Commands

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Preboot Execution Environment (PXE)

enables a client to retrieve the necessary boot loader and system files from a server over the network. During the startup process, it will search for Dynamic Host Configuration Protocol (DHCP) servers that transfer the boot files to the client over the Trivial File Transfer Protocol (TFTP).

raw partition

enables users and applications to read from and write to a block storage device directly, without using the system cache. It is not a unit of storage.

private key

encrypts a digital signature message digest. The sender creates a hashed version of the message text, and then encrypts the hash itself with the sender's private key.

TZ

environment variable for a time zone that can be used in a script or users bash profile.

perf

Perf is a monitoring and performance analysis tool for Linux. You can use it on different flavors of Linux, such as Ubuntu and CentOS. you can measure the CPU performance of specific commands. For example, you can profile CPU while Documents/ directory is being copied to the PLAB directory.

optional control flag

Pluggable Authentication Module (PAM) control flags, when used, ignores the module result.

sufficient PAM control flag

Pluggable Authentication Module (PAM) control flags, when used, the module result is ignored upon failure.

uname

Print information about the current system.

ssh_config file

exists on the client and is used to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.

/etc/bashrc

file can be configured by the administrator and then used to provide system-wide Bash settings for all users of the system.

etc/default/grub

file contains GRUB 2 display menu settings that are read by the /etc/grub.d/ scripts and built into the grub.cfg file.

/proc/partitions

file contains a table with major and minor number of partitioned devices, their number of blocks and the device name in /dev.

/etc/default/grub

file contaning the grub2 specific configuration

authorized_keys

file exists on a remote server that lists the public keys that the server accepts. In other words, the server uses this file to authenticate the client.

ssh_config

file exists on the client and is used to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.

/etc/modprobe.conf

file is a configuration file that contains settings that apply persistently to all the modules loaded on the system.

/etc/hosts

file is a file that handles name resolution for an individual machine. Contains a list of hostname-to-IP address mappings the system can use to resolve hostnames.

/etc/grub2.cfg

file is symbolic link to /boot/grub2/grub.cfg

/etc/rsyslog.conf

file is the configuration file for the rsyslogd service. This file determines how to handle syslog messages through a variety of rules that you can modify as needed.

grub.cfg

file is the main configuration file for the GRUB 2 boot loader. On BIOS systems, it is located in the /boot/grub2/ directory.

/etc/dhcp/dhclient.conf

file is the primary Dynamic Host Configuration Protocol (DHCP) client reference file. This file enables overriding settings provided by a DHCP server, such as Domain Name Service (DNS) server settings.

/etc/sysconfig/network

file is used to configure whether networking should be enabled at boot, as well as hostname information, gateway information, etc. It is not a directory and does not contain interface configurations.

/etc/profile

file provides system-wide environment variables. This file is provided for administrators to configure if there are settings that should apply to all users.

e2fsck

file system check utility for ext2, ext3, and ext4 file systems.

/etc/nsswitch.conf

file that defines the sources (like DNS or local configuration files) and the order in which they are consulted when resolving hostnames.

/etc/modprobe.d/blacklist.conf

file will prevent the specified module from loading automatically.

JavaScript Object Notation (JSON)

files may be used to store information that is easy for most programming languages to interpret and use. One use of JSON files is for the quick deployment and configuration of one or more virtual machines.

ext2

filesystem is the second extended filesystem which is the traditional filesystem used in Linux, it supports access control lists (individual user permissions).

83 or 8300

Standard Linux system

full backups

all elected files, regardless of prior state, are backed up. Numerous full backups can consume a great deal of storage space, and the backup process can be slow.

differential backups

all selected files that have changed since the last full backup are backed up. When differential backups are used, you must restore the last full backup plus the most recent differential backup.

incremental backups

all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

IP address

an address that is assigned to a machine so that other machines can communicate with reach other

libvirt

an application programming interface (API) that provides the software building blocks for developers to write their own virtualization solutions.

/etc/systemd/journald.conf

The settings for journald are configured

systemctl -H

The systemctl command enables control of the systemd init daemon which provides an init method for initializing a system. By using the -H option, the operation is executed on a remote host specified by an IP (Internet Protocol) address or hostname.

time

The time command is used to gather information about how long it took to execute a command, as well as some additional statistics about the I/O and memory used in command execution. The syntax is time cp -R /path/source /path/destination.

netstat -r

This displays the route table.

/etc/exports

This file is used to specify what directories are made available on the network as well as providing access. The primary configuration file for NFS.

/dev/disk/by-id

This refers to an identifier based on the device's hardware serial number.

/dev/disk/by-uuid

This refers to an identifier based on the universally unique identifier (UUID) that was assigned to the device when a file system was created on it.

MBR (Master Boot Record)

Tiny bit of code that takes control of the boot process from the system BIOS. A program that reads the partition table to find the primary partition used to boot the system. Is the first physical sector on a storage drive and a type of partition structure.

modprobe -r

Unload a module from memory, or remove module

ping -4

Use the IPv4 network explicitly

.profile

User-specific Bash customizations are pulled from this file. Located in the user's home directory.

/home

Users' home directories, containing saved files, personal settings, etc.

X Window system

Uses the X protocol that leverages a client-server relationship to provide graphical user interface and input device management functionality to applications.

Performance issues

are caused by having inefficient hardware, in particular a very poor I/O system.

IP sets

are stored collections of IP addresses, network ranges, MAC addresses, port numbers, and network interface names. The iptables tool can leverage IP sets for more efficient rule matching.

String operators

are used in operations that manipulate strings in various Ways. This includes concatenating strings, returning a specific character in a string, verifying if a specific character exists in a string, and more.

public key

associates credentials with a digital certificate. Both users and devices can hold certificates which validate the certificate holder's identity.

