I've spent quite a few hours learning how to wrangle auditd around exclusions. Here's what I've learned.linux security
Rsync, which stands for “remote sync”, is a remote and local file synchronization tool. It uses an algorithm that minimizes the amount of data copied by only moving the portions of files that have changed.linux tutorial rsync
Ownership of files and directories is based on the
uid (user-id) and
gid (group-id) of the user who created them. The same thing happens when a process is launched: it runs with the effective
gid of the user who started it, and with the corresponding privileges.
setuid bit modifies this behaviour so that an executable runs with the privileges of the executable file’s owner. This can be identified by an
s in the executable bit for the file’s owner, eg:
ls -l /bin/passwd -rwsr-xr-x. 1 root root 27768 Feb 11 2017 /bin/passwd
setgid bit can be identified by an
s in the executable bit of the file or directory’s group, eg:
drwxrwsr-x. 2 egdoc egdoc 4096 Nov 1 17:25 test
When set on an executable, the
setgid bit causes it to run with the privileges of the executable’s group.
When set on a directory, the
setgid bit causes the group of files created inside the directory to be the group of the directory, not the user who created them.
When used on a directory, the sticky bit causes all files to be modifiable only by their owner, eg:
ls -ld /private/tmp drwxrwxrwt 11 root wheel 352 26 Sep 09:04 /private/tmp
There are three hooks you can use for this:
DPkg::Pre-Invokeis run once, before all the package manipulation sequences in one apt invocation
DPkg::Pre-Install-Pkgsis also run once, before the package manipulation sequences, after the Pre-Invoke hook, and with a list of all the packages which will be installed
DPkg::Post-Invokeis run once, after the package manipulation sequences.
/etc/apt/apt.conf is the main configuration file shared by all the tools in the APT suite of tools, though it is by no means the only place options can be set. The suite also shares a common command line parser to provide a uniform environment.
If the router is filtering too, ubuntu has to be aware of the gateway's existence for both interfaces and use
rule settings for a correct routing.
Normally, a Linux system only has one routing table, in which only one default gateway can make entries. With iproute2, you have the ability to setup an additional routing table, for one thing, and allow this table to be used by the system based on rules, for another.linux networking homelab
/etc/rc2.d/S91apache2, points to
/etc/init.d/apache2. This tells
init to start Apache 2 in runlevel 2, but only after other services with lower S numbers.
When the system is shut down, there is another symlink in the
/etc/rc6.d directories (halt and reboot, respectively) that starts with a
K instead of an
S, which tells init to shut down the process.
Iptables places rules into predefined chains -
FORWARD - that are checked against any network traffic relevant to those chains and a decision is made about what to do with each packet based upon the outcome of those rules. These actions are referred to as targets, of which the two most common predefined targets are
INPUT- All packets destined for the host computer.
OUTPUT- All packets originating from the host computer.
FORWARD- All packets neither destined for nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router.
Load averages are an industry-critical metric – my company spends millions auto-scaling cloud instances based on them and other metrics – but on Linux there's some mystery around them. Linux load averages track not just runnable tasks, but also tasks in the uninterruptible sleep state. Why? I've never seen an explanation. In this post I'll solve this mystery, and summarize load averages as a reference for everyone trying to interpret them.linux devops