Linux/Network Notes

Linux/Network Notes

3rd March 2019 1 By George Wou
1 min read

How to find your motherboard from cli

dmidecode -t 2

Installed memory info

dmidecode -t memory

How to check if TRIM is enabled

hdparm -I /dev/sda

How to revoke acme-client letsencrypt cert

php bin/acme revoke --name example.com --server letsencrypt

 

Handy chmod/chown reference

7=rwx , 6=rw , 5=rx , 4=r , 3=wx , 2=w, 1=x , 0=none

https://chmod-calculator.com/

Most common use:

#read write execute only by me.
chmod 700 file
#read and write only by me.
chmod 600 file
#read write execute by me, read only by the rest of the group users, no rights for everyone else.
chmod 740 file
#make a script executable
chmod +x plexanalyze.sh

Take ownership if we belong to sudoers users or give to someone else(no going back there):

sudo chown user:ofgroup file
sudo chown -R user:ofgroup /mnt/downloads

 

Proper iptables config

sudo iptables -L
sudo iptables -S

default input policy should be accept, we place allow rules in the chain and then deny the rest.That way we can flush rules off a chain or all rules and not lose access to the server with

sudo iptables -F INPUT
sudo iptables -F

First rule should be

sudo iptables -A INPUT -i lo -j ACCEPT

to allow services to communicate with each other through the loopback interface of the linux host.

Next rule ,usually active by default in a clean iptables config, should be

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

which adds a rule to the input chain to retain current connections, like the current ssh session.

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

to allow ssh connections on port 22.

Last rule should be

sudo iptables -A INPUT -j DROP

which drops every packet not matching the previous allow rules.

#check iptables with line numbers
sudo iptables -L --line-numbers
#persist rules after reboot
sudo apt-get install iptables-persistent