Skip to main content

Notes from a Linux command line course

 Recently I took a course on Linux command line and shell scripting, below are the notes I took which I decided to write into a blog to refer to for future reference (there's no way I could remember all of this in a single sitting)

1. Kernel vs Shell

OS has 3 layers:
  1. Application layer - User apps, Daemons
  2. Shell - Command line interface.
  3. Kernel - Hardware management, memory management, I/O Handler, CPU, process management. Closest layer to the hardware
The kernel controls and mediates access to hardware, for example, it schedules and allocates system resources like memory, CPU, disk etc.
The shell works as an interface to access the services provided by the OS.

We can further breakdown the layers into the following:
  • User space - If you run a for loop etc, you are in user space. But when you want to perform an operation such as, write to the disk, for example, save a file, then it needs to talk to the kernel space. As the application can't directly talk to the hardware.
  • Kernel space - Processes and managers such as memory manager, network interface live in the kernel space. This space can directly speak to the hardware.
  • Hardware
Useful command to see the total time used in each space 'time'. For example, if we did 'time ifconfig lo'


2. Command line chaining

Run process in a background:
  • ping -c 5 8.8.8.8 & (if we don't add the count 5, the process will continue to run in the background until you kill the process ID)
Run multiple commands but wait till the previous command finishes:
  • command1;command2 - mkdir delete; rm -r delete
See the command execution result:
  • echo $? - so if you did ping -c 1 google.com1 and then ran the command 'echo $?', it will return 2.
  • 0 = succesful, 1= general errors, 2= failure 
Run command if the previous command was succesful:
  • mkdir docs && cd docs
Run command if the previous command failed:
  • vim notes.txt || touch notes.txt
Group commands:
  • (cd docs) || (echo no folder docs && mkdir docs)
Pipe command :
  • | - send args from the previous command to the following command

3. System Hardware

Return hardware information:
  • lscpu
List range of available memory:
  • lsmem
List block devices:
  • lsblk
List drivers:
  • lsmod
CPU information:
  • lscpu
USB devuces:
  • lsusb
Dump a computer's DMI (Destktop Management Information - System Management BIOS, or SMBIOS) table contents:
  • dmidecode
Total up time:
  • uptime
Calender:
  • cal

4. Disk and File System Permissions

Path locations:
  • /usr/bin= user binary
  • /boot = kernel/boot load partions
  • /dev = devices
  • /etc = config files
  • /lib* = shared libariries
  • /media= usb devices etc
  • /opt = installing addtional programs
  • /proc = process IDs
  • /sys = stores some kernal stuff
  • /var = stores var logs
breakdown of a files permissions and data (ie ls -l):
  • suuugggwww user group size datetime filname
Sticky bit - Every user is able to make files in thatfolder but other users can't modify it (regardless of who owns the directory)
Setuid - Despite who can run the file, it will run as it's owner.

Symbiotic links - 'ln' command are like shortcuts in windows. Can delve further into this with information about inodes but that's be for another time.

421 = rwx

'dd' command can be used to backup files/filesystem.

5. Processes, Services and Performance management


ps -auxf [f] = see the child process, parent process etc
%cpu and %mem = time/time of execution

  • vsz = virtual mem usage = swap (disk space memory space) in KB
  • rss = pyshical memory (non swap memory)
  • tty = correspodning controlling terminal. ? = no tty or can't be querired
  • stat = state of every process (see man ps and search PROCESS STATE CODES to see what the acromyns mean)
  • time =  execution time
sort -k = sort by column
pgrep
top
pstree
kill -9 = if the process recv this signal - then kill it (check tutorials point on unix signals traps
htop
pkill = accepts the name of the app/binary to kill
lsof = list of files
pgrep firefox > get ID > go to /proc/ID to see all the files
so in /proc - you can see the CPU usage by catting the file

6. Managing Users and Groups

/etc/passwd columns:
username/passwordplaceholder/UID/GROUPID/desc/HOMEPATH/default shell

/etc/shadow - contains the hashes
USER/ALGORITH($6$)/SALT/HASHPART/TIMEDATE SINCE A DATE/SHOULD CHANGE?/EXPIRY(9999 MEANS NEVER)/WARNING TIME BEFORE PASSWORD EXPIRES (7 = DYAS)

/etc/group
USER/GROUPPASSWORD/GUID

sudo useradd
sudo adduser
sudo passwd hona = change hona password
sudo userdel

sudo groupadd
groups USERNAME

sudo usermod -a -G GROUP USER

sudo chage
sudo usermod
getfacl = get file access control lists
setfacl = set file access control lists

sudoers

w = what users are connected to us
who - same as w but less details
who -a

last - intersting to see user sessions
find / -user USERNAME -CTIME +1 -CTIME -5 2>/DEV/NULL = find  files modified by user sin the last 5 days
lastb

7. Networking

iproute2 replaces net tools
ip
ip -s
mtu = maximum transmission unit
qlen = queue length

netplan
.yaml
netplan apply

ip r = seeing routing table  = whoever wants to talk to DEST then go through HERE (format)
previously =route - ip routing table

ip r get IP  - see the default gateway to the IP
ip r add IP dev DEV
to remove - same above but change add to del
ip nei - ip neighbough
traceroute =trace route that a packet has taken from HOST to DEST
traceroute -T -p 80 HOSTNAME - to trace to a port

dig = help for dns querying
dig @8.8.8.8 DOMAIN

host
host IP = get the domain for an IP

ieft

sudo ufw allow 22 - open port 22
sudo ufw status

key based auth
ssh-copy-id
putty

run commands via ssh - ssh username@IP 'COMMAND'
proxychains
port forwarding - ie- sudo ssh username@IP -L IP:PORT:IP:PORT -N -C = send from the first ip/port to ip/port

rsync - sync folder 1 with 2

iptables is an interface for netfilter - by linux kernal

iptables
sudo iptables -L
change packet properties
Change TTL
uncomplicated firewall
logs = sudo tail -f /var/log/ufw.log
sudo ufw deny from IP

systemd-resolve -h

8. Deep System Visibility

sysdig installation

Comments

Popular posts from this blog

Malware Analysis: Dissecting a Golang Botnet - Part 1

Introduction In this post, I walk through the process of analyzing a Golang-based botnet sample — specifically a variant of FritzFrog , a peer-to-peer (P2P) botnet known for brute-forcing SSH servers and spreading laterally across networks. The goal here is to share my steps, tools, and insights while preparing for a cybersecurity analyst role.  🐸 1. Downloading the Malware Sample I began by grabbing the malware sample from Da2dalus’ excellent GitHub repository of real-world malware: URL: FritzFrog Sample on GitHub To fetch the raw binary into my WSL environment, I used: wget -O botnet_malware_IM https://github.com/Da2dalus/The-MALWARE-Repo/raw/refs/heads/master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859 📤 2. Transferring the Malware to the Flare VM (Windows) My analysis environment was running inside a Windows VM using FLARE VM . Since the malware was downloaded via WSL, I needed a way to securely transfer it to the Windows VM. First, ...

Building my own write blocker

  Spoiler — It’s cheaper than buying one I was looking to buy a write blocker to do data recovery/forensics tasks but I quickly noticed that I was window shopping write blockers due to their cost. Some starting at £300, others that cost less were no longer being built or sold, maybe you could find a 2nd hand one with or without the wires. Most of these write blockers were industry standard, used by law enforcement but was it necessary for me to buy such an expensive write blocker….or is it possible to build my own….. So th e  research began, reading through articles, publications, and so on, and with the information gained, I felt that I could build my own write blocker. So what do I need: A Raspberry Pi A Linux distro. HDD/SSD to test the write blocker And to put the information I gained into practice Building the write blocker So, I brought a Raspberry Pi 4 Model B that came with a power supply, HDMI cables, 32GB SD card, a case, and some extras. ( https://www.okdo.com/c/pi-...