• sudo visudo to edit /etc/sudoers (sudo config) to ensure correct syntax and no multiple users editting at once.
• /etc/sudoers.d for addtional config files, these are read in alphabetical order, and can be editted with text editor directly.
• Add Defaults passwd_tries=3 to limit to 3 password attempts.
• Add Defaults log_input log_out to record.
• In /etc/rsyslog.d, add a file sudo.conf with auth,authpriv.* /var/log/sudo/sudo.log.
• Add Defaults logfile="/var/log/sudo/sudo.log"
• To restart, sudo systemctl restart rsyslog.
• Defaults requiretty to force tty mode.

• vim /etc/login.defs

• PASS_MAX_DAYS 30 -> force user to change password every 30 days

• PASS_MIN_DAYS 2

• PASS_WARN_AGE 7

• These won't apply to existing users; do it manually for them: sudo chage -M 30 <user> sudo chage -m 2 <user> sudo chage -W 7 <user>

• Verify with sudo chage -l <user>

• /etc/security/pwquality.conf

• sudo addgroup <group> to add user group.
• getent group <group> to check the group.
• groups <user> to check which groups a user belong to.
• sudo adduser <user> to add a user. sudo userdel -r <user> to delete a user and all associated files (-r).
• sudo usermod -aG <group> <user> add user to a group. Same as sudo adduser <user> <group>.

• get ip ip a.
• Network, use bridged adapter/eno2, on host machine sh -p4242 dlu@10.15.248.42 (guest ip).

• #Architecture: uname -a.
• #CPU physical: lscpu | grep "Socket(s)" | awk -F': *' '{print $2}'.
• #vCPU: nproc --all
• #Memory Usage: $(free -m | awk '/^Mem:/ {print $3}')/$(free -m | awk '/^Mem:/ {print $2}')MB. free | awk '$1 == "Mem:" {printf("%.2f%%\n"), $3/$2 * 100}'
• #Disk Usage:

They are both package managers for Debian-based Linux system, with minor differences, such that aptitude has text-based interface while apt has a command-line interface. Essentially, aptitude is a more complex version that is build on apt and is suitable for more advanced system administrators for more complex tasks.

SELinux is Security-Enhanced Linux, a security framework for Linux system that provides a mandatory access control (MAC) mechanism to restrict and control access to system resources.

AppArmor is a security framework for Linux; it is a mandatory access control system that works alongside traditional discretionary access control mechanisms like file permissions. It allows admin to enfore detailed security policies for individual programs, it can specifiy what system resources (files, directories, sockets, etc.) a process can access and what operations it can perform.

Cron is a time-based job scheduler. It allows users to schedule and automate the execution of recurring tasks or commands at specified intervals.

• sudo vgrename <oldname> LVMGroup.
• sudo swappoff /dev/LVMGroup-swap_1 to deactivate it, sudo lvrename LVMGroup swap_1 swap to rename. Update /etc/fstab with new name; then sudo swapon /dev/LVMGroup/swap.

• dpkg -l | grep <name> to check a program is installed.
• sudo ufw status numbered to get rules with numbers. sudo ufw allow <port> to add rules to allow that port connection. sudo ufw delete <number> to delete rules.
• sudo crontab -e to edit the cron tabs. sudo systemctl disable cron will stop cron from running at startup.
• lsblk to view partitions.
• http://10.15.248.42:80 for lighttpd webserver.
• mysql -u admin -p, dlu42; show databases for mariaDB. For wordpress, dlu or dlu@student.42berlin.de.
• Additional service: fail2ban, as a security measure for SSH against brute force attacks. sudo fail2ban-client status.