# LFS201 **1. SUID permission** * **When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the script, rather than of the user who is running it.** * **set SUID - chmod 4555 \[path\_to\_file]** * **set SUID - chmod u+s \[path\_to\_file]** * **set SUID - chmod u-s \[path\_to\_file]** **2. SGID permission** * SGID permission on an executable file * **When a command or script** with SGID **bit set** on is run, it runs as if it were a member of the same group in which the file is a member. * set SGID - chmod 2555 \[path\_to\_file] * set SGID - chmod g+s \[path\_to\_file] * set SGID - chmod g-s \[path\_to\_file] * SGID on a directory * When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member. * chmod g+s \[path\_to\_directory] * chmod g-s \[path\_to\_directory] **3. Sticky bit** * Wen set on a dir even with perm 777, users are not allowed to remove files owned by other users * Setup Sticky bit * chmod +t \[path\_to\_directory] * chmod -t \[path\_to\_directory] * **chmod 1777 \[path\_to\_directory]** **4. Make a file immutable** * chattr +i file command >out 2>&1 !! Finding files with SUID/SGID/sticky bit set * find * SUID - find / -perm /4000 * SGID - find / -perm /2000 * sticky bit - find / -perm /1000 * find / -not -path "/proc\*" -type f -perm /0000 -exec ls -la {} \\; * **-xdev** Don’t descend directories on other filesystems. * change * SUID - chmod u-s file\_name * SGID - chmod g-s file\_name * sed * sed ‘s/term/replacement/flag’ file * sed ‘s/y/Y/g’ ahappychild.txt > ahappychild2.txt * sed '/^#|^$/d' apache2.conf * tr * cat sortuniq.txt | tr \[:lower:] \[:upper:] * ls -l | tr -s ' ' * tr -d ' ' * cat * cat /etc/passwd | cut -d: -f1,7 * cut * ip r | grep defa | cut -d " " -f 3 search string * cat testfile | grep --color=always -C 2 string * cat testfile | grep --color=always -z string **KVM - Domain is the VM** * virt-install * virsh * virsh net-update * virsh domaininfo vm\_name * virsh shutdwon vm\_name * virsh destroy (power off) * virsh undefine vm\_name --remove-all-storage (removes VM) * yum install virt-top * virsh setmaxmem * virsh setmem --live \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Practice Questions 1. Essential Commands * 7777 G - go to line 7777 * dd - delete line * gg - go to the first line * P - paste * :7000d - delete line 7000 * :%s/Earth/Globe/g * echo "Auctores Varii.." >> test.txt 2. Operation of Running System * touch certscript.sh * chmod +x certscript.sh * echo $USER * ip r | grep default | cut -d " " -f 3 3. Operation of Running System * yum install tmux 4. Operation of Running System * sudo -i * crontab -e * \* \* \* \* \* pkill -u root scan\_filesystem 5. User & Group Management * groupadd computestream * mkdir -p /exam/computestream * chgrp computestream /exam/computestream 6. User & Group Management * useradd candidate * passwd candidate * echo "candidate ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/candidate 7. User & Group Management * touch /etc/skel/NEWS 8. User & Group Management * groupadd students 9. User & Group Management * mkdir /home/school * useradd -b /home/school -G students harry * passwd harry 10. User & Group Management * useradd -m -d /sysadmin/ -s /bin/zsh sysadmin * passwd sysadmin * echo "sysadmin ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/sysadmin 11. User & Group Management (all users can invoke the last command) * -rwxr-xr-x. 1 root root 19568 Jun 9 2014 /usr/bin/last * -rw-rw-r--. 1 root utmp 9216 Nov 21 20:15 /var/log/wtmp 12. User & Group Management * passwd projectadmin * usermod -d /home/projectadmin projectadmin 13. User & Group Management (expire account, lock account) * chage -E -1 devel * passwd -u devel * usermod -s /bin/bash devel 14. Networking * grep 2605/tcp /etc/services | cut -d " " -f 1 > /home/student/port-2605.txt * grep -i ^imap /etc/services | grep tcp | cut -d / -f 1 | cut -d " " -f 2- | tr -d ' ' > /home/student/imap-ports.txt 15. Storage Management * mount /dev/xvdf2 /mnt/backup/ * tar -jxvf /mnt/backup/backup-primary.tar.bz2 -C /opt/ 16. Storage Management (swap) * /etc/fstab - /dev/xvdi1 none swap defaults,noauto 0 0 17. Storage Management * /dev/sdb1 /staging ext4 defaults,ro 0 0 18. Essential Commands * unzip SAMPLE001.zip * tar -cvf SAMPLE001.tar SAMPLE001 * bzip2 -k -z SAMPLE001.tar * xz -k -z SAMPLE001.tar 19. Essential Commands * find /srv/SAMPLE002 -executable -type f -exec rm {} ; * find /srv/SAMPLE002 -atime +30 -type f -exec rm {} ; * find /srv/SAMPLE002 -type d -empty -exec rm {} ; * find ../SAMPLE002 -type f -iname \*.tar \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* **01. Course Introduction** **02. Linux File System Tree Layout** * **/dev - network devices don't have device nodes** * **/etc** * **/etc/bashrc** * **/etc/default/grub|nss|useradd** * **/etc/login.defs** * **/etc/nsswitch.conf** * **/etc/security/limits.conf** * **/etc/security/limits.d/\*** * **/etc/sysconfig/\*** * **/etc/sysclt.conf** * **/etc/sysctl.d/\*** * **/etc/systemd/\*** * **/proc** * **/sys** * **/run** * **du -sxhc /\* --exclude=proc | du -d 1 -xh /** **03. Processes** * **ulimit \[-H|-S] -a** * **ulimit \[-H|-S] -n 4096** * **/etc/security/limits.conf** * **nice, renice** * **ps lf** * **ldd - shows the required shared libraries** * **ldconfig** * **/etc/ld.so.conf** **04. Signals** * **kill -9 444 - send SIGKILL (9) to process 444 (default signal is SIGTERM 15)** * **killall, pkill** **05. Package Management Systems** * **binary|source packages** * **rpmbuild - build rpm's from src.rpm packages** **06. RPM** * **repoquery --whatrequires bash (ln -s to rpm)** * **repoquery --requires bash (ln -s to rpm)** * **rpm -q - query** * **rpm -q --whatrequires bash (package or file)** * **rpm -q --whatprovides /bin/bash** * **rpm -q --requires bash (package)** * **rpm -q --provides bash (package)** * **rpm -ql - list files in a package** * **rpm -qf - search package from a file** * **rpm -qi - info about a package** * **rpm -qip - info about a package file** * **rpm -qp --requires foo-1.0.0-1.noarch.rpm** * **rpm -qa --last** * **rpm -q --scripts bash** * **rpm -Va - verify packages** * **rpm -ivh - install, verbouse, hash** * **rpm -e --test - uninstall** * **rpm -U - update package** * **rpm2cpio foobar.rpm > foobar.cpio** * **rpm2cpio bash-XXXX.rpm | cpio -ivd bin/bash** * **rpm2cpio logrotate-XXXX.rpm | cpio --extract --make-directories** * **rpm --rebuilddb - rebuild rpm database** **07. DPKG** **08. DNF and YUM** * **dnf repolist --all --enabled --disabled** * **dnf config-manager --enable repo** * **dnf info package-name** * **dnf history info|list|undo|redu|rollback** * **yum search (all) keyword** * **yum list "*****keyword*****"** * **yum list \[installed | updates | available]** * **yum grouplist \[group1] \[group2]** * **yum groupinfo group1 \[group2]** * **yum provides /etc/hosts** * **yum deplist bash** **09. Zypper** **10. Apt** **11. System Monitoring** * **/etc/logrotate.conf** * **/proc** * **/prod/sys** * **/sys** * **sudo sysctl kernel.threads-max=100000** * **ls -lF /sys/class/net** * **sar \[ options ] \[ interval ] \[ count ]** **12. Process