1576 lines
26 KiB
Markdown
1576 lines
26 KiB
Markdown
# Linux+ Study Targets
|
|
|
|
This file tracks Linux+ weak areas, missed concepts, exam traps, and future lesson/quiz priorities.
|
|
|
|
The purpose of this file is to guide future Emacs Lisp lesson and quiz creation. Lessons should be focused, topic-based, and generated using the existing numbered file convention in this repository.
|
|
|
|
Avoid copying exact copyrighted study-book or practice-exam questions. Prefer paraphrased notes that capture the missed concept, the correct answer pattern, and the exam wording trap.
|
|
|
|
## Current Study Priority
|
|
|
|
The next lessons should focus on weak areas that have appeared in missed questions, uncertain answers, or repeated review needs.
|
|
|
|
Highest priority areas:
|
|
|
|
```
|
|
1. Firewall basics, UFW, firewalld, and IDS recognition
|
|
2. Storage, LVM, and quotas
|
|
3. Boot process, GRUB2, kernel startup, and systemd
|
|
4. Kernel modules and hardware/system inspection
|
|
5. Networking services, ports, packet filtering, and bandwidth tools
|
|
6. Permissions, ACLs, ownership, and directory traversal
|
|
7. Scheduled tasks, cron syntax, and automation
|
|
8. Backup, archive, sync, and file transfer tools
|
|
9. Mail filtering and redirection
|
|
10. Cloud, containers, orchestration, and object storage
|
|
11. Databases, web services, and service role recognition
|
|
```
|
|
|
|
## Next Suggested Lesson/Quiz Pair
|
|
|
|
The next unused pair should continue the repository numbering scheme.
|
|
|
|
Suggested next files:
|
|
|
|
```
|
|
104-firewall-review-lesson.el
|
|
105-firewall-review-quiz.el
|
|
```
|
|
|
|
Suggested topic:
|
|
|
|
```
|
|
Firewall ACLs, packet inspection, persistent firewall configuration,
|
|
stateful firewall behavior, firewalld runtime-to-permanent rules,
|
|
numbered UFW rules, simple UFW SSH blocking, DenyHosts, and Fail2Ban
|
|
```
|
|
|
|
Reason:
|
|
|
|
This topic reinforces several recent missed Linux+ book review questions.
|
|
|
|
## Study Format
|
|
|
|
Each weak area should be recorded using this pattern:
|
|
|
|
```
|
|
Missed area:
|
|
Correct concept:
|
|
Exam wording trap:
|
|
Commands/files to remember:
|
|
Future lesson topic:
|
|
Status:
|
|
```
|
|
|
|
Possible status values:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
Needs review
|
|
Improving
|
|
Solid
|
|
```
|
|
|
|
## Weak Area: Firewall Review
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Firewall basics, stateful firewall behavior, firewalld persistence,
|
|
UFW command syntax, and DenyHosts/Fail2Ban recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Firewalls use ACLs, inspect network packets, and use configuration
|
|
files for persistence.
|
|
|
|
ACL means access control list. Firewall ACL rules allow or deny
|
|
traffic based on details such as source address, destination
|
|
address, protocol, port, or interface.
|
|
|
|
A stateless firewall checks packets against rules without remembering
|
|
the state of a connection.
|
|
|
|
A stateful firewall tracks connection state. For this book review,
|
|
remember that a stateful firewall can operate faster for established
|
|
connections and can determine if packets are fragmented.
|
|
|
|
firewalld can use runtime configuration and permanent configuration.
|
|
After testing firewalld runtime rules, make them permanent with:
|
|
|
|
sudo firewall-cmd --runtime-to-permanent
|
|
|
|
To view numbered UFW rules, use:
|
|
|
|
sudo ufw status numbered
|
|
|
|
To block SSH using simple UFW syntax, use:
|
|
|
|
sudo ufw deny 22/tcp
|
|
|
|
For this book item, remember DenyHosts and Fail2Ban as IDS tools.
|
|
The expected answer associates them with /etc/hosts.deny.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Make firewalld runtime rules permanent" points to:
|
|
|
|
firewall-cmd --runtime-to-permanent
|
|
|
|
"Numbered UFW rules" points to:
|
|
|
|
sudo ufw status numbered
|
|
|
|
"Deny SSH with simple UFW syntax" points to:
|
|
|
|
sudo ufw deny 22/tcp
|
|
|
|
DenyHosts is strongly associated with /etc/hosts.deny.
|
|
|
|
Fail2Ban commonly blocks through firewall actions in real-world
|
|
configurations, but for the book question, memorize the book's
|
|
expected wording.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
sudo firewall-cmd --runtime-to-permanent
|
|
sudo ufw status numbered
|
|
sudo ufw deny 22/tcp
|
|
/etc/hosts.deny
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
104-firewall-review-lesson.el
|
|
105-firewall-review-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Quotas and repquota
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Quota reporting and quota command roles
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
repquota reports quota usage.
|
|
quotaon enables quotas.
|
|
quotaoff disables quotas.
|
|
quotacheck checks or builds quota files/databases.
|
|
edquota edits user or group quota limits.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Report quotas" points to repquota, not quotaon.
|
|
"Enable quotas" points to quotaon, not repquota.
|
|
"Edit quotas" points to edquota.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
repquota -a
|
|
quotaon -a
|
|
quotaoff -a
|
|
quotacheck
|
|
edquota
|
|
/etc/fstab
|
|
usrquota
|
|
grpquota
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
106-storage-lvm-quotas-lesson.el
|
|
107-storage-lvm-quotas-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
```
|
|
|
|
## Weak Area: LVM
|
|
|
|
Missed area:
|
|
|
|
```
|
|
LVM command recognition and PV/VG/LV relationships
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
A physical volume is storage prepared for LVM.
|
|
A volume group is a pool of storage made from one or more physical volumes.
|
|
A logical volume is usable storage created from a volume group.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Create a volume group" means vgcreate.
|
|
"Create a logical volume" means lvcreate.
|
|
"List logical volumes" means lvs.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
pvcreate
|
|
vgcreate
|
|
lvcreate
|
|
pvs
|
|
vgs
|
|
lvs
|
|
pvdisplay
|
|
vgdisplay
|
|
lvdisplay
|
|
lvextend
|
|
resize2fs
|
|
xfs_growfs
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
106-storage-lvm-quotas-lesson.el
|
|
107-storage-lvm-quotas-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
```
|
|
|
|
## Weak Area: Filesystem Usage Tools
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Choosing between df, du, lsblk, blkid, and findmnt
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
df shows mounted filesystem usage.
|
|
du shows file or directory space usage.
|
|
lsblk lists block devices.
|
|
blkid shows block device identifiers and filesystem attributes.
|
|
findmnt shows mounted filesystems.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"How full is the filesystem?" usually means df.
|
|
"How large is this directory?" usually means du.
|
|
"Show disks and partitions" usually means lsblk.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
df -h
|
|
du -sh PATH
|
|
lsblk
|
|
lsblk -f
|
|
blkid
|
|
findmnt
|
|
/etc/fstab
|
|
mount -a
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
106-storage-lvm-quotas-lesson.el
|
|
107-storage-lvm-quotas-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
```
|
|
|
|
## Weak Area: Boot Process, GRUB2, and systemd
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Bootloader location, kernel startup, PID 1, and service management
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
GRUB2 loads the Linux kernel and initramfs.
|
|
The kernel starts the first userspace process.
|
|
On most modern Linux systems, PID 1 is systemd.
|
|
systemctl controls systemd services.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"PID 1" usually points to systemd on modern Linux.
|
|
"Regenerate GRUB2 configuration" points to grub2-mkconfig or the distro equivalent.