Comparison operators

include checking if operands are equal, if one operand is less than or greater than another operand, and more. They include < > ==.

zombie state

indicates that a process was terminated, but that it has not yet been released by its parent process.

modprobe -a

insert all modules names on the command line

systemd-analyze

command is used to retrieve performance statistics for boot operations. The blame subcommand is used to identify services and other units that make the system slow to boot.

systemd-analyze

command is used to retrieve performance statistics for boot operations. The command takes one or more subcommands that determine what type of information to print and how. The systemd-analyze dump command outputs a long human-readable serialization of the complete server state.

env

command is used to run a command with modified environment variables. if you want to override values in child processes or add new ones.

netcat

command is used to test connectivity and send data across network connections.

iperf

command is used to test the maximum throughput an interface will support. The utility must be installed on both endpoint systems

depmod

command is used to update the module dependencies database. It is important to run this command when using modprobe. This ensures that modprobe will function correctly.

lshw

command lists each detected hardware component on the system and provides details about each device. It includes information such as the vendor, product name, capacity, speed, etc. This command does not report on device problems.

mkinitrd

command makes the initial ramdisk images for preloading modules. Adding the --with=nfsv4 option creates an initrd image with a Network File System (NFS) module installed.

awk

command performs pattern matching on files. This command can be used to process text files in a variety of ways, including extracting or deleting text matching a certain pattern.

nohup (no Hangup)

command prevents a process from ending when a user logs off the system.

whois

command provides information on Internet DNS registrations for organizations. This can be useful for learning or verifying information regarding ownership of a domain name, contact information for an organization, etc.

xargs

command reads from standard input and executes a command for each argument that is provided. The pipe operator is used between arguments to make the output of one command the input of the next command.

pvscan

command scans for all physical devices that are being used as physical volumes, volume groups, and logical volumes.

pkill

command sends any specified signal, or by default the termination signal, to processes based on a matching pattern.

killall

command sends any specified signal, or the default termination signal, to all processes matching the name specified.

visudo

command should be used with the /etc/sudoers file, because it verifies the syntax before committing changes, enabling the administrator an opportunity to correct mistakes before they become part of the running configuration.

mkfs -c /dev/device

command syntax will check the storage device for bad blocks before building the file system.

ls -i, df -i, du --inodes

command that displays inode information.

locale

command that displays locale information.

du

command that displays the amount of disk space in use. --total (produce a grand total), -h (human readable).

hostnamectl

command that is used to persistently configured the computers hostname

df

command that shows the available disk space on the file system. --total (produce a grand total), -h (human readable).

vmstat

command to display various information, such as CPU, swap, and memory utilization.

umount

command used to unmount a file system. Can specify either the device, label, or mount point (directory).

virsh list

command will retrieve a list of known VMs (virtual machines) on the system. The virsh command is useful when managing KVMs (kernel-based virtual machines).

sudo

configuration is appropriate for commands that need to be executed with elevated privileges.

Logical operators

connect multiple values together, so they can be evaluated. They include AND, OR, and NOT.

/sys/block

contain information about block devices on your system. Your local system has a block device named sda, so /sys/block/sda exists.

/var/log/syslog

contains all types of system events except for authentication messages and is primarily used by Debian-based distros.

/var/log/secure

contains authentication messages and is primarily used by RHEL and CentOS.

/proc

contains information about the process running on the system. Process are listed by PID, with hardware and process data both in the same directory. This file do not exist when the computer shutoff, when the kernel boots the computer this is created in real time.

/sys

contains information about the systems hardware and kernel modules.

/var/log/kern.log

contains kernel messages, such as dmesg output, which is used to print any messages that have been sent to the kernel's message buffer during and after system boot.

/var/log/[application]

contains messages from miscellaneous applications, such as cron, firewalld, and maillog.

iconv

converts files from one type of character encoding to another

mkfs

create a new files system on partition.

nmcli connection add

creates a new connection using specified properties

nmcli con edit

edit an existing connection or add a new one, using interactive editor

logrotate

utility is used to perform automatic rotation of logs. When executed, logrotate adds a .1 to the end of the file name of the current version of the log files. Previously rotated files are suffixed with .2, .3, etc.

memtester

utility is used to stress test RAM (Random Access Memories) modules.

iostat

utility provides overall statistics for block devices and partitions. Using the -d option specifies device information only.

tune2fs

utility used to adjust parameters on ext2, ext3, or ext4 file system

xfs_db

utility used to debug an XFS file system.

xfs_repair

utility used to repair XFS file system

X11

was developed by the Massachusetts Institute of Technology (MIT) in 1984. The X server coordinates client input and application output to determine how to draw elements on the screen.

TCP wrapper

which checks what hosts are explicitly allowed and denied before permitting the host to connect with the SSH service.

e2label

will display or change the filesystem label on the ext2, ext3, or ext4 filesystem located on device.

traceroute -T

will send TCP request instead of ICMP. Sometime firewall blocks ICMP.

Orchestration procedures

will vary by which solution is used, but in general orchestration steps involve defining a desired configuration and then delivering that configuration file to the destination system.

Bonding

involves configuring interfaces to be managed as a single device and have the same IP address configuration. The ability to bond two or more NICs is an important feature for a server. If there are two NICs in a bond, and one fails, the other is present to continue providing connectivity.

Cloning

is a backup storage method and is the process of copying all of the contents of a storage drive to another storage medium.

dumpe2fs

is a command line tool used to dump ext2/ext3/ext4 filesystem information, mean it displays super block and blocks group information for the filesystem on device.

Contexts

is a component of SELinx (Security-Enhanced Linux). SELinux defines three main contexts for each file and process. These contexts are user, role, and type.

