Emptying the buffers cache
If you ever want to empty it you can use this chain of commands.

$ free && sync && echo 3 > /proc/sys/vm/drop_caches && free

total used free shared buffers cached
Mem: 1018916 980832 38084 0 46924 355764
-/+ buffers/cache: 578144 440772
Swap: 2064376 128 2064248
total used free shared buffers cached
Mem: 1018916 685008 333908 0 224 108252
-/+ buffers/cache: 576532 442384
Swap: 2064376 128 2064248
You can signal the Linux Kernel to drop various aspects of cached items by changing the numeric argument to the above command.

To free pagecache:
$ echo 1 > /proc/sys/vm/drop_caches
To free dentries and inodes:
$ echo 2 > /proc/sys/vm/drop_caches
To free pagecache, dentries and inodes:
$ echo 3 > /proc/sys/vm/drop_caches
The above are meant to be run as root. If you’re trying to do them using sudo then you’ll need to change the syntax slightly to something like these:

$ sudo sh -c ‘echo 1 >/proc/sys/vm/drop_caches’
$ sudo sh -c ‘echo 2 >/proc/sys/vm/drop_caches’
$ sudo sh -c ‘echo 3 >/proc/sys/vm/drop_caches’
NOTE: There’s a more esoteric version of the above command if you’re into that:

$ echo “echo 1 > /proc/sys/vm/drop_caches” | sudo sh
Why the change in syntax? The /bin/echo program is running as root, because of sudo, but the shell that’s redirecting echo’s output to the root-only file is still running as you. Your current shell does the redirection before sudo starts.

Seeing what’s in the buffers and cache
Take a look at linux-ftools if you’d like to analyze the contents of the buffers & cache. Specifically if you’d like to see what files are currently being cached.

fincore
With this tool you can see what files are being cached within a give directory.

fincore [options] files…

–pages=false Do not print pages
–summarize When comparing multiple files, print a summary report
–only-cached Only print stats for files that are actually in cache.
For example, /var/lib/mysql/blogindex:

root@xxxxxx:/var/lib/mysql/blogindex# fincore –pages=false –summarize –only-cached *
stats for CLUSTER_LOG_2010_05_21.MYI: file size=93840384 , total pages=22910 , cached pages=1 , cached size=4096, cached perc=0.004365
stats for CLUSTER_LOG_2010_05_22.MYI: file size=417792 , total pages=102 , cached pages=1 , cached size=4096, cached perc=0.980392
stats for CLUSTER_LOG_2010_05_23.MYI: file size=826368 , total pages=201 , cached pages=1 , cached size=4096, cached perc=0.497512
stats for CLUSTER_LOG_2010_05_24.MYI: file size=192512 , total pages=47 , cached pages=1 , cached size=4096, cached perc=2.127660
stats for CLUSTER_LOG_2010_06_03.MYI: file size=345088 , total pages=84 , cached pages=43 , cached size=176128, cached perc=51.190476
stats for CLUSTER_LOG_2010_06_04.MYD: file size=1478552 , total pages=360 , cached pages=97 , cached size=397312, cached perc=26.944444
stats for CLUSTER_LOG_2010_06_04.MYI: file size=205824 , total pages=50 , cached pages=29 , cached size=118784, cached perc=58.000000
stats for COMMENT_CONTENT_2010_06_03.MYI: file size=100051968 , total pages=24426 , cached pages=10253 , cached size=41996288, cached perc=41.975764
stats for COMMENT_CONTENT_2010_06_04.MYD: file size=716369644 , total pages=174894 , cached pages=79821 , cached size=326946816, cached perc=45.639645
stats for COMMENT_CONTENT_2010_06_04.MYI: file size=56832000 , total pages=13875 , cached pages=5365 , cached size=21975040, cached perc=38.666667
stats for FEED_CONTENT_2010_06_03.MYI: file size=1001518080 , total pages=244511 , cached pages=98975 , cached size=405401600, cached perc=40.478751
stats for FEED_CONTENT_2010_06_04.MYD: file size=9206385684 , total pages=2247652 , cached pages=1018661 , cached size=4172435456, cached perc=45.321117
stats for FEED_CONTENT_2010_06_04.MYI: file size=638005248 , total pages=155763 , cached pages=52912 , cached size=216727552, cached perc=33.969556
stats for FEED_CONTENT_2010_06_04.frm: file size=9840 , total pages=2 , cached pages=3 , cached size=12288, cached perc=150.000000
stats for PERMALINK_CONTENT_2010_06_03.MYI: file size=1035290624 , total pages=252756 , cached pages=108563 , cached size=444674048, cached perc=42.951700
stats for PERMALINK_CONTENT_2010_06_04.MYD: file size=55619712720 , total pages=13579031 , cached pages=6590322 , cached size=26993958912, cached perc=48.533080
stats for PERMALINK_CONTENT_2010_06_04.MYI: file size=659397632 , total pages=160985 , cached pages=54304 , cached size=222429184, cached perc=33.732335
stats for PERMALINK_CONTENT_2010_06_04.frm: file size=10156 , total pages=2 , cached pages=3 , cached size=12288, cached perc=150.000000
—
total cached size: 32847278080
With the above output you can see that there are several *.MYD, *.MYI, and *.frm files that are currently being cached.

