root
/ root directory The starting directory of the system
/bin bin means binary, which stores commands that can be executed by both administrators and ordinary users (for example, ordinary users cannot execute shutdown commands)
/sbin Commands that can only be executed by administrators
/ boot The main boot directory is an independent partition /dev/sda1 with the kernel, boot menu and drive disk (very important)
/dev device equipment, device file storage directory /dev/sda, etc.
/etc configuration file storage directory
/home Ordinary users Home directory
/root Super administrator’s home directory
/media, CD-ROM (CD-ROM) mount directory (you can find it here after the CD-ROM is inserted)
/mnt mount Temporary device mount directory (U disk and other external devices)
/ proc process, process. They are not stored in the hard disk, but accessed in the memory. The data inside is in the memory, the directory where the process is located
/tmp Temporary file storage directory
/usr GNU community software default installation directory
/var The variable file storage directory File log file Mail file /var/www/html (web site root directory )

2. File types represented by the following colors in the linux system

Red compressed file
black normal file
blue directory
green executable file
light blue symbolic link (meaning a shortcut in windows)
black background yellow text device file/dev
purple image file and module file

Three, Linux system basic commands

Linux is strictly case sensitive

1. Uname -a kernel version number query

Kernel version number query 2. In 6.2 , the even number of this version number represents the stable version of the kernel, and if it is an odd number, it represents the development version of the kernel.

x86_64 indicates that the operating system is a 64-bit operating system of the x86 architecture.
i386 indicates
the difference between 32-bit operating system and 64-bit operating system: it represents the addressing number of the memory in the entire operating system.

uname -r displays the release number of the operating system (the version number of the kernel is 2.6.32)

2.6.32-696.el6.x86_64

2 means the major version number
6 means the minor version number
32 means that it has been revised 32 times
696 is also the number of revisions, revised 696 times
el6 Red Hat Enterprise Edition 6

2, fdisk -l view hard disk and partition

fdisk -l Hard disk size
/dev/sda The name and path of the first hard disk in the operating system.
In the Linux operating system, everything is a file (file name) sd (hard disk interface type) a (first block)
and so on: sdc is Third hard drive

A real hard disk is converted to a base of 1000 instead of 1024,
so that it is labeled as a 500G hard disk, but it can’t actually reach 500G.

3. cat /proc/meminfo to view memory size information

cat /proc/meminfo

4. cat /proc/cpuinfo view cpu model information

cat /proc/cpuinfo

Right-click the properties of my computer to view the cpu information of windows

5. Learn to turn off the firewall

iptables -nL View the current status of the firewall,
and select to close the setup graphical interface

iptables -nL View firewall status (view all rules of the current table, the filter table is viewed by default)

Turn off the firewall:
enter setup under the command line and a graphical interface appears

Press tab to select OK

6. Turn off the selinu service

The selinux service is also a function that restricts operating system files from being read and files being shared

Now, all the files of my operating system are equivalent to supermarket products, such as web service port 80, I will definitely share the homepage, all the products are labeled, if you want to see the content inside, it is equivalent If you want to buy it, selinux is a bit like a security agency in a supermarket. Selinux has two functions: one is alarm and the other is interception.

Remove the alarm from the supermarket and remove the security guards. In a free environment, how to turn it off?

1. Need to modify the file /etc/selinux/config

Introduce a graphical editor gedit, which is convenient for novices: input the command gedit on the screen and it will pop up

[root@Waffle ~]# gedit /etc/selinux/config

The configuration file is loaded into the memory after the system is started, and it is now effective in the memory. If you change the file, the memory is not recognized or not recognized. Restart
getenforce (check the current selinux status)

7、ls、cat、pwd 、touch、echo、mkdir、mv、cp、rm、ln

[Username of current user@hostname current working directory name]#

ls List the contents of the current directory
pwd List the current working directory The command to list the current file path in windows is cd (usually it will be displayed on the left, but it is different when you get the shell)
cat View the contents of the file
cat -n Display the line number of the file.
Touch the time stamp of creating new files and updating files.
Echo standard output echo "i love you"> file path. Redirect the output to the file.
mkdir Create a folder -p Recursively create the parent directory of the directory
mv move, cut and re When naming
cp copy to copy the directory, you need to add the option -r recursive
rm remove remove -r recursive delete -f force deletion
ln link establishment, link, -s means symbolic link
ln -s source file [absolute path] link file [Path]
Links are some files when I usually make files, I want to link them to the desktop, which is easy to find

Introduce a useful screenshot software Snipaste-1.16.2-x64
F1 screenshot, double-click to save it in the background, F3 can put the image anywhere

Four, Linux system advanced commands

[root@allen ~]#Command word space [-option] space [file or directory]

1. View the help manual of the command

Too many options how to learn: View the command's help manual
man command word
ls -a
ls -lh (high readability)

man help menu
q exit
/search keywords n downward matching keywords N upward matching keywords

Classification command word of two types
internal command: currently used command interpreter (linux is bash) comes with an internal command help command word
external command: gnu community command after the installation of third-party software with which the command word can be found (internal Command which cannot be found)

2. Small experiment★: (comprehensive use of grep, awk, uniq, and sort commands)

Modify the user password and enter as administrator: passwd user name
Open the network: click the network card icon in the lower right corner, right-click to select settings, click bridge (ip addr to view ip), and
kali also select bridge mode (vmnet0) in shell input: ssh [email protected] .105.99

Who to analyze? When did you connect with me? Look at the log /var/log/secure (intentionally output the password to check)

Check the failure record, who is filtered out by filtering method? In this period of time, how many times did I fail? To analyze this IP address malicious login IP. Writing in the firewall will no longer connect to me!

grep filter keywords (grep filters a whole line. Is there a way to filter only one word in this line? Use awk, and use uniq -c for the same merge command)
grep "Failed password" /var/log/secure | awk'{print $11}' | sort | uniq -c (sort first, then merge)
| The pipe symbol takes the output of the previous command as the processing parameter of the next command (processing after the pipe and before the pipe)
awk filter field $11 uses a space as the separator, the 11th field is output (IP is the 11th field)
sort sort
uniq statistics -c shows the number of merges

3、cat、tail、wc、du

cat -n /etc/man.config | more Realistic page view with line numbers

tail -f /var/log/secure track log changes -f=follow ctrl+c exit
tail and only look at the last 10 lines of the file

The wc -l file shows the number of file lines.
Example: Use the wc command to check how many software packages are installed in the operating system: grep "Installing" install.log | wc -l

du -sh directory name Count the amount of disk space occupied by the directory (-h improves readability, -s counts the total number)

Exercise 1:
1. Turn on the network function of your own host, and use other hosts to link your local user
tail -f to observe the log changes. Use grep awk to filter the ip address of the linked host.
2. The wc command to observe how many files are in the /boot directory in the system As long as the number
3 is output , which directory in the du statistics system occupies the most disk space

4. Compression and decompression tools

gzip
bzip2

g zip file compressed file
g unzip compressed file unzip

b zip2 file compressed file
b unzip2 compressed file unzip

tar package compression
tar -jcf /root/Desktop/1901class.tar.bz2 1901class/
-j use bzip2 compression tool to compress
-z use gzip compression tool to compress
-c create create
-f followed by the newly created file name

tar -tf /root/Desktop/19class.tar.gz
-t I want to view the contents of the file without decompressing it

tar -xf 1901class.tar.gz -C /opt
-x decompress and unpack
-C specify the decompression path

5. Find command

Find
by size: Use the find command to find a large file above 100M (+100M): (-100M means below 100M)
find / -size +100M [Where to find -size above 100M]

Find by name : I want to find the file named passwd in the system:
find / -name passwd

Find by type: find /boot -type f means file d means directory l means symbolic link

6, dd command

dd: Copy a file with a specified size block, and perform the specified conversion while copying.

dd IF = / dev / zero of = / tmp / BIGFILE bs = 1M count = 100 ( establishing a 100M of large file )
I nput F Ile input file zero to all binary 0
O utput F Ile output file
bs unit
count counter

eg: dd if=/tmp/123.txt of=/tmp/bigfile bs=1M count=10 (1M is the unit to be taken out from the 123.txt file, but this 123.txt is only 11 bytes and cannot be whole 1M out and loop 10 times) So the unit is definitely larger than the size of the previous file,
but zero is OK, /dev/zero belongs to the device file, and the 0 in zero can be expanded infinitely, so you give 1M units or 10M units.

★The destructive way of writing zero : erase data, fill the data of the entire hard disk with 0, and it turns out that no matter what data is, it is covered by 0.
dd if=/dev/zero of=/dev/sda bs=512 count=1 Clear the partition table (bs does not write the unit by default as bytes) The
above command means to extract 512 words from /dev/zero Section, these 512 bytes are all 0, the output file is the /dev/sda hard disk, the MBR partition table has four primary partitions, and these four primary partitions are recorded in the first 512 bytes of
the hard disk . This operation will Erase the first 512 bytes. Do not restart after executing this command. Once the system is restarted, it will think that the operating system you are currently working on is a system without any partition table, and it will be regarded as an empty hard disk.

Exercise 2:
1. Find out the contents of the file type directory in the /boot directory
find /boot -name -size -type f file d directory l symbolic link

Find the file named grep.conf in the /boot directory and copy it to the /tmp directory. One command completes
find /boot -name grub.conf -a -type f -exec cp'{}' /tmp \; (If you are copying the directory, write -r)
-a and two conditions are met at the same time
-exec is equivalent to the content of the pipe symbol
'{}' found by the previous command
\; the default end symbol

Do not understand this command, use man find to view

2. Create a file with a size of 10M in the /tmp directory. Move the file to the 1901 directory, and pack and compress it.

3. Unzip the compressed file to the /opt directory

5. Use vim (no mouse!)

    vim /tmp/test.txt
                     command mode
                    / \
             i / esc \ :wq
                / \
   input mode last line mode

Advanced learning

1. In the last line mode: r /etc/man.config (call r means read) to read the current file into the vim editor
2. In command mode delete the first blank line gg jump to the first line   dd delete Line where the cursor is currently
3. In the last line mode: set nu
4. Command mode 58G quickly jump to line 58    40-> Move the cursor 40 characters to the right
5. / bzip2 Search for keywords downward (left slash + key Words)
6. :50,100 s/man/MAN/g replace the lowercase man that appears in lines 50 to 100 as big MAN
7. Command mode u cancel the last operation
8. 65G jump 9yy copy the current cursor and the following total 9 lines   G Jump to the last line p paste under the current line (: 65, 73 y)
9. Last line mode: 21, 42 d Delete the content of 21-42
10. Last line mode: w /tmp/man.test save as
11 , Command mode 27G 15x delete the current cursor to the right a total of 15 characters
12, gg to the first line to enter the input mode input
13,: wq save and exit

Five, the installation process of the source code package

A source code package is a package that the source code needs to be compiled and installed by itself. Normally, this package can see the source code written when the software is written. If you need to carry out secondary development, you can directly compile it on the source code.
General situation Released in GUN community, GitHub, etc.
Features of the source code package:
1. Provided to users in the form of a compressed package
2. Open source, open source code, no charge

Install httpd 2.2.15.tar.gz :

1. Decompress first, enter the decompressed directory and then look at the INSTALL file to tell the installation method ( tar -xf httpd-2.2.15.tar.gz )

2. ./configure --prefix=/usr/local/webserver Specify the installation path to generate a makefile (C language script file)

3. Make finds the makefile to compile
4. Make install copies the compiled content to the installation directory
5 , /Usr/local/webserver/bin/apachectl start to start the apache server
6. Home page /usr/local/webserver/htdocs/index.html
<html>
<body>
< meta charset=utf-8 > Otherwise there will be encoding problems
< h1>Chinese</h1>
</body>
</html>
7. /usr/local/webserver/bin/apachectl stop Close apache
8. No uninstallation, just delete the webserver to uninstall

Job content:
1. Install the http-2.2.15 software through the source package
2. Use the compression tool tar to package and compress the /tmp/1901 directory into the /root/Desktop directory and unzip it.
3. Use the vim editor/tmp/test.txt file to write 50 lines in the file. Fei Ge
is so handsome

[CyberSecurityLearning 37] Network security commonly used Linux system commands and the installation process of source code packages

1. The role of the following directories in the Linux system