Skip to content

Instantly share code, notes, and snippets.

@wbsouza

wbsouza/linux

Last active April 21, 2022 13:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save wbsouza/7f53d9ffab8ebd85bf548751cbe1036d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save wbsouza/7f53d9ffab8ebd85bf548751cbe1036d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. wbsouza revised this gist Apr 21, 2022. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions linux
    View file
    Original file line number Diff line number Diff line change
    @@ -5,6 +5,9 @@ yum clean all
    yum makecache
    yum update

    # reload sysctl configs
    sudo sysctl --system


    # force all the files in /var/www/html to be under the nginx group
    chown user:nginx -fR /var/www/html
  2. wbsouza revised this gist Feb 17, 2022. 1 changed file with 7 additions and 0 deletions.
    7 changes: 7 additions & 0 deletions linux
    View file
    Original file line number Diff line number Diff line change
    @@ -172,3 +172,10 @@ $ pigz -dk -p8 image.gz
    ffmpeg -i ./test.mkv -acodec cop test.mp4


    # force reinstall packages
    sudo apt-get remove --purge ufw
    sudo apt-get -o Dpkg::Options::="--force-confmiss" install --reinstall ufw
    systemctl enable ufw
    ufw enable


  3. Wellington Souza revised this gist Jul 5, 2021. 1 changed file with 3 additions and 1 deletion.
    4 changes: 3 additions & 1 deletion linux
    View file
    Original file line number Diff line number Diff line change
    @@ -168,5 +168,7 @@ $ pigz -k -p8 image.png
    # Decompress
    $ pigz -dk -p8 image.gz


    # Convert video .mkv to mp4
    ffmpeg -i ./test.mkv -acodec cop test.mp4


  4. Wellington Souza revised this gist May 21, 2021. 1 changed file with 9 additions and 0 deletions.
    9 changes: 9 additions & 0 deletions linux
    View file
    Original file line number Diff line number Diff line change
    @@ -22,6 +22,15 @@ sed -i 's+regex+new-text+g' file.txt

    find -type f -print0 | xargs -0 sed -i '/real_date_done/s/real_date_done/done_date/g'


    # Renaming files
    apt-get install rename

    find . -name "* *" -type d | rename 's/ /_/g' # do the directories first
    find . -name "* *" -type f | rename 's/ /_/g'



    # Using sed to remove lines
    sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
    sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
  5. Wellington Souza created this gist Apr 4, 2021.
    163 changes: 163 additions & 0 deletions linux
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,163 @@
    # force yum to update all the caches avoiding the error
    # [Errno 14] HTTP Error 404 - Not Found
    echo "http_caching=packages" >> /etc/yum.conf
    yum clean all
    yum makecache
    yum update


    # force all the files in /var/www/html to be under the nginx group
    chown user:nginx -fR /var/www/html
    find /var/www/html -type d | awk '{ printf("\"%s\"\n", $0); }' | xargs chmod 2775
    sudo setfacl -Rdm g:adm:rwx /var/www/html

    # Using sed to replace text in files
    sed 's/word1/word2/g' input.file
    ## *bsd/macos sed syntax#
    sed 's/word1/word2/g' input.file > output.file
    sed -i 's/word1/word2/g' input.file
    sed -i -e 's/word1/word2/g' -e 's/xx/yy/g' input.file
    ## use + separator instead of / ##
    sed -i 's+regex+new-text+g' file.txt

    find -type f -print0 | xargs -0 sed -i '/real_date_done/s/real_date_done/done_date/g'

    # Using sed to remove lines
    sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
    sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
    sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config


    # finding the biggest directory
    du -a /home | sort -n -r | head -n 5


    # updating SELinux rules to accept nginx reverse proxy
    cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M nginx
    sudo semodule -i nginx.pp

    # reinstalling and updating SELinux
    setenforce 0
    yum erase selinux\*
    rm -rf /etc/selinux
    yum install selinux-policy-targeted
    touch /.autorelabel
    reboot

