General CompTIA Linux+ Questions Flashcards

Question

How do you add an address to a device with the ip command? (Pgs. 450-451)

Answer 1

ip addr add dev -- Adds an address to a device.

Answer 2

ip addr del dev -- Deletes an address from a device.

Answer 3

ip route add via dev -- Adds a network route.

Answer 4

ip -s addr OR ip -s link -- The “-s” option can be used to display statistics for a network entity like IP addresses or MAC addresses, respectively.

Answer 5

IP Terms: - “link” = MAC address of the network board. - “inet” = IPv4 address and subnet mask assigned to an interface. - “inet6” = IPv6 address and subnet mask assigned to an interface. - “brd” = Broadcast address of the network segment.

Answer 6

BOOTPROTO -- Specifies whether the network interface has a static or dynamic (DHCP) addressing scheme. IPADDR -- Specifies the base address for a network interface. NETMASK -- Specifies the network mask for a network interface. BROADCAST -- Specifies the broadcast address for a network interface.

Answer 7

/etc/nsswitch.conf -- (Name Service Switch) The file designates the order in which name servers will be used to search for name resolution. It also defines which name servers to use for specific service types. /etc/resolv.conf -- The file resolves the hostnames of name servers to their IP addresses.

Answer 8

/etc/systemd/resolved.conf -- This configures the DNS for a system and defines IP addresses for DNS servers.

Answer 9

The /etc/systemd/resolved.conf file can be edited by creating a configuration file either under /etc/systemd/resolved.conf.d/* or /etc/netplan/*, depending on the distro.

Answer 10

"PAM" = "Pluggable Authentication Modules"

Answer 11

/etc/pam.d

Answer 12

Authentication Tasks, Control Keyword, Module (.so)

Answer 13

List of Authentication Tasks: account -- Requests account verification services (e.g., whether password has expired). auth -- Authenticates a user, request a password, and set up credentials. password -- User must insert a password. session -- Designates settings for a service session.

Answer 14

List of Control Keywords: required -- If fails, operation fails after running through all other modules. requisite -- If fails, operation fails immediately. sufficient -- If succeeds, that is enough for the operation to succeed. optional -- If fails, operation is okay, unless it is the only module in the stack.

Answer 15

passwd -- Brings up dialog to change password.

Answer 16

passwd -l -- Locks user account.

Answer 17

passwd -n <#> -- Sets the minimum number of days before password change.

Answer 18

passwd -x <#> -- Sets the maximum number of days before password expiration.

Answer 19

passwd -w <#> -- Sets the number of warn days before password expiration.

Answer 20

passwd -i <#> -- Sets the number of days account is accessible after password expiration.

Answer 21

passwd -S -- Displays all password aging information. (Equivalent to chage -l .)

Answer 22

/etc/default/grub (default variables for configuring GRUB2) and /boot/grub2/grub.cfg (GRUB2's main config file)

Answer 23

Variables in /etc/default/grub: GRUB_TIMEOUT -- The time (in seconds) allowed before GRUB selects the default OS to boot. GRUB_DEFAULT -- The default OS to boot for a system.

Answer 24

journalctl -b <#> -- Lists the boot messages from the # boot for the system. Positive number is the first nth boot of Linux. Negative number is the last nth boot of Linux. (Negative is probably more useful.)

Answer 25

journalctl -u -- Lists the journal log messages for the specified service.

Answer 26

user.name and user.email

Answer 27

systemctl emergency

Answer 28

route add -net \ netmask \ gw \ -- Add a gateway route. route del -net \ netmask \ gw \ -- Delete a gateway route.

Answer 29

route add default gw -- Adds a default gateway.

Answer 30

Lists network connections (-a for all), routing table (-r), and network interface information (-i).

Answer 31

"ss" = "Show Sockets"

Answer 32

ss -a OR netstat -a -- This displays all listening and nonlistening sockets on the network.

Answer 33

netstat -i -- This displays statistics on network interfaces.

Answer 34

netstat -r -- This displays the routing table for a network.

Answer 35

ss -lt OR netstat -lt -- This displays all of the actively listening TCP sockets on the network. (“-l” = Listening; “-t” = TCP)

Answer 36

ss -s OR netstat -s -- This displays a summary of the connections per protocol (total UDP, TCP, INET, etc.).

Answer 37

chattr +i -- Adds immutable attribute.

Answer 38

chattr +c -- Adds compressed attribute.

Answer 39

chattr +j -- Adds data journaling attribute.

Answer 40

chattr +s -- Adds synchronous updates attribute.

Answer 41

No one can delete the file. You would have to do a chattr -i to remove the immutability.

Answer 42

An alternative initialization system (versus init) that allows for asynchronous initialization of processes, rather than the traditional, forced synchronous order.

Answer 43

There are 6 fields.

Answer 44

device/partition, directory mount point, filesystem type, mount options, filesystem should be backed up with dump?, order of fsck on reboot

Answer 45

Root should have an order number of 1.

Answer 46

Other partitions should have an order number of 2. (Swap partitions can be a 0.)

Answer 47

ext3 -- Common journaled filesystem. ext4 -- Common journaled filesystem with support for larger volumes and files than ext3. xfs -- Journaled filesystem that uses parallel I/O. btrfs -- Journaled filesystem and default filesystem for SUSE. reiserfs -- Journaled filesystem. Predecessor to btrfs. nfs -- Allows filesystem access over a network. (NOT JOURNALED!) ntfs -- Journaled filesystem related to Microsoft. Microsoft's New Technology File System (NTFS).

Answer 48

mkfs -t OR mkfs. -- This will mount a specified filesystem to a partition.

Answer 49

mke2fs -j -- Adds a journaling filesystem to a partition.

Answer 50

tune2fs -L -- Adds a label to a partition.

Answer 51

tune2fs -j -- Adds a journaling filesystem to a partition.

Answer 52

Example: tune2fs -c 3 /dev/sdb1 -- This states that after 3 mounts the specified partition “/dev/sdb1” must be checked by fsck.

Answer 53

Example: tune2fs -m 5 /dev/sdb1 -- This states that 5% of the specified partition “/dev/sdb1” must be reserved for the root user to help clean up full disk drives.

Answer 54

Example: tune2fs -i 2w /dev/sda5 -- This states that the specified partition “/dev/sda5” must be checked by fsck on 2-week intervals. (Other Examples: “30d” = 30 days and “4m” = 4 months)

Answer 55

tune2fs -e -- This specifies that when an error is detected for a filesystem, it should do one of the following.: - continue -- Continue normal execution. - remount-ro -- Remount the filesystem in read-only mode. - panic -- Go into kernel panic.

Answer 56

userdel -- This deletes the specified userid, just removing their /etc/passwd and /etc/shadow entries.

Answer 57

userdel -r -- This wholly deletes the specified userid, removing their directory, jobs, and mail.

Answer 58

Time Zone Config Files: /usr/share/zoneinfo Directory -- Contains a number of binary files with worldwide time zones. /etc/localtime -- From the /usr/share/zoneinfo, a file is set to this file to set the system's time zone.

Answer 59

Example: localectl set-locale LANG=en_US.UTF-8 -- Sets the locale and keyboard settings to US English/UTF-8.

Answer 60

localectl status -- Lists the current locale setting on the Linux system.

Answer 61

localectl list-locales -- Lists available locale settings.

Answer 62

0666 -- For a file, read and write permissions for user, group, and other.

Answer 63

0777 -- For a directory, read, write, and execute permissions for user, group, and other.

Answer 64

0022 -- The default umask is to remove the write permissions from group and other users.

Answer 65

Example: umask 0033 -- Removes write and execute permissions for files and directories for group and other users.

Answer 66

It shows the amount of disk space still free under the system's disk partitions.

Answer 67

"df" = "Disk Free"

Answer 68

df -h -- Human-readable format (an essential argument).

Answer 69

df -T -- Displays filesystem type for each partition.

Answer 70

df -i -- Displays remaining inodes for each partition.

Answer 71

It shows the amount of space used under a directory.

Answer 72

"du" = "Directory Usage"

Answer 73

du -h -- Human-readable format (an essential argument).

Answer 74

du -c -- Calculates the total disk space usage for a directory.

Answer 75

du -s -- Prints a summary of disk space usage for a directory. (Does not list total for subdirectories.)

Answer 76

mq-deadline is a job scheduler which sorts I/O requests in batches. It is useful for virtualized guest users.

Answer 77

/sys/block/sda/queue/scheduler -- Defines the scheduler for a system ("sda" could be a different disk name).

Answer 78

"mdadm" = "Meta-Device ADMinistrator"

Answer 79

/dev/md0 -- The first meta-device on a system.

Answer 80

mdadm -C /dev/md0 \--level=1 \--raid-disks=2 /dev/sdb /dev/sdc -- This creates a RAID Level 1 array out of two disks (/dev/sdb and /dev/sdc). The meta-device /dev/md0 is created out of this action.

Answer 81

mdadm - -detail \ -- Displays the details of the meta-device.

Answer 82

Add the meta-device filesystem to the filesystem table /etc/fstab.

Answer 83

virsh is used to manage virtual machine hypervisors on Linux. This is specifically a Red Hat-based tool.

Answer 84

virsh list \--all -- Lists all available VM domains.

Answer 85

Example: virsh start test -- Starts up the VM "test."

Answer 86

Example: virsh shutdown test -- Shuts down the VM "test."

Answer 87

Example: virsh \--escape ^[ -- Sets "^[" as the escape character sequence.

Answer 88

It is a command that allows you to search a device for bad storage blocks.

Answer 89

firewall-cmd - -get-default-zone -- Displays the current default zone.

Answer 90

firewall-cmd - -set-default-zone= -- Sets the current default zone to a specified zone.

Answer 91

firewall-cmd \--list-all -- Displays all services and interfaces allowed through a zone.

Answer 92

Example: firewall-cmd \--add-service=http \--zone=home -- Allows the HTTP service to pass through the "home" zone.

Answer 93

firewall-cmd --permanent -- Applies a firewall change to be persistent, including on reboot.

Answer 94

firewall-cmd - -reload -- Reloads the firewall config to put it into effect.

Answer 95

FORWARD, INPUT, OUTPUT

Answer 96

ACCEPT, DROP, QUEUE, REJECT

Answer 97

iptables -L -- Lists all rules in iptables chain.

Answer 98

Example: iptables -D FORWARD 1 -- Deletes the first rule in the FORWARD chain.

Answer 99

Example: iptables -P INPUT DROP -- Specifies that the default policy for the INPUT chain is to DROP connections.

Answer 100

Example: iptables -A INPUT -s 0/0 -p icmp -j DROP -- Sets that ICMP traffic should be dropped from all IP addresses (0/0).

Answer 101

Example: iptables -A INPUT -i eth0 -s 192.168.2.0/24 -j ACCEPT -- Set that traffic from the 192.168.2.0 network on interface eth0 should be accepted.

Answer 102

chkconfig -l -- Lists all services. ("-l" = Lowercase L)

Answer 103

Example: chkconfig auditd on -- Turns on the auditd daemon.

Answer 104

Example: chkconfig \--level 35 auditd on -- Turns on the auditd daemon at levels 3 and 5.

Answer 105

Anaconda is a Linux system installer for Red Hat systems.

Answer 106

There are 7 properties.

Answer 107

user_name, password, UID, GID, comment/GECOS, home_directory, default_shell

Answer 108

There are 6 fields.

Answer 109

Minute, Hour, Day of Month, Month, Day of Week, Command

Answer 110

/etc/crontab

Answer 111

/etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly

Answer 112

Every Minute

Answer 113

/var/spool/cron/crontabs/\ -- In other distributions, the “crontabs” part of the path could be just “tabs” or not be present at all.

Answer 114

crontab -e -- This edits a user’s crontab file in an editor interface.

Answer 115

crontab -l -- This lists out the jobs in a crontab file. ("-l" = Lowercase L)

Answer 116

crontab -r -- This removes/deletes the user’s crontab file.

Answer 117

"nm" = "NetworkManager"

Answer 118

They are used to manage network connections. The NMTUI tool is a Text User Interface, providing a graphical tool to change network settings. And the NMCLI tool is a Command Line Interface, providing a terminal interface for users to change network settings.

Answer 119

Rununit Runlevels: 0 -- Halt 1 -- Text-based Single-user Mode/Rescue Mode 3 -- Text-based Multi-user Mode 5 -- Graphical-based Multi-user Mode 6 -- Reboot

Answer 120

Example: systemctl isolate runlevel5.target -- Sets the current runlevel to Runlevel 5.

Answer 121

Example: systemctl set-default runlevel5.target -- Sets the default runlevel to Runlevel 5.

Answer 122

There will be an exclamation point (!) preceding the password field in /etc/shadow.

Answer 123

There will be two exclamation points (!!) preceding the password field in /etc/shadow. (This may differ in different distros; it could be set as only one exclamation point.)

Answer 124

There will be an asterisk ("\*") in the password field in /etc/shadow.

Answer 125

4 -- SUID (4000)

Answer 126

2 -- SGID (2000)

Answer 127

1 -- Sticky Bit (1000)

Answer 128

20 & 21 -- FTP

Answer 129

23 -- Telnet

Answer 130

25 -- SMTP

Answer 131

80 -- HTTP

Answer 132

110 -- POP3

Answer 133

123 -- NTP

Answer 134

389 -- LDAP

Answer 135

443 -- HTTPS

Answer 136

161 & 162 -- SNMP

Answer 137

3306 -- MySQL

Answer 138

PXE is a utility which can remotely boot a Linux system, using that system's NIC connection.

Answer 139

It is an IaC solution which provisions data centers using JSON. Think of Ansible, Chef, Puppet, etc.

Answer 140

It lists all logged-in users and the processes they are running.

Answer 141

There are 7 fields listed for each line of ls -l.

Answer 142

permissions, number of links, owner, group owner, file size (in bytes), modification date/time, filename

Answer 143

It is used to print formatted text from a file, generally line-by-line with respect to columns.

Answer 144

Example: ls -l | gawk '{ print $1,$9 }' -- This prints columns 1 and 9 from the output of ls -l.

Answer 145

Example: ls -l | gawk '{ print $1,"\t" $9 }' -- This takes columns 1 and 9 of the ls -l output and adds a tab between them.

Answer 146

"sed" = "Stream EDitor"

Answer 147

It edits the output stream of text in a specified manner.

Answer 148

sed -n -- This is an extremely important argument, which removes some of the extra lines from the output text.

Answer 149

sed -n 3,+3p /etc/passwd -- This prints the line #3 and then three additional (+) lines after that in the file.

Answer 150

sed -n 's/root/fred/p' /etc/passwd -- This substitutes instances of "root" for "fred" in the /etc/passwd file.

Answer 151

"tr" = "TRanslate"

Answer 152

tr -d \ -- This deletes all instances of the character set.

Answer 153

tr -s -- This squeezes/replaces the old characters with the new characters.

Answer 154

Example: grep root /etc/passwd | tr [a-z] [A-Z] -- This translates all of the characters in the file from lowercase to uppercase.

Answer 155

The "cut" tool is primarily designed to handle and extract columns from a file.

Answer 156

Example: cut -c 1,3,5 -- This cuts out the first, third, and fifth characters from a file.

Answer 157

Example: cut -d " " -- This specifies the space character as a file's delimiter.

Answer 158

Example: cut -d " " -f1,3 -- This extracts the first and third fields (columns) from a file.

Answer 159

"nl" = "Number Lines"

Answer 160

It adds line numbers to a file.

Answer 161

nl -a -- This adds line numbers to all lines of a file, including blank lines.

Answer 162

"od" = "Octal Dump"

Answer 163

It converts a file to a specific character set.

Answer 164

od -b -- This converts the specified file to an octal dump.

Answer 165

It is used to split a file into smaller parts.

Answer 166

-l and -b -- The "-l" divides a file by n-number of lines and "-b" by n-number of bytes.

Answer 167

split <-l | -b> <#> -- This splits the input file by a specified number of lines or bytes and outputs the individual pieces into multiple files, each with output prefix in the front of it.

Answer 168

It is used primarily to remove consecutive, duplicate lines from a file.

Answer 169

Example: uniq -d lastnames -- This prints only the consecutive lines in the file "lastnames" that are duplicate.

Answer 170

Example: uniq -u lastnames -- This prints only the unique lines in the file "lastnames," omitting duplicates.

Answer 171

netstat gives network information, specifically network connections, the routing table, and interface info. ping tests whether a connection can be made with a server. nc has many uses but specifically performs tests relating to port connections. traceroute displays the routing path of travel it takes to send packets to an external server.

Answer 172

Keywords: - search -- This specifies the domain which should be used to fill out incomplete hostnames. - nameserver -- This defines the IP address of a DNS server.

Answer 173

Example: search mydom.com -- This searches the address "mydom.com" address for completing incomplete hostnames. nameserver 8.8.8.8 -- This specifies the IP address 8.8.8.8 as a nameserver for the server.

Answer 174

Enforcing, Permissive, Disabled

Answer 175

Modes of SELinux: - Enforcing -- This denies access to users from applications/processes based on SELinux policies. - Permissive -- This allows users to access applications/processes, but it sends logs when a user encroaches on SELinux policies. - Disabled -- This wholly disables SELinux on a Linux system.

Answer 176

"Targeted" is the default policy for SELinux. It defines application/process accessibility on an admin-defined, granular level.

Answer 177

Enforce, Complain

Answer 178

Modes of AppArmor: - Enforce -- It permits the minimum amount of permissions for users and applications to interact between each other based on the AppArmor rules. - Complain -- It permits users and applications to run as normal but logs any violation of AppArmor rules.

Answer 179

Example: aa-enforce /etc/apparmor.d/* -- With profiles being defined under the apparmor.d directory, the profiles are only permitted minimum permissions to files and applications.

Answer 180

docker images -- Lists all of the Docker containers on a system.

Answer 181

docker run -d -- This runs a Docker container in the background.

Answer 182

docker run -it -- This runs a Docker container with an interactive terminal. Enter "exit" to exit.

Answer 183

docker start -ai \ -- This attaches a Docker container interactively in order to restart the specified, existing container.

Answer 184

docker stop -- This manually stops the run of a Docker container.

Answer 185

docker rm \ AND THEN docker rmi \ -- The first command removes the container and then the second command removes the container image.

Answer 186

docker attach -- This attaches the specified pod to a running container.

Answer 187

docker commit \ \ -- This creates a Docker image based upon a specified container. This is especially useful for testing versions of a container.

Answer 188

docker logs -- This prints out the logs of a Docker container.

Answer 189

docker port -- This displays port mappings of a Docker container.

Answer 190

docker restart -- This stops and then restarts a specified Docker container.

Answer 191

Example: docker save busybox > busybox.tar -- This saves the specified Docker image “busybox” as a tarball archive.

Answer 192

docker top -- This displays the running processes within a Docker container image like the Linux “top” command.

Answer 193

docker ps -a -- This displays all (“-a”) running and exited Docker containers.

Answer 194

Example: docker attach busybox -- This brings the specified Docker container “busybox” into the foreground.

Answer 195

The “docker run” command will download and create a container if it is not present and then run the container. The “docker start” command will run an existing container on a host.

Answer 196

Network bonding takes the connections from multiple NICs and teams them to provide for a potentially faster network connection by using multiple interfaces instead of just one.

Answer 197

Network bridging provides a connection between multiple networks. This allows devices on different networks to be able to interact with each other.

Answer 198

There are 4 main stages for Linux boot.

Answer 199

BIOS -> [POST -> MBR ->] GRUB -> Kernel/Primary Partition -> Systemd/Stage 2 Bootloader

Answer 200

Stages of Linux Boot: - BIOS -- Initializes hardware. - [POST -- Checks system integrity, including BIOS, and loads MBR.] - [MBR -- Loads the first sector of the primary partition from the partition table.] - GRUB -- Loads the kernel. - Kernel/Primary Partition -- Mounts the root filesystem and loads default.target. - Systemd/Stage 2 Bootloader -- Initializes the system.

Answer 201

ssh-keygen -t -- This generates an SSH key pair in DSA or RSA form.

Answer 202

ssh-copy-id \@\ -- This copies an SSH public key over to a specified client address and into the ~/.ssh/authorized_keys file.

Answer 203

Go to the SSH config file /etc/ssh/sshd_config. Then uncomment and set the “PermitRootLogin” line to “no.”

Answer 204

Go to the SSH config file /etc/ssh/sshd_config. Then uncomment and set the “PasswordAuthentication” line to “no,” forcing users to connect via an SSH key.

Answer 205

fail2ban is an intrusion protection system which dynamically bans IP addresses after they have exceeded a certain number of unsuccessful login attempts.

Answer 206

Netfilter is a security infrastructure tied to the Linux kernel which handles packet filtering as well as address and port translation.

Answer 207

Kubernetes is a platform designed for orchestrating, automating, and scaling the deployment of containers.

Answer 208

dracut -- This command is used to generate initramfs, which is a CPIO archive image used by the kernel to boot the system.

Answer 209

GRUB2 loads the system kernel, vmlinux, and starts the initial RAM disk, initrd, or filesystem, initramfs.

Answer 210

initrd OR initramfs

Answer 211

The primary purpose is to assemble and mount the root filesystem (/) upon boot.

Answer 212

“PVC” = “Persistent Volume Claims”

Answer 213

PVCs are “claim checks” for a given resource to hold and access physical disk space for containers using Kubernetes.

Answer 214

systemd timer file

Answer 215

/etc/systemd/system/\.timer -- Timers ought to be put into the /etc/systemd/system directory in order to be handled by systemd. A “systemctl start \” can be used to activate the file.

Answer 216

The “OnBootSec” field specifies the number of seconds after boot that a job should execute.

Answer 217

The “OnCalendar” field specifies the minute a job should execute. Examples: Sun..Sat *-*-* 20:00:00 OR minutely OR monthly

Answer 218

“telinit” = “Tell Init” -- It tells the init process to perform some action.

Answer 219

The telinit command is used mostly to change runlevels. It communicates with the main init process to perform system tasks. Example: telinit 6 -- Instructs the system to reboot.

Answer 220

The ipset command is used to create a structure set of IP addresses which can be applied to a defined iptables ruleset. The ipset is most useful in conjunction with the iptables command.

Answer 221

ipadm is used to configure a network much like the ip command.

Answer 222

ipadm disable-if -t -- This disables a specified network interface from the configuration. (“enable-if” would likewise enable reenable the interface.)

Answer 223

Example: ipset -A IPBlocks 10.2.1.50 -- This adds the address 10.2.1.50 to the predefined set of addresses called “IPBlocks,” which will be blocked on the specified network.

Answer 224

Example: ipadm set-prop -p extra_priv_ports+=2700 tcp -- This adds Port 2700 as a privileged TCP port which can only be used by root users.

Answer 225

The dmesg command shows log messages for the Linux kernel, including boot messages.

Answer 226

The modprobe command accounts for dependencies, while insmod and rmmod do not.

Answer 227

modprobe install -- This installs the specified module, including its dependencies.

Answer 228

modprobe alias \ \ -- This sets a specified alias for the specified module.

Answer 229

modprobe -r -- This removes a specified module, including its dependencies.

Answer 230

“TLS” = “Transport Layer Security” and “DTLS” = “Datagram Transport Layer Security”

Answer 231

TLS is based upon TCP, being loss-intolerant, and DTLS is based on UDP, which is loss-tolerant.

Answer 232

ps and grep -- It greps the process information of the ps command.

Answer 233

pgrep -l -- This lists a process name and process ID. ("-l" = Lowercase L)

Answer 234

pgrep -u -- This does a search for processes with the specified username.

Answer 235

A stateful firewall looks at network traffic end-to-end, including traffic patterns. It can implement encryption and tunneling.

Answer 236

A stateless firewall is a passive monitor which filters packets, looking at source and destination addresses.

Answer 237

0 (A non-zero value indicates an error occurred.)

Answer 238

File Descriptors: 0 -- STDIN 1 -- STDOUT 2 -- STDERR

Answer 239

/usr/lib/systemd/system – This is where default systemd unit files are held. Custom unit files can be put in /etc/systemd/system to override default files.

Answer 240

The “What” denotes the absolute path of the device to mount.

Answer 241

The “Where” denotes the filesystem path of where the device will be mounted.

Answer 242

The “Type” denotes the filesystem type being mounted.

Answer 243

getfacl -- This displays the ACL permissions for a specified file.

Answer 244

“ACL” = “Access Control List”

Answer 245

setfacl -m u:nathand:r contracts.odt -- This modifies the ACL permissions of the file “contracts.odt,” adding read permissions for the user “nathand.”

Answer 246

firewall-cmd -panic-on -- This causes the system to drop all drop all connections and packets in the case of a firewall emergency.

Answer 247

“DMI” = “Desktop Management Interface”

Answer 248

dmidecode -- This displays the BIOS and key hardware information for a Linux system.

Answer 249

/etc/cron.interval -- This is not a real directory but distinguishes the directories where jobs can be placed to automatically run on an hourly, daily, weekly, or monthly basis.

Answer 250

edquota -u -- This edits the quota for the specified user.

Answer 251

edquota -g \ -- This edits the quota for the specified group.

Answer 252

repquota -- This reports the quota amount for the specified filesystem.

Answer 253

repquota -a -- This reports all the filesystem quota on the system.

Answer 254

quotacheck -cug \ -- This creates user and group quota database files at the specified path.

Answer 255

pkill -KILL -u \ -- This will end all of the processes of a specified user and log them out.

Answer 256

/etc/nologin -- The presence of this file prevents all users, except root, from being able to login to the system.

Answer 257

The rsync command synchronizes and clones copies of files between two servers.

Answer 258

This copies the files under the home directory of the user "cblackwell" on the remote server "192.168.2.42" to the local directory under a folder called "ubuntu_server_files." ("-a" = Archive the files. "-r" = Recursive. "-v" = Verbose output.)

Answer 259

The patch command is used to apply patches to source code files.

Answer 260

patch -p1 -i /usr/akaul/2019-patch -- This applies the patch file /usr/akaul/2019-patch.

Answer 261

The dd command duplicates disk devices or converts their format.

Answer 262

dd if=/dev/sda of=/dev/sdb -- This duplicates the device /dev/sda to the new device /dev/sdb.

Answer 263

auditd is a system monitoring daemon at the kernel level. It is the default logging tool for SELinux.

Answer 264

docker inspect -- This lists configuration details for a specified Docker container image.

Answer 265

Example: lpr printme.txt -- This prints the file “printme.txt” using the lpd printing daemon.

Answer 266

Single-User Mode (Mode 1). On /usr and similar directories, you would need to get into single-user mode in order to fix problems with the disk that users are on with fsck.

Answer 267

The /etc/hosts is a manual resolver file which matches IP addresses to domain names and aliases. It is a manual list of address; it is not produced by DNS. It is the first, default name resolver on a Linux system.

Answer 268

It is a file which can be used to configure a system’s network. It includes whether to allow NETWORKING=, to FORWARD_IPV4, define a HOSTNAME=, and define a remote GATEWAY=, among other things.

Answer 269

It is used to specify the order of which method to use to resolve a domain name. (Example: order hosts, bind -- Check /etc/hosts then DNS.)

Answer 270

setenforce -- This sets the SELinux mode on a system.

Answer 271

getenforce -- This displays the current SELinux mode on a system.

Answer 272

Setting SELinux with Numbers: - setenforce 1 -- This puts SELinux in Enforcing mode. - setenforce 0 -- This puts SELinux in Permissive mode.

Answer 273

/etc/selinux/config

Answer 274

mount -- This lists all of the mounted filesystems on a Linux system.

Answer 275

Example: brctl addbr trilby -- This adds a bridge with the name “trilby” to the network.

Answer 276

Example: brctl addif trilby enp0s9 enp0s10 -- This adds two network interfaces (“enp0s9” and “enp0s10”) to the bridge “trilby.”

Answer 277

“ARP” = “Address Resolution Protocol”

Answer 278

The arp utility is used to map IPv4 addresses to MAC addresses. This makes LANs run faster.

Answer 279

Using the paste command. (e.g., paste file1.txt file2.txt)

Answer 280

paste -d “|” -- This combines two specified files side-by-side with a “|” delimiter.

Answer 281

The ioping command checks the Input/Output (I/O) latency for a disk.

Answer 282

The iostat displays information regarding I/O read and write activity per second as well as total I/O and CPU loads.

Answer 283

iostat -d 2 – This shows the I/O statistics history since the last system boot with a delay (“-d”) of two-second intervals.

Answer 284

iftop -- This brings up an interface, detailing the network traffic on a system every two seconds (like top).

Answer 285

Example: iftop -i eth1 -- This displays the traffic for the interface “eth1.”

Answer 286

“udev” = “userspace /dev/”

Answer 287

udevadm -- This works to query info, monitor, and manage devices on a system.

Answer 288

Example: udevadm info -q property -n /dev/sdb -- This queries (-q) for the property info of the specified device (-n) /dev/sdb.

Answer 289

$0 -- This displays the name of the file (as it is the 0th argument on the command line).

Answer 290

$[n] -- This displays the nth number argument to a script.

Answer 291

/sbin/sfdisk -T -- This shows all partition types and their codes.

Answer 292

Example: sed -i ‘s/File Transfer Protocol/FTP/’ netspecs.doc -- This edits the netspecs.doc file in-place (-i), substituting the instances of “File Transfer Protocol” with “FTP.”

Answer 293

With ln or cp: - Example: ln -s /usr/share/zoneinfo/US/Central /etc/localtime -- This links a time zone file to being the time zone config file /etc/localtime. - Example: cp /usr/share/zoneinfo/US/Central /etc/localtime – This copies over a time zone file to being the time zone config file /etc/localtime.

Answer 294

usermod -L -- This locks the specified user’s account.

Answer 295

hwclock <-s/--hctosys> -- This sets the hardware clock to the current system time.

Answer 296

hwclock <-w/--systohc> -- This sets the system time to the time of the hardware clock.

Answer 297

libvrt -- This daemon manages a list of defined networks for a KVM system. virsh net-list – This command lists the defined networks under libvrt.

Answer 298

systemd-analyze blame

Answer 299

The systemd-analyze blame command lists all of the running units on a system and the time each took to initialize.

Answer 300

“dpkg” = “Debian PacKaGe Manager”

Answer 301

dpkg -i -- This installs a DPKG package.

Answer 302

dpkg -r \ -- This removes a DPKG package, without deleting any config files.

Answer 303

dpkg -l -- This lists all DPKG packages on a system. ("-l" = Lowercase L)

Answer 304

dpkg -L -- This lists all of the files that were installed by a specific package.

Answer 305

dpkg -S -- This identifies which DPKG package installed the specific file.

Answer 306

dpkg -C -- This specifies all of the partially installed packages on a system.

