Recently I took a course on Linux command line and shell scripting, below are the notes I took which I decided to write into a blog to refer to for future reference (there's no way I could remember all of this in a single sitting)
1. Kernel vs Shell
OS has 3 layers:
- Application layer - User apps, Daemons
- Shell - Command line interface.
- Kernel - Hardware management, memory management, I/O Handler, CPU, process management. Closest layer to the hardware
The kernel controls and mediates access to hardware, for example, it schedules and allocates system resources like memory, CPU, disk etc.
The shell works as an interface to access the services provided by the OS.
We can further breakdown the layers into the following:
- User space - If you run a for loop etc, you are in user space. But when you want to perform an operation such as, write to the disk, for example, save a file, then it needs to talk to the kernel space. As the application can't directly talk to the hardware.
- Kernel space - Processes and managers such as memory manager, network interface live in the kernel space. This space can directly speak to the hardware.
- Hardware
Useful command to see the total time used in each space 'time'. For example, if we did 'time ifconfig lo'
2. Command line chaining
Run process in a background:
- ping -c 5 8.8.8.8 & (if we don't add the count 5, the process will continue to run in the background until you kill the process ID)
Run multiple commands but wait till the previous command finishes:
- command1;command2 - mkdir delete; rm -r delete
See the command execution result:
- echo $? - so if you did ping -c 1 google.com1 and then ran the command 'echo $?', it will return 2.
- 0 = succesful, 1= general errors, 2= failure
Run command if the previous command was succesful:
- mkdir docs && cd docs
Run command if the previous command failed:
- vim notes.txt || touch notes.txt
Group commands:
- (cd docs) || (echo no folder docs && mkdir docs)
Pipe command :
- | - send args from the previous command to the following command
3. System Hardware
Return hardware information:
- lscpu
List range of available memory:
- lsmem
List block devices:
- lsblk
List drivers:
- lsmod
CPU information:
- lscpu
USB devuces:
- lsusb
Dump a computer's DMI (Destktop Management Information - System Management BIOS, or SMBIOS) table contents:
- dmidecode
Total up time:
- uptime
Calender:
- cal
4. Disk and File System Permissions
Path locations:
- /usr/bin= user binary
- /boot = kernel/boot load partions
- /dev = devices
- /etc = config files
- /lib* = shared libariries
- /media= usb devices etc
- /opt = installing addtional programs
- /proc = process IDs
- /sys = stores some kernal stuff
- /var = stores var logs
breakdown of a files permissions and data (ie ls -l):
- suuugggwww user group size datetime filname
Sticky bit - Every user is able to make files in thatfolder but other users can't modify it (regardless of who owns the directory)
Setuid - Despite who can run the file, it will run as it's owner.
Symbiotic links - 'ln' command are like shortcuts in windows. Can delve further into this with information about inodes but that's be for another time.
421 = rwx
'dd' command can be used to backup files/filesystem.
5. Processes, Services and Performance management
ps -auxf [f] = see the child process, parent process etc
%cpu and %mem = time/time of execution
- vsz = virtual mem usage = swap (disk space memory space) in KB
- rss = pyshical memory (non swap memory)
- tty = correspodning controlling terminal. ? = no tty or can't be querired
- stat = state of every process (see man ps and search PROCESS STATE CODES to see what the acromyns mean)
- time = execution time
sort -k = sort by column
pgrep
top
pstree
kill -9 = if the process recv this signal - then kill it (check tutorials point on unix signals traps
htop
pkill = accepts the name of the app/binary to kill
lsof = list of files
pgrep firefox > get ID > go to /proc/ID to see all the files
so in /proc - you can see the CPU usage by catting the file
6. Managing Users and Groups
/etc/passwd columns:
username/passwordplaceholder/UID/GROUPID/desc/HOMEPATH/default shell
/etc/shadow - contains the hashes
USER/ALGORITH($6$)/SALT/HASHPART/TIMEDATE SINCE A DATE/SHOULD CHANGE?/EXPIRY(9999 MEANS NEVER)/WARNING TIME BEFORE PASSWORD EXPIRES (7 = DYAS)
/etc/group
USER/GROUPPASSWORD/GUID
sudo useradd
sudo adduser
sudo passwd hona = change hona password
sudo userdel
sudo groupadd
groups USERNAME
sudo usermod -a -G GROUP USER
sudo chage
sudo usermod
getfacl = get file access control lists
setfacl = set file access control lists
sudoers
w = what users are connected to us
who - same as w but less details
who -a
last - intersting to see user sessions
find / -user USERNAME -CTIME +1 -CTIME -5 2>/DEV/NULL = find files modified by user sin the last 5 days
lastb
7. Networking
iproute2 replaces net tools
ip
ip -s
mtu = maximum transmission unit
qlen = queue length
netplan
.yaml
netplan apply
ip r = seeing routing table = whoever wants to talk to DEST then go through HERE (format)
previously =route - ip routing table
ip r get IP - see the default gateway to the IP
ip r add IP dev DEV
to remove - same above but change add to del
ip nei - ip neighbough
traceroute =trace route that a packet has taken from HOST to DEST
traceroute -T -p 80 HOSTNAME - to trace to a port
dig = help for dns querying
dig @8.8.8.8 DOMAIN
host
host IP = get the domain for an IP
ieft
sudo ufw allow 22 - open port 22
sudo ufw status
key based auth
ssh-copy-id
putty
run commands via ssh - ssh username@IP 'COMMAND'
proxychains
port forwarding - ie- sudo ssh username@IP -L IP:PORT:IP:PORT -N -C = send from the first ip/port to ip/port
rsync - sync folder 1 with 2
iptables is an interface for netfilter - by linux kernal
iptables
sudo iptables -L
change packet properties
Change TTL
uncomplicated firewall
logs = sudo tail -f /var/log/ufw.log
sudo ufw deny from IP
systemd-resolve -h
8. Deep System Visibility
sysdig installation
Comments
Post a Comment