Linux+ Study Guide (XK0-004)
~/.ssh/config
A file on the client that you can use to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.
/etc/fstab
A file used to specify which filesystems to mount automatically at boot time
positional parameter
#!/bin/bash echo "The first argument is $1 echo "The second argument is $2" echo "The third argument is $3"
dmesg
("display message" or "driver message") command is used to print any messages that have been sent to the kernel's message buffer during and after system boot. Device drivers send messages to the kernel indicating the status of modules and parameters that the drivers interface with.
nohup
("no hangup") command prevents a process from ending when the user logs off.
dig
A powerful tool for gathering information and testing name resolution.
Logical Partition
A part of a physical drive that has been partitioned and allocated as an independent unit and functions as a separate drive. A logical partition is created within an extended partition, and is therefore a subset of an extended partition. There is no restriction on the number of logical partitions, but it is advisable to limit it to 12 logical partitions per drive.
Primary Partition
A partition that can contain one file system or logical drive and is sometimes referred to as a volume. The swap file system and the boot partition are normally created in a primary partition.
Access Control Lists
ACLs enable you to assign permissions to individual users or groups even if these do not correspond to the object's owner or group.
Trusted ports
AKA privileged ports (0-1023) if a process is to start listening on a trusted port, or to establish a remote connection from a trusted port, it must have superuser privileges.
Agent-based vs Agentless Orchestration
Agent-based orchestration tools require that a software component reside on the managed device. Agentless tools do not require additional software to exist ahead of time on the managed system.
/etc/group
All groups, default or user-specific, will be found in this file.
Full Backup
All selected files, regardless of prior state, are backed up. Numerous full backups can consume a great deal of storage space, and the backup process can be slow. full backups are fast and reliable when it comes to recovering lost data.
/var/log/syslog
All types of system events except for authentication messages. Primarily used by Debian-based distros.
Network File System (NFS)
NFS offers similar functionality to SMB, but the protocols are not compatible. NFS is preferred in situations where Linux clients access Linux servers. In environments that are a mix of Windows and Linux, the SMB protocol is the better choice.
Certificate Authority (CA)
Certificate authority (CA) servers manage the enrollment, approval, expiration, and revocation of certificates. One use of certificates is in guaranteeing the identity of websites for the use of HTTPS connections.
Container Images
Containerization virtualizes at the operating system layer, providing application isolation, even though the applications are sharing a single OS. Containers may be useful for hosting production applications as well as for testing applications by developers.
/etc/nsswitch.conf
Controls how hostnames are resolved system wide
File Naming Conventions
On an ext4 file system, a file name may be up to 255 bytes long and contain any byte except NULL (\0) and the forward slash (/). File names of user files may not be . and .. as these are special reserved file names.
Types of Swap Space
Device swap configured when you partition the storage device. It is used by the operating system to run large applications. File system swap configured primarily when you install Linux. It is used by the operating system as an emergency resource when the available swap space runs out. Pseudo-swap enables large applications to run on computers with limited RAM.
Types of Files
Directories (d) A container for other files. Special files Includes system files. These files are stored in the /dev directory. They can be block special files (b) or character special files (c). Block special files are large files that are used for data storage. Character special files are small files that are used for streaming of data. Links (l) Makes a file accessible in multiple parts of the system's file tree. Domain sockets (s) Provides inter-process networking that is protected by the file system's access control. Named pipes (p) Enables processes to communicate with each other without using network sockets.
SELinux Modes
Disabled Enforcing Permissive
VM Templates
Open Virtualization Format (OVF) JavaScript Object Notation (JSON) YAML Ain't Markup Language (YAML) Container images
SSH Port Forwarding
The process of tunneling an application through SSH Local - the local client listens for connections on a port, and then tunnels any active connection to a remote server using SSH Remote - the SSH server forwards inbound client traffic to another system on a different port.
SATA
Serial AT Attachment (SATA) is a computer bus interface standard for attaching storage devices to traditional computers. SATA has largely replaced earlier standards like Parallel ATA (PATA) and Integrated Drive Electronics (IDE)
env
The env command is used to run a command with modified environment variables. Note: The printenv command is functionally the same as issuing env without any arguments.
mkdir and rmdir
The mkdir command is used to create (or make) a directory. You supply the name of the directory as an argument. The rmdir directory is used to remove directories, but only those that are empty (i.e., contain no files or subdirectories). In order to delete a directory with actual contents, you must use the rm -R command.
ext4
This is one of two default file system for Linux distributions. It is backwards-compatible with the ext2 and ext3 file systems. Among ext4's improvements over ext3 are journaling, support of volumes of up to one exbibyte (EiB), and files up to 16 tebibyte (TiB) in size. Default in Ubuntu
/mnt
This is the mount point for temporarily mounting file systems.
UEFI
Unified Extensible Firmware Interface (UEFI) is newer firmware technology that has largely replaced BIOS by bringing with it several key advantages. UEFI runs faster than BIOS, can operate within a greater amount of memory, can access storage drives of currently unattainable sizes, can access more hardware types, and has improved security protections.
cfq
This refers to the Complete Fair Queuing (CFQ) scheduler. In this scheduler, each process is given its own queue and each queue has an interval by which it is accessed, or its time slice. The scheduler uses a round-robin system to access each queue and services requests from these queues until either their time slices or requests are exhausted.
deadline
This scheduler performs sorting of I/O operations using three queues: a standard pending request queue, a read first in first out (FIFO) queue, and a write FIFO queue; the latter two of which are sorted by submission time and have expiration values.
ulimit
The syntax of the ulimit command is ulimit [options] [limit] For example, to set a limit for the maximum number of open file descriptors: ulimit -n 512 You can display all of the current limits by issuing ulimit -a
tracepath
The tracepath command is a simplified version of traceroute that does not require administrative privileges to run. It also contains fewer options.
File Attributes
These attributes go beyond typical permissions and enable you to more granularly customize what the system is and is not allowed to do with a file. • Only allow the file to be open for writing in append mode; i.e., don't allow the file to be overwritten. • Set the file to be automatically compressed. • Save the file if it is deleted, providing an opportunity for it to be recovered. • Make the file immutable.
/usr/share/doc/
This directory contains documentation for libraries, system utilities, and other software packages installed on the system.
/etc/dhcp/dhclient.conf
This file enables the configuration of DHCP client settings, including timeout values, dynamic DNS configurations, etc. The file is called and managed by NetworkManager
/etc/securetty
This file is leveraged by the pam_securetty module to determine what controlling terminals (tty#) the root user is allowed to login to. If this file does not exist, the root user can log in from any controlling terminal. Caution: Use /etc/securetty to restrict local root access only—it will not prevent root from signing through SSH. You'll need to disable that in the sshd_config settings on the server (PermitRootLogin ).
Set a shell variable
VAR=value such as MYVAR=123
chroot jail
a technique of controlling what a process—a user, for example—can access on a file system by changing the root directory of that process's environment.
immutable Flag
attribute of a file or directory that prevents it from being modified, even by the root user.
/etc/default/grub
contains GRUB 2 display menu settings that are read by the /etc/grub.d/ scripts and built into the grub.cfg file. enables you to change options such as how many seconds GRUB 2 will wait before automatically selecting the default boot option;
Debian Package Managers
dpkg .deb The preferred method of package management in Debian-derivatives today is the Advanced Package Tool (APT).
groupdel
delete group from /etc/group
umount
disassociated from the directory by unloading, or unmounting, the file system =-f force -l lazy umount (references not cleaned up) -R recursive -t unmount only type -O only with options --face test without actually doing it
id
display UID and GID
echo
display a line of text on the terminal. You can also use the echo command to write text to a file by providing the string after the echo command and redirecting to the file.
lspci
display information about devices that are connected to the system's PCI buses.
iftop
displays bandwidth usage information for the system, helping to identify whether a particular NIC or protocol is consuming the most bandwidth. The iftop command may not be installed on all Linux distributions.
lsblk
displays information about all block storage devices that are currently available on the system -a list empty devices -e exclude devices -f additional filesystem info -l list format -m permissions
sar
displays system usage reports based on data collected from system activity.
pgrep
displays the PID of processes that match any given pattern pgrep sshd
/etc/sysconfig/network
file used to configure networking. These settings may instead be configured on a per-interface basis in /etc/sysconfig/network-scripts/ifcfg-<NIC> Note: The /etc/sysconfig/network file typically exists in Linux distributions that are derived from Red Hat Linux. For Linux distributions derived from Debian, the equivalent file is /etc/sysconfig/interfaces
Kernel Management Commands
lsmod modinfo insmod rmmod
chmod
modify the permissions of a file or directory -c Report changes made in perm -f hide most error messages -v display diagnostic for every file processed -R Recursively
mv
moves files and directories to other locations. like cut and paste
tcpdump
network analyzer -i Specify the interface to use. -n Not resolve hostnames, speeding up the capture. -v Specify verbose mode. tcpdump [options] [-i {interface}] [host {IP address}]
Netplan
network configuration utility found on some distributions. It uses YAML description files to configure network interfaces. These files are stored in the /etc/ netplan/ directory.
Process ID (PID)
non-negative integer that increases for each new process that is started. The init daemon always has a PID of 1
StrongSwan
popular utility for implementing IPSec tunnels for VPN clients is StrongSwan, available from the strongswan package.
w
primarily used to display the details of users who are currently logged in to a system and their transactions.
lsof
prints a list of all files that are currently opened to all active processes. This can include everything from a text file to a device file—any object that the system can parse as a file.
uname
prints the name of the kernel—Linux. You can view the kernel version number of your current system by using the uname -r command. You can also enter uname -i to view the hardware platform. To print all information, enter the uname -a command.
<
read the input from a file rather than rom the keyboard or mouse.
tee
reads the standard input, sends the output to the default output device (the CLI), and also copies the output to each specified file. This command enables you to verify the output of a command immediately as well as store that output in a file for later reference. ls -l | tee listing.txt
2>
redirect standard error to a file
Service
software that responds to requests from other programs to provide some sort of specialized functionality. Services can be broadly classified as critical services and non-critical services.
repquota
summarizes file system quotas -a display reports for all file systems -u particular user
Swap Partition management commands
swapon -e Skip devices that do not exist. swapon -a Activate all of the swap space. swapoff -a Deactivate all of the swap space.
microkernel
the kernel itself runs the minimum amount of resources necessary to actually implement a fully functional operating system. Compared to monolithic kernels, microkernels have smaller kernel spaces and instead have larger user spaces. This means microkernels are smaller in overall size and consume less memory. In addition, they are typically more stable. However, microkernels tend to offer worse performance than monolithic kernels.
systematic drift
the predictable amount of time that the hardware clock gains or loses each day, making it inaccurate and throwing it out of alignment with the system clock.
Automation
the process of accomplishing a configuration task without human intervention. This is different than orchestration. Automation refers to a single task, whereas orchestration manages a larger scale series of tasks.
localization
the process of adapting system components for use within a distinct culture, other than the culture that the system was originally designed for.
decoding
the process of converting bytes into text.
encoding
the process of converting text into bytes
/etc/mtab
typically more accurate and includes more up-to-date information about the file systems.
File System Labels
Assigned for easy identification. The labels may be up to 16 characters long and can be displayed or changed using the e2label
set
(without arguments) prints all shell variables
IPsec modes
- Transport Mode contents encrypted NOT header - Tunnel Mode (entire packet encrypted)
tar
-c Create the tarball -x Extract the tarball. -v Enable verbose mode. -r Append more files to an existing tarball. -t Test the tarball or see what files are included in the tarball. -f Specify the name of the tarball in the next argument (must be used as the last option). tar -cvf tarball.tar file1 file2 file3
gzip
-d Reverse file compression (decompression). -f Force compression or decompression of a file even if it has multiple links or if the file exists. -n Omit saving the original file name and timestamp. -N Save the original file name and timestamp. -q Suppress all warnings. -r Enable directory recursion during compression or decompression. -v Display the name and percentage reduction of the compressed or decompressed file. -t Perform an integrity check on the compressed file.
less command options
-e Exit the program the second time it reaches the end of the file. -E Exit the program the first time it reaches the end of the file. -i Ignore case in searches. -n Suppress line numbers.
sort
-k{column numbers} Specify field values. For example, -k2 indicates the second field. -n Compare and sort lines based on the string numerical value. -r Sort fields in descending order. By default, the fields are sorted in ascending order. -t{delimiter} Separate one field from another. Note:
ls
-l Display a long list including the permissions, number of hard links, owner, group, size, date, and file name. -F Display the nature of a file, such as * for an executable file and / for a directory. -a Display all files present in the directory, including the files whose names begin with a period ( . ). -R Recursively display all subdirectories. -d Display information about symbolic links or directories rather than the link's target or the contents of the directory. -L Display all files in a directory, including symbolic links
journalctl options
-n {number of lines} Specify the number of lines of journal logs to display. -o {output format} Specify the format of the output. For example: short, verbose, or export. -f Display the most recent journal entries, and continuously update the display with new entries as they are added to the journal. -p Filter journal log output by severity (alert, err, warning, notice, info, etc.). -u Filter journal log output by the specified unit, such as the name of a service. -b [boot ID] Show log message from the current boot only, or the boot ID specified.
/boot/
/boot/grub/ This directory contains configuration files for a type of boot loader called GRUB. The /boot/grub2/ directory does likewise, but for GRUB 2, an improved version. /boot/efi/ This directory contains boot files for an EFI system partition (ESP), which is a required partition for systems that boot from UEFI. It contains boot loader, device driver, and system application files that are executed by UEFI. Boot loader files are typically named with a .efi extension. /boot/initramfs- <kernel version>.img This file is an initramfs image, which is an alternative to initrd that uses different methods to do the same basic thing: initialize a temporary root file system on boot. Whereas initrd requires a special driver to be compiled into the kernel, initramfs does not. In addition, the initrd image is a block device formatted with a fixed-size file system, whereas the initramfs image is an archive file that can be sized dynamically. /boot/vmlinuz-<kernel version> This is a compressed executable file that contains the Linux kernel itself. The boot loader loads this file into memory during the boot process to initialize the operating system. A related file is vmlinux, which is essentially the non-compressed version of the kernel used for debugging.
Device File Locations
/proc represent system info from kernel /sys hierarchical view of device info /dev driver files and /dev/mapper /etc config files
MAN PAGE SECTIONS
1 General commands 2 System calls 3 C library functions 4 Special files (usually found in /dev) 5 File formats and conventions 6 Games and screensavers 7 Miscellaneous 8 System administration commands and daemons
Storage Device Setup Process
1. Partition the storage device using a tool like fdisk or parted 2. Format the partition with a file system using the mkfs tool. 3. Add the formatted partition to the fstab file so that it is configured by the system on boot.
