Linux Abeer

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/dfcd1b98-22b4-4
ebb-bbea-0a08aeaa0e08/Chapter8_Controlling_Services_and_Daemons.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/fe90bfdf-2a86-43
da-87b1-9ae38d9d60c6/Chapter9_Configuring_and_Securing_Open_SSH_Servi
ce.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/937d7caa-251f-4
add-b2ec-fbcd99050ad7/Chapter10_Analyzing_and_Storing_Logs.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/246b5610-af96-4
115-b109-852d181a73b6/Chapter11_Managing_Red_Hat_Enterprise_Linux_Net
working.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/bc70729f-dfbc-47
fd-850a-367e7c909dac/Chapter12_Archiving_and_Copying_Files_Between_Sys
tems.txt

Linux Abeer 1
 https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1a0b5b81-fd0a-4
83c-be2a-6b30c8087ede/Chapter13_Installing_and_Updating_Software_Packag
es.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d30f6f15-0564-4a
5f-a2f9-0f87d6066cd0/Chapter14_Accessing_Linux_File_Systems.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/f27b581d-5b02-4
af1-bd59-4c71c329d93e/Chapter15_Using_Virtualized_Systems.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/6aabc7a4-bb9c-4
4bb-b239-a4a4f11c5fdd/16-VNC.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4f2bd822-0107-4
9fb-9b6c-fb2d2572dc4a/Chapter1_Accessing_the_command_line.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/37391ec4-a68b-4
94a-832b-afbb1fa9aaf0/Chapter2_Managing_Files_From_the_Command_Line.t
xt

Linux Abeer 2
 https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e32ca4f2-7639-4
d25-bb4d-1a897dfd24cb/Chapter3_Getting_Help_in_Redhat_Enterprise_Linux_.
txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/530ea77e-35b0-4
dc7-8da5-739ea4165ff6/Chapter4_Creating_Viewing_and_Editing_Text_Files.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b547aa5a-ed28-4
53e-8389-fdd1f79b724a/Chapter5_Managing_Local_Linux_Users_and_Groups.t
xt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/9b10a7fc-47b2-4
33e-b5c0-d31b33575cb7/Chapter6_Controlling_Access_to_Files_with_Linux_Fil
e_System_Permission_s.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3fd3f0e2-c1b5-4b
83-85cf-8c1160a611f4/Chapter7_Monitoring_and_Managing_Linux_Processes.tx
t

Virtual consoles:
Alt+Ctrl+Fn
Alt+Fn (CLI only)
Alt+ -> or -<
[root@master Desktop]# chvt 6 (where 6 is the tty number)
[root@master Desktop]# tty

Linux Abeer 3
 /dev/pts/0 (Pesudo terminal screen)
[root@master Desktop]# tty
/dev/tty2 (Tele type terminal)
To use mouse in TTY envirnment, install the GPM package:
[root@master ~]# yum install gpm
[root@master ~]# systemctl start gpm

Shell basics:
[root@master ~]#clear (or Ctrl+l)
[root@master ~]#reset
[root@master ~]#ls
[root@master ~]#ls -l
[root@master ~]#ls --all
[root@master ~]#ls -a
[root@master ~]#ls -la
[root@master ~]#ls -la /home
[root@master ~]#exit (or Ctrl+d)

[root@master ~]#date --help

Usage: date [OPTION]... [+FORMAT]
or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
surround optional items
... represents an arbitrary-length list of items of that type
| means only one of them can be specified
<> represents variable data. For example <filename>

The GNOME desktop environment:(GNOME v3)

The default is "GNOME Classic", similar to GNOME 2
"Modern GNOME 3" is also avilable
GNOME help:
1- F1
2- Applications> Documentation> Help
3- [root@master ~]#yelp

Examples of simple commands:

[root@master ~]#date
[root@master ~]#cal
[root@master ~]#cal 2016

Linux Abeer 4
 [root@master ~]#cal 3
[root@master ~]#cal 3 2016
[root@master ~]#date +%R
[root@master ~]#date +%x
[root@master ~]#passwd
[root@master ~]#passwd abeer
[root@master ~]#file /etc/passwd
[root@master ~]#file /home
[root@master ~]#which passwd
[root@master ~]#file /bin/passwd
[root@master Desktop]# head /etc/passwd
[root@master Desktop]# head -n 3 /etc/passwd
[root@master Desktop]# head -3 /etc/passwd
[root@master Desktop]# head /etc/passwd -n 3
[root@master Desktop]# tail /etc/passwd
[root@master Desktop]# tail -n 3 /etc/passwd
[root@master Desktop]# tail -3 /etc/passwd
[root@master Desktop]# tail /etc/passwd -n 3
[root@master Desktop]# wc /etc/passwd
[root@master Desktop]# wc -lwc /etc/passwd
[root@master Desktop]# wc -l /etc/passwd

Tab completion:
[root@master Desktop]# pas <TAB>
passwd paste pasuspender
[root@master Desktop]# pass <TAB>
[root@master Desktop]# passwd
[root@master Desktop]# ls /etc/pas <TAB>
[root@master Desktop]# useradd -- <TAB>

Command history:
[root@master ~]# cat .bash_history
[root@master ~]# history
[root@master ~]# !88
[root@master ~]# !-10
[root@master ~]# !ls (the most recent command)
[root@master ~]# !!

Linux Abeer 5
 [root@master ~]# history -c (to clear the history)
Note: new command are loaded into buffer and shown in the history command when we
exit the shell

Ctrl+a Jump to the beginning of the command line.

Ctrl+e Jump to the end of the command line.
[root@master ~]#ls ; date ; cal
[root@master ~]#ls && date (logical AND)
[root@master ~]#ls /div || date (logical OR)
[root@master ~]#ls /etc/passwd
[root@master ~]#head <ESC>. (to use the last argument)
best wishes:
Abeer :)

Chapter 2

Absolute paths and Relative paths:

-For standard Linux file systems, the path name of a file, including all / characters, may
be no more than 4095 bytes long.
-Each component of the path name separated by / characters may be no more than 255
bytes long.
[root@master Desktop]# cd
[root@master ~]# cd /root/Videos
[root@master ~]# cd Videos
[root@master ~]# pwd
[root@master Videos]# cd /root/Documents
[root@master ~]# cd ~abeer (go to the home directory of the user)
[root@master abeer]# cd - (go to the previous directory)
[root@master abeer]# cd .. (up one level)
[root@master abeer]# cd ../.. (up two levels)
list files:
[root@master ~]# ls
[root@master ~]# ls -l ~ (long list)
[root@master ~]# ls -a (all files and directories including hidden ones)
[root@master ~]# ls -la
[root@master ~]# ls -lh (human readable)

Linux Abeer 6
 [root@master ~]# ls -R (Recursive)
[root@master ~]# ls -t (access time)
[root@master ~]# ls -r (reverse order)
[root@master ~]# dir
[root@master ~]# dir --color

========================================
Creating files:
[root@master ~]# touch file1 FILE1 (case sensitive)
[root@master ~]# touch /root/Documents/file
[root@master ~]# ls -R

If the file exist, it will reset the timestamp of the file.

========================================
Create directories:
[root@master ~]# mkdir dir1 dir2 dir3
[root@master ~]# mkdir -p dir4/dir5
[root@master ~]# mkdir 'abeer hosni'
[root@master ~]# mkdir "abeer hosni"
[root@master ~]# mkdir abeer\ hosni
========================================
Copy files and diretories:
[root@master ~]# cp file1 file2 (creates file2)
[root@master ~]# cp file1 /root/Documents/
[root@master ~]# cp file1 file2 file3 /root/Documents/ (last argument must be a
directory)
[root@master ~]# cp -r /etc/ dir1 (copy non-empty directory)
[root@master ~]# cp -r /etc/* dir1 (copy the contents of he directory)
[root@master Documents]# cp ~/file1 .
========================================
Move files and directories:
[root@master ~]# mv file1 new_file1 (to rename the file1)
[root@master ~]# mv file1 file2 file3 /root/Documents/ (last argument must be a
directory)
[root@master ~]# mv dir1 dir2 dir3 dir4 (last argument must be a directory)
========================================
Remove files and directories:

Linux Abeer 7
 [root@master ~]#rm file1 (interactive by default for the root)
[root@master ~]# rm -f file1 file2 file3 (force remove)
[root@master ~]# rm -d dir1 (removes an empty directory)
[root@master ~]# rmdir dir1 (removes an empty directory)
[root@master ~]# rm -rf dir1 (removes a non-empty directory)
========================================
nautilus:
[root@master ~]# nautilus
[root@master ~]# nautilus /etc/
========================================
File globbing (wildcard) (pattern matching) (path name expansion):
[root@master ~]#touch alfa bravo charlie delta echo able baker cast dog easy
[root@master ~]#ls a* (Only file names beginning with "a")
[root@master ~]#ls a (Only file names ending with "a")
[root@master ~]#rm -f a
[root@master ~]#ls a (Only file names containing "a")
[root@master ~]#ls [!a]* (Only file names where first character is not "a")
[root@master ~]#ls [ac]*
[root@master ~]#ls ????
[root@master ~]#ls ?????
[root@master ~]#touch file1 file2 file3 file4 file11 file12 file111 filea fileb fileab fa fab
fabc
[root@master ~]#ls f?
[root@master ~]#ls f??
[root@master ~]#ls file[a-c]
[root@master ~]#ls file[^a-c]
[root@master ~]#echo ~abeer
==============================================
Variable substitution:
[root@master ~]# x=5
[root@master ~]# echo x
[root@master ~]# echo $x (The value of variable x)

Command substitution:
[root@master ~]# echo "Today is $(date)"

Linux Abeer 8
 Arithmatic substitution:
[root@master ~]# echo "Sum of 1 plus 2 is $[1+2]"
[root@master ~]# echo "Sum of 1 plus 2 is $((1+2))"
best wishes:
Abeer :)

chapter 3

1- using --help command:

[root@master ~]# date --help
[root@master ~]# date -s 03:00
2- man pages:
[root@master ~]# man passwd (default is section 1)
[root@master ~]# passwd -l abeer (lock the user)
[root@master ~]# passwd -u abeer (unlock the user)
[root@master ~]# man 1 passwd
[root@master ~]# man 5 passwd
[root@master ~]# man man
[root@master ~]# man -k "print files"
[root@master doc]# apropos "print files"
[root@master ~]# man -K "print files"
[root@master ~]# man -k time | grep 1
[root@master ~]# man -k print | grep 1
[root@master ~]# man 1 su
-Popular system administration topics are in sections 1 (user commands), 5 (file
formats), and 8 (administrative commands).
-PageDown or space >>> Scroll forward (down) one screen
-PageUp >>>Scroll backward (up) one screen
-/string >>> Search forward (down) for string in the man page
-n >>> Repeat previous search forward (down) in the man page
-N >>> Repeat previous search backward (up) in the man page
-g >>> Go to start of the man page.
-G >>> Go to end of the man page.
-q >>> Exit man and return to the command shell prompt

Linux Abeer 9
 3- info and pinfo commands:
[root@master ~]# pinfo
[root@master ~]# info passwd
[root@master ~]# pinfo passwd

4-Reading Documentation in /usr/share/doc:

[root@master doc]# firefox /usr/share/doc/
5- Getting Help From Red Hat:
https://docs.redhat.comhttps://access.redhat.com/documentation/en/
6- Using redhat-support-tool to search Knowledgebase: (must have valid registeration to
Red Hat)
[root@master doc]# redhat-support-tool
Command (? for help): search how to change password for a user
Please enter your RHN user ID:

7- Applications..Documentation.. help
[root@master doc]# yelp
8- on-line help:
http://tldp.org/ (the linux documentation project)
other communities.
best wishes:
Abeer :)

chapter 4

Standard input, standard output, and standard error:

[root@master ~]# date > /tmp/saved-timestamp
[root@master ~]# tail -n 100 /var/log/dmesg > /tmp/last-100-boot-messages
[root@master ~]# cat file1 file2 file3 file4 > /tmp/all-four-in-one
[root@master ~]# ls -a > /tmp/my-file-names
Append output to an existing file:
[root@master ~]#echo "new line of information" >> /tmp/many-lines-of-information
[root@master ~]# find /etc -name passwd 2> /tmp/errors
[root@master ~]# find /etc -name passwd > /tmp/output 2> /tmp/errors
[root@master ~]# find /etc -name passwd > /tmp/output 2> /dev/null

