101 Exam Flashcards
Regular File System
Method of laying out files and folders on a physical hard disk
Two primary psuedo file system locations
/proc
/sys
Linux Kernel
- Core framework of the OS
- Handles memory management and hardware device interactions
- Many third-party kernel modules are device drivers
uname
displays information about current running kernel
uname -m
prints machine hardware name
uname -rm
brings up kernel release version with hardware name
uname -a
brings up OS, host name of the server, kernel release version, build time of the kernel, machine architecture, cpu type, and the OS label
modprobe
used to dynamically load and unload kernel modules at runtime
modprobe -r
used to remove a kernel module
modprobe (name)
used to add a kernel module
xfs module
used by kernel to know how to work with the PC’s file system
/udev
device manager for the Linux kernel, links information on system.
lspci
- displays information on PCI devices attached
- should the kernel not recognize a device, it will show up here and contain information that can be used to find drivers/modules
lsusb
displays information on USB devices attached
lsblk
lists hard disk and partition
procfs
Information about system hardware and the state of the system is contained in this
‘pseudofilesystem’
/proc
- Usually where the procfs filesystem is mounted.
-Within this directory, you will find directories that correspond in label (number) to the
associated PID (Process ID) of running processes
/proc/mounts
file (or link to another file) that contains information on all the
filesystems that are mounted locally
/proc/interrupts
shows information about the interrupts in use in the system
and what they are associated with (the hardware that is using them)
/proc/ioports
one or more addresses that identify a device, and the kernel module associated with them
/proc/dma
(Direct Memory Access), values used by hardware to access system memory directly (i.e. without involving the CPU)
/proc/usb
USB device IDs and kernel modules associated with them
/proc/pci
PCI device IDs and kernel modules associated with them
sysfs
- ‘pseudofilesystem’ that can contain information about system hardware (like procfs)
-designed to address some of the problems with the procfs method (unstructured data and
the fact that both hardware and process information was consolidated in the structure)
/sys
- Where the ‘sysfs’ filesystem is mounted
-Within this directory, you will directories that correspond to system hardware and kernel
modules associated with the system (physical or virtual)
-process data (PID) does NOT exist in this method
/dev
-contains device data (using the information from /sys or sysfs)
- Devices added or removed on a live system will engage the udev system which will detect
and configure it and then make it available for use (often called ‘hotplug’ or ‘hotswap’)
D-Bus
-send data messages between applications
udev utilizes dbus to notify user and the system when new hardware is attached
-Allows desktop applications to send messages to other applications and/or receive
messages from the Linux kernel
lsmod
- displays a listing of all currently loaded kernel modules
- Will not load a driver if missing
lscpu
displays information on processors on a system
lscpu -a (–all)
will display offline and online CPUs
lscpu -b (–online)
only online CPU information
lscpu -c (–offline)
only offline CPU information
lscpu -e (–extended)
display information in a more readable format
lscpu -p (–parse)
provides the information displayed in a comma delimited form (that can be
logged and used by other applications for reporting)
lsscsi
- displays information on any SCSI devices detected
- some distros will display SATA devices connected
lsscsi -c (–classic)
output is the same as running cat /proc/scsi/scsi
lsscsi -d (–device)
provides additional ‘major/minor’ device numbers behind each detected device
lsscsi -g (–generic)
generic SCSI device file name (sg)
lsscsi -l (–long)
additional information for each device
lsscsi -s (–size)
print the disk size in a more readable format
lsscsi -v (-vv or -vvv)
controls the level of detail (verbosity)
lsdev
Shows all the devices that are recognized by the running system kernel
lsraid
• Displays any RAID (Redundant Array of Inexpensive Disks) on your system
• not installed on most systems, unavailable outside of some RAID drivers/configuration
software
lsusb -t
- tells you which device is attached to which controller
- displayed in a tree view
lsusb -s
shows the specified bus and device number information
lsusb -d [vendor]
show only devices with the indicated vendor and product ID
lsusb -v
verbose device output
lsblk -a (–all)
list empty devices as well (off by default)
lsblk -d (–nodeps)
print only top level device information
lsblk -e (–exclude)
exclude the indicated devices (one or more, comma separated)
lsblk -f (–fs)
include information on filesystems
lsblk -i (–ascii)
use ASCH characters for tree view
lsblk -l (–list)
output list format
Pseudo File System
- Does not exit on a physical hard disk
- pseudo - “fake” or “not real”
- only exists in RAM while system is running
- cleared upon a reboot
dri
- Direct Rendering Interface
- pertains to the video cards attached to the system
lspci -k
lists out which components of the hardware are being used with which particular kernel modules
lspci -v (or -vv or -vvv)
be verbose and list more detailed information about all devices
General boot order 1
Power on
General boot order 2
BIOS loads ( modern systems includes EFI)
General boot order 3
BIOS find and hands off to the primary (or chosen) disks ‘boot sector’
General boot order 4
Boot sector provides the MBR (Master Boot Record), within the first 512 bytes of the active (or
first, depending on installation) drive (can be any type of hard drive)
General boot order 5
Boot loader is executed
General boot order 13
Modules indicated within the init scripts are loaded
General boot order 14
root filesystem is checked
General boot order 15
remaining filesystems are mounted
General boot order 16
network devices are started
General boot order 17
remote filesystems are mounted (if configured)
General boot order 18
init process re-reads /etc/inittab and changes to the default runlevel indicated and
executes the appropriate scripts
General boot order 19
runlevel scripts executed in numeric order (#service for the runlevel indicated in /etc/
inittab)
General boot order 20
tty sessions are loaded as listed in /etc/inittab
General boot order 21
Login prompt is displayed, system is ready for login
General boot order 12
/etc/inittab is read and the appropriate runlevel script(s) are run
General boot order 11
The init program is loaded (and becomes the first PID - /sbin/init)
General boot order 10
root filesystem is mounted
General boot order 9
Device initialization, module loading, and the initial RAM disk (initrd) is loaded
General boot order 8
linux kernel is read and executed
General boot order 7
USER INPUT STEP
depending on boot loader configuration, the user may be able to choose
from a menu of potential boot types/kernel versions or allow the default to proceed
General boot order 6
LILO/GRUB/GRUB2 boot loader begins
sysvinit
- older system and service management
- init script driven
- written by Miquelvan Smoorenburg
init (initialization)
- based off of the system V init used in UNIX systems
- services start one after the other
- static. does not natively respond to changes on a system
inittab: wait
process specified will be started once when the runlevel is entered, and init will wait for its termination.
Red Hat init script
/etc/rc.d/
Debian init script
/etc/init.d
/etc/init.d/rc
script that orchestrates how the runlevel scripts run and what occurs when a runlevel changes
upstart (background)
- first developed for Ubuntu in 2006 by Scott Remnant
- started in Ubuntu 6.10
- Eventually used in Red Hat 6, Debian, and Fedora 9
upstart
- offers asynchronous starting of services - decreasing boot up times
- works off real-time events
- stops and starts services, and monitors their availability
- considered easily extensible
- not used by most distros
- dynamic. can respond to changes on the system
- supports all sysvinit methods but not systemd methods
init Runlevel 3
- Multi-user mode but with networking.
- most linux servers are set up to run at this level by default.
init Runlevel 2
- Multi-user with no networking
- No remote file systems mounted
init Runlevel 6
- Reboot
- where init stops services and restarts the system.
init Runlevel 5
Multi-user but with networking and GUI.
Older Linux webstations set to run on this by default.
init Runlevel 4
typically not used but available should a system administrator want to set up a custom run level environment.
init Runlevel 1
- single user mode
- only root user allowed to log in.
- primarily used for maintenance tasks and repair functionality
init Runlevel 0
- halt or shutdown level
- where init runs scripts that stop services and powers off the system.
systemd
- removed the need for shell scripts
- replaces the functionality of scripts with compiled C code
- still compatible with older System V scripts
- default on most modern distros
- designed to replace sysvinit method
- fewer dependencies
- service prioritization and precedence
- reduces start up time
Unit File Locations:
/usr/lib/systemd/system
- the ‘units’ installed
- provided by package installations (do not edit these unit files)
Unit File Locations:
/etc/systemd/system
units that have priority over other units and are controlled by
sysadmin
Unit File Locations:
/run/systemd/system
units created at runtime and may have priority over non-runtime (or installed) units
systemctl
primary command for controlling service start/stop/restart/status
system-analyze
display performance information on system bootup, allows for
trace/debugging information
logind
replaces consolekit, supports X Windows managers
consoled
console daemon, replaces virtual terminals
journald
logging system, uses binary logs (although it can be replaced by other logging
daemons)
networkd
network support daemon
.service
system service
.swap
swap device or file
.socket
IPC socket
.target
unit (one or a group of)
.snapshot
saved state instance of the systemd manager
.slice
units grouped together in a hierarchy used to manage processes
.timer
timer
.mount
mount point on the file system (local or remote)
.automount
automount point on the filesystem
.scope
externally created process
.path
file or directory on file system
.device
device in use by the system kernel
systemd runlevel 0
- poweroff.target
- shutdown the system
systemd runlevel 1
- rescue.target
- single user/rescue shell
systemd runlevel 2,3 and 4
- multi-user.target
- non-graphical, but full network, multi-user
systemd runlevel 5
- graphical.target
- full graphical desktop, multi-user
systemd runlevel 6
- reboot.target
- reboot
Service target dependencies
• Method of indicating dependencies between units or groups of units on the system
Service target dependencies - requires
• Only after the requirement is met, will any other ‘wanted’ units be started
Service target dependencies - wants
Only executed upon completion of ‘requires’ units
systemd boot process changes
- /etc/inittab is not read (and is no longer in use)
- ‘default.target’ is started (which is linked to the current ‘default’ target - multiuser, graphical, etc)
- A tree of ‘requires’ and ‘wants’ is then followed throughout the process
runlevel (command)
displays the current runlevel (and the previous, if available)
systemctl get-default
displays the current default runlevel target
systemctl set-default [new.target]
- Will set the default runlevel target to the indicated value
- Creates a link from ‘default.target’ to the indicated target
systemctl list-units –type=target
list all the active system targets
systemctl isolate [runlevel.target]
Allows you to set the runlevel of the system without changing the default
Components of the Unit File
-unit files follow the INI style format first seen in MS-DOS
lspci -m (-mm)
displays the PCI device information in a more “easily parseable” format
lspci -vm
nicely formatted listing of all PCI hardware on the system
lspci -t
displays a tree view of the PCI devices on the system
lspci -tvm
associate the device names with the IDs in a tree view
PCI
- Peripheral Component Interconnect
- PCI device is any piece of computer hardware that plugs directly into a PCI slot on a computer
Commands to view output from kernel ring buffer
- dmesg - legacy command
- journalctl -k viewed within the systemd journal
/sbin/init
binary used to bring up the rest of the system and start services
Boot order overview
- BIOS
- Boot sector (w/ Boot loader)
- Kernel
- Initial RAM disk
- Device initialization
upstart: Task
will do what is requested and will return to a waiting state once finished
upstart: Service
Will not stop by itself
upstart: Job state
condition at one point in time
upstart: Waiting
initial state of a job
upstart: Starting
job itself is about to start
upstart: Stopping
interim state where job has processed a section of it’s configuration known as prestop
upstart: Killed
where job is actually stopped
upstart: Post-stop
where job has completely stopped and goes in waiting state
upstart: Respawning
- occurs when something goes wrong when job is running and quits unexpectedly
- upstart will attempt to respawn a job up to 10 times at 5 second intervals
sysvinit: change runlevel
- telinit or init (followed by runlevel)
- must be root user
- telinit is legacy command
sysvinit: pull default runlevel
cat/etc/inittab
sysvinit: change runlevel during restart
- press any key during boot process
- press “a” in GRUB menu
- type run level number to use
reboot (command)
reboot system
shutdown -h
halt the system (shut it down)
shutdown -r [specifictime]
reboot system at the time given
shutdown -P
power off (if ACPI is available)
shutdown -C
cancel shutdown
shutdown -k [message]
broadcasts a ‘wall’ message to logged in users
halt -f (–force)
does not shutdown, only halts
halt -p (–poweroff)
power off after shutdown (if ACPI is available)
halt -w (–wtmp-only)
only LOGS the shutdown but does not perform the shutdown
or reboot
halt –verbose
displays more information for troubleshooting
systemd Target
- target is a unit that syncs up other units when the computer boots or changes states
- other units associate themselves with a target for an operating environment
multi-user.target
- multi-user system
- similar to runlevel 3
- provides a command line shell with networking and the ability to host multiple user log ins
graphical.target
- multi-user system with a desktop environment. similar to runlevel 5
- “picture text”
rescue.target
- pulls in basic system and file system mounts and provides a rescue shell
- there to provide an isolated environment for the root user to perform repairs on the system.
- similar to runlevel 1
basic.target
basic system. used during the boot process before another
sysinit.target
system initialization
systemctl list-unit-files -t target
show all unit files for available targets
systemctl list-units -t target
show all loaded and active unit files
systemctl get-default
list out the default target
systemctl set-default [new.target]
change the default target to a different target
systemctl isolate [runlevel.target]
will change the running state of the system from the current target to a different target
systemctl rescue
- almost identical to the System V init single-user mode
- allows the root user to repair the system
systemctl reboot
- will run the reboot target
- same thing as just typing reboot at the prompt
systemctl poweroff
- isolates the system to poweroff.target
- same as typing poweroff at the prompt
systemctl halt
halt. do not power off
systemctl poweroff
halt and power off (if ACPI is available)
wall
- allows you to broadcast a message to all logged in users.
- limited to 20 lines of text
- will appear on every terminal overwriting or interrupting terminal text
- terminate with CTRL+D
reboot commands
- reboot
- telinit 6
- shutdown -r now
- systemctl isolate reboot.target
Shutdown commands
- poweroff
- telinit 0
- shutdown -h+1
- systemctl isolate poweroff.target
ACPI
-Advanced Configuration and Power Interface
-registers system events
(pressing power button or closing laptop lid)
mount (command)
list out every partition and every mount point currently in use on the system
block device
hard disk or anything that takes a large amount of data and writes it and blocks sizes to a location
single disk installation
linux installed on a single physical disk, consisting of one or more partitions
multi-disk installation
linux installed on multiple physical disks, each consisting of on or more partitions
dev/sda
first physical SATA disk on a system
dev/sda2
first physical disk, second partition
dev/hdc2
third IDE drive, second partition
dev/scd0
- first CDROM drive
- CDROM doesn’t have partitions
Linux filesystem layout
- everything is a file
- any folder (few exceptions) can be mounted on any drive/partition
- shared development system with constrained disk space
/
- ‘root’ filesystem is mounted on a device/partition and contains all other folders
- bottom of the directory tree
/var
- log files, shared files/directories, runtime information, binary data files
- generally set up on a separate partition
/home
user’s home directory, where personal files are stored
/boot
-boot loader configuration and kernel files are contained here
/opt
- generally third party applications are installed here
- enterprise environments make use of this location
swap
- temporary storage that acts like RAM
- when a percentage of RAM is full, kernel will move less used data to swap
- much slower than using a dedicated partition
Swap size
older ‘rules’ ranged from 1.5x to 2x of avail RAM
-today should use no less than 50% of avail
LVM (Logical Volume Manager)
- Allows the creation of ‘groups of disks’ or partitions that can be assembled into a filesystem.
