Find the name of the computer and the OS version running - uname -a Gnu =- model environment All commands

are case sensitive ex….date is usable whereas DATE gives an invalid command Files that are named the same with different cases can have multiple files –not asking to overwrite them. Pwd – shows the full path (where current location in the file system (print working direcoty) ~= home direcorty (your home direcotry Jack@opensolaris:~$ Ls = dir = list structure Redirection >creates >> appends Pwd > path.txt Ls >> path.txt Cat path.txt ---use cat to view a text file LS > error.log _won’t work cuz in caps but creates the file anyways LS &>> error.log ---directs the output and any errors that are found (edits cuz of two >>) Taking a file of commands to do editing and then another file to do editing use a < sign to run a list of commands on that specific text file(could use a wild card to repeat for a certain length of time) Pipe | - takes the output from the command and is used for the input for another -- chained together Ls /etc | grep zone (grep sorts by the file name) page 15 and 16 File Combining Commands ● cat ● join ● paste preexisting files and joinging them cat error.log path.txt (combines them to screen output) cat error.log path.txt > erpath.txt (outputs to erpath.txt file to create) joining files based on the fields using join command creates 1 file with what field you wanted to use paste – paste will paste the lines side by side

shells ---BASH/2/tcl/korn/and more Page 4-5 syntax is the difference between the shells -changing shells through the environmental variable (to change just type sh, ksh, to exit back to default shell type “exit” VARIABLES ---ALWAYS STARTS IN $ AND ALLWAYS CAP ($VARIABLE) Internal commands for external -externals don’t work unless added executables -internals –change directory (cd) Cd .. takes u up a level to root Absolute path – starting from the root and working down Relative path—where located Root/jack/etc/usb from usb to jack from absolute = cd /jack or cd ~ Relatively from usb to root cd ../../jack Date command Cal command (cal 0, cal 9999) Uptime ---neat command

Command line manipulation *The tab key auto completes for you (could list available options for you if more than one is available) *To jump to the beginning of the command type CTRL+A…..CTRL+E goes to the end *CTRL+T = switching letters with the next letter (transpose) *up arrow has stored history command -view history type history (must execute it to have it stored in history) *change the case of a letter –hit esc +l/u man pages man ls -(tells what ls does) can also use ls –help (dash dash help) –auto scrolls and what fits on the screen --man ls scrolls to hide a file in linux (types ls does not show up) just add a . in front of the file (H attrib in DOS) transforming files expand – dashes to tabs od (optil format of a file) ----- od error.log - can be used to view file instead of opening up a virus sort --- sort contents by ascending/descending

split - -- two joined files split tac --- reverse of cat (show text reversed tr --- does changes for you…… change o’s to capitol Os by “tr o O < erpath.txt” – can be used in a menu to change from a cap to a lower case -change spaces us tr “ “ _ < erpath.txt ------could also change words and does a one to one and has a character to character match up File-Transforming Commands ● expand ● od ● sort ● split ● tac ● tr ● unexpand ● uniq

INSTALLING UBUNTU Creating an ubuntu partition ---can use ext3 and resiser preferred Mount points can select (need 2 min----root and swap TEXT FILTERS file viewer filters -head (first 10 lines of file) -tail (last 10 of file) -less (shows file based on pagents (click for next page))

File-Formatting Commands ● fmt ● nl ● pr

File-Summarizing Commands ● cat ● wc ------wc test.txt ---shows lines words and characters can use switches /l/c/w (line characterword) Understanding Regular Expressions Using grep ---get regular exression (ls | grep zone) can also be used in a file ( cat test.txt | grep )—case sensitive can ignore case by using “grep –I” Using sed --- search and replace (

Vi Modes –page 33 -------dd cut and paste(delete 5 line 5dd-deletes following the curser) ---yy yanks Basic Text Editing Procedures Saving Changes touch file.txt (creates blank file) pico file.txt nano file.txt vi file.txt ----all allow to create blank files -could start the file and then save later sudo gedit /boot/grub/menu.lst –graphic editor insert mode = i or a save shift +: plus q save shift +:w or q (write) nano/pico to save hit ctrl +o

sudo apt-get install lynx (text terminal html viewer

ifconfig ---ip address of the pc on your machine ifconfig |grep eth0 ---only shows eth0 address ifconfig eth0 | grep “inet addr” | cut –d “:” –f 4 | cut –d “.” –f 3 |tr 2 5 grep- gets expression or a specific …..grep –I (ignore case) --ifconfig eth0 | grep –I “mask” *****do a “sudo” with a command to get the righ permissions sed – is a search and replace tool sed “s/2005/2006/” *****To quite an app just type “q” Examining Process Lists ● Useful ps Options—type “ps” to view the process ● man ps ● ps –e = all process ● ps –eu (what users spawned the process)

● ● ●

ps –au (same but cleaner and bad syntax cuz they don’t want the dash) ● this is just a snapshot of right now ● ps -aux | less (all and can also scroll cuz of the less command) ● top (program that shows real time output of process usage) just type “top” ● kill (command that kills a process)--#9 signal ● need the process id from ps –eu ● kill -9 <process id> ● kill –s kill <process id> ===same way ● man kill for signal list ● signal #15 (gracefull kill process) ● to kill many (all with vi) “killall –s kill <process> or killall -9 <process> vi somefile.txt & ===execute the file but do it in the background with the ampersand ● to see backgrounded processes just type in “jobs” ===show what are running and what they are ● to bring to front just type “fg” and then the process id or “1” Interpreting ps Output top: A Dynamic ps Variant jobs: Processes Associated with Your Session ●

environment variables -“env | less” –shows all variables for the environment -echo $PATH (shows your variable) -“ which ls” ---shows where ls is located to run the ls command -this is in the path environmental variable -to change prompt “PS1=”this is my new prompt>”$ set variable = to the value ***if changed it won’t save it by default --you have to export the variable out as a permanent change in the system(for any of the variables) ----can be customized through login scripts (bash.rc and .profile files can be changed) More Commnads “who” ---displays all users connected “whoami” – who u are “finger” –shows users login information, whne logged on, idle information, “id” –shows user id, group id and all the groups u are associated with “`” –ticks 

