Skip to main content

Posts about linux (old posts, page 3)

RSS feed

screen and tmux

command screen tmux
list -ls ls
with name -S name new -s name
attach -r [title] a [-t title]
prefix Ctrl+a Ctrl+b
new prefix+c prefix+c
switch prefix+num prerix+num
list screen prefix+" prerix+w
copy mode prefix+esc prefix+[

screen

it can connect to serial port. default baud is 9600

screen /dev/ttyS0 [baud rate]

it can create a new window which executes a specific program

screen watch -n 5 ntpq -pn

chrony

chrony is an implementation of Network Time Protocol

install

apt install chrony

sample config specify ntp server at server or ntp server pool for pool

$ grep -E -v "^#|^$" /etc/chrony/chrony.conf
server 192.168.xxx.xxx iburst minpoll 6 maxpoll 10
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3

reload configuration

systemctl status chronyd
journalctl -u chrony -f
systemctl force-reload chrony

show system track performance

chronyc tracking

show current time sources

chronyc sources

show information about drift rate and offset estimation process

chronyc sourcestats

show the last valid measurement and other information

chronyc ntpdata

server

For server settings, at least add a allow line. cmdallow and bindcmdaddress lines are optional which is for monitoring access

$ grep -E -v "^#|^$" /etc/chrony/chrony.conf
server 192.168.xxx.xxx iburst minpoll 6 maxpoll 10
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3
allow 192.168.xxx.0/24
cmdallow 192.168.xxx.0/24
bindcmdaddress 127.0.0.1
bindcmdaddress 192.168.xxx.xxx

show list of clients

chronyc clients

specify a remote host to which chronyd is to be connected (using udp/323) default is localhost

cronyc -h 192.168.xxx.xxx

ntpd

install

apt install ntp

sample config specify ntp server at server

$ grep -E -v "^#|^$" /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 192.168.xxx.xxx iburst
restrict -4 default ignore
restrict -6 default ignore
restrict 127.0.0.1
restrict ::1

reload configuration

systemctl status ntp
journalctl -u ntp -f
systemctl force-reload ntp

confirm commands

ntpq -pn
ntpq -c readlist

server

For server settings, at lease a restrict <client address> line to allow ntp clients access. If you don't add noquery, you allow the client to query your ntpd status.

$ grep -E -v "^#|^$" /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 192.168.xxx.xxx iburst
restrict -4 default ignore
restrict -6 default ignore
restrict 127.0.0.1
restrict ::1
restrict 192.168.xxx.xxx mask 255.255.255.0 nomodify notrap nopeer noquery

confirm commands

ntpq -pn <address>
ntpq -c readlist <address>

journalctl

show all messages

journalctl

show all messages from boot

journalctl -b

show messages with explanations

journalctl -x

show kernel ring buffer

journalctl -k

show messages of limitted time span

journalctl --since "2020-06-11"
journalctl --since "20 min ago"
journalctl --since "2020-06-11 00:00:00" --untill "2020-06-11 23:59:59"

show specific messages by unit, executable or process

journalctl -u networking
journalctl /usr/bin/sudo
journalctl _PID=1

show specific messages by priority or syslog facility

journalctl -p 5
journalctl -p 0..5
journalctl SYSLOG_FACILITY=10

follow new messages

journalctl -f

don't pipe output to a pager

journalctl --no-pager

Basically journal messages exist under /run/log/journal/ which is volatile directory. Below commands move journal messages directory to directory under /var/log/journal/.

echo "Storage=persistent" | sudo tee -a /etc/systemd/journald.conf
systemctl force-reload systemd-journald

You can specify directory in which journal messages saved. It would be convinient, for example, when you read other system's journal messages which is mounted on any mount point.

journalctl -D /mnt/var/log/journal -x

systemctl

show system status

systemctl status

show running or failed units

systemctl list-units
systemctl
systemctl --failed

show installed unit files

systemctl list-unit-files
ls -l /usr/lib/systemd/system /etc/systemd/system

start, stop, restart or reload a unit

systemctl start unit
systemctl stop unit
systemctl restart unit
systemctl reload unit

show status of a unit

systemctl status unit

enable or disable a unit to be started on bootstrap

systemctl enable unit
systemctl disable unit

check whether a unit is enabled or not

systemctl is-enabled unit

mask or unmask a unit to make it impossible to start it

systemctl mask unit
systemctl unmask unit

reboot or poweroff the system

systemctl reboot
systemctl poweroff

postfix

alias

$ postconf -n | grep alias
$ ls -l /etc/aliases*
$ postalias hash:/etc/aliases
$ newaliases

send mail or read mail of Maildir

$ apt install mailutils
$ echo "This is body message" | mail -s "My subject" pi
$ MAILDIR=$HOME/Maildir mail

apt-cacher-ng

make a dockerfile

$ cat Dockerfile
FROM debian:buster

RUN apt-get update \
&& apt-get install -y --no-install-recommends apt-cacher-ng \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

