API tools faq
paste
Advertisement
Guest User

4chan cert notes

a guest
Aug 24th, 2016
40
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.87 KB | None | 0 0
raw download clone embed print report diff
  1. Interrupt the Boot Process in Order to Gain Access to a System
  2. To start the system in the Rescue target, during boot process edit the grub config kernel line by adding to the end: systemd.unit=rescue.target
  3. 1. During boot process, edit grub config kernel line “linux16” by adding to the end: rd.break
  4. 2. mount –o remount,rw /sysroot
  5. 3. chroot /sysroot
  6. 4. passwd
  7. 5. touch /.autorelabel
  8. 6. exit then exit again
  9.  
  10. REDIRECTION
  11. &> == Redirect both
  12. 2>&1 == Redirect standard error to output
  13.  
  14. UMASK
  15. Default: 666 files / 777 directories
  16. Permanent adjust for users: /etc/profile and /etc/bashrc
  17.  
  18. SHUTDOWN/REBOOT
  19. shutdown [flags/arguments]
  20. -r == reboot
  21. -h / P == halt / power-off
  22. +# / 00:00 == in minutes / military time
  23. systemctl [halt/poweroff/reboot]
  24.  
  25. PERMISSIONS
  26. chmod
  27. g+s [directory] // chmod 2xxx == all files/dir created inside will be created with the group ownership of this directory
  28. u+s [file] // chmod 4xxx [file] == execute as owner of file
  29. 1xxx [directory] == files/dir inside cannot be deleted except by owner of that file/dir
  30. capital letter == apply only to directories
  31.  
  32. NICE
  33. 19 (least) to -20 (most)
  34. nice
  35. –n # [name] == start process with specific process, the -n IS required
  36. renice
  37. –n # [pid] == renice a specific process by id
  38. -n # $(pgrep [name]) == renice every process found by pgrep ($ creates a subshell)
  39.  
  40.  
  41. PROCESSES
  42. pgrep [flag] [name] == shows process id and name
  43. -l == list process name
  44. -u [username] == find only those owned by [username]
  45. -v == inverse results (Ex: pgrep –v –u root == all processes not owned by root)
  46. -t [pts/#] == kill all process started by that user/terminal window, but user stays logged in
  47.  
  48. SIGHUP/1 == Closing terminal
  49. SIGINT/2 == Keyboard interrupt (ctrl + c)
  50. SIGQUI/3 == Parent process tells it to quit
  51. SIGKILL/9 == Murder the process. Do not pass go.
  52. SIGTERM/15 == Stop, cleanup, and quit. DEFAULT used when kill/pkill
  53. SIGCONT/18 == Continue
  54. SIGSTOP/19 == Stop
  55. kill [pid] == kill a specific process
  56. pkill [name] == kill all processes of that name
  57. ps axo nice,comm,pid,user
  58.  
  59. LOAD
  60. 0.00 , 0.00, 0.00 == 1 minute, 5 minutes, 15 minutes
  61. 0.00 (min) / # of processors == % of cpu usage
  62. 1 cpus w/ 1.00 == 100% cpu power
  63. 2 cpus w/ 1.50 == ~75% cpu power
  64.  
  65.  
  66. USERS/GROUPS
  67. useradd // usermod // userdel // chage
  68. groupadd // groupmod // groupdel
  69. newgrp == change my current group ID during this login session
  70. /etc/passwd == username: x: user id: group id: nickname: home dir: login
  71. /etc/shadow == username: pw hash: last pw change unix epoc: min days before pw change: max days before required pw change: # of days of warning before pw expire: max active days after pw expire: account expiration date
  72. /etc/skel == skeleton user directory
  73. user login defaults == /etc/login.defs
  74. Other defaults == /etc/defaults/
  75.  
  76. TAR/GZIP
  77. **Extracting by default overwrites local files**
  78. tar -cvzf NAME.tar.gz [files/directories]
  79. -c == create
  80. -v == verbose
  81. -z == gzip
  82. -x == gunzip
  83. -f == name the file
  84. -t = look inside without unpacking
  85. -d == see difference between local and archived
  86.  
  87. TRANSFERING FILES
  88. scp /path/to/local/file user@remotehost:/path/to/destination
  89. sftp user@remotehost
  90. -can use basic CLI commands such as ls and mkdir
  91. -“get” == download file from remote
  92. -“put” == upload file to remote
  93. -“?” == help/commands
  94. To Push:
  95. rsync -a /path/to/file_or_dir user@remotehost:/path/to/destination
  96. To Pull:
  97. rsync -a user@remotehost:/path/to/remote/dir_or_file /path/to/local/destination
  98. -a == stands for "archive" and syncs recursively and preserves symbolic links, special and device files, modification times, group, owner, and permissions
  99. -nv == verbose dry run
  100. -z == compress first
  101. -P == combines progress and partial flag, gives a progress bar for the transfers and allows you to resume interrupted transfers
  102. --exclude=/what/to/exclude
  103. By default, rsync does not delete anything from the destination directory, but can change this behavior with the --delete option
  104. AT, CRON, ANACRON
  105. AT does not create reoccurring events, only a one time scheduled future event.
  106. If system is off during cron time, cron is missed.
  107. Anacron checks last time cron was run.
  108. yum install at
  109. (then make sure to enable & start the service)
  110. at.deny OR at.allow
  111.  
  112. at
  113. now +## [minutes/hours/days]
  114. >[command] then ctrl+d
  115. at [time am/pm]
  116. >[command] then ctrl+d
  117.  
  118. atq == list at queue
  119. atrm # == remove job
  120. -------------------------
  121. cron.d == custom crons / crons that are managed by a program
  122. –---------------------------
  123. anacron == only privileged users
  124. /var/spool/anacron/ == logs kept by anacron for last run cycle of a cron
  125. anacron -f == Run all anacronjobs regardless of their last run timestamp
  126.  
  127. TARGETS/SERVICES
  128. /usr/lib/systemd/system/ == location of services, targets, etc
  129. systemctl
  130. is-enabled [service] == check if service is enabled on boot
  131. is-active [service] == is the service active/on right now
  132. enable/disable [service] == enable/disable service to start on boot
  133. --type=target == list all active targets
  134. --type=service == list all active services
  135. set-default == set default runlevel at boot
  136. get-default == what is the default target to run at boot?
  137. -t help == list all available system config units
  138. list-dependencies [target]/[service] == list all dependencies (if no [target]/ [service] specified, then the dependencies of target you are in now are listed)
  139.  
  140. /etc/systemd/system/[target_name].target.wants/[name].service == enabled services. Symlink from here to /usr/lib/systemd/system/[service] is created to enable
  141.  
  142.  
  143. systemctl XXXXX name.target
  144. isolate == Move from one target to another (i.e. from multi-user to graphical interface to rescue mode, etc.)
  145.  
  146.  
  147. ACLs (Access Control Lists)
  148. default working filesystems= xfs. Ext works too but must be specified when mounted
  149. Gives user access to specific file/dir without making them part of the group or the owner. Adds a + to permissions to show this for users/groups but not world.
  150. getfacl == get ACL info
  151. Can use to copy ACL info:
  152. getfacl file1 | setfacl --set-file=- file2
  153. (note the - after the =, this implies coming from std input)
  154. >mask == maximum level permissions; overrides specific ACL; modified by chmod.
  155. setfacl [flags+arguments] file/dir
  156. -m == modify
  157. u (notice no -) == user, used this way == u:username:permissions
  158. g (notice no -) == group, see “u” flag for usage
  159. >Note: u and g map to the UID/GID respectively, so if either one is changed for a user/group, ACL will no longer apply to that user/group!
  160. m (notice no -) == mask. Used this way == m::permissions
  161. -d == set defaults for user inside directory (goes before -m)
  162. Default ACL on directory == all files/dir created under will have this ACL, but the user still needs to have their own ACL permission on the directory
  163. In other words, ACL affects how the directory can be used (read, write, execute), and default ACL affects the files/dirs the user makes inside
  164. -x == remove ACL for user/group
  165. --remove-default == removes all defaults
  166. -R == recursive
  167. You can combine, ex:
  168. setfacl -m g:mygroup:rwx,u:myuser:rw directory
  169. cp doesn’t preserve ACL rules
  170. mv does preserve ACL rules
  171.  
  172. Configure a System to Use an Existing Authentication Service
  173. yum upgrade –y
  174. yum install –y realmd
  175. realm discover [hostname]
  176. yum install –y [required packages]
  177. realm join [hostname]
  178. vim /etc/ssh/sshd_config == uncomment + allow authentication (kerberos?)
  179. systemctl sshd restart
  180.  
