Term
| What would be the BEST solution for a systems administrator to access the graphical user environment of a Linux machine remotely? |
|
Definition
|
|
Term
A technical support engineer receives a ticket from a user who is trying to create a 1KB file in the /tmp directory and is getting
the following error No space left on device. The support engineer checks the /tmp directory, and it has 20GB of free
space.
What BEST describes a possible cause for this error? |
|
Definition
| the filesystem ran out of inodes |
|
|
Term
| What is the BEST reason for not storing database files in the /var directory? |
|
Definition
| If log files fill up /var, it might corrupt the database |
|
|
Term
An administrator receives a warning about a file system filling up, and then identifies a large file located at /tmp/
largelogfile. The administrator deletes the file, but no space is recovered on the file system.
What command would BEST assists the administrator in identifying the problem? |
|
Definition
|
|
Term
| What can be used to boot a DVD from a remote device to initialize a Linux system setup on bare metal hardware as if it is a local DVD? |
|
Definition
|
|
Term
After starting a long-running script, a systems administrator needs to verify the frequency of what is filling up the /var partition
and kill it because it is consuming too much space.
What is the correct sequence given only a terminal is available? |
|
Definition
1. CTRL-Z
2. bg
3. watch df /var
4. CTRL-Z
5. fg
6. CTRL-C |
|
|
Term
A Linux administrator must identify a user with high disk usage. The administrator runs the # du –s /home/* command and gets the following output:
43 /home/User1
2701 /home/User2
133089 /home/User3
3611 /home/User 4
Based on the output, User3 has the largest amount of disk space used. To clean up the file space, the administrator needs to
find out more information about the specific files that are using the most disk space.
Whatccommand will accomplish this task |
|
Definition
|
|
Term
| A Linux server has multiple IPs. A Linux administrator needs to verify if the HTTP server port is bound to the correct IP. What command would best accomplish this task |
|
Definition
|
|
Term
| A systems administrator needs to append output of ls –lha /opt command to the contents of a test.txt file. What command will accomplish this? |
|
Definition
|
|
Term
A Linux administrator needs to remotely update the contents of the www.comptia.org/contacts URL.
Which of the following commands would allow the administrator to download the current contents of the URL before updating? |
|
Definition
| curl www.comptia.org/contacts |
|
|
Term
Which of the following BEST describes running on a Linux system?
A. Containers only need the namespaces functionally to run on a Linux system available since kernel 2.6.
B. Containers need a hypervisor to run a Linux system. Cgroups namespaces are functionalities used for the kernel but not for
running containers.
C. Containers only need the cgroups functionality for running on a Linux system. Namespaces is not a Linux kernel
functionality needed for creating and managing containers.
D. Containers use the cgroups and namespaces functionalities to isolate processes and assign hardware resources to each of
those isolated processes |
|
Definition
Containers use the cgroups and namespaces functionalities to isolate processes and assign hardware resources to each of
those isolated processes |
|
|
Term
A Linux administrator is testing connectivity to a remote host on a shared terminal. The administrator wants to allow other users
to access the terminal while the command is executing.
Which of the following commands should the administrator use? |
|
Definition
| ping remotehost < results |
|
|
Term
| A Linux administrator needs to switch from text mode to GUI. Which of the following runlevels will start the GUI by default? |
|
Definition
|
|
Term
A junior systems is configuring localization option environment variables. The administrator is given a checklist of tasks with the
following requirements:
View current settings of the LC_ALL environment variable only.
Modify the LANG environment variable to US English Unicode.
Given this scenario, which of the following should be performed to meet these requirements? (Choose two.) |
|
Definition
locale
export LANG = en_US.UTF-8 |
|
|
Term
An administrator needs to change the IP address on a server remotely. After updating the configuration files, a network restart
is needed. However, the administrator fears that when the network connection drops, the network restart script will be killed
before the new IP address has been set.
Which of the following commands would prevent the script from being killed? |
|
Definition
| nohup service network restart |
|
|
Term
| Which of the following BEST describes the purpose of the X11 system? |
|
Definition
| X11 provides graphical display capabilities |
|
|
Term
An administrator is analyzing a Linux server which was recently hacked.