|
|
"Enable a service at boot" is not the same as starting it immediately.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
ps -p 1 -o pid,comm,args
|
|
systemctl status SERVICE
|
|
systemctl start SERVICE
|
|
systemctl enable SERVICE
|
|
systemctl is-enabled SERVICE
|
|
systemctl daemon-reload
|
|
grub2-mkconfig
|
|
/etc/default/grub
|
|
/boot/grub2/grub.cfg
|
|
/boot/efi
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
108-boot-grub-systemd-lesson.el
|
|
109-boot-grub-systemd-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Kernel Modules
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Listing, loading, removing, and inspecting kernel modules
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
lsmod lists loaded kernel modules.
|
|
modprobe loads or removes modules and handles dependencies.
|
|
modinfo shows information about a module.
|
|
rmmod removes a module but does not handle dependencies as well as modprobe.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"List loaded modules" means lsmod.
|
|
"Load a module with dependencies" means modprobe.
|
|
"Remove a module with dependency handling" means modprobe -r.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
lsmod
|
|
modprobe MODULE
|
|
modprobe -r MODULE
|
|
modinfo MODULE
|
|
rmmod MODULE
|
|
depmod
|
|
uname -r
|
|
/lib/modules/$(uname -r)/
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
110-kernel-modules-hardware-lesson.el
|
|
111-kernel-modules-hardware-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: SSH Configuration Precedence
|
|
|
|
Missed area:
|
|
|
|
```
|
|
User-specific SSH client config versus system-wide SSH client config
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
User SSH client config is normally ~/.ssh/config.
|
|
System-wide SSH client config is normally /etc/ssh/ssh_config.
|
|
The SSH server config is normally /etc/ssh/sshd_config.
|
|
User-specific client settings generally override system-wide client settings.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Do not confuse ssh_config with sshd_config.
|
|
ssh_config is client configuration.
|
|
sshd_config is server daemon configuration.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
~/.ssh/config
|
|
/etc/ssh/ssh_config
|
|
/etc/ssh/sshd_config
|
|
ssh -F CONFIGFILE HOST
|
|
sshd -T
|
|
systemctl status sshd
|
|
systemctl status ssh
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
112-ssh-config-precedence-lesson.el
|
|
113-ssh-config-precedence-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Network Services and Ports
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Service name to port/protocol mapping
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
/etc/services maps service names to port numbers and protocols.
|
|
getent services can query service mappings.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
A question asking about named services and port numbers often points to /etc/services.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
/etc/services
|
|
getent services ssh
|
|
grep '^ssh' /etc/services
|
|
ss -tulpen
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
114-network-services-firewall-lesson.el
|
|
115-network-services-firewall-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: netfilter, iptables, and nftables
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Linux packet filtering framework and related tools
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
netfilter is the Linux kernel packet filtering framework.
|
|
iptables and nftables are userspace tools for managing packet filtering rules.
|
|
nftables is the newer framework/tooling commonly replacing many iptables workflows.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Kernel packet filtering framework" points to netfilter.
|
|
"Firewall rules on modern Linux" may point to nftables.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
nft list ruleset
|
|
iptables -L
|
|
firewall-cmd
|
|
ufw status
|
|
ss -tulpen
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
114-network-services-firewall-lesson.el
|
|
115-network-services-firewall-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Bandwidth and Network Testing Tools
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Choosing tools for network scanning, throughput testing, and interface inspection
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
nmap scans hosts and ports.
|
|
iperf tests network throughput.
|
|
ip shows addresses, routes, and links.
|
|
ss shows sockets.
|
|
tcpdump captures packets.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Throughput test" usually means iperf.
|
|
"Port scan" usually means nmap.
|
|
"Socket/listening port inspection" usually means ss.
|
|
"Packet capture" usually means tcpdump.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
nmap
|
|
iperf
|
|
ip addr
|
|
ip route
|
|
ip link
|
|
ss -tulpen
|
|
tcpdump
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
116-network-diagnostics-lesson.el
|
|
117-network-diagnostics-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Permissions and ACLs
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Directory permissions, ACL inspection, and ACL removal
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Directory read permission allows listing names.
|
|
Directory execute permission allows traversal.
|
|
getfacl views ACLs.
|
|
setfacl modifies ACLs.
