codeopensrc/cmds.MD

Last active May 14, 2020 21:14

Star (0) You must be signed in to star a gist
Fork (1) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/codeopensrc/cb4b9651fdc6160ecdd522b6c88177dc.js"></script>
Save codeopensrc/cb4b9651fdc6160ecdd522b6c88177dc to your computer and use it in GitHub Desktop.

Download ZIP

List and examples of some of my commonly used commands

Raw

cmds.MD

Common Linux admin commands

User

`adduser` (useradd older, less user friendly)

`deluser $USER` (userdel older, less user friendly)

Delete home directory
- deluser --remove-home $USER http://unix.stackexchange.com/questions/289590/cant-add-user-because-group-already-exists

If group already exists

adduser --ingroup $USER $USER

List all users

cut -d: -f1 /etc/passwd

Logs

/var/log/*

Auth log - SSH/sudo/cron logs

/var/log/auth.log

System files

List of users/groups/shells

/etc/passwd

SSH

SSH config

/etc/ssh/ssh_config
/etc/ssh/sshd_config

Be sure `~/.ssh/authorized_keys` has proper permissions

sudo chmod 700 .ssh && sudo chmod 600 .ssh/authorized_keys
Note: The home directory must not be group writable, .ssh must not be group readable, and auth_keys cannot be group readable or executable at all in order for the public key auth to work.

Keep connection alive

Have ServerAliveInterval 60 in clients /etc/ssh/ssh_config

Put pub ssh key on server

cat ~/.ssh/id_rsa.pub | user@ip "cat >> ~/.ssh/authorized_keys"

Bin admin cmds

`chmod`

Good examples of SGID here: http://www.linuxnix.com/sgid-set-sgid-linuxunix/
Change permissions to RWX for everyone, recursively
- chmod 777 -R folder/file
Change permissions to RWX for owner, RW for group and all
- chmod 755 folder/file
Change permissions to RWX for owner, RWX for group, RW for all, but only the file/folder owner can delete
- Set a sticky bit using 4 digits
- chmod 1775 -R folder/file
- File can still be emptied however, this is mainly to prevent an accidental rm -rf on a directory
- One thing to note as well, you can open the file as appendable only:
  - http://stackoverflow.com/a/869565 You can use 'chattr +a' which means "file can only be opened in append mode for writing", meaning you can't rewrite existing content, but you can add new content to the end. This should prevent truncation.
Set the GID bit on a file/directory so any file/directory accessed/created within it, uses the same group id
- chmod g+s -R folder/file
Set the UID bit on a file/directory so any file/directory accessed/created within it, uses the same user id
- chmod u+s -R folder/file

`chown`

Change ownership to userA:groupA, recursively
- chown userA:groupA -R folder/file

`chsh`

Change shell for user
- chsh userA -s /usr/bin/git-shell

Utility

`rsync`

Rsync and change user/group and permissions to RWX for owner, RW for group and all
- rsync -avuz --chown=user:group --chown=755 srcfile destfile

`zip`

Zip all files and directores in current folder into data.zip
- zip -r data *
Unzip into director mydir
- unzip pics.zip -d /path/to/mydir

`cat`

Prepends addkey , quotes the ssh-key, and passes to ssh. Result is: addkey "ssh-key dawdawd"
- echo "addkey \"$(cat ~/.ssh/id_rsa.pub)\"" | ssh user@ip

Security

`ufw`

Allow all port connections from specific ip
- ufw allow from my.ip.addr.here
Allow connections from specific ip to specific port
- ufw allow to any port PORTNUM from my.ip.addr.here
Allow all ips to specific port/protocol
- ufw allow to any port 80 proto tcp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment