Basic linux commands without ads

LINUX.md

Linux commands

Notes:

• change or anything with <...> with the values you want

Users

Create a user

Use:

• sudo useradd <username>: low level utility
• sudo adduser <username>: user friendly script

Delete user

Use:

• sudo userdel <username>: low level utility
• sudo deluser --remove-home <username>: user friendly script that removes also the home directory of the user

Groups

Create group: sudo groupadd <groupname>

Add a user to groups

• sudoers: sudo usermod -aG sudo <username>
• other groups with logged in username: sudo usermod -aG <groupname> $USER, where $USER is the logged in username (check with echo $USER)

File/Folders Permissions and Ownership

UFW Firewall

UFW for Uncomplicated FireWall

• Installation: sudo apt install ufw
• Enable: sudo ufw enable
• Disable: sudo ufw disable
• Status: sudo ufw status
• Verbose Status: sudo ufw status verbose - for checking also default rules
• Allow port rule: sudo ufw allow 7822
• Delete rule:
  • sudo ufw status numbered Get the rule numbered
  • sudo ufw delete 2 Delete rule #2
• Check logs: sudo dmesg | grep '\[UFW'

Programs/Libs

• nano: sudo apt install nano

SSH server

Installation

• sudo apt update
• sudo apt install openssh-server

Operating

• start|stop|restart|status: sudo systemctl start|stop|restart|status ssh

Configuration

Keep the original:

• sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
• sudo chmod a-w /etc/ssh/sshd_config.original
• Check configuration: sudo sshd -t -f /etc/ssh/sshd_config

Some option I configure in ssh_config

• Change the standard port from 22 to something else: Port 6622
• Pubkey authentication

PubkeyAuthentication yes
AuthorizedKeysFile      /etc/ssh/%u/authorized_keys .ssh/authorized_keys
AllowUsers <username1> <username2>
PasswordAuthentication no 

• Issue.net: Banner /etc/issue.net

where I add:

********************************************************************
*                                                                  *
* This system is for the use of authorized users only.  Usage of   *
* this system may be monitored and recorded by system personnel.   *
*                                                                  *
* Anyone using this system expressly consents to such monitoring   *
* and is advised that if such monitoring reveals possible          *
* evidence of criminal activity, system personnel may provide the  *
* evidence from such monitoring to law enforcement officials.      *
*                                                                  *
********************************************************************

Then

• test: sudo sshd -t -f /etc/ssh/sshd_config
• and restart: sudo systemctl restart sshd.service

Docker

Use the official guide and post installation steps

For docker-compose: https://docs.docker.com/compose/install/

• sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose (check the version for newer versions)
• sudo chmod +x /usr/local/bin/docker-compose
• docker-compose --version
• sudo curl -L https://raw.githubusercontent.com/docker/compose/1.28.5/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose (bash completion)

Respecting UFW

From https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/

Fortunately, there's a way to fix this. Go back to the terminal on your Docker server and issue the command sudo nano /etc/default/docker and add the following line: DOCKER_OPTS="--iptables=false" Save and close that file. Restart the docker daemon with the command sudo systemctl restart docker. Now, when you deploy a container, it will no longer alter iptables and will honor UFW.

Networking

• What is my IP?: ip a

Info/Monitoring

• CPU info: cat /proc/cpuinfo
• Number of processors: cat /proc/cpuinfo | grep processor
• Memory info: free -m
• Disk info: df -h for human readable sizes

Processes

TODO

Grep

TODO

Auditing

• who has logged in: last