Linux Commands

CTRL + C		stop/kill a bad command
CTRL + Z		pause/suspend a bad bash command (use "ps" and "kill" to kill)
CTRL + U		erase what you were typing (when backspace/esc just prints special characters)
CTRL + D		exit/logout
CTRL + L		clear the terminal
CTRL + ALT + Fn		switch screen (can switch between F1 to F6)
CTRL + R		search bash/command history

poweroff			# shutdown a linux system (needs sudo/root access)
reboot				# reboot a linux system (needs sudo/root access)
 
sudo !!				# repeat previous command as sudo
 
ssh SVR				# connect to a remote server through current server
ssh USR@SVR			# connect to a remote server with USR username
ssh SVR "command"		# connect to a remote server, run a command, then disconnect
 
ssh-keygen			# generate ssh public/private key pair
ssh-copy-id USR@SVR		# push ssh public key to remote server SVR under user USR
cat ~/.ssh/id_rsa.pub | ssh USR@SVR 'cat >> .ssh/authorized_keys'	# same as previous command
 
screen				# start a screen session
screen -r			# reconnect a screen session
				# CTRL + A, then D to disconnect a screen session
 
watch CMD			# repeat CMD command every 2 seconds
watch -d CMD			# repeat CMD command every 2 seconds and highlight the differences
watch -n 10 CMD			# repeat CMD command every 10 seconds
watch "CMD; CMD2"		# repeat CMD and CMD2 every 2 seconds
 
history				# view command history
history -c			# clear entire command history
history -d NUM			# delete command NUM from history (use "history" to get number)
!NUM				# run command NUM from history (use "history" to get number)
^STR^RPL			# in previous command, replace STR with RPL, then run modified command
 
uptime				# view uptime since last reboot
 
date				# view current date
timedatectl			# view expanded time/date
timedatectl list-timezones	# view all available timezones
timedatectl set-timezone TZN	# set timezone to TZN
 
which CMD			# find out the location of CMD command
 
wall TXT			# broadcast a message TXT to all connected users
write USR			# broadcast message to a specific user (type message, then press CTRL+D)
echo TXT | write USR		# alternate way to broadcast message TXT to a specific user USR

cat /etc/issue			# get Linux distro version
cat /etc/*release		# get more detailed info on Linux version
lsb_release -a			# another way to get Linux distro info
uname -r			# get Linux kernel version
rpm -qa kernel			# list all Linux kernels
 
lscpu				# get cpu info (model, speed, etc)
cat /proc/cpuinfo		# get more detailed cpu info
 
free -m				# get memory info
cat /proc/meminfo		# get memory info
dmidecode --type memory		# get expanded memory info (how many slots, what's in each slot, etc)
lshw -class memory		# another way to get expanded memory info
 
lspci				# list all pci devices
lsusb				# list all usb devices
lsblk				# list all block devices (hard drives, cdrom, etc)
blkid				# get the UUID for all block devices
ethtool IFACE			# get hardware info on network interface IFACE (max speed, etc)
 
dmidecode | less		# dump all hardware information (vendor, serial numbers, etc) -- press 'q' to exit
lshw | less			# another way to dump all hardware info

swapoff -a -v			# turn swap file off (verbose)
swapon -a -v			# turn swap file on (verbose)
 
dd if=/dev/zero of=/SWAPFILE count=4096 bs=1MiB		# create a 4GB file called SWAPFILE
chmod 600 /SWAPFILE 					# set proper permissions on file SWAPFILE
mkswap /SWAPFILE					# convert file SWAPFILE to a swap file
swapon /SWAPFILE					# add file SWAPFILE to the swap filesystem

nvidia-smi			# NVIDIA System Management Interface program
nvidia-smi -h			# show help and options
nvidia-smi -L			# list all GPUs
nvidia-smi -q			# GPU info, including serial number
nvidia-smi topo -m		# get GPU topology (multi-gpu systems)
nvidia-smi mig -lgip		# get available MIG modes

ipmitool -H IP -U USR -I lanplus CMD		# run command CMD for system IP with user USR (will ask for password)
ipmitool -H IP -U USR -P PASS -I lanplus CMD	# same as previous, but use password PASS (non-interactive)
 
ipmitool -H IP -U USR -I lanplus lan print	# print BMC configuration
ipmitool -H IP -U USR -I lanplus mc info	# get firmware information for BMC

efibootmgr -v				# view current EFI boot entries
efibootmgr -o 0000,0002			# change boot sequence to 0000, then 0002 (run prev command to make sense of this)
efibootmgr -b 2 -B			# remove boot entry 0002
 
# Disable/Enable the GUI/X11 in CentOS 7
systemctl get-default			# get default runlevel
systemctl list-units --type=target	# get list of valid runlevels
systemctl set-default LVL.target	# change default runlevel to LVL
 
# Install/Enable the GUI in AlmaLinux 8
yum group list				# show environment groups
yum groupinstall "Server with GUI"	# install GUI
systemctl set-default graphical.target	# set GUI as default (not needed if only remote GUI access is required)
reboot					# reboot the system
 
# Install Grub Customizer in Ubuntu -- For Changing Boot Order After Ubuntu is Installed
sudo add-apt-repository ppa:danielrichter2007/grub-customizer
sudo apt-get update
sudo apt-get install grub-customizer
 
grubby --default-kernel				# centos8: get full path of default boot kernel
grubby --default-index				# centos8: get index of default boot kernel
grubby --info=ALL				# centos8: get info on all boot entries
grubby --set-default-index=NUM			# centos8: set index NUM as default boot entry
grubby --set-default=KRN			# centos8: set full path KRN as default boot entry
 
awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg	# ubuntu16: get all grub menu entries

