Linux Operating System
The Linux Operating System is a powerful open-source platform used extensively in server environments, embedded systems, and by cybersecurity professionals. Its flexibility, features, and community support make it an great tool. Anybody that is aspiring to work in cybersecurity should have a solid understanding of Linux.
Linux Distributions
Linux distributions, often referred to as “distros,” are various flavors of Linux designed to meet specific needs or preferences. Each distro comes with the Linux kernel, a set of core system tools and libraries, and usually a package manager and pre-installed applications. Distros can range from general-purpose systems like Ubuntu and Fedora to ones tailored for specific tasks, such as CentOS for servers and Kali Linux for security testing.
- Ubuntu: Ubuntu is widely recognized for its user-friendly interface and robust support. It’s an excellent starting point for those new to Linux. In cybersecurity, Ubuntu serves as a stable platform for developing and running security tools.
- CentOS: CentOS, a derivative of Red Hat Enterprise Linux (RHEL), is known for its stability and long-term support. It’s commonly used in server environments.
- Kali Linux: Kali Linux is a distribution designed specifically for penetration testing and security auditing. It comes pre-loaded with hundreds of tools for hacking, network analysis, and vulnerability scanning.
Understanding the strengths and intended uses of different Linux distributions helps cybersecurity professionals choose the right tools for their tasks, from securing and managing servers to conducting advanced penetration tests.
Navigating the Linux Command Line
Navigating the Linux command line can initially seem daunting to beginners, but it’s a powerful skill set that forms the backbone of effective Linux usage, especially in cybersecurity.
Basic Commands
The command line is your interface to communicate directly with the Linux operating system. Most of your time spent working with Linux will be in a command line, so it’s important to get comfortable with Linux commands. Here are some essential commands you’ll use frequently:
ls
: Lists all files and directories in the current directory. It’s similar to looking inside a folder.cp
: Copies files from one location to another. Think of it as making a duplicate of a document.mv
: Moves files from one location to another or renames a file. It’s like moving a document to a different folder or changing its name.rm
: Removes files or directories. This is akin to throwing a document into the trash bin.cd
: Changes the directory. It’s how you navigate into a different folder.pwd
: Displays the present working directory. It’s like asking, “Where am I?” in the file system.mkdir
: Creates a new directory. It’s similar to making a new folder.cat
: Shows the content of a file on the screen. It’s like opening a document to read it.less
: Displays the content of a file one page at a time. Use this for longer documents.tail
: Shows the last part of a file’s content. It’s useful for checking the most recent entries in log files.
Permissions and Ownership
Linux is built on a robust permission and ownership system. This ensures that only authorized users and processes can access or modify files and directories. Linux permissions are represented by the letters ‘r’ (read), ‘w’ (write), and ‘x’ (execute).
Here’s a breakdown of each permission:
- Read (r):
- For files: Allows the reading of the file’s contents.
- For directories: Allows listing the directory’s contents.
- Write (w):
- For files: Allows modification or deletion of the file’s contents.
- For directories: Allows creating, deleting, or renaming files within the directory.
- Execute (x):
- For files: Allows the file to be executed as a program or script.
- For directories: Allows access to enter the directory and access its contents.
Permissions are assigned to three categories of users:
- Owner: The user who owns the file or directory.
- Group: A group of users who have the same permissions on the file or directory.
- Others: All other users on the system.
Each file or directory has a set of permission bits associated with it. These permission bits are represented by a 3-digit octal number (0-7), where each digit corresponds to the sum of the permissions for the owner, group, and others respectively. For example:
- 755: Owner has read, write, and execute permissions (4+2+1=7), Group has read and execute permissions (4+1=5), Others have read and execute permissions (4+1=5).
- 644: Owner has read and write permissions (4+2=6), Group has read permissions (4), Others have read permissions (4).
Ownership determines which users and groups have control over a file or directory and what permissions they have. Every file and directory is associated with an owner and a group. The ownership is shown as owner:group:
┌──(toor㉿kali)-[/opt]
└─$ ls -l
total 56
drwxr-xr-x 6 toor toor 4096 Jan 4 16:30 evil-winrm
drwxr-xr-x 9 root toor 4096 Jan 17 17:23 ghidra
drwxr-xr-x 7 root root 4096 Jan 4 14:42 impacket
Here is a breakdown for the example above:
evil-winrm
: This is a directory with the following permissions and ownership:- Permissions:
drwxr-xr-x
- Owner:
toor
- Group:
toor
- Explanation: The directory
evil-winrm
has read, write, and execute permissions for the owner (toor
), and only read and execute permissions for the grouptoor
and others.
- Permissions:
ghidra
: This is a directory with the following permissions and ownership:- Permissions:
drwxr-xr-x
- Owner:
root
- Group:
toor
- Explanation: The directory
ghidra
has read, write, and execute permissions for the owner (root
), and only read and execute permissions for the grouptoor
and others.
