[[ linux:misc | Linux ]] | [[linux:networking | Networking ]] 

====== Common Linux Commands ======

===== User Management =====
<code bash>
# add an unprivileged user
sudo useradd -m -G users ${username}

# -- create a system account and a group with the same name as the user, and add the user to this group
sudo useradd --system --user-group ${username}

# add user to group
# -- alternative: $ gpasswd -a ${username} ${groupname}
sudo usermod -a -G ${groupname} ${username}

# add user to sudo group
sudo usermod -aG sudo ${username}

# delete user
sudo userdel ${username}

# set password
sudo passwd ${username}

# get uid information for user
sudo grep ${username} /etc/sub* 2>/dev/null

# switch user
su - ${username}
</code>

==== visudo ====
<code bash>
sudo visudo
	# /etc/sudoers.tmp:
	#	...
	#	${user} ALL=(${otheruser}) NOPASSWD: ${command|script}
${user}:~$ sudo -u ${otheruser} ${command|script}
</code>
===== Network Hosts =====
<code bash>
sudo hostname ${new_hostname}
sudo nano /etc/hostname
	# /etc/hostname:
	#  ${new_hostname}
sudo nano /etc/hosts
	# /etc/hosts:
	#  ${ip} ${new_hostname}
</code>

===== Service Managers =====
==== initd ====
<code bash>
# create init.d script for ${servicename}
sudo nano /etc/init.d/${servicename}
	# /etc/init.d/${servicename}:
	# example setup for vncserver:
	#	#! /bin/bash
	#	PATH="$PATH:/usr/bin/"
	#	export USER="${user}"
	#	OPTIONS=" "
	#	case "$1" in
	#	start)
	#	log_action_begin_msg ${startmsg}
	#	${startcmd}
	#	;;
	#
	#	stop)
	#	log_action_begin_msg ${stopmsg}
	#	${stopcmd}
	#
	#	;;
	#
	#	restart)
	#	$0 stop
	#	$0 start
	#	;;
	#	esac
	#	exit 0
sudo chmod +x /etc/init.d/${servicename}
# start
sudo /etc/init.d/${servicename} start
# restart
sudo /etc/init.d/${servicename} restart
# stop
sudo /etc/init.d/${servicename} stop
</code>
==== service ====
<code bash>
# start
sudo service ${servicename} start
# restart
sudo service ${servicename} restart
# stop
sudo service ${servicename} stop
# status
sudo service ${servicename} status
</code>
==== systemctl ====
<code bash>
# create service
sudo nano /lib/systemd/system/${servicename}.service
	# /lib/systemd/system/${servicename}.service:
	# [Unit]
	# Description=${description}
	# After=${after}
	# Requires=${requires}
	# [Service]
	# Type=${type}
	# ExecStart=${execstart}
	# ExecStop==${execstop}
	# RemainAfterExit=${remain}
	# User=${user}
	# Group=${group}
	# Restart=${restart}
	# RestartSec=${restarttime}
	# WorkingDirectory=${workdir}
	# LimitNOFILE=${limit}
	# [Install]
	# WantedBy=multi-user.target

# reload daemon
sudo systemctl daemon-reload
# enable
sudo systemctl enable ${servicename}.service
# start
sudo systemctl start ${servicename}.service
# stop
sudo systemctl stop ${servicename}.service
# status
sudo systemctl status ${servicename}.service
# reload
sudo systemctl reload ${servicename}.service
</code>

==== updaterc ====
<code bash>
# add service to defaults
sudo update-rc.d ${servicename} defaults
# enable/disable service autostart
sudo update-rc.d ${servicename} disable
</code>

==== startup ====
<code bash>
sudo nano /etc/rc.local
	# /etc/rc.local:
	# example for docker (overcommit memory):
	# sysctl vm.overcommit_memory=1
	# example for ip forward
	# iptables -A FORWARD -s ${ip} ACCEPT
</code>

===== Time Configuration =====
<code bash>
sudo dpkg-reconfigure tzdata
sudo apt-get update
sudo apt-get install ntp
sudo nano /etc/ntp.conf
	# /etc/ntp.conf:
	#	server [0-3].us.pool.ntp.org
sudo service ntp restart
ntpq -p
		     remote           refid      st t when poll reach   delay   offset  jitter
	==============================================================================
	 0.us.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
	 1.us.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
	 2.us.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
	 3.us.pool.ntp.o .POOL.          16 p    -   64    0    0.000    0.000   0.000
	 ntp.ubuntu.com  .POOL.          16 p    -   64    0    0.000    0.000   0.000

# update time right now
sudo service ntp stop
sudo ntpdate pool.ntp.org
</code>

===== Swapfile =====
<code bash>
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
	# Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
sudo swapon /swapfile
sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'
</code>

===== Files & Logs =====
<code bash>
# retrieving
scp -r ${user}@${remote}:/full/path /full/path
# sending
scp /full/path ${user}@${remote}:/full/path
# list open files
# -- useful for file_in_use errors
lsof -i
	# COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
	# dhclient 250 root    6u  IPv4 297331      0t0  UDP *:bootpc
	# sshd     324 root    3u  IPv4 298149      0t0  TCP *:ssh (LISTEN)
	# sshd     324 root    4u  IPv6 298171      0t0  TCP *:ssh (LISTEN)

