- name: Public key is deployed to managed hosts for Ansible
hosts: all
tasks:
- name: Ensure key is in root's ~/.ssh/authorized_hosts
authorized_key:
user: root
state: present
key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub
#redirect stdout to overwrite a file
command > file
#redirect stdout to append to a file
command >> file
#redirect stderr to overwrite a file
command 2> file
#discard stderr error messages by redirecting to /dev/null
command 2> /dev/null
#redirect stdout and stderr to overwrite the same file
command > file 2>&1
command &>file
#redirect stdout and stderr to append to the same file
command >> file 2>&1
command &>>file
Bash shell expansions
{item1,item2…} for each of the items in the list
$VARIABLE – include the value of the variable
$() command substitution, execute the command and use the STDOUT results within the current command e.g.: echo The day is $(date +%A).
glob pattern
results
*
zero or more characters.
?
A single character
[abc...]
Any one character in the selection
[!abc...]
Any one character not in the selection
[^abc...]
Any one character not in the selection
[[:alpha:]]
Any single alphabetic character
[[:lower:]]
Any single lowercase character
[[:upper:]]
Any single uppercase character
[[:alnum:]]
Any single alphabetic character or digit
[[:punct:]]
Any single printable character not a space or alphanumeric
[[:digit:]]
Any single digit from 0 to 9.
[[:space:]]
Any single white space character
SELinux
# list processes with SELinux contexts
ps axZ
#list files with SELinux contexts
ls -Z
# Manage system wide SELinux
/etc/selinux/config
getenforce
setenforce
# he kernel argument enforcing=0 boots the system into permissive mode;
# enforcing=1 sets enforcing mode.
# Disable SELinux completely by passing on the kernel parameter
# selinux=0 disables
# selinux=1 enables
# change context temporarily:
chcon -t httpd_sys_content_t
# restore default contexts recursively -R with verbose output -v:
restorecon -Rv [directory|file]
# Inspect contexts
semanage fcontext -l
# Apply new context permanently (all files and directories below /virtual):
semanage fcontext -a -t httpd_sys_content_t '/virtual(/.*)?'
restorecon -RFvv /virtual
# SELinux boolean controls
# list all current boolean settings:
getsebool -a
# switch a boolean on or off temporarily:
setsebool <boolean name> [on|off]
# switch a boolean on or off permanently:
setsebool -P <boolean name> [on|off]
# list boolean states running which differ from the default state :
semanage boolean -l -C
# Investigate SELinux events:
tail /var/log/audit/audit.log
# look for "type=AVC" or "avc: denied" or "scontext="
tail /var/log/messages
# look for "SELinux is preventing" and within the log "sealert -l <identifier>"
# To gather more detailed information on the SELinux event, using the identifier in the messages log:
sealert -l <identifier>
# also you can search messages for SELinux via:
ausearch -m AVC -ts recent
Disk Management
# list all block devices
lsblk
# list /dev/vda partition table
parted /dev/vda print
# first define the partition table type
parted /dev/vda mklabel [msdos|gpt]
# create a partition of type xfs from the start to 1GB in size
parted /dev/vda mkpart primary xfs 2048s 1000MB
# for swap for the next logical partition and 500MB in size:
mkfs.xfs /dev/vda mkpart <name> linux-swap 1001MB 1501MB
swapon /dev/vda2
swapon --show
# make it permanent
lsblk --fs /dev/vda2
UUID=cb7f71ca-ee82-430e-ad4b-7dda12632328 swap swap defaults 0 0
# format that parition with a filesystem
mkfs.xfs /dev/vda1