Appendix. A chapter-by-chapter, command-line review

1. Welcome to Linux

• ls -lh /var/log—Lists the contents and full, human-friendly details of the /var/log/ directory.
• cd—Returns you to your home directory.
• cp file1 newdir—Copies a file called file1 to the directory called newdir.
• mv file? /some/other/directory/—Moves all files containing the letters file and one more character to the target location.
• rm -r *—Deletes all files and directories below the current location—use with great care.
• man sudo—Opens the man documentation file on using sudo with commands.

2. Linux virtualization: Building a Linux working environment

• apt install virtualbox—Uses apt to install a software package from a remote repository.
• dpkg -i skypeforlinux-64.deb—Directly installs a downloaded Debian package on a Ubuntu machine.
• wget https://example.com/document-to-download—A command-line program that downloads files.
• dnf update—or yum update or apt update—Synchronizes the local software index with what’s available from online repositories.
• shasum ubuntu-16.04.2-server-amd64.iso—Calculates the checksum for a downloaded file to confirm that it matches the provided value, meaning that the contents haven’t been corrupted in transit.
• vboxmanage clonevm Kali-Linux-template --name newkali—Uses the vboxmanage tool to clone an existing VM.
• lxc-start -d -n mycont—Starts an existing LXC container.
• ip addr—Displays information on each of a system’s network interfaces (including their IP addresses).
• exit—Leaves a shell session without shutting down the machine.

3. Remote connectivity: Safely accessing networked machines

• dpkg -s ssh—Checks the status of an Apt-based software package.
• systemctl status ssh—Checks the status of a system process (systemd).
• systemctl start ssh—Starts a system process.
• ip addr—Lists all the network interfaces on a computer.
• ssh-keygen—Generates a new pair of SSH keys.
• $ cat .ssh/id_rsa.pub | ssh [email protected] "cat >> .ssh/authorized_keys"—Copies a local key, and pastes it on a remote machine.
• ssh -i .ssh/mykey.pem [email protected]—Specifies a particular key pair.
• scp myfile [email protected]:/home/ubuntu/myfile—Safely copies a local file to a remote computer.
• ssh -X [email protected]—Logs in to a remote host for a graphics-enabled session.
• ps -ef | grep init—Displays all currently running system process, and filters results by the string init.
• pstree -p—Displays all currently running system processes in a visual tree format.

4. Archive management: Backing up or copying entire file systems

• df -h—Displays all currently active partitions with sizes shown in a human readable format.
• tar czvf archivename.tar.gz /home/myuser/Videos/*.mp4—Creates a compressed archive from video files in a specified directory tree.
• split -b 1G archivename.tar.gz archivename.tar.gz.part—Splits a large file into smaller files of a set maximum size.
• find /var/www/ -iname "*.mp4" -exec tar -rvf videos.tar {} ;—Finds files meeting set criteria, and streams their names to tar to include in an archive.
• chmod o-r /bin/zcat—Removes read permissions for the username others.
• dd if=/dev/sda2 of=/home/username/partition2.img—Creates an image of the sda2 partition, and saves it to your home directory.
• dd if=/dev/urandom of=/dev/sda1—Overwrites a partition with random characters to obscure the old data.

5. Automated administration: Configuring automated offsite backups

• #!/bin/bash—The so-called “shebang line” that tells Linux which shell interpreter you’re going to be using for a script.
• ||—Inserts an “or” into a script, meaning either the command to the left is successful or execute the command to the right.
• &&—Inserts an “and” into a script, meaning if the command to the left is successful, execute the command to the right.
• test -f /etc/filename—Tests for the existence of the specified file or directory name.
• chmod +x upgrade.sh—Makes a script file executable.
• pip3 install --upgrade --user awscli—Installs the AWS command-line interface using Python’s pip package manager.
• aws s3 sync /home/username/dir2backup s3://linux-bucket3040—Synchronizes the contents of a local directory with the specified S3 bucket.
• 21 5 * * 1 root apt update && apt upgrade—A cron directive that executes two apt commands at 5:21 each morning.
• NOW=$(date +"%m_%d_%Y")—Assigns the current date to a script variable.
• systemctl start site-backup.timer—Activates a systemd system timer.

6. Emergency tools: Building a system recovery device

• sha256sum systemrescuecd-x86-5.0.2.iso—Calculates the SHA256 checksum of a .ISO file.
• isohybrid systemrescuecd-x86-5.0.2.iso—Adds a USB-friendly MBR to a live-boot image.
• dd bs=4M if=systemrescuecd-x86-5.0.2.iso of=/dev/sdb && sync—Writes a live-boot image to an empty drive.
• mount /dev/sdc1 /run/temp-directory—Mounts a partition to a directory on the live file system.
• ddrescue -d /dev/sdc1 /run/usb-mount/sdc1-backup.img /run/usb-mount/sdc1-backup.logfile—Saves files on a damaged partiton to an image named sdc1-backup.img, and writes events to a log file.
• chroot /run/mountdir/—Opens a root shell on a file system.

