Operating System

Centos

Firewall

sudo firewall-cmd --permanent --add-port=9806/tcp
sudo firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753
sudo firewall-cmd --reload

Fail2ban

sudo fail2ban-client status <segment>
sudo fail2ban-client unban <ip>

check architecture

uname -m
lscpu
cat /etc/os-release

Ssh

RSA login

At client site

ssh-keygen -t rsa -b 4096

Copy the public key and paste at server site At server site

vi ~/.ssh/authorized_keys

To disable password login for specific user, edit the /etc/ssh/sshd_config, add line below

Match User <username> 
  PasswordAuthentication no

Then restart sshd service

Tunneling

-N: Do not execute a remote command. Useful when you only want to forward ports. -f: Requests SSH to go to the background just before command execution. -L: local port forwarding

ssh -N -L 33306:localhost:3306 -i /path/to/key user@remote_host

docker-compose

curl -L "https://github.com/docker/compose/releases/download/v2.13.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-aarch64" -o /usr/local/bin/docker-compose

Note: Advised using official version of docker compose instead

Ubuntu / Debian

Swap file

Add swap file

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile swap swap defaults 0 0" | sudo tee -a /etc/fstab

Append to /etc/fstab

/swapfile swap swap defaults 0 0

Verify

sudo swapon --show
sudo free -h

Extends volume

# List block devices
lsblk -f

# Check file system
df -T

# increase volume
sudo growpart /dev/xvda 1

# resize volume
sudo resize2fs /dev/xvda1

show directory disk usage

du -sh

Show total disk usage in list

ncdu

list top 50 file/folder based on size

sudo du -h -a ./* | sort -hr | head -n 50

delete journal based on time

sudo journalctl --vacuum-time=1month

delete journal based on size

sudo journalctl --vacuum-size=1G

truncate file

truncate -s 0 filename

redirect stderr to stdout

cat test.log 2>&1

delete files more than 7 days

find ~/path -type f -mtime +7 -delete

Backup script

#!/bin/bash

# Define the backup directory
backup_dir=~/backup

# Create the backup directory if it doesn't exist
mkdir -p "$backup_dir"

# Read input line by line
while IFS= read -r item; do
  if [ -d "$item" ]; then
    # If item is a directory, create a corresponding directory in the backup location
    mkdir -p "$backup_dir/$item"
  elif [ -f "$item" ]; then
    # If item is a file, move it to the backup location, preserving the directory structure
    mkdir -p "$backup_dir/$(dirname "$item")"
    mv "$item" "$backup_dir/$item"
  else
    echo "Skipping $item: not a valid file or directory"
  fi
done

echo "Backup completed."

MISC

Time zone

To set timezone

 sudo timedatectl set-timezone Asia/Kuala_Lumpur

Partition

List disk

fdisk -l

List block

lsblk

File system consistency check

fsck
e2fsck

Create new partition from disk

1. Run fdisk /dev/vdb
2. Press 'o' to create a new empty dos partition
3. Press 'n' to add new partition
4. Press 'p' to create as primary partition
5. Press 'w' to write table to disk and exit
6. Press enter until end
7. Run mkfs.ext4 /dev/vdb1 to format partition
8. Run mount -t ext4 /dev/vdb1 /data to mount the partition to a path

Mount automatically after restart

1. Run lsblk -f to get the uuid of the drive
2. Append UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /mount/point filesystem type options 0 0 to /etc/fstab. Example: UUID=a95ff46e-55e7-445f-8513-37b2ad1b19ca /data ext4 defaults 0 0
3. Run sudo mount -a to check if any error

Create user group and user

Do not create group first before create user, it will automatically create group

adduser username
passwd username
addgroup groupname

# for centos, use "wheel" instead of "sudo"
usermod -aG sudo username

Allow user to sudo without password

sudo sh -c 'echo "$(logname) ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/$(logname)' && sudo chmod 440 /etc/sudoers.d/$(logname)

Install docker (legacy)

cat /etc/os-release
lscpu
uname -m
syscap info -arch

sudo apt install docker.io
sudo curl -L "https://github.com/docker/compose/releases/download/v2.21.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose

Install official docker

sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

After configured, to install, run script below

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Window

Show wifi password

netsh wlan show profiles name=<network name> key=clear

Proxy

# add proxy
netsh interface portproxy add v4tov4 listenport=2222 listenaddress=0.0.0.0 connectport=22 connectaddress=127.0.0.1
# delete proxy
netsh interface portproxy delete v4tov4 listenport=2222 listenaddress=0.0.0.0

Bash

To execute a script that is not bash for example node, you can put header as below

#!/usr/bin/env node

fzf

git status -s | fzf --multi --preview 'git diff --color=always --unified=1000 -- {-1} '

tmux

Key binding

Ctrl B

Window

Key	Description
c	Create window
,	Rename window
&	Close window
w	List window
p	Previous window
n	Next window
0 .. 9	Switch to window 0 - 9

Pane

Key	Description
;	Toggle last pane
%	Horizontal split
"	Vertical split
{	Move pane left
}	Move pane right
Up / Down / Left / Right	Switch to pane at the direction
o	Next pane
q	Show pane number
q 0 .. 9	Switch to pane number x
Ctrl + Up / Down / Left / Right	Resize pane
x	Close pane

Config

Basic config .tmux.conf

set -g base-index 1
setw -g pane-base-index 1
setw -g mouse on

Advance config

# Plugins
set -g @plugin 'tmux-plugins/tpm'
set -g @plugin 'catppuccin/tmux#v2.1.3' # See https://github.com/catppuccin/tmux/tags for additional tags

set -g default-terminal "screen-256color"
set -g base-index 1
setw -g pane-base-index 1
setw -g mouse on
# set -g window-status-format '#I:#W'
# set -g window-status-current-format '#[bold]#I:#W'
# setw -g mode-keys vi
# set -gF window-status-format "#[bg=#{@ctp_surface_1},fg=#{@ctp_fg}] ##I ##T "
# set -gF window-status-current-format "#[bg=#{@ctp_mauve},fg=#{@ctp_crust}] ##I ##T "

# Configure the catppuccin plugin
set -g @catppuccin_flavor "mocha"
set -g @catppuccin_window_status_style "rounded"
set -g @catppuccin_window_text " #W"
set -g @catppuccin_window_default_text "#W"
set -g @catppuccin_window_current_text " #W"
run ~/.tmux/plugins/tmux/catppuccin.tmux

# Make the status line pretty and add some modules
set -g status-right-length 100
set -g status-left-length 100
set -g status-left ""
set -g status-right "#{E:@catppuccin_status_application}"

#set -agF status-right "#{E:@catppuccin_status_cpu}"

set -ag status-right "#{E:@catppuccin_status_session}"
set -ag status-right "#{E:@catppuccin_status_uptime}"

#set -agF status-right "#{E:@catppuccin_status_battery}"

#Initialize TMUX plugin manager
run '~/.tmux/plugins/tpm/tpm'

Curl

curl --ssl-no-revoke
-X POST 'https://url.com'
--header 'Accept: /'
--header 'Content-Type: application/json'
--data-raw ''

Oh My Zsh

Themes

Custom DST

ZSH_THEME_GIT_PROMPT_PREFIX=" [%{$fg[green]%} "
ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%}]"
ZSH_THEME_GIT_PROMPT_DIRTY="%{$fg[red]%}!"
ZSH_THEME_GIT_PROMPT_CLEAN=""

function prompt_char {
        if [ $UID -eq 0 ]; then echo "%{$fg[red]%}#%{$reset_color%}"; else echo $; fi
}

PROMPT='%(?, ,%{$fg[red]%}FAIL%{$reset_color%}
)
%{$fg[magenta]%}%n%{$reset_color%}@%{$fg[yellow]%}%m%{$reset_color%}: %{$fg_bold[blue]%}%~%{$reset_color%}$(git_prompt_info)
$(prompt_char) '

FTP

Add new user

sudo adduser --disabled-password sftpuser
sudo mkdir -p /home/sftpuser/.ssh
sudo touch /home/sftpuser/.ssh/authorized_keys
sudo chown -R sftpuser:sftpuser /home/sftpuser/.ssh
sudo chmod 700 /home/sftpuser/.ssh
sudo chmod 600 /home/sftpuser/.ssh/authorized_keys

Note: To allow ChrootDirectory and readonly, the folder need to be own by root.

Change /etc/ssh/sshd_config

Match User sftpuser
    ForceCommand internal-sftp
    AllowUsers [email protected]
    PasswordAuthentication no
    ChrootDirectory /home/sftpuser
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

Log Setting

Redirect log

Add a new config file at /etc/rsyslog.d (ensure .conf extension is used for rsyslog to recognize it)

input(type="imuxsock" HostName="SOME-NAME" Socket="/some-path" CreatePath="on")
if $fromhost == 'SOME-NAME' then /destination-path
& stop

Log rotation

Amend rsyslog in /etc/logrotate.d to rotate the log file configured in rsyslog.

/destination-path
{
  rotate 30
  daily
  dateext
  dateformat -%Y%m%d
}

Better settings

/destination-path
{
  rotate 30
  daily
  missingok
  notifempty
  compress
  delaycompress
  dateext
  dateformat -%Y%m%d
  postrotate
    systemctl restart rsyslog > /dev/null 2>&1 || true
  endscript
}

• Ensure missingok and notifempty to avoid errors if the log is missing or empty.
• Add compress and delaycompress for efficient storage.
• Include postrotate to restart rsyslog after rotation, ensuring logs continue writing properly.

Give permission to rsyslog

Modify /etc/apparmor.d/usr.sbin.rsyslogd to grant read-write permissions to a directory not owned by rsyslog.

/some-path rwl,

• r = read
• w = write
• l = link
• k = lock (sometimes needed for file locking mechanisms)