├── .gitignore
├── LICENSE
├── README.md
└── logo.png


/.gitignore:
--------------------------------------------------------------------------------
1 | **/TODO.md
2 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <https://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
   1 | <p align="center"><img width="150" alt="portfolio_view" src="logo.png"></p>
   2 | 
   3 | <h1 align="center">CompTIA Linux+ Certificate Notes</h1>
   4 | 
   5 | - [Users and Groups](#users-and-groups)
   6 |   - [Users: Create, Modify, and Delete](#users-create-modify-and-delete)
   7 |   - [Groups: Create, Modify, and Delete](#groups-create-modify-and-delete)
   8 |   - [Query Users and Groups](#query-users-and-groups)
   9 |   - [Account Profile](#account-profile)
  10 | - [Permissions and Ownership](#permissions-and-ownership)
  11 |   - [File and Directory Permissions](#file-and-directory-permissions)
  12 |   - [File and Directory Ownership](#file-and-directory-ownership)
  13 |   - [Special Permissions and Attributes](#special-permissions-and-attributes)
  14 |   - [Access Control Lists (ACLs)](#access-control-lists-acls)
  15 |   - [Troubleshooting Permissions Issues](#troubleshooting-permissions-issues)
  16 | - [Storage](#storage)
  17 |   - [File Systems](#file-systems)
  18 |   - [Partitioning](#partitioning)
  19 |   - [`/etc/fstab` file](#etcfstab-file)
  20 |   - [`etc/crypttab` file](#etccrypttab-file)
  21 |   - [Troubleshooting Storage Issues](#troubleshooting-storage-issues)
  22 | - [Files and Directories](#files-and-directories)
  23 | - [Kernel Modules](#kernel-modules)
  24 | - [Linux Boot Process](#linux-boot-process)
  25 | - [System Components](#system-components)
  26 | - [Devices](#devices)
  27 | - [Networking](#networking)
  28 | - [Packages and Software](#packages-and-software)
  29 | - [Securing Linux Systems](#securing-linux-systems)
  30 |   - [Cybersecurity Best Practices](#cybersecurity-best-practices)
  31 |     - [Encryption](#encryption)
  32 |     - [Hashing](#hashing)
  33 |     - [Network Configurations](#network-configurations)
  34 |     - [Best Practices](#best-practices)
  35 |   - [Identify and Access Management (IAM)](#identify-and-access-management-iam)
  36 |     - [SSH](#ssh)
  37 |     - [Pluggable Auth Modules (PAM)](#pluggable-auth-modules-pam)
  38 |     - [Public Key Infrastructure (PKI)](#public-key-infrastructure-pki)
  39 |   - [SELinux and AppArmor](#selinux-and-apparmor)
  40 |   - [Firewalls](#firewalls)
  41 |   - [Logging Services](#logging-services)
  42 |   - [Backup, Restore, and Verify Data](#backup-restore-and-verify-data)
  43 |   - [Backup, Restore, Synchronize](#backup-restore-synchronize)
  44 |   - [Compressing Files](#compressing-files)
  45 |   - [Itengrity Checking](#itengrity-checking)
  46 | 
  47 | ## Intro
  48 | 
  49 | - Multiple-choice and performance-based questions
  50 | - CompTIA Linux+ Text Book?
  51 | - Choose answers that are MOST right in MOST situations
  52 | - Most questions don't need specific syntax but reaonsing (what tool? why the tool)
  53 | - [Official Exam Overview](<https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0)>)
  54 | - [Exam Objectives](https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0))
  55 | - Questions
  56 |   - Multiple Choice
  57 |   - [Performance-based](https://www.comptia.org/blog/what-is-a-performance-based-question#:~:text=Performance%2Dbased%20questions%20on%20the,hands%2Don%20experience%20more%20thoroughly.)
  58 |     - Simulations
  59 |     - Virtual environments
  60 | 
  61 | ## Preparation
  62 | 
  63 | - **Course**: *Udemy - CompTIA Linux+ Complete Course & Exam - Jason Dion*
  64 | - **Practice Exams** - *Udemy - CompTIA Linux+ Practice Exams - Jason Cannon*
  65 | - **Book** - *CompTIA Linux+ Study Guide - Richard Blum, Christine Breshahan*
  66 | 
  67 | ## Linux Installation
  68 | 
  69 | - Different distribution have different requirements
  70 | - Mind intended system function
  71 | - Plan appropriate partitioning strategies
  72 | - Virtual/Swap memory partition -> Swap space [2x RAM]
  73 | - Linux must at least 1 file system (ie. root: `/`)
  74 | - Multiple file system ensures recovery/backup if one file system messes up
  75 | - Hardware
  76 |   - Not all hardware work on all linux distributions
  77 |   - Hardware Compatibility List (HCL) - Database that stores hardware devices that distro supports
  78 |   - Storage drive
  79 |     - Check how many devices can be installed
  80 |     - Technology interface
  81 |     - Controller used
  82 |     - Capacity
  83 |   - CPU
  84 |     - Server desktop market
  85 |     - Clock rate
  86 |     - Cache size
  87 |     - Hyper-threading support
  88 |   - Memory
  89 |     - How much physical RAM is installed
  90 |     - DDR SDRAM Generation
  91 |   - Network Card
  92 |     - Maximum bandwidth
  93 |     - Network technology supported
  94 |   - Input Devices
  95 |     - Mouse
  96 |     - Keyboard
  97 |     - USB support
  98 |   - Monitor
  99 |     - Refresh rate range
 100 |     - Maximum pixel resolution
 101 |   - Display Adapter
 102 |     - Chipset
 103 |     - Video RAM
 104 |     - Connection Interfaces integrated into the CPU
 105 |     - Graphics card
 106 | - Boot
 107 |   - Removable Media
 108 |   - Install ISO on local drive (also with virtual machines)
 109 |   - PXE and NFS
 110 |     - Fileserver on network
 111 |     - When booted up, will grabs installation files from insatllation file server
 112 |     - Great for automatic linux installation and setup
 113 | - Installation of Linux
 114 |   - Each distro has a installation program
 115 | 
 116 | ### Install Linux in Virtual Machine with VirtualBox
 117 | 
 118 | - Download and install Oracle VirtualBox for your computer architecture
 119 |   - Link: TODO
 120 | - TODO
 121 | 
 122 | ## Linux Design Pilosophy
 123 | 
 124 | - **Open Source** - Freely download, modify, and redistribute
 125 |   - GNU General Public License
 126 |   - Apache
 127 |   - MIT
 128 |   - Creative Common
 129 | - Proprietry - Licensed software that has restrictions for usage
 130 | - Distros
 131 |   - Ubuntu, Debian, Fedora, Mint, Kali, etc
 132 |   - CentOS is lite version of RedHat Enterprise Linux
 133 | - Simplicity and modularity
 134 | - Linux has a steeper learning curve
 135 | - Typically not well-supported
 136 | - No definite/official version
 137 | - No official vendor-provided support
 138 | - All based on linux kernel
 139 |   - Distros add things to linux kernel
 140 | 
 141 | ## Command Line Interface (CLI)
 142 | 
 143 | - Instruction flow: User -> Shell -> Linux Kernel
 144 | - **sh** - Bourne shell (Original Unix)
 145 | - **bash** - Bourne-again shell
 146 | - Typical input: Command, Options, Arguments
 147 | - Basic commands
 148 |   - `ls` - list items
 149 |   - `cd` - change directory
 150 |   - `cp` - copies fiels or directiers
 151 |   - `mkdir` - make directory
 152 |   - `clear` - clear the screen
 153 |   - `cat` - view contents of file
 154 |   - `less` - view contents of file on one screen
 155 |   - ....
 156 | 
 157 | ### Getting Help
 158 | 
 159 | - `man` pages - details to CLI commands
 160 | - `apropos` - search the name of section of all man pages
 161 | - `whatis` - display a brief description of the given command
 162 | - `info` - display information page of a command (similar to man pages)
 163 | 
 164 | # Users and Groups
 165 | 
 166 | Three types of Linux user accounts:
 167 | 
 168 |   1. **root**
 169 | 
 170 | - Superuser
 171 | - Admin tasks
 172 |   - password reset,
 173 | - Provide security for some applications and commands
 174 | - More powerful than local admin on windows
 175 | - Do not log in as root user
 176 | - ID (uid) is always 0
 177 | 
 178 |   2. **standard**
 179 | 
 180 | - Regular system user
 181 |   - Runs applications
 182 |   - Configures databases
 183 |   - Creates websites
 184 |   - etc
 185 | - Should not be shared with anyone
 186 | - Exercise least privellage
 187 |   - Give users only as much access as needed to perform certain tasks
 188 | 
 189 |   3. **service**
 190 | 
 191 | - Specific to the service (ie. web server, database)
 192 | - No interactive login
 193 | - Run in background
 194 | - Often have configuration files
 195 | - Perform a single function (ie. printer service)
 196 | 
 197 | - Always log into system with non-privelaged user account
 198 | 
 199 | - Substitute/Switch User
 200 | 
 201 |   - `su`
 202 |     - Switch user creds
 203 |     - `su - someuser`
 204 |   - `su -root` / `sudo su` - Switches to creds to root user
 205 |   - `sudo`
 206 |     - Enables server admin to delegate commands to users without full privelages
 207 |     - User of this command must be in `/etc/sudoers` file -> `visudo` editor needed to edit
 208 |   - `sudoedit`
 209 |     - Permits a user to edit a file with own creds, even if only available to root user
 210 |     - Any member in `editors` group to edit file
 211 |     - `%editors ALL = sudoedit /path/to/file`
 212 |   - `visudo`
 213 |     - DO NOT edit `/etc/sudoers` file with standard text editors
 214 |     - This command also verifies `/etc/sudoers` syntax before committing changes
 215 |     - `-c` - Check sudoers file for errors
 216 |     - `-f` - Edit or check sudoers file in different location than default location
 217 |     - `-s` - Check sudoers file in strict mode
 218 |     - `-x` - Output sudoers file in JSON form
 219 | 
 220 | - "Wheel" group
 221 | 
 222 |   - Members exercise root priileges with less potential for damaging the system
 223 |   - Can use `sudo` command to avoid signing in as root user
 224 |   - TODO: More explanation
 225 | 
 226 | - Polkit (PolicyKit)
 227 | 
 228 |   - Controls system-wide privileges that allows non-privileged processes to
 229 |     communicate with privileged ones
 230 |   - Allows for fine-grained control
 231 |   - Uses policy files (XML) that defines what is and is not allowed
 232 |   - Used in modern Linux desktop environments (GNOME, KDE)
 233 |   - `pkexec` - Execute command with elevated privileges
 234 |     - `pkexec mkdir /Jason`
 235 |   - **NOTE**: `sudo` may be easier to use instead of `pkexec`
 236 |   - Examples:
 237 |     - TODO
 238 | 
 239 | ## Users: Create, Modify, and Delete
 240 | 
 241 | - Editing user accounts
 242 | 
 243 |   - `useradd [options] [username]`
 244 |     - Create new user account
 245 |     - Does not set a password for user account
 246 |     - `-c` - Full name of user
 247 |     - `-e` - Account expiration date
 248 |     - `-s` - Set default shell of created user
 249 |     - `-D` - View default configurations for new user (dry run)
 250 |   - `usermod`
 251 |     - Modify user account
 252 |     - Examples:
 253 |       - Change username: `sudo usermod --login my_new_username my_current_username`
 254 |       - Change user id: `sudo usermod --uid 7 ismet`
 255 |   - `userdel`
 256 |     - Delete a user account
 257 |     - **NOTE:** Doesn't automatically delete the user directory
 258 |     - Examples:
 259 |       - Delete user: `sudo userdel <USERNAME>`
 260 |       - Delete user with their home directory: `sudo userdel -r <USERNAME>`
 261 | 
 262 | - `passwd`
 263 |   - Used by `root` user to set or reset password for any user
 264 |   - A user can do this themselves
 265 |   - Set password for user
 266 |     - `sudo passwd <USERNAME>`
 267 |   - Lock/unlock user password
 268 |     - `sudo passwd --lock <USERNAME>`
 269 |     - `sudo passwd --unlock <USERNAME>`
 270 | 
 271 | - `/etc/passwd` file
 272 |   - File storing user account info
 273 |   - Does not contain actual passwords
 274 | 
 275 | - `/etc/shadow` file
 276 |   - Modern storage location for hashed passwords
 277 |   - Has additional account info
 278 |     - Username
 279 |     - Hashed password
 280 |     - Days since password changed
 281 |     - Days before password must be changed
 282 |     - Days until user is warned to change password
 283 |     - Days after password expires that account gets disabled
 284 |     - Days account has been disabled
 285 |     - Unused field for future use
 286 |   - Only root has access to this
 287 | 
 288 | - `chage`
 289 |   - Change user account and password expiry information
 290 |   - Change expiration of password
 291 |     - `sudo chage -E 2026/12/31` (<YEAR>/<MONTH>/<DAY>)
 292 |   - Information about user password (ie. exprirations)
 293 |     - `sudo chage -l <USERNAME>`
 294 | 
 295 | - `/etc/login.defs` file
 296 |   - Required file that defines the site-specific configuration for the shadow password suite.