- Permissions:
impacket
: This is a directory with the following permissions and ownership:- Permissions:
drwxr-xr-x
- Owner:
root
- Group:
root
- Explanation: The directory
impacket
has read, write, and execute permissions for the owner (root
), and only read and execute permissions for the grouproot
and others.
- Permissions:
The permissions and ownership information helps determine who can access, modify, or execute the files and directories in the /opt
directory. To help you further understand owners and groups, here’s a brief description:
- Owner: The user who owns the file or directory. The owner typically has the most control over the file or directory and can change its permissions. When a user creates a file or directory, they become the owner by default.
- Group: A collection of users who share the same permissions on the file or directory. Every file and directory is associated with a primary group, and the group permissions apply to all members of that group. Users can be members of multiple groups, but only one group is the primary group associated with their account.
Ownership and permissions in Linux can be quite difficult but it’s important to have a thorough understanding of them so you can correctly assign permissions. Here are some commands for viewing permissions and ownership, changing permissions, and changing ownership:
- Viewing Permissions: The command
ls -l
lists files and directories with their permissions displayed. Permissions are shown as a sequence of characters, for example,-rwxr-xr--
. The first character indicates if it’s a file (-
) or directory (d
). The next three characters represent the owner’s permissions, followed by the group’s permissions, and finally, everyone else’s permissions. - Changing Permissions: The
chmod
command changes the permissions of a file or directory. For example,chmod 755 filename
sets the owner’s permissions to read, write, and execute, while the group and others can read and execute. - Changing Ownership: The
chown
command changes the owner and group of a file or directory. For example,chown user:group filename
changes the ownership to “user” and the group to “group”.
Process Management
Processes are running instances of programs. Linux provides several commands to manage these processes:
ps
: Lists the currently running processes. Useps aux
to see a comprehensive list.top
: Displays an ongoing view of active processes, including information on CPU and memory usage. It’s like the task manager in Windows.kill
: Terminates a process. You need the process ID (PID) to use this command, which you can find usingps
.- Managing Services: Services are background processes started at boot or on demand. Use
systemctl
orservice
to manage these. For example,systemctl start servicename
starts a service, whilesystemctl stop servicename
stops it.
Linux Networking
Networking in Linux allows your system to communicate with other computers, servers, and internet-based applications. It’s the backbone that supports file transfers, web browsing, and email communications, among other things. If you’re not familiar with networking, we recommend checking-out our Networking Foundations page.
IP Addresses and Interfaces
Every device on a network has a unique IP address. In Linux, you can view your system’s IP address and network interfaces using commands like ip addr show
or the older ifconfig
(you might need to install net-tools
for ifconfig
).
Connecting to Networks
Linux makes it straightforward to connect to wired and wireless networks. Tools like nmcli
and nmtui
(NetworkManager) are invaluable for managing network connections through the command line or a text-based user interface, respectively.
Testing Network Connectivity
Tools such as ping
and traceroute
(or tracepath
) are your first line of defense in troubleshooting network issues. ping
lets you verify a connection to another network device, while traceroute
shows the path data packets take to reach their destination.
Package Management in Linux
Package Management involves installing, updating, and removing software packages. Linux distributions come with package managers that handle these tasks efficiently. Here are the basics:
Understanding Package Managers
Different Linux distributions use different package managers. For Debian-based distributions (like Ubuntu), apt
is the go-to tool. For Red Hat-based systems, yum
or its newer version, dnf
, is used. These managers simplify software management by handling dependencies and updates automatically.
Installing Software
To install software, you would use a command like sudo apt install package-name
on Ubuntu or sudo dnf install package-name
on Fedora. This command searches the distribution’s repositories for the package and installs it along with any required dependencies.
Updating and Removing Software
Keeping software up-to-date is crucial for security. Commands like sudo apt update && sudo apt upgrade
or sudo dnf update
will update all installed packages to their latest versions. To remove software, use sudo apt remove package-name
or sudo dnf remove package-name
.
Practice Makes Perfect
The best way to learn Linux is through practice:
- Set up a virtual lab environment using tools like VirtualBox or VMware.
- Start getting comfortable by navigating the command line.
- Experiment with connecting Linux virtual machines to different network configurations.
- Install, update, and remove various software packages to familiarize yourself with package management tasks.
Why Linux for Cybersecurity?
Linux is a preferred operating system for many cybersecurity professionals due to its numerous advantages that align well with the requirements and demands of the cybersecurity field.
Certifications
In our opinion the CompTIA Linux+ is a great certification to continue your journey into cybersecurity.
For those interested, I’ve included an affiliate link to purchase the book. Using this link not only gets you a great resource for your studies but also supports our blog at no additional cost to you:
Next Steps in Your Learning Journey
With these basics under your belt, you’re well on your way to deeper cybersecurity learning. Dive into our advanced topics and start applying your knowledge in practical scenarios. Check-out our Windows foundations page to learn about Windows or our coding foundations page to learn coding basics.
Remember, the field of cybersecurity is vast and ever-evolving. Stay curious, keep learning, and use SecureBitsBlog as your guide through the fascinating world of digital security.