Linux Tutorial

• Linux Tutorial
• Linux Common Linux Distributions
• Linux Desktop Environment
• Linux Remote Management Protocols
• Linux Remote Administration Tools
• Linux File Directory Structure
• Linux Mount

Linux File/Directory Management

• Linux File System Structure
• Linux Absolute And Relative Paths
• Linux File/Directory Naming Rules
• Linux Commands Format
• Linux Change Directory (cd Command)
• Linux Show Current Path (pwd Command)
• linux View Files In A Directory (ls Command)
• Linux Create A Directory (mkdir Command)
• Linux Remove Empty Directory (rmdir Command)
• Linux Create File And Modify File Timestamp (touch Command)
• Linux Create Hard/Soft Links To File (ln Command)
• Linux Copy File And Directory (cp Command)
• Linux Delete A File Or Directory (rm Command)
• Linux Move File Or Directory (mv Command)
• Linux Environment Variables

Linux Packaging And Compression

• Linux Packaging (tar Command)
• Linux Compress A File Or Directory to ".zip" (zip Command)
• Linux Unzip ".zip" File (unzip Command)
• Linux Compress A File Or Directory to ".gz" (gzip Command)
• Linux Unzip ".gz" File (gunzip Command)
• Linux Compress A File Or Directory to ".bz2" (bzip2 Command)
• Linux Unzip ".bz2" File (bunzip2 Command)

Vim Text Editor

• Vim Installation
• Linux Vim Basic Operations
• Vim Cursor Moving Shortcuts
• Linux Vim Undo And Redo-Undo Shortcuts
• Linux Vim Visualization Mode
• Linux Vim Batch Comments And Custom Comment

Linux Text Processing

• Linux Concatenate Files (cat Command)
• Linux Display File Content by Paging (more Command)
• Linux Display The Beginning Content Of File (head Command)
• Linux Display File Content (less Command)
• Linux Display The Ending Content Of File (tail Command)
• Linux Find File Contents (grep Command)
• Linux Edit File Text (sed Command)
• Linux Edit File Text (awk Command)

Linux Software Installation

• Linux Packages
• Linux RPM Packages' Naming Rules
• Linux RPM Package Installation, Uninstallation And Upgrade (rpm Command)
• Linux Query Packages (rpm Command)
• Linux RPM Package Verification And Digital Certificates
• Linux Extract RPM Package File (cpio Command)
• Linux SRPM Source Package Installation
• Linux yum Source Configuration
• Linux yum Commands
• Linux yum Manage Software Group
• Linux Source Package Installation And Uninstallation
• Linux Source Package Upgrade

Linux User/User Group Management

• Linux Users And User Groups
• Linux UID And GID
• Linux /etc/passwd
• Linux /etc/shadow
• Linux /etc/group
• Linux /etc/gshadow
• Linux Initial And Additional Groups
• Linux /etc/login.defs
• Linux Adding A New System User (useradd Command)
• Linux Change User Password (passwd Command)
• Linux Modify User Information (usermod Command)
• Linux Modify User Password Status (chage Command)
• Linux Delete User (userdel Command)
• Linux View User's UID And GID (id Command)
• Linux Switch Between Users (su Command)
• Linux whoami And who am i Command
• Linux Add User Group (groupadd Command)
• Linux Modify User Group (groupmod Command)
• Linux Delete User Group (groupdel Command)
• Linux Add User To Or Remove User From Group (gpasswd Command)
• Linux Switch The Effective Group Of Users (newgrp Command)

Linux Permission Management

• The Importance Of Linux Permission Management
• Linux Modify The Group Of File And Directory (chgrp Command)
• Linux Modify The Owner And Group Of File And Directory (chown Command)
• Linux Permission Bits
• Linux Modify The File Or Directory Permissions (chmod Command)
• Linux Create/Modify File And Directory Default Permissions (umask Command)
• Linux ACL Access Control Permission
• Linux ACL Permission Settings
• Linux mask Effective Permissions
• Linux SetUID (SUID) Special Permission
• Linux SetGID (SGID) Special Permission
• Linux Stick BIT (SBIT) Special Permission
• Linux Modify File And Directory Permission Attributes (chattr Command)
• Linux Display File And Directory Permission Attributes (lsattr Command)
• Linux System Permission Management (sudo Command)

