlinuz & initrd.img missing
ubuntu
sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair
Serial
https://help.ubuntu.com/community/SerialConsoleHowto
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
client
screen /dev/ttyUSB0 115200
picocom -b 115200 /dev/ttyUSB0
Benchmark
http://www.brendangregg.com/Perf/linux_benchmarking_tools.png
sysbench --test=cpu --cpu-max-prime=20000 --num-threads=32 run
wget http://www.numberworld.org/y-cruncher/y-cruncher%20v0.7.9.9510-static.tar.xz
tar -xf y-cruncher*.tar.xz
sshd
mobaxterm login failed: No supported authentication methods
PubkeyAcceptedAlgorithms +ssh-rsa # sshd_config # journalctl -u ssh
ssh redirect
ssh -L 9000:public.com:80 # visit local:9000 -> public.com:80
ssh -L 0.0.0.0:54321:127.0.0.1:54321 remote -p 22
ssh -R 9000:localhost:3000 # visit remote:9000 -> local:3000, "GatewayPorts yes" in sshd_config
-nNT -L ... # port forwarding only, no shell
web
wget
wget -O diff_name.zip http://...
curl
curl -O http://...
curl -o diff_name.zip http://
curl -sSL $1
-f, --fail Fail silently (no output at all) on HTTP errors (H)
-s, --silent Silent mode (don't output anything)
-S, --show-error Show error. With -s, make curl show errors when they occur
-L, --location Follow redirects (H)
-o, --output FILE Write to FILE instead of stdout
-O, --remote-name Write output to a file named as the remote file
files
String replace: http://unix.stackexchange.com/questions/112023/how-can-i-replace-a-string-in-a-files
apt-get install mlocate
updatedb
locate -S
lsof -p <PID>
ls --help | grep -E '[-][tr]\b'
-r, --reverse reverse order while sorting
extension -X, size -S, time -t, version -v
-t sort by modification time, newest first
mkdir -p /not/existing/folder
cat > file <<'EOL'
EOL
ncdu --exclude='/root/data/*' /
du -hcd 2 / | more
du -a / | sort -n -r | head -n 20
ls -1 $PWD | wc -l # count files
file /bin/ps
ldd /bin/ps
find
find /home -iname tecmint.txt
find $1 -iname $2
# find . ! -readable / -writable / -executabl
# find . ! -perm -g=w
find -regextype posix-extended -regex ".*[.](py|sh)" -exec chmod +x {} \;
grep
grep --color=auto -rn -P "${regex}" ${path}
# -r, --recursive like --directories=recurse
# -n, --line-number print line number with output lines
# -P, --perl-regexp PATTERN is a Perl regular expression
compress/uncompress
gunzip file.gz
tar -czvf name-of-archive.tar.gz /path/to/directory-or-file # Compress
tar -tvf my-data.tar.gz '*.py'
tar -zxvf toExtract.tar.gz
tar -xvf {tarball.tar} {special_file} -C /target/directory
tar -cf archive.tar foo bar # Create archive.tar from files foo and bar.
tar -tvf archive.tar # List all files in archive.tar verbosely.
tar -xf archive.tar # Extract all files from archive.tar.
-t, --list list the contents of an archive
-j, --bzip2 filter the archive through bzip2
-c, --create create a new archive
-x, --extract, --get extract files from an archive
-z, --gzip, --gunzip, --ungzip filter the archive through gzip
-v, --verbose verbosely list files processed
-f, --file=ARCHIVE use archive file or device ARCHIVE
zip [options] zipfile files_list
-r recurse into directories
-x exclude the following names
-v verbose operation/print version info
-m move into zipfile (delete OS files) !!
-d delete entries in zipfile !!!
