Module-1 : Understanding Linux Concepts

Module-2 : Download and install

Module-3 : System Access and File system

Command Prompt

1

Access To Linux System

2

Access To Linux From Mac 3

New Network Command (IP)

4

ip a

ip addr

ifup <internet driver name> reboot

Linux File System

5 6 7

Navigating File System

8

What is Root ?

9

File System Paths

10

Directory Listing Attributes

11

Creating Files And Directories

12

Copy Directories

  1. cp -R <source_folder> <destination_folder>

linux File types

13

Find Files And Directories

two main commands are used to find files/directories

  1. find

  2. find . -name "pedram.txt"

  3. locate

  4. locate "pedram.txt" before yum install mlocate and updatedb

Difference Between find and locate

14

Changing Password

  1. passwd <userId>

WildCards

15

  1. touch abcd{1..9}.txt create 9 files

  2. rm abcd*

  3. ls -l abcd*

  4. rm *.xyz

  5. ls -l ?bcd*

  6. ls -l *[cd]*

Soft and Hard Links

Link is just a shortcut

16

yu cannot create soft or hard link within the same directory with the same name.

hard links only work within the same partition

ls -ltrhi i = inode


Module-4 : Fundamentals

Linux Command Syntax

17

  1. ls -l -l is options

  2. ls -l Downloads Downloads is argument

File Permissions

18

  1. userchmod u+rwx <fileName>

  2. groupchmod g+rwx <fileName>

  3. otherschmod o-rwx <fileName>

  4. everyonechmod a-rwx <fileName>

if a directory does not have execute permission (x) you can not cd to the directory

Permission using numeric mode

19 20

File Ownership

21

  1. chown <username> <fileName>

  2. chgrp <username> <fileName>

Access Control List (ACL)

22 23

Help Commands

  1. whatis command

  2. command --help

  3. man command

Adding Text to Files (Redirects)

24

  1. echo "some text" [>> , >] file.txt

  2. ls -ltrh > file.txt

Input and Output Redirects

25

26

Standard Output to a file (tee)

27

  1. echo "pedram aghasian is the best" | tee file.txt

  2. echo "also is network specialist" | tee -a file.txt

  3. echo "also is network specialist" | tee file1 file2 file3

Pipes

28

  1. ls -ltrh | more

  2. ls -ltrh | tail -1

File Maintenance Commands

29

  1. cp file.txt newFile.txt create newFile.txt and copy file.txt ino it.
  2. cp file.txt /tmp
  3. mv file.txt newName.txt rename a file.
  4. mv file.txt /tmp cut file.
  5. chgrp root file.txt
  6. chgown root file.txt
  7. chown root:root file.txt

File Display Commands

30

Filters / Text Processors Commands

31

  1. cut

32

  1. awk

33

  1. grep/egrep

34

  1. sort/uniq

35

  1. wc

36

Compare Files (diff and cmp)

37

Compress and unCompress (tar, gzip, gunzip)

tar : tar takes a bunch of files together and put it in one container, just like in windows you have bunch of files and zip them together, so tar file does not compress as much as the actual gzip command.

  1. tar cvf <fileName>.tar <path>
  2. extract tar file : tar xvf file.tar

gzip : is actually compress files

  1. compress tar file : gzip file.tar
  2. upCompress file : gunzip file.tar.gz or gzip -d file.tar.gz

Truncate File Size

38

shrink or extend a file : truncate -s <size bit> filename

Combining and splitting files

39

Linux vs. Windows Commands

40


Module-5 : Linux System Administration

Linux File Editor

41

vi Editor

42

Exit from Vi shift + z + z

Undo u

Difference Between vi and vim Editor

43 44 45

sed Command

46

  1. replace a word and just show the resultsed 's/oedram/pedram/g' <fileName>

  2. replace a word and write to that filesed -i 's/oedram/pedram/g' <fileName>

  3. delete a wordsed 's/pedram//g' <fileName>

  4. delete all the line which have specific word sed '/pedram/d' <fileName>

  5. remove empty lines from a file sed '/^$/d' <fileName>

  6. remove first line of the file sed '1d' <fileName>

  7. remove first two line of the file sed '1,2d' <fileName>

  8. replace tabs with space sed 's/\t/ /g' <fileName>

  9. just show line 12 be bad sed -n 12,18p <fileName>

  10. make empty line after every line sed G <fileName>

  11. replace every word except word in line number 8 sed '8!s/oedram/pedram/g' <fileName>

