sudo -e <file>
You can set custom editor by adding this to
.bashrcexport EDITOR=vim
sudo -iu <user>
sudo --login --user <user>
sudo -su <user> # Use current user SHELL, useful for nologin users
or
su - <user>
su -ls /bin/bash <user>
su --login --shell /bin/bash <user>
useradd --create-home --groups sudo --user-group --shell /bin/bash --comment "Full Name" <user>
useradd --system --base-dir /var/lib --create-home --user-group --shell /usr/sbin/nologin --comment "Service Name" <user>
Custom services should have their home folder with all of the data in /var/lib
usermod --append --groups <new,group> <user>
https://manpages.debian.org/buster/passwd/chage.1.en.html
Lock user with
chage -E0 <user>
Unlock user with
chage -E-1 <user>
Get lock status with
chage -l <user>
chmod g+s <dir>
Custom service files go to /etc/systemd/system folder
A minimal /etc/systemd/system/example.service file would look like this
[Unit]
Description=Example foo service
[Service]
# Python needs this line for print to work
Environment=PYTHONUNBUFFERED=1
ExecStart=/usr/sbin/foo-daemon
WorkingDirectory=/var/lib/example
User=example
[Install]
WantedBy=multi-user.target
ExecStart line must contain full path to the executable
If you make any changes to a service file then you have to tell systemd about it using systemctl daemon-reload
Documentation:
Limit access to the system
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ReadWriteDirectories=/etc/webapps /var/lib/
ProtectHome=yes
NoNewPrivileges=yes
| Command | description |
|---|---|
systemctl start <service> |
start that service |
systemctl stop <service> |
stop and kill that service |
systemctl restart <service> |
restart that service |
systemctl enable <service> |
start service on boot |
systemctl enable --now <service> |
start service right now and also start the service on boot |
systemctl status <service> |
display current status of the service with few last log line |
journalctl -fan100 where
-f shows new log lines as they arrive-a show the whole line-n 100 shows 100 last log linesjournalctl -fan100 -u example.service only show logs from example.service
journalctl -b show all logs for whole system starting from current boot
apt install --no-install-recommends neovim
update-alternatives --set editor /usr/bin/nvim
source: https://www.debian.org/doc/packaging-manuals/python-policy/#unversioned-python-commands
For Debian 11 Bullseye and Ubuntu 20.04
sudo apt install python-is-python3
For older releases first configure python alternatives
update-alternatives --install /usr/bin/python python /usr/bin/python3.7 1
update-alternatives --install /usr/bin/python python /usr/bin/python2.7 2
and then set the default with
update-alternatives --config python
Some S.M.A.R.T attributes are encoded as multi byte array and need special formating to make sense.
smartctl -v 1,raw48:54 -v 7,raw48:54 -v 195,raw48:54 -v 241,raw48:54 -v 242,raw48:54 -a /dev/sda
Source: https://github.com/netdata/netdata/issues/1076#issuecomment-367873913
This sysctl snippet should help with silencing system.softnet_stat alarm netdev budget ran outs and reduce droped packets.
# /etc/sysctl.conf
###################################################################
# Allow more time to process packets in kernel
# How many packets process in a slot, default is 300
net.core.netdev_budget = 600
# max slot time, default is 2000us
net.core.netdev_budget_usecs = 8000
and after that load the new values
sudo sysctl -p /etc/sysctl.conf
In case of EXT4 you can use fsfreeze and then use dd to copy the disk image really fast
Client:
fsfreeze -f /boot; fsfreeze -f /; dd if=/dev/sda bs=1M status=progress | zstd -T0 | nc -6 -N serverhost 6666; fsfreeze -u /; fsfreeze -u /boot;
Server:
nc -6 -l 6666 | zstd -d - | pv -s 25G > sda.img
Other option
Welcome to the world obsure debconf system
Debian wiki has a nice overview of all the ways you can configure debian packages
List of debconf options with descriptions are available at
/var/lib/dpkg/info/openssh-server.templatesCurrent debconf settings can be viewed with
debconf-show openssh-server
For openssh-server package default config steps look like this
# By default password auth is allowed, we want to disable it and only allow ssh keys
echo openssh-server openssh-server/password-authentication boolean false | debconf-set-selections
# In this case true = 'PermitRootLogin prohibit-password'; false = 'PermitRootLogin yes'
echo openssh-server oopenssh-server/permit-root-login boolean true | debconf-set-selections
# Delete existing config file so that `/var/lib/dpkg/info/openssh-server.config`
# does not reset `debconf` options when we do dpkg-reconfigure
rm /etc/ssh/sshd_config
# Generate stock sshd_config file
# Script `/var/lib/dpkg/info/openssh-server.postinst` uses ufc(1) to provide
# user with a dialog for 3 way merge in case of local modifications
# We want to use the stock config file (CONFNEW) and also create it as it's missing (CONFMISS)
UCF_FORCE_CONFFMISS=1 UCF_FORCE_CONFFNEW=1 dpkg-reconfigure openssh-server
Or you know you could just copy the default config from the filesystem
cp /usr/share/openssh/sshd_config /etc/ssh/sshd_config
echo keyboard-configuration keyboard-configuration/variant select 'English (US)' | debconf-set-selections
apt install console-setup
And afterwards
dpkg-reconfigure --priority critical keyboard-configuration
Setting values later via debconf-set-selections does not stick, IDK
There is this nice package call sysstat that can collect and display current system usage in a pretty nice way
apt install sysstat
iostat -xm 1
sar -n DEV --human --iface=enp195s0 5