/boot/vmlinuz

is a compressed executable file that contains the Linux kernel itself. The boot loader loads this file into memory during the boot process to initialize the operating system.

Simple Protocol for Independent Computing Environments (SPICE)

is a free and open source protocol designed for use in virtual environments. It is often used to connect to virtual machines (VMs) that are hosted by the Kernel-Based Virtual Machine (KVM) hypervisor.

XFS

is a high-performance 64-bit journaling file system created by Silicon Graphics, Inc (SGI) in 1993

Brace expansion

is a mechanism by which arbitrary strings may be generated. It is the first in the order of expansion.

digital signature

is a message digest that has been encrypted with a user's private key. Asymmetric encryption algorithms can be used with hashing algorithms to create digital signatures.

certificate signing request (CSR)

is a message sent to a CA in which an entity applies for a certificate and includes the public key and digital signature.

Command substitution

is a method of shell expansion in which the output of a command replaces the command itself. This is useful when you want to include a command's output within an existing string of text.

Mandatory Access Control (MAC)

is a model in which access is controlled by comparing an object's security designation and a subject's (users or other entities) security clearance. Both SELinux and AppArmor leverage MAC.

Mandatory access control (MAC)

is a model in which access is controlled by comparing an object's security designation and a subject's security clearance.

GPT (GUID Partition Table)

is a modern partition structure that is the successor to the master boot record (MBR). It is not a unit of storage

CIFS (Common Internet File System)

is a network filesystem protocol used for providing shared access to files and printers between machines on the network. A file access protocol. CIFS runs over TCP/IP and is the cross-platform version of SMB used between Windows, UNIX, and other operating systems.

SMB (Server Message Block)

is a network protocol used by Windows-based computers that allow systems within the same network to share files.

Linux Unified Key Setup (LUKS)

is a platform-independent FDE solution that is commonly used to encrypt storage devices in a Linux environment.

SSH port forwarding

is a remote access protocol that encrypts transmissions over a network. The process of tunneling an application through SSH to secure it in a transmission is called SSH port forwarding.

initrd

is a scheme for loading a temporary root files system into memory, which may be used as part of the linux startup

Identity and Access Management (IAM)

is a security process that provides identity, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

certificate authority (CA)

is a server that issues digital certificates for entities and maintains the associated private/public key pair.

Storage integrity

is a symptom where magnetic hard disk drives may degrade over time and develop bad blocks.

chroot jail

is a technique of controlling what a process—a user, for example—can access on a file system by changing the root directory of that process's environment.

unicode

is a universal character encoding standard. It defines the way individual character are represented in text files, web pages, and other types of documents.

Automatic Bug Reporting Tool (ABRT)

is a utility that analyzes and reports on problems detected during system runtime.

environment variable

is a variable that is inherited from parent shell processes and is subsequently passed on to any child processes.

environment variable

is a variable that is inherited from parent shell processes and is subsequently passed on to any child processes. An environment variable consists of a name, usually written in uppercase letters, and a value, such as a path name.

positional parameter

is a variable within a shell script that is assigned to an argument when the script is invoked.

Tunables

is an AppArmor component that enable the configuration of functionality without directly modifying profiles.

nmtui

is an alternative command for nmcli which is based on "Text User Interface".

AppArmor

is an alternative context-based permissions scheme and Mandatory Access Control (MAC) implementation for Linux. works with file system objects based on paths.

Kerberos

is an authentication service that is based on a time-sensitive ticket-granting system. It is used as a single sign-on (SSO) method where the user enters access credentials that are then passed to the authentication server, which contains an access list and allowed access credentials.

digital certificate

is an electronic document that associates credentials with a public key. Both users and devices can hold certificates.

syslog

is an event logging standard that facilitates centralized logging services over a network that records text files, which include the data and time of an event, the process name and ID that sent the message, as well as the message itself.

OpenSSL

is an open source implementation of the SSL/TLS application layer (layer 7) protocol for securing data in transit using cryptography.

Zypper

is an openSUSE package manager that supports repositories, dependency solving, and management of the software lifecycle. It supports standard RPM (Red Hat Package Manager) .rpm packages.

Finger

is an outdated service used to retrieve the status of hosts and users over a network. It is susceptible to many attacks and should not be used.

NoMachine (NX)

is cross-platform proprietary remote desktop software that offers support for multi-session environments and account management.

Wayland

is display server and reference implementation in Unix-like operating systems that is meant to improve upon and replace the X Window System.

X Window System

is network-aware and can enable clients to access Graphical User Interface (GUI) elements over a network. It is possible to forward X traffic through a Secure Shell (SSH) tunnel. This process is known as X Forwarding.

type 2 hypervisor

is one that runs as a service on a locally installed operating system.

type 1 hypervisor

is one that runs directly on the hardware in a "bare metal" deployment. For example: VMWare ESXi.

self-signed certificate

is owned by the same entity that signs it. The certificate does not recognize any authority, certifies itself, and requires the client to trust the entity directly.

IP forwarding

is the Linux kernel implementation of networking routing functionality. It enables incoming traffic on one network interface to be forwarded to another network interface.

Security-Enhanced Linux (SELinux)

is the default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux. references inodes directly.

NTFS (New Technology File System)

is the file system that the Windows NT operating system uses for storing and retrieving files on a hard disk.

Word splitting

is the fourth step in the order of expansion. It is how the results of expansion are split into separate arguments.

shell environment

is the mechanism by which Bash, or any other shell, maintains settings and other behavioral details about the shell. The shell creates this environment when starting a session and uses the environment's settings to determine how to interact with the user.

syslogd service

is the original syslog service on Linux. It uses TCP instead of UDP, data encryption using SSL/TLS, outputs data to MySQL databases, and filters data based on content.