Example of switching targets in systemd
1. The server is started to the multi-user.target by default. 2. The administrator logs on to the server at the CLI and enters the following command to start the GUI: systemctl isolate graphical.target 3. The administrator completes their administrative tasks. 4. The administrator enters the following command to return the server to the more efficient CLI configuration: systemctl isolate multi-user.target
software compilation process
1. Unpack the download, typically using tar and/or gzip commands. 2. Change into the directory that gets created as part of the unpacking process. 3. Run the ./configure command to gather system information needed by the application. This information is stored in the makefile, which is referenced during the next step. 4. Use the make command to compile the application using the information stored in the makefile. Note that this usually requires root privileges. 5. Use the make install command to install the resulting binaries (the application).
chmod Absolute Mode
4 Read 2 Write 1 Execute 755 u=rwx,g=rx,o=rx 700 u=rwx,g=,o= 644 u=rw,g=r,o=r 600 u=rw,g=,o=
XFS
64-bit, high-performance journaling file system that provides fast recovery and can handle large files efficiently. XFS is the default file system for CentOS®/RHEL 7 installations.
Certificate Signing Request
A CSR is a message sent to a CA in which an entity applies for a certificate. It typically includes information that should go into the entity's certificate, like its public key, digital signature, and other identifying information.
UTF-8
A coding system for storing characters in bits, extending the 8-bit ASCII coding system to include international characters by sometimes using more than 8 bits. default in many systems
makefiles
A makefile is a file that contains instructions used by a compiler to build a program from source code. These instructions typically define the resources that the program depends on in order to function properly, as well as any additional directives as defined by the developer.
PTY
A pseudoterminal (PTY) is an emulation of a standard controlling terminal that is used by a program. The pseudoterminal appears to other software as if it is a real terminal, but data is being input and output to the program that is emulating the terminal. For example, when you SSH into a server and enter a command, that command is sent to the pseudoterminal, which is actually controlled by the SSH service.
/usr
A read-only directory that stores small programs and files accessible to all users
Terminal Redirection
A running process in Linux can be controlled by a terminal (CLI), and multiple terminals can run at once. Each controlling terminal is assigned an identifier. This identifier usually takes the format /dev/tty# where # is a number unique to that terminal. You can redirect standard input and output to another controlling terminal by referencing its /dev/tty number. This can be useful when you need to redirect text streams between different running processes.
Containers
A single host operating system runs multiple applications in isolation from each other, but all applications share the OS and its resources. Containers also provide a great deal of efficiency and management advantages.
apt
APT is a front-end manager to the dpkg system install {package name} Install the package. remove {package name} Uninstall the package, leaving behind its configuration files. purge {package name} Uninstall the package and remove its configuration files. show {package name} Report information about the package. version {package name} Display version information about the package. update Update APT database of available packages. upgrade [package name] Upgrade the package, or upgrade all packages if none provided (time-consuming).
ssh-copy-id
Append the user's public keys to the remote server's authorized_keys file so that the server can authenticate the user's private key.
host
Another, simple tool capable of gathering information and testing name resolution. It is installed on most Linux distributions.
Orchestration Tools
Ansible Puppet Chef Kubernetes OpenStack
Boot Process
BIOS/UEFI MBR/GPT GRUB2 initrd/kernel systemd
iptables persistance
By default, rules set with iptables will be lost on reboot. In CentOS/RHEL, you can install the iptables-services package and issue the service iptables save command to ensure your changes persist. For Debian-based distros, you can install the iptables-persistent package. After installation, you'll be asked to confirm that you want your current rules to persist. The iptables-persistent service will then automatically run at boot and load your rules.
Common Internet File System (CIFS)
CIFS is a specific implementation of SMB that is rarely in use. Microsoft designed it as a successor to SMB version 1, but SMB versions 2 and 3 superseded it. However, Linux still uses the CIFS name in some of its tools, though these tools support newer versions of SMB.
AppArmor Modes
Complain Enforce
groupadd
Create a new group -g assign group id -f exit with success if group exists -o allow create w/ non-unique GID
createrepo
Creates yum repository
DTLS
Datagram Transport Layer Security (DTLS) protocol essentially implements SSL/TLS over datagrams (e.g., using UDP as the transport layer protocol). This means DTLS traffic is not susceptible to the same delays that TCP-oriented traffic is, particularly when TCP packets are encapsulated within a TCP connection, like in certain VPN configurations. DTLS is therefore used as an alternative VPN tunneling protocol. OpenConnect is a popular cross-platform VPN that supports DTLS tunneling.
/etc/network/
Debian derived network configuration files
userdel
Delete user account
atrm
Deletes user's jobs identified by job number
AppArmor Profiles
Each executable can have an associated AppArmor profile. Profiles are located in the /etc/apparmor.d/ directory. Within this directory are several text files that are named in a path.binary format. Within a profile, you can configure two main types of rules: capabilities and path entries. Capabilities provide the executable in question access to some sort of system functionality.
iptables logs
Events for iptables are typically written to the /var/log/messages or /var/log/kern.log files.
/var/log/messages
General non-critical system events. Primarily used by RHEL and CentOS.
GPIO
General-purpose input/output (GPIO) refers to pins on a circuit board that have no designated purpose, but are controllable by the user at runtime.
Troubleshooting Model
Identify the problem establish a theory of probable cause test the theory establish plan of action implement solution or escalate verify document
Infrastructure as a Service (IaaS)
In IaaS, the physical devices (servers, switches, routers, etc.) are virtualized and owned by the cloud service provider. Responsibility for the hardware lifecycle is offloaded to the cloud service provider. This area of cloud computing typically provides service to systems administrators.
/var/log/journal/
In its default configuration, the systemd journal only stores logs in memory, and logs are cleared on each system reboot. You can have the journald logs persist after a reboot by creating the /var/log/journal/ directory. The systemd service is configured to automatically maintain logs in this directory if it exists.
/etc/timezone
In some Debian-based distros, /etc/timezone can be used to view the time zone. This text file lists the time zone by the region structure you'd see in the /usr/ share/zoneinfo directory.
depmod
In order for modprobe to accurately install dependent modules, it reads the modules.dep file to identify how modules are linked to one another. The depmod command is used to update this database of dependencies so that modprobe can function properly. The depmod command searches the contents of /lib/modules/<kernel version>/ for each module.
Inodes
Index node object that stores metadata about a file or directory on a file system. can include time-based values like when a file was created and last modified; permission and ownership information; the block locations of a file's data on a storage device; and other miscellaneous information. ls -i Some filesystems set maximum number of inodes that cannot be exceeded
insmod
Install a module into the currently running kernel. This command inserts only the specified module and does not insert any dependent modules.
Private IPv4
Internal Use only • Class A Reserved: 10.0.0.0-10.255.255.255 • Class B Reserved: 172.16.0.0-172.31.255.255 • Class C Reserved: 192.168.0.0-192.168.255.255
GNU Parted
It is particularly useful when creating partitions on new storage drives. It can be used to create, destroy, and resize partitions. The parted command runs the GNU Parted utility.
/var/log/kern.log
Kernel messages (e.g., dmesg output).
kernel space and user space
Kernels tend to divide software running in memory into two spaces: kernel space and user space. The kernel space is simply where the kernel executes the services that it provides. The user space is the area of memory that includes everything outside of kernel space. This can include everything from high-level applications that the user interacts with directly, to processes that run in the background, to various low-level system libraries.
Netfilter
Linux kernel framework that handles packets that traverse a network interface. The iptables tool is closely integrated with Netfilter. It is able to allow, drop, and perform other firewall actions because it can interact with packets that are on Netfilter hooks. Both UFW and firewalld call iptables in some capacity, so they likewise rely on Netfilter.
Device Management
Manages devices by controlling device access and interfacing between user applications and hardware devices of the computer. When a user space application sends a system call, the kernel reads the request and passes it on to the drivers that manage the activities of that particular device
MAC
Mandatory access control (MAC) is a model in which access is controlled by comparing an object's security designation and a subject's (users or other entities) security clearance.
Buffer/Cache Output
Memory can be cached, meaning that it is stored temporarily so that the data it contains can be accessed much quicker in the future. The Buffers field in /proc/ meminfo indicates memory that is assigned to a specific block device. This memory is used to cache file system metadata, like directory contents, permissions, etc. The Cached memory is similar, but instead of storing file metadata, it stores the actual contents of files. The free command combines these two values together upon output.
crontab file
Minute hour dayofmonth month dayofweek "minnie has daily money worries" * 20 * * 1-5 /path/to/command —executes the command at 8 P.M., monday through friday 15 2 * * * /path/to/command —executes the command at 2:15 A.M., daily.
brctl
Network bridging involves associating two networks that normally would not pass network traffic between them. Bridging works at OSI Layer 2 with MAC addresses. A Linux system can be configured to bridge two networks. The brctl (bridge control) command is used to configure bridging within Linux. A common example of bridging is as follows: 1. brctl show —View the bridging configuration. 2. brctl addbr {bridge name} —Create an empty bridge. 3. brctl addif {bridge name} eth0 —Add eth0 to the bridge. 4. brctl addif {bridge name} eth1 —Add eth1 to the bridge, linking the networks connected to eth0 and eth1.
Platform as a Service (PaaS)
PaaS includes virtualization of the operating system layer of the environment. The development or database platform is supported by the cloud service provider and given to the customer in a ready-to-use manner. Support for the platform is off-loaded to the cloud service provider. This area of cloud computing typically provides service to developers and database administrators.
Types of Partitions
Primary Extended Logical
>
Redirect the standard output to a file.
User cron directories
Regular users are not allowed to populate the /etc/cron directories, so each standard user can schedule their own tasks in a personal directory located at /var/spool/cron. Any tasks listed here will execute with the standard user's credentials.
Kill Signals
SIGINT 2 SIGKILL 9 SIGTERM 15 SIGSTOP 17,19,23 SIGSTP 18,20,24
Network File Systems
SMB CIFS NFS
SNMP
SNMP uses UDP port 161 and port 162 for both TCP and UDP.
/etc
Stores basic configuration files.
Kernel Layers
System Call Interface (SCI) Process Management Memory Management File System Management Device Management
initrd image
The Linux initrd image is an archive file containing all the essential files that are required for booting the operating system. It can be built or customized to include additional modules, remove unnecessary modules, or update existing modules. Typically, this image is stored in the /boot directory.
log rotation
The logrotate utility is used to perform automatic rotation of logs. When executed, logrotate adds a .1 to the end of the file name of the current version of the log files. Previously rotated files are suffixed with .2, .3, and so on.
source
The source command is used to execute another command within the current shell process. In this sense, it performs the opposite functionality of the exec command. This is useful when you'd like to stay within your current shell when executing a script.
yum
The yum command improves on the functionality of rpm while still using .rpm packages and maintaining an RPM database. It provides a more straightforward method for managing packages. automatically handle software dependencies. install {package name} Install the package from any configured repository. localinstall {package name} Install the package from the local repository. remove {package name} Uninstall the package. update [package name] Update the package; if none provided, updates all installed packages (timeconsuming). info {package name} Report information about the package. provides {file name} Report what package provides the specified files or libraries.
/proc
This is a virtual file system (VFS) that represents continually updated kernel information to the user in a typical file format.
Kerberos
This is an authentication service that is based on a time-sensitive ticket-granting system. It is used as a single sign-on (SSO) method where the user enters access credentials that are then passed to the authentication server, which contains an access list and allowed access credentials. Kerberos can be used to manage access control to many different services using one centralized authentication server.
/sys
This is another VFS, and it primarily stores information about devices.
noop
This is the simplest scheduler and does not sort I/O requests, but merely merges them. This can be ideal in situations where the device or its storage controller performs its own sorting operations. It can also benefit devices that don't have mechanical components requiring seek time, like SSDs and USB flash drives, because this scheduler doesn't expend much effort in reducing seek time. However, the previous two schedulers are preferred in most other situations.
Globbing
This method of shell expansion is used to replace a specific wildcard pattern with values that match the pattern. There are three special characters used in globbing: the asterisk (*) used to match any number of characters; the question mark (?) used to match a single character; and characters within square brackets ([ ]) to match any of the characters listed.
nmgui
a GUI tool, which is particularly helpful for managing the network connections of workstations. The nmgui tool enables IPv4 and IPv6 configuration, as well as providing access to a wide variety of other network settings.
/proc/
a virtual file system (VFS) that provides significant information about the kernel's running process. Some of the files in the /proc/ directory are listed in the following table. /proc/cmdline Options passed to the kernel by the boot loader at boot time, such as mounting the kernel as read-only. /proc/cpuinfo CPU information, such as its architecture, name, clock speed, cache size, and more. /proc/devices A list of character and block device drivers loaded into the currently running kernel. /proc/filesystems A list of file systems types that are supported by the kernel, as well as if any are currently mounted. /proc/meminfo Information about RAM usage, including total memory, free memory, and much more. /proc/modules Information about modules currently installed on the system. An alternative to the lsmod command. /proc/stat Various statistics about the system since it was last rebooted.
Network Manager
aid in the proper configuration of the IP information. NetworkManager includes three different interfaces that may be used, depending on whether or not a GUI is available on the Linux system.
SGID
allows a user to have similar permissions as the group owner of the file. Can be set on directories. Subdirs inherit chmod g+s chmod 2XX
SUID
allows a user to have similar permissions as the owner of the file. chmod u+s chmod 4XX
umask
alters the default permissions on newly created files and directories. you set default permissions using octal instead of specifying which permissions to set, you specify which permissions to mask, or clear, from the default
zip
also features file archiving functionality. In fact, zip is a combination of an older compression utility called compress and the tar archive command. -d Delete entries in a .zip archive. -e Encrypt the contents of an archive. -F Fix a corrupted .zip archive. -r Enable recursion. -T Perform an integrity check on the archive file.
renice command
alter the scheduling priority of an already running process
Thin Client
any lightweight computing device that connects to a more powerful server for doing work.
