Linux Notes

Find the name of the computer and the OS version running- uname -a

Gnu =- model environmentAll commands are case sensitive ex….date is usable whereas DATE gives an invalid commandFiles that are named the same with different cases can have multiple files –not asking to overwrite them.

Pwd – shows the full path (where current location in the file system (print working direcoty) ~= home direcorty (your home direcotry Jack@opensolaris:~$Ls = dir = list structureRedirection >creates>> appendsPwd > path.txtLs >> path.txtCat path.txt ---use cat to view a text file

LS > error.log _won’t work cuz in caps but creates the file anyways

LS &>> error.log ---directs the output and any errors that are found (edits cuz of two >>)Taking a file of commands to do editing and then another file to do editing use a < sign to run a list of commands on that specific text file(could use a wild card to repeat for a certain length of time)

Pipe | - takes the output from the command and is used for the input for another --chained togetherLs /etc | grep zone (grep sorts by the file name) page 15 and 16

File Combining Commands● cat● join● paste

preexisting files and joinging themcat error.log path.txt (combines them to screen output)cat error.log path.txt > erpath.txt (outputs to erpath.txt file to create)

joining files based on the fields using join commandcreates 1 file with what field you wanted to use

paste – paste will paste the lines side by side

shells ---BASH/2/tcl/korn/and more Page 4-5 syntax is the difference between the shells

-changing shells through the environmental variable (to change just type sh, ksh, to exit back to default shell type “exit”

VARIABLES ---ALWAYS STARTS IN $ AND ALLWAYS CAP ($VARIABLE)Internal commands for external

-externals don’t work unless added executables-internals –change directory (cd)Cd .. takes u up a level to root

Absolute path – starting from the root and working downRelative path—where located

Root/jack/etc/usb from usb to jack from absolute = cd /jack or cd ~Relatively from usb to root cd ../../jack

Date commandCal command (cal 0, cal 9999)Uptime ---neat command

Command line manipulation*The tab key auto completes for you (could list available options for you if more than one is available)*To jump to the beginning of the command type CTRL+A…..CTRL+E goes to the end*CTRL+T = switching letters with the next letter (transpose)*up arrow has stored history command

-view history type history (must execute it to have it stored in history)*change the case of a letter –hit esc +l/u

man pagesman ls -(tells what ls does)can also use ls –help (dash dash help) –auto scrolls and what fits on the screen ---man ls scrolls

to hide a file in linux (types ls does not show up) just add a . in front of the file (H attrib in DOS)

transforming filesexpand – dashes to tabsod (optil format of a file) ----- od error.log - can be used to view file instead of opening up a virussort --- sort contents by ascending/descendingsplit - -- two joined files split tac --- reverse of cat (show text reversedtr --- does changes for you…… change o’s to capitol Os by “tr o O < erpath.txt” –can be used in a menu to change from a cap to a lower case

-change spaces us tr “ “ _ < erpath.txt ------could also change words and does a one to one and has a character to character match upFile-Transforming Commands

● expand● od ● sort● split● tac ● tr ● unexpand ● uniq

INSTALLING UBUNTUCreating an ubuntu partition ---can use ext3 and resiser preferred Mount points can select (need 2 min----root and swap

TEXT FILTERSfile viewer filters-head (first 10 lines of file)-tail (last 10 of file)-less (shows file based on pagents (click for next page))

File-Formatting Commands● fmt ● nl ● pr

File-Summarizing Commands● cat ● wc ------wc test.txt ---shows lines words and characters can use switches /l/c/w (line

characterword)

Understanding Regular ExpressionsUsing grep ---get regular exression (ls | grep zone) can also be used in a file ( cat test.txt | grep )—case sensitive can ignore case by using “grep –I”Using sed --- search and replace (

Vi Modes –page 33 -------dd cut and paste(delete 5 line 5dd-deletes following the curser) ---yy yanks Basic Text Editing ProceduresSaving Changestouch file.txt (creates blank file) pico file.txtnano file.txtvi file.txt----all allow to create blank files

-could start the file and then save latersudo gedit /boot/grub/menu.lst –graphic editorinsert mode = i or asave shift +: plus qsave shift +:w or q (write)

nano/picoto save hit ctrl +o

sudo apt-get install lynx (text terminal html viewer

ifconfig ---ip address of the pc on your machineifconfig |grep eth0 ---only shows eth0 addressifconfig eth0 | grep “inet addr” | cut –d “:” –f 4 | cut –d “.” –f 3 |tr 2 5

grep- gets expression or a specific …..grep –I (ignore case)--ifconfig eth0 | grep –I “mask”

*****do a “sudo” with a command to get the righ permissions

sed – is a search and replace tool sed “s/2005/2006/”

*****To quite an app just type “q”

Examining Process Lists● Useful ps Options—type “ps” to view the process

● man ps● ps –e = all process ● ps –eu (what users spawned the process)

● ps –au (same but cleaner and bad syntax cuz they don’t want the dash)● this is just a snapshot of right now

● ps -aux | less (all and can also scroll cuz of the less command)● top (program that shows real time output of process usage) just type “top”● kill (command that kills a process)--#9 signal

● need the process id from ps –eu● kill -9 <process id>● kill –s kill <process id> ===same way● man kill for signal list● signal #15 (gracefull kill process)● to kill many (all with vi) “killall –s kill <process> or killall -9 <process>

● vi somefile.txt & ===execute the file but do it in the background with the ampersand● to see backgrounded processes just type in “jobs” ===show what are running and

what they are● to bring to front just type “fg” and then the process id or “1”

● Interpreting ps Output● top: A Dynamic ps Variant● jobs: Processes Associated with Your Session

environment variables-“env | less” –shows all variables for the environment-echo $PATH (shows your variable)-“ which ls” ---shows where ls is located to run the ls command

-this is in the path environmental variable-to change prompt “PS1=”this is my new prompt>”$

set variable = to the value***if changed it won’t save it by default

--you have to export the variable out as a permanent change in the system(for any of the variables)

