Category Archives: Tutoriale Linux
The Linux Command-Line Cheat Sheet | Linux.com
When coming up to speed as a Linux user, it helps to have a cheat sheet that can help introduce you to some of the more useful commands.
In the tables below, you’ll find sets of commands with simple explanations and usage examples that might help you or Linux users you support become more productive on the command line.
Getting familiar with your account
These commands will help new Linux users become familiar with their Linux accounts.
Read more at Network World
15 Docker Commands You Should Know | Linux.com
In this article we’ll look at 15 Docker CLI commands you should know. If you haven’t yet, check out the rest of this series on Docker concepts, the ecosystem, Dockerfiles, and keeping your images slim. In Part 6 we’ll explore data with Docker. I’ve got a series on Kubernetes in the works too, so follow me to make sure you don’t miss the fun!
There are about a billion Docker commands (give or take a billion). The Docker docs are extensive, but overwhelming when you’re just getting started. In this article I’ll highlight the key commands for running vanilla Docker.
Overview
Recall that a Docker image is made of a Dockerfile + any necessary dependencies. Also recall that a Docker container is a Docker image brought to life. To work with Docker commands, you first need to know whether you’re dealing with an image or a container.
- A Docker image either exists or it doesn’t.
- A Docker container either exists or it doesn’t.
- A Docker container that exists is either running or it isn’t.
Read more at Towards Data Science
Exploiting systemd-journald: Part 1 | Linux.com
This is part one in a multipart series (read Part 2 here) on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9th. Specifically, the vulnerabilities were:
- a user-influenced size passed to alloca(), allowing manipulation of the stack pointer (CVE-2018-16865)
- a heap-based memory out-of-bounds read, yielding memory disclosure (CVE-2018-16866)
The affected program, systemd-journald, is a system service that collects and stores logging data. The vulnerabilities discovered in this service allow for user-generated log data to manipulate memory such that they can take over systemd-journald, which runs as root. Exploitation of these vulnerabilities thus allow for privilege escalation to root on the target system.
As Qualys did not provide exploit code, we developed a proof-of-concept exploit for our own testing and verification. There are some interesting aspects that were not covered by Qualys’ initial publication, such as how to communicate with the affected service to reach the vulnerable component, and how to control the computed hash value that is actually used to corrupt memory. We thought it was worth sharing the technical details for the community.
As the first in our series on this topic, the objective of this post is to provide the reader with the ability to write a proof-of-concept capable of exploiting the service with Address Space Layout Randomization (ASLR) disabled. In the interest of not posting an unreadably-long blog, and also not handing sharp objects to script-kiddies before the community has had chance to patch, we are saving some elements for discussion in future posts in this series, including details on how to control the key computed hash value.
Read more at Capsule8
Linux Fu: Easier File Watching | Linux.com
In an earlier installment of Linux Fu, I mentioned how you can use inotifywait to efficiently watch for file system changes. The comments had a lot of alternative ways to do the same job, which is great. But there was one very easy-to-use tool that didn’t show up, so I wanted to talk about it. That tool is entr. It isn’t as versatile, but it is easy to use and covers a lot of common use cases where you want some action to occur when a file changes.
The program is dead simple. It reads a list of file names on its standard input. It will then run a command and repeat it any time the input files change. There are a handful of options we’ll talk about in a bit, but it is really that simple. For example, try this after you install entr with your package manager.
- Open two shell windows
- In one window, open your favorite editor to create an empty file named /tmp/foo and save it
- In the second window issue the command:
echo "/tmp/foo" | entr wc /tmp/foo - Back in the first window (or your GUI editor) make some changes to the file and save it while observing the second window
If you can’t find entr, you can download it from the website.
Frequently, you’ll feed the output from find or a similar command to entr.
Read more at Hackaday
Getting Started with Git: Terminology 101 | Linux.com
Version control is an important tool for anyone looking to track their changes these days. It’s especially helpful for programmers, sysadmins, and site reliability engineers (SREs) alike. The promise of recovering from mistakes to a known good state is a huge win and a touch friendlier than the previous strategy of adding .old to a copied file.
But learning Git is often oversimplified by well-meaning peers telling everyone to “get into open source.” Before you know it, someone asks for a pull request or merge request where you rebase from upstream before they can merge from your remote—and be sure to remove merge commits. Whatever well-working contribution you want to give back to an open source project feels much further from being added when you look at all these words you don’t know. …
Knowing where you are in a Git project starts with thinking of a tree. All Git projects have a root, similar to the idea of a filesystem’s root directory. All commits branch off from that root. In this way, a branch is only a pointer to a commit. By convention, master is the default name for the default branch in your root directory.
Since Git is a distributed version control system, where the same codebase is distributed to multiple locations, people often use the term “repository” as a way of talking about all copies of the same project.
Read more at OpenSource.com
