Linux
Permissions: Numerical Values
4 - Read only 2 - Write only 1 - Execute only For numbers higher than three, you add the permissions together to get the final permission.
SCP Flags: -I
Bandwidth limitation
Sort
Executed on letters, the results will be sorted in alphabetical order in which uppercase letters precede lowercase.
-f flag
Forced deletion
Operators: >
Greater than
Operators: ge
Greater than or equal to
dhclient
IP addresses can be changed, released, renewed, or removed from the server side and can be configured on a client station.
Linux History
Is a family of operating systems (OS) intended to provide a UNIX-like experience. Uses the GNU General Public License Version 2 (GPLv2), in contrast to UNIX, which has a proprietary license. Created early 1990s. Uses a terminal (CLI), and most Linux distributions have a graphical user interface (GUI) as well, which makes the environment more user friendly. Linux itself is only the kernel, which manages communication between applications and hardware.
iptables
Is a generic, highly versatile, firewall utility that is pre-installed on most Linux distributions. It is CLI-based, with no graphical interface, and looks for rules in its table that match packets, and either allows them, or blocks them.
Network File System (NFS)
Is a protocol used to access files from a remote network
Operators: <
Less than
Md5sum
Md5sum uses an MD5 message digest. It generates an MD5 hash for almost any type of object, and is pre-installed in most Linux distributions.
Relative Path
Navigation to directories without specifying the root. This path command should be used when the destination is close to the current location.
Open-Source Philosophy
Open-source refers to source code published by developers and organizations so that anyone can see how the program is written, and modify and enhance the code. Modified GUI-licensed code can be used privately or released to the public for the benefit of the community. Open-source code has a great advantage over closed-sourced applications, because people can work together to improve the code and fix security vulnerabilities. As an open-source software, Linux is free and can be downloaded from the internet or redistribution under GNU licenses. RedHat and Novell provide additional Linux support, consultancy, bug fixing, and training for an additional fee.
rm -rf*
Recursively delete all files in the current directory, including directories within that directory
SCP Flags: -p
Sends original modification details such as data created, access times, etc.
Important Directories: /etc
Stores configuration files, such as the host file, kernel configuration, and system services. Some configurations have folders within the /etc directory
Important Directories: /usr
Stores user binaries and read-only data
Expr
The expr command evaluates a given sequence
Command Breakdown: root@debian:/etc# Command [option] [argument]
The first section represents data regarding the user and the system. root@debian:/etc# represents the logged user, the machine's name, the current directory, and a sign representing the user. The second section if the command itself with an option part for flags, and arguments passed to the command.
SUID
The flag s provides other users with the ability to execute the file as its owner.
Route: Gateway
The gateway address that points to the network
Route: Iface
The interface used for the route
Linux Kernel: Memory Management
The kernel is responsible for OS memory management. It keeps track of memory usage for the purpose of enhancing performance, and uses virtual memory addresses to ensure that one purpose does not manipulate the data of another process.
'Let' Command
The let command is used to calculate arithmetic expressions. It converts a variable to an arithmetic expression. The command does not require spaces, but if one is needed in the expression, it must appear in quotation marks.
sed
The sed command is typically used for word replacement. It runs a search on the specified item, deletes the desired word, and replaces it with another specified word. After its execution, it displays and output of the result. The command includes flags that can be used to enhance the search and replace operation. Example: sed 's/words/replaces/' filename
CLI
The terminal allows users to run commands on the system. Accepts text commands. Some operate without a GUI when the computer is booted, while others, such as Gnome, work with an emulated GUI. CLI terminals can run remotely via processes such as SSH and Telnet, and are known as a Remote Terminal.
/etc/skel
This is a directory that is used as a template for a new user's home directory. Every file or directory created within it, will appear in the new user's home directory
Advanced Grep & AWK
Tools used to find words, characters, lines, and text patterns in files. Primary use it for quickly finding specific words and patterns that match the search in all specified files and folders.
apt upgrade
Updates existing packages to the newest available version.
SCP Flags: -S (program)
Use a third-party program for the connection
cut -d
Used as a delimiter
Command Separators
Variable=$ (command) runs the command in the parentheses and saves the output in the variable (like the back tick sign mentioned earlier). A good test would be to assign the command date to a variable and run it a few times in succession. You will get the same result even when time has passed.
Static IP Address: First Method
ifconfig <interface> <ip_address> netmask <mask> up
System Awareness: whoami
outputs the user currently logged in to the CLI
System Awareness: pwd
(Present/Print Working Directory) indicates the current location.
System Libraries: OS Root Directories; Additional Directories
/etc - System config files /tmp - Temporary files /boot - Kernel and bootloader /var and /srv - Server data /proc and /sys - System information /lib - Library directories
System Libraries: OS Root Directories Syntax
/root - super user home directory /boot - kernel image /etc - system configuration files /home - user directories /mnt - mount points /sbin - executables /dev - device files /bin - executables /lib - libraries
System Libraries: OS Root Directories; Important Directories
/root, /home/<username> - The home folders /bin, /usr/bin, /usr/local/bin/sbin, /usr/sbin, /usr/local/sbin - Binary program files /media and /mnt - External file system and mount points
Samba Process Steps
1. The first configuration option in the file specifies the service's work environment, meaning whether or not it is a workgroup of a domain. 2. To share a folder, its name and path must be specified. 3. The folder's read and access permissions must be set. 4. Any change in the configuration file requires a system restart
Permissions: Format
1. The first three characters are the file permissions that apply to the creator (owner) of the file. 2. The next three characters determine the group permissions. 3. The last three characters represent 'other' or 'public'
SSH Hardening: Configure Fail2Ban
A brute-force prevention solution
Apache
A common server program in Linux that provides web hosting services. Run as a service itself, called apache2. The service operates by default on port 80 for HTTP and needs to be configured to use port 443 for HTTPS. Is not a physical server. It operates via software that can be installed on a machine and used as a server. It creates connection between the server and web browsers. Is cross-platform and works on UNIX-based and Windows OS systems.
Absolute Path
A complete path that always starts from the root directory (/) which is at the top of the file system hierarchy. The path should be used when the destination is not located close to the current location.
wc
A file's word count, number of letters, bytes, and more.
--help
A flag that can be used together with the name of almost any other Linux command to display helpful information on how to use the binary
Open-Source Philosophy: Apache
A free open-source software. It can interface with third-party applications, and can be edited, sold, and distributed as a customized package based on the Apache software. It cannot, however, be redistributed without proper attribution. Apache is commonly used with the GPL license (version 3), which allows developers to mix codes.
Terminal Emulator: Example
A network administrator who wants to connect from a Microsoft Windows OS can run a simple command in Windows or Linux to create a connection based in the terminal emulator.
nslookup
A package called dnsutils contains the nslookup tool that resolves IP addresses. Each domain has information about the owner, main servers, and fully qualified domain name (FQDN). Dnsutils allows you to run the DNS check from the CLI, although it can also be found online. Flags can be added to the command to abtain more accurate results, such as NS records that point the management sources like msft, Cloudflare, and Google.
Cups Print Server
A print server that runs in the background and transfers print requests.
Squid Cache Proxy
A proxy server, mainly used to resolve slow network connectivity.
Users: Regular Users
A regular user is added by the root user and has low-level permissions. This user cannot perform high-level actions in the system. Also known as super-do, a sudo is a normal user added to sudo groups by the root user. This user may be assigned permissions to access and execute some root commands.
Users: Root Users
A root user, or superuser, is the highest-level user in the system. Each system has its own root admin user. Root users can access all files in the system and execute all commands. A root user can override any file ownership, permissions, or restrictions. In addition, their ability to perform system-wide changes means their accounts must be kept secure. An unsecure superuser account means a hacker can assume superuser privileges and make changes to other user accounts in the system.
Shebang
A script is indicated by the shebang at the start of the document. In a UNIX-like operating system, a shebang is interpreted as an executable file. It consists of a hashtag (#) and an exclamation mark (!) followed by a path for the interpreter, and no spaces. Page 98 To execute a script file, simply run ./ and the name of the script with no spaces, or bash <scrip path and name>
Shell Types
A shell is an application that executes commands in text form within an operating system. Application commands run from shells are checked against the $PATH variable. Some commands execute binary files often located in the /bin or /sbin directories. Each shell has its own slightly different built-in commands (such as cd) that can be run regardless of the $PATH variable.
Shell Script
A shell script is a complete language, with variables, functions, and conditional executions. when you execute a script, a terminal window opens to run the commands. Since commands are in plain text, typically logged and can be viewed using "history". Scripts can run and perform tasks in the background.
Package
A type of archive that contains all files required for a binary to be installed and operate properly. A package may also list other packages required for the specific binary. Typically installed by software called "Package Manager", which is a simple and highly efficient utility for installing, updating, and removing binaries. The Manager is operated via commands and does not require the use of browsers and download websites.
MongoDB
A type of server database that is document-oriented and unstructured (NoSQL)
usermod
Adds existing user to existing group. Two common flags; -a: for append, -G: for groups
Debian Package (Dpkg) Files (.deb)
Allow for easy installation and removal of applications, and provide information about the package.
Static IP Address
Can be configured through server configuration or from the client. Setting a fixed IP address via the client configuration file can cause a collision between IP addresses on the same network if the DHCP server distributes the address when the host is down and the address is available for use. In most cases, the address is reserved on the server.
Locate
Can find files in the Linux system, but relies on a database that must be updated to provide more accurate results. Has an advantage over find in its speed
Plex Media Server
Can store entertainment services (similar to Netflix) for movies, program series, music, and more.
cat <file name> | grep <word>
Cat command to display a file's contents and search for specific words or sentences within the contents.
SSH Hardening: Change Default Ports
Changing the port assists in reducing the attack surface, and can mitigate potential attacks performed by inexperienced attackers.
Special Files: (c)
Character device file
Cksum
Checksum is a well-known tool that uses the cksum command to count bytes in a file. This allows you to compare two files, one that you created and the source file, to ensure that data was not compromised.
ls
Command used to list the contents of a directory
Grep
Command. Used to filter text for a more specific search. It can be combined with other functions and commands to improve the search. Outputs the results. Shows the entire line in the results
System Awareness
Commands like whoami, pwd, and uname -r can indicate details about the user, directory position, and operating system.
Variables and Arguments: $!
Completes the last command
Linux Kernel: Layers Overview
Composed of layers, which provide crucial separation for stable functionality and data security. The kernel is an abstraction layer that serves as a buffer between users/apps and hardware. Separating those elements prevents an application or user from obtaining access to the hardware, and damaging the system.
Tar Archive -zcvf: z
Compress using Gzip
Static IP Address: Second Method
Configure the interface configuration file with the address, netmask, and gateway in the /etc/network/interfaces file directory
Regular Files (-)
Contain programs, executables, and text files
Directory Files (d)
Contains lists of files
SCP Flags: -r
Copies the entire directory (recursive)
cp <filename><destination>
Copy a file from one location to another, whereby the filename and destination can be absolute or relative paths. The destination parameter can include a file name, and also enables the user to define a new name for the file that was copied
Additional Flags for Grep: -c
Counts the number of lines that were found a match
ping -c
Counts the number of pings
mkdir [option [directory name]
Create a directory
touch [option] [file name]
Create a file
Tar Archive -zcvf: c
Create a new archive
useradd
Create a new user; Created without a password and home directory, which must be created separately.
adduser
Create a new user; does not require additional information because it uses the value specified in the command and default information from the operating system.
groupadd
Creating a group
Creating Backups
Creating file backups is crucial for any organization, regardless of its size. Backups should be created every 24 hours to prevent data loss. Important data should be backed up a minimum of once per week.
Groups
Creating groups of users is done to simplify the application of settings and permissions. Any user who belongs to a group will have the settings and permissions assigned to the entire group. When a user is created during installation, they are automatically assigned to a standard group (unless defined by root).
Crontab (Cron Table)
Crontab is a tool that stores tasks that are scheduled to be executed by cron, such as running a routine script or restarting a machine. Since Cron is popular among IT system administrators, it is often considered a vulnerable target by hackers. If the default is not changed, the configuration will remain the same, and it will be unprotected.
Cut
Customizes alphabetic output. "cuts" letters and presents several parts of the word or words.
Linux Installation: Debian After Installation
Debian configuration is required, including HTTP proxy and mirroring. During the configuration process, options are chosen for the desktop experience or server installation. Since Debian does not install a desktop experience or server by default, this stage includes several options for faster installation: Debian Desktop Environment, Printer Server, and Standard System Utilities. The last step is GRUB installation, after which the machine reboots.
Apt Package Manager
Debian uses a package manager called "atp" that provides a wide selection of options to handle packages.
Variables and Arguments: ""
Defines textual content
rm [option] [file name]
Delete a file
groupdel
Delete a group
Diff
Diff is a command that compares two files line-by-line and displays the differences. The command uses specific symbols, and special instructions are required to create two identical files.
whatis
Displays an informative line from a binary's manual
System Awareness: uname -r
Displays information about the system and its version. Can also be used with different flags to present additional information, such as the kernel version
ifconfig
Displays information such as the IP address, network card name, protocol support (IPv4/IPv6), subnet mask, and more.
Isof
Displays open files, local and network, from the specific host in which the command is executed. Displays results only from the directory it is executed from and if a user does not have permission to view the file, the output will be readlink: permission denied. Some files are not accessible to users, such as system files that are located in the root directory, while others are displayed with the directory path, process IP (PID), node, user, file type, and device.
Linux Kernel
Due to its scalability, Linux-based operating systems can be used for a variety of products, ranging from wristwatches and refrigerators to supercomputers. The kernel establishes communication between the hardware and software components, and manages the system's resources.
visudo
Edit the sudoers file, but you must have sudo permissions to view or edit the file
Elif
Elif is a combination of else and if. While if will always be checked and else only runs when if returns false, elif provides the ability to check multiple if statements, because else considers only the last if statement.
Configuration Files
Enable shell customixation, such as new function creation, coloring, and control over the command completion mechanism
Operators: =
Equals
Operators: -eq
Equals (number)
File and Directory Ownership
Every file and directory in the system has a user owner and a group. The owner can be identified by the first name that appears after the permission, and the group is the second name.
UID (User ID)
Every user in the system has a unique user identifier (UID). Value is used for identification and to define which system resources a user can access. New users created in the system begin with UID 1000, while the root user has the value 0.
Exit Status
Exit status is code that triggers a verification process. It checks if the last command executed was a success or failure. The standard exit code is 0 for success, and any number between 1 and 255 for failure.
FTP Hardening
FTP service hardening options include those described above for SSH, but some additional options address it unique vulnerabilities
/etc/shadow
File contains passwords for each user encrypted with one-way keys
/etc/passwd
File includes a list of all users in the system
Login.defs
File is located in the /etc directory and is responsible for retaining password management information. Contains configurations designating the maximum length of passwords, password expiry periods, the generation of prompts to change passwords that will soon expire, and more. This file is referenced when a password is set using passwd, and does not depend on other applications that require a password, such as SSH, Apache, and others.
/etc/group
File lists all users and the groups they are associated with. Displays several groups of characters, each separated with a colon. The first shows the group name, and in most cases the second displays x, which stands for password, followed by the unique GID number, and users that are listed in the group.
System Libraries: OS Root Directories
Files and directories are organized in a single-root inverted tree structure. The file system begins at the root directory, represented by a forward slash (/). Names are case-sensitive, and pats are delimited by a forward slash. For file and directory names, all characters are valid, except the forward slash. It is important to be careful when using some special characters in file or directory names, and some characters should appear in quotes when they are referenced. Names are case-sensitive.
Ordinary Files
Files that contain data, text, or program instructions
whereis
Finds the location of specific binaries, their manual, and source file
ping -f
Floods the server with ping requests.
Unzipping Files
For a zipped file to be unzipped, the file must be specified in the unzip command. The -d flag can be used to export the zipped content to a different folder.
Linux Kernel: Primary Responsibilities
Four primary responsibilities; 1. Hardware Management; 2. Memory Management; 3. Process Management; 4. System Call Management
Users: Service Users
Generally, service run non-interactive or background processes on a system, while regular users can log in and run interactive processes.
> or >>
If added to a file name, it will add the content in the file without displaying it on the terminal interface
apt install
Installs packages
Variables and Arguments: $
Invokes a variable
User Home Directory
Is designated for users to store files and create other directories.
Network Time Protocol Daemon (NTPD)
Is the most widely used method to sync Linux system clocks with network time servers.
SSH Hardening: Back Up Configuration File
It is recommended to back up the original file, so that it can be recovered if a configuration issues arises.
*
Known as "wildcard", represents "everything"
Operators: -lt
Less than
Operators: le
Less than or equal to
resolve.conf
Name resolution is performed by DNS servers specified in the resolve.conf file located in /etc/.
Additional Flags for Grep: -v
Outputs the unmatched typed filter
For Loop
Performs a block of code with a range, as long as the condition is true.
While Loop
Performs a block of code, as long as the conditions are true.
chmod
Permissions for a file are set using numerical input (such as 777 for full permissions), or r/w/x. Can use this method with a plus sign (+) for addition, minus sign (-) for removal, and an equals sign (=) to apply a permission.
Route: Ref
References to the specified route
dhclient -r
Releases an IP address received from a DHCP server
rmdir
Remove directory
apt remove
Removes packages
Hidden Files
Represented by dots (.) at the beginning of the file name
FTP Hardening: Set Disk Quotas
Restrict the size of files that can be uploaded
System Commands: uname
Returns information regarding the operating system
System Commands: whoami
Returns the current user name
Navigation Commands: cd ~
Returns to the home directory
Navigation Commands: cd -
Returns to the previous directory
Route: Use
Route lookups (decision-making process to determine how to route packets to their destinations)
groups <username>
Run to find out what groups a user belongs to.
Until Loop
Runs a block of code until a specific condition is met.
Secure Copy Protocol
SCP is a protocol that provides the ability to transfer files among parties securely, via SSH. SCP also has an authentication level in the connection process. Allows file uploads to and downloads from a server, via port 22. Different flags can be used to control the bandwidth, cypher, and ports of the connection. The SCP protocol is east-to-use and pre-installed on Linux distributions.
SUID, SGID, and PATH
SUID and SGID are special characters (bits) that can be attached to files or directories to provide additional permission capabilities. These capabilities may be beneficial for the system's operation. They can also be views as potential vulnerabilities.
Smb.conf
Samba's configuration file is used to manage all the options regarding data sharing. The file contains comments that explain the different options and assists in the configuration process.
Find
Searches for files and directories. The command looks for the file in the working directory. Yields more accurate results and uses more complex syntax. Find by size: find / -size 50M
Gaming Server
Servers that can be run on home PCs for multiple player video games.
ping -i
Sets the interval in seconds between each packet it sends.
Logical Operators
Several commands can be written on a single line by separating them with a semi-colon (;). This allows you to combine several commands in a single variable. Other command separators can be used as well, such as || which will run the second command if the first fails, and && which will run the second command if the first succeeds. The exit status syntax is echo $? and can only be run from the terminal window.
Netstat
Shows network statistics about the workstation and displays the port number, incoming and outgoing connections, if the connection is active or inactive, and if the port is listening. Also can display the information in a graphical view. Netstat returns results with information about the online state and live connections, similar to the ss command, which dumps socket statistics. The ss command is installed by default in Linux distributions and is easier to use than netstat
wc -c
Shows the number of bytes
Additional Flags for Grep: -n
Shows the number of the line the word was found in
which
Shows where the execution location is for specific binaries. Typing it before a command or set of commands will show the location of the command, which will typically be /usr/bin
Special Files: (s)
Socket file
Basic Linux Components: Desktop Environment
Software that provides a user-friendly GUI.
Basic Linux Components: Package Manager
Software that provides the ability to download, install, and update applications.
Terminal Emulator: Graphical Usage & Applications
Some applications cannot be replaced with a terminal emulator, such as those that run their own database. Some applications, such as Wireshark, can be used as both GUI and non-GUI.
SCP Flags: -P <port>
Specifies the remote connection port
Tar Archive -zcvf: f
Specify the archive name
Permissions: UGO
Specify the entity and the permission using letters. u - user g - group o- other
Important Directories: /media
Stores information about removable media, such as CDs and USBs. When a removable disk is connected, a directory will automatically be created with the disk contents.
Cut -b
Text can be arranged by bytes
Gedit
Text editor for UNIX-like operating environments. It is a third-party application that works with an interface similar to Notepad. Terminating the command without exiting the Gedit interface will close the Gedit window without saving the changes. It supports syntax highlighting, printing, plugins, spell check, and more. Text appears monochrome, unless a different color scheme is chosen.
Hidden Files: .bashrc
The Bourne Shell configuration file
Hidden Files: .kshrc
The Korn Shell (ksh) configuration file
Bash
The characters ./ are placed before the name of a script, for it to be executed. When a script file is created, it is not assigned execution permissions, which must be added manually to allow its execution. When scripts are written in text editors, the editors recognize the code and provide different colors for their various sections.
SSH Connection
The connection process consists of several steps. 1: set the command with the server's credentials to initiate the connection. 2. The client is asked about continuing or not, and then sends a password for the specified user. If the password is correct, a shell appears.
'Do' Parameter
The do parameter defines the action to perform if the condition is true. The do action follows for, and done closes the loop. Note: done is necessary to let the script know when to end the loop actions.
Linux Distributions: Distribution Variety
The fact that Linux is an open-sourced project, enabled it to branch out to form many different distributions. Each distribution has its own purpose, strong points, and weaknesses. Some distributions are dedicated to server management, such as Ubuntu and CentOS. Some distributions are dedicated to penetration testing and hacking, such as Parrot and Kali. Due to flexibility of the Linux architecture, many distributions are based on older ones. Although there are many distributions with different GUI experiences and file managers, they all share a common kernel.
chown
The file owner or group can be changed. By changing the owner or the group of the file or directory, the permissions will be applied to the specified entity. Example: chown <user>:<group> <filename>
Linux Installation: Debian
The first step is to choose the installation type: graphical experience (32/64-bit), standard installation, or graphical installation that does not include the GUI interface. The next step is to choose the language and country, and then the hostname, domain name, and root password. After those steps, the user specifies his/her actual name, and a username and password for non-admin users. Debian does not use the root as the main user, for security reasons. The final steps are to save the configuration details and choose the installation path.
Samba Hardening
The following hardening options are suggested for the samba service: Allow list the host access segment; Turn off the option to save passwords; Don't publish the service to the world' Use the relevant SMB version
ls -l | grep <file name>
The grep command is used to search for strings within a text. Concatenating the ls command with grep using the pipe will filter the search to obtain a more accurate output.
If, Else, Then
The if structure includes if followed by open brackets, with the condition appearing in the brackets. The word then follows, and what should happen if the statement is true. The structure ends with fi. Note: If statements must include the following to work: They must end with fi; They must have spaces before and after an option in brackets.
FTP Installation
The installation process for the client is simple and requires the execution of a single command: apt install ftp. A connection can be established for a server simply by providing the name of the application and the target IP address. Upon connection, the CLI of the ftp server will appear and allow command execution. A browser can also be an ftp client, as long as the protocol is specified in the target URL.
Samba Installation
The installation process is straightforward, and the service is installed via the apt package manager. Before installing Samba, it is recommended to have a fixed IP address to avoid unnecessary changes to the configuration file.
Linux Kernel: Process Management
The kernel assigns resources to individual processes and prioritizes them. It also manages process security and ownership information.
Linux Kernel: Handling System Calls
The kernel can receive requests from programs to perform certain tasks.
Route: Genmask
The network mask of the destination network
Repositories
The paths listed in the sources.list directory are called repositories, which are storage locations that Linux designates for all packages (a remote server). The file can be located in the /etc/apt/ directory and there are also several files in the /etc/apt/sources.list.d/ directory. Require internet connection. Changes can be made in the sources.list file to change the accessed repositories, but such changes require root access
File Sharing
The protocol allows file sharing among parties, and can also be used to deploy a file storage server that users can access via CLI or a browser and download files from it. The server's access permissions can be controlled via its configuration file, vsftpd.conf, which is located in /etc/. The default installation of an FTP server is considered unsecure, since all the data is transferred in plain text.
/etc/apt/source.list.d/
The purpose of the files is to communicate with the sources listed in the file for online updates.
Hidden Files: .rhosts
The remote shell configuration file
Route: Destination
The routed network
system-resolved
The service in Linux systems responsible for address name resolution
Stderr
The standard error stream that sends error messages to stdout
Stdin
The standard input stream that reads data from the user.