Linux Abeer 10
 [root@master ~]# find /etc -name passwd &> /tmp/save-both
[root@master ~]# find /etc -name passwd >> /tmp/save-both 2>&1
Constructing pipe lines:
[root@master ~]# ls -l /usr/bin | less
[root@master ~]# ls | wc -l > /tmp/how-many-files
[root@master ~]# ls -t | head -n 10 > /tmp/ten-last-changed-files
[root@master ~]# ls -l | tee /tmp/saved-output
[root@master ~]# ls -l | tee /dev/pts/0 | mail -s subject
Editing files with Vim:
[root@master ~]# vim file1
Editing files with gedit:
Applications > Accessories > gedit
[root@master ~]# gedit file1

Editing files with nano:

[root@master ~]# nano file1
Best wishes
Abeer :)

chapter 5
Users:
[root@master ~]# ls -l
[root@master ~]# ps aux
[root@master ~]# useradd --help
[root@master ~]# useradd abeer
[root@master ~]# passwd abeer
[root@master ~]# useradd -G admin -u 1005 -s /usr/sbin/nologin abeer
[root@master ~]# useradd -c "ahmed hosni" -e 2016-12-31 -s /bin/csh ahmed
To verify:
[root@master ~]# id
[root@master ~]# id abeer
[root@master ~]# id -u abeer (UID for abeer)
[root@master ~]# tail -n 1 /etc/passwd
username:password:UID:GID:GECOS:/home/dir:shell

Linux Abeer 11
 note:
GECOS field is arbitrary text, which usually includes the user's real name.
[root@master ~]# tail -n 1 /etc/shadow
name:password:1astchange:minage:maxage:warning:inactive:expire:b1ank
The number 1 indicates an MD5 hash. The number 6 appears when a SHA-512 hash is
used.
[root@master ~]# authconfig --passalgo=<descrypt|bigcrypt|md5|sha256|sha512> (to
change the hashing type)
note:
!! indicates that the user has no password
###############
Groups:
-Primary group is the user Private Group (UPG).
[root@master ~]# groupadd sales
[root@master ~]# groupadd -g 1005 admin

To verify:
[root@master ~]# id
[root@master ~]# id abeer
[root@master ~]# grep sales /etc/group
groupname:password:GID:list,of,users,in,this,group
[root@master ~]# groupmod -g 2000 admin
[root@master ~]# groupadd old
[root@master ~]# groupmod -n new old (rename a group)
###############
Switching users with su:
[root@master ~]# su abeer
[abeer@master root]$ exit
exit
[root@master ~]# su - abeer
[abeer@master ~]$
[abeer@master ~]$ su
[abeer@master ~]$ su -
###############
Running commands as root with sudo:

Linux Abeer 12
 [root@master ~]# vim /etc/sudoers
abeer ALL=(ALL) ALL
%sales ALL=(ALL) ALL
[abeer@master ~]$ sudo passwd ahmed
[abeer@master ~]$ sudo passwd -l ahmed
To verify:
[root@master ~]# tail -f /var/log/secure
###############
Modify users:
[root@master ~]# usermod -L abeer (lock the user)
[root@master ~]# usermod -U abeer (unlock the user)
[root@master ~]# usermod -G sales abeer (overwrite secondary group)
[root@master ~]# usermod -aG admin abeer (append to secondary group)
or:
[root@master ~]# vim /etc/group
To verify:
[root@master ~]# id abeer
###############
Delete users:
[root@master ~]# userdel abeer
[root@master ~]# userdel -r test (removes home directory)
Note:
In RHEL7 the useradd command assigns new users the first free UID number available
in the range starting from UID 1000 or above.
[root@master ~]#useradd abeer
[root@master ~]# ls /home/ -l
drwx------. 5 abeer abeer 4096 Jun 21 21:36 abeer
[root@master ~]#userdel abeer
[root@master ~]#useradd ahmed
[root@master ~]# ls /home/ -l
drwx------. 5 ahmed ahmed 74 Jun 23 05:00 abeer
drwx------. 3 ahmed ahmed 74 Jun 23 02:55 ahmed
###############
Delete groups:
[root@master ~]# groupdel admin

Linux Abeer 13
 ###############
UID ranges:
UID 0 is always assigned to the superuser account, root.
UID 1-200 is a range of "system users" assigned statically to system processes by Red
Hat.
UID 201-999 is a range of "system users" used by system processes that do not own
files on the file system.
UID 1000+ is the range available for assignment to regular users.
To change the default:
[root@master ~]# vim /etc/login.defs
###############
Password aging:
[root@master ~]# chage -l abeer (list info about the user)
[root@master ~]# chage -E 2017-1-1 abeer (expire the user on the specified address)
[root@master ~]# chage -m 1 abeer (set minimum number of days before
password change)
[root@master ~]# chage -M 120 abeer (set maximim number of days before
password change)
[root@master ~]# passwd -x 90 abeer (the password will expire after 90 days)
###############
Create a default file or directoy in the user's home directory:
[root@master ~]# touch /etc/skel/new_file
###############
GUI tool to manage users and groups:
[root@master ~]# yum install system-config-users
[root@master ~]# system-config-users
###############

Best wishes:
Abeer :)

chapter 6

Linux file system permissions:

- User permissions override group permissions, which override other permissions.
- If a user only has read access on a directory, the names of the files in it can be liste

Linux Abeer 14
 d, but no other information, including permissions or time stamps, are available, nor can
they be accessed.
- If a user only has exec access on a directory, they can not list the names of the files
in the directory, but if they already know the name of a file which they have permission
to read, then they can access the contents of that file by explicitly specifying the file
name.
- All permissions in Linux are set directly on each file or directory (not inherited)
- The write permission implies the ability to delete files and subdirectories.
- If write and the sticky bit are both set on a directory, then only the user that owns a
file or subdirectory in the directory may delete it.
- Only the root and the owner can change the permissions.
[root@master ~]# ls -l file OR [root@master ~]# ll file
[root@master ~]# ls -ld /home
==========================================================
Changing file/directory permissions:
1- Symbolic method:
• Who is u, g, o, a (for user, group, other, all)
• What is +, -, = (for add, remove, set exactly)
• Which is r, w, x (for read, write, executable)

[root@master ~]# chmod g+w file1

[root@master ~]# chmod o+w file1
[root@master ~]# chmod u-w file1
[root@master ~]# chmod u+w,g+wx,o+r file1
[root@master ~]# chmod go-rw file1
[root@master ~]# chmod u=rw,g=r,o=r file1 (resets all old permissions)
[root@master ~]# chmod a+x file1 or chmod ugo+x file1
[root@master ~]# chmod a=rw file1 or chmod ugo=rw file1
[root@master ~]# chmod u= file1 (reomves all permissions from owner)
[root@master ~]# chmod +rw file1 or chmod u+rw file1
[root@master ~]# chmod =rw file1 or chmod u=rw file1
[root@master ~]# chmod -R g+rwx dir1

2- Numeric method:
r=4, w=2, x=1

[root@master ~]# chmod 754 file1 (rwx,r-x,r--)

[root@master ~]# chmod 400 file1 (r--,---,---)
[root@master ~]# chmod -R 755 dir1
==========================================================
Changing file/directory user or group ownership:
- Only root can change the ownership of a file.
- Root or the file's owner can change group ownership.
[root@master ~]# chown abeer file1
[root@master ~]# chown abeer dir1
[root@master ~]# chown -R abeer dir1
[root@master ~]# chown :sales file1 (change the group ownership)
[root@master ~]# chgrp sales file1 (change the group ownership)
[root@master ~]# chown abeer:sales file1 (change the owner and group)
[root@master ~]# chown -R abeer:sales dir1
==========================================================
Special permissions:
- The setuid (or setgid) permission on an executable file means that the command will run
as the user (or group) of the file, not as the user that ran the command.

Linux Abeer 15
 [root@master ~]# ls -l /usr/bin/passwd

-The sticky bit for a directory sets a special restriction on deletion of files. Only the
owner of the
file (and root) can delete files within the directory.
[root@master ~]# ls -ld /tmp/

• Symbolically: setuid=u+s; setgid=g+s; sticky=o+t

• Numerically (fourth preceding digit): setuid=4; setgid=2; sticky=1

[root@master ~]# chown g+s dir1

[root@master ~]# chown 2770 dir1
==========================================================
Default file permissions:
- The default permissions for files are set by the processes that create them. For exampl
e, text editors create files so they are readable and writeable, but not executable, by ev
eryone.
- Every process on the system has a umask.

[root@master ~]# umask

0022
[abeer@master ~]$ umask
0002
[root@master ~]# umask 007 (not permanent)
[root@master ~]# vim /etc/bashrc
[root@master ~]# vim /etc/profile
[root@master ~]# vim .bashrc
[root@master ~]# vim .bash_profile
==========================================================

Best wishes
Abeer :)

chapter 7

What is a process?
- A process is a program which is being executed
- Any process may create a child process. All processes are descendants of the first syste
m process, which is systemd on a RHEL7 system.
[root@master ~]# echo $$ (To see the PID of your current shell process)
4085
[root@master ~]# bash
[root@master ~]# echo $$

Linux Abeer 16
 8686
[root@master ~]# exit
exit
[root@master ~]# echo $$
4085

===============================================================================
Listing processes:
[root@master ~]# ps
[root@master ~]# ps aux
[root@master ~]# ps -aux
[root@master ~]# ps -aux | less
[root@master ~]# ps aux | grep -i syslogd
[root@master ~]# ls /proc/
[root@master ~]# ps aux | grep 264 (which shown in /proc)
[root@master ~]# pidof vim or [root@master ~]# pgrep vim
[root@master ~]# ps -l (To display Parent PID PPID)
[root@master ~]# ps -ef (To display Parent PID PPID and nice values)

a.... all processes attached to a terminal

u.... provides more columns
x.... all other processes

[root@master ~]# pstree (process status tree)

OR
[root@master ~]# ps fax (process status tree)
[root@master ~]# pstree -p (Display PID of each process)

- Processes in brackets (usually at the top) are scheduled kernel threads.

===============================================================================
Real-time process monitoring:
[root@master ~]# uptime
[root@master ~]# grep "model name" /proc/cpuinfo (to know nu of CPUs)
[root@master ~]# top

type 1 to show all cpu cores

type s to change the default refresh rate which is 3 seconds
type h for help
type k to kill a process
type r to renice a process
type M to change the display to sort by the amount of memory
type P to change the display to sort by the CPU utilization
type n to change the number of processes shown
type w to save current display configuration
type q to quit

PID ... The process ID

USER ... The process owner
VIRT ... (Virtual memory) All memory the process is using including swap
RES ... (Resident memory) The physical memory used by the process
TIME ... CPU time, the total processing time since the process started
===============================================================================
GUI tools to manage processes:
[root@master ~]# gnome-system-monitor

Linux Abeer 17
 OR)
Applications.. System Tools.. System Monitor
===============================================================================
Controlling Jobs:
- Background processes display a question mark (?) in the TTY column in a ps aux command.

[root@master ~]# dd if=/dev/zero of=/dev/null

[root@master ~]# sleep 100000 & (Running a job in the background)
[1] 5151

[root@master ~]# jobs

[1]+ Running sleep 100000 &

[root@master ~]# fg %1
sleep 100000

^Z (To resend to the background)

[1]+ Stopped sleep 100000

[root@master ~]# bg %1 (To restart the process in the background)

[1]+ sleep 100000 &

OR
[root@master ~]# bg 5151

^C (End the process)

===============================================================================
Killing Processes:
[root@master ~]# kill -l (List all signals)
[root@master ~]# man 7 signal

1)SIGHUP Causes the process to re-read the configuration file

9)SIGKILL Should be used with caution
15)SIGTERM The default

[root@master ~]# pidof vim

4123
[root@master ~]# kill 4123 (Default is SIGTERM 15)

[root@master ~]# pidof vim

7073
[root@master ~]# kill -9 7073
[root@master ~]# kill -SIGKILL 7073

[root@master ~]# pkill vim (Default is SIGTERM 15)

[root@master ~]# killall vim
===============================================================================
Managing Process Priorities:
- Processes are scheduled according to priority.
- negative values are allowed only to root.

[root@master ~]# ps l (To show nice values)

-The nice command is used to start a process with a user defined priority.

Linux Abeer 18
 [root@master ~]# nice vim text & (Default is 10)
[1] 9182

[root@master ~]# nice -n 15 vim text &

-The renice command is used to change the priority of a currently running process.
[root@master ~]# renice 19 9182 (19 is the new value)
===============================================================================
Best wishes
Abeer :)

chapter 8

systemd:
- System startup and server processes are managed by the systemd.
- For many years, process ID 1 of Linux and UNIX systems has been the init process. Freque
ntly used daemons were started on systems at boot time with SystemV and LSB init scripts.
Less frequently used daemons were started on demand by another service, such as initd or
xinetd, which listens for client connections.
=============================================================
Listing unit files with systemctl:
[root@master ~]# systemctl
[root@master ~]# systemctl -t help (Query the state of all units )
[root@master ~]# systemctl --type service (Query the state of only the service un
its)
OR)
[root@master ~]# systemctl list-units --type service (List all active services)
[root@master ~]# systemctl list-units --type service --all (List all active and inactive
services)
[root@master ~]# systemctl --failed --type=service (List failed services)

[root@master ~]# systemctl status sshd.service

[root@master ~]# systemctl status sshd
[root@master ~]# systemctl status firewalld.service
[root@master ~]# systemctl status firewalld
[root@master ~]# systemctl status firewalld -l
[root@master ~]# systemctl is-active sshd
[root@master ~]# systemctl is-enabled sshd
=============================================================
Controlling System Services:
[root@master ~]# systemctl status sshd
[root@master ~]# systemctl restart sshd
[root@master ~]# systemctl stop sshd
[root@master ~]# systemctl start sshd
[root@master ~]# systemctl reload sshd (Re-read the configuration file)
=============================================================
Unit dependencies:
[root@master ~]# systemctl stop cups
Warning: Stopping cups.service, but it can still be activated by:

Linux Abeer 19
 cups.socket
cups.path

[root@master ~]# systemctl list-dependencies cups

[root@master ~]# systemctl list-dependencies cups --reverse
=============================================================
Masking services:
A masked service can not be started manually or automatically
network vs NetworkManager
iptables vs firewalld
[root@master ~]# systemctl mask network
[root@master ~]# systemctl unmask network
=============================================================
Enabling system daemons to start or stop at boot:
[root@master ~]# systemctl enable sshd
[root@master ~]# systemctl disable sshd
=============================================================

Best wishes
Abeer :)

chapter 9

[root@server ~]# systemctl status sshd

[root@server ~]# rpm -qa | grep -i ssh
Or)
[root@server ~]# yum search sshd
[abeer@client ~]$ ssh-keygen (Default is RSA)
[abeer@client ~]$ ssh-keygen -t dsa
[abeer@client ~]$ ssh-keygen -t rsa
[abeer@client ~]$ cd .ssh/
[abeer@client ~]$ ssh 192.168.1.10
[abeer@client ~]$ ssh [email protected]
[abeer@client ~]$ ssh [email protected] hostname
[abeer@client ~]$ exit (exit from the SSH session)
[root@server ~]# w
[root@server ~]# who

Note)
- The first time a user uses ssh to connect to a particular server, the ssh command stores
the server's public key in the user's ~/.ssh/known_hosts file. Every time the user connect
s after that, the client makes sure it gets the same public key from the server by compari
ng the server's entry in the ~/.ssh/known_hosts file to the public key the server sent. If
the keys do not match, the client assumes that the network traffic is being hijacked or th
at the server has been compromised, and breaks the connection.
- Host keys are stored in /etc/ssh/ssh_host_key * on the SSH server.
===================================================================
SSH key-based authentication:
[abeer@client ~]$ ssh-copy-id 192.168.1.1

Linux Abeer 20
 [abeer@client ~]$ ssh-copy-id [email protected]
[abeer@client ~]$ ssh-copy-id -p 2020 [email protected]
[abeer@client ~]$ ssh-copy-id -i ~/ssh/id_rsa.pub [email protected]

- In the event the private key is stolen, it is very difficult for someone other than the
issuer to use it when protected with a passphrase.
- When the key is copied to another system using ssh-copy-id, it copies the ~/.ssh/id_rsa.
pub file by default.

[root@server ~]# cd /home/abeer/.ssh/

authorized_keys

[root@server ~]# ps aux | grep -i ssh

[root@server ~]# kill 8619
===================================================================
Customizing SSH Service Configuration:
[root@server ~]# vim /etc/ssh/sshd_config
#Port 22 (Changes the default port)
#PermitRootLogin yes (Prohibit the root user from logging in using SSH)
PasswordAuthentication yes (Prohibit password authentication using SSH)

[abeer@client ~]$ ssh [email protected] -p 2200

===================================================================

Best wishes:
Abeer :)

chapter 10

System logging:
1- Direct write (ex: Apache)
2- Through systemctl (journald)
3- Through rsyslogd (/var/log)
========================================================
journald:
[root@server ~]# yum search journal
[root@server ~]# systemctl status systemd-journald
[root@server ~]# journalctl
[root@server ~]# journalctl -n (shows the last 10 log entries)
[root@server ~]# journalctl -n 5 (shows the last 5 log entries)
[root@server ~]# journalctl -f (like tail -f)
[root@server ~]# journalctl -p err (filter the output to a specific severity)
[root@server ~]# journalctl -b (Logs during boot)
[root@server ~]# journalctl --since yesterday
[root@server ~]# journalctl --since yesterday --until 9:30:00
[root@server ~]# journalctl _PID=1
[root@server ~]# journalctl _UID=0
[root@server ~]# journalctl _SYSTEMD_UNIT=sshd
[root@server ~]# journalctl _SYSTEMD_UNIT=NetworkManager

Linux Abeer 21
 [root@server ~]# cat /etc/systemd/journald.conf
========================================================
rsyslogd:
[root@server ~]# yum search rsyslog
[root@server ~]# systemctl status rsyslog
[root@server ~]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

[root@server ~]# systemctl restart rsyslog

> Local logging:

[root@client ~]# tail -f /var/log/secure
[abeer@client ~]$ su -

> Logging to a syslog server:

[root@client ~]# vim /etc/rsyslog.conf
#### RULES ####
*.* @192.168.1.1 (facility.priority)(UDP session)
Or
*.* @@192.168.1.1 (TCP sessions)
Or
*.* @192.168.1.1:500 (Change the default UDP port number)
Or
*.* @@192.168.1.1:500 (Change the default TCP port number)

[root@client ~]# systemctl restart rsyslog

[abeer@client ~]$ su -
[root@server ~]# tail -f /var/log/secure
========================================================
Log file rotation:
- Logs are "rotated" by the log rotate utility after a week by default to keep them from f
illing up the file system containing /var/log/.
- When a log file is rotated, it is renamed with an extension indicating the date on which
it was rotated.
- A cron job runs the log rotate program daily to see if any logs need to be rotated.
[root@server ~]# vim /etc/logrotate.conf
[root@server ~]# cd /etc/logrotate.d/ (Any config here will overwrite the logrot
ate.conf file)
========================================================
Send a syslog message with logger:
[root@server ~]# logger "Log entry created locally"
[root@server ~]# logger -i "Log entry created locally" (log the process ID to
o)
[root@server ~]# logger -p panic "Log entry created locally" (mark given message with
this priority)
========================================================
Store the system journal permanently:
- By default, the systemd journal is kept in /run/log/journal, which means it is cleared w
hen the system reboots.

Linux Abeer 22
 - If the directory /var/log/journal exists, the journal will log to that directory instea
d. The
advantage of this is the historic data will be available immediately at boot.
- However, even with a persistent journal , not all data will be kept forever. The journa
l has a built-in log rotation mechanism that will trigger monthly.
- by default, the journal will not be allowed to get larger than 10% of the file system it
is on, or leave less than 15% of the file system free. These values can be tuned in /etc/s
ystemd/journald.conf

[root@master ~]# mkdir /var/log/journal

[root@master ~]# chown root:systemd-journal /var/log/journal
[root@master ~]# chmod 2755 /var/log/journal
[root@master ~]# killall -USR1 systemd-journald (or reboot the system)
========================================================
[root@master ~]# last
[root@master ~]# lastlog
========================================================
Set local clocks and time zone:
[root@master ~]# timedatectl (shows an overview of the current time settin
gs)
[root@master ~]# timedatectl list-timezones (shows a list of all time zones)
[root@master ~]# timedatectl set-timezone Africa/Cairo
[root@master ~]# timedatectl set-time 9:00:00
[root@master ~]# timedatectl set-ntp true
========================================================

Best wishes:
Abeer :)

chapter 11

Default Network interface names:

• Ethernet interfaces begin with en, WLAN interfaces begin with wl, and WWAN interfaces be
gin with WW
• The next character(s) represents the type of adapter with an o for on-board, s for hotpl
ug slot,
and p for PCI.
• A number N is used to represent an index, ID, or port.
• If the fixed name can not be determined, the traditional names such as ethN will be use
d.

Example:
-eno1, the first embedded network interface
-enp2s0, a PCI card network interface

Linux Abeer 23
 =================================================================
Displaying IP addresses:
[root@master ~]# ifconfig
[root@master ~]# ifconfig eno16777736
[root@master ~]# ip help
[root@master ~]# ip addr help
[root@master ~]# ip addr (Display IP information)
[root@master ~]# ip addr show (Display IP information)
[root@master ~]# ip addr show eno16777736
[root@master ~]# ip link show
[root@master ~]# ip -s link show
[root@master ~]# ip -s link show eno16777736
=================================================================
Configuring IP addresses:
[root@client ~]# ifconfig eno16777736 192.168.1.10 netmask 255.255.255.0
-Note: Prefix will be the default if not configured
[root@client ~]# ip addr add dev eno16777736 192.168.1.10/24 (Appears as a secondary
IP)
-Note: Prefix will be /32 if not configured
=================================================================
Configuring Networking with nmcli:
[root@client ~]# nmcli
[root@client ~]# nmcli help
[root@client ~]# nmcli con show
[root@client ~]# nmcli con show eno16777736
[root@client ~]# nmcli connection add con-name testing ifname eno16777736 type ethernet ip
4 192.168.1.10/24
[root@client ~]# nmcli connection down eno16777736
[root@client ~]# nmcli connection up testing

- If the testing connection is lost, the eno16777736 connection will attempt to autoconnec
t. To administratively disable an interface and prevent any auto connection, use nmcli dev
disconnect DEVICENAME.

[root@client ~]# nmcli con mod eno16777736 connection.autoconnect no (Turn off auto conn
ection)
[root@client ~]# nmcli con mod eno16777736 ipv4.dns 8.8.8.8 (Configure a DNS server)
[root@client ~]# nmcli con mod eno16777736 +ipv4.dns 4.2.2.3 (Add another DNS server)
[root@client ~]# nmcli con mod eno16777736 +ipv4.address 10.0.0.1/24 (Add a secondary ad
dress)
[root@client ~]# nmcli con mod eno16777736 ipv4.method manual ipv4.address 192.168.1.10/24
ipv4.gateway 192.168.1.1 ipv4.dns 8.8.8.8

- The nmcli con mod will save the setting to the configuration files. To activate the chan
ges, the connection needs to be activated or reactivated.