# clear logs
sudo -i
cat /dev/null > /var/log/auth.log
cat /dev/null > /var/log/syslog
</code>

===== Simple Email =====
<code bash>
# example for gmail
sudo apt-get install ssmtp mailutils
sudo nano /etc/ssmtp/ssmtp.conf
	# /etc/ssmtp/ssmtp.conf:
	# 	root=${user}@gmail.com
	# 	mailhub=smtp.gmail.com:587
	# 	hostname=localhost
	# 	RewriteDomain=gmail.com
	# 	UseSTARTTLS=YES
	# 	UseTLS=YES
	# 	AuthUser=${user}@gmail.com
	# 	AuthPass=${password}
sudo nano /etc/ssmtp/revaliases
	# /etc/ssmtp/revaliases:
	#	root:${user}@gmail.com:smtp.gmail.com:587
	#	www-data:${user}@gmail.com:smtp.gmail.com:587

# test
echo "Hello, World" | mail -a From:"ABC (x@gmail.com)" -s "check email" y@gmail.com
sudo tail -f /var/log/syslog
	# Jun 16 11:21:34 b100 sSMTP[4029]: Creating SSL connection to host
	# Jun 16 11:21:35 b100 sSMTP[4029]: SSL connection using RSA_AES_128_CBC_SHA1
	# Jun 16 11:21:37 b100 sSMTP[4029]: Sent mail for ${user}@gmail.com (221 2.0.0 closing connection h2-v6sm267363itb.20 - gsmtp) uid=1000 username=${user} outbytes=410

	# Jun 16 11:22:34 b100 sSMTP[4048]: Creating SSL connection to host
	# Jun 16 11:22:35 b100 sSMTP[4048]: SSL connection using RSA_AES_128_CBC_SHA1
	# Jun 16 11:22:37 b100 sSMTP[4048]: Sent mail for ${user}@gmail.com (221 2.0.0 closing connection z26-v6sm224899ioh.14 - gsmtp) uid=1000 username=${user} outbytes=404
</code>

===== SSH =====
<code bash>
# setup:
	# generate keys
		ssh-keygen (${keypath}/${key}.pub)
	# copy keys
		ssh-copy-id -i ${keypath}/${key}.pub ${remoteuser}@{remotehost}
		# OR
		# mv *.pub /tmp
		# sftp ${remoteuser}@{remotehost}
		# cp *.pub .
	# edit permissions
		sudo chmod 700 ${keypath}
	# check keys
		cat ${keypath}/${key}.pub
		${remoteuser}@{remotehost}:~$ cat ~/.ssh/authorized_keys
	# disallow ssh access on root
		${remoteuser}@{remotehost}:~$  nano /etc/ssh/sshd_config
			PermitRootLogin no
			PasswordAuthentication no
	# restart service
		service: ssh

# usage:
	ssh-agent /bin/bash
	ssh-add ${keypath}/${key}
	ssh-add -l
	ssh ${remoteuser}@{remotehost}

# logs:
	/var/log/auth.log

# config file:
nano ~/.ssh/config
	# ~/.ssh/config:
	#	Host Server1
	#		hostname xxx.xxx.xxx.xxx
	#		user user1
	#		IdentityFile ${keypath}/${key}
</code>

===== Pcks12 Keys =====
<code bash>
openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in cert.pem
</code>

===== fail2ban =====
<code bash>
# setup
	$ sudo apt-get install fail2ban
	# copy and comment everything to jail.local
	$ awk '{ printf "# "; print; }' /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
</code>
Create service for fail2ban (refer to [[#service]])
<code bash>
# unbanning:
	# find ip to unban
	sudo iptables -L -n
		# Chain f2b-sshd (1 references)
		# target prot	opt	source			destination
		# REJECT	all	--	129.42.161.36	0.0.0.0/0	reject-with imcp-port-unreachable

	sudo iptables -L f2b-sshd -v -n --line-numbers

	
	# list fail2ban jails
	sudo fail2ban-client status
		# Status
		# |- Number of jail:	2
		#  - Jail list: nginx-http-auth, sshd
	
	# remove ip from jail:
	# 	iptables -D f2b-sshd 1
	sudo fail2ban-client set sshd unbanip 129.42.161.36
		# 129.42.161.36
	sudo fail2ban-client set sshd unbanip 129.42.161.36
		# ERROR NOK: ('IP 129.42.161.36 is not banned')
		# IP 129.42.161.36 is not banned
# logs:
	sudo iptables -L -n
</code>

===== misc ======

Automounting drive in thunar
<code bash>
nano /usr/share/polkit-1/rules.d/10-udisks2.rules
	polkit.addRule(function(action, subject) {
	    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
	         action.id == "org.freedesktop.udisks2.filesystem-mount")) {
	        return polkit.Result.YES;
	    }
	});
</code>

====== COMMON ISSUES ======
==== Memory / RAM issue ====

If you are experiencing frequent crashes, and there is nothing in the logs (/var/log/dmesg, /var/log/messages, /var/log/syslog, /var/log/Xorg*, journalctl, etc.), run dmesg live, and review log after crash + reboot

<code bash>
# Ensure journal storage is persistent, if not edit, and reboot
nano /etc/systemd/journald.conf
  [Journal]
  Storage=persistent
dmesg -W
journalctl -b -1
</code>

Journalctl log showing the cpu hanging
<code>
Aug 14 17:02:17 bl101 kernel: rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
Aug 14 17:02:17 bl101 kernel: rcu:         8-...0: (2 ticks this GP) idle=ad9c/1/0x4000000000000000 softirq=893254/893255 fqs=2272
Aug 14 17:02:17 bl101 kernel:         (detected by 11, t=5252 jiffies, g=5796209, q=120 ncpus=12)
Aug 14 17:02:17 bl101 kernel: Sending NMI from CPU 11 to CPUs 8:
Aug 14 17:02:17 bl101 kernel: watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [Xorg:977]
</code>

=== The FIX ===
Install earlyoom

Run early oom in autostart

<code bash>
sudo apt install earlyoom
nano ~/.config/openbox/autostart
  earlyoom -m 10 -s 70 2>> /var/log/earlyoom.log &
</code>