SlideShare a Scribd company logo

Ericas-Linux-Plus-Study-Guide

E
Erica StJohn

This document provides summaries of commands and configuration files related to Linux system administration. It covers topics like printing commands (lpr, lpq, lprm), init and inittab configuration, runlevels, networking commands (route, netstat), user management (userdel, passwd), file systems (e2fsck, ext2, ext3), and other administrative tools (top, ps, umount, vmstat).

1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Erica's Linux Plus Study Guide ESN ID 7832506060670038649
/proc • Performance degrading – directory contains most files which can give you most info about the running services and current hardware level activity • -cpu – memory and CPU info • Contains kernel and process information Printer • lprm – remove print job from queue • lpq – view print queue /status • lpr – print o -# Allows you to print multiple copies • lpstat –h – printhost waiting print jobs w cups. –h specifies cups server to communicate with • /etc/printcap – used to setup printer ( /dev/lp0 ) • printcap – needs to be restarted to use a new install • cupsd – common Unix printing system daemon – daemon used for printing • cupsd and lpd – printer daemons that queue and print jobs • lpc o Maintains print queues o Command is used to control the operation of the line printer daemon • print filter – converts program output into a suitable format for printing before passing it on to the print spooler • /etc/printcap.samba – a list of printers that are shared out to windows clients • line printer daemon usually loaded at boot • The daemon looks in /var/spool/lpd for jobs to print init • Program that reads /etc/inittab • telinit usually a symbolic link to • /etc/init.d – startup scripts • init.q – make changes to inittab, used to run changes • parent process of httpd inittab ( /etc/inittab) • Edited to add gettys to runlevel3 • Read by init (telinit) • init=/bin/sh – used to recover password in run level 1 • 3rd field - action – how to handle shutdown • -t – sec delay in seconds (default 5) • -a – ctrl/alt/del physical access – checks shutdown.allow • -r – reboot after shutdown (changes runlevel 6) • -k – fakes a shutdown (sends msg, but doesn’t shutdown) • -h – halt after shutdown (changes runlevel 1 or 0) • -c – if you initiate shutdown, this cancels • -f – skip fsck upon reboot • -F – forces fsck upon reboot • now hh:mm +m minutes /etc/shutdown.allow runlevels • 0 – shutdown (halt) • 1 – single user (root password changed here) • 2 – multi user w/o NFS (same as 3 w/o networking) • 3 – command line (full multi user mode) • 4 – unused • 5 – GUI / X11 • 6 – reboot endlessly route • Used if machine is functional • route add –net 192.168.1.0 netmask 255.255.255.0 reject (deny 192.168.100.0/24 network) mask out networks before routing – not for firewalling • route add default gw 10.1.1.1 samba (smb) port 139 • mount share – smbmount //servername/sharename /mount_dir –o username=mywindowsusername password = mywindowspassword • guests ok=yes – user to access public share on this server w/o authentication • boot - //servername/sharename /mount_dir smbfs username=mywindowsusername password = mywindowspassword 00 ssh – secure shell (encrypted) port 22 • –c 3des 10.0.0.2 (blowfish, 3des des) • -l login_name • -6 forces ssh to use ipv6 only crontab • -u – see who has what crontab • crontab –u steve –l o –l list o –r removes -u specify user • 0-59 0-23 1-31 1-12 0-6 command • min hr day /mo day/yr day/wk (Sunday=0) hosts.allow • Added to allow network (192.168.1.0) • Can be configured to LRP access for special hosts • Can allow based on domain or ip hosts.deny • can deny based on domain or ip fdisk • -p partition table • -l list partitions for devices and drives • -n creates new partition • -w must write to the partition table for it to take effect Xwindow • /etc/x11/X86Config • export DISPLAY = remote:0.0 – user view Xwindow from remote system on their local system • XF86Config – default XFree86 Config • XFree86Setup o mainly used to do initial video card config after immediately installing Linux. o Can also be used to configure a mouse, monitor and video card settings o Can only be used to configure VGA compatible video cards o Is a GUI VI • i enter insert mode at the current position of the cursor • A moves the cursor to the end of the line and puts vi in insert mode • D deletes all text from the cursor to the end of the line • G move the cursor to the end of the file • :q! – quits w/o saving • :w – writes (saves) • :x – exits & saves • s/match/replace/g  aka regex 32,56 s/guy/gal/g • :wq or ZZ writes and exits • : line mode – currently on override with numbers
file system • e2fsck - check bad super block • ext2 – good for expansion later o Filenames up to 255 characters o Max partition size of 4TB o Reserved blocks to allow root to free up space in full file systems • ext3 o mke2fs –j (/journaling) o mkfs.ext3 o mkfs.ext2 –j o mkfs –t ext2 –j o mke2fs -j • reiserfs o Journaling o Disk quota o Encrypted files o Compression o Partitions up to 16 GB • vfat – on a dual boot, Linux and windows available to users How to - latest – Linux Documentation Project • /usr/doc/howto Man Pages • updatedb • man –k path to man files • apropos – search shot description of man files • makewhatis – index the manpages info (pages) • info info • info pages contain more current pages than man pages • info pages are broken into sections called nodes • info pages make use of hypertext links tar • -xzvf Linux -2.4.3.tar.gz kernel • -cvf (filename) (location) backup • -z compress or uncompress a tar archive using gzip • -v verbose • -f specify a file or location other than the default /dev/rmt0 • -x specifies that the tar archive is to be extracted • -d is used to compare an archive of the file system and report the differences • -A append specified files to an existing archive • -u looks at an existing archive and will append files that have been updated since the archive was made, effectively performing an incremental backup bunzip • package.rpm.bz2 • tar -cvvjf filename file1 file2 file12 logfiles • /var/log/messages  crash and reboot here • /var/log/mail • /var/log/wtemp • /etc/syslog -> modify log daemon • dmesg – all messages since boot modules • /etc/conf.modules • rmmod – remove modules • modprobe – remove, list and add modules, autoclean, load modules • lsmod – show all loaded kernel modules NIS • ypwhich – which NIS client bound to NIS server • ypcat passwd – verify NIS client is reading auth info from NIS server • /etc/nisserwitch.conf – used to config which services are to be used to determine info like hostnames, password files, group files • ypinit –m generate the NIS database • ypmatch – used to display the value of a specified key in an NIS database Partition Type (FS) • 82 – Linux Swap (cannot be mounted with mount command) • 83 – Linux Native • 85 – Linux Extended ACPI • Advanced Control and Power Int. • /etc/acpi/events/power  map power button to specified command Passwords • /etc/passwd - / in front of name disables password in this file • pwconv creates and updates /etc/shado w/info from /etc/passwd – converts using standard passwords to shadow passwords • Shadow password moves password to a separate file w more restrictive permissions DNS • If IP address of one of the internet root name servers changes, edit root.hints • Edit DNS – named.conf to tell DNS over what domains it is hosting or serving ttySx • TTyS0 – Com 1 • TTyS1 – Com 2 • TTyS2 – Com 3 • TTyS3 – Com 4 PAM – Pluggable Authentication Modules • Change encryption types (Other than DES for passwords) • Set resource limits on users (can’t DOS) • Enable Shadow passwords on the fly • Allow specific users at specific times at specific places RPM – Red Hat Package Manager • -q query • -f package that owns file rpm –qf /etc/www/ • -F freshen • -I install a new package • -U upgrade • -e remove package • -l lists packages that own the specified files • -h gives you a progress bar dmesg • dmesg | grep CPU – CPU messages during boot • All messages during boot. Used to examine or control the kernel ring buffer. The program helps users to print out their boot up messages.
netstat • Displays only local machine • netstat -a | grep ftp – confirm ftp daemon working • -a lists all connections and listening ports • -t shows only tcp ports • -u shows only udp ports • -r shows the kernels routing table | process , redirect • Named (script) to process contents of file name2 – name | name2 • Pipe used to take the output of one command and redirect it from the screen to the input of another command • command1 | command 2 – send the output of command1 as input to command 2 > • nameA > nameB – redirect output from nameA to nameB • 2> redirect something other than the default stream • command > file - send the output of command to a file instead of the screen • command1 > file2 > file2 – send the standard output to file 1 and standard error to file 2 of command (Bash) >> • Redirect and append • command >> file – append the output of command to file & • command 2>&1 - combine the standard error to standard output (bash) • command 2>&1 > file - same as above except redirect the combined output to a file (bash) • command >& file1 –combine the standard error and standard output and send it to file 1 (Csh) • command2>&1 > file1 – same as above except append to file 1 instead of overwriting it (Csh) < • Used to redirect the input source to a specified file (same as cat data | foo) cat data > foo will insert the contents of ‘data’ into the file named foo. << Is not a valid redirection symbol • command < file – use the contents of file as input to command instead of reading from the keyboard Swap • Cannot be mounted using mnt • Preferred file system for the virtual memory Lilo • /etc/lilo.conf • /sbin/lilo – run to update lilo info in MBR • -t test before using • Stores kernel boot information in the MBR • Cannot read ext2 partitions Grub • Provides an interactive menu for manually booting the system Sticky Bit • “s” in perms • Was used in the past to lock files in memory used today on dirs • With sticky bit and write perms, other users can add files but not del on dirs • chmod 1000 • rwxrwxrwt  “t” sticky bit Directories • / contains all other directories • /root- contains home dir of root • /bin – Binary commands – all users • /boot – Linux kernel files used by boot loader • /dev – device files • /etc – system specific config files • /home – home users dirs • /lib – shared program libraries • mnt – empty dir for mounting drives • /opt – stores additional software programs • /proc – process and kernel info • /root – root home dir • /sbin – system binary (admin) • /tmp – temp files • /var – log files and spools – when full, cant print but everything else works ok • /usr o /usr/bin – user bin commands o /usr/games – games and programs o /usr/include – c program header files o /usr/lib – user libraries o /usr/local – local programs o /usr/sbin – system bin commands o /usr/share – architecture independent o /usr/src – source code for user o /usr/x11r6 – Xwindow top shows • Number of processes • Memory and swap file usage • Current uptime • Number of currently logged in users • System time • CPU usage su • -c passes single commands to users shell • -m does not reset the environ. Variables • -s runs shell • - - Displays help Fiberoptics affected by: • Chromatic Dispersion • Attenuation userdel • -r wipes user and home directory • By itself removes user but not home dir makefs • Make fs type • Erase data snort • Intrusion detection • Packet sniffing • Packet logging
chmod • Never changes the permissions of the symbolic link. Instead, it changes the perms of the file it points to • [ugoa][+-=][rwxXstugo] o u user owns o g users in a group o o others not in the group o a all users o r read o w write o x execute o X execute only if file is a dir or already had execute perms for same user o S set user or group on execution o T save program text on swap device o u permissions for users who owns the file it has on it o g permissions for users in a file group that have it o o others not in group currently have for it Listing types ls –f • @ Linked • * Executable • / Subdir • = Socket • | Named pipe File Type characters ls –l • D – directory • L – symbolic link • B or c – special devices • N – named pipe • S – socket • - other file types SCSI • sg – generic SCSI module • st - the SCSI tape module • Aic7xxx – generic SCSI disk module • Controller usually assigned ID 7 • Ultra3 SCSI – 16bit bus • Ultra Wide SCSI – 16bit bus • Wide SCSI – 16bit bus • Ultra2 SCSI – 8 bit bus RAID • 0 striping – no redundancy – smallest space – no parity • 1 mirrored disks • 2 • 3 • 4 • 5 reserves one disk for parity data cpio • Also used to create extract and view archives, handles tar • -I tells cpio to read from standard input • -t lists files • -v verbose output • Copy files into an archive • Restore files from an archive • Copy an entire directory tree into another location • Can be used to restore archives from cpio and dump – it can read tar archives and its own backups • Incremental – only copies files that have changed since the previous backup • full – backs up everything ps • -u shows uid transitions • pstree shows running processes as a tree • Kernel processes are shown in brackets umount • /umount /floppy unmount • -a unmounts fs in /etc/mtab vmstat • Used to display amount of virtual memory in use • Used to display the amount of time the processor spends executing kernel code • Used to display the number of CPU interrupts per second Soft Links • Can be broken if the linked file is moved • Can be on different partitions env • Display current environment variables • Environment variables can contain letters and numbers and underscores. The first character must be a letter or underscore Prevet potential security risks • Keep up with CERT advisories • Search /etc/passwd for lines with uid0 • Run ‘ find / -perm –4000 ’ Sed • Text editor • Used to perform text editing features on the stream of text, usually piped from a file • No visual editing /etc/fstab • System disk space quotas edited with edquota command • Can be used to set mount permissions on devices. Options include: o Mounting read only o Mounting auto at boot up o Allowing all users to mount the device usermod • –c comment user – add a comment about user • Can be used to o Disable a user’s account o Move a users personal files to a new home dir o Change a user’s login name o Change a user’s group membership groupmod • Changes the name of a group • Changes the value of the GID usb • usbcore – First to load to provide any usb functionality • Assigned the next available SCSI drive device • /sbin/hotplug searches /etc/hotplug for an appropriate driver • uhci – module for usb support kbconfig • A simple tool for configuring is a simple tool for configuring the default keyboard map • Same as editing /etc/sysconfig/keyboard file Xhost • Used to grant or deny access to a remote host on a local X server. • Xhost +- hostname • Not very secure • Easy to accidentally configure an X server to accept connections from all hosts and does not differentiate between different users logged on to the same remote host chgrp • Used to set the group owner of a file or directory • chown :Sales file and chgrp sales file the same
chkconfig • Used to display a listing of services that are enabled or disabled for a given runlevel • Used to change the state of a service ifconfig • changes are only temporary and will resume reg upon reboot • can be used to configure o promisc o netmask o irq find • .-uname root – recursively search through all subdirs from current dir for files owned by root • -m time 2 – locate files that have been modified in the past 2 days • Can only search through a directory tree for files that meet a given criteria • find / -user 0  find all files owned by root • More powerful search options than locate locate • Faster than find • Locate does not store file permissions and ownership • Pretty much obsolete • Usually a link to slocate now (/usr/bin/slocate) slocate • Secure locate • Stores file permissions an ownership • Results will not show files a user does not have permission to access grep • Used to search for a pattern in a file or in standard input • Cannot delete or change text by themselves • -A or –B tells grep to display a specifically number of lines before and /or after the search string • -c tells grep to only display a count of the number of matches • -I tells grep to ignore the case when searching for a string mount • -a automount all filesystems listed in /etc/fstab • /etc/fstab a list of all file systems that can be mounted • /etc/mtab a list of all file systems that are mounted Apache • httpd –d /home/user/html  working dir set from Command Line • -R libexecdir • -d serverroot • -f config • -C directive (-c) • -D parameter • httpd.conf mapping of SSL cert • Default config /etc/httpd/conf/httpd/conf • Comanche – the GUI for the apache config • apachectl – a command line tool that makes performing common s- web server tasks simpler. It allows an admin to start stop and check the status of a webserver. SGID • chmod g+s /home/ourgroup  files in this group have ownership identical to the Directory • Allows reg users to execute a bin compiled program and become members of the group that is attached to the file SUID • Cannot add SUID to a shell script • If set on a file and that file is executed the person who executed the file temporarily becomes the owner of the file while it is executing. • Only bin compiled • Ping an example • Find / -perm –4000 –user root iptables • -n numeric output • -l list all the rules in the chain  check current iptables cfg • Three chain rules – input output and forwarding • Firewalls it can create: o Application-level gateway o Stateful (inspection) o Packet filter dir ls • drwx - - x - - x 10 jsmith staff 1024 May24 2058 • D- Directory • Perms 7 (rwx) 1 (- - x) 1 (- - x) • 10 – links to it • jsmith – owner • staff – group • 1024 – size • May 24 - date • 2058 – time ls switches • -l long • -lh long in human terms • -t time modified • -a - -a all filenames • -A - - almost-all most all • -C – in column form • - - color=n names w/o colour • -f all w/o sorting • -F - - classify class by type • - - full time – long format by modification time • -lg long w/ no group • -r reverse sorted • -R recursive • -s size by KB • -S by file size • -U w/o sorting • -x rows, not columns xinetd • /etc/xinetd.d/telnet  enable telnet • Contains a file for each service managed by xinetd. o Service name o Port number o Socket type o User to run as o Path to the binary executable tail • tail (#) filename – lists last # of lines of file • Should not be viewed using the tail command: o lastlog o wtmp mkfs • can create o MS-DOS o Swap o Minix
CD record • mkisofs dev=device[tack option[ track1 … • /tmp/tocd | cd record device = 0,0,0- File Permissions (use chmod) • +1000 = stickybit “t” • /tmp = 1777 • SUID 4 – SGID 2 – STICKY 1 • 0 – • 1 – – x • 2 – w – • 3 – w x • 4 r – – • 5 r – x • 6 r w – • 7 r w x • rwrwxrwx  suid sgid sticky bit  rwsrwsrwt • Special perms must have execute permissions, if not capital letter • rwxrwxrwx  rw-rw-rw  rwsrwsrwt sendmail –qp5m – process mail every 5 minutes checksum – md5sum package_name mac – hexadecimal number makes nic uniqueue arp – mac to ip .profile – add path to .profile for man pages in other languages DHCP – pump minicom – dx tool to test modem DMA – direct memory access – sound card – transfers data to memory w/o cpu intervention cpu –ps – high time slow machine loadlin – reconfigured to load Linux cat – cannot change contents of a file whereis – searches dirs hardcoded into cmd WEP – Wired Equiv. Privacy – wlancfg configure WEP encryption – DES least secure rbash – r=restricted – limited permissions date – /etc/timezone – sets default edquota – edit quota for user – edquota name(user) useradd – add user to a group (telnet) whodo – used to find out who has scheduled job head – displays the first 10 lines of a text file last – searches /var/log/wtmp and displays who has logged onto the machine and when lastb – searches /var/log/btmp for bad logons Path – export PATH=$PATH:/usr/local/program1/bin  add /usr/local/program1/bin to the path and make it active in current shell chown –R <usernew><file> - change owner of a file shadow passwords – use MD5 encryption /etc/shadow manpath – quickly displays location of the man pages currently being searched when using the man command alien –to –rpm solitaire.deb – used to convert Debian software to RPM uname –r shows kernel version no umask – sets initial file permissions when files are created parallel port – 25 pin female on back of comp named pipe - Identifies a channel that passes information from one process in memory to another and in some cases can be mediated by files on the hard rive. Writes to the files are processed while another process reads from it to achieve this passing of info socket - allows a process on another computer to write to a file on the local computer while another process reads from that file rpcinfo – used to probe for available RPC programs on a given machine dig – utility for retrieving info from a DNS server yum – allows admin to easily administrate and update installed RPM packages as new bug fixes are released apt-get - the similar Debain tool used to update debian packages sodoers file – allows you to have limited root access to users w/o giving away the root password. They will be asked for their password ifdown eth0 can stop the first Ethernet interface ifup can be used to start the first Ethernet interface acpid – Advanced Config and Power Interface - must be running in order to put the workstation into hibernate or sleep mode mailq – used to list messages in the mail queue that are waiting to be processed regex – used to determine if a test string matches a given regular expression mountd daemon - reads a list of exported file systems when it is started. If a new file system is exported, mount needs to be told of it exports –r - refreshes the file read by mountd Visudo – the best tool for editing the sudoers file. – Uses the default text editor but locks the suoders file to prevent multiple users from editing the file simultaneously and overwriting each others changes nohup – allows that process to continue executing even after you log out nmdb – Netbios Name resolution daemon. – Needs to run in order to resolve netbios names MBR – Best place to install LILO or GRUB if you dual boot with windows98 renice and top can be used to lower the priority of a running process the that it only executes when the CPU is idle NFS - mount server:share mountpoint renice –20 –u backup – will change all processes started by members of the backup group to the lowest scheduling priority nice – is a basic command for starting a process with an adjusted property bg %1 and %1 & will move job number 1 to the background rsh = rlogin kickstart - used to install RH over a large number of systems across a network tripwire and akick – tools that maintain a database of file properties. ethereal and snort – packet sniffers ATAPI – cd rom and Tape /etc/security/limits.conf – used to limit the resources that can be used by system users. /etc/host.conf – defines the order in which hostname lookups will be performed /bin – compiled kernel /var/spool/cron/usermname – user submitted crons are stored /etc/services – file is used to associate a server process with a TCP or UDP port and provides a list of called daemons that can be controlled by inetd /etc/sys/network – used to enable networking, IP forwarding /etc/aliases – used to define alternate names for existing mail accounts, forward mail and create mailing lists /proc/pci - file contains detailed information /etc/resolv.conf – where the ip addresses of DNS servers are stored. Cannot be displayed using ifconfig ~/.Xresources – file in a users home dir that is used to customize windows for X applications such as xterm and emacs /etc/ftpusers – defines the users that are not allowed to use ftp /etc/login.defs – contains configuration settings for the shadow password suite /var/log/xferlog – by default where FTP logins and activity messages are kept ~/.vimrc – used to customize the vim text editor ~/.exrc – used to customize the older vi editor ~/.bashrc – used to customize the shell environment and run startup programs /etc/exports file can be used to restrict access to NFS shared resources by limiting access to the specified hosts and exporting a resource as read only /var/log/secure – Where authentication logs are kept. Viewable by root /var should not be on the same partition as /root
lspci - display basic information about all PCI devices in a system pnpdump – used to collect resource information about ISA plug n play devices sed –f sed_script_file input_file debugfs – low level edit a file system and can be used to recover deleted files quota – can be used by any user to view quota statistics for their user or any groups to which they belong. Root can use –g switch repquota will display user quota information by default but can display group quotas by suing the –g switch sbp2 – low level SCSI driver for use with IEEE1394 makes firewire device appear in a SCSI disk drive when mounted and makes use of the built in support for SCSI devices chage – used to set aging and expiration options for user passwords stored in /etc/passwd If and Case statements are used to make decisions whereas the for and while statements are used for looping and recursion – If – 2 outcomes Case – more than 2 outcomes
Disclaimer: These Study Guides By Erica St.John are designed to help readers obtain information and education on products and/or services to help them study. There are no warranties implied. These guides are meant to help you learn and understand. If they help you to pass the exam, that’s great. You should note, however, that this guide is not updated to reflect every change that has been made to the exams in terms of topics and depth of knowledge required. Things like that can, do, and almost certainly will change. I have written these Study Guides by notes I have goatherd while studying for various certifications. The fundamental concept is that you should NOT rely solely upon the information or opinions you read. Rather, you should use what you read as a starting point for doing independent research on computers, hardware, wireless, security, networking and the like. Then judge for yourself the merits of the material that has been shared in. You should carefully consider whether this material is appropriate for you in light of your experience, objectives, resources and other circumstances. These documents and their information are provided for guidance and information purposes only. The information contained herein has been compiled from sources deemed reliable and it is accurate to the best of my knowledge and belief; however, these documents cannot guarantee as to the accuracy, completeness and validity and cannot be held liable for any errors, out of date information or omissions. All information contained herein should be independently verified and confirmed. Erica St. John does not accept any liability for any loss or damage whatsoever caused in reliance upon such information. Reader agrees to indemnify and hold harmless Erica St.John (Girl Geekette and or Girlgeekette.net) from and against any damages, costs and expenses, including any legal fees, potentially resulting from the application of any of the information provided by these Study Guides. This disclaimer applies to any damages or injury caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, or use of record, whether for breach of contract, tort, negligence, or under any other cause of action. Reader agrees to assume all risk resulting from the application of any of the information provided by these Study Guides. By reading and or studying these documents and content contained therein, the reader agrees that the use of these Study guides and the information in them is entirely at his/her own risk. Terms of Use: You MAY use these resources in your personal studies. You may NOT claim these resources as your own. You may NOT re-package or re-distribute this resource without written permission. No derivatives. Erica St. John http://www.girlgeekette.net erica.stjohn@gmail.com

