Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
91 Cards in this Set
- Front
- Back
|
Objective: |
Section 105.1
Customizing the shell environment |
|
|
/etc/profile
|
Global profile for the bash shell is stored here. This calls all files in /etc/profile.d and It also points to the bash profile which is located in /etc/bash.bashrc or /etc/bashrc (which contains global aliases). After /etc/profile.d is called it will call the users bash profile. It looks for this bash profile in this order: /home/user/.bash_profile or /home/user/.bash_login or /home/user/.profile . Whichever file exists will also point to /home/user/.bashrc which contains profile specific aliases.
|
|
|
/home/user/.bash_logout
|
k
|
|
|
/etc/skel
|
When a new user is added with useradd -m command, all files located in /etc/skel will be added to the new /home/user
|
|
|
Aliases & Functions
|
Aliases are simple substitutions for quicker cmds. ex. ll = `ls -l`
Functions are shell scripts that get loaded into memory for use in your shell. |
|
|
Variables
|
Variables are only stored in the current shell and its processes.
Environment variables are stored for current and any child processes VARNAME="variable contents", reference as $VARNAME env : lists all environment variables set : shows all variables and ftns the shell is aware of (does not actually set a variable) export : exports variable to environment variable unset : deletes var |
|
|
PATH
|
Environment variable that determines te search order for executing files in bash; can be modified in one of those 3 possible profile locations:
/home/user/.bash_profile /home/user/.bash_login /home/user/.profile |
|
|
Objective:
105.x - Shells, Scripting & Data Management (17%) |
Section 105.2
Writing shell scripts |
|
|
shell script syntax
|
#! /bin/bash
(shbang) (the interpreter needed to run this script) # (line is commented out) |
|
|
command substitution
|
command results being used as arguments
ex. VAR=$(ls -l) or VAR=`ls -l` |
|
|
CMD syntax
test -options expression |
-x : is the file executable
-e : does the file exist -eq : are the values equal -ne : are the values not equal -z : is there a value to the expression will result in an exit code which is stored in variable $? : 0 = True Not 0 (any number other than 0)= False It assigns the exit code in background; use echo $? for it's result |
|
|
Conditional statement syntax
|
if [ condition ] ;
then command1 command2 else fi |
|
|
conditional mailing to superuser
|
if [ condition ] ;
then command1 echo "email content here" | mail -s "email subject title" root else fi |
|
|
Loops
|
for _x_ in ___
do command done while [ condition ] do command done |
|
|
Objective:
105.x - Shells, Scripting & Data Management (17%) |
Section 105.3
SQL Data Management |
|
|
CMD
mysql -options database |
-u : the user to be logged in
|
|
|
mysql syntax
|
command convention for the commands is all caps while database names in lowercase.
ex. SELECT * FROM fruit WHERE color = "yellow" AND size = "small"; <=> CMD field CMD table CMD field = "" CMD field = "" INSERT INTO table (field1, 2, 3) VALUES (attr1, 2, 3); DELETE FROM ____ WHERE _____ = ""; UPDATE table SET field = 'attr' WHERE field = 'attr'; SELECT * FROM table1 JOIN table2 ON tbl1.field = tbl2.field; |
|
|
Objective:
106.x - User Interfaces and Desktops (8%) |
Section 106.1
Install and Configure X11 |
|
|
sudo X -configure
|
creates file
/home/user/xorg.conf.new which gets put into directory /etc/x11 |
|
|
X font server
|
renders fonts for x server process, configured in /home/user/xorg.conf.new
|
|
|
~/xorg.conf.new
|
Understand what things could be configured in this file:
Sections: "ServerLayout" "Files" "Module" "InputDevice" Identifier "Keyboard0" Indentifier "mouse0" option option Endsection "Monitor" "Device" Indentifier Driver "Screen" Indentifier Subsection Subsection EndSection |
|
|
xwininfo
|
gives info all about that selected program's window
|
|
|
xdpyinfo
|
gives info about the X server itself
|
|
|
startx -- :1
|
k
|
|
|
xhost +192.168.xxx.xxx
|
user from that ip address would be able to open windows on your computer
|
|
|
Objective:
106.x - User Interfaces and Desktops (8%) |
Section 106.2
Setup a Display Manager |
|
|
/etc/inittab
/etc/default/grub update-grub |
where to change the default runlevel and x11 login in RedHat
change it here in Ubuntu |
|
|
/etc/sysconfig/desktop
/etc/x11/default-display-manager |
add this line to change display manager in RedHat
DISPLAYMANAGER="KDE" or "GNOME" or "XDM" edit this file to change display managers in Ubuntu |
|
|
/etc/gdm/custom.conf
|
Add these lines to these sections to customize gdm login.
[daemon] Greeter=/usr/libexec/gdmlogin RemoteGreeter=/usr/libexec/gdmlogin [xdmcp] Enable=true : (allows remote users to login) [greeter] DefaultWelcome=false Welcome=Your welcome here |
|
|
use
locate kdmrc (location can vary) /usr/share/config/kdm/kdmrc |
edit these lines to customize kdm login
GreetString=Your greeting here [Xdmcp} Enable=true Xaccess=/usr/share/config/kdm/Xaccess Willing=/usr/share/config/kdm/Xwilling UseTheme=false /usr/share/config/kdm there are two asterisks in this file that need to be uncommented to allow "any user" to connect. :0 local /usr/bin/X -depth 24 (add this depth tag to change color depth) |
|
|
/etc/x11/xdm/xdm-config
/etc/x11/xdm/Xresources |
in /etc/x11/xdm/xdm-config
!DisplayManager.requestport: 0 (comment this line out to enable remote clients [xdm uses ! as comments instead of #]) /etc/x11/xdm uncomment the two asterisk lines to allow remote logins in /etc/x11/xdm/Xresources xlogin*greeting: your greeting here |
|
|
Objective:
106.x - User Interfaces and Desktops (8%) |
Section 106.3
Accessibility |
|
|
Sticky/Repeat Keys
Slow/Bounce/Toggle Keys Mouse Keys GOK emacspeak |
Adjust these settings in Assistive Technologies and Universal Access Preferences aka Access X:
Sticky - used for those that have trouble pressing two keys at once. ex capitalized letters, it allows to press shift then letter rather then simultaneous slow - only accept longer keypresses bounce - ignore fast duplicate keys toggle - gives a beep when toggle key pressed ex caps lock num lock mouse - use numpad to control mouse cursor Orca- program that has screen reader and has magnifier GOK - Gnome On-Screen Keyboard emacspeak - on-screen reader for emacs |
|
|
Objective:
107.x - Administrative Tasks (20%) |
Section 107.1
Manage user and group accounts and related system files |
|
|
/etc/passwd
/etc/shadow /etc/group /etc/skel |
Follow this structure
/etc/passwd username:passwd:uid:gid:info:homedir:shell (passwd field has x meaning it's stored in shadow file)(uid usually starts at 500 or 1000)(change shell to /bin/false to disable login) /etc/shadow username:passwd:timesincepasschange:minpasslifetime:maxlifetime:warningdays:inactivedays:acctdisable (shows encrypted passwd, if * then login to that account is disabled)(time is given since Jan1,1970) /etc/group groupname:passwd:gid:members /etc/gshadow groupname:passwd:gid:members (! means no passwd) |
|
|
CMDS
useradd |
-d : home directory
-m : creates home dir -s : specify the shell -g : specify group num -G : add additional groups by name -u : specify uid -c : comments (if spaces uses quotes) |
|
|
CMD
usermod userdel |
same tags as useradd and:
-L : locks or disables acct -U : unlocks or enables acct -aG : add to group (if only using -G you will need to specify every group the user is member of, need the -aG to add a new group to the previous list of groups) -r : also deletes home dir |
|
|
CMD
passwd groupadd groupdel groupmod |
changes a user password
-g : specify gid |
|
|
CMD
chage |
-l username : check user's aging info
-E YYYY-MM-DD : sets expiration date of user acct (this adjusts field in /etc/shadow) |
|
|
Objective:
107.x - Administrative Tasks (20%) |
Section 107.2
Automate system administration tasks by scheduling jobs |
|
|
CMD
cron |
cron scheduling format
min hour dayofmonth month dayofweek (user) command (Sunday can be a 0 or a 7) (user to runas [only used in the system-wide crons]) 02 14 * * * -> everyday at 2:02pm 00 15 3 3 3 -> 3:00pm every March3rd which is a Wed 01,15,45 * * * * -> 1,15, and 45min past every hour */15 * * * * -> every 15 minutes 01 01 * * 1-5 -> 1:01am on weekdays |
|
|
/etc/crontab
/etc/cron.d/ /etc/cron.daily or hourly or monthly or weekly |
/etc/crontab : system-wide crontab, only root has access, where the scheduled tasks are listed.
/etc/cron.d/ : location where installed programs can add cron jobs /etc/cron.daily/ : scripts are placed here, not cron files, the files inside these directories are executed by the system, configured in that /etc/crontab file. |
|
|
CMD
crontab (program for creating user crons) |
-e : edit
these are stored in /var/spool/cron/crontabs |
|
|
CMD
anacron at |
if a system gets shutdown and a cron doesn't get run, anacron looks for these and runs them at next system launch.
looks for these timestamps in /var/spool/anacron at scheduler is used for one time events at [time] ctrl-d to exit scheduler atq : shows scheduled actions atrm -jobnumber : deletes scheduled actions |
|
|
/etc/cron.allow or deny
/etc/at.allow or deny |
deny is usually used but if cron.allow does exist it takes precedence...so if allow exists and no users specified then nobody has access.
|
|
|
Objective:
107.x - Administrative Tasks (20%) |
Section 107.3
Localisation and Internationalisation |
|
|
Locale variables
|
locale cmd used to show the localisation variables
$LANG :default language setting LANG=en_US.utf8 LANG=en_GB.utf8 LC_ALL :variable takes precedence over all other LC.* variables so if LC_ALL=en_US.utf8 then everything will use en_US.utf8 setting LANG=C : uses default encoding, avoiding translation issues |
|
|
character encoding
|
convert character on screen to a number for the computer
ASCII : only 128 characters ISO-8859 : many subset/variations used with diff character sets UTF-8 : unicode translation format, includes most all languages rather than needing subsets convert between these encoding schemes with iconv -f : from -t : to, then specify the path of the file wanting converted, ex. /etc/fstab --list : shows all formats supported |
|
|
cmd
tzconfig : has been replaced with tzselect |
/etc/timezone : file referring to /usr/share/zoneinfo folder which specifies the timezone
/etc/localtime : copy of the binary file referenced by /etc/timezone date MMDDhhmmYYYY (cmd used to set system time) |
|
|
Objective:
108.x - Essential System Services (17%) |
Section 108.1
Maintain system time |
|
|
hwclock
|
date cmd controls system clock
hardware clock runs on battery when computer is off. sets system clock when computer boots. hwclock cmd shows hwclock time /etc/adjtime shows whether hwclock is set to your LOCAL time or UTC time hwclock --set --date="dd/MM/YYYY hh:mm" : manual set hwclock hwclock -w :writes system time to the hardwareclock hwclock -u : sets to UTC format hwclock --local : sets to local format |
|
|
pool.ntp.org
|
geographically close ntp servers
ntpdate 0.us.pool.ntp.org cmd to accurately update ntp /etc/ntp.conf : file to configure list of ntp servers |
|
|
Objective:
108.x - Essential System Services (17%) |
Section 108.2
System Logging |
|
|
syslog
|
RedHat uses syslog
Ubuntu uses rsyslog syslog setup: facility.priority action facilities are pre-set and include but not limited: auth, cron, daemon, ftp, kern, mail, user priorities include: emerg/ panic, alert, crit, err, warn, notice, info, debug actions include: file, user, pipe, remote host |
|
|
syslog.conf
syslogd |
/etc/syslog.conf : file to edit syslog
in this file it has a list of the facilities that are set to which priority alerts and where they send them. (if there is an * in the action field then that means all users get notified, usually with emerg priorities) ex. #Save user facility to separate server user.* @192.168.1.240 (send user logs to this server) (issue cmd : service syslog restart : when adding an entry to this file) to setup your server to accept logs from remote locations (like this example) you need to add -r to syslogd startup (location differs across distributions) |
|
|
logger
|
logger used to add log entries manually
-p ex. logger -p user.crit Danger we are in trouble (sends it to the location specified in the /etc/syslog.conf) |
|
|
klogd
|
kernel logger, uses same location as syslog for its configuration but its a separate process
|
|
|
Objective:
108.x - Essential System Services (17%) |
Section 108.3
Mail Transfer Agent (MTA) Basics |
|
|
Common MTAs
|
sendmail : most popular and most difficult to configure
qmail : made to replace sendmail, made with security in mind, it is public domain and not GPL exim : lots of features, supports authentication and ACLs postfix : default for many distros, supports encryption, virtual domains, and clear configuration files |
|
|
Sendmail Emulation Layer
|
config files are diff for every MTA but common commands remain compatible with sendmail for ease of use.
ex. mailq : cmd shows current mail in queue, regardless of MTA |
|
|
Email Aliases
Email Forwarding |
/etc/aliases
(system-wide) file structure user: user ex. mailer-daemon: postmaster postmaster: root (anything sent to mailer-daemon, send to postmaster, anything sent to postmaster, send to root) any time you add to that file then run the newaliases cmd users can forward email to other accts by creating /home/user/.forward |
|
|
cmd line mail program
|
used to send mail interactively, easy to use and manage but simple
|
|
|
Objective:
108.x - Essential System Services (17%) |
Section 108.4
Manage printers and printing |
|
|
CUPS
|
Common Unix Printing System
webinterface configuration http://localhost:631/ which edits: but can also be configured manually /etc/cups/cupsd.conf print server and ACL configuration file will need to adjust the listen line: Listen localhost: 631 (from) Listen 631 (to) (so it will listen for connections outside of the local pc) Browsing Off (from) Browsing On (to) (so people can browse this server for printer) /etc/cups/printers.conf (configuration file for actual printer hardware) DeviceURI socket://192.168.x.x |
|
|
lpd : legacy printing program/interface
|
/var/spool/cups
active print jobs stored here, FIFO lpd cmds lpq : shows info about queued jobs, -a flag lists queue for all printers lprm -jobnum : delete specific print job (found with lpq), no jobnum specified and just a - deletes all jobs lpr filename: sends file to printer, -Pprintername (to send to non-default printer, no space between P and printername) exs. lpq -PUSB_Laser lpq -PHP_Laser lpr -PUSB_Laser document.txt lprm -PUSB_Laser - |
|
|
cmds
|
lpc status all
shows state of all printers installed on your system cupsaccept printername : cupsreject printername : all jobs are rejected, nobody can send a job to the printer queue cupsenable printername : cupsdisable printername: jobs still get accepted into the queue but the printer won't print them until it is enabled lpmove jobnum printername : move specific job from one printer queue to another printer queue lpmove printer1 printer2 : move all jobs from printer1 to printer2 |
|
|
Objective:
109.x - Network Fundamentals (23%) *if somebody else is using these, I didn't take very many notes on networking because I knew most of it, but be aware there is much more on the test than what my cards represent. |
Section 109.1
Fundamentals of Internet protocols |
|
|
cmd
route |
shows routing table
route add default gw 192.168.x.x to add default route to the routing table route del default to delete default route Private Address Range 10 172.16-31 192.168 |
|
|
TCP and UDP Ports
|
20 TCP ftp-data
21 TCP ftp-control/login 22 TCP/UDP SSH 23 TCP telnet 25 TCP SMTP 53 TCP/UDP DNS 80 TCP/UDP HTTP 110 TCP/UDP POP3 119 TCP NNTP (usenet news) 139 TCP/UDP NetBIOS 143 TCP/UDP IMAP 161 TCP/UDP SNMP 443 TCP/UDP HTTPS (using SSL or TLS) 465 TCP SMTPS (SSL) 993 TCP/UDP IMAP (SSL) 995 TCP/UDP POP3 (SSL) /etc/services shows the services and their reserved ports |
|
|
CMDs
host dig traceroute tracepath ftp telnet ping |
traceroute and tracepath use ICMP
|
|
|
Objective:
109.x - Network Fundamentals (23%) |
Section 109.2
Basic Network Configuration |
|
|
DNS files
|
/etc/hostname
contains hostname of machine /etc/hosts dns info for the host /etc/resolve.conf where the computer looks for dns info /etc/nsswitch.conf determine order it uses for name resolution |
|
|
Network files
|
RedHat
/etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network Debian /etc/network/interfaces |
|
|
CMDs
ifconfig ifup ifdown |
display and configure network interfaces
config and activate network interfaces based upon config files |
|
|
Objective:
109.x - Network Fundamentals (23%) |
Section 109.3
Basic Network troubleshooting |
|
|
Network Interfaces
|
Auto and manual restart interface
/etc/init.d/network restart (automated script) ifdown eth0 ifup eth0 or ifconfig eth0 down ifconfig eht0 up To add a card ifconfig eth1 ip 192.168.1.2 subnet 255.255.255.0 to remove a card (other than physically removing it) lsmod to find the kernel module of the eth card rmmod modname |
|
|
Routing Table
|
netstat
listens to all network activity on your computer -n : translate numbers -t : tcp -u : udp -a : all interfaces -r : shows routing table (same as route cmd) |
|
|
Objective:
109.x - Network Fundamentals (23%) |
Section 109.4
Configure client side DNS |
|
|
k
|
/etc/nsswitch.conf
edit the hosts line in this file to change the order of dns lookup hosts: files dns hosts: dns files (files refers to /etc/hosts file) /etc/hosts 127.0.0.1 localhost ::1 localhost6 |
|
|
Objective:
110.x - Security (15%) |
Section 110.1
Perform security administration taks |
|
|
using find cmd
|
find / -perm -u+s
(find every file that has permission with the set user id on) find / -perm -g+s (find every file that has permission with the set group id on) find / -perm -u+s,g+s only show files that have both set find / -perm /u+s,g+s show files that have either set |
|
|
chage
|
no tag with a username allows you to set the aging info
-l user lists the users aging info |
|
|
ulimit
for user limits |
-a
shows all limit settings -f filesize limit the limits only apply to processes in this shell, need to save in startup file to change for new logins |
|
|
setting system wide limits
|
/etc/security/limits.conf
* hard maxlogins 1 (all users can only login one at a time, they can't login multiple times simultaneously) * hard maxsyslogins 10 (only 10 users can login to the server at a time) @faculty soft nproc 20 @faculty hard nproc 50 (members of faculty group have a soft limit of 20 concurrent processes and a hard limit of 50) |
|
|
lsof - i
nmap |
looks at /etc/services to match open ports and services
nmap 127.0.0.1 scans internal open ports nmap 192.168.1.x shows what open ports others can see on this system |
|
|
visudo
|
use visudo to edit the
/etc/sudoers user MACHINE=COMMANDS |
|
|
Objective:
110.x - Security (15%) |
Section 110.2
Setup host security |
|
|
passwords
|
/etc/passwd
(can be read by all users) /etc/shadow (only readable by root) sudo touch /etc/nologin (nobody except root can now login to the server) |
|
|
unused services
|
RedHat
/etc/init.d/httpd stop stops http service temporarily chkconfig --level 5 httpd off (now everytime puter is booted with runlevel 5 http service will not start) Ubuntu /etc/init.d/apache2 stop update-rc.d -f apache2 remove |
|
|
Super Servers
inetd (old) xinetd (new) |
one process that manages many super server processes
/etc/inetd.conf /etc/xinetd.conf includes services files from dir at /etc/xinetd.d/ |
|
|
Objective:
110.x - Security (15%) |
Section 110.3
Securing data with encryption |