---echo Today is `date` --outputs what u have ---treats it as a command and not as a word during an echo --used for a banner system --date;who;finger (can execute commands in scsession  not like a pipe

HELP man ifconfig (man pages of ifconfig) man passwd ---help man 7 undocument info ifconfig == man pages of ifconfig not formated like the other whatis ifconfig ----short snipet that tells u this wtf—same as if config sudo apt-get install bsdgames man –k password (will search all man pages for the phrase ) man –k pasword | grep –I change apropos password ==same as man-k fortune command with different switches If you get an error while doing an apt-get for the dependencies you can then do a dpkg –f (this will resolve the dependencies and pull them down) BECOME THE ROOT USER Become the root user by typing su –

To install KDE With gnome type

su – yum install switchdesk
yum groupinstall “(KDE Desktop Environment)”

switchdesk KDE

Task: To switch from GNOME to KDE, use the command
$ switchdesk kde

Task: To switch from KDE to GNOME, use the command

$ switchdesk gnome

Startx ==Boot into GUI logout of the GUI to get the shell prompt poweroff ===computer shutdown in command prompt | CH-8 -names must start other than with a number -names are also case sensitive  just keep them all lower case -passwd gives list of users |less (more)……. edit /etc/passwd or /etc/group --to view the password go in as root user ---less /etc/shadow ----most distros will not use this file pwconv --- command takes the passwords in the password file (public /etc/passwd ) and puts them in the shadow file (admin only) ---------- not all distros put the files in a shadow copy to view groups just types groups id –shows groups memberships and group id information newgrp –will change your primary group for the session (group that you’re a member of) creating users -useradd less /etc/login.defs ----parameters stored for user accounts (warning levels – password settings)----this is the default settings for new user creation user IDs will increment in that file with the creation of a new user when a new user is created and you don’t create them a folder to store stuff they get dumped into the root (option in the login.defs file etc/default/useradd |

-used when creating users -default home directory -password expirations ls –l /home (home directories stored) to create a user and the home directy at the same time sudo useradd –m –p password test3 (creates account but not the password) ---need to use crypt to create the encrypted password passwd test3 <enter> <then enter user password> to set the shell to bash need to use useradd –s bash su – test 3 (switch user and keeps other settings) ----exit leaves that session delete a user userdel – (-f =removes all files even not belonging to them) this gets rid of the users ownership of files can do a useradd –u 1004 test5 -as long as same id takes ownership of file do a ls –l /home/test5 ----shows user5 files search files for all files with user id 1002 and change the ownership of all the files sudo find / -uid 1002 (starts at the root of the file system how to have a user take ownership of files chown (change ownership) sudo chown test `find / uid 1002` ---changes the owner ship pf test files passwd -page 390 passwd –l test (locks the user out by adding an exlamation point in fron t of the hash) passwd –u (unlocks and removes the ! mark) passwd –s (username, created, pass info -> info about the user) usermod (modify user credentials) change shell to bash by sudo usermod –s /bin/bash <user> to edit passwd file to change settings nano /etc/passwd -can change user settings that way (from shell to bash that way) **never logon as root on a linux system (use sudo/su to do that) might need to do a sudo su –

root account id account is 0 and gip is 0 -can use the passwd file to take ownership/create another root user account -just change the number to a 0 account -can also lock out the other root account and just use that one rm –rf *.* ===kills system chage –l (show information about last changed passwd, expires and when, can not view someone else’s without admin privey) chage –h = help for that password chage –E 2008/10/08 test (sets the account expiration date for the test user) sudo passwd –e test (sets the password to expire and must be changed at the next login) groups username and group names can be the same and are created when you create a single user account groupadd – creates group -f (tell me if suceeded even if the group already exists groupadd linux admins less /etc/group ---stored group information groupadd –g 1200 <group name> (this sets the group ID)---good because you could mix them up with permissions groupdel to delete sudo groupmod –g 1200 linuxadmins (changes the group id for the group) to add accounts to the group with usermod - usermod –G <usergroup> <user to add to the group> - for multiple users and edit the fiel directly (/etc/group) can put passwords on group memberships - gpasswd (same as passwd for users except for groups) o sudo gpassword linuxadmins - passwords stored in /etc/gpasswd - also in /etc/gpasswd/gshadow find / -gid 1004 ==group id search chgrp ----same as chown for users

Log Files

syslog === is a daemon that runs on a linux system (it runs in the background task service) -to verify the service is running you can do a ps –e to view everything -ps –e |grep –I syslog search processes for syslog process -/boot ==boot files -/bin ==binary files -/sbin ==security files -/var ===files of variable length (log files) files that are not of a fixed file size -/var/log ==log -ls –l /var/log ===all log files -syslog config file that the syslog reads where to put logs in the log location less /etc/syslog.conf ====where the configs are stored at -debug, info, warning, warn, error, e(there is more) page 403 for valid facilities and priorities -in that config you can man syslog.conf ---where to write the log file for what log to create **best thing to do is to put the /var file on a separate partition (the only other requirements are / & Swap) –so the files don’t get incredibly big or you can rotate the logs there is a program for logrotate -syslog rotate uses less /etc/logrotate.conf --check book with it -can use compression (do a man for help) -has a good timestamp for that log (make sure that your time is RIGHT dammit) date command ---can use an NTP to mitigate end users from change time and screwing up the logs -NTP client for end systems -Can get a public server by browsing the web -Strata is the chain of command(strata ---atomic clock), strata 1 --below level (server), -each server can deliver time to a level of users -each level increase hearts your accuracy -some are hard to access -need to install ntp - /etc/ntpd.conf file after you install ntp ---page 417 NTP configuration

