what is linux well linux is the kernel that powers the linux operating system okay that's kind of nice and kernels are programs that talk directly to the hardware and manage resources and processes so what does that mean well in a cpu your chip that runs your computer ever since the 386 processors we've had this separation you have the kernel process and then you have everything else is in user land and they're separate so the way to make security work was they decided to separate them and decided that only one program was allowed to talk to the hard drive talk to the ram talk to all the other physical devices and that program was then responsible for making sure other programs started up and gave them permission to access things so the linux kernel does that in the linux operating system it's the only program allowed to talk to the hardware directly everything else has to talk to the linux kernel through things called system calls kernels need a whole operating system to be useful there are different kinds of operating systems if you look at linux you'll see there are the gnu linux operating systems which is basically the gnu software mixed with the linux kernel you also find things like android android is the linux kernel put on top of well added to a bunch of other software to run a phone when a linux kernel is bundled with operating system software and ship together that is called a linux distribution in the linux family or linux world there are many different families of distributions you have the red hat family you have the debian family you have all these source code distributions and then there's this whole recent debate about changing init to system d most distributions have switched to systemd but some are still back on the old indian system so what's the red hat family well the red hat family is one of the earliest families of linux distributions they discovered the red hat people discovered there was a problem and that problem was how do you package and ship software and not just ship it but ship it in such a way that you know which version of software you have and you can install things and make sure that they work together and so the red hat company created this red hat package management software and what happens here is all of your packages come as these rpm files and these rpm files are then installed and there is a database that keeps track of which ones are installed and then each rpm can tell you what its dependencies are it's become more advanced now you have big repositories that keep track of lots of different things and keep track of what the dependencies are so you don't have to try to figure that out on your own the debian family is basically the same thing as the r as the red hat family it's just slightly different and that would be with the deb packages instead of the rpm packages slightly different focus red hat tends to focus more on corporate company type things and debian's more the end user experience then you have these source code distributions well these source code distributions which includes things like i guess slackware and gen2 and arch these things they try to ship something but it wants to build stuff from source code because if you go from source code you have a much higher chance of things being compatible or not compatible and knowing very quickly you also have situations where you want to optimize your system and red hat and debian well they they're written with generic systems in mind and they're not really optimized for anything so it's kind of hard to optimize a red hat or debian system much but source code can get you much more optimized of course can be much worse as well and then there is this whole system so once the kernel starts up the next big thing is how do you start up everything else well you have this very first process after the kernel that runs and init the system 5 in it was something that came out of the old unix world and it runs these systems it starts up your services and it eventually brings you to your gui or your command line and start something up for you system d was created because they realized there were a couple of issues within it first of all it did everything sequential and you want to be able to do some things in a different order maybe you want to be able to start two things at the same time if they don't have any dependency relationship and then they just change the whole way of doing things so it's more closer together and it is just very organized scripts that do things and systemd is a more organized system of doing stuff so some hardware considerations when you are getting ready to install linux you need to know can your machine boot the installation media so that could be a cd-rom hard drive it could be floppy or it could be some kind of network based thing you have to decide can you boot it because you have to be able to boot into something in order to do your installation and you also need to know how much hard drive space do you need normally the earlier versions of linux get by with just a couple of well mags and it moved up to a couple of gigs and now you're looking at right around eight or so gigs and it's going to probably grow and get bigger as you need more and more in order to run how much ram do you need well in the early days you only needed a couple megabytes but now if you want a gui you have to have at least a gigabyte of ram and that's just kind of a minimum you really want more than that you want to know will your video card work one of the issues that originally plagued linux was these video cards would come out but they had this whole thing about secret drivers if you make a mistake with the hardware all you have to do is just fix it in the driver and no one will know but now well people do find out because most of the video cards have source code that is available to look at and people can see oh you messed up the same kind of thing happens with the wireless cards because if you have wireless cards you want to have drivers linux likes to run with everything compiled from source code rather than just binary drivers you also need to look at your other hardware needs do you need to have scanners or cameras or other devices hooked up and do you have software for it so you can look and try to figure out if the software is available and working for linux there are a couple different installation methods you can do a dvd installation so this is typical for physical devices when you want to physically install it on a computer also if you're using something like virtualbox or vmware you might use an iso installation you're actually doing a dvd installation but the iso image is really the image of the dvd before it's burned onto a dvd and the virtualization software can pretend that the dvd is actually burned and install off of that image you can do usb installations you can do hard drive installations if it's already installed in the hard drive and you can install from there and sometimes you can do network installations but that requires having some kind of a boot service and be able to install well off the network time and date when you're doing your installation you need to have your time and date set so how does a computer clock work well you've probably seen movies about crystals and stuff like that and trekking through jungles trying to find amazing crystals that'll make things work great really the whole idea is you're trying to find a clock trying to make a clock work and so they use quartz crystals the idea is if you send electricity through quartz crystal it oscillates at a given frequency and the computer can count that and keep track of date and time the problem is that not all course crystals are created equal so it doesn't work that way i mean they get off a little bit so in order to make things work properly you have to use things like network time so let's talk about time zones well if everybody were in the same time zone it wouldn't matter what time zone we were in but if we were in different time zones then there are all these differences the question of is it always the same number of minutes different between two different time time zones well that's not quite right because you have things like daylight savings time and other things that mess everything up sometimes political changes change your time zones and you want to make sure that you have the same time as somebody else if you are in seattle and someone else is in new york well there are a couple of time zones between you and you want to make sure you have the same time not the same time of the day but knowing that you can take the time on your computer and calculate out what time it is in a different computer somewhere else so it is important to make sure you set the correct time zone so that you know that you are not the same time as someone else when you're restoring your time on your computer it gets written out into a chip and the question is do you want to store local time or utc utc would be your greenwich mean time or your zulu time so windows machines tend to use local time for everything well that's great until you move your computer from one time zone to another time zone because then you have to sit there and recalculate everything linux likes to store everything as utc so then all it needs to know is what time zone am i in and then when it reads it from the computer it can immediately translate into your time zone and be fine windows when you move from one time zone another time zone you have to change it from your local time to utc then to the other time zone much more complex network time communicates over the network you send a request to a server the server sends you the time as utc and you have to calculate it and convert it to local time when you're doing installation you have to do your software selections you have to decide which software should i select normally the default is to have a minimal install minimal install has really minimal software there's very little there if you want to have a secure server you want to start with a minimal install however if you want a desktop you don't want to start with a minimal install you want to start with something like the gnome desktop options so make sure you have the right one selected what type of machine do you have well that's back to your hardware questions what hardware do you have and you also need to decide how is this machine going to be used are you using it as a desktop machine or as a server are you running a web server so you want to try to pick what you want if you are running it as a server and you don't want to be hacked it's best to start with a minimal install if you run around as a desktop well just start with the desktop can you install packages later yes you can you can install lots of packages later everything you can do during installation you can pretty much do later and where does the software come from well you have these software repositories and your software comes from the repositories and you download it and install it and linux when you have these linux distributions these distributions are the main purpose of them is to provide these repositories so you can get your software later what are the requirements of different packages well fortunately you don't have to know too much but the repository does keep track of which software is required by which other software pieces so when you do an installation of a particular piece of software it will search through a database and figure out which dependencies are required check your system to see which ones you already have and then after it's decided which ones you have it can download everything you're missing install those and then the package you need so you don't need to worry too much you are doing your installation you need to install linux onto the hard drive so where is that well you have a hard drive and you have it divided into individual partitions so the hard drive can be different drive volumes and linux can be installed in any one of these volumes normally you'd want to install at least the boot loader the main parts of it on the beginning part of the hard drive so that you can then read later parts of the hard drive and see everything you also have this thing called swap partitions a swap partition is used in situations where you run out of memory if you run out of memory or hard drive space really bad things happen to linux machines you don't want to ever run out of memory ever is bad don't do it so a swap partition is nice because it takes a portion of the hard drive and it uses it as virtual memory so when you start running out of hard drive space well not out of ram you will take pieces of your ram that are not being used you'll write them to the hard drive and if you suddenly need those pieces of ram again you will pull it from the hard drive back into ram and put something else on the hard drive if you do that a whole lot that's called thrashing it's really bad for your system makes everything slow because the hard drive is much slower than ram so you want to have swap but you don't want to have a large swap and you don't want to ever have to use the swap you just want it there in case you do run into it so what are the other partition types well you've got these linux types you've got your swap you also have things like raid partitions or lvm partitions so lvm is the local or logical volume management the idea being that you can create a giant partition and then make other fake-ish partitions inside of it lvms make it possible to resize and move data around seamlessly so it's kind of nice to have lvm but if you aren't making huge changes or adding hard drives removing hard drives or if you're using a virtual machine there's really no need to have lvm you can just stick with your standard linux partitions once you have a partition you need to install a file system into that partition and there are different file systems linux came from the minix world and so you have this mix file system and then you have expansions so it was extended the first extension of minix was ext2 and then you have ext3 and ext4 and these are extensions for the minix file system but there are other different file systems you can have xfs which is the default on a lot of newer linux machines you also have windows partition types like fat32 and you have your ntfs and linux can create different file systems and put them into partitions and use them and the way it uses them is through mount points amount point is a directory in your directory structure so you you first have your first main partition which is your root partition for the entire system and then you'll have directories inside of that and then you can take any one of those directories in there and say oh this directory is going to be redirecting to a different partition and those redirections into a different partition where you merge two different partitions together into the same directory tree are called mount points on windows machines you have your mount points as drive letters normally so you have the c drive and the d drive and the e drive and the f drive and those would all be separate partitions networking why should i set a host name well your machine does much better if it has a host name everything seems to work better usually it even works much better if the host name maps up to an actual dns entry in a dns server somewhere but that isn't required and if you have a host name on your machine that doesn't mean that anybody else can see that hostname maybe they have no idea what you've set and you're not telling them what your host name is so it's mostly for internal functioning and making sure you don't have to use the hostname of localhost why should i turn on my networking well you can't do software updates if you don't have networking it's hard to do any networking based things if you don't have networking so really you should turn it on but when you turn on what should you use should you use dhcp or a manual configuration most computers out there on the internet use dhcp most servers actually use a manual configuration so if you're using a client machine you're going to use dhcp in most cases and you'll use a manual configuration for anytime you need a server there are some servers that will not run with dhcp dns servers really want manual configurations dhcp servers manual configurations active directory and things like that on windows machines want manual configurations and don't really well run well on dhcp can i change the networking after installation of course linux networking on these uh centos linux based machines tends to be managed by the nm or network management tools and you can usually click on applets in your gui to change your networking settings or you can use the nmtui command for the command line to change your networking root what is the root user well the root user is the main user that runs the entire system root is the process or the user that runs all kinds of stuff and makes everything work so is it the same as administrative account well not quite administrative users usually have a group that they're part of and on most linux machines it's the wheel group so if you are a member of the wheel group then you're considered a administrative user and then the idea is that you can sometimes run administrative commands using different software things like the sudo command in order to run them as the root user so what are the requirements for root password well you really don't have a lot of requirements with during installation it might throw a fit if you are having simple easy passwords but you want to have a password that's hard to guess and that you can remember so you need to remember the password and don't forget it but why is it set during installation well it's a lot harder to set it after you've installed after you've booted up when you're trying to log in so make sure you set it during installation additional users why should i create additional users well it is not usually good practice to run as the root user all the time when you're doing administrative tasks you want to be able to have root access but you don't want to accidentally click on some link and do something accidentally and have your entire system destroyed because you're running as the root user so you want to run as a different user and in order to run as a different user you need to create an additional user that is not the root user you can make it an administrative account which basically puts it in the wheel group and allows you to run the sudo command sudo and that allows you to run stuff as root so you want to make sure you have a good username and a good username is a username that is not one of the standard easily guest usernames so you standardly easy guess usernames would be your generic names you know your alice bob and eve those kind of things you don't want to have bad passwords either make sure the password is good and does not match the username in any way make sure it's complex enough to be not guessed easily once you do your installation and you boot up you have this initial setup thing and the initial setup shows up during the gui installation they want you to accept the license agreement and then if you don't set accept license then they kind of really don't want you using it so they try to force you to do the license agreement and then there's this whole thing about kdump kdump basically is a feature that allows you to have all of your memory written out to the hard drive in cases of a kernel crash usually you're not going to look at that so you don't really care but if you are a kernel developer you might care about it i might want it there login options what are the login options well you can log in from your gui or you can log in from a command line normally you start up in the gui and you just pass in your username and password and usually your user shows up you can just click on your user and then type the password and that's how you get in if you don't want to log in as one of the users that shows up you can select additional users type in the root user's name which is root all lower case and the root password to get into the gui or you can press something like control alt and f2 or control f3 or control f4 or one of those numbers and drop to a command line and then log in as root with a password when you log in you want to make sure that you realize that when you're typing your password it will not echo back any stars or letters or anything like that so you just have to know that the password is being typed in just trust that something's going in there it makes it so it's harder to do some kind of a screen observing and stealing so that's what that's for so what might cause a login to fail well you'll obviously fail to log in if you don't have that user on the system you will fail if your password doesn't match the user's password you will fail in some cases if you cannot log in because the hard drive is full or because directories got deleted you might also fail to log in if somehow permissions got set incorrectly if the ownership of a directory got messed up if you break things if your se linux context got messed up so if you break things it might not work so how do you know they're working well if you log in it's working so then what can you do in your system well you can do updates you can't install software you can run the software those are really the things you want to do all right so when you're booting up what is the boot process well you have a bootloader a bootloader is a piece of software that is there to load your operating system why do you need that well originally when they started looking at operating systems they decided to start with these really really really small processes they decided that the first 512 bytes of memory we get loaded into memory and then you just start running it well that's great but 512 bytes is not very much for anything you can't really run a huge operating system that but you can load a program that loads your boot loader that then loads your operating system so it's a long process with multiple steps you have your bios load your first bit of the hard drive that first fill the hard drive loads your boot loader your bootloader then loads your operating system and then your operating system then starts up your initial process which would be init or system d the system d process would then load up your services and create load your gui and create all of your terminal logins and all that so it's a long multiple step process how do you set boot options well it depends on which options you want to set but normally when you're talking about boot options you're looking at what the kernel loads as and those can be configured in the grub configuration and that's normally found in the etc boot directory and sometimes that gets written out there from other directories and you can look around for grub configurations and just find things where are the boot files located well normally in the boot directory and the boot directory contains your kernel your initial ram disk mapping your grub configurations all those be stored in your boot directory i guess we already talked about how the system starts and when does start but there we go navigation so when you log in where am i oh where am i when i start so normally you start right there in your home directory and how do you move around well in the gui you can click on things and look at different directories and that will show you what's in them if you get a terminal up or if you log in from a terminal you will start in your home directory and you can use the cd command to change directories then you figure out well where is everything stored well programs and user files and logs and configuration files are all stored in different places the programs are usually stored in the slash usr directory but sometimes they're stored in the slash opt directory and sometimes they're stored in the slash bin directory or slash s-pen it depends on which programs you want user files are usually stored in the home directory so slash home and then your username so you store all your files there logs get started in the slash var directory so slash var slash log you can go in there and take a look around and see what you find and then configuration files are normally stored in the slash etc directory so you can look at those and see what files can be edited and changed when you're doing networking it's kind of important to know what your ip address is and you can type in ifconfig on most linux and unix-like systems and they'll tell you your ip address so that's interface config ifconfig however on newer linux machines you need to type in ipspace addr and that will tell you your ip address it also tells you your mac address your host name normally shows up in your prompt but you can type in the keyword hostname by itself to see what your host name is set to where is it set it's normally set in the etc directory in a file called hostname so slash etc hostname is where your hostname is normally set where is your dns set well there is the etc directory once again because that's where the configuration files are at there's an etc and then resolve.com resolve dot conf is spelled without a trailing e on resolve so it's r-a-s-o-l-v dot c-o-n-f and it is your name server that's set there where is the ip address set well it is normally it depends on how how it's loaded but the configuration scripts for the ip address are in the etc etc directory and it's in the sysconfig network scripts directory and there is usually a file called ifcfg dash and then your interface name so ifcfg-ens32 or ifcfglo for the local combat loopback and so you just go in there and look at that um how do you test your networking you can use ping traceroute you can try to do stuff how do you edit files well you can view files with the cat command cat's actually from concatenate but you can type in cat space in the name of a file and it will list the contents you can look at them with the less command if you want to scroll through it make sure you press q if you want to get out of less just less in the file name and queue to get out what about editing it if you want to edit it you can use vi nano emacs g edit any one of those editors how do you get more editors well you install them you can use yum install on the name of the editor assuming that's the name of the package that installs it so which editors are best well vi tends to be available on most systems it's been around for a very long time and many people who like archaic editors are familiar with vi it is not the best editor it is not a very good editor and is very cumbersome and complex and people hate it and because they hate it they are starting to remove it so it's starting to become less and less common on newer distributions but it is pretty much installed on every linux and unix distribution out there right now nano nano is a much better one nano is based off of a original editor from the university of washington called pico the university of washington had bad licensing so nano was created as a drop-in replacement for pico and that's kind of nice it's a much easier editor to use not incredibly powerful but it is easy to use emacs is one of the earlier editors as well like vi there was a long time a vi emacs debate on which one is better emacs was written by the same people who wrote the gnu project so comes from there emacs is very difficult to use and i recommend against using it fortunately is not installed on linux distributions by default so you have to worry g edit is your editor that shows up in your gui so much easier to use you can click on buttons like a save button and open button and you see everything and so g edit it's kinda nice there software updates how do i update the system well use the yum command so you can do a yum update yum first of all because you want to make sure your updater is updated all the way if you don't have a fully updated updater then weird things can happen sometimes you want to make sure you update the software of the entire system you can just do a yum update and that will update everything if new programs are available it will update anything that's new um you can also update new stuff with uh by just doing yum install in the individual package and again update or install new packages how do i know if it's already installed well you can try yum install something and if it says it's already installed then it's installed you can also type in the rpm command and look at the rpm database directly so you can do rpm minus q a to list all of your packages or just rpm minus q and the name of the package and see if it's installed how do you uninstall it well you can do yum remove and the package you can also do the rpm package directly rpm minus e for erase and then the package name so what happens when you update gui files while in the gui well that happens sometimes if you do a full system update and you're in the gui sometimes the gui gets updated and as you might imagine if you're in the middle of running a program and that program changes sometimes you have to read parts of that program from memory and sometimes you have to read parts of that program from the hard drive and if it changes it changes the hard drive and you can get an inconsistent state that crashes so don't update your gui from in the gui drop down to the command line and do it from there how do i connect to the internet well with the network but you also need to have your browsers so firefox and browsers are great if you want you can even install chrome or other browsers they are available and can be installed how do i get a remote terminal well remote terminals are things like ssh so you can use ssh and it's already installed on your system by default so you can type ssh space and the ip address of a machine to log into that machine um sometimes you need to pass a username i usually do ssh space username at symbol ip address to log into machines how do i get a remote gui well that's a lot more complex um you can have your x 11 gui exported and then you should go from one links machine to another linux machine and you can start up things like terminals inside the or web browsers inside of your local machine that are actually running on the remote machine or you can use something like vnc or other software to get a remote gui capturing data how do i take a screen print well if you're running a virtual machine that gets a little bit tricky sometimes the screen print button works for taking pictures and sometimes the screen print button doesn't um if you want to take a screen print of something and you want to show what's going wrong when you're trying to talk to people it's usually best if you're outside of in a virtual machine to take a picture of the virtual machines window using your local screen printing tools such as the stamping tool on windows how do you get data from a terminal well it depends on how you're connected if you're connected to your virtual machine through your virtual machines window maybe you can't um maybe you can maybe select it and copy it sometimes it copies out sometimes it doesn't what's usually easiest is if you ssh into your virtual machine or ssh into your machine it's easy to copy and paste into an ssh terminal emulator and that makes it much easier in addition to that if you have a terminal emulator that allows you to do file copying you can just usually drag and drop or copy it sometimes you use the scp command to do a secure copy between machines as well and then last how do i get out of my gui usually there is a button in the upper right hand corner sometimes this lower right hand corner sometimes this is the upper left hand corner and sometimes it's the lower left-hand corner so you just have to figure out where it is but click on the button and it will allow you to log out or shut down the machine how do i log out i would text with terminal just type the exit command until you are logged out how do i shut down well in the gui you just find the button to shut down on the command line you type in the shutdown command to shut down usually you have to tell it when you want to shut down so type in shutdown and then the keyword now to shut down now how do you reboot just type reboot on the command line or from the gui find out where your button is and this has been a quick little overview of your linux installation and leaving linux machine using a linux machine so good luck command line navigation when you first log in you're in your user environment and there are things you can do and things you might want to do but you need to know how to do one of the things you want to do is probably bring up a terminal window many things many different commands are written specifically to run well in the terminal and if you don't have access to the terminal it's hard to run them not everything is created to run in the gui so how do you bring up a terminal window well let's look at this right here you can see if i click on my application then i can scroll down to favorites and off to the right side there is terminal you can also go down to utilities or system tools some tools and you can find your terminal down here either way you can launch the terminal and once you have the terminal up you can start typing in commands and that's pretty useful so what do we have where am i if i do a pwd command i can see my present working directory i am in the slash home joseph directory if i do an ls command i can see things that are in that directory i can do an ls minus l to list it in long format which makes it easier to read for some people or i can do an ls minus al to show all files including the ones that are hidden hidden files are basically just files that start with a dot i see all these files in my directory so let's go back to the slides pressure man well the pwd command what does my prompt tell me well the prompt tells you your username and it also tells you the directory you're in and that can be useful it also tells you the hostname and we'll look at that again when we go back to the terminal when you're logged in you have an environment well what are environment variables environment variables are basically name value pairs that are stored that your programs can use so if you look at your environment you will see a bunch of name value pairs one of those name value pairs would be something like username and it would actually list the user for my case joseph so username equals joseph i might also have things like my path a path is a list of directories that i look in whenever i type in a command to try to run that command so it doesn't matter what my environment is well it does because if you have a environment and your environment doesn't have certain things in it then you will have to explicitly indicate where those things are programs rely on the path to be able to find things you can look at your environment with the env command to show the environment you can also change them with the export command so let's go ahead and look at this again so if i type in env i can see all these different variable variable sets such as my home and my actual home directory which can be useful because then i can use a program and i can tell it instead of going to slash home slash joseph i could do something like use the home variable so how to use the variables well if i wanted to type in echo i can type in echo and it will tell me things it will repeat whatever i tell it to repeat but i can use variables here i go home with a dollar sign and it will not echo the word home but it will echo the value of the home environment variable some of these variables are set in some of the files in my directory so if i do ls minus al i can see there is a dot bash underscore history dot bash underscore log out dot bash underscore profile and dot bash rc so if we take a look at the the dot bash rc file you can see that it has information here you can also see the keyword export is in the file but there is a hash mark in front of it meaning it is commented out if i look at my dot bash profile dot batch underscore profile i can see another thing right here i can see path is being set to whatever the path is currently at but then it's adding stuff to the end of it and then it is exporting it into the environment so whenever i log into my system this file the dot bash underscore profile file will be executed and you can see the cat command can be used to display contents of files all right terminal redirection when using the terminal what do the greater than less than and double grading mean well greater than is used when i'm running a program to direct the output into a file so whatever comes after that grading whatever it is pointing to is where it goes the less than i am directing a files contents into the input of a program and the double grader then means that i'm taking the output and appending it to a file i can also use variables in commands and i can use