----can be customized through login scripts (bash.rc and .profile files can be changed)

More Commnads“who” ---displays all users connected“whoami” – who u are“finger” –shows users login information, whne logged on, idle information, “id” –shows user id, group id and all the groups u are associated with“`” –ticks ---echo Today is `date`

--outputs what u have ---treats it as a command and not as a word during an echo--used for a banner system

--date;who;finger (can execute commands in scsession not like a pipe

HELPman ifconfig (man pages of ifconfig)man passwd ---help man 7 undocumentinfo ifconfig == man pages of ifconfig not formated like the otherwhatis ifconfig ----short snipet that tells u thiswtf—same as if config

sudo apt-get install bsdgamesman –k password (will search all man pages for the phrase )man –k pasword | grep –I changeapropos password ==same as man-k

fortune command with different switches

If you get an error while doing an apt-get for the dependencies you can then do a dpkg –f (this will resolve the dependencies and pull them down)

BECOME THE ROOT USER Become the root user by typing su –

To install KDE With gnome typesu – yum install switchdesk

yum groupinstall “(KDE Desktop Environment)”

switchdesk KDE

Task: To switch from GNOME to KDE, use the command

$ switchdesk kde

Task: To switch from KDE to GNOME, use the command

$ switchdesk gnome

Startx ==Boot into GUI

logout of the GUI to get the shell prompt

poweroff ===computer shutdown in command prompt

| |

CH-8-names must start other than with a number-names are also case sensitive just keep them all lower case-passwd gives list of users |less (more)……. edit /etc/passwd or /etc/group

--to view the password go in as root user---less /etc/shadow ----most distros will not use this file

pwconv --- command takes the passwords in the password file (public /etc/passwd ) and puts them in the shadow file (admin only)---------- not all distros put the files in a shadow copy

to view groups just types groups id –shows groups memberships and group id informationnewgrp –will change your primary group for the session (group that you’re a member of)

creating users-useradd

less /etc/login.defs ----parameters stored for user accounts (warning levels – password settings)----this is the default settings for new user creation

user IDs will increment in that file with the creation of a new user

when a new user is created and you don’t create them a folder to store stuff they get dumped into the root (option in the login.defs file

etc/default/useradd-used when creating users-default home directory-password expirations

ls –l /home (home directories stored)to create a user and the home directy at the same timesudo useradd –m –p password test3 (creates account but not the password) ---need to use crypt to create the encrypted passwordpasswd test3 <enter><then enter user password>to set the shell to bash need to use useradd –s bash

su – test 3 (switch user and keeps other settings)----exit leaves that session

delete a useruserdel – (-f =removes all files even not belonging to them)this gets rid of the users ownership of files can do a useradd –u 1004 test5

-as long as same id takes ownership of file

do a ls –l /home/test5 ----shows user5 files

search files for all files with user id 1002 and change the ownership of all the filessudo find / -uid 1002 (starts at the root of the file system

how to have a user take ownership of fileschown (change ownership)sudo chown test `find / uid 1002` ---changes the owner ship pf test files

passwd -page 390passwd –l test (locks the user out by adding an exlamation point in fron t of the hash)passwd –u (unlocks and removes the ! mark)passwd –s (username, created, pass info -> info about the user)

usermod (modify user credentials)change shell to bash by sudo usermod –s /bin/bash <user>

to edit passwd file to change settingsnano /etc/passwd

-can change user settings that way (from shell to bash that way)

**never logon as root on a linux system (use sudo/su to do that)might need to do a sudo su –

root account id account is 0 and gip is 0

-can use the passwd file to take ownership/create another root user account-just change the number to a 0 account -can also lock out the other root account and just use that one

rm –rf *.* ===kills system

chage –l (show information about last changed passwd, expires and when, can not view someone else’s without admin privey)chage –h = help for that passwordchage –E 2008/10/08 test (sets the account expiration date for the test user)sudo passwd –e test (sets the password to expire and must be changed at the next login)

groupsusername and group names can be the same and are created when you create a single user accountgroupadd – creates group

-f (tell me if suceeded even if the group already existsgroupadd linux admins

less /etc/group ---stored group information

groupadd –g 1200 <group name> (this sets the group ID)---good because you could mix them up with permissionsgroupdel to deletesudo groupmod –g 1200 linuxadmins (changes the group id for the group)to add accounts to the group with usermod

- usermod –G <usergroup> <user to add to the group>- for multiple users and edit the fiel directly (/etc/group)

can put passwords on group memberships- gpasswd (same as passwd for users except for groups)

o sudo gpassword linuxadmins- passwords stored in /etc/gpasswd- also in /etc/gpasswd/gshadow-

find / -gid 1004 ==group id search

chgrp ----same as chown for users

Log Files

syslog === is a daemon that runs on a linux system (it runs in the background task service)

-to verify the service is running you can do a ps –e to view everything-ps –e |grep –I syslog search processes for syslog process

-/boot ==boot files-/bin ==binary files-/sbin ==security files-/var ===files of variable length (log files) files that are not of a fixed file size

-/var/log ==log-ls –l /var/log ===all log files-syslog config file that the syslog reads where to put logs in the log location

less /etc/syslog.conf ====where the configs are stored at -debug, info, warning, warn, error, e(there is more) page 403 for valid facilities and

priorities-in that config you can man syslog.conf ---where to write the log file for what log to

create**best thing to do is to put the /var file on a separate partition (the only other requirements

are / & Swap) –so the files don’t get incredibly bigoryou can rotate the logs

there is a program for logrotate -syslog rotate uses less /etc/logrotate.conf --check book with it-can use compression (do a man for help)-has a good timestamp for that log (make sure that your time is RIGHT dammit) date command---can use an NTP to mitigate end users from change time and screwing up the logs

-NTP client for end systems-Can get a public server by browsing the web-Strata is the chain of command(strata ---atomic clock), strata 1 ---below level (server),

-each server can deliver time to a level of users-each level increase hearts your accuracy-some are hard to access

-need to install ntp- /etc/ntpd.conf file after you install ntp

---page 417 NTP configuration

cron is a scheduler (keeps a cron tab) –nano /tmp/crontab file to edit and add –page 418-could also use anacron –help page 423-at command does things at a specific time then redundant operations like cron

-at can execute based on a file (at –f /home/nate/commands.txt now)

BACKUP

Tar-----compression ---backup files tar can decompression and gzip zipstar –help page 427-248to create an archive of all text files in home diretar -cvf (compress, verbose, file) txt.tar *.txtrm *.txt= delete tar –xvf txt.tar(extract, verbose, file) ----but leaves the tar file therels –l txt.tar

gzip=compression utility (lz77 coding) 60-70 compressiongzip –helpgzip –c (create)gzip -c txt.tar > tar.txtgunzip to unzip filestar –zxf(decompress(gunzip), extract, from file) txt.tar.gzpage 429 – 430 CPIO zipping –similar to gzip

dump and restore ==backups

dump ---backs up the entire file system and pulls to the inod( pointer to the file and tells you about the permissions)

restore function of dump you need to restore (dump from ext3 need to dump back to ext3 system)cannot be used for any other utility (only eft2 ext3)-not the best one to use

dd (does lower level backup than dump) – does bit level copy bit by bitexact copy of a partition/drive everyting (dd will copy the entire partition even if it is not being used (free space))

--if you need to backup files and directories just use tar--dd can be used to create ISO images--mount cd --dd if=/dev/scd0 of=kubuntu.iso--dd if=kubuntu.iso of=/home/nate (copy to a folder)--can be used for forensic purposes (never work on the actual device (make a copy with dd)--man dd (lots of specifics)—no trunk (is a good one – doesn’t cut off the output ), no error

(ignore errors)barracuda is a backup prog that works good for linux

Page 134 – Partitioning – Page 138 has a chart

/dev devices

/dev/sda – scsi hard drive/dev/hde – could be the eide drive(all treated as a file)dmesg |less ---shows us what you see as boot (what folders/hardware u got)mount shows what is currently mounted in the files system

Linux partitions /dev/sda1=C: --linux knows it has the potential for 4 primary drives (so it reserves 1-4/dev/sda5=D: (that’s why you start at 5 for an extended partition)

when creating the partitions you specifiy mount points (see chart in the book)-minimum you need the root and the swap (swap = double size of your ram)

example30GB HDwant /= 10GB—make it a primary drive- Reiser/home=10GB user data stored (backups, security, maintenance (need to unmount a drive), --logical drive—ext3/srv=7.2GB--logical drive--resier/var=4GB--logical drive---ext3/swap=1GB, don’t need a file system (own thing) ---create first since it’s at the beginning of the drive=speed----make a primary

-if not specified they go in the root

- this helps when upgrading the system(only updates the core mostly so it doesn’t touch the other files)

-next you want to chose the file systems (ext3 good cuz of journaling, & Reisor, hfs, -only reason to keep fat partition is for legacy machines, dual bootage

on v-box go into pae and enable that

sudo fdisk –l (shows the partitions)sudo fdisk /dev/sda (how you get into fdisk in linux)

-type h for help

Chapter 4- undelete

tuning the file system

-man dumpe2fs (gives information about the file system) ext2/3 file systems only –page163-sudo dumpe2fs /dev/sda5 (gives drive information) use –h option for simplification

*I-nodes definition get it (more information to something) data stored that point to the journal

tune2fs (setup when to do tuneing on the file system ----only works on ext3-c = adjust the amount of mounts before doing a file system checksudo tune2fs –c 25 /dev/sda(and then drive number)sudo tune2fs –C 26 /dev/sda5 ---next boot on the 26th time will cause a file system check

debugfs (recover deleted files) page 165 (undelete <inode> and then the name)-man debugfs - cool toolsudo debugfs /dev/sda5

-then do a lsdel (findout what was deleted) lists deleted i-nodesls – file.txt (shows the inode)then do a rm of the filethen enter sudo debugfs /dev/sda5

---lsdel

fsck – file system check----file system check can be done now!---but you must unmount the drive first-fsck .ext3 /dev/sda5-check fsck parameters

> # mkdir /media/cdrom> # mount -t iso9660 /dev/cdrom /media/cdrom>ls /dev/sd*

1) mount -t cd9660 /dev/cdrw /mnt/cdrw

2)mount -t iso9660 -r /dev/cdrom /mnt/cdrom

sudo mount –shows all the mount pointsumount

sudo umount /dev/sda5 ---umount the / drive ---can’t do that to the root drivecd / ===leaves that direcoty-then do a sudo fsck.ext3 /dev/sda5(need to unmount before checking the “/” drive) then to remount sudo mount

/dev/sda5

pages 173-175----mounting drivesdrives (usb/cds will be mounted under /mnt/<media> dvd, disc(older) newer ones are /media directory (iso9660) /sde/sed0 ….so you need to type mount –t filesystem /dev/scd0/<cd, dev>

less /etc/fstabsetup with the file not to automount---can change the parameters -look at page 177 for other functions and able to mount other devices

to mount the disc then….mount /dev/scd0 /medi/cdrom0cd /media/cdrom –to browse filesto unmount do a cd.. (get out of the directory)…..then unmount /dev/scd0 /media/cdrom0

Permanentaly mount file systems (page 177)

df –h /dev/sda5 (shows drive statistics for usage)---shows disk usage for the entire disk (used/available)or just df –hdf

du shows how much a user is using (sudo du-h /home/) shows who is using what and where

sudo shutdown –h now

sudo tune2fs –l /dev/sda5 (home (ext3))-shows mount count and max mount count (shows when check disk will be ran next)

can manually change the mount count with sudo tune2fs –C 20 /dev/sda5 (sets the current mount count to 20) (lower case c sets the maximum)

can add a journal to this

****ls on next test –know all switches

ls –l file?.txt-will display anything with file

ls –l file[12].txt-so if you have a file 12 then it won’t display it

ls –l file[1-100].txt ----only looks at the first field (so files that start with 1)each [] box = 1 character

soif you do ls –l file[0-9][0-9][0-9].txt

--then this will find file100.txtls –a ==shows all hidden files, including .dot files

