[[http://tmade.de|Home tmade.de]] [[http://wiki.tmade.de|Home Wiki]] ===== apt-get ===== Examples: sudo apt-get install ubuntu-desktop sudo apt-get clean #Clean "/var/cache/apt/archives" (programms installed with apt-get are saved in) sudo apt-get install gdm apt-get install --reinstall package sudo /etc/init.d/gdm start sudo dpkg-reconfigure xserver-xorg sudo aptitude install kubuntu-desktop apt-get install linux-image-3.2.0-24-generic linux-headers-3.2.0-24-generic apt-get install build-essential #Compiler apt-get install bridge-utils #if you want to use a network bridge interface apt-get install lm-sensors #run once "sensors-detect", than "sensors" to get e.g. cpu temperature and more apt-get install ntp ntpdate #timeserver apt-get install libssl-dev apt-get install apache2 php5 php5-mysql mysql-server #LAMP = Linux, Apache, MySQL, PHP apt install php libapache2-mod-php apt-get install php5-mongo apt-get install net-tools #arp, ifconfig, netstat, rarp, nameif and route apt-get install lvm2 apt-get install nfs-kernel-server apt-get install nfs-common apt-get --reinstall install screen sudo apt-get install phpmyadmin apt-get install samba samba-common-bin smbclient cifs-utils apt-get install smbclient cifs-utils sudo apt-get install fwbuilder apt-get install isc-dhcp-server apt-get install isc-dhcp-relay apt-get install nsca #Passiv check monitoring client for nagios/ icinga sudo aptitude install build-essential apt-get install build-essential apt-get install ia32-libs #32-bit compatibility libraries apt-get install lib32z1 lib32ncurses5 lib32bz2-1.0 #32-bit compatibility libraries for Ubuntu Server 14.4 LTS apt-get install libssl-dev #openssl-devel apt-get install lib32nss-mdns apt-get install openjdk-7-jdk apt-get -s install awstats #Option "-s" simulates an installation process apt-get install ocfs2-tools ocfs2console #Install ocfs2 dpkg-reconfigure ocfs2-tools #To configure ocfs2 apt-get install cifs-utils apt install ffmpeg #install videocodec apt-get install mailutils apt-get install libncurses5-dev #Mysql apt-get --only-upgrade install package_name #Only update the package "package_name" (run previously as always "apt-get update"!) apt-mark hold [Package] #hold back [Package]  apt-mark unhold [Package] #remove hold back from [Package] apt-mark showhold #show the packages that are kept in "hold" state dpkg -l | grep "^hi" #search for all lines that begin with "hi" which are initials for "hold" and "installed" apt-cache madison docker-ce #show available versions apt-cache policy kubeadm #show package and version apt-cache search curl #show available packages apt-get install -y docker-ce=5:18.09.9~3-0~ubuntu-xenial --allow-downgrades sudo update-rc.d -f gdm remove sudo update-rc.d gdm stop 01 0 1 6 . sudo reboot sudo killall gdm #kill the X-server dpkg --list |grep postgres dpkg --purge postgresql-8.4 rm -r /usr/share/postgresql/8.4/tsearch_data rm -r /etc/postgresql-common dpkg --purge postgresql-client-common dpkg --purge postgresql-common aptitude autoclean aptitude search mysql aptitude clean postgresql-8.4 dpkg --list |grep postgres dpkg-reconfigure tzdata #timezone set dpkg-reconfigure locales #system language aptitude install postgresql aptitude reinstall perl-base hwe-support-status --verbose ubuntu-support-status systemctl stop apt-daily.timer systemctl disable apt-daily.timer apt-get install linux-generic-lts-xenial dpkg -s motion | head -n5 #show package infos, status, dependencies... Repair: apt-get -f install apt-get autoremove apt-get update --allow-releaseinfo-change apt-get purge apt-get clean apt --fix-broken install apt-get --fix-broken install ==== apt-key ==== If there´s an error by executing "apt-get update" such as: GPG error: http://repo.mysql.com trusty InRelease: The following signatures were invalid: KEYEXPIRED 1487236823 KEYEXPIRED 1487236823 KEYEXPIRED 1487236823 You can solve it by running apt-key list | grep expired Output: pub 1024D/5072E1F5 2003-02-03 [expired: 2017-02-16] To solve it run: apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 5072E1F5 and apt-get update again. Update key: apt-key adv --keyserver-options http-proxy=http://PROXYIP:8080 --keyserver hkp://keyserver.ubuntu.com:80 --recv apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv Check a key: curl -fsSL https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/InRelease | gpg --show-keys Hint to export keys to gpg-key: https://askubuntu.com/questions/1398344/apt-key-deprecation-warning-when-updating-system ==== System update ==== To update all packages run: apt-get update #Checks and downloads Packages apt-get dist-upgrade #Updates System (all installed packages) do-release-upgrade If you encounter problems if you are behind a proxy please enter into /etc/apt/apt.conf the following information Acquire::http::Proxy "http://1.2.3.4:8080"; Acquire::https::Proxy "https://127.0.0.1:8080"; To keep a package back: apt-mark hold [Package] #Hold back [Package] apt-mark unhold [Package] #Remove hold back from [Package] ==== Security Update ==== If you just want to patch security packages: grep security /etc/apt/sources.list > /tmp/security.list grep -P '^[ \t]*[^#[ \t]+' /etc/apt/sources.list apt-get upgrade -o Dir::Etc::Sourcelist=/tmp/security.list -s #just a test apt-get upgrade -o Dir::Etc::Sourcelist=/tmp/security.list #patch security packages ==== Webmin ==== https://wiki.ubuntu.com/webmin apt-get install libnet-ssleay-perl libauthen-pam-perl libio-pty-perl apt-show-versions libapt-pkg-perl apt-get update apt-get install libnet-ssleay-perl libauthen-pam-perl libio-pty-perl libmd5-perl apt-show-versions ==== Initrd ==== To update the initrd: update-initramfs -c -k 3.2.0-23-generic #Kernel-version 3.2.0-23-generic update-initramfs -k all -c update-grub ==== Init ==== service --status-all initctl list ==== Grub Rescue ==== http://www.it-muecke.de/grub-rescue ==== Check Version ==== lsb_release -a ==== UPGRADE VERSION/ Distribution ==== sudo do-release-upgrade Alternativ way: Make backup of sources.list file: cp /etc/apt/sources.list /etc/apt/sources.list.bku and cp -r /etc/apt/sources.list.d/ /etc/apt/sources.list.d.bak Edit sources.list and add new repositary such as: deb http://de.archive.ubuntu.com/ubuntu natty main restricted universe multiverse #deb-src http://de.archive.ubuntu.com/ubuntu natty main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu natty-updates main restricted universe multiverse #deb-src http://de.archive.ubuntu.com/ubuntu natty-updates main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu natty-security main restricted universe multiverse #deb-src http://de.archive.ubuntu.com/ubuntu natty-security main restricted universe multiverse Check also: http://wiki.ubuntuusers.de/sources.list Update sources: apt-get update Update distribution: apt-get dist-upgrade Unattended-upgrades: To disable edit "/etc/apt/apt.conf.d/10periodic" as follows: APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "0"; ==== APTITUDE ==== aptitude search aptitute install ==== Install ==== sudo tasksel #Opens pattern install menu such as LAMP like during OS installation ==== Problems ==== To solve package problems for a particular package, delete related package-names in /var/lib/dpkg/info/ /var/cache/apt/archives/ and run apt-get -f install apt-get update ==== ulimit ==== Online: ulimit -n 64000 Persistant (reboot required): vi /etc/security/limits.conf * soft nofile 64000 * hard nofile 64000 username soft nofile 64000 username hard nofile 64000 root soft nofile 64000 root hard nofile 64000 ==== Network ==== The following config (/etc/network/interfaces) shows a bonding interface (eth0, eth2) and a third networkdevice configuration (eth1): # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto bond0 iface bond0 inet static address 192.168.64.127 netmask 255.255.255.0 network 192.168.64.0 broadcast 192.168.64.255 gateway 192.168.64.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 192.168.63.4 192.168.63.8 dns-search my-domain.local #slaves eth0 eth2 #bond_mode 0 #bond_miimon 100 #bond_updelay 200 #bond_downdelay 200 post-up ifenslave bond0 eth0 eth2 pre-down ifenslave -d bond0 eth0 eth2 #iSCSI Network Interface auto eth1 iface eth1 inet static address 192.168.254.55 netmask 255.255.255.0 network 192.168.254.0 broadcast 192.168.254.255 # gateway 192.168.254.1 # dns-* options are implemented by the resolvconf package, if installed auto eth1:1 iface eth1:1 inet static address 10.0.0.10 netmask 255.255.255.0 DHCP: auto eth0 iface eth0 inet dhcp ====Timezone, Date & Time==== timedatectl set-timezone Europe/Berlin timedatectl dpkg-reconfigure tzdata timedatectl set-time 23:01 timedatectl set-time 2017-10-08 23:01 systemctl status systemd-timesyncd systemctl restart systemd-timesyncd ==== Resolv.conf ==== sudo rm /etc/resolv.conf sudo dpkg-reconfigure resolvconf ==== HOSTNAME ==== 1) edit /etc/hostname, to e.g. yourhost.dyndns.org 2) run : hostname -F /etc/hostname 3) edit /etc/hosts accordingly Command: hostnamectl set-hostname NEW_NAME_HERE ==== Upstart ==== Upstart is a new way to start services. The old way (/etc/init.d) is still relevant, as upstart still uses (dependant on the service) init-scripts. Upstart scripts are located in /etc/init Upstart services are started via: service servicename start/stop/restart Links: http://wiki.ubuntuusers.de/Upstart ==== Autostart Service ==== To check status of all services: service --status-all Running: + Not running: - Status not known: ? To add a service to autostart use: /usr/lib/insserv/insserv -d servicename #Add service "servicename" to autostart - a init-script is required! /usr/lib/insserv/insserv -r servicename #Remove service "servicename" from autostart or update-rc.d apache2 defaults #Add service apache to autostart with default runlevels update-rc.d -f apache2 remove #Remove service apache from autostart Ubuntu >= 16.04: sudo systemctl is-enabled mysql.service sudo systemctl disable mysql.service sudo systemctl enable mysql.service ==== Proxy ==== To update your system via "apt-get" behind a http proxy, edit or create file /etc/apt/apt.conf and put following syntax inside: Acquire::http::Proxy "http://PROXY_FQDN_or_IP:8080"; and if https is required Acquire::https::Proxy "https://PROXY_FQDN_or_IP:8080"; To set a general system proxy: export https_proxy=https://IP:Port export http_proxy=https://IP:Port export http_proxy=http://username:password@proxy_host:proxy_port export https_proxy=https://username:password@proxy_host:proxy_port export no_proxy="localhost,127.0.0.1,test.local" ==== Locale ==== locale -a #show available locale cat /usr/share/i18n/SUPPORTED #show supported locale locale-gen de_DE.UTF-8 #generate locale update-locale LANG=de_DE.UTF-8 #update locale locale #check configure locale cat /etc/default/locale #check configure locale ====SFTP==== 1. Add user: useradd -d /path/to/home -u 3200 -g mygroup -s /bin/false -c "FTP User sftp01" sftp01 2. Add to "/etc/ssh/sshd_config" and restart ssh "systemctl restart ssh.service" or "/etc/init.d/ssh restart": AllowGroups mygroup #Subsystem sftp /usr/lib/openssh/sftp-server #SLES11 Subsystem sftp /usr/lib/ssh/sftp-server #SLES12 #Subsystem sftp internal-sftp #SLES12 #Personal #Match Group sftponly Match User sftp01 ForceCommand internal-sftp #forces the SSH server to run the SFTP server upon login, disallowing shell access #PasswordAuthentication yes #only key-auth is allowed ChrootDirectory /home/sftp01 #ensures that the user will not be allowed access to anything beyond the "/home/sftp01" directory PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no PermitRootLogin no **Note**: Path to "ChrootDirectory" has to be **owned** **completely** by **"root:root"**! 3. Edit "/etc/fstab": The mountpoint ("/home/sftp01") must contain "nodev,nosuid". Example: UUID=ed376e96-2183-43dd-862c-02fa3e6c5223 /home/sftp01 xfs defaults,nodev,nosuid 1 2 **Note:** This ist just required, if the "ChrootDirectory" is **not owned** by root! **Remount on the fly:** mount -o remount,noatime /mountpoint 4. Create a key pair for key authentification: https://www.tmade.de/wiki/doku.php?id=linux:ssh#ssh_key-authentication Put "authorized_keys" file into "~/.ssh/authorized_keys" of the related user. **Note:** The "authorized_keys" file must contain the content of "id_rsa.pub"! Example configurations: Match user user1 ChrootDirectory /srv/sftp/user1 Match user user2 ChrootDirectory /srv/sftp/user2 AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp or Match User bob,joe,phil #Match Group users_with_no_ssh ChrootDirectory /home/%u/ ForceCommand internal-sftp X11Forwarding no AllowTCPForwarding no #AcceptEnv RESTIC_REPOSITORY RESTIC_PASSWORD ForceCommand /bin/echo 'We talked about this guys. No SSH for you!' Check ssh-config: sshd -t #command to check for syntax errors in your configuration file sshd -T #output active directives ==== MISC ==== ===Editor=== select-editor #set default editor Force checking devices on next system startup: touch /forcefsck ===Useradd + password=== Useradd and **set password in one step** (without adding to history): read -p "Please enter Username: " USER echo "Username: \"$USER\"" read -p "Please enter Password: " PW echo "Password \"$PW\"" useradd -m -p $(openssl passwd -1 "$PW") $USER echo "User: \"$USER\" added!" === Search === Switch on "page up" and "page down" to search/ auto completition history (edit "/etc/inputrc"): cat /etc/inputrc | grep search Change # alternate mappings for "page up" and "page down" to search the history #"\e[5~": history-search-backward #"\e[6~": history-search-forward to # alternate mappings for "page up" and "page down" to search the history "\e[5~": history-search-backward "\e[6~": history-search-forward History: https://www.howtogeek.com/howto/44997/how-to-use-bash-history-to-improve-your-command-line-productivity/ ===Powersave=== https://help.ubuntu.com/community/PowerManagement/ReducedPower The pm-utils package comes with scripts for managing low-power modes. sudo apt-get install pm-utils In order to enter low power mode, run this: sudo pm-powersave true In order to leave low power mode, run this: sudo pm-powersave false