Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1
- ----------------------
- udevmonitor - udevmonitor listens to the kernel uevents and events send out by a udev rule
- http://man-wiki.net/index.php/8:udevmonitor
- prints the devpath of the event to the console. Nice to see how long it takes for a device to become ready (timestamps)
- -----------------------
- /etc/udev - standard configuration is in /etc/udev/rules.d/50-udev.rules, if you want to create your own rules give it a lower number, so they are applied first
- -----------------------
- sdparm - change parameters on a SCSI or SATA disk
- http://man-wiki.net/index.php/8:sdparm
- -----------------------
- /etc/issue - read by agetty and printed to stdout BEFORE logon
- lots of configuration possible:
- \d - Insert the current date.
- \o - Insert the domain name of the system.
- \r - Insert the release number of the kernel, e.g., 2.4.20.
- \s - Insert the system name, the name of the operating system.
- \t - Insert the current time.
- \u - Insert the number of current users logged in.
- v - Insert the version of the OS.
- \n - Insert the node name of the machine, also known as the hostname.
- \m - Insert the architecture identifier of the machine, e.g., i686
- -----------------------
- /etc/issue.net - same as /etc/issue but used for users who connect via telnet
- -----------------------
- /etc/motd - read by agetty and printed to stdout AFTER logon
- -----------------------
- wall - sends a text to the terminal of all logged on users, limited to 20 lines, finished by EOF (ctrl+d)
- http://man-wiki.net/index.php/1:wall
- -----------------------
- 2
- -----------------------
- /usr/src/linux - symlink to the /usr/src/linux-2.6.33-whatever folder which contains the kernel source code
- -----------------------
- /usr/src/linux/Documentation - contains all the kernel documentation to modules and how linux works
- -----------------------
- zImage - compressed kernel image (gzip was used to compress) after compiling the kernel (make) it is saved to the folder /usr/src/linux/arch/i386/boot/
- -----------------------
- bzImage - compressed kernel image (bzip2 was used to compress)
- -----------------------
- mkinitrd - reads the /etc/modprobe.conf (former /etc/modules.conf) and creates an initrd file that contains all the needed kernel modules for the system to run (e.g. raid modules). The initrd file is is loaded by the boot loader BEFORE it loads the kernel (e.g. lilo or grub) and provides the ramdisk to the kernel.
- -----------------------
- mkinitramfs - creates a ramdisk as the root filesystem after the kernel is loaded and provides certain files in it. Configuration files are in /etc/initramfs-tools/ it can/will also hold modules which are needed by the kernel during boot.
- -----------------------
- make targets (config, xconfig, menuconfig, oldconfig, mrproper/clean, zImage, bzImage, modules, modules_install)
- -----------------------
- patch - applies diff files to existing files
- http://man-wiki.net/index.php/1:patch
- patching the kernel manually:
- make a backup of the current kernel
- # cd /usr/src
- # tar cvfz linux_old.tgz linux
- zcat extracts the "diff" file, patch -p0 applies the differences and tee places a copy of the output into patch.out
- # cd /usr/src
- # zcat patch-2.0.1.gz | patch -p0 2>&1 | tee patch.out
- search for failed patches:
- # find . -name '*.rej' -print
- output is something like:
- previously applied patch detected: Assume -R?
- now you can get new sources or use your backup, those version problem cannot occur using patch-kernel
- patch and options:
- -b - make a backup before applying the diff file (if the file didn't exist before an empty file is created)
- -E - remove empty files
- -f - force ... well
- -o - define the output file instead of using the original
- -r=xxx - puts rejected patches into this file instead of xxx.rej
- -s - suppress output instead of errors
- -p - define how much of the path should be cut in the patch (just -p is the same as p0, but to be POSIX you should always put a number there)
- example, supposing the file name in the patch file was
- /u/howard/src/blurfl/blurfl.c
- setting -p0 gives the entire file name unmodified, -p1 gives
- u/howard/src/blurfl/blurfl.c
- without the leading slash, -p4 gives
- blurfl/blurfl.c
- patch-kernel is part of the kernel sources
- it search in the current directory for patches with a higher version than the actual kernel and applies them automatically
- default location: /usr/src/linux/scripts
- -R - "tries" to reverse the previous applied patch...
- cd /usr/src
- zcat patch-2.4.22.gz | patch -p0 -R
- ---------------------
- lsmod - reads the /proc/modules and sends it to stdout, this also shows how many users use the module
- rmmod - removes a module from memory, only works if not used, useful option -w waits until module is not used anymore and then removes it
- insmod - loads a module into the kernel
- modprobe:
- adds/removes modules in the kernel
- reads the modules.dep file to see which additional modules are needed for this module
- -r you can specify more than one module at a time to be loaded but only one to be removed (-r), if you remove a module, it will also try to remove it's dependencies, if not used
- -f - force
- -l - lists all modules matching a given wildcard
- -n - --dry-run it does everything but actual inserting/deleting the module to check
- ----------------------
- /usr/src/linux/.config - contains the kernel configuration, this file can be edited directly
- ----------------------
- /lib/modules/kernel-version/* - contains the compiled modules for the kernel
- ----------------------
- /boot/* - contains the kernel, initramfs, initrd and probably grub bootloader files
- ----------------------
- autofs
- http://man-wiki.net/index.php/5:autofs
- /etc/auto.master - contains the mount options (times etc.) for mount points defined in /etc/auto.whatever
- /etc/auto.[dir] - contains mountpoints, it can lookup /etc/fstab for options
- ----------------------
- mkisofs - creates an ISO image that can be burned to a CD/DVD
- http://man-wiki.net/index.php/8:mkisofs
- ----------------------
- dd - converts and copies files
- -if= - input file (can be a device)
- -of= - output file (can be a device)
- -ibs= - bytes it reads at a time
- -obs= - bytes it writes at a time
- -bs= - block size, sets ibs and obs at a time
- the sizes can be set with the trailing format:
- xM M, c 1, w 2, b 512, kB 1000, K 1024, MB 1000*1000, M 1024*1024, GB 1000*1000*1000, G 1024*1024*1024, and so on for T, P, E, Z, Y.