Shell expansion

is the process by which the shell identifies special tokens that it substitutes values for. Variable substitution is a type of shell expansion by which the shell identifies the $ special character and then expands a variable into its actual value.

requisite PAM control flag

is the same as the required control flag, but notifies the user immediately upon failure.

Tilde expansion

is the second step in the order of expansion. Tilde expansion is the process of converting certain abbreviations to the directory names that they stand for.

Bridging

is the term for connecting two networks into a single managed unit. Virtualized network environments support bridging.

Same time

is the third step in the order of expansion. There are four expansions that happen at the same time: parameter expansion/variable substitution, arithmetic expansion, command substitution, process substitution.

SSL/TLS

is used as a VPN authentication and encryption protocol, used primarily for remote access connections. application-layer (layer 7) protocol.

config file

is used to configure SSH key-based authentication in Linux. It is a file on the client that you can use to configure SSH connection settings.

aa-disable

is used to configure an AppArmor environment and disables a profile, unloading it from the kernel.

apparmor_status

is used to configure an AppArmor environment that displays the current status of AppArmor profiles.

raw table

is used to configure exceptions for packets involved in connection tracking. The raw table is one of five default tables available when using the iptables command to manage packet filtering and stateful firewall functions.

Secure Copy Protocol (SCP)

is used to copy data to or from a remote host securely over SSH. Whereas SCP is used purely for transferring files, SFTP can transfer files and manage files and directories.

quotacheck -cug

is used to create quota database files for a file system on a storage device and also to check for existing user and group quotas.

source command

is used to execute another command within the current shell process. In this sense, it performs the opposite functionality of the exec command.

brctl

is used to set up, maintain, and inspect the Ethernet bridge configuration on the Linux kernel. An Ethernet bridge is a device commonly used to connect different networks of Ethernet together, so that these Ethernet will appears as one Ethernet to the participants.

container

is virtualized application that runs on a host operating system where it is isolated from other containers.

interruptible sleep state

is when a process relinquishes access to the CPU (central processing unit) and waits to be reactivated by the scheduler. A process typically enters this state when it requests currently unavailable resources.

/proc/mounts

isplays exact same output as the /etc/mtab file, /etc/mtab file is a symbolic link of this file.

/etc/network

it works much like /etc/hosts, but it applies to network addresses and it reverses the order of the names and the ip address on each like

Cron

jobs are administrative tasks that are scheduled to run automatically. Scripts are usually called by the cron daemon to run at its specific set time and/or date.

fdisk

legacy command used to create partitions of the MBR (DOS) type.

kinit

linux command authenticates with Kerberos, granting the user a ticket granting ticket (TGT) if successful. Kerberos is an authentication service that is based on a time-sensitive ticket-granting system.

kpassword

linux command can be implemented to change the user's Kerberos password.

kdestroy

linux command can be implemented to clear the user's ticket cache.

klist

linux command can be implemented to list the user's ticket cache.

timedatectl list-timezones

list available time zones, one per line.

fdisk -l

list the partition tables for the specified devices. if no device are given , those mentioned in /proc/partitions are used.

/usr/lib/modules/[kernel_version]

locations of the kernel modules. to see the current modules, use the command substitution: (ls /usr/lib/modules/$(uname -r)

/opt

locations used for 'optional software, often used by third-party software vendors.

file system

maintains information such as the date of creation and modification of individual files, the size of files on the storage device, the type of files, and permissions associated with files. is a data structure that is used by an operating system to store, retrieve, organize, and manage files and directories on storage devices. provides a structured form for data storage.

parted

modern command used to create partitions of MBR or GPT types.

pam_ldap

module can specify directives that restrict what users can log in to and how they can access resources.

pam_cracklib.so

module contains functionality that prompts a user for a password and will test that password to see if it can be easily cracked in a dictionary attack.

pam_tally2

module is used to lock a user account after multiple authentication failure attempts have been made. However, pam_tally2 does not support user lockout when authentication is done over a screen saver.

required PAM control flag

module result must be successful in order to continue authentication. The user is notified when all tests in the module interfaces are finished.

pam_faillock

module will trigger a temporary user lockout and supports user lockout when authentication is done over a screen saver.

/etc/localtime

on Red Hat based distributions, this is a symbolic link that points back to /usr/share/zoneinfo/<timezone> as the system's time zone setting.

/etc/timezones

on debian based system, this file contains a system configured time zone setting.

Differential backups

only backup files that have changed since the last full backup. These are ideal for file backup scenarios. For a system update, a system-state backup is better suited for system recovery.

IPSec transport mode

only the packet contents are encrypted, whereas the header is not. Transport mode is typically used in remote access VPNs.

IPSec

operates at the network layer (layer 3) of the OSI model, so the protocol is not application-dependent. is a set of open, non-proprietary standards that can be used to secure data as it travels across the network or the Internet.

sudoedit

option is appropriate for files that need to be edited with elevated privileges. This command permits a user to edit a file with their own credentials, even if the file is only available to the root user.

Blob files

or binary large object files, are an example of object storage. Object storage may be more efficient than block storage, especially for larger files. For this reason, the data engineer may choose to use blob files to store large files when the main consideration is performance.

DNF (Dandified YUM)

package manager is an improved version of YUM (Yellowdog Updater, Modified) that supports RPM (Red Hat Package Manager) .rpm packages. It is not a linux distribution.

Fail2ban

prevents brute force attacks, but unlike DenyHosts, it does not focus on any one service. Instead, it can monitor log files that pertain to any system service with an authentication component.

