├── docs ├── .gitignore ├── img │ ├── htop.png │ ├── lsl.png │ ├── lym.png │ ├── vim1.png │ ├── vim2.png │ ├── vim3.png │ ├── firewall.png │ ├── selinux.png │ ├── she-bang.png │ ├── terminal1.png │ ├── demon_hackers.png │ ├── passwordauthno.png │ ├── needsrestart_debian.png │ └── unattended_upgrades_debian_buster.png ├── _static │ └── lym.png ├── _themes │ ├── flask_theme_support.pyc │ ├── kr │ │ ├── theme.conf │ │ ├── relations.html │ │ ├── static │ │ │ ├── small_flask.css │ │ │ └── flasky.css_t │ │ └── layout.html │ ├── README.rst │ ├── LICENSE │ └── flask_theme_support.py ├── containers.rst ├── _templates │ ├── sidebarlogo.html │ └── sidebarintro.html ├── advancedsection.rst ├── Makefile ├── fhsandaccess.rst ├── index.rst ├── random.rst ├── workbook.rst ├── mounting.rst ├── conf.py ├── selinux.rst ├── files.rst ├── users.rst ├── useful.rst ├── firewall.rst ├── processes.rst ├── curl.rst ├── startingcommands.rst ├── packages.rst └── networking.rst ├── requirements.txt └── README.md /docs/.gitignore: -------------------------------------------------------------------------------- 1 | _build 2 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | recommonmark 2 | -------------------------------------------------------------------------------- /docs/img/htop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/htop.png -------------------------------------------------------------------------------- /docs/img/lsl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/lsl.png -------------------------------------------------------------------------------- /docs/img/lym.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/lym.png -------------------------------------------------------------------------------- /docs/img/vim1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/vim1.png -------------------------------------------------------------------------------- /docs/img/vim2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/vim2.png -------------------------------------------------------------------------------- /docs/img/vim3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/vim3.png -------------------------------------------------------------------------------- /docs/_static/lym.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/_static/lym.png -------------------------------------------------------------------------------- /docs/img/firewall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/firewall.png -------------------------------------------------------------------------------- /docs/img/selinux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/selinux.png -------------------------------------------------------------------------------- /docs/img/she-bang.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/she-bang.png -------------------------------------------------------------------------------- /docs/img/terminal1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/terminal1.png -------------------------------------------------------------------------------- /docs/img/demon_hackers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/demon_hackers.png -------------------------------------------------------------------------------- /docs/img/passwordauthno.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/passwordauthno.png -------------------------------------------------------------------------------- /docs/img/needsrestart_debian.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/needsrestart_debian.png -------------------------------------------------------------------------------- /docs/_themes/flask_theme_support.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/_themes/flask_theme_support.pyc -------------------------------------------------------------------------------- /docs/img/unattended_upgrades_debian_buster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kushaldas/lym/HEAD/docs/img/unattended_upgrades_debian_buster.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Linux command line for you and me. 2 | 3 | Read it [here](https://lym.readthedocs.io/). 4 | 5 | (c) 2017-2022 Kushal Das, All rights reserved. 6 | -------------------------------------------------------------------------------- /docs/containers.rst: -------------------------------------------------------------------------------- 1 | Containers 2 | =========== 3 | 4 | For now, just watch `this talk `_ 5 | by the amazing Alice Goldfuss. 6 | -------------------------------------------------------------------------------- /docs/_themes/kr/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = basic 3 | stylesheet = flasky.css 4 | pygments_style = flask_theme_support.FlaskyStyle 5 | 6 | [options] 7 | touch_icon = 8 | -------------------------------------------------------------------------------- /docs/_templates/sidebarlogo.html: -------------------------------------------------------------------------------- 1 | 6 |

7 | 8 | 9 |

10 | Linux command line for you and me is a book for newcomers 11 | to command line environment. 12 |

13 | -------------------------------------------------------------------------------- /docs/advancedsection.rst: -------------------------------------------------------------------------------- 1 | Advanced section 2 | ================ 3 | 4 | This chapter onwards, we will learn more about the different tools, 5 | that people use for various purposes. 6 | Most of these can be used for both, personal as well as professional use cases; 7 | even within big companies (depending on the situation) 8 | 9 | 10 | To start, watch this `talk on failure `_. 11 | -------------------------------------------------------------------------------- /docs/_themes/kr/relations.html: -------------------------------------------------------------------------------- 1 |

Related Topics

2 | 20 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Minimal makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | SPHINXPROJ = Linuxcommandlineforyouandme 8 | SOURCEDIR = . 9 | BUILDDIR = _build 10 | 11 | # Put it first so that "make" without argument is like "make help". 12 | help: 13 | @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 14 | 15 | .PHONY: help Makefile 16 | 17 | # Catch-all target: route all unknown targets to Sphinx using the new 18 | # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). 19 | %: Makefile 20 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) -------------------------------------------------------------------------------- /docs/_templates/sidebarintro.html: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 |

9 | Linux command line for you and me is a book for newcomers 10 | to the command line environment. 11 |

12 | 13 |

14 | Feedback is greatly appreciated. If you have any questions, comments, 15 | random praise, or anonymous threats, 16 | shoot me an email. 17 |

18 | 19 | 20 |

Useful Links

21 | 25 | -------------------------------------------------------------------------------- /docs/fhsandaccess.rst: -------------------------------------------------------------------------------- 1 | File system 2 | ============ 3 | 4 | Now you know a few really basic, Linux commands. 5 | Before we can learn anything else, we should look into how files and directories are structured inside a Linux system. 6 | 7 | 8 | .. index:: fhs 9 | 10 | FHS 11 | --- 12 | 13 | :: 14 | 15 | $ ls / 16 | bin boot dev etc home lib lib64 lost+found mc media mnt opt output proc root run sbin srv sys tmp usr var 17 | 18 | 19 | **/** is the root directory of your file system. 20 | It’s under this directory, that all the other files and directories reside. There’s a `Filesystem Hierarchy Standard(FHS) `_, which talks 21 | about these different directories, and what kinds of files are located in which directory. 22 | -------------------------------------------------------------------------------- /docs/_themes/README.rst: -------------------------------------------------------------------------------- 1 | krTheme Sphinx Style 2 | ==================== 3 | 4 | This repository contains sphinx styles Kenneth Reitz uses in most of 5 | his projects. It is a drivative of Mitsuhiko's themes for Flask and Flask related 6 | projects. To use this style in your Sphinx documentation, follow 7 | this guide: 8 | 9 | 1. put this folder as _themes into your docs folder. Alternatively 10 | you can also use git submodules to check out the contents there. 11 | 12 | 2. add this to your conf.py: :: 13 | 14 | sys.path.append(os.path.abspath('_themes')) 15 | html_theme_path = ['_themes'] 16 | html_theme = 'kr' 17 | 18 | The following themes exist: 19 | 20 | **kr** 21 | the standard flask documentation theme for large projects 22 | 23 | **kr_small** 24 | small one-page theme. Intended to be used by very small addon libraries. 25 | 26 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | .. Linux command line for you and me documentation master file, created by 2 | sphinx-quickstart on Thu Jun 22 15:23:43 2017. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | Welcome to Linux command line for you and me! 7 | ============================================== 8 | 9 | 10 | .. toctree:: 11 | :maxdepth: 2 12 | :caption: Contents: 13 | 14 | startingcommands 15 | fhsandaccess 16 | useful 17 | curl 18 | users 19 | files 20 | processes 21 | services 22 | packages 23 | selinux 24 | mounting 25 | networking 26 | firewall 27 | random 28 | workbook 29 | advancedsection 30 | containers 31 | 32 | Team 33 | ===== 34 | 35 | - `Jason Braganza `_ (Editor in command) 36 | - `Kushal Das `_ (Adds typos in every form) 37 | 38 | Indices and tables 39 | ================== 40 | 41 | * :ref:`genindex` 42 | * :ref:`search` 43 | -------------------------------------------------------------------------------- /docs/_themes/kr/static/small_flask.css: -------------------------------------------------------------------------------- 1 | /* 2 | * small_flask.css_t 3 | * ~~~~~~~~~~~~~~~~~ 4 | * 5 | * :copyright: Copyright 2010 by Armin Ronacher. 6 | * :license: Flask Design License, see LICENSE for details. 7 | */ 8 | 9 | body { 10 | margin: 0; 11 | padding: 20px 30px; 12 | } 13 | 14 | div.documentwrapper { 15 | float: none; 16 | background: white; 17 | } 18 | 19 | div.sphinxsidebar { 20 | display: block; 21 | float: none; 22 | width: 102.5%; 23 | margin: 50px -30px -20px -30px; 24 | padding: 10px 20px; 25 | background: #333; 26 | color: white; 27 | } 28 | 29 | div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p, 30 | div.sphinxsidebar h3 a { 31 | color: white; 32 | } 33 | 34 | div.sphinxsidebar a { 35 | color: #aaa; 36 | } 37 | 38 | div.sphinxsidebar p.logo { 39 | display: none; 40 | } 41 | 42 | div.document { 43 | width: 100%; 44 | margin: 0; 45 | } 46 | 47 | div.related { 48 | display: block; 49 | margin: 0; 50 | padding: 10px 0 20px 0; 51 | } 52 | 53 | div.related ul, 54 | div.related ul li { 55 | margin: 0; 56 | padding: 0; 57 | } 58 | 59 | div.footer { 60 | display: none; 61 | } 62 | 63 | div.bodywrapper { 64 | margin: 0; 65 | } 66 | 67 | div.body { 68 | min-height: 0; 69 | padding: 0; 70 | } 71 | 72 | .rtd_doc_footer { 73 | display: none; 74 | } 75 | 76 | .document { 77 | width: auto; 78 | } 79 | 80 | .footer { 81 | width: auto; 82 | } 83 | 84 | .footer { 85 | width: auto; 86 | } 87 | 88 | .github { 89 | display: none; 90 | } -------------------------------------------------------------------------------- /docs/_themes/kr/layout.html: -------------------------------------------------------------------------------- 1 | {%- extends "basic/layout.html" %} 2 | {%- block extrahead %} 3 | {{ super() }} 4 | {% if theme_touch_icon %} 5 | 6 | {% endif %} 7 | 9 | 10 | {% endblock %} 11 | {%- block relbar2 %}{% endblock %} 12 | {%- block footer %} 13 |
14 | {% if next or prev %} 15 | 23 | {% endif %} 24 | © Copyright {{ copyright }}. 25 |
26 | 40 | 41 | {%- endblock %} 42 | -------------------------------------------------------------------------------- /docs/_themes/LICENSE: -------------------------------------------------------------------------------- 1 | Modifications: 2 | 3 | Copyright (c) 2010 Kenneth Reitz. 4 | 5 | 6 | Original Project: 7 | 8 | Copyright (c) 2010 by Armin Ronacher. 9 | 10 | 11 | Some rights reserved. 12 | 13 | Redistribution and use in source and binary forms of the theme, with or 14 | without modification, are permitted provided that the following conditions 15 | are met: 16 | 17 | * Redistributions of source code must retain the above copyright 18 | notice, this list of conditions and the following disclaimer. 19 | 20 | * Redistributions in binary form must reproduce the above 21 | copyright notice, this list of conditions and the following 22 | disclaimer in the documentation and/or other materials provided 23 | with the distribution. 24 | 25 | * The names of the contributors may not be used to endorse or 26 | promote products derived from this software without specific 27 | prior written permission. 28 | 29 | We kindly ask you to only use these themes in an unmodified manner just 30 | for Flask and Flask-related products, not for unrelated projects. If you 31 | like the visual style and want to use it for your own projects, please 32 | consider making some larger changes to the themes (such as changing 33 | font faces, sizes, colors or margins). 34 | 35 | THIS THEME IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 36 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 38 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 39 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 40 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 41 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 42 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 43 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 44 | ARISING IN ANY WAY OUT OF THE USE OF THIS THEME, EVEN IF ADVISED OF THE 45 | POSSIBILITY OF SUCH DAMAGE. 46 | -------------------------------------------------------------------------------- /docs/random.rst: -------------------------------------------------------------------------------- 1 | Random things 2 | ============== 3 | 4 | I have yet to figure out where to put this information, which is why they are 5 | here, in the random chapter. These will be moved to different chapters in the 6 | future. 7 | 8 | .. index:: xclip 9 | 10 | xclip to copy from terminal 11 | ---------------------------- 12 | 13 | The **xclip** command helps us to copy any file or output from another command into our clipboard, so that we can paste it via `Ctrl+v`. 14 | 15 | :: 16 | 17 | $ xclip -sel clip myfile.txt 18 | $ ls -l /var/lib | xclip -sel clip 19 | 20 | .. index:: w 21 | 22 | w command 23 | ---------- 24 | 25 | The **w** command shows all the users, logged in to the computer. If you pass 26 | the *-f* flag, it toggles information about where each user is logged in from. 27 | 28 | :: 29 | 30 | $ w 31 | 17:22:41 up 24 days, 11:37, 2 users, load average: 0.56, 0.50, 0.59 32 | USER TTY LOGIN@ IDLE JCPU PCPU WHAT 33 | kdas tty2 31May17 22days 3:07m 3:16 i3 -a --restart /run/user/1000/i3/restart-state.28641 34 | 35 | .. index:: uptime 36 | 37 | How long is the system running? 38 | --------------------------------- 39 | 40 | We have the **uptime** command which gives us information about how long the 41 | system is running. You can figure out the last time the system turned off or 42 | rebooted at a glance. For my laptop, it was 24 days ago. 43 | 44 | :: 45 | 46 | $ uptime 47 | 17:31:30 up 24 days, 11:46, 2 users, load average: 0.76, 0.98, 0.81 48 | 49 | .. index:: time 50 | 51 | Finding CPU time of a command 52 | ------------------------------ 53 | 54 | The **time** command will help you to find the CPU time spent for any command. 55 | The following example will tell us how much time ``du -sh`` took to calculate the 56 | disk usage. 57 | 58 | :: 59 | 60 | $ time du -sh 61 | 5.5G . 62 | 63 | real 0m1.026s 64 | user 0m0.235s 65 | sys 0m0.783s 66 | 67 | .. index:: dmesg 68 | 69 | dmesg command 70 | -------------- 71 | 72 | The **dmesg** command prints out messages from the kernel buffer. Using this 73 | tool we can learn about the messages and information from the kernel drivers 74 | during and after the boot up process. This can be very handy when 75 | troubleshooting; for e.g. when the machine fails to boot or a certain piece of 76 | hardware does not function correctly. 77 | 78 | 79 | Setting up cron jobs 80 | --------------------- 81 | 82 | One can schedule tasks using cron jobs. You can mention a certain time when a 83 | given task will be executed. In latest Fedora/CentOS, we use **cronie** 84 | package, in other systems we have **cron** or **anacron** package. 85 | 86 | 87 | To view any existing jobs 88 | 89 | :: 90 | 91 | crontab -l 92 | 93 | 94 | To add a new cronjob or edit a provious one, use the command 95 | 96 | ``crontab -e``. 97 | 98 | 99 | Format of a crontab file 100 | 101 | :: 102 | 103 | * * * * * /path/to/command 104 | + + + + + 105 | | | | | | 106 | | | | | | 107 | | | | | | 108 | | | | | | 109 | | | | | | 110 | | | | | +------> Day of the week (0-7) 111 | | | | | 112 | | | | +--------> Month of the year (1-12) 113 | | | | 114 | | | +----------> Day of the month (1-31) 115 | | | 116 | | +------------> Hour (0-23) 117 | | 118 | +--------------> Minute (0,59) 119 | 120 | 121 | Say we want to execute a shell script everyday at midnight. 122 | 123 | :: 124 | 125 | 0 0 * * * /usr/bin/myscript.sh 126 | 127 | 128 | Another example can be executing the same script in every 15 minutes in every hour. 129 | 130 | 131 | :: 132 | 133 | 0,15,30,45 * * * * /usr/bin/myscript.sh 134 | 135 | 136 | 137 | 138 | .. index:: last 139 | 140 | Finding out details about previous logins or system reboots 141 | ------------------------------------------------------------ 142 | 143 | **last** command will give you the details about all the previous logins and 144 | shutdown/reboots. This command actually checks */var/tmp/wtmp* file for the 145 | logs. 146 | 147 | The */var/log/btmp* file stores all the bad login details, and */var/log/utmp* 148 | file stores the details of the currently logged in users (**who** command 149 | reads this file). 150 | 151 | You can read the *btmp* file using **last** command. 152 | 153 | :: 154 | 155 | last -f /var/log/btmp 156 | 157 | To know more, you can read the man page of *wmtp*. 158 | 159 | 160 | Whats next? 161 | ============ 162 | 163 | After you are familiar with the commands in this book, we would suggest you to learn 164 | shell scripting. 165 | 166 | Start from `https://www.shellscript.sh `_ and then 167 | you can read the `beginners bash guide 168 | `_. 169 | -------------------------------------------------------------------------------- /docs/_themes/flask_theme_support.py: -------------------------------------------------------------------------------- 1 | # flasky extensions. flasky pygments style based on tango style 2 | from pygments.style import Style 3 | from pygments.token import Keyword, Name, Comment, String, Error, \ 4 | Number, Operator, Generic, Whitespace, Punctuation, Other, Literal 5 | 6 | 7 | class FlaskyStyle(Style): 8 | background_color = "#f8f8f8" 9 | default_style = "" 10 | 11 | styles = { 12 | # No corresponding class for the following: 13 | #Text: "", # class: '' 14 | Whitespace: "underline #f8f8f8", # class: 'w' 15 | Error: "#a40000 border:#ef2929", # class: 'err' 16 | Other: "#000000", # class 'x' 17 | 18 | Comment: "italic #8f5902", # class: 'c' 19 | Comment.Preproc: "noitalic", # class: 'cp' 20 | 21 | Keyword: "bold #004461", # class: 'k' 22 | Keyword.Constant: "bold #004461", # class: 'kc' 23 | Keyword.Declaration: "bold #004461", # class: 'kd' 24 | Keyword.Namespace: "bold #004461", # class: 'kn' 25 | Keyword.Pseudo: "bold #004461", # class: 'kp' 26 | Keyword.Reserved: "bold #004461", # class: 'kr' 27 | Keyword.Type: "bold #004461", # class: 'kt' 28 | 29 | Operator: "#582800", # class: 'o' 30 | Operator.Word: "bold #004461", # class: 'ow' - like keywords 31 | 32 | Punctuation: "bold #000000", # class: 'p' 33 | 34 | # because special names such as Name.Class, Name.Function, etc. 35 | # are not recognized as such later in the parsing, we choose them 36 | # to look the same as ordinary variables. 37 | Name: "#000000", # class: 'n' 38 | Name.Attribute: "#c4a000", # class: 'na' - to be revised 39 | Name.Builtin: "#004461", # class: 'nb' 40 | Name.Builtin.Pseudo: "#3465a4", # class: 'bp' 41 | Name.Class: "#000000", # class: 'nc' - to be revised 42 | Name.Constant: "#000000", # class: 'no' - to be revised 43 | Name.Decorator: "#888", # class: 'nd' - to be revised 44 | Name.Entity: "#ce5c00", # class: 'ni' 45 | Name.Exception: "bold #cc0000", # class: 'ne' 46 | Name.Function: "#000000", # class: 'nf' 47 | Name.Property: "#000000", # class: 'py' 48 | Name.Label: "#f57900", # class: 'nl' 49 | Name.Namespace: "#000000", # class: 'nn' - to be revised 50 | Name.Other: "#000000", # class: 'nx' 51 | Name.Tag: "bold #004461", # class: 'nt' - like a keyword 52 | Name.Variable: "#000000", # class: 'nv' - to be revised 53 | Name.Variable.Class: "#000000", # class: 'vc' - to be revised 54 | Name.Variable.Global: "#000000", # class: 'vg' - to be revised 55 | Name.Variable.Instance: "#000000", # class: 'vi' - to be revised 56 | 57 | Number: "#990000", # class: 'm' 58 | 59 | Literal: "#000000", # class: 'l' 60 | Literal.Date: "#000000", # class: 'ld' 61 | 62 | String: "#4e9a06", # class: 's' 63 | String.Backtick: "#4e9a06", # class: 'sb' 64 | String.Char: "#4e9a06", # class: 'sc' 65 | String.Doc: "italic #8f5902", # class: 'sd' - like a comment 66 | String.Double: "#4e9a06", # class: 's2' 67 | String.Escape: "#4e9a06", # class: 'se' 68 | String.Heredoc: "#4e9a06", # class: 'sh' 69 | String.Interpol: "#4e9a06", # class: 'si' 70 | String.Other: "#4e9a06", # class: 'sx' 71 | String.Regex: "#4e9a06", # class: 'sr' 72 | String.Single: "#4e9a06", # class: 's1' 73 | String.Symbol: "#4e9a06", # class: 'ss' 74 | 75 | Generic: "#000000", # class: 'g' 76 | Generic.Deleted: "#a40000", # class: 'gd' 77 | Generic.Emph: "italic #000000", # class: 'ge' 78 | Generic.Error: "#ef2929", # class: 'gr' 79 | Generic.Heading: "bold #000080", # class: 'gh' 80 | Generic.Inserted: "#00A000", # class: 'gi' 81 | Generic.Output: "#888", # class: 'go' 82 | Generic.Prompt: "#745334", # class: 'gp' 83 | Generic.Strong: "bold #000000", # class: 'gs' 84 | Generic.Subheading: "bold #800080", # class: 'gu' 85 | Generic.Traceback: "bold #a40000", # class: 'gt' 86 | } 87 | -------------------------------------------------------------------------------- /docs/workbook.rst: -------------------------------------------------------------------------------- 1 | Workbook 2 | ========= 3 | 4 | The `Lym Workbook `_ is an effort 5 | to create a small lab environment for the students to learn various commands 6 | from book. It uses `Vagrant `_ to create a new 7 | Virtual Machine (VM) on which you can practice commands, try out different 8 | solutions and solve these problem without having to worry about messing up your 9 | computer. We will slowly add more problems to it. 10 | 11 | 12 | How to use this workbook? 13 | ------------------------- 14 | 15 | Installation 16 | ~~~~~~~~~~~~ 17 | 18 | You will need latest `Vagrant `_ for this. Install 19 | Vagrant following the steps from the website. On Windows you can use VirtualBox 20 | along with Vagrant. 21 | 22 | Getting the code 23 | ~~~~~~~~~~~~~~~~ 24 | 25 | Checkout latest workbook code from github. 26 | 27 | :: 28 | 29 | git clone https://github.com/kushaldas/lymworkbook 30 | cd lymworkbook 31 | vagrant up 32 | vagrant ssh workbook 33 | 34 | 35 | 36 | The `vagrant up` command will create two vms. 37 | 38 | 39 | .. note:: In case you manged to delete some configuration inside of the VM(s), you can very easily start from scratch. 40 | `vagrant destroy` will remove both the VMs, and `vagrant up` again will get them back. You can also destroy 41 | one particular VM, `vagrant destroy workbook`. 42 | 43 | Setting up environment 44 | ~~~~~~~~~~~~~~~~~~~~~~ 45 | 46 | Each problem here has a unique "string" which can be used to setup this new 47 | machine's environment according to that problem's specification, e.g., for 48 | setting up environment for a problem with string `unicorn`, you should do: 49 | 50 | :: 51 | 52 | sudo lymsetup unicorn 53 | 54 | After running the commands and making the changes mentioned in the problem 55 | statement, you should run the following to verify that the changes are as per 56 | the problem requirements: 57 | 58 | :: 59 | 60 | sudo lymverify unicorn 61 | 62 | 63 | copy paste 64 | ----------- 65 | 66 | ID string: `copypaste` 67 | 68 | - Create a directory called `work` in your home directory. 69 | - Copy the file `/tmp/problem1/work/files/hello.txt` into this newly created 70 | directory. 71 | - Remember to remove the `/tmp/problem1/work/files/hello.txt` file afterwards. 72 | - Create a file named `/tmp/chapter1/allusers` and add all of the directory 73 | names under your home directory into that file. 74 | 75 | .. note:: To setup the problem environment, run: 76 | 77 | :: 78 | 79 | sudo lymsetup copypaste 80 | 81 | After performing the steps, verify the result using: 82 | 83 | :: 84 | 85 | sudo lymverify copypaste 86 | 87 | 88 | Find your user id 89 | ------------------ 90 | 91 | Find your user id and write it down in a file `/tmp/myuserid.txt`. 92 | 93 | 94 | Creating softlinks 95 | ------------------ 96 | 97 | To setup the problem environment: 98 | 99 | :: 100 | 101 | sudo lymsetup softlinks 102 | 103 | 104 | Create a softlink called `docs` in your home directory which will point to 105 | `/usr/share/doc/` directory. Also create another softlink called `memory` to 106 | the `/proc/meminfo` file. 107 | 108 | 109 | To verify: 110 | 111 | :: 112 | 113 | sudo lymverify softlinks 114 | 115 | 116 | Basic vim usage 117 | ------------------ 118 | 119 | To setup the problem environment: 120 | 121 | :: 122 | 123 | sudo lymsetup basicvim 124 | 125 | 126 | Read the file at `/etc/os-release` and write the value of ID_LIKE (without the 127 | double quotes) in a file at `/tmp/id_like.txt`. 128 | 129 | 130 | To verify: 131 | 132 | :: 133 | 134 | sudo lymverify basicvim 135 | 136 | 137 | 138 | Adding a new user 139 | ------------------ 140 | 141 | To setup the problem environment: 142 | 143 | :: 144 | 145 | sudo lymsetup newuser 146 | 147 | 148 | Add a new user called fatima to the system. 149 | 150 | 151 | To verify: 152 | 153 | :: 154 | 155 | sudo lymverify newuser 156 | 157 | 158 | Deleting an existing user 159 | ------------------------- 160 | 161 | To setup the problem environment, remember to add the user first from the 162 | previous problem. 163 | 164 | :: 165 | 166 | sudo lymsetup deleteuser 167 | 168 | 169 | Remove the fatima user from the system. 170 | 171 | 172 | To verify: 173 | 174 | :: 175 | 176 | sudo lymverify deleteuser 177 | 178 | 179 | Finding the IP address of dgplug.org 180 | ------------------------------------ 181 | 182 | Find the IP address of dgplug.org and save it to /tmp/ip_dgplug.txt file. 183 | 184 | To verify: 185 | 186 | :: 187 | 188 | sudo lymverify findip 189 | 190 | Change the local timezone of the system 191 | ---------------------------------------- 192 | 193 | Change the timezone of the system to the same of San Francisco, USA. 194 | 195 | To verify: 196 | 197 | :: 198 | 199 | sudo lymverify timezonechange 200 | 201 | 202 | Add sudo access to an user 203 | --------------------------- 204 | 205 | Grant administrative(sudo) privileges to an existing normal user account 206 | "lym". Remember to create the user first. 207 | 208 | 209 | To verify: 210 | 211 | :: 212 | 213 | sudo lymverify assignsudo 214 | -------------------------------------------------------------------------------- /docs/mounting.rst: -------------------------------------------------------------------------------- 1 | File system mounting 2 | ===================== 3 | 4 | In this chapter, we’ll learn how to mount file systems. If you type 5 | *mount* in the shell, it will tell you about various file systems, and 6 | how are they mounted (as a directory) in the system. 7 | 8 | 9 | .. index:: mount 10 | 11 | :: 12 | 13 | $ mount 14 | sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) 15 | proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) 16 | devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=2012852k,nr_inodes=503213,mode=755) 17 | securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) 18 | tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel) 19 | devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000) 20 | tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) 21 | tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755) 22 | cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) 23 | pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime,seclabel) 24 | cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) 25 | cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) 26 | cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) 27 | cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) 28 | cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) 29 | cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) 30 | cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) 31 | cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) 32 | cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) 33 | cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb) 34 | configfs on /sys/kernel/config type configfs (rw,relatime) 35 | /dev/vda1 on / type ext4 (rw,relatime,seclabel,data=ordered) 36 | selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) 37 | systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11175) 38 | mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel) 39 | debugfs on /sys/kernel/debug type debugfs (rw,relatime,seclabel) 40 | hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel) 41 | tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=404680k,mode=700,uid=1000,gid=1000) 42 | 43 | 44 | If you look carefully at the output above, you’ll find that 45 | */dev/vda1* is mounted as root */* in the system. This is actually the 46 | primary hard drive in this system. The device can be different based 47 | on the system. 48 | 49 | - /dev/vd* For virtual machines 50 | - /dev/sd* For physical machines 51 | 52 | The number at the end of the device name is the partition number. 53 | 54 | 55 | .. index:: NTFS 56 | 57 | Connecting USB drives to your system 58 | ------------------------------------- 59 | 60 | If you connect vfat partitioned USB drives (the normal pendrives), 61 | they will auto mount under the */run/media/username/* directory. But, 62 | for NTFS based drives, you will have to install the driver to mount 63 | those partitions. 64 | 65 | :: 66 | 67 | $ sudo dnf install ntfs-3g -y 68 | 69 | .. index:: mount 70 | 71 | Mounting a device 72 | ----------------- 73 | 74 | We can use the *mount* command to mount a file system on an existing 75 | directory. The syntax to do that is, *mount device /path/to/mount/at*. 76 | 77 | :: 78 | 79 | $ sudo mount /dev/sdb1 /mnt 80 | 81 | 82 | In the example above, we mounted */dev/sdb1* on the */mnt* directory. 83 | 84 | 85 | .. index:: umount 86 | 87 | Unmounting 88 | ----------- 89 | 90 | We use the *umount* command on a given directory to unmount the file system. 91 | 92 | Do not remove any drive from the system before unmounting them. Just to be on 93 | the safe side, you can execute the *sync* command, which will write any existing 94 | cache to the drives. That will make sure that your chances of losing data is 95 | marginal. 96 | 97 | Encrypting drives with LUKS (for only Linux) 98 | --------------------------------------------- 99 | 100 | Follow `this 101 | link `_ to 102 | learn about how to encrypt your drives with LUKS. This is a simple way 103 | to make sure that even if you loose your USB drive, the data inside 104 | can still be safe (relatively). 105 | 106 | 107 | Encrypting drives for any OS using Veracrypt 108 | --------------------------------------------- 109 | 110 | `VeraCrypt `_ is an open source volume 111 | management tool compatible with macOS, Windows, and Linux systems. 112 | 113 | Here is an `excellent guide 114 | `_ 115 | from `Freedom of the Press Foundation `_ on how to use 116 | it. 117 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # Linux command line for you and me documentation build configuration file, created by 4 | # sphinx-quickstart on Thu Jun 22 15:23:43 2017. 5 | # 6 | # This file is execfile()d with the current directory set to its 7 | # containing dir. 8 | # 9 | # Note that not all possible configuration values are present in this 10 | # autogenerated file. 11 | # 12 | # All configuration values have a default; values that are commented out 13 | # serve to show the default. 14 | 15 | # If extensions (or modules to document with autodoc) are in another directory, 16 | # add these directories to sys.path here. If the directory is relative to the 17 | # documentation root, use os.path.abspath to make it absolute, like shown here. 18 | # 19 | # import os 20 | # import sys 21 | # sys.path.insert(0, os.path.abspath('.')) 22 | import sys, os 23 | sys.path.append(os.path.abspath('_themes')) 24 | html_theme_path = ['_themes'] 25 | html_theme = 'kr' 26 | 27 | # -- General configuration ------------------------------------------------ 28 | 29 | # If your documentation needs a minimal Sphinx version, state it here. 30 | # 31 | # needs_sphinx = '1.0' 32 | 33 | # Add any Sphinx extension module names here, as strings. They can be 34 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 35 | # ones. 36 | extensions = ["sphinx.ext.todo"] 37 | 38 | # Add any paths that contain templates here, relative to this directory. 39 | templates_path = ['_templates'] 40 | 41 | # The suffix(es) of source filenames. 42 | # You can specify multiple suffix as a list of string: 43 | # 44 | # source_suffix = ['.rst', '.md'] 45 | #import recommonmark 46 | #from recommonmark.parser import CommonMarkParser 47 | #from recommonmark.transform import AutoStructify 48 | 49 | #source_parsers = { 50 | # '.md': CommonMarkParser, 51 | #} 52 | 53 | source_suffix = ['.rst', '.md'] 54 | 55 | # The master toctree document. 56 | master_doc = 'index' 57 | 58 | # General information about the project. 59 | project = u'Linux command line for you and me' 60 | copyright = u'2017-2022, Kushal Das' 61 | author = u'Kushal Das' 62 | 63 | # The version info for the project you're documenting, acts as replacement for 64 | # |version| and |release|, also used in various other places throughout the 65 | # built documents. 66 | # 67 | # The short X.Y version. 68 | version = u'0.1' 69 | # The full version, including alpha/beta/rc tags. 70 | release = u'0.1' 71 | 72 | # The language for content autogenerated by Sphinx. Refer to documentation 73 | # for a list of supported languages. 74 | # 75 | # This is also used if you do content translation via gettext catalogs. 76 | # Usually you set "language" from the command line for these cases. 77 | language = None 78 | 79 | # List of patterns, relative to source directory, that match files and 80 | # directories to ignore when looking for source files. 81 | # This patterns also effect to html_static_path and html_extra_path 82 | exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] 83 | 84 | # The name of the Pygments (syntax highlighting) style to use. 85 | pygments_style = 'sphinx' 86 | 87 | # If true, `todo` and `todoList` produce output, else they produce nothing. 88 | todo_include_todos = True 89 | 90 | 91 | # -- Options for HTML output ---------------------------------------------- 92 | 93 | # The theme to use for HTML and HTML Help pages. See the documentation for 94 | # a list of builtin themes. 95 | # 96 | 97 | # Theme options are theme-specific and customize the look and feel of a theme 98 | # further. For a list of options available for each theme, see the 99 | # documentation. 100 | # 101 | # html_theme_options = {} 102 | 103 | # Add any paths that contain custom static files (such as style sheets) here, 104 | # relative to this directory. They are copied after the builtin static files, 105 | # so a file named "default.css" will overwrite the builtin "default.css". 106 | html_static_path = ['_static'] 107 | 108 | html_sidebars = { 109 | 'index': ['sidebarintro.html', 'sourcelink.html', 'searchbox.html'], 110 | '**': ['sidebarlogo.html', 'localtoc.html', 'relations.html', 111 | 'sourcelink.html', 'searchbox.html'] 112 | } 113 | 114 | # -- Options for HTMLHelp output ------------------------------------------ 115 | 116 | # Output file base name for HTML help builder. 117 | htmlhelp_basename = 'Linuxcommandlineforyouandmedoc' 118 | 119 | 120 | # -- Options for LaTeX output --------------------------------------------- 121 | 122 | latex_elements = { 123 | # The paper size ('letterpaper' or 'a4paper'). 124 | # 125 | # 'papersize': 'letterpaper', 126 | 127 | # The font size ('10pt', '11pt' or '12pt'). 128 | # 129 | # 'pointsize': '10pt', 130 | 131 | # Additional stuff for the LaTeX preamble. 132 | # 133 | # 'preamble': '', 134 | 135 | # Latex figure (float) alignment 136 | # 137 | # 'figure_align': 'htbp', 138 | } 139 | 140 | # Grouping the document tree into LaTeX files. List of tuples 141 | # (source start file, target name, title, 142 | # author, documentclass [howto, manual, or own class]). 143 | latex_documents = [ 144 | (master_doc, 'Linuxcommandlineforyouandme.tex', u'Linux command line for you and me Documentation', 145 | u'Kushal Das', 'manual'), 146 | ] 147 | 148 | 149 | # -- Options for manual page output --------------------------------------- 150 | 151 | # One entry per manual page. List of tuples 152 | # (source start file, name, description, authors, manual section). 153 | man_pages = [ 154 | (master_doc, 'linuxcommandlineforyouandme', u'Linux command line for you and me Documentation', 155 | [author], 1) 156 | ] 157 | 158 | 159 | # -- Options for Texinfo output ------------------------------------------- 160 | 161 | # Grouping the document tree into Texinfo files. List of tuples 162 | # (source start file, target name, title, author, 163 | # dir menu entry, description, category) 164 | texinfo_documents = [ 165 | (master_doc, 'Linuxcommandlineforyouandme', u'Linux command line for you and me Documentation', 166 | author, 'Linuxcommandlineforyouandme', 'One line description of project.', 167 | 'Miscellaneous'), 168 | ] 169 | 170 | 171 | # At the bottom of conf.py 172 | #def setup(app): 173 | # app.add_config_value('recommonmark_config', { 174 | # 'enable_eval_rst': True, 175 | # 'enable_auto_doc_ref': True, 176 | # }, True) 177 | # app.add_transform(AutoStructify) 178 | 179 | -------------------------------------------------------------------------------- /docs/selinux.rst: -------------------------------------------------------------------------------- 1 | SELinux 2 | ======== 3 | 4 | 5 | .. image:: img/selinux.png 6 | 7 | 8 | Security-Enhanced Linux (SELinux) is a Linux kernel security module that 9 | provides a way to have access control security policies. This also allows a 10 | way to have Mandatory access control (MAC), according to the `Wikipedia 11 | `_: 12 | 13 | | In computer security, mandatory access control (MAC) refers to a type of 14 | | access control by which the operating system constrains the ability of a 15 | | subject or initiator to access or generally perform some sort of operation on 16 | | an object or target. 17 | 18 | The first version of SELinux was released in the year 2000 by NSA, and in 2003 19 | it became part of the stable kernel. It was introduced in the Fedora Core 2, but 20 | by default it was disabled. From Fedora Core 3 it was enabled in the system. 21 | 22 | For the rest of the chapter, you will need a Fedora/CentOS/RHEL installation. 23 | 24 | 25 | SELinux Modes 26 | -------------- 27 | 28 | There are 3 different modes. 29 | 30 | - enforcing 31 | - permissive 32 | - disabled 33 | 34 | By default your system will come with *enforcing* mode. In this mode the 35 | policies will be enforced in the system, and this should be used in every 36 | production system. In the *permissive* mode the policies will not be enforced 37 | but any denial is logged. The *disabled* mode completely disable the SELinux. 38 | 39 | .. index:: getenforce 40 | 41 | getenforce 42 | ------------ 43 | 44 | The *getenforce* command will tell you the current SELinux mode. 45 | 46 | :: 47 | 48 | $ getenforce 49 | Enforcing 50 | 51 | 52 | .. index:: setenforce 53 | 54 | 55 | setenforce 56 | ---------- 57 | 58 | Using *setenforce* command you can change the mode till the system reboots. 59 | 60 | :: 61 | 62 | # setenforce 63 | usage: setenforce [ Enforcing | Permissive | 1 | 0 ] 64 | # setenforce Permissive 65 | # getenforce 66 | Permissive 67 | # setenforce 1 68 | # getenforce 69 | Enforcing 70 | 71 | 72 | .. warning:: Never disable SELinux on production systems, if required you can put them into permissive mode, 73 | so that you can get the denial logs, and create proper policies from those logs. Also 74 | check `this website `_ before further reading. 75 | 76 | To change the label permanently, we modify the */etc/selinux/config* file. 77 | 78 | :: 79 | 80 | $ sudo cat /etc/selinux/config 81 | 82 | # This file controls the state of SELinux on the system. 83 | # SELINUX= can take one of these three values: 84 | # enforcing - SELinux security policy is enforced. 85 | # permissive - SELinux prints warnings instead of enforcing. 86 | # disabled - No SELinux policy is loaded. 87 | SELINUX=enforcing 88 | # SELINUXTYPE= can take one of these three values: 89 | # targeted - Targeted processes are protected, 90 | # minimum - Modification of targeted policy. Only selected processes are protected. 91 | # mls - Multi Level Security protection. 92 | SELINUXTYPE=targeted 93 | 94 | Change the value of *SELINUX* in the above mention file and then reboot the system to verify 95 | the change. 96 | 97 | 98 | Labels/Contexts 99 | ---------------- 100 | 101 | Every process and object in the system has a corresponding label or context. This label defines which 102 | all processes can access which all objects. They have the following format: 103 | 104 | :: 105 | 106 | user:role:type:range 107 | 108 | 109 | The Fedora and other distributions use the `type` to define access control, the *range* is optional. 110 | 111 | Checking contexts of files/directories or processes 112 | ---------------------------------------------------- 113 | 114 | You can use the *-Z* flag along with standard *ls* or *ps* command to see the SELinux context. 115 | 116 | For example if you execute **ls -lZ** in your home directory. 117 | 118 | :: 119 | 120 | $ ls -lZ 121 | total 0 122 | drwxr-xr-x. 11 vagrant vagrant unconfined_u:object_r:user_home_t:s0 222 Mar 21 05:38 lymworkbook 123 | drwxrwxr-x. 3 vagrant vagrant unconfined_u:object_r:user_home_t:s0 21 Mar 29 11:55 Video 124 | 125 | You can see the *unconfined_u:object_r:user_home_t:s0* and if you execute the 126 | same command against */tmp* then you will see the following: 127 | 128 | :: 129 | 130 | $ ls -lZ /tmp 131 | total 4 132 | -rw-rw-r--. 1 vagrant vagrant unconfined_u:object_r:user_tmp_t:s0 0 Apr 2 03:18 example.txt 133 | drwx------. 3 root root system_u:object_r:tmp_t:s0 17 Mar 29 16:59 systemd-private-2aad7f8cd577426094e46ae7f4da1426-chronyd.service-gFq0Yn 134 | -rwx--x--x. 1 vagrant vagrant unconfined_u:object_r:user_tmp_t:s0 205 Mar 21 05:17 vagrant-shell 135 | 136 | The type context for temporary directory is *tmp_t* and when the user created 137 | those files under */tmp*, the context is *user_tmp_t*, for the user home 138 | directory it is *user_home_t*. The labels get matched against defined SELinux 139 | rules. The file's label stays in the extended attribute in the file system. 140 | 141 | Now, let us execute the *ps* command with the *Z* flag. 142 | 143 | :: 144 | 145 | $ ps auZ 146 | LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 147 | system_u:system_r:getty_t:s0-s0:c0.c1023 root 776 0.0 0.3 15668 1812 ttyS0 Ss+ Mar29 0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 148 | system_u:system_r:getty_t:s0-s0:c0.c1023 root 777 0.0 0.3 13100 1696 tty1 Ss+ Mar29 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux 149 | unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 vagrant 5373 0.0 0.8 27192 4308 pts/0 Ss Mar31 0:00 -bash 150 | unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 vagrant 29048 0.0 0.7 57184 3824 pts/0 R+ 03:21 0:00 ps auZ 151 | 152 | 153 | Here you can see how different processes have different kind of *type* 154 | contexts. All *type* contexts generally ends with **_t**. 155 | 156 | 157 | SELinux booleans 158 | ---------------- 159 | 160 | SELinux booleans are the rules which can be turned on or off. You can see all values (or a specific one) by using 161 | *getsebool* command. 162 | 163 | 164 | :: 165 | 166 | $ getsebool -a 167 | abrt_anon_write --> off 168 | abrt_handle_event --> off 169 | abrt_upload_watch_anon_write --> on 170 | antivirus_can_scan_system --> off 171 | antivirus_use_jit --> off 172 | auditadm_exec_content --> on 173 | authlogin_nsswitch_use_ldap --> off 174 | authlogin_radius --> off 175 | authlogin_yubikey --> off 176 | awstats_purge_apache_log_files --> off 177 | boinc_execmem --> on 178 | cdrecord_read_content --> off 179 | cluster_can_network_connect --> off 180 | ... 181 | 182 | 183 | -------------------------------------------------------------------------------- /docs/files.rst: -------------------------------------------------------------------------------- 1 | File permissions 2 | ================= 3 | 4 | 5 | .. index:: File permission 6 | 7 | Linux follows long Unix history, and has the same kinds of permission and 8 | ownership of files and directories. In this chapter, we will learn in detail 9 | about the same. 10 | 11 | Let us look at the output of *ls -l* command. 12 | 13 | :: 14 | 15 | $ ls -l 16 | total 24 17 | drwxrwxr-x. 2 fedora fedora 4096 Jun 24 08:00 dir1 18 | -rw-rw-r--. 1 fedora fedora 174 Jun 23 13:26 files.tar.bz2 19 | -rw-rw-r--. 1 fedora fedora 164 Jun 23 13:20 files.tar.gz 20 | -rw-rw-r--. 1 fedora fedora 19 Jun 23 14:14 hello.txt 21 | lrwxrwxrwx. 1 fedora fedora 13 Jun 23 12:32 name -> /etc/hostname 22 | 23 | 24 | The first column contains the permission details of each file and directory. The 25 | permissions are displayed using groups of three values, *r* for read access, 26 | *w* for write access, and *x* for execute access. These 3 values are mentioned 27 | for owner, group, and other user accounts. The first - can be *d* for 28 | directories or *l* for links. 29 | 30 | There’s another way to calculate the same file permissions, using numbers. 31 | 32 | 33 | +----------+-----+ 34 | | Read | 4 | 35 | +----------+-----+ 36 | | Write | 2 | 37 | +----------+-----+ 38 | | Execute | 1 | 39 | +----------+-----+ 40 | 41 | This means, if you want to give read and write access only to the owner and 42 | group, you mention it like this "660", where the first digit is for the owner, 43 | second digit is for the group, and the third digit is for the other users. We 44 | can use this format along with the *chmod* command to change permissions of any 45 | file or directory. 46 | 47 | 48 | .. index:: chmod 49 | 50 | chmod command 51 | -------------- 52 | 53 | *chmod* is the command which changes the file mode bits. Through chmod command 54 | one can alter the access permissions (i.e to permissions to read, write and 55 | execute) to file system objects (i.e files and directories). If we look at the 56 | command closely chmod is the abbreviation of change mode. A few examples are 57 | given below. 58 | 59 | :: 60 | 61 | $ echo "hello" > myfile.txt 62 | $ cat myfile.txt 63 | hello 64 | $ ls -l myfile.txt 65 | -rw-rw-r--. 1 fedora fedora 6 Jun 25 03:42 myfile.txt 66 | $ chmod 000 myfile.txt 67 | $ ls -l myfile.txt 68 | ----------. 1 fedora fedora 6 Jun 25 03:42 myfile.txt 69 | $ cat myfile.txt 70 | cat: myfile.txt: Permission denied 71 | $ chmod 600 myfile.txt 72 | $ ls -l myfile.txt 73 | -rw-------. 1 fedora fedora 6 Jun 25 03:42 myfile.txt 74 | $ cat myfile.txt 75 | hello 76 | 77 | In the first line, we created a new file called *myfile.txt* using the *echo* 78 | command (we redirected the output of echo into the file). Using the *chmod 79 | 000 myfile.txt* command, we removed the read/write permissions of the file, and 80 | as you can see in the next line, even the owner of the file cannot read it. 81 | Setting the mode to *600* brings back read/write capability to the owner of that 82 | particular file. 83 | 84 | The executable permission bit is required for directory access, and also for any 85 | file you want to execute. 86 | 87 | 88 | .. index:: PATH 89 | 90 | PATH variable 91 | -------------- 92 | 93 | The PATH is a shell variable. 94 | When we type a command in the bash shell, it searches for the command in the directories 95 | mentioned in the succeeding/sequential order, in the PATH variable. We can see the current 96 | `PATH` value using the echo command. 97 | 98 | :: 99 | 100 | $ echo $PATH 101 | /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/fedora/.local/bin:/home/fedora/bin 102 | 103 | 104 | 105 | The different directories are separated by `:`. To a search a particular command the shell will search in the following sequential order - 106 | 107 | - `/usr/local/bin` 108 | - `/usr/bin` 109 | - `/usr/local/sbin` 110 | - `/usr/sbin` 111 | - `/home/fedora/.local/bin` 112 | - `/home/fedora/bin` 113 | 114 | You can see the /home/fedora/bin directory is mentioned in the path. This means if we have that directory, and an executable file is in there, we can use it as a normal command in our shell. We will see an example of this, later in the book. 115 | 116 | .. index:: bash_profile 117 | 118 | 119 | ~/.bash_profile file 120 | ---------------------- 121 | 122 | `~/.bash_profile` is the configuration file for bash for the users who are allowed to login (via GUI or via ssh). 123 | On Fedora systems this file also read configuration from the `~/.bashrc` file. 124 | 125 | :: 126 | 127 | # Get the aliases and functions 128 | if [ -f ~/.bashrc ]; then 129 | . ~/.bashrc 130 | fi 131 | 132 | 133 | One can set environment variables, update **$PATH** or any other important 134 | variables, or commands to execute after login using this file. But, remember to 135 | relogin or source the file (`source ~/.bash_profile`) after making the change. 136 | 137 | .. index:: bashrc 138 | 139 | .bashrc file 140 | ------------ 141 | 142 | The *~/.bashrc* is a special configuration file for your bash terminal used for 143 | the users who can not login via the standard methods. These accounts will have 144 | *nologin* marked in the `/etc/passwd` file. For example: 145 | 146 | :: 147 | 148 | mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 149 | operator:x:11:0:operator:/root:/sbin/nologin 150 | games:x:12:100:games:/usr/games:/sbin/nologin 151 | ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 152 | 153 | You can define or delete or update environment variables and add commands to 154 | execute when a new interactive shell opens up for the users who can not login. 155 | 156 | For example, if want to add a new directory path to the **PATH** variable, then 157 | we can add the following line at the end of the *~/.bashrc* file. 158 | 159 | :: 160 | 161 | export PATH=/mnt/myproject/bin:$PATH 162 | 163 | After modifying the `.bashrc` file you will have to source it, or open a new tab in your terminal 164 | to see the change. 165 | 166 | 167 | .. important:: To know more, read the man page of *bash* command. 168 | 169 | 170 | .. index:: /etc/profile 171 | 172 | /etc/profile file 173 | ------------------ 174 | 175 | This file is used to configure whenever a new login shell is created. This 176 | configures system wide, means if you add any variable here, that will be 177 | available for all users who can login to the system. 178 | 179 | .. index:: which 180 | 181 | which command 182 | -------------- 183 | 184 | We use the *which* command, to find the exact path of the executable being used 185 | by a command in our shell. 186 | 187 | :: 188 | 189 | $ which chmod 190 | /usr/bin/chmod 191 | $ which tree 192 | /usr/bin/which: no tree in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/fedora/.local/bin:/home/fedora/bin) 193 | 194 | The second example shows the output in case the *which* command cannot find the 195 | executable mentioned. 196 | 197 | .. index:: which & $PATH 198 | 199 | Use *which* command to see how $PATH variable works 200 | ---------------------------------------------------- 201 | 202 | :: 203 | 204 | $ asakj 205 | bash: asakj: command not found... 206 | 207 | $ which asakj 208 | /usr/bin/which: no asakj in (/home/adas/.local/bin:/home/adas/bin:/home/adas/.cargo/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin) 209 | 210 | There is no command as *asakj*. The shell searched for *asakj* in the directory as designated under the $PATH varible in the .bashrc file and not found it - `bash: asakj: command not found...` 211 | Then with the *which* command we can actually see how does that search work. 212 | 213 | 214 | she-bang or sha-bang in executable files 215 | ----------------------------------------- 216 | 217 | she-bang or sha-bang is the first line in scripts; which starts with *#!* and 218 | then the path of the interpreter to be used for the rest of the file. We will 219 | create a simple bash hello world script using the same, and then execute it. 220 | 221 | .. figure:: img/she-bang.png 222 | :width: 600px 223 | :align: center 224 | 225 | :: 226 | 227 | $ vim hello.sh 228 | $ chmod +x hello.sh 229 | $ ./hello.sh 230 | Hello World! 231 | -------------------------------------------------------------------------------- /docs/users.rst: -------------------------------------------------------------------------------- 1 | Users and Groups 2 | ================= 3 | 4 | In this chapter we’ll learn about user and group management on your system, and 5 | also about basic access control. 6 | 7 | In Linux everything is associated to an user and a group. Based on these values, 8 | the system figures out, who can access what part of the system. That includes 9 | files, directories, network ports etc. 10 | 11 | Finding the owner of file 12 | ------------------------- 13 | 14 | We use the **ls -l** command to find the owner, and group of a file or directory. 15 | 16 | .. figure:: img/lsl.png 17 | 18 | In the above example, fedora is the name of the owner and group both. The first 19 | value talks about who can access this file (we will learn about this in a 20 | while.) 21 | 22 | /etc/passwd file 23 | ----------------- 24 | 25 | */etc/passwd* contains all the users available in the system. This is a plain 26 | text file (this means you can view the information by using *cat* command.) 27 | 28 | :: 29 | 30 | $ cat /etc/passwd 31 | root:x:0:0:root:/root:/bin/bash 32 | bin:x:1:1:bin:/bin:/sbin/nologin 33 | daemon:x:2:2:daemon:/sbin:/sbin/nologin 34 | adm:x:3:4:adm:/var/adm:/sbin/nologin 35 | lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 36 | sync:x:5:0:sync:/sbin:/bin/sync 37 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 38 | halt:x:7:0:halt:/sbin:/sbin/halt 39 | mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 40 | operator:x:11:0:operator:/root:/sbin/nologin 41 | games:x:12:100:games:/usr/games:/sbin/nologin 42 | ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 43 | nobody:x:99:99:Nobody:/:/sbin/nologin 44 | systemd-timesync:x:999:998:systemd Time Synchronization:/:/sbin/nologin 45 | systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin 46 | systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin 47 | dbus:x:81:81:System message bus:/:/sbin/nologin 48 | sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 49 | chrony:x:998:995::/var/lib/chrony:/sbin/nologin 50 | systemd-coredump:x:994:994:systemd Core Dumper:/:/sbin/nologin 51 | fedora:x:1000:1000:Fedora:/home/fedora:/bin/bash 52 | polkitd:x:993:993:User for polkitd:/:/sbin/nologin 53 | tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin 54 | 55 | 56 | Each line has seven entries separated by *:*. 57 | 58 | :: 59 | 60 | username:password:uid:gid:gecos:/home/dirname:shell 61 | 62 | +---------------+---------------------------------+ 63 | | FIELD | MEANING | 64 | +===============+=================================+ 65 | | username | the username | 66 | +---------------+---------------------------------+ 67 | | password | the password of the user | 68 | +---------------+---------------------------------+ 69 | | uid | Numeric user id | 70 | +---------------+---------------------------------+ 71 | | gid | Numeric group id of user | 72 | +---------------+---------------------------------+ 73 | | gecos | arbitary field | 74 | +---------------+---------------------------------+ 75 | | /home/dirname | Home directory of the user | 76 | +---------------+---------------------------------+ 77 | | shell | Which shell to use for the user | 78 | +--------------+----------------------------------+ 79 | 80 | You’ll see accounts with */sbin/nologin* as their shell. These are generally 81 | accounts for various services, which are not supposed to be used by a normal 82 | human user; (which is why, no shell is needed.) 83 | 84 | The actual user passwords are stored in an encrypted form in */etc/shadow* 85 | file, with only the root user having access to this file. 86 | 87 | :: 88 | 89 | $ ls -l /etc/shadow 90 | ----------. 1 root root 2213 Jun 22 15:20 /etc/shadow 91 | 92 | If you want to know more about the current user, use the `id` command. 93 | 94 | .. index:: id 95 | 96 | :: 97 | 98 | $ id 99 | uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 100 | 101 | 102 | 103 | Details about groups 104 | ---------------------- 105 | 106 | Group details are stored inside the */etc/group* file. 107 | Each user has one primary group, and zero or more supplementary groups. 108 | 109 | wheel group 110 | ------------ 111 | 112 | If your user is part of the *wheel* group, then it has sudo access. If you 113 | remember the Fedora Installer, it actually gives you the option to mark a new 114 | user to be part of the wheel group during installation. 115 | 116 | 117 | .. index:: sudo 118 | 119 | Becoming superuser 120 | ------------------- 121 | 122 | Have you noticed the silent command **sudo** in front of many commands in the 123 | lab before? We use that **sudo** command to become *root* user temporarily. The 124 | *root* user is also known as the superuser of the system, it has all the access power 125 | to change anything on the system. It is the administrator account of any Linux system. 126 | 127 | Try the following command. 128 | 129 | :: 130 | 131 | $ sudo id 132 | 133 | Now, you will find the *id** command worked as root instead of your regular user. 134 | 135 | If you want to become *root* user for more than one command, then use the following 136 | command, and provide the *root* password to the input. 137 | 138 | :: 139 | 140 | $ su - 141 | 142 | 143 | .. important:: To be able to use **sudo** command, you must have your user mentioned 144 | in the `/etc/sudoers` file. The best way to edit the file is to use **visudo** command 145 | as root user. 146 | 147 | 148 | .. important:: Read the man pages of `su` and `sudo` command. 149 | 150 | 151 | .. index:: useradd 152 | 153 | Adding a new user 154 | ------------------ 155 | 156 | The **useradd** command adds a new user to the system. As you can well guess, 157 | this command has to execute as root, otherwise anyone can add random user 158 | accounts in the system. The following command adds a new user *babai* to the 159 | system. 160 | 161 | :: 162 | 163 | $ sudo useradd babai 164 | 165 | 166 | In Fedora, the initial user you create gets the uid 1000. 167 | 168 | 169 | .. index:: passwd 170 | 171 | Changing user passwords 172 | ------------------------ 173 | 174 | The **passwd** command helps to change any user password. 175 | 176 | :: 177 | 178 | $ sudo passwd babai 179 | Changing password for user babai. 180 | New password: 181 | Retype new password: 182 | passwd: all authentication tokens updated successfully. 183 | 184 | 185 | .. index:: usermod 186 | 187 | Modifying existing user details 188 | ------------------------------- 189 | 190 | The **usermod** command can help to modify an existing user. 191 | You can use the same command to lock user account in the system. 192 | 193 | :: 194 | 195 | $ sudo usermod -L babai 196 | $ su - babai 197 | Password: 198 | su: Authentication failure 199 | $ sudo usermod -U babai 200 | 201 | 202 | The last command in the above example unlocks the user account. 203 | 204 | .. index:: userdel 205 | 206 | Deleting a user 207 | ---------------- 208 | 209 | We use the **userdel** command to delete a user from the system. 210 | 211 | 212 | .. index:: groupadd 213 | 214 | Adding a new group 215 | ------------------- 216 | 217 | 218 | The **groupadd** command adds a new group. You can also pass the group id as 219 | an option. In the following example we are adding a new group called *firejumpers*. 220 | 221 | :: 222 | 223 | $ sudo groupadd -g 4001 firejumpers 224 | 225 | 226 | .. index:: usermod 227 | 228 | Adding new group to an user 229 | ---------------------------- 230 | 231 | We can use **usermod** command to add any extra group to any of our system user. 232 | In the following example, we are adding *firejumpers* group to our vagrant user. 233 | 234 | :: 235 | 236 | $ sudo usermod -aG firejumpers vagrant 237 | 238 | 239 | .. important:: It is important to use **-a** flag to the `usermod` command. Without the **-a** flag `usermod` command will delete all the existing groups of the user. With `usermod -a` we append the user to the supplemental groups. And **-G** flag specifies the new list of supplementary GROUPS. Therefore with `usermond -aG` we append the new list of supplementary groups to the user's existing group/groups. 240 | -------------------------------------------------------------------------------- /docs/_themes/kr/static/flasky.css_t: -------------------------------------------------------------------------------- 1 | /* 2 | * flasky.css_t 3 | * ~~~~~~~~~~~~ 4 | * 5 | * :copyright: Copyright 2010 by Armin Ronacher. Modifications by Kenneth Reitz. 6 | * :license: Flask Design License, see LICENSE for details. 7 | */ 8 | 9 | {% set page_width = '940px' %} 10 | {% set sidebar_width = '220px' %} 11 | 12 | @import url("basic.css"); 13 | 14 | /* -- page layout ----------------------------------------------------------- */ 15 | 16 | body { 17 | font-family: 'goudy old style', 'minion pro', 'bell mt', Georgia, 'Hiragino Mincho Pro'; 18 | font-size: 17px; 19 | background-color: white; 20 | color: #000; 21 | margin: 0; 22 | padding: 0; 23 | } 24 | 25 | div.document { 26 | width: {{ page_width }}; 27 | margin: 30px auto 0 auto; 28 | } 29 | 30 | div.documentwrapper { 31 | float: left; 32 | width: 100%; 33 | } 34 | 35 | div.bodywrapper { 36 | margin: 0 0 0 {{ sidebar_width }}; 37 | } 38 | 39 | div.sphinxsidebar { 40 | width: {{ sidebar_width }}; 41 | } 42 | 43 | hr { 44 | border: 1px solid #B1B4B6; 45 | } 46 | 47 | div.body { 48 | background-color: #ffffff; 49 | color: #3E4349; 50 | padding: 0 30px 0 30px; 51 | } 52 | 53 | img.floatingflask { 54 | padding: 0 0 10px 10px; 55 | float: right; 56 | } 57 | 58 | div.footer { 59 | width: {{ page_width }}; 60 | margin: 20px auto 30px auto; 61 | font-size: 14px; 62 | color: #888; 63 | text-align: right; 64 | } 65 | 66 | div.footer a { 67 | color: #888; 68 | } 69 | 70 | div.related { 71 | display: none; 72 | } 73 | 74 | div.sphinxsidebar a { 75 | color: #444; 76 | text-decoration: none; 77 | border-bottom: 1px dotted #999; 78 | } 79 | 80 | div.sphinxsidebar a:hover { 81 | border-bottom: 1px solid #999; 82 | } 83 | 84 | div.sphinxsidebar { 85 | font-size: 14px; 86 | line-height: 1.5; 87 | } 88 | 89 | div.sphinxsidebarwrapper { 90 | padding: 18px 10px; 91 | } 92 | 93 | div.sphinxsidebarwrapper p.logo { 94 | padding: 0; 95 | margin: -10px 0 0 -20px; 96 | text-align: center; 97 | } 98 | 99 | div.sphinxsidebar h3, 100 | div.sphinxsidebar h4 { 101 | font-family: 'Garamond', 'Georgia', serif; 102 | color: #444; 103 | font-size: 24px; 104 | font-weight: normal; 105 | margin: 0 0 5px 0; 106 | padding: 0; 107 | } 108 | 109 | div.sphinxsidebar h4 { 110 | font-size: 20px; 111 | } 112 | 113 | div.sphinxsidebar h3 a { 114 | color: #444; 115 | } 116 | 117 | div.sphinxsidebar p.logo a, 118 | div.sphinxsidebar h3 a, 119 | div.sphinxsidebar p.logo a:hover, 120 | div.sphinxsidebar h3 a:hover { 121 | border: none; 122 | } 123 | 124 | div.sphinxsidebar p { 125 | color: #555; 126 | margin: 10px 0; 127 | } 128 | 129 | div.sphinxsidebar ul { 130 | margin: 10px 0; 131 | padding: 0; 132 | color: #000; 133 | } 134 | 135 | div.sphinxsidebar input { 136 | border: 1px solid #ccc; 137 | font-family: 'Georgia', serif; 138 | font-size: 1em; 139 | } 140 | 141 | /* -- body styles ----------------------------------------------------------- */ 142 | 143 | a { 144 | color: #004B6B; 145 | text-decoration: underline; 146 | } 147 | 148 | a:hover { 149 | color: #6D4100; 150 | text-decoration: underline; 151 | } 152 | 153 | div.body h1, 154 | div.body h2, 155 | div.body h3, 156 | div.body h4, 157 | div.body h5, 158 | div.body h6 { 159 | font-family: 'Garamond', 'Georgia', serif; 160 | font-weight: normal; 161 | margin: 30px 0px 10px 0px; 162 | padding: 0; 163 | } 164 | 165 | div.body h1 { margin-top: 0; padding-top: 0; font-size: 240%; } 166 | div.body h2 { font-size: 180%; } 167 | div.body h3 { font-size: 150%; } 168 | div.body h4 { font-size: 130%; } 169 | div.body h5 { font-size: 100%; } 170 | div.body h6 { font-size: 100%; } 171 | 172 | a.headerlink { 173 | color: #ddd; 174 | padding: 0 4px; 175 | text-decoration: none; 176 | } 177 | 178 | a.headerlink:hover { 179 | color: #444; 180 | background: #eaeaea; 181 | } 182 | 183 | div.body p, div.body dd, div.body li { 184 | line-height: 1.4em; 185 | } 186 | 187 | div.admonition { 188 | background: #fafafa; 189 | margin: 20px -30px; 190 | padding: 10px 30px; 191 | border-top: 1px solid #ccc; 192 | border-bottom: 1px solid #ccc; 193 | } 194 | 195 | div.admonition tt.xref, div.admonition a tt { 196 | border-bottom: 1px solid #fafafa; 197 | } 198 | 199 | dd div.admonition { 200 | margin-left: -60px; 201 | padding-left: 60px; 202 | } 203 | 204 | div.admonition p.admonition-title { 205 | font-family: 'Garamond', 'Georgia', serif; 206 | font-weight: normal; 207 | font-size: 24px; 208 | margin: 0 0 10px 0; 209 | padding: 0; 210 | line-height: 1; 211 | } 212 | 213 | div.admonition p.last { 214 | margin-bottom: 0; 215 | } 216 | 217 | div.highlight { 218 | background-color: white; 219 | } 220 | 221 | dt:target, .highlight { 222 | background: #FAF3E8; 223 | } 224 | 225 | div.note { 226 | background-color: #eee; 227 | border: 1px solid #ccc; 228 | } 229 | 230 | div.seealso { 231 | background-color: #ffc; 232 | border: 1px solid #ff6; 233 | } 234 | 235 | div.topic { 236 | background-color: #eee; 237 | } 238 | 239 | p.admonition-title { 240 | display: inline; 241 | } 242 | 243 | p.admonition-title:after { 244 | content: ":"; 245 | } 246 | 247 | pre, tt { 248 | font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace; 249 | font-size: 0.9em; 250 | } 251 | 252 | img.screenshot { 253 | } 254 | 255 | tt.descname, tt.descclassname { 256 | font-size: 0.95em; 257 | } 258 | 259 | tt.descname { 260 | padding-right: 0.08em; 261 | } 262 | 263 | img.screenshot { 264 | -moz-box-shadow: 2px 2px 4px #eee; 265 | -webkit-box-shadow: 2px 2px 4px #eee; 266 | box-shadow: 2px 2px 4px #eee; 267 | } 268 | 269 | table.docutils { 270 | border: 1px solid #888; 271 | -moz-box-shadow: 2px 2px 4px #eee; 272 | -webkit-box-shadow: 2px 2px 4px #eee; 273 | box-shadow: 2px 2px 4px #eee; 274 | } 275 | 276 | table.docutils td, table.docutils th { 277 | border: 1px solid #888; 278 | padding: 0.25em 0.7em; 279 | } 280 | 281 | table.field-list, table.footnote { 282 | border: none; 283 | -moz-box-shadow: none; 284 | -webkit-box-shadow: none; 285 | box-shadow: none; 286 | } 287 | 288 | table.footnote { 289 | margin: 15px 0; 290 | width: 100%; 291 | border: 1px solid #eee; 292 | background: #fdfdfd; 293 | font-size: 0.9em; 294 | } 295 | 296 | table.footnote + table.footnote { 297 | margin-top: -15px; 298 | border-top: none; 299 | } 300 | 301 | table.field-list th { 302 | padding: 0 0.8em 0 0; 303 | } 304 | 305 | table.field-list td { 306 | padding: 0; 307 | } 308 | 309 | table.footnote td.label { 310 | width: 0px; 311 | padding: 0.3em 0 0.3em 0.5em; 312 | } 313 | 314 | table.footnote td { 315 | padding: 0.3em 0.5em; 316 | } 317 | 318 | dl { 319 | margin: 0; 320 | padding: 0; 321 | } 322 | 323 | dl dd { 324 | margin-left: 30px; 325 | } 326 | 327 | blockquote { 328 | margin: 0 0 0 30px; 329 | padding: 0; 330 | } 331 | 332 | ul, ol { 333 | margin: 10px 0 10px 30px; 334 | padding: 0; 335 | } 336 | 337 | pre { 338 | background: #eee; 339 | padding: 7px 30px; 340 | margin: 15px -30px; 341 | line-height: 1.3em; 342 | } 343 | 344 | dl pre, blockquote pre, li pre { 345 | margin-left: -60px; 346 | padding-left: 60px; 347 | } 348 | 349 | dl dl pre { 350 | margin-left: -90px; 351 | padding-left: 90px; 352 | } 353 | 354 | tt { 355 | background-color: #ecf0f3; 356 | color: #222; 357 | /* padding: 1px 2px; */ 358 | } 359 | 360 | tt.xref, a tt { 361 | background-color: #FBFBFB; 362 | border-bottom: 1px solid white; 363 | } 364 | 365 | a.reference { 366 | text-decoration: none; 367 | border-bottom: 1px dotted #004B6B; 368 | } 369 | 370 | a.reference:hover { 371 | border-bottom: 1px solid #6D4100; 372 | } 373 | 374 | a.footnote-reference { 375 | text-decoration: none; 376 | font-size: 0.7em; 377 | vertical-align: top; 378 | border-bottom: 1px dotted #004B6B; 379 | } 380 | 381 | a.footnote-reference:hover { 382 | border-bottom: 1px solid #6D4100; 383 | } 384 | 385 | a:hover tt { 386 | background: #EEE; 387 | } 388 | 389 | 390 | @media screen and (max-width: 600px) { 391 | 392 | div.sphinxsidebar { 393 | display: none; 394 | } 395 | 396 | div.document { 397 | width: 100%; 398 | 399 | } 400 | 401 | div.documentwrapper { 402 | margin-left: 0; 403 | margin-top: 0; 404 | margin-right: 0; 405 | margin-bottom: 0; 406 | } 407 | 408 | div.bodywrapper { 409 | margin-top: 0; 410 | margin-right: 0; 411 | margin-bottom: 0; 412 | margin-left: 0; 413 | } 414 | 415 | ul { 416 | margin-left: 0; 417 | } 418 | 419 | .document { 420 | width: auto; 421 | } 422 | 423 | .footer { 424 | width: auto; 425 | } 426 | 427 | .bodywrapper { 428 | margin: 0; 429 | } 430 | 431 | .footer { 432 | width: auto; 433 | } 434 | 435 | .github { 436 | display: none; 437 | } 438 | 439 | } 440 | 441 | /* misc. */ 442 | 443 | .revsys-inline { 444 | display: none!important; 445 | } -------------------------------------------------------------------------------- /docs/useful.rst: -------------------------------------------------------------------------------- 1 | Useful commands 2 | ================ 3 | 4 | In this chapter, we will learn about a few more commands which we may have to 5 | use in daily life. 6 | 7 | Creating soft link to a file 8 | ----------------------------- 9 | 10 | Soft link or symbolic links are a special kind of file, which 11 | actually point to some other file using either related or absolute 12 | paths. We can create soft links using **ln -s** command. 13 | 14 | :: 15 | 16 | $ ln -s /etc/hostname name 17 | $ ls -l 18 | total 12 19 | -rw-rw-r--. 1 fedora fedora 13 Jun 23 11:14 hello.txt 20 | lrwxrwxrwx. 1 fedora fedora 13 Jun 23 12:32 name -> /etc/hostname 21 | $ cat name 22 | kushal-test.novalocal 23 | 24 | In the above example, we created a soft link called *name* to the 25 | */etc/hostname* file. You can see details about the soft link 26 | files by using the **ls -l** command. You can create links to any 27 | directory in the same way. 28 | 29 | If you remove the original file the soft link is pointing to, then the soft link 30 | will become useless, because it’ll point to a file that does not exist. Soft 31 | links can also point to file which is in a different file system. 32 | 33 | Creating hard links 34 | -------------------- 35 | 36 | :: 37 | 38 | $ echo "Hello World!" > hello.txt 39 | $ ln hello.txt bye.txt 40 | $ ls -l 41 | total 16 42 | -rw-rw-r--. 2 fedora fedora 13 Jun 23 11:14 bye.txt 43 | -rw-rw-r--. 2 fedora fedora 13 Jun 23 11:14 hello.txt 44 | lrwxrwxrwx. 1 fedora fedora 13 Jun 23 12:32 name -> /etc/hostname 45 | $ cat hello.txt 46 | Hello World! 47 | $ cat bye.txt 48 | Hello World! 49 | $ echo "1234" > hello.txt 50 | $ cat bye.txt 51 | 1234 52 | $ cat hello.txt 53 | 1234 54 | $ rm hello.txt 55 | $ cat bye.txt 56 | 1234 57 | $ ls -l 58 | total 12 59 | -rw-rw-r--. 1 fedora fedora 5 Jun 23 12:39 bye.txt 60 | lrwxrwxrwx. 1 fedora fedora 13 Jun 23 12:32 name -> /etc/hostname 61 | 62 | 63 | If you look carefully, at the above example, we’ve created a hard link 64 | using the **ln** command. When we made a change to the original 65 | *hello.txt* file, that is also reflected in the *bye.txt* file. 66 | 67 | But, because *bye.txt* is a hard link, even if I delete the 68 | *hello.txt*, the hard link still exists, and also has the original 69 | content. 70 | 71 | 72 | .. index:: tar 73 | 74 | Extracting a tar file 75 | ---------------------- 76 | 77 | **tar** is a tool to create and extract archive files. Many times we will have 78 | to download and then extract tar files in our regular day to day work. 79 | 80 | :: 81 | 82 | $ tar -xzvf files.tar.gz 83 | hello.c 84 | bye.txt 85 | 86 | 87 | *files.tar.gz* file is compressed with gzip, if the file name ends 88 | *with .tar.bz2*, then it is compressed with bzip2. 89 | 90 | :: 91 | 92 | $ tar -xjvf files.tar.bz2 93 | hello.c 94 | bye.txt 95 | 96 | Creating a tar file 97 | ---------------------- 98 | 99 | We can use the same **tar** command to create a tar file. 100 | 101 | :: 102 | 103 | $ tar -czvf files.tar.gz hello.c bye.txt 104 | hello.c 105 | bye.txt 106 | $ ls 107 | bye.txt files.tar.gz hello.c 108 | 109 | 110 | 111 | 112 | .. index:: vim 113 | 114 | Vim editor 115 | ----------- 116 | 117 | Text editors are tools to edit files. This could be a configuration 118 | file, or source code, or an email, or any other kind of text file. 119 | Which editor to use, is generally a personal choice, and a lot of good 120 | energy has been wasted in the telling of which one, is the one, true best editor. In 121 | this book we will just learn about **Vim** editor. It’s also known as 122 | *vi improved* editor. In the Fedora Linux distribution, the *vi* 123 | command is actually an alias to **vim** itself. 124 | 125 | If we just type vim, and press enter, we will see the following 126 | screen. 127 | 128 | .. figure:: img/vim1.png 129 | 130 | :q to exit vim 131 | --------------- 132 | 133 | Press Escape and then type *:q* to exit vim. 134 | 135 | .. figure:: img/vim2.png 136 | 137 | Open a new file or edit an existing file 138 | ----------------------------------------- 139 | 140 | *vim filename* is the command to open an existing file. If the file does not exist, 141 | it will open a new, empty file for editing. 142 | 143 | Different modes of vim 144 | ----------------------- 145 | 146 | Vim editor starts off in command mode. Every time you open a file, 147 | this is the default mode of the editor. You can press the *Escape* key 148 | in any other mode to come back to command mode. 149 | 150 | You press *i* to go into insert mode; we edit documents in the 151 | insert mode. If you press *Escape*, you will return to 152 | command mode. 153 | 154 | .. figure:: img/vim3.png 155 | 156 | :w to save a file 157 | ------------------ 158 | 159 | In command mode, typing *:w* saves a file. 160 | If you want to save and quit the editor, then type either *:wq* or *:x*. 161 | 162 | :q! to quit without saving 163 | -------------------------- 164 | 165 | Typing *:q!*, when you are in command mode, will allow us quit without saving 166 | the current file. 167 | 168 | Vim is a powerful editor, and we learned only a few, really basic steps 169 | in it. It will take a complete book, to explain different features of 170 | vim. But, the steps above are sufficient for our book’s scope. 171 | 172 | 173 | One major thing to remember about any text file, is keeping the 174 | newline character as the last line of the file. Because that is how the 175 | `POSIX `_ standard 176 | `defines `_ 177 | a line. 178 | 179 | 180 | You can learn vim from various sources, the quickest one to start is `vimtutor` 181 | command in your system. Or else, VS Code editor has a vim plugin, and there is 182 | a very nice `tutorial `_ 183 | which you can follow in your Linux terminal in a normal vim. 184 | 185 | .. index:: su 186 | 187 | Becoming root user 188 | ------------------- 189 | 190 | *root* is the superuser. root has the power to make changes in various parts of 191 | a Linux system. That also means if you make any dangerous change (say deleting 192 | your user account) as root (by mistake), that can easily cause real damage. 193 | 194 | The general rule is, when you need superuser power, use the **sudo** command to 195 | get work done, and use your normal user account for everything else. The **su -** 196 | command will helps you become the *root* user; use this *extremely* carefully. 197 | 198 | :: 199 | 200 | $ su - 201 | Password: 202 | # 203 | 204 | Notice how the command prompt changed to *#* from *$*, *#* shows that 205 | you are using the *root* — another visible indication to think 206 | about every command you give as *root*. Press *Ctrl+d* to log 207 | out of the *root* account. (Or any account, for that matter.) 208 | 209 | 210 | .. index:: sudo 211 | 212 | Using sudo command 213 | ------------------- 214 | 215 | Add the **sudo** command in front of any other command to execute them as 216 | *root*. For example: 217 | 218 | :: 219 | 220 | $ less /var/log/secure 221 | /var/log/secure: Permission denied 222 | $ sudo less /var/log/secure 223 | [sudo] password for fedora: 224 | ... long output 225 | 226 | !! trick 227 | --------- 228 | 229 | There are times when you forgot to type `sudo` in the front of the command, you can use `!!` along 230 | with `sudo` to type that in faster. 231 | 232 | :: 233 | 234 | $ less /var/log/secure 235 | /var/log/secure: Permission denied 236 | $ sudo !! 237 | [sudo] password for fedora: 238 | ... long output 239 | 240 | 241 | To know more about the ! based bash tricks, read `this blog post from Red Hat `_. 242 | 243 | .. index:: hostnamectl 244 | 245 | Setting up hostname 246 | -------------------- 247 | 248 | **hostnamectl** command can be used to setup hostname of a system. Below, 249 | we are first checking the current hostname, and then setting up the hostname 250 | as `fastbox`. 251 | 252 | :: 253 | 254 | $ sudo hostnamectl hostname 255 | bigbox 256 | $ sudo hostnamectl hostname fastbox 257 | 258 | 259 | .. index:: Environment variable 260 | 261 | Environment variables 262 | ----------------------- 263 | 264 | Environment variables are a way to pass data on to applications. We can set 265 | values of different variables, which any application can then access. There are 266 | various variables which decide how the shell will behave. To see all the 267 | variables, use the **printenv** command. 268 | 269 | :: 270 | 271 | $ printenv 272 | ... long output 273 | 274 | 275 | You can execute the same command once as normal user, and once as 276 | *root*, and then check for the differences between the output. 277 | You will mostly see they are same, with some (or more) unique ones. 278 | That’s because, variables are user specific. 279 | 280 | .. index:: export 281 | 282 | Setting up environment variable values 283 | --------------------------------------- 284 | 285 | We can use the **export** command to create a new environment variable 286 | or change an existing one. 287 | We use the **echo** command to 288 | print a particular environment variable’s value. 289 | 290 | :: 291 | 292 | $ export NAME="Kushal Das" 293 | $ echo $NAME 294 | Kushal Das 295 | $ export NAME="Babai Das" 296 | $ echo $NAME 297 | Babai Das 298 | 299 | 300 | In our example we first created a new variable called *name*, and 301 | then we changed the value of the variable. 302 | 303 | 304 | .. index:: locate 305 | 306 | locate command 307 | --------------- 308 | 309 | **locate** is a very useful tool to find files in the system. It’s 310 | part of the **mlocate** package. For example, the following command will 311 | search all the files with firewalld in the name. 312 | 313 | :: 314 | 315 | $ locate firewalld 316 | /etc/firewalld 317 | /etc/sysconfig/firewalld 318 | /etc/systemd/system/basic.target.wants/firewalld.service 319 | /home/kdas/.local/share/Zeal/Zeal/docsets/Ansible.docset/Contents/Resources/Documents/docs.ansible.com/ansible/firewalld_module.html 320 | /home/kdas/Downloads/ansible-devel/lib/ansible/modules/system/firewalld.py 321 | /home/kdas/Downloads/ansible-fail-on-github-zipfile/lib/ansible/modules/system/firewalld.py 322 | /home/kdas/code/git/ansible/lib/ansible/modules/system/firewalld.py 323 | ... long output 324 | 325 | 326 | You can update the search database by using **updatedb** command as 327 | root. 328 | 329 | 330 | .. index:: updatedb 331 | 332 | :: 333 | 334 | $ sudo updatedb 335 | 336 | This may take some time as it will index all the files in your 337 | computer. 338 | 339 | 340 | .. index:: timezones 341 | 342 | Finding date/time in different timezones 343 | ----------------------------------------- 344 | 345 | The */usr/share/zoneinfo* directory contains all the different timezone 346 | files. We can use these file names to get current date/time in any timezone. For 347 | example, the following command will show the current date/time in 348 | *US/Pacific* timezone. 349 | 350 | :: 351 | 352 | $ TZ=US/Pacific date 353 | Sun May 20 18:45:54 PDT 2018 354 | 355 | Bash history 356 | ------------ 357 | 358 | Using **history** command you can check for any command you previously used in the shell, 359 | this output will not show you the commands from the current running shells. Only after 360 | you exit your shell, those commands will be written into `~/.bash_history` file, and history 361 | command tells us the details from there. 362 | 363 | The environment variable **HISTFILESIZE** determines the number of commands stored in the file. 364 | By default, the history command does not show timestamps. You can have another environment variable 365 | to set the timestamp of every command. All commands from before setting the timestamp will show the same 366 | time for execution. 367 | 368 | :: 369 | 370 | echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc 371 | source ~/.bashrc 372 | ... 373 | ... 374 | history 375 | 376 | 377 | Sort files by size 378 | ------------------- 379 | 380 | You can use **-S** or **--sort=size** option to the **ls** command. 381 | 382 | :: 383 | 384 | ls -lSh 385 | total 176K 386 | -rw-r--r-- 1 kdas kdas 14K Aug 27 2018 networking.rst 387 | -rw-r--r-- 1 kdas kdas 13K May 21 2018 services.rst 388 | -rw-r--r-- 1 kdas kdas 13K Aug 30 2019 startingcommands.rst 389 | -rw-r--r-- 1 kdas kdas 13K Jan 27 2019 processes.rst 390 | -rw-r--r-- 1 kdas kdas 12K Sep 20 21:35 firewall.rst 391 | ... 392 | ... 393 | 394 | You can reverse the sorting with passing **-r** option. 395 | -------------------------------------------------------------------------------- /docs/firewall.rst: -------------------------------------------------------------------------------- 1 | Linux Firewall 2 | =============== 3 | 4 | .. image:: img/firewall.png 5 | 6 | .. note:: This chapter is an ongoing work. 7 | 8 | A firewall is a network security system, which can monitor and control network 9 | packets coming in and going out from a system based on pre-defined rules. 10 | 11 | In this chapter, we will learn about **iptables** command and how can we use 12 | the same to create and manage the system's firewall. The `netfilter 13 | `_ subsystem in Linux Kernel handles 14 | the actual packet filtering in the network level. 15 | 16 | 17 | 18 | Installation 19 | ------------- 20 | 21 | On CentOS 22 | 23 | :: 24 | 25 | yum install iptables-services 26 | 27 | 28 | On Debian systems 29 | 30 | :: 31 | 32 | apt install iptables-persistent 33 | 34 | 35 | Tables, chains and rules 36 | ------------------------- 37 | 38 | There is a table based system which in turn uses chains of rules for the 39 | firewall. Each table has a defined set of chains, and the rules get into the 40 | get chain one after another. 41 | 42 | When a network packet reaches the related table, and the related chain inside 43 | of the table, the rules gets matched from top to bottom. If the packet matches 44 | then the *target* of the rule gets executed. Each chain also has a default 45 | policy, if no rule matches, then, the default poilicy gets applied on the 46 | packet. We will learn more about these in details. 47 | 48 | iptables has 5 built in chains. 49 | 50 | - **INPUT** for all packets incoming to the system 51 | - **OUTPUT** for all packets going out from the system 52 | - **FORWARD** for the routed packets, this is when the system works as a router 53 | - **PREROUTING** for port forwarding 54 | - **POSTROUTING** for Source Network Address Translation (SNAT), this applies to all 55 | packets leaving the system 56 | 57 | filter table 58 | ------------- 59 | 60 | **filter** is the default table of iptables. It has 3 default chains. 61 | 62 | - INPUT 63 | - OUTPUT 64 | - FORWARD 65 | 66 | nat table 67 | --------- 68 | 69 | **nat** table is a special table for SNAT and DNAT (port forwarding). 70 | It has the following chains. 71 | 72 | - PREROUTING 73 | - POSTROUTING 74 | - OUTPUT 75 | 76 | There are two other different tables, **mangle** and **raw**. 77 | 78 | .. index:: iptables 79 | 80 | iptables command 81 | ----------------- 82 | 83 | The following table will be helpful in remembering different arguments to 84 | **iptables** command. 85 | 86 | :: 87 | 88 | +------------------+--------------+---------------------+------------------------+-------------+ 89 | | Table | Command | Chain | Matches | Target/Jump | 90 | +------------------+--------------+---------------------+------------------------+-------------+ 91 | | filter (default) | -A (append) | INPUT | -p protocol | ACCEPT | 92 | | nat | -I (insert) | OUTPUT | -s source_ip | DROP | 93 | | mangle | -D (delete) | FORWARD | -d destination_ip | LOG | 94 | | raw | -R (replace) | PREROUTING | --sport source_port | REJECT | 95 | | | -F (flush) | POSTROUTING | --dport destination_ip | DNAT | 96 | | | -L (list) | USER_DEFINED_CHAINS | -i incoming | SNAT | 97 | | | -S (show) | | -o outgoing | LIMIT | 98 | | | -Z (zero) | | -m mac | RETURN | 99 | | | -N | | -m time | MASQUERADE | 100 | | | -X | | -m quota | | 101 | | | | | -m limit | | 102 | | | | | -m recent | | 103 | +------------------+--------------+---------------------+------------------------+-------------+ 104 | 105 | 106 | View the existing rules 107 | ------------------------ 108 | 109 | .. code-block:: bash 110 | 111 | # iptables -nvL --line-numbers 112 | Chain INPUT (policy ACCEPT 82 packets, 4756 bytes) 113 | num pkts bytes target prot opt in out source destination 114 | 115 | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 116 | num pkts bytes target prot opt in out source destination 117 | 118 | Chain OUTPUT (policy ACCEPT 42 packets, 3192 bytes) 119 | num pkts bytes target prot opt in out source destination 120 | 121 | 122 | The above command shows the default table **filter** and all chains and rules 123 | inside of it. You can notice that each of the chains has a default policy 124 | **ACCEPT**. It means if no rules match (in this case no rules are defined), it 125 | will accept those packets. 126 | 127 | 128 | Appending rules to INPUT chain 129 | ------------------------------- 130 | 131 | We can test an initial rule to **drop** all incoming *icmp* packets to the 132 | system. The following rule will append the rule to the **INPUT** chain. 133 | 134 | .. note:: `ping` command uses `icmp `_ packets. So, the following command will block 135 | `ping` into the system. 136 | 137 | .. code-block:: bash 138 | 139 | iptables -A INPUT -p icmp -j DROP 140 | 141 | Now, if you try to ping the system from any computer, you will not get any 142 | response. 143 | 144 | Flushing all rules 145 | ------------------- 146 | 147 | :: 148 | 149 | iptables -F 150 | 151 | The above command will help to flush (remove) all the rules from the default 152 | table. You can actually use *-t TABLE_NAME* argument to flush any particular 153 | table. 154 | 155 | 156 | Example of a series of rules 157 | ----------------------------- 158 | 159 | Here is a list of rules to allow traffic to port 22 (ssh) and port 80 and 443 160 | (http and https). 161 | 162 | :: 163 | 164 | iptables -A INPUT -i lo -j ACCEPT 165 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 166 | iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT 167 | iptables -A INPUT -p tcp --dport 80 -j ACCEPT 168 | iptables -A INPUT -p tcp --dport 443 -j ACCEPT 169 | iptables -A OUTPUT -j ACCEPT 170 | iptables -A INPUT -j REJECT 171 | iptables -A FORWARD -j REJECT 172 | 173 | The first rules allows all incoming traffic on the `loopback` device. 174 | The second line allows packets related to an already established connection, 175 | or the cases where a packet is trying to reconnect. 176 | The last 3rd last line allows all outgoing packets, and the last 2 lines 177 | reject everything else which does not match the rules. 178 | If you want to view all the rules. 179 | 180 | :: 181 | 182 | # iptables -nvL --line-numbers 183 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 184 | num pkts bytes target prot opt in out source destination 185 | 1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 186 | 2 122 9641 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 187 | 3 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 188 | 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 189 | 5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 190 | 6 22 2044 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 191 | 192 | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 193 | num pkts bytes target prot opt in out source destination 194 | 195 | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 196 | num pkts bytes target prot opt in out source destination 197 | 1 104 12085 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 198 | 199 | The *--line-numbers* argument shows the number of the each rule. We can use 200 | these line numbers to delete any rule. 201 | 202 | .. note:: For a desktop or laptop, you may want to drop all incoming connections, that will help in cases 203 | where someone in the local network may try to attack/scan your system. 204 | 205 | 206 | Delete a rule based on rule number 207 | ----------------------------------- 208 | 209 | Let us delete the rule number 4, which allows traffic to port 80. 210 | 211 | :: 212 | 213 | # iptables -D INPUT 4 214 | # iptables -nvL --line-numbers 215 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 216 | num pkts bytes target prot opt in out source destination 217 | 1 4 376 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 218 | 2 221 15445 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 219 | 3 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 220 | 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 221 | 5 22 2044 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 222 | 223 | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 224 | num pkts bytes target prot opt in out source destination 225 | 226 | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 227 | num pkts bytes target prot opt in out source destination 228 | 1 166 17248 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 229 | 230 | 231 | Delete a rule directly 232 | ----------------------- 233 | 234 | If you know the rule properly, you can also delete it based on the rule 235 | directly. 236 | 237 | :: 238 | 239 | # iptables -D INPUT -p tcp --dport 443 -j ACCEPT 240 | # iptables -nvL --line-numbers 241 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 242 | num pkts bytes target prot opt in out source destination 243 | 1 4 376 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 244 | 2 344 22417 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 245 | 3 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 246 | 4 22 2044 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 247 | 248 | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 249 | num pkts bytes target prot opt in out source destination 250 | 251 | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) 252 | num pkts bytes target prot opt in out source destination 253 | 1 234 22564 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 254 | 255 | 256 | Saving the rules 257 | ---------------- 258 | 259 | Any change made via **iptables** command stays on memory. To save it (so that 260 | it autoreloads in reboot), use the following command. 261 | 262 | 263 | For Debian. 264 | 265 | :: 266 | 267 | # netfilter-persistent save 268 | 269 | 270 | For CentOS 7+ 271 | 272 | :: 273 | 274 | # systemctl stop firewalld && systemctl disable firewalld 275 | # iptables-save > /etc/sysconfig/iptables 276 | # systemctl enable iptables 277 | Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. 278 | # systemctl start iptables 279 | 280 | The first line stops and then disables the **firewalld** service, it is a newer 281 | type of frontend for the same *netfilter* subsystem of the kernel. 282 | 283 | A blog post from Major Hayden 284 | ------------------------------ 285 | 286 | Now, you should read the `following blog post 287 | `_ from Major Hayden 288 | best practices. 289 | 290 | 291 | Debugging firewall rules 292 | ------------------------- 293 | 294 | In case you want to debug the rules, and wan to see which packet matches which 295 | rule in the chain, you can add these two following rules. After that, do 296 | **tail -f /var/log/kern.log** to see the messages. Remember to use the proper 297 | IP address and port number. 298 | 299 | :: 300 | 301 | # iptables -t raw -A PREROUTING -p tcp --destination YOUR_IP/24 --dport PORT_NUMBER -j TRACE 302 | # iptables -t raw -A OUTPUT -p tcp --destination YOUR_IP/24 --dport PORT_NUMBER -j TRACE 303 | 304 | -------------------------------------------------------------------------------- /docs/processes.rst: -------------------------------------------------------------------------------- 1 | Processes in Linux 2 | =================== 3 | 4 | A process is a program (think about any Linux application) in a running state. 5 | It contains various details, like the memory space the program needs, a process 6 | id, the files opened by the process, etc. 7 | 8 | 9 | .. index:: ps 10 | 11 | 12 | How to view all running processes? 13 | ----------------------------------- 14 | 15 | The following command shows all the processes from your computer. 16 | 17 | :: 18 | 19 | $ ps aux 20 | USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 21 | root 1 0.0 0.0 215356 4984 ? Ss May29 0:28 /usr/lib/systemd/systemd --system --deserialize 19 22 | root 2 0.0 0.0 0 0 ? S May29 0:00 [kthreadd] 23 | root 4 0.0 0.0 0 0 ? S< May29 0:00 [kworker/0:0H] 24 | root 6 0.0 0.0 0 0 ? S May29 0:11 [ksoftirqd/0] 25 | root 7 0.0 0.0 0 0 ? S May29 8:27 [rcu_sched] 26 | ... long output 27 | 28 | 29 | You can see that the output also tells you under which user the process is 30 | running, what the actual command being used is, and the percentage of CPU and 31 | memory usage. 32 | 33 | The *PID* column shows the process id; you can see that the *systemd* process 34 | has PID 1, which means it is the first process to start in the system. 35 | 36 | How to find a particular process? 37 | ---------------------------------- 38 | 39 | Let’s say, I want to know the process id of the Firefox browser in my system. 40 | I can use the following command to find that information. 41 | 42 | :: 43 | 44 | $ ps aux | grep firefox 45 | kdas 26752 96.1 9.7 2770724 763436 ? Sl 16:16 0:35 /usr/lib64/firefox/firefox 46 | kdas 26919 0.0 0.0 118520 980 pts/3 S+ 16:17 0:00 grep --color=auto firefox 47 | 48 | 49 | Here, we are first running the ps command, and then passing the output of that 50 | to the next command using the | character. In this case, as you see, grep is 51 | that second command. We can find and look for text using the grep tool. We will 52 | learn more about grep in the future. 53 | 54 | .. index:: kill 55 | 56 | How to kill/stop a particular process? 57 | --------------------------------------- 58 | 59 | We can kill/stop any process using the *kill* command. We found out, in the last 60 | example, that the id of the Firefox process in my computer is 26752, we can use 61 | that id to kill it. 62 | 63 | :: 64 | 65 | $ kill 26752 66 | 67 | If there is no error message, you’ll find that Firefox has disappeared. 68 | 69 | 70 | .. index:: lsof 71 | 72 | Finding out list of open files 73 | ------------------------------- 74 | 75 | **lsof** command will show list of all open files. The man page has more details 76 | about the different command line options available. 77 | 78 | .. index:: signal 79 | 80 | Signals 81 | -------- 82 | 83 | Signals are a limited way to communicate to a process. You can think about them 84 | as notifications to a process, and depending on the signal handler in the code, 85 | the process does something with that signal. The *kill* command actually sends a 86 | signal to the given process id, the default signal is *TERM*, which says to 87 | terminate the process. To directly/forcibly kill a process, you can send the 88 | *KILL* signal. 89 | 90 | :: 91 | 92 | $ kill -9 26752 93 | 94 | 95 | Here *9* is number representation of the *KILL* signal. To know more about Linux 96 | signals, read the man page. 97 | 98 | :: 99 | 100 | $ man 7 signal 101 | 102 | **kill** command also has a *-l* flag, which prints all of the signal names, and 103 | numbers on the screen. 104 | 105 | :: 106 | 107 | $ kill -l 108 | 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 109 | 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 110 | 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 111 | 16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 112 | 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 113 | 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR 114 | 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 115 | 38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 116 | 43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 117 | 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 118 | 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 119 | 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 120 | 63) SIGRTMAX-1 64) SIGRTMAX 121 | 122 | .. index:: top 123 | 124 | top command 125 | ------------ 126 | 127 | **top** is a very useful command while using a Linux system. It’s a quick way to 128 | know about all the running processes in the system, and their related status 129 | about CPU and memory usage in general. To get out of top, press the key *q*. 130 | 131 | :: 132 | 133 | top - 17:37:28 up 24 days, 11:52, 2 users, load average: 0.57, 0.73, 0.75 134 | Tasks: 372 total, 2 running, 370 sleeping, 0 stopped, 0 zombie 135 | %Cpu(s): 11.6 us, 2.6 sy, 0.0 ni, 84.9 id, 0.1 wa, 0.3 hi, 0.5 si, 0.0 st 136 | KiB Mem : 7858752 total, 1701052 free, 4444136 used, 1713564 buff/cache 137 | KiB Swap: 3268604 total, 1558396 free, 1710208 used. 2431656 avail Mem 138 | 139 | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 140 | 28300 kdas 20 0 1502016 287340 44396 R 25.0 3.7 290:56.60 chrome 141 | 2668 kdas 9 -11 2067292 9756 7164 S 6.2 0.1 166:06.48 pulseaudio 142 | 15122 kdas 20 0 771844 33104 11352 S 6.2 0.4 39:24.60 gnome-terminal- 143 | 24760 kdas 20 0 1945840 209128 76952 S 6.2 2.7 1:41.15 code 144 | 27526 kdas 20 0 156076 4268 3516 R 6.2 0.1 0:00.01 top 145 | 1 root 20 0 215356 4880 3108 S 0.0 0.1 0:28.25 systemd 146 | 2 root 20 0 0 0 0 S 0.0 0.0 0:00.66 kthreadd 147 | 4 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H 148 | 6 root 20 0 0 0 0 S 0.0 0.0 0:11.79 ksoftirqd/0 149 | 7 root 20 0 0 0 0 S 0.0 0.0 8:28.06 rcu_sched 150 | ... long output 151 | 152 | By the way, feel free to press *1* and see if anything changes in the top 153 | command output. 154 | 155 | .. index:: load average 156 | 157 | Load average 158 | ------------- 159 | 160 | If you look at the *top* output carefully, you will find load average mentioned. 161 | Actually, there are 3 numbers provided; these are the load averages of the 162 | system in the last one minute, 5 minutes ago, and 15 minutes ago. 163 | 164 | :: 165 | 166 | load average: 0.57, 0.73, 0.75 167 | 168 | 169 | In simple words, load average means the average time any process has to wait to 170 | get access to the CPU (or other resources), in idle state the load average is 0. 171 | This information is a quick way to learn about the system, if the system is 172 | slow to respond, just looking at the load-average, and then the rest of the top 173 | output should be a good starting point. 174 | 175 | htop tool 176 | ---------- 177 | 178 | **htop** is a modern version of the top tool. It has many more features, 179 | interactiveness being the biggest amongst them. **htop** does not come by default 180 | in most of the Linux installations, which means you will have to install it 181 | using the system’s package management tool. 182 | 183 | These are the ways to install it in Fedora and in Debian/Ubuntu 184 | 185 | :: 186 | 187 | $ sudo dnf install htop -y 188 | 189 | :: 190 | 191 | $ sudo apt-get install htop 192 | 193 | 194 | .. figure:: img/htop.png 195 | :width: 600px 196 | :align: center 197 | 198 | To know more about htop, please read the man page. 199 | 200 | :: 201 | 202 | $ man htop 203 | 204 | 205 | More about Linux processes 206 | --------------------------- 207 | 208 | You can learn more about Linux processes in the glibc manual. Use the *info* 209 | command to find out more. 210 | 211 | :: 212 | 213 | $ info libc process 214 | 215 | 216 | 217 | .. index:: proc filesystem 218 | 219 | /proc directory 220 | ---------------- 221 | 222 | */proc* is a special directory in our filesystem. This is a virtual filesystem which contains information about all the running processes, and information about the hardware present in the system. You will find that the files in the virtual filesystem are *0* in size. 223 | 224 | Now we’ll learn about a few files inside this directory. 225 | 226 | 227 | .. index:: cpuinfo 228 | 229 | 230 | /proc/cpuinfo 231 | -------------- 232 | 233 | */proc/cpuinfo* file has information about the CPU in your system. 234 | It includes the model number, and also the various flags available in 235 | that particular CPU model. 236 | 237 | 238 | .. index:: cmdline 239 | 240 | /proc/cmdline 241 | --------------- 242 | 243 | */proc/cmdline* file has all the parameters passed to the kernel at the bootup 244 | time. The following is a cloud-based virtual machine. 245 | 246 | :: 247 | 248 | $ cat /proc/cmdline 249 | BOOT_IMAGE=/boot/vmlinuz-4.8.6-300.fc25.x86_64 root=UUID=9be70055-35f2-4a57-b120-5a003dfdb504 ro no_timer_check console=tty1 console=ttyS0,115200n8 rhgb quiet console=ttyS1 LANG=en_US.UTF-8 initrd=/boot/initramfs-4.8.6-300.fc25.x86_64.img 250 | 251 | .. index:: meminfo 252 | 253 | /proc/meminfo 254 | -------------- 255 | 256 | */proc/meminfo* contains information related to the memory in the system. You can see the total amount RAM, the available memory and other values there. 257 | 258 | :: 259 | 260 | $ cat /proc/meminfo 261 | MemTotal: 4046820 kB 262 | MemFree: 2960568 kB 263 | MemAvailable: 3696216 kB 264 | Buffers: 53756 kB 265 | Cached: 830052 kB 266 | SwapCached: 0 kB 267 | Active: 347216 kB 268 | Inactive: 575692 kB 269 | Active(anon): 39388 kB 270 | Inactive(anon): 196 kB 271 | Active(file): 307828 kB 272 | Inactive(file): 575496 kB 273 | Unevictable: 0 kB 274 | Mlocked: 0 kB 275 | SwapTotal: 0 kB 276 | SwapFree: 0 kB 277 | Dirty: 4 kB 278 | Writeback: 0 kB 279 | AnonPages: 39120 kB 280 | Mapped: 42032 kB 281 | Shmem: 488 kB 282 | Slab: 141692 kB 283 | SReclaimable: 114996 kB 284 | SUnreclaim: 26696 kB 285 | KernelStack: 1360 kB 286 | PageTables: 2700 kB 287 | NFS_Unstable: 0 kB 288 | Bounce: 0 kB 289 | WritebackTmp: 0 kB 290 | CommitLimit: 2023408 kB 291 | Committed_AS: 127752 kB 292 | VmallocTotal: 34359738367 kB 293 | VmallocUsed: 0 kB 294 | VmallocChunk: 0 kB 295 | HardwareCorrupted: 0 kB 296 | AnonHugePages: 0 kB 297 | ShmemHugePages: 0 kB 298 | ShmemPmdMapped: 0 kB 299 | CmaTotal: 0 kB 300 | CmaFree: 0 kB 301 | HugePages_Total: 0 302 | HugePages_Free: 0 303 | HugePages_Rsvd: 0 304 | HugePages_Surp: 0 305 | Hugepagesize: 2048 kB 306 | DirectMap4k: 61296 kB 307 | DirectMap2M: 4132864 kB 308 | DirectMap1G: 2097152 kB 309 | 310 | /proc/uptime 311 | ------------- 312 | 313 | :: 314 | 315 | $ cat /proc/uptime 316 | 52820.32 104802.84 317 | 318 | 319 | The first value in this file shows the number of seconds the system is up. The 320 | second value is the total number of idle seconds for each CPU, so for the modern 321 | systems, this value can be more than the first value. 322 | 323 | 324 | .. index:: sysctl 325 | 326 | /proc/sys/ & sysctl command 327 | ---------------------------- 328 | 329 | This directory is a special one for system administrators. This not only 330 | provides information, but also allows you to quickly change (enable/disable) 331 | different kernel features. 332 | 333 | We use the **sysctl** command to view or edit the values for */proc/sys/*. If 334 | you want to see all the different settings, use the following command. 335 | 336 | :: 337 | 338 | $ sudo sysctl -a 339 | [sudo] password for kdas: 340 | abi.vsyscall32 = 1 341 | crypto.fips_enabled = 0 342 | debug.exception-trace = 1 343 | debug.kprobes-optimization = 1 344 | dev.cdrom.autoclose = 1 345 | dev.cdrom.autoeject = 0 346 | dev.cdrom.check_media = 0 347 | dev.cdrom.debug = 0 348 | dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17 349 | ... long output 350 | 351 | 352 | Enabling IP forward with sysctl 353 | -------------------------------- 354 | 355 | To enable IP forwarding to the VM(s), use the following command. 356 | 357 | :: 358 | 359 | $ sudo sysctl -w net.ipv4.ip_forward=1 360 | 361 | 362 | To check the current value, use the following command. 363 | 364 | :: 365 | 366 | $ sysctl net.ipv4.ip_forward 367 | 368 | 369 | You can see the same value in the */proc/sys/net/ipv4/ip_forward* 370 | file too. 371 | 372 | :: 373 | 374 | $ cat /proc/sys/net/ipv4/ip_forward 375 | 1 376 | 377 | To make the change permanent, write the following in the */etc/sysctl.conf* 378 | file. 379 | 380 | :: 381 | 382 | net.ipv4.ip_forward = 1 383 | 384 | 385 | Then, enable the changes using the following command. 386 | 387 | :: 388 | 389 | $ sudo sysctl -p /etc/sysctl.conf 390 | 391 | -------------------------------------------------------------------------------- /docs/curl.rst: -------------------------------------------------------------------------------- 1 | Curl! For all your web needs 2 | ============================ 3 | 4 | In this chapter we will learn about a very special command, `curl`. 5 | It is used to trasfer data over network. Written by `Daniel Stenberg 6 | `_, it is most probably one of the highest used 7 | pieces of software in the world. You can find it in your servers, cars and also in 8 | television sets. 9 | 10 | In this chapter we will learn a few example use cases. In case you are new to 11 | HTTP land, you can watch `this video 12 | `_ to learn more about the protocol. 13 | 14 | Viewing a file 15 | -------------- 16 | 17 | :: 18 | 19 | $ curl https://kushaldas.in/test.html 20 | 21 | 22 | Test page 23 | 24 | 25 | This is a test page. You can view it via curl. 26 | 27 | 28 | 29 | 30 | Here we are reading the content of the file located at URL 31 | `https://kushaldas.in/test.html`. By default curl shows the output on STDOUT. 32 | 33 | Downloading the file 34 | --------------------- 35 | 36 | You can use the `-o` flag to download a file and save it to disk, with the given filename. 37 | 38 | :: 39 | 40 | $ curl https://kushaldas.in/test.html -o /tmp/download.html 41 | % Total % Received % Xferd Average Speed Time Time Time Current 42 | Dload Upload Total Spent Left Speed 43 | 100 125 100 125 0 0 295 0 --:--:-- --:--:-- --:--:-- 296 44 | 45 | 46 | Download with the same name 47 | ---------------------------- 48 | 49 | Use the `-O` flag to download and save the file with the same basename from the given URL. 50 | 51 | :: 52 | 53 | $ curl -O https://kushaldas.in/test.html 54 | % Total % Received % Xferd Average Speed Time Time Time Current 55 | Dload Upload Total Spent Left Speed 56 | 100 125 100 125 0 0 295 0 --:--:-- --:--:-- --:--:-- 296 57 | $ ls -l test.html 58 | .rw-r--r--@ 125 kdas 14 Apr 20:45 test.html 59 | 60 | Here the file is saved in the current directory, as `test.html`. 61 | 62 | Making a POST request using curl 63 | -------------------------------- 64 | 65 | We can make `HTTP POST `_ requests 66 | using curl in two different ways. 67 | 68 | 1. Using the `-d` flag, for simple form submissions 69 | (or using `application/x-www-form-urlencoded`), where each form name & its values 70 | are marked with `=` and separate by `&`. 71 | 72 | 2. You can also use `--form/-F` for `multipart/form-data` where we can upload 73 | files or send in large amounts of binary data. 74 | 75 | :: 76 | 77 | $ curl -d "name=kushal&lang=Python" https://httpbin.org/post 78 | { 79 | "args": {}, 80 | "data": "", 81 | "files": {}, 82 | "form": { 83 | "lang": "Python", 84 | "name": "kushal" 85 | }, 86 | "headers": { 87 | "Accept": "*/*", 88 | "Content-Length": "23", 89 | "Content-Type": "application/x-www-form-urlencoded", 90 | "Host": "httpbin.org", 91 | "User-Agent": "curl/7.79.1", 92 | "X-Amzn-Trace-Id": "Root=1-625a7542-3994f1a24d276db65e59c88f" 93 | }, 94 | "json": null, 95 | "origin": "193.138.218.212", 96 | "url": "https://httpbin.org/post" 97 | } 98 | 99 | $ curl --form name=kushal --form lang=Python https://httpbin.org/post 100 | { 101 | "args": {}, 102 | "data": "", 103 | "files": {}, 104 | "form": { 105 | "lang": "Python", 106 | "name": "kushal" 107 | }, 108 | "headers": { 109 | "Accept": "*/*", 110 | "Content-Length": "244", 111 | "Content-Type": "multipart/form-data; boundary=------------------------870c3eede45c997d", 112 | "Host": "httpbin.org", 113 | "User-Agent": "curl/7.79.1", 114 | "X-Amzn-Trace-Id": "Root=1-625a755e-2b91ece7042683285bd91332" 115 | }, 116 | "json": null, 117 | "origin": "193.138.218.212", 118 | "url": "https://httpbin.org/post" 119 | } 120 | 121 | In the second example above, we passed in each form field, using `--form` twice. 122 | 123 | .. note:: You can read the `SPEC 124 | `_ to learn more 125 | about the differences between the options and the reasoning behind each approach. 126 | 127 | We can also put all the data into a file and post the contents of the file. 128 | 129 | :: 130 | 131 | $ cat data.txt 132 | name=kushal&lang=Python 133 | $ curl -d @data.txt https://httpbin.org/post 134 | { 135 | "args": {}, 136 | "data": "", 137 | "files": {}, 138 | "form": { 139 | "lang": "Python", 140 | "name": "kushal" 141 | }, 142 | "headers": { 143 | "Accept": "*/*", 144 | "Content-Length": "23", 145 | "Content-Type": "application/x-www-form-urlencoded", 146 | "Host": "httpbin.org", 147 | "User-Agent": "curl/7.79.1", 148 | "X-Amzn-Trace-Id": "Root=1-62795cf0-2f1afd31178c28137be111d6" 149 | }, 150 | "json": null, 151 | "origin": "193.138.218.212", 152 | "url": "https://httpbin.org/post" 153 | } 154 | 155 | 156 | Following redirection 157 | ---------------------- 158 | 159 | One can use `-L` option to tell curl to follow any **3xx** redirect from the 160 | server. To see this, first we call `curl` with `-I` to `http://kushaldas.in`. 161 | This will return a *302* redirection to the `https://kushaldas.in` site. In the 162 | second run, we will additionally provide a `-L` flag, so that curl will follow the 163 | redirection. `-I` allows curl to do a `HEAD` request to the server. 164 | 165 | :: 166 | 167 | $ curl -I http://kushaldas.in 168 | HTTP/1.1 302 Moved Temporarily 169 | Server: nginx/1.18.0 170 | Date: Sat, 16 Apr 2022 15:03:02 GMT 171 | Content-Type: text/html 172 | Content-Length: 145 173 | Connection: keep-alive 174 | Location: https://kushaldas.in/ 175 | 176 | 177 | $ curl -LI http://kushaldas.in 178 | HTTP/1.1 302 Moved Temporarily 179 | Server: nginx/1.18.0 180 | Date: Sat, 16 Apr 2022 15:03:06 GMT 181 | Content-Type: text/html 182 | Content-Length: 145 183 | Connection: keep-alive 184 | Location: https://kushaldas.in/ 185 | 186 | HTTP/2 200 187 | server: nginx/1.18.0 188 | date: Sat, 16 Apr 2022 15:03:06 GMT 189 | content-type: text/html; charset=utf-8 190 | content-length: 27890 191 | last-modified: Fri, 01 Apr 2022 13:35:38 GMT 192 | etag: "6246ffaa-6cf2" 193 | strict-transport-security: max-age=31536000 194 | onion-location: https://kushal76uaid62oup5774umh654scnu5dwzh4u2534qxhcbi4wbab3ad.onion 195 | permissions-policy: interest-cohort=() 196 | x-frame-options: DENY 197 | x-content-type-options: nosniff 198 | referrer-policy: strict-origin 199 | accept-ranges: bytes 200 | 201 | 202 | Example: To view github's pull request patch 203 | --------------------------------------------- 204 | 205 | We can use the options we already learned to get any patch from github. When I 206 | started writing this chapter, I did an `initial PR 207 | `_. Let us first see what happens 208 | when we just try to get the page. 209 | 210 | :: 211 | 212 | $ curl https://github.com/kushaldas/lym/pull/58 | less 213 | 214 | You will notice a lot of HTML/JS, but we want to see the actual code diff. 215 | We can try to do that by appending `.diff` to the end of the URL. 216 | 217 | :: 218 | 219 | $ curl https://github.com/kushaldas/lym/pull/58.diff 220 | You are being redirected. 221 | 222 | We see that it is a redirect. 223 | Now we can use `-LO` flag to follow the redirect, and also save the patch in `58.diff`. 224 | 225 | :: 226 | 227 | $ curl -LO https://github.com/kushaldas/lym/pull/58.diff 228 | 229 | 230 | Viewing more details about the transfer 231 | --------------------------------------- 232 | 233 | We can use `--write-out` flag to get more details about the transfer. It prints 234 | them after the main output, based on the variable we pass in. For example, we can 235 | check the `HTTP status code` in both the calls. 236 | 237 | :: 238 | 239 | $ curl -s --write-out '%{http_code}' http://kushaldas.in -o /dev/null 240 | 302 241 | $ curl -s --write-out '%{http_code}' https://kushaldas.in -o /dev/null 242 | 200 243 | 244 | You can also pass `--write-out '%{json}'` to see the all the different details as 245 | JSON. Read `curl` man page for more details. 246 | 247 | 248 | Making multiple requests at once 249 | -------------------------------- 250 | 251 | We can use `--next` flag to make multiple requests one after another (as totally separate 252 | operations). Note that, it resets all of the settings/command line options used before. 253 | 254 | 255 | :: 256 | 257 | $ curl --user-agent "ACAB/1.0" http://httpbin.org/get --next https://httpbin.org/get 258 | { 259 | "args": {}, 260 | "headers": { 261 | "Accept": "*/*", 262 | "Host": "httpbin.org", 263 | "User-Agent": "ACAB/1.0", 264 | "X-Amzn-Trace-Id": "Root=1-625b0986-39eae16e7144c2ec7601b697" 265 | }, 266 | "origin": "193.138.218.212", 267 | "url": "http://httpbin.org/get" 268 | } 269 | { 270 | "args": {}, 271 | "headers": { 272 | "Accept": "*/*", 273 | "Host": "httpbin.org", 274 | "User-Agent": "curl/7.79.1", 275 | "X-Amzn-Trace-Id": "Root=1-625b0987-6bc8f2a30c2fef0037c7d629" 276 | }, 277 | "origin": "193.138.218.212", 278 | "url": "https://httpbin.org/get" 279 | } 280 | 281 | 282 | In the above example you can see the `User-Agent` value taking effect, only in the 283 | first operation, but not in the second one. 284 | 285 | Inspecting HTTP headers 286 | ----------------------- 287 | 288 | You can use `-v` flag to inspect the HTTP headers in a request/response. 289 | 290 | :: 291 | 292 | $ curl -v http://httpbin.org/get 293 | * Trying 54.91.120.77:80... 294 | * Connected to httpbin.org (54.91.120.77) port 80 (#0) 295 | > GET /get HTTP/1.1 296 | > Host: httpbin.org 297 | > User-Agent: curl/7.79.1 298 | > Accept: */* 299 | > 300 | * Mark bundle as not supporting multiuse 301 | < HTTP/1.1 200 OK 302 | < Date: Fri, 15 Apr 2022 10:03:05 GMT 303 | < Content-Type: application/json 304 | < Content-Length: 256 305 | < Connection: keep-alive 306 | < Server: gunicorn/19.9.0 307 | < Access-Control-Allow-Origin: * 308 | < Access-Control-Allow-Credentials: true 309 | < 310 | { 311 | "args": {}, 312 | "headers": { 313 | "Accept": "*/*", 314 | "Host": "httpbin.org", 315 | "User-Agent": "curl/7.79.1", 316 | "X-Amzn-Trace-Id": "Root=1-625942d9-163a40480c9aea0470fd9c2e" 317 | }, 318 | "origin": "185.195.233.166", 319 | "url": "http://httpbin.org/get" 320 | } 321 | * Connection #0 to host httpbin.org left intact 322 | 323 | 324 | Here the lines with `>` at the start of the line, show the headers in the request, while 325 | those with `<` show the headers in the response. 326 | 327 | For the rest of this chapter, we will keep using `httpbin.org `_, 328 | which is a service run by `Kenneth Reitz `_. 329 | The service returns JSON as output. 330 | 331 | Let's say you want to only view the headers, and not the actual 332 | file/URL content. You can use `-s` and `-o /dev/null` as flags to do so 333 | 334 | :: 335 | 336 | 337 | $ curl -s -v http://httpbin.org/get -o /dev/null 338 | * Trying 52.7.224.181:80... 339 | * Connected to httpbin.org (52.7.224.181) port 80 (#0) 340 | > GET /get HTTP/1.1 341 | > Host: httpbin.org 342 | > User-Agent: curl/7.79.1 343 | > Accept: */* 344 | > 345 | * Mark bundle as not supporting multiuse 346 | < HTTP/1.1 200 OK 347 | < Date: Sat, 16 Apr 2022 09:18:46 GMT 348 | < Content-Type: application/json 349 | < Content-Length: 256 350 | < Connection: keep-alive 351 | < Server: gunicorn/19.9.0 352 | < Access-Control-Allow-Origin: * 353 | < Access-Control-Allow-Credentials: true 354 | < 355 | { [256 bytes data] 356 | * Connection #0 to host httpbin.org left intact 357 | 358 | 359 | Adding new HTTP headers 360 | ----------------------- 361 | 362 | To learn about this feature of `curl` first we will try to access a URL with a `GET` request. We will inspect the status code returned by the server, 363 | and also the headers. 364 | 365 | :: 366 | 367 | $ curl -s -v http://httpbin.org/bearer -o /dev/null 368 | * Trying 54.90.70.44:80... 369 | * Connected to httpbin.org (54.90.70.44) port 80 (#0) 370 | > GET /bearer HTTP/1.1 371 | > Host: httpbin.org 372 | > User-Agent: curl/7.79.1 373 | > Accept: */* 374 | > 375 | * Mark bundle as not supporting multiuse 376 | < HTTP/1.1 401 UNAUTHORIZED 377 | < Date: Wed, 20 Apr 2022 07:41:25 GMT 378 | < Content-Type: text/html; charset=utf-8 379 | < Content-Length: 0 380 | < Connection: keep-alive 381 | < Server: gunicorn/19.9.0 382 | < WWW-Authenticate: Bearer 383 | < Access-Control-Allow-Origin: * 384 | < Access-Control-Allow-Credentials: true 385 | < 386 | * Connection #0 to host httpbin.org left intact 387 | 388 | It says `401 UNAUTHORIZED`. Now, if we check `the documentation 389 | `_, it tells us to send in an `Authorization` 390 | header with a bearer token. Which generally, is a random value depending on the 391 | server implementation (random, but only for actual authenticated users). We 392 | will try to send in `123456` as token using the `-H` flag. You can pass 393 | multiple such headers by using the `-H` multiple times. 394 | 395 | :: 396 | 397 | $ curl -H "Authorization: Bearer 123456" -s -v http://httpbin.org/bearer -o /dev/null 398 | * Trying 35.169.55.235:80... 399 | * Connected to httpbin.org (35.169.55.235) port 80 (#0) 400 | > GET /bearer HTTP/1.1 401 | > Host: httpbin.org 402 | > User-Agent: curl/7.79.1 403 | > Accept: */* 404 | > Authorization: Bearer 123456 405 | > 406 | * Mark bundle as not supporting multiuse 407 | < HTTP/1.1 200 OK 408 | < Date: Wed, 20 Apr 2022 07:46:09 GMT 409 | < Content-Type: application/json 410 | < Content-Length: 50 411 | < Connection: keep-alive 412 | < Server: gunicorn/19.9.0 413 | < Access-Control-Allow-Origin: * 414 | < Access-Control-Allow-Credentials: true 415 | < 416 | { [50 bytes data] 417 | * Connection #0 to host httpbin.org left intact 418 | 419 | Curl video/talk 420 | ---------------- 421 | 422 | In `this video `_ Daniel Stenberg himself 423 | explained various features of curl, the talk is from August, 2023. 424 | 425 | Curl book 426 | ---------- 427 | 428 | If you want to know more, there is an `amazing online book 429 | `_ to read. The man page of `curl` also 430 | has a lot of details. 431 | 432 | -------------------------------------------------------------------------------- /docs/startingcommands.rst: -------------------------------------------------------------------------------- 1 | Shell commands 2 | =============== 3 | 4 | In Linux the shell (or terminal) is the lifeline of the developer, and of any 5 | power user. Things which can be done on the GUI (by clicking on different 6 | buttons), can be done much more efficiently on the terminal by using commands. 7 | Maybe one can not remember all the commands, but with regular usage one can easily 8 | remember the most useful ones. 9 | 10 | The following guide will introduce you to a minimal set of basic commands 11 | required to use your Linux computer efficiently. 12 | 13 | Terminal emulators 14 | ------------------ 15 | 16 | .. figure:: img/terminal1.png 17 | :width: 600px 18 | :align: center 19 | 20 | The above is the screenshot of the Gnome terminal application. As you can see 21 | the command prompt contains the following information:: 22 | 23 | [username@hostname directoryname] 24 | 25 | In our case the username is *babai*, hostname is *kdas-laptop*, and directory 26 | is mentioned as *~*. This *~* is a special character in our case. It means 27 | the home directory of the user. In our case the home directory path is 28 | */home/babai/*. 29 | 30 | The Gnome terminal is one of many implementations of terminal emulators. 31 | Different Linux environments may come pre-installed with different terminals. 32 | 33 | Read the articles on Wikipedia to learn about `computer terminals 34 | `_, `terminal emulators 35 | `_ and `shell 36 | `_. 37 | 38 | date command 39 | ------------- 40 | 41 | *date* command prints the current date time. 42 | 43 | :: 44 | 45 | $ date 46 | Sun Jun 25 10:13:44 IST 2017 47 | 48 | In case you want to know the current date/time in UTC, use the following command. 49 | (I added this in 2018, so please do not get confused at the date.) 50 | 51 | :: 52 | 53 | $ date -u 54 | Mon May 21 01:43:47 UTC 2018 55 | 56 | If you want to see yesterday's date, or a 10 days ago, you can even do that. 57 | 58 | :: 59 | 60 | $ date --date="yesterday" 61 | Fri Apr 9 07:09:01 PM IST 2021 62 | 63 | $ date --date="10 days ago" 64 | Wed Mar 31 07:09:06 PM IST 2021 65 | 66 | 67 | cal command 68 | ------------ 69 | 70 | *cal* command is used to display a calendar in your shell, by default it 71 | will display the current month. 72 | 73 | :: 74 | 75 | $ cal 76 | June 2017 77 | Su Mo Tu We Th Fr Sa 78 | 1 2 3 79 | 4 5 6 7 8 9 10 80 | 11 12 13 14 15 16 17 81 | 18 19 20 21 22 23 24 82 | 25 26 27 28 29 30 83 | 84 | $ cal 07 2017 85 | July 2017 86 | Su Mo Tu We Th Fr Sa 87 | 1 88 | 2 3 4 5 6 7 8 89 | 9 10 11 12 13 14 15 90 | 16 17 18 19 20 21 22 91 | 23 24 25 26 27 28 29 92 | 30 31 93 | 94 | 95 | 96 | whoami command 97 | --------------- 98 | 99 | *whoami* command will tell you which user account you are using in this system. 100 | 101 | :: 102 | 103 | $ whoami 104 | fedora 105 | 106 | id command 107 | ----------- 108 | 109 | *id* prints real user id, and various other details related to the account. 110 | 111 | :: 112 | 113 | $ id 114 | uid=1000(fedora) gid=1000(fedora) groups=1000(fedora),4(adm),10(wheel),190(systemd-journal) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 115 | 116 | pwd command 117 | ------------ 118 | 119 | *pwd* command, short for *print working directory*, will help you to find out the absolute path of the current directory. Let us see an example below: 120 | :: 121 | 122 | [babai@kdas-laptop ~]$ pwd 123 | /home/babai 124 | 125 | cd command 126 | ---------- 127 | 128 | The next command we will learn is *cd*, short for *change directory*. This command will help you to change your current directory. We will move 129 | to */tmp* directory in our example. 130 | 131 | :: 132 | 133 | [babai@kdas-laptop ~]$ cd /tmp 134 | [babai@kdas-laptop tmp]$ pwd 135 | /tmp 136 | [babai@kdas-laptop tmp]$ cd ~ 137 | [babai@kdas-laptop ~]$ pwd 138 | /home/babai 139 | 140 | Here you can see that first we moved to */tmp* directory, and then we moved 141 | back to the home directory by using 142 | *~* character. 143 | 144 | . directory and .. directory 145 | ----------------------------- 146 | 147 | *.* and *..* has special meaning in the Linux. *.* means the current 148 | directory and *..* means the parent directory. We can use these in various 149 | situations for daily activities. 150 | 151 | :: 152 | 153 | $ cd .. 154 | 155 | The above command changes the current directory to the parent directory. 156 | 157 | ls command 158 | ---------- 159 | 160 | We use *ls* command to *list* the files and directories inside any given 161 | directory. If you use *ls* command without any argument, then it will work on 162 | the current directory. We will see few examples of the command below. 163 | 164 | :: 165 | 166 | [babai@kdas-laptop ~]$ ls 167 | Desktop Documents Downloads Music Pictures Public Templates Videos 168 | [babai@kdas-laptop ~]$ ls /tmp/ 169 | cpython systemd-private-759094c89c594c07a90156139ec4b969-colord.service-hwU1hR 170 | hogsuspend systemd-private-759094c89c594c07a90156139ec4b969-rtkit-daemon.service-AwylGa 171 | hsperfdata_babai tracker-extract-files.1000 172 | plugtmp tracker-extract-files.1002 173 | [babai@kdas-laptop ~]$ ls / 174 | bin cpython etc lib lost+found mnt proc run srv sysroot usr 175 | boot dev home lib64 media opt root sbin sys tmp var 176 | 177 | In the last two commands we provided a path as the argument to the *ls* 178 | command. */* is a special directory, which represents root directory in Linux 179 | filesystem. You will learn more about that in the next chapter. 180 | 181 | mkdir command 182 | ------------- 183 | 184 | We can create new directories using *mkdir* command. For our example we will 185 | create a *code* directory inside our home directory. 186 | 187 | :: 188 | 189 | [babai@kdas-laptop ~]$ ls 190 | Desktop Documents Downloads Music Pictures Public Templates Videos 191 | [babai@kdas-laptop ~]$ mkdir code 192 | [babai@kdas-laptop ~]$ ls 193 | code Desktop Documents Downloads Music Pictures Public Templates Videos 194 | 195 | We can also create nested directories in a single command using the *-p* option. 196 | 197 | :: 198 | 199 | [babai@kdas-laptop ~]$ mkdir -p dir1/dir2/dir3 200 | [babai@kdas-laptop ~]$ ls dir1/ dir1/dir2/ 201 | dir1/: 202 | dir2 203 | 204 | dir1/dir2/: 205 | dir3 206 | 207 | rm command 208 | ---------- 209 | 210 | *rm* command is used to *remove* a file, or directory. The *-r* option is being 211 | used to remove in a recursive way. With *-f* you *force* the removal, ignoring errors and never prompt. 212 | You can chain the flags, so instead of *rm -r -f* you can as well type *rm -rf*. 213 | But, always double check before you use *rm -rf* command, if you by mistake 214 | give this command in your home directory, or any other important directory, 215 | it will not ask to confirm, but it will delete everything there. So, please be careful 216 | *and read twice before pressing enter key*. 217 | 218 | :: 219 | 220 | [babai@kdas-laptop ~]$ rm -rf dir1/dir2/dir3 221 | [babai@kdas-laptop ~]$ ls dir1/ dir1/dir2/ 222 | dir1/: 223 | dir2 224 | 225 | dir1/dir2/: 226 | 227 | Copying a file using cp command 228 | ------------------------------- 229 | 230 | We use the *cp* command to *copy* a file in the Linux shell. To copy a folder with its contents 231 | recursively use the *cp* command with the *-r* flag. 232 | We use the *cp file_to_copy new_location* format. 233 | In the example below, we 234 | are copying the *hello.txt* to *hello2.txt*. 235 | 236 | :: 237 | 238 | $ cp hello.txt hello2.txt 239 | $ ls -l 240 | -rw-rw-r--. 1 fedora fedora 75 Jun 25 04:47 hello2.txt 241 | -rw-rw-r--. 1 fedora fedora 75 Jun 25 04:33 hello.txt 242 | 243 | In another example, I will copy the file *passwordauthno.png* from the 244 | Pictures directory in my home directory to the current directory. 245 | 246 | :: 247 | 248 | $ cp ~/Pictures/passwordauthno.png . 249 | 250 | 251 | In the following example, I will be copying the *images* directory 252 | (and everything inside it) from the *Downloads* directory under home 253 | to the */tmp/* directory. 254 | 255 | :: 256 | 257 | $ cp -r ~/Downloads/images /tmp/ 258 | 259 | Renaming or moving a file 260 | -------------------------- 261 | 262 | The *mv* command is used to rename or *move* a file or directory. In the 263 | following example, the file *hello.txt* is renamed to *nothello.txt*. 264 | 265 | :: 266 | 267 | $ mv hello.txt nothello.txt 268 | $ ls -l 269 | -rw-rw-r--. 1 fedora fedora 75 Jun 25 04:33 nothello.txt 270 | 271 | tree command 272 | ------------- 273 | 274 | *tree* command prints the directory structure in a nice visual tree design way. 275 | 276 | :: 277 | 278 | [babai@kdas-laptop ~]$ tree 279 | . 280 | ├── code 281 | ├── Desktop 282 | ├── dir1 283 | │ └── dir2 284 | ├── Documents 285 | ├── Downloads 286 | ├── Music 287 | ├── Pictures 288 | │ └── terminal1.png 289 | ├── Public 290 | ├── Templates 291 | └── Videos 292 | 293 | .. note:: The *tree* command may not be installed on your system by default, you can install it later after reading the package management chapter. 294 | 295 | wc command 296 | ----------- 297 | 298 | *wc*, short for *word count*, is an useful command which can help us to count newlines, words and bytes 299 | of a file. 300 | 301 | :: 302 | 303 | $ cat hello.txt 304 | HI that is a file. 305 | This is the second line. 306 | And we also have a third line. 307 | $ wc -l hello.txt 308 | 3 hello.txt 309 | $ wc -w hello.txt 310 | 17 hello.txt 311 | 312 | The *-l* flag finds the number of lines in a file, *-w* counts the number 313 | of words in the file. 314 | 315 | .. index:: less 316 | 317 | less command 318 | ------------ 319 | 320 | *less* command helps us to view the content of any file, it allows both 321 | forward and backward movement. It does not require to read the full file, so 322 | it helps to read faster any big text file. 323 | 324 | :: 325 | 326 | $ less ~/.bash_history 327 | 328 | In this example, we are reading the file `~/.bash_history`. 329 | 330 | 331 | echo command 332 | ------------- 333 | 334 | *echo* command echoes any given string to the display. 335 | 336 | :: 337 | 338 | $ echo "Hello" 339 | Hello 340 | 341 | Redirecting the command output 342 | ------------------------------- 343 | 344 | In Linux shells, we can redirect the command output to a file, or as input to 345 | another command. The pipe operator *|* is the most common way to do so. Using this we can now 346 | count the number of directories in the root (*/*) directory very easily. 347 | 348 | :: 349 | 350 | $ ls / 351 | bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var 352 | $ ls / | wc -w 353 | 20 354 | 355 | The **|** is known as pipe. To know more about this, watch `this 356 | video `_. 357 | 358 | Using > to redirect output to a file 359 | ------------------------------------ 360 | 361 | We can use *>* to redirect the output of one command to a file, if the file 362 | exists this will remove the old content and only keep the input. We can use 363 | *>>* to append to a file, means it will keep all the old content, and 364 | it will add the new input to the end of the file. 365 | 366 | :: 367 | 368 | $ ls / > details.txt 369 | $ cat details.txt 370 | bin 371 | boot 372 | dev 373 | etc 374 | home 375 | lib 376 | lib64 377 | lost+found 378 | media 379 | mnt 380 | opt 381 | proc 382 | root 383 | run 384 | sbin 385 | srv 386 | sys 387 | tmp 388 | usr 389 | var 390 | $ ls /usr/ > details.txt 391 | $ cat details.txt 392 | bin 393 | games 394 | include 395 | lib 396 | lib64 397 | libexec 398 | local 399 | sbin 400 | share 401 | src 402 | tmp 403 | $ ls -l /tmp/ >> details.txt 404 | $ cat details.txt 405 | bin 406 | games 407 | include 408 | lib 409 | lib64 410 | libexec 411 | local 412 | sbin 413 | share 414 | src 415 | tmp 416 | total 776 417 | -rwxrwxr-x. 1 fedora fedora 34 Jun 24 07:56 helol.py 418 | -rw-------. 1 fedora fedora 784756 Jun 23 10:49 tmp3lDEho 419 | 420 | Moving around in the command line 421 | ---------------------------------- 422 | 423 | There are key shortcuts available in Bash which will help you to move around faster. 424 | They are by the way very similar to the standard *emacs* keybindings, a number of key 425 | combinations that you will discover in many places and therefore are very handy to memorize 426 | and internalize. 427 | The following table is a good starting point. 428 | 429 | +-----------------+------------------------------------------------+ 430 | | Key combination | Action | 431 | +=================+================================================+ 432 | | Ctrl + A | Move to the beginning of the line | 433 | +-----------------+------------------------------------------------+ 434 | | Ctrl + E | Move to the end of the line | 435 | +-----------------+------------------------------------------------+ 436 | | Alt + B | Move to the previous word | 437 | +-----------------+------------------------------------------------+ 438 | | Alt + F | Move to the next word | 439 | +-----------------+------------------------------------------------+ 440 | | Ctrl + U | Cuts to the beginning of the line | 441 | +-----------------+------------------------------------------------+ 442 | | Ctrl + K | Cuts to the end of the line | 443 | +-----------------+------------------------------------------------+ 444 | | Ctrl + W | Cuts the previous word | 445 | +-----------------+------------------------------------------------+ 446 | | Ctrl + P | Browse previously entered commands | 447 | +-----------------+------------------------------------------------+ 448 | | Ctrl + R | Reverse search for previously entered commands | 449 | +-----------------+------------------------------------------------+ 450 | | Ctrl + Y | Pastes the text in buffer | 451 | +-----------------+------------------------------------------------+ 452 | 453 | man pages 454 | ---------- 455 | 456 | *man* shows the system's manual pages. This is the command we use to 457 | view the help document (manual page) for any command. The man pages are 458 | organized based on *sections*, and if the same command is found in many 459 | different sections, only the first one is shown. 460 | 461 | The general syntax is *man section command*. Example **man 7 signal**. 462 | 463 | You can know about different sections below. Press *q* to quit the program. 464 | 465 | :: 466 | 467 | 1 Executable programs or shell commands 468 | 2 System calls (functions provided by the kernel) 469 | 3 Library calls (functions within program libraries) 470 | 4 Special files (usually found in /dev) 471 | 5 File formats and conventions eg /etc/passwd 472 | 6 Games 473 | 7 Miscellaneous (including macro packages and conventions), e.g. man(7), groff(7) 474 | 8 System administration commands (usually only for root) 475 | 9 Kernel routines [Non standard] 476 | 477 | Counting files in a directory 478 | ------------------------------ 479 | 480 | Normally `ls` commands shows all the files and directories in multiple column. 481 | But if you pipe the output to any another command, then it prints one name in a 482 | line. We can combine that with `wc -l` to count the number of files in a 483 | directory. 484 | 485 | :: 486 | 487 | ls | wc -l 488 | 73 489 | 490 | Editing longer commands 491 | ------------------------ 492 | 493 | If you are typing a long command or something multi-line, then you can type 494 | `Ctrl-x-e`, press Control button, and then `x` and then `e` key. This will open 495 | up a temporary editor using the `$EDITOR`. 496 | -------------------------------------------------------------------------------- /docs/packages.rst: -------------------------------------------------------------------------------- 1 | Package management 2 | ================== 3 | 4 | In the Free and Open Source Software world, most software is released in source 5 | code format by developers. This means that generally, if you want to install a 6 | piece of software, you will find the source code on the website of the project. 7 | As a user, you will have to find and install all the other bits of software, 8 | that this particular piece depends on (the *dependencies*) and then install the 9 | software. To solve this *painful* issue, all Linux distributions have something 10 | called a *package management system*. Volunteers (mostly) all across the world 11 | help make binary software packages out of source code released by the 12 | developers, in such a way that users of the Linux distribution can easily 13 | install, update or remove that software. 14 | 15 | It’s generally recommended, we use the package management system that comes with 16 | the distribution, to install software for the users. If you are really sure 17 | about what you’re doing in the system, you can install from the source files 18 | too; but that can be dangerous. 19 | 20 | .. index:: dnf 21 | 22 | dnf command 23 | ------------- 24 | 25 | **dnf** is the package management system in Fedora. The actual packages come in 26 | the *rpm* format. *dnf* helps you search, install or uninstall any package from 27 | the Fedora package repositories. You can also use the same command to update 28 | packages in your system. 29 | 30 | Searching for a package 31 | ------------------------ 32 | 33 | :: 34 | 35 | $ dnf search pss 36 | Fedora 25 - x86_64 34 MB/s | 50 MB 00:01 37 | Fedora 25 - x86_64 - Updates 41 MB/s | 23 MB 00:00 38 | Last metadata expiration check: 0:00:07 ago on Sun Jun 25 04:14:22 2017. 39 | =========================================== N/S Matched: pss ============================================ 40 | pss.noarch : A power-tool for searching inside source code files 41 | pssh.noarch : Parallel SSH tools 42 | 43 | First the tool, downloads all the latest package information from the 44 | repository, and then gives us the result. 45 | 46 | Finding more information about a package 47 | ----------------------------------------- 48 | 49 | *dnf info* gives us more information about any given package. 50 | 51 | :: 52 | 53 | $ dnf info pss 54 | Last metadata expiration check: 0:04:59 ago on Sun Jun 25 04:14:22 2017. 55 | Available Packages 56 | Name : pss 57 | Arch : noarch 58 | Epoch : 0 59 | Version : 1.40 60 | Release : 6.fc25 61 | Size : 58 k 62 | Repo : fedora 63 | Summary : A power-tool for searching inside source code files 64 | URL : https://github.com/eliben/pss 65 | License : Public Domain 66 | Description : pss is a power-tool for searching inside source code files. 67 | : pss searches recursively within a directory tree, knows which 68 | : extensions and file names to search and which to ignore, automatically 69 | : skips directories you wouldn't want to search in (for example .svn or .git), 70 | : colors its output in a helpful way, and does much more. 71 | 72 | 73 | 74 | .. index:: dnf install 75 | 76 | Installing a package 77 | --------------------- 78 | 79 | The *dnf install* command helps us install any given package. We can pass more 80 | than one package name as the argument. 81 | 82 | :: 83 | 84 | $ sudo dnf install pss wget 85 | Last metadata expiration check: 0:37:13 ago on Sun Jun 25 03:44:07 2017. 86 | Package wget-1.18-3.fc25.x86_64 is already installed, skipping. 87 | Dependencies resolved. 88 | ===================================================================================================================================================== 89 | Package Arch Version Repository Size 90 | ===================================================================================================================================================== 91 | Installing: 92 | pss noarch 1.40-6.fc25 fedora 58 k 93 | 94 | Transaction Summary 95 | ===================================================================================================================================================== 96 | Install 1 Package 97 | 98 | Total download size: 58 k 99 | Installed size: 196 k 100 | Is this ok [y/N]: y 101 | Downloading Packages: 102 | pss-1.40-6.fc25.noarch.rpm 969 kB/s | 58 kB 00:00 103 | ----------------------------------------------------------------------------------------------------------------------------------------------------- 104 | Total 118 kB/s | 58 kB 00:00 105 | Running transaction check 106 | Transaction check succeeded. 107 | Running transaction test 108 | Transaction test succeeded. 109 | Running transaction 110 | Installing : pss-1.40-6.fc25.noarch 1/1 111 | Verifying : pss-1.40-6.fc25.noarch 1/1 112 | 113 | Installed: 114 | pss.noarch 1.40-6.fc25 115 | 116 | Complete! 117 | 118 | To list the available updates 119 | ----------------------------- 120 | 121 | The following command shows all the available updates for your system. 122 | 123 | :: 124 | 125 | # dnf list updates 126 | 127 | Last metadata expiration check: 0:52:28 ago on Fri 09 Apr 2021 08:51:39 PM IST. 128 | Available Upgrades 129 | fedora-gpg-keys.noarch 33-4 updates 130 | fedora-repos.noarch 33-4 updates 131 | fedora-repos-modular.noarch 33-4 updates 132 | 133 | To list all security updates 134 | ----------------------------- 135 | 136 | `dnf` can also tell you about all the updates which are marked as security updates. 137 | 138 | :: 139 | 140 | # dnf updateinfo list --security 141 | Last metadata expiration check: 2:06:38 ago on Sun 25 Jul 2021 03:44:47 AM UTC. 142 | FEDORA-2021-83fdddca0f Moderate/Sec. curl-7.76.1-7.fc34.x86_64 143 | FEDORA-2021-08cdb4dc34 Important/Sec. dhcp-client-12:4.4.2-11.b1.fc34.x86_64 144 | FEDORA-2021-08cdb4dc34 Important/Sec. dhcp-common-12:4.4.2-11.b1.fc34.noarch 145 | FEDORA-2021-e14e86e40e Moderate/Sec. glibc-2.33-20.fc34.x86_64 146 | FEDORA-2021-e14e86e40e Moderate/Sec. glibc-common-2.33-20.fc34.x86_64 147 | FEDORA-2021-e14e86e40e Moderate/Sec. glibc-doc-2.33-20.fc34.noarch 148 | FEDORA-2021-e14e86e40e Moderate/Sec. glibc-langpack-en-2.33-20.fc34.x86_64 149 | FEDORA-2021-07dc0b3eb1 Critical/Sec. kernel-core-5.13.4-200.fc34.x86_64 150 | FEDORA-2021-8b25e4642f Low/Sec. krb5-libs-1.19.1-14.fc34.x86_64 151 | FEDORA-2021-83fdddca0f Moderate/Sec. libcurl-7.76.1-7.fc34.x86_64 152 | FEDORA-2021-31fdc84207 Moderate/Sec. libgcrypt-1.9.3-3.fc34.x86_64 153 | FEDORA-2021-2443b22fa0 Moderate/Sec. linux-firmware-20210716-121.fc34.noarch 154 | FEDORA-2021-2443b22fa0 Moderate/Sec. linux-firmware-whence-20210716-121.fc34.noarch 155 | FEDORA-2021-d1fc0b9d32 Moderate/Sec. nettle-3.7.3-1.fc34.x86_64 156 | FEDORA-2021-0ec5a8a74b Important/Sec. polkit-libs-0.117-3.fc34.1.x86_64 157 | FEDORA-2021-a6bde7ab18 Moderate/Sec. python3-urllib3-1.25.10-5.fc34.noarch 158 | 159 | Update the packages via dnf 160 | ---------------------------- 161 | 162 | Use **dnf update** command to install all the available updates. You can also 163 | pass the `-y` flag to it. 164 | 165 | 166 | Find out the services & applications need restart after update in Fedora/CentOS/RHEL 167 | ------------------------------------------------------------------------------------- 168 | 169 | The **dnf-utils** package contains a special command, **needs-restarting**. 170 | After you do a `dnf update`, when different libraries get updated, there may be 171 | running processes/services which needs restart. One way of doing this is 172 | restarting the system, but that may not be the right choice (may be you are 173 | running critical services) all the time. So, you can find out which ones you 174 | should restart. 175 | 176 | Below is the output from a Fedora 34 desktop system. 177 | 178 | :: 179 | 180 | # needs-restarting 181 | 1 : /usr/lib/systemd/systemd --system --deserialize 62 182 | 1616 : /usr/lib/systemd/systemd-resolved 183 | 1617 : /sbin/auditd 184 | 1638 : /usr/sbin/ModemManager 185 | 1639 : avahi-daemon: running [linux-2.local] 186 | 1640 : /usr/libexec/bluetooth/bluetoothd 187 | 1641 : /usr/libexec/boltd 188 | 1642 : /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid 189 | 1643 : /usr/local/bin/ivpn-service 190 | 1646 : /usr/sbin/mcelog --daemon --foreground 191 | 1650 : /usr/sbin/rngd -f 192 | 1651 : /usr/libexec/rtkit-daemon 193 | 1657 : /usr/libexec/switcheroo-control 194 | 1659 : /usr/lib/systemd/systemd-machined 195 | 1662 : /usr/libexec/udisks2/udisksd 196 | 1664 : /usr/libexec/upowerd 197 | 1669 : avahi-daemon: chroot helper 198 | 1688 : /usr/bin/dbus-broker-launch --scope system --audit 199 | 1695 : /usr/sbin/abrtd -d -s 200 | 1699 : /usr/sbin/chronyd 201 | 1723 : /usr/bin/abrt-dump-journal-core -D -T -f -e 202 | 1724 : /usr/bin/abrt-dump-journal-oops -fxtD 203 | 1725 : /usr/bin/abrt-dump-journal-xorg -fxtD 204 | 1728 : /usr/lib/polkit-1/polkitd --no-debug 205 | 1744 : /usr/libexec/accounts-daemon 206 | 1745 : /usr/lib/systemd/systemd-logind 207 | 1776 : /usr/sbin/NetworkManager --no-daemon 208 | 1788 : /usr/sbin/cupsd -l 209 | 1877 : /usr/sbin/pcscd --foreground --auto-exit 210 | 1898 : /usr/sbin/atd -f 211 | 1899 : /usr/sbin/crond -n 212 | 1900 : /usr/sbin/gdm 213 | 1920 : /usr/libexec/uresourced 214 | 2034 : /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper 215 | 2035 : /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper 216 | 2162 : /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -s 217 | 2164 : /usr/libexec/packagekitd 218 | 2393 : /usr/libexec/colord 219 | 2714 : /usr/sbin/abrt-dbus -t133 220 | 2730 : gdm-session-worker [pam/gdm-password] 221 | 2750 : /usr/lib/systemd/systemd --user 222 | 2756 : (sd-pam) 223 | 2780 : /usr/libexec/gdm-x-session --run-script /usr/bin/gnome-session 224 | 2784 : /usr/libexec/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3 225 | 2838 : /usr/bin/dbus-broker-launch --scope user 226 | 2843 : /usr/libexec/gnome-session-binary 227 | 2907 : /usr/libexec/at-spi-bus-launcher 228 | 2912 : /usr/bin/dbus-broker-launch --config-file=/usr/share/defaults/at-spi2/accessibility.conf --scope user 229 | 2923 : /usr/libexec/gnome-session-ctl --monitor 230 | 2924 : /usr/libexec/uresourced --user 231 | 2926 : /usr/libexec/gnome-session-binary --systemd-service --session=gnome 232 | 2953 : /usr/bin/gnome-shell 233 | 2978 : ibus-daemon --panel disable --xim 234 | 2989 : /usr/libexec/ibus-extension-gtk3 235 | 3004 : /usr/libexec/ibus-x11 --kill-daemon 236 | 3015 : /usr/libexec/at-spi2-registryd --use-gnome-session 237 | 3023 : /usr/libexec/evolution-source-registry 238 | 3030 : /usr/libexec/goa-daemon 239 | 3031 : /usr/bin/pipewire 240 | 3032 : /usr/bin/pipewire-pulse 241 | 3038 : /usr/bin/pipewire-media-session 242 | 3044 : /usr/libexec/evolution-calendar-factory 243 | 3075 : /usr/libexec/gvfs-udisks2-volume-monitor 244 | 3092 : /usr/libexec/gvfs-mtp-volume-monitor 245 | 3116 : /usr/libexec/gvfs-gphoto2-volume-monitor 246 | 3130 : /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications 247 | 3147 : /usr/libexec/gsd-color 248 | 3150 : /usr/libexec/gsd-datetime 249 | 3153 : /usr/libexec/gsd-keyboard 250 | 3155 : /usr/libexec/gsd-media-keys 251 | 3157 : /usr/libexec/gsd-power 252 | 3160 : /usr/libexec/gsd-print-notifications 253 | 3161 : /usr/libexec/gsd-rfkill 254 | 3164 : /usr/libexec/gsd-sharing 255 | 3169 : /usr/libexec/gsd-sound 256 | 3175 : /usr/libexec/gsd-wacom 257 | 3176 : /usr/libexec/gsd-xsettings 258 | 3213 : /usr/libexec/evolution-data-server/evolution-alarm-notify 259 | 3219 : /usr/bin/gnome-software --gapplication-service 260 | 3272 : /usr/bin/abrt-applet --gapplication-service 261 | 3273 : /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver 262 | 3366 : /usr/libexec/gsd-printer 263 | 3524 : /usr/libexec/fwupd/fwupd 264 | 3611 : /usr/bin/gnome-calendar --gapplication-service 265 | 3623 : /usr/libexec/gnome-terminal-server 266 | 3682 : /usr/libexec/bluetooth/obexd 267 | 3701 : /usr/libexec/tracker-miner-fs-3 268 | 3734 : bash 269 | 3833 : /usr/libexec/gvfsd-metadata 270 | 4345 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/tor-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 271 | 4357 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/rpmfusion-free-updates-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 272 | 4382 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/code-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 273 | 4483 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/rpmfusion-nonfree-updates-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 274 | 4495 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/updates-modular-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 275 | 4529 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/copr:copr.fedorainfracloud.org:dawid:xcape-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 276 | 4543 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/rpmfusion-nonfree-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 277 | 4556 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/rpmfusion-free-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 278 | 4568 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/fedora-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 279 | 4581 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/updates-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 280 | 4610 : gpg-agent --homedir /var/cache/PackageKit/34/metadata/google-chrome-34-x86_64.tmp/gpgdir --use-standard-socket --daemon 281 | 4714 : /usr/libexec/flatpak-system-helper 282 | 283 | 284 | Automatic updates in dnf systems 285 | --------------------------------- 286 | 287 | We can use **dnf-automatic** package to enable automatic installation of the 288 | updates. After you install the package, updated the configuration file 289 | `/etc/dnf/automatic.conf` to mark **apply_updates = yes**, by default it is set 290 | as `no`. 291 | 292 | After that you can enable the timer, so that the packages get automatic updates 293 | installed. 294 | 295 | :: 296 | 297 | $ sudo systemctl enable --now dnf-automatic.timer 298 | Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer. 299 | 300 | In case if you want to only download the available updates, but not install 301 | them, you can enable the following timer. 302 | 303 | :: 304 | 305 | $ sudo systemctl enable --now dnf-automatic-download.timer 306 | Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic-download.timer → /usr/lib/systemd/system/dnf-automatic-download.timer. 307 | 308 | In the configuration file, if you set **upgrade_type = security**, then the 309 | tool will only install security updates. 310 | 311 | 312 | .. index:: rpm-packaging 313 | 314 | .. note:: If you are interested to learn more about RPM packaging, start from `this guide `_ from Adam Miller. 315 | 316 | .. index:: apt 317 | 318 | apt command 319 | ----------- 320 | 321 | **apt** is the package management system for the *Debian* Linux distribution. As 322 | Ubuntu is downstream of the *Debian* distribution, it also uses the same package 323 | management system. 324 | 325 | apt update 326 | ----------- 327 | 328 | :: 329 | 330 | # apt update 331 | ... long output 332 | 333 | 334 | The **apt update** command is used to update all the package information for 335 | the Debian repositories. 336 | 337 | Installing a package via apt 338 | ----------------------------- 339 | 340 | `apt install packagename` is the command used to install any given package from 341 | the repository. 342 | 343 | :: 344 | 345 | # apt install htop 346 | Reading package lists... Done 347 | Building dependency tree 348 | Reading state information... Done 349 | Suggested packages: 350 | lsof strace 351 | The following NEW packages will be installed: 352 | htop 353 | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 354 | Need to get 92.8 kB of archives. 355 | After this operation, 230 kB of additional disk space will be used. 356 | Get:1 http://deb.debian.org/debian buster/main amd64 htop amd64 2.2.0-1+b1 [92.8 kB] 357 | Fetched 92.8 kB in 1s (113 kB/s) 358 | debconf: delaying package configuration, since apt-utils is not installed 359 | Selecting previously unselected package htop. 360 | (Reading database ... 6677 files and directories currently installed.) 361 | Preparing to unpack .../htop_2.2.0-1+b1_amd64.deb ... 362 | Unpacking htop (2.2.0-1+b1) ... 363 | Setting up htop (2.2.0-1+b1) ... 364 | 365 | apt-cache search 366 | ----------------- 367 | 368 | After you updated the cache, you can search for any package. Say, we want to search 369 | the packge `neomutt`. 370 | 371 | :: 372 | 373 | # apt-cache search neomutt 374 | neomutt - command line mail reader based on Mutt, with added features 375 | 376 | To know the exact policy (from where it will installed/upgrade or which version etc), 377 | you can use the following command. 378 | 379 | :: 380 | 381 | # apt-cache policy libudev1 382 | libudev1: 383 | Installed: 241-7~deb10u7 384 | Candidate: 241-7~deb10u8 385 | Version table: 386 | 241-7~deb10u8 500 387 | 500 http://security.debian.org/debian-security buster/updates/main amd64 Packages 388 | *** 241-7~deb10u7 500 389 | 500 http://deb.debian.org/debian buster/main amd64 Packages 390 | 100 /var/lib/dpkg/status 391 | 392 | 393 | Listing upgrades 394 | ----------------- 395 | 396 | You can use `apt list --upgradable` to list all the packages that have updates in the repositories. 397 | 398 | :: 399 | 400 | # apt list --upgradable 401 | Listing... Done 402 | libsystemd0/stable 241-7~deb10u8 amd64 [upgradable from: 241-7~deb10u7] 403 | libudev1/stable 241-7~deb10u8 amd64 [upgradable from: 241-7~deb10u7] 404 | 405 | 406 | Upgrading packages 407 | ------------------ 408 | 409 | Use `apt dist-upgrade` to upgrade all the packages to the latest from the repositories. 410 | 411 | :: 412 | 413 | # apt dist-upgrade 414 | Reading package lists... Done 415 | Building dependency tree 416 | Reading state information... Done 417 | Calculating upgrade... Done 418 | The following packages will be upgraded: 419 | libsystemd0 libudev1 420 | 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 421 | Need to get 483 kB of archives. 422 | After this operation, 0 B of additional disk space will be used. 423 | Do you want to continue? [Y/n] Y 424 | Get:1 http://security.debian.org/debian-security buster/updates/main amd64 libsystemd0 amd64 241-7~deb10u8 [331 kB] 425 | Get:2 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8 [151 kB] 426 | Fetched 483 kB in 1s (379 kB/s) 427 | debconf: delaying package configuration, since apt-utils is not installed 428 | (Reading database ... 6677 files and directories currently installed.) 429 | Preparing to unpack .../libsystemd0_241-7~deb10u8_amd64.deb ... 430 | Unpacking libsystemd0:amd64 (241-7~deb10u8) over (241-7~deb10u7) ... 431 | Setting up libsystemd0:amd64 (241-7~deb10u8) ... 432 | (Reading database ... 6677 files and directories currently installed.) 433 | Preparing to unpack .../libudev1_241-7~deb10u8_amd64.deb ... 434 | Unpacking libudev1:amd64 (241-7~deb10u8) over (241-7~deb10u7) ... 435 | Setting up libudev1:amd64 (241-7~deb10u8) ... 436 | Processing triggers for libc-bin (2.28-10) ... 437 | 438 | Figuring out which services/processes need restart after package upgrade in Debian 439 | ----------------------------------------------------------------------------------- 440 | 441 | Just like Fedora systems, you can find the similar information in Debian too. 442 | You will need the **needrestart** package. The following is the output from the 443 | `needrestart` command. 444 | 445 | .. image:: img/needsrestart_debian.png 446 | 447 | Listing available security updates in Debian systems 448 | ----------------------------------------------------- 449 | 450 | We can use the Debian Security Analyzer, **debsecan** tool for this. You have 451 | to install it via `apt` first. In the following example, we are checking system 452 | (running Debian Buster) against the available updates for security updates. 453 | 454 | :: 455 | 456 | # apt install debsecan 457 | # debsecan --suite buster --format packages --only-fixed 458 | apache2-bin 459 | firefox-esr 460 | libnss-myhostname 461 | libnss-systemd 462 | libpam-systemd 463 | libsystemd0 464 | libudev1 465 | linux-libc-dev 466 | systemd 467 | systemd-sysv 468 | udev 469 | 470 | Unattended upgrades in Debian systems 471 | --------------------------------------- 472 | 473 | We can also setup the Debian systems for automatic upgrades. But, first install 474 | the **unattended-upgrades** and reconfigure it to download and apply the 475 | updates. 476 | 477 | :: 478 | 479 | $ sudo apt install unattended-upgrades apt-listchanges && sudo dpkg-reconfigure -plow unattended-upgrades 480 | 481 | Creating config file /etc/apt/apt.conf.d/20auto-upgrades with new version 482 | 483 | The configuration screen will look like below. 484 | 485 | .. image:: img/unattended_upgrades_debian_buster.png 486 | 487 | You can do a dry run afterward. By default `unattended-upgrade` will only 488 | install the **security** updates. 489 | 490 | :: 491 | 492 | $ sudo unattended-upgrades --dry-run 493 | /usr/bin/dpkg --status-fd 11 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-xKmNdN 494 | /usr/bin/dpkg --status-fd 11 --configure --pending 495 | /usr/bin/dpkg --status-fd 11 --no-triggers --unpack --auto-deconfigure /var/cache/apt/archives/libimobiledevice6_1.2.1~git20181030.92c5462-2+deb10u1_amd64.deb 496 | 497 | 498 | For more details on this topic, please read the `Debian wiki page `_ on this topic. 499 | 500 | -------------------------------------------------------------------------------- /docs/networking.rst: -------------------------------------------------------------------------------- 1 | Networking commands 2 | ==================== 3 | 4 | In this chapter, we will learn about a few basic networking commands, which will help us in our daily Linux usage. 5 | 6 | .. index:: ip 7 | 8 | Finding the IP address 9 | ----------------------- 10 | 11 | The *ip* command can be used to find the IP address of the system. 12 | 13 | :: 14 | 15 | $ ip addr show 16 | 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 17 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 18 | inet 127.0.0.1/8 scope host lo 19 | valid_lft forever preferred_lft forever 20 | inet6 ::1/128 scope host 21 | valid_lft forever preferred_lft forever 22 | 2: eth0: mtu 1454 qdisc fq_codel state UP group default qlen 1000 23 | link/ether fa:16:3e:3c:ed:27 brd ff:ff:ff:ff:ff:ff 24 | inet 172.10.95.253/20 brd 172.10.111.255 scope global dynamic eth0 25 | valid_lft 57021sec preferred_lft 57021sec 26 | inet6 fe80::f816:3eff:fe3c:ed27/64 scope link 27 | valid_lft forever preferred_lft forever 28 | 29 | Here *lo* is a special device which points to the same system (also known as *localhost*). The IP *127.0.0.1* always points to the the *localhost*. 30 | *eth0* is our ethernet device which connects to the network. 31 | 32 | 33 | .. index:: arp 34 | 35 | Finding ARP table 36 | ------------------ 37 | 38 | ARP stands for Address Resolution Protocol, it is used to find the hardware 39 | addresses (MAC address) of the computers in the local network. Every operating 40 | system keeps a local cache (as a table) of this information. You can see the 41 | details using the following command. 42 | 43 | :: 44 | 45 | $ ip neighbour 46 | 47 | 48 | .. index:: ping 49 | 50 | ping command 51 | ------------- 52 | 53 | From the man page: 54 | 55 | ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (“pings”) have an IP and ICMP header, followed by a struct timeval and then an arbitrary number of “pad” bytes used to fill out the packet. 56 | 57 | 58 | 59 | 60 | *ping* is simple way to find out if you are connected to the Internet or not. 61 | We can also ping any particular computer to find if the computer is connected to the network or not. Press *Ctrl+c* to stop the loop. 62 | 63 | :: 64 | 65 | $ ping google.com 66 | PING google.com (216.58.201.142) 56(84) bytes of data. 67 | 64 bytes from mad06s25-in-f142.1e100.net (216.58.201.142): icmp_seq=1 ttl=44 time=157 ms 68 | 64 bytes from mad06s25-in-f142.1e100.net (216.58.201.142): icmp_seq=2 ttl=44 time=156 ms 69 | 64 bytes from mad06s25-in-f142.1e100.net (216.58.201.142): icmp_seq=3 ttl=44 time=156 ms 70 | ^C 71 | --- google.com ping statistics --- 72 | 3 packets transmitted, 3 received, 0% packet loss, time 2000ms 73 | rtt min/avg/max/mdev = 156.373/156.811/157.566/0.704 ms 74 | 75 | 76 | You can also ask *ping* to audibly ping for each ECHO_RESPONSE. Pass `-a` as a flag to do that. `-6` ensures that ping works 77 | over IPv6 only. 78 | 79 | :: 80 | 81 | $ ping -a -6 torproject.org 82 | PING torproject.org(hetzner-hel1-03.torproject.org (2a01:4f9:c010:19eb::1)) 56 data bytes 83 | 64 bytes from hetzner-hel1-03.torproject.org (2a01:4f9:c010:19eb::1): icmp_seq=1 ttl=56 time=18.1 ms 84 | 64 bytes from hetzner-hel1-03.torproject.org (2a01:4f9:c010:19eb::1): icmp_seq=2 ttl=56 time=36.2 ms 85 | 64 bytes from hetzner-hel1-03.torproject.org (2a01:4f9:c010:19eb::1): icmp_seq=3 ttl=56 time=26.7 ms 86 | 87 | 88 | .. index:: dns 89 | 90 | Short note about DNS 91 | --------------------- 92 | 93 | DNS or Domain Name System is a decentralized naming system for systems which are 94 | connected to Internet (can be for private networks too). This is the way a 95 | computer knows, which other computer to connect to, when we type google.com in 96 | our browser, or in the ping command. There are servers known as dns servers, and 97 | for every domain name it needs to find, the client system generally connects to 98 | these dns servers, and finds out the IP address of the computer at that domain 99 | name. 100 | 101 | /etc/hosts 102 | ----------- 103 | 104 | The system looks at this file first for any name resolution. If it can not find the DNS 105 | entry, then the system looks at the */etc/resolv.conf*, and connects to the DNS server. 106 | 107 | You can update */etc/hosts* file to add a domain to any particular IP address. Say, you want 108 | to be able to reach a server at IP address `x.x.x.x` with the name `datastore`, so you add an 109 | entry like the following to the file. 110 | 111 | :: 112 | 113 | x.x.x.x datastore 114 | 115 | 116 | /etc/resolv.conf 117 | ----------------- 118 | 119 | */etc/resolv.conf* is the configuration file which contains the DNS server address to use for DNS queries. 120 | 121 | :: 122 | 123 | $ cat /etc/resolv.conf 124 | # Generated by NetworkManager 125 | nameserver 1.1.1.1 126 | nameserver 8.8.8.8 127 | 128 | 129 | Here you can see that `1.1.1.1` & `8.8.8.8` are two DNS servers are being in 130 | this machine. The *1.1.1.1* is the DNS server from Cloudflare, and *8.8.8.8* is 131 | the DNS server hosted by Google. 132 | 133 | .. index:: systemd-resolved 134 | 135 | systemd-resolved controlled name resolution 136 | -------------------------------------------- 137 | 138 | In most of the modern systems you will find the `/etc/resolv.conf` looks a bit different and actually a symbolic link. 139 | The example below is from `Ubuntu 20.04`. 140 | 141 | :: 142 | 143 | $ ls -l /etc/resolv.conf 144 | lrwxrwxrwx 1 root root 39 Jul 31 2020 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf 145 | 146 | $ cat /etc/resolv.conf 147 | # This file is managed by man:systemd-resolved(8). Do not edit. 148 | # 149 | # This is a dynamic resolv.conf file for connecting local clients to the 150 | # internal DNS stub resolver of systemd-resolved. This file lists all 151 | # configured search domains. 152 | # 153 | # Run "resolvectl status" to see details about the uplink DNS servers 154 | # currently in use. 155 | # 156 | # Third party programs must not access this file directly, but only through the 157 | # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, 158 | # replace this symlink by a static file or a different symlink. 159 | # 160 | # See man:systemd-resolved.service(8) for details about the supported modes of 161 | # operation for /etc/resolv.conf. 162 | 163 | nameserver 127.0.0.53 164 | options edns0 trust-ad 165 | search localdomain 166 | 167 | That strange IP address, **127.0.0.53** is a special one managed by 168 | **systemd-resolved** service, where it listens for DNS queries. By default it picks up the DNS server addresses provided by the `DHCP` service, in case 169 | you want to manually set that up, you can configure them at the `/etc/systemd/resolved.conf` file. 170 | Here we are setting `1.1.1.1` as the primary DNS server, `8.8.8.8` as the fallback server, and also enabling `DNS over TLS`. 171 | 172 | :: 173 | 174 | 175 | # This file is part of systemd. 176 | # 177 | # systemd is free software; you can redistribute it and/or modify it 178 | # under the terms of the GNU Lesser General Public License as published by 179 | # the Free Software Foundation; either version 2.1 of the License, or 180 | # (at your option) any later version. 181 | # 182 | # Entries in this file show the compile time defaults. 183 | # You can change settings by editing this file. 184 | # Defaults can be restored by simply deleting this file. 185 | # 186 | # See resolved.conf(5) for details 187 | 188 | [Resolve] 189 | DNS= 1.1.1.1 190 | FallbackDNS= 8.8.8.8 191 | #Domains= 192 | #LLMNR=no 193 | #MulticastDNS=no 194 | #DNSSEC=no 195 | DNSOverTLS=yes 196 | #Cache=no-negative 197 | #DNSStubListener=yes 198 | #ReadEtcHosts=yes 199 | 200 | You can learn about all the settings from the man page, `man resolved.conf`. 201 | 202 | If want to go back to the simple `/etc/resolv.conf` file, you can remove the 203 | symlink and put in a new file at `/etc/resolv.conf`. 204 | 205 | 206 | .. index:: resolvectl 207 | 208 | resolvectl command 209 | ------------------- 210 | 211 | The `resolvectl` command helps us to query via the `systemd-resolved` service. 212 | To check the current settings, use the `status` flag. 213 | 214 | :: 215 | 216 | $ resolvectl status 217 | Global 218 | LLMNR setting: no 219 | MulticastDNS setting: no 220 | DNSOverTLS setting: yes 221 | DNSSEC setting: no 222 | DNSSEC supported: no 223 | DNS Servers: 1.1.1.1 224 | Fallback DNS Servers: 8.8.8.8 225 | DNSSEC NTA: 10.in-addr.arpa 226 | 16.172.in-addr.arpa 227 | 168.192.in-addr.arpa 228 | 17.172.in-addr.arpa 229 | 18.172.in-addr.arpa 230 | 19.172.in-addr.arpa 231 | 20.172.in-addr.arpa 232 | 21.172.in-addr.arpa 233 | 22.172.in-addr.arpa 234 | 23.172.in-addr.arpa 235 | 24.172.in-addr.arpa 236 | 25.172.in-addr.arpa 237 | 26.172.in-addr.arpa 238 | 27.172.in-addr.arpa 239 | 28.172.in-addr.arpa 240 | 29.172.in-addr.arpa 241 | 30.172.in-addr.arpa 242 | 31.172.in-addr.arpa 243 | corp 244 | d.f.ip6.arpa 245 | home 246 | internal 247 | intranet 248 | lan 249 | local 250 | private 251 | test 252 | 253 | Link 2 (ens33) 254 | Current Scopes: DNS 255 | DefaultRoute setting: yes 256 | LLMNR setting: yes 257 | MulticastDNS setting: no 258 | DNSOverTLS setting: yes 259 | DNSSEC setting: no 260 | DNSSEC supported: no 261 | DNS Servers: 192.168.195.1 262 | DNS Domain: ~. 263 | localdomain 264 | 265 | To query the IP address of a domain: 266 | 267 | :: 268 | 269 | resolvectl query fedoraproject.org 270 | fedoraproject.org: 140.211.169.196 -- link: ens33 271 | 140.211.169.206 -- link: ens33 272 | 152.19.134.198 -- link: ens33 273 | 38.145.60.21 -- link: ens33 274 | 8.43.85.67 -- link: ens33 275 | 152.19.134.142 -- link: ens33 276 | 209.132.190.2 -- link: ens33 277 | 38.145.60.20 -- link: ens33 278 | 67.219.144.68 -- link: ens33 279 | 8.43.85.73 -- link: ens33 280 | 281 | -- Information acquired via protocol DNS in 1.4ms. 282 | -- Data is authenticated: no 283 | 284 | To view the `TXT` record: 285 | 286 | :: 287 | 288 | $ resolvectl query -t TXT fedoraproject.org 289 | fedoraproject.org IN TXT "v=spf1 a a:mailers.fedoraproject.org ip4:38.145.60.11 ip4:38.145.60.12 ?all" -- link: ens33 290 | 291 | -- Information acquired via protocol DNS in 289.7ms. 292 | -- Data is authenticated: no 293 | 294 | `resolvectl` command can do many more things. Please have a look at the man page for more examples. 295 | 296 | .. index:: host 297 | 298 | host command 299 | ------------- 300 | 301 | The **host** command is a simple DNS lookup utility. It will show you the IP 302 | address of any given hostname. 303 | 304 | :: 305 | 306 | $ host www.example.com 307 | www.example.com has address 93.184.216.34 308 | www.example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946 309 | 310 | .. index:: dig 311 | 312 | dig command 313 | ------------ 314 | 315 | **dig** command can tell us DNS records, MX details (used to send emails) and 316 | other information for a given domain name. It is one of the primary command 317 | people use to query DNS records. 318 | 319 | :: 320 | 321 | $ dig kushaldas.in 322 | 323 | ; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> kushaldas.in 324 | ;; global options: +cmd 325 | ;; Got answer: 326 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50750 327 | ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 328 | 329 | ;; OPT PSEUDOSECTION: 330 | ; EDNS: version: 0, flags:; udp: 512 331 | ;; QUESTION SECTION: 332 | ;kushaldas.in. IN A 333 | 334 | ;; ANSWER SECTION: 335 | kushaldas.in. 5528 IN A 208.113.152.208 336 | 337 | ;; Query time: 66 msec 338 | ;; SERVER: 8.8.8.8#53(8.8.8.8) 339 | ;; WHEN: Sun Jun 25 11:37:00 IST 2017 340 | ;; MSG SIZE rcvd: 57 341 | 342 | If you want to print only the IP address in the output, you can use *+short* as 343 | argument. 344 | 345 | :: 346 | 347 | $ dig +short kushaldas.in 348 | 208.113.152.208 349 | 350 | You can also specify any particular type of record from the DNS server. 351 | For example, if I want to get the `TXT` records, I can do the following command. 352 | 353 | :: 354 | 355 | $ dig +short kushaldas.in TXT 356 | "google-site-verification=DPpUk-OfBLT-5PkbSR9VM2Uht3eXaksthROvS-L9iKY" 357 | "kolab-verify=35f0040cd1ebb20fb7f0b3fade0e1c8e" 358 | 359 | You can use any of the following options instead of `TXT`: *A|AAAA|MX|TXT|CNAME|NS*. 360 | 361 | For example, you can ask `dig` to give you the IPv6 address of a domain. 362 | 363 | :: 364 | 365 | $ dig +short torproject.org AAAA 366 | 2604:8800:5000:82:466:38ff:fecb:d46e 367 | 2a01:4f8:fff0:4f:266:37ff:fe2c:5d19 368 | 2a01:4f8:fff0:4f:266:37ff:feae:3bbc 369 | 2a01:4f9:c010:19eb::1 370 | 371 | If you want to specify a DNS server to use, you can do that with the address 372 | specified at the end of the command along with a `@` sign. 373 | 374 | :: 375 | 376 | $ dig rtnpro.com @208.67.222.222 377 | 378 | ; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> rtnpro.com @208.67.222.222 379 | ;; global options: +cmd 380 | ;; Got answer: 381 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27312 382 | ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 383 | 384 | ;; OPT PSEUDOSECTION: 385 | ; EDNS: version: 0, flags:; udp: 4096 386 | ;; QUESTION SECTION: 387 | ;rtnpro.com. IN A 388 | 389 | ;; AUTHORITY SECTION: 390 | rtnpro.com. 3600 IN SOA dns1.bigrock.in. rtnpro.gmail.com. 2017021401 7200 7200 172800 38400 391 | 392 | ;; Query time: 899 msec 393 | ;; SERVER: 208.67.222.222#53(208.67.222.222) 394 | ;; WHEN: Sun Jun 25 11:40:01 IST 2017 395 | ;; MSG SIZE rcvd: 106 396 | 397 | 398 | If you want learn about the full path of the DNS query, you can find that out 399 | by *+trace* flag. For the following example where we are trying to find the IP 400 | address for `anweshadas.in `_, `dig` first connects to 401 | the root name servers to find the correct DNS resolvers for the *.in* servers, 402 | then they tell *dig* to go those servers (in this case Dreamhost name servers) 403 | which contain the exact IP address for the domain. 404 | 405 | :: 406 | 407 | $ dig +trace anweshadas.in @8.8.8.8 408 | 409 | ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> +trace anweshadas.in @8.8.8.8 410 | ;; global options: +cmd 411 | . 47041 IN NS m.root-servers.net. 412 | . 47041 IN NS b.root-servers.net. 413 | . 47041 IN NS c.root-servers.net. 414 | . 47041 IN NS d.root-servers.net. 415 | . 47041 IN NS e.root-servers.net. 416 | . 47041 IN NS f.root-servers.net. 417 | . 47041 IN NS g.root-servers.net. 418 | . 47041 IN NS h.root-servers.net. 419 | . 47041 IN NS a.root-servers.net. 420 | . 47041 IN NS i.root-servers.net. 421 | . 47041 IN NS j.root-servers.net. 422 | . 47041 IN NS k.root-servers.net. 423 | . 47041 IN NS l.root-servers.net. 424 | . 47041 IN RRSIG NS 8 0 518400 20210730050000 20210717040000 26838 . MFT2Q71k1LZVfXyH2qKWLoS7a7j5aSVdlp4SrIptZXP0ydjav7y5sLv/ Yz76Ki+3PU0G3SagwbC61bdi6sNV5DiBpxIzny8Mavx23P6XKsbetFr1 RgkwlzyGJmd0kLA4ydgjrzRh2hhvQkBDWtzBpVLUo7tDmwodE/zi/RUA CMofG9YIkgxSX0/5qUUKXhijHocYXQU++x7RbFqTxJBEW8Fn6GDTtg1Z pTT0UYpmMX5NHiRlneYb6ChHGQLfbQ1kBblxuQlsPb46dJBKaXT3wr3/ SXUXQCZ+ADCsolK+LhGeQtByqBEXryjuT/U2WK8mqcTAs/d1bToRwrH5 nxizXg== 425 | ;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 1 ms 426 | 427 | in. 172800 IN NS ns1.registry.in. 428 | in. 172800 IN NS ns2.registry.in. 429 | in. 172800 IN NS ns3.registry.in. 430 | in. 172800 IN NS ns4.registry.in. 431 | in. 172800 IN NS ns5.registry.in. 432 | in. 172800 IN NS ns6.registry.in. 433 | in. 86400 IN DS 54739 8 1 2B5CA455A0E65769FF9DF9E75EC40EE1EC1CDCA9 434 | in. 86400 IN DS 54739 8 2 9F122CFD6604AE6DEDA0FE09F27BE340A318F06AFAC11714A73409D4 3136472C 435 | in. 86400 IN RRSIG DS 8 1 86400 20210730170000 20210717160000 26838 . i6toEqveLqwB/W4Z/77bfGyFyYJRepGi8uYoQ0jEZM1I95qxsqeMCtdV cr3foafFJKaCkvH2eAfIUrHH8GMn/t9lVDrHwikLisoaPaSahgoQAOPm ClR/VDcAxkVwE+07Ir6ROt+qXn5jse4gnB+nezI4Q+rakearp8D9AaxJ ubWnAMfHOqKBLDMGNrm6/XRk6HA43nrMIUKNCFbhpKo5gkvy+S768uQu ySRdLTUxN0ELO9Qv7fBqQxamRyZ1N5LKTpjkKNKYwnihOVIWvktqt4p7 xoJL56z0XE9HhhI807GOBcpLBeaRKZXOA8GKU77pm9lDLHSuG4epF3zD X9Vayw== 436 | ;; Received 794 bytes from 193.0.14.129#53(k.root-servers.net) in 1 ms 437 | 438 | anweshadas.in. 86400 IN NS ns3.dreamhost.com. 439 | anweshadas.in. 86400 IN NS ns2.dreamhost.com. 440 | anweshadas.in. 86400 IN NS ns1.dreamhost.com. 441 | bo801o0uciino3vfr38lrljcrv2ucohi.in. 1800 IN NSEC3 1 1 1 00763C64 BO9UQ54VB22M3J37NR3N6GRC6J4RVUTV NS SOA RRSIG DNSKEY NSEC3PARAM 442 | bo801o0uciino3vfr38lrljcrv2ucohi.in. 1800 IN RRSIG NSEC3 8 2 1800 20210813034112 20210714030559 65169 in. gZ3NODrbaP6/GV1McvgHTD4wn9w2w5CCqjoI+JyjRpNVweGuDex5A/ls OznLptg/nmmJlx3835suy9I79h0tOjDjWNXxLQ9scKCtYZJSFqIdnRS9 QP5egjVJnZ3zOLN0lO//hQa/gIhKCSqYpLCWLS1RoFn3B5uvF96VopKU YYfjXFbqYCjyx4T8oZi72xFUChr/yi/dVkHbM0OvwLCJRg== 443 | 8679tah9aq7s760bquasj6clf332vb3e.in. 1800 IN NSEC3 1 1 1 00763C64 869E0HEFFMPE89PM1VHLGQHH72K7IGRM NS DS RRSIG 444 | 8679tah9aq7s760bquasj6clf332vb3e.in. 1800 IN RRSIG NSEC3 8 2 1800 20210815211611 20210716202452 65169 in. GahrJsYIVpR5+eaykB/DuaIPSUeR+rX3DxR7yR3mMN/7pVSekbZ/Fw4I q5NZLKhBp2WKq0aiwxYX4+VfKjdLyQLKeGoXYeFpwps6KiCf8gLjDJwO Hx1PCgg5CnUEYw+iXd3GGx46ZlyHHbuSNa4YbVBEHevcmo/3oc3ubiMf VKTcuR+upzBQmLzNId6LB9qZBpFfe6GPCy/sMMaCKB0OwQ== 445 | ;; Received 664 bytes from 37.209.196.12#53(ns3.registry.in) in 2 ms 446 | 447 | anweshadas.in. 14400 IN A 159.89.209.77 448 | ;; Received 58 bytes from 162.159.26.14#53(ns1.dreamhost.com) in 160 ms 449 | 450 | 451 | You can even print the response in `YAML` format. 452 | 453 | :: 454 | 455 | $ dig +yaml kushaldas.in 456 | - 457 | type: MESSAGE 458 | message: 459 | type: RECURSIVE_RESPONSE 460 | query_time: !!timestamp 2022-04-23T18:52:23.844Z 461 | response_time: !!timestamp 2022-04-23T18:52:24.046Z 462 | message_size: 124b 463 | socket_family: INET 464 | socket_protocol: UDP 465 | response_address: 127.0.0.53 466 | response_port: 53 467 | query_address: 0.0.0.0 468 | query_port: 56777 469 | response_message_data: 470 | opcode: QUERY 471 | status: NOERROR 472 | id: 12591 473 | flags: qr rd ra 474 | QUESTION: 1 475 | ANSWER: 1 476 | AUTHORITY: 3 477 | ADDITIONAL: 1 478 | OPT_PSEUDOSECTION: 479 | EDNS: 480 | version: 0 481 | flags: 482 | udp: 65494 483 | QUESTION_SECTION: 484 | - kushaldas.in. IN A 485 | ANSWER_SECTION: 486 | - kushaldas.in. 300 IN A 51.159.23.159 487 | AUTHORITY_SECTION: 488 | - kushaldas.in. 2876 IN NS ns3.dreamhost.com. 489 | - kushaldas.in. 2876 IN NS ns2.dreamhost.com. 490 | - kushaldas.in. 2876 IN NS ns1.dreamhost.com. 491 | 492 | 493 | .. hint:: Please remember that *dig* returns `0` as exit code even if it can 494 | not find any information for the domain (`NXDOMAIN`). This will save you 495 | some time for your scripts.`1` is for usage error, `9` is used for server 496 | error & `10` as an internal error for itself. 497 | 498 | 499 | .. index:: ss 500 | 501 | ss command 502 | ----------- 503 | 504 | **ss** command shows us socket statistics from the system. This command replaces the older netstat command. 505 | Read the man page of the command to know more about the different arguments we can pass at the command line. 506 | 507 | :: 508 | 509 | $ ss -putn 510 | Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port 511 | tcp ESTAB 0 0 192.168.1.101:51496 162.125.34.129:443 users:(("dropbox",pid=28797,fd=80)) 512 | tcp ESTAB 0 0 192.168.1.101:47864 74.125.200.189:443 users:(("chrome",pid=22112,fd=385)) 513 | tcp ESTAB 0 0 192.168.1.101:59524 209.12.123.55:22 users:(("ssh",pid=26621,fd=3)) 514 | ... long output 515 | 516 | You can also learn various other statistics about sockets, for example, if you 517 | want to know all the sockets from your computer connected to any machine at 518 | port *443*, you can use the following command. 519 | 520 | :: 521 | 522 | $ ss -pt dst :443 523 | 524 | .. index:: traceroute 525 | 526 | traceroute command 527 | ------------------- 528 | 529 | The **traceroute** command is used to show the full route of a network packet from the system to any given host. 530 | 531 | :: 532 | 533 | $ traceroute www.rtnpro.com 534 | traceroute to www.rtnpro.com (146.185.181.157), 30 hops max, 60 byte packets 535 | 1 gateway (192.168.1.1) 1.434 ms 1.920 ms 1.891 ms 536 | 2 45.113.248.3 (45.113.248.3) 7.478 ms 10.335 ms 10.343 ms 537 | 3 45.113.248.1 (45.113.248.1) 10.319 ms 10.293 ms 10.274 ms 538 | 4 121.244.26.1.static-pune.vsnl.net.in (121.244.26.1) 26.938 ms 26.608 ms 27.165 ms 539 | 5 172.31.183.162 (172.31.183.162) 9.883 ms 10.133 ms 10.122 ms 540 | 6 172.31.19.201 (172.31.19.201) 10.591 ms 172.29.250.33 (172.29.250.33) 6.894 ms 172.31.19.201 (172.31.19.201) 8.203 ms 541 | 7 ix-ae-0-4.tcore1.MLV-Mumbai.as6453.net (180.87.38.5) 9.378 ms 8.886 ms 9.240 ms 542 | 8 if-ae-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.77) 159.550 ms if-ae-5-2.tcore1.WYN-Marseille.as6453.net (180.87.38.126) 159.614 ms if-ae-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.77) 159.506 ms 543 | 9 if-ae-8-1600.tcore1.PYE-Paris.as6453.net (80.231.217.6) 159.392 ms 159.474 ms 159.405 ms 544 | 10 if-ae-15-2.tcore1.AV2-Amsterdam.as6453.net (195.219.194.145) 159.327 ms 158.355 ms 122.520 ms 545 | 11 195.219.194.26 (195.219.194.26) 133.216 ms 134.168 ms 134.683 ms 546 | 12 138.197.250.29 (138.197.250.29) 192.236 ms 192.125 ms 138.197.250.23 (138.197.250.23) 192.083 ms 547 | 13 * 146.185.181.157 (146.185.181.157) 191.831 ms 191.861 ms 548 | 549 | 550 | 551 | .. index:: tracepath 552 | 553 | tracepath command 554 | ------------------ 555 | 556 | The **tracepath** command traces a path to a network host discovering MTU along the path. This is a modern replacement of the *traceroute* command, and also does not need superuser privileges to execute. 557 | 558 | :: 559 | 560 | $ tracepath www.rtnpro.com 561 | 1?: [LOCALHOST] pmtu 1500 562 | 1: gateway 0.950ms 563 | 1: gateway 0.715ms 564 | 2: gateway 0.689ms pmtu 1492 565 | 2: 45.113.248.3 3.564ms 566 | 3: 45.113.248.1 4.639ms 567 | 4: 121.244.26.1.static-pune.vsnl.net.in 4.132ms 568 | 5: 172.31.183.162 4.733ms asymm 7 569 | 6: 172.29.250.33 12.524ms asymm 7 570 | 7: ix-ae-0-4.tcore1.MLV-Mumbai.as6453.net 7.208ms asymm 8 571 | 8: if-ae-5-2.tcore1.WYN-Marseille.as6453.net 125.727ms asymm 12 572 | 9: if-ae-8-1600.tcore1.PYE-Paris.as6453.net 128.893ms asymm 11 573 | 10: if-ae-15-2.tcore1.AV2-Amsterdam.as6453.net 126.019ms asymm 9 574 | 11: 195.219.194.26 136.373ms asymm 10 575 | 12: 138.197.250.27 130.198ms 576 | 13: 146.185.181.157 131.040ms reached 577 | Resume: pmtu 1492 hops 13 back 13 578 | 579 | 580 | .. index:: ssh 581 | 582 | Remote login to a computer using ssh tool 583 | ----------------------------------------- 584 | 585 | We use the **ssh** command to login to remote computers. The remote computer must 586 | have the **sshd** service running, and should also allow clients to connect to 587 | this service. Let’s try to connect to localhost itself. Remember to start the 588 | **sshd** service before this step. 589 | 590 | :: 591 | 592 | $ ssh kdas@localhost 593 | kdas@localhost's password: 594 | Last login: Wed Jun 21 08:44:40 2017 from 192.168.1.101 595 | $ 596 | 597 | 598 | As you can see, the command syntax is ssh followed by user@hostname. If your 599 | remote system's user name is same as your current one, then you can omit the 600 | username and just use the hostname (IP address or domain name). 601 | 602 | :: 603 | 604 | $ ssh localhost 605 | kdas@localhost's password: 606 | $ 607 | 608 | ssh key generation 609 | ------------------- 610 | 611 | ssh keys are used in the daily life of a Linux user or developer. In simple 612 | terms, it helps us to securely login to other computers. In the following 613 | example, we will create a new key for our user. 614 | 615 | :: 616 | 617 | $ ssh-keygen -t rsa -b 4096 -C "kushaldas@gmail.com" 618 | Generating public/private rsa key pair. 619 | Enter file in which to save the key (/home/fedora/.ssh/id_rsa): 620 | Enter passphrase (empty for no passphrase): 621 | Enter same passphrase again: 622 | Your identification has been saved in /home/fedora/.ssh/id_rsa. 623 | Your public key has been saved in /home/fedora/.ssh/id_rsa.pub. 624 | The key fingerprint is: 625 | SHA256:O6Rxir7lpFBQsBnvs+NJRU8Ih01ffVBvLTE8s5TpxLQ kushaldas@gmail.com 626 | The key's randomart image is: 627 | +---[RSA 4096]----+ 628 | | o.o+o ...*=o | 629 | | *.o.o . . @=.| 630 | | + . o o =E++| 631 | | o . o oo | 632 | | + o S | 633 | | . = * . | 634 | | . = = o | 635 | | = B . | 636 | | *.. | 637 | +----[SHA256]-----+ 638 | 639 | 640 | As you can see in the output, the key has been saved in the *~/.ssh* directory. 641 | You can also find out that these files are only readable by the owner. 642 | 643 | :: 644 | 645 | $ ls -l .ssh 646 | total 12 647 | -rw-------. 1 fedora fedora 3326 Jun 25 06:25 id_rsa 648 | -rw-r--r--. 1 fedora fedora 745 Jun 25 06:25 id_rsa.pub 649 | 650 | 651 | Each key has two parts. The *id_rsa.pub* is the public key and *id_rsa* is the 652 | private part of the key. One can safely upload or use the public key anywhere. 653 | But the private key, should be kept in a safe manner, because if people get 654 | access to your private key, they can also access all of your information from 655 | any system using that key. 656 | 657 | In other words, do not give the private key to anyone, or do not randomly copy 658 | the *.ssh* directory to a USB drive and then forget about it. 659 | 660 | 661 | .. index:: ssh-copy-id 662 | 663 | ssh-copy-id 664 | ------------ 665 | 666 | **ssh-copy-id** command copies the keys to a given remote system. After 667 | this step we can use the ssh key to login to the box directly, instead of the 668 | usual username / password method. 669 | 670 | :: 671 | 672 | $ ssh-copy-id fedora@209.12.123.55 673 | /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 674 | /usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys 675 | 676 | fedora@209.12.123.55's password: 677 | 678 | Number of key(s) added: 2 679 | 680 | Now try logging into the machine, with: "ssh 'fedora@209.12.123.55'" 681 | and check to make sure that only the key(s) you wanted were added. 682 | 683 | 684 | Stop and disable the sshd service 685 | ---------------------------------- 686 | 687 | If you don't need ssh access to your computer (say, your laptop), you should 688 | always stop and disable the *sshd* service in the computer. 689 | 690 | Disable password based login for ssh 691 | ------------------------------------- 692 | 693 | Remember, this step can be **dangerous**. 694 | Unless you’re really, really sure that you can access a computer by either 695 | logging in physically or using your ssh key (and you have a backup of the key 696 | somewhere), you should not do this step. 697 | 698 | By disabling password based login in the sshd service, you make sure that only 699 | people with the right private key can login to the computer. This helps greatly 700 | when people try to break into the system by guessing the password. This is also 701 | really helpful in case your computer is connected to some network, and you still 702 | need to access it over ssh. 703 | 704 | We will use vim to open the */etc/ssh/sshd_config* file, which is the 705 | configuration file for *sshd* service. 706 | 707 | :: 708 | 709 | $ sudo vim /etc/ssh/sshd_config 710 | 711 | Search for the term *PasswordAuthentication*, and change the value to no. Below 712 | I have added a new line to do the same. You can also understand, that the lines 713 | starting with *#* are comments in this configuration file. This configuration 714 | will disable password based authentication for the sshd service. You should 715 | remember to restart the sshd service after this step for the change to take 716 | place. 717 | 718 | .. figure:: img/passwordauthno.png 719 | :width: 600px 720 | :align: center 721 | 722 | How to find active (open) network connections from your computer? 723 | ----------------------------------------------------------------- 724 | 725 | :: 726 | 727 | $ sudo lsof -i -n -P 728 | 729 | The *lsof* command shows open files, using *-i* we are asking to list of all 730 | Internet and x.25 (HP-UX) network files. To know more, read the man page of the 731 | *lsof* command. 732 | 733 | To know about ports 734 | -------------------- 735 | 736 | If you want to know more about popular ports used by the applications/protocols, 737 | you should look into */etc/services* file on your computer. 738 | --------------------------------------------------------------------------------