Stdout
The standard output stream that, by default, sends data to the output terminal
Sum
The sum command performs a checksum and counts 512-byte blocks in a file.
Command Line Interface (CLI)
The terminal allows the user to enter commands for the operating system. The command interface depends on the distribution. In the terminal prompt. the dollar sign ($) typically means "logged in as regular user." The hash sign (#) means "logged in as root user."
Command Structure
The terminal and commands run through it are used to configure system settings and display existing data. System operations and management can be faster and more efficient via the terminal, and process automation is simpler. Commands run via the terminal have unique structures that include letters, numbers, and characters
Apache Configuration
The web files are located by default in /var/www/html/index.html. This is the root folder and contains Apache webpages. You can change it by editing the apache2.conf file, which is located in /etc/apache2/ along with many other Apache configuration files. Apache2.conf is also responsible for loading the other configuration files in the /etc/apache2 directory.
Linux Distributions
There are many Linux distributions, some of which are fully customized, and some that are compiled to a ready image and uploaded to the internet as ISO files. Common distributions include Debian, Ubuntu, RedHat, CentOS, SUSE, and others. Some have different command execution syntax, and some are completely different in their user interface and experience.
vsftpd
This is the server side of the FTP communication. The server is responsible for running the FTP daemon and stores all information regarding the service and its configurations. Installation of the vsftpd service is done using the command: apt install vsftpd
Permissions
Three main: read, write, and execute (-rwxrwxrwx). Typically the root user is the only one who has the permissions to work with system configuration files.
More
To avoid scrolling endlessly to find something in the file, it can be viewed page by page
ssh [user]@[IP address]
To connect via CLI, the service command must be used with the credentials of the server and a user to connect to.
mv <filename><destination>
To move a file from one location to another. The original location is referenced first, and then the new location. The command will also overwrite any files in the destination with the same specified name
SSH Hardening: Disable Root Login
To prevent remote connections with high level privileges, the option to log in with the root user may be disabled.
Vim: (:)
To run a command while a Vim file is open. Colon can be used for: to save a file, search for somethin gin the code, or display information on other commands. When you type (:), a line will appear at the bottom of the terminal, where you can enter a command
Compilers
Translate the code into machine language before running it. Although compiled programs run faster, they first need to go through the compilation process, which is time consuming.
Interpreters
Translates the code into a intermediate form and then runs it. Interpreters run high-level programs immediately. A shell interpreter links commands written in CLI to OS services and binaries, and runs them.
ifconfig down
Turns the network interface off
ifconfig up
Turns the network interface on
Tail & Head
Typically used in content with large amounts of text. Can change the number of lines displayed using the -n flag.
apt update
Updates package lists for upgrades
Apt Updating
Updating the system does not mean it installs the packages. Instead it saves a list of the newest versions of the available packages in the /var/cache/apt/archives directory, which can be retrieved and installed using the apt install command.
Automation
Us a crucial aspect of Linux system management and operation. Bash scripting is ideal for that purpose and can significantly reduce the time and effort of administrator and user tasks. When an automated task is performed, it is recommended to have the script print messages about the execution for informational and possibly debugging purposes.
SSH Hardening: Set a Certificate
Use this option to control the login security level without monitoring the usage of strong passwords
SCP Flags: -v
Used in debug mode to observe the connection details between SCP and SSH
cat [filename]
Used to output a file's content to the terminal
Hidden Files: .profile
User settings related to a shell, such as the location of a shell-based search for executed commands
Basic Linux Components: Dedicated Environment
Users can choose the Linux distribution that suits their needs. For example, because Kali OS contains hacking tools, it is often used by penetration testers. Although Kali includes a GUI interface, the terminal within the GUI is user for many operations, since most of the hacking tools are supported only via the terminal. To build an operating system, programmers rely on some of the more commonly used distributions, such as Debian, to customize the repository, applications, and the entire look.
SMB
Uses two protocols: 139 when it runs on top of NETBIOS as an older versions, and port 445 when it runs on top of TCP
Variables and Calculations
Using a double plus sign (++) before or after a variable increases the value by 1. Variables are calculated relative to their locations within the command flow. The last variable that is calculated will be the final value. In arithmetic operators, there is an option to use the escape character (\), which indicates the removal of the special meaning of a character.
C Shell
Utilizing C Shell is done by running the csh command from a terminal. C Shell commands provide programming features, such as keyboard shortcuts, automation by scripting, displaying a history of commands, and more. C Shell lends itself to ease of extension and expansion using a C-syntax development language. Common for developers who would like to maintain consistency in syntax to the operating system itself.
systemctl status <service name>
View service status
Crontab Text Editor
When Cron is started for the first time, you need to specify the text editor. The crontab -e command will start the johnd crontab file. The default and recommended editor is Nano.
Service Debugging
When a service is activated, it is important to check its status using the command: service <service name> status, and verify that it is active. If the service fails to start, a brief description of the problem will often be provided.
IP Address
When clean versions (without additional tools) are installed, the IP address command will display the IP address of the station.
Read & Echo
When learning a new language, a good way to start is to learn how to print and read data. The read command waits for input from the user and assigns it to a variable. The command can be used in a script to collect information from the user and use it as a variable.
Alias
When working with a shell interpreter, aliases can help write scripts faster and more efficiently. An alias is a combination of commands that are piped together. The commands can be sequenced in .bashrc files, which are located in the user's home directory. The file is hidden (as indicated by the dot before the file name) and can be viewed using ls -la (the -a flag shows hidden files) or opened using a text editor (for example, vim ~/.bashrc). The file can also be viewed using the GUI file explorer, and Ctrl + H allows you to see hidden files in a folder.
Basic Linux Components: Dedicated Environment; RHEL and CentOS
Which are enterprise-grade versions of servers. Unlike other distributions, RHEL is licensed, and requires a fee for support. CentOS is a free alternative to RHEL, with several differences and without RHEL's enterprise support.
Named
Which is part of the BIND DNS package, is a service that executes the DNS server daemon, which converts host names to IP and vice versa.
Sort -o
Which places the sorted output in a new file
Sort -r
Which sorts content in reverse order
echo >
Will overwrite all existing content and insert new content
Bash
aka Bourne-Again Shell, is a type of interpreter that processes shell commands. An interpreter is a program that executes instructions written in a high-level language.
Starting the Service
service <daemon_name> <action> or systemctl <action> <daemon_name> The most common actions are start, restart, stop, and status. To configure a service to start with the system boot using the command systemctl enable <daemon_name>
Alias: If not found
the shell interpreter will go to the PATH and look for executable files that correspond to the given command. PATH is an environment variable that points the shell to directories where the executable files (such as binaries and scripts) reside.
Variables: Assign a Command Output to a Variable
you can use back ticks (`): myIP=`ip a | grep - A 1 enp0s3`. Using that example, you can obtain the IP address by running echo $myIP after the grep command.
Hard Link
Files that are saved to the hard drive (regularly created and saved files). Any change in a hard link will also cause a change in its associated soft link.
File System Navigation
Fundamental skills to master in Linux are: manipulating files, navigating the directory tree, and understanding the file system environment. After logging in to a server, the initial location is often the user account's home directory.
Installing GNOME as a Desktop Experience
GNOME (GNU Network Object Model Environment) installs tools and features in a graphical interface and presents them in a desktop environment. GNOME is one of the many desktop experience interfaces that are referred to as Windows Managers, and can be installed and uninstalled at any time.
Operators: -gt
Greater than
Sudo
A regular user can be configured as a 'sudoer' which grants the privilege to execute commands with root permissions
SSH Remote Connection
A remote connection to an SSH server can be established from a CLI with a dedicated command or a dedicated third-party application, such as PuTTY. One side has the role of the server and the other has the role of the connecting client. The SSH daemon constantly listens to the service's port and waits for a client's request to connect.
Route: Metric
A value that specifies the preferred route when there are several routes to the same destination. A lower number indicates a higher preference
Variables
A variable is a character string to which a value can be assigned. Since a variable is a pointer to actual data, it can represent anything from a character to a device. Variables are indicated by the dollar sign ($).
Route: Flags
Additional data that describes the routes (U= up, G= gateway)
Symbolic Link
Aka Soft link, and is similar to a shortcut in Windows. The link is written to a different directory than the one it is saved in.
dhclient -p
Allows configuration of a custom port (the default port is 68 UDP).
Archives
An archive is a group of files that are bundled into a single file. Many archives are compressed to reduce the file's size. Transmission of data and program distribution can also be performed using archives. Software available online is typically distributed in archived files that include all associated files and documentation.
Bash Scripting
Anything that can be run as a command can be included in a script. Example: write a script to run simple commands such as tar and crontab to schedule a backup.
echo
Appending and writing text to a file. Displays typed content on the same terminal interface.
Command Line Interface (CLI): Options
Are properties of commands that expand the command's capabilities. They are typically represented by hyphens and one or more letters.
Arithmetic Operators
Arithmetic operators are mathematical functions that can calculate two or more operands, or objects that can be manipulated. For example, in 2 - 1 = 1, the 2 and 1 are operands and the minus sign is the operator. Arithmetic operators are used in equations in computer language scripts, to perform various types of calculations.
B2SUM
B2SUM is a BLAKE2 hashing tool. BLAKE2 is a cryptographic hash that works faster than MD5 and SHA1(3), and has the SHA-3 security standard.
Compression: BZip2
BZip2 is an open-source file compression program. It can only compress individual files and is not a file archiver.
Ping
Based on the ICMP, sends a network packet called ICMP echo request to a remote server, which replies with the information about how long it took for the packet to get to the server and back to the station. The response can also include an error message if the connection fails. Can be used with an IP address or DNS name and has advanced options that can be set with flags
Bash Scripting
Bash scripts allow multiple commands in a single file to be executed, which makes command execution easier. It also allows system commands in the script, which are otherwise typically executed from the terminal. Bash features make it ideal for administrative task automation. Script files have the extension .sh, and start with the line #!/bin/bash, which tells the system where to pass the data for execution.
Basic Linux Components: Debian
Basic distribution of Linux. It does not contain a desktop experience or a graphical interface other than the basic UNIX terminal. Users can install many utilities in Debian to enhance their work with the operating system.
Special Files: (b)
Block file
BASH
Bourne Again Shell. Was designed as an improved version of the sh shell and therefore has similar command syntax. BASH shell scripts are commonly run on Linux distributions
Vim
Built-in text editor based on the terminal. Uses colors, and displays line and character locations. Messages displayed at the bottom of the terminal window can be set to appear in yellow or red. Writing code is easier with the completion feature. Opens in command mode, what you type is interpreted as commands rather than regular strings.
mv
Can also be used to rename files in the system. To change a file's name and leave it in the same directory, the destination should be the current working directory(./).
Linux Installation
Can be installed as an operating system on the host computer or as a virtual machine. Linux can interact with and support many hardware components. Before installing Linux on a virtual machine, a few things should be preconfigured. Virtual box requires the preparation of an installation surface that applies RAM and disk size and matches and marks the platform (type and version) prior to inserting the ISO. Some versions of Linux include live version along with a full installation, but all have several common installation-related steps, such as creating a user, setting a password, configuring the installation path, updating the OS (during installation), and choosing a language.
journalctl -- unit=<service name>
Can be used to display logs for specific services
Files & Folders
Can include more than text, images, and compiled programs. Can also contain partitions, hardware device drivers, and directories. Case-sensitive. Two files can share the same name, but their names may have different letter cases.
Traceroute
Checks the path of a packet that is sent to its destination, and displays it in the command line. Each device along the path is known as a hop. Not every hop will be visible because some devices do not reply to ICMP requests even through they process them. Such devices are marked with **. The final destination is the target IP address and the source IP is linked to the sending station.
Additional Flags for Grep: -l
Displays the file name of input files
Head
Displays the first 10 lines.
Tail
Displays the last 10 lines of the document
wc -L
Displays the longest line in the file
wc -w
Displays the number of words in a file
Route
Displays the routing host tables that show the possible ways to forward network traffic. Setting the IP address as one of the sides (outgoing or incoming traffic) allows communication between all traffic segments. Listed as a table showing columns for the destination, gateway, genmask, flags, metric, Ref, and Iface.
Operators: !=
Does not equal
Basic Linux Components: Without GUI
Even if a Linux distribution does not come with a GUI environment, one can easily be installed. The GUI helps users perform many actions without having to run terminal commands, and is especially helpful for new users who may be unfamiliar with the command line interface (CLI). For example, the GUI interface simplifies file management tasks, such as moving directories, copying and pasting files and folders, and accessing directory listings.
Compression: Gzip
Gzip compresses data to reduce its size. The original data can be recovered by unzipping the compressed file. This application is essential for web apps and websites because the HTTP protocol uses Gzip for output, enabling smaller files to be downloaded by visitors.
Hashing
Hashing is the process of generating a unique value from a string or text using a mathematical algorithm. Hashes are used for almost any type of digital content, including text, documents, images, and more. A hashing function will always output the same results for the same given data. Databases of known password hashes, called rainbow tables, contain data that correspond with hashed values.
Additional Flags for Grep: -i
Ignores case sensitivity
File Integrity
In Linux, file integrity refers to whether or not files have been modified.
Terminal Emulator
In Linux, the terminal emulator allows the user to run OS commands directly on the machine. It is a tool that has a graphical interface and emulates shell or terminal text. The terminal emulator also allows remote command execution through SSH or Telnet protocols.
Users
In Linux, three user types: Service users; Regular users, Root user or superuser. A simple way to view all users in the system is to read the contents of the /etc/passwd file. Each line in that file contains information about a single user.
Linux Distributions: Other Uses of Linux
In addition to servers and personal computers, Linux is also used as a core component in Android and IoT devices. Since Android OS is based on the Linux OS, every Android phone, smart watch, and multimedia device runs on the Linux Kernel.
nano [file name]
Invoke Nano
vi
Invoke Vim
AWK
Is a data extension tool. It can extract specific data from texts and outputs the results to the screen. By default AWK uses white space to separate between fields, but you can set a custom separator using the -F flag.
dmesg
Is a diagnostic tool that generates messages from the kernel ring buffer during the boot sequence. Useful in cases of device failure. The kernel ring buffer records messages related to the operation of the kernel.
Sendmail
Is a mail transfer agent (MTA) used to deliver pre-formatted email messages. It comes pre-installed by default on most Linux distributions, and does not work with a GUI, but only through the CLI. The SMTP protocol that is used by nearly all email services communicates via sendmail
Secure Shell (SSH)
Is a secure network protocol with a range of uses. It can be used to securely access remote servers and hosts, and operates by creating an encrypted connection between a local client and a remote server over an insecure network such as the internet. The connection not only allows you to access remote servers and hosts but also to securley transfer files using the SCP protocol via SSH. SSH is used by applications such as PuTTY, MobaXterm, and many more. Port 22 is reserved for SSH.
Samba
Is a service that operates via the SMB protocol, which is responsible for file sharing in a network. The shared directory that it opens is specified in the smb.conf configuration file located in /etc/samba. The configuration file allows selection of different access permissions, such as allowing write operations to the directory, permitting browsing in other directories, and more
User Types: Root Account
Is a superuser that has complete access tot he operating system, including making changes and managing other users. The root user should not be able to log in to the OS freely, but should do so using the sudo command, which allows switching to root-level access when changes are necessary. Only a root user can create and delete other users.
Logwatch
Is a system log analyzer and reporter. It generates periodic reports based on criteria specified by the user, and can aggregate logs from multiple machines to a single report. It can analyze logs from multiple platforms. Some versions are not supported by older versions of system logs. Installed using: apt install logwatch -y
Nano
Is a text editor for UNIX-like operating environments that use a command-line interface. Includes shortcut keys to exit a file, cut a file's content, look for keywords in a file, and more. Keys appear at the bottom of the command line when using Nano.
journalctl
Is a utility that retrieves messages from the kernel, system daemons, journals, and other log sources.
Z Shell (Zsh)
Is an extension of the sh shell and shares common features with it. Includes automatic directory movement, recursive directory expansion, spell check, correction, and more.
Open-Source Philosophy: Berkeley Software Distribution (BSD)
Is an open-source OS based on research conducted on UNIX. Created at UC Berkeley and last release in 1995. From BSD, derivative programs, or descendants were created, including FreeBSD, NetBSD, DragonFly BSD, and others.
Samba
Is an open-source software suite that runs on Linux-based operating systems and communicates with Windows clients. Enables the sharing of resources such as printers and files through the Common Internet File System (CIFS) and the Server Message Block (SMB) protocols. SMB is used by applications and services to talk to each other over a network.
File Transfer Protocol (FTP)
Is one of the oldest methods for transferring files among hosts over TCP/IP connections. Is a client-server protocol that creates two communication channels between a client and a server: one to control the conversation, and another to transmit the data. Does not encrypt transferred files and was eventually replaced with Secure FTP (SFTP), which works over SSH. Uses two ports: port 21, to set the connection between both communicating parties, and port 20, to transfer the data.
PATH
Is the location the command references. Commands are located in the bin or sbin directory, and the command path is configured so that it first references the bin and then navigates to the sbin if it is not found in the bin directory. Can be manually configured and comes with default settings depending on the commands, libraries, application settings, and location. Each file path is separated with a colon (:).
Hardening
Is the practice of enhancing security, checking configurations, creating rules and policies, updating and patching software and systems, and a variety of other measures, with the aim of decreasing the surface vulnerability of programs, services, protocols, and operating systems.
sh
Known as the Bourne Shell. Is a simple shell interface that works with the OS. Sh is used as a scripting language and contains many features that are designed for programming.
SSH Hardening: Audit Connections
Monitor requests to connect to the service, to keep track of potential threats.
Linux Distributions: Computers and Servers
Linux became more and more user friendly, and evolved to include a modern, convenient desktop environment. This opened Linux to a larger volume of users, and the Linux personal computer OS today features an excellent GUI experience and numerous applications, such as those in the Ubuntu desktop. Linux OS designed for servers often do not implement GUI features and desktop experiences. Ubuntu has a server without GUI features, which makes it "lighter" and requires less resources for its basic operations. Linux servers can be used to host cloud services such as OwnCloud and NextCloud
Hashing Tools
Linux has a built-in command called checksum generation that displays the outcome of a cryptographic hash function. The most popular encryption utility in Linux is md5sum. There are tools that make hashing easier and can create a hash for almost anything, including files, words, and passwords.
GID (Group ID)
Linux identifies groups by their GID. Value is unique, and group names are case sensitive.
User Types
Linux uses groups to manage users and set access permissions. Can be personal accounts or the root account. Linux is a multi-user system based on the UNIX concepts of file ownership and permissions. Regular users typically perform daily routine-like operations. Not every command that the root user can run can be executed by a regular user.
ls -a
Lists invisible files
wc -l
Lists the line numbers in the file
Loops
Loop statements simplify repetitious tasks by continuously repeating an action until a condition is met. Repetitive tasks are used in programming, as well as in malicious brute-force attacks, the aim of which is to log in to a system by guessing a user's password. In malicious usage of a loop, an attacker can create a script featuring a loop that tries to enter a website by going through many possible passwords one at a time.
Open-Source Philosophy: Licenses
Most operating systems come in a compiled format, meaning the main source code is not directly accessible. The source code of an open-source OS is included in its compiled version, and anyone can modify and customize it. In addition, an open-source OS allows the user to run programs, change the code for a specific use, redistribute copies, and more. When software is compiled and ready, it is published and made available to the public. Applications typically include signatures, and some open-source software have a GNU General Public License (GPL), that ensures that it remains open-source, free, and available to be modified and configured at the kernel level.
Special Files
May provide access to hardware, such as hard drives, CD-ROM drives, modems, and Ethernet adapters. Other special files are similar to aliases or shortcuts that open or activate the files they represent
Special Files: (p)
Named pipe file
Navigation Commands: cd ..
Navigates to the parent directory of the current directory
Navigation Commands: cd /
Navigates to the root directory of the entire system.
Nginx
Open-source web server that focuses on performance optimization. Also used as a reverse proxy, HTTP cache, and load balancer.
Less
Opens one page of the file at a time
man
Opens the manual for a specified binary
Important Directories: /dev
Points to the location of device-related files.
FTP Hardening: Disable Anonymous Connections
Prevent the option to log in without credentials
FTP Hardening: Set Access Time Restrictions
Prevent users from connecting to the server at specific times, such as work hours.
System Commands: pwd
Prints the current working directory
System Commands
Provide data regarding the system and its content.
SGID
Provides the ability to execute a file for anyone in the owning group.
Piping (|)
Redirects the output of one command through the input of another command. A type of redirection from a stdout to a stdin. Used mainly in command form and can also be used in programs and processes. Divides the command into two inter-dependent parts. The second part of a piped command must be associated with the first part.
Additional Flags for Grep: -r
Represents recursive, and processes all files in the directory
dhclient command
Requests a new IP address
Sha1sum
Sha1sum works on SHA-1 message digests, which are no longer considered secure.
Tar Archive -zcvf: v
Show a list of processed files
Basic Linux Components: File Manager
Software that provides an interface for file and directory management.
SSH Hardening: Allow List Users
Specify which users can log in to the system to lower the potential attack surface.
Variables and Arguments: #
Starts a comnent
Directories
Store both special and ordinary files. For users familiar with Windows, UNIX-based directories are similar to folders
Important Directories: /var
Stores variable data files, such as log files (/var/log) and HTTP server files (/var/www), although these can be stored in the /srv directory as well.
Special Files: (I)
Symbolic link file
Command Line Interface (CLI): Commands
Syntax: Command [options] [arguments] A command can be a representation of existing data in the system, but can also configure the system itself, create new files, and run programs.
Linux Kernel: Hardware Management
Systems can include a variety of hardware components, such as CPUs, memory devices, sound cards, graphics cards, etc. The kernel stores all data related to the device drivers and how to interact with them. Without a kernel, the components could not be controlled.
Tar Archive
Tar is typically used by Linux system administrators to back up data. It creates archive files that can be moved easily from disk to disk. A tar archive is created using tar -zcvf .
Cut -c
Text can be arranged by column
cut -f
Text can be arranged by field
Zip & Unzip
The zip command is located in the /bin Linux directory. Options can be added to the command, such as the -d flag, which deletes the file during the unzipping process, and - u, which updates the compression.
Hidden Files: .cshrc
The C Shell (csh) configuration file
Double Parentheses
The starting point of a calculation can be indicated using double parentheses.
Zipping Files
The zip command compresses specified files. A list of files that were added will be displayed at the end of the command. Zip is not installed by default in the Debian distribution.
CLI vs GUI: CLI
While Microsoft Windows OS is developed for regular end users and includes an easy-to-use and well-designed interface, Linux is designed more for technical purposes, such as servers, devices, hacking tools, and forensics. The Linux OS is mainly based on the Command-Line Interface (CLI), but most Linux operating systems are designed and installed with a graphical user interface (GUI) as well. CLI allows the user to run a variety of actions with a single device (keyboard) from any directory. If you need to create multiple directories, one script can cerate as many directories as needed, whereas in the GUI, it would be a much more manual process. In addition, a GUI consumes more system resources.
Vim: i
Will active the insert mode, allow regular string input in a file, rather than characters activating commands
echo >>
Will append the existing content to the end of the file
Sort -n
Which takes numeric values into conideration
Linux vs Windows
Windows is closed-source system, Linux is open-sourced system. Windows is purchased, Linux is mostly free. Windows is not customizable, Linux is highly customizable.
FTP
Works with two sides: one is the client and the other is the server. The client application is called ftp and the server application is called vsftpd. The client and server applications may not be pre-installed in the Linux distribution by default.
cat <filename> | sort
You can display the contents of a file using the cat command and sort the contents by redirecting its output to the sort command.
Conditional Operators
perform actions based on whether a statement is true or false. They consist of if...then statements, whereby if the response is true, then an action will be performed or a message will be issued. There can also be an else clause for a false response, which will perform a different action or issue a different message. Conditional operators can be logical operators, such as and or or, which can check as many things as needed in one statement. Logical operators are indicated by a double ampersand (&&) or double pipe (||). For ampersands, both conditions must be true. For pipes, only one condition must be true.
Variable: Assign a Variable
simply write the reference, followed by an equals sign (=), and the value of the variable with a number, or a word in quotes. For example, num=3 or str="Hello World".
-type=ns. -type=any
will display additional information about the domain, such as NS records, mailing address, expiration date, and other records, including SPF and TXT