  12. in vim editor :%s/oedram/pedram/g

User Account Management (useradd, groupadd, usermod, userdel, groupdel)

47

create user

  1. create user useradd spiderman
  2. get use id id spiderman
  3. assign a password passwd 123456

modify user

  1. modify a user account usermod -G <groupName> <userName>

delete user

  1. delete a use with homeDir userdel -r spiderman
  2. show all groups cat /etc/groups or grep spederman /etc/group

create group

  1. create a group groupadd superheros
  2. show all groups cat /etc/groups

delete group

  1. delete a group groupdel superheros

cat /etc/passwd

username: password : userId : groupId : description : homeDir : shell

cat /etc/group

groupName: groupPassword: groupId : users are part of this group

cat /etc/shadow

show information about users passwords

Password Aging

48

49

Switch Users and sudo Access

50

grant root access to the user

  • /etc/sudoers : and add the user
root ALL=(ALL)    ALL
pedram ALL=(ALL)    ALL
  • or add the user to the sudoers group

usermod -aG wheel pedram

  • then with your username you can run sudoers command : sudo pedram

Monitor Users

51

  1. who : information about how many people are logged in; when there is height load an the system and you want to see who are logged to the system.
  2. last: tell you all the details are the users that logged in.
  • last | awk '{print $1}' | sort | uniq
  1. w : give you little more information.
  2. finger
  3. id or id username : get information about yourself.

Talking To Users

52

  1. wall + message + (ctrl + d) : broadcast a message to all users who loggedIn.
  2. write username : send message directly to the user.

Linux Directory Service - Account Authentication

LDAP is a Protocol NOT Directory service

53

Difference between AD,LDAP,IDM,WinBIND,OpenLDAP

54

System Utility Commands

55

uptime

56

which

which <command> tell you about command

bc

bc command line calculator

Processes and Jobs

Application or service

it's like a program that's run into your computer, for example NTP - NFS - rsyslog - Apache.

In Windows, daemons are called services, and behave exactly how daemons were previously described. They exist and operate independent of a user’s login session, and its status can be observed under the Services tab of Windows Task Manager.

Script

script is something that written in a file, and they can be execute.

Process

when you run an application it actually generate process with process id.

An instance of a particular executable that is being executed: For example this could be an .exe program file or a Linux binary. A given application may have several processes running simultaneously.

Typically, an executing program can exist in one of three states: Running: Active Sleeping: Inactive Zombie: A process that has completed execution, but still has an entry in the process table

Daemon

is constituently runs in the background.

A process which runs in the background and is not interactive. They have no controlling terminal on their own from the user’s perspective from the desktop. They continue to exist and operate regardless of any user being logged into the server if the computer is on.

Threads

every process could have multiple threads.

Job

a job is something that is created by scheduler like a workorder to run those application and services.

57

ps command

58

top command

59 60

kill command

61 62

Crontab Command

63

at command

64 65

Additional Cron Jobs

66

Process Management

67

System Monitoring

68

netstat -rnv

Log Monitoring

69

System Maintenance Commands

70

changing System Hostname

71

finding System Information

72

cat /etc/os-release

System Architecture

73

Terminal Control Keys

74

Terminal Commands

75

watch and save all terminal activity script activity.lgo

for exit of exit

Recover Root Password

76

SOS Report

77

Environment Variables

78

79

Special Permissions with setuid, setgid and sticky bit

80

81

  1. which passwd
  2. ls - l /usr/bin/passwd
  3. with user pedram runpasswd
  4. go to another terminal and ps -ef | grep passwd
  5. you see this command run by root

83 84


Module-6 : Shell Scripting

Linux Kernel

85

Introduction to Shell

86

Types of Linux shells

87

Shell Scripting

88

Basic scripts

#!/bin/bash

# commands 
pwd
echo
hostname
echo
ls -ltrh

# define variables
fullName = 'pedram aghasian'
echo my name is $fullName

Input/Output of Script

89

#!/bin/bash

a = `hostname`
echo Hell, my hostname is $a
echo
echo What is your name ?
read NAME
echo
echo Hello $NAME
echo

if-then Scripts

90

#!/bin/bash

count = 100
if [ $count -eq 100 ]
then
    echo Count is 100
else
    echo Count is not 100
fi
#!/bin/bash

clear
if [ -e /home/pedram/secrete.txt ]
then
    echo "file secrete.txt is exist"
else
    echo "secrete.txt is not exits"
fi

