nft command is a tool used to manage network packet filtering rules.

It is part of
nftables

The nft command allows administrators to define, inspect, and modify firewall rules
that control network traffic.

Boot Process Overview:

Bootloader: The bootloader (GRUB) is responsible for loading the kernel and
initramfs into memory during the boot process.
initramfs: A temporary filesystem used by the kernel before the root filesystem
is mounted. It contains necessary modules and scripts for hardware initialization
and setting up the system.
Kernel (vmlinuz): The kernel is responsible for managing the system's hardware
and software. It contains the core functionality of the operating system.

The cryptsetup luksOpen command is used to open a LUKS-encrypted partition and

create a device mapping that can be used to access the decrypted data.

The iostat command in Linux is primarily used to provide input/output statistics

for devices and CPU usage. It helps in monitoring system performance, particularly
for disk and CPU.

The logrotate utility is used to manage and rotate log files in Linux systems. It
helps in automating the process of managing large log files by rotating,
compressing, and deleting old logs according to specified rules.

In Oracle Linux, Podman is a containerization tool that provides a way to manage

and run containers. It is a daemonless container engine, meaning it does not
require a background service to manage containers, unlike Docker. Podman is
compatible with Docker commands, and it can run, build, and manage containers
similarly.
Podman can be used to build container images from Dockerfile or Containerfile,
which are text files that define how to build a container image.
Podman allows you to run containers rootlessly, meaning containers can run without
requiring administrative (root) privileges. This improves security, as you don't
need to give root access to users for container management.

Security: Podman can be run in a rootless mode, reducing the attack surface for
potential exploits.
No Daemon: Podman does not require a running daemon, meaning there's no single
point of failure.
Kubernetes Compatibility: Podman can generate Kubernetes-compatible configuration
files.
User-Friendly: For users already familiar with Docker, Podman is very similar,
making it easy to transition without needing to learn new commands.

ausearch is a command-line utility used to search through the audit logs on Linux
systems, specifically those managed by the Linux Auditing System. These logs
typically contain information about various system activities like USER LOGINS,
FILE ACCESSES, SYSTEM CALLS, AND OTHER SECURITY-RELEVANT EVENTS.

The ausearch tool allows administrators to filter and view audit log records based
on various criteria, such as:
 Event type
Key (used for associating logs with specific events)
Syscall numbers
User, group, or process ID
Date and time
And more...

This tool is particularly useful for security auditing and forensics, as it helps
administrators to find and analyze logs related to specific activities or events.
Additional Useful Flags:

-a <syscall_number>: Search for a specific syscall number.

-sc <syscall_number>: Search for syscalls of a specific number.
-r: Display the raw record format without interpretation.

proc contains information about memory and CPUs.

The /proc file system contains virtual files that provide information about
system processes, memory, CPU, and other kernel and system statistics. For example,
files like /proc/meminfo contain information about memory usage, and /proc/cpuinfo
contains details about the system's CPUs.

sys contains information about memory and CPUs.

The /sys file system is used to interact with the kernel and provides
information about the system's hardware, including memory, CPU, devices, and more.
It provides a way for user-space processes to interact with kernel parameters and
devices. For example, /sys/devices/system/cpu/ contains information about the CPUs
on the system.

QN: 24, B and E

Ksplice is a tool developed by Oracle that allows for applying kernel patches and
updates without needing to reboot the system. It enables zero-downtime kernel
updates, meaning security patches and bug fixes can be applied to a running kernel
without disrupting system availability. This is particularly useful in production
environments where minimizing downtime is critical.

uptrack-upgrade:

Upgrades the system by applying available Ksplice updates to the running

kernel.
-N: PREVENTS KSPLICE FROM APPLYING UPDATES AFTER A REBOOT.
********************************
-y: Automatically answer "yes" to any prompts during the upgrade.
-i: Install patches in addition to upgrading.
-r: rollback

UPTRACK-REMOVE:

Removes applied Ksplice updates, which effectively reverts the system to the
state it was in before updates were applied.

Configuration Files:

/etc/uptrack/uptrack.conf: Configuration file for Ksplice settings.

 /etc/uptrack/disable: File used to disable Ksplice updates on the system.

Example Usage Scenarios:

Apply Updates Without Reboot: If there’s a security update for the kernel,
Ksplice can apply it while the system is still running:

uptrack-upgrade

Remove Applied Patches: If you need to revert a kernel update or remove all applied
patches, you can do so with:

UPTRACK-REMOVE -ALL ******************

Check Current Status: To see the current state of Ksplice updates on the system:

uptrack-status

By using Ksplice, Oracle Linux administrators can ensure that critical kernel
updates are applied swiftly without causing any downtime, which is crucial for
high-availability systems.

QN: 29 - B, F,G
When you switch an enabled module stream in Oracle Linux (or any system using DNF
modules), it will impact the installed package by updating it to match the selected
stream's version and configuration.

QN:30 - C, E

AutoFS is a service that automatically mounts and unmounts file systems based on
demand. It is commonly used to manage network file systems like NFS or automating
the mounting of shared directories. AutoFS dynamically mounts file systems when
they are accessed and unmounts them after a specified period of inactivity. This
makes it a highly efficient way to handle remote file systems without needing to
manually mount or unmount them.

/etc/auto.master: The primary configuration file that defines where AutoFS will
look for mount points.
/etc/auto. files*: These files (e.g., /etc/auto.nfs, /etc/auto.smb) specify
specific details on how to mount different file systems or services.

ldd $(which bash): Lists the libraries required by the bash shell.

QN:33 - B

udev, the device manager for Linux, generates network device names according to a
set of rules and naming schemes. These schemes include the MAC address, PCI slot,
and interface location, ensuring consistent naming across reboots.

The ss command (Socket Statictics) is used to display detailed information about

network connections on a Linux system.

To create a new rsyslog rule, two essential components are used:

Filter: A filter defines the conditions that log messages must meet to be
processed by a specific rule. It can filter log messages based on things like
severity, facility, or specific content in the message.

Action: An action is the operation that is applied to the log messages that
match the filter. Actions define where the log messages are sent (e.g., to a file,
a remote server, or another output).

QN: 42 - B,C

Containers package not only the application but also the required runtime
environment (dependencies, libraries, and configurations) to run the application.
This ensures that the application can run consistently across different
environments without issues related to differences in the underlying operating
system.

/etc/vsftpd.ftpusers — A list of users not allowed to log into vsftpd. By default,

this list includes the root, bin, and daemon users, among others.

QN:51 - B,C
QN:52 - A,B
QN:53 - C

A. A slice unit is a concept for hierarchically managing resources in a group of

processes:
This is correct. In systemd, slice units are used to organize and manage system
resources (such as CPU, memory, etc.) for a group of processes. A slice can be
thought of as a group or container for processes that can be allocated resources in
a hierarchical way.

A cgroup is a kernel feature used to group processes together for the purpose of
limiting, prioritizing, and monitoring their resource usage. These resources can
include CPU, memory, I/O bandwidth, and more. The configuration and limits are
defined in the cgroup filesystem.

QN:60 - B,D

The fixfiles command is used to fix SELinux file contexts.

relabel: Applies SELinux labels to files.
restore: Restores the default SELinux labels.
-F: Forces the operation (e.g., force relabeling or restoring).
-C: Performs a check without changing anything.
-n: Runs in dry-run mode, showing what changes would be made.
-B: Rebuilds the SELinux file context database.

ksplice show

Key Information Displayed:

Patch installed: This shows the patches that have been applied to your system
kernel.
Kernel version: The version of the kernel for which the patch was applied.
Patch details: Brief details about the patch, such as whether it's a security
patch, bug fix, or other update.
Patch application date: The date when the patch was applied.
/etc/NetworkManager/NetworkManager.conf

This is the main configuration file for NetworkManager itself. It contains

global settings for NetworkManager, including whether it should manage interfaces
or be disabled for specific interfaces.

/etc/NetworkManager/system-connections/

This directory contains individual connection profiles created by

NetworkManager. These profiles can include settings for various types of network
connections like Ethernet, Wi-Fi, VPN, etc.

DNF reinstall

Reinstalling a package will remove the current installation of the package and
reinstall it, restoring its default configuration files and binaries.
If the package was previously installed, it will be replaced with the version
available in the repositories, whether the same version or a newer one.
Fixing broken or corrupted packages.
Restoring a package to its original state when you suspect it has been
misconfigured or corrupted.
Reinstalling a package will not remove any user-modified configuration files that
are part of the package unless you specifically remove the configuration files
beforehand.

sysctl -w – Write (Set) a Kernel Parameter Value

Temporarily changes a parameter’s value for the current session. This change
will not persist after a reboot.

Podman: Run and manage containers and pods.

Buildah: Build and customize OCI and Docker-compatible images.
Skopeo: Inspect, verify, and copy container images across registries.

uptrack-show is a diagnostic tool in Ksplice that helps administrators maintain a

real-time overview of the patch status of the kernel on an Oracle Linux system

Displays Installed Kernel Updates: uptrack-show shows the list of patches that have
been applied to the running kernel using Ksplice.
Lists Available Updates: If there are updates available but not yet applied, it
lists those as well, allowing you to see what patches are pending.
Shows Patch Status: The output provides details on whether each patch has been
successfully applied, is pending, or has encountered issues.

View parameters: sysctl -a

Set parameter temporarily: sudo sysctl -w parameter=value
Persist parameter in /etc/sysctl.conf: Add parameter = value and use sudo sysctl -p
Persist parameters in /etc/sysctl.d/: Add parameter = value in a .conf file, then
sudo sysctl --system

When you run sudo sysctl --system to apply settings, the system reads and applies
settings from various files in a specific order:

Files in /etc/sysctl.d/ are processed in lexicographical (alphabetical) order.

The main /etc/sysctl.conf file is processed last.
Because /etc/sysctl.conf is processed last, it can override settings defined in
/etc/sysctl.d/.
However, if a parameter is defined in multiple files within /etc/sysctl.d/, the
file with the highest lexicographical order (e.g., 99-custom.conf) takes precedence

A chroot jail (or chroot environment) is a mechanism that isolates a process or set
of processes in a restricted directory (the "jail"), making it appear as if it has
its own root directory. This is useful for running certain applications in a
contained environment, improving security by limiting what the processes can access
outside of the jail.

Maintaining a chroot jail requires ensuring that the correct binaries, libraries,
and configuration files are kept up to date, especially if you’re running software
that needs updates or security patches.

Update the Jail: If you install new software on the host system, you may need
to copy the new binaries and libraries into the chroot jail.
Add Additional Users: If you need to allow other users into the jail, add them
to the /etc/passwd and /etc/group inside the chroot environment.
Logs: You can configure logging for activities inside the chroot jail,
depending on the services running there.

Inside the chroot jail, the libraries and binaries from the host system are not
accessible unless explicitly copied or linked inside the chroot.

firewalld uses zones to group interfaces and define network policies.

You can allow or block services using predefined service names (http, ssh, etc.) or
by opening specific ports.
For more complex filtering, you can use rich rules to filter traffic based on IP
addresses, ports, and protocols.
Ensure changes are persistent by using the --permanent flag and reloading the
firewall with sudo firewall-cmd --reload.

To copy the ACL from one file to another, you can use the getfacl command to
retrieve the existing ACL and then use setfacl to apply it to the new file.
Steps:

Get the ACL of the source file using getfacl.

Apply the ACL to the target file using setfacl.

getfacl /path/to/source_file | setfacl --set-file=- /path/to/target_file

Explanation:

getfacl /path/to/source_file: This retrieves the ACL of the source file.

|: The pipe sends the output of getfacl to the setfacl command.
setfacl --set-file=- /path/to/target_file: This applies the ACL from the source
file to the target file. The --set-file=- option tells setfacl to read the ACL
configuration from standard input (i.e., the pipe).

ACL - User- and group-specific permissions: You can specify permissions for users
or groups that do not own the file.
Benefits of ACLs:

Granular Permissions: ACLs provide much more flexibility than the traditional
user/group/other model by allowing permissions to be assigned to multiple users or
groups on a single file or directory.
Inheritance: Default ACLs allow new files created within a directory to inherit
the same permissions, simplifying administration.
Compatibility: ACLs do not replace traditional file permissions but extend
them, making it easy to use both in tandem.

Considerations:

Performance: While ACLs provide more flexibility, they might introduce slight
overhead when managing large numbers of files.
Compatibility: ACLs are not supported on all file systems. You need to ensure
that the file system in use supports ACLs (e.g., ext3, ext4, xfs).
Complexity: For simpler environments, the traditional file permissions model
(owner, group, others) may suffice. ACLs are beneficial in more complex setups
requiring fine-grained control.

mount -o acl /dev/sda1 /mnt/data ---ACl is enabled by default, if not enable

Key Options for setfacl:

-m: Modify or add an ACL entry.

-x: Remove an ACL entry.
-b: Remove all ACL entries.
-d: Set default ACL entries (applies to directories, ensuring new files inherit
ACLs).
-k: Remove the default ACL for a directory.
--restore: Restore ACLs from a file.

iostat reflects latency, performance, and efficiency:

Start and stop auditd: systemctl start|stop auditd

Add/remove audit rules: auditctl -w, auditctl -a, auditctl -d
List audit rules: auditctl -l
Search audit logs: ausearch
Generate reports: aureport
Manage audit configuration: Edit /etc/audit/auditd.conf and
/etc/audit/rules.d/audit.rules

The configuration file for journalctl is part of the systemd journal, and its
settings are managed through the journald configuration file, located at:
/etc/systemd/journald.conf

cat /proc/swaps ---list swapdevice

swapon --show and cat /proc/swaps give the most direct information on active swap
devices

Initialize LUKS: cryptsetup luksFormat /dev/sdX

Open Encrypted Device: cryptsetup luksOpen /dev/sdX mapped_name
Close Encrypted Device: cryptsetup luksClose mapped_name
Additional Security Considerations

Regularly back up the passphrase and/or keyfile in a secure location.

Use a strong passphrase and limit access to the keyfile if using one.
Ensure only root has access to /etc/crypttab, /etc/fstab, and the keyfile, if
applicable.

sudo cryptsetup luksAddKey /dev/sdb1 /root/keyfile

sudo nmcli connection add type vlan ifname <parent-interface>.<vlan-id> dev

<parent-interface> id <vlan-id> ip4 <ip-address>/<subnet-mask>

sudo nmcli connection add type ethernet ifname eth1 con-name eth1 ipv4.addresses
<IP>/<Subnet Mask> ipv4.gateway <Gateway IP> ipv4.dns <DNS Server IP> ipv4.method
manual