Linux - General: Difference between revisions

From Smithnet Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 2: Line 2:


  dnf install cockpit
  dnf install cockpit
  systemctl enable --now cockpit.socket
  systemctl enable cockpit.socket
  systemctl start --now cockpit.socket
  systemctl start cockpit.socket
  firewall-cmd  --permanent --add-service=cockpit
  firewall-cmd  --permanent --add-service=cockpit
Access via https://host.example.conm:9090
Default self-signed key and cert:
* /etc/cockpit/ws-certs.d/0-self-signed.key
* /etc/cockpit/ws-certs.d/0-self-signed.cert


== Gnome ==
== Gnome ==
Line 24: Line 30:


To disable, set to 0.
To disable, set to 0.
== MOTD ==
Files in /etc/motd.d, create text with banner or figlet.


== OneDrive ==
== OneDrive ==
Line 63: Line 73:
* dom0_mem=max:1024M dom0_max_vcpus=1
* dom0_mem=max:1024M dom0_max_vcpus=1
  grub2-mkconfig -o /boot/grub2/grub.cfg
  grub2-mkconfig -o /boot/grub2/grub.cfg
== RPM ==
Extract files from an RPM without installing:
rpm2cpio ./something.rpm | cpio -idmv


== SELinux ==
== SELinux ==
Line 81: Line 96:
or with semanage tool:
or with semanage tool:
  semanage boolean --modify --on httpd_enable_homedirs
  semanage boolean --modify --on httpd_enable_homedirs
Change context of the public directory and its contents:
chcon -R -t httpd_user_content_t public_html
Change context of writable directory:
semanage fcontext -a -t httpd_sys_rw_content_t '/home/jblogs/public_html/writable'
Restore to default context:
restorecon -v '/home/jblogs/public_html'


Interrogate SE policy:
Interrogate SE policy:
Line 130: Line 154:
  journalctl -20
  journalctl -20
  journalctl -f
  journalctl -f
=== Service Definitions ===
See also:
* [https://www.freedesktop.org/software/systemd/man/255/systemd.service.html Systemd Services]
Create service file:
* /etc/systemd/system/example.service
[Unit]
Description=Example Service
[Service]
Type=oneshot
ExecStart=/usr/bin/python3 /example.py
A oneshot type is suitable for commands that run and then finish. The default type is simple, which assumes service has started as soon as it starts executing.
Other optional settings:
Type=simple
Restart=always
User=jbloggs
WorkingDirectory=/blah
Note that systemd does not use a shell to exec so a shebang does not work: run explicity under sh, python3, etc.
For services intended to be started by systemctl, and entry such as:
[Install]
WantedBy=multi-user.target
is require, or WantedBy=, RequiredBy, etc.


=== Timers ===
=== Timers ===


See also [https://opensource.com/article/20/7/systemd-timers here].
See also:
* [https://opensource.com/article/20/7/systemd-timers here]


Show timers:
Show timers:
Line 159: Line 214:
* Run 10 mins after booting, 5 min after activation and every 15 mins
* Run 10 mins after booting, 5 min after activation and every 15 mins
* Persistent=true: If the system is offline during a scheduled run, execute when the system is next online.
* Persistent=true: If the system is offline during a scheduled run, execute when the system is next online.
Create service file:
* /etc/systemd/system/example.service
[Unit]
Description=Example Service
[Service]
ExecStart=/usr/bin/python3 /example.py
Other optional settings:
Type=simple
Restart=always
User=jbloggs
WorkingDirectory=/blah
Note that systemd does not use a shell to exec so a shebang does not work: run explicity under sh, python3, etc.


Check syntax:
Check syntax:

Latest revision as of 20:30, 17 June 2024

Cockpit

dnf install cockpit
systemctl enable cockpit.socket
systemctl start cockpit.socket
firewall-cmd  --permanent --add-service=cockpit

Access via https://host.example.conm:9090

Default self-signed key and cert:

  • /etc/cockpit/ws-certs.d/0-self-signed.key
  • /etc/cockpit/ws-certs.d/0-self-signed.cert

Gnome

Window Manager

Bring back minimise/maximise buttons:

gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,maximize,close"

Power Settings

Fedora 38 changed default power settings. Per-user can be control in the control UI widget. For workstation edition, there is a default that applies at login screen (eg after reboot).

