12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.

txt

Command line basics:

Setup login:
ip addr show - like ipconfig in windows. show the network information
ssh user@host [command]
/etc/ssh_config - global config file
~/.ssh/config - user specific config file
ssh-keygen -t rsa - generate key pairs
~/.ssh/id_rsa - private key
~/.ssh/id_rsa.pub - public key
ssh-copy-id user@host - install public key from ~/id_rsa.pub to /home/USER/authorized_keys on target
host

Getting Help:
sudo mandb - build/refresh the manual database
man <command> - pull up manual page
options in square brackets are optional
whatis <command> - display manual page descriptions
pinfo - top level of the info tree. More in depth version of man.
pinfo grub
/usr/share/doc - contains documentation for installed software

Working in Command Line:

home, ctrl+a - begining of line
end, ctrl+e - end of line
alt+b - move back 1 word
alt+f - move forward 1 word
ctrl+k - cursor to eol
ctrl+w - delete word next to cursor
ctrl+y - undo
ctrl+t - swap letters around
ctrl+l - clear screen
alt+c - capitolize word
history - see command history
!5 - rerun command 5
!e - rerun most recent command that starts with e
grep - text searching tool
grep -ir guru /etc - case insensitive search for the word guru inside files /etc folder
locate - search tool for file names
find - search for files in a directory for hierarchy

VIM:
vimtutor - tutorial for the vim editor
move cursor:
h - left
j - down
k - up
l - right
ESC - normal mode
:q! - discard changes
x - delete under the cursor
i - insert text
A - append text
:wq - save a file and exit
dw - delete a word, needs to be on the first character of the word
d$ - delete to eol
w - move forward to start of next word
e - move to end of current word
$ - move to end of line
2w - move forward 2 words. can use any count before the motion
dd - delete whole line
u - undo the last command
U to fix a whole line
ctrl+r - redo

https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 1/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt
p - put the previously deleted text after the cursor
rx - replace the character at the cursor with x
ce - change to end of a word
ctrl+g - show location in the file and status
gg - move to start of file
G - move to bottom of file
<line number> G - move to specified line
/ <phrase> - search for phrase
n - next
N - previous
% - find matching )]}*
:s/old/new/g - substitues 'new' for 'old' in a line
:%s/old/new/g - changes every occurrence in the whole file
:%s/old/new/gc - prompts whether to substitute or not
o - open a line below the cursor and place you in insert mode
a - insert text after the cursor
v - visual mode to highlight text
y - copy text
p - paste text

The File System:

man hier - manual of file system hierarchy
/ - root of the file system. everything is organized under root
bin - binaries
boot - bootloader, config, kernel
dev - device nodes (hard drives, sound card)
etc - system level config
home - user home directories
root - root's home directory
run - dynamic runtime data
sbin - system/superuser binaries
tmp - world writeable scratch space
usr - programs, libraries, docs
var - persistent variable data
absolute paths - denote full locations starting at root
relative paths - denotes locations relative to your current directory
. - signify current folder
.. - parent folder
pwd - display your current directory
~ - current user's home directory
~user - specified user's home directory
cp - copy file
mv - move file (or rename)
rm - remove
touch - create empty file
mkdir - create directory
-p create parent directories as needed
file globbing
* 0 or more of any character
? 1 of any character
[...] - 1 of any character specified in the []
[^..] - 1 of any character not in the []
softlink/symlink
ln -s
-v (verbose)
hard links - can only link to files on same file system
ln <file> <link name>
cat - concatenate files and redirect output to console

Users and Groups:

Users - every process runs as a user. every filesystem object belongs to a user, every regular user
has a /home direcotry which contains their data and preferences (in hidden .files).
3 account types
root (admin) - uid 0
system - uids 1-200 & 201-999
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 2/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt

regular - uids 1000+

id <username> - information about user accounts
users - see logged in users
who - see logged in users with more detail
w - all the details
getent passwd <user> - query passwd database for user
useradd <user> - create new user
passwd <user> - set user password. account is not active until a pw is set
/etc/skel - skeleton directory for how new home directories are created
usermod - command to modify users. usually used for changing groups
usermod -aG users,wheel nuguru - append groups users and wheel add nuguru user
userdel - remove user
/etc/passwd - account info
guru:x:1000:1000:A Cloud Guru:/home/guru:/bin/bash
<account name>:<shadow passwords in /etc/shadow>:<user id>:<primary group id>:<comment/full
name>:<home directory>:<login shell>
/etc/shadow - password hash file
<account name>:<password info - algorithm, salt, pw hash>:<password ageing>
Groups - every process runs as a member of a group, every filesystem object belongs to a group, every
gorup name maps to a unique gid. users get their own private group by default. groups manage shared
access to files.
groups <user> - what groups you belong to
groupadd <group name>
usermod -aG <group name> <user> - add to groups
groupdel <group name>
groupmod - change group id, change name, rarely used command
getent <group> - view groupDB entry
/etc/group - group info
wheel:x:10:guru,wibble,hatguru
<group name>:<shadow passwords>:<groupid>:<group members comma separated>
/etc/gshadow
wheel:::guru,wibble,hatguru
<group name>:<password hash, probably empty since group pwds aren't used>:<group admins>:
<group members>

Privilege Escalation
root - local admin, go anywhere and do anything, root can destroy everything. Never use root as day
to day login account. Use regular account and escalate as needed.
su - switch user
su <user> -c CMD - to run cmd as user
tail -f /var/log/secure & - tail looks at the last 10 lines of a file. -f to follow file <file name>
and & runs in the background. This is monitoring security logs.
jobs - command to see running jobs
kill %<id> - end task
journalctl -t - similar to tail command. looks at security logs
visudo - edit the /etc/sudoers file
sudo CMD - run CMD as root. must be allowed in /etc/sudoers

Controlling user access

chage OPTIONS <user> - command to control password aging
/etc/shadow - contains the aging options
usermod -L <user> - lock users account
usermod -U <user> - unlock account
usermod -s /sbin/nologin <user> - set shell to no login, but can still use nonlogin services (mail,
ftp)

Network authentication
authenticating over the network is complex, difficult to setup and easy to break.
authconfig - difficult command line
authconfig-tui - menu driven
authconfig-gtk - easiest gui

Managing File Access

File attributes
every file belongs to at least 1 user and 1 group
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 3/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt
ls -l to view permissions
-rwxrw-r-- 1 guru gurus 30076 May 15 15:32 afile
<file type> - - regular file, d directory, l link, p named pipe, s socket, c character device
b block device
file permissions - chmod <mode> <file>
rwxrwxrwx
(u)ser (g)roup (o)ther(everyone else)
+ add, -remove, = set
who how what
ex: chmod a-x afile: remove the execute permissions from all
ex: chmod u=rwx,go-wx afile: user gets read write execute, remove write execute from groups
and other
ex: chmod -R a+X adirectory: recursively set execute on directories
extra attributes
link count
owning user - chown <user> <file>
owning group - chgrp <group> <file>
file size
last modification time
file name
numerical permissions
rwxr-xr-x
111101101 - binary representation
7, 5, 5 -
chmod 755 adirectory
rw-r--r--
110100100
6, 4, 4
chmod 644 afile
special permissions
rwxrwxrw[t] - sticky bit, typically only set on a directory. items in directory may only be
deleted by owner. tmp folder
rwxrw[s]rwx - new objects in this directory inherit its group ownership
rw[s]rwxrwx - suid set user identity. program runs as owner rather than caller
setting special permissions
chmod u+s, g+s, o+t adirectory
rwxr-Sr-T - if the special bit is lowercase, there is also execute permissions. If
its uppercase, there is no execute permission.
numerically: chmod 3755 adir
default permissions 0666 files, 0777 folders
umask - command to view or set users umask
effective user defaults determined by subtracting the umask from defaults
POSIX ACLs
Standard permissions are too basic
getfacl <file> - command to see the access control list
setfacl -m u:nuguru:rx afile - set the access control list, add user nuguru with read write
POSIX ACL masks - limit maximum privileges for group owner, named users, named groups. mask
calculated as union of above permissions
setfacl -m m::rx afile - set the mask to read execute
Default ACLs
Only set on directories. New objects created in directory inherit default ACLs
setfacl -Rm d:u:nuguru:rx - set acl of default type that gives user nuguru read
execute. Recursive options to apply to all subfolders/files

Security Enhanced Linux (SELinux)

Additional layer created by NSA to enhance linux security.
MAC - mandatory access control. Admin defined, enforced system wide. more granular,
context/role-based control
RBAC - role based access control
MLS - multi-level security
TE - type enforcement
States - disabled, permissive (log violations, allow access), enforcing (deny access)
Policy - minimal, targeted, MLS
getenforce - query if in permissive or enforcing mode
sestatus - check status
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 4/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt
/etc/selinux/config - config file for selinux
subject - user/process/device
object - files, ports

contexts - all subjects and objects have contexts.

