Root password reset:
rd.break (as parameter in bootloader)
mount
mount -o remount,rw /sysroot/
chroot /sysroot
touch /.autorelabelUser accounts and groups:
useradd
userdel
usermod
chage
groupadd
groupdel
---
/etc/passwd
/etc/shadow
/etc/groupAccess Control Lists (ACL)
getfacl myfile ... get ACL info about file
setfacl -m ... modify ACL
setfacl -x ... remove ACL
setfacl -x u:colleague
setfacl -m u:colleague:rx myfile
setfacl -m u:boss:rwx myfile
setfacl -m g:admins:rx myfile
ACL on directory inherited on newly created files
setfacl -m d:u:colleague:rx mydirRPM packages:
rpm -q -a
rpm -q -c ... configs
rpm -q --scripts ... scripts related to packageYum repos:
[myrepo]
name=myrepo
baseurl=http://myrepo.com/something
gpgcheck=0
enabled=1
---
yum clean all
yum repolist all
---
/etc/yum/repos.d/myrepo.repoBoot and GRUB:
Linux networking:
ip addr show {myinterface}
ip link show {myinterface}
ip route
ip -6 route
getent hosts {myhostname}
host {shortname, longname}
dig {longname}
---
/etc/hosts
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-{myinterface}
/etc/sysconfig/network-scripts/route-{myinterface}
/etc/sysconfig/network ... (networking, hostname, gateway directives)SE Linux:
getsebool -a ... shows all SE booleans
semanage boolean -l ... shows persistency of SE boolean
setsebool -P ... sets boolean persistently
getenforce
setenforce {Enforcing|Permissive}
modes:
- enforcing mode
- permissive mode ... good for troubleshooting
- disabled mode ... needs reboot, use permissive mode instead, relabeling takes much time
---
/etc/sysconfig/selinux ... change SE mode permanently
/var/log/audit/audit.log
/var/log/messages
---
ls -Z myfile
semanage fcontext -l ... list contexts
restorecon -R -vv mydir ... recursively restore context
(/.*)? ... anything that is after slash
semanage fcontext -a -t httpd_sys_content_t '/mydir(/.*)?'
sealert -l {violation code}
SE configs: