disi

1
----------------------
udevmonitor - udevmonitor listens to the kernel uevents and events send out by a udev rule
http://man-wiki.net/index.php/8:udevmonitor
prints the devpath of the event to the console. Nice to see how long it takes for a device to become ready (timestamps)
-----------------------
/etc/udev - standard configuration is in /etc/udev/rules.d/50-udev.rules, if you want to create your own rules give it a lower number, so they are applied first
-----------------------
sdparm - change parameters on a SCSI or SATA disk
http://man-wiki.net/index.php/8:sdparm
-----------------------
/etc/issue - read by agetty and printed to stdout BEFORE logon
lots of configuration possible:
\d - Insert the current date.
\o - Insert the domain name of the system.
\r - Insert the release number of the kernel, e.g., 2.4.20.
\s - Insert the system name, the name of the operating system.
\t - Insert the current time.
\u - Insert the number of current users logged in.
v - Insert the version of the OS.
\n - Insert the node name of the machine, also known as the hostname.
\m - Insert the architecture identifier of the machine, e.g., i686
-----------------------
/etc/issue.net - same as /etc/issue but used for users who connect via telnet
-----------------------
/etc/motd - read by agetty and printed to stdout AFTER logon
-----------------------
wall - sends a text to the terminal of all logged on users, limited to 20 lines, finished by EOF (ctrl+d)
http://man-wiki.net/index.php/1:wall
-----------------------
2
-----------------------
/usr/src/linux - symlink to the /usr/src/linux-2.6.33-whatever folder which contains the kernel source code
-----------------------
/usr/src/linux/Documentation - contains all the kernel documentation to modules and how linux works
-----------------------
zImage - compressed kernel image (gzip was used to compress) after compiling the kernel (make) it is saved to the folder /usr/src/linux/arch/i386/boot/
-----------------------
bzImage - compressed kernel image (bzip2 was used to compress)
-----------------------
mkinitrd - reads the /etc/modprobe.conf (former /etc/modules.conf) and creates an initrd file that contains all the needed kernel modules for the system to run (e.g. raid modules). The initrd file is is loaded by the boot loader BEFORE it loads the kernel (e.g. lilo or grub) and provides the ramdisk to the kernel.
-----------------------
mkinitramfs - creates a ramdisk as the root filesystem after the kernel is loaded and provides certain files in it. Configuration files are in /etc/initramfs-tools/ it can/will also hold modules which are needed by the kernel during boot.
-----------------------
make targets (config, xconfig, menuconfig, oldconfig, mrproper/clean, zImage, bzImage, modules, modules_install)
-----------------------
patch - applies diff files to existing files
http://man-wiki.net/index.php/1:patch
patching the kernel manually:
make a backup of the current kernel
# cd /usr/src
# tar cvfz linux_old.tgz linux

zcat extracts the "diff" file, patch -p0 applies the differences and tee places a copy of the output into patch.out
# cd /usr/src
# zcat patch-2.0.1.gz | patch -p0 2>&1 | tee patch.out

search for failed patches:
# find .  -name '*.rej' -print
output is something like:
previously applied patch detected: Assume -R?

now you can get new sources or use your backup, those version problem cannot occur using patch-kernel

patch and options:
-b - make a backup before applying the diff file (if the file didn't exist before an empty file is created)
-E - remove empty files
-f - force ... well
-o - define the output file instead of using the original
-r=xxx - puts rejected patches into this file instead of xxx.rej
-s - suppress output instead of errors
-p - define how much of the path should be cut in the patch (just -p is the same as p0, but to be POSIX you should always put a number there)
     example, supposing the file name in the patch file was
     /u/howard/src/blurfl/blurfl.c
     setting -p0 gives the entire file name unmodified, -p1 gives
     u/howard/src/blurfl/blurfl.c
     without the leading slash, -p4 gives
     blurfl/blurfl.c

patch-kernel is part of the kernel sources
it search in the current directory for patches with a higher version than the actual kernel and applies them automatically
default location: /usr/src/linux/scripts

-R - "tries" to reverse the previous applied patch...
    cd /usr/src
    zcat patch-2.4.22.gz | patch -p0 -R
---------------------
lsmod - reads the /proc/modules and sends it to stdout, this also shows how many users use the module

rmmod - removes a module from memory, only works if not used, useful option -w waits until module is not used anymore and then removes it

insmod - loads a module into the kernel

modprobe:
adds/removes modules in the kernel
reads the modules.dep file to see which additional modules are needed for this module

-r you can specify more than one module at a time to be loaded but only one to be removed (-r), if you remove a module, it will also try to remove it's dependencies, if not used
-f - force
-l - lists all modules matching a given wildcard
-n - --dry-run it does everything but actual inserting/deleting the module to check

----------------------
/usr/src/linux/.config - contains the kernel configuration, this file can be edited directly
----------------------
/lib/modules/kernel-version/* - contains the compiled modules for the kernel
----------------------
/boot/* - contains the kernel, initramfs, initrd and probably grub bootloader files
----------------------
autofs
http://man-wiki.net/index.php/5:autofs
/etc/auto.master - contains the mount options (times etc.) for mount points defined in /etc/auto.whatever
/etc/auto.[dir] - contains mountpoints, it can lookup /etc/fstab for options
----------------------
mkisofs - creates an ISO image that can be burned to a CD/DVD
http://man-wiki.net/index.php/8:mkisofs
----------------------
dd - converts and copies files
-if= - input file (can be a device)
-of= - output file (can be a device)
-ibs= - bytes it reads at a time
-obs= - bytes it writes at a time
-bs= - block size, sets ibs and obs at a time

the sizes can be set with the trailing format:
xM M, c 1, w 2, b 512, kB 1000, K 1024, MB 1000*1000, M 1024*1024, GB 1000*1000*1000, G 1024*1024*1024, and so on for T, P, E, Z, Y.
----------------------
mke2fs - creates an ext2 filesystem on a device
http://man-wiki.net/index.php/8:mke2fs
-j - enables journaling (ext3 filesystem)
----------------------
mdadm - used to configure the raid devices on the system
http://man-wiki.net/index.php/8:mdadm

mdadm [mode] <raiddevice> [options] <component-devices>

modes:
-A assemble - put parts of a previously created array together, it can search for settings automatically
-C create - creates a new array with superblocks written to each device
-F follow/monitor - raid0 never has something to monitor
-G grow - change number of active devices in a radi1, grow/shrink raid 1/4/5/6 arrays
manage - remove or add devices to an array
misc - everything else

examples:
assemble and start all arrways listed in /etc/mdadm.conf
mdadm --assemble --scan
shutdown all arrays that can be stopped, not currently in use
mdadm --stop --scan
Create /dev/md0 as a RAID1 array consisting of /dev/hda1 and /dev/hdc1
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hd[ac]1

info about the current arrays:
/proc/mdstat
info about current configuration:
/etc/mdadm.conf
----------------------
fdisk - tool to alter the partition table
http://man-wiki.net/index.php/8:fdisk
----------------------
BIND:

named it self is a daemon for dns, it reads the config and has only a few options
-4 - use only ipv4
-6 - user only ipv6
-c - configfile
-f - run in foreground
-n - number of threads to be created per cpu, default one per cpu
-p - port to listen to, default 53

/etc/named.conf - contains the settings for the named server
/var/named/ - contains settings for the different zones, caches etc. this differs from version 8/9 or distribution

has general options and zone related options
example:
options {
        directory "/var/lib/named";
        forwarders { 10.0.0.1; };
        notify no;
};

zone "localhost" in {
       type master;
       file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

zone "." in {
        type hint;
        file "root.hint";
};

options related entries:

directory - where are the zonefiles
forwarders - who should I ask to resolve hostnames (probably your ISP DNS)
forward first/only; - should I first ask my ISP, before I contact the root server?
listen-on port 53 { 127.0.0.1; ip-address; }; - which interfact to listen on for incoming requests
listen-on-v6 port 53 { any/none; }; - ipv6 yes or no
allow-query { 127.0.0.1; net; }; - who is allowed to query the server, net is like 192.168.0/24
allow-transfer { ! *; }; - don't allow zone transfers from anywhere, default is set to allow
statistic-interval 0; - interval in minutes between logs in /var/log/messages
cleaning-interval 720; - interval in minutes between clear of the cache, creates entry in /var/log/messages
interface-interval - interval between check for new network devices to listen on, default 60min
notify no; - no other nameservers are notified about zone changes

zone related entries:

type - master or slave, if slave, then you have to give the master or slave to listen to
zone "andere-domain.de" in {
       type slave;
       file "slave/andere-domain.zone";
       masters { 10.0.0.1; };
};

allow-update { ! *; }; - zone updates are not allowed from extern, default is no
---------------------
resource record formats
format: <name> [<ttl>] [<class>] <type> <rdata>
name - domainname of the object/host
ttl - time to live in seconds
class - optional, could be IN=the Internet class, CH=the Chaos class, HS=the Hesiod class, ANY=Wildcard
type:
A - most common entry is the ipv4 address of a host
AAAA - ipv6 address of a host
CNAME - an alias for an A host
MX - mail exchange server
NS - nameserver
PTR - reverse mapping, for IP address to a host, does not work with CNAME
SOA - start of authority, define global parameters for the zone, only one per zone
SRV - a service, does not work with CNAME
TXT - free text
---------------------
/usr/sbin/rndc - control utility for BIND 9 (BIND 8 uses ndc), does not yet support all functionalty ndc did
http://man-wiki.net/index.php/8:rndc
-c - config file, default /etc/rndc.conf
-k - key file (it uses a shared secret to authenticate), default /etc/rndc.key
-s - server name/ip address
-p - port, default 953
---------------------
kill - terminates running processes on the system
http://man-wiki.net/index.php/1:kill
if nothing is pecified it uses the TERM signal, which asks the process to stop nicely
signals:
SIGINT 		2 	Term 	Interrupt from keyboard
SIGQUIT 	3 	Core 	Quit from keyboard
SIGILL	 	4 	Core 	Illegal Instruction
SIGABRT 	6 	Core 	Abort signal from abort(3)
SIGFPE 		8 	Core 	Floating point exception
SIGKILL 	9 	Term 	Kill signal
SIGSEGV 	11 	Core 	Invalid memory reference
SIGPIPE 	13 	Term 	Broken pipe: write to pipe with no readers
SIGALRM 	14 	Term 	Timer signal from alarm(2)
SIGTERM 	15 	Term 	Termination signal
---------------------
dig - linux replacement for nslookup
http://man-wiki.net/index.php/1:dig
dig @server name type
server - server to query, if none given it takes /etc/resolv.conf
name - name to query
type - type of record to look up e.g. A, CNAME, MX, NS etc.
---------------------
nslookup - old dns lookup tool
http://man-wiki.net/index.php/1:nslookup
---------------------
host - another dns lookup tool
http://man-wiki.net/index.php/1:host
---------------------
shadow password suite:

provides password up to 16 characters (default 8)

/etc/passwd (writeable by root and readable by users):
username:passwd(replaced by "x" if shadowed):UID:GID:full_name:directory:shell
e.g.
username:x:503:100:Full Name:/home/username:/bin/sh

/etc/shadow (only readable and writeable by root):
username:passwd:last:may:must:warn:expire:disable:reserved
e.g.
username:Npge08pfz4wuk:9479:0:10000::::

/etc/login.defs
it sets default parameters for new created users, like:
CHFN_AUTH - authentication required before you can change the users info (chfn) or his shell (chsh) (boolean yes/no) - doesn't affect superuser
GID_MIN and GID_MAX - Group ID min max e.g. 1000 and 10000
UID_MIN and UID_MAX - User ID min max e.g. 1000 and 10000
MAIL_DIR - spool directory e.g. /var/spool/mail
PASS_MAX_DAYS and PASS_MIN_DAYS - only applies to new created users (if not set -1 disabled)
PASS_WARN_AGE - only - only applies to new created users (if not set -1 disabled)
UMASK - default umask for users (if not set it defaults to 022)
USERDEL_CMD - command to execute if a user gets deleted (delete at/cron/print jobs, mail, home etc.)

if you just install it afterwards, you must convert your password from /etc/passwd:
cd /etc
/usr/sbin/pwconv
pwconv takes your /etc/passwd file and strips out the fields to create two files: /etc/npasswd and /etc/nshadow
move /etc/npasswd and /etc/nshadow to /etc/passwd and /etc/shadow to replace the old ones
-----------------------
DNSSEC - singature for zones on the dns server

master dns server encrypts the hash of the zone using his private key
all the slaves can use the public key to decrypt the hash and make sure the file is not changed

to renew a key on the master, you have to check the ttl (usually 24h)
the rule is to apply the key, wait double time ttl (48h) and then use the new key to encrypt the hash
be very carefully while you do this, it could shut down whole domains

problems are with current routers, they expect a reply to dns query as udp, if the udp package contains the signature, the package is too big and might get blocked.

ICANN controls the root zones and around july 2010 all the root zones should have a DNSSec siganture.

You need at least BIND 9.4.2

generate a key for a zone:
DNSsec-keygen -a RSASHA1 -b1024 -e -n ZONE example1.com

the created key file needs to be attached to the zonefile:
cat K*.key >> example1.com

sign the zonefile:
DNSsec-signzone -s now+0 -e now+2419200 -o example1.com -k Kexample1.com.+005+15342 example1.com \ Kexample1.com.+005+63344

change the entry in /etc/named.conf for the zone as follows:
file "/etc/bind/example1.com.signed";
DNSsec-enable yes;
------------------------
3
------------------------
    * /lib/modules/kernel-version/modules.dep
    * module configuration files in /etc
    * /proc/sys/kernel/
------------------------
depmod - depmod creates a list of module dependencies, by reading each module under /lib/modules/kernel-version
http://man-wiki.net/index.php/8:depmodand determining what symbols it exports, and what symbols it needs. By default this list is written to modules.dep in the same directory
------------------------
modinfo - shows information about a certain module, like modprobe --show-depends, but it doesn't know anything
http://man-wiki.net/index.php/8:modinfoabout /etc/modprobe.conf or aliases, it gets the info direct from the module
------------------------
uname - prints information about the current system
http://man-wiki.net/index.php/2:uname
-a - all information
-i - name of the platform
-n - hostname
-s - name of the operating system
------------------------
fsck (fsck.*) - checks filesystems and optionally repais them
http://man-wiki.net/index.php/8:fsck
common exit codes:
0 - No errors
1 - File system errors corrected
2 - System should be rebooted

-t - specifies the filesystem type otherwise fsck will lookup /etc/fstab, if not found it uses ext2
-A - check all filesystems in /etc/fstab
-N - show what would be done, don't do it
-R - skip root filesystem
-V - be verbose
-a - automatically repair errors without question
-n - don't repair but report, doesn't work for fsck.reiserfs
-r - interactively repair the filesystem
------------------------
badblocks - checks a device for bad blocks
http://man-wiki.net/index.php/8:badblocks
-o file - creates a list of bad blocks in the file, which can be used with mke2fs or e2fsck to bypass them
------------------------
mkfs (mkfs.*) - create a filesystem on a device
http://man-wiki.net/index.php/8:mkfs
-t fstype - type of filesystem to be created
-c - check with badblocks before creating the filesystem
-l file - use the file (from badblocks) to avoid bad blocks
------------------------
dumpe2fs - shows superblock information about a filesystem
http://man-wiki.net/index.php/8:dumpe2fs
-b - shows blocks that are defined as bad on the filesystem
------------------------
debugfs, debugreiserfs - technically all you can do with a filesystem, delete, move, rename, inodes etc.
------------------------
tune2fs - change settings on an ext2 ext3 filesystem
http://man-wiki.net/index.php/8:tune2fs
important options:
-c counts between file system checks via fsck integer (common is between 20-100)
-i intervall between file system checks, can be (d)ay (m)onth (w)eeks 0 disables this feature
-e changes behaviour of the kernel, if something goes wrong
 continue - work ahead and ignore the error
 remount-ro - remount the partition as read only
 panic - produce a kernel panic
-j attach a journal to the existing ext2 filesystem (kernel needs support for ext3), the options for the journal are set automatically
-J define the journal options like size=journal size in the filesystem or device=external journal on another device
-l show superblock content
-L set the label for for volume e.g. MYSUPERDISK (maximum of 16 characters)
-U set the UUID (Universally Unique IDentifier) - clear (delete), random (generate a random one), time (generate one based on time)
------------------------
mkswap - create a swap filesystem on a partition/file
http://man-wiki.net/index.php/8:mkswap
creating a swapfile:
# dd if=/dev/zero of=swapfile bs=1024 count=65536
# mkswap swapfile
------------------------
xfs filesystem is mostly used if large files need to be saved (best performance)
http://xfs.org/index.php/Main_Page
xfs can be easily expanded using the defeult fs commands (CANNOT BE SHRINKED, good with lvm)

xfs_info - The filesystem geometry is printed, and argument checking is performed
xfs_growfs - expands an existing XFS filesystem (filesystem has to be mounted)
xfs_check - checks whether an XFS filesystem is consistent. Needs to be defragmented from time to time.
xfs_repair - repairs corrupt or damaged XFS filesystems (needs to be unmounted)
xfs_db - gives access to the filesystem internals interactivly

check fragmentation:
xfs_db -r /dev/sda3
xfs_db> frag
actual 62504, ideal 440, fragmentation factor 99.30%
xfs_db>
------------------------
LVM:
The Logical Volume Manager binds physical volumes together in a volume group with logical volumes :)

use one or more normal dos partition and change the type via fdisk to 8e

now you create physical volumes on it via
pvcreate /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
commands pvremove, pvdisplay, pvmove

now we create the volume group via
vgcreate fileserver /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
creates either /dev/mapper/fileserver or /dev/fileserver
commands: vgdisplay, vgscan, vgrename, vgremove, vgextend

now we create a logical volume via
lvcreate �name share �size 40G fileserver
creates either /dev/mapper/fileserver/share or /dev/fileserver/share
commands: lvdisplay, lvscan, lvrename, lvremove, lvextend, lvreduce

very interesting is, that you can create the LVM over a raid array like:
pvcreate /dev/md0 /dev/md1
------------------------
mount - hangs filesystems into an exiting folder on the system and creates an entry in /etc/mtab
http://man-wiki.net/index.php/8:mount
if no option is given, it shows the content of /etc/mtab
-a - mounts everything in /etc/fstab
-n - mount without /etc/mtab entry
-r - mount read only
-w - mount read/write
-U - mount UUID
-t - filesystem type or use blkid library, or read /etc/filesystems and /proc/filesystems to probe the superblock
-o - options, seperated by comma
auto - mount via -a
defaults - rw,suid,dev,exec,auto,nouser,async
exec - permit execution of binaries
noatime - no access times are recorded on the FS for files (speed)
nodiratime - no access times are recorded on the FS for directories (speed)
noauto - needs to be especially mounted (not during boot)
noexec - deny execution of binaries
nosuid - no suid or guid allowed
nouser - only root can mount it, default
remount - remount the device
ro - read only
rw - read/write
user - normal users can mount and unmount the device
users - all users can mount and unmount the device
bind - remount the device/subsystem at another place, will be available at both mountpoints
move - umount and mount it somewhere else
loop - can mount images of CD/floppy etc. it uses /dev/loop to mount the file
------------------------
umount - detaches a filesystem and removes the entry in /etc/mtab
http://man-wiki.net/index.php/2:umount
-n - don't touch /etc/mtab
-d - if the device was a loop device it frees up the /dev/loop
-a - all filesystems in /etc/mtab get detached
-f - force
-l - lazy umount, this will remove any reference of the mounted filesystem (cannot be accessed anymore), it detaches it as soon as it is no longer used, especially helpful with network filesystems (cifs/nfs)
------------------------
/sbin/route - manipulate the kernel routing table
http://man-wiki.net/index.php/8:route
it is normally used to add or delete static routes to certain networks
without argument it displays information about the current routing table
add - add a route
del - removes a route
common examples:
route add default gw mango-gw
route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
route add -net 10.0.0.0 netmask 255.0.0.0 reject

files it queries/alters:
/proc/net/ipv6_route
/proc/net/route
/proc/net/rt_cache
------------------------
/sbin/ifconfig - displays/alters network interfaces
http://man-wiki.net/index.php/8:ifconfig
without option it displays current ACTIVE interfaces and it's settings
up - activates an interface
down - deactivates an interface

common example for gigabit network:
ifconfig eth0 up 192.168.1.12/24 media type 1000baseT
------------------------
/sbin/ip - show / manipulate routing, devices, policy routing and tunnels
http://linux.die.net/man/8/ip
------------------------
/usr/sbin/arp - manipulate the system ARP cache
-a host - displays the arp cache for a certain hostname
-d host - deletes the cache for a certain host
-i if - shows entries that match the interface
-s host hw_addr - add an entry for a host
-f file - add antries from a file, default /etc/ethers
------------------------
/sbin/iwconfig - configure a wireless network interface (currently cannot WPA)
http://man-wiki.net/index.php/8:iwconfig
without option it shows information from /proc/net/wireless
essid - define the ESSID it should connect to
mode - Set the operating mode of the device
-Ad-Hoc - network composed of only one cell and without Access Point
-Managed - node connects to a network composed of many Access Points, with roaming
-Master - the node is the synchronisation master or acts as an Access Point
-Repeater - the node forwards packets between other wireless nodes
-Secondary - the node acts as a backup master/repeater
-Monitor - the node is not associated with any cell and passively monitor all packets on the frequency
-Auto - usually managed
freq - set the frequency
channel - set the channel
ap - set up as access point
key/enc - set the WEP encryption key
------------------------
/sbin/iwlist - scan for wireless networks in range
http://man-wiki.net/index.php/8:iwlist
iwlist wlan0 scanning - lists available networks in range with default settings
freq - change frequency
channel - change channel
------------------------
/bin/sh - shell, the standard command language interpreter
------------------------
cpio - copies files into and out from a cpio archive.
http://man-wiki.net/index.php/1:cpio
-i - copy in
-o - copy out
-p - copy pass
example:
ls | cpio -oc > ../newfile - writes the files listed by ls into the archive newfile
cat newfile | cpio -icd "memo/a1" "memo/b* " - checks the output of cat for teh files that match and extracts them
------------------------
tar - used to archive files to a file or tape drive
http://man-wiki.net/index.php/1:tar
-t - list content of an archive
-x - extract a file
-c - create an archive
-d - diff - compare files in an archive
-r - append files to an archive
-u - update files in an archive
-A - append a tar archive to an exisitng one
-j - use bzip2
-z - use gzip
-Z - use compress
-v - be verbose
-p - preserve the permissions on a file
--exclude - exclude files in a directory
------------------------
/dev/st* and /dev/nst - SCSI tape drives
------------------------
mt - tape control program... well
http://man-wiki.net/index.php/1:mt
------------------------
rsync - Synchronize file trees across local disks, directories or across a network
http://man-wiki.net/index.php/1:rsync-2006.11.06
syntax:
rsync [option] machine:folder machine:folder
http://ss64.com/bash/rsync.html
------------------------
4
------------------------
boot -> bash

BIOS -> bootloader -> kernel -> init (PID 1)
we have kernel space memory and user space memory, init is the first process running in user space memory on the system
init becomes the parent of all following processes with PID 1

runlevels control which scripts should be started by init
commonly is SysV, which was choosen to be easier than the BSD system

default folder for those scripts /etc/rc.d/init.d or /etc/init.d

You can create symbolic links to the scripts to assign them to certain runlevels
symbolic links are in /etc/rc.d/rc0-6.d/ or /etc/rc0-6.d/ on some systems
assign httpd (apache) to start in runlevel 3
ln -s  /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S85httpd
assign httpd (apache) to stop in runlevel 3
ln -s  /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/K15httpd
S=Start K=Kill, while the number indicates the order of the scripts in the runlevel folder

some distribution related scripts to handle those links are:
chkconfig - Redhat based distributions
--level - which runlevel should be changed
--add name - adds a new script to the runlevels defined in the script itself as default
--del name - removes a script from all runlevels
--list - list of all scripts for all runlevels and status
chkconfig --level 345 dhcpcd off - turns off dhcpcd for runlevels 3, 4 and 5

I think Redhat has also something like: service dhcpcd start/stop/restart

ALL OTHER DISTRIBUTIONS :D
update-rc - Debian based distributions
update-rc name remove
update-rc name boot/defaults
update-rc name start/stop

rc-update - Gentoo based distributions
rc-update add/del dhcpcd default
rc-update show

the runlevels were given names and those names are defined in /etc/inittab
0 Halt (system shutdown)
1 Single User mode (no network)
2 not used, could be used for special stuff
3 Multiuser Mode (networking)
4 not used, could be used for special stuff
5 Multiuser Mode with X (networking)
6 Reboot

typical /etc/inittab:
# default runlevel
id:3:initdefault:
# first script to run after boot
si:S:sysinit:/etc/rc.d/rc.sysinit
# start /etc/rc.d/rc with defined runlevel as argument
10:0:wait:/etc/rc.d/rc 0
11:1:wait:/etc/rc.d/rc 1
12:1:wait:/etc/rc.d/rc 2
13:3:wait:/etc/rc.d/rc 3
14:4:wait:/etc/rc.d/rc 4
15:5:wait:/etc/rc.d/rc 5
16:6:wait:/etc/rc.d/rc 6
# what to run on ctrl+alt+del
ca::ctrlaltdel:/sbin/shutdown -t3 -rf now
# start agetty on all virtal consoles 1-6
c1:12345:respawn:/sbin/agetty 38400 tty1
c2:12345:respawn:/sbin/agetty 38400 tty2
c3:45:respawn:/sbin/agetty 38400 tty3
c4:45:respawn:/sbin/agetty 38400 tty4
c5:45:respawn:/sbin/agetty 38400 tty5
c6:45:respawn:/sbin/agetty 38400 tty6

code:runlevel:action:program
as you can see, in runlevel 1, 2 and 3 are only 2 consoles ready with agetty waiting for the login

in /etc/inittab is one line, which defines the default runlevel, the system would boot into
id:5:initdefault:

very last script to run after all scripts for the runlevel were started (doesn't exist on Debian based systems):
/etc/rc.d/rc.local

to switch between runlevels, you can use the telinit command

after agetty (or whatever you use) is started:
it opens a tty port, prompts for a login name and invokes the /bin/login command.

/bin/login checks the password, checks mail, print queue, prints motd (if exists) and date/time
in the end it starts the program defined in /etc/passwd as login shell e.g. /bin/bash

/bin/bash executes the script /etc/profile and ~/.bash_profile (if defined in /etc/profile)
shows the command prompt and waits for input
---------------------------
/etc/fstab - defines mount points
device/uuid/label     mount point	filesystem	options(mount)  dump	   fsck order
/dev/sda1             /boot	           ext2	        noauto,noatime    1          2

labels can be defined via e2label or during mke2fs, this makes the system more robust if you have to change drives
---------------------------
/proc/mounts - contains information about mounted filesystems, nearly the same as /etc/mtab
---------------------------
sync - flushes filesystem buffers and writes all outstanding changes to disk
http://man-wiki.net/index.php/1:sync
---------------------------
/bin/netstat - shows a lot of information about the network subsystem
http://man-wiki.net/index.php/8:netstat
no option and it shows all open sockets
-r - show routing table as route
-g - show ipv4 and ipv6 groups (e.g. lo and eth0 etc.)
-s - show statistic about every protocol
-c - show continuously every second update
-e and -v - more info
-p - show the program PID that uses the socket
-l - show only listening sockets
----------------------------
/bin/ping - uses ICMP as part of IP protocol to request an ECHO from a host
http://man-wiki.net/index.php/8:ping
-b - ping broadcast (e.g. 192.168.1.255)
-c 5 - stops ping after 5 packages were received
-i - interval between pings (default 1 sec)
-I eth0 - set interface to use (rquired for ipv6)
-s - define packagesize (default is 56 byte + 8 byte ICMP header = 64 byte)
-t - set the IP ttl
----------------------------
/usr/sbin/tcpdump - dump traffic on the network (sniffer)
http://man-wiki.net/index.php/1:tcpdump
print all traffic from or to host sundown:
tcpdump host sundown
print all traffice between helios and hot or ace:
tcpdump host helios and \( hot or ace \)
print all ip packages from or to ace, except of from to helios:
tcpdump ip host ace and not helios
----------------------------
/usr/sbin/lsof
http://man-wiki.net/index.php/8:lsof
reads kernel memory and provides output about open files of the following types:
regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.)

the output is not nice and can be parsed to another program for formatting

files it searches for information:
/dev/kmem    kernel virtual memory device
/dev/mem    physical memory device
/dev/swap    system paging device

no option lists all open files of all processes (nasty)
-a AND to all filters entered example: -a -U -ufoo (all UNIX sockets AND that belong to user foo) default is OR used for the filters
-i lists open files on internet connections [46][protocol][@hostname|hostaddr][:service|port] example: -i4tcp@somehost:ssl or -i4tcp@10.0.0.5:22
-l doesn't resolve userids to usernames (might speed up the process a little)
-m specify the kernel memory file, default /dev/kmem or /dev/mem you can also specify a kernel crash dump file to analyse what was open at this time
+M enable portmapper information default is disabled
-n doesn't resolve IP addesses to hostnames (might speed up the process a little)
-N list open NFS files
-p open files for a process ID e.g. "123,234,567"
-r endless repeat mode
+r repeat until no open files are listed or end signal received
-s show size of files at all times (even for sockets, which don't really have one, it shows the kernel buffer size instead)
-u specify the user e.g. -ubob,234,123,tom
-U list UNIX domain sockets
-v display the version of the lsof program
+w disabled warnings
-w enable warnings

listing output:
COMMAND:PID:PPID:PGID:USER:FD:TYPE:FILE-ADDR:FCT:FILE-FLAG:NODE-ID:DEVICE:SIZE, SIZE/OFF, or OFFSET:NODE:NAME

COMMAND - the first 9 characters of the command that was executed
PID - process ID that owns the file
PPID - parent process ID that owns the process
PGID - process group ID that owns the file
USER - the user ID that owns the process
FD - file descripter - what kind of file is it and if it has read, write or u for read+write access
TYPE - what kind of node is associated with the file e.g. ipv4 ipv6 or nfs etc.etc.
SIZE - size of the file or buffer size or off
NODE - inode on nfs share or tcp/udp etc.
NAME - actual name of the file on the filesystem or mountpoint

some examples from the man pages:
To list all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.purdue.edu, use:
    lsof -i @wonderland.cc.purdue.edu:513-515
To list all open files for login name ``abe'', or user ID 1234, or process 456, or process 123, or process 789, use:
    lsof -p 456,123,789 -u 1234,abe
To list all open files on device /dev/hd4, use:
    lsof /dev/hd4
To send a SIGHUP to the processes that have /u/abe/bar open, use:
    kill -HUP `lsof -t /u/abe/bar`
To ignore the device cache file, use:
    lsof -Di
----------------------------
/usr/bin/nc - netcat makes connection, listens, using different ports, TCP/UDP, ipv4 and ipv6
http://man-wiki.net/index.php/1:netcat
-4 - use ipv4
-6 - use ipv6
-i - interval between lines being received/send
-l -k - listen rather than send packages -k means keep listening after a connection is closed
-n - no dns lookup or hostname resolution
-p - start a connection on a specified port
-r - use random ports
-s - specify the source IP address (fake)
-t - do telnet session (not full features, no session because no DO and WILL)
-u - use UDP instead of default TCP
-v - be verbose
-w - specify timeout in seconds
-x address:port - use proxy server
-z - scan for listening daemons on the system

example:
listen on port 1234 on console tty1
nc -l -p 1234
connect to localhost on port 1234 from console tty2
nc 127.0.0.1 1234
you are now connected, the input on one console is transfered to the other and vice versa (like chat)

send an email to localhost (typed into console):
nc localhost 25 << EOF
HELO host.example.com
MAIL FROM: <user@host.example.com>
RCPT TO: <user2@host.example.com>
DATA
Body of email.
.
QUIT
EOF

portscanning using netcat:
nc -z host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
---------------------------
ip - show / manipulate routing, devices, policy routing and tunnels
---------------------------
/etc/openvpn/ - contains the server/client configuration files
http://man-wiki.net/index.php/8:openvpn

typical server.ovpn:
# port to listen on
port 1194
# TCP or UDP?
proto udp
mode server
tls-server
# device to use, could be tap or tun, depends on the kernel modules
dev tap
# server IP on the tap device
ifconfig 192.168.100.1 255.255.255.0
ifconfig-pool 192.168.100.2 192.168.100.9
# where are the certificates
ca /etc/ssl/vpn-ca.pem
cert /etc/ssl/certs/server_cert.pem
key /etc/ssl/private/server_key.pem
#Diffie-Hellmann parameter ?!?!?
dh /etc/ssl/dh2048.pem
# use the same address on next session?
#ifconfig-pool-persist ipp.txt
# change the routing table and dns on clients to use the local network?
#push "route 10.0.0.0 255.0.0.0"
#push "dhcp-option DNS 192.168.1.xyz"
#push "redirect-gateway"
#push "route 0.0.0.0 0.0.0.0"
# authentication method
auth SHA1
# encryption used
cipher aes-256-cbc
# compression used
comp-lzo
# set permissions
user nobody
group nogroup
persist-key
persist-tun
# logging level: 0-7
verb 7

test the configuration before it is actual applied
openvpn --config /etc/openvpn/Server.ovpn
start the server using the configuration (usually the distribution has start-stop-daemons for that)
openvpn /etc/openvpn/Server.ovpn

openvpn - server and client executeable for ssl vpn connections
bridge:
- application can handle it better, since the machine is in only one network
- easy to set up
routing:
- routing tables for each subnet
- better scaleability (security)
- MTU tuning

initial setup:
/usr/local/openvpn_as/bin/ovpn-init
you need to use a user that exists on the system for the first login (usually root)
this script configures interfaces and ports
default admin port: 943 (e.g. http://myserver:943)
default vpn port: 443

start/configure the client on linux:
openvpn --config client.ovpn (where client.OVPN is free chooseable to identify the server)
openvpn cannot change the clients dns configuration on unix/linux systems

