Study points for the RHCSA exam

Regular expressions

. caractérise n’importe quel caractère

* signifie de 0 à n fois le caractère qui précède

• a* 0 à n fois a. En grep, esta expresión imprimirá todas las líneas del archivo debido a que el comando buscará líneas que contenta de 0 a n a.
• aa* au moins un a. En grep, esta expresión imprimirá todas las líneas que contengan al menos una a.
• aaa* au moins deux a. En grep, esta expresión imprimirá todas las líneas que contengan al menos dos a seguidas (aa).
• .* n’importe quelle chaîne de caractères (y compris la chaîne vide)

[] un des caractères entre crochets

[abc] a, b ou c

[a-z] une lettre minuscule

[a-d5-8w-z] a, b, c, d, 5, 6, 7, 8, w, x, y, z

[^ ] si le premier caractère est ^, alors caractérise ceux qui ne correspondent pas avec ceux entre crochet.

[^a-zA-Z] pas une lettre

En el caso de grep, al usar la opción [^ ] el comando desplegará todas las líneas del archivo, pero serán resaltadas (en rojo) todos los caracteres que no correspondan con la expresión especificada después del ^. Por ejemplo:

grep [^0-9] despliega todas las líneas del archivo y resalta en rojo todo lo que no es un número.

Si queremos que no sean desplegadas las líneas que contienen 0-9, debemos usar la opción -v del comando grep

egrep -v [7-9] passwd

^ début de ligne

• Líneas que empiezan por c:

egrep ^c passwd
egrep ^[c] passwd

• Líneas que empiezan por me:

egrep ^me passwd

• Líneas que empiezan por "c" o por "d":

egrep ^[cd] passwd

$ fin de ligne

• Líneas que finalizan por c:

egrep c$ passwd
egrep [c]$ passwd

Lignes qui ne contient que des chiffres

^[0-9][0-9]*$

\( \) isoler des sous-chaînes. On peut les réutiliser grâce à \1 \2. Ver ejemplo en con sed

grep - egrep

egrep [options] [expression] [fichier]

Algunas opciones:

• -i pas de différence entre majuscule et minuscule
• -c compte le nombre de lignes
• -v inverse le résultat
• -n despliega el número de línea

Algunos ejemplos:

Número de líneas en donde se encuentra la palabra bash:
egrep -c bash/etc/passwd
3

egrep -c BASH/etc/passwd
0

egrep -ci BASH/etc/passwd
3

Número de líeas en donde NO se encuentra la palabra bash: 
egrep -civ BASH/etc/passwd
33

Líneas en donde se encuentra ba o sa
egrep "ba|sa" /etc/passwd

find

http://www.binarytides.com/linux-find-command-examples/

find [chemin] [expression...]

find ./test -name "abc.txt"

find ./test -name "*.php"

find ./test -iname "*.Php"

find ./test -maxdepth 2 -name "*.php"
./test/subdir/how.php
./test/cool.php

find ./test -maxdepth 1 -name *.php
./test/cool.php

find ./test -not -name "*.php"
./test
./test/abc.txt
./test/subdir

find ./test ! -name "*.php"

find ./test -name 'abc*' ! -name '*.php'
./test/abc.txt
./test/abc

find -name '*.php' -o -name '*.txt'
./abc.txt
./subdir/how.php
./abc.php
./cool.php

find ./test -type f -name "abc*"
./test/abc.txt

find ./test -type d -name "abc*"
./test/abc

find ./test ./dir2 -type f -name "abc*"
./test/abc.txt
./dir2/abcdefg.txt

find ~ -type f -name ".*"

Filtre-éditeur sed

Commande très puissante (presque un mini-langage de script)

sed 's/regexp/replacement/g' file

$ echo -e "Du:texte:en:colonnes\nEt:sur:deux:lignes" > colonnes.txt && more colonnes.txt
Du:texte:en:colonnes
Et:sur:deux:lignes

$ sed 's/te/tt/' colonnes.txt
Du:ttxte:en:colonnes
Et:sur:deux:lignes

$ sed -i 's/te/tt/g' colonnes.txt && more colonnes.txt
Du:ttxtt:en:colonnes
Et:sur:deux:lignes

$ sed -i 's/te/tt/g' colonnes.txt otro.txt
$ sed -i 's/te/tt/g' *

$ echo "ceci est un poids : 676Kg" | sed -e 's/^[^0-9]*\([0-9][0-9]*\).*/Valeur=\1/'
Valeur=676

^[^0-9]* : Depuis le debut de la ligne prendre un caractère qui n'est pas un chiffre répété * fois.
\([0-9][0-9]*\) : Capture un chiffre suivi d'un autre chiffre répété * fois.
\1 : Le chiffre qu'on a capturé est placé grace à cet expression.

touch

Modifie la date d’accès et la date de modification d’un fichier; les fichiers n’existant pas sont créés, leur contenu est vide. Souvent utilisé pour créer des fichiers vides.

cat

Para desplegar el número de línea:

cat -n file

The -b / --number-nonblank option number all nonempty output lines, starting with one and the syntax is:

cat -b file

cat > file.txt
<texte frappé au clavier>
Ctrl + D

more

Afficher le contenu d’un fichier page par page.

tail

Donne les dernières lignes d’un fichier.

tail [-n number] [filename...]

heat

Donne les n premières lignes du fichier. Par défaut, n = 10

head [-number j -n number] [filename...]

wc

Compte le nombre de lignes, de mots et de caractères des fichiers.

wc [options] [<fichier> ...]