Which of the following will the administrator use to find all unsuccessful login attempts? |
|
Definition
|
|
Term
A junior administrator needs to unload an older video kernel module.
Which of the following commands would BEST accomplish this task? |
|
Definition
|
|
Term
An administrator is attempting to block SSH connections to 192.168.10.24 using the Linux firewall. After implementing a rule, a
connection refused error is displayed when attempting to SSH to 192.168.10.24.
Which of the following rules was MOST likely implemented? |
|
Definition
| iptables –A –p tcp –d 192.168.10.24 –dropt 22 –j REJECT |
|
|
Term
A Linux systems administrator needs to provision multiple web servers into separate regional datacenters. The systems
architect has instructed the administrator to define the server infrastructure using a specific tool that consumes a text-based
file.
Which of the following is the BEST reason to do this? |
|
Definition
| To ensure the administrator follows the planning phase of the system development life cycle |
|
|
Term
A Linux systems administrator needs to set permissions on an application with the following parameters:
The owner of the application should be able to read, write, and execute the application.
Members of the group should be able to read and execute the application.
Everyone else should not have access to the application.
Which of the following commands would BEST accomplish these tasks? |
|
Definition
|
|
Term
A junior Linux administrator is trying to verify connectivity to the remote host host1 and display round-trip statistics for ten
ICMP.
Which of the following commands should the administrator execute? |
|
Definition
|
|
Term
A junior Linux administrator is updating local name resolution to support IPv6. The administrator issues the command cat /
etc/hosts and receives the following output:
127.0.0.1 localhost
Which of the following actions should the administrator perform to accomplish this task? |
|
Definition
| Modify the /etc/hosts file, and add the 0.0.0.0 localhost entry to the file |
|
|
Term
A Linux systems administrator needs to copy the contents of a directory named “working” on the local working system to a
folder /var/www/html on a server named “corporate-web”.
Which of the following commands will allow the administrator to copy all the contents to the web server? |
|
Definition
| scp –r working/* webuser@corporate-web:/var/www/html |
|
|
Term
A systems administrator has received reports of intermittent network connectivity to a particular website. Which of the following
is the BEST command to use to characterize the location and type of failure over the course of several minutes? |
|
Definition
|
|
Term
Linux administrator has configured a Linux system to be used as a router. The administrator confirms that two network
adapters are properly installed and functioning correctly. In addition, the output of the iptables –L command appears to contain
a complete firewall configuration.
Which of the following commands does the administrator need to issue for the router to be fully functional? |
|
Definition
| echo “1” > /proc/sys/net/ipv4/ip_forward |
|
|
Term
A systems administration team has decided to their systems as immutable instances. They keep the desired state of each of
their systems in version control and apply automation whenever they provision a new instance. If there is an issue with one of
their servers, instead of troubleshooting the issue they terminate the instance and rebuild it using automation.
Which of the following is this an example of? |
|
Definition
|
|
Term
A systems administrator wants to deploy several applications to the same server quickly. Each application should be
abstracted from the host with its own dependencies and libraries and utilize a minimal footprint.
Which of the following would be BEST in this scenario? |
|
Definition
|
|
Term
An operator finds a user is having issues with opening certain files.
Which of the following commands would allow the security administrator to list and check the SELinux context? |
|
Definition
|
|
Term
A new corporate policy states that Bluetooth should be disabled on all company laptops. Which of the following commands
would disable the use of Bluetooth? |
|
Definition
| echo “modprobe bluetooth” > /etc/modprobe.d/modprbe-bluetooth |
|
|
Term
A Linux systems administrator wants the ability to access systems remotely over SSH using RSA authentication. to which of
the following files should the RSA token be added to allow this access? |
|
Definition
|
|
Term
A Linux server needs to be accessed, but the root password is not available.
Which of the following would BEST allow an administrator to regain access and set a new known password at the same time? |
|
Definition
| Boot into a single-user mode and reset the password via the passwd command. |
|
|
Term
A Linux administrator wants to fetch a Git repository from a remote Git server.
Which of the following is the BEST command to perform this task? |
|
Definition
|
|
Term
An administrator needs to create a shared directory in which all users are able, write, and execute its content but none of the
regular users are able to delete any content.
Which of the following permissions should be applied to this shared directory? |
|
Definition
|
|
Term
A systems administrator has finished building a new feature for the monitoring software in a separate Git branch.
Which of the following is the BEST method for adding the new feature to the software’s master branch? |
|
Definition
| Merge the changes from the feature branch to the master branch |
|
|
Term
| Which of the following will provide a list of all flash, external, internal, and SSD drives |
|
Definition
|
|
Term
| Which of the following configuration management tools is considered agentless |
|
Definition
|
|
Term
| Which of the following is a difference between YAML and JSON? |
|
Definition
| Users can comment in YAML but not in JSON |
|
|
Term
A junior administrator of a physical server receives log messages indicating the out-of-memory killer has been active. All
memory slots are in use on the motherboard, but additional disk space is available. Space has been allocated for a swap file.
Which of the following should the administrator use to reduce the output of memory messages? |
|
Definition
| free : swapoff / swapfile ; swapon -a |
|
|
Term
A system administrator has deployed a Linux server based on an Anaconda process with all packages and custom
configurations necessary to install a web server role.
Which of the following could be used to install more Linux servers with the same characteristics? |
|
Definition
|
|
Term
A Linux administration is using a Linux system as a router. During the tests, the administrator discovers that IP packets are not
being sent between the configured interfaces.
Which of the following commands enables this feature for IPv4 networks? |
|
Definition
| echo “1” > /proc/sys/net/ipv4/ip_forward |
|
|
Term
A systems administrator wants to know the current status of a series of dd jobs that were started in the background three
hours ago.
Which of the following commands will achieve this task? |
|
Definition
|
|
Term
A Linux administrator needs the “tech” account to have the option to run elevated commands as root.
Which of the following commands would BEST meet this goal? |
|
Definition
|
|
Term
| Which of the following is the purpose of the vmlinux file on a Linux system? |
|
Definition
| To provide the executable kernel for the system |
|
|
Term
A Linux administrator needs to take stock of USB devices attached to the system.
Which of the following commands would be BEST to complete this task? |
|
Definition
|
|
Term
| Which of the following server roles would assign a host IP address? |
|
Definition
|
|
Term
| Which of the following commands would show the default printer on a Linux system? |
|
Definition
|
|
Term
A system administrator has set up third-party log aggregation agents across several cloud instances. The systems
administrator wants to create a dashboard of failed SSH attempts and the usernames used.
Which of the following files should be watched by the agents? |
|
Definition
|
|
Term
A systems administrator must clean up all application files in the directory /var/log/app. However, the company’s security policy
requires the files to be kept on the backup server for one year. The Linux server has only the tar and bzip2 packages installed.
Which of the following commands will package and compress the files? |
|
Definition
| tar –cvf applicationfiles.tar.bz2 /var/log/app/* |
|
|
Term
In order to comply with new security policies, an administrator needs to prevent the SSH server from using insecure algorithms.
Which of the following files should be edited to accomplish this? |
|
Definition
|
|
Term
| Which of the following configuration files should be modified to disable Ctrl-Alt-Del in Linux? |
|
Definition
|
|
Term
| Explain the Linux Boot Process |
|
Definition
The boot process consists of the follwing stages - BIOS/UEFI POST - Boot Loader - Kernel initialization - Start the system
initilization processes (sysv or systemd) |
|
|
Term
|
Definition
UEFI/EFI
- PXE
- NFS
- Boot from ISO
- Boot from HTTP/FTP |
|
|
Term
|
Definition
/etc/default/grub
- /etc/grub2.cfg
- /boot- /boot/grub
- /boot/grub2
- /boot/ef |
|
|
Term
|
Definition
| This process uses a ISO image, that is mounted as a drive, to load the kernel |
|
|
Term
|
Definition
The Pre-EXacutable
environment is a client environment that searches for an appropriate server on the network from which to acquire a
