Category: Linux

  • Install AnyDesk on Ubuntu

    To install AnyDesk on Ubuntu, run following commands as user root (sudo su).

    wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -

    Add repository

    echo "deb http://deb.anydesk.com/ all main" > /etc/apt/sources.list.d/anydesk-stable.list

    Update apt cache

    apt update

    Install anydesk with

    apt install anydesk

    If you don’t want auto start anydesk on boot, disable it with

    systemctl disable anydesk

    If you need to enable AnyDesk start on boot, run

    systemctl enable anydesk

    To see if anydesk is enabled or disabled, you can run

    systemctl list-unit-files | grep anydesk

    To check status of anydesk, run

    systemctl status anydesk

    You can manually start it with

    systemctl start anydesk

    See AnyDesk

  • Install Latest MariaDB on CentOS

    Install Latest MariaDB on CentOS

    To install the latest MariaDB on the CentOS server, go to

    https://mariadb.org/download/?t=repo-config

    On this page, select CentOS, then select your CentOS version and MariaDB version you need.

    MariaDB install CentOS

    Below you will see instructions for your specific version of CentOS.

    Install MariaDB 10.5 on CentOS 7

    CentOS 7 by default provide MariaDB 5.5. To install MariaDB 10.5

    Create file

    vi /etc/yum.repos.d/MariaDB.repo

    Add

    # MariaDB 10.5 CentOS repository list - created 2020-11-05 08:27 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

    Now you can install MariDB with command

    yum install MariaDB-server MariaDB-client

    To start MariaDB, run

    systemctl start mariadb

    You can replace start with stop/restart/status. To auto start MariaDB on boot, run

    systemctl enable mariadb

    See MySQL

  • Enable Remote Desktop in Ubuntu from the command line

    Method 1: Using x11vnc

    Connect to remote computer with SSH

    ssh user@REMOTE_PC_IP

    Install x11vnc

    sudo apt install x11vnc

    start x11vnc as the user that is logged in to GUI.

    x11vnc -display :0

    Now you should be able to connect to the desktop using any vnc client software using

    REMOTE_PC_IP:0

    Method 2: Using vino

    Connect to remote computer with SSH

    ssh -Y user@REMOTE_PC_IP

    Run

    sudo apt-get install vino -y
vino-preferences

    You need X11 forward enabled to get this working, so you can run GUI application of remote PC on your PC.

    Configure settings as required.

    Now run

    export DISPLAY=:0.0
xhost +
/usr/lib/vino/vino-server

    This will start vino-server, if you want to run in background, run with & at end.

    /usr/lib/vino/vino-server &

    To verify vino running, run

    netstat -nl | grep 5900

    Now you have VNC enabled on remote PC.

    Start your favorite VNC client and connect to remote PC.

    If you don’t have vino-preferences, you can use

    export DISPLAY=0.0
gsettings set org.gnome.Vino notify-on-connect false
gsettings set org.gnome.Vino prompt-enabled false
gsettings get org.gnome.desktop.notifications.application:/org/gnome/desktop/notifications/application/vino-server/ enable
gsettings set org.gnome.desktop.notifications.application:/org/gnome/desktop/notifications/application/vino-server/ enable false
gsettings set org.gnome.desktop.notifications show-in-lock-screen false
gsettings set org.gnome.desktop.notifications show-banners false
gsettings set org.gnome.Vino require-encryption false
gsettings set org.gnome.Vino view-only false

    To set password for VNC, run

    dbus-launch gsettings set org.gnome.Vino authentication-methods "['vnc']"
dbus-launch gsettings set org.gnome.Vino vnc-password $(echo -n "YOUR_VNC_PW_HERE"|base64)

    Allow connection from a network interface

    eths=$(nmcli -t -f uuid,type c s --active | grep 802 | awk -F  ":" '{ print "'\''" $1 "'\''" }' | paste -s -d, -)
gsettings set org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections "[ $eths ]"
dbus-launch gsettings set org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections "[ $eths ]"
gsettings get org.gnome.settings-daemon.plugins.sharing.service:/org/gnome/settings-daemon/plugins/sharing/vino-server/ enabled-connections

    start vino server

    /usr/lib/vino/vino-server --display=:0.0

    To view the settings

    gsettings list-recursively org.gnome.Vino
gsettings list-recursively org.gnome.desktop.notifications
dconf dump /org/gnome/