|
|
setfacl -b removes ACL entries.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
To access a file inside a directory, execute permission is needed on the directory path.
|
|
To list directory contents, read permission is needed on the directory.
|
|
ACL questions usually point to getfacl or setfacl.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
ls -ld DIR
|
|
chmod
|
|
chown
|
|
chgrp
|
|
getfacl FILE
|
|
setfacl -m
|
|
setfacl -x
|
|
setfacl -b
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
118-permissions-acls-lesson.el
|
|
119-permissions-acls-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: User and Group Management
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Password aging, group membership, and account defaults
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
/etc/passwd stores basic user account information.
|
|
/etc/shadow stores password hashes and password aging information.
|
|
/etc/group stores group information.
|
|
usermod -aG appends supplementary group membership.
|
|
login.defs defines UID/GID ranges and default password aging policy values.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Password aging is associated with /etc/shadow, chage, and login.defs, not /etc/passwd alone.
|
|
When adding a user to a supplementary group, use usermod -aG, not just -G.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
/etc/passwd
|
|
/etc/shadow
|
|
/etc/group
|
|
/etc/login.defs
|
|
useradd
|
|
usermod -aG GROUP USER
|
|
groupmod -n
|
|
passwd
|
|
chage
|
|
id
|
|
groups
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already covered in 102-user-management-lesson.el and 103-user-management-quiz.el.
|
|
Review if quiz score is weak.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: cron and Scheduled Tasks
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Cron field order and scheduled command recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Cron field order is minute, hour, day of month, month, day of week, command.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Do not confuse hour and minute fields.
|
|
Do not confuse day-of-month with day-of-week.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
crontab -e
|
|
crontab -l
|
|
/etc/crontab
|
|
/etc/cron.d/
|
|
/etc/cron.daily/
|
|
/etc/cron.hourly/
|
|
systemctl list-timers
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
120-scheduled-tasks-cron-lesson.el
|
|
121-scheduled-tasks-cron-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
```
|
|
|
|
## Weak Area: Backup, Archive, and Sync Tools
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Choosing between rsync, tar, compression tools, and copy commands
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
rsync is useful for efficient file synchronization and backups.
|
|
tar creates archives.
|
|
gzip, bzip2, and xz compress data.
|
|
cp copies files.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Local backup of a large file or directory while preserving metadata" often points to rsync.
|
|
"Create an archive" points to tar.
|
|
"Compress data" points to gzip, bzip2, or xz.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
rsync -avh SOURCE DEST
|
|
rsync -avh --progress SOURCE DEST
|
|
tar -cf archive.tar DIR
|
|
tar -czf archive.tar.gz DIR
|
|
tar -xvf archive.tar
|
|
gzip
|
|
bzip2
|
|
xz
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
122-backup-archive-sync-lesson.el
|
|
123-backup-archive-sync-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: File and Directory Operations
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Using ls -d, mv safety options, sort fields, and command selection
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
ls -d shows the directory entry itself instead of listing its contents.
|
|
mv can move or rename files.
|
|
mv -i prompts before overwrite.
|
|
mv -v shows operations.
|
|
sort -k sorts by a field.
|
|
sort -r reverses sort order.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Show metadata for the directory itself" points to ls -ld.
|
|
"Sort by a specific column" points to sort -k.
|
|
"Prompt before overwrite" points to -i.
|
|
"Verbose output" points to -v.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
ls -ld DIR
|
|
mv -i OLD NEW
|
|
mv -v OLD NEW
|
|
sort FILE
|
|
sort -k 2 FILE
|
|
sort -k 2 -n FILE
|
|
sort -r FILE
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already partly covered by file-search and permissions topics.
|
|
Add focused review only if needed.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Process and CPU Fields
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Interpreting top CPU fields and process display output
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
top shows CPU and process activity.
|
|
%us or us is user CPU time.
|
|
%sy or sy is system/kernel CPU time.
|
|
%id or id is idle CPU time.
|
|
%st or st is stolen CPU time in virtualized environments.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Stolen time" is associated with virtualization.
|
|
"User CPU time" is not the same as system/kernel CPU time.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
top
|
|
ps aux
|
|
ps -ef
|
|
uptime
|
|
free -h
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already covered in 20-top-cpu-fields-lesson.el and 21-top-cpu-fields-quiz.el.
|
|
Review if quiz score is weak.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Logs and Authentication
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Security log locations and filtering log output
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Authentication and security events may appear in /var/log/secure on Red Hat-family systems.
|
|
Debian-family systems often use /var/log/auth.log.
|
|
journalctl queries the systemd journal.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Distribution family matters for auth/security log file names.
|
|
systemd journal questions often point to journalctl.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
/var/log/secure
|
|
/var/log/auth.log
|
|
journalctl
|
|
journalctl -u SERVICE
|
|
journalctl -f
|
|
grep
|
|
awk
|
|
sed
|
|
tail -f
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already covered in 30-auth-log-lesson.el, 31-auth-log-quiz.el, 80-log-filtering-lesson.el, and 81-log-filtering-quiz.el.
|
|
Review if quiz score is weak.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Package Management
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Package installation, dependency queries, and package manager recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
rpm installs and queries RPM packages directly.
|
|
yum or dnf manage packages and dependencies on Red Hat-family systems.
|
|
apt manages packages on Debian-family systems.
|
|
yum deplist can show dependencies.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
rpm works directly with RPM packages but does not resolve dependencies like yum/dnf.
|
|
Distribution family matters.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
rpm -ivh PACKAGE.rpm
|
|
rpm -qa
|
|
rpm -qi PACKAGE
|
|
yum deplist PACKAGE
|
|
dnf install PACKAGE
|
|
apt update
|
|
apt install PACKAGE
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already covered in 40-package-management-lesson.el and 41-package-management-quiz.el.
|
|
Review if quiz score is weak.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Mail Filtering and Redirection
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Automatic mail processing, filtering, and redirection
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Mail filters can automatically process, redirect, sort, or deliver incoming mail based on rules.
|
|
Depending on the system, this may involve procmail, sieve, aliases, forwarding files, or MTA rules.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Automatically redirects incoming mail" points to a mail filter or mail-processing rule, not a user shell alias.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
/etc/aliases
|
|
~/.forward
|
|
procmail
|
|
sieve
|
|
postfix
|
|
sendmail
|
|
mailq
|
|
newaliases
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
124-mail-filtering-redirection-lesson.el
|
|
125-mail-filtering-redirection-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs lesson
|
|
Needs quiz
|
|
```
|
|
|
|
## Weak Area: Web Services and Load Balancing
|
|
|
|
Missed area:
|
|
|
|
```
|
|
nginx service role recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
nginx can function as a web server, reverse proxy, and load balancer.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Do not limit nginx to static web serving only.
|
|
If the question mentions web serving plus load balancing or reverse proxying, nginx may be correct.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
nginx
|
|
systemctl status nginx
|
|
/etc/nginx/nginx.conf
|
|
/etc/nginx/conf.d/
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
126-web-services-load-balancing-lesson.el
|
|
127-web-services-load-balancing-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Databases and Data Models
|
|
|
|
Missed area:
|
|
|
|
```
|
|
MongoDB storage/data model recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
MongoDB is a document database.
|
|
MongoDB uses JSON-style documents and stores data internally as BSON.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
MongoDB is not a traditional row/table-only relational database.
|
|
Questions mentioning JSON-style documents or BSON likely point to MongoDB.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
MongoDB
|
|
JSON
|
|
BSON
|
|
document database
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
128-databases-data-models-lesson.el
|
|
129-databases-data-models-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Cloud Storage and Azure Blob
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Cloud object storage recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Azure Blob Storage is object storage for unstructured data.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Object storage" and "unstructured data" may point to Azure Blob Storage in Azure-related questions.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
Azure Blob Storage
|
|
object storage
|
|
unstructured data
|
|
cloud storage
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
130-cloud-storage-lesson.el
|
|
131-cloud-storage-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Containers and Orchestration
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Container orchestration engine recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Kubernetes is a container orchestration platform.
|
|
Container orchestration manages deployment, scaling, scheduling, and operation of containers.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Container orchestration" often points to Kubernetes.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
Kubernetes
|
|
kubectl
|
|
container orchestration
|
|
pods
|
|
deployments
|
|
services
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
132-containers-orchestration-lesson.el
|
|
133-containers-orchestration-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Git Recognition
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Version control tool recognition
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
Git is a distributed version control system.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
Questions asking about source code version control usually point to Git.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
git status
|
|
git add
|
|
git commit
|
|
git log
|
|
git diff
|
|
git clone
|
|
git pull
|
|
git push
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
134-git-version-control-lesson.el
|
|
135-git-version-control-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: /etc/securetty
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Root login terminal restrictions
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
/etc/securetty controls which terminals root may log in from on systems that honor it.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Which terminals permit root login?" points to /etc/securetty.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
/etc/securetty
|
|
root login
|
|
TTY
|
|
console
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
136-login-security-lesson.el
|
|
137-login-security-quiz.el
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Shell Navigation
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Returning to the previous working directory
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
cd - returns to the previous working directory.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
cd .. moves to the parent directory.
|
|
cd - moves to the previous working directory.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
pwd
|
|
cd
|
|
cd ..
|
|
cd -
|
|
cd ~
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Can be included in a shell basics or file operations review lesson.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Weak Area: Web Search/File Search Command Recognition
|
|
|
|
Missed area:
|
|
|
|
```
|
|
Finding files, searching contents, and matching command to search task
|
|
```
|
|
|
|
Correct concept:
|
|
|
|
```
|
|
find searches by file attributes and paths.
|
|
grep searches text contents.
|
|
locate uses a database to find paths quickly.
|
|
which finds commands in PATH.
|
|
whereis locates binary, source, and manual page files.
|
|
```
|
|
|
|
Exam wording trap:
|
|
|
|
```
|
|
"Search inside files" points to grep.
|
|
"Find files by name, size, time, owner, or permissions" points to find.
|
|
"Fast path lookup from a database" points to locate.
|
|
```
|
|
|
|
Commands/files to remember:
|
|
|
|
```
|
|
find
|
|
grep
|
|
locate
|
|
updatedb
|
|
which
|
|
whereis
|
|
type
|
|
```
|
|
|
|
Future lesson topic:
|
|
|
|
```
|
|
Already covered in 90-file-search-lesson.el and 91-file-search-quiz.el.
|
|
Review if quiz score is weak.
|
|
```
|
|
|
|
Status:
|
|
|
|
```
|
|
Needs review
|
|
```
|
|
|
|
## Review Queue
|
|
|
|
Use this queue when deciding future lesson order.
|
|
|
|
Immediate next lesson:
|
|
|
|
```
|
|
104-firewall-review-lesson.el
|
|
105-firewall-review-quiz.el
|
|
```
|
|
|
|
Recommended follow-up sequence:
|
|
|
|
```
|
|
106-storage-lvm-quotas-lesson.el
|
|
107-storage-lvm-quotas-quiz.el
|
|
|
|
108-boot-grub-systemd-lesson.el
|
|
109-boot-grub-systemd-quiz.el
|
|
|
|
110-kernel-modules-hardware-lesson.el
|
|
111-kernel-modules-hardware-quiz.el
|
|
|
|
114-network-services-firewall-lesson.el
|
|
115-network-services-firewall-quiz.el
|
|
|
|
120-scheduled-tasks-cron-lesson.el
|
|
121-scheduled-tasks-cron-quiz.el
|
|
|
|
122-backup-archive-sync-lesson.el
|
|
123-backup-archive-sync-quiz.el
|
|
|
|
124-mail-filtering-redirection-lesson.el
|
|
125-mail-filtering-redirection-quiz.el
|
|
|
|
130-cloud-storage-lesson.el
|
|
131-cloud-storage-quiz.el
|
|
|
|
132-containers-orchestration-lesson.el
|
|
133-containers-orchestration-quiz.el
|
|
```
|
|
|
|
## Quick Command Association Drill
|
|
|
|
Review this section frequently.
