covelus · March 29, 2020 10:24
diff --git a/GNU_Linux_main_config_files_and_commands.sh b/GNU_Linux_main_config_files_and_commands.sh
 # --------------------- PACKAGE MANAGEMENT --------------------- 
 # DPKG
 $ dpkg -S /etc/file.conf # what package this file belongs to
 $ dpkg -L <package> # package info (inc. files it contains)
 $ dpkg -V <package> # verify
 $ dpkg -r  <package> # remove
 # APT (apt = apt-get)
 $ apt [-u] upgrade # -u show upgraded
 $ sudo apt autoremove
 $ sudo apt-get clean # will save space
 $ sudo apt-get remove <package>
 $ sudo apt-get --purge remove <package> # remove pkg + config
 $ apt-cache search <package-name>
 $ apt-cache search -n <installed-package-name> #installed and available
 $ apt-cache show <package>
 $ apt-cache [r]depends bash # normal and Reverse dependencies
 $ apt-cache search metapackage

 # --------------------- Standard CONFIG files --------------------- 
 RHEL 6:  /etc/sysconfig/
 Debian:   /etc/default/
 SuSE/RHEL 7: both

 # --------------------- GRUB 2 --------------------- 
  /boot/grub[2]/grub.cfg #edit through:
  /etc/default/grub
  $ update-grub
  /etc/grub.d/

 # --------------------- INIT: SysVinit --------------------- 
 /etc/inittab
 $ runlevel
 $ telinit <num>
 /etc/rc.d/[rc<num>.d/]
 rc.local
 $ chkconfig
 $ service [<name> [status | ... ] | --status-all]
 # Debian/Ubuntu: 
  # apt install sysvinit-utils chkconfig
  # sudo status <name>


 # --------------------- INIT: Systemd --------------------- 
 Ex:
 /etc/hostname
 /etc/vconsole.conf
 /etc/sysctl.d/*.conf
 /etc/os-release
 $ systemctl
 $ systemctl list-units -t service [--all]
 $ sudo systemctl [ daemon-reload | [start | stop | enable | disable is-enabled] <serv-name>.service]

 # FS: BOOT
 /boot/
 - vmlinuz
 - initramfs
 - config
 - System.map

 # FS: pseudo-fs's
 /dev
 /proc
 /sys #sysfs
 [/tmp, /run]


 # --------------------- Kernel MODULES --------------------- 
 /lib/modules/$(uname -r)
 /sys/module/<module-name>[/parameters]
 /etc/modprobe.d/

 # --------------------- Devices & UDEV --------------------- 
 $ mknod [-m mode] /dev/<name> <type> <major> <minor>
 /dev/
 # udev: libudev, udevd, udevadm
 /etc/udev/udev.conf
 /etc/udev/rules.d/<rulename>.rules

 # --------------------- STORAGE/part --------------------- 
 #0.- boot code: , 446 Bi
 #1..3.- part i: 16 Bi
 #4.- part 4: 16 Bi, 0x55AA
 $ fdisk
 $ mkfs.ext4 /dev/...
 $ blkid /dev/...
 $ lsblk -i
 $ dd if=... of=... bs=... count=...
 $ partprobe -s # with summary. Not until restarting
   # partprobe informs OS of partition table changes
 $ cat /proc/partitions

 # --------------------- FILESYSTEMS --------------------- 
 /proc/filesystems
 $ sudo mount [-t <fs>] [[<dev>|UUID=|-U ]<uuid>] [[LABEL=|-L ]<label>] </mount-point>
 $ sudo mount -o  remount,ro </mount-point>
 $ umount [dev | mount-point]
 /etc/fstab
   #    <device>        <dir>                <type>    <options>       <dump> <fsck>
   # /dev/sda11    /mnt/tempdir    ext4        defaults                  1 2
 $ lsattr <filename>
 $ chattr [+|-|=mode] <filename>
   # i Immutable, also, no hard links
   # a Append-only
   # d Do-dump, ignored when 'dump' runs
   # A: no-Atime
 $ ln [-s] <file> <new_link> #  link: hard (pointing inode in same FS) or, with -s, soft (if you move original,  you lose the reference, but works accross FS's)
 /sbin/mkfs*
 $ sudo mkfs -t <fs> <dev>
 $ sudo mkfs.<fs> <dev>
 /sbin/fsck*
 $ sudo fsck -t <fs> [options] <dev>
 $ sudo fsck.<fs> <dev>
 $ sudo touch /forcefsck; sudo reboot
 $ e4defrag
 $ dumpe2fs # show Ext FS info
 $ tune2fs
  $ tune2fs -c 30 <fs> # sets max count in 30
  $ tune2fs -i 3w # Sets interval between checks to 3w
 
 # Quota
 $ quota
 /etc/fstab:
    /dev/sda11     /mnt/tempdir ext4 usrquota      1 2
  $ sudo mount -o remount /mnt/tempdir
  $ sudo quotacheck -u /mnt/tempdir
  $ sudo quotaon -u /mnt/tempdir
  $ sudo chown student.student /mnt/tempdir # optional
  $ sudo edquota -u student


 # TMPFS:
  $ df -Th /dev/shm/ # -T type
  $ sudo mount -t tmpfs none /mnt/tmpfs # creates a tmpfs, also:
  $ sudo mount -t tmpfs -o size=1G none /mnt/tmpfs

 # FS Loop Mechanism:
  # setup, method 1
   $ sudo mount -o loop imagefile mntpoint/
  # setup, method 2:
   $ sudo losetup /dev/loop2 imagefile
   $ sudo mount /dev/loop2 mntpoint
   $ sudo umount mntpoint
   
 $ sudo losetup -d /dev/loop2

 /proc/swaps
 $ free -o

 # --------------------- PROCESES # --------------------- 
 # ID = 1 --> init
 /proc/sys/kernel/pid_max
 $ ulimit [-a | -n 1600] #process limits & 1 example
 # SystemV IPC:
  # 1.- shared memory segments
  # 2.- semaphores
  # 3.- message queues
  $ ipcs # SystemV IPC activity
  $ ipcs -p # proceses that created them
  
 $ ps -elf #procesos kernel
 # fork vs exec
 #Modif valor nice:
  $ nice
   $ nice -n 10 bash # enter in a new bash with priority 10
  /etc/security/limits.conf # allow users to reduce niceness
  $ renice [+|- <num>] <pid> # establece a prio en ±num, non suma ou resta
  $ renice 15 -p <pid>
  Shared libraries:
  $ ldd /.../<bin-file> # shared libs required by this process
  /usr/lib64/*.so*
  $ ldconfig
  /etc/ld.so.conf # used by ldconfig

 # --------------------- SIGNALS --------------------- 
 $ kill [-l | [- signal] <pid>]
 $ killall 
 $ pkill [-signal] [options] [pattern]

 # --------------------- SYSTEM MONITORING --------------------- 
 $

 # --------------------- USERS --------------------- 
 $ useradd [-s <shell>] [-m] [-k <skels>] [-c "Name Surname"] <username>
 /etc/skel
 /etc/login.defs
 /etc/passwd # 644
  /etc/shadow # 400
  pam_cracklib
  /etc/nologin.txt
 $ userdel <u>
 $ usermod [-L] <u>
 $ chage -E <date> <u>
 $ chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] [-l] <u>
 $ chage -d 0 <u>
 $ bash -r # or rbash, restricted shell

 # Root remote login
 /etc/securetty #& associated module pam_securetty.so
 /etc/ssh/sshd_config

 # SSH:
 $ 
 
 # --------------------- GROUPS --------------------- 
 /etc/group
 /etc/gshadow
 $ groupadd
 # e.g: groupadd -r -g 215 staff
 $ groupmod
 # e.g: groupmod -g 101 blah
 $ groupdel <groupname>
 $ usermod -G <groups> <user> # max 15
 # e.g: usermod -G user1, group1, group2 user1
 /etc/profiles # umask

 # --------------------- FILE PERMISSIONS --------------------- 

 $ chmod
 $ chown [-R] <user>[:group] <file>
 $ chgrp

 $ umask [number]
 # default permissions at creation: 0666 files, 0777 directories, but just before applying umask (0002):
  # (0666 | 0777) & ~0002 = (0664 | 0775)

 # --------------------- ACLs --------------------- 
 $ getfacl [file|dir]
 $ setfacl [ops] [permissions] [file | dir]
 $ setfacl -m u: username:rx /home/u/fl1

 # --------------------- PAM --------------------- 
 # config files
   /etc/pam.d/
   # type control mod-path mod-args
     # type: auth, account, password, sessio n
     # auth: required, requisite, optional, sufficient, include, substack
 # libpam*
   /lib/security
   /lib/x86_64-linux-gnu
   /lib64/security
 # Apps must be individually configured individually in a file in /etc/pam.d

 # --------------------- LDAP --------------------- 
 # config files:
   /etc/openldap/ldap.conf 
   /etc/pam_ldap.conf 
   /etc/nslcd.conf 
   /etc/sssd/sssd.conf 
   /etc/nsswitch.conf
 # Uses PAM + system-config-authentication | autoconf-tui
 $ system-config-authentication
 $ autoconf-tui

 # --------------------- BACKUPS --------------------- 
 $ cpio
  # $ ls | cpio --create -O /dev/st0
  #$ cpio -t -I /dev/st0

 $ tar
  # tar -cvf <destination> /root
  # tar -cMf <destination> /root # M = multiple volumes
  # tar --compare --vervose --file /dev/st0
  # tar --list --file <destination>
  # tar xvf /dev/st0 somefile
  # tar --extract --same-permissions --verbose --file /dev/st0

 #BZIP2, GZIP, XZ...
  $ tar zcvf file.tar.gz source
  $ tar jcvf  file.tar.bz2 source
  $ tar Jcvf  file.tar.xz source
  $ tar x[zjJ]vf file.tar...
  $ dd if=in-file  of=out-file [options]
  $ rsync [ops] src dest
  $ sudo dump -0uf /tmp/backup /boot #level 0 backup, uncompress with restore
  $ sudo restore -rfv /tmp/backup
  $ tar xvf  file.tar...
 
 SYSTEM MONITORING
 #/proc & /sys pseudo-fs's
 /proc/sys/
 ‎  abi/  #binary app info, not very used
 ‎  debug/  
 ‎  dev/  #devices
 ‎  fs/  
 ‎  kernel/  
 ‎       threads-max
 ‎‎       ‎  # sudo bash -c 'echo 10000 > /proc/sys/kernel/threads-max'
 ‎ ‎‎       ‎   # sudo sysctl kernel.threads-max=10000
 ‎  net/  
 ‎  vm/  
 # process & load
 # procps package
  $ top
  $ uptime
  $ ps
     # -A or-e  Select all processes
     # -N Negate selection (means do the opposite)
     # -C Select by command name
     # -G Select by real group ID (also supports names)
     # -U Select by real user ID (also supports names)
   $ ps -o pid,pri,ni,cmd
   $  ps -C <command> -o pid,cmd,pri,ni,stat   # info & status of process
 # psmiscs/pstree package
  $ pstree
 # systat package
  $ mpstat # multi-processor status (usage)
  $ iostat # CPU utilization & I/O stats
  $ sar # sys activity reporter
 # (same name packages)
  $ numasat # Non-Uniform Mem Arch status
  $ strace # syscalls trace
  $ <comand> & # start in foreground
  $ fg # recovers <command> from foreground
  $ jobs

 # Mem
 # procps package
  $ free
  $ vmstat
  $ pmap

 # I/O
 # systat package
  $ iostat
  $ sar [ops] [interval] [reps]
  $ vmstat

 # Network
 $ netstat
 $ iotraf
 $ tcpdump
 $ wireshark

 # --------------------- MEMORY MONITORING & TUNING --------------------- 
 $ cat /proc/meminfo
 # procps package
  $ free
  $ vmstat [ops] [delay] [repetitions]
   $ vmstat -SM -a 2 4
   $ vmstat -s # stats
   $ vmstat -d # disk
   $ vmstat -p /dev/sd... 2 4
  $ pmap
  $ sudo swapoff -a
  $ sudo swapon -a
  

 /proc/sys/vm # tunable knobs, change directly or with:
 $ sysctl
 # at boot time:
  /etc/sysctl.conf

 # Mem overcommit & OOM Killer
 /proc/sys/vm/overcommit_memory #0 = permit excepting obvious, 1 = all allowed, 2 = off
 /proc/sys/vm/overcommit_ratio
 /proc/[pid]/oom_score

 # --------------------- I/O MONITORING AND TUNING --------------------- 
 # system I/O-bound if CPU waits for I/O to complete
 $ iostat [-k | -m] #KB | MB -N #show by dev name -x # extending (detailed)
 $ sudo iotop [-o] # for show continuously static activity for all active I/O tasks
 $ ionice [-c class] [-n prio] [-p pid] [cmd [args]] # only with CFQ I/O scheduler
  $ ionice -c 2 -n 3 -p 30003
  $ bonnie++ # I/O benchmarking program

 # --------------------- I/O SCHEDULING --------------------- 
 # elevator (for rotational devs):
   # SSD?
    $ cat /sys/block/sda/queue/rotational
  #linux ... elevator=[ cfq | deadline | noop ]:
  $ cat /sys/block/sda/queue/scheduler # --> noop deadline [cfq]
  $ echo noop > /sys/block/sda/queue/scheduler # persistence
  # tunables
   $ /sys/block/<dev>/queue/iosched
   
  # flush cache
   $ echo 3 > /proc/sys/vm/drop_caches

 # --------------------- NETWORKING --------------------- 
 $ hostname # non-persistant
   /etc/hostname # Deb
  ‎ /etc/sysconfig/hostname # RHEL6
 $ hostnamectl set-hostname [...] # systemd
 $ ifconfig #non-persistent
   $ ifconfig | grep [env | wl] # eth0, eth1 | wlan0
 $ ip [ops] <OBJECT> [command | help] #non-persistent
   $ ip [-force] -batch filename
   ‎# OBJECT = {address, link, maddress, monitor, route, rule, tunnel}
   ‎/etc/sysconfig/network #RHEL
   ‎                           /network-scripts/ifcfg-ethX:Y
   ‎/etc/network/interfaces # Debian
 $ nmcli

 #  Name resolution 
 $ [dig | host | nslookup] <address.com>
 $ search <address.com>
 $ nameserver [IP]
 $ ping
 $ traceroute  <IP | address.com>
 $ mrt <address.com>

 # --------------------- Firewalls --------------------- 
  $ sudo systemctl status firewalld
  $ firewall-cmd [--help]
   $ sudo firewall-cmd [--get-default-zone | --get-active-zones | --get-zones | --set-default-zone=[trusted|public]
   ‎$ sudo firewall-cmd [--zone=internal --change-interface=eno1  --permanent --zone=internal --change-interface=eno1 ] # last is permanent --> creates:
   ‎   /etc/firewalld/zones/internal.xml
   ‎$ sudo firewall-cmd --get-zone-of-interface=eno1
   ‎$ sudo firewall-cmd --zone=public --list-all
   ‎$ sudo firewall-cmd --permanent --zone=trusted --add-source=192.168.1.0/24
   ‎$ sudo firewall-cmd --permanent --zone=trusted --list-sources
   ‎$ sudo firewall-cmd [--get-services | --list-services --zone=public ]
   ‎$ sudo firewall-cmd --permanent --zone=home --add-service=dhcp
   ‎$ sudo firewall-cmd --reload
   ‎$ sudo firewall-cmd --zone=home --add-port=21/tcp
   ‎$ sudo firewall-cmd --zone=home --list-ports
   ‎$ grep "21/tcp" /etc/services

 # --------------------- SECURITY ---------------------
 #SELinux
 $ getenforce
 $ sudo setenforce Permisive
 # Contexts: User, Role, Type (most common), Level
  # Type --> _t, e.g: kernel_t
 $ restorecon -Rv <file># reset files context based on dir settings

 # --------------------- ALTERNATIVES --------------------- 
 sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
 sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
 sudo update-alternatives --install /usr/bin/vim vim /usr/bin/vim.tiny 1


 # MATH in Shell
 $ expr <op1> <operation> <op2>
  $ expr 1814400 / 60 / 60 / 24 / 7     # 3 weeks = 1814400 seconds
	# --------------------- PACKAGE MANAGEMENT ---------------------
	# DPKG
	$ dpkg -S /etc/file.conf # what package this file belongs to
	$ dpkg -L <package> # package info (inc. files it contains)
	$ dpkg -V <package> # verify
	$ dpkg -r <package> # remove
	# APT (apt = apt-get)
	$ apt [-u] upgrade # -u show upgraded
	$ sudo apt autoremove
	$ sudo apt-get clean # will save space
	$ sudo apt-get remove <package>
	$ sudo apt-get --purge remove <package> # remove pkg + config
	$ apt-cache search <package-name>
	$ apt-cache search -n <installed-package-name> #installed and available
	$ apt-cache show <package>
	$ apt-cache [r]depends bash # normal and Reverse dependencies
	$ apt-cache search metapackage

	# --------------------- Standard CONFIG files ---------------------
	RHEL 6: /etc/sysconfig/
	Debian: /etc/default/
	SuSE/RHEL 7: both

	# --------------------- GRUB 2 ---------------------
	/boot/grub[2]/grub.cfg #edit through:
	/etc/default/grub
	$ update-grub
	/etc/grub.d/

	# --------------------- INIT: SysVinit ---------------------
	/etc/inittab
	$ runlevel
	$ telinit <num>
	/etc/rc.d/[rc<num>.d/]
	rc.local
	$ chkconfig
	$ service [<name> [status \| ... ] \| --status-all]
	# Debian/Ubuntu:
	# apt install sysvinit-utils chkconfig
	# sudo status <name>


	# --------------------- INIT: Systemd ---------------------
	Ex:
	/etc/hostname
	/etc/vconsole.conf
	/etc/sysctl.d/*.conf
	/etc/os-release
	$ systemctl
	$ systemctl list-units -t service [--all]
	$ sudo systemctl [ daemon-reload \| [start \| stop \| enable \| disable is-enabled] <serv-name>.service]

	# FS: BOOT
	/boot/
	- vmlinuz
	- initramfs
	- config
	- System.map

	# FS: pseudo-fs's
	/dev
	/proc
	/sys #sysfs
	[/tmp, /run]


	# --------------------- Kernel MODULES ---------------------
	/lib/modules/$(uname -r)
	/sys/module/<module-name>[/parameters]
	/etc/modprobe.d/

	# --------------------- Devices & UDEV ---------------------
	$ mknod [-m mode] /dev/<name> <type> <major> <minor>
	/dev/
	# udev: libudev, udevd, udevadm
	/etc/udev/udev.conf
	/etc/udev/rules.d/<rulename>.rules

	# --------------------- STORAGE/part ---------------------
	#0.- boot code: , 446 Bi
	#1..3.- part i: 16 Bi
	#4.- part 4: 16 Bi, 0x55AA
	$ fdisk
	$ mkfs.ext4 /dev/...
	$ blkid /dev/...
	$ lsblk -i
	$ dd if=... of=... bs=... count=...
	$ partprobe -s # with summary. Not until restarting
	# partprobe informs OS of partition table changes
	$ cat /proc/partitions

	# --------------------- FILESYSTEMS ---------------------
	/proc/filesystems
	$ sudo mount [-t <fs>] [[<dev>\|UUID=\|-U ]<uuid>] [[LABEL=\|-L ]<label>] </mount-point>
	$ sudo mount -o remount,ro </mount-point>
	$ umount [dev \| mount-point]
	/etc/fstab
	# <device> <dir> <type> <options> <dump> <fsck>
	# /dev/sda11 /mnt/tempdir ext4 defaults 1 2
	$ lsattr <filename>
	$ chattr [+\|-\|=mode] <filename>
	# i Immutable, also, no hard links
	# a Append-only
	# d Do-dump, ignored when 'dump' runs
	# A: no-Atime
	$ ln [-s] <file> <new_link> # link: hard (pointing inode in same FS) or, with -s, soft (if you move original, you lose the reference, but works accross FS's)
	/sbin/mkfs*
	$ sudo mkfs -t <fs> <dev>
	$ sudo mkfs.<fs> <dev>
	/sbin/fsck*
	$ sudo fsck -t <fs> [options] <dev>
	$ sudo fsck.<fs> <dev>
	$ sudo touch /forcefsck; sudo reboot
	$ e4defrag
	$ dumpe2fs # show Ext FS info
	$ tune2fs
	$ tune2fs -c 30 <fs> # sets max count in 30
	$ tune2fs -i 3w # Sets interval between checks to 3w

