Linux+(XK0-004)
dmesg -w
watch the hw logs (all messages sent to the kernel's message buffer after system boot, including messages sent by device drivers) in real-time, each line preceded by timestamp, seconds since the kernel loaded
sudo shred -v -n=1 -z /dev/{partition}
verbosely clean a target disk or partition by overwriting its contents with random data for one iteration then add a final overwrite with zeros to hide the cleaning. This ensures that no sensitive data from past use remains on the device.
sudo systemctl status httpd
verify the loaded and active status of the Apache http service
lvs
view a summary of logical volumes
pvs
view a summary of physical volumes
vgs
view a summary of volume groups
ulimit -a
view all upper limits for file size, open files, pipe size, stack size, etc.
df -h
view device free space in human readable form
useradd -D
view the default configuration for new users
nmap {destination_host}
view the network structure to verify the existence of a path between the source and destination systems.
hostnamectl
view the system's network hostname and other information about the system's hardware and the Linux kernel it is running.
chmod g+s {directory}
using symbolic mode, set the group id on a directory so that all subdirectories created within it will inherit the SGID permission and all new files and subdirectories created within it will inherit the directory's group id (neither applies to existing objects or moved objects)
chmod +t {filename}
using symbolic mode, set the sticky bit of a file so that only the owner can delete it
chmod u+s {filename}
using symbolic mode, set the user id on a file to let it be executed with owner privileges
sudo swapon -a
using this command, all devices marked as swap in /etc/fstab are made available, except for those with the "noauto'' option. Devices that are already being used as swap are silently skipped.
sudo swapoff -a
using this command, swapping is disabled on all known swap devices and files (as found in /proc/swaps or /etc/fstab).
ln -s {target name} [link name]
Make a symbolic link
Unicode
A character code that enables most of the languages of the world to be symbolized with a special character identification.
chcon {-u|-r|-t} {context value} {file/directory}
Change the SELinux security context of a file or directory
getenforce
Display which mode SELinux is running in
yum install -y {package name}
Install a package from a configured repository using yum.
pvscan
Scan for all physical devices that are being used as physical volumes
sysctl -w {parameter}={value}
Set a runtime kernel parameter value.
timedateclt set-time 2020-01-01 15:03:16
Set the system's time to the time provided.
LANG={locale}
The locale to use for all LC_* variables that aren't explicitly defined.
LC_ALL={locale}
The locale to use for all options, overriding any LANG and LC_* values. Typically used for troubleshooting purposes.
--permanent
The option that be used with the firewall-cmd command when committing a change to firewalld for it to persist upon restart of the daemon
Running
The process is currently executing in user space or kernel space. In this state, the process can perform its assigned tasks.
Interruptible sleep
The process relinquishes access to the CPU and waits to be reactivated by the scheduler. A process typically enters this state when it requests currently unavailable resources. The process will wake from its sleep if a scheduler finds a time slot for it.
0-1023
The range of well-known or privileged port numbers is
Timed out
The request reached the destination computer but a response did not return to the source computer before the source computer _________. This often indicates the problem is with the destination computer.
TZ={time zone}
The system time zone. This is an alternative to using commands like date or timedatectl to set the time zone.
Run level 0
This run level halts (shuts down) the system
yum remove {package name}
Uninstall a package using yum.
sudo lvcreate -L {size} {volume_group} -n {logical_volume}
create a logical volume, specifying the size, the associated volume group, and the name
sudo firewall-cmd --permanent --new-zone={zone}
create a new firewalld zone and write the addition to disk instead of RAM.
useradd jdoe -c "John Doe" -e 2019/12/31 -s /bin/dash -d /home/john_doe
create a new user, specify a comment, an account expiration, a default shell, and home directory
sudo mkswap /dev/{swap_partition}
create a swap space on a storage partition
find ~ -type f -name "*.txt" | xargs chmod 775
find all text files in the home directory and modify their permissions
mkdir {directory_name}
make a new directory
paste -d , {file_1} {file_2}
merge the lines of two files horizontally using a comma delimiter
mv {source} {destination}
move or rename a file/directory
less {file_name}
page through the contents of a file
message digest
resulting output of the hashing process
/lib/systemd/system/
standard location that is used by software to install unit files, don't directly edit
644
the octal for default permissions set on a file created by a root user, before any umask is applied
/etc/profile and /etc/bashrc
two files in which a persistent system wide umask can be set
df -i
verify that the inode pool has not been exhausted by using this command.
Differential
All selected files that have changed since the last full backup are backed up. When _______ backups are used, you must restore the last full backup plus the most recent _______ backup. _______ backups require less storage space and backup time than full backups, but are slower to recover.
Stateless Firewalls
Another term for packet filtering firewalls, whose rules appear in the form of an access control list (ACL), named so because they can only inspect a packet in isolation, and cannot determine what has come before that packet that might provide valuable context.
sysctl -r {pattern}
Apply a command to runtime kernel parameters matching a given pattern, using extended regular expressions.
NoMachine (NX)
A cross-platform proprietary remote desktop software that offers support for multi-session environments and account management. It is useful in organizations with many users that require simultaneous access to the same servers. It is designed to work with X.
ASCII
A standard code for representing text characters using one byte. Generally replaced by UTF-8 or UTF-16 to support international languages.
brctl addif {bridge name} {interface}
Add an interface (like eth0 or eth1) to a bridge
ssh-add
Add private key identities to the SSH key agent. If the key is protected by a password, the user only needs to enter the password once, and the agent will automatically authenticate the user.
usermod -aG sales-group user1
Adds user to a group and keeps them in their existing groups
sudo xfs_admin -L {Label} /dev/{disk_partition}
Change the label on an XFS file system
setenforce 1
Change the mode SELinux runs in to enforcing (does not persist on reboot)
setenforce 0
Change the mode SELinux runs in to permissive (does not persist on reboot)
xfs_admin
Change the parameters of an XFS file system, including its label and UUID
setsebool {bool} on
Change the status of an SELinux boolean value to on
usermod -l user99 user1
Changes the user's login name
Boot from HTTP/FTP
Clients can use these content delivery protocols to acquire boot data over the network. More reliable and secure than TFTP used in PXE.
gzip {file name}
Compresses the file and appends the .gz extension
route add default gw {IP address}
Configure a default gateway by its IP address. Packets will be passed to this destination if there are no other routes that match their network ID.
AllowUsers
Configure this setting in /etc/ssh/sshd_config to enable user-specific access by allowing the specified users access over SSH.
netcat -l {port}, netcat {ip_addr} {port}
Connect two computers for the purpose of transferring information (one command from computer 1, another from computer 2)
cpio -i < dir_arch
Copy files from an archive. Extract files from the standard input.
find . -depth -print | cpio -p new_dir
Copy files from one directory tree to another. Read the standard input to obtain the list of file names that are created and copied into the destination directory.
ls | cpio -o > dir_arch
Copy files into an archive. Read the standard input to obtain a list of file names and then copy those files to the standard output and redirect to an archive.
xfs_copy
Copy the contents of the XFS file system to another location
xfs_metadump
Copy the superblock metadata of the XFS file system to a file
crontab -e -u {user_name}
Create a crontab file on behalf of the specified user.
dpkg
Debian's package manager, available for use in Debian and Debian-derivatives
xfs_db
Debug the XFS file system
gzip -d {file name}
Decompresses the file
crontab -r
Delete the current crontab file
sudo aa-disable /etc/apparmor.d/{profile}
Disable an AppArmor profile, unloading it from the kernel.
nmcli con down {device ID}
Disable the specified NIC
sysctl -a
Display all runtime kernel parameters and their current values.
xfs_info
Display details about the XFS file system, including its block information
modinfo {module_name}
Display information about a particular kernel module, such as the file name of the module, license, description, author's name, module version number, dependent modules, and other parameters or attributes.
netstat - i {I-Node}
Display information the specified network interface,
nmcli con edit {device ID}
Enter interactive mode to configure the specified NIC
/etc/systemd/system/
contain files for overriding unit files, unit files in this directory take precedence over files elsewhere,
chown -R {user name} {directory}
Recursively change the owner of a directory structure
RPM
Red Hat Package Manager
systemctl daemon-reload
Reload the systemd init daemon, including all unit files.
cryptsetup luksClose /dev/mapper/{virtual_name}
Remove a LUKS storage device from mapping, locking the device.
rmmod {module_name}
Remove a module from the currently running kernel
sudo chattr -i {file/directory}
Remove the read-only, or immutable, attribute of the file. Requires superuser privileges.
groupmod -g 123 -n newsales sales
Rename a group and change the group ID
top : r
Renice the process for which you specify the PID.
xfs_repair
Repair and recover a corrupt XFS file system
yum info {package name}
Report information about a package.
apt show {package name}
Report information about the package using apt.
yum provides {file name}
Report what package provides specified files or libraries.
restorecon {file/directory}
Restore the default SELinux security context of one or more files
udevadm info /dev/sda1
Retrieve device information stored in the udev database, as well as detailed device attributes from the /sys/ file system. For example, you can view a device's vendor ID, product ID, serial number, and much more.
mail [email protected] < hello.txt
Set the contents of a text file as input and attach it to an email message.
chage -W 5 user1
Sets number of days before expiration that user will be warned to change their password.
chage -E 2022/12/31 user1
Sets the account to expire at the specified date and time.
chage -M 90 user1
Sets the maximum days the password is valid for
chage -m 1 user1
Sets the minimum days until the password can be changed.
ss -i
Show only what ports are being listened on (internal TCP information)
ss dst {host}
Show whether the specified host is connected and what the connection statistics are.
.rpm
Software packages that are prepared for RPM use the this file extension
.dep
Software packages with this file extension can be managed using dpkg
top : P
Sort processes by CPU usage.
top : M
Sort processes by memory usage.
Buffered, Cached
The ______ field in /proc/meminfo indicates memory that is assigned to a specific block device. This memory is used to cache file system metadata, like directory contents, permissions, etc. The ______ memory is similar, but instead of storing file metadata, it stores the actual contents of files. The free command combines these two values together upon output.
GNOME
The default desktop environment in most Linux distributions that follows design principles called human interface guidelines. Starting with version 3, it changed from using a typical desktop metaphor to a more abstract metaphor in which users can switch between virtual desktops and tasks from an overview screen. It supports both X and Wayland.
Persistant Volumes
These are created as part of the Kubernetes orchestration solution for container management, keeping the storage configuration separate from the configurations of the individual cluster nodes. This makes it easier for nodes to be replaced through their lifecycle without impacting the storage.
