caiser

________________________ < CAISER'S HACKING NOTES > ------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || CONTENTS ======== ansible bash boot dconf docker git graphics grub lightdm luks molecule sed systemd telnet wifi wget windows xfce not added yet: git [more of it] linux preseed unsorted ANSIBLE ======= ASSUMING A CENTOS 7 VM ON LINUXACADEMY.COM, INSTALL AWX LIKE THIS sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ sudo yum install -y ansible yum-utils lvm2 make git device-mapper-persistent-data docker-ce && \ sudo pip install docker && \ sudo git clone https://github.com/ansible/awx.git && \ sudo systemctl start docker && \ sudo ansible-playbook -i ./awx/installer/inventory ./awx/installer/install.yml && \ sudo docker logs -f awx_task for git repo server get files into server init, add, commit git update-server-info sudo python -m SimpleHTTPServer 80 every restart, must redo some stuff on awx server sudo systemctl start docker && \ sudo ansible-playbook -i ./awx/installer/inventory ./awx/installer/install.yml && \ sudo docker logs -f awx_task update project IP update inventory host IP on git server update IP in roles/requirements when editing files, must re-add and commit them, and possibly update-server-info again sudo python -m SimpleHTTPServer 80 BASH ==== cool utils: vim gpm w3m lynx elinks2 cowsay aspell cmatrix aafire sl wget tmux locate: fast and easy, if you remember the name of the thing find: info coming soon better comments: BAD comment() { stuff here } # is not good # because heredocs still get run inside it # and because vars set inside comment() are still set?, and this runs any commands that must be run to set them GOOD : << 'comment' stuff that does not get interpreted like, ever comment # this is a heredoc directed into a true # it has the strongest DONT RUN THIS-ness of anything alex has yet discovered better forloop on every grepped line in file: BAD for line in $(grep thing /file); do thing for $line done # breaks if line has spaces GOOD grep thing /file | while read -r line; do thing for $line done # also the -r does some anti-breaking stuff, research this recursive expansion notation!! echo {cats,dogs,{1..3}}\ lizards\ {z..A} watch for weirdness with A..z, z..A, etc -- there's extra non-alphabetical characters in there!! w echo hi | write caiser tty1 l -s <target> <linkname> inodes same if hardlink ls -i for inodes to test perl regex: cat <file> | perl -pe 's/<regex>/MATCH/' ...and all matches in the file will be replaced with MATCH do NOT use: egrep -P '<regex>' <file> will throw error: grep: conflicting matches specified because it is broken if ! [[ "2" =~ ^[01]$ ]]; then echo "not 0 or 1" else echo "yes 0 or 1" fi the =~ enables regex on the right side for every item, store a var and then run a command which gets passed as an arg to this function can't pass plain bash commands because of too-early var resolving don't do this: "foritem somefunc &"; the bg-ing "&" won't work! solution is put "somefunc &" inside a wrapper func, then use wrapper as arg to this function foritem() { for item in $(<command which generates list>); do var1=$(<command which generates list, which includes the var $item as a neccesary part of itself>) for arg in "$@"; do $arg done done } name var based on another var notes on this are incomplete but this may be helpful anyway declare -g ${var2}${var3}_multivar=false var=${var2}${var3}_multivar echo ${!var} tar usage and help: tar -jcvf <tarball-name>.tar.bz2 /path/to/file/or/folder/to/tar -j means bz2 -c means create a tarball -v means verbose -f means give the new tarball this filename; must be directly followed by the filename and to untar: tar -jxvf <tarball-name>.tar.bz2 -c /extract/to/dir -x means extract files also: --strip-components=# # to strip leading dirs off of tar output BOOT, INSTALL, PARTITION ======================== to access BIOS/UEFI: dell systems: f2 for bios, f12 for onetime network boot hp systems: esc for bios, f5-f6 for adjusting order of items etc uefi system needs special booting config: must have /boot/efi, about 512mb is good, fat32 [preferably] or fat16, flagged as boot and efi and then the rest of your partitions as normal don't need logical partitions with uefi! is awesome! have stuff about setting up encryption here debian is easiest and best for this other installers? a fuckin mess in kickstart env for centos 7, /mnt/sysimage contains the system that's being installed the %pre script does not default run in chroot to the installed system, but %post does use %post --nochroot to change this behavior and use the $INSTALL_ROOT/ path to access the img you're generating how to make a liveimg for centos 7 and change it to be pxebootable: make a kickstart file and save it in ./ks yum install -y livecd-tools livecd-creator --config=<ks> --fslabel=liveimg livecd-iso-to-pxeboot liveimg.iso also note that when working with liveimages that you will get I/O errors if you handle too much data too fast get aroound this by telling everything to happen in /run, which is a ramdisk and gets around this problem example kickstart file for centos7 liveimg generation: install lang en_US keyboard us timezone America/Phoenix rootpw caiser part / --size 4096 --fstype ext4 selinux --disabled firewall --disabled services --enabled=NetworkManager,sshd network --bootproto=dhcp --device=link --activate repo --name=base --baseurl=http://mirror.centos.org/centos/7/os/x86_64 skipx %packages --ignoremissing @core gpm wget w3m tree tmux %end %post --nochroot --log=$INSTALL_ROOT/root/ks.log # with nochroot, $INSTALL_ROOT/ = / in liveimg echo hi %end when kickstarting: there is a thing at the beginning usually, near install , where it says url --url=HTTPS://etc or smth of the like that is not where the repos go! it is where the diskimg is stored, that you're installing from like a cd in the machine during a physical installation, except over the network instead also! stuff about groups and installing them!: yum groups list will show you the groups for environment groups, install in ks file with @^Group Name and for non-environment groups, do @Group Name some groups to remember on centos7: @core @base @x11 @gnome-desktop @gnome-apps @fonts -initial-setup -gnome-initial-setup -gnome-boxes -firstboot also good to know, but not in the groups section, higher in the file instead: skipx # dont use if you want a gui!! xconfig --startxonboot firstboot --disable eula --agreed rodsbooks.com/efibootloaders how to customize a centos iso image and kickstart from it automatically: download and mount centos iso cp all files from it into a working dir put ks file into working dir at ks.cfg; do the rest of this stuff from the working dir install cdrom graphical reboot # maybe change to halt, because otherwise with a boot order set to cd first, this will loop installs forever lang en_US keyboard us timezone America/Phoenix rootpw --plaintext root clearpart --all bootloader --location=mbr autopart selinux --disabled firewall --disabled services --enabled=NetworkManager,sshd network --bootproto=dhcp --device=link --activate %packages --ignoremissing @core @x11 @xfce-desktop %end put new packages into the Packages subdir cd Packages && createrepo -dpo .. . edit isolinux/isolinux.cfg menu file label linux menu default append ks=file:/ks.cfg # OR cdrom:/ks.cfg OR hd:LABEL=<label>:/ks.cfg which is apparently most portable/compatible but file: has worked fine # must replace all spaces with \x20! # <label> must be the same as the <label> you set in the mkisofs command mkisofs -o <outfile>.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V "<label>" . alternative maybe: instead of cdrom in the ks file, try liveimg --url=file:///<path>.img autologin on gdm, centos 7: cat > /etc/gdm/custom.conf << EOF [daemon] AutomaticLogin=<user> AutomaticLoginEnable=True EOF to autostart an app (firefox as example): mkdir -p /home/caiser/.config/autostart cat > /home/caiser/.config/autostart/firefox.desktop << EOF # autogenerate this file thru GUI and copy-paste set passwords from within kickstart file!!: user-creating and password setting appears to be bugged in centos 7 do it manually with /usr/sbin/useradd caiser # must specify entire path bcuz installer is confused about where to look for it; is not in path :P echo caiser | passwd --stdin caiser to control firefox startup stuff inside liveimg: just grab the entire fucking /home/user/.mozilla dir from something you configured nice and plonk it into the liveimg DCONF ===== view possible dconf settings gsettings list-schemas gsettings list-keys SCHEMA gsettings list-recursively SCHEMA view current dconf settings gsettings get SCHEMA KEY set dconf settings gsettings set SCHEMA KEY VALUE undo dconf settings changes gsettings reset SCHEMA KEY gsettings reset-recursively SCHEMA find the schema/key you want 1. install gui 2. for VAR in $(gsettings list-schemas | grep mate); do gsettings list-recursively $VAR >> mate_settings; done 3. change the things you want 4. run script again; output to different file 5. diff the files main config file locations /etc/dconf/profile/user /etc/dconf/db/DESKENV.d/ # DESKENV is mate here, but you may also see gnome /etc/dconf/db/DESKENV.d/locks/ /etc/dconf/profile/user underneath the line "system-db:local", add system-db:mate /etc/dconf/db/DESKENV.d/SCHEMACONFIGFILE [SCHEMA] # where SCHEMA uses slashes not dots, and it's org/mate/desktop/session rather than org/mate/session KEY='string' KEY=floating-point value # if want treated as string, use quotes! KEY=boolean /etc/dcond/db/DESKENV.d/locks/SCHEMACONFIGFILE (locks user from editing settings) SCHEMA/KEY # uses slashes and the extra "desktop" word, just like the other config file then reload settings by running dconf update useful keys idle-delay=VALUE # is a number, and in minutes DOCKER ====== about is like a compatibility layer for different linux versions - good for ubuntu-on-rhel, or etc - not good for windows-on-linux or bsd-on-linux, use a vm -- gets heavyweight and complex with that many differences from the regular kernel of the linux os its running on is a sandbox is almost a vm good for ephemeral apps - when a container starts, it runs a process; when process dies, container dies too good for easy updates - keep the base image the same, remove the old container, make a new container - can snapshot, etc. like with vms not good for containing users whom you want to keep lower-privileged - why? because they: need sudo on the host, if they're not in the docker group? howto you build a docker image first - this is like a base for all the docker containers you want to put on it then you tell it what changes to do to the image to make your desired container - discrete sets of changes are called "layers" - many docker containers on same machine may share layers - when last container with layer is deleted, layer is deleted as well has weirdness when you try to do gui, multiuser stuff in it - alex has the magic commands docker ps # lists running containers docker ps -a # lists all containers docker start <??> docker stop <??> docker build ?? # build a base image GIT === git clone REPO git checkout -b NEWBRANCH # make and switch to a new branch git branch # to check which branch you're on git add . git commit -m MESSAGE git push origin NEWBRANCH # or else NEWBRANCH will not show on the server GRAPHICS ======== nvidia-detect will help you find the right driver for your nvidia graphics card GRUB ==== reset borked password: edit grub to add: rd.break chroot touch /.autorelabel # so selinux doesn't freak LIGHTDM ======= /etc/lightdm/lightdm.conf greeter-hide-users=true greeter-setup-script=bash -c 'inputfile=$(cat /etc/motd) && zenity --warning --title "BOXTITLE" --text "$inputfile"' needs testing to ensure quotes work properly and ampersands don't need escaping /etc/lightdm/lightdm-gtk-greeter.conf background=IMGFILE LUKS ==== create a luksed device cryptsetup luksFormat <dev> cryptsetup luksOpen <dev> <name (optional?)