- ----------------------
- mke2fs - creates an ext2 filesystem on a device
- http://man-wiki.net/index.php/8:mke2fs
- -j - enables journaling (ext3 filesystem)
- ----------------------
- mdadm - used to configure the raid devices on the system
- http://man-wiki.net/index.php/8:mdadm
- mdadm [mode] <raiddevice> [options] <component-devices>
- modes:
- -A assemble - put parts of a previously created array together, it can search for settings automatically
- -C create - creates a new array with superblocks written to each device
- -F follow/monitor - raid0 never has something to monitor
- -G grow - change number of active devices in a radi1, grow/shrink raid 1/4/5/6 arrays
- manage - remove or add devices to an array
- misc - everything else
- examples:
- assemble and start all arrways listed in /etc/mdadm.conf
- mdadm --assemble --scan
- shutdown all arrays that can be stopped, not currently in use
- mdadm --stop --scan
- Create /dev/md0 as a RAID1 array consisting of /dev/hda1 and /dev/hdc1
- mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hd[ac]1
- info about the current arrays:
- /proc/mdstat
- info about current configuration:
- /etc/mdadm.conf
- ----------------------
- fdisk - tool to alter the partition table
- http://man-wiki.net/index.php/8:fdisk
- ----------------------
- BIND:
- named it self is a daemon for dns, it reads the config and has only a few options
- -4 - use only ipv4
- -6 - user only ipv6
- -c - configfile
- -f - run in foreground
- -n - number of threads to be created per cpu, default one per cpu
- -p - port to listen to, default 53
- /etc/named.conf - contains the settings for the named server
- /var/named/ - contains settings for the different zones, caches etc. this differs from version 8/9 or distribution
- has general options and zone related options
- example:
- options {
- directory "/var/lib/named";
- forwarders { 10.0.0.1; };
- notify no;
- };
- zone "localhost" in {
- type master;
- file "localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" in {
- type master;
- file "127.0.0.zone";
- };
- zone "." in {
- type hint;
- file "root.hint";
- };
- options related entries:
- directory - where are the zonefiles
- forwarders - who should I ask to resolve hostnames (probably your ISP DNS)
- forward first/only; - should I first ask my ISP, before I contact the root server?
- listen-on port 53 { 127.0.0.1; ip-address; }; - which interfact to listen on for incoming requests
- listen-on-v6 port 53 { any/none; }; - ipv6 yes or no
- allow-query { 127.0.0.1; net; }; - who is allowed to query the server, net is like 192.168.0/24
- allow-transfer { ! *; }; - don't allow zone transfers from anywhere, default is set to allow
- statistic-interval 0; - interval in minutes between logs in /var/log/messages
- cleaning-interval 720; - interval in minutes between clear of the cache, creates entry in /var/log/messages
- interface-interval - interval between check for new network devices to listen on, default 60min
- notify no; - no other nameservers are notified about zone changes
- zone related entries:
- type - master or slave, if slave, then you have to give the master or slave to listen to
- zone "andere-domain.de" in {
- type slave;
- file "slave/andere-domain.zone";
- masters { 10.0.0.1; };
- };
- allow-update { ! *; }; - zone updates are not allowed from extern, default is no
- ---------------------
- resource record formats
- format: <name> [<ttl>] [<class>] <type> <rdata>
- name - domainname of the object/host
- ttl - time to live in seconds
- class - optional, could be IN=the Internet class, CH=the Chaos class, HS=the Hesiod class, ANY=Wildcard
- type:
- A - most common entry is the ipv4 address of a host
- AAAA - ipv6 address of a host
- CNAME - an alias for an A host
- MX - mail exchange server
- NS - nameserver
- PTR - reverse mapping, for IP address to a host, does not work with CNAME
- SOA - start of authority, define global parameters for the zone, only one per zone
- SRV - a service, does not work with CNAME
- TXT - free text
- ---------------------
- /usr/sbin/rndc - control utility for BIND 9 (BIND 8 uses ndc), does not yet support all functionalty ndc did
- http://man-wiki.net/index.php/8:rndc
- -c - config file, default /etc/rndc.conf
- -k - key file (it uses a shared secret to authenticate), default /etc/rndc.key
- -s - server name/ip address
- -p - port, default 953
- ---------------------
- kill - terminates running processes on the system
- http://man-wiki.net/index.php/1:kill
- if nothing is pecified it uses the TERM signal, which asks the process to stop nicely
- signals:
- SIGINT 2 Term Interrupt from keyboard
- SIGQUIT 3 Core Quit from keyboard
- SIGILL 4 Core Illegal Instruction
- SIGABRT 6 Core Abort signal from abort(3)
- SIGFPE 8 Core Floating point exception
- SIGKILL 9 Term Kill signal
- SIGSEGV 11 Core Invalid memory reference
- SIGPIPE 13 Term Broken pipe: write to pipe with no readers
- SIGALRM 14 Term Timer signal from alarm(2)
- SIGTERM 15 Term Termination signal
- ---------------------
- dig - linux replacement for nslookup
- http://man-wiki.net/index.php/1:dig
- dig @server name type
- server - server to query, if none given it takes /etc/resolv.conf
- name - name to query
- type - type of record to look up e.g. A, CNAME, MX, NS etc.