Swap
If you want to clear out your swap you can use the following commands.

$ free
total used free shared buffers cached
Mem: 7987492 7298164 689328 0 30416 457936
-/+ buffers/cache: 6809812 1177680
Swap: 5963772 609452 5354320
Then use this command to disable swap:

$ swapoff -a
You can confirm that it’s now empty:

$ free
total used free shared buffers cached
Mem: 7987492 7777912 209580 0 39332 489864
-/+ buffers/cache: 7248716 738776
Swap: 0 0 0
And to re-enable it:

$ swapon -a
And now reconfirm with free:

$ free
total used free shared buffers cached
Mem: 7987492 7785572 201920 0 41556 491508
-/+ buffers/cache: 7252508 734984
Swap: 5963772 0 5963772

###########################
### RHEL/CentOS install ###
###########################

### Link for netinstall ##
http://ftp.astral.ro/distros/centos/6.8/os/x86_64/

###########
### yum ###
###########

yum update        # update toate pachetele si dependintele lor
yum search nume_pachet    # cauta un anume pachet, pot fi mai multe pachete trecute
yum info nume_pachet    # afiseaza detalii despre un anume pachet
yum list nume_pache        # afiseaza informatii despre un anumit pachet, instalat sau nu
yum list nume_pachet\*     # afiseaza informatii despre toate pachetele care incep cu un nume
yum list all        # afiseaza toate pachetele disponibile
yum list installed “*nume_pachet*”  # afiseaza pachetele instalate care contine un nume
yum list installed | grep reponame  # afiseaza pachetele instalate dintr-un repo
yum list available    # afiseaza pachetele disponibile in functie de repo-urile instalate
yum repolist        # afiseaza repo-urile instalate
yum gruplist        # afiseaza
yum install nume_pachet\* # instaleaza toate pachetele care incep cu un nume
yum downgrade nume_pachet
yum provides “*/nume_pachet” # afiseaza fisierele care le detine un pachet
yum -v grouplist kde\*  # listeaza toate pachetele ce tin de KDE
yum groupinstall “KDE Software Compilation” # instaleaza toate pachetele ce tin de KDE
yum groupinstall kde-desktop
yum install @kde-desktop  # @ pentru a instala un grup
yum remove nume_pachet
yum groupremove “KDE Software Compilation”
yum groupremove kde-desktop
yum remove @kde-desktop
yum history list
yum history list nume_pachet
yum repolist all  # list all repositories set up on your system
yum –exclude=packagename\* …

################
### yum.conf ###
################

### skip updating packages ###
yum -x nume_pachet update
yum –exclude=nume_pachet update

sudo vim /etc/yum.conf  # permanent
_______
[main]
exclude=nume_pachet1* nume_pachet2*
_______
yum –disableexcludes=all update  # disable exclude to check for an update

### Remove Old Kernels ###
# Package-cleanup set count as how many old kernels you want left #
package-cleanup –oldkernels –count=2

# Make Amount of Installed Kernels Permanent #
vim /etc/yum.conf # and set installonly_limit:
installonly_limit=2

### Removing dependencies ###
sudo vim /etc/yum.conf
______________________________
[main]
clean_requirements_on_remove=1
______________________________

