Navigating the System

Basic Commands

In this, we’ll learn about:

• Windows
  • GUI (Graphical User Interface)
  • CLI (Command Line Interface)
• Linux
  • Command
  • Shell

  The CLI interpreter on Linux is called a shell, and the language that we’ll use to interact with this shell is called Bash.

List Directories in a GUI

• On Windows, filesystems are assigned to drive letters, which look like C:, or D:, or X:.
• The parent/root directory of C: would be written **C:*, and the root directory of X: would be written **X:*.
• Subdirectories are separated by ****.

Windows List Directories in CLI

• To list contents of C drive

  ls C:\
  

• To get help for specific command

  Get-Help <command name>
  

  • In case of, ls command,

  Get-Help ls
  

  • To get more detailed help

  Get-Help ls-full
  

• To see hidden files in a directory

  ls -Force C:\
  

Linux: List Directories

• To list the contents of root directory

  ls /
  

  • /bin: essential binaries for program
  • /etc: system configuration file
  • /home: Where user files and configs live
  • /proc: Contain information of currently running processes
  • /usr: Meant for user installed software
  • /var: Stores system logs and anything that constantly changing

• ls command has very useful flags too.

• To see available flags for ls

  ls --help
  

• man shows the manual pages.

  man <command>
  

• To see hidden files, and long listing

  ls -al
  

• You can hide a file by prepending a . in the start of the filename.

Flags

Similar to Windows command parameters, a flag is a way to specify additional options for a command.

Windows: Changing Directories in a GUI

Absolute path

An absolute path is one that starts from the main directory.

Relative path

A Relative path is the path from your current directory.

Windows: Changing Directories in the CLI

• To know where you are in the folder

  pwd
  

• To change the directory you’re in

  cd <path\to\the\directory>
  

• To go one level up

  cd ..
  

• Get to the $HOME directory

  cd ~
  

Windows: Making Directories in the & CLI

• To make a new directory

  mkdir <directory name>
  

• To make a directory with spaces in its name

  mkdir 'directory name'
  mkdir directory` name
  

Linux: Making Directories in Bash

• To make a directory with spaces in its name

  mkdir directory\ name
  mkdir 'directory name'
  

Windows: Command History

• To see the history of previous commands

  history
  

• To reverse-search through history, shortcut is <ctrl+r>

• To clean PowerShell palette

  clear
  

Windows: Copying Files & Directories

• To copy a file

  cp <Path\to\the\file\to\be\copied> <Path\to\the\directory\of\copying> 
  

  • To copy multiple file at once, Wildcard is used

    cp *.<common pattern> <path\to\where\copied>
    

• To copy a directory and its content

  cp <directory name> <Path\to\where\copied> -Recurse -Verbose
  

Wildcard

A character that’s used to help select files based on a certain pattern.

Linux: Copying Files & Directories

• To copy a directory

  cp <Directory/to/be/copied> <Path/where/to/be/copied>
  

File and Text Manipulation

Windows: Display File Contents

• To view the file contents

  cat <File Name>
  

• To view the file contents, one page at a time

  more <File Name>
  

• To see only part of the file contents

  cat <File Name> -Head <Number of Lines>
  

• To see only part of the file contents from the tail

  cat <File Name> -Tail <Number of Lines>
  

Linux: Display File Contents

• To see file’s contents, interactively

  less <File Name>
  

• more has been abandoned in favor of more useful less command on Linux.

• To see only part of a file’s contents, head is used, which by default only shows first 10 lines

  head <File Name>
  

• To see only part of file’s contents, tail is used, which by default only shows last 10 lines

  tail <File Name>
  

Windows: Modifying Text Files

• To modify file’s contents from a CLI

  start notepad++ <File Name>
  

Windows PowerShell

• PowerShell is a powerful and complex command line language.

• To list directories, the real PowerShell command is can be found by:

  Get-Alias ls
  

so, to list directories

Get-ChildItem <path\to\directory>

• Some old but not powerful as PowerShell, cmd.exe commands are

  

Windows: Searching within Files

• In GUI, Indexing Options applications are used.

• In command-line, search is done as:

  Select-String <Search String> <path\to\the\file>
  

• To search in multiple files at once

  Select-String <Search String> *.<file extension name>
  

Windows: Searching within Directories

• -Filter parameter is used with ls so search for particular files in a directory.

  • The -Filter parameter will filter the results for file names that match a pattern.

  ls <path\to\the\file> -Recurse -Filter *.exe
  

  • The asterisk means match anything, and the .exe is the file extension for executable files in Windows.

Linux: Searching within Files

• To search in files

  grep <Search String> <path/to/the/file>
  

• To search through multiple files at once

  grep <Search String> *.txt
  

Windows: Input, Output, and the Pipeline

echo hello_word > hello.py

• The echo is an alias for PowerShell command Write-Output.

• Every Windows process and every PowerShell command can take input and can produce output. To do this, we use something called I/O streams or input output streams.

• I/O streams are

  • stdin
  • stdout
  • stderr

• The symbol > is something we call a Redirector operator that let us change where we want our stdout to go.

• The symbol » is used to not create a new file, just append the stdout

  echo 'Hello Planet' >> hello.py
  

• | Pipe operator is used to redirect the stdout of one command to stdin of another command.

  cat hello.py | Select-String planet
  

• To put new stdout to a new file.

  cat hello.py | Select-String pla > planet.txt
  

• If we don’t want to see error in CLI, to get them in a file

  rm secure_file 2> error.txt
  

  • All the output streams are numbered, 1 is for stdout and 2 for stderr

• If we don’t care about error messages and don’t want to save them in a file, we can redirect them to a null variable (a black hole for stderr)

  rm secure_file 2> $null
  

Linux: Input, Output, and the Pipeline

• On Linux, stdin operator can be used via symbol <.

  cat < SomeFile.py
  

  • Here we are using < operator for file input instead of keyboard input.

• To redirect error message to a file

  ls /dir/fake_dir 2> error_output.txt
  

• To filter out error message completely without saving

  ls /dir/fake_dir 2> /dev/null
  

Windows and Linux Advanced Navigation

• For more advance navigation, regex is used.

Regular expression (Regex)

Used to help you do advance pattern-based selections.

Users and Permissions

Users and Groups

User, Administrators, and Groups

• Two different types of users
  • Standard user
  • Admin
• Users are put into different groups, according to level of permissions and ability to do certain tasks.

1) Standard user

One who is given access to a machine but has restricted access to do things like install software or change certain settings.

2) Administrator (Admin)

A user that has complete control over a machine.

Windows: View User and Group Information

• To view user and groups information, Computer management application is used.
  • In an Enterprise environment, you can manage multiple machines in something called a domain.
• You can manage admin tasks while being logged in as a normal user. This is done through User Access Control (UAC) prompt.

Windows domain

A network of computers, users, files, etc. that are added to a central database.

User Access Control (UAC)

A feature on Windows that prevents unauthorized changes to a system.

Windows: View User and Group Information using CLI

• To check all users on the system and either admin access enabled or not.

  Get-LocalUser

• To get all the groups present on a local machine

  Get-LocalGroup

• To check members of an individual group

  Get-LocalGroupMember Administrator

Linux: Users, Superuser and Beyond

• To see all groups, who are their members

  cat /etc/group

  • It shows information something like this

  sudo:x:27:user1, user2, user3
  

  • First field is a group name
  • 2nd is password but redacted
  • 3rd is a group id
  • 4th is a list of users in a group
    • To view all users on a machine

cat /etc/passwd

• Most of these accounts are system processes running the computer.

Windows: Passwords

• An admin shouldn’t know the password of the user using it.

• But as an admin to manage users passwords, computer management application is used.

• To change user’s password from CLI

  net user <username> <password>

• To interactively change the password

  net user <username> *

• To force user itself to change its password on next logon

  net user <username> /logonpasswordchg:yes

Linux: Passwords

• To change a password on Linux

  sudo passwd <username>

• To force a user to change his/her password

  sudo passwd -e <username>

Windows: Adding and Removing Users

• To add users

  net user <username> * /add

• To add a new user and forcing him/her to change its password on new logon

  net user <username> password /add /logonpasswordchg:yes

• To remove a local user

  net user <username> /del

  OR

  Remove-LocalUser <username>

Linux: Adding and Removing Users

• To add a user

  sudo useradd <username>

• To remove a user

  sudo userdel <username>

Permissions

Windows: File Permissions

On Windows, files and directory permissions assigned using Access Control Lists or ACLs. Specifically, we’re going to be working with Discretionary Access Control Lists or DACLs.

• Windows files and folders can also have System Access Control Lists or SACLs assigned to them.

  • SACLs are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder.

• Windows allow certain permissions to be set for files and folders.

  • Read

  The Read permission lets you see that a file exists, and allow you to read its contents. It also lets you read the files and directories in a directory.

  • Read & Execute

  The Read & Execute permission lets you read files, and if the file is an executable, you can run the file. Read & Execute includes Read, so if you select Read & Execute, Read will be automatically selected.