[root@client ~]# nm-connection-editor (GUI version of nmcli)

=================================================================
Configuring Networking with nmtui:
[root@client ~]# nmtui
[root@client ~]# nmcli con down eno16777736 ; nmcli con up eno16777736
=================================================================
Editing Network Configuration Files:
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736

Linux Abeer 24
 [root@client ~]# nmcli connection reload eno16777736
[root@client ~]# nmcli connection down eno16777736
[root@client ~]# nmcli connection up eno16777736
=================================================================
Configuring Host Names:
[root@client ~]# hostname
[root@client ~]# hostname master.redhat.com
[root@client ~]# vim /etc/hostname
[root@client ~]# hostnamectl (Display information about the system)
[root@client ~]# hostnamectl status (Display information about the system)
[root@client ~]# hostnamectl set-hostname www.redhat.com

- The static host name is stored in /etc/hostname. Previous versions of RHEL stored the ho
stname as a variable in the /etc/sysconfig/network file.
=================================================================
Configuring DNS:
[root@client ~]# cat /etc/resolv.conf
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
DNS1=8.8.8.8
[root@client ~]# nmcli con mod eno16777736 ipv4.dns 8.8.8.8 (Configure a DNS server)
[root@client ~]# nmcli con mod eno16777736 +ipv4.dns 4.2.2.3 (Add another DNS server)
[root@client ~]# vim /etc/hosts
=================================================================
Configure Routing:
[root@client ~]# route -n (Display routing table)
[root@client ~]# ip route (Display routing table)
[root@client ~]# ip route show (Display routing table)
[root@client ~]# ip route add 20.0.0.0/8 via 192.168.1.1 (Add a static route)
[root@client ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
GATEWAY=192.168.1.1
[root@client ~]# nmcli con mod eno16777736 ipv4.gateway 192.168.1.1
=================================================================
Network tools:
[root@client ~]# ping -c 5 127.0.0.1
[root@client ~]# netstat -i (Packet information)
[root@client ~]# netstat -tulpen (Listening ports)
[root@client ~]# traceroute 8.8.8.8
=================================================================

Best wishes
Abeer :)

chapter 12

Create archive files and directories with tar (tap archive):

[root@master ~]# tar cvf archive.tar file1 file2 file3

Linux Abeer 25
 [root@master ~]# tar -cvf etc.tar /etc/ (requires root privilege)
[root@master ~]# tar -cf /root/etc.tar /etc/
[root@master ~]# du -hs /etc/
[root@master ~]# ll -h etc.tar

• c (create an archive)
• f file name (file name of the archive to operate on)
• v (verbosity; useful to see which files get added to or extracted from the a rch ive)

Notes:
- Before creating a tar archive, verify that there is no other archive in the directory wi
th the same name as the new archive to be created. The tar command will overwrite an exist
ing archive without any feedback.
- For tar to be able to archive the selected files, it is mandatory that the user executin
g the tar command is able to read the files.
- While tar stores ownership and permissions of the files, there are other attributes that
are not stored in the tar archive by default, such as the SELinux context and ACLs. To sto
re those extended attributes in the tar archive, the --xattrs option is required when crea
ting an archive.
==================================================================
List contents of a tar archive:
[root@master ~]# tar tf archive.tar
[root@master ~]# tar tvf archive.tar
• t ( list the contents of an archive)
==================================================================
Extract an archive created with tar:
[root@master ~]# tar xvf archive.tar
[root@master ~]# tar xvf archive.tar -C /var/data/ (change the extract location)

• x (extract an archive)
==================================================================
Create a compressed tar archive:
[root@master ~]# tar cvzf etc.tar.gz /etc/
Or
[root@master ~]# tar cvzf etc.tgz /etc/

• z for gzip compression (filename.tar.gz or filename.tgz)

• j for bzip2 compression (filename.tar.bz2)
• J for xz compression (filename.tar.xz)
==================================================================
Extract a compressed tar archive:
[root@master ~]# tar xvzf etc.tar.gz
[root@master ~]# tar xvjf etc.tar.bz2
[root@master ~]# tar xvJf etc.tar.xz

Note:
- Listing a compressed tar archive works in the same way as listing an uncompressed tar ar
chive.
==================================================================
Compress and extract files:
[root@master ~]# gzip file.text
[root@master ~]# gunzip file.text.gz

Linux Abeer 26
 [root@master ~]# bzip2 file.text
[root@master ~]# bunzip2 file.text.bz2

[root@master ~]# xz file.text

[root@master ~]# unxz file.text.xz

Note:
- Compressing a file will delete it by default.
[root@master ~]# gzip -c file.text > file.gz (will not delete the file)
==================================================================
Copying Files Between Systems Securely:
[abeer@client ~]$ scp test_file 192.168.1.1:~
[abeer@client ~]$ scp -P 2200 test_file 192.168.1.1:~
[abeer@client ~]$ scp 192.168.1.1:/home/test_file /home/abeer
[abeer@client ~]$ scp [email protected]:/etc/hosts ~
[abeer@client ~]$ scp -P 2200 [email protected]:/etc/hosts ~
[abeer@client ~]$ scp -r [email protected]:/var/log /tmp (copy recursively)
==================================================================
Transfer files remotely with sftp:
[root@client ~]# sftp 192.168.1.1
sftp> ls
sftp> mkdir client_dir
sftp> get file2
sftp> get -r /var/log (download recursively)
sftp> put test_file
sftp> exit
==================================================================
Synchronizing Files Between Systems Securely:
[abeer@client ~]$ rsync test_file 192.168.1.1:~
[abeer@client ~]$ rsync 192.168.1.1:/home/test_file /home/abeer
[abeer@client ~]$ rsync [email protected]:/etc/hosts ~
[root@client ~]# rsync -rvz file2 [email protected]:/root/
-r, --recursive
-v, --verbose
-z, --compress (during transfer)
==================================================================

Best wishes:
abeer :)

chapter 13

Red Hat Subscription Management:

[root@master ~]# subscription-manager-gui
Or)

Linux Abeer 27
 Applications > System Tools > Red Hat Subscription Manager

[root@master ~]# subscription-manager register --username=abeer --password=123

==============================================================
Software packages and RPM:
Ex:
httpd-tools-2.4.6-7.el7.x86_64.rpm
httpd-tools....Name
2.4.6..........Version
7.el7..........Release
x86_64.........ARCH

[root@master ~]# uname -a

[root@master ~]# uname -r
[root@master ~]# arch
[root@master ~]# cat /etc/redhat-release

[root@master Packages]# rpm -ivh vsftpd-3.0.2-10.el7.x86_64.rpm (Install a package)

[root@master Packages]# rpm -qa | grep -i ftp
[root@master Packages]# rpm -e vsftpd
[root@master Packages]# rpm -Fvh vsftpd-3.0.2-10.el7.x86_64.rpm (Update an installed p
ackage)
[root@master Packages]# rpm -Uvh vsftpd-3.0.2-10.el7.x86_64.rpm (Update and install a
package)
[root@master Packages]# rpm -ql vsftpd (Query an installed pa
ckage)
[root@master Packages]# rpm -qpl vsftpd-3.0.2-10.el7.x86_64.rpm (Query a not-installed
package)
[root@master Packages]# rpm -qi vsftpd (Query info of an inst
alled package)
[root@master Packages]# rpm -qpi vsftpd-3.0.2-10.el7.x86_64.rpm (Query info of a not-i
nstalled package)
[root@master Packages]# rpm -qc vsftpd (Query config files of
an installed package)
[root@master Packages]# rpm -qpc vsftpd-3.0.2-10.el7.x86_64.rpm (Query config files of
a not-installed package)
[root@master Packages]# rpm -qd vsftpd (Query doc files of an installed p
ackage)
[root@master Packages]# rpm -qpd vsftpd-3.0.2-10.el7.x86_64.rpm (Query doc files of a not
-installed package)
[root@master Packages]# which passwd
/usr/bin/passwd
[root@master Packages]# rpm -qf /usr/bin/passwd
passwd-0.79-4.el7.x86_64

[root@master Packages]# rpm -ivh --prefix=/home/dir/ vsftpd-3.0.2-10.el7.x86_64.rpm

error: package vsftpd is not relocatable (Change the defualt installation director
y)

[root@master Packages]# rpm -K vsftpd-3.0.2-10.el7.x86_64.rpm (Check if the package is

signed from RED HAT or not)
[root@master Packages]# rpm --import /media/RPM-GPG-KEY-redhat-* (import the keys)
==============================================================
Yellowdog Updater, Modified (yum):

Linux Abeer 28
 1- Local Repo:
[root@master ~]# vim /etc/yum.repos.d/local.repo
[LocalRepo]
name = Local
baseurl = file:///run/media/root/RHEL-7.2\ Server.x86_64
enabled = 1
gpgcheck = 0

2- Remote Repo:
[root@master ~]# rpm -ivh /media/Packages/vsftpd-3.0.2-10.el7.x86_64.rpm
[root@master ~]# systemctl start vsftpd
[root@master ~]# systemctl enable vsftpd
[root@master ~]# setenforce 0
[root@master ~]# vim /etc/yum.repos.d/server1.repo
[Server1]
name = Server1
baseurl = ftp://192.168.1.10/pub
enable = 1
gpg = 0

[root@master ~]# yum install system-config-kickstart

[root@master ~]# yum remove system-config-kickstart
[root@master ~]# yum remove -y system-config-kickstart
[root@master ~]# yum search system-config-kickstart
[root@master ~]# yum search all system-config-kickstart
[root@master ~]# yum info system-config-kickstart
[root@master ~]# yum update system-config-kickstart
[root@master ~]# yum update (install all updates)

Note:
If we want to enable GPG chech:
gpg = 0
gpgkey = file:////etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Note:
yum remove will remove the package(s) listed and any package that requires the packages be
ing removed
==============================================================
[root@master ~]# yum repolist (List all repo files)
[root@master ~]# yum list all (List all available packages)
[root@master ~]# yum list installed (List all installed packages)
[root@master ~]# yum whatprovides */selinux
[root@master ~]# yum provides */selinux
[root@master ~]# yum remove bash
[root@master ~]# yum list kernel (List all kernels)
[root@master ~]# tail -f /var/log/yum.log
[root@master ~]# yum history
[root@master ~]# yum history undo 3 (Reverse action number 3)
==============================================================
Best wishes:
Abeer :)

Linux Abeer 29
 chapter 14

Identifying File Systems and Devices:

[root@master ~]# ls -l /dev/sda
[root@master ~]# ls -l /dev/hda
[root@master ~]# ls -l /dev/vda
[root@master ~]# df -h
[root@master ~]# du -h /etc/
[root@master ~]# du -hs /etc/
===================================================
Mounting and Unmounting File Systems:
[root@master ~]# mount /dev/cdrom /media
[root@master ~]# blkid
[root@master ~]# mount UUID="2015-10-30-11-11-49-00" /media
[root@master ~]# umount /dev/cdrom
[root@master ~]# umount /media
[root@master ~]# lsof (lists all opened files)
[root@master ~]# cd /media/
[root@master media]# lsof /media/

Notes:
- We can't umount a busy file system.
- Removable media, get automatically mounted under /run/media/<user>/<label>
- Removing a USB storage device without unmounting the file system on it can result in dat
a loss.
===================================================
Making Links Between Files:
[root@master ~]# ln file.txt /demo.txt (creates a hard link)
[root@master ~]# ls -li file.txt /demo.txt (the same inode number)

[root@master ~]# ln -s /root/file.txt /home/ (creates a soft or symbolic link)

[root@master ~]# ln -s /root/file.txt /home/new.txt
[root@master ~]# ls -li file.txt /home/file.txt (diffrent inode numbers)
[root@master ~]# file /home/file.txt
[root@master ~]# ln -s /etc/ /root/ (creates a symbolic link for a director
y)

Notes:
- After a new hard link is created, there is no way to tell which of the existing hard lin
ks is the original one.
- All hard links referencing the same file have the same permissions, link count, user/gro
up ownerships, time stamps, and file content. If any of that information is changed on one
hard link, all other hard links pointing at the same file will show the new information as
well.
- hard link is not allowed for a directory.
- In RHEL7, a normal user can create a hard link to files that he has permissions on.
- Hard links must exist on the same file system.
- A symbolic link can point to a file on a different file system.

Linux Abeer 30
 - When creating the symbolic link, the full path should be used.
===================================================
Locating Files on the System:
[root@master ~]# locate passwd
[root@master ~]# locate -i messages (case-insensitive search)
[root@master ~]# locate -n 5 passwd (the first five matches)
[root@master ~]# locate passwd | grep -i passwd
[root@master ~]# updatedb (the default is 1 day)

[root@master ~]# find / -name passwd

[root@master ~]# find / -name *.txt
[root@master ~]# find / -iname messages (case-insensitive search)
[root@master ~]# find / -user abeer (Search for files owned by the user abe
er)
[root@master ~]# find / -group sales (Search for files owned by the group sa
les)
[root@master ~]# find / -uid 1000 (Search for files owned by the UID 100
0)
[root@master ~]# find / -gid 1000 (Search for files owned by the GID 100
0)
[root@master ~]# find /home -perm 764 (exact match of permissions)
[root@master ~]# find /home -perm -624 (at least these permissions)
[root@master ~]# find /home -perm /442 (logical OR)
[root@master ~]# find /home -size 3M (exact size)
[root@master ~]# find /home -size -3M (less than 3 mega)
[root@master ~]# find /home -size +3M (more than 3 mega)
[root@master ~]# find /home -mmin 120 (exact modification time)
[root@master ~]# find /home -mmin -120 (less than 120 min)
[root@master ~]# find /home -mmin +120 (more than 120 min)
[root@master ~]# find /home -type d (searche for directories)
[root@master ~]# find /home -type f (searche for files)
[root@master ~]# find /home -type l (searche for symbolic links)
[root@master ~]# find /home -type b (searche for block devices)

[root@master ~]# find /home -name file.txt -exec mv {} /tmp \; (non-interactive)

[root@master ~]# find /home -name file.txt -ok rm -f {} \; (interactive)
[root@master ~]# find / -group sales -exec chgrp sales {} \;
Notes:
- The user invoking the find command must have read and execute permission on a directory
to examine its contents.
- If the directory argument is omitted, find will start the search in the current director
y and look for matches in any of the subdirectories.

chapter 15

KVM (Kernel-based Virtual Machine):

[root@master ~]# cat /proc/cpuinfo

Linux Abeer 31
 vmx............ for intel based processor
svm............ for AMD based processor
[root@master ~]# lsmod | grep kvm (to check if the kvm module is available)
[root@master ~]# systemctl status libvirtd
[root@master ~]# ip link show
virbr0......... virtual bridge (embeded switch)
[root@master ~]# arch
x86_64......... to support virtualization, you need a 64 bit kernel
==============================================================
Virtual manager (GUI tool):
[root@master ~]# yum -y install kvm libvirt virt-manager qemu-kvm
[root@master ~]# virt-manager
Or)
Applications> System Tools> Virtual Machine Manager

[root@master ~]# dd if=/dev/cdrom of=/root/RHEL7.iso (create an ios file)

==============================================================
Virsh (CLI tool):
[root@master ~]# virsh
virsh # help
virsh # exit
[root@master ~]# virsh list (list all running virtual machines)
[root@master ~]# virsh list --all (list all virtual machines)
[root@master ~]# virsh destroy rhel7.1 (stop the machine named rhel7.1)
[root@master ~]# virsh start rhel7.1 (start the machine named rhel7.1)
==============================================================

Best wishes:
Abeer :)

chapter 16

VNC (Virtual Network for Computing)

[root@server ~]# yum repolist

[root@server ~]# yum install -y tigervnc-server
[root@server ~]# useradd vncuser
[root@server ~]# passwd vncuser
[root@server ~]# cd /usr/lib/systemd/system
[root@server system]# cp [email protected] vncserver@\:1.service
Note: copy the file "vncserver@\:1.service" as much logical sessions you want to create.
[root@server system]# vim vncserver@\:1.service
(Replace <USER> with vncuser)
[root@server system]# systemctl deamon-reload
[root@server system]# su - vncuser
[vncuser@server ~]$ vncpasswd
[vncuser@server ~]$ exit
Note:
This must be done before starting the vnc service.

Linux Abeer 32
 [root@server system]# systemctl start vncserver@\:1.service
Note:
Don't use #0
[root@server system]# systemctl status vncserver@\:1.service
[root@server system]# systemctl enable vncserver@\:1.service
[root@server system]# setenforce 0
[root@server system]# systemctl stop firewalld
----------------------------------------------
[root@client ~]# yum install -y tigervnc
[root@client ~]# vncviewer -via [email protected] localhost:1
===================================================================

Best wishes:
Abeer :)

RH134 RHEL7

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d451f4f1-eff6-4b4
1-8b78-573bed3dba94/Chapter9_Adding_Disks_Partitions_and_File_Systems_t
o_a_Linux_System.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/8e1cec97-6290-4
a5b-9ce7-c0386a4a9adb/Chapter8_Connecting_to_Network-defined_Users_and
_Groups.txt

Linux Abeer 33
 https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b40d10ae-5a34-4
183-a4c1-0f074abd0af4/Chapter7_Managing_SELinux_Security.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/0d1d904b-56b0-4
e59-84a3-00c807f10d09/Chapter6_Controlling_Access_to_Files_with_Access_C
ontrol_Lists_(ACLs).txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/103e7c2e-8562-4
802-bf51-9bedc9ea92bf/Chapter5_Managing_Priority_of_Linux_Processes.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/deb62087-d28b-4
7fd-85c6-cde50e031ade/Chapter4_Scheduling_Future_Linux_Tasks.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b62cb1c9-218e-4
82b-99ff-983946adc0ed/Chapter3_Creating_and_Editing_Text_Files_with_vim.tx
t

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d3a5469e-f7df-4d
ae-b721-42eff8702c6a/Chapter2_Using_Regular_Expressions_with_grep.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b7c483eb-107d-4
c6e-8313-aecc7b243b57/Chapter1_Automating_Installation_with_Kickstart.txt

Linux Abeer 34
 https://s3-us-west-2.amazonaws.com/secure.notion-static.com/420705a3-77bb-4
034-bcb7-1ccf5e46173a/Chapter14_Limiting_Network_Communication_with_fire
walld.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ac85ab19-5132-4
620-881b-debbef785bcc/Chapter13_Controlling_and_Troubleshooting_the_Red
_Hat_Enterprise_Linux_Boot_Process(2).txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1c714276-42b0-4
326-b2d6-27bdc17b83dd/Chapter12_Accessing_Network_Storage_with_SMB.tx
t

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/48f5f603-1806-47
cd-9a1f-3a0733c571ab/Chapter11_Accessing_Network_Storage_with_Network_
File_System_(NFS).txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/afd2c963-8c41-4
40e-9421-86c6e0fda204/Chapter10_Managing_Logical_Volume_Management_
(LVM)_Storage.txt

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1b7e48ce-4934-4
dda-81cd-6016387c4253/RAID.txt

Linux Abeer 35
 Chapter 1

# The server side:

[root@master ~]# yum install -y system-config-kickstart
[root@master ~]# yum install -y vsftpd
[root@master ~]# systemctl start vsftpd
[root@master ~]# systemctl enable vsftpd
[root@master ~]# mount /dev/cdrom /var/ftp/pub/
[root@master ~]# setenforce 0
[root@master ~]# systemctl stop firewalld

[root@master ~]# system-config-kickstart

Or)
Applicatons> System Tools> Kickstart

[root@master ~]# ksvalidator /var/ftp/ks.cfg (to check for kick start file synta
x)

# The client side:

At the begining of the installation press tab:
linux ks=ftp://192.168.1.1/ks.cfg ip=192.168.1.2 netmask=255.255.255.0 gateway=192.168.1.2
54
Or)
linux ks=ftp://192.168.1.1:2020/ks.cfg ip=192.168.1.2 netmask=255.255.255.0 gateway=192.16
8.1.254

• ks=http://server/dir/file
• ks=ftp://server/dir/file
• ks=nfs:server:/dir/file
• ks=hd:device:/dir/file
• ks=cdrom:/dir/file

Chapter 2

Writing regular expressions:

- Regular expressions are a language of their own, which means they have their own syntax
and rules.
- Used with tools like grep, vim, sed, awk.
[root@master ~]# man 7 regex
===================================================
Matching Text with grep:
[root@master ~]# grep cat /usr/share/dict/words
[root@master ~]# grep ^cat /usr/share/dict/words
[root@master ~]# grep cat$ /usr/share/dict/words
[root@master ~]# grep ^cat$ /usr/share/dict/words

Linux Abeer 36
 [root@master ~]# grep c.t /usr/share/dict/words
[root@master ~]# grep ^c.t$ /usr/share/dict/words
[root@master ~]# grep c[aou]t /usr/share/dict/words
[root@master ~]# grep ^c[aou]t$ /usr/share/dict/words
[root@master ~]# grep -e cat -e tele /usr/share/dict/words
[root@master ~]# grep -r abeer /etc
[root@master ~]# grep -rl abeer /etc (list the file names only)
[root@master ~]# grep -r ^...$ /etc/

. -i case insensitive
. -v reverse
. -r recursive
. -n number the lines
. -A3 DIsplay 3 lines after the regular expression match.
. -B3 DIsplay 3 lines before the regular expression match.
. -e Used for multiple search patterns
[root@master ~]# ps aux | grep root
[root@master ~]# ps aux | grep ^root
===================================================
cut, tr, sed and awk:
[root@master ~]# cut -f 3 -d : /etc/passwd (cut uses the tab as a delemiter by defaul
t)
[root@master ~]# cut -f 1 -d : /etc/passwd | sort
[root@master ~]# cut -f 1 -d : /etc/passwd | sort | less

[root@master ~]# echo hello world | tr a-z A-Z

[root@master ~]# echo hello world | tr [a-z] [A-Z]
[root@master ~]# echo hello world | tr [:lower:] [:upper:]

[root@master ~]# sed 2q /etc/passwd (head -n 2 /etc/passwd)

[root@master ~]# sed -n /^root/p /etc/passwd (grep ^root /etc/passwd)
[root@master ~]# sed -n 5p /etc/passwd
[root@master ~]# sed -i 's/abeer/ABEER/g' file (substitute abeer with ABEER globally)

[root@master ~]# ps aux | grep root | awk '{ print $2 }' (used like cut)

[root@master ~]# head /etc/passwd | tail -1

===================================================
Best wishes:
Abeer :)

Chapter 3

vim editor (visual interface):

- vim is backward-compatible with vi.
- vim editor provides syntax highlighting, completion modes, spell-checking, scripting in
multiple languages, file-type plug-ins, and many other options.

Linux Abeer 37
 - When an unprivileged user invokes the command vi on a RHEL7 machine, the command that is
executed will be vim. This is done with an alias that is set from /etc/profile.d/vim.sh wh
en the shell starts.
This alias is not set for users with a UID less than or equal to 200. These users will exe
cute vi, which is vim in vi compatible mode. This means that any features not found in cla
ssic vi will be disabled.
================================================
Different versions of vim:
• vim-minimal: This package only provides vi and included in a minimal installation of RHE
L7.
• vim-enhanced: This package provides the vim command.
• vim-Xll: This package provides gvim (graphical vim).
================================================
vim modes:
• Command mode: used for cut, paste, Undo, redo, and others.
• Insert mode: used for normal text editing.
• Ex mode: used to save, quit, open files, search & replace and other more complex op
erations.
================================================
Editing text:
i.... Switch to insert mode, and start inserting before the current cursor position (inser
t).
a.... Switch to insert mode, and start inserting after the current cursor position (appen
d).
I.... Move the cursor to the start of the current line and switch to insert mode.
A.... Move the cursor to the end of the current line and switch to insert mode.
R.... Switch to replace mode, starting at the character under your cursor. In replace mod
e, text is not inserted, but each character you enter replaces a character in the current
document.
o.... Open a new line below the current one, and switch to insert mode.
O.... Open a new line above the current one, and switch to insert mode.
:10.... Go to line 10
================================================
Move the cursor (in command mode):
h.... Cursor left one position
l.... Cursor right one position
j.... Cursor down one line
k.... Cursor up one line
12j...Move the cursor 12 lines down.
$.... Move to the end of the current line.
gg... Move to the first line of the document.
G.... Move to the last line of the document.
w.... Move cursor to beginning of next word.
5w... Move the cursor five words.
b.... Move cursor to beginning of previous word.
(.... Move cursor to beginning of current or previous sentence.
).... Move cursor to beginning of next sentence.
{.... Move to beginning of current/previous paragraph.
}.... Move cursor to beginning of next paragraph.
================================================
Saving files (in Ex mode):
:wq Save anb quit the current file.
:x Save the current file if there are unsaved changes, then quit.
:w Save the current file and remain in editor.

Linux Abeer 38
 :w <filename> Save the current file under a different file name.
:q Quit the current file (only if there are no un saved changes).
:q! Quit the current file, ignoring any un saved changes.
ZZ In command mode, saves the current file if there are unsaved changes, then quit.
================================================
Getting help:
[root@master ~]# vimtutor
Or)
:help
:help save
:q
================================================
Replacing or deleting text:
cw... Replaces one word.
3cw... Replaces three words.
c$ OR C OR cc... Replaces to the end of the line.
3cc... Replaces the next 3 lines.
r... Replaces a character.
x... Delete one character.
J... join two lines together.
~... Changes the case of the character under the cursor.
D... delete from the cursor to the end of the line.
:1,5d... Deletes 5 lines.
:.,+5d.. Deletes 5 lines begining from the cursor.
:.,-5d.. Deletes 5 lines up from the cursor.
:.,$d... Deletes from the cursor to the end of the file.
================================================
Copy and paste:
yw.... Copy a word.
yl.... Copy a letter.
5yaw.... Copy the current word and the next four words.
yy.... Copy a line.
3yy.... Copy three lines.
p.... Paste after the current cursor.
P.... Paste before the current cursor.
================================================
Visual mode:
character-based (started with v).
line-based (started with V).
Block-based (started with Ctrl+V).
================================================
Searching:
/... to search forward
?...to search backward
n... find the next match
N... find the previous match
================================================
Search and Replace (in Ex mode):
:1,6s/old/new (substitutes from line 1 to 6)
:%s/old/new (substitutes the entire file)
:%s/old/new/i (case insensitive)
:r file_name (copy the content of that file to the file being edited with vim)
================================================
Undo and redo (in command mode):

Linux Abeer 39
 u.... undo
(.).... redo
ctrl+r.... redo
================================================
vi Options:
:set number Enables line numbers.
:set nu Enables line numbers.
:set nonu Turn line numbers off.
:set nonumber Turn line numbers off.
:set showmode Show the current mode of operation (default on).
:set noshowmode Hide the mode of operation.
:set tabstop=4 Set tab to 4 character jumps.
:set ts=4 Set tab to 4 character jumps.
:set ignorecase Ignore case-sensitive.
:set ic Ignore case-sensitive.
:set noic Case-sensitive.
:set hlsearch Set highlighting of search results on.
:set nohlsearch Set highlighting of search results off.

- To make this options available to all vi sessions, put it into a .exrc or .vimrc file in
your HOME-directory.
================================================
Execute a command in vim:
:.!date (the current cursor position)
:3!date (in the third line)
================================================
Best wishes:
Abeer :)

Chapter 4

Scheduling one-time tasks with at:

[root@master ~]# systemctl status atd (Installed and enabled by default)
[root@master ~]# at 16:30
at> logger "Hello at 4:30 PM"
at> ctrl+d
[root@master ~]# atq (Query all at queues)
[root@master ~]# atrm 1 (Remove job number 1)
Or)
[root@master ~]# at now +5min
at> touch /root/file.txt
at> ctrl+d
[root@master ~]# at -l (Query all at queues)
[root@master ~]# at -d 2 (Remove job number 2)

[root@master ~]# at 12:07pm

[root@master ~]# at teatime tomorrow (Tea time is 16:00)

Linux Abeer 40
 [root@master ~]# at noon +4 days
[root@master ~]# at 5pm august 16 2016

[root@master ~]# ls /var/spool/at/ (Holds the jobs script files)

[root@master ~]# at -c 6 (Inspect the actual commands that will run when a job
is executed)

Note:
-unprivileged users can only see and control their own jobs. root can see and manage all j
obs.
==========================================
Scheduling Recurring Jobs with cron:
[root@master ~]# systemctl status crond (Installed and enabled by default)
[root@master ~]# crontab -e (vi editor will be started)
#comment line (optional)
Minutes Hours Day-of-Month Month Day-of-Week Command

• * for always
• A number
• x-y for a range
• x,y for lists
• */x to indicate an i nterval of x (*/7 in the minutes column will run a job exactly e
very seven minutes)
• Three-letter abbreviations can be used for both month and wee kdays.
• If the command contains an unescaped(%) that % will be treated as a newline, and everyth
ing after the % will be fed to the command on stdin.

Ex:
0 9 2 2 * /usr/local/bin/yearly_backup
*/7 9-16 * Jul 5 echo "Chime"
58 23 * * 1-5 tar cf /root/etc.tar /etc
[root@master ~]# crontab -l (List the jobs for the current user)
[root@master ~]# crontab -r (Remove all jobs for the current users)
[root@master ~]# crontab -e -u abeer (Root can manage the jobs for another use
r)
[root@master ~]# crontab (stdin will be used)
[root@master ~]# crontab <file_name> (Remove all jobs, and replace with the jo
bs read from
<file_name>)
Note:
- If the commands run from a cron job produce any output to either stdout or stderr that i
s not redirected, the crond daemon will attempt to email that output to the user owning th
at job.

[root@master ~]# vim /etc/crontab (Don't touch this file)

==========================================
Scheduling System cron Jobs:
[root@master ~]# vim /etc/crontab (not recommended to be used to schedule jobs)
[root@master ~]# ls -d /etc/cron.* (predefined jobs that run every hour, day, wee
k, and month)

Note:
- Make sure to make any scripts you place in these directories executable.
- The /etc/anacrontab file will make sure that important jobs will always be run, and not

Linux Abeer 41
 skipped accidentally because the system was turned off or hibernating.
==========================================
Managing Temporary Files:
- In the past. system administrators used a tool called tmpwatch to remove old, unused tmp
files.
- In RHEL7 systemd will start systemdtmpfiles-setup which is resposible for tmp files.
- systemd-tmpfiles-clean.service will be started 15 minutes after systemd has started, and
then once every 24 hours afterwards.
- Files will be considered unused if timestamps(atime, mtime and ctime)are older than the
systemdtmpfiles age configuration.
- The stat command can be run on a file to see the values of all three of its time stamps.

[root@master ~]# systemd-tmpfiles --remove

[root@master ~]# vim /usr/lib/tmpfiles.d/tmp.conf (should not be edited by system admin
istrator)
d /run/systemd/seats 0755 root root -
D /home/student 0700 student student 1d
L /run/fstablink - root root - /etc/fstab

- /tmp is under systemd-tmpfiles control. To override the upstream settings:

[root@master ~]# cp /usr/lib/tmpfiles.d/tmp.conf /etc/tmpfiles.d/
Then change the interval from 10d to 5d.
[root@master ~]# systemd-tmpfiles --clean tmp.conf (Test if systemd accepts the new co
nfiguration)
==========================================
Best wishes:
Abeer :)

Chapter 5

Linux process scheduling and multitasking:

- The way Linux (and other operating systems) can actually run more processes is by employ
ing a technique called time-slicing.
- The part of the Linux kernel that performs this switching is called the process schedule
r.
- there are exactly 40 different levels of niceness a process can have (-20 to 19).
- By default, processes will inherit their nice level from their parent, which is usually
0.
- Higher nice levels indicate less priority, while lower nice levels indicate a higher pri
ority.
- Only root is allowed to set negative nice levels and lower the nice level on existing pr
ocesses.
- Un privileged users are only allowed to set positive nice levels, and they are only allo
wed to raise the nice level on their existing process, but cannot lower them.

[root@master ~]# gnome-system-monitor

==========================================================================

Linux Abeer 42
 Managing Process Priorities:
- Processes are scheduled according to priority.
- negative values are allowed only to root.
- When a process is started, it will inherit the nice level from its parent.

[root@master ~]# ps l (To show nice values)

Or)
[root@master ~]# ps axo user,pid,nice,command
[root@master ~]# ps axo user,pid,command,nice --sort=nice
[root@master ~]# ps axo user,pid,command,nice --sort=user

-The nice command is used to start a process with a user defined priority.
[root@master ~]# nice vim text & (Default is 10)
[1] 9182

[root@master ~]# nice -n 15 vim text &

-The renice command is used to change the priority of a currently running process.
[root@master ~]# renice 19 9182 (19 is the new value)

[root@master ~]#top (press r to renice a process)

==========================================================================
Best wishes
Abeer :)

Chapter 6

Access control list:

- ACL gives permissions to more than one user or group on a file or a directory.
- ACL sets default permissions for newly created files and directories.
- The file system needs to be mounted with ACL support enabled. XFS file systems have buil
tin ACL support. Ext4 file systems created on RHEL7 have the acl option enabled by defaul
t, but ext4 file systems c reated i n ea rlier versions of Red Hat Enterprise Linux may ne
ed the acl option included with the mount request.

[root@master ~]# ls -l file.txt

+ (The "+" at the end of the 10-character permission string indicates that there are ACL
settings
associated with this file)

[root@master ~]# getfacl file.txt

[root@master ~]# getfacl . (display ACL settings on the working directory)

[root@master ~]# setfacl -m u:abeer:rw file.txt

[root@master ~]# setfacl -m o::rw file.txt
[root@master ~]# setfacl -m g:sales:rw dir1
[root@master ~]# setfacl -R -m g:sales:rw dir1

Linux Abeer 43
 [root@master ~]# setfacl -x u:abeer file.txt
[root@master ~]# setfacl -b file.txt (roll back to the default ACL)

Best wishes:
Abeer :)

Chapter 7

Basic SELinux security concepts (Security Enhanced Linux):

- There are two types of security, DAC (discretionary access control) and MAC (mandatory a
ccess control)
- A primary goal of SELinux is to protect user data from system services that have been co
mpromised.
- In SElinux, system is defined as subject (users,services) and object (files/folders, por
ts, socket)
- A context is a label on processes, files, and ports that determine access.
- A boolean is a switch that enables/disables a set of policy rules.
- There is a policy rule that permits Apache (the web server process running as httpd_t) t
o access files and directories with a context normally found in /var/www/html and other we
b server directories (httpd_sys_content_t).
- There is no allow rule in the policy for files normally found in /tmp and /var/tmp, so a
ccess is not permitted.

[root@master ~]# id -Z
[root@master ~]# ps auxZ [root@master ~]# ps aux -Z
[root@master ~]# ls -Z
[root@master ~]# netstat -Z

Ex:
system_u:object_r:admin_home_t:s0
system_u ... User type
object_r ... Role type
admin_home_t ... Type
s0 ... mls(multi level security), mcs(multi category security)
================================================================
SELinux modes:
Enforcing mode: SELinux both logs and protects.
Permissive mode: used to trouble shoot issues. SELinux only logs.
Disabled mode: completely disables SELinux.
- No reboot is required to go from enforcing to permissive or back again.
- A system reboot is required to disable SELinux entirely, or to get from disabled mode to
enforcing or permissive mode.

