Linux Fundamentals
Hack The Box Walkthroughs ⋅ Academy ⋅ Linux Fundamentals
Introduction
Linux Structure
Linux is a family of operating systems that are free and open-source.
Linux operating systems follow five principles:
Everything is a file
Small, single-purpose programs
Ability to chain programs together to perform complex tasks
Avoid captive user interfaces
Configuration data stored in a text file
Components of Linux include:
Bootloader: Guides the booting process, which starts the operating system
OS kernel: Manages the resources for a system's input and output (I/O) devices at the hardware level
Daemons: Automatically run in the background and ensure that key functions like scheduling are working properly
OS shell: Acts as an interface between the operating system and the user
Graphics server: Allows graphical programs to run locally or remotely
Windows manager: Allows the user to access and manage essential features and services of the operating system in a more visual and easy-to-learn manner
Utilities: Perform particular functions for the user or another program
The Linux operating system can be broken down into layers.
Hardware: Physical components in the system, such as the RAM, hard drive, and CPU
Kernel: The core of the operating system that virtualizes and controls common computer hardware resources
Shell: A command-line interface that can execute a user's commands
System utility: Software that makes the operating system's functionality available to the user
The Linux operating system is structured in a tree-like hierarchy and is documented by the Filesystem Hierarchy Standard (FHS).
The Linux filesystem contains the following directories:
/
: Contains all files required to boot the operating system and other file systems/bin
: Contains essential command binaries/boot
: Contains static bootloader, kernel executable, and other files required to boot the operating systems/dev
: Contains device files to facilitate access to hardware devices attached to the system/etc
: Contains local system configuration files and configuration files for installed applications/home
: Contains files for each user on the system/lib
: Contains shared library files that are required for system boot/media
: Acts as the mount point for external removable media devices such as USB drives/mnt
: Acts as the temporary mount point for regular file systems/opt
: Contains optional files such as third-party tools/root
: Acts as the root user's home directory/sbin
: Contains executables used for system administration/tmp
: Contains temporary files made by the operating systems and many programs/usr
: Contains executables, libraries, man files, etc./var
: Contains variable data files such as log files, email in-boxes, web application related files, cron files, etc.
Linux Distributions
We refer to individual operating systems in the Linux family as distributions, or distros for short. These distributions differ by the packages they include, the user interface they provide, and the tools they make available.
Kali Linux is popular for cyber security specialists.
Ubuntu is popular for desktop users.
Debian is popular for servers and embedded systems.
Red Hat Enterprise Linux and CentOS are popular for enterprise-level computing.
Introduction to Shell
A Linux terminal, also called a shell or command line, provides a text-based input-output (I/O) interface that allows users and the system's kernel to interact. The most commonly used shell in Linux is the Bourne-Again Shell
(BASH).
Terminal emulators are a type of software that emulate terminal functionality. This software allows text-based programs to be used within a graphical user interface (GUI). Command-line interfaces (CLI) run as additional terminals in a single terminal.
The Shell
Prompt Description
A prompt description is a string of characters on a terminal screen that indicates the system is waiting for our input. The prompt description often includes information such as the user, current working directory, privileges, etc. Here are examples of prompts:
As shown above, $ stands for user shell prompt (unprivileged) while # stands for root shell prompt (privilege).
The prompt can be customized using special characters and variables in the shell’s configuration file (.bashrc
for the Bash shell). Customization is useful for troubleshooting and logging. For example, customization could allow us to include a timestamp on each command, so that commands we made can later be filtered and sorted.
Getting Help
Linux includes built-in functionality for us to view information about commands we are unfamiliar with. We can view the manual of a command with man
:
We can also view optional parameters without browsing through the complete documentation using the --help
parameter:
If we are unsure what command we are searching for, we can search the descriptions of all manual pages for tools with a given keyword using apropos
:
System Information
Many useful tools are installed by default in Linux.
The following commands display or set basic information about the system:
whoami
: Displays the current usernameid
: Returns user's identity and group membershiphostname
: Sets or prints the name of the current host systemuname
: Prints basic information about the operating system name and system hardwarepwd
: Returns working directory namewho
: Displays who is logged inenv
: Prints environment or sets and executes commandlsblk
: Lists block deviceslsusb
: Lists USB deviceslsof
: Lists opened fileslspci
: Lists PCI devices
The following commands display or set information relating to the networking functions of the system:
ifconfig
: Used to assign or to view an address to a network interface and used to configure network interface parametersip
: Used to show or manipulate routing, network devices, interfaces and tunnelsnetstat
: Shows network statusss
: Used to investigate socketsps
: Shows process status
We can also use ssh <username>@<ip_address>
to securely log into a remote system.
Workflow
Navigation
As mentioned in the previous section, typing pwd
in the command line prints the current directory. We can navigate through our file system using ls
, which lists files in our current directory, and cd <directory>
, which allows us to change directories.
Here are some navigation shortcuts to improve your workflow:
Use
cd -
to jump into the directory one was last inUse
cd ..
to move to the parent directory of the current directoryUse
[CTRL] + [L]
as a shortcut forclean
, which clears the terminalUse
[CTRL] + [R]
and type some target text to search through command history
Working with Files and Directories
touch <file>
can be used to make files while mkdir <directory>
can be used to make directories. As a shortcut, mkdir -p <parent>/<directory>
will add parent directories if they do not exist.
tree .
can be used to view the file structure of the current directory. stat <file>
can be used to view file information.
mv <file> <destination>
and cp <file> <destination>
are used for moving (and renaming) and copying files or directories.
Editing Files
We can edit flies directly in the command line with text editors like Nano and Vim, which can be opened with nano <file>
or vim <file>
. Nano has a more approachable learning curve, but Vim is a powerful and compact modal editor that is worth getting to know.
If we just desire to view files without editing them, we can use cat <file>
to print the contents directly to the terminal.
Find Files and Directories
In a large system, finding the files and folders we need is crucial.
We can use which <program>
to find the path to a file that is executed when running the program, if it exists.
find <location> <options>
allows us to find files and folders and filter results. For example, adding -type f
as an option allows us to look for files while -name *.conf
allows us to look for files ending with ".conf". We should add 2>/dev/null
at the end of our command to hide error messages.
locate <file>
allows us to search through a local database about existing files and folders. Before running this command though, we should type sudo updatedb
in order to update this database.
File Descriptors and Redirections
A file descriptor (FD) indicates a connection maintained by the kernel to perform I/O operations. The first three Linux file descriptors are as follows:
Data Stream for Input (STDIN - 0)
Data Stream for Output (STDOUT - 1)
Data Stream for Error Output (STDERR - 2)
We can use a file's contents as input using the <
operator.
Filter Contents
INstead of using nano
or vim
to read a file, we can use pagers such as more
and less
. Pagers allow us to scroll through the file in an interactive view. We can press q
to quit the pager.
more <file>
opens in a file in a pager and leaves the file contents in the terminal after we quit the pager. less <file>
Also check out awk
and sed
for further sorting and manipulating results.
Regular Expressions
Regexes are commonly used with grep
and sed
.
Permission Management
Execute permissions for a directory are necessary to traverse a directory. These do not allow a user to modify or execute files within the directory.
Special permissions for files can be set using the Set User ID (SUID) and Set Group ID (SGID) bits. Sticky bits are a type of file permission that can be set on directories. These bits can be used to prevent the deletion and renaming of files within a directory by users other than the owner.
System Management
User Management
sudo: Execute command as a different user.
su: The
su
utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is then executed.useradd: Creates a new user or update default new user information.
userdel: Deletes a user account and related files.
usermod: Modifies a user account.
addgroup: Adds a group to the system.
delgroup: Removes a group from the system.
passwd: Changes user password. |
Package Management
Most package managers provide the following features:
Package downloading
Dependency resolution
A standard binary package format
Common installation and configuration locations
Additional system-related configuration and functionality
Quality control
| The |
| Apt provides a high-level command-line interface for the package management system. |
| Aptitude is an alternative to apt and is a high-level interface to the package manager. |
| Install, configure, refresh, and remove snap packages. Snaps enable the secure distribution of the latest apps and utilities for the cloud, servers, desktops, and the internet of things. |
| Gem is the front-end to RubyGems, the standard package manager for Ruby. |
| Pip is a Python package installer recommended for installing Python packages that are not available in the Debian archive. It can work with version control repositories (currently only Git, Mercurial, and Bazaar repositories), logs output extensively, and prevents partial installs by downloading all requirements before starting installation. |
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. |
Debian-based Linux distributions use the APT
package manager. A package is an archive file containing multiple ".deb" files. The dpkg
utility is used to install programs from the associated ".deb" file. APT
packages together all of the dependencies needed to install a program.
See repository characteristics by viewing the /etc/apt/sources.list
file.
Service and Process Management
There are two types of services: internal (ex. system startup services) and services installed by users (ex. server services). Such services, called daemons (identified by the letter d at the end of the program name), run in the background without any user interaction.
A process can be in the following states:
Running
Waiting (waiting for an event or system resource)
Stopped
Zombie (stopped but still has an entry in the process table).
Certainly! Here's the markdown bulleted list based on your table:
1:
SIGHUP
- This is sent to a process when the terminal that controls it is closed.2:
SIGINT
- Sent when a user presses[Ctrl] + C
in the controlling terminal to interrupt a process.3:
SIGQUIT
- Sent when a user presses[Ctrl] + D
to quit.9:
SIGKILL
- Immediately kill a process with no clean-up operations.15:
SIGTERM
- Program termination.19:
SIGSTOP
- Stop the program. It cannot be handled anymore.20:
SIGTSTP
- Sent when a user presses[Ctrl] + Z
to request for a service to suspend. The user can handle it afterward.
Display background processes with jobs
. Use SIGTSTP
to suspend a process, and then let that process run in the background bg
. You can also do this automatically by putting &
at the end of a command. fg <ID>
will allow you to foreground a process.
Run several commands:
Semicolon (
;
): ignores previous command results and errorsDouble
ampersand
characters (&&
): runs only if previous commands succeedPipes (
|
)
Task Scheduling
Systemd is a service that can be used to set up processes and scripts to run at a specific time or time interval and specify specific events and triggers that will trigger a specific task.
Create a timer
Create a service
Activate the timer
We can also use Cron to schedule and automate processes. We setup a Cron daemon to store the tasks in a file called crontab and then tell the daemon where to run the tasks.
See HTB Linux Fundamentals for specifics on how to do this with Systemd and Cron.
Network Services
The most important network services you should be familiar with are SSH, NFS, Apache, and VPN.
OpenSSH: a free and open-source implementation of the Secure Shell (SSH) protocol that allows the secure transmission of data and commands over a network
Network File System (NFS): a network protocol that allows us to store and manage files on remote systems as if they were stored on the local system
Apache is widespread, but Python Web Server is a simple, fast alternative
OpenVPN: a popular open-source VPN server available for various operating systems
Working with Web Services
One of the most widespread web servers is Apache. Apache offers the possibility to create web pages dynamically using server-side scripting languages like PHP, Perl, or Ruby.
curl
allows us to transfer files from the shell over protocols like HTTP, HTTPS, and FTP. wget
is an alternative.
Backup and Restore
When backing up data on an Ubuntu system, we can utilize tools such as:
Rsync
Deja Dup
Duplicity
Rsync is an open-source tool that is particularly useful for transferring large amounts of data over the network. Combined with cron, rsync can be used to automatically backup files to a different server over SSH.
File System Management
The Linux file system is a hierarchical structure that is composed of various components. At the top of this structure is the inode table. The inode table is a table of information associated with each file and directory on a Linux system. Files can be stored as files or directories.
The main tool for disk management on Linux is the fdisk
, which allows us to create, delete, and manage partitions on a drive.
Each logical partition or drive needs to be assigned to a specific directory on Linux. This process is called mounting. Mounting involves attaching a drive to a specific directory, making it accessible to the file system hierarchy.
The
mount
tool is used to mount file systems on LinuxThe
/etc/fstab
file is used to define the default file systems that are mounted at boot timeWe can unmount with
unmount
but we must first make sure that file system is not being used by any processes
When the system runs out of physical memory, the kernel transfers inactive pages of memory to the swap space, freeing up physical memory for use by active processes. This process is known as swapping.
Containerization
Containerization is a process of packaging and running applications in isolated environments, such as a container, virtual machine, or serverless environment. Containers, simulating a system or network, are useful for safely testing exploits or malware in a controlled environment.
See HTB Linux Fundamentals for how to setup Docker and Linux containers.
Linux Networking
Network Configuration
Managing and configuring networks can be done with tools like ipconfig
or ip
. We can also set the default gateway, edit DNS settings, and edit interfaces.
Network access control (NAC) is a security system that ensures that only authorized and compliant devices are granted access to the network.
Discretionary access control (DAC): grants resource owners the responsibility of controlling access permissions to their resources
Mandatory access control (MAC): determines resource access based on the resource's security level and the user's security level or process requesting access
Role-based access control (RBAC): assigns permissions to users based on their roles within an organization
The most common network troubleshooting tools:
Ping
Traceroute
Netstat
Tcpdump
Wireshark
Nmap
Hardening is commonly done with SELinux, AppArmor, and TCP wrappers.
Remote Desktop Protocols in Linux
The XServer is the user-side part of the X Window System network protocol
(X11
/ X
). The X11
is a fixed system that consists of a collection of protocols and applications that allow us to call application windows on displays in a graphical user interface. X11
is predominant on Unix systems and is completely unencrypted.
The X Display Manager Control Protocol
(XDMCP
) protocol used to manage remote X Window sessions on other machines. XDMCP is an insecure protocol and should not be used in any environment that requires high levels of security.
Virtual Network Computing
(VNC
) is a remote desktop sharing system based on the RFB protocol that allows users to control a computer remotely. It allows a user to view and interact with a desktop environment remotely over a network connection. VNC is generally considered to be secure. The most used tools for such kinds of connections are UltraVNC and RealVNC because of their encryption and higher security.
Linux Hardening
Linux Security
Security is a processes, not a product.
Some kernel versions have to be updated manually. Also, keep your packages up to date:
Setup firewall rules and disallow password login and root user login via SSH. Do audits and follow some of these best practices:
Removing or disabling all unnecessary services and software
Removing all services that rely on unencrypted authentication mechanisms
Ensure NTP is enabled and Syslog is running
Ensure that each user has its own account
Enforce the use of strong passwords
Set up password aging and restrict the use of previous passwords
Locking user accounts after login failures
Disable all unwanted SUID/SGID binaries
TCP wrappers restrict access to certain services based on the hostname or IP address of the user requesting access. TCP wrappers use the following configuration files:
/etc/hosts.allow
/etc/hosts.deny
These files can be configured by adding specific rules to the files.
Firewall Setup
Firewalls provide a security mechanism for controlling and monitoring network traffic between different network segments, such as internal and external networks or different network zones.
The iptables utility provides a flexible set of rules for filtering network traffic based on various criteria such as source and destination IP addresses, port numbers, protocols, and more.
Tables: Tables are used to organize and categorize firewall rules.
Chains: Chains are used to group a set of firewall rules applied to a specific type of network traffic.
Rules: Rules define the criteria for filtering network traffic and the actions to take for packets that match the criteria.
Matches: Matches are used to match specific criteria for filtering network traffic, such as source or destination IP addresses, ports, protocols, and more.
Targets: Targets specify the action for packets that match a specific rule. For example, targets can be used to accept, drop, or reject packets or modify the packets in another way. See HTB Linux Fundamentals for details about each of these core components.
System Logs and Monitoring
System logs on Linux are a set of files that contain information about the system and the activities taking place on it.
Kernel Logs: stored in
/var/log/kern.log
System Logs: stored in
var/log/syslog
Authentication Logs: stored in
/var/log/auth.log
Application Logs: stored in logs depending on application
Sure, here's how the table would look as a markdown bulleted list:
Apache: Access logs are stored in the /var/log/apache2/access.log file (or similar, depending on the distribution).
Nginx: Access logs are stored in the /var/log/nginx/access.log file (or similar).
OpenSSH: Access logs are stored in the /var/log/auth.log file on Ubuntu and in /var/log/secure on CentOS/RHEL.
MySQL: Access logs are stored in the /var/log/mysql/mysql.log file.
PostgreSQL: Access logs are stored in the /var/log/postgresql/postgresql-version-main.log file.
Systemd: Access logs are stored in the /var/log/journal/ directory.
Security Logs: stored in logs such as
/var/log/fail2ban.log
(failed login attempts),/var/log/ufw.log
(firewall), etc.
Linux Distributions vs Solaris
Solaris
Solaris is a Unix-based operating system known for its robustness, scalability, and support for high-end hardware and software systems. It is widely used in the banking, finance, and government sectors. It is also used in large-scale data centers, cloud computing environments, and virtualization platforms.
Solaris is propriety and differs from Linux in its filesystem, security, system monitoring, process and package management, and kernel and hardware support. For example, Solaris uses pkgadd
to install packages instead of apt-get
like Linux.
Tips and Tricks
Shortcuts
The following keyboard shortcuts will allow us to work more efficiently in command line.
[CTRL] + A
: Move the cursor to the beginning of the current line[CTRL] + E
: Move the cursor to the end of the current line[CTRL] + [←]
/[→]
: Jump at the beginning of the current/previous word[ALT] + B
/F
: Jump backward/forward one word[CTRL] + U
: Erase everything from the current position of the cursor to the beginning of the line[CTRL] + K
: Erase everything from the current position of the cursor to the end of the line[CTRL] + L
: Clears the terminal (equivalent toclear
)[CTRL] + R
: Search through command history for commands we typed previously that match our search patterns
Last updated