boot image. Once this image has been located, it is downloaded using the trivial file transfer protocol (tftp). |
|
|
Term
|
Definition
| This process allows the image to be loaded using standard networking protocols |
|
|
Term
This command will create the initial ramdisk is used by the kernel to preload block devices that
are needed to access the root filesystem |
|
Definition
|
|
Term
Tthis command is similar to mkinitrd and results in an initial ramdisk the kernel can use to load
block devices that are needed to access the root filesystem |
|
Definition
|
|
Term
This command is used to install the GRUB2 boot loader onto a device, which includes
necessary images as well as creating the boot sector. |
|
Definition
|
|
Term
| This command is used for creating a configuratuion file for use by GRUB2 |
|
Definition
|
|
Term
This is a complete set of root file system directories, bundled into a cpio archive and
compressed. |
|
Definition
|
|
Term
These files are used by the UEFI bootloader and comprise the efi partition. They are normally
located at /boot/efi/. |
|
Definition
|
|
Term
This is the name of the Linux kernel executable. It is a compressed kernel that is capable of loading
the operating system into memory (Virtual Memory LINUX gZip). |
|
Definition
|
|
Term
This is a statically-linked executable file that contains the Linux kernel. It can be used in
debugging. In contrast to vmlinu(z), this file is not compressed (Virtual Memory LINUX |
|
Definition
|
|
Term
This is a situation where the kernel discovers an unrecoverable error and it is not able to recover from that error
without risk of data loss. This normally results in a bug check error being printed to the screen, followed by a memory
dump prior to either waiting for a manual reboot or automatically rebooting once the memory dump is completed |
|
Definition
|
|
Term
| Lists the currently loaded modules |
|
Definition
|
|
Term
| Inserts a module into the kernel |
|
Definition
|
|
Term
| Loads or removes a loadable kernel module to or from the kernel |
|
Definition
|
|
Term
| Extracts information about a kernel module that is provided to the command on the command line |
|
Definition
|
|
Term
Prints the message buffer of the kernel:
1. This output usually contains messages from device drivers and kernel modules |
|
Definition
|
|
Term
| Removes modules from the kernel, but not modules that are in use |
|
Definition
|
|
Term
| Creates a list of module dependencies |
|
Definition
|
|
Term
This is location of the kernel modules specific to a release of the
kernel |
|
Definition
| /usr/lib/modules/[kernelversion] |
|
|
Term
| This is the parent location for module storage |
|
Definition
|
|
Term
This is the file that contains the options that can be configured for modprobe. It is
scheduled to be deprecated. |
|
Definition
|
|
Term
is the location of the modprobe configuration files. It is the replacement for /etc/
modprobe.conf |
|
Definition
|
|
Term
Leverages the ICMP protocol to get an echo response from a host that is passed to it on the command
line, either as a hostname or an IP address |
|
Definition
|
|
Term
Used to print network connections, routing tables, and many other pieces of information about
the network status |
|
Definition
|
|
Term
| Queries the DNS system to resolve a domain name to an IP address |
|
Definition
|
|
Term
| Short for Domain Information Groper, use for interrogating DNS name servers |
|
Definition
|
|
Term
| Simple tool for DNS lookups |
|
Definition
|
|
Term
| Manipulates the kernel's routing table, and can be used to set static routes |
|
Definition
|
|
Term
Used to configure and manipulate network device drivers and connections
1. It is mostly used for wired connections. |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Configures and displays information about wireless network interfaces |
|
Definition
|
|
Term
| Command line tool used for controlling NetworkManager and getting its status |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Similar to nmcli, and provides a text interface that shows options for the tool |
|
Definition
|
|
Term
This is the location of the network interface configuration scripts get
used to manipulate the network interfaces |
|
Definition
| /etc/sysconfig/network-scripts/ |
|
|
Term
This is the location of more general network configurations that are not specific
to an interface |