> ls -arlt /dev/mapper | tail mkfs -t ext4 /dev/mapper/<name> mount /dev/mapper/<name> <dir> df -h <dir> manual mount/unmount of luksed device cryptsetup luksOpen <dev> <name> mount /dev/mapper/<name> <dir> umount <dir> cryptsetup luksClose <name> MOLECULE ======== install on centos 7.4 first get credentials from openstack sudo yum install -y python-virtualenv gcc gcc-c++ make openssl-devel libffi-devel && \ mkdir venvs && cd venvs && virtualenv molecule && \ source molecule/bin/activate && \ pip install --upgrade pip && pip install molecule && \ pip install shade && \ cp -r /usr/lib64/python2.7/site-packages/selinux/ ./molecule/lib64/python2.7/site-packages/ && \ mkdir ../ansible-PROJECT && cd ../ansible-PROJECT && \ molecule init --scenario-name default --role-name ansible-PROJECT --driver-name openstack && \ source /home/centos/openrc.sh && \ molecule --debug-test -s ansible-PROJECT test, converge, verify testing with testinfra expand this later SED === caiser@max:~/sedtest$ cat 3 server1: print error: paper jam server2: print worked fine server2: print error: lp0 on fire server3: webserver connected fine server1: fatal error: running Windows server2: human error: human is dead and wearing mismatched socks caiser@max:~/sedtest$ caiser@max:~/sedtest$ sed -e 's/$server[0-9]*$: .*: $.*$/servername: \1 message: \2/g' -e '/^[^:]*:[^:]*$/d' 3 servername: server1 message: paper jam servername: server2 message: lp0 on fire servername: server1 message: running Windows servername: server2 message: human is dead and wearing mismatched socks caiser@max:~/sedtest$ let's break that up: sed # calls sed -e # the stuff in the '' following it is a command to feed to sed # can use multiple sed stuff in ''; just precede every one with a -e now, inside the ''... s # is the search/replace command / # is a delimiter; you can use others if / if a thing that you need to operate on [or just escape it? does that work?] anyway, the stuff after it is the stuff to search for, and the stuff after the next one is the stuff to replace $ # start parentheses, which mark the enclosed stuff as a sed variable which can be echoed out later as \1 server[0-9]* # the string "server", followed by any digit repeated any number of times $ # end parentheses : .*: # the string ": ", followed by any character any number of times, and then another ": " $ # more parentheses and another sed variable; this one is \2 .* # any character any number of times $ # end parentheses / # the next delimiter; ending the stuff to look for and moving on to the stuff to replace it with... servername: # the literal string "servername: " \1 # whatever stuff was grabbed/matched in the first set of parentheses message: # the literal "message: " string \2 # the stuff that was matched in the second set of parentheses /g # the global command; do the preceding actions to the entirety of each line, not just to the first match in each line and then inside the next -e... posted here for easy reference and less scrolling: '/^[^:]*:[^:]*$/d' / # first delimiter ^[ WTF GET HELP I REMEMBER NONE OF THIS 3 # the filename to operate on # note that the changed contents are written to stdout and NOT back to the file unless you use sed -i [in-place edit] caiser@max:~/sedtest$ cat 1 cats dogs birds lizards cats cats cats cats cats dogs cats dogs cats dogs birds cats caiser@max:~/sedtest$ sed -e 's/ /_/g' -e 's/cats_dogs/BIRDS/g' 1 BIRDS_birds_lizards cats_cats_cats_cats BIRDS_BIRDS BIRDS_birds_cats caiser@max:~/sedtest$ # standard sed find/replace; simple enough caiser@max:~/sedtest$ cat 1 cats dogs birds lizards cats cats cats cats cats dogs cats dogs cats dogs birds cats caiser@max:~/sedtest$ caiser@max:~/sedtest$ sed '/$cats \?$\{4\}/a \ birds' 1 cats dogs birds lizards cats cats cats cats birds cats dogs cats dogs cats dogs birds cats caiser@max:~/sedtest$ notes: \{0,4\} = 0,4 \{,4\} = 0,4 \{4,\} = 4,inf caiser@max:~/sedtest$ cat 3 server1: print error: paper jam server2: print worked fine server2: print error: lp0 on fire server3: webserver connected fine server1: fatal error: running Windows server2: human error: human is dead and wearing mismatched socks caiser@max:~/sedtest$ sed -ne 's/$server[0-9]*$: .*: $.*$/servername: \1 message: \2/gp' 3 servername: server1 message: paper jam servername: server2 message: lp0 on fire servername: server1 message: running Windows servername: server2 message: human is dead and wearing mismatched socks caiser@max:~/sedtest$ # -n in conjunction with /p at the end of the command means only print the lines you did stuff to caiser@max:~/sedtest$ cat 1 cats dogs birds lizards cats cats cats cats birds birds birds birds cats dogs cats dogs cats dogs birds cats caiser@max:~/sedtest$ sed '3,5s/cats/SNAKE/g' 1 cats dogs birds lizards cats cats cats cats birds birds birds birds SNAKE dogs SNAKE dogs SNAKE dogs birds SNAKE # this '3,5s/cats/SNAKE/g' is a standard find/replace, except it only operates on the lines 3 thru 5 caiser@max:~/sedtest$ sed '/$birds \?$\{4\}/,5s/cats/SNAKE/g' 1 cats dogs birds lizards cats cats cats cats birds birds birds birds SNAKE dogs SNAKE dogs SNAKE dogs birds SNAKE caiser@max:~/sedtest$ # ... # ... # ... find a line that has at least 4 birds? then from there down to line 5, replace cats with SNAKE # for those days when you just need more snek in your life. but not too much snek sed 's/$birds \?$/!!! \1/g' 1 cats dogs !!! birds lizards cats cats cats cats !!! birds !!! birds !!! birds !!! birds cats dogs cats dogs cats dogs !!! birds cats caiser@max:~/sedtest$ # find the birds, do the thing, find the birds, do the thing, in order along line # does NOT read/edit entire line at once!!!! reads in character by character!!!! on match, does thing, then procedes!!!! sed 's/cAtS/dogs/ig' # /i means cAtS matches case-insensitively sed -n 's/foo/bar/p' # prints only matching lines sed -n '/string1/,/string2/p' # prints lines from string1 to string2 SYSTEMD ======= timers!! must start/enable the timer specifically, not the service do this by including the ".timer" suffix, like so: systemctl start test.timer and not like: systemctl start test put yr custom timers in /etc/systemd/system timer must have matching service file: "test.timer" and "test.service" alternatively, specify a differently named service file inside the timer config so it knows which one to start a simple example: test.timer file: [Unit] Description=test timer [Timer] OnCalendar=<time code here> Persistent=true [Install] WantedBy=timers.target # must have a thing in the install section for systemd enable commands to work! # systemd enable reads the install section, and does symlinks in the right places to hook everything together test.service file: [Unit] Description=test service [Service] ExecStart=/bin/bash -c '<command goes here>' # or specify an executable file path TELNET ====== apparently you can use it to send email?: telnet <smtp-server> 25 helo mail from: <sender email> rcpt to: <target email> data From: <sender email> To: <target email> Subject: <subject: <line break> # unneeded? <content> . quit WIFI ==== debian stretch, what is url to driver? /etc/network/interfaces auto wlan0 iface wlan0 inet dhcp wpa-ssid SSID wpa-psk PSK find PSK with wpa_passphrase SSID PASS is long, use gpm and a mouse to copy, usb mouse hotplugs ok ip a iwconfig ip link set wlan0 up iwlist scan ifup wlan0 to get make to work with the proprietary driver from github on debian stretch, apt install the linux-headers meta-package all for amd64 [apt search linux-header] to switch network /etc/network/interfaces iface travel inet dhcp wpa-ssid wpa-psk ifup wlan0=travel WGET ==== to wget a fanfic from fanfiction.net wget -O forging-the-sword --no-check-certificate https://www.fanfiction.net/s/3557725/{1..15}/Forging-the-Sword # adjust the -O to name the file all the pages get saved to # adjust the {1..15} for the number of chapters # adjust the url ofc to wget from Google Drive wget --no-check-certificate "https://docs.google.com/uc?export=download&id=ID" to make a quick webserver on your local machine and wget stuff from it python -m SimpleHTTPServer && wget 127.0.0.1:8000 to check your external ip address wget -qO- ifconfig.me/ip to wget a comic from smackjeeves when it's behind a mature-content filter wget --output-file="!wget_log" --execute robots=off --no-check-certificate --delete-after --keep-session-cookies --save-cookies="!wget_cookies" smackjeeves.com/mature.php?ref=COMICNAME.smackjeeves.com && wget --append-output="!wget_log" --execute robots=off --no-check-certificate --recursive --level=1 --page-requisites --convert-links --adjust-extension --no-directories --span-hosts --accept-regex "COMICNAME.smackjeeves.com/|smackjeeves.com/images/uploaded/comics/" --load-cookies="!wget_cookies" COMICNAME.smackjeeves.com/archive optional options --no-check-certificate --execute robots=off --recursive --level=inf --page-requisites --convert-links --adjust-extension --output-file="!wget_log" --retry-connrefused --tries=inf --timeout=0 --user-agent="Mozilla/5.0" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0,gzip(gfe)" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" "Mozilla/5.0 (compatible; Konqueror/3.2; Linux)" --output-document=FILENAME --input-file="!wget_input" --force-html --base=URL --no-parent --no-directories --accept --reject gif,jpg,jpeg,png,bmp,pdf,doc,docx --delete-after --keep-session-cookies --save-cookies="!wget_cookies" --post-data="user=USERNAME&password=PASSWORD" --load-cookies="!wget_cookies" OR another way to do cookies: --no-cookies --header="Cookie: name=val; name2=val2" # get cookies in this method from firefox dev tools > storage tab; ensure its open while you do the login; also say "remember me" during login WINDOWS ======= change any password on windows 7 boot to repair get command line C: # or D: or wherever Windows/system32 is at diskpart list volume exit cd Windows\System32 ren Utilman.exe Utilman.bak copy cmd.exe Utilman.exe boot normally click the Ease of Access icon net user USERNAME PASSWORD enable administrator account net user administrator /active:yes make new administrator account net user /add USERNAME PASSWORD net localgroup administrators USERNAME /add net share concfg*C:\\/grant:USERNAME,full net user USERNAME * do windows backups and system imaging wbadmin XFCE ==== #!/bin/bash xfce4-terminal --hide-borders --hide-toolbar --hide-menubar --title=deskterm --geometry=84x25+260+0 wmctrl -r deskterm -b add,below,sticky wmctrl -r deskterm -b add,skip_taskbar,skip_pager wmctrl -r deskterm -k off # save script in file, and then make the file autorun thru the autostart GUI thing UNSORTED ======== get help with a Git command <div class="codeblock">git help COMMAND </div> initial config stuff <div class="codeblock">git config --global user.name 'NAME' git config --global user.email EMAIL git config --global core.editor vi </div> view initial config settings <div class="codeblock">git config --list </div> <br><br> view git status <div class="codeblock">git status </div> BEST git log view <div class="codeblock">git log --oneline --graph --decorate -- FILE --[since, until]=[#].[years, weeks, days, minutes] <span class="codecomment"># view logs between particular times</span> --oneline <span class="codecomment"># abbreviates messages and hashes</span> --graph <span class="codecomment"># does ASCII art to show branches</span> --decorate <span class="codecomment"># shows where HEAD currently is (which branch is checked out)</span> --all <span class="codecomment"># what does this do</span> </div> <br><br> initialize git repository <div class="codeblock">git init </div> snapshot file for staging <div class="codeblock">git add </div> unstage snapshot <div class="codeblock">git reset HEAD FILE </div> quick commit everything in staging area <div class="codeblock">git commit -m 'MESSAGE' --amend <span class="codecomment"># replaces previous commit with this new one</span> </div> <br><br> move or rename file <div class="codeblock">git mv FILE </div> delete file and remove from git tracking <div class="codeblock">git rm FILE </div> don't use normal mv or rm commands in a git repo, will cause problems with nonexistent files still being tracked!! remove file from git tracking <div class="codeblock">git rm --cached FILE </div> revert file to original, discard working directory changes <div class="codeblock">git checkout -- FILE </div> <br><br> clone a repository <div class="codeblock">git clone REMOTE https:// git:// user@server:foo/bar.git remote shortname </div> list shortnames of all remote repos <div class="codeblock">git remote </div> if cloned, will say origin get all stuff from REMOTE that you don't yet have <div class="codeblock">git fetch REMOTE </div> doesn't automatically merge new data with current like fetch, but does automatically merge stuff <div class="codeblock">git pull REMOTE </div> push BRANCH to REMOTE <div class="codeblock">git push REMOTE BRANCH </div> only works if REMOTE is how it was last time you downloaded it; if it's changed, you have to get the changes and merge them before pushing <br><br> list tags <div class="codeblock">git tag </div> tag the current commit <div class="codeblock">git tag TAG </div> tag an earlier commit <div class="codeblock">git tag TAG HASH </div> tag with an annotated tag <div class="codeblock">git tag -a TAG -m 'MESSAGE' </div> tags don't automatically go to REMOTE upon push! must use <div class="codeblock">git push REMOTE TAG <span class="comment">or</span> git push --tags </div> <br><br> list branches <div class="codeblock">git branch </div> start new branch from current commit <div class="codeblock">git branch BRANCH </div> doesn't switch to new branch switch to branch <div class="codeblock">git checkout BRANCH -b <span class="codecomment"># starts and switches to branch</span> </div> checkingout a branch changes the files in yr working directory to the checkedout branch files to merge branch bar into branch foo <div class="codeblock">git checkout foo git merge bar </div> afterwards you can delete bar, because stuff was all merged and both branches point to the same commit list merged branches <div class="codeblock">git branch --merged </div> these are probably safe to delete attempting to delete an unmerged branch will display a warning message delete branch <div class="codeblock">git branch -d BRANCH </div> <br><br> merge issues? warns when you attempt merge, pauses for you to fix it <div class="codeblock">git status <span class="codecomment"># show conflicting files</span> vi FILE <span class="codecomment"># edit conflicting files, see git's handy in-file notes which should make this easy for you</span> git add <span class="codecomment"># mark files as resolved</span> git commit <span class="codecomment"># finish the merge</span> </div> <br><br> further reading: <br><br> sandofsky.com/blog/git-workflow.html<br> git-scm.com/book<br> chris.beams.io/posts/git-commit grep -i -v -C100 string target -i = case insensitive -v = find inverse -C# = surrounding # of lines to also print don't use egrep to test perl regex, it's bugged and will throw error: grep: conflicting matches specified instead use: cat <file> | perl -pe 's/<regex>/MATCH/' and all matches in <file> will be replaced with MATCH bash test if string matches regex: if ! [[ "2" =~ '^[01]$' ]]; then echo "not 0 or 1" else echo "yes 0 or 1" fi regex must be on right side /etc/audit/rules.d/ has auditd files useful utils <div class="codeblock">vim gpm elinks2 lynx w3m nano tree tmux wget git ddrescue python2.7 </div> operate line by line <div class="codeblock">while read line; do echo $line; done < file </div> add line numbers to anything <div class="codeblock">nl # ex.: ls | nl </div> copy stuff from place to place <div class="codeblock">scp SRC DEST -r <span class="codecomment"># recursive where SRC and DEST syntax is USR@BOX:/PATH SRC = * will copy everything in current dir SRC = . will copy hidden dotfiles too?</span> </div> view free disk space on partitions <div class="codeblock">df -h <span class="codecomment"># human-readable</span> -T <span class="codecomment"># view filesystem format type</span> -hiT <span class="codecomment"># check inode utilization</span> du -h <span class="codecomment"># human-readable</span> -sch <span class="codecomment"># show subdirs and space</span> </div> count words in file <div class="codeblock">wc -l <span class="codecomment"># count lines</span> </div> view segment of file <div class="codeblock">head -# tail -# <span class="codecomment">default 10</span> </div> is UTIL installed, and where <div class="codeblock">which UTIL </div> switch user <div class="codeblock">su - <span class="codecomment"># keep environment vars</span> </div> view system resource utilization <div class="codeblock">top htop free -m <span class="codecomment"># show in MB</span> ps aux |grep DAEMON |grep -v grep <span class="codecomment"># get DAEMON pid</span> </div> dd ISO to flash <br><br> remote desktop to windows <div class="codeblock"><span class="codecomment">goes on port 3389</span> xfreerdp -d NETWORK -u USER -g #% --rfx WINBOX -g <span class="codecomment"># size of resulting window</span> </div> multiline catting to file <div class="codeblock">cat >> DEST << EOF content goes here line 2 of content more content, etc EOF </div> show package to install to get UTIL (rhel-based) <div class="codeblock">yum whatprovides UTIL </div> deal with user accounts <div class="codeblock">adduser USER <span class="codecomment">equivalent to</span> useradd -d /home/USER USER passwd USER mkdir /home/USER chown USER:USER USER cp .bashrc, etc </div> <div class="codeblock">userdel -r <span class="codecomment"># removes homedir too otherwise doesn't remove homedir, but everything else homedir still owned by deleted uid</span> </div> change user account settings <div class="codeblock">passwd chfn chsh SHELL <span class="codecomment">/bin/bash, /bin/false, /usr/sbin/nologin</span> </div> important file locations <div class="codeblock">/etc/passwd /var/log </div> <h1>preseed with partman section</h1> designed on debian jessie<br> partman section has complex instructions for partitioning, lvm, and two kinds of raid<br> still unknown: which partman commands are necessary to confirm all the shit <br><br> preseed file looks like this <div class="codeblock">d-i debian-installer/locale string en_US d-i keyboard-configuration/xkb-keymap select us d-i netcfg/choose_interface select eth0 d-i netcfg/disable_autoconfig boolean true d-i netcfg/dhcp_failed note d-i netcfg/dhcp_options select Configure network manually d-i netcfg/get_ipaddress string 10.227.2.22/24 d-i netcfg/get_netmask string 255.255.255.0 d-i netcfg/get_gateway string 10.227.2.1 d-i netcfg/get_nameservers string 10.227.2.5 d-i netcfg/confirm_static boolean true d-i netcfg/get_hostname string a227-12 d-i netcfg/get_domain string cis226.a227.cis d-i netcfg/hostname string a227-12 d-i hw-detect/load_firmware boolean true d-i mirror/country string manual d-i mirror/http/hostname string ftp.us.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string d-i mirror/suite string stable d-i mirror/http/proxy string http://server.cis226.a227.cis:3128 d-i passwd/root-password password class297z d-i passwd/root-password-again password class297z d-i passwd/user-fullname string caiser d-i passwd/username string caiser d-i passwd/user-password password class297z d-i passwd/user-password-again password class297z d-i clock-setup/utc boolean false d-i time/zone string US/Arizona d-i clock-setup/ntp boolean true d-i partman-auto/method string raid d-i partman-auto/disk string /dev/sda /dev/sdb /dev/sdc d-i partman-auto-lvm/new_vg_name string vg_sys d-i partman-auto/expert_recipe string finaltest :: \ 1000 1000 1000 raid \ $primary{ } \ $bootable{ } \ $lvmignore{ } \ method{ raid } \ . \ 1000 1000 1000 raid \ $primary{ } \ $lvmignore { } \ method{ raid } \ . \ 750 750 750 raid \ $primary{ } \ $lvmignore { } \ method{ raid } \ . \ 4250 4250 4250 raid \ $lvmignore { } \ method{ raid } \ . \ 3500 3500 3500 raid \ $lvmignore { } \ method{ raid } \ . \ 10500 10500 10500 raid \ $lvmignore { } \ method{ raid } \ . \ 4000 4000 4000 xfs \ $defaultignore{_} \ $lvmok{ } \ lv_name{ home } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ xfs } \ mountpoint{ /home } \ . \ 4000 4000 4000 xfs \ $defaultignore{_} \ $lvmok{ } \ lv_name{ squid } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ xfs } \ mountpoint{ /var/spool/squid3 } \ . \ 512 4000 1000000000 ext4 \ $defaultignore{_} \ $lvmok{ } \ lv_name{ deleteme } \ method{ lvm } \ . d-i partman-auto-raid/recipe string \ 1 3 0 ext4 / /dev/sda1#/dev/sdb1#/dev/sdc1 . \ 1 3 0 ext4 /tmp /dev/sda2#/dev/sdb2#/dev/sdc2 . \ 1 3 0 swap - /dev/sda3#/dev/sdb3#/dev/sdc3 . \ 5 3 0 ext4 /usr /dev/sda5#/dev/sdb5#/dev/sdc5 . \ 5 3 0 ext4 /var /dev/sda6#/dev/sdb6#/dev/sdc6 . \ 5 3 0 lvm - /dev/sda7#/dev/sdb7#/dev/sdc7 . d-i preseed/late_command string lvremove -f vg_sys/deleteme d-i partman-lvm/confirm boolean true d-i partman-md/confirm boolean true d-i partman/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true d-i partman-md/confirm_nooverwrite boolean true d-i partman/confirm_nooverwrite boolean true d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i mdadm/boot_degraded boolean true d-i partman/mount_style select label tasksel tasksel/first multiselect standard, ssh-server popularity-contest popularity-contest/participate boolean false d-i grub-installer/only_debian boolean true d-i grub-installer/bootdev string /dev/sda d-i finish-install/reboot_in_progress note </div> <br><br> when preseeding over network, the thing uses some default networking setup which is likely not what you want<br> this also screws up the hostname<br> to make it stop and redo the network config once it's grabbed the preseed files, put this in yr main preseed file <div class="codeblock">d-i preseed/run string RUNSCRIPT d-i preseed/include string NETCONF </div> where RUNSCRIPT is the name of the file that has this for contents <div class="codeblock">kill-all-dhcp; netcfg </div> and NETCONF is the name of a file that looks like part of a preseed file and contains the network config you want<br> tip: it'll look for those files in the same dir as it got the original preseed file from, unless specified otherwise <br><br> hostname can alternatively be fixed thru boot parameter? <div class="codeblock">auto url=PRESEEDURLHERE hostname=HOSTNAMEHERE </div> <br><br> there may only be one instance of preseed/late_command<br> to use preseed/late_command, chroot to /target or use in-target<br> <div class="codeblock">d-i preseed/late_command string \ in-target wget -O OUTPUTNAME URL \ # URL may be from same place as preseed files! in-target bash OUTPUTNAME \ in-target rm OUTPUTNAME </div> if doing bash scripts in preseed/late_command, prefix most things with "in-target" except for echo commands<br> if echo commands are sent to append to files, the files need /target/ at the front of the path <div class="codeblock">echo '*.* @@syslog:514' >> /target/etc/rsyslog.conf </div> pipes are a thing i have not yet figured out how to get working in late_command <br><br><br> to enable debug mode (this is very helpful if you keep getting asked a question) <div class="codeblock">still need to figure this out </div> <br> further reading: <br><br> hands.com/d-i systemctl set-default graphical.target /etc/dconf/profile/user + system-db: mate after changing things, run dconf update lauri.vosandi.com starngely org.mate.background in schema listsings must be org.mate.desktop.background in dconf settings fikles ansible on localhost ansible-playbook -i "localhost," -c local playbook.yml -i "localhost," -c local NOT NEEDED WHEN - name: testing playbook locally hosts: localhost connection: local user: root tasks: -name: etc... handlers only run when another task is reported as changed ansible must be idempotent when running shell script, check exit code use register and changed_when, otherwise molecule --debug test -s ansible-mate test, verify, converge --debug is optional yum whatprovides UTIL xkcd.com/1296 i.imgur.com/YsbKLlg1.gif gpm git tree elinks2 wget make df -h du -sch # shows subdirs and space free -m # ram info ps aux |grep DAEMON |grep -v grep which COMMAND /var/log peltier device tar OPTIONS NEWFILE TARGET c # create new tarball t # test tarball (list / search for files within) x # extract from tarball/compression z # call gzip f # force the command, may overwrite (?) v # verbose; lists each file as it operates read the man pages for tar!! find IN-DIR OPTIONS -name 'FILENAME #searches current dir by default -iname 'FILENAME' ignore case -not -name 'FILENAME ? -type -type l -type f -size +-# #bytes +-#MK mega, kilobytes -mtime # # modtime >= # days ago -mtime -# # less than # days ago -atime # access time -user USERNAME # owned by user -perm ### # files with that permissions -exec BASHSCRIPT {} \; takes results of find and runs bashscript on them; good with chmod locate #quicker, less flexible, must know case of filename updatedb #for locate df -hTi # check inodes, needed for file pointers!! if run out, cant use andy remaining space wc -l # count lines VI find/replace :s/old/new %first occurrence on line :s/old/new/g # all occurrences on likne :%s/old/new/g # entire file execute unix comand :!COMMAND save as :w FILENAME :#,# w FILENAME # selective wirte pastefrom file :r FILENAME go to line # [esc]# [shift]+g :line #view line numbers :syn on molecule --debug-test -s ansible-PROJECT test, converge, verify find + unmount only bind mounts: findmnt -Pno source,fsroot,target,maj:min | sort -sVk 4.11 | uniq --all-repeated=prepend -f 3 | sed '/^$/,+1d' | tac | awk -F'"' '{print $6}' | xargs umount -l findmnt: pull relevant info + logging info that is unneeded here but may be useful in other ways sort: by device number but KEEP original time-based order otherwise uniq: find + print all lines w/ duplicated device numbers and add leading newlines to each group sed: search + find leading newlines, rm them and the lines directly after; this rms the original mounts, which are the sources and were not made w/ bind tac: reverse order; newest mounts first [important!] awk: get path to each xargs: unmount lazy each found bind mount, starting with the ones that are newest and might be layered over others uname -r date +%F hostname uptime mount # is different than mount <dev> <target> df -h lsblk xfreerdp -u <user> -g <percent or dimensions, ex.: 90%, 1920x980> <target> fonts there are some good free fonts out there DejaVu Sans is most like Verdana, better looking maybe at larger sizes but Verdana has the edge in smaller sizes Roboto Slab and Roboto Condensed are great for headings Liberation Serif is very like Times New Roman and its Sans version is very like Arial Open Sans looks like Calibri Input isnt as free as the others but is damn good-looking and Indento is cool as well Ubuntu is kind of cool Alte Haas Grotesk is also cool archlinux wiki pages are great at everything, download them maybe? TO LIST PLUGGED IN IFACES BUT NOT LOOPBACK ip -oneline link | grep "LOWER_UP" | awk '{print $2}' | awk -F ":" '{print $1}' | grep -v lo TO GET CONNECTION NAME WHEN GIVEN AN IFACE nmcli con show | tail -n +2 | grep IFACE GETS NAMES OF ALL CONNECTIONS CURRENTLY PLUGGED IN while read -u 10 line; do # whole line read into if $(echo $line | grep -q -w $iface); then conname=$(echo $line | awk -F "TAB DELIMITER HERE, HOW TO? (and then check it's actually tab)" '{print $1}') fi done 10<<< "(nmcli con show | tail -n +2)" OR TRY nmcli con show --active EITHER WAY need to name the resulting vars based on the content of other vars AND THEN names of all plugged-in connections are safely stored in the vars plug in all connections now iterate thru nmcli line-by-line and compare connames with the vars if match, leave alone if not, takedown and rebuild to specifications for network testing SMARTCTL smartctl -H will report OK even if smart tests are not working SMARTCTL NOTES view smart info if smart is enabled and device is capable: smartctl -i /dev/DISK enable smart: smartctl --smart=on /dev/DISK view basic health report: smartctl -H /dev/DISK run a test: smartctl -t short,long,conveyance /dev/DISK get estimate on how long tests will take: smartctl -c /dev/DISK list all test results: smartctl -l selftest /dev/DISK please note that smartctl built-n foregrounding/wait-time-tracking with -C causes errors sometimes instead use smartctl -a /dev/DISK to get all information about the smartctl data for that disk and grep for the number code indicating a running test, in a while loop, to release when true also apparently smartctl doesn't detect errors until that block has been interacted with, so running a long smartctl after badblocks is good? badblocks with default number of passes takes about a day per terabyte of disk bit of handy bash to list all DISKs you have attached to the machine: lsblk -dno name,type | grep -v sr use it with a for loop to iterate tests over every disk also grep out any cd drives or virtual disks that you have messing things up LVM NOTES system-storage-manager? cfdisk with part size pvcreate /dev/DEV1 /dev/DEV2 pvdisplay vgcreate VGNAME PV vgextend VGNAME PV vgdisplay --size -L lvcreate #m VGNAME -n LVNAME lvdisplay ls /dev/mapper mkfs -t ext4 /dev/mapper/VGNAME-LVNAME mount /dev/mapper/VGNAME-LVNAME /MNTPOINT pvremove /dev/DEV pvresize --setphysicalvolumesize #m DEV disk screwed up, don't force this lvextend lvreduce lvresize lvremove -r = resize fs along with lv lvresize -l +100%free VG/LV reformat with parted, cfdisk hangs on errors START A SIMPLE PXEBOOT SERVER ON CENTOS 7 SERVER tftp ROOTDIR specified in tftp config ROOTDIR can be whatever you want, just pick a good place to store all the files bootloader pxelinux.0, location specified in dhcp config, usually ROOTDIR/pxelinux/../BOOTLOADER bootloader menu config autolocated, defaults to ROOTDIR/pxelinux/pxelinux.cfg/default can make ones named after uuid mac ip of the machine or group of machines you want to pxeboot kernel vmlinuz0, location specified in bootloader menu config, usually ROOTDIR/pxelinux/../KERNEL initrd, kickstart, etc locations also specified in bootloader menu config dnsmasq serves dhcp and tftp python serves http install/config dnsmasq start/enable dnsmasq restart network mkdirs and put files in them stop selinux from fucking things up may also need to disable firewall start python http server If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot-loader path, for example: dhcp-boot=pxelinux/pxelinux.0,10.0.0.11 script for yum install dnsmasq mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak cat > /etc/dnsmasq.conf <<EOF port=0 # disable dns server dhcp-range=IPSTART,IPEND,6h # dhcp ip range to serve #dhcp-host=MAC,IP,HOSTNAME,infinite # reserved ip for specific host dhcp-boot=pxelinux/../BOOTLOADER # path relative to tftp-root, usually pxelinux.0 enable-tftp tftp-root=ROOTDIR EOF systemctl enable dnsmasq systemctl start dnsmasq systemctl restart network mkdir ROOTDIR semanage fcontext -a -t tftpdir_t "ROOTDIR(/.*)?" restorecon -R -v ROOTDIR mkdir ROOTDIR/pxelinux mkdir ROOTDIR/pxelinux/pxelinux.cfg cat > ROOTDIR/pxelinux/pxelinux.cfg/default <<EOF prompt 0 # disable boot: prompt default LABEL # default thing to boot timeout 0 # time til auto default boot label LABEL kernel KERNEL # path relative to bootloader location not tftp-root!, usually vmlinuz0 append initrd=INITRD ks=http://KICKSTART # etc etc EOF CLIENT client told to boot from network client requests ip from dhcp server client requests bootloader location from dhcp server bootloader downloaded over tftp bootloader menu config downloaded over tftp kernel downloaded over tftp initrd downloaded over tftp kickstart and etc downloaded over whatever protocol, usually http uefi pxeboot files go in ROOTDIR/efi/ FOR EFI, ADD: vi /etc/dnsmasq.conf # and add: dhcp-boot=efi/BOOTLOADER # usually BOOTX64.efi mkdir ROOTDIR/efi FOR PXEBOOTING ON KVM VMS ON CENTOS it is weird. ON KVM SERVER virsh net-dumpxml default > default.bak virsh net-edit default + <tftp root='ROOTDIR'/> # make a tftp server on this machine at ROOTDIR, goes just after the line about the ip address + <bootp file='pxelinux/BOOTLOADER' server='IP'/> # specify location of bootloader, goes just after range, maybe not need stuff about serverIP if the server and this server are the same machine? virsh net-destroy default virsh net-start default not tested with python webserving, because the live image i wanted was transferred entirely over tftp also did these, but dunno if they had anything to do with it working: modprobe nf_nat_tftp setenforce 0 you don't need dnsmasq if you do it in virsh because virsh makes its own tftp server might be able to mess with this to get vms to pxeboot from other vms, maybe put them on separate networks? INSTALL XFCE ON CENTOS 7 CORE sudo yum install -y epel-release # because this stuff isn't in the default repositories sudo yum groupinstall -y "X Window System" sudo yum groupinstall -y xfce sudo systemctl get-default # if multi-user.target, you need this next part sudo systemctl set-default graphical.target sudo systemctl isolate graphical.target FOR EASY COPY-PASTING sudo yum install -y epel-release && \ sudo yum groupinstall -y "X Window System" && \ sudo yum groupinstall -y xfce && \ sudo systemctl set-default graphical.target && \ sudo systemctl isolate graphical.target CUSTOMIZE CENTOS ISO use livecd-tools and livecd-iso-to-pxeboot with a kickstart file "" Both of those are variables for the LiveCD environment. $INSTALL_ROOT is for the root of the filesystem of the LiveCD that will eventually be compressed. This is where all of the packages get installed during the build process. Use this if you want the files on the LiveCD OS filesystem. $LIVE_ROOT is the root of the CD. Use this if you want the files available without having to boot to the LiveCD or uncompressing the filesystem on the CD. For example, you would copy files to $LIVE_ROOT if you wanted to be able to put the CD in a running system and see them. As in your post above, /EFI, /isolinux, /LiveOS. There is no variable for the root of the installed (host) system. You retain access to it by using the %post --nochroot To start simply, you could attempt something like: Code: ... %post --nochroot touch $INSTALL_ROOT/this-is-install-root touch $LIVE_ROOT/this-is-live-root ... "" SIMPLE CENTOS KICKSTART CONFIGURATION WITHOUT GUI FOR PXE install cmdline lang en_US keyboard us timezone America/Phoenix reboot rootpw --plaintext caiser user --name=caiser --plaintext --password=caiser part / --size 4096 --fstype ext4 selinux --disabled firewall --disabled services --enabled=NetworkManager,sshd network --bootproto=dhcp --device=link --activate repo --name=base --baseurl=http://mirror.cogentco.com/pub/linux/centos/7/os/x86_64/ skipx %packages --nobase --ignoremissing @core tree wget %end try without?: url --url="http://mirror.cogentco.com/pub/linux/centos/7/os/x86_64/" makes a real pretty error if you try to give the pxeboot environment an iso instead of a kernel or initrd SIMPLE CENTOS KICKSTART CONFIGURATION WITH GUI eula --agreed firstboot --disabled KICKSTART MAKE PASSWORD ENCCRYPTED HOWTO ########### # MAKE A RHEL7 PXEBOOT SERVER! # ADAPTED FROM http://www.tecmint.com/install-pxe-network-boot-server-in-centos-7/ # SERVER MUST FIRST BE CONF'D WITH A STATIC IP ADDRESS IN SAME NETSEGMENT AS PXE CLIENTS yum install -y dnsmasq mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak wget -O /etc/dnsmasq.conf caiser.net/classes/ap/serv_dnsmasq.txt yum install -y syslinux yum install -y tftp-server cp -r /usr/share/syslinux/* /var/lib/tftpboot mkdir /var/lib/tftpboot/pxelinux.cfg touch /var/lib/tftpboot/pxelinux.cfg/default wget -O /var/lib/tftpboot/pxelinux.cfg/default caiser.net/classes/ap/serv_tftpdef.txt scp student@172.16.49.1:/home/student/Desktop/ISOs/CentOS-7-x86_64-DVD-1511.iso centos7.iso mount -o loop /root/centos7.iso /mnt # to check mount: ls /mnt mkdir /var/lib/tftpboot/centos7 cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/centos7 cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/centos7 yum install -y vsftpd cp -r /mnt/* /var/ftp/pub chmod -R 755 /var/ftp/pub systemctl start dnsmasq systemctl status dnsmasq systemctl start vsftpd systemctl status vsftpd systemctl enable dnsmasq systemctl enable vsftpd netstat -tulpn firewall-cmd --add-service=ftp --permanent # port 21 firewall-cmd --add-service=dns --permanent # port 53 firewall-cmd --add-service=dhcp --permanent # port 67 firewall-cmd --add-port=69/udp --permanent # port for TFTP firewall-cmd --add-port=4011/udp --permanent # port for ProxyDHCP firewall-cmd --reload # apply rules # check ftp server on different pc: ftp://172.16.49.201/pub