[root@master ~]# getenforce

[root@master ~]# sestatus

Linux Abeer 44
 [root@master ~]# setenforce 0 (permissive mode)
[root@master ~]# setenforce 1 (enforcing mode)
[root@master ~]# vim /etc/selinux/config (RHEL7)
[root@master ~]# vim /etc/sysconfig/selinux (older versions)
================================================================
Changing SELinux Contexts:
- The context of the parent directory is assigned to the newly created file.
[root@master ~]# yum -y install httpd
[root@master ~]# systemctl start httpd
[root@master ~]# systemctl enable httpd
[root@master ~]# setenforce 0
[root@master ~]# vim /var/www/html/file.txt

firefox>> http://127.0.0.1/file.txt

[root@master ~]# chcon -t test_t /var/www/html/file.txt

[root@master ~]# setenforce 1 (file now will not be accessible)

[root@master ~]# restorecon -R /var/www/html/file.txt

- File contexts will be changed back to their default context if the system's file systems
are relabeled at boot time.
================================================================
Monitoring SELinux violations:
[root@master ~]# rpm -qa | grep setroubleshoot
[root@master ~]# tailf /var/log/messages
[root@master ~]# tailf /var/log/audit/audit.log
[root@master ~]# sealert
================================================================

Best wishes:
Abeer :)

Chapter 8

#Setting LDAP server using open IPA:

- LDAP(Lightweight Directory Access Protocol) server is used as a centralized authenticati
on server.
- LDAP is also used to store accounts, permissions, ACL, quota and more.
- Kerberos provides SSO authentication services using TGT (Ticket Granting Ticket)

[root@master ~]# setenforce 0

[root@master ~]# vim /etc/sysconfig/selinux
SELINUX=permissive
[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl disable firewalld
[root@master ~]# vim /etc/hosts
192.168.1.100 master.redhat.com master
[root@master ~]# yum -y install ipa-server bind-dyndb-ldap ipa-server-dns

Linux Abeer 45
 [root@master ~]# ipa-server-install --setup-dns
[root@master ~]# authconfig --enablemkhomedir --update
[root@master ~]# systemctl enable sssd
[root@master ~]# systemctl start sssd
[root@master ~]# kinit admin (test kerberos admin)

- Now to add users to LDAP:

[root@master ~]# ipa user-add
[root@master ~]# ls
cacert.p12 (this is not the certificate you will need in user authentictio
n)

[root@master ~]# cd /etc/ipa/

ca.crt (this is the certificate you will need in user authentiction)
[root@master ~]# klist (to show kerberos credentials)

Hint:
[root@master ipa]# cat /etc/resolv.conf
nameserver 127.0.0.1 (since RHEL7.2)

firefox> http://localhost

[root@master ~]# ipactl status

- To install the certificate:

[root@master ~]# mkdir /var/www/html/pub
[root@master ~]# cp /etc/ipa/ca.crt /var/www/html/pub/
===============================================================
For clinet:
[root@client ~]# yum -y install authconfig-gtk sssd krb5-workstation
sssd (system security service daemon)
[root@client ~]# authconfig (CLI tool)
[root@client ~]# authconfig-tui (TUI tool)
[root@client ~]# authconfig-gtk (GUI tool)
[root@client ~]# system-config-authentication (GUI tool)
Applications> Sundry > authentication

[root@client ~]# vim /etc/nslcd.conf (all info we provided using the authconfig
-gtk tool)
[root@client ~]# cd /etc/openldap/carcerts (path of the certificate)
===============================================================
Using a public LDAP server over the internet:

[root@client ~]# yum -y install authconfig-gtk sssd krb5-workstation

[root@client ~]# authconfig-gtk
User Account Database: LDAP
LDAP Search Base DN: dc=rhcertification,dc=com
LDAP Server: server.rhcertification.com
Use TLS to encrypt connections:
Certificate URL: ftp://server.rhcertification.com/pub/slapd.pem
Authentication Method: LDAP password
===============================================================
Sharing home directory using samba autofs:

Linux Abeer 46
 [root@client ~]# yum -y install autofs
[root@client ~]# vim /etc/auto.master
/home/guests /etc/auto.guests

[root@client ~]# vim /etc/auto.guests

* -fstype=cifs,username=ldapusers,password=password ://master.redhat.com/data/&

[root@master ~]# vim /etc/samba/smb.conf

[data]
comment = LDAP user home directories
path = /home/guests
public = yes
writable = no
===============================================================
Sharing home directory using nfs autofs:
[root@master ~]# yum install -y nfs-utils
[root@master ~]# vim /etc/exports
/data -rw *(rw,no_root_squash)

[root@master ~]# systemctl start nfs

[root@client ~]# showmount -e 192.168.1.100
[root@client ~]# vim /etc/auto.master
/nfsserver /etc/auto.nfsserver

[root@client ~]# vim /etc/auto.nfsserver

mydata -rw 192.168.1.100:/data

[root@client ~]# systemctl restart autofs

[root@client ~]# cd /nfsserver/
[root@client nfsserver]# cd mydata

- NFS can't be used over the internet but locally only.

===============================================================
Joining a system to Active Directory:
[root@client ~]# yum install -y realmd
[root@client ~]# realm discover server.ecst.com
[root@client ~]# realm join server.ecst.com (using administrator account)
[root@client ~]# realm join --user abeer server.ecst.com (using abeer account)
[root@client ~]# realm permit --realm server.ecst.com --all (to enable logins using AD)
[root@client ~]# realm permit --realm server.ecst.com server\\abeer (to only allow login
for user abeer
using A)
===============================================================

Best wishes:
Abeer :)

Chapter 9

Linux Abeer 47
 MBR vs GPT:
- MBR supports a maximum of four primary partitions (max of 63 logical patitions), with a
total size of the hard disk of 2Tbyte (2^31 byte)
- GPT supports a maximum of 128 partitions, with a total size of the hard disk of (2^72 by
te)
-MBR is 512 byte .64 byte partition table
.446 byte boot loader
.2 byte magic number
==========================================
Managing MBR partitions with fdisk:
[root@master ~]# fdisk -l
[root@master ~]# fdisk /dev/sdb
m: for help
l: list known partition types
o: create a new empty DOS partition table
n: add a new partition
p: print the partition table
d: delete a partition
w: write table to disk and exit

- If the newly created partition should have a type other than Linux, enter the t command
to change a partition's type.

[root@master ~]# fdisk -l /dev/sdb

[root@master ~]# partprobe /dev/sdb (or reload the system)
[root@master ~]# mkfs.ext4 /dev/sdb1
[root@master ~]# mkdir /mydata
[root@master ~]# mount /dev/sdb1 /mydata/
[root@master ~]# df -h
[root@master ~]# df -hT (show the file system used)
[root@master ~]# mount | grep sdb (show all mounted systems)
- The file system can be mounted using more than one directory.
[root@master ~]# umount /mydata/ OR [root@master ~]# umount /dev/sdb1
[root@master ~]# vim /etc/fstab
/dev/sdb1 /mydata ext4 defaults 0 0

[root@master ~]# mount -a (re-read the fstab file)

[root@master ~]# e2label /dev/sdb1 data
[root@master ~]# e2label /dev/sdb1
[root@master ~]# blkid
[root@master ~]# blkid /dev/sdb1
[root@master ~]# vim /etc/fstab
LABEL=data /mydata ext4 defaults 0 0

[root@master ~]# vim /etc/fstab

UUID=2cc90e10-8a48-4cbe-8b8b-dd1097ed0ae9 /mydata ext4 defaults 0 0

Hint)
[root@master ~]# dd if=/dev/random of=/dev/sdb bs=1M count=512 (to delete the MBR of th
e hard disk)

- If no type is specified with mkfs command, (ext2) file system will be used.

Linux Abeer 48
 ==========================================
Managing GPT partitions with gdisk:
[root@master ~]# gdisk /dev/sdb
==========================================
Swap:
[root@master ~]# mkswap /dev/sdb1
[root@master ~]# swapon /dev/sdb1
[root@master ~]# swapon -a (activate all swap spaces listed in the /etc/fstab
file)
[root@master ~]# free -m (show the swap file system)
[root@master ~]# swapon -s (show the swap file system)
[root@master ~]# vim /etc/fstab
/dev/sdb2 swap ext4 defaults 0 0
[root@master ~]# swapoff /dev/sdb1

- A file can be used as a swap file:

[root@master ~]# dd if=/dev/random of=/swap_file bs=1M count=1024
[root@master ~]# mkswap /swap_file
[root@master ~]# swapon /swap_file

- Before moving the swap file to another location, swapoff must be run.
- If data cannot be written to other places, the swapoff will fail, with an error, and the
swap space will stay active.
- By default, swap spaces are used in series, meaning that the first activated swap space
will be used until it is full, then the kernel will start using the second swap space. Sw
ap space priorities are displayed with swapon - s, and can be set with the pri= mount opti
on. If swap spaces have the same priority, the kernel will write to them round-robin inste
ad of writing to a single swap space until it is at capacity.
==========================================

Best wishes:
Abeer :)

Chapter 10

Logical volume management (LVM):

- Volumes can consist of more than one disk.
- Easy resize operation.
- Easy replacement of failing disks.
- Advanced options such a working with snapshots, which allows you to create backups even
if they are open.
- Easy to add new volumes.
- Easy to add many volumes.
- Upto 256 logical volume.

steps:
1- Partition physical storage
2- Create physical volume (PV) (LVM automatically segments PVs into physical extents (P
E))

Linux Abeer 49
 3- Create volume group(VG) (PV can only be allocated to a single VG)
4- Create logical volume (LV)
- Mirroring causes each Logical Extent to map to two Physical Extents.
[root@master ~]# pvcreate /dev/sdb1 /dev/sdc1 /dev/sdd1 (label the partition for use wit
h LVM)
[root@master ~]# pvdisplay
[root@master ~]# pvdisplay /dev/sdb1
[root@master ~]# pvs
[root@master ~]# vgcreate VG1 /dev/sdb /dev/sdc1 /dev/sdd1
[root@master ~]# vgdisplay
[root@master ~]# vgdisplay VG1
[root@master ~]# vgs
[root@master ~]# lvcreate -n LV1 -L 2G VG1
[root@master ~]# lvdisplay
[root@master ~]# lvdisplay /dev/VG1/LV1
[root@master ~]# lvs
[root@master ~]# mkfs.xfs /dev/VG1/LV1
[root@master ~]# mkdir data
[root@master ~]# mount /dev/VG1/LV1 data
[root@master ~]# df -h

- Removing a logical volume will destroy any data stored on the logical volume.
[root@master ~]# lvremove /dev/VG1/LV1 (file system must be unmounted first)
[root@master ~]# vgremove VG1
[root@master ~]# pvremove /dev/sdb1 /dev/sdc1 /dev/sdd1
===========================================================
Extending Logical Volumes (no down time):

[root@master ~]# pvcreate /dev/sde1

[root@master ~]# vgextend VG1 /dev/sde1
[root@master ~]# lvextend -L +3G /dev/VG1/LV1
[root@master ~]# xfs_growfs /dev/VG1/LV1 (update the file system for XFS file sy
stems)
[root@master ~]# resize2fs /dev/VG1/LV1 (update the file system for other file
systems)

Or:
[root@master ~]# lvextend -r -L +3G /dev/VG1/LV1 (extend and update in one step)
===========================================================
Shrinking a volume group:
- XFS doesn't support shrinking.
[root@master ~]# umount data
[root@master ~]# resize2fs /dev/VG1/LV1 100M
[root@master ~]# e2fsck -f /dev/VG1/LV1
[root@master ~]# lvreduce --size -3G /dev/VG1/LV1
[root@master ~]# lvreduce --size -r -3G /dev/VG1/LV1
[root@master ~]# vgreduce VG1 /dev/sde1 (removes sde1 from VG1)
[root@master ~]# mount /dev/VG1/LV1 data
===========================================================
Device mapper:
- The kernel uses the mapper to connect to storage devices such as LVM, RAID, LUCKS.
[root@master ~]# ll /dev/dm-0
[root@master ~]# ll /dev/mapper/VG1-LV1
[root@master ~]# ll /dev/VG1/LV1

Linux Abeer 50
 ===========================================================
Create a LVM snapshot:
1- Check data on LVM volume.
2- Take a snapshoot.
[root@master ~]# lvcreate --size 100m --snapshot --name snap /dev/VG1/LV2
3- Mount sanpshoot.
4- Unmount LVM.
5- Check data.
===========================================================
Best wishes:
Abeer :)

Chapter 11

Network File System:

- RHEL7 supports NFSv4 by default, and falls back automatically to NFSv3 and NFSv2 if that
is not available.
- NFSv4 uses the TCP protocol to communicate with the server, while older versions of NFS
may use either TCP or UDP.
- NFS requires rpcbind, which dynamically assigns ports for RPC services and can cause pro
blems for configuring firewall rules. To allow clients to access NFS shares behind a firew
all, edit the /etc/sysconfig/nfs configuration file to control which ports the required RP
C services run on.
( Allow TCP and UDP port 2049 for NFS and allow TCP and UDP port 111 (rpcbind/sunrpc)).
- NFS doesn't support user authentication.
- All users can see the exported directories even if they don't have access.

[root@master ~]# yum install -y nfs-utils

[root@master ~]# systemctl start nfs-server (nfs in previous distributions)
[root@master ~]# systemctl enable nfs-server
[root@master ~]# systemctl stop firewalld
[root@master ~]# vim /etc/exports
/data 192.168.1.0/24(ro)
/data 192.168.1.101(rw)
/data ecst.com(rw)
/data pc.ecst.com(ro)
/data 192.168.1.0/24(ro) 192.168.2.0/24(rw)

- Options can be ro, rw, sync, root_squash and no_root_squash

[root@master ~]# systemctl restart nfs-server (terminates all open sessions)

[root@master ~]# exportfs -r (re-read the config file without term
ination of open sessions)
[root@master ~]# exportfs -f (force re-read the config file)

[root@client ~]# showmount -e 192.168.1.100

[root@client ~]# mount 192.168.1.100:/data /root/data
[root@client ~]# df -hT (nfs4)
[root@client ~]# vim /etc/fstab

Linux Abeer 51
 192.168.1.100:/data /root/data nfs _netdev 0 0
or)
192.168.1.100:/data /root/data nfs defaults,timeout=3 0 0
==========================================================================
The root squash:

[root@master ~]# vim /etc/passwd

nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

[root@master ~]# vim /etc/exports

/data 192.168.1.0/24(rw,no_root_squash)

[root@client data]# chmod a=rw file1 (will be permitted)

==========================================================================
To give write permissoions to the users:
[root@master ~]# chmod o+w /data/
[root@client ~]# cd data/
[root@client data]# touch file5
==========================================================================
Autofs:
The automounter is a service (autofs} that can automatically mount NFS shares "on demand,"
and will automatically unmount NFS shares when they are no longer being used.

[root@client ~]# yum install -y autofs

[root@client ~]# systemctl start autofs
[root@client ~]# systemctl enable autofs
[root@client ~]# vim /etc/auto.master
/root/data /etc/auto.data

[root@client ~]# vim /etc/auto.data

pub -rw 192.168.1.100:/data
where pub is the target directory we want to access.

[root@client ~]# systemctl restart autofs

[root@client ~]# cd data/pub
[root@client ~]# df -hT
192.168.1.100:/data nfs4 10G 32M 10G 1% /root/data/pub

[root@client ~]# vim /etc/autofs.conf

timeout = 300 (the idle user will be disconnected after 5 min by def
ault)
==========================================================================

Best wishes:
Abeer :)

Chapter 12

Linux Abeer 52
 Accessing Network Storage with SMB:
- Samba allows file and print sharing between computers running Microsoft Windows and comp
uters running Unix.
- It is an implementation of dozens of services and a dozen protocols, including (Netbio
s, SMB, CIFS, WINS, DFS and more)
- Samba (137,138 UDP and 139,445 TCP)

[root@master ~]# yum install samba -y

[root@master ~]# systemctl start smb nmb
[root@master ~]# systemctl stop firewalld
[root@master ~]# vim /etc/samba/smb.conf
[Shared_data] (any comment)
path = /shared_data
browseable = yes
read only = yes
writable = no
public = yes
hosts allow = 192.168.1.0/24
valid users = abeer ahmed mohamed

[root@master ~]# systemctl restart smb nmb

[root@master ~]# smbpasswd -a abeer
[root@master ~]# setenforce 0
[root@master ~]# chmod 777 /shared_data

1- For Windows users:

run.. \\192.168.1.100

2- For Linux users:

Places.. connect to server
smb://192.168.1.100
=======================================================
Mounting SMB file systems with the automounter:
[root@client ~]# yum -y install samba-client
[root@client ~]# smbclient -L 192.168.1.100
[root@client ~]# yum -y install cifs-utils
[root@client ~]# mount //192.168.1.100/Shared_data /data -o,username=abeer,password=123
[root@client ~]# vim /etc/fstab
//192.168.1.100/Shared_data /data cifs _netdev,username=abeer,password=123 0
0

[root@client ~]# mount -a

[root@client ~]# df -hT
Or:
[root@client ~]# vim /root/secure.smb (the file name can be any thing)
username=abeer
password=123

[root@client ~]# chmod 600 /root/secure.smb

[root@client ~]# vim /etc/fstab
//192.168.1.100/Shared_data /data cifs _netdev,credentials=/root/secure.smb 0
0

Linux Abeer 53
 [root@client ~]# mount -a
[root@client ~]# df -hT
=======================================================

Best wishes:
Abeer :)

Chapter 13

Boot process:
1- POST is run using UEFI or BIOS.
2- The system firmware searches for a bootable device, by searching for a Master Boot Reco
rd (MBR).
3- The system firmware reads a boot loader from disk (Grub2).
4- The boot loader loads its configuration from disk, and presents the user with a menu of
possible configurations to boot.
5- The boot loader loads the configured kernel and initramfs from disk and places them in
memory.

[root@master ~]# vim /etc/default/grub

[root@master ~]# grub2-mkconfig (compiling the grub after editing the file)
[root@master ~]# ls /usr/lib/systemd/system/ (default scripts. Don't touch it)
[root@master ~]# cd /etc/systemd/system/ (put your script here)
=======================================================
Selecting a Boot Target:
1- shutdown.target
2- multi-user.target (multiple users, text-based logins only)
3- graphical.target (multiple users, graphical and text-based logins)
4- reboot.target
5- rescue.target
6- emergency.target (the root file system mounted read-only)
7- and more...

[root@master ~]# systemctl get-default

[root@master ~]# systemctl set-default graphical.target
[root@master ~]# systemctl set-default multi-user.target
[root@master ~]# systemctl set-default rescue.target
[root@master ~]# systemctl default
=======================================================
Boot,reboot, and shutdown:
[root@master ~]# systemctl poweroff
[root@master ~]# poweroff
[root@master ~]# systemctl reboot
[root@master ~]# reboot
=======================================================
Selecting a different target at boot time:
1. (Re)boot the system.
2. Interrupt the boot loader menu countdown by pressing any key.

Linux Abeer 54
 3. Press e to edit the current entry.
4. Move the cursor to the line that starts with linux16.
5. Append systemd.unit=desired.target.
6. Press Ctrl+x to boot with these changes.
=======================================================
Password Recovery:
1. Reboot the system.
2. Interrupt the boot loader countdown by pressing any key.
3. Press e to edit the selected entry.
4. Move the cursor to the kernel command line (the line that starts with linux16).
5. Append rd.break (this will break just before control is handed from the init ramfs to t
he actual system).
6. Press Ctrl+x to boot with the changes.
7. mount -o remount,rw /sysroot
8. chroot /sysroot
9. passwd root
10. touch /.autorelabel
11. Ctrl+D
12. Ctrl+D
=======================================================
Repairing File System Issues at Boot (for example LUKS issues):
1. (Re)boot the system.
2. Interrupt the boot loader menu countdown by pressing any key.
3. Press e to edit the current entry.
4. Move the cursor to the line that starts with linux16.
5. Append systemd.unit=emergency.target
6. [root@master ~]# mount -o remount,rw /
7. Edit /etc/fstab file.
8. Edit /etc/cryptotab file. (in case of LUKS file system)
=======================================================
Repairing Boot Loader Issues (grub2):
- Grand Unified BootLoader.
1. Boot from the CD drive.
2. type <linux rescue>
3. #df -h
4. #chroot /mnt/sysimage
5. #grub2-install /dev/sda
=======================================================
Securing GRUB2 with a password:
[root@master ~]# grub2-setpassword
=======================================================

Best wishes:
Abeer :)

Chapter 14

Linux Abeer 55
 Netfilter and firewalld concepts:
- The Linux kernel includes netfilter, which allows kernel modules to inspect every packet
traversing the system.
- Tools like iptables, ip6tables, ebtables and firewalld are used to manage netfilter.
- Firewalld both covers IPv4 and IPv6 settings (new in RHEL7).
- Firewalld classfies the network into zones (private, public, DMZ) and each zone includes
interfaces.
- The default zone is set to public and interfaces are assigned to public if no changes ar
e made. The lo interface is treated as if it were in the trusted zone.
==============================================
firewalld config:
[root@master ~]# yum install firewall-config
Or)
Applications> sundry> firewall
[root@master ~]# systemctl status firewalld
[root@master ~]# firewall-config (GUI tool to manage firewalld)
[root@master ~]# firewall-cmd --get-zones (list all zones)
[root@master ~]# firewall-cmd --get-services (list all services)
[root@master ~]# firewall-cmd --get-default-zone
[root@master ~]# firewall-cmd --set-default-zone=home
[root@master ~]# ls /usr/lib/firewalld/services/ (default system services)
[root@master ~]# firewall-cmd --zone=public --add-service=high-availability (volatil
e)
[root@master ~]# firewall-cmd --permanent --zone=public --add-service=high-availability
(permanent)
[root@master ~]# firewall-cmd --list-all (to verify)

- If not configured, the default zone will be used.

==============================================
Examples:
- zone:DMZ , allow SSH, NTP, FTP, VNC, apache and DNS

[root@master ~]# firewall-cmd --get-default-zone

[root@master ~]# firewall-cmd --set-default-zone=dmz
[root@master ~]# firewall-cmd --get-services
[root@master ~]# firewall-cmd --permanent --add-service=ssh
[root@master ~]# firewall-cmd --permanent --add-service=ntp
[root@master ~]# firewall-cmd --permanent --add-service=ftp
[root@master ~]# firewall-cmd --permanent --add-service=vnc-server
[root@master ~]# firewall-cmd --permanent --add-service=http
[root@master ~]# firewall-cmd --permanent --add-service=dns

Or:
[root@master ~]# firewall-cmd --permanent --add-port=ssh/tcp
[root@master ~]# firewall-cmd --list-all
- Any changes made in the Permanent configuration will not become active until the next ti
me that the firewalld service unit is restarted or rloaded. Likewise, any changes made in
the Runtime configuration will not survive a reload or restart of the firewalld service.
[root@master ~]# systemctl restart firewalld
Or)
[root@master ~]# firewall-cmd --reload
==============================================

Linux Abeer 56
 Remove a service or a port:
[root@master ~]# firewall-cmd --remove-service=dns
[root@master ~]# firewall-cmd --permanent --remove-service=dns
[root@master ~]# firewall-cmd --remove-port=22/tcp
[root@master ~]# firewall-cmd --permanent --remove-port=22/tcp
==============================================

Best wishes:
Abeer :)

RAID

Redundant Array Of Independent Disks:

1- RAID-0 (stripping) no fault-tolerance
2- RAID-1 (mirror) fault-tolerance
3- RAID-5 fault-tolerance
[root@master ~]# mdadm --create /dev/md0 --level=5 --raid=3 /dev/sdb1 /dev/sdc1 /dev/sde1
[root@master ~]# mdadm --detail /dev/md0
[root@master ~]# watch cat /proc/mdstat
[root@master ~]# mkfs.ext4 /dev/md0
[root@master ~]# mount /dev/md0 /data
[root@master ~]# mdadm /dev/md0 -f /dev/sdc1 (mark a partition as fail)
[root@master ~]# mdadm /dev/md0 -r /dev/sdc1 (remove a partition from RAID)
[root@master ~]# mdadm /dev/md0 -a /dev/sde1 (add another partition to the RAID)
[root@master ~]# mdadm --stop /dev/md0 (stop RAID)
[root@master ~]# mdadm -A --scan (scan RAID partitions and start the
m)
[root@master ~]# cat /proc/partitions
==========================================================
Create encrypted partition:
[root@master ~]# cryptsetup luksFormat /dev/md0 (enable encryption)
[root@master ~]# cryptsetup luksOpen /dev/md0 secret (to be able to mount the file syste
m)
[root@master ~]# ls /dev/mapper/secret
[root@master ~]# mkfs.ext4 /dev/mapper/secret
[root@master ~]# mount /dev/mapper/secret /data
[root@master ~]# umount /data/
[root@master ~]# cryptsetup luksClose /dev/mapper/secret

[root@master ~]# vim /etc/fstab

/dev/mapper/secret /data ext4 defaults 0 0

[root@master ~]# vim /etc/crypttab

Linux Abeer 57
 secret /dev/md0 none

If you reboot the system, it will ask for a password.

==========================================================
Manage modules:
- udev process is responsible for loading new modules.
[root@master ~]# lsmod (list all modules)
[root@master ~]# udevadm monitor (monitors any newly added hardware)
[root@master ~]# modprobe -r e1000 (remove a module and all its dependencies)
[root@master ~]# modprobe e1000 (add a module and all its dependencies)
[root@master ~]# modinfo e1000
[root@master ~]# modinfo cdrom
[root@master ~]# ls /sys/module/ (currently loaded modules)
==========================================================

Best wishes
Abeer :)

Linux Abeer 58