  • RHCSA Questions

    CREATE LVM

Create the "LVM" with the name "source" by using 26PE's from the volume group "open". Consider the PE size as "8MB". Mount it on /mnt/secret with filesystem vfat.
    USER'S GROUPS AND PERMISSION:

Create a group named "sysadmin" A user sarah and natasha should belongs to "manager" group as a secondary group . A user harry should not have access to interactive shell and he should not be a member of "manager" group. passwd for all user created should be "password".
    DIRECTORY COLLABORATION:

Create the Directory "/home/manager" with the following characteristics. Group ownership of "/home/manager" should go to "manager" group. The directory should be have full permission for all members off "manager" group but not to any other users accept "root". Files created under "/home/manager" should get the same group ownership is set to the "manager" group.
    UPDATE THE KERNEL:

Install the appropriate Kernel from ftp://instructor.example.com/ftp/updates. Your machine should boot with updated kernel.
    CRON JOB:

The user sarah must configure a cron job that runs today at 14:23 today. and executes "/bin/echo "hyer" and deny the user max for creating cronjob .


    RESIZE LVM:

Resize the lvm "/dev/vgsrv/home" (/dev/myvol/vo) so that after reboot size should be in between 90MB to 120MB..
    BIND THE "LDAP" FOR USER AUTHENTICATION:

Note the following. BASE DN: dc=example,dc=com ldap path ldap://instructor.example.com/ Download the certificate from "ftp://instructor.example.com/pub/EXAMPLE-CA-CERT" Ldap user should login into your system . Where "X" is your system no.
    "NTP" CLIENT:

Configure your system as "NTP" client for "instructor.example.com".
    AUTOMOUNT THE HOME DIRECTORY FOR LDAPUSER

Note the following. instructor.example.com(192.168.0.254) "Nfs exports" /home/guests to your system where "x" is your station ip. Ldapuser's home directory is instructor.example.com:/home/guests/ldapuserx. Ldapuser's home directory should be automounted locally beneath at /home/guests/ldapuserx. While login with any of the ldapuser then only home directory should accesible from your system that ldapuserx.
    ACCESS CONTROL LIST:

Copy the file /etc/fstab to /var/tmp and configure the "ACL" as mention following. The file /var/tmp/fstab is owned by the "root". The file /var/tmp/fstab belongs to the group "root" The file /var/tmp/fstab should not be executable by other's. The user "sarah" should able to read and write to the file. The user "natasha" can neither read nor write to the file. other users (future and current) shuold be able to read /var/tmp/fstab. Create a directory /data ,set default group as ftp so that when content will be created under this dir group ftp will be inherited.
    CONFIGURE FTP SERVER:

Configure FTP access from your system. Clients within the remote.test should not have anonomyous FTP access to your system.
    CONFIGURE "web server":

Configure your system as "web server" for the site http://serverX.example.com . Download the web page from ftp://instructor.example.com/updates/station.html Rename the the downloaded page as "index.html" Copy the "index.html" page to the "document root" Do not make any modifications to the content of index.html.
    ADD USERS:

Create the user "dax" with uid 4223.
    EXTEND SWAP SPACE:

Extend the SWAP space with "250" MB dont remove the existing swap.
    LOCATE THE FILES:

locate the files of owner "dax" and copy to the directory /root/found directory
    SEARCH FOR WORD:

List all lines which have string "full" from "/usr/share/dict/words" file and copy the lines in /root/word.found.
    Create logical volume “lv” belongs to volume group “vg” with extend 100
All logical volume in volume group “vg” must have extend size 8M
Format logical volume “lv” as vfat type and mount it /mnt/blah upon reboot

    See redhat

  • redhat

    rhce
    RHCSA Study Guide
    RHCSA Questions

  • rhce

    Red Hat Certified Engineer Exam Questions

    Before starting exam

    #iptables -L
#iptables -F
#service iptables save
#service iptables restart
#chkconfig iptables on

    1. Enable selinux as enforcing

    # setup
firewall configuration - disabled
# getenforce
# lokkit --selinux=enforcing
init6
# cat /etc/sysconfig/system-config-firewall
# cat /etc/stsconfig/selinux

    2. Enable IP forwarding on your virtual machine

    Step-01:

Enable IP Forwarding permanently in your machine.
vi /etc/sysctl.conf            (sysctl configure parameters at run level)
change line number 7
net.ipv4.ip_forward=1
:wq

Step-02:

sysctl -p

    3. Configure FTP access on your system.

    clients with in domain70.example.com should have anonymous FTP access to your machine.
    clients outside domain70.example.com should Not have access to your FTP service.

