Operating Systems and You
sudo fsck /dev/sda
(linux) filesystem check command to repair a file system manually. Just make sure the filesystem isn't mounted.
flappy_app_code
(linux) the actual software code
ps -ef (linux)
-e flag is to get all processes (even those being run by others) and the -f flag is to get full details about a process
Another command you can use if you want to know how much free space you have on your machine (linux) is...
... the df command, or disk free.
archive types
.tar, .zip, .rar
Where are device files created in Linux?
/dev
Where are linux logs stored?
/var/log
How to troubleshoot logs
1. Look for something specific, such as the word "error" 2. Check the timestamps
GPT
2TB or greater volume size Only one type of partition unlimited partitions
FAT32 shortcomings
4GB max file size 32GB max file system
SCP (Secure Copy Protocol)
A command you can use in Linux to copy files between computers on a network. Utilizes SSH to copy data.
Clonezilla
A disk cloning tool that can be used to backup and restore a single machine or many machines simultaneously
dd Linux command
A lightweight tool that is also used to clone a drive and copy files
Load average
A measure of the demand for CPU time by running programs. A load average of 0 means no demand for CPU time; 1 represents a single program placing constant demand on the CPU; and values higher than 1 represent multiple programs competing for CPU time. (On multi-core CPUs, the load average can equal the number of cores before CPU-time competition begins.) The top and uptime commands both pr
apt (Advanced Package Tool)
A package manager for the Ubuntu operating system, used to increase the functionality of dpkg. 1. Installs package dependencies 2. Makes it easier to find packages to install 3. Cleans up packages we don't need
Symantec Ghost
A popular commercial imaging tool
Before we can install any packages we need to...
Add a package source that tells our computer where it can find the packages we want to install.
mstsc.exe (Microsoft Terminal Services Client)
Allows you to create RDP connections to remote computers.
Resource Monitoring Tool
Allows you to see on Windows how the system resources are doing.
OTA Updates
An update that is downloaded and installed by the mobile device itself
Windows store
Application repository where you can install universal windows apps
Programs
Applications we run, like the Chrome web browser
How does apt work for installations?
Apt grabs the dependencies that are required automatically and asks us if we want to install it
PS -ef (linux)
Command that looks at process information.
Compress-Archive-Path C:\Users\Cindy|Desktop\CoolFiles\ ~\Desktop\CoolArchive.zip
Compress files into archive from the Windows command line
Archive
Comprised of one or more files that's compressed into a single file
Cumulative Update Model
Computer only needs to install one update and is good to go, usually scheduled
Disk to disk cloning
Connect your hard drive to the disk you want to clone
What does it mean to have dependencies?
Counting on other pieces of software to make an application work, since one bit of code depends on another in order to work
mklink /H file_1_hardlink file_1
Creates a hard link
.deb
Debian package for Ubuntu
What command do you use to execute the Sysinternals package?
Find-Package sys internals -IncludeDependencies If an error arises, you tell Powershell where you can find this package... Chocolatey
taskkill /pid 5856
Finds and halts a process using a ProcessID (PID). Sends termination signal to the process identified by the PID.
sudo mkfs -t ext4 /dev/sdb1
Format the partition with the filesystem.
How would you display the top three processes using the MOS CPU? (Windows PowerShell)
Get-Process | Sort CPU - descending | Select -first3 -property ID, ProcessName, CPU This will give us the top 3 CPU hogs on the system
uname
Gives us system information -r tells us what kernel version you have
Virtual memory
HOW OUR OS PROVIDES THE PHYSICAL MEMORY AVAILABLE ON OUR COMPUTER TO THE APPLICATIONS THAT RUN ON THE COMPUTER. IT CREATES A MAPPING OF VIRTUAL TO PHYSICAL ADDRESSES. Gives us the ability to use more memory than we have installed by using blocks of data called pages. When a particular page of data isn't being used by an application, it gets "evicted" by being copied out of memory onto the hard drive. This is because accessing data on RAM is fast, faster than data on the hard drive. Thus, RAM has the most commonly accused data pages and other stuff is on the disk (where the OS can still get to it, albeit more slowly).
Windows Memory Manager
Handles mapping virtual and physical memory into managed paging.
PPA software
Isn't as vetted as other repositories, so be careful because software could be malicious
What does Orca do?
It can help you edit or create Windows Installer packages
How does the Windows Installer interact with an .msi file?
