AAtsushi's Blog
Infrastructure

Linux Study Notes

→ 日本語版を読む

Overview

Since I'm working with Linux, I'm jotting down notes from re-studying it after a long break.

  • Overview
  • ssh
  • Virtual Machines
  • Containers
  • Boot Process
  • systemd
    • Targets
      • Main Targets
      • Where Targets Live
      • Managing Targets
    • systemctl
  • Processes
    • Process-related Commands
  • Jobs
  • GUI Environment
    • X Window System
    • Representative Window Managers
    • Integrated Desktop Environments
    • Representative Integrated Desktop Environments
    • Display Manager
    • Starting X Window System
    • X Server and X Client
  • File Owner and Owning Group
  • Access Permissions
    • chmod
    • umask
  • SUID
  • SGID
  • Sticky Bit
  • SUID/SGID/Sticky Bit
  • File Management
  • Archives
  • Hard Links and Symbolic Links
    • inode (index node)
    • Hard Links
    • Symbolic Links
      • Copying Symbolic Links
      • Behavior When the Symbolic Link Source File Is Deleted
  • Regular Expressions
  • File Search
  • Directory Structure
    • Basic Directories
      • How to Use /bin, /usr/bin, and /usr/local/bin Directories
  • Shell Types
    • Basic Shell Operations
  • Packages
    • Package Problems
    • Package Management Systems
    • apt
      • apt-get command
        • apt-get Repositories
      • apt-cache command
      • apt-file command
    • dpkg
    • yum
    • rpm
  • Device Management
    • udev
  • Hard Disk Partitions
    • Partition Types
    • LVM
    • Device Files
  • Partition Operations
    • Partition Table
  • File Systems
    • Btrfs
    • Mounting File Systems
  • Network Configuration
    • Configuration Files
    • nmcli command
    • ip command
    • ifconfig command
    • ifup/ifdown commands
  • Security
    • Removing Unnecessary SUID/SGID
    • Closing Unnecessary Ports
    • Stopping Unnecessary Services
    • Access Control with TCP Wrappers
    • firewalld Service
    • Checking Login History

ssh

https://www.codelab.jp/blog/?p=3569

sudo apt install openssh-server
$ systemctl status ssh
Unit ssh.service could not be found.
$ sudo apt install openssh-server
$ sudo systemctl enable ssh
$ sudo ssh-keygen
$ ssh-copy-id bluen@localhost
$ ls .ssh/authorized_keys
$ sudo systemctl start ssh

Virtual Machines

https://note.com/vgnsz90ps/n/na8964293bf75

$ sudo apt install libvirt-clients
sudo apt install libvirt-clients qemu-utils qemu-kvm
sudo apt install libvirt-daemon
sudo apt install libvirt-daemon-system

Containers

  • cgroups: manages hardware resources used by containers
  • namespace
  • docker

Boot Process

The boot process = the sequence of steps until Linux starts up

  • BIOS (UEFI) starts
    • Checks and initializes hardware
    • Executes the bootloader written to the boot device, which loads the kernel into memory
  • Linux starts
    • The kernel starts, initializes memory, sets the system clock
    • Mounts a temporary root file system
    • Executes the systemd process
    • systemd (init) sequentially starts what is needed for boot
    • Displays the login prompt

systemd

  • Manages processing in units called units (configuration files)
    • Units have different types
      • ~.target
      • ~.service
      • ~.mount
      • ~.device
      • ~.swap
  • init is old, systemd is new
  • init used SysVinit to handle boot processing. SysVinit had boot processing written in shell scripts, making changes difficult

Targets

A collection of multiple units

Main Targets

  • runlevel3.target
    • Mode where most processes run (specified when operating a web server)
  • multi-user.target
    • Performs CUI login
  • graphical.target
    • Performs graphical login
  • poweroff.target
    • Shuts down the system
  • reboot.target
    • Reboots the system

Where Targets Live

/etc/systemd/system/

or

/lib/systemd/system/

Managing Targets

systemctl get-default
systemctl set-default <target name>
systemctl isolate <target name>
systemctl isolate poweroff.target

systemctl

systemctl

  • isolate
  • status
  • is-active
  • disable
  • enable
  • start
  • restart
  • reload
  • stop
  • set-default
  • get-default
  • reboot
  • list-unit-files

Processes

  • Programs currently running on Linux
  • Multitasking
    • Running multiple processes simultaneously
  • Daemon
    • A resident process that runs in the background according to certain conditions
  • ps
    • Display a list of processes
  • top
    • Display processes sorted by CPU or memory usage
  • pstree
    • Display the parent-child relationships of processes
  • kill
    • Terminate a process
  • killall
  • pkill
  • pgrep
    • Returns the PID for the process name specified as an argument
$ sleep 60 &
[1] 692
$ pgrep sleep
692
$ ps a
    PID TTY      STAT   TIME COMMAND
    243 hvc0     Ss+    0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
    248 tty1     Ss+    0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
    611 pts/0    Ss     0:00 -bash
    612 pts/1    Ss     0:00 /bin/login -f
    657 pts/1    S+     0:00 -bash
    692 pts/0    S      0:00 sleep 60
    709 pts/0    R+     0:00 ps a
$ sleep 60 &
[1] 798
$ kill -STOP 798
$ pgrep -l sleep
798 sleep