/var/lib/mlocate/mlocate.db
database used by locate
Scheduler Types
deadline cfq noop
chattr
change the attributes of a file or directory. -R recursively -v set version +i mark file as RO or immutable -i remove RO/Immutable
if elif statement
if [ <condition to be evaluated> ] then <code to execute if condition is true> elif [ <other condition to be evaluated> ] then <code to execute if other condition is true> fi
setfacl
change the permissions associated with the ACL of a file or directory. -R recursively -s set acl replacing existing -m modify existing -x remove from existing -b remove all entries u:<user> g:<group> setfacl -m u:http:r-- /home/directory
if Statement
if [ <condition to be evaluated> ] then <code to execute if condition is true> fi
touch
changes the time of access or modification time of a file to the current time, or to the time specified in an argument. It is also used to create an empty file with the specified file name, assuming the file does not exist
unlink
can only remove one file at a time and cannot remove directories.
libraries
chunks of compiled code that can be used in programs to accomplish specific common tasks. Shared libraries enable more modular program builds and reduce time when compiling the software. Compiled software must be able to access needed libraries when it runs. Shared libraries are typically included with a Linux distribution and are placed in the /usr/lib/ directory for general accessibility.
Virtual File System (VFS)
common software interface that sits between the kernel and real file systems. In effect, the VFS translates a real file system's details to the kernel so that the file system appears identical to any other file system. With VFS, you can mount multiple different types of file systems on the same Linux installation, and they will appear uniform to the user and to all other applications.
/proc/cpuinfo
contains information about the system's processor. You can use this information to identify characteristics about your CPU that might indicate issues related to performance or lack of support for features. Each logical processor core has its own entry. • processor —The number of the logical core, starting with 0. • vendor_id —The CPU manufacturer. • model name —The specific model of CPU. • cpu MHz —The logical core's clock speed, measured out to the thousandths decimal place. • cache size —The CPU's cache size. • flags —Characteristics about the CPU as well as supported features.
superblock
contains metadata about that file system, including its size, type, and status. The superblock is critical to the function of the file system, and if it becomes corrupt, you may be unable to mount and work with the file system. You can use a tool like fsck to repair the superblock, if necessary.
/etc/sysconfig/network-scripts/
contains network device configuration files. RedHat
cp
copy and then paste a file or directory.
SELinux Policies
defines access parameters for every process and resource on the system. It enforces rules for allowing or denying different domains and types to access each other. Configuration files and policy source files located in the /etc/selinux/ Targeted or Strict
authorized_keys
file on remote server that lists public keys the server accepts
VPN
enable remote users to connect to the internal company network and access internal resources as if they were physically present at the network location.
/etc/sysctl.conf
enables configuration changes to a running Linux kernel. These changes might include improvements to networking, security configurations, or logging of information.
orchestration
enables the automation of multiple related tasks—an entire workflow. One example of orchestration might be the deployment of a web app. The deployment may include the installation and configuration of the web server, the installation and configuration of a MySQL™ database server, and the installation and configuration of an application server, as well as all supporting software.
hwclock
enables you to view and set the hardware clock. As mentioned before, it is strongly recommended that you keep the hardware clock aligned with UTC to prevent over-correction by other operating systems. --set Set the hardware clock to the provided date and time. -u Set the hardware clock to UTC. -s Set the system time from the hardware clock. --adjust Add or subtract time from the hardware clock to account for systematic drift.
hostnamectl
enables you to view the system's network hostname and other information about the system's hardware and the Linux kernel it is running. You can also use this command to change the system's hostname. hostnamectl set-hostname server01
resize2fs
enlarge or shrink an ext2/3/4 file system on a device. You can enlarge a mounted file system, but you must unmount the file system before you can shrink it.
Sticky Bit
ensures that only the owner of a file or directory (or root) can delete the file or directory. chmod +t chmod 1XX As with SUID/SGID, use - or 0 to clear the sticky bit.
gunzip
equivalent to issuing gzip -d
lastb
failed login events /var/log/btmp
exit command
force the shell to terminate with whatever exit code you provide. For example, exit 1 will cause the script to terminate with a failure status.
Linux Kernel
free and open source monolithic kernel that manages all other resources on the operating system. As a monolithic kernel, device drivers run within kernel space and have full access to hardware. The architecture of the Linux kernel provides many useful features, including virtual memory management, support for TCP/IP networking, shared libraries, and many more. One important quality of the Linux kernel is its modularity. This enables users to configure and extend kernel functionality to meet their needs.
X.ORG Server
free and open source reference implementation of the X Window System for Linux and other Unix-like operating systems. Released in 2004, it quickly became the de facto display server on many Linux distributions.
grub2-mkpasswd-pbkdf2
generate a password hash to protect the boot menu
grub2-mkconfig
generates a new grub.cfg configuration file, and is used to update an existing grub.cfg file combines the configuration file templates in the /etc/grub.d/ directory with the settings in /etc/default/grub to generate the grub.cfg configuration file.
ioping
generates a report of device I/O latency in real-time. It will continuously "ping" the specified device with requests and print information about each request at the command-line. By default, this information tracks how long it took an I/O request to finish. -c count -i time between requests -t min valid request time -T max valid request time -s size of request
iostat
generates reports on CPU and device usage. For storage, it provides input and output statistics for block devices and partitions. the -d option to specify device information only
lsattr
list the attributes of a file or directory. -R recursively -a all files -d list dir like files -v version number of file
lshw
lists each detected hardware component on the system and provides details about each device. The command pulls information from many different files in multiple device file locations like /proc/ and outputs in a hierarchical format.
mdadm
manage software-based RAID arrays
grep
not limited to finding file names; it is most often used to search the contents of a file for a particular string of text. As output, grep displays each full line of the file that your search pattern was found in. -E {pattern} Match a pattern as an extended regular expression -F {pattern} Match a pattern as a list of fixed strings. -f {file name} Match patterns contained in the specified file. -i Ignore casing. -v Output only lines that don't match the provided pattern. -c Only print the number of matching lines, not the lines themselves. -l Only print the file(s) that have matching lines, not the lines themselves. -o Only print the matching part of a line, not the entire line.
SysVinit
older init method that has been largely replaced by systemd. However, some distributions still support SysVinit.
OpenSSL
open source implementation of the SSL/TLS protocol for securing data in transit using cryptography. On Linux, the openssl command is an interface into accessing a variety of OpenSSL features. It is also one of the most common tools for generating and managing components of a PKI.
Kubernetes
open source solution that provides container deployment and application orchestration for cloud and on-premises container environments. You define a desired state and Kubernetes configures containers to match that state.
Zypper
package manager that supports repositories, dependency solving, and management of the software lifecycle. openSUSE package manager that supports .rpm packages. It is very efficient and does an excellent job of managing package dependencies.
AppArmor
packaged with Debian-based and SUSE Linux distros. AppArmor provides the same fundamental service as SELinux, but its approach is different in many the main difference is that AppArmor works with file system objects based on paths, whereas SELinux references inodes directly. These paths are referenced in flat configuration files, or profiles, that AppArmor uses to determine how to control access.
Lock user account
passwd -l usermod -L
Secure Shell (SSH)
remote access protocol that encrypts transmissions over a network. It is the most commonly used protocol for accessing the command-line
rm
remove files and directories -R to remove directories and its contents
ip command
replaces ifconfig in many distributions. It provides similar information to ifconfig, including IP address, subnet mask, MAC address, etc. • ip addr show —shows the IP address information on all interfaces. • ip link —shows the status of each interface. • ip link set eth1 up —enables the interface identified as eth1 • ip link set eth1 down —disables the interface identified as eth1
Repositories
repos, are storage locations for available software packages. • Local repositories: These repositories are stored on the system's local storage drive. Installation is easy, but version control is difficult because of the decentralized nature of local repositories. If you manage 20 Linux servers, each would have its own repository to be maintained. • Centralized internal repositories: These repositories are stored on one or more systems within the internal LAN and managed by the Linux administrator. This centralized approach makes version control much simpler. If you manage 20 Linux servers, one could host the repository and the other 19 could download their packages from it. • Vendor repositories: These repositories are maintained on the Internet, often by the distribution vendor. Version control is very difficult because the vendor decides what package versions are made available.
getfacl
retrieve the ACLs of files and directories
RPM Querying
rpm -qa List all installed software (typically a very large output). rpm -qi {package name} List information about a particular package. rpm -qc {package name} List the configuration files for a particular package.
Partition
section of the storage drive that logically acts as a separate drive. Partitions enable you to convert a large drive to smaller manageable chunks
Identity and Access Management (IAM)
security process that provides identity, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications. IAM enables you to define the attributes that comprise an entity's identity, such as its purpose, function, security clearance, and more. These attributes subsequently enable access management systems to make informed decisions about whether to grant or
/proc/version
specifies several points of information about the Linux kernel: • The version of the Linux kernel currently running. • The version of the GNU Compiler Collection (GCC) used to compile the kernel. • The user name of the kernel compiler. • The time the kernel was compiled. The version of the kernel may impact system functionality, so you can use this file to validate that version.
ss
ss (socket state) command is an information gathering utility similar to netstat but provides simpler output and syntax. -l Show currently listening sockets. dst {host} Show whether the specified host is connected and what the connection statistics are. -i Show only what ports are being listened on. Displaying listening
rsyslogd
system utility providing support for message logging. Makes several improvements, including support for: • TCP instead of UDP as the transport protocol, increasing the reliability of transmitted data. • Data encryption using SSL/TLS. • Outputting data to various database technologies like MySQL. • Buffering data on local systems when the remote receiver is not ready to accept it. • Filtering data based on content.
/etc/bashrc
system-wide Bash settings. This is a little different than /etc/profile, which is used for variables.
Restore files with tar
tar -wxvf [destination] [source]
iperf
test the maximum throughput an interface will support. The utility must be installed on both endpoint systems. One system is designated as a "server" and the other as a "client."
IP Forwarding
the Linux kernel implementation of network routing functionality. It enables incoming traffic on one network interface to be forwarded to another network interface. IP forwarding is therefore only useful on systems that have multiple interfaces, particularly systems that act as routers or gateways for other systems in the network.
X Window System (X11 or X)
the X server coordinates client input and application output to determine how to draw elements on the screen. The X server also communicates with a separate compositor. The compositor reads a memory buffer that each application writes to, then uses the information in this buffer to combine each individual application window on the screen so that multiple windows can appear at once.
/etc/rsyslog.conf
the configuration file for the rsyslogd service. This file determines how to handle syslog messages through a variety of rules that you can modify as needed.
Kernel
the core of an operating system. All other components rely on it. The kernel manages file system access, memory, processes, devices, and resource allocation on a system. The kernel also controls all the hardware devices plugged into the system. It is one of the first elements to be loaded on startup and remains in the main memory during the computer's operation.
boot loader
the small program stored in ROM that loads the kernel from a storage device, and then starts the operating system. A boot environment like BIOS reads the boot loader from ROM so that the boot loader can execute the necessary operations to start the process. Boot sector program The first component of the boot loader. It is loaded by a boot environment on startup and has a fixed size of 512 bytes. Its main function is to load the second stage boot loader; however, it can also load another sector or a kernel. Second stage boot loader Loads the operating system and contains a kernel loader. Boot loader installer Controls the installation of drive sectors and can be run only when booting from a drive. It coordinates the activities of the boot sector and the boot loader.
Sector
the smallest unit of storage read from or written to a drive. A sector stores 512 bytes of data by default. On hard disk drives, a collection of sectors is called a track.
test
used to check conditional logic and perform comparisons. var=/etc if test -d $var; then echo "The $var directory exists!" fi
chage or "change age"
used to control password expiration, expiration warnings, inactive days, and other information for existing accounts. -E expire -l list passwd aging -M Max days -m Min days -W warning
Environment Variables
variable that is inherited from parent shell processes and is subsequently passed on to any child processes. key-value pairs in the format KEY=value and KEY=value1:value2 for variables with multiple values.
VG Tools
vgscan all physical devices for volume groups. vgcreate Create volume groups. vgdisplay List attributes of volume groups. vgchange Change attributes of volume groups. vgs Display information about volume groups. vgck Check the metadata of volume groups. vgrename Rename a volume group. vgreduce Remove physical volumes from a volume group to reduceits size. vgextend Add physical volumes to volume groups. vgmerge Merge two volume groups. vgsplit Split a volume group into two. vgremove Remove volume groups.
nmcli
view and configure network information. Because many network servers will not include a GUI, it is important to be comfortable with nmcli to manage network settings. general status - View a summary of network connectivity data. connection - show View identification information for each NIC. con up {device ID} - Enable the specified NIC. con down {device ID} - Disable the specified NIC. con edit {device ID} - Enter interactive mode to configure the specified NIC. device status - Display the current status of each NIC.
localectl
view and configure the system locale and keyboard layout settings. status Show the current locale and keyboard layout. This is the same as issuing localectl by itself. set-locale Set the system locale to the locale provided. list-locales List all available locales on the system. set-keymap Set the keyboard layout to the provided layout. list-keymaps List all available keyboard layouts on the system.
ldd
view shared library dependencies for an application. This can be useful for troubleshooting or gathering information about system requirements for an application. ldd [options] {program binary}
ifconfig
view the current IP addressing information for each NIC recognized by the system. officially deprecated
nmtui
visual representation of network configuration options. By running the nmtui command, you can call up a text-based user interface
wc
word count (wc) command is used to count the number of lines, words, and characters in a text file. If multiple files are specified, then the command displays the counts for each file and the total count for all files. -c Display the byte count. -m Display the character count. -l Display the newline count. -w Display the word count.
XFS Tools
xfs_db Debug the XFS file system.xfs_info Display details about the XFS file system, including its block information. xfs_admin Change the parameters of an XFS file system, including its label and UUID. xfs_metadump Copy the superblock metadata of the XFS file system to a file. xfs_growfs Expand the XFS file system to fill the drive size. xfs_copy Copy the contents of the XFS file system to another location. xfs_repair Repair and recover a corrupt XFS file system.
ip command for troubleshooting
• Check the IP address configuration: If the ip addr command reports back an address in the link-local range, then the NIC is not configured with a legitimate IP address. The link-local range is 169.254.#.#. If the system is a DHCP client, then verify connectivity to the DHCP server. • Check the status of the NIC: The ip command can be used to "up" or "down" a NIC (enable or disable it). If the NIC shows as down, it is disabled and not functional. • Check the usage statistics of a NIC: Using ip with the -s option enables you to view connectivity statistics for the connection.
Read (r)
• Files: The ability to access and view the contents of a file. • Directories: The ability to list the contents of a directory.
bzip2
.bz2 extension bzip2 Compress a file. bunzip2 Decompress a file. bzcat Decompress a file to standard output. bzdiff Run the diff command on compressed files. bzip2recover Recover data from damaged .bz2 files. bzless Run the less command on compressed files. bzmore Run the more command on compressed files.
Chef
Chef uses "cookbooks" to deliver configuration declarations to cloud and on-premises managed systems.
IPv4 Classes
Class A 0.0.0.0 127.0.0.0 Class B 128.0.0.0 191.255.0.0 Class C 192.0.0.0 223.255.255.0 Class D 224.0.0.0 239.255.255.255 Class E 240.0.0.0 255.255.255.255
groupmod
Change group attributes (edits /etc/group) -g change GID -n rename group
TACACS+
Terminal Access Controller Access-Control System (TACACS) and its successor, TACACS+, also provide AAA services for remote users. TACACS+ is more secure and more scalable than RADIUS.
Application-layer firewalls (third generation)
These firewalls can inspect the contents of application-layer traffic (e.g., protocols like HTTP and FTP) and make decisions based on these contents. An application-layer firewall can detect attempts to bypass traditional filtering and stateful inspection that leverage known software exploits.
Packet Filters (first generation)
These firewalls make decisions based on rules that correspond to one or more network packet attributes. These rules appear in the form of an access control list (ACL). Packet filtering firewalls are also called stateless firewalls because they can only inspect a packet in isolation, and cannot determine what has come before that packet that might provide valuable context.
grub2-efi
To install GRUB 2 on a UEFI system, use a package manager to install the grub2-efi package. Installing this package will copy GRUB 2 files onto the EFI system partition (ESP) in the /boot/efi directory.
grub2-install
Used to install the GRUB 2 boot loader on a storage device. It copies GRUB 2 files into the /boot/grub2 directory and, on some platforms, installs GRUB 2 into the boot sector. However, grub2-install applies to BIOS systems, not UEFI.
SELinux Contexts
User - what users can access object Role - What roles can access object. Type - "label" portion of MAC, most important for fine-grained access control. Groups objects together that have similar security requirements.
X Fowarding
X (X11) is network-aware and can enable clients to access GUI elements over a network. You can forward X traffic through an SSH tunnel in order to encrypt these communications.
reposync
YUM also enables the synchronization of an online repository to a local storage location. This is also known as mirroring. It has the advantage of reducing WAN traffic and lessening the load on the parent repository. The reposync utility is used to manage this process. You can choose to synchronize the parent repository once, or cause it to update periodically.
hard link
a reference to another file; it enables the file's data to have more than one name in different locations in the same file system. Applications treat a hard link as a real file. If the original file is deleted after a hard link is created, all its contents will still be available in the linked file.
Certificate Authority (CA)
a server that issues digital certificates for entities and maintains the associated private/public key pair. CAs sign digital certificates so that clients can validate the authenticity of certificates owned by entities.
Kernel Modules
a system-level object that extends the functionality of the kernel. It can be dynamically loaded into the kernel or unloaded from the kernel when required. It enables the kernel to update or recompile itself without requiring the system to reboot.
SCSI
Small Computer System Interface (SCSI) is a computer bus interface for connecting peripheral devices to traditional computers. SCSI provided high transfer rates and therefore became popular in enterprise storage arrays where speed was important.
Backup Storage Methods
Snapshot Image Clone
dpkg
manage packages on Debian-derived distributions. -i {package name} Install the package. -r {package name} Remove (uninstall) the package. -l [package name] List information about the specified package; if none provided, list all installed packages. -s {package name} Report whether the package is installed.
fdisk
menu-driven program that is used to create, modify, or delete partitions on a storage drive -b number of drive sectors -H drive heads -S sectors per track -s print partition size in blocks -l list partition table
Infrastructure as Code
orchestration tools that manage the entire deployment and configuration process through scripting and code files, rather than through traditional software tools. Relies on a single configuration specification to deploy the supporting infrastructure (the operating system) and the necessary applications.
CUPS
print management system for Linux that enables a computer to function as a print server.
runlevel command
prints the previous and current runlevel of the system, each separated by a space.
I/O Scheduling
process by which the operating system determines the order of input and output operations as they pertain to block storage devices. Scheduling is important because, compared to CPU and memory operations, block storage operations are relatively slow—especially in disk-based technology like hard disk drives. Although the kernel handles scheduling, you can actually configure the scheduler with different behavior types.
piping
process of combining the standard I/O streams of commands. It uses the standard output of one command as the standard input for another command.
Console Redirection
process of forwarding input and output through a serial connection rather than through any I/O peripherals that are directly attached to the system. This enables the system with console redirection to send display output data along a serial cable and eventually to a remote client. Likewise, the remote client can redirect its keyboard input along a serial connection so that it gets sent to the remote server.
System Initialization
process that begins when the kernel first loads. It involves the loading of the operating system and its various components, including the boot process. System initialization is carried out by an init daemon in Linux—the "parent of all processes." The init daemon refers to a configuration file and initiates the processes listed in it. Systemd and SysVinit
Package Managers
programs that install, update, inventory, and uninstall packaged software.
iwconfig
provide wireless NIC configurations nick {name} Set a nickname for the NIC. mode {mode} Set the operating mode for the NIC that corresponds to the network topology. freq {number} Set the Wi-Fi frequency used by the NIC channel {number} Set the Wi-Fi channel used by the NIC. retry {number} Set the maximum number of MAC retransmissions for the NIC.
Systemd
provides an init method for initializing a system. It also provides tools for managing services on the system that derive from the init daemon. The systemd suite was designed as a replacement for other methods like SysVinit, and is now the dominant init method in modern Linux distributions.
Quota Management Commands
quotacheck -cug {mount point} Create quota database files for a file system and check for user and group quotas. edquota -u {user name} Edit quotas for a specific user. edquota -g {group name} Edit quotas for a specific group. setquota -u {user name} Set quotas for a specific user. setquota -g {group name} Set quotas for a specific group.
xargs
reads from standard input and executes a command for each argument provided.
blkid
similar functionality to lsblk, but it simply prints each block device in a flat format and includes some additional information like device/ partition UUID and file system type.
printf
similar to echo, but provides the user with much more control over how the output is formatted. You can supply various format characters within the text you want to output, using a backslash (\) to indicate when they are being used.
lastlog
similar to the last command, but instead of listing the most recent login events, it lists all users and the last time they logged in. This command retrieves information from /var/log/lastlog
Journaling
records changes that have not yet been made to the file system itself in an object called a journal. This enables the file system to quickly recover after an unexpected interruption
&>
redirect standard out and standard error message to file
Symbolic Link
reference to a file or directory that can span multiple file systems. If the original file or directory is deleted after a symbolic link is created, then the original content is lost. This is because the inode of a symbolic link is different than its target; in other words, it points to a different object on the file system. A symbolic link is also known as a soft link.
ownership
refers to the property by which a user can apply and modify the permissions of a file or directory. By default, the owner of a file or directory is the user who created that file or directory.
Bootstrapping
refers to the startup of the operating system. With virtual machines, the bootstrapping steps are handled by the virtualization layer. Cloud-init is a cloud-based Linux mechanism to customize a virtual machine during its first bootup. The combination of Anaconda and Kickstart enables rapid, consistent, and customized Linux installations.
monolithic kernel
all system modules, such as device drivers or file systems, run in kernel space. As a result, a monolithic kernel can interact quickly with devices. However, its main disadvantage is its size, which leads to higher consumption of RAM. In addition, a failure in a device driver can lead to system instability in a monolithic kernel
/dev/null
also known as the null device, is a file that discards all data written to it. Typically, you'd redirect an output stream to this file in order to confirm that the write operation was successful without actually writing to anything.
function
block of code that you can reuse to perform a specific task. function my_func { code... } If you're familiar with object-oriented programming languages like C, you might be more comfortable with the second method: my_func() { code... }
Single-user Mode
boots the operating system into an environment where the superuser must log in. Networking is also disabled in single-user mode, and most partitions are not mounted. It is typically used to troubleshoot issues
Wayland
both a display server and its reference implementation in Unix-like operating systems that is meant to improve upon and replace the X Window System. The primary difference between Wayland and X is that, in Wayland, the compositor is the server rather than a separate component. This enables clients to exchange events directly with the compositor, cutting out the X server as a middle man.
mkfs
build a Linux file system on a device -V verbose -t specify filesystem type -l read bad blocks mkfs [options] {device name}
updatedb
build a database of files based on the /etc/ updatedb.conf file. This command is used to update the /var/lib/mlocate/mlocate.db database.
tune2fs
configure various "tunable" parameters associated with an ext2/3/4 file system. Tunable parameters enable you to remove reserved blocks, alter reserved block count, specify the number of mounts between checks, specify the time interval between checks, and more.
/usr/share/zoneinfo/
container for all of the regional time zones that you can configure the system to use. The individual files are not raw text files, but are special files used by the system. One way to change the system's time zone is by creating a symbolic link to one of these individual time zone files to the /etc/localtime file.
/proc/meminfo
contains a great deal of information about the system's memory usage. • MemTotal —The total amount of physical memory on the system. • MemFree —The total amount of physical memory that is currently unused. • Cached —The total amount of physical memory that is being used as cache memory. • SwapTotal —The total amount of swap space on the system. • SwapFree —The total amount of swap space that is currently unused. • Dirty —The total amount of memory that is waiting to be written to storage. • Writeback —The total amount of memory currently being written to storage.
/dev/mapper/
contains all of the logical volumes on the system that are managed by LVM.
/dev/
contains files that represent and support devices attached to the system.
/proc/partitions
contains information about each partition that is currently attached to the system.
/etc/grub.d/
contains scripts that are used to build the main grub.cfg file. Each script provides various functions to GRUB 2 and is numbered so that the scripts can execute in a sequence. It's usually not a good idea to edit the existing scripts in this directory.
/user/lib
contains shared libraries and binaries for general programs and software packages. The files in this directory are not meant to be executed by the user or custom shell scripts. More specifically, the /usr/lib/ modules/ directory contains the modules of different kernel versions that are installed.
chkconfig
control services in each runlevel. It can also be used to start or stop services during system startup. {service} on Enable a service to be started on boot. {service} off Disable a service so that it is no longer started on boot. {service} reset Reset the status of a service. --level {runlevel} Specify the runlevel in which to enable or disable a service. chkconfig [options] [service] [subcommand]
systemctl
control the systemd init daemon. You can view running services, manage (enable/disable) services to run at boot or in the current session, determine the status of these services, and manage the system target.
cpio
copies files to and from archives. The cpio command has three operating modes. copy-out copy files into an archive copy-in copy files from an archive copy-pass copy files from one directory tree to another
/etc/rc.local
executed at the end of the init boot process, typically used to start custom services. However, this file is rarely used and is not even supported in some distributions that still use SysVinit.
last
history of user login and logout actions w time/date
/root
home directory of root user
Binaries
source code that is compiled into an executable program, or otherwise assembled so that it is readable by the computer system. In addition, binaries can be pictures, word processing files, or spreadsheet files.
metacharacters
special characters that the Bash shell will, by default, interpret in a certain way.
Build Automation
specifically emphasizes the initial operating system deployment. One example of build automation is the use of Kickstart files with Red Hat-derived distributions. These files can be referenced by the installation procedure and the operating system is then deployed according to the instructions in the Kickstart file.
Stateful firewalls (second generation)
stateful firewalls can identify past traffic that is related to a packet. This means that a stateful firewall can view the entire conversation of a transmission, such as the three-way TCP/IP handshake. Stateful firewalls can therefore make more informed decisions about what traffic to deny and what to allow
ACL Features
stateless firewall's ACL can allow or deny packets based on various factors. Those factors include: • Source IP address • Destination IP address • Source TCP or UDP port • Destination TCP or UDP port • TCP or UDP protocol used Accept Reject Drop
lpq
status of the printer queue. By default, it will report each print job's rank in the queue, who owns the job, the job number, the files in the job, and the size of the job.
systemctl commands
status {service} Retrieve the current status of a service. enable {service} Enable a service to be started on boot. disable {service} Disable a service so that it is no longer started on boot. start {service} Start (activate) a service immediately. stop {service} Stop (deactivate) a service immediately. restart {service} Restart a service immediately. set-default {target} Set the default target for the system to use on boot. isolate {target} Force the system to immediately change to the provided target. mask {unit file} Prevent the provided unit file from being enabled or activated, even when done manually. daemon-reload Reload the systemd init daemon, including all unit files.
Block devies
storage devices (HDD, SDD,USB drive) that can be read from and written to in blocks of data.
IP sets
stored collections of IP addresses, network ranges, MAC addresses, port numbers, and network interface names. The iptables tool can leverage IP sets for more efficient rule matching. ipset create range_set hash:net ipset add range_set 178.137.87.0/24 ipset add range_set 46.148.22.0/24 iptables -I INPUT -m set --match-set range_set src -j DROP
/etc/init.d/
stores initialization scripts for services. These scripts control the initiation of services in a particular runlevel. The scripts are invoked from the /etc/inittab file when the system initialization begins, using the symbolic links found in the file. SysVinit scripts are highly flexible and can be configured according to the needs of the user.
Swap Files
storing data that is to be transferred from a system's memory to a storage device.
sed
stream editor command is a program that you can use to modify text files according to various parameters. The sed command can also be used for global search and replace actions. d Delete the lines that match a specific pattern or line number. -n,p Print only the lines that contain the pattern. s Substitute the first occurrence of the string in the file. s,g Globally substitute the original string with the replacement string for each occurrence in the file.
sysctl
used to view or set kernel parameters at runtime. -a Display all parameters and their current values. -w {parameter}={value} Set a parameter value. -p [file name] Load sysctl settings from the specified file, or /etc/sysctl.conf if no file name is provided. -e Ignore errors about unknown keys. -r {pattern} Apply a command to parameters matching a given pattern, using extended regular expressions.
id_rsa
users private key
id_rsa.pub
users public key
exit codes
value that a child process passes back to its parent process when the child process terminates. In the Linux world, a status code of 0 indicates that the process executed successfully. The exit code 1 or any number higher indicates that the process encountered errors while executing.
dracut
used to generate an initramfs image, similar to how mkinitrd is used to generate an initrd image. In fact, on some distributions, mkinitrd is a compatibility wrapper that calls the dracut command.
ethtool
used to manage NIC driver and network configurations. Whether or not it is installed by default will depend on the distribution in use -S {interface} Show statistics for a NIC. -i {interface} Show driver information for a NIC. -t {interface} Execute a self-test on the NIC. -s {interface} {setting} {value} Change some of a NIC's settings, such as its speed and duplex mode.
paste
used to merge lines from text files horizontally. Each line of an initial file is a row in the first column; using paste, you specify a second file, and every line of the second file becomes a row in a new, second column. By default, the paste command uses a tab space delimiter to separate each column.
date
used to print the date in a specified format. The date command will print the date based on the etc/localtime file. By default, it will print the date in the following format: Wed Oct 31 15:03:16 GMT 2018
escape character
used to remove that special meaning so the character can be used literally rather than interpreted as something else by the system.
systemd-analyze
used to retrieve performance statistics for boot operations. systemd-analyze blame to identify services and other units that make the system slow to boot.
timedatectl
used to set system date and time information. status Show the current date and time information, including local time, universal time, RTC time, time zone, and more. This is the same as issuing timedatectl by itself. set-time Set the system's time to the time provided. The format should be as follows: 2018-10-31 15:03:16 set-timezone Set the system's time zone to the time zone provided. The zone is in the format specified by the /usr/share/ zoneinfo structure. list-timezones List all available time zones in the format specified by the /usr/share/zoneinfo structure. set-ntp {0|1} Enable or disable synchronization with a Network Time Protocol (NTP) server.
