Socratic Linux

Can you list the number of CPUs?

lscpu
nproc
cat /proc/cpuinfo | grep -i proc
python3 -c "import multiprocessing as mp; print(mp.cpu_count())"

Can you tell me the speed in MHz?

dmesg | grep -i mhz
lscpu
cat /proc/cpuinfo

Can you tell me the manufacturer of the chip?

lscpu
cat /proc/cpuinfo
lshw | grep -i intel

Can you tell the architecture of this chip?

lscpu
uname -m

Can you tell me if this system is physical or virtual?

lshw -C system
dmidecode -s system-manufacturer
virt-what
lspci #look for something like QEMU
systemd-detect-virt

Can you spin up the CPU to high load for 3 minutes?

stress -c 4 --timeout 180
for i in $(seq 100); do dd if=/dev/urandom bs=1024k count=5000 | bzip2 -9 > /dev/null & done
openssl speed -multi $(nproc)

Memory Topics

Can you tell me how much RAM we have?

free -m
cat /proc/meminfo
htop
neofetch

Can you tell me how much RAM we have used?

free -m
htop

Can you tell me how much swap we have?

free -m

Can you free all of the cached memory?

echo 3 > /proc/sys/vm/drop_caches

Can you generate high memory load for 3 minutes?

stress --vm 4 --timeout 180s

Filesystem Topics

Can you show all of the used space of the / (root) partition?

df -h /
lsblk -f

Can you show all of the inodes of the / (root) partition?

df -i /

Can you show the used space of the directory you're in?

du -sh .

Can you show all processes in the directory you're in?

lsof .

Check long listing of files, do you know the permissions?

ls -ld #Directory or file

Can you create 3 hard links to a file?

Yes - ln /tmp/testfile /tmp/otherfile1

Can you hard link to a file across filesystem boudary?

No

Cat out the file that defines mount points in the system?

cat /etc/fstab
cat /etc/mtab

Speed tests of writes and reads

for i in $(seq 5); do echo "I am writing $i file"; time dd if=/dev/zero of=bigfile$i bs=4096k count=250; done
for i in $(seq 5); do echo "I am reading $i file"; time dd if=bigfile$i of=/dev/null; done

Can you show all the interfaces?

ip a
ip addr
ifconfig
ip -br a

Can you show that the interface is connected physically?

ethtool enp1s0

Can you determine default route?

ip r
route

Can you ping the default gateway 3 times?

ping -c3 172.30.1.1

Can you determine the MTU of the network with ping?

ip addr #To see MTU
ping -c1 -s 1500 -M do www.yahoo.com

Can you identify all your IPv4 and IPv6 networks? IPv4? IPv6? Both?

ip addr - IPv4 - enp1s0 docker0 - IPv6 - Calico - Both - lo flannel.1

Can you list your open ports?

netstat -ntulp
ss -ntulp
lsof -i :22

Can you prove that your DNS is working?

ping anything by name outside of network.
nslookup
host
dig

What file do we edit to change service to port number mapping?

/etc/services

Can we connect to another server and test for an open port?

telnet
nc -vz node01 22
timeout 3 nc node01 22

Can you connect to another server with ssh and show debug 3 levels?

ssh -vvv node01 'uptime'

Can we verify that nothing is blocking us to www.google.com?

curl www.google.com

Can you copy a file from this server to another and back?

scp <local file> remotenode:/<filesystem> #Send
scp remotenode:/<filesystem> <local file> #Pull

Can we capture all the packets between interfaces and put them in file?

tcpdump ip host controlplane and node01 -c 10000 -i enp1s0 -w /tmp/wireshark1.pcap

Can we test the speed between two systems?

iperf3 - One node will function as the server - iperf3 -c - The other will test speed to it - iperf3 <nameofserver>

Can we show all the hops between us and google?

traceroute www.google.com

Can you show all the TCP/IP errors on an interface over one minute?

sar -n TCP,ETCP 60
ifconfig

Can you list the Doom port?

grep -i doom /etc/services

Can you read from port 22 and see the banner information of the connection?

nc 127.0.0.1 22

Disk Topics

How do you check how many disks you have?

lsblk
lsblk -f
fdisk -l
ls -l /dev/disk/by-*
blkid

How do you check how many disk partitions you have?

lsblk
lsblk -f
fdisl -l | grep -i vd

How do you check which filesystems are on which partitions?

lsblk
lsblk -f #more information
mount
findmnt
mount | grep -iE "ext4|xfs"

Can you check for partitions that aren't even mounted for FS Types?

lsblk -f

Can you check disk I/O over time?

bwm-ng -i disk
iostat -d 1 #One second iterations forever
iostat -d 1 10 #10 one second iterations
iostat -xz #Only things that have activity
iotop #By process I/O to disk

Can you verify disk read and write speed?

for i in $(seq 5); do echo "I am writing $i file"; time dd if=/dev/zero of=bigfile$i bs=4096k count=250; done
for i in $(seq 5); do echo "I am reading $i file"; time dd if=bigfile$i of=/dev/null; done

Security Topics

What users have logged into the system in the last 24 hours?

last | more
last | tac
lastlog | grep -v Never

Can you tell what pid is listening on port 22?

ss -ntulp | grep 22
ps -ef | grep -i sshd
systemctl status sshd
lsof -i :22

Can you show how systemd started sshd?

systemctl status ssh
systemctl cat ssh
systemd-analyze critical-chain ssh.service

Can you list the kernel modules?

lsmod

Can you verify that a file has not changed in the last 3 days?

stat /etc/crontab
Hashing function? #Tripwire

Can you verify the hash of a file before and after you push it to another server?

md5sum /etc/crontab; scp /etc/crontab node01:/tmp/crontab; ssh node01 'md5sum /tmp/crontab'

Can you encrypt a file with vi?

vi -x /tmp/somefile

For any user can you determine their sudo permissions?

sudo -l -U scott

For all users can you list a count of what default shells they have?

cat /etc/passwd | awk -F: '{print $7}' | sort | uniq -c
cat /etc/passwd | awk -F: '{print $NF}' | sort | uniq -c

Can you verify an individual user's limits of open files?

ulimit -a -u scott

Where do you change user limits?

vi /etc/security/limits.conf

General System

Can you show me how the system was booted by grub?

dmesg | head
cat /proc/cmdline
journalctl

Can you tell me the running kernel version?

uname -r
dmesg -k | head
cat /proc/version
cat /proc/cmdline

Can you tell me how many older versions of the kernel are available?

ls -l /boot/vm*
apt list --installed | grep linux-image

Can you show that the ssh(d) server is running?

systemctl status ssh
ps -aux | grep ssh
ss -ntulp | grep -i ssh
lsof -i : 22
nc 127.0.0.1 22

Can you show how the SSH(d) process was started? What's the parent process?

ps faux | grep -i ssh
systemctl status ssh
pstree -s -p <pid>
ps -afg

Can you edit the file that changes which kernel the system boots to?

view /etc/grub/grub.conf

Can you tell me the version of Linux you're on?

cat /etc/*release
lsb_release -a

Can you describe the 7 fields of the /etc/passwd?

Yes
- Colon Delimeted Username : Password : UID : Primary Group GUID : Comment : Home : Default Shell

Can you show me all the unique shells in /etc/passwd

cat /etc/passwd | awk -F: '{print $7}' | sort | uniq -c

Can we set one variable that is inherited by child processes and one that is not, and then prove it?

dino=rawr #not inherited
export dino2=rawr2 #is inherited

Can you set a process to run every 5 minutes on a server?

*/5 * * * * 'echo "I love Linux" | wall'

What is the user's home directory? What is Root's home directory?

Users: /home/<username>
Root: /root

Can you show all the aliases your user has available?

alias

Can you create or remove an alias?

unalias
alias

Can you tell if the user has a password set?

grep scott /etc/shadow
chage -l scott

Can you create an alias and make it permanent?

.bashrc or /etc/profile.d

Do you know where the default user home directory files populate from?

/etc/skel

Can you set a script that automatically runs on any user login?

/etc/profile.d/

Can you check current users?

cat /etc/passwd

Do you know your primary and secondary groups?

id <username>

Bash Scripting

Can you touch a file with today's date in the filename?

touch file.date +%F``
touch file.$(date +%F%T)

Can you create 100 files named file?

for i in $(seq 100); do touch file$i; done
touch file{1..100}
count=1;while [ $count -lt 100 ]; do touch file$count; count=$((count+=1)); done

Can you show the pid of the shell you're in?

echo $$

Can you create files 1-199 skipping even numbers?

for i in seq 1 2 199; do echo "I am checking the number $i"; touch file$i; done

Can you create a variable of one data point?

var1=100

Can you loop forever watching uptime every 2 seconds

watch uptime
while true; do uptime; sleep 2; done

Can you make your system count to 100?

seq 100
seq 1 100
count=1;while [ $count -le 100 ]; do echo "$count"; count=$((count+=1)); done
for ((i=1;i<=100;i++)); do echo "I am counting $i"; done
awk '{for (i=1;i<=100;++i)print i}' <<< ""
perl -e '$count=0; while($count <= 100){print "$count\n"; $count++;}'
perl -E 'for ($i=1; $i<=100; $i++){print "$i \n";}'
perl -E 'for ($i=1; $i<=100; $i++){say $i;}'

Can you loop over lists/files?

for server in controlplane node01; do echo "I am working on server $server"; done
for server in $(cat servers); do echo "I am working on server $server"; done
while read -r server; do echo $server; done < servers

Can you connect to two servers and show uptime in a file?

cat script.sh

#!/bin/bash
####################################################
# Purpose:
# Date:
# Name:
# Revisions:
####################################################
startTime=`date`
sleep 10
endTime=`date`
echo "The start was $startTime and the end was $endTime"

Can you test a variable against a know value?

if [ $shell == "/bin/bash" ]
if [ $shell = "/bin/bash" ]

Software Packages

Can you show all the packaages that have SSL in their name?

dpkg -l | awk '{print $2}' | grep -i ssl
dpkg -l | gawk '/ssl/{print $2}'

Can you show when the system software was last modified?

cat /var/log/apt/history.log
cat /var/log/dpkg.log | grep <tool>

Can you verify that you have a software called cowsay? If not, install it?

dpkg -l | grep -i cowsay
apt install cowsay

Can we see if we have container software? Can we check for local images?

docker images
podman images

Can run a container? Can we verify it's running? Can we verify the image?

docker run -p 8080:80 -d nginx
docker ps
docker images to see images