prepare partition
doas mkfs.ext4 -O ^has_journal /dev/nvme0n1p3
doas mount /dev/nvme0n1p3 /mnt
bootstrap using debootstrap
--print-debs for listing pkg to be installed
debian
debootstrap --variant=minbase stable /mnt http://deb.debian.org/debian/
debootstrap --include=apt,bash,dpkg stable
/mnt http://deb.debian.org/debian/
ubuntu
sudo debootstrap --arch amd64 jammy http://np.archive.ubuntu.com/ubuntu/
--extractor =ar if you are using old apt without zstd support to install new image
devuan
http://deb.devuan.org/merged/dists/
https://git.devuan.org/devuan/debootstrap/src/branch/suites/unstable/scripts/chimaera
doas debootstrap --arch amd64 chimaera /mnt http://deb.devuan.org/merged
/usr/share/debootstrap/scripts/Chimaera
security updates
nano /etc/apt/sources.list
deb http://deb.devuan.org/merged chimaera main contrib non-free
deb http://deb.devuan.org/merged chimaera-security main
deb http://deb.devuan.org/merged chimaera-updates main
mirrorlist generator
https://debgen.simplylinux.ch/
add security updates to apt
cat /mnt/etc/apt/sources.list
deb http://np.archive.ubuntu.com/ubuntu jammy main universe restricted
deb http://np.archive.ubuntu.com/ubuntu jammy-security main universe restricted
deb http://np.archive.ubuntu.com/ubuntu jammy-updates main universe restricted
apt install initramfs-tools efibootmgr iwd resolvconf ubuntu-drivers-common linux-oem-22.04
oem dirver is hardware specific . find your own.
debconf configure needs dialog based frontend : whiptail,dialog,xdialog,
cat /usr/share/perl5/Debconf/FrontEnd/Dialog.pm to see how frontends are called
1. Dialog 3. Gnome 5. Editor
2. Readline 4. Kde 6. Noninteractive
dpkg-reconfigure --frontend dialog debconf
dpkg-reconfigure debconf
dpkg-reconfigure
tzdata
dpkg-reconfigure locales
dpkg-reconfigure keyboard-configuration
dpkg-reconfigure console-setup
sudo update-alternatives --config editor/etc/default/keyboard
/etc/default/console-setup
## setting hostname
echo "hostname" > /etc/hostname
echo "127.0.1.1 hostname" >> /etc/hosts
install from alpine linux
doas apk add debootstrap
doas debootstrap kali-rolling ~/kali/ http://http.kali.org/kali
maybe --variant=minbase
without systemd cant use sway,gtk3 or any adveance wm /de on debian/kali
CHROOT into /mnt
doas arch-chroot /mnt
export TERM=linux
source /etc/profile
custom chroot script if no arch-install-scripts
nano arch-chroot
mount --rbind /dev /mnt/dev && mount --make-rslave /mnt/dev
mount --rbind /dev/pts /mnt/dev/pts && mount --make-rslave /mnt/dev/pts
mount --rbind /proc /mnt/proc && mount --make-rslave /mnt/proc
mount --rbind /sys /mnt/sys && mount --make-rslave /mnt/sys
cp --dereference /etc/resolv.conf /mnt/etc
chroot /mnt /bin/bash
sudo bash arch-chroot
Repo config and add security,update repo
source list generator
https://debgen.simplylinux.ch/
apt install neofetch --no-install-recommends
apt install nano --no-install-recommends
nano /etc/apt/sources.list
deb http://deb.debian.org/debian/ stable main
deb http://deb.debian.org/debian/ stable-updates main
deb http://security.debian.org/debian-security stable-security main
cat /etc/sources.list.d/debian.sources
Types: deb
# http://snapshot.debian.org/archive/debian/20230919T000000Z
URIs: http://deb.debian.org/debian
Suites: sid
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
https://www.debian.org/security/#keeping-secure
multimedia repo
read first https://www.deb-multimedia.org/ mat have problem in upding due to pkg conflicts
apt install curl wget apt-transport-https dirmngr
###### 3rd Party Binary Repos
###Debian Multimedia
deb [arch=amd64,i386] https://www.deb-multimedia.org buster main non-free
remove some files from dpkg
cat /etc/dpkg/dpkg.cfg.d/excludes
# Drop locales except English
path-exclude=/usr/share/locale/*
path-include=/usr/share/locale/en/*
path-include=/usr/share/locale/en@quot/*
path-include=/usr/share/locale/en@boldquot/*
path-include=/usr/share/locale/en@shaw/*
path-include=/usr/share/locale/en_US/*
path-include=/usr/share/locale/locale.alias
# Drop translated manual pages except english
path-exclude=/usr/share/man/*
path-include=/usr/share/man/man[1-9]/*
path-include=/usr/share/man/en*/*
apt install nnn -no-install-recommends
run nnn as root and remove residue dir in /usr/share/locale,man
nnn /usr/share/locale
space on folder to keep and shift a to reverse selection and x and s and y to delete
nnn /usr/share/man
clean locale
/var/lib/locales/supported.d/
/etc/default/locale
update-locale LANG=en_US.UTF-8
/usr/share/i18n/SUPPORTED
cat /etc/locale.gen
sudo locale-gen
sudo locale-gen --purge en_US.UTF-8
locale -a
localedef --list-archive
localectl list-locales
sudo locale-a
sudo dpkg-reconfigure locales
apt/apt-get clean
→ cleans the packages and install script in/var/cache/apt/archives/
apt/apt-get autoclean
→ cleans obsolete deb-packages, less thanclean
apt/apt-get autoremove
→ removes orphaned packages which are not longer needed from the system, but not purges them, use the--purge
option together with the command for that.
apt disable recommend package
list file downloaded are from
http://deb.debian.org/debian/dists/stable/main/binary-amd64/
gz=12M,12M,
xz=8.5M,9.8M
saved in /var/lib/apt/lists/ as extracted or comressed format( if specified to )
main , contrib, non-free, non-free-firmware
sudo nano /etc/apt/apt.conf.d/90recommend
APT::Install-Recommends "0";
APT::Install-Suggests "0";
Apt::AutoRemove::SuggestsImportant "0";
APT::AutoRemove::RecommendsImportant "0";
disable downloading translated package name index
/etc/apt/apt.conf.d/99translations
Acquire::Languages "none";
# Disable source package cache which most users will never use
Dir::Cache::srcpkgcache "";
##dont etxtract package list, some operation like apt show pkgname becomes slow (anything that reads package list)
Acquire::GzipIndexes "true";
Acquire::IndexTargets::deb::Packages::KeepCompressedAs "xz";
Acquire::IndexTargets::deb::Translations::KeepCompressedAs "xz";
Acquire::IndexTargets::deb-src::Sources::KeepCompressedAs "xz";
#default lz4 is kept
another style /etc/apt.conf.d/all
-------------------------------------------------------
APT {
Install-Recommends "0";
Install-Suggests "0";
Autoremove {
SuggestsImportant "0";
RecommendsImportant "0";
};
};
Acquire {
Languages "none";
GzipIndexes "1";
};
Dir::Cache::srcpkgcache "";
-------------------------------------------------------
expalination:
APT::AutoRemove::RecommendsImportant
true
true
, the aptitude will not consider packages to be unused
(and thus will not automatically remove them) as long
as any installed package recommends them, even if
APT::Install-Recommends
is false
. For more information,
see the section called “Managing automatically installed packages”.
APT::AutoRemove::SuggestsImportant
true
true
, then
aptitude will not consider packages to be unused
(and thus will not automatically remove them) as long
as any installed package suggests them. For more
information, see the section called “Managing automatically installed packages”.
APT::Install-Recommends
true
true
and
Aptitude::Auto-Install
is
true
, then whenever you mark a
package for installation, aptitude will also mark
the packages it recommends for installation.
Furthermore, if this option is
true
, aptitude will not consider
packages to be unused (and thus will not automatically
remove them) as long as any installed package
reommends them. For more information, see the section called “Managing automatically installed packages” and the section called “Immediate dependency resolution”.
GzipIndexes
When downloading gzip compressed indexes (Packages, Sources, or
Translations), keep them gzip compressed locally instead of
unpacking them. This saves quite a lot of disk space at the expense
of more CPU requirements when building the local package caches.
False by default.
CompressionTypes
List of compression types which are understood by the acquire
methods. Files like Packages can be available in various
compression formats. By default the acquire methods can decompress
and recompress many common formats like xz and gzip; with this
scope the supported formats can be queried, modified as well as
support for more formats added (see also APT::Compressor). The
syntax for this is:
Acquire::CompressionTypes::FileExtension "Methodname";
Also, the Order subgroup can be used to define in which order the
acquire system will try to download the compressed files. The
acquire system will try the first and proceed with the next
compression type in this list on error, so to prefer one over the
other type simply add the preferred type first - types not already
added will be implicitly appended to the end of the list, so e.g.
Acquire::CompressionTypes::Order:: "gz";
can be used to prefer gzip compressed files over all other
compression formats. If xz should be preferred over gzip and bzip2
the configure setting should look like this:
Acquire::CompressionTypes::Order { "xz"; "gz"; };
It is not needed to add bz2 to the list explicitly as it will be
added automatically.
Note that the Dir::Bin::Methodname will be checked at run time. If
this option has been set and support for this format isn't directly
built into apt, the method will only be used if this file exists;
e.g. for the bzip2 method (the inbuilt) setting is:
Dir::Bin::bzip2 "/bin/bzip2";
Note also that list entries specified on the command line will be
added at the end of the list specified in the configuration files,
but before the default entries. To prefer a type in this case over
the ones specified in the configuration files you can set the
option direct - not in list style. This will not override the
defined list; it will only prefix the list with this type.
The special type uncompressed can be used to give uncompressed
files a preference, but note that most archives don't provide
uncompressed files so this is mostly only usable for local mirrors.
PDiffs
Try to download deltas called PDiffs for indexes (like Packages
files) instead of downloading whole ones. True by default.
Preferably, this can be set for specific sources.list(5) entries or
index files by using the PDiffs option there.
Two sub-options to limit the use of PDiffs are also available:
FileLimit can be used to specify a maximum number of PDiff files
should be downloaded to update a file. SizeLimit on the other hand
is the maximum percentage of the size of all patches compared to
the size of the targeted file. If one of these limits is exceeded
the complete file is downloaded instead of the patches.
ignore/ban some package
cat /etc/apt/preferences.d/ignored-packages
Package: grub-common grub2-common grub-pc grub-pc-bin grub-gfxpayload-lists
Pin: release *
Pin-Priority: -1
ubuntu blocklist
Package: snapd cloud-init landscape-common popularity-contest ubuntu-advantage-tools
Pin: release *
Pin-Priority: -1
testing using systemd as block
remove residual config files ( dpkg -l shows ^rc)
dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg --purge
install some package
apt install bash-completion
. /etc/bash_completion
apt install xserver-xorg-core
apt install xserver-xorg-input-libinput
for runit
runit still use sysv at 0 and 1 stage
apt install runit-init
readlink -f /sbin/init
/usr/lib/runit/runit-init
for sysv
sudo apt install initscripts sysv-rc-conf sysvinit-core sysvinit-utils
pstree -Ap
id:runlevels:action:process
nano /etc/inittab
Default runlevel
# The default runlevel.
id:2:initdefault:
boot loader: sysvinit
debian still maintains sysvinit init system for base packages only. systemd is only official supported
# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS
cat
/etc/init.d/rcS
#!/bin/sh
# Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order
exec /etc/init.d/rc S
Runlevels
# /etc/init.d executes the S and K scripts upon change
# of runlevel.
#
# Runlevel 0 is halt.
# Runlevel 1 S is single-user.
# Runlevels 2-5 are multi-user.
# Runlevel 6 is reboot.
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
Getty and logins
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
# <id>:<runlevels>:<action>:<process>
#
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
1:2345:respawn:/sbin/getty --noclear 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
Single-user boot
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin --force
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin --force
Ctrl+Alt+Del
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
Power-sensing scripts
Init can communicate with your UPS device and execute processes based on the status of the UPS. Here are some examples:
# What to do when the power fails/returns.
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop
switching runlevel
passing n to kernel parameter
/sbin/
telinit n
telinit q
causes init to re-examine inittab but not switch runlevel.
Warning: Always test a modified/etc/inittab
withtelinit q
before you reboot,
or a small syntax error can prevent your system from booting.
man 5 inittab
man 8 init
Disable an init script
/sbin/update-rc.d <script name> remove
https://web.archive.org/web/20181019155813/http://www.linux-tutorial.info/modules.php?name=MContent&pageid=65
https://rs1.es/tutorials/2022/03/06/sysvinit.html#openrc
enable an init script
Create a symbolic link to /etc/rc<runlevel>.d/
update-rc.d test-init defaults
remove extra tty
rm /etc/runit/runsvdir/current/getty-tty[3-6]
boot loader : systemd-boot
#using systemd-boot
#sudo apt install systemd-boot
sudo apt install tiny-initramfs
sudo apt install linux-image-amd64
blkid to get uuid of root
cat /etc/fstab
UUID=9dc57367-b107-4c9f-9a76-150dc47ae249 / btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvolid=5,subvol=/ 0 0
UUID=e0eeee06-09f6-41cc-a7ac-b0ff3f48fc9e /home ext4 rw,noatime 0 0
tips: you dont need fstab entry for root if you pass root parameter in kernel.
with arch-install-scripts run as root user
genfstab -U /mnt >> /mnt/etc/fstab
cat /mnt/loader/entries/debian.conf
title Kali
linux /vmlinuz-kali
initrd /initramfs-kali
cat /mnt/loader/entries/kali.conf
title Kali
linux /vmlinuz-kali
initrd /initramfs-kali
options
rd.driver.pre=btrfs rootfstype=btrfs
root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249
rootflags=rw,noatime,compress quiet
options rootfstype=btrfs root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249 rootflags=rw,noatime,subvolid=5,subvol=/ quiet
even without subvol and compress parameter it mounts fine.
options rootfstype=ext4 root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249 rootflags=rw,noatime quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3
##with this as kernel parameter you can remove fstab root entry to avoid wasting time remounting rootfs
noauto,x-systemd.automount for /home partition to fsck and mount on first access at fstab
https://wiki.archlinux.org/title/Improving_performance/Boot_process
cat /etc/tmpfiles.d/home.conf
silent boot
touch ~/.hushlogin
rootflag in kernel
quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3
Note that if you often receive
Core temperature above threshold, cpu clock throttled
messages in the kernel log, you need to use log level 2 to silence these at boot time.