It uses the information stored in the tables in the .msi database to guide. how the installation should be performed. It will keep track of all the actions it takes and create a separate set of instructions to undo them, this is how it creates a way to uninstall programs.
/var/log/syslog
Keeps track of pretty much every log on the system. Does NOT log "off events"
Kill (Linux Command)
Kills a process by ID (kill 1832). Sends a termination signal (SIGTERM) which will kill the process but give it some time to clean up the resources it was using. Otherwise, there might be file corruption.
SIGKILL (kill - KILL -[number]) (linux)
Kills the process without giving it time to clean up. A last resort to terminating a process, so you could do more harm than good.
RPM packages
Linux Red Hat
DISKPART > list disk
Lists disk on hard drive
Are .msi files simple files?
No, they are a combination of databases that contain installation instructions s in different tables along with all the files, objects, shortcuts, resources, and libraries the program will need grouped together.
Task Manager (taskmgr.exe)
One method of obtaining process information CTRL-SFT-ESC
If you're curious about the details of what goes into an .msi file or create a Windows Installer package yourself, check out...
Orca.exe
How do you fix a dependency error in Linux?
Package Managers
PPID (linux)
Parent iD that launched process
Partition
Part of the disk that you can manage
Symbolic links
Pointers to other files; they can point to items on other drives or other parts of the network and don't affect the link count. The OS treats them as substitutes to the file they point to in almost every meaningful way.
Get-Process
Powershell way of finding process information
PID (linux)
Process ID
Daemon processes
Processes that run in the background that the system needs to function
SIGINT (windows & linux)
Signal interrupt CTRL+C
Linux hardlinks
Similar to Windows, hardlinks don't point to a file. In Linux, they link to an inode which is stored in an inode table on the file system. Essentially, when you're creating a hardlink, you're pointing to a physical location on disk or more specifically on the file system. But if you deleted a file of a hardlink, all other hardlinks would still work. Hardlinks are great if you need to have the same file stored in different places, but you don't want to take up any additional space on the volume. This is because all the hardlinks point to the same space on the volume.
Security Patch
Software that's meant to fix up a security hole
How to use Chocolatey
Specify that the source of the package should be the Chocolatey repository. Find-Package sys internals -IncludeDependencies Install-Package -Name sysinternals
FAT32
Supports reading and writing data to all three major operating systems
Partition table
Tells the OS how the disk is partitioned
TTY (linux)
Terminal associated with process
kill -TSTP -[processID] (linux)
Terminal stop. This puts your process in a suspended state. You can also use CTR + Z.
pagefile.sys
The Windows swap file that is used to hold the virtual memory that is used to enhance physical memory installed in a system. Uses memory manager to copy pages of memory as needed.
Logging
The act of creating log events
NPM (K) (Windows PowerShell)
The amount of non paged memory that the process is using
MUI
The multilingual user interface is used in Windows operating systems. It allows multiple languages to be used on a single interface.
cmdlet
The name we give to windows Powershell commands that use the verb-noun format
What is the smss.exe process?
The smss.exe process is in charge of setting some stuff up for the OS to work. It then kicks off the log-in process called winlogon.exe appropriately enough, along with the Client/Server Runtime Subsystem called csrss.exe, which handles running the Windows GUI and command line council.
When processes are run...
They take up hardware resources like CPU and RAM
Chocolatey
Third party package manager for Windows. Lets you install windows applications from the command line. Lets you install anything that exists in the public Chocolatey repository.
uptime command (linux)
This command shows information about the current time, how long your system's been running, how many users are logged on, and what the load average of your machine is.
EventViewer (eventvwr.msc)
This is where the events logged by the Windows operating system are stored
df -h
This shows you the free space available on your entire machine. The -h flag gives you the data measurements in human readable form.
What does the Manifest do?
This tells Windows to load the appropriate library from the SxS folder.
Kill -CONT -[ProcessID]
This will re-activate the process
/proc (linux)
To view the files that correspond with processes
APPX
Used to package contents and acts as a unit of distribution, specifically used on windows apps from the windows store
UID (linux)
User ID of person who launched process
Register-PackageSource -Name chocolatey -ProviderName Chocolatey -Location http://chocolatey.org/api/v2
Verify sources of software are now good to go (via chocolatey) with this command
Session Manager Subsystem
When Windows boots up or starts, the first non-kernel user mode that starts is the Session Manager Subsystem or smss.exe.
data buffer
When we read or write something to a drive, we actually put it into a buffer, or cache, first. This is a region of RAM that's used to temporarily store data while it's being moved around. So when you copy something from your OS to your USB drive, it first gets copied to a this because RAM operates faster than hard drives. So if you don't properly unmount a file system and give your buffer enough time to finish moving data, you run the risk of data corruption.
