@ -77,21 +77,21 @@ It is usual to change password:
#### User accounts
#### User accounts
```ad-info
```ad-command
title: Add user
title: Add user
~~~
~~~
sudo adduser 'username'
sudo adduser 'username'
~~~
~~~
```
```
```ad-info
```ad-command
title: Delete user
title: Delete user
~~~
~~~
sudo userdel -r 'username'
sudo userdel -r 'username'
~~~
~~~
```
```
```ad-info
```ad-command
title: Grant admin privileges
title: Grant admin privileges
~~~
~~~
usermod -aG sudo 'username'
usermod -aG sudo 'username'
@ -102,17 +102,29 @@ usermod -aG sudo 'username'
#### Switch between user accounts
#### Switch between user accounts
`su - (username)`
```ad-command
~~~
su - (username)
~~~
```
 
 
#### Reboot
#### Reboot
`Sudo reboot now`
```ad-command
~~~
sudo reboot now
~~~
```
Or
Or
`sudo systemctl reboot`
```ad-command
~~~
sudo systemctl reboot
~~~
```
 
 
@ -120,11 +132,19 @@ Or
1. **Check the static hostname**
1. **Check the static hostname**
`sudo hostnamectl`
```ad-command
~~~
sudo hostnamectl
~~~
```
2. **Change the hostname**
2. **Change the hostname**
`sudo hostnamectl set-hostname (hostname)`
```ad-command
~~~
sudo hostnamectl set-hostname (hostname)
~~~
```
 
 
@ -148,9 +168,17 @@ This section gives an overview of how to switch signing-in to a machine without
2 simple commands to prepare the server:
2 simple commands to prepare the server:
`mkdir -p ~/.ssh`
```ad-command
~~~
mkdir -p ~/.ssh
~~~
```
`chmod 700 ~/.ssh`
```ad-command
~~~
chmod 700 ~/.ssh
~~~
```
 
 
@ -158,13 +186,21 @@ This section gives an overview of how to switch signing-in to a machine without
On Linux & MacOS clients, the process is simple:
On Linux & MacOS clients, the process is simple:
`ssh-keygen -t rsa`
```ad-command
~~~
ssh-keygen -t rsa
~~~
```
And follow the prompts.
And follow the prompts.
You can then send the public key to the server:
You can then send the public key to the server:
`ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)`
```ad-command
~~~
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
~~~
```
 
 
@ -174,11 +210,19 @@ You can then send the public key to the server:
In order to active SSH Agent, run:
In order to active SSH Agent, run:
`ssh-agent $BASH`
```ad-command
~~~
ssh-agent $BASH
~~~
```
To add any key to the agent:
To add any key to the agent:
`ssh-add ~/.ssh/(key name)`
```ad-command
~~~
ssh-add ~/.ssh/(key name)
~~~
```
 
 
@ -186,20 +230,31 @@ To add any key to the agent:
SSH can understand scripting for ease of use. To create and edit a config file on the local machine:
SSH can understand scripting for ease of use. To create and edit a config file on the local machine:
`touch/vim ~/.ssh/config`
```ad-command
~~~
touch/vim ~/.ssh/config
~~~
```
The declaration of a connection follows this nomenclature:
The declaration of a connection follows this nomenclature:
```ad-code
>Host (scriptname) (serverIP)
~~~
> HostName (serverIP)
Host (scriptname) (serverIP)
> IdentityFile ~/.ssh/(private key path)
HostName (serverIP)
> User (remoteusername)
IdentityFile ~/.ssh/(private key path)
User (remoteusername)
~~~
```
Once set up, a connection can be called from Terminal with the following command:
Once set up, a connection can be called from Terminal with the following command:
`ssh (scriptname)`
```ad-command
~~~
ssh (scriptname)
~~~
```
 