Monitoring** * **ps auxf (f shows process tree)S2** * **ps -o pid,uid,cputime,pmem,command** * **top - i - only active processes** **13. Memory Monitoring** * **tune memory settings** * **/proc/sys/vm** * **/etc/sysctl.conf** * **sysctl** * **memory monitoring tools** * **free** * **vmstat** * **-d disk** * **-p partition** * **-a active/inactive memory** * **pmap** * **cat /proc/meminfo** * **OOM** * **/proc/sys/vm/overcommit\_memory (0, 1, 2)** * **/proc/sys/vm/overcommit\_ratio** * **/proc/\[pid]/oom\_score** * **/proc/\[pid]/oom\_score\_adj** **14. IO Monitoring** * **iostat** * **iotop** * **ionice** * **bonnie++** * **fs\_mark** **15. IO Scheduling** * **cat /sys/block/sda/queue/scheduler** * **/sys/block/sda/queue/iosched** * **ssd** * **/sys/block/\/queue/rotational - \[0|1]** * **echo 3 > /proc/sys/vm/drop\_caches** **16. Linux FileSystems and the VFS** * **inode** * **cat /proc/filesystems** * **loop** * **dd if=/dev/zero of=junk bs=1M count=512** * **/sbin/mkfs.xfs junk** * **mount junk /mnt** * **df -h** * **tempfs** * **mkdir /mnt/tmpfs** * **mount -t tmpfs none /mnt/tmpfs** * **df -h (it uses 1/2 ram)** * **mount -t tmpfs -o size=1G none /mnt/tmpfs** **17. Disk Partitioning** * **fdisk -l /dev/sda** * **blkid /dev/sda\*** * **lsblk** * **backup partition table (MBR)** * **dd if=/dev/sda of=mbrbackup bs=512 count=1 (backup)** * **dd if=mbrbackup of=/dev/sda bs=512 count=1 (restore)** * **backup partition table (GPT)** * **sgdisk --backup=/tmp/sda\_backup /dev/sda** * **Partition Table Editors** * **fdisk** * **sfdisk** * **parted** * **gparted** * **gdisk** * **sgdisk** * **partprobe -s (reload partition table)** * **cat /proc/partitions** * **Using a File as a Disk Partition Image** * **dd if=/dev/zero of=imagefile bs=1M count=1024** * **mkfs.ext4 imagefile** * **mkdir mntpoint** * **mount -o loop imagefile mntpoint** * **or** * **losetup /dev/loop2 imagefile** * **mount /dev/loop2 mntpoint** * **umount mntpoint** * **losetup -d /dev/loop2** * **Partitioning a Disk Image File** * **fdisk -C 130 imagefile** * **Using losetup and parted** * **#losetup -f** * **losetup -fP imagefile ( or losetup /dev/loop1 imagefile and losetup -P /dev/loop1 imagefile)** * **losetup -a** * **parted -s /dev/loop1 mklabel msdos** * **parted -s /dev/loop1 unit MB mkpart primary ext4 0 256** * **parted -s /dev/loop1 unit MB mkpart primary ext4 256 512** * **parted -s /dev/loop1 unit MB mkpart primary ext4 512 1024** * **fdisk -l /dev/loop1** * **ls -l /dev/loop1\*** * **mkfs.ext3 /dev/loop1p1** * **mkfs.ext4 /dev/loop1p2** * **mkfs.vfat /dev/loop1p3** * **mkdir mnt1 mnt2 mnt3** * **mount /dev/loop1p1 mnt1** * **mount /dev/loop1p2 mnt2** * **mount /dev/loop1p3 mnt3** * **df -Th** * **umount mnt1 mnt2 mnt3** * **rmdir mnt1 mnt2 mnt3** * **losetup -d /dev/loop1** **18. Filesystem Features: Attributes, Creating, Checking, Mounting** * **lsattr/chattr** * **immutable** * **append-only** * **no-dump** * **no atime date** * **mkfs \[-t fstype] \[options] \[device-file]** * **mkfs.ext4 -b 2048 -v /dev/loop0p1 (block size 2048, verbouse)** * **fsck \[-t fstype] \[options] \[device-file]** * **fsck -f /dev/sda1 (force full check)** * **touch /forcefsck (will force check of all mounted filesystems at next boot)** * **dump2fs /dev/sda1** * **mount** * **mount /dev/sda2 /home** * **mount LABEL=home /home** * **mount -L home /home** * **mount UUID=26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home** * **mount -U 26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home** * **mount -o remount,ro /myfs** * **e2label** * **umount \[device-file | mount-point]** * **lsof** * **mount -t nfs myserver.com:/shdir /mnt/shdir​** * **NFS via /etc/fstab** * **myserver.com:/shdir /mnt/shdir nfs rsize=8192,wsize=8192,timeo=14,intr 0 0** * **\_netdev - The filesystem resides on a device that requires network access** * **noauto - can only be mounted explicitly (-a option will not cause the filesystem to be mounted).