For Loop Scripts

91

#!/bin/bash

for i in 1 2 3 4 5
do
    echo $i
done

do-while Scripts

92

#!/bin/bash

c = 1
while [ $c -le 5]
do
    echo welcome $c 
    ((c++))
done

Case Statement Scripts

93

check other servers connectivity

Aliases

94

alias show all aliases

unalias <aliasName> delete an alias

Shell History

  1. show history history
  2. run commands witch in history !<command number> !405
  3. history location cat /home/pedram/.bash_history

Module-7 : Networking, Services, System Updates

Network Components

95

Network files and Commands

96

netstat -rnv

tcpdump -i <interface>

NIC Information

97

NIC Bonding

98

99

New Network Utilities

100

101

102

Download Files or Apps

103

curl and ping commands

104

what if server is up but page is down ?? in this case you should use curl command.

you can use curl -O <url> instead of wget for downloading.

FTP - File Transfer Protocol

105

106

Configure FTP

107

on Ubuntu

  1. sudo apt install vsftpd
  2. apt list | grep vsftpd
  3. sudo service vsftpd status
  4. cp /etc/vsftpd.conf /etc/vsrftpd.conf.orig
  5. sudo nano /etc/vsftpd.conf
listen=NO
 listen ipv6=YES 
anonymous_enable=NO
 local_enable=YES 
write_enable=YES
 local_umask=022
 dirmessage_enable=YES 
use_localtime=YES xferlog_enable=YES
 connect_from_port_20=YES
 chroot_local_user=YES 
secure_chroot_dir=/var/run/vsftpd/empty 
pam_service_name=vsftpd 
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 ssl_enable=NO  
pasv_enable=Yes 
pasv_min_port=10000 
pasv_max_port=10100 
allow_writeable_chroot=YES
  1. systemctl enable vsftpd

FTP Client Configure

108

if see this error follow as blew

500 Illegal PORT command.

go to passive mode in ftp> pass

SCP - Secure Copy Protocol

SCP use SSH protocol

109

110

configure SCP

111

rsync - Remote Synchronization

rsync use SSH protocol

112 113

configure rsync

114

System Updates and Repository

115

System Upgrade/Patch Management

116

Create Local Repository from cd/dvd

117

  1. make a directory
  2. copy all your content to that directory
  3. go to your local repo directory and run dpkg-scanpackages . /dev/null > Release
  4. give you current directory size du -sh .
  5. give you system space df -h
  6. vim /etc/apt/source.list
  7. add the blew line to that file
 deb [trusted=yes] file:///opt/debs ./

Advance Package Management

118

dpkg and apt are both package management tools for Ubuntu and other Debian-based Linux distributions.

dpkg (Debian Package Manager) is the low-level tool for installing, removing, and managing Debian packages. It is used to install, remove and manage Debian packages. It works on the package files themselves, and does not have the advanced dependency resolution capabilities of apt.

apt (Advanced Packaging Tool) is a higher-level tool that is built on top of dpkg. It provides a more user-friendly interface for managing packages, and also includes advanced features such as dependency resolution, package searching, and automatic updates. It is the recommended tool for managing packages on Ubuntu and other Debian-based Linux distributions.

In short, dpkg is the underlying package management system for Ubuntu and apt is a user-friendly front-end for managing packages on Ubuntu.

  1. check if a package is installed

dpkg -l | grep package-name

apt list --installed package-name

  1. remove package

sudo apt remove package-name

sudo apt autoremove

sudo dpkg -r package-name for deleting packages which installed with dpkg -i

  1. check dependency of a package

apt-cache showpkg package-name

apt-cache search package-name

apt show package-name

  1. install package

sudo apt install package-name

sudo dpkg -i package-name.deb

install dependency with this sudo apt-get install -f command and then run sudo dpkg -i .deb

  1. show configuration of package which installed

dpkg -L package-name

dpkg-query -L package-name

sudo find / -user root -group root -name "*package-name*"

  1. which package this command belongs to

dpkg -S /usr/bin/pwd

  1. search about a package on the repository

apt-cache search package-name

apt-cache policy package-name

Rollback Updates and Patches

119

In short, apt update updates the package list, apt upgrade upgrades the packages. It is a good practice to run apt update regularly to keep your package list up to date and apt upgrade periodically to keep your system up to date.

sudo apt-get install example=1.0

show apt history

apt history

cat /var/log/apt/history.log

SSH and Telnet

120 121

DNS = Domain Name System,

122

Hostname / IP lookup

  1. nslookup www.google.com

  2. dig www.google.com

NTP (Network Time Protocol)

123

NTP prot 123

chronyd (replace to ntpd)

In conclusion, while ntpd is a more traditional and comprehensive NTP implementation, chronyd provides a faster and more efficient solution for NTP synchronization, making it a better choice for resource-constrained systems and systems that require fast and efficient NTP synchronization.