###########
### RPM ###
###########

rpm -ivh package-2.7.9-5.el6.2.i686.rpm  # Install an RPM Package
-i : install a package
-v : verbose for a nicer display
-h: print hash marks as the package archive is unpacked

rpm -qpR package-5.2.2-1.noarch.rpm   # check dependencies of RPM Package before Installing
-q : Query a package
-p : List capabilities this package provides.
-R: List capabilities on which this package depends..

rpm -ivh –nodeps package-5.2.2-1.noarch.rpm  # Install a RPM Package Without Dependencies
–nodeps (Do not check dependencies)

rpm -q package   # check an Installed RPM Package
rpm -ql package  # List all files of an installed RPM package

rpm -qa –last  # List Recently Installed RPM Packages
rpm -qa        # List All Installed RPM Packages

rpm -Uvh package-3.5.0-2.el6.centos.i686.rpm  # Upgrade a RPM Package

rpm -evv package  # Remove a RPM Package
rpm -ev –nodeps package  # Remove an RPM Package Without Dependencies
-e (erase)

rpm -qi package  # Query a Information of Installed RPM Package
-qi (query info)

rpm -qf /usr/bin/package  # Query a file that belongs which RPM Package
-qf (query file)

rpm -qip package-1.3.3-1.noarch.rpm  # Information of RPM Package Before Installing
-qip (query info package)

rpm -qdf /usr/bin/vmstat  # Query documentation of Installed RPM Package
-qdf (query document file)

rpm -Vp package-1.3.3-1.noarch.rpm  # Verify a RPM Package
-Vp (verify package)
rpm -Va  # Verify all RPM Packages

rpm -qa gpg-pubkey*  # List all Imported RPM GPG keys

######################
### YUM & RPM tips ###
######################

#Query packages not from CentOS #
rpm -qa –qf ‘%{NAME} %{VENDOR}\n’ | grep -v CentOS

# Reset File Permissions #
rpm –setperms <packagename>

# View the Changelog of a package #
rpm -q –changelog <packagename> | less

# quickly list documentation relating to a package #
rpm -qd <packagename>

# Query Package Install Order and Dates #
rpm -qa –last > ~/RPMS_by_Install_Date

# Query Available Packages from a Repo #
yum –disablerepo “*” –enablerepo “rpmforge” list available

# Enable or Disable a Repo from the Command Line #
yum-config-manager –enable c6-media
yum-config-manager –disable c6-media

# Show all installed GPG keys #
rpm -q gpg-pubkey –qf ‘%{name}-%{version}-%{release} –> %{summary}\n’

### package-cleanup ###
package-cleanup –orphans
package-cleanup –leaves
package-cleanup –dupes
package-cleanup –problems
package-cleanup –oldkernel

### Fonts config ###
vim ~/.fonts.conf
__________________________________________
<?xml version=’1.0′?>
<!DOCTYPE fontconfig SYSTEM ‘fonts.dtd’>
<fontconfig>
<match target=”font”>
<edit mode=”assign” name=”rgba”>
<const>rgb</const>
</edit>
</match>
<match target=”font”>
<edit mode=”assign” name=”hinting”>
<bool>true</bool>
</edit>
</match>
<match target=”font”>
<edit mode=”assign” name=”hintstyle”>
<const>hintslight</const>
</edit>
</match>
<match target=”font”>
<edit mode=”assign” name=”antialias”>
<bool>true</bool>
</edit>
</match>
<match target=”font”>
<edit mode=”assign” name=”lcdfilter”>
<const>lcddefault</const>
</edit>
</match>
</fontconfig>
__________________________________________

### Add an user to SUDOERS ###
su –
visudo
sergiu        ALL=(ALL)    ALL

Or add the user to wheel group and enable wheel from visudo

#############
### Repos ###
#############
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# Multimedia #
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm
sudo wget http://li.nux.ro/download/nux/misc/nux-misc.repo -P /etc/yum.repos.d/
sudo yum –enablerepo=nux-dextop-testing install xbmc

# nVidia driver #
rpm -Uvh http://elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
http://elrepo.org/linux/extras/el6/x86_64/RPMS/   # extras
http://elrepo.org/linux/testing/el6/x86_64/RPMS/  # testing
sudo yum install kmod-nvidia
sudo yum install nvidia-x11-drv