|
Definition
|
|
Term
| This is the file that is the store for local DNS resolution |
|
Definition
|
|
Term
| This is the location of the network configuration files |
|
Definition
|
|
Term
This is the file that is used to determine the sources from which to obtain nameservice
information |
|
Definition
|
|
Term
| This is the file that contains the list of external DNS servers |
|
Definition
|
|
Term
| This is the location of files that can be used to configure networking on newer systems |
|
Definition
|
|
Term
| This file is used to override default kernel parameter values |
|
Definition
|
|
Term
| This file is used to configure the DHCP client |
|
Definition
|
|
Term
This is the process of combining several network connections in parallel, to increase network
throughput. |
|
Definition
|
|
Term
This is a type of load balancing in which one side is the active side. The other side is passive
and is held in reserve, in the event of the active side experiencing a failure |
|
Definition
|
|
Term
This is the process of distributing network traffic across multiple resources, to ensure that
no single resource experiences resource exhaustion |
|
Definition
|
|
Term
Short for GUID Partition Table, this type of partition table allows a device to be divided into a nearly unlimited
number of partitions, depending on the operating system. |
|
Definition
|
|
Term
a partition table that stores its partition data in a special boot sector, and has a 2TB
limit in total drive size. |
|
Definition
|
|
Term
real file system is a type of file system that exists on a device. It is physically mounted to the machine. A virtual file
system exists in memory and does not actually physically exist on a device. Once the computer is powered off, the
virtual file system no longer exists. One example of this would be: |
|
Definition
|
|
Term
| A framework in Linux that allows the mapping of physical devices to logical file volumes |
|
Definition
|
|
Term
| framework in Linux that allows the mapping of physical devices to logical file volumes |
|
Definition
|
|
Term
a command line tool that allows the management of Redundant Array of Independant Disks (RAID)
that are created using the device mapper |
|
Definition
|
|
Term
a storage technology that lets us use more than one method of accessing storage devices. This
allows for load balancing and high availability of the storage devices |
|
Definition
|
|
Term
|
Definition
| ext3, ext4, xfs, nfs, smb, cifs, ntfs |
|
|
Term
The 3rd extended file system was introduced in 2001 and it included journaling. It is limited by
individual file size of 2TB and an overall system size of 32TB |
|
Definition
|
|
Term
The 4th extended file system was introduced in 2008. It includes journaling too, but also allows for
huge file sizes. Individual files can be up to 16TB and system size can be up to 1EB (exabyte) |
|
Definition
|
|
Term
This file system was ported to Linux in 2014, it is a 64 bit, journaling file system that has excellent
support for parallel I/O loads |
|
Definition
|
|
Term
The Network File System is a client/server file system that allows file access across networks as if they
were local files |
|
Definition
|
|
Term
Server Message Block is a network protocol allowing network access to files and other network
resources |
|
Definition
|
|
Term
| This is a version of smb and it stands for Common Internet File System |
|
Definition
|
|
Term
This is a proprietary journaling file system developed by Microsoft, and is the default file system on
modern versions of the Windows operating system |
|
Definition
|
|
Term
This is the location of the File System TABle, and it contains the information necessary to allow
automatic mounting of devices |
|
Definition
|
|
Term
This is the location of the information for encrypted devices that are set up during system
boot. |
|
Definition
|
|
Term
| This contains the special device files for all the devices on the system |
|
Definition
|
|
Term
| This contains a listing of the Logical Volumes managed by LVM. |
|
Definition
|
|
Term
1. id: This contains a mapping of the devices based on the serial number.
2. uuid: This contains a mapping of the devices based on the UUID. This is how the devices are listed in fstab by
default.
3. path: This is a mapping of the devices based on the shortest physical path according to sysfs and contains
the bus name (pci,ata, etc.).
4. multipath: If this exists, it contains the path mappings for the device. |
|
Definition
|
|
Term
| This contains a list of the currently mounted file systems according to the mount command |
|
Definition
|
|
Term
| This contains symlinks to each of the block devices on the system |
|
Definition
|
|
Term
| This contains the major and minor numbers of the partitioned devices |
|
Definition
|
|
Term
| This is similar to mtab but it is maintained by the kernel |
|
Definition
|
|
Term
| Device mapper administration |
|
Definition
|
|
Term
| CLI program for managing device partitions does not work with partitions larger than 2TB |
|
Definition
|
|
Term
| CLI program for managing device partitions does not have the partition size limit of fdisk |
|
Definition
|
|
Term
| MaKe File System, used to build a file system on a partitioned device (normally a disk drive) |
|
Definition
|
|
Term
| Reports CPU and device I/O stats |
|
Definition
|
|
Term
Disk Free, reports the free space on the file system that is passed to it:
1. Using no arguments lists the system |
|
Definition
|
|
Term
Disk Usage, reports the size of the file that is passed to it:
1. With no arguments, it lists the file size of all files on the system each on one line. |
|
Definition
|
|
Term
| Attaches a file system to a mount point |
|
Definition
|
|
Term
| Removes a file system attachment from a mount point |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Locate and print block device attributes |
|
Definition
|
|
Term
| Prints the superblock block group info for a filesystem on a device |
|
Definition
|
|
Term
| Used for resizing a filesystem |
|
Definition
|
|
Term
File System ChecK, used to detect errors on a filesystem and can be instructed to attempt to correct
issues |
|
Definition
|
|
Term
| Allows adjustment of tunable file system parameters |
|
Definition
|
|
Term
| Displays or changes filesystem labels |
|
Definition
|
|
Term
In virtual machines storage, when the entire amount of storage is allocated when the storage is
instantiated |
|
Definition
|
|
Term
in virtual machines storage BLANK where the limit of the disk is created but the actual storage is not allocated until it is
used. |
|
Definition
|
|
Term
is one that is independent of a virtual machine, and exists even if the machine does not. These
types of volumes are attached to machines, as opposed to ephemeral storage that only exists if the machine exists |
|
Definition
|
|
Term
a method in which the host network is simply bridged to the virtual machines. The virtual machines then
exist on the host network. |
|
Definition
|
|
Term
an entire network segment that is created for the virtual machines
independent of the host network. Ingress/egress methods must be created for network traffic to and from this overlay |
|
Definition
|
|
Term
technique in which internal IP addresses are mapped to an external IP
address, making it appear as if all of the network traffic is coming from the same single IP on the host |
|
Definition
| Network Address Translation (NAT) |
|
|
Term
| is one in which the virtual machines are only able to communicate with one another and their host system |
|
Definition
|
|
Term
provide high availability by incorporating two or more network interfaces. One is live and the others
are hot standbys in case the primary fails |
|
Definition
|
|
Term
| the layer that exists between a virtual machine and its underlying host's system |
|
Definition
|
|
Term
Time is one of the most important components, as it affects every system operation. In addition, the language that the
system used and the way that time is displayed should be considered |
|
Definition
|
|
Term
| files used for localization: |
|
Definition
/etc/timezone
/usr/share/zoneinfo |
|
|
Term
| Used to change the keyboard layout and location settings |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Displays the current time in a specific format |
|
Definition
|
|
Term
| There are also several environment variables related to localization, such as |
|
Definition
|
|
Term
| Refers to all of the categories that exist for the Local such as time, messages etc. |
|
Definition
|
|
Term
| Overrides all settings, normally used by applications to output in a known format |
|
Definition
|
|
Term
| Refers to the language that the system is using |
|
Definition
|
|
Term
| The time zone that is used for clock correction from UTC |
|
Definition
|
|
Term
In addition to these settings there are character sets to consider, as all languages do not use the same character sets.
Special characters, such as those used in Japanese, need to be displayed. Some available character sets include |
|
Definition
|
|
Term
| Software can be provided for installation in packages. Packages come in several types |
|
Definition
.rpm : Used in RedHat based distributions
.deb : Debian-based system package type
.tar : Archive file that contains the software files
.tgz : Compressed archive of the software files
.gz : Another type of compression used to package the software files |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Package manager for Debian-based distributions |
|
Definition
|
|
Term
| Package manager for RedHat-based distributions |
|
Definition
|
|
Term
| Package manager for Fedora, and is a derivative of the YUM package manager |
|
Definition
|
|
Term