user:role:type:range
policy dictates which users can assume what roles, what user:role combinations are valid with
which types. how subjects and objects may interact base don context.
ls -Z /etc/shadow - get file listing with selinux context
system_u:object_r:shadow_t:s0
/var/log/audit/audit.log - logging for selinux
chcon - change context of a file
restorecon - put context back
ps -Z - display context for process
most issues are due to incorrect types set on file contexts

changing with booleans - some aspects of policy can be controlled via booleans. defined within policy
and allow fine-tuning
getsebool -a - list all availalbe booleans and their state
semanage boolean -l | sort | less - better command to view available booleans
setsebool httpd_enable_homedirs=1
-P option to change the policy in addition to the runstate
semanage boolean -m -1 http_enable_homedirs - commands to enable particular boolean

Making policy changes

Policy updates and config changes can trigger FS relabel. Changes to FS objects not in policy
will be lost
semanage fcontext -l | grep <context> - search for the context

Troubleshooting -
is it doing it's job correctly?
Is there a boolean associated with current issue?
Are there any file contexts that need updating?
Is a policy amendment required?
Tools:
/var/log/audit/audit.log
setroubleshoot
yum install setroubleshoot-server policycoreutils-gui

Managing Processes - Fundamentals

Processes can be started by other processes (e.g. systemd), the linux kernel, user commands. All
processes have a parent (except systemd). Some processes spawn child processes. If the parent
dies/exits, so do the children. Processes are assigned a unique incremental PID.
Processes started from CLI run in foreground, but can be run in the backgroudn with &
ctrl+z - suspend process
bg %<job nubmer> - set to run in background (fg for foreground)
jobs - view all suspended and background processes

Process Monitoring
pstree | less - see the process tree
pstree -p --security-content | less
ps - processes currently attached to your terminal
ps aux | less - all process on system
top - like task manager
set: z, x, B, shift+w to write config file
uptime - system uptime
sar - system activity report
sar 1 10 - check every second for 10 seconds
load average: 1 min, 5 min, 15 min
process states:
r - running/runnable
s - sleeping (interrutable)
d - sleeping (uninterrutable - waiting for HW)
T - suspended
Z - zombie (defunct)
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 5/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt
others rarely seen

Controlling Processes
process communicate using signals (kill -l for list)
kill <pid> - terminate by process id
kill %<job id> - terminate by job
kill -KILL, SIGKILL, or -9 - specify the kill signal
killall -19 myproc.sh - stop all myproc.sh processes
pgrep - search processes by name, returns pid
pgrep -u <username>
pkill - same as pgrep but kills instead of returning pid
nohup - command to keep children processes running after parent exits

Task Scheduler and priorities.

0 (high) -> 139 (low) priority.
SCHED_OTHER - default scheduling policy. Priorities 100 -> 139
SCHED_BATCH - scheduling policy used for batch processing
processes assigned priority 120 by default ("nice" value 0)
top r - change the nice value of a pid
nice -n <nicevalue> - start a process with a set nice value
renice -n <nicevalue> -p <pid> - change priority by pid
renice -n <nice value> -g <group> or -u <user> - change by user or group

I/O redirection and piping

STDOUT - channel 1 where processes send their standard output. default is terminal. redirect with >.
>> - append instead of overwrite.
STDERR - channel 2 where processes send their errors. default terminal, redirect with 2>
e.x. find /etc/ -name 'cups' &> results.out - send both channels to results.out
STDIN - channel 0. where processes are expecting input. redirect with <
cat < /etc/passwd - redirect contents of /etc/passwd to cat instead of expecting keyboard input
Piping - take multiple commands and join them together. Redirecting STDOUT from command1 to STDIN of
command 2
mail - send by email
sort - inline sort of data
grep - search using regex
cut - extract specific columns or characters
wc - count lines words and/or characters
tr - perform character deletion/substitution
uniq - remove/count adjacent duplicate lines

Software management
Package management fundamentals
software installation puts files all over the place.
config files evolve over time and must be handled properly
package information should be searchable
package contents/creators must be 'verified'
some package installations require additional actions
dependencies should be checked
rpm - redhat package manager
package contains files, locations metadata permissions timestamps size checksums, pre/post
install scripts, pre/post remove, signed checksums, dependencies
yum - yellowdog updater, modified. Wrapper for RPM
automatic dependency resolutions
automatic package retrieval
subscriptions/repositories
automatic updates
package groups
Yum commands
search <string>
info <package>
-y arguement to answer yes to all prompts
update <package> - no package name will update all installed packages
groups
install
remove
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 6/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt

list
info
history
yum history list 28 - get detail on action 28
yum history undo 28 - undo action 28
yum history rollback 27 - undo all actions to transaction 27
tail -f /var/log/yum.log - view yum log file
Repositories - default repos only contain 'base' packages and updates. Additional repos host vast
array of extras (fedora EPEL, RPM Fusion)
yum-config-manager --add-repo="url"
edit /etc/yum.repos.d/*.repo
yum install repoconfig.rpm

File Systems and Storage

local storage naming conventions
storage devices appear as files in /dev
brw-rw----. 1 root disk 8, 1 Sept 4 10:50 sdb1
brw-rw---- block type, rw owner and group
sdb1 - SCSI/SATA Disk, Disk B, partitial 1
8, 1 - major minor verision
/dev/sda - entire disk ACL
/dev/sdb2 - disk b partition 2
/dev/vda3 - virtual disk 1 partition 3
partitioning strategies
MBR Old BIOS - max 15 partitions, 1 partition table, max 2 TiB devive partition size
GPT - primary and backup partition table, partitions from 1 - 128, fault tolerant
Adding storage and swap
identify -> partition -> format -> mount -> make persistent
Identitfy
lsblk - list storage block devices
blkid - list Universal identifiers for file systems
Partition
gdisk - command wizard to create GPT partitions and swap
fdisk - command wizard to create MBR partitions
partprobe after saving partition structure
Format
mkfs - make file system
mkswap - make swap
Mount
mkdir /more - make a directory as a mount point
mount /dev/sdb1 /more - mount storage to /more
swapon /dev/sdb2 - active swap space (no mount point)
Make persistent
/etc/fstab - contains partition info and mount points. Need to update this file in
order for the changes to persist after reboot.
Network file sharing
NFS - Network file system, traditionally linux/unix, originally UDP but NFSv4+ can do TCP, Kerberos
based security
CIFS - common internet file system. Traditionally MS/Mac. TCP and UDP. Various authentication types
supported.
Yum install nfs-utilis
Adding NFS Network storage
Identify -> Mount -> Make Persistent
Identify
showmount -e <ip> or <hostname> of fileserver
mount <server>:/ /mnt - mount root of the fileserver
yum install autofs
systemctl start autofs
cd /net/<server>
Mount
mkdir /nfsmount
mount -t nfs <server>:/home/store /nfsmount/
Make persistent in /etc/fstab
serv:/home/store /nfsmount nfs <noauto/defaults,db> 0 0
noauto - doesn't automatically mount
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 7/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt

defaults,db - automatically mount, run in background in case storage is done

fuser -vm /nfsmount/ - see what processes are utilizing the mount point
Adding CIFS/SMB
Identify
smbclient -L <server> -N (no auto)
smbclient -L <server> -U sambaguru -W gurus
sambaguru user, gurus domain
smbclient //<server>/sambaguru -U sambaguru -W gurus
Mount
mkdir /cifsmount
mount -o username=sambaguru,domain=gurus //<server>/sambaguru /cifsmount
will prompt for password
make persistent in /etc/fstab
//<server>/sambaguru /cifsmount cifs credentials=/root/my.creds 0 0
give it a credentials file that only root can read
vim ~/my.creds
chmod 600 my.creds
Automounter
persistent mounts in /etc/fstab can cause issues.
unavaialble network mounts can stall boot
global mount options don't work for all users
normal users cannot mount/unmount
automounter watches given mountpoints, mounts/unmounts as needed. Can do so with user-specific mount
options
Logical Volume Manager
Takes physical devices and combine into a logical volume group, then partition storage called logical
volumes
Flexbility to add/remove drives, scalability,
Cons - fault tolerance. 1 device loss can impact multiple LVs
partition -> initialise -> pool -> allocate -> format -> mount -> make persistent
Partition
gdisk/fdisk
select linux physical LVM type
Initialize
pvcreate /dev/sdb3 /dev/sdb4
Pool
vgcreate MyVG /dev/sdb3 /dev/sdb4
Allocate
lvcreate -n docs -l 20%VG MyVG - create logical volumn docs with 20% storage of MyVG
lvcreate -n data -L 80M MyVG
format
mkfs.xfs /dev/MyVG/docs
mkfs.xfs /dev/MyVG/data
mount
mkdir -p /store/data /store/docs
make persistent in /etc/fstab
/dev/MyVG/data /store/data xfs defaults 0 2
test:
umount /store/data
mount -a
Extend a volume
add physical volume -> initialize -> extend VG -> extend logical volumes
extend VG
vgextend MyVG /dev/sdb5
extend logical
lvextend -L +64M /dev/MyVG/data
grow file system
xfs_growfs /dev/MyVG/data
Remove physical volume
pvmove /dev/sdb3 - remove files from device
vgreduce /dev/sdb3