# Last kernel & lts kernel #
http://elrepo.org/linux/kernel/el6/x86_64/RPMS/   # kernel
sudo yum remove kernel-headers kernel-firmware
sudo yum –enablerepo=elrepo-kernel install kernel-ml kernel-ml-devel kernel-ml-headers kernel-ml-firmware  # for last kernel
sudo yum –enablerepo=elrepo-kernel install kernel-lt kernel-lt-devel kernel-lt-headers kernel-lt-firmware  # for lts kernel

# Others #
rpm -Uvh http://download1.rpmfusion.org/free/el/updates/6/x86_64/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/6/x86_64/rpmfusion-nonfree-release-6-0.1.noarch.rpm    # (not needed if nux-dextop is installed)

### Install Google Chrome ###
wget http://chrome.richardlloyd.org.uk/install_chrome.sh
chmod u+x install_chrome.sh
./install_chrome.sh
sudo grep chrome /var/log/audit/audit.log | audit2allow -M mypol
sudo semodule -i mypol.pp

### Install Chromium ###
cd /etc/yum.repos.d
wget http://people.centos.org/hughesjr/chromium/6/chromium-el6.repo
yum install chromium
sudo setsebool -P mmap_low_allowed 1

### Install lastest Firefox ###
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
yum –enablerepo=remi install firefox

### Others ###
yum install bash-completion
yum install nautilus-open-terminal
yum install flash-plugin
yum install gconf-editor
yum install gnome-utils
yum install file-roller
yum install ntfsprogs

### Apps ###
yum install pidgin pidgin-plugin-pack skype
yum install geany filezilla transmission mc
yum install radiotray tv-maxe xbmc clementine

### xscrennsaver ###
yum remove gnome-screensaver
yum install xscreensaver
xscreensaver -nosplash  # open Startup Applications and add Xscreensaver to startup

### Change the hostname ###
hostname   # to check your hostname
sudo hostname RedHat
vim /etc/sysconfig/network

### Dropbox ###
vim /etc/sysconfig/dropbox  # DROPBOX_USERS=”sergiu”
echo ‘-b /usr/libexec/dropbox/’ > /etc/prelink.conf.d/dropbox.conf
yum –enablerepo rpmforge reinstall dropbox

### Install LibreOffice 4.1.2 ###
wget http://download.documentfoundation.org/libreoffice/stable/4.1.2/rpm/x86_64/LibreOffice_4.1.2_Linux_x86-64_rpm.tar.gz
tar -xvf LibreOffice_4.1.2*
cd LibreOffice_4.1.2*
yum localinstall RPMS/*.rpm RPMS/desktop-integration/libreoffice4.1-freedesktop-menus-4.1.2*.noarch.rpm

### Install vbox additions ###
yum install gcc kernel-devel kernel-headers dkms make bzip2
KERN_DIR=/usr/src/kernels/`uname -r`
export KERN_DIR
cd /media/VirtualBoxGuestAdditions
./VBoxLinuxAdditions.run

### Remove boot splash screen ###
vim /etc/grub.conf  # remove ‘rhgb’ and ‘quiet’

### Remove Desktop icons ###
yum install gconf-editor
apps > nautilus > desktop

### Multimedia support ###
sudo yum install gstreamer gstreamer-plugins-base gstreamer-plugins-good gstreamer-plugins-bad-free
sudo yum install gstreamer-plugins-bad gstreamer-plugins-ugly gstreamer-ffmpeg

### Save alsamixer settings ###
sudo alsactl store
ls -Z /etc/asound.*  # to see SElinux label

sudo vim /etc/pulse/daemon.conf
_______________________________
enable-remixing = yes
enable-lfe-remixing = yes
default-sample-format = s32le
default-sample-rate = 48000
default-sample-channels = 6
default-fragments = 8
default-fragment-size-msec = 5
________________________________

pulseaudio -k  # restart pulseaudio

### Disable window move with alt + left mouse button ###
# conf-editor
# /apps/metacity/general
# “mouse_button_modifier” option change <Alt> to <Super>

####################################
### CentOS Protection & Security ###
####################################
# Securing and Hardening Red Hat Linux Production Systems
http://www.puschitz.com/SecuringLinux.shtml
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/index.html

### SElinux ###
Two important documentations about Selinux can be found here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/index.html

