SIStech learning DevOps

Commands

$cat /etc/centos-release = check CentOS version

$hostnamectl = find CentOS version and other details

$cd /etc/sysconfig/network-scripts

$ifdown eth0

$ifup eth0

$ip a show eth0

$yum info amazon-ssm-agent = check ssm-agent version and other details

$yum erase amazon-ssm-agent –y = uninstall amazon-ssm-agent

$cat /proc/cpuinfo = display all CPU info of that machine

$yum install -y https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/latest/linux_amd64/amazon-ssm-agent.rpm = install amazon- ssm-agent latest version for Intel processor, CentOS 7

$yum list installed = find installed packages

$systemctl list-unit-files = list all services on the server and their status

$dnf update -y = dnf (Dandifield = package manager) update your CentOS

$dnf install nodejs -y

Selinux

$semanage port -l = SELinux list the configured ports

$cat /var/log/messages | grep "SELinux" = find things that SELinux is impacting $sestatus = SELinux status

https://thecruskit.com/centos-7-ami-on-aws-has-se-linux-enabled/index.html

IP tables

$iptables -A OUTPUT -m owner ! --uid-owner root -d 169.254.169.254 -j DROP = This rule prohibits any user other than the root user from opening connections to 169.254.169.254

$iptables -nvxL INPUT --line-numbers = display a list of all chain INPUT rules with lines numbers in front of them

$iptables -D INPUT 20 = delete rule number 20 from chain INPUT

$iptables -A INPUT -p udp -m udp --sport 68 --dport 67 -j ACCEPT = append rule to chain INPUT, port udp

IP route table

$ip route

$ip a

$route -nv = display all routing table entries

$route add -net 169.254.0.0 netmask 255.255.0.0 dev ens5 metric 0 = add metadata route on network interface ens5 with route cost 0

$route del -net 169.254.0.0 netmask 255.255.0.0 dev ens5 metric 1002 = delete metadata route on iface ens5 with route cost 1002

$ip addr add 169.254.169.254/16 brd 169.254.255.255 scope global dev eth0 = configure device eth0 to respond to metadata requests

$curl -ivs http://169.254.169.254/latest/meta-data/ = test/get metadata with IMDSv01 protocol

$TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -H "X-aws-ec2- metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/ = test/get metadata with IMDSv02 protocol

Install csf firewall

cd /root

wget http://configserver.com/free/csf.tgz tar xzf csf.tgz

cd csf && ./install.cpanel.sh

https://forums.cpanel.net/threads/country-blocks.226002/