Linux - General

Cockpit

dnf install cockpit
systemctl enable --now cockpit.socket
systemctl start --now cockpit.socket
firewall-cmd  --permanent --add-service=cockpit

Gnome

Window Manager

Bring back minimise/maximise buttons:

gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,maximize,close"

Power Settings

Fedora 38 changed default power settings. Per-user can be control in the control UI widget. For workstation edition, there is a default that applies at login screen (eg after reboot).

Check with:

sudo -u gdm dbus-run-session gsettings list-recursively org.gnome.settings-daemon.plugins.power | grep sleep

Set (eg to 1 hour) with:

sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 3600

To disable, set to 0.

OneDrive

Microsoft OneDrive sync:

install package: onedrive

Authorization:

onedrive

and follow link to generate a login link to give back to onedrive.

Storage in ~/OneDrive
Configuration in ~/.config/onedrive

Show config:

onedrive --display-config

Dry run Synchronise:

onedrive --synchronize --dry-run --verbose

Synchronise:

onedrive --synchronize

Sync file list in ~/.config/ondrive/sync_list like:

# Demo
/Security/*.kdbx
!/Documents/Unwanted
/Documents
!/Temp

Then test:

onedrive --synchronize --dry-run --verbose

Grub

In /etc/default/grub, add to GRUB_CMDLINE_LINUX (GRUB_CMDLINE_XEN):

dom0_mem=max:1024M dom0_max_vcpus=1

grub2-mkconfig -o /boot/grub2/grub.cfg

SELinux

getenforce
setenforce 1
setenforce Enforcing
sestatus

Show all boolean flags (state and default):

semanage boolean --list

Boolean flags (-P for persistence accross reboots):

getsebool -a
setsebool -P httpd_read_user_content true
setsebool -P httpd_enable_homedirs true

or with semanage tool:

semanage boolean --modify --on httpd_enable_homedirs

Interrogate SE policy:

sesearch --allow -s httpd_t -b httpd_enable_homedirs

Use setroubleshoot to diagnose blocked activities.

systemd

Service Control

Basic use:

systemctl start something
systemctl stop something
systemctl enable something
systemctl disable something

Service definition files in:

/usr/lib/systemd/system

Deinitions with "@" names have argument passed as parameter, such as:

systemctl status clamd@scan

Show all defintions:

systemctl list-unit-files --type=service

Log Monitoring

All entries from boot time in UTC:

journalctl -b --utc

Show how many boots are recorded:

journalctl --list-boots

Time window:

journalctl --since "2022-01-01 00:50" --until yesterday
journalctl --since 09:00 --until "1 hour ago"

Filter by unit (multiple -u options can be given):

journalctl -u httpd.service

Filter by UID/GID:

journalctl _UID=1000 _GID=1000

Do not page kernel messages:

journalctl -k --no-pager

SHow only 20 lines, or follow:

journalctl -20
journalctl -f

Stress-NG

Load CPU:

stress-ng --cpu 4 --timeout 60s --metrics

Swap

Add filesystem swap:

fallocate -l 1G /somepath/swap
chmod 600 /somepath/swap
mkswap /somepath/swap
swapon /somepath/swap

Check:

swapon
NAME              TYPE       SIZE   USED PRIO
/dev/sda2         partition    8G 219.8M   -2
/somepath/swap    file      1024M     0B   -3

And then add a line to /etc/fstab to ensure it is enabled at boot:

/somepath/swap                         swap                    swap    defaults         0 0

Timezone

Show available zones:

timedatectl list-timezones

Set and check:

timedatectl set-timezone timedatectl
timedatectl

UDEV

Users / Accounts

Show password hashing algorithm:

authconfig --test | grep hashing

Set algorithm:

authconfig --passalgo=sha512 --update

Control password policy:

/etc/security/pwquality.conf