Operating System

Centos

Firewall

bash

sudo firewall-cmd --permanent --add-port=9806/tcp
sudo firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753
sudo firewall-cmd --reload

Fail2ban

sudo fail2ban-client status <segment>
sudo fail2ban-client unban <ip>

check architecture

uname -m
lscpu
cat /etc/os-release

Ssh

At client site

ssh-keygen -t rsa -b 4096

Copy the public key and paste at server site At server site

vi ~/.ssh/authorized_keys

To disable password login for specific user, edit the /etc/ssh/sshd_config, add line below

Match User <username> 
  PasswordAuthentication no

Then restart sshd service

Tunneling

-N: Do not execute a remote command. Useful when you only want to forward ports. -f: Requests SSH to go to the background just before command execution. -L: local port forwarding

ssh -N -L 33306:localhost:3306 -i /path/to/key user@remote_host

docker-compose

bash

curl -L "https://github.com/docker/compose/releases/download/v2.13.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-aarch64" -o /usr/local/bin/docker-compose

Note: Advised using official version of docker compose instead

Ubuntu / Debian

Swap file

Add swap file

bash

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile swap swap defaults 0 0" | sudo tee -a /etc/fstab

Append to /etc/fstab

/swapfile swap swap defaults 0 0

Verify

bash

sudo swapon --show
sudo free -h

Extends volume

# List block devices
lsblk -f

# Check file system
df -T

# increase volume
sudo growpart /dev/xvda 1

# resize volume
sudo resize2fs /dev/xvda1

show directory disk usage

du -sh

Show total disk usage in list

ncdu

list top 50 file/folder based on size

sudo du -h -a ./* | sort -hr | head -n 50

delete journal based on time

sudo journalctl --vacuum-time=1month

delete journal based on size

sudo journalctl --vacuum-size=1G

truncate file

truncate -s 0 filename

redirect stderr to stdout

bash

cat test.log 2>&1

delete files more than 7 days

bash

find ~/path -type f -mtime +7 -delete

Backup script

bash

#!/bin/bash

# Define the backup directory
backup_dir=~/backup

# Create the backup directory if it doesn't exist
mkdir -p "$backup_dir"

# Read input line by line
while IFS= read -r item; do
  if [ -d "$item" ]; then
    # If item is a directory, create a corresponding directory in the backup location
    mkdir -p "$backup_dir/$item"
  elif [ -f "$item" ]; then
    # If item is a file, move it to the backup location, preserving the directory structure
    mkdir -p "$backup_dir/$(dirname "$item")"
    mv "$item" "$backup_dir/$item"
  else
    echo "Skipping $item: not a valid file or directory"
  fi
done

echo "Backup completed."

MISC

Time zone

To set timezone

 sudo timedatectl set-timezone Asia/Kuala_Lumpur

Partition

List disk

fdisk -l

List block

lsblk

File system consistency check

fsck
e2fsck

Create new partition from disk

Run fdisk /dev/vdb
Press 'o' to create a new empty dos partition
Press 'n' to add new partition
Press 'p' to create as primary partition
Press 'w' to write table to disk and exit
Press enter until end
Run mkfs.ext4 /dev/vdb1 to format partition
Run mount -t ext4 /dev/vdb1 /data to mount the partition to a path

Mount automatically after restart

Run lsblk -f to get the uuid of the drive
Append UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /mount/point filesystem type options 0 0 to /etc/fstab. Example: UUID=a95ff46e-55e7-445f-8513-37b2ad1b19ca /data ext4 defaults 0 0
Run sudo mount -a to check if any error

Create user group and user

Do not create group first before create user, it will automatically create group

adduser username
passwd username
addgroup groupname

# for centos, use "wheel" instead of "sudo"
usermod -aG sudo username

Allow user to sudo without password

sudo sh -c 'echo "$(logname) ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/$(logname)' && sudo chmod 440 /etc/sudoers.d/$(logname)

Install docker (legacy)

cat /etc/os-release
lscpu
uname -m
syscap info -arch

sudo apt install docker.io
sudo curl -L "https://github.com/docker/compose/releases/download/v2.21.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose

Install official docker

sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

After configured, to install, run script below

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Window

Show wifi password

netsh wlan show profiles name=<network name> key=clear

Proxy

powershell

# add proxy
netsh interface portproxy add v4tov4 listenport=2222 listenaddress=0.0.0.0 connectport=22 connectaddress=127.0.0.1
# delete proxy
netsh interface portproxy delete v4tov4 listenport=2222 listenaddress=0.0.0.0

Bash

To execute a script that is not bash for example node, you can put header as below

bash

#!/usr/bin/env node

fzf

git status -s | fzf --multi --preview 'git diff --color=always --unified=1000 -- {-1} '

tmux

Key binding

Ctrl B

Window

Key	Description
c	Create window
,	Rename window
&	Close window
w	List window
p	Previous window
n	Next window
0 .. 9	Switch to window 0 - 9

Pane

Key	Description
;	Toggle last pane
%	Horizontal split
"	Vertical split
{	Move pane left
}	Move pane right
Up / Down / Left / Right	Switch to pane at the direction
o	Next pane
q	Show pane number
q 0 .. 9	Switch to pane number x
Ctrl + Up / Down / Left / Right	Resize pane
x	Close pane

Config

.tmux.conf

set -g base-index 1
setw -g pane-base-index 1
setw -g mouse on

Curl

curl --ssl-no-revoke
-X POST 'https://url.com'
--header 'Accept: /'
--header 'Content-Type: application/json'
--data-raw ''

Oh My Zsh

Themes

Custom DST

bash

ZSH_THEME_GIT_PROMPT_PREFIX=" [%{$fg[green]%} "
ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%}]"
ZSH_THEME_GIT_PROMPT_DIRTY="%{$fg[red]%}!"
ZSH_THEME_GIT_PROMPT_CLEAN=""

function prompt_char {
        if [ $UID -eq 0 ]; then echo "%{$fg[red]%}#%{$reset_color%}"; else echo $; fi
}

PROMPT='%(?, ,%{$fg[red]%}FAIL%{$reset_color%}
)
%{$fg[magenta]%}%n%{$reset_color%}@%{$fg[yellow]%}%m%{$reset_color%}: %{$fg_bold[blue]%}%~%{$reset_color%}$(git_prompt_info)
$(prompt_char) '

FTP

Add new user

sudo adduser --disabled-password sftpuser
sudo mkdir -p /home/sftpuser/.ssh
sudo touch /home/sftpuser/.ssh/authorized_keys
sudo chown -R sftpuser:sftpuser /home/sftpuser/.ssh
sudo chmod 700 /home/sftpuser/.ssh
sudo chmod 600 /home/sftpuser/.ssh/authorized_keys

Note: To allow ChrootDirectory and readonly, the folder need to be own by root.

Change /etc/ssh/sshd_config

Match User sftpuser
    ForceCommand internal-sftp
    AllowUsers sftpuser@163.116.223.96
    PasswordAuthentication no
    ChrootDirectory /home/sftpuser
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

Log Setting

Redirect log

Add a new config file at /etc/rsyslog.d (ensure .conf extension is used for rsyslog to recognize it)

input(type="imuxsock" HostName="SOME-NAME" Socket="/some-path" CreatePath="on")
if $fromhost == 'SOME-NAME' then /destination-path
& stop

Log rotation

Amend rsyslog in /etc/logrotate.d to rotate the log file configured in rsyslog.

/destination-path
{
  rotate 30
  daily
  dateext
  dateformat -%Y%m%d
}

Better settings

/destination-path
{
  rotate 30
  daily
  missingok
  notifempty
  compress
  delaycompress
  dateext
  dateformat -%Y%m%d
  postrotate
    systemctl restart rsyslog > /dev/null 2>&1 || true
  endscript
}

Ensure missingok and notifempty to avoid errors if the log is missing or empty.
Add compress and delaycompress for efficient storage.
Include postrotate to restart rsyslog after rotation, ensuring logs continue writing properly.

Give permission to rsyslog

Modify /etc/apparmor.d/usr.sbin.rsyslogd to grant read-write permissions to a directory not owned by rsyslog.

/some-path rwl,

r = read
w = write
l = link
k = lock (sometimes needed for file locking mechanisms)

Operating System ​

Centos ​

Firewall ​

check architecture ​

Ssh ​

RSA login ​

Tunneling ​

docker-compose ​

Ubuntu / Debian ​

Swap file ​

Append to /etc/fstab ​

Verify ​

Extends volume ​

show directory disk usage ​

Show total disk usage in list ​

list top 50 file/folder based on size ​

delete journal based on time ​

delete journal based on size ​

truncate file ​

redirect stderr to stdout ​

delete files more than 7 days ​

Backup script ​

MISC ​

Time zone ​

Partition ​

Create user group and user ​

Install docker (legacy) ​

Install official docker ​

Window ​

Show wifi password ​

Proxy ​

Bash ​

fzf ​

tmux ​

Key binding ​

Config ​

Curl ​

Oh My Zsh ​

Themes ​

FTP ​

Log Setting ​

Redirect log ​

Log rotation ​

Give permission to rsyslog ​

Operating System

Centos

Firewall

check architecture

Ssh

RSA login

Tunneling

docker-compose

Ubuntu / Debian

Swap file

Append to /etc/fstab

Verify

Extends volume

show directory disk usage

Show total disk usage in list

list top 50 file/folder based on size

delete journal based on time

delete journal based on size

truncate file

redirect stderr to stdout

delete files more than 7 days

Backup script

MISC

Time zone

Partition

Create user group and user

Install docker (legacy)

Install official docker

Window

Show wifi password

Proxy

Bash

fzf

tmux

Key binding

Config

Curl

Oh My Zsh

Themes

FTP

Log Setting

Redirect log

Log rotation

Give permission to rsyslog