# Install the epel extra packages for enterprise linux yum install epel-release # Disable selinux setenforce commands are: Enforcing , Permissive, 1 (enable) or 0 (disable) # setenforce 0 # setenforce 1 enforcing The Security Policy is always Encoforced permissive This just simulates the enforcing policy by only printing warning mes sages and not really enforcing the SELinux. This is good to first see how SELinu x works and later figure out what policies should be enforced. disabled Completely disable SELinux # cat /etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0 ldd vi /boot/grub/grub.conf kernel /boot/vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb quiet selinux=0 #If you are not interested in disability the whole SELinux, you can also disable SELinux only for a specific service. For example, do disable SELinux for HTTP/A pache service, modify the httpd_disable_trans variable in the /etc/selinux/targe ted/booleans file /etc/selinux/targeted/boolean httpd_disable_trans=1 # setsebool httpd_disable_trans 1 # service httpd restart
# Linux ##crontab /var/spool/cron crontab crontab crontab crontab
-e -l -r -v
Edit your crontab file, or create one if it doesn t already exist. Display your crontab file. Remove your crontab file. Display the last time you edited your crontab file.
for logging 30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log /home/someuser/cronlogs/clean_tmp_dir.log HOME=users-home-directory LOGNAME=users-login-id PATH=/usr/bin:/usr/sbin:. SHELL=/usr/bin/sh
#fsck /dev/sda6 1.umount it first 2.fsck -N /dev/sda3 ( to show what will be done) 3.fsck -y ( to prompt yes to all) 4. tune2fs -l /dev/sda3 ( show the state) clean not clean sudo touch /forcefsck ** ** ** ** **
phase phase phase phase phase
1 2 3 4 5
Check Check Check Check Check
Blocks and Sizes Pathnames Connectivity Reference Counts Cylinder Groups
0 No errors 1 Filesystem errors corrected 2 System should be rebooted 4 Filesystem errors left uncorrected 8 Operational error 16 Usage or syntax error 32 Fsck canceled by user request 128 Shared-library error # LVM pvdisplay vg lv pvscan vg lv pvcreate vgcreate lvcreate lvextend lvreduce
/dev/sdb1 /dev/sdc1 testvg /dev/sdb1 /dev/sdc1 --name mylvm --size 1G testvg -L 1.5G /dev/testvg/mylvm -L 1.5G /dev/testvg/mylvm
lvcreate -L 1GB -s -n tecmint_datas_snap /dev/vg_tecmint_extra/tecmint_datas lvextend -L +1G /dev/vg_tecmint_extra/tecmint_data_snap lvconvert --merge to recover mkfs.ext3 /dev/testvg/mylvm e2fsck -f /dev/testvg/mylvm pvmove /dev/sdb1 /dev/sdf1 vgreduce fileserver /dev/sdb1 vgextend fileserver /dev/sdf1 Do the same with RAID # DD
dd if=/dev/sdb1 of=file.img bs=4096 conv=notrunc,noerror you can mount this img to directory -o ro or rw To restore dd if=hdadisk.img of=/dev/hdb # rsync rsync -zvr /var/opt/installation/inventory/ /root/temp -z is to enable compression -v verbose -r indicates recursive rsync option -a indicates archive mode. -a option does the following, Recursive mode Preserves symbolic links Preserves permissions Preserves timestamp Preserves owner and group To remote server $ rsync -avz /root/temp/
[email protected]:/home/thegeekstuff/temp/ To rsyn from use -e $ rsync -avz -e ssh
[email protected]:/var/lib/rpm /root/temp To check progress $ rsync -avz --progress
[email protected]:/var/lib/rpm/ /root/temp/ port 873 Troubleshooting Dmesg dmesg | grep Memory dmesg | grep eth rpm -qf filename shows pkg rpm -ql pkgname shows file rpm -U upgrade rpm -i install rpm -v verbose -h hash marks display --whatprovides --whatrequires --nodeps --ignore Rebuild rpm db /var/lib/rpm/__db* Remove # cd /var/lib # rm __db* Yum Clean all removes the caches /var/cache/yum/ the rebuild # rpm --rebuilddb
# rpmdb_verify Packages
yum yum yum yum
history list installed repolist info subversion
Server1 createrepo directoryname rsync -avz httpsite to directory Server2 yum to network create .repo /etc/yum.repo.d [tecmint] name=Example repo for Part 11 of the LFCE series on Tecmint.com baseurl=http://192.168.0.17/repos/centos/6/6/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 every day beginning at 2:30 AM:Crontab 30 2 * * * rsync -avz rsync://centos.ar.host-engine.com/6.6/os/x86_64/ /var/www/ html/repos/centos/6/6/ find /path/to/files/ -type f -mtime +7 -exec rm -rf {} \; What it all means: find: the command that will search for the files /path/to/files/: the top level directory to start searching -type f: so we don t remove directories, only files -mtime +7: files older than 7 days. Change to +14' to delete files older than 2 wee ks. -exec: what to do with the files we find rm -rf: remove them recursively, force {}: this represents each file we find \;: the end of the exec # Find -name -iname -type d, f , f! -perm 777 (with/without) # find / -perm /u=r # find / -perm /a=x # find / -type f -perm 0777 -print -exec chmod 644 {} \; # find / -type d -perm 777 -print -exec chmod 755 {} \; find / -amin -60 find / -mmin -60 -size # Enable quota # cat /etc/fstab LABEL=/home /home Timezone /usr/share/zoneinfo date +%Z
ext2
defaults,usrquota,grpquota
1 2
#Iptables # iptables -L OUTPUT -n -v --line-numbers To insert rule between 1 and 2, enter: # iptables -I INPUT 2 -s 202.54.1.2 -j DROP # # # #
iptables iptables iptables iptables
-L -L -L -L
INPUT -n --line-numbers OUTPUT -n --line-numbers OUTPUT -n --line-numbers | less OUTPUT -n --line-numbers | grep 202.54.1.1
# service iptables save /etc/sysconfig/iptables # iptables -D INPUT 4
# Netstat -a all -t tcp -u udp -l listening -p- pid -i interface # Kill 0 SIGNULL (NULL) Null Check access to pid 1 SIGHUP (HUP) Hangup Terminate; can be trapped 2 SIGINT (INT) Interrupt Terminate; can be trapped 3 SIGQUIT (QUIT) Quit Terminate with core dump; can be trapped 9 SIGKILL (KILL) Kill Forced termination; cannot be trapped 15 SIGTERM (TERM) Terminate Terminate; can be trapped 24 SIGSTOP (STOP) Stop Pause the process; cannot be trapped. This is de fault if signal not provided to kill command. 25 SIGTSTP (STP) Terminal Stop/pause the process; can be trapped 26 SIGCONT (CONT) Continue Run a stopped process Ext2 Ext3 Ext 4 EXT3 - Journaling There are three types of journaling available in ext3 file system. Journal Metadata and content are saved in the journal. Ordered Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default. Writeback Only metadata is saved in the journal. Metadata might be journaled eit her before or after the content is written to the disk. FAstfsck EXT4 In ext4, unallocated block groups and sections of the inode table are marked as such. This enables e2fsck to skip them entirely on a check and greatly reduces the tim e it takes to check a file system of the size ext4 is built to support. You can also mount an existing ext3 fs as ext4 fs
In ext4, you also have the option of turning the journaling feature off For multi-block allocation, a group of blocks are processed and written together Since a larger number of blocks are being written at once, it is better so files are not fragmented. The group of blocks will be written in a contiguous section if available The Delayed Allocation is when the data blocks are written at the Writeback Time Interval. There are three advantages to Delayed Allocation: Delayed allocation Larger sets of blocks are processed before being written. This reduces the proce sser utilization by performing the processing all at once, as discussed in Multi -Block Allocation. Reduces fragmentation by allocating a large number of blocks at once which are m ost likely contiguous. Reduces processor time and disk space for files that are short-term temporary fi les wich are used and deleted in RAM/cache before they are written #kernel make menuconfig Install libncurse5 make oldconfig make make modules_install make install mkinitramfs -o /boot/initrd.3.0.img update-grub # RAID type fd type 83 linux mdadm --create --verbose /dev/md0 --level=1 /dev/sda1 /dev/sdb2 mdadm -Cv /dev/md0 -l1 -n2 /dev/sd[ab]1 /etc/mdadm.conf mdadm --detail --scan >> /etc/mdadm.conf mdadm /dev/md0 --fail /dev/sda1 --remove /dev/sda1 mdadm --add /dev/md0 /dev/sdb1 cat /proc/mdstat mdadm --detail /dev/md0 c mdadm --stop /dev/md0 mdadm --remove /dev/md0 .