Linux Flashcards
How to check the kernel version of a Linux system?
Uname -a
How to see the current IP address on Linux?
Ip a
How to check for free disk space in Linux?
df -ah
How to see if a Linux service is running?
Service –status-all
Service
How to check the size of a directory in Linux?
Du -sh foldername
How to check for open ports in Linux?
Netstat -tulpn
ON REMOTE HOST
telnet 8.8.8.8 53
nc -w5 -z -v (AKA NETCAT)
How to check Linux process information (CPU usage, memory, user information, etc.)?
Ps aux
Top
htop
How to deal with mounts in Linux
mount
what does LSOF return
the list of open files COMMAND PID TID TASKCMD USER FD (file descriptor) TYPE DEVICE SIZE NODE NAME
Difference b/t CTRL-C and CTRL-Z in linux
CTRL - C sends SIGINT which interrupts the application, usually cause process abort and give you a blank prompt
CTRL - Z send SIGSTP which sends the application to suspend mode on the backend to be continued later with fg
Difference between Tar and ZIP
tar is only an archiver while zip archives and compresses.
tar preserves setuid, setgid, and sticky bit
SETUID
Setuid is a Linux file permission setting that allows a USER to execute that file or program with the permission of the owner of that file. This is primarily used to elevate the privileges of the current user.
SETGUID
Setuid is a Linux file permission setting that allows a USER to execute that file or program with the permission of the owner of that file. This is primarily used to elevate the privileges of the current user.
Same as SETUID except with GROUPS
STICKY BIT
Prevents everyone except the OWNER of a directory from deleting a file…like on tmp folders.
How to check open ports on a remote server without NET CAT or NMAP
echo > /dev/tcp// && echo “GOOD” || “BAD”
5 ways to secure an SSH connection.
Disable Password Based Logins and Allow Key based logins
Disable root login
Change the standard port number
Force the service to use only SSH v2
White List users or servers “Allowed List” is the new PC term.
LVM
Logical Volume Manager
LV-extend / LV-reduce to extend or reduce partition sizes
create/resize/delete LVM partitions while the server is running.
How would you connect to a machine in the cloud
Is there a VPN…connect to it.
SSH @
CD
change directory
CD /
LS
list directory contents.
ls [flags] [directory]
PWD
print working directory (path of current directory or the one you choose)
echo
Displays a line of txt
grep
print lines to match patterns
If no FILE is given, recursive searches examine the working directory, and nonrecursive searches read standard
input.
cp
Copy file
cp
systemctl
Control the systemd system and service manager
How to list services with systemctl
systemctl list-units type=service
how to get status of a service
systemctl status
how do you enable a service to start at boot time
systemctl enable
start or stop a service
systemctl start/stop
What is init system.
o Init is the first process o Starts all services and units o Reparening orphaned processes o Systemctl enable/start services o Journalctl -fu nginx (logs)
How do you show ip address of eth0
• Ip addr show dev eth0
how to you display route information
ip route show
Know the basics of System D
Contains Init which boots the rest of the system Collection of programs and libraries systemctl and journalctl init process management network management login management logs etc
What is a linux user made of?
Bascially a bunch of lines in a bunch of different files
Passwd gives username UID password or reference to the hashed password file
remove user from all groups before deleting
What do you know about PROC?
Proc file system (procfs) is virtual file system created on fly when system boots and is dissolved at time of system shut down.
It contains useful information about the processes that are currently running, it is regarded as control and information center for kernel.
How can you check resource utilization
top, htop, or atop
How do you look for application binary?
whereis will show you where the app and man pages live
report a snapshot of the current processes.
ps
How to get open files by process id
LSOF -p
how to view open ports on a machine
netstat -tulpn
What can prevent you from writing a file?
Ownership in a folder
Permissions
I-node exhaustion…you can run df -i
What are I-nodes
Linux datastructure that contains info on files When are they created. File type Permissions Owner ID Group ID Size of file Time last accessed Time last modified Soft/Hard Links Access Control List (ACLs)
What commands can you use to find i node info on a file
stat (various arguments) %i displays inode number
ls -lhi | grep
How to check inode usage on a system
df -ih
What happens to the inode when you copy vs move a file
copy creates new inode
move same inode, new info
How do you identify where an application is installed
use the WHICH or WHEREIS
What is cron
daemon to execute scheduled commands
How to find config files for applications
Use Find in the /etc folder
You want to check the logs for an apache / nginx server, but you cant find them in /var/log/, where would you look
find out where the application is installed and check the .conf file
How would you access a web service running in server B only accessible from server A, to which you have access, but from your local machine
ssh tunnel using port forwarding -L or proxy socks -D
ssh -L 8080:192.168.1.1:3389 user@192.168.1.1
• Difference between a process and a thread?
Process is an instance of a computer program that is being executed, while a thread is a component of a process which is the smallest execution unit.
