Flashcards
LPIC-2 Linux Engineer Flashcards
LPIC-2 Linux Engineer Flashcards
Flashcard Deck
Card 1 of 77
Space
Flip Card
←→
Navigate
1$ vmstat 2 5 # 5 samples every 2 seconds2$ iostat -xz 23$ sar -u 2 5 # CPU history4$ sar -r # memory history1$ uptime212:00 up 5 days, load average: 0.52, 0.38, 0.291$ ulimit -a # show all limits2$ ulimit -n 65536 # set open file limit3* soft nofile 655364* hard nofile 655361$ cat /proc/meminfo2$ grep -E "MemTotal|MemAvailable|SwapFree" /proc/meminfo1$ iostat -xz 12$ sudo iotop -o # only show active I/O3$ sudo hdparm -tT /dev/sda1$ ls /boot/2vmlinuz-6.1.0 initrd.img-6.1.0 System.map-6.1.01$ tar xvf linux-6.x.tar.xz && cd linux-6.x2$ make menuconfig3$ make -j$(nproc)4$ sudo make modules_install5$ sudo make install1$ lsmod | grep ext42$ modinfo ext43$ sudo modprobe ext44$ sudo modprobe -r ext41br_netfilter2
3# /etc/modprobe.d/blacklist.conf4blacklist nouveau1$ uname -r26.1.0-17-amd643$ uname -a4Linux host 6.1.0-17-amd64 #1 SMP x86_64 GNU/Linux1$ sysctl kernel.hostname2$ sysctl -w net.ipv4.ip_forward=13$ sysctl -p /etc/sysctl.conf4# Persistent:5echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/99-ip-forward.conf1$ sudo vim /etc/default/grub2GRUB_TIMEOUT=53GRUB_CMDLINE_LINUX="quiet splash"4
5$ sudo grub-mkconfig -o /boot/grub/grub.cfg6# or on RHEL/Fedora:7$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg1$ lsinitramfs /boot/initrd.img-$(uname -r) # Debian2$ lsinitrd /boot/initramfs-$(uname -r).img # RHEL1$ sudo update-initramfs -u # Debian/Ubuntu2$ sudo dracut -f # RHEL/Fedora3$ sudo dracut -f --kver $(uname -r)1# Boot to rescue target via GRUB editor (press 'e')2linux /vmlinuz root=/dev/sda1 ro systemd.unit=rescue.target1$ sudo umount /dev/sdb12$ sudo fsck -y /dev/sdb1 # auto-fix3$ sudo e2fsck -f /dev/sdb1 # ext4 forced check4$ sudo xfs_repair /dev/sdb1 # XFS1UUID=abc-123 /data xfs defaults,noatime 0 22$ sudo mount -o remount,noatime /data1$ udevadm info /dev/sda2$ udevadm monitor # watch device events3# Custom rule4SUBSYSTEM=="usb", ATTR{idVendor}=="1234", SYMLINK+="mydevice"1$ sudo pvcreate /dev/sdb /dev/sdc2$ sudo vgcreate datavg /dev/sdb /dev/sdc3$ sudo lvcreate -L 20G -n datalv datavg4$ sudo mkfs.xfs /dev/datavg/datalv1$ sudo lvcreate -L 5G -s -n snap_datalv /dev/datavg/datalv2$ sudo mount /dev/datavg/snap_datalv /mnt/snapshot3$ sudo lvremove /dev/datavg/snap_datalv1$ sudo mdadm --create /dev/md0 \2 --level=1 --raid-devices=2 /dev/sdb /dev/sdc3$ sudo mdadm --detail /dev/md04$ sudo mdadm --detail --scan >> /etc/mdadm/mdadm.conf1$ sudo iscsiadm -m discovery -t st -p 192.168.1.1002$ sudo iscsiadm -m node --login3$ lsblk # new block device appears1# Server: /etc/exports2/shared 192.168.1.0/24(rw,sync,no_subtree_check)3$ sudo exportfs -ra4$ sudo systemctl enable --now nfs-server5
6# Client:7$ sudo mount -t nfs 192.168.1.10:/shared /mnt/nfs1$ sudo mkfs.btrfs /dev/sdb2$ sudo btrfs subvolume create /mnt/data/@home3$ sudo btrfs subvolume snapshot /mnt/data /mnt/data/snap_$(date +%F)4$ sudo btrfs filesystem df /mnt/data1$ sudo smartctl -a /dev/sda # full SMART report2$ sudo smartctl -t short /dev/sda # run short test3$ sudo smartctl -H /dev/sda # quick health check1$ nmcli con mod "Wired connection 1" \2 ipv4.addresses 192.168.1.100/24 \3 ipv4.gateway 192.168.1.1 \4 ipv4.dns "8.8.8.8 8.8.4.4" \5 ipv4.method manual6$ nmcli con up "Wired connection 1"1$ sudo modprobe bonding2$ nmcli con add type bond ifname bond0 bond.options "mode=active-backup"3$ nmcli con add type ethernet ifname eth0 master bond04$ nmcli con add type ethernet ifname eth1 master bond01$ nmcli con add type bridge ifname br02$ nmcli con add type ethernet ifname eth0 master br03$ nmcli con mod br0 bridge.stp no4$ nmcli con up br01$ sudo modprobe 8021q2$ ip link add link eth0 name eth0.100 type vlan id 1003$ ip addr add 192.168.100.1/24 dev eth0.1004$ ip link set eth0.100 up1hosts: files dns myhostname2
3$ getent hosts www.example.com1$ tar czf backup.tar.gz /etc /home2$ rsync -avz --delete /data/ backup@server:/backup/3$ dd if=/dev/sda of=/backup/sda.img bs=4M status=progress1# m h dom mon dow command20 2 * * * /usr/local/bin/backup.sh3*/5 * * * * /usr/bin/check_disk.sh4
5$ crontab -e # edit user crontab6$ crontab -l # list crontab7$ sudo crontab -l -u root1# period delay job-id command21 5 daily /etc/cron.daily/37 10 weekly /etc/cron.weekly/1$ sudo systemctl enable --now named2$ named-checkconf /etc/named.conf3$ named-checkzone example.com /var/named/example.com.zone1@ IN SOA ns1.example.com. admin.example.com. (2 2024010101 ; Serial3 3600 ; Refresh4 900 ; Retry5 604800 ; Expire6 300 ) ; Minimum TTL1zone "example.com" {2 type master;3 file "/var/named/example.com.zone";4 allow-transfer { 192.168.1.2; };5};1$ dig example.com A2$ dig example.com MX3$ dig @8.8.8.8 example.com # query specific server4$ dig +trace example.com # full resolution chain5$ dig -x 8.8.8.8 # reverse lookup1$ sudo apachectl configtest2$ sudo apachectl graceful # reload without dropping connections3$ sudo apachectl -M # list loaded modules1<VirtualHost *:80>2 ServerName www.example.com3 ServerAlias example.com4 DocumentRoot /var/www/example5 ErrorLog ${APACHE_LOG_DIR}/example_error.log6</VirtualHost>1server {2 listen 80;3 server_name example.com www.example.com;4 root /var/www/example;5 index index.html;6
7 location / {8 try_files $uri $uri/ =404;9 }10}1server {2 listen 80;3 server_name api.example.com;4
5 location / {6 proxy_pass http://127.0.0.1:3000;7 proxy_set_header Host $host;8 proxy_set_header X-Real-IP $remote_addr;9 }10}1$ sudo certbot --nginx -d example.com -d www.example.com2$ sudo certbot renew --dry-run1[shared]2 path = /srv/samba/shared3 writable = yes4 valid users = @sambausers5$ sudo testparm # validate config6$ sudo systemctl restart smbd nmbd1anonymous_enable=NO2local_enable=YES3write_enable=YES4chroot_local_user=YES5ssl_enable=YES1subnet 192.168.1.0 netmask 255.255.255.0 {2 range 192.168.1.100 192.168.1.200;3 option routers 192.168.1.1;4 option domain-name-servers 8.8.8.8;5 default-lease-time 86400;6}1auth required pam_unix.so2account required pam_nologin.so3session required pam_limits.so1$ sudo authconfig --enableldap --enableldapauth \2 --ldapserver=ldap://ldap.example.com \3 --ldapbasedn="dc=example,dc=com" --update1$ sudo postconf myhostname2$ sudo postconf -e "relayhost=[smtp.gmail.com]:587"3$ sudo postfix check4$ sudo postqueue -p # view mail queue1$ sudo iptables -L -n -v # list rules2$ sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT3$ sudo iptables -A INPUT -j DROP # default deny4$ sudo iptables-save > /etc/iptables/rules.v41$ sudo nft list ruleset2$ sudo nft add rule inet filter input tcp dport 22 accept1$ sudo firewall-cmd --list-all2$ sudo firewall-cmd --permanent --add-service=https3$ sudo firewall-cmd --permanent --add-port=8080/tcp4$ sudo firewall-cmd --reload1[sshd]2enabled = true3maxretry = 54bantime = 36005findtime = 6006
7$ sudo fail2ban-client status sshd1[Interface]2PrivateKey = <server_private_key>3Address = 10.0.0.1/244ListenPort = 518205
6[Peer]7PublicKey = <client_public_key>8AllowedIPs = 10.0.0.2/329
10$ sudo wg-quick up wg01$ getenforce # show mode2$ sudo setenforce 0 # set permissive (temp)3$ sudo setenforce 1 # set enforcing (temp)4# Persistent: edit /etc/selinux/config5$ ausearch -m AVC -ts recent # view denials1$ sudo aa-status # show profile status2$ sudo aa-complain /usr/sbin/nginx # complain mode3$ sudo aa-enforce /usr/sbin/nginx # enforce mode1# /etc/sudoers (edit with visudo)2%wheel ALL=(ALL:ALL) ALL3mohammad ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginx4Defaults logfile="/var/log/sudo.log"5Defaults requiretty1$ sudo lastb | head -20 # failed logins2$ sudo last | head -20 # successful logins3$ sudo grep "Failed password" /var/log/auth.log1$ sudo auditctl -w /etc/passwd -p wa -k passwd_changes2$ sudo ausearch -k passwd_changes3$ sudo aureport --auth # authentication report4$ sudo aureport --failed # failed events1# Generate private key and self-signed cert (valid 365 days)2$ openssl req -x509 -nodes -days 365 \3 -newkey rsa:4096 \4 -keyout /etc/ssl/private/server.key \5 -out /etc/ssl/certs/server.crt \6 -subj "/CN=example.com/O=MyOrg/C=JO"7
8# Verify certificate9$ openssl x509 -in server.crt -text -noout