Answer 307

ambassador container

Answer 308

deployment

Answer 309

Spooling data is a buffer file which resides in a system’s storage until an external device can pick up the data in the file. Notably, a printer would use spooling files.

Answer 310

/var -- As spool data should be temporary and could be deleted, depending on the job, it can be placed under this directory as logs and other transient data.

Answer 311

chage -l \ -- This lists password age expiration information for specified username. ("-l" = Lowercase L)

Answer 312

chage -d -- This sets the last changed date for the password of a specified username.

Answer 313

chage -m <#> -- This sets the minimum days for password change of a specified username.

Answer 314

chage -M <#> -- This sets the maximum days for password change of a specified username.

Answer 315

chage -W <#> -- This sets the warn days for password expiration of a specified username. (A negative number will disable the password.)

Answer 316

chage -I \<#\> \ -- This sets the inactive days for password expiration of a specified username. (A negative number states that a password will never become inactive.) ("-I" = Uppercase I)

Answer 317

chage -E -- This sets the expire date for password expiration of a specified username. (A negative number will disable password expiration.)

Answer 318

X11 is a tunneling utility which allows a user to run a remote computer’s GUI from a local machine. It is much like Remote Desktop on Windows.

Answer 319

Local forwarding is a matter of port forwarding from a local client tunneled through a specified port on a remote server as a jump server to a destination machine.

Answer 320

Example: ssh -L 3336:website.server.com:3306 jump.server.com -- This configures an SSH connection from Port 3336 on the local client via the specified jump server (jump.server.com) to Port 3306 on the destination website (website.server.com).

Answer 321

Remote forwarding is a matter of port forwarding from a remote server tunneled through a specified port on a local client as a jump server to a destination machine.

Answer 322

Example: ssh -R 8080:localhost:80 public.kaplan.it -- This configures an SSH connection via Port 8080 from the remote server (public.kaplan.it) via the local client specified as a jump server to Port 80 on the destination machine (in this case, itself – localhost).

Answer 323

env OR printenv

Answer 324

Example: env - /bin/sh -- This runs the command “/bin/sh,” which loads an empty environment where no environment variables are set. (Alternatively, “-i” could be used instead of a hyphen.)

Answer 325

env -u [variable_name] -- This unsets the specified variable, removing it from the list of environment variables.

Answer 326

Example: systemd-tempfiles \--create \--prefix /var/log/journal -- With the directory /var/log/journal manually created, this command takes logs from systemd and elsewhere and saves a copy of the logs in this directory.

Answer 327

/etc/securetty

Answer 328

echo > /etc/securetty -- This will erase all terminal entries listed from the /etc/securetty file.

Answer 329

ifconfig -- The command by itself will show all of the details of the active network interfaces on the system.

Answer 330

Example: ifconfig eth0 -- This brings specified NIC “eth0” to be up or down.

Answer 331

Example: ip link show eth0 -- This displays the MAC address (link) and other details for the specified interface eth0.

Answer 332

useradd -p -- This creates a user with a specifies password. Using the useradd command, the password will not expire.

Answer 333

Example: getsebool cron_can_relabel -- This displays the SELinux Boolean value (on/off) for cron_can_relabel.

Answer 334

Example: setsebool cron_can_relabel -- This sets the SELinux Boolean value for cron_can_relabel to on.

Answer 335

setsebool -P \ \ -- This sets the specified SELinux Boolean value to on or off and makes this setting persistent (-P).

Answer 336

cron_can_relabel

Answer 337

ftpd_full_access

Answer 338

sysadm_exec_content

Answer 339

“lshw” = “LiSt HardWare”

Answer 340

lshw -short -- This lists a shorter output of results for lshw and includes device trees showing hardware paths.

Answer 341

Example: lshw -short -class disk -- This detailed information for all storage devices on the system.

Answer 342

user ID, user ID number, group ID number, secondary groups

Answer 343

last – This shows the recently logged-in users, login time, logout time, and where users authenticated.

Answer 344

Agent-based monitoring involves the use of embedded security monitoring systems on a device. They are usually proprietary and cost more, but they tend to provide greater security than agentless systems.

Answer 345

Agentless monitoring involves data through industry standards, not an embedded software system. Though they are not as robust in security, they tend to be highly performant and cost less than agent-based systems.

Answer 346

Example: chmod a+x MyScript -- This adds execute permissions for all users to the file “MyScript.”

Answer 347

Example: docker build -t mydocker/dockerfiles -- This builds a container image named “dockerfiles” under the user “mydocker.” The -t flag (meaning tag) specifies the username and container name.

Answer 348

docker push \ -- This pushes a specified Docker container image to a Docker hub repository.

Answer 349

docker pull -- This pulls a specified Docker container image from a Docker hub repository.

Answer 350

Example: systemctl mask https.service -- This manually forces a specified service (in this case, https.service) to stop, even if it is a dependency to other services. This is done by setting its unit file to a symbolic link of /dev/null.

Answer 351

systemctl list-units \--type=service \--state=active -- This displays the active systemd service units on the system.

Answer 352

systemctl list-units \--failed -- This displays the systemd units which have failed. (You could also use the option “\--state=failed.”)

Answer 353

The nmap command can be used to map the hosts that are running, services available on each host, and scan open ports on a network.

Answer 354

Example: nmap 183.17.0.0/25 -O -- This scans the specified host 183.17.0.0/25 for its operating system (-O).

Answer 355

chown : -- This changes owning user and group for the specified file.

Answer 356

chown -R -- This sets the owner of the directory and its contents recursively (-R).

Answer 357

The fstrim command is designed specifically for managing storage on SSD devices. It discards unused blocks on a mounted filesystem which can greatly improve device performance.

Answer 358

:e! -- This fully reloads a file from its last save point, deleting any changes made to the file in the vim editor.

Answer 359

klist -v -- This prints out the ticket details of the current Kerberos session, including ticket length, expiration times, and renewal times.

Answer 360

klist -a -- This prints out the addresses for tickets of the current Kerberos session.

Answer 361

Steps: - Reboot the system. - Go to GRUB > Advanced GRUB options. - Set init=/bin/bash. [Boot the system in Rescue Mode.] - Mount the root filesystem in read-write mode. (mount -n -o remount,rw /) - Change the root user’s password. (passwd root)

Answer 362

Subcommands: - semanage boolean -- This enables/disables specified SELinux rule sets. - semanage fcontext -- This manages SELinux context definitions for files. - semanage port -- This allows you to customize port definitions for SELinux.

Answer 363

-s for user AND -a for context permission -- These are important arguments for utilizing the semanage command. Example: semanage login -a -s user_u gosia -- This adds the login mapping for the user (-s) “gosia” with the SELinux “user_u” context (-a).

Answer 364

The audit2allow command is used to produce custom SELinux policies which allow a filesystem action to succeed. To that end, it can create and manage custom policy modules.

Answer 365

Example: audit2allow < /var/log/audit/audit.log -- This displays a suggested SELinux policy change based upon the main auditd log. Example Output: allow useradd_t usr_t:dir write

Answer 366

Example: audit2allow -a -M mypolicy AND THEN semodule -i mypolicy.pp -- This creates a custom SELinux policy module with the name (-M) “mypolicy” based upon all (“-a”) audit logs. The module (“mypolicy.pp”) is then implemented into SELinux by semodule.

Answer 367

A kernel panic is an error event which occurs to prevent data loss and corruption on a system due to an unrecoverable error. This could be caused by software errors, memory overuse, or faulty drivers. This is equivalent to the Windows “Blue Screen of Death.”

Answer 368

chrony -- This synchronizes the time for Linux based upon external NTP server(s).

Answer 369

chronyc tracking -- This displays time server details. (The “Reference ID” will name the time server in use.)

Answer 370

The multipathd daemon provides host-side logic that ensures the redundancy, availability, and high-bandwidth connection between a storage device and a host server.

Answer 371

A Docker volume is a logical partition of storage on a host which Docker can use to share directories with a host. It is also easy to use and share between hosts.

Answer 372

A bind mount and Docker volume both are reserved storage which allows filesharing between Docker container(s) and a host. However, bind mounts are dependent on the host OS and structure, whereas volumes can be fully managed by Docker.

Answer 373

docker volume create \ -- This creates the specified volume for a Docker container.

Answer 374

They – netboot.me and BKO – are both interfaces which use gPXE to boot a Linux over HTTP.

Answer 375

kinit @.com -- This starts a new Kerberos session for the specified user at the specified hostname domain.

Answer 376

Example: at now +10 minutes -- This schedules a job ten minutes in the future. Then, enter the command at the “at>” terminal and press Ctrl+D.

Answer 377

atq -- This displays the queue for the at daemon jobs.

Answer 378

atrm \ -- This removes a specified job from the at daemon queue.

Answer 379

git config \--global user.name \ AND git config \--global user.email \ -- These respectively define the username and email for a Git repository.

Answer 380

initrd is the initial RAM disk for a system. Comparable to initramfs, it is a temporary root filesystem in RAM which is used to load modules and drivers, which are the minimum software needed by the kernel to boot the system. Once the kernel is fully loaded, initrd is unmounted.

Answer 381

System Scheduler -- This is started by initrd and is a part of the Kernel.

Answer 382

/sbin/init -- This reads the /etc/inittab file and has a process of 1.

Answer 383

This file /etc/inittab initializes the system, starting up scripts for various utilities in their proper runlevels.

Answer 384

nice -n -- This runs the specified command at the specified nice_level priority.

Answer 385

Example: renice -n 15 8389 -- This changes the specified process (with PID 8389) to the specified niceness of 15. (The “-n” is optional if the numbers are in order.)

Answer 386

systemctl enable \ OR systemctl disable \ -- The former enables a systemd unit at boot, whereas the latter disables the unit to not turn on at boot.

Answer 387

The blkid command shows the UUID and filesystem type of a specified partition (e.g., blkid /dev/sdb1).

Answer 388

It shows statistics and metadata for a specified fibre channel device (e.g., fcstat fcs0).

Answer 389

“GPT” = “GUID Partition Table” – It is a partitioning scheme for a disk device, where partitioned blocks are accessed with logical block addresses (LBAs).

Answer 390

“GUID” = “Globally Unique IDentifier" -- This is much like a UUID.

Answer 391

“LBA” = “Logical Block Address”

Answer 392

LBA Scheme: - 0 through 34 -- Offset addresses from the beginning of the disk for primary partition entries. - -1 through -34 -- Offset addresses from the end of the disk for back up partition entries.

Answer 393

The htop shows the same information as top but includes color coding, mouse scrolling, and function keys.

Answer 394

sysctl -a -- This displays all of the system tunables for system performance.

Answer 395

/etc/sysctl.conf -- This contains all of the sysctl tunable parameters.

Answer 396

sysctl -a | grep ipv4.ip_forward -- This displays whether IPv4 Forwarding is on or off (1 or 0).

Answer 397

Default values for userid and password aging configuration.

Answer 398

Example: /etc/pam.d/passwd -- This can override password configuration information, such as a password minimum length.

Answer 399

The nftables utility is a firewall designed by the makers of iptables. nftables is intended to fix performance and scalability issues from iptables.

Answer 400

Using the nftables firewall, it allows incoming SSH connections.

Answer 401

The ssh-agent manages SSH keys on a client or server system.

Answer 402

Example: ssh-add ~/.ssh/id_rsa -- This adds the specified key to the SSH agent on the specified system.

Answer 403

Dynamic Port Forwarding is a matter of forward traffic from a local port to an unspecified destination port. The SSH client becomes a SOCKS proxy server, listening for an available destination port.

Answer 404

Example: ssh -D 55555 shah@ssh.server.com -- This connects to the destination host of shah@ssh.server.com from the local port of 55555.

Answer 405

PolicyKit, a.k.a., “polkit,” rules manage authorizations between privileged and unprivileged users and programs like sudo.

Answer 406

The pkexec command allows you to run a command as another user.

Answer 407

Example: pkexec -user allen cat /etc/hosts -- This displays the /etc/hosts file as if it were being run as the user “allen.”

Answer 408

The chcon command changes the SELinux context (user, role, type, sensivity level) of a file or directory.

Answer 409

chcon -R -r unconfined_r -t unconfined_t ./adir -- This recursively (-R) sets the directory “./adir” to be in a role (-r) of “unconfined_r” and type (-t) of “unconfined_t.”

Answer 410

restorecon -- This restores the default SELinux context of the specified file/directory.

Answer 411

It is a heredoc.

Answer 412

Example: cat << RNDI -- The double heredoc allows you to enter input on following lines until a specific character(s) is read. In the example, the user can have lines inputted to cat until the user enters “RNDI.”

Answer 413

Example: cat \<<< ‘hello RNDI’ -- The triple heredoc allows you to enter a whole string to a command. In the example, the string ‘hello RNDI’ is inputted to cat and is then printed out.

Answer 414

Example: echo file{a,b,c} | xargs touch -- The xargs command processes the touch command on each output of echo, therefore creating “filea,” “fileb,” and “filec.”

Answer 415

Example: xargs -I {} -- This uses double braces (“{}”) as a placeholder for the output of a piped command. ("-I" = Uppercase I)

Answer 416

Example: test.filea test.fileb test.filec -- The name of each file is taken as the double braces (“{}”) and renamed with “test.” in front of each.

Answer 417

Example: find * | xargs -p \rm -- This displays the action(s) going to be processed by xargs before it is executed. For instance, the output could be: rm ./filea ./fileb ./filec ?...

Answer 418

It allows you to print the output of a command to the console and to a file. (For Example: cat /etc/hosts | tee filea)

Answer 419

There are eight sets of four hexadecimal digits in an IPv6 address.

Answer 420

Each hex digit of an address is equivalent to four digits in binary. The characters A through F represent 10 through 15, respectively. For example: 0db8 = 0000|1101|1011|1000

Answer 421

Phases: - Bootstrap Phase: BIOS - Bootloader Phase: GRUB - Kernel Phase: Kernel - Initialize System Phase: Systemd

Answer 422

“POST” = “Power-On Self-Test”

Answer 423

The cloud-init command initializes a VM instance located in the cloud.

Answer 424

/etc/cloud/cloud.cfg

Answer 425

“sar” = “System Activity Report” -- The command can used to get performance reports for CPU, I/O, disk, RAM, etc.

Answer 426

sar -A 2 5 -- This displays performance statistics (CPU/RAM/IO/disk) every two seconds with five entries.

Answer 427

Top Metrics: - us = “User” -- The percent amount of CPU time used by user space processes to do high-level tasks. - sy = “System” -- The percent amount of CPU time used by the kernel to do low-level tasks. - ni = “Nice” -- The percent amount of CPU time used by processes with a positive/low-priority niceness value. - id = “Idle” -- The percent amount of CPU time that is not actively being used. - wa = “Iowait” -- The percent amount of CPU time waiting for input/output operations. - hi = “Hardware Interrupt” -- The percent amount of CPU time used for servicing hardware interrupts. - si = “Software Interrupt” -- The percent amount of CPU time used for servicing software interrupts. - st = “Steal” -- The percent amount of CPU time stolen by a virtual machine to run virtual CPUs.

Answer 428

“MBR” = “Master Boot Record”

Answer 429

Logical partitions under the fourth primary partition. This is Extended Master Boot Record (EMBR).

Answer 430

MBR Sections: - Boot loader - Partition table - Disk signature

Answer 431

Example: sealert -a /var/log/audit/audit.log -- This displays the alerts from the main auditd log file for SELinux. The “-a” is to analyze the specific log file.

Answer 432

sealert -l \ -- This retrieves an SELinux alert based upon the specified alert ID. If the alert ID is an asterisk (“\*”), then all alerts are returned. (-l = Lowercase L)

Answer 433

Example: audit2why < /var/log/audit/audit.log -- This audits and displays why an issue occurred with SELinux based upon the main auditd log file SELinux.

Answer 434

Example: select /dev/sdb -- This select the disk “/dev/sdb” to be edited. If a partition is not specified, parted will use the first partition (i.e., /dev/sda), which can be dangerous.

Answer 435

parted -l -- This lists out all of the partition layouts for all block devices. (-l = Lowercase L)

Answer 436

partprobe OR partprobe -- With or without the specific partition path defined, the partprobe command will manually add any new partition changes to the partition table.

Answer 437

The gdisk command is used to manage GPT partitions. It can also manage partition tables, such as converting an MBR partition table to a GPT partition table.

Answer 438

swapon -s – This displays a listing of all of the swap partitions and swap files in use.

Answer 439

Example: grub2-mkconfig -o /boot/grub2/grub.cfg -- This (re)creates the GRUB2 config file with any changes made to /etc/default/grub or /etc/grub.d/40_custom.

Answer 440

The /etc/grub.d/40_custom is a template file for customizing the boot menu options for GRUB2.

Answer 441

Example: grub2-install /dev/sda -- This installs the GRUB2 bootloader onto disk /dev/sda.

Answer 442

Orca is a screen reader designed to help the visually impaired.

Answer 443

“GOK” = “GNOME Onscreen Keyboard”

Answer 444

SysVinit Commands: - accept -- Accept print jobs. (Replaced by cupsaccept.) - reject -- Reject print jobs. (Replaced by cupsreject.) - enable -- Enables a printer. (Replaced by cupsenable.) - disable -- Disables a printer. (Replaced by cupsdisable.)

Answer 445

CUPS Commands: - cupsaccept -- Accepts print jobs in CUPS. - cupsreject -- Reject print jobs in CUPS. - cupsenable -- Enables a printer in CUPS. - cupsdisable -- Disables a printer in CUPS.

Answer 446

cancel -- This cancels a specified print job or all print jobs in a specified queue.

Answer 447

Example: lpmove tty2printer tty3printer -- This has the printer queue of jobs moved from printer “tty2printer” to printer “tty3printer.”

Answer 448

Example: lpstat -p tty2printer -- This prints the status of a specified printer.

Answer 449

Example: lpstat -P tty2printer -- This prints the status of a specified printer queue.

Answer 450

lpstat -o -- This prints the status of all jobs in all print queues.

Answer 451

The set command displays all of the shell variables in the current process.

Answer 452

Set Settings: - Example: set -o noclobber -- This turns ON the noclobber setting. - Example: set +o noclobber -- This turns OFF the noclobber setting.

Answer 453

unset \ -- This will delete the variable from the current process.

Answer 454

declare -p \ -- This will display the properties of a specified variable.

Answer 455

export -p -- This prints all of the variables which have been exported within the Linux shell.

Answer 456

Example: updatedb -U /home/user1 -o /home/user1/locatedb -- This produces a locate command database file called “locatedb” for the files in the user “user1’s” home directory subtree (-U).

Answer 457

You need to add an entry for the encrypted device in the /etc/crypttab file and then an entry in the /etc/fstab file.

Answer 458

/etc/dhcp/dhclient.conf

Answer 459

dhclient -r AND THEN dhclient -- The first command releases the IP address currently assigned to the system. The second command renews the IP address that was in use.

Answer 460

The free displays the total amount of memory and swap space that is available and used.

Answer 461

X Server Commands: - xwininfo -- This displays information about open windows on an X server desktop. - xdpyinfo -- This displays information on the capabilities of an X server.

Answer 462

Gnome, Unity, Cinnamon, MATE, KDE

Answer 463

sysctl -w net.ipv4.ip_forward = 1 -- This writes (“-w”) the “net.ipv4.ip_forward” parameter to being enabled (“1”).

Answer 464

The uname command shows the kernel information for a system. (Probably derived from “Unix NAME.”)

Answer 465

uname -a -- This displays all of the system information for a system, including kernel name, OS, machine, etc.

Answer 466

uname -o -- This displays the operating system of a system.

Answer 467

Example: unzip -v filename.zip -- This unzips the compressed file “filename.zip” with verbose output (“-v”).

Answer 468

xz is a compression tool on Linux systems, alongside zip, gzip, and bzip2.

Answer 469

/etc/systemd/journald.conf

Answer 470

Example: zip -r filename.zip ./dir – This recursively (“-r”) compresses the directory “dir” under the compressed archive file “filename.zip.”

Answer 471

yum/dnf remove \ OR yum/dnf erase \ -- This uninstalls the specified package and its dependencies on the Red Hat system.

Answer 472

yum/dnf autoremove -- This removes packages that were installed as dependencies of other packages but are no longer in use by any packages.

Answer 473

yum/dnf clean all -- This removes and cleans up all cached Red Hat packages and metadata.

Answer 474

Example: ip route get 192.168.10.10 from 10.0.0.10 -- This tests the signal from the source of 10.0.0.10 to the destination 192.168.10.10.

Answer 475

dnf history -- This details a history of all Red Hat package actions (installs, upgrades, uninstalls, etc.) in DNF.

Answer 476

Example: yum/dnf list available kernel* -- This lists all available Red Hat packages that start with the term “kernel.”

Answer 477

The yum/dnf update command is used to apply updates to all packages on the system. The yum/dnf upgrade command does the same thing but also removes all obsolete packages.

Answer 478

yum/dnf update -- This command *applies* updates to YUM/DNF packages like “apt get upgrade” does to APT packages. (The yum/dnf upgrade command could also be an answer, but it removes obsolete packages as well.)

Answer 479

RPM Commands: - rpm -U -- This upgrades (and if needed installs) RPM packages as well as any new operating system packages. - rpm -F -- This upgrades just the installed RPM packages on a system.

Answer 480

Example: rpm -V mysql-server -- This verifies (“-V”) that the specified package “mysql-server” matches the information from the package database.

Answer 481

RPM Commands: - rpm -i \ -- This installs a specified RPM package file. - rpm -e \ -- This erases/uninstalls a specified RPM package file.

Answer 482

Example: rpm -qR gimp -- This queries (“-q”) for RPM package information. In this example, the “-R” searches for dependencies of the package “gimp.”

Answer 483

Example: tar -cf book_backup.tar /Books -- This creates the uncompressed tarball “book_backup.tar” out of the “/Books” directory.

Answer 484

Example: tar -czvf book_backup.tar.gz ~/Books -- This creates the compressed tarball “book_backup.tar.gz” from the “~/Books” directory. (“-c” = Create a tarball. “-z” = Compress it with gzip. “-v” = Produce verbose output. “-f” = “Specifies the name of the tarball.”)

Answer 485

gzip -c -- This prints out the compressed form of a specified file to STDOUT, without changing the file.

Answer 486

Example: tar -xzvf book_backup.tar.gz -- This extracts the compressed tarball “book_backup.tar.gz” and puts the output in the present directory. (“-x” = Extracts contents of tarball. “-z” = Decompress it with gzip. “-v” = Produce verbose output. “-f” = “Specifies the name of the tarball.”)

Answer 487

gzip -v -- While (de)compressing a specified file, the verbose (“-v”) output will include the name and reduction percentage for each file (de)compressed.

Answer 488

gzip -d .gz OR gunzip .gz -- This decompresses/unzips the specified GZIP file.

Answer 489

This finds all of the files under the directory “/shared_data” which have been modified (“-mtime”) more than 90 days ago and deletes them. (The “\;” designates the end of the exec command.)

Answer 490

sysctl -p \ -- This loads and implements the configuration from the specified configuration file to the sysctl utility.

Answer 491

The $DISPLAY environment variable is used to point to the IP address and screen number of a system in order to enable X11 Forwarding to that system.

Answer 492

The $USER variables shows the username of the currently logged-in user.

Answer 493

The $PATH variable shows the directories where the system looks for executable files.

Answer 494

The $EDITOR variable shows the default environment text editor for the Linux system.

Answer 495

The $TEMP variable shows the directory location for temporary files.

Answer 496

visudo -- This brings the /etc/sudoers file into a vi editor interface.

Answer 497

visudo -c -- This checks the /etc/sudoers file for syntax errors and sudo rule validity.

Answer 498

visudo -f \ -- This specifies a specified file as an alternate sudoers file and will bring up a vi editor interface to edit that interface.

Answer 499

The line means that the user named “amos” will have permission to execute the “kill” and “lprm” commands. However, he won’t need a password for “kill” and will need a password for “lprm.”

Answer 500

docker image prune -a -- This prunes/deletes all (“-a”) dangling Docker images on a system that are not associated with a specific container.

Answer 501

dnf history undo last -- This undoes the installation of the last transaction done by DNF. The “last” keyword is a transaction ID for the last transaction in the DNF history.

Answer 502

The strace command is used to monitor and manipulate system calls between processes and the Linux kernel. (Example: strace -p 26380)

Answer 503

Example: ssh -i “my-key.pem” root@10.0.10.15 -- This specifies to connect to the root user on host 10.0.10.15 with the identity key (“-i”), which is an SSH private key.

Answer 504

The /etc/netplan file configures a network based upon a set of YAML files under /etc/netplan/*yaml.

Answer 505

netplan generate -- This produces a basic netplan configuration file under /etc/netplan.

Answer 506

netplan try -- This tests the configuration of /etc/netplan and checks whether it is valid without putting it into action.

Answer 507

netplan apply -- This applies the configuration set by /etc/netplan and puts it into action, restarting any processes needed.

Answer 508

You set the priority setting in the filesystem type field of /etc/fstab. Example: /dev/sda3 swap pri=60 defaults 0 0

Answer 509

Example: mkswap /dev/sdb2 -p 60 -- This creates a swap partition from /dev/sdb2 with a priority (“-p”) of 60.

Answer 510

600 -- With root as the owner, a swap file should only have read and write access to root.

Answer 511

fuser -vm \ -- This specifies all users and processes using a specified filesystem at the present time.

Answer 512

Example: dumpe2fs -h /dev/sda3 -- This displays the superblock for the specified filesystem /dev/sda3.

Answer 513

dumpe2fs \ -- This displays metadata and statistics for a specified filesystem based upon the information stored in the filesystem’s superblock and block groups.

Answer 514

xfs_admin -- This command modifies parameters for an unmounted XFS filesystem, including allowing you to creating a label for a filesystem.

Answer 515

The xfs_info command displays XFS filesystem geometry, such as inode size and block size.

Answer 516

Example: gpasswd -a jimdoe Marketing -- This adds the user “jimdoe” to the group “Marketing.”

Answer 517

Example: gpasswd -A juliedoe Sales -- This adds the administrative user “juliedoe” to the group “Sales.”

Answer 518

Example: gpasswd -d jimdoe Marketing -- This deletes the user “jimdoe” from the group “Marketing.”

Answer 519

The newgrp command changes the current user’s group to a specified group for just that login session. (e.g., newgrp adm -- Changes group to “adm.”)

Answer 520

groupmod -n \ \ -- This change the name (“-n”) to a specified new name.

Answer 521

The UIDs 0-99 are administrative user accounts reserved and created by the OS rather than by any application.

Answer 522

useradd \<-r|\--system\> \ -- This creates a nonprivileged user account for a system service. It applies the needs of a user account for the service, but there is no login and no home directory.

Answer 523

In /etc/passwd, the default shell of a system account is either /sbin/nologin or /bin/false. Both of those “shells” prevent login.

Answer 524

SU Differences: - su \ -- Changes UID, primary group ID, and home directory to the specified user’s account. - su - \ -- Beyond UID, GID, and directory, it also reads the user’s profile and config, fundamentally becoming exactly like the specified user.

Answer 525

useradd -D -- This displays all of the default variables under /etc/default/useradd.

Answer 526

useradd Options: - useradd -Db \ -- This changes the HOME variable to the specified directory (e.g., “/home”). - useradd -De \ -- This changes the EXPIRE variable to a specified date.

Answer 527

Example: tcpdump -i ens33 -v -- This dumps traffic packets going through the specified network interface “ens33” with verbose (“-v”) output.

Answer 528

resolvectl status -- This displays all of the DNS addresses configured on the system found /etc/resolv.conf.

Answer 529

Example: resolvectl query www.google.com -- This does a domain lookup of the hostname FQDN www.google.com.

Answer 530

dig -x \ -- This does a reverse lookup, finding the domain name from the specified IP address.

Answer 531

Example: whois www.google.com -- This looks up and lists the name, phone number, and address for a specified domain name.

Answer 532

The host command is a basic domain lookup tool much like dig but quicker and with less detail.

Answer 533

/bin, /lib, /lib{32,64,etc.}, /sbin (Ex: /bin -> /usr/bin)

Answer 534

stat -- This displays file metadata, such as inodes, links, and modify dates.

Answer 535

File Dates: - access -- The date specifies the last time the file was accessed. - modify -- The date specifies the last time the file’s content was modified. - change -- The date specifies the last time the file metadata was changed (e.g., owner change).

Answer 536

Example: mkdir -p ~/temp/backups/daily -- This creates all of the directories of the path (“-p”) temp/backups/daily under the home directory.

Answer 537

It displays the file type of a specified file.

Answer 538

Example: \rm file1 -- The backlash (“\”) indicates that the command should be run “as-is” – without any alias it may be linked to. In this case, “rm” is typically linked to “rm -i," so it will just be run as “rm.”

Answer 539

ufw status -- This displays the UFW firewall rules that are enabled on the system.

Answer 540

Example: ufw allow https -- This allows HTTPS traffic on the host.

Answer 541

Example: ufw deny 23/tcp comment “Deny Telnet” -- This denies traffic on TCP port 23, adding the comment “Deny Telnet” for the rule.

Answer 542

/etc/default/ufw -- This is the default config file with default rules for ufw. /etc/ufw/*.rules -- Adding .rules files under /etc/ufw will override the default ufw rules.

Answer 543

mount -a -- This mounts all filesystems listed in /etc/fstab.

Answer 544

mount -l -t ext4 -- This lists (“-l”) all mounted filesystems of type (“-t”) EXT4.

Answer 545

umount -a -- This unmounts all filesystems listed in /etc/fstab.

Answer 546

umount -f -- This unmounts the specified filesystem forcefully (“-f”), even if the device is busy.

Answer 547

umount -l -- This does a lazy (“-l”) unmount of a filesystem, where the filesystem is detached immediately but references are cleaned up when the filesystem is not busy. ("-l" = Lowercase L)

Answer 548

umount -n \ -- This does a dry run of an unmount, showing what would be done without actually unmounting the filesystem.

Answer 549

umount -r \ -- This specifies that if an unmount for the filesystem is unsuccessful, then it will look to remount the filesystem in read-only (“-r”) mode and try again.

Answer 550

resize2fs \ -- This resizes the filesystem to match the size of a partition or LVM which has shrunk or grown in size.

Answer 551

The e2fsck command is used to run fsck on EXT2, EXT3, and EXT4 filesystems to repair them.

Answer 552

e2fsck -f -- This forces “-f” a filesystem check on the EXTn filesystem specified.

Answer 553

The screen command pulls up a new terminal screen interface which allows you to run multiple terminals at one time. It works like having multiple tabs open.

General CompTIA Linux+ Questions Flashcards

This is a bunch of questions that cover a lot of knowledge I expect to be on the CompTIA Linux+ exam. (600 cards)