Linux Essentials

Operating Systems
Why Linux over Windows?
Most security appliances are run on a Linux OS (Firewall/IDS/Router).

In Windows, all users can have administrator privilege, while Linux has the idea of limited access accounts and superuser (root) which controls the all users’ privileges, the root is
equivalent to administrator in Windows.

SSH Connection
There are a lot of scenarios when you’re away from your system and you want to log into it, that’s why we need SSH.

Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.

Typical applications include:

Remote Command Line

Remote Command Execution

Login

💡 SSH is running by default on Port 22.

Basic Linux Commands

System Information commands
whoami → Prints out your current user.

id → Prints out your UID, GID and all groups your current user is in.

hostname → Prints out your machine’s host name. Which’s generally defined in /etc/hosts.

Uname -a → Prints out OS kernel version and architecture.

Linux Essentials 1
 Printing current working directory
pwd → Prints out the working directory.

echo → Similar to print, it’ll print out the arguments passed.

List contents of directories

ls → Lists the files in the current directory.

ls -l → Lists the files with long listing format, which’s detailed information about the file.

ls -a → Lists all the files in the directory, even the hidden ones.

The details provided from left to right are:

1. File type + Permissions

2. Number of Links

3. File Owner

4. Group Owner

5. File Length

6. Data of Creation

7. File Name

Manipulating files and directories

mkdir → Creates a new directory.

touch → Creates a new file.

mv → Move and rename files.

Linux Essentials 2
 rm → Remove files.

rm -rf → Remove directories.

man command → It shows the documentation of any command you type after it.

Linux File System

Structure of a Linux File System
/ → Root directory which contain only the directories needed at the top level of the file structure.

/bin → Where executable files are located. These files are available for all user

/dev → These are device drivers.

/etc → Supervisor directory commands, configurations files, disk configuration files, valid users lists, groups, ethernet, hosts.

/var → Contains log files.

/lib → Contains shared library files, and sometimes other kernel-related files.

/home → Contains the home directory for users and other accounts.

/tmp → Holds temporary files used between system boots.

/kernel → Contains kernel files.

/usr → Includes administrative commands, shared files, library files, and others.

Linux Terminal
Software Installations with Terminal
Just like your Windows GUI (Graphical User Interface) that displays icons and images, it is easier to perform a task and give instructions to your computer. With Linux, you can also instruct
the OS using a terminal/terminal emulator.

A terminal is a program that allows user interactions with a shell. It is a mechanism to transfer commands from the user to the operating system. For the OS to understand the commands,
a shell is needed to execute the commands.

Linux Essentials 3
 A shell in Linux is a program that interprets the commands you enter in a terminal window, so the OS can understand what you want to do.

apt-get

APT stands for Advanced Packaging Tool.

sudo apt-get install packagename → Install a package.

sudo apt-get remove packagename → Remove a package.

sudo apt-get update → Update the package database.

sudo apt-get upgrade → Update all packages for their latest versions.

File Operations
Creating Files
touch → Used to create a file.

Displaying File Content

cat → Used to display the file content. If the file is longer than the size of the window, it scrolls past making it unreadable.

more → Used to display file content. If the file is longer than the size of the window, it will display one page at a time.

head → Used to display the first part of a file.

tail → Used to display the last part of a file.

grep → Used to search for a keyword or a specific pattern in a file.

Copying and Deleting Files

cp → Used to copy a file or a group of files or a directory to a specific location.

mv → Used to move a file or a group of files or a directory to another location.

Linux Essentials 4
 rm -r → Delete one or more files or directories.

Counting File Content

wc → Used to count the number of words, lines and characters in a file.

