😎
Docs
  • Tamm - Docs
  • Azure
    • Sentinel KQL Samples
    • Managed Identities
    • Deploy Sentinel with Terraform
  • Docker
    • Allow standard user to interact with Docker
    • Install Docker
    • Installing and working with Traefik
    • Installing specific version of Docker
    • Deploy Guacamole
    • Traefik geoblock
    • Unpoller Prometheus UCG Ultra
  • HomeAssistant
    • HAOS install on Proxmox
    • Zigbee2MQTT
    • HAOS Reverse Proxy
    • ZBDongle-E
  • Kali
    • Enable RDP
  • Kubernetes
    • Cert manager with Cloudflare
    • On prem loadbalancer metallb
    • Nginx ingress
    • Cloudinit Rancher ubuntu
    • Rancher Ubuntu 18.04 node template
    • Velero with minio backend
    • vsphere pvc (in-tree)
    • Velero cheat sheet
    • nginx annotations examples
  • Linux
    • Expand lvm disk vmware
    • Expand lvm disk fresh install
    • Disk usage
    • flush-dns
    • Netplan config example
    • Add user in photon OS
    • SSH-Keys
    • Set timezone
    • sudo nopasswd
    • Add custom alias
    • Rocky Linux commands
  • macOS
    • Uninstall System extensions
    • 1Password Github setup
  • Microsoft 365
    • Powershell Cheat sheet
  • Portainer
    • Install Portainer
    • Add docker node
  • Powershell
    • GenericList example
    • Mixed stuff n things
    • Synopsis Template
    • Powershell Oh-my-posh
    • Powershell Sync Profile
    • Cleanup and install MS Graph module
  • Proxmox
    • Disable No Subscription notification
    • Import from vmware error
    • Proxmox commands
    • Proxmox on Intel NUC
    • Proxmox E1000
  • Terraform
    • Getting started
    • Deploy Sentinel
  • Unifi
    • Unifi Network App (migration)
    • Slow vlan throughput
    • interface-explanation
  • Windows
    • Network settings access denied
    • Windows GVLK Keys
    • Windows Server 2025
Powered by GitBook
On this page
  • Manage firewalld
  • Open Port
  • Remove port opening
  • List rules etc
  • Enable firewalld
  • Disable firewalld
  • Reload firewalld
  • Updates
  • Docker install
  • Expand Rocky LVM disk
  • Onboard MDE sensor
  • htop

Was this helpful?

  1. Linux

Rocky Linux commands

Manage firewalld

Stuff n things

Open Port

sudo firewall-cmd --zone=public --add-port=80/tcp sudo firewall-cmd --zone=public --add-port=9987/udp

Remove port opening

sudo firewall-cmd --zone=public --remove-port=80/tcp sudo firewall-cmd --zone=public --remove-port=9987/udp

List rules etc

firewall-cmd --list-all

Enable firewalld

systemctl enable --now firewalld

Disable firewalld

systemctl disable firewalld --now

Reload firewalld

firewall-cmd --reload

Updates

dnf update

Docker install

sudo dnf install -y dnf-utils
sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo -y
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
sudo systemctl enable docker
sudo systemctl start docker

Expand Rocky LVM disk

  1. Expand in your hypervisor

fdisk /dev/sda

  1. Create new partition etc

  2. Set disk type 8e, Linux LVM

  3. Create PV volume (/dev/sda3 in my example)

pvcreate /dev/sda3

  1. Check what PVS you want to expand

pvs

  PV         VG Fmt  Attr PSize   PFree
  /dev/sda2  rl lvm2 a--  <63.00g     0
  /dev/sda3     lvm2 ---   36.00g 36.00g

In my case, volumegroup "rl"

  1. Extend volumegroup

vgextend rl /dev/sda3

  1. Check which LV you want to expand

lvdisplay

  --- Logical volume ---
  LV Path                /dev/rl/swap
  LV Name                swap
  VG Name                rl
<Removed unnecessary info>

  --- Logical volume ---
  LV Path                /dev/rl/home
  LV Name                home
  VG Name                rl
<Removed unnecessary info>

  --- Logical volume ---
  LV Path                /dev/rl/root
  LV Name                root
  VG Name                rl
<Removed unnecessary info>

in my case I want to expand "/dev/rl/root"

  1. Extend

lvextend -l +100%FREE /dev/rl/root /dev/sda3

  Size of logical volume rl/root changed from <39.68 GiB (10157 extents) to 75.67 GiB (19372 extents).
  Logical volume rl/root successfully resized.

  1. Resize filesystem

xfs_growfs /dev/rl/root

meta-data=/dev/mapper/rl-root    isize=512    agcount=4, agsize=2600192 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=10400768, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 10400768 to 19836928

  1. Verify that /dev/mapper/rl-root has grown

df -h 

Filesystem           Size  Used Avail Use% Mounted on
devtmpfs             4.0M     0  4.0M   0% /dev
tmpfs                1.8G     0  1.8G   0% /dev/shm
tmpfs                732M  9.3M  723M   2% /run
/dev/mapper/rl-root   76G   16G   61G  20% /
/dev/sda1            960M  403M  558M  42% /boot
/dev/mapper/rl-home   20G  339M   19G   2% /home

Onboard MDE sensor

  1. Download the onboarding package from security.microsoft.com

  2. Transfer it to the machine

  3. Download the installer script from https://github.com/microsoft/mdatp-xplat/tree/master/linux/installation

sudo dnf install yum-utils -y
sudo ./mde_installer.sh --install --channel prod --onboard MicrosoftDefenderATPOnboardingLinuxServer.py --tag GROUP MGMT --min_req -y
# Check health status (should return true)
mdatp health --field healthy
# Enable Realtime protection
mdatp config real-time-protection --value enabled
# Check if enabled 
mdatp health --field real_time_protection_enabled
# Enable PUA Protection, Available actions: off, audit, block. Default Audit. 
mdatp threat policy set --type potentially_unwanted_application --action block
# Enable behavioural monitoring
mdatp config behavior_monitoring --value enabled

htop

dnf -y install epel-release
dnf install htop -y
PreviousAdd custom aliasNextUninstall System extensions

Last updated 2 months ago

Was this helpful?