Software Tokens
These are generated by a system that can distribute the authentication information to any authorized general-purpose device—like a smartphone or a desktop computer
JSON
These files may be used to store information that is easy for most programming languages to interpret and use. Because it uses a standard JavaScript format, it is also relatively easy for humans to interpret and write. One use of these files is for the quick deployment and configuration of one or more virtual machines.
transport mode
This IPSec mode is typically used in remote access VPNs. Only the packet contents are encrypted, whereas the header is not.
tunnel mode
This IPSec mode is typically used in site-to-site VPNs. Both the packet contents and header are encrypted
password requisite pam_pwhistory.so remember=90
This PAM password policy enforces a password history so that users don't re-use old passwords when changing theirs. Passwords are "remembered" for 90 day. Notify the user immediately upon failure.
password sufficient pam_unix.so sha512 use_authtok
This PAM password policy hashes the user's password using the SHA-512 algorithm without conducting any password checks, instead pulling in the password that has already been checked by any prior modules. The module result is ignored upon failure
password required pam_cracklib.so retry=5
This PAM password policy requires users to enter a password that cannot be easily cracked in a dictionary attack, giving them 5 chances to do so
password requisite pam_pwquality.so local_users_only
This PAM password policy will require that the user enter a "quality" (strong) password. Non-local users—those not found in /etc/passwd—are ignored. Notify the user immediately upon failure.
renice -n 8 {pid}
This command alters the scheduling priority of an already running process. Use the -n option to specify the new nice value. The -g option causes all processes in the process group to have their nice value altered. When you renice a user with the -u option, it alters the nice value of all processes owned by the user. By default, the processes affected are specified by their PIDs.
sudo nice -n 11 vim test.txt
This command enables you to run a command with a different nice value than the default. The -n option increments the nice value by the given integer; if you don't provide an integer, then the command will assume an increment of 10. By running without any options, you'll see the default nice value (0). You must have the root user authority to run a command at a higher priority. Once lowered, the priority for any process cannot be increased by normal users, even if they own the process.
journalctl
This command enables you to view and query log files created by the journal component of the systemd suite. Log information is collected and stored via the systemd journald service.
partprobe
This command is used to update the kernel with changes in the partition table (using fdisk or parted). The command first checks the partition table, and if there are any changes, it automatically updates the kernel with the changes.
free -h
This command parses the /proc/meminfo file for easier analysis of memory usage statistics. Its default behavior is to display the following information about system memory and swap space: The total memory, total used, total free, total shared, total buffered and cached (combined), and total available for starting new apps (estimated).
timedatectl set-timezone US/Pacific
This command sets the timezone of the system to Pacific Daylight Time
Enforced use of PKI
This creates a password-less login scheme to mitigate password cracking techniques used by attackers to gain access to an account
Cinnamon
This desktop environment is a fork of GNOME 3 and one of the default environments for the Linux Mint distro. It was developed in response to the changes in GNOME 3, and uses a typical desktop metaphor rather than an abstract one. It does not support Wayland.
MATE
This desktop environment is another fork of GNOME that was created in response to the changes in GNOME 3. It was developed to maintain and extend the functionality of GNOME 2. It is the other default environment for Linux Mint, and is also available as an option in some other distributions. It does not currently support Wayland.
KDE Plasma
This desktop environment is the second-most common desktop environment and is included in distributions like RHEL and CentOS, even if not set as the default. It supports modularity through widgets, enabling users to add, move, and remove screen elements to fit their own personal workflow. It has a robust set of GUI apps, including word processors, mail clients, multimedia software, and more. It supports both X and Wayland.
/etc/apparmor.d/
This directory contains AppArmor profiles for executables
/dev/
This directory contains device driver files that enable the system and users to access devices themselves
/boot
This directory contains files necessary to boot the Linux operating system, including the compressed executable file that contains the Linux kernel itself.
/etc/apparmor.d/tunables/
This directory contains tunable files, which enable you to configure AppArmor functionality without directly modifying profiles
/sys/
This directory is a virtual file system that contains a hierarchical view of device information
/proc/
This directory is a virtual file system that contains various files that represent system information reported by the kernel
/etc/rc.d/
This directory is an alternative location for SysVinit initialization scripts for services
~/.ssh/id_rsa
This file contains the user's private key
~/.ssh/id_rsa.pub
This file contains the user's public key
/etc/nsswitch.conf
This file defines the order in which name resolution methods will be used by the system; The order may be the /etc/hosts file first, then DNS; or DNS first, then the /etc/hosts file. The preferred configuration is /etc/hosts then DNS.
/etc/services
This file is a database of services and their corresponding port numbers. This file enables services to, by default, attempt to bind to their corresponding port when activated
/etc/rc.local
This file is executed at the end of the init boot process, typically used to start custom services. It is rarely used and not supported in some distributions that use SysVinit
/etc/securetty
This file is leveraged by the pam_ _____ module to determine what controlling terminals (/dev/tty#) the root user is allowed to login to. If this file does not exist, the root user can log in from any controlling terminal. If the file exists and is empty, root access is limited to single user mode and certain programs like ssh. Otherwise, adding the name of a controlling terminal to this file in the format tty# will give root access to that terminal.
/etc/ssh/ssh_config
This file is similar to ~/.ssh/config except that it is a client ssh configuration file that applies globally rather than to a specific user.
/etc/ssh/sshd_config
This file is used to configure an SSH server
/etc/default/ufw
This file is used to configure high-level settings like policy defaults and kernel module usage for the UFW management tool.
Anaconda
This installer can provide prompts to an administrator to configure the new Linux server, or it can reference files to customize the installation.
xfs
This is a 64-bit, high-performance journaling file system that provides fast recovery and can handle large files efficiently. It is the default file system for CentOS/RHEL 7 installations.
Secure Sockets layer / Transport Layer Security (SSL/TLS)
This is also used as a VPN authentication and encryption protocol, used primarily for remote access connections. Unlike IPSec, it is an application-layer (layer 7) protocol and is therefore application-dependent.
Kerberos
This is an authentication service that is based on a time-sensitive ticket-granting system. It is used as a single sign-on (SSO) method where the user enters access credentials that are then passed to the authentication server, which contains an access list and allowed access credentials.
IP Forwarding
This is the Linux kernel implementation of network routing functionality. It enables incoming traffic on one network interface to be forwarded to another network interface. It is therefore only useful on systems that have multiple interfaces, particularly systems that act as routers or gateways for other systems in the network.
noop
This is the simplest scheduler and does not sort I/O requests, but merely merges them. This can be ideal in situations where the device or its storage controller performs its own sorting operations. It can also benefit devices that don't have mechanical components requiring seek time, like SSDs and USB flash drives, because this scheduler doesn't expend much effort in reducing seek time.
soft link
This link can be a reference to a file or directory that can span multiple file systems. If the original file or directory is deleted, then the original content is lost.
YAML
This may be used to store configuration information that is used on newly deployed virtual machines. This information may be used by cloud-init to install software or create user accounts during the virtual machine's first boot, or may be used by orchestration tools like Ansible. These files consist of a list of key-value pairs that specify the desired configuration.
Changing default ports
This might be able to confound attackers or temporarily stop automated attacks that target well-known ports
packet drop
This occurs when one or more packets sent from a source are unable to reach their intended destination.
/dev/disk/by-id
This refers to an identifier based on the device's hardware serial number.
/dev/disk/by-path
This refers to an identifier based on the shortest physical path to the device (i.e., the path changes if you plug the device into a different port on the controller). This is useful in configurations using DM-Multipath, a feature of the kernel that supports multiple I/O paths to devices.
/dev/disk/by-uuid
This refers to an identifier based on the universally unique identifier (UUID) that was assigned to the device when a file system was created on it.
Run level 6
This run level reboots the system.
Run level 5
This run level starts multi-user mode with networking and GUI capabilities. Loads a desktop environment.
Run level 3
This run level starts multi-user mode with remote networking. Loads a CLI.
Run level 2
This run level starts multi-user mode without remote networking. Loads a command-line interface (CLI).
Run level 1
This run level starts single-user mode.
deadline
This scheduler performs sorting of I/O operations using three queues: a standard pending request queue, a read first in first out (FIFO) queue, and a write FIFO queue; the latter two of which are sorted by submission time and have expiration values. It is ideal for certain workloads like multi-threaded workloads.
Zombie
This state indicates that a process was terminated, but that it has not yet been released by its parent process. It cannot accept a kill signal because the process isn't available anymore.
Fail2ban
This third-party intrusion prevention system (IPS) prevents brute force attacks by monitoring log files that pertain to any system service with an authentication component. It leverages Netfilter and iptables to actually perform blocking actions, and can even be used to update your firewall rules. It supports both IPv4 and IPv6.
DenyHosts
This third-party intrusion prevention system (IPS) primarily protects SSH servers from brute force password cracking attacks by monitoring the authentication log to look for failed login entries. It will take the source IP address and number of failed attempts into consideration. If enough failed attempts from the same source meet the threshold you've configured (or the default), it will block that source. It only works for IPv4 traffic.
netcat -l {port} > received.file, netcat {ip_addr} < original.file
Transfer file content between two computers (one command from computer 1, another from computer 2)
/dev/mapper
contains all logical volumes on the system that are managed by LVM, formatted as /dev/mapper/<volume group name>-<logical volume name>. Logical volumes may also be in the path /dev/<volume group name>/<logical volume name>
/etc/modprobe.d
contains configuration files for modprobe, older distributions used /etc/modprobe.conf
/dev/tty#
controlling terminals are referenced by this path
sudo yum install iptables-services, service iptables save
In CentOS/RHEL, install the necessary package and issue the proper command to ensure rule changes made with iptables persist on reboot.