Service and Boot Management

systemd - a suite of service/boot maanagement tools. 1st binary when called on boot so always PID 1.
It intelligently maanges services and performs startup tasts
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 8/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt

parallel service initialisation reduces boot timestamps

can start/stop services in response to certain events
handles service dependencies to prevent timeout
controls systemstates using units
*.service used to manage system services
*.target unites used to put system into a specific state
*.socket network events
*.path fs events
systemctl - command to interact with system md and services
systemctl status <service>
systemctl stop/start <service>
systemctl list-units
systemctl -t service - command to see all services
systemctl enable <service> - make sure a service is enabled (persists past reboot)
systemctl mask <service> - prevents a service from being enabled/disabled. Need to unmask to
modify
systemctl is-active/is-enabled <service> - check specific service
systemctl get-default/set-default - check default boot state
boot process
BIOS -> Boot loader (grub2) -> kernel + initramfs -> systemd from initramfs -> inird.target -
mounts actual rootfs to /sysroot -> systemd from / -> default.target -> sysinit.target, File system
checks, remounts as rewrite
BIOS - firmware
Boot loader - configured in /boot/grub2/grub.cfg from /etc/grub.d and /etc/default/grub via
grub2-mkconfig
Kernel - edit values in /sys/* /proc/sys/*
sysinit.target - /etc/fstab
boot parameters - passed to boot loader -> kernel -> systemd
rd.break - stops the system while its running on initramfs.
systemd.unit=rescue.target - systemd runs rescue.target -> sysinit.target
systemd.unit=emergency.target - systemd runs emergency.target but not sysinit so file system
checks don't run
root password recovery
Reboot. at boot loader hit 'e' for edit.
add rd.break parameter to the boot loader file
set file system as rw
mount -o remount,rw /sysroot/
mount
change kernel to use disk file system instead of initramfs
chroot /sysroot/
update root passwd
passwd guru
Root passwd is changed but changes made in recovery mode do not apply for SE linux.
touch /.autorelabel

Networking
Discovery and diagnostics
ip - swiss army knife netwojprking command
ip addr show - s hows ip addresses for the system
hostname/hostnamectl - view or change hostname of the system
NIC naming conventions
enp0s3
en - type ethernet
p0 - port 0
s3 - slot 3
ip route show - check default gateway
dig acloud.guru - dns query for acloud.guru. replacing nslookup
tracepath acloud.guru - view routing information for nodes to acloud.guru server. replacement
for traceroute
ss - command to view what processes/services are listening on what ports. replacement for
netstat
configuration
networkmanager - network control and configuration service.
keeps devices/connections up when possible
con respond to hardware/network events
https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 9/10
12/26/2019 https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt

works synergistically with old configuration mechanism

/etc/sysconfig/network-scripts/ifcfg-*
nmcli - command to interact with network manager
nmcli device - view devices
hostnames and DNS
/etc/hostname - where hostname is configured
hostnamectl - show hostname information and set hostname permanently
DNS
/etc/nsswitch.conf - hosts: files dns myhostname
file - tells system to look at /etc/hosts for name resolution
dns - checks dns next. configured in /etc/resolv.conf
Name resolution tools
Dig - queries DNS and returns verbatim results
@server - to query specific dns server
mx - query mail servers
host - queries DNS and provides clean results
getent - checks hosts file as well as dns
firewalling
netfilter - the kernel firewall/NAT/packet mangler
many hardware firewalls use embedded linux + netfilter
firewalld - simplifies firewall management. Classifies traffic into zones and handles
accordinly. Ties into networkmanager.
Zones - rules are stateful. incoming traffic related to outbound connections allowed.
trusted - allows all incoming traffic
public - reject incoming except ssh/dhcpv6. default zone for new interfaces
block - reject all
drop - drop all
firewall-cmd - commands to manage running firewalld
--permanent - make request change persistent
--get-zones for a full list of zones
--get/set-default-zone view/set default zone
--zone to specify zone to operate on
--list-all view config for specified/default zone
--add/remove
-source
-interface
-service
-port

https://raw.githubusercontent.com/myersb89/Notes/master/linux_notes.txt 10/10