{"id":82,"date":"2017-03-22T07:46:05","date_gmt":"2017-03-22T07:46:05","guid":{"rendered":"http:\/\/faq.graven-ict.nl\/wordpress\/?p=82"},"modified":"2017-06-26T12:35:24","modified_gmt":"2017-06-26T12:35:24","slug":"linux-7-sheatcheat","status":"publish","type":"post","link":"https:\/\/wiki.graven-ict.nl\/wordpress\/linux-7-sheatcheat\/","title":{"rendered":"Linux 7 cheatsheet"},"content":{"rendered":"<p># Enterprise Linux 7 (RedHat, CentOS)<\/p>\n<p>Last Modified: 2015-01-20 16:12:38<\/p><div id=\"grave-2633573351\" class=\"grave-content grave-entity-placement\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1970734611769428\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:inline-block;width:728px;height:90px;\" \ndata-ad-client=\"ca-pub-1970734611769428\" \ndata-ad-slot=\"1820224830\"><\/ins> \n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<p>Command cheat sheet for EL7. For every action, I try to give the &#8216;canonical&#8217; command, as recommended by RedHat. That means using `systemd`, NetworkManager, `journald`, etc.<\/p>\n<p>## Network configuration<\/p>\n<p>| Action                             | Command                                       |<br \/>\n| :&#8212;                               | :&#8212;                                          |<br \/>\n| List interfaces (and IP addresses) | `ip address`, `ip a`                          |<br \/>\n| Route table                        | `ip route`, `ip r`                            |<br \/>\n| DNS servers                        | `cat \/etc\/resolv.conf`                        |<br \/>\n| Set IP address of an interface*    | `ip address add 192.168.56.1\/24 dev vboxnet0` |<\/p>\n<p>(*) This example is actually a workaround for a [bug](https:\/\/bugzilla.gnome.org\/show_bug.cgi?id=731014) that causes NetworkManager 0.9.9 to manage virtual network interfaces.<\/p>\n<p>### Host name<\/p>\n<p>There are *three* kinds of host names:<\/p>\n<p>&#8211; Static: &#8220;traditional&#8221; host name, stored in `\/etc\/hostname`<br \/>\n&#8211; Transient: dynamic, set in kernel. Default value is the static host name, can be set by e.g. DHCP or mDNS.<br \/>\n&#8211; Pretty: free form, for presentation to the user. Default value is the static host name.<\/p>\n<p>| Action                 | Command                                         |<br \/>\n| :&#8212;                   | :&#8212;                                            |<br \/>\n| Get hosti names        | `hostnamectl`                                   |<br \/>\n| Set (all) host names   | `hostnamectl set-hostname HOSTNAME`             |<br \/>\n| Set specific host name | `hostnamectl set-hostname &#8211;static HOSTNAME`    |<br \/>\n|                        | `hostnamectl set-hostname &#8211;transient HOSTNAME` |<br \/>\n|                        | `hostnamectl set-hostname &#8211;pretty HOSTNAME`    |<br \/>\n|                        |                                                 |<\/p>\n<p>### Resources<\/p>\n<p>* [RedHat Enterprise Linux 7 Networking Guide](https:\/\/access.redhat.com\/site\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7-Beta\/html\/Networking_Guide\/index.html)<br \/>\n* [Fedora Wiki: Networking\/CLI](https:\/\/fedoraproject.org\/wiki\/Networking\/CLI)<br \/>\n* [RHEL 7: How to get started with Systemd](http:\/\/www.certdepot.net\/rhel7-get-started-systemd\/), at certdepot.net<\/p>\n<p>## Managing services with `systemctl`<\/p>\n<p>| Action                                      | Command                                          |<br \/>\n| :&#8212;                                        | :&#8212;                                             |<br \/>\n| List services                               | `systemctl list-units &#8211;type service`            |<br \/>\n| Query SERVICE status                        | `sudo systemctl status SERVICE.service`          |<br \/>\n| List failed services on boot                | `sudo systemctl &#8211;failed`                        |<br \/>\n| Start SERVICE                               | `sudo systemctl start SERVICE.service`           |<br \/>\n| Stop SERVICE                                | `sudo systemctl stop SERVICE.service`            |<br \/>\n| Restart SERVICE                             | `sudo