- can be used for nearly any mount point except /boot
- flexibility - allows for resizing of volumes
- snapshots- allows for ‘point in time’ copies of your logical volume
VG (Volume Group)
- combination of one or more PV to create a pool of avail storage
- Contains all of your physical volumes
LV (Logical Volumes)
- Volume group is carved into individual components that can be used for specific functions
- like a partition
pvs (command)
lists out the physical volumes in an LVM group
vgs (command)
lists out the volume groups within an LVM group
lvs (command)
lists out the logical volumes within an LVM group
PV (Physical Volume)
- basic starting point of storage
- corresponds to a disk or partition
Swap - Partition
dedicated partition formatted specifically as swap space
Swap - files
created file that is used on a filesystem as swap space for the system
grub-install [device]
- command used to install GRUB to the specified device
- typically done from a live CD/USB where GRUB is installed on a new disk
- can be identified by drive path /dev/hda or /dev/hd0
grub (command)
-invokes GRUB shell environment and prompt
help (command)
print the help listing for GRUB, or get more info on a command
GRUB: find (command)
search for a file in all partitions and list the devices the file is on
GRUB: quit (command)
exit grub shell
MBR (Master Boot Record)
- traditionally supported only 26 total partitions
- partition size limited to 2TB
GPT (GUID Partition Table)
- supports 128 partitions
- partition size up to ZB range
- Needs UEFI to boot and asks as BIOS
UEFI (United Extensible Firmware Interface)
- replacement for traditional BIOS, can act in legacy BIOS mode
- requires 64bit OS
- prevents unauthorized
grub2-editenv list
view the default boot entry for the grub configuration file
grub2-mkconfig
- creates or updates a /boot/grub2/grub.cfg file based on entries from the /etc/default/grub file
- used to generate the GRUB configuration file menu
update-grub
- can be used to update a GRUB2 configuration after changes to /etc/default/grub have been made
- same results as running grub-mkconfig -o /boot/grub/grub.cfg
GRUB Legacy: [A] key
append options to the kernel boot line
GRUB Legacy: [C] key
open up the GRUB command lilne
GRUB Legacy: [ESC] key
escapes out of any GRUB menu
GRUB Legacy: Arrow Keys
used to highlight an option in the GRUB menu
RHGB
Red Hat Graphical Boot
Setup (command)(hd0)
used to reinstall GRUB
GRUB2: [E] key
used to edit GRUB menu item
GRUB2: [Esc] key
go to previous menu item
GRUB2: Ctrl+x or F10
boots a selection or modified line
GRUB (legacy) /boot
- ‘boot volume’ for GRUB
- kernel and related files are stored here
- kernel config file
- kernel initrd (ramdisk) file
- default boot message
- system map file
/boot/grub
-Legacy GRUB configuration directory
menu.lst/grub.conf
GRUB options and builds the menu of choices displayed on boot
GRUB Legacy menu list:
deftault=[#]
determines the menu option that will be started if nothing else is chosen
GRUB Legacy menu list:
timeout=[#]
the amount of time, in seconds, you have to choose another option
GRUB Legacy menu list:
title [description]
text based description of the menu entry
GRUB Legacy menu list:
root [(hd#,#)]
hard drive device number and partition of the root drive (where the kernel is)
GRUB Legacy menu list:
initrd [/boot/initrd#.img]
path to the initial RAM disk image for the chosen menu entry
GRUB2: /boot
- ‘boot’ volume for GRUB2
- kernel config file
- kernel initrd (ramdisk) file
- default boot message
- system map file
GRUB2: /boot/grub
- compatibility with GRUB directory
- sometimes will contain splash image for the boot menu
/boot/grub2/grub.cfg
-combination of a number of files when the grub2-mkconfig utility is used
/boot/grub2/fonts
default and custom font for the GRUB2 menu
/boot/grub2/themes
themes for the GRUB2 graphical menu
/etc/grub.d
-numbered files that, when the grub2-mkconfig utility is run, all are concatenated to make the /boot/grub2/grub.cfg (menu) file
/etc/deftault/grub
file containing the GRUB2 specific configurations
grub2-install
installs GRUB2 to the indicated location
APT - Advanced Package Tool
-installs applications and their dependencies
-remove applications
-updates and upgrades packages
-reads /etc/apt/sources.list
directs installation and uninstallation of packages to dpkg
/etc/apt/sources.list
configuration file that lists out repository locations for packages
apt-get update (command)
updates the local apt cache with a listing of packages that can be updated/upgraded and installed
apt-get upgrade (command)
upgrades the packages that have updates available
apt-get install (package name)
installs a package from the repositories in the sources.list file
apt-get remove (package name)
removes package from the system but any config files that came with the package will be left behind
apt-get purge (package name)
0r dpkg –purge
removes the package from the system and any associated configuration files
apt-get dist-upgrade
upgrades all packages on the system up to the next release of the distro
apt-get download (-d) (package name)
- downloads the package and places in /var/cache/apt/archives
- does not install it
Shared Library
- files containing functionality that other applications can use
- files can end in a ‘.so’ extension - for ‘shared object’
Shared Libraries are found here
-/lib
-/usr/lib (32 bit)
-/usr/lib64 (64 bit)
/usr/local/lib
-/usr/share
Two types of library files
- dynamic - ends in.so
- statically linked - ends in .a
ldd
prints out shared object library dependencies
ldconfig
- configures dynamic linker run-time bindings
- creates a cache based on library directories and can show you what is cached
/etc/ld.so.conf
configuration file that points to directories and other configuration files that hold references to library directory locations
LD_LIBRARY_PATH
Legacy environment variable that points to a path where library files can be read from
Shared Libraries: Soft links
where specific library versions are linked to a more generic name
Static linking
- application contains a full copy of the library that is used
- application will have exact library version it expects with known interfaces
- size is a disadvantage
Dynamic linking
- application uses the library externally using ‘stubs’, the library is installed on the OS itself but not installed with the app
- size is an advantage
ld.so
any time an app needs to use a shared library, the ld.so is called
-known as ‘dynamic linker’
Repository
remote location that you can download and install packages from using any of the package management tools
/etc/apt/sources.list.d
- files that define one or more remote repository locations for package download and installation
- each may contain lines for both packages and another for package resources
apt-get
Package manager that can install, reinstall or remove packages and all their dependencies at the
same time
apt-cache
allows you to interact with the cache of available packages from all configured repositories
apt-cache search [value]
search for packages matching the indicated value
apt-cache show [packagename]
show available information about the indicated package
apt-cache showpkg [packagename]
additional technical information about the package
aptitude and synaptic
- similar to apt and uses it in the background
- has a graphical front end
dpkg package
- application or utility
- default configuration files
- how and where to install files
- listing of dependencies the package requires
- apt handles the dependencies
dpkg –info [packagename] or
dpkg -I (capital i)
displays package contents
dpkg –status [packagename]
abbreviated display of the –info option
dpkg -l [packagename or partial name]
lists out package(s) that match the string provided
dpkg -i (–install) [packagename]
- will install the indicated package name
- fail if there are missing dependencies
dpkg -L (–listfile) [packagename]
list all files that were installed with the indicated package
dpkg -r (–remove) [packagename]
removes the package’s files but any configuration files and directories will be left alone
dpkg -P (–purge) [packagename]
removes the package’s files AND and configuration files and directories associated with it
dpkg -S (–search) [filename]
search for the indicated installed file within the package database for all mentions of the file or string
dpkg-reconfigure [packagename]
allows for modification of a package by re-running the application’s configuration tool
dpkg –force-reinstreq [packagename]
allows you to force the removal of a package marked as requiring install
dpkg –force-depends [packagename]
used with -i to force the install of a package with missing dependencies
dpkg –force-conflicts [packagename]
- used with -i to force install a package with conflicting dependencies
- forcing installations may leave system unusable
yum (Yellowdog Updater, Modified)
- originally used for Yellowdog Linux distro
- handles RPM package dependencies
- installs, upgrades, removes packages
- RHEL, CentOS, Scientific LINUX
yum setup
- global yum config options are set in /etc/yum.conf
- reads repository information from /etc/yum.repos.d/
zypper
-RPM package manager for SUSE Linux
zypper repos (command)
will list out the individual repositories that zypper uses for install and upgrade of packages
zypper install vim (command)
will install the vim package
DNF - Dandified yum
- used in Fedora
- future replacement for yum in Red Hat
- uses same command syntax as yum
yum update/upgrade
will read the configured repositories and local cache, and upgrade all installed system apps
yum search
searches the yum repositories for specified package
yum info
lists information about a specified package
yum clean all
cleans up all of yum’s cache information and it’s local database file
basurl line within the repo file
web address that indicates where packages are downloaded from
yum install [packagename]
- installs a specified package and all of its dependencies
- -downloadonly will just download the indicated package
yum remove
uninstalls a package and leaves dependencies behind
yum autoremove
-uninstalls a package and its dependencies
yum whatprovides
find out what package provides a specified file name
yum reinstall
reinstalls a specified package
/etc/yum.conf
default yum config file. may contain some repository definitions
/etc/yum.repos.d
individual ‘*.repo’ files containing the location and options for remote repositories
/var/log/yum.log
default yum transaction log file
yum –enablerepo [reponame]
enable a disabled repo for the current transaction only
/var/cache/yum/[architecture]/[version]/base/packages
directory the package will be downloaded to
-y on a yum command
will skip affirmation step
yumdownloader
allows you to download a package only, but provides additional functionality
yumdownloader –source
download only source RPM
yumdownloader –urls
display the URL of the files without downloading
yumdownloader –destdir
allows you to indicate the directory to store the package download
yumdownloader –resolve
includes any dependencies
.rpm package
- application or utility
- default config files
- how and where to install the files that come with the package
- listing of dependencies the package requires
rpm -qpi
- displays information on a package
- same as yuminfo
rpm -qpl
list files in a package
rpm -qa or yum list installed
lists out all installed packages
rpm -i
installs a specified package
rpm -U
upgrades an installed package
rpm -e
uninstalls a package
rpm -Va
verify all installed package
rpm2cpio
converts a .rpm file into a cpio archive file
/var/lib/rpm
RPM database directory
rpm –rebuilddb
- rebuilds the local RPM database in the /var/lib/rpm directory
- only performed by root
rpm -q [packagename]
shows all packages meeting the indicated values that are installed
rpm -qi [packagename]
-detailed information about an installed package
rpm -ql [packagename]
listing of all files in the package
rpm -qip [package.rpm]
- show the appropriate details about a file NOT installed as named
- will show information on a package before install
rpm –changelog [packagename]
display the changelog for the indicated package
rpm -qc [packagename]
display all configuration files for the indicated package
rpm -qRp [package.rpm]
show the requirements of the indicated rpm file
rpm -qf
will show the package that the indicated file dependency belongs to
rpm -K
validate for the indicated package
rpm –import
import the indicated keyfile from the package maintainer
rpm -v
print verbose information
rpm -h (–hash)
during activity, print a ‘status’ bar using hash ‘#’ character
rpm –force
option added during install or removal to force install/removal
rpm –replacefiles
option added during install, that replaces duplicate files
rpm -V
verify the integrity of a package
rpm -Va
verify ALL installed packages
rpm -Vac
verify ALL installed package config files on the system
rpm -F (–freshen)
will ONLY upgrade the indicated package if it’s already installed
rpm -e (–erase)
erases the indicated package name
Virtual Machine
- emulation of a specific OS
- share same physical hardware
- isolated from hardware and communicates through Hypervisor
VM/Hypervisor Examples
- KVM
- QEMU
- VMWare
- Xen
- VirtualBox
Full virtualization
guest system is not aware that it is a virtual machine
paravirtualization
- guest system is aware that it is a virtual machine, uses guest drivers
- VMs perform better with guest drivers
dbus-uuidgen or dbus-uuidgen –get
ensures that each running kernel interacts with a system that has a unique ID
cloud-init (command)
- used to ensure user data is completely new
- creates new SSH keys
- sets system’s default locale
- sets system’s host name
- sets up mount points
Cloud Virtual Machines
- AWS
- Azure
- Rackspace
Container
- isolated set of packages, libraries and/or applications that are independent from their surroundings
- use shared OS
- more resource efficient
Machine container
shares a kernel and file system with the host computer
Application container
- shares everything but the application files and library files the application needs
- useful on a web server
Container example
- Docker
- nspawn (systemd)
- LXD
- OpenShift
Linux Shell
- bash is default
- csh - C programming style syntax
- ksh - KornShell includes elements of Bash and C
- zsh - Z Shell includes elements of Bash and Korn
Environment Variable
settings that dictate common functionality and locations
env
command that displays environment variables except shell settings
echo
versatile command that can be used to print the value of a variable
set
displays shell settings or shell variables for the session
unset
removes a variable or custom bash function
shopt
displays shell options and their current settings
set -x
turns on debugging with the bash shell
set +x
turns off debugging
shopt -s (option)
to set or enable option
export (command)
used to export a variable to the current shell and any new shells started from the current shell
which (command)
-shows the full path of (shell) commands
type (command)
determines if something is a function, file, alias, built-in or keyword
“weak” quotes
double quotes will expand variables, but characters used for path substitutions or pattern matching will not be expanded
‘strong quotes’
inside strong or single quotes. nothing is interpreted
history (command)
shows most recently used commands
.bash_history
file located in user’s home directory that contains the previously run commands
HISTFILESIZE
- environment variable that determines how many lines the bash_history file will contain
- default is 500
Man page - Section 1
executable programs or shell commands
Man page - Section 2
System calls - functions provided by the kernel
Man page - Section 3
Library calls - functions within program libraries
Man page - Section 4
special files - typically found in /dev
Man page - Section 5
file formats and conventions
Man page - Section 6
games
Man page - Section 7
miscellaneous terms and conventions
Man page - Section 8
system admin commands
Man page - Section 9
kernel routines
man -k or
apropos
used to search man pages for a key word
man [section number]
pulls up a specific section of a man page
less
read-only text view
head
bring up first 10 lines of a file
tail
last 10 lines of a file
zcat
view gzip compressed text file
bzcat
view bunzip2 compressed text file
xzcat
view XZ compressed text file
nl (file)
prints the number of lines in a file
od
- octal dump command
- print out file in octal or other formats
md5sum
calculates and checks a file’s hash based on MD5
sha256sum
calculates and checks file’s hash based on SHA-2 hash using 256 bits
sha512sum
calculates and checks file’s hash based on SHA-2 hash using 512 bits
/etc/bashrc
- sourced script and is executed each time user logs in or they execute a non-login session
- umask set for the whole system within this file
~/.bash_profile
- sourced script and is executed each time user logs in but only affects the environment for the user logging in
- typically used to set environment variable specific to user
~/.bashrc
- usually called by the ~/.bash_profile’ script
- will source /etc/bashrc file
- used to customize shell prompt, keyboard shortcuts
- umask set for individual user here
~/.bash_logout
executed when the logout or exit commands are executed
‘non-login’ session
- when the root or other user uses su to become another user
- does not load full environment by default
~ (character)
user home directory
\ (character)
escape character
Special character: $
identifies a variable
? (character)
single character ‘wildcard’
- (character)
0 to n ‘wildcards’
& (character)
send process to background returning the use of the shell to the user
&& (character)
execute second command only if first is successful
|| (character)
execute second command only if first is unsuccessful
; (character)
execute multiple commands on the same line
command exit 0
success
command exit 1 or higher
failure
set -o (option)
turns option on
set +o (option)
turns option OFF
/etc/profile
- where PATH environment variable is initially set
- source script executed each time a user logs in
HISTCMD
index of the current command
HISTCONTROL set to ignorespace
command preceded by a blank space will not be recorded in history file
HISTCONTROL set to ignoredups
two consecutive lines that are a duplicate will have one ignored
sed (command)
- ‘stream editor’ command
- commonly used to alter text in a file or replace words
sort (command)
used to sort and/or merge lines of a file
uniq (command)
removes consecutive duplicate lines of a file
tr (command)
used to translate or swap characters in a file
cut (command)
extracts columns or fields of data from a file
paste (command)
merge lines of files
split
- command used to split a file into individual pieces
- each piece contains up to 1,000 lines by default
sort -k [#] [filename]
- sort at the start of the second delimited field
- delimiter by default is a space or tab
sort -n [filename]
sort the file numerically
nl -ba [filename]
will number all lines, even if the line is empty
wc -l
number of lines
wc -w
number of words
wc -c
number of characters in bytes
expand
- changes tabs in a file to a specific number of spaces
- default is 8
expand -t [#]
converts tabs to # of spaces indicated
cut -c [#][-#] [filename]
will display only the column or range of column from the indicated filename
cut -d [delimiter]
- set the delimiter to use when dealing with fields
- default is TAB`
cut -f [field] [filename]
identify the field numbers identified by delimiter to display from the indicated filename
join
combines two files together but removes redundant fields
join -t [character]
use the indicated character as the field separator
uniq -u [filename]
print ONLY the unique lines in the file
uniq -d [filename]
print an example of each line that is duplicated in a file
uniq -D [filename]
print ALL instances of duplicate lines in a file
head -n [#][filename]
display number of lines, beginning at the top, of the indicated file
tail -n [#][filename]
display number of lines, beginning at the bottom, of the indicated file
tail -f [filename]
to follow a file as new entries are created
split -a [#]
when the split file(s) are created named them ‘x#’
split -b [#][b/k/m]
new file(s) contain the indicated number of bytes/kilobytes/megabytes
split - [#]
new file(s) contain the indicated number of lines of bytes
split -l [#]
new file(s) contain the indicated number of lines
cat
display a file, top to bottom,
tac
same as cat, but in reverse by listing file bottom to top
od -a
display ‘named’ binary file
od -d
decimal format
od -f
floating point format
od -o
octal format
od -x
hexadecimal format
pr (command)
- used to ‘format’ a source file or other text only files to be printed
- adds a header with the date of the ‘job’, file, and pagination (page number) at the top
pr – columns=[#]
format text data in the file into the indicated number of columns for printing
pr – columns -a[#] (–across)
print columns across instead of down
pr -d (–double-space)
double space the line output
pr -h (–header) [text]
- customizes the header text
- replaces the filename with the indicated text
pr -t (–omit-header)
omits the header from the output
fmt
- used to format files for printing
- limited to wrapping longer lines of output
- commonly used with pr utility
fmt -[#]
desired width to break each line at
fmt -s
split long lines over 50 characters without filling
fmt -40 mytext.txt | pr –columns=2
-split each line at 40 characters and prepare a printing with header in two neat columns
tr ‘A’ ‘a’ < myfile.txt
translates all uppercase A to lowercase a
[:upper:][:lower:] < [filename]
converts all uppercase to lowercase
sed s/
substitutes what comes next
g at the end of sed (command)
replaces ALL instances of the first value with the second
sed ‘s/a/A/g’ filename.txt
replace every instance of lowercase ‘a’ with uppercase ‘A’
-e in sed (command)
used to chain multiple filters together instead of using ‘;’
sed -n (–quiet
- suppresses the printing of ‘pattern space’
- can prevent lines from appearing multiple times
more (command)
allows paginate paging through text files one screen at a time
more -d
prompt to ‘space to continue’ or ‘q to quit’ at each screen
more -num [#]
- specify the screen size in lines
- default is 50 or the size of the terminal
more -p
clear the screen before starting the first screen display
less (space key)
moves to next full screen
less (d key[#])
scrolls through the next number of lines indicated
less (b key[#])
scrolls backwards through the next number of lines indiciated
touch
- create a file
- modify file’s time stamp
file (command)
-used to determine file type
rmdir
- remove directory command
- will not delete directory with any content
dd (command)
- copies and converts files
- used to create files of arbitrary size and to back up disk drives
tar
-wraps up files and folders into an archive file
gzip
creates .gz compressed files
gunzip
extracts .gz compressed files
bzip2
- command that creates .bz2 compressed files
- better compression utility in terms of size
bunzip2
command that extracts .bz2 compressed files
xz
- command that creates .xz compressed files
- newer compression utility for files and directories
unxz
command that extracts .xz compressed files
ls -l
-long listing containing permissions, owner, size and date
ls -a
list files including ‘hidden’ files
ls -d
list just the directory without the files
ls -i
display the inode numbers for the files or directories
ls -h
‘human-readable’ format to filesizes and details
cd ~
cd
home directory
cd .
current directory
cd ..
moves up one directory
makedir -p
make all directories in the indicated path if they do not already exist
globbing
wildcard or list character that makes one or more files based on an indicated pattern
touch -t [date][filename]
sets the date/time as indicated for the file
touch -r [referencefile][filename]
applies the indicated date/time in the ‘reference’file to the ‘filename’
stat (command)
displays a file or file system status
stat -f (–file-system)
display the file system status instead of file status
stat -t (–terse)
display the information in terse short form
cp -d
- do not follow symbolic links
- just copy the link
cp -f
-force overwrite if the file already exists
cp -i
ask before overwriting an existing file
cp -l
create a hard link to the original
cp -s
create a symbolic link to the original
cp -r (or -R)
recursively apply any options to other directories or subdirectories
cp -x
do not include any files/directories from other filesystems
mv -i
- check to see whether the destination already exists
- will prompt to overwrite
mv -u
do not overwrite the destination file or directory if it is newer than the original
mv -f
- do not prompt for directory entry changes
- often the default
rmdir -p
removes all directories in a path as long as they are all empty
rmdir –ignore-fail-on-non-empty
allows the removal of directories that do have files
rm -r
recursively remove files and subdirectories
rm -f
do not prompt for confirmation on deletion
rm -i
prompt for every file/directory to be removed
dd: if
image file or device used as input
dd: of
image file or device used as output
dd if=/dev/sda of =/dev/sdb
will back up the full /dev/sda disk to /dev/sdb
find (command)
- method for ‘finding files’ based on name or type
- can be costly of CPU and IO performance
find [starting path]
where to begin the search
find -[options]
what type of ‘thing’ to find
tar -c
create the archive
tar -t
displays the contents of the archive
tar -x
extract the content of the archive
tar -f
name of the file to create
tar -j
- compress/uncompress with bzip2
- best compression method
tar -z
- compress/uncompress with gzip
- most commonly used method
tar -v
verbose messages
tar -cvjf mybackup.tar.bz2 /home/user
- creates a file called mybackup.tar.bz2 in current directory containing files from /home/user
- compressed with bzip2
cpio (command)
used by receiving input from a file or another command and sends the files to either standard output or a file
cpio -o (–create)
runs in copy-out mode
cpio -0 [archivefile]
creates the indicated file instead of using standard output
cpio -d (–make-directories)
make leading directories if needed
cpio -i (–extract)
extracts the content in copy-in mode
cpio -I [archivefile]
use the archive file indicated rather than standard input from a command or file
cpio -v
verbose messages
gzip and gzip2 -r
recursive, include all files and directories
gzip /home/user/myfile.txt
-would compress the /home/user/myfile.txt file, leaving /home/user/myfile.txt.gz in its place
xz -z (–compress)
compress the file indicated
xz -d
decompress the file indicated
find (directory) -name
find files based on their name
find (directory) -ctime
- find files based on the time they were last changed
- default is by day
find . -ctime -1
locate files that have been changed within current directory from the last 24 hours
find (directory) -newer (file)
locate files whose timestamp is newer than the selected file
file (directory) -empty -type f
locate empty files
file (directory) -atime (file)
locate files based on their access time
find (directory) -empty -type f -exec rm -f {} \;
find and remove empty files within current directory without prompting
file (directory) -exec [command] {} \;
will act on the results of the find command
[abc]
- matches any one of the characters in the list
- case sensitive
[^abc]
- matches any one character except those in the list
- case sensitive
[0-9]
matches a range of numbers
Standard Output
- bucket where all the output goes
- > ,»_space;
- stdout
- 1
Standard Input
- usually comes from keyboard entries
- files and standard output from other commands can provide input to another command
- stdin
- 0
Standard Error
- usually written to the screen
- stderr
- 2
Find option: group
files/directories belonging to the specified group
Find option: user
files/directories belonging to the specified user
Find option: iname
files/directories whose names match the indicated name
Find option: mtime
files/directories matching the indicated modification time
/dev/null
- stderr is commonly redirected to a logging file or special device here
- allows you to clean up errors from the normal standard output
Redirecting Standard Error: find / -iname “*.sh” 2> /dev/null
-will display the results of the found matches without displaying error messages related to permissions
Chaining Redirects:
sort < listfile | nl
redirect the ‘listfile’ as an input stream to the sort command, piping that output to the nl command to add line numbers
Special combination:
find / -iname “*.sh” > /dev/null 2>&1
redirects standard error to standard output and the whole output stream is redirected to /dev/null
tee (command)
- accepts a standard input stream and sends one identical output stream to an indicated file
- used to capture the output of an app but to also show the results on the screen
find / -name “*.sh” | tee visibleresults.txt
- find all files ending in .sh from root partition, piping those results as an input stream to tee
- output sent to screen and visibleresults.txt file
xargs (command)
takes an input stream of another command and feeds to another command as indicated
find / -name “*.sh” | xargs ls -al > myresults.txt
- find all files ending in .sh and xargs will take the output and feed to the ls -al command.
- will then display the details of each file and redirect to myresults.txt
ps (command)
lists process status of each running process on the system
process
set of instructions loaded into memory
ps -u (user name)
pull up processes running under a specific user
ps -e
pull up every process running on the system for all users
ps -eH
pull up running processes in a hierarchy view
ps -e –forest
provides a full format listing which includes showing all arguments that a command is using while it is running
Kill process from top command
Press (k) key, type in PID and hit enter
top (command)
real-time monitoring of processes running on a system
man signal
man pages for various signal states of running processes
uptime (command)
view how long system has been up, how many users logged in, and CPU load average by last minute, last 5 minute, and last 15 minutes
Load Average
average number of process that are either in a runnable or uninterruptable state
free (command)
view used and available memory and swap space
pgrep (command)
find process information based on process name
kill (command)
send a signal to a process based on PID
pkill (command)
send a signal to a process based on process name
pkill -x (name of process)
used to only kill the exact name of a process given
ps -a
display all running processes
ps -x
display processes without an associated tty (terminal)
ps aux
- show all processes by any user, displaying the process owner and processes not tied to a terminal
- same as ps -ef
pstree (command)
show a tree view hierarchical ASCII display of running processes
pstree -A
display the tree using ASCII characters
pstree -a
display the processes including any parameters used
pstree -p
show PIDs
free -b
displays the memory in bytes
free -k
displays the memory in kilobytes
free -m
displays the memory in megabytes
free -g
displays the memory in gigabytes
free -h
displays in ‘human-readable’ format
free -c (#) -s (#)
number of times to display the output and how many seconds between each output
free -t
display a line showing each column totals
free -l
display low and high memory statistics
kill -1 (PID)
shutdown and restart the process
kill -15 (PID)
terminate process
kill -9(PID)
kill/stop/end/dump right now
killall (command)
kills all instances of the named process
pkill -signal (#)
send the signal number to the matched process
pkill -t
match the indicated terminal/tty
pkill -U
match the user ID
pgrep -u root, apache httpd
will display any httpd process owned by root OR apache
pgrep -u root apache
will display only processes owned by root AND apache
watch (command)
- runs a command at specified intervals
- used to monitor a command’s output
screen (command)
- terminal window manager that allows you to run commands in an isolated session
- processes can run after logging out
tmux (command)
- terminal window manager similar to screen with extra features
- -processes can run after logging out
watch date
-displays current date and refreshes every 2 seconds by default
watch date -n 5
changes refresh period to every 5 seconds
screen: ctrl+a d
detach from screen session
screen -r (session number)
attach to specific screen session
screen -r
reattach to current screen session
screen -ls
view active screen sessions
End screen and tmux sessions
type “exit”
tmux: ctrl+b d
detach from tmux session
tmux ls
view active tmux sessions
tmux attach-session -t(session number)
reattach to selected tmux session
nohup (command)
command preceded by nohup receives signal 1 so that should a terminal window close, the process will still run as long as the login session is not terminated
bg (command)
sends a job to the background while it keeps running
fg (command)
brings a job that is in the background to the foreground
jobs (command)
displays a listing of jobs that are in the background
jobs display: [#]-
indicates the previous job or next to last job to be operated on
jobs display: [#]+
indicates the current job
priority
scheduling and priorities are what Linux uses to run multiple things on a single machine in a ‘multi-tasking like’ manner
priority range
- default is 0
- any user can start processes with priorities 0 to 19
- only root can start priorities from 0 to -20
- only root can bring a priority number lower
screen: ctrl+a c
open a new session
screen: ctrl+a p
move back to previous session
screen: ctrl+a n
move to next session
screen: ctrl+a “
display a list of available sessions
screen: ctrl+a x
- lock the screen
- password prompt twice to unlock
nice (command)
used to define a new nice level before an application is started
watch -n 3 date &
-generate date every 3 seconds and place in the background
nice -n 5 watch -n 3 date &
- generate date every 3 seconds and place in the background
- priority level 5
renice -n -1 (PID)
changes current priority to -1
renice a process within top
hit “r” key then type PID and number to change to
renice (command)
used to change the nice level of an application that is already running
top d [#]]
run and update the processes display every ‘#’ of seconds
top i
show only active processes
top -b
run in batch mode
top -c [#]
run ‘#’ of updates and exit
top -b -n 5 > output.txt
will run top in batch mode and update 5 times, then write results to output.txt
top: spacebar
immediate update
top: h key
displays help screen
top: i key
display or ignore inactive processes
top: R key
sort process IDs from high to low
grep (command)
used to find strings and phrases in files, streams and directories
grep -c
count of matches found only
grep -C [#]
encloses the string match with ‘#’ of lines of context
grep -E [ext. regex]
use the indicated extended regular expression for finding a match
grep -F [fixed regex]
use the indicated fixed regular expression for finding a match
grep -H
displays the filename of each matching string or phrase
grep -h
prevents the filename from being displayed
grep -i
ignore case
grep -l
show only the filename, not the matched string/phrase
grep -L
show only filenames that do NOT contain a match
grep -w
match only lines containing the whole string or phrase
grep -x
show only exact whole line matches to the entire string or phrase
grep -v
show only those lines in a file that do NOT match the string or phrase
find / -name “*.sh” -exec grep -iH “modprobe” {} \;
find any file, recursively, starting in root and ending in .sh. grep would ignore case and display the file name matching content from files containing the word ‘modprobe’
egrep (command)
-grep command without having to specify -E
egrep ‘(bin|bash)’ /etc/passwd
would display any lines containing either ‘bin’ or ‘bash
fgrep (command)
- grep command without having to specify the -F
- allows for use of a file that contains one or more items to search for
fgrep -f [itemfile]
use the indicated file as a list of items to search for in the file
fgrep -f itemfile.txt searchfile.txt
will use the items in itemfile.txt as search parameters for all lines in the searchfile.txt and display the matches
regex: .
match any single character
regex: ?
match an optional item, but only once
regex: *
match from ‘0 to n’ characters in a string
regex: +
item MUST be matched at least once but can be matched more
regex: {#}
match ‘#’ of times
regex: {#,}
match ‘#’ of times, or more
regex: {#,#}
-match between the first and second number
{3,10} would match between 3 and 10 times
regex: < and ^
words that start with what comes after
regex: > and $
words that end with what comes after
regex: [aA]
words that contain either ‘a’ or ‘A’
grep “d[iou]g textfile.txt
return words that start with ‘d’ and end with ‘g’ and have i, o, or u
regex: [^o]
words that do NOT contain the letter
grep “d[^o]g” textfile.txt
return words that start with ‘d and end ‘g’ and have any letter except ‘o’
sed (command)
stream editor command can operate on files using regular expressions
vimtutor
tutorial system for vim
vi/vim
- text editor available in Linux
- navigated by command mode, insert mode, ex mode (used for search/replace)
/etc/vimrc
global vim configuration file
/home/user/.vimrc
-user specific configuration for vim
Vim Command Mode:
:number/nonumber
:nu/no nu
turn line numbers on the display on/off
Vim: bottom of screen
-contains the full path to the file, number of lines, size of the file, current line and column and current cursor position
Vim: i
invokes insert mode
Vim: I
move to the beginning of the current line and invoke ‘insert mode’
Vim: a
place cursor one character to the right of the current position and invoke ‘insert mode’
Vim: A
move cursor to the end of the current line and invoke ‘insert mode’
Vim: o
insert a new line under the current line, place the cursor in the first position on the new line in ‘insert mode’
Vim: O
insert a new line above the current line, place the cursor in the first position of the new line in ‘insert mode’
Vim: cw
change the word at the current position
Vim: cc
change the line at the current position
Vim: c$
change from the current position at the end of the line
Vim: r
replace the character at the current position
Vim: R
replace text on the same line until you escape the ‘insert mode’ or until you reach end of line
Vim: x
delete the character after the cursor
Vim: X
delete the character before the cursor
Vim: dw
delete the word after the cursor
Vim: dd
delete the entire line the cursor is on
Vim: D
delete the text from the current cursor to the end of the line
Vim: dL
delete the text from the current cursor to the end of the current screen
Vim: dG
delete the text from the current cursor to the end of the file
Vim: d^
delete all text from the beginning of line to the current cursor
Vim: u
undo the last operation/change
Vim: yy
- copy the current line to the buffer
- also called yank
Vim: yw
copy the current cursor to end of current word
Vim: p
paste the contents of the buffer after the cursor
Vim: P
paste the contents of the buffer before the cursor
Vim :e!
undo ALL changes since the last time the file was saved
Vim :w
write/save the file
Vim :q
quit the editor
Vim :q!