Resources: Modify an EFI boot order using efibootmgr, How to Change GRUB Boot Order in Ubuntu, How to boot into Single User Mode in CentOS, Set Time and Date, Screen How To Guide, Boot Partition is Full, Install GUI on AlmaLinux

yum update			# patch system by applying all updates
yum update PKG			# update the package PKG
yum update --exclude=PKG	# patch system, but exclude PKG (can also do wildcard: PKG*)
yum update --disablerepo=REPO	# patch system, but temporarily disable repository REPO (see 'yum repolist' for valid entries)
 
yum list updates		# show list of updated software (security fix)
yum list installed		# list all installed packages
yum list available		# list all available packages
yum list PKG			# search for package PKG
yum list *PKG*			# search for package with "PKG" in the name
 
yum repolist			# list all installed repositories
 
yum install PKG1 PKG2		# install package PKG1 and PKG2 (PKG2 is optional, or you can add more)
yum install PKG.rpm		# install local package PKG.rpm using YUM
yum remove PKG1 PKG2		# uninstall package PKG1 and PKG2 (PKG2 is optional, or you can add more)
yum whatprovides FILE		# display what package provides the file FILE
yum provides FILE		# same as "yum whatprovides FILE"
 
yum --enablerepo=extras install epel-release	# enables CentOS extra repos (used for installing open-vm-tools)
package-cleanup --oldkernels --count=2		# delete old kernels except for the last 2

apt-get update			# get updated repositories for updating packages
apt-get upgrade			# actually perform the upgrade
 
apt list --installed		# list all installed packages
apt search PKG			# find all available packages with keyword PKG
 
apt-get install PKG		# install the package PKG
apt-get remove PKG		# uninstall the package PKG, keep settings data
apt-get remove purge PKG	# uninstall the package PKG including settings data
apt-mark hold PKG		# keep package PKG from updating when apt-get update/upgrade is run
apt-mark unhold PKG		# un-holds the package; will now be updated with everything else

dnf install centos-release-stream -y		# install stream repository
dnf swap centos-{linux,stream}-repos		# replace centos with centos-stream
dnf install epel-release			# install new epel
dnf config-manager --set-enabled epel		# enable new epel
dnf config-manager --set-enabled powertools	# enable powertools
dnf distro-sync					# sync and perform upgrade

Resources: How To yum Command, apt-get Cheat Sheet, Convert CentOS 8 to Stream

id -u USR			# check if a user exists
id USR				# get extended info about USR
 
who				# see who is logged onto the system
who -u				# same as who, but also gives PID for users
whoami				# see who you are logged in as
 
last				# print login history of all users for the past month
last -wad			# print login history with sorted full user/domain, ip/dns
last USR			# print login history of USR for the past month
lastb				# print bad login history
lastb -wad			# print bad login history with sorted full user/domain, ip/dns
 
cut -d: -f1 /etc/passwd		# List All Users
cut -d: -f1 /etc/group		# List All User Groups
groups				# List Current User Groups
grep 'GRP' /etc/group		# List All Users In Group GRP
getent passwd			# List All User Details
listusers			# List All Users -- Solaris/SunOS Only!

su				# promote yourself to super user
su USR				# switch to user USR (must be root, does not require that user's password)
sudo su				# same as above
sudo su -			# same as above, but keeps environment variables
visudo				# open vi editor to modify sudo/admin access for users
 
# To grant someone sudo access to a particular file/command, open sudoers via visudo and type
#  username ALL=/path/to/command.sh
 
wall -n MSG			# broadcast MSG to all users of the server
wall -n < FILE			# broadcast contents of FILE to all users of the server
echo "TXT" | write USR XXX/N	# send TXT to the terminal of USR (use who to find the XXX/N part, e.g.: pts/1)

Resources: Configuring SUDO Access, Creating a Restricted SSH User for SSH Tunneling Only, How to Use VISUDO, Understanding /etc/passwd File Format, Using LAST

useradd USR				# create new user
useradd -m USR				# create new user, create home directory if none
useradd -d DIR -s SHL -G GRP1,GRP2 USR	# create user USR, set home directory DIR, set login shell SHL, add to groups GRP1, GRP2
 
userdel -r USR				# delete user and remove user folder
passwd USR				# reset the password of a specific user
passwd -l USR				# lock a user acct from use
passwd -u USR				# unlock a user acct
passwd -d root				# delete password of root account
 
groupadd GRP				# create a group named GRP
groupdel GRP				# delete a group named GRP
usermod -a -G GRP USR			# add existing user USR to group GRP
gpasswd -d USR GRP			# remove user USR from group GRP
usermod -c "INFO" USR			# modify the comment INFO for user USR (name, email)
usermod -s SHLL USR			# modify user USR to use shell SHLL (e.g: "usermod -s /bin/bash username")

Resources: How to Add New Linux User Account, Remove User Account in Linux, Usermod Examples

stat -c "%a %n" FILE	# get current file/directory permissions octal number for FILE
 
chmod			# change file/directory permissions
chmod a+r FILE		# add READ permissions for ALL users for FILE
chmod +x FILE		# add EXECUTE permissions for current user for FILE
			# other options: a=all, o=owner, g=group, +x=add execute, -r=remove read, +w=add write
chmod 644 FILE		# default permissions for files
chmod 755 DIR		# default permissions for folders
 
chown			# change file/directory ownership
chown USR DIR		# change DIR ownership to USR, keep original group
chown USR:GRP FILE	# change FILE ownership to USR, change group ownership to GRP
chown -R USR:GRP DIR	# recursively change DIR ownership to USR and GRP, also affects files
 
find DIR -type d -exec chmod 755 {} \;		# set all folders in DIR to 755
find DIR -type f -exec chmod 644 {} \;		# set all files in DIR to 644

getenforce		# get current SELinux mode
setenforce 0		# set SELinux to Permissive mode (still reports, does not survive between reboots)
setenforce 1		# set SELinux to Enforcing mode (default)
 
getsebool BOOLEAN	# get value of SELinux boolean
setsebool -P BOOLEAN	# set value of SELinux boolean permanently
 
restorecon -Rv DIR	# restore SELinux context for DIR (useful for apache/httpd "403 forbidden" errors)
 
/etc/selinux/config	# selinux configuration (permanently set permissive or disable modes)
 
# this is a more aggressive SELinux setter; it looks at logs and sets everything within the log to be permissible
# useful when restorecon does not work, but turning off selinux does
grep httpd /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp

top			# see a list of running processes (like taskmon), also kill processes
top -U USR		# see a list of running processes for USR
			# q		exit application
			# z		toggle color on/off
			# 1		toggle individual cpu on/off
			# m		toggle memory info
			# W		save current display for future sessions
			# o		filter list (example: "PID=XXX" where XXX is a PID)
 
w			# show only the top part of "top"
htop			# more detailed version of top (must be installed)
ps			# see a list of processes on the system (simpler than top)
ps -al			# see a more detailed list of processes
ps -u USR		# see a list of running processes for USR
 
iotop			# monitor disk IO per process (must be installed)
 
jobs			# see a list of running/paused jobs
bg			# continue a recently paused process in the background, shows job id when successful
fg			# bring the last backrounded process to the foreground
 
nice -NN CMD		# run command CMD with priority NN (default priority is 0)
nice --NN CMD		# run command CMD with priority -NN (must be root)
renice NN -p PID	# change priority of process PID to NN
 
kill %###		# kill job with number ###, for when you stopped jobs with CTRL+Z
kill -15 ###		# kill the process with PID ### (use first, less harsh)
kill -9 ###		# kill the process with PID ### (use second, more harsh)
killall -u USR		# kill all processes from a user (good for ending hanging login sessions)
 
disown %###		# disown a process, process keeps running even on disconnect, NO WAY TO UNDO!