systemctl restart SERVICE.service`         |<br \/>\n| *Kill* SERVICE (all processes) with SIGTERM | `sudo systemctl kill SERVICE.service`            |<br \/>\n| *Kill* SERVICE (all processes) with SIGKILL | `sudo systemctl kill -s SIGKILL SERVICE.service` |<br \/>\n| Start SERVICE on boot                       | `sudo systemctl enable SERVICE.service`          |<br \/>\n| Don&#8217;t start SERVICE on boot                 | `sudo systemctl disable SERVICE.service`         |<\/p>\n<p>## Runlevels<\/p>\n<p>Run with root privileges (`sudo`)<\/p>\n<p>| Action                     | Command                                  |<br \/>\n| :&#8212;                       | :&#8212;                                     |<br \/>\n| Go to single user mode     | `systemctl rescue`                       |<br \/>\n| Go to multi-user mode      | `systemctl isolate multi-user.target`    |<br \/>\n| (= old runlevel 3)         | `systemctl isolate runlevel3.target`     |<br \/>\n| Go to graphical level      | `systemctl isolate graphical.target`     |<br \/>\n| Get default runlevel       | `systemctl get-default`                  |<br \/>\n| Set default runlevel       | `systemctl set-default graphical.target` |<br \/>\n| Shutdown                   | `systemctl poweroff`                     |<br \/>\n| Reboot, suspend, hibernate | `systemctl STATE`                        |<\/p>\n<p>### Resources<\/p>\n<p>* [RedhHat 7 System Administrator&#8217;s Guide](https:\/\/access.redhat.com\/site\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7-Beta\/html\/System_Administrators_Guide\/sect-Managing_Services_with_systemd-Services.html)<br \/>\n* [Systemd for Administrators, Part IV: Killing Services](http:\/\/0pointer.de\/blog\/projects\/systemd-for-admins-4.html)<\/p>\n<p>## Perusing system logs<\/p><div id=\"grave-1366795160\" class=\"grave-content_2 grave-entity-placement\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1970734611769428\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:inline-block;width:728px;height:90px;\" \ndata-ad-client=\"ca-pub-1970734611769428\" \ndata-ad-slot=\"1820224830\"><\/ins> \n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<p>On Linux distros based on systemd, logs can be viewed using the `journalctl` command. This requires root privileges. However, users that are members of the `adm` group get access as well. So, add your user to the `adm` group to make viewing logs easier.<\/p>\n<p>| Action                               | Command                                                       |<br \/>\n| :&#8212;                                 | :&#8212;                                                          |<br \/>\n| Show log since last boot             | `journalctl -b`                                               |<br \/>\n| Kernel messages (like `dmesg`)       | `journalctl -k`                                               |<br \/>\n| Show latest log and wait for changes | `journalctl -f`                                               |<br \/>\n| Reverse output (newest first)        | `journalctl -r`                                               |<br \/>\n| Show only errors and worse           | `journalctl -b -p err`                                        |<br \/>\n| Filter on time (example)             | `journalctl &#8211;since=2014-06-00 &#8211;until=&#8221;2014-06-07 12:00:00&#8243;` |<br \/>\n| Since yesterday                      | `journalctl &#8211;since=yesterday`                                |<br \/>\n| Show only log of SERVICE             | `journalctl -u SERVICE`                                       |<br \/>\n| Match executable, e.g. `dhclient`    | `journalctl \/usr\/sbin\/dhclient`                               |<br \/>\n| Match device node, e.g. `\/dev\/sda`   | `journalctl \/dev\/sda`                                         |<\/p>\n<p>### &#8220;Traditional&#8221; logs<\/p>\n<p>Traditionally, logs are text files in `\/var\/log`. Some services still write their logs to these text files and not to journald.