Linux

• QEMU
• Commands
• Kernel
• Hardening
• Red Hat
• Ubuntu
• CentOS
• Amazon Linux
• Other Flavors

“Linux poses a real challenge for those with a taste for late-night hacking (and/or conversations with God).” Matt Welsh

bash scripting

escaping restricted shell

https://grsecurity.net

Arch-based Debian-based

“A loop device is a pseudo (“fake”) device (actually just a file) that acts as a block-based device.”

“Linux Creator Linus Torvalds: I Love My MacBook Air!”

To disable desktop effects:

• Alt+Shift+F12 or
• compiz-config settings

Package manager vs dependency manager

Package manager manages for system

Dependency manager manages for projects

QEMU

When building qemu, use: su -

Before using qemu, check to see if kqemu is there: ls -l /dev/kqemu

If not:

1. su
2. modprobe kqemu
3. chmod 666 /dev/kqemu

Create an image for qemu to work on: qemu-img create image.img 10GB

To qemu the image: qemu image.img

Example:

qemu -cpu coreduo -m 1024 -usb -cdrom /dev/cdrom -boot d sif.img

Commands

“Permissions of 644 mean that the owner of the file has read and write access, while the group members and other users on the system only have read access.”

kill -9 “It is a forceful way to kill/terminate a or set of processes.” “This signal cannot be handled (caught), ignored or blocked.”

To copy a file from one server to another:

scp username@ipA:/path_to_file username@ipB:/path_to_file

To get current server’s domain name: hostname

When told that the drive is still in use:

lsof /dev/cdrom
kill [pid]

(lsof is “list open files”)

To rip from optical to disk:

dd if=/dev/cdrom of=/home/sif/???.iso bs=2048

To find desired program running:

ps aux | grep [???]

Find out how much space you have and how much space you are using:

df -h

(df is “display free disk space”)

To find the path to startx:

which startx

To make fwlogwatch easier to use:

cp -vp /usr/local/sbin/fwlogwatch /usr/bin/fwlogwatch

Make reading logs easier:

fwlogwatch /var/log/messages > /home/sif/messages
fwlogwatch /var/log/syslog > /home/sif/syslog

If you want to check your server’s current tracked connections, just run the following:

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count

If you want to adjust it, just run the following as root:

echo 123456 > /proc/sys/net/ipv4/ip_conntrack_max

It is better to use rsync with trial run than use diff for data comparison, dir1 is source:

rsync -av --dry-run dir1/ dir2/

Back up command, make sure the source is the only place you make changes to:

rsync -av --delete /home/sif/ /mnt/[usb?]/sif/

Syncing based on level (1 level):

rsync -av --delete --exclude="/*/" /home/sif/ /mnt/[usb?]/sif/

Syncing based on level (3 levels):

rsync -av --delete --exclude="/*/*/*/" /home/sif/ /mnt/[usb?]/sif/

Cataloging command:

ls -R > ls.txt
tree > tree.txt

Update the system time:

ntpdate pool.ntp.org && hwclock --systohc

Fixing flash problem, remove the one in:

~/.mozilla/plugins

Difference between rsync /exampleA/ /exampleB/ and rsync /exampleA /exampleB: the difference is whether or not you want the folder itself

The steps I took to change empathy from FAT32 to ext3:

1. fdisk /dev/sdb
2. mkfs.ext3 /dev/sdb1
3. chown sif:sif /mnt/empathy
4. rsync -av --delete /mnt/source/ /mnt/empathy/

To see if there is any difference although it’s really not necessary with rsync:

diff -req /mnt/affinity/ /mnt/empathy/

Do smartctl for hard drives

modinfo works on actual modules, not aliased names:

modinfo

cat /proc/sys/net/nf_conntrack

lsmod
grep conntrack /lib/modules/$(uname -r)/modules.alias

Kernel

Hardening

Red Hat

Red Hat Package Manager (RPM)

• Red Hat Linux 7.2 (Engima; University of Illinois’ lab)

Ubuntu

CentOS

Amazon Linux

Other Flavors

• VectorLinux 4 (09/2004), 4.3 rc1, 4.3, 5.8 SOHO LIVECD A1, 5.8 SOHO (final), 5.9 SOHO preview
• Knoppix 3.x, 4.x
• SUSE Linux 9.x
• Damn Small Linux 4.x