[1]+  Stopped                 sleep 60
$ sleep 60 &
[1] 804
$ kill -TERM 804
$ pgrep sleep
[1]+  Terminated              sleep 60
$ ps a
    PID TTY      STAT   TIME COMMAND
    263 hvc0     Ss+    0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
    270 tty1     Ss+    0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
    653 pts/0    Ss     0:00 -bash
    654 pts/1    Ss     0:00 /bin/login -f
    696 pts/1    S+     0:00 -bash
    725 pts/0    S      0:00 sleep 1000
    726 pts/0    S      0:00 sleep 10004
    727 pts/0    S      0:00 sleep 10003
    730 pts/0    R+     0:00 ps a
$ killall sleep
[2]-  Terminated              sleep 10004
[1]-  Terminated              sleep 1000
[3]+  Terminated              sleep 10003

Jobs

  • Foreground jobs
  • Background jobs

You can run a command as a background job by appending &.

$ sleep 120 &
[2] 1483
$ ps
    PID TTY          TIME CMD
    653 pts/0    00:00:00 bash
   1482 pts/0    00:00:00 sleep
   1483 pts/0    00:00:00 sleep
   1484 pts/0    00:00:00 ps

You can use the jobs command to display jobs, and the bg command to move a foreground job to the background.

$ jobs
[1]-  Done                    sleep 12
[2]+  Running                 sleep 120 &
$ bg %2
-bash: bg: job 2 already in background

GUI Environment

To use a GUI environment, a mechanism called X Window System is used.

X Window System

  • I/O devices are managed by the X server
  • The X client requests the X server to display on screen
  • The X client's window manager controls the appearance of the X Windows System

Representative Window Managers

  • twm
  • mwm
  • fvwm
  • kWin
  • Metacity
  • Mutter

Integrated Desktop Environments

Software that bundles various applications such as:

  • Text editor
  • Terminal
  • File manager
  • Window manager
  • Display manager

Representative Integrated Desktop Environments

Display Manager

Software that performs user authentication in a GUI environment

Starting X Window System

$ startx
# systemctl isolate graphical.target

X Server and X Client

The server side is the X client, and the user side is the X server

File Owner and Owning Group

When a file is created, the user becomes the owner and the group the user belongs to becomes the owning group.

# ls -l
total 4
drwx------ 4 root root 4096 May 20 14:10 snap
-rw-r--r-- 1 root root    0 Jun 22 23:17 test.txt
# chown bluen test.txt
# ls -l
total 4
drwx------ 4 root  root 4096 May 20 14:10 snap
-rw-r--r-- 1 bluen root    0 Jun 22 23:17 test.txt
# chgrp bluen test.txt
# ls -l
total 4
drwx------ 4 root  root  4096 May 20 14:10 snap
-rw-r--r-- 1 bluen bluen    0 Jun 22 23:17 test.txt

Access Permissions

  • Readable
    • Read a file
    • Read a directory (files, subdirectories)
  • Writable
    • Write to a file (change file contents)
    • Write to a directory (create, delete files)
  • Executable
    • Execute a file
    • Execute a directory (execute files inside the directory)
# ls -l
total 4
drwx------ 4 root  root  4096 May 20 14:10 snap
-rw-r--r-- 1 bluen bluen    0 Jun 22 23:17 test.txt
# chmod o+x test.txt
# ls -l
total 4
drwx------ 4 root  root  4096 May 20 14:10 snap
-rw-r--r-x 1 bluen bluen    0 Jun 22 23:17 test.txt

chmod

Target

  • u: owner
  • g: group
  • o: other users
  • a: all users

Operation

  • +: add permission
  • -: remove permission
  • =: set permission

Permission type

  • r
  • w
  • x
  • s
  • t

umask

Default access permissions

Use the umask command to change the default access permissions

# umask
0022
# touch test2.txt
# ls -l
-rw-r--r-- 1 root  root     0 Jun 22 23:32 test2.txt

Since the umask value is 0022, you can see that 666 - 022 = 644.

In other words, it becomes -rw-r--r--.

# umask 0026
# umask
0026
# touch test3.txt
# ls -l
-rw-r--r-- 1 root  root     0 Jun 22 23:32 test2.txt
-rw-r----- 1 root  root     0 Jun 22 23:36 test3.txt

After changing the umask value to 0026 and creating a file, 666 - 026 = 640, i.e., -rw-r-----.

SUID

When executed by a user with execute permission, the file runs with the permissions of the file's owner.

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 59976 Nov 24  2022 /usr/bin/passwd
  • The execute permission position shows s.
  • In the case of the passwd command, root is the owner, so it runs with root privileges.

SGID

  • When executed by a user with execute permission, it runs with the permissions of the group that owns the file.
  • Can also be set on a directory
$ chmod g+s test.txt
$ ls -l
-rw-r-Sr-- 1 bluen bluen    0 Jun 22 23:13 test.txt

Sticky Bit

Prevents files from being deleted even when write permission exists.

$ ls -ld /tmp
drwxrwxrwt 7 root root 4096 Jun 23 06:55 /tmp
$ ls -l
drwxr-xr-x 2 bluen bluen 4096 Jun 23 06:58 sampledir
$ chmod o+t sampledir
$ ls -l
drwxr-xr-t 2 bluen bluen 4096 Jun 23 06:58 sampledir

SUID/SGID/Sticky Bit

  • SUID: 4000
  • SGID: 2000
  • Sticky Bit: 1000

File Management

  • ls
  • file
$ cat test.txt
ttthhh
$ file test.txt
test.txt: ASCII text
  • copy source destination
    • Use -R to copy an entire directory
  • mv
  • mkdir
    • Use -p to create directories at different levels all at once
$ ls -lR
.:
total 16
drwxr-xr-x 3 bluen bluen 4096 Jun 23 07:15 dir1
drwxr-xr-t 2 bluen bluen 4096 Jun 23 06:58 sampledir
drwx------ 3 bluen bluen 4096 May 14 20:05 snap
-rw-r--r-- 1 bluen bluen    7 Jun 23 07:05 test.txt

./dir1:
total 4
drwxr-xr-x 3 bluen bluen 4096 Jun 23 07:15 dir2

./dir1/dir2:
total 4
drwxr-xr-x 2 bluen bluen 4096 Jun 23 07:15 dir3

./dir1/dir2/dir3:
total 0
  • rm
    • Use -r to delete everything inside a directory as well
  • touch
    • Change the timestamp of a file
$ touch -t 202201010000 test.txt
$ ls -l
-rw-r--r-- 1 bluen bluen    7 Jan  1  2022 test.txt

Archive

Combine multiple files into one archive file

$ tar -cf tests.tar test.txt test2.txt
$ ls -l
-rw-r--r-- 1 bluen bluen     7 Jan  1  2022 test.txt
-rw-r--r-- 1 bluen bluen     0 Jun 23 08:30 test2.txt
-rw-r--r-- 1 bluen bluen 10240 Jun 23 08:31 tests.tar

Hard Links and Symbolic Links

inode (index node)

  • Data that consolidates attribute information about a file
  • Records where the file is written on disk
$ ls -li
total 28
 5260 drwxr-xr-x 3 bluen bluen  4096 Jun 23 07:15 dir1
 5252 drwxr-xr-t 2 bluen bluen  4096 Jun 23 06:58 sampledir
24896 drwx------ 3 bluen bluen  4096 May 14 20:05 snap
 5489 -rw-r--r-- 1 bluen bluen     7 Jan  1  2022 test.txt
 5245 -rw-r--r-- 1 bluen bluen     0 Jun 23 08:30 test2.txt
 5501 -rw-r--r-- 1 bluen bluen 10240 Jun 23 08:31 tests.tar
  • The leading number is the inode number
  • The files look different, but they share an inode and are connected to the same file entity
  • Think of it as one room (file entity) with multiple doors (hard links)
  • Hard links have a connection to the file entity
$ touch linksource.txt
$ ls
linksource.txt
$ ln linksource.txt hardlink1.txt
$ ls
hardlink1.txt  linksource.txt
$ cat hardlink1.txt
$ vi hardlink1.txt
$ cat hardlink1.txt
tekesaku
$ cat linksource.txt
tekesaku
$ ls -li
 5496 -rw-r--r-- 2 bluen bluen     9 Jun 23 18:18 hardlink1.txt
 5496 -rw-r--r-- 2 bluen bluen     9 Jun 23 18:18 linksource.txt
  851 lrwxrwxrwx 1 bluen bluen    14 Jun 23 18:21 symboliclink1.txt -> linksource.txt
  • You can see that the content written in the hard link file is also changed in the source file
  • Think of it as one room (file entity), one door (source file), with multiple hallways (symbolic links) connecting to the door
  • Symbolic links have no direct connection to the file entity, but are connected through the source file
$ ln -s linksource.txt symboliclink1.txt
$ cat symboliclink1.txt
tekesaku
$ ls
hardlink1.txt  linksource.txt symboliclink1.txt
$ ls -li
 5496 -rw-r--r-- 2 bluen bluen     9 Jun 23 18:18 hardlink1.txt
 5496 -rw-r--r-- 2 bluen bluen     9 Jun 23 18:18 linksource.txt
  851 lrwxrwxrwx 1 bluen bluen    14 Jun 23 18:21 symboliclink1.txt -> linksource.txt
  • Note that when copying a symbolic link, the -d option is required
  • Without -d, the source file is copied instead
$ cp -d symboliclink1.txt symboliclink2.txt
$ cat symboliclink2.txt
tekesaku
$ rm linksource.txt
$ ls
hardlink1.txt symboliclink1.txt  symboliclink2.txt
$ cat symboliclink1.txt
cat: symboliclink1.txt: No such file or directory
$ cat hardlink1.txt
tekesaku
  • When the source file of a symbolic link is deleted, the symbolic link file itself remains but the referenced file is gone, resulting in the error cat: symboliclink1.txt: No such file or directory.

  • On the other hand, a hard link file can still access the file entity.

  • You can distinguish a symbolic link file using the first character of the permission in ls -l, or with ls -F.

  • If the inode numbers shown by ls -i match, it is a hard link.

$ ls -i
 851 hardlink.txt   851 source.txt

Regular Expressions

  • *: matches zero or more characters
  • ?: matches any single character
  • []: matches any one of the characters inside []
  • {,}: matches any of the strings separated by ,

File Search

  • find
$ find /home -name "*".txt
/home/hoge/hardlink.txt
/home/hoge/source.txt
  • locate

    • Searches for files based on a filename database (list)
    • Use the updatedb command in advance to create the database
    • Creating the database takes time
  • which

$ which find
/usr/bin/find
  • whereis
    • Searches for a command file and displays its path
$ whereis find
find: /usr/bin/find /usr/share/man/man1/find.1.gz /usr/share/info/find.info-1.gz /usr/share/info/find.info-2.gz /usr/share/info/find.info.gz
  • type
$ type find
find is hashed (/usr/bin/find)
$ type cd
cd is a shell builtin
$ type whereis
whereis is hashed (/usr/bin/whereis)
$ type locate
locate is /usr/bin/locate
$ type ls
ls is aliased to `ls --color=auto'

Directory Structure

Basic Directories

  • /bin
    • Contains commands executable by general users
  • /sbin
    • Contains commands executable only by root users
  • /etc
    • Contains configuration files and script files
  • /dev
    • Contains device files
    • In Linux, various devices are operated through device files using a mechanism called udev
  • /lib
    • Library files
  • /media
    • External HDD, USB
  • /proc
    • System state is stored in file form
  • /home
  • /root
    • Directory for the root user
  • /boot
    • Contains files needed for boot, such as the kernel
  • /tmp
    • Temporary storage for files
  • /var
    • Contains frequently updated files such as log files
  • /usr Contains commands and libraries
    • /usr/bin
      • Commands commonly used by users
    • /usr/sbin
      • Commands for system administration
    • /usr/lib
    • /usr/local
    • /usr/share/man

How to Use /bin, /usr/bin, and /usr/local/bin Directories

Reference: https://linuc.org/study/knowledge/544/

  • /bin

    • Place commands that can be used even in single-user mode
    • Single-user mode is basically used in emergencies such as when the OS is broken and cannot start normally
    • /bin contains very basic commands and those used in emergencies
  • /usr/bin

    • Contains commands and programs that are "not used in single-user mode" and "managed on the system by a package management system such as RPM or deb"
    • Important commands and programs that make up the system but are not for emergency use go here
  • /usr/local/bin

    • Contains commands and programs that are "not used in single-user mode" and "not managed on the system by a package management system such as RPM or deb"
    • It is common practice to place custom scripts and the like in this directory
    • This directory is often empty right after installing a Linux distribution

Shell Types

Basic Shell Operations

  • Ctrl + A
  • Ctrl + E
  • Ctrl + D
  • Ctrl + H
  • Ctrl + L
  • Ctrl + C
  • Ctrl + S
  • Ctrl + Q
  • Ctrl + Z

Packages

Package Problems

  • Dependency: package B uses files from package A
  • Conflict: files from package A and package B cannot coexist (e.g., different versions)

=> Package management systems

Package Management Systems

apt

  • Advanced Packaging Tool
  • A package management system with improved usability compared to the complex dpkg

apt-get command

  • Root privileges are required to install or remove packages

Subcommands

  • autoclean
    • Delete downloaded package source files (archives)
  • autoremove
    • Remove unused packages
  • download
    • Download only without installing
  • install
    • Install or upgrade
  • remove
    • Uninstall a package
  • update
    • Fetch the latest information from the repository
  • dist-upgrade
    • Upgrade packages to the latest version
  • upgrade
    • Upgrade packages that do not require adding or removing other packages

apt-get Repositories

  • Repository locations are in files under the /etc/apt/sources.list.d directory
  • Or listed in the /etc/apt/sources.list file
$ cat /etc/apt/sources.list.d/ondrej-ubuntu-php-jammy.list
deb https://ppa.launchpadcontent.net/ondrej/php/ubuntu/ jammy main
# deb-src https://ppa.launchpadcontent.net/ondrej/php/ubuntu/ jammy main
  • deb means fetch the package file; deb-src means fetch the source file
  • http... is the repository URI
  • The jammy part is the version name
  • main means officially supported; universe means community-maintained; multiverse means restricted, etc.
$ cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ jammy main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ jammy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ jammy universe
# deb-src http://archive.ubuntu.com/ubuntu/ jammy universe
deb http://archive.ubuntu.com/ubuntu/ jammy-updates universe
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu/ jammy multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy multiverse
deb http://archive.ubuntu.com/ubuntu/ jammy-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted
deb http://security.ubuntu.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security universe
deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security multiverse

apt-cache command

  • Search and look up package information

Subcommands

  • search
    • Search for packages containing the specified keyword
  • show
    • Display information about the specified package
  • showpkg
    • Display detailed information about the specified package
  • depends
    • Display dependencies of the specified package
$ apt-cache depends tree
tree
  Depends: libc6

apt-file command

  • Search for packages containing the specified file
  • Requires installation before use: apt install apt-file
  • Run apt-file update beforehand
$ apt-file search "/usr/bin/sudo"
sshuttle: /usr/bin/sudoers-add
sudo: /usr/bin/sudo
sudo: /usr/bin/sudoedit
sudo: /usr/bin/sudoreplay
sudo-ldap: /usr/bin/sudo
sudo-ldap: /usr/bin/sudoedit
sudo-ldap: /usr/bin/sudoreplay

dpkg

  • Can install but cannot download
$ sudo dpkg -iE tree_1.7.0-5_amd64.deb
  • Package name
  • Version
  • Release number
  • CPU architecture
  • .deb indicates it is in Debian format

Options

  • -i
    • Install a package
  • -r
    • Uninstall a package while leaving configuration files
  • -P
    • Completely uninstall including configuration files
  • -l
    • Display installed packages
  • -L
    • List files installed from the specified package
  • -S
    • Show which package installed the specified file
$ dpkg -l
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                 Version                                      Architecture Description
+++-====================================-============================================-============-====================>
ii  acl                                  2.3.1-1                                      amd64        access control list >
ii  adduser                              3.118ubuntu5                                 all          add and remove users>
ii  adwaita-icon-theme                   41.0-1ubuntu1                                all          default icon theme o>
ii  alsa-topology-conf                   1.2.5.1-2                                    all          ALSA topology config>
ii  alsa-ucm-conf                        1.2.6.3-1ubuntu1.6                           all          ALSA Use Case Manage>
ii  apache2                              2.4.52-1ubuntu4.5                            amd64        Apache HTTP Server
ii  apache2-bin                          2.4.52-1ubuntu4.5                            amd64        Apache HTTP Server (>
ii  apache2-data                         2.4.52-1ubuntu4.5                            all          Apache HTTP Server (>
ii  apache2-utils                        2.4.52-1ubuntu4.5                            amd64        Apache HTTP Server (>
ii  apparmor                             3.0.4-2ubuntu2.2                             amd64        user-space parser ut>
ii  apport                               2.20.11-0ubuntu82.5                          all          automatically genera>
ii  apport-symptoms                      0.24                                         all          symptom scripts for >
ii  apt                                  2.4.9                                        amd64        commandline package >
ii  apt-file                             3.2.2                                        all          search for files wit>
ii  apt-utils                            2.4.9                                        amd64        package management r>
ii  aspell                               0.60.8-4build1                               amd64        GNU Aspell spell-che>
ii  aspell-en                            2018.04.16-0-1                               all          English dictionary f>
ii  at-spi2-core                         2.44.0-3                                     amd64        Assistive Technology>
...
$ dpkg -L acl
/.
/bin
/bin/chacl
/bin/getfacl
/bin/setfacl
/usr
/usr/share
/usr/share/doc
/usr/share/doc/acl
/usr/share/doc/acl/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/chacl.1.gz
/usr/share/man/man1/getfacl.1.gz
/usr/share/man/man1/setfacl.1.gz
/usr/share/man/man5
/usr/share/man/man5/acl.5.gz
/usr/share/doc/acl/changelog.Debian.gz
$ dpkg -S /usr/share/doc/acl
acl: /usr/share/doc/acl
$ dpkg -s acl
Package: acl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 200
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Multi-Arch: foreign
Version: 2.3.1-1
Depends: libacl1 (= 2.3.1-1), libc6 (>= 2.34)
Description: access control list - utilities
 This package contains the getfacl and setfacl utilities needed for
 manipulating access control lists. It also contains the chacl IRIX
 compatible utility.
Original-Maintainer: Guillem Jover <guillem@debian.org>
Homepage: https://savannah.nongnu.org/projects/acl/

yum

  • Yellowdog Updater, Modified
  • YUM configuration file
    • /etc/yum.conf
  • Repository information configuration
    • /etc/yum.repos.d
# yum info bash
Last metadata expiration check: 0:02:34 ago on Sat 24 Jun 2023 10:54:13 AM JST.
Installed Packages
Name         : bash
Version      : 5.1.8
Release      : 4.el9
Architecture : x86_64
Size         : 7.4 M
Source       : bash-5.1.8-4.el9.src.rpm
Repository   : @System
From repo    : anaconda
Summary      : The GNU Bourne Again shell
URL          : https://www.gnu.org/software/bash
License      : GPLv3+
Description  : The GNU Bourne Again shell (Bash) is a shell or command language
             : interpreter that is compatible with the Bourne shell (sh). Bash
             : incorporates useful features from the Korn shell (ksh) and the C shell
             : (csh). Most sh scripts can be run by bash without modification.

Available Packages
Name         : bash
Version      : 5.1.8
Release      : 6.el9
Architecture : x86_64
Size         : 1.7 M
Source       : bash-5.1.8-6.el9.src.rpm
Repository   : baseos
Summary      : The GNU Bourne Again shell
URL          : https://www.gnu.org/software/bash
License      : GPLv3+
Description  : The GNU Bourne Again shell (Bash) is a shell or command language
             : interpreter that is compatible with the Bourne shell (sh). Bash
             : incorporates useful features from the Korn shell (ksh) and the C shell
             : (csh). Most sh scripts can be run by bash without modificationp

rpm

  • Package management system developed by Red Hat
$ rpm -qa
bash-5.1.8-4.el9.x86_64
...

Options

  • -i
    • Install a package
  • -U
    • Upgrade or install
  • -F
    • Upgrade
  • -e
    • Uninstall
  • -q
    • Query; used in combination with other options
  • -qa
    • Display a list of installed packages

Device Management

  • Hardware is managed through device files

  • Device files are stored under /dev

  • Device files are automatically created by a mechanism called udev

  • Hardware information is stored in /proc

  • /sys contains files for accessing system information

  • /proc/cpuinfo

    • CPU information
  • /proc/interrupts

    • Information about interrupt processing
  • /proc/ioports

    • Address information for device-to-device communication
  • /proc/meminfo

    • Memory information
  • /proc/swaps

    • Information about swap space (= a portion of HDD/SSD used as memory)
  • /proc/bus/usb/<device name>

    • USB device information
  • /proc/bus/pci/<device name>

    • PCI device information

Viewing device information

  • cat /proc/cpuinfo
  • lscpu
  • lspci
  • lsusb
  • lsmem

udev

  • Device files are automatically created under /dev
  • Configuration files are in the /etc/udev/rules.d directory

How udev works

  1. Connect a device
  2. The kernel creates device information in the /sys directory
  3. The udev daemon creates a device file in the /dev directory
  4. Device information is conveyed to applications via a mechanism called D-Bus

Hard Disk Partitions

  • Logical divisions
  • A different file system can be created per partition
  • By partitioning, even if a large amount of data is saved, it will not encroach on other partitions

Partition Types

BIOS

UEFI

  • Primary partition
    • Device file names from /dev/sda1 to /dev/sda4
  • EFI system partition
    • Contains various management files

LVM

  • Logical Volume Manager
  • Manages physically different volumes (HDDs, etc.) as a single virtual volume
  • Logical volumes can be resized or moved to other disks
  • Backups can be easily created with snapshots

Device Files

  • 1st HDD (SSD, USB): /dev/sda
  • 2nd HDD: /dev/sdb
  • 3rd HDD: /dev/sdc
  • 4th HDD: /dev/sdd
  • 1st CD/DVD drive: /dev/sr0
  • 1st tape drive: /dev/st0

Partition Operations

fdisk command

  $ sudo fdisk -l
[sudo] password for bluen:
Disk /dev/ram0: 64 MiB, 67108864 bytes, 131072 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disk /dev/ram1: 64 MiB, 67108864 bytes, 131072 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disk /dev/ram2: 64 MiB, 67108864 bytes, 131072 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

<omitted>

Disk /dev/sda: 363.32 MiB, 380968960 bytes, 744080 sectors
Disk model: Virtual Disk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/sdb: 1 GiB, 1073745920 bytes, 2097160 sectors
Disk model: Virtual Disk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disk /dev/sdc: 1 TiB, 1099511627776 bytes, 2147483648 sectors
Disk model: Virtual Disk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disk /dev/sdd: 1 TiB, 1099511627776 bytes, 2147483648 sectors
Disk model: Virtual Disk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
$ sudo fdisk /dev/sdd

Welcome to fdisk (util-linux 2.37.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

This disk is currently in use - repartitioning is probably a bad idea.
It's recommended to umount all file systems, and swapoff all swap
partitions on this disk.

The device contains 'ext4' signature and it will be removed by a write command. See fdisk(8) man page and --wipe option for more details.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x0ef9f134.

Command (m for help): m

Help:

  DOS (MBR)
   a   toggle a bootable flag
   b   edit nested BSD disklabel
   c   toggle the dos compatibility flag

  Generic
   d   delete a partition
   F   list free unpartitioned space
   l   list known partition types
   n   add a new partition
   p   print the partition table
   t   change a partition type
   v   verify the partition table
   i   print information about a partition

  Misc
   m   print this menu
   u   change display/entry units
   x   extra functionality (experts only)

  Script
   I   load disk layout from sfdisk script file
   O   dump disk layout to sfdisk script file

  Save & Exit
   w   write table to disk and exit
   q   quit without saving changes

  Create a new label
   g   create a new empty GPT partition table
   G   create a new empty SGI (IRIX) partition table
   o   create a new empty DOS partition table
   s   create a new empty Sun partition table

Command (m for help): q

Partition Table

  • A partition table is an area for managing partitions within a storage device
  • It exists at the beginning of the storage area and is read first

MBR

GUID Partition Table

File System

Types

Btrfs

  • Can create virtual volumes (storage pools)
  • Can create a single file system spanning multiple physical volumes (multi-device file system)
  • Backup via snapshots
  • Create subvolumes by dividing the file system

Mounting File Systems

  • Incorporating a file system into the root file system
  • For example, when you connect an HDD, you mount the HDD to an arbitrary directory (mount point) before you can access it
# mount -t ext4 /dev/sdc1 /data
  • Specify the file system to mount (+ device) and the mount point
  • The mount command can only be run by the root user
  • If no device or mount point is specified, the /etc/fstab file is referenced

Network Configuration

Configuration Files

  • /etc/hostname
    • Contains the hostname
  • /etc/hosts
$ cat /etc/hostname
DESKTOP-7IGG3DT
$ cat /etc/hosts
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateHosts = false
127.0.0.1       localhost
127.0.1.1       DESKTOP-7IGG3DT.        DESKTOP-7IGG3DT

192.168.10.121  host.docker.internal
192.168.10.121  gateway.docker.internal
127.0.0.1       kubernetes.docker.internal

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

nmcli command

  • Command to manage the network via NetworkManager
  • NetworkManager is a subsystem adopted in RedHat-based systems
$ nmcli general status
STATE         CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN
disconnected  unknown       enabled  enabled  enabled  enabled
$ nmcli general hostname
DESKTOP-7IGG3DT
$ nmcli networking connectivity
unknown
$ nmcli radio wifi
enabled
$ nmcli radio wwan
enabled
$ nmcli device
DEVICE  TYPE      STATE      CONNECTION
virbr0  bridge    unmanaged  --
eth0    ethernet  unmanaged  --
lo      loopback  unmanaged  --
$ nmcli device show eth0
GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:15:5D:CF:DB:33
GENERAL.MTU:                            1500
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
WIRED-PROPERTIES.CARRIER:              on
IP4.ADDRESS[1]:                         172.27.63.153/20
IP4.GATEWAY:                            172.27.48.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 172.27.48.1, mt = 0
IP4.ROUTE[2]:                           dst = 172.27.48.0/20, nh = 0.0.0.0, mt = 0
IP6.ADDRESS[1]:                         fe80::215:5dff:fecf:db33/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 256
$ nmcli device wifi list
$ nmcli connection show

ip command

  • Display and change the IP address of a network device
$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:cf:db:33 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:a4:b0:85 brd ff:ff:ff:ff:ff:ff
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:cf:db:33 brd ff:ff:ff:ff:ff:ff
    inet 172.27.63.153/20 brd 172.27.63.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fecf:db33/64 scope link
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:a4:b0:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
$ ip route
default via 172.27.48.1 dev eth0 proto kernel
172.27.48.0/20 dev eth0 proto kernel scope link src 172.27.63.153
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

ifconfig command

  • Display and change the IP address of a network device
  • When NetworkManager is in use, ifconfig, ifup, and ifdown are not recommended
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.27.63.153  netmask 255.255.240.0  broadcast 172.27.63.255
        inet6 fe80::215:5dff:fecf:db33  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:cf:db:33  txqueuelen 1000  (Ethernet)
        RX packets 6160  bytes 8986715 (8.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1598  bytes 146271 (146.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:a4:b0:85  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ifup/ifdown commands

Security

Removing Unnecessary SUID/SGID

  • Use the find command to search for files with SUID/SGID set
  • If unnecessary SUID/SGID is found, remove the permission with chmod u-s <filename>. For SGID, use g-s
$ sudo find / -perm -u+s -ls
     1666     32 -rwsr-xr-x   1 root     root        30872 Feb 26  2022 /usr/bin/pkexec
     1817     56 -rwsr-xr-x   1 root     root        55672 Feb 21  2022 /usr/bin/su
     1818    228 -rwsr-xr-x   1 root     root       232416 Apr  4 03:00 /usr/bin/sudo
     1289     72 -rwsr-xr-x   1 root     root        72712 Nov 24  2022 /usr/bin/chfn
     1893     36 -rwsr-xr-x   1 root     root        35192 Feb 21  2022 /usr/bin/umount
     1596     40 -rwsr-xr-x   1 root     root        40496 Nov 24  2022 /usr/bin/newgrp
     1580     48 -rwsr-xr-x   1 root     root        47480 Feb 21  2022 /usr/bin/mount
     1635     60 -rwsr-xr-x   1 root     root        59976 Nov 24  2022 /usr/bin/passwd
     1412     36 -rwsr-xr-x   1 root     root        35200 Mar 23  2022 /usr/bin/fusermount3
     1295     44 -rwsr-xr-x   1 root     root        44808 Nov 24  2022 /usr/bin/chsh
     1433     72 -rwsr-xr-x   1 root     root        72072 Nov 24  2022 /usr/bin/gpasswd
    26960     60 -rwsr-xr-x   1 root     root        60360 Sep  5  2021 /usr/bin/inetutils-traceroute
    26010    416 -rwsr-xr--   1 root     dip        424512 Feb 25  2022 /usr/sbin/pppd

Closing Unnecessary Ports

Reference: https://linuc.org/study/knowledge/356/

There are actually two main ways to close ports.

One is "addressing it at the application level." Think about what it means for a port to be "open" in the first place. For example, when you start a web server application like Apache, port 80 (a Well Known port) opens by default and begins listening for connections on port 80.

With this in mind, stopping the server application automatically closes the port. This ties into the idea of "don't start unnecessary applications."

The other method is "restricting communication." The representative approach is a technique called "packet filtering." Using packet filtering, you can shut out communication on specific ports or from specific IP addresses. In Linux, packet filtering can be performed using a command called "iptables." With the iptables command, you can specify in detail what kind of communication to block, such as "block a specific port from a certain host."

To check which ports are open, there are commands such as "netstat," "lsof," and "nmap." The details of each command are omitted here, but netstat and lsof are used to find out "which ports you have open," while nmap is used to find out "which ports another host has open." Note that when packet filtering is applied, netstat and lsof may show a port as open even when it is filtered.

Other references:

https://network-beginners-handbook.com/netstat/

https://milestone-of-se.nesuke.com/sv-basic/linux-basic/ss-netstat/

https://qiita.com/s-yoshida/items/38e9830bd84a3bbe25b9

https://www.linuxmaster.jp/linux_skill/2009/02/linux-4.html

Stopping Unnecessary Services

Auto-start status

  • Use the following command to display all available units in the systemd path (/etc/systemd/system/ or /lib/systemd/system/) and check their auto-start status
  • systemctl list-unit-files --type=service
  • If an unnecessary service is set to auto-start, disable it with systemctl disable <unit name>
$ systemctl list-unit-files  --type=service
UNIT FILE                                              STATE           VENDOR PRESET
apache-htcacheclean.service                            disabled        enabled
apache-htcacheclean@.service                           disabled        enabled
apache2.service                                        disabled        enabled
apache2@.service                                       disabled        enabled
apparmor.service                                       enabled         enabled
<omitted>
wpa_supplicant@.service                                disabled        enabled
x11-common.service                                     masked          enabled

201 unit files listed.

Checking service status

  • Display all units that systemd attempted to load and check their status
  • Units that systemd did not attempt to load are not shown
  • systemctl list-units --all --type=service
$ sudo systemctl list-units --type=service
  UNIT                                                   LOAD   ACTIVE SUB     DESCRIPTION                             >
  apport.service                                         loaded active exited  LSB: automatic crash report generation
  blk-availability.service                               loaded active exited  Availability of block devices
  console-getty.service                                  loaded active running Console Getty
  <omitted>
  wpa_supplicant.service                                 loaded active running WPA supplicant

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
45 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

Access Control with TCP Wrappers

TCP Wrappers apparently runs on tcpd, but it seems it can also be used with sshd even when tcpd is not running.

Access control can be configured by adding settings to /etc/hosts.allow and /etc/hosts.deny.

$ cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
sshd: ALL
# ssh bluen@localhost
kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 22

firewalld Service

$ sudo apt install firewalld
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed
<omitted>
Processing triggers for dbus (1.12.20-2ubuntu4.1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-06-30 08:44:38 JST; 1min 3s ago
       Docs: man:firewalld(1)
   Main PID: 2096 (firewalld)
      Tasks: 2 (limit: 4559)
     Memory: 30.0M
     CGroup: /system.slice/firewalld.service
             └─2096 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
$ cat /lib/systemd/system/firewalld.service
[Unit]
Description=firewalld - dynamic firewall daemon
Before=network-pre.target
Wants=network-pre.target
After=dbus.service
After=polkit.service
Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service
Documentation=man:firewalld(1)

[Service]
ExecStart=/usr/sbin/firewalld --nofork --nopid
ExecReload=/bin/kill -HUP $MAINPID
# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
BusName=org.fedoraproject.FirewallD1
KillMode=mixed

[Install]
WantedBy=multi-user.target
Alias=dbus-org.fedoraproject.FirewallD1.service

Checking Login History

On Red Hat-based systems, use /var/log/secure; on Debian-based systems, use /var/log/auth.log to check logs of SSH connections and server logins.

$ cat /var/log/auth.log
<omitted>
Jun 30 08:17:03 <hostname> sshd[1450]: refused connect from 127.0.0.1 (127.0.0.1)
Jun 30 08:35:32 <hostname> sshd[1656]: refused connect from 127.0.0.1 (127.0.0.1)