More Related Content

PPTX
Linux training
artisriva
 
PPT
Basic Linux Internals
mukul bhardwaj
 
PPTX
Software management in linux
nejadmand
 
ODP
Linux commands
Balakumaran Arunachalam
 
PPT
Rhce ppt
Mohammed Ben
 
PDF
Linux redhat final
chbashir22268
 
PPT
Basic Linux kernel
Morteza Nourelahi Alamdari
 
PDF
Linux system administration
orionsconsulting
 
Linux training
artisriva
 
Basic Linux Internals
mukul bhardwaj
 
Software management in linux
nejadmand
 
Linux commands
Balakumaran Arunachalam
 
Rhce ppt
Mohammed Ben
 
Linux redhat final
chbashir22268
 
Basic Linux kernel
Morteza Nourelahi Alamdari
 
Linux system administration
orionsconsulting
 

What's hot (20)

PPTX
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
Andrew Case
 
PPTX
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
PPTX
Linux Initialization Process (1)
shimosawa
 
ODP
Lamp ppt
Reka
 
PDF
An Introduction To Linux
Ishan A B Ambanwela
 
PDF
File systems for Embedded Linux
Emertxe Information Technologies Pvt Ltd
 
PDF
Redhat 6 & 7
r9social
 
PDF
Linux kernel
Mahmoud Shiri Varamini
 
PDF
Linux Char Device Driver
Gary Yeh
 
PDF
Programming Embedded linux
Liran Ben Haim
 
PDF
LINUX Admin Quick Reference
wensheng wei
 
PDF
AOS Lab 2: Hello, xv6!
Zubair Nabi
 
PPTX
Linux IO
Liran Ben Haim
 
PPT
Device drivers tsp
Pradeep Kumar TS
 
PDF
Linux Network commands
Hanan Nmr
 
PPTX
UNIX/Linux training
Michael Olafusi
 
RTF
Useful linux-commands
Himani Singh
 
PDF
Unix _linux_fundamentals_for_hpc-_b
Mohammad Reza Beygi
 
PPTX
Linux Initialization Process (2)
shimosawa
 
ODP
Linux Knowledge Transfer
Tapio Vaattanen
 
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
Andrew Case
 
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
Linux Initialization Process (1)
shimosawa
 
Lamp ppt
Reka
 
An Introduction To Linux
Ishan A B Ambanwela
 
File systems for Embedded Linux
Emertxe Information Technologies Pvt Ltd
 
Redhat 6 & 7
r9social
 
Linux kernel
Mahmoud Shiri Varamini
 
Linux Char Device Driver
Gary Yeh
 
Programming Embedded linux
Liran Ben Haim
 
LINUX Admin Quick Reference
wensheng wei
 
AOS Lab 2: Hello, xv6!
Zubair Nabi
 
Linux IO
Liran Ben Haim
 
Device drivers tsp
Pradeep Kumar TS
 
Linux Network commands
Hanan Nmr
 
UNIX/Linux training
Michael Olafusi
 
Useful linux-commands
Himani Singh
 
Unix _linux_fundamentals_for_hpc-_b
Mohammad Reza Beygi
 
Linux Initialization Process (2)
shimosawa
 
Linux Knowledge Transfer
Tapio Vaattanen
 
Ad

Viewers also liked (13)

PPTX
Question 1 - In What Ways Does Your Media Product Use, Develop Or Challenge F...
gizemmedia
 
PDF
Ericas-CWNA-Study-Guide
Erica StJohn
 
PDF
Ericas-Security-Plus-Study-Guide
Erica StJohn
 
PDF
Heritage of Hope Hospital Proposed Plan-1
Quincy Harris
 
PPTX
Question 1 - In What Ways Does Your Media Product Use, Develop Or Challenge F...
gizemmedia
 
