linking files and the inode

• identifies files
• permissions
• ownership
• date and time stamps
• paths to data on file system
• everything about the file except for the file name itself

1
2

someuser@somehost ~/workspace/someuser_/redhat_training > ls -li asdf
139117524 -rw-rw-r--. 1 someuser someuser 0 Nov 26 16:23 asdf

flag -i shows inode id 1 = one name pointing to that file

1
2
3
4
5

someuser@somehost ~/workspace/someuser_/redhat_training > ln asdf asdf2
someuser@somehost ~/workspace/someuser_/redhat_training > ls -li
total 0
139117524 -rw-rw-r--. 2 someuser someuser 0 Nov 26 16:23 asdf
139117524 -rw-rw-r--. 2 someuser someuser 0 Nov 26 16:23 asdf2

same inode, now there are 2, with same id, and both say there are 2 files pointing to that same id

if you have a program looking for a file, and it doesn’t exist, renaming the file might break something else, so link a new name to the existing file instead

have to create a link on the same file system with hard links

soft links allow you to create links across file systems, and they get new inodes

1
2
3
4
5

someuser@somehost ~/workspace/someuser_/redhat_training > ls -li
total 0
139117524 -rw-rw-r--. 2 someuser someuser 0 Nov 26 16:23 asdf
139117524 -rw-rw-r--. 2 someuser someuser 0 Nov 26 16:23 asdf2
139117525 lrwxrwxrwx. 1 someuser someuser 4 Nov 26 16:27 asdf3 -> asdf

lrwxrwxrwx the ‘l’ indicates it is a link

with soft link, removing file that is pointed to breaks the link, and accessing it by file pointed from results in empty file

until you delete a last file that points to an inode, the inode will continue to exist. hard links point to inodes, soft links point to other files

shell expansion

ls * is default

ls ?file match any single character, then ‘file’

ls [ace]* match OR whatever is in []

ls [^ace]* match NOR whatever is in []

ls [[:alpha:]]* show all files starting with alpha chars

ls [[:digit:]]* show all files starting with digits`

also see alnum or punct

brace expansion

echo {Sun,Mon,Tues,Wednes}day.log Sunday.log Monday.log Tuesday.log Wednesday.log

sequences in brace expansion touch song{1..5} song1 song2 song3 song4 song5

use braces to specify the boundaries of a variable, but you don’t have to

variables

${MY_VAR} $MY_VAR

only needed for strings that combine variables with special characters, like underscores

$FIRST_$LAST will fail with vars FIRST AND LAST ${FIRST}_${LAST} will not

command substitution

backticks are older, not recommended $() is preferred

double quotes are weaker, single quotes are strong (stronger because only need one of them); single quotes will not allow command substitution, double quotes will

prefixing special chars like $ with \ will take away the special meaning of the next character (escaping), this will prevent expansion in a double-quoted string

managing files (again)

cd - : take me to the previous working directory

getting help (man pages)

MAN(1) : the 1 is the ‘section’

man -k somestring : search for man pages

whatis something : show man page references

man something : shows first section matched; if something is in multiple sections, use man 5 crontab

anything in a man page in square brackets is optional

searching inside man pages is not case sensitive

export LESS='-X' says don’t clear the screen when exiting less

shift+g = end of man page g = beginning of man page d = scroll down 1 half-page at a time u = up 1 half-page at a time /string = search for string, use n to go to next match ? reverse search

section 8: daemons or administrative commands

getting help (info)

hyperlinks, less rigid than man pages

pinfo

eh, arrows don’t work, do i really need this anyway?

redirecting output

channel 0 : stdin channel 1 : stdout channel 2 : stderr channel 3+ : files

what does the & in 2>&1 mean?

there’s a more modern technique to redirect

write

1

ls /shoe /boot &> combined_2.log

append

1

ls /rav /var &>> combined_2.log

useful to hide errors from find when you don’t have permission to see it

1

find / -iname passwd 2> /dev/null

< to indicate input

tee command sends to stdout and saves to a file

1

somecommand | tee output_file

tee -a will append to the file instead

vim

modes

• insert (i)
• command (default)
• extended command (:)
• visual (v)

cw : change word, deletes word and puts you into insert mode

v : visual mode

ctrl+v : visual block mode shift+v : multiline mode

use vimtutor for interactive training tutorial

changing the shell environment

set : modify env

env : will not modify env

EXPORT : change env for all future commands

env MYVAR=some text : adds var MYVAR to current env

chapter 6: user and group concepts

whoami

id : show id details

/etc/passwd : has accounts on system

first char is x and represents password, which used to be stored here

/etc/group : has groups

1
2
3
4

someuser@somehost ~ > cat /etc/group | grep someuser
libvirt:x:00000:someuser
dockerroot:x:00000:someuser
docker:x:00000:someuser

user types:

• superuser
• system accounts
• regular users

the super user

gets its power from being UID 0, not from being ‘root’

su : switch user

as root, you don’t need the password of the user you want to switch to

man page explains the significance of the - in su - , which just means start login shell

what is the /etc/shadow file?

visudo is a thing, lets you edit the sudoers file, which can only be edited with the visudo command

%groupname : % is how group names are identified in the visudo file

use NOPASSWD: somecommand for allowing specific commands without sudo

sudo -i : logs you in as root user, gets shell, but you don’t need to know the root user’s password; but su requires you to know the password

1
2
3
4
5

someuser@somehost ~ > su -
Password:
su: Authentication failure
someuser@somehost ~ > sudo -i
root@somehost ~ >

managing local user accounts

useradd -- : useradd adds a user

userdel -- : userdel deletes a user, but by default will retain the directory; use -r; without -r, the inode will still exist with the user’s old, but the id will be available for reassignment, so the next user created will have access to the previous user’s files

usermod -- : changes properties of user

getent : name service switch libraries, can investigate details about users

groupadd -- : add groups

managing user passwords

/etc/shadow where hashed passwords are stored; first $ is the hash type, second $ is the salt value, third $ is the user’s password hash

also shows how long since, how long until change, how soon they can change again, how many days to warn, how many days they can log in after it expires, etc.

Numbers in the 17995 range are how many days since jan 1 1970

chage is used to change aging information for user’s password

chage -l $USER will show the details about the user’s password

usermod -L locks the account by putting a ! in front of password hash

usermod -U unlocks the account by removing the ! from in front of the password hash

the /etc/shadow will show the ! in front of the hashed password

allocate a user a no-login-shell to prevent them from sshing to the system\

useradd theusername -s /sbin/nologin : sets the shell field of the /etc/passwd entry to /sbin/nologin, will show them ‘This account is currently not available.’

/etc/login.defs : shows login defaults for new users—

controlling access to files

• ‘-’ : normal file
• ’d’ : directory
• ‘l’ : link

permissions evaluated by: user > group > other

execute on directory means the content of that directory can be accessed

chmod chown

only the root user can transfer ownership

as separator between owner and group for chown, can use :newgroup for just group; newuser: ? or newuser ? for just user

. could be used in the past, still possible, but don’t, because you could have a period in the user’s name

ugo

1
2
3
4

chmod o+rwx
chmod o=rwx

chmod -R a=rX

-R for recursive permission set X means we’re going to give you read and execute to directory, but only read permissions to the content of the directory Cap means ignore on recurse?

managing default permissions

more than 3 permissions

sticky bit

can use leading 1

applicable only to directories

1
2
3
4
5
6
7

mkdir asdf
chmod o+t asdf
ls -alt
total 8
drwxrwxr-x.  3 someuser someuser   94 Dec  2 19:43 .
drwxrwxr-t.  2 someuser someuser    6 Dec  2 19:43 asdf

in a collaborative directory where you have write perms to the dir, sticky bit would mean you can only delete files that you are the owner of

lowercase t means execution perm for other, and also sticky bit; T would mean just sticky bit

blocked operation would return ‘Operation not permitted’

Setting the sticky bit with octals:

chmod 1770 thefile

the first octal is the sticky bit: 1 for set, 0 for unset

grid or ‘GroupID’ - ‘Set GroupID bit’

can use leading 2

applicable to dirs or files

1
2
3
4

# add
chmod g+s somefile
# remove
chmod g-s somefile

means executable runs with the permissions of the owning group of that executable

uid or ‘UserID’ - ‘Set UserID bit’

can use leading 4

applicable only to files

1
2
3
4

# add
chmod u+s somefile
# remove
chmod u-s somefile

default permissions, umask

dirs: 777 files: 666

1
2

someuser@somehost ~/workspace/someuser_/redhat_training > umask
0002

umask takes away from defaults, so 0002 will take away write from other

dirs: 775 files: 664

1
2
3
4

# means UID greater than 199; normal users start at 1000
[ $UID -gt 199 ]
# means primary group name equal to username
[ "`id -gn`" = "`id -un`"

