Central Linux ULTRA PREMIUM — Debian/Ubuntu + RHEL (CentOS/Alma/Rocky)

Comandos por seção

📌 Essencial (diagnóstico + setup base) essencialsetup

1whoami
2pwd
3hostnamectl
4uname -a
5cat /etc/os-release
6date
7timedatectl
8uptime
9free -h
10df -h
11lsblk
12ss -lntp
13ss -lunp
14dmesg -T | tail -n 120

Clique em qualquer linha para copiar só aquela linha.

📝 Editores (nano/vim/micro/neovim) + atalhos nanovimatalhos

1{{PKG_INSTALL}} nano vim neovim
2{{PKG_INSTALL}} micro || true
3# Micro (alternativa): curl https://getmic.ro | bash && sudo mv micro /usr/local/bin/
4
5# NANO atalhos
6# Ctrl+O salvar | Enter | Ctrl+X sair
7# Ctrl+W buscar | Ctrl+\ substituir
8# Alt+U desfazer | Alt+E refazer
9# Ctrl+K recorta | Ctrl+U cola
10nano ~/.nanorc
11# set linenumbers
12# set softwrap
13# include "/usr/share/nano/*.nanorc"
14
15# VIM básico
16# i inserir | Esc | :w salvar | :q sair | :wq | :q!
17# /texto buscar | n próximo | dd corta linha | yy copia | p cola

📦 Pacotes (APT/DNF/YUM) + limpeza pacoteslimpeza

1{{PKG_UPDATE}}
2{{PKG_UPGRADE}}
3{{PKG_INSTALL}} curl wget git htop unzip ca-certificates gnupg
4
5# Buscar pacote
6{{PKG_SEARCH}} nginx
7
8# Limpeza
9{{PKG_AUTOREMOVE}}
10{{PKG_CLEAN}}

📁 Arquivos (find/grep/sed/awk) + compressão find/greptexto

1find / -name "arquivo.conf" 2>/dev/null
2grep -Rni "error" /var/log
3grep -Rni --include="*.conf" "server_name" /etc/nginx
4sed -i 's/antigo/novo/g' arquivo.txt
5awk '{print $1,$2,$NF}' arquivo.log
6tar -czf backup-etc.tgz /etc
7tar -xzf backup-etc.tgz -C /
8zip -r site.zip /var/www/site
9unzip site.zip -d ./site

👤 Usuários e permissões (sudo/chmod/ACL) sudopermissões

1sudo adduser joao || sudo useradd -m joao
2sudo usermod -aG {{SUDO_GROUP}} joao
3id joao
4sudo chown -R {{WEB_USER}}:{{WEB_USER}} /var/www/site
5sudo find /var/www/site -type d -exec chmod 755 {} \;
6sudo find /var/www/site -type f -exec chmod 644 {} \;
7{{PKG_INSTALL}} acl
8sudo setfacl -m u:joao:rwx /var/www/site
9sudo getfacl /var/www/site

🌐 Rede completa (ip/dns/ss/curl/mtr/tcpdump) redednsdebug

1ip a
2ip r
3ss -lntp
4ss -lunp
5ping -c 4 8.8.8.8
6curl -I http://example.com
7curl -Ik https://example.com
8{{PKG_INSTALL}} mtr-tiny tcpdump dnsutils || true
9mtr -rw 8.8.8.8
10tcpdump -i any -nn port 53
11tcpdump -i {{IFACE}} -nn port 443
12# Debian/Ubuntu: netplan apply | RHEL: nmcli
13nmcli dev status || true
14ls /etc/netplan 2>/dev/null || true

Altere {{IFACE}} para a interface certa (ex: eth0, ens18, enp0s3).

🛡️ Firewall (UFW/Firewalld) + nft/iptables cuidadoproteção

1# Debian/Ubuntu (UFW)
2{{UFW_INSTALL}}
3sudo ufw allow OpenSSH
4sudo ufw allow 80/tcp
5sudo ufw allow 443/tcp
6sudo ufw enable || true
7sudo ufw status verbose || true
8
9# RHEL-like (firewalld)
10{{FIREWALLD_INSTALL}}
11sudo systemctl enable --now firewalld || true
12sudo firewall-cmd --permanent --add-service=ssh || true
13sudo firewall-cmd --permanent --add-service=http || true
14sudo firewall-cmd --permanent --add-service=https || true
15sudo firewall-cmd --reload || true
16sudo firewall-cmd --list-all || true
17
18# nftables/iptables (visualizar)
19sudo nft list ruleset || true
20sudo iptables -L -n -v || true

🔐 SSH Hardening (produção) sshprodução

1# Logs de autenticação
2sudo tail -n 200 {{AUTH_LOG}}
3
4# Ajustar config (cuidado pra não se trancar fora)
5sudo nano /etc/ssh/sshd_config
6# Recomendações:
7# PermitRootLogin no
8# PasswordAuthentication no   (se usar chave)
9# PubkeyAuthentication yes
10# Port 22 (ou outro)
11sudo systemctl restart sshd || sudo systemctl restart ssh
12
13# No PC local (gerar chave e enviar)
14# ssh-keygen -t ed25519
15# ssh-copy-id user@servidor

🚫 Fail2ban (bruteforce) proteçãosshd

1{{PKG_INSTALL}} fail2ban
2sudo systemctl enable --now fail2ban
3sudo fail2ban-client status
4sudo fail2ban-client status sshd || true
5
6# Criar jail local (exemplo)
7sudo nano /etc/fail2ban/jail.local
8# [sshd]
9# enabled = true
10# maxretry = 5
11# findtime = 10m
12# bantime = 1h
13sudo systemctl restart fail2ban

🧩 Web (Nginx/Apache) + SSL + testes webssl

1{{PKG_INSTALL}} nginx
2sudo systemctl enable --now nginx
3sudo nginx -t
4sudo systemctl reload nginx
5
6{{PKG_INSTALL}} apache2 httpd
7sudo systemctl enable --now {{APACHE_SVC}} || true
8sudo {{APACHE_TEST}} || true
9
10ss -lntp | egrep ':80 |:443 '
11curl -I http://127.0.0.1
12curl -Ik https://127.0.0.1 || true
13
14# Certbot (Debian/Ubuntu geralmente)
15{{CERTBOT_INSTALL}}
16certbot --version || true

🐳 Docker + Compose (completo) dockercompose

1{{DOCKER_INSTALL}}
2sudo systemctl enable --now docker || true
3docker version || true
4docker ps
5docker ps -a
6docker logs -f NOME --tail 200
7docker exec -it NOME bash || docker exec -it NOME sh
8docker compose ps || true
9docker compose logs -f --tail 200 || true
10docker system df
11docker system prune -a

🗄️ Banco (MySQL/MariaDB + PostgreSQL) dbprodução

1# MySQL/MariaDB
2{{DB_MYSQL_INSTALL}}
3sudo systemctl enable --now {{MYSQL_SVC}} || true
4sudo mysql_secure_installation || true
5
6# PostgreSQL
7{{DB_PG_INSTALL}}
8sudo systemctl enable --now {{PG_SVC}} || true
9sudo -u postgres psql -c "SELECT version();"

🧾 Logs (journalctl + web + auth) logsdebug

1journalctl -xe
2journalctl -u nginx --no-pager | tail -n 200 || true
3journalctl -u {{APACHE_SVC}} --no-pager | tail -n 200 || true
4tail -n 200 {{AUTH_LOG}}
5tail -n 200 /var/log/nginx/error.log 2>/dev/null || true
6tail -n 200 {{APACHE_ERRLOG}} 2>/dev/null || true
7tail -f /var/log/nginx/error.log | egrep -i "error|warn|crit|denied|forbidden" || true

📈 Performance (monitoramento + debug) performancedebug

1{{PKG_INSTALL}} htop iotop sysstat lsof strace
2htop
3free -h
4vmstat 1
5iostat -xz 1
6sudo iotop -oPa
7sudo lsof -i :80
8sudo lsof -i :443
9sudo strace -p PID -f -o /tmp/strace.log

💾 Backup (rsync/tar/borg/rclone) backuprestore

1# rsync local
2rsync -a /var/www/ /backup/www/
3# espelhado (cuidado)
4rsync -a --delete /var/www/ /backup/www/
5# tar
6tar -czf www-$(date +%Y%m%d).tgz /var/www
7tar -czf etc-$(date +%Y%m%d).tgz /etc
8# restore
9tar -xzf www-20260210.tgz -C /
10# borg (deduplicado)
11{{PKG_INSTALL}} borgbackup
12borg init --encryption=repokey /backup/borg
13borg create /backup/borg::www-{now:%Y-%m-%d} /var/www
14borg prune -v --keep-daily=7 --keep-weekly=4 --keep-monthly=6 /backup/borg
15# rclone (nuvem)
16{{PKG_INSTALL}} rclone
17rclone config
18rclone copy /backup remote:servidor/backup --progress

🧱 Stacks prontos (produção) stacksprod

1# Stack: Web Server (Nginx + UFW/Firewalld + logs)
2{{PKG_UPDATE}}
3{{PKG_UPGRADE}}
4{{PKG_INSTALL}} nginx curl
5sudo systemctl enable --now nginx
6sudo nginx -t
7{{UFW_INSTALL}}
8sudo ufw allow OpenSSH && sudo ufw allow 80/tcp && sudo ufw allow 443/tcp && sudo ufw enable || true
9{{FIREWALLD_INSTALL}}
10sudo systemctl enable --now firewalld || true
11sudo firewall-cmd --permanent --add-service=http || true
12sudo firewall-cmd --permanent --add-service=https || true
13sudo firewall-cmd --reload || true
14journalctl -u nginx --no-pager | tail -n 60 || true
15
16# Stack: Docker Host
17{{DOCKER_INSTALL}}
18sudo systemctl enable --now docker || true
19docker ps
20
21# Stack: Hardening básico
22{{PKG_INSTALL}} fail2ban
23sudo systemctl enable --now fail2ban
24sudo tail -n 120 {{AUTH_LOG}}

Quer ainda mais? Posso adicionar (na mesma página): WireGuard/OpenVPN, SELinux (RHEL), NFT rules completo, Prometheus/Grafana, Node/PM2, Redis, Certbot com Apache/Nginx, e hardening kernel/sysctl.

🐧 Central Linux ULTRA PREMIUM

Comandos por seção

Selecione o que entra no script