Permission Contexts
• Owner (u): The owner of the file or directory, also simply referred to as the user. • Group (g): The file or directory's group and all users belonging to that group. • Other (o): All other users (neither owner nor group member).
chmod Symbolic Mode
• Permission contexts: u/g/o/a (a applies the permissions to all three contexts). • Permission operators: +/-/= • Permission attributes: r/w/x
LVM Tools
• Physical volume (PV) tools • Volume group (VG) tools • Logical volume (LV) tools
Process States
• Running—The process is currently executing in user space or kernel space. In this state, the process can perform its assigned tasks. • Interruptible sleep—The process relinquishes access to the CPU and waits to be reactivated by the scheduler. A process typically enters this state when it requests currently unavailable resources. "Interruptible" implies that the process will wake from its sleep if a scheduler finds a time slot for it. • Uninterruptible sleep—In this sleep state, the process will only wake when the resource it's waiting for is made available to it. Otherwise, it will stay in its sleep state. This state is common for processes that perform storage or network I/O. • Zombie—This state indicates that a process was terminated, but that it has not yet been released by its parent process. It is in a "zombie-like" state where it cannot accept a kill signal because the process isn't available anymore.
Wayland Disadvantages
• Screen sharing software tends to work better under X.Org Server than Wayland. • Remote desktop software tends to work better under X.Org Server than Wayland. • It's easier to recover from crashes under X.Org Server than Wayland. However, Canonical still expressed its commitment to Wayland in the future.
Email Protocols
• Simple Mail Transfer Protocol (SMTP) (TCP port 25) • Post Office Protocol (POP3) (TCP port 110) • Internet Message Access Protocol (IMAP) (TCP port 143)
Clock Types
• The local clock. This clock reflects the current time in the system's locale (i.e., the time zone). • The universal time. This clock reflects the time irrespective of the local time zone. • The hardware clock. As the name implies, this clock functions at the hardware level and keeps time even when the computer is powered off.
HBA
A host bus adapter (HBA) is a hardware component that connects a host system to a storage device, like in a storage area network (SAN), in order to facilitate the input and output of data.
ABRT Utilites
ABRT runs as the abrtd daemon and can be configured using abrt-cli or abrt-gui
>>
Append standard output to end of dest file
nice value
Processes are prioritized based on a number from -20 to 19. lower the number, the higher the priority.
Gnome VMM
The GNOME Virtual Machine Manager (VMM) utility can be used for managing connectivity to virtual machines. It enables the deployment, management, and removal of virtual machines using an intuitive graphical interface
IPSs
Two common third-party solutions are DenyHosts and Fail2ban, both of which examine log files for anomalies.
Monitoring Services
• top —monitors CPU and memory usage. • ApacheTop—provides log file analysis for Apache, as well as information on connection response times, etc. • Monit—a simple monitoring utility for Linux that watches hardware usage as well as directory and file information. • System Monitor—the GNOME GUI tool for gathering information on system resource usage.
wget and curl
• wget is a command-line utility only, whereas curl is implemented using the cross-platform libcurl library and is therefore more easily ported to other systems. • wget can download files recursively, whereas curl cannot. • curl supports many more network protocols than wget, which only supportsHTTP/S and FTP. • wget is better suited for straightforward downloading of files from a web server, whereas curl is better suited to building and managing more complex requests and responses from web servers.
Date format options
%A The full weekday name. %B The full month name. %F The date in YYYY-MM-DD format. %H The hour in 24-hour format. %I The hour in 12-hour format. %j The day of the year. %S Seconds. %V The week of the year. %x The date representation based on the locale. %X The time representation based on the locale. %Y The year.
/usr subdirectories
/usr/bin Includes executable programs that can be executed by all users. /usr/local Includes custom build applications that are stored here by default. /usr/lib Includes object libraries and internal binaries that are needed by the executable programs. /usr/lib64 Serves the same purpose as /usr/lib, except that it is meant only for 64-bit systems. /usr/share Includes read-only architecture independent files. These files can be shared among different architectures of an operating system.
Runlevels
0 poweroff.target Halts (shuts down) the system. 1 rescue.target Starts single-user mode. 2 multiuser.target Starts multi-user mode without remote networking. Loads a command-line interface (CLI). 3 multiuser.target Starts multi-user mode with remote networking. Loads a CLI. 4 multiuser.target Not used. 5 graphical.target Starts multi-user mode with networking and GUI capabilities. Loads a desktop environment. 6 reboot.target Reboots the system.
Differential Backup
All selected files that have changed since the last full backup are backed up. When differential backups are used, you must restore the last full backup plus the most recent differential backup. Differential backups require less storage space and backup time than full backups, but are slower to recover.
/etc/hosts
Contains a list of hostname-to-IP address mappings the system can use to resolve hostnames
Service command
Control SysVinit services through SysVinit scripts. {service} status Print the current state of a service. {service} start Start (activate) a service immediately. {service} stop Stop (deactivate) a service immediately. {service} restart Restart a service immediately. {service} reload Re-read a service's configuration files while the service remains running.
modinfo
Display information about a particular kernel module, such as the file name of the module, license, description, author's name, module version number, dependent modules, and other parameters or attributes. The syntax of this command is modinfo [options] {module name}
lsmod
Display the currently loaded kernel modules, their sizes, usage details, and their dependent modules.
Clustering Services
Each server in the cluster is referred to as a node and can accept client connections. If one node in the cluster goes down, whether planned or unplanned, the other nodes can maintain availability.
Persistent Volumes
Kubernetes provides an orchestration solution for container management. As part of that orchestration, persistent volumes are created. When used in conjunction with a Linux cluster, they keep the storage configuration separate from the configurations of the individual cluster nodes. This makes it easier for nodes to be replaced through their lifecycle without impacting the storage.
Logical Volume Manager (LVM)
LVM maps whole physical devices and partitions (e.g., /dev/sda1, /dev/sdb2, etc.) into one or more virtual containers called volume groups. Within these volume groups are one or more logical volumes.
/etc/logrotate.d/
Log rotation behavior can be configured in the /etc/logrotate.d/ directory, where each relevant service has its own configuration file.
Memory Management
Manages the computer's memory, which is one of the complex tasks performed by the kernel. Like processor sharing, the system's memory also needs to be shared among different user space resources. The kernel maps or allocates the available memory to applications or programs on request and frees the memory automatically when the execution of the programs is complete, so that it can be allocated to other programs.
File System Management
Manages the filesystem, which involves storing, organizing, and tracking files and data on a computer. The kernel also supports a virtual file system (VFS) that provides an abstract view of the underlying data that is organized under complex structures, so that it appears to be a single structure.
Sticky Bit on Files
Modern versions of the Linux kernel ignore the sticky bit on files; if you want to protect specific files, you need to apply the sticky bit on the directory that contains them.
Orchestration Attributes
Orchestration attributes define tasks to be managed by the orchestration process. Administrators can use these attributes to identify specific configurations that need to be set by the orchestration process. OpenStack orchestration relies on attributes, for example.
/etc/ssh/sshd_config
PasswordAuthentication Enable or disable password-based authentication. PubkeyAuthentication Enable or disable public key-based authentication. HostKey Reference the locations of the server's private keys. UsePAM Enable or disable support for Pluggable Authentication Modules (PAM). Port Change the port number to bind the SSH service to. ListenAddress Change the IP address the SSH service should listen on. SyslogFacility Change the logging level of SSH events. ChrootDirectory Reference a chroot jail path for a user. AllowUsers, AllowGroups Enable user-specific access by allowing the specified users or groups access over SSH. DenyUsers, DenyGroups Restrict the specified users or groups from accessing the server over SSH. PermitRootLogin Enable or disable the ability for the root user to log in over SSH.
PCI
Peripheral Component Interconnect (PCI) is a connection interface standard that is primarily used as an expansion bus for attaching peripheral devices. The initial PCI specification has been largely superseded by the more recent PCI Express (PCIe).
<<string
Provide input data from the current source, stopping when a line containing the provided string occurs. When placed in a script, this is called a here document cat <<EOF This is a here document. EOF stop accepting input when EOF string is reached
Puppet
Puppet uses manifest files (written in Ruby) to define infrastructure as code for application, cloud, and infrastructure orchestration. Puppet uses an agent on the target nodes.
Red Hat Package Managers
RPM Yellowdog Updater, modified (YUM)
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is an Internet standard protocol that provides authentication, authorization, and accounting (AAA) services. When a network contains several remote access servers, you can configure one of the servers to be a RADIUS server, and all of the other servers as RADIUS clients. The RADIUS clients will pass all authentication requests to the RADIUS server for verification.
SSL/TLS
SSL/TLS is also used as a VPN authentication and encryption protocol, used primarily for remote access connections. Unlike IPSec, SSL/TLS is an application-layer (layer 7) protocol and is therefore application-dependent. One of the most popular implementations of an SSL/TLS VPN on Linux is OpenVPN. OpenVPN supports password-based, certificate-based, and smart-card based authentication mechanisms for clients. For certificate-based authentication, OpenVPN can generate self-signed certificates or leverage certificates issued from an existing CA.
Software as a Service (SaaS)
SaaS provides applications to end-users. The applications are not installed directly on the user workstation, although to the user it seems as though the application is local. Deployment, maintenance, upgrades, and security patches are off-loaded to the cloud service provider. This area of cloud computing typically provides service to all end-users.
SAMBA and NFS
Samba enables the integration of Linux and Windows systems through a protocol that is native to Windows. NFS, on the other hand, is a native Unix/Linux protocol used to provide workstations access to directories stored on a server.
ABRT
The Automatic Bug Reporting Tool (ABRT) is a utility, typically used on Fedora- and RHEL-based distros, that analyzes and reports on problems detected during system runtime. ABRT collects data like memory dumps from crashed applications to help administrators diagnose and troubleshoot issues. location for problem data is in /var/spool/abrt/ with timestamped subdirectories for each problem detected.
/etc/apt/sources.list
Stores the repository locations that apt uses to search for packages specific to your system deb URL distro-name components /etc/apt/sources.list.d/
/var
Stores variable files, or files that are expected to constantly change as the system runs.
SQL and NoSQL
Structured Query Language (SQL) databases use relational tables to relate information, whereas NoSQL databases do not organize information with relational tables. Examples of SQL databases include: MySQL™, MariaDB®, and PostgreSQL. An example of a NoSQL database is MongoDB®.
System Logs
System logs are records of system activities and events that are tracked and maintained by the syslogd daemon. System logs use the syslog standard, which facilitates a centralized logging server that can receive and process syslog data from many systems across a network. This is called remote logging. The syslog standard also supports local logging, where logs are stored on the same system that generated them.
Kernel Module Configuration
The /etc/modprobe.conf file is a configuration file that contains settings that apply persistently to all the modules loaded on the system. It is used to configure modules and their dependencies and also specify module aliases. An alias is just an alternative name to use for a module. In newer Linux distros, this file is deprecated. The /etc/modprobe.d/ directory is used instead, and contains various .conf files. Other than creating aliases, these files can tell modprobe to run additional modules with specific options when your chosen module is loaded into the kernel.
Kernel Parameters
The /proc/sys/ directory lists the parameters that you can configure on your system. Like the directories containing kernel modules, this /proc/sys/ directory is divided into several categories, including the following. crypto Encryption and other cryptographic services. debug Debugging the kernel. dev Specific hardware devices. fs File system data. kernel Miscellaneous kernel functionality. net Networking functionality. user User space limitations. vm Virtual memory management.
/usr/lib/udev/rules.d/
The /usr/lib/udev/rules.d/ directory also contains udev rules. However, these rules are generated by the system, and you should refrain from editing them.
arp
The Address Resolution Protocol (ARP) is used to relate IP addresses and MAC addresses. There is also an arp command that administrators can run to discover information about known MAC addresses.
BIOS
The Basic Input/Output System (BIOS) is a standard for firmware interfaces and is stored on a computer motherboard's ROM chip. When a computer with BIOS is powered on, the BIOS firmware is the first to run; this enables it to test the various hardware components in a computer, as well as run a boot loader so that an operating system can start.
DNF
The Dandified YUM (DNF) package manager is an improved version of YUM. It uses fewer resources while still maintaining support for the fundamental RPM package manager. It includes a simplified set of commands as compared to YUM. Most of the YUM subcommands are used by DNF, so it will be relatively familiar to those used to using YUM.
GPT
The GUID Partition Table (GPT) is a successor to MBR that makes up for the latter's shortcomings. Like MBR, it is a partition structure, but it employs a more modern design and is part of the UEFI standard. Every partition on a drive is assigned a globally unique identifier—a GUID—to distinguish it from every other partition on (theoretically) every drive.
SHA
The Secure Hash Algorithm (SHA) algorithm is modeled after MD5 and is considered the stronger of the two. Common versions of SHA include SHA-1, which produces a 160-bit hash value, while SHA-256, SHA-384, and SHA-512 produce 256-bit, 384-bit, and 512-bit digests, respectively. SHA-1 is being deprecated due to some security weaknesses.
SAS
The Serial Attached SCSI (SAS) standard was developed to apply a serial interface to SCSI technology. SAS offers greater speeds than traditional SCSI—up to 24 Gb/s in the recent SAS-4—and supports higher-capacity drives. The serial interface also supports a more reliable data transfer rate. SAS has become the go-to technology for many enterprise storage environments.
UFW
The Uncomplicated Firewall (UFW) is a firewall management tool that makes it easier to configure the iptables service. UFW originated with Ubuntu® but can be downloaded and installed on other distributions. ufw [options] {action} ufw allow http/tcp ufw logging on ufw enable The /etc/default/ufw file is used to configure high-level settings like policy defaults and kernel module usage. More granular configuration files are found in the /etc/ufw/ directory.
/etc/inittab
The init daemon reads from this file to determine what runlevel to boot into, what daemons to start, and what to do if the runlevel changes. Each entry in the etc/inittab file takes the format: id:rstate:action:process
lpr
submits files for printing.
/home
user home directories
mkinitrd
to create the initrd image for preloading the kernel modules.
nslookup
A tool for gathering name resolution information and testing name resolution. It is available on most Linux distributions as well as Microsoft Windows. This command has a noninteractive mode, in which you can provide a domain name in a single command, and an interactive mode, in which you can issue the command by itself and then provide domain names on separate consecutive prompts.
ssh-add
Add private key identities to the SSH key agent. If the key is protected by a password, the user only needs to enter the password once, and the agent will automatically authenticate the user.
Incremental Backup
All selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up. When incremental backups are used, you must restore the last full backup plus all subsequent incremental backups. An incremental backup typically takes less time to perform than a differential backup because it includes less data, but it is also slower when it comes time to recover the data.
Array
An array is a collection of values. In other words, an array enables you to store multiple values in a single variable. Compound assignment in Bash arrays uses parentheses with each value separated by a space: my_arr=(1 "Hello" 3.1) Individual assignment adds a value to a specific index in brackets: my_arr[0]=1
Extended Partition
An extended partition can contain several file systems, which are referred to as logical drives. There can be only one extended partition, which can be further subdivided. This partition type does not contain any data and has a separate partition table.
Ansible
Ansible uses YAML files to create repeatable "playbooks" that define a desired configuration state. Ansible is an agentless solution that delivers files over SSH connections. Red Hat emphasizes the use of Ansible.
NIC Bonding
Associating two or more NICs together on the same system enables aggregation of their combined bandwidth, fault tolerance/redundancy, and load balancing. NIC bonding can be configured in an active/passive setup. In this setup, one primary NIC is active, and a secondary NIC is on standby (passive). Note: Some Linux distributions also support NIC teaming, which is a similar but more flexible approach to link aggregation. For example, RHEL 6 supports NIC bonding, whereas RHEL 7 supports both NIC bonding and NIC teaming.
/var/log/auth.log
Authentication messages (e.g., login successes and failures). Primarily used by Debian-based distros.
/var/log/secure
Authentication messages. Primarily used by RHEL and CentOS.
Throughput VS Bandwidth
Bandwidth is the potential amount of data that may move through a network connection in a given amount of time. Throughput is the amount of data that actually moves through a network connection in the given amount of time
Blog and Block Storage
Blob stands for binary large object. Audio, video, and other multimedia files—as well as text files—may be stored in this manner. This is an example of object storage. Unstructured. Data itself is written to the storage device (whether physical or virtual) in small chunks called blocks. These blocks are the fundamental storage areas of the drive. Most files are too large to be stored in a single block, so the files are broken into pieces that are then written to the blocks. Data is reassembled when called by the operating system
Boot Options
Boot from ISO PXE HTTP/FTP NFS
less and more
Both the less and more commands are similar in that they enable you to display the contents of a file and page through those contents if they extend beyond the screen. the less command is generally preferred.
ssh-keygen
Generate a public/private key pair using a specified asymmetric encryption algorithm.
GRUB
Grand Unified Bootloader original version of GRUB was the primary boot loader for Linux distributions, it had several limitations and was eventually phased out in favor of a newer version of GRUB. This original version is sometimes referred to as GRUB legacy.
Process Management
Handles different processes by allocating separate execution space on the processor and ensuring that the running of one process does not interfere with other processes. Through scheduling, the kernel implements sharing of processor time for executing multiple processes.
System Call Interface (SCI)
Handles system calls sent from user applications to the kernel. This enables user space applications to request services from the kernel space, like processing time and memory allocation. This layer also enables the kernel to schedule and process system calls and manage multiple system calls simultaneously.
firewalld persistance
Like iptables, firewalld does not persist its changes by default. This is called runtime mode. You must commit a change with the --permanent option for it to persist upon restart of the daemon.
LUKS
Linux Unified Key Setup (LUKS) is a platform-independent FDE solution that is commonly used to encrypt storage devices in a Linux environment. uses the dm-crypt subsystem This subsystem creates a mapping between an encrypted device and a virtual device name that user space software can work with.
libvirt
Linux virtualization solutions are built on top of libvirt, an application programming interface (API) that provides the software building blocks for developers to write their own virtualization solutions.
Kernel-Based Virtual Machine (KVM)
Linux-based virtualization solution that can be added to most Linux distributions. It enables the management of virtual machines on Linux platforms with attributes of both type 1 and type 2 virtualization.
atq
Lists user's pending jobs
Multi-Level Security
Multi-level security (MLS) is an optional feature of SELinux that enables a fourth context, called a level, to describe the sensitivity level and/or category of an object. This enables you to further fine-tune and constrain access even when the main three contexts are fulfilled.
OpenStack
OpenStack was originally a joint Rackspace and NASA project, usually deployed as an IaaS solution to manage cloud resources. OpenStack can orchestrate the deployment of a Linux, Apache, MySQL, PHP (LAMP) service, for example.
last
displays the running history of user login and logout events, along with the actual time and date.
PAM
Pluggable Authentication Modules (PAM) define the underlying framework and centralized authentication method leveraged by authentication services like Kerberos and LDAP. This provides a common mechanism for many different authentication services and applications.
rmmod
Remove a module from the currently running kernel. The syntax of this command is rmmod {module name}
SELinux
Security-Enhanced Linux (SELinux) is the default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux, and is optionally available on other distributions. It was developed by the U.S. National Security Agency (NSA). It provides additional file system and network security so that unauthorized processes cannot access or tamper with data, bypass security mechanisms, violate security policies, or execute untrustworthy programs.
/sbin
Stores binaries that are used for completing the booting process and also the ones that are used by the root user.
/bin
Stores essential command-line utilities and binaries. For example, the /bin/ls is the binary for the ls command.
/dev
Stores hardware and software device drivers. This directory maintains file system entries that represent the devices connected to the system. For example, the /dev/sda1 partition.
/media
Stores mount points for removable media such as CD-ROMs and floppy disks.
/opt
Stores optional files of large software packages. These packages normally create a subdirectory bearing their name under the / opt directory and then place their files in the subdirectory.
/lib
Stores shared program libraries required by the kernel, command-line utilities, and binaries.
/tmp
Stores temporary files that may be lost on system shutdown.
/boot
Stores the files necessary to boot the Linux operating system.
/etc/apt/sources.list
Stores the repository locations that apt uses to search for packages specific to your system
YUM Repository Configuration
The .repo files are stored in the /etc/yum.repos.d/ directory. Some of the components of the .repo file are as follows: [repo-name] —The repository name. name=Repository Name —The human-friendly name of the repo. baseurl= —The path to the repo. May be a file (file:///) or http:// path. enabled=1 —Enables the repo. gpgcheck=0 —Disables GPG checking.
/etc/cron*
The /etc/ directory also contains several default cron directories that administrators can use to place scripts to be executed on a regular basis. These directories are /etc/cron.hourly /etc/cron.daily /etc/cron.weekly, /etc/cron.monthly. Link or copy a script into these directories to use their schedule to run your commands.
FHS
The Filesystem Hierarchy Standard (FHS) is a collaborative document that specifies a set of guidelines for the names of files and directories and their locations on Linux systems.
MD5
The Message Digest 5 produces a 128-bit message digest. It was created by Ronald Rivest and is now in the public domain. MD5 is no longer considered a strong hash function and should be avoided for sensitive operations like storing passwords; however, it is still used in integrity checking.
process priorities
The OS provides a scheduler that determines what processes to give CPU time to. The scheduler is usually effective at assigning CPU time, but not every decision it makes is optimal. In some cases, you may need to manually tell the CPU to prioritize certain processes over others.
cron jobs
The cron daemon checks its crontab configuration file each minute to discover whether there are any tasks to be accomplished. If there are, it executes them. If there are not, it goes back to sleep until the next minute. Cron jobs can be used to specify tasks each minute, hour,
at
The at command is used to run a task once, at a specified time. It is not designed for repetitive or regularly scheduled tasks. at [options] {time} -m Send mail to the user when the job completes, regardless of output. -M Prevent mail from being sent to the user. -f {file name} Read a job from a file rather than standard input. -t {time} Run the job at the specified time value. -v Display the time the job will be executed. • noon to specify 12 P.M. • teatime to specify 4 P.M. • midnight to specify 12 A.M. • now + 3 minutes to specify the time three minutes from now. • now + 1 hour to specify the time one hour from now.
/etc/skel/
The contents of the /etc/skel/ directory are automatically copied into the home directories of new users. Administrators can pre-populate the /etc/skel/ directory with configuration files or other content.
Cron directories
The crontab files that contain scheduled task information can be found in the /etc/cron.d/ directory and in the /var/spool/cron/ directory. The root user can schedule system-wide tasks by using the /etc/cron.d/ directories. Services may also add scheduled tasks at this location. The root user can add tasks to the directory or can add tasks to the /etc/crontab file.
dar
The dar ("disk archiver") command is intended to replace tar by offering more backup and archiving functionality. It is especially useful at creating full, differential, and incremental backups.
dd
The dd command copies and converts files to enable them to be transferred from one type of media to another. if={file name} Specify the file from which data will be read. of={file name} Specify the file to which data will be written. bs={bytes} Specify the total block size to read and write, in bytes. Bytes can also be formatted in a more human-friendly way, such as 50M to specify 50 megabytes and 10G to specify 10 gigabytes. count={count} Specify the number of blocks to be written to the output file from the input file. status={level} Specify the level of information to print to standard error:
df and du commands
The df and du commands facilitate storage space tracking. The df command ("disk free") enables you to view the device's free space, file system, total size, space used, percentage value of space used, and mount point. The du command ("disk usage") displays how a device is used, including the size of directory trees and files within it. It also enables you to track space hogs, which are directories and files that consume
egrep
The egrep command is essentially the same as the grep -E command. However, egrep is deprecated, as grep -E is the preferred syntax.
while loop
The expression is evaluated, and if the expression is true, the actions in the loop are performed. while [ <condition to be evaluated> ] do <code to execute while condition is true> done
firewalld
The firewall daemon (firewalld) is used to dynamically manage a firewall without requiring the firewall to restart upon modification. It is an alternative to iptables and uses zones and services rather than chains and rules.
using dd for backups
The following example copies data from /dev/sda1 to /dev/sdb2: dd if=/dev/sda of=/dev/sdb Using dd, you can also create an image of a drive and then clone a second drive with it: dd if=/dev/sda of=drive_image.iso dd if=drive_image.iso of=/dev/sdb
for loop
The for loop executes a block of code as many times as specified by a numerical variable that is within the conditional part of the statement. for i in <variable to loop through> do <code to execute a specific number of times> done
head and tail commands
The head command displays the first 10 lines of each file. The tail command displays the last 10 lines of each file. common options used with the tail command: • -f —dynamically watch a file (the output will automatically update when the file changes). • -n {number} —show the specified number of lines, rather than the default of 10. Can also be used with the head command.
initrd
The initial ramdisk (initrd) refers to the root file system that is temporarily loaded into memory upon system boot. The initrd loads along with the kernel, which controls its functionality. The initrd enables the system to be started in two phases. In the first phase, the system is booted with the minimal set of modules required to load the main or the permanent root file system. In the second phase, when the main root file system is mounted, the previously mounted initrd file system is removed and the user space boot process continues.
Loopback and Link-Local
The loopback address is used for diagnostics purposes and to give the system the ability to network to itself. The link-local range is used for zero-configuration LANs or when the DHCP lease generation process fails. Link-local is also referred to as Automatic Private IP Addressing (APIPA). • Loopback: 127.0.0.1 • Link-local (APIPA): 169.254.0.0-169.254.255.255
MBR
The master boot record (MBR) is the first physical sector on a storage drive and a type of partition structure. The MBR boot sector contains the boot loader that loads the operating system into memory. It also contains the partition table of the storage drive. MBR determines what sectors are available to each partition, as well as which partition is considered bootable and which partitions are not.
OOM Killer
The out-of-memory (OOM) killer is a feature of the Linux kernel that determines what process(es) to kill when the system is extremely low on memory. The OOM killer will continue to kill processes until enough memory is free for the kernel and the system to run smoothly. Rather than killing processes at random, the OOM killer leverages an algorithm that assigns each process an OOM score. The higher the score, the higher chance the process has of being killed during an OOM event.
rpm
The rpm command is used to manage RPM packages on Red Hat-derived distributions. -i {package name} Install the specified software. -e {package name} Erase (uninstall) the package. -v Enable verbose mode, providing more detail. -h Print hash marks to indicate a progress bar. -V {package name} Verify the software components of the package exist. -U —upgrades the installed package, and installs the package if it is not already installed. -F —freshens the installed package, i.e., upgrades but does not install the package if it is not already installed.
syslog-ng
The syslog-ng service is another replacement for the older syslogd service. Although it offers similar functionality to rsyslogd, syslog-ng has its own syntax.
until loop
The until loop is similar to the while loop, except that the code is executed when the control expression is false. while [ <condition to be evaluated> ] do <code to execute while condition is false> done
Thin vs Thick Provisioning
Thin storage refers to a virtual storage device file that will grow on demand up to a maximum size. This may make for more efficient use of drive space, but it may also include a performance hit. Thick provisioning of a virtual storage device immediately reserves the allocated space for use by the virtual device only, regardless of whether that much capacity is actually needed. Performance is better, but it may consume more drive space than it needs.
text stream
This enables the application to interface with components like the CLI, files, network sockets, and more, while hiding those components' details from the application. stdin stdout stderr
Comparing export, env, and set
To summarize the difference between these three commands: • export —Change the value of a variable for all child processes. • env —View environment variables or change the value of a variable for a specified command. • set —View shell variables or change the value of shell attributes.
AppArmor Tunables
Tunables enable you to configure AppArmor functionality without directly modifying profiles. For example, profiles may reference a common object or path using a variable name, like @{HOME} to refer to the user's home directory. If the user's home directory is not in the default location, you can adjust the appropriate tunable file to account for this. Tunable files are located in the /etc/apparmor.d/tunables/directory.
.bashrc
User specific aliases and functions
SELinux Violations
Violations occur when SELinux denies a subject access to an object based on policy. This is typically because the subject has insufficient privileges and is therefore not authorized by the SELinux environment to perform a particular action. sealert -a /var/log/audit/audit.log The output of sealert can be difficult to parse, so you can use the audit2why command to translate an event into a more human-friendly format that explains why a violation occurred.
Remote Desktop Software
Virtual Network Computing (VNC) - cross-platform remote desktop service that enables full remote control of a desktop environment. VNC leverages the Remote Frame Buffer (RFB) protocol. xrdp - xrdp is a free and open source utility that constructs a Remote Desktop Protocol (RDP)-like server for non-Windows systems. NoMachine(NX) - cross-platform proprietary remote desktop software that offers support for multi-session environments and account management. Simple Protocol for Independent Computing Environments (SPICE) - free and open source protocol designed specifically for use in virtual environments. SPICE is often used by administrators to connect to virtual machines that are hosted by the Kernel-Based Virtual Machine (KVM) hypervisor.
TCP Wrappers
While you can deny access to specific users and groups, you can also deny connections to SSH that come from specific hosts. This is done by wrapping the SSH service in a TCP wrapper, which checks what hosts are explicitly allowed and denied before permitting the host to connect with the SSH service. You can specify hosts to allow in /etc/hosts.allow and hosts to deny in /etc/hosts.deny.
crontab
You can create, view, and delete crontab files using the crontab command. -e Edit the crontab file for the current user. -l View the crontab file for the current user. -r Delete the current crontab file. -u Create a crontab file on behalf of the specified user. crontab [options] [file/user]
export
You can effectively change a shell variable into an environment variable by using the export command. For example, if you have a shell variable SHL_VAR, you can enter export SHL_VAR to make it an environment variable. In order to set the value of an environment variable for all future Bash sessions, you can add an export statement to your .bash_profile file. To set the value of an environment variable system-wide, add an export statement to the appropriate file in the /etc/profile.d/ directory.
Setting the Scheduler
You can set the scheduler to use on a particular device by modifying the scheduler file located at /sys/block/<device name>/queue/scheduler Setting the scheduler is as simple as echoing the desired option to this file, as in: echo noop > /sys/block/sda/queue/scheduler
XFS QUOTAS
You can use the xfs_admin utility to configure quotas on XFS file systems. This utility can run in both interactive and non-interactive mode. When run noninteractively, use the -c option to specify which commands to run, and the -x option to enable expert mode, which is required for most administrative tasks.
ps options
a List all user-triggered processes. -e List all processes. -l List processes using a long listing format. u List processes along with the user name and start time. r Exclude processes that are not running currently. x Include processes without a terminal T Exclude processes that were started by any terminal other than the current one. -U {user name} Display the processes based on the specified user. -p {PID} Display only the process associated with the specified PID. -C {command} Display all processes by command name. --tty {terminal number} Display all processes running on the specified terminal.
mtr
a combination of ping and traceroute, with additional improvements to enable testing of the quality of a network connection. Ping packets are sent to the destination in large groups, with mtr noting how long responses take to the packets. also takes note of lost packets
GRUB2
a complete redesign and rewrite of the GRUB system. GRUB 2 offers administrators more control over the boot process, boot devices, and boot behavior. In addition, it comes with several improvements, including: • Support for non-x86 architecture platforms. • Support for live booting (booting an OS from storage media and running the OS entirely in memory, without installation). • Support for partition UUIDs. • Support for dynamically loading modules that extend GRUB's functionality. • Ability to configure the boot loader through scripts. • Rescue mode, which attempts to fix boot issues like corrupted or missing configurations. • Support for custom graphical boot menus and themes.
LDAP
a directory service protocol that runs over Transmission Control Protocol/Internet Protocol (TCP/IP) networks. LDAP clients authenticate to the LDAP service, and the service's schema defines the tasks that clients can and cannot perform while accessing a directory database, the form the directory query must take, and how the directory server will respond.
Kernel Panic
a mechanism by which the system detects there has been a fatal error and responds to it. A fatal error typically results in the system becoming unstable or totally unusable. Software that handles kernel panics will display an error message to the user and dump the current state of kernel memory to a storage device for later debugging.
String literal
any fixed value that represents a string of text within source code. String literals are enclosed in single (') or double (") quotation marks.
AppArmor Commands
apparmor_status Display the current status of AppArmor profiles. aa-complain Place a profile in complain mode. The basic syntax is aacomplain {path to profile} aa-enforce Place a profile in enforce mode. The basic syntax is aaenforce {path to profile} aa-disable Disable a profile, unloading it from the kernel. The basic syntax is aa-disable {path to profile} aa-unconfined List processes with open network sockets that don't have an AppArmor profile loaded.
2>>
append standard error message to end of dest file
Swap Partition
area of virtual memory on a storage device to complement the physical RAM in the computer. Swap partitions are used by Linux because they perform better than swap file systems.
Mount options
auto Specify that the device has to be mounted automatically. noauto Specify that the device should not be mounted automatically. nouser Specify that only the root user can mount a device or a file system. user Specify that all users can mount a device or a file system. exec Allow binaries in a file system to be executed. noexec Prevent binaries in a file system from being executed. ro Mount a file system as read-only. rw Mount a file system with read and write permissions. sync Specify that input and output operations in a file system should be done synchronously. async Specify that input and output operations in a file system should be done asynchronously.
case statement
case <variable> in <first condition>) <code to execute if first condition is true> ;; <second condition>) <code to execute if second condition is true> ;; esac
chown
change the owner, the group, or both -R recursive chgrp {group name} {file/directory name}
fsck
check the integrity of a file system Repair Filesystem fsck -r <dev>
Systemd Unit Files
configuration files that systemd uses to determine how it will handle units, which are system resources that systemd can manage. /lib/systemd/system/
/etc/udev/rules.d/
configure rules for how udev functions. You can create files in this directory that tell udev to configure a device in a certain way or run a certain command when a device is plugged in.
display server
component of a GUI that constructs and manages the windowing system and other visual elements that can be drawn on the screen. Display servers accept client input requests and send them to appropriate kernel modules for processing. Likewise, they also manage the process of receiving requests from an application to display output to the client.
git commands
config Set options for a repository or for Git users, as well as other global options. init Create a Git repository or reinitialize an existing one. clone Create a working copy of an existing repository. add Add files to be tracked by the Git repository. commit Update the Git repository with your changes, creating a "snapshot" of that repository. status Display the status of the repository. branch Manage branches, or pointers to specific repository snapshots after committing changes. merge Integrate changes from one branch into a "master" branch. pull Acquire and merge changes made to other repositories and branches into the local working copy. push Upload a local working copy of a repository to a remote repository, such as a centralized repository. log Display the changes made to a local repository. checkout Switch to a specific branch to work with.
ln
create a link to a file. A link does not contain data of its own, only a reference to the target file. --backup Back up existing destination files. -f Remove existing destination files. -s Make symbolic links instead of hard links. -i Prompt to remove destination files. -v Print the name of a file before linking.
alias
create custom command aliases To have them persist, add the appropriate alias command to .bashrc or .bash_aliases, which is called by .bashrc.
mkswap
create swap space on a storage partition. It is typically used when you wish to move swap space to a different partition than the one that was created during system installation
mirrorvg
creates copies, or mirrors, of all logical volumes in a specified logical volume group. By default, the command will create the mirrors on the same drives that are associated with the volume group.
Device Mapping
creates the virtual device and passes data from that virtual device to one or more physical devices.
xz
data compression utility, similar to gzip, that reduces the size of selected files and manages files in the .xz file format. -d Decompress a file. -f Force compression or decompression of a file even if it has multiple links or if the file exists. -q Suppress all warnings. -v Display the name and percentage reduction of the compressed or decompressed file. -t Perform an integrity check on the compressed file.
/etc/services
database of services and their corresponding port numbers This file enables services to, by default, attempt to bind to their corresponding port when activated.
who
details of logged in users -u how long idle ( . ) active up to a min ago old - inactive over 24 hours
udev
device manager udev manages the automatic detection and configuration of hardware devices. A function of systemd, udev is an integral part of the kernel that is initialized during boot time. The udev utility handles module loading for both coldpluggable and hotpluggable devices.
Character Devices
devices like keyboards, mice, serial ports, etc., that can be read from and written to in streams of data.
lsusb
display information about devices that are connected to the system's USB buses. This command scans the /dev/bus/usb/
whereis
display various details associated with a command. -b Search only for binaries. -m Search only for manual sections. -s Search only for sources. -u Search for unusual entries.
which
displays the complete path of a specified command by searching the directories assigned to the PATH variable
/etc/pam.d/
directory, where each PAMaware service or application has its own file. Each file includes directives, formatted in the following way: <module interface> <control flag> <module name> <module arguments>
uptime
displays the time from when a system started running. A CPU's load is expressed as the number of processes that are either using or waiting to use the CPU. It can also include the number of processes in the queue for storage I/O. Using uptime you can find the average load over three different periods of time, from left to right in the output: the last 1 minute, the last 5 minutes, and the last 15 minutes
lsdev
displays various information about a system's hardware as reported by the kernel. It compiles this information from three files in the /proc/ directory: more common on Debian-based distributions and is available from the procinfo package.
vmstat
displays various statistics about virtual memory, as well as process, CPU, and I/O statistics. By default, the report will provide averages of each statistic since the last system boot It's recommended to supply vmstat with a delay for a more accurate report. For example, vmstat 5 5 will run the command on a five-second delay for five intervals.
Git
distributed version control system primarily used by developers who are collaborating on projects.
dumpe2fs
dump ext2, ext3, and ext4 file system information. It prints the superblock and block group information for the selected device.
dmidecode
dumps the system's Desktop Management Interface (DMI) table and presents it in a human-readable format. The DMI table is an industry standard for tracking information about hardware components.
/etc/grub.d/40_custom
enables the customization of the menu presented to the user during the boot process. GRUB 2 will offer the user a menu of installed operating systems to choose from.
Raw Partition
enables users and applications to read from and write to a block storage device directly, without using the system cache. This is useful in situations where software like a database management system (DBMS) has its own caching mechanism. The DBMS has greater control over I/O caching in a raw partition and can bypass the caching normally done by the kernel.
firewall-cmd
enables you to configure firewalld by querying, adding, modifying, and deleting zones and services as desired. firewalld is the default firewall service for many Linux distributions, including Red Hat® Enterprise Linux® and CentOS®
iptables
enables you to manage packet filtering as well as stateful firewall functionality within Linux through various tables. Each table applies to a certain context and consists of rule sets, called chains, that the table uses to implement the firewall. A packet is compared to the first rule in the appropriate chain, and if it does not match that rule, it is compared to the next rule in the chain, and so on. If the packet matches a rule, it can either be evaluated by a new chain or have one of three actions applied to it: ACCEPT, DROP, or RETURN (skip to next rule in previous chain). iptables [options] [-t table] [commands] {chain/rule specification}
nice command
enables you to run a command with a different nice value than the default. The -n option increments the nice value by the given integer; if you don't provide an integer, then the command will assume an increment of 10.
telinit
enables you to switch the current runlevel of the system. On systemd environments, the telinit command will be translated into the appropriate target request.
journalctl
enables you to view and query log files created by the journal component of the systemd suite. Log information is collected and stored via the systemd journald service. often used in conjunction with a traditional syslog daemon such as syslogd or rsyslogd. /etc/systemd/journald.conf file.
cut
extracts the specified lines of text from a file. -c Specify the number of the character to cut from each line. -d{delimiter} Separate one field from another. -f{field numbers} Specify the field numbers to cut on as separated by the delimiter. For example, -f2 indicates the field between the first and second instances of the delimiter. -s Suppress a line if the delimiter is not found. cut -d: -f1-3 /var/log/secure
Foreground and Background Processes
fg %{job ID} Bring a job to the foreground. Ctrl+Z Halt a job temporarily so you can use the bg command. bg %{job ID} Push a job to the background. & Start a command running in the background when added to the end of a command.
/etc/resolv.conf
file is stored locally on each system, informing that system of the IP address of one or more DNS servers.
known_hosts
file on client that lists public keys the client accepts
if else statement
if [ <condition to be evaluated> ] then <code to execute if condition is true> else <code to execute if condition is false> fi
udevadm
info Retrieve device information stored in the udev database, as well as detailed device attributes from the /sys/ filesystem. For example, you can view a device's vendor ID, product ID, serial number, and much more. control Modify the running state of udev. For example, providing the --reload-rules option will ensure that udev is reading from any new rules files you've added. trigger Execute rules that apply to any device that is currently plugged in. You can also specify an action using the -c option, such as add, remove, or change. As the names imply, these will trigger events where a device is added, removed, or changed in the running kernel. monitor Watch for events sent by the kernel or by a udev rule. test Simulate a udev event running for a device, with results on output.
whois
information on Internet DNS registrations for organizations.
virsh
interactive shell to KVM virtual machines. The following are some subcommands you can use within virsh. help Get help with the virsh command. list Get a list of recognized VMs. shutdown {VM} Gracefully shut down a VM. start {VM} Start a VM. reboot {VM} Reboot a VM. create {XML file name} Create a VM from an XML file. save {VM} {file name} Save the state of a VM with the given file name. console {VM} Open a console to a VM.
ps
invokes the process table, a record that summarizes the current running processes on a system.
top
lists all processes running on a Linux system. It acts as a process management tool by enabling you to prioritize, sort, or terminate processes interactively. Enter Refresh the status of all processes. Shift+N Sort processes in the decreasing order of their PID. M Sort processes by memory usage. P Sort processes by CPU usage. u Display processes belonging to the user specified at the prompt. k Terminate the process for which you specify the PID. r Renice the process for which you specify the PID. q Exit the process list.
/proc/mounts
lists the status of all currently mounted file systems in a format similar to fstab: It is actually not a real file, but part of the virtual file system that represents the status of mounted objects as reported by the Linux kernel. lists all file systems, not just those on storage drives and partitions.
mount
loads a file system to a specified directory so that it can be accessible to users and applications. mount [options] {device name} {mount point}
/lib/systemd/system/
location that is used by software to install systemd unit files you shouldn't edit the unit files in this directory. If you want to modify a unit file's functionality, you should use the /etc/systemd/system/ directory.
cryptsetup
luksFormat Format a storage device using the LUKS encryption standard. isLuks Identify if a given device is a LUKS device. luksOpen Open a LUKS storage device and set it up for mapping, assuming the provided key material is accurate. luksClose Remove a LUKS storage device from mapping. luksAddKey Associate new key material with a LUKS device. luksDelKey Remove key material from a LUKS device.
LV tools
lvscan Scan all physical devices for logical volumes. lvcreate Create logical volumes in a volume group. lvdisplay List attributes of logical volumes. lvchange Change attributes of logical volumes. lvs Display information about logical volumes. lvrename Rename logical volumes. lvreduce Reduce the size of logical volumes. lvextend Extend the size of logical volumes. lvresize Resize logical volumes. lvremove Remove logical volumes.
grub.cfg
main configuration file for the GRUB 2 boot loader. On BIOS systems, it is located in the /boot/grub2/ directory. On UEFI systems, it is located in the /boot/efi/EFI/<distro>/ directory.
digital signature
message digest that has been encrypted with a user's private key. Asymmetric encryption algorithms can be used with hashing algorithms to create digital signatures. The sender creates a hashed version of the message text, and then encrypts the hash itself with the sender's private key. The encrypted hash is attached to the message as the digital signature.
Systemd Targets
method of grouping unit configuration files together, typically to represent specific modes of operation. graphical.target
Command Subsitituion
method of shell expansion in which the output of a command replaces the command itself. `command` or $(command)
usermod
modify settings for regular users. It edits the /etc/passwd file -c comment -e expiration -aG add to group -l change login name
/etc/crypttab
performs a similar function to the fstab file, but its purpose is to store information about encrypted devices and partitions that must be unlocked and mounted on system boot
free
parses the /proc/meminfo file for easier analysis of memory usage statistics. -b, -k, -m, -g, -tera Display memory in bytes, kilobytes, megabytes, gigabytes, and terabytes, respectively. -s {seconds} Update memory statistics at a delay of the specified seconds. -o Disable the display of the buffered/cached information. -t Display a total line that combines physical RAM with swap space. -h Make the output more human-readable.
Swap Space
partition on the storage device that is used when the system runs out of physical memory. Linux pushes some of the unused files from RAM to the swap space to free up memory. Usually, the swap space equals twice the RAM capacity.
Unlock user account
passwd -u usermod -U
locate
performs a quick search for any specified string in file names and paths stored in the mlocate database. This database must be updated regularly for the search to be effective. The results displayed may be restricted to files that users have permissions to access or execute.
awk
performs pattern matching on files
Hypervisor
provides control between the virtual machines and the physical hardware. It manages allocation of hardware, control of networking, administrative control, etc. Type 1 runs directly on the hardware in a "bare metal" deployment. Examples include VMware ESXi and Microsoft Hyper-V. Type 2 runs as a service on a locally installed operating system. Examples include Oracle VM VirtualBox and QEMU.
DM-Multipath
provides redundancy and improved performance for block storage devices. It leverages the device mapper to support multiple I/O paths (connection interfaces) between the CPU and the storage devices. If one path fails, DM-Multipath will switch to one of the other paths that remain, keeping the storage device available for reading and writing.
Server Message Block (SMB)
provides users shared access to files and other resources across a local area network (LAN). SMB clients make requests for resources to SMB servers, which respond and provide the appropriate level of access. This protocol is primarily used with Windows computers. However, SMB-compatible software called Samba helps interface Linux and Windows hosts running network shares.
PV Tools
pvscan Scan for all physical devices that are being used as physical volumes. pvcreate Initialize a drive or partition to use as a physical volume. pvdisplay List attributes of physical volumes. pvchange Change attributes of a physical volume. pvs Display information about physical volumes. pvck Check the metadata of physical volumes. pvremove Remove physical volumes.
firewalld zones
rule sets that can apply to specific network resources, like a network interface. You'd typically place resources in a zone to group them with resources that have similar security requirements or similar levels of trust. For example, the zone with the lowest level of trust is called drop and it immediately drops all incoming connections.
daemons
running programs (i.e., processes) that operate in the background without the need for human intervention. Daemons lie dormant until an event triggers them into activity. Some daemons operate at regular intervals.
Data transfer tools
scp - copy over ssh sftp - secure ftp, uses ssh tunnel. can transfer and manage files and directories rsync - This tool is used to copy files locally and to remote systems. Its real power lies in its efficient use of network bandwidth; instead of copying all files, it only copies differences between files.
find
search a specific location for files and directories that adhere to some search criteria. It recursively searches the directory structure, including any subdirectories and their contents, beginning with the search location you enter. You can perform one or more actions on the files found.
SELinux Commands
semanage sestatus getenforce setenforce getsebool setsebool ls -Z ps -Z chcon restorecon
Kill
send signals to processes to terminate or "kill" them. kill pkill killall
Search path
sequence of various directory paths that is used by the shell to locate files. Paths can be assigned to the PATH environment variable.
/etc/profile.d/
serves as a storage location for scripts administrators may use to set additional system-wide variables. It is recommended you set the environment variables via scripts contained in /etc/profile.d/ rather than editing the /etc/profile file directly.
IPSec
set of open, non-proprietary standards that can be used to secure data as it travels across the network or the Internet. IPSec uses different protocols and services to provide data authenticity and integrity, antireplay protection, non-repudiation, and protection against eavesdropping and sniffing. IPSec operates at the network layer (layer 3) of the OSI model, so the protocol is not application-dependent.
.bash_profile
shell configuration for initial login env
cat
short for concatenate, can display, combine, and create text files. -n Precede the output with its respective line number. -b Number the lines, excluding the blank lines. -s Suppress output of repeated empty lines. -v Display non-printing characters as visible characters, other than tabs, new lines, and form feeds. -e Print a $ character at the end of each line, prior to the new line. -t Print tabs as ^I and form feeds as ^L
/etc/profile
system-wide environment variables. This may be more effective for administrators to configure if there are settings that apply to all users. During the initial login process for a user, the system reads the /etc/profile file first for Bash shell configurations, and then any user-specific Bash customizations are pulled from the .profile file located in the user's home directory.
Digital Certificate
the most fundamental component of a PKI, and the overarching task of a PKI is to manage digital certificates in a variety of ways. A digital certificate is an electronic document that associates credentials with a public key. Both users and devices can hold certificates. The certificate validates the certificate holder's identity through a digital signature and is also a way to distribute the holder's public key. In addition, a certificate contains information about the holder's identity.
Context-Based Permissions
the permission scheme defines various properties for a file or process, and uses those properties together, rather than in isolation, to determine whether to grant or deny access. SELinux and AppArmor
redirection
the process of accepting input data from a source other than the keyboard and sending output data to a destination other than the display device.
Storage Quota
the storage space that is allotted to a user for file storage on a computer. Storage quotas are configured on a per-user basis. File systems that implement storage quotas can have a soft limit, a grace period, and a hard limit.
tr
translate a string of characters. It is predominantly used to change the case of letters in a file. This command acts only on a stream of characters and does not accept file names as arguments. You must use redirection to actually change a file.
time
used to gather information about how long it took to execute a command, as well as some additional statistics about the I/O and memory used in command execution. time [options] {command}
partprobe
update the kernel with changes in the partition table. The command first checks the partition table, and if there are any changes, it automatically updates the kernel with the changes.
modprobe
used to add or remove modules from a kernel. This command is capable of loading all the dependent modules before inserting the specified module. It is therefore preferred over using the insmod and rmmod commands. add modules using modprobe, use the -a option and specify the modules you want to add. To unload a module, use the -r option and specify the modules you want to remove. -f Force the module to be inserted or removed. -n Conduct a dry run, i.e., output results without actually executing operations. -s Print errors to the system log (syslog) rather than stderr. -v Enable verbose mode.
diff
used to compare text files. The command displays the two files and the differences between them. Using various symbols, the output suggests how you can change one file to make it identical to the other. Each symbol has a special meaning. The less than symbol (<) with a line after it means that line should be removed from the first file because it doesn't appear in the second. The greater than symbol (>) with a line after it means that line should be added from the second file. -b Ignore spacing differences. -i Ignore case differences. -t Expand tab characters in output lines. -w Ignore spacing differences and tabs. -c Display a list of differences with three lines of context. -u Output results in unified mode, which presents a more streamlined format.
Load Balancing
used to distribute inbound connection requests across multiple servers. A very common use for load balancing is to distribute connection attempts among web servers.
exec
used to execute another command, replacing the current shell process with this new program's process (no new process is created). This can be useful when you want to prevent the user from returning to the parent process if an error is encountered.
netstat
used to gather information about TCP connections to the system. -v Activate verbose mode. -i [interface] Display information about all network interfaces or the specified interface. -c Continuously print information every second. -l Show only what ports are being listened on.
route
view the routing table. The command is also used to manipulate the routing table, enabling the administrator to configure desired routes. route add default gw {IP address} Configure a default gateway by its IP address. Packets will be passed to this destination if there are no other routes that match their network ID. route add -host {IP address} reject Filter traffic destined to the specified address, which enables an administrator to control connections to a particular host. Can also be configured for an entire subnet.
SSH Authentication Files
~/.ssh/ —A directory that contains files related to SSH keys. • id_rsa —Contains the user's private key. • id_rsa.pub —Contains the user's public key. • authorized_keys —A file on the remote server that lists the public keys that the server accepts. In other words, the server uses this file to authenticate the client. • known_hosts —A file on the client that lists the public keys that the client accepts. In other words, the client uses this file to authenticate servers. • config —A file on the client that you can use to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.
ls Colors
• Default color: Normal/text file • Blue: Directory • Sky blue: Symbolic link or audio file • Green: Executable file • Yellow with black background: Device • Pink: Image file • Red: Archive file • Red with black background: Broken link
Troubleshoot Hardware Issues
• Ensure that hardware devices are supported through robust drivers. • Ensure that the necessary drivers are installed and loaded in the kernel. • Ensure that hardware devices are compatible with the Linux software that controls, manages, or interfaces with them. • Verify that the system has the correct keyboard layout and language set. • Verify that a network-enabled printer is identifiable on the network. • Stop large or numerous print jobs with the lprm command. • Check the mcelog for memory errors. • Run a utility like memtester to stress test RAM modules. • Download the latest GPU drivers from the vendor's website. • Ensure storage and peripheral devices are properly slotted into the correct buses. • Ensure connected cables are not loose or damaged. • Use a command like lshw to identify connected hardware. • Be aware that dmidecode may produce inaccurate results. • Review crash data compiled by the ABRT utility.
Execute (x)
• Files: The ability to run a script, program, or other software file. • Directories: The ability to access a directory, execute a file from that directory, or perform a task on that directory (e.g., a search).
Write (w)
• Files: The ability to save changes to a file. • Directories: The ability to create, rename, and delete files in a directory. Requires the execute attribute to also be set.
Troubleshoot Process Issues
• Gather information about a process, including its process ID (PID) and state. • Use ps to print information on all running processes, including CPU usage. For example, a process consuming over 50% of the CPU may cause performance issues, and is worth investigating further. • Use top to retrieve a dynamic and interactive list of all running processes. • Use systemd-analyze blame to determine what startup processes are slowing down boot operations. • Use lsof to identify which processes have open files. • Use nice and renice to prioritize certain processes over others. • Use fg and bg to manage foreground and background processes. • Use nohup to keep a command running even after logging off. • Use kill and its associated commands to terminate problem processes.
Troubleshoot CPU and MEM issues
• Identify key information about the CPU and its logical cores using the /proc/cpuinfo file. • Use the uptime command to identify CPU load averages. • Use sar to see what component is causing heavy load on the CPU and when. • Identify key information about memory usage using the /proc/meminfo file. • Use free to more easily analyze memory usage information. • Use vmstat to retrieve more information on both CPU and memory usage. • Consider tweaking the OOM killer to spare or sacrifice specific processes when low on memory. • Consider creating more swap space if adding physical memory is not feasible.
Wayland advantages
• In X, the X server must determine which window an event applies to. It can't always do this correctly, because the separate compositor controls how the window is redrawn through actions like resizing and rotation—information that the X server doesn't necessarily understand. Because the compositor and server are one in Wayland, this is not an issue. • In X, the compositor must fetch event data from the server, which can introduce latency. In Wayland, the compositor receives events directly from the client, mitigating latency issues. • Wayland simplifies the graphical rendering process by enabling the client to perform its own rendering. • Although Wayland is not network-aware in the same way as X, it can still leverage remote desktop protocols for controlling a GUI environment over a network. • Older implementations of X do not isolate the data I/O of each window, whereas Wayland does. This helps ensure the security of data.
Hashing uses
• It is used in a number of password authentication schemes. • A hash value can be embedded in an electronic message to support data integrity. • A hash of a file can be used to verify the integrity of that file after transfer.
MBR disadvantages
• The maximum storage space of an MBR-partitioned drive is two terabytes. • MBR-partitioned drives can have a maximum of four primary partitions. • The boot data is stored in one sector, which increases the risk of corruption.
Kernel Module Advantages
• They reduce the burden on the kernel because otherwise all of the modules' functionality would have to be added directly to the kernel. • Dynamic loading of kernel modules facilitates lower memory consumption. • They avoid having to rebuild and reboot the system when new functionality is required. Kernel module file consists of a .ko extension. Modules built for a specific kernel version may not be compatible with another version of the kernel.
LVM Advantages
• You can dynamically create, delete, and resize volumes without having to reboot the system. • Day-to-day management of volumes is easier once everything is set up. • You can map multiple logical volumes across multiple physical devices. • A logical volume can exceed the size of any one physical device, as long as it doesn't exceed the total size of devices in the volume group. • You can create virtual snapshots of each logical volume so you can quickly and easily revert a volume to a specific state.
ext Tools
• e2fsck • resize2fs • tune2fs • dumpe2fs
iptables default tables
• filter —The default table used for typical packet filtering functionality. • nat —Used to implement Network Address Translation (NAT) rules. • mangle —Used to alter packets' TCP/IP headers. • raw —Used to configure exceptions for packets involved in connection tracking. • security —Used to mark packets with SELinux security contexts.
Choosing a compression method
• gzip if you just care about compressing and decompressing files as fast as possible and are less concerned with storage space. • xz if storage space is at a premium, and time is not as much of a factor. • bzip2 to strike a balance, and for data that rarely needs to be decompressed.
gzip
• gzip {file name} —Compresses the file and appends the .gz extension. • gzip -d {file name} —Decompresses the file.
Linux Kerberos Commands
• kinit —Authenticates with Kerberos, granting the user a ticket granting ticket (TGT) if successful. • kpassword —Changes the user's Kerberos password. • klist —Lists the user's ticket cache. • kdestroy —Clears the user's ticket cache.