Check with:

sudo -u gdm dbus-run-session gsettings list-recursively org.gnome.settings-daemon.plugins.power | grep sleep

Set (eg to 1 hour) with:

sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 3600

To disable, set to 0.

MOTD

Files in /etc/motd.d, create text with banner or figlet.

OneDrive

Microsoft OneDrive sync:

  • install package: onedrive

Authorization:

onedrive

and follow link to generate a login link to give back to onedrive.

  • Storage in ~/OneDrive
  • Configuration in ~/.config/onedrive

Show config:

onedrive --display-config

Dry run Synchronise:

onedrive --synchronize --dry-run --verbose

Synchronise:

onedrive --synchronize

Sync file list in ~/.config/ondrive/sync_list like:

# Demo
/Security/*.kdbx
!/Documents/Unwanted
/Documents
!/Temp

Then test:

onedrive --synchronize --dry-run --verbose

See also here

Grub

In /etc/default/grub, add to GRUB_CMDLINE_LINUX (GRUB_CMDLINE_XEN):

  • dom0_mem=max:1024M dom0_max_vcpus=1
grub2-mkconfig -o /boot/grub2/grub.cfg

RPM

Extract files from an RPM without installing:

rpm2cpio ./something.rpm | cpio -idmv

SELinux

getenforce
setenforce 1
setenforce Enforcing
sestatus

Show all boolean flags (state and default):

semanage boolean --list

Boolean flags (-P for persistence accross reboots):

getsebool -a
setsebool -P httpd_read_user_content true
setsebool -P httpd_enable_homedirs true

or with semanage tool:

semanage boolean --modify --on httpd_enable_homedirs

Change context of the public directory and its contents:

chcon -R -t httpd_user_content_t public_html

Change context of writable directory:

semanage fcontext -a -t httpd_sys_rw_content_t '/home/jblogs/public_html/writable'

Restore to default context:

restorecon -v '/home/jblogs/public_html'

Interrogate SE policy:

sesearch --allow -s httpd_t -b httpd_enable_homedirs

Use setroubleshoot to diagnose blocked activities.

systemd

Service Control

Basic use:

systemctl start something
systemctl stop something
systemctl enable something
systemctl disable something

Service definition files in:

  • /usr/lib/systemd/system

Deinitions with "@" names have argument passed as parameter, such as:

systemctl status clamd@scan

Show all defintions:

systemctl list-unit-files --type=service

Log Monitoring

All entries from boot time in UTC:

journalctl -b --utc

Show how many boots are recorded:

journalctl --list-boots

Time window:

journalctl --since "2022-01-01 00:50" --until yesterday
journalctl --since 09:00 --until "1 hour ago"

Filter by unit (multiple -u options can be given):

journalctl -u httpd.service

Filter by UID/GID:

journalctl _UID=1000 _GID=1000

Do not page kernel messages:

journalctl -k --no-pager

SHow only 20 lines, or follow:

journalctl -20
journalctl -f

Service Definitions

See also:

Create service file:

  • /etc/systemd/system/example.service
[Unit]
Description=Example Service 

[Service]
Type=oneshot
ExecStart=/usr/bin/python3 /example.py

A oneshot type is suitable for commands that run and then finish. The default type is simple, which assumes service has started as soon as it starts executing.

Other optional settings:

Type=simple
Restart=always
User=jbloggs
WorkingDirectory=/blah

Note that systemd does not use a shell to exec so a shebang does not work: run explicity under sh, python3, etc.

For services intended to be started by systemctl, and entry such as:

[Install]
WantedBy=multi-user.target

is require, or WantedBy=, RequiredBy, etc.

Timers

See also:

Show timers:

systemctl list-timers
systemctl list-timers -all
systemctl list-timers state=failed
systemctl status *timer

Create unit file:

  • /etc/systemd/system/example.timer
[Unit]
Description=Example Timer

[Timer]
OnBootSec=10min
OnUnitActiveSec=5min
OnCalendar=*-*-* *:0/15
Persistent=true
Unit=example.service

[Install]
WantedBy=multi-user.target
  • Run 10 mins after booting, 5 min after activation and every 15 mins
  • Persistent=true: If the system is offline during a scheduled run, execute when the system is next online.

Check syntax:

systemd-analyze verify example.*

Enable and start the timer:

systemctl daemon-reload
systemctl enable example.timer
systemctl start example.timer

Check with:

systemctl status example.timer
journalctl -f -u example.service

OnCalendar

General format (Day Of Week is optional):

  • DOW YYYY-MM-DD HH:MM:SS
Definition Meaning
OnCalendar Examples
* Weekly Weekly
* *-*-* 00:30:00 Every month at 30 mins past midnight
Sun 2025-*-* 03:00:00 Every Sunday in 2025 at 0300
*-*-* *:*:00 Every Minute
*-*-* *:*/5:00 Every 5 minutes
*-*-* *:*/30:00 Every 30 minutes
*-*-* *:00:00 Every 1 hour
*-*-* */2:00:00 Every other hour
*-*-* */12:00:00 Every 12 hour
*-*-* 9-17:00:00 Between certain hours
*-*-* 00:00:00 Daily
*-*-* 01:00:00 Every Night
*-*-* 02:00:00 Every Night at 2am
*-*-* 07:00:00 Every morning
*-*-* 00:00:00 Every midnight
Sun *-*-* 00:00:00 Every sunday
Fri *-*-* 00:00:00 Every friday at midnight
Mon...Fri *-*-* 00:00:00 Every weekday
Sat,Sun *-*-* 00:00:00 Every weekend
* *-*-* 00:00:00 Every 7 days
* *-*-01 00:00:00 Monthly
* *-01,04,07,10-01 00:00:00 Every quarter
* *-01,07-01 00:00:00 Every 6 months
* *-01-01 00:00:00 Every year

Check with:

# systemd-analyze calendar '*-*-* *:0/15'
  Original form: *-*-* *:0/15
Normalized form: *-*-* *:00/15:00
    Next elapse: Wed 2024-05-15 06:45:00 BST
       (in UTC): Wed 2024-05-15 05:45:00 UTC
       From now: 9min left

Stress-NG

Load CPU:

stress-ng --cpu 4 --timeout 60s --metrics

Swap

Add filesystem swap:

fallocate -l 1G /somepath/swap
chmod 600 /somepath/swap
mkswap /somepath/swap
swapon /somepath/swap

Check:

swapon
NAME              TYPE       SIZE   USED PRIO
/dev/sda2         partition    8G 219.8M   -2
/somepath/swap    file      1024M     0B   -3

And then add a line to /etc/fstab to ensure it is enabled at boot:

/somepath/swap                         swap                    swap    defaults         0 0

Timezone

Show available zones:

timedatectl list-timezones

Set and check:

timedatectl set-timezone timedatectl
timedatectl

UDEV

See also: Udev and Udev Rules.

Custom rules files in /etc/udev/rules.d and must have .rules suffix, system rules live in /usr/lib/udev/rules.d. The are processed in lexographical order.

Display device attributes with:

udevadm info --query=env --name=/dev/sdg

Match the kernel assigned name for disk, and add (+=) a symlink with a new name "/dev/bigdata":

KERNEL=="sdb", SYMLINK+="bigdata"

Match PATH_ID from udevadm command, and add a symlink to a new name "/dev/database":

SUBSYSTEM=="block", ATTRS{ID_PATH}=="pci-0000:00:10.0-scsi-0:0:1:0", SYMLINK+="database"

Matching on ID_PART_TABLE_UUID is another candidate.

  • Sepate multiple matches (==) with commas
  • Single assignment (=) or append to list (+=).

Users / Accounts

Show password hashing algorithm:

authconfig --test | grep hashing

Set algorithm:

authconfig --passalgo=sha512 --update

Control password policy:

  • /etc/security/pwquality.conf