quit without saving
Vim :x
shortcut for save and exit
Vim: ZZ
shortcut for save and exit
Vim navigation: h
one character left
Vim navigation: j
one line down
Vim navigation: k
one line up
Vim navigation: l
one character right
Vim: ctl-u
move back one half page
Vim: ctl-b
move back one page
Vim: ctl-d
move forward one half page
Vim: ctl-f
move forward one page
Vim: ctl-G
show the name of the file, lines and position in % of the total file length
Vim - Searching
- must be in command mode
- ”/” search from cursor forward
- ”?” search from cursor back
- “N” to move forward
Vim - Replacing
- must be in command mode
- sed-like syntax
- ”s” substitute in current line
- “%s” substitute in entire file
- “g” will replace all occurrences
:s/Mar/Apr/g
will replace Mar with Apr for all occurrences in the file
Vim - :![cmd]
run the indicated command on the command line
General order of preparing hard drive for use
- Physical install or allocation for VM
- partition the device
- format the partition created with the chosen filesystem type
- create a system mount point
- mount the device/partition
- add /etc/fstab if intended to be persistent
IDE devices
/dev/hda then partition like /dev/hda1
SATA/SCSI devices
/dev/sda then partition like /dev/sda1
fdisk (command)
- legacy command used to create partitions of the MBR (DOS) type
- 2TB partition size limit
- no ability to edit GUID drives
parted (command)
- modern command used to create partitions of MBR or GPT types
- default unit is MB
Partition ID 83(00)
standard Linux filesystems
Partition ID 82(00)
Linux swap partitions
Partition ID 8e(00)
Linux LVM Volumes
gdisk (command)
- command in the style of ‘fdisk’ that can be used to create GPT partitions on disks
- capable of creating/modifying GUID tables
/etc/fstab
- Filesystem table file
- single line mount config for local filesystems that are to be mounted on boot
- what computer uses upon boot to locate where filesystems are
tools used to create swap partitions
- fdisk
- gdisk
- parted
mkswap (command)
used to format partition to be used as swap space
swapon (command)
enables swap partition or file
swapoff (command)
disables swap partition or file
2 ways to set up swap
- swap file: impacts performance
- swap partition: less performance hit
Primary partition
- partition that is independent of any extended and logical partition
- Numbered 1 through 4
Extended partition
- only one of these per drive
- like a ‘container’ for logical partitions
Logical partition
- partition within an extended partition
- usually needed when there is a need for more than four partitions
- Numbered 5 through n
Swap partition
partition that is specifically formatted an dedicated to virtual memory in support of system memory exhaustion
fdisk and gdisk Interactive options: p
display disk/partition summary
fdisk and gdisk Interactive options: n
- create a new partition
- p to make primary partition
- l to make logical partition
- each partition defaulted as 83(00) type
fdisk and gdisk Interactive options: t
change partition type
fdisk Interactive options: w
write partition to disk
Partition ID 85(00)
Linux extended
Partition ID fd(00)
Linux RAID
parted -l [device]
list A LOT of information about the indicated device and partitions
parted interactive option: help
list commands available
parted interactive option: mkpart [volume name] [begin] [end]
-create partition with the indicated volume name at the beginning value and ending at the end value
Superblock
- portion of the disk that can be read and contain filesystem information
- typically stored on disk in first sector
- first backup block for ‘ext’ filesystems
Inode
- associated with every file and directory
- contains info about the file except the filename
- includes a list of blocks that make up the file
- number of inodes cannot be changed after filesystem creation
ls -i /var/log/messages
will display the inode of the /var/log/messages file
df -i
show the inodes that are available, used and free on the mounted filesystems
filesystem type: ext2
Linux extended filesystem (legacy)
filesystem type: ext3
Linux extended filesystem with journaling
filesystem type: ext4
- Linux extended filesystem with journaling
- performance enhancements over ext3
filesystem type: ReiserFS
one of the first filesystems to introduce journaling and offer dynamic resizing capabilities
filesystem type: btrfs
builds on ReiserFS features while adding additional admin features while increasing performance
filesystem type: iso9660
filesystem specific to CD-ROM
filesystem type: udf
filesystem specific to DVD
filesystem type: vfat
older DOS partition type
Formatting a drive
process of preparing the size and structures on a partition and applying the filesystem type indicated
mkfs (command)
-creates a new file system on a partition
mkfs -t [fstype] [device/partition]
creates the indicated filesystem type on the chosen disk partition
mkfs -b [#]
- creates the filesystem with the indicated block size
- default - 4096
mkfs -m {#]
percentage of space reserved for ‘root’ user
mkfs -L [label]
set the partition volume label
mkfs -O
additional options
mkfs -t ext4 -b 8192 -m 10 -L LargeData -O sparse_super /dev/sde4
create an ‘ext4’ partition, with a block size of ‘8192’, reserving 10% for root use and using the ‘sparse_super’ option
mkfs. [fstype]
equivalent command for each filesystem type to format the indicated partition
mkfs.ext3 /dev/sda3
will create the ext3 filesystem on the /dev/sda3 partition
mke2fs
equivalent command for making an ext2/3/4 filesystem
mkraid
creates a RAID array set from the indicated disks
mknod
create ‘special’ files
mkisofs
create ISO filesystem for burning CD-ROM
File Allocation Table
- Linux can use Virtual File Allocation Table which allows for long file names
- EFI boot partitions need to use a FAT partition
exFAT - Extended File System
- allows for files larger than 2GB in size
- primarily used for external disk drives, thumb drives
ls -la /dev/(disk)/by-uuid/
displays the partition’s universally unique identifier (UUID)
df (command)
disk free command that shows the available disk space on a file system
df -h
human readable format of disk free space
du (command)
command that displays the amount of disk space in use
du -a
write counts for all files and not just directories
du -c
produce a grand total
du -h
print sizes in a readable format (K/M/G/TB)
du -s
display only a summary for any argument
du -sh /home/user/.bash*
provides a human readable summary of each file matching .bash* within the /home/user directory
df -a
include all filesystems including ‘dummy’ filesystems
df –direct
show stats for a file instead of a mount
df –total
print a grand total
df -l
include only local file systems
df -t
limit listing to the indicated type
df -lh –total
shows a human readable listing of all local filesystems including a total line at
the bottom
debugfs
- filesystem debugger
- can show a vast amount of information about the indicated partition
debugfs /dev/sdb1
will show a lot of information about any selected file or folder on the indicated drive
debugs: ?
show available commands
debugs: cd [path]
change to the indicated path
debugs: features
display the filesystem features
debugs: logdump
display journal contents
debugs: ls
shows contents of current directory
debugs: pwd
shows working directory
debugs: open
open a filesystem for debugging
debugs: stats
show stats for the filesystem
debugs: undelete
- undeletes a file
- MUST be used immediately after deleting a file
debugs: quit
exit
fsck (command)
- file system check
- invoked in command line
- configured in /etc/fstab
- devices must be unmounted before running check
e2fsck (command)
- file system check utility for ext2, ext3, and ext4 file systems
- can be used to replay the file system’s journal
e2fsck -f
force a check to rerun even if report comes back clean
e2fsck -p
automatically repair anything it finds without prompting
reiserfsck (command)
check ‘ReiserFS’ filesystem types
dosfsck (command)
check DOS filesystem types
fsck -A
fsck will iterate through the /etc/fstab file and check all filesystems
fsck -C
display hash/mark progress bar
fsck -N
dry run, makes no changes but displays what would have been done
fsck -V
verbose output
fsck -a
-does not prompt for confirmation
fsck order of events
- check inodes, blocks, sizes
- check directory structure
- check directory connectivity
- check file/directory reference counts
- check group summary info
tune2fs (command)
-utility used to adjust parameters on an ext2, ext3, and ext4 file system
tune2fs -c [#]
set the maximum number of times a filesystem can be mounted for an fsck to happen automatically
tune2fs -e [option]
modifies the behavior of the filesystem with the indicated option
tune2fs -g [groupname]
add the indicated group as potential users of the reserved space on a filesystem
xfsprogs
tools and utilities for XFS filesystems
xfs_check
XFS filesystem equivalent to fsck for checking filesystem
xfs_repair
XFS filesystem equivalent to fsck for repairing filesystem
xfs_metadump
creates debugging information that can be used by a third party to aid in recover of an XFS filesystem when the repair has failed
xfs_growfs
used to grow an XFS filesystem
xfs_fsr
- reorganizes data stored in blocks in an XFS file system.
