- hardware spec
- get system info
- set system info
- process
- user management
- service
- system encoding
- applications
- burn bootable usb stick
- remove system
- Q&A
- others
references:
- Environment Variables
- 16 Commands to Check Hardware Information on Linux
- Using Commands to Display System Information
- 30 Useful Linux Commands for System Administrators
- 90 Linux Commands frequently used by Linux Sysadmins
- 50 UNIX / Linux Sysadmin Tutorials
- 50 Most Frequently Used UNIX / Linux Commands (With Examples)
- Top 25 Best Linux Performance Monitoring and Debugging Tools
- dmidecode – A Best Tool to Get System Hardware Information on Linux
- 17 Ways to check size of physical memory (RAM) in Linux
- Top 15 tools to monitor disk IO performance with examples
- How To Find Linux System Details Using inxi
- Tutorial: Beginners guide on linux memory management
drop caches
$ sudo bash -c "echo 3 > /proc/sys/vm/drop_caches"
hardware spec
[!TIP] list info
glances
hwinfo
lshw
lscpu
lsmem
lspci
lsscsi
lsusb
inxi
(inxi --recommends
,inxi -F|--full
)lsblk
lsof
ncdu
- a disk utility for Unix systemsfdisk
blkid
- command-line utility to locate/print block device attributesmount
free
dmidecode
hdparm
lstopo-no-graphics
hwloc-ls
/proc
/proc/cpuinfo
/proc/meminfo
/proc/version
/proc/scsi/scsi
/proc/partitions
performance & analysis- * imarslo : adminTools
vmstat
- shows system memory, processes, interrupts, paging, block I/O, and CPU infoiostat
- for storage I/O statistics.iotop
- interactive I/O viewer. Get an overview of storage r/w activitynetstat
– for network statisticsiftop
- network traffic viewernload
- a super simple, command-line network interface monitoring toolmtr
- network diagnostic tooldig
- DNS lookup utility toolnethogs
- network traffic analyzerapropos
- search man page names and descriptionsfsck
- tool for checking the consistency of a file systemvnstat
dstat
mpstat
ss
- socket statisticssar
nethogs
- network traffic analyzer
lshw Classes
address
bridge
bus
communication
disk
display
generic
input
memory
multimedia
network
power
printer
processor
storage
system
tape
volume
os
$ lsb_release -a
LSB Version : :core-4.1-amd64:core-4.1-noarch
Distributor ID : CentOS
Description : CentOS Linux release 7.9.2009 (Core)
Release : 7.9.2009
Codename : Core
$ uname -a
Linux my-computer 3.10.0-1160.42.2.el7.x86_64 #1 SMP Tue Sep 7 14:49:57 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
hardware
$ sudo dmidecode -s
-
[!TIP]
$ sudo yum install -y hwloc $ lstopo-no-graphics $ hwloc-ls $ hwloc-info $ lstopo-no-graphics -p
system information
$ sudo dmidecode | grep -A5 '^System Information'
System Information
Manufacturer: HPE
Product Name: ProLiant DL380 Gen10
Version: Not Specified
Serial Number: S*************0
UUID: 0******0-0**0-0**0-0**0-3**********e
# or display system [m]anufacture
$ inxi -M
Machine: Type: Server Mobo: HPE model: ProLiant DL380 Gen10 serial: <root required> UEFI: HPE v: U30
date: 06/15/2018
# or
$ sudo inxi --dmidecode -Mxxx
Machine: Type: Rack Mount Chassis Mobo: HPE model: ProLiant DL380 Gen10 serial: PFARA%%LMAZ6XB BIOS: HPE
v: U30 rev: 1.40 date: 06/15/2018 rom size: 16384 kB
manufacturer
$ sudo dmidecode -s system-manufacturer
HPE
# or
$ sudo dmidecode -s baseboard-manufacturer
HPE
# or
$ cat /sys/devices/virtual/dmi/id/sys_vendor
HPE
product name and version
product name only
$ sudo dmidecode -s system-product-name
ProLiant DL380 Gen10
# or
$ sudo dmidecode -s baseboard-product-name
ProLiant DL380 Gen10
# or
$ cat /sys/devices/virtual/dmi/id/product_name
ProLiant DL380 Gen10
# or
$ sudo dmidecode | grep -i prod
Product Name: Vostro 5560
Product Name: 04YDT0
uuid
$ sudo dmidecode | grep -i uuid | awk '{print $2}' | tr '[:upper:]' '[:lower:]'
cpu
cpu cores
$ cat /proc/cpuinfo | egrep "core id|physical id" | tr -d "\n" | sed s/physical/\\nphysical/g | grep -v ^$ | sort | uniq | wc -l
36
# or
$ grep -c processor /proc/cpuinfo
32
# or
$ nproc --all
32
# or
$ getconf _NPROCESSORS_ONLN
32
# or
$ cat /sys/devices/system/cpu/present
0-31
# or CPUs = Threads per core X cores per socket X socket
$ lscpu | grep -E '^Thread|^Core|^Socket|^CPU\('
CPU(s): 32
Thread(s) per core: 2
Core(s) per socket: 8
Socket(s): 2
$ lscpu | grep --color=none -E '^(Thread|Core|Socket|CPU\(|NUMA|Model\ name)'
CPU(s): 128
Thread(s) per core: 2
Core(s) per socket: 64
Socket(s): 1
NUMA node(s): 1
Model name: AMD EPYC 7742 64-Core Processor
NUMA node0 CPU(s): 0-127
# or
$ sudo dmidecode -t 4 | grep -E 'Socket Designation|Count'
Socket Designation: CPU1
Core Count: 8
Thread Count: 16
Socket Designation: CPU2
Core Count: 8
Thread Count: 16
- others
$ lscpu --all --extended $ lscpu --all --parse=CPU,SOCKET,CORE | grep -v '^#'
check CPU support 64 bit or not
$ sudo dmidecode --type=processor | grep -i -A 1 Characteristics
Characteristics:
64-bit capable
cat /proc/cpuinfo
$ lscpu
Architecture: i686
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
....
cpu info
$ sudo dmidecode -t processor
# or
$ sudo lshw -C cpu
# or
$ sudo dmidecode -t 4 | egrep -i "Designation|Intel|core|thread"
# or
$ inxi -C
CPU:
Info: 2x 8-core model: Intel Xeon E5-2667 v4 bits: 64 type: MT MCP SMP cache: L2: 2x 2 MiB (4 MiB)
Speed (MHz): avg: 1324 min/max: 1200/3600 cores: 1: 1202 2: 1202 3: 1251 4: 1200 5: 1201
6: 1376 7: 1260 8: 1205 9: 1203 10: 1202 11: 1201 12: 1201 13: 1201 14: 1202 15: 1201 16: 1202
17: 1200 18: 1200 19: 1600 20: 1199 21: 1201 22: 1287 23: 1892 24: 1201 25: 1200 26: 1201
27: 3200 28: 1200 29: 1200 30: 1701 31: 1201 32: 1200
memory
references:
- Find Out the Total Physical Memory (RAM) on Linux
- 17 Ways to check size of physical memory (RAM) in Linux
- free – A standard command to check memory usage statistics in Linux
RAM: Random Access Memory is a temporary memory. This information will go away when the computer is turned off.
- ROM: Read Only Memory is permanent memory, that holds the data even if the system is switched off.
list total memory
$ hwinfo --memory | grep 'Memory Size'
Memory Size: 128 GB
$ sudo lshw -short | grep 'System Memory'
/0/2c memory 128GiB System Memor
$ vmstat -s -S M | egrep -ie 'total memory'
128817 M total memory
$ vmstat -s | grep "total memory"
131909608 K total memory
$ vmstat -s | awk '{print $1 / 1024 / 1024}' | head -1
125.799
$ inxi -F | grep "Memory"
Processes: 414 Uptime: 87d 17h 40m Memory: 125.8 GiB used: 27.21 GiB (21.6%) Init: systemd
$ sudo dmidecode -t memory | grep Size: | grep -v "No Module Installed" | awk '{sum+=$2}END{print sum}'
131072
$ egrep 'MemTotal|MemFree|MemAvailable' /proc/meminfo
MemTotal: 131909608 kB
MemFree: 95760488 kB
MemAvailable: 104355708 kB
$ vmstat -s
list only installed RAM modules
$ sudo dmidecode -t memory | grep Size: | grep -v "No Module Installed"
memory information
$ sudo dmidecode -t memory
# or
$ sudo lshw -C memory
$ sudo lshw -short -class memory
# Physical Memory Array
$ sudo dmidecode --type 16
# get Memory Device
$ sudo dmidecode --type 17
# Memory Array Mapped Address
$ sudo dmidecode --type 19
print memory only
$ ps -o comm,%mem,args -u marslo | more
COMMAND %MEM COMMAND
gnome-keyring-d 0.0 /usr/bin/gnome-keyring-daemon --daemonize --login
init 0.0 init --user
ssh-agent 0.0 ssh-agent
dbus-daemon 0.0 dbus-daemon --fork --session --address=unix:abstract=/tmp/dbus-i5FUVjzADG
upstart-event-b 0.0 upstart-event-bridge
window-stack-br 0.0 /usr/lib/i386-linux-gnu/hud/window-stack-bridge
upstart-dbus-br 0.0 upstart-dbus-bridge --daemon --session --user --bus-name session
upstart-dbus-br 0.0 upstart-dbus-bridge --daemon --system --user --bus-name system
upstart-file-br 0.0 upstart-file-bridge --daemon --user
ibus-daemon 0.1 /usr/bin/ibus-daemon --daemonize --xim
....
check memory in time
$ free -h -s 5
# or
$ vmstat -w
# or
$ dmesg | grep "Memory"
[ 0.995127] Memory: 131882904K/134101416K available (12300K kernel code, 2504K rwdata, 3684K rodata, 2340K init, 3240K bss, 2218512K reserved, 0K cma-reserved)
[ 1.139890] x86/mm: Memory block size: 2048MB
bios
$ sudo dmidecode -t bios
disk
hwinfo
$ hwinfo --disk --only /dev/sda 192: SCSI 20.0: 10600 Disk [Created at block.245] Unique ID: R7kM.qzo5k6MLsu5 Parent ID: svHJ.VbV94345RfA SysFS ID: /class/block/sda SysFS BusID: 0:2:0:0 SysFS Device Link: /devices/pci0000:00/0000:00:02.0/0000:03:00.0/host0/target0:2:0/0:2:0:0 Hardware Class: disk Model: "AVAGO SMC3108" Vendor: "AVAGO" Device: "SMC3108" Revision: "4.68" Driver: "megaraid_sas", "sd" Driver Modules: "megaraid_sas" Device File: /dev/sda (/dev/sg1) Device Files: /dev/sda, /dev/disk/by-id/scsi-360030480243a18012424538006708dc9, /dev/disk/by-id/wwn-0x60030480243a18012424538006708dc9, /dev/disk/by-path/pci-0000:03:00.0-scsi-0:2:0:0 Device Number: block 8:0-8:15 (char 21:1) BIOS id: 0x80 Drive status: no medium Config Status: cfg=new, avail=yes, need=no, active=unknown Attached to: #37 (RAID bus controller)
disk type
[!INFO] Check disk interface types
- Advanced technology attachment (
ATA
)- Integrated Drive Electronics (
IDE
)- Serial ATA (
SATA
)- Small Computer system interface (
SCSI
)- Serial attached SCSI (
SAS
)- Fibre Channel
lsblk
$ lsblk -do name,tran NAME TRAN sdb sas sdc sas
lshw
$ sudo lshw -c storage -c disk ... *-sas description: Serial Attached SCSI controller product: Smart Storage PQI 12G SAS/PCIe 3 vendor: Adaptec physical id: 0 bus info: pci@0000:5c:00.0 logical name: scsi1 version: 01 width: 64 bits clock: 33MHz capabilities: sas pm msix pciexpress bus_master cap_list configuration: driver=smartpqi latency=0 resources: irq:32 memory:e9100000-e9107fff ioport:8000(size=256) *-disk:0 description: SCSI Disk # SCSC product: LOGICAL VOLUME vendor: HPE physical id: 1.0.0 bus info: scsi@1:1.0.0 logical name: /dev/sdb version: 1.99 serial: P************C size: 1788GiB (1920GB) capabilities: 15000rpm gpt-1.00 partitioned partitioned:gpt configuration: ansiversion=5 guid=eda10475-9cdb-44cd-8dbd-28bf482b0e25 logicalsectorsize=512 sectorsize=4096
hdparm
$ sudo hdparm -I /dev/sdb /dev/sdb: SG_IO: bad/missing sense data, sb[]: 7*** ATA device, with non-removable media Standards: Likely used: 1 Configuration: Logical max current cylinders 0 0 heads 0 0 sectors/track 0 0 -- Logical/Physical Sector size: 512 bytes device size with M = 1024*1024: 0 MBytes device size with M = 1000*1000: 0 MBytes cache/buffer size = unknown Capabilities: IORDY not likely Cannot perform double-word IO R/W multiple sector transfer: not supported DMA: not supported PIO: pio0
SSD or HHD
[!INFO]
0
: SSD1
: HHD references:- 7 easy methods to check disk type (HDD or SSD) in Linux
- How To Find If The Disk Is SSD Or HDD In Linux
check rotational
# HHD $ cat /sys/block/sd*/queue/rotational 1 1 # SSD $ lsscsi [0:0:0:0] disk Generic- SD/MMC CRW 1.00 /dev/sda [1:0:0:0] enclosu HPE Smart Adapter 1.99 - [1:1:0:0] disk HPE LOGICAL VOLUME 1.99 /dev/sdb [1:1:0:1] disk HPE LOGICAL VOLUME 1.99 /dev/sdc [1:2:0:0] storage HPE P408i-a SR Gen10 1.99 - [devops@dc5-ssdfw11 ~]$ cat /sys/block/sd*/queue/rotational 1 0 0
lsblk
## SSD $ lsblk -d -o name,rota NAME ROTA sdb 0 sdc 0 # or ## SSD $ lsblk -d -e 7 -o NAME,ROTA,DISC-MAX,MODEL NAME ROTA DISC-MAX MODEL sdb 0 0B LOGICAL VOLUME sdc 0 0B LOGICAL VOLUME ## HHD $ lsblk -d -e 7 -o NAME,ROTA,DISC-MAX,MODEL NAME ROTA DISC-MAX MODEL sdb 1 0B SMC3108 sda 1 0B SMC3108
smartctl
($ yum install smartmontools
)$ sudo smartctl -a /dev/sdb1 smartctl 7.0 2018-12-30 r4883 [x86_64-linux-4.19.12-1.el7.elrepo.x86_64] (local build) Copyright (C) 2002-18, Bruce Allen, Christian Franke, www.smartmontools.org === START OF INFORMATION SECTION === Vendor: AVAGO Product: SMC3108 Revision: 4.68 Compliance: SPC-3 User Capacity: 7,679,267,307,520 bytes [7.67 TB] Logical block size: 512 bytes Physical block size: 4096 bytes Logical Unit id: 0x60030480243a7b0124d58c0646f9617d Serial number: 007d61f946068cd524017b3a24800403 Device type: disk Local Time is: Thu Mar 30 10:51:52 2023 PDT SMART support is: Unavailable - device lacks SMART capability. === START OF READ SMART DATA SECTION === Current Drive Temperature: 0 C Drive Trip Temperature: 0 C ## SSD $ sudo smartctl -a /dev/sdc smartctl 6.6 2017-11-05 r4594 [x86_64-linux-4.18.0-193.28.1.el8_2.x86_64] (local build) Copyright (C) 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org === START OF INFORMATION SECTION === Vendor: HPE Product: LOGICAL VOLUME Revision: 1.99 User Capacity: 1,920,349,855,744 bytes [1.92 TB] Logical block size: 512 bytes Rotation Rate: Solid State Device # SSD Logical Unit id: 0x600508b1001c5be1882c0a4afb83c8ec Serial number: P************C Device type: disk Local Time is: Thu Mar 30 10:53:12 2023 PDT SMART support is: Available - device has SMART capability. SMART support is: Enabled Temperature Warning: Disabled or Not Supported === START OF READ SMART DATA SECTION === SMART Health Status: OK Current Drive Temperature: 0 C Drive Trip Temperature: 0 C
/proc/scsi/scsi
## SSD $ cat /proc/scsi/scsi Attached devices: Host: scsi0 Channel: 00 Id: 00 Lun: 00 Vendor: Generic- Model: SD/MMC CRW Rev: 1.00 Type: Direct-Access ANSI SCSI revision: 06 Host: scsi1 Channel: 00 Id: 00 Lun: 00 Vendor: HPE Model: Smart Adapter Rev: 1.99 Type: Enclosure ANSI SCSI revision: 05 Host: scsi1 Channel: 01 Id: 00 Lun: 00 Vendor: HPE Model: LOGICAL VOLUME Rev: 1.99 Type: Direct-Access ANSI SCSI revision: 05 Host: scsi1 Channel: 01 Id: 00 Lun: 01 Vendor: HPE Model: LOGICAL VOLUME Rev: 1.99 Type: Direct-Access ANSI SCSI revision: 05 Host: scsi1 Channel: 02 Id: 00 Lun: 00 Vendor: HPE Model: P408i-a SR Gen10 Rev: 1.99 Type: RAID ANSI SCSI revision: 05
check status
$ lsblk
$ pvs
$ lvs
$ vgs
$ pvscan
$ lvscan
$ pvdisplay
$ vgdisplay
$ lvdisplay
$ fdisk -l
$ sfdisk -l -uM
$ lshw -class disk
$ hwinfo --block --short
$ cat /proc/partitions
$ sudo hdparm -I /dev/sda
network
get network cards
$ sudo lshw -short -class network
H/W path Device Class Description
============================================================
/0/100/1/0 enp1s0f0 network I350 Gigabit Network Connection
/0/100/1/0.1 enp1s0f1 network I350 Gigabit Network Connection
/0/100/1.1/0 enp2s0f0 network Ethernet Controller X710 for 10GbE SFP+
/0/100/1.1/0.1 enp2s0f1 network Ethernet Controller X710 for 10GbE SFP+
/0/2/0 enp131s0f0 network Ethernet Controller 10-Gigabit X540-AT2
/0/2/0.1 enp131s0f1 network Ethernet Controller 10-Gigabit X540-AT2
/3 veth8c9c4570 network Ethernet interface
/4 flannel.1 network Ethernet interface
/5 veth8d141a78 network Ethernet interface
/6 veth3cc4bf19 network Ethernet interface
/7 cni0 network Ethernet interface
/8 docker0 network Ethernet interface
/9 veth179b5dab network Ethernet interface
network speed
$ ifstat -n -i en7
en7
KB/s in KB/s out
7.35 1.15
4.91 1.02
6.05 0.80
8.36 1.78
get the public ip address
$ curl ifconfig.me
environment variables
show PATH
$ echo src::${PATH} | awk 'BEGIN{pwd=ENVIRON["PWD"];RS=":";FS="\n"}!$1{$1=pwd}$1!~/^\//{$1=pwd"/"$1}{print $1}'
/home/marslo/src
/home/marslo
/home/marslo/.vim/tools/bin
/usr/local/mysql/bin
/usr/local/bcompare/bin
/usr/lib/lightdm/lightdm
/usr/local/sbin
/usr/local/bin
/usr/sbin
/usr/bin
/sbin
/bin
/usr/games
/usr/local/games
OR
$ echo "${PATH//:/$'\n'}"
graphics card driver
[!NOTE|label:references:]
get system info
top
batch mode
[!TIP] references:
$ top -bn1 # or $ top -n 1 d 2
get only summary of top command
$ top -bn1 | sed -n '/^top.*/,/^\s*$/p' ## or $ top -bn1 | sed -e '/^$/Q'
ps
[!TIP] references:
cpu
$ ps -eocomm,pcpu | egrep -v '(0.0)|(%CPU)' systemd 0.2 rcu_sched 0.2 sshd 0.5 java 8.2 java 0.6 dockerd 16.1 docker-containe 0.6 ...
memory
$ ps -eocomm,pmem | egrep -v '(0.0)|(%MEM)' java 0.1 java 0.1 java 0.8 gvfs-udisks2-vo 0.1 kube-apiserver 0.1
set system info
clear duplicated PATH
$ export PATH=`echo -n $PATH | awk -v RS=":" '{ if (!x[$0]++) {printf s $0; s=":"} }'`
LS_COLORS
[!NOTE|label:references:]
pattern name comments bd
device
block device ca
- cap cd
device
char device cl
- clear end of line di
directory
directory do
- Solaris door ec
- end color, unused ex
executable
executable fi
file
file fl
- file, default lc
- left, unused ln
link
symlink mh
- multi hardlink mi
- missing file no
- normal or
orphan
orphaned symlink ow
- other-writable pi
fifo
pipe rc
- right, unused rs
- reset sg
- setgid so
socket
socket st
- sticky su
- setuid tw
- ow with sticky
show database
$ dircolors --print-database $ which -a dircolors /usr/local/opt/coreutils/libexec/gnubin/dircolors $ echo $COLORTERM truecolor $ echo $TERM xterm-256color
-
( # Run in a subshell so it won't crash current color settings dircolors -b >/dev/null IFS=: for ls_color in ${LS_COLORS[@]}; do # For all colors color=${ls_color##*=} ext=${ls_color%%=*} echo -en "\E[${color}m${ext}\E[0m " # echo color and extension done echo )
-
declare -A descriptions=( [bd]="block device" [ca]="file with capability" [cd]="character device" [di]="directory" [do]="door" [ex]="executable file" [fi]="regular file" [ln]="symbolic link" [mh]="multi-hardlink" [mi]="missing file" [no]="normal non-filename text" [or]="orphan symlink" [ow]="other-writable directory" [pi]="named pipe, AKA FIFO" [rs]="reset to no color" [sg]="set-group-ID" [so]="socket" [st]="sticky directory" [su]="set-user-ID" [tw]="sticky and other-writable directory" ) IFS=: for ls_color in $LS_COLORS; do color="${ls_color#*=}" type="${ls_color%=*}" # Add description for named types. desc="${descriptions[$type]}" # Separate each color with a newline. if [[ $color_prev ]] && [[ $color != "$color_prev" ]]; then echo fi printf "\e[%sm%s%s\e[m " "$color" "$type" "${desc:+ ($desc)}" # For next loop color_prev="$color" done echo
-
settings
$ cat ~/.bashrc LS_COLORS='bd=38;5;68:ca=38;5;17:cd=38;5;113;1:di=38;5;108:do=38;5;127:ex=38;5;31;1:pi=38;5;126:fi=0:ln=target:mh=38;5;222;1:no=0:or=48;5;196;38;5;232;1:ow=38;5;220;1:sg=48;5;3;38;5;0:su=38;5;220;1;3;100;1:so=38;5;197:st=38;5;86;48;5;234:tw=48;5;235;38;5;139;3:' LS_COLORS+='*.7z=38;5;64:*.WARC=38;5;64:*.a=38;5;64:*.arj=38;5;64:*.br=38;5;64:*.bz2=38;5;64:*.cpio=38;5;64:*.gz=38;5;64:*.lrz=38;5;64:*.lz=38;5;64:*.lzma=38;5;64:*.lzo=38;5;64:*.rar=38;5;64:*.s7z=38;5;64:*.sz=38;5;64:*.tar=38;5;64:*.tbz=38;5;64:*.tgz=38;5;64:*.warc=38;5;64:*.xz=38;5;64:*.z=38;5;64:*.zip=38;5;64:*.zipx=38;5;64:*.zoo=38;5;64:*.zpaq=38;5;64:*.zst=38;5;64:*.zstd=38;5;64:*.zz=38;5;64:*@.service=38;5;45:' LS_COLORS+='*.pub=1;3:*.1p=38;5;7:*.32x=38;5;213:*.3g2=38;5;115:*.3ga=38;5;137;1:*.3gp=38;5;115:*.3p=38;5;7:*.82p=38;5;121:*.83p=38;5;121:*.8eu=38;5;121:*.8xe=38;5;121:*.8xp=38;5;121:*.A64=38;5;213:*.BUP=38;5;241:*.CFUserTextEncoding=38;5;239:*.F=38;5;81:*.F03=38;5;81:*.F08=38;5;81:*.F90=38;5;81:*.F95=38;5;81:*.IFO=38;5;114:*.M=38;5;110:*.PDF=38;5;141:*.PFA=38;5;66:*.PL=38;5;160:*.RData=38;5;178:*.Rproj=38;5;11:*.S=38;5;110:*.S3M=38;5;137;1:*.SKIP=38;5;244:*.TIFF=38;5;97:*.VOB=38;5;115;1:*.a00=38;5;213:*.a52=38;5;213:*.a64=38;5;213:*.a78=38;5;213:*.aac=38;5;137;1:*.accdb=38;5;60:*.accde=38;5;60:*.accdr=38;5;60:*.accdt=38;5;60:*.adf=38;5;213:*.adoc=38;5;184:*.afm=38;5;66:*.agda=38;5;81:*.agdai=38;5;110:*.ai=38;5;99:*.aiff=38;5;136;1:*.alac=38;5;136;1:*.allow=38;5;112:*.am=38;5;242:*.amr=38;5;137;1:*.application=38;5;116:*.aria2=38;5;241:*.asciidoc=38;5;184:*.asf=38;5;115:*.asm=38;5;81:*.ass=38;5;117:*.astro=38;5;135;1:*.atr=38;5;213:*.au=38;5;137;1:*.automount=38;5;45:*.bib=38;5;178:*.bsp=38;5;215:*.cab=38;5;215:*.caf=38;5;137;1:*.cap=38;5;29:*.car=38;5;57:*.cbr=38;5;141:*.cbz=38;5;141:*.cda=38;5;136;1:*.cdi=38;5;213:*.cdr=38;5;97:*.chm=38;5;141:*.cjs=38;5;074;1:*.cl=38;5;81:*.clj=38;5;41:*.cljc=38;5;41:*.cljs=38;5;41:*.cljw=38;5;41:*.cnc=38;5;7:*.coffee=38;5;079;1:*.comp=38;5;136:*.containerignore=38;5;264:*.cp=38;5;75:*.cr=38;5;81:*.crx=38;5;215:*.cs=38;5;81:*.csv=38;5;78:*.ctp=38;5;81:*.cue=38;5;116:*.dart=38;5;51:*.dat=38;5;137;1:*.db=38;5;60:*.def=38;5;7:*.deny=38;5;196:*.description=38;5;116:*.device=38;5;45:*.dhall=38;5;178:*.dicom=38;5;97:*.diff=48;5;197;38;5;232:*.directory=38;5;116:*.divx=38;5;114:*.djvu=38;5;141:*.dmp=38;5;29:*.doc=38;5;111:*.dockerignore=38;5;264:*.docm=38;5;111;4:*.docx=38;5;111:*.drw=38;5;99:*.dtd=38;5;178:*.dts=38;5;137;1:*.dwg=38;5;216:*.dylib=38;5;241:*.ear=38;5;215:*.ejs=38;5;135;1:*.el=38;5;81:*.elc=38;5;241:*.eln=38;5;241:*.eml=38;5;90;1:*.entitlements=1:*.epf=1:*.eps=38;5;99:*.epsf=38;5;99:*.epub=38;5;141:*.err=38;5;160;1:*.error=38;5;160;1:*.etx=38;5;184:*.ex=38;5;7:*.example=38;5;7:*.f=38;5;81:*.f03=38;5;81:*.f08=38;5;81:*.f4v=38;5;115:*.f90=38;5;81:*.f95=38;5;81:*.fcm=38;5;137;1:*.feature=38;5;7:*.flac=38;5;136;1:*.flif=38;5;97:*.flv=38;5;115:*.fm2=38;5;213:*.fmp12=38;5;60:*.fnt=38;5;66:*.fon=38;5;66:*.for=38;5;81:*.fp7=38;5;60:*.frag=38;5;136:*.ftn=38;5;81:*.fvd=38;5;124:*.fxml=38;5;178:*.gb=38;5;213:*.gba=38;5;213:*.gbc=38;5;213:*.gbr=38;5;7:*.gel=38;5;213:*.gemspec=38;5;41:*.ger=38;5;7:*.gg=38;5;213:*.ggl=38;5;213:*.gp3=38;5;115:*.gp4=38;5;115:*.gs=38;5;81:*.hi=38;5;110:*.hidden-color-scheme=1:*.hidden-tmTheme=1:*.hin=38;5;242:*.hjson=38;5;178:*.hpp=38;5;110:*.hs=38;5;81:*.htm=38;5;125;1:*.http=38;5;90;1:*.hxx=38;5;110:*.ii=38;5;110:*.iml=38;5;166:*.in=38;5;242:*.info=38;5;184:*.ini=1:*.ipa=38;5;215:*.ipk=38;5;213:*.ipynb=38;5;41:*.j64=38;5;213:*.jad=38;5;215:*.jhtm=38;5;125;1:*.jsm=38;5;079;1:*.jsonc=38;5;178:*.jsonl=38;5;178:*.jsonnet=38;5;178:*.jsp=38;5;079;1:*.jsx=38;5;074;1:*.jxl=38;5;97:*.kak=38;5;172:*.key=38;5;166:*.lagda=38;5;81:*.lagda.rst=38;5;81:*.lagda.tex=38;5;81:*.last-run=1:*.lhs=38;5;81:*.libsonnet=38;5;142:*.lisp=38;5;81:*.lnk=38;5;97:*.localized=38;5;239:*.localstorage=38;5;60:*.m=38;5;110:*.m2v=38;5;114:*.m3u=38;5;116:*.m3u8=38;5;116:*.m4=38;5;242:*.m4a=38;5;137;1:*.m4v=38;5;114:*.map=38;5;7:*.md5=38;5;116:*.mdb=38;5;60:*.mde=38;5;60:*.mdump=38;5;241:*.mdx=38;5;184:*.merged-ca-bundle=1:*.mf=38;5;7:*.mfasl=38;5;7:*.mht=38;5;125;1:*.mi=38;5;7:*.mid=38;5;136;1:*.midi=38;5;136;1:*.mjs=38;5;074;1:*.mkd=38;5;184:*.mkv=38;5;114:*.ml=38;5;81:*.mm=38;5;7:*.mobi=38;5;141:*.mod=38;5;137;1:*.moon=38;5;81:*.mount=38;5;45:*.mpg=38;5;114:*.msg=38;5;178:*.mtx=38;5;7:*.mustache=38;5;135;1:*.mysql=38;5;222:*.nc=38;5;60:*.ndjson=38;5;178:*.nds=38;5;213:*.nes=38;5;213:*.nfo=38;5;184:*.nib=38;5;57:*.nim=38;5;81:*.nimble=38;5;81:*.nix=38;5;155:*.norg=38;5;184:*.nrg=38;5;124:*.nth=38;5;97:*.numbers=38;5;112:*.o=38;5;241:*.odb=38;5;111:*.odp=38;5;166:*.ods=38;5;112:*.odt=38;5;111:*.oga=38;5;137;1:*.ogg=38;5;137;1:*.ogm=38;5;114:*.ogv=38;5;115:*.opus=38;5;137;1:*.otf=38;5;66:*.pacnew=38;5;33:*.pages=38;5;111:*.pak=38;5;215:*.part=38;5;239:*.patch=48;5;197;38;5;232;1:*.path=38;5;45:*.pbxproj=1:*.pc=38;5;7:*.pcap=38;5;29:*.pcb=38;5;7:*.pcf=1:*.pcm=38;5;136;1:*.pdf=38;5;141:*.pfa=38;5;66:*.pfb=38;5;66:*.pfm=38;5;66:*.pgn=38;5;178:*.pgsql=38;5;222:*.pi=38;5;7:*.pid=38;5;248:*.pk3=38;5;215:*.pl=38;5;208:*.plist=1:*.plt=38;5;7:*.ply=38;5;216:*.pm=38;5;203:*.png=38;5;97:*.pod=38;5;184:*.pot=38;5;7:*.pps=38;5;166:*.ppt=38;5;166:*.ppts=38;5;166:*.pptsm=38;5;166;4:*.pptx=38;5;166:*.pptxm=38;5;166;4:*.prisma=38;5;222:*.properties=38;5;116:*.prql=38;5;222:*.ps=38;5;99:*.psd=38;5;97:*.psf=1:*.pug=38;5;135;1:*.pxd=38;5;97:*.pxm=38;5;97:*.qcow=38;5;124:*.rdata=38;5;178:*.rdf=38;5;7:*.rkt=38;5;81:*.rlib=38;5;241:*.rmvb=38;5;114:*.rnc=38;5;178:*.rng=38;5;178:*.rom=38;5;213:*.rss=38;5;178:*.rst=38;5;184:*.rstheme=1:*.rtf=38;5;111:*.s3m=38;5;137;1:*.sample=38;5;114:*.sc=38;5;41:*.scan=38;5;242:*.sch=38;5;7:*.scm=38;5;7:*.scpt=38;5;219:*.scss=38;5;105;1:*.sed=38;5;172:*.service=38;5;45:*.sfv=38;5;116:*.sgml=38;5;178:*.sid=38;5;137;1:*.sis=38;5;7:*.sms=38;5;213:*.socket=38;5;45:*.sparseimage=38;5;124:*.spl=38;5;7:*.spv=38;5;217:*.srt=38;5;117:*.ssa=38;5;117:*.st=38;5;213:*.stackdump=38;5;241:*.state=38;5;248:*.stderr=38;5;160;1:*.stl=38;5;216:*.storyboard=38;5;196:*.strings=1:*.sty=38;5;7:*.sub=38;5;117:*.sublime-*=1:*.sug=38;5;7:*.sup=38;5;117:*.svelte=38;5;135;1:*.svg=38;5;99:*.swo=38;5;244:*.sx=38;5;81:*.target=38;5;45:*.tdy=38;5;7:*.tfnt=38;5;7:*.tfstate=38;5;168:*.tfvars=38;5;168:*.tg=38;5;7:*.theme=38;5;116:*.tif=38;5;97:*.tiff=38;5;97:*.timer=38;5;45:*.tmTheme=1:*.toast=38;5;124:*.tsv=38;5;78:*.tsx=38;5;074;1:*.ttf=38;5;66:*.twig=38;5;81:*.typelib=38;5;60:*.urlview=38;5;116:*.user-ca-bundle=1:*.v=38;5;81:*.vala=38;5;81:*.vapi=38;5;81:*.vcard=38;5;7:*.vcd=38;5;124:*.vcf=38;5;7:*.vdf=38;5;215:*.vdi=38;5;124:*.vert=38;5;136:*.vfd=38;5;124:*.vhd=38;5;124:*.vhdx=38;5;124:*.vmdk=38;5;124:*.vob=38;5;115;1:*.vpk=38;5;215:*.vtt=38;5;117:*.vue=38;5;135;1:*.wav=38;5;136;1:*.webloc=38;5;116:*.webm=38;5;115:*.webp=38;5;97:*.wgsl=38;5;97:*.woff=38;5;66:*.woff2=38;5;66:*.wrl=38;5;216:*.wv=38;5;136;1:*.wvc=38;5;136;1:*.xcf=38;5;7:*.xcsettings=1:*.xcuserstate=1:*.xcworkspacedata=1:*.xib=38;5;208:*.xla=38;5;76:*.xln=38;5;7:*.xls=38;5;112:*.xlsx=38;5;112:*.xlsxm=38;5;112;4:*.xltm=38;5;73;4:*.xltx=38;5;73:*.xpi=38;5;215:*.xpm=38;5;97:*.xsd=38;5;178:*.xsh=38;5;41:*.z[0-9]{0,2}=38;5;239:*.zcompdump=38;5;241:*.zig=38;5;81:*.zwc=38;5;241:*.zx[0-9]{0,2}=38;5;239:' # encrypted files LS_COLORS+='*.enc=38;5;69;3:*.gpg=38;5;69;3:*.p12=38;5;69;3:*.p7s=38;5;69;3:*.pem=38;5;69;3:*.pgp=38;5;69;3:*.sig=38;5;69;3:*.signature=38;5;69;3:*.asc=38;5;69;3:*.bfe=38;5;69;3:*.current=38;5;69;3:' # packages LS_COLORS+='*.apk=38;5;215:*.deb=38;5;215:*.dll=38;5;241:*.dmg=38;5;215:*.rpm=38;5;215:*.war=38;5;215:*.bin=38;5;124:*.iso=38;5;124:*.jar=38;5;215:*.out=38;5;242:' # dump/log LS_COLORS+='*.bak=38;5;241:*.dump=38;5;241:*.snapshot=38;5;45:*.swap=38;5;45:*.swp=38;5;244:*.tmp=38;5;244:*.viminfo=1;3:*.DS_Store=38;5;239:*.old=38;5;242:*.org=38;5;184:*.orig=38;5;241:*.sav=38;5;213:*.log=38;5;190:*.un~=38;5;241:' # audio/video LS_COLORS+='*.wma=38;5;137;1:*.wmv=38;5;114:*.JPG=38;5;97:*.MOV=38;5;114:*.ape=38;5;136;1:*.avi=38;5;114:*.bmp=38;5;97:*.gif=38;5;97:*.icns=38;5;97:*.ico=38;5;97:*.ics=38;5;7:*.img=38;5;124:*.jpeg=38;5;97:*.jpg=38;5;97:*.mov=38;5;114:*.mp3=38;5;137;1:*.mp4=38;5;114:*.mp4a=38;5;137;1:*.mpeg=38;5;114:*.torrent=38;5;116:*.ts=38;5;074;1:' # docs LS_COLORS+='*AUTHORS=38;5;172;1:*CHANGELOG=38;5;172;1:*CHANGES=38;5;172;1:*CODEOWNERS=38;5;172;1:*CONTRIBUTING=38;5;172;1:*CONTRIBUTORS=38;5;172;1:*COPYING=38;5;172;1:*COPYRIGHT=38;5;172;1:*CodeResources=38;5;239:*Containerfile=38;5;143:*INSTALL=38;5;220;1:*LICENSE=38;5;220;1:*LS_COLORS=48;5;89;38;5;197;1;3;4;7:*MANIFEST=38;5;243:*[Mm]akefile=38;5;143:*NOTICE=38;5;220;1:*PATENTS=38;5;220;1:*PkgInfo=38;5;239:*README.rst=38;5;172;1:*VERSION=38;5;172;1:*authorized_keys=1;3:*core=38;5;241:*config=1;3:*lock=38;5;248:*lockfile=38;5;248:*pm_to_blib=38;5;264:' # git LS_COLORS+='*.git=38;5;133;3:*.gitattributes=38;5;133;3:*.gitignore_global=38;5;133;3:*.gitignore=38;5;133;3:*.github=38;5;133:*.gitmodules=38;5;198;3:' # system rc LS_COLORS+='*history=1;3:*rc=38;5;66;3:*.profile=1;3:*.bash_login=1;3:*.bash_logout=1;3:*.bash_profile=1;3:*.zlogin=1;3:*.zlogout=1;3:*.zprofile=1;3:*.zshenv=1;3:*id_dsa=38;5;192;3:*id_ecdsa=38;5;192;3:*id_ed25519=38;5;192;3:*id_rsa=38;5;192;3:*known_hosts=1;3:*known_hosts.old*=1;3:*cfg=1;3:*conf=1;3:*.fdignore=38;5;133;3:*.rgignore=38;5;133;3:' # program/script LS_COLORS+='*.bat=38;5;134:*.BAT=38;5;134:*.sh=38;5;134:*.bash=38;5;134:*.fish=38;5;134:*.zsh=38;5;134:*.py=38;5;99:*.pyc=38;5;105:*.go=38;5;81:*.h=38;5;110:*.h++=38;5;110:*.c=38;5;75:*.cc=38;5;75:*.c++=38;5;75:*.cpp=38;5;75:*.cxx=38;5;81:*.tcc=38;5;110:*.r=38;5;49:*.r[0-9]{0,2}=38;5;239:*.rake=38;5;155:*.rb=38;5;41:*.ahk=38;5;41:*.awk=38;5;134:*.less=38;5;105;1:*.css=38;5;105;1:*.html=38;5;125;1:*.java=38;5;079;1:*.json=38;5;178:*.json5=38;5;178:*.markdown=38;5;134:*.md=38;5;134:*.msql=38;5;222:*.php=38;5;81:*.sass=38;5;105;1:*.sassc=38;5;244:*.swift=38;5;219:*.tcl=38;5;64;1:*.txt=38;5;253:*.vim=38;5;134:*.xml=38;5;178:*.yaml=38;5;178:*.yml=38;5;178:*.vb=38;5;81:*.vba=38;5;81:*.vbs=38;5;81:*.R=38;5;49:*.js=38;5;074;1:*.lua=38;5;81:*.rs=38;5;81:*.ru=38;5;7:*.s=38;5;110:*.scala=38;5;41:*.sql=38;5;222:*.sqlite=38;5;60:*.t=38;5;114:*.tex=38;5;184:*.textile=38;5;184:*.tf=38;5;168:*.tfm=38;5;7:*.toml=38;5;178:*[Dd]ockerfile=38;5;143:' export LS_COLORS
way to verify
# i.e.: LS_COLORS='bd=38;5;68:ca=38;5;17:cd=38;5;113;1:di=38;5;108:do=38;5;127:ex=38;5;31;1:pi=38;5;126:fi=0:ln=target:mh=38;5;222;1:no=0:or=48;5;196;38;5;232;1:ow=38;5;220;1:sg=48;5;3;38;5;0:su=38;5;220;1;3;100;1:so=38;5;197:st=38;5;86;48;5;234:tw=48;5;235;38;5;139;3:' # check via $ echo -e """ \033[38;5;68m bd= \033[0m \033[38;5;17m ca= \033[0m \033[38;5;113;1m cd= \033[0m \033[38;5;108m di= \033[0m \033[38;5;127m do= \033[0m \033[38;5;31;1m ex= \033[0m \033[38;5;126m pi= \033[0m \033[38;5;222;1m mh= \033[0m \033[48;5;196;38;5;232;1m or= \033[0m \033[38;5;220;1m ow= \033[0m \033[48;5;3;38;5;0m sg= \033[0m \033[38;5;220;1;3;100;1m su= \033[0m \033[38;5;197m so= \033[0m \033[38;5;86;48;5;234m st= \033[0m \033[48;5;235;38;5;139;3m tw= \033[0m """
set dns for ubuntu
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.1.1
$ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4
$ sudo resolvconf -u
# or
$ cat /etc/dhcp/dhclient.conf | grep "prepend domain-name-servers"
prepend domain-name-servers 8.8.8.8, 8.8.4.4;
# or
$ cat /etc/network/interfaces | grep dns
dns-nameservers 8.8.8.8 8.8.4.4
disable firewall
$ sudo systemctl stop firewalld
$ sudo systemctl disable firewalld
$ sudo systemctl mask firewalld
- check result
$ sudo systemctl is-enabled firewalld $ sudo systemctl is-active firewalld $ sudo firewall-cmd --state
change net.bridge
$ sudo modprobe br_netfilter
$ sudo sysctl net.bridge.bridge-nf-call-iptables=1
$ sudo sysctl net.bridge.bridge-nf-call-ip6tables=1
# or
$ sudo bash -c "cat > /etc/sysctl.d/k8s.conf" << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- check status
$ sudo sysctl --system
off swap
$ sudo swapoff -a
$ sudo bash -c "/usr/bin/sed -e 's:^\\(.*swap.*\\)$:# \\1:' -i /etc/fstab"
disable selinux
$ setenforce 0
$ sudo bash -c "/usr/bin/sed 's/^SELINUX=enforcing$/SELINUX=permissive/' -i /etc/selinux/config"
confined and unconfined users
references:
installation
$ yum -y install setools-console
setup for exiting account
$ semanage login -a -s staff_u <account> # or $ semanage login -a -s staff_u -r s0-s0:c0.c100 <account>
Modifying an existing mapping
$ semanage login -m -s sysadm_u <account>
delete a mapping
$ semanage login -d <account>
list mappings
$ semanage user -l
process
find the zombie process
$ ps aux | awk '{ print $8 " " $2 " " $11}' | grep -w Z
sort process by PID
$ ps -axww
check the group PID
$ ps -xj
about whatis
$ whatis whois
whois (1) - client for the whois directory service
$ whatis which
which (1) - locate a command
$ whatis whereis
whereis (1) - locate the binary, source, and manual page files for a command
user management
sssd to use LDAP
references:
sss_override management
check user
$ sudo sssctl user-checks <username>
user: marslo
action: acct
service: system-auth
SSSD nss user lookup result:
- user name: marslo
- user id: 33637
- group id: 40048
- gecos: Marslo Jiao (Marslo Jiao)
- home directory: /home/marslo
- shell: /bin/bash
InfoPipe operation failed. Check that SSSD is running and the InfoPipe responder is enabled. Make sure 'ifp' is listed in the 'services' option in sssd.conf.InfoPipe User lookup with [marslo] failed.
testing pam_acct_mgmt
pam_acct_mgmt: Success
PAM Environment:
- no env -
# or
$ getent passwd -s sss marslo
add user name
$ sudo /usr/sbin/sss_override user-add <username> -n secondary-username
# verification
$ id secondary-username
# display the override
$ sudo /usr/sbin/sss_override user-show user-name
override the uid
# check current uid
$ id -u <username>
# overwride
$ sudo /usr/sbin/sss_override user-add <username> -u <new-uid>
$ sudo /usr/sbin/sss_cache --users
# or
$ sudo /usr/sbin/sss_cache --user <username>
$ sudo systemctl restart sssd
override the gid
# check current gid
$ id -g <username>
# or
$ id -nG <username>
# or
$ sudo lid -g <group_name>
# override
$ sudo /usr/sbin/sss_override user-add <username> -g <new-gid>
$ sudo /usr/sbin/sss_cache --users
$ sudo /usr/sbin/sss_cache --user <username>
$ sudo systemctl restart sssd
override the home directory
# check current home directory
$ getent passwd <username>
# override
$ sudo /usr/sbin/sss_override user-add <username> -h /new/home/directory
$ sudo systemctl restart sssd
override the shell attribute
# check current
$ getent passwd <username>
# override
$ sudo /usr/sbin/sss_override user-add <username> -h </original/home/directory> -s /new/shell
$ sudo systemctl restart sssd
managing the sssd cache
# clear the cache and update all records
$ sudo /usr/sbin/sss_cache [-E|--everything]
# clear invalidates cache entries for all user records
$ sudo /usr/sbin/sss_cache [-U|--users]
# clear all cached entries for a particular domain
$ sudo /usr/sbin/sss_cache [-E|--everything] [-d|--domain] <ldap_name>
# purge the records for that specific account and leave the rest of the cache intact
$ sudo /usr/sbin/sss_cache [-u|--user] <username>
# invalidates the cache entry for the specified group
$ sudo /usr/sbin/sss_cache [-g|--group] <groupname>
remove account
$ sudo sss_override user-del [--debug 1..9] <username>
$ sudo /usr/sbin/sss_cache --everything
$ sudo systemctl restart sssd
or
# get info $ loginctl # logout $ loginctl kill-user <username> $ sudo /usr/sbin/sss_cache -u <username> $ loginctl terminate-user <username> $ sudo pkill -u <username> $ systemctl restart sssd $ systemctl restart accounts-daemon
backup and restore
# export
$ /usr/sbin/sss_override user-export user-export.bak
$ /usr/sbin/sss_override group-export group-export.bak
# restore
$ /usr/sbin/sss_override user-import user-import.bak
$ /usr/sbin/sss_override group-import group-import.bak
list all override
$ /usr/sbin/sss_override user-find
sssd config
After this in
/etc/sssd/sssd.conf
file Specifyldap_default_bind_dn
andldap_default_authtok
as default bind dn and password respectively, this depends upon your ldap setup.
- references:
- Chapter 13. Configuring Authentication
# optional
$ yum install -y sssd \
realmd \
oddjob \
oddjob-mkhomedir \
adcli \
samba-common \
samba-common-tools \
krb5-workstation \
openldap-clients \
policycoreutils-python \
authselect-compat \
ntpdate \
ntp
$ authselect select sssd
$ authselect select sssd with-mkhomedir
$ systemctl enable oddjobd.service
$ systemctl start oddjobd.service
$ authconfig --enablesssd \
--enablesssdauth \
--enablelocauthorize \
--enableldap \
--enableldapauth \
--ldapserver=ldap://ipaserver.example.com:389 \
--disableldaptls \
--ldapbasedn=dc=example,dc=com \
--enablerfc2307bis \
--enablemkhomedir \
--enablecachecreds \
--update
others
- config files
file | comments |
---|---|
/etc/krb5.keytab |
host keytab file |
/etc/nsswitch.conf |
Name Service Switch (NSS) configuration file |
/etc/sssd/sssd.conf |
sssd configure file |
/etc/auto.master |
mount NFS |
/etc/auto.misc |
automount utility can mount and unmount NFS |
/etc/pam.d/password-auth |
PAM module |
/etc/pam.d/system-auth |
PAM module |
/var/lib/sss/db/* |
sssd cache |
/etc/security/access.conf |
local login access control table |
-
$ realm discover my.com [--server-software=active-directory] my.com type: kerberos realm-name: MY.COM domain-name: my.com configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools
join the system
$ realm join <my.domain> -U <account> [--membership-software=samba] [--verbose] [--install]
troubleshooting
sudo: unable to dlopen /usr/lib/libsss_sudo.so
[!NOTE|label:issue:]
sudo: unable to load /usr/lib/x86_64-linux-gnu/libsss_sudo.so: /usr/lib/x86_64-linux-gnu/libsss_sudo.so: cannot open shared object file: No such file or directory sudo: unable to initialize SSS source. Is SSSD installed on your machine?
$ sudo apt install libsss-sudo
local user
subuid
& subgid
[!NOTE] references:
# rootless mode
$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME
# or
$ echo USERNAME:10000:65536 >> /etc/subuid
$ echo USERNAME:10000:65536 >> /etc/subgid
find users
/etc/passwd
/etc/shadow
/etc/pam.d/passwd
more on users/etc/login.defs
local user management
useradd
create user
devops
$ useradd -c "comments here" \
-m \
-d "/home/devops" \
-u 1000 \
-g 1000 \
-s /bin/bash \
devops
or
$ useradd --comment "comments here" \ --create-home \ --home-dir /home/devops \ --shell /bin/bash \ --uid 1000 \ --gid 1000 \ --user-group devops devops
full steps
$ uid='1000' $ gid='1000' $ user='devops' $ mkdir -p /home/${user} $ chown -R ${uid}:${gid} /home/${user} $ groupadd -g ${gid} ${user} $ useradd -c "create user ${user}" \ -d "/home/${user}" \ -u ${uid} \ -g ${gid} \ -m \ -s /bin/bash \ ${user}
deluser
for ubunut
deluser
, delgroup
- remove a user or group from the system
SYNOPSIS
- deluser [options] [--force] [--remove-home] [--remove-all-files] [--backup] [--backup-to DIR] user
- deluser --group [options] group
- delgroup [options] [--only-if-empty] group
- deluser [options] user group
$ deluser <account> <group>
local group
/etc/group
/etc/passwd
/etc/shadow
references:
get group
-
$ getent group # or $ getent group <GID|GNAME>
get gid
$ sudo lid -g <group_name> # or $ getent group <group_name>
create group
create group with random gid
$ sudo groupadd <group_name>
get available gid
for error:
groupadd: GID 'xxxx' already exists
$ gname='mytestgroup' $ sudo groupadd ${gname} $ getent group ${gname} | cut -d: -f3 # or $ sed -nr "s/^${gname}:x:([0-9]+):.*/\1/p" /etc/group # or $ grep "^${gname}" /etc/group | cut -d: -f3 # and finally remove the group $ sudo groupdel ${gname}
create group with particular gid
$ sudo groupadd -g <gid> <group_name>
create group with existing gid
[!TIP]
-o (--non-unique) option the groupadd command allows you to create a group with non-unique GID
troubleshooting
- issue:
/usr/bin/id: cannot find name for group ID xxxx
- solution
$ groupadd --gid <GID> <GROUP_NAME>
$ sudo groupadd -o -g <new_gid> <group_name>
create group with password
$ groupadd -p secretpassword writers
add system group
[!NOTE|label:
-r
or--system
]$ groupadd -r hardwareteam $ groupadd --system hardwareteam
modify group
[!NOTE|label:references:]
$ sudo groupmod -o -g <gid> <group_name>
# change file mode
$ find / -gid OLD_GID ! -type l -exec chgrp NEW_GID {} \;
groupmod: group 'xxx' does not exist in /etc/group
$ getent group 994 gl3:*:994: # check available GID $ getent group 1994 # modify GID $ sudo groupmod -o -g 1994 gl3 groupmod: group 'gl3' does not exist in /etc/group $ sudo echo 'gl3:*:994:' >> /etc/group $ grep gl3 /etc/group gl3:*:994: $ sudo groupmod -o -g 1994 gl3 $ sudo groupmod -o -g 994 docker # verify $ getent group docker docker:x:994:marslo,devops $ getent group gl3 gl3:*:1994:
manager group users
add user into group
$ sudo usermod -a -G adm,root,docker,wheel devops $ sudo usermod -a -G sudo devops
remove user from group
$ gpasswd -d <account> <group> # or ubuntu $ sudo deluser <account> <group>
logout
$ pkill -KILL -u ${useranme}
or
$ who -uH NAME LINE TIME IDLE PID COMMENT devops pts/0 2022-06-14 05:44 00:17 41455 (192.168.1.1) marslo pts/1 2022-06-14 05:58 . 50162 (192.168.1.1) $ sudo kill 41455 $ who -uH NAME LINE TIME IDLE PID COMMENT marslo pts/1 2022-06-14 05:58 . 50162 (192.168.1.1)
-
