Notes by Peter Galonza(Пётр Галонза)
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Hi, it’s my notes
  2. /
  3. Operations
  4. /
  5. Linux
  6. /
  7. Linux

Linux

Thunderbird check all folders

mail.server.default.check_all_folders_for_new true

Hard disk partitions

/dev/sda1 — boot
/dev/sda2 — root (/)
/dev/sda3 — home
/dev/sda4 — var
/dev/sda5 — tmp
/dev/sda6 — swap

Running some program in background

nohup <program_name> > <program_name>.out 2> <program_name>.err < /dev/null & echo -n "$!" > pid.file &

Restore .bashrc, .bash_profile and .bash_logout

cp /etc/skel/{.bashrc,.bash_profile,.bash_logout} .

Shebang indicate an interpreter for execution under UNIX / Linux operating systems

#!

#!/bin/bash
#!/bin/env bash

Bash profile scripts

  • /etc/profile.d/

Set variables from property

#! /bin/nash

function read_properties {
  grep "${1}" <file_name>.properties|cut -d'=' -f2|tr -d '[:space:]'
}

WORK_DIR="$(dirname "$0")"
cd $WORK_DIR

export <variable_name> = $(read_properties <'parameter_name'>)

Linux printers

Connect Linux to a shared printer on Windows!

  1. If have driver installer use it
  2. Go to the printer Management window and add a new one
  3. Connection Protocol choose smb.
  4. In the path field, enter the ip/name of the PC or press the find button to find a PC and printer.
  5. Select the driver for the printer.
  6. Open the printer configuration file /etc/cups/printers.conf

and edit the parameter DeviceURI

DeviceURI smb://[username]%40[domain]:[password]@[pass to printer]

SWAP

Create SWAP

Swap file

fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

/etc/sysctl.conf

vm.swappiness=10

Tools

FSTAB

Do not allow set-user-identifier or set-group-identifier bits to take effect

nosuid

Do not allow direct execution of any binaries on the mounted filesystem

noexec

Sudoers

Root without asking password

<user_name> ALL=(ALL) NOPASSWD: ALL

OOM Killer

Information from

Get OOM score

cat /proc/<pid>/oom_score

Disable

echo 1 > /proc/sys/vm/panic_on_oom

Disable for proccess

echo -17 > /proc/<pid>/oom_adj

Set priority

echo <+-value> > /proc/<pid>/oom_adj

Reset password

Mount

sudo mount /dev/<device id> /mnt
chroot /mnt /bin/bash
passwd <user name>
sudo umount -l /mnt

CIFS

//"host"/"path" /"path" cifs domain="",username="",password="",file_mode=0760,dir_mode=0760,vers=3.0,gid="" 0 0

Check CIFS if mount

#!/bin/sh
RESULT=$(mount -v | grep -i -e 'type smb' -e 'type cifs')
if [ -n "$RESULT" ]; then
  exit
else
  mount -a
fi

Grub

  1. Choose edit in Grub menu

  2. Add in linux line

    init=/bin/bash

  3. Change ro to rw

  4. Remove single, splash and quiet words

Generate configyration file

grub-mkconfig -o /boot/grub2/grub.cfg

Chroot

mount /dev/<root> /mnt
mount /dev/<boot> /mnt/boot
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
mount --bind /proc /mnt/proc
chroot /mnt /bin/bash

Security

Yandex recomendations

# Turn on execshield
kernel.exec-shield=1
kernel.randomize_va_space=1
# Enable IP spoofing protection
net.ipv4.conf.all.rp_filter=1
# Disable IP source routing
net.ipv4.conf.all.accept_source_route=0
# Ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_messages=1
# Make sure spoofed packets get logged
net.ipv4.conf.all.log_martians = 1

Locale

Set global

localectl set-locale <locale variable>=<locale value>
vim /etc/locale.conf

Set for user

export <locale variable>=<locale value>

Limits

Get name and path byte limits

getconf -a | grep -i name_max
getconf -a | grep -i path_max

PAM limits configuration

/etc/security/limits.conf, /etc/security/

* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535

/etc/systemd/system.conf, /etc/systemd/user.conf, /etc/systemd/<systemd_unit>/override.conf

DefaultLimitNOFILE=

/lib/systemd/system/, /etc/systemd/*, /usr/lib/systemd/system/

LimitNOFILE=

override.conf

mkdir /etc/systemd/system/service_name.service.d/

[Service]
LimitNOFILE=100000

Show limits

import platform

if 'linux' in platform.system().lower():
    import resource  # Linux only

    limit_nofile = resource.getrlimit(resource.RLIMIT_NOFILE)
    limit_nproc = resource.getrlimit(resource.RLIMIT_NPROC)

    print ('Max number of opened files allowed:', limit_nofile)
    print ('Max number of processes allowed', limit_nproc)

File, socket limits

/etc/sysctl.conf

Maximum of objects inotify per user

fs.inotify.max_user_instances=

Maximum of watch files and directories per object inotify

fs.inotify.max_user_watches=

Maximum of events in queued

fs.inotify.max_queued_events=

Maximum of open descriptors

fs.file-max=

Maximum queue size of packet

net.core.netdev_max_backlog =

Maximum number of open sockets waiting to be connected

net.core.somaxconn =

Pipes

Create named pipe

mkfifo <name of pipe>
mknod <name of pipe> p

Write in pipe

echo <> > <pipe path>

Read from pipe

tail -f <pipe path>

Remove named pipe

unlink <pipe path>

Sudoers

/etc/sudoers Write logs

Defaults  log_host, log_year, logfile="/var/log/sudo.log"

Run command with sudo without password

notify ALL=(ALL) NOPASSWD:path_to_command, path_to_command

SysRq

Enable

  • On work

    sysctl kernel.sysrq=1
echo "1" > /proc/sys/kernel/sysrq

  • On boot

    echo "kernel.sysrq = 1" >> /etc/sysctl.d/99-sysctl.conf

  • Before mounting and ini

    Kernel

    sysrq_always_enabled=1

Environment

/etc/environment

export PYTHONPATH=/data/libraries_and_modules/python
gdoc_arrow_left_alt Kernel LVM gdoc_arrow_right_alt