- Linux Releases
- Install
- Download
- Mirrors
- Bash
- Init
- Exit code
- Syslog Message Severities
- Signals
- kill
- top
- User & Permission
- Package Management
- Grub
- boot repair
- Serial
- Benchmark
- sshd
- ssh redirect
- web
- files
- history without line numbers
- hostname
- font
- SELinux
- Dropbox
- Ubuntu snap
- JAVA_HOME
- I18N & I10N
- Chrome
- AD
- cache diagnostics
- WOL
- Tools - Online
- CPU
- USB Persistence
- kali
- ssh
- Video
- OpenCL
- zFCP
- Diagram
- diskless
Linux Releases¶
6.0 Squeeze 2.6.32 -> Security until February 2016
7 Wheezy 3.2 -> Security until May 2018
8 Jessie 3.16 -> Security until April/May 2020
9 Stretch 4.9 -> Security until June 2022
10 Buster 4.19 -> Security until June 2024
11 Bullseye 5.10 -> Security until June 2026
12 Bookworm 6.1 -> Security until June 2028
Install¶
from existing: https://www.debian.org/releases/stretch/amd64/apds03.html.en
Download¶
Debian¶
https://www.debian.org/CD/live/
Ubuntu¶
http://ftp.sjtu.edu.cn/ubuntu-cd/
http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/mini.iso
( Mirror only http://us.archive.ubuntu.com/ , need proxy, local DNS not working )
Debug: Console 4 or /var/log/syslog
Mirrors¶
- https://debgen.github.io/
-
https://mirrors.tuna.tsinghua.edu.cn/help/debian/
apt install netselect-apt && netselect-apt -c china –nonfree mv /etc/apt/sources.list /etc/apt/sources.list.ori && mv sources.list /etc/apt/
Bash¶
https://www.gnu.org/software/bash/manual/bash.html
url=https://raw.githubusercontent.com/fzinfz/scripts/master/init.sh # alias & functions
source /dev/stdin <<< "$(curl -sS $url)"
set
-x debug
-T If set, any traps on DEBUG and RETURN are inherited
-o functrace/errtrace
shopt [-pqsu] [-o] [optname …]
-s: Enable (set) each optname.
-u: Disable (unset) each optname.
shopt -s expand_aliases # when the shell is not interactive
alias foo='...'
0: stdin; 1: stdout; 2: stderr # File descriptor
2>&1 >/dev/null
&>/dev/null
ssh-add 2>/dev/null
https://git.savannah.gnu.org/cgit/bash.git/
tmux¶
ctrl+b x -> kill pane # /usr/share/doc/tmux/examples/screen-keys.conf
cat /usr/share/doc/tmux/examples/screen-keys.conf | grep '\bbind \w'
Init¶
| Level | Desc |
|---|---|
| 0 | Halt the system. |
| 1 | Single-user mode (for special administration). |
| 2 | Local Multiuser with Networking but without network service (like NFS) |
| 3 | Full Multiuser with Networking |
| 4 | Not Used |
| 5 | Full Multiuser with Networking and X Windows(GUI) |
| 6 | Reboot. |
ls -R -l /etc/rc*
ls -l /usr/lib/systemd # check `systemd` page for more
ls -l /usr/share/upstart # last release 2014; 3 years ago
ls -l /etc/init.d # SysV init
cat /etc/modules-load.d/*
apt install systemd-sysv # make link: /sbin/init -> /lib/systemd/systemd
login & non-login shells¶
https://www.gnu.org/software/bash/manual/html_node/Bash-Startup-Files.html
login shells:
/etc/profile
~/.bash_profile(?-> ~/.bashrc), ~/.bash_login, and ~/.profile
exit: ~/.bash_logout
non-login shells:
~/.bashrc
# echo $0 : `shopt login_shell` \| $-
-bash : login_shell on | himBHs
# bash
# echo $0 : `shopt login_shell` \| $-
bash : login_shell off | himBHs
# bash -c 'echo $0 : `shopt login_shell` \| $-'
bash : login_shell off | hBc
supervisord¶
http://supervisord.org/running.html
Exit code¶
http://tldp.org/LDP/abs/html/exitcodes.html
1 Catchall for general errors
2 Misuse of shell builtins
126 Command invoked cannot execute
127 "command not found" illegal_command Possible problem with $PATH or a typo
128+n Fatal error signal "n"
kill -9 $PPID of script $? returns 137 (128 + 9)
130 Script terminated by Control-C
Syslog Message Severities¶
https://tools.ietf.org/html/rfc5424#section-6.2.1
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Signals¶
kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL ... 64) SIGRTMAX
kill¶
pkill -KILL -u {username}
top¶
* 1 - Single Cpu Off (thus multiple cpus)
* c - Command line Off (name, not cmdline)
* i - Idle tasks On (show all tasks)
j - Str align right Off (not right justify)
V - Forest view On (show as branches)
f - sort/hide columns
(`*') could be overridden through the command-line.
