Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Interrupt the Boot Process in Order to Gain Access to a System
- To start the system in the Rescue target, during boot process edit the grub config kernel line by adding to the end: systemd.unit=rescue.target
- 1. During boot process, edit grub config kernel line “linux16” by adding to the end: rd.break
- 2. mount –o remount,rw /sysroot
- 3. chroot /sysroot
- 4. passwd
- 5. touch /.autorelabel
- 6. exit then exit again
- REDIRECTION
- &> == Redirect both
- 2>&1 == Redirect standard error to output
- UMASK
- Default: 666 files / 777 directories
- Permanent adjust for users: /etc/profile and /etc/bashrc
- SHUTDOWN/REBOOT
- shutdown [flags/arguments]
- -r == reboot
- -h / P == halt / power-off
- +# / 00:00 == in minutes / military time
- systemctl [halt/poweroff/reboot]
- PERMISSIONS
- chmod
- g+s [directory] // chmod 2xxx == all files/dir created inside will be created with the group ownership of this directory
- u+s [file] // chmod 4xxx [file] == execute as owner of file
- 1xxx [directory] == files/dir inside cannot be deleted except by owner of that file/dir
- capital letter == apply only to directories
- NICE
- 19 (least) to -20 (most)
- nice
- –n # [name] == start process with specific process, the -n IS required
- renice
- –n # [pid] == renice a specific process by id
- -n # $(pgrep [name]) == renice every process found by pgrep ($ creates a subshell)
- PROCESSES
- pgrep [flag] [name] == shows process id and name
- -l == list process name
- -u [username] == find only those owned by [username]
- -v == inverse results (Ex: pgrep –v –u root == all processes not owned by root)
- -t [pts/#] == kill all process started by that user/terminal window, but user stays logged in
- SIGHUP/1 == Closing terminal
- SIGINT/2 == Keyboard interrupt (ctrl + c)
- SIGQUI/3 == Parent process tells it to quit
- SIGKILL/9 == Murder the process. Do not pass go.
- SIGTERM/15 == Stop, cleanup, and quit. DEFAULT used when kill/pkill
- SIGCONT/18 == Continue
- SIGSTOP/19 == Stop
- kill [pid] == kill a specific process
- pkill [name] == kill all processes of that name
- ps axo nice,comm,pid,user
- LOAD
- 0.00 , 0.00, 0.00 == 1 minute, 5 minutes, 15 minutes
- 0.00 (min) / # of processors == % of cpu usage
- 1 cpus w/ 1.00 == 100% cpu power
- 2 cpus w/ 1.50 == ~75% cpu power
- USERS/GROUPS
- useradd // usermod // userdel // chage
- groupadd // groupmod // groupdel
- newgrp == change my current group ID during this login session
- /etc/passwd == username: x: user id: group id: nickname: home dir: login
- /etc/shadow == username: pw hash: last pw change unix epoc: min days before pw change: max days before required pw change: # of days of warning before pw expire: max active days after pw expire: account expiration date
- /etc/skel == skeleton user directory
- user login defaults == /etc/login.defs
- Other defaults == /etc/defaults/
- TAR/GZIP
- **Extracting by default overwrites local files**
- tar -cvzf NAME.tar.gz [files/directories]
- -c == create
- -v == verbose
- -z == gzip
- -x == gunzip
- -f == name the file
- -t = look inside without unpacking
- -d == see difference between local and archived
- TRANSFERING FILES
- scp /path/to/local/file user@remotehost:/path/to/destination
- sftp user@remotehost
- -can use basic CLI commands such as ls and mkdir
- -“get” == download file from remote
- -“put” == upload file to remote
- -“?” == help/commands
- To Push:
- rsync -a /path/to/file_or_dir user@remotehost:/path/to/destination
- To Pull:
- rsync -a user@remotehost:/path/to/remote/dir_or_file /path/to/local/destination
- -a == stands for "archive" and syncs recursively and preserves symbolic links, special and device files, modification times, group, owner, and permissions
- -nv == verbose dry run
- -z == compress first
- -P == combines progress and partial flag, gives a progress bar for the transfers and allows you to resume interrupted transfers
- --exclude=/what/to/exclude
- By default, rsync does not delete anything from the destination directory, but can change this behavior with the --delete option
- AT, CRON, ANACRON
- AT does not create reoccurring events, only a one time scheduled future event.
- If system is off during cron time, cron is missed.
- Anacron checks last time cron was run.