  • List folder contents

  List folder contents is an alias for Read & Execute on a directory. Checking one will check the other. It means that you can read and execute files in that directory.

  • Write

  The Write permission lets you make changes to a file. It might be surprising to you, but you can have write access to a file without having read permission to that file!

  • The Write permission also lets you create subdirectories, and write to files in the directory.
  • Modify

  The Modify permission is an umbrella permission that includes read, execute, and write.

  • Full control

  A user or group with full control can do anything they want to the file! It includes all the permissions to Modify, and adds the ability to take ownership of a file and change its ALCs

• To view file permissions in a CLI, Improved change ACLs command icacls is used

  • To view more options and their explanation

  icacls /? #icacls is a old dos command

  icacls <filepath>

Linux: File Permissions

• There are three different permissions you can have on Linux

  • Read – This allows someone to read the contents of a file or folder.
  • Write – This allows someone to write information to a file or folder.
  • Execute – This allows someone to execute a program.

• To see file permissions

  ls -l <filepath>

Windows: Modifying Permissions

• To modify permissions

  icacls <filepath> /grant 'Everyone:(OI)(CI)(R)'

• Everyone gives permissions to literally everyone of the computer including guest users, to avoid this

  icacls <filepath> /grant 'Authenticated Users:(OI)(CI)(R)'

• To remove permissions to everyone group

  icacls <filepath> /remove Everyone

• To see the given permissions

  icacls <filepath>

Guest users

This is a special type of user that’s allowed to use the computer without a password. Guest users are disabled by default. You might enable them in very specific situations.

Linux: Modifying Permissions

• The permissions are changed by chmod command

  • The owner, which is denoted by a “u”

  • The group the file belongs to, which is denoted a “g”

  • Or other users, which is denoted by an “o”

• To change execute permission

  chmod u+x <filepath>

  chmod u-x <filepath>

• To add/remove multiple permissions to file

  chmod u+rx <filepath>

• To change permissions for owner, the group, and others

  chmod ugo+r <filepath>

• This format of changing permissions is called symbolic format.

• Other method is changing permissions numerically, which is faster.

• The numerical equivalent of rwx is:

  • 4 for read or r
  • 2 for write or w
  • 1 for execute or x

• To change permissions numerically

  chmod 745 <filepath>

  • 1st is for user
  • 2nd is for group
  • 3rd is for other

• To change ownership of a file

  sudo chown <username> <filepath>

• To change group of a file

  sudo chgrp <username> <filepath>

Windows: Special Permissions

• The permissions we looked so far are called simple permissions.

Simple Permissions

Simple permissions are actually sets of special, or specific permissions.

• When you set the Read permission on a file, you’re actually setting multiple special permissions.

• To see special permissions, icacls command is used

  icacls <filepath>

Linux: SetUID, SetGID, Sticky Bit

• SetUID is a special permission, use to allow a file to be run as the owner of the file.

• To apply SetUID

  sudo chmod u+s <filepath>

• The numerical value for SetUID is 4

  sudo chmod 4755 <filepath>

• SetGID is a special permission which allow a user to run a particular file in a group member though the user isn’t part of that group.

  sudo chmod g+s <filepath>

• The numerical value for SetGID is 2.

  sudo chmod 2755 <filepath>

• Sticky Bit is a special permission, use to allow anyone to write to a file or folder but can’t delete it.

  sudo chmod +t <filepath>

• The numerical value for Sticky bit is 1.

  sudo chmod 1755 <filepath>

Package and Software Management

Software Distribution

Windows: Software Packages

• On Windows, software is usually packaged in a .exe executable file.
• Software is packaged according to Microsoft Portable Executable or PE format.
• Executable not only include install instructions but also things like text or computer code, images that the program might use, and potentially something called an MSI file.
• For precise granular control over installation, you can use executable with a custom installer packaged in something like setup.exe.
• On the other hand, .msi installer along with Windows installer program has some strict guidelines to be followed.
• Windows store uses a package format called APPX.
• To install an executable from CLI, type its name.

Executable file (.exe)

Contain instructions for a computer to execute when they’re run.

Microsoft install package (.msi)

Used to guide a program called the Windows Installer in the installation, maintenance, and removal of programs on the Windows operating system.

Linux: Software Packages

• Fedora use Red-Hat package manager package or (.RPM).

• Debian uses .deb file.

