These tips and tricks shall be promoted to its own post when the topic has accumulated enough contents.
Linux Kernel Newbies - Linux Kernel Newbies
Embedded Linux, kernel and real-time presentations - Bootlin Formerly Free Electrons
25 Free Books To Learn Linux For Free | It's FOSS
9 Free Linux Training Courses For Everyone | It's FOSS
Linux Newbie Guide: Shortcuts And Commands
Homepage - howtouselinux
Best Way to Learn Linux 🎮
Home | Linux Journey
OverTheWire: Wargames
Linux Survival | Where learning Linux is easy
Terminus
David Bombal
Linux for Hackers Tutorial (And Free Courses) - YouTube
Linux for Hackers Tutorial with OTW! - YouTube
Linux Networking that you need to know (Episode 3) - YouTube
Check kernel config
zcat /proc/config.gzCheck system install time
How do I find how long ago a Linux system was installed? - Unix & Linux Stack Exchange
How To Find Exact Installation Date And Time Of Your Linux OS
We need several tools:
dfto look up the device path of/tune2fsto query the file system's info- GNU tools for command line magic ;-)
# commands to query file system
$ df /
Filesystem Size Used Avail Use% Mounted on
/dev/sdb3 184G 18G 164G 10% /
$ sudo tune2fs -l /dev/sdb3
...
<fs info>
Filesystem created: Tue Aug 25 18:15:09 2015
<fs info>
...
# apply command line magic
$ sudo tune2fs -l $(df / | sed -n '2 p' | cut -d' ' -f1) | grep 'Filesystem created:'
Filesystem created: Tue Aug 25 18:15:09 2015Alternatively, you can use lshw:
$ sudo lshw -C volume
...
*-volume:1
description: EXT4 volume
vendor: Linux
physical id: 2
bus info: nvme@0:1,2
logical name: /dev/nvme0n1p2
logical name: /
version: 1.0
serial: ee2e31d0-9a88-4c14-8d99-4a4e3c149734
size: 459GiB
capacity: 459GiB
capabilities: journaled extended_attributes large_files huge_files dir_nlink recover 64bit extents ext4 ext2 initialized
configuration: created=2021-01-02 09:17:28 filesystem=ext4 lastmountpoint=/ modified=2023-03-18 16:51:17 mount.fstype=ext4 mount.options=rw,noatime mounted=2023-03-18 16:51:17 state=mounted
...
*-volume:2
description: Windows NTFS volume
vendor: Windows
physical id: 3
bus info: nvme@2:1,3
logical name: /dev/nvme2n1p3
version: 3.1
serial: 2a0a5da8-5504-324d-92e8-d634ad2ce2b8
size: 476GiB
capacity: 476GiB
capabilities: ntfs initialized
configuration: clustersize=4096 created=2020-08-15 19:16:55 filesystem=ntfs name=Basic data partition state=clean
...Check file system
How to force fsck to check filesystem after system reboot on Linux - LinuxConfig.org
Modify PASS in /etc/fstab and set "Maximum mount count".
sudo tune2fs -l /dev/sdX1 | grep Last\ c
sudo tune2fs -c 10 /dev/sdX1boot - Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY." - Ask Ubuntu
Add "fsck.mode=force fsck.repair=yes" to boot param
Check process info
ls -l /proc/$pid/exe
ls -l /proc/$pid/cwd
ps aux | grep $pidCPU
Linux 下如何開啟或關閉 Intel CPU 的 Turbo Boost 功能? | MagicLen
Freezes
hakavlad/nohang: A sophisticated low memory handler for Linux
Bug #159356 “System freeze on high memory usage” : Bugs : linux package : Ubuntu
Some suggested adding this to /etc/rc.local:
sysctl vm.vfs_cache_pressure=100000drop caches
free -m
echo 3 > /proc/sys/vm/drop_caches
# check cached column
free -mMounting storage
fstab: static information about the filesystems | util-linux File Formats | Man Pages | ManKier
blkid/lsblk -f to check partition id
The second last field (dump) should always be 0
The last field is filesystem check sequence at boot, 1 for rfs, 2 for other file system, 0 to skip
systemd时代的/etc/fstab - Systemd系列文章
Swap
sudo su
SWAPFILE=/swapfile
dd if=/dev/zero of=${SWAPFILE} bs=1G count=16 status=progress
chmod 600 ${SWAPFILE}
mkswap ${SWAPFILE}
# test
swapoff -a; swapon ${SWAPFILE}
free -h
# commit to fstab
printf "\n${SWAPFILE} swap swap sw 0 0\n" >> /etc/fstabLinux Add a Swap File – Howto
hakavlad/nohang: A sophisticated low memory handler for Linux
swappiness
Tales from responsivenessland: why Linux feels slow, and how to fix that — Rudd-O.com in English
All about Linux swap space | Linux.com | The source for Linux information
"the swap partition is really just a fall back, where i dont care about performance, i just care about not crashing."
