Run Level Make directory

Init 0  Shutdown linux mkdir  create directory(path)

Init 6  Reboot rmdir  remove directory

rm –rf  remove file

w  Display logging User Lists touch  create file

pwd  display current directory #echo ___ >>(touch file)

hostname  display Linxu Machine Name vi  file editor

date  display date #vi (filename)  press I = insert key

cal  display calendar Esc key:q = quit without saving , :q! = force quit without save

man  manual page of command :wq = save and exit, :wq! = force save and exit

ls –a  hidden file Memory/file

ls –l  all information free = show memory, df = show file system, du = disk usage

ln  create link fdisk = show partition table, top = display background process

User management Create User

root:x:0:0:root:/root:/bin/bash useradd (or) adduser

root – user name or login name -d /user-folder username  different home directory

x – encrypted password stored in /etc/shadow -u 999 –g 500  specific user and group ID

0 – UID (user ID number) -G admin  add to multi groups

0 – Primary GID (group ID number) -M  without home directory

/root – home directory for user -e 2021-12-31 –f 45  account expire date, password expire

/root:/bin/bash – login shell for users Delete User

By default this directory contains 3 hidden dir userdel (username)

.bash_logout , .bash_profile, .bashrc -r  delete both account and file

Edit/Modify User (usermod) Show age and change password policy

-l new_name old_name chage –l username  show age

-d /new_dir /old_dir chage username  edit policy

-e 2021-12-31 username Log on User

-L –U  lock and unlock account lastlog  most recent login reports

last  success to login , lastb  fail to login

File/folder Permission Root password reset(Cent OS)

chmod 751 file/directory – permission change 1. at start up, press “e” to edit mode

Ownership of Linux file change ro  rw init=/sysroot/bin/sh

u = owner, g = group, o= other press Ctrl+X

rw-r-r- = owner-group-other chroot /sysroot  passwd (root) touch /.autorelabel

Permission exit reboot

r = read, w = write, x = execute, - = no permis 2. Press “e” to edit mode

Change file/directory permission at end of linux sentence  quite rd.break, Press Ctrl+X

1. r = 4, w = 2, x = 1 mount | grep sysrootmount –o remount,rw /sysroot

0 ---
1 --x
2 -w-
3 -wx
4 r--
5 r-x
6 rw-
7 rwx
2. Symbolic mode Change ownership and group

chmod u=rwx,g=rwx,o=rwx filename chown user file/directory

chmod a=rwx filename chgrp group-name filename

chmod u+rw,g-wx filename Default Permission

vi /etc/profile ,folder  7 5 5

Scripting vi /etc/bashrc ,file  6 4 4

Creat script file with any editor “.sh”

Cvi newscript.sh  chmod a+x newscript.sh Using simple read command

#!/bin/bash  echo “Hello World” #!/bin/bash

run command  bash newscript.sh (or) ./newscript.sh echo “Enter Your Name”

“#” adds to single line comment in bash script read name

echo”Welcome $name to Linux”

Using read command with time limit

#!bin/bash

read –t 5 –p “Enter Your Name :” name

echo $name
Using if statement with AND logic: If statement: -eq  equal

if..then..else..fi If..then..fi -lt  less than

#!bin/bash If [ conditional expression ] -gt  greater than

#Type your Login information then -le  less than or equal

read –p”Username:” user first statement -ge  greater than or equal

read –sp “Password:” pass second statement

if (( $user == “admin” && $pass == “12345” )) fi

then #!/bin/bash

echo –e”\nSuccessful login” count=100

else if [ $count –eq 100 ]

echo –e”\nUnsuccessful login” then

fi echo “Count is 100”

fi
If..then..elif..elif..else..fi
Using if statement with OR logic:
#!/bin/bash
#!/bin/bash
echo “Enter your lucky number”
echo “Enter any number”
read n
read n
if [ $n –eq 101 ];
if [[ ( $n –eq 15 || $n –eq 45 )]]
then
then
echo “You got 1st prize”
echo “You won the game”
elif [ $n –eq 510 ];
else
then
echo “You lost the game”
nd
echo “You got 2 prize”
fi
else
Case Statement
echo “Sorry, try for the next time”
echo “Enter your lucky number”
fi
read n

Using Case Statement case $n in

case expression in 101)

pattern1 ) echo “You got 1st prize” ;;

statements ;; 510)

pattern2 ) echo “You got 2nd prize” ;;

statements ;; *)

… echo “Sorry, try again” ;;

seac esac
Make Directory:
asd Delete a file:
#!/bin/bash #!/bin/bash
echo “Enter your directory name” Echo “Enter filename to remove”
read d read rf
mkdir $d rm –i $rf

Make directory by checking existence:

Mount/Unmount
#!/bin/bash
#mount /dev/cdrom /media/
echo “Enter directory name”

read ndir

if [ -d “$ndir” ]

then

echo “Directory exist”

else

mkdir $ndir

echo “Directory created”

Package Management with RPM(Red Hat Package Manager)

Some facts about RPM

=RPM is free and released under GPL (General Public License)

=RPM keeps the information of all the installed packages under /var/lib/rpm database

=RPM is the only way to install packages under Linux systems

=RPM deals with .rpm files

1. Install an RPM Package 2. check dependencies of RPM package before installing

#rpm –ivh pidgin-2.7.9-5.el6.2.i66.rpm
-i : install a package
-v : verbose for a nicer display
-h : print hash marks as the package archive is unpacked
3. check an Installed RPM package
#rpm –q (or) –ql (or) –qa BitTorrent
4. Upgrade package
#rpm –Uvh nx-3.5.0-2.el
5. Remove package
#rpm –qpR BitTorrent-5.2.2-1-Python2.4.noarch.rpm
-q : Query a package
-p : List capabilities this package provides
-R : list capabilities on which this package depends
6. Query information of Installed RPM package
#rpm –qi vsftpd
7. Information of RPM package before installing
#rpm –qip sqlbuddy-1.3.3-1.noarch.rpm

#rpm –evv nx
 1) IP address Assign with ifcfg config file
Yum package installation
#ip addr
#yum list installed
#cd /etc/sysconfig/network-scripts
#rpm –qa
#vi ifcfg-enp0s3
List of enabled and disabled yum repositories

#yum repolist all

DEVICE=enp0s3
Update a package
TYPE=Ethernet
#yum update <package_name>
NAME=enp03s
Check for available updates
IPADDR=192.168.1.254
#yum check-update
NETMASK=255.255.255.0
To know which package a particular file belongs to
GATEWAY=192.168.1.1
#yum provides “command_name”
DNS1=8.8.8.8
Eliminate any cached package from the system #systemctl restart Networkmanager.service
DNS2=8.8.4.4
#yum clean all #netstat –nr
ONBOOT=yes
To get an overview of all actions #cat /etc/resolv.conf #ifdown & #ifup
BOOTPROTO=static 
#yum history

2) IP Address Assign with nmcli command

#nmcli connection modify <interface_name> ipv4.address <ip/prefix>

#nmcli con mod enp0s3 ipv4.address 192.168.1.4/24

#nmcli con mod enp0s3 ipv4.gateway 192.168.1.1

#nmcli con mod enp0s3 ipv4.dns “8.8.8.8”

#nmcli con mod enp0s3

#cat /etc/sysconfig/network-scripts/ifcfg-enp0s3

#ip addr show enp0s3

3) IP Address Assign with GUI

#nmtui
Remote Access with SSH

#rpm –q | grep ssh

#vi /etc/sysconfig/network-script/ifcfg-ens160

BOOTPROTO=static

IPADDR=192.168.1.254

NETMASK=255.255.255.0

#vi /etc/ssh/sshd_config

Uncomment “Port 22” in line 17

Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

Uncomment and change “no” to “PermitRootLogin” in line 49

#LoginGraceTime 2m

PerminRootLogin no

#StrictModes yes

#MaxAuthTries 6

#maxSessions 10

Uncomment “PasswordAuthentication” and “PermitEmptyPasswords” in line 78

#To disable tunneled clear text passwords, change to no here!

#Password Authentication yes

PermitEmptyPassword no

PasswordAuthentication yes

#systemctl restart sshd

#systemctl status sshd

#systemctl enable sshd  In client PC, install Putty and give server ip and run.

Remote Access with Telnet

#rpm –qa | grep telnet

#firewall-cmd –-add-service=telnet --zone=public (--permanent success)

#systemctl restart telnet.socket

#systemctl restart firewalld

Creating Local Repository Server

Local Repository Server: RHEL 8 [192.168.200.1]

Local Client Machine: RHEL 8 [192.168.200.2]

Local Client Machine: Window 7[192.168.200.3]

RHEL 8 installation DVD (rpm package)

vsftpd FTP server

1. Install vsftpd #vi localrepo.repo

#yum install vsftpd –y

#systemctl restart vsftpd [LocalRepo_BaseOS]

#systemctl enable vsftpd Name=LocalRepo_BaseOS

enabled=1
2. Install createrepo package gpgcheck=0
#yum install createrepo –y baseurl=ftp://192.168.200.1/pub/Local_Repo/BaseOS/

3. Mount and copy the RHEL 8 media [LocalRepo_AppStream]

#mount dev/cdrom /mnt Name=LocalRepo_AppStream
#mkdir /var/ftp/pub/Local_Repo enabled=1
#cp /dev/cdrom/* -ar /var/ftp/pub/Local_Repo/ gpgcheck=0

baseurl=ftp://192.168.200.1/pub/Local_Repo/AppStream/
4. createrepo to /var/ftp/pub/Local_Repo/

#cd /etc/yum.repos.d 5. Test and verify your local repository

#mv /etc/yum.repos.d/*.repo /tmp/ #yum clean all
#touch /etc/yum.repos.d/localrepo.repo #yum repolist
#chmod 777 /etc/yum.repos.d/localrepo.repo
Samba Server Configuration

Check the ‘samba’ package on CentOS Anonymous Samba Sharing

#rpm –qa | grep samba #vi /etc/samba/smb.conf
If not,install samba and required package

#yum install samba samba-client samba-common [global]

Create new folder under /root, workgroup = WORKGROUP
#mkdir share server string = Samba Server %v
#mkdir /share/secured /share/anonymous netbios name = centos
#chmod 777 share security = user
To configure samba, edit the file “/etc/samba/smb.conf”. map to guest = bad user
Before making changes,copy backup of original file dns proxy = no
#cp /etc/samba/smb.conf /etc/samba/smb.conf.bk 

Start and enable samba services to start automatically at [Anonymous]

next boot. path = /share/anonymous
#systemctl start smb.service browsable = yes
#systemctl start nmb.service writable = yes
#systemctl enable smb.service (nmb.service) guest ok = yes
Add the service to firewalld. read only = no
#firewall-cmd --permanent --zone=public --add-service=samba

#firewall-cmd --reload

To disable SELINUX service, change the disabled in /etc/selinux/config

# This file controls the state of SELINUX on the system

Secured Samba Sharing
#SELINUX= can take one of these three values:
#groupadd smbgrp
#enforcing – SELINUX
#usermod –G smbgrp user1
#permissive – SELINUX
#smbpasswd
#disabled – No SELINUX policy is loaded
#smbpasswd –a user1
SELINUX=disabled
Edit configuration file:
#SELINUXTYPE= can take one of three values:
#vi /etc/samba/smb.conf
After SELINUX, #reboot
[Secured]

path = /share/secured

valid users = @smbgrp

#systemctl restart smb.service nmb.service
guest ok = no

writable = yes browsable = yes

Firewall Rule Firewall Rule
Linux firewall : - iptables 1. Rule name/number
- firewalld 2. Inbound / outbound
Firewall has 2 types: Network firewall and Client firewall 3. Action  allow / deny
Firewall has inbound traffic and outbound traffic. 4. Protocol  TCP/UDP/ICMP

5. service port number  ssh(22), telnet(23), ftp(20,21),

#yum install iptables iptables-service dns(53)

#iptables –A INPUT –s (source) –d (des) –p ICMP –j DROP 6. source and destination

#iptables –A INPUT –s (source) –d (des) –p TCP –dport 22 –j DROP

#iptables –I INPUT 2 –s (source) –d (des) –p TCP –dport 22 –j DROP

#iptables –L INPUT (inbound) / OUTPUT (outbound)

#iptables –nL INPUT –line-numbers - see rule with line numbers

#iptables –F INPUT - delete all inbound rules

#iptables –D INPUT (line number)

#service iptables restart

#service iptables save

Save & Restore Rules

#mkdir iptable

#iptables-save iptables.bk

#iptables-restore iptables.bk
Firewall Zone
#rpm –qa | grep firewalld
#systemctl enable firewalld
#systemctl start firewalld
#systemctl status firewalld
#firewall-cmd --reload
#firewall-cmd --list-all
#firewall-cmd --get-zones
#firewall-cmd --get-default-zone
#firewall-cmd --new-zone rhcelab --permanent
#firewall-cmd --set-default-zone rhcelab
#firewall-cmd --add-interface enp03s --zone rhcelab --permanent
Blocking a Service
#firewall-cmd --remove-service=https --permanent
Adding a TCP/UDP Port
#firewall-cmd --add-port=22/tcp --permanent
#firewall-cmd --add-port=53/udp --permanent
Blocking a TCP/UDP Port
#firewall-cmd --list-ports
#firewall-cmd --remove-port=22/tcp --permanent
Allowing Service
#firewall-cmd --get-services
#firewall-cmd --list-services
#firewall-cmd --add-service=https
Firewall Rich Rule

With service name - #firewall-cmd --add-rich-rule=’rule family=ipv4 source address=1.1.1.1/32 service name=ssh
accept’ --permanent

Time limit - #firewall-cmd --add-rich-rule=’rule family=ipv4 source address=1.1.1.1/32 service name=ssh limit
value=1/m accept’ --permanent

With port number - #firewall-cmd --add-rich-rule=’rule family=ipv4 source address=1.1.1.1/32 port port=22
protocol=tcp accept’ --permanent

With protocol value - #firewall-cmd --add-rich-rule=’rule family=ipv4 source address=1.1.1.1/32 protocol value=imcp
reject’ --permanent