Grundlegende Systemwartung, durch Installation, von aktuellen Paketen und Upgraden des Kernels.
Upgrade System and Packages:
# yum update -y
Will man die automatische Syntax Erweiterung durch drücken von “Tab, Tab” einrichten, so müssen lediglich folgende zwei Packete auf dem System installiert werden; und ein relogin nach der erfolgreichen Installation durchgeführt werden.
# yum install bash-completion.noarch # yum install bash-completion-extras.noarch
Eigene motd (Login-Nachricht), nach dem Aufbau einer neuen SSH-Verbindung anzeigen lassen:
# echo ' ############################################################################## # # # This is the admin-server of Michael Reber. # # # # ATTENTION: # # # # Unauthorized access to this system is prohibited ! # # # # This system is actively monitored and all connections may be logged. # # By accessing this system, you consent to this monitoring. # # # ############################################################################## ' > /etc/motd
Benutzer anlegen und setzen von Passwort.
# adduser michael # passwd michael
Root Privilegien für User:
As root, run this command to add your new user to the wheel group (substitute the highlighted word with your new user):
# usermod -aG wheel michael
Now your user can run commands with super user privileges!
Root Privilegien für User & without PW:
# echo "michael ALL=NOPASSWD: ALL" > /etc/sudoers.d/michael
Zeigt die effektive Grösse - human readable und rekursiv über alle Files dar.
# du -hs foswiki/
4.6G foswiki/
Das normale Login auf einen Linux Server via SSH:
# ssh vrh7f
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for vb7gl9 has changed, and the key for the corresponding IP address 172.18.13.12 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:o7win3mceJwnnehEyiVaOM6ePdiKOWivbtUMhxHVr58. Please contact your system administrator. Add correct host key in /home/rebermi/.ssh/known_hosts to get rid of this messag e. Offending RSA key in /etc/ssh/ssh_known_hosts:778 RSA host key for vb7gl9 has changed and you have requested strict checking. Host key verification failed.
Trotz Error auf Server einloggen:
# ssh -o stricthostkeychecking=no vrh7f
Wichtige Tools, zum konfigurieren, abändern der System Einstellungen.
Die aktuelle System-Zeitzone
(Timezone) kann man sehr einfach anschauen: # timedatectl
Wenn man nun auf eine neue Timezone zu wechseln möchte, macht es sinn, sich zuerst die verfügbaren Zeitzonen anzuzeigen lassen:
# timedatectl list-timezones
# timedatectl set-timezone Europe/Zurich
Möglichkeiten, um das eigene System ein bisschen zu analisieren; Informationen abzurufen.
# uptime
11:09:46 up 81 days, 17:13, 1 user, load average: 0.04, 0.10, 0.08
Display the current Kernel Version:
# uname -a
Linux vstif2.pnet.ch 3.10.0-514.21.1.el7.x86_64 #1 SMP Sat Apr 22 02:41:35 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
Show System Server Release Version:
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)
# df -h
Filesystem Size Used Avail Use% Mounted on /dev/mapper/vgsys-root 8.0G 2.1G 6.0G 26% / devtmpfs 910M 0 910M 0% /dev tmpfs 920M 0 920M 0% /dev/shm tmpfs 920M 97M 824M 11% /run tmpfs 920M 0 920M 0% /sys/fs/cgroup /dev/mapper/vgsys-var 8.0G 2.1G 6.0G 26% /var /dev/mapper/vgsys-opt 9.5G 184M 9.3G 2% /opt /dev/mapper/vgsys-tmp 4.0G 33M 4.0G 1% /tmp /dev/mapper/vgsys-home 8.0G 7.1G 922M 89% /home /dev/vda1 509M 195M 315M 39% /boot tmpfs 184M 0 184M 0% /run/user/37198
Zeigt alle Disks an, auch welche die unpartitioniert sind, und nicht gemountet sind!
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 80G 0 disk ├─sda1 8:1 0 512M 0 part /boot └─sda2 8:2 0 79.5G 0 part ├─vgsys-root 253:0 0 8G 0 lvm / ├─vgsys-swap 253:1 0 2G 0 lvm [SWAP] ├─vgsys-opt 253:2 0 49.5G 0 lvm /opt ├─vgsys-tmp 253:3 0 4G 0 lvm /tmp ├─vgsys-home 253:4 0 8G 0 lvm /home └─vgsys-var 253:5 0 8G 0 lvm /var sdb 8:16 0 80G 0 disk └─vg_data01-lv_data01 253:6 0 80G 0 lvm /data01 sr0 11:0 1 1024M 0 rom
# netstat -napl
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 10.1.100.181:22 0.0.0.0:* LISTEN 900/sshd tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 17361/sshd: rebermi tcp 0 64 10.1.100.181:22 10.224.204.222:31477 ESTABLISHED 17358/sshd: rebermi tcp 0 0 10.1.100.181:47656 172.27.130.12:61613 ESTABLISHED 17664/ruby tcp 0 0 10.1.100.181:43540 172.27.49.65:9997 ESTABLISHED 15129/splunkd tcp6 0 0 :::9000 :::* LISTEN 29798/nsrexecd tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::9269 :::* LISTEN 29798/nsrexecd tcp6 0 0 ::1:6010 :::* LISTEN 17361/sshd: rebermi tcp6 0 0 :::7937 :::* LISTEN 29798/nsrexecd tcp6 0 0 :::7938 :::* LISTEN 29798/nsrexecd udp 0 0 0.0.0.0:111 0.0.0.0:* 6061/rpcbind udp 0 0 10.1.100.181:123 0.0.0.0:* 26924/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 26924/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 26924/ntpd udp 0 0 0.0.0.0:724 0.0.0.0:* 6061/rpcbind udp6 0 0 :::111 :::* 6061/rpcbind udp6 0 0 ::1:123 :::* 26924/ntpd udp6 0 0 :::123 :::* 26924/ntpd udp6 0 0 :::724 :::* 6061/rpcbind udp6 0 0 :::7938 :::* 29798/nsrexecd Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 11522 1/systemd /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 11275 1/systemd /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 14389 649/gssproxy /run/gssproxy.sock unix 2 [ ACC ] STREAM LISTENING 30777543 17361/sshd: rebermi /tmp/ssh-v94wMvs2vd/agent.17361 unix 2 [ ACC ] STREAM LISTENING 14191 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 14388 649/gssproxy /var/lib/gssproxy/default.sock unix 2 [ ACC ] STREAM LISTENING 14194 1/systemd /var/run/rpcbind.sock unix 2 [ ] DGRAM 6831 1/systemd /run/systemd/notify unix 2 [ ] DGRAM 6833 1/systemd /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 6842 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 11451 1/systemd /run/lvm/lvmpolld.socket unix 5 [ ] DGRAM 6845 1/systemd /run/systemd/journal/socket unix 9 [ ] DGRAM 6847 1/systemd /dev/log unix 2 [ ] DGRAM 11466 1/systemd /run/systemd/shutdownd unix 2 [ ACC ] SEQPACKET LISTENING 11518 1/systemd /run/udev/control unix 2 [ ] DGRAM 14377 649/gssproxy unix 3 [ ] DGRAM 12481 494/systemd-udevd unix 3 [ ] STREAM CONNECTED 14366 459/systemd-journal /run/systemd/journal/stdout unix 3 [ ] DGRAM 12480 494/systemd-udevd unix 2 [ ] DGRAM 12461 494/systemd-udevd unix 3 [ ] STREAM CONNECTED 14365 647/dbus-daemon unix 2 [ ] DGRAM 30777608 17397/sudo unix 3 [ ] STREAM CONNECTED 14402 647/dbus-daemon unix 3 [ ] STREAM CONNECTED 14102 626/auditd unix 3 [ ] STREAM CONNECTED 14258 459/systemd-journal /run/systemd/journal/stdout unix 2 [ ] DGRAM 25345848 647/dbus-daemon unix 3 [ ] STREAM CONNECTED 12107 481/lvmetad unix 3 [ ] STREAM CONNECTED 2557415 459/systemd-journal /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 25694704 15129/splunkd unix 3 [ ] STREAM CONNECTED 2557414 29726/crond unix 2 [ ] DGRAM 15260 662/polkitd unix 2 [ ] DGRAM 27844357 26924/ntpd unix 3 [ ] DGRAM 25694716 15134/[splunkd pid= unix 3 [ ] STREAM CONNECTED 14376 1/systemd unix 3 [ ] STREAM CONNECTED 14758 661/systemd-logind unix 3 [ ] STREAM CONNECTED 14393 - unix 3 [ ] STREAM CONNECTED 14759 459/systemd-journal /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 14404 647/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] DGRAM 25694715 15129/splunkd unix 3 [ ] STREAM CONNECTED 16427 459/systemd-journal /run/systemd/journal/stdout unix 2 [ ] DGRAM 14793 661/systemd-logind unix 3 [ ] STREAM CONNECTED 25694714 15134/[splunkd pid= unix 2 [ ] DGRAM 2557417 29726/crond unix 3 [ ] STREAM CONNECTED 25694713 15129/splunkd unix 3 [ ] STREAM CONNECTED 25694705 15129/splunkd unix 3 [ ] STREAM CONNECTED 14395 649/gssproxy /run/gssproxy.sock unix 3 [ ] STREAM CONNECTED 12108 459/systemd-journal /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 18263 893/python unix 3 [ ] STREAM CONNECTED 30777525 17361/sshd: rebermi unix 3 [ ] STREAM CONNECTED 18264 647/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 14812 661/systemd-logind unix 2 [ ] DGRAM 30777518 17358/sshd: rebermi unix 3 [ ] STREAM CONNECTED 14101 626/auditd unix 3 [ ] STREAM CONNECTED 30777526 17358/sshd: rebermi unix 2 [ ] DGRAM 14100 626/auditd unix 3 [ ] STREAM CONNECTED 14403 647/dbus-daemon unix 3 [ ] STREAM CONNECTED 14257 649/gssproxy unix 3 [ ] STREAM CONNECTED 14813 647/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 16426 900/sshd unix 3 [ ] STREAM CONNECTED 16106 893/python unix 3 [ ] STREAM CONNECTED 12451 494/systemd-udevd unix 3 [ ] STREAM CONNECTED 15061 647/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 12452 459/systemd-journal /run/systemd/journal/stdout unix 2 [ ] DGRAM 29758906 1/systemd unix 3 [ ] STREAM CONNECTED 16107 459/systemd-journal /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15060 662/polkitd
# rpm -qa
pyserial-2.6-6.el7.noarch libblkid-2.23.2-43.el7.x86_64 tfm-rubygem-rails-i18n-4.0.8-1.el7sat.noarch basesystem-10.0-7.el7.noarch pulp-selinux-2.8.7.14-1.el7sat.noarch gawk-4.0.2-4.el7_3.1.x86_64 tfm-rubygem-sprockets-rails-2.3.3-1.el7sat.noarch libsndfile-1.0.25-10.el7.x86_64 libsemanage-2.5-8.el7.x86_64 tfm-rubygem-highline-1.6.21-4.el7sat.noarch rubygem-bundler_ext-0.3.0-7.el7sat.noarch fuse-2.9.2-8.el7.x86_64 tfm-rubygem-will_paginate-3.0.7-1.el7sat.noarch popt-1.13-16.el7.x86_64 cairo-1.14.8-2.el7.x86_64 libmspack-0.5-0.5.alpha.el7.x86_64 tfm-rubygem-trollop-2.0-5.el7sat.noarch libcap-ng-0.7.5-4.el7.x86_64 geronimo-jms-1.1.1-19.el7.noarch python-libs-2.7.5-58.el7.x86_64 tfm-rubygem-facter-2.4.0-3.el7sat.x86_64 findutils-4.5.11-5.el7.x86_64 apache-commons-logging-1.1.2-7.el7.noarch openldap-2.4.44-5.el7.x86_64 tfm-rubygem-awesome_print-1.0.2-13.el7sat.noarch tomcat-7.0.76-2.el7.noarch ruby-2.0.0.648-30.el7.x86_64 tfm-rubygem-formatador-0.2.1-9.el7sat.noarch unzip-6.0-16.el7.x86_64 fuse-libs-2.9.2-8.el7.x86_64 tfm-rubygem-fog-vsphere-0.6.3-1.el7sat.noarch qrencode-libs-3.4.1-3.el7.x86_64 openssl-1.0.2k-8.el7.x86_64 redhat-release-server-7.4-18.el7.x86_64 tfm-rubygem-activerecord-session_store-0.1.2-1.el7sat.noarch cracklib-2.9.0-11.el7.x86_64 python-pulp-oid_validation-2.8.7.14-1.el7sat.noarch libcgroup-0.41-13.el7.x86_64 tfm-rubygem-hammer_cli_katello-0.0.22.29-1.el7sat.noarch libutempter-1.1.6-4.el7.x86_64 puppet-3.8.6-2.el7sat.noarch setroubleshoot-plugins-3.0.65-1.el7.noarch tfm-rubygem-ancestry-2.0.0-4.el7sat.noarch ..
rpm -ql PACKAGENAME
# rpm -ql httpd
/etc/httpd /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.d/README /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/userdir.conf /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.modules.d /etc/httpd/conf.modules.d/00-base.conf /etc/httpd/conf.modules.d/00-dav.conf /etc/httpd/conf.modules.d/00-lua.conf /etc/httpd/conf.modules.d/00-mpm.conf /etc/httpd/conf.modules.d/00-proxy.conf /etc/httpd/conf.modules.d/00-systemd.conf /etc/httpd/conf.modules.d/01-cgi.conf /etc/httpd/conf/httpd.conf /etc/httpd/conf/magic /etc/httpd/logs /etc/httpd/modules /etc/httpd/run /etc/logrotate.d/httpd /etc/sysconfig/htcacheclean /etc/sysconfig/httpd /run/httpd /run/httpd/htcacheclean /usr/lib/systemd/system/htcacheclean.service /usr/lib/systemd/system/httpd.service /usr/lib/tmpfiles.d/httpd.conf /usr/lib64/httpd /usr/lib64/httpd/modules /usr/lib64/httpd/modules/mod_access_compat.so /usr/lib64/httpd/modules/mod_actions.so /usr/lib64/httpd/modules/mod_alias.so /usr/lib64/httpd/modules/mod_allowmethods.so /usr/lib64/httpd/modules/mod_asis.so ..
rpm -qp –scripts PACKAGENAME
# rpm -qp --scripts patchman-1.0.20-1.noarch.rpm
postinstall scriptlet (using /bin/sh): #!/bin/sh if [ ! -e /etc/httpd/conf.d/patchman.conf ] ; then cp /etc/patchman/apache.conf.example /etc/httpd/conf.d/patchman.conf fi if ! grep /usr/lib/python2.7/site-packages /etc/httpd/conf.d/patchman.conf >/dev/null 2>&1 ; then sed -i -e "s/^\(Define patchman_pythonpath\).*/\1 \/usr\/lib\/python2.7\/site-packages/" \ /etc/httpd/conf.d/patchman.conf fi service httpd reload patchman-set-secret-key chown apache /etc/patchman/local_settings.py mkdir -p /var/lib/patchman/db patchman-manage collectstatic --noinput patchman-manage makemigrations patchman-manage migrate --run-syncdb chown -R apache:apache /var/lib/patchman chcon --type httpd_sys_rw_content_t /var/lib/patchman/db/patchman.db echo echo "Remember to run 'patchman-manage createsuperuser' to create a user." echo