-w (words),-l (lines),-c (Characters)

wc prueba.txt
1 10 52 prueba.txt

cut

Permet de découper les lignes d’un fichier en champs et d’extraire des champs particuliers

cut -f<liste> [-d<caractère>]

How to cut by byte position: -b

echo 'baz' | cut -b 2
a
echo 'baz' | cut -b 1-2
ba
echo 'baz' | cut -b 1,3
bz

How to cut by character: -c

How to cut based on a delimiter: -d<delimiter> -f<field that should be cut>

names.csv

John,Smith,34,London
Arthur,Evans,21,Newport
George,Jones,32,Truro

cut -d',' -f1,4 names.csv
John,London
Arthur,Newport
George,Truro

How to cut by complement pattern: --complement

echo 'foo' | cut --complement -c 1
oo

In the following example the -c option is used to select the first character. Because the --complement option is also passed to cut the second and third characters are cut.

How to modify the output delimiter: --output-delimiter

echo 'how;now;brown;cow' | cut -d ':' -f 1,3,4 --output-delimiter=' '
how brown cow

tr

tr [option] [set1] [set2]

Convertir minúsculas en mayúsculas o viceversa

echo "essai : tagada" | tr a-z A-Z
ESSAI : TAGADA

echo "essai : tagada" | tr [:lower:] [:upper:]

tr <file.txt a-z A-Z

Eliminar espacios en blanco

echo "essai :         tagada" | tr -s " "
essai : tagada

sort

sort is a simple and very useful command which will rearrange the lines in a text file so that they are sorted, numerically and alphabetically. By default, the rules for sorting are:

sort [OPTION]... [FILE]...

• Lines starting with a number will appear before lines starting with a letter;
• Lines starting with a letter that appears earlier in the alphabet will appear before lines starting with a letter that appears later in the alphabet;
• Lines starting with a lowercase letter will appear before lines starting with the same letter in uppercase.

The rules for sorting can be changed according to the options you provide to the sort command; these are listed below:

Algunas opciones:

• -r, --reverse: Reverse the result of comparisons.
• -t séparateur
• -k champ

Let's say you have a file, data.txt, which contains the following ASCII text:

apples
oranges
pears
kiwis
bananas

sort data.txt  will produce the following output:

apples
bananas
kiwis
oranges
pears

Note que por defecto el comando sort reescribe el mismo archivo. Si queremos que el resultado sea escrito en otro archivo debemos:

• Usar la opción -o:

sort -o output.txt data.txt

• o redireccionar la salida hacia un archivo:

sort data.txt > soutput.txt

Opción -k

For instance, if you have an input file data.txt With the following data:

01 Joe
02 Marie
03 Albert
04 Dave

...and you sort it without any options, obtendrás el mismo archivo. If you want to sort based on the names, you can use the option -k:

sort -k2 data.txt

This command will sort the second field, and ignore the first. It will produce the following output:

03 Albert
04 Dave
01 Joe
02 Marie

Opción -t

Si nuestro input file data.txt es así:

01:Joe
02:Marie
03:Albert
04:Dave

... y queremos ordenar en base a los nombres, debemos indicar que el separador de campos es : (ya que el comando considera el espacio en blanco como el separador por defecto).

sort -t: -k2 data.txt

Algunos ejemplos

cat /etc/passwd | grep adelo | cut -f7 -d:
/bin/bash

cat /etc/passwd | grep adelo | cut -f7 -d: | sed -e 's/\//*/'
*bin/bash

cat /etc/passwd | grep adelo | cut -f7 -d: | sed -e 's/\//*/g'
*bin*bash

Why Use SSH

Potential intruders have a variety of tools at their disposal enabling them to disrupt, intercept, and re-route network traffic in an effort to gain access to a system. In general terms, these threats can be categorized as follows:

Interception of communication between two systems:

The attacker can be somewhere on the network between the communicating parties, copying any information passed between them. He may intercept and keep the information, or alter the information and send it on to the intended recipient.

This attack is usually performed using a packet sniffer, a rather common network utility that captures each packet flowing through the network, and analyzes its content.