PPTX
TheLeads
challa rajendra prasad reddy
 
PPTX
Question 3
gizemmedia
 
PPTX
Presentation Wijnand Jongen 2016
Thuiswinkel.org
 
PDF
Mining and Minerals SOQ
Andy Hogan
 
PDF
Bangla HTML Tutorial
Dhiman Biswas
 
PPT
Why Video? The Benefits of Using Corporate Video Production
Antonio Basile
 
PPTX
Operations_Excellence_Presentation_Promotional
Marc Hoppenbrouwers
 
PPTX
Presentación semi 20162017
ElalmacendeJotaJota
 
Question 1 - In What Ways Does Your Media Product Use, Develop Or Challenge F...
gizemmedia
 
Ericas-CWNA-Study-Guide
Erica StJohn
 
Ericas-Security-Plus-Study-Guide
Erica StJohn
 
Heritage of Hope Hospital Proposed Plan-1
Quincy Harris
 
Question 1 - In What Ways Does Your Media Product Use, Develop Or Challenge F...
gizemmedia
 
TheLeads
challa rajendra prasad reddy
 
Question 3
gizemmedia
 
Presentation Wijnand Jongen 2016
Thuiswinkel.org
 
Mining and Minerals SOQ
Andy Hogan
 
Bangla HTML Tutorial
Dhiman Biswas
 
Why Video? The Benefits of Using Corporate Video Production
Antonio Basile
 
Operations_Excellence_Presentation_Promotional
Marc Hoppenbrouwers
 
Presentación semi 20162017
ElalmacendeJotaJota
 
Ad

Similar to Ericas-Linux-Plus-Study-Guide (20)

PPTX
Linuxtraining 130710022121-phpapp01
Chander Pandey
 
PPT
unixkkkkmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmkkk.ppt
sufiankedir156
 
PPTX
CSA-lecture 6.pptx
UsmanAshraf656960
 
PPTX
linux_admin_course_full_for beginers.pptx
tejas2429
 
PPTX
Unix Shell Script - 2 Days Session.pptx
Rajesh Kumar
 
PPTX
Basic Linux Administration - 3.pptxon server
RekeshPatel
 
PPTX
Linux
RittikaBaksi
 
PPT
4. Centos Administration
Mohd yasin Karim
 
PPTX
Daemons
christina555
 
PPT
redhat_by_Cbitss.ppt
VikrantSChohaan
 
PPTX
Linux Basics
Lokesh C
 
PDF
Linux
Giridaran Manivannan
 
PPT
3. introduction of centos
Mohd yasin Karim
 
PDF
Comandos linux bash, f2 linux pesquisa, http://f2linux.wordpress.com
Wlademir RS
 
PPTX
Linux week 2
Vinoth Sn
 
PPT
Linux
Patruni Chidananda Sastry
 
PPTX
Linux Commands all presentation file .pptx
AshutoshPrajapati30
 
PDF
LinuxCommands (1).pdf
AnkitKushwaha792697
 
PDF
#WeSpeakLinux Session
Kellyn Pot'Vin-Gorman
 
PPTX
Linux Fundamentals
DianaWhitney4
 
Linuxtraining 130710022121-phpapp01
Chander Pandey
 
unixkkkkmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmkkk.ppt
sufiankedir156
 
CSA-lecture 6.pptx
UsmanAshraf656960
 
linux_admin_course_full_for beginers.pptx
tejas2429
 
Unix Shell Script - 2 Days Session.pptx
Rajesh Kumar
 
Basic Linux Administration - 3.pptxon server
RekeshPatel
 
Linux
RittikaBaksi
 
4. Centos Administration
Mohd yasin Karim
 
Daemons
christina555
 
redhat_by_Cbitss.ppt
VikrantSChohaan
 
Linux Basics
Lokesh C
 
Linux
Giridaran Manivannan
 
3. introduction of centos
Mohd yasin Karim
 
Comandos linux bash, f2 linux pesquisa, http://f2linux.wordpress.com
Wlademir RS
 
Linux week 2
Vinoth Sn
 
Linux
Patruni Chidananda Sastry
 
Linux Commands all presentation file .pptx
AshutoshPrajapati30
 
LinuxCommands (1).pdf
AnkitKushwaha792697
 
#WeSpeakLinux Session
Kellyn Pot'Vin-Gorman
 
Linux Fundamentals
DianaWhitney4
 

Ericas-Linux-Plus-Study-Guide

  • 1. Erica's Linux Plus Study Guide ESN ID 7832506060670038649
  • 2. /proc • Performance degrading – directory contains most files which can give you most info about the running services and current hardware level activity • -cpu – memory and CPU info • Contains kernel and process information Printer • lprm – remove print job from queue • lpq – view print queue /status • lpr – print o -# Allows you to print multiple copies • lpstat –h – printhost waiting print jobs w cups. –h specifies cups server to communicate with • /etc/printcap – used to setup printer ( /dev/lp0 ) • printcap – needs to be restarted to use a new install • cupsd – common Unix printing system daemon – daemon used for printing • cupsd and lpd – printer daemons that queue and print jobs • lpc o Maintains print queues o Command is used to control the operation of the line printer daemon • print filter – converts program output into a suitable format for printing before passing it on to the print spooler • /etc/printcap.samba – a list of printers that are shared out to windows clients • line printer daemon usually loaded at boot • The daemon looks in /var/spool/lpd for jobs to print init • Program that reads /etc/inittab • telinit usually a symbolic link to • /etc/init.d – startup scripts • init.q – make changes to inittab, used to run changes • parent process of httpd inittab ( /etc/inittab) • Edited to add gettys to runlevel3 • Read by init (telinit) • init=/bin/sh – used to recover password in run level 1 • 3rd field - action – how to handle shutdown • -t – sec delay in seconds (default 5) • -a – ctrl/alt/del physical access – checks shutdown.allow • -r – reboot after shutdown (changes runlevel 6) • -k – fakes a shutdown (sends msg, but doesn’t shutdown) • -h – halt after shutdown (changes runlevel 1 or 0) • -c – if you initiate shutdown, this cancels • -f – skip fsck upon reboot • -F – forces fsck upon reboot • now hh:mm +m minutes /etc/shutdown.allow runlevels • 0 – shutdown (halt) • 1 – single user (root password changed here) • 2 – multi user w/o NFS (same as 3 w/o networking) • 3 – command line (full multi user mode) • 4 – unused • 5 – GUI / X11 • 6 – reboot endlessly route • Used if machine is functional • route add –net 192.168.1.0 netmask 255.255.255.0 reject (deny 192.168.100.0/24 network) mask out networks before routing – not for firewalling • route add default gw 10.1.1.1 samba (smb) port 139 • mount share – smbmount //servername/sharename /mount_dir –o username=mywindowsusername password = mywindowspassword • guests ok=yes – user to access public share on this server w/o authentication • boot - //servername/sharename /mount_dir smbfs username=mywindowsusername password = mywindowspassword 00 ssh – secure shell (encrypted) port 22 • –c 3des 10.0.0.2 (blowfish, 3des des) • -l login_name • -6 forces ssh to use ipv6 only crontab • -u – see who has what crontab • crontab –u steve –l o –l list o –r removes -u specify user • 0-59 0-23 1-31 1-12 0-6 command • min hr day /mo day/yr day/wk (Sunday=0) hosts.allow • Added to allow network (192.168.1.0) • Can be configured to LRP access for special hosts • Can allow based on domain or ip hosts.deny • can deny based on domain or ip fdisk • -p partition table • -l list partitions for devices and drives • -n creates new partition • -w must write to the partition table for it to take effect Xwindow • /etc/x11/X86Config • export DISPLAY = remote:0.0 – user view Xwindow from remote system on their local system • XF86Config – default XFree86 Config • XFree86Setup o mainly used to do initial video card config after immediately installing Linux. o Can also be used to configure a mouse, monitor and video card settings o Can only be used to configure VGA compatible video cards o Is a GUI VI • i enter insert mode at the current position of the cursor • A moves the cursor to the end of the line and puts vi in insert mode • D deletes all text from the cursor to the end of the line • G move the cursor to the end of the file • :q! – quits w/o saving • :w – writes (saves) • :x – exits & saves • s/match/replace/g  aka regex 32,56 s/guy/gal/g • :wq or ZZ writes and exits • : line mode – currently on override with numbers
  • 3. file system • e2fsck - check bad super block • ext2 – good for expansion later o Filenames up to 255 characters o Max partition size of 4TB o Reserved blocks to allow root to free up space in full file systems • ext3 o mke2fs –j (/journaling) o mkfs.ext3 o mkfs.ext2 –j o mkfs –t ext2 –j o mke2fs -j • reiserfs o Journaling o Disk quota o Encrypted files o Compression o Partitions up to 16 GB • vfat – on a dual boot, Linux and windows available to users How to - latest – Linux Documentation Project • /usr/doc/howto Man Pages • updatedb • man –k path to man files • apropos – search shot description of man files • makewhatis – index the manpages info (pages) • info info • info pages contain more current pages than man pages • info pages are broken into sections called nodes • info pages make use of hypertext links tar • -xzvf Linux -2.4.3.tar.gz kernel • -cvf (filename) (location) backup • -z compress or uncompress a tar archive using gzip • -v verbose • -f specify a file or location other than the default /dev/rmt0 • -x specifies that the tar archive is to be extracted • -d is used to compare an archive of the file system and report the differences • -A append specified files to an existing archive • -u looks at an existing archive and will append files that have been updated since the archive was made, effectively performing an incremental backup bunzip • package.rpm.bz2 • tar -cvvjf filename file1 file2 file12 logfiles • /var/log/messages  crash and reboot here • /var/log/mail • /var/log/wtemp • /etc/syslog -> modify log daemon • dmesg – all messages since boot modules • /etc/conf.modules • rmmod – remove modules • modprobe – remove, list and add modules, autoclean, load modules • lsmod – show all loaded kernel modules NIS • ypwhich – which NIS client bound to NIS server • ypcat passwd – verify NIS client is reading auth info from NIS server • /etc/nisserwitch.conf – used to config which services are to be used to determine info like hostnames, password files, group files • ypinit –m generate the NIS database • ypmatch – used to display the value of a specified key in an NIS database Partition Type (FS) • 82 – Linux Swap (cannot be mounted with mount command) • 83 – Linux Native • 85 – Linux Extended ACPI • Advanced Control and Power Int. • /etc/acpi/events/power  map power button to specified command Passwords • /etc/passwd - / in front of name disables password in this file • pwconv creates and updates /etc/shado w/info from /etc/passwd – converts using standard passwords to shadow passwords • Shadow password moves password to a separate file w more restrictive permissions DNS • If IP address of one of the internet root name servers changes, edit root.hints • Edit DNS – named.conf to tell DNS over what domains it is hosting or serving ttySx • TTyS0 – Com 1 • TTyS1 – Com 2 • TTyS2 – Com 3 • TTyS3 – Com 4 PAM – Pluggable Authentication Modules • Change encryption types (Other than DES for passwords) • Set resource limits on users (can’t DOS) • Enable Shadow passwords on the fly • Allow specific users at specific times at specific places RPM – Red Hat Package Manager • -q query • -f package that owns file rpm –qf /etc/www/ • -F freshen • -I install a new package • -U upgrade • -e remove package • -l lists packages that own the specified files • -h gives you a progress bar dmesg • dmesg | grep CPU – CPU messages during boot • All messages during boot. Used to examine or control the kernel ring buffer. The program helps users to print out their boot up messages.