cron is a scheduler (keeps a cron tab) –nano /tmp/crontab file to edit and add – page 418 -could also use anacron –help page 423 -at command does things at a specific time then redundant operations like cron -at can execute based on a file (at –f /home/nate/commands.txt now) BACKUP Tar-----compression ---backup files tar can decompression and gzip zips tar –help page 427-248 to create an archive of all text files in home dire tar -cvf (compress, verbose, file) txt.tar *.txt rm *.txt= delete tar –xvf txt.tar(extract, verbose, file) ----but leaves the tar file there ls –l txt.tar gzip=compression utility (lz77 coding) 60-70 compression gzip –help gzip –c (create) gzip -c txt.tar > tar.txt gunzip to unzip files tar –zxf(decompress(gunzip), extract, from file) txt.tar.gz page 429 – 430 CPIO zipping –similar to gzip dump and restore ==backups dump ---backs up the entire file system and pulls to the inod( pointer to the file and tells you about the permissions) restore function of dump you need to restore (dump from ext3 need to dump back to ext3 system) cannot be used for any other utility (only eft2 ext3) -not the best one to use dd (does lower level backup than dump) – does bit level copy bit by bitexact copy of a partition/drive everyting (dd will copy the entire partition even if it is not being used (free space)) --if you need to backup files and directories just use tar --dd can be used to create ISO images --mount cd --dd if=/dev/scd0 of=kubuntu.iso --dd if=kubuntu.iso of=/home/nate (copy to a folder) --can be used for forensic purposes (never work on the actual device (make a copy with dd)

--man dd (lots of specifics)—no trunk (is a good one – doesn’t cut off the output ), no error (ignore errors) barracuda is a backup prog that works good for linux Page 134 – Partitioning – Page 138 has a chart /dev devices /dev/sda – scsi hard drive /dev/hde – could be the eide drive (all treated as a file) dmesg |less ---shows us what you see as boot (what folders/hardware u got) mount shows what is currently mounted in the files system Linux partitions /dev/sda1=C: --linux knows it has the potential for 4 primary drives (so it reserves 1-4 /dev/sda5=D: (that’s why you start at 5 for an extended partition) when creating the partitions you specifiy mount points (see chart in the book) -minimum you need the root and the swap (swap = double size of your ram) example 30GB HD want /= 10GB—make it a primary drive- Reiser /home=10GB user data stored (backups, security, maintenance (need to unmount a drive), --logical drive—ext3 /srv=7.2GB--logical drive--resier /var=4GB--logical drive---ext3 /swap=1GB, don’t need a file system (own thing) ---create first since it’s at the beginning of the drive=speed----make a primary -if not specified they go in the root this helps when upgrading the system(only updates the core mostly so it doesn’t touch the other files) -next you want to chose the file systems (ext3 good cuz of journaling, & Reisor, hfs, -only reason to keep fat partition is for legacy machines, dual bootage -

on v-box go into pae and enable that sudo fdisk –l (shows the partitions)

sudo fdisk /dev/sda (how you get into fdisk in linux) -type h for help Chapter 4- undelete tuning the file system -man dumpe2fs (gives information about the file system) ext2/3 file systems only –page163 -sudo dumpe2fs /dev/sda5 (gives drive information) use –h option for simplification *I-nodes definition get it (more information to something) data stored that point to the journal tune2fs (setup when to do tuneing on the file system ----only works on ext3 -c = adjust the amount of mounts before doing a file system check sudo tune2fs –c 25 /dev/sda(and then drive number) sudo tune2fs –C 26 /dev/sda5 ---next boot on the 26th time will cause a file system check debugfs (recover deleted files) page 165 (undelete <inode> and then the name) -man debugfs - cool tool sudo debugfs /dev/sda5 -then do a lsdel (findout what was deleted) lists deleted i-nodes ls – file.txt (shows the inode) then do a rm of the file then enter sudo debugfs /dev/sda5 ---lsdel fsck – file system check----file system check can be done now!---but you must unmount the drive first -fsck .ext3 /dev/sda5 -check fsck parameters

> # mkdir /media/cdrom > # mount -t iso9660 /dev/cdrom /media/cdrom > ls /dev/sd* 1) mount -t cd9660 /dev/cdrw /mnt/cdrw

2)mount -t iso9660 -r /dev/cdrom /mnt/cdrom

sudo mount –shows all the mount points umount sudo umount /dev/sda5 ---umount the / drive ---can’t do that to the root drive cd / ===leaves that direcoty -then do a sudo fsck.ext3 /dev/sda5 (need to unmount before checking the “/” drive) then to remount sudo mount /dev/sda5 pages 173-175----mounting drives drives (usb/cds will be mounted under /mnt/<media> dvd, disc(older) newer ones are /media directory (iso9660) /sde/sed0 ….so you need to type mount –t filesystem /dev/scd0/<cd, dev> less /etc/fstab setup with the file not to automount---can change the parameters -look at page 177 for other functions and able to mount other devices to mount the disc then…. mount /dev/scd0 /medi/cdrom0 cd /media/cdrom –to browse files to unmount do a cd.. (get out of the directory)…..then unmount /dev/scd0 /media/cdrom0 Permanentaly mount file systems (page 177) df –h /dev/sda5 (shows drive statistics for usage)---shows disk usage for the entire disk (used/available) or just df –hdf du shows how much a user is using (sudo du-h /home/) shows who is using what and where sudo shutdown –h now sudo tune2fs –l /dev/sda5 (home (ext3)) -shows mount count and max mount count (shows when check disk will be ran next) can manually change the mount count with sudo tune2fs –C 20 /dev/sda5 (sets the current mount count to 20) (lower case c sets the maximum)

