1. Secure OpenSSH
    2. Configure Umask
    3. Auto security updates
    4. (optional) install and configure Fail2ban (if publicly exposed)


    • regenerate default keys
    • no password authentication PasswordAuthentication no. Be sure to add a key before
    • change default port
    • AllowUsers user1 user2
    • restrict defaults ciphers


    Configure default mask to 027


    UMASK 027

    Distribution information (version)

    lsb_release -a

    If lsb_release it nos available, especially in VM/containers, you can check: cat /etc/issue or cat /proc/version

    Hardware informations

    dmidecode # show all
    dmidecode -t 2 # Motherboard
    dmidecode -t 4 # CPU
    dmidecode -t 7 # Memory

    Looking-for a command

    To know his path: whereis CMD

    To find a command with a keyword: apropos CMD

    Brief information about a command: whatis CMD

    Check if a program is installed (POSIX): command -v CMD

    Command line


    List linux signal (sigkill, sigterm) and corresponding number

    Erase all data on a device

    Overwrite the device with random data over multiple pass

    shred /dev/sdX

    If you do not have confidential data and it is not an hard drive, dd could be enough:

    dd if=/dev/zero of=/dev/sdX status=progress

    Note: erase data on ssd is a different process source

    kill -l

    Check IO with devices

    iostat -x 1

    Note: package sysstat source

    Burn DVD ISO

    First find device: wodim --devices

    Then, two ways to do it:

    • wodim -v dev=/dev/DEVICE speed=10 -eject FILE.ISO
    • growisofs -dvd-compat -Z /dev/DEVICE=FILE.ISO


    • Sometime it doesn't work to write directly on device, you'll need to use an alternative something like ''/dev/dvdrw'' to recognize better the device.
    • In graphical mode you could use ''K3B''

    Create specified size file

    dd if=/dev/zero of=output_file bs=1000 count=10

    Make file of 10 block of 1000 octet : equivalent of 10Ko.

    Sudoers break file

    pkexec visudo

    Date of file

    stat -c %y file.txt #return someting like : 2004-02-20 14:10:37.000000000 -0500

    Note: %y for the year

    Check Battery

    upower -e
    #/org/freedesktop/UPower/devices/line_power_AC # result
    #/org/freedesktop/UPower/devices/battery_BAT0 # result
    #/org/freedesktop/UPower/devices/battery_BAT1 # result
    upower -i /org/freedesktop/UPower/devices/battery_BAT1 # check second battery