linux

# Handy Linux Commands I never want to forget ;)

# add your user to the suduers file
username ALL=(ALL) NOPASSWD:ALL

# Set the root user password for mysql, this allows logging in with no password
mysqladmin -u root -proot password ''

# Create the letsencrypt (certbot) test environment
cd letsencrypt
./letsencrypt-auto-source/letsencrypt-auto --os-packages-only
./tools/venv.sh # this will create your virtual environment and make the `certbot` command available
source ./venv/bin/activate

# For testing boulder, allows running without root and points at boulder install
source ./tests/integration/_common.sh

# testing boulder
node test.js --email [email protected] --agree true --domains benileo.com --challType dns-01

# Two ways to get status of a systemd service
systemctl status gistbot.service
journalctl -u gistbot.service

# Run all go tests in boulder
go test -p 1 $(go list ./... | grep -v /vendor/)

# All arguments to a bash function
$@ or "$@"

# Apt-get Dry run
apt-get install somepackage --dry-run
apt-cache policy nmap # get info on a package and sources

# install go
GO_VERSION=1.6.3; wget "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" -O go${GO_VERSION}.linux-amd64.tar.gz \
  && sudo tar -C /usr/local -xvf go${GO_VERSION}.linux-amd64.tar.gz \
  && rm go${GO_VERSION}.linux-amd64.tar.gz

# fix hibernate issue on ubuntu 16,04
sudo systemctl restart NetworkManager

# check the inode max watch
cat /proc/sys/fs/inotify/max_user_watches
# add fs.inotify.max_user_watches = 12334 to /etc/sysctl.conf

# trace a dns query
dig +trace suitshare.com

# some go vendoring
# install govendor
govendor init
govendor sync # this will pull from the vendor.json file.

# just found nmcli!
nmcli device wifi list
nmcli device show wlp3s0
nmcli connection show
nmcli connection edit [Name of connection] # This takes you to an interactive editory
nmcli connection modify Linksys08052 ipv4.ignore-auto-dns yes # Ignore auto dns (this can be done using the command above interactively)

# netstat tcp/udp listening processes numeric (root used to see root processes)
sudo netstat -tulpn

# apparently NetworkManager stores connection and their PSK's in plaintext here:
/etc/NetworkManager/system-connections

# Ubuntu, by default runs it's own instance of DNSMasq managed by the NetworkManager
# comment it out /etc/NetworkManager/NetworkManager.conf

# For installing php myadmin https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-16-04
# then this https://stackoverflow.com/questions/5908752/can-anyone-confirm-that-phpmyadmin-allownopassword-works-with-mysql-databases

# Delve Debugger
# Could not attach to pid 31017: set /proc/sys/kernel/yama/ptrace_scope to 0
# https://www.kernel.org/doc/Documentation/security/Yama.txt, you will need to set that to 0 in order to attach to a running process.
# add -gcflags="-N -l for better debugging
# dlv debug will build it for you
# dlv exec will run the binary directly (dlv exex is probably the one you want, just make sure to compile with the proper commands)
# the other issue now

# the type command is cool
type nginx
type ls

# ps to get processes of a user
ps -U jammin
pgrep spin # to get the PID of a binary, this is really useful!

# upgrading openssl
# download and extract the tarball
sudo ./config
sudo make depend
sudo make
sudo make install
# this will put the binary in /usr/local/bin/openssl

# nodejs
sudo add-apt-repository ppa:chris-lea/node.js
sudo apt-get update
sudo apt-get install nodejs
sudo ln -fs /usr/bin/nodejs /usr/bin/node

#phantomjs
#use npm install phantomjs-prebuilt
wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
sudo ln -s $(pwd)/phantomjs /usr/bin/phantomjs #after changing to bin directory of extracted tarball.

#wordpress ubuntu 14.04 (docker image!?)
# https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04
# https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04

#hexdump
hexdump -C ben.bin # where ben.bin is  a b64 encoded

# ssh forwarding
ssh user@hostname -L localport:host:hostport -N & # Forward all connections to given host:hostport, that is where the connection is made
mysql -u username -ppassword -h 127.0.0.1 -P localport dbname -A # -A speeds things up.

# docker compose
curl -L https://github.com/docker/compose/releases/download/1.7.1/docker-compose-`uname -s`-`uname -m` > docker-compose
sudo mv docker-compose /usr/local/bin/
sudo chown root:root /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

# docker in boulder
docker compose up
docker compose rm [service-name] # to remove and recreate database etc.

# ubuntu app dev
sudo apt update && sudo apt install ubuntu-sdk
sudo add-apt-repository ppa:ubuntu-sdk-team/ppa

# change all files or directories permissions
find /path/to/base/dir -type f -exec chmod 644 {} +
find /path/to/base/dir -type d -exec chmod 755 {} +

# get the users in a group
getent group docker

# AWS ubuntu
# set hostname
# install make/haproxy
# for each site that you want to install you have to
# add a few lines to the haproxy on the exposed ports
# of 80 and 443 which will be mapped to ephemeral ports
# on the host. You will also need to create an ssh
# alias for each git repo, and add an entry to the
# .ssh/config file. this will involve running ssh-keygen
# You will also need to add a deploy key
# it would be very nice if a lot of this stuff could be
# automated, but it will work for now.
# gotcha! make sure to restart haproxy before restart

# There is bug Ubuntu 16.04 kernel to do with memory paging
sudo cp /lib/udev/rules.d/40-vm-hotadd.rules /etc/udev/rules.d/40-vm-hotadd.rules
# comment out line 2  (ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply")
sudo reboot

# In order to enable docker deployments in pycharm you 
# need to make the docker daemon open up on a tcp port
# I will add the article and the cmds that helped me 
# do this.

# run a python https server
python -m SimpleHTTPServer 8000

# bash tricks
ctrl-u clears a line!

# git remove all remote branches that have been deleted
git remote prune origin

# man page looking for a string
/where are you

# to mount a network shared volume
sudo apt-get install nfs-common
# add the next line to fstab
[remote host]:[remote path] [local path] nfs rsize=8192,wsize=8192,timeo=14,intr

# systemd service files are found
/usr/lib/systemd/
/lib/systemd/
/etc/systemd/

# gets you the full path of a file
readlink -f filepath.txt

# scan for mac addresses
sudo nmap --send-ip -sP 10.10.10.0/24

# view info on a cert
openssl x509 -text -in vpn.alltree.ca.cert

# make sure this is not lts 
sudo vim /etc/update-manager/release-upgrades

# make a new user
sudo useradd -m -s /bin/bash keila
sudo deluser --remove-home ubuntu
# copy in .ssh folder
# make sure the ssh folder is owned by the user. 

# aws new ebs volume
lsblk
# check if fs
sudo file -s /dev/xvdb
# will just get data if not
sudo mkfs -t ext4 /dev/xvdb
# create mount point and add
/dev/xvdb	/mnt/magnetic	ext4	defaults,nofail		0 2
# to fstab

# to get UUID of hard drive
sudo blkid

# that is a beauty!
sudo chown --from=1002 -R jammin:jammin .

# run haproxy in docker!!!
docker run -d --restart always --name haproxy --net host -v /home/jammin/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy:1.6

# import hashicrop public key
curl https://keybase.io/hashicorp/pgp_keys.asc | gpg --import

# listing all groups
cat /etc/group

# ntp
sudo service ntp stop; sudo ntpdate -s 3.ca.pool.ntp.org; sudo service ntp start

# disk usage of dirs
sudo du -ch -d 1
sudo du -chx -d 1
# add the -x 

# zcat
# zless

# apt to hold a package
apt-mark hold package-name

# get key fingerprint of host
ssh-keyscan -p 22 ben.com,1.253.111.106

# get ssl ciphers
nmap --script ssl-enum-ciphers deb.nodesource.com

# see if a port is open
nc -zv -w 4 10.50.10.121 22

# merge a bunch of commits as a single commit!
git merge --squash <branch-name>

# tar for backup create an exlcude file
du -cxhd1 . 2> /dev/null | grep 'G' | sort -nr | awk '{ if (NR=1) {print $2} }'

# docker install
sudo apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo 'deb http://apt.dockerproject.org/repo ubuntu-yakkety main' | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update
sudo apt-get install -y --no-install-recommends     linux-image-extra-$(uname -r)     linux-image-extra-virtual
sudo mkdir -p /etc/docker
sudo vim /etc/docker/daemon.json # choose storage driver
sudo apt-get install -V docker-engine
sudo usermod -aG docker "$(id -un)"
sudo reboot

# swap
sudo fallocate -l 2G /mnt/swap
sudo chmod 600 /mnt/swap 
sudo mkswap /mnt/swap 
sudo swapon /mnt/swap
# add to fstab


# cloud-init to set the hostname
#cloud-config
fqdn: ben
manage_etc_hosts: localhost

# enable persistant storage of journalctl
mkdir -p /var/log/journal

# docker get container memory usage
docker stats --format "{{.Name}}\t {{.MemUsage}}\t{{.MemPerc}}" --no-stream
docker stats $(docker ps --format "{{.Names}}")  # even better

# disable auto update and upgrade
sudo systemctl disable apt-daily.timer
Removed /etc/systemd/system/timers.target.wants/apt-daily.timer.
sudo systemctl disable apt-daily.service

# diff folders
diff --exclude=*autoremove* -bur /etc/apt/ /home/jammin/apt/

# get pid of container
docker inspect <name> --format "{{.State.Pid}}"

# enter a container and run some iptables
# http://stackoverflow.com/questions/30467223/leverage-iptables-to-drop-packets-between-docker-containers
sudo nsenter -t <pid> --net iptables -A INPUT -s 172.17.0.4 -j DROP

# get docker events in the last hour
# check the data +s command
docker system events --since $(($(date +%s)-3600))

# create a patch file
git format-patch origin/master --stdout > file.patch
# apply the patch
git apply --check file.patch
git am --signoff < file.patch

# pin docker version on ubuntu
echo -e "Package: docker-engine\nPin: version 1.13.0-0~ubuntu-trusty\nPin-Priority: 999" | sudo tee /etc/apt/preferences.d/docker-engine

# allocate a huge file
fallocate -l 8192M 8GB.tmp

# jump into python debugger on fail
python -m pdb script.py

# generate a random b64 encoded password using openssl
openssl rand -base64 20
python -c "import secrets; print secret.url_safe(32)"

# sed only certain numbers in a file
sed -n '22600,25000p' current

# get links to open properly in chrome
vim $HOME/.local/share/applications/google-chrome.desktop
Exec=/opt/google/chrome/chrome %U

# convert a private key from pem to der format
openssl rsa -inform PEM -outform DER -in key -out key.der
# then base64 encode it
>>> import base64
>>> with open('bentest.der', 'rb') as fd:
...   base64.b64encode(fd.read())
...

# cloud init order
https://git.launchpad.net/cloud-init/tree/config/cloud.cfg

# sound issue ubuntu
# add
options snd-hda-intel model=laptop
to /etc/modprobe.d/alsa-base.
# sometimes just running
alsactl restore
#works
# also try running alsamixer from the command line
# headphones were MM (muted) hit M to unmute

# local alpine server
/usr/bin/ssh -o PubkeyAuthentication=no [email protected]

# grep only file name
grep -lri 'some text'

# list kernal modules loaded
cat /proc/modules
proper way:
ll /sys/module/
# proc is not really supposed to be used for this, backwards compat

# exclude directory and binary files (grepping Linux source control repo)
grep -riIl --exclude-dir=Documentation 'sysfs'

# get tags from a docker repository 
export REPOSITORY=debian; curl -sL "https://registry.hub.docker.com/v2/repositories/library/$REPOSITORY/tags/" | jq '."results"[]["name"]' | sort

# packaging
list all packages
dpkg-query -l