Linux Tips
General book for all Tips i found over the time.
Mainly for fixes i needed.
Common Commands
Server Administration
Smartctl
-
check all attributes about a drive
sudo smartctl -i /dev/sdX -a -
megaraid controllers (LSI something)
sudo smartctl -d megaraid,X -i /dev/sda -a
The drive polled (/dev/sda) doesn't seem to make a difference here
LVM - Add new disk and extend FS
Rescan for newly added disks without rebooting:
The command will iterate over all found host adapters and trigger a rescan.
>> for host in /sys/class/scsi_host/*; do echo "- - -" | sudo tee $host/scan; ls /dev/sd* ; done
- - -
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1 /dev/sdb2 /dev/sdc /dev/sdc1
- - -
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1 /dev/sdb2 /dev/sdc /dev/sdc1
- - -
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1 /dev/sdb2 /dev/sdc /dev/sdc1 /dev/sdd
- - -
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdb1 /dev/sdb2 /dev/sdc /dev/sdc1 /dev/sdd /dev/sdd1
The output shows when a new drive has been discovered.
LVM add "physical" disk and extend FS
- Make sure there is a Partition Table and a Partition for LVM
fdisk /dev/<disk>
>> create new gpt table: g
>> create new partition: n
>> set type of partition to lvm: t
>> show partition codes: L
>> insert type: <type from L (Linux LVM)>
>> write changes: w
- Expand existing LVM VG
pvcreate /dev/<disk-partition>
vgextend <existing-vg> /dev/<disk-partition>
- Expand existing LVM LV
# find the correct logical volume
lvdisplay | grep Path
# expand found lv
lvresize -l +100%free <lv path>
- Expand the ext4 filesystem on it
resize2fs <lv path>
Sources:
- Add disk: https://tylersguides.com/guides/how-to-add-a-disk-to-lvm/
- Extend FS: https://www.systutorials.com/extending-a-mounted-ext4-file-system-on-lvm-in-linux/
SSD Secure Erase
Secure erase commands:
Check current status of the disk:
>> sudo hdparm -I /dev/sdX
-----
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
The disk needs to be not locked, not frozen but enabled. To enable secure erase set a password for the master user on the disk.
>> sudo hdparm --user-master u --security-set-pass password /dev/sdX
-----
security_password: "password"
/dev/sdd:
Issuing SECURITY_SET_PASS command, password="password", user=user, mode=high
If something else appears, like I/O errors or so, check if you are connected to a motherboard port that supports these ATA commands. e.g. my USB Sata adapter did not, thus the commands could not be sent to the drive.
Afterwards we can erase the drive
sudo hdparm --user-master u --security-erase password /dev/sdX
-----
security_password: "password"
/dev/sdd:
Issuing SECURITY_ERASE command, password="password", user=user
After this, the drive should appear unformated and without a partition table.
User Management
SSH2 Public Key to OpenSSL format for SSH Server
To convert a given Public Key to a useful format for SSH servers use the following command. It will print out the expected format to use.
ssh-keygen -i -f /path/to/file
Software Installs
XFCE Shortcut problems
After installing XFCE i had multiple Problems with my hotkeys.
I installed XFCE on Ubuntu withsudo apt-get install xubuntu-desktop
Every step can be added atOpen Menu -> Settings -> Keyboard -> Tab Application Shortcuts.
Media Keys
Next Track
Command:
dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Next
Key:
Press the Next Track Media key.
Previous Track
Command:
dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Previous
Key:
Press the Next Track Media key.
Play/Pause Track
Command:
dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.PlayPause
Key:
Press the Play/Pause Media key.
Stop Track
Command:
dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Stop
Key:
Press the Stop Media key.
Source : man42.net Blogpost
Lockscreen and WhiskerMenu
Lockscreen
Command:xflock4
Key:
Press the Super + L Combo for Windows Like Lock
WhiskerMenu open on Super
Command:xfce4-popup-whiskermenu
Key:
Press the Super Key
Note: Super L will be displayed as Key, works still as intended.
ElasticSearch Tips
On error[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
you need to increase the value not on the guest, but on the host server, as the guest has no access to kernel variables.
Appendvm.max_map_count = 262144
in /etc/sysctl.conf
too many open files:
Increase ulimits -Hn and ulimits -Sn to more than 200000
and restart elasticearchPrograms for QOL [WIP]
Following page will list programs i use on a daily base.
ZSH
OhMyZSH
Powerlevel9k
Guake
WorkRave
MysqlWorkbench
ConEmu (Windows)
Listed cause it's the next best thing to guake on windows.
Supports Bash for Windows, cmd, powershell and more.
ConEmu on GitHub
Arch
Basic Setup
Missing japanese / non ascii characters:
yay -S noto-fonts-cjk noto-fonts-emoji noto-fonts
nextcloud-client
To get nextcloud-client working with the keychain you need to install following packages:
- libgnome-keyring
- qtkeychain
- gnome-keyring
Otherwise nextcloud-client will ask every login for credentials.
Splash Screen
Using plymouth & plymouth-encrypt
Src: Archwiki
Grub2
Schenker XMG P407
Installing Xubuntu on the P407
I stumbled across some big problems with nouveau, like i could not login or even turn of the pc properly.
First fix already happens on booting the live-cd.
You need to change the boot entry for the Installer from:
linux options options ...
to
linux options options nouveau.blacklist=1
Press F10 to apply and continue booting.
If it still does not work you need to add acpi=off additionally.
If it still does not work try acpi_osi=! acpi_osi=\"Windows 2009\"
Now install xubuntu to your liking, it might not be able to turn off successfully, just ignore that and hard reset the laptop, it should boot normally.
You need to add the same lines again to the grub bootloader as to the live-cd, so if the grub menu doesn't appear for you, boot from a live cd again and skip the next step.
Search again for the linux line and add the nouveu.blacklist=1 to the end
linux options options ...
to
linux options options nouveau.blacklist=1
Press F10 to apply and continue booting.
Now login and add /etc/default/grub as root.
There you look for the line
GRUB_CMDLINE_LINUX_DEFAULT=options
and replace it to
GRUB_CMDLINE_LINUX_DEFAULT=options noveau.blacklist=1
and apply it with sudo update-grub2.
Now to installing the latest drivers:
Remove all existing drivers on your system and update the cache.
sudo apt-get purge nvidia*
sudo apt-get update
Now look for the latest nvidia driver via apt-cache
sudo apt-cache search nvidia binary
and install the latest one (a.k.a the one with the highest number). There might be stability issues, so research a bit if there is a recommended, older one. In my case i had to install nvidia-384.
sudo apt-get install nvidia-384
The system should now be working.
Arch/Manjaro on P407
Basically the same as above, i used Manjaro Architect to get a nice i3 feeling going.
As it does not boot into a Window Manager, i had no problem with boot parameters, might need to add the noveau blacklisting and acpi if problems ensure (see above).
Use the manjaro mhwd tool to configure bumblebee and the nvidia drivers for you, easy as
sudo mhwd -a pci nonfree 0300.
To actually get the nvidia card, your window manager (lightdm or so) and x11 to work together, the acpi settings need to be set to acpi_osi=! acpi_osi=\"Windows 2009\".
This is done in /etc/default/grub, my grub cmdline:
GRUB_CMDLINE_LINUX_DEFAULT="quiet udev.log_priority=3 audit=0 acpi_osi=! acpi_osi=\"Windows 2009\""
the headphone amp is not working
Use the following package to enable the headphone amp
Also supports predefined equalizer effect
GitHub init-headphones
Surface Pro 3 Grub Boot
How to install grub2 in efi after it failed to install it automatically
-
Boot into Ubuntu LiveCD
-
Open a Terminal, access sudo
-
modprobe efivars -
Mount the installed ubuntu partition on /mnt
mount /dev/sdaX /mnt for i in /dev /dev/pts /proc /sys; do mount --bind $i /mnt$i; doneMount the efi partition in the ubuntu system partition
mount /dev/sdaX /mnt/boot/efi -
Chroot into mnt chroot /mnt
-
Check if you got access to the efi boot manager entries
efibootmgr -vIf you get errors like Input/Output error for Boot0003 or so you have to enter the entries manually later.
-
install grub:
apt-get update && apt-get install --reinstall grub-efi grub-install update-grubIf you got no error you should be done.
If you got an error on efibootmgr before you are NOT done. -
Open another terminal with sudo access
-
Look up all boot entries with
efibootmgr -vdelete all unused entries with
efibootmgr -b <X> -B- -b X defines the Boot000X number
- -B removes
-
Àdd the boot entry for your system
efibootmgr -c -d /dev/sda -p X -L "BootEntryName" -l "\efi\ubuntu\grubx64.efi"- -c creates new entry -d is the disk -p is the sdaX entry of the EFI partition
- -L is the shown Name on the Grub Loader -l is the path on the EFI Partition to the loader
on ubuntu it SHOULD BE
\efi\ubuntu\grubx64.efibut verify first!
YES BACKSLASHES NEEDED
Fixing missing EFI Boot Entry on mainboard firmware
Somehow my laptop did not want to boot into my Arch Linux installation anymore. The only message i received was an "No Operating System found" error. After backing up the data on the disk, i booted into an Ubuntu live image to investigate further.
First, I verified that a valid EFI parition was on the disk and if the EFI/GRUB/grubx64.efi file was on it. EFI boot partition looked fine, however, the laptop itself did not have any valid UEFI selection entry for the disk except the entire disk itself.
Using the tool 'efibootmgr', I check all UEFI entries for the laptop, and surprise, there was none for Arch Linux. So I added one using the following efibootmgr command.
sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 --label "Arch Linux" --loader \\EFI\\GRUB\\grubx64.efi
Relevant text from source on reddit:
Not sure if it's the same problem, but I think it's worth checking anyway.
I had trouble booting from an SSD when I tried to put it into another PC and it wouldn't see it as a bootable device.
Turns out I had to add a corresponding boot entry to the so-called NVRAM on the motherboard.
You may have skipped this step during the installation process somehow.
Try running efibootmgr from a live environment to see the current entries.
If it's not listed there, you can create it by doing something like this:
sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 --label "Arch Linux" --loader \\EFI\\GRUB\\grubx64.efi
where /dev/nvme0n1 is the device with the EFI partition, and \\EFI\\GRUB\\grubx64.efi is the path to your loader's EFI application.
Hardening
SSHD Hardened config [2018]
#
# This is Havoks hardened sshd_config
# Settings have been taken from https://infosec.mozilla.org/guidelines/openssh
Port 22
#ListenAddress 0.0.0.0
#ListenAddress ::
Protocol 2
# keys are default generated, but might need new keys as e.g. rsa is only 2048 bits long
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# only use strong ciphers and macs
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# Logging
LogLevel VERBOSE
Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
# Disable Root Login
PermitRootLogin no
PermitEmptyPasswords no
MaxAuthTries 3
# only enable pubkey
AuthenticationMethods publickey
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
AllowUsers markus
IgnoreRhosts yes