# You can view current status of SELinux mode from the command line using these:
system-config-selinux
getenforce  # if you get back a 1 selinux is turned on if you get back a 0 its turned off
sestatus

# If it is disabled, enable SELinux using the following command.
setenforce enforcing  # changes do not persist through a system reboot
To make changes persistent through a system reboot, edit the ‘SELINUX=’ line in  /etc/selinux/config for either ‘enforcing’, ‘permissive’, or ‘disabled’. For example: ‘SELINUX=permissive’

# SElinux logs (/var/log/audit/audit.log) #
yum install setroubleshoot
setroubleshootd
sealert -a /var/log/audit/audit.log  # if you only have a console available and no X-Window System
sealert -b  # if you have gui

# SElinux re-labelling #
touch /.autorelabel
sudo reboot

### Password Protect Grub and Single-User Mode ###
# It is highly important to protect your bootloader.
# There is a magic kernel parameter called init=/bin/sh. This makes any user/login restrictions totally useless. Then mount -o remount,rw /

grub-crypt
vim /etc/grub.conf
______________________________________________
default=0
timeout=2
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password –encrypted $6$w1lrwrXOMm5ueR4M$…..
______________________________________________

vim /etc/sysconfig/init
_______________________
PROMPT=no

SINGLE=/sbin/sulogin
_______________________

### Modifying fstab ###

vim /etc/fstab
____________________________________________________________________
/dev/sda1    /boot    ext4    defaults,nosuid,noexec,nodev    1 2
/dev/sda2    swap    swap    defaults            0 0
/dev/sda3    /    ext4    defaults            1 1
/dev/sda4    /home    ext4    defaults,nosuid,nodev        1 2

# Others partitions
/tmp    ext4    defaults,nosuid,noexec,nodev    1 2
/var/tmp ext4    defaults,nosuid,noexec,nodev    1 2
/var    ext4    defaults,nosuid            1 2
/var/www ext4    defaults,nosuid,nodev        1 2
/dev/shm    tmpfs        defaults            0 0
devpts        /dev/pts devpts    gid=5,mode=620            0 0
sysfs        /sys    sysfs    defaults            0 0
proc        /proc    proc    defaults            0 0

____________________________________________________________________
# Note that some packages (building nvidia-dkms for example) may require exec on /var

# Keep /boot as read-only #
# Note that you need to reset the change to read-write if you need to upgrade the kernel in future
/dev/sda1    /boot    ext4    defaults,nosuid,noexec,nodev,ro    1 2

### Disable Control -Alt -Delete keys on the console mode ###
vim /etc/init/control-alt-delete.conf
______________________________
# start on control-alt-delete
# exec /sbin/shutdown -r now “Control -Alt -Delete pressed”
______________________________

### Umask restrictions  ###
# Set a umask of 077 for maximum security, which makes new files not readable by users other than the owner.
perl -npe ‘s/umask\s+0\d2/umask 077/g’ -i /etc/bashrc
perl -npe ‘s/umask\s+0\d2/umask 077/g’ -i /etc/csh.cshrc

### Find users with empty passwords ###
awk -F: ‘($2 == “”) {print}’ /etc/shadow    # Shouldn’t see anything amiss here
awk -F: ‘($3 == “0”) {print}’ /etc/passwd   # Only the root user has uid 0. No other user should ever have uid 0

### Disable USB mass storage ###
echo “Disabling USB Mass Storage”
echo “blacklist usb-storage” > /etc/modprobe.d/blacklist-usbstorage

### Disable USB stick to detect ###
vim /etc/modprobe.d/no-usb
_____________________________
install usb-storage /bin/true
_____________________________

### Narrowing rights ###
chmod 700 /root               # before 0550 dr-xr-x—
chmod 700 /var/log/audit        # before 0750 drwxr-x—
chmod 740 /etc/rc.d/init.d/iptables    # before 0755 -rwxr-xr-x
chmod -R 700 /etc/skel            # before 0755 drwxr-xr-x
chmod 640 /etc/security/access.conf    # before 0644 -rw-r–r–
chmod 600 /etc/sysctl.conf        # before 0644 -rw-r–r–

