Documente Academic
Documente Profesional
Documente Cultură
virsh
-To stop a vm using the following:
ex:virsh destroy <vm name>
-List all configured VMs: ex:virsh autostart <vm name>
ex: virsh list --all
-To autostart the vm :
remove a vm
-Stop the vm : virsh destroy <vm name>
-Remove the XML: rm /etc/libvirt/qemu/<name>.xml
-Remove image: rm /var/lib/libvirt/images/<name>.img
-Restart libvirtd : /etc/init.d/libvirtd restart
install vm with kickstart
-virt-install -n server3.example.com -r 2048 --disk
path=/var/lib/libvirt/images/server3.example.com,size=8 -l
ftp://192.168.122.1/pub/inst -x "ks=ftp://192.168.122.1/pub/ks.cfg"
Kickstart
-Template is the anaconda-ks.cfg file located in /root directory
-Another way to config kickstart is
ex:system-config-kickstart
-At boot you can TAB and add the ks= option at the end of the vmlinuz line
POP
-Post Office Protocal
Default Shell
-Changes to individual shells is made in :
ex:/etc/passwd file
Command Line Consoles
-start-ttys.conf is located in :
ex: /etc/init directory
Data Streams
-Standard Input (Stdin)
-Standard Output (Stdout)
-Standard Error (Stderr): 2>
Ln
-Hard link is a copy if on the same partition, identical inode numbers
-Soft link is a redirect to the original file
rm alias
-Another possible alias for rm
ex: rm='mv -t ~/.Trash'
wildcards
-Also known as globbing
mlocate.cron
-This locate script updates only once a day if put in the daily crontab.
Less
-This command is different from more or cat in that it can read gziped files
sed
-Stream EDitor that allows you to search and replace items
awk
-Used to identify lines and print them out
vipw
-vi for passwd file
vigr
-vi for group file
-/usr/share/doc
whatis
-Used to indicate the location of files and man pages types
CIDR
-Classless Inter Domain Routing notation
ex:192.168.122.1/24
ping6
-Must specify the Interface:
ex: ping6 -I eth0
ifup
-This command brings up an interface:
ex ifup eth0
ifdown
-This command brings down an interface
ex: ifdown eth0
arp
-Address Resolution Protocol. This table has the Hardware information and IP
Addresses
-Used to find duplicate IP Addresses on the network
dhclient
-assigns the ip address to the interface, sets up the routing for that interface and
adds the ip address of the DNS server to the resolv.conf file
nm-connection-editor
-Starts the network connection GUI
nsswitch.conf
-Name Server Switch file is a database of search priorities ex: hosts: files dns;
Says to search /etc/hosts file first and then DNS for the resolution
BIND
-Berkley Internet Name Domain
-Used for DNS servers
SUID
-Super User ID
-The "s"in the execute bit for the user owner permission is the sticky bit for SUID.
Allows other users to execute the command with the owners rights.
-setting SUID use numerical value = 4
SGID
-Super Group ID
-The "s" in the execute bit for the group owner is the sticky bit for SGID. Allows
other users to execute the command with the owners group rights.
-Setting SGID numerical value use =2
ACL
-Access Control List (ACL) -A (+) sign indicates ACLs but doesn't overide the
SELinux configurations
-Configure the filesystem with acl option
-Making a filesystem ACL friendly you would use:
ex:mount -o remount -o acl <filesystem> <mount point>
-Option (-m) modify the acls for a user ( -Can't deny access to a user to his own
home directory
Sticky bit others
-The "t" in the execute bit fro the user others permission is the sticky bit. Allows
others to copy files to a location and retain their ownership of the file
umask
read,write,execute
-r=4, w=2, and e=1
ugo permission
-u:user
-g:group
-o:other
lsattr
-Listing of the file attributes
chattr
-Change file attributes
setfacl
-setfacl -m u:<user>:--- <path/> : modifies acls for a user on a file
-setfacl -x u:<user> <path/> : removes acls for a user on a file
-setacl -b <path/filename> :removes all acls on a file
-setacl -m mask:--- <path/> : sets the mask for a file
restorecon
-Restores the default SELinux acl settings for a file:
ex: restorecon -F <location>
iptables
-iptables is chained based: condition a packet must meet and the action to take
- iptables -t tabletype -j
-tabletype: Filtering packets (Default setting), NAT or masquerading -action
direction:
1. -A: append a rule at the end of the chain
2. -D: Deletes a rule from a chain;specify by rule number or packet pattern
3. -L: List the current rules in the list
4. -F: Flushes all the rules in the list
-If -A or -D the following apply
-INPUT; All incoming packets are checked against rules in the chain
- OUTPUT; All outgoing packets are checked against rules in the chain
-FORWARD;All packets to other computers are checked against rules in the chain
-Packet Pattern
ex: -s ip_address;All Packets are checked for Source IP Address
ex: -d ip_address;All Packets are checked for Destination IP Address
-p protocol --dport destination port
ex: -p tcp --dport 80
-j what to do with packet
-Drop; No message sent to source computer
-Reject;Message sent to requesting computer
-Accept;Allowed followed by -A option
-Commit ends the rules
TCP/IP Ports
page23image6280 Port Description 21 FTP page23image10240 22 Secure Shell
(SSH) 23 Telnet page23image15008 25 Simple Mail Transfer Protocol (SMTP),
e.g., Postfix, sendmail 53 Domain Name Service servers page23image20096 80
Hypertext Transfer Protocol (HTTP) 88 Kerberos page23image24904 110 Post
Office Protocol, version 3 (POP3) 139 Network Basic Input/Output System
(NetBIOS) session service page23image30032 143 Internet Mail Access Protocol
(IMAP) page23image32976 443 HTTP, secure (HTTPS)
SELinux subject
-Subject is a process, a command in action.
SELinux object
-Object is a file
SELinux action
-Action is what might be done by the Subject to the Object
SELinux permissive
-Permissive logs every action but doesn't prevent action from taking place
SELINUX Directive
-Its location:
ex:/etc/selinux/config
SELinux Enforcing Mode
ex:/selinux/booleans
getsebool
-Command to read SELinux boolean value
setsebool
-Command to set SELinux boolean value to 1 or 0 -setsebool -P; will hold value
after a reboot of system
ps -eZ
-To see all the contexts for each process
ausearch
-Tool to help searching the audit.log file SELinux ex:ausearch -m avc -c
<common name>
-m Access Vector Cache (avc)
sealert
ex:sealert -a
system-config-selinux
-Command to launch the GUI for configuration of SELinux rules
PATA
-Primary Advanced Technology Attachment (Pata)
SCSI
-/boot must be on scsi id0 or id1
single boot
-boots without running the /etc/rc?.d scripts
/init=/bin/sh
-Mounts only the top level directory / in read-only mode
UUID
-Universally Unique Identifier -128-bit number hex
rd_NO_LUKS
-disables the detection of volumes encrypted by Linux Unified Key Setup (LUKS)
system.
rd_NO_LVM
-disables detection of volumes configured with Logical Volume Manager
rd_NO_MD
-disables detection of software RAID use
rd_NO_DM
--disables detection of software RAID use
grub-md5-crypt
-used to password encrypt the Grub loader
from grub-md5-crypt> command
grub-install
-installs the loader to the master boot record anywhere
runlevel
-N means no previous run level
ex:N 5
Readahead Files
-Configuration of what files should be placed into memory at boot up to speed up
process -readahead-collector.conf -readahead.conf -readahead-disableservices.conf -/etc/sysconfig/readahead
Terminal Files
-prefdm.conf -start-ttys.conf -tty.conf -serial.conf -Located in /etc/init directory
Resource Control
-Three scripts that control what is started at different run levels
-rcS-sulogin.conf -rc.conf
-rcS.conf
ntsysv
-Command line GUI that shows what services are configured for what run level
ex: ntsysv --level 2345;show all services for these runlevels
DHCP
-Dynamic Host Configuration Protocol
clock
-/etc/sysconfig/clock has the timezone for the server
swap
-mkswap /dev/<location> -swapon /dev/<location> -cat /proc/swaps; see swap
space configured
palimpsest
-Command to start the Disk Utility
Journaling Filesystem
-Advantages: -faster to check at boot time -If a crash a log or journal is kept
for restoring the metadata for the lost files -Adding journaling by upgrade from
ext2 to ext3 ex: tune2fs -j /dev/<filesystem>
ext4 filesystem
-Advanages: -supports upto 1 exabyte -Nanosecond file timestamps
dumpe2fs
-Displays the filesystem attributes
FHS
-Filesystem Heirarchy Standard -Official way to organize files for unix and linux
LUKS
-Linux Unified Key Setup (LUKS)
-Block encryption -modprobe dm_crypt -cryptsetup luksFormat /dev/<partition>;
sets up a passphrase
-cryptsetup luksUUID /dev/<partition>;mapping of device to UUID
-cryptsetup luksOpen /dev/<partition> <location>;opening the partition
-mkfs.ext4 /dev/mapper/<parttion>;will change the UUID for the block device
ex:<directory
nfs mount
-mount -t nfs server.name.location.com:/<directory> /mountpoint
- server1:/pub /share nfs rsize=8192,wsize=8192,timeo=14,intr,udp 0 0
automount
-/etc/sysconfig/autofs;configuration of automounter
-/etc/auto.master
-/etc/auto.misc
-/etc/auto.net
-/etc/auto.smb
-/etc/auto.home;requre certain directives rom /etc/sysconfig/autofs
-DEFAULT_MAP_OBJECT_CLASS="automountMap"
-DEFAULT_ENTRY_OBJECT_CLASS="automount"
-DEFAULT_MAP_ATTRIBUTE="automountMapName"
-DEFAULT_ENTRY_ATTRIBUTE="automountKey"
-DEFAULT_VALUE_ATTRIBUTE="automountInformation"
RPM
-Redhat Package Manager (RPM)
kernel
-Installation of new kernel using yum side-by-side current kernel
-yum install kernel
YUM
-Originally developed for Yellow Dog Linux
-Yellow dog Updater Modified (YUM)
-yum-config-manager
-yum erase <package>; will uninstall and remove the dependencies from the
system
-yum clean all; if problems with yum
yum.conf
-keepcache=0;Means the system will be current
-exactarch=1;Makes sure the archetecture matches the actual processor type
from arch command
-installonly_limit=3;kernel package is installed not upgraded
refresh-packagekit.conf
-links yum to the packagekit. Provides the use of apt yum and
yumdownloader
-Installs a single or group of rpm packages
createrepo
-A ! before the passwd for a user is a sign the account is locked. To unlock the
account issue:
ex:usermod -U <username>
sg
-execute command from a different group account
securetty
-located in /etc/securetty this file controls the access of the root account to
specified consoles.
access.conf
-A file to control local access to the system
su
- su - gives full administrative privilegdes to the user
- su -c root access for one command
gpasswd
-sets up a passwd for a specific group
/etc/skel
-default scripts and files that are copied to new user directories when account is
created
LDAP
-Lightweight Directory Access Protocol; used for authentication of users
-www.freeipa.org; a simple version of a LDAP server
crontab
-crontab -e ; used to edit entries in the crontab
-crontab -l; listing crontab entries per user
gpk-prefs
-package update scheduler