Linux Filesystem Management

• Linux Display File System Hard Disk Usage (df Command)
• Linux Count The Disk Space Occupied By A Directory Or File (du Command)
• Linux Mount Files Outside The Linux System (mount Command)
• Linux Unmount Filesystem (umount Command)
• Linux Detect And Repair Filesystems (fsck Command)
• Linux Display FileSystem Information (dumpe2fs Command)
• Linux Partition Hard Disk (fdisk Command)
• Linux Partition Large Capacity Hard Disk (parted Command)
• linux Format Partition (mkfs Command)
• Linux Format Hard Disk (mke2fs Command)
• Linux Virtual Memory And Physical Memory

Linux Advanced Filesystem Management

• Disk Quota Overview
• Preparation For Disk Quota Startup
• Linux Scan FileSystem And Create A Quota File (quotacheck Command)
• Linux Turn On Disk Quota Limit (quotaon Command)
• Linux Turn Off Disk Quota Limits (quotaoff Command)
• Linux Modify User (Group) Disk Quota (edquota Command)
• Linux Set Disk Quota Non-interactively (setquota Command)
• Linux Query Disk Quota (quota And repquota Command)
• Linux LVM Logical Volume Management
• Linux PV Physical Volumes
• Linux VG Volume Group
• Linux LV Logical Volumes

Linux System Management

• Linux Process Management
• Linux Start A Process
• Linux Display Running Processes (ps Command)
• Linux Continuously Monitor Process Running Status (top Command)
• Linux Display Process Tree (pstree Command)
• Linux List Information About Files Called Or Opened By A Process (lsof Command)
• Linux Process Priority
• Linux Change Process Priority (nice And renice Command)
• Linux Common Signals
• Linux Kill Process (kill Command)
• Linux Kill A Specific Group Of Processes (killall Command)
• Linux Kick User By Terminal Number (pkill Command)
• Linux Work Management
• Linux Run Commands In The Background
• Linux Display The Jobs That Current Terminal Puts Into The Background (jobs Command)
• Linux Restore Background Commands To Foreground (fg Command)
• Linux Resume Suspended Work in Background (bg Command)
• Linux Run Background Commands Away From The Terminal (nohup Command)
• Linux Execute Tasks Regularly (at Command)
• Linux Execute Scheduled Tasks In A Loop (crontab Command)
• Linux Detect Scheduled Tasks Haven't Been Executed For A Long Time (anacron Command)
• Linux Monitor System Resources (vmstat Command)
• Linux Display Boot Information (dmesg Command)
• Linux Display Memory Status (free Command)
• Linux Display Login User Information (w And who Command)
• Linux Display Logged In Users Information (last And lastlog Command)

Linux Backup and Recovery

• Linux Backup Strategy
• Linux Backup Data (tar Command)
• Linux Backup Partition, File Or Directory (dump Command)
• Linux Restore File, Directory Or Partition (restore Command)
• Linux Data Backup With Format Conversion (dd Command)
• Linux Local Backup and Remote Backup (rsync Command)

Linux System Service Management

• Linux System Services
• linux Port
• Linux Independent Service Management
• Linux Xinetd Service Management
• Linux Source Package Service Management
• Linux Common Service Categories And Functions
• Factors Affecting Linux System Performance
• Linux Analyze System Performance (sar Command)

Linux System Log Management

• Linux rsyslogd Service
• Linux Log File Format
• Linux rsyslogd Configuration File
• Linux Setup Log Server
• Linux Log Rotation (Log Dump)
• Linux Log Rotation (logrotate Command)
• Linux Log Analysis Tool (logwatch)

Linux Boot Management

• Linux System Startup Process
• Linux BIOS POST
• Linux Master Boot Directory (MBR)
• Linux Kernel Module Loading Process
• Linux Initializes The System Environment (/sbin/init)
• Linux Set System Default Runlevel (/etc/inittab)
• Linux /etc/rc.d/rc.local Configuration File
• Linux Bootloader (GRUB) Loads The Kernel
• Linux /boot/grub/ Directory
• Linux GRUB Disk Partition
• Linux GRUB Configuration File (/boot/grub/grub.conf)
• Linux GRUB Configuration File For Multi-system Coexistence
• Linux GRUB Manual Installation
• Linux GRUB Encryption
• Linux Adjust The Resolution Of Character Interface
• Linux Kernel Module Management
• Linux NTFS Filesystem Installation

LAMP/LNMP Environment

• Linux LAMP Environment Setup Preparations
• Linux libxml2 Installation
• Linux libmcrypt Installation
• Linux mhash And mcrypt Installation
• Linux zlib And libpng Installation
• Linux jpeg6 Installation
• Linux freetype Installation
• Linux gd Library Installation
• Linux Apache Installation
• Linux ncurses Installation
• Linux MySQL Installation
• Linux PHP Installation
• Linux memcache Installation
• linux phpMyAdmin Installation
• Linux LNMP Environment Setup Preparations
• LNMP One-click Installation
• Install PHP Extension Modules in LNMP

