Linux

Systemd app management

systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. Systemd.io journal ctl not logging

Setup

Go to folder /lib/systemd/system and create a file with .service termination

Example: example.service

Basi setup

example.service

[Unit]
Description=Example service
After=network.target

[Service]
Restart=always
AmbientCapabilities=CAP_SYS_RAWIO
User=root
Type=simple
WorkingDirectory=/root/nestjs-inopack
Environment=NODE_PORT=3000
ExecStart=/usr/bin/npm run start:prod --prefix /root/nestjs-inopack


[Install]
WantedBy=multi-user.target
Alias=example.service

Enable the service

systemctl enable example.service

Reload daemon

systemctl daemon-reload

Start service

systemctl start example.service

Logging

Last loggs of services

journalctl -f

Log specific service

journalctl -u example.service

Monitoring

Enabled services

systemctl list-unit-files | grep enabled

Running services

systemctl | grep running

Real time processes view

• shift + m = order by memory usage

top 

Count the number of files in one directory

ls -1 | wc -l

Disk usage (human readable form)

du -sh file_path

Cleaning (kill processes)

killall node

User administration

add user

adduser sammy

add user to sudo group

• -a append (without this option, the current groups a user is linked to would be replaced by sudo)
• -G tells the usermod to changes a user's group settings

usermod -aG sudo sammy

copy the root user’s .ssh directory, preserve the permissions, and modify the file owners

rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

change user password as root

passwd sammy

deleting user linux

• -r to delete user home directory and email queue

userdel -r sammy

security

Disabling password authentication

• change PasswordAuthentication yes to PasswordAuthentication no

sudo nano /etc/ssh/sshd_config

• restart

sudo systemctl restart ssh

allowing certain users to run sudo commands without password

• Failed to reload nginx service interactive authentication required

/etc/sudoers.d/jenkins

jenkins ALL=(ALL) NOPASSWD: /usr/sbin/service mau-sandbox start,/usr/sbin/service mau-sandbox stop,/usr/sbin/service mau-sandbox restart

Disabling root ssh

• change PermitRootLogin yes to PermitRootLogin no

sudo nano /etc/ssh/sshd_config

• restart

sudo systemctl restart ssh

Firewall

• UFW (Uncomplicated Firewall) is a firewall configuration tool that comes with Ubuntu servers. You can use the UFW firewall to make sure only connections to certain services are allowed on your server.

get all list of all current available profiles

ufw app list

status

ufw status

enable ssh

ufw enable ssh

enable https

ufw enable https

Jenkins

• installment How to install jenkins on ubuntu 18.04
• ssl How to configure jenkins with SSL
• credentials problem (something about upgrading)
  • Unable to install jenkins on ubuntu 16.04
  • Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
• creation of a pipeline
  • create webhook first on github
  • create pipeline