Impersonation of a particular host:

Attacker's system is configured to pose as the intended recipient of a transmission. If this strategy works, the user's system remains unaware that it is communicating with the wrong host.

This attack can be performed using a technique known as DNS poisoning, or via so-called IP spoofing. In the first case, the intruder uses a cracked DNS server to point client systems to a maliciously duplicated host. In the second case, the intruder sends falsified network packets that appear to be from a trusted host.

Main Features

The SSH protocol provides the following safeguards:

No one can pose as the intended server

After an initial connection, the client can verify that it is connecting to the same server it had connected to previously.

No one can capture the authentication information

The client transmits its authentication information to the server using strong, 128-bit encryption.

No one can intercept the communication

All data sent and received during a session is transferred using 128-bit encryption, making intercepted transmissions extremely difficult to decrypt and read.

Additionally, it also offers the following options:

It provides secure means to use graphical applications over a network:

Using a technique called X11 forwarding, the client can forward X11 (X Window System) applications from the server.

It provides a way to secure otherwise insecure protocols:

The SSH protocol encrypts everything it sends and receives. Using a technique called port forwarding, an SSH server can become a conduit to securing otherwise insecure protocols, like POP, and increasing overall system and data security.

It can be used to create a secure channel:

The OpenSSH server and client can be configured to create a tunnel similar to a virtual private network for traffic between server and client machines.

It supports the Kerberos authentication:

OpenSSH servers and clients can be configured to authenticate using the GSSAPI (Generic Security Services Application Program Interface) implementation of the Kerberos network authentication protocol.

⁠

Runlevel - Targets Definition

http://www.linfo.org/runlevel_def.html

A runlevel is a preset operating state on a Unix-like operating system.

A system can be booted into (i.e., started up into) any of several runlevels. They allow access to a different combination of processes (i.e., instances of executing programs).

Booting into a different runlevel can help solve certain problems. For example, if a change made in the X Window System configuration on a machine that has been set up to boot into a GUI has rendered the system unusable, it is possible to temporarily boot into a console (i.e., all-text mode) runlevel (i.e., runlevels 3 or 1) in order to repair the error and then reboot into the GUI. The X Window System is a widely used system for managing GUIs on single computers and on networks of computers.

Likewise, if a machine will not boot due to a damaged configuration file or will not allow logging in because of a corrupted /etc/passwd file (which stores user names and other data about users) or because of a forgotten password, the problem can solved by first booting into single-user mode (i.e. runlevel 1).

https://www.certdepot.net/rhel7-boot-systems-different-targets-manually/

Systemd: Current State

With Systemd, new commands are available:

• systemctl rescue: to move to single user mode/maintenance level with mounted local file systems,
• systemctl emergency: to move to single user mode/maintenance with only /root mounted file system,
• systemctl isolate multi-user.target: to move to multi-user level without graphical interface (equivalent to previous run level 3),
• systemctl isolate graphical.target: to move to multi-user level with graphical interface (equivalent to previous run level 5),
• systemctl set-default graphical.target: to set the default run level to multi-user graphical mode,
• systemctl get-default: to get the default run level.

To boot into a systemd target from the grub menu, append to the kernel line for example:

systemd.unit=graphical.target

Init: In the old days

Before Systemd.

The are differences in the runlevels according to the operating system. Seven runlevels are supported in the standard Linux kernel (i.e., core of the operating system). They are:

• 0: System halt; no activity, the system can be safely powered down.
• 1: Single user: maintenance level. Rarely used.
• 2: Multiple users. without network resources (no NFS[network filesystem], etc). Also used rarely
• 3: multi-user level without graphical interface. The standard runlevel for most Linux-based server hardware.
• 4: User-definable.
• 5: multi-user level with graphical interface. The standard runlevel for most Linux-based desktop systems.
• 6: rebooting.

To get the current run level:

runlevel

To change the current run level (where X is the run level), type:

init X

The default runlevel for a system is specified in the /etc/inittab file, which will contain an entry such as id:3:initdefault: if the system starts in runlevel 3, or id:5:initdefault: if it starts in runlevel 5.

The runlevel into which the system boots can be changed by modifying /etc/inittab manually with a text editor. However, it is generally easier and safer (i.e., less chance of accidental damage to the file) to use telinit. It is always wise to make a backup copy of /etc/inittab or any other configuration file before attempting to modify it manually.

What is a process

https://en.wikipedia.org/wiki/Process_(computing)

In computing, a process is an instance of a computer program that is being executed.

A computer program is a passive collection of instructions, while a process is the actual execution of those instructions.

top: To get a dynamic real-time view of a running system - processes being managed by the Linux kernel

https://www.certdepot.net/sys-identify-cpu-memory-intensive-processes/

The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel.

top

(use ‘virt-top‘ on a KVM hypervisor)

ps: To get details about processes

ps -edf
ps -eF
ps -ely

Para ver el arbol de procesos (parent/child process tree): https://docs.oseems.com/general/operatingsystem/linux/view-process-tree

ps auxf
pstree

Process Priority

https://www.nixtutor.com/linux/changing-priority-on-linux-processes/

The Processor or CPU is like a human juggling multiple tasks at the same time. Sometimes we can have enough room to take on multiple projects. Sometimes we can only focus on one thing at a time.

In Linux we can set guidelines for the CPU to follow when it is looking at all the tasks it has to do. These guidelines are called niceness or nice value.

The Linux niceness scale goes from -20 to 19. The lower the number the more priority that task gets. If the niceness value is high number like 19 the task will be set to the lowest priority and the CPU will process it whenever it gets a chance. The default nice value is zero.

top, ps: Checking the Priority of Running Processes

The nice value es marked as NI.

A través del comand top:

top

A través del comando ps:

ps -eo pid,ni,comm

ps -eo pid,uid,ppid,pri,ni,comm,cmd

ps -o pid,uid,ppid,pri,ni,comm,cmd -p 3029

nice -n 10 apt-get upgrade

renice 10 -p 21827

renice +5 `pgrep script.sh`

/etc/security/limits.conf

[username] [hard|soft] priority [nice value]

backupuser hard priority 1

Kill processes

kill -9 789

Alternatively:

pkill script.sh

System Reporting

To display details about IO activities, type:

iostat

To show network card activities, type:

netstat -i

To display socket activities, type:

netstat -a

To get details about virtual memory activities (memory, swap, run queue, cpu usage, etc) every 5 second, type:

vmstat 5

To get a full report of a server activity, type:

sar -A

Linux Memory Usage

free -m

What is a Log file

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/System_Administration_Guide/ch-logfiles.html

Log files are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks.

Log files can be very useful when trying to troubleshoot a problem with the system such as trying to load a kernel driver or when looking for unauthorized log in attempts to the system.

Locating Log Files

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/System_Administration_Guide/ch-logfiles.html

Most log files are located at:

/var/log/

Some applications such as httpd and samba have a directory within /var/log/ for their log files.

Notice the multiple files in the log file directory with numbers after them. These are created when the log files are rotated. Log files are rotated so their file sizes do not become too large. The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory. By default, it is configured to rotate every week and keep four weeks worth of previous log files.

Common Log Files

Syslogd

https://fr.wikipedia.org/wiki/Systemd

Systemd is an init used in Linux distributions to bootstrap the user space and manage all processes subsequently.

Some log files are controlled by syslogd. A list of log messages maintained by syslogd can be found in the /etc/syslog.conf configuration file.

Systemd primary task is to manage the boot process and provides informations about it.

To get the boot process duration, type:

systemd-analyze

To get the time spent by each task during the boot process, type:

systemd-analyze blame

passwd

cat /etc/passwd

Este archivo incluye:

System users: Usuarios creados por el sistema para distintos propósitos.

Normal users: Creados por usuarios para ingresar al sistema. Ej. adelo , root

Each user account have a unique number, the UID. It's common to give programs (sytem users) an account with a low number (lower than 1000), and real people (normal users) an account with a higher number (1000 and up) so that programs that check user accounts can easily distinguish between them should they need to. https://ubuntuforums.org/showthread.php?t=1146686

Also, system users are non privileged, have no password set (*) or disabled (!), and often use /bin/false or /bin/sh instead of /bin/bash (este último es usado para normal users). https://ubuntuforums.org/showthread.php?t=1146686

Si queremos listar sólo los normal users: http://askubuntu.com/questions/437224/list-all-non-system-users

I do not clear solution. But I can help you to find real users.

First solution:

In /etc/passwd, last column showing default shell/ command. In Ubuntu it is usually /bin/bash, but it is not a rule. So you can try:

sudo grep '/bin/bash' /etc/passwd | cut -d: -f1

Also usually real users home folder located in /home. You can try:

sudo grep '/home/' /etc/passwd | cut -d: -f1

Or both of them:

sudo grep -E '/home.*/bin/bash' /etc/passwd | cut -d: -f1

Get User ID and Groups Information: id command

http://www.hostingadvice.com/how-to/linux-add-user-to-group/

To show all the user information and group memberships, we can use the id command:

id adelo

El siguiente archivo contiene los mots de passe de los usuarios pero en un formato crypté

/etc/shadow

Listar todos los grupos a los cuales pertenece un usuario

id -Gn someusername 

returns the list of groups for the specified user

groups someusername

Listar todos los miembros de un grupo

https://www.cyberciti.biz/faq/linux-list-all-members-of-a-group/

grep 'grpup-name-here' /etc/group

awk -F':' '/ftponly/{print $4}' /etc/group

También podemos usar el comando members:

members grpup-name-here

En Red Hat creo "lid" sería el comando análogo.