 297 |   - Stores configurations for users accounts and groups
 298 |   - Configurations include:
 299 |     - Password aging controls
 300 |     - Min and max value for UID selection
 301 |     - Default umask
 302 |     - Encryption method used to encrypt passwords
 303 | 
 304 | ## Groups: Create, Modify, and Delete
 305 | 
 306 | - Groups simplify admin tasks
 307 | - Groups have a group id number (gid)
 308 | - Users can be part of more than one group
 309 | 
 310 | - Editing groups
 311 | 
 312 |   - `groupadd [options] {group names}`
 313 |     - Create a group
 314 |     - `-g` - With friendly name or id
 315 |     - `-f` - Exit with success if group already exists
 316 |     - `-o` - Allow group with non-unique group id
 317 |     - Does not create members or passwords
 318 |   - `groupmod`
 319 |     - Modify a group
 320 |     - `-g` - change group id
 321 |     - `-n` - rename group
 322 |   - `groupdel`
 323 |     - Delete a group
 324 |     - Will not delete user accounts that are members of the group
 325 |     - `gropudel [options] <GROUP NAME>`
 326 | 
 327 | - `/etc/group`
 328 |   - Group information for all groups
 329 |   - Each group has four pieces of info
 330 |   - Example entry: `adm:x:4:syslog,ismet`
 331 |   - `<NAME>:<PASSWORD>:<ID>:<LIST>`
 332 |     - NAME - User-friendly name of group
 333 |     - PASSWORD - Required to enter this group (`x` means password stored in `/etc/gshadow`)
 334 |     - ID - Unique ID of the group
 335 |     - LIST - User accounts that are members of group (new group has no members)
 336 | 
 337 | - Adding a user account to a group
 338 |   - `sudo usermod -aG <GROUPS> <USER>`
 339 |   - `-a` or `--append` - Append user to group
 340 |   - `-G` or `--groups` - List of groups (comma separated)
 341 | 
 342 | ## Query Users and Groups
 343 | 
 344 | - `whoami`
 345 | 
 346 |   - Display the username of currently logged in user
 347 | 
 348 | - `who [options]`
 349 | 
 350 |   - Details of users currently logged in
 351 |   - `-u` - User idle time (`.` currently active user, `old` inactive for over 24 hours)
 352 |   - `am i` - Only information about user who ran the command
 353 | 
 354 | - `w [options] <username>`
 355 | 
 356 |   - Disdplay the details of users that are currently logged in to a system an their transactions
 357 |   - Output first line - Status of the system
 358 |   - Output second line - Table column list of users logged in the system
 359 |   - Output last column - Current activities of the users
 360 | 
 361 | - `last [options]`
 362 | 
 363 |   - Displays the history of user login and logout actions
 364 |   - Actual time and date
 365 |   - Retrieves info from the `/var/log/wtmp` file
 366 |   - Essentially what commands were run recently on a given system
 367 |   - `last 1` - Filter users logged into the first terminal
 368 | 
 369 | - `id [opstions] <username>`
 370 | 
 371 |   - Display user ID (uid) and group ID (gid) info
 372 |   - No options passed - Displays info about user currently logged in
 373 |   - Passing `<username>` will show the info about specific user
 374 | 
 375 |   - ```bash
 376 |     uid=1000(ismet) gid=1000(ismet) groups=1000(ismet),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpad
 377 |     min),134(lxd),135(sambashare),137(docker)
 378 |     ```
 379 | 
 380 | ## Account Profile
 381 | 
 382 | - Allow users to customize their profile and settings
 383 | - User files eventually are within the user's home directory (ie. `/home/<USER>/`)
 384 | - Files are unique to each users
 385 | - Files starting with `.` are considered hidden files
 386 | 
 387 | - `.bashrc`
 388 | 
 389 |   - Enables customization of the user's own bash environment
 390 |   - Can specify command aliases here with `alias`
 391 |   - Create environment variable
 392 |   - Set default directories and file permissions
 393 |   - Change default command prompt
 394 | 
 395 | - `.bash_profile`
 396 | 
 397 |   - Provides the shell configuration for the initial login environment
 398 |   - Settings for all users' interactive shells
 399 |   - This file is read with first login *prior* of using the `.bashrc`
 400 |   - Effectively part of `/etc/skel`
 401 |   - System-wide settings
 402 | 
 403 | - `/etc/skel/` *(directory)*
 404 | 
 405 |   - When new user is created, content of this directory is coppies into
 406 |     user's default home directory
 407 |   - Any files added after user creation to `/etc/skel` will not be copied over
 408 | 
 409 | - `/etc/profile`
 410 | 
 411 |   - Provides system-wide **environment variables** that are used to apply
 412 |     certain settings to user accounts
 413 |   - Only run at login
 414 | 
 415 | - `/etc/profile.d` *(directory)*
 416 | 
 417 |   - Storage location for scripts that admins may use to set
 418 |     additional system-wide variables
 419 |   - Set environment variables via scripts contained in this directory
 420 |     rather than editing `/etc/profile` directly for better control
 421 | 
 422 | - `/etc/bashrc`
 423 |   - System-wide configuration changes specific to bash settings
 424 |   - Bash settings for command-line environment
 425 |   - May also be `/etc/bash.bashrc`
 426 | 
 427 | # Permissions and Ownership
 428 | 
 429 | ## File and Directory Permissions
 430 | 
 431 | - Permission
 432 | 
 433 |   - Access rights assigned to users that enable them to access
 434 |     or modify files and directories
 435 |   - Can be set at different levels and contexts
 436 |   - Who is allowed and restricted to access objects
 437 |   - Least privellage - Ony access what they need to access and nothing more
 438 | 
 439 | - `ls -l`
 440 | 
 441 |   - See all files and directories with their access permissions
 442 | 
 443 |   - ```bash
 444 |     drwxrwxr-x 2 ismet ismet    4096  Nov 20 20:19 .
 445 |     drwxrwxr-x 3 ismet ismet    4096  Nov 13 09:46 ..
