Phase 0: Baseline Assessment

Without looking: write down what data an inode stores.
Then verify: man 7 inode (or man 2 stat → struct stat)

# Create a file, hard link, and soft link
echo "test" > /tmp/arena-test
ln /tmp/arena-test /tmp/arena-hard
ln -s /tmp/arena-test /tmp/arena-soft

# Without running stat: predict the inode numbers and link counts
# Then verify:
stat -c 'inode=%i links=%h type=%F' /tmp/arena-test /tmp/arena-hard /tmp/arena-soft

# Delete the original. What happens to each link? Predict, then test.
rm /tmp/arena-test
cat /tmp/arena-hard    # ?
cat /tmp/arena-soft    # ?

# When does df show more used space than du?
# Hint: man lsof → +L1
# Answer: _______________________________

# What filesystem type is /proc? How do you find out?
# man findmnt, man proc
findmnt /proc

# Read your own process info
cat /proc/self/status | head -20
ls -la /proc/self/fd

# Draw the parent chain from your shell to PID 1. Predict, then verify:
pstree -sp $$

# How many FDs does your current shell have open?
ls /proc/$$/fd | wc -l

# What are FD 0, 1, 2? Without looking up:
# 0 = _____, 1 = _____, 2 = _____
# Verify: man stdout

# Trace the system calls of a simple command. Identify open(), read(), write():
strace -e trace=open,read,write cat /etc/hostname 2>&1 | head -20

# man strace → -e trace=

# Create a file, open it with tail -f, delete it. Find it:
echo "arena" > /tmp/arena-deleted
tail -f /tmp/arena-deleted &
TAIL_PID=$!
rm /tmp/arena-deleted

# Find the deleted-but-open file:
ls -la /proc/$TAIL_PID/fd/ | grep deleted

# Recover it:
cat /proc/$TAIL_PID/fd/3

kill $TAIL_PID

# List all listening TCP sockets with process names. No googling — man ss:
ss -tlnp

# What does each flag mean? Write from memory:
# -t = _____, -l = _____, -n = _____, -p = _____

# Show the routing table. Identify default gateway.
ip route show

# What is the difference between 'ip route' and 'route'?
# man ip-route

# Show all interfaces with IPs, state, and MAC:
ip -br addr
ip -br link

# What does -br mean? man ip → OUTPUT FORMAT

# Is AppArmor active? What profiles are enforced?
aa-status 2>/dev/null || cat /sys/kernel/security/apparmor/profiles

# man apparmor → DESCRIPTION

# Show SELinux context of a file (if available):
ls -Z /etc/passwd

# What are the 4 fields? user:role:type:level
# man selinux

# List current nftables rules:
nft list ruleset

# If empty, list iptables:
iptables -L -n -v

# man nft → LIST

# Write a script from memory that:
# 1. Uses set -euo pipefail
# 2. Has a cleanup trap
# 3. Takes one argument (a directory path)
# 4. Counts .adoc files in that directory recursively
# 5. Outputs the count
# Time limit: 5 minutes

# Without pip, write a Python script that:
# 1. Lists all files in /etc/ matching *.conf
# 2. For each, prints filename and line count
# 3. Uses only os, pathlib, sys
# Time limit: 5 minutes
# man python3 → or: python3 -c "help('pathlib')"

# Given 10.50.0.0/16, create 4 subnets for:
# - Management (50 hosts)
# - Servers (200 hosts)
# - Workstations (1000 hosts)
# - IoT (2000 hosts)
# Write the CIDR notation for each.
# Time limit: 3 minutes

# Section numbers — memorize these:
# 1 = user commands      man 1 find
# 2 = system calls       man 2 open
# 3 = library functions   man 3 printf
# 5 = file formats        man 5 passwd
# 7 = concepts           man 7 inode
# 8 = admin commands      man 8 ip

# Search within man:
# /pattern    → forward search
# ?pattern    → backward search
# n           → next match
# N           → previous match
# g           → go to top
# G           → go to bottom
# q           → quit

# Find which section a topic is in:
man -k inode
man -k socket
man -k strace

# man -k = apropos — searches man page descriptions
# man apropos