service SVC status		# check if a service is running -- older method (CentOS 6)
service --status-all		# check status of all services -- older method (CentOS 6)
chkconfig --list		# check service configuration -- older method (CentOS 6)
 
systemctl enable SVC		# enable a service (start on boot)
systemctl disable SVC		# disable a service
 
systemctl start SVC		# start the service SVC
systemctl stop SVC		# stop the service SVC
systemctl restart SVC		# restart the service SVC
 
systemctl status SVC		# check if a service is running
systemctl status -l SVC		# same as above but gets status without truncation
systemctl is-active SVC		# check if a service is active (enabled & running)
systemctl list-unit-files	# check status of all services

ping						# ping a computer
ibping						# same as ping but for InfiniBand interfaces
 
ifconfig					# show network configuration
ifconfig -a | grep ether | awk '{print $2}'	# print all mac addresses for network interfaces
ip addr show					# netplan: show network configuration
ip addr show dev ETH				# netplan: show specific network configuration for ETH
ip route show					# netplan: get gateway
ip link show dev ETH				# netplan: see ETH network interface info
 
cat /etc/resolv.conf				# get dns
 
netstat -tulpn | grep :###			# find out what process is using port ###
ss -tulpn | grep :###				# same as previous line (ss replaces netstat)
netstat -tulpn | grep LISTEN			# find all ports currently in use
 
iftop						# detailed CLI view of network traffic (must be installed)
 
hostname					# view current hostname
hostname NAME					# set hostname as NAME temporary (goes away on reboot)
hostnamectl set-hostname NAME			# set hostname as NAME permanently

Resources: 'ip' Command Cheat Sheet

# To manually change your network settings using Netplan (Ubuntu 18+)...
ip link						# see all network interfaces and status
nano /etc/netplan/*.yaml			# modify network configuration (* means file could be named anything)
netplan apply					# reload network configuration
 
# To manually change your network settings using the Network Manager GUI (CentOS 7+)...
system-config-network				# configure all network settings in GUI window (need CentOS 7 w/ GUI)
nmtui						# configure network settings in a command line GUI
nmtui edit IFACE				# configure network settings for IFACE in a command line GUI
systemctl restart network			# restart network interface (CentOS 7)
systemctl restart NetworkManager		# restart network interface (CentOS 8)
 
# To manually change your network settings using Network Manager (CentOS 7+)...
nmcli d						# see all network interfaces and status
nmcli c modify ETH ipv4.addresses IP/SUB	# set ETH interface to IP with SUB subnet (i.e: 10.0.0.30/24)
nmcli c modify ETH ipv4.gateway GATEIP		# set ETH interface to GATE gateway
nmcli c modify ETH ipv4.dns "DNSIP1 DNSIP2"	# set ETH interface to DNS address DNSIP1, DNSIP2 optional
nmcli c modify ETH ipv4.method manual		# set ETH interface to manual IP settings
nmcli c modify ETH ipv4.method auto		# set ETH interface to DHCP
nmcli c down ETH; nmcli c up ETH		# reload ETH interface and settings
 
# To manually change your network settings without Network Manager (CentOS 6)...
nano /etc/sysconfig/network-scripts/ifcfg-eth0	# Configure eth0 Interface
nano /etc/sysconfig/network			# Configure Default Gateway
/etc/init.d/network restart			# Restart Network Interface
service network restart				# Restart Network Interface
nano /etc/resolv.conf				# Configure DNS Server
nano /etc/hosts					# Configure Hosts

Resources: CentOS 7 Network Settings, Channel bonding modes, How to create a bond in Ubuntu, Configure Static IP using Netplan, Configure VLAN in CentOS 7

Create the file /etc/profile.d/proxy.sh with the following content:

proxy.sh

MY_PROXY_URL="<_PROXY_SERVER_>:3128"
 
HTTP_PROXY=$MY_PROXY_URL
HTTPS_PROXY=$MY_PROXY_URL
FTP_PROXY=$MY_PROXY_URL
http_proxy=$MY_PROXY_URL
https_proxy=$MY_PROXY_URL
ftp_proxy=$MY_PROXY_URL
 
export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy

DNF does not use the global proxy. Add the following line to the end of /etc/dnf/dnf.conf to enable a proxy for DNF only.

proxy=<_PROXY_SERVER_>:3128

Docker does not use the global proxy. Create the file /etc/systemd/system/docker.service.d/http-proxy.conf with the following content:

http-proxy.conf

[Service]
Environment="HTTP_PROXY=<_PROXY_SERVER_>:3128"
Environment="HTTPS_PROXY=<_PROXY_SERVER_>:3128"

… then run the following commands:

systemctl daemon-reload					# reload service configuration
systemctl restart docker				# restart docker service
systemctl show --property=Environment docker		# verify that environment variables are loaded

Resources: CentOS 8 Proxy Client, Docker Proxy

wget "http://remote.file"		# Download file from the internet to current directory
wget -O FILE "http://remote.file/"	# Download file from the internet, rename file to FILE
wget "http://remote.file/" -P DIR	# Download file from the internet to DIR directory 
scp FILE USR@SVR:			# Upload file FILE to server SVR as user USR
scp -r SRC USR@SVR:DEST			# Upload directory SRC to server SVR in directory DEST as user USR
rsync -avu SRC USR@SVR:DEST		# Same as previous, but only send newer files
 
source <(curl -s http://script.sh)	# Download script from internet, run script directly
bash <(curl -s http://script.sh)	# Same as previous, but works on macOS/FreeBSD
curl -L https://script.sh | bash	# Another method to do the same

iptables -S			# see current iptables configuration
iptables -L			# lists all rules for default tables only
iptables -F			# flush all rules

firewall-cmd --state						# check if firewall is running and active
firewall-cmd --list-all						# show all open ports in each active zone
firewall-cmd --get-active-zones					# show all active zones
firewall-cmd --get-services					# list all services
 
firewall-cmd --zone=ZNE --add-service=SVC --permanent		# open service SVC in zone ZNE permanently
firewall-cmd --zone=ZNE --add-port=XXX/tcp --permanent		# open tcp port XXX in zone ZNE permanently
firewall-cmd --zone=ZNE --remove-port=XXX/tcp --permanent	# close tcp port XXX in zone ZNE permanently
firewall-cmd --zone=drop --add-source=IP --permanent		# block IP from connecting (drops all packets)
firewall-cmd --zone=drop --add-source=IP/SUB --permanent	# block subnet SUB from connecting
 
firewall-cmd --zone=ZNE --list-sources --permanent		# list sources in zone ZNE
firewall-cmd --zone=ZNE --add-source=IP --permanent		# whitelist IP in zone ZNE
firewall-cmd --zone=ZNE --remove-source=IP --permanent		# remove IP from whitelist
 
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d IP/SUB  -j REJECT	# block outgoing connection to IP
firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -d IP/SUB  -j REJECT	# remove IP block rule
firewall-cmd --direct --get-all-rules						# view all direct rules
 
firewall-cmd --reload						# reload firewall
 
/etc/firewalld							# location of firewalld configuration (backup)
/etc/firewalld/direct.xml					# location of firewalld direct rules

ufw enable				# enable firewall
ufw disable				# disable firewall
ufw status verbose			# get status, shows rules if firewall is enabled
ufw status numbered			# get status, show number for each firewall rule
 
ufw allow PRT				# open port PRT for all protocols
ufw allow PRT/tcp			# open port PRT for protocol TCP
ufw allow SVC				# open service SVC (http, https, ssh, ...)
ufw allow PRT:RNG			# open port range from PRT to RNG for all protocols
 
ufw delete NUM				# close port relating to rule NUM (see "ufw status numbered")
ufw delete allow PRT			# close port PRT by removing allow rule for PRT
 
ufw deny from IP			# block ip address IP (or range IP/SUB)
ufw allow from IP to any port PRT	# allow ip address IP to connect to port PRT
 
ufw reload				# reload firewall
 
ufw reset				# reset to factory settings

Resources: IBPING Manual, Network Configuration, Restart Network Service, Detect Physical State of Connector, Open Firewall Port in CentOS 7, Basic Operation of Firewalld, Introduction to FirewallD on CentOS, Ubuntu Firewall, How To Set Up a Firewall with UFW

openssl genrsa -out KEY 2048					# generate private key KEY 
openssl req -new -key KEY -out CSR				# generate CSR (named CSR) 
openssl x509 -req -days 365 -in CSR -signkey KEY -out CRT	# generate self-signed cert CRT
openssl x509 -enddate -noout -in CRT				# get expiration date of certificate CRT
 
/etc/pki/tls/certs/						# location of certificates (CRT)
/etc/pki/tls/private/						# location of private key (KEY) and CSR
/etc/ssl/certs/							# location of certificates (ubuntu)
/etc/ssl/private/						# location of private key (ubuntu)

Resources: Setup SSL with CentOS

pwd			# print the current working directory
cd ..			# go up a directory
cd -			# go to previous directory
 
mkdir NAME		# create a directory
cp SRC DEST		# copy a file/directory
cp -R SRC DEST		# copy a directory recursively
cp -p SRC DEST		# copy a file/directory, preserving its permissions, owner, etc
mv SRC DEST		# move/rename a file/directory
rm SRC			# delete a file/directory/symlink
rmdir DIR		# delete a directory (will fail if DIR is not empty)
rm -rf SRC		# delete entire directory recursively with no prompts (*DANGEROUS*)
ln -s SRC LINK		# make the symbolic link LINK pointing to SRC

ls -lh /DIR/				# list DIR info in human readable form
ls -d PREFIX*				# list all directories with PREFIX 
df -lh					# check amount of filesystem in use in human readable form
df -aTh					# similar to above
du -sh /DIR/				# check total size of directory, summarizes to just 1 line
du -hsx /DIR/ | sort -rh | head -10	# get largest folders, sort by largest, show the top 10
for i in G M K; do du -hsx /DIR/ | grep [0-9]$i | sort -nr -k 1; done | head -n 11
					# same as above (for when the prev command doesn't quite work)

find				# find all files in current directory and subdirectories
find DIR -name "FILE"		# find all files matching FILE in DIR directory
find / -name "FILE" -ls		# find all files on ROOT matching FILE and show details
find . -type f -mtime +30	# find all files in current directory older than 30 days
 
locate FILE			# find all files matching FILE; faster than find as it's database driven
locate -r /FILE$		# find all files matching exact string FILE
 
whereis BIN			# find the path for the binary BIN (like program files)

Resources: Find a Directory On Linux Based System

fdisk -l 			# list all connected partitions
fdisk -l | grep '^Disk'		# simpler view of previous command
df -h				# list partitions, mount points, and Avail/Used/Free space
df -aTh				# a more detailed version of the previous command
df -h -x overlay		# list partitions, but don't show overlay filesystems (i.e: docker, etc)
nano /etc/fstab			# Edit file table
 
umount DIR			# Unmount DIR
mount -a 			# Remount all mount points listed in file table
mount SRC MNT			# Mount SRC at MNT: e.g: "mount /dev/sdc1 /student"
mount -t FS -o loop SRC MNT	# Mount disk image: e.g: "mount -t vfat -o loop floppy.img /mnt/floppy/"
mount -t iso9660 -o loop SR MT	# Mount CD/DVD image SR at mount point MT
mount -o ro SRC MNT		# mount SRC at MNT as read-only
mount -t nfs SRC MNT		# mount NFS mount SRC at MNT: e.g: "mount -t nfs csc-san3:/mnt/SAN3/BACKUP2 /storage/san3"
 
cat /dev/sdb >/dev/sdc		# copy entire contents of drive SDB to drive SDC (like dd but fast & efficient)
 
fdisk /dev/sdXX			# partition disk sdXX, n=create partition, w=write partition, q=quit w/o change
mkfs.ext4 /dev/sdXX1		# format partition sdXX1 as EXT4 file system
 
mke2fs -n /dev/sdXX		# see all superblocks needed to repair filesystem on SDXX (eg: sda2, sdd1, etc)
e2fsck -b 000 /dev/sda2		# repair a file system using the superblock 000
 
vgdisplay			# view all volume groups
lvdisplay			# view all logical volumes (lvm)
 
cfdisk				# visual partition manager (useful for lvm in ubuntu 16)
 
lvresize -l +100%FREE /dev/VGLG	# resize logical volume to remaining physical free space (useful for ubuntu 18)
resize2fs /dev/VGLG		# resize underlying file system to new logical drive size (useful for ubuntu 18)
 
fallocate -l SIZ FIL		# create file FIL of blank size SIZ (e.g: 10G, 2G, 100M...), faster than dd

Resources: How to Format a Disk in Linux, Mount and Unmount Examples, How To Setup NFS, Extend Logical Volume in RHEL VM, Expand a Hard Disk with Ubuntu LVM

tar -C DEST -zxvf SRC	# decompress SRC file to DEST directory, filename e.g: grid-db.tar.gz
tar -czvf DEST SRC	# compress SRC file/dir to DEST file
unzip FILE		# decompress FILE to current directory
unzip FILE -d DIR	# decompress FILE to directory DIR
zip FILE *		# compress everything in current directory to FILE
zip -r FILE *		# compress everything in current directory INCLUDING subdirectories to FILE
zip -ur FILE FILE2	# add FILE2 to the existing archive FILE
zip FILE -@ < LIST	# add each file listed in LIST (1 filename per line) to the archive FILE
jar -vxf FILE.war	# unzip FILE.war to current directory

mdadm --examine /dev/sdXX /dev/sdYY	# check for existing RAID blocks on drives/partitions
 
mdadm --create /dev/mdZZ --level=Y --raid-devices=N /dev/sdXX /dev/sdYY
					# creates a raid device mdZZ, with raid level Y, using N devices, etc
					#   mdZZ: md0, md1...
					#   Y: RAID Level (0, 1, 5, 6, 10)
					#   N: Number of drives in array
 
cat /proc/mdstat					# get instantaneous status raid build
mdadm --detail /dev/md0					# get status of raid array
mdadm --detail --scan --verbose >> /etc/mdadm.conf	# generate linux raid config

Resources: Creating RAID 5 in Linux, Configure RAID on Ubuntu 20 Installation

yum install iscsi-initiator-utils		# install iscsi initiator, if not installed
 
systemctl start iscsi				# start iscsi
systemctl stop iscsi				# stop iscsi
systemctl restart iscsi				# restart iscsi
systemctl status iscsi				# get status of iscsi
 
/etc/iscsi/iscsid.conf				# iscsi configuration (set CHAP user/pass)
 
iscsiadm -m discovery -t st -p IPADDR		# discover iscsi targets on target IPADDR
iscsiadm -m node --login			# login to discovered iscsi targets
iscsiadm -m session -o show			# show currently connected iscsi targets
cat /proc/partitions				# confirm available partitions
 
iscsiadm -m node -T TRGT -u -p IPADDR:3260	# log out of iscsi target TRGT located on IPADDR
iscsiadm -m node -T TRGT -p IPADDR -o delete	# delete discovered target TRGT located on IPADDR from memory
iscsiadm -m node				# show all discovered targets

Resources: Configure iSCSI on CentOS, Configure iSCSI Initiator

lsof			# list all open files
lsof FILE		# list all processes that opened FILE
lsof /MNTPT		# list all open files on MNTPT mountpoint
lsof | grep ETC		# list all open processes related to ETC
 
rsync			# see http://www.techonthenet.com/linux/commands/rsync.php
rsync -avzP SRC DEST	# copy SRC to DEST, archival mode, preserve permissions, owner, timestamps, etc.
			# use when you want to do a dd/cat but operating with files instead of blocks/bytes
 
/etc/skel/		# Anything that goes in here gets copied to a new users directory

Resources: LSOF Command Examples, How to Use RSYNC, RSYNC Backup Help, More RSYNC Backup Help

vi FILE			# open a file to read
vim FILE		# open a file to read in VIM (similar to VI, but advanced with colored text)
  			# ESC [then] :q! [then] ENTER		exit without saving changes
  			# ESC [then] :w [then] ENTER		save changes, leave vi running
  			# ESC [then] :noh [then] ENTER		clear search highlighting
			# ESC [then] :s/STR [then] ENTER	search for STR in document
			# ESC [then] :## [then] ENTER		skip to line ## in document
 
nano FILE		# open a file to read
 
tail TXT		# view the last 10 lines of file TXT
tail -f TXT		# view the last 10 lines of file TXT and keep showing any new lines (ctrl+c to exit)
tail -20 TXT		# view last 20 lines of file TXT
tail -20 -f TXT		# view last 20 lines of file TXT, keep showing any new lines (ctrl+c to exit)
 
cat TXT			# print entire file TXT to screen
cat -n TXT		# print entire file and show line numbers
cat TXT | grep STR	# print only the lines containing string STR in entire file TXT
grep STR FILE		# functionally the same as the previous command
cat TXT | more		# print file TXT to screen, make it scrollable
			# ENTER		scroll by line
			# SPACE		scroll by page
			# CTRL+C	exit
cat TXT | less		# print file TXT to screen, scroll forward and backward
			# ARROW-DOWN	scroll by line down
			# ARROW-UP	scroll by line up
			# SPACE		scroll down by page
			# q		exit
cat TXT | cut -c1-80	# print file to screen, only show from char 25-50 (neat way to disable word wrap)
 
sed "s/STR/RPL/" FILE	# substitute STR with RPL in FILE, do not modify file
sed -i "s/STR/RPL/" FIL	# substitute STR with RPL in FIL, save changes to file
sed -i "/STR/d" FILE	# delete lines containing STR from FILE, save changes to file
 
diff FILE1 FILE2	# compare two files, FILE1 (<) and FILE2 (>)
diff -c FILE1 FILE2	# same as above, but show more context around differences

Resources: Basic vi Commands

yum install httpd mod_ssl			# install apache with ssl support (centos)
apt install apache2				# install apache (ubuntu)
 
a2enmod ssl					# (ubuntu) enable ssl mod (required for ssl)
a2enmod headers					# (ubuntu) enable header mod (required for security hardening)
 
systemctl start httpd.service			# start apache
systemctl stop httpd.service			# stop apache
systemctl restart httpd.service			# restart apache
systemctl status httpd.service			# get status of service
 
systemctl start apache2.service			# (ubuntu) start apache
systemctl stop apache2.service			# (ubuntu) stop apache
systemctl restart apache2.service		# (ubuntu) restart apache
systemctl status apache2.service		# (ubuntu) get status of service
 
/etc/httpd/conf/httpd.conf			# main configuration
/etc/httpd/conf.d/ssl.conf			# ssl configuration (optional, has location of cert/key)
/etc/httpd/conf.d/userdir.conf			# user folder configuration (optional)
/etc/httpd/conf.d/vhosts.conf			# virtual hosts configuration (optional)
/etc/httpd/conf.modules.d/90-alias.conf		# aliases configuration (optional)
 
/etc/apache2/apache2.conf			# (ubuntu) main configuration
/etc/apache2/sites-enabled/000-default.conf	# (ubuntu) default virtual host (also put ssl & force ssl here)
 
/var/log/httpd/*				# all log files, including php logs
 
apachectl configtest				# check apache configuration for errors
 
chcon -R --type=httpd_sys_rw_content_t DIR	# enable DIR to host web pages with SELinux enabled (useful for userdir)

Modify configuration file /etc/httpd/conf/httpd.conf (CentOS) or /etc/apache2/apache2.conf (Ubuntu)…

# Modify line ~144 to disable indexes and symlinks
Options -Indexes -FollowSymLinks

# --- Place At End Of File ---
# Web Server Security Hardening
ServerSignature Off
ServerTokens Prod
TraceEnable off
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies "none"
Header always append X-Frame-Options SAMEORIGIN
Header set Referrer-Policy "no-referrer"
Header set Content-Security-Policy "default-src 'unsafe-inline' *.<_COMPANY_TLD_>; script-src 'unsafe-inline' 'unsafe-eval' *.<_COMPANY_TLD_>; font-src 'self' data:; img-src 'self' data:;"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

# Custom Error Pages
ErrorDocument 404 /404.html
ErrorDocument 403 /403.html

# Force SSL
<VirtualHost *:80>
  ServerName __SERVER_HOSTNAME_HERE__
  RedirectMatch permanent ^/(.*)$ https://__SERVER_HOSTNAME_HERE__/$1
</VirtualHost>

# Force SSL (Alternative Method)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]

For CentOS, modify configuration file /etc/httpd/conf.d/ssl.conf…

# Modify relevant parts to the following (line ~54)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
SSLCertificateFile /path/to/ssl/certificate
SSLCertificateKeyFile /path/to/ssl/key

For Ubuntu, modify configuration file /etc/apache2/sites-enabled/000-default.conf…

# --- Place At End Of File ---
<VirtualHost *:443>
	ServerName __SERVER_HOSTNAME_HERE__
	DocumentRoot /var/www/html

	SSLEngine on
	SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
	SSLHonorCipherOrder on
	SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	SSLCertificateFile /path/to/ssl/certificate
	SSLCertificateKeyFile /path/to/ssl/key
</VirtualHost>

Resources: Install a LAMP Stack using CentOS 7, Install a LAMP Stack using Ubuntu 20, Configure SSL in Apache on Ubuntu 20, Enable Per-User Directories, Content Security Policy, How to Implement Security HTTP Headers

apt install php libapache2-mod-php php-mysql				# install php

dnf install php php-cli php-gd php-curl php-mysqlnd php-ldap php-zip	# install php
 
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm	# add remi repo (for php >v7.2)
dnf install dnf-utils							# install dnf utilities
dnf module reset php							# reset php repo
dnf module install php:remi-7.4						# enable remi repo for php 7 (v7.4)
dnf module install php:remi-8.1						# enable remi repo for php 8 (v8.1)
dnf install php php-cli php-gd php-curl php-mysqlnd php-ldap php-zip	# install php 7.4
 
/etc/httpd/conf/httpd.conf						# Modify line ~167 to add index.php

yum --enablerepo=extras install epel-release				# enable rhel epel
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm	# add remi repo
yum-config-manager --enable remi-php74					# enable remi repo (php71, php72, php73, php74)
yum install php php-cli php-gd php-curl php-mysql php-ldap php-zip	# install php
 
/etc/httpd/conf/httpd.conf						# Modify line ~167 to add index.php

Modify configuration file /etc/php.ini (CentOS) or /etc/php/7.4/apache2/php.ini (Ubuntu)…

# Modify line ~375 and change expose_php from ON to OFF
expose_php = Off

systemctl start postfix.service			# start postfix
systemctl stop postfix.service			# stop postfix
systemctl restart postfix.service		# restart postfix
systemctl status postfix.service		# get status of postfix service
 
/etc/aliases					# email aliases file
/etc/postfix/main.cf				# postfix configuration file
/etc/postfix/master.cf				# postfix master configuration (enable amavisd/clamav here)
/etc/postfix/header_checks			# block unapproved mail attachments
/etc/postfix/client_checks			# block/allow senders by IP (smtpd_client_restrictions)
/etc/postfix/sender_checks			# block/allow senders by email (smtpd_sender_restrictions)
/etc/postfix/rbl_override			# whitelist servers from rbl checks (smtpd_relay_restrictions)
 
newaliases					# rehash aliases file (required for postfix)
postmap /etc/postfix/client_checks		# rehash client checks file (required)
postmap /etc/postfix/sender_checks		# rehash sender checks file (required)
postmap /etc/postfix/rbl_override		# rehash rbl override file (required)
 
/var/log/maillog				# postfix log file (contains postgrey log as well)
 
mail EMAIL < FILE				# send email to EMAIL, the body will be FILE
 
mailq						# view the mail queue
postfix flush					# flush themail queue
postsuper -d NUM				# delete message id NUM from the mail queue
postsuper -d ALL				# remove all mail from the queue
postsuper -d ALL deferred			# remove all deferred mail from the queue

Modify configuration file /etc/postfix/main.cf…

relayhost = [<_COMPANY_EMAIL_SERVER_>]		# route all mail through mail server (e.g: 'mailhost.example.org')
smtpd_client_restrictions = sleep 5		# rate limit outgoing mail

yum install mariadb-server mariadb 		# install mysql
 
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup	# download mariadb repo (for mysql >v10.3)
bash mariadb_repo_setup --mariadb-server-version=10.6			# set for v10.6
dnf install boost-program-options					# install utilities
dnf module reset mariadb						# reset mariadb repo
dnf install mariadb-server mariadb-client mariadb-backup		# install mysql v10.6
 
systemctl start mariadb.service			# start mariadb service
systemctl stop mariadb.service			# stop mariadb service
systemctl restart mariadb.service		# restart mariadb service
systemctl status mariadb.service		# get status of mariadb service
 
/usr/bin/mysql_secure_installation		# first run security hardening
/usr/bin/mariadb-secure-installation		# same as above, for v10.6
 
mysql --version					# test if mysql is installed and see what version is running
mysql -u root -pPASS				# log into mysql as administrator/root
mysqlcheck -c DATABASE -u root -pPASS		# check DATABASE for errors, PASS is for administrator/root
mysqldump DATABASE > FILE			# backup DATABASE to file FILE
mysql DATABASE < FILE				# restore DATABASE from file FILE
mysqladmin -u root -pPASS password NEWPASS	# change root password from PASS to NEWPASS

source SRC.sql							-- run a set of sql commands stored in a file
 
SHOW DATABASES;							-- show all databases
CREATE DATABASE DB;						-- create a database
DROP DATABASE DB;						-- delete a database
USE DB;								-- select a database to view/edit
SHOW TABLES;							-- show all tables in a database
 
SET PASSWORD FOR 'user'@'localhost' = PASSWORD('mypass');	-- set USER password as MYPASS
 
GRANT ALL ON DB.* to 'user'@'localhost' identified by 'pass';	-- grant USER access to DB with password PASS
 
SELECT host, user, password FROM mysql.user;			-- list all users

Resources: Migrate MySQL User Privileges

systemctl start tomcat.service			# start tomcat service
systemctl stop tomcat.service			# stop tomcat service
systemctl restart tomcat.service		# restart tomcat service
systemctl status tomcat.service			# get status of tomcat service
 
/opt/tomcat/conf/tomcat-users.xml		# users config file (web mgmt console user/pass goes here)
/opt/tomcat/conf/server.xml			# server config file (per user folder listener goes here)
/opt/tomcat/logs/				# log files

systemctl start sshd.service			# start ssh
systemctl stop sshd.service			# stop ssh
systemctl restart sshd.service			# restart ssh
systemctl status sshd.service			# get status of ssh service
 
/etc/ssh/sshd_config				# main configuration
/etc/hosts.deny					# block specific IP/IP ranges from SSH (tcp wrappers)
/etc/hosts.allow				# allow specific IP/IP ranges for SSH (tcp wrappers)
 
/var/log/secure					# log file location (CentOS/RHEL)
/var/log/auth.log				# log file location (Ubuntu/Debian)
 
dnf install rsyslog				# Required to enable log location on RHEL 8+

Modify configuration file /etc/ssh/sshd_config…

# Disable weak and deprecated ciphers
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,gss-gex-sha1-,gss-group14-sha1-
MACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512

For company-only access, run the following commands…

# FirewallD (CentOS/RHEL)
firewall-cmd --permanent --zone=internal --add-source=<_COMPANY_IP_RANGE_>
firewall-cmd --permanent --zone=internal --add-source=10.0.0.0/8
firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --reload; firewall-cmd --list-all
 
# UncomplicatedFirewall (Ubuntu)
ufw allow from <_COMPANY_IP_RANGE_> to any port 22
ufw allow from 10.0.0.0/8 to any port 22
ufw reload; ufw status

For non-company IP access, remove firewall commands and instead install Fail2Ban.

# Remove Restrictions (FirewallD)
firewall-cmd --permanent --zone=internal --remove-source=<_COMPANY_IP_RANGE_>
firewall-cmd --permanent --zone=internal --remove-source=10.0.0.0/8
firewall-cmd --permanent --zone=public --add-service=ssh
firewall-cmd --reload; firewall-cmd --list-all
 
# Remove Restrictions (UFW)
ufw delete allow from <_COMPANY_IP_RANGE_> to any port 22
ufw delete allow from 10.0.0.0/8 to any port 22
ufw reload; ufw status

Replace LOG with the appropriate log file for the Linux architecture

# Total number of log entries for SSHD
cat LOG | grep sshd | wc -l
 
# Number of successful logins
cat LOG | grep sshd | grep 'session opened' | wc -l
 
# List IPs of successful logins
cat LOG | grep -oE '.*Accepted password.*' | awk '{ print $11 }' | sort | uniq
 
# Total number of port scan attempts (bad)
cat LOG | grep -oE 'Received disconnect.*' | wc -l
 
# Total number of IPs that did port scans (bad)
cat LOG | grep -oE 'Received disconnect.*' | awk '{ print $4 }' | sort | uniq | wc -l
 
# List IPs of port scanners, with number of attacks per IP
cat LOG | grep -oE 'Received disconnect.*' | awk '{ print $4 }' | sort | uniq -c | sort -n
 
# Total number of bad login attempts
cat LOG | grep 'Invalid user' | wc -l
 
# List usernames of bad login attempts, with number of attempts per username
cat LOG | grep -oE 'Invalid user.*' | awk '{ print $3 }' | sort | uniq -c | sort -n

Resources: Parsing SSH Logs, Limit SSH by IP Address, Limit SSH without TCP Wrappers

yum install fail2ban				# install fail2ban
 
systemctl start fail2ban			# start fail2ban service
systemctl stop fail2ban				# stop fail2ban service
systemctl restart fail2ban			# restart fail2ban service
systemctl status fail2ban			# get status of fail2ban service
 
fail2ban-client status				# list active jails
fail2ban-client status sshd			# view banned ips in sshd jail
fail2ban-client set sshd banip IPADDR		# manually ban ip address IPADDR
fail2ban-client set sshd unbanip IPADDR		# manually unban ip address IPADDR
fail2ban-client unban --all			# unban all ips in all jails
fail2ban-client -h				# show list of commands
 
/etc/fail2ban/jail.conf				# default config
/etc/fail2ban/jail.local			# custom config (overrides jail.conf, set ignored ips)
/etc/fail2ban/jail.d/sshd.local			# sshd config (required to protect ssh)
/etc/fail2ban/filter.d/f2b-loop.conf		# nested jail processor
 
/var/log/fail2ban.log				# log of fail2ban activity (bans/unbans)

Resources: Install Fail2Ban on CentOS, Increased Ban Times for Repeat Offenders

crontab -e			# edit current user crontab
 
/etc/crontab			# location of system crontab
/var/spool/cron/crontabs/	# location of user crontabs
 
# Special Strings
@reboot /path/to/script		# Run once, at startup.
@yearly /path/to/script		# Run once a year........ "0 0 1 1 *"
@annually /path/to/script	# (same as @yearly)
@monthly /path/to/script	# Run once a month....... "0 0 1 * *"
@weekly /path/to/script		# Run once a week........ "0 0 * * 0"
@daily /path/to/script		# Run once a day......... "0 0 * * *"
@midnight /path/to/script	# (same as @daily)
@hourly /path/to/script		# Run once an hour....... "0 * * * *"

Resources Using crontab on Linux

systemctl start cylancesvc		# start cylance service
systemctl stop cylancesvc		# stop cylance service
systemctl restart cylancesvc		# restart cylance service
systemctl status cylancesvc		# get status of cylance service
 
/opt/cylance/config_defaults.txt	# installation defaults (required)

# First, create the installation defaults file: /opt/cylance/config_defaults.txt
InstallToken=<_REDACTED_>
SelfProtectionLevel=2
LogLevel=2
VenueZone=<_REDACTED_>
UiMode=2
 