Glances - A top/htop alternative - Python¶
https://github.com/nicolargo/glances
pip install glances[action,browser,cloud,cpuinfo,chart,docker,export,folders,gpu,ip,raid,snmp,web,wifi]
User & Permission¶
add user to group¶
sudo adduser foobar www-data
sudo usermod -a -G ftp tony
password¶
echo user:pwd | chpasswd
sudoers¶
sudo visudo
root ALL=(ALL) ALL # {terminals}=({users}) {commands}
%supergroup ALL=(ALL) NOPASSWD:ALL
chown¶
chown -h myuser:mygroup mysymbolic
Package Management¶
Redhat¶
Free RHEL: https://developers.redhat.com/articles/no-cost-rhel-faq/
subscription-manager register
subscription-manager attach --auto
subscription-manager repos --enable rhel-7-server-optional-rpms
subscription-manager repos --enable rhel-7-server-extras-rpms
yum install epel-release
rm -f /var/run/yum.pid <PID> && yum remove PackageKit
yum-config-manager --disable c7-media
yum --nogpgcheck localinstall xx.rpm
### EPEL
http://elrepo.org/tiki/tiki-index.php
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum install yum-plugin-fastestmirror
yum --enablerepo=elrepo-kernel install kernel-ml
Ubuntu¶
Main - Canonical-supported free and open-source software.
Universe - Community-maintained free and open-source software.
Restricted - Proprietary drivers for devices.
Multiverse - Software restricted by copyright or legal issues.
# https://mirror.tuna.tsinghua.edu.cn/help/ubuntu/
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
Debian¶
→ experimental
→ unstable(Sid) → testing → stable
Unstable - repository where new & untested packages are introduced.
Testing - repository with packages from unstable, if no bug are found within 10 days.
main consists of DFSG-compliant packages, which do not rely on software outside this area to operate. These are the only packages considered part of the Debian distribution.
contrib packages contain DFSG-compliant software, but have dependencies not in main (possibly packaged for Debian in non-free).
non-free contains software that does not comply with the DFSG.
deb http://mirror.sjtu.edu.cn/debian/ bullseye main contrib non-free
experimental¶
deb http://mirror.sjtu.edu.cn/debian/ experimental main contrib non-free
apt install -t experimental linux-image-amd64 # latest kernel
dpkg¶
dpkg --get-selections # list installed
To install .deb manually, visit linux/kernel page.
apt¶
apt-get install linux-base -t jessie-backports
apt-cache search linux-image | grep linux-image-4
apt install linux-image-4.10.0-9-generic linux-image-extra-4.10.0-9-generic
apt show linux-image-extra-4.10*
apt-get install --only-upgrade docker-engine
apt policy docker-ce | head -n 20
apt-get autoclean
apt list --installed
rm -r /var/lib/apt/lists/*
echo 'Acquire::http::Proxy "http://192.168.88.25:7890"; ' > /etc/apt/apt.conf.d/proxy
ssh server¶
deb http://.../debian/ buster main contrib non-free
apt install openssh-server # not "openssl"
journalctl -u ssh # fix: ssh-rsa not in PubkeyAcceptedAlgorithms
PubkeyAcceptedAlgorithms +ssh-rsa
Grub¶
grub2-mkconfig -o /boot/grub2/grub.cfg
awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg
grub2-set-default 'CentOS Linux (4.9.0-rc8-amd64) 7 (Core)'
grub2-editenv list
fix: https://www.supergrubdisk.org/category/download/
grub-customizer¶
sudo add-apt-repository ppa:danielrichter2007/grub-customizer
sudo apt-get update
sudo apt-get install grub-customizer
boot .iso¶
https://netboot.xyz/docs/booting/grub
apt install grub-imageboot
mkdir /boot/images && cd /boot/images
wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso
update-grub2
boot repair¶
https://sourceforge.net/p/boot-repair-cd/home/Home/ apt install linux-image-* # if vmlinuz & initrd.img missing
ubuntu¶
sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair
Serial¶
https://help.ubuntu.com/community/SerialConsoleHowto
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
client¶
screen /dev/ttyUSB0 115200
picocom -b 115200 /dev/ttyUSB0
Benchmark¶
http://www.brendangregg.com/Perf/linux_benchmarking_tools.png
sysbench --test=cpu --cpu-max-prime=20000 --num-threads=32 run
wget http://www.numberworld.org/y-cruncher/y-cruncher%20v0.7.9.9510-static.tar.xz
tar -xf y-cruncher*.tar.xz
sshd¶
mobaxterm login failed: No supported authentication methods
PubkeyAcceptedAlgorithms +ssh-rsa # sshd_config # journalctl -u ssh
ssh redirect¶
ssh -L 9000:public.com:80 # visit local:9000 -> public.com:80
ssh -L 0.0.0.0:54321:127.0.0.1:54321 remote -p 22
ssh -R 9000:localhost:3000 # visit remote:9000 -> local:3000, "GatewayPorts yes" in sshd_config
-nNT -L ... # port forwarding only, no shell
web¶
wget¶
wget -O diff_name.zip http://...
curl¶
curl -O http://...
curl -o diff_name.zip http://
curl -sSL $1
-f, --fail Fail silently (no output at all) on HTTP errors (H)
-s, --silent Silent mode (don't output anything)
-S, --show-error Show error. With -s, make curl show errors when they occur
-L, --location Follow redirects (H)
-o, --output FILE Write to FILE instead of stdout
-O, --remote-name Write output to a file named as the remote file
files¶
String replace: http://unix.stackexchange.com/questions/112023/how-can-i-replace-a-string-in-a-files
apt-get install mlocate
updatedb
locate -S
lsof -p <PID>
ls --help | grep -E '[-][tr]\b'
-r, --reverse reverse order while sorting
extension -X, size -S, time -t, version -v
-t sort by modification time, newest first
mkdir -p /not/existing/folder
cat > file <<'EOL'
EOL
ncdu --exclude='/root/data/*' /
du -hcd 2 / | more
du -a / | sort -n -r | head -n 20
ls -1 $PWD | wc -l # count files
file /bin/ps
ldd /bin/ps
find¶
find /home -iname tecmint.txt
find $1 -iname $2
# find . ! -readable / -writable / -executabl
# find . ! -perm -g=w
find -regextype posix-extended -regex ".*[.](py|sh)" -exec chmod +x {} \;
grep¶
grep --color=auto -rn -P "${regex}" ${path}
# -r, --recursive like --directories=recurse
# -n, --line-number print line number with output lines
# -P, --perl-regexp PATTERN is a Perl regular expression
compress/uncompress¶
gunzip file.gz
tar -czvf name-of-archive.tar.gz /path/to/directory-or-file # Compress
tar -tvf my-data.tar.gz '*.py'
tar -zxvf toExtract.tar.gz
tar -xvf {tarball.tar} {special_file} -C /target/directory
tar -cf archive.tar foo bar # Create archive.tar from files foo and bar.
tar -tvf archive.tar # List all files in archive.tar verbosely.
tar -xf archive.tar # Extract all files from archive.tar.
-t, --list list the contents of an archive
-j, --bzip2 filter the archive through bzip2
-c, --create create a new archive
-x, --extract, --get extract files from an archive
-z, --gzip, --gunzip, --ungzip filter the archive through gzip
-v, --verbose verbosely list files processed
-f, --file=ARCHIVE use archive file or device ARCHIVE
zip [options] zipfile files_list
-r recurse into directories
-x exclude the following names
-v verbose operation/print version info
-m move into zipfile (delete OS files) !!
-d delete entries in zipfile !!!
