Troubleshooting Flashcards
Basic connectivity
> ping hostname or IP
> traceroute (must use with root privileges)
- if host takes too long to respond ther could be an issue
- if you see asterisk in output, a router is blocking connection
View ports and programs
View running processes >netstat - n : shows ports - a : active internet connections TCP and UDP - i - r - p : shows PID - l - t: shows tcp - u >netstat -nutlp : shows active internet connections
View Ports
>nmap [IP address or name of target host]
View live packets
> tcpdump : stop output with CTRL+C
- n
- A
- v
- vvv
Kill a process
A process is simply an application or a script which can be running in the foreground or the background.
- ps aux (show all running processes or “|grep chrome”)
a = show processes for all users
u = display the process’s user/owner
x = also show processes not attached to a terminal - kill [process id]
killall [process name]
Start/stop/restart a service
A service is just another name for a daemon, which is a client / server application that runs in the background. A service is continuously listening for incoming requests and sends a response based on the request given
Services can also be found in the /etc/init.d/ directory and can be controlled in the same manner.
- Service –status-all (show running services)
OR Netstat –tulpn (shows all information about this ser) - Either “service”
>sudo service httpd start
>sudo service httpd stop
>sudo service httpd restartOr “systemctl”
>sudo systemctl stop httpd
>sudo systemctl start httpd
>sudo systemctl restart httpd
System Logging
● Syslog servers ○ syslogd ○ rsyslog ○ syslog-ng ● Use logger to generate your own log messages ● Use logrotate to automatically prune messages.
Permissions Troubleshooting
● Permissions on a directory can effect the files
in the directory.
● If the file permissions look correct, start
checking directory permissions.
● Work your way up to the root.
Linux Networking
● DNS and name resolution ○ host ○ dig ● /etc/hosts ● /etc/nsswitch.conf
What is my IP
> ip address
>ifconfig
Determine hostname
○ hostname
○ hostname -f
○ uname -n
Bring interface is up/down
ifup / ifdown
Usefull commands for jobs and processes
● ps ● Ctrl-c ● Ctrl-Z ● bg ● fg ● jobs ● kill
Default Log Directory
/var/log
Third Party potential log directories
/etc *** – host specific system config
/opt *** -- config file for third party application software >bin >etc >lib >log
/usr ** – sharable and read only files
>bin
>etc
>lib
>log
/var ** – var. data files generated by system or vendor
Securing Network Services
- use a dedicated user for each service
- ports below 1024 are privileged service port
- stop and uninstall any service not used
- avoid services using unencrypted communication
- make service only listen to the interface they need. By default the service listens on all interfaces