User:Clarcyl/Linux
DNS
[edit]DNS1= DNS2= DOMAIN=
ACL
[edit]Ajouter
[edit]setfacl -Rm u:bernard:rw RepertoireDeTest/
Supprimer
[edit]setfacl -b RepertoireDeTest/ setfacl -x u:patrick,g:bernard test
Afficher
[edit]getfacl reperoireDeTest/
Reboot without
[edit]touch /fastboot
shutdown -rf now
sudo
[edit]- Editer
sudoedit /etc/sudoers
- Sans password
identifiant ALL = NOPASSWD: commande,autrecommande
- Avec password
identifiant ALL = (user) commande,autrecommande
Information
[edit]Version 32B ou 64B
uname -a
Firewall
[edit]Centos 6
[edit]- Logger les drop sur un iptables
iptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j ACCEPT iptables -N LOGGING iptables -A INPUT -j LOGGING iptables -A OUTPUT -j LOGGING iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 iptables -A LOGGING -j DROP
puis
tail -f /var/log/messages
CentOS 7
[edit]To allow the 443/tcp port temporary in the internal zone, type:
# firewall-cmd --permanent --zone=internal --add-service=http # firewall-cmd --reload
# firewall-cmd --permanent --zone=public --add-port=53/tcp # firewall-cmd --reload
# firewall-cmd [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>
Note: type –remove-port=443/tcp to deny the port.
Add NFS rule in direct.xml
# Allow TCP and UDP port 2049 for NFS. # Allow TCP and UDP port 111 (rpcbind/sunrpc). # Allow the TCP and UDP port specified with MOUNTD_PORT="port" # Allow the TCP and UDP port specified with STATD_PORT="port" # Allow the TCP port specified with LOCKD_TCPPORT="port" # Allow the UDP port specified with LOCKD_UDPPORT="port"
Exemple :
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 111 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 111 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 2049 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 2049 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32803 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32803 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p tcp --dport 32769 -j ACCEPT</rule> <rule priority="1" table="filter" ipv="ipv4" chain="INPUT">-p udp --dport 32769 -j ACCEPT</rule>
List service/ports
# firewall-cmd --list-services # firewall-cmd --list-ports
List ports
# firewall-cmd --list-services
Afficher la zone par defaut
# firewall-cmd --set-default-zone=<zone> # firewall-cmd --get-default-zone public
OutGoing Traffix
[edit]Example : To DROP all applications ports
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=0:1024 -j DROP
Example : To enable only outgoing port 80:
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=80 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
This will add it to permanent rules, not the runtime rules. You will need to reload permanent rules so they become runtime rules.
firewall-cmd --reload
to display permanent rules
firewall-cmd --permanent --direct --get-all-rules
to display runtime rules
firewall-cmd --direct --get-all-rules
Désactiver interface graphique
[edit]éditer /etc/inittab
id:3:initdefault:
SAN
[edit]Print all MultiPathing
[edit]multipath -ll
Scan new Lun
[edit]# ls /sys/class/fc_host
# echo "1" > /sys/class/fc_host/host0/issue_lip # echo "- - -" > /sys/class/scsi_host/host0/scan # echo "1" > /sys/class/fc_host/host1/issue_lip # echo "- - -" > /sys/class/scsi_host/host1/scan
Removing a Path to a Storage Device
[edit]echo offline > /sys/block/sda/device/state. echo 1 > /sys/block/device-name/device/delete where device-name may be sde, for example (as described in Procedure 1, “Ensuring a Clean Device Removal”).
Identifier un volume Datacore sur un système linux
[edit]Datacore :
Virtual disks > Selectionner mon vdisk > Settings > advanced >
SCSI device Id : naa.60030d90a4694d03f162e0255d93aa76
Linux :
ll /dev/disk/by-id total 0 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90315f41435231300000000000 -> ../../sdg lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d90315f41435231300000000000-part1 -> ../../sdg1 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90325f41435231305f41726368 -> ../../sdh lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d9049a34f03aca389ea72edad29 -> ../../sdb lrwxrwxrwx 1 root root 10 Jun 15 14:34 scsi-360030d9049a34f03aca389ea72edad29-part1 -> ../../sde1 lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d909f9cde06e480478a99b099f5 -> ../../sdc lrwxrwxrwx 1 root root 9 Jun 14 13:38 scsi-360030d90a4694d03f162e0255d93aa76 -> ../../sda
Ou alors :
dmsetup info /dev/dm-1 Name: 360030d9049a34f03aca389ea72edad29 State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 1 Event number: 1 Major, minor: 253, 1 Number of targets: 1 UUID: mpath-360030d9049a34f03aca389ea72edad29
Fait le lien avec /dev/dm-??
dmsetup ls test-testlv (253, 7) SDataCoreSANmelody_2_ACR10_Archives (253, 4) 360030d909f9cde06e480478a99b099f5 (253, 2) 360030d90a4694d03f162e0255d93aa76 (253, 0) 360030d9049a34f03aca389ea72edad29 (253, 1) SDataCoreSANmelody_1_ACR10 (253, 3) SDataCoreSANmelody_1_ACR10p1 (253, 6) 360030d9049a34f03aca389ea72edad29p1 (253, 5)
Le reste je sais tu sais faire !
Ajouter un disque
[edit]sudo vgcreate vol_grp1 /dev/sda6 /dev/sda7 sudo lvcreate -l 20 -n logical_vol1 vol_grp1 sudo mkfs.ext3 /dev/vol_grp1/logical_vol1
commande Réseau
[edit]Ecoute d'un port (2000)
sudo tcpdump -XX -vv -s0 -i eth0 tcp port 2000
Copier un fichier vers un port réseau
# nc -vv 194.177.51.33 2000 < README.txt Connection to 194.177.51.33 2000 port [tcp/sieve-filter] succeeded!
Network
[edit]Après un changement de carte réseau la modification de la mac adresse dans ifcfg-eth0 ne suffit pas il faut en plus :
cd /etc/udev/rules.d/ cp 70-persistent-net.rules /root/ rm 70-persistent-net.rules reboot
Si le probleme n'est pas résolu: Si dans dmesg le message suivant apparait :
udev: renamed network interface eth0 to eth1
editer le fichier :
/etc/udev/rules.d/70-persistent-net.rules
Normally, you should have a double entry (eth0 and eth1) with different MAC address. This often happen when the OS is virtualized. Just delete the whole entry for eth1 and then rename eth1 to eth0 on the following entry and reboot
Cut
[edit]Découpe le fichier en X partie avec le caractère : (:) et récupère la première (1)
cut -d : -f 1 ficher.txt
Renice
[edit]renice -19 PID
Sed
[edit]sed -e "s/avant/apres/g" fichier.txt> test.txt
Classer les répertoires par taille
[edit]du -k . | sort -n
Gestion de paquets
[edit]- installalation
rpm -ivh
- paquets installé
rmp -qa | grep -i NomDupaquet
- uninstall
rpm -e
Montage
[edit]mount -t iso9660 /dev/cdrom /mnt/cdrom
umount /home/
umount: /home/: device is busy.
fuser -kmiuv /home/
USER PID ACCESS COMMAND
/home/: root kernel mount (root)/home
boinc 2167 F.c.m (boinc)boinc
pcr 3326 ..c.. (pcr)sh
Tuer le processus 2167 ? (y/N) N
Tuer le processus 3326 ? (y/N)
Groupe
[edit]- ajouter un utilisateur
usermod -G group user usermod -g primarygroup user
Compression
[edit]- Compression
tar -cvf fichier.tar MonRepertoire1 tar -czvf fichier.tar.gz MonRepertoire1
- Décompression
tar -xvf fichier.tar tar -xzvf fichier.tar.gz
Problème fstab
[edit]mount -o remount,rw /
ou
mount -rw -o remount /
MYSQL
[edit]- Definir un mot de passe
/usr/bin/mysqladmin -u root password motdepasse
- import / export base
mysql -h host -u user -ppass base_de_donnees < fichier_dump mysqldump [options] base_de_donnees > fichier.sql
Crontab
[edit]http://www.siteduzero.com/tutoriel-3-73917-crontab-executer-une-commande-regulierement.html
# * * * * * command to execute # │ │ │ │ │ # │ │ │ │ │ # │ │ │ │ └───── day of week (0 - 6) (0 to 6 are Sunday to Saturday, or use names; 7 is Sunday, the same as 0) # │ │ │ └────────── month (1 - 12) # │ │ └─────────────── day of month (1 - 31) # │ └──────────────────── hour (0 - 23) # └───────────────────────── min (0 - 59)
@reboot Run once, at startup. @yearly Run once a year, "0 0 1 1 *". @annually (same as @yearly) @monthly Run once a month, "0 0 1 * *". @weekly Run once a week, "0 0 * * 0". @daily Run once a day, "0 0 * * *". @midnight (same as @daily) @hourly Run once an hour, "0 * * * *".
Recreer /dev/null
[edit]mknod /dev/null c 2 2
RCP
[edit]~/.rhosts /etc/hosts.equiv
pour "rsh host command", le /etc/hosts doit être renseigné sur les deux machines.
load average
[edit]# top -b -n 1 | awk '{if (NR <=7) print; else if ($8 == "D") {print; count++} } END {print "Total status D: "count}'
top - 12:02:19 up 11 days, 2:04, 1 user, load average: 6.15, 6.09, 6.01
Tasks: 613 total, 1 running, 612 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.1%us, 0.1%sy, 0.0%ni, 99.6%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8047248k total, 7074380k used, 972868k free, 141636k buffers
Swap: 8388600k total, 0k used, 8388600k free, 4723208k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3887 root 20 0 311m 158m 11m D 0.0 2.0 107:51.07 tina_bck
4704 root 20 0 412m 258m 11m D 0.0 3.3 10:53.91 tina_bck
13579 root 20 0 412m 259m 11m D 0.0 3.3 27:07.77 tina_bck
19242 root 20 0 311m 159m 11m D 0.0 2.0 68:56.35 tina_bck
27880 root 20 0 411m 258m 11m D 0.0 3.3 3:09.46 tina_bck
29998 root 20 0 310m 157m 11m D 0.0 2.0 37:54.05 tina_bck
ajouter les depots optionnel de RHEL
[edit]yum-config-manager --enable rhel-6-server-optional-rpms
ou
subscription-manager repos --enable rhel-6-server-optional-rpms
Enregistrement Redhat
[edit]sur esx 2 rhn_register
date
[edit]date "+%y%m%d"
140324
date --date="yesterday"
grep
[edit]zgrep -e " 50[234] " prod.access.log.3.gz
awk
[edit].... | awk '{print $6}'
ps -ef | grep tail | grep -v grep |awk '{system("kill -9 "$2)}'
ps -ef | grep tail | grep -v grep |awk '{system("echo kill -9 "$2)}'
history
[edit]history | cut -c 8-
reduire nb de processeur
[edit]Change the boot arguments to use ony n number of CPU cores instead of m cores which are actually present, PROVIDED n
a) Add "maxcpus=n" in the bootargs during boot time:
linux /boot/vmlinuz-2.6.31-21-generic root=UUID=2ebbae04-b641-44e9-935f-8964159d79cb ro quiet splash maxcpus=n
This will not be persistent across subsequent boots.
b) To make it permanent, modify/edit /etc/default/grub and add "maxcpus=n" in the following line:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash maxcpus=n"
Method 2: "Enable/Disable a CPU core on the fly"
On a Linux machine you can get the CPU information from /proc/cpuinfo file. On a dual core machine, you will get the output like this:
$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel
To disable a core run the following command on a Ubuntu machine:
$ sudo sh -c "echo 'n' > /sys/devices/system/cpu/cpu1/online"