Getting Started with Linux

2
 Key Features of Linux
• Everything in the filesystem is a file, including
directories
– Each file has an inode data structure with the information
about the file
• root is the super user of the system
– This name can be changed, but it is not recommended
• Multi-user
– Allows for multiple users to log in at the same time
• Command line is case sensitive

3
 The Linux Kernel
• Core of the Linux operating system
• Loaded into RAM when the system loads
• Linux kernel uses modules to help with efficiency
– Modules can be linked and unlinked at runtime
• Execution states
– User Mode - no access to kernel data structures or programs
– Kernel Mode
• Kernel Handles
– Process management
• Forking off new processes
– Memory allocation
– Interact with I/O devices via device drivers

4
 Kernel Versioning
• Old versioning system (2.X.X)
– The “2” series was around from 1996 until mid 2011
– Second digit represents the type of build
• Even number was for stable builds (2.2, 2.4, 2.6)
• Odd number was for development builds (2.1, 2.3, 2.5)
– Third digit represents the patch level
• Versioning after 2.6.8 (2.6.X-X)
– Added a fourth digit to mark bug fixes and patches
– Third digit became major release
• Versioning after 3.0 (3.X.X)
– Back to the original style, without the development builds

5
 Linux Distribution
• A distribution is a collection of applications and
features packaged together
– Some fit on a disk as small as a floppy (back when we had
those)
– Others are LiveCDs which provide a bootable CD that does not
need to be loaded to the HDD to run
• There are hundreds of different distributions of Linux
• http://www.distrowatch.com
– Monitors the number of downloads per day of all the popular
Linux distributions

6
 Different Linux Distributions
• Ubuntu
– Popular desktop and server release
• Backtrack / Kali
– Used by pentesters and other security professionals
– Backtrack is based on Ubuntu; Kali is based on Debian 7
• Red Hat
– Very popular server version of the OS
– Company provides excellent support and training
• CentOS
– Based on Red Hat without the trademarks
• Fedora
– Development branch for Red Hat
– Also includes a desktop version

7
 Graphical Interfaces
• KDE
– Similar to Windows with a “Start” like button at the bottom
left
• Gnome
– Similar to Mac with a top bar and a bottom bar with the
running applications
• Unity
– Similar to Mac with the application icons on the left instead of
the bottom and a top bar
• Enlightenment
– Lightweight UI based almost entirely on the mouse
• Many more…

8
The Basics

9
 Starting off
• To bring up the GUI from the command line interface
type startx
• In the GUI, to open a terminal window
– Fedora = Applications -> System Tools -> Terminal
– Kali = Applications -> Accessories -> Terminal
– Right click desktop -> Open [in] Terminal
• The CLI prompt ($PS1)
– Fedora = [username@hostname directory]: $
– Kali = username@hostname:directory #
• The <TAB> key is used to auto-complete both
commands and file/directory names
– If no completion occurs, hit <TAB> again to get a list of
possibilities

10
 Getting Help
• Most commands use either -h or --help switch, which
will display the usage for that particular command
• man and info commands for addition help
• apropos and whatis commands for finding commands
to use

11
 The info Command
Description:
Provides information about a particular command.

Usage:
info COMMAND

Examples:
info ls
info file
Additional Info:
This will open up the info file in a pager for easier navigation. In order to get out of
the file press q. Using “/string” will search for the string within the text of the
document. The string can also be a regular expression.

12
 The man Command
Description:
This command provides a simple way of looking at documentation for anything from
commands to files.
Usage:
man [section] FILE|COMMAND

Examples:
man ls
man 5 shadow
Additional Info:
There are 9 different sections: 5 - File Formats
1 - User commands 6 - Games
2 - System Calls 7 - Miscellaneous
3 - Subroutines 8 - System Administration
4 - Devices n - new

13
 The whatis Command
Description:
Searches the whatis database for complete words in the command column.

Usage:
whatis STRING

Examples:
whatis who
whatis dig
Additional Info:
Run mandb to refresh the database.

14
 The apropos Command
Description:
Searches the whatis database for strings in both the command and description
columns.
Usage:
apropos STRING

Examples:
apropos dns
apropos hostname
Additional Info:
Run mandb to refresh the database.

15
 The which Command
Description:
Searches the user’s path for the command, providing the location of the binary.

Usage:
which STRING

Examples:
which ls
which java
Additional Info:
This command is used to find which executable binary will be used when a
command is run. There could be multiple instances of the binary in the PATH,
but the first instance will be used. This can help with troubleshooting a
command not working properly. On some distributions the aliases are also
searched.

16
 The su Command
Description:
Switches the current user.

Usage:
su [USERNAME]

Examples:
su -
su apache
Additional Info:
To switch back to the previous user use exit.
It is also important to note that the user’s environment information is not set unless
the ‘-’ is used with the command. The ‘-’ will cause a login event to occur which
will run the appropriate scripts to setup the environment for the new user.

17
 The sudo Command
Description:
Run a single command as another user.

Usage:
sudo [OPTIONS] COMMAND

Examples:
sudo ifup eth0
sudo -u apache service httpd start
Additional Info:
A user needs to be in the sudoers group to be able to run commands as the root
user. This information is located in the /etc/sudoers file. The most common
groups are listed below:
Red Hat family = wheel
Debian = admin / adm / sudoers

18
Navigation

19
 Navigation
• Relative paths - the file or directory is relative to the
current working directory
– A single . (dot) represents the current working directory
• Often used with running a binary or script in the directory
– ./myawesomescript
– .. (dot dot) represents the parent directory
• The parent directory of root (/) is itself
• ../../../var/www/html
• Absolute paths - path starting at the root directory of
the file system
– / is the root directory of the file system
• /var/www/html

20
 The cd Command
Description:
Used to change the working directory.

Usage:
cd [OPTIONS] [DIRECTORY]

Examples:
cd /home/user cd ~
cd - (navigates to last directory cd
Additional Info:
This command will start in the current directory unless an absolute path is used.
The output of this command is just changing the current working directory of the
current process. /proc/$$/cwd

21
 The pwd Command
Description:
Displays the current working directory.

Usage:
pwd [OPTION]

Examples:
pwd

Additional Info:
This command is useful to help determine where you are in the file system.
Just displays the contents of /proc/$$/cwd

22
 The ls Command
Description:
This command is used to list the contents of a directory. If the directory is not
specified it will display the contents of the current directory
Usage:
ls [OPTIONS] [DIRECTORY]

Examples:
ls -al /home ls -haltr /var/logs
ls -hal
Additional Info:
-l = long list format, displaying additional information about the files and directories
-a = displays all files; including hidden files
-h = displays the file size in human readable format
-I = displays the inode number along with the filename
-t = Orders the results by timestamp
-r = Reverses the sorted order

23
 “Hidden” Files
• Any file that begins with a . (dot) is considered to be
hidden
• In order to view these “hidden” files use the -a (all)
option with ls

24
 Long List Format Breakdown
• Results of an ‘ls -l /home/user/test’
-rwxr-xr-x. 3 user user 156 Oct 2 15:14 file1
Item Desription
- Type of file (- = standard file; d = directory)
rwxr-xr-x. Permissions (Owner, Group, Others)
3 Number of Hard links to file
user Owner of the file
user Group ownership of the file
156 File size
Oct 2 15:14 Last Modify time of the file
file1 Filename

25
 File Types

File Type Represented by

Regular File -
Directory d
Block file b
Character Device File c
Symbolic Link l
Socket s
Named pipe file p

26
 Viewing File Contents
• Full Contents
– cat = dumps the entire file
– more = displays the file one screen buffer at a time;
interactive
– less = displays the file in a configurable reader; interactive
• Partial Contents
– tail = displays the end of the file
– head = displays the beginning of the file

27
 The cat Command
Description:
Dumps the contents of the file to STDOUT. Can be used to concatenate 2 or more
files together.
Usage:
cat [OPTIONS] [FILENAME]

Examples:
cat /home/mark/Documents/myfile
cat -n /etc/init.d/httpd
Additional Info:
-n = displays the file with line numbers

Most commonly used to dump a single file to the screen for reading.

28
 The more Command
Description:
Pager that displays the contents of the file one screen buffer at a time (the size of
the current terminal window). Requires an interactive connection.
Usage:
more [OPTIONS] [FILENAME]

Examples:
more /home/mark/Documents/myfile
more /etc/init.d/httpd
Additional Info:
This pager can only navigate down the file, there is no ability to go back after a
section has been passed.
Distributions differ in the binary used for more, some use the space bar to advance
the screen, others use the <enter> key.
Use q to exit the pager.

29
 The less Command
Description:
A pager that displays the contents of the file in a configurable viewer. Requires an
interactive connection.
Usage:
less [OPTIONS] [FILENAME]

Examples:
less /home/mark/Documents/myfile
less /etc/init.d/httpd
Additional Info:
Similar to more, except the pager allows you to go back up the file.
Use q to exit the pager.

30
 The tail Command
Description:
Displays the last 10 lines of the file or STDIN.

Usage:
tail [OPTIONS] [FILENAME]

Examples:
tail -n 25 /var/log/messages tail -20 /var/log/apache/access.log
tail -f /var/log/auth.log
Additional Info:
-f is very useful for system administrators. This allows for active monitoring of the
log files. Monitors the file for changes and keeps piping the results to STDOUT.

