apachectl sudo apache2ctl -M (show all loaded modules) | sudo apache2ctl -D DUMP_RUN_CFG | sudo apache2ctl -D DUMP_VHOSTS | sudo apache2ctl -S (show parsed VHost settings) | sudo apachectl -t (apache config test) | apt apt-cache search php7.3 | apt-cache show php7.3 install pkgs “kept back”: sudo apt-get dist-upgrade | sudo apt-get --with-new-pkgs upgrade | Clean up partial package: sudo apt autoclean Clean up apt cache: sudo apt-get clean Clean up unused dependencies: sudo apt autoremove Uninstall application: sudo apt autoremove application-name apt list --installed | grep " installed" /var/log/dpkg.log (also log.1) | apt show <pkg> | apt purge <unneeded package> | sudo apt-mark showhold | sudo apt-mark unhold package_name | sudo apt autoremove | sudo apt autoclean | sudo apt-get remove --purge $(dpkg -l | grep "^rc" | awk '{print $2}') remove rc residual packages awk awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'| sort cat cat papers_to_read.htm | sort | cut -c 1-50 | uniq -d (find duplicate lines) chmod chmod --reference=reference_file file [f2 f3] | chown chown --reference=reference_file file [f2]f3 | comm comm -12 <(sort file1.txt) <(sort file2.txt) find common lines in two files cp sudo cp -p pedit.html blogview.html [cp -rp doc] | cp preserving ownership, permissions curl curl cheat.sh/find | curl ifconfig.io | curl ipinfo.io | curl http://ipv4.icanhazip.com or curl http://icanhazip.com or curl http://ip.fossdaily.xyz | curl --ssl | curl --insecure | curl -I http://domain.com (headers info) | article | curl cookbook | dig dig example.com ANY +noall +answer dpkg dpkg -l | grep "^rc" | sudo apt-get remove --purge $(dpkg -l | grep "^rc" | awk '{print $2}') find find . -maxdepth 1 -type f -name "*.md" -exec ls -al {} \; | find /tmp -type f -name ".htaccess" -exec grep -EHi '(Redirect|RewriteRule)' {} \; | find . -type f -perm 777 -exec chmod 644 {} \; | find /home -type d -perm -o+w -exec ls -ld {} \; find world-writable directories in /home gpg gpg --output outfile.gpg --symmetric --cipher-algo AES256 file.ext | gpg -o original_file.txt -d file.txt.gpg | grep grep -Eri '(Redirect|RewriteRule)' /etc/apache2/ iptables sudo iptables -L | sudo iptables-save >iptables.rules | sudo iptables-restore <iptables.rules | ubuntu iptables doc | journalctl journalctl -u ssh.service | journalctl -u network.service | journalctl article | ls ls -H (follow symbolic links) | ls -Al | tr -s ' ' | cut -f9- -d' ' (list just file and folder names; -R for dir recursion) netstat netstat -tulpn | netstat -npl | netstat -tulpn | netstat -npl | netstat -plane | grep :80 | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq -c | sort -n conn port 80 perl perl -pi -e 's,RoseHosting,BestManagedVPS' file.php Replace all string instances w/o opening file w text editor pscp pscp -agent -i <keyfile> -P <port> (-agent is for pageant) sed sed -e "s/\r//g" file > newfile remove newline chars from file | sed -i 's/search/repace/g' *.php replace string in all specified files | systemctl sudo systemctl restart apache2 | sudo systemctl -a | sudo systemctl --state active | sudo systemctl list-timers | sudo systemctl list-unit-files | sudo systemctl list-unit-files | grep -i docker | sudo systemctl | grep running (list running services) | sudo systemctl list-unit-files | grep enabled (list enabled services) | sudo systemctl reload ssh.service | systemctl list-unit-files --type=service | systemctl list-dependencies graphical.target | article | sudo systemctl enable apache2 | sudo systemctl disable apache2 | sudo systemctl is-enabled apache2 | article | tar tar -cvzf archive-name.tar.gz directory-name | tar -C /diff-folder -xvf yourfile.tar to extract to a different directory | timedatectl timedatectl | Bash date to/from unix epoch time: date +%s | date -d @<unix epoch time> | vim :w !sudo tee % | :set ignorecase | :set ff=unix or :set ff=dos | :set number or :set nonumber | :nohl |