/etc/grub2.cfg
In RHEL forked distros, this is a symbolic link to the grub.cfg file
apt purge {package name}
Uninstall the package using apt and remove its configuration files.
apt remove {package name}
Uninstall the package using apt, leaving behind its configuration files.
apt update
Update APT database of available packages.
yum update [package name]
Update a package using yum; if none provided, updates all installed packages (time-consuming).
apt upgrade [package name]
Upgrade the package using apt, or upgrade all packages if none provided (time-consuming).
scp {filename} user@host:/home/dir
copy a file to a remote host over ssh
rsync -avz /home/mydir/ user@host:/home/mydir/
copy the differences between files to a remote host over ssh, using archive mode to keep symbolic links, devices, attributes, permissions, ownerships etc. preserved, in verbose mode, compressing the data.
groupadd -o -g 123 -f sales
create a group with a non unique id, exiting with success if it already exits
sudo sytemctl enable --now httpd
create a symbolic link from the unit file in /etc/systemd/system to /usr/lib/systemd/system, enabling the Apache http service to start when the system reboots, and also start it now
sudo vgcreate {volume_group} {list_of_disk_partitions from /dev/}
create a volume group from previously initialized physical volumes
brctl addbr {bridge name}
create an empty network bridge
dd if=/dev/sda of=drive_image.iso
create an image of a drive by copying and converting its contents
chroot /home/user /usr/bin/bash
create the new root directory using the Bash shell as the process inside the jail
tar -cvf tarball.tar file1 file2 file3
creating a tarball vurbose into a file name
15 2 * * * /path/to/command
crontab entry that executes the command at 2:15 A.M., daily.
30 4 1 * * /path/to/command
crontab entry that executes the command at 4:30 A.M. on the first day of each month.
* 20 * * 1-5 /path/to/command
crontab entry that executes the command at 8 P.M., Monday through Friday
udev
daemon that runs in the background, manages the automatic detection and configuration of coldpluggable (during boot) and hotpluggable devices (during runtime)
sudo swapoff /dev/{swap_partition}
deactivate the swap space on a device
groupdel {group name}
delete a group
userdel -r {username}
delete a user and their home directory files
sed '/hey/d' test.txt
delete the lines starting with "hey" from a file stdout (the file is not changed)
nmcli general status
View a summary of network connectivity data
nmcli connection show
View identification information for each NIC
crontab -l
View the crontab file for the current user
ip route
View the current routing table on the system
route
View the current routing table on the system, deprecated in favor of the ip route command
Localhost, Unix sockets
When troubleshooting application performance, developers may need to choose how communication with a service occurs. One method, ______, creates a full network connection, including all TCP error checking, etc. This method may be significantly slower. The alternative design for developers is ______. This approach will often provide a performance increase by removing the TCP overhead from the transaction. The overhead isn't needed because the connection is entirely local.
X11 forwarding
X11 is network-aware and can enable clients to access GUI elements over a network. You can forward X traffic through an SSH tunnel in order to encrypt these communications.
Image
You can back up data as individual files or as collections of files, but you can also create one-to-one copies of entire systems. _______-based backups save the state of an operating system in an _______ file format like ISO. You can use this _______ to restore a system to the state it was in when the _______ was captured.
Container Images
You can deploy containers using these. You create them yourself or download them from the Internet. They may contain everything needed for the container, including applications and supporting configurations.
pts/#
You can enable the root user to log in to a pseudoterminal by adding a ____ entry to the /etc/securetty file. However, this is a security risk, as it will allow insecure or malicious programs to leverage root privileges.
echo {scheduler} > /sys/block/{device name}/queue/scheduler
You can set the I/O scheduler to use on a particular device by executing this command
Cloning
_______ is the process of copying all of the contents of a storage drive to another storage medium. Technically, an image backup is a _______ of a drive. However, _______ operations often go one step further by using the image file to reconstruct the original drive on a second drive.
Snapshots
_______ record the state of a storage drive at a certain point in time and usually exist on the same drive. They are "checkpoints" that you can restore the drive to rather than true copies of data that exist elsewhere.
Netfilter
a Linux kernel framework that handles packets that traverse a network interface. Some of the major services it provides are packet filtering, NAT, and connection tracking. It supports the configuration of these services by providing hooks into the kernel's network stack. Every packet that traverses the network interface will be "caught" by these hooks. User space programs that are registered with the relevant hooks are able to interact with the packets on the hooks.
Cloud-init
a cloud-based Linux mechanism to customize a virtual machine during its first bootup. This customization might include security settings, software package installations, user and group creation, etc. It references YAML files to find the necessary settings.
lsmod
a command that displays all kernel modules and their status (size and how many other modules are using it)
sudo grub2-mkconfig -o {output_file}
a command that generates a new grub.cfg configuration file by combining the configuration file templates in the /etc/grub.d/ directory with the settings in /etc/default/grub. By default, the new config file is sent to stdout, but can overwrite an existing grub.cfg by specifying the path.
ss
a command that is an information gathering utility similar to netstat but provides simpler output and syntax
Saturation
a network link's capacity is exceeded, i.e., all bandwidth is being used up.
Yellowdog Updater, Modified (YUM)
a newer and more advanced package manager that is commonly used by Red Hat derivatives. It relies on RPM and uses .rpm packages stored in repositories. It automatically installs any additional packages a package depends on.
Zypper
a package manager that supports repositories, dependency solving, and management of the software lifecycle. It is an openSUSE package manager that supports .rpm packages
raw partition
a partition format other than MBR or GPT that enables users and applications to read from and write to a block storage device directly, without using the system cache. This is useful in situations where software like a database management system (DBMS) has its own caching mechanism. The DBMS has greater control over I/O caching in a raw partition and can bypass the caching normally done by the kernel.
GUID Partition Table (GPT)
a partition structure that is part of the UEFI standard. Every partition on a drive is assigned a globally unique identifier—a GUID. There is no maximum storage space or partition number and boot data is stored in multiple locations for redundancy.
Universal Serial Bus (USB)
a peripheral interface technology that has become the de facto standard for connecting input devices, external storage devices, mobile devices, and more, to computers.
Hardware Token
a physical device that generates and stores the authentication information, and that information is tied to that particular device. One common example is a key fob that generates and displays a numeric token on the key fob's small screen.
Linux Unified Key Setup (LUKS)
a platform-independent FDE solution that is commonly used to encrypt storage devices in a Linux environment.
Common Unix Printing System (CUPS)
a print management system that enables a computer to function as a print server that can process different data formats. It is designed for scheduling print jobs, processing administrative commands, and providing printer status information to local and remote programs. It provides a web-based interface for configuring the service.
Hashing
a process or function that transforms plaintext input into an indecipherable fixed-length output and ensures that this process cannot be feasibly reversed
ntfs
a proprietary file system created by Microsoft as the primary file system for Windows. It provides many enhanced features over FAT, including file- and folder-level security, file encryption, drive compression, and scalability to very large drives and files. Linux does not support It by default
dual-homed
a server with multiple NICs connected to different network segments, virtualization networks support this.
Active/Passive
a setup for NIC bonding where one NIC is active while another is on standby. If the active NIC fails, the system automatically fails over to the standby NIC.
Type 2 hypervisor
a software layer that provides control between the virtual machines and the physical hardware that runs as a service on a locally installed operating system. Examples include: Oracle VM VirtualBox and QEMU
Type 1 hypervisor
a software layer that provides control between the virtual machines and the physical hardware that runs directly on the hardware in a "bare metal" deployment. Examples include: VMware ESXi and Microsoft Hyper-V
Hypervisor
a software layer that resides over the physical hardware and manages the allocation of that physical hardware to a virtual machine.
cifs
a specific implementation of SMB that is rarely in use. Microsoft designed it as a successor to SMB version 1, but SMB versions 2 and 3 superseded it. However, Linux still uses the name in some of its tools, though these tools support newer versions of SMB.
Master Boot Record (MBR)
a type of partition structure and the first physical sector on a storage drive that contains the boot loader that loads the operating system into memory and the partition table of the storage drive. There is a 2TB max storage space, a max of 4 primary partitions, and boot data is stored in only one sector.
Virtual Machine Manager (VMM)
a utility that can be used for managing connectivity to virtual machines. It enables the deployment, management, and removal of virtual machines using an intuitive graphical interface.
fdisk /dev/{device}
a utility that is used to create, modify, or delete partitions on a storage drive.
parted /dev/{device}
a utility that is used to manage partitions. It can be used to create, destroy, and resize partitions
sudo swapon /dev/{swap_partition}
activate a swap partition in a specified device
firewall-cmd --zone=dmz --add-port=21/tcp
add TCP port 21 (FTP) to the dmz zone.
modprobe {module_name}
add a module to the kernel after loading all dependent modules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
add a rule to the end of the input chain to accept http traffic from anywhere
iptables -A INPUT -p tcp --dport ssh -s {ip_addr) -j ACCEPT
add a rule to the end of the input chain to allow ssh (using named alias vs. port 22) traffic from a specific source (based on ip address)
usermod -aG wheel username
add a user to the wheel group, giving them sudo privileges
ipset add range_set {cidr_block}
add an ip address range to an IP set
firewall-cmd --zone=dmz --add-service=http
add the HTTP service to the dmz zone.
firewall-cmd --zone=dmz --change-interface=<device ID>
add the specified interface to the dmz zone.
acl
add this option to a file system in the /etc/fstab file to enable FACL, if not enabled by default (unmount then remount or reboot if root)
grpquota
add this option to a file system in the /etc/fstab file to enable group storage quotas (unmount then remount or reboot if root)
usrquota
add this option to a file system in the /etc/fstab file to enable user storage quotas (unmount then remount or reboot if root)
/etc/cron.d/cron.deny/allow
add user names to this file on separate lines to blacklist/whitelist these users for cron access
/etc/grub.d/
directory that contains scripts that are used to build the main grub.cfg file. Don't edit the existing scripts. To add a custom scripts use ##_ file name prefix (like 40_custom) to denote the order you want the script to execute in.
systemctl mask ctrl-alt-del.target
disable the use of Ctrl+Alt+Del on systemd systems
systemctl mask firewalld
after disabling it, create a symbolic link from firewalld.service to /dev/null to ignore requests from other services to activate its unit file, this is typically done when switching to iptables
Terminal Access Controller Access-Control System + (TACACS+)
an Internet standard protocol that provides authentication, authorization, and accounting (AAA) services that is more secure than RADIUS
Remote Authentication Dial-In User Service (RADIUS)
an Internet standard protocol that provides authentication, authorization, and accounting (AAA) services. _______ clients will pass all authentication requests to the _______ server for verification.
Dandified YUM package manager (DNF)
an improved version of YUM, it uses fewer resources
cat /etc/passwd | grep {username}
display a user entry for a specific user
which {command}
display the complete path of a specified command's executables
ls -i
display the inode numbers of the files in the current working directory
du -h
displays how devices are used in human readable form
inode
an object that stores metadata about a file or directory on a file system, unique inode numbers in an inode table are mapped to the corresponding file or directory, XFS file systems used dynamic inode allocation with no strict limit.
