linux
#define linux: \
I--------------------------------------------------------------------\
I--------------------------------------------------------------------\
I--------------------------------------------------------------------\
I /$$ /$$ \
I | $$ |__/ \
I | $$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$ \
I | $$ | $$| $$__ $$| $$ | $$| $$ /$$/ \
I | $$ | $$| $$ \ $$| $$ | $$ \ $$$$/ \
I | $$ | $$| $$ | $$| $$ | $$ >$$ $$ \
I | $$$$$$$$| $$| $$ | $$| $$$$$$/ /$$/\ $$ \
I |________/|__/|__/ |__/ \______/ |__/ \__/ (linux) \
I--------------------------------------------------------------------\
I--------------------------------------------------------------------\
I--------------------------------------------------------------------I
• "I’d just like to interject for a moment. What I'm referring to as Linux, \
is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus \
Linux. Linux is not an operating system per se, but rather another free \
component of a fully functioning GNU system made useful by the GNU corelibs, \
shell utilities and vital system components comprising a full OS as defined \
by POSIX. Many computer users run a modified version of the GNU system every \
day, without realizing it. Through a peculiar turn of events, the version of \
GNU which is widely used today is often called Linux, and many of its users are \
not aware that it is basically the GNU system, developed by the GNU Project. \
There really is a Linux, and these people are using it, but it is just a \
part of the system they use. Linux is the kernel: the program in the system \
that allocates the machine’s resources to the other programs that you run. \
The kernel is an essential part of an operating system, but useless by itself; \
it can only function in the context of a complete operating system. Linux is \
normally used in combination with the GNU operating system: the whole system \
is basically GNU with Linux added, or GNU/Linux. All the so-called Linux \
distributions are really distributions of GNU/Linux! "
• Counter point: long live alpine; Total GNU Death
Tux: _nnnn_
dGGGGMMb
@p~qp~~qMb
M|@||@> M|
@,----.JM|
JS^\__/ qKL
dZP qKRb
dZP qKKb
fZP SMMb
HZM MMMM
FqM MMMM
__| ". |\dS"qML
| `. | `' \Zq
_| \.___.,| .'
\____ |MMMMMP| .'
`-' `--' hjm
• basic knowledge of what a commandline is is required; see AT "/Termdev"
# choosing your first distro (or just go with mint)
https://distrochooser.de/
# reasonably good Linux wiki
https://wiki.archlinux.org/title/Main_page
# best Linux wiki
https://wiki.gentoo.org/wiki/Main_Page
# your best shot at getting general-purpose Linux help
irc.libera.chat/6697 #linux
○ this section contains:
• kernel information
• Unix/Linux system theory
• convention description
• programs that are essential
for a usable system
○ this section doesnt contain:
• operating system theory
• non essential programs that
can run on Linux
(see those AT "/Programs/")
• Linux is the FOSS operating system lead by Linus Torvalds from 1991;
• the skills required to keep an open source project on track
for over 30 years are immense, making Linus legendary
• the most popular choice for servers
• popular choice for mobile since its a core component of Android
— the platform of choice for many developers:
• as it tends to have less friction than Windows
• and is the most well-supported unix-like OS
HELP: HELP:
"Documentation/"
https://github.com/agvxov/bashtutor
[command] -h|--help : show a programs own help message; might not work
man <thing> : see AT "Documentation/man"
info <thing> : see AT "Documentation/info"
FILE_SYSTEM: FILE_SYSTEM:
• uses Ext 4 nowadays (see AT "/File Systems/Ext")
• hierarchical
• called a file tree
○ composed of:
— files
• file names shall not (but can) contain spaces (i wish everyone would obey that rule, including myself)
• file names shall not (but can) contain endlines
• folders
• links
• file pointers really
○ special links:
. : the current working directory
.. : the current working directories parent directory ("../.." is also valid)
— : the previous working directory
~([user]) : [user]s home directory; [user] defaults to the user calling the command
• '/' is the root directory, meaning every other directory and file are under this directory;
the root is a parent of all other things on the filesystem and a child of none
— tho theoretically the root directory should be the absolute root and the end of the filesystem
{ $ cd /
$ cd $PWD/..
}
or
{ $ cd
}
leads to an interesting result, namely opening "//", which so it seems is the parent of '/'
however
{ $ cd
$ cd $PWD/..
}
lands one at '/'
• "//" behaves exactly as '/' as far as its know{, meaning "/var" and "//var"
are the same directories}
• it is rumored that one can somehow go up as high as 125 '/'s
• using "//" may or may not result in your mother dying in her sleep
○ conventional contents of the root directory ('/')
• the contents of /proc/sys/ is not list-ed here for the sake of my sanity,
however they are documented AT ../Kernel/Variables
/bin/ : binaries
/boot/ : system start up files
/dev/ : devices
├── disk/ : folder containing storage devices
├── full : a virtual device which upon writing always returns ENOSPC and upon reading infinite NULL bytes;
│ exists for program testing purposes
├── null : a virtual device which is used for discarding data by writing to it { notroot@arch$ grep -r my_file -- / 2> /dev/null }
├── mem : a virtual device which can be read to access RAM contents
├── random : a virtual device which serves as a pseudo-random number generator
├── stderr
├── stdin
├── stdout
├── zero : a virtual device that returns an arbitrary number of NULL bytes
└── snd/ : folder containing sound devices
/etc/ : "Everything To Configure"; does root from "ET Cetera" tho
├── fstab : read at boot to decide which filesystems are essential to mount; dee details BELOW
├── protocols : describes internet protocols available from the TCP/IP subsystem
│ everything inside is specified by IANA; DO NOT EDIT
│ syntax: [protocol] [id_number] ([aliases])
├── os-release : basic OS (Distro) information
└── resolve.conf : configuration file for the (hostname) resolver; see details AT /Linux/Networking
/home/ : hub of the users personal directories
/lib/ : libraries
/media/ : where storage devices are automatically mounted
/mnt/ : where storage devices are (meant to be) manually mounted
/opt/ : where builds (should) land
/proc/ : process informations
├── cmdline : arguments passed to the kernel on boot
├── cpuinfo : CPU information
├── devices : list of all connected devices
├── filesystems: list of all supported filesystems by the kernel
├── dma : "Direct Memory Access"
├── loadavg : average CPU usage (last_minute, last_5_minutes, last_10_minutes, mun_of_processes)
├── uptime : system up time and time spent idle
├── meminfo : memory and memory usage data
└── ${PID} : directory specific to a (running) process; for detailed contents of such a directory see AT "../Processes/PID_folder"
/root/ : home directory of the superuser
/run/ : system processes store temporary data here
/sbin/ : superuser bin
/usr/ : either chaos or aliased directories
/srv/ : data for servers
/sys/ : system information and config
/tmp/ : temporary file
/var/ : variable; files whichs sizes are subject to change (databases, sites, etc.)
Fstab:
• /etc/fstab
• plain text config file
• declares what filesystems should be mounted upon boot
• comment by starting the file with a '#'
• each line is an entry
fstab(5)
Entry:
• every entry describes one mount
• separated by any amounts of whitespace
— each entry has 6 fields:
| UUID | Mnt point | Filesystem | Options | Backup | Checker |
| :---------: | :---------: | :----------: | :-------: | :------: | :-------: |
| UUID=[UUID] | [folder] | <typename> | [options] | <int> | <int> |
UUID:
• unquoted
• get "blkid" (see ABOVE) to get
Mnt_point:
• mount point
• what folder shall the filesystem correspond to
Options:
[option](,[option]([...]))
• column separated list of keywords
○ [option]
ro : read only mode
rw : read/write enabled
exec : allow binary execution
noexec : forbid binary execution
owner : allow only device owner to mount
group : allow device owners group members to mount
user : allow all users to mount
suid : respect seuid and setid bits
nofail : do not report errors for this device if it doesnt exists
noauto : do not mount at "mount -a" (boot time) (see ABOVE)
auto : do not use noauto feature (see ABOVE)
async : I/O operations should be asyncronious
sync : I/O operations should be syncronious (which in flash drives may cause cycle shortening)
noatime : never update inode access times (and gain speed by doing so)
atime : do not use noatime feature (see ABOVE)
nodiratime : never update folder inode access times
dev : interpret character or block special devices on the filesystem
nodev : do not use dev feature (see ABOVE)
defaults : rw,suid,dev,exec,auto,nouser,async
Backup:
• used by dump back up utilities
0 : should not be backed up (use this if you dont use dump back ups)
1 : should be backed up
Checker:
• specifies the order by which fsck will check the systems
• non 0 value specify a hierarchical order, however multiple file systems can have the same rank
• checking should always start at '/' (root)
0 : should not be checked
1 : first to be check (should always be '/' and nothing else )
2 : second to be checked (any data system but root normally should have this value)
[n] : [n]th to be checked
{ UUID=5bnafbc9-1069-49fe-a245-cf9cbcc4e96d / ext4 rw,relatime 0 1 }
Disk_management: Disk_management:
mount [partition] [path] : mounts [partition] to [path]
• prints devices information when ran without arguments
— r : read only
— a : perform mount operations as described in /etc/fstab (see BELOW);
ran at each boot time
umount [device] : unmounts [device]
lsblk : lists (mounted) block devices
blkid ([blk]) : prints information about all block devices (drives) or just about [blk], if specified
df [options] [file] : shows information about filesystems
— h : use human readable output format
du [options] [folder] : displays disk space usage recursively
— h : use human readable output format
— d <int> : sets <int> as the maximum dept of recursion
fsck [option] [device] : checks and/or repairs filesystems
ntfsfix [partition] : attempts to fix common ntfs file system problems on [partition]
smartctl [options] : manages drive SMART ("Self-Monitoring Analysis and Reporting Technology") (see AT "/Hardware/?!")
— i [blk] : prints basic information (such as SMART support and whether its turned on) on [blk]
— s [on || off] [blk]: turns smart on/off on [blk]
— a [blk] : prints analysis
○ output
○ Vendor Specific SMART Attributes with Thresholds:
• dont get scared by the output, it doesnt mean what you first think it does
VALUE : a value signaling the current condition of the drive; either an arbitrary value {temperature}
or a statistic in percentage, normalized to 200 (its up to the manufacturer)
WORST : a value signaling the worst condition of the drive; see ABOVE
THRESH : the value which the manufacturer specified is the border of normal functioning
TYPE : what it means if VALUE is lesser or equal to THRESH
• if VALUE is lesser or equal to TRESH your drive is in trouble
— t [test] [blk] : initiates test on device [blk]; the test runs in the background
short : ~2 mins
long : ~160-240 mins
— l [...] [blk] : lists information on [...]
. selftest : information of tests (initated with -t; see ABOVE)
○ output
. LifeTime : the amount of time the drive has run (NOT its life expectancy)
badblocks [options] [device] : searches for bad blocks on [device]
### Formating under Linux ###
1. Making a partition table
fdisk : modifies filesystems
cfdisk : pseudo graphical version of fdisk; recommended
2. Creating a filesystem
mkfs.<filesystem> <partition>
btf
btrfs
cranfs
ext2
ext3
ext4
fat
minix
msdos
ntfs
vfat
xfs
#
### Making bootable USBs on Linux ###
1. Download a bootable .iso image
2. Format the drive with a filesystem that is compatible with your image
(should be stated on the download site; FAT is always a safe bet however)
3. Copy the image to the drive
• do not copy to a partition, copy to the device
cp <image> <device>
#
### Renaming partitions under Linux (cmd table) ###
• ie. giving the partition a new "label"
• the following commands all rename a specific kind of partition of a device to <name>
swaplabel -L "<name>" <partition> : swap
e2label <partition> "<name>" : ext2, ext3 or ext4
btrfs filesystem label <partition> "<name>" : btrfs
jfs_tune -L "<name>" <partition> : jfs
xfs_admin -L "<name>" <partition> : xfs
mlabel -i <partition> ::"<name>" : fat or vfat
exfatlabel <partition> "<name>" : exfat
ntfslabel <partition> "<name>" : ntfs
#
SWAP:
• virtual RAM created from disk
• often labeled "useless" on modern systems, but could save the system a few crashes
• does wonders to single board computers
BOOT: BOOT:
"/Linux/File\ System/fstab"
Parameters:
bootparam(7)
kernel-command-len(7)
• passed at boot time
• a boot loader is requited (BIOS wont suffice)
debug : hand kernel messages to logger daemon
init=[path] : execute [path] when done booting; default-s to: /sbin/init /etc/init /bin/init /bin/sh
root=[dev] : device to mount as root filesystem
rootwait : wait for the root filesystem indefinitely to show up
rootdelay=<int> : wait for the root filesystem for <int> seconds to show up
Files:
/boot/cmdline.txt : specifies parameters to be passed to the kernel on boot; only conventional
/proc/cmdline : list of parameters the currently loaded kernel booted with
Initramfs:
• successor of initrd
• a "dummy" kernel which loads the actual kernel
• used for setting up XXX-s the actual kernel needs {mounting / (its not trivial if its located on a network or encrypted)}
SHUTTING_DOWN: SHUTTING_DOWN:
shutdown [options] [time]
now : do not wait
— H : halt
— P : poweroff
— r : reboot
— c : cancel pending shutdown
LOGGING: LOGGING:
dmesg(1)
• there are 8 loglevels; 0 to 7
• the smaller the loglevel the more important the message is
• each message has a loglevel associated with it
• the kernel has a set loglevel which acts as a filter to what messages to log
• if a messages loglevel is over (as in it is a higher num) than the kernels set loglevel, it is ignored
○ log levels by name
0 KERN_EMERG
1 KERN_ALERT
2 KERN_CRIT
3 KERN_ERR
4 KERN_WARNING
5 KERN_NOTICE
6 KERN_INFO
7 KERN_DEBUG
Files:
/proc/sys/kernel/printk : contains 4 log level values
| console loglevel | default message loglevel | minimum loglevel | default loglevel |
| int-1 | int-2 | int-3 | int-4 |
{
| 0 | 4 | 1 | 7 |
}
console loglevel: currently set log level
default message loglevel: if a message doesnt have log level specified then apply this one to it
minimum loglevel: the loglevel cannot be set bellow this value; hardcoded 1, ie. KERN_EMERG will always show
default loglevel: loglevel applied during boot time
SYSTEM_TIME: SYSTEM_TIME:
• a wrong system time may cause various problems with many apps,
since modern secure authentication often requires accurate timestamps
Hardware_clock:
• independent of Linux
• always ticks, even when the system is powered off
• has a tendency stray from real time
hwclock [options] : interacts with the hardware clock
--show : display time kept by it
--systohc : sync hardware clock to system clock
System_clock:
• kept by the Linux kernel
• upon start up the value of the hardware clock is read, copied,
but after wards the system clock runs independently
timedatectl [options] [command] : interacts with the system clock
[command]:
status : print settings (including current time)
set-date [date] : manually sets date; [date] is given in the format of "yyyy-MM-dd hh:mm:ss"
{ timedatectl set-time "2022-04-08 22:18:30" }
KERNEl: KERNEl:
• kernel module-s have the ".ko" (Kernel Object) extension
. lsmod : lists loaded kernel modules
modinfo [module] : display information about [module]
modprobe [options] [module] : add and remove kernel modules
--remove : remove
--force : force
— n : dry-run; do not execute, just print
sysctl [options] ([variable]=[value]) : read/write and configure kernel parameters at runtime
--ingore : ignore errors
--quiet : do not echo variable set
— p : Load sysctl settings from the file specified or /etc/sysctl.conf if none is
— w : all arguments prescribe a variable to set
dmesg : prints or manipulates the kernel ring buffer
Variables:
• variables corresponding files at /proc/sys/
• these files contain nothing, but a value
• to find the correct path to a variable, one must replace all '.'-s with '/'-s
{ kernel.randomize_va_space -> /proc/sys/kernel/randomize_va_space }
○
kernel.randomize_va_space : int; turns ASLR on/off
0 - no randomization
1 - shared libraries, stack, mmap(), VDSO and heap are randomized
2 - brk() is also randomized
net.core.dev_weight : int number of packets that the kernel can handle on a NAPI interrupt; default 64
net.core.netdev_max_backlog : int; maximum number of packets, that can be queue-d on the INPUT side
net.core.somaxconn : int; number of incoming connections?; ?!
net.core.optmem_max : maximum ancillary buffer size allowed per socket
net.core.rmem_max : int; maximum receive socket buffer size
net.core.wmem_max : int; maximum send socket buffer size
net.ipv4.tcp_ecn : int; controls TCP ECN
0 - disable
1 - accept incoming connections with ECN and request it on outgoing ones
2 - accept incoming connections with ECN, but never request it
net.ipv4.tcp_window_scaling : enable window scaling as defined in RFC1323; ?!
net.ipv4.tcp_orphan_retries : ?!
net.ipv4.tcp_max_tw_buckets : maximal number of timewait sockets held by system simultaneously;
exists solely to prevent simple DOS attacks; the higher the better
vm.drop_caches : int; Linux clears its caches depending its value;
upon writing to *this, the clearing is performed, the value is reset to 0
0 - default
1 - pagecaches
2 - slab objects
3 - pagecaches and slab objects
vm.min_free_kbytes : int; specifies the number of KB-s to be on special reserve
vm.oom_kill_allocating_tas : bool; if 0 (default), in out-of-memory situations the memory hog will be hunted down and killed;
if 1, the program triggering the out-of-memory will be killed
Building:
— common make targets:
make menuconfig
make
make install
make modules_install
PERMISSION: PERMISSION:
• the admin/most-powerful user is called root or superuser
• many programs will refuse to run under root,
while many others require root privileges
• all users have an id (UID)
• root's user id is always 0
• most systems number legitimate users from 1000 (inclusive),
and reserve everything below it for daemon users
System: System:
/etc/shadow
Users: Users:
Query: Query:
whoami : prints the user name associated with the current effective user ID
users : prints who is logged in
w : prints who is logged in \
who : prints who is logged in } they are not the same, tho only differ slightly
finger : prints who is logged in /
Modify: Modify:
adduser [options] [username] : user creation tool;
friend-lier than useradd;
interactive
Files:
/etc/
├── adduser.conf
└── /skel/ : default SKEL (skeleton) directory for user home creation
userdel [user] : deletes [user]
usermod [options] [user] : modify a user account
— a : append; used together with "-G"
— G [group] : overwrite [user]s groups with [group]
— d [path] : modify [user]s home directory to [path]
passwd [user] : changes password for [user]; will need sudo/singed in as [user];
Change:
• for security reasons, its commonly required to run a process as a specific user
• there are many programs that allow you to authenticate as a different user
sudo : default on most systems
doas : more minimalistic sudo replacement
run0 : systemd's sudo replacement (small adoption as of 2025)
Groups: Groups:
groups <user> : lists what groups <user> belongs to
groupadd <group-name> : creates a new group
Files: Files:
chown [user] [file] : changes owner of a file
chgrp [options] [group] [file] : changes group of file
chmod [options] [mode] [file] : change mod (grant [file] privileges)
options:
— R : give to all files in folder
— f : force
actions:
r : read
w : write
e : execute
mode:
octal:
owner group others
r w x r w x r w x
(4)(2)(1) (4)(2)(1) (4)(2)(1)
{
chmod -R 734 something.py
}
symbolic:
[mode] syntax == [references][operators][action]
references:
u : owner of the file
g : users who are part of files group
o : users who are nether u or g
a : all; everyone
operator:
+ : adds mode to specified classes
— : removes mode
= : exacts mode to specified classes
{
chmod u+x something.py
}
MANUVERING: MANUVERING:
pwd : "Print Working Directory"; outputs the current path
cd [directory name] : change directory
— : extends to previous directory
ls [options] [file||dir] : lists contents of directory
— a : list all files including hidden files starting with '.'
— F : postfix directories with a '/', executables with a '*' and links with an '@'
— i : list file's inode index number
— l : list with long format - show permissions
— r : list in reverse order
— R : list recursively the directory tree
— s : list file size
— S : sort by file size
— t : sort by time & date
— X : sort by extension name
— 1 : list every entry in a separate line
stat [options] [file||dir] : prints requested statistics of file; default: name, size, inode, access, access times
— L : deference (follow links)
--printf=[format] : specifies the formatting of the output
locate [options] <string>: searches for <string> in a file (no, not on the disk) which supposedly has all files and folders listed on
— c : count results
— i : case insensitive search
— n [num] : return a maximum of [num] results
— s : information about that file (with the list)
("sudo updatedb" will update the database (of files that locate uses))
/var/lib/mlocate/mlocate.db
find [path = ${PWD}] [options] : searches for files
— maxdepth <int> : specify max dept of folders to descend into
Condition:
— type [option] : match type
d : directory
f : regular file
— name <string> : match basic regex <string> in name
— iname <string> : same as ABOVE, but case insensitive
— regex <string> : match extended regex <string> in name
— iregex <string> : same as ABOVE, but case insensitive
Logic:
• can be used between 2 conditional options
— o : or
— a : and
Action:
— exec ({}) \;
grep [options] [pattern] [file] : "Global Regular Expression Print"
[options]:
— E : [pattern] is extended regular expression
— F : [pattern] is string
— G : [pattern] is basic regular expression
— P : [pattern] is Perl regular expression
— v : invert match; return non matching lines
— i : case insensitive match
— r : recursive
[file]: either a file or piped in data
• the grep utility has some variants which behave very similarly,
but are short hands for different purposes:
([arch])([specifier])grep
[specifier]
. e : "Extended regex"; equivalent to [grep] -E
. f : "File"; equivalent to [grep] -F
. p : "Process"
[arch]
• used for searching in compressed files {tar, zip} (ie. archives)
• all are supposedly equivalent
— Archive greps:
— list
grep
egrep
fgrep
pgrep
zgrep
lzegrep
lzfgrep
lzgrep
msggrep
pcre2grep
pcregrep
xzegrep
xzfgrep
xzgrep
zegrep
zfgrep
zipgrep
zstdgreprep
whereis [exec] : prints full path to executable (program) [exec]
FILE_MANAGING: FILE_MANAGING:
• see ls AT "/Linux/Maneuvering"
file [file] : determine file type, architecture, linking, etc.
touch [name] : makes file with [name]
mkdir [name] : makes directory with [name]
— p : creates parents too if they dont exist already
rmdir [name] : removes directory with [name]
cp [options] [name] [destination directory] : copies [name] to [destination directory]
— r : recursive copy (copies folder content's too)
--attributes-only : copies attributes; ie leaves files empty
--no-dereference : no not follow symlinks; highly useful when making backups
dd [operands] : copys a file, converting and formatting according to the operands
ibs=[N] : "Input Block Size"; specifies the number of bytes to read at a time
obs=[N] : "Output Block Size"; specifies the number of bytes to write at a time
bs=[N] : "Block Size"; overwrites the values of "ibs" and "obs"
count=[N] : copy [uint] input blocks
if=[file] : "Input File"; specifies that input shall be read from [file]
of=[file] : "Output File"; specifies that output shall be written to [file]
skip=[N] : start reading after [uint]*"ibs"
seek=[N] : start writing after [uint]*"obs"
oflag=[of] : specifies output flags
[N]:
[uint]([size = c])
[size]:
c : 1
w : 2
b : 512
kB : 1000
K : 1024
. KiB : K
MB : 1000*1000
M : 1024*1024
. MiB : M
. xM : M
GB : 1000*1000*1000
G : 1024*1024*1024
. MiB : M
TB : 1000*1000*1000*1000
T : 1024*1024*1024*1024
. TiB : T
PB : 1000*1000*1000*1000*1000
P : 1024*1024*1024*1024*1024
. PiB : P
EB : 1000*1000*1000*1000*1000*1000
E : 1024*1024*1024*1024*1024*1024
. EiB : E
