Cheatsheet: Difference between revisions
Content added Content deleted
(→Flows) |
(→Linux) |
||
Line 858: | Line 858: | ||
/var – Variable Files |
/var – Variable Files |
||
== ProcFS == |
|||
*Procfs or /proc is a special FS under Linux used to present process information and kernel processes. |
|||
*Much of the information for kernel level of 2.6 & above have been moved to "sysfs" generally mounted under /sys. |
|||
*/proc is stored in memory. |
|||
*On multi-core CPUs, /proc/cpuinfo contains the fields for "siblings" and "cpu cores": |
|||
"siblings" = (HT per CPU package) * (# of cores per CPU package) |
|||
"cpu cores" = (# of cores per CPU package) |
|||
*A CPU package means physical CPU which can have multiple cores (single core for one, dual core for two, quad core for four). |
|||
*This allows a distinction between hyper-threading and dual-core, i.e. the number of hyper-threads per CPU package can be calculated by siblings / CPU cores. |
|||
*If both values for a CPU package are the same, then hyper-threading is not supported. |
|||
*For instance, a CPU package with siblings=2 and "cpu cores"=2 is a dual-core CPU but does not support hyper-threading. |
|||
/proc/cmdline – Kernel command line information. |
|||
/proc/consoles – Information about current consoles including tty. |
|||
/proc/crypto – list of available cryptographic modules |
|||
/proc/devices – Device drivers currently configured for the running kernel. |
|||
/proc/diskstats – |
|||
/proc/dma – Info about current DMA channels. |
|||
/proc/fb – Framebuffer devices. |
|||
/proc/filesystems – Current filesystems supported by the kernel. |
|||
/proc/iomem – Current system memory map for devices. |
|||
/proc/ioports – Registered port regions for input output communication with device. |
|||
/proc/kmsg – holding messages output by the kernel |
|||
/proc/loadavg – System load average. |
|||
/proc/locks – Files currently locked by kernel. |
|||
/proc/meminfo – Summary of how the kernel is managing its memory. |
|||
/proc/misc – Miscellaneous drivers registered for miscellaneous major device. |
|||
/proc/modules – Currently loaded kernel modules. |
|||
/proc/mounts – List of all mounts in use by system. |
|||
/proc/partitions – Detailed info about partitions available to the system. |
|||
/proc/pci – Information about every PCI device. |
|||
/proc/scsi – Information about any devices connected via a SCSI or RAID controller |
|||
/proc/stat – Record or various statistics kept from last reboot. |
|||
/proc/swap – Information about swap space. |
|||
/proc/tty – Information about the current terminals |
|||
/proc/uptime – Uptime information (in seconds). |
|||
/proc/version – Kernel version, gcc version, and Linux distribution installed. |
|||
/proc/PID/cmdline – Command line arguments. |
|||
/proc/PID/cpu – Current and last cpu in which it was executed. |
|||
/proc/PID/cwd – Link to the current working directory. |
|||
/proc/PID/environ – Values of environment variables. |
|||
/proc/PID/exe – Link to the executable of this process. |
|||
/proc/PID/fd – Directory, which contains all file descriptors. |
|||
/proc/PID/maps – Memory maps to executables and library files. |
|||
/proc/PID/mem – Memory held by this process. |
|||
/proc/PID/root – Link to the root directory of this process. |
|||
/proc/PID/stat – Process status. |
|||
/proc/PID/statm – Process memory status information. |
|||
/proc/PID/status – Process status in human readable form (eg: GID, UID, etc) |
|||
/proc/PID/limits – Contains information about the limits of the process |
|||
Usage: |
|||
ls -l /proc/$(pgrep -n python)/exe |
|||
== Inode Number == |
|||
Source: [https://linoxide.com/linux-command/linux-inode/ linoxide.com] |
|||
* Inode is entry in inode table containing metadata about a regular file and directory. |
|||
* An inode is a data structure on a traditional Unix-style file system such as ext3 or ext4. |
|||
* Stores all the information about a file except its name and its actual data. |
|||
* Linux extended filesystems such as ext2 or ext3 maintain an array of these inodes: the inode table. |
|||
* This table contains list of all files in that filesystem. |
|||
* The individual inodes in inode table have a unique number (unique to that filesystem) - the inode number. |
|||
* There are some data about files, such as their size, ownership, permissions, timestamp etc. |
|||
* This meta-data about a file is managed with a data structure known as an inode (index node). |
|||
* There is no entry for file name in the Inode, file name is kept as a separate entry parallel to Inode number. |
|||
* This is for maintaining hard-links to files. |
|||
* Copy file: cp allocates a free inode number and placing a new entry in inode table. |
|||
* Move or Rename a file: if destination is same filesystem as the source, Has no impact on inode number, it only changes the time stamps in inode table. |
|||
* Delete a file: Deleting a file in Linux decrements the link count and freeing the inode number to be reused. |
|||
* A Directory cannot hold two files with same name because it cannot map one name with two different inode numbers. |
|||
* The inode number of / directory is fixed, and is always 2. |
|||
* There exists an algorithm which is used to create number of Inodes in a file system. |
|||
* This algorithm takes into consideration the size of the file system and average file size. |
|||
* The user can tweak the number of Inodes while creating the file system. |
|||
*Inode number (or index number) consists following attributes: |
|||
File type: Regular file, directory, pipe etc. |
|||
Permissions: Read, write, execute |
|||
Link count: The number of hard link relative to an inode |
|||
User ID: Owner of file |
|||
Group ID: Group owner |
|||
Size of file: or major/minor number in case of some special files |
|||
Time stamp: Access time, modification time and (inode) change time |
|||
Attributes: Immutable' for example |
|||
Access control list: Permissions for special users/groups |
|||
Link to location of file |
|||
Other metadata about the file |
|||
*Check info: |
|||
df -i ==> Inodes on Filesystem |
|||
df -i /dev/vda1 ==> Inodes on Filesystem |
|||
ls -il myfile.txt ==> Show inode no of file |
|||
find /home/rahul -inum 1150561 ==> Find file using inode no |
|||
stat unetbootin.bin ==> Show all details of file |
|||
stat --format=%i unetbootin.bin ==> Shows only inode no |
|||
* Manipulate the filesystem meta data |
|||
List the contents of the filesystem superblock |
|||
tune2fs -l /dev/sda6 | grep inode |
|||
Make sure files on the file system are not being accessed: |
|||
mount -o remount /yourfilesystem |
|||
debugfs /dev/sda1 ==> Manipulate FS here |
|||
You can use debugfs to undelete a file by using its inode and indicating a file |
|||
* Free Inodes on Filesystem |
|||
In the case of inodes are full, You need to remove unused files from the filesystem to make Inode free. |
|||
There is no option to increase/decrease inodes on disk. |
|||
Its only created during the creation of filesystem on any disk. |
|||
== Sort links vs Hard link == |
|||
;Links and index number in Linux |
|||
* In the output of ls -l, the column following the permissions and before owner is the link count. |
|||
drwxr-xr-x '''6''' aman aman 4096 Mar 30 11:50 Documents |
|||
drwxr-xr-x '''3''' aman aman 4096 Sep 15 19:11 Downloads |
|||
^ |
|||
* Link count is the number of Hard Links to a file. |
|||
* A link is a pointer to another file. |
|||
* There are two types of links: |
|||
<br /> |
|||
;Symbolic links (or Soft Links) |
|||
* A separate file whose contents point to the linked-to file. |
|||
* When creating a Sym link, first refer to the name of the original file and then to the name of the link: |
|||
ln -s /home/bob/sync.sh filesync |
|||
* Editing Sym link is like directly edit the original file. |
|||
* If we delete or move the original file, the link will be broken and our filesync file will not be longer available. |
|||
* The ls -l command shows that the resulting file is a symbolic link: |
|||
ls -l filesync |
|||
lrwxrwxrwx 1 root root 20 Apr 7 06:08 filesync -> /home/bobbin/sync.sh |
|||
* The contents of a symbolic link are the name of target file only. |
|||
* The permissions on the symbolic link are completely open. |
|||
* This is because the permissions are not managed |
|||
* The original file is just a name that is connected directly to the inode, and the symbolic link refers to the name. |
|||
* The size of the symbolic link is the number of bytes in the name of the file it refers to, because no other information is available in the symbolic link. |
|||
<br /> |
|||
*Find Sym Links |
|||
find . -type l -ls |
|||
ls -la | grep "\->" |
|||
;Hard links |
|||
* The identity of a file is its inode number, not its name. |
|||
* A hard link is a name that references an inode. |
|||
* It means that if file1 has a hard link named file2, then both of these files refer to same inode. |
|||
* So, when you create a hard link for a file, all you really do is add a new name to an inode. |
|||
*there is no difference between the original file and the link: they are just two names connected to the same inode. |
|||
* Create a Hard link: |
|||
ln /home/bob/sync.sh synchro |
|||
*Compare: |
|||
ls -il /home/bob/sync.sh synchro |
|||
517333 -rw-r----- 2 root root 5 Apr 7 06:09 /home/bob/sync.sh |
|||
517333 -rw-r----- 2 root root 5 Apr 7 06:09 synchro |
|||
*The directories cannot be hard linked as Linux does not permit this to maintain the acyclic tree structure of directories. |
|||
*A hard link cannot be created across filesystems. Both the files must be on the same filesystems, because different filesystems have different independent inode tables (two files on different filesystems, but with same inode number will be different). |
|||
*How to find hard link in Linux |
|||
# find / -inum 517333 |
|||
/home/bob/sync.sh |
|||
/root/synchro |
|||
;Remove files |
|||
* When rm command is issued, first it checks the link count of the file. |
|||
* If the link count is greater than 1, then it removes that directory entry and decreases the link count. |
|||
* Still, data is present, nor is the inode affected. |
|||
* And when link count is 1, the inode is deleted from the inode table, inode number becomes free, and the data blocks that this file was occupying are added to the free data block list. |
|||
== Hosts file == |
|||
* All operating systems with network support have a hosts file in order to translate hostnames to IP addresses. |
|||
* The file /etc/hosts started in the old days of DARPA as the resolution file for all the hosts connected to the internet (before DNS existed). |
|||
* It has the maximum priority ahead of any other name system |
|||
* Order of name resolution is actually defined in /etc/nsswitch.conf, which usually has this entry: |
|||
hosts: files dns |
|||
* This means "try files (/etc/hosts); and if it fails, try DNS." |
|||
* i.e. If the host name is not found there, then consult the remote DNS name servers identified by the /etc/resolv.conf file. |
|||
* This order could be changed or expanded. |
|||
* As a single file, it doesn't scale well: the size of the file becomes too big very soon. |
|||
* That is why the DNS system was developed, a hierarchical distributed name system. |
|||
* It allows any host to find the numerical address of some other host efficiently. |
|||
* On Linux and Mac OS it is located here: /etc/hosts |
|||
* On Windows it is under: Windows\System32\drivers\etc\ |
|||
* The hosts file contains lines of text consisting of an IP address field followed by One or More Host names. |
|||
* Each field is separated by white space – tabs or spaces. |
|||
* Comment lines are indicated by an octothorpe (#) in the first position. |
|||
* Entirely blank lines in the file are ignored. |
|||
* One name may resolve to several addresses (192.168.0.8 10.0.0.27). |
|||
* However which one is used depends on the routes (and their priorities) set for the computer. |
|||
* By editing the hosts files, you can achieve: |
|||
Block a website |
|||
Handle an attack or resolve a prank |
|||
Create an alias for locations on your local server |
|||
Override addresses that your DNS server provides |
|||
Control access to network traffic |
|||
* IP-to-hostname conversion usually display only the first name found: |
|||
192.168.10.12 server.example.com myftp.example.com myhost myftp |
|||
$ ping myftp |
|||
PING myhost.example.com (192.168.10.12) 56(84) bytes of data. |
|||
64 bytes from myhost.example.com (192.168.10.12): icmp_seq=1 ttl=64 time=0.023 ms |
|||
64 bytes from myhost.example.com (192.168.10.12): icmp_seq=2 ttl=64 time=0.028 ms |
|||
Note that we pinged myftp but results come from host myhost. This is a reliable hint that you are addressing an alias, not the actual host. |
|||
== Adding Vlan in Linux == |
|||
== File permission == |
|||
;Linux File Permission Basics |
|||
* The first character represents the type of file. |
|||
* The remaining nine bits in groups of three represent the permissions for the user, group, and global respectively. |
|||
File Type User Group Global |
|||
d Directory rwx r-x r-x |
|||
- Regular file rw- r-- r-- |
|||
l Symbolic Link rwx rwx rwx |
|||
* Permissions Meaning |
|||
Permission On a file On a directory |
|||
r (read) read file content (cat) read directory content (ls) |
|||
w (write) change file content (vi) create file in directory (touch) |
|||
x (execute) execute the file enter the directory (cd) |
|||
* Targeted Users: |
|||
Who (Letter) Meaning |
|||
u user |
|||
g group |
|||
o others |
|||
a all |
|||
*Permissions Table: |
|||
Binary Octal Permission |
|||
000 0 — |
|||
001 1 –x |
|||
010 2 -w- |
|||
011 3 -wx |
|||
100 4 r– |
|||
101 5 r-x |
|||
110 6 rw- |
|||
111 7 rwx |
|||
;chmod Command Syntax and Options |
|||
chmod [who][+,-,=][permissions] filename |
|||
*Example: |
|||
chmod g+w ~/group-project.txt |
|||
* The + operator grants permissions whereas the - operator takes away permissions. |
|||
* Copying permissions is also possible: |
|||
chmod g=u ~/group-project.txt |
|||
* The parameter g=u means grant group permissions to be same as the user’s. |
|||
* Multiple permissions can be specified by separating them with a comma, as in the following example: |
|||
chmod g+w,o-rw,a+x ~/group-project-files/ |
|||
* Owner of the file is referred to as the user (e.g. u+x). |
|||
* The -R option applies the modification to the permissions recursively to the directory specified: |
|||
chmod -R +w,g=rw,o-rw, ~/group-project-files/ |
|||
* Restrict File Access: Remove all Group and World PermissionsPermalink |
|||
chmod 600 .msmtprc |
|||
chmod g-rwx,o-rwx .fetchmail |
|||
;Octal Notation for File Permissions: |
|||
* The permissions to be set for file: |
|||
chmod u=rwx,g=rx,o= group-project.txt |
|||
chmod 750 group-project.txt |
|||
* Disregarding the first bit, each bit that is occupied with a - can be replaced with a 0 while r, w, or x is represented by a 1: |
|||
111 101 000 |
|||
- rwx r-x --- |
|||
* This is called octal notation because the binary numbers are converted to base-8 by using the digits 0 to 7 |
|||
* Typical default permission: 744 |
|||
Allows R,W,X permissions for the owner |
|||
R permissions for the group and “world” users |
|||
* Other default permissions are 600 or 644 |
|||
* For executable files, the equivalent settings would be 700 and 755 |
|||
;umask |
|||
* Known as User Mask or User File creation MASK. |
|||
* While creating a file or directory, by default a set of permissions are applied. |
|||
* These default permissions are viewed by umask command. |
|||
* For safety reasons all Unix systems doesn't provide execution permission to newly created files. |
|||
* The 'mkdir -m' command can be used to set the mode. |
|||
mkdir -m 777 dir1 |
|||
mkdir -m 000 dir2 |
|||
* Preserves the permissions and time stamps from source file: |
|||
cp -p list dupli.txt |
|||
== Commands == |
|||
=== CPU === |
|||
; CPU Info |
|||
lscpu |
|||
lshw -C CPU |
|||
hardinfo ==> sudo apt install hardinfo |
|||
nproc |
|||
sudo dmidecode -t 4 |
|||
cpuid |
|||
cat /proc/cpuinfo |
|||
cat /proc/cpuinfo | grep processor | wc -l |
|||
* The number of processors shown by /proc/cpuinfo might not be the actual number of cores on the processor. |
|||
* For example a processor with 2 cores and hyperthreading would be reported as a processor with 4 cores. |
|||
* If there are 4 different core ids, this indicates that there are 4 actual cores. |
|||
# cat /proc/cpuinfo | grep 'core id' |
|||
core id : 0 |
|||
core id : 2 |
|||
core id : 1 |
|||
core id : 3 |
|||
; CPU Usage |
|||
top -o %CPU |
|||
htop |
|||
vmstat |
|||
sar 1 3 ==> yum install sysstat |
|||
iostat ==> yum install sysstat |
|||
; Top Command |
|||
<pre> |
|||
top - 01:07:37 up 2:40, 1 user, load average: 0.37, 0.37, 0.39 |
|||
Tasks: 286 total, 1 running, 285 sleeping, 0 stopped, 0 zombie |
|||
%Cpu(s): 4.7 us, 1.6 sy, 0.0 ni, 93.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st |
|||
MiB Mem : 15935.7 total, 9403.3 free, 3045.2 used, 3487.1 buff/cache |
|||
MiB Swap: 4100.0 total, 4100.0 free, 0.0 used. 11720.3 avail Mem |
|||
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
|||
6865 aman 20 0 982620 85280 53716 S 6.2 0.5 2:52.77 Xorg |
|||
10082 aman 20 0 3537624 285448 118848 S 6.2 1.7 5:45.24 gnome-shell |
|||
</pre> |
|||
CPU Section |
|||
us user cpu time % CPU time spent in user space |
|||
sy system cpu time % CPU time spent in kernel space |
|||
ni user nice cpu time % CPU time spent on low priority processes |
|||
id idle cpu time % CPU time spent idle |
|||
wa io wait cpu time % CPU time spent in wait (on disk) |
|||
hi hardware irq % CPU time spent servicing/handling hardware interrupts |
|||
si software irq % CPU time spent servicing/handling software interrupts |
|||
st steal time % CPU time stolen from a virtual machine |
|||
Main Section: |
|||
%MEM directly related to RES, percentage use of total physical memory by the process. |
|||
VIRT total memory that this process has access to shared memory, mapped pages, swapped out pages, etc. |
|||
RES total physical memory used shared or private that the process has access to. |
|||
SHR total physical shared memory that the process has access to. |
|||
RES is most close to the memory used by the process in memory, excluding what’s swapped out. |
|||
This includes the SHR (shared physical memory) which mean it could have been used by some other process as well. |
|||
;Obtain the PID: |
|||
pgrep -n python |
|||
pidof chrome - return all PIDs |
|||
pidof -s chrome - return only 1 PID |
|||
ps -C chrome -o pid= - C = CMD |
|||
=== Memory === |
|||
;Info |
|||
dmidecode -t 17 |
|||
;Usage |
|||
cat /proc/meminfo ==> egrep --color 'Mem|Cache|Swap' /proc/meminfo |
|||
top -o %MEM |
|||
free -m |
|||
total used free shared buff/cache available |
|||
Mem: 15935 3046 9470 767 3418 11787 |
|||
Swap: 4099 0 4099 |
|||
vmstat |
|||
vmstat -s ==> More detailed |
|||
htop |
|||
;Per Process usage check |
|||
ps -o pid,user,%mem,command ax | sort -b -k3 -r |
|||
sudo pmap 917 ==> Libraries, other files, etc usage of memory |
|||
sudo pmap 917 | tail -n 1 ==> Total used by this process |
|||
=== HDD === |
|||
du -h ==> space by dir including all subdir in dir tree |
|||
du -sh /etc/ ==> total disk space used by dir and suppress subdir |
|||
du -ah /etc/ ==> see all files, not just directories: |
|||
df -h |
|||
Filesystem Type Size Used Avail Use% Mounted on |
|||
/dev/sda4 ext4 77G 51G 22G 71% / |
|||
df -T -h ==> List Filesystem type as well |
|||
df -t ext4 ==> Only see ext4 file system |
|||
df -a ==> List all filesystems that have a size of zero blocks as well |
|||
df -i ==> Display File System Inodes |
|||
lsblk ==> Lists out all the storage blocks, which includes disk partitions and optical drives |
|||
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT |
|||
sda 8:0 0 1.8T 0 disk |
|||
├─sda1 8:1 0 500M 0 part /boot/efi |
|||
├─sda2 8:2 0 128M 0 part |
|||
sudo fdisk -l ==> Partition & FS Type details |
|||
parted ==> List out partitions and modify them |
|||
=== IP === |
|||
*Show info |
|||
ip addr show (ip a) |
|||
ifconfig |
|||
hostname -I |
|||
ip route get 8.8.8.8 | head -1 | awk '{print $7}' |
|||
ip route get 8.8.8.8 | head -1 | cut -d' ' -f7 |
|||
*Assign IP CentOS: |
|||
nano /etc/sysconfig/network-scripts/ifcfg-eth0 |
|||
DEVICE=eth0 |
|||
BOOTPROTO=static |
|||
IPADDR=192.168.1.2 |
|||
NETMASK=255.255.255.0 |
|||
ONBOOT=yes |
|||
*Ubuntu |
|||
sudo nano /etc/network/interfaces |
|||
auto ens31 |
|||
iface ens31 inet dhcp |
|||
auto ens33 |
|||
iface ens33 inet static |
|||
address 192.168.0.2 |
|||
netmask 255.255.255.0 |
|||
network 192.168.0.0 |
|||
broadcst 192.168.0.255 |
|||
gateway 192.168.0.1 |
|||
dns-nameservers 192.168.0.3 |
|||
*Other methods: |
|||
ifconfig eth0 10.10.10.45 netmask 255.255.255.0 up |
|||
ip addr add 10.20.30.176/24 dev eth0 |
|||
*IP Alias: |
|||
ifconfig eth0:100 192.168.66.1 |
|||
*VLAN: |
|||
vconfig add eth0 700 |
|||
ifconfig eth0.700 192.168.66.1 |
|||
*VLAN & Alias: |
|||
auto eth0.10 |
|||
iface eth0.10 inet static |
|||
address 192.168.1.61 |
|||
netmask 255.255.255.0 |
|||
gateway 192.168.1.11 |
|||
auto eth0.10:1 |
|||
iface eth0.10:1 inet static |
|||
address 10.20.100.100 |
|||
netmask 255.255.255.0 |
|||
auto eth0.10:2 |
|||
iface eth0.10:2 inet static |
|||
address 10.20.100.200 |
|||
netmask 255.255.255.0 |
|||
==== Route ==== |
|||
netstat -nr (n => Numerical not hostname) |
|||
ip route |
|||
route |
|||
route -n |
|||
U route is up |
|||
H target is a host |
|||
G use gateway |
|||
R reinstate route for dynamic routing |
|||
D dynamically installed by daemon or redirect |
|||
M modified from routing daemon or redirect |
|||
A installed by addrconf |
|||
C cache entry |
|||
! reject route |
|||
=== DNS === |
|||
==== Config Info ==== |
|||
cat /etc/resolv.conf |
|||
nmcli dev show | grep DNS |
|||
systemd-resolve --status |
|||
resolvectl status | grep -1 'DNS Server' |
|||
==== Resolution ==== |
|||
===== Host Command ===== |
|||
host google.com |
|||
host -t a google.com |
|||
host -t mx google.com |
|||
host -t soa google.com |
|||
host -t cname files.google.com |
|||
host -t txt google.com |
|||
host google.com ns2.google.com ==> Query a particular host |
|||
host -t any google.com |
|||
===== DIG Command ===== |
|||
dig google.com a |
|||
dig google.com mx |
|||
dig google.com ns |
|||
dig google.com txt |
|||
dig @ns1.google.com a |
|||
dig @4.2.2.2 google.com soa ==> SOA record |
|||
dig +nssearch google.com ==> SOA record |
|||
dig +short google.com ==> only IP address |
|||
dig +noall +answer google.com ==> Just answer line |
|||
dig +noall +answer google.com any ==> Just answers for all records |
|||
===== NSLOOKUP ===== |
|||
nslookup yahoo.com ==> Find A Record |
|||
nslookup 209.191.122.70 ==> Reverse Domain Lookup |
|||
nslookup -query=mx www.yahoo.com ==> Query MX (Mail Exchange) record |
|||
nslookup -query=ns www.yahoo.com ==> NS(Name Server) record |
|||
nslookup -query=any yahoo.com ==> query all Available DNS records |
|||
nslookup -debug yahoo.com ==> verbose information like TTL, etc |
|||
=== TCP Parameters === |
|||
;MSL |
|||
cat /proc/sys/net/ipv4/tcp_fin_timeout |
|||
To change it: |
|||
echo 5 > /proc/sys/net/ipv4/tcp_fin_timeout |
|||
;WSF |
|||
cat /proc/sys/net/ipv4/tcp_window_scaling |
|||
=== CURL === |
=== CURL === |