| Package manager for OpenSUSE |
|
Definition
|
|
Term
| Dependencies can be checked and listed using the |
|
Definition
|
|
Term
pieces of code that are used more than once, and the library is included to prevent repetition in
the code. |
|
Definition
|
|
Term
| a place where the code can be stored and accessed by development teams |
|
Definition
|
|
Term
| Users on the system are part of at least one group. Adding users is done with the |
|
Definition
|
|
Term
| Users can be added to groups using the |
|
Definition
|
|
Term
| Once a user exists, it may be necessary to change properties of the user. This is done with what command? |
|
Definition
|
|
Term
| group modification command |
|
Definition
|
|
Term
| Command for creating user passwords |
|
Definition
|
|
Term
| password aging can be manged using the |
|
Definition
|
|
Term
| User and group removal is done with the |
|
Definition
| userdel or groupdel commands |
|
|
Term
| Global bash profile settings are located in the |
|
Definition
|
|
Term
User and group management files (/etc/passwd and /etc/group) list and configure the users and groups,
respectively, in combination with the |
|
Definition
/etc/shadow
file that contains encrypted users passwords |
|
|
Term
| Some commands that are used with users: |
|
Definition
id: Show the users' IDs
• whoami: Show the current user
• who: Shows logged in users
• w: Shows detailed information about logged in users
• last: Shows historical user logins |
|
|
Term
| Name two common text editors |
|
Definition
|
|
Term
for just displaying and searching the contents of files, there are these
commands |
|
Definition
|
|
Term
| Prints lines matching a pattern |
|
Definition
|
|
Term
| Prints the contents of the file |
|
Definition
|
|
Term
| Prints the last lines of the file |
|
Definition
|
|
Term
| Prints the first lines of the file |
|
Definition
|
|
Term
| Reads the whole file and paginates the output |
|
Definition
|
|
Term
|
Definition
|
|
Term
Output from commands can be redirected using meta characters. Text can also be processed using one of several
programs available in most distributions, such as the stream editor |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
Search for files in the system's file database:
once the database has been updated with |
|
Definition
|
|
Term
The two service management systems that are the most common on Linux systems are the older:
and the newer: |
|
Definition
|
|
Term
uses unit files to describe services and manage them. If a service is enabled it will start
automatically when the system starts. A disabled service is the opposite, and must be started manually |
|
Definition
|
|
Term
systemd
commands normally start with the |
|
Definition
|
|
Term
|
Definition
| NTP, WEB, CA, Name Server, DHCP, File Servers, monitoring, authentication, database, load balancer |
|
|
Term
Using the Network Time Protocol, these servers provide time services so that clocks can be synced
across the network |
|
Definition
|
|
Term
| These servers serve web pages |
|
Definition
|
|
Term
| A Certificate Authority, these servers provide certificate validation |
|
Definition
|
|
Term
| These provide DNS services on the network |
|
Definition
|
|
Term
| These provide network storage |
|
Definition
|
|
Term
These servers are usually part of an agent server pair and provide real time performance
information about monitored servers |
|
Definition
|
|
Term
These provide centralized authentication and can be part of a single sign on (SSO)
infrastructure. |
|
Definition
|
|
Term
| These servers provide data services |
|
Definition
|
|
Term
These servers route traffic, based on load numbers, to servers that are behind them in the
network. |
|
Definition
|
|
Term
| commands that can be used to manage devices |
|
Definition
| lsdev, lsusb, lspci, lsblk, dmesg, lpr, lpq |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| List PCI connected devices |
|
Definition
|
|
Term
| List block devices (hard disks). |
|
Definition
|
|
Term
Examine the kernel ring buffer, which is normally the location of messages generated by device
drivers. |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Devices are mostly listed in the system's virtual file systems |
|
Definition
|
|
Term
| User permissions come in three types: |
|
Definition
|
|
Term
| Linux permissions listed as numbers, such as 755 or 644, are known as |
|
Definition
|
|
Term
s the
process by which files and directories obtain their permission settings from their parent |
|
Definition
|
|
Term
| Commands used to manage permissions include |
|
Definition
| chmod, chown, chgrp, getfacl, setfacl, ls |
|
|
Term
| Changes the permissions on a file or directory |
|
Definition
|
|
Term
| Changes the owner of a file or directory |
|
Definition
|
|
Term
| Changes the group ownership |
|
Definition
|
|
Term
| Displays the File Access Control List (FACL) |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Lists files and directories |
|
Definition
|
|
Term
the default context-based permissions kernel module on RedHat-based
distributions |
|
Definition
|
|
Term
| SELinux can be in one of three states |
|
Definition
• Disabled: Permissions are not applied and are not logged.
• Permissive: Permissions are not applied, but permission violations are logged. This is useful for
troubleshooting.