ZB : 1000*1000*1000*1000*1000*1000*1000
Z : 1024*1024*1024*1024*1024*1024*1024
. ZiB : Z
YB : 1000*1000*1000*1000*1000*1000*1000*1000
Y : 1024*1024*1024*1024*1024*1024*1024*1024
. YiB : Y
[of]:
. append : append to output file
rm [options] [file] : removes [file]
— d : remove directories too
— r : remove recursively
— i : prompt before removal
— I : prompt before removal of more than 3 files
mv [name] [destination dirctory] : moves [name] (file/dir) to [destination directory]
xdg-open : opens a file or URL in the user's preferred application
{xdg-open [path].} opens [path] in folder manager
zip <file-output> <file>+ : zips <file>(-s) into [file-output]
— r : recursive
unzip [file] : unzips [file]
ln [options] [target] [link name] : creates links to files (soft or hard)
— s : soft link
— r : relative (soft link only)
lsof [options] : lists currently open files
— p [PID] : only list file held open by process [PID]
lsdf [options] : Linux specific replacement for lsof
— p [PID] : only list file held open by process [PID]
TEXT_FILES: TEXT_FILES:
cat [options] [file] : displays contents of file
— n : number lines
— b : number non-blank output lines
— T : display tabs as "^I"
— v : display non-printable chars
more : a pager program (outputs text in screen sized chucks)
Commands:
• entered while the program is running
• unsigned int $k = [current screen size]
[h] : display help page
(<int> = $k) + [SPACE] : display next <int> lines
(<int> = $k) + [z] : $k = <int> and display next $k lines
[RETURN] : display next line
(<int> = 1) + [s] : skip <int> lines and display $k lines
[=] : display current line number
[:f] : display file name and current line number
[/] && [regex] : searches for [regex]
[!] && [shell command] : execute [shell command] in a subshell
[v] : start up "/usr/bin/vi" at current line as a child process
[CTRL] + [l] : redraw screen
[.] : repeat previous command
[q] || [Q] || <interrupt> : exit
• if run on a directory { more ~/Desktop }, it gives the following error message
"magic failed"
less : improved "more"; a pager program(outputs text in screen sized chucks)
• less is more
Commands:
• entered while the program is running
• unsigned int $k = [current screen size]
[h] : open help file with more as a child process
(<int> = $k) + [SPACE] : display next <int> lines
(<int> = $k) + [z] : $k = <int> and display next $k lines
[RETURN] : display next line
[u] : moves up half a screen
[d] : moves down half a screen
[CTRL] + [l] || r : redraw screen
[s] && [FILE NAME] : save buffer to [file] (useful when less is run with a pipe)
[v] : start up $VISUAL or $EDITOR as a child process
[V] : print version number
[q] || [Q] || <interrupt> : exit
head [options] [file] : outputs first x (10 by default) lines of file
— n <int> : output <int> number of lines
— c <int> : output <int> number of bytes
— f : output appended data as the file grows
tail [options] [file] : outputs last x (10 by default) lines of file
— n <int> : output <int> number of lines
— c <int> : output <int> number of bytes
— f : output appended data as the file grows
an interesting hack is using head and tail together to display the <int>th line of some text:
{ ls -a | head -n 10 | tail -n 1 # display 10th file report }
which is smart, but useless if one knows sed
{ ls -a | sed -n "10p" # same as ABOVE}
fmt [options] [file] : format text
• attempts to format [file] in such a way to fulfill [options], but not
cut words in half
• prints resulted formatting to stdout
— w [num] : sets [num] as the maximum num of chars to display in a single line
— s : split only, do not fill short lines
#define sed\
I ___ _ \
I / __| ___ __| | \
I \__ \/ -_| _` | \
I |___/\___\__,_| I
sed [options] : "Stream EDitor" for filtering and transforming text
— n : quite; do not echo the whole input
— f [file] : read commands from script file
— i : edit files inplace (instead of printing to stdout)
• sed operates on the bases of commands to edit text, which
can be supplied on the command line or read from a file (ie. script)
Commands:
[addr][char][options] : basic sed command syntax
[addr]{[char][options][...]} : group syntax; all sed commands between the parentheses
will be applied to [addr]
[addr]:
• signals which lines the command shall be applied on
• default-s to all
<int> : a single <int>th line
<int-1>,<int-2> : a range from <int-1> till <int-2>
<regex> : all lines matching <regex>
{ sed "12,54d" input.txt # cats input.txt to stdout with lines 12-54 delete-d }
[char]:
a:
• "Append"
a <string> : appends <string> after a line, in a new line
b:
• "Brench"
b [label] : jumps to label (and continue-s execution from there)
• see labels AT ../Scripting
c:
• "Change"
c <string> : replaces the whole line with <string>
d:
• "Delete"
• delete-s [addr]
{ seq 5 | sed "3,4d"
1
2
5
}
f:
• "Filename"
F : prints the filename of the current input file
p:
• "Print"
• echos [addr] to stdout
s:
• "Subsitute"
s/[regex]/<string>/[flags] : replaces [regex] with <string>
[flags]:
g : all matches in the line
<int> : <int>th match (line wise)
p : print result
{ echo "my-lil-string" | sed "s/-/#/g"
my#lil#string
}
q:
• "Quit"
q<int> : quits with exit status <int>
w:
• "Write"
w [filename] : ?!
Exit_status:
0 : success
1 : invalid command
2 : some script files were unreadable and therefor skipped
4 : I/O error; aborted
• sed can quit with any int, if it was specified by a 'q' command
Scripting:
• sed scripts have ".sed" extension by convention
• all commands have to be separated by a new line or a ';' (except 'a', 'c', 'i')
• single line expressions can be split to multiple lines by appending a '\\'
#[...] : comments line
: [name] : creates label called [name]; ?!
xxd [options] [file] : print file contents in formatted or plain hex or binary
— b : print in binary
hexdump [options] [file] : display files in various formats; hex is the default
— c : display by chars; escape sequences included
expand [options] [file] : writes [file] to stdout with its tabs converted to spaces
— t=<int> : set number of spaces to expand tabs to; default is 8
sort [options] [file] : writes sorted contents of [file] to stdout; (do not redirect ('>' || ">>") to itself!)
— r : reverse sort
— n : sort by strings numeric value
wc : print newline, word, and byte counts; very useful with pipes
— c : print bytes \
— m : print characters } all are enabled by default; specifying one will disable the others
— l : print lines /
— w : print words
uniq [options] [file] : writes [file] to stdout with its adjacent lines merged
— s : report when two files are identical
— c : prefix lines with the number of occurrences (before the operation)
diff [file1] [file2] : searches for differences in the supplied files line by line
--side-by-side : output in columns
--suppress-common-lines : do not output lines which dont differ
vimdiff is superior for non-auto usage in every aspect
tee [options] [file] : copy stdin to file and stdout
• meant to be used with pipes
unix2dos [file] : converts windows (DOS) end of line chars to Linux (Unix) end of file chars
dos2unix [file] : converts Linux (Unix) end of line chars to windows (DOS) end of file chars
Editors:
ed : ancient command line based editor
ex : eds descendant; fullscreen
vi : vim's ancestor; the two are partially compatible (see BELOW)
vim : see AT /?!
vile : vim's underachieving half brother and the secret bastard of emacs
neovim : vim, from an alternative timeline, after a divorce with many addiction related personal problems
emacs : just forget about it; only its evil mode is not evil
PROCESSES: PROCESSES:
• all Linux processes have an id number assigned to them, the process id or PID
Signals: Signals:
• a way Linux communicates with processes
• SIG always stands for "SIGnal"
• is how it can be sent through a terminal
SIGABRT : "ABoRt signal"; requests process abortion
SIGALRM : "ALaRM signal"; sent when the time interval specified to alarm() expired
SIGBUS : "BUS error signal"; sent whenever memory request is impossible; alias of SIGUNUSED
SIGCHLD : "CHiLD terminated signal"; sent whenever a child process terminated
SIGCONT : "CONTinue signal"; requests execution continue-ation after SIGSTOP
SIGFPE : "Float-ing Point Exception signal"
SIGHUP : "Hang Up signal"; sent when the controlling terminal is closed
SIGILL : "ILLegal instrruction signal"; sent whenever the program executes an unknown or privileged instruction
SIGINT : "INTerupt signal"; user requested execution stop; Ctrl + c
SIGIO : "Input/Output is possible signal"
SIGIOT : "Input/Output Trap"; alias of SIGABRT
SIGKILL : "KILL signal"; forcefully terminates the program; cannot be intercepted or ignored
SIGLOST : "power LOST signal"; alias of SIGPWR
SIGPIPE : "PIPE signal"; sent when a process attempts to write to a pipe that doesnt have another process at the other end
SIGPOLL : "POLL signal"; see AT "/Hardware/Computer models"; alias of SIGIO
SIGPROF : "PROFiling alarm clock signal"; sent whenever a CPU usage timer, set by the process, expires
SIGPWR : "PoWeR lost signal"
SIGQUIT : "QUIT signal"; sent by the controlling terminal upon a core dump; Ctrl + \
SIGSEGV : "SEGmentation Violation signal"; sent upon segfault
SIGSTKFLT : "STacK Fault signal"; alias of SIGUNUSED
SIGSTOP : "STOP signal"; forces execution suspension; cannot be intercepted or ignored
SIGSYS : "SYStem signal"; alias of SIGUNUSED
SIGTERM : "TREMiantion signal"; requests termination
SIGTRAP : "TRAP signal"; sent by debuggers to initiate an execution break
SIGTSTOP : "Temprorary STop signal"; requests execution suspension; Ctrl + z
SIGTTIN : "TTy Input error signal"; sent whenever a process running on the background attempts to read stdin
SIGTTOU : "TTy OUtput error signal"; sent whenever a process running on the background attempts to write stdout
SIGUNUSED : "UNUSED signal signal"; sent whenever an unrecognized signal is sent; exists for platform compatibility reasons
SIGURG : "URGent signal"; sent whenever a socket has urgent data to read
SIGUSR1 : "USeR-defined signal 1"; custom
SIGUSR2 : "USeR-defined signal 2"; custom
SIGVTALRM : "Virtual ALaRM clock signal"
SIGWINCH : "WINdown CHange signal"; sent whenever the controlling window changes size
SIGXCPU : "eXeeded CPU usage signal"; sent whenever a process exceeds a certain allowed CPU usage duration, usually because malformed code
SIGXFSZ : "eXeeded File SiZe signal"; sent whenever a file exceeds the maximum allowed file size
PID_folder:
• virtual
○ ${PID}/
cwd : symlink to current working directory
ps [options] : report on current processes
— A : all processes
— u [user] : only processes owned by [user]
u : more information
• see lsof AT ("/Linux/File managing")
top : displays running processes; updated real-time
nice -n <int> [command] : affect process scheduling; from -20 to 19, the LOWER the number the MORE CPU time it gets
renice -n <int> -p [PID] : affect already running processes niceness; from -20 to 19, the LOWER the number the MORE CPU time it gets;
([PID] stands for process ID)
pstree : prints process tree
pgrep [pattern] : grep that returns pids
kill [options] : sends a signal to a specified process; the default is SIGTERM (see ABOVE)
— <int> [PID] ; <int> specifies the signal to process [PID]
— s <string> [PID] : <string> specifies a signal by name to process [PID]
— l : lists signals with their corresponding numbers
• SIGKILL is num 9
NETWORKING: NETWORKING:
Config_files: Config_files:
/etc/hostname : device name is read from this file on boot
/etc/resolv.conf : configuration file for the (hostname) resolver
Syntax:
search <string> : specifies what to try to auto-complate FQDN-s when no domain suffix is supplied;
only the last one is interpreted
nameserver [ip] : specifies a DNS server to be used;
a maximum of MAXNS (3) entries will be interpreted;
[ip] must be either a ipv4 address in dot notation or
a ipv6 address in either colon or dot notation
options [option]: controls internal resolver variables
debug : debug mode
ndots:<int> :
timeout:<int> : sets the amount of time the resolver will wait for a response from a name server
measured in seconds; default is 5
attempts:<int> : sets the amount of times the resolver will query before giving up;
default is 2
rotate : rather then always trying the first set name sever first, rotate their priority,
there by spreading query load
no-check-names : dont check hostnames for bad chars
inet6 :
ip6-bytesting :
ip6-dotint :
no-ip6-dotint :
ends0 :
single-request : dont perform ipv4 and ipv6 lookups simultaneously as some name servers cant handle that
single-request-reopen :
no-tld-querry :
use-vc : forces TCP for DNS resolution
no-reload : disables auto reloading of a changed config file
trust-ad :
Routing_subsystem: Routing_subsystem:
"../Programs/iptables"
• all packets go through it; no userspace applications can intercept it
• made up of tables containing chains containing firewall rules called verdicts
XXX XXX XXX XXX
XXX Network XXX
XXX XXX XXX XXX
+
|
v
+-------------+ +------------------+
|table: filter| <---+ | table: nat |
|chain: INPUT | | | chain: PREROUTING|
+-----+-------+ | +--------+---------+
| | |
v | v
[local process] | **************** +--------------+
| +---------+ Routing decision +------> |table: filter |
v **************** |chain: FORWARD|
**************** +------+-------+
Routing decision |
**************** |
| |
v **************** |
+-------------+ +------> Routing decision <---------------+
|table: nat | | ****************
|chain: OUTPUT| | +
+-----+-------+ | |
| | v
v | +-------------------+
+--------------+ | | table: nat |
|table: filter | +----+ | chain: POSTROUTING|
|chain: OUTPUT | +---------+---------+
+--------------+ |
v
XXX XXX XXX XXX
XXX Network XXX
XXX XXX XXX XXX
Tables:
• conceptionally connected collections of chains
• each table has their own, differing set of chains
filter : used for most firewall purposes; default on CLI
○ chains
INPUT : packets destined to local sockets
FORWARD : packets being routed through the box
OUTPUT : locally-generated packets
nat : used for network address translation (port forwarding)
○ chains
PREROUTING : for altering packets as soon as they come in
INPUT : for altering packets to local sockets
OUTPUT : for altering locally-generated packets
POSTROUTING : fpr altering packets as they are about to go out
mangle : used for specialized packet alteration
○ chains
PREROUTING
INPUT
FORWARD
OUTPUT
POSTROUTING
raw : used for configuring packets so that they are exempt from connection tracking
○ chains
PREROUTING
OUTPUT
security: used for Mandatory Access Control
○ chains
INPUT
FORWARD
OUTPUT
Chains:
• can be user defined
• named lists of rules
• chains of the same table are not necessary (and most often are not) eval-ed sequentially
• the default policy is RETURN
Verdicts:
• verdicts are rules to determine a packets fate
○ builtin
ACCEPT : the packet wont be matched against any more rules in any of the chains of *this(!) table
DROP : the packet is discarded
REJECT : an ICMP error is returned then the packet is discarded
QUEUE : pass the packet to userspace ?!
RETURN : stop executing the current chain, continue the execution otherwise normally
LOG : the packet will get logged before execution continues normally
having a log chain instead of repeatedly marking LOG as a target is preferable
File:
/var/log/messages : packets receiving a LOG verdict are logged in this file
Programs: Programs:
Iptables: Iptables:
• user space program for controlling the Linux kernels routing subsystem
iptables/ip6tables [options] : administration tool for IPv4/IPv6 packet filtering and NAT
• local processes start at [local processes];
tables "raw", "mangle" and "security" are missing since they are rarely used
○ [address]
• either an ip(/mask) or a host name
• specifying a hostname of whichs look up requires a remote query is a "bad idea"
○ [states]
NEW : first packet of a connection
ESTABLISHED : not the first packet of a connection
RELATED : a packet of a connection spawned by an ESTABLISHED connection
INVALID : packet that cannot be identified
○ [options]
— L : list all current rules
--line-numbers : display line numbers on output
— t [table] : specifies table to operate on (see BELOW); filter is the default
— Z : zero *this tables packet counter
— A [chain] : append *this rule to chain [chain]
— I [chain] <int> : insert *this rule to chain [chain] at position <int>
— D [chain] <int> : deletes <int>th rule from [chain]
— D [chain] [...] : deletes rule matching [...] from [chain]
— F [chain] : flush; deletes all rules from [chain]
— N <string> : creates a new chain called <string>
— p [protocol] : specifies protocol used (all protocol names from /etc/protocols are allowed)
— s [address] : specifies source address
— d [address] : specifies destination address
— j [target] : jump to [target]
— m [extension] : specifies extension module to be used
○ [extension]
• can be listed with "iptables-extentions" (see BELOW)
• makes variable extra options available, resulting in the following syntax:
iptables [options] -m [extras] ([...])
Standard_extentions:
owner:
• operates on packet creator for locally generated packets
• only valid in OUTPUT and POSTROUTING chains
[extras]:
--uid-owner [username||user_id] : matches user
--gid-owner [groupname||group_id] : matches group
--suppl-groups : causes groups specified to be matched in the supplementary groups of a process
--socket-exists : match if the packet is associated with a socket
Files:
/etc/iptables/
├── empty.rules
├── ip6tables.rules
├── iptables.rules : configuration file that is loaded on first start up
└── simple_firewall.rules
/etc/sysconfig/iptables : system-wide admin created configuration file
Config:
• no variables and such
#[...] : leaves a comment
syntax:
*[table]
:[chain] [target] [[packet_counter]:[byte_counter]]
[RULE]
([...])
COMMIT
([...])
[RULE]:
• normal iptables rules with the "iptables" chopped off from the front
• since rules are ordered as is "-A" will be used almost always, as that
is by definition the current position
iptables-extentions : lists available extension modules
iptables-save [options] : saves iptables rules in a iptables script format
— c : include byte and packet counters; zerod by default
— t [table] : specifies table to save; by default all are saved
— f [file] : specifies output file
iptables-restore [options] [file] : runs iptables script
arp : Address Resolution Protocol
— a : list all devices (ip, mac) on the connected networks
ip [options] <object> : shows and or manipulates routing, network devices, interfaces and tunnels
— s : statistics
<object> [<verb>]
a(ddress) : lists interfaces and their statuses
[filter]
<interface>
l(ink)
<verb>
link [up|down]
[filter]
dev <interface>
route
neighbor
common verbs:
s(how) [filter] : print relevant information; default
ifconfig : ==ipconfig
nslookup [website] :
ss : shows open ports on the localhost
netstat : shows open ports on the localhost
— a
route :
ping [options] [destination] : send ICMP ECHO_REQUESTS to network host; networking debugging tool
— c <int> : stop after <int> requests
Errors:
Name or service not known : DNS resolution failed
Destination Net Unreachable : destination is either nonexistent, offline or refuses to respond
Request timed out : no response was received from the router in time
traceroute [options] [destination] : print the route packets trace to network host; networking debugging tool
'*'s in the output are servers who refuse to answer
networkmanager : service responsible for managing network connections
• networkmanager daemon
{ systemctl start NetworkManager }
Files:
/etc/NetworkManager/
└── conf.d/
(└── 90-dns-none.conf ) : file specifying that /etc/resolve.conf shall not be overwritten
because the admin would like to config by hand
{ [main]
dns=none
}
curl [options] [url] : tool to transfer data from or to a server (outputs the whole website)
(please specify the protocol in url {https})
— X [method] : sends [method] request
— d <string> : sends the specified data in a POST request to the HTTP server
— H [file||string] : passes custom header information
— b [file||string] : sends cookie data from [file||string]
— c [path] : specifies file to save cookies to
— L : follow redirects
Download_relevant:
--parallel : send requests simultaneously
— O : download into [file] with default name (specified by the server)
— o [file] : download into output [file]
--connect-timeout [seconds] : Maximum time allowed for connection
wget [options] [url] : non-interactive network downloader
— O [file] : save output as [file]
— i [file] : download all pages listed in [file] (plain text file)
— p : download with prerequisites too (*.css, *.js)
— k : convert link to local relative
— r : recursive
--level=<int> : dont go deeper than <int> layers
— np : no parent; do not save upwards (as sometimes a site will link upwards),
when recursively downloading
— nc : no clobber; do not re-download files already saved
--random-wait : wait random integrals so [url] may not ban you for extensive, obviously auto bandwidth usage
--restrict-file-names=<string> : do not use chars specified by <string> in file names, rather replace them
○ <string>
• options are comma-separated
unix : escape: '/', control chars 0-31 128-159
windows : escape: '\\', '|', '/', '"', '*', '<', '>'; '?' -> '@'; ':' -> '+'
nocontrol
ascii
lowercase
uppercase
Command_to_archive_site:
\wget --verbose --show-progress --restrict-file-names=windows --recursive --no-parent --convert-links --page-requisites --no-clobber --continue -e robots=off <link>
DEVICES: DEVICES:
Printers:
cup:
• a standards-based, open source printing system
systemctl start cups
lp [options] [file] : printing utility
Scanners:
sane:
• "Scanner Access Now Easy"
GNOME Document Scanner : sane front end; based
MISC:
which [program] : returns where [program] is located
neofetch : shows Linux system information with distribution logo
echo [options] <string> : "echos" (prints) <string> appropriate of [options]
— n : do not print trailing new line
— e : enable escape sequence interpretation
— E : disable escape sequence interpretation; default
printf <string> : prints formatted string; as far as i can tell it is literally the C printf without "()"-s
date : prints current date and time
cal : prints a calendar
— n [num] : show [num] months starting from the current one
— y : show the whole current year
sleep [number][sufix] : wait (||sleep) for [number] of [sufix]-es; [number] may be an <int> or [float]
sufixes:
s : seconds (default)
m : minutes
h : hours
d : days
time [command] : outputs how much time [command] took to execute
— print : print the timing summary in the portable Posix format
shuf : shuffle input
— n <int> : return the first <int> elements
--random-source=[file] : collects bytes from [file] to improve the pseudo randomness
xargs [options] [commad] : runs [command] with everything it gets from a pipe
— i : allows the input to be symbolized as "\"{}\""; { locate asd | xargs -i cat "{}" }
— d [char] : use [char] as custom delimiter
tty : display terminal path
stty [options] : display terminal information
--all
xclip [options] : clipboard
[pipe] : save output of other command to xclip
— o : print to stdout
od : dump files in octal and other formats
tput [...] : initialize or query terminal properties
colors : prints the number of colors supported by the terminal (emulator)
notify-send [options] [string1] [string2] : sends desktop notification;
[string1] is the title (and usually displayed accordingly);
[string2] is the main message
— u [urgency] : specifies urgency
low
normal
critical
— i [icon] : specifies icon
• icons are desktop icon-theme dependent
dirname <string> : prints path of the last (deepest) file or directory in <string>
basename <string> : prints file name of the last (deepest) file or directory in <string>; { /home/you/Desktop/your_file.txt -> your_file.txt }
tr [options] : translates, squeezes and or deletes chars from stdin
seq [options] [int1] [int2] : prints a sequence of numbers
uptime : prints logged in users and for how long has the season going on
hostname: prints the hostname
clear : clears terminal
SHELLS:
chsh [user] : change login shell of [user]
• command interpreter
Builtins:
• commands that are built into the shell { echo }
• any command could be a builtin
• builtins are faster then actual processes
• commands are checked against builtins before programs
○ common shells
• sh
• bash
• dash
• tcsh
• fish
• zsh
Login_files:
• in hierarchical order
/etc/profile : system wide
[shell specific files]
distros
#define distros
distributions
#define distributions::: (\
I------------------------------------\
I ____ _ _ \
I | \ (_) ___| |_ _ _ __ ___ \
I | |) || |(_-<| _|| '_|/ _ \(_-< \
I |___/ |_|/__/ \__||_| \___//__/ \
I \
I------------------------------------I
• a Linux distributions is no more then a (possible modified) Linux kernel
with some software already installed from which the most important is the
package manager and its preset repos
Table_of_default_credentials:
Alpine ¬
Kali toor
Mikrotik admin:¬
Debian: Debian:
_,met$$$$$gg.
,g$$$$$$$$$$$$$$$P.
,g$$P" """Y$$.".
,$$P' `$$$.
',$$P ,ggs. `$$b:
`d$$' ,$P"' $$$
$$P d$' $$P
$$: $$. ,d$$'
$$; Y$b._ _,d$P'
Y$$. `.`"Y$$$$P"'
`$$b "-.__
'Y$$
`Y$$.
`$$b.
`Y$$b.
`"Y$b._
`""""
• grandpa of most distros
• very stable (that is, the stable releases)
• ideal for servers
Ubuntu: Ubuntu:
.-/+oossssoo+/-.
`:+ssssssssssssssssss+:`
-+ssssssssssssssssssyyssss+-
.ossssssssssssssssssdMMMNysssso.
/ssssssssssshdmmNNmmyNMMMMhssssss/
+ssssssssshmydMMMMMMMNddddyssssssss+
/sssssssshNMMMyhhyyyyhmNMMMNhssssssss/
.ssssssssdMMMNhsssssssssshNMMMdssssssss.
+sssshhhyNMMNyssssssssssssyNMMMysssssss+
ossyNMMMNyMMhsssssssssssssshmmmhssssssso
ossyNMMMNyMMhsssssssssssssshmmmhssssssso
+sssshhhyNMMNyssssssssssssyNMMMysssssss+
.ssssssssdMMMNhsssssssssshNMMMdssssssss.
/sssssssshNMMMyhhyyyyhdNMMMNhssssssss/
+sssssssssdmydMMMMMMMMddddyssssssss+
/ssssssssssshdmNNNNmyNMMMMhssssss/
.ossssssssssssssssssdMMMNysssso.
-+sssssssssssssssssyyyssss+-
`:+ssssssssssssssssss+:`
.-/+oossssoo+/-.
• most used
• Debian based
• windows of linuxes
• botnet
Kali: Kali:
..,;:ccc,.
......''';lxO.
.....''''..........,:ld;
.';;;:::;,,.x,
..'''. 0Xxoc:,. ...
.... ,ONkc;,;cokOdc',.
. OMo ':ddo.
dMc :OO;
0M. .:o.
;Wd
;XO,
,d0Odlc;,..
..',;:cdOOd::,.
.:d;.':;.
'd, .'
;l ..
.o
c
.'
.
• Ubuntu/Debian based
• for Penetration testing
• pretty good
• ideal for beginners on desktop who want to become power users
Arch: Arch:
-`
.o+`
`ooo/
`+oooo:
`+oooooo:
-+oooooo+:
`/:-:++oooo+:
`/++++/+++++++:
`/++++++++++++++:
`/+++ooooooooooooo/`
./ooosssso++osssssso+`
.oossssso-````/ossssss+`
-osssssso. :ssssssso.
:osssssss/ osssso+++.
/ossssssss/ +ssssooo/-
`/ossssso+/:- -:/+osssso+-
`+sso+:-` `.-/+oso:
`++:. `-/+/
.` `/
• bare bones
• pretty good
• rolling realise
• Unstable as always
• for newbies its hard to set up
• ideal for desktop for intermediate users
Fuck_arch:
• the reasons while i slowly grew resentful of the distro
and also the people surrounding it
• systemd
• partial upgrades are trivial to perform and give no warning,
but can cause serious damage
— "pacman -S PACKAGE: error: could not determine cachedir mount point"
/var/cache/pacman/pkg
• this error is absolutely retarded and cryptic
— the attitude of the maintiner is bloodbloiling:
https://bugs.archlinux.org/task/46169
A: "I'd rather not explain how to fix a broken chroot in an error message.\
Suggesting that a user disable an important safety feature isn't really wise, either.\
For your own sake, perhaps you could use official installation scripts,\
rather than random things found on the wiki."
Q: "Why do you think the chroot is broken? [...]"
A: "But here you are using some \"hacked script\" you found rather than just\
\"pacstrap -d /path/to/chroot\" or \"arch-chroot /path/to/chroot\"."
Q: "I am afraid you still don't get the point.\
I have no pacstrap nor arch-chroot on my host system."
A: <no answer>
• he could have just pointed the guy towards how to get the magick script,
instead he choose to be an unuseful stuck up asshole;
a pattern really
— "==> ERROR: Running makepkg as root is not allowed as it can cause permanent,\
catastrophic damage to your system."
• remind me, am i root or are you?
• be sensible, warn and require a flag and or a timeout {like znc}
• vi(m) does not come with the core install; this is not alpine or gentoo
• yay cannot be installed through pacman, wasting the users time;
enforcing speudo-security and "good practices"
• /etc/sudoers came read-only?
• windows tier attitude towards power users
https://bbs.archlinux.org/viewtopic.php?id=237614
https://bbs.archlinux.org/viewtopic.php?id=237616
https://bbs.archlinux.org/viewtopic.php?id=270700
. ### Arch installation guide ###
+ this will leave you with a usable system
+ this guide assumes a cabled internet connection
+ the real redpill is that arch installation never ends
+ read all the way through before starting
1. In the BIOS enable UEFI/EFI and disable
secure booting
2. Boot into an installation pendrive
3. Load appropriate keyboard
localectl list-keymaps : returns [keymap]s
loadkeys [keymap] : sets [keymap] as new keymaps
4. Create sufficient partitions
• preferably dont fuck up this part
cfdisk
+---------------------------------------------------------------+
| Partitions to create |
+------------------+-----------+--------------------------------+
| type | size | command(s) to run on it |
+------------------+-----------+--------------------------------+
| EFI system | >550MB | mkfs.fat -F32 [this] |
| Linux swap | 2GB | mkswap [this] && swapon [this] |
| Linux filesystem | the rest | mkfs.ext4 && mount [this] /mnt |
+---------------------------------------------------------------+
• [this] stands for the created partition
5. Install linux
pacstrap /mnt base linux linux-firmware
6. Generate file system table
genfstab -U /mnt >> /mnt/etc/fstab
7. "login" as root of the new system
arch-chroot /mnt
8. Set basic system information
${EDITOR} /etc/hostname
• setting a hostname
• choose a host name and write it in the file
• this "hostname" is going to be the name of
the machine, visible to the users and on
the network
• commonly some permutation of the distros name
${EDITOR} /etc/hosts
○ insert:
127.0.0.1 localhost
::1 localhost
127.0.1.1 [hostname].localdomain [hostname]
${EDITOR} /etc/locale.gen
• setting a locale
• uncomment (delete the '#' from the begining
of the line) a line that suites you
• choose something starting with your
country code and containing "UTF-8"
locale-gen : generates locale
${EDITOR} /etc/locale.conf
○ insert:
LANG=[locale]
• [locale] is the line that got uncommented
in /etc/locale.gen
${EDITOR} /etc/vconsole.conf
• saving keyboard prefrence
○ insert:
KEYMAP=[keymap]
9. Update pacman databases
pacman -Syu
10. Install grub
• EFI booting must be enable for this step
• EFI booting can be enabled inside the system BIOS
pacman -S grub efibootmgr dosfstools os-prober mtools
mkdir /boot/EFI
mount [EFI_partition] /boot/EFI
• [EFI_partition] is most likely /dev/sda1
grub-install --target=x86_64-efi\
--bootloader-id=grub_uefi --recheck
• the target might be different for you, but
I bet it isnt
grub-mkconfig -o /boot/grub/grub.cfg
11. Secure internet connection
pacman -S networkmanager
systemctl enable NetworkManager
12. Make a new user
• [name] is your freely choosen username
useradd -m [name]
passwd [name]
— > enter choosen password
usermod -aG wheel,audio,video,optical,storage [name]
13. Install sudo
pacman -S sudo
visudo
— > uncomment (delete the '#' from the begining
of the line) the following lines:
%wheel ALL=(ALL) ALL
14. Install a desktop envirement (xfce4)
pacman -S xorg xfce4 xfce4-goodies lightdm lightdm-gtk-greeter
systemctl enable lightdm
15. Pray
16. Enjoy your new sense of superiority
• I use arch btw
#
Gentoo: Gentoo:
-/oyddmdhs+:.
-odNMMMMMMMMNNmhy+-`
-yNMMMMMMMMMMMNNNmmdhy+-
`omMMMMMMMMMMMMNmdmmmmddhhy/`
omMMMMMMMMMMMNhhyyyohmdddhhhdo`
.ydMMMMMMMMMMdhs++so/smdddhhhhdm+`
oyhdmNMMMMMMMNdyooydmddddhhhhyhNd.
:oyhhdNNMMMMMMMNNNmmdddhhhhhyymMh
.:+sydNMMMMMNNNmmmdddhhhhhhmMmy
/mMMMMMMNNNmmmdddhhhhhmMNhs:
`oNMMMMMMMNNNmmmddddhhdmMNhs+`
`sNMMMMMMMMNNNmmmdddddmNMmhs/.
/NMMMMMMMMNNNNmmmdddmNMNdso:`
+MMMMMMMNNNNNmmmmdmNMNdso/-
yMMNNNNNNNmmmmmNNMmhs+/-`
/hMMNNNNNNNNMNdhs++/-`
`/ohdmmddhys+++/:.`
`-//////:--.
irc.libera.chat:6697 #gentoo
• bare bones
• source based (ie. self compiled kernel and software)
• better than arch in terms of stability
• takes effort to set up properly even with routine
• the tooling around it is superb quality
• ideal for desktop for power users and supreme /g/entoomen
make && make modules_install && make install
init_system
#define init_system:: \
I---------------------------------------------------\
I ___ _ _ ___ _ \
I |_ _|_ _ (_) |_ / __|_ _ __| |_ ___ _ __ ___ \
I | || ' \| | _| \__ \ || (_-< _/ -_) ' \(_-< \
I |___|_||_|_|\__| |___/\_, /__/\__\___|_|_|_/__/ \
I |__/ \
I---------------------------------------------------I
• a program reliable for starting the system properly
• invoked at boot time
• runs a set of selected programs {networking, desktop manager} to ensure a usable system for the user
• a program which is meant to be ran by the init system is called a service
• services are most often daemons, but not necessary
--------
openrc: openrc:
--------
openrc
#define openrc
https://github.com/OpenRC/openrc/blob/master/service-script-guide.md
rc-service [options] [service] [verb]
[verb]
stop
start
restart
status
rc-status [option]
--servicelist : lists all installed service
--all : lists all serveces enabled
--list : lists all runlevels
rc-update [verb] [service] [runlevel]
• a single service service can be added to multiple runlevels
add : enables [service] to be ran at [runlevel]
del : disables [service] at [runlevel]; undoes a previous "add" command
---------
systemd: systemd:
---------
systemd
#define systemd
• growing cancer over Linux
• attempts to replace the operating system
• you have to sacrifice a goat and pray to Baal to run it in a chroot
• "everything is a unitfile"
• caches everything, bashing systems without persistent clocks in the process
• avoid if you can
systemctl [options] [command] : queries or sends control commands to the system manager
• [options] are written below [command] here
status : opens process tree in a pager
--no-pager : do not page
start [service] : starts [service]
restart [service] : restarts [service]
stop [service] : stops [service]
journalctl [options] : view service logs
— u [service]
#define PKG_manager:: \
I-----------------------------------------------------------------------\
I ______ _ _______ \
I | ___ \ | / / __ \ \
I | |_/ / |/ /| | \/ _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ \
I | __/| \| | __ | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '__| \
I | | | |\ \ |_\ \ | | | | | | (_| | | | | (_| | (_| | __/ | \
I \_| \_| \_/\____/ |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| \
I __/ | \
I |___/ \
I-----------------------------------------------------------------------I
https://michael.orlitzky.com/articles/motherfuckers_need_package_management.xhtml
— a program that is responsible for the following actions
on software packages and libraries:
• installing
• upgrading
• keeping a local catalog
• uninstalling
• resolving dependencies
• determining system compatibility
• people keep writing their own package managers,
but then they realize dependency resolving is hard,
then they claim "minimalism";
please stop writing package managers...
Common_pakage_managers:
apt -> Debian Linux based systems
apk -> Alpine based systems
rpm -> Redhat Linux based systems
portage -> Gentoo Linux based systems
pacman -> Arch Linux based systems
-----------
apt: apt:
-----------
dpkg : (
— i [file] : install [file]; (.deb)
— l : lists installed apps
apt([specifier]) [options] : invokes apt command
[specifier]:
— get : for installation; default
install [options] [package] : installs package
--only-upgrade : upgrades package only if its installed already
update : updates local database of packages
upgrade : updates all packages to the versions specified by the local database
— cache : for local package database
search <string> : search local database of packages for <string>
remove [package] : removes [package]
purge [package] : removes [package] and its config files
search <string> : searches for package
autoremove : removes automatically all unused packages
moo : (__)
(oo)
/------\/
/ | ||
* /\---/\
~~ ~~
..."Have you mooed today?"...
--------------
pacman: pacman:
--------------
makepkg [otions] : package build utility
— s : sync dependencies; install missing ones with pacman
— i : install
— c : clean up work files after build
— L : create log
pacman [operation] [options] (<string>)
• operations and options can be glued together under one hypen { -Qiv }
[operation]:
— D : database
— Q : query database of local packages
— R : remove
— S : sync database of online pacman packages
— T : test dependencies
— U : upgrade
— F : files
[options]:
• the letters at the start of the lines are indicators of which operations
the options are compatible with
• if the options mean different things in different contexts, the meanings are presented
in the same order as the letters at the start of the lines and separated with double ';'s
all -V : prints version and quits
all -h : prints help and quits
all -v : verbose
all -q : quite
all --color=<string> : sets output color; "never" color off; "always" color on;
"auto" color on when outputting to a terminal
all --noconfirm : bypass any "are you sure" messages
all --confirm : cancels previous --noconfirm
. --disable-download-timeout : disables timeouting
SQ -g ([group]) : lists all groups or all members of [group]
SQ -i ([package]) : prints informations of [package]
SQR -s ([regex]) : searches for regular expression (SQ);; recursive (remove dependences too if no other package uses them)
Q -m : lists foreign packages (the ones that are not in the sync database)
QR -n : lists native packages (the ones that are in the sync database);;
nosave; do not backup anything
SR -c : clean; remove no longer installed packages and old local package databases;;
cascade; forced recursive (remove dependencies too)
SR -u : system upgrade (upgrade all packages);; unneeded (no longer needed dependencies)
S -w : download only (do not update or install)
FS -y : forced update of all databases
. ### Troubleshooting ###
404 error on install : the local database of available packages is out-of-date; solve by specifing the "-y" flag (see ABOVE)
conflicting files : try "pacman -Sc" and reattempt; if it doesnt work delete the files manually, pray and reattempt
/var/lib/pacman : ?!
portage
#define portage
---------------
portage: portage:
---------------
• build around source based distribution (the client compiles)
• supports bin packages
— easy to make your own overlay (repository):
• can host it on a git server (or just about anything else)
• can host it over tor
• ebuilds are friendly to write and allow you seamlessly install your own obscure software
Files:
/etc/portage/
make.conf
/var/lib/portage/
world : list file of all explicitly installed packages
emerge [options] <action> : used for installing/uninstalling packages
--ask : detail what will be done and ask back
--fetchonly : download, but do not install
--keep-going=y : ignore as many errors as possible
--resume : when installing multiple packges, do not exit when one fails, if possible
--usepkgonly : install binary package or fail
<action>
<package> : installs [package] { emerge sys-boot/grub }
--sync : update package database
--unmerge [package] : uninstall [package]
--search <string> : searches for packages containing <string> in their names;
prepend <string> with '@' to perform a regex search
equery [options] <action> : used for getting information on installed packages
app-portage/gentoolkit
--help
<action>
list <string> : list all installed packages matching <string>;
string may contain '*'s as wildcards
e-file <file> : locates upstream packages which provide the file <file>
app-portage/pfl
etc-update : interactive program to manage required/suggested /etc/ file changes
eBuilds:
man 5 ebuild
<category>/<name>-<version>.ebuild
• the mechanism portage uses to build/install packages
• an ebuild file makes a package
• bash script obeying special portage conventions
— conventional categories which are useful for your own ebuilds:
${BLOATED_THING}-${MODULE}/
acct-group/
acct-user/
app-${PLATFORM}/
app-${PROGRAM}/
app-accessibility/
app-admin/
app-alternatives/
app-antivirus/
app-arch/
app-backup/
app-benchmarks/
app-cdr/
app-containers/
app-crypt/
app-dicts/
app-doc/
app-editors/
app-emulation/
app-forensics/
app-metrics/
app-misc/
app-office/
app-officeext/
app-shells/
app-text/
dev-${LANGUAGE}/
dev-build/
dev-db/
dev-debug/
dev-embedded/
dev-games/
dev-gap/
dev-lang/
dev-libs/
dev-util/
dev-vcs/
games-${genre}/
games-util/
gnome-base/
gnome-extra/
gui-apps/
gui-libs/
gui-wm/
mail-client/
mail-filter/
mail-mta/
media-fonts/
media-gfx/
media-libs/
media-plugins/
media-radio/
media-sound/
media-tv/
media-video/
net-${PROTOCOL}/
net-analyzer/
net-firewall/
net-im/
net-libs/
net-misc/
net-print/
net-proxy/
net-voip/
net-vpn/
net-wireless/
sci-${FIELD}/
sci-libs/
sci-visualization/
sec-keys/
sec-policy/
sys-apps/
sys-auth/
sys-block/
sys-boot/
sys-cluster/
sys-devel/
sys-fabric/
sys-firmware/
sys-fs/
sys-kernel/
sys-libs/
sys-power/
sys-process/
virtual/
www-apps/
www-client/
www-misc/
www-plugins/
www-servers/
Overlays:
/etc/portage/repos.conf/eselect-repo.conf
https://gpo.zugaina.org/
dont forget to update references:
$ emaint --auto sync
### Gentoo System Upgrade ###
emaint --auto sync
emerge -DavuN --keep-going y --backtrack 100 @world
emerge --ask --depclean
emerge --ask @preserved-rebuild
#
### Copy portage packege source to $PWD ###
DISTDIR=$(realpath .) ebuild <path_to_<package>.ebuild> fetch
#
. ### Emerge Touble shooting ###
— required flag:
{
"The following REQUIRED_USE flag constraints are unsatisfied:\
<foo>? ( <bar> )"
}
+ for using a USE another must be USE-d too
+ in the example above "<foo>" requires "<bar>"
+ you either add "<bar>" to the use flags or remove "<foo>"
+ the error mentions "REQUIRED_USE", but that's their retarded way
of saying "required USE"
#