  • 4. netstat • Displays only local machine • netstat -a | grep ftp – confirm ftp daemon working • -a lists all connections and listening ports • -t shows only tcp ports • -u shows only udp ports • -r shows the kernels routing table | process , redirect • Named (script) to process contents of file name2 – name | name2 • Pipe used to take the output of one command and redirect it from the screen to the input of another command • command1 | command 2 – send the output of command1 as input to command 2 > • nameA > nameB – redirect output from nameA to nameB • 2> redirect something other than the default stream • command > file - send the output of command to a file instead of the screen • command1 > file2 > file2 – send the standard output to file 1 and standard error to file 2 of command (Bash) >> • Redirect and append • command >> file – append the output of command to file & • command 2>&1 - combine the standard error to standard output (bash) • command 2>&1 > file - same as above except redirect the combined output to a file (bash) • command >& file1 –combine the standard error and standard output and send it to file 1 (Csh) • command2>&1 > file1 – same as above except append to file 1 instead of overwriting it (Csh) < • Used to redirect the input source to a specified file (same as cat data | foo) cat data > foo will insert the contents of ‘data’ into the file named foo. << Is not a valid redirection symbol • command < file – use the contents of file as input to command instead of reading from the keyboard Swap • Cannot be mounted using mnt • Preferred file system for the virtual memory Lilo • /etc/lilo.conf • /sbin/lilo – run to update lilo info in MBR • -t test before using • Stores kernel boot information in the MBR • Cannot read ext2 partitions Grub • Provides an interactive menu for manually booting the system Sticky Bit • “s” in perms • Was used in the past to lock files in memory used today on dirs • With sticky bit and write perms, other users can add files but not del on dirs • chmod 1000 • rwxrwxrwt  “t” sticky bit Directories • / contains all other directories • /root- contains home dir of root • /bin – Binary commands – all users • /boot – Linux kernel files used by boot loader • /dev – device files • /etc – system specific config files • /home – home users dirs • /lib – shared program libraries • mnt – empty dir for mounting drives • /opt – stores additional software programs • /proc – process and kernel info • /root – root home dir • /sbin – system binary (admin) • /tmp – temp files • /var – log files and spools – when full, cant print but everything else works ok • /usr o /usr/bin – user bin commands o /usr/games – games and programs o /usr/include – c program header files o /usr/lib – user libraries o /usr/local – local programs o /usr/sbin – system bin commands o /usr/share – architecture independent o /usr/src – source code for user o /usr/x11r6 – Xwindow top shows • Number of processes • Memory and swap file usage • Current uptime • Number of currently logged in users • System time • CPU usage su • -c passes single commands to users shell • -m does not reset the environ. Variables • -s runs shell • - - Displays help Fiberoptics affected by: • Chromatic Dispersion • Attenuation userdel • -r wipes user and home directory • By itself removes user but not home dir makefs • Make fs type • Erase data snort • Intrusion detection • Packet sniffing • Packet logging
  • 5. chmod • Never changes the permissions of the symbolic link. Instead, it changes the perms of the file it points to • [ugoa][+-=][rwxXstugo] o u user owns o g users in a group o o others not in the group o a all users o r read o w write o x execute o X execute only if file is a dir or already had execute perms for same user o S set user or group on execution o T save program text on swap device o u permissions for users who owns the file it has on it o g permissions for users in a file group that have it o o others not in group currently have for it Listing types ls –f • @ Linked • * Executable • / Subdir • = Socket • | Named pipe File Type characters ls –l • D – directory • L – symbolic link • B or c – special devices • N – named pipe • S – socket • - other file types SCSI • sg – generic SCSI module • st - the SCSI tape module • Aic7xxx – generic SCSI disk module • Controller usually assigned ID 7 • Ultra3 SCSI – 16bit bus • Ultra Wide SCSI – 16bit bus • Wide SCSI – 16bit bus • Ultra2 SCSI – 8 bit bus RAID • 0 striping – no redundancy – smallest space – no parity • 1 mirrored disks • 2 • 3 • 4 • 5 reserves one disk for parity data cpio • Also used to create extract and view archives, handles tar • -I tells cpio to read from standard input • -t lists files • -v verbose output • Copy files into an archive • Restore files from an archive • Copy an entire directory tree into another location • Can be used to restore archives from cpio and dump – it can read tar archives and its own backups • Incremental – only copies files that have changed since the previous backup • full – backs up everything ps • -u shows uid transitions • pstree shows running processes as a tree • Kernel processes are shown in brackets umount • /umount /floppy unmount • -a unmounts fs in /etc/mtab vmstat • Used to display amount of virtual memory in use • Used to display the amount of time the processor spends executing kernel code • Used to display the number of CPU interrupts per second Soft Links • Can be broken if the linked file is moved • Can be on different partitions env • Display current environment variables • Environment variables can contain letters and numbers and underscores. The first character must be a letter or underscore Prevet potential security risks • Keep up with CERT advisories • Search /etc/passwd for lines with uid0 • Run ‘ find / -perm –4000 ’ Sed • Text editor • Used to perform text editing features on the stream of text, usually piped from a file • No visual editing /etc/fstab • System disk space quotas edited with edquota command • Can be used to set mount permissions on devices. Options include: o Mounting read only o Mounting auto at boot up o Allowing all users to mount the device usermod • –c comment user – add a comment about user • Can be used to o Disable a user’s account o Move a users personal files to a new home dir o Change a user’s login name o Change a user’s group membership groupmod • Changes the name of a group • Changes the value of the GID usb • usbcore – First to load to provide any usb functionality • Assigned the next available SCSI drive device • /sbin/hotplug searches /etc/hotplug for an appropriate driver • uhci – module for usb support kbconfig • A simple tool for configuring is a simple tool for configuring the default keyboard map • Same as editing /etc/sysconfig/keyboard file Xhost • Used to grant or deny access to a remote host on a local X server. • Xhost +- hostname • Not very secure • Easy to accidentally configure an X server to accept connections from all hosts and does not differentiate between different users logged on to the same remote host chgrp • Used to set the group owner of a file or directory • chown :Sales file and chgrp sales file the same
  • 6. chkconfig • Used to display a listing of services that are enabled or disabled for a given runlevel • Used to change the state of a service ifconfig • changes are only temporary and will resume reg upon reboot • can be used to configure o promisc o netmask o irq find • .-uname root – recursively search through all subdirs from current dir for files owned by root • -m time 2 – locate files that have been modified in the past 2 days • Can only search through a directory tree for files that meet a given criteria • find / -user 0  find all files owned by root • More powerful search options than locate locate • Faster than find • Locate does not store file permissions and ownership • Pretty much obsolete • Usually a link to slocate now (/usr/bin/slocate) slocate • Secure locate • Stores file permissions an ownership • Results will not show files a user does not have permission to access grep • Used to search for a pattern in a file or in standard input • Cannot delete or change text by themselves • -A or –B tells grep to display a specifically number of lines before and /or after the search string • -c tells grep to only display a count of the number of matches • -I tells grep to ignore the case when searching for a string mount • -a automount all filesystems listed in /etc/fstab • /etc/fstab a list of all file systems that can be mounted • /etc/mtab a list of all file systems that are mounted Apache • httpd –d /home/user/html  working dir set from Command Line • -R libexecdir • -d serverroot • -f config • -C directive (-c) • -D parameter • httpd.conf mapping of SSL cert • Default config /etc/httpd/conf/httpd/conf • Comanche – the GUI for the apache config • apachectl – a command line tool that makes performing common s- web server tasks simpler. It allows an admin to start stop and check the status of a webserver. SGID • chmod g+s /home/ourgroup  files in this group have ownership identical to the Directory • Allows reg users to execute a bin compiled program and become members of the group that is attached to the file SUID • Cannot add SUID to a shell script • If set on a file and that file is executed the person who executed the file temporarily becomes the owner of the file while it is executing. • Only bin compiled • Ping an example • Find / -perm –4000 –user root iptables • -n numeric output • -l list all the rules in the chain  check current iptables cfg • Three chain rules – input output and forwarding • Firewalls it can create: o Application-level gateway o Stateful (inspection) o Packet filter dir ls • drwx - - x - - x 10 jsmith staff 1024 May24 2058 • D- Directory • Perms 7 (rwx) 1 (- - x) 1 (- - x) • 10 – links to it • jsmith – owner • staff – group • 1024 – size • May 24 - date • 2058 – time ls switches • -l long • -lh long in human terms • -t time modified • -a - -a all filenames • -A - - almost-all most all • -C – in column form • - - color=n names w/o colour • -f all w/o sorting • -F - - classify class by type • - - full time – long format by modification time • -lg long w/ no group • -r reverse sorted • -R recursive • -s size by KB • -S by file size • -U w/o sorting • -x rows, not columns xinetd • /etc/xinetd.d/telnet  enable telnet • Contains a file for each service managed by xinetd. o Service name o Port number o Socket type o User to run as o Path to the binary executable tail • tail (#) filename – lists last # of lines of file • Should not be viewed using the tail command: o lastlog o wtmp mkfs • can create o MS-DOS o Swap o Minix
  • 7. CD record • mkisofs dev=device[tack option[ track1 … • /tmp/tocd | cd record device = 0,0,0- File Permissions (use chmod) • +1000 = stickybit “t” • /tmp = 1777 • SUID 4 – SGID 2 – STICKY 1 • 0 – • 1 – – x • 2 – w – • 3 – w x • 4 r – – • 5 r – x • 6 r w – • 7 r w x • rwrwxrwx  suid sgid sticky bit  rwsrwsrwt • Special perms must have execute permissions, if not capital letter • rwxrwxrwx  rw-rw-rw  rwsrwsrwt sendmail –qp5m – process mail every 5 minutes checksum – md5sum package_name mac – hexadecimal number makes nic uniqueue arp – mac to ip .profile – add path to .profile for man pages in other languages DHCP – pump minicom – dx tool to test modem DMA – direct memory access – sound card – transfers data to memory w/o cpu intervention cpu –ps – high time slow machine loadlin – reconfigured to load Linux cat – cannot change contents of a file whereis – searches dirs hardcoded into cmd WEP – Wired Equiv. Privacy – wlancfg configure WEP encryption – DES least secure rbash – r=restricted – limited permissions date – /etc/timezone – sets default edquota – edit quota for user – edquota name(user) useradd – add user to a group (telnet) whodo – used to find out who has scheduled job head – displays the first 10 lines of a text file last – searches /var/log/wtmp and displays who has logged onto the machine and when lastb – searches /var/log/btmp for bad logons Path – export PATH=$PATH:/usr/local/program1/bin  add /usr/local/program1/bin to the path and make it active in current shell chown –R <usernew><file> - change owner of a file shadow passwords – use MD5 encryption /etc/shadow manpath – quickly displays location of the man pages currently being searched when using the man command alien –to –rpm solitaire.deb – used to convert Debian software to RPM uname –r shows kernel version no umask – sets initial file permissions when files are created parallel port – 25 pin female on back of comp named pipe - Identifies a channel that passes information from one process in memory to another and in some cases can be mediated by files on the hard rive. Writes to the files are processed while another process reads from it to achieve this passing of info socket - allows a process on another computer to write to a file on the local computer while another process reads from that file rpcinfo – used to probe for available RPC programs on a given machine dig – utility for retrieving info from a DNS server yum – allows admin to easily administrate and update installed RPM packages as new bug fixes are released apt-get - the similar Debain tool used to update debian packages sodoers file – allows you to have limited root access to users w/o giving away the root password. They will be asked for their password ifdown eth0 can stop the first Ethernet interface ifup can be used to start the first Ethernet interface acpid – Advanced Config and Power Interface - must be running in order to put the workstation into hibernate or sleep mode mailq – used to list messages in the mail queue that are waiting to be processed regex – used to determine if a test string matches a given regular expression mountd daemon - reads a list of exported file systems when it is started. If a new file system is exported, mount needs to be told of it exports –r - refreshes the file read by mountd Visudo – the best tool for editing the sudoers file. – Uses the default text editor but locks the suoders file to prevent multiple users from editing the file simultaneously and overwriting each others changes nohup – allows that process to continue executing even after you log out nmdb – Netbios Name resolution daemon. – Needs to run in order to resolve netbios names MBR – Best place to install LILO or GRUB if you dual boot with windows98 renice and top can be used to lower the priority of a running process the that it only executes when the CPU is idle NFS - mount server:share mountpoint renice –20 –u backup – will change all processes started by members of the backup group to the lowest scheduling priority nice – is a basic command for starting a process with an adjusted property bg %1 and %1 & will move job number 1 to the background rsh = rlogin kickstart - used to install RH over a large number of systems across a network tripwire and akick – tools that maintain a database of file properties. ethereal and snort – packet sniffers ATAPI – cd rom and Tape /etc/security/limits.conf – used to limit the resources that can be used by system users. /etc/host.conf – defines the order in which hostname lookups will be performed /bin – compiled kernel /var/spool/cron/usermname – user submitted crons are stored /etc/services – file is used to associate a server process with a TCP or UDP port and provides a list of called daemons that can be controlled by inetd /etc/sys/network – used to enable networking, IP forwarding /etc/aliases – used to define alternate names for existing mail accounts, forward mail and create mailing lists /proc/pci - file contains detailed information /etc/resolv.conf – where the ip addresses of DNS servers are stored. Cannot be displayed using ifconfig ~/.Xresources – file in a users home dir that is used to customize windows for X applications such as xterm and emacs /etc/ftpusers – defines the users that are not allowed to use ftp /etc/login.defs – contains configuration settings for the shadow password suite /var/log/xferlog – by default where FTP logins and activity messages are kept ~/.vimrc – used to customize the vim text editor ~/.exrc – used to customize the older vi editor ~/.bashrc – used to customize the shell environment and run startup programs /etc/exports file can be used to restrict access to NFS shared resources by limiting access to the specified hosts and exporting a resource as read only /var/log/secure – Where authentication logs are kept. Viewable by root /var should not be on the same partition as /root
  • 8. lspci - display basic information about all PCI devices in a system pnpdump – used to collect resource information about ISA plug n play devices sed –f sed_script_file input_file debugfs – low level edit a file system and can be used to recover deleted files quota – can be used by any user to view quota statistics for their user or any groups to which they belong. Root can use –g switch repquota will display user quota information by default but can display group quotas by suing the –g switch sbp2 – low level SCSI driver for use with IEEE1394 makes firewire device appear in a SCSI disk drive when mounted and makes use of the built in support for SCSI devices chage – used to set aging and expiration options for user passwords stored in /etc/passwd If and Case statements are used to make decisions whereas the for and while statements are used for looping and recursion – If – 2 outcomes Case – more than 2 outcomes
  • 9. Disclaimer: These Study Guides By Erica St.John are designed to help readers obtain information and education on products and/or services to help them study. There are no warranties implied. These guides are meant to help you learn and understand. If they help you to pass the exam, that’s great. You should note, however, that this guide is not updated to reflect every change that has been made to the exams in terms of topics and depth of knowledge required. Things like that can, do, and almost certainly will change. I have written these Study Guides by notes I have goatherd while studying for various certifications. The fundamental concept is that you should NOT rely solely upon the information or opinions you read. Rather, you should use what you read as a starting point for doing independent research on computers, hardware, wireless, security, networking and the like. Then judge for yourself the merits of the material that has been shared in. You should carefully consider whether this material is appropriate for you in light of your experience, objectives, resources and other circumstances. These documents and their information are provided for guidance and information purposes only. The information contained herein has been compiled from sources deemed reliable and it is accurate to the best of my knowledge and belief; however, these documents cannot guarantee as to the accuracy, completeness and validity and cannot be held liable for any errors, out of date information or omissions. All information contained herein should be independently verified and confirmed. Erica St. John does not accept any liability for any loss or damage whatsoever caused in reliance upon such information. Reader agrees to indemnify and hold harmless Erica St.John (Girl Geekette and or Girlgeekette.net) from and against any damages, costs and expenses, including any legal fees, potentially resulting from the application of any of the information provided by these Study Guides. This disclaimer applies to any damages or injury caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, or use of record, whether for breach of contract, tort, negligence, or under any other cause of action. Reader agrees to assume all risk resulting from the application of any of the information provided by these Study Guides. By reading and or studying these documents and content contained therein, the reader agrees that the use of these Study guides and the information in them is entirely at his/her own risk. Terms of Use: You MAY use these resources in your personal studies. You may NOT claim these resources as your own. You may NOT re-package or re-distribute this resource without written permission. No derivatives. Erica St. John http://www.girlgeekette.net erica.stjohn@gmail.com