Added networking and security notes

Author: rishabkumar7

LPILinuxEssentials.md

@@ -583,7 +583,7 @@ else
 fi
 
 # Show us what we have to work on today
-DOCUMENTS="/Users/jmartinez/Downloads/linux-essentials-practice/text-analysis"
+DOCUMENTS="/Users/rkumar/Downloads/linux-essentials-practice/text-analysis"
 
 for doc in "$DOCUMENTS"/*.txt
 do
@@ -638,4 +638,211 @@ cat $FILENAME
 - Develop
 - Deploy
 - Manage
-- Retire
+- Retire
+
+## <span id="hardware"></span> Understanding computer hardware
+
+| Command             | Purpose                                                                |
+| :---                | :---                                                                   |
+| `cat /proc/cpuinfo` | view processor details                                                 |
+| `free`              | view RAM stats in bytes<br><br>`-m` = show in MB<br> `-g` = show in GB |
+| `dmidecode`         | show details about motherboard, BIOS, processor, and RAM               |
+| `lsblk`             | view all block devices (e.g., HDD) attached to system                  |
+| `df`                | view free disk space on HDD<br><br> `-h` = human readable format       |
+| `du -h $path`       | disk usage; human redable, directories only <br><br>`-a` = show files  |
+| `top`               | show stats on processor, RAM, and running processes                    |
+
+* Hard drives tend to be named sequentially, such as `/dev/sda`, `/dev/sdb`, etc.
+* Partitions are named sequentially, so partitions on sda will be called `sda1`, `sda2`, etc.
+
+## <span id="data"></span>Where data is stored
+
+### <span id="kernel"></span>The kernel
+- Core of any Linux installation.
+- Responsible for managing every piece of softare on a Linux computer, interfacing with the hardware.
+- The kernel launches __/sbin/init__, and init in turn launches child processes.
+- Linux manages these processes in the processes table, which we can access via __ps__ and __top__.
+
+### <span id="processes"></span>Linux processes
+- Every process has a __PID__.
+- Every parent process has  parent ID (__PPID__)
+    + The two parent processes are 1) systemd and 2) kthreadd
+- The kernel supplies process information to the __`/proc`__ directory so it can be available to the `ps`, `top`, and `free` commands.
+- We can use `ps` to identify running processes. Note that this command provides a static snapshot.
+    + `-u $username` shows processes for that username
+    + `-e` shows every process running from all users
+    + `-H` show hierarchy of processes via indented output. E.g., `ps -eH`
+    + `--forest` also shows process hierarchy. E.g., `ps -e --forest`
+    + `-f` shows full format listing (all arguments a command is using while running). E.g., `ps -ef --forest`
+    + `ps -u josue --forest` shows parent/child relationships for processes.
+    + `ps u U josue` gives CPU and memory %.
+    + `ps aux` the `u` adds the username column. There's so much output it's typically more practical to grep.
+    + `kill -9 $PID` will kill a process
+- `top` is dynamic, as opposed to `ps`, which provides a static snapshot.
+    + `-h` or `?` will display CLI usage info and exit
+    + After running `top`...
+        * `k` will prompt for the PID of the process to kill.
+        * `M` sort by memory usage
+        * `P` sort by CPU usage (default)
+- `free` generates a report on the system's memory status using __KB__
+    + The __Mem:__ line shows total RAM stats
+    + The __-/+ buffers__ line shows the total memory used by the programs
+    + __Swap:__ is hard disk space used as a adjunct to RAM.
+    + The `-h` flag shows the information in human-readable measurements (MB, GB)
+
+### <span id="syslog"></span>syslog, klog, dmesg
+- Most system logs are stored in __/var/log/__
+- Logs are closed daily and retained for several days
+- Reading most system log files requires root privileges
+- __boot.log__ records events from when the system boots
+- __messages__ is the main log file
+- __secure__ is the file that logs when users elevate their privileges or attempt/fail to log in
+- `grep sshd /var/log/*`
+- __klogd__ manages messages from the kernel separate from other programs.
+- `dmesg` will display messages from the kernel. This helps with tshoot of hardware or driver issues.
+
+
+## <span id="networking"></span>Networking
+
+### <span id="basic-networking"></span>Basic networking
+
+#### Important network tools
+
+| Tool             | Purpose                                 |
+| ---              | ---                                     |
+| `ping -c $num `  | testing connectivity                    |
+| `dig`            | `dig www.pluralsight.com -t A`          |
+| `nslookup`       | `nslookup -query=A www.pluralsight.com` |
+| `netstat`        | list network connections                |
+| `route`          | current route/netwk settings            |
+| `host $fqdn`    | test DNS resolution                     |
+| `traceroute`     | trace packet route                      |
+| `ifconfig`       | current network settings                |
+| `ip addr [show]` | current IP addr and network settings    | 
+
+- You set up DNS information in __/etc/resolv.conf__, but in some distros you're not supposed to edit this file.
+- You can see CentOS network config in __/etc/sysconfig/network-scripts/ifcfg-ens33__ or some other __ifcfg...__ file.
+
+#### Static IP address
+- Edit __/etc/sysconfig/network-scripts/ifcfg-ens33__
+    + BOOTPROTO="static"
+    + `IPADDR="$addr"``
+    + `NETMASK="$mask"``
+    + `NETWORK="$subnet_id"``
+    + You can use CIDR notation on the IP address and omit the `NETMASK`
+    + Remember to set DNS information in __/etc/resolv.conf__
+    + You add routes another way
+
+### <span id="routes"></span>Routes
+- `ip route show` shows the routes
+- `route` older method of showing routes
+- `netstat -r` same output as the `route` command, including routes to leave the LAN
+- Always set your destination gateways as IP addresses, not FQDNs.
+- Add routes via `route add -net $ntwk_id netmask $mask gw $rtr_addr`
+- Remove routes via `route del -net $ntwk_id netmask $mask gw $rtr_addr`
+- `Route add default gw $ip_addr`
+- The DNS server used is indicated in __/etc/resolv.conf__
+
+### <span id="other"></span>Other commands
+
+| Command | Description |
+| --- | --- |
+| `netstat -a` | Lists listening & non-listening sockets |
+| `netstat -i` | Stats about the network interfaces |
+| `netstat -l` | Lists listening sockets |
+| `netstat -s` | Summary for each protocol |
+| `netstat -r` | Equivalent to `route` |
+
+
+## <span id="security"></span>Basic security and user types
+
+### <span id="root-std-users"></span>Root and standard users
+- Only the user and root can access the user's files.
+- `finger $username` gives info on a user (login, directory, name, and shell)
+- `id $username` gives user ID, group ID, group memberships
+- __/etc/passwd__ has list of users who can authenticate locally. Each line indicates the user, the user's pw (legacy field), UID, GID for default group, full name or comment, home dir, and default shell
+- __/etc/shadow__ has list of user passwords. Each line has the username, hashed pw, last modified field in Unix epoch, max days before a password must be changed, days ahead of max when the user will be prompted to change the password, the days to wait to disable the account if the password remains expired, and the expired field.
+- __/etc/sudoers__ has a list of sudoers
+- __/etc/group__ shows the group, password for the group, GID, and list of users who are members
+- `pwck` checks whether passwd and shadow are in sync.
+- `pwconv` adds any missing users from etc to shadow.
+- Root exists to perform administrative tasks and can therefore access all files.
+- `su` or `su -` let’s you become Root. `su - username` gives us a shell as that user, with their PATH var.
+- `sudo $cmd` is a per-command way to elevate privileges.
+- `who` = who is logged in
+- `W` shows logged in users and their processes.
+- `who -b` last boot time
+- `who -m` whostname and user associated with it
+- `who -r` our current run level
+- `who -q` number of users logged in
+- `who -a` all of the above
+- `last [$username]` who logged in, when, and how, in reverse chronological order
+
+
+## <span id="users-groups"></span>Creating users and groups
+- Every user acct has a UID and a textual username.
+- Different users could have the same UID and therefore identical rights to the same files. You should never do this.
+- `id` will show the current user’s UID and GID. You can also type `id $username`
+- `groups $username` shows the group memberships.
+- `groupadd <grp-name>` = add a new group
+- `useradd [-G $GID] -m -c "John Doe" jdoe` = add a new user. This command pulls defaults from __/etc/default/useradd__
+    + `-m` = create home dir
+    + `-c` = comment; usually the user's full name
+- `userdel -r jdoe` = delete user and home folder
+- `sudo passwd $username` = change user's password.
+
+
+## <span id="permissions-ownership"></span> Managing file permissions and ownership
+
+### <span id="permissions"></span> File and directory permissions
+
+```bash
+☁  shell-scripting  ll
+total 24
+drwxr-xr-x  5 rkumar  staff   160B May 21 16:22 ./
+drwxr-xr-x  5 rkumar  staff   160B May 21 08:48 ../
+-rwxr-xr-x  1 rkumar  staff   546B May 21 16:17 daily.sh*
+-rwxr-xr-x  1 rkumar  staff   516B May 21 16:22 indexer.sh*
+-rw-r--r--  1 rkumar  staff   1.8K May 21 16:22 test1.txt
+```
+
+- In the output above, the columns on the left indicate the user, group, and global permissions.
+- Permissions can be shown via symbolic (the letters above) or octal notation.
+    + `r` = 4
+    + `w` = 2
+    + `x` = 1
+    + e.g., daily.sh has octal values 755
+
+### <span id="modifying-permissions"></span> Modifying permissions
+- `chmod` = change mode of a file or directory, affecting permissions
+    + `chmod u=rwx,g=rw,o=r $file_name`
+    + `chmod o-rx daily.sh` = remove read and execute permissions from others
+    + `chmod -R o-rx shell-scripting/*` = recursively alter permissions for files in a directory, but not the directory itself
+        * Applying the command to the directory instead of including `/*` also alters the directory.
+    + `chmod 600 test1.txt` = modify permissions on the file with rw permissions for the user and no permissions for the group or others
+- `chown $file_or_dir` = change ownership of a file/directory
+    + `chown $username:$group $file`
+        * You can omit the colon and the group if you're only changing the user. `chown $username $file`
+        * You can omit the user if you're changing the group membership: `chown :$group $file`
+        * Only root can change the user who owns a file
+- `chgrp` = change group ownership of a file/directory
+
+
+## <span id="special"></span>Special directories and files
+
+### <span id="symlinks"></span> Symbolic links
+- Symlinks are similar to windows shortcuts. They reference the path to a file, not the file itself.
+- If the original file/dir is moved, the symlink breaks.
+- `ln -s $src_name $link_name` one convention is to append `.lnk` to the end of the symlink name
+- `unlink $link_name` removes the symlink
+- Symlinks display an __l__ in the file descriptor column of the `ls -l` output.
+- Hard links are another pointer to the exact data on the hard disk. Deleting only one doesn't delete the file.
+    + `ln $src_file $link_name`
+
+### <span id="special-files-dirs"></span> Special files and directories, and the sticky bit
+- __/var/tmp:__ Has temp files that do __not__ get deleted on reboot
+- __/tmp:__ Has files that get deleted upon reboot
+    + Files in this directory have the sticky bit set, meaning that only users who created a file can delete that file even if everything has rwx permissions for this directory. This cam be seen via `ls -ld /tmp`, which gives `drwxrwxrwt. 8 root root 211 May 23 18:22 /tmp`
+- There are two ways to apply the sticky bit to a directory:
+    + `chmod o+t $dir_name`
+    + `chmod 1777 $dir_name` the `1` denotes the sticky bit. To remove it, use `chmod 777 $dir_name`, where the absence of the `1` implies a zero (`chmod 0777 $dir_name`)