linux:ubuntu:ubuntu [IT Wiki]

This is an old revision of the document!

apt-get

Examples:

sudo apt-get install ubuntu-desktop
sudo apt-get clean                                          #Clean "/var/cache/apt/archives" (programms installed with apt-get are saved in)
sudo apt-get install gdm
apt-get install --reinstall package
sudo /etc/init.d/gdm start
sudo dpkg-reconfigure xserver-xorg

sudo aptitude install kubuntu-desktop

apt-get install linux-image-3.2.0-24-generic linux-headers-3.2.0-24-generic

apt-get install build-essential                             #Compiler
apt-get install bridge-utils                                #if you want to use a network bridge interface
apt-get install lm-sensors                                  #run once "sensors-detect", than "sensors" to get e.g. cpu temperature and more
apt-get install ntp ntpdate                                 #timeserver 
apt-get install libssl-dev
apt-get install apache2 php5 php5-mysql mysql-server   #LAMP = Linux, Apache, MySQL, PHP
apt install php libapache2-mod-php
apt-get install php5-mongo
apt-get install net-tools                                   #arp, ifconfig, netstat, rarp, nameif and route
apt-get install lvm2
apt-get install nfs-kernel-server 
apt-get install nfs-common 
apt-get --reinstall install screen 
sudo apt-get install phpmyadmin
apt-get install samba samba-common-bin smbclient cifs-utils
apt-get install smbclient cifs-utils
sudo apt-get install fwbuilder
apt-get install isc-dhcp-server
apt-get install isc-dhcp-relay
apt-get install nsca                                        #Passiv check monitoring client for nagios/ icinga
sudo aptitude install build-essential
apt-get install ia32-libs                                   #32-bit compatibility libraries
apt-get install lib32z1 lib32ncurses5 lib32bz2-1.0          #32-bit compatibility libraries for Ubuntu Server 14.4 LTS
apt-get install libssl-dev                                  #openssl-devel
apt-get install lib32nss-mdns 
apt-get install openjdk-7-jdk
apt-get -s install awstats                                  #Option "-s" simulates an installation process  
apt-get install ocfs2-tools ocfs2console                    #Install ocfs2
dpkg-reconfigure ocfs2-tools                                #To configure ocfs2
apt-get install cifs-utils                    
apt-get install mailutils
apt-get install libncurses5-dev                             #Mysql
apt-get --only-upgrade install package_name                 #Only update the package "package_name" (run previously as always "apt-get update"!)

apt-mark hold [Package]                                     #hold back [Package] 	
apt-mark unhold [Package]                                   #remove hold back from [Package]
apt-mark showhold                                           #show the packages that are kept in "hold" state
dpkg -l | grep "^hi"                                        #search for all lines that begin with "hi" which are initials for "hold" and "installed"

apt-cache madison docker-ce                                 #show available versions

apt-get install -y docker-ce=5:18.09.9~3-0~ubuntu-xenial --allow-downgrades
 
sudo update-rc.d -f gdm remove
sudo update-rc.d gdm stop 01 0 1 6 .
sudo reboot

sudo killall gdm                                            #kill the X-server

dpkg --list |grep postgres
dpkg --purge  postgresql-8.4 
rm -r /usr/share/postgresql/8.4/tsearch_data 
rm -r /etc/postgresql-common 
dpkg --purge  postgresql-client-common
dpkg --purge  postgresql-common 
aptitude autoclean
aptitude search mysql
aptitude clean postgresql-8.4
dpkg --list |grep postgres 
dpkg-reconfigure tzdata                                     #timezone set
dpkg-reconfigure locales                                    #system language
aptitude install postgresql
aptitude reinstall perl-base
hwe-support-status --verbose
ubuntu-support-status
systemctl stop apt-daily.timer
systemctl disable apt-daily.timer
apt-get install linux-generic-lts-xenial
dpkg -s motion | head -n5                                   #show package infos, status, dependencies...

Repair:

apt-get -f install
apt-get autoremove
apt-get purge
apt-get clean
apt --fix-broken install
apt-get --fix-broken install

apt-key

If there´s an error by executing “apt-get update” such as:

GPG error: http://repo.mysql.com trusty InRelease: The following signatures were invalid: KEYEXPIRED 1487236823 KEYEXPIRED 1487236823 KEYEXPIRED 1487236823

You can solve it by running

apt-key list | grep expired

Output:

pub   1024D/5072E1F5 2003-02-03 [expired: 2017-02-16]

To solve it run:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 5072E1F5

and

apt-get update

again.