Text Operations
Text Manipulation Tools
sort

Used to sort a file alphabetically by default.

sort -n

Used to sort a file numerically in an ascending order.

sort -nr

Used to sort a file numerically in reverse order in a descending order.

uniq

Used to filter out (delete) duplicate lines in a file, and writes filtered data to an output file.
tr

Used to translate or delete characters in a file.

cut

Used to cut out sections from each line and printing out the result. It can be used to cut parts of a line by byte position, character and field. It's necessary to specify options, otherwise it gives
error.
awk

Used to write tiny but effective programs in the form of statements that define text patterns that we want to search for in each line of a document, and the action that is to be taken when a
match is found within a line. Awk is mostly used for pattern scanning and processing. It searches one or more files to see if they contain lines that match with the specified patterns and then
perform the associated actions.
base64

Base64 is an encoding algorithm that allows you to transform any characters into an alphabet that consists of Latin letters, digits, plus, and slash. It can convert Chinese characters, emoji,
and even images into a “readable” string, which can be saved or transferred anywhere.

Helpful References

Examples on Encoding & Decoding using Base64: https://www.youtube.com/watch?v=c5eUO8YbrxM

Linux Essentials 5
 https://www.geeksforgeeks.org/tr-command-in-unix-linux-with-examples/

https://www.geeksforgeeks.org/cut-command-linux-examples/

https://www.geeksforgeeks.org/awk-command-unixlinux-examples/

Users Groups
What’s meant by The User?
A user is anyone who uses a computer.

Each computer a user uses has a name for each account it creates.

It’s this name by which the person gains access to the computer as a restricted account or an administrator account (root in Linux).

How to manage users in Linux?

It’s really important to manage users by limiting their access in a specific way.

It’s always a good thing to have full control over the users and apply good security policies and rules.

Superusers (root) should only be the ones who have complete access to the operating system and its configuration.

What are groups?

In Linux, a group containing a collection of specific users.

The main purpose of groups is to define a set of privileges such as: read, write, or execute permissions for a given resource that can be shared among the users within the group.

Users can be added to an existing group to utilize the privileges it grants.

For every group there is a group ID. A group ID is an identifier for the group and not necessarily unique, it could be found in the /etc/groups file.

Types of groups?
There are two types of groups in Linux:

The Primary Group

It’s also called a private group. Each user must have a primary group and it’s automatically generated by the operating system when user is created.

Linux Essentials 6
 When a user creates a set of files, the operating system will associate the primary group of the user with all the files to track them.

Imagine there is no primary group assigned to my user , and I'm in ten secondary groups. And then I create a new file, what group this file belongs to? Which one of these ten?

Primary group tackles this issue and defines which group the file belongs to by default. You don't want the files you are creating in your home directory to be owned by development
group so anyone on that group can do the stuff allowed to do with them as the group.

The Secondary Group

They’re are optional groups. The users can be added to a single or many secondary groups.

Secondary groups grants a set of privileges for all the group members. For example, if a group has the permissions to read a specific file, all the members can read that file.

Secondary groups enhances the security level of the operating system.

User Management
Before we talk about how we can create or delete users let’s talk about two important files here in Linux:

/etc/shadow

It is a text file that contains information about the system’s users' passwords. It is owned by user root and group shadow, every line in this file contains an entry, every entry is responsible
for representing a user account.

/etc/passwd

It is a plain text-based database that contains information for all user accounts on the system, also an entry in each line. It is owned by root. The file can only be modified by root or users
with sudo privileges, and all users can read it.

💡 Note: Modifying the /etc/passwd and /etc/shadow files by hand should be avoided unless you know what you are doing.

Username → The string you type when you log into the system. Each username must be a unique string on the machine. The maximum length of the username is restricted to 32 characters.

Linux Essentials 7
 Password → In older Linux systems, the user’s encrypted password was stored in the /etc/passwd file. On most modern systems, this field is set to x , and the user password is stored in
the /etc/shadow file.

UID → The user identifier is a unique decimal number assigned to each user. It is used by the operating system to refer to a user.

GID → The user’s group identifier number, referring to the user’s primary group. When a user creates a file, the file’s group is set to this group.

GECOS → This field contains a list of comma-separated values which will contain values like phone number, full name, the value of this field is a string value and it cannot contain colons.

Home directory → The absolute path to the user’s home directory. It contains the user’s files and configurations. By default, the user home directories are named after the name of the user
and created under the /home directory and the value is a character string.

Login shell → The absolute path to the user’s login shell. This is the shell that is started when the user logs into the system. On most Linux distributions, the default login shell is Bash.

Securing Users and Groups Management

Linux is a multi-user operating system and many users may be logged in at the same time.

Managing users access and permissions is mandatory, strict security rules must be applied to all users.

Every user should have his own account, and sharing credentials between users is a bad idea.

Sharing access between users must be accomplished only by using the User and Group Management in Linux.

File Permissions
Linux is a multi-user operating system (which means multiple users can have access to the system at the same time).

For efficient security, it implements file ownership and file permission as a feature to provide a secure way of storing and accessing files.

This prevents unauthorized access to files and directories.

File Ownership in Linux

Linux assigns three types of ownership to every file and directory:

Owners

The user who creates a file or directory is considered the owner.

The owner's permission assigned to the file/directory defines what action the owner can perform on the file/directory.

Groups

A group contains multiple users with the same permission assigned to every member of the group.

These permissions define what action any member of the group can perform on a file/directory.

Linux Essentials 8
 Others

Others include everyone else who is not a member of any group or an owner of a file/directory.

For security purposes, always be mindful of the permission you assign here, as the file/directory permission defines what action anybody (could be anybody around the world) can
perform on a file or directory.

File Permissions in Linux

Linux assigns three types of permissions to every file and directory:

Read

Read gives users the privilege to view a file or list the contents of a directory.

Write

Write gives users the privilege to edit a file or modify a directory.

Execute

Execute gives users the privilege to run a file as a computer program.

How File Permissions Work in Linux

Various access permissions can be applied to a file's owning user, owning group, and others (those without ownership).

Linux Essentials 9
 How to Change File Permission in Linux
Use the chmod command to change the access mode of a file. The name is an abbreviation of change mode.

Example: chmod 131 file

Changes the “file” permissions to execute only for owner and others --x , while being write and execute for group -wx .

How to Change File and Group Ownership in Linux

chown user filename → To change the ownership of a file/directory.

Linux Essentials 10
 chown user:group filename → To change the ownership and group of a file/directory.

chgrp group filename → To change only the ownership of a group.

Process Manipulation
What is a process?
A process is an instance of a program currently running in the form of a thread(s).

A process is an active entity while a program is a passive entity.

Depending on the environment, a process can be uni-threaded (consisting of a single thread) or multithreaded (consisting of multiple threads).

In Linux, any command you give to your Linux machine starts a new process.

Linux Process Manipulation

In Linux, there are various commands that are used for process manipulation. There are commands that enable a user to view the list of processes and their information, delay the start of a
particular process, and terminate or stop a process from further execution.

We’ll explain two ways to start a process:

Foreground Processes
A foreground process is any command or task you run directly and wait for it to complete.

Some foreground processes show some type of user interface that supports ongoing user interaction, whereas others execute a task and "freeze" the computer while it completes that
task.

Thus, the user must start such processes himself, as they’re not started automatically as a part of the system like the background processes.

They are also referred to as interactive processes.

To start a foreground process, you can either run it from the dashboard, or you can run it from the terminal.

Linux Essentials 11
 Background Processes
Unlike with a foreground process, the terminal does not have to wait for a background process to end before it can run more processes.

You can enter as many background commands as you want within the limited amount of memory available.

To run a command as a background process, type the command and add a space and an ampersand to the end of the command.

These are also referred to as non-interactive/automatic processes.

You can start a program such as banshee , and then type bg to send the process to the background.

Types of processes?

Linux Essentials 12
 1. Parent Process

The process is created by the user on the terminal. All processes have a parent process, If it was created directly by the user then the parent process will be the kernel process.

2. Child Process

This is a process created by another process (by its parent process). All child processes have a parent process.

3. Orphan Process

After completing its execution, a child process is terminated or killed and SIGCHLD updates the parent process about the termination, and thus can continue the task assigned to it.

But sometimes, when the parent process is killed before the termination of the child process, the child processes become orphan processes, and the parent of all processes init

process, which has a PID 0 , becoming their new PID.

4. Zombie Process

A process that is killed but still shows its entry in the process table, is called a zombie process.

They are dead and are not used. They have ZERO CPU consumption.

5. Daemon Process

They are system-related background processes that often run with the permissions of root and services requests from other processes.

They usually run in the background and wait for processes they can work along with for ex print daemon.

A Daemon process can be recognized if it has ? in its TTY field.

Linux Essentials 13
 Creation of Processes in Linux
A new process is normally created when an existing process makes an exact copy of itself in memory. The child process will have the same environment as its parent, but only the process ID
number is different.

There are two conventional ways used for creating a new process in Linux:

Using The System() Function → this method is relatively simple, however, it’s inefficient and has significantly certain security risks.

Using fork() and exec() Functions → this technique is a little advanced but offers greater flexibility, speed, together with security.

States of a Process in Linux

During execution, a process changes from one state to another depending on its environment/circumstances.

In Linux, a process has the following possible states:

Running → Here, it’s either running (it is the current process in the system) or it’s ready to run (it’s waiting to be assigned to one of the CPUs).

Waiting → In this state, a process is waiting for an event to occur or for a system resource. Additionally, the kernel also differentiates between two types of waiting processes:

Interruptible Waiting Processes → Can be interrupted by signals.

Uninterruptible Waiting Processes → That are waiting directly on hardware conditions and cannot be interrupted by any event/signal.

Stopped → In this state, a process has been stopped, usually by receiving a signal. For instance, a process that is being debugged.

Zombie → Here, a process is dead, it has been halted but it still has an entry in the process table.

Linux Essentials 14
 Common Linux System Calls for Process Management

Network Communications
Display and Modify Information Associated to a Network Interface
ip command

ip command is a replacement for the traditional ifconfig command, ip which stands for Internet Protocol, is a tool used to configure and analyze a network interface, to bring
interfaces up or down, assign and remove addresses and routes, manage ARP cache, and much more.

ip address , ip addr or ip a To view all the interfaces and the assigned IP address, subnet and default gateway.

To display information about a single network interface.

ip addr show dev e.g.
ip addr show dev eth0

To add an IP address to a network interface on your machine.

ip address add dev e.g.
sudo ip address add 196.168.105.12/24 dev eth0

To delete an IP address from a network interface on your machine.

ip address del dev e.g.
sudo ip address del 196.168.105.12/24 dev eth0

To take down an interface use.

ip link set e.g.
sudo ip link set eth0 down

To take up an interface.
ip link set e.g.
sudo ip link set eth0 up

Linux Essentials 15
 ifconfig

command like the ip command is used to configure, display and control network interfaces. The
ifconfig ip command is an alternative to the ifconfig command, but with many more
functionalities than the “ifconfig” command.

With the ifconfig , you can perform some network functionalities, such as displaying or modifying a network interface, displaying mac addresses associated with a network interface,
modifying hardware information and much more.

ifconfig To display information about an interface.

To take down an interface.

ifconfig down e.g.
sudo ifconfig eth0 down

To take up an interface.
ifconfig up e.g.
sudo ifconfig eth0 up

ifconfig down

ifconfig hw ether 00:11:22:33:44:55 To modify the MAC address of an interface.

ifconfig up

Interact with External Servers from the Terminal

ping command

This is a utility used to check whether a network is available and if a host is reachable. With this command, you can test either if a server is up and running or if it’s unavailable. It also
helps with troubleshooting various connectivity issues

Ping [option] `hostname`

curl command

This is a tool used to transfer data to or from a server, using any of the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP or FILE).

curl is powered by libcurl. This tool is preferred for automation since it is designed to work without user interaction. It can transfer multiple files at once.

curl [options] [URL]

wget command

This is the non-interactive network downloader that is used to download files from the server even when the user has not logged on to the system and it can work in the background
without hindering the current process.

wget [options] [URL]

Linux Essentials 16