SELinux Management

• SELinux Overviews
• SELinux Role
• SELinux Work Modes
• SELinux Configuration File (/etc/selinux/config)
• SELinux Work Mode Settings
• SELinux Display Security Context
• SELinux Modify Security Context
• SELinux Query/Modify Default Security Context
• SELinux auditd Logging System Installation
• SELinux auditd Logging System Usage
• SELinux Targeted, MLS And Minimum Strategy
• SELinux Display Strategy Rules
• SELinux Enable/Disable Strategy Rules

Installation And Startup Of SELinux auditd Logging System

The auditd daemon is a critical component of the SELinux (Security-Enhanced Linux) system. It is responsible for logging events and monitoring system activities to help you identify any security-related incidents. In this tutorial, we'll cover the installation, configuration, and startup of the auditd logging system on Linux distributions.

• Installation:

The auditd daemon is part of the audit package. To install it, use the package manager specific to your Linux distribution:

• For Debian/Ubuntu-based systems:

  sudo apt-get update
  sudo apt-get install auditd
  

• For RHEL/CentOS-based systems:

  sudo yum install audit
  

• For openSUSE-based systems:

  sudo zypper install audit
  

• Configuration:

The primary configuration file for auditd is /etc/audit/auditd.conf. This file contains various settings such as log file location, disk space management, and log rotation. Open the file using your preferred text editor:

sudo nano /etc/audit/auditd.conf

Edit the configuration options as needed. Some key settings include:

• log_file: Specifies the location of the log file (default: /var/log/audit/audit.log).
• num_logs: Determines the number of log files to retain (default: 5).
• max_log_file: Sets the maximum size (in MB) of each log file (default: 6).
• max_log_file_action: Defines the action to take when a log file reaches its maximum size (default: ROTATE).

Save the changes and exit the editor.

• Rules configuration:

Audit rules define the specific events and system activities to be monitored by auditd. The rules are stored in the /etc/audit/rules.d/ directory, typically in a file named audit.rules. To create or modify the rules, open the file using a text editor:

sudo nano /etc/audit/rules.d/audit.rules

Add or edit the rules as needed. Some examples of audit rules include:

• Monitor file access for a specific file:

  -w /path/to/file -p rwxa -k file_access
  

• Log all system calls made by a specific user:

  -a always,exit -F arch=b64 -F euid=1000 -S all -k user_activity
  

Save the changes and exit the editor.

• Starting and managing the auditd service:

After configuring auditd, you need to start and enable the service:

• For systemd-based systems:

  sudo systemctl start auditd
  sudo systemctl enable auditd
  

• For SysV init-based systems:

  sudo service auditd start
  sudo chkconfig auditd on
  

To check the status of the auditd service, run:

sudo systemctl status auditd

To restart the auditd service after making changes to the configuration or rules, use the following command:

sudo systemctl restart auditd

• Log analysis:

auditd logs are stored in the location specified in the configuration file (default: /var/log/audit/audit.log). To analyze the logs, you can use the ausearch and aureport tools:

• Search for specific events using ausearch:

  sudo ausearch -k key_name
  

• Generate a summary report using aureport:

  sudo aureport
  

1. Setting up auditd in SELinux on Unix-like systems: auditd is the userspace component for the Linux Auditing System. Install and configure it on SELinux-enabled systems.

   sudo yum install audit
   

2. How to install and configure SELinux auditd: Install the auditd package and configure it by editing the /etc/audit/auditd.conf file. Example:

   sudo nano /etc/audit/auditd.conf
   

3. Starting and stopping auditd in SELinux: Start and stop the auditd service using the following commands:

   sudo systemctl start auditd
   sudo systemctl stop auditd
   

4. Auditd service management in Linux: Manage the auditd service with systemctl. Restart the service:

   sudo systemctl restart auditd
   

5. Configuring audit rules for SELinux auditd: Configure audit rules in /etc/audit/rules.d/audit.rules. Example:

   sudo nano /etc/audit/rules.d/audit.rules
   

6. Interpreting auditd logs in SELinux: View auditd logs using ausearch or aureport. Example:

   ausearch -m AVC
   

7. Troubleshooting auditd startup issues in SELinux: Troubleshoot startup issues by checking the auditd service status, reviewing logs, and ensuring proper SELinux policy configuration.

   journalctl -xe | grep auditd