Linux : Operation Deployment (Day 4)

Manage System Using systemctl :

Syntax :

systemctl [option] [command] [service_name]        

• [option]: Additional flags or options for the command.
• [command]: The action you want to perform (e.g., start, stop, restart).
• [service_name]: The name of the service you want to manage.

Common Commands and Options :

• start: Start a service.
• stop: Stop a service.
• enable: Enable a service to start on boot.
• disable: Disable a service from starting on boot.
• status: View the status of a service.
• restart: Restart a service.
• reload: Reload a service’s configuration without interrupting it.
• mask: Prevent a service from being started.
• unmask: Allow a previously masked service to be started.
• list-unit-files: List all installed unit files and their states.
• list-dependencies: List the dependencies of a specific unit.

Examples :

• Starting a Service To start a service, use the start command followed by the service name:

sudo systemctl start [service_name]        

sudo systemctl start apache2        

• Stopping a Service To stop a service, use the stop command followed by the service name:

sudo systemctl stop [service_name]        

sudo systemctl stop apache2        

• Enabling a Service To enable a service to start on boot, use the enable command:

sudo systemctl enable [service_name]        

sudo systemctl enable apache2        

• Checking the Status of a Service To check the status of a service, use the status command:

systemctl status [service_name]        

systemctl status apache2        

Locate System Log Files :

System log files in Linux are typically located in the /var/log directory. Common log files include:

• /var/log/syslog: General system activity log.
• /var/log/auth.log: Authentication logs.
• /var/log/boot.log: System boot logs.
• /var/log/dmesg: Kernel ring buffer messages.
• /var/log/kern.log: Kernel logs.

Analyzing Logs with journalctl :

journalctl is the command-line utility to view and analyze logs from the systemd journal.

Syntax :

journalctl [options]        

Common Options :

• -f: Follow the log in real-time.
• -p: Filter output by priority (e.g., err, info, debug).
• -u: Show logs for a specific unit/service.
• --since, --until: Show entries within a time range.

Examples :

• Viewing All Logs

journalctl        

• Following Logs in Real-Time

journalctl -f        

• Filtering Logs by Priority

journalctl -p err        

• Viewing Logs for a Specific Service

journalctl -u apache2.service        

Using grep and Other Tools :

For traditional text-based log files, you can use grep and other command-line tools to search and analyze logs.

Examples

• Searching for a Specific String

grep 'error' /var/log/syslog        

• Monitoring Logs in Real-Time

tail -f /var/log/syslog        

Schedule Task To Run At A Set Time :

Understanding Cron :

The cron daemon is a long-running process that executes commands at specified dates and times. You can schedule scripts or commands to run at a minute, hour, day, month, or weekday.

Crontab Files :

Each user can have their own crontab file, which is a series of lines of six fields each. The fields are separated by spaces or tabs, and each field represents a time unit.

Crontab Syntax :

The syntax for crontab is as follows:
 * command-to-be-executed
- - - - -
| | | | |
| | | | +----- Day of the week (0 - 7) (Sunday=0 or 7)
| | | +------- Month (1 - 12)
| | +--------- Day of the month (1 - 31)
| +----------- Hour (0 - 23)
+------------- Minute (0 - 59)        

Crontab Commands :

crontab -e: Edit your crontab file.        

crontab -l: Display your crontab file.        

crontab -r: Remove your crontab file.        

crontab -v: Show the last time you edited your crontab file (this option is not available on all systems).        

Examples

• Running a Command Every Minute

   * /path/to/command        

• Running a Script at 2 AM Every Day

0 2  * /path/to/script.sh        

• Running a Command Every 15 Minutes

/15   * /path/to/command        

• Running a Script at 10 PM on Weekdays

0 22  1-5 /path/to/script.sh        

• Running a Command on the First Day of the Month

0 0 1  /path/to/command        

Special Characters :

• *: Represents any value.
• ,: Represents a list of values.
• -: Represents a range of values.
• /: Specifies a step value.

Example with Special Characters :

Running a Command Every Two Hours

0 /2   /path/to/command        

Updating Software :

dnf command, which stands for Dandified YUM, a package manager for RPM-based Linux distributions such as Fedora, RHEL, and CentOS. It’s designed to replace the older yum package manager with improved features like better dependency resolution and lower memory usage.

Syntax :

The general syntax of the dnf command is:

dnf [options] <command> [<args>...]        

• [options]: Modify how the command operates.
• <command>: The action you want to perform (e.g., install, remove, update).
• [<args>...]: Arguments for the command, such as package names or group names.

Common Commands and Options :

• install: Install packages.
• remove: Remove packages.
• update or upgrade: Update all packages to the latest available versions.
• search: Search for packages.
• list: List packages.
• info: Display detailed information about a package.
• autoremove: Remove packages that were automatically installed to satisfy dependencies for other packages and are no longer needed.

Examples :

• Installing a Package To install a package, use the install command followed by the package name:

sudo dnf install httpd        

• Removing a Package To remove a package, use the remove command followed by the package name:

sudo dnf remove [package_name]        

• Updating All Packages To update all packages to their latest versions, use the upgrade command:

sudo dnf upgrade        

• Searching for a Package To search for a package, use the search command followed by the search term:

dnf search [search_term]        

• Listing Installed Packages To list all installed packages, use the list installed command:

dnf list installed        

• Displaying Package Information To display detailed information about a package, use the info command:

dnf info [package_name]        

• Autoremove Unneeded Packages To remove unneeded packages, use the autoremove command:

sudo dnf autoremove        

Change Kernal Runtime Parameter :

Changing kernel runtime parameters is a powerful way to adjust the behavior of your Linux system. The primary tool for this task is sysctl, which allows you to read and write kernel parameters at runtime.

Understanding Kernel Parameters :

Kernel parameters are settings that can affect the operation of the Linux kernel. These parameters are located in the /proc/sys/ directory and can be modified to change system behavior without rebooting.

Using sysctl Command :

The sysctl utility is used to modify kernel parameters at runtime. It can be used to both read and write system parameter settings.

Syntax :

sysctl [options] [variable]=[value]        

• [options]: Modify how the command operates.
• [variable]: The kernel parameter you wish to change.
• [value]: The new value you want to assign to the parameter.

Common Options :

• -a: Display all kernel parameters.
• -p: Load in sysctl settings from the specified file (default /etc/sysctl.conf).
• -w: Change a kernel parameter.

Examples :

• Viewing All Kernel Parameters To view all kernel parameters and their current values:

sysctl -a        

• Changing a Kernel Parameter Temporarily To change a kernel parameter until the next reboot:

sysctl -w [variable]=[value]        

sysctl -w net.ipv4.ip_forward=1        

Making Changes Persistent :

To make changes persistent across reboots, you need to add them to the /etc/sysctl.conf file or create a new file in the /etc/sysctl.d/ directory.

Example :

• Editing sysctl.conf Open /etc/sysctl.conf with a text editor and add your parameters:

net.ipv4.ip_forward = 1        

Then apply changes :

sysctl -p        

• Creating a File in sysctl.d Create a new file such as 99-custom.conf in /etc/sysctl.d/ and add your parameters:

net.ipv4.ip_forward = 1        

Then apply changes :

sysctl -p /etc/sysctl.d/99-custom.conf        

Important Notes :

• Changing kernel parameters can have significant effects on your system. Always ensure you understand the parameter you are changing and its implications.
• Some parameters may require specific kernel modules to be loaded.

SELinux :

SELinux (Security-Enhanced Linux) commands, which are used to manage the SELinux security policy on your system. SELinux adds an additional layer of security to your system by enforcing mandatory access control policies.

Understanding SELinux :

SELinux operates in three modes:

• Disabled: SELinux is turned off.
• Permissive: SELinux is active but only logs actions that would have been denied if running in enforcing mode.
• Enforcing: SELinux enforces its policies and denies access based on its configuration.

Key SELinux Commands :

• sestatus Displays the current status of SELinux, including the mode it’s operating in.

sestatus        

• getenforce Shows the current mode SELinux is in (Enforcing, Permissive, or Disabled).

getenforce        

• setenforce Changes the mode of SELinux temporarily until the next reboot.

To set SELinux in enforcing mode:

setenforce 1        

To set SELinux in permissive mode:

setenforce 0        

• chcon Changes the SELinux context of a file or directory.

chcon [context] [file_or_directory]        

chcon system_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html        

• semanage Manages the SELinux policy.

To add a port type:

semanage port -a -t [type] -p [protocol] [port]        

To view contexts:

semanage fcontext -l        

• restorecon Restores the default SELinux context for files and directories.

restorecon -v [file_or_directory]        

restorecon -v /var/www/html/index.html