# get login details $ loginctl # logout $ loginctl kill-user <username>
others
view users password properties in linux
$ chage -l marslo
Last password change : Mar 09, 2022
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
hash_algorithm
Code | Algorithm |
---|---|
$1 |
MD5 hashing algorithm |
$2 |
Blowfish Algorithm |
$3 |
Eksblowfish Algorithm |
$4 |
NT hashing algorithm |
$5 |
SHA-256 Algorithm |
$6 |
SHA-512 Algorithm |
service
enable/disable service
$ sudo systemctl enable --now kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /etc/systemd/system/kubelet.service
$ sudo systemctl disable --now docker
check service enable or not
$ sudo systemctl is-enabled firewalld
$ sudo systemctl is-active firewalld
- or
$ sudo firewall-cmd --state not running
start/stop service
$ sudo system start <service>
$ sudo system stop <service>
check log
$ journalctl -u docker -f
system encoding
references:
- Locale setting variables
- How to Change or Set System Locales in Linux
/etc/default/locale
– on Ubuntu/Debian/etc/locale.conf
– on CentOS/RHEL- Unicode characters in console logs do not print correctly in Workflow builds
- Locale
- How to set up a clean UTF-8 environment in Linux
- "Locale" issue on Linux CentOS & RHEL
- Chapter 43. Using langpacks
- How to add additional language support in CentOS/RHEL
important files:
/etc/default/locale
/etc/locale.gen
/etc/environment
/usr/share/locales
/var/lib/locales/supported.d/local
/usr/local/share/i18n/SUPPORTED
/usr/share/i18n/SUPPORTED
setup via environment
$ sudo bash -c 'cat >> /etc/bash.bashrc' << EOF
export LANG=en_US.UTF-8
export LANGUAGE=$LANG
export LC_COLLATE=$LANG
export LC_CTYPE=$LANG
export LC_MESSAGES=$LANG
export LC_MONETARY=$LANG
export LC_NUMERIC=$LANG
export LC_TIME=$LANG
export LC_ALL=$LANG
EOF
$ source /etc/bash.bashrc
check locale for account
$ sudo su -l -c locale <account> # i.e.: $ sudo su -l -c locale marslo LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL=en_US.UTF-8
setup via locale
command
$ apt-get install -y locales
$ sudo locale-gen en_US.UTF-8
$ sudo update-locale LANG=en_US.UTF-8
$ source /etc/default/locale
# or
$ sudo dpkg-reconfigure locales
# or
$ sudo localectl set-locale LANG=en_US.UTF-8,LC_ALL=en_US.UTF-8
- setup environment files
$ sudo bash -c 'cat >> /etc/environment' << EOF LANG="en_US.UTF-8" LANGUAGE="en_US:en:en_US:en" EOF
locales
CentOS8
installation
references:
- * Locale
- How to Fix “Failed to set locale, defaulting to C.UTF-8” in CentOS 8
- How do I change my locale to UTF-8 in CentOS?
- Set System Locale
- How to Change or Set System Locales in Linux?
- How To Install rxvt-unicode-terminfo on CentOS 8
locale.conf
files support the following environment variables.
LANG
LANGUAGE
LC_ADDRESS
LC_COLLATE
LC_CTYPE
LC_IDENTIFICATION
LC_MEASUREMENT
LC_MESSAGES
LC_MONETARY
LC_NAME
LC_NUMERIC
LC_PAPER
LC_TELEPHONE
LC_TIME
$ sudo dnf install -y langpacks-en glibc-all-langpacks glibc-langpack-en glibc-langpack-zh
$ sudo localectl set-locale LANG=en_US.UTF-8
# or
$ sudo localectl set-locale LANG=en_US.UTF-8 LANGUAGE=en_US:en:C:es_E
# option
$ sudo localedef -c -f UTF-8 -i en_US en_US.UTF-8
check
$ locale LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL=en_US.UTF-8 $ localectl status System Locale: LANG=en_US.UTF-8 LANGUAGE=en_US:en:C:es_ES VC Keymap: us X11 Layout: us $ localectl [--no-pager] list-locales
more options
$ yum list available | grep glibc-langpack
get infomation
$ locale -k LC_TIME
$ locale -k LC_TELEPHONE
$ locale -k LC_PAPER
# list all
$ locale -a
# or
$ localedef --list-archive
print out terminfo descriptions
references:
$ infocmp $ tput rmm $ sudo yum install *terminfo
langpacks
list
$ sudo yum list langpacks-*
$ sudo yum list installed langpacks*
$ sudo yum list available langpacks*
$ sudo yum repoquery --whatsupplements langpacks-<locale_code>
install
$ sudo yum install langpacks-<locale_code>
# i.e.:
$ sudo yum install -y langpacks-en langpacks-en_GB langpacks-zh_CN
# or saving disk space by using glibc-langpack-<locale_code>
$ sudo yum install -y glibc-common glibc-all-langpacks
# or
$ sudo yum install -y *langpacks
# or
$ sudo yum install -y glibc-minimal-langpack
# or
$ sudo yum install -y glibc-langpack-en
- chinese
$ sudo yum groupinstall "Chinese Support"
applications
disable lock screen in CentOS 8
manually
Applications
->Settings
->Poswer Manager
->Display
Applications
->Settings
->Screensaver
->Lock Screen
-
$ xset s off $ xset s noblank # disable the power management using dpms to power monitor down $ xset -dpms
via script
#!/bin/sh export DISPLAY=:0.0 xset s off xset s noblank xset -dpms
automatically lock the screen when idle
[!NOTE|label:references:]
$ gconftool-2 --type int --set /desktop/gnome/session/idle_delay 1
$ gconftool-2 --type bool --set /desktop/gnome/lockdown/disable_lock_screen false
sogou Pinyin input method
$ sudo add-apt-repository ppa:fcitx-team/nightly
$ sudo apt-get update
$ sudo apt-get install fcitx-sogoupinyin
$ # sudo apt-get remove ibus
specified terminal size
$ gnome-terminal --geometry=123x42+0+0
burn bootable usb stick
[!NOTE|label:references:]
Disk Utility -> Erase
- format:
MS-DOS (FAT)
- scheme:
GUID Partition Map
- format:
remove system
[!NOTE|label:references:]
remove
initrd.img
andvmlinuz-*
$ ls -altrh /boot/vmlinuz-6.2.0-39-generic /boot/initrd.img-6.2.0-39-generic -rw------- 1 root root 14M Nov 16 01:50 /boot/vmlinuz-6.2.0-39-generic -rw-r--r-- 1 root root 71M Jan 5 19:58 /boot/initrd.img-6.2.0-39-generic $ sudo rm -rf /boot/vmlinuz-6.2.0-39-generic /boot/initrd.img-6.2.0-39-generic
- update grub
$ sudo update-grub Sourcing file `/etc/default/grub' Sourcing file `/etc/default/grub.d/init-select.cfg' Generating grub configuration file ... Found linux image: /boot/vmlinuz-6.5.0-14-generic Found initrd image: /boot/initrd.img-6.5.0-14-generic Found linux image: /boot/vmlinuz-6.2.0-39-generic Found initrd image: /boot/initrd.img-6.2.0-39-generic Memtest86+ needs a 16-bit boot, that is not available on EFI, exiting Warning: os-prober will not be executed to detect other bootable partitions. Systems on them will not be added to the GRUB boot configuration. Check GRUB_DISABLE_OS_PROBER documentation entry. Adding boot menu entry for UEFI Firmware Settings ... done
Q&A
yum issue after python upgrade to 3.x
[!NOTE|label:references:]
issue
SyntaxError: invalid syntax File "/usr/libexec/urlgrabber-ext-down", line 28 except OSError, e: ^
solution
$ sed -r '1s/^(.*python)$/\12/g' -i /usr/libexec/urlgrabber-ext-down
- or change shebang from
#! /usr/bin/python
to#! /usr/bin/python2
$ vim /usr/libexec/urlgrabber-ext-down ... change '#! /usr/bin/python' to '#! /usr/bin/python2'
- or change shebang from
none of the providers can be installed in dnf upgrade
issue
$ sudo dnf update ... Last metadata expiration check: 0:01:44 ago on Tue 08 Aug 2023 08:43:40 PM PDT. Error: Problem 1: package authselect-compat-1.1-2.el8.x86_64 requires authselect(x86-64) = 1.1-2.el8, but none of the providers can be installed - cannot install both authselect-1.2.2-3.el8.x86_64 and authselect-1.1-2.el8.x86_64 - cannot install both authselect-1.1-2.el8.x86_64 and authselect-1.2.2-3.el8.x86_64 - cannot install the best update candidate for package authselect-compat-1.1-2.el8.x86_64 - cannot install the best update candidate for package authselect-1.1-2.el8.x86_64 Problem 2: package dbus-x11-1:1.12.8-9.el8.x86_64 requires dbus-daemon = 1:1.12.8-9.el8, but none of the providers can be installed - cannot install both dbus-daemon-1:1.12.8-14.el8.x86_64 and dbus-daemon-1:1.12.8-9.el8.x86_64 - cannot install both dbus-daemon-1:1.12.8-9.el8.x86_64 and dbus-daemon-1:1.12.8-14.el8.x86_64 - cannot install the best update candidate for package dbus-x11-1:1.12.8-9.el8.x86_64 - cannot install the best update candidate for package dbus-daemon-1:1.12.8-9.el8.x86_64 Problem 3: package libstdc++-devel-8.3.1-4.5.el8.x86_64 requires libstdc++(x86-64) = 8.3.1-4.5.el8, but none of the providers can be installed ...