 446 |     -rw-rw-r-- 1 ismet learners 11324 Nov 20 20:25 NOTES.md
 447 |     -rw-rw-r-- 1 root  hackers  1135  Nov 21 17:25 important.blah
 448 |     ```
 449 | 
 450 |   - Column 1 - Permission attribute string (ie. `-rw-rw-r--`)
 451 |   - Column 2 - Number of links to that file/directory
 452 |     - For directories it's number of sub-directories plus 2 (`.` and `..`)
 453 |     - Links are similar to shortcuts in windows
 454 |   - Column 3 - User Owner (ie. `ismet`)
 455 |   - Column 4 - Group granted access by admin (ie. `hackers`)
 456 |   - Column 5 - Size in bytes
 457 |   - Column 6 - Datetime file was created or modified
 458 |   - Column 7 - Name of file/directory
 459 | 
 460 | - **Permission Attributes**
 461 | 
 462 |   - Define what user are allowed to do in a particular file or directory
 463 |   - Depends if file or directory
 464 |   - Files
 465 |     - `r` - read - Access and view content
 466 |     - `w` - write - Ability to save changes / write to file
 467 |     - `x` - execute - Run script/program/software
 468 |   - Directories
 469 |     - `r` - read - List directory content
 470 |     - `w` - write - Create, rename, delete files
 471 |     - `x` - execute - Access directory and execute file from that directory or perform task
 472 | 
 473 | - **Permission Contexts**
 474 | 
 475 |   - Permission attributes apply to one of three contexts
 476 |   - `u` - owner - Owner of file or directory (a user). Can only do things that effect themselves
 477 |   - `g` - group - File or directory group. All users that belong to group have permissions
 478 |   - `o` - other - All other users. Not the owner and not the group member
 479 | 
 480 | - **Permission String**
 481 | 
 482 |   - Examples:
 483 |     - For File: `-rw-rw-r--`
 484 |     - For Directory: `drwxrwxr-x`
 485 |   - 11 characters long
 486 |     1. Type of file
 487 |        - `d` - directory
 488 |        - `-` - file
 489 |     2. Owner Permission - read (r)
 490 |     3. Owner Permission - write (w)
 491 |     4. Owner Permission - execute (x)
 492 |     5. Group Permission - read (r)
 493 |     6. Group Permission - write (w)
 494 |     7. Group Permission - execute (x)
 495 |     8. Other Permission - read (r)
 496 |     9. Other Permission - write (w)
 497 |     10. Other Permission - execute (x)
 498 |     11. Access method for the file
 499 |         - `.` - SELinux security context
 500 |         - `+` - Alternative access methods
 501 | 
 502 | - **Changing Permissions**
 503 | 
 504 |   - `chmod [options] {mode} {file/directory name}`
 505 |   - Enables the item owner or system admin (root) to modify the permissions of a file or directory
 506 |   - `-c` - Report changes
 507 |   - `-f` - Hide error messages
 508 |   - `-v` - Display diagnostic entry
 509 |   - `-R` - Recursively modify permissions
 510 |   - Supports two different modes:
 511 |     1. **Symbolic**
 512 |     2. **Absolute**
 513 |   - **chmod: Symbolic Mode**
 514 |     - `chmod {context}{operators}{attributes} {file/dir names}`
 515 |     - Example:
 516 |       - `chmod u+rw my_dir` - Give user rights to read and write
 517 |       - `chmod g-x my_file` - Remove exeuteable rights from group
 518 |     - Context - `u/g/o/a` - user/group/other/all ("who is affected")
 519 |     - Operators - `+/-/=` - grant/deny/exactly assign
 520 |     - Attributes - `r/w/x` - read/write/execute ("what can they do")
 521 |   - **chomd: Absolute Mode**
 522 |     - `chmod {number} {file/dir names}`
 523 |     - Uses octal (base-8) numbers to specify permissions
 524 |     - Each permission has a number associated with it, add up to get permission
 525 |       - `4` - read
 526 |       - `2` - write
 527 |       - `1` - Execute
 528 |     - Example:
 529 |       - `7` -> `421` -> read, write, execute
 530 |       - `6` -> `42` -> read, write
 531 |     - Complete final permission is a three-digit number that corresponds to
 532 |       the owner, group, and others (ie, `774`)
 533 |       - First digit: user
 534 |       - Second digit: group
 535 |       - Third digit: other
 536 |     - Example: `752`
 537 |       - `7` - user - read, write, execute
 538 |       - `5` - group - read, execute
 539 |       - `2` - othes - write
 540 | 
 541 | - `umask`
 542 |   - Used to set the default permissions for newly created files and directories
 543 |   - Manage read/write/execute permissions that are masked out (restricted) for
 544 |     newly created files by the user
 545 |   - Default Permissions: By default, Linux sets permissions for new files to
 546 |     666 (read and write for everyone) and for directories to
 547 |     777 (read, write, and execute for everyone).
 548 |   - `umask` acts like a filter. It subtracts permissions from the default set.
 549 |     So, if you set a umask of 022, it removes write permissions for the group
 550 |     and others. This means new files will have 644 (read and write for the
 551 |     owner, read-only for group and others) and directories will have
 552 |     755 (read, write, and execute for the owner, read and execute for group
 553 |     and others).
 554 |   - Can be set in `.bashrc` or `.bash_profile`
 555 |   - `umask -S` - Display symbolic value
 556 |   - `umask [mask]` - Setting umask for file and dir
 557 |   - Difference between `chmod` and `umask`
 558 |     - `umask` changes *default* permissions for *newly* created files and directories
 559 |     - `chmod` sets permissions on files and directories that *already exist*
 560 |   - Examples:
 561 |     - `umask a+r` - Take away read for all
 562 |     - `umask 020` - Take away write from group
 563 |     - `umask 077` - Take away read, write, and execute from group and other
 564 | 
 565 | ## File and Directory Ownership
 566 | 
 567 | - Ownership
 568 |   - Property by which a user can apply and modify the permissions
 569 |     of a file or directory
 570 | - Only the superuser (root user) can change the permissions of an object
 571 |   owned by others
 572 | - Every file is owned by specific user and specific group
 573 | 
 574 | - **Changing Ownership**
 575 |   - `chown`
 576 |     - Change the owner and/or the group of a file or directory
 577 |     - `chown {username}:{group name} {file/directory name}`
 578 |     - `chown {username}:{group} {file/directory name}` - Change user and group owner
 579 |     - `chown {username} {file/directory name}` - Change user owner
 580 |     - `chown :{group name} {file/directory name}` - change group only
 581 |     - `chown {username}: {file/directory name}` - Change user owner and assign to user owner login group
 582 |     - `-R` - Recuirsively change ownership throughout directory structure
 583 | 
 584 |   - `chgrp`
 585 |     - Change group ownership of a file or directory
 586 |     - `chgrp {group name} {file/directory name}`
 587 | 
 588 | ## Special Permissions and Attributes
 589 | 
 590 | - Special permission - Less privileged users are allowed to execute a file
 591 |   by assuming the privileges of the file's owner or group
 592 | 
 593 | - Set user ID (SUID)
 594 |   - User is allowed to have similar permissions as the
 595 |     owner of the file
 596 |   - When a file has the setuid bit set, any user who runs that file will
 597 |     have the file executed with the permissions of the file's owner, not
 598 |     the user who ran the file.
 599 | - Set group ID (SGID)
 600 |   - User is allowed to have similar permissions as the
 601 |     group owner of the files and directories
 602 | 
 603 | - `ls -la` - Determining SUID/SGID
 604 | - Files can have one or more *attributes* set that define how the system
 605 |   interacts with them
 606 | 
 607 | - Can use `chmod` in symbolic (+s) or absolute mode
 608 |   - SUID Symbolic: `chmod u+s {filename}`  (Use `-` to remove)
 609 |   - SUID Absolute: `chmod 4### {filename}`  (Use `0###` to remove)
 610 |   - SGID Symbolic: `chmod g+s {directory name}`
 611 |   - SGID Absolute: `chmod 2### {directory name}`
 612 | 
 613 | - **Sticky Bit** (`+t`)
 614 |   - Special permission bit that protects files in a directory
 615 |   - Must be applied to the directory
 616 |   - Users may be able to write and execute, but can't delete items
 617 |   - Symbolic: `chmod +t {directory name}`
 618 |   - Absolute: `chmod 1### {directory name}`
 619 | 
 620 | - **Immutable Flag (`+i`)**
 621 |   - Attribute of a file or directory that prevents it from being modified
 622 |     (even by the root user)
 623 |   - Useful for fiels that are highly sensitive and important
 624 |   - File:
 625 |     - Set: `chattr +i /path/to/file`
 626 |     - Unset: `chattr -i /path/to/file`
 627 |   - Directory:
 628 |     - Set: `chattr +i -R /path/to/directory`
 629 |     - Unset: `chattr -i -R /path/to/directory`
 630 | 
 631 |   - `lsattr`
 632 |     - List the attributes of a file or directory
 633 |     - `lsattr [options] {file or directory name}`
 634 |     - `-R` - Recuirsively list attributes of items
 635 |     - `-a` - List all files
 636 |     - `-d` - List directories
 637 |     - `-v` - List file's version number
 638 | 
 639 |   - `chattr`
 640 |     - Used to change the attributes of a file or directory
 641 |     - `chattr [-R] [-v {version}] [+-{attributes}] {file or directory name}`
 642 |     - `-R` - Recursively change attributes
 643 |     - `-v` - Set file version number
 644 |     - `+I` - Mark file as read-only and immutable
 645 |     - `-I` - Remove read-only
 646 | 
 647 | ## Access Control Lists (ACLs)
 648 | 
 649 | - Enable a more granular level of control than simply using file permissions
 650 | - Can set access to multiple groups on one directory
 651 | 
 652 | - `getfacl`
 653 |   - Useful when retrieveing the ACLs of files and directories
 654 |   - Will show any permission attributes with object
 655 | 
 656 | - `setfacl`
 657 |   - Change the permissions associated with the ACL of a file or directory
 658 |   - `setfacl [-bR] [-mx {acl_spec}] {file/directory name}`
 659 |   - `-r` - Recuirsively set ACL options
 660 |   - `-S` - Set ACL
 661 |   - `-m` - Modify existing ACL
 662 |   - `-x` - Remove entries from existing ACL
 663 |   - `-b` - Remove all entries except standard permissions
 664 |   - acl_spec
 665 |     - Users: u:{username}: {permissions}
 666 |     - Group: g:{group name}: {permissions}
 667 |   - Example:
 668 |     - `sudo setfacl -R -m g:My-Group:r /My-Dir`
 669 | 
 670 | ## Troubleshooting Permissions Issues
 671 | 
 672 | - CompTIA Troubleshooting steps
 673 |   1. Identify the problem
 674 |   2. Establish theory of probable cause
 675 |   3. Test the theory to determine the cause
 676 |   4. Establish an action plan
 677 |   5. Implement the solution
 678 |   6. Verify full system functionality
 679 |   7. Document findings, actions, and outcomes
 680 | 
 681 | - `ls -la` - Check permissions and ownership
 682 | - `groups {username}` - Check user's group membership
 683 | - `usermod` - Change group membership
 684 | - `lid`, `liduser-lid`
 685 |   - Retrieve all members of a group
 686 | - `getent`
 687 |   - Retrieve group members (or services) of non-standard authentication methods
 688 |   - `getent group`, `getent services`
 689 | 
 690 | - Critical steps
 691 |   1. Follow troubleshooting strategy