<\/p>\n<p>| Action                                      | Command                 |<br \/>\n| :&#8212;                                        | :&#8212;                    |<br \/>\n| Live view of log FILE                       | `tail -f \/var\/log\/FILE` |<br \/>\n| Colorized live view of boot\/kernel messages | `dmesg -wH`             |<\/p>\n<p>### Resources<\/p>\n<p>* [Systemd for Administrators, Part XVII: Using the journal](http:\/\/0pointer.de\/blog\/projects\/journalctl.html)<\/p>\n<p>## Configuring the firewall with `firewalld`<\/p>\n<p>The `firewalld-cmd` should run with root privileges, do always use `sudo`.<\/p>\n<p>| Action                           | Command                                                          |<br \/>\n| :&#8212;                             | :&#8212;                                                             |<br \/>\n| Firewall state                   | `firewall-cmd &#8211;state`                                           |<br \/>\n| Reload permanent rules           | `firewall-cmd &#8211;reload`                                          |<br \/>\n| Currently enabled features       | `firewall-cmd &#8211;list-all-zones`                                  |<br \/>\n| List supported zones             | `firewall-cmd &#8211;get-zones`                                       |<br \/>\n| List preconfigured services      | `firewall-cmd &#8211;get-services`                                    |<br \/>\n| Enabled features in current zone | `firewall-cmd &#8211;list-all`            |<br \/>\n| Enabled features in zone         | `firewall-cmd [&#8211;permanent] [&#8211;zone=ZONE] &#8211;list-all`            |<br \/>\n| Enable a service in zone         | `firewall-cmd [&#8211;permanent] [&#8211;zone=ZONE] &#8211;add-service=http`    |<br \/>\n| Remove service frome zone        | `firewall-cmd [&#8211;permanent] [&#8211;zone=ZONE] &#8211;remove-service=http` |<br \/>\n| Enable a port in zone            | `firewall-cmd [&#8211;permanent] [&#8211;zone=ZONE] &#8211;add-port=80\/tcp`     |<br \/>\n| Remove a port from zone          | `firewall-cmd [&#8211;permanent] [&#8211;zone=ZONE] &#8211;remove-port=80\/tcp`  |<br \/>\n| Turn panic mode on               | `firewall-cmd &#8211;panic-on`                                        |<br \/>\n| Turn panic mode off              | `firewall-cmd &#8211;panic-off`                                       |<br \/>\n|                                  |                                                                  |<\/p>\n<p>* Configuration is stored in `\/etc\/firewalld` and `\/usr\/lib\/firewalld`<br \/>\n* The default zone is `public`, which you don&#8217;t have to specify on the command line when adding\/removing rules<br \/>\n* Adding permanent rules<\/p>\n<p>### Resources<\/p>\n<p>* [Using Firewalls, in *RHEL 7 Security Guide*](https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Security_Guide\/sec-Using_Firewalls.html)<br \/>\n* [FirewallD, in *Fedora Project Wiki*](https:\/\/fedoraproject.org\/wiki\/FirewallD#Using_firewall-cmd)<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Enterprise Linux 7 (RedHat, CentOS) Last Modified: 2015-01-20 16:12:38 Command cheat sheet for EL7. For every action, I try to give the &#8216;canonical&#8217; command, as recommended by RedHat. That means using `systemd`, NetworkManager, `journald`, etc. ## Network configuration | Action | Command | | :&#8212; | :&#8212; | | List interfaces (and IP addresses) ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.graven-ict.nl\/wordpress\/linux-7-sheatcheat\/\" title=\"Meer lezen...\">Lees meer<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,12],"tags":[],"class_list":["post-82","post","type-post","status-publish","format-standard","hentry","category-linux","category-redhatcentos-rpm-based"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/posts\/82","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/comments?post=82"}],"version-history":[{"count":2,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/posts\/82\/revisions"}],"predecessor-version":[{"id":85,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/posts\/82\/revisions\/85"}],"wp:attachment":[{"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/media?parent=82"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/categories?post=82"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.graven-ict.nl\/wordpress\/wp-json\/wp\/v2\/tags?post=82"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}