	# Quota
	$ quota
	/etc/fstab:
	/dev/sda11 /mnt/tempdir ext4 usrquota 1 2
	$ sudo mount -o remount /mnt/tempdir
	$ sudo quotacheck -u /mnt/tempdir
	$ sudo quotaon -u /mnt/tempdir
	$ sudo chown student.student /mnt/tempdir # optional
	$ sudo edquota -u student


	# TMPFS:
	$ df -Th /dev/shm/ # -T type
	$ sudo mount -t tmpfs none /mnt/tmpfs # creates a tmpfs, also:
	$ sudo mount -t tmpfs -o size=1G none /mnt/tmpfs

	# FS Loop Mechanism:
	# setup, method 1
	$ sudo mount -o loop imagefile mntpoint/
	# setup, method 2:
	$ sudo losetup /dev/loop2 imagefile
	$ sudo mount /dev/loop2 mntpoint
	$ sudo umount mntpoint

	$ sudo losetup -d /dev/loop2

	/proc/swaps
	$ free -o

	# --------------------- PROCESES # ---------------------
	# ID = 1 --> init
	/proc/sys/kernel/pid_max
	$ ulimit [-a \| -n 1600] #process limits & 1 example
	# SystemV IPC:
	# 1.- shared memory segments
	# 2.- semaphores
	# 3.- message queues
	$ ipcs # SystemV IPC activity
	$ ipcs -p # proceses that created them

	$ ps -elf #procesos kernel
	# fork vs exec
	#Modif valor nice:
	$ nice
	$ nice -n 10 bash # enter in a new bash with priority 10
	/etc/security/limits.conf # allow users to reduce niceness
	$ renice [+\|- <num>] <pid> # establece a prio en ±num, non suma ou resta
	$ renice 15 -p <pid>
	Shared libraries:
	$ ldd /.../<bin-file> # shared libs required by this process
	/usr/lib64/.so
	$ ldconfig
	/etc/ld.so.conf # used by ldconfig

	# --------------------- SIGNALS ---------------------
	$ kill [-l \| [- signal] <pid>]
	$ killall
	$ pkill [-signal] [options] [pattern]

	# --------------------- SYSTEM MONITORING ---------------------
	$

	# --------------------- USERS ---------------------
	$ useradd [-s <shell>] [-m] [-k <skels>] [-c "Name Surname"] <username>
	/etc/skel
	/etc/login.defs
	/etc/passwd # 644
	/etc/shadow # 400
	pam_cracklib
	/etc/nologin.txt
	$ userdel <u>
	$ usermod [-L] <u>
	$ chage -E <date> <u>
	$ chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] [-l] <u>
	$ chage -d 0 <u>
	$ bash -r # or rbash, restricted shell

	# Root remote login
	/etc/securetty #& associated module pam_securetty.so
	/etc/ssh/sshd_config

	# SSH:
	$

	# --------------------- GROUPS ---------------------
	/etc/group
	/etc/gshadow
	$ groupadd
	# e.g: groupadd -r -g 215 staff
	$ groupmod
	# e.g: groupmod -g 101 blah
	$ groupdel <groupname>
	$ usermod -G <groups> <user> # max 15
	# e.g: usermod -G user1, group1, group2 user1
	/etc/profiles # umask

	# --------------------- FILE PERMISSIONS ---------------------

	$ chmod
	$ chown [-R] <user>[:group] <file>
	$ chgrp

	$ umask [number]
	# default permissions at creation: 0666 files, 0777 directories, but just before applying umask (0002):
	# (0666 \| 0777) & ~0002 = (0664 \| 0775)