31
 The head Command
Description:
Displays the first 10 lines of a file or STDIN.

Usage:
head [OPTIONS] [FILENAME]

Examples:
head -25 /var/log/apache/access.log
head /var/log/dmesg
Additional Info:
-n = The number of lines to display

32
Startup

33
 Boot Process
• BIOS
– Detects peripherals
– Select boot device and executes boot sector
• Bootloader like GRUB
– Select the OS to run with the options
• Kernel Initialization
– Driver initialization
– Mounts the filesystem, checks it and remounts
– Activates udev, selinux and other virtual drives
– Sets Kernel parameters
– Sets the system clock
– Enables swap partition

34
 Boot process continued
• Kernel Initialization (continued)
– Sets hostname
– Activates RAID
– Enables disk quotas
– Checks and remounts other filesystems
– Cleans stale locks and PID files
– Kick of Init process
• Init Daemon
– Locates default run level in /etc/inittab file

35
 Kernel Parameters
• Options used by the kernel when loading (can also be
set for the current session)
• The /etc/sysctl.conf file is used to store the kernel
parameters
– For example the way the system handles packet forwarding
– In order to set kernel parameters permanently you need to
edit this file, adding a line for each parameter, and reboot
• To change the parameters for the current session
– Use the sysctl command
– Echo the variable into the /proc/sys directory

36
 The sysctl Command
Description:
Updates kernel parameters for the current session.

Usage:
sysctl [OPTIONS] [VARIABLES]

Examples:
sysctl -A
sysctl -w net.ipv4.tcp_window_scaling=0
Additional Info:
If /proc is available you could also try the following

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

37
 Run Levels
• There are 6 run levels in Linux
– 0 = Halt
– 1 = Single User mode (root)
– 2 = Multiuser mode without NFS
– 3 = Full Multiuser mode
– 5 = X11 (Run level 3 plus graphical interface)
– 6 = Restart
• Use init command to change run level
• The default run level is located in /etc/inittab under
the “initdefault” action
– id:5:initdefault:
• Use “who -r” to find the current run level

38
 Init Daemon
• Initializes the system
• Based on the run level it runs different scripts at boot
– /etc/[rc.d/]rc.sysinit
– /etc/[rc.d/]rc
– /etc/[rc.d/]rc[run level].d
– /etc/[rc.d/]rc.local
• Custom scripts can be created and placed in
/etc/[rc.d/]init.d
– A symbolic link is place in each of the run level folders it
should start
• Once the system is up and running init becomes PID 1
– It is the main process in the system
– It will become the parent process of all the other daemons

39
 The init Command
Description:
Changes the current run level of the system, executing the scripts associated with it.

Usage:
init RUN_LEVEL

Examples:
init 0 (shutdown)
init 6 (restart)
Additional Info:
telinit can also be used to change the run level, it provides a few additional options

40
 The chkconfig Command
Description:
This command is used to determine what services are started during each of the
different run level initializations.
Usage:
chkconfig [OPTIONS] [LEVELS] [SERVICE NAME] {ON|OFF}

Examples:
chkconfig --list httpd
chkconfig --level 5 sshd on
Additional Info:
--add can be used to add new processes to the list
--del can be used to remove a process

41
 Managing Services
• To start a service that is not currently running
– /etc/init.d/servicename start
– service servicename start
• To stop a service use the above with stop
• restart will stop and then start the service again
– This is useful when you change something in the configuration
of the service
• To see the status of services use
– service --status-all

42
 systemd - The New Init
• A new way of booting the system that no longer relies
on scripts in the /etc/init.d directory
– Startup scripts are all replaced by C code that starts common
processes on the system
• Boot times are extremely fast
– Processes are booted in parallel to decrease boot time
– This is possible after sockets are created for devices like
/dev/log
• Released with Fedora 15 and up

43
 systemd - Continued
• Ubuntu has not adopted this because it requires the
use of control groups
– Limit, account for and isolate resource usage (Processor,
memory, I/O) of process groups
– Allows for tracking of processes instead of PIDs
– Originally designed/developed by Google
• Configuration directory is /etc/systemd
– System.conf is the primary configuration file
– System directory is just links to the /lib/systemd directory

44
 The systemctl Command
Description:
This command is used to manage systemd and all the services started / controlled
by systemd.
Usage:
systemctl [OPTIONS] [COMMAND] {NAME}

Examples:
systemctl
systemctl restart crond.service
Additional Info:
restart will stop and start the services passed
reload will ask the service to reload their configuration file
enable will enable the service for next bootup
Boolean commands such as is-active or is-enabled are available for use

45