monitoring and managing processes

zombie process: when child is done it frees up its reasources except for its process ID; then it’s just an etry in the parent’s process table; parent wakes up and clears process table

stopped is different from terminated

PTS : pseudo terminal session

ps -ef

bash shell running inside terminal emulator program, and allocated a pt

PID1 is systemd

top

controlling jobs

use & to run process in background, which allows it to write to stdout and lets you run additional processes

fg %1

1
2
3
4
5
6

user@host ~/workspace/cloudtv_/simulacrations > sleep 200 &
[1] 23282
user@host ~/workspace/cloudtv_/simulacrations > jobs
[1]+  Running                 sleep 200 &
user@host ~/workspace/cloudtv_/simulacrations > fg %1
sleep 200

killing processes

19 SIGSTOP stops process, but doesn’t term/kill it 15 SIGTERM terminates, is nice, waits for process to end gracefully 9 SIGKILL kills, less nice 1 SIGHUP takes config file and re-inits it into memory

pkill looks up processes based on name or other attributes

kill a user’s login session

1

pkill -t pts/2

send SIGSTOP to job #1 to stop it

1

kill -SIGSTOP %1

send SIGCONT to job #1 to continue it

1

kill -SIGCONT %1

monitoring process activity

load average is : 1 minute, 5 minutes, 15 minutes moving exponential average

1
2

user@host ~/workspace/cloudtv_/simulacrations > uptime
 17:12:56 up 80 days,  8:57,  4 users,  load average: 0.51, 0.38, 0.34

figure out how many logical CPUs you have, and divide the load average by that number, yield is percent of load over period of time. 100% is fully loaded, more is overloaded.

lscpu : see how many CPUs you have I have 4

controlling services and daemons

the six stages of systemd

units are initialized by systemd

• service
• socket
• target
• device

systemctl : see status of units

systemctl list-units --type=service : just see services

systemctl status $SERVICE_NAME : see status of a service

systemctl status sshd : check sshd status, disabled is default

masking and unmasking

using ssh

stores user fingerprints on user’s server in known_hosts, which is a record of servers visited

man in the middle, fake server configures itself with the ip address of servera, but fake server will have a different fingerprint, which will fail to match against the known-hosts file and warn about a man-in-the-middle

what may have happened instead is that servera was restored, and they forgot to back up the fingerprint information

you can add the correct known key to fix this error

can put settings in ~/.ssh/config to enforce strict host key checking and set the default auth method to ssh keys

configuring ssh key-based authentication

asymmetric cryptopgraphic mechanism

private key

• for descrypting data
• may be secured with passphrase public key
• for encrypting data
• publicly accessible
• saved on target ssh server in home directory

connecting:

• remote machine will generate a challenge, which is encrypted with your public key
• if you can decrypt the data with your private key, you are allowed to make a connection

ssh-keygen : generate a key via prompts

ssh-copy-id -i ~/.ssh/custom_key.pub serverb : add your public key to the remote server; requests passphrase; adds public key to ~/.ssh/authorized_keys on remote machine

ssh -i .ssh/custom_key serverb : connect with a custom key

ssh-agent is used to temporarily store your private key for use

ssh-add ~/.ssh/custom_key : this no longer requires user to enter password every time

customizing openssh service configuration

locking down ssh daemon so it’s more secure; prevent the root user from logging in

ssh root@server : bad

vim /etc/ssh/sshd_config : NOT ssh_config, which is the global client config for ssh

change PermitRootLogin yes to PermitRootLogin no

systemctl reload ssh : reload the process

now logins will show permission denied

ultimately we want to prevent password auth by distributing a private key for users to auth against a target server, or having them provide their public keys

can also do:

ssh -o PubkeyAuthentication=no -o PasswordAuthentication=yes user@server

bonus

log bash history to a file

add to ~/.bashrc

1

export PROMPT_COMMAND='if [ "$(id -u)" -ne 0 ]; then echo "$(date "+%Y-%m-%d.%H:%M:%S") $(pwd) $(history 1)" >> ~/.logs/bash-history-$(date "+%Y-%m-%d").log; fi'

analyzing and storing logs

journal collects messages from:

• output of booting
• daemons start/run
• syslog chatter

journal powered by systemd-journald, accessed by journalctl

1
2

user@host ~/workspace > systemctl status | grep journal
             └─systemd-journald.service

rsyslog takes syslog messages to /var/log

rsyslog protocol

• facility
• priority

authpriv.notice : can redirect messages /var/log/foo

rsyslog’s main config file is /etc/rsyslog.conf

/etc/rsyslog.d/ : can be used as a drop-in directory for configuration files

use logger -p local6.warn to send a message to local6 facility at warning priority

logrotate : prevents log files from growing too large

customize the policy at /etc/logrotate.conf and /etc/logrotate.d/

using the journal

journalctl -r : read journal in reverse

journalctl -u sshd.service : did not work on DO droplet, but worked on centos workpc

syslog priorities (least to most)

• debug
• info
• notice
• warn
• err
• crit
• alert
• emerg

journalctl -p err : show err and upward priority messages

journalctl -p err --since "2019-12-08 00:00:00" --until "2019-12-10 00:00:00" : midnight to midnight, dec 8 to 10

journalctl -o verbose : verbose output

journalctl _PID=1 : show processes for target PID, 1 is systemd

journalctl -b 1 : show me the data from the previous boot

maintaining accurate time

it’s ok to have the wrong time as long as everyone has the wrong time

timedatectl : see system time

user@host ~ > timedatectl Local time: Tue 2019-12-10 17:11:32 CST Universal time: Tue 2019-12-10 23:11:32 UTC RTC time: Tue 2019-12-10 23:11:32 Time zone: America/Chicago (CST, -0600) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2019-11-03 01:59:59 CDT Sun 2019-11-03 01:00:00 CST Next DST change: DST begins (the clock jumps one hour forward) at Sun 2020-03-08 01:59:59 CST Sun 2020-03-08 03:00:00 CDT

timedatectl set-timezone America/New_York

timedatectl set-ntp true

/etc/chrony.conf : config file for chronyd

chapter 12 - managing networking - managing networking concepts

• ethernet : en
• wireless : wl
• WWAN : ww

eno1 : on-board ethernet interface with an index number of 1 ens3 : hot-plug slot ethernet device in slot 3

ip addresses

• ip address itself
• subnet mask
  • host portion
  • network portion
  • facilitates routing

255.255.255.0 is /24 or 24 bits

octets and bits

IPv4 Routing

192.168.5.254

• 192.168.5.3
• 192.168.5.1

sub elements can communicate without routing

but if need internet, need routing

192.168.5.254 is the route gateway

sends to DNS server for further routing, 172.17.0.0/16

routing is required when devices are on different networks

IPv6 128 bits, 8 groups of 4 hexidecimal nibbles

link-local address:

• fe80::/10
• not routable
• unique
• something mac address with funky mathematics

to get routable

• static assignments
• DHCP
• SLAAC
  • provide routable IPv6 IP automatically

ip a : not the same as IPA

ping ping6

cat /etc/hosts : dns names and ip addresses

head /etc/services : commonly used services

cat /etc/resolv.conf : DNS service that you make use of

validating network configuration

ip address show

ip a s

ip link show

discouraged from using ifconfig, ifup, ifdown, deprecated

traceroute

configuring networking from the command line

nmcli : interface to the network manager daemon

/etc/sysconfig/network-scripts :

nmcli con sho : show connections

watch some videos on DNS/networking, knowledge still feels kind of loose

nmcli con add con-name foo ifname enp1s0 type ethernet : add a network connection with:

• name: foo
• ifname: enp1s0
• type: ethernet

editing network configuration files

ls -l /etc/sysconfig/network-scripts/ifcfg-* : network config config files

configuring hostnames and name resolution

hostname

hostnamectl status

hostnamectl set-hostname somehostname.com

/etc/hosts

user@host ~ > getent hosts localhost ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

archiving and transferring files

tar -cf etc.tar /etc

tar -tf etc.tar

tar -cf userhome.tar /home/user : create a tar with a dir, removing the leading /

tar -tf userhome.tar : investigate tar contents

tar -czf mydir-backup-$(date +%F).tar.gz : add a datestamp to the tar name

tar compression

• czf : gzip, strong
• cfj : bzip, stronger
• cfJ : xzip, strongest
• cf : no compression

tar -xf : e(x)tract from (f)ile

tar -xf the.tar.xz path/to/dir : extract just target dir

transferring files between systems securely

scp, uses ssh

scp -r user@host:/somedir . : copy remote somedir to this location

sftp : secure FTP-type interface, FTP over ssh; traditional FTP is plaintext, so don’t use that sftp is basically interactive scp

sftp> ls : execute ls in the sftp connection sftp> mkdir adir : make a dir in the sftp connection sftp> lcd alocaldir : change to a local directory sftp> put alocaldir : upload a local directory to remote sftp server

syncronizing files between systems securely

rsync : uses ssh to synchronize files between systems

rysnc -Par otherhost:/adir . : progress, archive, recursively

this means repeated commands will send a file list, and only sync the difference between the two systems

installing and updating software packages

subscription manager tool

subscription-manager status : get status of machine subscription-manager register : tell redhat about your host subscription-manager attach --auto : idk subscription-manager repos --disable='*' --enable myrepo : disable all repos then explicitly enable one

access.redhat.com asset management

rpm

need rpm file, can do queries against database or file

rpm : redhat package management, archive of all the files and directories, metadata, and scripts to handle the lifecycle

• all installed software is stored in the rpm database
• resolves packages
• helps prevent conflicts
• redhat signs the packages with gpg private key, and makes the public key available to everyone
• redhat provides a full install of a package, not just updates to existing packages
• it is possible to have multiple versions of packages installed as long as they have different names
• ls -l *.rpm

rpm -i my.rpm : install an rpm; will inform about failed dependencies but will not resolve/install them

rpm -qf /etc/ssh/sshd_config : (q)uery target (f)ile, shows which package provides the file

yumdownloader openssh-server : downloads an openssh-server file

rpm -qpl openssh-server-* : conduct a (q)uery against the rpm (p)ackage, (l)isting files

rpm -qpd openssh-server-* : conduct a (q)uery against the rpm (p)ackage, showing (d)ocumentation

rpm2cpio myrpm | cpio -duim : unpacking an archive, extracting all files and dirs

installing and updating software packages with yum

yum can execute against rpm database, or local rpm file, or repositories

yum search nmap : find packages in repos

yum info nmap : get info about package

repoquery -l nmap : list package files

yum provides *bin/authconfig : find packages providing specific file

yum remove nmap : remove nmap

don’t use -y when removing software, because you could remove dependencies

yum group list : show groups

yum group info 'Development Tools' : show details about target group

^info^install : replace the word info in previous command with install

yum history

user@host ~ > yum history Loaded plugins: fastestmirror, langpacks You don’t have access to the history DB.

where does software come from

yum repolist all : list all repos

cat /etc/yum.repos.d/rhel_dvd.repo : read repo details

managing package module streams: testing multiple versions of software in RHEL8

• modularity: single repo, multiple versions and dependencies of application
  • module is a group of rpms
  • modules have different streams
  • only one can be enabled at a time
  • yum module subcommand
• app stream: provides software with different life cycles

yum module list perl : shows all streams, and default stream perl: Practical Extraction and Report Language

yum module info perl

yum module install perl yum install @perl : installs a group

• @ means item acting against is a module

accessing linux file systems

block devices (ls -l will show leading b) are special files which represent real storage devices, /dev, /sda, sdb, etc.

lsblk : show block(s)

partitions etc.

single file system from multiple disks using LVM

df -h : shows file systems

df -h / : shows specific file system

1
2

# blkid /dev/somedev
/dev/somedev: UUID="someuuid" TYPE="xfs"

mounting and unmounting file systems

mount what where : mount the what device to the where location

umount what : unmount a device

locating files in the system

find where how what find / -name sshd_config : search entire filesystem by name for sshd_config

• use iname for case-insensitive search

find / -user someuser : find all files owned by someuser, can also use userid you can use -delete to delete found files, oh man

find / -type f -user someuser -size -10M : find files owned by someuser less than 10M in size

find /home -size +10M -iname "*.mkv" -exec rm -f {} \; : removes files greater than 10M that have the mkv extension

• {} : represents what’s going to be found
• \; : terminates the command
• can also use -delete instead of -exec...

find /home -perm 111 : find files with exactly permissions 111 (exec) find /home -perm /111 : find files with permissions 111 (exec) in them find /home -type f -perm /111 : find files with permissions 111 (exec) in them that are just files

find /home -type f -perm /111 -exec rm -i {} \; : find files with permissions 111 (exec) in them that are just files, then do an interactive removal

find /home -type f -perm /111 -exec chmod -x {} \; : find files with permissions 111 (exec) in them that are just files, then remove the execution permission

find /home -type f -mmin -60 : find files modified in the last 60 minutes

locate : uses a database of files on file system

• need to run updatedb to update the source dateabase
• not too reliable because it’s dependent on updatedb
• is not as flexible as find

analyzing and managing remote servers

firewall-cmd --add-service cockpit : not persistent, will not survive reboot or restart of the firewall daemon

• cockpit is the web user interface for managing systems