	# --------------------- ACLs ---------------------
	$ getfacl [file\|dir]
	$ setfacl [ops] [permissions] [file \| dir]
	$ setfacl -m u: username:rx /home/u/fl1

	# --------------------- PAM ---------------------
	# config files
	/etc/pam.d/
	# type control mod-path mod-args
	# type: auth, account, password, sessio n
	# auth: required, requisite, optional, sufficient, include, substack
	# libpam*
	/lib/security
	/lib/x86_64-linux-gnu
	/lib64/security
	# Apps must be individually configured individually in a file in /etc/pam.d

	# --------------------- LDAP ---------------------
	# config files:
	/etc/openldap/ldap.conf
	/etc/pam_ldap.conf
	/etc/nslcd.conf
	/etc/sssd/sssd.conf
	/etc/nsswitch.conf
	# Uses PAM + system-config-authentication \| autoconf-tui
	$ system-config-authentication
	$ autoconf-tui

	# --------------------- BACKUPS ---------------------
	$ cpio
	# $ ls \| cpio --create -O /dev/st0
	#$ cpio -t -I /dev/st0

	$ tar
	# tar -cvf <destination> /root
	# tar -cMf <destination> /root # M = multiple volumes
	# tar --compare --vervose --file /dev/st0
	# tar --list --file <destination>
	# tar xvf /dev/st0 somefile
	# tar --extract --same-permissions --verbose --file /dev/st0

	#BZIP2, GZIP, XZ...
	$ tar zcvf file.tar.gz source
	$ tar jcvf file.tar.bz2 source
	$ tar Jcvf file.tar.xz source
	$ tar x[zjJ]vf file.tar...
	$ dd if=in-file of=out-file [options]
	$ rsync [ops] src dest
	$ sudo dump -0uf /tmp/backup /boot #level 0 backup, uncompress with restore
	$ sudo restore -rfv /tmp/backup
	$ tar xvf file.tar...

	SYSTEM MONITORING
	#/proc & /sys pseudo-fs's
	/proc/sys/
	‎ abi/ #binary app info, not very used
	‎ debug/
	‎ dev/ #devices
	‎ fs/
	‎ kernel/
	‎ threads-max
	‎‎ ‎ # sudo bash -c 'echo 10000 > /proc/sys/kernel/threads-max'
	‎ ‎‎ ‎ # sudo sysctl kernel.threads-max=10000
	‎ net/
	‎ vm/
	# process & load
	# procps package
	$ top
	$ uptime
	$ ps
	# -A or-e Select all processes
	# -N Negate selection (means do the opposite)
	# -C Select by command name
	# -G Select by real group ID (also supports names)
	# -U Select by real user ID (also supports names)
	$ ps -o pid,pri,ni,cmd
	$ ps -C <command> -o pid,cmd,pri,ni,stat # info & status of process
	# psmiscs/pstree package
	$ pstree
	# systat package
	$ mpstat # multi-processor status (usage)
	$ iostat # CPU utilization & I/O stats
	$ sar # sys activity reporter
	# (same name packages)
	$ numasat # Non-Uniform Mem Arch status
	$ strace # syscalls trace
	$ <comand> & # start in foreground
	$ fg # recovers <command> from foreground
	$ jobs

	# Mem
	# procps package
	$ free
	$ vmstat
	$ pmap

	# I/O
	# systat package
	$ iostat
	$ sar [ops] [interval] [reps]
	$ vmstat

	# Network
	$ netstat
	$ iotraf
	$ tcpdump
	$ wireshark

	# --------------------- MEMORY MONITORING & TUNING ---------------------
	$ cat /proc/meminfo
	# procps package
	$ free
	$ vmstat [ops] [delay] [repetitions]
	$ vmstat -SM -a 2 4
	$ vmstat -s # stats
	$ vmstat -d # disk
	$ vmstat -p /dev/sd... 2 4
	$ pmap
	$ sudo swapoff -a
	$ sudo swapon -a


	/proc/sys/vm # tunable knobs, change directly or with:
	$ sysctl
	# at boot time:
	/etc/sysctl.conf

	# Mem overcommit & OOM Killer
	/proc/sys/vm/overcommit_memory #0 = permit excepting obvious, 1 = all allowed, 2 = off
	/proc/sys/vm/overcommit_ratio
	/proc/[pid]/oom_score

	# --------------------- I/O MONITORING AND TUNING ---------------------
	# system I/O-bound if CPU waits for I/O to complete
	$ iostat [-k \| -m] #KB \| MB -N #show by dev name -x # extending (detailed)
	$ sudo iotop [-o] # for show continuously static activity for all active I/O tasks
	$ ionice [-c class] [-n prio] [-p pid] [cmd [args]] # only with CFQ I/O scheduler
	$ ionice -c 2 -n 3 -p 30003
	$ bonnie++ # I/O benchmarking program

	# --------------------- I/O SCHEDULING ---------------------
	# elevator (for rotational devs):
	# SSD?
	$ cat /sys/block/sda/queue/rotational
	#linux ... elevator=[ cfq \| deadline \| noop ]:
	$ cat /sys/block/sda/queue/scheduler # --> noop deadline [cfq]
	$ echo noop > /sys/block/sda/queue/scheduler # persistence
	# tunables
	$ /sys/block/<dev>/queue/iosched

	# flush cache
	$ echo 3 > /proc/sys/vm/drop_caches

	# --------------------- NETWORKING ---------------------
	$ hostname # non-persistant
	/etc/hostname # Deb
	‎ /etc/sysconfig/hostname # RHEL6
	$ hostnamectl set-hostname [...] # systemd
	$ ifconfig #non-persistent
	$ ifconfig \| grep [env \| wl] # eth0, eth1 \| wlan0
	$ ip [ops] <OBJECT> [command \| help] #non-persistent
	$ ip [-force] -batch filename
	‎# OBJECT = {address, link, maddress, monitor, route, rule, tunnel}
	‎/etc/sysconfig/network #RHEL
	‎ /network-scripts/ifcfg-ethX:Y
	‎/etc/network/interfaces # Debian
	$ nmcli

	# Name resolution
	$ [dig \| host \| nslookup] <address.com>
	$ search <address.com>
	$ nameserver [IP]
	$ ping
	$ traceroute <IP \| address.com>
	$ mrt <address.com>

	# --------------------- Firewalls ---------------------
	$ sudo systemctl status firewalld
	$ firewall-cmd [--help]
	$ sudo firewall-cmd [--get-default-zone \| --get-active-zones \| --get-zones \| --set-default-zone=[trusted\|public]
	‎$ sudo firewall-cmd [--zone=internal --change-interface=eno1 --permanent --zone=internal --change-interface=eno1 ] # last is permanent --> creates:
	‎ /etc/firewalld/zones/internal.xml
	‎$ sudo firewall-cmd --get-zone-of-interface=eno1
	‎$ sudo firewall-cmd --zone=public --list-all
	‎$ sudo firewall-cmd --permanent --zone=trusted --add-source=192.168.1.0/24
	‎$ sudo firewall-cmd --permanent --zone=trusted --list-sources
	‎$ sudo firewall-cmd [--get-services \| --list-services --zone=public ]
	‎$ sudo firewall-cmd --permanent --zone=home --add-service=dhcp
	‎$ sudo firewall-cmd --reload
	‎$ sudo firewall-cmd --zone=home --add-port=21/tcp
	‎$ sudo firewall-cmd --zone=home --list-ports
	‎$ grep "21/tcp" /etc/services

	# --------------------- SECURITY ---------------------
	#SELinux
	$ getenforce
	$ sudo setenforce Permisive
	# Contexts: User, Role, Type (most common), Level
	# Type --> _t, e.g: kernel_t
	$ restorecon -Rv <file># reset files context based on dir settings

	# --------------------- ALTERNATIVES ---------------------
	sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
	sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
	sudo update-alternatives --install /usr/bin/vim vim /usr/bin/vim.tiny 1


	# MATH in Shell
	$ expr <op1> <operation> <op2>
	$ expr 1814400 / 60 / 60 / 24 / 7 # 3 weeks = 1814400 seconds
No results found