L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h

Filesystem and Storage Device Management
107
The filesystems on a system that are mounted at boot-time are kept in a 
file at /etc/fstab (short for filesystem table), which is read by the system at every 
bootup.
Unmounting with umount
If you’re coming from a Mac or Windows background, you’ve probably 
unmounted a drive without knowing it. Before you remove a flash drive 
from your system, you “eject” it to keep from causing damage to the files 
stored on the device. Eject is just another word for unmount.
Similar to the 
mount
command, you can unmount a second hard drive 
by entering the 
umount
command followed by the file entry of the device in 
the /dev directory, such as /dev/sdb. Note that the command is not spelled 
unmount but rather umount (no n).
kali >
umount /dev/sdb1
You cannot unmount a device that is busy, so if the system is reading or 
writing to the device, you will just receive an error.
Monitoring Filesystems
In this section, we look at some commands for monitoring the state of the 
filesystem—a skill necessary for any hacker or system administrator. We’ll get 
some info about mounted disks and then check for and fix errors. Storage 
devices are particularly error prone, so it’s worth learning this skill.
Getting Information on Mounted Disks
The command 
df
(for disk free) will provide us with basic information on 
any hard disks or mounted devices, such as CD, DVD, and flash drives, 
including how much space is being used and how much is available (see 
Listing 10-4). Without any options, 
df
defaults to all mounted drives. If 
you want to check a different drive, simply follow the 
df
command with 
the drive representation you want to check (for example, 
df sdb
).
kali >
df
Filesystem 1K-Blocks Used Available Use% Mounted on
rootfs 19620732 17096196 1504788 92% /
udev 10240 0 10240 0% /dev
--
snip
--
/dev/sdb1 29823024 29712544 110480 99% /media/USB3.0
Listing 10-4: Getting information on disks and mounted devices with 
df
The first line of output here shows category headers, and then we get 
the information. The disk space is given in 1KB blocks. On the second 
line, we see that rootfs has 19,620,732 one-kilobyte blocks, of which it is 

108
Chapter 10
using 17,096,196 (or about 92 percent), leaving 1,504,788 available. The 
df
command also tells us that this filesystem is mounted on the top of the 
filesystem /.
In the last line, you can see my USB flash drive. Note that it is designated 
/dev/sdb1, is nearly 100 percent full, and is mounted at /media/USB3.0.
As a recap, my virtual disk on this system is designated sda1, which 
breaks down as follows:

Download 7,3 Mb.