VOLUME ["/var/cache/apt-cacher-ng"]
EXPOSE 3142

CMD chmod 777 /var/cache/apt-cacher-ng \
&& /etc/init.d/apt-cacher-ng start \
&& tail -f /var/log/apt-cacher-ng/*

build an image

$ sudo docker build -t apt-cacher-ng:buster . | tee build.log
$ sudo docker tag apt-cacher-ng:buster apt-cacher-ng:latest

run a container

$ sudo docker run --rm -d -p 3142:3142 -v /mnt/apt-cacher-ng:/var/cache/apt-cacher-ng apt-cacher-ng:latest

test the address and port 

$ curl 192.168.xxx.xxx:3142

how to use the cache server

specify it in a config file

$ cat << END | sudo tee /etc/apt/apt.conf.d/01proxy
> Acquire::http::Proxy "http://192.168.xxx.xxx:3142/";
> END

specify it in command line

$ http_proxy=http://192.168.xxx.xxx:3142/ sudo -E apt-get install xxxx

or

$ sudo su -
# http_proxy=http://192.168.xxx.xxx:3142/ apt-get install xxxx

for docker build

$ sudo docker build --build-arg http_proxy=http://192.168.xxx.xxx:3142/ -t imagename:tagname . | tee build.log

tcpdump

tcpdump

    tcpdump 
     -w <output filename>
     -r <input filename>
     -i <interface>
     -c <packet counts>

     -n   # don't convert address and port to names
     -e   # show link level header 
     -v   # verbose output
     -xx  # print the data of each packets with link level header in hex
     -XX  # print the data of each packets with link level header in hex and ascii
     -ttt # print a delta between current and previous line

     arp
     icmp
     port <port number>
     host <ip address>

wireshark

    wireshark 
     -r <input filename>
     -R "read filter"

To know detail of read filter, see man page of wireshark-filter

cryptsetup

luks

install a package

$ sudo apt install cryptsetup

format

$ sudo cryptsetup luksFormat /dev/md0 
$ sudo cryptsetup luksDump /dev/md0

open

$ sudo cryptsetup open /dev/md0 cryptfs
$ sudo cryptsetup status cryptfs

open tcrypt device

$ sudo cryptsetup open --type tcrypt /dev/md0

format mount

$ sudo mkfs -t ext4 /dev/mapper/cryptfs 
$ sudo mount /dev/mapper/cryptfs /mnt
$ df -h /mnt

umount and close

$ sudo umount /mnt 
$ sudo cryptsetup close cryptfs

mdadm

software raid

install mdadm package

$ sudo apt-get install mdadm

make dummy files for test

$ dd if=/dev/zero of=file.img bs=2M count=0 seek=512
$ cp -p file.img file0.img
$ cp -p file.img file1.img
$ cp -p file.img file2.img
$ cp -p file.img file3.img
$ cp -p file.img file4.img
$ ls -lhs file*img

losetup

$ sudo losetup /dev/loop0 file0.img
$ sudo losetup /dev/loop1 file1.img
$ sudo losetup /dev/loop2 file2.img
$ sudo losetup /dev/loop3 file3.img
$ sudo losetup /dev/loop4 file4.img

raid0

$ sudo mdadm --create /dev/md0 -l raid0 -n 2 /dev/loop0 /dev/loop1
$ cat /proc/mdstat
$ sudo mdadm --detail /dev/md0

$ sudo mdadm --detail --scan
$ sudo mdadm --detail --scan > /etc/mdadm.conf

mkfs and mount 

$ sudo mkfs -t ext4 /dev/md0
$ sudo mount /dev/md0 /mnt
$ df -h /mnt

stop and remove settings

$ sudo mdadm --stop /dev/md0
$ sudo mdadm --zero-superblock /dev/loop0
$ sudo mdadm --zero-superblock /dev/loop1
( $ sudo rm -i /etc/mdadm.conf )

raid1

$ sudo mdadm --create /dev/md0 -l raid1 -n 2 /dev/loop0 /dev/loop1

make fail

$ sudo mdadm --stop /dev/md0
$ sudo losetup -d /dev/loop1

recover

$ sudo mdadm --assemble --scan -v
$ sudo mdadm --examine /dev/loop0

$ sudo mdadm --add /dev/md0 /dev/loop2
$ sudo mdadm --detail --scan > /etc/mdadm.conf

add extra disk

$ sudo losetup /dev/loop1 file1.img
$ sudo mdadm --add /dev/md0 /dev/loop1

make fail

$ sudo mdadm --stop /dev/md0
$ sudo losetup -d /dev/loop1

recover

$ sudo mdadm --assemble --scan -v
$ sudo mdadm --examine /dev/loop0
$ sudo mdadm --grow /dev/md0 --raid-devices=2

when disk alert has come.

$ sudo mdadm --fail /dev/md0 /dev/loop1
$ sudo mdadm --remove /dev/md0 /dev/loop1
$ sudo mdadm --add /dev/md0 /dev/loop3

if md0 has extra disk, when disk alert has come, automatically rebuild

$ sudo losetup /dev/loop0 file0.img
$ sudo mdadm --add /dev/md0 /dev/loop0
$ sudo mdadm --fail /dev/md0 /dev/loop2
$ sudo mdadm --remove /dev/md0 /dev/loop2

raid5

/dev/loop3 is extra disk for spare

$ sudo mdadm --create /dev/md0 -l raid5 -n 3 /dev/loop0 /dev/loop1 /dev/loop2 -x 1 /dev/loop3

raid10

/dev/loop4 is extra disk for spare

$ sudo mdadm --create /dev/md0 -l raid10 -n 4 /dev/loop0 /dev/loop1 /dev/loop2 /dev/loop3 -x 1 /dev/loop4