can add a journal to this ****ls on next test –know all switches ls –l file?.txt -will display anything with file ls –l file[12].txt -so if you have a file 12 then it won’t display it ls –l file[1-100].txt ----only looks at the first field (so files that start with 1) each [] box = 1 character so if you do ls –l file[0-9][0-9][0-9].txt --then this will find file100.txt ls –a ==shows all hidden files, including .dot files -A ==almost all man ls to see ls –d shows directories ls-l (shows most parameters of the file) ls –p /home ---shows directories ls –R /etc/-----recursive directory listing --can also use wild cards with any other command copying files mkdir ZOMG cp file1.txt ZOMG/ cp file1.txt ZOMG/file1.bak ((transfers file data from fil1.txt to .bak file)  if you sudo it it will have the creator of the file as sudo o to preserve the files use a –p to preserve the file o –r is a recursive copy  cp –R newdirectory/ newdirectory2/ moving mv file.txt newdirecory/ -look at switches perameters renaming files  can do a move with a renamed file  mv file1.txt file2.txt deleting files  rm file.txt (-I asks if you are sure you want to delete the file)  to delet the directory rmdir –r (removes subfolders) Touch

 touching changes files to the present time  touch –c filex.txt ====this will not create the file if it does not exist links  ln file100.txt file100link.txt (created a hard link to that file) o if edit the link file (file100link.txt) the target gets updated o if the target is edited the link also gets updated o ***they are linked together INODES point to files o to verify you can ls-i o actually 2 separate files o if target is deleted the other will still work o work on the same file system (ext3 to ext3)  ln –s o o o o file2.txt file2link.txt = symbolic link…use more common if you do a ls -l is will show that it is a (L) in the first paremeter edititng the target updates the link file ls -il file.txt (to see if they share an INODE) if target is deleted the link is broken and it thinks it is a new/empty file then o go across different file systems (reiser to ext3)

 collaborative work/backups chown --file ownership  sudo chown root file1.txt (root is the owner)  sudo chgrp root file1.txt (changes the group to )  sudo chown root:root file2.txt (makes user and group the owner) permissions 3 main  read(r)---read contents but can’t traverse the directory (need the execute)  write(w) -----just write permission you can’t modify the contents of the file  execute(x)  ls-l ----shows directory and permissions  -rw-r--r-o first - = type = file look at page 189 for a list of what these are  next 3 (rw-)=owner permissions (u) • next 3 (r--)=group permissions (g) o last 3 (r--) = (o) others- everyone else o (a)=all users

 symbolic (r, w, x)  octal (421/rwx)  to change permissions

o o o o o o o

chmod(change mode) to add execute permission for the owner +x=add, =x = set it too, -x takes it away chmod u+x file3.txt (user gets the execute right to the file) chmod u-x file3.txt (takes away the execute right to the file) chmod ug+x file3.txt (user and group now has the right) chmod g+w,g-x,o+w file3.txt ----symblic method (+=or commands can be used) -rw-r--r-- file.txt to thei -rwxrw-rw- ….you can use chmod a+w,u+x file.txt or (could also use the = to set the permissions exactly the way you want them  do this by chmod -rwxrw-rwx want • • octal format           to be -r--rwx-r-chmod u=r,g=rwx,o=r file.txt chmod u-wx,g+x,o-wx file.txt (0-7) 76543210 = 8 options

o

o

r=4 w=2 x=1 total=7 777=directories 666= files default permissions are set by the umask just type umask 0022 output umask takes file permissions away not add file permissions • so 777/0022=755…….666/0022=644 • umask 0055 now new files created = -rw-r--r-o if changed it only stays during the session of the terminal • chmode 760 file1.txt *****look at notes on the paper

Because it is binary, the permission information can be expressed as a single 9-bit number. This number is usually expressed in octal (base 8) form because a base-8 number is 3 bits in length, which means that the base-8 representation of a permission string is three digits long, one digit for each of the owner, group, and world permissions. The read, write, and execute permissions each correspond to one

of these bits. The result is that you can determine owner, group, or world permissions by adding base-8 numbers: 1 for execute permission, 2 for write permission, and 4 for read permission.  attributes - extensions to the permissions (read only, compress) on page 198 o -rw-rw-r-- file permissions on a new file o lsattr cmd to view the file attributes o chattr - change the attribute chattr +i (immutablegoes beyond disableing writes (can’t be deleted, renamed and edited) file.txt • not even root can change stuff on files marked with a -i • root can take the attribute away from it (permissions need to be the owner, root for the attributes)  Special permissions (3)---can be set symbolically-page 194 o suid-set user id=4or +s--goes in the owner  when a user executes the file, it will be executed as the owner of the file (Lending permissions )  originall file is 766  so to add special permission you need to chmod 4766 file.txt sgid-set group id=2 or +S ---goes in the group      sticky       when file is executed use the groups ID - run as the file with 766 permissions…to add sguid chmod 2766 file.txt adds an “s” to the ls-l view of permissions bit=1-----only works on directories or chmod newdir o+t any files in the directory can only be deleted by the root, owner, owner of the directory only works on directorys mkdir newdir (makes directory) current permissions are 755 chmod 1755 newdir adds a t to the ls-l

o

o

Chapter 7 ---page 332 Man pages -apropos lets you search the man pages for key words -man -k (uses approrpos to search a man pages) info passwd (similar to the man command)

-man pages stored in the man path -it’s in /etc/manpath.config -used by the man command -could use the man path to your home directory if wanted to -man --path (then put in the path to your man pages (this is temporary)) or -could man and then put in the entire path to your man pages -readme files comes with most applications that are installed with the linux platform base less /etc/issue ----this is the login heading on the computer (could be used to say anything) (local machine) -\n = computer name -\s = OS name -\m = platform -\t = time ====*****Know the switches The /etc/issue and /etc/issue.net files support variables that you can use to substitute information that might vary from one login to another or from one system to another (thus enabling you to use one file on multiple systems). These include \n (the computer’s hostname), \r (the kernel version number), \s (the OS name—Linux), \m (the platform, such as x86), and \t (the time when the message is printed). less /etc/issue.net ----(prompt for when the users telnet into that PC) --does not effect SSH when used ---have to change something under ssh first less /etc/motd ------this is the message of the day that can be changed and edited (don’t use welcome--not invited-----policies and far use) bashrc ----is a login script file ----is a hidden file ---and effects the machine globally when the machine is shutting down (know shutdown switches) shutdown -r 10 (tells machine that it will shutdown in 10 minutes) “machine is shutting down go away” - displays the message -h-halted or poweredoff -hit ctrl+c to abort the shutdown command built in fire-wall with built in ip tables with chains -can permit and deny access to specific services

-these are software ports to services running on the machines (SSH - port 22, web-80, blahblah, 20-ftp data, 21-ftp setup connection) -less /etc/services -----file tells you the well-known port numbers -know pages 341-342---mainly look at that file knowthem!!! - can do a less /etc/services |grep <and then the numbers and stuff>

Firewalls built into the linux kernel -firestarter is a gui for a firewall program that can run on linux -have linux ip tables witch include chains and statements that either deny or allow traffic in a packet you got a source address,src port (greater than 1024), dest address, dest port..less than 1024 to view tables do a sudo iptables -L -if table type is not specified (you have 4 tables) your gonna view the filter table -prot (protocol) -opt (options) -the other tables include the NAT table (pre-routing chain) -NAT post routing chain -NAT output chain -also have a mangle table (same chains as nat) -also have a raw table -each chain has a default possible (accept) for input, forward, output tables -input chain (deals with local services) allowing other to access specific ports on your machine -output (remote services) denies your output -forward chain (deals with routing- packets that route through your device(a go between)) -default is to accept all packets drop -----check book for other and further details --packet will drop and sender will not know it was dropped block --drops packet and notifies the sender sudo iptables -t nat -l -will show the iptable nat sudo iptables -t raw -l sudo iptables -t mangle -l (this is to view the tables) to create a table you need to get rid of all the contents in the ip tables

-iptables -t filter -F INPUT -you can also do a -P to change from drop to accept or v/versa page 348 in book sample iptables [-t table] -A CHAIN selection-criteria -j TARGET  sudo iptables -A INPUT -p tcp --dport 445 -s 172.24.1.0/24 -j ACCEPT o TABLES DO NOT GET SAVED AFTER A REBOOT o iptables -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT  This gives a port range  these chains are searched top to bottom like an ACL  347 for what all the switches  know the iptable switches  through the chains you can track the counters and see what people are hitting (iptables -z resets them)  need to automate this to save the entries through a script o create a new file called newfire.sc o then open an editor o make the script on page 351 but you need to change the permissions so that everyone can use it  everyone needs execute  so chmod 755 newfire.sc (was 644 but you want to add the execute command to everyone so it becomes 755 after that )  or can do a chmod a+x newfire.sc  to automate can type sh <filename>  could also do a path  ./<filename>  exec <newfile.sc • all executes the file o now you need to execute this file o ls /etc/rc3.d/ (contains a bunch of soft-links) this folder is like a startup folder can use the /etc/rc.local • -make sure that it is executable • add your file location at the end of the file • use pwd command to view the current directory Configure the system to run the firewall script at startup. This can be done by calling the script from a local startup script (such as /etc/rc.d/rc.local), by creating a new SysV  

startup script that calls the firewall script, or by replacing an existing firewall startup script with a call to the new one. TCP Wrappers is configured through two files: /etc/hosts.allow and /etc/hosts.deny. The first of these specifies computers that are allowed access to the system in a particular way, the implication being that systems not listed are not permitted access. By contrast, hosts.deny lists computers that are not allowed access; all others are granted access to the system. If a computer is listed in both files, hosts.allow takes precedence.---so if ur in bot files ur allowed. Both files use the same basic format. The files consist of lines of the following form:  to view syntax type less /etc/hosts.allow

If UR not usting something…shut it down to stop services that u r not using do a sudo /etc/init.d/apache2 stop to view the services you can un netstat netstat -ap | less  to view any unnecessary services that are runnin on that machine  sudo apt-get install nmap also can scan o nmap -sT <IP> o shows what is active on that pc o nmap -sT teela.rodsbooks.com (port scan to the target PC/addy)  can use find to lookup files with sgid or suid  find / -perm +6000 -type f (page 361 for more info)  Find scripts that are executed by another user and want to know which ones are    Chapter 2  .rpm - red hat packages--fedora o use to compile it o now just yum -i  .deb - ubuntu o same way o now used apt-get install

sources.list • located /etc/apt • inside the file it has links/repositories where the files may be located at • if you have something that is not in the list you need to put in the repository information so you can find it o if the file is edited you need to do a sudo aptget update o updates package list and redoes an index of that file information  can convert between the 2 o  can go to http://rpmfind.net to get the packages that you want to search for o wget (allows you to download the package as long as you have the direct link to it o wget <direct link address to rpm file> o http://rpm.pbone.net/ another good search area o can also get a converter between debian and rpm   also can use http://freshrpms.net/  once you get the rpm downloaded you need to install it with the rpm command o man rpm o know switches for the RPM command o to install must be root o find out if thunderbird is installed or not 1st o rpm -q thunderbird   can use a -i to do an installation of thunderbird rpm -i /home/nate/thunderbird……rpm • can also do a rpm -ivh (install,verbose,show hash indicating installation) /home/nate/thunder……. • this shows that the installation takes place

to uninstall do a rpm -e <package name> to upgrade type rpm -Uvh <package name> uninstalls old and replaces with the new one • if trying to install a older over a newer it will tell you • it looks at the database (rpm -qi <package name>) o can use cpio to view the files within the rpm package file o might need to do a rpm --import This program takes a single argu 

ment—the name of the RPM file—and outputs the cpio archive on standard output. Thus, if you want to create a cpio archive file, you must redirect the output: $ rpm2cpio samba-3.0.10-1.fc3.src.rpm > samba-3.0.10-1.fc3.cpio $ rpm2cpio samba-3.0.10-1.fc3.src.rpm | cpio -i --make-directories In either case, the result is an extraction of the files in the archive in the current directory. In the case of binary packages, this is likely to be a series of subdirectories that mimic the layout  can build your own with the command of rpm build ***debian packages (Ubuntu)

 debian packages are harder to come by o can also wget <ddl url> o sudo dpkg -i <debain package name> o to erase a package that uses a -r o  sudo dpkg -r rar to see if the package is installed you do a  sudo dpkg -Ei <package name>  or  sudo dpkg -Gi <package name>  or  sudo dpkg -query -l <package name> debian has a utility to automate the download and application    apt-get • advanced packaging tool sudo apt-get install rar man apt-get (lots a switches • removes • sudo apt-get remove rar sometimes doesn’t apt-get what u want with up to date packages also the repository suggests what to apt-get sudo nano /etc/apt/sources.list this is the repository location like virtual-box …shows you where to add the sources.list url address • just put it at the bottom of the sources.list repository

o

    

o o o o

MUST UPDATE THE INDEX TO GET THELIST WORKING • type sudo apt-get update o updates the database and pulls the information down for you  sometimes need a public key to download the file  sudo wget -q <address> < can also do a smart upgrade   # sudo apt-get dist-upgrade can run rpms on debian system with alien  sudo apt-get alien converts rpm  debian and also backwards  sudo alien <packagename> apt4rpm.sourceforge.net  can use apt-get for RPM (red hat) system  but you can use yum instead this sudo apt-get install dselect

o

 does the stuff that you don’t have to type in the command line  gives you new stuff to install  apt-get on a steroids menu driven display  Finding source codes (sourceforge.net) o freshmeat.net  files that are .tar.gz (tarballs) o wget the direct file o can gunzip and untarball it in one command o use a tar cmd           tar -zxvf (f=file, ) <downloaded tarball) it creates a new directory then run ./configure (DON’T HAVE TO BE ROOT BUT IN THE DIRECOTRY THAT IT WAS EXTRACED IN) but i’m missing the gcc compiler fedora yum gcc ubuntu apt-get install build-essential • sudo apt-get install gcc s after running configure you can run the make file • a listing of commands for a program called make just type “make” and then ur done su -c “make install” ----type this so that you can run the program anywhere (it copies it to a user folder so that it is available) • goes to the root,makes th install and runs it

•  

so when ur at your home directory you can run the app

can’t do an rpm -q (query to see if it was installed) • cuz it was not an rpm package

make clean • gets rid of all the temp files that were there during installation  make uninstall • deletes the program o could link everything with sudo ./configure && make && make install && make clean  && = continue if no errors were received  need libraries for programs to execute correctly The major administrative challenge of handling shared libraries is in enabling programs to locate their shared libraries. Binary program files can point to libraries either by name alone (as in libc.so.6) or by providing a complete path (as in /lib/libc.so.6). In the first case, you must  ldd cmd (this allows you to view what is need to run thie pgram) o ldd /bin/ls (what is required for the ls command) o sudo ldconfig    Chapter 9 192.168.1.12 255.255.255.0 e2d Setting the IP addy on the box updates dll files should do this when installing/downloading should still automate this command (could use Cron job)

/sbin/ifconfig to run ifconfig without a sudo user priv interface eth0 su -c “/sbin/ifconfig eth0 up 192.168.1.12 netmask 255.255.255.0” THIS SETTING GOES AWAY WITH A REBOOT OF THE MACHINE -sets it to one time -works with both fedora and ubuntu

manually configure and static save ifcfg-eth0 file under /etc/sysconfig/network-scripts/ifcfg-eth0 -edit this file sudo it bitch -Do this for fedora IPADDR = 192.168.1.12 NETMASK=255.255.255.0 GATEWAY=A.B.C.D DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.29.39 NETMASK=255.255.255.0 NETWORK=192.168.29.0 BROADCAST=192.168.29.255 GATEWAY=192.168.29.1 ONBOOT=yes IF DHCP does not pull right away you need to restart the network - use /etc/init.d/network restart

JUST CREATE 2 FILES with a static entry and dhcp entry then copy them over cp ifcfg-eth0.static ifcfg-eth0

For Ubuntu you edit the -/etc/network/interfaces -file nano it bitch If you only get a loopback interface and no interface type this command Ifup eth0
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug

script grep map eth0 # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1

IF DHCP does not pull right away you need to restart the network - use /etc/init.d/networking restart - used for ubuntu

like in windows you don’t need to have a DNS server for local machine connectivity - it resolves the ip to name or vice-versa for you - the /etc/hosts file is the container for the translations - there is a hosts file located on windows for windows file you can edit C:\WINDOWS\system32\drivers\etc file to block out other webpages could also do nslookup and then host (ip to name or name to ip resolution) - the host cmd does similar thing - host <ip or name to resolve> - dig cmd  tells information about the DNS server holding these records - whois cmd all info about host and provider linux packet sniffer - tcpdump cmd o sudo tcpdump > packet.capture super-servers - init.d xinit.d - centralized service - xinit.d is used for new services - cd /etc/xinitd.d - yum install telnet-server o ads more files in folder - those files help to configure the super server - /etc/xinetd.d - with its own configuration options - route cmd shows show ip route - who shows who is connected to the box

Printing in Linux - LPD and Cups (common unix printing system) - there is a directory already created for the print queue created in the o ALREADY in /var/spool  root only has read write capabilities ps lets you looks for running processes and daemons on the computer o could grep for that and see a specific file o to start the CUPS services  use /etc/init.d/cups restart  use /etc/init.d/cups reload, start, stop /etc/printcat file is under etc

o -

 allows you to define multiple printers to be used apsfilter is a text based printer setup program that you have to install this is for LDP CUPS has a printer configuration file o /etc/cups/printer.conf o file is created by cups o default printer selection o also uses post script printer definition file   

/etc/cups/ppd printer description file cups has a web based setup under neath gui • http://localhost:631 launches the web gui • can also do it via a remote printer through instead of typing the local host command  same printer type with different ip addy • edit the printer.conf file and copy and paste the contents of the file to make two printer setups within the file • edit the printer file then to make it the default printer - command lpr tells you to print the file o lpr <printer> <what to print> Mail system - novell groupwise mail server - linux has their own - sendmail o SMTP transfer from server to server - fetchmail o connects to server via pop and downloads to PC or allows you to read o can also use imap as well as pop

-

rpm -q sendmail or fetchmail to see if they are installed or not have to configure both the sending and receiving sides o also have to take security issues into consideration  open relay system(send emails from anybody) mail already is setup o just type the mail command o man it to know the other commands sendmail.mc, sendmail ----------

-

-

Apache & Samba apache -

software package that provides http service (web service)port 80 actually called httpd rpm package name (which is already installed on that system ps aux | grep httpd (search for the apache service running which is not running can find where the config files are located through the rpm config packages o rpm -ql httpd | grep conf (querys for the location) o main config file located         /etc/httpd/conf/httpd.conf file the serverRoot “/etc/httpd” is where all doc files are located at StartServers set to 8 max clients set to 256 (max amount of connections it’s allowed to start) maxrequestsperchild = 4000 times 8 processes per user can set the number of listens on port 80 ---can change this port apache binds itself to every ip address in this file can also load more modules • mod/user/dir/.so (can access their own files via the web) • public htm directory in home directory is a hidden directory that you can store files you want access to. • /mod_ssl.so (allows you to do secure sockets) User apache Group apache

 

• •   

who starts apache during the startup process (apache by default) must run httpd as root initially

 

 

ServerAdmin default (root@localhost ---this is an email to who to send the help to) ServerName (usually not messed with DocumentRoot (where are your webpages located at • default to “/var/www/html” -any user who has access to these files needs to have the proper rights • also change a few settings underneath that for where the webpages are located at under the UserDir settings in that config you must enable directory index (mainwebsite as to what your index pages is called • this might have to change if you don’t have an html page ErrorLog setting shows where all your error logs are stored at • default to logs/error_log

-

Samba -

virtual host • serves up another virtual hosts • like one site used for https and http need to start service /etc/init.d/httpd start anytime you change the config file you need to restart the service o changing the port number localhost:81 now o changing the bind through the config file with a specific ip address can also use xammp web server abys web server NFS (linux sharing to linux clients) samba deals with sharing files between linux and windows windows clients don’t know the difference also has config files to configure has two services o smb - file folder printer sharing o nmb - netbios o both need to be on page 529 rpm is yum list samba to see where it is available yum -y install samba (-y = answers yes for all answers) swat is a graphic utility to configure samba GUI o samba web administration tool

-

-

can install it via yum -y install samba-swat need to configure and start the service config file rpm -ql | grep conf (no config files for samba) less /etc/samba/smb.conf o main samba config file o under global settings area in that file can put workgroup = linuxrocks (wither domain name or workgroup name )  server string = (description of workgroup )  netbios = (can be used to specify a server name to whatever) o has further options down the config file swat is actually a server that is controlled by the superserver how do you know if the super server is running ps aux | grep xinit.d swat also needs to be checked via the ps aux | grep /etc/xinetd.d/ o this is where files are stored as to whether or not swat is to be started or not o nano /etc/xinetd.d/swat file needs to be edited to start swat when xinetd.d starts o localhost:901 o need to restart service   Typically, typing /etc/inetd.d/xinetd reload or something similar will do the trick. webmin is a good tool instead of swat wget http://prdownloads.sourceforge.net/webadmin/webmin-1.4411.noarch.rpm http://prdownloads.sourceforge.net/webadmin/webmin_1.450_all.deb http://voxel.dl.sourceforge.net/sourceforge/webadmin/webmin_1.450_all.d eb webmin is the front end to config apache and samba o webmin uses port 10000 webmin is amazing and should be used as soon as linux is installed o webmin stuff starts up when pc reboots o to make sure that it gets started when the pc reboots…service starts or not when rebooted o chkconfig and has run levels o can toggle with chkconfig --level <what levels> o run level 0 = o run level1= 

-

-

o can look in /etc/inittab 0 This is a transitional runlevel, meaning that it’s used to shift the system from one state to another. Specifically, it shuts down the system. On modern hardware, the system should completely power down. If not, you would be expected to either reboot the computer manually or power it off. 1, s, or S Single user mode. What services, if any, are started at this runlevel varies by distribution. It’s typically used for low-level system maintenance that could be impaired by normal system operation, such as resizing partitions. 2 On Debian systems, this is a full multi-user mode with X running and a graphical login. Most other distributions leave this runlevel undefined. 3 On Fedora, Mandrake, Red Hat, and most other distributions, this is a full multiuser mode with a console (non-graphical) login screen. 4 Usually undefined by default. 5 On Fedora, Mandrake, Red Hat, and most other distributions, this is the same behavior as runlevel 3 with the addition of having X run with an XDM (graphical) login. 6 Used to reboot the system. This runlevel is also a transitional runlevel. Your system will be completely shut down and then the computer will reboot automatically. o chkconfig --level 35 …somethinsdofofoaisdn

SUDOERS and the SUdoers list sudo is a run as command can give permissions with group assignments (wheel group is a group to give users sudo privs) to find out what group or groups you belong to o can use groups command o can us id command to create a group to be a sudo guy sudo groupadd leehw usermod -G leehw student12 root must edit the sudoers file visudo command edits the list and settings o can shange aliass o add a command    Add comment of what this does %<group> ALL=(ALL) ALL now have rights

-

-

now when you sudo you can use your student password and don’t have to type in the root password o also caches the password so you don’t have to save the password o if you sudo a su - to switch user you don’t need to enter a password if it is already cached o sudo su - works ls -a is equal to l. o these are aliases o type alias to view them o to make an alias you type o o o o  alias ipconfig=”/sbin/ifconfig” aliases only work for that user only last for the duration of the session can edit a file to make it static (hidden file)  nano .bashrc file  stored for that particular user could create an alias for when creating a user and alias all the perameters  to change globally  /etc/bashrc  this for new users when they are created

o

DNS - name resolution have the host file that does the mapping for us BIND - burkley internet domain ps aux | grep named -not running BIND is the package and the service is named named BIND is not installed so you can yum install bind the /etc/resolv.conf file tells the client where to do lookups to - if it is then not found and passed on to another server it is in the /etc/named.conf file - zones and records are stored SSH HAzzaa

uses RSA keys with asymmetric encryption with 2 keys symmetric uses the same key has a pub and private key message is encrypted with the users public key and then uses their private key to decrypt it can figure out if ssh is installed with - yum list | grep ssh - ssh _config-----client config (putty client setup) - sshd_config----server config o both config files o files located /etc/ssh/…files here o in this files can change who logs in with ssh and its setup peramerters - to get rip of the ssh cache - rm -i ssh known hosts something - to give them a message via ssh login you have to edit the config file whereis -----this will tell you where it is installed chapter 6 kernel

uname -a ---tells you about the opertating system uname ---and then do switches to find out the specifics modules on the system lsmod | less fuse module lets you read and write to an ntfs partition rmmod floppy ---gets rid of the module to get the module back you can do insmod or can use mod prob - modules may be dependant on others modpro -v floppy modpro -vr floppy (modpro removes the module) depmod will refresh a file boot loaders page 282 Lilo is similar to the boot.ini file in windows….dictates what file system to use

the lilo boot menu just sits there and you can change boot perameters beforebooting into the PC. - can change video settings - writes stuff into the system - lilo.conf - have to use backtrack - live CD that you can use to edit lilo - boot option tells you the name of the device and sector to boot from this computer - timeout …time it will let you wait before making a selection 1200 .10 of a second = 2 minutes - prompt brings upthe boot colon - other - - perameter to have other boot partitions that are available - read only means that the root partition will be read only - anytime you make a change in lilo you have to re-install video o pain in the ass Grub - more commonly used - automatically takes effect with grun and doesn’t have to change anything - to edit grub you can go to /boot/grub/grub.conf - or - /boot/grub/menu.lst - the files are linked together menu.lst is a link file to grub file - you can change either one - boot parameter tells the boot partition - the default perameter is the number of seconds to wait between selecting (in seconds) - Oss in grub.conf file they are indexed by number default perameter=0 is the first HD - custom splash screen can be in /boot/grub (don’t really have to do it) o then edit the conf file o edit the splash image location - lilo blows - can view the shadow file from browsing with the grub menu kernel ring buffer - dmesg command - shows you the boot menu and what has loaded during the boot process - 293 - 294 boot process and what it does - run levels - tells linux what features to use o levels 1-6 o page 295 0 This is a transitional runlevel, meaning that it’s used to shift the system from one

state to another. Specifically, it shuts down the system. On modern hardware, the system should completely power down. If not, you would be expected to either reboot the computer manually or power it off. 1, s, or S Single user mode. What services, if any, are started at this runlevel varies by distribution. It’s typically used for low-level system maintenance that could be impaired by normal system operation, such as resizing partitions. 2 On Debian systems, this is a full multi-user mode with X running and a graphical login. Most other distributions leave this runlevel undefined. 3 On Fedora, Mandrake, Red Hat, and most other distributions, this is a full multiuser mode with a console (non-graphical) login screen. ---what we are using in this class 4 Usually undefined by default. 5 On Fedora, Mandrake, Red Hat, and most other distributions, this is the same behavior as runlevel 3 with the addition of having X run with an XDM (graphical) login. 6 Used to reboot the system. This runlevel is also a transitional runlevel. Your system will be completely shut down and then the computer will reboot automatically. to change the run level you can change it under the /etc/inittab file type runlevel to see the current runlevel o could also use runlevel --set 3 but might not save it o could use init command to change run levels on the fly o /sbin/init 0 /etc/rc3.d chkconfig | grep sshd o this will show you the run levels of each config

-

o o -

chkconfig --level 24 sshd off (off for runlevels 2 and 4) will not start when initialized at that run level ntsysv

 can start services by point and click shutdown -h now (sbin) = /etc/init0=halt(sbin) shutdown -r now=/sbin/init6=reboot ------------------------------

Scripts on page 310 shell scripts can automate processes create a shell script - makeusers.sh - nano script file o useradd -m $1 o passwd $1 o mkdir /home/$1/$2 o chown $1 /home/$1/$2 - need to make the file executable with the chmod 764 makeusers.sh - then do a - ./makeuser.sh $1 $2 - makeusers.sh $1 $2 - could also create a group make it a primary of that group - with - groupadd $1 - useradd -m $2 - usermod -g $1 $2 - passwd $2 condition set touch condition.txt mkdir condir nano filetest.sh o if [ -f $1 ] o then o echo “this is a file” o else o echo “this is not a file” ./filetest.sh comdir o this is not a file functions on page 317

-

Chapter 5 we are using xorgx11 in the fedora environment /etc/X11 this is where the files are located - /etc/X11/xorg.conf - this is the config file for the X environment graphics - can change the color depth - identifier is just a label - monitor is more like a video card settings - tellinit 3 ---switches to the command prompt - tell init 5 starts startx (a way to start and restart) Remote X client - remote x clients 251 - so like dummy terminals Portmaster - have the asterisk - to make a script launch when you login you do o bash.rc file for that user o bashrc is the login script o .bashrc o start with a case and then end with a esac (case backwards) o also use done this allows you to jump out of the script so you can’t access the linux cmd line =----------------------To view attributes you can do a lsattr