    
Step-01:

#yum install vsftpd*
#service vsftpd restart
#yum install ftp

Step-02:

#ftp 
user:annonymous
password: enter

Step-03:

#vi /etc/hosts.deny
vsftpd: ALL EXCEPT IP/mask
:wq!

Step-04:

#service vsftpd restart
#chkconfig vsftpd on

If login problem

remove anonymous user from below files

#vi /etc/vsftpd/vsftpd.conf
#vi /etc/vsftpd/ftpusers
#vi /etc/vsftpd/user_list

    4. Set cron service such that it can’t be accessable by mike

    Step-01:

#vi /etc/cron.deny
mike
:wq

Step-02:

#service crond restart
#chkconfig crond on
(to check - # grep mike /etc/passwd)

    5. Configure ssh as follows

    natasha has remote access to your machine from with in domain70.example.com.
    client within my133t.org should not have access to ssh on your system

    
Step-01:

#vi /etc/hosts.allow
sshd: 172.24.70.0/255.255.255.0
:wq
Step-02:

#vi /etc/hosts.deny
sshd:172.24.70.0/255.255.0.0
:wq!

Step-03:

#service sshd restart
#chkconfig sshd on
#service iptables restart
#chkconfig iptables on

    6. Export your /archive directory via NFS to the example.com domain only.

    or

    Export Your /common directory via NFS to the domain70.example.com domain only. (linux to linux directory sharing)

    Step-01:

#vi /etc/exports
/common 172.24.70.0/255.255.255.0(rw,sync)
:wq

Step-02:

#service nfs restart
#exportfs
#chkconfig nfs on

    7.Share the /common directory via SMB
    Your SMB server must be a member of STAFF workgroup
    the share’s name must common
    The common share must be available to domain70.example.com clients only.
    The common share must be browseable
    natasha must have read access to the share authenticity with the password porstroll if necessary.

    
Step-01:

#yum install samba*

Step-02:

#vim /etc/samba/smb.conf
Go to 74th line
Workgroup=STAFF
Shift+G
copy last 7 lines using 7yy and p command
Remove ; from all lines and edit like

[common]  ( sharename
comment=public_staff
path=common         (path=
valid users=natasha ( add this line)
public=yes
browseable=yes 
Writable=no ( yes change to no)
Printable=no
:wq

Step-03:

#service smb restart

Step-04:

#smbpasswd -a natasha
New smbpassword:postroll

Step-05:

#vim /etc/hosts.deny
smb: ALL EXCEPT IP/netmask 
:wq!

Step-06:

#chcon -t samba_share_t /common        (/common or share directory)
#ls -dZ /common

Step-07:

#service smb restart
#chkconfig smb on

Step-08:

#smbclient //ip/common -U natasha  (#smbclient //ip/ -U natasha

    * [[samba]]

    8 Implement a web server for the site http://serverx.example.com/ then perform the following steps:
    Download ftp://nstructor.example.com/pub/rhce/station.html
    Rename the download file to index.html
    Copy this index.html to Document root of your web server
    Do Not Make any modifications to the content of index.html

    
Step-01:

#yum install httpd
#service httpd restart

Step-02
:
#cd /var/www/html
#wget ftp://instructor.example.com/pub/rhce/station.html
mv station.html index.html

Step-03:

#vi /etc/httpd/conf/httpd.conf
:set nu
990
remove * and add IP
Virtual host: ip:80
(ifconfig and take ip)
1003 rd line
copy 7 line 7 yy
remove # from all line

document root  /var/www/html
server name serverx.example.com

:wq

Step-04:
#service httpd restart
#chkconfig httpd on

    9. Extend the web server include
    site http://wwwwX.example.com
    Document root /var/www/virtual
    Download ftp://instructor.example.com/pub/rhce/www.html and rename to index.html
    ensure natasha is able to create content in /var/www/virtual provided by server1.domain70.example.com

    Step-01:

#service httpd start

Step-02:

#cd /var/www/
#mkdir virtual
#cd virtual
#wget ftp......
#mv www.html index.html

Step-03:

#vi /etc/httpd/conf/httpd.conf
:set nu 1003
copy 7yy and P

remove # from all line

:80>
Document root /var/www/virtual
Servername wwwwX.example.com
:wq!

