All Flashcards
(319 cards)
1
Q
what’s ldd
A
see where are the shared libraries of a command. ld.so is the service that permits that
2
Q
whats the package managers of debian
A
apt , which use “ dpkg “
3
Q
difference between remove vs purge in package managers :
A
remove vs keep conf files.
4
Q
where are the APT repositories
A
/etc/apt/sources
5
Q
whats the APT repo types (4)
A
- Main : Cannonical supported free and open source packages
- Universe : Communiy-maintained free and open source packages
- Restricted : Propreitary driver packages
- Multiverse : Software with copyrights/legal issues
6
Q
whats the package managers of Red Hat
A
yum , which use the “ rpm “
7
Q
How’s the graphical overlay for rpm called
A
gnorpm
8
Q
where is the rpm database located?
A
/var/lib/rpm
9
Q
In RPM, whats the difference between using the longname vs shortname packages?
A
shortname for latest version and if no confilct exist. longname otherwise (with version number)
10
Q
what’s the two checks for package integrity in rpm
A
MD5 (package integrity) PGP (identity of distributor)
11
Q
how to check or import a rpm package signature :
A
-K = verify signature -rpm –import [URL]
12
Q
What’s DNF?
A
the next-gen, python based version on yum. it is more reliable and consistent and easyer to configure.
13
Q
What’s the SUSE equivalent of yum?
A
zypper
14
Q
What’s used for synching a mirroring repos between many SUSE systems
A
Repository Mirroring Tool (RMT)
15
Q
difference between OVA vs OVF
A
each OVF file is always only 1 VM. OVA can contain one on more OVF files.
16
Q
difference between thin vs thick VM provisioning
A
thin is the disk space is declared, but isnt all allocated at the beginning
17
Q
what’s the 4 stages of the Linux boot process
A
- Boot loader phase
- Kernel phase
- Early user phase (initial RAM disk)
- Init process
18
Q
hows the old method for providing an early user space filesystem called?
A
initrd, which is creating a /dev/ram device, with mkinitrd [image] [kernel]
19
Q
how’s the newer method for providing an early user space filesystem called?
A
initramfs, which use the dracut [imgfile] to create a initial filesystem inside the RAM
20
Q
Name of the improvement on PXE that enables more boot options.
A
iPXE
21
Q
what are 4 bootloaders of linux?
A
- LILO : old and less-configurable
- GRUB : v1 or v2, the one of choice (almost always GRUB2 now).
- SYSLINUX : other boot loader, not seen much anymore since UEFI
- Loadlin.exe : Linux boot loader that runs under DOS or Microsoft Windows. It allows the Linux system to load and replace the running DOS/Windows without altering existing DOS/Windows system files.
22
Q
how do you count the Partition vs the devices
A
partitions are counted from 1 and devices from 0 (only exception is GRUB1 that count devices from 1)
23
Q
difference vmlinux vs vmlinuz file?
A
vmlinuz (compressed) vmlinux (not compressed)
24
Q
What key to press to access cmd line in grub
A
C
25
name of the utility that allows you to inspect performance statistics regarding system bootup as well as current state information
systemd-analyze
26
command that allows you to find culprit for bootup issues
systemd-analyse blame
27
journal, networking, and logging daemons name for systemd
journald, networkd, logind
28
what are 'units' and what are their file extension?
"units" are files that represents the config of a service in systemd, they are ".service" files
located at (in order of precedence) :
• /usr/lib/systemd/system/ : installed with the distribution
• /run/systemd/system/ : Units that have been created at runtime
• /etc/systemd/system/ : Controlled by the sysadmin, have precedence over all other units!!! (this is where units are created when using systemctl enable)
29
how does systemd start at a different runlevel (ex: 1, single user mode)?
Can use "telinit [RUNLEVEL]" to change it. The .target file will correlate to a specific runlevel (0-6). 0 = poweroff, 6 = reboot .
30
how does SYSVINIT start at a different runlevel by default?
/etc/unittab = IN SYSVINIT : first file read, it have a line that shows "id:3:initdefault" this number 3, or other number will be the default runlevel for the system. init [#] = change current runlevel
31
what is Masking a service?
disabling a service dosent mean some of its dependencies wont be loaded during init. to prevent this from happening, mask the service with "mask". This create a symbolic link to /dev/null
32
whats the command to change a hostname without breaking anything?
hostnamectl set-hostname [hostname]
33
halt the system and then power it off (gentle for the system)
halt -p OR shutdown -P
*
reboot = shutdown -r
only halt the machine = shutdown -H
(shutdown -k = kidding, send a message that it wills shutdown, to scare users off the system but dosent actually do anything.)
34
command that show process, and what is the most common options?
ps -aux (a=show process from all users, -u=show user infos, x=also show process without a terminal attached.
35
typical block size of a block device
512 bytes
36
What are Pages :
What is the Cache :
What are Slabs :
What are Pages : The kerneel uses pages to manage memory on a system.
What is the Cache : Cache the page write to caches.
What are Slabs : Caches are made of slabs. Typically 1 slab = 1 page
37
SIGHUP (1) =
hang up and restart process. Also called "bounce", so program can re-read its config file.
38
SIGINT (2)
Interrupt process (Ctrl+C)
39
SIGKILL (9)
kill process (the hard way) [kill -9 PID]
40
SIGTERM (15)
erminate the signal (the polite way) [default kill command]
41
SIGTSTP (20)
(Ctrl+Z) Stop the terminal, and pause the process while putting it in background
42
SIGSTOP (23)
stop execution (the hard way too)
43
difference between kill vs killall
kill -9 [#PID] stops a process, while killall stop processes based on a search (often a search with pgrep !)
44
what's pgrep
used to find commands, usually before using killall
45
list open file
lsof
46
4 ways to do job control (putting a job in the backgroud) :
* using jobs : [jobs = shows jobs, bg = puts in bg, fg = bring back in fg] + indicated default acted-upon job, and - mean previous job
* [command] & = run the command in background mode
* CTRL+Z = suspend current process and put it in "bg"
* Using "screen"
47
2 commands, to start a program with lower priority (10) and change a running program's priority :
nice -n 10 [program] = to start a program with lower priority (10)
renice -n 10 [PID] = change the priority of the specified process
* nice value (niceness) ranges from -20 (highest priority value) to 19 (lowest priority value) and the default is 0
48
whats the command to see most used processes, and whats its most used controls?
top "space khindr" :
spacebar = refresh
k = prompt to kill process
h = help
i = toggle display of interactive and zombie processes
n = prompt number of processes to display
d = used when running the process to specify refresh rate (ex : top -d 1)
r = prompt for renice
49
single command that lets you run another command and the logout while command keep running
nohup [command] . ( Can also use screen for that. )
50
how does screen works? :
* Ctrl+A to do anything in screen ***
* CTRL+A C = Open a new screen terminal
* CTRL+A [P,N] = Open Previous or Next terminal
* CTRL+A " (double quotation mark) = shows all open windows and let you chose one
* CTRL+A D = Detatch the session ! (so you can log off and it keeps going)
* CTRL+A X = to lock screen (password in home folder under .screenrc)
* screen -ls = shows all detatched screens!
* screen -r [PID] = reattach that screen
* screen [SomeProgram] = starts that program in a new screen automatically
* exit to close a screen terminal
51
how to refer to another user's home directory? :
~username
52
what does [abc123] means?
it means "any caracter from this set"
53
2 commands for determining file type
file and stat
54
whats the difference between hard links and symbolic links ?
hard link : refers directly to the inode of a file. Symbolic links : refer directly to the file name, which refers to the inode
55
how to correctly copy dir1 into dir2 :
cp -r dir1/* dir2
56
how do you refer to the file address on a remote systems?
[remote username]@[remote address]:[file destination]
57
what is the option on commands ssh and scp to provide a private key? :
-i [private key]
58
Command to synchronise data on a system, or between systems, and how does it function? :
rsync -ar [source] [destination]
(and to enable delete when syncing : --delete)
-z = for compression, useful when transfering over the network
59
Command to compare two files, and its most used options :
diff -qry
| q=quiet(less verbose), -r=recursive, y=show files in two columns next to eachothers
60
How to patch file1 so that it had the changes of file1 :
with patch and diff like this:
| diff /etc/file1 /etc/file2 > /etc/somefile.patch; patch /etc/file1 < /etc/somefile.patch
61
does mv need recursive option added?
no, mv does not have any recursive -r option to add. careful tho because will on a lot of distribution overwrite existing files
62
how to make many directories levels at once?
-p : remove or add a whole subdirectory list tree in one go, ex : mkdir -p dir1/dir2/dir3/dir4
63
difference rmdir and rm :
rmdir dosent have a recursive option. thats why its probably better to always use rm instead to remove files and folders. use rm -r to recursive remove folders.
64
what are 3 ways of finding a file on a system? :
1- find (slow and methodical: find [startpath] [-option] [argument]),
2- locate (quicker, searcg trough a database, updatedb = update the db immidiately, -i = case insensitive),
3- whereis (quickest, only work with commands to show its basic files locations, ex: whereis ls )
65
with grep, how to shows a numeric count of times it matches
-c
66
with grep, prints the filename for each occurence
-H
67
make grep pattern not case sensitive :
-i
68
grep only shows the filename and nothing else :
-l
69
grep recursively read and process a whole directory :
-r
70
grep whole words only, the string cant be attached to another word:
-w
71
grep only return lines that dont match :
-v
72
grep compare with a term file (2 ways) :
fgrep -f searchtermsfile.txt filetosearch.txt OR grep -F
73
grep match word1 OR word2 (2 ways) :
egrep '(word1|word2)' file OR grep -E
74
regular expressions :
. = replace a single caracter
? = replace a single optional caracter
* = replace any number of caracter, from, zero to any
+ = item must be matched at least once, and can be matched many times
{n} = the item is matched n times
{n,} = the item is matched n times or more
{n,m} = the item is matched n to m times
[^e] = the expression e cannot be matched
\ or e$ = result must finish with this expression
[abc] = result can contain a, b and/or c
75
command to shows the output in a easely naviguable output :
less
76
command to return all the PATH and alias used to run a particular command? :
which -a [command]
77
what is the file permission on a symlink? :
it is always "rwxrwxrwx", by changing the permission on a symlink, it instead change the permissions on the target. symlink can even point to another filesystem or drive.
78
what is data stream 0?
0 = /dev/stdin/ = /proc/self/fd/0 = what most programs accepts as input.
79
what is data stream 1 and 2?
1 = /dev/stdout/ 2 = /dev/stderr/
80
How to NOT show stderr on a terminal command result?
[command] 2> /dev/null
81
How to separate good and bad data in different files:
[command] > gooddata.txt 2> baddata.txt
82
what is a heredocument (also called "heredoc") ?
```
a chosen word, that can be used to start and stop a input. ex: cat << DONE
>hi
>bye
>DONE
hi
bye
```
83
command to determine which terminal device you are connected to right now :
tty
84
difference between these 3: ; && ||
```
; = execute commands independently of eachothers
&& = only execute second command if the first command has exis status of 0 (success)
|| = opposite of &&, bevause the second command will be attempted ONLY if the first command fails.
```
85
what does the backtick around a command does? and how else can you achieve same thing? :
execute this command on its own first. useful to put result of a command in a variable. Same can also be done with $(command)
86
how to let one standard output go normally, while simultaneaously sending that same output to a file (so making 2 outputs from 1)?
tee [filename]
87
how to takes every single lines of output from another previous command and pass it to the next one? :
[previous command] | xarg [next command]
88
difference between echo and printf
echo shows text on a new line, printf show it on the same line (more like a coding thing)
89
how to cat a document backward? (backward line by line)
tac
90
how to view and follow the tail of a log as it grows?
tail -f
91
how to show specific column of text on an output?
cut -c 0-5 (will show only first 5 letter of each line, -d = choose a delimiter)
92
how to append each lines of file2 to the matching line of file1?
paste file1 file2
| join does the same thing as paste, but remove reducdant words, keeping only 1
93
what are the 3 modes of vim, and how to switch between them?
- Command = vim starts and open in command mode, ESC = go back to command mode
- Insert = to type, i = go to insert mode
- LastLine = also called 'ex' mode, : = takes you to last line mode
94
Vim controls for: secondary keys for left, down, up, right. move forward 1 page and move backward 1 page?
* h,j,k,l = secondary keys for left, down, up, right
* CTRL+F = move forward 1 page
* CTRL+B = move backward 1 page
95
Vim controls for: undo, undo all changes since last file save, quit without saving, write and quit
• u = undo once
• :e! = undo all changes since last file save
• :q! = quit without saving
• :wq! = write and quit
* command ending with ! just mean to force that command, sometimes is necessary
96
Vim controls for: delete caracter at cursor, delete current line, delete single word at cursor, open a new line below and start insert mode from there
* x : delete single caracter at cursor
* dd : delete current line
* dw : delete single word at cursor
* o : open a new line below, and start insert mode from there
97
Vim controls for: searching and replacing, pretty much the same as with 'sed'.
```
:s/bob/BOB/ = replace the first instance of bob for BOB in current line
:s/bob/BOB/g = replace all instances of bob for BOB in current line
:%s/bob/BOB/g = replace all instances of bob for BOB in the whole file
```
98
Vim controls for: find that word forward and backward in the text
* /word = find that word forward in the text (from cursor position)
* ?word = find that word backward in the text (also from cursor position)
99
In the TUUUGGGOOO file permission scheme (each rwx is a permission trio), what are the different types (T) possible?:
```
- = normal file
l = sym link
b = block device
c = caracter device
d = directory
```
100
What is the analogy and thing to be careful of with folder permissions? :
Think of folders permissions as a room, read is a window to the room, and execute is the door to the room. write = if a user has write permission in a directory, he can add and delete every files in that directory (Warning!).
101
Is chmod recursive by default? :
No, it need to use -R for that.
102
Whats SUID, and how to add it? :
(Set User ID) = allows a user to run a program as if he was the owner of that program (often that owner is root). To set, user Octal method and add a 4 in front (ex : chmod 4777 file, OR chmod u+s)
103
Whats SGID, and how to add it? :
(Set Group ID) = When set of a directory, the permission automatically gives group ownership of all new files created in the directory to the group owner of the directory. To set, user Octal method and add a 4 in front (chmod 2XXX, OR chmod g+s)
104
Whats a stick bit, and how to add it?