- ---------------------
- nslookup - old dns lookup tool
- http://man-wiki.net/index.php/1:nslookup
- ---------------------
- host - another dns lookup tool
- http://man-wiki.net/index.php/1:host
- ---------------------
- shadow password suite:
- provides password up to 16 characters (default 8)
- /etc/passwd (writeable by root and readable by users):
- username:passwd(replaced by "x" if shadowed):UID:GID:full_name:directory:shell
- e.g.
- username:x:503:100:Full Name:/home/username:/bin/sh
- /etc/shadow (only readable and writeable by root):
- username:passwd:last:may:must:warn:expire:disable:reserved
- e.g.
- username:Npge08pfz4wuk:9479:0:10000::::
- /etc/login.defs
- it sets default parameters for new created users, like:
- CHFN_AUTH - authentication required before you can change the users info (chfn) or his shell (chsh) (boolean yes/no) - doesn't affect superuser
- GID_MIN and GID_MAX - Group ID min max e.g. 1000 and 10000
- UID_MIN and UID_MAX - User ID min max e.g. 1000 and 10000
- MAIL_DIR - spool directory e.g. /var/spool/mail
- PASS_MAX_DAYS and PASS_MIN_DAYS - only applies to new created users (if not set -1 disabled)
- PASS_WARN_AGE - only - only applies to new created users (if not set -1 disabled)
- UMASK - default umask for users (if not set it defaults to 022)
- USERDEL_CMD - command to execute if a user gets deleted (delete at/cron/print jobs, mail, home etc.)
- if you just install it afterwards, you must convert your password from /etc/passwd:
- cd /etc
- /usr/sbin/pwconv
- pwconv takes your /etc/passwd file and strips out the fields to create two files: /etc/npasswd and /etc/nshadow
- move /etc/npasswd and /etc/nshadow to /etc/passwd and /etc/shadow to replace the old ones
- -----------------------
- DNSSEC - singature for zones on the dns server
- master dns server encrypts the hash of the zone using his private key
- all the slaves can use the public key to decrypt the hash and make sure the file is not changed
- to renew a key on the master, you have to check the ttl (usually 24h)
- the rule is to apply the key, wait double time ttl (48h) and then use the new key to encrypt the hash
- be very carefully while you do this, it could shut down whole domains
- problems are with current routers, they expect a reply to dns query as udp, if the udp package contains the signature, the package is too big and might get blocked.
- ICANN controls the root zones and around july 2010 all the root zones should have a DNSSec siganture.
- You need at least BIND 9.4.2
- generate a key for a zone:
- DNSsec-keygen -a RSASHA1 -b1024 -e -n ZONE example1.com
- the created key file needs to be attached to the zonefile:
- cat K*.key >> example1.com
- sign the zonefile:
- DNSsec-signzone -s now+0 -e now+2419200 -o example1.com -k Kexample1.com.+005+15342 example1.com \ Kexample1.com.+005+63344
- change the entry in /etc/named.conf for the zone as follows:
- file "/etc/bind/example1.com.signed";
- DNSsec-enable yes;
- ------------------------
- 3
- ------------------------
- * /lib/modules/kernel-version/modules.dep
- * module configuration files in /etc
- * /proc/sys/kernel/
- ------------------------
- depmod - depmod creates a list of module dependencies, by reading each module under /lib/modules/kernel-version
- http://man-wiki.net/index.php/8:depmodand determining what symbols it exports, and what symbols it needs. By default this list is written to modules.dep in the same directory
- ------------------------
- modinfo - shows information about a certain module, like modprobe --show-depends, but it doesn't know anything
- http://man-wiki.net/index.php/8:modinfoabout /etc/modprobe.conf or aliases, it gets the info direct from the module
- ------------------------
- uname - prints information about the current system
- http://man-wiki.net/index.php/2:uname
- -a - all information
- -i - name of the platform
- -n - hostname
- -s - name of the operating system
- ------------------------
- fsck (fsck.*) - checks filesystems and optionally repais them
- http://man-wiki.net/index.php/8:fsck
- common exit codes:
- 0 - No errors
- 1 - File system errors corrected
- 2 - System should be rebooted
- -t - specifies the filesystem type otherwise fsck will lookup /etc/fstab, if not found it uses ext2
- -A - check all filesystems in /etc/fstab
- -N - show what would be done, don't do it
- -R - skip root filesystem
- -V - be verbose
- -a - automatically repair errors without question
- -n - don't repair but report, doesn't work for fsck.reiserfs
- -r - interactively repair the filesystem
- ------------------------
- badblocks - checks a device for bad blocks
- http://man-wiki.net/index.php/8:badblocks
- -o file - creates a list of bad blocks in the file, which can be used with mke2fs or e2fsck to bypass them
- ------------------------
- mkfs (mkfs.*) - create a filesystem on a device
- http://man-wiki.net/index.php/8:mkfs
- -t fstype - type of filesystem to be created
- -c - check with badblocks before creating the filesystem
- -l file - use the file (from badblocks) to avoid bad blocks
- ------------------------
- dumpe2fs - shows superblock information about a filesystem
- http://man-wiki.net/index.php/8:dumpe2fs
- -b - shows blocks that are defined as bad on the filesystem
- ------------------------
- debugfs, debugreiserfs - technically all you can do with a filesystem, delete, move, rename, inodes etc.
- ------------------------
- tune2fs - change settings on an ext2 ext3 filesystem
- http://man-wiki.net/index.php/8:tune2fs
- important options:
- -c counts between file system checks via fsck integer (common is between 20-100)
- -i intervall between file system checks, can be (d)ay (m)onth (w)eeks 0 disables this feature
- -e changes behaviour of the kernel, if something goes wrong
- continue - work ahead and ignore the error
- remount-ro - remount the partition as read only
- panic - produce a kernel panic
- -j attach a journal to the existing ext2 filesystem (kernel needs support for ext3), the options for the journal are set automatically
- -J define the journal options like size=journal size in the filesystem or device=external journal on another device
- -l show superblock content
- -L set the label for for volume e.g. MYSUPERDISK (maximum of 16 characters)
- -U set the UUID (Universally Unique IDentifier) - clear (delete), random (generate a random one), time (generate one based on time)
- ------------------------
- mkswap - create a swap filesystem on a partition/file
- http://man-wiki.net/index.php/8:mkswap
- creating a swapfile:
- # dd if=/dev/zero of=swapfile bs=1024 count=65536
- # mkswap swapfile
- ------------------------
- xfs filesystem is mostly used if large files need to be saved (best performance)
- http://xfs.org/index.php/Main_Page
- xfs can be easily expanded using the defeult fs commands (CANNOT BE SHRINKED, good with lvm)
- xfs_info - The filesystem geometry is printed, and argument checking is performed
- xfs_growfs - expands an existing XFS filesystem (filesystem has to be mounted)
- xfs_check - checks whether an XFS filesystem is consistent. Needs to be defragmented from time to time.
- xfs_repair - repairs corrupt or damaged XFS filesystems (needs to be unmounted)
- xfs_db - gives access to the filesystem internals interactivly
- check fragmentation:
- xfs_db -r /dev/sda3
- xfs_db> frag
- actual 62504, ideal 440, fragmentation factor 99.30%
- xfs_db>
- ------------------------
- LVM:
- The Logical Volume Manager binds physical volumes together in a volume group with logical volumes :)
- use one or more normal dos partition and change the type via fdisk to 8e
- now you create physical volumes on it via
- pvcreate /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
- commands pvremove, pvdisplay, pvmove
- now we create the volume group via
- vgcreate fileserver /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
- creates either /dev/mapper/fileserver or /dev/fileserver
- commands: vgdisplay, vgscan, vgrename, vgremove, vgextend
- now we create a logical volume via
- lvcreate �name share �size 40G fileserver
- creates either /dev/mapper/fileserver/share or /dev/fileserver/share
- commands: lvdisplay, lvscan, lvrename, lvremove, lvextend, lvreduce
- very interesting is, that you can create the LVM over a raid array like:
- pvcreate /dev/md0 /dev/md1
- ------------------------
- mount - hangs filesystems into an exiting folder on the system and creates an entry in /etc/mtab
- http://man-wiki.net/index.php/8:mount
- if no option is given, it shows the content of /etc/mtab
- -a - mounts everything in /etc/fstab
- -n - mount without /etc/mtab entry
- -r - mount read only
- -w - mount read/write
- -U - mount UUID
- -t - filesystem type or use blkid library, or read /etc/filesystems and /proc/filesystems to probe the superblock
- -o - options, seperated by comma
- auto - mount via -a
- defaults - rw,suid,dev,exec,auto,nouser,async
- exec - permit execution of binaries
- noatime - no access times are recorded on the FS for files (speed)
- nodiratime - no access times are recorded on the FS for directories (speed)
- noauto - needs to be especially mounted (not during boot)
- noexec - deny execution of binaries
- nosuid - no suid or guid allowed
- nouser - only root can mount it, default
- remount - remount the device
- ro - read only
- rw - read/write
- user - normal users can mount and unmount the device
- users - all users can mount and unmount the device
- bind - remount the device/subsystem at another place, will be available at both mountpoints
- move - umount and mount it somewhere else
- loop - can mount images of CD/floppy etc. it uses /dev/loop to mount the file
- ------------------------
- umount - detaches a filesystem and removes the entry in /etc/mtab
- http://man-wiki.net/index.php/2:umount
- -n - don't touch /etc/mtab
- -d - if the device was a loop device it frees up the /dev/loop
- -a - all filesystems in /etc/mtab get detached
- -f - force
- -l - lazy umount, this will remove any reference of the mounted filesystem (cannot be accessed anymore), it detaches it as soon as it is no longer used, especially helpful with network filesystems (cifs/nfs)
- ------------------------
- /sbin/route - manipulate the kernel routing table
- http://man-wiki.net/index.php/8:route
- it is normally used to add or delete static routes to certain networks
- without argument it displays information about the current routing table
- add - add a route
- del - removes a route
- common examples:
- route add default gw mango-gw
- route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
- route add -net 10.0.0.0 netmask 255.0.0.0 reject
- files it queries/alters:
- /proc/net/ipv6_route
- /proc/net/route
- /proc/net/rt_cache
- ------------------------
- /sbin/ifconfig - displays/alters network interfaces
- http://man-wiki.net/index.php/8:ifconfig
- without option it displays current ACTIVE interfaces and it's settings
