User:Clarcyl/Linux
DNS
editDNS1= DNS2= DOMAIN=
ACL
editAjouter
editsetfacl -Rm u:bernard:rw RepertoireDeTest/
Supprimer
editsetfacl -b RepertoireDeTest/ setfacl -x u:patrick,g:bernard test
Afficher
editgetfacl reperoireDeTest/
Reboot without
edittouch /fastboot
shutdown -rf now
sudo
edit- Editer
sudoedit /etc/sudoers
- Sans password
identifiant ALL = NOPASSWD: commande,autrecommande
- Avec password
identifiant ALL = (user) commande,autrecommande
Information
editVersion 32B ou 64B
uname -a
Firewall
editCentos 6
edit- Logger les drop sur un iptables
iptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j ACCEPT iptables -N LOGGING iptables -A INPUT -j LOGGING iptables -A OUTPUT -j LOGGING iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 iptables -A LOGGING -j DROP
puis
tail -f /var/log/messages
CentOS 7
editTo allow the 443/tcp port temporary in the internal zone, type:
# firewall-cmd --permanent --zone=internal --add-service=http # firewall-cmd --reload
# firewall-cmd --permanent --zone=public --add-port=53/tcp # firewall-cmd --reload
# firewall-cmd [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>
Note: type –remove-port=443/tcp to deny the port.
Add NFS rule in direct.xml
# Allow TCP and UDP port 2049 for NFS. # Allow TCP and UDP port 111 (rpcbind/sunrpc). # Allow the TCP and UDP port specified with MOUNTD_PORT="port" # Allow the TCP and UDP port specified with STATD_PORT="port" # Allow the TCP port specified with LOCKD_TCPPORT="port" # Allow the UDP port specified with LOCKD_UDPPORT="port"
Exemple :
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 111 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 111 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 2049 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 2049 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32803 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32803 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32769 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32769 -j ACCEPT</rule>
List service/ports
# firewall-cmd --list-services # firewall-cmd --list-ports
List ports
# firewall-cmd --list-services
Afficher la zone par defaut
# firewall-cmd --set-default-zone=<zone> # firewall-cmd --get-default-zone public
OutGoing Traffix
editExample : To DROP all applications ports
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=0:1024 -j DROP
Example : To enable only outgoing port 80:
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=80 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
This will add it to permanent rules, not the runtime rules. You will need to reload permanent rules so they become runtime rules.
firewall-cmd --reload
to display permanent rules
firewall-cmd --permanent --direct --get-all-rules
to display runtime rules
firewall-cmd --direct --get-all-rules
Désactiver interface graphique
editéditer /etc/inittab
id:3:initdefault:
SAN
editPrint all MultiPathing
editmultipath -ll
Scan new Lun
edit# ls /sys/class/fc_host
# echo "1" > /sys/class/fc_host/host0/issue_lip # echo "- - -" > /sys/class/scsi_host/host0/scan # echo "1" > /sys/class/fc_host/host1/issue_lip # echo "- - -" > /sys/class/scsi_host/host1/scan
Removing a Path to a Storage Device
editecho offline > /sys/block/sda/device/state. echo 1 > /sys/block/device-name/device/delete where device-name may be sde, for example (as described in Procedure 1, “Ensuring a Clean Device Removal”).
Identifier un volume Datacore sur un système linux
editDatacore :
Virtual disks > Selectionner mon vdisk > Settings > advanced >
SCSI device Id : naa.60030d90a4694d03f162e0255d93aa76
Linux :
ll /dev/disk/by-id total 0 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90315f41435231300000000000 -> ../../sdg lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d90315f41435231300000000000-part1 -> ../../sdg1 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90325f41435231305f41726368 -> ../../sdh lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d9049a34f03aca389ea72edad29 -> ../../sdb lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d9049a34f03aca389ea72edad29-part1 -> ../../sde1 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d909f9cde06e480478a99b099f5 -> ../../sdc lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90a4694d03f162e0255d93aa76 -> ../../sda
Ou alors :
dmsetup info /dev/dm-1 Name: 360030d9049a34f03aca389ea72edad29 State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 1 Event number: 1 Major, minor: 253, 1 Number of targets: 1 UUID: mpath-360030d9049a34f03aca389ea72edad29
Fait le lien avec /dev/dm-??
dmsetup ls test-testlv (253, 7) SDataCoreSANmelody_2_ACR10_Archives (253, 4) 360030d909f9cde06e480478a99b099f5 (253, 2) 360030d90a4694d03f162e0255d93aa76 (253, 0) 360030d9049a34f03aca389ea72edad29 (253, 1) SDataCoreSANmelody_1_ACR10 (253, 3) SDataCoreSANmelody_1_ACR10p1 (253, 6) 360030d9049a34f03aca389ea72edad29p1 (253, 5)
Le reste je sais tu sais faire !
