Linux/Network Notes3rd March 2019
How to find your motherboard from cli
dmidecode -t 2
Installed memory info
dmidecode -t memory
How to check if TRIM is enabled
hdparm -I /dev/sda
How to revoke acme-client letsencrypt cert
php bin/acme revoke --name example.com --server letsencrypt
Handy chmod/chown reference
7=rwx , 6=rw , 5=rx , 4=r , 3=wx , 2=w, 1=x , 0=none
Most common use:
#read write execute only by me. chmod 700 file #read and write only by me. chmod 600 file #read write execute by me, read only by the rest of the group users, no rights for everyone else. chmod 740 file #make a script executable chmod +x plexanalyze.sh
Take ownership if we belong to sudoers users or give to someone else(no going back there):
sudo chown user:ofgroup file sudo chown -R user:ofgroup /mnt/downloads
Proper iptables config
sudo iptables -L sudo iptables -S
default input policy should be accept, we place allow rules in the chain and then deny the rest.That way we can flush rules off a chain or all rules and not lose access to the server with
sudo iptables -F INPUT sudo iptables -F
First rule should be
sudo iptables -A INPUT -i lo -j ACCEPT
to allow services to communicate with each other through the loopback interface of the linux host.
Next rule ,usually active by default in a clean iptables config, should be
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
which adds a rule to the input chain to retain current connections, like the current ssh session.
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
to allow ssh connections on port 22.
Last rule should be
sudo iptables -A INPUT -j DROP
which drops every packet not matching the previous allow rules.
#check iptables with line numbers sudo iptables -L --line-numbers #persist rules after reboot sudo apt-get install iptables-persistent