Extras Flashcards
1
Q
mount an ISo
A
mount -o loop media.iso /media
2
Q
Set same SELinux context for a directory
A
chcon -R –reference=/var/www/html/ /var/www/html/inst
3
Q
FTP and http file location
A
vsftp server is /var/ftp/pub
HTML is /var/www/html
4
Q
add/remove software tool is located
A
System -> administration -> add/Remove Software
5
Q
List of packages needed for virtualization
A
qemu-kvm - the main kvm packagepython-virtinst - command line tools and libraries for creating VMS
virt-manager - GUI VM administration toolvirt-top - command for VM statisticsvirt-viewer - GUI connection to configure VMs
libvirt - c language toolkit with the libvirtd servicelibvirt-client - c language toolkit for VM client
6
Q
check if the right VM modules are located
A
#lsmod | grep kvm output should return either kvm-intel or kvm-adm if the output is different or no output run this command to add: #modprobe kvm
7
Q
virt-install
A
You can also use the virt-install --prompt command to set virtual machines, just enter information as asked such as RAM, CPU, and so forth # virt-install --prompt
8
Q
virt-install to install a VM with a kickstart file
A
The virt-install –prompt command can be used to install from a kickstart. Example
# virt-install -n outside1.example.org -r 768 –dis \
path=/var/lib/libvirt/images/outsider1.example.org.img \
-l ftp://192.168.122.1/pub/inst \
-x “ks=ftp://192.168.122.1/pub/ks1.cfg”
9
Q
switches for the virt-install command
A
- n (–name) sets the name of a VM
- r (–ram) configures the amount of RAM in MB
- -disk defins the virtual disk
- l (–location) specifies the directory or URL with the installation files
- x (–extra-args=) includes extra data, such as the url of a kickstart file.
10
Q
virt-clone –prompt
A
the virt-clone –prompt command can be used t oclone an existing VM. Make sure the system to be cloned is shutdown.
11
Q
Tools of interest for administrative purposes
A
- telnet and nmap to verify remove access to open ports- mutt as an email client to verify the functionality of an email server
- elinks as a web browser to make sure web services are accessible
- lftp to access ftp servers with command completion
#telnet localhost 21
# nmap localhost
#mutt -f pop://username@host
you can also use the mail command as:
$mail Michaelsubject: test
cc: marth@example.com
$mail -s ‘host file’ < /etc/hosts root@localhost
$elinks http://127.0.0.1/inst
$lftp ftp.example.org -u frany
12
Q
lftp standard commands
A
cd - changes the current working directory at the remote host
ls - list files at the remote host
get - retrieve one file from the remote host
mget - retrieve a group of files from the remote host
put - uploads one file from your computer to remote hostmput - uploads a group of files to remote host
pwd - list current working directory to the remote host
quit - ends the FTP session
!ls - list files on your host computer in the current directory
!cd - change the local host directory fur upload/download
!pwd - list current working directory on local host computer
13
Q
The Alias command examples
A
some alias command examples: #alias cp='cp -i' #alias l.='ls -d .* --color-=auto' #alias ll='ls -l --color=auto' #alias rm='rm -i' #alias rm ='mv -t ~/.trash'
14
Q
the locate command database
A
the locate command database is normally updated only once each day base on this cron /etc/cron.daily/mlocate.cron (might have to manually run)
15
Q
Specialized variations on the vi command:
A
vipw - edit /etc/passwd vigw - edit /etc/group visudo - etdit /etc/sudoers vipw -s - edit /etc/shadow vigr -s - edit /etc/gshadow
16
Q
arp command
A
The arp command displays a table of hardware and IP addresses on the local computer. ARP can help detect problem such as duplicate addresses on the network
17
Q
displaying routing table
A
#netstat -r -> displays routing table, similar to route #route -n -> similar to #netstat -rn
18
Q
get dhcp info
A
dhclient eth0
19
Q
two tools that can be used to configure network devices:
A
System-config-network -GUI
nm-connection-edit - GUI command line
System-preferences-network connections
20
Q
check DNS server
A
if in doubt about whether the DNS server is operational: #dig @192.168.122.1 mheducation.com
21
Q
default umask
A
The default umask is driven by the /etc/bashrc file
22
Q
remount a file system
A
mount -o remount /home
23
Q
common ports
A
21 - FTP 22 - secure shell (SSH) 23 - telnet 25 - SMTP 53 - DNS 80 - http 88 - kerberos 110 - pop 139 - netbios 143 - IMAP 443 - https 993 - IMAP over SSL 2049 - NFS 4995 - POP over SSL 69 - TFTP 139 & 445 as well as UDP 137 & 138 - SAMBA
24
Q
diagnose error when running semanage login -l
A
#yum whatprovides /usr/sbin/semanage #yum -y install policycoreutils-python
25
options for SELinux user roles
- guest_u no GUI, no networking, no access to the SU or sudo command
- xguest_u GUI, networking only via the firefox web browser
- user_u GUI and networking available
- staff_u GUI, networking, and the sudo command available-unconfined_u Full system access
26
tools to search /var/log/audit
```
#ausearch -m avc -c sudo
#sealert -a /var/log/audit/audit.log
```
27
other facl command
```
#getfacl file | setfacl --set-file = - file2 -> copy acl from file1 to file2
#getfacl --access dir | setfacl -d -M-dir -> copy the access acl into the default ACL
```
28
GRUB common errors
error 15: file not found - the partition was mounted; the kernel was not found on that partition. Cause: root(hdx,y) directive does not point to the partition with /boot directory
ERROR 17: cannot mount selected partition: the partition is not formatted to a filesystem with files. Cause: the root(hdx,y) directive points to a partition formatted to a system such as linux swap
ERRO 22: no such partition: there is no partition specified by the root (hdx,y) directive.
29
list commands at group command line
To see a list of commands at the GRUB command line, press the tab key at the grub > prompt. To find the grub.conf file (find the /boot directory)grub
> find /grub/grub.confAnother way to find the /boot directorygrub
> root
to confirm the location of grub.conf, run the cat command:grub
> cat (hd0,0) /grub/grub.conf
30
to see the files installed with a package
#rpm -ql upstart
31
parameters in /etc/sysconfig/init
The parameters in the /etc/sysconfig/init specify how the system looks and feels during the boot process
32
virtual consoles
virtual consoles are configured in files /etc/sysconfig/init and the /etc/init directory.
33
examples for the route command
```
#route add default gw 192.168.122.1 > adding a default route
#route add default gw 0.0.0.0
#route add -net 192.168.0 netmask 255.255.255.0 dev eth1-----> sets up a route to the noted network/subnet mask combination through the second ethernet device
```
34
Netstat
Netstat can do a lot more such as identifying open services on the local system#netstat atnp
35
adding an arp entry
#arp -s buggy 00.00.00.cf.a1.33
36
delete an arp entry
#arp -d buggy
37
/etc/sysconfig/network directives
***NETWORKING - > can be yes or no, to configure or not configure networking
NETWORKING_IPV6 -> can be yes or no for ipv6NSDOMAIN -> set the name of NIS domain, if connected to a NIS network
***HOSTNAME -> set the hostname of the local computer (can be set by the DHCP server)
GATEWAY -> set the IP address for the gateway(can be set by the DHCP server)
GATEWAYDEV - > sets the network device, such as eth0, that this computer uses to reach a gateway. there's no need fo rthis directive if there is only one network card.
38
using the GUI network manager configuration tool
```
You may need to first install the associated package:
#yum install NetworkManager-gnome
you can start GUI network connections tool
#nm-connection-editor
```
39
Creating a swap partition example using fdisk
```
#fdisk /dev/sdb
command (m for help): n
ppartition number(1-4): 1
first sector default:...last sector:200MB
command(m for help): p
command(m for help): t
HEX code (type L to list codes): 82
command(m for help): w
when done follow by
#mkswap /dev/sdb1
#swapon /dev/sdb1
```
40
set a partition to a different type in parted
(parted)set
partition number?
1flag to Invert?
lvmnew state? [on]/off on
41
to see the swap space currently configured
```
run the command:
#cat /proc/swaps
```
42
checking a partition
```
#umount /var
#fsck -t ext4 /dev/sda7
#mount /dev/sda7 /var
```
43
disk utility GUI
```
One graphical tool that you can use for storage management is the disk utility, which is available from the gnome-disk-utility package. To access from the command line
#palimpsest
```
44
empty partition
For parted for a new empty partition, you need to create a label. You will get this message "unrecognized disk label" error; run first the mklabel command(parted) mklabel msdos(parted) mkpart
45
formatting partitions
```
-remember: for these command below, you need the appropriate partition
#mkfs.cramfs - create a compressed ROM filesystem
#mkfs.ext2 - formats a volume to the ext2 fs
#mkfs.ext3 - formats a volume to the ext3 fs
#mkfs.ext4 - formats a volume to the text4 fs
#mkfs.msdos -> or mkfs.vfat, or mkdosfs microsoft vfat, not bootable
#mkfs.exfs - formats a volume to the xfs fs
#mkswap - format a volume to the linux swap file system
```
46
LVM command installed(many exists, but only four are active)
LVM - brings you an LVM prompt to run other commands, type help to see a list
lvmconf - can modify the default settings in the related configuration file /etc/lvm/lvm.conf
lvmdiskscan - scans all available drives for LVM-configured partitions
lvmdump - sets up a configuration report in the root administrative user's home directory(/root)
47
To use the GUI logical volume management tool
#yum install system-config-lvm
48
Volume encryption with the linux unified key setup (LUKS)
LUKS works on a block levelLUKS-protected system requires either a passphrase or a keyfile
49
encrypting a filesystem mounted on a specific directory
```
You need the dm_crypt module
#lsmod | grep dm_cryptif you don't see an output regarding dm_crypt run:
#modprobe dm_cryptYou'll need to install the cryptsetup-luks RPM package
#yum install cryptsetup
```
50
Create a LUKS-based filesystem with cryptsetup
```
#cryptsetup luksformat /dev/sda1 ->
first create a passphrase-
once the partition is encrypted, it can't be read. Before you can format it, it must be mapped
First you need the UUID of the device. This command creates a UUID for the newly encrypted /dev/sda1 device:
#cryptsetup luksUUID /dev/sda1 -> generates a UUID
#cryptsetup luksopen /dev/sda uuid number- the mapped device should now appear in the /dev/mapper directory(instead of using a UUID you can use a word like test, unless required in the exam)
```
51
find the UUID associated with a particular encrypted filesystem
```
#dumpe2fs /dev/mapper/test | grep UUID
You can also use the blkld command to get the UUID
```
52
mounting a luks formatted filesystem
```
If the LUKS formatted filesystem /dev/mapper/test is to be mounted on the directory named /shared, you could add the following lines in /etc/cryptttab:shared /dev/mapper/test noneshared UUID=uuidnumber none-You can verify how partitions are actually mounted in the /etc/mtab
#cat /etc/mtab
```
53
description of entries in /etc/fstab example
/dev/dsa1 (device)/home (mount point)ext4 (fs format)defaults(mount option)0 0 ( Dump value followed by FS check order)
54
dump value
Either 0 or 1. A value of 1 means that data is automatically saved to disk by the dump command when you exit Linux
55
filesystem check order
Determines the order that filesystems are checked by fsck command during the boot process. The root directory(/) should be set to 1, and other local filesystems should be set to 2. Removable filesystems such as those associated with CD/DVD devices should be set to 0, which means they are not checked during the Linux boot process
56
List of virtual filesystems in /etc/fstab
tmpfs - a virtual memory filesystem that uses both RAM & swap space
devpts - filesystem relates to Pseudo - terminal devices
sysfs - filesystem provides dynamic info about system devices. Explore the associated /sys directory
proc - provides dynamically configurable options for changing the behavior of the kernel
57
mount a cd/dvd
#mount -t iso 9660 /dev/sr0 /mnt
58
best option to mount nfs
```
#mount -t nfs server1:/pub share fsmount nfs
or add to /etc/fstabserver1:pub /share nfs rsize=8192,wsize=8192,time=14,intr,udp 00
```
59
option for mounting samba directories
in /etc/fstab//server/pub /share cifs rw,username=user,password=passd, 0 0
or//server/pub /share cifs rw,credentials/etc/secret 0 0
then your /etc/secrent content:username=userpassword = password
60
yum-config-manager
```
To get the full list of yum configuration directives and their current values, run the following command
#yum-config-managerThis command requires the installation of the yum-util package.
```
61
additional yum commands
```
#yum info samba -> similar to #rpm -qi samba (query about samba
#yum erase package -> removes package
#yum whatprovides */*.repo
#yum grouplist
#yum groupinfo "Remote desktop clients"
#yum group install groupPackage name
#yum group install "print server" -x paps -x gutenprint-cups -> exclude paps & gutenprint from being installed
#yum groupremove "Print Server"
#yum createrepo -> helps you setup a local directory
#yum downloader cups
#yum-config-manager -> can display all current settings for each repository as well as downloaded individual RPM packages
#yum downloader
```
62
local access
local access is regulated in the /etc/security file
63
to set a password for a group
#gpasswd group
64
configure a client as an LDAP client
you can edit /etc/openldap/ldap.conf and add
URL ldap:127.0.0.1HOST tester.example.comBASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
65
The name service switch file
```
/etc/nsswitch.conf, governs how a computer seachers for key files as password databases. It can be configured to look through LDAP and other server databases such as /etc/hosts
hosts: files ldap dns
You can also add settings
passwd: files ldap
shadow: files ldap
group : files ldap
```
66
VNC
vnc communication normally proceeds on port 5900, must be open to enable communication.The gnome-base VNC server is known as vino. TigerVNC server, based on tightvnc server also exists
67
vnc gnome
```
you can use the vncviewer command to connect to a vnc server
#vncviewer 192.168.122.1 :2To use the GNOME-based vino server, after it's installed
#vino-preferences
```
68
password protect grub
```
First create an md5 passwd
#grub-md5-cryptpasswod:
Then edit /boot/grub/grub.conf under the timeout line in the main section enter
passwd --md5
```
69
setup ftp to only allow specific IPs
```
#yum install -y vsftp*
#vi /etc/vsftpd/vsftpd.conf
verify that this is present or add: tcp_wrappers=YES
#service vsftpd restartIn /etc/hosts.deny deny everyone for vsftpd :vsftpd: ALL
Then, in /etc/hosts.allow add the authorized IPs :vsftpd:192.168.0.39 192.168.0.50
```