- similar to running a defrag utility on a Windows file system
xfs_db
utility used to debug an XFS file system
/media
‘parent’ directory that is often used for ‘removable’ filesystems (CDs/DVDs)
/mnt
‘parent’ directory that is often used for mounting disk/partitions that are NOT part of the filesystem install
blkid (command)
- used to obtain the UUID for the local disk partitions
- will also display disk labels
mount -a
mount all filesystems in /etc/fstab
mount -f
fake mount all filesystems in /etc/fstab
mount -r
mount the indicated filesystem in read only mode
mount -o [option]
specify one or more options that are outside the defaults
mount -w
mounts in writeable mode
unmount (command)
- unmounts the indicated filesystem
- filesystem can only be unmounted if not in use
unmount /mnt/data
unmounts the /mnt/data directory from whatever device was mounted there
unmount -f
-attempt to forcibly unmount the filesystem even if in use
fuser (command)
if unmount indicates a filesystem is in use, this will tell which user is using it
fuser -m [mount]
determine who is using the indicated mount
Contents of /etc/fstab columns
- device
- mount point
- filesystem
- options
- dump
- fsck
Octal Permission: 4
Read
Octal Permission: 2
Write
Octal Permission: 1
Execute
Octal Permission: 0
No permission
UUID
User ID for each user
GID
Group ID for each user group
symbolic permissions
permissions outlined as rwx
numeric permissions
permissions outlined numerically
Character before permissions: –
normal file
Character before permissions: l
symlink
Character before permissions: b
block device, hard drive, disk drive
Character before permissions: c
character device- monitor, keyboards, mice
Character before permissions: d
directory
chmod
used to change permissions for files and directories
ex: chmod 755 myscript.sh
set the permissions as ‘user read/write/execute’, ‘group read/execute’ and ‘other
read/execute’
ex: chmod g=rx myscript.sh
or g+r-w+x
set permissions as group read/execute
chmod -r
allows you to apply permissions to an entire directory structure
ex: chmod 744 -R /home/user/data/*
Sets permissions for the all the files and directories within /home/user/data but
does NOT change the permissions of the /home/user/data directory itself
chmod -c
report which files were changed
chmod -v
show all files
chmod -h
change only symbolic links, not the original
chmod -f
ignore/don’t display error messages
chown
- change ownership of a file or directory
- . and : are symbolically equivalent
chgrp
change the group ownership of a file or folder
SUID
- Set User ID
- permits a user to access/run a program as if they were the OWNER
- 4 value
- u+s symbolic notation
- files with an ‘s’ in the place of ‘x’ within user column
Sticky Bit
- permission has a ‘t’ in place of an ‘x’ in the other’s column
- only allows the creator of a file to remove the file
- g+s symbolic notation
SGID
- Set group id bit
- files and folder’s with the s in place of the ‘x’ within the group column have this set
- assigns group ownership to files
- a+t symbolic notation
umask (command)
- shows the current umask settings and default value for the user
- can be used to set a new umask value for the current shell session
umask value
subtract the umask value from the default permission to get the current permission value
Default (no umask) permissions: files
rw-rw-rw (666)
Default (no umask) permissions: directories
rwxrwxrwx(777)
dpkg-reconfigure tzdata
command used to reconfigure time zone data on an Ubuntu system
symbolic link
- shortcut from one file to another
- small file containing its own inode and path to the original file
- permissions cannot be modified
ln (command)
used to create hard or symbolic link
ln -s
creates symbolic link
ex: ln -s myscript.sh yourscript.sh
creates a symbolic lnk called yourscript.sh pointing to myscript.sh
ex: ln myscript.sh yourscript.sh
Creates a hard link (default) called ‘yourscript.sh’ point to the data in the inode pointed
to by ‘myscript.sh’
ls -i [filename]
can be used to find all inodes/links for a file
Filesystem Hierarchy Standard (FHS)
- Defines the directory structure and contents in Unix-like operating systems
- data integrity is preserved
- standard is maintained by the Linux foundation
Linux Directory structure
-all files and directories appear under ‘root’ directory
/bin
- contains executable programs that the user can run
- LS, CD, PWD commands reside here
/etc
host-specific configuration files, no binaries
/etc/opt
config files for packages stored in /opt
/etc/sgml
config files for software that processes SGML
/etc/X11
config files for X Windows
/etc/XML
config files for software that processes XML
/run
run-time variable data, information about the running system since last boot
/sbin
essential system binaries
/srv
reserved for server applications
/tmp
- temp files
- not preserved between reboots
/usr
contains its own set of the directory tree that closely mirrors root
/usr/bin
non-essential command binary for all users
/usr/include
standard include files
/usr/local
tertiary hierarchy for local data, specific to host
/usr/sbin
non-essential system binaries
/usr/share
architecture independent shared data
/usr/src
source code
/usr/X11R6
older X Windows configuration
/var/lib
state information
/var/lock
lock files that keep track of resources in use
/var/log
log files
/var/mail
mailbox files
/var/opt
variable data from add-on packages stored in /opt
/var/run
run-time variable data
/var/spool
spool for tasks waiting to be processed
/var/tmp
Temporary files to be preserved between restarts
SIGHUP signal
1
/etc/default/grub
where you can make manual changes to GRUB2
du -sh
human readable summary of space being used in current directory
du -h –max-depth=[#] [directory]
-provides a summary of usage by the specified number of files/folders within the directory
du –inode
list inode usage information instead of block usage
top: ‘u’ key
pulls up processes for a user after typing in the user name
Commands that will show you full path to an application
- type -P
- which
/dev/sdd3
third partition on the fourth SATA disk
less: to scroll down
- Down arrow
- Page Dn key
- ‘j’ key
less: to scroll up
- Up arrow
- Page Up
- ‘k’ key
less: to search
type in desired text
/var/log/secure
- will create a new entry when someone logs into the system
- only readable by root
Parse a file containing regular expressions
grep -E -f [filename]
egrep -f [filename]
pgrep -a
list the full command line as well as the process ID
tmux (command)
- modern terminal window manager like ‘screen’ with extra features
- process will stay running after logging out
apt autoremove
-used to remove packages that were auto installed for packages no longer needed
locate (command)
- searches local database of files and folders looking for items that match
- database needs to be updated to keep track of changes
updatedb (command)
updates the database that the locate command uses
whereis (command)
command locates binary, source, and/or manual pages for a command
locate -i
ignore case on the file being searched for
/etc/updatedb.conf
- configuration file for the updatedb command
- contains full or partial filenames to ignore or ‘prune’ from database updates
which -a [command]
display all matches in the PATH, in the order they would run/appear
whereis -b
searches for binaries
whereis -m
searches for manual entries/man pages
whereis -s
locates the source of a specified command name
whereis -u
unusual or undocumented entries
type -a
lists all variants of the indicated command
find -perm -[####]
find matching files by indicated permission
uniqu -c
will list the amount of times a line appears consecutively in a file
uniq –group
show all items, separating groups with an empty line
sort -u
will remove any duplicate lines in a file
`example:
cat list.csv | tr ‘,’ ‘:’
-Print out the file with colons replacing commas
example:
cat list.csv | tr -d ‘,’
Print out the file without showing the commas
/etc/mke2fs.conf
configuration file used by mke2fs command when creating ext file systems
xfs_db: frag
will check on the filesystem’s fragmentation
xfs_db: freesp
will show how much free space is on the particular device
find . -atime -2
-pulls list of files accessed in the last 48 hours
touch -m [filename]
change modification time
locate -A [option1] [option2]
used to locate patterns that match all options
locate -c
count the number of files that match the given pattern
dpkg –get-selections
to list out every package installed on a Debian system
dpkg-query -S [pathname]
to find out which package owns a specific file
apt-file
utility used for searching for searching for files inside packages
fdisk -l /dev/sda
command used to locate the boot partition
ssh-keygen
used to generate a public and private SSH key pair when accessing remote, cloud-based systems
ssh-copy-id
used to copy a system’s public SSH key to a remote system to facilitate remote authentication
ldconfig -v
display the library version numbers, name of each directory and the links that are created
ldd -u (–unused)
prints the unused dependencies if they exist
Location of menu entries for GRUB
GRUB: /boot/grub/grub.cfg
GRUB Legacy: /boot/grub/menu.lst
locate -e
print only entries that pull existing files at the time the command is run
/var/lib/dbus/machine-id
- location of dbus id
- symbolically linked to /etc/machine-id
unset -f (name of function)
used to remove a function
shopt -u (option)
to disable an option
Non-Special Characters in Basic Regular Expressions
- ?
- +
- { }
- |
- ()
- Must be escaped with \
Reach runlevel 1 (SysV)
telinit 1, s, or S
- kill -l
- man 7 signal
method of pulling up kill signals
Most common kill signals
- 1 Sighup
- 9 Sigkill
- 15 Sigterm