-A ==almost all man ls to see

ls –d shows directories ls-l (shows most parameters of the file)ls –p /home ---shows directories ls –R /etc/-----recursive directory listing

--can also use wild cards with any other command

copying files

mkdir ZOMGcp file1.txt ZOMG/cp file1.txt ZOMG/file1.bak ((transfers file data from fil1.txt to .bak file)

if you sudo it it will have the creator of the file as sudo o to preserve the files use a –p to preserve the file o –r is a recursive copy

cp –R newdirectory/ newdirectory2/ movingmv file.txt newdirecory/

-look at switches perameters

renaming files can do a move with a renamed file mv file1.txt file2.txt

deleting files rm file.txt (-I asks if you are sure you want to delete the file) to delet the directory rmdir –r (removes subfolders)

Touch touching changes files to the present time touch –c filex.txt ====this will not create the file if it does not exist

links ln file100.txt file100link.txt (created a hard link to that file)

o if edit the link file (file100link.txt) the target gets updatedo if the target is edited the link also gets updatedo ***they are linked together INODES point to fileso to verify you can ls-i o actually 2 separate fileso if target is deleted the other will still worko work on the same file system (ext3 to ext3)

ln –s file2.txt file2link.txt = symbolic link…use more common

o if you do a ls -l is will show that it is a (L) in the first paremetero edititng the target updates the link fileo ls -il file.txt (to see if they share an INODE)o if target is deleted the link is broken and it thinks it is a new/empty file then o go across different file systems (reiser to ext3)

collaborative work/backups

chown --file ownership sudo chown root file1.txt (root is the owner) sudo chgrp root file1.txt (changes the group to ) sudo chown root:root file2.txt (makes user and group the owner)

permissions3 main

read(r)---read contents but can’t traverse the directory (need the execute) write(w) -----just write permission you can’t modify the contents of the file execute(x) ls-l ----shows directory and permissions -rw-r--r--

o first - = type = file look at page 189 for a list of what these are next 3 (rw-)=owner permissions (u)

next 3 (r--)=group permissions (g)o last 3 (r--) = (o) others- everyone elseo (a)=all users

symbolic (r, w, x) octal (421/rwx) to change permissions

o chmod(change mode)o to add execute permission for the owner +x=add, =x = set it too, -x takes it awayo chmod u+x file3.txt (user gets the execute right to the file)o chmod u-x file3.txt (takes away the execute right to the file)o chmod ug+x file3.txt (user and group now has the right)o chmod g+w,g-x,o+w file3.txt ----symblic method (+=or - commands can be used)o -rw-r--r-- file.txt to thei -rwxrw-rw- ….you can use chmod a+w,u+x file.txt or (could also

use the = to set the permissions exactly the way you want them do this by chmod

o -rwxrw-rwx want to be -r--rwx-r--

chmod u=r,g=rwx,o=r file.txt chmod u-wx,g+x,o-wx file.txt

o octal format (0-7) 76543210 = 8 options

r=4 w=2 x=1 total=7 777=directories 666= files default permissions are set by the umask just type umask 0022 output umask takes file permissions away not add file permissions

so 777/0022=755…….666/0022=644 umask 0055 now new files created = -rw-r--r--

o if changed it only stays during the session of the terminal chmode 760 file1.txt *****look at notes on the paper

Because it is binary, the permission information can be expressed as a single 9-bit number. This number is usually expressed in octal (base 8) form because a base-8 number is 3 bits in length, which means that the base-8 representation of a permission string is three digits long, one digit for each of the owner, group, and world permissions. The read, write, and execute permissions each correspond to one of these bits. The result is that you can determine owner, group, or world permissions by adding base-8 numbers: 1 for execute permission, 2 for write permission, and 4 for read permission.

attributes - extensions to the permissions (read only, compress) on page 198o -rw-rw-r-- file permissions on a new file o lsattr cmd to view the file attributeso chattr - change the attribute

chattr +i (immutablegoes beyond disableing writes (can’t be deleted, renamed and edited) file.txt

not even root can change stuff on files marked with a -i root can take the attribute away from it (permissions need to be the

owner, root for the attributes) Special permissions (3)---can be set symbolically-page 194

o suid-set user id=4or +s--goes in the owner when a user executes the file, it will be executed as the owner of the file

(Lending permissions ) originall file is 766 so to add special permission you need to chmod 4766 file.txt

o sgid-set group id=2 or +S ---goes in the group when file is executed use the groups ID - run as the file with 766 permissions…to add sguid chmod 2766 file.txt

adds an “s” to the ls-l view of permissionso sticky bit=1-----only works on directories or chmod newdir o+t

any files in the directory can only be deleted by the root, owner, owner of the directory

only works on directorys mkdir newdir (makes directory) current permissions are 755 chmod 1755 newdir adds a t to the ls-l

Chapter 7 ---page 332

Man pages-apropos lets you search the man pages for key words-man -k (uses approrpos to search a man pages)info passwd (similar to the man command)-man pages stored in the man path

-it’s in /etc/manpath.config-used by the man command-could use the man path to your home directory if wanted to

-man --path (then put in the path to your man pages (this is temporary))or-could man and then put in the entire path to your man pages

-readme files comes with most applications that are installed with the linux platform baseless /etc/issue ----this is the login heading on the computer (could be used to say anything) (local machine)

-\n = computer name-\s = OS name-\m = platform -\t = time====*****Know the switches

The /etc/issue and /etc/issue.net files support variables that you can use to substitute information that might vary from one login to another or from one system to another (thus enabling you to use one file on multiple systems). These include \n (the computer’s hostname), \r (the kernel version number), \s (the OS name—Linux), \m (the platform, such as x86), and \t (the time when the message is printed).

less /etc/issue.net ----(prompt for when the users telnet into that PC)--does not effect SSH when used ---have to change something under ssh first

less /etc/motd ------this is the message of the day that can be changed and edited (don’t use welcome--not invited-----policies and far use)

bashrc ----is a login script file ----is a hidden file ---and effects the machine globally

when the machine is shutting down (know shutdown switches)shutdown -r 10 (tells machine that it will shutdown in 10 minutes) “machine is shutting down

go away” - displays the message -h-halted or poweredoff-hit ctrl+c to abort the shutdown command

built in fire-wall with built in ip tables with chains-can permit and deny access to specific services-these are software ports to services running on the machines (SSH - port 22, web-80, blahblah,

20-ftp data, 21-ftp setup connection)-less /etc/services -----file tells you the well-known port numbers-know pages 341-342---mainly look at that file knowthem!!!- can do a less /etc/services |grep <and then the numbers and stuff>

Firewallsbuilt into the linux kernel-firestarter is a gui for a firewall program that can run on linux

-have linux ip tables witch include chains and statements that either deny or allow trafficin a packet you got a source address,src port (greater than 1024), dest address, dest port..less than 1024

to view tables do a sudo iptables -L-if table type is not specified (you have 4 tables) your gonna view the filter table-prot (protocol)-opt (options)

-the other tables include the NAT table (pre-routing chain)-NAT post routing chain-NAT output chain-also have a mangle table (same chains as nat)-also have a raw table

-each chain has a default possible (accept) for input, forward, output tables-input chain (deals with local services) allowing other to access specific ports on your machine-output (remote services) denies your output-forward chain (deals with routing- packets that route through your device(a go between))

-default is to accept all packetsdrop -----check book for other and further details

--packet will drop and sender will not know it was droppedblock--drops packet and notifies the sender

sudo iptables -t nat -l-will show the iptable nat

sudo iptables -t raw -lsudo iptables -t mangle -l (this is to view the tables)

to create a table you need to get rid of all the contents in the ip tables-iptables -t filter -F INPUT-you can also do a -P to change from drop to accept or v/versa

page 348 in book sampleiptables [-t table] -A CHAIN selection-criteria -j TARGET

sudo iptables -A INPUT -p tcp --dport 445 -s 172.24.1.0/24 -j ACCEPTo TABLES DO NOT GET SAVED AFTER A REBOOTo iptables -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j

ACCEPT This gives a port range

these chains are searched top to bottom like an ACL 347 for what all the switches know the iptable switches through the chains you can track the counters and see what people are hitting (iptables -z

resets them) need to automate this to save the entries through a script

o create a new file called newfire.sco then open an editoro make the script on page 351 but you need to change the permissions so that everyone

can use it everyone needs execute so chmod 755 newfire.sc (was 644 but you want to add the execute command

to everyone so it becomes 755 after that ) or can do a chmod a+x newfire.sc to automate can type sh <filename> could also do a path ./<filename> exec <newfile.sc

all executes the fileo now you need to execute this fileo ls /etc/rc3.d/ (contains a bunch of soft-links)

this folder is like a startup folder can use the /etc/rc.local

-make sure that it is executable add your file location at the end of the file use pwd command to view the current directory

Configure the system to run the firewall script at startup. This can be done by calling the script from a local startup script (such as /etc/rc.d/rc.local), by creating a new SysV startup script that calls the firewall script, or by replacing an existing firewall startup script with a call to the new one.

TCP Wrappers is configured through two files: /etc/hosts.allow and /etc/hosts.deny. The first of these specifies computers that are allowed access to the system in a particular way, the implication being that systems not listed are not permitted access. By contrast, hosts.deny lists computers that are not allowed access; all others are granted access to the system. If a com-puter is listed in both files, hosts.allow takes precedence.---so if ur in bot files ur allowed.Both files use the same basic format. The files consist of lines of the following form:

to view syntax type less /etc/hosts.allow

If UR not usting something…shut it downto stop services that u r not using do a sudo /etc/init.d/apache2 stopto view the services you can un netstatnetstat -ap | less

to view any unnecessary services that are runnin on that machine sudo apt-get install nmap also can scan

o nmap -sT <IP>o shows what is active on that pco nmap -sT teela.rodsbooks.com (port scan to the target PC/addy)

can use find to lookup files with sgid or suid find / -perm +6000 -type f (page 361 for more info) Find scripts that are executed by another user and want to know which ones are

Chapter 2 .rpm - red hat packages--fedora

o use to compile ito now just yum -i

.deb - ubuntuo same wayo now used apt-get install

sources.list

located /etc/apt inside the file it has links/repositories where the files may be located

at if you have something that is not in the list you need to put in the

repository information so you can find ito if the file is edited you need to do a sudo apt-get updateo updates package list and redoes an index of that file

information can convert between the 2

o

can go to http://rpmfind.net to get the packages that you want to search foro wget (allows you to download the package as long as you have the direct link to ito wget <direct link address to rpm file>o http://rpm.pbone.net/ another good search areao can also get a converter between debian and rpm

also can use http://freshrpms.net/ once you get the rpm downloaded you need to install it with the rpm command

o man rpmo know switches for the RPM commando to install must be rooto find out if thunderbird is installed or not 1st

o rpm -q thunderbird can use a -i to do an installation of thunderbird rpm -i /home/nate/thunderbird……rpm

can also do a rpm -ivh (install,verbose,show hash indicating installation) /home/nate/thunder…….

this shows that the installation takes place to uninstall do a rpm -e <package name> to upgrade type rpm -Uvh <package name> uninstalls old and replaces with the

new one if trying to install a older over a newer it will tell you it looks at the database (rpm -qi <package name>)

o can use cpio to view the files within the rpm package fileo might need to do a rpm --import

This program takes a single argu-ment—the name of the RPM file—and outputs the cpio archive on standard output. Thus, if you want to create a cpio archive file, you must redirect the output:$ rpm2cpio samba-3.0.10-1.fc3.src.rpm > samba-3.0.10-1.fc3.cpio

$ rpm2cpio samba-3.0.10-1.fc3.src.rpm | cpio -i --make-directories In either case, the result is an extraction of the files in the archive in the current directory.