/etc/sysctl.d/20-quiet-printk.conf
kernel.printk = 3 3 3 3
agetty
/etc/systemd/system/[email protected]/skip-prompt.conf [Service] ExecStart= ExecStart=-/usr/bin/agetty --skip-login --nonewline --noissue --autologin username --noclear %I $TERM
https://wiki.archlinux.org/title/Silent_boot
https://github.com/RobertCsordas/arch-efiboot
apt install firmware-realtek sudo neofetch debsecan wpasupplicant linux-image-amd64
apt search linux-image
Timezone
dpkg-reconfigure tzdata
Localization
apt install locales
dpkg-reconfigure locales
locale -a
cat /etc/default/locale
LANG=en_US.UTF-8
https://wiki.debian.org/Locale
apt install dialog
dpkg-reconfigure locale
keyboard
apt install console-setup
dpkg-reconfigure keyboard-configuration
Hostname
/etc/hostname
name
/etc/hosts
::1 localhost
127.0.1.1 name
Network
apt install iwd openresolv dbus
User accounts
passwd
adduser kai
passwd kai
adduser username wheel
apt install sudo
cat /etc/doas.d/doas.conf
doas (kai@(none)) password:
permit persist kai
permit nopass kai as root cmd brightnessctl
permit nopass kai as root cmd ntfs-3g
permit nopass kai as root cmd umount
#for non systemd or no polkit reboot
#permit nopass kai as root cmd reboot
#permit nopass kai as root cmd poweroff
for wifi
sudo apt install iwd systemd-resolved
cat /etc/iwd/main.conf
[General]
EnableNetworkConfiguration=true
#AddressRandomization=network
#RoamThreshold=-70
#RoamThreshold5G=-76
[Network]
#EnableIPv6=true
systemctl enable iwd
systemctl enable systemd-resolved
ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Feb 27 14:30 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
if its file/static fix it
ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
apt install systemd-sysv apt install sway foot wofi alsa-utils apulse dbus-glib-1-2 libxtst6
apt install htop
xorg only setup
for iwctl without root
cat /usr/share/dbus-1/system.d/iwd-dbus.conf<policy group="kai">
<allow send_destination="net.connman.iwd"/>
</policy>
download firefox
mkdir ~/opt cd ~/opt https://download-installer.cdn.mozilla.net/pub/firefox/releases/110.0/linux-x86_64/en-US/firefox-110.0.tar.bz2 extract to ~/opt apt install lbzip2 tar xf firefox-110.0.tar.bz2cat .bashrc export PATH=$HOME/.bin:$PATHexport NNN_OPENER=$HOME/.bin/nuke cat .bin/firefox
apulse $HOME/opt/firefox/firefox $@
firmwares manual install
blutooth fw
put in /lib/firmware/qca
wifi fw
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/ath10k/QCA9377/hw1.0/board-2.bin
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/ath10k/QCA9377/hw1.0/board.bin
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/ath10k/QCA9377/hw1.0/firmware-5.bin
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/ath10k/QCA9377/hw1.0/firmware-6.bin
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/ath10k/QCA9377/hw1.0/firmware-sdio-5.bin
download and
cd hw1.0
mkdir -p /lib/firmware/ath10k/QCA9377/hw1.0
mv * /lib/firmware/ath10k/QCA9377/hw1.0
intel graphics fw
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/i915
icl firmware put in /lib/firmware/i915
sudo apt remove firmware-linux-free
intel tuning
https://gist.github.com/Brainiarc7/aa43570f512906e882ad6cdd835efe57?permalink_comment_id=3036915
https://wiki.archlinux.org/title/intel_graphics#Enable_early_KMS
https://wiki.archlinux.org/title/Intel_graphics#Fastboot
cat /etc/modprobe.d/i915.conf
options i915 fastboot=1 enable_fbc=1 enable_guc=3
list obsolete package
apt list ?obsolete
apt list ?essential
apt
base-files
base-passwd
bash
bsdutils
coreutils
dash
debianutils
diffutils
dpkg
findutils
grep
gzip
hostname
init-system-helpers
libc-bin
login
ncurses-base
ncurses-bin
perl-base
sed
sysvinit-utils
tar
util-linux
apt list --installed | awk -F/ '/\[installed,local\]/{print $1}'
nnn mimetype instead of file
sudo apt install libfile-mimeinfo-perl
mimetype -b build_kernel.sh
application/x-shellscript
nano .bashrc
export NNN_OPENER=nuke
nano nuke
MIMETYPE="$( mimetype -b "${FPATH}" )"
Sensors
get temp
cat /sys/class/thermal/thermal_zone*/type
INT3400 Thermal
TSKN
TMEM
B0D4
x86_pkg_temp
sed 's/000$/°C/' /sys/class/thermal/thermal_zone*/temp
20°C
43050
45050
61050
61°C
hwmon devices
readlink -f /sys/class/hwmon/hwmon*
/sys/devices/pci0000:00/0000:00:1d.4/0000:02:00.0/nvme/nvme0/hwmon0
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0003:00/power_supply/AC/hwmon1
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0A:00/power_supply/BAT0/hwmon2
/sys/devices/platform/dell_smm_hwmon/hwmon/hwmon3
/sys/devices/platform/coretemp.0/hwmon/hwmon4
cat /sys/class/hwmon/hwmon*/name
nvme
AC
BAT0
dell_smm
coretemp
for fan speed
here hwmon3 has dell_smm so it has fan speed
cat /sys/class/hwmon/hwmon3/fan1_input
legacy /depreciated i8k
cat /proc/i8k 1.0 A17 2J59L02 52 2 1 8040 6420 1 2 1 2 3 4 5 6 7 8 9 10 1.0 1.1 -1 59 -22 0 -22 0 -1 -22The fields read from ``/proc/i8k`` are:: 1.0 A17 2J59L02 52 2 1 8040 6420 1 2 | | | | | | | | | | | | | | | | | | | +------- 10. buttons status | | | | | | | | +--------- 9. AC status | | | | | | | +-------------- 8. fan0 RPM | | | | | | +------------------- 7. fan1 RPM | | | | | +--------------------- 6. fan0 status | | | | +----------------------- 5. fan1 status | | | +-------------------------- 4. temp0 reading (Celsius) | | +---------------------------------- 3. Dell service tag (later known as 'serial number') | +-------------------------------------- 2. BIOS version +------------------------------------------ 1. /proc/i8k format version
https://www.kernel.org/doc/Documentation/hwmon/dell-smm-hwmon.rst
pretty format
https://www.kernel.org/doc/html/next/hwmon/dell-smm-hwmon.html
bios version
cat /sys/class/dmi/id/bios_version
serial no
sudo cat /sys/class/dmi/id/board_serial
kernel patches to debian
https://gitlab.com/kalilinux/packages/linux/-/blob/kali/master/debian/patches/series
intel graphics tuning
https://gist.github.com/Brainiarc7/aa43570f512906e882ad6cdd835efe57?permalink_comment_id=3036915
https://wiki.archlinux.org/title/intel_graphics#Enable_early_KMS
cat /etc/modprobe.d/i915.conf
options i915 fastboot=1 enable_fbc=1 enable_guc=3
replace base-files with debian ( for switching distro i.e devian to devuan,kali etc)
https://packages.debian.org/sid/amd64/base-files/download
download from any mirror
dpkg -i base-fiels*.deb
list obsolete package
apt list ?obsolete
apt list --installed | awk -F/ '/\[installed,local\]/{print $1}'
tricks
ctrl+d =
^D
## exit terminal
sudo chvt n ## ctrl+alt+f2 alternative ,switch vt
su -l doesnt preseve env vars, su preserves
after cat binary-file if terminal is crazy reset cmd
adduser name ,
deluser --remove-homename
home dir of root is /root
basename -a, --multiple -s, --suffix=SUFFIX (suffix to delete) -z, --zero (separator NUL)
Print NAME with any leading directory components removed.
avoid { } ( ) [ ] ' ` " \ / > < | ; ! # & ^ * % @ $ in filename , and space if possible
Each file, directory, named pipe (a way two programs can share data), or physical device has a data structure called an inode which describes its associated attributes such as the user who owns it (owner), the group that it belongs to, the time last accessed, etc.
permission
u=user who owns the file
g=Other users in the group which the file belongs to
o=All other users, world/everyone
For the file/folder, each corresponding permission allows following actions.
r = read = allows owner to examine contents of the file / list contents of the directory.
w = write = allows owner to modify the file / add or remove files in the directory
x = execute = allows owner to run the file as a command / access files in the directory,viewing their attributes, such as the size and the modification time.
ls -l
-
Type of file (first character)
-
Access permission of the file (nine characters, consisting of three characters each for user, group, and other in this order)
-
Number of hard links to the file
-
Name of the user who owns the file
-
Name of the group which the file belongs to
-
Size of the file in characters (bytes)
-
Date and time of the file (mtime)
-
Name of the file
first character meaning
character | meaning |
---|---|
- |
normal file |
d |
directory |
l |
symlink |
c |
character device node |
b |
block device node |
p |
named pipe |
s |
socket |
chown
is used from the root account to change the owner of the file.
chgrp
is used from the file's owner or root account to change the group of the file. chmod
is used from the file's owner or root account to change file and directory access permissions.chown
if they have the target user and group privileges-
The set user ID bit (s or S instead of user's x)
-
The set group ID bit (s or S instead of group's x)
-
The sticky bit (t or T instead of other's x)
Setting set group ID on a directory enables the BSD-like file creation scheme where all files created in the directory belong to the group of the directory.
Setting the sticky bit on a
directory prevents a file in the directory from being removed by a user
who is not the owner of the file. In order to secure contents of a
file in world-writable directories such as "/tmp
" or in group-writable directories, one must not only reset the write permission for the file but also set the sticky bit
on the directory. Otherwise, the file can be removed and a new file
can be created with the same name by any user who has write access to
the directory.
numeric permission
first digit = sum of suid(4)+sgid(2)+sticky(1)
pertinent commands such as test
(1), stat
(1) and readlink
(1). The shell builtin such as "[
" or "test
" What permissions are applied to a newly created file or directory is restricted by the umask
shell builtin command. See dash
(1), bash
(1), and builtins
(7).
(file permissions) = (requested file permissions) & ~(umask value)
Permissions for groups of users
system-provided groups for file access
group | description for accessible files and devices |
---|---|
dialout |
full and direct access to serial ports ("/dev/ttyS[0-3] ") |
dip |
limited access to serial ports for Dialup IP connection to trusted peers |
cdrom |
CD-ROM, DVD+/-RW drives |
audio |
audio device |
video |
video device |
scanner |
scanner(s) |
adm |
system monitoring logs |
staff |
some directories for junior administrative work: "/usr/local ", "/home " |
List of types of timestamps
type | meaning (historic Unix definition) |
---|---|
mtime | the file modification time (ls -l ) |
ctime | the file status change time (ls -lc ) |
atime | the last file access time (ls -lu ) |
-
Overwriting a file changes all of the mtime, ctime, and atime attributes of the file.
-
Changing ownership or permission of a file changes the ctime and atime attributes of the file.
-
Reading a file changes the atime attribute of the file on the historic Unix system.
-
Reading a file changes the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "
strictatime
". -
Reading a file for the first time or after one day changes the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "
relatime
". (default behavior since Linux 2.6.30) -
Reading a file doesn't change the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "
noatime
".
Symbolic link or symlink = Special file that points to another file by name |
The hardlink can be made within the same filesystem and shares the same inode number which the "-i
" option with ls
(1) reveals.
The symlink always has nominal file access permissions of "rwxrwxrwx
", with the effective access permissions dictated by permissions of the file that it points to.
named pipe(fifo)
If you write to a named pipe, the process which is writing to the pipe
doesn't terminate until the information being written is read from the
pipe. If you read from a named pipe, the reading process waits until
there is nothing to read before terminating. The size of the pipe is
always zero --- it does not store data, it just links two processes like
the functionality offered by the shell "|
"
syntax. However, since this pipe has a name, the two processes don't
have to be on the same command line or even be run by the same user.
sockets
It is similar to the named pipe (FIFO) and allows processes to exchange information even between different computers. For the socket, those processes do not need to be running at the same time nor to be running as the children of the same ancestor process. This is the endpoint for the inter process communication (IPC). The exchange of information may occur over the network between different hosts. The two most common ones are the Internet socket and the Unix domain socket.
device file
here are 2 types of device files.
-
Character device
-
Accessed one character at a time
-
1 character = 1 byte
-
E.g. keyboard device, serial port, …
-
-
Block device
-
accessed in larger units called blocks
-
1 block > 1 byte
-
E.g. hard disk,
-
Table 1.10. List of special device files
device file | action | description of response |
---|---|---|
/dev/null |
read | return "end-of-file (EOF) character" |
/dev/null |
write | return nothing (a bottomless data dump pit) |
/dev/zero |
read | return "the \0 (NUL) character" (not the same as the number zero ASCII) |
/dev/random |
read | return random characters from a true random number generator, delivering real entropy (slow) |
/dev/urandom |
read | return random characters from a cryptographically secure pseudorandom number generator |
/dev/full |
write | return the disk-full (ENOSPC) error |
The terminal feature of Ctrl-S
can be disabled using stty
(1).
List of basic Vim key strokes
mode | key strokes | action |
---|---|---|
NORMAL |
:help|only |
display the help file |
NORMAL |
:e filename.ext |
open new buffer to edit filename.ext |
NORMAL |
:w |
overwrite current buffer to the original file |
NORMAL |
:w filename.ext |
write current buffer to filename.ext |
NORMAL |
:q |
quit vim |
NORMAL |
:q! |
force to quit vim |
NORMAL |
:only |
close all other split open windows |
NORMAL |
:set nocompatible? |
check if vim is in the sane nocompatible mode |
NORMAL |
:set nocompatible |
set vim to the sane nocompatible mode |
NORMAL |
i |
enter the INSERT mode |
NORMAL |
R |
enter the REPLACE mode |
NORMAL |
v |
enter the VISUAL mode |
NORMAL |
V |
enter the linewise VISUAL mode |
NORMAL |
Ctrl-V |
enter the blockwise VISUAL mode |
except TERMINAL-JOB |
ESC -key |
enter the NORMAL mode |
NORMAL |
:term |
enter the TERMINAL-JOB mode |
TERMINAL-NORMAL |
i |
enter the TERMINAL-JOB mode |
TERMINAL-JOB |
Ctrl-W N (or Ctrl-\ Ctrl-N ) |
enter the TERMINAL-NORMAL mode |
TERMINAL-JOB |
Ctrl-W : |
enter the Ex -mode in TERMINAL-NORMAL mode |
Recording the shell activities
script
some commands....
