LFS201
1. SUID permission
When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the script, rather than of the user who is running it.
set SUID - chmod 4555 [path_to_file]
set SUID - chmod u+s [path_to_file]
set SUID - chmod u-s [path_to_file]
2. SGID permission
SGID permission on an executable file
When a command or script with SGID bit set on is run, it runs as if it were a member of the same group in which the file is a member.
set SGID - chmod 2555 [path_to_file]
set SGID - chmod g+s [path_to_file]
set SGID - chmod g-s [path_to_file]
SGID on a directory
When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.
chmod g+s [path_to_directory]
chmod g-s [path_to_directory]
3. Sticky bit
Wen set on a dir even with perm 777, users are not allowed to remove files owned by other users
Setup Sticky bit
chmod +t [path_to_directory]
chmod -t [path_to_directory]
chmod 1777 [path_to_directory]
4. Make a file immutable
chattr +i file
command >out 2>&1
!! Finding files with SUID/SGID/sticky bit set
find
SUID - find / -perm /4000
SGID - find / -perm /2000
sticky bit - find / -perm /1000
find / -not -path "/proc*" -type f -perm /0000 -exec ls -la {} \;
-xdev Don’t descend directories on other filesystems.
change
SUID - chmod u-s file_name
SGID - chmod g-s file_name
sed
sed ‘s/term/replacement/flag’ file
sed ‘s/y/Y/g’ ahappychild.txt > ahappychild2.txt
sed '/^#|^$/d' apache2.conf
tr
cat sortuniq.txt | tr [:lower:] [:upper:]
ls -l | tr -s ' '
tr -d ' '
cat
cat /etc/passwd | cut -d: -f1,7
cut
ip r | grep defa | cut -d " " -f 3
search string
cat testfile | grep --color=always -C 2 string
cat testfile | grep --color=always -z string
KVM - Domain is the VM
virt-install
virsh
virsh net-update
virsh domaininfo vm_name
virsh shutdwon vm_name
virsh destroy (power off)
virsh undefine vm_name --remove-all-storage (removes VM)
yum install virt-top
virsh setmaxmem
virsh setmem --live
*********************************************************************************************
Practice Questions
Essential Commands
7777 G - go to line 7777
dd - delete line
gg - go to the first line
P - paste
:7000d - delete line 7000
:%s/Earth/Globe/g
echo "Auctores Varii.." >> test.txt
Operation of Running System
touch certscript.sh
chmod +x certscript.sh
echo $USER
ip r | grep default | cut -d " " -f 3
Operation of Running System
yum install tmux
Operation of Running System
sudo -i
crontab -e
* * * * * pkill -u root scan_filesystem
User & Group Management
groupadd computestream
mkdir -p /exam/computestream
chgrp computestream /exam/computestream
User & Group Management
useradd candidate
passwd candidate
echo "candidate ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/candidate
User & Group Management
touch /etc/skel/NEWS
User & Group Management
groupadd students
User & Group Management
mkdir /home/school
useradd -b /home/school -G students harry
passwd harry
User & Group Management
useradd -m -d /sysadmin/ -s /bin/zsh sysadmin
passwd sysadmin
echo "sysadmin ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/sysadmin
User & Group Management (all users can invoke the last command)
-rwxr-xr-x. 1 root root 19568 Jun 9 2014 /usr/bin/last
-rw-rw-r--. 1 root utmp 9216 Nov 21 20:15 /var/log/wtmp
User & Group Management
passwd projectadmin
usermod -d /home/projectadmin projectadmin
User & Group Management (expire account, lock account)
chage -E -1 devel
passwd -u devel