- yum install at
- (then make sure to enable & start the service)
- at.deny OR at.allow
- at
- now +## [minutes/hours/days]
- >[command] then ctrl+d
- at [time am/pm]
- >[command] then ctrl+d
- atq == list at queue
- atrm # == remove job
- -------------------------
- cron.d == custom crons / crons that are managed by a program
- –---------------------------
- anacron == only privileged users
- /var/spool/anacron/ == logs kept by anacron for last run cycle of a cron
- anacron -f == Run all anacronjobs regardless of their last run timestamp
- TARGETS/SERVICES
- /usr/lib/systemd/system/ == location of services, targets, etc
- systemctl
- is-enabled [service] == check if service is enabled on boot
- is-active [service] == is the service active/on right now
- enable/disable [service] == enable/disable service to start on boot
- --type=target == list all active targets
- --type=service == list all active services
- set-default == set default runlevel at boot
- get-default == what is the default target to run at boot?
- -t help == list all available system config units
- list-dependencies [target]/[service] == list all dependencies (if no [target]/ [service] specified, then the dependencies of target you are in now are listed)
- /etc/systemd/system/[target_name].target.wants/[name].service == enabled services. Symlink from here to /usr/lib/systemd/system/[service] is created to enable
- systemctl XXXXX name.target
- isolate == Move from one target to another (i.e. from multi-user to graphical interface to rescue mode, etc.)
- ACLs (Access Control Lists)
- default working filesystems= xfs. Ext works too but must be specified when mounted
- Gives user access to specific file/dir without making them part of the group or the owner. Adds a + to permissions to show this for users/groups but not world.
- getfacl == get ACL info
- Can use to copy ACL info:
- getfacl file1 | setfacl --set-file=- file2
- (note the - after the =, this implies coming from std input)
- >mask == maximum level permissions; overrides specific ACL; modified by chmod.
- setfacl [flags+arguments] file/dir
- -m == modify
- u (notice no -) == user, used this way == u:username:permissions
- g (notice no -) == group, see “u” flag for usage
- >Note: u and g map to the UID/GID respectively, so if either one is changed for a user/group, ACL will no longer apply to that user/group!
- m (notice no -) == mask. Used this way == m::permissions
- -d == set defaults for user inside directory (goes before -m)
- Default ACL on directory == all files/dir created under will have this ACL, but the user still needs to have their own ACL permission on the directory
- In other words, ACL affects how the directory can be used (read, write, execute), and default ACL affects the files/dirs the user makes inside
- -x == remove ACL for user/group
- --remove-default == removes all defaults
- -R == recursive
- You can combine, ex:
- setfacl -m g:mygroup:rwx,u:myuser:rw directory
- cp doesn’t preserve ACL rules
- mv does preserve ACL rules
- Configure a System to Use an Existing Authentication Service
- yum upgrade –y
- yum install –y realmd
- realm discover [hostname]
- yum install –y [required packages]
- realm join [hostname]
- vim /etc/ssh/sshd_config == uncomment + allow authentication (kerberos?)
- systemctl sshd restart
- LOGS/JOURNALD
- journalctl == systemd logs everything here (man systemd-journald). It is not persistent, it clears out after every reboot.
- --since=yesterday == all logs since that day (only if persistent or hasn’t been rebooted)
- /etc/system/journald.conf == journald config file
- /etc/rsyslog.conf
- mail.* == “mail” is a facility, the type of program creating log
- *.emerg == “emerg” is priority. Info, debug, warning, etc.
- systemd-analyze == boot times
- systemd-analyze blame == specific times for boot processes
- VIRTUAL MACHINES
- To install VM packages:
- yum grouplist hidden (This will show virtualization packages)
- yum groupinstall "Virtualization Client" "Virtualization Tools" "Virtualization Platform"
- systemctl enable libvirtd
- systemctl start libvirtd
- virsh == CLI virtual machine manager
- help
- list --all
- shutdown [vmname]
- start [vmname]
- autostart [vm-name]
- virt-manager == GUI virtual machine manager (applications > system tools > virtual machine manager)
- FIREWALLD
- yum install firewalld firewall-config
- firewall-cmd [options]…
- --help == help/info
- --get-zones == shows you the zones available. all rules are saved in “zones”
- --get-default-zone == youre always working in a zone, this shows you the default one a rule is applied to unless you specify a zone
- --list-all == list all current rules for the default zone, unless you specify the zone:
- --zone=[zone] -- list-all
- --list-all-zones == list all current rules for all zones
- --reload == reload firewalld
- --permanent == make rule permanent. Permanent rules are not applied until you reload
- --add-port=[port #]/[tcp or udp] == add port with either tcp or udp
- --add-source=[IP] == add source IP
- --remove-port=[port #]/[tcp/udp] == remove port #
- --remove-source=[IP] == remove source IP
- SELINUX
- Modes:
- Enabled == monitoring + enforcing
- Passive == monitoring + logging but not enforcing
- Disabled == Not monitoring or logging or enforcing (reboot required to go into disabled mode)
- getenforce == what mode are we in?