|
|
|
|
```
|
|
repquota -a -> report quotas
|
|
quotaon -a -> enable quotas
|
|
quotaoff -a -> disable quotas
|
|
edquota -> edit quotas
|
|
quotacheck -> check/build quota files
|
|
pvcreate -> create physical volume
|
|
vgcreate -> create volume group
|
|
lvcreate -> create logical volume
|
|
pvs -> list physical volumes
|
|
vgs -> list volume groups
|
|
lvs -> list logical volumes
|
|
lvextend -> extend logical volume
|
|
df -h -> mounted filesystem usage
|
|
du -sh PATH -> file/directory usage
|
|
lsblk -> block devices
|
|
blkid -> UUID/filesystem attributes
|
|
findmnt -> mounted filesystems
|
|
/etc/fstab -> persistent mount configuration
|
|
|
|
ps -p 1 -> inspect PID 1
|
|
systemctl -> manage systemd services
|
|
grub2-mkconfig -> generate GRUB2 configuration
|
|
lsmod -> list loaded kernel modules
|
|
modprobe -> load module with dependencies
|
|
modprobe -r -> remove module with dependency handling
|
|
modinfo -> show module information
|
|
|
|
/etc/services -> service names to port/protocol mappings
|
|
netfilter -> kernel packet filtering framework
|
|
nftables -> modern packet filtering rules tool
|
|
iptables -> older/common packet filtering rules tool
|
|
getfacl -> view ACLs
|
|
setfacl -> modify ACLs
|
|
setfacl -b -> remove ACL entries
|
|
|
|
firewall-cmd --runtime-to-permanent -> save firewalld runtime rules
|
|
sudo ufw status numbered -> view numbered UFW rules
|
|
sudo ufw deny 22/tcp -> block SSH with UFW
|
|
/etc/hosts.deny -> DenyHosts/book IDS association
|
|
|
|
crontab -e -> edit user cron jobs
|
|
crontab -l -> list user cron jobs
|
|
minute hour dom month dow command -> cron field order
|
|
|
|
rsync -avh -> sync/backup while preserving metadata
|
|
tar -> archive files
|
|
gzip/bzip2/xz -> compress data
|
|
nginx -> web server, reverse proxy, load balancer
|
|
MongoDB -> JSON-style documents stored as BSON
|
|
Azure Blob -> object storage for unstructured data
|
|
Kubernetes -> container orchestration
|
|
Git -> version control
|
|
/etc/securetty -> root login terminal restrictions
|
|
cd - -> previous working directory
|
|
```
|
|
|
|
## Score/Status Notes
|
|
|
|
Add quiz results here after completing topic quizzes.
|
|
|
|
Example format:
|
|
|
|
```
|
|
Date:
|
|
Lesson:
|
|
Quiz:
|
|
Score:
|
|
Missed:
|
|
Next action:
|
|
```
|
|
|
|
## Current Notes
|
|
|
|
```
|
|
Date:
|
|
Lesson:
|
|
Quiz:
|
|
Score:
|
|
Missed:
|
|
Next action:
|
|
```
|
|
## Project maintenance note: file update helpers
|
|
|
|
The project now includes an Emacs Lisp helper file for safe updates to
|
|
existing project files:
|
|
|
|
07-linuxplus-update-files.el
|
|
|
|
Use this when updating existing Markdown files such as `STUDY.md` and
|
|
`RECOVERY.md`.
|
|
|
|
Useful commands:
|
|
|
|
M-x linuxplus-update-help
|
|
M-x linuxplus-apply-firewall-score-update
|
|
M-x linuxplus-update-replace-section-with-region
|
|
M-x linuxplus-update-insert-region-before-heading
|
|
|
|
The update helpers create numbered `.bak.N` backup files before writing
|
|
changes. This is preferred over hand-written patch hunks for small
|
|
project documentation updates.
|