# Install Dependencies on Ubuntu
apt update
apt install libxml2-utils make gcc bzip2 linux-headers-generic
 
# Install Application on Ubuntu
dpkg -i cylance-protect.1604.x86_64.deb 
 
# Install Dependencies + Application on CentOS 7
yum install zlib CylancePROTECT.el7.rpm
 
# Register Installation w/ Cylance Console
/opt/cylance/desktop/cylance -r <_REDACTED_>

# Install Required Dependencies (RHEL/CentOS)
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python
 
# Install Required Dependencies (Debian/Ubuntu)
apt -y install realmd oddjob oddjob-mkhomedir adcli samba-common-bin libnss-sss libpam-sss sssd sssd-tools packagekit
 
# Join to Domain
realm join --user=<_ADMIN_USER_>@<_USER_AD_DOMAIN_> <_AD_DOMAIN_SERVER_>
realm list					# confirm proper join
 
# Fix /etc/sssd/sssd.conf by uploading the correct copy
/etc/sssd/sssd.conf				# upload correct copy
systemctl restart sssd				# restart sssd service
 
# Test access (should show AD groups)
id <_AD_USER_>
 
# Ubuntu Systems Only
pam-auth-update					# make sure 'create home directory on login' is checked
dpkg-reconfigure gdm3				# fix login loop issue for GUI

Resources: Join CentOS 7 to AD, Join Ubuntu 20 to AD, Ubuntu Login Loop Fix

# Leave the Domain
realm leave <_AD_DOMAIN_> -U '<_USER_AD_DOMAIN_PREFIX_>\<_ADMIN_USER_>'

Resources: Removing a System from a Domain

Modify /etc/sssd/sssd.conf with the following…

[domain/<_AD_DOMAIN_>]
   access_provider = simple			# required
   simple_allow_groups = group1, group2		# group(s) to allow
   simple_deny_groups = group3			# group(s) to deny

[domain/<_USER_AD_DOMAIN_>]
   access_provider = simple			# required
   simple_allow_users = user1, user2		# user(s) to allow [DOES NOT WORK, 1/25/23]
   simple_deny_users = user3			# user(s) to deny [DOES NOT WORK, 1/25/23]

Note: Because user specific allow/deny isn't working, it's best to use AD groups to allow/deny in the interim.

systemctl start qualys-cloud-agent	# start qualys service
systemctl stop qualys-cloud-agent	# stop qualys service
systemctl restart qualys-cloud-agent	# restart qualys service
systemctl status qualys-cloud-agent	# get status of qualys service

# Install Application on Ubuntu
apt update
sudo dpkg --install QualysCloudAgent.deb
sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=<_REDACTED_> CustomerId=<_REDACTED_>
 
# Install Application on CentOS 7
sudo rpm -ivh QualysCloudAgent.rpm
sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=<_REDACTED_> CustomerId=<_REDACTED_>

This does not seem to work very well on RHEL/CentOS 7 systems. Please use cgroups instead.

/etc/security/limits.conf				# adjust soft/hard limits for system resources

Resources: limits.conf Manual, How to set ulimit values

# Install XRDP on CentOS 8 (Rocky/AlmaLinux/RHEL)
dnf groupinstall "Server with GUI"			# install system GUI
dnf install epel-release				# install pre-requisites
dnf install xrdp					# install xrdp
systemctl enable xrdp					# enable xrdp service
systemctl start xrdp					# start xrdp service
firewall-cmd --add-port=3389/tcp --permanent		# open firewall port for RDP (3389)
firewall-cmd –reload					# reload firewall
 
# Install XRDP on Ubuntu 20/22
apt update						# update package manager
apt install ubuntu-desktop				# install system GUI
apt install xrdp					# install xrdp
systemctl status xrdp					# check if xrdp service is running
adduser xrdp ssl-cert					# add xrdp user to ssl-cert group
ufw allow 3389; ufw reload; ufw status			# open firewall port for RDP (3389), reload

Resources: CentOS 8 Remote GUI with RDP, Install XRDP on Ubuntu

/dev/sdbX   /DIR   ext4   defaults,usrquota,grpquota 0 0	# edit /etc/fstab, add 'usrquota' & 'grpquota' to mount, reboot
 
quotacheck -um /DIR					# create user quota config
quotacheck -gm /DIR					# create group quota config
quotaon -uv /DIR					# enable user quota
quotaon -gv /DIR					# enable group quota
quotaon -ap						# show on/off status
edquota -u USR						# edit quota for user USR
edquota -g GRP						# edit quota for group GRP
repquota -asu						# show user quota report/status
repquota -asg						# show group quota report/status

Resources: Set Disk Quota, EXT4, Set Disk Quota, XFS

yum install -y yum-utils								# install utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo	# install repo
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin			# install docker

Resources: Install Docker on CentOS

systemctl start docker				# start docker service
systemctl stop docker				# stop docker service
systemctl restart docker			# restart docker service
systemctl status docker				# get status of docker service
 
docker run hello-world				# test if docker is working
 
docker compose up				# run all dockers listed in ./docker-compose.yml
docker compose up -d				# same as previous but runs in the background
docker compose down				# stop all dockers listed in ./docker-compose.yml
docker ps -a					# see status of all containers, get container id
docker stats					# show performance statistics of all containers
docker stop MYAPP 				# kill container MYAPP gracefully (can use id or name)
 
docker compose pull				# pull updated containers (will recreate containers on next 'compose up')

# Install cgroups
yum install libcgroup libcgroup-tools
 
# Enable Services
chkconfig cgconfig on
chkconfig cgred on
 
# Control Services
systemctl status cgconfig				# service that does the actual controlling
systemctl status cgred					# service that decides how to apply controls
systemd-cgtop						# see which cgroups are running and their resources
 
# Configure
/etc/cgconfig.conf					# Default configuration - do not edit
/etc/cgconfig.d/cpu_cap.conf				# Custom configuration (can be named anything)
/etc/cgrules.conf					# Apply specific cgconfig rules to specific users/processes

Resources: Hand rolling your own cgroup

[working dir] -> git add -> [staging area] -> git commit -> [repository]
   |                           |                               |         
   |                           |                            git log      
   |                           |            (shows files tracked in repo)
   |                           |                                         
   |                       git status                
   |                     (shows what's in staging)
  git diff
 (shows changes between working & staging)  

get --version		# show current installed version of git
 
git init		# create repo in current directory
git add FILE		# add FILE to repo
git commit -m "MSG"	# commit repo, add MSG as description
 
git diff		# show differences since last commit
git log			# see change log
git status		# see status of files (between add and commit )
 
git branch		# see branches
git branch BRCH		# create branch named BRCH 
git checkout BRCH	# switch to branch BRCH
 
git config --global user.name <name>	# set author name to NAME
git config --global user.email <email>	# set author email to EMAIL