usermod -s /bin/bash devel
Networking
grep 2605/tcp /etc/services | cut -d " " -f 1 > /home/student/port-2605.txt
grep -i ^imap /etc/services | grep tcp | cut -d / -f 1 | cut -d " " -f 2- | tr -d ' ' > /home/student/imap-ports.txt
Storage Management
mount /dev/xvdf2 /mnt/backup/
tar -jxvf /mnt/backup/backup-primary.tar.bz2 -C /opt/
Storage Management (swap)
/etc/fstab - /dev/xvdi1 none swap defaults,noauto 0 0
Storage Management
/dev/sdb1 /staging ext4 defaults,ro 0 0
Essential Commands
unzip SAMPLE001.zip
tar -cvf SAMPLE001.tar SAMPLE001
bzip2 -k -z SAMPLE001.tar
xz -k -z SAMPLE001.tar
Essential Commands
find /srv/SAMPLE002 -executable -type f -exec rm {} ;
find /srv/SAMPLE002 -atime +30 -type f -exec rm {} ;
find /srv/SAMPLE002 -type d -empty -exec rm {} ;
find ../SAMPLE002 -type f -iname *.tar
*********************************************************************************************
01. Course Introduction
02. Linux File System Tree Layout
/dev - network devices don't have device nodes
/etc
/etc/bashrc
/etc/default/grub|nss|useradd
/etc/login.defs
/etc/nsswitch.conf
/etc/security/limits.conf
/etc/security/limits.d/*
/etc/sysconfig/*
/etc/sysclt.conf
/etc/sysctl.d/*
/etc/systemd/*
/proc
/sys
/run
du -sxhc /* --exclude=proc | du -d 1 -xh /
03. Processes
ulimit [-H|-S] -a
ulimit [-H|-S] -n 4096
/etc/security/limits.conf
nice, renice
ps lf
ldd - shows the required shared libraries
ldconfig
/etc/ld.so.conf
04. Signals
kill -9 444 - send SIGKILL (9) to process 444 (default signal is SIGTERM 15)
killall, pkill
05. Package Management Systems
binary|source packages
rpmbuild - build rpm's from src.rpm packages
06. RPM
repoquery --whatrequires bash (ln -s to rpm)
repoquery --requires bash (ln -s to rpm)
rpm -q - query
rpm -q --whatrequires bash (package or file)
rpm -q --whatprovides /bin/bash
rpm -q --requires bash (package)
rpm -q --provides bash (package)
rpm -ql - list files in a package
rpm -qf - search package from a file
rpm -qi - info about a package
rpm -qip - info about a package file
rpm -qp --requires foo-1.0.0-1.noarch.rpm
rpm -qa --last
rpm -q --scripts bash
rpm -Va - verify packages
rpm -ivh - install, verbouse, hash
rpm -e --test - uninstall
rpm -U - update package
rpm2cpio foobar.rpm > foobar.cpio
rpm2cpio bash-XXXX.rpm | cpio -ivd bin/bash
rpm2cpio logrotate-XXXX.rpm | cpio --extract --make-directories
rpm --rebuilddb - rebuild rpm database
07. DPKG
08. DNF and YUM
dnf repolist --all --enabled --disabled
dnf config-manager --enable repo
dnf info package-name
dnf history info|list|undo|redu|rollback
yum search (all) keyword
yum list "keyword"
yum list [installed | updates | available]
yum grouplist [group1] [group2]
yum groupinfo group1 [group2]
yum provides /etc/hosts
yum deplist bash
09. Zypper
10. Apt
11. System Monitoring
/etc/logrotate.conf
/proc
/prod/sys
/sys
sudo sysctl kernel.threads-max=100000
ls -lF /sys/class/net
sar [ options ] [ interval ] [ count ]
12. Process Monitoring
ps auxf (f shows process tree)S2
ps -o pid,uid,cputime,pmem,command
top - i - only active processes
13. Memory Monitoring
tune memory settings
/proc/sys/vm
/etc/sysctl.conf
sysctl
memory monitoring tools
free
vmstat
-d disk
-p partition
-a active/inactive memory
pmap
cat /proc/meminfo
OOM
/proc/sys/vm/overcommit_memory (0, 1, 2)
/proc/sys/vm/overcommit_ratio
/proc/[pid]/oom_score
/proc/[pid]/oom_score_adj
14. IO Monitoring
iostat
iotop