In the case of binary packages, this is likely to be a series of subdirectories that mimic the layout

can build your own with the command of rpm build

***debian packages (Ubuntu)

debian packages are harder to come byo can also wget <ddl url>o sudo dpkg -i <debain package name>o to erase a package that uses a -r

sudo dpkg -r raro to see if the package is installed you do a

sudo dpkg -Ei <package name> or sudo dpkg -Gi <package name> or sudo dpkg -query -l <package name>

o debian has a utility to automate the download and application apt-get

advanced packaging tool sudo apt-get install rar man apt-get (lots a switches

removes sudo apt-get remove rar

sometimes doesn’t apt-get what u want with up to date packages also the repository suggests what to apt-get sudo nano /etc/apt/sources.list this is the repository location like virtual-box …shows you where to add the sources.list url address

just put it at the bottom of the sources.list repository MUST UPDATE THE INDEX TO GET THELIST WORKING

type sudo apt-get updateo updates the database and pulls the information down for you

sometimes need a public key to download the file sudo wget -q <address> <

o can also do a smart upgrade # sudo apt-get dist-upgrade

o can run rpms on debian system with alien sudo apt-get alien

o converts rpm debian and also backwards sudo alien <packagename>

o apt4rpm.sourceforge.net can use apt-get for RPM (red hat) system but you can use yum instead this

o sudo apt-get install dselect does the stuff that you don’t have to type in the command line gives you new stuff to install apt-get on a steroids menu driven display

Finding source codes (sourceforge.net)o freshmeat.net

files that are .tar.gz (tarballs)o wget the direct fileo can gunzip and untarball it in one commando use a tar cmd

tar -zxvf (f=file, ) <downloaded tarball) it creates a new directory then run ./configure (DON’T HAVE TO BE ROOT BUT IN THE DIRECOTRY THAT IT

WAS EXTRACED IN) but i’m missing the gcc compiler fedora yum gcc ubuntu apt-get install build-essential

sudo apt-get install gcc s after running configure you can run the make file

a listing of commands for a program called make just type “make” and then ur done su -c “make install” ----type this so that you can run the program anywhere (it

copies it to a user folder so that it is available) goes to the root,makes th install and runs it so when ur at your home directory you can run the app

can’t do an rpm -q (query to see if it was installed) cuz it was not an rpm package

make clean gets rid of all the temp files that were there during installation

make uninstall deletes the program

o could link everything with sudo ./configure && make && make install && make clean && = continue if no errors were received

need libraries for programs to execute correctlyThe major administrative challenge of handling shared libraries is in enabling programs to locate their shared libraries. Binary program files can point to libraries either by name alone (as in libc.so.6) or by providing a complete path (as in /lib/libc.so.6). In the first case, you must

ldd cmd (this allows you to view what is need to run thie pgram)o ldd /bin/ls (what is required for the ls command)o sudo ldconfig

updates dll files should do this when installing/downloading should still automate this command (could use Cron job)

Chapter 9

192.168.1.12255.255.255.0e2d

Setting the IP addy on the box

/sbin/ifconfig to run ifconfig without a sudo user priv

interface eth0

su -c “/sbin/ifconfig eth0 up 192.168.1.12 netmask 255.255.255.0”THIS SETTING GOES AWAY WITH A REBOOT OF THE MACHINE

-sets it to one time -works with both fedora and ubuntu

manually configure and static saveifcfg-eth0 file

under /etc/sysconfig/network-scripts/ifcfg-eth0-edit this file sudo it bitch-Do this for fedora

IPADDR = 192.168.1.12NETMASK=255.255.255.0GATEWAY=A.B.C.D

DEVICE=eth0BOOTPROTO=staticIPADDR=192.168.29.39NETMASK=255.255.255.0NETWORK=192.168.29.0BROADCAST=192.168.29.255GATEWAY=192.168.29.1

ONBOOT=yesIF DHCP does not pull right away you need to restart the network

- use /etc/init.d/network restart

JUST CREATE 2 FILES with a static entry and dhcp entrythen copy them overcp ifcfg-eth0.static ifcfg-eth0

For Ubuntu you edit the -/etc/network/interfaces

-file nano it bitch

If you only get a loopback interface and no interface type this command Ifup eth0

# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).

# The loopback network interfaceauto loiface lo inet loopback

# This is a list of hotpluggable network interfaces.# They will be activated automatically by the hotplug subsystem.mapping hotplug script grep map eth0

# The primary network interfaceauto eth0iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1

IF DHCP does not pull right away you need to restart the network - use /etc/init.d/networking restart- used for ubuntu

like in windows you don’t need to have a DNS server for local machine connectivity - it resolves the ip to name or vice-versa for you - the /etc/hosts file is the container for the translations- there is a hosts file located on windows

for windows file you can edit C:\WINDOWS\system32\drivers\etc file to block out other webpages

could also do nslookup and then host (ip to name or name to ip resolution)- the host cmd does similar thing - host <ip or name to resolve>- dig cmd tells information about the DNS server holding these records- whois cmd all info about host and provider

linux packet sniffer- tcpdump cmd

o sudo tcpdump > packet.capture super-servers

- init.d xinit.d- centralized service- xinit.d is used for new services- cd /etc/xinitd.d- yum install telnet-server

o ads more files in folder- those files help to configure the super server- /etc/xinetd.d - with its own configuration options- route cmd shows show ip route- who shows who is connected to the box

Printing in Linux- LPD and Cups (common unix printing system)- there is a directory already created for the print queue created in the

o ALREADY in /var/spool root only has read write capabilities

- ps lets you looks for running processes and daemons on the computero could grep for that and see a specific file o to start the CUPS services

use /etc/init.d/cups restart use /etc/init.d/cups reload, start, stop

o /etc/printcat file is under etc allows you to define multiple printers to be used

- apsfilter is a text based printer setup program that you have to install this is for LDP- CUPS has a printer configuration file

o /etc/cups/printer.confo file is created by cupso default printer selectiono also uses post script printer definition file

/etc/cups/ppd printer description file cups has a web based setup under neath gui

http://localhost:631 launches the web gui can also do it via a remote printer through instead of typing the

local host command same printer type with different ip addy

edit the printer.conf file and copy and paste the contents of the file to make two printer setups within the file

edit the printer file then to make it the default printer- command lpr tells you to print the file

o lpr <printer> <what to print>Mail system

- novell groupwise mail server- linux has their own - sendmail

o SMTP transfer from server to server- fetchmail

o connects to server via pop and downloads to PC or allows you to reado can also use imap as well as pop

- rpm -q sendmail or fetchmail to see if they are installed or not- have to configure both the sending and receiving sides

o also have to take security issues into consideration open relay system(send emails from anybody)

- mail already is setupo just type the mail commando man it to know the other commands

- sendmail.mc, sendmail

----------

Apache & Samba

apache - software package that provides http service (web service)port 80- actually called httpd rpm package name (which is already installed on that system- ps aux | grep httpd (search for the apache service running which is not running

- can find where the config files are located through the rpm config packages o rpm -ql httpd | grep conf (querys for the location)o main config file located

/etc/httpd/conf/httpd.conf file the serverRoot “/etc/httpd” is where all doc files are located at StartServers set to 8 max clients set to 256 (max amount of connections it’s allowed to start) maxrequestsperchild = 4000 times 8 processes per user can set the number of listens on port 80 ---can change this port apache binds itself to every ip address in this file can also load more modules

mod/user/dir/.so (can access their own files via the web) public htm directory in home directory is a hidden directory that

you can store files you want access to. /mod_ssl.so (allows you to do secure sockets)

User apache Group apache

who starts apache during the startup process (apache by default) must run httpd as root initially

ServerAdmin default (root@localhost ---this is an email to who to send the help to)

ServerName (usually not messed with DocumentRoot (where are your webpages located at

default to “/var/www/html” -any user who has access to these files needs to have the proper rights

also change a few settings underneath that for where the webpages are located at

under the UserDir settings in that config you must enable directory index (mainwebsite as to what your index pages is called

this might have to change if you don’t have an html page ErrorLog setting shows where all your error logs are stored at

default to logs/error_log virtual host

serves up another virtual hosts like one site used for https and http

- need to start service- /etc/init.d/httpd start- anytime you change the config file you need to restart the service

o changing the port number localhost:81 nowo changing the bind through the config file with a specific ip address

- can also use xammp web server

- abys web serverSamba

- NFS (linux sharing to linux clients)- samba deals with sharing files between linux and windows - windows clients don’t know the difference- also has config files to configure- has two services

o smb - file folder printer sharingo nmb - netbioso both need to be on page 529

- rpm is - yum list samba to see where it is available- yum -y install samba (-y = answers yes for all answers)- swat is a graphic utility to configure samba GUI

o samba web administration tool- can install it via yum -y install samba-swat- need to configure and start the service- config file- rpm -ql | grep conf (no config files for samba)- less /etc/samba/smb.conf

o main samba config fileo under global settings area in that file

can put workgroup = linuxrocks (wither domain name or workgroup name ) server string = (description of workgroup ) netbios = (can be used to specify a server name to whatever)

o has further options down the config file- swat is actually a server that is controlled by the superserver- how do you know if the super server is running- ps aux | grep xinit.d- swat also needs to be checked via the ps aux | grep - /etc/xinetd.d/

o this is where files are stored as to whether or not swat is to be started or noto nano /etc/xinetd.d/swat file needs to be edited to start swat when xinetd.d startso localhost:901o need to restart service

Typically, typing /etc/inetd.d/xinetd reload or something similar will do the trick.

- webmin is a good tool instead of swat- wget http://prdownloads.sourceforge.net/webadmin/webmin-1.441-1.noarch.rpm- http://prdownloads.sourceforge.net/webadmin/webmin_1.450_all.deb

- http://voxel.dl.sourceforge.net/sourceforge/webadmin/webmin_1.450_all.deb - webmin is the front end to config apache and samba

o webmin uses port 10000- webmin is amazing and should be used as soon as linux is installed

o webmin stuff starts up when pc rebootso to make sure that it gets started when the pc reboots…service starts or not when

rebootedo chkconfig and has run levels o can toggle with chkconfig --level <what levels>o run level 0 = o run level1=o can look in /etc/inittab

0 This is a transitional runlevel, meaning that it’s used to shift the system from one state to another. Specifically, it shuts down the system. On modern hardware, the system should completely power down. If not, you would be expected to either reboot the computer manually or power it off.1, s, or S Single user mode. What services, if any, are started at this runlevel varies by distribution. It’s typically used for low-level system maintenance that could be impaired by normal system operation, such as resizing partitions.2 On Debian systems, this is a full multi-user mode with X running and a graphical login. Most other distributions leave this runlevel undefined.3 On Fedora, Mandrake, Red Hat, and most other distributions, this is a full multi-user mode with a console (non-graphical) login screen.4 Usually undefined by default.5 On Fedora, Mandrake, Red Hat, and most other distributions, this is the same behav-ior as runlevel 3 with the addition of having X run with an XDM (graphical) login.6 Used to reboot the system. This runlevel is also a transitional runlevel. Your system will be completely shut down and then the computer will reboot auto-matically.

o chkconfig --level 35 …somethinsdofofoaisdn

SUDOERS and the SUdoers list

sudo is a run as command

can give permissions with group assignments (wheel group is a group to give users sudo privs)

- to find out what group or groups you belong to o can use groups command o can us id command

- to create a group to be a sudo guy- sudo groupadd leehw- usermod -G leehw student12- root must edit the sudoers file- visudo command edits the list and settings

o can shange aliasso add a command

Add comment of what this does %<group> ALL=(ALL) ALL now have rights

o now when you sudo you can use your student password and don’t have to type in the root password

o also caches the password so you don’t have to save the passwordo if you sudo a su - to switch user you don’t need to enter a password if it is already

cachedo sudo su - works

- ls -a is equal to l.o these are aliaseso type alias to view themo to make an alias you type

alias ipconfig=”/sbin/ifconfig”o aliases only work for that usero only last for the duration of the sessiono can edit a file to make it static (hidden file)

nano .bashrc file stored for that particular user

o could create an alias for when creating a user and alias all the perameters to change globally /etc/bashrc this for new users when they are created

DNS - name resolutionhave the host file that does the mapping for us

BIND- burkley internet domain

ps aux | grep named-not runningBIND is the package and the service is named namedBIND is not installed so you can yum install bind

the /etc/resolv.conf file tells the client where to do lookups to - if it is then not found and passed on to another server it is in the /etc/named.conf file- zones and records are stored

SSH

HAzzaa

uses RSA keyswith asymmetric encryption with 2 keyssymmetric uses the same keyhas a pub and private keymessage is encrypted with the users public key and then uses their private key to decrypt it

can figure out if ssh is installed with - yum list | grep ssh- ssh _config-----client config (putty client setup)- sshd_config----server config

o both config files o files located /etc/ssh/…files hereo in this files can change who logs in with ssh and its setup peramerters

- to get rip of the ssh cache- rm -i ssh known hosts something - to give them a message via ssh login you have to edit the config file

whereis -----this will tell you where it is installed

chapter 6 kernel

uname -a ---tells you about the opertating systemuname ---and then do switches to find out the specifics

modules on the systemlsmod | lessfuse module lets you read and write to an ntfs partition

rmmod floppy ---gets rid of the moduleto get the module back you can do insmod or can use mod prob

- modules may be dependant on othersmodpro -v floppymodpro -vr floppy (modpro removes the module)depmod will refresh a file

boot loaders page 282

Lilo is similar to the boot.ini file in windows….dictates what file system to use

the lilo boot menu just sits there and you can change boot perameters beforebooting into the PC.- can change video settings- writes stuff into the system- lilo.conf- have to use backtrack - live CD that you can use to edit lilo- boot option tells you the name of the device and sector to boot from this computer- timeout …time it will let you wait before making a selection 1200 .10 of a second = 2

minutes- prompt brings upthe boot colon - other - - perameter to have other boot partitions that are available- read only means that the root partition will be read only- anytime you make a change in lilo you have to re-install video

o pain in the assGrub

- more commonly used- automatically takes effect with grun and doesn’t have to change anything- to edit grub you can go to /boot/grub/grub.conf- or- /boot/grub/menu.lst- the files are linked together menu.lst is a link file to grub file- you can change either one - boot parameter tells the boot partition- the default perameter is the number of seconds to wait between selecting (in seconds)- Oss in grub.conf file they are indexed by number default perameter=0 is the first HD- custom splash screen can be in /boot/grub (don’t really have to do it)

o then edit the conf fileo edit the splash image location

- lilo blows- can view the shadow file from browsing with the grub menu

kernel ring buffer- dmesg command- shows you the boot menu and what has loaded during the boot process

- 293 - 294 boot process and what it does - run levels - tells linux what features to use

o levels 1-6o page 295

0 This is a transitional runlevel, meaning that it’s used to shift the system from one state to another. Specifically, it shuts down the system. On modern hardware, the system should completely power down. If not, you would be expected to either reboot the computer manually or power it off.

1, s, or S Single user mode. What services, if any, are started at this runlevel varies by distribution. It’s typically used for low-level system maintenance that could be impaired by normal system operation, such as resizing partitions.

2 On Debian systems, this is a full multi-user mode with X running and a graphical login. Most other distributions leave this runlevel undefined.

3 On Fedora, Mandrake, Red Hat, and most other distributions, this is a full multi-user mode with a console (non-graphical) login screen. ---what we are using in this class

4 Usually undefined by default.

5 On Fedora, Mandrake, Red Hat, and most other distributions, this is the same behav-ior as runlevel 3 with the addition of having X run with an XDM (graphical) login.

6 Used to reboot the system. This runlevel is also a transitional runlevel. Your system will be completely shut down and then the computer will reboot auto-matically.

- to change the run level you can change it under the /etc/inittab file - type runlevel to see the current runlevel

o could also use runlevel --set 3 but might not save ito could use init command to change run levels on the flyo /sbin/init 0

- /etc/rc3.d- chkconfig | grep sshd

o this will show you the run levels of each configo chkconfig --level 24 sshd off (off for runlevels 2 and 4) will not start when initialized

at that run levelo ntsysv

can start services by point and click- shutdown -h now (sbin) = /etc/init0=halt(sbin)

- shutdown -r now=/sbin/init6=reboot- ------------------------------

Scripts on page 310

shell scripts can automate processes

create a shell script- makeusers.sh- nano script file

o useradd -m $1o passwd $1o mkdir /home/$1/$2o chown $1 /home/$1/$2

- need to make the file executable with the chmod 764 makeusers.sh- then do a - ./makeuser.sh $1 $2- makeusers.sh $1 $2- could also create a group make it a primary of that group- with- groupadd $1- useradd -m $2- usermod -g $1 $2- passwd $2

- condition set- touch condition.txt- mkdir condir- nano filetest.sh

o if [ -f $1 ]o theno echo “this is a file”o elseo echo “this is not a file”

- ./filetest.sh comdiro this is not a file

- functions on page 317

Chapter 5

we are using xorgx11 in the fedora environment

/etc/X11this is where the files are located

- /etc/X11/xorg.conf - this is the config file for the X environment graphics- can change the color depth- identifier is just a label- monitor is more like a video card settings- tellinit 3 ---switches to the command prompt- tell init 5 starts startx (a way to start and restart)

Remote X client- remote x clients 251- so like dummy terminals

Portmaster- have the asterisk- to make a script launch when you login you do

o bash.rc file for that usero bashrc is the login scripto .bashrco start with a case and then end with a esac (case backwards)o also use done this allows you to jump out of the script so you can’t access the linux

cmd line

=-----------------------

To view attributes you can do a lsattr