  181. LOGS/JOURNALD
  182. journalctl == systemd logs everything here (man systemd-journald). It is not persistent, it clears out after every reboot.
  183.  
  184. --since=yesterday == all logs since that day (only if persistent or hasn’t been rebooted)
  185.  
  186. /etc/system/journald.conf == journald config file
  187. /etc/rsyslog.conf
  188. mail.* == “mail” is a facility, the type of program creating log
  189. *.emerg == “emerg” is priority. Info, debug, warning, etc.
  190. systemd-analyze == boot times
  191. systemd-analyze blame == specific times for boot processes
  192.  
  193. VIRTUAL MACHINES
  194. To install VM packages:
  195. yum grouplist hidden (This will show virtualization packages)
  196. yum groupinstall "Virtualization Client" "Virtualization Tools" "Virtualization Platform"
  197.  
  198. systemctl enable libvirtd
  199. systemctl start libvirtd
  200.  
  201. virsh == CLI virtual machine manager
  202. help
  203. list --all
  204. shutdown [vmname]
  205. start [vmname]
  206. autostart [vm-name]
  207. virt-manager == GUI virtual machine manager (applications > system tools > virtual machine manager)
  208.  
  209. FIREWALLD
  210. yum install firewalld firewall-config
  211.  
  212. firewall-cmd [options]…
  213. --help == help/info
  214. --get-zones == shows you the zones available. all rules are saved in “zones”
  215. --get-default-zone == youre always working in a zone, this shows you the default one a rule is applied to unless you specify a zone
  216.  
  217.  
  218. --list-all == list all current rules for the default zone, unless you specify the zone:
  219. --zone=[zone] -- list-all
  220. --list-all-zones == list all current rules for all zones
  221.  
  222. --reload == reload firewalld
  223. --permanent == make rule permanent. Permanent rules are not applied until you reload
  224.  
  225. --add-port=[port #]/[tcp or udp] == add port with either tcp or udp
  226. --add-source=[IP] == add source IP
  227. --remove-port=[port #]/[tcp/udp] == remove port #
  228. --remove-source=[IP] == remove source IP
  229.  
  230. SELINUX
  231. Modes:
  232. Enabled == monitoring + enforcing
  233. Passive == monitoring + logging but not enforcing
  234. Disabled == Not monitoring or logging or enforcing (reboot required to go into disabled mode)
  235. getenforce == what mode are we in?
  236. setenforce 0 == change to Passive/Permissive mode (if its not the default, it will revert on reboot)
  237. setenforce 1 == change to Enabled/Enforcing mode (if its not the default, it will revert on reboot)
  238. /etc/selinux/config == Change default level, and ability to Disable (must reboot to apply disable)
  239. ls –Z == list SELinux info
  240. -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 file.out
  241. Permissions / user:group / user / role / type / filename
  242. type = specific program or permissions allowed to access
  243. semanage fcontext -l | grep [process/file/directory] == list all files/dirs associated with [ ] in SELinux
  244. restorecon [file/dir] == “restore” context of [ ] based on where it currently is located
  245. touch /.autorelabel == force relabel everything on reboot
  246. semanage fcontext -a -t [context] '[file/path]'
  247. -a (add) -t (type) : add a file/path to SELinux context rules.
  248. For example, adding a path with optional recursive to all files/dirs to the main httpd context rule:
  249. semanage fcontext -a -t httpd_sys_content_t '/content(/.*)?'
  250. semanage fcontext -d "[file/path]" == -d (remove) : remove SELinux rule. Must restorecon in that directory or the file to apply
  251. getsebool -a == list SELinux boolean values currently set
  252. semanage boolean -l == list SELinux boolean default values
  253. setsebool [-P] [bolean_rule] on/off == change Boolean rule. By default its for this session only, but if you set [-P] then it because permanent.
  254. yum install setroubleshoot-server == not pre-installed by default. Creates /var/log/audit/audit.log but not user friendly so use: sealert -a /var/log/audit/audit.log
  255.  
  256.  
  257. Key-Based Authentication for SSH
  258. ssh-keygen == generate RSA private and public keys
  259. ssh-copy-id [user]@[IP] == copy the public key (id_rsa.pub) to a remote machine
  260.  
  261. ssh-agent bash && ssh-add == cache ssh passphrase for this session
  262.  
  263. MANAGING NETWORK
  264. nmcli con show == show connected network devices
  265. nmcli dev status == like above, but cleaner + state
  266. nmtui == connection editor wizard
  267.  
  268. nmcli con [add/del] [use tab for options] == add/delete connections
  269. nmcli con [up/down] “[connection name]” == bring up/down connection
  270. nmcli con mod “[connection name]” (use tab-tab to search) == modify connection
  271. +ipv4.dns [IP] == add DNS resolver to specific connection
  272.  
  273.  
  274. /etc/sysconfig/network-scripts/ == network and device scripts
  275.  
  276. ip addr == show connections
  277. show [device] == optional for seeing info one only specific device
  278. -s [what] show [device] == stats of device
  279. ss == see listening ports + established connections
  280. -a == all listening/established
  281. -t / u == tcp / udp
  282. -n == include port. External on left, internal on right.
  283. hostname [hostname] temporary hostname change
  284. vi /etc/hostname == permanent hostname change
  285.  
  286. KERNEL
  287. yum list kernel == list available/installed kernels
  288. grub2-set-default [#] == change kernel used to boot
  289. # == 0 most recent, 1 older, 2 even older, etc
  290. yum update kernel == update kernel
  291. yumdownloader kernel == download kernel rpm
  292. rpm -ivh kernel..[tab] == install new kernel (reboot to take effect)
  293.  
  294. INSTALL REDHAT w/ KICKSTART
  295. A Kickstart file automatically gets created by the anaconda installer at the end of a RHEL installation. It is saved at the root user s home directory, and has the name /root/anaconda-ks.cfg
  296.  
  297. yum install system-config-kickstart == install kickstart config tool, use same name to start tool
  298. TAB at boot install, ks=[http/ftp]://path/to/file
  299.  
  300. TIME SERVICES
  301. chronyd == what ntp uses as a daemon, instead of ntp.d
  302. timedatectl == time/date services
  303. set-timezone [America/Los_Angeles]
  304. set-time [hour:minute:second]
  305.  
  306. tzselect = timezone selection assistance (does not actually set it for you)
  307. chronyc
  308. sources -v == show ntp servers
  309. tracking == verbose info on synchronization
  310. /etc/chrony.conf == chrony config, pool of servers being used for sync
  311.  
  312.  
  313. INSTALL/UPDATE/MANAGE PACKAGES/REPOS
  314. yum == yellow-dog updater modified
  315. yum
  316. check-update == list updates only, don't attempt to install
  317. info == info of package
  318. list installed [package] == check if specific packaged installed, not a result of everything named [package]
  319. provides/whatprovides [path/file] == what created this file/directory
  320. yumdownloader == download package
  321. -----------------------------
  322. rpm -[flag below] [package]
  323. -i == install
  324. -e == erase
  325. -vh == verbose + progress bar
  326. -U == update package
  327. -qa == check if package installed
  328. -ql == list files installed
  329. -c == config files
  330. -d == documentation files
  331. rpm localinstall [package] == install using yum
  332. --------------------------------------
  333. yum repolist all == list all enabled and disabled repos
  334. yum-config-manager
  335. add-repo [url] == add repo file
  336. --disabled [repo ID from yum repolist all]
  337. ------------------------------------------
  338. Repo files must end in .repo :
  339. [repo id]
  340. name=name of my repo
  341. baseurl=file:///path/to/directory OR https://url.domain.com
  342. enabled=1
  343. gpgcheck=0
  344. OR
  345. gpgcheck=1
  346. gpgkey=file:///etc/pki/rpm-gpg/GPGKEYURL
  347. gpg keys location = /etc/pki/rpm-gpg/ (use wget to dowload)
  348.  
  349. STORAGE
  350. fdisk /path/to/mount == mbr partitions only
  351. For “last sector” (i.e. size of partition), you can do +#M/G . Example: +500M is 500 MB, +25G is 25GB
  352. Don't forget to hit ‘w’ to write changes!
  353. mkfs [flag and option] /path/to/partition
  354. -t [type] == specify type of filesystem, red hat defaults as xfs
  355. blkid == see device info
  356. >Need to create location to mount device, generally done in /mnt/
  357. mount -U [UUID] ← this method is preferred but can also do mount [device path] [mount path]
  358. umount [mount path] ← NOT device path
  359. partprobe == have linux reload partition table
  360. ----------------------------------------------
  361. gdisk /path/to/mount == newer, better. does GPT entries. Do not use on mbr drives or it will automatically convert the mbr to gpt
  362. >Same steps as fdisk to setup a partition
  363. ---------------------------------------------
  364. Physical Drives >> LVG >> LVM >> Application
  365. LVG == Logical Volume Group. Combination of physical drives as one group.
  366. LVM == Logical Volume Manager. Works between the OS and physical drive to virtually combine physical drives to act together as one.