124

timedatectl

125 126

Send Mail

you should always got to /etc/mail/sendmail.mc and make your change into that file and then compile that. go not go straight to /etc/mail/sendmail.cf

127

Web Server (httpd)

Central Logger (rsyslog)

128

Linux OS Hardening

129

user account

  1. see all users : cat /etc/passwd
  2. change user password polices with chage or chage -l <username>
  3. or change system password polices for all users /etc/login.defs
  4. learn about /etc/pam.d

Remove un-wanted packages

  1. list all packages apt list --installed | wc -l

Stop un-used Services

  1. show all services systemctl -a

Check on Listening Ports

  1. show all open port netstat - tunlp

Secure SSH Configuration

  1. go to /etc/ssh and secure ssh protocol

Enable Firewall (iptables/firewalld)

  1. firewall gui firewall-config

  2. firewall cli firewall-cmd --help

  3. iptables --help

Enable SELinux

Change Listening Port Number

Keep your system update

OpenLDAP Installation

130

Trace Network Traffic (traceroute)

get your gateway netstat -rnv

131

How to Open an Image File

132

apt install imageMagick

display <imageName>

Configure and Secure SSH

7-31

Access Remote Server without Password

7-32

Cockpit

133

134

FireWall

135

136

ufw, iptables, and firewalld are all firewall configuration tools that are commonly used on Linux systems. Here are some differences between them:

ufw (Uncomplicated Firewall): This is the default firewall configuration tool for Ubuntu. It is designed to be easy to use and is based on iptables. It uses a simple command-line interface and is designed to provide a basic level of protection. It can be used to set up rules that allow or block incoming and outgoing traffic.

iptables: This is a traditional Linux firewall tool that has been around for a long time. It uses a more complex command-line interface and provides more granular control over the firewall configuration. It can be used to set up rules that allow or block incoming and outgoing traffic, as well as to perform more advanced network address translation (NAT) and packet filtering.

firewalld: This is the default firewall configuration tool for many newer Linux distributions, such as Fedora, RHEL, and CentOS. It is designed to be more dynamic and flexible than ufw and iptables. It uses a command-line interface as well as a graphical interface to allow for easy configuration of firewall rules. It can be used to set up rules that allow or block incoming and outgoing traffic, as well as to perform more advanced features such as port forwarding, masquerading, and network zones.

In summary, while all of these tools can be used to configure a firewall on a Linux system, they differ in their complexity, ease of use, and level of flexibility. ufw is the simplest and easiest to use, while firewalld is the most flexible and dynamic. iptables is the most powerful and provides the most granular control, but it has a steeper learning curve.

check which firewall is installed

  1. sudo ufw status
  2. sudo iptables -L
  3. sudo firewall-cmd --state

iptables

137

138

Tables: Think of tables like different boxes that hold different kinds of toys. Each box has a label on it, such as "Toy Cars," "Stuffed Animals," or "Board Games." In iptables, the different boxes are called tables, and each table holds a different set of rules for filtering packets.

Chains: Within each table, there are different chains, which are like shelves inside the box. Each shelf has a label on it, such as "Red Cars," "Big Stuffed Animals," or "Puzzle Games." In iptables, the different shelves are called chains, and each chain holds a set of rules that apply to a specific type of packet.

In summary, the input chain filters incoming packets that are directed towards the local system, the output chain filters outgoing packets that are generated by the local system, and the forward chainfilters packets that are passing through the local system from one network to another.

Targets: Finally, targets are like bins that the toys can be sorted into based on their characteristics. For example, there might be a bin labeled "Broken Toys" for toys that are damaged, or a bin labeled "Toys for Charity" for toys that are being donated. In iptables, the different bins are called targets, and each target specifies what should happen to a packet that matches the rules in the chain.

So to sum up, in iptables, tables are like boxes that hold different sets of rules, chains are like shelves inside the box that hold rules for specific types of packets, and targets are like bins that determine what should happen to packets that match the rules in the chain.

139

140

Firewalld

141

142

143

144

145

Tune System Performance

146

147

148

149

150

nic/renice

151

152

153

Run Containers

154

155

156

Podman

157

158

159

160

161

Kickstart (Automate Linux Installation)

162

163

164

165

7-37 9:11