- setenforce 0 == change to Passive/Permissive mode (if its not the default, it will revert on reboot)
- setenforce 1 == change to Enabled/Enforcing mode (if its not the default, it will revert on reboot)
- /etc/selinux/config == Change default level, and ability to Disable (must reboot to apply disable)
- ls –Z == list SELinux info
- -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 file.out
- Permissions / user:group / user / role / type / filename
- type = specific program or permissions allowed to access
- semanage fcontext -l | grep [process/file/directory] == list all files/dirs associated with [ ] in SELinux
- restorecon [file/dir] == “restore” context of [ ] based on where it currently is located
- touch /.autorelabel == force relabel everything on reboot
- semanage fcontext -a -t [context] '[file/path]'
- -a (add) -t (type) : add a file/path to SELinux context rules.
- For example, adding a path with optional recursive to all files/dirs to the main httpd context rule:
- semanage fcontext -a -t httpd_sys_content_t '/content(/.*)?'
- semanage fcontext -d "[file/path]" == -d (remove) : remove SELinux rule. Must restorecon in that directory or the file to apply
- getsebool -a == list SELinux boolean values currently set
- semanage boolean -l == list SELinux boolean default values
- setsebool [-P] [bolean_rule] on/off == change Boolean rule. By default its for this session only, but if you set [-P] then it because permanent.
- yum install setroubleshoot-server == not pre-installed by default. Creates /var/log/audit/audit.log but not user friendly so use: sealert -a /var/log/audit/audit.log
- Key-Based Authentication for SSH
- ssh-keygen == generate RSA private and public keys
- ssh-copy-id [user]@[IP] == copy the public key (id_rsa.pub) to a remote machine
- ssh-agent bash && ssh-add == cache ssh passphrase for this session
- MANAGING NETWORK
- nmcli con show == show connected network devices
- nmcli dev status == like above, but cleaner + state
- nmtui == connection editor wizard
- nmcli con [add/del] [use tab for options] == add/delete connections
- nmcli con [up/down] “[connection name]” == bring up/down connection
- nmcli con mod “[connection name]” (use tab-tab to search) == modify connection
- +ipv4.dns [IP] == add DNS resolver to specific connection
- /etc/sysconfig/network-scripts/ == network and device scripts
- ip addr == show connections
- show [device] == optional for seeing info one only specific device
- -s [what] show [device] == stats of device
- ss == see listening ports + established connections
- -a == all listening/established
- -t / u == tcp / udp
- -n == include port. External on left, internal on right.
- hostname [hostname] temporary hostname change
- vi /etc/hostname == permanent hostname change
- KERNEL
- yum list kernel == list available/installed kernels
- grub2-set-default [#] == change kernel used to boot
- # == 0 most recent, 1 older, 2 even older, etc
- yum update kernel == update kernel
- yumdownloader kernel == download kernel rpm
- rpm -ivh kernel..[tab] == install new kernel (reboot to take effect)
- INSTALL REDHAT w/ KICKSTART
- A Kickstart file automatically gets created by the anaconda installer at the end of a RHEL installation. It is saved at the root user s home directory, and has the name /root/anaconda-ks.cfg
- yum install system-config-kickstart == install kickstart config tool, use same name to start tool
- TAB at boot install, ks=[http/ftp]://path/to/file
- TIME SERVICES
- chronyd == what ntp uses as a daemon, instead of ntp.d
- timedatectl == time/date services
- set-timezone [America/Los_Angeles]
- set-time [hour:minute:second]
- tzselect = timezone selection assistance (does not actually set it for you)
- chronyc
- sources -v == show ntp servers
- tracking == verbose info on synchronization
- /etc/chrony.conf == chrony config, pool of servers being used for sync
- INSTALL/UPDATE/MANAGE PACKAGES/REPOS
- yum == yellow-dog updater modified
- yum
- check-update == list updates only, don't attempt to install
- info == info of package
- list installed [package] == check if specific packaged installed, not a result of everything named [package]
- provides/whatprovides [path/file] == what created this file/directory
- yumdownloader == download package
- -----------------------------
- rpm -[flag below] [package]
- -i == install
- -e == erase
- -vh == verbose + progress bar
- -U == update package
- -qa == check if package installed
- -ql == list files installed
- -c == config files
- -d == documentation files
- rpm localinstall [package] == install using yum
- --------------------------------------
- yum repolist all == list all enabled and disabled repos
- yum-config-manager
- add-repo [url] == add repo file
- --disabled [repo ID from yum repolist all]
- ------------------------------------------
- Repo files must end in .repo :
- [repo id]
- name=name of my repo
- baseurl=file:///path/to/directory OR https://url.domain.com
- enabled=1
- gpgcheck=0
- OR
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/GPGKEYURL
- gpg keys location = /etc/pki/rpm-gpg/ (use wget to dowload)
- STORAGE
- fdisk /path/to/mount == mbr partitions only
- For “last sector” (i.e. size of partition), you can do +#M/G . Example: +500M is 500 MB, +25G is 25GB
- Don't forget to hit ‘w’ to write changes!