Step-04:

#service httpd restart
#chkconfig httpd on

Step-05:

#setfacl -m u:natasha:rwx /var/www/virtual

    10. Create a directory limited on your document root
    download ftp://instructor.example.com/pub/rhce/station.html
    rename the downloaded file to index.html
    copy this index.html file the limited directry
    Make it such that the content of limit can be accessable to the local users only.

    
Step-01:

#cd /var/www/html
#mkdir /limited
#cd limited

Step-02:

#wget ftp://instructor.example.com/pub/rhce/station.html
#mv station.html index.html

Step-03:

#vi /etc/httpd/conf/httpd.conf
1003rd line before closing  type the following

Step-04:


allow,deny
Allow from IP

:wq!

Step-05:

#service httpd restart
#chkconfig httpd on

    11. Export your /archive directory via NFS to the example.com domain only.

    Export Your /common directory via NFS to the domain70.example.com domain only.
    (linux to linux directory sharing)

    Step-01:

#vi /etc/exports
#/common 172.24.70.0/255.255.255.0(rw,sync)
:wq

Step-02:

#service nfs restart
#exportfs
#chkconfig nfs on

    12. configure SMTP mail service according to the following requirements

    Your mail server should accept mail from remote hosts mail delivered paula should spool into default mail spool for paula, /var/spool/paula

    Step-01:
#Yum install postfix*
#chkconfig postfix on
#service postfix restart

Step-02:

#vi /etc/postfix/main.cf
#remove # from 113 th line
#place # on the 116th line

Step-03:

#service postfix restart

    13. Configure an email alias for your MTA such that mail set to admin is received by the local user harry

    Step-01:

#vi /etc/aliases
admin:harry
:wq

Step-02:

#newaliases

    14.Using iscsi, discover and mount a device shared by host.domain70.example.com
    create an iscsi storage device of 1100 MB size
    Download ftp://server1.domain70.example.com/pub/iscsi.txt
    and copy it to the iscsi device
    Mount the device permanently under /mnt/data as ext4 file system

    Step-01:

#iscsiadm -m discovery -t st -p hostname
copy the iqn number line
#iscsiadm -m node  -p hostname
#iscsiadm -m node  -p hostname -l
(if -p error - try with -P)

Step-02:

#fdisk -l
n
p
default
default +1100M
p
w

Step-03:

#partprobe -s /dev/sda                (higher size than  provided, then only we can create partition)

Step-04:

#mkfs.ext4 /dev/sda1
#mkdir /mnt/data

Step-05:

For Permanently Mount:

#vi /etc/fstab
/dev/sda1 /mnt/data ext4 default 0 0
:wq!
#mount -a

Step-06:

#cd /mnt/data
#wget ftp://server1.domain70.example.com/pub/iscsi.txt

    15. Configure kernel such that kernstack value is 1 . kernel line should display the edited string in /proc/cmdline

    Step-01:

#vi /etc/grub.conf
go to the end of kernel line ,after word quiet, put a space and type kernstack=1
:wq!

Step-02:

reboot
#cat /proc/cmdline

    16. Write a script /root/bar.sh such that when we execute /root/bar.sh python it displays perl and when we execute /root/bar.sh perl displays python.
    And when we type some other charactoer, /root/bar.sh Perl/Python is directed to stdeer

    #vi /root/bar.sh

if [ "$a == "Python" ]
then
echo "Perl"
elif [ "$a == "Perl" ]
then
echo "Python'
else
echo "/root/bar.sh /Python/Perl" >> stdeer
if
:wq!
/root/bar.sh
Perl

chmod 755 /root/bar.sh
# /root/bar.sh
dgfdg
#vi /stdeer
Python/Perl

  • linux games

  • Show Hidden Files

    For linux to show hidden files when you type ls command

    Edit ~/.bashrc

    vi /root/.bashrc

    Add line

    alias ls='ls -la --color'

    Save and exit. Now you need to re login to SSH to see the hidden files when you type “ls”

    After editing the file will look like

    [root@194 ~]# cat /root/.bashrc
# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias ls='ls -la --color'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
[root@194 ~]#