Statefull Firewall
In contrast to packet filtering firewalls, they can identify past traffic that is related to a packet. This means that they can view the entire conversation of a transmission, such as the three-way TCP/IP handshake, and make more informed decisions about what traffic to deny and what to allow.
thin client
any lightweight computing device that connects to a more powerful server for doing work.
apt install {package name}
Install a package using apt
wget http://download.samba.org/pub/samba/samba-latest.tar.gz
download a file from a website, this command can download files recursively but only supports HTTP/S and FTP
curl -o nmap-7.70.tar.bz2 https://nmap.org/dist/nmap-7.70.tar.bz2
download a file from a website, this command is easily ported to other systems and supports many network protocols, but cannot download files recursively
SIGKILL (9)
Kill the process immediately. The signal cannot be caught or ignored. This is typically used as a last resort.
sudo dmidecode > ~/report.txt
dump the system's Desktop Management Interface (DMI) table to verify connected devices and whether or not they support certain features
ssh-keyscan {ip_addr} >> ~/.ssh/known_hosts
append the public key of a server to the known hosts of a client
/etc/cron.hourly
Link or copy a script into this directory to run your commands every hour
tail -f {file_name}
dynamically watch the last 10 lines of a file
libvirt
Linux virtualization solutions are built on top of this, an application programming interface (API) that provides the software building blocks for developers to write their own virtualization solutions. It provides a solid foundation for Linux-based virtualization.
imedateclt list-timezones
List all available time zones in the format specified by the /usr/share/zoneinfo structure.
ls -Z
List directory contents along with each object's SELinux security context.
aa-unconfined
List processes with open network sockets that don't have an AppArmor profile loaded (at minimum, you should secure any application that is listening on a network port)
ps -Z
List running processes along with each process's SELinux security context
chage -l user1
Lists password aging information
klist
Lists the user's Kerberos ticket cache.
sysctl -p[file name]
Load sysctl settings from the specified file, or /etc/sysctl.conf if no file name is provided.
cryptsetup -v -y luksFormat /dev/{partition}
Format a storage device using the LUKS encryption standard in verbose mode with passphrase verification. A key is generated, attached to the system, and the user's account is granted privileges to access it.
/etc/logrotate.d/
Log rotation behavior can be configured in this directory, where each relevant service has its own configuration file.
Ctl+Z
Halt a job/ pause a process from the terminal, freeing the command prompt so you can use the bg command.
ln {target name} [link name]
Make a hard link
Block Storage
breaking files into pieces and writing those pieces to the fundamental storage areas of the drive. Data is reassembled when called by the operating system.
/etc/pam.d/
PAM configuration files are located in this directory, where each PAM-aware service or application has its own file
sudo tcpdump -i enp0s3 > ~/data.txt
capture everything in a packet except for the payload using a packet sniffing utility, specifying the network interface and redirecting the results to a text file.
cat test.txt | tr "[a-z]" "[A-Z]" > test2.txt
change lower case letters in a file to upper case letters and redirect to another file
chown :{group name} {file/directory}
change the group but not the owner. This is the same as using the chgrp command.
chgrp {group name} {file/directory}
change the group of a file or directory.
chown {user name}: {file/directory}
change the owner and the group of a file or directory so the group will be changed to the specified user's login group.
chown {user name} {file/directory}
change the owner but not the group of a file or directory
touch {file names}
change the time of access or modification time of a file to the current time, or create an empty file with the specified name
passwd
change your own password
chown {user name}:{group name} {file/directory}
changethe owner and the group of a file or directory
SIGSTP (18, 20, 24)
Pause a process from the terminal. The signal can be caught or ignored. This is the same as pressing Ctrl+Z at a terminal; a process might change this shortcut behavior, however.
SIGSTOP (17, 19, 23)
Pause a process. The signal cannot be caught or ignored. This is typically sent from kill or another program and not the terminal.
ls -Z {file/directory}
check the SELinux security context of a specific object
ps -Z {PID}
check the SELinux security context of a specific process
sudo aa-complain /etc/apparmor.d/{profile}
Place a AppArmor profile in complain mode
sudo aa-enforce /etc/apparmor.d/{profile}
Place an AppArmor profile in enforce mode
pam_ldap.so /etc/pam.d/common-
Place directives that use the _____ module to authenticate the user with the LDAP service in the _____ files
netcat -z -v domain.tld {port_range}
Port scan a computer
aggregation
combining the bandwidth, fault tolerance, redundancy, and load balancing of two or more NICs on the same system by bonding them together.
pgrep {pattern}
command displays the PID of processes that match any given pattern, like the name or user ID (UID) of the user who invoked it; the start time; the parent PID; and more.
iptables -I INPUT -m set --match-set range_set src -j DROP
configure an iptables rule to drop traffic whose source matches the ranges in an IP set
VM templates
these can make deployments much more efficient. Administrators and users can deploy servers themselves in a self-service environment using pre-defined templates that specify different processor, memory, storage, and network configurations.
/lib/systemd/system/*.target
these files are used determine one of several ways in which the system can operate, such as running with just a CLI; running with a graphical desktop environment; initiating a system shut down; and more. You can activate these in order to boot into the desired environment.
Virtual Private Network (VPN)
these servers enable remote users to connect to the internal company network and access internal resources as if they were physically present at the network location. Content is encrypted in the client and decrypted in the server
Authentication servers
these servers hold information about user identities in a directory store for use in centralized authentication.
Web Servers
these servers host the files and images that make up websites, typically hosted through a service called Apache using HTTP on TCP port 80 or HTTPS on TCP port 443
Certificate Authority (CA) servers
these servers manage the enrollment, approval, expiration, and revocation of certificates to provide a way of guaranteeing identity based on the use of a public key infrastructure (PKI) and asymmetric encryption
Dynamic Host Configuration Protocol (DHCP) servers
these servers provide IP address configurations (IP address, a subnet mask, default gateway (router) etc.) to client systems who lease them using UDP port 67 and 68
Name / Domain Name System (DNS) servers
these servers store relationships between easy-to-remember hostnames and difficult-to-remember IP addresses. They use TCP/UDP port 53
monitoring services
these services can monitor applications, the OS, or CPU and memory usage like top
Clustering services
these services provide access to a storage area network through a cluster of node servers that accept client connections. If one node goes down, the other nodes can maintain availability
kill {pid}
this command Sends any specified signal, or by default the termination signal, to one or more processes. The PID must be specified as the argument. As a user, you can only use the this command with processes that you own.
pkill {pattern}
this command Sends any specified signal, or by default the termination signal, to processes based on a matching pattern. The command matched a name pattern rather than a process ID.
tune2fs -j {device/file system name}
this command adds journaling to an existing ext2 or ext3 file system. If the file system is already mounted, the journal will be visible in the root directory of the file system. If the file system is not mounted, the journal will be hidden.
sudo e2label /dev/{disk_partition} {Label}
this command adds or changes a ext2/3/4 file system label for easy identification
make
this command automatically looks for the makefile in the current directory, reads the makefile and makefile.dep/, and compiles the application by running the underlying gcc commands specified.
iptables -N {chain}
this command creates a new iptables rule chain
iftop -i eth0
this command displays bandwidth usage information for the system, helping to identify whether a particular NIC or protocol is consuming the most bandwidth. Use it to see what is consuming the most bandwidth on an interface
lsusb -v -s {bus} -d {vendor}
this command displays detailed information about devices that are connected to the specified USB bus and from the specified vendor
lsblk
this command displays information about all block storage devices that are currently available on the system. The output is displayed in a tree-like format with each physical device at the top of the tree and each partition or logical volume branching off from that device.
sudo firewall-cmd --get-default-zone
this command displays the default firewalld zone that all network adaptors are going to be tied to the default zone unless changed
last {terminal number}
this command displays the history of user login and logout actions, along with the actual time and date. It also has options that enable you to filter users who have logged in through a specific terminal
last
this command displays the running history of user login and logout actions, along with the actual time and date
lsdev
this command displays various information about a system's hardware as reported by the kernel
ldd {program binary}
this command enables a user to view shared library dependencies for an application
hwclock
this command enables you to view and set the hardware clock; it is strongly recommended that you keep the hardware clock aligned with UTC to prevent over-correction by other operating systems. Options include --set, -u, -s, --adjusts
ioping -c 5 /dev/{partition}
this command generates a report of device I/O latency in real-time. It will "ping" the specified device the specified number of times (if given) with requests and print information about each request at the command-line.
uptime
this command gives information about the current time, how long the system is running, and how many users are currently logged in. Most relevant to CPU troubleshooting, however, is the load average field. You can find the average load over three different periods of time, from left to right in the output: the last 1 minute, the last 5 minutes, and the last 15 minutes.
make install
this command installs the application binaries, libraries, and documentation in the correct locations for system wide use
/etc/inittab
this file stores details of various processes related to system initialization on a SysVinit system. It also stores details of the runlevels in use. The init daemon reads from this file to determine what runlevel to boot into, what daemons to start, and what to do if the runlevel changes.
/etc/passwd
this file stores user account information; it is not recommended to edit this file directly
sudo resize2fs /dev/{volume_group}/{logical_volume}
ext2/3/4 tooling used to expand or shrink a filesystem on a device; note that the device must be unmounted before shrinking the filesystem
sudo vgextend {volume_group} {disk_partition from /dev}
extend a volume group to include another initialized physical volume
tar -xvf {source_file}.tar | /dev/{partition}
extract a tarball and direct its contents to an available device
tar -xvzf tarball.tar.gz
extract a tarball, verbose, unzip, from a file name
.tgz or .tar.gz
file extension used to indicate a compressed tarball
/etc/fstab
file system table, lists all disks and where they are being mounted to. To make the FS persistent, including logical volume, they must be placed into the file system table. File Systems can be mounted based on uuid, device name (path), or a label.
sudo chkconfig {service} off
for SysVinit, disable a service so that it does not start on boot, no run levels
sudo chkconfig -level 235 {service} on
for SysVinit, enable a service to be started on boot for run levels 2,3, and 5
sudo chkconfig {service} on
for SysVinit, enable a service to be started on boot for run levels 3 and 5 by default
sudo service {name} status
for SysVinit, print the current status of a service
sudo service {name} reload
for SysVinit, re-read a service's configuration files while the service remains running.
sudo service {name} restart
for SysVinit, restart a service immediately (not set to start on reboot)
sudo service {name} start
for SysVinit, start a service immediately (not set to start on reboot)
sudo service {name} stop
for SysVinit, stop a service immediately
Wayland
for this display server, the compositor is the server rather than a separate component, enabling clients to exchange events directly with the compositor, mitigating latency issues, letting clients perform their own rendering, and isolating window I/O data for increased security.
rm -rf {directory}
force recursive removal of a directory and its contents,
sudo udevadm control --reload-rules
force udev to reload the rules so changes will take effect on devices that are already connected
sudo mkfs.ext4 /dev/{volume_group}/{logical_volume}:
format a logical volume, which may also be referenced in /dev/mapper/{logical_volume}
.gz
gzib compression utility file extension, take one or more files and reduces their size
tune2fs {device/file system name}
helps you configure various "tunable" parameters associated with an ext2/3/4 file system
sudoedit /path/to/file
his command permits a user to edit files that need elevated privileges to do so. To use it, you must make an entry in the /etc/sudoers file.
timedateclt {status}
how the current date and time information, including local time, universal time, RTC time, time zone, and more.
third extended file system (ext3)
in case of an abrupt system shutdown, it is much faster than older file systems in recovering data and better ensures data integrity. You can easily upgrade your older file system to this newer format.
X Window System (X11)
in this system, the server coordinates client input and application output to determine how to draw elements on the screen; it also communicates with a compositor that reads a memory buffer that each application writes to and combines each individual application window on the screen so that multiple windows can appear at once. When the server receives an event, it must inform the compositor so that it can re-composite the portion of the screen that is affected by the event
Grand Unified Boot Loader (GRUB)
it enables users to choose which operating system or kernel version to boot in a multi-platform environment, phases out in favor of a newer version
Logical Volume Manager (LVM)
maps whole physical devices and partitions (e.g., /dev/sda1, /dev/sdb2, etc.) into one or more virtual containers called volume groups. Within these volume groups are one or more logical volumes. Ultimately, the logical volumes become the storage devices that the system, user, and applications work with.
find {search_directory} -name {file_name} 2>/dev/null
search a directory for a file while throwing any permission denied errors away
cat {file_name} | grep -E "{string_1}|{string_2}"
search a file for one string OR another
locate {filename}
searche the mlocate database for a matching string in a file or directory, mlocate is not always up to date
iptables-save | tee /etc/sysconfig/iptables
see iptables rules configurations on stdout and save them to disk
ipset create range_set hash:net
set a name, storage method, and data type for a new IP set
sudo passwd {username}
set a user's password as root
EnvironmentFile=/etc/sysconfig/example
set an environment file in a Unit file
Environment=VAR=/value
set an environment parameter in a Unit file to pass from parent processes to child processes
ulimit -n 512
set the maximum number of open file descriptors to 512
sudo lvdisplay
show logical volumes
sudo pvdisplay
show physical volumes and list attributes
head -n 5 {file_name}
show the first 5 lines of a file
tail -n 5 {file_name}
show the last 5 lines of a file
sudo vgdisplay
show volume groups
sudo systemctl stop sshd
shut down the ssh service daemon immediately
sort -k 2 -t, -r {filename}
sort a file on column 2 using a comma delimiter in descending order
sort -k 2 -t" " {filename}
sort a file on column 2 using a space delimiter
sudo systemctl start httpd.service
start the Apache http service (the service extension is optional) from the unit file in /lib/systemd/system/
Blob Storage
storing data in an unstructured manner as a binary large object, object storage for audio, video, multimedia, text
lpr -E -P {destination} -# 10 {file_name}
submit a 10 copies of a file for printing encrypted to a specified printer
sudo telinit 3 -t 30
switch the current run level of the system to run level 3, but wait 30 seconds
.tar
tape archiver file extension, bundle together multiple files into a single tarball
setfacl -m g:{groupname}:rw {filename}
modify the ACL of a file to allow a specified group read and write permissions
setfacl -m u:{username}:rw {filename}
modify the ACL of a file to allow a specified user read and write permissions
mount /dev/mapper/{virtual_name} /mnt/{mount_point}
mount a LUKS encrypted partition
sudo mount dev/{volume_group}/{logical_volume} /mnt/{subfolder}
mount a logical volume to a directory
nfs
offers similar functionality to SMB, but the protocols are not compatible. It is preferred in situations where Linux clients access Linux servers. In environments that are a mix of Windows and Linux, the SMB protocol is the better choice.
insmod {module_name}
old command to install a module into the currently running kernel without inserting any dependent modules, it won't become active unless the hardware is detected
overlay networks
one network built over the top of another, virtualized networks may be thought of as this, especially when deployed in a cloud environment
One-Time Password (OTP)
passwords that either expire after first use or expire within a small time period, or both
dd if=/dev/sda of=/dev/sdb
perform a full backup of a storage partition by copying data from one partition to another
hostnamectl set-hostname {new_name}
permanently change hostname, bash will only reflect the change after a new terminal is opened
General-purpose input/output (GPIO)
pins on a circuit board that have no designated purpose, but are controllable by the user at runtime programmatically through software (on Raspberry Pi devices)
/etc/pam.d/password-auth and /etc/pam.d/system-auth
place user lockout directives using the pam_tally2.so and pam_faillock.so modules in these files.
shared libraries
placed in the /usr/lib/ directory, these are chunks of compiled code that can be used in programs to accomplish specific common tasks
nohup {command/script}
prevents a process from ending when the user logs off
printf "Hello.\nWhat's your name?"
print a formatted string on two lines
systemd-analyze blame
print a list of all systemd units that were executed at boot, along with the time it took each unit to execute, used to determine what startup processes are slowing down boot operations
sed -n '/hey/p' test.txt
print only the lines starting with "hey" from a file
Network Address Translation (NAT)
provides the same functionality in virtual and physical environments, to translate between the reserved, private IP address ranges and the public, Internet address ranges.
mkfs.xfs /dev/mapper/{virtual_name}
put an XFS file system on a LUKS encrypted partition
sudo firewall-cmd --reload
reload the firewall to get changes, like a newly created zone, into RAM from disk
firewall-cmd --zone=dmz --remove-port=21/tcp
remove TCP port 21 (FTP) from the dmz zone.
unlink {file_name}
remove a file using a command other than rm (this command can only remove one file at a time and cannot remove directories)
sudo lvremove /dev/{volume_group}/{logical_volume}
remove a logical volume from a volume group
modprobe -r {module_name}
remove a module from the kernel
atrm {job_number}
remove a scheduled job
setfacl -x u:{username} {filename}
remove a user from the ACL of a file
sudo vgremove /dev/{volume_group}
remove a volume group
rmdir {directory_name}
remove an empty directory
sudo pvremove /dev/{physical_volume1} /dev/{physical_volume2}
remove one or more physical volumes
firewall-cmd --zone=dmz --remove-service=http
remove the HTTP service from the dmz zone.
sudo systemctl disable httpd
remove the symbolic link from the unit file in /etc/systemd/system to /usr/lib/systemd/system so that the Apache http service does not start when the system reboots
sudo lvresize -L +{size_added} /dev/{volume_group}/{logical_volume}
resize a logical volume, note that the filesystem on the logical volume must still be expanded out to utilize the added space using filesystem specific tooling
systemctl restart network
restart the entire networking stack (the network service daemon), ensuring that changes to network configuration scripts take effect (fine for workstations, not such a good idea on servers)
sftp user@host:file.txt
retrieve a file non-interactively from a remove host using an SSH tunnel as a transportation mechanism to encrypt data
awk '$1 == "Apache"' {filename}
retrieve entries from a file who's first field is Apache
getfacl {filename}
retrieve the access control list of a file or directory
cut -d: -f1-3 {filename}
return the first through third fields of a file's lines using a colon delimiter
cut -f 2 -d, {filename}
return the second field of a file's lines using a comma delimiter
wc -lwc {filename}
returns line count, word count, and or character count of a file (the default behavior)
/etc/cron.d/
root user and services can schedule system-wide tasks by using this directory
/etc/crontab
root users can add scheduled system-wide tasks to this file
bg {job_number}
run a stopped application in the background by job number
fg {job_number}
run an application in the foreground by job number
iperf -s, iperf -c {server address}
run these commands, first one on the server and then the next on the client, to test the maximum throughput an interface will support. The utility must be installed on both endpoint systems. It is the client that is getting tested. You can use this command to ensure that throughput is meeting your expectations.
arp -d {IP address}
run this command to clear an entry from the ARP cache for a particular IP address as part of the troubleshooting process. If a computer has cached incorrect or out-of-date information, connectivity may be lost to a particular node.
arp -a
run this command to view the ARP cache
umask 027
temporarily alter (not persistent on reboot) the default permissions on newly created files and directories so that groups have only read and execute permission on directories and only read permissions on files, while others have no permission on directories or files
Throughput
the amount of data that actually moves through a network connection in the given amount of time.
/etc/rsyslog.conf
the configuration file for the rsyslogd service. This file determines how to handle syslog messages through a variety of rules that you can modify as needed. ({facility.severity} {log_path})
/etc/skel/
the contents of this directory are copied into the home directory of a new user when it is created using useradd command, however, existing users will not receive additions or modifications
UTF-8
the default encoding (text to bytes) which uses the Unicode character set.
~/.bashrc
the file in which a persistent per user umask can be set
Local SSH port forwarding
the local client listens for connections on a port, and then tunnels any active connection to a remote server using SSH
grub.cfg
the main configuration file for the GRUB 2 boot loader. On BIOS systems, it is located in the /boot/grub2/ directory. On UEFI systems, it is located in the /boot/efi/EFI/<distro>/ directory with a .efi file extension. Don't edit this file directly!
nmcli
the most fundamental of the NetworkManager interfaces. It contains many subcommands that enable you to view and configure network information.
vmlinux
the non-compressed version of the kernel used for debugging
755
the octal for default permissions set on a directory created by a root user, before any umask is applied
777
the octal for default permissions set on a directory created by a standard user, before any umask is applied
666
the octal for default permissions set on a file created by a standard user, before any umask is applied
Bandwidth
the potential amount of data that may move through a network connection in a given amount of time.
Advanced Package Tool (APT)
the preferred method of package management in Debian-derivatives today, it also relies on .deb packages.
Name resolution
the process of relating easy-to-remember names with difficult-to-remember IP addresses. There are two general ways in which this works. The first is via static text files such as the /etc/hosts file. The second method is via a dynamic database called Domain Name System (DNS).
Uninterruptible sleep
the process will only wake when the resource it's waiting for is made available to it. Otherwise, it will stay in its sleep state. This state is common for processes that perform storage or network I/O.
Remote SSH port forwarding
the server forwards inbound client traffic to another system on a different port.
002
the typical system wide umask setting that is applied to standard users by default
Pluggable Authentication Modules (PAM)
the underlying framework and centralized authentication method leveraged by authentication services like Kerberos and LDAP
wireshark, tshark
this is a very common packet sniffer and network analyzer and its associated cli command. It is used in troubleshooting to identify what network traffic is moving in a given network subnet, to see exactly what packets are moving through a network segment or NIC and what packets are not.
X.Org Server
this is the free and open source reference implementation of the X Window System for Linux and other Unix-like operating systems.
/var/log/secure
this is the location of authentication messages. Primarily used by RHEL and CentOS.
/var/log/messages
this is the location of general non-critical system events. Primarily used by RHEL and CentOS.
/var/log/kern.log
this is the location of kernel messages (e.g., dmesg output).
/var/log/[application]
this is the location of messages from miscellaneous applications (e.g., cron, firewalld, maillog, etc.).
/etc/dhcp/dhclient.conf
this is the primary DHCP (Dynamic Host Configuration Protocol) reference file, enabling the configuration of client settings, including timeout values, dynamic DNS configurations, etc.
Address Resolution Protocol (ARP)
this is used to relate IP addresses and MAC addresses.
/etc/hosts
this old school file can be used in special case situations where a particular system—perhaps a developer's workstation—needs to connect to an experimental server that is not registered on the network. One can also place DNS lookup global overrides here.
smb
this protocol provides users shared access to files and other resources across a local area network (LAN). Clients make requests for resources to servers, which respond and provide the appropriate level of access. This protocol is primarily used with Windows computers. However, compatible software called Samba helps interface Linux and Windows hosts running network shares.
logging service
this service centralizes log files from many Linux servers to one to makes them easier to archive for service-level agreements (SLAs), troubleshooting and diagnostics, and performance auditing
Network Time Protocol (NTP)
this service enables the synchronization of a node's time with a designated, definitive time source. It uses UDP port 123
Load Balancer
this service is used to distribute inbound connection requests across multiple servers, like distributing connection attempts among web servers.
proxy service
this service passes pass Internet requests between the two networks using a trusted connection to an internal network and an untrusted connection to the internet
Secure Shell (SSH)
this service provides an authenticated, encrypted method of connecting to a remote (or even a local) system. Most frequently it is used for remote administration, though it can be used as a tunnel to carry other kinds of network communications securely. It uses TCP port 22
Ctl+c
this shortcut is the same as executing the command to interrupt a process from the terminal, enabling it to end gracefully
/etc/X11/
this subdirectory contains configuration files for input and output devices that might impact the X.Org Server environment, such as keyboards, mice, and monitors.
/sys/devices/
this subdirectory includes files that expose details about specific devices
/etc/crypttab
this table performs a similar function to the fstab file, but its purpose is to store information about encrypted devices and partitions that must be unlocked and mounted on system boot. It includes an optional password field for unlocking the encrypted device.
Thin Provisioning
this type of storage provisioning refers to a virtual storage device file that will grow on demand up to a maximum size. This may make for more efficient use of drive space, but it may also include a performance hit. This is most appropriate in environments where the cost of maintaining large storage pools is much more of a concern than the risk of temporarily running out of storage.
pam_faillock.so and pam_tally2.so
two PAM modules you can use to trigger a temporary user lockout if multiple authentication attempts fail. The first module is recommended, as it is a newer module that improves upon the second by supporting user lockout when authentication is done over a screen saver.
pam_tally2 -r -u user
unlock a user and reset their failure count by issuing this command
sudo umount /mnt/{subfolder}
unmount the folder that the logical volume is tied to
updatedb
update a database for mlocate
at 10 PM Fri
use this command to enter an interactive prompt where you list other commands intended to run once at 10pm this Friday
at now + 1 hour
use this command to enter an interactive prompt where you list other commands intended to run once at one hour from now
/etc/systemd/system/{unit_file}.d/{unit_file).conf
use this file to extend or override specific functionality within the unit file
Datagram Transport Layer Security (DTLS)
used as an alternative VPN tunneling protocol, it essentially implements SSL/TLS over datagrams (UDP), its traffic is not susceptible to the same delays that TCP-oriented traffic is.
Network File System (NFS)
used to deliver boot media to a client over a network. The client will mount an NFS share as its root file system. NFS is preferred in situations where Linux clients access Linux servers.
date +%F
used to print the date in a specified format (in this case YYYY-MM-DD) or change the system's date by including the -s option with a provided argument.
Boot from ISO
using a .iso image file written to a media device to boot from and install an OS. Commonly used to construct virtual machines.
chmod 750 {filename}
using absolute mode, set owner permissions to read, write, and execute, set group permissions to read and execute, and remove all permissions to others for a file
chmod 2755 {directory}
using absolute mode, set the group id on a directory so that all subdirectories created within it will inherit the SGID permission and all new files and subdirectories created within it will inherit the directory's group id (neither applies to existing objects or moved objects)
chmod 1755 {filename}
using absolute mode, set the sticky bit of a file so that only the owner can delete it
chmod 4755 {filename}
using absolute mode, set the user id on a file to let it be executed with owner privileges
chmod u+x, g+rx, o-rwx {filename}
using symbolic mode, add execute permissions to the owner, read and execute permissions to the group, and subtract read, write, and execute permissions from others to a file
chmod u=rwx, g=rx, o= {filename}
using symbolic mode, set owner permissions to read, write, and execute, set group permissions to read and execute, and remove all permissions to others for a file
Containers
A single host operating system runs multiple applications in isolation from each other, but all applications share the OS and its resources.
whereis {command}
locate the binary, source, and manual page files for a command
load
A CPU's ______is expressed as the number of processes that are either using or waiting to use the CPU. It can also include the number of processes in the queue for storage I/O.
self-signed certificate
A certificate that is owned by the same entity that signs it. In other words, the certificate does not recognize any authority, and is essentially certifying itself, requiring the client to trust the entity directly.
LC_*={locale}
A collection of localization environment variables, including, but not limited to: LC_ADDRESS to set the postal address format. LC_MONETARY to set the format of monetary values. LC_MEASUREMENT to set the measurement system (e.g., metric vs. imperial).
Virtual Network Computing (VNC)
A cross-platform remote desktop service that enables full remote control of a desktop environment. It leverages the Remote Frame Buffer (RFB) protocol. A server must be installed on the target machine, which you can access with a corresponding client. There are many different implementations that work on Linux. It can work with X and Wayland.
~/.ssh/known_hosts
A file on the client that lists the public keys that the client accepts. In other words, the client uses this file to authenticate servers.
~/.ssh/config
A file on the client that you can use to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.
~/.ssh/authorized_keys
A file on the remote server that lists the public keys that the server accepts. In other words, the server uses this file to authenticate the client.
Simple Protocol for Independent Computing Environments (SPICE)
A free and open source protocol designed specifically for use in virtual environments. It is often used by administrators to connect to virtual machines that are hosted by the Kernel-Based Virtual Machine (KVM) hypervisor.
xrdp
A free and open source utility that constructs a Remote Desktop Protocol (RDP)-like server for non-Windows systems. RDP was developed by Microsoft and is the default remote desktop software on Windows. So, you can install this on a remote Linux server and use a tool like rdesktop or even the default RDP client to connect to that server—in other words, the client can be on any platform. This utility is designed to work with X.
Bluetooth
A technology used primarily for establishing a personal area network (PAN) in which devices communicate wirelessly within a few feet of each other.
GNU Compiler Collection (GCC)
A very common compiler for Linux that is also implemented as a utility
targeted
According to a ___________ policy, except the ___________ subjects and objects, all other subjects and objects will run in an unconfined environment. The un___________ subjects and objects will operate on the DAC method and the ___________ ones will operate on the MAC method. A ___________ policy is enabled by default.
Incremental
All selected files that have changed since the last full or _______ backup (whichever was most recent) are backed up. When _______ backups are used, you must restore the last full backup plus all subsequent _______ backups. An _______ backup typically takes less time to perform than a differential backup because it includes less data, but it is also slower when it comes time to recover the data.
Full
All selected files, regardless of prior state, are backed up. Numerous _______ backups can consume a great deal of storage space, and the backup process can be slow. However, _______ backups are fast and reliable when it comes to recovering lost data.
echo 1 > /proc/sys/net/ipv4/ip_forward
Alter a single value in the appropriate file in order to enable IP forwarding in the kernel for IPv4 traffic
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Alter a single value in the appropriate file in order to enable IP forwarding in the kernel for IPv6 traffic
/etc/udev/rules.d
An administrator applies their own customizations to this directory so that udev behaves in accordance with the administrator's preferences and/or the organization's business needs. As a result, the files in this directory are loaded with the highest priority.
sudo ssh-copy-id -i ~/.ssh/{key} user@hostname
Append the user's public keys to the remote server's authorized_keys file so that the server can authenticate the user's private key. The public key is sent over SSH and typically requires password authentication to be enabled.
kinit
Authenticates with Kerberos, granting the user a ticket granting ticket (TGT) if successful.
apparmor_status
Display the current status of AppArmor profiles
nmcli device status
Display the current status of each NIC
journalctl -f -n {number of lines} -o {short | verbose | export} -p {alert | err | warning | notice | info} -b {boot ID} -u {service name}
Display the most recent journal entries, and continuously update the display with new entries as they are added to the journal, specify the number of lines to display, the format, the severity, the boot, and the service
getsebool -a
Display the on/off status of ALL SELinux boolean values. Boolean values enable you to change policy configurations at runtime without actually writing the policy directly.
getsebool {bool}
Display the on/off status of ONE SELinux boolean value. Boolean values enable you to change policy configurations at runtime without actually writing the policy directly.
apt version {package name}
Display version information about the package using apt.
sudo visudo
Edit the /etc/sudoers file using this command to enable users and groups to be given specific commands to run in order to fulfill their responsibilities without having full administrator privileges. The system verifies the syntax of the /etc/sudoers file before committing changes
crontab -e
Edit the crontab file for the current user
imedateclt set-ntp {true,false, 0, 1}
Enable or disable synchronization with a Network Time Protocol (NTP) server.
nmcli con up {device ID}
Enable the specified NIC
process ID (PID)
Every process is assigned this when it is started so that the system and users can uniquely identify it. This is a non-negative integer that increases for each new process that is started. The init daemon's is always 1 because it is the first process to start and is the parent of all other processes on the system. For troubleshooting, you'll need this in order to terminate a process, change its priority, and perform other management tasks on it.
sudo udevadm trigger
Execute rules that apply to any device that is currently plugged in. You can also specify an action using the -c option, such as add, remove, or change. As the names imply, these will trigger events where a device is added, removed, or changed in the running kernel.
xfs_growfs
Expand the XFS file system to fill the drive size
route add -host {IP address} reject
Filter traffic destined to the specified address, which enables an administrator to control connections to a particular host. Can also be configured for an entire subnet.
/etc/network/
For Debian-derived distributions, network configuration files representing the interfaces can be found in this directory
sudo apt install iptables-persistent
For a Debian-based distro, install the necessary package to ensure rule changes made with iptables persist on reboot.
hard link
For this link, if the original file is deleted, all its contents will still be available in the linked file. This link cannot be created between two directories, nor can they be created between two files in different file systems
sudo ssh-keygen -t rsa -f ~/.ssh/{key}
Generate a public/private key pair using a specified asymmetric encryption algorithm and specifying a file path and name
sestatus
Get the status of SELinux, including its current mode, policy type, and mount point
Complete Fair Queuing (CFQ)
In this I/O scheduler, each process is given its own queue and each queue has an interval by which it is accessed, or its time slice. The scheduler uses a round-robin system to access each queue and services requests from these queues until either their time slices or requests are exhausted.
Permissive
In this mode, SELinux is enabled, but the security policies are not enforced. So, processes can bypass the security policies. However, when a security violation occurs, it is logged and a warning message is sent to the user.
Disabled
In this mode, SELinux is turned off. So, MAC will not be implemented and the default DAC method will be prevalent.
Enforcing
In this mode, all the SELinux security policies are enforced. Therefore, processes cannot violate the security policies.
sudo pvcreate {list_of_disk_partitions from /dev/}
Initialize one or more drive partitions to use as a physical volume. A partition is expected to already be on the disk. Any formatting on the partition (ext4, xfs) will be wiped.
Unity
Initially designed to make better use of space on devices with small screens, the app launcher on the left side of the screen is always present in this desktop shell. It supports both X and Wayland.
SIGINT (2)
Interrupt a process from the terminal, enabling it to end gracefully. The signal can be caught or ignored. This is the same as pressing Ctrl+C at a terminal; a process might change this shortcut behavior, however.
Importance of disabling root login via SSH
It can prevent an authorized user from gaining complete access over a system from a remote location.
Importance of denying hosts
It configures the system to deny hosts that it does not recognize
Importance of enabling SSL/TLS
It guarantees confidentiality and authenticity in the data that is sent to and received from clients.
fourth extended file system (ext4)
It is backwards-compatible with its older filesystem siblings. Among its improvements are journaling, support of volumes of up to one exbibyte (EiB), and files up to 16 tebibyte (TiB) in size. This is the default file system for Ubuntu installations.
Internet Protocol Security (IPSec)
One of the most prominent protocols for site-to-site connections, this is a set of open, non-proprietary standards that can be used to secure data as it travels across the network or the Internet. It uses different protocols and services to provide data authenticity and integrity, anti-replay protection, non-repudiation, and protection against eavesdropping and sniffing. It operates at the network layer (layer 3) of the OSI model, so it is not application-dependent.
cryptsetup luksOpen /dev/{partition} {virtual_name}
Open a LUKS storage device and set it up for mapping to a virtual name, assuming the provided key material is accurate. The passphrase used to encrypt the device will be asked for.
-20 to 19
Processes are prioritized based on a number from ______, called a nice value or niceness value. The lower the number, the higher the priority. A processes inherits a nice value from its parent, and by default, that value is 0.
SIGTERM (15)
Terminate a process, enabling it to end gracefully. The signal can be caught or ignored. This is typically sent from kill or another program and not the terminal.
top : k
Terminate the process for which you specify the PID.
sar
Use this command to see what component is causing heavy load on the CPU and when. It displays CPU usage in various time increments for each category of resource that accessed the CPU, such as users, the system, I/O scheduling, etc. It also displays the percentage of the CPU that was idle at a given time. At the bottom of the report is an average of each data point across the listed time periods.
sysctl
Use this command to view or set kernel parameters at runtime. Use this command to troubleshoot CPU issues by retrieving CPU-based kernel parameters at runtime.
/etc/hosts.allow
Using a TCP wrapper, you can specify hosts to allow to connect with the SSH service in this file (specify hosts by their hostnames, IP addresses, network segments, etc.). This file takes precedence and is applied before its counterpart file.
/etc/hosts.deny
Using a TCP wrapper, you can specify hosts to deny connection with the SSH service in this file (specify hosts by their hostnames, IP addresses, network segments, etc.) This file is overridden by and is applied after its counterpart file.
virtual file system (VFS)
a common software interface that sits between the kernel and real file systems. We can mount multiple different types of file systems on the same Linux installation, and they will appear uniform to the user and to all other applications; examples include /proc/, /sys/,/boot/initramfs, devtmpfs, and debugfs
GRUB 2
a complete redesign and rewrite of the older boot loader system. It is made of a binary that gets loaded into RAM and various configuration files. finds the OS (initrd + Kernel)
vmlinuz
a compressed executable file that contains the Linux kernel located in the /boot directory
Load Balancing
a configuration for NIC bonding where the combined bandwidth of each NIC is used in a way that one of the NICs is not overwhelmed
Network Interface Card (NIC)
a device that provides an interface with which hosts exchange data over a network. Many are built into a computer's motherboard, but more can be added to the system on an expansion bus or USB. Each type of network connection protocol requires its own type (WLAN, LAN, etc.)
Lightweight Directory Access Protocol (LDAP)
a directory service protocol that runs over Transmission Control Protocol/Internet Protocol (TCP/IP) networks. ______ clients authenticate to the ______ service, and the service's schema defines the tasks that clients can and cannot perform while accessing a directory database, the form the directory query must take, and how the directory server will respond.
real file system (RFS)
a discrete file system that the Linux kernel can normally work with directly; examples include xfs and ext4 file systems
DM-Multipath
a feature of the Linux kernel leverages the device mapper to support multiple I/O paths (connection interfaces) between the CPU and the storage devices. The multipath-tools package enables you to manage DM-Multipath for storage devices. A typical configuration file is located at /etc/multipath.conf
out-of-memory (OOM) killer
a feature of the Linux kernel that determines what process(es) to kill when the system is extremely low on memory. It will continue to kill processes until enough memory is free for the kernel and the system to run smoothly.
/etc/default/grub
a file that contains GRUB 2 display menu settings that are read by the /etc/grub.d/ scripts and built into the grub.cfg file.
/etc/grub.d/40_custom
a file that enables the customization of the menu presented to the user during the boot process that is executes last by default. It enables an administrator to specify the order of the menu choices, provide user-friendly names, and to password protect menu entries
Unified Extensible Firmware Interface (UEFI)
a hardware initializing system that has largely replaced BIOS. It checks for bootable media and loads the primary boot loader from the MBR/GPT partition along with the partition table
kernel panic
a mechanism by which the system detects there has been a fatal error and responds to it. A fatal error could include a corrupted or misconfigured kernel or the systemd program not executing during boot.
digital signature
a message digest that has been encrypted with a user's private key. Asymmetric encryption algorithms can be used with hashing algorithms to create a ______. The sender creates a hashed version of the message text, and then encrypts the hash itself with the sender's private key. The encrypted hash is attached to the message as the ______.
vmstat
command displays various statistics about virtual memory, as well as process, CPU, and I/O statistics (total virtual memory available, total virtual memory that is free for use, total memory used in buffers and cache, total memory used in swap space, Time spent running user space, Time spent running in kernel space, Time spent idle, Time spent waiting for I/O)
virsh
command is an interactive shell to KVM (Kernel-Based) virtual machines. You can create (from XML), start, shutdown, reboot, and save VMs using this command
ip link set eth1 down
command that disables the interface identified as eth1
ip link set eth1 up
command that enables the interface identified as eth1
grub2-install /dev/{device_name}
command that installs the GRUB 2 boot loader on a storage device for a BIOS system. It copies GRUB 2 files into the /boot/grub2 directory.
depmod
command that probes all modules in /lib/modules/<kernel version>/ for all instances of symbols being exported and used by other modules in order to build /lib/modules/<kernel version>/modules.dep so that modprobe can accurately install dependent modules
host {domain_name} {DNS_IP}
command that returns the ipv4 and ipv6 ip address of the specified domain name or vice versa. An optional alternative DNS server can be specified
ip link
command that shows the current status of all network interface
brctl show
command to view the network bridge configuration
dig @{DNS_IP} {domain_name}
command used for gathering information and testing name resolution. Output will include the IP address mapped to the domain name, the DNS server that answered the query, and how long it took to receive that answer. An optional alternative DNS server can be specified
ping -c 5 {domain_name}
command used for sending five test packets between two systems. You can specify the ip address or domain name of the destination, but if the domain name is not converted to an IP, there is a DNS problem. Mismatched sequence numbers might indicate a dropped packet.
nmtui
command used to calll up a text based user interface for network management
dracut /boot/initramfs-$(uname -r).img $(uname -r)
command used to create the initial ram filesystem image
mkinitrd -o /boot/initrd.$(uname -r).img $(uname -r)
command used to create the initial ramdisk image
netstat
command used to gather information about TCP connections to the system, deprecated in favor of the ss commandc
grub2-mkpasswd-pbkdf2
command used to generate a password hash to protect the boot menu
ethtool -S {device}
command used to manage NIC (Network Interface Card) driver and network configurations, with the option to show statistics for a NIC
dmesg -H
command used to print any messages that have been sent to the kernel's message buffer during and after system boot, in human readable format
iwconfig
command used to provide wireless NIC configurations, including settings like SSID, encryption information, etc.
