Linux

linux_shell

Exam Structure

nmtui -1
lvm -2
shared directory -1
users and groups -1
setfacl - 1
selinux -1
find -1
grep -1
tar -1
firewall -1
time sync -1
crontab -1
kernel -1
password reset - 1
swap - 1
yum -1
containers - 1
nfs -1
Package manager - 1

Users, Groups and Passwords

Linux_Users

/etc/passwd
/etc/shadow
/etc/groups
/etc/skel
 
id
 
useradd
usermod
userdel
passwd
chage
 
groupadd
groupmod -U anna,lisa -a students
groupdel
lid -g groupname

User-Sessions

#to show processes owned by a specific user
ps -u <username>
 
#to remove processes owned by a specific user
pkill -u <username>
w
 
 
loginctl list-users
loginctl user-status <UID>
loginctl terminate-user <Username>
 
loginctl list-sessions
loginctl terminate-session <Session>

linux_user_sessions_and_processes

Processes

cgroups shouldn’t have defined for the proceses
Use nice when starting a process to set a preferred priority.
Use renice to adjust the priority of critical processes in real-time.

nice -n <niceness> <command>
renice <niceness> -p <PID>
renice <niceness> -u <username>
renice <niceness> -g <groupname>

sysctl -a
sysctl vm.happiness
 
/proc/sys
# Files processed by sysctl --system: 
/etc/sysctl.d/10-network.conf # Loads first 
/etc/sysctl.d/99-kubernetes.conf # Loads second (overrides if conflicts) 
/etc/sysctl.conf # Loads last (highest priority)
 
sysctl -p /etc/sysctl.d/swappiness.conf
sysctl --system # same as sysctl -p but load all configurations
 
 
/etc/tuned
/etc/tuned/main.conf   reapply_sysctl = 0
/etc/tuned/profiles/<profile>main.conf

yum install tuned
tuned-adm list
tuned-adm profile <profile>
tuned-adm active
tuned-adm recommend
 
tuned-adm off
tuned-adm active

Permissions

chmod 3770 <directory>
chmod g+s <directory>
chmod +t <directory>
 
chown user:group <file/directory>
 
visudo
 
setfacl -m u:username:rw file.txt
setfacl -m g:groupname:rw file.txt
setfacl -m d:g:groupname:rw file.txt #default permissions
setfacl -x g:groupname:rw file.txt
 
sudo chattr +i /home/user/important_file.txt
lsattr /home/user/important_file.txt

Selinux

semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
semanage fcontext -a -e /home /home1
restorecon -R -v /web

semanage port -l
semanage port -a -t http_port_t -p tcp 81
semanage port -a -t ssh_port_t -p tcp 8991

getsebool -a
setsebool -P <boolean> on
semanage boolean -l -C

setenforce 0
grep AVC /var/log/audit/audit.log
dnf install selinux-policy-doc
journalctl | grep sealert

SELinux
SELInux_Questions
context
port
bool
troubleshhoting

File Modifications

grep
sed
awk
find command
xargs

Task Scheduling

crontab -e -u <user>
crontab -l
crontab -r

Storage

lsblk
cat /proc/partitions
fdisk -l /dev/sda

SSH

ssh-keygen
ssh-copy-id root@host
 
ssh-agent /bin/bash
ssh-add
 
ssh -X root@host
ssh -Y root@host
 
vim /etc/ssh/ssh_config
vim ~/.ssh/ssh_config

https://youtu.be/WDDkDw3LI3U

Firewall

Automount (NFS)

dnf install -y nfs-utils

mkdir -p /nfsdata /home/ldap/ldapuser{1..9}

echo "/nfsdata *(rw,no_root_squash)" >> /etc/exports
echo "/home/ldap *(rw,no_root_squash)" >> /etc/exports
systemctl enable --now nfs-server

for i in nfs mountd rpc-bind; do firewall-cmd --add-service $i --permanent; done

firewall-cmd --reload

Link to original

yum install -y autofs
showmount -e nfsserver
mount nfsserver:/share /mnt
 
 
vi /etc/auto.master
/data /etc/auto.nfsdata
 
 
cat /etc/auto.misc
vi /etc/auto.nfsdata
 
files -rw nfsserver:/nfsdata
* -rw nfsserver:/home/ldap/&
 
systemctl enable --now autofs

Link to original

autofs

Others

ls -il
ln original_file hard_link
ln -s target_file symbolic_link

tar cvf archive_name.tar otherfiles
tar tvf archive_name.tar otherfiles
tar xvf archive_name.tar otherfiles
 
#compression
tar czvf archive_name.tgz otherfiles
tar cjvf archive_name.tar.bz2 otherfiles
tar cJvf archive_name.tar.xz otherfiles # slow maximum compression

check file/folder sizes in the current directory

du -sh **

Boot Procedure

systemctl list-units --type=target #check available targets
systemctl get-default #check default target
systemctl list-dependencies #list the depnedices of current target
systemctl list-dependencies <target>#list the depnedices of specified target
systemctl set-default multi-user.target #change the default target
systemctl isolate rescue.target #change the target without rebooting
sysctemctl cat sshd.service # see which target the service is required (wanted by)

Link to original

Troubleshooting

Using Troubleshooting Modes
Changing the Root Password
Using the Boot Debug Shell
Troubleshooting Filesystem Issues
Fixing Network Issues
Managing Performance Issues
Troubleshooting Software Issues
Fixing Memory Shortage

 
grub --> init=/bin/bash
mount -o remount,rw /
passwd root
touch /.autorelabel
exec /usr/lib/systemd/systemd
 
ip addr show
ip route show
ping 8.8.8.8
 
cat /etc/resolv.conf
ping google.com
dig google.com

Linux_Troubleshootin_examples

Shell Scripts

Configuring Time Services

hwclock
date
hwclock --systohc
hwclock --hctosys
timedatectl
 
yum install chrony
vi /etc/chrony.conf       server <ip> iburst
systemctl restart chronyd
chronyc sources -v
timedatectl set-ntp true

time_services

Running HTTP Services

Apache (httpd) is a common web server on Linux
Nginx is another common web server
The main httpd configuration file is /etc/httpd/conf/httpd.conf
Additional drop-in files can be stored in /etc/httpd/conf.d/
The default DocumentRoot is /var/www/htdocs
Apache looks for a file with the name index.html in this directory

Applying network security

ss -tulpn
 
systemctl status firewalld
firewall-cmd --list-all
firewall-cmd --get-services | grep http
firewall-cmd --add-service http --permanent
firewall-cmd --reload