df -h | df -T du -sh dpkg-query -L <package name> (list files in package) faillog | free | history -c host ipaddr|domain (Cloud Shell: get ip addr for domain or domain for ip addr, etc) hostnamectl status id <username> sudo iptables -L -nv --line-numbers | sudo iptables-restore < /etc/iptables/rules.v4 | lastlog | last sudo lshw sudo sshd -T | /etc/ssh/sshd_config | ssh security hardening | lsb_release -a | cat /proc/version wget --no-check-certificate whatis zgrep -E "^(Remove:|Purge)" /var/log/apt/history.log* sudo -u www-data php occ app:list zip -d gallery.zip "picture_43_9.jpg" (delete file from zip, note zip goes first, followed by file)

gcloud info | gcloud version | Windows: netstat | findstr ESTABLISHED

Replace string recursively with find and sed Remove all dpkg rc residual packages

delete every line until PATTERN, that line included: cat index.html | sed '1,/body onload/d' print (p) from the first line matching PATTERN to the end ($): cat index.html | sed -n '/body onload/,$p'

Which Linux distro is running: cat /etc/*-release

101 Bash Commands | Text Processing in the Shell | Mastering File And Text Manipulation With Awk Utility

dpkg queries:

-l, --list package-name-pattern...
    List packages matching given pattern.
-s, --status package-name...
    Report status of specified package.
-L, --listfiles package-name...
    List files installed to your system from package-name.
-S, --search filename-search-pattern...
    Search for a filename from installed packages.
-p, --print-avail package-name...
    On debian/ubuntu, use instead: apt-cache show package-name
    Display details about package-name, as found in /var/lib/dpkg/available. 

Useful network commands, labnol Basic regex in javascript

/etc/alternatives (e.g., php cli version, check vs apache version)

what process(es) are running for port 443: sudo lsof -t -i:443

journalctl — query the systemd journal. Systemd has its own logging system called the journal.  To read those logs, journalctl is used. The journal (journald) stores log data in binary format, unlike past services that stored logs in plain text. As such, journalctl is used to transmute binary logs into readable plain text. Check out The ultimate guide to using journalctl. Another good read is kmsg. Kmsg (/dev/kmsg) is a file stored in the Linux filesystem, used to store messages from the Kernel, and is used by dmesg and klogd.

Linux Commands frequently used by Linux Sysadmins – Part 5

How to manage background processes in Linux

cheatsheet for ip commands #network #linux

Efficiency considerations: + FilterExpressions are executed one the items are returned.

Example Code: Complete example, stackoverflow

Building a Mars Rover Application with DynamoDB

Two videos, you will find some solutions there if you really want to make it right [source]: https://www.youtube.com/watch?v=HaEPXoXVf2k https://www.youtube.com/watch?v=DIQVJqiSUkE

Message Encryption in JavaScript and PHP Improving the Cryptography of the JavaScript Ecosystem Libsodium Quick Reference on Dev.to Scott Arciszewski articles on Dev.to Security and Cryptography Mistakes You Are Probably Doing All The Time https://download.libsodium.org/doc/

Cryptography Terms and Concepts for Developers | Comparison of Cryptography Libraries
Cryptographic tutorial using libsodium and javascript
2018 Guide to Building Secure PHP Software
Article on libsodium with Scott Arciszewski, on Twitter as CiPHPerCoder

Libsodium jedisct1 | Using Libsodium in PHP Projects | Libsodium quick reference | Official Libsodium docs | Libsodium Functions and Constants | How to install Libsodium on Php 7 in Windows Libsodium documentation

How to get Libsodium to work on Xampp 7.2+ | Docs on github
Random strings and ints in PHP using sodium

Javascript sodium: 1 | 2 | low-level API | ___

PyNaCl: Python binding to the libsodium library — PyNaCl 1.3.0 documentation

How to use HMAC: Using Encryption and Authentication Correctly (for PHP developers) | PHP, Simplest Two Way Encryption and How to encrypt/decrypt data in php? [source]

Php hmac example: https://secure.php.net/manual/en/function.openssl-encrypt.php#refsect1-function.openssl-encrypt-examples After encrypting a MAC (message authentication code) is computed over the ciphertext and stored. This MAC should be recomputed before decrypting the ciphertext, and if it does not match the stored MAC then the ciphertext has been modified and is invalid.