ctrl+d
basic Unix commands
command | description |
---|---|
pwd |
display name of current/working directory |
whoami |
display current user name |
id |
display current user identity (name, uid, gid, and associated groups) |
file foo |
display a type of file for the file "foo " |
type -p commandname |
display a file location of command "commandname " |
which commandname |
, , |
type commandname |
display information on command "commandname " |
apropos key-word |
find commands related to "key-word " |
man -k key-word |
, , |
whatis commandname |
display one line explanation on command "commandname " |
man -a commandname |
display explanation on command "commandname " (Unix style) |
info commandname |
display rather long explanation on command "commandname " (GNU style) |
ls |
list contents of directory (non-dot files and directories) |
ls -a |
list contents of directory (all files and directories) |
ls -A |
list contents of directory (almost all files and directories, i.e., skip ".. " and ". ") |
ls -la |
list all contents of directory with detail information |
ls -lai |
list all contents of directory with inode number and detail information |
ls -d |
list all directories under the current directory |
tree |
display file tree contents |
lsof foo |
list open status of file "foo " |
lsof -p pid |
list files opened by the process ID: "pid " |
mkdir foo |
make a new directory "foo " in the current directory |
rmdir foo |
remove a directory "foo " in the current directory |
cd foo |
change directory to the directory "foo " in the current directory or in the directory listed in the variable "$CDPATH " |
cd / |
change directory to the root directory |
cd |
change directory to the current user's home directory |
cd /foo |
change directory to the absolute path directory "/foo " |
cd .. |
change directory to the parent directory |
cd ~foo |
change directory to the home directory of the user "foo " |
cd - |
change directory to the previous directory |
</etc/motd pager |
display contents of "/etc/motd " using the default pager |
touch junkfile |
create a empty file "junkfile " |
cp foo bar |
copy a existing file "foo " to a new file "bar " |
rm junkfile |
remove a file "junkfile " |
mv foo bar |
rename an existing file "foo " to a new name "bar " ("bar " must not exist) |
mv foo bar |
move an existing file "foo " to a new location "bar/foo " (the directory "bar " must exist) |
mv foo bar/baz |
move an existing file "foo " to a new location with a new name "bar/baz " (the directory "bar " must exist but the directory "bar/baz " must not exist) |
chmod 600 foo |
make an existing file "foo " to be non-readable and non-writable by the other people (non-executable for all) |
chmod 644 foo |
make an existing file "foo " to be readable but non-writable by the other people (non-executable for all) |
chmod 755 foo |
make an existing file "foo " to be readable but non-writable by the other people (executable for all) |
find . -name pattern |
find matching filenames using shell "pattern " (slower) |
locate -d . pattern |
find matching filenames using shell "pattern " (quicker using regularly generated database) |
grep -e "pattern" *.html |
find a "pattern " in all files ending with ".html " in current directory and display them all |
top |
display process information using full screen, type "q " to quit |
ps aux | pager |
display information on all the running processes using BSD style output |
ps -ef | pager |
display information on all the running processes using Unix system-V style output |
ps aux | grep -e "[e]xim4*" |
display all processes running "exim " and "exim4 " |
ps axf | pager |
display information on all the running processes with ASCII art output |
kill 1234 |
kill a process identified by the process ID: "1234" |
gzip foo |
compress "foo " to create "foo.gz " using the Lempel-Ziv coding (LZ77) |
gunzip foo.gz |
decompress "foo.gz " to create "foo " |
bzip2 foo |
compress "foo " to create "foo.bz2 " using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding (better compression than gzip ) |
bunzip2 foo.bz2 |
decompress "foo.bz2 " to create "foo " |
xz foo |
compress "foo " to create "foo.xz " using the Lempel–Ziv–Markov chain algorithm (better compression than bzip2 ) |
unxz foo.xz |
decompress "foo.xz " to create "foo " |
tar -xvf foo.tar |
extract files from "foo.tar " archive |
tar -xvzf foo.tar.gz |
extract files from gzipped "foo.tar.gz " archive |
tar -xvjf foo.tar.bz2 |
extract files from "foo.tar.bz2 " archive |
tar -xvJf foo.tar.xz |
extract files from "foo.tar.xz " archive |
tar -cvf foo.tar bar/ |
archive contents of folder "bar/ " in "foo.tar " archive |
tar -cvzf foo.tar.gz bar/ |
archive contents of folder "bar/ " in compressed "foo.tar.gz " archive |
tar -cvjf foo.tar.bz2 bar/ |
archive contents of folder "bar/ " in "foo.tar.bz2 " archive |
tar -cvJf foo.tar.xz bar/ |
archive contents of folder "bar/ " in "foo.tar.xz " archive |
zcat README.gz | pager |
display contents of compressed "README.gz " using the default pager |
zcat README.gz > foo |
create a file "foo " with the decompressed content of "README.gz " |
zcat README.gz >> foo |
append the decompressed content of "README.gz " to the end of the file "foo " (if it does not exist, create it first) |
Default values of environment variables are initially set by the PAM system and then some of them may be reset by some application programs.
-
The PAM system such as
pam_env
may set environment variables by/etc/pam.conf
", "/etc/environment
" and "/etc/default/locale
". -
The display manager such as
gdm3
may reset environment variables for GUI session by "~/.profile
". -
The user specific program initialization may reset environment variables by "
~/.profile
", "~/.bash_profile
" and "~/.bashrc
".
$LANG
xx_YY.ZZZZ
parts of locale value
locale value | meaning |
---|---|
xx |
ISO 639 language codes (lower case) such as "en" |
YY |
ISO 3166 country codes (upper case) such as "US" |
ZZZZ |
codeset, always set to "UTF-8" |
Shell glob patterns
shell glob pattern
description of match rule
*
filename (segment) not started with ".
"
.*
filename (segment) started with ".
"
?
exactly one character
[…]
exactly one character with any character enclosed in brackets
[a-z]
exactly one character with any character between "a
" and "z
"
[^…]
exactly one character other than any character enclosed in brackets (excluding "^
")
shell glob pattern | description of match rule |
---|---|
* |
filename (segment) not started with ". " |
.* |
filename (segment) started with ". " |
? |
exactly one character |
[…] |
exactly one character with any character enclosed in brackets |
[a-z] |
exactly one character with any character between "a " and "z " |
[^…] |
exactly one character other than any character enclosed in brackets (excluding "^ ") |
dotglob
", "noglob
", "nocaseglob
", "nullglob
", "extglob
", etc. See bash
(1)$?
gives return value of commandCommand exit codes
command exit status | numeric return value | logical return value |
---|---|---|
success | zero, 0 | TRUE |
error | non-zero, -1 | FALSE |
hell command idioms
command idiom | description |
---|---|
command & |
background execution of command in the subshell |
command1 | command2 |
pipe the standard output of command1 to the standard input of command2 (concurrent execution) |
command1 2>&1 | command2 |
pipe both standard output and standard error of command1 to the standard input of command2 (concurrent execution) |
command1 ; command2 |
execute command1 and command2 sequentially |
command1 && command2 |
execute command1 ; if successful, execute command2 sequentially (return success if both command1 and command2 are successful) |
command1 || command2 |
execute command1 ; if not successful, execute command2 sequentially (return success if command1 or command2 are successful) |
command > foo |
redirect standard output of command to a file foo (overwrite) |
command 2> foo |
redirect standard error of command to a file foo (overwrite) |
command >> foo |
redirect standard output of command to a file foo (append) |
command 2>> foo |
redirect standard error of command to a file foo (append) |
command > foo 2>&1 |
redirect both standard output and standard error of command to a file foo |
command < foo |
redirect standard input of command to a file foo |
command << delimiter |
redirect standard input of command to the following lines until "delimiter " is met (here document) |
command <<- delimiter |
redirect standard input of command to the following lines until "delimiter " is met (here document, the leading tab characters are stripped from input lines) |
$ </etc/motd pager
$ pager </etc/motd
$ pager /etc/motd
$ cat /etc/motd | pager
echo Hello >foo $ exec 3foo 4bar # open files $ cat <&3 >&4 # redirect stdin to 3, stdout to 4 $ exec 3<&- 4>&- # close files $ cat bar Hello
Predefined file descriptors
device | description | file descriptor |
---|---|---|
stdin |
standard input | 0 |
stdout |
standard output | 1 |
stderr |
standard error | 2 |
type ls ls is hashed (/bin/ls)
type la la is aliased to ls -latext tools
No regular expression is used:
cat(1) concatenates files and outputs the whole content.
tac(1) concatenates files and outputs in reverse.
cut(1) selects parts of lines and outputs.
head(1) outputs the first part of files.
tail(1) outputs the last part of files.
sort(1) sorts lines of text files.
uniq(1) removes duplicate lines from a sorted file.
tr(1) translates or deletes characters.
diff(1) compares files line by line.
Basic regular expression (BRE) is used as default:
ed(1) is a primitive line editor.
sed(1) is a stream editor.
grep(1) matches text with patterns.
vim(1) is a screen editor.
emacs(1) is a screen editor. (somewhat extended BRE)
Extended regular expression (ERE) is used:
awk(1) does simple text processing.
egrep(1) matches text with patterns.
tcl(3tcl) can do every conceivable text processing: See re_syntax(3). Often used with tk(3tk).
perl(1) can do every conceivable text processing. See perlre(1).
Metacharacters for BRE and ERE
BRE ERE description of the regular expression \ . [ ] ^ $ *
\ . [ ] ^ $ *
common metacharacters \+ \? \( \) \{ \} \|
BRE only " \
" escaped metacharacters+ ? ( ) { } |
ERE only non-" \
" escaped metacharactersc
c
match non-metacharacter " c
"\c
\c
match a literal character " c
" even if "c
" is metacharacter by itself.
.
match any character including newline ^
^
position at the beginning of a string $
$
position at the end of a string \<
\<
position at the beginning of a word \>
\>
position at the end of a word [abc…]
[abc…]
match any characters in " abc…
"[^abc…]
[^abc…]
match any characters except in " abc…
"r*
r*
match zero or more regular expressions identified by " r
"r\+
r+
match one or more regular expressions identified by " r
"r\?
r?
match zero or one regular expressions identified by " r
"r1\|r2
r1|r2
match one of the regular expressions identified by " r1
" or "r2
"\(r1\|r2\)
(r1|r2)
match one of the regular expressions identified by " r1
" or "r2
" and treat it as a bracketed regular expressionThe
sed
(1) command can replace all instances of "FROM_REGEX
" with "TO_TEXT
" in "file
".$ sed -i -e 's/FROM_REGEX/TO_TEXT/g' file
Extracting data from text file table
DPLIan Murdock August 1993 Bruce Perens April 1996awk '{ print $3 }' <DPLwhile read first last month year; do echo $month done <DPL
script snippets for piping commands
script snippet (type in one line) | effect of command |
---|---|
find /usr -print |
find all files under "/usr " |
seq 1 100 |
print 1 to 100 |
| xargs -n 1 command |
run command repeatedly with each item from pipe as its argument |
| xargs -n 1 echo |
split white-space-separated items from pipe into lines |
| xargs echo |
merge all lines from pipe into a line |
| grep -e regex_pattern |
extract lines from pipe containing regex_pattern |
| grep -v -e regex_pattern |
extract lines from pipe not containing regex_pattern |
| cut -d: -f3 - |
extract third field from pipe separated by ": " (passwd file etc.) |
| awk '{ print $3 }' |
extract third field from pipe separated by whitespaces |
| awk -F'\t' '{ print $3 }' |
extract third field from pipe separated by tab |
| col -bx |
remove backspace and expand tabs to spaces |
| expand - |
expand tabs |
| sort| uniq |
sort and remove duplicates |
| tr 'A-Z' 'a-z' |
convert uppercase to lowercase |
| tr -d '\n' |
concatenate lines into one line |
| tr -d '\r' |
remove CR |
| sed 's/^/# /' |
add "# " to the start of each line |
| sed 's/\.ext//g' |
remove ".ext " |
| sed -n -e 2p |
print the second line |
| head -n 2 - |
print the first 2 lines |
| tail -n 2 - |
print the last 2 lines |
List of Debian package management tools
package popcon size description dpkg
V:908, I:999 6400 low level package management system for Debian (file based) apt
V:864, I:999 4302 APT front-end to manage packages with CLI: apt
/apt-get
/apt-cache
aptitude
V:51, I:278 4268 APT front-end to interactively manage packages with full screen console: aptitude
(8)tasksel
V:35, I:980 347 APT front-end to install selected tasks: tasksel
(8)unattended-upgrades
V:217, I:336 301 enhancement package for APT to enable automatic installation of security upgrades gnome-software
V:141, I:252 2995 Software Center for GNOME (GUI APT front-end) synaptic
V:44, I:367 7627 graphical package manager (GTK APT front-end) apt-utils
V:356, I:998 1061 APT utility programs: apt-extracttemplates
(1),apt-ftparchive
(1), andapt-sortpkgs
(1)apt-listchanges
V:333, I:866 396 package change history notification tool apt-listbugs
V:6, I:9 475 lists critical bugs before each APT installation apt-file
V:17, I:71 89 APT package searching utility — command-line interface apt-rdepends
V:0, I:5 39 recursively lists package dependencies
# dpkg --root /target -i /path/to/foo_old_version_arch.deb
dpkg
's "--ignore-depends
", "--force-depends
"
APT::Acquire::http::Dl-Limit "800";'/etc/cron.daily/apt
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "0";key file is in the "/etc/apt/trusted.gpg.d/
"
/etc/apt/preferences
notable Pin-Priority values for apt-pinning technique.
Pin-Priority | apt-pinning effects to the package |
---|---|
1001 | install the package even if this constitutes a downgrade of the package |
990 | used as the default for the target release archive |
500 | used as the default for the normal archive |
100 | used as the default for the NotAutomatic and ButAutomaticUpgrades archive |
100 | used for the installed package |
1 | used as the default for the NotAutomatic archive |
-1 | never install the package even if recommended |
apt-get install -t testing some-packag
apt-cache policy package
Package: package-1 Pin: version * Pin-Priority: -1 Package: package-2 Pin: version * Pin-Priority: -1
Package: package-1 Pin: release a=unstable Pin-Priority: 700 Package: package-2 Pin: release a=unstable Pin-Priority: 700equivsCircumventing Debian package dependencies This package provides a tool to create trivial Debian packages. Typically these packages contain only dependency information, but they can also include normal installed files like other packages do. . One use for this is to create a metapackage: a package whose sole purpose is to declare dependencies and conflicts on other packages so that these will be automatically installed, upgraded, or removed. . Another use is to circumvent dependency checking: by letting dpkg think a particular package name and version is installed when it isn't, you can work around bugs in other packages' dependencies.
boot utilities for the Debian system
package | popcon | size | description |
---|---|---|---|
systemd
|
V:853, I:960 | 10217 | event-based init (8) daemon for concurrency (alternative to sysvinit ) |
systemd-sysv
|
V:825, I:958 | 75 | the manual pages and links needed for systemd to replace sysvinit |
init-system-helpers
|
V:682, I:969 | 140 | helper tools for switching between sysvinit and systemd |
initscripts
|
V:40, I:161 | 178 | scripts for initializing and shutting down the system |
sysvinit-core
|
V:5, I:6 | 369 | System-V-like init (8) utilities |
sysv-rc
|
V:80, I:171 | 86 | System-V-like runlevel change mechanism |
sysvinit-utils
|
V:898, I:999 | 101 | System-V-like utilities (startpar (8), bootlogd (8), …) |
lsb-base
|
V:768, I:809 | 12 | Linux Standard Base 3.2 init script functionality |
insserv
|
V:98, I:170 | 153 | tool to organize boot sequence using LSB init.d script dependencies |
kexec-tools
|
V:1, I:6 | 286 | kexec tool for kexec (8) reboots (warm reboot) |
systemd-bootchart
|
V:0, I:0 | 132 | boot process performance analyser |
mingetty
|
V:0, I:2 | 38 | console-only getty (8) |
mgetty
|
V:0, I:0 | 315 | smart modem getty (8) replacement |
ps --pid 1 -f
init-system-helpers [essential]/usr/bin/deb-systemd-helper /usr/bin/deb-systemd-invoke /usr/sbin/invoke-rc.d /usr/sbin/service /usr/sbin/update-rc.d /usr/share/bug/init-system-helpers/control
-
"
/lib/systemd/system
": OS default configuration files -
"
/etc/systemd/system
": system administrator configuration files which override the OS default configuration files -
"
/run/systemd/system
": run-time generated configuration files which override the installed configuration files
Wants=
", "Requires=
", "Before=
", "After=
", The suffix of the unit configuration file encodes their types as:
-
*.service describes the process controlled and supervised by
systemd
. Seesystemd.service
(5). -
*.device describes the device exposed in the
sysfs
(5) asudev
(7) device tree. Seesystemd.device
(5). -
*.mount describes the file system mount point controlled and supervised by
systemd
. Seesystemd.mount
(5). -
*.automount describes the file system auto mount point controlled and supervised by
systemd
. Seesystemd.automount
(5). -
*.swap describes the swap device or file controlled and supervised by
systemd
. Seesystemd.swap
(5). -
*.path describes the path monitored by
systemd
for path-based activation. Seesystemd.path
(5). -
*.socket describes the socket controlled and supervised by
systemd
for socket-based activation. Seesystemd.socket
(5). -
*.timer describes the timer controlled and supervised by
systemd
for timer-based activation. Seesystemd.timer
(5). -
*.slice manages resources with the
cgroups
(7). Seesystemd.slice
(5). -
*.scope is created programmatically using the bus interfaces of
systemd
to manages a set of system processes. Seesystemd.scope
(5). -
*.target groups other unit configuration files to create the synchronization point during start-up. See
systemd.target
(5).
systemd
process tries to start the "/lib/systemd/system/default.target
(normally symlinked to "graphical.target
"). First, some special target units (see systemd.special
(7)) such as "local-fs.target
", "swap.target
" and "cryptsetup.target
"
are pulled in to mount the filesystems. Then, other target units are
also pulled in by the target unit dependencies. For details, read bootup
(7).systemd
offers backward compatibility features. SysV-style boot scripts in "/etc/init.d/rc[0123456S].d/[KS]name
" are still parsed and telinit
(8) is translated into systemd unit activation requests. Emulated runlevel 2 to 4 are all symlinked to the same "multi-user.target
".
The kernel maintains the system hostname. The system unit started by systemd-hostnamed.service
sets the system hostname at boot time to the name stored in "/etc/hostname
". This file should contain only the system hostname, not a fully qualified domain name.
After mounting all the filesystems, temporary files in "/tmp
", "/var/lock
", and "/var/run
" are cleaned for each boot up.
Network interfaces are typically initialized in "networking.service
" for the lo
interface and "NetworkManager.service
" for other interfaces on modern Debian desktop system under systemd
.
dmesg -n3
Table 3.4. List of kernel error levels
error level value | error level name | meaning |
---|---|---|
0 | KERN_EMERG | system is unusable |
1 | KERN_ALERT | action must be taken immediately |
2 | KERN_CRIT | critical conditions |
3 | KERN_ERR | error conditions |
4 | KERN_WARNING | warning conditions |
5 | KERN_NOTICE | normal but significant condition |
6 | KERN_INFO | informational |
7 | KERN_DEBUG | debug-level messages |
Under systemd
, both kernel and system messages are logged by the journal service systemd-journald.service
(a.k.a journald
) either into a persistent binary data below "/var/log/journal
" or into a volatile binary data below "/run/log/journal/
". These binary log data are accessed by the journalctl
(1) command
journalctl -b #boot log
Operation | Command snippets |
---|---|
View log for system services and kernel from the last boot | "journalctl -b --system " |
View log for services of the current user from the last boot | "journalctl -b --user " |
View job log of "$unit " from the last boot |
"journalctl -b -u $unit " |
View job log of "$unit " ("tail -f " style) from the last boot |
"journalctl -b -u $unit -f " |
typical systemctl
command snippets
Operation | Command snippets |
---|---|
List all target unit configuration | "systemctl list-units --type=target " |
List all service unit configuration | "systemctl list-units --type=service " |
List all unit configuration types | "systemctl list-units --type=help " |
List all socket units in memory | "systemctl list-sockets " |
List all timer units in memory | "systemctl list-timers " |
Start "$unit " |
"systemctl start $unit " |
Stop "$unit " |
"systemctl stop $unit " |
Reload service-specific configuration | "systemctl reload $unit " |
Stop and start all "$unit " |
"systemctl restart $unit " |
Start "$unit " and stop all others |
"systemctl isolate $unit " |
Switch to "graphical " (GUI system) |
"systemctl isolate graphical " |
Switch to "multi-user " (CLI system) |
"systemctl isolate multi-user " |
Switch to "rescue " (single user CLI system) |
"systemctl isolate rescue " |
Send kill signal to "$unit " |
"systemctl kill $unit " |
Check if "$unit " service is active |
"systemctl is-active $unit " |
Check if "$unit " service is failed |
"systemctl is-failed $unit " |
Check status of "$unit|$PID|device " |
"systemctl status $unit|$PID|$device " |
Show properties of "$unit|$job " |
"systemctl show $unit|$job " |
Reset failed "$unit " |
"systemctl reset-failed $unit" |
List dependency of all unit services | "systemctl list-dependencies --all " |
List unit files installed on the system | "systemctl list-unit-files " |
Enable "$unit " (add symlink) |
"systemctl enable $unit " |
Disable "$unit " (remove symlink) |
"systemctl disable $unit " |
Unmask "$unit " (remove symlink to "/dev/null ") |
"systemctl unmask $unit " |
Mask "$unit " (add symlink to "/dev/null ") |
"systemctl mask $unit " |
Get default-target setting | "systemctl get-default " |
Set default-target to "graphical " (GUI system) |
"systemctl set-default graphical " |
Set default-target to "multi-user " (CLI system) |
"systemctl set-default multi-user " |
Show job environment | "systemctl show-environment " |
Set job environment "variable " to "value " |
"systemctl set-environment variable=value " |
Unset job environment "variable " |
"systemctl unset-environment variable " |
Reload all unit files and daemons | "systemctl daemon-reload " |
Shut down the system | "systemctl poweroff " |
Shut down and reboot the system | "systemctl reboot " |
Suspend the system | "systemctl suspend " |
Hibernate the system | "systemctl hibernate " |
System state changing commands in the above examples are typically preceded by the "sudo
" to attain the required administrative privilege.
The output of the "systemctl status $unit|$PID|$device
" uses color of the dot ("●") to summarize the unit state at a glance.
-
White "●" indicates an "inactive" or "deactivating" state.
-
Red "●" indicates a "failed" or "error" state.
-
Green "●" indicates an "active", "reloading" or "activating" state.
monitoring command snippets under systemd
Operation
Command snippets
Show time spent for each initialization steps
"systemd-analyze time
"
List of all units by the time to initialize
"systemd-analyze blame
"
Load and detect errors in "$unit
" file
"systemd-analyze verify $unit
"
Show terse runtime status information of the user of the caller's session
"loginctl user-status
"
Show terse runtime status information of the caller's session
"loginctl session-status
"
Track boot process by the cgroups
"systemd-cgls
"
Track boot process by the cgroups
"ps xawf -eo pid,user,cgroup,args
"
Track boot process by the cgroups
Read sysfs under "/sys/fs/cgroup/systemd/
"
systemd
Operation | Command snippets |
---|---|
Show time spent for each initialization steps | "systemd-analyze time " |
List of all units by the time to initialize | "systemd-analyze blame " |
Load and detect errors in "$unit " file |
"systemd-analyze verify $unit " |
Show terse runtime status information of the user of the caller's session | "loginctl user-status " |
Show terse runtime status information of the caller's session | "loginctl session-status " |
Track boot process by the cgroups | "systemd-cgls " |
Track boot process by the cgroups | "ps xawf -eo pid,user,cgroup,args " |
Track boot process by the cgroups | Read sysfs under "/sys/fs/cgroup/systemd/ " |
disable service
$ sudo systemctl stop sshd.service $ sudo systemctl mask sshd.service
sshd.socket
for specifying a socket to listen on
[Unit] Description=SSH Socket for Per-Connection Servers [Socket] ListenStream=22 Accept=yes [Install] WantedBy=sockets.target
[email protected]
as the matching service file of sshd.socket
[Unit] Description=SSH Per-Connection Server [Service] ExecStart=-/usr/sbin/sshd -i StandardInput=socket
sudo systemctl daemon-reload
udev
The udev system provides mechanism for the automatic hardware discovery and initialization
udev system starts a user process which uses information from the sysfs filesystem (see Section 1.2.12, “procfs and sysfs”), loads required kernel modules supporting it using the modprobe
If "/lib/modules/kernel-version/modules.dep
" was not generated properly by depmod
(8) for some reason, modules may not be loaded as expected by the udev system. Execute "depmod -a
" to fix it.
For mounting rules in "/etc/fstab
", device nodes do not need to be static ones. You can use UUID to mount devices instead of device names such as "/dev/sda
".
/etc/modules #modules to load
etc/modprobes.d/blacklist #config module
The "/lib/modules/version/modules.dep
" file generated by the depmod
(8) program describes module dependencies used by the modprobe
(8) program.
The modinfo
(8) program shows information about a Linux kernel module.
The lsmod
(8) program nicely formats the contents of the "/proc/modules
", showing what kernel modules are currently loaded.
Authentication using pam
pam_unix
(8) module under the PAM (Pluggable Authentication Modules). Its 3 important configuration files, with ":
" separated entries, are the following.
configuration files for pam_unix
(8)
file | permission | user | group | description |
---|---|---|---|---|
/etc/passwd |
-rw-r--r-- |
root |
root |
(sanitized) user account information |
/etc/shadow |
-rw-r----- |
root |
shadow |
secure user account information |
/etc/group |
-rw-r--r-- |
root |
root |
group information |
/etc/passwd
" contains the following.
... user1:x:1000:1000:User1 Name,,,:/home/user1:/bin/bash user2:x:1001:1001:User2 Name,,,:/home/user2:/bin/bash
As explained in passwd
(5), each ":
" separated entry of this file means the following.
-
Login name
-
Password specification entry
-
Numerical user ID
-
Numerical group ID
-
User name or comment field
-
User home directory
-
Optional user command interpreter
The second entry of "/etc/passwd
" was used for the encrypted password entry. After the introduction of "/etc/shadow
", this entry is used for the password specification entry.
second entry content of "/etc/passwd
"
content | meaning |
---|---|
(empty) | passwordless account |
x | the encrypted password is in "/etc/shadow " |
/etc/shadow
" contains the following.
... user1:$1$Xop0FYH9$IfxyQwBe9b8tiyIkt2P4F/:13262:0:99999:7::: user2:$1$vXGZLVbS$ElyErNf/agUDsm1DehJMS/:13261:0:99999:7::: ...
As explained in shadow
(5), each ":
" separated entry of this file means the following.
-
Login name
-
Encrypted password (The initial "
$1$
" indicates use of the MD5 encryption. The "*" indicates no login.) -
Date of the last password change, expressed as the number of days since Jan 1, 1970
-
Number of days the user will have to wait before she will be allowed to change her password again
-
Number of days after which the user will have to change her password
-
Number of days before a password is going to expire during which the user should be warned
-
Number of days after a password has expired during which the password should still be accepted
-
Date of expiration of the account, expressed as the number of days since Jan 1, 1970
-
…
"/etc/group
" contains the following.
group1:x:20:user1,user2
As explained in group
(5), each ":
" separated entry of this file means the following.
-
Group name
-
Encrypted password (not really used)
-
Numerical group ID
"
/etc/gshadow
" provides the similar function as "/etc/shadow
" for "/etc/group
" but is not really used.The actual group membership of a user may be dynamically added if "
auth optional pam_group.so
"line is added to "
/etc/pam.d/common-auth
" and set it in "/etc/security/group.conf
".See
pam_group
(8).
The base-passwd package contains an authoritative list of the user and the group: "/usr/share/doc/base-passwd/users-and-groups.html".
commands to manage account information
command | function |
---|---|
getent passwd user_name |
browse account information of "user_name " |
getent shadow user_name |
browse shadowed account information of "user_name " |
getent group group_name |
browse group information of "group_name " |
passwd |
manage password for the account |
passwd -e |
set one-time password for the account activation |
chage |
manage password aging information |
List of tools to generate password
package popcon size command function whois
V:26, I:271 386 mkpasswd
over-featured front end to the crypt
(3) libraryopenssl
V:832, I:995 2290 openssl passwd
compute password hashes (OpenSSL). passwd
(1ssl)
Modern Unix-like systems such as the Debian system provide PAM (Pluggable Authentication Modules) and NSS (Name Service Switch) mechanism to the local system administrator to configure his system. The role of these can be summarizes as the following.
-
PAM offers a flexible authentication mechanism used by the application software thus involves password data exchange.
-
NSS offers a flexible name service mechanism which is frequently used by the C standard library to obtain the user and group name for programs such as
ls
(1) andid
(1).
List of notable PAM and NSS systems
package popcon size description libpam-modules
V:878, I:999 1006 Pluggable Authentication Modules (basic service) libpam-ldap
V:1, I:7 249 Pluggable Authentication Module allowing LDAP interfaces libpam-cracklib
V:1, I:9 117 Pluggable Authentication Module to enable cracklib support libpam-systemd
V:517, I:925 570 Pluggable Authentication Module to register user sessions for logind
libpam-doc
I:0 963 Pluggable Authentication Modules (documentation in html and text) libc6
V:918, I:999 12988 GNU C Library: Shared libraries which also provides "Name Service Switch" service glibc-doc
I:8 3501 GNU C Library: Manpages glibc-doc-reference
I:4 13188 GNU C Library: Reference manual in info, pdf and html format (non-free) libnss-mdns
I:506 141 NSS module for Multicast DNS name resolution libnss-ldap
V:0, I:6 265 NSS module for using LDAP as a naming service libnss-ldapd
V:1, I:13 129 NSS module for using LDAP as a naming service (new fork of libnss-ldap
)
Under systemd, libpam-systemd
package is installed to manage user logins by registering user sessions in the systemd
control group hierarchy for logind. See systemd-logind
(8), logind.conf
(5), and pam_systemd
(8).
List of configuration files accessed by PAM and NSS
configuration file | function |
---|---|
/etc/pam.d/program_name |
set up PAM configuration for the "program_name " program; see pam (7) and pam.d (5) |
/etc/nsswitch.conf |
set up NSS configuration with the entry for each service. See nsswitch.conf (5) |
/etc/nologin |
limit the user login by the pam_nologin (8) module |
/etc/securetty |
limit the tty for the root access by the pam_securetty (8) module |
/etc/security/access.conf |
set access limit by the pam_access (8) module |
/etc/security/group.conf |
set group based restraint by the pam_group (8) module |
/etc/security/pam_env.conf |
set environment variables by the pam_env (8) module |
/etc/environment |
set additional environment variables by the pam_env (8) module with the "readenv=1 " argument |
/etc/default/locale |
set locale by pam_env (8) module with the "readenv=1 envfile=/etc/default/locale " argument (Debian) |
/etc/security/limits.conf |
set resource restraint (ulimit, core, …) by the pam_linits (8) module |
/etc/security/time.conf |
set time restraint by the pam_time (8) module |
/etc/systemd/logind.conf |
set systemd login manager configuration (see logind.conf (5) and systemd-logind.service (8)) |
debian uses PAM, so that one can restrict the ability to usesu
to theroot
group by enabling the
line with "pam_wheel.so
" in "/etc/pam.d/su
".
Installing the
libpam-cracklib
package enables you to force stricter password rule.GNOME automatically installs
libpam-gnome-keyring
, "/etc/pam.d/common-password
"
List of insecure and secure services and ports
insecure service name | port | secure service name | port |
---|---|---|---|
www (http) | 80 | https | 443 |
smtp (mail) | 25 | ssmtp (smtps) | 465 |
ftp-data | 20 | ftps-data | 989 |
ftp | 21 | ftps | 990 |
telnet | 23 | telnets | 992 |
imap2 | 143 | imaps | 993 |
pop3 | 110 | pop3s | 995 |
ldap | 389 | ldaps | 636 |
The encryption costs CPU time. As a CPU friendly alternative, you can keep communication in plain text while securing just the password with the secure authentication protocol such as "Authenticated Post Office Protocol" (APOP) for POP and "Challenge-Response Authentication Mechanism MD5" (CRAM-MD5) for SMTP and IMAP.
The Secure Shell (SSH)
program provides secure encrypted communications between two untrusted
hosts over an insecure network with the secure authentication. It
consists of the OpenSSH client, ssh
(1), and the OpenSSH daemon, sshd
(8).
This SSH can be used to tunnel an insecure protocol communication such
as POP and X securely over the Internet with the port forwarding
feature.
The client tries to authenticate itself using host-based authentication, public key authentication, challenge-response authentication, or password authentication. The use of public key authentication enables the remote password-less login
tools to provide extra security measures
package | popcon | size | description |
---|---|---|---|
knockd
|
V:0, I:2 | 110 | small port-knock daemon knockd (1) and client knock (1) |
fail2ban
|
V:103, I:116 | 2129 | ban IPs that cause multiple authentication errors |
libpam-shield
|
V:0, I:0 | 115 | lock out remote attackers trying password guessing |
The Linux Security Module (LSM) framework provides a mechanism for various security checks to be hooked by new kernel extensions. For example:
Linux namespaces
wrap a global system resource in an abstraction that makes it appear to
the processes within the namespace that they have their own isolated
instance of the global resource. Changes to the global resource are
visible to other processes that are members of the namespace, but are
invisible to other processes. Since kernel version 5.6, there are 8
kinds of namespaces (see namespaces
(7), unshare
(1), nsenter
(1)).
network configuration tools
packages | popcon | size | type | description |
---|---|---|---|---|
network-manager
|
V:377, I:449 | 15376 | config::NM | NetworkManager (daemon): manage the network automatically |
network-manager-gnome
|
V:120, I:365 | 5574 | config::NM | NetworkManager (GNOME frontend) |
ifupdown
|
V:590, I:982 | 199 | config::ifupdown | standardized tool to bring up and down the network (Debian specific) |
isc-dhcp-client
|
V:214, I:982 | 2857 | config::low-level | DHCP client |
pppoeconf
|
V:0, I:6 | 186 | config::helper | configuration helper for PPPoE connection |
wpasupplicant
|
V:333, I:505 | 3846 | , , | client support for WPA and WPA2 (IEEE 802.11i) |
wpagui
|
V:0, I:2 | 770 | , , | Qt GUI client for wpa_supplicant |
wireless-tools
|
V:171, I:238 | 292 | , , | tools for manipulating Linux Wireless Extensions |
iw
|
V:33, I:470 | 302 | , , | tool for configuring Linux wireless devices |
iproute2
|
V:713, I:967 | 3599 | config::iproute2 | iproute2, IPv6 and other advanced network configuration: ip (8), tc (8), etc |
iptables
|
V:310, I:769 | 2408 | config::Netfilter | administration tools for packet filtering and NAT (Netfilter) |
iputils-ping
|
V:198, I:997 | 120 | test | test network reachability of a remote host by hostname or IP address (iproute2) |
iputils-arping
|
V:3, I:44 | 49 | test | test network reachability of a remote host specified by the ARP address |
iputils-tracepath
|
V:2, I:33 | 45 | test | trace the network path to a remote host |
ethtool
|
V:93, I:267 | 699 | test | display or change Ethernet device settings |
mtr-tiny
|
V:5, I:48 | 161 | test::low-level | trace the network path to a remote host (curses) |
mtr
|
V:4, I:42 | 214 | , , | trace the network path to a remote host (curses and GTK) |
gnome-nettool
|
V:0, I:20 | 2492 | , , | tools for common network information operations (GNOME) |
nmap
|
V:24, I:205 | 4450 | , , | network mapper / port scanner (Nmap, console) |
tcpdump
|
V:16, I:180 | 1340 | , , | network traffic analyzer (Tcpdump, console) |
wireshark
|
I:44 | 36 | , , | network traffic analyzer (Wireshark, GTK) |
tshark
|
V:2, I:26 | 402 | , , | network traffic analyzer (console) |
tcptrace
|
V:0, I:2 | 401 | , , | produce a summarization of the connections from tcpdump output |
snort
|
V:0, I:0 | 2203 | , , | flexible network intrusion detection system (Snort) |
ntopng
|
V:0, I:1 | 15904 | , , | display network usage in web browser |
dnsutils
|
V:20, I:312 | 263 | , , | network clients provided with BIND: nslookup (8), nsupdate (8), dig (8) |
dlint
|
V:0, I:4 | 53 | , , | check DNS zone information using nameserver lookups |
dnstracer
|
V:0, I:1 | 61 | , , | trace a chain of DNS servers to the source |
The hostname resolution is currently supported by the NSS (Name Service Switch) mechanism too. The flow of this resolution is the following.
-
The "
/etc/nsswitch.conf
" file with stanza like "hosts: files dns
" dictates the hostname resolution order. (This replaces the old functionality of the "order
" stanza in "/etc/host.conf
".) -
The
files
method is invoked first. If the hostname is found in the "/etc/hosts
" file, it returns all valid addresses for it and exits. (The "/etc/host.conf
" file contains "multi on
".) -
The
dns
method is invoked. If the hostname is found by the query to the Internet Domain Name System (DNS) identified by the "/etc/resolv.conf
" file, it returns all valid addresses for it and exits.
The resolvconf
package makes this "/etc/resolv.conf
" into a symbolic link and manages its contents by the hook scripts automatically.
For the PC workstation on the typical adhoc LAN environment, the hostname can be resolved via Multicast DNS (mDNS, Zeroconf) in addition to the basic files
and dns
methods.
-
Avahi provides a framework for Multicast DNS Service Discovery on Debian.
-
It is equivalent of Apple Bonjour / Apple Rendezvous.
-
The
libnss-mdns
plugin package provides host name resolution via mDNS for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc). -
The "
/etc/nsswitch.conf
" file should have stanza like "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
". -
Host names ending with the ".local" pseudo-top-level domain (TLD) are resolved.
-
The mDNS IPv4 link-local multicast address "
224.0.0.251
" or its IPv6 equivalent "FF02::FB
" are used to make DNS query for a name ending with ".local
".
The systemd uses "Predictable Network Interface Names" such as "enp0s25
".
- Names incorporating Firmware/BIOS provided index numbers for on-board devices (example:
eno1
) - Names incorporating Firmware/BIOS provided PCI Express hotplug slot index numbers (example:
ens1
) - Names incorporating physical/geographical location of the connector of the hardware (example:
enp2s0
) - Names incorporating the interfaces's MAC address (example:
enx78e7d1ea46da
) - Classic, unpredictable kernel-native ethX naming (example:
eth0
)
to disable it ln -s /dev/null /etc/systemd/network/99-default.link
List of network address ranges
Class network addresses net mask net mask /bits number of subnets A 10.x.x.x 255.0.0.0 /8 1 B 172.16.x.x — 172.31.x.x 255.255.0.0 /16 16 C 192.168.0.x — 192.168.255.x 255.255.255.0 /24 256
systemd-networkd
/etc/systemd/network/dhcp.network
[Match] Name=en* [Network] DHCP=yes
/etc/systemd/network/static.network
[Match] Name=en* [Network] Address=192.168.0.15/24 Gateway=192.168.0.1
translation table from obsolete net-tools
commands to new iproute2
commands
obsolete net-tools | new iproute2 etc. | manipulation |
---|---|---|
ifconfig (8) |
ip addr |
protocol (IP or IPv6) address on a device |
route (8) |
ip route |
routing table entry |
arp (8) |
ip neigh |
ARP or NDISC cache entry |
ipmaddr |
ip maddr |
multicast address |
iptunnel |
ip tunnel |
tunnel over IP |
nameif (8) |
ifrename (8) |
name network interfaces based on MAC addresses |
mii-tool (8) |
ethtool (8) |
Ethernet device settings |
List of low level network commands
finding mtu
command description ip addr show
display the link and address status of active interfaces route -n
display all the routing table in numerical addresses ip route show
display all the routing table in numerical addresses arp
display the current content of the ARP cache tables ip neigh
display the current content of the ARP cache tables plog
display ppp daemon log ping yahoo.com
check the Internet connection to " yahoo.com
"whois yahoo.com
check who registered " yahoo.com
" in the domains databasetraceroute yahoo.com
trace the Internet connection to " yahoo.com
"tracepath yahoo.com
trace the Internet connection to " yahoo.com
"mtr yahoo.com
trace the Internet connection to " yahoo.com
" (repeatedly)dig [@dns-server.com] example.com [{a|mx|any}]
check DNS records of " example.com
" by "dns-server.com
" for a "a
", "mx
", or "any
" recordiptables -L -n
check packet filter netstat -a
find all open ports netstat -l --inet
find listening ports netstat -ln --tcp
find listening TCP ports (numeric) dlint example.com
check DNS zone information of " example.com
"
ping -4 -c 1 -s $((1500-28)) -M do www.debian.org
ping -4 -c 1 -s $((1460-28)) -M do www.debian.org
ping -6 -c 1 -s $((1500-48)) -M do www.debian.org
MTU= Maximum Transmission Unit (MTU)
optimal MTU value
network environment | MTU | rationale |
---|---|---|
Dial-up link (IP: PPP) | 576 | standard |
Ethernet link (IP: DHCP or fixed) | 1500 | standard and default |
MSS=maximum segment size
-
MSS = MTU - 40 for IPv4
-
MSS = MTU - 60 for IPv6
packages | popcon | size | description |
---|---|---|---|
iptables
|
V:310, I:769 | 2408 | administration tools for netfilter (iptables (8) for IPv4, ip6tables (8) for IPv6) |
arptables
|
V:0, I:1 | 100 | administration tools for netfilter (arptables (8) for ARP) |
ebtables
|
V:14, I:29 | 264 | administration tools for netfilter (ebtables (8) for Ethernet bridging) |
iptstate
|
V:0, I:2 | 119 | continuously monitor netfilter state (similar to top (1)) |
shorewall-init
|
V:0, I:0 | 85 | Shoreline Firewall initialization |
shorewall
|
V:3, I:9 | 3090 | Shoreline Firewall, netfilter configuration file generator |
shorewall-lite
|
V:0, I:0 | 71 | Shoreline Firewall, netfilter configuration file generator (light version) |
shorewall6
|
V:0, I:1 | 1334 | Shoreline Firewall, netfilter configuration file generator (IPv6 version) |
shorewall6-lite
|
V:0, I:0 | 71 | Shoreline Firewall, netfilter configuration file generator (IPv6, light version) |
-
It is not realistic to run SMTP server on the consumer grade network to send mail directly to the remote host reliably.
-
A mail may be rejected by any host en route to the destination quietly unless it appears as authentic as possible.
-
It is not realistic to expect a single smarthost to send mails of unrelated source mail addresses to the remote host reliably.
This is because:
The SMTP port (25) connections from hosts serviced by the consumer grade network to the Internet are blocked.
The SMTP port (25) connections to hosts serviced by the consumer grade network from the Internet are blocked.
The outgoing messages from hosts serviced by the consumer grade network to the Internet can only be sent via the message submission port (587).
Anti-spam techniques such as DomainKeys Identified Mail (DKIM), Sender_Policy_Framework (SPF), and Domain-based Message Authentication, Reporting and Conformance (DMARC) are widely used for the email filtering.
-
The DomainKeys Identified Mail service may be provided for your mail sent through the smarthost.
-
The smarthost may rewrite the source mail address in the message header to your mail account on the smarthost to prevent email address spoofing.
basic mail transport agent related packages
package | popcon | size | description |
---|---|---|---|
exim4-daemon-light
|
V:233, I:244 | 1504 | Exim4 mail transport agent (MTA: Debian default) |
exim4-daemon-heavy
|
V:6, I:7 | 1662 | Exim4 mail transport agent (MTA: flexible alternative) |
exim4-base
|
V:240, I:252 | 1672 | Exim4 documentation (text) and common files |
exim4-doc-html
|
I:1 | 3748 | Exim4 documentation (html) |
exim4-doc-info
|
I:0 | 639 | Exim4 documentation (info) |
postfix
|
V:129, I:138 | 4024 | Postfix mail transport agent (MTA: secure alternative) |
postfix-doc
|
I:7 | 4634 | Postfix documentation (html+text) |
sasl2-bin
|
V:5, I:15 | 401 | Cyrus SASL API implementation (supplement postfix for SMTP AUTH) |
cyrus-sasl2-doc
|
I:1 | 2175 | Cyrus SASL - documentation |
msmtp
|
V:6, I:11 | 616 | Light weight MTA |
msmtp-mta
|
V:5, I:6 | 124 | Light weight MTA (sendmail compatibility extension to msmtp ) |
esmtp
|
V:0, I:0 | 129 | Light weight MTA |
esmtp-run
|
V:0, I:0 | 32 | Light weight MTA (sendmail compatibility extension to esmtp ) |
nullmailer
|
V:8, I:9 | 476 | Strip down MTA, no local mail |
ssmtp
|
V:5, I:8 | 2 | Strip down MTA, no local mail |
sendmail-bin
|
V:14, I:14 | 1877 | Full featured MTA (only if you are already familiar) |
courier-mta
|
V:0, I:0 | 2390 | Full featured MTA (web interface etc.) |
List of remote access server and utilities
package | popcon | size | tool | description |
---|---|---|---|---|
openssh-client
|
V:854, I:997 | 5814 | ssh (1) |
Secure shell client |
openssh-server
|
V:723, I:818 | 1948 | sshd (8) |
Secure shell server |
ssh-askpass
|
I:23 | 102 | ssh-askpass (1) |
asks user for a pass phrase for ssh-add (plain X) |
ssh-askpass-gnome
|
V:0, I:4 | 209 | ssh-askpass-gnome (1) |
asks user for a pass phrase for ssh-add (GNOME) |
ssh-askpass-fullscreen
|
V:0, I:0 | 48 | ssh-askpass-fullscreen (1) |
asks user for a pass phrase for ssh-add (GNOME) with extra eye candy |
shellinabox
|
V:0, I:1 | 507 | shellinaboxd (1) |
web server for browser accessible VT100 terminal emulator |
List of SSH configuration files
configuration file | description of configuration file |
---|---|
/etc/ssh/ssh_config |
SSH client defaults, see ssh_config (5) |
/etc/ssh/sshd_config |
SSH server defaults, see sshd_config (5) |
~/.ssh/authorized_keys |
default public SSH keys that clients use to connect to this account on this SSH server |
~/.ssh/id_rsa |
secret SSH-2 RSA key of the user |
~/.ssh/id_key-type-name |
secret SSH-2 key-type-name key such as ecdsa , ed25519 , ... of the user |
List of print servers and utilities
package | popcon | size | port | description |
---|---|---|---|---|
lpr
|
V:2, I:3 | 367 | printer (515) | BSD lpr/lpd (Line printer daemon) |
lprng
|
V:0, I:1 | 3060 | , , | , , (Enhanced) |
cups
|
V:102, I:431 | 1061 | IPP (631) | Internet Printing CUPS server |
cups-client
|
V:119, I:454 | 425 | , , | System V printer commands for CUPS: lp (1), lpstat (1), lpoptions (1), cancel (1), lpmove (8), lpinfo (8), lpadmin (8), … |
cups-bsd
|
V:30, I:230 | 131 | , , | BSD printer commands for CUPS: lpr (1), lpq (1), lprm (1), lpc (8) |
printer-driver-gutenprint
|
V:25, I:138 | 1219 | Not applicable | printer drivers for CUPS |
|
other network application servers
package | popcon | size | protocol | description |
---|---|---|---|---|
telnetd
|
V:0, I:2 | 53 | TELNET | TELNET server |
telnetd-ssl
|
V:0, I:0 | 159 | , , | , , (SSL support) |
nfs-kernel-server
|
V:48, I:66 | 677 | NFS | Unix file sharing |
samba
|
V:107, I:135 | 4038 | SMB | Windows file and printer sharing |
netatalk
|
V:1, I:2 | 2010 | ATP | Apple/Mac file and printer sharing (AppleTalk) |
proftpd-basic
|
V:10, I:18 | 452 | FTP | General file download |
apache2
|
V:220, I:273 | 563 | HTTP | General web server |
squid
|
V:10, I:11 | 9053 | , , | General web proxy server |
bind9
|
V:46, I:51 | 1131 | DNS | IP address for other hosts |
isc-dhcp-server
|
V:19, I:39 | 6061 | DHCP | IP address of client itself |
task package | popcon | size | description |
---|---|---|---|
task-gnome-desktop
|
I:191 | 9 | GNOME desktop environment |
task-xfce-desktop
|
I:97 | 9 | Xfce desktop environment |
task-kde-desktop
|
I:78 | 6 | KDE Plasma desktop environment |
task-mate-desktop
|
I:44 | 9 | MATE desktop environment |
task-cinnamon-desktop
|
I:41 | 9 | Cinnamon desktop environment |
task-lxde-desktop
|
I:30 | 9 | LXDE desktop environment |
task-lxqt-desktop
|
I:19 | 9 | LXQt desktop environment |
task-gnome-flashback-desktop
|
I:13 | 6 | GNOME Flashback desktop environment |
List of notable GUI infrastructure packages on gnome
package | popcon | package size | description |
---|---|---|---|
mutter
|
V:1, I:74 | 185 | GNOME's mutter window manager [auto] |
xwayland
|
V:215, I:295 | 2363 | An X server running on top of wayland [auto] |
gnome-remote-desktop
|
V:43, I:196 | 1063 | Remote desktop daemon for GNOME using PipeWire [auto] |
gnome-tweaks
|
V:19, I:219 | 1200 | Advanced configuration settings for GNOME |
gnome-shell-extension-prefs
|
V:13, I:195 | 59 | Tool to enable / disable GNOME Shell extensions |
locale
-
Internationalization (I18N): To make a software potentially handle multiple locales.
-
Localization (L10N): To make a software handle an specific locale.
There are 17, 18, or 10 letters between "m" and "n", "i" and "n", or "l" and "n" in multilingualization, internationalization, and localization which correspond to M17N, I18N, and L10N
Actual support of locale dependent features by the libc
library requires to install locales
or locales-all
packages. The locales
package requires to be initialized properly.
If neither locales
or locales-all
package are installed, support of locale features are lost and system uses US English messages and handles data as ASCII. This behavior is the same way as "$LANG
" is set by "LANG=
", "LANG=C
", or "LANG=POSIX
".
The simplest representation of the text data is ASCII which is sufficient for English and uses less than 127 characters (representable with 7 bits).
Even plain English text may contain non-ASCII characters, e.g. slightly curly left and right quotation marks are not available in ASCII.
Unicode character set can represent practically all characters known to human with 21 bit code point range (i.e., 0 to 10FFFF in hexadecimal notation).
Text encoding system UTF-8 fits Unicode code points into a sensible 8 bit data stream mostly compatible with the ASCII data processing system. This makes UTF-8 the modern preferred choice. UTF stands for Unicode Transformation Format. When ASCII plain text data is converted to UTF-8 one, it has exactly the same content and size as the original ASCII one. So you loose nothing by deploying UTF-8 locale.
LANG=fr_FR.UTF-8
dpkg-reconfigure locales
-
Select all required locale data to be compiled into the binary form. (Please make sure to include at least one UTF-8 locale)
-
Set the system wide default locale value by creating "
/etc/default/locale
" for use by PAM (see Section 4.5, “PAM and NSS”).
Actual traditional encoding system can be identified by "/usr/share/i18n/SUPPORTED
". Thus,
the "LANG=en_US
" is "LANG=en_US.ISO-8859-1
".
The locales-all
package comes with pre-compiled locale data for all locale data. Since it doesn't create "/etc/default/locale
", you may still need to install the locales
package, too.
mount
(8) for vfat filesystem assumes CP437 if used without option. You need to provide explicit mount option to use UTF-8 or CP932 for filenames
/usr/share/man/it/
LANG=it_IT.UTF-8 man programname
IBus and its engine packages
package | popcon | size | supported locale |
---|---|---|---|
ibus | V:179, I:229 | 1710 | input method framework using dbus |
ibus-mozc | V:1, I:3 | 935 | Japanese |
ibus-anthy | V:0, I:1 | 8856 | , , |
ibus-skk | V:0, I:0 | 242 | , , |
ibus-kkc | V:0, I:0 | 210 | , , |
ibus-libpinyin | V:1, I:3 | 2719 | Chinese (for zh_CN) |
ibus-chewing | V:0, I:0 | 422 | , , (for zh_TW) |
ibus-libzhuyin | V:0, I:0 | 40987 | , , (for zh_TW) |
ibus-rime | V:0, I:0 | 77 | , , (for zh_CN/zh_TW) |
ibus-cangjie | V:0, I:0 | 119 | , , (for zh_HK) |
ibus-hangul | V:0, I:2 | 264 | Korean |
ibus-libthai | I:0 | 90 | Thai |
ibus-table-thai | I:0 | 58 | Thai |
ibus-unikey | V:0, I:0 | 318 | Vietnamese |
ibus-keyman | V:0, I:0 | 137 | Multilingual: Keyman engine for over 2000 languages |
ibus-table | V:0, I:1 | 2137 | table engine for IBus |
ibus-m17n | V:0, I:1 | 377 | Multilingual: Indic, Arabic and others |
plasma-widgets-addons | V:44, I:95 | 1984 | additional widgets for Plasma 5 containing Keyboard Indicator |
For Chinese, "fcitx5
" may be an alternative input method framework
East Asian Ambiguous Character Width Characters
export NCURSES_NO_UTF8_ACS=0
.
bsdutils
/usr/bin/logger /usr/bin/renice /usr/bin/script /usr/bin/scriptlive /usr/bin/scriptreplay /usr/bin/wall
debianutils needed for bash/dash
/bin/run-parts /bin/tempfile /sbin/installkernel /usr/bin/ischroot /usr/bin/savelog /usr/bin/which.debianutils /usr/sbin/add-shell /usr/sbin/remove-shell /usr/sbin/update-shells /usr/share/debianutils/shells
f programs to support console activities
package | popcon | size | description |
---|---|---|---|
mc
|
V:48, I:213 | 1490 | See Section 1.3, “Midnight Commander (MC)” |
bsdutils
|
V:560, I:999 | 356 | script (1) command to make a record of terminal session |
screen
|
V:77, I:240 | 997 | terminal multiplexer with VT100/ANSI terminal emulation |
tmux
|
V:39, I:143 | 1110 | terminal multiplexer alternative (Use "Control-B" instead) |
fzf
|
V:4, I:14 | 3409 | fuzzy text finder |
fzy
|
V:0, I:0 | 54 | fuzzy text finder |
rlwrap
|
V:1, I:14 | 330 | readline feature command line wrapper |
ledit
|
V:0, I:10 | 315 | readline feature command line wrapper |
rlfe
|
V:0, I:0 | 42 | readline feature command line wrapper |
ripgrep
|
V:4, I:16 | 4517 | fast recursive string search in the source code tree with automatic filtering |
. List of key bindings for screen
key binding | meaning |
---|---|
^A ? |
show a help screen (display key bindings) |
^A c |
create a new window and switch to it |
^A n |
go to next window |
^A p |
go to previous window |
^A 0 |
go to window number 0 |
^A 1 |
go to window number 1 |
^A w |
show a list of windows |
^A a |
send a Ctrl-A to current window as keyboard input |
^A h |
write a hardcopy of current window to file |
^A H |
begin/end logging current window to file |
^A ^X |
lock the terminal (password protected) |
^A d |
detach screen session from the terminal |
^A DD |
detach screen session and log out |
fzf completions
FZF_KEYBINDINGS_PATH=/usr/share/doc/fzf/examples/key-bindings.bash if [ -f $FZF_KEYBINDINGS_PATH ]; then . $FZF_KEYBINDINGS_PATH fi FZF_COMPLETION_PATH=/usr/share/doc/fzf/examples/completion.bash if [ -f $FZF_COMPLETION_PATH ]; then . $FZF_COMPLETION_PATH fi
rlwrap dash -i
rg = ripgrep
Display examples of time and date for the "ls -l
" command with the time style value
time style value | locale | display of time and date |
---|---|---|
iso |
any | 01-19 00:15 |
long-iso |
any | 2009-01-19 00:15 |
full-iso |
any | 2009-01-19 00:15:16.000000000 +0900 |
locale |
C |
Jan 19 00:15 |
locale |
en_US.UTF-8 |
Jan 19 00:15 |
locale |
es_ES.UTF-8 |
ene 19 00:15 |
+%d.%m.%y %H:%M |
any | 19.01.09 00:15 |
+%d.%b.%y %H:%M |
C or en_US.UTF-8 |
19.Jan.09 00:15 |
+%d.%b.%y %H:%M |
es_ES.UTF-8 |
19.ene.09 00:15 |
$ RED=$(printf "\x1b[31m") $ NORMAL=$(printf "\x1b[0m") $ REVERSE=$(printf "\x1b[7m") $ echo "${RED}RED-TEXT${NORMAL} ${REVERSE}REVERSE-TEXT${NORMAL}"
clolr cmd
if [ "$TERM" != "dumb" ]; then eval "`dircolors -b`" alias ls='ls --color=always' alias ll='ls --color=always -l' alias la='ls --color=always -A' alias less='less -R' alias ls='ls --color=always' alias grep='grep --color=always' alias egrep='egrep --color=always' alias fgrep='fgrep --color=always' alias zgrep='zgrep --color=always' else alias ll='ls -l' alias la='ls -A' fi
. List of packages which can record configuration history
List of tools for monitoring and controlling program activities
package | popcon | size | description |
---|---|---|---|
coreutils
|
V:876, I:999 | 18062 | nice (1): run a program with modified scheduling priority |
bsdutils
|
V:560, I:999 | 356 | renice (1): modify the scheduling priority of a running process |
procps
|
V:750, I:999 | 2163 | "/proc " filesystem utilities: ps (1), top (1), kill (1), watch (1), … |
psmisc
|
V:404, I:785 | 909 | "/proc " filesystem utilities: killall (1), fuser (1), peekfd (1), pstree (1) |
time
|
V:8, I:149 | 129 | time (1): run a program to report system resource usages with respect to time |
sysstat
|
V:153, I:175 | 1785 | sar (1), iostat (1), mpstat (1), …: system performance tools for Linux |
isag
|
V:0, I:3 | 106 | Interactive System Activity Grapher for sysstat |
lsof
|
V:401, I:943 | 482 | lsof (8): list files opened by a running process using "-p " option |
strace
|
V:12, I:124 | 2875 | strace (1): trace system calls and signals |
ltrace
|
V:0, I:15 | 330 | ltrace (1): trace library calls |
xtrace
|
V:0, I:0 | 353 | xtrace (1): trace communication between X11 client and server |
powertop
|
V:17, I:211 | 669 | powertop (1): information about system power use |
cron
|
V:856, I:996 | 227 | run processes according to a schedule in background from cron (8) daemon |
anacron
|
V:383, I:472 | 92 | cron-like command scheduler for systems that don't run 24 hours a day |
at
|
V:109, I:171 | 158 | at (1) or batch (1): run a job at a specified time or below certain load level |
Display time used by the process invoked by the command.
time some_command >/dev/null
real 0m0.035s # time on wall clock (elapsed real time) user 0m0.000s # time in user mode sys 0m0.020s # time in kernel mode
List of nice values for the scheduling priority
nice value | scheduling priority |
---|---|
19 | lowest priority process (nice) |
0 | very high priority process for user |
-20 | very high priority process for root (not-nice) |
nice -19 top # very nice nice --20 wodim -v -eject speed=2 dev=0,0 disk.img # very fast
Sometimes an extreme nice value does more harm than good to the system
List of ps command styles
style | typical command | feature |
---|---|---|
BSD | ps aux |
display %CPU %MEM |
System V | ps -efH |
display PPID |
sudo lsof -p 1
You can trace system calls of the
ls
command as the following.
sudo strace ls
Use strace-graph script found in /usr/share/doc/strace/examples/ to make a nice tree view
You can also identify processes using files by fuser
sudo fuser -v /var/log/mail.log
You can also identify processes using sockets by fuser
sudo fuser -v smtp/tcp
watch w
This displays who is logged on to the system updated every 2 seconds.
looping
for x in *.ext; do if [ -f "$x"]; then command "$x" ; fi; done
-
find
(1) andxargs
(1) combination:
find . -type f -maxdepth 1 -name '*.ext' -print0 | xargs -0 -n 1 command
-
find
(1) with "-exec
" option with a command:
find . -type f -maxdepth 1 -name '*.ext' -exec command '{}' \;
-
find
(1) with "-exec
" option with a short shell script:
find . -type f -maxdepth 1 -name '*.ext' -exec sh -c "command '{}' && echo 'successful'" \;
The debianutils
package provides sensible-browser
(1), sensible-editor
(1), and sensible-pager
(1)
which make sensible decisions on which editor, pager, and web browser
to call, respectively.
Use kill
(1) to kill (or send a signal to) a process by the process ID.
Use killall
(1) or pkill
(1) to do the same by the process command name and other attributes.
signal value signal name action note
0 --- no signal is sent (see kill(2)) check if process is running
1 SIGHUP terminate the process disconnected terminal (signal hang up)
2 SIGINT terminate the process interrupt from keyboard (CTRL-C)
3 SIGQUIT terminate the process and dump core quit from keyboard (CTRL-\)
9 SIGKILL terminate the process unblockable kill signal
15 SIGTERM terminate the process blockable termination signal
Pressing Alt-SysRq (PrtScr) followed by one keys does the magic of rescuing control of the system.
SAK command keys
key following Alt-SysRq | description of action |
---|---|
k |
kill all processes on the current virtual console (SAK) |
s |
sync all mounted filesystems to avoid data corruption |
u |
remount all mounted filesystems read-only (umount) |
r |
restore the keyboard from raw mode after X crashes |
https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
|
Tip |
---|---|
From SSH terminal etc., you can use the Alt-SysRq feature by writing to the "
Debian amd64 Linux kernel has |
/proc/sys/kernel/sysrq:
0 - disable sysrq completely
1 - enable all functions of sysrq
>1 - bitmask of allowed sysrq functions (see below for detailed function description):
2 = 0x2 - enable control of console logging level 4 = 0x4 - enable control of keyboard (SAK, unraw) 8 = 0x8 - enable debugging dumps of processes etc. 16 = 0x10 - enable sync command 32 = 0x20 - enable remount read-only 64 = 0x40 - enable signalling of processes (term, kill, oom-kill) 128 = 0x80 - allow reboot/poweroff 256 = 0x100 - allow nicing of all RT tasks
ou can check who is on the system by the following.
-
who
(1) shows who is logged on. -
w
(1) shows who is logged on and what they are doing. -
last
(1) shows listing of last logged in user. -
lastb
(1) shows listing of last bad logged in users.
Tip | |
---|---|
" |
List of hardware identification tools
package | popcon | size | description |
---|---|---|---|
pciutils
|
V:232, I:991 | 212 | Linux PCI Utilities: lspci (8) |
usbutils
|
V:72, I:865 | 320 | Linux USB utilities: lsusb (8) |
nvme-cli
|
V:11, I:18 | 1486 | NVMe utilities for Linux: nvme (1) |
pcmciautils
|
V:7, I:11 | 91 | PCMCIA utilities for Linux: pccardctl (8) |
scsitools
|
V:0, I:2 | 375 | collection of tools for SCSI hardware management: lsscsi (8) |
procinfo
|
V:0, I:8 | 132 | system information obtained from "/proc ": lsdev (8) |
lshw
|
V:13, I:91 | 919 | information about hardware configuration: lshw (1) |
discover
|
V:39, I:955 | 98 | hardware identification system: discover (8) |
package | popcon | size | description |
---|---|---|---|
console-setup
|
V:96, I:966 | 428 | Linux console font and keytable utilities |
x11-xserver-utils
|
V:291, I:520 | 576 | X server utilities: xset (1), xmodmap (1) |
acpid
|
V:94, I:170 | 154 | daemon to manage events delivered by the Advanced Configuration and Power Interface (ACPI) |
acpi
|
V:10, I:157 | 47 | utility to display information on ACPI devices |
sleepd
|
V:0, I:0 | 86 | daemon to put a laptop to sleep during inactivity |
hdparm
|
V:206, I:383 | 256 | hard disk access optimization (see Section 9.6.9, “Optimization of hard disk”) |
smartmontools
|
V:196, I:244 | 2199 | control and monitor storage systems using S.M.A.R.T. |
setserial
|
V:4, I:7 | 103 | collection of tools for serial port management |
memtest86+
|
V:1, I:22 | 12687 | collection of tools for memory hardware management |
scsitools
|
V:0, I:2 | 375 | collection of tools for SCSI hardware management |
setcd
|
V:0, I:0 | 37 | compact disc drive access optimization |
big-cursor
|
I:0 | 26 | larger mouse cursors for X |
hwclock --utc --systohc
hwclock --show
"/etc/terminfo/*/*
"
"$TERM
" environment variable
setterm(1), stty(1), tic(1), and toe(1)
aplay
/dev/urandom
List of commands for disabling the screen saver
environment | command |
---|---|
The Linux console | setterm -powersave off |
The X Window (turning off screensaver) | xset s off |
The X Window (disabling dpms) | xset -dpms |
The X Window (GUI configuration of screen saver) | xscreensaver-command -prefs |
echo "set bell-style none">> ~/.inputrc
ystem security and integrity check
package | popcon | size | description |
---|---|---|---|
logcheck
|
V:6, I:8 | 110 | daemon to mail anomalies in the system logfiles to the administrator |
debsums
|
V:5, I:36 | 98 | utility to verify installed package files against MD5 checksums |
chkrootkit
|
V:7, I:18 | 924 | rootkit detector |
clamav
|
V:9, I:47 | 28695 | anti-virus utility for Unix - command-line interface |
tiger
|
V:1, I:2 | 7800 | report system security vulnerabilities |
tripwire
|
V:2, I:2 | 12088 | file and directory integrity checker |
john
|
V:1, I:9 | 471 | active password cracking tool |
aide
|
V:1, I:1 | 289 | Advanced Intrusion Detection Environment - static binary |
integrit
|
V:0, I:0 | 2659 | file integrity verification program |
crack
|
V:0, I:1 | 152 | password guessing program |
Since the debsums
package uses MD5 checksums stored locally, it can not be fully trusted as the system security audit tool against malicious attacks.
find / -perm 777 -a \! -type s -a \! -type l -a \! \( -type d -a -perm 1777 \)
filesystem management packages
package | popcon | size | description |
---|---|---|---|
e2fsprogs
|
V:742, I:999 | 1496 | utilities for the ext2/ext3/ext4 filesystems |
btrfs-progs
|
V:45, I:72 | 4851 | utilities for the Btrfs filesystem |
reiserfsprogs
|
V:12, I:26 | 469 | utilities for the Reiserfs filesystem |
zfsutils-linux
|
V:28, I:29 | 1615 | utilities for the OpenZFS filesystem |
dosfstools
|
V:180, I:526 | 315 | utilities for the FAT filesystem. (Microsoft: MS-DOS, Windows) |
exfatprogs
|
V:25, I:318 | 281 | utilities for the exFAT filesystem maintained by Samsung. |
exfat-fuse
|
V:7, I:159 | 73 | read/write exFAT filesystem (Microsoft) driver for FUSE. |
exfat-utils
|
V:5, I:148 | 231 | utilities for the exFAT filesystem maintained by the exfat-fuse author. |
xfsprogs
|
V:23, I:97 | 3476 | utilities for the XFS filesystem. (SGI: IRIX) |
ntfs-3g
|
V:196, I:506 | 1470 | read/write NTFS filesystem (Microsoft: Windows NT, …) driver for FUSE. |
jfsutils
|
V:0, I:8 | 1577 | utilities for the JFS filesystem. (IBM: AIX, OS/2) |
reiser4progs
|
V:0, I:2 | 1367 | utilities for the Reiser4 filesystem |
hfsprogs
|
V:0, I:5 | 394 | utilities for HFS and HFS Plus filesystem. (Apple: Mac OS) |
zerofree
|
V:5, I:128 | 25 | program to zero free blocks from ext2/3/4 filesystems |
compress btrfs root
btrfs filesystem defragment -r -v -czstd /
disk image
cp /dev/sdb disk.img
dd if=/dev/sdb of=disk.img
mbr
dd if=/dev/hda of=mbr.img bs=512 count=1
dd if=/dev/hda of=mbr-nopart.img bs=446 count=1
dd if=/dev/hda of=mbr-part.img skip=446 bs=1 count=66
dd if=disk.img of=/dev/sdbdd if=partition.img of=/dev/sdb1
losetup -v -f partition.img
mkdir -p /mnt/loop0
mount -t auto /dev/loop0 /mnt/loop0
umount /dev/loop0
losetup -d /dev/loop0
mkdir -p /mnt/loop0
mount -t auto -o loop partition.img /mnt/loop0
umount partition.img
modinfo -p loop # verify kernel capability
modprobe loop max_part=16
zerofree /dev/loop3cp --sparse=always disk.img new.imgempty diskdd bs=1 count=0 if=/dev/zero of=disk.img seek=5Gfallocate can do same
List of packages which view and edit binary data
package popcon size description coreutils
V:876, I:999 18062 basic package which has od
(1) to dump files (HEX, ASCII, OCTAL, …)bsdmainutils
V:15, I:389 17 utility package which has hd
(1) to dump files (HEX, ASCII, OCTAL, …)hexedit
V:0, I:9 73 binary editor and viewer (HEX, ASCII) bless
V:0, I:2 924 full featured hexadecimal editor (GNOME) okteta
V:0, I:10 1581 full featured hexadecimal editor (KDE4) ncurses-hexedit
V:0, I:1 130 binary editor and viewer (HEX, ASCII, EBCDIC) beav
V:0, I:0 137 binary editor and viewer (HEX, ASCII, EBCDIC, OCTAL, …) List of packages for data file recovery and forensic analysis
package popcon size description testdisk
V:2, I:29 1413 utilities for partition scan and disk recovery magicrescue
V:0, I:2 255 utility to recover files by looking for magic bytes scalpel
V:0, I:3 88 frugal, high performance file carver myrescue
V:0, I:2 83 rescue data from damaged harddisks extundelete
V:0, I:8 147 utility to undelete files on the ext3/4 filesystem ext4magic
V:0, I:4 233 utility to undelete files on the ext3/4 filesystem ext3grep
V:0, I:2 293 tool to help recover deleted files on the ext3 filesystem scrounge-ntfs
V:0, I:2 50 data recovery program for NTFS filesystems gzrt
V:0, I:0 33 gzip recovery toolkit sleuthkit
V:2, I:24 1611 tools for forensics analysis. (Sleuthkit) autopsy
V:0, I:1 1027 graphical interface to SleuthKit foremost
V:0, I:5 102 forensics application to recover data guymager
V:0, I:1 1021 forensic imaging tool based on Qt dcfldd
V:0, I:4 114 enhanced version of dd
for forensics and securitysplit -b 2000m large_filecat x* >large_fileclear file in usePlease make sure you do not have any files starting with "
x
" to avoid name crashes.:>file_to_be_clearedls -lilsof -s -X / |grep deletedList of virtualization tools
package popcon size description coreutils
V:876, I:999 18062 GNU core utilities which contain chroot
(8)systemd-container
V:48, I:56 1299 systemd container/nspawn tools which contain systemd-nspawn
(1)schroot
V:5, I:7 2508 specialized tool for executing Debian binary packages in chroot sbuild
V:1, I:3 243 tool for building Debian binary packages from Debian sources debootstrap
V:5, I:55 308 bootstrap a basic Debian system (written in sh) cdebootstrap
V:0, I:1 111 bootstrap a Debian system (written in C) virt-manager
V:10, I:42 2296 Virtual Machine Manager: desktop application for managing virtual machines libvirt-clients
V:44, I:63 1212 programs for the libvirt library games-emulator
I:0 21 games-emulator: Debian's emulators for games bochs
V:0, I:0 6956 Bochs: IA-32 PC emulator qemu
I:18 97 QEMU: fast generic processor emulator qemu-system
I:20 66 QEMU: full system emulation binaries qemu-user
V:1, I:7 103943 QEMU: user mode emulation binaries qemu-utils
V:11, I:104 10344 QEMU: utilities qemu-system-x86
V:33, I:89 45580 KVM: full virtualization on x86 hardware with the hardware-assisted virtualization virtualbox
V:6, I:8 131137 VirtualBox: x86 virtualization solution on i386 and amd64 xen-tools
V:0, I:2 719 tools to manage debian XEN virtual server wine
V:13, I:59 135 Wine: Windows API Implementation (standard suite) dosbox
V:1, I:15 2671 DOSBox: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS lxc
V:9, I:12 25643 Linux containers user space tools python3-venv
I:72 6 venv for creating virtual python environments (system library) python3-virtualenv
V:9, I:49 364 virtualenv for creating isolated virtual python environments pipx
V:2, I:10 931 pipx for installing python applications in isolated environments
List of archive and compression tools
package popcon size extension command comment tar
V:907, I:999 3144 .tar
tar
(1)the standard archiver (de facto standard) cpio
V:439, I:998 1141 .cpio
cpio
(1)Unix System V style archiver, use with find
(1)binutils
V:164, I:629 143 .ar
ar
(1)archiver for the creation of static libraries fastjar
V:1, I:15 183 .jar
fastjar
(1)archiver for Java (zip like) pax
V:9, I:16 170 .pax
pax
(1)new POSIX standard archiver, compromise between tar
andcpio
gzip
V:872, I:999 252 .gz
gzip
(1),zcat
(1), …GNU LZ77 compression utility (de facto standard) bzip2
V:161, I:969 121 .bz2
bzip2
(1),bzcat
(1), …Burrows-Wheeler block-sorting compression utility with higher compression ratio than gzip
(1) (slower thangzip
with similar syntax)lzma
V:1, I:18 149 .lzma
lzma
(1)LZMA compression utility with higher compression ratio than gzip
(1) (deprecated)xz-utils
V:380, I:979 1248 .xz
xz
(1),xzdec
(1), …XZ compression utility with higher compression ratio than bzip2
(1) (slower thangzip
but faster thanbzip2
; replacement for LZMA compression utility)zstd
V:125, I:325 2138 .zstd
zstd
(1),zstdcat
(1), …Zstandard fast lossless compression utility p7zip
V:114, I:472 987 .7z
7zr
(1),p7zip
(1)7-Zip file archiver with high compression ratio (LZMA compression) p7zip-full
V:117, I:474 4664 .7z
7z
(1),7za
(1)7-Zip file archiver with high compression ratio (LZMA compression and others) lzop
V:15, I:139 164 .lzo
lzop
(1)LZO compression utility with higher compression and decompression speed than gzip
(1) (lower compression ratio thangzip
with similar syntax)zip
V:47, I:387 616 .zip
zip
(1)InfoZIP: DOS archive and compression tool unzip
V:102, I:774 379 .zip
unzip
(1)InfoZIP: DOS unarchive and decompression tool copy and synchronization tools
package popcon size tool function coreutils
V:876, I:999 18062 GNU cp locally copy files and directories ("-a" for recursive) openssh-client
V:854, I:997 5814 scp remotely copy files and directories (client, " -r
" for recursive)openssh-server
V:723, I:818 1948 sshd remotely copy files and directories (remote server) rsync
V:249, I:557 776 1-way remote synchronization and backup unison
V:3, I:13 14 2-way remote synchronization and backup
Copying files with rsync
(8) offers richer features than others.
-
delta-transfer algorithm that sends only the differences between the source files and the existing files in the destination
-
quick check algorithm (by default) that looks for files that have changed in size or in last-modified time
-
"
--exclude
" and "--exclude-from
" options similar totar
(1) -
"a trailing slash on the source directory" syntax that avoids creating an additional directory level at the destination.
tar -cvJf archive.tar.xz ./source |
tar -xvJf archive.tar.xzList of filesystem choices for removable storage devices with typical usage scenarios
filesystem name typical usage scenario FAT12 cross platform sharing of data on the floppy disk (<32MiB) FAT16 cross platform sharing of data on the small hard disk like device (<2GiB) FAT32 cross platform sharing of data on the large hard disk like device (<8TiB, supported by newer than MS Windows95 OSR2) exFAT cross platform sharing of data on the large hard disk like device (<512TiB, supported by WindowsXP, Mac OS X Snow Leopard 10.6.5, and Linux kernel since 5.4 release) NTFS cross platform sharing of data on the large hard disk like device (supported natively on MS Windows NT and later version, and supported by NTFS-3G via FUSE on Linux) ISO9660 cross platform sharing of static data on CD-R and DVD+/-R UDF incremental data writing on CD-R and DVD+/-R (new) MINIX space efficient unix file data storage on the floppy disk ext2 sharing of data on the hard disk like device with older Linux systems ext3 sharing of data on the hard disk like device with older Linux systems ext4 sharing of data on the hard disk like device with current Linux systems btrfs sharing of data on the hard disk like device with current Linux systems with read-only snapshots data security infrastructure tools
package popcon size command description gnupg
V:551, I:914 885 gpg
(1)GNU Privacy Guard - OpenPGP encryption and signing tool gpgv
V:889, I:999 917 gpgv
(1)GNU Privacy Guard - signature verification tool paperkey
V:1, I:11 58 paperkey
(1)extract just the secret information out of OpenPGP secret keys cryptsetup
V:36, I:78 410 cryptsetup
(8), …utilities for dm-crypt block device encryption supporting LUKS coreutils
V:876, I:999 18062 md5sum
(1)compute and check MD5 message digest coreutils
V:876, I:999 18062 sha1sum
(1)compute and check SHA1 message digest openssl
V:832, I:995 2290 openssl
(1ssl)compute message digest with " openssl dgst
" (OpenSSL)libsecret-tools
V:0, I:13 41 secret-tool
(1)store and retrieve passwords (CLI) seahorse
V:74, I:262 7987 seahorse
(1)key management tool (GNOME) GNU Privacy Guard commands for the key management
command description gpg --gen-key
generate a new key gpg --gen-revoke my_user_ID
generate revoke key for my_user_ID gpg --edit-key user_ID
edit key interactively, "help" for help gpg -o file --export
export all keys to file gpg --import file
import all keys from file gpg --send-keys user_ID
send key of user_ID to keyserver gpg --recv-keys user_ID
recv. key of user_ID from keyserver gpg --list-keys user_ID
list keys of user_ID gpg --list-sigs user_ID
list sig. of user_ID gpg --check-sigs user_ID
check sig. of user_ID gpg --fingerprint user_ID
check fingerprint of user_ID gpg --refresh-keys
update local keyring List of GNU Privacy Guard commands on files
command description gpg -a -s file
sign file into ASCII armored file.asc gpg --armor --sign file
, , gpg --clearsign file
clear-sign message gpg --clearsign file|mail [email protected]
mail a clear-signed message to [email protected]
gpg --clearsign --not-dash-escaped patchfile
clear-sign patchfile gpg --verify file
verify clear-signed file gpg -o file.sig -b file
create detached signature gpg -o file.sig --detach-sign file
, , gpg --verify file.sig file
verify file with file.sig gpg -o crypt_file.gpg -r name -e file
public-key encryption intended for name from file to binary crypt_file.gpg gpg -o crypt_file.gpg --recipient name --encrypt file
, , gpg -o crypt_file.asc -a -r name -e file
public-key encryption intended for name from file to ASCII armored crypt_file.asc gpg -o crypt_file.gpg -c file
symmetric encryption from file to crypt_file.gpg gpg -o crypt_file.gpg --symmetric file
, , gpg -o crypt_file.asc -a -c file
symmetric encryption intended for name from file to ASCII armored crypt_file.asc gpg -o file -d crypt_file.gpg -r name
decryption gpg -o file --decrypt crypt_file.gpg
, , List of source code merge tools
package popcon size command description patch
V:98, I:699 248 patch
(1)apply a diff file to an original vim
V:94, I:374 3665 vimdiff
(1)compare 2 files side by side in vim imediff
V:0, I:0 169 imediff
(1)interactive full screen 2/3-way merge tool meld
V:8, I:29 3500 meld
(1)compare and merge files (GTK) wiggle
V:0, I:0 174 wiggle
(1)apply rejected patches diffutils
V:859, I:996 1598 diff
(1)compare files line by line diffutils
V:859, I:996 1598 diff3
(1)compare and merges three files line by line quilt
V:2, I:23 774 quilt
(1)manage series of patches wdiff
V:7, I:52 648 wdiff
(1)display word differences between text files diffstat
V:13, I:123 74 diffstat
(1)produce a histogram of changes by the diff patchutils
V:15, I:122 232 combinediff
(1)create a cumulative patch from two incremental patches patchutils
V:15, I:122 232 dehtmldiff
(1)extract a diff from an HTML page patchutils
V:15, I:122 232 filterdiff
(1)extract or excludes diffs from a diff file patchutils
V:15, I:122 232 fixcvsdiff
(1)fix diff files created by CVS that patch
(1) mis-interpretspatchutils
V:15, I:122 232 flipdiff
(1)exchange the order of two patches patchutils
V:15, I:122 232 grepdiff
(1)show which files are modified by a patch matching a regex patchutils
V:15, I:122 232 interdiff
(1)show differences between two unified diff files patchutils
V:15, I:122 232 lsdiff
(1)show which files are modified by a patch patchutils
V:15, I:122 232 recountdiff
(1)recompute counts and offsets in unified context diffs patchutils
V:15, I:122 232 rediff
(1)fix offsets and counts of a hand-edited diff patchutils
V:15, I:122 232 splitdiff
(1)separate out incremental patches patchutils
V:15, I:122 232 unwrapdiff
(1)demangle patches that have been word-wrapped dirdiff
V:0, I:2 167 dirdiff
(1)display differences and merge changes between directory trees docdiff
V:0, I:0 553 docdiff
(1)compare two files word by word / char by char makepatch
V:0, I:0 100 makepatch
(1)generate extended patch files makepatch
V:0, I:0 100 applypatch
(1)apply extended patch files diff -u file.old file.new > file.patch0merge patchpatch -p0 file < file.patch0patch -p1 file < file.patch1imediff -o file.merged file.old file.newimediff -o file.merged file.yours file.base file.theirsgit related packages and commands
package popcon size command description git
V:333, I:534 44963 git
(7)Git, the fast, scalable, distributed revision control system gitk
V:5, I:32 1814 gitk
(1)GUI Git repository browser with history git-gui
V:1, I:17 2408 git-gui
(1)GUI for Git (No history) git-email
V:0, I:10 1062 git-send-email
(1)send a collection of patches as email from the Git git-buildpackage
V:1, I:9 1990 git-buildpackage
(1)automate the Debian packaging with the Git dgit
V:0, I:1 483 dgit
(1)git interoperability with the Debian archive imediff
V:0, I:0 169 git-ime
(1)interactive git commit split helper tool stgit
V:0, I:0 601 stg
(1)quilt on top of git (Python) git-doc
I:12 13067 N/A official documentation for Git gitmagic
I:0 721 N/A "Git Magic", easier to understand guide for Git Git tips
Git command line function gitk --all
see complete Git history and operate on them such as resetting HEAD to another commit, cheery-picking patches, creating tags and branches ... git stash
get the clean working tree without loosing data git remote -v
check settings for remote git branch -vv
check settings for branch git status
show working tree status git config -l
list git settings git reset --hard HEAD; git clean -x -d -f
revert all working tree changes and clean them up completely git rm --cached filename
revert staged index changed by git add filename
git reflog
get reference log (useful for recovering commits from the removed branch) git branch new_branch_name HEAD@{6}
create a new branch from reflog information git remote add new_remote URL
add a new_remote
remote repository pointed by URLgit remote rename origin upstream
rename the remote repository name from origin
toupstream
git branch -u upstream/branch_name
set the remote tracking to the remote repository upstream
and its branch namebranch_name
.git remote set-url origin https://foo/bar.git
change URL of origin
git remote set-url --push upstream DISABLED
disable push to upstream
(Edit.git/config
to re-enable)git checkout -b topic_branch ; git push -u topic_branch origin
make a new topic_branch
and push it toorigin
git branch -m oldname newname
rename local branch name git push -d origin branch_to_be_removed
remove remote branch (new method) git push origin :branch_to_be_removed
remove remote branch (old method) git checkout --orphan unconnected
create a new unconnected
branchgit fetch upstream foo:upstream-foo
create a local (possibly orphan) upstream-foo
branch as a copy offoo
branch theupstream
repositorygit rebase -i origin/main
reorder/drop/squish commits from origin/main
to clean branch historygit reset HEAD^; git commit --amend
squash last 2 commits into one git checkout topic_branch ; git merge --squash topic_branch
squash entire topic_branch
into a commitgit fetch --unshallow --update-head-ok origin '+refs/heads/*:refs/heads/*'
convert a shallow clone to the full clone of all branches git ime
split the last commit into a series of file-by-file smaller commits etc. ( imediff
package required)git repack -a -d; git prune
repack the local repository into single pack (this may limit chance of lost data recovery from erased branch etc.) other version control system tools
package popcon size tool VCS type comment mercurial
V:5, I:31 1049 Mercurial distributed DVCS in Python and some C darcs
V:0, I:4 34070 Darcs distributed DVCS with smart algebra of patches (slow) bzr
I:7 28 Bazaar distributed DVCS influenced by tla
written in Python (historic)tla
V:0, I:1 1022 GNU arch distributed DVCS mainly by Tom Lord (historic) subversion
V:13, I:75 4838 Subversion remote "CVS done right", newer standard remote VCS (historic) cvs
V:3, I:28 4609 CVS remote previous standard remote VCS (historic) tkcvs
V:0, I:1 1498 CVS, … remote GUI display of VCS (CVS, Subversion, RCS) repository tree rcs
V:2, I:12 564 RCS local "Unix SCCS done right" (historic) cssc
V:0, I:0 2044 CSSC local clone of the Unix SCCS (historic) iconv -f encoding1 -t encoding2 input.txt >output.txtList of encoding values and their usage
encoding value usage ASCII American Standard Code for Information Interchange, 7 bit code w/o accented characters UTF-8 current multilingual standard for all modern OSs ISO-8859-1 old standard for western European languages, ASCII + accented characters ISO-8859-2 old standard for eastern European languages, ASCII + accented characters ISO-8859-15 old standard for western European languages, ISO-8859-1 with euro sign CP850 code page 850, Microsoft DOS characters with graphics for western European languages, ISO-8859-1 variant CP932 code page 932, Microsoft Windows style Shift-JIS variant for Japanese CP936 code page 936, Microsoft Windows style GB2312, GBK or GB18030 variant for Simplified Chinese CP949 code page 949, Microsoft Windows style EUC-KR or Unified Hangul Code variant for Korean CP950 code page 950, Microsoft Windows style Big5 variant for Traditional Chinese CP1251 code page 1251, Microsoft Windows style encoding for the Cyrillic alphabet CP1252 code page 1252, Microsoft Windows style ISO-8859-15 variant for western European languages KOI8-R old Russian UNIX standard for the Cyrillic alphabet ISO-2022-JP standard encoding for Japanese email which uses only 7 bit codes eucJP old Japanese UNIX standard 8 bit code and completely different from Shift-JIS Shift-JIS JIS X 0208 Appendix 1 standard for Japanese (see CP932) iconv -f utf8 -t utf8 input.txt >/dev/null || echo "non-UTF-8 found"filename convert#!/bin/sh ENCDN=iso-8859-1 for x in *; do mv "$x" "$(echo "$x" | iconv -f $ENCDN -t utf-8)" donegraphic data tools
package popcon size keyword description gimp
V:50, I:260 19877 image(bitmap) GNU Image Manipulation Program imagemagick
I:321 176 image(bitmap) image manipulation programs graphicsmagick
V:1, I:13 5510 image(bitmap) image manipulation programs (fork of imagemagick
)xsane
V:12, I:148 2339 image(bitmap) GTK-based X11 frontend for SANE (Scanner Access Now Easy) netpbm
V:27, I:330 8200 image(bitmap) graphics conversion tools icoutils
V:7, I:54 221 png↔ico(bitmap) convert MS Windows icons and cursors to and from PNG formats (favicon.ico) scribus
V:1, I:16 30242 ps/pdf/SVG/… Scribus DTP editor libreoffice-draw
V:71, I:421 13525 image(vector) LibreOffice office suite - drawing inkscape
V:14, I:122 99316 image(vector) SVG (Scalable Vector Graphics) editor dia
V:2, I:21 3908 image(vector) diagram editor (Gtk) xfig
V:0, I:9 7825 image(vector) Facility for Interactive Generation of figures under X11 pstoedit
V:2, I:53 1003 ps/pdf→image(vector) PostScript and PDF files to editable vector graphics converter (SVG) libwmf-bin
V:6, I:130 151 Windows/image(vector) Windows metafile (vector graphic data) conversion tools fig2sxd
V:0, I:0 151 fig→sxd(vector) convert XFig files to OpenOffice.org Draw format unpaper
V:2, I:17 412 image→image post-processing tool for scanned pages for OCR tesseract-ocr
V:7, I:34 2135 image→text free OCR software based on the HP's commercial OCR engine tesseract-ocr-eng
V:7, I:34 4032 image→text OCR engine data: tesseract-ocr language files for English text gocr
V:0, I:6 545 image→text free OCR software ocrad
V:0, I:3 578 image→text free OCR software eog
V:57, I:270 7770 image(Exif) Eye of GNOME graphics viewer program gthumb
V:3, I:16 5321 image(Exif) image viewer and browser (GNOME) geeqie
V:4, I:14 15402 image(Exif) image viewer using GTK shotwell
V:16, I:248 6187 image(Exif) digital photo organizer (GNOME) gtkam
V:0, I:2 1154 image(Exif) application for retrieving media from digital cameras (GTK) gphoto2
V:0, I:7 947 image(Exif) The gphoto2 digital camera command-line client gwenview
V:30, I:101 11755 image(Exif) image viewer (KDE) kamera
I:101 983 image(Exif) digital camera support for KDE applications digikam
V:1, I:9 292 image(Exif) digital photo management application for KDE exiv2
V:2, I:29 278 image(Exif) EXIF/IPTC metadata manipulation tool exiftran
V:1, I:15 69 image(Exif) transform digital camera jpeg images jhead
V:0, I:7 131 image(Exif) manipulate the non-image part of Exif compliant JPEG (digital camera photo) files exif
V:2, I:34 339 image(Exif) command-line utility to show EXIF information in JPEG files exiftags
V:0, I:3 292 image(Exif) utility to read Exif tags from a digital camera JPEG file exifprobe
V:0, I:3 499 image(Exif) read metadata from digital pictures dcraw
V:1, I:11 583 image(Raw)→ppm decode raw digital camera images findimagedupes
V:0, I:1 76 image→fingerprint find visually similar or duplicate images ale
V:0, I:0 839 image→image merge images to increase fidelity or create mosaics imageindex
V:0, I:1 145 image(Exif)→html generate static HTML galleries from images outguess
V:0, I:1 230 jpeg,png universal Steganographic tool librecad
V:1, I:14 8798 DXF CAD data editor (KDE) blender
V:2, I:30 89560 blend, TIFF, VRML, … 3D content editor for animation etc mm3d
V:0, I:0 3881 ms3d, obj, dxf, … OpenGL based 3D model editor open-font-design-toolkit
I:0 9 ttf, ps, … metapackage for open font design fontforge
V:0, I:6 3980 ttf, ps, … font editor for PS, TrueType and OpenType fonts xgridfit
V:0, I:0 806 ttf program for gridfitting and hinting TrueType fonts
https://github.com/systemd/mkosi
src
https://github.com/docker-linux/kali/blob/master/build-kali.sh
https://wiki.alpinelinux.org/wiki/Running_glibc_programs
https://www.gnu.org/software/gettext/manual/gettext.html
https://github.com/anomous/DietPi-Debian/
https://github.com/debuerreotype/docker-debian-artifacts
https://github.com/docker-library/official-images/tree/master
https://github.com/elementary/os/blob/master/debootstrap-backport-zstd-support.patch
https://wiki.debian.org/DebianRepository/Format
https://www.debian.org/doc/manuals/aptitude/ch02s05s05.en.html
https://www.debian.org/doc/manuals/debian-reference/
https://www.debian.org/doc/manuals/debian-reference/index.en.html
https://newgtlds.icann.org/en/program-status/delegated-strings
Comments
Post a Comment