Beruflich Dokumente
Kultur Dokumente
preparation
Alias command
#alias k=’ls –l’
#k
total 12
-rw-r--r--. 1 root root 310 Nov 24 17:31 :
-rw-------. 1 root root 1274 Dec 1 23:50 anaconda-ks.cfg
-rw-r--r--. 1 root root 809 Dec 1 23:58 ks.cfg
-rw-r--r--. 1 root root 0 Nov 23 23:26 x.files
History
Command is used to check history: history
Globing
Wildcard: ls host*
ls ?ost
ls [hm]ost
ls [!hm]ost
ls [0-9][0-9]script
find command
find / -user Kamran (finds files owened Kamran user)
find / -size +100M (finds files size more than 100Mb)
TAR
tar cvf ( c-create, v- verbose, f-file)
tar cvf Kamran.tar /home/Kamran
tar tvf (t- show inside the file, v-verbose, f-file)
tar tvf Kamran.tar
tar xvf (x-extract files form tar file, v-verbose, f-file)
tar xvf Kamran.tar (it will extract files to the current directory)
tar xvf Kamran.tar –C bkptar ( “C” will change the direction of
extracted files to the bkptar directory)
To compress the archived files need to ad “z” and the file
extension is tgz for compressed tar file. Its gzip
To compress in bzip2 need to add “j”
tar czvf Kamran.tgz ./Kamran.tar
tar cjvf Kamran.bz2 ./Kamran
tar –rvf Kamran.tar /etc (it used to add new files to the existing
tar file)
tar –uvf Kamran.tar /etc ( its used to update tar file with new
files )
Option Use
c Creates an archive.
v Shows verbose output while tar is working.
t Shows the contents of an archive.
z Compresses/decompresses the archive while
creating it, by using gzip.
j Compresses/decompresses the archive by using
bzip2.
x Extracts an archive.
u Updates an archive; only newer files will be written
to the archive.
C Changes the working directory before performing
the command.
r Appends files to an archive.
DD compressiong methot.
Its used to compress entire drive or partition.
dd if=/dev/zero/ of=/home/Kamran/ddcomp bs=1M count=1000
bzip2 file.txt
#ls
#file.txt.bz2
Regular Expression
For more information visit “man 7 regex”
Text utilities
cat
tac (shows content of the file from bottom to up(opposite of cat))
head –n 10 (shows first 10 lines of file)
tail -n 10 (shows last 10 lines of file)
SSH settings
systemctl status sshd (shows status of sshd)
to generate ssh key:
#ssh-keygen
To copy key from remote server so no need to enter password
everytime:
#ssh-copy-id 192.168.88.10
After this session public key will be stored in below directory
~/.ssh/
SSH configuration is in below file
#vi /etc/ssh/sshd_conf
When try to change the port its better change the port in SELinux
too by below command
#semanage port –a –t ssh_port_t –p tcp #PORTNUMBER
Ssh base another tool
#scp 192.168.1.1:/home/x /tmp
#rsync –a 192.168.1.1:/home/x /tmp ( it synchronize the files)
#rsync –a /home /tmp
To make working with passphrases a bit less complicated, the passphrase can be cached for a session. To
do this, you need the
ssh-agent and ssh-add commands. Assuming that the public/private key pair has already been created, this
is an easy three-step procedure:
1) #ssh-agent /bin/bash
2) #ssh-add
Users, groups and permisions
User default login criteria’s are stored in below directory
When user is defined options are applied based on below files
#vi /etc/login.defs
#useradd Kamran (add user Kamran)
/etc/skel/ (is a directory where some files or folders are created,
new file automatically creates on newly added user directory)
#more /etc/passwd (shows existing users on the system)
#usermod Kamran (is used to modify some parameters about the
user such as lock, unlock, change password, assign password etc.