Prevent non owners or non-root from deleting files in a directory (chmod 1XXX)
105
how to show ACL permissions of a file, and set it :
• getfacl file1 = show permissions of a file
• setfacl -m u:bob:rw file1 = set access list on a file. -m is to modify the acl.
*u=user g=group m=mask
*make sure the package name "acl" is installed first
*setfacl -m m::rx file1 = remove read and execute from the ACL Mask
106
How to see and change the default permissions of a created file? :
* with Maximum default value - Umask
| * Maximum default value is : files it is set at : rw-rw-rw- and folders it is set at : rwxrwxrwx
107
how to put limits on what a user can do? :
ulimit
108
how to change the owner or group owner of a file or folder? :
chown user:group file (-R = make it recursive).
| * For only changing the group, the chgrp command exists too.
109
Command to set password security limits to users?:
chage [username] (-l to see current settings.)
110
What does the different UID range mean?:
```
0 = Root
1 = bin user, responsible for some system binaries and nonlogin accounts.
99 = the nobody account. mainly used for anonymous access on ftp and http servers, and sometimes NFS from root
1-499 = service accounts
500+ = standard accounts.
```
111
Difference between "su - [username]" and "su [username]"? :
* su - (or -l) = switch user and shell
| * su = just change user to root but dosent change the shell [less recommended]
112
Best way to edit the /etc/sudoer file without risking errors and conflicts? :
visudo
113
How to set Mandatory Access Control? (MAC) :
Use SELinux. SELinux "locks down" processes, diminishing potential damages from a compromised process.
*Whenever MAC is activated, both DAC and MAC will overlap. Usually MAC controls are evaluated first, and if the access is granted, then the file permissions are granted.
114
How to show current SELinux mode and set it :
getinforce, and setinforce [#]. (1 to put SELinux in enforcing mode, 2 for permissive mode which only logs but never block.)
115
How does the SELinux policy work? :
SELinux is a collection of rules that determine what restrictions are imposed by the policy. each rule is a boolean. getbool will show rules of the policy. setsebool will set it.
116
How to see a file or process SELinux context? :
with -Z. (ps -Z for processes, ls -Z for files and folders.)
117
Whats another MAC system that plays a role very similar to SELinux? less used than SELinux, but SUSE use it. :
AppArmor. control of apparmor is done with commands like aa-status, or aa-disable, etc..
118
Whats the 3 types of compressions that can be used with a TAR archive, and whats the option letter? :
* gunzip = .tar.gzip = lowest compression = most frequent = z
* bunzip2 = .tar.bz2 = medium compression = j
* unxz = .tar.xz = highest compression = use more memory, newer = J
119
Whats the format and order to writing a TAR command? :
1. tar -->2. c,t,x (create, list, expand) --->3. v (verbose) --->4. z, j, J (gunzip, bzip, xz) --->5. f (filename) ---> [files or folders to compress]
* EX : tar -cvzf tecmint-14-09-12.tar /home/tecmint/
120
How to zip and unzip a file (instead of tar) :
* zip endfile.zip file1 file2 file3
| * unzip [filename.zip]
121
"copy in/out" command? :
cpio
122
How to create backup images of cds and dvd in a ISO format? :
with the "dd" command. ( dd if=[origin] of=[destination] )
123
how to compress and expand files?:
use short version of the command for compress, and long for expand! ex: gzip and gunzip.
bunzip and bzip.
unxz and xz
124
Some account can be remote, and that means they wont show up in the /etc/passwd and /etc/shadow. How to find them? :
getent passwd [user] getent look at the nsswitch (network share switch) file to know where to look for remote accounts, at /etc/nsswitch.conf
125
How are user entries in /etc/passwd formatted (ross:x:500:100:Ross Brunson:/home/ross:/bin/bash) ? :
[username]:[password]:[UID]:[Primary GID]:[Optional Description (called GECOS)]:[home dir]:[login shell]
126
what are /etc/securetty and /etc/usertty files?
specifies from where the root is allowed to log in, and how users are allowed to log in (for systems that dont use PAM..)
127
where is a user primary group and secondary group(s) assigned? :
• Primary groups : defined in the /etc/passwd
• Secondary groups : if a user appear in the /etc/group entry of a group, the user is a member of that group.
* /etc/group = group equivalent of /etc/passwd
128
3 Important GID (Group IDs) :
• 0 = the root group. anyone in this group has access to ressources restricted by the root account.
• 1 = the bin group. Similar to the bin user account
• 100 = the users group. you can place users there and assign it things that all users should have access to.
* ONLY ON REDHAT BASED DISTROS : If a user isnt assigned a primary group, he will be put in a User Private Group (UPG) . It is a group ID that matches the user's UID and has the same name as the user.
129
what does newgrp [groupname] do? :
temporarly open a new shell with the group as primary group.
130
difference between useradd and adduser? :
• adduser = prompt for each field
• useradd = use defaults
*
On red had, all these are done by default :
• its add the user with next available UID
• set user on the default group "users" (GID 100), except for red hat, where it set a GID same as UID and group name same too.
• it creates a home directory at /home/[username]/
• it copies the content of /etc/skel/ directory into the home directory
• the default shell is /bin/bash
*
on debian, it has to be specified :
• -D = display (when user alone), or change (when preceding another argument) the defaults, located in /etc/default/useradd
• -k = add content of skeleton directory into home
• -m -d = used together, create home directory and set it as default
• -s = define the default shell, because by default it will be blank on debian, system will assume /bin/sh
• -g = set primary GID
• -G = set secondary group membershi^
• -e = set expiration date on account, after which it will be disabled
• -o = allows creation of a non-unique UID (DANGER!)
131
how to create a new group? :
groupadd [somegroup]
132
Whats the best way to modify a user? :
usermod :
• -c = modify the GECOS
• -d = change the home directory (but not the permissions of that dirctory!)
• -e = change date account expire
• -f = change numbers of inactive days
• -g = change primary group, can be specified by group name or by GID
• -G = change secondary groups, coma seperated (CAREFUL this will OVERWRITE current groups!)
• -s = change path of login shell
• -u = change UID (WARNING : only will modify the uid ownership of files in the home directory, not others.)
• -L = locks the account by prefixing the password in /etc/shadow with a exclamation mark ( ! )
• -U = remove that lock (from -L)
* Another way to lock and unlock an account, is with : passwd -l and -u [account name]
133
What's the format for the shadow file entries, for snuffy:$AECF%115691AsdfahGgG461:16263:0:99999:7:30:17000: ?
[user]:[ Encrypted password ]:[age]:[min age]:[max age]:[warning]:[max inactive after warning]:[acc expiration date, in days from 1st jan 1970]
134
How to limit users to a certain amount of space per filesystem? :
with the "quota" command
*
• quota = show quota limit/space
• quotaon = turn on quota
• quotaoff = turn off quota
• quotacheck = verify that each user's usage is correct and update value if necessary
• edquotas = edit user's quota amounts
• aquota.user = specify bin file that contains user quotas infos
• aquota.group = specify bin file that contains group quotas infos
• usrquota = specifies /etc/fstab option for user quotas
• groupquota = specifies /etc/fstab option for group quotas
• sudo repquota -a = get the quota infos of of all users
* Soft limit : can be exceded with warnings untill grace period is over
* Hard limit : cannot be exceded (usually set higher than soft limit)
* Grace Period : the soft limit can be exceded up to the hard limit until grace period is over.