ip addr
command used to show the IP address information on all network interfaces
nslookup {domain_name} {DNS_IP}
command used to test the DNS server, used for gathering name resolution information and testing name resolution. It also has an interactive mode when entered without a specified domain name. An optional alternative DNS server can be specified
diff {filename1} {filename2}
compare two files, showing where they differ
/etc/issue
edit this file to add a banner message that will display useful information every time a user logs in
/etc/motd
edit this file to display a message of the day bellow the information banner
/etc/issue.net
edit this file to display a message to SSH clients
systemctl enable auditd
enable the auditd service to ensure that records used in auditing are being written to storage. These records include everything from number of failed logins, number of commands issued, and much more
Preboot Execution Environment (PXE)
enables a client to retrieve the necessary boot loader and system files from a server over the network
~/.bashrc
enables customization of the user's own environment, like personal aliases or abbreviations for commands, or environment variables, this file will not impact any other users and is read with all subsequent logins
sealert -a /var/log/audit/audit.log | grep {pattern} | audit2why
enter this command to troubleshoot unexpected SELinux violations
/boot/initramfs or /boot/initrd
initialization RAM file system or disk, a small root file system used to get the system booted, virtual file system designed to be used by the kernel, the version must match the version of the kernel, as it is purpose built for it. The initramfs is dynamically sized while the initrd has a fixed-sized.
iptables -I {chain} -j LOG
insert a rule at the beginning of a chain to log all packets that reach the chain. Note: you can create a duplicate rule (in addition to another rule that has an ACCEPT, RETURN, or DROP action) and set the action to LOG
yum install grub2-efi
install the GRUB 2 boot loader on a UEFI system. Installing this package will copy GRUB 2 files onto the EFI system partition (ESP) in the /boot/efi directory
ss -atp
list all TCP sockets and the associated processes using those sockets
ss -1
list all currently listening sockets
firewall-cmd --zone=dmz --list-all
list all details of the dmz zone, including the interfaces, ports, services, protocols, and more that the zone applies to.
ss -an
list all sockets but do not try to resolve service names
jobs
list of applications running in the background
ps -u
list processes with username and star time
ps -r
list processes, excluding those that are not currently running
atq
list scheduled jobs
ls -lash
list the long form of all files and directories, including their size, in human readable form
chkconfig --list
lists all services and 'on' or 'off' for each run level (0-6)
cp -r {source} {destination}
recursively copy an entire directory to another location
&>
redirect both stdout and stderr
sudo echo Hello! > /dev/tty1
redirect text to another terminal
Open Virtualization Appliance (OVA)
refers specifically to a single package representing the network appliance, usually stored in a different format, such as a .tar file.
ps -e
this command invokes the process table, a record that summarizes the current running processes on a system. The option here lists all processes. When the command is run without any options, it displays the processes run by the current shell with details such as the PID, the terminal associated with the process, the accumulated CPU time, and the command that started the process.
mtr domain.tld
this command is a combination of ping and traceroute, with additional improvements to enable testing of the quality of a network connection. Ping packets are sent to the destination in large groups, and response length is noted along with dropped packets to indicate packet loss.
mdadm
this command is a tool used to manage software-based RAID (Redundant array of independent disks) arrays; it enables you to create, manage, and monitor RAID arrays.
fsck {device/file system name}
this command is used to check the integrity of a file system. Most systems run it at boot time to detect errors early. You should unmount the filesystem before scanning it.
who
this command is used to determine the details of users currently logged in to a system, including their user name, their connection source, and the date and time they connected, -u also indicates how long the user has been idle
lspci
this command is used to display information about devices that are connected to the system's PCI buses, including logical slot, class, and vendor
w
this command is used to display the details of users who are currently logged in to a system and their transactions.
whoami
this command is used to display the user name with which you are currently logged in to the system
id {username}
this command is used to display user ID (UID) and group ID (GID) information; the currently logged in user is queries if no other username is provided
dumpe2fs {device/file system name}
this command is used to dump ext2, ext3, and ext4 file system information. It prints the superblock and block group information for the selected device.
time {command}
this command is used to gather information about how long it took to execute a command, as well as some additional statistics about the I/O and memory used in command execution.
lsblk
this command is used to identify block storage devices connected to the system
fsck -r {device/file system name}
this command is used to repair a file system
traceroute {hostname}
this command is used to report the network path between the source and destination computers, including any routers the connection uses, and outputs each hop along the path.
localectl
this command is used to view and configure the system locale (language, monetary values etc.) and keyboard layout settings. subcommands inlcude status, list-locales, set-locale, list-keymaps, and set-keymap
sudo firewall-cmd --get-active-zones
this command list firewalld zones that actually have a network interface attached to them
firewall-cmd --get-zones
this command lists all available firewalld zones, rule sets that can apply specific network resources, most distributions create a hand full of them by default
top
this command lists all processes running on a Linux system. It acts as a process management tool by enabling you to prioritize, sort, or terminate processes interactively.
iostat -d /dev/{device}
this command lists transfers, blocks read, and blocks written per second as well as total blocks used and total blocks written for a device
lsof
this command prints a list of all files that are currently opened to all active processes. This can include everything from a text file to a device file—any object that the system can parse as a file.
runlevel
this command prints the previous and current runlevel of the system, each separated by a space.
whois domain.tld
this command provides information on Internet DNS registrations for organizations. This can be useful for learning or verifying information regarding ownership of a domain name, contact information for an organization, etc.
./configure
this command reads makefile.in, gathers system information needed by the application and places it into a makefile customized to your system
netstat -l
this command shows only information about what ports are being listened on, including the protocol used by the socket, the path name of the process connected, I-Node number etc.
blkid
this command simply prints each block device in a flat format and includes some additional information like device/partition UUID and file system type. However, it is preferable to use lsblk -f if you want this additional information.
vi test.txt &
this command throws vi into the background immediately
lastb
this command will pull information on failed login events
lpq +3 {printer}
this command will report the status of the specified printer queue (if given) or the default pinter, updating every 3 seconds until the queue is empty. By default, it will report each print job's rank in the queue, who owns the job, the job number, the files in the job, and the size of the job.
last 1
this command with display the details of users who logged in using the first terminal (tty1)
bridging
this connects two networks into a single managed unit, virtualization networks support this.
/etc/profile
this file provides system-wide environment variables, the system reads this file only first during the initial login process before reading the user-specific Bash customizations in ~/.profile
Open virtualization format (OVF)
this contains the necessary configuration files, packages, etc., for virtual machines and network devices. These files may be used in the deployment of virtual machines in a virtualized environment. In addition, these files are easily distributed. The metadata of the virtual machine, including information about the VM's requirements and dependencies, is described in an XML-formatted file.
/etc/netplan/
this directory contains YAML description files to configure network interfaces used by the Netplan network configuration utility
/dev
this directory contains files that represent and support devices attached to the system. For example /dev/sda1 refers to the first partition on the first whole SCSI drive.
/dev/mapper/
this directory contains logical volumes, encrypted volumes, and other devices that are managed by device mapper
/etc/sysconfig/network-scripts/
this directory contains network device configuration files. These files include the configurations of any NICs, bonds, and bridges that might exist on the Linux system. These files usually take the form of ifcfg-<NIC>. Settings can include whether the NIC is configured for static or dynamic IP addresses, whether the NIC is enabled or not, etc
/etc/profile.d/
this directory contains scripts for setting additional global environment variables, recommended over editing /etc/profile directly
/usr/lib/udev/rules.d/
this directory contains udev rules that are generated by the system, you should refrain from editing them. Rules in this directory are low priority
/run/udev/rules.d/
this directory contains udev rules that will apply at runtime but will be lost in the event of a system reboot (they're volatile)
/etc/ufw/
this directory holds more granular configuration files for the UFW management tool. You can edit these files to control when rules are applied, when customizations are run with respect to the ufw command, and more.
/etc/
this directory includes configuration files for many components, including components that interface with devices.
/sys/block
this directory includes links to devices that are stored in various subdirectories under the /sys/devices/ location, which presents a hierarchy of devices in the kernel.
/usr/share/zoneinfo/
this directory is a container for all of the regional time zones that you can configure the system to use. Subdirectories in this container usually organize languages by region
/etc/init.d
this directory stores initialization scripts for services. These scripts control the initiation of services in a particular runlevel. The scripts are invoked from the /etc/inittab file when the system initialization begins, using the symbolic links found in the file.
/var/spool/cron
this directory stores user specific scheduled tasks
/etc/timezone
this file can be used to view the time zone on Debian bases distributions.
/proc/devices
this file contains a list of character and block device drivers loaded into the currently running kernel.
/proc/meminfo
this file contains information about RAM usage, including total memory, free memory, cached, swap, and much more.
/proc/partitions
this file contains information about each partition that is currently attached to the system. This is not a real file but part of the virtual file system.
/proc/cpuinfo
this file contains information about the system's processor. You can use this information to identify characteristics about your CPU that might indicate issues related to performance or lack of support for features.
/etc/bashrc
this file contains system wide bash default settings
~/.profile
this file defines user environment variables runs each time a new shell is started
/etc/sysctl.conf
this file enables configuration changes to a running Linux kernel. These changes might include improvements to networking, security configurations, or logging of information.
.automount
this file extension includes instructions for automatically mounting a mount point defined in a .mount unit file
/etc/resolv.conf
this file informs the system of the IP address of one or more DNS servers
Kickstart
this file is used by Linux to customize the installation, providing an unattended install. All information about partitions, packages, user accounts, software deployments, etc., are contained in this file. The combination of Anaconda and this enables rapid, consistent, and customized Linux installations.
/etc/sysconfig/network
this file is used to configure whether networking should be enabled at boot, as well as hostname information, gateway information, etc. These settings may instead be configured on a per-interface basis in the /etc/sysconfig/network-scripts/ifcfg-<NIC> files.
/etc/mtab
this file is very similar to the /proc/mounts file in that it reports the status of currently mounted file systems. However, /proc/mounts is typically more accurate and includes more up-to-date information about the file systems
/etc/group
this file lists groups, their ids, and their members
/proc/mounts
this file lists the status of all currently mounted file systems in a format similar to fstab: the system's name, mount point, file system type, etc. This is not a real file, but part of a virtual file system.
/etc/shadow
this file lists users and their password hash along with additional information including password requirements and expiration information
~/.bash_profile
this file provides shell configuration for the initial login environment, it is only read with the first login
Thick Provisioning
this type of storage provisioning refers to when a virtual storage device immediately reserves the allocated space for use by the virtual device only, regardless of whether that much capacity is actually needed. Performance is better, but it may consume more drive space than it needs. This is most appropriate in environments where disruptions to the continuous storage process present an intolerable risk, more so than the expense of unused storage.