Update key:

apt-key adv --keyserver-options http-proxy=http://PROXYIP:8080 --keyserver hkp://keyserver.ubuntu.com:80 --recv <KEY>
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv

System update

To update all packages run:

apt-get update                          #Checks and downloads Packages
apt-get dist-upgrade                    #Updates System (all installed packages)
do-release-upgrade

If you encounter problems if you are behind a proxy please enter into

/etc/apt/apt.conf

the following information

Acquire::http::Proxy "http://1.2.3.4:8080";
Acquire::https::Proxy "https://127.0.0.1:8080";

To keep a package back:

apt-mark hold [Package]                 #Hold back [Package] 	
apt-mark unhold [Package]               #Remove hold back from [Package]

Security Update

If you just want to patch security packages:

grep security /etc/apt/sources.list > /tmp/security.list
grep -P '^[ \t]*[^#[ \t]+' /etc/apt/sources.list
apt-get upgrade -o Dir::Etc::Sourcelist=/tmp/security.list -s    #just a test
apt-get upgrade -o Dir::Etc::Sourcelist=/tmp/security.list       #patch security packages

Webmin

https://wiki.ubuntu.com/webmin

apt-get install libnet-ssleay-perl libauthen-pam-perl libio-pty-perl apt-show-versions libapt-pkg-perl
apt-get update
apt-get install libnet-ssleay-perl libauthen-pam-perl libio-pty-perl libmd5-perl apt-show-versions

Initrd

To update the initrd:

update-initramfs -c -k 3.2.0-23-generic        #Kernel-version 3.2.0-23-generic
update-initramfs -k all -c
update-grub

Init

service --status-all
initctl list

Grub Rescue

http://www.it-muecke.de/grub-rescue

Check Version

lsb_release -a

UPGRADE VERSION/ Distribution

sudo do-release-upgrade

Alternativ way:

Make backup of sources.list file:

cp /etc/apt/sources.list /etc/apt/sources.list.bku

and

cp -r /etc/apt/sources.list.d/ /etc/apt/sources.list.d.bak

Edit sources.list and add new repositary such as:

deb http://de.archive.ubuntu.com/ubuntu natty main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu natty main restricted universe multiverse

deb http://de.archive.ubuntu.com/ubuntu natty-updates main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu natty-updates main restricted universe multiverse

deb http://de.archive.ubuntu.com/ubuntu natty-security main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu natty-security main restricted universe multiverse

Check also:

http://wiki.ubuntuusers.de/sources.list

Update sources:

apt-get update

Update distribution:

apt-get dist-upgrade

Unattended-upgrades:

To disable edit “/etc/apt/apt.conf.d/10periodic” as follows:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";

APTITUDE

aptitude search
aptitute install

Install

sudo  tasksel    #Opens pattern install menu such as LAMP like during OS installation

Problems

To solve package problems for a particular package, delete related package-names in

/var/lib/dpkg/info/
/var/cache/apt/archives/

and run

apt-get -f install
apt-get update

ulimit

Online:

ulimit -n 64000

Persistant (reboot required):

vi /etc/security/limits.conf

  * soft nofile 64000
  * hard nofile 64000
  username soft nofile 64000
  username  hard nofile 64000
  root soft nofile 64000
  root hard nofile 64000

Network

The following config (/etc/network/interfaces) shows a bonding interface (eth0, eth2) and a third networkdevice configuration (eth1):

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto bond0
iface bond0 inet static
        address 192.168.64.127
        netmask 255.255.255.0
        network 192.168.64.0
        broadcast 192.168.64.255
        gateway 192.168.64.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.63.4 192.168.63.8
        dns-search my-domain.local
        #slaves eth0 eth2
        #bond_mode 0
        #bond_miimon 100
        #bond_updelay 200
        #bond_downdelay 200
        post-up ifenslave bond0 eth0 eth2
        pre-down ifenslave -d bond0 eth0 eth2

#iSCSI Network Interface
auto eth1
iface eth1 inet static
        address 192.168.254.55
        netmask 255.255.255.0
        network 192.168.254.0
        broadcast 192.168.254.255
#        gateway 192.168.254.1
        # dns-* options are implemented by the resolvconf package, if installed
        
auto eth1:1
iface eth1:1 inet static
        address 10.0.0.10
        netmask 255.255.255.0

DHCP:

auto eth0
iface eth0 inet dhcp

Timezone, Date & Time

timedatectl set-timezone Europe/Berlin
timedatectl 
dpkg-reconfigure tzdata 
timedatectl set-time 23:01 
timedatectl set-time 2017-10-08 23:01 
systemctl status systemd-timesyncd
systemctl restart systemd-timesyncd

Resolv.conf

sudo rm /etc/resolv.conf
sudo dpkg-reconfigure resolvconf

HOSTNAME

1) edit /etc/hostname, to e.g. yourhost.dyndns.org

2) run : hostname -F /etc/hostname

3) edit /etc/hosts accordingly

Command:

hostnamectl set-hostname NEW_NAME_HERE

Upstart

Upstart is a new way to start services. The old way (/etc/init.d) is still relevant, as upstart still uses (dependant on the service) init-scripts. Upstart scripts are located in

/etc/init

Upstart services are started via:

service servicename start/stop/restart

Links:

http://wiki.ubuntuusers.de/Upstart

Autostart Service

To check status of all services:

service --status-all

Running: + 
Not running: -
Status not known: ?