for more info see usermod –help)
#usermod –p roor Kamran (example)
#useradd –s /sbin/nologin Kamran (Kamran user is a system user
and it has no login shell)
# userdel -rf (removes user )
In the /etc/passwd file you can find username and its password
and other data
Kamran:x:1000:1000::/home/Kamran:/bin/bash
Kamran (user)
x (compatibility settings which used to store password in old
system)
1000 (first number indicates user id)
1000( second number indicates group id)
::/home/Kamran (indicates user home directory)
Other useful file shadow
/etc/shadow
Kamran1:$6$uXJx.qzv$t1icmw.Id5Uw/hFiLSDWrFGv6krnopK0jqM
GbY2WGVsa8raaDUrkfaBYvRu6nv26D3BzpdPeTsZUPm8qkzPNR0:
18070:0:99999:7:::
6$uXJx.qzv$t1icmw.Id5Uw/hFiLSDWrFGv6krnopK0jqMGbY2WGVs
a8raaDUrkfaBYvRu6nv26D3BzpdPeTsZUPm8qkzPNR0:18070:0:99
999:7::: ( is a encrypted user password)
Group
#groupadd people (group is added with the name of people)
#/etc/group ( shows user group and its id)
people:x:1004:
#groupmod ( used to modify user group )
vigr or vi /etc/group ( to add user to the gropu 1 method)
people:x:1005:PS ( in this case PS will be assigned to the people
group)
#useradd –G core CS (CS user is combined to core group)
#usermod –aG core IMS (IMS user is added to core group)
Id ( is used to see the user assigned group)
[root@localhost ~]# id IMS
uid=1006(IMS) gid=1008(IMS) groups=1008(IMS),1006(core)
Password for user
passwd –S IMS (shows status of password of IMS user( man
passwd))
[root@localhost ~]# passwd -S IMS
IMS PS 2019-09-22 0 99999 7 -1 (Password set, SHA512 crypt.)
To change password settings
[root@localhost ~]# chage Kamran
Changing the aging information for Kamran
Enter the new value, or press ENTER for the default
Permission
chown [OPTION]... [OWNER][:[GROUP]] FILE...
chown -R IMS:core /home/data/sales/
-R means recursive ( it will be applied to all directories and
subdirectories)
IMS- user
core- group
file dir
read 4 open list
create,
write 2 modify delete
execute 1 run cd
UMASK
By default user and directory have below permission
User=666
Directory=777
By default umask is set 022. Its called wild mask
User=666 666-022 =644 (which means wr,r,r)
Directory=777 777-022=775 (which means wrx,wrx,rx)
Umask ID for root user is stored in the /etc/profile file
vi /etc/profile (search umask keyword)
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ];
then
umask 002
else
umask 022
fi
For other user its stored in the home directory of the user.
(.bash_profile)
[root@localhost Kamran]# ls -a
. .. .bash_logout .bash_profile .bashrc .cache .config file file1
home testfile tt .viminfo x
[root@localhost Kamran]#
And we add umask 000 value in that file
Special Permissions
SUID (4), u+s
GUID (2), g+s
Sticky bit (1), +t ( its used for shared folders and libraries)
chmod u+s game.sh ( in this case user will run this command as
the owner of the user. For example is owner is root, it will be
executed as root user)
chmod g+s oss ( when new file is generated, newly files will take
the folder ownership like shown in below example. Its user for
shared environment)
[user1@localhost oss]$ ll
total 0
-rw-rw-r--. 1 user1 user1 0 Oct 6 06:47 x
-rw-rw-r--. 1 user1 common 0 Oct 6 06:49 x2
[user1@localhost oss]$
Sticky bit +t
chmod +t oss (it will add the t bit to the folder so only owner of
the file can delete the files from this directory)
[user2@localhost oss]$ ll
total 0
-rw-rw-r--. 1 user1 user1 0 Oct 6 06:47 x
-rw-rw-r--. 1 user1 common 0 Oct 6 07:04 x2
[user2@localhost oss]$
Another userful example is set default acl for the directory. In this
case all newly created files and directories will have the same
permission options
[user3@localhost user4]$
#ifup ens33
#ifdown ens33
#ip link set dev ens33 up
#ip link set dev ens33 down
#netstat
#ss (shows open and listening ports)
Ip routing
#ip route show (is used realtime routing info)
#ip route del default via 192.168.1.2 (to delete default route)
#ip route add default via 192.168.1.2 (do add default route )
DNS
Use nmtui to set the DNS name servers. Figure 8-5 shows the
interface from which you can do this.
Set the DNS1 and DNS2 parameters in the ifcfg network
connection configuration file in /etc/sysconfig/network-scripts.
Use a DHCP server that is configured to hand out the address of
the DNS name server.
Use nmcli con mod <connection-id> [+]ipv4.dns <ip-of-dns>.
#ps –ef | head ( shws the command which makes the process
run)
[root@localhost ~]# ps -ef | head ( addtionaly its show PPID
which means parent process id )
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 14:12 ? 00:00:02 /usr/lib/systemd/systemd -
-switched-root --system --deserialize 21
root 2 0 0 14:12 ? 00:00:00 [kthreadd]
root 3 2 0 14:12 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 14:12 ? 00:00:00 [kworker/0:0H]
root 7 2 0 14:12 ? 00:00:00 [migration/0]
root 8 2 0 14:12 ? 00:00:00 [rcu_bh]
root 9 2 0 14:12 ? 00:00:00 [rcu_sched]
root 10 2 0 14:12 ? 00:00:02 [watchdog/0]
root 12 2 0 14:12 ? 00:00:00 [kdevtmpfs]
[root@localhost ~]#
Memory usage
#free –m (shows RAM status)
[root@localhost ~]# free -m
total used free shared buff/cache available
Mem: 1839 249 1384 8 205 1411
Swap: 2047 0 2047
[root@localhost ~]#
Performance
#uptime (shows last 5, 10 and 15 minutes number of ran tasks on
cpu)
[root@localhost ~]# uptime
15:13:18 up 1:00, 2 users, load average: 0.02, 0.02, 0.05
[root@localhost ~]#
#top (is used to monitor the performance load)
After top command press f and select option to sort top result
We use kill command to kill process
#kill -9 2288 (it directly kill the process)
#kill -15 2288 ( it sends termination signal to kills process. In this
case it also cleans the system)
Process can be killed in the top command
#top
# then press “k”
#pkill cron (it kills the processes by its name )
#killall -9 dd (it’s the same with pkill and kills all processes. Efore
using it need to install psmisc”yum install psmisc”)
In RHEL 8 new topic has come. Its called tuned which used to
select desirable profile for system performance
#yum install tuned
#systemctl status tuned ( to see its status)
#systemctl enable –now tuned (to enable tuned )
#tuned-adm active (to see current activated profile)
#tuned-adm recommend ( to see recommended tuned profile)
#tuned-adm list (shows all listed profiles)
Changing priorities:
Systemd Units
The major benefit of working with Systemd, as compared to
previous methods Red Hat used for
managing services, is that it provides a uniform interface to start
units. This interface is defined in the
unit file. Unit files can occur in three locations:
1. /usr/lib/systemd/system contains default unit files that have
been installed from RPM packages.
You should never edit these files directly.
2. /etc/systemd/system contains custom unit files. It may also
contain files that have been written
by an administrator or generated by the systemctl edit command.
3. /run/systemd/system contains unit files that have
automatically been generated.
If a unit file exists in more than one of these locations, units in the
/run directory have highest
precedence and will overwrite any settings that were defined
elsewhere. Units in /etc/systemd/system
have second highest precedence, and units in
/usr/lib/systemd/system come last.
Understanding Systemd
Managing software
Yum is very useful application for application downloading and
installation
#yum repolist (it shows repository list on the internet )
#mkdir /repo
#cd /repo
#yumdownloader q* (it will download all starting packages
which starts with q)
#createrepo /repo (it will create index for downloaded files so
you will have local repository)
Yum groups
Its used to install yum groups environment
#yum groups list (Shows available groups)
#yum groups list hidden (shows hidden groups)
#yum groups install “Basic Web Server" (it will install basic server
group environment)
#yum module enable perl:5.26 (its used to enable perl:5.26
version)
YUM modules
RHEL 8 supports yum modules
#yum module list
#yum module info perl:5.26 (gives detailed information about
module)
# yum module provides httpd ( gives information where belongs
the httpd module)
RPM quey
There three RPM query exist
Repository
It query packages from repository
#repoquery cacti
#repoquery –i cacti (gives you information about package)
#repoquery –l (gives you information about package list)
Downloaded
Its used to query downloaded packages
#rpm –qp cacti
#rpm –qpl httpd (lists files from package)
#rpm –ql –scripts httpd-2.4.6 (it query script in the package)
#rpm –Uvh packagename (is used to install downloaded package)
#yum clean all (clears cache data for yum)
Virtualization
First we need to check if virtualization is supported
#lsmod | grep kvm
[root@localhost ~]# lsmod | grep kvm
Kvm_intel 183737 0
kvm 615914 1 kvm_intel
irqbypass 13503 1 kvm
if don’t have soft for virtualization need to install it from yum
groups
[root@localhost ~]# yum groups list | less
Repository 'downloads' is missing name in configuration, using id
Loading mirror speeds from cached hostfile
* base: mirror.yer.az