Php encryption: https://github.com/defuse/php-encryption

How to make Php openssl encryption compatible with command line openssl https://secure.php.net/manual/en/function.openssl-encrypt.php#104438 Commandline openssl enc by default does password-based encryption — the supplied 'password' is not used as the key, but is instead run through a (rather poor) derivation function to produce the actual key (also IV for cipher modes that use one). The third argument of PHP openssl_encrypt is the key. You can give enc the actual key instead of a password by using -K (uppercase, not -k) with the key in hex. When using this option you also need to provide the IV explicitly with -iv and hex if the cipher mode requires it, but ECB doesn't. [source] PS: if you don't set OPENSSL_RAW_DATA, openssl_encrypt does base64 for you.

You should ALWAYS use unique IV's every time you encrypt, and they should be random. If you cannot guarantee they are random, use OCB as it only requires a nonce, not an IV, and there is a distinct difference. A nonce does not drop security if people can guess the next one, an IV can cause this problem. [source] The source explains the difference between CCM, OCB, and GCM.

Openssl wiki: https://wiki.openssl.org/index.php/Enc

Don't use password as an encryption key; how to create encryption key in PHP and other encryption details; use authenticated encryption | Password storage cheat sheet; very good

Recommended # of iterations when using PKBDF2-SHA256 ___

Painless password hash upgrades | Password storage cheat sheet

git-remote-gcrypt | git-crypt | git-secret

netstat -plane | grep :80 | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'| sort | uniq -c | sort -n conn port 80 perl -pi -e 's,RoseHosting,BestManagedVPS' file.php Replace all string instances w/o opening file w text editor find /home -type d -perm -o+w -exec ls -ld {} \; find world-writable directories in /home sed -e "s/\r//g" file > newfile remove newline chars from file
sed -i 's/search/repace/g' *.php replace string in all specified files
sudo sshd -T | sudo systemctl reload ssh.service | /etc/ssh/sshd_config | ssh security hardening | sudo lshw df -h | df -T systemctl list-unit-files --type=service systemctl list-dependencies graphical.target apt list --installed apt purge <unneeded package> sudo apt autoremove | sudo apt autoclean id <username> timedatectl | Bash date to/from unix epoch time: date +%s | date -d @<unix epoch time> | hostnamectl status lsb_release -a | cat /proc/version | gcloud info | gcloud version | Windows: netstat | findstr ESTABLISHED

Replace string recursively with find and sed Remove all dpkg rc residual packages

delete every line until PATTERN, that line included: cat index.html | sed '1,/body onload/d' print (p) from the first line matching PATTERN to the end ($): cat index.html | sed -n '/body onload/,$p'

Which Linux distro is running: cat /etc/*-release

text processing in the shell

dpkg queries:

-l, --list package-name-pattern...
    List packages matching given pattern.
-s, --status package-name...
    Report status of specified package.
-L, --listfiles package-name...
    List files installed to your system from package-name.
-S, --search filename-search-pattern...
    Search for a filename from installed packages.
-p, --print-avail package-name...
    On debian/ubuntu, use instead: apt-cache show package-name
    Display details about package-name, as found in /var/lib/dpkg/available. 

Using Google Cloud Shell as Development Environment + By default, Cloud Shell runs on a g1-small VM, which can be under-powered for some tasks. You can easily upgrade to a n1-standard-1 by enabling “boost mode.” This allows upgrade of the shell to n1-standard-1 VM instance which offers 1vCPU and 3.75GB memory for 24 hours. Cloud shell by default runs on g1-small machine type which provides 1 vCPU short periods of bursting and 1.70 GB memory. + Cloud Shell ships with a customized version of the Orion editor.

Getting the best of Google Cloud Shell How to run Visual Studio Code in Google Cloud Shell | github cdr/code-server |

Get recently installed packages: grep " install" /var/log/dpkg.log

gcloud app versions list | gcloud app services list | gcloud app describe |

Cloud Shell offers 5 GB of free storage that persists in new sessions. This is helpful if you if you have customized configuration and settings files that you prefer to work with (.bashrc, .vimrc, etc.). To take advantage of this persistent storage, simply save files to your $HOME directory. Any applications you wish to install can persist as long as the application is installed in the $HOME directory. If you don’t need an app to persist, install it to the system outside of your home directory. Other apps and files that you create remain as long as the current session is active. The session times out after an hour of inactivity and any data outside of your $HOME directory will be lost. [source]

apt-get message: You are running apt-get inside of Cloud Shell. Note that your Cloud Shell machine is ephemeral and no system-wide change will persist beyond session end. You can customize your environment to permanently include this package by updating your environment at https://cloud.google.com/console/cloudshell/environment/view.
Visit https://cloud.google.com/shell/help for more information.
Message from running the above: Your Cloud Shell environment is a Docker container. By default, the container is started from a Google-maintained Docker image, but you can also specify a custom Docker image for your Cloud Shell. There are two steps to customizing your Cloud Shell Environment: + Locate a suitable Docker image to use. Our Create Custom Image tool can create a boilerplate custom image that you can use as a starting point for your image. + Edit your environment to reference the desired image (Use default Cloud Shell image or Select image from project) It seems the thing to do is to install any new programs to Home directory.

