Breaking News

Linux Daily Hands-on Command

9:37 AM
 Pada artikel ini merupakan list perintah yang sering digunakan dalam operasi linux. Isi perintah akan di update secara berkala.
updated: Feb 22, 2025 

#setting clock server
timedatectl set-local-rtc 0
timedatectl set-ntp false
timedatectl set-timezone Asia/Jakarta
hwclock -r atau hwclock --show
date +%T -s "00:00:00" atau date --set="2023-03-29 06:24:25.990"
hwclock --systohc

#operasi kernel
#terminal flooding
nano /proc/sys/kernel/printk
ubah value dari 7       4       1       7 menjadi 3413
  • CUR = current severity level; only messages more important than this level are printed
  • DEF = default severity level assigned to messages with no level
  • MIN = minimum allowable CUR
  • BTDEF = boot-time default CUR
                     CUR  DEF  MIN  BTDEF
0 - emergency        x              x                        
1 - alert            x         x    x
2 - critical         x              x
3 - error            x              x
4 - warning          x    x         x
5 - notice           x              x
6 - informational    V              V
7 - debug
 
 
 #operasi direktory
#merubah semua directory ke 755 recursive
find /var/www/html -type d -exec chmod 755 {} \;
 #merubah semua file ke 644 recursive
find /var/www/html -type f -exec chmod 644 {} \;
 //#find berapa banyak file yang ada di dalam folder
find /tmp/ -maxdepth 1 -type f | wc -l

//melihat isi file di dalam targz tanpa extract
tar -tf xx.tar.gz > isifile.txt

//#find file and delete
find . -type f -name ".htaccess" -exec rm -f "{}" ;

//#melihat filesize dalam satu folder
du -h --max-depth=1 /home/

//#mencari text di dalam file
grep -Rnw '/home/' -e 'gacor'
//mencari text di dalam file dan direktori lalu menghapus baris yang mengandung text tersebut
grep -rl 'text_to_search' . | xargs sed -i '/text_to_search/d'
//pada server dev menerapkan setfacl ditandai dengan adanya tanda + pada akhir file/folder
getfacl /directory-path/
setfacl -Rm u:username:rwx /home/folder/public_html/
setfacl -Rm g:nobody:rwx /home/folder/public_html/
setfacl -Rm o:nobody:r-x /home/folder/public_html/

//disable directory indexing
nano /etc/apache2/conf-enabled/security.conf
Options -Indexes -Includes

//Secure http header using x-frame-option from clickjacking
nano /etc/apache2/conf-enabled/security.conf
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"

a2enmod headers
service apache2 restart

//Set header to use HttpOnly
nano /etc/apache2/conf-enabled/security.conf
Header edit Set-Cookie ^(.*)$ $1;HttpOnly

a2enmod headers
service apache2 restart

//Secure HTTP Server Type and Version disclosure
nano /etc/apache2/conf-enabled/security.conf
ServerTokens Prod
ServerSignature Off
TraceEnable Off

//Secure HSTS issue
nano /etc/apache2/sites-available/default-ssl.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

a2enmod headers
service apache restart

//Secure from SSH weak algorithms
nano /etc/ssh/ssh_config
//Uncomment following line
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,hmac-ripemd160

service ssh restart

//Prevent HTTP TRACE/TRACK Methods Allowed
nano /etc/apache2/conf-enabled/security.conf
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

Order allow,deny
Allow from all
<LimitExcept POST GET>
Deny from all
</LimitExcept>

service apache2 restart

//Disable etag header
nano /etc/apache2/conf-enabled/security.conf
Header unset ETag
FileETag None

a2enmod headers
service apache2 restart

//Hide sensitive files from web server
nano /etc/apache2/conf-enabled/security.conf
<FilesMatch ".(bak|txt|save|~)$">
Order allow,deny
Deny from all
</FilesMatch>
#operasi resources

#operasi process
nano /etc/rc/local
renice -n -15 -u mysql
renice -n -10 -u nobody

nano /root/.profile
renice -n -15 -u mysql
renice -n -10 -u nobody
#operasi memory dan swap
nano /home/umk/clearcache.sh
//#!/bin/bash
echo 3 > /proc/sys/vm/drop_caches

crontab -e
0 [/4  \ **] /home/umk/clearcache.sh
#operasi repository
#edit repo centos7 eol 
sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum update -y && yum upgrade -y
 #operasi log
tail -n 100 /var/log/sample.log | grep 'string' 
#operasi database
tuning mariadb
nano /etc/security/limits.conf
//custom script
mysql hard nofile 65535
mysql soft nofile 65535

nano /usr/lib/systemd/system/mariadb.service
[Service]
//custom script
LimitNOFILE=65535

nano /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
max_connections = 300

systemctl daemon-reload
service mariadb restart
mysql -u root -p
show variables like "max_connections";

//database show realtime status
SHOW STATUS WHERE variable_name = 'Max_used_connections';
SHOW STATUS WHERE variable_name = 'Threads_connected';
show session status;
mysqladmin -u -p extended-status | grep -wi 'threads_connected|threads_running' | awk '{ print $2,$4}'

//sql_mode
//NO_ZERO_IN_DATE,NO_ZERO_DATE akan menyebabkan query tidak dapat insert pada date values "null" atau "0000-00-00"
default: sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
resize: sql_mode = "STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
#operasi php
tuning PHP.INI
disable_functions = phpinfo,curl_multi_exec,popen,passthru,exec,popen, symlink,proc_open,shell_exec,show_source,allow_url_fopen,system,passthru, parse_ini_file,show_source,proc_open,php_uname,posix_getpwuid,setenv, main,apache_setenv,putenv,mail,link,mb_send_mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority
expose_php = Off
allow_url_fopen = Off
allow_url_include= Off
date.timezone = "Asia/Jakarta"
#apps laravel
sudo chmod -R 777 ./storage
php artisan down
php artisan config:clear
php artisan cache:clear
//for clear all cached data at once
php artisan optimize:clear
php artisan up
#htaccess laravel
<IfModule mod_rewrite.c>
RewriteEngine On
//NOT needed unless you're using mod_alias to redirect
RewriteBase /
//Direct all requests to /public folder
RewriteCond %{REQUEST_URI} !/public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
 

No comments

Subscribe to: Post Comments ( Atom )