passwd
: This
command
changes the password of users. Without an argument, this changes your own password. Otherwise, it changes the password of the user you specify.
useradd
: This creates a new user on the system.useradd fred
adds a new user with the namefred
. Use thepasswd
command to set their password.
usermod
: This modifies a user on the system, normally to add them to a group. Useusermod -a -G thegroup theusername
to add the usertheusername
to the groupthegroup
.
systemctl
: This
command
handles starting and stopping background services on Linux. This command usually has the formsystemctl CMD SERVICE
whereCMD
is the command you want to give, andSERVICE
is the service you want to issue the command to. Service commands includestart
,stop
,restart
,enable
(make sure the service starts on bootup), anddisable
(make sure the service does not start on bootup). The main services covered in this book includehttpd
,postgresql
, andmemcached
.
firewall-cmd
: This command handles the firewall. This command has several options. The option--add-service SERVICENAME
allows you to open up a service to outside connections, whereSERVICENAME
is the specific service you want to allow outside users to connect to. The list of services is available by runningfirewall-cmd --get-service
. If you just want to open up a port (i.e., one for which there is no service description), you can just usefirewall-cmd --add-port 1234/tcp
in order to open up TCP port 1234. To make the
service
available on reboot, you need to re-issue the command with the--permanent
flag added. You can show everything enabled on the current firewall by using--list-all
.
yum
: Theyum
command
is the automated package installer for CentOS and other Linux distributions.yum
allows you to quickly and easily search, find, and install Linux packages onto your system.yum
focuses on finding packages on the Internet and resolving dependencies between packages, and then usesrpm
to do all of the dirty work of actually installing the
packages
.yum
includes several subcommands, such assearch
,install
,update
, anduninstall
.yum update
updates all of your installed packages,yum search TERM
gives you a list of all available packages whose description includes the wordTERM
, andyum install PACKAGENAME
will installPACKAGENAME
and all of its dependencies for you. If for some reasonyum
stops working correctly, usually you can fix it by runningyum clean all
.
rpm
: Therpm
command
is the low-level package manager for CentOS. It handles the work of actually taking a package file and installing it onto the system. This is pretty rare, as this is usually handled throughyum
. However,rpm
also has a way of querying installed packages. A
list
of all of your installed packages can be found by runningrpm -qa
, and a list of all files that were modified after installation can be found by runningrpm -Va
.
rkhunter
: This command, if installed, checks your system for various types of malware by runningrkhunter --check
.
su
: This command stands for “switch user.” Without any arguments, this switches the user to theroot
user. You usually want to add the-l
option, which means to act as if you logged in with this user, which will take you to the user’s home directory and run other login tasks. If you give it an argument, it will be the name of the user you want to switch to. You must enter that user’s password in order to switch users.
sudo
: This command lets you temporarily run a command as another user (normally asroot
). The configuration of this command is beyond the scope of this book, butman sudo
should give you good information.
pssh
: This command performs a parallelssh
session across multiple hosts. See Chapter
12
for more information about this command.
pscp
: This
command
performs a parallelscp
copy from a local file or directory to multiple destination hosts. See Chapter
12
for more information about this command.
prsync
: This command does a parallel synchronization between a local directory and multiple destination hosts. See Chapter
12
for more information about this command.
ss
: This command gives information about open sockets on your machine. The two commands we focus on aress -plnt
for looking at listening TCP connections andss -plnu
for looking at listening UDP connections. This command is critical for knowing potential attack vectors that an attacker may use to gain access to your system.
netstat
: This is an older version of thess
command. This command gives you lots of information about active network connections on the system. The two ways this is normally called arenetstat -plant
(which gives a list of TCP session and listening sockets) andnetstat -planu
(which gives a similar list for UDP).
ps
: This
command
gives you information about processes running on the system. This has numerous options that can give you almost any piece of information you want to know. However, my favorite way of calling it isps -afxww
which gives you a list of all of the processes currently running displayed as a tree so you know which process spawned which other process.
top
: This command gives you information about which processes are using the most system resources. Useq
to leavetop
.
free
: This gives a short rundown of the current memory usage on the system.free -h
gives the most readable output.
uptime
: This gives a short
rundown
of the current load on the system. In Linux, the load is the number of processes that are wanting CPU time at any given moment. Therefore, for a machine withx
processors, the machine is fully loaded nearx
and is falling behind when it goes above that number. I usually try to keep my machines only half loaded at most.