-u update: only changed or new files
xz --decompress file.xz # -dgrub # unxz
rsync¶
rsync -aP -e "ssh -p $3" $1 root@$2
rsync -aP /root/_bin root@remote:/root
rsync -aP -e "ssh -p 10220" /local root@remote:/dir --remove-source-files
-v, --verbose increase verbosity
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
--no-OPTION turn off an implied OPTION (e.g. --no-D)
-r, --recursive recurse into directories
-l, --links copy symlinks as symlinks
-p, --perms preserve permissions
-o, --owner preserve owner (super-user only)
-g, --group preserve group
-D same as --devices --specials
-t, --times preserve modification times
-S, --sparse handle sparse files efficiently
-e, --rsh=COMMAND specify the remote shell to use
--partial keep partially transferred files
--partial-dir=DIR put a partially transferred file into DIR
-z, --compress compress file data during the transfer
--progress show progress during transfer
-P same as --partial --progress
history without line numbers¶
history | cut -c 8-
-a append history lines from this session to the history file ~/.bash_history
hostname¶
hostnamectl set-hostname GZ2C8G
font¶
apt-get install xfonts-base
SELinux¶
getenforce
semanage port -a -t mongod_port_t -p tcp 27017
Dropbox¶
link account¶
~/.dropbox-dist/dropboxd
dropboxd will create a ~/Dropbox folder and start synchronizing it after this step!
unlink: https://www.dropbox.com/account#security
Ubuntu snap¶
run without root
Proxy¶
vi /etc/environment
systemctl restart snapd
JAVA_HOME¶
echo export JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" >> /etc/profile
I18N & I10N¶
apt install -y locales-all
locale -a
dpkg-reconfigure locales
yum grouplist chinese-support
sudo apt-get install -y ttf-wqy-microhei #文泉驿-微米黑
sudo apt-get install -y ttf-wqy-zenhei #文泉驿-正黑
sudo apt-get install -y xfonts-wqy #文泉驿-点阵宋体
Chrome¶
chromium --no-sandbox # start as root
AD¶
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_NT4_PDC_(Quick_Start)
cache diagnostics¶
git clone https://github.com/hoytech/vmtouch.git
cd vmtouch && make && sudo make install
Discovering which files your OS is caching
Telling the OS to cache or evict certain files or regions of files
Locking files into memory so the OS won't evict them
Preserving virtual memory profile when failing over servers
Keeping a "hot-standby" file-server
Plotting filesystem cache usage over time
Maintaining "soft quotas" of cache usage
Speeding up batch/cron jobs
WOL¶
ethtool enp1s0 | grep Wake-on
p (PHY activity)
u (unicast activity)
m (multicast activity)
b (broadcast activity)
g (magic packet activity) *
a (ARP activity)
d (disabled)
Tools - Online¶
CPU¶
getconf LONG_BIT
check_cpu_core_mapping¶
https://www.ibm.com/support/knowledgecenter/en/SSQPD3_2.6.0/com.ibm.wllm.doc/mappingcpustocore.html
same physical/core ID =》 simultaneous multi threads (SMTs) / HT
cat /proc/cpuinfo | grep -P 'processor|physical id|core id|^$'
pip install walnut # pretty print
for c in sorted([ ( int(c['processor']), int(c['physical id']), int(c['core id']) ) for c in cpu.dict().values()]): print c
USB Persistence¶
https://docs.kali.org/downloading/kali-linux-live-usb-persistence
http://antix.mepis.org/index.php?title=Using_liveusb_with_persistence
kali¶
x86/M1/Live/VM/WSL/etc: https://www.kali.org/get-kali
Docker: https://hub.docker.com/u/kalilinux/
ssh¶
Since 2022.1: https://www.kali.org/docs/general-use/ssh-configuration/ - kali-tweaks -> Hardening -> Strong Security (the default) and Wide Compatibility
ls -l /etc/ssh/ssh_host_*
systemctl disable regenerate-ssh-host-keys.service
tools¶
https://www.kali.org/tools/
screenshots/cheat sheet: https://www.comparitech.com/net-admin/kali-linux-cheat-sheet/#Kali_Linux_tools
Video¶
dpkg -l amdgpu-pro
glxinfo | grep direct
GALLIUM_HUD=help glxgears
OpenCL¶
installable client driver loader (ICD Loader) may expose multiple separate vendor installable client drivers (Vendor ICDs) for OpenCL.
sudo apt install ocl-icd-opencl-dev
zFCP¶
device driver that supplements the Linux SCSI stack.
Diagram¶
diskless¶
https://help.ubuntu.com/community/DisklessUbuntuHowto
docker run --network=host -d leejoneshane/drbl-server
http://web.mst.edu/~vojtat/pegasus/administration.htm
based on Scientific Linux 7 / CentOS 7 / Red Hat Enterprise Linux 7