-u update: only changed or new files
xz --decompress file.xz # -dgrub # unxz
rsync
rsync -aP -e "ssh -p $3" $1 root@$2
rsync -aP /root/_bin root@remote:/root
rsync -aP -e "ssh -p 10220" /local root@remote:/dir --remove-source-files
-v, --verbose increase verbosity
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
--no-OPTION turn off an implied OPTION (e.g. --no-D)
-r, --recursive recurse into directories
-l, --links copy symlinks as symlinks
-p, --perms preserve permissions
-o, --owner preserve owner (super-user only)
-g, --group preserve group
-D same as --devices --specials
-t, --times preserve modification times
-S, --sparse handle sparse files efficiently
-e, --rsh=COMMAND specify the remote shell to use
--partial keep partially transferred files
--partial-dir=DIR put a partially transferred file into DIR
-z, --compress compress file data during the transfer
--progress show progress during transfer
-P same as --partial --progress
history without line numbers
history | cut -c 8-
-a append history lines from this session to the history file ~/.bash_history
hostname
hostnamectl set-hostname GZ2C8G
font
apt-get install xfonts-base
SELinux
getenforce
semanage port -a -t mongod_port_t -p tcp 27017
Dropbox
link account
~/.dropbox-dist/dropboxd
dropboxd will create a ~/Dropbox folder and start synchronizing it after this step!
unlink: https://www.dropbox.com/account#security
Ubuntu snap
run without root
Proxy
vi /etc/environment
systemctl restart snapd
JAVA_HOME
echo export JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" >> /etc/profile
I18N & I10N
apt install -y locales-all
locale -a
dpkg-reconfigure locales
yum grouplist chinese-support
sudo apt-get install -y ttf-wqy-microhei #文泉驿-微米黑
sudo apt-get install -y ttf-wqy-zenhei #文泉驿-æ£é»‘
sudo apt-get install -y xfonts-wqy #文泉驿-点阵宋体
Chrome
chromium --no-sandbox # start as root
AD
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_NT4_PDC_(Quick_Start)
cache diagnostics
https://hoytech.com/vmtouch/
git clone https://github.com/hoytech/vmtouch.git
cd vmtouch && make && sudo make install
Discovering which files your OS is caching
Telling the OS to cache or evict certain files or regions of files
Locking files into memory so the OS won't evict them
Preserving virtual memory profile when failing over servers
Keeping a "hot-standby" file-server
Plotting filesystem cache usage over time
Maintaining "soft quotas" of cache usage
Speeding up batch/cron jobs
WOL
ethtool enp1s0 | grep Wake-on
p (PHY activity)
u (unicast activity)
m (multicast activity)
b (broadcast activity)
g (magic packet activity) *
a (ARP activity)
d (disabled)
Tools - Online
http://explainshell.com/
CPU
getconf LONG_BIT
check_cpu_core_mapping
https://www.ibm.com/support/knowledgecenter/en/SSQPD3_2.6.0/com.ibm.wllm.doc/mappingcpustocore.html same physical/core ID =》 simultaneous multi threads (SMTs) / HT
cat /proc/cpuinfo | grep -P 'processor|physical id|core id|^$'
pip install walnut # pretty print
for c in sorted([ ( int(c['processor']), int(c['physical id']), int(c['core id']) ) for c in cpu.dict().values()]): print c
USB Persistence
https://docs.kali.org/downloading/kali-linux-live-usb-persistence http://antix.mepis.org/index.php?title=Using_liveusb_with_persistence
kali
x86/M1/Live/VM/WSL/etc: https://www.kali.org/get-kali Docker: https://hub.docker.com/u/kalilinux/
ssh
Since 2022.1: https://www.kali.org/docs/general-use/ssh-configuration/
kali-tweaks -> Hardening -> Strong Security (the default) and Wide Compatibility
ls -l /etc/ssh/ssh_host_* systemctl disable regenerate-ssh-host-keys.service
tools
https://www.kali.org/tools/ screenshots/cheat sheet: https://www.comparitech.com/net-admin/kali-linux-cheat-sheet/#Kali_Linux_tools
Video
https://askubuntu.com/questions/28033/how-to-check-the-information-of-current-installed-video-drivers
dpkg -l amdgpu-pro
glxinfo | grep direct
GALLIUM_HUD=help glxgears
OpenCL
installable client driver loader (ICD Loader) may expose multiple separate vendor installable client drivers (Vendor ICDs) for OpenCL.
sudo apt install ocl-icd-opencl-dev
zFCP
device driver that supplements the Linux SCSI stack.

Diagram

diskless
https://help.ubuntu.com/community/DisklessUbuntuHowto
https://drbl.org/
docker run --network=host -d leejoneshane/drbl-server
http://web.mst.edu/~vojtat/pegasus/administration.htm based on Scientific Linux 7 / CentOS 7 / Red Hat Enterprise Linux 7
Last updated
Was this helpful?