* to set quotas, first need to edit fstab to enable quotas on partition, and next use edquota to set quota to user.
135
order of login shell's scripts :
1- /etc/profile = first profile script for shells
2- /etc/profile.d = next profile scripts to be ran
3- ~/.bash_profile = next one after that, this one after only one single user
4- if the shell dosent file a ~/.bash_profile file it also looks for a .bash_login and .profile and stop looking after that
5- ~/.bashrc will be ran
136
determinig current user(s) in 4 levels of complexity :
* whoami = only shows username
* who = show who is connected to the system right now, one or more people.
* id = shows GID UID and secondary groups of the user you are connected as
* w = lots more infos on all connected users, like login times, ip
137
how to show a history of last connexions to the system? :
last
138
what are authentication modules called? :
Pluggable Authentication Modules (PAMs)
*
/etc/pam.d/ = *Directory* where programs will setup their PAM service modules. if its for a service, the name of the file in pam.d will match the name of the service or program exactly.
/etc/pam.conf = *file* for defaults if the directory /etc/pam.d/ dosent have the file for a program.
*
Format of the services configuration of /etc/pam.conf:
service type control module-path module-arguments
139
In PAM modules, what does the control types mean: required, requisite, sufficient, optional? :
required (fail), requisite (defer to application), sufficient (can fail and still allow auth to occur), optional (dosent affect auth if fail).
140
whats the pam pam_tally2 purpose? :
(/usr/sbin/pam_tally2), it protects against brute-force attacks by counting the number of authentication attempts, refer to any configured timeouts and ensure they are followed upon.
141
what does the -l option add when connecting with ssh? :
let you choose the user to connect with. ssh -l [username] [remotehost]. Also, -i let you choose the ssh key. also, -x makes x11 tunnel
142
how to generate a public/private keypair? :
ssh-keygen
143
main encryption and signing tool in linux? :
gpg, may be run with no commands, in which case it will perform a reasonable action depending on the type of file it is given as input (an encrypted message is decrypted, a signature is verified, a file containing keys is listed).
* gpg has hundreads of available arguments
144
whats the difference betweem tty and pty? :
```
tty = a terminal, local or remote. comes from the term "teletyper".
pty = a pseudo-terminal, it is a terminal ran from a GUI
```
145
how to move between terminals (at the physical console)? :
with alt+Fkey. You can use Alt+F1 (/dev/tty1) - Alt+F12 (/dev/tty12) to move between terminals.
* Alt+F7 = usually the GUI
146
Whats a TCP wrapper? :
TCP Wrappers is a host-based networking ACL system, used to filter network access to Internet Protocol servers. Using a TCP wrapper in Linux involves placing a controlling daemon ith instructions about who's allowd and denied in front of each service that run on the machine.
147
what's the main dynamic library file thats used for TCP wrapper, referenced by many services? :
libwrap.a
148
what's the daemon responsible for TCP wrapper?
tcpd
*
•/etc/hosts.allow and /etc/hosts.deny = files tcpd daemon check to allow and deny hosts.
• the files are read sequencially and the daemon firt check the .allow before the .deny, and anything in .allow will be allowed before checking the even .deny. a "ALL: ALL" entry in deny file will deny be default anything not in allow.
• /etc/inet.d = the ancient way for using a TCP wrapper was to configure everything there, this isnt the case so much now.
• The syntax of the /etc/hosts.[deny,allow] entries is this :
daemons: hosts : option option
149
in tcpd (daemon responsible for TCP wrapper), whats the difference between the option twist, and spawn? :
•twist : whenever a deny occur, run a command. For example :
service: badhost : twist /bin/echo "F off will ya!"
•spawn : similar to twist, but let the access.
service: goodhost: spawn /bin/echo "Welcome!"
150
VPN difference between Tunnel mode vs transport mode ? :
Tunnel mode = everything is encrypted. Transport mode = only payload is encrypted.
* DTLS protocol used in VPNs : sending TCP packets over a TCP connexion can have too many kinks that would slow down communication, so TCP over a UDP connexion is more reliable.
151
difference between syslog and journald?
The main difference between syslogd and journald is that journald log everything to a binary file and annotate each log entry with metadata.
• syslog = lib applications used for loggins to syslog
• logger = command line tool for logging
152
whats a log "facility"? and how are severity numerated?
facility means the thing that generated the log, and log severity goes from 0 (emergency) to 7 (debug infos). By default when choosing to log 'all', level 7 is left out of the logs.
*
Log facilities :
• Kern = kernel messages
• User = random user-level messages
• mail = email server messages
• daemon = other daemon messages
• auth = security logs that can be public
• syslog = internal messages from syslog itself
• lpr = printing messages
• cron = scheduled jobs
• local[0-7] = eight different user-difinable facilities
153
what is the command to log something?
logger [Message to be logged]
154
whats the general place that syslogs goes to?
/var/log/
• /var/log/messages = general purpose log messages
• /var/log/secure = security logs, like connection attempts
• /var/log/cron = scheduled job logs
• /var/log/xferlg = local FTP server logs
• /var/log/kern.log = the log that dmesg use to display boot message from the most receent bootup
* /var/log/journal/ = for journald's binary
155
important options for journalctl (3) ? :
- ufo =
- u = return particular unit's logs
- f = follow tail
- o = verbose
156
where journald log successful and unsuccessful logins, and the commands to see those? :
* last = command that only shows last successful logins = /var/log/wtmp = the binary file that has that information
* lastb = command that only shows last unsuccessful (bad) logins attempts = /var/log/btmp
157
To uniquely identify hardware, CPU use these 3 things :
* I/O port ( an adress range )
* IRQ (Interrupt Requiest)
* DMA (Direct Memory Access, allow a peripheral to access system memory directly rather than having the CPU intervene.)
158
folder where all devices are listed, as well as "process" files?
/proc/
159
two ways to view informations about a device, for example pci? :
cat /proc/pci OR lspci
160
show all messages produced during booting process (for determining which devices were created during boot) ?
dmesg
161
name of the other "pseudo-filesystem" similar to /proc aimed at making device easier to find? :
sysfs ( located at /sys/ )
162
What's Linux Kernel's Device manager?
udev (and it uses the sysfs and the /sys/ rather than /proc/)
163
Name of the printing daemon :
lpd (line printer daemon)
164
two very basic commands for printing :
```
lp = line printer, command for printing. Uses the "older" LPR protocol. * -d [printer_name] = destination printer
lpr = same as line printer, but was made for BSD kernel * -P [printer_name] = destination printer (for lpr)
```
165
command to shows infos about printers and jobs :
lpstat
166
how to remove files from the line printer queue?
lprm
| * You can also use "cancel [printer_name]" to remove all print jobs from the queue of that printer.
167
the printing server for linux, which interact with lp :
cups. with the CUPS Daemon (Common Unix Printing System)
168
cups command to enable and disable queues, and manage the daemon :
• cupsaccept -P [printername] = enable queue
• cupsreject -P [printername] = disable queue
• cupsctl = comamnds to manage daemon
* /etc/cups/ = folder where config files are.
169
Name of the system used by the system to draw and move windows around :
X Windows System, also called X, or X11.
* isnt providing a mean to log in the system graphically, that's handled by "display manager"
* it does not provide the desktop fuctionnalities. that's provided by a software called "desktop"
* most features inside a drawn window is handeled by "windows manager", not X11
170
a newer, more straightforward and less bloated Linux graphical solution than X. Ubuntu uses it already :
Wayland
171
Remote desktop applications to connect to from a Windows RDP Client :
XRPD
172
Linux equivalent of RDP? :
VNC
173
ping the disk for latency stats :
ioping [file or folder on a disk]
174
I/O Scheduling : each block device can have a different scheduler. Theese tree, what do they mean? noop, cfq, deadline :
• noop = follows the FIFO (First-in, first-out) principle
• cfq = meaning Completely Fair Queue, has a separate queue per process
• deadline = read and write operations are on two separate queues
* This scheduler option is located at : /sys/block/[device]/queue/scheduler EX:
echo "deadline" > /sys/block/sda/queue/scheduler
175
Command to see drive io utilisation? :
iostat (-c for cpu infos!)
176
shows how long running, how many users, average cpu usage of the last 5 10 and 15 minutes :
uptime
177
provide a summary of RAM and swap usage
free
178
What's the OOM Killer?
a feature of the linux kernel, which assign a "badness score" it uses to kill the baddest process when system is out of memory. unfortunately, often the baddest process is the one that uses more memory and is a key process on a server.
179
how to: show swap devices, add a swap device, remove a swap device, and format a device to be swap? :
* swapon -s = show current used swap device
* swapon [file or folder] = add a swap device (dosent stay after reboot)
* swapoff [file or folder] = remove a swap device (dosent stay after reboot)
* mkswap [device, like /dev/sdb1] = to format a partition as swap
180
how to know what version of kernel is currently loaded? :
uname -r
181
Kernel modules are located at :
/usr/lib/modules/[kernel_version]/kernel/
182
command to show currently loaded kernel modules, size, and dependencies :
lsmod
183
VERY BASIC command to remove a kernel module from memory, and command to load one into memory (another better command exist) :
• rmmod [module_name]
• insmod [path/to/module.ko]
* BUT these two dont add or remove dependencies. Thats why its better to use modprobe to add and remove.
184
add and remove a kernel module without needing to specify the exact path to the module:
```
modprobe [module_name] = add module without needing to specify the exact path to the module.
modprobe -r [module_name] = remove a module and all it's dependencies
*/etc/modprobe.conf and /etc/modprobe.d/ = two places to configure modprobe
* modinfo [module_name] : give lots of infos about a module, and shows its currently set options.
```
185
MBR vs GPT: max partition size, max partition per disk,
MBR:
• older
• max 2TB per partitin
• can have up to 4 primary partitions per disk.
• if you need more than 4 partition, one of the primary can become an "extended partition" that itself can be divided into more "logical partitions".
* unlimited amount of logical partitions (but 12 is the max recommended)
GPT :
• newer
• up to 128 primary partitions
• no need then for extended or logical partitions
• Warning : some old partition tools like "fdisk" do not support GPT
186
difference between Real filesystem vs virtual filesystem :
* real filesystem = the base would be the disk
| * virtual filesystem = what linux user see: the base would be root
187
what's a multipath drive? :
indicates a network drive has more than 1 path for accessing it, to remove the network as a single point of failure.
188
difference between /dev/hd[a,b,c,etc] VS /dev/sd[a,b,c,etc] ?
* IDE = Meaning old Pata drives, those are designed as "/dev/hd[a,b,c,etc]"
* Newer disks using the scsi convention : /dev/sd[a,b,c,etc]
189
Allows the creation of "groups of disk", into a single or multiple file system:
LVM (Logical Volume Manager)
• physical volume (PV) = the base unit of storage in LVM
• volume group (VG) = a pool of physical volume
• Logical volumes (LV) = each LV holds a filesystem that can be used by the operating system.
* The boot disk cannot be a LVM, because GRUB dosen't read LVM.
190
directory where Virtual Groups are created by the device mapper (for LVM):
/dev/mapper/
191
defacto partitioning tool for MBR? :
fdisk
* -h = help
* -l = list partitions
* w = write (save) changes
* (GPT is fgor GTP)
192
defacto partitioning tool for GPT :
parted
* parted [/dev/sda] = start a prompt that guides you trough the configuration.
* help = see all commands
* mkpart = create partition
* (MBR is parted)
193
How to create a Physical Volume, Volume Group, or Logical Volume?:
• pvcreate [/dev/sdb] [/dev/sdc] = turn sdb and sdc into physical volumes (PV)
• vgcreate [vg0] [/dev/sdb] [/dev/sdc] = turn sdb and sdc into a volume group vg0.
• lvcreate -L100 -n [lv0] [vg0] = turn vg0 into a Logical Volume lv0
* This will create a new device file at /dev/vg0/lv0 , and can be treated as if it were a partition!
* /dev/vg0/lv0 will be a symbolic link, and /dev/mapper/ directory has files that points to the real device name.
194
how to Show infos about RAID :
mdadm --details OR cat /proc/mdstat (md stands for metadata)
195
Whats the device /dev/md[0,1,2,3,4,etc] ?
the raid devices. (md stands for "metadata".)
196
THE tool to use to create a filesystems? :
mkfs
• mkfs -t [ext3] [/dev/sdb] [optional : size in number of blocks]
• mkfs.ext3 [/dev/sdb] = works also to create a fs!
*In actuality, mkfs is simply a front-end for the various file system builders (mkfs.fstype) available under Linux.
197
command that tell you all the information about the FS, including its current options :
dumpe2fs -h [/dev/sda]
198
command that does a checkdisk on linux :
fsck
199
Chose the amount of times a file system can be mounted before a fsck is forced on it:
tune2fs -c [#]
200
What's XFS
XFS is a filesystem that's used a lot in enterprises, and has its own filesystem tools, formatted for example as xfs_repair or xfs_check
201
unique identifier for a block drive (2)
device uuid (universally unique id) and label (unique within the system)
* /dev/disk/[by-uuid, by-label, by-partuuid]/ = device uuid and label mapping.
* /sys/block = each block device has a folder within /sys/block
202
Filesystem Table, configuration needed to mount each filesystems at boot time:
• /etc/fstab
• [Device] [Mount point] [fs type] [options(separated by comas)] [dump] [fsck]
* Device = ex : /dev/sdb1
* Mount point = directory where the fs will be attached
* FS type = ex : ext3
* options = rw, suid, dev, exec, auto, nouser, async
* Dump = almost always 0. With a 1 it indicated that the dump command should act on it.
* fsck = 0 means dont perform fsck on this fs. 1 means check it first, 2 means check it second, etc..
203
a list of currently mounted filesystems. If you have a disk connected but not mounted, it won't show up there, but once you mount it, it will show up there:
• /etc/mtab
| * /proc/mounts = same as /etc/mtab
204
file that describe the encrypted fs that needs to be decrypted during boot process:
/etc/crypttab
205
How to manually mount a filesystem?
mount [device] [mountpoint]
* -t [type] = select type of fs
* -o [option1,option2,etc] = chose options
* -a = mount all fs listed in fstab
* -r = mount in read-only
* -w = mount in write mode
* -L = mount a given device label, instead of using the device filename.
206
How to unmount a fs? :
umount [mountpoint, device or label]
| * -m = the mounted filesystem will return a list of process that has oppen files on that filesystem. useful.
207
Command to check space utilisation of files and directories :
du (-h for human readable format)
208
Check percentage of used space of the filesystem :
df (-h for human readable format)
209
network manager in the sytemd suite :
networkctl
210
command to add a default gateway :
route add default gw 10.0.0.1
211
Scripts used to bring the interfaces up and down, in RedHat, in Debian, and in Ubuntu (3) :
• In Red Hat = /etc/sysconf/network-scripts/[ifcfg-eth0]
* format using PARAMETER=value format (ex : GATEWAY=192.168.1.1)
• In Debian = /etc/network/interfaces
* each interface defined in the file starts with the keyword "iface" followed by either : inet (for ipv4), inet5, ipx.
• In Ubuntu = /etc/netplan
* YAML format
* netplan apply = command to apply changes, necessary for them to take effect.
212
first file checked during host resolution. Used to specify the order for name resolution :
/etc/nsswitch.conf
| * /etc/host.conf = same as nsswitch.conf, but if both exists, nsswitch.conf have precedence.
213
File used to configure the system's DNS resolver :
/etc/resolv.conf
214
local name resolutions file :
/etc/hosts
215
Command to turn on ip forwarding (to act like a switch):
echo 1 > /proc/sys/net/ipv4/ip_forward
| * can also be configured manually in /etc/sysctl.conf !
216
commands to bring network interface up or down :
ifup, ifdown
217
tool that replaces a lot of older commands like ifup/ifdown, ifconfig, route:
ip
218
command to set or view host's hostname :
hostname
219
a tool to make network configuration more graphic and easy for the CLI :
NetworkManager
* nmtui = graphic tool for cli
* nmcli = purely cli tool
220
display and configure network device settings:
ethtool [eth0]
221
What does the "ss" command does? :
show sockets
* -lt = list TCP sockets
* -lu = list UDP sockets
* -lp = list PID that own that socket
* -n = do not resolve uips to hostnames
* -a = display all infos
* -s = display a summary
222
command to configure an interface :
ifconfig
| * ifconfig eth0 192.168.33.2 netmask 255.255.255.0 up
223
dhcp client daemon, on the client, invoked at startup and on ifup:
dhcpcd
* -k = restart daemon and renew the dhcp address
* dhclient = same as dhcpd -k
* pump = also same as dhcpd -k
224
command to use the nsswitch file to look up hostname resolution?:
getent
* The getent command displays entries from databases supported by the Name Service Switch libraries, which are configured in /etc/nsswitch.conf.
225
Command to show network connexions and statistics, as well as its most usual parameters:
netstat -tunap
* -t = show tcp connexions
* -u = show udp connexions
* -a = show all sockets on all interfaces
* -c = refresh revery 1 second
* -p = show associated process with its name and PID (very useful!!!)
* -s = see statistics
* -r = show routing table
226
command used to configure wireless connections:
iwconfig
227
command to view create or modify an ethernet bridge :
brctl
228
What is the purpose of network card bonding, and how to set it up? :
the purpose of bonding is to have multiple network interfaces act as a single network interface (for more bandwidth). to create an aggregation, first create the bond, and then add network interfaces to the bond :
• ip link add bond0 type bond
• ip link set eth0 master bond0
• ip link set eth1 master bond0
* the bond will show if you network configuration as the interface "bond0"
* if you add the option mode 1 at the end of the bond, active/passive bonding is used to add redundancy to a network connection
229
super useful traceroute-like comamnd that displays results every seconds!( also ma kes a really good "boss screen" ):
mtr
230
Name of the packet sniffer used by wireshark? :
dumpcap
231
The TUI version of wireshark :
tshark
232
default CLI packqet sniffer :
tcpdump
* -c [#] = capture # of packets
* -i eth0 = capture only from interface eth0
* [tcp,upd] = only capture tcp, or udp, packets
* port [#] = only capture port #
* src [10.0.0.1] = only capture source address 10.0.0.1
* dst [10.0.0.1] = only capture destination address 10.0.0.1
* -w [filename] = write the output to a file. This file output is a binary, to read it with tcpdump :
* -r = read the binary file
233
command used to view the arp table (IP to MAC address resolution):
arp
* -i [eth0] = specify an interface
* -d [ip] = remove an address resolution (useful if a network card is replaced)
234
most frequently used port scanner, and command to do banner grabbing, scan UDP ports, specify a port, quickly look what machines are present on a network:
nmap:
• -sU = by default only TCP ports are scanned. -sU will also scan UDP
• -sV = show Version information about services scanned. (with banner grabbing)
• -p [1-65535] = by default only scan about 2000 ports. this will extend the range to port 65535.
• -O = try to determine the OS of the remote machine (with banner grabbing)
• -sP = scan the entire network just to determine which IP address are present. ex: nmap -sP 192.168.1.0/24
235
command to do about anything relating to TCP/UDP connexion, send packets, open connexions, listen to ports, scan port:
nc (netcat)
• -l [portnumber] = listen to a specific port for connexions. ex : nc -l 2222
• nc [host] [portnumber] = try to connect to that port on a host. ex : nc 192.168.0.5 222
* if you do both commands above, to listen on one machine and conenct on the other, once connected, if you write something on one machine it should appear on the other machine.
• [cmd] | nc [host] [portnumber] = on the client, to send output of command to the server.
ex:
server : nc -l 333 | tar xvf -
client : tar xvf - | nc 192.168.0.5 333
* The " - " tells tar to send the output to the standard output
236
Domain ownership lookup tool! Like the online version, but in command line version:
whois
237
What's the purpose of the ipset command? :
create set of ip addresses that are often used for firewalling purposes.
238
display network connections that use the most bandwidth (like the top command does for CPU usage):
iftop
239
the main firewall used by every linux kernel:
iptables
240
iptables can be used for these 4 functions :
* Block network packets
* Forward packets to another system (so local system is acting both as a firewall and as a router)
* Perform NAT
* Modify network packets. (Useful but beyond the scope of the exam)
241
What are the four "filtering points" on iptables:
1- PREROUTING = first part of packet filtering
2- INPUT = second part of packet filtering
3- FORWARD = another filtering point, instead of "INPUT"
4- POSTROUTING = another filtering point. where to apply rules that needs to be applied on outbound packets.
242
four types of firewall rule targets, and what they does?:
* ACCEPT = goes trough to the next filtering point
* DROP = discard the packet, do not inform the originator
* REJECT = discard the packet, and inform the originator of the packet that it was discarded
* LOG = Create a log entry, and also KEEP LOOKING for the next type of target in the sequence.
243
What's the difference between DROP and REJECT firewall rule targets? :
* DROP = discard the packet, do not inform the originator
| * REJECT = discard the packet, and inform the originator of the packet that it was discarded
244
There are 4 tables in the linux kernel's iptables firewall:
* filter : can act on INPUT, FORWARD, or OUTPUT
* nat : can act on PREROUTING, OUTPUT, and POSTROUTING
* mangle : can act on act on all filtering points
* raw : not covered here..
245
iptables commands :
• -t (--table) [table] = specify a table
• -L [FILTERING POINT(optional)] = list rules
• -v = verbose
* ex : iptables -t filter -L INPUT = from the table "filter" show all INPUT rules
• -D [#] = delete a rule # (for example, 1 will delete the first rule..)
• -F = delete all rules (Flush!)
• -A (--append) [rule] = add a rule "at the end"
• -I [#] [rule] = Insert a rule at a specific # in the list, and lower all rules below it by 1
• -s [ip, CIDR, or hostname] = select a source
• -d [ip, CIDR, or hostname] = select a destination
• -j [target] = specify the target of this rule (ex : ACCEPT, DROP, MASQUERADE), j stands for "jump"
* ex : iptables -A INPUT -s 192.168.10.11 -j DROP = drop all packets from 192.168.10.11 at input.
• -p [tcp,udp,icmp] = specify a protocol
• -m [--dport,--sport] [#] = Use a module to specify either a destination (--dport) or source port (--sport)
* port can also by a range, like : -m --dport 1:1024
• -n = display the port number and IP instead of names
• -i [eth0] = specify an interface
• -m state --state NEW,ESTABLISHED = makes the firewall rule "stateful". by default, they are stateless.
246
how to save and restore iptables firewall rules? :
* iptables-save > iptables.txt
| * iptables-restore < iptables.txt
247
What is the difference between these 3 types of NAT? DNAT, SNAT, MASQUERADE:
* DNAT = Destination NAT, the DNAT rules are place on the PREROUTING filtering point.
* SNAT = Static NAT,for when internal addresse are static (no DHCP) rules are placed on the POSTROUTING filtering point.
* MASQUERADE = The most common type of NAT, used when internal machines have dynamically assigned addresses. rules are placed on the POSTROUTING.
248
In what distros is the iptables helper "firewalld" used? :
Red Hat
* zones = categories in which rules are configured
* firewall-cmd = command used to manage firewalld
249
In what distros is the iptables helper "ufw" used? :
Debian-based :
• ufw allow [protocol]
• /etc/default/ufw and /etc/ufw = where rules are stored
250
popular tool to dynamically add rules to block hacking attempts:
fail2ban
* /etc/fail2ban/jail.conf = where hosts are put to "jail"
* /etc/fail2ban/jail.local = config file to add to jail manually
251
agent vs agentless orchestration difference :
agentless = using scripts to know the state of the system
252
command used to configure jobs by manipulating individual user cron table:
crontab
253
what are the 5 colums in a cron table?:
• m = minutes (0-59)
• h = hours (0-23)
• dom = day of month (1-31)
• mon = month (1-12)
• dow = day of week (0-7), 0 and 7 both mean sunday..
* each column must be filled in. need to use and asterix to match every values for a column
* you can spell mon and dow by using the first 3 letters : (ex: jan for january, or wed for wednesday).
254
how to make multiple matches in a cron table, to allows for the same job to run at multiple times without adding multiple lines? (3 ways):
* using comma, for example : 0 0,12 * * * = will run a job at midnight and noon every day.
* giving range of values, for example : 0, 9-17 * * *
* using step values, ex : */30 * * * * = will run the job every 30 minutes
255
how to specify a PATH in a crontab?:
• specify a PATH=[binfolder1:binfolder2:etc] at the top of the crontab.
* other variable that can be specified at the start of the crontab are :
• MAILTO=[name or email] = anything a job print on the screen is mailed to that address
• SHELL=[/path/to/a/shell] = run the job with a different shell (by default its /bin/bash)
• CRONTZ=[timezone] = use an alternative time zone for the crontab
* cron dosen't run your .bash_profile and .bashrc scripts, therefore expect minimal environement with super basic PATH.
256
Whats the systemwide bash profile file, for every user that logs in. Also, whats the one specific, per user?
The /etc/profile file is a systemwide file that the system administrator maintains. This file defines tasks that the shell executes for every user who logs in. The instructions in the file usually set the shell variables, such as PATH, USER, and HOSTNAME.
The ~/.bash_profile file is a configuration file for configuring user environments. The users can modify the default settings and add any extra configurations in it.
***
The ~/.bash_login file contains specific settings that are executed when a user logs in to the system.
The file is yet another configuration file that is read in the absence of the ~/.bash_profile and ~/.bash_login files.
The ~/.bash_logout file contains instructions for the logout procedure.
***
257
where are located the cron directories that automatically run script placed in there either, hourly, daily, weekly, monthly:
under /etc/cron.{hourly,daily,weekly,monthly}
258
folder where all custom crontabs edited with the crontab commands are stored:
/var/spool/cron/
259
for restricting access to cron, ONE of these two files should exist :
• /etc/cron.allow = if this file exist, only users added to it can run cron jobs
• /etc/cron.deny = if this file exist, all users except users added to it can run cron jobs
* if neither exists, only root can run cron jobs.
260
folders for crontab used by the system and distribution itself. (2) :
• /etc/crontab and /etc/cron.d/
| *files there include a 6th column after the matching time, indicating what user should the command be ran as
261
How to schedule a command to run at a certain time, but only once?:
at
* echo "hello today" | at 20:00 today
* at [midnight, noon, teatime, 2pm jul 23, now + 30 minutes, etc...]
262
How to show the queue of "at" commands (2 ways), and how to remove from that queue:
• atq or at -l = show the queue of at commands.
• atrm [#] = will remove jobs from the at command spool.
* /var/spool/at = will show the content of each at commands in queue
263
run tasks at specific threshold of system utilisation (called load average):
batch
* by default, a batch job runs at a future time when 1 minute load average is below or equal 0.8
* atrun -l [loadaverage] : will run at a different load aaverage. EX atrun -l 1.6 = 1.6 load average or below.
264
command that shows current date and time, and how to format it to your liking? :
```
• date +"[dateencoding]"
* ex: date +"%Y-%m-%d" would show : 2021-03-07
* date encodings :
%Y = four digits year
%y = two digits year
%m = two digits month
%d = two digits day
%H = two digits hour in 24 hour mode
%M = two digits minutes
%z = timezone offset
```
265
command that shows everything about time and date and can be useed to chage time and hwc,and the timezone too :
timedatectl
266
how to show the hardware clock time, and how to set it to the same time as the system clock:
• hwclock --systohc = set HC to be the same as system clock
• hwclock = show hardware clock
* hwcloack --set --date="2021-05-05 06:15:01" = example to set the HW clock
267
The config for each zones including the daylight saving infos are located there :
/usr/share/zoneinfo/[location]
* /etc/localtime = the timezone system is using, it is a symlink. to change it, for example :
ln -sf /usr/share/zoneinfo/America/Winnipeg /etc/localtime
268
Environement variable that holds the current timezone value?:
TZ
* tzselect, tzconf9ig, dpkg-reconfigure tzdata = command that are distribution specific and assist with timezone changes
269
What's the oldest type of caracter encoding? :
ASCII ( 7 bits, old, uses code pages )
270
What's the most common type of caracter encoding nowadays? :
UTF-8 ( 1-6 bytes with other 2 bytes extending for other unicode caracters. )
271
The first big evolution of ASCII caracter encoding? :
The Unicode.
* It define each caracter as a "code point", which is a number. the original ascii is mapped to the first 127 values, for compatibility.
272
What's a locale, and how to see it?
locale -a = will show locales available on the system
localectl = command to view and modify locale
It represent the set of :
• Language code
• Country code
• Encoding (sometimes)
* locale = command to show these variables :
* LANGUAGE = consulted when printing a message. ignored for formatting
* LC_ALL = force the locale
* LC_[XXX] = give admin power to override a locale for certain "XXX" elments
* LANG = include caracter encoding, for formatting
273
What's the fallback locale, used to provide output independent locale for programs (better for interoperability) :
C (often called POSIX)
274
In bash scripting, how to refers to the first passed argument?:
$1
| * $0 refers to the script file itself!