- mkfs [flag and option] /path/to/partition
- -t [type] == specify type of filesystem, red hat defaults as xfs
- blkid == see device info
- >Need to create location to mount device, generally done in /mnt/
- mount -U [UUID] ← this method is preferred but can also do mount [device path] [mount path]
- umount [mount path] ← NOT device path
- partprobe == have linux reload partition table
- ----------------------------------------------
- gdisk /path/to/mount == newer, better. does GPT entries. Do not use on mbr drives or it will automatically convert the mbr to gpt
- >Same steps as fdisk to setup a partition
- ---------------------------------------------
- Physical Drives >> LVG >> LVM >> Application
- LVG == Logical Volume Group. Combination of physical drives as one group.
- LVM == Logical Volume Manager. Works between the OS and physical drive to virtually combine physical drives to act together as one.
- tl;dr :
- Partition drives as LVM, create physical volumes, create volume group(s), create logical volume(s), mkfs
- >fdisk/gdisk the drives but change partition type to Linux LVM
- pvcreate /path/to/partiton1 /path/to/partition2 …
- vgcreate [volume group name to create] /path/to/partition1 /path/to/partition2 ...
- lvcreate -n [LV name to create] -L [size wanted, ex: 10G] [name of volume group to use]
- >mkfs to setup filesystem to be used
- >mount it somewhere
- lvremove /path/to/logical/volume == remove logical volume
- vgremove [volume group name]
- pvremove /path/to/parition1 /path/to/partition2
- pvdisplay == view physical volumes
- vgdisplay == view volume groups
- lvdisplay == view logical volumes
- To add physical volumes to a group volume:
- vgextend [group name] /path/to/partition
- To remove physical volumes from a group volume:
- vgreduce [groupname] /path/to/partition
- To extend logical volume:
- lvextend -L [# in B/M/G] /path/to/logicalvolume
- >can use -l to specify extends instead of specific disk space)
- >if no + is used before # then you're changing the max, otherwise a + means you want to grow the partition by that amount
- This extends size of volume, not size of filesystem, so:
- for xfs: xfs_growfs /path/to/mount
- (remember xfs cannot be shrunk!)
- for ext: resize2fs /path/to/mount
- --------------------------------------------------------------
- xfs_admin (for xfs) // tune2fs (for ext)
- -L [name] /path/to/partition == label partition
- -l /path/to/partition == show label name
- /etc/fstab == persistent mounts; self-explanatory; (each separated by a space or tab)
- UUID= or LABEL= or /path/to/partition mount point filesystem_type defaults 1 #
- -----------------------------------------------------------------
- To make swap:
- from logical volume: pvcreate, vgcreate, lvcreate
- OR
- from physical mount: partition like normal, but using swap as type/system id
- Then mkswap [/path/to/volume-group/logical-group] or [/path/to/parition]
- swapon/swapoff /path/to/mount/ == swapon is NOT persistent
- For persistence, in fstab:
- UUID=xxxxx swap swap 0 0
- swapon/swapoff -a == mount/unmount all swaps
- -----------------------------------------------------------------
- dumpe2fs == dump a bunch of info on the partition
- xfs == parallel processing, throughput
- vfat == deprecated, but accessible by windows + linux
- ext4 == default for new linux based OS
- -----------------------------------------------------------------
- CIFS == common internet file system, creating shares among internet/intranet
- (ex: samba)
- NFS == network file system
- yum install cifs-utils nfs-utils
- CIFS:
- Temporary
- mount -t cifs -o username=xxxx //server_IP/sharename /path/to/mount
- Persistant (fstab) (following way is insecure but it passes RHCSA)
- //server_IP/sharename /path/to/local/mount cifs username=xxxx,password=xxxx 0 0
- NFS:
- Temporary
- mount -t nfs server_IP:/shareroot /path/to/mount
- Persistant (fstab)
- server_IP:/remote/mount/location /local/mount/destination nfs defaults 0 0
- Test these with: mount -a (after manual umount)
- OTHER
- cat /proc/cpuinfo == show system/cpu info
- In RHEL 7.0, you could write:
- # nmcli con mod myConn ipv4.addresses "10.0.0.10/24 10.0.0.1"
- Since RHEL 7.1, you have to do it in two steps:
- # nmcli con mod myConn ipv4.addresses 10.0.0.10/24
- # nmcli con mod myConn ipv4.gateway 10.0.0.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement