Master Linux Password Reset, File System Basics, and Network Setup

1. Various Linux VM Password Recovery

1) Red Hat password reset (root):

1  在重启的时候 e 进入
2  在linux16 后面找到UTF-8 在后面加 rd.break   然后ctrl+x
3  这时候可以输入mount 看一下 会发现根为 /sysroot/  没有w权限，只有ro权限
4  输入 mount  -o  remount,rw  /sysroot/    重新挂载，就有rw权限
5 改变根  chroot  /sysroot/
6 echo "密码" | passwd --stdin root   设置密码
7  使 selinux 生效  touch /.autorelabel
8  exit
9  reboot
10  切换ROOT用户登陆

2) CentOS 6 password reset:

1 e 进入
2 选择第二个  kernel
3 在 quiet 后面 加 1  然后回车
4  b
5  进去passwd 就可以修改密码了

3) RedHat init password reset:

1  启动RedHat ,进入后 e 进入编辑。
2  光标往下，找到以 linux16开头 ro改成 rw  UTF-8结尾的参数行,并在UTF-8后面加 init=/bin/sh 
3  输入init=/bin/sh 后，按 ctrl+x
4  进入下图界面
5  这时候我们可以mount看一下，有rw 权限，我们就省去重新挂载步骤。（看不见，没有回显， 自己输入，尽量正确）
6  这个时候我们就可以输入下面的语句设置自己的密码
	echo "wll" | passwd --stdin root（看不见，没有回显， 自己输入，尽量正确）
7 显示成功 输入touch /.autorelabe（看不见，没有回显， 自己输入，尽量正确）
8 输入 exec /sbin/init  重启
9．重启成功

4) Kali password reset (may vary by version):

Press e on the GRUB menu, edit the line starting with linux, change ro to rw, add init=/bin/bash, then press F10. After reboot, run passwd to set a new password.

5) Ubuntu password reset (bridge mode):

1 长按 Shift 或 Esc 进入 GRUB，选择高级选项回车
2 选择较高的 recovery mode
3 按 e 编辑，在以 linux /boot/vmlinuz-…ro recovery nomodeset 开头的行删除 <code>nomodeset</code>，在行尾（dis_ucode_ldr 后）添加 <code>quiet splash rw init=/bin/bash</code>
4 保存并启动，使用 <code>passwd</code> 修改密码
5 重启后即可登录

2. Linux File System Description

home        普通用户的目录
dev         以文件形式存放的设备接口，如光盘、硬盘
boot        放开机所需要的东西
etc         放置一些配置文件
sbin        用来存放管理员使用的二进制系统程序文件
lib         开机使用的一些函数库
proc        虚拟文件系统，提供网络状态、进程信息
usr         放用户自己使用的程序和库
var         主要存放经常变化的文件，如日志
lost+found  当文件系统发生错误时，放置遗失的片段
media       挂载设备文件
mnt         为用户提供挂载其他文件系统的入口
opt         放第三方软件
tmp         临时文件，所有人可共享

3. Common Linux Commands (unordered)

Shutdown and reboot:

shutdown, poweroff -f, init 0   # shutdown
reboot, init 6               # reboot
sleep 2 | init 0             # shutdown after 2 seconds
logout                        # logout

User management:

userdel -r sss                # delete user and home directory
useradd -G g1 -e 2013-04-04 u1   # add user with supplementary group and expiry date
useradd -u 1000 u2               # add user with specific UID
gpasswd -a u1 g2                  # add user to group
gpasswd -d u g2                  # remove user from group
id u2                             # view UID/GID of a user

Directory navigation:

/   # root directory
~   # home directory
..  # parent directory
-   # previous directory

Downloading files:

wget [options] URL
-P <path>   # specify download directory
-c          # continue incomplete download
-r          # recursive download
-b          # background download

Process inspection:

ps aux      # list all processes
top -d 2   # interactive process monitor
kill 1323   # terminate process by PID
kill -9 1323 # force kill

System information: uname -a # kernel and system info Command history:

history          # show history
history -c       # clear history
history 7        # show last 7 commands
!7               # execute command number 7

Login records: last File content viewing:

cat               # display file
cat -n            # show line numbers
head -n 4 file    # first 4 lines
tail -n 4 file    # last 4 lines

Text substitution: tr 'a' 'b' < file # replace characters Counting characters/words/lines:

wc -l file   # line count
wc -w file   # word count
wc -c file   # byte count

File attribute inspection: stat filename Modify timestamps: touch -d "time" filename Column extraction:

cut -d: -f1 filename   # extract first field using ':' as delimiter

Compression and extraction:

rar a file1.rar test_file
rar x file1.rar
unrar x file1.rar
tar -cvf archive.tar file1
tar -xvf archive.tar -C /tmp
tar -xvzf archive.tar.gz
zip file1.zip file1
unzip file1.zip
zip -r file1.zip file1 file2 dir1

File search:

find / -name ssh               # find files named ssh
find / -atime +1               # files accessed more than 1 day ago
find / -size +50kB            # files larger than 50KB
find / -perm 4000              # files with setuid bit
find / aaa.txt -exec {} \;    # execute command on found files

Change file permissions:

chmod u+s /usr/bin/find   # set SUID on find
chmod g+s /bin/cat       # set SGID on cat
chmod o+t directory      # set sticky bit on directory

4. SUID, SGID, Sticky Bit

SUID allows a program to run with the file owner's privileges (often root). Example: chmod u+s /usr/bin/cat.

SGID makes a program run with the group’s privileges. Example: chmod g+s /bin/cat.

Sticky bit on a directory prevents users from deleting files they do not own. Example: chmod o+t /shared_dir.

5. Setting Static IP in Bridge Mode

Switch the network adapter to Bridge mode, note the Windows host IP, then edit the VM's network script:

cd /etc/sysconfig/network-scripts/
vim ifcfg-eth3   # edit the file
# Set ONBOOT=yes, BOOTPROTO=static
# Configure IPADDR, NETMASK, GATEWAY, DNS1, DNS2
:wq
ifconfig
service network restart
ping <target_ip>   # verify connectivity

6. NAT Mode

Switch the network adapter to NAT mode, then edit the same script but use DHCP:

cd /etc/sysconfig/network-scripts/
vim ifcfg-eth3
# Set ONBOOT=yes, BOOTPROTO=dhcp
:wq
ifconfig
service network restart
ping <target_ip>

7. Installing a Local Yum Repository

# Verify network connectivity
ping www.baidu.com
# Mount the installation CD/DVD
mkdir /media/cdrom
mount /dev/sr0 /media/cdrom
# Create repo file
cd /etc/yum.repos.d/
rm -f packagekit-media.repo
touch local.repo
vim local.repo
# Insert:
# [local]
# name=mylocalyum
# baseurl=file:///media/cdrom
# enabled=1
# gpgcheck=0
:wq
yum clean all
yum repolist all

8. iptables Parameters

-F                     # flush all rules
-L                     # list current rules
-D                     # delete a rule
iptables -D INPUT 1   # delete first INPUT rule
-I                     # insert rule at top, e.g., iptables -I INPUT -p icmp -j DROP
-j                     # target action
-P                     # set default policy
-p                     # protocol match
--dport                # destination port, e.g., --dport 10:80
-s                     # source IP/network

Example to reject SSH: iptables -I INPUT -p tcp --dport 22 -j REJECT To allow a specific subnet:

iptables -I INPUT -s 192.168.80.0/24 -p tcp --dport 22 -j ACCEPT

Save rules permanently:

service iptables save

9. firewalld (Protocol‑Based Service Control)

List all zones: firewall-cmd --list-all-zones Show current zone details: firewall-cmd --list-all Set default zone: firewall-cmd --set-default-zone=public Assign interface to a zone:

firewall-cmd --zone=public --change-interface=eth0

Port forwarding example (forward host port 22 to VM port 888):

firewall-cmd --zone=public --add-forward-port=port=22:proto=tcp:toport=888

Add a rich rule to reject a subnet:

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.167.52.0/24" service name="ssh" reject'

10. Shell Script Writing

Refer to the detailed tutorial at: CSDN Shell Script Guide

11. Linux Hardening

For security hardening steps, see: Linux Hardening Guide