Linux Commands
List and remove downloaded packages for Ubuntu, most all of this information will be Ubuntu based.
dpkg -l - This will list all installed packages
dpkg -l | grep plex - This will list all installed packages but only if it's name contains "plex"
After listing and finding the installed package you can do things to it, such as remove:
dpkg -r plexmediaserver - This will remove Plex Media Server package
Installing a package:
dpkg -i /nfs/plex/plexmediaserver.deb - This will install plex (remember to use the actual filename)
NFS mount
open /etc/fstab using whatever you like, I typically use nano:
nano /etc/fstab
Keep in mind you need to install the NFS package before you can use it:
apt install nfs-common
If you don't know the name of a package, you can guess. I guessed nfs-client and it chose nfs-common for me. You can also search for packages using:
apt list | grep nfs
Place the following into fstab for automatic mapping:
Here we will add the NFS server and it's nfs share, in this case the NFS server is 192.168.1.1 and the NFS share is plex.
The second item is the mapped folder on the linux server, in this case I am mapping the NFS share to /nfs/plex.
The third item is just specifying the protocol type, in this case NFS
The last three I don't really know ATM, but it works
192.168.1.1:/plex /nfs/plex nfs defaults 0 0
Manually mount nfs share:
cat /etc/fstab
serverip:/nfsshare /nfs/mount nfs defaults 0 0
mount -t nfs4 serverip:/nfsshare /nfs/mnt
example: mount -t nfs4 192.168.1.1:/plex /nfs/plex
nano /etc/fstab
192.168.1.1:/plex /nfs/plex nfs defaults 0 0
netplan
/etc/netplan/
There are files in here that should configure the network
netplan apply - should apply the configuration written here
systemctl restart systemd-networkd.service
If you want to manually configure your network IP address you can modify the netplan document
NETPLAN: sudo su nano /etc/netplan/00-tab network: version: 2 renderer: networkd ethernets: eth0: addresses: - 10.10.10.2/24 gateway4: 10.10.10.1 nameservers: search: [mydomain, otherdomain] addresses: [10.10.10.1, 1.1.1.1] netplan apply
SSH tunnel
An SSH tunnel will allow you to connect to a web server that is remote as if you were local:
The big reason for this is if you are installing Plex, plex needs to be configured LOCALLY, if you install Linux server there is no gui.
Without a GUI you need to do the following:
ssh admin@10.0.0.1 -L 8888:localhost:32400
After using the previous command, it creates the SSH tunnel and can be used to open a "local" browser using the following:
http://localhost:8888
The command:
ssh - self explanatory
-L - I wish I knew, I'll figure this out later
admin@10.0.0.1 - You are ssh logging into 10.0.0.1 using the username admin, modify this accordingly
8888 - The local port (the computer you are on)
locahost - The mapped hostname, localhost means (the computer you are currently on)
32400 - This is the Mapped port (the computer/server port you are remotely connecting to)
I want to ssh to the server 10.0.0.1 from the computer you are on. I need to connect to the plex port 32400, but it's mapped to 8888 here.
In your web browser go to http://localhost:8888 - with the ssh tunnel it's actually local to the server (technically http://10.0.0.1:32400)
scp copy:
scp item.png username@host:/first/second
If you place a / at the end it will say it's a directory
scp -r user@server:/store/branch/plex/movies/action/*/* /nfs/plex/Movies
scp -r user@server:/store/branch/plex/movies/comedy/Out*/* /nfs/plex/Movies
scp -r user@server:/store/branch/plex/movies/horror/'I\ Kn*'/* /nfs/plex/movies
scp -r user@server:/store/branch/sort/'A\ Few*'/* /nfs/plex/movies
Scp -r user@server:/store/branch/sort/American\.Pie*/* /nfs/plex
ls -l
show which user and group owns the files chown user *
chgrp users *
Dpkg -i package.deb
User add %name%
Passwd something
User mod -aG wheel user
chmod +G %filename%
linux.die.net/man/5/pwquality.conf
*/etc/security/pwquality.conf
Add mariadb to linux
sudo vim /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.4 CentOS repository list - created 2019-12-08 06:26 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
sudo yum install MariaDB-server MariaDB-client
mysql -V
systemctl is-active mysql
systemctl is-active mariadb
systemctl is-enabled mysql
systemctl is-enabled mariadb
systemctl start mysql
systemctl start mariadb
mysql_secure_installation
mysql --help --verbose
/etc/my.cnf.d/* server.cnf
bind addresss #...
grant all privilege on *.* to 'table'@'%'
sudo mysql or mysql -u user -p
use
### Centos Stuff ###
add a user - sudo adduser admin
set a user password - sudo passwd admin
change to a user - su admin
add network tools - yum install net-tools
sudo yum update -y && sudo reboot
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload
BalanceMember http://192.168.0.1:80
BalanceMember http://192.168.0.2:80
ProxyPreserveHost On
ProxyPas / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
sudo service httpd restart
Installing from the vKVM - Can't have a partition outside the disk!
-Mount GParted and create partition.
UFW - Linux firewall service
ufw status
ufw status verbose
ufw disable
ufw enable
ufw reset
ufw reject out ssh
ufw allow out smtp
ufw delete reject out ssh
ufw deny proto tcp from 12.34.56.78 to any port 22
ufw allow out 25
ufw delete allow ssh
ufw delete allow 80/tcp
ufw allow proto tcp from any to any port 25
ufw delete allow proto tcp to 192.168.0.12 port 3306
ufw delete allow from 192.168.0.5 to any port 25
ufw delete allow proto tcp from any to any port 25
ufw allow 22/tcp
ufw allow 1000:2000/tcp
ufw allow proto ipv6 to
ufw app list
ufw app info _name
ufw allow _name
ufw logging on
ufw reset
y
ufw enable
y
ufw allow proto tcp from any to 192.168.0.5 port 80
ufw allow proto tcp from any to 192.168.0.5 port 443
ufw allow proto tcp from any to 192.168.0.5 port 22
ufw allow proto tcp from 192.168.0.0/24 to 192.168.1.5 port 22
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.5 port 22
ufw allow out 80/tcp
ufw allow out 443/tcp
sudo apt-get install ufw - this is the cli firewall
apt-get install gufw - this is the graphical firewall
login to mysql
mysql -u root -p
***
Create user with password
create user 'admin'@'%' identified by 'some_password';
drop user 'admin'@'%';
***
grant all privileges on *.* to 'admin'@'%';
***
revoke all privileges on *.* from 'admin'@'%';
***
flush privileges;
***
select * from mysql.user;
***
select host, user, password from mysql.user;
***
desc mysql.user
desc movies
***
ALTER USER '_user'@'localhost' IDENTIFIED BY 'New-Password-Here';
***
update _movies set movie_name = 'Harry\s Potter' where movie_id = 59;
***
desc _movies;
insert into _movies (movie_name) values ('The A-Team');
insert into _movies values (1,'Avatar',null);
***
alter table _movies add column bundle varchar(128);
***
select movie_name from _movies where movie_name like 'Harry%' order by movie_id asc;
select movie_name from _movies where series is not null order by series asc;
***
revoke all privileges on *.* from 'user'@'localhost';
grant all privileges on _db to 'user'@'localhost';
show databases;
use db_name;
select 21 * 2 as meaning_of_life;
mysql -u user_name -p db_name < mysqlscript.txt > output.txt
https://www.computerhope.com/unix/mysql.htm
mysql [options] db_name
--help
--auto-rehash
--auto-vertical-output
--batch
--bind-address=ip-address
--character-sets-dir=path
--column-names
--column-type-info, -m
--comments, -c
--compress, -C
--database=db_name, -D db_name
--default-auth=plugin
--default-character-set=char_set
--delimiter=str
--disable-named-commands
--enable-cleartext-plugin
--execute=statement, -e statement
--force, -f
--host=host_name, -h host_name
--html, -H
? - help
clear
connect - connect to server
delimiter - set statement delimeter
edit
ego - send command to mysql server, display result vertically
go - send command to mysql server
backup database
mysqldump -u root -p -h localhost _db < guac.sql
status
myisamchk - check, repair, optimize, or fetch information about a mysql database
restore
mysql
use database;
source /home/root/sql.sql
use _db
show tables;
_connection
_connection_attribute
_connection_group
_connection_group_attribute
_connection_group_permission
_connection_history
_connection_parameter
_connection_permission
_entity
_sharing_profile
_system_permission
_user
_user_attribute
_user_group
_user_group_attribute
_user_group_member
_user_group_permission
_user_history
_user_password_history
_user_permission
openssl stuff encrypted key:
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
certificate:
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
unencrypted key:
openssl pkcs12 -in filename.pfx -nocerts -nodes -out key.pem
openssl genrsa -des3 -out 2048
openssl genrsa -out 2048
openssl req -new -key -out
openssl req -new -key -config "c:\Apache Software Foundation\Apache2.2\conf\openssl.cnf" -out
openssl CSR and other stuff:
openssl genrsa -out priv.key 4096
This one here will provide a listing of certificate options that are required:
Country, State, City, Organization Name, OUnit, Common Name
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Create CSR..create this file: san.cnf somewhere
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = www.company.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.company.com
DNS.2 = company.com
DNS.3 = www.company.net
DNS.4 = company.net
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
openssl req -noout -text -in sslcert.csr | grep DNS
This command takes the private key and generates the public key to be imported here:
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem
chmod 400 my-key-pair.pem
Linux Permissions:
3 number "permission" owner | group | public
Read = 4
Write = 2
Execute = 1
Deny = x
400 means owner has read
440 means owner and group has read
444 means owner and group and public have read
600 means owner has read and write
660
666
700
770
777 - Everone full control
400, 600, 700, 440, 460, 470, 404, 406, 407, 640, 660, 670, 604, 606, 607, 740, 760, 770, 704, 706, 707, 004, 006, 007, 040, 044, 046, etc.
Apache stuff
enable ssl: a2enmod enable ssl
enable web server: a2ensite
disable web server: a2dissite
When dealing with a website the account www-data needs to have rwx or 7 as it's permission.
What I did was groupadd group_name
usermod -aG group_name user_name
chgrp group_name *
chmod -R 774 - giving the owner, and the group rwx but public r
Invoke-command -computername hvc01 -ScriptBlock {get-vm -name dc1} | select name, state
VMware stuff Reset esxi evaluation:
mv /etc/vmware/license.cfg /etc/vmware/license1.cfg
cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg
/etc/init.d/vpxa restart
new-vm from template
connect-viserver 192.168.1.1
$OSSpecs = Get-OSCustomizationSpec -Name "server-2019-dc"
$VMTemplate = get-template -name "server2019_template"
$ESXi = "192.168.1.2"
$dsc = get-datastore -name iscsi-hdd-0
$vm = "1"
New-VM -name $vm -Template $VMTemplate -OSCustomizationSpec $OSSpec -VMHost $ESXi -Datastore $dsc
New-VM -name "2" -Datastore iscsi-hdd-0 -DiskGB 60 -DiskStorageFormat thin -MemoryGB 2 -NumCpu 2 -Portgroup DMZ
dpkg -l - This will list all installed packages
dpkg -l | grep plex - This will list all installed packages but only if it's name contains "plex"
After listing and finding the installed package you can do things to it, such as remove:
dpkg -r plexmediaserver - This will remove Plex Media Server package
Installing a package:
dpkg -i /nfs/plex/plexmediaserver.deb - This will install plex (remember to use the actual filename)
NFS mount
open /etc/fstab using whatever you like, I typically use nano:
nano /etc/fstab
Keep in mind you need to install the NFS package before you can use it:
apt install nfs-common
If you don't know the name of a package, you can guess. I guessed nfs-client and it chose nfs-common for me. You can also search for packages using:
apt list | grep nfs
Place the following into fstab for automatic mapping:
Here we will add the NFS server and it's nfs share, in this case the NFS server is 192.168.1.1 and the NFS share is plex.
The second item is the mapped folder on the linux server, in this case I am mapping the NFS share to /nfs/plex.
The third item is just specifying the protocol type, in this case NFS
The last three I don't really know ATM, but it works
192.168.1.1:/plex /nfs/plex nfs defaults 0 0
Manually mount nfs share:
cat /etc/fstab
serverip:/nfsshare /nfs/mount nfs defaults 0 0
mount -t nfs4 serverip:/nfsshare /nfs/mnt
example: mount -t nfs4 192.168.1.1:/plex /nfs/plex
nano /etc/fstab
192.168.1.1:/plex /nfs/plex nfs defaults 0 0
netplan
/etc/netplan/
There are files in here that should configure the network
netplan apply - should apply the configuration written here
systemctl restart systemd-networkd.service
If you want to manually configure your network IP address you can modify the netplan document
NETPLAN: sudo su nano /etc/netplan/00-tab network: version: 2 renderer: networkd ethernets: eth0: addresses: - 10.10.10.2/24 gateway4: 10.10.10.1 nameservers: search: [mydomain, otherdomain] addresses: [10.10.10.1, 1.1.1.1] netplan apply
SSH tunnel
An SSH tunnel will allow you to connect to a web server that is remote as if you were local:
The big reason for this is if you are installing Plex, plex needs to be configured LOCALLY, if you install Linux server there is no gui.
Without a GUI you need to do the following:
ssh admin@10.0.0.1 -L 8888:localhost:32400
After using the previous command, it creates the SSH tunnel and can be used to open a "local" browser using the following:
http://localhost:8888
The command:
ssh - self explanatory
-L - I wish I knew, I'll figure this out later
admin@10.0.0.1 - You are ssh logging into 10.0.0.1 using the username admin, modify this accordingly
8888 - The local port (the computer you are on)
locahost - The mapped hostname, localhost means (the computer you are currently on)
32400 - This is the Mapped port (the computer/server port you are remotely connecting to)
I want to ssh to the server 10.0.0.1 from the computer you are on. I need to connect to the plex port 32400, but it's mapped to 8888 here.
In your web browser go to http://localhost:8888 - with the ssh tunnel it's actually local to the server (technically http://10.0.0.1:32400)
scp copy:
scp item.png username@host:/first/second
If you place a / at the end it will say it's a directory
scp -r user@server:/store/branch/plex/movies/action/*/* /nfs/plex/Movies
scp -r user@server:/store/branch/plex/movies/comedy/Out*/* /nfs/plex/Movies
scp -r user@server:/store/branch/plex/movies/horror/'I\ Kn*'/* /nfs/plex/movies
scp -r user@server:/store/branch/sort/'A\ Few*'/* /nfs/plex/movies
Scp -r user@server:/store/branch/sort/American\.Pie*/* /nfs/plex
ls -l
show which user and group owns the files chown user *
chgrp users *
Dpkg -i package.deb
User add %name%
Passwd something
User mod -aG wheel user
chmod +G %filename%
linux.die.net/man/5/pwquality.conf
*/etc/security/pwquality.conf
Add mariadb to linux
sudo vim /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.4 CentOS repository list - created 2019-12-08 06:26 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
sudo yum install MariaDB-server MariaDB-client
mysql -V
systemctl is-active mysql
systemctl is-active mariadb
systemctl is-enabled mysql
systemctl is-enabled mariadb
systemctl start mysql
systemctl start mariadb
mysql_secure_installation
mysql --help --verbose
/etc/my.cnf.d/* server.cnf
bind addresss #...
grant all privilege on *.* to 'table'@'%'
sudo mysql or mysql -u user -p
use
### Centos Stuff ###
add a user - sudo adduser admin
set a user password - sudo passwd admin
change to a user - su admin
add network tools - yum install net-tools
sudo yum update -y && sudo reboot
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload
BalanceMember http://192.168.0.1:80
BalanceMember http://192.168.0.2:80
ProxyPreserveHost On
ProxyPas / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
sudo service httpd restart
Installing from the vKVM - Can't have a partition outside the disk!
-Mount GParted and create partition.
UFW - Linux firewall service
ufw status
ufw status verbose
ufw disable
ufw enable
ufw reset
ufw reject out ssh
ufw allow out smtp
ufw delete reject out ssh
ufw deny proto tcp from 12.34.56.78 to any port 22
ufw allow out 25
ufw delete allow ssh
ufw delete allow 80/tcp
ufw allow proto tcp from any to any port 25
ufw delete allow proto tcp to 192.168.0.12 port 3306
ufw delete allow from 192.168.0.5 to any port 25
ufw delete allow proto tcp from any to any port 25
ufw allow 22/tcp
ufw allow 1000:2000/tcp
ufw allow proto ipv6 to
ufw app list
ufw app info _name
ufw allow _name
ufw logging on
ufw reset
y
ufw enable
y
ufw allow proto tcp from any to 192.168.0.5 port 80
ufw allow proto tcp from any to 192.168.0.5 port 443
ufw allow proto tcp from any to 192.168.0.5 port 22
ufw allow proto tcp from 192.168.0.0/24 to 192.168.1.5 port 22
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.5 port 22
ufw allow out 80/tcp
ufw allow out 443/tcp
sudo apt-get install ufw - this is the cli firewall
apt-get install gufw - this is the graphical firewall
login to mysql
mysql -u root -p
***
Create user with password
create user 'admin'@'%' identified by 'some_password';
drop user 'admin'@'%';
***
grant all privileges on *.* to 'admin'@'%';
***
revoke all privileges on *.* from 'admin'@'%';
***
flush privileges;
***
select * from mysql.user;
***
select host, user, password from mysql.user;
***
desc mysql.user
desc movies
***
ALTER USER '_user'@'localhost' IDENTIFIED BY 'New-Password-Here';
***
update _movies set movie_name = 'Harry\s Potter' where movie_id = 59;
***
desc _movies;
insert into _movies (movie_name) values ('The A-Team');
insert into _movies values (1,'Avatar',null);
***
alter table _movies add column bundle varchar(128);
***
select movie_name from _movies where movie_name like 'Harry%' order by movie_id asc;
select movie_name from _movies where series is not null order by series asc;
***
revoke all privileges on *.* from 'user'@'localhost';
grant all privileges on _db to 'user'@'localhost';
show databases;
use db_name;
select 21 * 2 as meaning_of_life;
mysql -u user_name -p db_name < mysqlscript.txt > output.txt
https://www.computerhope.com/unix/mysql.htm
mysql [options] db_name
--help
--auto-rehash
--auto-vertical-output
--batch
--bind-address=ip-address
--character-sets-dir=path
--column-names
--column-type-info, -m
--comments, -c
--compress, -C
--database=db_name, -D db_name
--default-auth=plugin
--default-character-set=char_set
--delimiter=str
--disable-named-commands
--enable-cleartext-plugin
--execute=statement, -e statement
--force, -f
--host=host_name, -h host_name
--html, -H
? - help
clear
connect - connect to server
delimiter - set statement delimeter
edit
ego - send command to mysql server, display result vertically
go - send command to mysql server
backup database
mysqldump -u root -p -h localhost _db < guac.sql
status
myisamchk - check, repair, optimize, or fetch information about a mysql database
restore
mysql
use database;
source /home/root/sql.sql
use _db
show tables;
_connection
_connection_attribute
_connection_group
_connection_group_attribute
_connection_group_permission
_connection_history
_connection_parameter
_connection_permission
_entity
_sharing_profile
_system_permission
_user
_user_attribute
_user_group
_user_group_attribute
_user_group_member
_user_group_permission
_user_history
_user_password_history
_user_permission
openssl stuff encrypted key:
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
certificate:
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
unencrypted key:
openssl pkcs12 -in filename.pfx -nocerts -nodes -out key.pem
openssl genrsa -des3 -out
openssl genrsa -out
openssl req -new -key
openssl req -new -key
openssl CSR and other stuff:
openssl genrsa -out priv.key 4096
This one here will provide a listing of certificate options that are required:
Country, State, City, Organization Name, OUnit, Common Name
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Create CSR..create this file: san.cnf somewhere
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = www.company.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.company.com
DNS.2 = company.com
DNS.3 = www.company.net
DNS.4 = company.net
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
openssl req -noout -text -in sslcert.csr | grep DNS
This command takes the private key and generates the public key to be imported here:
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem
chmod 400 my-key-pair.pem
Linux Permissions:
3 number "permission" owner | group | public
Read = 4
Write = 2
Execute = 1
Deny = x
400 means owner has read
440 means owner and group has read
444 means owner and group and public have read
600 means owner has read and write
660
666
700
770
777 - Everone full control
400, 600, 700, 440, 460, 470, 404, 406, 407, 640, 660, 670, 604, 606, 607, 740, 760, 770, 704, 706, 707, 004, 006, 007, 040, 044, 046, etc.
Apache stuff
enable ssl: a2enmod enable ssl
enable web server: a2ensite
disable web server: a2dissite
When dealing with a website the account www-data needs to have rwx or 7 as it's permission.
What I did was groupadd group_name
usermod -aG group_name user_name
chgrp group_name *
chmod -R 774 - giving the owner, and the group rwx but public r
Invoke-command -computername hvc01 -ScriptBlock {get-vm -name dc1} | select name, state
VMware stuff Reset esxi evaluation:
mv /etc/vmware/license.cfg /etc/vmware/license1.cfg
cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg
/etc/init.d/vpxa restart
new-vm from template
connect-viserver 192.168.1.1
$OSSpecs = Get-OSCustomizationSpec -Name "server-2019-dc"
$VMTemplate = get-template -name "server2019_template"
$ESXi = "192.168.1.2"
$dsc = get-datastore -name iscsi-hdd-0
$vm = "1"
New-VM -name $vm -Template $VMTemplate -OSCustomizationSpec $OSSpec -VMHost $ESXi -Datastore $dsc
New-VM -name "2" -Datastore iscsi-hdd-0 -DiskGB 60 -DiskStorageFormat thin -MemoryGB 2 -NumCpu 2 -Portgroup DMZ