 692 |   2. Verify permissions and ownership (ie. `ls -la`)
 693 |   3. Verify special permissions are set properly (ie. sticky bits, immutable flags)
 694 |   4. Ensure proper owner and owning group set
 695 | 
 696 | # Storage
 697 | 
 698 | ## File Systems
 699 | 
 700 | - Types of storage devices
 701 |   - Block Devices - Read/Write in blocks of data (e.g., hard drives, solid-state devices)
 702 |   - Character Devices - Read/Write character streams of data (e.g., keyboards, mice, serial ports)
 703 | - File System
 704 |   - Data structure used by an operating system to store, retrieve, organize, and manage files
 705 |       and directories on storage devices
 706 |   - Supported Linux file systems
 707 |     - `FAT` - File allocation Table - Older file system, used for compatibility
 708 |     - `ext2` - Used to be native linux file system on older releases
 709 |     - `ext3` - Faster in recovering data and better ensures data integrity of abrupt system shutdowns
 710 |     - `ext4` - Supports volumes up to 1 exabyte and files up to 16 terabytes in size
 711 |     - `XFS` - 64-bit, high-performance journaling file system that provides fast recovery and can handle large files efficiently
 712 |     - `BTRFS` - Modern filesystem. Supports volumes up to 16 exabytes in size and up to 18 quintillion files on each volume
 713 |   - File system protocols
 714 |     - Server Message Block (SMB)
 715 |       - Allows users to have access to files over the local network
 716 |       - Server-client architecture
 717 |       - Better for mixture of windows and linux filesystems
 718 |       - Microsoft Windows supports SMB by default
 719 |     - Common Internet File system (CIFS)
 720 |       - Some linux distribution refer to SMB as CIFS
 721 |       - Version of SMB, rarely in use today, replaced by later versions
 722 |     - Network File System (NFS)
 723 |       - Better for all linux networks and filesystems
 724 |       - Not supported by Microsoft Windows by default
 725 |   - Index Node (Inode)
 726 |     - Stores metadata about a file or directory on a file system
 727 |     - Can included time-based values (created, modified, etc), permission and ownership info,
 728 |     - Determine filesystem ionodes:
 729 |       - `df -i <PATH>`
 730 |   - Virtual File System (VFS)
 731 |     - Filesystem created as interface between kernel and real file system
 732 |     - Translates real file system details to kernel
 733 |     - Can mount many file systems on OS, and will appear uniform to system and applications
 734 |     - File system labels are used for easy identification and many be up to 16 characters long
 735 |     - Labels can be displayed or changed using the following commands
 736 |       - `e2label` - ext-based file system
 737 |       - `xfs_admin` - XFS-based file system
 738 | 
 739 | ## Partitioning
 740 | 
 741 | - Partition - A section of the storage drive that logically acts as a separate drive
 742 | 
 743 | - 3 Types of partitions
 744 |     1. Primary
 745 |         - Contains one file system or logical drive and is sometimes referred to as a volume
 746 |         - Examples:
 747 |             - swap file system - Used as buffer for actual physical memory
 748 |             - boot partition
 749 |     2. Extended
 750 |         - Contains several file systems, which are referred to as logical drives
 751 |         - Does not contain data
 752 |         - Has separate partition table
 753 |     3. Logical
 754 |         - Partitioned and allocated as an independent unit and functions as a separate drive
 755 | 
 756 | - Modifying partitions
 757 |   - `fdisk`
 758 |     - Used to create, modify, or delete partitions on a storage drive
 759 |     - `-b` - Number of drive sectors
 760 |     - `-H` - Number of drive heads
 761 |     - `-S` - Number of sectors per track
 762 |     - `-s` - Print partition size in blocks
 763 |     - `-l` - List partition tables for devices
 764 |     - Within the `fdisk` menu:
 765 |       - `n` - Create new partitions
 766 |       - `d` - Remove partition
 767 |       - `p` - List exixsting partitions
 768 |       - `w` - Write drive changes and exit utility
 769 |       - `q` - Cancel changes made and exit utility
 770 |   - `partprobe`
 771 |     - Update the kernel with changes that now exist within the partition table
 772 |     - If there are any changes, kernel is updated with those changes
 773 |     - Used after using `fdisk` or `parted`
 774 |     - Examples:
 775 |       - Update all: `partprobe`
 776 |       - Update added new partition: `partprobe /dev/sdb`
 777 |       - Only do dry run: `partprobe --dry-run`
 778 |   - `mkfs`
 779 |     - Build a Linux file system on a device, which is usually a drive partition
 780 |     - Typically used like this: `mkfs.<FILE_SYSTEM_TYPE>`
 781 |       - Examples: `mkfs.xfs /dev/sdb`, `mkfs.ext4 /dev/sdb2`
 782 |       -
 783 |     - `-v` - Produce verbose output - Program process
 784 |     - `-V` - Produce verbose output - All file system-specific commands executed
 785 |     - `-t {fs type}` - Specify type of file system to build
 786 |     - `fs -options` - Pass system-specific options to the file system builder
 787 |     - `-c` - Check the device for bad blocks before building the file system
 788 |     - `-l {filename}` - Read the list of bad blocks from a specific file
 789 |     - Can run it two ways
 790 |             1. `mkfs [options] {device name}`
 791 |             2. `mkfs {file system type} [options] {device name}`
 792 |   - `parted`
 793 |     - Partition manipulation program
 794 |     - Create, destroy, and resize partitions
 795 |     - Runs GNU parted utility
 796 |     - Can use interactive mode (ie. `sudo parted`)
 797 |       - `select` - choose device or partition to modify
 798 |       - `mkpart` - Create partition with file system type specified
 799 |       - `print` - List partition table
 800 |       - `resizepart` - Resize and modify a partition's end position
 801 |       - `rm` - Delete partition
 802 |       - `quit` - Quite interactive mode
 803 |     - Example:
 804 |       - Open interactive mode: `parted /dev/sdb`
 805 |       - `mkpart` -> Enter partition items
 806 | 
 807 | ## `/etc/fstab` file
 808 | 
 809 | - "File system table"
 810 | - Stores info about storage devices and partitions and where and how they should be mounted
 811 | - Config file that controls how file systems are treated when they are introduced to a system
 812 | - Read by system during boot up process
 813 | - Only edited by `root` user
 814 | - Each line in this file has 6 fields:
 815 | 
 816 |   - ```
 817 |       <file system> <mount point> <type> <options> <dump> <pass>
 818 |       ```
 819 | 
 820 |   - File system - Name of the device (UUID) or file system to mount (`/mnt/something`)
 821 |   - Mount Point - Where to mount file system (ie. `/home`)
 822 |   - File system type - Type of file system (ie. `ext4`, `swap`) (Partition ID: 82)
 823 |   - Options - Comma-seperated options that will be activated when the file system is mounted
 824 |   - Dump - If the dump utility should back up file system (0 or 1)
 825 |   - Pass - fsck options. Order in which `fsck` utility should check file system
 826 | 
 827 | ## `etc/crypttab` file
 828 | 
 829 | - Information about encrypted devices and partitions that must be unlocked and mounted
 830 |   on system boot
 831 | - Encrypted block devices that are set up during system boot
 832 | 
 833 | - ```
 834 |   <volume-name> <encrypted-device> <key-file> <options>
 835 |   ```
 836 | 
 837 | ## Overall process for setting up storage on linux machines
 838 | 
 839 | 1. Partition storage device (ie. `fdisk`, `parted`)
 840 | 2. Format partition with a file system (ie. `mkfs`)
 841 | 3. Add formatted partition to `/etc/fstab` file
 842 | 
 843 | ## `/dev` directory
 844 | 
 845 | - Special file that contains details about all the files and subdirectories housed within it
 846 | - Everything in linux is treated as a file, even file systems
 847 | 
 848 | ## Storage Device Naming
 849 | 
 850 | - `/dev/sda1` - Controller-based naming
 851 |   - `sd` - Type of controller
 852 |   - `a` - First whole physical drive (`a`, `b`, etc)
 853 |   - `1` - First partition on drive (`1`, `2`, etc)
 854 | - `/dev/disk/by-id/<DEVICE_ID>`
 855 |   - Device's hardware serial number
 856 |   - Examples:
 857 |     - `/dev/disk/by-id/nvme-eui.6479a765c13012c5-part1`
 858 |     - `/dev/disk/by-id/nvme-ESE2A047-M24_NVMe_Phison_1024GB_1782073611ED00110458-part8`
 859 | - `/dev/disk/by-path/<PHYSICAL PATH`
 860 |   - Shortest physical path to the device
 861 |   - Example:
 862 |     - `/dev/disk/by-path/pci-0000:00:0e.0-pci-10000:e1:00.0-nvme-1-part1`
 863 | - `/dev/disk/by-uuid/<DEVICE UUID>`
 864 |   - Universally unique identifier (UUID)
 865 |   - Example:
 866 |     - `/dev/disk/by-uuid/5cb09b2f-53d2-4f43-a292-8ebe4d65371g`
 867 | - Other naming:
 868 |   - `/dev/disk/by-label/<DEVICE_LABEL>`
 869 | 
 870 | ## Special character devices in `/dev`
 871 | 
 872 | - `/dev/null`
 873 |   - Virtual device that discards anything you send or redirect into it
 874 |   - Ie. a big black hole for data
 875 |   - Example usage:
 876 |     - Discard output: `echo "hello" > /dev/null`
 877 |     - Suppress errors: `touch file 2> /dev/null`
 878 | - `/dev/zero`
 879 |   - Returns a null character anytime you read from it
 880 |   - Send back the ASCII null character of 0x00
 881 |   - Example usage:
 882 |     - Sanitize hard drive: `dd if=/dev/zero of=/dev/sda1 bs=1GB count=1024`
 883 | - `/dev/urandom`
 884 |   - Returns a randomized series of pseudorandom numbers
 885 |   - Example usage:
 886 |     - Get 5 random characters: `head -c 5 /dev/urandom`
 887 |     - Generate secure token: `dd if=/dev/urandom  count=1 bs=128 | sha512sum`
 888 | 
 889 | ## RAID (Redundant Array of Independent or Inexpensive Disks)
 890 | 
 891 | - Way of storing the same data in different places on multiple physical disks
 892 |   to protect data in the case of a drive failure.
 893 | - RAID arrays appear to the OS as a single logical drive
 894 | - Techniques used in RAID:
 895 |     1. Striping
 896 |         - Combines multiple smaller physical disks to logical act as a single largert disk
 897 |         - Used to combine physical storage into one single logical storage
 898 |     2. Mirroring
 899 |         - Combines two physical hard drives into a single logical volume where an
 900 |           identical copy of everything is put on both drives
 901 |     3. Parity
 902 |         - Used for fault tolerance by calculating the data in two drives and storing
 903 |           the results on a different drive
 904 |         - Storing information used to reconstruct the data
 905 |         - If you know the value of any two of the three items, you can calculate the third
 906 | - RAID is classified with levels (ie. 0, 1, ..., 10):
 907 |   - <https://en.wikipedia.org/wiki/Standard_RAID_levels>
 908 |   - RAID 0
 909 |     - Striping
 910 |     - Each drive holds half of the data
 911 |     - Speed boost
 912 |     - No loss of disk space
 913 |     - BUT no data redundancy!
 914 |   - RAID 1
 915 |     - Mirroring
 916 |     - Disks have same data
 917 |     - Data redundancy
 918 |     - BUT loss of space!
 919 |   - RAID 5 *(Most popular)*
 920 |     - Striping and Parity
 921 |     - Data redundancy and pairty
 922 |     - Need at least 3 disks (need at least 2 disks to compute the parity on the other disk)
 923 |     - Can lose 1 drive and still calculate based on remaining 2
 924 |     - More efficient to create RAID 5, in terms of space, than RAID 1 using a
 925 |           mirrored array
 926 |   - RAID 6
 927 |     - Striping and DUAL Parity
 928 |     - Need at least 4 disks
 929 |     - Can lose 2 drives and still calculate based on remaining 2
 930 |   - RAID 10
 931 |     - Mirroring and Striping
 932 |     - "RAID of RAIDS"
 933 |     - Need at least 4 disks
 934 |     - Drives come in disk pairs to be stripped, then the stripped
 935 |           disk pair is mirrored to another disk pair
 936 |     - Benefit of RAID 0 and RAID 1
 937 |     - Losing half of disk space
 938 | 
 939 | - `/proc/mdstat` file
 940 |   - Contains a snapshot of the kernel's RAID/md state
 941 |   - Shows what RAID levels can be supported by kernel
 942 |   - Shows active RAID arrays with participating disk drives
 943 |   - Shows disk status (ie. `[UUU_]` -> Up Up Up Down)
 944 | 
 945 | ## Logical Volume Manager (LVM)
 946 | 
 947 | - Device Mapper - Creates virtual device and passes data from that virtual device
 948 | to one or more physical devices.
 949 | 
 950 | - DM-Multipath - Linux kernel feature that rrovides redundancy and improved
 951 | performance for block storage devices.
 952 |   - If one path fails, it will switch to other remaining paths
 953 | 
 954 | - `mdadm`
 955 |   - Tool used to create and manage software- based RAID arrays
 956 |   - Create manage and monitor RAID arrays
 957 |   - Data is in multiple different storage devices
 958 |   - Alternative to using device mapper and DM-Multipath
 959 | 
 960 | - LVM maps whole *physical devices* and partitions into one or more virtual containers
 961 |   called *volume groups*
 962 | 
 963 | - Within *volume groups* there are one or more *logical volumes* that the system/user/apps
 964 |   interact with
 965 | 
 966 | - Can dynamically create, delete, and resize volumes without system reboot
 967 | 
 968 | - Can map logical volumes across multiple physical devices
 969 | 
 970 | - Create virtual snapshots of each logical volume
 971 | 
 972 | - `/dev/mapper`
 973 |   - Shows all logical volumes on given system managed by LVM
 974 |   - Typically named: `/dev/mapper/<VOLUME_GROUP_NAME>-<LOGICAL_VOLUME_NAME>`
 975 | 
 976 | - Tools for LVM ([Documentation](https://linux.die.net/man/8/lvm))
 977 |     **NOTE:** Exam will not ask for each and every one of these commands
 978 |     1. Physical volume tools
 979 |         - `pvscan` - Scan for all physical devices being used as physical volume
 980 |         - `pvcreate`  - Initialize a drive or parittion to use as a phsycial volume
 981 |         - `pvdisplay` - Lists attributes of physical volumes
 982 |         - `pvchange` - Changes attributes of a physical volume
 983 |         - `pvs` - Displays info about physical volumes
 984 |         - `pvck` - Check metadata of physical volumes
 985 |         - `pvremove` - Removes physical volumes
 986 |     2. Volume group tools
 987 |         - `vgscan` - Scan for all phsycial devices for volume groups
 988 |         - ...
 989 |     3. Logical volume tools
 990 |         - ...
 991 | 
 992 | ### Typical LVM Step Process
 993 | 
 994 | 1. Connect/Create physical disk
 995 | 2. Partition the drive
 996 | 3. Add the new physical volume `pvcreate`
 997 | 4. Create new volume group **OR** add physical volume to existing volume group
 998 | 5. Create a new logical volume **OR** Extend existing logical volume to unused physical volume
 999 | 
1000 | Example:
1001 | 
1002 | - Create physical volume
1003 |   - `pvcreate /dev/sdb1`
1004 | - Show details
1005 |   - `pvscan`
1006 |   - `pvdisplay`
1007 | - Create a new "backup" volume group using the physical volume
1008 |   - `vgcreate backup /dev/sdb1`
1009 | - Show details
1010 |   - `vgscan`
1011 |   - `vgdisplay`
1012 | - Create two logical volumes in "backup" volume group
1013 |   - `lvcreate --name sys_backup --size 2GB backup`
1014 |   - `lvcreate --name data_backup --size 2GB backup`
1015 | - Show details
1016 |   - `lvscan`
1017 |   - `lvdisplay`
1018 | - Extend one logical volume by 3GB
1019 |   - `lvextend --size +3GB /dev/backup/data_backup`
1020 | - Create filesystems on new logical volumes:
1021 |   - `mkfs.xfs /dev/backup/sys_backup`
1022 |   - `mkfs.ext4 /dev/backup/data_backup`
1023 | 
1024 | ## Mounting File Systems
1025 | 
1026 | - Mounting file system makes it available for users
1027 | - Mount Point
1028 |   - Access point that is typically an empty directory wher ea file system is loaded
1029 |       or mounted to make it accessible to users
1030 |   - `/dev/sda`
1031 |     - `/dev/sda1` mounted on `/`
1032 |     - `/dev/sda3` mounted on `/home`
1033 |     - `/dev/sda5` mounted on `/var`
1034 | 
1035 | - `mount`
1036 |   - Command that loads a file system to a specified directory to make it
1037 |       accessible to users and applications
1038 |   - `mount [options] {device name} {mount point}`
1039 |   - Options:
1040 |     - `auto` - Device must be mounted automatically
1041 |     - `noauto` - Device should not be mounted automatically
1042 |     - `nouser` - Only the boot user can mount a device or a file system
1043 |     - `user` - All users can mount a device or a file filesystem
1044 |     - `exec` - Allow binaries/executables in the file system to be executed
1045 |     - `noexec` - Prevent binaries in a file system from being executed
1046 |     - `ro` - Mount file system as read only
1047 |     - `rw` - Mount file system as read or write
1048 |     - `sync` - Input and output operations should be done synchronously
1049 |     - `async` - Input and output operations should be done asynchronously
1050 | 
1051 | - `umount`
1052 |   - Disassociate a mounted file system from the directory
1053 |   - File system cannot be in use (any files open)
1054 |   - `umount [options] {mount point}`
1055 |   - Options:
1056 |     - `-f` - Force unmount a file system
1057 |     - `-l` - Lazy unmounting. References to file system cleaned up once file system is not in use
1058 |     - `-R` - Recuirsively unmounts mount points (ie. `/dev`)
1059 |     - `-t {type}` - Only unmount specific file system types (ie. `ext4`)
1060 |     - `-O` - Unmount file systems in `/etc/fstab`
1061 |     - `-fake` - Test the unmounting procedure (dry run)
1062 | 
1063 | - Example usage:
1064 |   - Make a directory to mount file system to
1065 |     - `sudo mkdir -p /backup/sys`
1066 |   - Mount logical volume
1067 |     - `sudo mount /dev/backup/sys_backup /backup/sys`
1068 |   - Show mounted file systems
1069 |     - `mount`
1070 |   - Unmount
1071 |     - `sudo umount /dev/backup`
1072 |   - Ensure mounting on system boot
1073 |     - Edit: `sudo vim /etc/fstab`
1074 |     - Add: `/dev/backup/sys_backup /backup/sys xfs defaults 0 0`
1075 |     - Save and exit VIM with :x
1076 |     - Test mount fstab: `sudo mount -a`
1077 | 
1078 | - Other mounting options
1079 |   - `systemd.mount`
1080 |     - Can be used to create a new mount unit to mount the file system
1081 |     - Add unit to `/etc/systemd/system/`
1082 |     - Example: `/etc/systemd/system/var-lib-docker.mount`
1083 |     - Then: `systemctl enable var-lib-docker.mount`
1084 | 
1085 |   - Filesystem in USERspace (FUSE)
1086 |     - Lets non-privileged users create own file system without editing the underlying
1087 |           kernel code
1088 |     - Can be used for local interaction of cloud-based storage
1089 | 
1090 | ## Managing File Systems
1091 | 
1092 | - `/etc/mtab` file
1093 |   - Reports the status of currently mounted file systems
1094 |   - `/proc/mounts` - More accurate and includes more up-to-date file system info
1095 | 
1096 | - `/proc/partitions` file
1097 |   - Contains info about each partition attached to the system
1098 |   - Example contents:
1099 | 
1100 |         ```txt
1101 |         major minor  #blocks  name
1102 |          259        0 1000204632 nvme0n1
1103 |          259        1     245760 nvme0n1p1
1104 |          259        2     131072 nvme0n1p2
1105 |          259        3  585253888 nvme0n1p3
1106 |         ```
1107 | 
1108 | - `lsblk`
1109 |   - Display info about block storage devices available on the system
1110 |   - `lsblk -a` example output:
1111 | 
1112 |         ```txt
1113 |         NAME         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
1114 |         sda            8:0    1     0B  0 disk 
1115 |         sdb            8:16   1     0B  0 disk 
1116 |         nvme0n1      259:0    0 953.9G  0 disk 
1117 |         ├─nvme0n1p1  259:1    0   240M  0 part /boot/efi
1118 |         ├─nvme0n1p2  259:2    0   128M  0 part 
1119 |         ├─nvme0n1p3  259:3    0 558.1G  0 part 
1120 |         ├─nvme0n1p4  259:4    0     1G  0 part 
1121 |         ├─nvme0n1p5  259:5    0  16.9G  0 part 
1122 |         ├─nvme0n1p6  259:6    0   1.5G  0 part 
1123 |         ├─nvme0n1p7  259:7    0   954M  0 part 
1124 |         ├─nvme0n1p8  259:8    0   954M  0 part 
1125 |         ├─nvme0n1p9  259:9    0  44.7G  0 part /var/snap/firefox/common/host-hunspell
1126 |         │                                      /
1127 |         ├─nvme0n1p10 259:10   0  72.6G  0 part /var
1128 |         ├─nvme0n1p11 259:11   0  22.4G  0 part [SWAP]
1129 |         └─nvme0n1p12 259:12   0 234.5G  0 part /home
1130 |         ```
1131 | 
1132 | - `blkid`
1133 |   - Prints each block device in a float format and includes some additional info
1134 |   - `blkid -o list` example output:
1135 | 
1136 |   - ```txt
1137 | 
1138 |     device                    fs_type    label       mount point                   UUID
1139 |         --------------------------------------------------------------------------------------------------------------------
1140 |     
1141 |         /dev/nvme0n1p11           swap                   [SWAP]                        eec1832c-616d-45ed-a66b-e788e6bf8326
1142 |         /dev/nvme0n1p9            ext4                   /                             3cb09b2f-53d2-4f43-a292-8ebe4d65371a
1143 |         /dev/nvme0n1p7                                   (not mounted)
1144 |         /dev/nvme0n1p5                                   (not mounted)
1145 |         /dev/nvme0n1p3                                   (not mounted)
1146 |         /dev/nvme0n1p1                                   /boot/efi
1147 |         /dev/nvme0n1p12                                  /home
1148 |         /dev/nvme0n1p8                                   (not mounted)
1149 |         /dev/nvme0n1p10                                  /var
1150 |         /dev/nvme0n1p6                                   (not mounted)
1151 |         /dev/nvme0n1p4                                   (not mounted)
1152 |         /dev/nvme0n1p2                                   (not mounted)
1153 |     ```
1154 | 
1155 | - `fsck`
1156 |   - Check for correctness and validity of a file system
1157 |   - Repair file system: `fsck -r {device/file system name}`
1158 | 
1159 | - `resize2fs`
1160 |   - Increase or decreate file system size
1161 |   - Typically used after resizing logical volumes in LVM
1162 |   - Resize ext2, ext3, or ext4 file system
1163 |   - `resize2fs [options] {device/file system name} [desired size]`
1164 |   - If no size is specified, fill up remaining open space on volume
1165 | 
1166 | - `tune2fs`
1167 |   - Adjust various tunable parameters of that ext2/ext3 file systems
1168 |   - Can use to add jounral to an existing ext2 and ext3 file system
1169 |   - `tune2fs [options] {device/file system name}`
1170 | 
1171 | - `dumpe2fs`
1172 |   - Prints the superblock and block group info for the selected device
1173 |   - "Superblock" - Contains metadata about the file system (size, type, status)
1174 |   - For ext2, ext3, or ext4 file system
1175 |   - Can be used for faulty file system
1176 | 
1177 | - XFS File System Tools
1178 |   - `xfs_info` - Display details about the XFS file system
1179 |   - `xfs_admin` - Change the parameters of an XFS file system
1180 |   - `xfs_metadump` - Copy the superblock metadata of the XFS file system to a file
1181 |   - `xfs_growfs` - Expand the XFS file system
1182 |   - `xfs_copy` - Copy the contents of the XFS file system to another location
1183 |   - `xfs_repair`
1184 |   - `xfs_db`
1185 | 
1186 | - `lsscsi`
1187 |   - List info about SCSI (SKUH-zee) devices connected to a linux system
1188 |   - SCSI (Small Computer System Interface) is used to connect and communicate between
1189 |       computers and peripheral devices, such as hard disk devices, tape drives, CD/DVD,
1190 |       printers, and scanners.
1191 |   - Relatively old devices
1192 | 
1193 | - `fcstat`
1194 |   - Interacts with and displays statistics of fibre channels connected devices
1195 | 
1196 | ## Linux Directory Structure
1197 | 
1198 | - Filesystem Hierarchy Standard (FHS) specifies a set of guidelines for the names
1199 |   of files and directories and their locations on Linux systems
1200 | 
1201 | - `/` - Top-most directory in linux system
1202 | 
1203 | ```txt
1204 | /
1205 | ├── bin -> usr/bin        - Essential command-line utilities and binaries (ie. `ls`)
1206 | ├── boot                  - Files necessary to boot Linux OS
1207 | ├── cdrom
1208 | ├── dev                   - Hardware and software device drivers (ie, hard drive, printer)
1209 | ├── etc                   - Basic configuration files
1210 | ├── home                  - Users' home directories, including personal files (ie. /home/ismet/)
1211 | ├── lib -> usr/lib        - Shared program libraries required by kernel, CLI utils, and binaries
1212 | ├── media                 - Mount points for removable media (ie CD, floppy disks)
1213 | ├── mnt                   - Mount point for temporary mounting file systems (ie. USB drive)
1214 | ├── opt                   - Optional files for large software packages
1215 | ├── proc                  - Continually updated kernel info to user in file format (ie. `/proc/mounts`)
1216 | ├── root                  - Home directory of root user
1217 | ├── run
1218 | ├── sbin -> usr/sbin      - Binaries used for completing the booting process which are also used by root user (ie `/sbin/ifconfig`)
1219 | ├── snap
1220 | ├── squashfs-root
1221 | ├── srv
1222 | ├── sys                   - Info about devices
1223 | ├── tmp                   - Temporary files lost/cleared on system shutdown
1224 | ├── usr                   - Read-only directory storing small programs and files accessible to all users
1225 |     ├── bin               - Binaries executed by all users
1226 |     ├── lib               - Libraries for executable programs
1227 |     ├── lib64             - Libraries for 64-bit systems
1228 |     ├── local            - Custom build application stored here
1229 |     ├── share            - Read-only files about the system
1230 |     ├── sbin
1231 |     ....
1232 | └── var                   - Variable files, or files that are expected to constantly change (ie. /var/log/syslog). Can include spool files.
1233 | ```
1234 | 
1235 | ## Troubleshooting Storage Issues
1236 | 
1237 | - `ulimit`
1238 |   - Limits the system resources for a user in a Linux-based server
1239 |   - Set 500 maximum open files for user: `ulimit -n 500`
1240 |   - Show all current limits: `ulimit -a`
1241 | 
1242 | - `df`
1243 |   - Displays the device's storage space
1244 |   - Ued, available, Used %, mount point
1245 | 
1246 | - `du`
1247 |   - Display how a device is used
1248 |   - Size of directory tree and files within it
1249 |   - Able to show how used storage is distributed
1250 | 
1251 | - `/sys/block/<DEVICE>/queue/scheduler`
1252 |   - Set the scheduler to use on a particular device
1253 |   - Example setting NOOP scheduler for `sda`
1254 |     - `echo noop > /sys/block/sda/queue/scheduler`
1255 | 
1256 | - `iostat`
1257 |   - Generates reports on CPU and device/partition usage
1258 |   - Incremental reports every 2 seconds: `iostat 2`
1259 | 
1260 | - `ioping`
1261 |   - Monitor I/O latency in real time
1262 |   - Troubleshoot latency with storage devices
1263 |   - Generates a report of device I/O latency in real time
1264 |   - Disk seek rate: `ioping -R /dev/sda`
1265 |   - Disk sequential speed: `ioping -RL /dev/sda`
1266 |   - Current directory: `ioping .`
1267 | 
1268 | - `repquota`
1269 |   - Summary of existing file quotas for a file system
1270 |   - `repquota /backup/data`
1271 | 
1272 | # Files and Directories
1273 | 
1274 | TODO
1275 | 
1276 | # Kernel Modules
1277 | 
1278 | TODO
1279 | 
1280 | # Linux Boot Process
1281 | 
1282 | TODO
1283 | 
1284 | # System Components
1285 | 
1286 | TODO
1287 | 
1288 | # Devices
1289 | 
1290 | TODO
1291 | 
1292 | # Networking
1293 | 
1294 | TODO
1295 | 
1296 | # Packages and Software
1297 | 
1298 | TODO
1299 | 
1300 | # Securing Linux Systems
1301 | 
1302 | ## Cybersecurity Best Practices
1303 | 
1304 | - Cybersecurity
1305 |   - Protection of computer systems and digital info resources from
1306 | unauthorized access, attack, theft, or data damage.
1307 | 
1308 | - Confidentiality
1309 |   - Prevent data theft, no unauthorized access
1310 |   - Use encryption and access controls
1311 | 
1312 | - Integrity
1313 |   - Keep info/data without unauthorized modifications
1314 |   - Prevent defacement
1315 |   - Use hashing, digital signatures, certificates, change control
1316 | 
1317 | - Availability
1318 |   - Authorized users can access data when they need to
1319 |   - Prevent deniel of Service (DoS)
1320 |   - Use redundancy, fault tolerance, patching
1321 | 
1322 | - Remote Authentication Dial-In User Service (RADIUS)
1323 |   - Internet standard protocol that provides authentication, authorization, and
1324 |       accounting (AAA) services
1325 |   - Terminal Access Control Access-Control System (TACACS) - Provides AAA services for remote users
1326 | 
1327 | - Lightweight Directory Access Protocol (LDAP)
1328 |   - TCP/IP-based directory service protocol
1329 |   - Authenticate to LDAP service
1330 |   - Service has schema of what client can and can't do
1331 | 
1332 | - Kerberos
1333 |   - Auth service based on time-sensitive ticket-granting system
1334 |   - Windows-native
1335 |   - Linux has kerberos usage as well
1336 | 
1337 | - Chroot Jail
1338 |   - Isolate a process and its children from the rest of the system
1339 |   - Only use on processes not run as root. Root user can break out of jail.
1340 | 
1341 | ### Encryption
1342 | 
1343 | - Full Drive/Disk Encryption (FDE) - Encryptes a storage drive, partition, or volume using hardware/software utilities
1344 | - File Encryption - Encrypts indiviaul files and folders
1345 | - Linux Unified Key Setup (LUKS)
1346 |   - Used to encrypt storage devices in Linux system
1347 |   - Standardizes the format of encrypted devices
1348 |   - `cryptsetup`
1349 |     - Front-end to LUKS and dm-crypt
1350 |     - `cryptsetup [options] {action} [action arguments]`
1351 |     - `isLuks` - id if a device is a LUKS device
1352 |     - `luksOpen` - Open LUKS storage device
1353 |     - `luksAddKey` - New key with a LUKS device
1354 | - `shred`
1355 |   - Securetly wipe a storage
1356 |   - Write all zeros/random data on it
1357 | - Example step process:
1358 |   - Unmount filesystem from mount point
1359 |     - `sudo umount /backup/data`
1360 |   - Clean partition
1361 |     - `sudo shred -v iterations=1 /dev/backup/data_backup`
1362 |   - Encrypt with passphrase
1363 |     - `sudo cryptsetup -v luksFormat /dev/backup/data_backup`
1364 |     - Enter passphrase
1365 |   - Let system map
1366 |     - `sudo cryptsetup luksOpoen /dev/backup/data_backup data_backup`
1367 |     - Enter passphrase
1368 |   - Verify/Search for new item
1369 |     - `ls -la /dev/mapper | grep data_backup`
1370 |   - Make a filesystem for it
1371 |     - `sudo mkfs.ext4 /dev/mapper/data_backup`
1372 |   - Mount the filesystem to location
1373 |     - `sudo mount /dev/mapper/data_backup /backup/data/`
1374 |   - Add to fstab file
1375 |     - `/dev/mapper/data_backup /backup/data ext4 nofail 0 0`
1376 | 
1377 | ### Hashing
1378 | 
1379 | - Transforms plaintext input into an indecipherable, fixed-length output
1380 | - Involves a hash function that converts input in fixed-size string of bytes
1381 | - Input varies but hashlength always fixed
1382 | - Examples:
1383 |   - Password storage
1384 |     - Store hash of password
1385 |     - Modern systems add "salt" (random value unique to each user) to password before hashing
1386 |   - Data integrity
1387 |     - Hash files and verify integrity of hashed filed to make sure it did not change
1388 |     - Tools like `md5sum` or `sha256sum`
1389 |     - Packaging tools like `apt` use hashing
1390 |   - Secure data transmission
1391 |   - Network security
1392 |   - File identification
1393 | 
1394 | ### Network Configurations
1395 | 
1396 | - Enable SSL/TLS
1397 |   - Encrypt data during transit
1398 | - Enable SSH
1399 |   - Disable root access
1400 |   - Enable allow list
1401 |   - Change port (ie. 2222)
1402 | 
1403 | ### Best Practices
1404 | 
1405 | - Protect boot loader configuration with a password
1406 | - Enable password protection in system's BIOS/UEFI
1407 | - Can prevent kernel modules to load at boot
1408 |   - Blocklist file in `/etc/modprobe.d/
1409 | - Ensure user IDs are not being shared
1410 | - Establish a public key infrastructure for authentication
1411 | - Restrict access to cron job scheduler
1412 | - Disable the use of Ctrl-Alt-Delete to prevent users to reboot system
1413 | - Enable the `auditd` service
1414 | - Add banner when user logs into system with `/etc/issue`
1415 | - Separate OS and other data in different partitions
1416 | - Disable or uninstall unused or insecure services
1417 | 
1418 | ## Identify and Access Management (IAM)
1419 | 
1420 | - IAM - Security process that provides identity, authentication, authorization mechnaisms
1421 | 
1422 | - Public Key Authentication
1423 |   - Used for interactive and automated connections
1424 |   - Between servers or users and servers
1425 |   - Stronger than regular password
1426 |   - Passwordless logins
1427 | 
1428 | ### SSH
1429 | 
1430 | - Supports many authentication methods
1431 | 
1432 | - `~/.ssh/` directory
1433 |   - Contains files related to SSH keys
1434 | 
1435 | - Configuration files within `~/.ssh/` directory
1436 |   - `~/.ssh/id_rsa` - User's private key
1437 |   - `~/.ssh/id_rsa.pub` - User's public key
1438 |   - `~/.ssh/authorized_keys` - Public keys that SSH server accepts
1439 |   - `~/.ssh/known_hosts` - Public keys that the SSH client accepts
1440 |   - `~/.ssh/config` - SSH connection settings
1441 | 
1442 | - `/etc/ssh/sshd_config` file
1443 |   - Configure the SSH server
1444 |   - Edit: `vim /etc/ssh/sshd_config`
1445 |   - Settings in this file include:
1446 |     - `PasswordAuthentication` - Enable/Disable password-based SSH authentication
1447 |     - `PubkeyAuthentication` - Enable/Disable public key-based authentication
1448 |     - `Hostkey` - Location of the server's private keys
1449 |     - `UsePAM` - Enable/Disable support for Pluggable Auth Modules (PAM)
1450 |     - `Port` - Change port number for the SSH service
1451 |     - `AllowUsers`/`AllowGroups` - Allow user/group-specific access for SSH
1452 |     - `DenyUsers`/`DenyGroups` - Deny user/group-specific access for SSH
1453 |     - `PermitRootLogin` - Enable/Disable root user to log in over SSH
1454 |   - After changing: `systemctl restart sshd`
1455 | 
1456 | - `/etc/hosts.allow` / `/etc/hosts.deny` files
1457 |   - Allow and deny remote hosts access
1458 | 
1459 | - `ssh-keygen` - Generate a public/private key pair
1460 | - `ssh-copy-id` - Put user's public key (ie. `id_rsa.pub`) into remote server's `authorized_keys` file
1461 | - `ssh-add` - Add user's private keys to the running SSH key agent
1462 | 
1463 | ### Pluggable Auth Modules (PAM)
1464 | 
1465 | - Help apps make proper use of user accounts in Linux
1466 | - LDAP most common use cases that uses this
1467 | 
1468 | - `/etc/pam.d/` directory
1469 |   - Stores PAM config files
1470 |   - Include directives that PAM looks to for authentication
1471 | 
1472 | - Modules
1473 |   - Modules will generate success or failure when called
1474 |   - Account module - checks user accessibility
1475 |   - Auth - Verify passwords and set credentials (Kerberos tickets)
1476 |   - Password - Change and verify passwords
1477 |   - Session - Configure and manages user sessions
1478 | 
1479 | - Control flags
1480 |   - Tell PAM what to do with the result
1481 |   - Optional, required, requisite, sufficient
1482 | 
1483 | - Examples of PAM directives
1484 |   - Require the user to enter a strong password
1485 |     - `password requisite pam_pwquality.so local_users_only`
1486 |   - Enforce a password history of 90 days
1487 |     - `password requisite pam_pwhistory.so remember=90`
1488 |   - Allow the module not to do any password checks
1489 |     - `password sufficient pam_unix.so sha512 use_authtok`
1490 | 
1491 | - User lockout
1492 |   - Module `pam_failock` (newer `pam_tally2`)
1493 |     - Trigger temporary user lockout at failed user auth
1494 |   - Place user lockout directives in `/etc/pam.d/password-auth` and `/etc/pam.d/system-auth`
1495 |   - `pam_tally2 -r -u user` - Unlock user and reset failure count
1496 | 
1497 | - `/etc/securetty` - Determines the controlling terminals the root user has access to
1498 | 
1499 | ### Public Key Infrastructure (PKI)
1500 | 
1501 | - PKI is a framework used to create, manage, distribute, use, store, and
1502 |   revoke digital certificates and manage public-key encryption.
1503 | 
1504 | - Publicly available or maintained privately by an organization
1505 | 
1506 | - PKI Components
1507 |   - Digital Signature
1508 |     - Encrypted message digest with a user's private key
1509 |   - Digital Certificate
1510 |     - Electronic document that associates credentials with a public key
1511 |   - Certificate Authority (CA)
1512 |     - Issues digital certificates for entities and maintains the
1513 |           associated private/public key pair
1514 |   - Certificate Signing Request (CSR)
1515 |     - Message sent to the certificate authority in which an entity applies
1516 |           for a certificate
1517 | 
1518 | - OpenSSL
1519 |   - Open-source implementation of the SSL/TLS protocol for securing data
1520 |       in transit using cryptography
1521 |   - Most common tools for generating and managing components of a PKI
1522 |   - `openssl [subcommand] [options]`
1523 | 
1524 | - OpenVPN
1525 |   - Supports password-based certificate-based, and smart card-based authentication
1526 |       for clients
1527 |   - Configure in `/etc/openvpn/` directory
1528 | 
1529 | ## SELinux and AppArmor
1530 | 
1531 | ## Firewalls
1532 | 
1533 | - Program interface between private network and the internet
1534 | - Firewall can accept, reject, or drop (no notification back) connections/requests
1535 | - Types
1536 |   - Packet Filter Firewall (1st Gen)
1537 |     - Decisions based on rules that correspond to network packet attributes
1538 |     - "Sateless firewalls" - Only instpect packet in isolation
1539 | 
1540 |   - Stateful Firewalls (2nd Gen)
1541 |     - Identifies past traffic related to a packet
1542 | 
1543 |   - Application Layer Firewall (3rd Gen)
1544 |     - Inspect the contents of application layer traffic
1545 |     - Insect HTTP or FTP
1546 | 
1547 |   - Stateless Firewall's ACL
1548 |     - Allows or denies packets based on various factors
1549 | 
1550 | ### `iptables`
1551 | 
1552 | - Applies to a certain context and consists of rule sets (chains)
1553 | - `iptables [options] [-t table] [commands] {chain/rule specification}`
1554 | - Has 5 default tables that can be activated in Linux kernel
1555 |     1.*Filter table* - Default table. Typical packet filtering functionality.
1556 |     2.*Nat table* - Implement Network Address Translation (NAT) rules. Public Network <-> Private Network
1557 |     3.*Mangle table* - Alter the packets' TCP/IP header.
1558 |     4.*Raw table* - Configure exceptions involved in connection tracking
1559 |     5.*Security table* - Mark packets with SELinux security contexts
1560 | - By default, rules are lost on reboot, however can save explicitly with these:
1561 |   - CentOS/RHEL - `iptables-services` package
1562 |   - Debian-based (ie. Ubuntu) - `iptables-persistent` package
1563 | - Logging
1564 |   - `iptables -N LOGCHN` - Creates a new log chain
1565 |   - `iptables -I LOGCHN -j LOG` - Log all packets that reach this chain
1566 |   - Events written to `/var/log/messages` or `/var/log/kern.log`
1567 | 
1568 | ### `ufw`
1569 | 
1570 | Uncomplicated Firewall (UFW) tool
1571 | 
1572 | - Makes iptables service easier to configure
1573 | - Examples:
1574 |   - `ufw enable` - Enable the firewall
1575 |   - `ufw allow http/tcp` - Allow rule for HTTP
1576 |   - `ufw logging`
1577 |     - Turn on logging
1578 |     - Adjust logging level: `ufw logging [level]` (ie. `low`, `medium`, `high`, `full`)
1579 |     - Logs can typicall be found in `/var/log/syslog` and `/var/log/ufw.log`
1580 |     - View with `sudo grep UFW /var/log/syslog`
1581 | - `/etc/default/ufw` file
1582 |   - Use to setup for more complicated firewalls
1583 |   - Policy defaults and kernel module usage
1584 | - `/etc/ufw/` directory
1585 |   - Granular UFW configuration files
1586 | 
1587 | ### firewalld
1588 | 
1589 | Tool to dynamically manage a firewall without requiring a restart
1590 | 
1591 | - Uses zones and services
1592 | - Firewall zones
1593 |   - Rule sets that apply to network interfaces (ie. network interface card)
1594 |   - `drop` - Zone with lowest level of trust
1595 | - Ubuntu installation
1596 |   - `sudo apt install firewalld`
1597 | - `firewall-cmd` CLI tool
1598 |   - Configure firewalld by querying, adding, modifying, and deleting
1599 |       zones and services as desired
1600 | - By default, there is always a `public` zone
1601 | - `dmz` zone typically used for internet-facing services
1602 | - Examples:
1603 |   - `firewall-cmd --get-zones` - List available firewalld zones
1604 |   - `firewall-cmd  --permanent --zone=public --add-service=ssh` - Add SSH protocol permanently
1605 |   - `firewall-cmd --permanent --add-port=2222/tcp - Allow a specific port/protocol
1606 |   - `firewall-cmd --set-default-zone=drop` - Set a default zone. Drop will drop all incoming traffic
1607 |   - `firewall-cmd --zone=dmz -remove-port=21/tcp` - Remove FTP from the DMZ zone
1608 |   - `firewall-cmd --reload` - Reload all firewalld rules
1609 | 
1610 | ### Netfilter
1611 | 
1612 | - Handles packets that traverse a network interface
1613 | - `nftables` designed as replacement for `iptables` and installed on Debian systems
1614 | 
1615 | - IP Forwarding - Enables incoming traffic on one network interface to another
1616 | - IP Sets
1617 |   - Collection of IP and MAC addresses, network ranges, port numbers, and network interface names
1618 |   - `ipset` - Create and modify IP sets
1619 | 
1620 | - Trusted ports
1621 |   - Port 0->1023
1622 |   - Must have superuser privellages
1623 | 
1624 | ### Intrusion Prevention System (IPS)
1625 | 
1626 | Monitors and evaluates a system for attack signs and blocks traffic that it determines malicious
1627 | 
1628 | - Second layer of defence after firewall
1629 | - `DenyHosts`
1630 |   - Examine auth log files for issues
1631 |   - Protects SSH servers from brute force password cracking attacks
1632 |   - `/etc/denyhosts.conf` - primary config file
1633 | - `fail2ban`
1634 |   - Install: `sudo apt install fail2ban`
1635 |   - Examine auth log files for issues
1636 |   - Looks at any system service not just SSH
1637 |   - `/etc/fail2ban/jail.conf`
1638 |     - Primary configuration file
1639 |     - Copy primary config file to `/etc/fail2ban/jail.local`
1640 |       - `sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local`
1641 |     - Or make custom `.conf` file within `/etc/fail2ban/jail.d/` directory
1642 |     - Configuration options:
1643 |       - `bantime` - How long a host is blocked from accessing a resource
1644 |       - `maxretry` - Number of times a host can fail before being blocked
1645 |       - `ignoreip` - Whitelist of accepted hosts
1646 |       - `banaction` - What to do when banned
1647 |         - Can work with `firewalld`: `banaction = firewallcmd-ipset`
1648 |     - Configuration file example:
1649 | 
1650 |       - ```makefile
1651 |             [sshd]
1652 |             enabled = true
1653 |             port = 22
1654 |             filter = sshd
1655 |             logpath = /var/log/auth.log  # This path may differ based on your Linux distribution.
1656 |             maxretry = 5                 # How long a host is blocked from accessing a resource
1657 |             bantime = 600                # How long a host is blocked from accessing a resource
1658 |         ```
1659 | 
1660 |   - `fail2ban-client status`
1661 |     - Check status of all fail2ban jails
1662 |     - `fail2ban-client status [service]` - Check status of specific jail (ie. `sshd`)
1663 | 
1664 | ## Logging Services
1665 | 
1666 | Any action from OS events to user actions is logged on a Linux system
1667 | 
1668 | - System logs
1669 |   - System activity
1670 | 
1671 | - Remote logging
1672 |   - Centralized logging server that receives and processes syslog data
1673 | 
1674 | - syslog-ng is next generation of syslogd
1675 | 
1676 | - `journalctl`
1677 |   - Enables viewing and querying of log files
1678 |   - Examples:
1679 |     - `journalctl -b -1` - Show all messages from last boot
1680 |     - `journalctl -f` - Actively follow messages
1681 |     - `journalctl -u <UNIT>` - Show messages from specific service unit (ie. sshd)
1682 |     - `journalctl -n 10` - Only show 10 log lines
1683 |   - `/etc/systemd/journald.conf` - Configuration file
1684 | 
1685 | ### `/var/log/` directory
1686 | 
1687 | Holds all logging files
1688 | 
1689 | - `/var/log/syslog` - All system events (Debian-based Linux)
1690 | - `/var/log/auth.log` - Authentication messages (Debian-based Linux)
1691 | - `/var/log/messages` - Red Hat/CentOS non-critical system event logs (RedHat/CentOS)
1692 | - `/var/log/secure` - Authentication messages (RedHat/CentOS)
1693 | - `/var/log/kern.log` - Linux kernel messages
1694 | - `/var/log/[APPLICATION]` - Misc. Application (cron, firewalld, mailog, etc)
1695 | 
1696 | ### Log Rotation
1697 | 
1698 | Creating new versions of a log file. Typically compressing older logs.
1699 | 
1700 | - `logrotate`
1701 |   - Perform automatic rotation of logs
1702 |   - `/etc/logrotate.d/` directory - Log rotation behavior
1703 |   - Example of log rotation config file for `/etc/logrotate.d/firewalld`
1704 | 
1705 |     - ```txt
1706 | 
1707 |         /var/log/firewalld {
1708 |             weekly            <---- Time period
1709 |             missingok
1710 |             rotate 4          <---- Maximum number of files to keep
1711 |             copytruncate
1712 |             minsize 1M        <---- Minimum log file size
1713 |         }
1714 |         ```
1715 | 
1716 | ### `rsyslogd` Service
1717 | 
1718 | - `/etc/rsyslog.conf`
1719 |   - Configuration for rsyslogd
1720 |   - May also be found in `/etc/rsyslog.d/50-default.conf`
1721 |   - Two-columns
1722 |     - Column 1 - Message sevirities for services (ie. info, warn, error, etc)
1723 |     - Column 2 - What actions should be taken (ie. warn user, store in log file)
1724 | 
1725 | ## Backup, Restore, and Verify Data
1726 | 
1727 | - `tar`
1728 |   - "Tape archiver"
1729 |   - Creation of archives
1730 |   - `tar -cvf <FILE> --diredctory=<PATH>` - Create gzipped archive from directory
1731 |   - `tar -xvf <FILE>` - Extract compressed archive file
1732 | 
1733 | - `dar`
1734 |   - "Disk archiver:
1735 |   - OFfers more backup and archiving functions
1736 |   - `dar -R mydata -c full.bak` - Full backup
1737 |   - `dar -R mydata -c diff1.back -A full.back` - Differential backup (compare to last full backup)
1738 | 
1739 | - `cpio`
1740 |   - Copies files in and out of archives
1741 |   - Doesn't compress items, but can be used with `gzip`
1742 |   - Typically `tar` and `gzip` are more popular for archiving
1743 |   - `ls | cpio -o > dir_archive` - Copy all files in current directory to archive
1744 | 
1745 | 
1746 | - `dd`
1747 |   - "Disk duplicate" or "Disk destroyer"
1748 |   - Copies and converts fiels to be transferred from one type of media to another
1749 |   - Very powerful command
1750 |   - Options:
1751 |     - `if={filename}` - Data input to be read (can be device)
1752 |     - `of={filename}` - Data output target to be written to (can be device)
1753 |     - `bs={bytes}` - Total block size to read and write in bytes
1754 |     - `count={count}` - Number of blocks to be written
1755 |     - `status={level}` - Info to print to standard error
1756 |   - Examples:
1757 |     - `dd if={{path/to/file.iso}} of=/dev/{{usb_drive}}` - Make bootable USB from ISO
1758 |     - `dd if=/dev/sda of=/home/ismet/backup/sda_backup.img` - Make drive backup to image file
1759 |     - `dd if=/home/ismet/backup/sda_backup.img of=/dev/sda` - Restore a driave from image file
1760 | 
1761 | - `mirrorvg`
1762 |   - Copies all logical volumes in a specified logcial volume group for LVM
1763 |   - Can also use `mklvcopy` or `lvcreate -m1`
1764 | 
1765 | - Ensure good off-site backup in another location
1766 | 
1767 | - `scp` - Copy data to or from a remote host over SSH
1768 | 
1769 | - `rsync`
1770 |   - Copy files locally and to remote systems
1771 |   - Copies differences between files (differential backup)
1772 | 
1773 | - `xz` make smaller archives than `gzip`, but `gzip` is faster
1774 | 
1775 | ## Hashing for Integrity Check
1776 | 
1777 | - Hash all files in a directory
1778 |   - `sha256sum my_dir/* > hashes.txt`
1779 |   - Example content:
1780 | 
1781 |     - ```txt
1782 |         250c061c02be20d0a84d91e581ea537d2f24f79c58f1abfddc1bfc78bd4d7514  temp_site/astro.config.mjs
1783 |         e94517a99de77a9ed069806a9a63511cb2b7ba945b751d3587134bb6a007e9ae  temp_site/LICENSE
1784 |         064ef947df5eaf39e7d58148293aafc40c3090d4aa19bbe67a766eb1dcb0764a  temp_site/package.json
1785 |         08d9f10cea00761f37fdd03a43ff1683f2a86c29d63f208992eed2c5818e16ed  temp_site/package-lock.json
1786 |         4d0aa23639dfadfaea4228245915c8a9b399586d028d138c09a957adced4a9a7  temp_site/README.md
1787 |         634d86e5196fa02e44122239efc8040b417881732d63c3f114c5f87f18c19a30  temp_site/sandbox.config.json
1788 |         70e9b27728abe6fba4cd7a5eaa1a8ac07cc6d2986fcbda37377636e1218d35bf  temp_site/tsconfig.json
1789 |         ```
1790 | 
1791 | - Check hashes in the hashes are valid, and files did not change
1792 |   - `sha256sum --check hashes.txt`
1793 |   - Example output (one file changed):
1794 | 
1795 |     - ```txt
1796 |         temp_site/astro.config.mjs: OK
1797 |         temp_site/LICENSE: FAILED
1798 |         temp_site/package.json: OK
1799 |         temp_site/package-lock.json: OK
1800 |         temp_site/README.md: OK
1801 |         temp_site/sandbox.config.json: OK
1802 |         temp_site/tsconfig.json: OK
1803 |         sha256sum: WARNING: 1 computed checksum did NOT match
1804 |         ```
1805 | 
1806 | ## Backup, Restore, Synchronize
1807 | 
1808 | ## Compressing Files
1809 | 
1810 | ## Itengrity Checking
1811 | 
1812 | 
1813 | # MISC
1814 | 
1815 | ## Cron
1816 | 
1817 | ```txt
1818 | * * * * *  command to execute
1819 | ┬ ┬ ┬ ┬ ┬
1820 | │ │ │ │ │
1821 | │ │ │ │ └───── Day of the week (0 - 7, where 0 and 7 represent Sunday)
1822 | │ │ │ └────────── Month (1 - 12)
1823 | │ │ └─────────────── Day of the month (1 - 31)
1824 | │ └──────────────────── Hour (0 - 23)
1825 | └───────────────────────── Minute (0 - 59)
1826 | ```
1827 | 
1828 | - `0 * * * * /path/to/script.sh` - Beginning of every hour
1829 | - `45 4 1,15 * 5 command` - 4.45am, 1st and 15th of month, every month, only on Fridays
1830 | - `*/10 **** command` - Every 10 minutes
1831 | 


--------------------------------------------------------------------------------
/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ismet55555/CompTIA_Linux_Plus_Notes/bc8ba85fba49513f8f9ad1b4bb520e69b047329a/logo.png


--------------------------------------------------------------------------------