Ajouter un disque
editsudo vgcreate vol_grp1 /dev/sda6 /dev/sda7 sudo lvcreate -l 20 -n logical_vol1 vol_grp1 sudo mkfs.ext3 /dev/vol_grp1/logical_vol1
commande Réseau
editEcoute d'un port (2000)
sudo tcpdump -XX -vv -s0 -i eth0 tcp port 2000
Copier un fichier vers un port réseau
# nc -vv 194.177.51.33 2000 < README.txt Connection to 194.177.51.33 2000 port [tcp/sieve-filter] succeeded!
Network
editAprès un changement de carte réseau la modification de la mac adresse dans ifcfg-eth0 ne suffit pas il faut en plus :
cd /etc/udev/rules.d/ cp 70-persistent-net.rules /root/ rm 70-persistent-net.rules reboot
Si le probleme n'est pas résolu: Si dans dmesg le message suivant apparait :
udev: renamed network interface eth0 to eth1
editer le fichier :
/etc/udev/rules.d/70-persistent-net.rules
Normally, you should have a double entry (eth0 and eth1) with different MAC address. This often happen when the OS is virtualized. Just delete the whole entry for eth1 and then rename eth1 to eth0 on the following entry and reboot
Cut
editDécoupe le fichier en X partie avec le caractère : (:) et récupère la première (1)
cut -d : -f 1 ficher.txt
Renice
editrenice -19 PID
Sed
editsed -e "s/avant/apres/g" fichier.txt> test.txt
Classer les répertoires par taille
editdu -k . | sort -n
Gestion de paquets
edit- installalation
rpm -ivh
- paquets installé
rmp -qa | grep -i NomDupaquet
- uninstall
rpm -e
Montage
editmount -t iso9660 /dev/cdrom /mnt/cdrom
umount /home/ umount: /home/: device is busy. fuser -kmiuv /home/ USER PID ACCESS COMMAND /home/: root kernel mount (root)/home boinc 2167 F.c.m (boinc)boinc pcr 3326 ..c.. (pcr)sh Tuer le processus 2167 ? (y/N) N Tuer le processus 3326 ? (y/N)
Groupe
edit- ajouter un utilisateur
usermod -G group user usermod -g primarygroup user
Compression
edit- Compression
tar -cvf fichier.tar MonRepertoire1 tar -czvf fichier.tar.gz MonRepertoire1
- Décompression
tar -xvf fichier.tar tar -xzvf fichier.tar.gz
Problème fstab
editmount -o remount,rw /
ou
mount -rw -o remount /
MYSQL
edit- Definir un mot de passe
/usr/bin/mysqladmin -u root password motdepasse
- import / export base
mysql -h host -u user -ppass base_de_donnees < fichier_dump mysqldump [options] base_de_donnees > fichier.sql
Crontab
edithttp://www.siteduzero.com/tutoriel-3-73917-crontab-executer-une-commande-regulierement.html
# * * * * * command to execute # │ │ │ │ │ # │ │ │ │ │ # │ │ │ │ └───── day of week (0 - 6) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0) # │ │ │ └────────── month (1 - 12) # │ │ └─────────────── day of month (1 - 31) # │ └──────────────────── hour (0 - 23) # └───────────────────────── min (0 - 59)
@reboot Run once, at startup. @yearly Run once a year, "0 0 1 1 *". @annually (same as @yearly) @monthly Run once a month, "0 0 1 * *". @weekly Run once a week, "0 0 * * 0". @daily Run once a day, "0 0 * * *". @midnight (same as @daily) @hourly Run once an hour, "0 * * * *".
Recreer /dev/null
editmknod /dev/null c 2 2
RCP
edit~/.rhosts /etc/hosts.equiv
pour "rsh host command", le /etc/hosts doit être renseigné sur les deux machines.
load average
edit# top -b -n 1 | awk '{if (NR <=7) print; else if ($8 == "D") {print; count++} } END {print "Total status D: "count}' top - 12:02:19 up 11 days, 2:04, 1 user, load average: 6.15, 6.09, 6.01 Tasks: 613 total, 1 running, 612 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1%us, 0.1%sy, 0.0%ni, 99.6%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 8047248k total, 7074380k used, 972868k free, 141636k buffers Swap: 8388600k total, 0k used, 8388600k free, 4723208k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3887 root 20 0 311m 158m 11m D 0.0 2.0 107:51.07 tina_bck 4704 root 20 0 412m 258m 11m D 0.0 3.3 10:53.91 tina_bck 13579 root 20 0 412m 259m 11m D 0.0 3.3 27:07.77 tina_bck 19242 root 20 0 311m 159m 11m D 0.0 2.0 68:56.35 tina_bck 27880 root 20 0 411m 258m 11m D 0.0 3.3 3:09.46 tina_bck 29998 root 20 0 310m 157m 11m D 0.0 2.0 37:54.05 tina_bck
ajouter les depots optionnel de RHEL
edityum-config-manager --enable rhel-6-server-optional-rpms
ou
subscription-manager repos --enable rhel-6-server-optional-rpms
Enregistrement Redhat
editsur esx 2 rhn_register
date
editdate "+%y%m%d"
140324
date --date="yesterday"
grep
editzgrep -e " 50[234] " prod.access.log.3.gz
awk
edit.... | awk '{print $6}' ps -ef | grep tail | grep -v grep |awk '{system("kill -9 "$2)}' ps -ef | grep tail | grep -v grep |awk '{system("echo kill -9 "$2)}'
history
edithistory | cut -c 8-
reduire nb de processeur
editChange the boot arguments to use ony n number of CPU cores instead of m cores which are actually present, PROVIDED n
a) Add "maxcpus=n" in the bootargs during boot time:
linux /boot/vmlinuz-2.6.31-21-generic root=UUID=2ebbae04-b641-44e9-935f-8964159d79cb ro quiet splash maxcpus=n
This will not be persistent across subsequent boots.
b) To make it permanent, modify/edit /etc/default/grub and add "maxcpus=n" in the following line:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash maxcpus=n"
Method 2: "Enable/Disable a CPU core on the fly"
On a Linux machine you can get the CPU information from /proc/cpuinfo file. On a dual core machine, you will get the output like this:
$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel
To disable a core run the following command on a Ubuntu machine:
$ sudo sh -c "echo 'n' > /sys/devices/system/cpu/cpu1/online"