-
Notifications
You must be signed in to change notification settings - Fork 1
/
Linux kodekloud.sh
464 lines (312 loc) · 13.3 KB
/
Linux kodekloud.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
https://kodekloudhub.github.io/kodekloud-engineer/docs/projects/nautilus
######################################## Create user ###############################
1.For security reasons the xFusionCorp Industries security team has decided to use custom Apache users for each web application hosted, rather than its default user. This will be the Apache user, so it shouldnt use the default home directory.
Create the user as per requirements given below:
a. Create a user named rose on the App server 1 in Stratos Datacenter.
b. Set its UID to 1439 and home directory to /var/www/rose.
tony@stapp01
sudo useradd -m rose -u 1439 -d /var/www/rose
cat /etc/passwd/ | grep -i rose
######################################## Create group ###############################
groupadd groupname
useradd -G groupname rose
#testing user is having or not
id rose
cat /etc/passwd |grep rose
######################################## Create a Linux User with non-interactive shell ###############################
adduser ravi -s /sbin/nologin
-s is shell
######################################## User Expiry ###############################
useradd -e "2021-12-07" rose
-e is expiry
######################################## Linux Archive ###############################
ll /data
#tar file is an archive format. These files take the place of the more widely-known zip file format and are used for both storage and transportation of groups of related files and/or directories between devices.
tar -czcf mariyam.tar.gz /data/mariyam
tar: This is the command-line utility used for archiving files and directories.
-czcf: These are options used with the tar command:
-c: Create a new archive.
-z: Compress the archive using gzip.
-f: Allows you to specify the filename of the archive.
mariyam.tar.gz: This is the name of the archive that will be created.
/data/mariyam: This is the path to the directory or files that will be included in the archive.
ll
mv mariyam.tar.gz /home/
######################################## Linux File Permission ###############################
ls -lsd /tmp/xfusioncorp.sh
-ltr: Options used with ls:
-l: Outputs the long format listing, which includes permissions, number of links, owner, group, size, and modification time.
-t: Sorts the list by modification time (newest modified files first).
-r: Displays the list in reverse order (oldest files first).
chmod o+rx /tmp/xfusioncorp.sh
chmod: This command is used to change the permissions of a file or directory.
o+rx: These are the permission changes being applied:
o: Stands for "others" (those who are neither the owner nor in the group).
+rx: Adds read and execute permissions.
r: Grants read permission.
x: Grants execute permission.
cat /tmp/xfusioncorp.sh
ls -lsd /tmp/xfusioncorp.sh
exit
sh /tmp/xfusioncorp.sh
#The sh command invokes the default shell and uses its syntax and flags.
#the shell linked to the /usr/bin/sh path is the default shell.
######################################## Linux Access Control List ###############################
'getfacl' checking ACL
'setfacl' This is a command used in Linux to set Access Control Lists (ACLs) for files and directories.
getfacl /etc/hostname
id username
'setfacl -m u:ravi:-,rod:r /etc/hostname'
getfacl /etc/hostname
-m: modify the ACLs of a file or directory.
u:anita:-: It's trying to modify the ACL for user anita by removing (-) some permissions. However, in your provided command, the specific permission to be removed is not specified. It's likely that the intention was to remove all permissions, which is denoted by - in ACLs.
eric:r: This part adds a permission to the user eric by granting them read (r) access to the file /etc/hostname.
/etc/hostname: This is the path to the file /etc/hostname whose ACLs are being modified by this command.
######################################## Linux Remote Copy ###############################
scp /tmp/nautilus.txt.gpg steve@stapp02:/tmp/
ssh steve@stapp02
cp nautilus.txt.gpg /home/opt
ls -la
######################################## Create a Cron Job Linux Server ###############################
yum install cronie -y
# Start cron service & check the status
systemctl start crond.service
systemctl status crond.service
#Check cron job for user root
crontab -u root -l
#Create a cronjob as per the task for root user
#Crontab stands for “cron table”. It allows to use job scheduler, which is known as cron to execute tasks.
crontab -e
insert cron in vi editor
#Check cron job for user root
crontab -l
#validation
ll /tmp
watch -n 5 ls -l /tmp
####################################### Cron schedule deny to users ###############
touch /etc/cron.allow
touch /etc/cron.deny
vi /etc/cron.allow
rose
vi /etc/cron.deny
eric
systemctl restart crond.service
systemctl status crond.service
####################################### Linux time zones ###############
#check existing Time Zone set for server
timedatectl
timedatectl --help
#set the time zone & verify it
timedatectl set-timezone America/Blanc-Sablon
timedatectl
####################################### Linux Firewalld Setup- Apache & Nginx server ###############
#check the existing Apache httpd & Nginx service status.
systemctl status httpd && systemctl status nginx
#Get the Apache & Nginx Listen port
#this is checking 8096 nginx
grep -i Listen /etc/httpd/conf/ht* /etc/nginx/nginx.conf/ht*
yum install -y firewalld
#Start the firewalld service , Enable and Check the status
systemctl start Firewalld
systemctl enable Firewalld
systemctl status Firewalld
#Allow the nginx port
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=8096/tcp
#Allow services http & https port
firewall-cmd --permanent --zone=public --add-service={http,https}
#Allow the Apache http port with LB host IP
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address=172.16.238.14 port protocol=tcp port=8080 accept'
#run and validate
systemctl enable nginx && systemctl status nginx
systemctl enable httpd && systemctl status httpd
firewall-cmd --reload
systemctl restart firewalld
firewall-cmd zone=public --list-all
####################################### Firewall Rule ###############
#backup server
sudo su -
firewall-cmd --permanent --zone=public --add-port=6100/tcp
firewall-cmd --reload
systemctl restart firewalld
firewall-cmd --zone=public --list-all
####################################### Linux Resource Limits ###############
a. soft limit = 1024
b. hard_limit = 2027
#edit soft and hard limit
vi /etc/security/limits.conf
nfsuser soft nproc 1024
nfsuser hard nproc 2027
cat /etc/security/limits.conf | grep nproc | grep -v ^#
------------------#######################################
----------------- Linux Level II ------------------------
------------------#######################################
####################################### Linux Banner ###############
Update the message of the day on all application and db servers for Nautilus.
Make use of the approved template located at '/tmp/nautilus_banner' on jump host
1. Copy the '/tmp/nautilus_banner' using scp command from jumpserver to
all Apps & DB servers.
#checking
ls -l /home/thor/nautilus_banner
#scp is security copy
scp -r /home/thor/nautilus_banner tony@stapp01:/tmp
scp -r /home/thor/nautilus_banner steve@stapp02:/tmp
scp -r /home/thor/nautilus_banner banner@stapp03:/tmp
scp -r /home/thor/nautilus_banner peter@stdb01:/tmp
-r: Recursively copy entire directories.
ssh tony@stapp01
sudo su -
mv /home/thor/nautilus_banner /etc/motd
#checking
ssh tony@stapp01
#For only dbserver
sudo yum install openssh-clients-y
####################################### Linux Find Command ###############
a. On App Server 2 at location /var/www/html/ecommerce find out all files (not directories) having .php extension.
b. Copy all those files along with their parent directory structure to location /ecommerce on same server.
c. Please make sure not to copy the entire /var/www/html/ecommerce directory content.
find: The command used for searching files and directories.
/var/www/html/ecommerce: The starting directory for the search.
-type f: Specifies that only files should be considered, not directories.
-name '*.php': Filters files based on the name, looking for files with the ".php" extension.
-exec cp --parents {} /ecommerce \;: For each file found, execute the cp command with the --parents option to copy the file to the "/beta" directory
while preserving its original directory structure.
#checking content
ls -l /ecommerce
#finding file
find /var/www/html/ecommerce -type f -name '*.php'
#checking count
find /var/www/html/ecommerce -type f -name '*.php' | wc -l
find /var/www/html/ecommerce -type f -name '*.php' -exec cp --parents {} /ecommerce \;
#validate
ls -l /ecommerce
####################################### Install Anisible ###############
Install ansible version 2.6.10 on Jump host.