DenyHosts

primarily protects SSH servers from brute force password cracking attacks, by monitoring the authentication log to look for the number of failed login entries based on an IP address.

nmcli dev status

print status of devices

blkid -o list

print the devices is a user-friendly format

du -d, --max-depth=N

print total for a directory (or file, wit -all) only if it is N or fewer levels below command line argument

modprobe

program to add and remove modules from the Linux Kernel

resize2fs

program will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located on device

Datagram Transport Layer Security (DTLS)

protocol essentially implements SSL/TLS over UDP datagrams and is used as an alternative VPN tunneling protocol.

iostat utility

provides overall statistics for block devices and partitions. Using the -d option specifies device information only. The output lists the number of reads and writes per second. A faulty drive might have lower reads and/or writes per second than expected.

Snapshots

record the state of a storage drive at a certain point in time and usually exist on the same drive. They are "checkpoints" that can be easily restored in the event a new system update is causing issues.

&>

redirection operator redirects both the standard output and the standard error message to a file. As an example, ls file1.txt file3.txt &> errorfile.txt (assuming that file1.txt exists and file3.txt does not, the output and errors will be redirected to the file errorfile.txt).

Link aggregation

refers to the combination of resources, such as bandwidth, for the purpose of fault tolerance, redundancy and load balancing.

Absolute path

refers to the complete details needed to locate a file or folder, starting from the root element and ending with the other subdirectories.

sfx_fsr

reorganizes data stored in blocks on an XFS file system. Similar to running a defrag utility on an MS windows file system

ss (socket statistics)

replacement for netstat. This command does not show routing table.

$?

represents the exit code of the last run command.

Image-based backups

save the state of an operating system in an image file format like ISO.

cfq (Complete Fair Querying)

scheduler is the default scheduler for modern versions of the Linux kernel. Its advantage over deadline I/O scheduling is that its services process fairly and provide good performance in most workload situations. The cfq scheduler uses a round-robin system to access each queue.

ping

send a message from one computer to another to check whether it is reachable and active

Virtual Private Network (VPN)

servers enable remote users to connect to the internal company network and access internal resources as if they were physically present at the network location.

syslogd

service is the original syslog service on Linux. It uses TCP instead of UDP, data encryption using SSL/TLS, outputs data to MySQL databases, and filters data based on content.

localectl

set the default system language and character encoding.

timedatectl set-time

set the system clock to specified time. This also update the RTC time accordingly.

timedatectl set-timezone

set the systems time zone to the specified value. This call will alter the /etc/localtime symlink.

nmcli dev show

show detailed information about devices, without an argument all devices are displayed

nmcli connection show

show details for specified connections. By default, both static and active connection data are displayed

ip -s addr

show statistics on configuration interfaces

netstat -ul

show what connections we are using for 'udp' connection

swapon --summary

shows a summary of the swap usage on a system, same information can found in /proc/swaps

netstat -tl

shows what connections we are using to listen for 'tcp' connection

Build automation

specifically emphasizes the initial operating system deployment. One example of build automation is the use of Kickstart files with Red Hat-derived distributions.

/sys/devices/

sub directory presents a hierarchical view of device information and include files that expose details about specific devices.

udevadm control

subcommand can modify the running state of udev.

udevadm trigger

subcommand executes rules that apply to any device that is currently plugged in.

/etc/hostname

system will use this file for a computers hostname. the 'hostnameclt' command will write systems new hostname to this file

timedatectl set-ntp [Bool]

takes a Boolean argument. Controls whether NTP based time synchronization is enabled.

/etc/X11/

ubdirectory contains configuration files for input and output devices that might impact the X.Org Server environment, such as keyboards, mice, and monitors.

lsblk

used to show all block devices on a system and their names

Secure File Transport Protocol (SFTP)

uses an SSH tunnel as a transportation mechanism to encrypt data. SFTP can transfer files and manage files and directories.

mke2fs

utility for creating new ext2, ext3, or ext4 file systems.

iostat

utility generates reports on CPU (Central Processing Unit) and device usage. For storage, it provides input and output statistics for block devices and partitions.

dig

utility is a powerful utility for information gathering and testing name resolution.

tcpdump

utility is another network analyzer or sniffer. Users can determine traffic type and content using this command. The syntax of the command is tcpdump [options] [-i {interface}] [host {IP address}].

xrdp

utility is free and open source utility that constructs a Remote Desktop Protocol (RDP)-like server for non-Windows systems.

dar

utility is similar to tar in that it is used to archive files. It extends upon tar by providing the ability to run incremental and differential archives as well as full archives.

nmgui

utility is the graphical user interface (GUI) for the NetworkManager. This tool will be familiar for end-users and provides a user-friendly way to configure network connections.

ethtool

utility is used to manage NIC driver and network configurations. This tool handles settings such as mode, channel, and frequency but does not handle traffic routing configurations.

network mask

A 32-bit binary mask that separates the network address from the host address in an IPv4 address

gdisk

A Linux partition management utility for partitions in the Globally Unique Identifier (GUID) Partition Table (GPT) format.

netstat

A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports.

NFS (Network File System)

A client/ server application that enables users to access shared files stored on different types of computers and work with those files as if they were stored locally on their own computers. it is one of NAS (Network Attached Storage) protocol.

UTF-8

A coding system for storing characters in bits, extending the 8-bit ASCII coding system to include international characters by sometimes using more than 8 bits.

iwconfig

A command-line utility for viewing and setting wireless interface parameters on Linux and UNIX workstations.

Xorg

A common implementation of X Windows used in Linux distributions. the configuration file for Xorg is /etc/x11/xorg.conf.

TCP (Transmission Control Protocol)

A connection-oriented, guaranteed-delivery protocol used to send data packets between computers over a network like the Internet.

IP (Internet Protocol)

A connectionless Network-layer protocol that is responsible for sending data packets across a network.

ICMP (Internet Control Message Protocol)

A core protocol in the TCP/IP suite that notifies the sender that something has gone wrong in the transmission process and that packets were not delivered.

/etc/mtab

A file that stores a list of currently mounted filesystems. This is a symbolic link to the /proc/mounts file.

/etc/fstab

A file used to specify which filesystems to mount automatically at boot time and queried by the mount command if an insufficient number of arguments is specified.

AppArmor modes

A profile is a component of the AppArmor context-based permissions scheme. AppArmor profiles can operate in one of two different modes. In enforce mode, profile violations are both logged and prevented.

nslookup

A utility that is used to test and troubleshoot domain name servers.

LVM (Logical volume management)

An advantage of LVM is that a logical volume can exceed the size of any one physical device, as long as it doesn't exceed the total size of devices in the volume group. An advantage of LVM is that you can create virtual snapshots of each logical volume so you can quickly and easily revert a volume to a specific state. An advantage of LVM is that you can dynamically create, delete, and resize a volume without having to reboot the system.

Windows Manager

An application that controls the display such as by providing GUI icons, boxes, and buttons.

ext4

An improved version of the ext3 filesystem with an extended feature set and better performance.

arp

command is used to relate IP addresses and MAC addresses. Computers will cache recently resolved MAC and IP address combinations.

ifconfig

Command that displays IP address and other interface-related info

Container images

Containerization virtualizes at the operating system (OS) layer, providing application isolation, even though the applications are sharing a single OS. Containers may be useful for hosting production applications as well as for testing applications by developers.

.bashrc

Contains any user specific aliases and functions

.bash_profile

Contains the user's specific environment and startup programs

GUID Partition Table (GPT)

One of two methods used to organize partitions on a hard drive. A GPT partitioning system installed on a hard drive can support 128 partitions and is recommended for drives larger than 2 TB. Compare with Master Boot Record (MBR).

Device mapping

Device mapping is the name of the process for abstracting physical storage devices into virtual storage devices.

netstat -p

Displays process IDs

dmesg

Displays the contents of the kernel ring buffer. The output of this command typically contains the message produced by the device drivers

StrongSwan

One popular utility for implementing IPSec tunnels for VPN clients

noop

I/O scheduler is the simplest scheduler and does not sort I/O requests, but merely merges them. This can be ideal in situations where the device or its storage controller performs its own sorting operations. It can also benefit devices that don't have mechanical components requiring seek time, like SSDs and USB flash drives, because this scheduler doesn't expend much effort in reducing seek time.

deadline

I/O scheduler performs sorting of I/O operations using three queues: a standard pending request queue, a read first in first out (FIFO) queue, and a write FIFO queue; the latter two of which are sorted by submission time and have expiration values.

ping -6

IPv6 ICMP echo request

Logical Volume Manager (LVM)

It is a system of managing logical volumes or filesystems, that is much more advanced and flexible than the traditional method of partitioning a disk into one or more segments and formatting that partition with a filesystem.

GRUB 2

One of the improvement over older version is that is that it has support for custom graphical boot menus and themes.

8e

Linux LVM Volumes

82 or 8200

Linux Swap partitions

ping6

Linux command-line utility specifically designed to ping hosts with an IPv6 address.

insmod

Older method used to insert modules into the kernel

rmmod

Older method used to remove modules from the kernel

iostat

Report Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions.

id_rsa

SSH authentication file contains the user's private key. You can enter cat .ssh/id_rsa to examine the encrypted private key.

id_rsa.pub

SSH authentication file contains the user's public key. You can enter cat .ssh/id_rsa.pub to examine the public key.

known_hosts

SSH authentication file exists on the client and lists the public keys that the client accepts. In other words, the client uses this file to authenticate servers.

ssh-add

SSH key command adds private key identities to the SSH key agent. If the key is protected by a password, the user only needs to enter the password once, and the agent will automatically authenticate the user.

ssh-copy-id

SSH key command appends user's public keys to the remote server's authorized_keys file so that the server can authenticate the user's private key.

mask

Systemctl subcommand prevents a provided unit file from being enabled or activated, even when done manually.

aa-unconfined

The AppArmor command, is used to configure an AppArmor environment and is used to list processes with open network sockets that don't have an AppArmor profile loaded.

ext3

The Linux file system that was the first to support journaling, which is a technique that tracks and stores changes to the hard drive and helps prevent file system corruption.

vmlinuz

The Linux kernel file, compressed version of vmlinux. it is capable of loading the OS into memory so that computer becomes usable and loaded as part of the kernel boot loader.

X Forwarding

The X Window System is network-aware and can enable clients to access Graphical User Interface (GUI) elements over a network. It is possible to forward X traffic through a Secure Shell (SSH) tunnel.

/etc/securetty

The ability to restrict users to login as root on any terminal other than console is controlled with the _____________ file.(Linux)

mount -a

The auto will read the /etc/fstab file

resource exhaustion

The available file descriptors have all been consumed.

/boot directory

The directory that contains the Linux kernel and files used by the boot loader data block.

TZ

The environment variable TZ={time zone} specifies the system time zone. This is an alternative to using commands like date or timedatectl to set the time zone.

exec command

The exec command is used to execute another command, replacing the current shell process with this new program's process (no new process is created).

fuser

The fuser command displays the list of processes that are using files and sockets.

UDP (User Datagram Protocol)

a "stateless" connection between two hosts. Data packets are sent to destination without any verification that they were receive. The side effect of this type of communication is that there is less network overhead than TCP connection.

ASCII

a code for representing English characters as numbers, with each letter assigned a number from 0 to 127

Virtual Network Computing (VNC)

a cross-platform remote desktop service that enables full remote control of a desktop environment. VNC consists of its own client and server applications.

degraded storage

When a storage drive in a RAID array has failed

Network Gateway

a device that allows one LAN to be linked to other LANs or to larger networks

Broadcast Address

a dotted-decimal number that represents all hosts in an IP network

inode

a inode (index node) stores information about files and folders, such as: permissions, ownership, and file type.

tracepath

a modern replacement for the traceroute command, but uses UDP packets instead of ICMP

relative path

a path that begins at the current working directory.

stat --format=%i <file or directory name>

You can also display the inode of a single file or directory. To display the inode of a file, type the following command.

export

You can effectively change a shell variable into an environment variable by using this command.

nmcli connection up

activate a connection

nmcli con modify

add, modify or remove properties int eh connection profile. to set the property just specify the property name followed by the value. an empty value ("") removed the property value

umount -l

aka lazy unmount, n which the file system is detached from the hierarchy, but references to that file system are not cleaned up until the file system is no longer being used.

arp

command is used to relate IP addresses and MAC addresses. Computers will cache recently resolved MAC and IP address combinations. If a computer has cached incorrect or out-of-date information, connectivity may be lost to a node. The ARP cache can be cleared as part of the troubleshooting process.

IPSec tunnel mode

both the packet contents and header are encrypted. Tunnel mode is typically used in site-to-site VPNs.

/

bottom of the directory tree, the 'root'

wget

command is used to retrieve files via HTTP/S (Hypertext Transfer Protocol/Secure) and the FTP (File Transfer Protocol). This command is capable of downloading files recursively.

fdisk -l <device>

can be used to list out partition information on the specified disk

mount

can be used to mount partitions to directories, or show all existing mounts without any options.

fsck

check and repair a Linux filesystem. Can be invoked via command, and configured in /etc/fstab. Device must be unmounted before a check can run.

chkconfig

command can be used to control services in each runlevel. It can also be used to start or stop services during system startup.

make

command compiles the source code using the information in the makefile. This makes the compile code executable on another system.

lvcreate

command creates logical groups in a volume group created by vgcreate. A file system is created on the logical volume and then a mount point, usually a directory, is mounted to the logical volume.

vgcreate

command creates volume groups using a special block device that was configured by pvcreate.

iftop

command displays bandwidth usage information for the system, helping to identify whether a NIC or protocol is consuming the most bandwidth.

iftop

command displays bandwidth usage information for the system, helping to identify whether a NIC or protocol is consuming the most bandwidth. This command can help you identify why a link may be slow by showing the traffic on that connection.

modinfo

command displays information about a particular kernel module, such as the file name of the module, license, description, author's name, module version number, dependent modules, and other parameters or attributes.

sar

command displays system usage reports based on data collected from system activity regarding CPU usage only. By default, the sar command reports CPU usage in 10-minute intervals.

lsmod

command displays the currently loaded kernel modules, their sizes, usage details, and their dependent modules.

vmstat

command displays various statistics about virtual memory, as well as process, CPU, and I/O statistics.

journalctl

command enables you to view and query log files created by the journal component of the systemd suite. Log information is collected and stored via the systemd journald service.

:!

command executes a command and displays the result in the Vim interface. The syntax is :!{any Linux command}.

pvcreate

command initializes a drive or partition to use as a physical volume with the Logical Volume Manager (LVM).

mtr

command is a combination of ping and traceroute, with additional improvements to enable testing of the quality of a network connection.

mtr

command is a combination of ping and traceroute, with additional improvements to enable testing of the quality of a network connection. The mtr -c 5 google.com command will test connectivity to Google's website, with a ping count of 5.

curl

command is a method that is used to access and retrieve files from a website. It is not capable of downloading files recursively.

mdadm

command is a tool used to manage software-based Redundant Array of Independent Disks (RAID) arrays. The mdadm tool enables you to create, manage, and monitor RAID arrays.

virsh

command is an interactive shell to manage KVM (Kernel Virtual Machine) virtual machines.

tracepath

command is like traceroute but does not require administrative privilege. It outputs a list of the nodes along the network path, each node's name or IP address, round trip time, and (maximum transmission unit) MTU information.

aa-complain

command is one of the major commands that you can use to configure an AppArmor environment. The aa-complain command places a profile in complain mode.

free

command is used for only memory usage statistics. It parses the /proc/meminfo file to gather information. Its default behavior is to display information about system memory and swap space.

abrt-cli

command is used to configure the Automatic Bug Reporting Tool (ABRT) service. ABRT is used to analyze and report on problems detected during system runtime including device problems.

rsync

command is used to copy files locally and remotely over SSH. Its real power lies in its efficient use of network bandwidth; instead of copying all files, it only copies differences between files.

setquota -g

command is used to create a storage quota for a group. The syntax is setquota -g {groupname}.

edquota -g

command is used to edit an existing storage quota for a group. The syntax is edquota -g {groupname}.

setquota -u

command is used to edit an existing storage quota for a user. The syntax is setquota -u {username}.

nmcli connection down

deactivates a connection

Pluggable Authentication Modules (PAM)

define the underlying framework and centralized authentication method leveraged by authentication services like Kerberos and LDAP.

SELinux security policy

defines access parameters for every process and resource on the system. It enforces rules for allowing or denying different domains and types to access each other.

nmcli connection delete

delete a connection

Context-based permissions

describe multiple types of information about processes and files that are used in combination to make decisions related to access control. SELinux and AppArmor are the two main context-based permission schemes.

