User:Clarcyl/Linux

From mediawiki.org

DNS[edit]

DNS1=
DNS2=
DOMAIN=

ACL[edit]

Ajouter[edit]

setfacl -Rm u:bernard:rw RepertoireDeTest/

Supprimer[edit]

setfacl -b RepertoireDeTest/
setfacl -x u:patrick,g:bernard test

Afficher[edit]

getfacl reperoireDeTest/

Reboot without[edit]

touch /fastboot

shutdown -rf now

sudo[edit]

  • Editer
sudoedit /etc/sudoers
  • Sans password
identifiant	ALL = NOPASSWD: commande,autrecommande
  • Avec password
identifiant	ALL = (user) commande,autrecommande

Information[edit]

Version 32B ou 64B 

uname -a

Firewall[edit]

Centos 6[edit]

  • Logger les drop sur un iptables
iptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22  -j ACCEPT
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

puis 

tail -f /var/log/messages

CentOS 7[edit]

To allow the 443/tcp port temporary in the internal zone, type: 

# firewall-cmd --permanent --zone=internal --add-service=http
# firewall-cmd --reload

# firewall-cmd  --permanent --zone=public --add-port=53/tcp
# firewall-cmd --reload

#  firewall-cmd [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>

Note: type –remove-port=443/tcp to deny the port.

Add NFS rule in direct.xml 

# Allow TCP and UDP port 2049 for NFS.
# Allow TCP and UDP port 111 (rpcbind/sunrpc).
# Allow the TCP and UDP port specified with MOUNTD_PORT="port"
# Allow the TCP and UDP port specified with STATD_PORT="port"
# Allow the TCP port specified with LOCKD_TCPPORT="port"
# Allow the UDP port specified with LOCKD_UDPPORT="port"

Exemple : 

<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 111 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 111 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 2049 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 2049 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32803 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32803 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32769 -j ACCEPT</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32769 -j ACCEPT</rule>

List service/ports 

# firewall-cmd --list-services
# firewall-cmd --list-ports

List ports 

# firewall-cmd --list-services

Afficher la zone par defaut 

# firewall-cmd --set-default-zone=<zone>
# firewall-cmd --get-default-zone
public

@Source : http://www.tejasbarot.com/2014/08/05/rhel-7-centos-7-how-to-get-started-with-firewalld/#axzz3JVeFz0pt

OutGoing Traffix[edit]

Example : To DROP all applications ports 

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=0:1024 -j DROP

Example : To enable only outgoing port 80: 

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=80 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP

This will add it to permanent rules, not the runtime rules. You will need to reload permanent rules so they become runtime rules. 

firewall-cmd --reload

to display permanent rules 

firewall-cmd --permanent --direct --get-all-rules

to display runtime rules 

firewall-cmd --direct --get-all-rules

DĂ©sactiver interface graphique[edit]

Ă©diter /etc/inittab 

id:3:initdefault:

SAN[edit]

Print all MultiPathing[edit]

multipath -ll

Scan new Lun[edit]

# ls /sys/class/fc_host

# echo "1" > /sys/class/fc_host/host0/issue_lip
# echo "- - -" > /sys/class/scsi_host/host0/scan
# echo "1" > /sys/class/fc_host/host1/issue_lip
# echo "- - -" > /sys/class/scsi_host/host1/scan

Removing a Path to a Storage Device[edit]

echo offline > /sys/block/sda/device/state.
echo 1 > /sys/block/device-name/device/delete where device-name may be sde, for example (as described in Procedure 1, “Ensuring a Clean Device Removal”).

link ( https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Online_Storage_Reconfiguration_Guide/removing_path-to-storage-device.html )

Identifier un volume Datacore sur un systĂšme linux[edit]

Datacore :

Virtual disks > Selectionner mon vdisk > Settings > advanced > 

SCSI device Id :  naa.60030d90a4694d03f162e0255d93aa76

Linux : 

ll /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root  9 Jun 14 13:38 scsi-360030d90315f41435231300000000000 -> ../../sdg
lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d90315f41435231300000000000-part1 -> ../../sdg1
lrwxrwxrwx 1 root root  9 Jun 14 13:38 scsi-360030d90325f41435231305f41726368 -> ../../sdh
lrwxrwxrwx 1 root root  9 Jun 14 13:38 scsi-360030d9049a34f03aca389ea72edad29 -> ../../sdb
lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d9049a34f03aca389ea72edad29-part1 -> ../../sde1
lrwxrwxrwx 1 root root  9 Jun 14 13:38 scsi-360030d909f9cde06e480478a99b099f5 -> ../../sdc
lrwxrwxrwx 1 root root  9 Jun 14 13:38 scsi-360030d90a4694d03f162e0255d93aa76 -> ../../sda

Ou alors : 

dmsetup info /dev/dm-1
Name:              360030d9049a34f03aca389ea72edad29
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        1
Event number:      1
Major, minor:      253, 1
Number of targets: 1
UUID: mpath-360030d9049a34f03aca389ea72edad29

Fait le lien avec /dev/dm-?? 

dmsetup ls
test-testlv	(253, 7)
SDataCoreSANmelody_2_ACR10_Archives	(253, 4)
360030d909f9cde06e480478a99b099f5	(253, 2)
360030d90a4694d03f162e0255d93aa76	(253, 0)
360030d9049a34f03aca389ea72edad29	(253, 1)
SDataCoreSANmelody_1_ACR10	(253, 3)
SDataCoreSANmelody_1_ACR10p1	(253, 6)
360030d9049a34f03aca389ea72edad29p1	(253, 5)

Le reste je sais tu sais faire !

Ajouter un disque[edit]

sudo vgcreate vol_grp1 /dev/sda6 /dev/sda7   
sudo lvcreate -l 20 -n logical_vol1 vol_grp1 
sudo  mkfs.ext3 /dev/vol_grp1/logical_vol1

commande RĂ©seau[edit]

Ecoute d'un port (2000) 

sudo tcpdump  -XX -vv -s0 -i eth0 tcp  port 2000

Copier un fichier vers un port réseau 

# nc  -vv  194.177.51.33 2000 < README.txt
Connection to 194.177.51.33 2000 port [tcp/sieve-filter] succeeded!

Network[edit]

AprĂšs un changement de carte rĂ©seau la modification de la mac adresse dans ifcfg-eth0 ne suffit pas il faut en plus : 

cd /etc/udev/rules.d/
cp 70-persistent-net.rules /root/
rm 70-persistent-net.rules
reboot

Si le probleme n'est pas rĂ©solu: Si dans dmesg le message suivant apparait : 

udev: renamed network interface eth0 to eth1

editer le fichier : 

/etc/udev/rules.d/70-persistent-net.rules

Normally, you should have a double entry (eth0 and eth1) with different MAC address. This often happen when the OS is virtualized. Just delete the whole entry for eth1 and then rename eth1 to eth0 on the following entry and reboot

Cut[edit]

DĂ©coupe le fichier en X partie avec le caractĂšre : (:) et rĂ©cupĂšre la premiĂšre (1) 

cut -d : -f 1 ficher.txt

Renice[edit]

renice -19 PID

Sed[edit]

sed -e "s/avant/apres/g" fichier.txt> test.txt

Classer les répertoires par taille[edit]

du -k . | sort -n

Gestion de paquets[edit]

  • installalation
rpm -ivh
  • paquets installĂ©
rmp -qa | grep -i NomDupaquet
  • uninstall
rpm -e

Montage[edit]

mount -t iso9660 /dev/cdrom /mnt/cdrom

umount /home/
umount: /home/: device is busy.
fuser -kmiuv /home/
                    USER        PID ACCESS COMMAND
/home/:              root     kernel mount (root)/home
                    boinc      2167 F.c.m (boinc)boinc
                    pcr        3326 ..c.. (pcr)sh
Tuer le processus 2167 ? (y/N) N
Tuer le processus 3326 ? (y/N)

Groupe[edit]

  • ajouter un utilisateur
usermod -G group user
usermod -g primarygroup user

Compression[edit]

  • Compression
tar -cvf fichier.tar MonRepertoire1
tar -czvf fichier.tar.gz MonRepertoire1
  • DĂ©compression
tar -xvf fichier.tar
tar -xzvf fichier.tar.gz

ProblĂšme fstab[edit]

mount -o remount,rw /

ou 

mount -rw -o remount /

MYSQL[edit]