7. Web servers: Building a MediaWiki server

• apt install lamp-server^—Ubuntu command that installs all the elements of a LAMP server.
• systemctl enable httpd—Launches Apache on a CentOS machine at every system boot.
• firewall-cmd --add-service=http --permanent—Permits HTTP browser traffic into a CentOS system.
• mysql_secure_installation—Resets your root password and tightens database security.
• mysql -u root -p—Logs in to MySQL (or MariaDB) as the root user.
• CREATE DATABASE newdbname;—Creates a new database in MySQL (or MariaDB).
• yum search php- | grep mysql—Searches for available packages related to PHP on a CentOS machine.
• apt search mbstring—Searches for available packages related to multibyte string encoding.

8. Networked file sharing: Building a Nextcloud file-sharing server

• a2enmod rewrite—Enables the rewrite module so Apache can edit URLs as they move between a client and server.
• nano /etc/apache2/sites-available/nextcloud.conf—Creates or edits an Apache host configuration file for Nextcloud.
• chown -R www-data:www-data /var/www/nextcloud/—Changes the user and group ownership of all website files to the www-data user.
• sudo -u www-data php occ list—Uses the Nextcloud CLI to list available commands.
• aws s3 ls s3://nextcloud32327—Lists the contents of an S3 bucket.

9. Securing your web server

• firewall-cmd --permanent --add-port=80/tcp—Opens port 80 to incoming HTTP traffic, and configures it to reload at boot time.
• firewall-cmd --list-services—Lists the currently active rules on a firewalld system.
• ufw allow ssh—Opens port 22 for SSH traffic using UncomplicatedFirewall on Ubuntu.
• ufw delete 2—Removes the second ufw rule as listed by the ufw status command.
• ssh -p53987 username@remote_IP_or_domain—Logs in to an SSH session using a nondefault port.
• certbot --apache—Configures an Apache web server to use Let’s Encrypt encryption certificates.
• selinux-activate—Activates SELinux on an Ubuntu machine.
• setenforce 1—Toggles enforcing mode in an SELinux configuration.
• ls -Z /var/www/html/—Displays the security context of the files in a specified directory.
• usermod -aG app-data-group otheruser—Adds the otheruser user to the app-data-group system group.
• netstat -npl—Scans for open (listening) network ports on a server.

10. Securing network connections: Creating a VPN or DMZ

• hostname OpenVPN-Server—Sets the command-prompt description to make it easier to keep track of which server you’re logged in to.
• cp -r /usr/share/easy-rsa/ /etc/openvpn—Copies the Easy RSA scripts and environment configuration files to the working OpenVPN directory.
• ./build-key-server server—Generates an RSA key pair set with the name server.
• ./pkitool client—Generates a client set of keys from an existing RSA key infrastructure.
• openvpn --tls-client --config /etc/openvpn/client.conf—Launches OpenVPN on a Linux client using the settings from the client.conf file.
• iptables -A FORWARD -i eth1 -o eth2 -m state --state NEW,ESTABLISHED, RELATED -j ACCEPT—Allows data transfers between the eth1 and eth2 network interfaces.
• man shorewall-rules—Displays documentation on the rules file used by Shorewall.
• systemctl start shorewall—Starts the Shorewall firewall tool.
• vboxmanage natnetwork add --netname dmz --network "10.0.1.0/24" --enable --dhcp on—Uses the VirtualBox CLI to create and configure a virtual NAT network with DHCP for VirtualBox VMs.
• vboxmanage natnetwork start --netname dmz—Starts a virtual NAT network.
• dhclient enp0s3—Requests an IP address for the enp0s3 interface from a DHCP server.

11. System monitoring: Working with log files

• Alt-F<n>—Opens a virtual console from a non-GUI shell.
• journalctl -n 20—Displays the 20 most recent log entries in the journal.
• journalctl --since 15:50:00 --until 15:52:00—Displays only events between the since and until times.
• systemd-tmpfiles --create --prefix /var/log/journal—Instructs systemd to create and maintain a persistent journal file rather than one that is destroyed with every boot.
• cat /var/log/auth.log | grep -B 1 -A 1 failure—Displays matching lines along with the lines immediately before and after.
• cat /var/log/mysql/error.log | awk '$3 ~/[Warning]/' | wc—Searches the MySQL error log for events classified as a Warning.
• sed "s/^ [0-9] //g" numbers.txt—Removes numbers at the start of each line of a file.
• tripwire --init—Initializes the database of a Tripwire installation.
• twadmin --create-cfgfile --site-keyfile site.key twcfg.txt—Generates a new encrypted tw.cfg file for Tripwire.

12. Sharing data over a private network

• /home 192.168.1.11(rw,sync)—An entry in the NFS server /etc/exports file that defines a remote client share.
• firewall-cmd --add-service=nfs—Opens a CentOS firewall for client access to your NFS share.
• 192.168.1.23:/home /nfs/home nfs—A typical entry in the /etc/fstab file of an NFS client, which loads an NFS share.
• smbpasswd -a sambauser—Adds Samba functionality (and a unique password) to an existing Linux user account.
• nano /etc/samba/smb.conf—Samba is controlled by the smb.conf file on the server.
• smbclient //localhost/sharehome—Logs in to a local Samba share (using the Samba user account).
• ln -s /nfs/home/ /home/username/Desktop/—Creates a symbolic link, allowing a user to easily access an NFS share by clicking a desktop icon.

13. Troubleshooting system performance issues

• uptime—Returns the CPU load averages over the past 1, 5, and 15 minutes.
• cat /proc/cpuinfo | grep processor—Returns the number of system CPU processors.
• top—Displays real-time statistics for running Linux processes.
• killall yes—Shuts down all running instances of the yes command.
• nice --15 /var/scripts/mybackup.sh—Raises the priority of the mybackup.sh script for system resources.
• free -h—Displays total and available system RAM.
• df -i—Displays the available and total inodes for each file system.
• find . -xdev -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n—Counts and displays numbers of files by parent directory.
• apt-get autoremove—Removes old and unused kernel headers.
• nethogs eth0—Displays processes and transfers data related to network connections using the eth0 interface.
• tc qdisc add dev eth0 root netem delay 100ms—Slows all network transfers through the eth0 interface by 100 milliseconds.
• nmon -f -s 30 -c 120—Records data from a series of nmon scans to a file.

14. Troubleshooting network issues

• ip addr—Lists the active interfaces on a Linux system. May be shortened to ip a or lengthened to ip address; it’s your choice.
• lspci—Lists the PCI devices currently connected to your computer.
• dmesg | grep -A 2 Ethernet—Searches the dmesg logs for references to the string Ethernet, and displays references along with the subsequent two lines of output.
• ip route add default via 192.168.1.1 dev eth0—Manually sets a new network route for a computer.
• dhclient enp0s3—Requests a dynamic (DHCP) IP address for the enp0s3 interface.
• ip addr add 192.168.1.10/24 dev eth0—Assigns a static IP address to the eth0 interface (doesn’t persist past the next system restart).
• ip link set dev enp0s3 up—Starts the enp0s3 interface (useful after editing the configuration).
• netstat -l | grep http—Scans a local machine for a web service listening on port 80.
• nc -z -v bootstrap-it.com 443 80—Scans a remote website for services listening on port 443 or 80.

15. Troubleshooting peripheral devices

• lshw -c memory (or lshw -class memory)—Displays the memory section of a system’s hardware profile.
• ls /lib/modules/`uname -r`—Lists the contents of the directory under /lib/modules/ containing modules for your current, active kernel.
• lsmod—Lists all active modules.
• modprobe -c—Lists all available modules.
• find /lib/modules/$(uname -r) -type f -name ath9k*—Searches for a file among the available kernel modules with a name starting with ath9k.
• modprobe ath9k—Loads the specified module into the kernel.
• GRUB_CMDLINE_LINUX_DEFAULT="systemd.unit=runlevel3.target"—The /etc/ default/grub file loads Linux as multiuser, non-graphic session.
• lp -H 11:30 -d Brother-DCP-7060D /home/user/myfile.pdf—Schedules a print job to the Brother printer at 11:30 UTC.

16. DevOps tools: Deploying a scripted server environment using Ansible

• add-apt-repository ppa:ansible/ansible—Adds the Debian Ansible software repository to allow apt to install Ansible on an Ubuntu/Debian machine.
• ansible webservers -m ping—Tests all the hosts in the webservers host group for network connectivity.
• ansible webservers -m copy -a "src=/home/ubuntu/stuff.html dest=/var/www/html/"—Copies a local file to the specified file location on all the hosts in the webservers group.
• ansible-doc apt—Displays syntax and usage information on the apt module.
• ansible-playbook site.yml—Launches an operation based on the site.yml playbook.
• ansible-playbook site.yml --ask-vault-pass—Uses a Vault password to authenticate and perform playbook operations.