• Enforcing: Permissions are applied and violations are logged |
|
|
Term
Only objects that are listed in the targeted policy are evaluated. Unconfined objects are not
evaluated |
|
Definition
|
|
Term
| All objects are evaluated and confined objects are restricted |
|
Definition
|
|
Term
| Gets the current state of SELinux |
|
Definition
|
|
Term
| Sets the state of SELinux |
|
Definition
|
|
Term
| Lists the status of SELinux including the state and policy |
|
Definition
|
|
Term
| Changes the context for an object |
|
Definition
|
|
Term
| Restores the context for an object to its default |
|
Definition
|
|
Term
| Lists the context for the objects in the directory passed |
|
Definition
|
|
Term
| Lists the context for the processes |
|
Definition
|
|
Term
the default context-based permissions kernel module on Debian-based distributions.
These permissions are based on file paths of objects |
|
Definition
|
|
Term
| Disables an AppArmor profile |
|
Definition
|
|
Term
| Used for setting enforcement mode on a profile |
|
Definition
|
|
Term
| Lists network processes that do not have an AppArmor profile loaded |
|
Definition
|
|
Term
| On Linux, authentication is handled by: |
|
Definition
| Pluggable Authentication Modules (PAM) |
|
|
Term
|
Definition
• Password Policies: Complex passwords as well as password histories
• LDAP integration: Lightweight Directory Access Protocol, used for centralized authentication
• User lockouts: Failed logins resulting in lockout after a configured number of failures |
|
|
Term
|
Definition
• known_hosts: A list of trusted connections with the fingerprint for the server
• authorized_keys: A key store for the keys of users that are allowed to access the server with no password
• config: The local configuration for the SSH users
• id_rsa: The private SSH key
• id_rsa.pub: The public SSH key |
|
|
Term
| A list of trusted connections with the fingerprint for the server |
|
Definition
|
|
Term
| key store for the keys of users that are allowed to access the server with no password |
|
Definition
|
|
Term
| The local configuration for the SSH users |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| an infrastructure providing services that can be used to validate hosts |
|
Definition
|
|
Term
|
Definition
• Are used to store data
• Can be changed
• Can be local or global |
|
|
Term
|
Definition
• Used for automating repetitive tasks
• Used for configuring a task
• Can be on the command line (CLI) or in files (.sh).
• Need to be executable.
• Need to start with #!/bin/bash |
|
|
Term
| The process of creating and assigning a value to a variable |
|
Definition
|
|
Term
| The process of extracting the value of a variable |
|
Definition
|
|
Term
| Pattern matching file names |
|
Definition
|
|
Term
| Used for redirection of output, or passing output to the next command |
|
Definition
|
|
Term
| Including one script file's resources in another script |
|
Definition
|
|
Term
Arguments passed to a script on the command line when the file is called. Escaping characters:
The process of formatting lines so that bash can interpret it special charaters correctly |
|
Definition
|
|
Term
These use Boolean logic to determine if the statements contained inside should be executed. Conditionals include if,
else, and then |
|
Definition
|
|
Term
These iterate over a set of statements until a condition is met. Looping statements include while, until, and
foreach. |
|
Definition
|
|
Term
|
Definition
/-the root de-irectory
/bin
/boot
/cdrom
/dev
/etc
/home
/lip
/lost+found
/media
/mnt
/opt
/proc
/root
/run
/sbin
/srv
/tmp
/usr
/var |
|
|
Term
|
Definition
| Everything on your Linux system is located under the / directory, known as the root directory. You can think of the / directory as being similar to the C:\ directory on Windows |
|
|
Term
| /bin – Essential User Binaries |
|
Definition
| The /bin directory contains the essential user binaries (programs) that must be present when the system is mounted in single-user mode. Applications such as Firefox are stored in /usr/bin, while important system programs and utilities such as the bash shell are located in /bin. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Historical Mount Point for CD-ROMs |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| essential shared libraries |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| System Administration Binaries |
|
|
Term
|
Definition
| SELinux Virtual File System |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| User Binaries & Read-Only Data |
|
|
Term
|
Definition
|
|
Term
| what are two types of kernels: |
|
Definition
|
|
Term
|
Definition
Device Drivers-
Filesystem Drivers-
Network Drivers-
System Calls-
Executable Loaders |
|
|
Term
| what are three kill commands |
|
Definition
|
|
Term
| what are the kill command signals |
|
Definition
SIGINIT
SIGKILL
SIGTERM
SIGSTOP-this one pauses
SIGSTP-this one pauses from the terminal |
|
|