* epel: repos.del.extreme-ix.org
* extras: mirror.yer.az
* updates: mirror.yer.az
Installed Environment Groups:
Basic Web Server
Virtualization Host
Available Environment Groups:
Install virtualization host:
#yum groups install ‘Virtualization Host’
Or it can be installed by below command
#yum install libvirt virt-manager qemu-kvm
In addition we need virt-manager
Lets check if its exist
#rpm –qa | grep virt-manager
If does not installed lets install it
#yum search virt-manager
#yum install virt-manager
Then lets check the status of libvirtd
#df-h
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 27G 4.8G 23G 18% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 920M 0 920M 0% /dev/shm
tmpfs 920M 81M 839M 9% /run
tmpfs 920M 0 920M 0% /sys/fs/cgroup
/dev/sda1 1014M 201M 814M 20% /boot
tmpfs 184M 0 184M 0% /run/user/0
[root@localhost ~]#
#df –Th (can also be used to display mounted device size)
#findmnt (is used to see relationship betwwen mounted device)
/var/lib/libvirt/images/
After installing virtual machine we can see number of active
virtual machines
#virsh list
[root@localhost images]#
KVM Network
Once the virtual machine is created, its network configuration is
stored in below file
/etc/libvirt/qemu/networks/ default.xml
Instead of we should use below command to configure network
#virsh net-edit default
Set network type to default nat in the virtual host configuration
Each line in the /etc/crontab file represents a job and has the following format:
minute hour day month dayofweek command
month — any integer from 1 to 12 (or the short name of the month such as
jan or feb)
For any of the above values, an asterisk (*) can be used to specify all valid
values. For example, an asterisk for the month value means execute the
command every month within the constraints of the other values. A hyphen (-)
between integers specifies a range of integers. For example, 1-4 means the
integers 1, 2, 3, and 4. A list of values separated by commas (,) specifies a
list. For example, 3, 4, 6, 8 indicates those four specific integers. The
forward slash (/) can be used to specify step values. The value of an integer
can be skipped within a range by following the range with /<integer>. For
example, 0-59/2 can be used to define every other minute in the minute field.
Step values can also be used with an asterisk. For instance, the
value */3 can be used in the month field to run the job every third month.
Anacrontab ( it executes the script daily hourly weekly or
monthly)
The main conf file is stored in below path
# vi /etc/anacrontab
# /etc/anacrontab: configuration file for anacron
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# the maximal random delay added to the base delay of the jobs
RANDOM_DELAY=45
# the jobs will be started during the following hours only
START_HOURS_RANGE=3-22
#mkdir /var/log/journal
systemctl restart systemd-journald
major journal configuration is stored in below file
#vi /etc/system/journald.conf
We can specify log rotate by below configuration
It will save log files evey month and 6 months all logs will be saved
#vi /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files monthly
monthly
GPT Partition
Its not recmened to create MBR and GPT partition on the same
disk it will result lost data
To create GPT partition follow below command
#gdisk /dev/sdc
>n (create partition)
>p (print partition)
>w (write changes)
File system
Lets Create filesystem with mkfs
[root@localhost ~]# mkfs
mkfs mkfs.btrfs mkfs.cramfs mkfs.ext2 mkfs.ext3
mkfs.ext4 mkfs.fat mkfs.minix mkfs.msdos mkfs.vfat
mkfs.xfs
[root@localhost ~]# mkfs.xfs -L vol1 /dev/sdc1 ( it gives the
name label vol1)
meta-data=/dev/sdc1 isize=512 agcount=4, agsize=6400
blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=25600, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=855, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]#
If you do not have free disk space to create a swap partition and you do need to add swap space urgently,
you can use a swap file as well. From a performance perspective, it does not even make that much
difference if a swap file is used instead of a swap device such as a partition or a logical volume, and it may
help you fulfill an urgent need in a timely manner. To add a swap file, you need to create the file first. The
dd if=/dev/zero of=/ swapfile bs=1M count=100 command would add 100 blocks with a size of 1 MiB from
the /dev/zero device (which generates 0s) to the /swapfile file. The result is a 100-MiB file that can be
configured as swap. To do so, you can follow the same procedure as for swap partitions. First use mkswap
/swapfile to mark the file as a swap file, and then use swapon /swapfile to activate it.
Stratis Storage
Before start creating stratis need to download and install below
packages
1) #yum install stratis-cli stratisd
2) Need to enable this package
#systemctl enable --now stratisd
3) Create stratis pool to whole device
#stratis pool create mypool /dev/sdb
4) Create stratis file system
#stratis fs create mypool xfs
Boot procedure
Main conf file of boot grup is located in below file
#vi /etc/default/grup
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-
release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root
rd.lvm.lv=centos/swap"
GRUB_DISABLE_RECOVERY="true"
Then press 1
Then type below command to change working enviromentnet
#chroot /mnt/sysimage
In the next step if you want to re-create initramfs type below
command
#dracut
Or
#dracut --force
If you want to install grub menu run below command
run grub2-install to install GRUB 2 to the desired installation
device. So if you are
in a KVM virtual machine, run grub2-install –f /dev/vda, and if
you are on a physical disk, run grub2-install –f /dev/sda.
Target
System have 2 tyoes of target:
Just a group
State of system:
State of system target define the state of the system. Some of
them are listed below
Emergency
Rescue
Multi-user
Graphical
------------------------------------------------------------------------
Target itself does not know which service is required to start. But
in service configuration file have required target. Let check
#grep multi-user -- *
#vi tcsd.service
Lets dive into the multi user target and see what services are
listed there
#cd /etc/systemd/system/multi-user.target.wants
#ls
When we disable oen service with systemctl this service will
disappear from this directory
#ststemctl disable vsftpd
So it will be removed from this directory
We can query currently running target with below command
#systemctl get-default
Not only during the reboot we can set target but also can be done
when system is in operation with isolate command
#systemctl isolate rescue.target
systemctl list-units --type target ( See the list of targets)
Or
#netstat –Z
When we copy file it inherits its context id. For example if I copy
file it will be changed based on user
For example.
#ls –Z /etc/hosts
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 /etc/hosts
#cp /etc/hosts /root
#ls –Z /root
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0
hosts
SELinux Booleans
Booleans allow parts of SELinux policy to be changed at runtime, without any knowledge
of SELinux policy writing. This allows changes, such as allowing services access to NFS
volumes, without reloading or recompiling SELinux policy.
#sealert
DocumentRoot "/web"
<Directory "/web">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
#systemctl restart httpd
#elinks http://localhost ( in this calse we can see that its not
opening)
To analyze the issue lets check audit.log and /var/log/messages
#grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1574610181.429:207): avc: denied
{ getattr } for pid=2816 comm="httpd" path="/web/index.html"
dev="dm-0" ino=17058779
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:default_t:s0 tclass=file
permissive=0
type=AVC msg=audit(1574610181.430:208): avc: denied
{ getattr } for pid=2816 comm="httpd" path="/web/index.html"
dev="dm-0" ino=17058779
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:default_t:s0 tclass=file
permissive=0
[root@localhost web]
Firewall
[root@localhost services]# firewall-cmd --list-all ( it lists firewall
services)
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost services]#
Firewall system default service files are located in below directory
and they should not be modified. They are default services
/usr/lib/firewalld/services
#firewall-cmd --get-services (see currently available services)
#firewall-cmd --list-servies (see currently applied services)
Its better to create own service file in below directory
#cd /etc/firewalld/services/
Lets test creating customized firewall file. For that its better to
copy one xml file from /usr/lib/firewalld/services/ and paste to
/etc/firewalld/services and then modify as required
1) #vi kamran.xml
Samba Integration
Before installation of samba we need to install samba related
packages and cifs protocol utils. Samba use cifs protocol which is
developed by windows system
#yum install cifs-utils samba-client
SMB service is activated on my NAS server so from linix we can
explore what its offering
#smbclient -L 192.168.1.100 (it shows SAMBA shared directories)
smbclient -L 192.168.1.100
Enter SAMBA\root's password:
Server Comment
--------- -------
Workgroup Master
--------- -------
CHINA K80044720
WORKGROUP KAMRAN
So we will connect Qbittorrent Disk from RH
Lets temorarly mount samba to the root /smb directory
#mount –o username=admin //192.168.1.100/ Qbittorrent /smb
Or
#mount –t cifs –o username=admin //192.168.1.100/ Qbittorrent /smb (it
tells to use cifs protocol to mount but mount command is enough smart to
discovery mounting type)
#mount –a
#mount
#df –h
[root@localhost /]# df -h
Kisckstart menu
Before starting lets install kickstat package
Kickstatr configuration file is located in root directory
# vi /root/anaconda-ks.cfg
#yum install system-config-kickstart.noarch
Its graphical configuration utility. By running below command we
can start graphical configuration windows
#system-config-kickstart
After configuration we can save it from file menu on the top
While installation, we can specify installation URL by typing
ks=ftp://192.168.1.100/kickstart.cfg