/etc/sysctl.d/sysctl.conf:
# decrease swappiness, can be higher for swapping on SSD
vm.swappiness = 30
# prefer file system (inode/dentry) cache
vm.vfs_cache_pressure = 70zswap
Zswap vs zram in 2023, what's the actual practical difference? : r/linux
Zswap or Zram: at this time, which one is more efficient? : r/archlinux
kernel - zram vs zswap vs zcache Ultimate guide: when to use which one - Ask Ubuntu
cat /sys/module/zswap/parameters/enabled
zcat /proc/config.gz | grep -i zswapNetwork buffer
This modify the buffer sizes temporarily. Change sysctl.conf to make the change permanent.
echo 1048576 > /proc/sys/net/core/rmem_max
echo 1048576 > /proc/sys/net/core/rmem_defaultKernel Modules
What is the Linux Kernel and What Does It Do?
# show available modules and drivers (`uname -r` show kernel release)
ls /lib/modules/$(uname -r)
ls /lib/modules/$(uname -r)/kernel/drivers/
# show loaded modules
lsmod
# load moduleX
modprobe moduleX
# unload moduleX
modprobe -r moduleXmount .iso without root
Script: mountiso « IgnorantGuru's Blog
HOW TO: Allow Mounting Of ISO Files By A Regular User « IgnorantGuru's Blog
Enterprise Hum
Emulate the Enterprise Hum... : LinuxActionShow
requires
sox
play -n -c1 synth whitenoise lowpass -1 120 lowpass -1 120 lowpass -1 120 gain +14Logging
journalctl
How To Use Journalctl to View and Manipulate Systemd Logs | DigitalOcean
auditd
Audit
linux-audit/audit-userspace: Linux audit userspace repository
Chapter 7. System Auditing | Red Hat Product Documentation
auditd: The Linux Audit daemon | audit System Administration | Man Pages | ManKier
auditd.conf: audit daemon configuration file | audit File Formats | Man Pages | ManKier
auditctl: a utility to assist controlling the kernel's audit system | audit-rules System Administration | Man Pages | ManKier
audit.rules: a set of rules loaded in the kernel audit system | audit-rules Miscellanea | Man Pages | ManKier
ausearch: a tool to query audit daemon logs | audit System Administration | Man Pages | ManKier
aureport: a tool that produces summary reports of audit daemon logs | audit System Administration | Man Pages | ManKier
Auditd Manager | Documentation
Auditing Docker Containers in a DevOps Environment » ADMIN Magazine auditd
audit.rules
7.5. Defining Audit Rules | Red Hat Product Documentation
bfuzzy1/auditd-attack: A Linux Auditd rule set mapped to MITRE's Attack Framework more update than bfuzzy/auditd-attack
Neo23x0/auditd: Best Practice Auditd Configuration
set-element/auditdBroFramework: The Auditd Framework logs and applies security policy to linux auditd data log_normalizer
sigma/rules/linux/auditd at master · SigmaHQ/sigma · GitHub
Analyzing audit.log
7.6. Understanding Audit Log Files | Red Hat Product Documentation
RHEL Audit System Reference - Red Hat Customer Portal ❗!important
people.redhat.com/sgrubb/audit/record-fields.html
Articles
What You Need to Know About Linux Audit Framework
Linux auditd: What Is It and How Do You Use It? - United Kingdom
(PDF) Auditd: Rule Writing for better Threat Detection on *nix Devices
Linux auditd for Threat Detection [Part 1] | by IzyKnows | Medium
Linux auditd for Threat Detection [Part 2] | by IzyKnows | Medium
Linux auditd for Threat Detection [Final] | by IzyKnows | Medium
go-audit
slackhq/go-audit: go-audit is an alternative to the auditd daemon that ships with many distros
logrotate
logrotate(8) - Linux man page
Understanding logrotate utility
鳥哥的 Linux 私房菜 -- 第十八章、認識與分析登錄檔
Generating and Applying Patch
diff -u oldfile newfile > patch.diff
patch < patch.diff # `patch` will lookup `oldfile`
# diff whole tree
diff -Naur /usr/src/openvpn-2.3.2 /usr/src/openvpn-2.3.4 > openvpn.patch
# patch whole tree, striping 3 slashes with `-p`
patch -p3 < /root/openvpn.patch7 Patch Command Examples to Apply Diff Patch Files in Linux
Unified Diff Format