sysctl -a
sudo sysctl net.ipv4.ip_forward=1
/etc/sysctl.conf
and apply the configuration without a reboot using sysctl -p
.htop
is an interactive process viewer:
ps -l
.
nice -n +20 top
and sudo renice -n 0 1190
respectively.kill -l
displays the signal types.
kill 1190
may be used to send a signal to a process ID, it uses the default signal SIGTERM that attempts to gracefully terminate a process. You may force a process to terminate using kill -9 1190
.killall top
may be used to send a signal to processes by name.jobs
displays the status of running processes/ jobs.bg 1
or in the forground using fg 1
. fg
without a job number brings the most recent job to the foreground.systemctl
.
systemctl list-units -t service
display all active services.systemctl status ssh
shows the status of a service including recent log information that may also be gathered using journalctl -u ssh
.systemctl [start/stop] ssh
and change the startup mode with systemctl [enable/disable] ssh
.sudo crontab -u root -l
may be used to view system-wide scheduled jobs for a user.crontab -e
that will create a configuration file under /var/spool/cron/crontabs/rich
.sudo apt update
is used to download package information from sources configured in /etc/apt/source.list.d
.apt search htop
is used to search for available packages. Whereas apt list --installed
shows the packages already installed.apt [install/remove/purge] htop
.sudo apt install kubelet=1.25.5-00
and then prevent the package from being upgraded using sudo apt-mark hold kubelet
.apt show htop
displays verbose information about a package including dependencies.sudo apt upgrade
can be used to upgrade existing packages, sudo apt dist-upgrade
in addition upgrades the Kernel and adds/removes dependant packages automatically.sudo apt-get clean
may be used to clear the apt cache to reclaim valuable diskspace.apt
is a frontend to dpkg
. dpkg -V htop
is a useful command to verify package installation.dpkg -S pstree
can be used to identify which package a command was installed from.snap
that allows an application and its dependencies to be bundled together so that it works across Linux distros.snap find firefox
.sudo snap [install/remove/refresh] firefox
. If sudo snap refresh
is run without specifying a package name all packages on the system are updated.lvdisplay
.sudo mkdir /mnt/sysimage
.sudo mount /dev/ubuntu-vg/ubuntu-lv /mnt/sysimage
sudo chroot /mnt/sysimage
.passwd root
.emergency
or single
(and a space) to the kernel command that starts with linux
respectively. Then F10 to boot.sudo fsck.ext4 /dev/sda1
may be used to run a filesystem check against an unmounted filesystem.sudo touch /forcefsck
may be used to run a filesystem check against a mounted filesystem at the next reboot.fsck
activity in /run/initramfs/fsck.log
.virsh list
may display running VMs.virsh [start/shutdown/suspend/resume] VM01
may be used to change the state of a Virtual Machine.sudo apt install docker.io
systemctl status docker
sudo usermod -aG docker rich
Note: You will have to logoff and then back in again for the permission to take effect.docker search ubuntu
. You can findout further information about an image by browsing dockerhub.docker pull ubuntu
.docker images
and obtain the IMAGE ID for subsequent commands.docker rmi 12a
.docker commit c7 ubuntu/apache2:1.0
. docker ps
would be used to obtain the CONTAINER ID.
docker images
will confirm that a new image has been created.docker run -dit -p 8081:80 ubuntu/apache2:1.0 /bin/bash
.docker attach 7e
, start apache2 /etc/init.d/apache2 start
and then exit the interactive shell with Ctrl then press P followed by Q.curl http://localhost:8081
.mkdir apache_custom
.vi Dockerfile
and add the following:
FROM ubuntu
MAINTAINER Rich <richard.b.j.hudson@gmail.com>
# Avoid confirmation messages
ARG DEBIAN_FRONTEND=noninteractive
# Update the container's packages
RUN apt update; apt dist-upgrade -y
# Install Apache and VIM
RUN apt install -y apache2 vim-nox
# Start Apache
ENTRYPOINT apachectl -D FOREGROUND
docker build -t ubuntu/apache_custom:1.0 .
docker run -dit -p 8080:80 ubuntu/apache_custom:1.0
docker run -it ubuntu /bin/bash
.
docker ps
or list all containers docker ps -all
. This set of commands can be used to obtain the CONTAINER ID for use in subsequent commands.docker attach 3bdd9cd79b2a
. If you exit the container shell the container will be stopped.docker [start/stop] 3bdd9cd79b2a
docker rm 3bdd9cd79b2a
. Note: The container has to be in a stopped state.docker run -dit -p 8080:80 ubuntu /bin/bash
.
docker ps
docker attach f9
apt update
apt install apache2
/etc/init.d/apache2 start
Note: There is no init system inside a container so you cannot run systemctl commands.
curl http://localhost:8080
.docker create -p 8080:80 ubuntu
.sudo snap install lxd
snap list lxd
sudo usermod -aG lxd rich
Note: You will have to logoff and then back in again for the permission to take effect.lxd init
.lxc launch ubuntu:22.04 container01
.
lxc image list
, obtain the FINGERPRINT for further commands.lxc image delete 6d
.lxc list
, and obtain the container name for use with further commands.lxc [start/stop/delete] container01
.lxc exec container01 bash
.
lxc exec container01 -- su --login ubuntu
.lxc config set container01 boot.autostart 1
.lxc profile create bridge-profile
.lxc profile edit bridge-profile
- the configuration should look similar to below:
config: {}
description: Network Bridge Connection Profile
devices:
eth1:
name: eth1
nictype: bridged
parent: br0
type: nic
name: bridge-profile
used_by: []
lxc launch ubuntu:22.04 container02 -p default -p bridge-profile
. Note: The default profile is loaded first, followed by the bridge-profile profile to ensure the latter overrides any conflicting settings. lxc exec container02 bash
apt install apache2
exit
lxc list
and test connectivity curl http://192.168.101.112
. Note: You can add a lxc profile to an existing container using lxc profile add container01 bridge-profile
.sudo systemctl stop apparmor
sudo systemctl disable apparmor
sudo systemctl status apparmor
getenforce
or sestatus
. To use the tools you may need to install selinux-utils, policycoreutils and selinux-basics:
sudo apt install selinux-basics selinux-utils policycoreutils
sestatus
will report disabled, enable SELinux using sudo selinux-activate
and then reboot.sudo setenforce [Enforcing/ Permissive]
, it will default to Permissive after SELinux has been enabled.sudo vi /etc/selinux/config
and adding:
SELINUX=disabled
-Z
option often works with existing commands to display context/ labels, for example ps axZ | grep apache2
and ls -Z /var/www/html
shows that the apache2 process runs in the context of httpd_t which is why it is allowed to access the files with a label of httpd_sys_content_t.semanage fcontext -a -t httpd_sys_content_t /var/www/html
.
cd /var/www/html
sudo sh -c "echo file 1 > ./file1.html"
sudo setenforce Enforcing
curl http://localhost/file1.html
sudo sh -c "echo file2 >/root/file2.html"
sudo mv /root/file2.html /var/www/html
sudo setenforce Enforcing
curl http://localhost/file2.html
sudo chcon -t httpd_sys_content_t file2.html
curl http://localhost/file2.html
sudo restorecon -RFv /var/www/html
.