/boot/efi

directory contains boot files for an EFI system partition (ESP), which is a required partition for systems that boot from Unified Extensible Firmware Interface (UEFI). It contains a boot loader, device driver, and system application files that are executed by UEFI. Boot loader files are typically named with a .efi extension.

/boot/grub2

directory contains configuration files for a type of boot loader called GRUB 2. GRUB2 configuration directory, inside this directory, lives the "grub.cfg" file

/boot/grub

directory contains configuration files for a type of boot loader called GRUB. legacy GRUB configuration directory, inside this directory, lives "menu.lst / grub.conf file. These files are used to build a menu of choices display on boot.

/etc/grub.d/

directory contains scripts that are used to build the main grub.cfg file. Each script provides various functions to GRUB 2 and is numbered so that the scripts can execute in a sequence.

/usr/lib/modules/

directory contains the modules of different kernel version that are installed. you need to drilled into the directory belonging to the the current kernel version to find the installed drivers.

/usr/lib/modules/`uname -r`/drivers/

directory contains the modules of different kernel versions that are installed. It holds a directory named after the kernel's version number. Inside this directory, modules are stored across various subdirectories based on the categories to which they belong.

/pro/sys

directory lists the parameters that you can configure on your system.

/etc/modprobe.d/

directory location where kernel modules can be listed in blacklist files, preventing the kernel from loading them. ll files underneath the /etc/modprobe.d directory which end with the .conf extension specify those options as required.

/etc/profile.d

directory serves as a storage location for scripts administrators may use to set system-wide variables.

/etc/skel

directory with configuration files or other content. This content is copied to new user home directories when the useradd command is used.

stat

display file or file system status.

ip addr show

displays IP address information

Traceroute

displays a listing on the 'hops' a packet will traverse to get to a destination. used to verify network routing and look for breaks in network communication

ip route show

displays routing table

blkid

displays the file systems universally unique identifier(UUID)

umount -f

forces a file system to be unmounted despite any detected issues. This command would attempt to kill the processes running on the file system.

Remote Secure Shell (SSH)

forwarding sends inbound client traffic to a server off to another system on a different port.

Local Secure Shell (SSH)

forwarding tunnels a local client connection on a port to a remote server. An example is remotely accessing a system over the Internet like Virtual Network Computing (VNC).

ioping

generates a report of device latency in real-time.

File Hierarchy Standard (FHS)

he Filesystem Hierarchy Standard (FHS) defines the directory structure and directory contents in Linux distributions.

Arithmetic operators

include addition, subtraction, multiplication, division, and other more advanced mathematical operations.

OVF (Open Virtualization Format)

template contains the necessary configuration files and packages for virtual machines and network devices. These files may be used in the deployment of virtual machines in a virtualized environment. They are made up of multiple files and all are required to be successfully deployed.

OVA (Open Virtualization Appliance)

template refers specifically to a single package representing the network appliance, usually stored in a different format, such as a .tar file. Transferring a single file template is much easier than a template format with multiple files such as an OVF template.

swap space

temporary storage that acts like RAM. When a percentage of RAM is full, the kernel will move less used data to this file

a pseudo-file system

that is dynamically created whenever it's accessed. it's used to access process and other system information from linux kernel.

private virtual network

the VM is connected to a virtual switch that permits network communication with other virtual machines and with the host operating system, but no network connectivity to the physical NIC.

public virtual network

the VM is connected to a virtual switch that permits network communication with other virtual machines, the host operating system, and the physical NIC (Network Interface Card).

/boot

the boot volume for GRUB, the kernel and related files are stored here

/usr/share/zoneinfo

the directory that contains all the available time zones that a computer could potentially use for its settings.

uninterruptible sleep state

the process will only wake when the resource it's waiting for is made available to it. Otherwise, it will stay in its sleep state. This state is common for processes that perform storage or network I/O (input/output).

/var

the variable location, log files and dynamic content (such as web sites) are often found here

internal virtual network

the virtual machine (VM) is connected to a virtual switch that permits network communication with other virtual machines, but not network communication with the host operating system or the physical NIC (Network Interface Card).

lsinitrd

this command allow you to view the contents of an initramfs file

ifup

this command is used to bring up a interface

Host

this command is used to resolve domain names to ip address. not installed by default, need to install the bind-utils package

ifdown

this command used to bring a interface

Dracut

this command will create a new initramfs for kernel on the system. It can be used to add or remove modules and drivers from initramfs builds

Date

this command will display the current date and time in multiple formats, and to set the date and time.

timedatectl

this command will display the current date and time settings, and will allow the updating of the system time RTC (real time aka time on the mother board) clock.

/etc/resolv.conf

this file contains the ip address of DNS name servers that the host will use for name resolution

tzselect

this is a menu driven command that will assist in finding a region's time zone.

nmcli con

this is short for 'connection' which contains the network configuration settings assigned to a particular device. we assign our IP and DNS settings to a connection

nmcli dev

this is short for 'device' which is the physical hardware (such as network interface card) that we use to connect to the network

nmcli

this is the command utility used for configuring network devices and their connections settings.

route

this utility will display the routing table, add, and delete routes. It has been replaced by the ip route command


Set pelajaran terkait

Chapter 29 Promoting Urinary Elimination

View Set

Media 401 Ch 4 Forums of Freedom

View Set

American Psychological Association Code of Ethics

View Set

Exam 4 - Chapter 23 Patients with Gastric & Duodenal Disorders

View Set

Chapter 9: Altered Acid-Base Balance

View Set

MINNESOTA LAWS, RULES, AND REGULATIONS COMMON TO LIFE, HEALTH, PROPERTY, AND CASUALTY INSURANCE

View Set

Drug Therapy For Disorders of the Ear

View Set

CCNA 1 v7.0 Modules 4 - 7: Ethernet Concepts Exam

View Set