  367.  
  368. tl;dr :
  369. Partition drives as LVM, create physical volumes, create volume group(s), create logical volume(s), mkfs
  370. >fdisk/gdisk the drives but change partition type to Linux LVM
  371. pvcreate /path/to/partiton1 /path/to/partition2 …
  372. vgcreate [volume group name to create] /path/to/partition1 /path/to/partition2 ...
  373. lvcreate -n [LV name to create] -L [size wanted, ex: 10G] [name of volume group to use]
  374. >mkfs to setup filesystem to be used
  375. >mount it somewhere
  376.  
  377. lvremove /path/to/logical/volume == remove logical volume
  378. vgremove [volume group name]
  379. pvremove /path/to/parition1 /path/to/partition2
  380.  
  381. pvdisplay == view physical volumes
  382. vgdisplay == view volume groups
  383. lvdisplay == view logical volumes
  384.  
  385. To add physical volumes to a group volume:
  386. vgextend [group name] /path/to/partition
  387. To remove physical volumes from a group volume:
  388. vgreduce [groupname] /path/to/partition
  389.  
  390. To extend logical volume:
  391. lvextend -L [# in B/M/G] /path/to/logicalvolume
  392. >can use -l to specify extends instead of specific disk space)
  393. >if no + is used before # then you're changing the max, otherwise a + means you want to grow the partition by that amount
  394.  
  395. This extends size of volume, not size of filesystem, so:
  396. for xfs: xfs_growfs /path/to/mount
  397. (remember xfs cannot be shrunk!)
  398. for ext: resize2fs /path/to/mount
  399.  
  400. --------------------------------------------------------------
  401. xfs_admin (for xfs) // tune2fs (for ext)
  402. -L [name] /path/to/partition == label partition
  403. -l /path/to/partition == show label name
  404. /etc/fstab == persistent mounts; self-explanatory; (each separated by a space or tab)
  405. UUID= or LABEL= or /path/to/partition mount point filesystem_type defaults 1 #
  406. -----------------------------------------------------------------
  407. To make swap:
  408. from logical volume: pvcreate, vgcreate, lvcreate
  409. OR
  410. from physical mount: partition like normal, but using swap as type/system id
  411. Then mkswap [/path/to/volume-group/logical-group] or [/path/to/parition]
  412. swapon/swapoff /path/to/mount/ == swapon is NOT persistent
  413. For persistence, in fstab:
  414. UUID=xxxxx swap swap 0 0
  415. swapon/swapoff -a == mount/unmount all swaps
  416. -----------------------------------------------------------------
  417. dumpe2fs == dump a bunch of info on the partition
  418. xfs == parallel processing, throughput
  419. vfat == deprecated, but accessible by windows + linux
  420. ext4 == default for new linux based OS
  421. -----------------------------------------------------------------
  422. CIFS == common internet file system, creating shares among internet/intranet
  423. (ex: samba)
  424. NFS == network file system
  425. yum install cifs-utils nfs-utils
  426. CIFS:
  427. Temporary
  428. mount -t cifs -o username=xxxx //server_IP/sharename /path/to/mount
  429. Persistant (fstab) (following way is insecure but it passes RHCSA)
  430. //server_IP/sharename /path/to/local/mount cifs username=xxxx,password=xxxx 0 0
  431. NFS:
  432. Temporary
  433. mount -t nfs server_IP:/shareroot /path/to/mount
  434. Persistant (fstab)
  435. server_IP:/remote/mount/location /local/mount/destination nfs defaults 0 0
  436. Test these with: mount -a (after manual umount)
  437.  
  438. OTHER
  439. cat /proc/cpuinfo == show system/cpu info
  440. In RHEL 7.0, you could write:
  441. # nmcli con mod myConn ipv4.addresses "10.0.0.10/24 10.0.0.1"
  442. Since RHEL 7.1, you have to do it in two steps:
  443. # nmcli con mod myConn ipv4.addresses 10.0.0.10/24
  444. # nmcli con mod myConn ipv4.gateway 10.0.0.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!