Explain setuid, setgid, and stickybits
THESE BITS ONLY WORK ON C EXECUTABLE AND NOT SHELL SCRIPTS
setuid - the root user made the process/application but anyone that attempts to run it will run it as root, or whatever user initially made it
setgid -The setgid affects both files as well as directories. When used on a file, it executes with the privileges of the group of the user who owns it instead of executing with those of the group of the user who executed it.
When the bit is set for a directory, the set of files in that directory will have the same group as the group of the parent directory, and not that of the user who created those files. This is used for file sharing since they can be now modified by all the users who are part of the group of the parent directory.
Finally, the sticky bit makes it to where only the user that created the file/directory can delete it. This must be placed on the directory and not the file!
1) Become root user
2) Create a directory called Animals
3) Create Animals group add users to Animals group then make the Animals directory group Animals.
At this point, your users should be able to enter the directory if the group has execute capabilities.
4) You want group members to create files that they can all access since normally if a group member creates a file it will just be in their personal group. Change this to where it will be accessible for all users and make it’s group always Animals
5) You don’t want to let the other members be able to delete files one another has created aside from the owner who created initially, make it so.
6) Create an executable file as root that allows all users to use as root. (ONLY WORKS ON C NOT SHELL SCRIPTS)
7) Lastly, remove all of your special bits
su
mkdir Animals
groupadd Animals
usermod -aG Animals delsinm
chgrp Animals Animals
chmod g+s Animals
chmod o+t Animals
cd Animals
touch executable
chmod u+s executable
chmod u-s executable
cd ..
chmod o-t,g-s Animals
Describe the process of changing the root password when it’s forgotten
rd.break - this will break off to the ram disk, this will drop you to where before the root filesystem is mounted ( the system locates that info in /etc/fstab. /sysroot will contain the filesystem for the time being but it’s read only so:
mount -o remount/rw /sysroot
this just makes it to where we can modify the filesystem now that we have rw permission
chroot /sysroot
Your root directory is set to / by default, but since the filesystem is on /sysroot now, we’ll want to change that root directory over to /sysroot
Recover root password
reboot
Stop at the menu that shows the recovery mode and standard (should be the top one)
press e to edit
after rhgb quite:
rd.break
^x
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
exit
Create a temporary environmental variable
export VAR=test
Create a permanent environmental variable
Update the PATH global varaible to contain /opt/this directory
or
Add a script to your path so you can use it without having to type ./this.sh
make a backup just in case
cp .bashrc bahrc.backup
vi .bashrc
TEST=’123’
export TEST
export PATH=”$PATH:/opt/this”
mkdir -p ~/bin (~ says go to your home)
mv your.sh /bin/your.sh
export PATH=”$PATH:$HOME/bin”
source ~/.bashrc <or></or>
Set a permanent global variable
vi /etc/profile or /etc/bashrc
I think /etc/profile needs a relogin
TEST=’123’
export TEST
What is the nice scale?
-20 - 19
Lower the number, higher priority
This is ONLY for cpu priority and has nothing to do with startup times
Run sleep and give it a nice value
nice -n 5 sleep 10
show logs from system boot
cat /var/log/boot.log
Show info on hardware - specifically cpu
dmidecode -t processor
status: populated, enabled means that’s the actual cpu core
rollback a download
yum history undo 2
Where would you go to access the ssh configuration to change the port?
disable root login
What should you do afterword?
/etc/sshd/ssh_conf
PermitRootLogin no
let selinux know
semanage port -a -t ssh_port_t -p tcp 5183
open port on firewall
Show info about ens33
ethtool ens33
What does this mean:
BONDING_OPTS=”mode=5 miimon=100”
mode =
0 Round Robin - Packets are sequentially transmitted received through each interface one by one
1 Active Backup - One up and the other comes up if the other goes down
2 XOR (exclusive OR) - MAC is recorded and all traffic coming from it goes down same link
3 Broadcast - Transmitted of all slaves
4 Dynamic Link Aggregation - NICS act as one so you get higher throughput
5 Transmit Load Balance - Based on load of slave.
6 Adaptive Load Balancing - Load Balanced through ARP negotiation
miimon (media independent interface monitoring)- Specifies the MII link monitoring frequency in milliseconds - determines how often the link state of slaves inspected for failure
configure an interface with nmcli
nmcli device (shows all devices)
nmclie connection modify enp0s3 ipv4.addressess 10.253.1.211/24
nmclie connection modify enp0s3 ipv4.gateway 192.168.1.1
nmclie connection modify enp0s3 ipv4.method manual
nmclie connection modify enp0s3 ipv4.dns 8.8.8.8
nmcli connection down enp0s3
nmcli connection up enp0s3
nmcli connection show –active
nmcli connection modify enp0s3 +ipv4.addresses 10.253.1.211/24
nmcli connection reload (does the same as up/down)
systemctl reboot
ip address show
nmcli connection show enp0s3
Create a bond with nmcli
nmcli connection add type bond con-name “Bondconn1” ifname bond0
nmcli connection modify Bondconn1 bond.options “mode=active-backup”
nmcli connection add type ethernet slave-type bond con-name bond0-if1 ifname ens5 master bond0
nmcli connection add type ethernet slave-type bond con-name bond0-if2 ifname ens6 master bond0
sudo nmcli connection delete bond0-if2
cat /proc/net/bonding/bond0
Use SCP
touch jack
scp jack delsinm@192.168.11.2:/home/deslinm
(delsinm is the name on the SERVER
/home/delsinm is where you want it to go on the SERVER)
enter username and password
file has now been transferred
scp delsinm@remote:/home/delsinm/jack /home/delsinm
capisce?
directories can be sent with scp -r
Use Rsync
rpm -qa | grep rsync
yum install rsync
tar cvf backup.tar
tar cvf backup.tar .
. <- current directory
mkdir /tmp/backups
rsync -zvh backup.tar /tmp/backups/
rsync -azvh /home/delsinm /tmp/backups/
Create a script confirming if the variable number is equal to 100 then print something
!/bin/bash
count=100
if [ $count -eq 100 ]
then
echo “Count is 100”
else
echo “Count is not 100”
fi <- tell script to exit out, opposite of it
Create candy script
echo
echo “What is your name?”
read name
echo
echo “Hello, $name. What do you like Candy? [y/n]”
read candy
if [ $candy == y -o yes ]
then
echo “I’ll be seeing you later then…”
elif [ $candy == n -o no]
then
echo “Hmm, no fun.”
else
echo “Learn to read”
fi
Create the following output using loop and an arithmetic expression:
Weekday 2 : Mon
Weekday 3 : Tue
Weekday 4 : Wed
Weekday 5 : Thu
Weekday 6 : Fri
!/bin/bash
i=1
for day in Mon Tue Wed Thu Fri
do
echo “Weekday $((i++)) : $day”
done
Create a do-while script that prints
Welcome (number 1-5) and increments up until 5
!/bin/bash
c=1
while [ $c -le 5 ] <- while c is less than and equal to 5
do
echo “welcome $c”
(( c++ )) <- allows c to accumulate
done
Create a case script
!/bin/bash
echo
echo Please choose one of the options below
echo
echo ‘a = Display Date and Time’
echo ‘b = List users logged in’
echo ‘c = List current user
echo ‘d = Check System uptime’
echo
read choices
case $choices in
a) date;;
b) ls;;
c) who;;
d) uptime;;
*) echo Invalid choice - Bye
esac
;; <- these are like spaces in between