  • Definir un mot de passe
/usr/bin/mysqladmin -u root password motdepasse
  • import / export base
mysql -h host -u user -ppass base_de_donnees < fichier_dump
mysqldump [options] base_de_donnees > fichier.sql

Crontab[edit]

http://www.siteduzero.com/tutoriel-3-73917-crontab-executer-une-commande-regulierement.html 

# * * * * *  command to execute
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ └───── day of week (0 - 6) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0)
# │ │ │ └────────── month (1 - 12)
# │ │ └─────────────── day of month (1 - 31)
# │ └──────────────────── hour (0 - 23)
# └───────────────────────── min (0 - 59)

@reboot      Run once, at startup.
@yearly       Run once a year, "0 0 1 1 *".
@annually    (same as @yearly)
@monthly    Run once a month, "0 0 1 * *".
@weekly     Run once a week, "0 0 * * 0".
@daily        Run once a day, "0 0 * * *".
@midnight   (same as @daily)
@hourly      Run once an hour, "0 * * * *".

Recreer /dev/null[edit]

mknod /dev/null c 2 2

RCP[edit]

~/.rhosts
/etc/hosts.equiv

pour "rsh host command", le /etc/hosts doit ĂȘtre renseignĂ© sur les deux machines.

load average[edit]

#  top -b -n 1 | awk '{if (NR <=7) print; else if ($8 == "D") {print; count++} } END {print "Total status D: "count}'
top - 12:02:19 up 11 days,  2:04,  1 user,  load average: 6.15, 6.09, 6.01
Tasks: 613 total,   1 running, 612 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.1%us,  0.1%sy,  0.0%ni, 99.6%id,  0.2%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   8047248k total,  7074380k used,   972868k free,   141636k buffers
Swap:  8388600k total,        0k used,  8388600k free,  4723208k cached
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
3887 root      20   0  311m 158m  11m D  0.0  2.0 107:51.07 tina_bck
4704 root      20   0  412m 258m  11m D  0.0  3.3  10:53.91 tina_bck
13579 root      20   0  412m 259m  11m D  0.0  3.3  27:07.77 tina_bck
19242 root      20   0  311m 159m  11m D  0.0  2.0  68:56.35 tina_bck
27880 root      20   0  411m 258m  11m D  0.0  3.3   3:09.46 tina_bck
29998 root      20   0  310m 157m  11m D  0.0  2.0  37:54.05 tina_bck

ajouter les depots optionnel de RHEL[edit]

yum-config-manager --enable rhel-6-server-optional-rpms

ou 

subscription-manager repos --enable rhel-6-server-optional-rpms

Enregistrement Redhat[edit]

sur esx 2 rhn_register

date[edit]

date "+%y%m%d" 

140324

date --date="yesterday"

grep[edit]

zgrep -e " 50[234] " prod.access.log.3.gz

awk[edit]

.... | awk '{print $6}'
ps -ef | grep tail | grep -v grep |awk '{system("kill -9 "$2)}'
ps -ef | grep tail | grep -v grep |awk '{system("echo kill -9 "$2)}'

history[edit]

history | cut -c 8-

reduire nb de processeur[edit]

Change the boot arguments to use ony n number of CPU cores instead of m cores which are actually present, PROVIDED n

a) Add "maxcpus=n" in the bootargs during boot time: 

    linux    /boot/vmlinuz-2.6.31-21-generic root=UUID=2ebbae04-b641-44e9-935f-8964159d79cb ro   quiet splash maxcpus=n

This will not be persistent across subsequent boots.

b) To make it permanent, modify/edit /etc/default/grub and add "maxcpus=n" in the following line: 

   GRUB_CMDLINE_LINUX_DEFAULT="quiet splash maxcpus=n"

Method 2: "Enable/Disable a CPU core on the fly"

On a Linux machine you can get the CPU information from /proc/cpuinfo file. On a dual core machine, you will get the output like this: 

   $ cat /proc/cpuinfo
   processor : 0
   vendor_id : GenuineIntel

To disable a core run the following command on a Ubuntu machine:

   $ sudo sh -c "echo 'n' > /sys/devices/system/cpu/cpu1/online"
Retrieved from "https://www.mediawiki.org/w/index.php?title=User:Clarcyl/Linux&oldid=2297477"