** * **/etc/fstab** * **Device file name, label, or UUID** * **Mount point** * **Fylesystem type** * **A comma-separated list of options** * **dump frequency (or a 0)** * **fsck pass number (or 0, meaning do not check state at boot).** * **/dev/sda11 /mnt/tempdir ext4 defaults 1 2** * **autofs** * **automount** * **LABEL=Sam128 /SAM ext4 noauto,x-systemd.automount,x-systemd.device-timeout=10,x-systemd.idle-timeout=30 0 0** * **noauto - Do not mount at boot** * **x-systemd.automount - Use the systemd automount facility.** * **x-systemd.automount.device-timeout=10 - If the device is not available, timeout after 10 s** * **x-systemd.automount.idle-timeout=30 - If the device is not used for 30 sec, unmount it.** * **systemctl daemon-reload** * **systemctl restart local-fs.target** * **add new disk vmware** * **lsscsi (find host number - X)** * **echo "- - -" > /sys/class/scsi\_host/hostX/scan** **19. Filesystem Features: Swap, Quotas, Usage** * **swap** * **cat /proc/swap** * **free -m** * **commands - mkswap, swapon, swapoff** * **kernel memory is never swapped out** * **Filesystem Quotas - Quota operations require the existence of the files aquota.user and aquota.group in the root directory of the filesystem using quotas** * **steps** * **Add the usrquota and/or grpquota options to the filesystems entry in /etc/fstab** * **/dev/sda5 /home ext4 defaults,usrquota 1 2** * **sudo mount -o remount /home** * **quotacheck -vu /home** * **quotaon -vu /home** * **edquota someusername** * **commands - quotacheck, quotaon, quotaoff, edquota, quota** * **quotacheck -uav** * **quotacheck -gav** * **quotaon -av** * **quotaoff -av** * **quota -u | quota -g (generate report on quotas)** * **edquota -u \[username], edquota -g \[groupname]** **20. The Ext2/Ext3/Ext4 Filesystems** * **dumpe2fs /dev/sda1** * **dumpe2fs /dev/sdb1 | grep -i ^block\ c | cut -d ':' -f 2 | tr -d ' '** * **tune2fs -c 25 /dev/sda1** * **tune2fs -l /dev/sdb1 ( -l list)** * **e4defrag -c /var/log** * **e4defrag \[-v] file...| directory...| device...** * **e4defrag -c file...| directory...| device...** **21. The XFS and btrfs Filesystems** * **XFS** * **xfsdump** * **xfsrestore** * **xfs\_quota** * **xfs\_freeze** * **btrfs** **22. Encrypting Disks** * **cryptsetup - file** * **dd if=/dev/zero of=crypt-file** * **losetup -f** * **losetup /dev/loop2 crypt-file** * **losetup -l** * **cruptsetup luksFormat /dev/loop2** * **.............** * **cryptsetup** * **cryptsetup luksFormat /dev/sdb1** * **cryptsetup open /dev/sdb1 SECRET** * **mkfs.ext4 /dev/mapper/SECRET** * **mount /dev/mapper/SECRET /mnt/tempdir** * **umount /mnt/tempdir** * **cryptsetup --verbose close SECRET** * **/etc/fstab** * **/dev/mapper/SECRET /mnt ext4 defaults 0 0** * **/etc/crypttab - SECRET /dev/sdb1** * **swap** * **mkswap /dev/mapper/swapcrypt** * **swapon /dev/mapper/swapcrypt** * **/etc/crypttab** * **swapcrypt /dev/sda11 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256** * **/etc/fstab** * **/dev/mapper/swapcrypt none swap defaults 0 0** **23. Logical Volume Management (LVM)** * **vgcreate, vgextend, vgreduce** * **pvcreate, pvdisplay, pvmove, pvremove** * **lvcreate, lvdisplay,** * * **pvcreate /dev/sdb1** * **pvcreate /dev/sdc1** * **vgcreate -s 16M vg /dev/sdb1** * **vgextend vg /dev/sdc1** * **lvcreate -L 50G -n mylvm vg** * **mkfs -t ext4 /dev/vg/mylvm** * **mkdir /mylvm** * **mount /dev/vg/mylvm /mylvm** * **/etc/fstab - /dev/vg/mylvm /mylvm ext4 defaults 1 2** **24. RAID** * **fdisk /dev/sdb1** * **fdisk /dev/sdb2** * **mdadm --create /dev/md0 --level=1 --raid-disks=2 /dev/sdb1 /dev/sdb2** * **mkfs.ext4 /dev/md0** * **bash -c "mdadm --detail --scan >> /etc/mdadm.conf"** * **mkdir /myraid** * **mount /dev/md0 /myraid** * **/etc/fstab - /dev/md0 /myraid ext4 defaults 0 2** * **cat /proc/mdstat - examine** * **mdadm -S /dev/md0 - to stop the RAID device.** * **monitor** * **cat /proc/mdstat - examine** * **mdadm --detail /dev/md0** * **/etc/mdadm.conf** * **MAILADDR ** * **systemctl start mdmonitor** * **systemctl enable mdmonitor** * **hot spare** * **mdadm --create /dev/md0 -l 5 -n3 -x 1 /dev/sda8 /dev/sda9 /dev/sda10 /dev/sda11** * **mdadm --fail /dev/md0 /dev/sdb2** * **mdadm --remove /dev/md0 /dev/sdb2** * **mdadm --add /dev/md0 /dev/sde2** **25. Kernel Services and Configuration** * **/boot/grub2/grub.conf** * **/etc/defaults/grub** * **cat /proc/cmdline** * **yum install kernel-doc** * **/usr/share/doc/kernel-doc-3.10.0/Documentation/kernel-parameters.txt** * **sysctl -a - read and tune kernel parameters at run time** * **sh -c 'echo 1 > /proc/sys/net/ipv4/ip\_forward'** * **sysctl net.ipv4.ip\_forward=1** * **/etc/sysctl.conf (net.ipv4.ip\_forward=1)** * **sysctl -p** * **places** * **/usr/lib/sysctl.d/** * **/etc/sysctl.d/** * **/etc/sysctl.conf** **26. Kernel Modules** * **lsmod, insmod, rmmod, modprobe, modinfo** * **depmod** * **/lib/modules/\** * **/sys/module/e1000/parameters** * **/sbin/insmod \/e1000e.ko debug=2 copybreak=256** * **/sbin/modprobe e1000e debug=2 copybreak=256** * **/etc/modprobe.d** **27. Devices and udev** * **ls -l /dev** * **dmesg -w** * **mknod \[-m mode] /dev/name** * **mknod -m 666 /dev/mycdrv c 254 1** * **/etc/udev/udev.conf** * **/etc/udev/rules.d** * **/usr/lib/udev/rules.d** **28. Virtualization Overview** * **grep -E '(vmx|svm)' /proc/cpuinfo** * **grep -e vmx -e svm /proc/cpuinfo** * **libvirt** * **ls -lF /usr/bin/virt\*** * **qemu** * **disk image formats - qemu-img** * **raw** * **qcow2** * **qemu-img convert -O vmdk myvm.qcow2 myvm.vmdk** * **command line** * **qemu-img create -f qcow2 /var/lib/libvirt/myimg.qcow2 24M** * **sudo qemu-system-x86\_64 -hda /var/lib/libvirt/myimg.qcow2 -cdrom '/home/stan/Downloads/to be deleted/CorePlus-current.iso' -usbdevice tablet** **29. Containers Overview** * **docker run - start a new container** * **-t attach to tty** * **-d run container in the background** * **docker create - creates a container** * **docker exec - run a command on already running container** * **accepts the -t and -d options** * **docker rmi - remove images** * **docker rm $(docker ps -a -q) - remove all stopped containers** * **for CentOS 8 - sudo dnf install podman podman-docker** * **commands** * **docker search apache** * **docker pull docker.io/httpd** * **docker images** * **docker images --all** * **docker run httpd** * **docker ps** * **docker stop b936b0afeb23** * **docker rmi -f docker.io/httpd** * **systemctl stop docker** * **Restart policy** * **docker inspect nervous\_nobel** * **docker update --restart=unless-stopped nervous\_nobel** * **docker run -dt --restart=unless-stopped httpd** * **always** * **no** * **on-failure** * **unless-stopped** * **docker stop $(docker ps -a -q)** * **docker rm $(docker ps -a -q)** **30. User Account Management** * **usermod -L stan1 # lock** * **usermod -U stan1 # unlock** * **chage -E 2014-09-11 stan1 # expire account** * **passwd -e stan1 # expire password** * **chage -d 0 stan1 # expire password** * **/etc/skel** * **cat /etc/login.defs** * **cat /etc/default/useradd** * **useradd, userdel, usermod, chage, passwd** * **man bash - RESTRICTED SHELL** * **sudo ln /bin/bash /bin/rbash** * **sudo useradd -s /bin/rbash fool** * **command** * **$for machines in node1 node2 node3** **do** **(ssh $machines some\_command &)** **done** * **Remote Graphical Login** * **yum install tigervnc tigervnc-server** * **vncserver** * **vncviewer localhost:2** * **vncviewer -via student\@some\_machine localhost:2** * **systemctl stop colord** **31. Group Management** * **groupad, groupmod, groupdel, usermod** * **groups user1** * **id -Gn user1** * **vigr, vipw** **32. File Permissions and Ownership** * **order** * **If the requester is the file owner, the file owner permissions are used.** * **Otherwise, if the requester is in the group that owns the files, the group permissions are examined.** * **If that doesn't succeed, the world permissions are examined.** * **chmod, chown, chgrp, umask** * **umask (/etc/profile), EDITOR (/etc/environment)** * **getfacl, setfacl** * **Default ACL** **33. Pluggable Authentication Modules (PAM)** * **rules - type control module-path module-arguments** * **type - specifies the management group the module is to be associated with** * **auth: Instructs the application to prompt the user for identification (username, password, etc). May set credentials and grant privileges.** * **account: Checks on aspects of the user's account, such as password aging, access control, etc.** * **password: Responsible for updating the user authentication token, usually a password.** * **session: Used to provide functions before and after the session is established (such as setting up environment, logging, etc.).** * **control - flag controls how the success or failure of a module affects the overall authentication process:** * **required: Must return success for the service to be granted. If part of a stack, all other modules are still executed. Application is not told which module or modules failed.** * **requisite: Same as required, except a failure in any module terminates the stack and a return status is sent to the application.** * **optional: Module is not required. If it is the only module, then its return status to application may cause failure.** * **sufficient: If this module succeeds, then no subsequent modules in the stack are executed. If it fails, then it doesn't necessarily cause the stack to fail, unless it is the only one in the stack.** * **include** * **substack** * **LDAP Authentication** * **system-config-authentication** * **authconfig-tui** **34. Network Addresses** * **sudo hostname server01** * **sudo hostnamectl set-hostname server01** **35. Network Devices and Configuration** * **ip \[ OPTIONS ] OBJECT { COMMAND | help }** * **link, address, route** * **ip -s link show eth0** * **ip addr add 192.168.1.7 dev eth0** * **ip link set eth0 down** * **ip route add 172.16.1.0/24 via 192.168.1.5** * **ifconfig** * **Predictable Network Interface Device Names** * **eno1 - on-board devices** * **ens1 - PCI Express hotplug slot index numbers** * **enp2s0 - physical and/or geographical location of the hardware connection** * **enx7837d1ea46da - MAC address** * **eth0 - the old classic method** * **NIC Configuration Files (RedHat)** * **/etc/sysconfig/network** **/etc/sysconfig/network-scripts/ifcfg-ethX** **/etc/sysconfig/network-scripts/ifcfg-ethX:Y** **/etc/sysconfig/network-scripts/route-ethX** * **nmcli** * **man nmcli-examples** * **nmcli connection modify ens160 +ipv4.address 172.13.10.10/24** * **nmcli connection modify ens160 +ipv4.routes "10.110.0.0/25 10.0.0.1 15"** * **nmcli connection up ens160** * **nmcli connection show ens160** * **other examples** * **nmcli con mod virbr0 ipv4.routes 192.168.10.0/24 +ipv4.gateway 192.168.122.0** * **nmcli con up virbr0** * **Gateway** * **/etc/sysconfig/network (GATEWAY=x.x.x.x)** * **/etc/sysconfig/network-scripts/ifcfg-ethX (GATEWAY=x.x.x.x)** * **Routes** * **ip route add 10.5.0.0/16 via 192.168.1.100** * **cat /etc/sysconfig/network-scripts/route-eth0 (10.5.0.0/16 via 172.17.9.1)** * **DNS** * **/etc/hosts, /etc/resolv.conf, /etc/nsswitch.conf** * **/etc/hosts.allow, /etc/hosts/deny (!!!!TCP wrapper based access!!!!)** * **Network Diagnostics - ping , traceroute, mtr, dig** * ** -** **36. Firewalls** * **/etc/firewalld and /usr/lib/firewalld** **37. System Startup and Shutdwon** * **ls /etc/sysconfig (RHEL)** * **ls /etc/default (Debian)** **38. GRUB** * **/boot/grub2/grub.cfg** * **grub2-mkconfig** * **/etc/grub.d** directory * **/etc/default/grub** * **grub2-install /dev/sda** **39. System Init (Systemd)** * **units** * **service** * **socket** * **device** * **mount** * **automount** * **swap** * **target** * **path** * **timer** * **slice** * **scope** * **systemctl daemon-reload** **40. Backup and Recovery Methods** * **tar** * **tar -cvf file.tar dir1** * **tar -xpvf file.tar -C /dir1** * **tar -xvf file.tar somefile** * **tar -tf file.tar (list files)** * **tar --create --newer '2011-12-1' -vzf backup1.tgz /var/tmp (-N)** * **tar --create --after-date '2011-12-1' -vzf backup1.tgz /var/tmp** * **compress** * **tar -zcvf source.tar.gz source** * **tar -jcvf source.tar.bz2 source** * **tar -Jcvf source.tar.xz source** * **decompress** * **tar -xzvf source.tar.gz** * **tar -xjvf source.tar.bz2** * **tar -xJvf source.tar.xz** * **tar -C /usr -zcf include2.tar.gz include** * **du -sh /usr/include** * **tar -zxvf backup/include.tar.gz -C /restore** * **diff -qr include /usr/include** * **dd if=/dev/zero of=outfile bs=1M count=10** * **rsync** * **rsync file.tar :/usr/local** * **rsync -r --dry-run /usr/local /BACKUP/usr** * **rsync -r project-X archive-machine:archives/project-X** * **rsync -av /usr/include .** * **cpio** * **create** * **find include | cpio -c -o > /root/backup/include.cpio** * **find include | cpio -c -o | gzip -c > /root/backup/include.cpio.gz** * **list** * **cpio -ivt < include.cpio** * **cat ../backup/include.cpio | cpio -ivt** * **gunzip -c include.cpio.gz | cpio -ivt** * **restore** * **cpio -idv < ../backup/include.cpio** **41. Linux Security Modules** * **SELinux** * **/etc/sysconfig/selinux** * **sestatus** * **getenforce** * **setenforce Permissive** * **disable** * **/etc/selinux/config (SELINUX=disabled)** * Add **selinux=0** to the kernel parameter list when rebooting * **restorecon -Rv /directory1** * **semanage fcontext -a -t httpd\_sys\_content\_t /virtualHosts** * **restorecon -RFv /virtualHosts** * **chcon -t httpd\_sys\_content\_t file2.html** * **booleans** * **getsebool** - to see booleans * **setsebool** - to set booleans * **semanage boolean -l** - to see persistent boolean settings * **setsebool -P allow\_ftpd\_anon\_write on (persistent)** * **AppArmor** **42. Local System Security** **43. Basic Troubleshooting** **44. System Rescue**