  • Create an interworx user from command line

    To create an interworx user from command line, first install CLI tool

    yum install interworx-cli -y

    Now to create a user, run

    nodeworx -u -n -c Users -a add --nickname USER_NAME_HERE --email [email protected] --theme heliotrope --password 'PASSWORD_HERE' --confirm_password 'PASSWORD_HERE' --perms NODEWORXUSER,LANGUAGES,THEMES,SWACCOUNTS,SHELLUSERS,PACKAGES,LOGIN,BRESTORE,IMPORT,RESELLER,APACHE,EMAIL,FTP,MYSQL,DNS,SSH,APIKEY,CRON,IPS,FIREWALL,UPDATES,GRAPHS,NFS,CLUSTERING,SETTINGS,IWORXLOGS,PHPMYADMIN,PLUGINS,SSL,REMOTEASSIST

    In above command, replace following

    USER_NAME_HERE
    [email protected]
    PASSWORD_HERE repated 2 times.

    See interworx

  • Systemctl Start a Service on Boot

    To enable a service on boot, run

    systemctl enable SERVICE_NAME

    systemctl start service on boot

    To disable a service from starting on boot, run

    systemctl disable SERVICE_NAME

    See systemctl

  • Prometheus init script for CentOS 6

    Create init file.

    touch /etc/rc.d/init.d/prometheus
chmod 755 /etc/rc.d/init.d/prometheus
vi /etc/rc.d/init.d/prometheus

    Add following

    #!/bin/bash
#
# /etc/rc.d/init.d/prometheus
#
# Prometheus monitoring server
#
#  chkconfig: 2345 20 80 Read
#  description: Prometheus monitoring server
#  processname: prometheus

# Source function library.
. /etc/rc.d/init.d/functions

PROGNAME=prometheus
PROG=/usr/hostonnet/prometheus/$PROGNAME
USER=prometheus
LOGFILE=/var/log/prometheus.log
DATADIR=/usr/hostonnet/prometheus/data
LOCKFILE=/var/run/$PROGNAME.pid
CONFIG_FILE=/usr/hostonnet/prometheus/prometheus.yml
ALERT_MGR_URL=localhost:9093

start() {
    echo -n "Starting $PROGNAME: "
    cd /usr/hostonnet/prometheus/
    #daemon --user $USER --pidfile="$LOCKFILE" "$PROG -config.file $CONFIG_FILE -storage.local.path $DATADIR -alertmanager.url $ALERT_MGR_URL &>$LOGFILE &"
    daemon --user $USER --pidfile="$LOCKFILE" "$PROG -config.file $CONFIG_FILE -storage.local.path $DATADIR &>$LOGFILE &"
    echo $(pidofproc $PROGNAME) >$LOCKFILE
    echo
}

stop() {
    echo -n "Shutting down $PROGNAME: "
    killproc $PROGNAME
    rm -f $LOCKFILE
    echo
}


case "$1" in
    start)
    start
    ;;
    stop)
    stop
    ;;
    status)
    status $PROGNAME
    ;;
    restart)
    stop
    start
    ;;
    reload)
    echo "Sending SIGHUP to $PROGNAME"
    kill -SIGHUP $(pidofproc $PROGNAME)
    ;;
    *)
        echo "Usage: service prometheus {start|stop|status|reload|restart}"
        exit 1
    ;;
esac

    Create User For Prometheus

    groupadd -r prometheus
useradd -r -g prometheus -s /sbin/nologin -d /usr/hostonnet/prometheus/ -c "prometheus Daemons" prometheus
chown -R prometheus:prometheus /usr/hostonnet/prometheus/
chown prometheus:prometheus /var/log/prometheus.log

    Run prometheus on Boot

    chkconfig --add prometheus
chkconfig prometheus on

    Verify it is enabled 

    [root@backup ~]# chkconfig --list | grep prome
prometheus     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@backup ~]#

    “3:on” will start prometheus on run level 3, that is normal boot.

    Start Prometheus 

    [root@backup ~]# service prometheus start
Starting prometheus:                                       [  OK  ]
[root@backup ~]#

    See Monitor Server with Prometheus and Grafana

  • Install CSF Firewall

    For non cpanel server, install perl modules

    yum install -y perl perl-libwww-perl perl-Time-HiRes unzip bind-utils

    On Ubuntu

    apt-get install libwww-perl

    Once we have requirments installed, install csf with

    cd /usr/local/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

    sed -i "s/RESTRICT_SYSLOG = \"0\"/RESTRICT_SYSLOG = \"1\"/g" /etc/csf/csf.conf

    See csf