 
@ -207,67 +262,91 @@ Once set up, a connection can be called from Terminal with the following command
To open the config file:
To open the config file:
`sudo (nano/vim) /etc/ssh/sshd_config`
```ad-command
~~~
sudo (nano/vim) /etc/ssh/sshd_config
~~~
```
The following parameters enable to restrict access to the server:
The following parameters enable to restrict access to the server:
```ad-code
> // **Enables SSH Key authentication**
~~~
// Enables SSH Key authentication
PubkeyAuthentication yes
PubkeyAuthentication yes
>
> // ** Disables password authentication (not recommended)**
// Disables password authentication (not recommended)
PasswordAuthentication no
PasswordAuthentication no
>
> // ** Disable root access (to diminish a known attack surface)**
// Disable root access (to diminish a known attack surface)
PermitRootLogin no
PermitRootLogin no
>
> // ** Disables empty passwords**
// Disables empty passwords
PermitEmptyPasswords no
PermitEmptyPasswords no
>
> // ** Set a Banner**
// Set a Banner
Banner /etc/issue.net
Banner /etc/issue.net
>
> // ** Manage White/Blacklists**
// Manage White/Blacklists
AllowUsers (username)
AllowUsers (username)
AllowGroups (groupname)
AllowGroups (groupname)
DenyUsers (username)
DenyUsers (username)
DenyGroups (groupname)
DenyGroups (groupname)
>
> // ** Change connection Port**
// Change connection Port
Port xxxxx
Port xxxxx
~~~
```
After any change of the config file, restart the SSH service:
After any change of the config file, restart the SSH service:
`sudo systemctl restart sshd`
```ad-command
~~~
sudo systemctl restart sshd
~~~
```
**Note**:
**Note**:
issue.net needs to be set:
issue.net needs to be set:
`sudo nano/vim /etc/issue.net`
```ad-command
~~~
sudo nano/vim /etc/issue.net
~~~
```
With a text as set out below:
With a text as set out below:
> Warning! Authorised use only.
```ad-code
> This server is the property of mydomain.example
~~~
Warning! Authorised use only.
This server is the property of mydomain.example
~~~
```
 
 
#### Network monitoring
#### Network monitoring
```ad-info
```ad-command
title: simple port monitoring
title: simple port monitoring
`sudo netstat -an`
~~~
sudo netstat -an
~~~
```
```
```ad-info
```ad-command
title: acti r port monitoring
title: acti r port monitoring
`sudo netstat -anp (IP/TCP/UDP)`
~~~
sudo netstat -anp (IP/TCP/UDP)
~~~
```
```
```ad-info
```ad-info
title: simple port stats
title: simple port stats
`sudo netstat -sp (IP/TCP/UDP)`
~~~
sudo netstat -sp (IP/TCP/UDP)
~~~
```
```
 
 
@ -290,32 +369,46 @@ Simple commands to access files on the server.
#### File navigation
#### File navigation
```ad-note
```ad-command
title: Explore current directory
title: Explore current directory
`ls -alh`
~~~
ls -alh
~~~
```
```
```ad-note
```ad-command
title: Change directory
title: Change directory
`cd (folder path)`
~~~
cd (folder path)
~~~
```
```
```ad-note
```ad-command
title: Find a file
title: Find a file
`sudo find / -iname (filename)`
~~~
sudo find / -iname (filename)
~~~
```
```
 
 
#### Create file
#### Create file
`touch (filepath/name)`
```ad-command
~~~
touch (filepath/name)
~~~
```
 
 
#### Edit file
#### Edit file
`vi (filepath/name)`
```ad-command
~~~
vi (filepath/name)
~~~
```
1. Press 'i' for the edit mode
1. Press 'i' for the edit mode
2. 'Esc' key to exit edit mode
2. 'Esc' key to exit edit mode
@ -325,14 +418,18 @@ title: Find a file
#### Delete files & folders
#### Delete files & folders
```ad-note
```ad-command
title: Delete file
title: Delete file
`rm (file path & name)`
~~~
rm (file path & name)
~~~
```
```
```ad-note
```ad-command
title: Delete folder and contents
title: Delete folder and contents
`rm -r (folder path)`
~~~
rm -r (folder path)
~~~
```
```
 
 
@ -341,19 +438,21 @@ title: Delete folder and contents
##### Checking file permissions
##### Checking file permissions
```ad-note
```ad-command
title: Permissions
title: Permissions
For a file: ` ls -l (file path & name)`
** For a file** : ls -l (file path & name)
For a folder: ` ls -ld (folder path)`
** For a folder** : ls -ld (folder path)
```
```
 
 
##### Changing file permissions
##### Changing file permissions
```ad-note
```ad-command
title: Change permissions
title: Change permissions
`chmod xxx (folder/file path)`
~~~
chmod xxx (folder/file path)
~~~
```
```
For x:
For x:
@ -361,28 +460,36 @@ For x:
2. write: 2
2. write: 2
3. execute: 1
3. execute: 1
```ad-note
```ad-command
title: Change owner
title: Change owner
`chown (owner):(group) (folder/file path)`
~~~
chown (owner):(group) (folder/file path)
~~~
```
```
```ad-note
```ad-command
title: Change group
title: Change group
`chgrp -R (new group) (folder/file path)`
~~~
chgrp -R (new group) (folder/file path)
~~~
```
```
 
 
##### Bulk changes
##### Bulk changes
```ad-note
```ad-command
title: Change file permission in a folder
title: Change file permission in a folder
`find (folder path) -type f -exec chmod xxx {} \;`
~~~
find (folder path) -type f -exec chmod xxx {} \;
~~~
```
```
```ad-note
```ad-command
title: Change sub-folder permission in a folder
title: Change sub-folder permission in a folder
`find (folder path) -type d -exec chmod xxx {} \;`
~~~
find (folder path) -type d -exec chmod xxx {} \;
~~~
```
```
 
 
@ -405,7 +512,11 @@ Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2
Create a directory for backup:
Create a directory for backup:
`sudo mkdir /Backup`
```ad-command
~~~
sudo mkdir /Backup
~~~
```
 
 
@ -413,11 +524,19 @@ Create a directory for backup:
Best is to launch the command from the Backup folder:
Best is to launch the command from the Backup folder:
`cd /Backup`
```ad-command
~~~
cd /Backup
~~~
```
Command:
Command:
`sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /`
```ad-command
~~~
sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /
~~~
```
Once created, the backup can be transferred using the [[#File transfer]] script.
Once created, the backup can be transferred using the [[#File transfer]] script.
@ -433,11 +552,19 @@ After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folde
1. From the server:
1. From the server:
`sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup`
```ad-command
~~~
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
~~~
```
2. From the Client's machine, instruct:
2. From the Client's machine, instruct:
`cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024`
```ad-command
~~~
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
~~~
```
 
 
@ -446,18 +573,30 @@ Or through **FTP**:
1. Send backup to the root folder over FTP
1. Send backup to the root folder over FTP
2. Copy /boot/grub/menu.lst to menu.lst.bak
2. Copy /boot/grub/menu.lst to menu.lst.bak
3. Restore
3. Restore
`sudo tar xvpfz backup.tar.gz -C /`
```ad-command
4. Recreate excluded directories
~~~
sudo tar xvpfz backup.tar.gz -C /
~~~
```
```
4. Recreate excluded directories
```ad-command
~~~
mkdir proc
mkdir proc
Mkdir lost+found
Mkdir lost+found
mkdir mnt
mkdir mnt
mkdir sys
mkdir sys
...
...
~~~
```
```
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
6. MAC address may need to be change
6. MAC address may need to be change
Check `/etc/udev/rules.d/70-persistent-net.rules`
Check:
```ad-path
~~~
/etc/udev/rules.d/70-persistent-net.rules
~~~
```
@ -475,29 +614,49 @@ Check `/etc/udev/rules.d/70-persistent-net.rules`
And how many instances:
And how many instances:
`sudo ps ax | grep (program)`
```ad-command
~~~
sudo ps ax | grep (program)
~~~
```
 
 
#### Check what program uses a port
#### Check what program uses a port
`sudo netstar -lntup | grep (port#)`
```ad-command
~~~
sudo netstar -lntup | grep (port#)
~~~
```
 
 
#### List all programs
#### List all programs
`sudo apt list --installed`
```ad-command
~~~
sudo apt list --installed
~~~
```
 
 
#### Remove a package
#### Remove a package
`sudo apt remove (package name)`
```ad-command
~~~
sudo apt remove (package name)
~~~
```
For cleaner removal:
For cleaner removal:
`sudo apt purge (package name)`
```ad-command
~~~
sudo apt purge (package name)
~~~
```