Cloud Shell documentation | Examples of how you can use Cloud Shell | Run and deploy an appengine application |

Always Free cloud shell usage limit of 5gb [source]

If you do not access Cloud Shell for 120 days, we will delete your home disk. You will receive an email notification before we do so and simply starting a session will prevent its removal. Please consider a different solution on Google Cloud Storage for sensitive data you wish to store long term. [source]

debian.org doc: upgrading from debian 9 https://serverfault.com/questions/993081/policy-to-upgrade-os-images-in-google-gce?r=SearchResults https://cloud.google.com/compute/docs/images/install-guest-environment#update-guest https://groups.google.com/forum/#!searchin/gce-discussion/upgrade$20to$20debian$2010%7Csort:date Differences from standard debian images How to upgrade Debian linux distro, 8 jessie to 9 stretch ArsTechnica article on Debian 10 Migrate Persistence Disk from one project to another

Image Family 	      End mainstream support, deprecation date
Debian 9 (Stretch)    July 2020

Create a snapshot before upgrading, restore snapshot to new instance and try to upgrade it to Debian 10; if all looks good, update f1-micro

Restoring and deleting persistent disk snapshots | Create a VM instance from a snapshot |

$ sudo systemctl list-unit-files | grep google | grep enabled
google-accounts-daemon.service         enabled  
google-clock-skew-daemon.service       enabled  
google-instance-setup.service          enabled  
google-network-daemon.service          enabled  
google-shutdown-scripts.service        enabled  
google-startup-scripts.service         enabled  

thedevx@f1-micro:/var/www/html/tips$ apt list --installed | grep google-compute
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

google-compute-engine/google-compute-engine-stretch-stable,now 1:20190916.00-g2 all [installed]
google-compute-engine-oslogin/google-compute-engine-stretch-stable,now 1:20191014.00-g1+deb9 amd64 [installed,automatic]
python-google-compute-engine/google-compute-engine-stretch-stable,now 1:20191120.00-g1 all [installed]
python3-google-compute-engine/google-compute-engine-stretch-stable,now 1:20191120.00-g1 all [installed]

nftables Replaces iptables for Packet Filtering In Debian Buster the iptables subsystem is replaced by nftables, a newer packet filtering system with improved syntax, streamlined ipv4/ipv6 support, and built-in support for data sets such as dictionaries and maps. You can read a more detailed list of differences on the nftables wiki. Compatibility with existing iptables scripts is provided by the iptables-nft command. The nftables wiki also has advice on transitioning from iptables to nftables. [source]

What to do with 2nd Oracle free tier Compute Instance? nginx?

Apache Guacamole Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. We call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

https://www.mapbox.com/

Add ubuntu to www-data group

markdown editor | stack editor | use pdlist with parsedown? |

Setup gce apache2 as reverse proxy to serve content from oci as backend server, or vice versa Examples: JCoyle | DO¹ | netnea | Apache proxy server in addition to web server

Install python3-pip on oci: apt search python3-pip

¹If Apache serves both HTTP/HTTPS, your reverse proxy configuration must be placed in both the HTTP and HTTPS virtual hosts. Examples cover reverse proxying both single and multiple backend servers. Also see the python flask possibilities in that article.

Try Hugo Learn theme on new blog SourceHut Setup Google Cloud Source Git Repositories

Look at all the reverse proxy ideas Reverse proxy for localhost security

Tried But Decided Against Learn Hugo and create test blog with K8spin Look into KubeSail free tier: KubeSail | Cloud hosting as easy as Heroku, as powerful as AWS Free, Automatic HTTPS for Every Application. A basic Ingress object which creates a web-accessible site using your free *.kubesail.io domain. You can now check your Certificates with kubectl get certificates! This cert will automatically be used and HTTPS should “just work”!

Docker with WSL