To Install specific ansible version, required ansible repo ( refer below video)
ansible --version
vi /etc/yum.repos.d/ansible.repo
[ansible]
name=Ansible RPM repository for Enterprise Linux 7 - $basearch
baseurl=https://releases.ansible.com/ansible/rpm/release/epel-7-$basearch/
enabled=1
gpgcheck=1
gpgkey=https://releases.ansible.com/keys/RPM-GPG-KEY-ansible-release.pub
#check
cat ansible.repo
yum install ansible 4.10.0
OR
sudo pip3 install "ansible==4.10.0"
ansible --version
####################################### Install a package ###############
install the zip package on all app-servers.
check & install zip package
The command rpm -qa | grep zip is used on Linux systems to list all installed RPM packages that contain the term "zip" in their names.
This is useful for finding information about installed packages related to ZIP compression.
Heres a breakdown of the command:
rpm: This is the 'package manager command' on Red Hat-based Linux systems (like CentOS, Fedora, and Red Hat Enterprise Linux).
-qa: Query all installed packages.
|: Pipe symbol is used to send the output of the first command as input to the second.
grep zip: This part filters the list of installed packages to only show those containing the term "zip" in their names.
rpm -qa |grep epel-release
yum install epel-release -y
#validate
rpm -qa |grep epel-release
ssh -t steve@stapp02 "sudo yum install epel-release -y "
ssh -t steve@stapp02 "sudo rpm -qa |grep epel-release "
ssh -t banner@stapp03 "sudo yum install epel-release -y "
ssh -t banner@stapp03 "sudo rpm -qa |grep epel-release "
####################################### Linux Service ###############
Requirement
a. Install cups package on all the application servers.
b. Once installed, make sure it is enabled to start during boot.
yum install cups -y
systemctl enable --now cups
systemctl status cups
####################################### Linux Configure Sudo ###############
#Check user is existing & have sudo permission
id mariyam
su - mariyam
sudo cat /etc/sudoers | grep mariyam
#switch to root and provide sudo permission without a password
logout
visudo
mariyam ALL=(ALL) NOPASSWD:ALL
su - mariyam
sudo cat/etc/sudoers | grep mariyam
####################################### Linux Firewalld Setup- Apache & Nginx server Update###############
Install Firewalld (if not already installed):
sudo yum install -y firewalld # For CentOS/RHEL
# or
sudo apt-get install -y firewalld # For Debian/Ubuntu
Start and Enable Firewalld:
sudo systemctl start firewalld
sudo systemctl enable firewalld
#Allow All Incoming Connections on Nginx port (80):
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
#Block All Incoming Connections on Apache port (8080):
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
#Reload Firewalld for Changes to Take Effect:
sudo firewall-cmd --reload
#Ensure Apache and Nginx Services are Running:
# Start Apache (if not already running)
sudo systemctl start httpd
# Start Nginx (if not already running)
sudo systemctl start nginx
####################################### Linux Postfix Mail Server###############
Question: xFusionCorp Industries has planned to set up a common email server in Stork DC. After several meetings and recommendations,
they have decided to use postfix as their mail transfer agent and dovecot as an IMAP/POP3 server. We would like you to perform the following steps:
Install and configure postfix on Stork DC mail server.
Create an email account [email protected] identified by B4zNgHA7Ya.
Set its mail directory to '/home/ammar/Maildir'.
Install and configure dovecot on the same server.
login to mail server
#checking mail server is exist or not
rpm -qa | grep postfix
rpm -qa | grep devecot
yum install -y postfix
vi /etc/postfix/main.cf
remove #
myhostname = virtual.domain.tld
:set nu
myhostname = stmail01.stratos.xfusioncorp.com
remove #
mydoamin = stratos.xfusioncorp.com
remove # 99
myorigin = $mydomain
116 add#
inet_interfaces = localhost
113 remove#
inet_interfaces = all
164 add #
165 remove #
264
mynetworks = 172.16.238.0/24,127.0.0.0/8
419 remove #
home_mailbox = Maildir/
:wq!
yum install -y devecot
systemctl start postfix
systemctl status postfix
useradd ammar
passwd ammar
paste password
cat /etc/passwd | grep ammar
ls -a /home/ammar/Maildir
telnet stmail01 25
EHLO localhost
mail from:[email protected]
rcpt to:[email protected]
DATA
test mail
.
quit
mailq
su - ammar
mailq
ll
cd Maildir/
ll
cat new/16+tab
exit
yum install dovecot -y