To check disk quota for a Linux user, run
quota -svu USERNAME_HERE
Sample
[root@shaft ~]# quota -svu informatiqc
Disk quotas for user informatiqc (uid 1000):
Filesystem space quota limit grace files quota limit grace
/dev/md3 382M 0K 0K 9116 0 0
[root@shaft ~]#
Nmap is a network exploration and security auditing tool. It can be used to identify hosts and services on a network, as well as security issues. Nmap can be used to scan for vulnerable open ports on systems.
To identify Operating System on a remote server or computer, you can use the command
sudo nmap -O REMOTE_COMPUTER_IP
Example
boby@sok-01:~$ sudo nmap -O ok.serverok.in Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-18 03:03 IST Nmap scan report for ok.serverok.in (51.38.246.115) Host is up (0.18s latency). rDNS record for 51.38.246.115: ok Not shown: 984 closed ports PORT STATE SERVICE 23/tcp filtered telnet 25/tcp filtered smtp 80/tcp open http 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 443/tcp open https 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 1900/tcp filtered upnp 2323/tcp filtered 3d-nfsd 3005/tcp filtered deslogin 3333/tcp open dec-notes 5555/tcp filtered freeciv 10001/tcp open scp-config 50002/tcp filtered iiimsf 52869/tcp filtered unknown Aggressive OS guesses: HP P2000 G3 NAS device (90%), Linux 2.6.32 (89%), Linux 2.6.32 - 3.1 (89%), Ubiquiti AirOS 5.5.9 (89%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.0 - 3.2 (88%), Infomir MAG-250 set-top box (88%), Linux 3.7 (88%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 18 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 10.94 seconds boby@sok-01:~$
See nmap
To install Terraform on Ubuntu, run
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo apt update && sudo apt install terraform
For instructions on other Linux distributions, see
One of the advantages of the Debian operating system is easy to upgrade to the newer version.
Login to your Debian 10 server using SSH or console. Install all available software updates with the command
apt update && apt upgrade -yRemove any unused packages
apt autoremoveMake a backup of the file
cp /etc/apt/sources.list ~/Edit the file /etc/apt/sources.list
In the file, change all “buster” entries to “bullseye”. You can do this manually or using sed command
sed -i 's/buster/bullseye/g' /etc/apt/sources.listUpdate repository cache with
apt updateUpgrade software with
apt upgradeDo a full-upgrade with
apt full-upgradeNow reboot system
rebootAfter reboot, you need to make sure all services running properly, there is a chance some services won’t work as expected, in that case, you need to debug and fix i.
See Debian
After migrating websites to a new server, you need to point domains to the new server by changing the name server or editing DNS. DNS propagation can take a few hours, during this time visitors to the website still see the website from the OLD server IP. If visitor signup or make a purchase on the OLD server after the migration, this data will be lost. To avoid this, you can use iptables to forward all traffic to the new server IP address.
The following steps need to be done on the OLD server. First, enable IP forwarding
vi /etc/sysctl.conf
Add
net.ipv4.ip_forward=1
Make it active with command
sysctl -p
If you only needed for the current session, you can run the command
echo 1 > /proc/sys/net/ipv4/ip_forward
For forwarding all incoming traffic on Port 80 and 443 to the new server IP, use
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination NEW_SERVER_IP_HERE:80 iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination NEW_SERVER_IP_HERE:443 iptables -t nat -A POSTROUTING -j MASQUERADE
NEW_SERVER_IP_HERE = replace with IP address of the new server.
Now any traffic coming to the OLD server on ports 80 and 443 will be forwarded to the new server IP address. If you need to forward any port, just duplicate the command and change the port number as required.
If you want to remove the rules, you can flush iptables NAT rules with
iptables -t nat -F
To View iptables NAT rules
iptables -t nat -L
To make the iptables rules permanent on RHEL based Linux, run
iptables-save > /etc/sysconfig/iptables
To restore iptabes
iptables-restore < /etc/sysconfig/iptables
See iptables
To sort the result of “du -h” command, you can use
du -h --max-depth=1 | sort -h
If you want to list files in current files also, you can use
du -ah --max-depth=1 | sort -h
If you want to display files in KB, you can use
du -k --max-depth=1 | sort -n
Back to Disk Usage
By default SSH service runs on port 22. Running SSH service on port 22 is not secure as it can become an easy target for attackers who are scanning the network for open ports. By changing the default port, you can make it more difficult for attackers to find and exploit the SSH service.
