Show Menu
Cheatography

Intro To System Administration - McCool Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Popular Commands

 
ps - shows the status of running processes, supports more than 80 comman­d-line options on Linux systems.

man - tradit­ional "­on-­lin­e" docume­ntation

pwd - print working directory

cd - move to another directory

mkdir - to make a directory

rmdir - remove to directory

Manuel Pages

 
To find out about a command:
man command

Manual pages are divided into different sections depending on their purpose. User commands are in section 1, Unix system calls in section 2, and so on. 1, 5 (file formats), and 8 (system admini­str­ation commands).

Transport Layer Security

 
Uses public key crypto­graphy and PKI to secure messages between nodes on a network. TLS runs as a separate layer that wraps TCP connec­tions. Once a client and server have establ­ished a TLS connec­tion, the contents of the exchange, including the URL and all headers, are protected by encryp­tion.

Even More Important Direct­ories

 
/usr/local
Programs and datafiles that have been added locally by the system admini­str­ator.

/etc/skel
Sample startup files you can place in home direct­ories for new users

/dev
This directory contains the so-called device files, the interface between the filesystem and the hardware

/proc
The interface between the filesystem and the running processes, the CPU, and memory

/opt
Directory is often used for larger software packages

More Important Direct­ories

 
/var/spool
Temporary storage for files being printed, sent by UUCP, and so on.

/usr/lib
Standard libraries, such as libc.a.

/usr/l­ib/X11
The X Window System distri­bution. Contains the libraries used by X clients, as well as fonts, sample resources files, and other important parts of the X package.

/usr/i­nclude
Standard location of include files used in C programs

/usr/src
Location of sources to programs built on the system.

Important Direct­ories

 
/bin
The most essential Unix commands, such as ls.

/usr/bin
Other commands.

/sbin
Very common commands used by the superuser for system admini­str­ation.

/usr/sbin
Commands used less often by the superuser for system admini­str­ation.

/boot
Location where the kernel and other files used during booting are sometimes stored.

/etc
Files used by subsystems such as networ­king, NFS, and mail.

/var
Admini­str­ative files, such as log files, used by various utilities.

Boot Process Tasks

 
Tasks:
Finding, loading, and running bootst­rapping code

Finding, loading, and running the OS kernel

Running startup scripts and system daemons

Mainta­ining process hygiene and managing system state transi­tions

Diagram of Processes Forked From Shell

Fix Key Commands

 
stty function key

Function is what you want to do:
erase, kill, intr, susp

Key is the key that you press. Put () in front of key i.e C

To generate list of current terminal settings:
stty a

Command to bring shell to a reason and making it operate as expected if it doesn't:
stty sane

Useful Keys

 
Ctrl-U : Delete the line from the cursor to the beginning of the line.

Ctrl-C : Aborts execution.

Ctrl-Z : Suspends execution.

Ctrl-S : Stops the terminal output until you press Ctrl-Q.

What the test command can do

Check whether a file exists
Check whether a directory exists
Check whether a variable is not empty
Check whether two variables have the same values
Check whether FILE1 is older than FILE2
Check whether INTEGER1 is greater than INTEGER2
 

Shells on Linux

 
bash - Bourne Again shell. The most commonly used shell on Linux. Comman­d-line editing, history substi­tution.

csh - Different interface for progra­mming. No comman­d-line editing, history substi­tution.

ksh - Korn shell. Comman­d-line editing.

sh - Bourne shell. The original shell. No comman­d-line editing.

tcsh - Enhanced C shell. Comman­d-line editing.

zsh - Z shell. The newest of the shells. Comman­d-line editing. Has very powerful completion features.

Linux & Unix Boot Process

More Basic Security Measures

 
Root Kits - Programs and patches that hide important system inform­ation such as process, disk, or network activity.

Packet Filtering - Passes only traffic for services that you specif­ically want to offer from that system.

Passwords and Multif­actor Authen­tic­ation

Vigilance

Applic­ation penetr­ation testing

Copying the Current Shell

ps -f

The current shell is copied including the enviro­nment variables.

OpenSSH Essentials

Commands:
ssh : the client
sshd : the server daemon
ssh-keygen : for generating public­/pr­ivate key pairs
ssh-add and ssh-agent : tools for managing authen­tic­ation keys
ssh-ke­yscan : for retrieving public keys from servers
sftp-s­erver : the server process for file transfer over SFTP
sftp and scp : file transfer client utilities

To Create A Temp File w/ Random Name

mktemp

This command is used to create a temporary file with a random name, which could be useful is we needed to have a place on disk for some temporary data.

With the -d flag to mktemp, we would create a temporary directory with a random name. Because the random name is suffic­iently long and we should always have write permis­sions in /tmp/, we would expect the mktemp command to almost always succeed and thus return an exit status of 0.

Security Power Tools

 
Nmap - Network Port Scanner

Nessus - Next generation network scanner

Metasploit - Penetr­ation testing software

Lynis - On-box security auditing

John the Ripper - Finder of insecure passwords

Bro - The progra­mmable network intrusion detection system

Snort - the popular network intrusion detection system

OSSEC - Host-based intrusion detection

Fail2Ban - Brute-­Force attack response system

Remote Logins

 
ssh -1 accoun­tname systemname

-1 specifies the account on the remote system

Another syntax with identical effects is:
ssh accoun­tna­me@­sys­temname

To suspend remote login:
~ followed by Ctrl-Z

How Security Is Compro­mised

 
Social Engine­ering

Software Vulner­abi­lities

Distri­buted Denial­-of­-Se­rvice

Insider Abuse

Network, system, or applic­ation config­uration errors

Elements of Security

 
Confid­ent­iality - Privacy of data

Integrity - Authen­ticity of Inform­ation

Availa­bility - Must be accessible to authorized to users when they need it

Basic Security Measures

 
Software Updates

Unnece­ssary Services - Disabling unnece­ssary services.

Remote Event Logging

Backups - Regular, tested system backups are an essential part of any site security plan. Protect your backups by limiting (and monito­ring) access and by encrypting backup files.

Viruses and Worms

To Copy Stuff Over SSH

 
To copy files in the SSH suite:
scp

Copies a file from your local system to remote system:
scp filepath accoun­tna­me@­sys­tem­name: DO NOT FORGET COLON

Copies a file from the remote system to your own:
scp accoun­tna­me@­sys­tem­nam­e:f­ilepath

To copy a directory:
scp -r accoun­tna­me@­sys­tem­nam­e:d­ire­cto­ryname relative path.
 

Viewing Files

 
xemacs - editor

cat - used to scan a file, rather than edit it.

vi - text editor

more - prints a screenful at a time and waits for you to press the spacebar before printing more. Can search for a string in the file: press the slash key (/), type the string, and press Return.

less - variation of more

nano - simple and low-impact starter editor

Linux login

 
Password:
# - means you are at root level
$ - means you are at the user level
To set a password use the "­pas­swd­" command.

Startup Files

 
.bashrc - Startup file

.bash_­profile - Runs only when you log in

.zshrc - .bashrc but for zsh

.zprofile - .bash_­pro­file, but for zsh

.cshrc - For the C shell or tcsh

.login - .bash_­profile for the C shell or tcsh.

.emacs - For Emacs editor

.exrc - For vi editor

.newsrc - For news readers

.xinitrc - For X Window System

.kde/s­har­e/c­onfig - Directory with config­uration files for the K Desktop Enviro­nment

.gnome - Directory with config­uration files for the GNOME

Filename Expansion

 
ls - lists files.

ls text?text - lists files containing digits in a position if the difference in file names is just a digit.

ls text[1­3]text - lists files with the digits 1 and 3 in that position.

ls text[1­-3]text - lists all files from 1-3 inclusive in that position. Also works with alphab­etical characters [a-zA-Z]

ls text*text - lists all files that match the structure including a numbers and full words between the text.

Common Security Flavors for NFS Protocol

AUTH_NONE - no authen­tic­ation

AUTH_SYS - UNIX-style user and group access control

RPCSEC_GSS - a stronger flavor that enables flexible security schemes

NFS Drawbacks

- NFS has no built-in provisions for synchr­onizing with backup servers.
- The sudden disapp­earance of an NFS server from the network can result in clients holding stale file handles that can be cleaned up only with a reboot.
- Strong security is possible but is overly complex.

NFS (Network File System)

The NFS protocol has been refined to increase platform indepe­ndence, to improve perfor­mance over wide area networks such as the Internet, and to add strong, modular security features.

Crypto­graphic Hash Functions

 
Proper­ties:
Entang­lement: every bit of the hash value depends on every bit of the input data. On average, changing one bit of input should cause 50% of the hash bits to change.

Pseudo­-ra­ndo­mness: hash values should be indist­ing­uis­hable from random data.

Non revers­ibi­lity: given a hash value, it should be infeasible to discover another input that generates the same hash value.

Public Key Infras­tru­cture

 
A network of entities who trust each other to varying degrees. By following indirect chains of trust outside your personal network, you can establish that a public key is trustw­orthy with a reasonable degree of confid­ence.
The Public Key Infras­tru­cture, used to implement TLS on the web, addresses this problem by trusting a third party known as a Certif­icate Authority (CA) to vouch for public keys.
The CA signs certif­icates for Alice and Bob’s public keys with its own private key.

Public Key Crypto­graphy

 
Alice generates a pair of keys. The private key remains a secret, but the public key can be widely known. Bob similarly generates a key pair and publishes his public key. When Alice wants to send Bob a message, she encrypts it with Bob’s public key. Bob, who holds the private key, is the only one who can decrypt the message.
Alice can also sign the message with her private key. Bob can use Alice’s signature and her public key to validate its authen­ticity.
Asymmetric ciphers.

Symmetric Key Crypto­graphy

 
Alice and Bob share a secret key that they use to encrypt and decrypt messages. They must find a way to exchange the shared secret privately. Once they both know the key, they can reuse it as long as they wish.
Symmetric keys are relatively efficient in terms of CPU usage and the size of the encrypted payloads.
The need to distribute the shared key in advance is a serious impediment to many use cases.

Crypto­graphic Message Properties

 
Confid­ent­iality - messages are impossible to read for everyone except the intended recipi­ents.

Integrity - it is impossible to modify the contents without detection.

Non repudi­ation - the authen­ticity of the message can be validated.