most of the settings are actual done on the webinterface
support for PAM, RADIUS, LDAP for authentication
openvpn can route, so the vpn clients can be routed to a certain network on the server
---------------------------
nmap - network monitoring tool
http://man-wiki.net/index.php/1:nmap
this is the hollywood hacker program number one :)
-A - be aggressive (nearly always used)
-n - no DNS resolution
-O - enable OS detection
-p - sepcify the port range to scan
-P - ping options
-P0 - scans a network for hosts, e.g. if Class B address is given, it scans 65,536 hosts
-PS [portlist] - TCP SYN flag port scan, if no port is given it uses port 80
-PA [portlist] - TCP ACK ping
-PU [portlist] - UDP ping
-PR - arp ping!!!, common usage to check if the fault is in TCP/IP or Ethernet
-s - most of those options are for package manipulation (e.g. -sX is Xmas scan :D it sets FIN, PSH and URG flags)
-sO - protocol scan (what protocols are supported on the target system)
-sS - SYN scan
-sT - TCP scan
-sU - UDP scan
---------------------------
wireshark - network package analyser (sniffer)
http://man-wiki.net/index.php/1:wireshark
some CLI commands that come with Wireshark package (http://www.wireshark.org/docs/man-pages/):
capinfos - Prints information about capture files
dumpcap - Dump network traffic
editcap - Edit and/or translate the format of capture files
idl2wrs - CORBA IDL to Wireshark Plugin Generator
mergecap - Merges two or more capture files into one
rawshark - Dump and analyze raw libpcap data
text2pcap - Generate a capture file from an ASCII hexdump of packets
tshark - Dump and analyze network traffic
wireshark-filter - Wireshark filter syntax and reference
wireshark - Interactively dump and analyze network traffic
---------------------------
/usr/src - Source code
For systems based on glibc, there are no specific guidelines for this directory :)
---------------------------
configure, make, make install
configure alters the target in the makefile to your needs, if you don't need certain features in a program or need features that are not enabled per default you can use the configure script to turn them off/on or change parameters. Then you start make to build the binary and if the target is available you can use make install to copy the compiled binarys/libraries to it's default location in the system.
Since configure scripts are totally different from one to another and it depends on the author of the program, the source usually comes with a README file or you can look directly into the Makefile to see what you can change via ./configure
not much else to say here :(
---------------------------
5
---------------------------
/etc/network - debian specific network configurations are stored here
many graphical configuration tools save in here as well
example from Ubuntu wiki (/etc/network/interfaces):
## Loopback interface
auto lo
iface lo inet loopback

## LAN interface
auto eth0
iface eth0 inet static
    address 192.168.0.97
    netmask 255.255.255.0
    gateway 192.168.0.1

## WLAN interface
auto ath0
iface ath0 inet dhcp
   wpa-driver wext
   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

RedHat:
/etc/sysconfig/network � Specifies routing and host information for all network interfaces.
routes:
/etc/sysconfig/network-scripts/ifcfg-<interface-name>
---------------------------
System log files
http://man-wiki.net/index.php/5:syslog.conf
---------------------------
/etc/resolv.conf - contains a list of nameservers/domains to use
nameserver - IP/hostname of the nameserver, if more than one, it is queried in order
domain - domainname to query, if not given it uses the hostname e.g. desktop.local
search [domainname] - again domainname to search for
---------------------------
/etc/hosts - contains static ip address resolvers
example:
ip-address   computername.domain     alias1           alias2
127.0.0.1    myserver.mydomain.com   ns.mydomain.com  mx.mydomain.com
---------------------------
/etc/hosts.allow & /etc/hosts.deny - restricts access to services on the machine
example /etc/hosts.allow:
# <service list> : <host list> [: command]
#
# everybody has access to mail
in.smtpd: ALL

# access to telnet and ftp is restricted to users on the same domain
#
in.telnetd, ftpd: LOCAL, tuxhausen.outside.all

# everybody can finger, but root gets an email
#
in.fingerd: ALL: (finger @%h | mail -s "finger from %h" root)
----------------------------
/etc/hostname | /etc/HOSTNAME - name of the computer without domain
----------------------------
hostname - show or set the system's host name (changes entry in /etc/hostname)
dnsdomainname - show the system's DNS domain name (changes entry in /etc/hosts)
domainname - show or set the system's NIS/YP domain name (changes the NIS domainname)
nisdomainname - show or set system's NIS/YP domain name
ypdomainname - show or set the system's NIS/YP domain name
----------------------------
/usr/sbin/traceroute - uses ICMP as part of the IP protocol to trace the route to a host, showing the "hops"
http://man-wiki.net/index.php/1:traceroute
-4 - use ipv4
-6 - use ipv6
-g - specify gateway to use
-i - specify interface to use
-n - no dns lookup
----------------------------
/bin/dmesg - prints the kernel ring buffer
http://man-wiki.net/index.php/8:dmesg
checks /proc/kmsg
shows all the boot hardware setup
-c - clear wing buffer after printing to the console
-nlevel - define filter (-n 1) only shows panic messages