Extras Flashcards
mount an ISo
mount -o loop media.iso /media
Set same SELinux context for a directory
chcon -R –reference=/var/www/html/ /var/www/html/inst
FTP and http file location
vsftp server is /var/ftp/pub
HTML is /var/www/html
add/remove software tool is located
System -> administration -> add/Remove Software
List of packages needed for virtualization
qemu-kvm - the main kvm packagepython-virtinst - command line tools and libraries for creating VMS
virt-manager - GUI VM administration toolvirt-top - command for VM statisticsvirt-viewer - GUI connection to configure VMs
libvirt - c language toolkit with the libvirtd servicelibvirt-client - c language toolkit for VM client
check if the right VM modules are located
#lsmod | grep kvm output should return either kvm-intel or kvm-adm if the output is different or no output run this command to add: #modprobe kvm
virt-install
You can also use the virt-install --prompt command to set virtual machines, just enter information as asked such as RAM, CPU, and so forth # virt-install --prompt
virt-install to install a VM with a kickstart file
The virt-install –prompt command can be used to install from a kickstart. Example
# virt-install -n outside1.example.org -r 768 –dis \
path=/var/lib/libvirt/images/outsider1.example.org.img \
-l ftp://192.168.122.1/pub/inst \
-x “ks=ftp://192.168.122.1/pub/ks1.cfg”
switches for the virt-install command
- n (–name) sets the name of a VM
- r (–ram) configures the amount of RAM in MB
- -disk defins the virtual disk
- l (–location) specifies the directory or URL with the installation files
- x (–extra-args=) includes extra data, such as the url of a kickstart file.
virt-clone –prompt
the virt-clone –prompt command can be used t oclone an existing VM. Make sure the system to be cloned is shutdown.
Tools of interest for administrative purposes
- telnet and nmap to verify remove access to open ports- mutt as an email client to verify the functionality of an email server
- elinks as a web browser to make sure web services are accessible
- lftp to access ftp servers with command completion
#telnet localhost 21
# nmap localhost
#mutt -f pop://username@host
you can also use the mail command as:
$mail Michaelsubject: test
cc: marth@example.com
$mail -s ‘host file’ < /etc/hosts root@localhost
$elinks http://127.0.0.1/inst
$lftp ftp.example.org -u frany
lftp standard commands
cd - changes the current working directory at the remote host
ls - list files at the remote host
get - retrieve one file from the remote host
mget - retrieve a group of files from the remote host
put - uploads one file from your computer to remote hostmput - uploads a group of files to remote host
pwd - list current working directory to the remote host
quit - ends the FTP session
!ls - list files on your host computer in the current directory
!cd - change the local host directory fur upload/download
!pwd - list current working directory on local host computer
The Alias command examples
some alias command examples: #alias cp='cp -i' #alias l.='ls -d .* --color-=auto' #alias ll='ls -l --color=auto' #alias rm='rm -i' #alias rm ='mv -t ~/.trash'
the locate command database
the locate command database is normally updated only once each day base on this cron /etc/cron.daily/mlocate.cron (might have to manually run)
Specialized variations on the vi command:
vipw - edit /etc/passwd vigw - edit /etc/group visudo - etdit /etc/sudoers vipw -s - edit /etc/shadow vigr -s - edit /etc/gshadow
arp command
The arp command displays a table of hardware and IP addresses on the local computer. ARP can help detect problem such as duplicate addresses on the network
displaying routing table
#netstat -r -> displays routing table, similar to route #route -n -> similar to #netstat -rn
get dhcp info
dhclient eth0
two tools that can be used to configure network devices:
System-config-network -GUI
nm-connection-edit - GUI command line
System-preferences-network connections
check DNS server
if in doubt about whether the DNS server is operational: #dig @192.168.122.1 mheducation.com
default umask
The default umask is driven by the /etc/bashrc file
remount a file system
mount -o remount /home
common ports
21 - FTP 22 - secure shell (SSH) 23 - telnet 25 - SMTP 53 - DNS 80 - http 88 - kerberos 110 - pop 139 - netbios 143 - IMAP 443 - https 993 - IMAP over SSL 2049 - NFS 4995 - POP over SSL 69 - TFTP 139 & 445 as well as UDP 137 & 138 - SAMBA
diagnose error when running semanage login -l
#yum whatprovides /usr/sbin/semanage #yum -y install policycoreutils-python
options for SELinux user roles
- guest_u no GUI, no networking, no access to the SU or sudo command
- xguest_u GUI, networking only via the firefox web browser
- user_u GUI and networking available
- staff_u GUI, networking, and the sudo command available-unconfined_u Full system access
tools to search /var/log/audit
#ausearch -m avc -c sudo #sealert -a /var/log/audit/audit.log
other facl command
#getfacl file | setfacl --set-file = - file2 -> copy acl from file1 to file2 #getfacl --access dir | setfacl -d -M-dir -> copy the access acl into the default ACL
GRUB common errors
error 15: file not found - the partition was mounted; the kernel was not found on that partition. Cause: root(hdx,y) directive does not point to the partition with /boot directory
ERROR 17: cannot mount selected partition: the partition is not formatted to a filesystem with files. Cause: the root(hdx,y) directive points to a partition formatted to a system such as linux swap
ERRO 22: no such partition: there is no partition specified by the root (hdx,y) directive.
list commands at group command line
To see a list of commands at the GRUB command line, press the tab key at the grub > prompt. To find the grub.conf file (find the /boot directory)grub
> find /grub/grub.confAnother way to find the /boot directorygrub
> root
to confirm the location of grub.conf, run the cat command:grub
> cat (hd0,0) /grub/grub.conf
to see the files installed with a package
rpm -ql upstart
parameters in /etc/sysconfig/init
The parameters in the /etc/sysconfig/init specify how the system looks and feels during the boot process
virtual consoles
virtual consoles are configured in files /etc/sysconfig/init and the /etc/init directory.
examples for the route command
#route add default gw 192.168.122.1 > adding a default route #route add default gw 0.0.0.0 #route add -net 192.168.0 netmask 255.255.255.0 dev eth1-----> sets up a route to the noted network/subnet mask combination through the second ethernet device
Netstat
Netstat can do a lot more such as identifying open services on the local system#netstat atnp
adding an arp entry
arp -s buggy 00.00.00.cf.a1.33
delete an arp entry
arp -d buggy
/etc/sysconfig/network directives
**NETWORKING - > can be yes or no, to configure or not configure networking
NETWORKING_IPV6 -> can be yes or no for ipv6NSDOMAIN -> set the name of NIS domain, if connected to a NIS network
**HOSTNAME -> set the hostname of the local computer (can be set by the DHCP server)
GATEWAY -> set the IP address for the gateway(can be set by the DHCP server)
GATEWAYDEV - > sets the network device, such as eth0, that this computer uses to reach a gateway. there’s no need fo rthis directive if there is only one network card.
using the GUI network manager configuration tool
You may need to first install the associated package: #yum install NetworkManager-gnome you can start GUI network connections tool #nm-connection-editor
Creating a swap partition example using fdisk
#fdisk /dev/sdb command (m for help): n ppartition number(1-4): 1 first sector default:...last sector:200MB command(m for help): p command(m for help): t HEX code (type L to list codes): 82 command(m for help): w when done follow by #mkswap /dev/sdb1 #swapon /dev/sdb1
set a partition to a different type in parted
(parted)set
partition number?
1flag to Invert?
lvmnew state? [on]/off on
to see the swap space currently configured
run the command: #cat /proc/swaps
checking a partition
#umount /var #fsck -t ext4 /dev/sda7 #mount /dev/sda7 /var
disk utility GUI
One graphical tool that you can use for storage management is the disk utility, which is available from the gnome-disk-utility package. To access from the command line #palimpsest
empty partition
For parted for a new empty partition, you need to create a label. You will get this message “unrecognized disk label” error; run first the mklabel command(parted) mklabel msdos(parted) mkpart
formatting partitions
-remember: for these command below, you need the appropriate partition #mkfs.cramfs - create a compressed ROM filesystem #mkfs.ext2 - formats a volume to the ext2 fs #mkfs.ext3 - formats a volume to the ext3 fs #mkfs.ext4 - formats a volume to the text4 fs #mkfs.msdos -> or mkfs.vfat, or mkdosfs microsoft vfat, not bootable #mkfs.exfs - formats a volume to the xfs fs #mkswap - format a volume to the linux swap file system
LVM command installed(many exists, but only four are active)
LVM - brings you an LVM prompt to run other commands, type help to see a list
lvmconf - can modify the default settings in the related configuration file /etc/lvm/lvm.conf
lvmdiskscan - scans all available drives for LVM-configured partitions
lvmdump - sets up a configuration report in the root administrative user’s home directory(/root)
To use the GUI logical volume management tool
yum install system-config-lvm
Volume encryption with the linux unified key setup (LUKS)
LUKS works on a block levelLUKS-protected system requires either a passphrase or a keyfile
encrypting a filesystem mounted on a specific directory
You need the dm_crypt module #lsmod | grep dm_cryptif you don't see an output regarding dm_crypt run: #modprobe dm_cryptYou'll need to install the cryptsetup-luks RPM package #yum install cryptsetup
Create a LUKS-based filesystem with cryptsetup
#cryptsetup luksformat /dev/sda1 -> first create a passphrase- once the partition is encrypted, it can't be read. Before you can format it, it must be mapped First you need the UUID of the device. This command creates a UUID for the newly encrypted /dev/sda1 device: #cryptsetup luksUUID /dev/sda1 -> generates a UUID #cryptsetup luksopen /dev/sda uuid number- the mapped device should now appear in the /dev/mapper directory(instead of using a UUID you can use a word like test, unless required in the exam)
find the UUID associated with a particular encrypted filesystem
#dumpe2fs /dev/mapper/test | grep UUID You can also use the blkld command to get the UUID
mounting a luks formatted filesystem
If the LUKS formatted filesystem /dev/mapper/test is to be mounted on the directory named /shared, you could add the following lines in /etc/cryptttab:shared /dev/mapper/test noneshared UUID=uuidnumber none-You can verify how partitions are actually mounted in the /etc/mtab #cat /etc/mtab
description of entries in /etc/fstab example
/dev/dsa1 (device)/home (mount point)ext4 (fs format)defaults(mount option)0 0 ( Dump value followed by FS check order)
dump value
Either 0 or 1. A value of 1 means that data is automatically saved to disk by the dump command when you exit Linux
filesystem check order
Determines the order that filesystems are checked by fsck command during the boot process. The root directory(/) should be set to 1, and other local filesystems should be set to 2. Removable filesystems such as those associated with CD/DVD devices should be set to 0, which means they are not checked during the Linux boot process
List of virtual filesystems in /etc/fstab
tmpfs - a virtual memory filesystem that uses both RAM & swap space
devpts - filesystem relates to Pseudo - terminal devices
sysfs - filesystem provides dynamic info about system devices. Explore the associated /sys directory
proc - provides dynamically configurable options for changing the behavior of the kernel
mount a cd/dvd
mount -t iso 9660 /dev/sr0 /mnt
best option to mount nfs
#mount -t nfs server1:/pub share fsmount nfs or add to /etc/fstabserver1:pub /share nfs rsize=8192,wsize=8192,time=14,intr,udp 00
option for mounting samba directories
in /etc/fstab//server/pub /share cifs rw,username=user,password=passd, 0 0
or//server/pub /share cifs rw,credentials/etc/secret 0 0
then your /etc/secrent content:username=userpassword = password
yum-config-manager
To get the full list of yum configuration directives and their current values, run the following command #yum-config-managerThis command requires the installation of the yum-util package.
additional yum commands
#yum info samba -> similar to #rpm -qi samba (query about samba #yum erase package -> removes package #yum whatprovides */*.repo #yum grouplist #yum groupinfo "Remote desktop clients" #yum group install groupPackage name #yum group install "print server" -x paps -x gutenprint-cups -> exclude paps & gutenprint from being installed #yum groupremove "Print Server" #yum createrepo -> helps you setup a local directory #yum downloader cups #yum-config-manager -> can display all current settings for each repository as well as downloaded individual RPM packages #yum downloader
local access
local access is regulated in the /etc/security file
to set a password for a group
gpasswd group
configure a client as an LDAP client
you can edit /etc/openldap/ldap.conf and add
URL ldap:127.0.0.1HOST tester.example.comBASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
The name service switch file
/etc/nsswitch.conf, governs how a computer seachers for key files as password databases. It can be configured to look through LDAP and other server databases such as /etc/hosts hosts: files ldap dns You can also add settings passwd: files ldap shadow: files ldap group : files ldap
VNC
vnc communication normally proceeds on port 5900, must be open to enable communication.The gnome-base VNC server is known as vino. TigerVNC server, based on tightvnc server also exists
vnc gnome
you can use the vncviewer command to connect to a vnc server #vncviewer 192.168.122.1 :2To use the GNOME-based vino server, after it's installed #vino-preferences
password protect grub
First create an md5 passwd #grub-md5-cryptpasswod: Then edit /boot/grub/grub.conf under the timeout line in the main section enter passwd --md5
setup ftp to only allow specific IPs
#yum install -y vsftp* #vi /etc/vsftpd/vsftpd.conf verify that this is present or add: tcp_wrappers=YES #service vsftpd restartIn /etc/hosts.deny deny everyone for vsftpd :vsftpd: ALL Then, in /etc/hosts.allow add the authorized IPs :vsftpd:192.168.0.39 192.168.0.50