########################
### Network Security ###
########################

### Sysctl ###
vim /etc/sysctl.conf
_______________________________________________
### ipv4 Security options ###

# Disable IP Source Routing #
# Source Routing is used to specify a path or route through the network from source to destination.
# This feature can be used by network people for diagnosing problems.
# However, if an intruder was able to send a source routed packet into the network, then he could intercept the replies and your server might not know that it’s not communicating with a trusted server.
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Disable ICMP Redirect Acceptance #
# ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.
# However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.
net.ipv4.conf.all.accept_redirects = 0

# Enable IP Spoofing Protection #
# IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address.
# IP spoofing is very often used for denial of service attacks.
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Enable Ignoring to ICMP Requests #
net.ipv4.icmp_echo_ignore_all = 1

# Enable Ignoring Broadcasts Request #
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable Bad Error Message Protection #
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets #
net.ipv4.conf.all.log_martians = 1

# This help a little wtih SYN flood attacks. This suppliments a good firewall ruleset #
net.ipv4.tcp_syncookies = 1

# This is a server, not a router. Disable packet forwarding #
net.ipv4.ip_forward = 0

# Others ipv4 security options #
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_max_syn_backlog = 1280
net.ipv4.tcp_timestamps = 0

### ipv6 Security options ###
net.ipv6.conf.all.disable_ipv6 = 1

### Memory/Swap Use ###
vm.swappiness = 1
vm.vfs_cache_pressure = 50
_______________________________________________

sysctl -p

### IPTables ###
sudo vim /etc/sysconfig/iptables
____________________________________________________________________________
#Drop anything we aren’t explicitly allowing. All outbound traffic is okay
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type echo-reply -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type destination-unreachable -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type time-exceeded -j ACCEPT
# Accept Pings
-A RH-Firewall-1-INPUT -p icmp –icmp-type echo-request -j ACCEPT
# Log anything on eth0 claiming it’s from a local or non-routable network
# If you’re using one of these local networks, remove it from the list below
-A INPUT -i eth0 -s 10.0.0.0/8 -j LOG –log-prefix “IP DROP SPOOF A: ”
-A INPUT -i eth0 -s 172.16.0.0/12 -j LOG –log-prefix “IP DROP SPOOF B: ”
-A INPUT -i eth0 -s 192.168.0.0/16 -j LOG –log-prefix “IP DROP SPOOF C: ”
-A INPUT -i eth0 -s 224.0.0.0/4 -j LOG –log-prefix “IP DROP MULTICAST D: ”
-A INPUT -i eth0 -s 240.0.0.0/5 -j LOG –log-prefix “IP DROP SPOOF E: ”
-A INPUT -i eth0 -d 127.0.0.0/8 -j LOG –log-prefix “IP DROP LOOPBACK: ”
# Accept any established connections
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
# Accept ssh traffic. Restrict this to known ips if possible.
#-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
#Log and drop everything else
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j DROP
COMMIT
______________________________________________________________________________

### Detecting Listening Network Ports ###
netstat -tulpn

### Services configuration ###
chkconfig –list        # list all known services
chkconfig –list | grep 3:on    # list running services
chkconfig [service] on/off    # turn on / off service

for i in atd blk-availability bluetooth mdmonitor lvm2-monitor iscsi iscsid nfslock rpcbind rpcgssd rpcidmapd livesys livesys-late pcscd openct postfix fcoe ip6tables; do service $i stop; chkconfig $i off; done

##############
### Others ###
##############

### Wake-on-lan ###
echo ‘/usr/sbin/ethtool -s eth0 wol g’ >> /etc/rc.d/rc.local
or
vim /etc/sysconfig/network-scripts/ifcfg-eth0
_____________________
DEVICE=eth0
TYPE=EThernet
ONBOOT=yes
ETHTOOL_OPTS=”wol g”
______________________
chkconfig network on

Wake up the computer from internet
This involves enabling port forwarding of UDP port 9 to the destination computer in the router’s administration webpage.
To fully benefit from WOL you should configure a dynamic DNS service.
Just make sure to use your dynamic DNS provided address and the destination computer’s MAC.

### Wine & wine fonts ###
rpm -ev –nodeps wine-tahoma-fonts.noarch

sudo setsebool -P wine_mmap_zero_ignore 1
sudo grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol
sudo semodule -i mypol.pp

wget http://files.polosatus.ru/winefontssmoothing_en.sh
bash winefontssmoothing_en.sh

# Wine bottles #
env WINEPREFIX=~/.wine/CounterStrike wine CounterStrike1.6.exe

### dd ###
# format a USB #
dd if=/dev/zero of=/dev/sdX
# see the progress of dd #
ps -A | grep dd
sudo kill -USR1 {nr of PID}

### mc ###
gnome-terminal –geometry=239×68 -e “mc -S featured.ini”

### GIT HUB ###
ssh-keygen -t rsa -C “contact.sergiuniculescu@gmail.com”
vim ~/.ssh/id_rsa.pub  # copy key and paste it to github.com

git config –global user.name “Sergiu Niculescu”
git config –global user.email contact.sergiuniculescu@gmail.com

### Kernel compile ###
yum install gcc ncurses ncurses-devel
yum update
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3…
tar -jxvf linux-3*
cd linux-3*
make menuconfig   # allows you to select the already running kernel’s configuration file (resides in /boot/), and accepts the defaults for all options that were introduced between the old and the new version of the kernel
make oldconfig    # automatically finds the configuration file in /boot/ and asks you questions for all the new configuration options
make
make modules_install install

### Find commands ###
find /home -iname name    # Files Using Name and Ignoring Case
find / -type d -name directory_name  # Find Directories Using Name
find / -perm /u=r  # Find all Read Only files
find / -perm /a=x  # Find all Executable files
find . -type f -perm 0777 -print  # Find all the files whose permissions are 777
find / -type f -perm 0777 -print -exec chmod 644 {} \;  # Find all 777 permission files and use chmod command to set permissions to 644
find / -type d -perm 777 -print -exec chmod 755 {} \;   # Find Directories with 777 Permissions and Chmod to 755
find . -type f -name “tecmint.txt” -exec rm -f {} \;    # To find a single file called tecmint.txt and remove it
find . -type f -name “*.mp3” -exec rm -f {} \;        # Find and remove Multiple File with extension “.mp3”
find /tmp -type f -empty    # To file all empty files under certain path
find /tmp -type d -empty    # To file all empty directories under certain path
find /tmp -type f -name “.*”    # File all Hidden Files
find / \( -perm -4000 -o -perm -2000 \) -print     # Identify unwanted SUID and SGID Binaries
find / -path -prune -o -type f -perm +6000 -ls   # Identify unwanted SUID and SGID Binaries
find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print   # Identify world writable files
find /dir -xdev \( -nouser -o -nogroup \) -print   # Identify orphaned files and folders

### Netstat commands ###
netstat -a | more    # Listing all the LISTENING Ports of TCP and UDP connections
netstat -at        # Listing only TCP (Transmission Control Protocol) port connections
netstat -au        # Listing only UDP (User Datagram Protocol ) port connections
netstat -l        # Listing all active listening ports connections
netstat -lt        # Listing all active listening TCP ports
netstat -lu        # Listing all active listening UDP ports
netstat -lx        # Listing all active UNIX listening ports
netstat -s        # Showing Statistics by Protocol
netstat -r        # Display Kernel IP routing table

### Change the MAC address of Network Interface ###
ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF

### Mount an ISO Image ###
mount -t iso9660 -o loop /home/tecmint/Fedora-18-i386-DVD.iso /mnt/iso/
sudo umount /mnt/iso

### Mount a partition with read-write permission ###
mount -o remount,rw /

### Clone the boot partition ###
sudo dd if=/dev/sdb1 of=/dev/sdc1 bs=4096 conv=notrunc,noerror
dd if=/dev/sdb of=mbr.img bs=512 count=1
dd if=mbr.img of=/dev/sdc bs=446 count=1  # If you only want to restore the boot loader
dd if=mbr.img of=/dev/sdc bs=1 skip=446 count=64  # To restore only the partition table

### rsync ###
rsync -a –progress rsync://ftp.astral.ro/distros/centos/6.8/os/x86_64/ /opt/mirror/centos

system-config-kickstart  #  A graphical interface for making kickstart files

#############
### Games ###
#############

### UrbanTerror ###
tar -xjvf UrbanTerror42.tar.gz
cd UrbanTerror42
chmod u+x UrTUpdater_Ded.x86_64 Quake3-UrT.x86_64
./UrTUpdater_Ded.x86_64
./Quake3-UrT.x86_64