• To install a standalone .deb package

  sudo dpkg -i abc.deb

• To remove package on Debian

  sudo dpkg -r abc.deb

• To list .deb Packages

  dpkg -l

Mobile App Packages

• Software is distributed as Mobile Applications or Apps.
• Mobile phones use App stores for software installation
• Enterprise App management allows companies to distribute their custom apps internally.
  • Enterprise Apps are managed through Mobile Device Management or (MDM) service.
• Another way to install apps is through side-loading
• Apps stored their files to storage assigned to them called cache.
  • Clearing the cache will remove all changes to the settings, and sign out of any accounts that the app was signed-into.
  • Clearing the cache might not be the first step in application troubleshooting, but it is handy in desperate times.

App Stores

A central, managed marketplace for app developers to publish and sell mobile apps.

Side-loading

Where you install mobile apps directly, without using an app store.

• Mobile apps are standalone software packages, so they contain all their dependencies.

• To compress files from CLI

  Compress-Archive -Path <filepath: files to be compressed> <filepath: Where to save compressed file>

Windows: Archives

• 7-zip is a popular Windows tools for archives management.

Archive

Comprised of one or more files that’s compressed into a single file.

• Popular archive types are .tar, .zip, .rar.

Package archives

The core or source software files that are compressed into one file.

Linux: Archives

• p7zip is the Linux version of 7-zip.

  • To extract a file, use the command 7z and the flag e for extract and then the file you want to extract.

  7z e <filepath>

Windows: Package Dependencies

• A game might depend on rendering library for graphic and physics engine for correct movements.
• On Windows, these shared libraries are called Dynamic Link Libraries or DLL.
  • A useful feature of DLL is, one DLL can be used by ‘many’ different programs.
• In the past, when one DLL gets updated, some programs dependent on it, would become unusable, as they didn’t know how to update the DLL for next version number.
• On modern systems, more shared libraries and resources on Windows are managed by something called side-by-side assemblies or SxS
  • Most of these shared libraries are stored in C:\Windows\WinSxS
  • If an application needs to use a shared library, this is declared in a file called manifest.
  • SxS stores multiple versions of DLLs, so programs dependent on them remain functioning.
  • Using a cmdlet Find-Package, can locate software, along with its dependencies, right from the command line.

Having Dependencies

Counting on other pieces of software to make an application work, since one bit of code depends on another, in order to work.

Library

A way to package a bunch of useful code that someone else wrote.

cmdlet

A name given to Windows PowerShell commands

Linux: Package Dependencies

• dpkg on Debian and Debian-based Linux systems doesn’t handle dependencies automatically
• So, package managers come to your rescue for automatic dependency resolution.

Package managers

Come with the works to make package installation and removal easier, including installing package dependencies.

Package Managers

Windows: Package Manager

“Makes sure that the process of software installation, removal, update, and dependency management is as easy and automatic as possible.”

• Chocolatey is a third party package manager for Windows.

• NuGet is another third party package manager for Windows.

  • Based on Windows PowerShell
  • Configuration management tools like SCCM & puppet integrate with Chocolatey.

• To add Chocolatey as a package source

  Register-PackageSource -Name chocolatey -ProvideName Chocolatey -Location https://chocolatey.org/api/v2

  To verify package source

  Get-PackageSource

  To find a package

  Find-Package sysinternals -IncludeDependencies

  To actually install this package

  Install-Package -Name sysinternals

  To verify installation

  Get-Package -name sysinternals

  To uninstall a package

  Uninstall-Package -Name sysinternals

Linux: Package Manager Apt

• apt or Advanced Package Tool
• Ubuntu and Ubuntu based distros use apt.
• APT comes with default distro software repo linked.
• To add other repos, we add them through /etc/apt/sources.list
• Ubuntu and based-distros have additional repos in the form of PPAs
  • PPAs are not as vetted by distros, so use them careful, or you might get infected, or break your installation with defected programs.

Personal Package Archive (PPA)

A Personal Package Archive or PPA is a software repo for uploading source packages to be built and published as an Advanced Packaging Tool (APT) repo by Launchpad.

What’s happening in the background?

Windows: Underneath the Hood

• When click an .exe to install, next step depends on the developer, how he, setups the installation instructions for his/her program.
• If an EXE contains code for a custom installation that doesn’t use the Windows installer system, then the details of what happens under the hood will be mostly unclear. As the most Windows’ software are closed source packages.
• So, you can’t really see what instructions are given, but tools like Process Monitoring provided by Microsoft CIS internal toolkit.
  • It will show any activity the installation executable is taking, like the files it writes and any process activity it performs.
• In case of MSI files, though code is closed source, but developers need to stick to strict guidelines.
  • Orca tool lets you examine, create and edit MSI files, it’s part of Windows SDK.

Linux: Underneath the Hood

• Installations are clearer than Windows due to open nature of the OS
• Software usually consists of setup script, actual app files and README.
• Most devices you’ve got on your computer will be groped together according to some broad categories by Windows.
• This grouping typically happens automatically when you plug in a new device, Plug&Play or PnP system.
• When a new device plugs-in, Windows asks for its hardware ID.
• When it gets the right hardware ID, it searches for its drivers in some known locations, starting with a local list of well-known drivers. Then goes on to Windows Update or the driver store.
• Other times devices comes with custom drivers.

Device Software Management

Windows: Devices and Drivers

• Device Manager console is used in GUI, for devices and drivers management.
• You can open it by searching devmgmt.msc from the search console, or right-click on This PC and click Device Manager.

Driver

Used to help our hardware devices interact with our OS.

Linux: Devices and Drivers

• On Linux, everything is considered a file, even the hardware devices.
• When a new device is connected, a file is created in the /dev/ directory.
• There are lots of devices in /dev/ directory, but not all of them are physical devices.
• The more common one in there are character devices and block devices.
• As in long ls listing - in the front represents file, and d represents directory, in /dev/, c shows block devices, and b represents block devices.
• Device drivers on Linux are easy at the same time difficult to install.
  • Linux kernel is monolithic software, that contains drivers for popular devices as well.
  • The devices that don’t have driver backed in the kernel, will have drivers in the form of kernel modules.

Character Devices

Like a keyboard or a mouse, transmit data character by character.

Block Devices

Like USB drives, hard drives and CDROMs, transfer blocks of data; a data block is just a unit of data storage.

Pseudo Devices

Device nodes on Unix-like OSs, that don’t necessarily have to correspond to physical devices. I.e. /dev/null, /dev/zero, /dev/full etc.

Windows: Operating System Updates

• When your OS vendor discovers a security hole in a system, they prepare a security patch.
• As an IT specialist, it’s important to keep your system up-to-date with security and other patches, though feature updates can be delayed for reasons.
• The Windows Update Client service runs in the background and download and install security patches and updates.

Security Patch

Software that’s meant to fix up a security hole.

Linux: Operating System Updates

• For Ubuntu based distros

  sudo apt update && sudo apt upgrade

• To be on the latest security patches, you need to run and update newer kernels.

  To see your kernel version

  uname -r

  -r is a flag, to know kernel release, to know kernel version you have.

Filesystems

Filesystem Types

Review of Filesystems

• FAT32 reading and writing data to Windows, Linux, and macOS

  • Shortcomings are, max file size supported is 4 GB
  • Max file system 32 GB

  

  

Disk Anatomy

• A storage device can be divided into partitions
• You can dual-boot Windows and Linux, with disk partitions dedicated for each.
• Other component is Partition table

  • Two main Partition tables are used

    • Master Boot Record (MBR)

    

    • GUID Partition Table (GPT)

    

  • For new booting standard UEFI, you need GPT table.

Partition

The piece of a disk that you can manage.

Partition Table

Tells the OS how the disk is partitioned.

Windows: Partitioning and Formatting a Filesystem

• Windows ships with a great tool, Disk Management Utility.
• To manage disks from CLI, a tool called Diskpart is used.

Diskpart

Typing Diskpart in the CLI, will open an interactive shell.

Next, type list disk to list out all the storage devices on your computer

Then to select a disk:

select disk <Disk ID>

After to wipe all volumes and files from the disk, type clean in the interactive shell.

To create blank partition in a disk

create partition primary

Then, to select the newly created partition

select partition 1

To mark it as active, simply type active.

To format the disk with filesystem:

format FS=NTFS label=<Label the Disk> quick

Cluster

Cluster (allocation unit size) is the minimum amount of space a file can take up in a volume or drive.

Cluster size

Cluster size is the smallest division of storage possible in a drive. Cluster size is important because a file will take up the entire size of the cluster, regardless of how much space it actually requires in the cluster.

• For example, if the cluster size is 4kb (the default size for many formats and sizes) and the file you’re trying to store is 4.1kb, that file will take up 2 clusters. This means that the drive has effectively lost 3.9 Kb of space for use on a single file.

  

Volume

A single accessible storage area with a single file system; this can be across a single disk or multiple.

Partition

A logical division of a hard disk that can create unique spaces on a single drive. Generally used for allowing multiple operating systems.

Windows: Mounting and Unmounting a Filesystem

• When you plug a USB drive, it shows up in the list of your devices, and you can start using it right away.
• When done using, safely eject it.

Mounting

Making something accessible to the computer, like filesystem or a hard disk.

Linux: Disk Partitioning and Formatting a Filesystem

• There are different disk partitioning CLI tools
  • parted Can be used in both interactive and in command line.

Parted

To list the devices

sudo parted -l

To run parted in interactive mode on some disk

sudo parted /dev/sdX

You can use help to see different commands used in the interactive mode.

To format the partition with filesystem using mkfs

sudo mkfs -t ext4 /dev/sdXx

Linux: Mounting and Unmounting a Filesystem

To mount the previously formatted disk

sudo mount /dev/sdXx /my_disk/

To unmount the disk

sudo umount /dev/sdXx

File System table (fstab)

To permanently mount a disk, we need to make changes in a fstab file.

The fstab configuration table consists of six columns containing the following parameters:

• Device name or UUID (Universally Unique ID)
• Mount Point: Location for mounting the device
• Filesystem Type
• Options : list of mounting options in use, delimited by commas.
• Backup operation of dump – this is an outdated method for making device or partition backups and command dumps. It should not be used. In the past, this column contained a binary code that signified:
  • 0 = turns off backups
  • 1 = turns on backups
• Filesystem check (fsck) order or Pass – The order in which the mounted device should be checked by the fsck utility:
  • 0 = fsck should not run a check on the filesystem
  • 1 = mounted device is the root file system and should be checked by the fsck command first.
  • 2 = mounted device is a disk partition, which should be checked by fsck command after the root file system.

Example of an fstab table:

To get a UUID of a disk

sudo blkid

Windows: Swap

• Windows use Memory Manager to handle virtual memory.
• On Windows, pages saved to disk are stored in a special hidden file on the root partition of a volume called pagefile.sys
• Windows provides the way to modify size, number, and location of paging files through a control panel applet called System Properties.

Virtual memory

How our OS provides the physical memory available in our computer (like RAM) to the applications that run on the computer.

Linux: Swap

• You can make swap, with tools like fdisk, parted, gparted etc.
• To make it auto-mount on system start, add its entry in the fstab file.

Swap space

On Linux, the dedicated area of the hard drive used for virtual memory.

Windows: Files

• NTFS uses Master File Table or MFT to represent the files.

• Every file on the system has at least one entry on the MFT

• Shortcut is an MFT entry which takes us to the specific location of a file, which it is a shortcut of.

• Other methods to link to files are:

  • Symbolic Links: OS treats Symbolic links just like the files themselves

  To create a symbolic link:

  mklink <Symlink Name> <Original File Name> 

  • Hard Links: When you create a hard link in NTFS, an entry is added to the MFT that points to the linked file record number, not the name of the file. This means the file name of the target can change, and the hard link will still point to it.

  To create a hard link:

  mklink /H <Hard link Name> <Original File Name>

  

File metadata

All the data, other than the file contents.

Master File Table (MFT)

The NTFS file system contains a file called the master file table or MFT, There is at least one entry in the MFT for every file on an NTFS file system volume, including the MFT itself.

• All information about a file, including its size, time and date stamps, permissions, and data content, is stored either in the MFT table, or in space outside the MFT that describe by MFT entries.
• As files are added to an NTFS file system volume, more entries are added to the MFT and the MFT increases in size. When files are deleted from an NTFS file system volume, their MFT entries are marked as free and may be reused.

Linux: Files

• In Linux, metadata and files organize into a structure called an inode.

• Inode doesn’t store filename and the file data.

• We store inodes in an inode table, and they help us manage the files on our file system.

• Shortcut on Linux, referred to as Softlink.

  

  To create a soft link:

  ln -s <File Name> <Softlink Name>

  To create a hard link:

  ln <File Name> <Hardlink Name>

• If you move a file, all the Softlinks, will be broken

Windows: Disk Usage

• To check disk usage, open up, computer management utility.

• Disk cleanup is done through CleanManager.exe, to clear out, cache, log file, temporary files, and old file etc.

• Another disk health feature is Defragmentation.

  • This beneficial for spinning hard drives, and less of important for SSDs.
  • Defragmentation in spinning drives is handled by task schedulers on Windows automatically, and you don’t need to worry about manual intervention most of the time.
  • To start manual defragmentation, start Disk defragmenter tool.

• For Solid state drives, the system can use the Trim feature to reclaim unused space.

• For CLI, disk cleanup du tool is used

  

Defragmentation

The idea behind disk defragmentation is to take all the files stored on a given disk, and reorganize them into neighboring locations.

Linux: Disk Usage

To see disk usage:

du -h

du List file sizes of current directory if no option is specified.

To see free disk space:

df -h

• Linux generally does a good job of avoiding fragmentation, more than Windows.

Windows: File-system Repair

• Ejecting a USB drive is necessary, as the file copying/moving might still be running in the background, even after successful copy/move prompt.

• When we read or write something to a drive, we actually put it into a buffer, or cache, first.

• If you don’t give enough time for data to be moved away from buffer, you may experience a Data corruption.

• Power outage, system failure, or some bug in the OS or the program, can also cause data corruption.

• NTFS has some advanced feature in the form of Data journaling, which avoid data corruption or even attempts data recovery in case of failure.

• Minor errors and data corruptions are self healed by NTFS.

  To check self-heal status:

  fsutill repair query C:

  In case of catastrophic failure, run chkdsk tool in PowerShell as an admin, by default it will run in read-only mode. So it will only report the error, and not fix it.

  chkdsk

  To fix the errors

  chkdsk /F <Drive Path>

  Most of the time, you won’t need to run chkdsk manually, and OS will handle it for you running it, and then fixing the errors, by looking the at the NTFS Journaling log.

Data buffer

A region of RAM that’s used to temporarily store data while it’s being moved around.

Linux: File-system Repair

Run fsck on unmounted drive, otherwise it will damage it.

sudo fsck /dev/sdX

On some systems, fsck runs automatically on boot.

Operating Systems in Practice

Remote Access

Remote Connection and SSH

• The most popular SSH client on Linux is **OpenSSH program.
• The most popular SSH program on Windows is PuTTY.
• Another way to connect to a remote machine is VPN.
• On Linux, GUI remote connection can be established through programs like RealVNC.
• On MAC, remote GUI connections are possible via Microsoft RDP on Mac.

Remote Connection

Allows us to manage multiple machines from anywhere in the world.

Secure shell (SSH)

A protocol implemented by other programs to securely access one computer from another.

• We can authenticate via password in SSH.
• But more secure way is the use of SSH keys. An SSH key is a pair of two keys:
  • Private
  • Public

Virtual private network (VPN)

Allows you to connect to a private network, like your work network, over the Internet.

Remote Connections on Windows

• Microsoft has built Remote Desktop Protocol or RDP for GUI remote connections.
  • A client named Microsoft Terminal Services Client or mtsc.exe is used for remote RDP connections.

PuTTY

A free, open source software that you can use to make remote connections through several network protocols, including SSH.

To connect via PuTTY in a CLI:

putty.exe -ssh username@ip_address <Port Number> # Port number is 22 by default for SSH connections

To enable remote connection on a pc go-to:

MY PC > Properties > Remote Settings

Remote Connection File Transfer

Secure copy (SCP)

A command you can use on Linux to copy files between computers on a network.

To copy file from local computer to remote:

scp <filepath> username@ip_address:location

Remote Connection File Transfer on Windows

• PuTTY comes with PuTTY Secure Copy Client or pscp.exe.

  pscp.exe <filepath> username@ip_address:location

• To transfer files via PuTTY is a little time-consuming, so Windows came up with the concept of ShareFolders.

  To share folders via CLI:

  net share <ShareName>=<drive>:<DirectoryPath> /grant:everyone,full
  

  To list currently shared folders on your computer:

  net share
  

Virtualization

Virtual Machines

• To manage virtual instances, we can use FOSS program Virtual Box.

Virtual Instance

A single virtual machine.

Logging

System Monitoring

Log

A log is a system diary of events happening on the system.

Logging

The act of creating log events.

The Windows Event Viewer

It stores all the events happening on a Windows computer.

Linux logs

• The logs on Linux are stored in /var/log directory.
• One log file that pretty much everything on the system is /var/log/syslog
• The utility logrotate is used for log cleanup by the system.
• Centralized logging is used for parsing multiple systems log files in a single place.

Working with Logs

The logs are written in a very standard way, so we don’t need to go through each and every bit of them to troubleshoot problems, all you need to do is look for specific things.

• Logs can be searched with keywords like, error.
• Name of the troublesome program.
• The troubleshooting technique is viewing logs in the real time, to find the out the specific errors causing the program to fail.

To see real-time logs on Linux:

tail -f /var/log/syslog

Operating System Deployment

Imaging Software

• It is extremely cumbersome to install OSs on new machines via USB drive formatted with OS.
• In IT world, tools are used to format a machine with an image of another machine, which includes everything, from the OS to the settings.

Operating Systems Deployment Methods

• Disk cloning tools are used to obtain an image of a computer OS and settings. Some tools are:

  • Clonezilla (FOSS)
  • Symantec Ghost (Commercial)

• Different disk cloning tools offer different methods to clone systems

  • Disk-to-disk cloning

  Let’s use Linux CLI tool dd to copy files from a disk to make a clone.

  To copy from a USB drive, first unmount it:

  sudo umount /dev/sdX

  Then run dd:

  sudo dd if=/dev/sdX of=~/Desktop/my_usb_image.img bs=100M

Mobile Device Resetting and Imaging

• Factory resetting a device clean all user data and apps, and return the device to its original factory condition.
  • Watch out for expansion storage, like SD cards, as factory reset may format them too.
  • You will require primary account credentials to factory reset, this prevents misuse of stolen devices.
    • Re-flash a factory software can be done through computer.

OS Process Management

Life of a process

Program vs. Process Revisited

Programs

The applications that we can run, like the Chrome web browser.

Processes

Programs that are running.

• When you open a program, a process is started, and it gets the process ID or PID.
• Background or Daemon Processes are those who are always running in the background.

Windows: Process Creation and Termination

• When Windows boots up or starts, the first non-kernel user mode that starts is the Session Manager Subsystem or smss.exe.

  • It kicks start some processes before login
  • Then smss.exe starts winlogon.exe along with client/server runtime subsystem or csrss.exe, which handles GUI and CLI.
  • Unlike Linux, Windows’ processes can run own their own in their respective Environment created by smss.exe independent of their parent process.

• To terminate a process from CLI, taskkill utility is used, which can find and halt a process.

  • taskkill Uses PID to identify the process running.

  To kill notepad with taskkill from CLI:

  taskkill /pid 5856
  

  To forcefully kill a rogue process:

  taskkill /F /PID <PID>
  

Linux: Process Creation and Termination

• On Linux, process has parent child relationship.
• So every process that runs on the system has some parent process.
• init Is the parent process for the kernel

INIT Process

When you start up your computer, the kernel creates a process called init, which has a PID of 1.

Managing Processes

Windows: Reading Process Information

• Task Manager or taskmgr.exe is one way of obtaining processes information on Windows.

  To show all running processes in CLI:

  tasklist
  

  The PowerShell command for the same:

  Get-Process

Linux: Reading Process Information

To see process running on Linux:

ps -x

The following STAT for ps -x command are used to show processes current status

• R: running
• T: stopped
• S interruptible sleep

To see full list of running processes, even by other users run:

ps -ef #'f' for full

• UID: User ID
• PID: Process ID
• PPID: Parent Process ID
• C: Number of children processes
• STIME: Start Time of Process
• TTY: Terminal associated with the process
• TIME: Total CPU time process is taking up
• CMD: Name of the command running

Everything in a Linux is a file, even the processes. So we can view them in /proc.

ls -l /proc

Windows: Signals

• If we want to close an unresponsive process, we use signals.

• The most common is SIGINT or signal interrupt. You can send this signal to a running process with the CTRL+C key combination.

  

Signal

A way to tell a process that something’s just happened.

Linux: Signals

There are lots of signals on Linux, starting with SIG. I.e. SIGTERM, SIGINT** etc.

Windows: Managing Processes

• To restart or pause a process and to do even much more, Process Explorer tool is used.

Process Explorer

A utility, Microsoft created to let IT Support Specialists, system admins and other users to look at running processes.

Linux: Managing Processes

• To terminate a process, kill command is used.

  • kill Without any parameters, sends SIGINT signal to the program/process to clean is running processes and close them properly

  To kill a process

  kill <PID>

  To send SIGKILL via kill command:

  kill -KILL <PID>

  -KILL Should the lost resort to stop a process, it doesn’t give time to the process for cleanup, it may cause more harm than good.

  To put process on pause instead of killing, SIGSTP or signal stop, is used

  kill -TSTP <PID>

  To resume from suspend:

  kill -CONT <PID>

Process Utilization

Windows: Resource Monitoring

• Resource Monitoring tool is used.

• To get resource monitoring from CLI

  Get-Process

  To get the three most resource heavy processes:

  Get-Process | Sort CPU -descending | Select -first 3 -Property ID,ProcessName,CPU

Linux: Resource Monitoring

top is a useful resource monitoring CLI tool:

top

Another useful CLI tool is uptime, which show info about the current time, how long your computer running, how many users are logged on, and what the load average of your machine is.

When ejecting a USB drive, you get the error “Device or resource busy” though none of the files on the USB drive is in use or opened anywhere, or so you think. Using the lsof lists open files and what processes are using them.

• It is great for tracking down pesky processes that are holding open files.