Module 3 - Linux and SQL (4) - Google Cybersecurity Certificate
drwxrwxrwx
A 10 character string that represents full permission of a user group.
man heir
A command used to learn more about the FHS and its standard drives.
nano Text Editor
A command-line file editor that is available by default in many Linux distributions. To open an existing file in nano from the directory that contains it, enter nano followed by the file name. For example, entering "nano permissions.txt" from the /home/analyst/reports directory opens a new nano editing window with the permissions.txt file open for editing. You can also provide the absolute file path to the file if you're not in the directory that contains it. You can also create a new file in nano by entering nano followed by a new file name. For example, entering "nano authorized_users.txt" from the /home/analyst/reports directory creates the authorized_users.txt file within that directory and opens it in a new nano editing window.
Root User (or superuser)
A user with elevated privileges to modify the system.
useradd
Adds a user to the system. To add a user with the username of fgarcia with sudo, enter sudo useradd fgarcia. There are additional options you can use with useradd: -g: Sets the user's default group, also called their primary group -G: Adds the user to additional groups, also called supplemental or secondary groups To use the -g option, the primary group must be specified after -g. For example, entering "sudo useradd -g security fgarcia" adds fgarcia as a new user and assigns their primary group to be security. To use the -G option, the supplemental group must be passed into the command after -G. You can add more than one supplemental group at a time with the -G option. Entering "sudo useradd -G finance,admin fgarcia" adds fgarcia as a new user and adds them to the existing finance and admin groups.
Command
An instruction telling the computer to do something.
chmod
Changes permissions on files and directories.
chown
Command that changed ownership of a file or directory. To change the user owner of the access.txt file to fgarcia, enter "sudo chown fgarcia access.txt." To change the group owner of access.txt to security, enter "sudo chown :security access.txt." You must enter a colon (:) before security to designate it as a group name.
usermod
Command that modifies existing user accounts. The same -g and -G options from the useradd command can be used with usermod if a user already exists. To change the primary group of an existing user, you need the -g option. For example, entering "sudo usermod -g executive fgarcia" would change fgarcia's primary group to the executive group. To add a supplemental group for an existing user, you need the -G option. You also need a -a option, which appends the user to an existing group and is only used with the -G option. For example, entering "sudo usermod -a -G marketing fgarcia" "would add the existing fgarcia user to the supplemental marketing group. -d: Changes the user's home directory. -l: Changes the user's login name. -L: Locks the account so the user can't log in. The option always goes after the usermod command. For example, to change fgarcia's home directory to /home/garcia_f, enter "sudo usermod -d /home/garcia_f fgarcia". The option -d directly follows the command usermod before the other two needed arguments.
cp
Copies a file or directory into a new location. To copy permissions.txt into the logs subdirectory while also keeping it in its original location, enter "cp permissions.txt /home/analyst/logs."
mkdir
Creates a new directory. For example, if you want to create a new directory called network in your /home/analyst/logs directory, you can enter "mkdir /home/analyst/logs/network" to create this new directory. If you're already in the /home/analyst/logs directory, you can also create this new directory by entering "mkdir network".
touch
Creates a new file. If your current directory is /home/analyst/reports, entering "touch permissions.txt" creates a new file in the reports subdirectory called permissions.txt.
userdel
Deletes a user from the system. For example, entering "sudo userdel fgarcia" deletes fgarcia as a user. Be careful before you delete a user using this command. The userdel command doesn't delete the files in the user's home directory unless you use the -r option. Entering "sudo userdel -r fgarcia" would delete fgarcia as a user and delete all files in their home directory. Before deleting any user files, you should ensure you have backups in case you need them later. Instead of deleting the user, you could consider deactivating their account with usermod -L.
whatis
Displays a description of a command on a single line.
ls -a
Displays hidden files.
man
Displays information on other commands and how they work.
head
Displays just the beginning of a file, by default 10 lines. If you want to change the number of lines returned by head, you can specify the number of lines by including -n. For example, if you only want to display the first five lines of the updates.txt file, enter head -n 5 updates.txt.
ls -la
Displays permissions to files and directories, including hidden files.
ls -l
Displays permissions to files and directories.
cat
Displays the content of a file. For example, entering "cat updates.txt" returns everything in the updates.txt file.
ls
Displays the names of files and directories in the current working directory.
/home
Each user in the system gets their own directory.
Standard Output Redirection
In addition to the pipe (|), you can also use the right angle bracket (>) and double right angle bracket (>>) operators to redirect standard output. When used with echo, the > and >> operators can be used to send the output of echo to a specified file rather than the screen. The difference between the two is that > overwrites your existing file, and >> adds your content to the end of the existing file instead of overwriting it. The > operator should be used carefully, because it's not easy to recover overwritten files. When you're inside the directory containing the permissions.txt file, entering echo "last updated date" >> permissions.txt adds the string "last updated date" to the file contents. Entering echo "time" > permissions.txt after this command overwrites the entire file contents of permissions.txt with the string "time".
Options
Modify the behavior of a command.
mv
Moves a file or directory to a new location. To move permissions.txt into the logs subdirectory, enter "mv permissions.txt /home/analyst/logs". Moving a file removes the file from its original location.
cd
Navigates between directories.
-name and -iname
One key criteria analysts might use with find is to find file or directory names that contain a specific string. The specific string you're searching for must be entered in quotes after the -name or -iname options. The difference between these two options is that -name is case-sensitive, and -iname is not. For example, you might want to find all files in the projects directory that contain the word "log" in the file name. To do this, you'd enter find /home/analyst/projects -name "*log*". You could also enter find /home/analyst/projects -iname "*log*".
pwd
Prints the working directory onto the screen.
rmdir
Removes, or deletes, a directory. For example, entering "rmdir /home/analyst/logs/network" would remove this empty directory from the file system. The rmdir command cannot delete directories with files or subdirectories inside.
rm
Removes, or deletes, a file. This command should be used carefully because it's not easy to recover files deleted with rm. To remove the permissions file you just created, enter "rm permissions.txt"
grep
Searches a specified file and returns all lines in the files containing a specified string. For example, entering "grep OS updates.txt" returns all lines containing OS in the updates.txt file. In this example, OS is the specific string to search for, and updates.txt is the specific file to search through.
apropos
Searches the manual page descriptions for a specified string.
-mtime
Security analysts might also use find to find files or directories last modified within a certain time frame. The -mtime option can be used for this search. For example, entering find /home/analyst/projects -mtime -3 returns all files and directories in the projects directory that have been modified within the past three days. The -mtime option search is based on days, so entering -mtime +1 indicates all files or directories last modified more than one day ago, and entering -mtime -1 indicates all files or directories last modified less than one day ago. Note: The option -mmin can be used instead of -mtime if you want to base the search on minutes rather than days.
| (piping)
Sends the standard output of one command as standard input to another command for further processing. As a reminder, standard output is information returned by the OS through the shell, and standard input is information received by the OS via the command line. When used with grep, the pipe can help you find directories and files containing a specific word in their names. For example, "ls /home/analyst/reports | grep users" returns the file and directory names in the reports directory that contain users. Before the pipe, ls indicates to list the names of the files and directories in reports. Then, it sends this output to the command after the pipe. In this case, grep users returns all of the file or directory names containing users from the input it received.
Argument (Linux)
Specific information needed by a command.
sudo
Temporarily grants elevated permissions to specific users.
Using chmod
The chmod command requires two arguments. The first argument indicates how to change permissions, and the second argument indicates the file or directory that you want to change permissions for. For example, the following command would add all permissions to login_sessions.txt: "chmod u+rwx,g+rwx,o+rwx login_sessions.txt" If you wanted to take all the permissions away, you could use "chmod u-rwx,g-rwx,o-rwx login_sessions.txt" Another way to assign these permissions is to use the equals sign (=) in this first argument. Using = with chmod sets, or assigns, the permissions exactly as specified. For example, the following command would set read permissions for login_sessions.txt for user, group, and other: "chmod u=r,g=r,o=r login_sessions.txt" This command overwrites existing permissions. For instance, if the user previously had write permissions, these write permissions are removed after you specify only read permissions with =.
Filesystem Hierarchy Standard (FHS)
The component of the Linux OS that organizes data.
Authorization
The concept of granting access to specific resources in a system.
Bash
The default shell in most Linux distributions.
Relative File Path
The file path that starts from a user's current directory. Relative file paths can use a dot (.) to represent the current directory, or two dots (..) to represent the parent of the current directory. An example of a relative file path could be ../projects.
find
The find command searches for directories and files that meet specified criteria. There's a wide range of criteria that can be specified with find. For example, you can search for files and directories that: Contain a specific string in the name, Are a certain file size, or Were last modified within a certain time frame. When using find, the first argument after find indicates where to start searching. For example, entering "find /home/analyst/projects" searches for everything starting at the projects directory.
-D-rwxrwxrwx
The first character (d) indicates the filetype. D is a directory and would be replaced with a hyphen if it was a file.
Absolute File Path
The full file path, which starts from the root.
Root Directory
The highest-level directory in Linux.
less
The less command returns the content of a file one page at a time. For example, entering less updates.txt changes the terminal window to display the contents of updates.txt one page at a time. This allows you to easily move forward and backward through the content. Once you've accessed your content with the less command, you can use several keyboard controls to move through the file: Space bar: Move forward one page b: Move back one page Down arrow: Move forward one line Up arrow: Move back one line q: Quit and return to the previous terminal window
tail
The tail command does the opposite of head. This command can be used to display just the end of a file, by default 10 lines. Entering "tail updates.txt" returns only the last 10 lines of the updates.txt file. You can use tail to read the most recent information in a log file.
Permissions
The type of access granted for a file or directory.
/bin
This directory stands for "binary" and contains binary files and other executables. Executables are files that contain a series of command a computer needs to follow to run program and perform other functions.
/mnt
This directory stands for "mount" and stores media, such as USB drives and hard drives.
/tmp
This directory stores many temporary files. The /tmp directory is commonly used by attackers because anyone in the system can modify data in these files.
/etc
This directory stores the system's configuration files.
drwxrwx-RWX
This section indicates permissions for the "other" owner type. r: user has read permissions w: user has write permissions x: user has execute permissions -: user has no permission
drwx-RWX-rwx
This section indicates the permissions for the next owner type group. r: user has read permissions w: user has write permissions x: user has execute permissions -: user has no permission
d-RWX-rwxrwx
This section indicates the permissions for the user. r: user has read permissions w: user has write permissions x: user has execute permissions -: user has no permission
"home"
Under home are subdirectories for specific users.
Types of Owners
User - u Group - g Other - o
How Each Character is Used With chmod
u: indicates changes will be made to user permissions g: indicates changes will be made to group permissions o: indicates changes will be made to other permissions +: adds permissions to the user, group, or other -: removes permissions from the user, group, or other =: assigns permissions for the user, group, or other Note: When there are permission changes to more than one owner type, commas are needed to separate changes for each owner type. You should not add spaces after those commas.