    # show the oscap profiles
    oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

    # generate an oscap report
    oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss --results-arf arf.xml \
    --report /var/lib/reports/$(hostname)-scap-report-$(date +%Y%m%d).html \
    --oval-results /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

    # run an oscap ansible script to update the linux system
    ls /usr/share/scap-security-guide/ansible
    ansible-playbook -i "localhost," -c local /usr/share/scap-security-guide/ansible/ssg-centos7-role-pci-dss.yml

    # secure the files under the /etc/pam.d location ##
    chattr +i -R /etc/pam.d
    lsattr -d /etc/pam.d
    lsattr -l /etc/pam.d
    cd /etc/pam.d

    ## Try to add or delete something ##
    echo "test" > foo.txt
    mkdir foo
    ls -l
    rm system-auth

    ## remove the immutable attributes again ##
    cd /etc/pam.d
    chattr -i -R /etc/pam.d
    lsattr -d /etc/pam.d

    # fixing the umount for a pendrive takes forever
    # edit your /etc/rc.local and add
    echo $((16*1024*1024)) > /proc/sys/vm/dirty_background_bytes
    echo $((48*1024*1024)) > /proc/sys/vm/dirty_bytes


    # show IPs associated with the network interfaces
    show_iface_ips() {
    ip addr | awk '/^[0-9]+:/ { sub(/:/,"",$2); iface=$2 } /^[[:space:]]*inet / { split($2, a, "/"); print iface":"a[1] }'
    }
    # or in two steps
    net_device=$(ip route | grep default | grep -v tun | awk '{ print $5 }' | sed -z 's/\n//')
    ip_address=$(ip route| grep $net_device | grep -v default | grep src | awk '{ print $9 }' | sed -z 's/\n//')
    echo $ip_address


    # Show the main IP from the machine
    ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1


    # Expanding an volume partition
    1) Use fdisk to add an extra partition
    2) vgextend centos /dev/sda3 # (adding a partition to the Volume Group)
    3) lvcreate -n home -L261GB centosID

    # show the current partitions with their respective uuids
    blkid

    # checking for errors and fixing them
    e2fsck -f /dev/nvme1n1p1

    # change the uuid partition
    tune2fs /dev/nvme1n1p1 -U $(uuidgen)

    # utility to allow change the uuid / PARUUID
    gdisk /dev/nvme0n1 # PRESS x => expert, c => change PARUUID, w => write and exit

    # changing the PTUUID (unique identifier for the entire disk)
    fdisk /dev/nvme0n1 <<EOF > /dev/null
    p
    x
    i
    0x${PTUUID}
    r
    p
    w
    EOF


    # compressing directory and transfering the stream via ssh and decompressing
    ssh user@host "cd /tmp/media; tar -cz Music" | tar xvz

    # or upload directory the same way
    tar -cz ./Music | ssh user@host "tar zx -C /new/path/to/data/"

    # copy partitions from different computers
    ssh root@source_host "dd if=/dev/sda1 " | pv | dd of=/dev/vda1

    # split a big file into smal and compressed files
    split --bytes=1024M --filter='gzip > $FILE.gz' ./source/file.dat ./output/path

    #---------------- mounting partition inside of a raw image from a disk ----------------
    # The filesystem itself starts on sector 63. You can also view this with fdisk -l:
    fdisk -l harddrive.img
    Device Boot Start End Blocks Id System
    harddrive.img * 63 33640109 16820023+ 83 Linux

    # We need to skip 63 sectors, and each sector is 512 bytes long
    # So, we need to use an offset of 32,256 bytes.
    mount -o ro,loop,offset=32256 harddrive.img /mnt/loop
    mount | grep harddrive.img
    /root/harddrive.img on /mnt/loop type ext3 (ro,loop=/dev/loop1,offset=32256)


    # reset number of invalid authentications
    pam_tally --reset --user <USERNAME>
    pam_tally2 --reset --user <USERNAME>.

    #===== GZip parallell compression
    # Compress
    # Always use -k to keep the original file
    $ pigz -k -p8 image.png

    # Decompress
    $ pigz -dk -p8 image.gz