Summary
Needed sleep really bad so I had to skip my normal learning for the day. I think I am going to Split my training with PJPT and CKA
Learning recap
I am going to split my training between CKA and PJWT. AppSec is the part that interests me the most and the one I will be the most familiar with I will still go the PJPT route but I think I need to stop by my friends in Networking first.
Got lab set up for PJWT
Raw Notes
CKA - Linux - Security
- Access Control
- Accounts
- every user has an account
- username and password
- UID - unique ID
- Information about the user is stored in /etc/passwd
- Its you again
- groups have the GID
- users can be part of multiple groups
- āidā command tells you the id and group info
- root is id 0
- system accounts are usually group 100 or between 500-1000 id and generally do not have a root folder
- There are 4 types of accounts
- User Account
- Superuser Account
- Root id 0 - unrestricted access
- System Accounts
- created during OS installation
- services that will not run under super user
- dont have a dedicated home directory and if so it wont be in the /home directory
- Service Accounts
- nginx
- Useful commands
- āid
- Gives UID and GID and group ID
- āwhoā
- list of users currently logged into system
- ālastā
- displays the record of all loggen in users as well as date and time of last reboot
- āid
- Switching users
- su -
- sudo
- /etc/sudoers
- The people that have access to using sudo
- Setting a no login shell for root user will block people logging in as root
- /etc/sudoers
- Access Control Files
- /etc/passwd
- passwords are not stored here
- GECOS is a comma seperated list of inforation
- HOMEDIR is their home directory
- SHELL is the default shell
- /etc/shadow
- These are the passwords in hash
- MINAGE - min days user has to wait to change password
- MAXAGE - max amount of days until a user has to change password
- WARN - Number of days before a password expires they should be warned
- INACTIVE - number of days after a password expires until the password no longer works
- EXPDATE - Amount of days until the account expires.
- /etc/group
- /etc/passwd
- Managing Users
- commands
- useradd
- makes a new user
- passwd
- sets a password for the user
- userdel
- deletes user
- groupadd
- add group
- -g custom gid
- groupdel
- delete group
- useradd
- commands
- Linux File Permissions
- CHMOD
- changes the permissions of a file
- chown
- change owner and group
- chown user:group test-file
- chown user test-file
- chgrp
- changes only the group ownership of the file
- chgrp group test-file
- ls -ld /directory/path
- See permissions of a directory
- ssh-copy-id
- SCP
- SCP allows you to send files through SSH
- IP Tables
- Red Hat and Centos its already installed
- has a chain of rules based on conditions
- input ruleā¦ you are high if you think I am going to remember this
- iptables command is a real hoot
- I think this is just going to to be something I will have to stack overflow whenever I need it.
- CROTAB
- Need to dive into this more
- if I ever need it
- Accounts
PJPT
- Common Network Commands
- ip a
- new way of getting ip data
- ifconfig
- old way of getting ip data
- Only shows hard connections (ethernet)
- iwconfig
- Shows wireless connections
- ip n
- ip neighbor
- arp -a is the old school equivalent
- Need to study up on networking I do not know arp
- ip a
- GOING TO STOP STUDYING FOR PJPT UNTIL I LEARN MORE NETWORKING
- A bunch of networking terms are getting brought up so I am going to put PJWT on pause and start PJWT
PJWT
- Just going to get my lab environment set up. For some reason when I did it the first time it never wanted to boot up after upgrades. I am wondering if this is because of the networking stuff I added for the PJPT? Doubt it. When in doubt I generally just burn it with fire. missed a learning opportunity here but I am a little tired and lazy.
- I was tired I shouldnāt have nuked it. I solved it. a little too late