To add a service to autostart use:

/usr/lib/insserv/insserv -d servicename         #Add service "servicename" to autostart - a init-script is required!
/usr/lib/insserv/insserv -r servicename         #Remove service "servicename" from autostart

or

update-rc.d apache2 defaults                    #Add service apache to autostart with default runlevels
update-rc.d -f apache2 remove                   #Remove service apache from autostart

Ubuntu >= 16.04:

sudo systemctl is-enabled mysql.service
sudo systemctl disable mysql.service
sudo systemctl enable mysql.service

Proxy

To update your system via “apt-get” behind a http proxy, edit or create file

/etc/apt/apt.conf

and put following syntax inside:

Acquire::http::Proxy "http://PROXY_FQDN_or_IP:8080";

and if https is required

Acquire::https::Proxy "https://PROXY_FQDN_or_IP:8080";

To set a general system proxy:

export https_proxy=https://IP:Port
export http_proxy=https://IP:Port
export http_proxy=http://username:password@proxy_host:proxy_port
export https_proxy=https://username:password@proxy_host:proxy_port
export no_proxy="localhost,127.0.0.1,test.local"

Locale

locale -a                               #show available locale
cat /usr/share/i18n/SUPPORTED           #show supported locale
locale-gen de_DE.UTF-8                  #generate locale
update-locale LANG=de_DE.UTF-8          #update locale
locale                                  #check configure locale
cat /etc/default/locale                 #check configure locale

SFTP

1. Add user:

useradd -d /path/to/home -u 3200 -g mygroup -s /bin/false -c "FTP User sftp01" sftp01

2. Add to “/etc/ssh/sshd_config” and restart ssh “systemctl restart ssh.service” or “/etc/init.d/ssh restart”:

AllowGroups mygroup 
#Subsystem sftp /usr/lib/openssh/sftp-server                 #SLES11
Subsystem sftp /usr/lib/ssh/sftp-server                      #SLES12       
#Subsystem sftp internal-sftp                                #SLES12
#Personal
#Match Group sftponly
Match User sftp01
ForceCommand internal-sftp                                   #forces the SSH server to run the SFTP server upon login, disallowing shell access
#PasswordAuthentication yes                                  #only key-auth is allowed
ChrootDirectory /home/sftp01                                 #ensures that the user will not be allowed access to anything beyond the "/home/sftp01" directory
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PermitRootLogin no

Note: Path to “ChrootDirectory” has to be owned completely by “root:root”!

3. Edit “/etc/fstab”:

The mountpoint (“/home/sftp01”) must contain “nodev,nosuid”. Example:

UUID=ed376e96-2183-43dd-862c-02fa3e6c5223 /home/sftp01 xfs  defaults,nodev,nosuid  1 2

Note: This ist just required, if the “ChrootDirectory” is not owned by root!

Remount on the fly: mount -o remount,noatime /mountpoint

4. Create a key pair for key authentification:

https://www.tmade.de/wiki/doku.php?id=linux:ssh#ssh_key-authentication

Put “authorized_keys” file into “~/.ssh/authorized_keys” of the related user.

Note: The “authorized_keys” file must contain the content of “id_rsa.pub”!

Example configurations:

Match user user1
ChrootDirectory /srv/sftp/user1
Match user user2
ChrootDirectory /srv/sftp/user2
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp

or

Match User bob,joe,phil
#Match Group users_with_no_ssh      
        ChrootDirectory /home/%u/
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTCPForwarding no
        #AcceptEnv RESTIC_REPOSITORY RESTIC_PASSWORD
        ForceCommand /bin/echo 'We talked about this guys. No SSH for you!'

Check ssh-config:

sshd -t                       #command to check for syntax errors in your configuration file
sshd -T                       #output active directives

MISC

Editor

select-editor                                                  #set default editor

Force checking devices on next system startup:

touch /forcefsck

Useradd + password

Useradd and set password in one step (without adding to history):

adduser.sh

read -p "Please enter Username: " USER
echo "Username: \"$USER\""
read -p "Please enter Password: " PW
echo "Password \"$PW\""
useradd -m -p $(openssl passwd -1 "$PW") $USER
echo "User: \"$USER\" added!"

Search

Switch on “page up” and “page down” to search/ auto completition history (edit “/etc/inputrc”):

cat /etc/inputrc | grep search

Change

  
# alternate mappings for "page up" and "page down" to search the history
#"\e[5~": history-search-backward
#"\e[6~": history-search-forward

to

  
# alternate mappings for "page up" and "page down" to search the history
"\e[5~": history-search-backward
"\e[6~": history-search-forward

History:

https://www.howtogeek.com/howto/44997/how-to-use-bash-history-to-improve-your-command-line-productivity/

Table of Contents