2 - Linux Block Test Flashcards
UNIX
The commercial trademark owned by Bell Labs/AT&T
Unix
The generic name for all UNIX-like OS
Unix-like
Refers to absence of proprietary UNIX source code
Linux
Trademark owned by Linus Torvalds
Examples of Unix OSs
Mac OS X (Apple)
Solaris (Sun, Oracle)
AIX (IBM)
UX (HP)
Theater Battle Management Core Systems (TBMCS, USAF)
Global Command and Control Systems (GCCS, USAF)
Linux Characteristics
Flexibility - Many commands and multiple ways to do things
Multitasking - Perform tasks in parallel (ex: Email and DNS server)
Multi-user - Multiple users can log in at same time
Portable - Runs on many different types of hardware
Case Sensitive
Kernel
Core of OS, interacts w/ hardware
User/OS interaction chain
User<->Shell<->Kernel<->Hardware
Shell Functions
Acts as CLI
Performs I/O redirection
Manages the environment
Performs variable and filename substitution
Common Shells
Bourne Shell (sh) (rewrite of OG UNIX shell)
Bourne Again Shell (bash)
Korn Shell (ksh)
C Shell (csh)
Almquist Shell (ash) (Used in resource-constrained environments)
Z Shell (zsh) (modern, themeable, bash improvement)
Kernel Functions
Manage creation, scheduling, and termination of processes
Manage memory allocation
Manage filesystem
Perform error handling
Manage I/O
Boot Process Phases
BIOS
GRUB 1
GRUB 2
Kernel
BIOS Phase (Boot Process)
POST
Initial hardware setup/config
Boot device selected and boot loader executed
Grand Unified Bootloader (GRUB) Stage 1 (Boot Process)
Small machine code located on MBR
Sole purpose is to locate and load GRUB stage 2
GRUB Stage 2 (Boot Process)
Kernel selection menu is presented
Loads initial RAM disk to memory (initrd) (Mounted as pseudo filesystem) (Used by kernel to load drivers for boot)
Loads kernel from the disk into memory
Kernel Stage (Boot Process)
Initialize/configure memory and hardware
Mounts initrd to load necessary drivers and kernel modules
Mounts root filesystem
Executes /sbin/init
cd
Change directory
~ is shortcut for home
/ is root
- is previous directory
Driver Module
Piece of code that can be added to the kernel at runtime
Loadable Kernel Modules
Add and remove functionality to/from the kernel while the system is running (Ex: Printer drivers)
Device Drivers
Allow programs to communicate with the systems hardware and peripheral devices
Almost every system operation eventually maps to hardware
echo
Display arg(s) to STDOUT followed by newline
-n – Omit trailing newline
-e – Enable escape sequences (characters such as \t need to be in quotes)
Root Directory
/ is top of directory structure
/root is root user’s home directory
Home directories
Root: /root
Everyone else: /home/USERNAME
Can be referenced in CLI w/ ~
Filenames
Letters, numbers, and certain punctuation
Avoid special characters
Special characters must be escaped with \ or filename must be in quotes
File Privileges
Read (r): Read/copy a file
Write (w): Alter the contents
Execute (x): Allows file to execute as a program
User, group, and other
Directory Privileges
Read (r): See what’s inside directory. ls will return nothing without read permission
Write (w): Alter contents of directory. Required to add or remove files/subdirectories. Execute permission must also be set for this to work.
Execute (x): Required to cd into a directory
/etc/passwd
Stores user account info
Field 1– Username
Field 2 – Password placeholder
Field 3 – User ID (UID)
Field 4 – Group ID (GID)
Field 5 – Note (Display Name)
Field 6 – Home Folder
Field 7 – Primary login shell
/etc/group
Stores supplementary group info
Field 1 – Group name
Field 2 – Password placeholder
Field 3 – Group ID (GID)
Field 4 – Users in the group (SUPPLEMENTARY ONLY. Does not show primary group membership)
/etc/shadow
Stores user account password info
Field 1 – User name
Field 2 – Password field
Subfield 1 – Hash method
Subfield 2 – Password salt
Subfield 3 – Hashed PW
Field 3-8 – PW metadata
whatis
Prints one-line man page descriptions
which
Prints command’s executable path
whereis
Locate binary, source, and man pages for command
/proc/PID/cmdline
Command and arguments used to invoke the process
/proc/PID/environ
environment variables
/proc/PID/cwd
current working directory of process
/proc/PID/exe
executable of process
/proc/PID/stat
status info about the process
/proc/PID/fd
folder with entries for each file the process has open, named by file descriptor, which links to the actual files
/proc/cpuinfo
CPU and system architecture info
/proc/meminfo
memory and swap usage
/proc/cmdline
options used to start the kernel
/proc/filesystems
filesystems supported by the kernel
/proc/modules
active kernel modules
/proc/mounts
mounted devices
/proc/uptime
system uptime (up:idle)
/proc/net
network informaiton
/proc/version
kernel and linux version info
systemd
first process started by the kernel
has a PID of 1
initializes components that need to be started after kernel is booted
handles service management
service unit
refered to by systemd to manage service daemons
target unit
collection of other units
Network File System (NFS)
Internet standard protocol created by Sun in 1984
Allows file sharing by mounting remote directories using Remote Procedure Calls
/etc/exports
Where network shares are set up
Field 1 – Share folder location (absolute path)
Field 2 – Who is allowed to access
Field 3 – Options (ro, rw, squash_root, all_squash, sync)
Field 4 – Comments
/etc/sysconfig/network-scripts
Contains config files named after each interface
Also contains IP, netmask, and gateway settings
/etc/resolv.conf
File containing DNS server settings
iptables Tables
Filter – Default table, allows or disallows packets
Mangle – Alter packet headers such as changing TTL values
NAT – Route packets to different hosts on NAT network
Raw – Work with packets before the kernel starts tracking state
iptables Chains
prerouting – just as packets arrive on network interface
Input – just before packets are given to local process
output – just after packets have been produced by a process
forward – any packets being routed through host (not sent to a process)
postrouting – just as packets leave the network interface
Non-terminating Targets (iptables)
log
return
goto
Terminating Targets (iptables)
accept
drop
reject
/etc/sysconfig/iptables
file used to store firewall rules
policy vs target (iptables)
Target – What happens to a packet if it matches a rule in a chain
Policy – Default action that happens to a packet if it does not match any rule in a chain. Essentially the default rule
/etc/rsyslog.conf
Config file that tells which messages are logged and where they are logged to
/var/log
Holds most system logs, by convention, but not by rule
/var/log/messages
General system activity log
/var/log/dmesg
Info about kernel booting and the devices the kernel has found
Viewed with dmesg command
/var/log/anaconda.log
Linux installation-related logs
/var/log/kern.log
Kernel logs
/var/log/maillog
Mail server logs
/var/log/secure
Info related to authentication and authorization privileges
commands run w/ sudo are logged here
/var/log/boot.log
System boot logs
/var/log/cups
Printer and printing logs
/var/log/yum.log
Log entries related to package installation/removal using yum
/var/log/cron
Logs created whenever crond or anacron starts a cron job
/var/log/lastlog
Info about the last login for each user
Viewed with lastlog command
/var/log/btmp
Info about failed login attempts
Viewed using lastb command
/var/run/utmp
Info about who is currently logged in
Viewed using who or w command
/var/log/wtmp
Info about all successful logins/logouts (historical utmp)
Viewed using last command
syslog daemon
uses the /etc/rsyslog.conf file to process system service log events
auditd
auditing daemon which processes audit events
/var/log/audit/audit.log
file where audit events are logged to
/etc/audit/audit.rules
file containing audit rules to be loaded at startup
/etc/audit/rules.d/
rules to be compiled by augenrules
auditctl
command used to create audit rules on the fly
ausearch
command used to search the audit log
/etc/logrotate.conf
Configuration file that handles log rotation policy
User crontab location
/var/spool/cron/USERNAME
system crontab location
/etc/crontab
crond
daemon that executes scheduled commands
Virtualization
process of creating a software-based version of something rather than a physical one
Host OS
OS running the virtual environment in which guest OSs run
Guest OS
OS inside a virtual environment
Hypervisor
Separates the OS from the hardware
Software that allows you to run multiple virtual machines on the same hardware
Two types
Type 1: Bare-metal – Hypervisor runs directly on the hardware and is the host OS itself
Type 2: Hypervisor runs as an application on the host OS
Logical resources
representation of physical resources
Physical resources
Actual underlying hardware
Types of virtualization
Server – One physical machine divided into many virtual servers. Utilizes a hypervisor
Application – VMs in which an application executes, such as java or python VMs. Stream apps from a central location
Network – Combination of multiple networks (VPNs). Logically segment physical network with virtual network devices
Containerization – Contains everything needed to run a piece of software (code, libraries, etc.) but do not virtualize hardware. Shares kernel with other containers.
Advantages of virtualization
Consolidation of hardware resources allowing multiple instances to run on one machine
Reduced Costs (generally)
OS is tied to hypervisor, not the hardware, making migration/cloning easier
Easier testing with snapshots and lab environments
Advanced RISC Machine (ARM) processor
Processor typically used in smartphones and tablets
Three Key attributes:
Small implementation size
Good performance
Very low power consumption
Instruction sets for ARM processor
ARM set – 32-bit instructions
Thumb set – 16-bit instructions
Subset of ARM set’s functionality
Trades reduced performance for improved code density
Android OS
Open source OS based on linux
Acquired from Danger by Google in 2005
Five Android Layers
Linux kernel – Lowest level, built on Linux kernel, but Android is NOT Linux
Libraries – Native libraries, low level functionality, etc.
Android Runtime – Dalvik VM, Core Android Libraries
Application Framework – Java libraries used to build apps
Applications – All the apps on the system
Android Boot Process
Boot ROM
Boot Loader Stage 1
Boot Loader Stage 2
Kernel
Init
Zygote
System Servers
Home Application
Contacts
Boot ROM (Android Boot Process)
Performs check of all chip components
Detects boot media and locates boot loader
Loads boot loader stage 1 into internal RAM
Boot Loader Stage 1 (Android Boot Process)
Detects and sets up external RAM
Loads Boot Loader Stage 2 into external RAM
Boot Loader Stage 2 (Android Boot Process)
Sets up hardware such as networking and additional memory
Looks for linux kernel and loads it into memory
Passes control to kernel
Kernel Stage (Android Boot Process)
Setup memory protections, caches, and scheduling
Starts init process
Init (Android Boot Process)
Starts system service daemons in separate processes
Starts Zygote process
Starts Runtime Process, which starts service manager
Zygote (Android Boot Process)
Runtime process tells Zygote to start System Server
Listens for requests to spawn Dalvik VM instances, and does so
System Servers (Android Boot Process)
Starts native system servers
Starts Android managed services (those in the Application Framework layer)
Home Application (Android Boot Process)
Idle screen
After System Server loads all processes, Zygote loads the Home app in a new Dalvik VM
Boot Process Complete