Processes have their own memory space, which the thread, in turn, use.
In a multi-processing environment, each process executes independently. But a thread can read, write or modify data of another thread.
What command used to find processes as well as cpu and memory usage?
top, htop
What is the difference between a L4 and L7 load balancer?
Layer 4 load balancing takes place at the transport layer of the OSI model, which is in charge of delivering messages regardless of their content. Layer 4 load balancers simply route network packets to and from the upstream server without inspecting them. By reviewing the initial few packets in the transmission control protocol (TCP) stream, they can only make limited routing decisions. It is still the heart of the OSI.
QUICK, EFFICIENT, SECURE…..NO SMARTBALANCING, NO MICROSERVICES
Layer 7 load balancing works at the application layer of the OSI model, which is in charge of the message’s actual content. Application Load Balancers route network traffic in a more complex way, typically for TCP-based traffic such as HTTP or HTTPS. A Layer 7 load balancer, unlike a Layer 4 load balancer, disconnects network traffic and processes the message inside.
BASED ON URL, SMART ROUTING, CACHING…EXPENSIVE, NEEDS DECRYPTION
whats the difference between df and free
df is to check free disk space
free is to check free memory
how does kill work?
The default signal for kill is TERM. Use -l or -L to list available signals. Particularly useful signals include HUP, INT, KILL, STOP, CONT, and 0. Al‐
ternate signals may be specified in three ways: -9, -SIGKILL or -KILL. Negative PID values may be used to choose whole process groups; see the PGID column
in ps command output. A PID of -1 is special; it indicates all processes except the kill process itself and init.
Which files are open?
o lsof
Which processes have this file open?
o lsof
Which files does process X have open
lsof -p 1
lsof -p `pgrep ABC
Where is the binary for this process
o lsof -p ABC | grep bin
Which shared libraries is this program using? (manually upgrading software, i.e. openssl)
o lsof -p PID | grep .so
Where is this thing logging to?
o lsof -p ABC | grep log
Which processes still have this old library open
o lsof grep libname.so
Which files does user XYZ have open?
o lsof -u XYZ
lsof -u XYZ -i (selects IPv 4/6 files for networking)
Which process is listening on Port X (or using Protocol Y)?
lsof -i :80
lsof -i tcp
what is uptime and how do CPUs affect load averages
tells uptime of machine and session time of use
load averages if 1 CPU .5 is 50% load
load averages if 4 CPUS 1 is 25% aggregated load of 4 CPUs
how do you check kernel erros
dmesg -T
what does vmstat give you
overal stats by time memory swpd=paging...free,buff,cache swap in and out io -disk bits in and bits out system cpu looking at user, system, idel and steal
how to check CPU balance
mpstat -P ALL 1
how to check process usage at specified intervals
pidstat 1
how to check disk I/O stats
io stat -xz 1
how to check memory usage
free -m
how to check network I/O
how to check TCP stats
sar -n DEV 1
sar -n TCP, ETCP 1
check performance overview
top
how to check system calls and signals
strace
Application Latency Problems
what do you check
Disk with iostat
Swaps with vmstat
Network with sar
system calls with strace
Slow Performance Troubleshooting steps
overview with vmstat mpstat for cpu usage pidstat to check when ps is hogging resources check disk with iostat run strace -tp 'pgrep ' | head 100
CPU high troubleshooting
top (not always super usefull) mpstat 1 iostat -x 1 sar -n DEV 1 vmstat 1 perf record -F 99 -a -g --sleep 10 perf report -n --stdio
how to grab columns in linux
ps | awk ‘{print $1}’ prints first column
get every single user on the system
awk -F “:” ‘{print $1}’ /etc/passwd
how to print multiple columns with separators from a file
awk F “:” ‘{print $1”\t”$6”\t”$7}’ /etc/passwd
awk ‘BEGIN{FS=”:”; OFS=”-“} {PRINT $1, $6, $7}’ /etc/passwd
how to get unique values
uniq
what does
drwx—r-x mean
777?
d=directory-
-=file
l=link
read write execute for user/owner….no permissions for group…and read and execute for everyone else
777 is rwx for all three
r=4
w=2
x=1
how do you find hostname based on ip address and vice versa
nslookup
how to you find hostname for machine
hostname
how to move or rename a file
mv
how to make a link file
ln
tcpdump
kinda like wireshark
terrible performance inhibitor
advanced networking tools
ss gives more socket info
iptraf gives a histogram of network packet size
how to check paging information
pcstat
multi-tool for CPU profiling
PMC profilng
Static/Dynamic Tracing
PERF
What is a PMC
performance monitoring console (counter)
how to check and repair filesystem
fsck
how to set file permission
setfacl -m u::rwx filename
-x to remove
crontab fields
Min/Hour/DOM/Month/DOW/cmd