- up - activates an interface
- down - deactivates an interface
- common example for gigabit network:
- ifconfig eth0 up 192.168.1.12/24 media type 1000baseT
- ------------------------
- /sbin/ip - show / manipulate routing, devices, policy routing and tunnels
- http://linux.die.net/man/8/ip
- ------------------------
- /usr/sbin/arp - manipulate the system ARP cache
- -a host - displays the arp cache for a certain hostname
- -d host - deletes the cache for a certain host
- -i if - shows entries that match the interface
- -s host hw_addr - add an entry for a host
- -f file - add antries from a file, default /etc/ethers
- ------------------------
- /sbin/iwconfig - configure a wireless network interface (currently cannot WPA)
- http://man-wiki.net/index.php/8:iwconfig
- without option it shows information from /proc/net/wireless
- essid - define the ESSID it should connect to
- mode - Set the operating mode of the device
- -Ad-Hoc - network composed of only one cell and without Access Point
- -Managed - node connects to a network composed of many Access Points, with roaming
- -Master - the node is the synchronisation master or acts as an Access Point
- -Repeater - the node forwards packets between other wireless nodes
- -Secondary - the node acts as a backup master/repeater
- -Monitor - the node is not associated with any cell and passively monitor all packets on the frequency
- -Auto - usually managed
- freq - set the frequency
- channel - set the channel
- ap - set up as access point
- key/enc - set the WEP encryption key
- ------------------------
- /sbin/iwlist - scan for wireless networks in range
- http://man-wiki.net/index.php/8:iwlist
- iwlist wlan0 scanning - lists available networks in range with default settings
- freq - change frequency
- channel - change channel
- ------------------------
- /bin/sh - shell, the standard command language interpreter
- ------------------------
- cpio - copies files into and out from a cpio archive.
- http://man-wiki.net/index.php/1:cpio
- -i - copy in
- -o - copy out
- -p - copy pass
- example:
- ls | cpio -oc > ../newfile - writes the files listed by ls into the archive newfile
- cat newfile | cpio -icd "memo/a1" "memo/b* " - checks the output of cat for teh files that match and extracts them
- ------------------------
- tar - used to archive files to a file or tape drive
- http://man-wiki.net/index.php/1:tar
- -t - list content of an archive
- -x - extract a file
- -c - create an archive
- -d - diff - compare files in an archive
- -r - append files to an archive
- -u - update files in an archive
- -A - append a tar archive to an exisitng one
- -j - use bzip2
- -z - use gzip
- -Z - use compress
- -v - be verbose
- -p - preserve the permissions on a file
- --exclude - exclude files in a directory
- ------------------------
- /dev/st* and /dev/nst - SCSI tape drives
- ------------------------
- mt - tape control program... well
- http://man-wiki.net/index.php/1:mt
- ------------------------
- rsync - Synchronize file trees across local disks, directories or across a network
- http://man-wiki.net/index.php/1:rsync-2006.11.06
- syntax:
- rsync [option] machine:folder machine:folder
- http://ss64.com/bash/rsync.html
- ------------------------
- 4
- ------------------------
- boot -> bash
- BIOS -> bootloader -> kernel -> init (PID 1)
- we have kernel space memory and user space memory, init is the first process running in user space memory on the system
- init becomes the parent of all following processes with PID 1
- runlevels control which scripts should be started by init
- commonly is SysV, which was choosen to be easier than the BSD system
- default folder for those scripts /etc/rc.d/init.d or /etc/init.d
- You can create symbolic links to the scripts to assign them to certain runlevels
- symbolic links are in /etc/rc.d/rc0-6.d/ or /etc/rc0-6.d/ on some systems
- assign httpd (apache) to start in runlevel 3
- ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S85httpd
- assign httpd (apache) to stop in runlevel 3
- ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/K15httpd
- S=Start K=Kill, while the number indicates the order of the scripts in the runlevel folder
- some distribution related scripts to handle those links are:
- chkconfig - Redhat based distributions
- --level - which runlevel should be changed
- --add name - adds a new script to the runlevels defined in the script itself as default
- --del name - removes a script from all runlevels
- --list - list of all scripts for all runlevels and status
- chkconfig --level 345 dhcpcd off - turns off dhcpcd for runlevels 3, 4 and 5
- I think Redhat has also something like: service dhcpcd start/stop/restart
- ALL OTHER DISTRIBUTIONS :D
- update-rc - Debian based distributions
- update-rc name remove
- update-rc name boot/defaults
- update-rc name start/stop
- rc-update - Gentoo based distributions
- rc-update add/del dhcpcd default
- rc-update show
- the runlevels were given names and those names are defined in /etc/inittab
- 0 Halt (system shutdown)
- 1 Single User mode (no network)
- 2 not used, could be used for special stuff
- 3 Multiuser Mode (networking)
- 4 not used, could be used for special stuff
- 5 Multiuser Mode with X (networking)
- 6 Reboot
- typical /etc/inittab:
- # default runlevel
- id:3:initdefault:
- # first script to run after boot
- si:S:sysinit:/etc/rc.d/rc.sysinit
- # start /etc/rc.d/rc with defined runlevel as argument
- 10:0:wait:/etc/rc.d/rc 0
- 11:1:wait:/etc/rc.d/rc 1
- 12:1:wait:/etc/rc.d/rc 2
- 13:3:wait:/etc/rc.d/rc 3
- 14:4:wait:/etc/rc.d/rc 4
- 15:5:wait:/etc/rc.d/rc 5
- 16:6:wait:/etc/rc.d/rc 6
- # what to run on ctrl+alt+del
- ca::ctrlaltdel:/sbin/shutdown -t3 -rf now
- # start agetty on all virtal consoles 1-6
- c1:12345:respawn:/sbin/agetty 38400 tty1
- c2:12345:respawn:/sbin/agetty 38400 tty2
- c3:45:respawn:/sbin/agetty 38400 tty3
- c4:45:respawn:/sbin/agetty 38400 tty4
- c5:45:respawn:/sbin/agetty 38400 tty5
- c6:45:respawn:/sbin/agetty 38400 tty6
- code:runlevel:action:program
- as you can see, in runlevel 1, 2 and 3 are only 2 consoles ready with agetty waiting for the login
- in /etc/inittab is one line, which defines the default runlevel, the system would boot into
- id:5:initdefault:
- very last script to run after all scripts for the runlevel were started (doesn't exist on Debian based systems):
- /etc/rc.d/rc.local
- to switch between runlevels, you can use the telinit command
- after agetty (or whatever you use) is started:
- it opens a tty port, prompts for a login name and invokes the /bin/login command.
- /bin/login checks the password, checks mail, print queue, prints motd (if exists) and date/time
- in the end it starts the program defined in /etc/passwd as login shell e.g. /bin/bash
- /bin/bash executes the script /etc/profile and ~/.bash_profile (if defined in /etc/profile)
- shows the command prompt and waits for input
- ---------------------------
- /etc/fstab - defines mount points
- device/uuid/label mount point filesystem options(mount) dump fsck order
- /dev/sda1 /boot ext2 noauto,noatime 1 2
- labels can be defined via e2label or during mke2fs, this makes the system more robust if you have to change drives
- ---------------------------
- /proc/mounts - contains information about mounted filesystems, nearly the same as /etc/mtab
- ---------------------------
- sync - flushes filesystem buffers and writes all outstanding changes to disk
- http://man-wiki.net/index.php/1:sync
- ---------------------------
- /bin/netstat - shows a lot of information about the network subsystem
- http://man-wiki.net/index.php/8:netstat
- no option and it shows all open sockets
- -r - show routing table as route
- -g - show ipv4 and ipv6 groups (e.g. lo and eth0 etc.)
- -s - show statistic about every protocol
- -c - show continuously every second update
- -e and -v - more info
- -p - show the program PID that uses the socket
- -l - show only listening sockets
- ----------------------------
- /bin/ping - uses ICMP as part of IP protocol to request an ECHO from a host
- http://man-wiki.net/index.php/8:ping
- -b - ping broadcast (e.g. 192.168.1.255)
- -c 5 - stops ping after 5 packages were received
- -i - interval between pings (default 1 sec)
- -I eth0 - set interface to use (rquired for ipv6)
- -s - define packagesize (default is 56 byte + 8 byte ICMP header = 64 byte)
- -t - set the IP ttl
- ----------------------------
- /usr/sbin/tcpdump - dump traffic on the network (sniffer)
- http://man-wiki.net/index.php/1:tcpdump
- print all traffic from or to host sundown:
- tcpdump host sundown
- print all traffice between helios and hot or ace:
- tcpdump host helios and \( hot or ace \)
- print all ip packages from or to ace, except of from to helios:
- tcpdump ip host ace and not helios
- ----------------------------
- /usr/sbin/lsof
- http://man-wiki.net/index.php/8:lsof
- reads kernel memory and provides output about open files of the following types:
- regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.)
- the output is not nice and can be parsed to another program for formatting
- files it searches for information:
- /dev/kmem kernel virtual memory device
- /dev/mem physical memory device
- /dev/swap system paging device
- no option lists all open files of all processes (nasty)
- -a AND to all filters entered example: -a -U -ufoo (all UNIX sockets AND that belong to user foo) default is OR used for the filters
- -i lists open files on internet connections [46][protocol][@hostname|hostaddr][:service|port] example: -i4tcp@somehost:ssl or -i4tcp@10.0.0.5:22
- -l doesn't resolve userids to usernames (might speed up the process a little)
- -m specify the kernel memory file, default /dev/kmem or /dev/mem you can also specify a kernel crash dump file to analyse what was open at this time
- +M enable portmapper information default is disabled
- -n doesn't resolve IP addesses to hostnames (might speed up the process a little)
- -N list open NFS files
- -p open files for a process ID e.g. "123,234,567"
- -r endless repeat mode
- +r repeat until no open files are listed or end signal received
- -s show size of files at all times (even for sockets, which don't really have one, it shows the kernel buffer size instead)
- -u specify the user e.g. -ubob,234,123,tom
- -U list UNIX domain sockets
- -v display the version of the lsof program
- +w disabled warnings
- -w enable warnings
- listing output:
- COMMAND:PID:PPID:PGID:USER:FD:TYPE:FILE-ADDR:FCT:FILE-FLAG:NODE-ID:DEVICE:SIZE, SIZE/OFF, or OFFSET:NODE:NAME
- COMMAND - the first 9 characters of the command that was executed
- PID - process ID that owns the file
- PPID - parent process ID that owns the process
- PGID - process group ID that owns the file
- USER - the user ID that owns the process
- FD - file descripter - what kind of file is it and if it has read, write or u for read+write access
- TYPE - what kind of node is associated with the file e.g. ipv4 ipv6 or nfs etc.etc.
- SIZE - size of the file or buffer size or off
- NODE - inode on nfs share or tcp/udp etc.
- NAME - actual name of the file on the filesystem or mountpoint
- some examples from the man pages:
- To list all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.purdue.edu, use:
- lsof -i @wonderland.cc.purdue.edu:513-515
- To list all open files for login name ``abe'', or user ID 1234, or process 456, or process 123, or process 789, use:
- lsof -p 456,123,789 -u 1234,abe
- To list all open files on device /dev/hd4, use:
- lsof /dev/hd4
- To send a SIGHUP to the processes that have /u/abe/bar open, use:
- kill -HUP `lsof -t /u/abe/bar`
- To ignore the device cache file, use:
- lsof -Di
- ----------------------------
- /usr/bin/nc - netcat makes connection, listens, using different ports, TCP/UDP, ipv4 and ipv6
- http://man-wiki.net/index.php/1:netcat
- -4 - use ipv4
- -6 - use ipv6
- -i - interval between lines being received/send
- -l -k - listen rather than send packages -k means keep listening after a connection is closed
- -n - no dns lookup or hostname resolution
- -p - start a connection on a specified port
- -r - use random ports
- -s - specify the source IP address (fake)
- -t - do telnet session (not full features, no session because no DO and WILL)
- -u - use UDP instead of default TCP
- -v - be verbose
- -w - specify timeout in seconds
- -x address:port - use proxy server
- -z - scan for listening daemons on the system
- example:
- listen on port 1234 on console tty1
- nc -l -p 1234
- connect to localhost on port 1234 from console tty2
- nc 127.0.0.1 1234
- you are now connected, the input on one console is transfered to the other and vice versa (like chat)
- send an email to localhost (typed into console):
- nc localhost 25 << EOF
- HELO host.example.com
- MAIL FROM: <user@host.example.com>
- RCPT TO: <user2@host.example.com>
- DATA
- Body of email.
- .
- QUIT
- EOF
- portscanning using netcat:
- nc -z host.example.com 20-30
- Connection to host.example.com 22 port [tcp/ssh] succeeded!
- Connection to host.example.com 25 port [tcp/smtp] succeeded!
- ---------------------------
- ip - show / manipulate routing, devices, policy routing and tunnels
- ---------------------------
- /etc/openvpn/ - contains the server/client configuration files
- http://man-wiki.net/index.php/8:openvpn
- typical server.ovpn:
- # port to listen on
- port 1194
- # TCP or UDP?
- proto udp
- mode server
- tls-server
- # device to use, could be tap or tun, depends on the kernel modules
- dev tap
- # server IP on the tap device
- ifconfig 192.168.100.1 255.255.255.0
- ifconfig-pool 192.168.100.2 192.168.100.9
- # where are the certificates
- ca /etc/ssl/vpn-ca.pem
- cert /etc/ssl/certs/server_cert.pem
- key /etc/ssl/private/server_key.pem
- #Diffie-Hellmann parameter ?!?!?
- dh /etc/ssl/dh2048.pem
- # use the same address on next session?
- #ifconfig-pool-persist ipp.txt
- # change the routing table and dns on clients to use the local network?
- #push "route 10.0.0.0 255.0.0.0"
- #push "dhcp-option DNS 192.168.1.xyz"
- #push "redirect-gateway"
- #push "route 0.0.0.0 0.0.0.0"
- # authentication method
- auth SHA1
- # encryption used
- cipher aes-256-cbc
- # compression used
- comp-lzo
- # set permissions
- user nobody
- group nogroup
- persist-key
- persist-tun
- # logging level: 0-7
- verb 7
- test the configuration before it is actual applied
- openvpn --config /etc/openvpn/Server.ovpn
- start the server using the configuration (usually the distribution has start-stop-daemons for that)
- openvpn /etc/openvpn/Server.ovpn
- openvpn - server and client executeable for ssl vpn connections
- bridge:
- - application can handle it better, since the machine is in only one network
- - easy to set up
- routing:
- - routing tables for each subnet
- - better scaleability (security)
- - MTU tuning
- initial setup:
- /usr/local/openvpn_as/bin/ovpn-init
- you need to use a user that exists on the system for the first login (usually root)
- this script configures interfaces and ports
- default admin port: 943 (e.g. http://myserver:943)
- default vpn port: 443
- start/configure the client on linux:
- openvpn --config client.ovpn (where client.OVPN is free chooseable to identify the server)
- openvpn cannot change the clients dns configuration on unix/linux systems
- most of the settings are actual done on the webinterface
- support for PAM, RADIUS, LDAP for authentication
- openvpn can route, so the vpn clients can be routed to a certain network on the server
- ---------------------------
- nmap - network monitoring tool
- http://man-wiki.net/index.php/1:nmap
- this is the hollywood hacker program number one :)
- -A - be aggressive (nearly always used)
- -n - no DNS resolution
- -O - enable OS detection
- -p - sepcify the port range to scan
- -P - ping options
- -P0 - scans a network for hosts, e.g. if Class B address is given, it scans 65,536 hosts
- -PS [portlist] - TCP SYN flag port scan, if no port is given it uses port 80
- -PA [portlist] - TCP ACK ping
- -PU [portlist] - UDP ping
- -PR - arp ping!!!, common usage to check if the fault is in TCP/IP or Ethernet
- -s - most of those options are for package manipulation (e.g. -sX is Xmas scan :D it sets FIN, PSH and URG flags)
- -sO - protocol scan (what protocols are supported on the target system)
- -sS - SYN scan
- -sT - TCP scan
- -sU - UDP scan
- ---------------------------
- wireshark - network package analyser (sniffer)
- http://man-wiki.net/index.php/1:wireshark
- some CLI commands that come with Wireshark package (http://www.wireshark.org/docs/man-pages/):
- capinfos - Prints information about capture files
- dumpcap - Dump network traffic
- editcap - Edit and/or translate the format of capture files
- idl2wrs - CORBA IDL to Wireshark Plugin Generator
- mergecap - Merges two or more capture files into one
- rawshark - Dump and analyze raw libpcap data
- text2pcap - Generate a capture file from an ASCII hexdump of packets
- tshark - Dump and analyze network traffic
- wireshark-filter - Wireshark filter syntax and reference
- wireshark - Interactively dump and analyze network traffic
- ---------------------------
- /usr/src - Source code
- For systems based on glibc, there are no specific guidelines for this directory :)
- ---------------------------
- configure, make, make install
- configure alters the target in the makefile to your needs, if you don't need certain features in a program or need features that are not enabled per default you can use the configure script to turn them off/on or change parameters. Then you start make to build the binary and if the target is available you can use make install to copy the compiled binarys/libraries to it's default location in the system.
- Since configure scripts are totally different from one to another and it depends on the author of the program, the source usually comes with a README file or you can look directly into the Makefile to see what you can change via ./configure
- not much else to say here :(
- ---------------------------
- 5
- ---------------------------
- /etc/network - debian specific network configurations are stored here
- many graphical configuration tools save in here as well
- example from Ubuntu wiki (/etc/network/interfaces):
- ## Loopback interface
- auto lo
- iface lo inet loopback
- ## LAN interface
- auto eth0
- iface eth0 inet static
- address 192.168.0.97
- netmask 255.255.255.0
- gateway 192.168.0.1
- ## WLAN interface
- auto ath0
- iface ath0 inet dhcp
- wpa-driver wext
- wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
- RedHat:
- /etc/sysconfig/network � Specifies routing and host information for all network interfaces.
- routes:
- /etc/sysconfig/network-scripts/ifcfg-<interface-name>
- ---------------------------
- System log files
- http://man-wiki.net/index.php/5:syslog.conf
- ---------------------------
- /etc/resolv.conf - contains a list of nameservers/domains to use
- nameserver - IP/hostname of the nameserver, if more than one, it is queried in order
- domain - domainname to query, if not given it uses the hostname e.g. desktop.local
- search [domainname] - again domainname to search for
- ---------------------------
- /etc/hosts - contains static ip address resolvers
- example:
- ip-address computername.domain alias1 alias2
- 127.0.0.1 myserver.mydomain.com ns.mydomain.com mx.mydomain.com
- ---------------------------
- /etc/hosts.allow & /etc/hosts.deny - restricts access to services on the machine
- example /etc/hosts.allow:
- # <service list> : <host list> [: command]
- #
- # everybody has access to mail
- in.smtpd: ALL
- # access to telnet and ftp is restricted to users on the same domain
- #
- in.telnetd, ftpd: LOCAL, tuxhausen.outside.all
- # everybody can finger, but root gets an email
- #
- in.fingerd: ALL: (finger @%h | mail -s "finger from %h" root)
- ----------------------------
- /etc/hostname | /etc/HOSTNAME - name of the computer without domain
- ----------------------------
- hostname - show or set the system's host name (changes entry in /etc/hostname)
- dnsdomainname - show the system's DNS domain name (changes entry in /etc/hosts)
- domainname - show or set the system's NIS/YP domain name (changes the NIS domainname)
- nisdomainname - show or set system's NIS/YP domain name
- ypdomainname - show or set the system's NIS/YP domain name
- ----------------------------
- /usr/sbin/traceroute - uses ICMP as part of the IP protocol to trace the route to a host, showing the "hops"
- http://man-wiki.net/index.php/1:traceroute
- -4 - use ipv4
- -6 - use ipv6
- -g - specify gateway to use
- -i - specify interface to use
- -n - no dns lookup
- ----------------------------
- /bin/dmesg - prints the kernel ring buffer
- http://man-wiki.net/index.php/8:dmesg
- checks /proc/kmsg
- shows all the boot hardware setup
- -c - clear wing buffer after printing to the console
- -nlevel - define filter (-n 1) only shows panic messages
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement