Linux - General

From Smithnet Wiki
Jump to navigation Jump to search

Cockpit

dnf install cockpit
systemctl enable --now cockpit.socket
systemctl start --now cockpit.socket
firewall-cmd  --permanent --add-service=cockpit

Gnome

Window Manager

Bring back minimise/maximise buttons:

gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,maximize,close"

Power Settings

Fedora 38 changed default power settings. Per-user can be control in the control UI widget. For workstation edition, there is a default that applies at login screen (eg after reboot).

Check with:

sudo -u gdm dbus-run-session gsettings list-recursively org.gnome.settings-daemon.plugins.power | grep sleep

Set (eg to 1 hour) with:

sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 3600

To disable, set to 0.

OneDrive

Microsoft OneDrive sync:

  • install package: onedrive

Authorization:

onedrive

and follow link to generate a login link to give back to onedrive.

  • Storage in ~/OneDrive
  • Configuration in ~/.config/onedrive

Show config:

onedrive --display-config

Dry run Synchronise:

onedrive --synchronize --dry-run --verbose

Synchronise:

onedrive --synchronize

Sync file list in ~/.config/ondrive/sync_list like:

# Demo
/Security/*.kdbx
!/Documents/Unwanted
/Documents
!/Temp

Then test:

onedrive --synchronize --dry-run --verbose

See also here

Grub

In /etc/default/grub, add to GRUB_CMDLINE_LINUX (GRUB_CMDLINE_XEN):

  • dom0_mem=max:1024M dom0_max_vcpus=1
grub2-mkconfig -o /boot/grub2/grub.cfg

SELinux

getenforce
setenforce 1
setenforce Enforcing
sestatus

Show all boolean flags (state and default):

semanage boolean --list

Boolean flags (-P for persistence accross reboots):

getsebool -a
setsebool -P httpd_read_user_content true
setsebool -P httpd_enable_homedirs true

or with semanage tool:

semanage boolean --modify --on httpd_enable_homedirs

Interrogate SE policy:

sesearch --allow -s httpd_t -b httpd_enable_homedirs

Use setroubleshoot to diagnose blocked activities.

systemd

Service Control

Basic use:

systemctl start something
systemctl stop something
systemctl enable something
systemctl disable something

Service definition files in:

  • /usr/lib/systemd/system

Deinitions with "@" names have argument passed as parameter, such as:

systemctl status clamd@scan

Show all defintions:

systemctl list-unit-files --type=service

Log Monitoring

All entries from boot time in UTC:

journalctl -b --utc

Show how many boots are recorded:

journalctl --list-boots

Time window:

journalctl --since "2022-01-01 00:50" --until yesterday
journalctl --since 09:00 --until "1 hour ago"

Filter by unit (multiple -u options can be given):

journalctl -u httpd.service

Filter by UID/GID:

journalctl _UID=1000 _GID=1000

Do not page kernel messages:

journalctl -k --no-pager

SHow only 20 lines, or follow:

journalctl -20
journalctl -f

Timers

See also here.

Show timers:

systemctl status *timer

Create unit file:

  • /etc/systemd/system/example.timer
[Unit]
Description=Example Timer

[Timer]
OnCalendar=*-*-* *:0/15
Persistent=true
Unit=example.service

[Install]
WantedBy=multi-user.target
  • Run every 15 mins
  • Persistent=true: If the system is offline during a scheduled run, execute when the system is next online.

Create service file:

  • /etc/systemd/system/example.service
[Unit]
Description=Example Service 

[Service]
Type=simple
Restart=always
ExecStart=/usr/bin/python3 /example.py

Enable and start the timer:

systemctl daemon-reload
systemctl enable example.timer
systemctl start example.timer

Check with:

systemctl status example.timer
journalctl -f -u example.service

OnCalendar

Check with:

# systemd-analyze calendar '*-*-* *:0/15'
  Original form: *-*-* *:0/15
Normalized form: *-*-* *:00/15:00
    Next elapse: Wed 2024-05-15 06:45:00 BST
       (in UTC): Wed 2024-05-15 05:45:00 UTC
       From now: 9min left

Stress-NG

Load CPU:

stress-ng --cpu 4 --timeout 60s --metrics

Swap

Add filesystem swap:

fallocate -l 1G /somepath/swap
chmod 600 /somepath/swap
mkswap /somepath/swap
swapon /somepath/swap

Check:

swapon
NAME              TYPE       SIZE   USED PRIO
/dev/sda2         partition    8G 219.8M   -2
/somepath/swap    file      1024M     0B   -3

And then add a line to /etc/fstab to ensure it is enabled at boot:

/somepath/swap                         swap                    swap    defaults         0 0

Timezone

Show available zones:

timedatectl list-timezones

Set and check:

timedatectl set-timezone timedatectl
timedatectl

UDEV

See also: Udev and Udev Rules.

Custom rules files in /etc/udev/rules.d and must have .rules suffix, system rules live in /usr/lib/udev/rules.d. The are processed in lexographical order.

Display device attributes with:

udevadm info --query=env --name=/dev/sdg

Match the kernel assigned name for disk, and add (+=) a symlink with a new name "/dev/bigdata":

KERNEL=="sdb", SYMLINK+="bigdata"

Match PATH_ID from udevadm command, and add a symlink to a new name "/dev/database":

SUBSYSTEM=="block", ATTRS{ID_PATH}=="pci-0000:00:10.0-scsi-0:0:1:0", SYMLINK+="database"

Matching on ID_PART_TABLE_UUID is another candidate.

  • Sepate multiple matches (==) with commas
  • Single assignment (=) or append to list (+=).

Users / Accounts

Show password hashing algorithm:

authconfig --test | grep hashing

Set algorithm:

authconfig --passalgo=sha512 --update

Control password policy:

  • /etc/security/pwquality.conf