czwartek, 18 kwietnia 2013

Self prepare for REDHAT RHCSA EX200 PART 1: Understand and use essential tools

Just for fun ...

Part 1: Understand and use essential tools

1) Access a shell prompt and issue commands with correct syntax.
* on X system -> find xterm or Terminal or something terminal?
* on console just switch from F1 to F* by ALT + F*
* from X to console-> CTRL + ALT + F1
* just normal shell jobs ;) ls, ln, touch, who, which command, find and more ...  pwd, cd ~, whereis -f aaaa

2) Use input-output redirection (>, >>, |, 2>, etc.).

* '>>' redirects and append to existing file!
  /bin/whatever >> /tmp/log.big
* command output has 3 options, std input 0, std output 1 and error 2,
  where numbers 0,1 and 2 are file descriptors,
* cmd output to log file
  /bin/whatever > /tmp/log.txt
* cmd output to error file
  /bin/whatever 2> /tmp/err.txt
* just take all to one file
  /bin/whatever > /tmp/all.txt 2>&1
* take some data from cdm line
  /bin/whatever < /tmp/data.txt > /tmp/log1 2> /tmp/err1
* use pipe |, its redirect output to another program
  /bin/whatever | less

3) Use grep and regular expressions to analyze text.
* grep -vE '^(#|[ ]*$|$)' /etc/sysconfig/network
* grep '^\(wheel\|root\)' /etc/group
* egrep '^(wheel|root)' /etc/group
* grep -v ^# /etc/nsswitch.conf
+++++++++++++++++++++++++++++++
Searching for "network" in the file /usr/share/dict/words.
$grep network /usr/share/dict/words

Searching for "network" upper or lower case in the file /usr/share/dict/words.
$grep -i network /usr/share/dict/words

Searching for "network" or "computer" in the file /usr/share/dict/words.
$grep 'network|computer' /usr/share/dict/words

Regular Expression
Searching for words beginning with "network" in the file /usr/share/dict/words.
$grep ^network /usr/share/dict/words

Searching for words ending with "network" in the file /usr/share/dict/words.
$grep network$ /usr/share/dict/words

Search for words that contain "bash" in the file /usr/share/dict/words.
$grep ^network$ /usr/share/dict/words

Search for "network" or "Network" in the file /usr/share/dict/words.
$grep '[nN]etwork' /usr/share/dict/words

Search for "network0" to "network9" in the file /usr/share/dict/words.
$grep 'network[0-9]' /usr/share/dict/words

Search for "network0" to "network99" /usr/share/dict/words
$grep 'network[0-9][0-9]' /usr/share/dict/words

Search for a word with two characters in the file /usr/share/dict/words.
$grep '^..$' /usr/share/dict/words

Search for a word with three characters and has the letter "r" in the middle of the file /usr/share/dict/words.
$grep '^.r.$' /usr/share/dict/words


4) Access remote systems using ssh and VNC.
* get access to reemote host
  ssh -vC user@remote
* run command on remote host
  ssh user@remote -t 'slapcat > /tmp/data.ldiff'
* prepare ssh keys:
  ssh-keygen -t dsa
* put to remote that file from local ~/.ssh/id_dsa.pub as remote -> user/.ssh/athorized_keys to gain access without prompting password (in case where is no password for id_dsa ;) )
* to get VNC access just wrote
  vncviewer remote.host.ip.or.name
* prepare vncserver
  vncserver :1 or something like that

5) Log in and switch users in multiuser runlevels.
* after login it is easy to check what current runlevel is, just type:
  runlevel and after that it shows N 3 or what is set
* to change runlevel just wrote
  init LEVEL_NUMER, where they are possible to set from 0 to 6
  0 - halt (just shut down system)
  1 - single user mode, no services, no network, probably can ask for root password to get /bin/bash or /bin/sh, used for maintance tasks, repairs ...
  2 - multi user mode, no network
  3 - normal multi user mode, working services, network, no X11 interface (no gdm or kdm ;) )
  4 - not used
  5 - same options like 3 but with X11 interface, started GDM or KDM login screen
  6 - reboot
* in /etc/inittab go to line like this, where number says what runlevel goes as defautl, when change, just type
  "init q" for reload if changes made in inittab file

  id:3:initdefault:

* boot to single mode, just find grub or lilo, go to kernel cmd line and add word single (or maybe one letter "s" in redhat?)

* su  (to get root with local env from user)
* su - (to get root with root shell ;) )
* su - user -c "/bin/whatever" to run cmd as user
* sudo!

6) Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.

* gzip /tmp/file
* bzip2 /tmp/file
* gunzip /tmp/file.gz
* bunzip2 /tmp/file.bz2
* tar -cvf /tmp/archive.tar /dir1 /dir2 /d/a/b/c/
* tar -xvf /tmp/archive.tar -C /destination
* tar -j(bzip) or -z (gzip) to add compress option to tar command
* just check manual ;)

* tar over ssh

  send some data to archive file
  tar -zcvf - /data | ssh root@server "cat > /data/backup.tar.gz"
  same option with dd
  tar -zcvf - /data | ssh root@server "dd of=/data/backup.tar.gz"

  get some data back from archive file
  cd /local_directory
  ssh root@server "cat /data/backup.tar.gz" | tar -zxvf -
 
  send directory over ssh using tar with preserve user/group rights
  tar -cf - /directory | ssh root@remote "tar -xf - -C /remotedir"

  get directory from remote to local
  ssh root@remote "tar -cf - /remotedir" | tar -xf - -C /where_put_it_local

7) Create and edit text files.
* mcedit
* pico
* nano
* vi
* vim
* joe (ugly crap!)

8) Create, delete, copy, and move files and directories.
* echo whatever > /tmp/test.txt
* cp -v /tmp/test.txt /tmp/another.txt
* cp -v /tmp/file1 /tmp/file2 /tmp/newdir
* cp -vR /tmp/dir01 /tmp/dir02
* mv (see above)
* rm
* touch
* mkdir
* rmdir

9) Create hard and soft links.
* soft links can be deleted but source 'file' stay on disk ;)
  ln -s /source/name /destination/name
  when used -f -> destination is override (ln -sf /from /to)
* hard links, it's all crap goes on inodes
  ln -d /ddd /to.hard.link

10) List, set, and change standard ugo/rwx permissions.
* list permissions (-l = long format, more info)
  ls -la /tmp/file
  -rw-r--r-- 1 abram users 0 04-16 17:01 /tmp/aaa.txt
  OWNER/GROUP/OTHERS -> READ.WRITE, READ, READ
 
  ls -lZ /tmp/file (to see selinux properties)
  -rw-r--r-- 1 abram users ? 0 04-16 17:01 /tmp/aaa.txt
  "?" means there is no selinux settings ;)
 
  ls -ln /tmp/file (to see numerics UID/GID)
  -rw-r--r-- 1 1000 1000 0 04-16 17:01 /tmp/aaa.txt

  CHECK THAT! IF THERE IS + THERE IS ACL'S!!!
  ls -la /tmp/aaa.txt
  -rw-r--r--+ 1 abram users 0 04-16 17:01 /tmp/aaa.txt
           ^^^ -> if that + exists it goest that file or dir has ACL's


* lsattr + chattr for ext2 (just go to man page)
Attribute        Description
Append only (a)        Prevents file to be deleted, can still write
No dump (d)        Disables backups of the file from dump command
Extend format (e)    Set with the ext4 filesystem
Immutable (i)        Prevents deletion or any change to the file
Indexed (I)        Set on directories for indexing with hashed trees

# lsattr testfile
-------------e- testfile
chattr +i testfile
rm testfile
rm: remove regular file `testfile'? y
rm: cannot remove `testfile': Operation not permitted
;)

* setfattr, getfattr, attr (XFS ...)

* setfacl,  getfacl, acl (for redhat exam ;) )

  [abram@pld64 ~]$ setfacl -m u:nobody:r /tmp/aaa.txt
  [abram@pld64 ~]$ getfacl  /tmp/aaa.txt
  getfacl: Usunięcie wiodącego '/' ze ścieżek bezwzględnych
  # file: tmp/aaa.txt
  # owner: abram
  # group: users
  user::rw-
  user:nobody:r--
  group::r--
  mask::r--
  other::r--
 
  [abram@pld64 ~]$ ls -la /tmp/aaa.txt
  -rw-r--r--+ 1 abram users 0 04-16 17:01 /tmp/aaa.txt
           ^^^ -> if that + exists it goest that file or dir has ACL's

  REMOVE ACL's -> setfacl -x u:UID_NUMBER /tmp/aaa.txt

  REMOVE acl's -> for example go to that command: chacl
  [abram@pld64 ~]$ chacl  -R /tmp/aaa.txt
  [abram@pld64 ~]$ getfacl /tmp/aaa.txt
  getfacl: Usunięcie wiodącego '/' ze ścieżek bezwzględnych
  # file: tmp/aaa.txt
  # owner: abram
  # group: users
  user::rw-
  group::r--
  other::r--
 
  ls -la /tmp/aaa.txt
  -rw-r--r-- 1 abram users 0 04-16 17:01 /tmp/aaa.txt
  (and that '+' goes away ;) )

* about permisions ...
Permission    Number value    Letter
Read        4        r
Write        2        w
Execute        1        x
No access    0

$ ls -li
total 8
20447265 drwxrwxr-x. 2 rob rob 4096 Feb  2 00:53 testdir
20447264 -rw-rw-r--. 1 rob rob   13 Feb  2 00:52 testfile

chmod + chgrp can use -R switch for recursive ;)

chmod 775 file (or something another then 775 ;) like 640)
chmod u+x file where u/g/o means: user/group/others + or - (x/r/w)
chmod o+rw-x file will add rw and remove execute from file ;)

chown user:group file
chown user file
chgrp group file

* SUID (Set owner User ID up on execution)
ls -la /usr/bin/passwd
-rwsr-xr-x 1 root root 81536 2012-05-26  /usr/bin/passwd

chmod u+s /bin/whatever
if get S in ls -la -> add x! for owner

chmod 4750 /bin/whatever -> will do like u+s (number 4)

TIP: find / -perm +4000

* SGID (Set Group ID up on execution)
chmod g+s (about S see above)

chmod 2750 /bin/whatever (number 2!!!)

TIP: find / -perm +2000

SGID can be set on directory, when user will create file or directory it will set grop (which has set SGID bit)
user doesn't need to be in that group ;)

* STICKY BIT set for directory, then only owner in that directory can delete own files/dirs
chmod +t /dir/dir_whatever
chmod 1777 /tmp ;)

TIP: find / -perm +1000


11) Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
* man
* info or pinfo
* check files under specified directory
* apropos
* whatis


Autor: o

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)