275
In bash scripting, how to show the number of arguments passed?:
$#
276
In bash scripting, how to refers to the return code of the last command passed (0 for true and 1 for false (opposite of other language))?:
$?
277
In bash, how to stop a process and give exit code of 0 (by default, means success), or other?:
exit [#]
278
In bash scripting, how to prompt to type and place stdin in the variable $VARNAME :
read VARNAME
279
In bash scripting, how to store the output of a command in $VARNAME (2 ways, with nesting)?:
VARNAME=$(command here)
or
VARNAME=`command`
280
In bash scripting, how to remove $1 and place $2 as $1, 3$ as $2, etc..
shift
281
place this before any metacaracter to escape these special caracter:
\ (Backslash)
282
bash script, if the name variable isnt set, it will return Bob:
echo "Hello, ${name:-Bob}"
283
bash script, will show Bob as the name and save it as the variable name:
echo "Hello, ${name:=Bob}"
284
bash script, will show "Hello Bo" with "Bob" as variable:
echo "Hello ${name: 0:1}"
285
how to run a script that is in the pwd?:
./scriptname.sh
286
force run script with bash:
bash [bashscript.sh]
287
What does it mean to "source" a script?:
It mean to run it with the current shell.
| source [bashscript.sh] OR . [bashscript.sh]
288
Two main configuration files where the PATH is constructed for each user:
• /etc/profile = define global path for all users
• ~/.bash_profile = define custom profile on per-user basis
* adding a path = adding a line at the end of either of those that reads :
export PATH=$PATH:/your/new/path
289
In bash, what is the formatting of a if statement :
if ;then ;elif ;then ;else ;fi
290
In bash, how to test a logic (3 ways) :
* if test -f /etc/passwd; then echo password file exist; fi
* Square brackets [ test statement ] OR two square brackets [[ test statement ]]= the SAME as running a test command on whats inside!!! Note: make sure to leave spaces on each side of brackets : [ ok ] [not ok] .
291
Take a look at these test logics:
STRING1 = STRING2
the strings are equal
STRING1 != STRING2
the strings are not equal
INTEGER1 -eq INTEGER2
INTEGER1 is equal to INTEGER2
INTEGER1 -ge INTEGER2
INTEGER1 is greater than or equal to INTEGER2
INTEGER1 -gt INTEGER2
INTEGER1 is greater than INTEGER2
INTEGER1 -le INTEGER2
INTEGER1 is less than or equal to INTEGER2
INTEGER1 -lt INTEGER2
INTEGER1 is less than INTEGER2
INTEGER1 -ne INTEGER2
INTEGER1 is not equal to INTEGER2
FILE1 -ef FILE2
FILE1 and FILE2 have the same device and inode numbers
FILE1 -nt FILE2
FILE1 is newer (modification date) than FILE2
FILE1 -ot FILE2
FILE1 is older than FILE2
-b FILE
FILE exists and is block special
-c FILE
FILE exists and is character special
-d FILE
FILE exists and is a directory
-e FILE
FILE exists
-f FILE
FILE exists and is a regular file
-g FILE
FILE exists and is set-group-ID
-G FILE
FILE exists and is owned by the effective group ID
-h FILE
FILE exists and is a symbolic link (same as -L)
-k FILE
FILE exists and has its sticky bit set
-L FILE
FILE exists and is a symbolic link (same as -h)
- a , && = AND
- o , || = OR
292
instead of using if/then/else commands when having to many things to check, use this switch statement:
```
case
• case [$variable] in = each case starts with a description of the value to be tested, in this form.
• string to be matched) = if this is true the command below will run
• command to run
• ;; = at the end of each statement
• esac = at the end of case, (case reversed)
*ex:
case $1 in
start)
echo "starting process"
;;
stop)
echo "stopping process"
*)
echo "I need to hear start or stop"
esac
```
293
how are for loops built? :
```
for variable in collection ; do something; done
*ex:
for name in ross mary jo bob
do echo $name
done
```
294
How to iterate from first # to second #, extremely userful to use within loops!
with "seq # #", ex:
for i in $(seq 1 10)
do curl -O http://example.com/downloads/file$1.html
done
295
how to do while loops, and whats the opposite of while loop?:
```
while [[ logic ]]; do command; done
* the opposite is until.
* ex:
while [[ -f /var/lock/script1 ]] ; do
echo waiting
sleep 10
done
```
296
in git what's a merge?:
when 2 devs fwork on the same file, then their 2 versions have to be "merged" into a single file and sometimes decisions have to be make on what code will be kept if they work on the same file part.
297
3rd generation commit and merge, its what git use:
DAG (Directed Acyclic Graph)
298
name of the package needed for git:
git or git-all
299
how to set git username and password:
git config --global user.name [username]
| git config --global user.email [email]
300
3 stages of sending local files to the .git repo:
* git add [filename] = add a file to staging area. ('git add . ' = add all files in staging area)
* git commit -m "message of explanaton" = commit the staging area to the local working directory. Each commit is a snapshot of your files.
* git push -u origin master = push your local project to the server's .git repository.
301
In Git, how to show the status of commit, the working area and staging area:
git status
302
In Git, how to create a new branch?
git branch [newbranchname]
303
In Git, how to move to a different branch or commit?
git checkout [branchname or commit hash]
304
In Git, how to merge two branches together?:
git merge [branchname] = Merge "branchname" into the current branch. command often ran from master branch.
305
In Git, how to compare current file with last one commited, how to compare 2 branches?:
* git diff [localfile] = compare the current file with the last one commited.
* git diff [branch1] [branch2] = compare 2 branches
306
In Git, this command without argument shows the branches:
git branch
307
This package helps to resolve merge conflicts in Git:
mergetool
308
in Git, shows changes:
git log *[--oneline, --decorate, --all = 3 levels of verbose]
309
in Git, how to create your .git own repo.. usually not done because of convenience of bitbucket and github:
git init
310
What's a IPA (Identity Policy and Audit)? :
Think of a Domain Controller. can do LDAP, Keberos, NTP, DNS, CA..
311
where publicly available ntp servers are. sorted based stratum:
pool.ntp.org (stratum value 0-15 where 0 is the most accurate.)
312
Name of two common mail servers in linux. One is simple and one is more complex:
postfix (most simple to setup) and sendmail (most complex)
313
name of the audit daemon that log user account activity:
auditd
314
in the linux tree, where 3rd party software that's deployed in a monolithic fashion is deployed:
/opt
315
in the linux tree, where software not managed by the system packager, but still following the standard unix deployment rules are installed:
/usr/local/
316
kernel module that handles the encryption and decryption:
dm-crypt
| * LUKS ( Linux Unified Key Setup ) = disk encryption method used by linux.
317
what file is used to restrict cron from some users?:
/etc/cron.deny
318
To use with Kerberos, two utilities, one utility to obtain a individual ticket, and one utility to list cached kerberos tickets:
* kinit = utility to obtain a individual ticket
| * klist = utiliity to list cached kerberos tickets.
319
How to disable root login?(best practice):
set /etc/ssh/ssh_config line : PermitRootLogin no