ionice
bonnie++
fs_mark
15. IO Scheduling
cat /sys/block/sda/queue/scheduler
/sys/block/sda/queue/iosched
ssd
/sys/block/<device>/queue/rotational - [0|1]
echo 3 > /proc/sys/vm/drop_caches
16. Linux FileSystems and the VFS
inode
cat /proc/filesystems
loop
dd if=/dev/zero of=junk bs=1M count=512
/sbin/mkfs.xfs junk
mount junk /mnt
df -h
tempfs
mkdir /mnt/tmpfs
mount -t tmpfs none /mnt/tmpfs
df -h (it uses 1/2 ram)
mount -t tmpfs -o size=1G none /mnt/tmpfs
17. Disk Partitioning
fdisk -l /dev/sda
blkid /dev/sda*
lsblk
backup partition table (MBR)
dd if=/dev/sda of=mbrbackup bs=512 count=1 (backup)
dd if=mbrbackup of=/dev/sda bs=512 count=1 (restore)
backup partition table (GPT)
sgdisk --backup=/tmp/sda_backup /dev/sda
Partition Table Editors
fdisk
sfdisk
parted
gparted
gdisk
sgdisk
partprobe -s (reload partition table)
cat /proc/partitions
Using a File as a Disk Partition Image
dd if=/dev/zero of=imagefile bs=1M count=1024
mkfs.ext4 imagefile
mkdir mntpoint
mount -o loop imagefile mntpoint
or
losetup /dev/loop2 imagefile
mount /dev/loop2 mntpoint
umount mntpoint
losetup -d /dev/loop2
Partitioning a Disk Image File
fdisk -C 130 imagefile
Using losetup and parted
#losetup -f
losetup -fP imagefile ( or losetup /dev/loop1 imagefile and losetup -P /dev/loop1 imagefile)
losetup -a
parted -s /dev/loop1 mklabel msdos
parted -s /dev/loop1 unit MB mkpart primary ext4 0 256
parted -s /dev/loop1 unit MB mkpart primary ext4 256 512
parted -s /dev/loop1 unit MB mkpart primary ext4 512 1024
fdisk -l /dev/loop1
ls -l /dev/loop1*
mkfs.ext3 /dev/loop1p1
mkfs.ext4 /dev/loop1p2
mkfs.vfat /dev/loop1p3
mkdir mnt1 mnt2 mnt3
mount /dev/loop1p1 mnt1
mount /dev/loop1p2 mnt2
mount /dev/loop1p3 mnt3
df -Th
umount mnt1 mnt2 mnt3
rmdir mnt1 mnt2 mnt3
losetup -d /dev/loop1
18. Filesystem Features: Attributes, Creating, Checking, Mounting
lsattr/chattr
immutable
append-only
no-dump
no atime date
mkfs [-t fstype] [options] [device-file]
mkfs.ext4 -b 2048 -v /dev/loop0p1 (block size 2048, verbouse)
fsck [-t fstype] [options] [device-file]
fsck -f /dev/sda1 (force full check)
touch /forcefsck (will force check of all mounted filesystems at next boot)
dump2fs /dev/sda1
mount
mount /dev/sda2 /home
mount LABEL=home /home
mount -L home /home
mount UUID=26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home
mount -U 26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home
mount -o remount,ro /myfs
e2label
umount [device-file | mount-point]
lsof
mount -t nfs myserver.com:/shdir /mnt/shdir
NFS via /etc/fstab
myserver.com:/shdir /mnt/shdir nfs rsize=8192,wsize=8192,timeo=14,intr 0 0
_netdev - The filesystem resides on a device that requires network access
noauto - can only be mounted explicitly (-a option will not cause the filesystem to be mounted).
/etc/fstab
Device file name, label, or UUID
Mount point
Fylesystem type
A comma-separated list of options
dump frequency (or a 0)
fsck pass number (or 0, meaning do not check state at boot).
/dev/sda11 /mnt/tempdir ext4 defaults 1 2
autofs
automount
LABEL=Sam128 /SAM ext4 noauto,x-systemd.automount,x-systemd.device-timeout=10,x-systemd.idle-timeout=30 0 0
noauto - Do not mount at boot
x-systemd.automount - Use the systemd automount facility.
x-systemd.automount.device-timeout=10 - If the device is not available, timeout after 10 s
x-systemd.automount.idle-timeout=30 - If the device is not used for 30 sec, unmount it.
systemctl daemon-reload
systemctl restart local-fs.target
add new disk vmware
lsscsi (find host number - X)
echo "- - -" > /sys/class/scsi_host/hostX/scan
19. Filesystem Features: Swap, Quotas, Usage
swap
cat /proc/swap
free -m
commands - mkswap, swapon, swapoff
kernel memory is never swapped out
Filesystem Quotas - Quota operations require the existence of the files aquota.user and aquota.group in the root directory of the filesystem using quotas
steps
Add the usrquota and/or grpquota options to the filesystems entry in /etc/fstab
/dev/sda5 /home ext4 defaults,usrquota 1 2
sudo mount -o remount /home
quotacheck -vu /home
quotaon -vu /home
edquota someusername
commands - quotacheck, quotaon, quotaoff, edquota, quota
quotacheck -uav
quotacheck -gav
quotaon -av
quotaoff -av
quota -u | quota -g (generate report on quotas)
edquota -u [username], edquota -g [groupname]
20. The Ext2/Ext3/Ext4 Filesystems
dumpe2fs /dev/sda1
dumpe2fs /dev/sdb1 | grep -i ^block\ c | cut -d ':' -f 2 | tr -d ' '
tune2fs -c 25 /dev/sda1
tune2fs -l /dev/sdb1 ( -l list)
e4defrag -c /var/log
e4defrag [-v] file...| directory...| device...
e4defrag -c file...| directory...| device...
21. The XFS and btrfs Filesystems
XFS
xfsdump
xfsrestore
xfs_quota
xfs_freeze
btrfs
22. Encrypting Disks
cryptsetup - file
dd if=/dev/zero of=crypt-file
losetup -f
losetup /dev/loop2 crypt-file
losetup -l
cruptsetup luksFormat /dev/loop2
.............
cryptsetup
cryptsetup luksFormat /dev/sdb1
cryptsetup open /dev/sdb1 SECRET
mkfs.ext4 /dev/mapper/SECRET
mount /dev/mapper/SECRET /mnt/tempdir
umount /mnt/tempdir
cryptsetup --verbose close SECRET
/etc/fstab
/dev/mapper/SECRET /mnt ext4 defaults 0 0
/etc/crypttab - SECRET /dev/sdb1
swap
mkswap /dev/mapper/swapcrypt
swapon /dev/mapper/swapcrypt
/etc/crypttab
swapcrypt /dev/sda11 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
/etc/fstab
/dev/mapper/swapcrypt none swap defaults 0 0
23. Logical Volume Management (LVM)
vgcreate, vgextend, vgreduce
pvcreate, pvdisplay, pvmove, pvremove
lvcreate, lvdisplay,
pvcreate /dev/sdb1
pvcreate /dev/sdc1
vgcreate -s 16M vg /dev/sdb1
vgextend vg /dev/sdc1
lvcreate -L 50G -n mylvm vg
mkfs -t ext4 /dev/vg/mylvm
mkdir /mylvm
mount /dev/vg/mylvm /mylvm
/etc/fstab - /dev/vg/mylvm /mylvm ext4 defaults 1 2
24. RAID
fdisk /dev/sdb1
fdisk /dev/sdb2
mdadm --create /dev/md0 --level=1 --raid-disks=2 /dev/sdb1 /dev/sdb2
mkfs.ext4 /dev/md0
bash -c "mdadm --detail --scan >> /etc/mdadm.conf"
mkdir /myraid
mount /dev/md0 /myraid
/etc/fstab - /dev/md0 /myraid ext4 defaults 0 2
cat /proc/mdstat - examine
mdadm -S /dev/md0 - to stop the RAID device.