upgrade bypass issue
[!NOTE] issue stills exists, but upgrade will be executed successfully
$ sudo yum upgrade --allowerasing --nobest Last metadata expiration check: 0:02:43 ago on Tue 08 Aug 2023 08:43:40 PM PDT. Dependencies resolved. Problem 1: cannot install the best update candidate for package cups-client-1:2.2.6-28.el8.x86_64 ... Problem 2: cannot install the best update candidate for package gcc-8.3.1-4.5.el8.x86_64 ... Problem 3: package rpm-libs-4.14.3-19.el8.x86_64 requires liblua-5.3.so()(64bit), but none of the providers can be installed ... Problem 4: cannot install the best update candidate for package python3-gobject-3.28.3-1.el8.x86_64 ... ======================================================================================================================= Package Arch Version Repository Size ======================================================================================================================= Upgrading: NetworkManager x86_64 1:1.32.10-4.el8 centos-baseos 2.6 M NetworkManager-libnm x86_64 1:1.32.10-4.el8 centos-baseos 1.8 M NetworkManager-team x86_64 1:1.32.10-4.el8 centos-baseos 148 k NetworkManager-tui x86_64 1:1.32.10-4.el8 centos-baseos 336 k ...
fix with erase conflict packges permanently
$ sudo dnf repolist repo id repo name baseos CentOS Linux 8 - BaseOS epel Extra Packages for Enterprise Linux 8 - x86_64 extras CentOS Linux 8 - Extras jfrog-cli jfrog-cli mono-centos8-stable mono-centos8-stable $ sudo dnf update --refresh --allowerasing $ sudo dnf distro-sync -y
ls: Argument list too long
references:
- * "Argument list too long": Beyond Arguments and Limitations
- * ARG_MAX, maximum length of arguments for a new process
- * Configuring HugePages for Oracle on Linux (x86-64)
- * Chapter 36. Configuring huge pages
- "Argument list too long": How do I deal with it, without changing my command?
- Argument list too long for ls
- setup ulimit
- How to avoid the limit in a shell
- Increasing number of huge pages exhausted memory
- 3 easy steps to configure hugepages in RHEL/CentOS 7/8
- Bug 1364332 - systemd --user does not load limits from /etc/security/limits.d/
- How to Increase Number of Open Files Limit in Linux
[!NOTE] config files
/etc/sysctl.conf
/etc/system
/etc/security/limits.conf
#Each line describes a limit for a user in the form: # #<domain> <type> <item> <value> # #Where: #<domain> can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit
/etc/limits.conf
/etc/security/limits.d/*.conf
/etc/security/limits.d/99-nproc-devops.conf
all modifications requires logout and login again
$ sudo pkill -u <username>
check the limit
$ getconf ARG_MAX
2097152
# or
$ echo $(( $(ulimit -s)*1024 / 4 ))
2097152
# check all
$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 320869
max locked memory (kbytes, -l) 16384
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 320869
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
# or
$ grep Huge /proc/meminfo
AnonHugePages: 43008 kB
ShmemHugePages: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
Hugetlb: 0 kB
check page size
$ cat /proc/sys/vm/nr_hugepages 0 # modify $ echo 17290 > /proc/sys/vm/nr_hugepages # or $ grep Hugepagesize /proc/meminfo Hugepagesize: 2048 kB
-
## centos7 $ grep GRUB_CMDLINE_LINUX /etc/default/grub GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet" # append `default_hugepagesz=1G` to GRUB_CMDLINE_LINUX GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet default_hugepagesz=1G" ## centos8 $ grep kernelopts /boot/grub2/grubenv kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet # append default_hugepagesz=1G to kernelopts kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet default_hugepagesz=1G
- rebuid bios & efi
# for bios booting $ sudo grub2-mkconfig -o /boot/grub/grub.cfg # for efi booting $ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
- rebuid bios & efi
setup ulimit
$ ulimit -s
8192
$ ulimit -s 65536
$ ulimit -s
65536
- via
limits.d
$ cat /etc/security/limits.d/99-nproc-devops.conf devops soft nproc 32768 devops soft nofile 65535
modify open file
# via sysctl
$ sudo sysctl -w fs.file-max=500000
fs.file-max = 500000
$ cat /proc/sys/fs/file-max
500000
# or via sysctl.conf
$ echo 'fs.file-max = 500000' >> /etc/sysctl.conf
# or via ulimit
$ ulimit -Sn 5000
# |
# v
# soft open file
$ ulimit -Hn 50000
# |
# v
# hard open file
# or
$ cat /etc/security/limits.conf
* hard nofile 50000
* soft nofile 5000
setup for particular group
# setup for group `marslo` and `docker`
$ cat /etc/security/limits.conf
...
@marslo - nofile 65535
@docker - nofile 65535
others
motd
motd
$ sudo chmod -x /etc/update-motd.d/00-header \
/etc/update-motd.d/10-help-text \
/etc/update-motd.d/50-motd-news
$ cat << 'EOF' > /etc/landscape/client.conf
[sysinfo]
exclude_sysinfo_plugins = Temperature, LandscapeLink
EOF
- motd upgrade disable
$ sudo mv /etc/update-motd.d/90-updates-available /etc/update-motd.d/org.90-updates-available.org
cockpit
$ sudo systemctl enable --now cockpit.socket
Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.
# visit via http://<ip.address>:9090
disable
$ sudo systemctl stop cockpit.socket $ sudo systemctl disable cockpit.socket
motd
- disable via
cockpit-ws
$ sudo yum remove -y cockpit-ws
disable in hard way
$ sudo ln -sfn /dev/null /etc/motd.d/cockpit # details # https://serverok.in/centos-8-disable-activate-the-web-console#comment-35367 $ cat /etc/issue.d/cockpit.issue // issue shows before login $ cat /etc/motd.d/cockpit // moted shows after login $ la /etc/motd.d/cockpit lrwxrwxrwx. 1 root root 17 Mar 15 2021 /etc/motd.d/cockpit -> /run/cockpit/motd $ la /etc/issue.d/cockpit.issue lrwxrwxrwx. 1 root root 17 Mar 15 2021 /etc/issue.d/cockpit.issue -> /run/cockpit/motd $ la /run/cockpit/motd lrwxrwxrwx. 1 root root 11 Jan 6 03:11 /run/cockpit/motd -> active.motd $ la /run/cockpit/active.motd -rw-r-----. 1 root wheel 80 Jan 6 03:11 /run/cockpit/active.motd
- disable via
package info
$ sudo yum search cockpit cockpit.x86_64 : Web Console for Linux servers $ sudo yum list installed | grep cockpit cockpit.x86_64 251.1-1.el8 @baseos cockpit-bridge.x86_64 251.1-1.el8 @baseos cockpit-packagekit.noarch 251.1-1.el8 @appstream cockpit-podman.noarch 33-1.module_el8.5.0+890+6b136101 @appstream cockpit-storaged.noarch 251.1-1.el8 @appstream cockpit-system.noarch 251.1-1.el8 @baseos cockpit-ws.x86_64 251.1-1.el8 @baseos $ rpm -ql cockpit-ws.x86_64 /etc/cockpit /etc/cockpit/ws-certs.d /etc/issue.d/cockpit.issue /etc/motd.d/cockpit // for moted /etc/pam.d/cockpit ...