backticks as well so let's go back to this terminal and take a look at it so if i type in something like time it will display the time if i type in date it will display the date what if i wanted to save the date well i could type in date greater than saved date dot txt and it will save the date if i go cat saved date i can see the date's been saved if i run it again the same command it will overwrite it and replace it if i use the cat command i can see the new contents of that saved date text file if i use the double grader then now it will append it to the end of there i can append it multiple times and then i can go look at the contents of the file and i can see now we have multiple entries that are in this file that can be useful so what's the backtick well the date command also has options you can use so if i do date plus percent d it says zero nine well that's because it is the ninth day of the month i could also put in quotes right here add some more things like a percent capital y now as the year i do a percent m and it adds a month and if i want i can even add dashes in here so now it displays that so how can that be useful well what if i want to save the date and i want to save it into a file so i can do date redirect that into a file that has whatever this thing produces dot txt that's a little complex so basically what i am doing is taking the date command running that it will produce a date in the format we saw above and then this format above will be sent to the output the output will then take this command and run it and it will generate a date it will then append a dot txt to the end of that and it'll create a file with the contents there so now i can do a cat and 2009 teen dash four dash nine dot txt and i can see the contents of that file so that's what the backtick does takes whatever runs whatever the output is and puts it right there on the command line for you manual pages how do i find information by commands what command or what information is provided by manual pages how do i find out or how do i get out of this man command and what if there are c functions and programs with the same name well what if i want to know how to use that date command i just used it it worked i can type in man date mandate and then it lists information about that command i can use the up and down arrows to scroll through it i can see instead of using a percent capital y i could use something else like a percent lower case y which would only give me two digits instead of four digits if i want to get out of this all i have to do is press the q button that's kind of nice it's very useful in giving me information about commands also if you want to sometimes the command also shows up in programming languages so if i type in man 2 date it looks to see if there is a section 2 man 3 date is for section 3. if i look at man time you can see that there appear is there is there is a time one which means i'm looking at man page 1. well time happens to also be a c function so do man two time and see if it shows up there and we see oh this is a little bit different than the man one time this man two time and now we're looking at c code it tells me how the c code use is used and what it does now file management how do i create files how do i edit files what information does the file system keep on each file how do i move a file how to rename a file how do i copy file how i delete files all these things are kind of important things to do so let's jump right back in there and see how we do them okay you can create files obviously by redirecting output from something to another file and you can see that i've created a few files one of them is the well this date thing if i do ls minus l i can list a bunch of directories and files and maybe i want to get rid of that saved date so i can do rm saved date and that just gets rid of the file i can also rename files so mv is either move or rename so i'm going to mv 2019-04-09 and i can call it sumfile.txt and that will either move it or rename it basically moving and renaming are the same thing the reason why we use the move command is because the way that we are moving something is by actually changing the entry in the file system that points to the data on the drive so we're just changing that entry and so that's the exact same process as moving something so it made a little bit less sense to have two different commands i can also create empty files so look right here there is well the sum file.txt and if i want to create another file that's empty i can do touch what touch does is it well it touches the file it changes the modify date times and things like that so if i do touch new file.txt it will change the date the modification date of that file well the file doesn't exist so it creates it and then changes it so video ls minus l you can see that a new file has been created and there it is you can also delete files in addition to using the rm for remove you can use the unlink command so if i unlink new file it takes away the symbolic link or not something like the hard link to the file and then the file is gone on the directory answers here you can see this number one number two number one right here and then the rest of them twos that is the number of links pointing to that entry and when the number of links goes to zero the file is gone and the memory is released okay so that's how you do some modifications and things like that if i wanted to move the some file into my desktop i can move some file to my desktop now it is case sensitive so lowercase desktop is not the same as uppercase desktop so if i do it with a lowercase d it says not a directory if i do with a capital d it does say it's a directory and suddenly it shows up on my desktop right here and if i want to remove it i can either remove it well by giving it the location the file or i can go into the directory take a look around see it's there and remove it there and then go back down to my directories just in and that's how you can do some basic file manipulation but what about editing files well i can use nano nano new file.txt and i can type in some file contents something and i can press ctrl x to exit out it asks me if i want to save it i say yes and asked me if i want to use the same name that i typed it in and i just press enter and then it creates a new file i can see this new file.txt i can use the cat command to display the contents of the file all right searching and editing files how do i find files containing some string of characters how do i display the contents of a file how do i know what type of file a file is and how do i edit a file well we just edited one so we can see that we know how to do that but what about finding files that have contents we know how to display the contents because we've used the cat command so now let's go ahead and find files i have a file in my directory somewhere that has the word something in it we know which one it is i can do a grep command grep some thing and star to search all the files in my directory well all the ones don't start with a dot and then it shows me okay a bunch of these things are directories we can't search those but there is this thing new file.txt that has the word something in it and i can even use parts of that smaller pieces if i'm using the word sum i can see that something still has some in it and it still shows up so that helps me find the file if i wanted to search in other directories let's say i move this new file up to my desktop it's gone if i do a search nothing shows up now if i want to search all of my directories for files inside of them i can do a star star and then it finds this something up there it doesn't really tell me where it is though which is kind of difficult but it does give me an idea that it is existing somewhere all right so that's searching how do i create directories how do i move directories how to rename them and how do i delete them directories are kind of like files they're files that contain contents including well files if i do ls minus l i can see that i have a bunch of directories here i can create a new directory with mkdir for make directory so my new directory is going to be called new der neuter new directory and then i can use ls minus l and i can see that this new directory is there i can rename that new directory mv neuter as older and that changes it lsl now i have to be careful if i decide i want to rename this old directory as desktop what would happen well if i do move older desk top that director already exists so what it will actually do is it will move it onto the desktop so you have to be careful with these removing or moving of directories i can also remove that directory as rmdir desktop older so it'll go up into the desktop directory and remove the old directory but only if that old directory is empty so if i drag this new file into the older directory and then try running it it will say directory not empty so i can go into that directory or i can remove the file first desktop older new file i can remove the old file or the new file and then i can remove the directory so you cannot remove directories using the rmdir command if they have contents in them if i create a new directory new again and i create a file inside of it touch neuter new file i can't remove the directory with the rmdir command new dir however i can remove it new der with a recursive command minus capital r to recursively remove it and that will remove the new directory and all the files inside of it so it cleans it out and it's gone so that is a little bit of directory management for you links what are hard links well hard links are entries in a file usually a directory file that tell you where the contents of a file are on the system symbolic links are like shortcuts they tell you a location and this is not a physical part of the drive where they're located they tell you a directory and a path all the way to the file so they are not quite the same thing as windows shortcuts but they're very similar window shortcuts are files that contain all kinds of information including the path so how do i create links and small links we know how to remove them because we use the unlink command and as you might guess you can also use the delete command or the rm command so i'm going to create some links so if i look at my directory i have no files so i do touch new file dot txt and now i see that there is a new file it also has one hard link to that new file so i can do ln new file and then new file two dot txt and this creates a symbolic link well not someone getting a hard link from new file to on the new file to new file two so if we do ls minus l i can see now there is number two right here indicates there are two hard links to the new file and new file two i can do ln minus s for symbolic new file and i can create a new file 3.txt which is not the same thing as a hard link so the number two will still stay at number two but you will see a new entry and that is my symbolic link the small link has one link to it and it points to new file and so if i were to look at the contents of new file which is empty then well they'd all have the same thing so let's go ahead and put something in it so echo and i'm going to append that to new file dot txt now if i do ls minus l i can see that the content size of new file 2 and new file has both changed to 6 but new file 3 still has the same 11. any one of them will display the same content so new file dot txt new file 2 and new file 3 all display the same contents but if i want to remove things if i do an rm new file well what do i have here now we can see that new file 2 is still there and new file 2 because it was pointed the actual physical location on the hard drive will still have contents new file 3 was pointing to the name new file so the contents will be gone so cat new file 2 i can see the content still a new file 3. well it says well there is no new file so i can't do that so we remove that new file three and remove new file two and they're gone now and then absolute path versus relative path absolute path starts with the very root of the system so it's the slash directory all the way down to the location of the file relative is based on where you're at so all the symbolic links i was doing were relative paths all the directory entries i was doing were relative paths all based on where i was currently at so they can be used interchangeably in certain situations so let's go ahead and look at this if i wanted to look at my well my current directory i can do ls minus l space dot dot is my current directory and i can see what's in my directory also because i know which director i'm in i can use slash home joseph so ls minus l slash home slash joseph will also display my current directory but i could look at the slash home directory and see other users well there's nobody else just me where i can look at the slash directory and i can see all of the directories on the system and get an idea of where things are this is useful because using these absolute paths even if you were in a different location the absolute path always works if you're in a different location if i do ls minus l dot dot it'll show me the home directory but if i go down into my home directory and use the same command it will show me the slash directory but no matter where i am ls myself home will still show me the home directory even if i move to the slash directory it will still show me this directory if i want to go back back to my home directory i can type in cd slash home joseph or i can type in cd or i can do cd tilde to get back to my home directory anyway these are some of the things you can use for going around looking at directories and that is the end of our slides for this chapter file systems in understanding the basics of file systems one of the first questions that come up is understanding what is the purpose of a file system a file system helps you organize your space a hard disk is really a large set of bits that are organized by well into bytes and organized by addresses and you can use the addresses to address anything on the entire hard disk so you have this this huge space with lots of addressable bytes and then you have to decide well okay if i want to store data on this how can i store it if you have a large gigantic file maybe your file is a one terabyte file you can start from the very beginning of the drive and start writing the file out and then at the end of the file you'd have it all written there and you can just read that single file back and you'd be fine but sometimes you want to put more than one thing in there so if you put two files in there the question is well where does one file begin and the next one well where's the one and the next one begin and you have to decide how to keep it organized so file system allows you to overlay a piece of information that contains all the addresses in a in that partition and lets you keep track of where files are what space is available what permissions are set which users have what permissions and all the information they can use to provide security or organization so how much space does the disk really have when you go in there and you look at your machine and you see how much space it has is that the real amount well not usually usually what you're seeing is how much space is available in the file system so then how do you know which disks you have well you can use some of the gui tools or you can use tools such as fdisk which will allow you to see which disks you have which partitions you have and then even you can look in there and figure out things like how they are formatted and set up so what is a partition table well when you take your original disk and you decide to break in individual pieces there is a table use the very front of the disk that will tell you where a partition begins and where it ends partitions are individual well blocks that we turn into volumes and there are two main formats that are currently in use there is the mbr which is the master boot record and there is the gpt gpt is a well it's an acronym that contains an acronym and the g is guid which is globally unique identifiers and then pt as partition table so guid partition table so mbr was written with the idea that machines would only go into 32-bit and because of that the addresses are only 32 bits which means that your largest i mean you you basically only address beginning and ending of partitions in 32-bit numbers and if you know much about 32-bit numbers that basically means you have 4 billion different possible addresses and so that's how you would have to have your petition set up to be based on the idea there are only four billion addresses you'll find that's quite a bit of a problem with 32-bit per file file systems as well as the mbr and it limits it quite a bit with larger hard drives in order to be able to address everything you have gpt which has much larger well addresses and it also resolved quite a few smaller issues with mbr such as the number of partitions you could create mbr originally was limited it didn't have things like extended partitions and logical partitions and and well anyway it was it was a mess so gpt solved a lot of that so then how do you edit the partition table well you can use the fdisk command to edit it and once you edit the partition table you write it out and what it does is it writes out to your you know either mbr or gpt and that information is stored there but then the kernel doesn't know about it unless the kernel goes back in and rereads that information so it knows about it so you can use things like part probe or other utilities to tell the kernel that it needs to re-read the partition tables and reload that information and then it can start using that information as it mounts partitions and puts them into its setup so what partition types are good well at this point it's probably a good idea to actually create some partitions so we can get some ideas of how it works so let's jump into it i have right here settings my machine is currently turned off i can go over to storage and click on my controller sata and then i want to add an extra disk so i create a new disk and this will be nice virtual disk dynamic calculated and i can go with whatever size i want let's just go with a one gigabyte this nice small disk and i can keep new virtual disk or i can just say spare doesn't really matter what i call it i create it then it's ready to go once my machine boots up i will be able to use that partition or use that disk and make partitions out of it so i can start that all right i kind of skipped through the booting process now i am ready to log in so log is root with my password aloha one two three and i go into my machine now at this point i have the option of either using command line utilities or the gui you want to probably get used to using command line tools because the gui isn't always there but let's look at the first gui so i click on applications and go down to utilities and i can see there's this disks option here i created my old disk and that one is 32 gigabytes and then the new one is 1.1 gigabytes and it's all unknown space now you can also see the device name is dev slash dev sdb the first one is slash dev sd a and i guess it's got multiple partitions in it sda1 and sda2 in the sda2 i can see that the partition type is linux volume management lvm which means i can then create individual well volumes inside of that the original one is a standard partition and that one is where i have my kernel and the other information stored so i want to work with this second disk and i can click on icons here and create stuff or i can drop down to the command line to show you how that works so go to the terminal all right so in order to build partitions i can do fdisk minus l to list all my partitions it shows me i have a couple of different partitions you can see there is a slash dev slash sda and a slash dev slash sdb sdb is well a thousand seventy three megabytes so i will go edit that one so i do f disk slash dev sdb and i can use my mkb to show me my options this will list all the commands i can use p is to print my partition table and i have no partitions so i want to add a new partition so i do n for new i can decide what kind of partition it's going to be and this one is going to be a primary partition so p partition number one and i can decide what my first sector is i can just press enter here and decide how big this is i have a full gigabyte to work with so i will make this first one let's make it 200 megabytes so you plus 200 m it creates partition i can use p to print my partition table and i can see the type is linux linux works great if i want to make a file system other options i can also list with the l option and you can see there are quite a few different partition types and all these partition types are listed in hexadecimal index values or type values so linux is 83. if i want to do swap it's 82 i can also do things like lvm and other partitions as well so lvm is 8e i'm going to leave this as a standard linux partition type so i'll do write w and then i will be out at this point i can type in part probe and it does not have the command so i can install yum install part probe and it has no package there so we will just go ahead and assume it's there and the kernel will just have to figure it out so the kernel will try to read it so to mount this you first have to build a file system so which file systems do i have well there's the mkfs command if i run it by itself it tells me that here are my options but the nice thing is this is just a front end to the other command so i do mkfs tab tab and you can see these are other commands that start with mkfs so mkfs dot and then you have different file systems so let's go ahead and go back to the slides all right so which partition types are good well you won't have linux probably for most things all right what file systems are available on linux well we just looked at that the mkfs command will show you which file systems are available on your system and which ones are installed there you usually have a couple of different things to install there is the um the programs or utilities type packages to go with things so if i wanted xfs which is already on here there might be an xfs progs package which will give me the xfs information some of these things require a kernel module to be loaded sometimes you have to do other things but that usually provides utilities you need in order to format the file system so what is the difference between different file systems well some file systems have features that other ones don't for example the fat32 file system which is very common in the older dos and early windows operating systems has all kinds of features to allow you to create files and do things with the files but it doesn't really have a lot with permissions and in addition to not having permissions it doesn't really have things like se linux or other security features that linux has it works great for cameras it works great for computers that don't have multiple users and that's really what it's good for when you go to other file systems such as ext3 that's why linux file system exc3 is different from ext2 in the exe3 added journaling journaling is the ability to write to your file system and tell your file system what you're going to write before you write it and then after you write it you remove your entry and this makes it in a state where you don't ever get to a place where you're in the middle of writing something and you have no idea if you've completed writing it because you say you're going to write it you write it and then you remove the entry that says you're going to write it and if you crash anywhere in the middle then you can figure out where you're at and you can back out of things if you can't get it completely done exe4 has more features added you have xfs which also has journaling and other linux type partitions permissions and other things like that so which file systems are supported well once again you have this mkfs command which will show you when you press tab twice which ones are available you can install additional ones and that's usually what's using using the yum package management system to install other packages sometimes you'll have to go and make kernel modifications or get kernel packages as well but most of these are packaged in a way that makes it pretty easy to get them so formatting why do file systems need to be formatted well if you mark a partition you create as well you create this partition it still is just a block of space you have to decide how to put the file system in there and the way you do that is through formatting what formatting does is it starts writing the file system in the beginning and then puts in all the indications and needs through midpoints and other places in there so that you can well start doing stuff so let's go ahead and create a a file system so i'll jump right in here so i'm going to create this one as ext3 so mkfs exe3 and the question is well which partition is it well we know the device was slash dev sda b and it's the very first partition i created so it's slash dev slash sd b one so sdb db and i can see a one here so now i type in this and it will create an ext3 file system and that was quick but there are other options you can add in there as well if you wanted to such as labels and everything is that so now that it's formatted i can start using it but i have to figure out where i'm going to use it and how i'm going to do stuff with it so let's go back to our slides how can i change how a file system is formatted well let's go back to this file system and let's change it i don't really want exc3 so let's change it to ext2 now it's the ac2 let's change the ext3 c83 let's change it to xfs now it's not xfs yet it says that it appears to contain an exe3 file system use the minus f option to force an overwrite so i do minus f and then it reformats it so now it's xfs and then i can change it back to ext3 or exe2 and convert it back all right what happens if there's data on the file system and i want to convert it well you can actually modify it in place for some file system types for example going from ext2 to ext3 all you need to do is add a journal so if i do tune to fs i have the option to add a journal to the file system so how do you do that well it's with the minus j option so i do tune to fs minus j dev ext 2 92 uh sdb one and now i've added a journal so basically i've now converted the ext2 file system into an exe3 file system without damaging any of the files on there but there are no files not really i mean there's there's a empty directory for lost and found for if i lose things but that's it i could also do things like add a volume label so i want to call this my maybe storage it already has a journal so i take that away say fine and i put this storage label on the partition all right on the file system now if i want to use it well i just need to mount it all right let's click here how do i know if a file system has been formatted well sometimes you don't the easiest way to figure it out is you try to mount the file system if you try mounting it and it doesn't mount usually that's an indication that it's not done correctly it does some auto detection that helps a lot trying to format over it usually tells you if you're trying to go to something like xfs it will tell you that it has something there but you don't always know so what is mounting then well mounting is where you take part of your directory structure and you link in this new partition into that structure so you have a directory and your directory can then be redirected to a new partition a new file system and you start seeing things so where are the file system located when mounted well the file systems are just integrated into this entire directory tree you can use the mount command by itself to see which ones are currently mounted you can also see what mounting options were used when mounting mounting options are things like mounting it as read-only or read write you can mount it with information about how fast you can write to it which users are allowed to do things a lot of things can you mount uncommon things like dvds well dvds aren't that uncommon but yes you can mount them you can mount them as actual dvds or you can even mount the iso images so let's go ahead and mount this partition we just created and formatted so i figure out where am i going to put this partition so i call it storage it's a slash dev sdb1 so let's make a directory and we will put it mounted there so if i do mkdir i can create a directory so i'll do slash and let's say new storage doesn't storage doesn't really matter what i call it and then if i look at my file system there is this directory called new storage if i go into new storage new storage there's nothing there so i go back out of it so i'm at the root of the file system and i want to mount this new partition there so i do mount and i can tell the mount device sdb1 and the mount partition or mount point so new storage so i do that command right here and it mounts it if i go into this new storage directory i can see there is a lost and found directory here this lost and found directory is stored at the root of any ext type file system so now i can see it's mounted which is kind of great of course if i reboot the system it will no longer be mounted because i manually mounted it and it's not being automatically mounted so that can be kind of a problem so what is the file system table well the file system table is a file on the file system that tells you where everything is mounted and how they're mounted so i can actually have this directory automatically have my new partition mounted to it at boot time so how do i edit this file system table well you use a nano or some other editor and you edit the slash etc fstab file okay then we have to figure out if it's working and look at what happens if i mess up so i was mounting the device sdb1 to new storage so i'll do nano i'll tell the etc fs tab if i go in here i can see these are the partitions that are mounted so i'm going to add a new partition here so you first start with the device my device is slash dev slash sdb1 you have some space could be a space a tab i just put a tab my mount point is new storage now tell it what type it is this is ext three give it the defaults and then these numbers indicate things like backups and other stuff just put zeros here you're fine exit out now there's this file because it's mounted well i should use the mount command and see that it's mounted and you see at the very last line down here there is a indication that this thing is mounted i can see which things which options are in place it's read write i can see it's mounted a c3 and i can unmount it with the u mount command u mount slash dev s d b one or i could tell the mount point so i can mount it that way or i can remount it and unmount it with the mount point either way it will get unmounted then i can run the mount command by itself and i can see that it is no longer mounted now if i try running the mount command mount dev sdb1 well what happens it mounts and the reason it mounts is because it looks at this device and says where is that device at and then it finds the fstab file and sees the device listed in there as the last entry and it knows where to mount it so run this mount command again and i can see that it is mounted right there in this new storage directory i can you mount that again new storage and then if i want to mount the new storage i can just tell it to do mount new storage and it'll mount it because once again it looks up in the fs tab or file system table file and figures out what it needs to mount and how to mount it and i can type the mount command again and once again see that it is mounted correctly now if i mess up this file let's go ahead and mount it first and then nano edc fs tab and let's say i tell it some direction that doesn't exist like new storage without the i try mounting mount dev sdb 1 it says mount point new storage does not exist so if i try mount new storage it says it can't find it in the fstab file so you can see what's going on here that's how it's doing it now imagine what would happen if you booted up your system like this and you had a mistake in there well that could be bad especially if it's a critical file system for your system to run it could cause the entire system to basically crash you don't want that that's bad all right back to the slides what features are available with the file system well you have all kinds of features you have the ability to read and write to files edit files set permissions on files you can use things like se linux disk quotas all kinds of things so permissions how do they work well the way they work in linux is each file has some kind of an associated number and the associated number indicates well what the permissions are you have users and you have groups and you can see all this information with the stack command so if i go into my file system new let's create a new file so i use the touch command actually it's not mounted is it mount new storage go to new storage do touch new file.txt if i do a directory listing i can see that the new file is owned by root and it's zero bytes in size it's kind of a small file if i do stat new file i get some information about this new file i can see the size i can see the blocks it takes up other information i can see information about i knows and links and then i see this access permissions well it says it is zero six four four zero in the front is for things like your set user id and set group id and your sticky bit the 6 and the 4 4 indicate the user the group and the world permissions you can see the owner is uid 0 the group is uid 0. you can see the selinux context is listed right here basically it's kind of unlabeled and you can see all the information about its access modification and change times so that's all there and that's all stored most of that stored right there in the inode not the actual file name it's from the inode that the file is linked to so when you create a directory your directory has a list of file names and those file names are pointed to inodes on the system that allow you to then edit and modify the contents on the system so how does sc linux work on a file system well you set your sc linux context and then the selinux piece is tied to the kernel so that whenever you have access or try to access a file it looks at the kernel ask the kernel what it says the colonel looks at selinx and says yeah you're allowed or no you're not allowed and it blocks it doesn't matter what your permissions say if sc linux blocks you then you don't get to the permission level and you can't see it so that can be a bit of a problem it also makes things a lot more secure if you have services that have to run as root and you really don't want them to be able to touch certain files you can use sd links to block them from touching them even if they have full root access because they don't really have it with sd linux and the file system helps to support that how do disk quotas work well disk quotas you have a couple of files on the system and then those files are updated whenever you make modifications to file system and they then keep track of how much space you have what you're allowed to do and it protects it if a file system is read only then you read things but you never modify things including the access times access times for files don't change if you're reading it from a read-only file system read-only file systems are great when you don't want someone to mess with something so anyway that is your lecture on file systems people and permissions on a linux machine it's good to know which users are on your system you need to know who's in there what they're doing and sometimes you need to work with the users you need to remove users you need to change passwords delete users create users lock accounts all these things can be done so let's start with the beginning and look at a system so here is a system fully logged in and i can type in the w command to see which users are currently logged in and i can see that i am logged in as rude well okay that's nice it looks like i'm showing up twice two different route users what's really happening is one is this gui is logged in and then from within my gui i have a terminal up and going and inside that terminal you can see i'm running the w command to see well who's logged in you can always use the last command last and it will display all the users that have been logging in when they logged in what happened when they logged out you can get idea you can see the down here a few days ago the joseph user logged in and apparently logged out at a crash so the system was to crash for some reason and that's when the joseph user was logged out ever since then the only user that's logged in is the root user there's also the reboot user which