To change SSH port, edit file
vi /etc/ssh/sshd_config
In the file, find the line
Port 22
Change 22 to whatever port number you want. It is better to use a higher port number so it will be difficult for hackers to find.
Restart SSH service
On Debian/Ubuntu
systemctl restart ssh
On RHEL-based Linux (AlmaLinux, RockeyLinux, Oracle Linux, CentOS)
systemctl restart sshd
If you have a firewall, make sure you open the new port in the firewall.
See ssh
Recently I upgraded a VestaCP server running on an Amazon Lightsail server. Upgrade resulted in a change of the internal IP address of the server, this made site hosted on the server stop working. To fix the problem, I run the command
/usr/local/vesta/bin/v-update-sys-ip NEW_IP_HERE
NEW_IP_HERE – replace with actual IP. If your server is behind NAT like Amazon lighsail/ec2, use the internal IP address instead of the public IP address.
Example
/usr/local/vesta/bin/v-update-sys-ip 172.26.8.137
Now you need to restart the web server
systemctl restart apache2 systemctl restart nginx systemctl restart vesta
Back to VestaCP
Squid proxy server runs on port 3128 by default. Changing squid proxy server port to a non-standard port is a good idea as it will protect your proxy server from abusers and hackers.
You can use the sed command to replace the port number
sudo sed -i 's/^http_port.*$/http_port NEW_PORT_HERE/g' /etc/squid/squid.confIn the above command, replace NEW_PORT_HERE with the port number you need.
For example, to run squid proxy on port 5555, run
sudo sed -i 's/^http_port.*$/http_port 5555/g' /etc/squid/squid.confNow restart Squid Proxy server
sudo systemctl restart squidIf you have a firewall, you will need to open the port in the firewall.
Edit Squid configuration file with vi or nano editor.
sudo vi /etc/squid/squid.confIn the file, find http_port, it should look like
http_port 3128Change 3128 to whatever port number you like. Save and exit the editor.
Restart the Squid Proxy server with the command
sudo systemctl restart squidIf you have a firewall, you need to open the port in the firewall.
CentOS/AlmaLinux/RHEL
If you are using firewalld, you can use the command
sudo firewall-cmd --permanent --zone=public --add-port=8000/tcp
sudo firewall-cmd --reloadReplace 8000 with your squid proxy port.
Back to Squid Proxy Installer
When compiling a software from source I get error
checking mysql/mysql.h usability... no checking mysql/mysql.h presence... no checking for mysql/mysql.h... no configure: error: "mysql headers missing."
On Debian 10, fixed it by installing package default-libmysqlclient-dev
apt install -y default-libmysqlclient-dev
See Errors
When I create Vagrant virtual machine with private networking, I can’t ping to IP address of the VM. The only way to connect the VM is by using the “vagrant ssh” command.
In my Vagrantfile, I had
Vagrant.configure("2") do |config|
config.vm.box = "bento/ubuntu-20.04"
config.vm.network "private_network", ip: "192.168.56.4"
end
To fix the problem, first verify you have vboxnet0 network interface with the command
ip link
If the state of the vboxnet0 network interface is DOWN, make it UP with the command
sudo ip link set vboxnet0 up
Go to VirtualBox > File > Host Network Manager or press CTRL + H
Verify vboxnet0 is set properly. You can delete it and create it again using “Host Network Manager”, which will fix any problem with the network.
Make sure the IP you specify in Vagrantfile is in the same range set for the vboxnet0 interface in VirtualBox Host Network manager.
To add a PPA repository using Ansible, use
- name: add ppa
apt_repository:
validate_certs: no
repo: 'ppa:ondrej/php'
state: present
Example
---
- hosts: web
user: root
tasks:
- name: update system
apt:
update_cache: yes
cache_valid_time: 3600
- name: add ppa
apt_repository:
validate_certs: no
repo: 'ppa:ondrej/php'
state: present
- name: inatall php
apt:
pkg:
- php8.1-bcmath
- php8.1-cli
- php8.1-common
- php8.1-curl
- php8.1-gd
- php8.1-imap
- php8.1-intl
- php8.1-mbstring
- php8.1-mysql
- php8.1-readline
- php8.1-soap
- php8.1-xml
- php8.1-xmlrpc
- php8.1-zip
- php8.1-imagick
- composer
- ImageMagick