EXTRAS Flashcards
1
Q
mount an ISo
A
mount -o loop media.iso /media
2
Q
Set same SELinux context for a directory
A
chcon -R –reference=/var/www/html/ /var/www/html/inst
3
Q
FTP and http file location
A
vsftp server is /var/ftp/pub
HTML is /var/www/html
4
Q
example setting up a VSFTP server and upload DVD installation
A
#yum install vsftpd #service vsftpd start test that you can connect to ftp://127.0.0.1 #chkconfig vsftp on # mkdir /var/ftp/pub/inst -> create directory to copy files #mount -ro loop download.iso /media -> use iso or DVD #mount /dev/cdrom /media -> mount dvd # cp -ar /media/. /var/ftp/pub/inst #chcon -R -t public_content_t /var/ftp/ -recursively set SELinux context #service vsftpd restart
5
Q
add/remove software tool is located
A
System -> administration -> add/Remove Software
6
Q
List of packages needed for virtualization
A
qemu-kvm - the main kvm package
python-virtinst - command line tools and libraries for creating VMS
virt-manager - GUI VM administration tool
virt-top - command for VM statistics
virt-viewer - GUI connection to configure VMs
libvirt - c language toolkit with the libvirtd service
libvirt-client - c language toolkit for VM client
7
Q
check if the right VM modules are located
A
#lsmod | grep kvm output should return either kvm-intel or kvm-adm if the output is different or no output run this command to add: #modprobe kvm
8
Q
virt-install
A
You can also use the virt-install --prompt command to set virtual machines, just enter information as asked such as RAM, CPU, and so forth # virt-install --prompt
9
Q
virt-install to install a VM with a kickstart file
A
The virt-install –prompt command can be used to install from a kickstart. Example
# virt-install -n outside1.example.org -r 768 –dis \
path=/var/lib/libvirt/images/outsider1.example.org.img \
-l ftp://192.168.122.1/pub/inst \
-x “ks=ftp://192.168.122.1/pub/ks1.cfg”
10
Q
switches for the virt-install command
A
- n (–name) sets the name of a VM
- r (–ram) configures the amount of RAM in MB
- -disk defins the virtual disk
- l (–location) specifies the directory or URL wit hthe installation files
- x (–extra-args=) includes extra data, such as the url of a kickstart file.
11
Q
virt-clone –prompt
A
the virt-clone –prompt command can be used t oclone an existing VM. Make sure the system to be cloned is shutdown.
12
Q
Tools of interest for administrative purposes
A
- telnet and nmap to verify remove access to open ports
- mutt as an email client to verify the functionality of an email server
- elinks as a web browser to make sure web services are accessible
- lftp to access ftp servers with command completion
#telnet localhost 21 # nmap localhost #mutt -f pop://username@host you can also use the mail command as: $mail Michael subject: test cc: marth@example.com $mail -s 'host file' < /etc/hosts root@localhost $elinks http://127.0.0.1/inst $lftp ftp.example.org -u frany
13
Q
lftp standard commands
A
cd - changes the current working directory at the remote host
ls - list files at the remote host
get - retrieve one file from the remote host
mget - retrieve a group of files from the remote host
put - uploads one file from your computer to remote host
mput - uploads a group of files to remote host
pwd - list current working directory to the remote host
quit - ends the FTP session
!ls - list files on your host computer in the current directory
!cd - change the local host directory fur upload/download
!pwd - list current working directory on local host computer
14
Q
The Alias command examples
A
some alias command examples: #alias cp='cp -i' #alias l.='ls -d .* --color-=auto' #alias ll='ls -l --color=auto' #alias rm='rm -i' #alias rm ='mv -t ~/.trash'
15
Q
the locate command database
A
the locate command database is normally updated only once each day base on this cron /etc/cron.daily/mlocate.cron (might have to manually run)
16
Q
Specialized variations on the vi command:
A
vipw - edit /etc/passwd vigw - edit /etc/group visudo - etdit /etc/sudoers vipw -s - edit /etc/shadow vigr -s - edit /etc/gshadow
17
Q
arp command
A
The arp command displays a table of hardware and IP addresses on the local computer. ARP can help detect problem such as duplicate addresses on the network
18
Q
displaying routing table
A
#netstat -r -> displays routing table, similar to route #route -n -> similar to #netstat -rn
19
Q
get dhcp info
A
dhclient eth0
20
Q
two tools that can be used to configure network devices:
A
System-config-network -GUI
nm-connection-edit - GUI command line
System-preferences-network connections
21
Q
check DNS server
A
if in doubt about whether the DNS server is operational: #dig @192.168.122.1 mheducation.com
22
Q
default umask
A
The default umask is driven by the /etc/bashrc file
23
Q
remount a file system
A
mount -o remount /home
24
Q
common ports
A
21 - FTP 22 - secure shell (SSH) 23 - telnet 25 - SMTP 53 - DNS 80 - http 88 - kerberos 110 - pop 139 - netbios 143 - IMAP 443 - https 993 - IMAP over SSL 2049 - NFS4 995 - POP over SSL 69 - TFTP 139 & 445 as well as UDP 137 & 138 - SAMBA
25
diagnose error when running semanage login -l
```
#yum whatprovides /usr/sbin/semanage
#yum -y install policycoreutils-python
```
26
options for SELinux user roles
- guest_u no GUI, no networking, no access to the SU or sudo command
- xguest_u GUI, networking only via the firefox web browser
- user_u GUI and networking available
- staff_u GUI, networking, and the sudo command available
- unconfined_u Full system access
27
tools to search /var/log/audit
```
#ausearch -m avc -c sudo
#sealert -a /var/log/audit/audit.log
```
28
other facl command
```
#getfacl file | setfacl --set-file = - file2 -> copy acl from file1 to file2
#getfacl --access dir | setfacl -d -M-dir -> copy the access acl into the default ACL
```
29
GRUB common errors
error 15: file not found - the partition was mounted; the kernel was not found on that partition. Cause: root(hdx,y) directive does not point to the partition with /boot directory
ERROR 17: cannot mount selected partition: the partition is not formatted to a filesystem with files. Cause: the root(hdx,y) directive points to a partition formatted to a system such as linux swap
ERRO 22: no such partition: there is no partition specified by the root (hdx,y) directive.
30
list commands at group command line
To see a list of commands at the GRUB command line, press the tab key at the grub > prompt.
To find the grub.conf file (find the /boot directory)
grub > find /grub/grub.conf
Another way to find the /boot directory
grub > root
to confirm the location of grub.conf, run the cat command:
grub > cat (hd0,0) /grub/grub.conf
31
to see the files installed with a package
#rpm -ql upstart
32
runlevel control commands
halt -> moves to runlevel 0
init -> manages the current runlevel(different from init daemon)
initctl -> controls the init daemon
poweroff -> moves to runlevel 0
runlevel -> list current and previous runlevel
telinit -> manages the current runlevel
33
parameters in /etc/sysconfig/init
The parameters in the /etc/sysconfig/init specify how the system looks and feels during the boot process
34
virtual consoles
virtual consoles are configured in files /etc/sysconfig/init and the /etc/init directory.
35
System-config-services
Can also be used to start/stop services at boot. It's a gui tool.
36
ifconfig
Any changes made with the ifconfig command is temporary
37
examples for the route command
```
#route add default gw 192.168.122.1 > adding a default route
#route add default gw 0.0.0.0
#route add -net 192.168.0 netmask 255.255.255.0 dev eth1
-----> sets up a route to the noted network/subnet mask combination through the second ethernet device
```
38
Netstat
```
Netstat can do a lot more such as identifying open services on the local system
#netstat atnp
```
39
adding an arp entry
#arp -s buggy 00.00.00.cf.a1.33
40
delete an arp entry
#arp -d buggy
41
/etc/sysconfig/network directives
***NETWORKING - > can be yes or no, to configure or not configure networking
NETWORKING_IPV6 -> can be yes or no for ipv6
NSDOMAIN -> set the name of NIS domain, if connected to a NIS network
***HOSTNAME -> set the hostname of the local computer (can be set by the DHCP server)
GATEWAY -> set the IP address for the gateway(can be set by the DHCP server)
GATEWAYDEV - > sets the network device, such as eth0, that this computer uses to reach a gateway. there's no need fo rthis directive if there is only one network card.
42
using the GUI network manager configuration tool
```
You may need to first install the associated package:
#yum install NetworkManager-gnome
you can start GUI network connections tool
#nm-connection-editor
```
43
Creating a swap partition example using fdisk
```
#fdisk /dev/sdb
command (m for help): n
p
partition number(1-4): 1
first sector default:...
last sector:200MB
command(m for help): p
command(m for help): t
HEX code (type L to list codes): 82
command(m for help): w
```
```
when done follow by
#mkswap /dev/sdb1
#swapon /dev/sdb1
```
44
set a partition to a different type in parted
(parted)set
partition number? 1
flag to Invert? lvm
new state? [on]/off on
45
to see the swap space currently configured
```
run the command:
#cat /proc/swaps
```
46
checking a partition
```
#umount /var
#fsck -t ext4 /dev/sda7
#mount /dev/sda7 /var
```
47
disk utility GUI
```
One graphical tool that you can use for storage management is the disk utility, which is available from the gnome-disk-utility package. To access from the command line
#palimpsest
```
48
empty partition
For parted for a new empty partition, you need to create a label. You will get this message "unrecognized disk label" error; run first the mklabel command
(parted) mklabel msdos
(parted) mkpart
49
formatting partitions
```
-remember: for these command below, you need the appropriate partition
#mkfs.cramfs - create a compressed ROM filesystem
#mkfs.ext2 - formats a volume to the ext2 fs
#mkfs.ext3 - formats a volume to the ext3 fs
#mkfs.ext4 - formats a volume to the text4 fs
#mkfs.msdos -> or mkfs.vfat, or mkdosfs microsoft vfat, not bootable
#mkfs.exfs - formats a volume to the xfs fs
#mkswap - format a volume to the linux swap file system
```
50
Physical volume Management commands
pvchange - changes attributes of a PV: the pvchange -x /dev/sda10 command disables the use of PEs from the /dev/sda10 partition
pvck - checks the integrity of a physical volume
pvcreate - initializes a disk or partition as a PV; the partition should be flagged with the LVM file type
pvdisplay - displays currently configured PVs
pvmove - moves PVs in a VG from the specified partition to free locations on other partitions; prerequisite to disabling a PE. one example: pvmove /dev/sdda10
pvremove : removes a give PV from a list of recognized volume: for example, pvremove /dev/sda0
pvresize - change the amount of a partition allocated to a PV. If you've expanded partition /dev/sda10, pvresize /devsda10 takes advantage of the additional space. Alternatively, pvresize --set physical volumesize 100M /dev/sda10 reduces the amount of PVs taken from that partition to the noted space
PVS - list configured PVs and the associated VGs, if so assigned
PVscan - similar to PVS with more details
51
Volume group command
vgcfg backup - and vgcfg restore - backups up and restore the configuration file associated with LVMs, by default, they're in /etc/lvm directory
vgchange - similar to pvchange, allows you to activate or deactivate a VG. for example, vgchange-a
vgck - checks the integrity of a volume group
vgconvert - supports conversions from LVM1 systems to LVM2. vgconvert - M2 volgroup00 converts volgroup00
vgcreate - creates a VG, from two or more configured PVs. for example vgcreate vgroup0 /dev/sda10 /dev/sda11 creates vgroup00 from PVs as defined on /dev/sda10 /dev/sda11
vgdisplay - displays characteristics of currently configured VGs
vgexport - and vgimport - exports & imports unused VGs from those available for LVs; the vgexport -a command exports all inactive VGs
vgextend - if you've created a new PV. vgextend vgroup00 /dev/sda11 adds the space from /dev/sda11 to vgroup00
vgmerge - if you have an unused vgroup01, you can merge it into vgroup00 with the following command. vgmerge vgroup00 vgroup01
vgmknodes - run this command if you have a problem with vg device files
vgreduce - the vgreduce vgroup00 /dev/sda11 command removes the /dev/sda11 PV from vgroup00, assuming sufficient free space is available
vgremove - removes a VG
vgrename - rename VGs
vgs - displays basic information on configured vgs
vgscan - scans and displays basic information on configured VGs
vgsplit - splits a volume gorup
52
Logical volume commands
lvchange - similar to pvchange, changes the attributes of an LV. For example, lvchange -a n vgroup00/lvol00 command disables the use of the LV labeled lvol00
lvconvert - if there are sufficient available PVs, the lvconvert -ml vgroup00/lvol00 command mirrors the LV
lvcreate - creates a new LV in an existing VG. for example: lvcreate -l 200 volume01 -n lvol01 creates lvol01 from 200 extents in a VG named volume01
lvdisplay - displays currently configured LVs
lvextend - adds space to an LV. the lvextend -L 4G /dev/volume01/lvol01 command extends lvol01 to 4GB, assuming space is available
lvreduce: reduces the size of an LV; if there's data in the reduced area, it is lost
lvremote - removes an active LV. the LVremove volume01/lvol01 command removes all lvol01 from
volume01
lvrename - renames an LV
lvresize - resizes an LV; can be done by -L for size. lvresize -L 4GB volume01/lvol01 changes the size of lvol01 to 4GB
lvs - lists all configured LVs
lvscan - scans for all active LVs
53
LVM command installed(many exists, but only four are active)
LVM - brings you an LVM prompt to run other commands, type help to see a list
lvmconf - can modify the default settings in the related configuration file /etc/lvm/lvm.conf
lvmdiskscan - scans all available drives for LVM-configured partitions
lvmdump - sets up a configuration report in the root administrative user's home directory(/root)
54
To use the GUI logical volume management tool
#yum install system-config-lvm
55
Volume encryption with the linux unified key setup (LUKS)
LUKS works on a block level
| LUKS-protected system requires either a passphrase or a keyfile
56
encrypting a filesystem mounted on a specific directory
```
You need the dm_crypt module
#lsmod | grep dm_crypt
if you don't see an output regarding dm_crypt run:
#modprobe dm_crypt
You'll need to install the cryptsetup-luks RPM package
#yum install cryptsetup-luks
```
57
Create a LUKS-based filesystem with cryptsetup
#cryptsetup luksformat /dev/sda1 -> first create a passphrase
- once the partition is encrypted, it can't be read. Before you can format it, it must be mapped
First you need the UUID of the device. This command creates a UUID for the newly encrypted /dev/sda1 device:
#cryptsetup luksUUID /dev/sda1 -> generates a UUID
#cryptsetup luksopen /dev/sda uuid number
- the mapped device should now appear in the /dev/mapper directory
(instead of using a UUID you can use a word like test, unless required in the exam)
58
find the UUID associated with a particular encrypted filesystem
```
#dumpe2fs /dev/mapper/test | grep UUID
You can also use the blkld command to get the UUID
```
59
mounting a luks formatted filesystem
```
If the LUKS formatted filesystem /dev/mapper/test is to be mounted on the directory named /shared, you could add the following lines in /etc/cryptttab:
shared /dev/mapper/test none
shared UUID=uuidnumber none
-You can verify how partitions are actually mounted in the /etc/mtab
#cat /etc/mtab
```
60
description of entries in /etc/fstab example
```
/dev/dsa1 (device)
/home (mount point)
ext4 (fs format)
defaults(mount option)
0 0 ( Dump value followed by FS check order)
```
61
dump value
Either 0 or 1. A value of 1 means that data is automatically saved to disk by the dump command when you exit Linux
62
filesystem check order
Determines the order that filesystems are checked by fsck command during the boot process. The root directory(/) should be set to 1, and other local filesystems should be set to 2. Removable filesystems such as those associated with CD/DVD devices should be set to 0, which means they are not checked during the Linux boot process
63
Mount command and /etc/fstab options
async - data is read and written asynchronously
utime - the inode associated with each file is updated each time the file is accessed
auto - searches through /etc/filesystem for the appropriate format for the partition; normally associated with Floppy or removable media
defaults - uses default mount options rw,suid,dev,exec,auto,nouser,async
dev - permits access to character devices such as terminals or consoles and block devices such as drives
exec - allows binaries (compile programs) to be run on the File system
noatime - the inode associated with each file is not updated when accessed
noauto - requires explicit mounting common option for CD and floppy drives
nodev - devices on this Filesystem are not read or interpreted
noexec - binaries cannot be run on this filesystem
nosuid - disallows setuid or setgid permissions on this filesystem
nouser - only root users are allowed to mount the specified filesystem
remount - remounts a currently mounted filesystem also an option for the mount command
ro - mounts the filesystem as read-only
rw - mounts the filesystem as read/write
suid - allows setuid or setgid permissions on programs on this filesystem
sync - reads and writes are done at the same speed (synchronously) on this filesystem
user - allows non root users to mount this filesystem.
64
List of virtual filesystems in /etc/fstab
tmpfs - a virtual memory filesystem that uses both RAM & swap space
devpts - filesystem relates to Pseudo - terminal devices
sysfs - filesystem provides dynamic info about system devices. Explore the associated /sys directory
proc - provides dynamically configurable options for changing the behavior of the kernel
65
mount a cd/dvd
#mount -t iso 9660 /dev/sr0 /mnt
66
best option to mount nfs
```
#mount -t nfs server1:/pub share fsmount nfs
or add to /etc/fstab
server1:pub /share nfs rsize=8192,wsize=8192,time=14,intr,udp 00
```
67
option for mounting samba directories
in /etc/fstab
//server/pub /share cifs rw,username=user,password=passd, 0 0
or
//server/pub /share cifs rw,credentials/etc/secret 0 0
then your /etc/secrent content:
username=user
password = password
68
automount
default automounter settings are configured in /etc/sysconfig/autofs
- the automount daemon also known as the automounter or autofs can automatically mount specific directories as needed.
- the relevant confguration files are auto.master, auto.misc, auto.net, and auto.smb, all in the /etc/ directory
- if you use the automounter, keep the /misc and /net directories free. you won't even see the /misc and or /net directories unless you properly configure /etc/auto.master and the autofs daemon is running
69
/etc/auto.master (content a series of comments with 3 default commands)
/misc /etc/auto.misc configuration file for this directory
/net -hosts -> allows you to specify the hosts to automount a network directory as specified in the /etc/auto.net
+auto.master
One example to mount
/shared /etc/auto.home
70
yum-config-manager
```
To get the full list of yum configuration directives and their current values, run the following command
#yum-config-manager
This command requires the installation of the yum-util package.
```
71
additional yum commands
```
#yum info samba -> similar to #rpm -qi samba (query about samba
#yum erase package -> removes package
#yum whatprovides */*.repo
#yum grouplist
#yum groupinfo "Remote desktop clients"
#yum group install groupPackage name
#yum group install "print server" -x paps -x gutenprint-cups -> exclude paps & gutenprint from being installed
#yum groupremove "Print Server"
#yum createrepo -> helps you setup a local directory
#yum downloader cups
#yum-config-manager -> can display all current settings for each repository as well as downloaded individual RPM packages
#yum downloader
```
72
local access
local access is regulated in the /etc/security file
73
to set a password for a group
#gpasswd group
74
configure a client as an LDAP client
```
you can edit /etc/openldap/ldap.conf and add
URL ldap:127.0.0.1
HOST tester.example.com
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
```
75
The name service switch file
```
/etc/nsswitch.conf, governs how a computer seachers for key files as password databases. It can be configured to look through LDAP and other server databases such as /etc/hosts
hosts: files ldap dns
You can also add settings
passwd: files ldap
shadow: files ldap
group : files ldap
```
76
VNC
vnc communication normally proceeds on port 5900, must be open to enable communication.
The gnome-base VNC server is known as vino. TigerVNC server, based on tightvnc server also exists
77
Install vnc
#yum install vinagre tigernc tigernc-server
once installed you can start the configuration proces in the /etc/sysconfig/vncservers file
- sample configuration directives
#VNCSERVERS="2:myusername"
#VNCSERVERARGS[2]="-geometry 800 X 600 -no listen tcp -localhost"
$vncserver:2 -geometry 640 x 400
78
stop the vnc server
#/etc/init.d/vncserver stop
79
vnc gnome
```
you can use the vncviewer command to connect to a vnc server
#vncviewer 192.168.122.1 :2
```
```
To use the GNOME-based vino server, after it's installed
#vino-preferences
```
80
password protect grub
```
First create an md5 passwd
#grub-md5-crypt
passwod:
```
Then edit /boot/grub/grub.conf under the timeout line in the main section enter
passwd --md5
81
Setup NFS server and NFS partition
```
#yum install nfs-utils nfs-utils-lib
#chkconfig nfs on
#service rpcbind start
#service nfs start
```
```
#mkdir /shareFiles
#vi /etc/exports
enter
/shareFiles tester1(rw,sync,no_root_squash,no_subtree_check)
#exportfs -a
```
82
Installing a Samba Server
#yum install samba
```
add a user
#useradd visitor -s /sbin/nologin
```
```
set smb password
#smbpasswd -a visitor
```
```
make the directory to be shared
#mkdir /smbshare
```
```
change ownership directory
#chown -R visitor:root /smbshare
```
```
add this entry iinto /etc/samba/smb.conf
[smbshare]
comment = Share
path = /smbshare
writable = yes
valid users = shareuser
```
```
Start the smb service
#service smb start
```
```
add it at startup
#chkconfig --level 235 smb on
```
```
test that it works
#testparm
```
83
setup ftp to only allow specific IPs
```
#yum install -y vsftp*
#vi /etc/vsftpd/vsftpd.conf
verify that this is present or add: tcp_wrappers=YES
```
#service vsftpd restart
In /etc/hosts.deny deny everyone for vsftpd :
vsftpd: ALL
Then, in /etc/hosts.allow add the authorized IPs :
vsftpd:192.168.0.39 192.168.0.50