apparently logged in probably from the gui when the system was rebooted or shut down so that gives you an idea of what happened with the system um you can also see if you jump back to the w command you can see things like how long the system has been up and it looks like it's been up for 48 minutes so gives you an idea what's going on all right so what are they doing well the commands right here is what they're doing so then how do i create new users delete users change passwords let's start with changing joseph's password so i do p-a-s-s-w-d joseph i'm logged in as root so i can change joseph's password if it was josephine type in his password and then type in new passwords but i can just set the password for joseph so i'll set it to aloha123 then aloha123 and it's set if it doesn't like the password let's say i do something like abc it says the password is shorter than 8 characters type in abc it will still change the password but it's not as happy it just warns you i can still change it back to whatever i want though all right so now the password is set if i want to create users or delete them there is this user dell or user ad commands so type in user and then tab twice and you can see there's user add user dell and user mod are the good commands i can use so if i do user add and hit it by itself it'll tell me all the information about this command okay well so how do you use it well user ad and then the login name but before that you can put in a bunch of options so what options do i want to use well i want to tell things like i don't know the comment the comment is usually the user's name i can tell any groups i want to add it to the primary group or secondary groups just remember lowercase g is your primary group capital g is your secondary groups all right those are some nice things you can do there userdel same thing user dell the big difference is that you can decide what you want to do with the directory so usually i do a minus r option to remove the directory when i delete the user now if there are important files in that directory you don't want them to be deleted you could remove the user without the minus r option but remember that the user's files are tied to the user id and you would have to go in there and change the user id or change the user id of the files in order to make sure that the new user if you create a new user afterwards doesn't get those same files all right can i lock accounts yes you can but that requires understanding basically how things work when you have a user and you have a password if i look at the etc shadow file that's where the passwords are stored you can see that this user joseph has a long password thing right here it's actually this long section right here is my hash the first part of it the dollar six dollar indicates which method i'm using from here i can see that my salt this is a random string of characters mixed in is well this and then this salt gets combined with my actual password using method number six to generate this long string right here and then whenever i type in my password to log in it will take my password type in combine it with the salt use method number six and then see if it generates this exact same long string right here and that's how you do password calculations so if i want to prevent someone from logging in all i have to do is modify this right here so that it doesn't work correctly so if i do a user mod minus capital l joseph it locks the account so if i cat this uh well let's do a grep grab joseph you can see that something happened what changed well if you look at it it's almost exactly the same except there is now an exclamation point at the very beginning and that exclamation point makes it so that my account is locked i believe i can unlock it with a minus capital u and then i can see that it has removed that exclamation point and it's no longer locked so that's how you lock accounts groups well what are groups on my system there is an etc groups directory or utc groups file and then it lists all the groups and it lists who are the supplementary users of those groups so who is the memories group well you can see these supplementary members there primary users don't always show up sometimes they just get it because it's assigned as their their group you can use the id command to indicate which groups users are part of and so i can type in id joseph spirit which groups he's part of and well let's go look at that so id joseph i can see that joseph is got a guid of 1000 that means his primary group is well the joseph group his supplementary groups are joseph and wheel so if i cut out the edc group file i can see that yes joseph is part of the joseph group as a supplemental member and then i scroll up a bit and find the wheel group somewhere you can see that the wheel group has right there joseph as a supplemental member of that group i could go in and add them to other groups by just modifying this file and that would take effect the next time you logged in so that can be useful but you can also use the user mod command to modify him adam dexter groups the wheel group is actually tied to the etc doers file the sudoers file says well okay down here all people in the willy group can run all commands as root so this wheel group right here basically means that my user joseph has the ability to use the pseudo command sudo and then run something that only root could run so like ls slash root of course i'm logged in as root so root can do that but if the joseph user were to do that he'd be prompted for a password and after being prompted for the password he could well run that command if i wanted to change that i could go ahead and modify this pseudors command and take this one right here right below it without a password and take out the hash mark and then hash the one right above it all right so that's this group thing right here when you have files you can see there's a group owner and there is a regular user user owner the owner and the group owner and then the permissions are set appropriately so this is the user permissions and this is the group permissions you can set files so that a group has access to the file and then if a user is not the owner but they are part of the group they will still have access to the file with whatever permissions are set if you don't put them in the group then they would be stuck with whatever the user when the world permissions are set at so how do i create and delete groups well group add group dell just like the user ad user l except it's much much quicker how do i modify group membership well you can modify it using the user mod command or by modifying the group file directly group file directly the etc scale directory is really interesting when you create a new user the question is what files do you put in the directory what files do new users get automatically well they get everything that's in the etc scale directory all right so let's go modify that so if i jump into this mercury so etc skill i can see what they get they get a bash log out bash profile and a bashrc file and they also get the mozilla directory so i can create a new directory public html and let's see this new directory here and then any users that are created now will automatically get this public html directory so if i look in the joseph directory he does not have the public html directory there's no public html because well it didn't exist in the scala directory when it's created if i do user add minus c alice and her username is gonna be alice now if i look in the uh home alice directory i can see she has the public html folder and she has everything else that was in the skeletal directory and not only that but you can even see the date that these things were added to the scale directory so if i look in here you'll see april 15th for the public html once again 8th april 15th everything matches it's just a direct copy of what is in the scala directory okay so that's the scale directory it's kind of useful you want to make sure you set it up before you create users otherwise you have to go manually back and create it so i look in the uh joseph directory and you can see there still isn't a public html folder there because it wasn't in the scale directory when his directory was created how are regular users and root users different well root has access to all kinds of amazing things they can edit all kinds of files they can edit anything with that they don't even have permissions for they can change permissions they can change ownership of any file so how do raider users get the right of root well we looked at that just a moment ago there's that wheel group thing with the wheel group sudoers you are able to run command with the run the sudo command and access things that root could access because you can run these commands as root so what can radar users do if they do not have root rights well they can ask for somebody with rewrites to do a forum or if these root user wants to it can grant them access so they can do it with the pseudo command themselves what do the rwx permissions mean well r is read w is right and x is execute and that different means it means different things in different contexts for example if it's a r and it's a directory it means you can read the contents of the directory that means you can see which files are in the directory if it is an r it's a file it means you can read the file w means you can write to it you can write to the directory you can write to the file x if it is a file it means you can run it as a program it can execute it x as a directory means you can get into the directory so that's what executing a directory means is going into the directory so can a directory have the execute permissions well we just answer that yes it can what are sticky bits okay well before that you have these permissions right rvx but you have one more permission so let's take a look at some permissions in well this directory for example if i do stat and i look at my desktop desktop desktop i'm in the wrong directory aren't they let's see the back to my root directory stat desktop i can see it has these permissions a zero seven five five okay seven means that it has read write and execute fives meaning has right read and execute read and execute so that's good if i create a well let's take a look at um the command if i want to change my password i use which user bin password now the password command itself edits files that only root has access to so the question is how does a regular user run or change their password well they can't a user cannot change the password the only way they can do it is if root does it for them so if i do a stat on the user bin psswd command i can see it has a four seven five five the four gives it it puts this little lowercase s there and it means that it will run as a root user so the 4 means it runs as the root and if you had a 6 that would mean it would run as both the root user and the root group and then the last bit the seven if you want seven there is the sticky bits to keep it means that when you run the program it stays in memory instead of being flushed out regularly so that could be useful if you're running a program regularly again and again and again but these are the set uid bits and the sticky bit so let's go back here how do programs run as different users well you can use the set uid bits and that's basically how you do it they if they have the set uid bit it will run as the user as the owner of that file is a set guid it will run with the group set as the group owner of the file and we talked about the file and directory permissions a little bit let's talk a little bit more about file permissions if you want to run a file you need to have the execute bit set right well what if you are running a well binary files it just needs execute bit and runs if it is a shell script of some sort the way it actually works is it starts running it looks at the very first line and that very first line gets executed and it passes in the contents of the file to that first lines program which then runs it so the very first line of a script is the interpreter so if you're writing a python script it'd be a hash mark exclamation point and then the directory and path all the way to the python binary so hash exclamation point slash user slash bin slash python or something like that and then what happens is that program is run and it's past the url or the location of this file and then it tries to read the file so if it is a script it needs to have the read bit set otherwise it will not be able to actually run the program so binary programs just need the execute bit set and scripts need to have both the execute and the read bit set all right so what are default permissions well so if you are creating new things with root root usually creates new files and it has read write access to all of its own files but if a user sets it it also has rewrite set but the user sets both the owner and the group permissions and root says basically just the owner permissions to be something that's open and the reason for that is to prevent root from accidentally giving too much rights to things it doesn't want to give rights to and that is all set with the umass so let's go ahead and take a look at that jump in here and type in umask you can see my umass for the root user is 0 0 2 2. what does that mean well if you take whatever it is so if it's a directory it normally starts with seven seven seven or you assume zero seven seven seven and you subtract that so a zero seven seven seven um you're looking at taking zero seven seven off of that and you end up with a seven five five and if you are a regular user it would be set to a umass of zero zero zero two and that would give you a seven seven five so imagine um your permissions of zero seven seven seven minus zero zero two two for a directory will give you zero seven five five and for a raider user your mask is going to be a zero here which will give you a seven here so that's kind of the idea um so you can change your umass if you want to someplace along the way in your bash profile or bash rc or something else and that will get you changed but you can leave it alone and that's what happens with the default permissions chmod and ch on so chmod is to change the mode or basically change your permissions and ch own changes your ownerships so how do i change permissions on a file or directory well you type in chmod the new permissions and then the name of the file you want to change it to um ch own you can do ch own the new user and then the file you want to change and then you have both a binary and non-binary representations we can look at so i'm in my directory well let's go make this new directory um temp and go into temp i can see there's no files here touch a b and c now create three empty files a b and c i can type in ch mod and right now their current permissions are read write and read and read so chmod and i will do uh group plus uh write for a so i added the group right so if i do ls l again i can see now it has the right for the group i can do a well a let's say b i'm going to do a group plus right and i'm going to do other minus read so i'm going to add write to the group and i'm going to subtract read from other now look at it again and you can see that it has these permissions right here so if you look at these things they're all kind of like binary numbers well they don't look like numbers those are letters but if you like think of it the first one has a value of four the second one has a value of two and the last one is value of one so this first one or here a well it's got six six and four six because of four plus two four plus two and then four if i do a stat on a i can see that it is in fact six six four right there well if i want to change something else maybe i want it to be executable well the execute bit is the one the very last one so if i do chmod seven seven five on a and then look at it again seven seven five makes it read write execute redirects you and then read and execute if i wanted to be just executable and no read no write then i could do well one one look at that again and you can see that it's just x cube bits if i want to make it just writeable now i can make it 2 2 2. and you can see that now it's just writable and if i want to make it just readable i can do four for four so you can see you can mess with the permissions with ch mod and set them that way both binary and with other things and you can learn about that more the using the man's ch mod command you get information about all the different modes and options you have here and q for quit all right what if i want to change the ownership well i created this new user alice so i do ch own alice i set the user and i want to maybe i sent her to the group alice a so now look and it is now owned by alice the alice is both the owner and the group owner they're both named dallas and that's how you change the ownership of files with ch own all right sc linux what about sc linux well sc linux allows you to control files and control access to the files sc links was created by the nsa so the big question that pops up is can we trust them well nsa is a group of spies right can you trust spies well they actually did this for knowing their own selfish reasons because they were required to have mandatory access controls and linux didn't really have good mandatory access controls so sc linux was built there seonx is the security enhanced linux it provides mandatory access controls so files have these different contexts and you can change it and if you mess it up bad things happen so let's go look at some files right here if i do ls minus capital z i can see these all have the admin home t context type you can also see which roles and the user stuff but we can really ignore that stuff all we really care about is the type for most of what we're doing so i can do a ch con for change the context type and maybe i want to change this from admin home t to conf t and then change a okay maybe comp t isn't a valid argument uh let's see what other types we have down the ecc directory we have um let's do a capital z we can see we have etct's let's make some of those so i'll look at that let me change this one to an e t c t and now i look at my directory right here and i can see that it has been changed from an a well from an admin home t to an e t c t if i want to change it back i can just use the c h con command again or i can use restore con a and it will restore it back to what it thinks it should be which might be correct it might not be and you can see it change back to the admin home t this is important because some programs are set to only be able to read certain types and that becomes critical when you start doing things with a lot of servers but just to be aware that you can do that you can look at the types and you can change them and that is it for our peoples and permissions software repositories when you're using linux one of the big questions that come up is what is the difference between linux and a linux distribution well linux technically is the kernel of the linux distribution so what we have is we have a system which is a collection of software and the main piece that runs your operating system is your linux kernel so a kernel is the only program that is allowed to access memory access the hard drive um lots of cpu things lots of things are restricted to just the kernel so when a computer starts up what it does is it starts up the kernel and the kernel is then able to start at the other programs that then run so then you have this thing called kernel space and you also have this thing called user space and things that run in the kernel have access to the physical hardware and things that run outside the kernel have access to asking the kernel for things well the kernel only manages the hardware and other programs and doesn't do a whole lot of user specific tasks that users see if you want to run a gui that's not run in the kernel if you want to have a command prompt that's not in the kernel all these things are run by external programs that are outside of the kernel and then you take all these programs that are run outside the convertible kernel and you gather them together to make a working system the kernel is the main piece the brain that runs everything and then all these other things are what makes the user experience so linux the kernel then a distribution is that big collection of software people can decide which pieces of software they want and collect them together as a linux distribution so you'll see sometimes people say gnu linux distribution gnu is a project that includes lots of different commands that you'd use your shell all of your commands to change ownership and change files and all these things are commands that are written to access or to make requests from the kernel and have a kernel do things and also provide an interface for users to type things so the gnu project got combined with the linux kernel and created this gnu linux thing and then you have other pieces of software such as your databases and your guise and all these things thrown together and makes a linux distribution so can linux be installed without a linux distribution well kind of yeah you can install it without linux distribution but basically what you're doing is you're installing the kernel and then when the kernel runs it won't be able to do anything so you really need something linux needs to be able to start something that you can use to run the rest of your system so sometimes you'll have linux kernel show up in things like android phones and other devices but those are still linux distributions of some sort so why do we need linux distributions it should probably be obvious at this point you need linux distributions because you need to be able to do something more than just work with the hardware you need to be able to work with the users as well and that requires linux distribution so what do linux distributions lead to you well linux distributions come with a set of software and they assume that this is the software that everyone or most people will need and they bundle everything that's very common together everything that makes your system work at that point you need to decide which other software packages you want to install if you want to build your own software packages they're not part of your linux distribution some distributions come with compilers some don't some you have to build them or add them you're at them later sometimes they're in a linux repository you download them and you get them installed on your system sometimes you have to manually go and grab things and build them or install them yourself so repositories what is a repository well the linux distribution usually comes on a dvd or some bootable media and then you install it and it gives you your basic set of files however the dvd might not be updated regular basis so that could be a bit of a problem you might have a bunch of old files that need to be replaced additionally you might have programs and files that you want in your system but are not part of the standard linux distribution because they're not very common or they just assume that most people won't need these they've taken what most people want input there but a dvd is limited really only to about four and a half gigabytes of data so all the other things you might need but aren't on that dvd are stored in repositories so a repository is a basically like a website with a base file that indicates what files are there and then it has references to everything else inside these files you also have information about what packages need you need to know which dependencies each package has and this is all stored kind of in the repository so you can download and build packages so what's the difference between a repository and linux distribution well the repository is your extra stuff it also includes your linux distribution as well but it's everything else you need it could be terabytes of data terabytes of files and programs different versions different different things you might need to install your system a linux distribution is more of this smaller confined grouping for getting you started so what repositories or which repositories does my system have and how do i add additional repositories and why would i want to add more repositories and then are there disadvantages so let's go ahead and take a look at a linux system so right here we have a linux system so if i go down to the etc directory and i go into the yum dot repos.d directory i can see a list of files and all these files have the repo extension these are my standard well standard repos so i can go in here and i can look at each of these files so the centos base let's take a look at that let's send os base and i can see that it has a bunch of comments and then it has this base thing and it looks like a name and it has this mirror list base urls gpu check things like that so what do we have here well the name is the name of the repo the mirror list is where you're going to find your files to download you have this base url as well which gets you started there the gpg check basically says well these packages could be signed do we want to check the key to make sure they're signed by the person who's supposed to sign them there's this whole public key private key thing and once the repo is installed you need to accept the key and then any packages that are created and added to that repo get signed with their private key which you can then verify with this public key and the public key is right below in gpg key so this base contains a whole lot of files and then after that you also have updates extras different repos that you can look at there's also one thing you want to look at the very bottom one centos plus there is enabled equals zero which means this one is not part of your lookups so how does this work well when you want to install something it has to go look in the repos you have to download files let's add an additional repo so one that's very common is the e-pal release or e-pala repo so i do a yum install epel release this is a package that will give me the repo files for the epel repo and you can see right here at the very beginning it did loading mirror speeds you can see it's looking at your base your extras your updates these are repos that are active and it's going through and grabbing these and checking these making sure that you have everything you need it looks at the dependencies in order to get the epel release figures out if there's any dependencies that need to be installed and there aren't any and then asked me do i want to download and install it and i say yes i could do d for download and just download it and not install it but why for downloading and installing and then it installs this epel release so then if i wanted to do a yum install ebell release again it's already installed but you'll see looks like my gui decided to take over i can kill that process sometimes the applet on the desktop decides to take over all right so i um install e-pal release and now you see in addition to checking base extras and updates it also checks e-bell to see if there are packages here now if i take my directory again i can see that there is a new set of files right here there is the epel repo file so i take a look at that one i can see it has a list of things as well i can go through and i can disable the payload if i want or i can leave it enabled you can see there's two other ones right here that are both listed as currently disabled if i wanted to get the debug info versions i could grab just turn on this one right here and probably turn off the other one if i want to get source code i could get the epel source and just enable that one if i wanted to install a package from the e-pal release alpine which is a great mail client based on the pine client is part of that so you can do yum install alpine and then it looks and it says okay you want to install alpine and it says alpine right here it says alpine is part of the epel repository it also requires mail cap which is part of the base repository so you can tell where he's getting it from so i do y it downloads this mail cap and then it says wait a second we don't have the key installed for epel so i said so i look at it and say do i want install it yes i want to install the key and i installed the key and then it installs both of the packages so that's how you get the new repo that's how you use it and get it in place all right where are the report repository files stored well that's in the etc directory etc yum.repos.d directory so you can see those can they be edited from the command line yes they can you can go in there and change them you can disable and re-enable them you can also remove these on the command line so you can delete the repo files once you delete a repo file it will remove the repo from use and you will not have to worry about taking up memory every time you do a um update also it doesn't then give you the option of downloading the packages from that repo so they are removed how do i update packages on my system hmm we have a system and i probably have updates so how would i update packages well let's go take a look if i go back over here let's clear the screen and if i do a yum update it will then check all my repos and you'll see i have lots of packages that need to be updated so i can say okay let's update them all so i do a wide update them and then they start updating the first thing you do is they start downloading and after they download all the packages then they will start installing the packages now if you have not accepted your key before it will then require you to accept your gpg key before it will install the packages how do i search for new packages or for new programs provided by the repository well you can use the yum command once again you did a yum install to install things you do a yum update to update if you want to search it is a yum search so if i wanted to find something such as alpine which i've already installed i could do a yum search alpine now that could be quick could be slow but much faster than just going to the web maybe sometimes the search will not tell you which package to install because you use the wrong search terms so keep that in mind it doesn't find everything always how do i install new programs from a repository well you use the yum install and the name of the package you want to install and then how do i know which packages are installed well there are a couple of different ways you can look at that when you use yum yum keeps track of all the packages that are installed in your system however there is the possibility to go around that because yum is actually a front end for the rpm package so rpm is what's used to actually install and remove packages and yum is a front end that downloads repository dependencies and everything and installs everything it keeps track but you can look at things with rpm by itself so let's jump back over here and we have everything installed if i do a rpm minus qa i will query all packages and this will list all the packages that are installed on my system you can see that there are things like well there's a name the name of the package you have a version number you have a release basically for which um repo or not report rich distribution it is and then which architecture this is specific to most these you can see is x86 which means it's the 64-bit version for the x86 so it runs on the newer processors no arch means that it's really configuration files or something that doesn't depend on a specific architecture if i wanted to do a update of something i just update everything but i could do a yum update and list this is a specific package like nmap it will check to see if there's any new updates and there are well none if you want to install a package that isn't installed let's see if we can find something that's not installed so maybe bind yum install find utils well it's already installed so you can install packages that way if i want to search for something i can do that let's say i really want to run a web server so i can do a yum search web and see what shows up shows everything that has web in either the name of the package or in the name of the or in the description see lots of things here it's usually best to figure out what package you want to install and then helps you narrow it down so if you did a yum search for web server you might find a shorter list which might include what you want now typically people use apache and apache apache is not listed in this list of packages so how would you look for it well you wouldn't search for web server because that didn't work you might have searched for apache and then you come up with this list that includes other things you guys apache commons and all kinds of things and you start saying well which one is it which one has apache well it turns out it's the httpd package you can see httpd dot x 86 underscore 64 is the name of the package it's actually the package is called httpd it's the architecture and this is the description so i want to install the apache web server i do a yum install htpd and then you can get it installed so now we know how to install packages how to update packages and we also know how to figure out which packages are installed on the system and this is your brief overview on using software repositories programs and scripts so what is the difference between binary programs and text-based scripts well binary programs are basically programs that are files made out of machine code readable stuff and then text based scripts are human readable programs so when you run a binary program well there's multiple parts to a binary program but one of the main parts is you have actual machine code that is understood by the cpu directly in a text based script what you have is human readable code that is interpreted and converted to instructions as it runs so the binary programs are going to be much faster and the text-based stuff is much easier to read modify and update so how does the operating system tell the difference well there are pieces in the very beginning of a program that indicate what it is so for a script they all start with the hash and then exclamation point and after that they have the name of a binary program that's going to be run and then what happens is it reads that it sees the name of the binary program to run it runs that program and then passes the script as input to that program so that causes the interpreter to then interpret that script and run it so how do users tell the difference well it's pretty easy you just open the file and take a look at it and if you can read it it's probably a script if you can't read it it's probably not a script how are they made well you use text editors to create your text-based scripts and use compilers to take source code that's made with a textbox editor and convert that to binary so the conversion process happens with the compiler so what is compiler well a compiler reads through a source code file and it will then interpret and figure out what this means and convert it into binary data that can be understood by the cpu it's the same kind of thing as an interpreter but it converts it all the way down into binary and stores it as binary they still have to do the same kind of thing as interpreters because they both have to read what the human readable version is and understand it so why would i want a compiler well you need a compiler every time you want to write binary or create binary files and that could be because you need to download some source code someone's provided you need compiler to do that and you also need if you're going to create programs that are not going to be script-based programs so which compiler should i get well that depends on what the source code is written for there are multiple different compilers out there but the most common one on linux systems is the gcc compiler so it's the gnu compiler and that one is the one that i would recommend especially if you don't know any other one you need although it is possible there are some minor differences in the source code and different compilers will be required to do different things so you need to make sure you if you download some source code from somewhere you figure out if it requires a specific compiler or if it works just fine with the gcc compiler so building source code where can i go to get programs that are distributed as source well a lot of people go to github you can go to github and you can download source code there you can also go to other source code places such as sourceforge and download your source code there and get many different people who are creating projects have a source code distribution that you can download as well but then you figure out how to build the source code programs so how do you do that well that can be tricky because sometimes you have all kinds of libraries that need to be compiled and built into it so you need to make sure of all the libraries all the dependencies everything you need to make sure you have a compiler i want to work then you need to sometimes run scripts on it to then prep it up sometimes there are configure scripts that will check your system and see what hardware what what packages you have and then customize your build to use that then they have make files make files you run the make command and that will install all the well it'll build everything according to the make file instructions so that seems kind of complicated complicated and difficult so why would i want to build my own programs or build them myself well you want to build them yourself because it gets more efficiency or because they are not built or maybe you want to make changes and you can't make changes to someone else's binary very easily so you need to build them yourself so how then are source code projects installed well what happens is if you use a package management system such as an rpm package it installs and it puts files all across the system in different places but it keeps track of where they're at if you do a source good project you can do the same thing you can put them all across the system wherever you need to put them and then you need to keep track of where they're at or you need to make sure there's some way some script in there to remove them because otherwise removing them can be very difficult so what does a hello world program in c look like and how to use the seeks gcc compiler convert source go to binary and then let's look at the make file and then how to run the binary program so let's jump right in here so let's make a file so i'm going to make a directory first make dur and i'm going to make this the hello directory i go to hello and now i'm going to create a file so nano hello dot c so your c files end up with the c extension and in it you have to tell it you are using your libraries stdiu standard input output each and then in main you have to main function you can pass the variables here or you can skip that and go directly into your main function and in the main function i'm going to print f to print hello world i have a new line so it's not on the same line and and then i want to make sure i have a return value so that when the program ends it knows that it returns successfully returns zero so that's really about it um you can do much more much more complex you can add things like uh and arg c you know char maybe starch r r uv you can do whatever you want here but you pass in variables anyway let's go ahead and save that and exit out next i want to compile it so i need to use the gcc compiler if i try and running it right now i don't think i have it installed and it says command not found so i need to get my compiler so i could search for the gnu compiler and find it that way or i can just do yum install gcc and that will get it right here get it all installed and that's kind of quick the compiler does take a little bit of time it's a little bit bigger than the average package but it's not too hard to install i get installed and now i can try compiling again so i do a vm install actually not yet so i'll do it uh gcc hello dot c that takes my directory and i can see i have two files now there's the a dot out and the hello dot c so we do period slash a dot out it runs hello world if i don't want to be called a dot out i can change what it's saved as or what it's created as in the command gcc o dot c minus o for output hello so i want to be i want it to be called hello so i do that it creates instead of the a dot out it creates a hello dot orange hello binary you can see it's the same size as the out if i run hello it runs the way to run it is because the current directory is not my path i have to tell it a relative location which is the period directory's current directory slash hello so then what's this whole thing about make files well if i do a nano make file i go down here and i have my hello in order to create hello i need to make a hello dot i need a hello.c file and every time hello.c changes i want to run this command right here which is gcc hello dot c minus o hello i can also have another option here so a clean maybe and i want to remove hello so it removes the hello binary exit out of that it's going to do a make and it says holds up to date i do make clean and it removes the hello so do a ls minus l i can see that hello dot c is there but hello is not there so now i do make again and it compiles my hello program so that's how i convert my source code into a binary file using gcc and also using a make file gives you a bit of an idea how it all works all right how to run the binary program well you want to make sure you tell it which directory it's in and then you run it so period slash the name of the binary program so what does the hello world program look like in perl python or bash let's go back in here and take a look at each one of these so pearl it uses the pearl executable so if i do which pearl i can see it's in user bin pearl now a source code file a perl usually has a pl extension so i do nano hello dot pl i want to tell it right here you to use user bin perl use that binary and then when i run it i want to do a print and i'll do hello world for old and the new line and a semicolon afterwards to print hello world this right here basically it runs with this uh stuff in the beginning it says okay this is a script i'm going to run this program and i'm going to pass it this entire thing as the input exit out save that now i can see that the permissions are not set to executable on this pl thing so i need to set them executable so do chmod 755 hello dot pl and then i do period slash pillow appeal and oops appeal and that runs now let's try it with python nano hello dot py this one's a little shorter well i'm not sure these are in python print hello world world you don't need the new line character and you don't need the x and the semicolon at the end either this will just work like this chmod 755 hello dot py run that hello dot py and that runs now bash or shell script use the echo command so i do nano hello dot sh and i don't need to tell an interpreter i could i don't need to because it'll just assume if it's text file it's got to be run as a well as a script so i do echo that's it so i run that oops and that runs so those are your shell scripts you can see how they look the shell script could be done as a i can actually pass it the batch if i wanted to so do which bash which is user bin bash and then do nano on my hello sh and i put that line at the top user bin bash and it will run the same and there we go all right so multiple different ways to write a program and make it work standard in standard out and standard error so how do i use a text file for the input to a program well many programs can receive input and you type an input what you can do is redirect these things so standard in is whatever you type in from the keyboard usually standard out is what you print to the screen and standard error is what you print to the screen if you can't see things if you wanted to put out error messages so how do i redirect from standard in or from a file to standard in or out from standard out into some other file let's go ahead and take a look at some of those things right now if i do a command like a cat it's now taking input from my command prompt so i can type things in here and then control z to end well that's an end control c maybe they quit or i could do control control d end that's what it is what i can do is do cat then redirect from output or redirect the output into this new file.txt and then i can type in things right here like hello new file press ctrl d to end that now if i take a look around here i can see there is a new file.txt i cut out this new file and see it has contents i could do something like ls minus al list the directory then i can redirect that into new file and it will replace the contents so then if i cut out the new file it will list what was in the new file i can also redirect standard in or redirect it so standard incomes from something else so um the cat command we just saw cat i can instead of typing something in i can say well i want to get my hello dot c file as the input to cat and then i want to redirect the output into my new hello.c so what does that do well it takes the cat command it sends all the hello.c contents into that cat command which just prints it out and then it redirects the output into new hello.c so if i count new hello.c i would expect to see exactly the hello.c contents those are the same so you can redirect the standard in or redirect that then there's standard error so if i do some commands such as i don't know um find no i do ls minus l dev it does searching there i could do a grep to search for something grip so i look for that word hello in the etc directory all files it some of these things are directories and it cannot search them well i don't want to see this directory stuff so i can decide i'm going to do this but i don't want to see the errors so i redirect the 2 into dev null which basically throws it away and then i see everything that doesn't have an error in it so there you go if i wanted to get rid of all the stuff that does look normal and only have the errors i can get rid of my regular output and just see the errors instead so that's redirecting file input and output so let's clear that using pipes which character is the pipe if you look on your keyboard above the enter key there is this uh well there's a slash usually it's not always on the same same place on every computer but there is this vertical line so let's use the pipe command so if i run hello period slash hello it prints that that's nice um if i run a different command like a wc well wc does a word count so i can take this and redirect the input into the output or the output into the input of wc and it says okay we have one line with two words and 13 characters okay so now i want to try doing something more exciting let's do ls minus al that's quite a bit more i'm going to redirect that into wc it says well 12 lines 101 words and 566 characters that's nice what i want to do something like sort this i could sort it sort well now this contents these contents have been sorted alphabetically not quite the same thing but do that and then i can run through word count same thing obviously but you know it does sort it first and then runs it through so you can run multiple different things and run multiple programs at once just have it pass the output into the input of the next thing until you're done so that's pipes file types what types of files exist on linux machines well we have these different letters when i do ls minus l d is for directory l is for link b is for block device and c is for character device so you can look around and see things do file extensions mean anything well they're used by some programs but they don't necessarily mean anything critical what does the file command tell me well it tells me something interesting tells me what the file is so let's jump back in here and take a look so if i do file star it tells all these files what's in so a dot out is an elf binary hello is now binary c is a c source code ascii text you can see each one of these things it lists what they are so elf is the the linux file format for binary files because it has not just binary code it also has things like memory and other things all set up in there and so it uses that so you got to make sure you know how this how these things are if it says elf it's binary if it says text it's not binary text right so you can keep track of those things and that could be useful for figuring out what type of file you're working with so the last thing right here is symbolic links and hard links so let's take a look at them so we have over here we can do a symbolic link so if i do ls minus our ln for link minus s i can do hello because that's my program and i want to make it symbolically hello 2 and i can do a hard link with the without the s and do hello three so then i take a look at my directory so the ln does a link the 2 created a symbolic link what that does is it says hello to points to hello so i deleted hello it would be gone hello 3 points to the same address of memory as hello and you'll notice over here there's this number two that's the number of links pointing to that actual content on the disk one because it's just a link it says telling where to go the twos right here are both addressing the exact same space and memory so then if you edit them if you edit any one of those three it will edit the same exact file however some editors when they make file changes will save a new file and then move the new file to replace the old file so keep that in mind when you want to unlink them or delete them you can do either delete or remove or you unlink so unlink hello and i look at my directory listing and i can see that now the hello 2 says oh there's no hello but hello 3 is still fine because it points to the memory and the number 2 has decremented down to 1. so the hello 2 doesn't work but that l03 still does because it pointed to the actual program and then you could go and remove or unlink things like hello all right so that's your symbolic links and i think this helps you get an idea of how programs and scripts work on link systems and that's it services and firewalls on a linux machine one of the questions you might ask is what is a service and then a related question might be what is a daemon so a service is basically some program or something that runs in the background someone that serves requests and answers things and helps you work so a web server is a background program that runs and when requests come in from the outside it receives these requests processes them and then sends out pages and information so that's a service there's also other services such as a time service which will sit there and periodically go and check to see what the time is compare the time to its clock and update the clock depending on the differences so that would also be the service so there was a damon well a daemon is basically or a demon is something that operates in the background so basically the same thing as a service so where the name damon or demon come from well there's this maxwell's demon thing where it just serves its master so which services do i want running well that can be a tricky question it depends on what you're doing with your server or with your machine what you're running what you need to run and [Music] how your machine needs to react but there are some services that are kind of essential not really essential but kind of essential such as the mail server so all linux machines all sent to us seven machines have a mail server running and the reason for that is not so they can receive mail it's so that the other services have a way to communicate back to the administrator that something happened so things like your crime jobs your tasks will send a message to the administrator when something produces output that's being run as a job so the administrator knows something happened so that's very useful there are other services that keep track of things like if you're doing dhcp based addressing your dhcp service needs to run in order to maintain and update your lease so you don't run out of ip addresses so then the question is which services pose security risks well any services that can be accessed from the outside or the inside pose a slight security risk the more rights a service has the more of a security risk that service becomes managing services how do i know if a service is running well on newer systems with a system d as the well the service or the system running the machine you can use the system ctl command for system control to check to see if the service is running you can also use other programs to check to see which processes are on the machine and try to figure out if the service is running that way it's probably easiest to use the built-in service checking utilities so let's take a look at the system ctl control command so we have on a default machine a couple of services running you type in system ctl status and that lists a whole bunch of stuff which is kind of useful but then you're like well what does all this mean many of the services you can see are running you can see process numbers what was used to start the services and that can be useful but let's say i want to look at a specific service i want to know if the sshd service is running so i do system ctl status sshd right here i can see that the service is running the green active indicates that it is running so you want to make sure you can keep that straight the active green right here says is running then you might see this other thing enabled what does enabled mean well enabled means that it is not just running but it will start at boot time you also see this vendor preset enabled also so when you install the software it assumes it needs to run and then it's currently set to enabled if i wanted to not start at boot time i can disable it and if i want to stop the service i can stop the service as well so let's do a check right here somebody who's system ctl disable sshd and now i look again at the status i can see that it is still active and running but now it says it is disabled so it will not start on boot time if i do a stop on sag the service stops so if i use system check again i can now see it is inactive or dead and it is still disabled if i want to enable it enable and i look at it you can see that it is enabled but it is still inactive and dead i want to start back up again i just do a start now one thing you might have noticed is when i disabled and re-enabled what it was doing is doing something with symbolic links you can see it created a symbolic link so etc system ct system d system multi-user target wants sshd service so currently my run level is multi-user target multi-user so in this directory there is a list of symbolog links that include the sshd dot service symbolic link and they link over to another place on the system user live system sshd.service which is where the service scripts are actually located so we'll be looking at that a little bit so will the services be running after the machine all you need to do is figure out if they are enabled and you can change that using the system ctl enable or disable commands and you can start and stop them with the system ctl start stop and you can use restart as well so how does the system use the scripts where this group stored what is contained in the scripts and what does it mean well so when you go over and you look at these scripts so let's take a look over them first we'll go over to the edc directory system d system and then multi-user [Music] target wants i can see there are a lot of symbolic links and these links link over to my actual scripts and these are the services that start in older startup processes so we have a system d right now but before that we had init and it had this thing where each each service had a number and that number indicated the order in which it was started and so that was great you just need to make sure you know which number your service needed and it would start before things that required it and it would start after things that it required so just figure out what number they had and you put it in the right place this is different with system d now it can look at the dependencies in there so if you think about the sshd service what does it need well it's a secure shell that you use to log in over the network so what does it need in these to have networking working right so we cut out the sshd.service it shows us this is our openssh server daemon it's got some documentation information it has to be started after network.target and the shd keygen service so it needs to actually have a key in place it wants the sshd keygen service and then it's got all these other pieces of information tells you things like how to start it how to stop it and that's all used by the system ctl command when it starts and stops things to make sure that things are ready also when you're doing when you're enabling it and you're booting it from the beginning it will take a look at these things and figure out which services need to be started in which order and calculate out that little tree and then start things in the order to make them work all right netstat how do i know if my services are really running well we've started the sshd service and system ctl tells me that sshd is running but is it really running we know that the ssh service listens on port 22. so we want to figure out if it's listening on 422 so let's go and take a look so if i type in netstat it lists all this stuff and you can use different uh letters so i want to make sure i use my tcp and udp and i want numbers instead of names and all of them so i do tuna nest at minus tuna and then i can see this right here my ssh service is running on this right here which is useful information because i can tell oh ssh is listening on all ipv4 interfaces and it is port 22 and it's in listening state i can also look at this thing right here and says it's also listing on ipv6 interfaces it's all those and it's in a listening state if i want to see a little bit more information i can add the p option which will show me which processes are running these things so i can see that the ssh service right here is using the sshd process and you can see the same exact process id number and program name is running on the ipv4 version right there so ibv6 and ib4 are both running they're both tcp i don't see anything with udp but i can see other processes here that are running and what's going on so how do i know if there are any current connections well there aren't any current connections right now but if there were you would see something about established connections not just the listening because this right now is just listening but no one's trying to connect to the ssh service nmap are my services visible from localhost well that's an interesting question so let's go back and take a look so if i do a yum install and map and i recommend nmap to anybody who wants to be a decent administrator it was considered originally kind of a hacking tool because you can scan ports and things like that but now it's useful for other things too so nmap localhost and then it comes back and says oh when i did a scan on localhost these are the ports that responded so one thing you want to pay attention to is it says not shown and it says closed ports so what are closed boards closed boards reports that when i tried talking to the ports the kernel respondents said these ports are not open and that means they got past the firewall then i got this thing right here where it says these ones right here are open okay so ssh is open smtp is my mail service and it's open for at least a localhost so local connections rpc bind is for some things like network file system and nis you know some of these things and then there's the printing thing right here so ipp for your internet printing that is actually run by the cups service now if i say well what's my ip address if i do ib adder you can see my ip address it's kind of hidden in here and it is the 10.0.2.15. so i want to scan that one so nmap 10.0.2.15. since i'm on my own machine you'd expect to see the same things right well not quite some of these things are only listening on localhost so the mail service proc mail was only listing on localhost and the print service was only listening local host but rbc bind and ssh are both listing on the external interface as well so what would i see from the outside i would see anything that gets through the firewall so ssh is currently getting through the firewall that's the default configuration but rpc bind would not get through the firewall so externally all i would see is the stuff getting through the firewall so let's go ahead now and take a look at what a different machine would see so switch over machine and right here i can use nmap to scan 10.0.2.15 and very ways through so what we'd expect to see is the ssh service getting through and that's all we see notice how it doesn't say close ports right now it says not shown 99 filtered ports that's interesting so what does that mean it means that the rest of them didn't actually send a response back so that means there's a firewall scheduling tasks how do i schedule tasks well you can use the cron tab service and there are different places you can look at for scheduling tasks the most common is using the crime tab minus e option so let's take a look at that so clear this out let's go down to var spool so if i go to var spool cron i can see in this there is nothing here if i do cron tab minus e it will use your default editor and you can go and put something in here so you can put in a bunch of different numbers so if i want something to run every minute i could do this right here and then i can type in some command now one thing to keep in track of is that cron when it runs it does not necessarily run with the exact same environment that your user logs in and runs as that means that file locations and executable locations might not match exactly so you usually want to pass in the not just relative but the absolute path names for everything so what i wanted to do um let's find a control z switch no can't do that let's go ahead and leave a comment here and let's figure out what command we want to run so we write and quit and if i type in a command right now like ls it tells me what's in my directory and if i do which actually that's the part of bash which uh we'll say it's really an alias um but let's try this uh user bin ls so if i type in user bin ls and go back to my cron tab try to have minus e for edit and then i for insert mode i user bin ls then i can write this and it will install a new cron tab and if i take a look at my current directory there's this thing called root if i cut it out you can see it is that text file i just edited and now i may put it here in my varsitron directory didn't have to put it here but it does because that's where it puts all the cron tab files it's not just because i'm in this directory it's because this puts them so now it's supposed to be running every minute so you can see that in about 12 and about 30 seconds they'll run again so then what were all the stars i put five stars there so i look at my crime tab information you can see all this stuff here it says here you go there's a bunch of stuff about using cron tab to get in here if we want to see more information and actually see what these things are we look at not the crime tab file not the crime tab executable but the information page so i can do man 5 cron tab and now it will tell me the information about how to set up cron so i scroll down and it says okay there are five fields the first one is your minute field which if i put star there it means every minute if i put a number there it would mean that minute so if i wanted to run on the hour every hour i put a zero there and then if i wanted to run maybe every day at midnight i could put zero zero and then three stars then i can limit things like the day of the month i can pick which day of the month from 1 to 31. some of these days of the month might not be hit 31 might not show up for every month so maybe you run things on the first day of the month or maybe some random day in the middle of the month you can pick which month 1 1 12. you can also pick the day of the week which is 0-7 so 0 and 7 are both sundays there's also other combinations you can do commas to separate multiple different things and you can do slash things i usually do things like star slash three for every three minutes or hours that can be useful all right so now if i look at my date right now i can see that some time has passed so the ls command should have run multiple times so if i go over my mail our school mail i can see there is a root file and if i count my root file right there i can see all the mail and it's probably generating something but maybe not sometimes when you have a crying job that runs it produces mail so just be aware of that all right so that's how you schedule tasks as a normal user or as the root user there's also the etc cron directories so there's etc crime.d for your configurations crime.daily current hourly monthly weekly something wants me to run every day i can do crime daily and in this chron daily i can see that these three commands are running every day it doesn't tell me when they're going to run but they're on every day and now it says i have mail in my directory or root notes full so i cut out this root thing it looks like it is running again and you can actually see this is actually output from the ls command it's running in the root directory and these are files in the root directory it doesn't matter where i'm at right now if i look at the root directory i will see the same files but it's running it slightly different it's not running it the same exact way but you can see how it's slightly different when it runs versus when i run it by hand all right so that's scheduled tasks how do you know if a cron job runs well you don't necessarily know if it runs if it produces no output but if it does produce output then you can see it right there in the mail so firewalls what firewall is used in my system well it depends on which system you have but it's changed quite a bit when i first started using linux the red hat distribution i was using had ip chains which was later replaced by iv tables and now we are in centos 7 which is a little bit different it uses ib tables kind of in the background but it really has firewall d as a front end to it so it uses kind of both things there firewall these kind of a front end to manage it but in centos 8 they are switching out firewall d and going something different so just keep that in mind they keep changing back and firewall so firewd is what's used on my system but you can use ip tables as well how do i see the current firewall configuration well you can use the firewall cmd command to look at it so we can look at that how to open ports and services and figure out which services are supported and how i do a permanent service what that means okay so let's go back to my home directory if i do firewall wall dash cmd no space there dash list all like that it will list which services are allowed through the firewall this is the active current services getting through you'll also notice notice this is the public firewall rule and we can see the ssh service is getting through and we know that was getting through because we already did an end map and we can see this dhcp v6 client service is allowed through which means if i'm running as a dhcp client then i'm allowing responses from the dhp server to come back into me and tell me what my ip address is so that's important nice things to know what if i want to add a service so i do firewall cmd add service equals http so add the web service it says it's successful and i think okay that's great but if i reboot my system it will no longer be in in my firewall because this is an active only change if i wanted to be permanent i would use a dash dash permanent but let's take a look at what this does since i'm not running a web server what if i jump over here for a machine and scan it myself again so i jump over here and i scan myself again and i can see that the ssh service should still be open but now i should say something different about http it says http is closed which means that the firewall is open but the service is not running so keep that in mind that's what that means i just probably top stopped my crown job so if you cron tab minus e and i can just do d equal times and quit there we go all right so where are these rules stored and how does that all work well if i do i added the http firewall service if i wanted to get something else what do i have well i can do a firewall all cmd get services and that will list a complete list of all of the known services so that's quite a few of them so how do i make it all work well i figure which service i want and then i have to turn on that service what do these services do well we can probably assume that when i turn on the http service it turns on the port for http which is port 80. and we probably saw that when we were looking at map we just didn't pay attention to it so now what do we do well we can now take a look at some more information here and see where does this actually get stored so i take a look and we look at the user [Music] lib firewall d and you can see there's a bunch of stuff here and one of these things is the services directory so if i look in there i can see the exact same list of services but what does ssh do so i can cat out one of these services at ssh and i can see it says that i'm going to allow http i mean program i need to start up ssh it will be tcp port 22. if i want to look at something different like dns what does it do well it does two different things it does tcp port 53 and udp 453 so most queries when you're doing dns lookups are udp but if you're doing a zone transfer it does tcp so you could modify this or change if you wanted to i wouldn't recommend it or you can also add new services here just put in the information right here so we can see what services there now what else do we have if we look at the etc directory there is a firewall d thing and in here there is zones and public so there is a zones public file if i look at this thing right here i can see some information it says that ssh and dhcp version 6 client are both listed in this file what happens if i add something permanently so i added the http service now i do permanent and i look at that same file again and you can see that it's been added to the file at the bottom this does not make it active it means the next time the firewall service will start up it will add that to the firewall if i remove it from this permanent thing so let me do dell service nope not dell it's removed remove service it removes it from the permanent but it is still in the active so i do firewall cmd list all i can see what is currently active and if i want to see what is in the configuration file i can look at the file or i can add the dash permanent to it and see what is in the configuration file so you can see actively we have all three of these in the permanent we only have these two so that's interesting to pay attention to and be aware of so where are the firewall files stored we just saw that can the firewall be updated using the files yes you can update it using the files you might need to restart the service but i'll assume and can you add additional services yes you can so you can go in there and just create new services just use the same file format and create them too and that is services let's look at ports and then we'll be done so a ladder here let's say i want to add port one two three what is it i don't know but we'll add it anyway so we do firewall we did add service equals something to add a service and if you want to do a specific port you can do add port then you have to figure out what's the format well you gotta remember if it's tcp slash one two three or if it's one two three slash tcp and one of them will probably work so you try both and figure out which one works in this case i did the one two three ccp and i added it it's not permanent so if i restart my firewall it will be gone so let's take a look at that so if i list my list all i can see there is a port section and ports are listed if i reset my firewall i should just use system ctl restart firewall d now if i look at the same thing again i can see the port is now gone you can also do the remove port as well just remove it the same way you add the ports and that is the end of this lecture processes and resources what is a process what is the thread how are processes and threads different a process is basically a program what happens in the cpu is there is a program counter and there's some memory and so what happens is the program gets loaded into memory and then the program counter tells the cpu which part of that memory is looking at which process or which operation is going to do next and so that process counter continuously moves through and then the cpu execute these commands so each one of these programs gets loaded into memory is a process within those processes you might have different pieces of execution and those different pieces of execution within the same process can be called threads so if you have a process that has threads what really happens is your process is running and your process switches between the different portions of the process to do different things it's very common to have some larger applications have multiple threads and even some of them are starting to have multiple processes games were pretty common to have multiple threads back in the day they still have multiple threads and the idea is that maybe you want to have your audio b1 thread your gui be a different thread and some of your game logic be different thread so your audio can continuously run and not have to wait for it to make other decisions about game logic while you're playing your game and one of the big changes with the chrome web browser was they decided that there were too many problems with one tab would crash and take down the entire browser so chrome decided to break it out and have each tab be a separate process they've changed a bit since then but originally that was the idea so that if one crash that tab could crash and the rest of the tabs could stay alive so processes when they crash they can take down a lot threads when they crash well sometimes things continue to run sometimes it depends on how they crash what happened if it crashes the whole process goes down if it somehow gets in an infinite loop then that portion of the right can just loop forever and the rest of it might stay live keep going so that's basically processes and threads and how they're different so then what is a multi-core cpu well there's this whole thing about moore's law where the speed of cpus doubles every certain number of months or years and things kept getting faster and faster and faster and then they ran into this problem the problem was that when you get things small enough it doesn't really work out so well so they were making all these cpu pieces smaller and smaller and smaller and when you have electricity going through a cpu at some point the electricity jumps across and breaks things so you have two wires right next to each other and there's a really high charge then they'll create some kind of a lightning bolt playing a little electric electricity charge between the two of them and that can can destroy stuff so what do you do well your electricity is basically watts but your watts are either going to be amps or volts so amps create heat and resistance and fun things like that and volts they create your arcing jump so as you take your larger cpus and you shrink them down you have to worry about these volts jumping across so what you do is you convert your volts into amps so that's kind of nice it means that you can go much stronger [Music] but not have to worry about it jumping across the problem is then your cpu heats up more so it's kind of a trade-off if you have a higher number of amps your cpu overheats if you have a higher number of volts the [Music] charges jump across and destroy stuff inside of your cpu so when i first got into computers cpus could handle something like 200 volts and then it got down to like 50 volts and now it's probably even lower before they start causing problems and they're always worried about this electrostatic discharge problem so what does this have to do with multi-core well they discovered we don't have to make smaller and smaller cpus at some point they're kind of small enough and so what we need to do is now have more cpus on the same cpu so they create these multi-core cpus dual core then quad core and some people even through like three core cpus and then six and eight and well 3 and 6 are basically because they fail in a couple but that's okay anyway so the idea is you get these multi-core cpus with multiple different cpus on the chip and that is what a multi-core cpu is it's a cpu with multiple different cpu cores on the chip so what does it mean when a cpu has hyper threading well we talked about processes and we talked about threads basically the idea with hyper threading is that your cpu tells the hardware the rest of the hardware it has more than one core so if it's a single core multi or hyper threaded cpu then it will tell the computer it might have two cpus on the chip and so the computer sends two different processes one to each one of its virtual cpus and then these virtual cpus both have a little bit of memory and a little bit of other information there and it only has one actual cpu but the chip can then switch between them very quickly and so it simulates two just switching back and forth very quickly without having to worry about the operating system keeping track of which processes are where it just sends them both there and they're both handled without the operating system needing to copy things out of memory and move new things into memory what it does with other multi multi-process type operating system tasks so you can have both a multi-core and a hyper-threaded cpu so you could have something like a quad-core cpu where all of them hyper-threaded so instead of showing up as quad or four it shows up as eight cpus which could be nice it makes it so you can run things faster but in a hyper threading situation you still only have one process running at a time in a multi-core situation you have multiple processes that can actually run simultaneously so then that brings us down to the next thing what is a race condition well a race condition is when you have a situation where the outcome is determined by what happens and what order so i like to think about the atm example say for a moment you have an atm machine and you want to make a 100 withdrawal from the atm machine if you go to the atm machine put your card in there and withdraw a hundred dollars you get 100 taken off your account and you get 100 it comes out of the machine but what happens if at the exact same time you are making withdrawal you have a direct deposit let's say that you have a job you get two hundred dollars deposited into your account so the question is well does it matter what order you process these things in so what does an atm machine do well first it reads your account balance it sees you have the hundred dollars it takes the hundred dollars subtracts it from your account and then it sends you the hundred dollars now the direct deposit might look at your account figure out how much you have might add your 200 deposit into your account number and write it back to your account so what happens if they both read at the same time so they both find out your account balance one subtracts 100 one adds 200 and then they both write back well then it matters which one wrote back first as to what your account balance is going to be so that is a race condition obviously the ideal situation for you would probably that you withdraw the money at the exact same time the direct deposit goes in and the direct deposit reads and then the atm machine reads and your direct deposit is the one gets written after the atm gets written which means that instead of having a net of 100 more dollars you'd have a net of 200 more which would be great the bank probably not like that though okay how do i know which processes are running well on a linux machine you can look at which processes are running you can actually do on other machines too pretty much all of them have a way to look at the processes running and the easiest way to do that is with the ps command it'll show you the processes are running you can have processes that are running in the background and processes that are running in the foreground so a background process is one that runs and doesn't send out input to your output to you and things that is just running in the background a foreground type process is if you have a terminal or something open and you're running a program you will see um text print at your screen you'll be typing things those are in the foreground background you don't see anything or you rarely see anything so how do you get into background processes well you can actually pull them in the foreground and you can disconnect output and things like that and all be taken care of so let's take a look at a machine so here we have a client machine and i'm going to run the ps command so i type ps i can see these are two commands that are running the bash command which is my shell so my terminal opens up it's a terminal window inside the terminal window we have this program running that allows me to type in commands and then it runs them that is my bash shell and the command i just typed in is ps and so it says well bash is running and ps is running if i type it again see that bash is running and ps is running now what you might notice is that the process id number for bash stays the same because it's the same shell but my ps command is different because i started one command and it printed out the output and then ended then i started the next one it printed out the output and it ended so how do i start a background process well let's try the sleep command sleep if i type in sleep 5 it will wait 5 seconds and then the command will end and it will return back to my terminal i can do sleep 5 ampersand and start as a background process and it immediately gives me control of my shell again but it's still running if i press enter again it says oh it's done by the way all right so if i want to sleep for much longer than that let's say i want to sleep for five minutes i can do sleep 300 and it starts in the background and you can see there's something here it also says that there's a process number five zero four seven if i have a ps i can see that five zero four seven is the sleep command and it is running i can also see that my bash is running and my ps is running if i want to i can type in jobs job says that number one is running i can bring this to the foreground if i want by typing in fg and that will take the default one but i can also do fc1 pull in the number so now it's running the foreground if i want to put it back in the background i can type in ctrl z which will stop it so now it's not doing anything and then i can do a jobs command again to see what it is and it says oh it stopped by the way so i can do a bg one and start it back up again in the background if i want to end the process well i can do that too but i need to figure out what process i have so i like ps and say okay my sleep command is five zero four seven so there are a couple ways to stop the process one is i can bring it to the foreground and press ctrl c to kill the process or i can use the kill command so we look at the kill command and kill it says terminate a process and it says i have to do pipe pipeline kill and then i give it some signal number if i want and then there's a pid number and all these things here you say well that's great so i can also look at other things like well there's a kill two oh that's interesting kill two means it's probably tied to the programming language kill then i got things like signal seven which is probably more informational so do man seven sig null and it says okay here's some information about how these signals work and it says okay here are some signals and you get some impression okay so what does it do well if i do a kill then it's going to send one of these signals it's going to send this sig term signal over so the program receives the sig term and it says oh it's time for me to terminate and that works however some programs don't like to terminate there because maybe they they're crashed or something else and they won't terminate so maybe you need to do it not from telling the program to terminate but you want to have the operating system itself kill it which case you will do a sig kill which is number nine so let's try that we can see once again my sleep command is still running so i can do kill and 5047 and it says terminated so you do ps and you can see it is gone i think oh i want it back so now i'm going to start it back up again and i do a ps command you can see it's there running it's going to be running for another five minutes i can also do kill minus 9 or minus s9 and then the number 5246 and it says killed which is different from what it said previously which was terminated it's terminated and this one is killed so if you're having trouble getting something to stop use the kill command so once again i'm going to start this back up again now i'm going to do a fg to bring it to the foreground and i will press ctrl c to kill it now if i do a ps to see if it's still there i can see it is not there because i killed the process so it gives you an idea about starting things in the background and what happens there so the next big question is well what happens if i close the terminal well if you close the terminal it dies and it's gone so that can be a problem especially if you log into a server you start a process in the background and then you log out and suddenly your terminal is gone and the process dies how do you get that to work there is a no help command to do man no hub what it does is it runs a command immune to hang ups with output to a non-tty so you type in no hub space the command name and it runs it in the background without your intervention and you don't really yeah well it kind of keeps running kind of you can still kill it so let's start with the sleep command again with a no up no now it says ignore ignoring output or input and pending output to nohup dot out all right so now it's running if i close my window here it will continue running if i do a ps you can still see that it is running so i can still kill it just like i could before and i can do it jobs and suddenly you see it there so if i do fg i can bring to the foreground and then i can press ctrl c to kill it or i could have killed the kill command so i can still kill the process however it doesn't it doesn't die when i close my terminal all right so back to these questions how do i start a background process just with the ampersand at the end of it how do i get into a background process you can go to fg to bring it to the foreground you can do jobs to get an idea of which process is running in the background and then what happens when a process what happens to a process when terminal closes well it dies unless you use something like no up to keep it alive how do i know which processes others are running well other users who are who are they and what are they using how do i know how much resources each process so we're using so how much are they using and can i end running processes well we know we can end the processes because we saw the kill command what do i do if the process refuses to die just give it a stronger signal the -9 is much stronger than the minus 15. so let's figure out what processes are running so i jump back into my machine here and let's take a look at my processes so i can do ps and it only shows me my processes but there's got to be other stuff running so do ps aux aox just a bunch of special keywords key letters anyway it displays this long list of processes running if i want to have a nice list to look out i can do type 3 less and i can scroll through it and see all the different process numbers what they are who's running them you can see there are other users here as well well mostly root but you know there are are users here like the i don't know like the gdm it's just your your login manager thing caller d and postfix which is your mail server so all these things are running and some have user accounts for it and at the top you can see the user running it you can see the process id number the amount of cpu they're using the amount of memory they're using and then there's a bunch of other stats here and the last thing over here is the command that was used to start it well kind of it's not always exactly that way so i can go ahead and kill any of these processes with the process id number i can also use another command top top is a more active dynamic list of processes running so you can see which processes are running and what's going on it tells you how much memory is being used the totals number of processes number running processes sleeping processes you see that most of the processes are sleeping at any given time that's what they mostly do there's this sleep and you can see how much you're using how much cpu how much memory and you can sort things we don't really know how they're being sorted right now but you can use the greater than or less than commands to keys to shift how it's sorted so how is it being sorted well if i go all the way over it's now being reversed sorted by process id number and i can go now over to user then pr then ni ni is the nice level so how aggressive it is in running this event and ver res sure s cpu so now it's ordered by the highest cpu down to the lowest cpu and i can switch over to memory from the highest memory down to the lowest memory so you can do lots of different things you can also press other keys such as k if i wanted to kill a process um so let's press ok and it says well there is this default process some number one at the top if i kill my known shell then that will probably log me out i don't want to kill that one i want to kill the top command so i do five four two seven and it says do i want to use the say term yeah we'll see yeah sure so happens the top command now ends so that was a quick way to end it right i could have just pressed q as well q to quit out that's okay but you can see how this works and you can see which processes are running on the system and what resources are being used by the on these processes what is the proc directory well the proc directory is an interface to the kernel what does that mean well it's a it's a actually a fake directory i mean there's a directory proc but you have this whole entire file system that includes lots of files that don't really exist they're not really files they're just virtual files and these virtual files have information in there and some of these pieces of information are things like your cpu information and what you do when you look at that file is you get information from the cpu from the kernel actually not cpu from the kernel it tells you what what information knows about the cpu your memory information shows you about your memory so all these different things you can look at so let's go take a look at the proc directory and so we can see so right here if i go to the block directory and take a look around you can see there's a whole bunch of empty files well they're like zero size so if i look at let's say i take a version right here at the bottom so version zero by file so i cut out version and that's clearly not zero bytes but it tells me the version of the kernel running okay so i cut out uh something like the zonium vote and it says well this is some information you might like to know i'm not sure why i know this but it's all there i can cut out things like my cpu info cpu info and it tells me oh i've got couple processors this one right here is processor zero it says it is genuine intel tells me about the cpu family it tells me how fast the cpu runs and all that information i can also do things like uh cut out my mem info which tells me how much memory i have it tells me that total memory it tells me how much is available and it also tells me things like how much swap is being used it talks about dirty memory which is basically memory that is um well it's been loaded into memory but it has not been written out so there's no copy of it and so it cannot be flushed out to swap cleanly so you have my swap total here my swap free all right so these are all these different memory information pieces if i look back at the directory ls again you can see there are a whole bunch of numbers here and there's a bunch of words numbers and words so what are these numbers well let's type in my ps command you can see that my bash shell once again is four seven two two so if i go into the four seven two directory and take a look around you can see there's a bunch of stuff here and these are different pieces of information you see the executable there's a symbolic link over to my bash and you got these well information about your process your cpu things here right here is the command line that was used to start my process all kinds of pieces of information you can use such as your environment so different things here you can look at you can mess with um well you can't mess with a whole lot of it but some of you can mess with so this information can be useful and this information is kind of what you get when you run the ps command you get all of these processes here and information about them but then there's other directories in here things like cis and fs let's look at that and they are really kind of what they sound like well let's go into sis and take a look at this so you have in your cis let's go into net now we got ibv force let's go to ibv4 a bunch of things in here all right so what do we have well one of these things is a value so the ipford thing right here let's take a look at that if i cut out ip forward it says it has a value of one well it could be a value of one it would be a value of zero so let's do echo zero into that ibe forward now if i cut it out again it's zero so you can change the values and well so let's leave it as zero but let's do a ls minus l ip forward and you can see that even though i've changed the value it still has a value all right size of zero so what i did is just change a kernel value somewhere ipford is basically the value that tells your kernel that your computer can run as a router so why would you want your linux machine running as a router in fact that was the default value so let's put it back to what the default value was running as a router why would i do that well if you ever want to set up your machine as a nat box you provide you're doing your network address translation or you want to run as a normal router then you probably want to have that router switch flipped on so then manually going in here and using the echo command to set it will only set it in active memory what if you want it to be there on boot time well you can do that too so let's go down to the etc directory there is a assist ctl command versus ctl command and also a file so if i cannot sis ctl cto.com i can see oh here we have a bunch of stuff and if you want to figure out how do we use this well we could do the man page man cisctl.com and it says okay well all you need to do is figure out what you want and put them in here and tell it what you're doing okay well that's kind of confusing so what are we doing it also says you have other files you can look at there's the atc ctl dot d directory which has a bunch of comp files so let's take a look at that one cis ctl directory and you can see there is a 99ctl.com file okay so it says all right we just want to load this one first or not first but after everything else because they're in order and all it says is well the delete com file which you looked at so if you wanted to have something start up on [Music] boot time you could use the assist ctl.com to make it happen so how does that work well the i p forward command had this long path so if i do ls minus l you with the proc cis net ibv4 before ip forward that was the file now everything from cis after cis this net ibv4 ib forward is all what you all need to know about so i can go into my cisco ctl.com file and i just need that part there net ipv4 ip4 so go down here and do a net dot ipv4 dot ip forward equals one and that right there will set it up so that when it boots up it will set the ip4 to one well it's already been set to one so i could change it to zero if i wanted but that's how you do it you set values in there you can also use the sys ctl command this is ctl how does that work well it says you type in your options and your variables and values and some of that you can do a minus p to read from a file so i just use this ctl minus p and it sets my net ibv4 ip421 because it's reading it from the file the default file i can also have other files i read from as well but that's how you set those all right so what other variables are stored in the kernel proc directory well we saw the ib forward can i change things well we know the answer that you can use the echo and you can also use the sys ctl command and that brings to the last question what's the cdl command used for it's for changing those things all right file systems how do i know how much hard drive space is being used hmm that could be important right how do i know how much space is used in a directory tree we can do that too we'll look at that in a moment and then what happens when the machine runs out of drive space i'll tell you it's very bad things happen if you think about it we have a journaling file system so um in theory what would happen if you absolutely ran out of space in order to write something to the hard drive usually you have to write to the journal first say i'm going to make changes to the hard drive and then you make those changes and then you remove your entry from the journal well what happens if the journal takes up extra space then you cannot write to the hard drive in fact there are some file systems that are written so poorly that once the hard drive is completely full if you try to delete a file it has to write to the journal that's going to delete the file which it can't do so it can't delete the file so the only way to get it clean is to completely reformat the file system that's a very poor design so that can be really bad don't ever run out of space linux is fortunately written by people who are much more intelligent and they leave a little bit of buffer space and things of that so that you can still do stuff even if you run out of space kind of they kind of run out without actually running out so how do i get more space well you can delete things you can add more hard drives and if you have something like a lvm in there you can add more hard drives and expand your current drive size and then use your file system tools to expand your file system in your drive space so let's go look at the file system see how much space is being used and how we can look at directory trees so let's jump right in clear that if i type in df it tells me information about my space being used now these 1k blocks are great we love seeing 1k blocks but what does that really mean well let's do a df minus h into human readable form it tells me okay this is how much space you have and it rounds these things a little bit so they're not quite exactly accurate but you know it's accurate all right you can see which devices i have and how much space is available on each device you can see there really are only two devices that have real space you have your first one right here your centos root which is your main file system and i also have this boot directory the rest of these are all kind of virtual-ish things they're not real really real they're kind of more memory things that are kind of fakeish so they don't really count but those two are real hard drive space all right so i know how much space is there i know how much is left but what about directories how much is being used by my i don't know my home users if i look at my home directory i can see there's a joseph person there so if i go down take a look i can go into my home directory i can go into joseph angle around see how much space is he using well it looks like it's not using very much how do i find out how much it is we can sit there and add everything up or you have the du command do it so du and let's do the home directory it says oh 12 is being used what's 12 well let's once again use the minus h which happens to be the human readable form and it says oh it's 12k like oh okay thank you what about the user directory if i do it du minus h on the usr directory well that's much larger because it has to go through and parse through all of these directories and figure out how much space to be used being used in everyone and add it all up and it comes up with a total and says oh the entire usr directory is 3.5 gigabytes more or less i could do that in less human readable form if i wanted to get more exact numbers and it'll say oh this is the number of blocks being used these are the 1k blocks and that's how you can figure out how much space is being used on your system anyway these are um that's how you can figure out the space that's how you can figure out what's in a tree and once again don't run out of hard drive space bad things happen and that is the end of this video kernels and hardware when you're running a linux system you might have questions about a kernel well first of all what is a kernel well kernel is the main program that runs your operating system it's the main thing so linux is the kernel so which kernel version am i running well there's lots of different kernels which i'm running and where is the kernel file stored where is the source code for the kernel and what options were used when building the kernel so let's take a look at these questions and see if we can figure them out so here we have a system i'm running my linux system and i want to know which kernel i'm running well if you look in your etc directory there's a bunch of files in there so if we cut out our edc there's a red hat release file and that tells me which version of sentosa right but it doesn't tell me which kernel i'm using so that's kind of uh tough so you start saying well where else could it be stored it actually turns out there's an easy way to do it just having the union command you name minus r and that tells me my kernel so my kernel is 3 10 0 [Music] dot x864 so these el 7 maps up to this centos release thing which is seven same seven right there now the seven six well that is kind of retired the red hat release and this 1810 basically tells you which centos release this is all right so we've got that how is the kernel built well most things that only system are built with the gcc compiler but do we know it was both that well we can actually take a look at the kernel and the kernel can tell you something as well so cat proc version and we see once again that same exact number so this number right here the kernel number is showing up right here so that's the kernel you can see where it was built and the gcc version that was used to build it all right so that's good information so where is the kernel file it's built it's loaded to memory i get that where is it at well fortunately you can find it in the boot directory and some systems have boot mounted by default some don't you can always cut out the etc fstab file and see what it says about your boot directory it's got my device here so uuid and then this boot and it says xfs defaults so it's not not being not booted sometimes it doesn't actually load for some older linux versions because they don't plan on changing the kernel often and so they just don't load it and it also protects it a little bit but it is mounted and it should be there so i go over the boot directory and take a look there are a bunch of files here and if i go back to my unanim command once again i can see this is the number i'm looking for so if i do ls minus let's do l and then pipe that through a grip and we want to do a back tick u name minus r and what we're gonna do is we're gonna look at all of the files and we're gonna filter out just the ones that happen to have that string in them correct unity as far as around there all right so you can see there's a bunch of stuff here okay what is it well this first one on the top is your config that is the configuration options that were used when creating this kernel so as you might expect you less out that config with 12 and you'll see a bunch of options tons of options with yeses and and modules and not set and things like that and you go through you say okay so that's how the kernel was built all these options are set there's lots of options just kind of keep scrolling through them lots of options to set all right then you have this ram disk thing ram init ram fs well it's the initial ram disk file system thing and that's kind of important what does it have well when your kernel gets loaded to memory the way it happens is you have your i guess your bios loads the first part of your hard drive and the first part of your hard drive loads your your boot loader and your bootloader looks your configuration files figures out what to load and then it loads your kernel and when it loads your kernel there's always that risk there's a slight risk that your kernel will load up and it will not have the drivers in order to read the file system so that could be um because you have some kind of a raid set up hardware raid you need to have the hardware raid drivers in there other would otherwise you can't read the raid if you can't read the raid you can't get anything from the hard drive you all kinds of problems but the bios when it's reading it reads things differently than the kernel reads them so it has the ability to read things that the kernel cannot read so that could be a little interesting so it's always possible to get in a situation where your kernel is loaded but your kernel cannot read the hardware because it needs some kind of drivers so where do you put those drivers well you can put those drivers in the initial ram disk and so you put drivers in there these little kernel modules and they get loaded and then it can suddenly read the rest of the system so that could be important let's get down to the bottom we've got this vm lena's thing so the z is for compression it's basically a compressed file it's really a larger file and that is your kernel that's your kernel built out pressed waiting to be loaded into memory so that's what happens that gets loaded but then where is the source code well source code for the kernel is usually stored in the usr src directory so let's take a look over here we've got oh this directory called kernels so let's go in here and take a lot of kernels kernels they look and it's empty why is it empty well if you think about it most people don't need their source script for their kernel right you just want the kernel to run you don't need the plans you just want it there so some versions of linux ship without the kernel well that can be a bit of a problem because what happens if you need the kernel well that's okay we can get pieces of the kernel so when do you need the kernel if you are changing some of your libraries and your libraries need to be able to access the kernel so you need to make system calls to grab stuff from the kernel you might need to have your kernel headers and the kernel headers can be loaded with a special package so let's look if i do a yum install kernel devel it will install the kernel headers so i do yes now contrary to common belief if you install this kernel develop it doesn't give you everything you need to develop the kernel no not quite not that at all in fact all you're really getting is the kernel headers quite a small little uh piece of information you need more in order to actually build the kernel but we can go in there and take a look so now we suddenly see there is a directory here so i go to that directory and i can see all kinds of files here one of the files is that config thing so account my dot config and you can see this looks like well a bunch of the same thing that we had in that boot directory if i do a diff to compare my dot config in this directory config to the one in boot dot config right here you'll find those two files are exactly the same so there's no differences so that's great that's kind of nice but what if i don't want this kernel what if i want to get a new kernel well i can download it or if i want to actually build a kernel we can do that too in fact you can look at your options even there is a menu config thing you can do a make menu config and look at your options but it doesn't quite work without some development tools and a little bit more so let's do a yum group install and we're going to get our development tools that's the entire development tools package set which includes your gcc compiler and all kinds of other libraries so this will get you most of what you need in order to be able to see what the kernel needs in order to be developed in some of them so after a couple of seconds it's all downloaded and you're ready to go and i want to do a yum install n curses n curses allows me to have menus so i can do up down navigation through menus with the keypad all right so anyway i make menu config so i want to make sure i'm in this directory which i'm in you can see i'm in the correct directory you can see there is this make file here which allows me to run the make command so do a make menu config and that will do this right here print a few things and suddenly it'll pop into a nice gui right here and i can go look at the options that were set at the time that this kernel was built you can go into individual things say okay do i have the second extended file system that's ext2 do i have it no i don't have it do ibxc3 no i don't really have it but i do have ext4 that's great any xt4 can read ext2 and the xc3 we just want to make sure we use that and so you can say well whatever i want something like razer fs or jfs or xfs i can put those in there i can even build it into the kernel if i want to not use modules but you probably want to just use this module because maybe you're not using xfs but if you know you are maybe you build it in all right so exit out and if you make changes you can save those changes and that's good for building your kernel usually what you do to make your kernel is you use the make command and you do a well make make all but that doesn't really work here because we don't have the source code so where do we get the source code well the source code actually can be found in other places such as right here on kernel.org you can see kernel.org you can see the linux kernel archives has a bunch of files here you just download one of these tarballs and decompress it in the usr src kernels directory and then from in there you can just go inside of it and build it make sure you have your development tools make sure you end curses make sure if anything else is missing and yeah then you're good to go all right but that doesn't really get it all taken care of so let's go back and see what drivers do we actually need right because you think about it you've got this this thing you know where the kernel what version you're running you know where it's stored you know the source code is not there but you can get the development headers if you want which can be used for really other stuff and you know what options were built or used when building it so how do i know which hardware i need to use so you need to know what hardware you have on your system and you can figure out which usb devices you have you can see which pci devices you have you can see which drivers were used or are being used and you can see specific versions of all kinds of stuff and this information is going to be useful so let's take a look at it so if i do ls usb it says these are the devices that are connected to me okay well these are the kind of things i got which is kind of nice doesn't really tell me much because there's nothing really there i can also do lspci and that says these are the pci devices that i have on my system well what that's not enough information what if you need to know more information just that because i can see okay i've got a vga compatible controller thing here that's nice so i know that's what i need for my graphics card and i can also use my ethernet controller right here but i don't know what drivers i'm using so you can do a lspci minus v for verbose and that says oh here's some information and you can see for example my video card right here got some information about it that's nice um drop down to my ethernet controller right here and it even tells me things like this is the driver this is the kernel module that's being used the e1000 is being used some of them tell me the drivers such as the sound cards and pci things all these things are showing up and giving information but what if that's not enough for information what if i want more i just add another v suddenly we have more what if that's not enough i want more i just add another v okay so it doesn't give me that much more so really two v's is about as much as you get but you can use three so add a couple of these and you're good you can see what hardware you have with this pci thing so why is that important well you need to know which drivers you're using if you want to guarantee you have them when you do your installation or building of a new kernel it can be kind of important you want to make sure they're either built or make sure that they are built into the kernel so that you don't need to build the modules kernel modules so what are kernel modules well kernel modules are your drivers they're the little pieces of kernel code that gets loaded in and used so you might say well why would i build kernel modules for hardware i never need or don't use well i don't know why would you well you might use it but if you know you will never use something you don't need that module it's not necessary so then why were the kernel modules built outside of the kernel instead of in the kernel well the reason they're built outside of it is because you don't necessarily need everything and there are even problems where multiple different kernel modules can conflict with each other and you can't have two two of the similar modules because maybe one will work only on one there might be two different modules built for the same hardware and you only want one of them maybe one's open source and one's a proprietary closed source and that could be well a good reason to have them outside the kernel because you can only have one in the kernel and if it's in the kernel it's guaranteed to be in the memory and what if you don't ever use xfs or ext2 or three if you don't use the exc2 or three why would you want that that kernel module built into your kernel just don't build it so which kernel modules are loaded well you can use the ls mod command to see which ones are being loaded and things like that so let's go take a look at that right now to clear this up i do ls mod and something that shoots as a big list so we knew we were using the e1000 driver for our our uh network card and we can see right there it's being used the e 1000 is loaded up and it's in in there we can see lots of other drivers in there as well so which drivers do we have well you do mod probe and that kind of tells me something it says well here's some things you could do and it's just saying well what do i have and you've got this minus a option so let's figure out what that does so do mod probe minus a and nothing there we want to usually you can use mod probe now load drivers and sometimes you can use it to list the drivers as well um let's clear this up so let's approach just a different way so we mod pro apparently doesn't have the option anymore to look at all the modules but we can still load modules and let's take a look at the directories where they are stored so if i look at the lib directory ls let's say oh lib there is a lib modules modules all right so that's interesting there's a lib modules and then we want to get our kernel which is 3 right there with the 12 and we see this stuff right here well that's a lot of modules right maybe so use the find command find and we can list out a bunch of things in here well we know that we want to look for the let's find their network driver so we know it's ev1 000 so i do grep rep e1000 and we see suddenly this is where you can find the drivers for the e1000 there's the e1000 and there's the e1000 um e whatever that is but you can see the directory where it's stored and you can also see the actual module stored there and it most have end in a ko but these ones are apparently compressed they have an xz at the end and so these all get loaded at boot time and well then when it gets loaded and sometimes they get loaded at a lot of times so once again if you look at ls mod you can see the list of modules if i wanted to remove a module i can do that as well with an rm mod or ins mod for insert mod to and modprobe once again can add or remove modules so those are a couple things with kernel modules so we can see first of all um which kernel modules are loaded with the ls mod command we can see um which kernel modules there are by just doing a look at the uh the lib modules directory and then how do i load kernel modules you can do mod probe to load them or ins mod so why would i want to build my own kernel well sometimes you want to build a kernel for a specific purpose maybe you don't want to have any extra modules built in maybe you want to just build a kernel that specifically meets a set of hardware and you're done if you do an embedded system you want to make sure your hardware meets exactly or matches exactly what the kernel has are there any performance advantages to building a kernel yes there are you can build a kernel specifically for your hardware and then you can optimize everything is that a lot of work yes it's a lot of work how do i build a kernel well first you need to get the source code and we saw where to get that because you get it from kernel.org you download that you put it into your user src kernels directory decompress the file you go into that file and you then can make sure you have your libraries installed and you can do a make menu config and set your settings if you want to copy over a config you can copy over config from a previous or different version of the kernel that you know works and then change the settings up a bit then you do a make make all and it will build it why do i need a compiler well you need a compiler because you need something to convert your source code into machine code how long does it take to build a kernel and the modules well that's an interesting question it depends on what your cpu is if your cpu is a nice slow virtual machine cpu it could take you i don't know two to three hours to build your kernel if you are building on much harder faster [Music] multi-core cpus you can do it much faster you could do it in 10 to 10-20 minutes so why does it take so long well there are a lot of files there's millions of lines of code in that kernel so you are looking at a lot of stuff parsing a lot of stuff and it depends on how many options you build the more options you put in there the longer it takes once a kernel has been built how do i change which kernel i am using well remember the bootloader loads the kernel right so all you need to do is tell the bootler how to load your kernel all right that sounds pretty easy so how do i change the default kernel system he's using well with the boot letter and let's go take a look at that so clear this out the bootloader so let's drop back to that boot directory again in here there is a grub and a grub 2. so let's take a look at the two directories so if we do allows myself grub rub i can see a splash.x pm.g z that is the splash screen you see when you boot up your system if you're using grub so it's being loaded great that's not where you make changes if you go into grub 2 this is also not where you make your changes but you can see what changes have been made there's a grub dot c f g file here so let's take a look at that one grub dot cfg [Applause] and it's got all this information here but what's useful is it tells you basically where the files come from so it's a collection of files from the etc grub dot d directory so it goes through and it reads in these files so it takes this first one zero zero onto our header and it puts the header in there and then you can see it's adding each piece one at a time alright well if you go down here you see there's this 10 linux and you can see there's an option here menu entry uh mentoring entry so whatever here is in this menu entry quote is what you will see when you're booting up that will be the option you can choose to boot and then it tells you things like which modules have you loaded and it then has this line right here linux 16 where it tells you this is where you load the linux kernel then right after you load the linux kernel you load the initial ram disk so it loads that image right there so those two get loaded and then you're good to go so how do i know what it's using well it says a couple of things that are interesting here there's a timeout that says you got five seconds to actually choose which kernel you want to load um and yeah you can also figure out which kernel is being loaded because you've got this uh default value things like that okay so what do we do we just need to go in there and change what the default is right or you can add another line in there so you go to the etc grub dot d directory and in here you can see all these files that are then thrown together to generate your kernel if you look at the readme file let's read me you can see information about these well okay so these are how it does it so you've got these zero zero things for reserve for the header you got this 10 stuff for your native boot entries and then you got this 20 stuff for your third-party app stuff so that they can all jump together and build it up and it builds this when you run a script or program to do that so now let's look at how we can actually generate this you can generate these things and you have to be careful when you get to some of this stuff because if you mess things up too badly it can be bad but there is a grub to rub two command you can see there's a bunch of commands here but grub to make config and that one will generate your configuration files so you'd want to do minus o and tell your files you do like a boot grub 2 and if i want to do a grub dot cfg file i can do that let's do a new so i can compare it so i run that command right here it grabs all that stuff that's good so if i go over to my uh need to see actually my boot grub 2 directory i can see i've got a grub dot cfg n a grub dot cfg.new and video a diff on the two of them grub cfg and wrote cfg.new i can see there are a bunch of differences what are they well things like you know this one different versions of the kernel so let's change the menu options it looks like i basically just got a new kernel and i haven't installed it yet um but that's about it right there it's just slightly newer kernel all right and also it changed the default things for that so you can mess with your grub configuration there you can also do things like set a password there's a grub to make password thing and you can run that and type in some password like aloha one two three hello one two three and it will say your password you just need to copy that piece and install it into your um your grab configuration files if you wanted to add something um but yeah you can you can mess with your boot loader and change it and that's how you can work on installing your new kernel and making things work mess with grub so your atc grub dot d directory and then you can just build your your grub configuration file at boot time anyway that gives you an idea of what grub is so is it important to be able to change your kernel yeah sometimes but it's done automatically whenever you install new kernels it automatically rebuilds everything for you anyway that is it for your kernels and hardware system logs and queues so what are system logs well system logs are basically files some kind of file that stores information about events that happen so when something happens on your system it's usually sent to one of the many log files in the var log directory and then those files record the events and allows you to look back and see what happened in order to lead up to certain situations you're in or figure out what's happening in your system so what kind of information is stored in the system logs you have your regular messages whenever you start and stop services that's starting there you have logs indicate whenever you boot up your system what options and things happen there you have logs indicate things like mail coming in going out you have logs for your web services you have logs for logging in logging out sc linux has a set of logs all of these things are in the logs in the log directory so why do logs take up so much space well logs are written anytime some major event happens and there can be lots of different events that happen and all these events have a line entry or more in the log files if someone tries attacking you you can actually fill up the entire partition that those logs are stored in because you start generating too much data and it's well bad and if the logs completely fill up the system well it depends on where the logs are so some people put their logs their var log directory or their var directory in a separate partition so that if it does fill up all the way the system can continue to function however if it's not in a separate directory then whatever directory their or whatever petition they're in could completely fill up and if that's your main boot may not be your main route your system that means your system might become difficult to use for anything so you got to watch out for that so who reads all these logs well lots of people can read the logs well some of them anyway but there are some files that can be read only by people who have special rights so the root user or administrators who have the ability to cover and those logs usually have more sensitive data the less sensitive data can be visible to all users so why can't normal users read all the logs well imagine if someone were to try logging in and so you saw a login attempt with some username and you notice that username looked very much like a password and then right afterwards after they failed to log in a user logged in and they logged in with the correct password apparently but you see their name so then you might be able to take that password and that name and put them together and figure out what the user and password pair is that might not be something you want normal users to be able to see also other things if you try doing something bad on the system maybe you'll generate a log and you don't want that log entry to well everyone to know what log entries are generated when people are doing bad things because then they can figure out what they can get away with without having logs generated so it can be helpful so let's go take a look at the log file and see what we see so if i jump over here to the var log directory i can see a lot of files and there are well lots of them some of them are big some of them are small but let's just go through some of the main ones so we can see that there is a d message file at the top so my cata d message dmes you can see this is information about how the system started you can see what started what order and that can be useful for a few things also you can see there is this last log last log is well let's take a look at what we can see here last log it looks hard to read so you can actually type in last and then it will tell you who's in logging in and when they've been logging in and information like that there's a binary file so we can look at it using that tool you have messages so let's cut out messages messages is where your default log files are for everything you can see lots of things running through you can scan through it and figure out what's happening if people are having login failures um all that information also you have the lower the secure log that shows your logins attempts as well cat secure you can see all of your pam uh unix things which is basically your login attempts all right then after you see all that you know there's a few other logs in there but there are some directories as well so let's go look at these directories so there is one for audit so if you go into audit this is where your se linux audit logs are you cut out your audit file and you can see all these se linux violations or passes and you can see what succeeded what failed if something failed it will tell you in here what failed and this can be very useful for troubleshooting problems if you're doing some on the web and the website working properly you can look at your web logs assuming you have apache installed and your web logs and you can see those but maybe it wasn't a violation there maybe it was an sc linux violation and then go in here and look and see is there something showing up all right if i install apache for example i will see an httpd directory show up so let's do a yum install httpd just so we can see the directory and now i can see that there is an http directory that just showed up and i can go into this directory and take a look at that nothing here but then you'll see an access login error log whenever there are problems with your web pages all right so those are your log files so what is the var log messages file for well it's your standard default location for your log messages for any log messages if you don't have something specific such as um sc linux has its own audit directory and httpd or apache has its own httpd directory if it isn't one of those type of services or it doesn't have something special it might just write it to the messages log directory messages file can you read it in real time yes you can it's not very exciting if there's something happening but you can read it using the tail command so let's take a look at how that works if i wanted to look at it in real time i can do a tail minus f messages and you can see i press enter a few times that's what happened there's nothing going on so if i were to pull up another terminal over here and let's say oops i pulled up a terminal that didn't do anything but if i were to install something yum install let's do end maps it is there it's probably all right here well i guess not you can see that suddenly it says oh installed and map and you can see that showing up right there in the log if i do a yum update which could probably be a really bad idea from the gui but it's nothing replacing gui if i do that you can see suddenly it's showing up a whole bunch of stuff being updated and you can see those in real time if you're looking at the messages file with the minus f switch in the tail command so tail minus f the file and you can see changes happening to that file all right you press ctrl c to get out of that can the logs be changed yes they can i can go in there and edit the logs if i wanted to i could delete things out of it so if i were some kind of a hacker and i wanted to mess up your system what i probably do is either edit your logs or just delete your logs altogether so i've had hackers hack into my systems before and delete the logs if you notice your log directory is all empty well that's usually indication that something bad happened and some guiding your system the var log secure so var live secure once again i mentioned that one indicates who is logging your system and if they are failing to log in so what information is stored in that directory well it's got attempted logins so let's go ahead and fail a couple of logins so we can see what that looks like so i could do a tail minus f secure see where it starts i'll pull the number terminal right here and now i'm going to fail a few logins so i do uh ssh [Music] yeah sure password nope nope and you can see that it is failing to log in and then you can look at this and say well what happened well you can see it failed the password for root and it says where i logged in from so it's actually saying well i choose ipv6 logged in locally okay from localhost that's fine but if you see it from a different ip address what tends to happen is there are a lot of script kitties out on the internet and they are using these lists of passwords and they'll just there and guess your passwords and well try to use your password and they grab all the common passwords and if one of them goes through then you'll get it hacked into and it'll be over so don't pick a commonly common bad password or bad things can happen so do that all right um can i use the information to identify hackers you know yeah you can you can see that clearly i came in from poland colon one which was my ipv6 localhost can the information done by hazard users who are doing things or can identify users who are doing things they should not do yeah sometimes it depends on what you mean by identify users also um sometimes they are trying to switch over to root when they're not supposed to and that could show up sometimes the other things that happen but what it really tells you is what user is trying to do it or what ip address is trying to do it it doesn't tell you who the person was or where they came from can i use the information to detect system compromise well sometimes sometimes you can't sometimes all you can see is that they were attacking your system and trying to get in but that doesn't mean they got in there can i use the information to identify users who forgot their passwords maybe you can see who's failing login does that mean for the password no does it mean that they're a hacker no it could be either one it could be other things as well it could be their cat jumping on the keyboard we don't know all you know is that someone is failing login and that's all you see there what does it mean to rotate logs there is a program you can saw called log rotate and what that does is it will take all of your log files or many of them and every week or whatever set period time you want it will rotate the logs and what that means is it will take the existing log file and move it to a new file with a number extension and then it will create a new file and what happens by doing that is you can then decide how long you want to keep logs for and if you want to just let logs disappear after a month and then your system might not run out of space and might not crash can the log searching process be automated because i can look at those large right there and there is a tool called log watch which you can install which will go through once a day a little crime daily thing scan through it and figure out if there's anything that looks suspicious and then send you an email to let you know what things can or are bad can logs be stored on a different machine yes they can so your logging utility is usually your syslog syslike program and they're different syslag programs but your syslog program can be configured to send your logs to a different machine which can be useful if you want to save your logs you can also configure your linux machine to receive logs from other systems so you have your cisco routers and switches all send their logs to this machine and get them all consolidated in one safe location then if the router switches get hacked and the logs get messed up well they're already on this machine they're gone so you've got a copy and they're safe cues what is a queue well q is a line right it's a british word for line kind of you just queue up and well that's what a q is so what is it on the computer well a computer is basically a line you have these things that are getting ready to do something so you get ready you can have your mail cues and things of that so then what's a spool well a spool is when you are you think of like a spool of thread or something things are wrapped around it basically just kind of feeding things through something you're spooling it through so spooling your print jobs from your application to your print daemon which then spools it off to your print server or to your printer and it eventually gets printed that's spooling passing things through and cues and spools can kind of be thought of as similar things they're a little different but they are used for the same kind of purposes so what cues are used on a linux system well let's take a look so i clear my screen there jump down to the bar and there is a var spool directory in this var spool directory you can see a couple different things we can see var spool post fix var spool mail var spool cups var spool lpd vars blue cron like lots of different things so postfix is my mail server my mail directory is my well incoming mail lpd and cups are both for print services so that's kind of nice cron and at and anachron are all for timed task management so yeah you kind of get an idea there and let's take a look at the mail directory oops cd mail you can see there is a joseph and an rpc but joseph is empty if i were to have a mail client installed um i can do a mail which should mail joseph and i have a subject say something and say hey there i have a period myself and close it and then if i take it around something i see but just got mail so i just sent him mail and it went into this mail spool thing so if i cut out my joseph file i can see all of the mail that got sent to him so you can see who it's from i mentioned about where it's to subject um the from line and then the contents of the email all showing up right there in this mail thing if i send another email it will show up in the exact same file it just added to the end if joseph logs in he can then read his mail and he'll pull it out of this file and into his home directory so that's that directory all right what about um cups you can see it's temporary stuff here lpd you know it's basically the same thing they're just printing services if i go into postfix though you'll see something more exciting it's got a lot of different directories you've got the incoming you've got the outgoing stuff the bounce directory well if you think about it a mail server is a lot more complex than you might think i guess if you think about it yeah so what happens well you drop your mail into your your uh program this mail program it puts things in here it looks at them it tries to send the mail it receives mail if it can send mail it sends it if it can't send it it might have to sit there and defer it or bounce it or something else it depends on what's going on and so this keeps track of every single piece of mail at what state it is going through this mail system so that can be useful so let's jump back over here so where is incoming mail stored where we just looked it's in the var spool and then you have to decide which one are you looking at what do you mean incoming is it incoming that's already arrived or incoming that's incoming it's incoming be in the postfix directory if it's using postfix uh i'm going to be in postfix as well so var spool postfix but once it has gone through postfix and been processed it'll get put into var spool mail why do i care about mail well lots of different tasks and things on the system will use mail as a way to communicate with the users so whenever you have cron jobs that produce output it creates mail whenever you have log rotate well not rocket road table log watch looking at the logs and finding problems it'll report these log errors or these suspicious behaviors and things you can see to your mailbox so you look at it why is mail stored in cues well it has to do a lot of waiting and moving and so you really need it in queues where are the print jobs stored well they are stored in that spool directory right the var spool cups is our print server right now i don't have the print server configured for any printers but if it were you might see some stuff in there and if i was sending print jobs through you'd probably see that as well so why are print jobs put in a queue well printers don't always have enough space for all the print jobs that they receive all at once and so you send it to a queue and the spool cue slowly feeds it off to the printer as the printer is ready for another job so that can be important make sure that you don't lose jobs otherwise if you send too many jobs and it can't hold them all they get lost so that's why it's important and that's our little quick thing on system logs and queues linux installation so we're going to talk about sent os sent to us is based on the source code of red hat enterprise linux rel the centos distribution is community based and it does get some support from red hat in the form of paid developers red hat pays for red hat developers they also pay for fedora developers and they also pay for centos some of the centos developers so where does it fit in in the distribution families there are a couple of different major sources of well linux distributions you've got the source code based linux distributions that would include things like slackware which one of the oldest you have gen2 and arch and even android is kind of a source code based linux distribution then you have the whole red hat family red hat family includes fedora which is kind of their development suite you have centos which is a version of red hat with a lot of the proprietary stuff and branding removed there is oracle which is basically the same thing as centos except it's uh paid for by the oracle company there red flag which is the linux distribution put out by china and then there's also things like open souci so these are all in the red hat family so they all have they all have a lot of similarities they all have the same red hat package management system so you can identify them that way then there is the debian family the debian family would include the well debian but you also have ubuntu and mint basically you have debian and some people thought well it's kind of complex so let's make it a little better and so then you have ubuntu which based off that then they decide well that's a little bit too complex so they added a little bit more they gave some more proprietary drivers you have mint and then you have other distributions such as cali which is your penetration testing distribution which also is based off of the debian family probably based off of ubuntu most directly all right when you're doing an installation the first thing that you come across is you have the anaconda installer so anaconda is just the name of the installer but red hat based linux distributions such as centos linux use anaconda as the installer so you'll find that a lot of these distributions have an installation wizard that looks the same that's anaconda and the content is an installer written in python it's got some c parts as well but it is responsible for making sure the operating system is correctly applied to the machine put in place you have the bootloaders and everything else in place and it boots up anaconda works great some of the time sometimes it fails it fails well a lot more than the actual linux distribution will fail when it's running so you gotta be careful with that sometimes you have to start over but that's usually okay when you're in anaconda you have to configure networking you need to make sure you configure a hostname for the machine every machine should have its own hostname don't stay with localhost make sure you have a host name you want to make sure the machine has either dhcp or static manual addresses configured you can go in there and configure it up make sure you have a set if you do dhcp you have to make sure that you have a dhv server in the network it's going to be residing in if it is not doing dhcp then you need to make sure you configure all the important parts of static or manual address configuration you need an ip address you need a mask you need to have a gateway and you need to have a dns server also after you configure the networking you want to make sure you activate the interface so that it will come up when you start you want to make sure you configure the date and time well it's not really date and time you configure it's more setting the time zone that's kind of the important thing you want to make sure the time zone is set and it's best to set your time zone after you've already configured networking so it'll automatically decide that you have networking and it will use network time network time provides the ntp protocol or the network time protocol to allow it to synchronize with time servers and get updates automatically normally it saves the time on your machine as utc time basically the greenwich mean time versus the time windows on their hand stores as local time so what's written to the hardware might be different for windows and linux and that can cause problems sometimes if you have a dual boot machine or machine that uses both operating systems software selection you want to make sure you select which software needs to be installed so when you're starting the easiest thing to do is to select the gnome desktop gnome desktop will give you all the essentials get you a gui so you can have this clicking ability the ability to do well easier things however linux was designed mostly to be run without a gui gui has been built afterwards and they're they're nice and they can be very pretty but you don't really want to go if you're running a server so in a production environment you want to start with a minimal install and just add the features you need and not have everything else because there are security issues if you have too much any software you missed during the installation can be added after as long as it's not something like network drivers because you need the network installation destination so anaconda can automatically create petitions for you or you can create them manually yourself so there are two main kinds of partitions you will see you can see the standard partitions you can create those are your normal fixed length partitions with older style device names things like slash dev slash sda1 which you don't need to worry about or you can use the lvm partitions lvm partitions basically creates this giant well linux volume management partition and that partition is kind of a standard position and then within that you create these blocks that you can then use and that's that allows you to be more flexible resizing and adding things and allowing you to span multiple drives much easier when you are configuring your petitions there are lots of different directories you can consider to have as separate partitions normally you want to have a root partition which is the slash you want to have your partition for virtual memory which is your swap and you also want to have a partition for the bootloader the slash boot that also includes things like the kernel and initial ram disk so those three are your general three you have sometimes you add more the var directory contains logs and sometimes you can have problems if your logs fill up and it takes down your entire server so some people put it as a separate partition to prevent that from happening when you are done and you start the installation process you are then given the option to create users the main user for the system is called root so root needs to have a password needs to be nice and secure the root user has all power as far as the users go on the system and can do many many damaging destructive things you can also have additional users and additional users are very good to run on the system because they don't have all power which means that if they make mistakes they don't necessarily cause as much problems these users could also be administrative users so what happens is if you click the check box to make it an administrative user it will add the user to the wheel group so there are groups and the wheel group allows members to run commands as root using the sudo command so you type sudo space name the command it will then usually prompt you for the user's password and then after that they can run the commands as root when you are done with the installation sometimes you see a license agreement portion if you're doing minimal install you don't necessarily see it sometimes you do but you need to be aware that linux comes with the license like any other operating system it comes licensed and most of the stuff most of the packages you get on linux are distributed under a free software open source license free software licenses require all derivative works be distributed with a similar license so if you have access to modify it then this derivative license means that anybody else when you redistribute it has the same rights you received so you have to provide those same rights open source licenses allow you to see and modify the code and that's basically what to do now free software licenses are a special type of open source license slightly more restrictive but it makes for more security of the source code in the long run once you have your system going you should probably update it most linux installation disks are not absolutely new and there are updates that will need to be applied so the first thing you should consider doing is updating your updating system updating software so you can type in yum update yum yum is your updater so you want to update yum first now after that something you need to keep in mind is that there might be updates that include well packages with libraries that are part of your gui and you do not want to update your gui from within site from within your gui so you want to make sure you get out of it you can press the control alt f2 key sequence to drop into a terminal back place where you can type in commands and not be inside the gui you can also press ctrl alt f1 to switch back into the gui on older versions of linux or other versions of linux sometimes it's ctrl alt f6 or ctrl f7 to get into your gui just make sure you try a few you'll figure it out once you are outside your gui you want to update your system so i recommend you don't even log into your until your system is fully updated but just type in yum update and that will update your system and that is it for this lecture network file system or nfs the nfs protocol was developed by sun microsystems which is now oracle in 1984. it was built on the open network computing remote procedure call onc rpc it has some open standards these are rfcs 1094 1813 3010 3530 56 61. so you can look those up and look at the protocol and find information nfs was originally just a signed micro systems thing and then it went to other unix distributions made it to things like linux and mac os x and eventually to windows so it's available all over the place and it's pretty good so in order to get nfs running you need a couple of useful utilities nfs utils is a package you can install which provides nfs you also probably want to have man pages this is in general for everything you want to have man pages for well reading the manned documentation the nfs service needs to be started after the remote procedure call service is running if you don't have it running bad things happen so on a centos 7 machine you want to do a system ctl start rpc bind and start that service you also want to make sure that if you wanted to start automatically at boot time you do a system ctl enable rpc bind and make sure it's there as well nfs should only be started after rpc once you have rpc running you can do a system ctl start nfs server and get the server up and going you can also enable that one as well to make sure it's running at boot time now the nfs server needs to have a list of directories it's exporting these directories are listed in the etc exports file so the basic format is you type in your share name that's the directory location that you want to be exporting and then you want to decide well you list who you are exporting it to if you want to list export to everybody you just put a star there and then inside the permissions you list well information about what permissions you're exporting it as so if it's read only you do ro if it's read write you do rw if you want to do something else you put other permissions in there as well for the exporting so once that's there you can use the export fs command to actually export the directories usually you type in export fs space dash a to export all of your shares that are being shared in that etc exports file you can type in the export fs command by itself to then get a listing of which directories are being exported nfs doesn't really work well if you cannot get through the firewall so you need to make sure you allow it to get through the firewall so you go in there and you use the firewall cmd firewall.cmd command and you give the options you can give it the zone equals public that's actually optional you can it's just default but you want to do an ad dash service equals rpc bind just like it's displayed here so it's dash add dash service equals rpc dash bind that will allow the rbc binding to get through you also want to add the nfs service through now these are both great if you then restart your firewall they will no longer be there so you want to make sure you use the dash dash permanent option if you want them to be written to the firewall configuration file and be there after the firewall is rebooted all right you can then verify they're there you can use the firewall cmd command dash dash list dash services to see which services are there you can always use the firewall cmd space dash dash list all command to list all of your file rules i like the bottom one better because it gives me more of a well a big picture of what's actually going on okay once again um to make services available at boot time you need to make sure the system has a proper symbolic link for you to run run it so each run level has a set of symbolic links in centos 7 they have simplified it in earlier versions with the init before you had the system d you had these well seven red levels zero through six zero being halt six being reboot and one being just your basic system three being your multi-user system five being your gui and they decided to simplify this down to just a couple so you got your your multi-user one and your gui one and what happens is when you use the systemctl command with enable it will create a symbolic link from that run levels directory over to the actual script that starts so you just do a system ctl enable and enable your services the rpc bind and your nfs server when you want to mount nfs shares and i would recommend mounting nfs shares as a test before you put it in anything like your file system table fstab you want to make sure you can mount them manually so after the remote server has the shares exported and the nfs server is running and the firewalls out of the way you can mount the shares so you just type in mount the remote server's name or ip address colon the share or the directory being exported and then the amount point you want to mount it at so the directory name of the location you want to mount it to so if i had let's say a friend who was exporting his music files and i wanted to see the music files assuming this is all legal music files of course he might be exporting it from myfriend.com or example.com and it might be slash music directory and i might want to mount it into my local music directory so i might type in mount space example.com colon slash music space slash local music and then it would mount up and hopefully everything worked perfectly and smoothly all right so in addition to just being able to manually mount things sometimes you want to have it automatically mount on boot time this is especially important for situations where you have a machine that is getting its home directory from a server so you have the server exporting the slash home directory it might be mounting the home directory from the server and you want to then go into the etc fs tab file and mel make sure it's mounting and there is a standard format for all of the mounted partitions you want to give it the device name the mount point the type your options the dump number and the file system check number the device is the server and the colon and the share so if you're going from example.com home then the mount point would then be where it's mounted to so maybe something like slash home the type would be nfs and then you have your options any options for mounting whether or not you want to allow it to mount smoothly or if you wanted to make sure it's got this hard hard mounting whether or not you want it to crash when it goes down usually just defaults and dump and file system check usually just leave zeros anyway you can read all about using the fstab file and the formatting in the man pages which you should have because you have installed the man package when you're troubleshooting you want to verify that your ip address is correct so go take a look at the ip address make sure it's correct make sure the app address you are but the server is correct make sure you are in the same network things like that verify that the services are running you want to make sure your services the server is exporting everything it's running you can use netstat you can use export fs to make sure it's exporting verify the firewalls on the way you can use the firewall cmd space dash list all command to see what's actually being allowed through the firewall you want to make sure that the remote server is up and you can ping things you can use tools like nmap you can install nmap and use that also to verify ports are available when you are scanning the remote server so good luck with your nfs installation samba the server message block smb protocol was originally designed at ibm for use in dos operating systems microsoft started working with it in 1990 and has incorporated in windows since windows 311 which was windows 4 work groups the sama package implements smb and uses it for communication with windows devices the smb protocol has many security concerns the sma gola has received many security updates since windows vista however it is known to be a security risk because of older older implementations and even some newer bugs we can use smb to hack into windows xp and windows server 2003 machines with windows xp all you had to do was have file sharing ports open through the firewall or just have your file turned off which was very common for gaming back in the windows xp days windows server 2003 came right out of the box open for attacks and complete takeover through the s p protocol many major companies including sony have been hacked through the s b protocol there are a lot of useful packages in samba on the samba set there is the samba package which installs samba and dependencies you have the samba client which provides the smb client which allows you to navigate through remote samba share and download and upload files you have sifs utils which allows you to mount samba shares and you can even set it up so the amount automatically in your fstab file the samba service can be started using the system ctl command just use systemctl start smb and it will start the samba server you can also stop restart and check status if you wanted to start at boot time you just use the system ctl enable smb.service to enable it in order to allow other machines outside of your individual server to mount your samba shares you need to open up a hole in the firewall so the easiest way to do that is to add the samba service so you can use the firewall cmd command you can add the zone if you want then dash add dash service equals samba you can verify the service is present in the firewall using multiple commands my favorite being the bottom right there which was areas firewall dash cmd space dash dash list dash all which will list all of the services that are available through the firewall when you want to configure samba the main configuration files are found in the etc samba directory the most important of those configura configuration files is the smb.conf you might be able to find a file like smb.com.example and you might want to copy that over the smb.com file before you start editing and then you can go in and set all kinds of configuration settings because they'll be available and easy to see here is an example of an excerpt of well part of the smb.com file we have a share called software which is being exported that share is based on the slash share slash software directory so whatever files in that slash share software directory are being exported when that directory shows up on a remote machine it will be called windows software packages it is public so you can see it it is writable so it's read write but it is not printable so it's not a printer so that's the information you see right there when you want to share your samba shares you might have issues with se linux and their context se linux is very good for protecting you from very bad mistakes you might make but files shared using samba should have the correct selinux context type of a samba underscore share underscore t in order to be able to be viewable by the samba service to change the context of the file you can use the ch con command which is change context so chcon minus t for the type samba underscore share underscore t and then your file name or directory name and it will change the context type so that the samba service can see the file if you're having trouble with samba it's good to verify the ip addresses are correct you want to verify that services are running you can use netstat to view that you can verify the firewall is not the way using the firewall dash cmd space dash dash list dash all command to see which services are allowed through the firewall you can verify the sc linux context is set correctly you can use this ls minus capital z or ls minus al capital z and that will tell you the context type of all the files in the directory or you can do ls minus capital z of the file to list its context type if it's directory you want to add a d in there so there's all kinds of things you can verify the remote host is up using ping you can verify remote ports are open using nmap from a remote machine and you can also check the logs to see what's happening and that is your overview for samba apache web server the hypertext transfer protocol or http was created by tim berners-lee and his team they proposed the world wide web project in 1989 they had a first working version in 1991 and then the rfc that defined it rfc 1945 was in however by the time many web browsers were already out there and people were using the web there are multiple rfcs including 2616 which is for the http 1.1 protocol the https protocol or the hypertext transfer protocol secure layers the http protocol on top of the ssl and then now tls protocol so ssl 3 is the same thing as tls1 so basically it's just kind of transferring over to the newer ones so you want to make sure you have tls.ssl it was created by netscape communications in 1994 for the netscape browser so netscape navigated browser and used and everyone else started using it it created an industry for signing digital certificates so many companies were able to make money off of this including the ubuntu project was funded by mark shuttleworth who made his money off of this as well security concerns there are some some concerns you should think about um all communication over http is plain text and easily sniffed or wiretapped people can read it they can also inject their own stuff into it some isps are starting to inject ads or javascript into your sessions and break things and that's always nice gotta i gotta know who your isps are web servers and web browsers cannot prevent programmers from making mistakes or malicious users from exploiting these mistakes so you have to keep that in mind the https protocol also has some security concerns there are various ssl and tls protocols with different levels of security so you need to keep that in mind if you get a browser that allows you to have keys of size 0 that's not so good you just need to make sure you know what your browser allows and if you're running a server know what your server is serving certificate authorities are sometimes exploited and used for further exploitation so you need to wear that and then government agencies such as the nsa have promoted protocols with secret vulnerabilities such as random number generators that don't produce random numbers some useful packages include the httpd package which provides the apache web server you have lynx which is a text-based web browser for testing things if you are not running on a on a gui environment sometimes you want to test things from the server and links is pretty good for that also open ssl which allows you to make certificates you can also sign your own certificates you can get the certificate signing request you can then use and send to a third party who will sign them for you so openssl will do that stuff for you mod ssl will allow you to integrate into apache the https functionality and then serve secure web pages the apache web service can be started using system ctl you can use systemctl start httpd you can also stop restart check status and also you have this reload option reload is interesting because what it does is it will send a signal to the server the server is then prompted to re-read its configuration files and the server is actually multiple servers running and when you send this over the main service can re-read the configuration files and respawn new children and then just let the other children well kill them off and then you won't have to worry about it anymore so you can keep your server running while you change configurations which is kind of nice there are some other issues whenever you want to connect to your web server from the outside you need to get through the firewall the firewall is not open by default for the http and https services so you need to open those up you can do that with the firewall cmd command you just need to use the dash add service equals http or https options if you want it to be permanent you can use the dash dash permanent option as well and that will make it so the firewall is open and well permanently open you can use the firewall dash cmd space dash list all command if you want to see which firewall rules are in place and which services are available so you can know if you will be able to get to the firewall the main apache configuration files are found in the slash etc httpd slash conf directory also you have this etc httpd conf d directory which has these other configurations such as user directories and ssl configurations but the most common file you'll work with is the etc httpd conf httpd dot com file this httpd.com file is the main file and there is a directive in that file that loads all the other files in the conf.d directory so in that directory you can well in that file you can configure your apache web server tell it which ports are open you can tell it whether or not it allows certain types of data or other types of pages such as server side and clues and cgi you can turn those things on or off you can also change which directory index files are used when a directory a file is not specified within a directory normally that's index.html but you can have it be index.cgi index.php index.html many different options so you also have a directory setting there where you can change where the directory root is and you can also change your document root your default document root is your var www html directory so you can go there and see your web pages or set your web pages when you are creating web pages there are a couple of sc linux context types you should be aware of the following are some that are used by apache you have this httpd underscore assist underscore content underscore t which is used for regular system wide web pages when you're serving web pages for your web server you can also use cgi scripts and i like cgs scripts a lot and so i think it's very important for me to know the httpd sys script exec t type which you have to set on all of your cgi scripts as well as setting your execute permissions or execute bits if you are not in the normal system directories and you are in user land well user of this user land but in user user home user directories and you've turned that on in your user dir configurations then you can use this httpd user content t or http user script exec t and keep those in mind in addition to those types you also have types for directories whether or not you were allowed to upload files or not upload files and so just keep that in mind troubleshooting so when you are having trouble with your apache web server or web pages it's good to first verify your ip address is correct sometimes it isn't correct sometimes you have dhp you want to make sure it's a static ip address or if you're doing dhp that's fine too but verify the services are running you can use netstat and you can check to make sure they're there and listening verify the the firewall is on the way you can use the firewall dash cmd space dash dash list dash all command in order to verify the firewall is not blocking anything make sure it's open you can use the selinux commands you can use the ls minus al capital z in order to see the context types of files and make sure they are correct sometimes this is really important in a situation where you have sc linux running you have all your permissions set correctly and you think a file should be available but apache just can't see it so se linux also that tends to throw up se linux well errors in the audit log so you can go to var log audit auto dollar i believe to look at the auto logs you can also verify to make sure the remote hose is up and you can ping it you can use map to scan it make sure the ports are open you can also check the apache logs so var log httpd and make sure the access log and error logs don't show anything or if they do show something use that to troubleshoot and you can also check system logs and see if you have trouble starting the apache web server and that is the end for this presentation database servers mariahdb is a database based on an older mysql database it was also created by the same people mirai db is a drop-in replacement for mysql mariah db is a relational database management system so as rdbms and implements the structured query language or sql so here's a little about the history so mariah db well it's kind of a fork um first mysql was created and replaced oracle in many projects especially in open source oracle is not was not very happy with this and it wanted to do something to solve the problem so there was a time when mysql was not financially able to continue on and so that became an issue so oracle was trying to get rid of mysql and it acquired multiple companies that provide libraries to mysql and that was a bit of an issue eventually sun microsystems acquired mysql did the whole white knight thing and saved it from oracle takeover however a little bit later oracle discovered that they could grab mysql java and other things all at once and they bought signed microsystems eventually the developers of mysql decided to fork the mysql code and they formed mariahdb the current vis versions of centos use mariahdb as the database there are a couple of mariah db security concerns first of all the default mariah db installation does not have a root password so you can create users database tables all without setting up a password also this might not be a a major concern security concern but administrators can reset the root password for the databases and get full access if they want to it might actually be a helpful thing if you lose access to your database and you can't get back into it the root user can then help you get back into it there are many useful patches packages there is the mariahdb that is the client programs the mariah db server which is the server and then there is the mysql-python package which provides a way for the python language to communicate with the mysql or more idb servers generally the configurations for mariahdb are just fine and you can leave them alone however if you do want to go in there and make some kind of a change you can go into the etc slash my.cnf.d directory and you can find configuration files in there you can mess with the standard format of the configuration files is a name equals value pairs for example you can type in port equals one two three four five and you can change which port it runs on here are a couple of sample mariah db commands so from the command line you can type in mysql to get into mariahdb you can also do options such as minus u and the user name or minus h and the host name and minus p to prompt for a password and this will get you into the mysql or mirai db databases depending which one you actually have installed so once you're inside you can create databases you just type in create database and the name of the database you want to create and then to actually use that database you use the word use and the database name and it will change your prompt and indicate that you are now inside of that database once you're inside the database you can create tables so here's an example create table people which gives it two columns you have name and age name is a primary key and it is a varchar 250 and age is an integer so with those tables here are a couple of sample sql statements you can insert values into that people table you can update the people table and replace information you can do select statements to pull information out and you can also delete records from the table so these are the four basic commands you have insert update select and delete there are other commands obviously but those are the main four you can also do things like insert into the table and then if there are duplicate keys you can just update instead which is very common for things like logs and so i do that quite a bit so if you're using python and you want to do programming here are a couple of pieces of well a bunch of code examples thrown together onto one page you want to import the mysqldb library and you want to make sure that you pay close attention to case here because the case is important you want to connect to it and then once you connect to the database you want to create a cursor a cursor is where you send your commands so you just send your commands you can execute the sql statements and after you're executing the i for you've executed the statements you can sometimes grab back data if you make changes so inserts and deletes sometimes you want to commit that and that is committed not with the cursor but with the actual connection and then when you want to close you can close the connection itself if you're trying to troubleshoot mirai db you want to make sure your ip address is correct if you are going to a different machine which is not usually the case but you could you want to make sure the service is running if it's not running it's very difficult to connect to the database you want to verify the firewall is not in the way if you are going over something normally people just run it on their local machine and they use apache to actually get out so you're interfacing with the web server and the web server is talking directly to the database and so the firewall is not an issue you want to make sure that any sc linux stuff is not changed if it is changed you go and verify things you want to make sure if you're going to roll remote machine that the host is up and make sure that ports are open if they need to be and if there are any problems and you can't figure it out just take a look at the logs most of these things only matter if you are using a remote machine which is very unlikely anyway this is your mariah db or database overview secure shell the secure shell or ssh protocol was created in 1995 to prevent sniffing of telnet and our login traffic at helsinki university of technology ssh is encrypted and telnet gnarly again were both not encrypted and still aren't encrypted so the ssh protocol uses the diffie-hellman key exchange for key generation that it then uses to symmetrically encrypt data many programs use sh to create tunnels and transfer data securely the ssh package is normal or the packages are normally installed on a centos or other linux system by default however if you want to install them or take a look at them they are the openssh server package which provides the server openssh which provides some of the tools the openssh clients which provides more clients and then another useful package which is not actually ssh but is closely tied to it is rsync rsync allows you to synchronize data on two ends so a client and server can synchronize data over ssh we can do it itself without ssh as well when you're configuring ssh there are a couple of configuration files the main ssh configuration files are in the following two files you have the etc ssh sshd underscore config and the same thing without the d the one with the d is for the server and the regular one the ssh underscore config is for the client individuals can also have additional overrides type information for their clients in their dot ssh directory their home directory so some common configuration changes you would see on the server end is disabling root logins which is very important in situations where you're constantly being attacked by people trying to log in your system if you don't want them to have the option of doing a brute force login you can just disable root logins and then they have to log in as a different user and then switch over somehow using sudo or su you could change the port number sometimes people change it from 22 to something else and then they log in with that number you can disable password authentication which means you have to use keys to get in which makes it more secure this is very common amazon web services does this by default it makes it more secure and less likely to be hacked because once again you can't do the brute force logins and you can also do changes to things like x11 x11 is your gui system you could set it up so you can export your gui or not export your gui the secure cell service so ssh is on linux systems openssh and it can be controlled using the system ctl command you can use system ctl with start stop restart status you can enable or disable if you want to either not start boot time or not start boot time and so system ctl start and then the service name which is sshd and you can use the dot service if you want by default ssh is allowed through the firewall to make changes you can use the firewall cmd command and you can either add the service if it's not there you can remove the service or if you want to you can well additionally you can make the rules permanent with the dash permanent note that if you use the dash permanent option it will not change the active firewall settings it will only change the configuration files so when the firewall is restarted it will have the new settings in place you can verify the services are present in the firewall as well using the firewall-cmd command with the dash dash list-all option to see what's in the firewall when you connect to unknown servers ssh prompts you to accept the public key that it is presented with keys are remembered and stored in a file called known hosts and remote keys will change very rarely it's only when the machine is replaced or new keys are generated or if someone's trying to hack you and there's some kind of a man in the middle attack where they're trying to impersonate the server you can manually add and delete entries this is useful when you trust the changes but not so good when you don't trust them ssh has the ability to use keys to authenticate in order to authenticate using keys the client machine needs to create a public private key pair set the public key needs to be installed in the server and the server has a authorized key file in each user's directory that can be used and then you can just log in directly using the authorized key you can create the key pairs using the sh keygen command and then you can install them either using the ssh copy id command or you can manually copy them over and then put them into the authorized keys file here are a couple example incantations of things you can type in you can have an ssh keygen to generate keys you can tell it what type with the minus t option you can copy the key over the public key over to the server using the ssh copy id command you can manually copy it using scp and once you get it copied over there you need to log into that machine and use the cat command or some other command to get it into the authorized keys file if you want to you can also tunnel here are a couple of exciting titling incantations the tar command can create well archive files and this command basically the first command right there you're creating an archive file and the destination of that file is actually the standard out so that kind of works and then what we're doing is we're piping this into the ssh command which is then on the other end using the cat command and redirecting it standard in into a file so what we're doing is creating a tar archive that is being put into a file on the remote machine and you can look at the rest of these things they are kind of a weird incantations but it gives you an idea of some of the things that ssh can do if you want to troubleshoot ssh you want to make sure you that you can connect to the machine that's usually one of the biggest things you could either have the address wrong or you could have the host name wrong you want to make sure the service is running if it's not running then that can be a problem you want to make sure the firewall is open and you can get through it you want to make sure the remote host is up so you can ping it you can use nmap to scan it to make sure the ssh port is visible and you can also be on the server and look at the logs to see if you're having trouble logging in and this is a brief little overview of ssh mail servers most specifically postfix so the simple mail transfer protocol or smtp was published as rfc 788 in late 1981 by john postal who is considered the god of the internet john postal produced many many different standards lots of different rc's have his name on him especially the early ones he disappeared toward the end because he died but he was one of the founding inspirational members of the creation of the internet so this smtp protocol uses plain text commands to communicate with remote servers listening on tcp port 25. you also have webmail and application client programs that send mail and what happens with those is you have this this front end but you still have a mail server in the back end so this local mail server that handles all the communication with the remote servers it sends and receives them and then use the webmail or application clients to retrieve it from the server and send it to the server there are many different directories involved with these mail servers the etc postfix directory contains all the configuration map configuration information for the postfix server you have the var spool mail directory and that one contains all the email that has been received and processed and put into users files so this there's an mbox style file basically just lists all the email messages one after in one long text file so you can go there and grab the mail messages for each of the users and then there is these var spool postfix directory and that's where postfix stores data it's using as is acting as a server all the incoming mail outgoing mail that stores some different folders there are lots of things in the protocol um such as the ability to retry sending mail when the server is down and things like that so it has to maintain and hold things that are still on their outbound direction also inbound is processing and looking at things the var log mail log file is a log that can be used to troubleshoot email related problems all kinds of things show up in there about the mail server and mail messages coming in and out there are some smtp security concerns first of all plain text messages can be viewed in transit so if you are sending or receiving mail anybody along the way between the source and the destination could look at the mail and read it now that doesn't mean you can't encrypt your message inside of your mail but the header data would still be unencrypted so if you keep that in mind all of the messages are plain text if the message itself is encrypted that doesn't mean the headers are encrypted anyone can send unsolicited messages at a very low cost so spam is very cheap you can send all kinds of mail you can claim to be anybody you want there are a lot of different changes in how mail servers are handling this and so they can look at things and say well you're claiming to be from one server but you're actually sending it from a different server and they can mark you as spam and there are other things you can do to try to filter things out also the protocol allows for things like relays which make it easier to spoof sources so you can send mail messages through a server most mail servers now are configured by default to not allow relaying but relaying is still possible and it can still be turned on the messages themselves can carry malicious files or content you add things all the way way back to the islet view virus that was hitting people's machines and then being processed locally and causing all kinds of problems to more malicious more recent malicious things you can have all kinds of tricky messages you could have messages um telling you about a nigerian prince or selling you things claiming to be somebody they're not and yeah those are bad and rejected messages can be used to perform directory harvesting attacks they can just send email messages to everybody in your system and then decide which messages get bounced and which ones don't and the ones get balanced probably mean there's nobody there the ones that don't get bounced well they probably mean there's somebody that somebody is there so you can use that to find who's on the system and then use that information to then try to log into their account by guessing passwords and things like that so some of the useful packages postfix is the smtp mail server you have other things that are related dovecot which we will not talk about much does provide your pop and imap servers so devcott's a nice thing to look at telnet telnet is a great terminal emulation program that allows you to connect to ports and you can use it to tell it to your local host port 25 if you want to walk through the mail protocol and try to figure out what's going wrong alpine is a great email client um it comes from well it's based off of uh pine which was based off of pico and nano is based off of pico so you get this kind of um thing happening here only alpine is a great text based uh email client and you can use it but you have to first install the epel libraries so if you don't have the epel dash release package you'll need to get that in there and then get alpine postfix is available and running on default centos linux 7 machines but is only listening locally so it's receiving localhost type email messages and some of the services use mail as a way to communicate with the administrator so one example would be the cron process whenever there's a cron job that produces output it will send an email message to the user usually root indicating what the output of the command was so normally you write cron jobs have no output unless there's an error and then they produce output and it gets emailed to the administrator but if you wanted to do more than just listen locally you need to make some configuration changes so in order to configure postx to allow external connections you need to edit the etc postfix main.cf file and allow listening on all interfaces so you can scroll down a little ways through that file until you find a section with four lines the top line would be the inet interfaces equals all which will be commented out you need to uncomment that one and you want to take the one this is inet interfaces equals local and you want to comment that one now when you uncomment it make sure you just remove the hash mark don't remove it leave a space there or something because then it won't work so make sure you do it correctly and then once again you have to restart your service so if you want to restart your service you can use the system ctl command so systemctl startpostfix.service you can do systemctl with a start stop restart status to start stop and restart or get the status of your service you can also make sure it starts on boot time within enable or make it not start on boot time with disable now you don't need to worry about enable and disable because it should be running already by default once again because it comes pre-configured that way in order to receive mail the mail server must be obviously listening but it also needs to be allowed to receive communications to tc port 25 from outside machines so in order to allow inbound tcp 25 you can use the following command just use the firewall cmd space dash dash add dash service equals smtp which allow the smtp protocol to come through well allow port 25 to come through you can then verify the services are present in the firewall as well with the firewall-cmd-list all command and once again if you want to allow your service to be there after a restart of your firewall you'd want to add the dash dash permanent option to the top command so that it gets stored into the firewall configuration files so when it boots up it will automatically add it there one more thing to think about external email service identification so postfix and other email servers follow standard protocols which is nice but it's also kind of confusing sometimes in order to send email the postx server uses the host domain part of the email address to identify the server so if it's a bob at example.com is going to check first for a dns record for the well it namex record for example.com if it does not find it it will check for an a record in the dns service and so it looks for example.com and if it finds an mx record it will use that if it doesn't it will use the a record and if it doesn't find that it will not send the mail so it does not use the etc host file so don't try to make that work it just doesn't work it refuses to do that so you want to make sure you can use your dns service and which means you have to have it configured troubleshooting so if you are having trouble sending mail or receiving mail you want to verify your ip address is correct you want to verify the services are running you have your mail server running and up and going you want to verify the firewall is on the way you want to verify that dns records are there so that it knows which server to uh identify and use you want to make sure the remote host is up and you can ping it to do that you also want to verify that the remote ports are open so you can use nmap to scan the machine make sure port 25 is open you want to make sure you can check logs so you can go in that var log mail log and take a look at that you can also check the mail directory and see if mail is being received so here are a couple things and that is our mail server or postfix metal server overview dynamic host configuration protocol or dhcp so the dhp protocol operates on udp ports 68 and 67. dhcp is based on a series of messages you have a discovery message an offer request and acknowledgements so what happens is a client will come online and they will send out a dhcp discover packet then a dhcp server assuming it sees it will then offer a dhcp offer and they offer an ip address that the client could then potentially use it is then up to the client to collect all the offers it receives decide usually which the first one that comes but which one they're going to accept and then they're going to request that of that dhv server specifically after it has been requested they will i mean the request will be sent out broadcast so that all the other dhcp servers who made offers will see the request and then the acknowledgement comes back letting the client know that the request has been acknowledged and they can then start using that address in addition that they will get a lease so get a certain amount of time they can use this address at the end of which they will have to renew well actually somewhere in the middle they will renew their lease but at the end of which they would lose the address so some security issues with dhcp if you have rogue dhcp servers they can give addresses and that can be a problem it could mean security issues it could mean someone's giving you something incorrect sometimes you'll have someone plug a wireless access point some kind of a home router in your network backwards and it'll start issuing out addresses you can block that on the the switch but you know if it's not blocked they can cause all kinds of havoc um clients can spoof mac addresses to gain additional access so if you want to get access and you know that a specific ipaddress gets it or a certain mac address gets it through the firewall you can spoof addresses this isn't really a dhp problem so much as an issue with mac addresses and security and everything there but you can spoof things and get more access clients can also obtain multiple ip addresses by presenting multiple mac addresses so if you have a client that is trying to create a denial of service type situation they could present a whole bunch of different mac addresses get a whole bunch of different ip addresses and then lock them all up so they're not available to anybody else some of the useful packages the most useful package here is the dhcp package which includes the dhcp server which is dhcpd there are other ones that are there you have a dhp libs and dhcp common which are used basically in order to get dhp and client to run so the directories that are interesting there is the etc dacp directory which contains all of your dhcpd configuration files you can look in there and see what's there you have your network configuration and those are in the etc sysconfig network scripts directory all of them start with the ifcfg and then it's usually eth0 or ens32 or something else so you have to go look and see what what interfaces you have and then you can go configure those if you're running as a dasb server you can see the var lib dhcpd dhcpd.leases file which will contain all the leases you've given out you might note that there are multiple copies of the same lease that's there because sometimes a client will request something more than once it might go down come back up again before the lease is expired and it might get a new renewed lease and that releases file keeps track of all your releases for you and then there is the var log messages file which contains all kinds of information such as all of your your discoveries and offers and all those things can show up in your var log messages file so the configurations for the dh server dhcp server are in the etc dhcp directory the following is example dacpd.com file you can see right there on the top you have a the option domain name you tell it your domain name option domain name servers you tell it what dns servers people are using to get out you tell a default lease time this one has 300 which is 300 seconds a maximum lease time which right here is 1200 seconds so these are very short-term leases so a a default lease of five minutes with a maximum lease of 20 minutes obviously you want to have much much longer times but they're in seconds the subnet right there you can see we have a subnet being configured to give out information so this is the 10.10 subnet and we are handing out addresses in that subnet only to 10.10.0.100 through 10.10.0.150. so there's only you know uh 51 addresses that are being handed out and then we're telling them that their default gateway is 10.10.0.1 so that is your the routers is your default gateway you can also in addition to just giving out a range of addresses you can give out static addresses so the dhcp server can be configured to assign the same ip address to a machine using the mac address this is very common in situations where you have a machine that has to come up with the same address every time because it provides services of some sort the following example to assign a printer so the printer had the mac address of zero zero colon one one colon two two colon three three colon four four colon five five and then you could have it have a fixed address of 10.10.10.10 and that would be the information you give out as you put that inside that subnet section on the previous slide to make sure it gets that information and also to make sure it still gets the router information and dns information the dhv service needs to be started in order to start listening you can use the system ctl command to start the dhv server so you do system ctl start dhcpd.service to start it up and other options you have is stop restart status if you wanted to start boot time you can do enable and then you can disable to make it not start at boot time having the service running won't guarantee you can get anything you still need to make sure you get through the firewall in order to receive requests you need to make sure that the ports are open so you really need to be doing both because it does it sends out and receives on different port numbers but you can use the firewall-cmd-add-service equals dhb command to add the dhb service to your firewall if you want to be permanent once again you make sure you add the dash permit to the end so firewall-cmd space dash dash add dash service equals dhp space dash dash permanent to make it permanent and make it there when you start it you can verify the services are present in the firewall as well with the firewall cmd space dash dash list as all command and that will get it there once you have your server running you can go check your messages and some of that and but if you're having problems and clients aren't getting things you can go troubleshoot the clients first if it's a physical connection you want to make sure that you have the clients there you make sure the clients have nics and and you can use the lspci command on linux to verify to make sure you have a nic driver that can be important you can verify the server address is static so your dhcp server must have a static address otherwise it will not work properly it doesn't work off a dsp so don't try and you want to verify the firewall allows connections so you can look at that verify or look at the logs to see if there's anything in there check the leases to see if it really is giving out leases or you know if they're being handed out if you are setting up a network you can actually have your configuration have multiple different subnet sections and then if you have multiple subnet sections you might be servicing different subnets based on information being forwarded so you want to verify the routers for the request if they need that you want to verify the spam tree is not a problem sometimes fanning tree is configured so that a machine booting up will be assumed to be a switch in which case it will block everything until it is determined that the machine is not a switch and then we'll allow communication through so make sure the span tree is not blocking anything and you want to make sure that the switches are allowing you to answer so your machine needs to be connected to an interface that is allowed to send out your your dhcp offers so you can receive the discoveries but you can't make an offer unless well you can make it over but your offer won't get out unless the interface is allowing you to get out and so you want to make sure that the switches are not blocking you from making offers and that is the end of this section so good luck domain name system or dns the dns protocol converts names to ip addresses and vice versa it also does names names and other things as well but it solves some of the problems of the host file because the host file was getting too big there was at one point a single host file and people would send their submissions to the maintainer of this host file and the maintainer would update the source file and then people would download copies of this host file and it became a regular full-time job basically and so the dns protocol was in was basically invented as a solution to this problem how do you maintain this giant host file so it became a hierarchical database of information it was invented in 1983 and 84 and has been wide used since the mid-1980s the dns protocol operates on both udp and tcp ports 53 udp for your normal inquiries and tcp for your downloads of zone transfers and things like that there are a couple of dns security issues or concerns you need to think about if you send spoofed responses while making a request the dns server might get confused and keep your entries basically the way this happens is you send a request to your dns server your dns server if it doesn't have a cache will have to go to another server to get the information so it sends the request if you know where it's sending the request and you can spoof that source address you can send a reply as if it were coming back from the server that it requested from and if you do it fast enough your reply will get there before the actual reply from the server it's requesting it from and then it will get loaded in the cache of your dns server and cause it to have incorrect data the next concern is that alternative dns routes can redirect all of your traffic so it's a hierarchy and it starts from the root servers which delegate to servers that manage the top-level domains and those delegate to individual servers that manage domain names and things like that if you modify the dns route you can redirect all the traffic somewhere else so some countries have done done this and such as china did this for a little bit might still be doing it other countries have done this where they have created their own root servers and redirect everything in addition to redirecting traffic from the root servers you can also do dns manipulation by isps your isp controls all of your traffic they can manipulate manipulate your traffic so if you send a request out to a dns server and your isp decides to modify the dns query or response they can do that also there is registrar based dns manipulation because the registrars are where the individual domain owners well have their data stored and those could redirect and point different places you can also uh trick the registrars into transferring names over to you and it can be all kinds of a mess so on linux we tend to use the bindi dns server usually you'll hear about it being bindi bind or name d anyway there are a couple of things to think about um all host names end in a trailing dot normally when you see a host name you don't put a trailing dot on it but the dns server knows it has a trailing dot and it puts it there um so you need to be aware of that because bind treats it like it should be there host names and ip addresses in dns are written with the largest grouping on the right and the smallest on the left what does that mean well if you look at a name like example.com com is a much larger grouping and so it's on the right hand side example would be on the left hand side because it's smaller so the larger it is the further to the right but if you think about ip addresses something like 10.11.12.13 and you say well which one is the largest grouping well the 10 is the largest so it's on the left-hand side but that's not where the dns wants to put it it wants to put on the right-hand side so if you were to write out your 10.11.12.13 in a dns type format it would actually be 13.12.11.10 and then it boot it'd have a dot in adder.arpa so keep that in mind also some types of records have a single value and some have more than one value mx records have a priority and a value so an mx record will take a name usually domain name and then it will give you a priority and it will also give you a host name of a machine you can talk to if you want to send your mail in addition that there's things like the soa records and other records that have multiple different pieces in them some of the useful packages installing bind well you have bind and you have bind dash utils bindash utils is really good it provides all those really important tools like ns lookup and dig which are good for well doing dns queries you want those when you are configuring your bind server or name d the main configuration file is in the etc directory etc named.conf so you go in there you modify that file sometimes etc named then named.com but you find the file there you modify that file and that file lists all of the data that you need to know about so where is the data stored well the data is normally stored in the varnamd directory so you have the var name d data which would be all the zones that you control and then you have var name these slaves for all the zones that are acting as secondary or slave zones and those would be zones you get from somebody else now there is a big push for renaming things and so while it is var named slaves right now you'll probably find that words like master and slave will start to disappear because they have a negative connotation so just be aware that the name might change to something like secondary or something else what does the name the dot-com file look like well you have different zones in there there's lots of data in it but you have these little entries for your individual zones so that top one right there is for the domain.ext so you could have a example.com zone and then inside of it you have well information about that zone this one because we own it and we control it we have the type as master and then you list the file where's the file where the file is going to be called domain.ext.zone and where would you find that well you're probably going to find it in the var named maybe data directory but you have to look at the rest of the configuration file to figure out where things are actually stored all right if you look at the ip addresses let's say we were doing something for the 10 dot range we want to do the entire 10 dot range all in one file which is quite a bit actually so you might do zone 10 dot in dash adder dot arpa that would be the zone that you'll be doing and you'd have it be a master because you are controlling it and configuring it and then the file type would be or the file name would be something like your ip address dot zone now the file names don't have to match the the backwards orientation or anything like that so you could just put 10.0.00.zone it doesn't even need to add an end in the word zone but some editors treat different files differently depending on the extension so that's something to keep in mind so you have forward zones and reverse zones a four zone is a zone that uses names as its lookup reverse zone is something that goes from ip addresses back to names so forward zones have multiple different types of records in them so here's an example forward zone with well a bunch of things a bunch of variables and some of that but we can see the very top line or there is a dollar sign then ttl 3h which basically means your time to live for each of your entries is three hours that's the default time but it can be overridden and changed and then you can see the at sign the outside means for the entire zone so at nns dns.domain.edu dot you see that trailing dot that's important so basically what this is is a record for this zone and this zone is defined as whatever is in the named.com file it's saying that the name server for this zone is dns.domain.ext well you're going to need to make sure you have this dns.domain.ext defined somewhere so we're assuming this is the domain.ext file and you can see at the very bottom layer there is a dns in a and then you put the ip address there and the address right there is written in normal ip address format so it'd be 10.11.12.13. no trailing dot in that one so what you have is the word dns in the front that line and then your ip address at the end and if there is nothing after the dns no trailing dot it assumes that you are just giving an address in that that domain and so this is domain.ext it will assume that is dns.domain.ext dot and that would satisfy the name server record at the top with an a record at the bottom inside of each domain you have a start of authority type record in soa and each one of these records has a couple different pieces you can see the domain that it's doing everything for is the domain.ext and then you have this root.domain.ext well what is that that's actually an email address you don't see the at sign in the middle of the email address because the first dot is supposed to be replaced with an at sign when you write the email address so it actually be root domain.ext dot as the email address for the administrator of that record and you can see the serial number the serial number is usually written in a four digit year a two digit month two digit a day and then a serial number so every time you make an edit to the information you'd want the date written there and then you start with 0 0 0 1 0 2 0 3 just count up this would only allow up to 100 edits that day and the serial number is used when you do zone transfers in order to figure out if the zone is already well if it's new or if it's the same zone so if the serial number is the same it will assume there are no changes and will not download the zone so when you have your secondary servers out there they need to make sure that the root server has serial numbers changing the other numbers are refresh retry expire default time to live those kinds of things and those are all written in number of seconds so you can kind of get an idea of how long each one of these is some of the different types of records include your a records your quad a or a a you have your mx records you have your cname records your txt records there's all kinds of records so you can see a couple of different examples here the a records are for um for taking a name and converting it to an ipv4 address your quad a records take a name and convert it to an ipv6 address your mx record is a record that takes a name and converts it into a priority and a name and that is for your mail exchange so if this were for the domain.ext or example.com if you wanted to send an email to that domain you need to figure out where your mail server is and so that mx record right there indicates that you would go to the mail in the domain server so maybe mail.domain.ext and you can see the record right above it is an a record that tells you the ip address of that then you have a couple of cname records cnames are aliases and cdm stands for canonical name so you can see that pop and imap both map to mail and you can see mail maps to an ip address and then you can see under the mail in addition to having an a record mail also has a txt record and the txt record has what is called an spf and this is used to indicate which machines are allowed to send mail for that domain so if you received mail for something and this would probably actually be in the app but if you receive mail for a given domain you'd want to know who is authorized to send mail so you can do a lookup using the spf information in a txt record and figure out which ip addresses are allowed to send mail and this indicates that the 10 dot entire dot network is allowed to send mail but nothing else so all other ones are not allowed you also have reverse zones so the top part reversal looks the same you can see it jumps down to this origin thing so origin to specify individual pieces this is doing the 192.168.0 range and you can see the 192.168.0.0 is that second to the bottom line where it is in zero in ptr for pointer network.domain.ext dot so it's telling you what the name of that well ip address is when you do a reverse lookup and you can see the dot one as well the named service needs to be started in order to start listening you can use the systemctl command to start this the named server you just type in systemctl start named.service you can leave the dot servers off if you want other options you have is the start stop restart status and then if you want to make sure it starts at boot time you can use enable and if you want to remove that you can use the disable to remove that so it won't start at boot time in order to make dns available to really make it available the dns server needs to be able to receive data through the firewall you need both udp and tcp 53 53 is only necessary if you're doing zone transfers but normally dns servers should be able to do zone transfers so you want to indicate who can do zone transfers so you can add the services or the service for the server with the command firewall dash cmd space dash dash add dash service equals dns and that will add in the service so that dns can get through the firewall if you wanted to be permanent you can do that same exact command with the dash dash permanent option and then it will put it into the configuration file so the next time the firewall starts up it will add that rule in there you can verify whether the services are present in the firewall currently with the firewall cmd space dash dash list dash all command and that will indicate whether or not it is in the firewall when you're troubleshooting make sure the dns server is set and you can go look at the etc resolve dot com file and you'll see which dns server you have set which is kind of important you can make sure you want to make sure you can talk to your dns server in normal ways you can use ns lookup you can use ping all kinds of things to make sure you can talk to it make sure the record is download okay you can use nslookup or dig you can do a dns hierarchy trace so if you do a dig plus trace command on something it will start from the root surface and work its way down you can figure out if you are in the dns hierarchy if you're not then it's not likely anybody else will use you you can make sure your firewall is correct you can make sure logs look good if you have any mx records or senior records you want to make sure they point eventually to a valid a or quad a record so c names can point to other c names and m x's can point to c names or they can both point to a or quad a records but eventually if you keep resolving it it should get to a quad a record you want to verify the service is running so you can use netstat make sure it's running and you want to make sure that any selinux contexts are not strange so you can go look in the var name d directory and see if anything looks like it doesn't have name d in it it might not work properly and that is it for dns so good luck simple network management protocol or snmp the snmp protocol is commonly used to gather statistical information from networking devices it can grab all kinds of information such as bandwidth consumption [Music] ports whether on or off names of machines all this information can be gathered together and it's usually used to manage an entire network some variables gathered can also be set using the snmp protocol tools snmp typically operates on udp ports 161 and 162 161 for normal communication and 162 for traps or indications when there is a problem there is a management information base and well this is for information sm provides a lot of information each individual element of information can be addressed with a hierarchical dotted decimal number called an object identifier or oid the object identifier for system name or hostname is one point three point six point one point two point one point five point one five five and this has multiple different pieces in it and the very first one which would be the system name is dot zero so if you have more than one name it might be a dot one and dot two and it kind of increments up to make things easier the mibs provide names for the numbers you could get the same hostname with that number above or you can also use either system.assistname.0 or sysname.0 so those are a little bit simpler easier to read and recognize and remember as well community strings snmp does not want to provide information to just anyone so it requires a password called a community string there are two default community strings for read-only information collecting you can use the default community string public for read write information collecting and setting you can use the default community string private snmp uses the udp protocol and the server ignores messages with the incorrect community string so you do not know if datagrams were dropped or ignored it's kind of confusing makes it difficult you send it out you wait 10 seconds nothing is back you say well it didn't work but that could be because your community string is being ignored and there is no reply many network devices have active snmp support the administrators are not aware of it's very common for printers for example to have snmp's support turned on and running and they might have both the public and the private community strings available so you might be able to do all kinds of fun things with the printer and the administrator wouldn't even know how you're getting in sometimes you have routers or wireless devices or cameras that all have snmp support turned on and running so you need to make sure you turn things off that should not have it running most snmp messages are not secure they send things in plain text they come back in plain text if you want to intercept something you want to see what the community string is just watch the line see what it is so some useful packages net snmp provides the snmp server net smp utils provide some utilities for performing queries and making changes so you can do your snmp get snmp set your snmp walk all kinds of activities and utilities right there when you're trying to configure the server you need to go and edit the etc snmp snmp d dot com file one of the most common changes people make is change the community string you'd want to probably make it not be public so you find the line that says com2sec not config user default public and you can change the string to something else for example aloha123 which is also a superc secure and see your password that no one will ever guess the snmpd service needs to be started in order to start listening you need to use the systemctl command to start the snmpd server so just use systemctl start snmped and you can use the dot service if you want other options include stop restart status enable and disable enable is for making it start at boot time and disable this to make it so it doesn't start at boot time in addition to having the service running you need to make sure you can get through the firewall you can add the service to the firewall with the firewall dash cmd space dash dash add dash service equals snmp and if you want to make it permanent make sure you add the dash dash permanent option to the end of that and it will make it permanent you can verify if the service is in the active firewall using the firewall cmd space dash dash list all command and that will tell you which services are in the firewall if you have it working you might want to verify it's working so you can use the s and the snmp client which is provider of the client utilities provided by net snmp utils and i recommend using the snmp get and the snmp walk commands to test your server the following two lines assume your community string is aloha one two three and you are just connecting to your local host although you can put the ip address of the server you're connecting to if you have the firewall open when you do the snmp get and the snmp walk commands you want to make sure you pass the snmp version you can use 2c or 1 and you want to make sure you pass the community string with the minus c option there in the top one you are getting the system name or the host name so assist name dot 0 and the snmp walk you're going to walk the entire system set of information so sysname would be one of those items in the system set and they'll just list a whole bunch of them walk through it until it runs out of responding oid values for troubleshooting you want to make sure your dns server is set correctly sometimes when you're trying to look things up by name it can be a problem you want to make sure you can talk to the snmp server you can ping it you can poor scan it make sure it's up make sure the firewall is correct you can check your logs you want to make sure the community string is correct if you change it you want to make sure you change your commands you're using to talk to it you want to make sure you have the correct object name and if you're having trouble talking to it try something you know will work so assist name dot zero it's a good one to try you also want to make sure the service is running so you can use the net netstat minus tuneup command to get a list of what services are there and that is the end of this chapter