Lei Zhilong

The best way to input is to output

Jul 30, 2020 - 7 minute read - Comments - Cheat Sheets

Linux

Disclaimer: This article will be updated from time to time to add new content or make any changes in exsisting sections without any notice. Using them under your own investigation in production is advised.

I. Shell

1. Use Map in Bash Shell

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

blockAWhile() {
  NW_HOST=$1
  NW_IP=$2
  NW_INTERFACE=$3

  # do some functions
  # ....
}

declare -A hostMap=( \
  ["vm-1"]="192.168.192.1" \
  ["vm-2"]="192.168.192.2" \
  ["vm-3"]="192.168.193.231" \
  ["vm-4"]="192.168.194.117" \
)

declare -A interfaceMap=( \
  ["vm-1"]="eth-081e4af4-62" \
  ["vm-2"]="eth-86680b51-5e" \
  ["vm-3"]="eth-9c111949-08" \
  ["vm-4"]="eth-21fb0d9b-fd" \
)

for eachHost in ${!hostMap[@]} ; do
  blockAWhile $eachHost ${hostMap[$eachHost]} ${interfaceMap[$eachHost]}
done

2. Three ways to start a command in shell

sh

1
sh script.sh

Default way of running a command in shell, Run commnad in a spawned sub shell process and return to current shell when the command exits,

source

1
2
3
4
source script.sh

# or use .,
. ./script.sh

Run command in current shell context rather than in a new shell and return to current shell when commnad exits.

exec

1
exec script.sh

Run commnad in current context replacing current shell with the same PID, which means the execution session will end directly after commnad exits rather than returning to previous shell.

II. iptables

1. Use *iptables to drop a packet in a static rate

1
2

iptables -A INPUT -p tcp -m statistic --mode nth --every 10 --packet 0 -j DROP
  • -p tcp: apply to tcp packets
  • -m statistic: drop based on statistic
  • --mode nth: choose the mode to drop the nth packet
  • --every n: drop one packet in every n packets
  • --packet 0: index of which packet to drop. To be exact, the index should start with 0 and be smaller than the parameter --every

2. Use *iptables to drop packets randomly with a specific ratio

1
2

iptables  -A INPUT -p tcp -m statistic --mode random --probability 0.1 -j DROP
  • --mode random: choose the random mode to drop packets
  • --probability 0.1: 10% probability of dropping packets

II. Operate interfaces in a Linux network namespace

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# show all linux network namespace
ip netns ls

# show interfaces in a linux network namespace
ip netns exec "some-linux-network-namespace-id" ip a

# Operate interfaces in a Linux network namespace
ip netns exec "some-linux-network-namespace-id" ip link set dev eth-1234 down
ip netns exec "some-linux-network-namespace-id" ip link set dev eth-1234 up

III. iperf3

Use iperf3 for network performance benchmark

Server Side

1
2

iperf3 -s -p 5201 -i 5
  • -s: Server Mode
  • -p: Port
  • -i: Interval to display statistic

Client Side

1
2

iperf3 -c 192.168.1.34 -p 5201 -b 800M  -i 1 -n 100G
  • -c: Client Mode with a specific Server address
  • -p: Port
  • -i: Interval to display statistic
  • -b: Bandwith in bps
  • -n: Number of bytes to transmit (instead of -t)
  • -t: Time in seconds to transmit for (default 10 secs)

IV. SSH

1. Keep connection active on client side

1
2
3
4
5

cd ~/.ssh

# create on if config file not present
vi config

Add this line below to the config file and this configuration will be applied to all connections from this client。

ServerAliveInterval 60

2. Keep connection active on server side

Edit /etc/ssh/sshd_config on the server side to avoid change all configuration on clients.

1
2

ClientAliveInterval 60

3. Keep connection active for current connection

Just add the option ServerAliveInterval to the ssh command line.

1
2

ssh -o ServerAliveInterval=60 user@sshserver

V. Hardware

  1. architecture
1
2
3
4
5
6

arch
# x86_64

uname -m
# x86_64
  1. kernel
1
2
3

uname -r
#3.10.0-327.el7.x86_64
  1. hardware info
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

dmidecode -q

# BIOS Information
# 	Vendor: Insyde Corp.
# 	Version: 3.63
# 	Release Date: 05/19/2017
# 	Address: 0xE0000
# 	Runtime Size: 128 kB
# 	ROM Size: 16384 kB
# 	Characteristics:
# 		PCI is supported
# 		BIOS is upgradeable
# 		BIOS shadowing is allowed
# 		Boot from CD is supported
# 		Selectable boot is supported
# 		EDD is supported
# 		Japanese floppy for NEC 9800 1.2 MB is supported (int 13h)
# 		Japanese floppy for Toshiba 1.2 MB is supported (int 13h)
# 		5.25"/360 kB floppy services are supported (int 13h)
# 		5.25"/1.2 MB floppy services are supported (int 13h)
# 		3.5"/720 kB floppy services are supported (int 13h)
# 		3.5"/2.88 MB floppy services are supported (int 13h)
# 		8042 keyboard services are supported (int 9h)
# 		CGA/mono video services are supported (int 10h)
# 		ACPI is supported
# 		USB legacy is supported
# 		BIOS boot specification is supported
# 		Targeted content distribution is supported
# 		UEFI is supported
# 	BIOS Revision: 1.0

# System Information
# 	Manufacturer: XXXX
# 	Product Name: XXXXXXX
# 	Version: XXXXX
# ...

VI. System Maintainance

1. Upgrade Fedora Distro in WSL

WSL is such a great tool for those who wanna utilize both Windows desktop and Linux shell. By using technoloy similar to Docker, WSL runs a special shared Linux kernel inside Windows and launches all sorts of Linux distro containers simultaneously. Since not booted with systemd, an error will erccur when you try to reboot any of these distros, which makes it impossible to perform an system upgrde which often requires an reboot to do so.

1
System has not been booted with systemd as init system (PID 1). Can't operate.

Hence we got to override the upgrade process to do the upgrade directly rather than during boot process. This is how I mananged to upgrade Fedora from 34 to 35 in WSL.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
sudo dnf upgrade --refresh
sudo dnf install dnf-plugin-system-upgrade
sudo dnf system-upgrade download --releasever=35

# key step
export DNF_SYSTEM_UPGRADE_NO_REBOOT=1

sudo dnf system-upgrade reboot
sudo dnf system-upgrade upgrade
sudo rpmdb --rebuilddb
sudo dnf upgrade --refresh

2. Ftp service quick deploy with vsftpd

Prerequisite

  • Aquire root privilleges, switch to root if you’re using ec2-user by
    1
    
    sudo -i
    
  • Get firewalld & selinux disabled
  • Accesible address of this EC2 instance, like a public IP on internet or an internal address inside a VPC.

Install vsftpd as service

1
2
3
yum install -y vsftpd
systemctl enable vsftpd
systemctl start vsftpd

Config vsftpd

Modify vsftpd conf file by vi /etc/vsftpd/vsftpd.conf, change the following parts of the conf file only

...
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES

....
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

# Add this variable if not present
allow_writeable_chroot=YES

...
# Passive mode config, add this part if it's not found in template
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<<REPLACE WITH YOUR ACCESSIBLE ADDRESS>>

Config SercurityGroup (Optional)

If your host is in AWS VPC you may have to config your SercurityGroup to let go ftp access. Since port 21 and passive ports from 1024 to 1048 are used, it’s crutial to allow these access in Security Groups from your expected client addresses. Adding them on AWS console or by terraform, either way is OK.

sg

Config ftp user

Add chroot list file

1
touch /etc/vsftpd/chroot_list

Add ftp user, say ftpuser is the username and /var/lib/vsftpd is its home directory

1
2
3
4
5
adduser ftpuser
passwd ftpuser
mkdir -p /var/lib/vsftpd
chomod -R ftpuser:ftpuser /var/lib/vsftpd
usermod -d /var/lib/vsftpd ftpuser

Start Server & Test

1
systemctl restart vsftpd

Access this ftp server using clients like filezilla:

client.jpg