monitor
cat /proc/mdstat - examine
mdadm --detail /dev/md0
/etc/mdadm.conf
MAILADDR [email protected]
systemctl start mdmonitor
systemctl enable mdmonitor
hot spare
mdadm --create /dev/md0 -l 5 -n3 -x 1 /dev/sda8 /dev/sda9 /dev/sda10 /dev/sda11
mdadm --fail /dev/md0 /dev/sdb2
mdadm --remove /dev/md0 /dev/sdb2
mdadm --add /dev/md0 /dev/sde2
25. Kernel Services and Configuration
/boot/grub2/grub.conf
/etc/defaults/grub
cat /proc/cmdline
yum install kernel-doc
/usr/share/doc/kernel-doc-3.10.0/Documentation/kernel-parameters.txt
sysctl -a - read and tune kernel parameters at run time
sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
sysctl net.ipv4.ip_forward=1
/etc/sysctl.conf (net.ipv4.ip_forward=1)
sysctl -p
places
/usr/lib/sysctl.d/
/etc/sysctl.d/
/etc/sysctl.conf
26. Kernel Modules
lsmod, insmod, rmmod, modprobe, modinfo
depmod
/lib/modules/<kernel-version>
/sys/module/e1000/parameters
/sbin/insmod <pathto>/e1000e.ko debug=2 copybreak=256
/sbin/modprobe e1000e debug=2 copybreak=256
/etc/modprobe.d
27. Devices and udev
ls -l /dev
dmesg -w
mknod [-m mode] /dev/name
mknod -m 666 /dev/mycdrv c 254 1
/etc/udev/udev.conf
/etc/udev/rules.d
/usr/lib/udev/rules.d
28. Virtualization Overview
grep -E '(vmx|svm)' /proc/cpuinfo
grep -e vmx -e svm /proc/cpuinfo
libvirt
ls -lF /usr/bin/virt*
qemu
disk image formats - qemu-img
raw
qcow2
qemu-img convert -O vmdk myvm.qcow2 myvm.vmdk
command line
qemu-img create -f qcow2 /var/lib/libvirt/myimg.qcow2 24M
sudo qemu-system-x86_64 -hda /var/lib/libvirt/myimg.qcow2 -cdrom '/home/stan/Downloads/to be deleted/CorePlus-current.iso' -usbdevice tablet
29. Containers Overview
docker run - start a new container
-t attach to tty
-d run container in the background
docker create - creates a container
docker exec - run a command on already running container
accepts the -t and -d options
docker rmi - remove images
docker rm $(docker ps -a -q) - remove all stopped containers
for CentOS 8 - sudo dnf install podman podman-docker
commands
docker search apache
docker pull docker.io/httpd
docker images
docker images --all
docker run httpd
docker ps
docker stop b936b0afeb23
docker rmi -f docker.io/httpd
systemctl stop docker
Restart policy
docker inspect nervous_nobel
docker update --restart=unless-stopped nervous_nobel
docker run -dt --restart=unless-stopped httpd
always
no
on-failure
unless-stopped
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
30. User Account Management
usermod -L stan1 # lock
usermod -U stan1 # unlock
chage -E 2014-09-11 stan1 # expire account
passwd -e stan1 # expire password
chage -d 0 stan1 # expire password
/etc/skel
cat /etc/login.defs
cat /etc/default/useradd
useradd, userdel, usermod, chage, passwd
man bash - RESTRICTED SHELL
sudo ln /bin/bash /bin/rbash
sudo useradd -s /bin/rbash fool
command
$for machines in node1 node2 node3
do
(ssh $machines some_command &)
done
Remote Graphical Login
yum install tigervnc tigervnc-server
vncserver
vncviewer localhost:2
vncviewer -via student@some_machine localhost:2
systemctl stop colord
31. Group Management
groupad, groupmod, groupdel, usermod
groups user1
id -Gn user1
vigr, vipw
32. File Permissions and Ownership
order
If the requester is the file owner, the file owner permissions are used.
Otherwise, if the requester is in the group that owns the files, the group permissions are examined.
If that doesn't succeed, the world permissions are examined.
chmod, chown, chgrp, umask
umask (/etc/profile), EDITOR (/etc/environment)
getfacl, setfacl
Default ACL
33. Pluggable Authentication Modules (PAM)
rules - type control module-path module-arguments
type - specifies the management group the module is to be associated with
auth: Instructs the application to prompt the user for identification (username, password, etc). May set credentials and grant privileges.
account: Checks on aspects of the user's account, such as password aging, access control, etc.
password: Responsible for updating the user authentication token, usually a password.
session: Used to provide functions before and after the session is established (such as setting up environment, logging, etc.).
control - flag controls how the success or failure of a module affects the overall authentication process:
required: Must return success for the service to be granted. If part of a stack, all other modules are still executed. Application is not told which module or modules failed.
requisite: Same as required, except a failure in any module terminates the stack and a return status is sent to the application.
optional: Module is not required. If it is the only module, then its return status to application may cause failure.
sufficient: If this module succeeds, then no subsequent modules in the stack are executed. If it fails, then it doesn't necessarily cause the stack to fail, unless it is the only one in the stack.
include
substack
LDAP Authentication
system-config-authentication
authconfig-tui
34. Network Addresses
sudo hostname server01
sudo hostnamectl set-hostname server01
35. Network Devices and Configuration
ip [ OPTIONS ] OBJECT { COMMAND | help }
link, address, route
ip -s link show eth0
ip addr add 192.168.1.7 dev eth0
ip link set eth0 down
ip route add 172.16.1.0/24 via 192.168.1.5
ifconfig
Predictable Network Interface Device Names
eno1 - on-board devices
ens1 - PCI Express hotplug slot index numbers
enp2s0 - physical and/or geographical location of the hardware connection
enx7837d1ea46da - MAC address
eth0 - the old classic method
NIC Configuration Files (RedHat)
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-ethX
/etc/sysconfig/network-scripts/ifcfg-ethX:Y
/etc/sysconfig/network-scripts/route-ethX
nmcli
man nmcli-examples
nmcli connection modify ens160 +ipv4.address 172.13.10.10/24
nmcli connection modify ens160 +ipv4.routes "10.110.0.0/25 10.0.0.1 15"
nmcli connection up ens160
nmcli connection show ens160
other examples
nmcli con mod virbr0 ipv4.routes 192.168.10.0/24 +ipv4.gateway 192.168.122.0
nmcli con up virbr0
Gateway
/etc/sysconfig/network (GATEWAY=x.x.x.x)
/etc/sysconfig/network-scripts/ifcfg-ethX (GATEWAY=x.x.x.x)
Routes
ip route add 10.5.0.0/16 via 192.168.1.100
cat /etc/sysconfig/network-scripts/route-eth0 (10.5.0.0/16 via 172.17.9.1)
DNS
/etc/hosts, /etc/resolv.conf, /etc/nsswitch.conf
/etc/hosts.allow, /etc/hosts/deny (!!!!TCP wrapper based access!!!!)
Network Diagnostics - ping , traceroute, mtr, dig
http://winhelp2002.mvps.org/hosts.txt -
36. Firewalls
/etc/firewalld and /usr/lib/firewalld
37. System Startup and Shutdwon
ls /etc/sysconfig (RHEL)
ls /etc/default (Debian)
38. GRUB
/boot/grub2/grub.cfg
grub2-mkconfig
/etc/grub.d directory
/etc/default/grub
grub2-install /dev/sda
39. System Init (Systemd)
units
service
socket
device
mount
automount
swap
target
path
timer
slice
scope
systemctl daemon-reload
40. Backup and Recovery Methods
tar
tar -cvf file.tar dir1
tar -xpvf file.tar -C /dir1
tar -xvf file.tar somefile
tar -tf file.tar (list files)
tar --create --newer '2011-12-1' -vzf backup1.tgz /var/tmp (-N)
tar --create --after-date '2011-12-1' -vzf backup1.tgz /var/tmp
compress
tar -zcvf source.tar.gz source
tar -jcvf source.tar.bz2 source
tar -Jcvf source.tar.xz source
decompress
tar -xzvf source.tar.gz
tar -xjvf source.tar.bz2
tar -xJvf source.tar.xz
tar -C /usr -zcf include2.tar.gz include
du -sh /usr/include
tar -zxvf backup/include.tar.gz -C /restore
diff -qr include /usr/include
dd if=/dev/zero of=outfile bs=1M count=10
rsync
rsync file.tar [email protected]:/usr/local
rsync -r --dry-run /usr/local /BACKUP/usr
rsync -r project-X archive-machine:archives/project-X
rsync -av /usr/include .
cpio
create
find include | cpio -c -o > /root/backup/include.cpio
find include | cpio -c -o | gzip -c > /root/backup/include.cpio.gz
list
cpio -ivt < include.cpio
cat ../backup/include.cpio | cpio -ivt
gunzip -c include.cpio.gz | cpio -ivt
restore
cpio -idv < ../backup/include.cpio
41. Linux Security Modules
SELinux
/etc/sysconfig/selinux
sestatus
getenforce
setenforce Permissive
disable
/etc/selinux/config (SELINUX=disabled)
Add selinux=0 to the kernel parameter list when rebooting
restorecon -Rv /directory1
semanage fcontext -a -t httpd_sys_content_t /virtualHosts
restorecon -RFv /virtualHosts
chcon -t httpd_sys_content_t file2.html
booleans
getsebool - to see booleans
setsebool - to set booleans
semanage boolean -l - to see persistent boolean settings
setsebool -P allow_ftpd_anon_write on (persistent)
AppArmor
42. Local System Security
43. Basic Troubleshooting
44. System Rescue
Last updated
Was this helpful?