Hard Link
When you create a hard link in NTFS, an entry is added to the MFT that points to the linked file record number, not the name of the file. This means the file name of the target can change and the hard link will still point to it. You can create hard links in a way that's similar to symbolic links, but with the /H option. Since a hard link points out the file record number and not the file name, you can change the name of the original file and the link will still work.
init
When you startup your computer, the kernel creates this process, which has a PID of 1
.msi
are packages that the Windows Installer uses to install, maintain, and remove programs on Windows. MSI files are used by the Windows Installer to control how your application is installed.
DISKPART > create partition primary
blank partition for windows filesystem
What is the Device Manager called on Windows?
devmgmt.msc
list debian packages installed on the machine
dpkg -l
How to view the disk utilization on your computer (linux)
du -h
In Linux, where do you add a package or repository link?
etc/apt/sources.list
Default filesystem for Linux (Ubuntu)?
ext4
DISKPART > format FS-NTFS label =my-thumb-drive quick
formatted a USB drive from the command line in Windows
file record number
index of a file's entry in the MFT
DISKPART > active
indicates the selected npartition is active
When we install files from a source archive is called...
installing from source
side-loading
installing mobile apps directly without using an app store
mklink file_1_symlink file_1.txt
making a symbolic link to file1 in the command line Windows
mdm service
mobile device management service
sudo mount /dev/sdb1 /my_usb
mounts a disk to the filesystem
C (linux)
number of children a process has
metadata
owner/persissons/size/etc
STAT (linux)
process status (r = running, t = suspended, s = interruptable sleep, waiting for something else to complete before it resumes)
tar command
program is used to create, maintain, modify, and extract files that are archived in the tar format. stands for tape archive. It is an archiving file format. tar was originally developed in the early days of Unix for the purpose of backing up files to tape-based storage devices. It was later formalized as part of the POSIX standard, and today is used to collect, distribute, and archive files, while preserving file system attributes such as user and group permissions, access and modification dates, and directory structures.
sudo parted /dev/sdb
runs the parted tool
grep
search if a package is installed, see what process is running
dpkg -l | grep [name]
searching for a particular debian package in a list
sudo mkswp /dev/sdb2
where our new swap partition will be (linux)
Character devices
(Keyboard or mouse) transmit data character by character
Windows SDK (software development kit)
(Orca is a part of this)
Installation packages that use the MSI format have...
... a set of rules and standards they need to conform to so the windows installer system can understand their instructions and perform installations
PuTTY (Windows)
...A free open-source software that you can use to make remote connections through several network protocols including SSH. You can visit the PuTTY website to download the entire software package with a Microsoft installer.
If you install a standalone package in Linux...
...You won't automatically install its dependencies
Linux shortcuts
...are referred to as softlinks, or symlinks. They work in a similar way symbolic links work in Windows, in that they just point to another file Softlinks allow us to link to another file using a file name. They're great for creating shortcuts to other files.
When the hardlink count of a file reaches zero on Linux...
...then the file is completely removed from the computer.
Linux. To create a softlink...
...we can run the command ln with the flag -s for softlink. So ln-s important_file important_file_softlink.
Linux. To create a hardlink...
...we can run the ln command without the -s to specify a hardlink. So, ln important_file important_file_hardlink. Now, if we check ls-l important_file, we'll see that the hardlink count was increased by one
Kernel module
A portion of the kernel that you can load and unload to add or remove functionality. You can install this for a specific device as well. Not all kernel modules are drivers, though.
AAH (secure shell)
A protocol implemented by other programs to securely access one computer from another
setup_script
A script file that will run on the computer (linux) in order to set up a package. Tells us how to install a package.
Sysinternals package
A set of tools released from Microsoft that help troubleshoot problems that arise on Windows computers. You can download this package from the Microsoft website.
Personal Package Archive (PPA)
A software repository for uploading source packages to be built and published as an Advanced Packaging Tool (APT) repository by Launchpad
Side by side assemblies (SxS)
A solution to DLL hell. To fix it, most shared libraries and resources in windows are managed by SxS. These shared libraries are stored at C:\Windows\WinSxS. This system also supports access to multiple shared versions of the same library. So, when you install new software you don't pull the rug out from under programs you've already got.
Hardware ID
A special string of characters that vendors or hardware manufacturers will assign to their devices
Dynamic-link libraries (DLL)
A term used in Windows to describe Libraries. The same one can be used by lots of different programs, less memory overall is used.
Parted
A tool that can be used in two modes - interactive (launched into a separate program, like using the 'less' command) or command line, which entails running commands while in the shell.
Process Explorer
A utility Microsoft created to let IT Support Specialists, sysadmins, and other users look at running processes
Library
A way to package a bunch of useful code that someone else wrote into a single unit
Signal (linux)
A way to tell a process that something has just happened
Launchpad
A website owned by the organization Canonical Limited. It allowed open source software developers to develop, maintain, and distribute software.
Trim
Because defragmentation is less of a benefit for solid state drives, since there's no physical read write head that needs to move around a spinning disk, for these kinds of drives, the operating system can use this process to reclaim unused portions of the solid state disk.
Package Managers
Come with the works to make package installation and removal easier, including installing package dependencies
Command/CMD (linux)
Command that the process is currently running
In Windows, Microsoft groups all of the devices and drivers on the computer together in a single Microsoft management console called the...
Device Manager
Updating device drivers for Linux
Device drivers are sometimes part of the Linux kernel, which handles the interaction with hardware. A lot of hardware support is built into the kernel so it automatically works.
net share
Displays local shares, including administrative and hidden in the Windows Powershell
sudo swapon /dev/sdb2
Enables swap on the device (linux)
Data corruption
Errors in computer data that occur during transmission, retrieval, or processing, introducing unintended changes to the original data.
In Linux, processes have a parent-child relationship. This means that...
Every process you launch comes from another process.
.exe
Executable file, they give instructions for the computer to execute when they're run "perform this operation". This is based in Window's PE (portable executable) format. An executable that may have an MSI file as one of its resources.
When we launch a process, we are...
Executing a program
check disk
Finally, when things get really bad and there's some serious or catastrophic disk corruption, like bad disk sectors, disk failures, and more, you can turn to the NTFS check disk utility. The recovery features NTFS has built into it mean that you don't usually need to run check disc. But it's available in emergencies. To run check discs manually, you can open up an administrator command prompt and type check disc onto the command line. By default, check disc will run in read-only mode. So it'll give you a report on the health of the disk, but won't make any modifications or repairs to it. You can tell check disk to fix any problems it finds with the /F flag.
Other ways to access files with NTFS
Hard links & symbolic links
Windows Package Manager
Help install and manage dependencies that your software needs to use
putty.exe -ssh [user]@[ip]
How to create an ssh connection to on the Windows Powershell
How does an .exe get installed in windows?
If it contains code for a custom installation that doesn't use Windows Installer system, it will be unclear. You won't be able to look at the source code to see what it is doing.
Get-Process (Windows PowerShell)
If we run this without any flags or options, we get process information for each running process on the system
Fsutil repair query
If you want to check the status of the self-healing process on your computer, you can open up an administrative command prompt and use the fsutil tool,
Inodes
In Linux, metadata and files are organized into a structure called an inode. Inodes are similar to the Windows NTFS MFT records. We store inodes in an inode table and they help us manage the files on our file system. The inode itself doesn't actually store file date or the file name, but it does store everything else about a file.
Environment
In Windows, each new process that's created needs a parent to tell the operating system that a new process needs to be made. The child process inherit some things from its parent like variables and settings, which we can collectively refer to as an environment.
lsof command (linux)
Lists open files and what processes are using them
Find-Package
Locate software and its dependencies in the command line
Package Manager
Makes sure that the process of software installation, removal, update, and dependency management is as easy and automatic as possible
Mounting
Making something accessible to the computer, like a filesystem of a hard disk
If an application needs to use a shared library to perform a task, that library will be specified in the...
Manifest
/sev/sda or /sdb or /sdc
Mass storage devices
Two major partition schemes used:
Master Boot Record (MBR) and GUID Partition Table (GPT), these decide how to structure the information on partitions
Centralized Logging
Multiple logs that are aggregated in a central location or centralized for consolidation.
Default filesystem for Windows?
NTFS
cat etc/fstab
Needs to be modified in order to mount a disk. This is where filesystem mount points are kept, in addition to more information necessary for mounting.
mkpart primary ext4 1MiB 5GiB
Needs to include three pieces of information: 1. What type of partition we want to make 2. What filesystem we want to format 3. The start of the disk and the end of the disk
Processes
Programs that are running
RDP
Remote Desktop Protocol
sudo apt remove gimp
Removing a package with apt (also removes dependencies)
c:\users\cindy\Desktop\hello.exe
Running an .exe file/package from the command line
The Windows Update Client Service
Runs in the background to download and install updates to the operating system. If it finds updates, it'll download them if you allow permissions.
Configuration Management Tools
SCCM Puppet
Package Repository
Servers that act as a central storage location for packages.
mklabel [gpt]
Sets the disk partition table
top command (linux)
Shows us the top processes that are using the most resources on our machine
ps -x (linux)
Shows you a snapshot of current processes running on the system
Process Monitoring
Shows you any activity the installation executable is taking (the files it writes and process activities it performs)
sudo blkid
Shows you the UUID for block (storage) device IDs
Package archives
The core or source software files that are compressed into one file
master file table (MFT)
The database used by the NTFS file system to track the contents of a volume or logical drive. Attributes of a file includes: file name timestamp permissions compression location, etc
Linux Swap Space
The dedicated area of the hard drive used for virtual memory
What does the du command show on linux?
The du or disk usage command shows us the disk usage of a specific directory. If you don't specify a directory, it'll default to your current one. The -h flag gives you the data measurements in human readable form. You should use the du command if you want to know how much data space is being used by files in a directory.
Defragmentation
The idea behind disc defragmentation is to take all the files stored on a given disk and reorganize them into neighboring locations. Having files ordered like this will make life easier for rotating hard drive disks that use an actuator arm to write to and read from a spinning disk. The head of the actuator arm will actually travel less to read the data it needs.
Diskpart
Tool for managing disk space directly from the Windows CLI
Time (linux)
Total CPU time the process has taken up
Block devices
USB drives, hard drives, and CDROMs Transfer blocks of data. A data block is just a unit of data storage.
How to uninstall a package
Uninstall-Package -Name sys internals
ProcessID
Unique process identifier
sudo apt update
Updates the list of packages in repositories so you get the latest software available.
PuTTY Secure Copy Client (scp.exe)
Use it to copy files in a very similar way to the Linux SCP command
How do you extract a file using 7zip on Linux?
Use the command 7z and the flag -e for extract, and then the file you want to extract For example: 7z -e my_archive.tar
/?
Use this when running a package from the command line to see what kind of subcommands the package might support
Driver
Used to help our hardware devices interact with our operating system
Filesystem
Used to keep track of files and file storage on a disk
What is the problem with dpkg?
While this is easy to use, it doesn't install package dependencies for us
Sudo apt upgrade
Will automatically upgrade updated packages once apt-update is installed
7-zip
Windows and Linux unarchiving open source tool
Unlike in Linux...
Windows processes can operate independently of their parents
DISKPART > select disk [number]
Windows selects disk being partitioned
MBR (Master Boot Record)
Windows, primary partitions (max 4), 2TB max volume size. Partitions can become sub partitions.
System Properties
Windows. A way to modify the size, number and location of paging files. A control panel applet .
enterprise app management
allows you to install custom apps designed by or for the organization and aren't available for the general public
shortcut
another file and another entry in the MFT, but it has a reference to some destination so that when you open it you are immediately taken to that destination
sudo parted -l
lists out the disks connected to the computer and their size
DISKPART > select partition one
select partition
What does the /var directory contain?
spools and log files. Because "var" is short for "variable" logs that constantly change are kept in this directory.
Using SSH (Linux)
ssh cindy@[ip]
Mobile apps are...
standalone software packages, so they contain all their dependencies
STIME (linux)
start time of process
How to install something with apt
sudo apt install gimp
How to update the kernel?
sudo apt update sudo apt full-upgrade
How to install a standalone debian package
sudo dpkg -I xx.deb
Uninstall a debian package
sudo dpkg -r xx.deb
Command Prompt way of finding process information
tasklsit shows all running processes
data
the actual contents of the file
log rotate
the utility to edit log rotation settings so that you can customize when/when not to delete things
sudo umount dev/sdb1 or my_usb
unmounting a filesystem