BAB 1

Operating Systems
is responsible for making the computer run as efficiently as possible while also making it easy
to use. The OS handles resource and memory management to ensure the limited capacity of
the computer system is used where it is needed most.

Hardware
physical components of a computer.

Application and Hardware Communication

User Application OS Hardware

Applications send requests to the operating system, and the operating system directs those
requests to the hardware. The hardware also sends information back to the operating system,
and the operating system sends it back to applications.

Basic Input/Output System (BIOS)

Booting the computer means that a special microchip called a BIOS is activated. On many
computers built after 2007, the chip was replaced by the Unified Extensible Firmware
Interface (UEFI). Both BIOS and UEFI contain booting instructions that are responsible for
loading a special program called the bootloader. Then, the bootloader is responsible for
starting the operating system. Vulnerabilities can occur in something like a booting process.
Often, the BIOS is not scanned by the antivirus software, so it can be vulnerable to malware
infection

Virtual Machine (VM)

is a virtual version of a physical computer. Virtual machines are one example of virtualization.
Virtualization is the process of using software to create virtual representations of various
physical machines. Virtual systems don’t use dedicated physical hardware. Instead, they use
software-defined versions of the physical hardware. This means that a single virtual machine
has a virtual CPU, virtual storage, and other virtual hardware. Virtual systems are just code.
You can run multiple virtual machines using the physical hardware of a single computer. This
involves dividing the resources of the host computer to be shared across all physical and virtual
components. For example, Random Access Memory (RAM) is a hardware component used for
short-term memory. If a computer has 16GB of RAM, it can host three virtual machines so that
the physical computer and virtual machines each have 4GB of RAM. Also, each of these virtual
machines would have their own operating system and function similarly to a typical computer.
Benefits of VM:
• Security - can provide an isolated environment, or a sandbox, on the physical host
machine. When a computer has multiple virtual machines, these virtual machines are
“guests” of the computer. Specifically, they are isolated from the host computer and
other guest virtual machines. This provides a layer of security, because virtual machines
can be kept separate from the other systems. For example, if an individual virtual
machine becomes infected with malware, it can be dealt with more securely because
it’s isolated from the other machines. A security professional could also intentionally
place malware on a virtual machine to examine it in a more secure environment.
• Efficiency - efficient and convenient way to perform security tasks. You can open
multiple virtual machines at once and switch easily between them. This allows you to
streamline security tasks, such as testing and exploring various applications. You can
compare the efficiency of a virtual machine to a city bus. A single city bus has a lot of
room and is an efficient way to transport many people simultaneously. If city buses
didn’t exist, then everyone on the bus would have to drive their own cars. This uses
more gas, cars, and other resources than riding the city bus. Similar to how many people
can ride one bus, many virtual machines can be hosted on the same physical machine.
That way, separate physical machines aren't needed to perform certain tasks.

Hypervisor
Virtual machines can be managed with a software called a hypervisor. Hypervisors help users
manage multiple virtual machines and connect the virtual and physical hardware. Hypervisors
also help with allocating the shared resources of the physical host machine to one or more
virtual machines. One hypervisor that is useful for you to be familiar with is the Kernel-based
Virtual Machine (KVM). KVM is an open-source hypervisor that is supported by most major
Linux distributions. It is built into the Linux kernel, which means it can be used to create virtual
machines on any machine running a Linux operating system without the need for additional
software.

User Interface
Is a program that allows a user to control the functions of the operating system.
There is 2 interface on OS:
• Graphical User Interface (GUI) is a user interface that uses icons on the screen to
manage different tasks on the computer. Most operating systems can be used with a
graphical user interface. Most GUIs include these components:
o Start menu with program groups
o Task bar for launching programs
o Desktop with icons and shortcuts
All these components help you communicate with the OS to execute tasks. In addition
to clicking on icons, when you use a GUI, you can also search for files or applications
from the start menu. You just have to remember the icon or name of the program to
activate an application.
• Command-Line Interface (CLI) is a text-based user interface that uses commands to
interact with the computer. These commands communicate with the operating system
and execute tasks like opening programs. The command-line interface is a much
different structure than the graphical user interface. When you use the CLI, you'll
immediately notice a difference. There are no icons or graphics on the screen. The
command-line interface looks similar to lines of code using certain text languages. A
CLI is more flexible and more powerful than a GUI. Think about using a CLI like
creating whatever meal you'd like from ingredients bought at a grocery store. This gives
you a lot of control and customization about what you're going to eat.
In comparison, using a GUI is more like ordering food from a restaurant. You can only order
what's on the menu. If you want both a noodle dish and pizza, but the first restaurant you go to
only has pizza, you'll have to go to another restaurant to order the noodles. With a graphical
user interface, you must do one task at a time. But the command-line interface allows for
customization, which lets you complete multiple tasks simultaneously.
GUIs and CLIs are two types of user interfaces that security analysts should be familiar with.
There are multiple differences between a GUI and a CLI, including their displays and how they
function. When working in cybersecurity, a CLI is often preferred over a GUI because it can
handle multiple tasks simultaneously and it includes a history file.
BAB 2

Linux
Is an open source OS that has been license by GNU Public License.
As a security analyst, you'll use many tools and programs in everyday work:
• Examining different types of logs to identify what's going on in the system. For
example, you might find yourself looking at an error log when investigating an issue.
• Verify access and authorization in an identity and access management system. In
security, managing access is key in order to ensure a secure system.
• Specific distributions designed for a particular task. For example, you might use a
distribution that has a digital forensic tool to investigate what happened in an event
alert. You might also use a distribution that's for pen testing in offensive security to
look for vulnerabilities in the system. Distributions are created to fit the needs of their
users.
The components of Linux include:
• User - Is the person interacting with the computer. In Linux, you're the first element to
the architecture of the operating system. You're initiating the tasks or commands that
the OS is going to execute. Linux is a multi-user system. This means that more than
one user can use the system's resources at the same time.
• Applications - Is a program that performs a specific task, such as a word processor or
a calculator. You might hear the word "applications" and "programs" used
interchangeably. As an example, one popular Linux application that we'll learn more
about later is Nano. Nano is a text editor. This simple application helps you keep notes
on the screen. Linux applications are commonly distributed through package managers.
• The Shell - This is an important element because it is how you will communicate with
the system. The shell is a command line interpreter. It processes commands and outputs
the results. This might sound familiar. Previously, we learned about the two types of
user interfaces: the GUI and the CLI. You can think of the shell as a CLI.
• Filesystem Hierarchy Standard (FHS) - The component of the Linux OS that
organizes data. An easy way for you to think about the FHS is to think about it as a
filing cabinet of data. The FHS is how data is stored in a system. It's a way to organize
data so that it can be found when the data is accessed by the system.
• Kernel - Is a component of the Linux OS that manages processes and memory. The
kernel communicates with the hardware to execute the commands sent by the shell. The
kernel uses drivers to enable applications to execute tasks. The Linux kernel helps
ensure that the system allocates resources more efficiently and makes the system work
faster.
• Hardware - Refers to the physical components of a computer. You can compare this
to software applications which can be downloaded into a system. The hardware in your
computer are things like the CPU, mouse, and keyboard.
Hardware is categorized as either peripheral or internal:
o Peripheral devices are hardware components that are attached and controlled
by the computer system. They are not core components needed to run the
computer system. Peripheral devices can be added or removed freely. Examples
of peripheral devices include monitors, printers, the keyboard, and the mouse.
o Internal Hardware are the components required to run the computer. Internal
hardware includes a main circuit board and all components attached to it. This
main circuit board is also called the motherboard. Internal hardware includes
the following:
§ The Central Processing Unit (CPU) is a computer’s main processor,
which is used to perform general computing tasks on a computer. The
CPU executes the instructions provided by programs, which enables
these programs to run.
§ Random Access Memory (RAM) is a hardware component used for
short-term memory. It’s where data is stored temporarily as you perform
tasks on your computer. For example, if you’re writing a report on your
computer, the data needed for this is stored in RAM. After you’ve
finished writing the report and closed down that program, this data is
deleted from RAM. Information in RAM cannot be accessed once the
computer has been turned off. The CPU takes the data from RAM to run
programs.
§ The Hard Drive is a hardware component used for long-term memory.
It’s where programs and files are stored for the computer to access later.
Information on the hard drive can be accessed even after a computer has
been turned off and on again. A computer can have multiple hard drives.
Distributions
Linux is a very customizable operating system. Unlike other operating systems, there are
different versions available for you to use. These different versions of Linux are called
distributions. You might also hear them called distros or flavors of Linux. Linux kernel is open
source, anyone can take the kernel and modify it to build a new distribution. Different
distributions are used for different reasons. Different Linux distributions contain different
preinstalled programs, user interfaces, and much more. A lot of this is based on what the Linux
user needs, but some distros are also chosen based on preference. The advantage of using Linux
as an OS is that you can customize it. Distributions include the Linux kernel, utilities, a package
management system, and an installer. We learned earlier that Linux is open source, and anyone
can contribute to adding to the source code. That is how new distributions are created.
Parent Distributions:
• Red Hat® is the parent of CentOS
• Slackware® is the parent of SUSE®
• Both Ubuntu and KALI LINUX™ are derived from Debian
Linux distribution:
• Ubuntu is an open-source, user-friendly distribution that is widely used in security and
other industries. It has both a command-line interface (CLI) and a graphical user
interface (GUI). Ubuntu is also Debian-derived and includes common applications by
default. Users can also download many more applications from a package manager,
including security-focused tools. Because of its wide use, Ubuntu has an especially
large number of community resources to support users.
• Parrot is an open-source distribution that is commonly used for security. Similar to
KALI LINUX ™, Parrot comes with pre-installed tools related to penetration testing
and digital forensics. Like both KALI LINUX ™ and Ubuntu, it is based on Debian.
Parrot is also considered to be a user-friendly Linux distribution. This is because it has
a GUI that many find easy to navigate. This is in addition to Parrot’s CLI.
• Red Hat Enterprise Linux is a subscription-based distribution of Linux built for
enterprise use. Red Hat is not free, which is a major difference from the previously
mentioned distributions. Because it’s built and supported for enterprise use, Red Hat
also offers a dedicated support team for customers to call about issues.
• CentOS is an open-source distribution that is closely related to Red Hat. It uses source
code published by Red Hat to provide a similar platform. However, CentOS does not
 offer the same enterprise support that Red Hat provides and is supported through the
community.

KALI LINUX
is a trademark of Offensive Security and is Debian derived. This open-source distro was made
specifically with penetration testing and digital forensics in mind. There are many tools pre-
installed into KALI LINUX™. It's important to note that KALI LINUX™ should be used on
a virtual machine. This prevents damage to your system in the event its tools are used
improperly. An additional benefit is that using a virtual machine gives you the ability to revert
to a previous state.
KALI LINUX™ has numerous tools that are useful during penetration testing:
• Metasploit can be used to look for and exploit vulnerabilities on machines.
• Burp Suite is another tool that helps to test for weaknesses in web applications.
• John the Ripper is a tool used to guess passwords. As a security analyst, your work
might involve digital forensics
KALI LINUX™ is also a useful distribution for security professionals who are involved in
digital forensic work:
• tcpdump is a command-line packet analyzer. It's used to capture network traffic.
• Wireshark. It has a graphical user interface that can be used to analyze live and
captured network traffic.
• Autopsy is a forensic tool used to analyze hard drives and smartphones

Penetration Test (Pen Test)

is a simulated attack that helps identify vulnerabilities in systems, networks, websites,
applications, and processes.

Digital forensics
is the process of collecting and analyzing data to determine what has happened after an attack.
Package
is a piece of software that can be combined with other packages to form an application.
Packages can be managed using a package manager. There are multiple package managers and
package management tools for different Linux distributions. Package management tools allow
users to easily work with packages through the shell.
• Debian-derived Linux distributions use package managers like dpkg as well as
package management tools like Advanced Package Tool (APT).
• Red Hat-derived distributions use the Red Hat Package Manager (RPM) or tools like
Yellowdog Updater Modified (YUM).

Packet Manager
is a tool that helps users install, manage, and remove packages or applications. Linux uses
multiple package managers.

Qwiklabs CLI Shortcuts

The Shell
is the command-line interpreter. That means it helps you communicate with the operating
system through the command line The shell provides the command-line interface for you to
interact with the OS. To tell the OS what to do, you enter commands into this interface. A
command is an instruction telling the computer to do something. The shell communicates with
the kernel to execute these commands. It allows you to combine these operations and connect
applications to each other to perform complex and automated tasks.
The many different types of Linux shells include the following:
• Bourne-Again Shell (bash)
• C Shell (csh)
• Korn Shell (ksh)
• Enhanced C shell (tcsh)
• Z Shell (zsh)
All Linux shells use common Linux commands, but they can differ in other features. For
example, ksh and bash use the dollar sign ($) to indicate where users type in their commands.
Other shells, such as zsh, use the percent sign (%) for this purpose.

Bourne-Again Shell (Bash)

is the default shell in most Linux distributions. It’s considered a user-friendly shell. You can
use bash for basic Linux commands as well as larger projects. Bash is also the most popular
shell in the cybersecurity profession. You’ll use bash throughout this course as you learn and
practice Linux commands.
Input and Output on The Shell
• Standard Input consists of information received by the OS via the command line. The
information is input from your keyboard to the shell. If the shell can interpret your
request, it asks the kernel for the resources it needs to execute the related task.

• Echo a Linux command that outputs a specified string of text

• String Data is data consisting of an ordered sequence of characters.
• Standard Output is the information returned by the OS through the shell. Output is a
computer's response to the command you input. Output is what you receive.
• Standard Error contains error messages returned by the OS through the shell. Just like
your friend might indicate that they can't answer a question, the system responds with
an error message if they can't respond to your command. Sometimes this might occur
when we misspell a command or the system doesn't know the response to the command.
Other times, it might happen because we don't have the appropriate permissions to
perform a command.
BAB 3

Security Analyst Job with Linux

• Work with server logs and you'll need to know how to navigate
• Manage and analyze files remotely without a graphical user interface
• Verify and configure users and group access
• Give authorization and set file permissions
That means that developing skills with the command line is essential for your work as a security
analyst.

Bash
is the default shell in most Linux distributions. For the most part, the key Linux commands that
you'll be learning in this section are the same across shells. communicating with your OS is
like a conversation. You type in commands, and the OS responds with an answer to your
command

Command
is an instruction telling the computer to do something. We'll try out a command in Bash. Notice
a dollar sign before the cursor. This is your prompt to enter a new command. Some commands
might tell the computer to find something like a specific file. Others might tell it to launch a
program. Or, it might be to output a specific string of text.
Key commands for navigating the file system The following Linux commands can be used to
navigate the file system:
• pwd: command prints the working directory to the screen. Or in other words, it returns
the directory that you’re currently in. The output gives you the absolute path to this
directory. For example, if you’re in your home directory and your username is analyst,
entering pwd returns /home/analyst.
• whoami: command. The whoami command returns the username of the current user.
For example, if your username is analyst, entering whoami returns analyst.
 • ls: The ls command displays the names of the files and directories in the current working
directory. For example, in the video, ls returned directories such as logs, and a file
called updates.txt.
• cd: The cd command navigates between directories. When you need to change
directories, you should use this command. To navigate to a subdirectory of the current
directory, you can add an argument after cd with the subdirectory name. For example,
if you’re in the /home/analyst directory and want to navigate to its projects subdirectory,
you can enter cd projects. You can use the relative file path and enter cd .. to go up one
level in the file structure
Common commands for reading file content The following Linux commands are useful for
reading file content:
• cat: The cat command displays the content of a file. For example, entering cat
updates.txt returns everything in the updates.txt file.
• head: The head command displays just the beginning of a file, by default 10 lines. The
head command can be useful when you want to know the basic contents of a file but
don’t need the full contents. Entering head updates.txt returns only the first 10 lines of
the updates.txt file.
If you want to change the number of lines returned by head, you can specify the number
of lines by including -n. For example, if you only want to display the first five lines of
the updates.txt file, enter head -n 5 updates.txt.
• tail: The tail command does the opposite of head. This command can be used to display
just the end of a file, by default 10 lines. Entering tail updates.txt returns only the last
10 lines of the updates.txt file. You can use tail to read the most recent information in
a log file.
• less: The less command returns the content of a file one page at a time. For example,
entering less updates.txt changes the terminal window to display the contents of
updates.txt one page at a time. This allows you to easily move forward and backward
through the content. Once you’ve accessed your content with the less command, you
can use several keyboard controls to move through the file:
o Space bar: Move forward one page
o b: Move back one page
o Down arrow: Move forward one line
o Up arrow: Move back one line
 o q: Quit and return to the previous terminal window

Argument (Linux)
is specific information needed by a command. Some commands take multiple arguments.
Arguments can provide other types of information as well. One thing that is really important
in Linux is that all commands and arguments are case sensitive. This includes file and directory
names.

The Filesystem Hierarchy Standard (FHS)

is the component of the Linux OS that organizes data. This file system is a very important part
of Linux because everything we do in Linux is considered a file somewhere in the system's
directory. The FHS is a hierarchical system, and just like with a tree, everything grows and
branches out from the root.
Standard FHS directories directly below the root directory. Here are a few examples of what
standard directories contain:
• /home: Each user in the system gets their own home directory.
• /bin: This directory stands for “binary” and contains binary files and other executables.
Executables are files that contain a series of commands a computer needs to follow to
run programs and perform other functions.
• /etc: This directory stores the system’s configuration files.
• /tmp: This directory stores many temporary files. The /tmp directory is commonly used
by attackers because anyone in the system can modify data in these files.
• /mnt: This directory stands for “mount” and stores media, such as USB drives and hard
drives.
• man hier: command to learn more about the FHS and its standard directories.

Root Directory
is the highest-level directory in Linux. It's designated by a single slash. Subdirectories branch
off from the root directory. The subdirectories branch out further and further away from the
root directory. When describing the directory structure in Linux, slashes are used when tracing
back through these branches to the root. An absolute file path is the full file path that starts
from the root, and a relative file path is a shorter file path that starts from the current directory.
Filtering Commands
• grep: command searches a specified file and returns all lines in the file containing a
specified string. The grep command commonly takes two arguments: a specific string
to search for and a specific file to search through. For example, entering grep OS
updates.txt returns all lines containing OS in the updates.txt file. In this example, OS is
the specific string to search for, and updates.txt is the specific file to search through.
• Piping pipe command is accessed using the pipe character (|). Piping sends the standard
output of one command as standard input to another command for further processing.
As a reminder, standard output is information returned by the OS through the shell, and
standard input is information received by the OS via the command line. When used
with grep, the pipe can help you find directories and files containing a specific word in
their names. For example, ls /home/analyst/reports | grep users returns the file and
directory names in the reports directory that contain users. Before the pipe, ls indicates
to list the names of the files and directories in reports. Then, it sends this output to the
command after the pipe. In this case, grep users returns all of the file or directory names
containing users from the input it received.
• find: command searches for directories and files that meet specified criteria. There’s a
wide range of criteria that can be specified with find. For example, you can search for
files and directories that:
o Contain a specific string in the name
o Are a certain file size
o Were last modified within a certain time frame.
When using find, the first argument after find indicates where to start searching. For
example, entering find /home/analyst/projects searches for everything starting at the
projects directory. Specifying criteria involves options. Options modify the behavior of
a command and commonly begin with a hyphen (-).
o find -name and -iname find file or directory names that contain a specific
string. The specific string you’re searching for must be entered in quotes after
the -name or -iname options. The difference between these two options is that -
name is case-sensitive, and -iname is not.
o find -mtime find files or directories last modified within a certain time frame.
The -mtime option can be used for this search. For example, entering find
 /home/analyst/projects -mtime -3 returns all files and directories in the projects
directory that have been modified within the past three days.
o Find -mmin returns all files and directories in the projects directory that have
been modified within minutes ago

Asterisk (*)
is used as a wildcard to represent zero or more unknown characters.

Directories
help organize files and subdirectories. For example, within a directory for reports, an analyst
may need to create two subdirectories: one for drafts and one for final reports.

Create and Modifying Directories

• mkdir command creates a new directory. Like all of the commands presented in this
reading, you can either provide the new directory as the absolute file path, which starts
from the root, or as a relative file path, which starts from your current directory. or
example, if you want to create a new directory called network in your
/home/analyst/logs directory you can enter mkdir /home/analyst/logs/network to create
this new directory. If you’re already in the /home/analyst/logs directory, you can also
create this new directory by entering mkdir network.
• rmdir command removes, or deletes, a directory. For example, entering rmdir
/home/analyst/logs/network would remove this empty directory from the file system.
• touch command creates a new file. This file won’t have any content inside. If your
current directory is /home/analyst/reports entering touch permissions.txt creates a new
file in the reports subdirectory called permissions.txt.
• rm command remove a file. If your current directory is /home/analyst/reports entering
rm permissions.txt removing a file in the reports subdirectory called permissions.txt
• mv command moves a file or directory to a new location. To move permissions.txt into
the logs subdirectory, enter mv permissions.txt /home/analyst/logs. Moving a file
removes the file from its original location
• cp command copies a file or directory into a new location. To copy permissions.txt into
the logs subdirectory while also keeping it in its original location, enter cp
permissions.txt /home/analyst/logs.
• nano is a command-line file editor that is available by default in many Linux
distributions. Many beginners find it easy to use, and it’s widely used in the security
profession. You can perform multiple basic tasks in nano, such as creating new files
and modifying file contents. To open an existing file in nano from the directory that
contains it, enter nano followed by the file name. For example, entering nano
permissions.txt from the /home/analyst/reports directory opens a new nano editing
window with the permissions.txt file open for editing. You can also provide the absolute
file path to the file if you’re not in the directory that contains it. You can also create a
new file in nano by entering nano followed by a new file name. For example, entering
nano authorized_users.txt from the /home/analyst/reports directory creates the
authorized_users.txt file within that directory and opens it in a new nano editing
window. Since there isn't an auto-saving feature in nano, it’s important to save your
work before exiting. To save a file in nano, use the keyboard shortcut Ctrl + O. You’ll
be prompted to confirm the file name before saving. To exit out of nano, use the
keyboard shortcut Ctrl + X.
• > and >> when used with echo, the > and >> operators can be used to send the output
of echo to a specified file rather than the screen. The difference between the two is that
> overwrites your existing file, and >> adds your content to the end of the existing file
instead of overwriting it. The > operator should be used carefully, because it’s not easy
to recover overwritten files. When you’re inside the directory containing the
permissions.txt file, entering echo "last updated date" >> permissions.txt adds the
string “last updated date” to the file contents. Entering echo "time" > permissions.txt
after this command overwrites the entire file contents of permissions.txt with the string
“time”
Permissions
are the type of access granted for a file or directory. Permissions are related to authorization.
Permissions are granted for three different types of owners:
• User (u) is the owner of the file. When you create a file, you become the owner of the
file, but the ownership can be changed.
• Group (g) is the next type. Every user is a part of a certain group. A group consists of
several users, and this is one way to manage a multi-user environment. Finally, there is
other.
• Other (o) can be considered all other users on the system. Basically, anyone else with
access to the system belongs to this group.
In Linux, file permissions are represented with a 10-character string. For a directory with full
permissions for the user group, this string would be:

drwxrwxrwx.
As shown in this example, d is used to indicate it is a directory. If this character contains a
hyphen instead, it would be a regular file. The second, third, and fourth characters indicate the
permissions for the user. In this example, r indicates the user has read permissions, w indicates
the user has write permissions, and x indicates the user has execute permissions. If one of these
permissions was missing, there would be a hyphen instead of the letter. In the same way, the
fifth, sixth, and seventh characters indicate permissions for the next owner type group. As it
shows here, the type group also has read, write, and execute permissions. There are no hyphens
to indicate that any of these permissions haven't been granted. Finally, the eighth through tenth
characters indicate permissions for the last owner type: other. They also have read, write, and
execute permissions in this example.
Ensuring files and directories are set with their appropriate access permissions is critical to
protecting sensitive files and maintaining the overall security of a system. For example, payroll
departments handle sensitive information. If someone outside of the payroll group could read
this file, this would be a privacy concern. Another example is when the user, the group, and
other can all write to a file. This type of file is considered a world-writable file. World-writable
files can pose significant security risks.
Checking permissions involves adding options to the ls command:
• ls -l displays permissions to files and directories. You might also want to display hidden
files and identify their permissions.
• ls -a displays hidden files. Then you can combine these two options to do both.
 • ls -la displays permissions to files and directories, including hidden files.

Authorization
is the concept of granting access to specific resources in a system. Authorization allows you to
limit access to specified files or directories. A good rule to follow is that data access is on a
need-to-know basis. You can imagine the security risk it would impose if anyone could access
or modify anything they wanted to on a system
There are three types of permissions in Linux that an authorized user can have:
• Read (r) On a file, read permissions means contents on the file can be read. On a
directory, this permission means you can read all files in that directory.
• Write (w) permissions. Write permissions on a file allow modifications of contents of
the file. On a directory, write permissions indicate that new files can be created in that
directory.
• Execute (x) permissions. Execute permissions on files mean that the file can be
executed if it's an executable file. Execute permissions on directories allow users to
enter into a directory and access its files.

Change Permission (chmod)

chmod changes permissions on files and directories. The command chmod stands for change
mode.
Command would add all permissions to login_sessions.txt:

chmod u+rwx,g+rwx,o+rwx login_sessions.txt

If you wanted to take all the permissions away, you could use

chmod u-rwx,g-rwx,o-rwx login_sessions.txt

Using = with chmod sets, or assigns, the permissions exactly as specified. For example, the
following command would set read permissions for login_sessions.txt for user, group, and
other:

chmod u=r,g=r,o=r login_sessions.txt

Root user
A root user, or superuser, is a user with elevated privileges to modify the system. Regular users
have limitations, where the root does not. Individuals who need to perform specific tasks can
be temporarily added as root users. Root users can create, modify, or delete any file and run
any program. Only root users or accounts with root privileges can add new users. So you may
be wondering how you become a superuser.
Problem with logging in as root is the security risks:
• Malicious actors will try to breach the root account. Since it's the most powerful
account, to stay safe, the root account should have logins disabled.
• Very easy to make irreversible mistakes. It's very easy to type the wrong command
in the CLI, and if you're running as the root user, you run a higher risk of making an
irreversible mistake, such as permanently deleting a directory.
• Concern of accountability. In a multi-user environment like Linux, there are many
users. If a user is running as root, there is no way to track who exactly ran a command.
One solution to help solve this problem is sudo.

sudo
is a command that temporarily grants elevated permissions to specific users. This provides
more of a controlled approach compared to root, which runs every command with root
privileges. sudo solves lots of problems associated with running as root. sudo comes from
super-user-do and lets you execute commands as an elevated user without having to sign in
and out of another account. Running sudo will prompt you to enter the password for the user
you're currently logged in as. Not all users on a system can become a superuser. Users must be
granted sudo access through a configuration file called the sudoers file.
Adding and delete users with sudo:
• useradd. useradd adds a user to the system. Only root or users with sudo privileges can
use a useradd command. Let's look at a specific example in which we need to add a
user. For example, entering sudo useradd -g security fgarcia adds fgarcia as a new user
and assigns their primary group to be security.
• userdel. That user should no longer have access to the system. Let's delete that user
from the system. sudo command is used first, then we add the userdel command. Last,
we add the name of the user we want to delete. Entering sudo userdel -r fgarcia would
delete fgarcia as a user and delete all files in their home directory. When you create a
 new user in Linux, a group with the same name as the user is automatically created and
the user is the only member of that group. After removing users, it is good practice to
clean up any such empty groups that may remain behind.
• usermod command modifies existing user accounts. The same -g and -G options from
the useradd command can be used with usermod if a user already exists. To change the
primary group of an existing user, you need the -g option. For example, entering sudo
usermod -g executive fgarcia would change fgarcia’s primary group to the executive
group
• chown command changes ownership of a file or directory. You can use chown to
change user or group ownership. To change the user owner of the access.txt file to
fgarcia, enter sudo chown fgarcia access.txt. To change the group owner of access.txt
to security, enter sudo chown :security access.txt. You must enter a colon (:) before
security to designate it as a group name.

Authentication
is the process of a user proving that they are who they say they are in the system. Not all users
should be allowed in. Not all users should get access to the system. But we also want to make
sure everyone who should have access to the system has it. That's why we need to add users.
New users can be new to the organization or new to a group. This could be related to a change
in organizational structure or simply a directive from management to move someone. And also,
when users leave the organization, they need to be deleted. They should no longer have access
to any part of the system. Or if they simply changed groups, they should be deleted from groups
that they are no longer a part of.

Linux Guide Book

• man The man command displays information on other commands and how they work.
It’s short for “manual.” To search for information on a command, enter the command
after man. For example, entering

man chown
returns detailed information about chown, including the various options you can use
with it. The output of the man command is also called a “man page.”
• apropos The apropos command searches the man page descriptions for a specified
string. Man pages can be lengthy and difficult to search through if you’re looking for a
specific keyword. To use apropos, enter the keyword after apropos. You can also
include the -a option to search for multiple words. For example, entering

apropos -a graph editor

outputs man pages that contain both the words “graph" and "editor” in their
descriptions.
• whatis The whatis command displays a description of a command on a single line. For
example, entering

whatis nano
outputs the description of nano. This command is useful when you don't need a detailed
description, just a general idea of the command. This might be as a reminder. Or, it
might be after you discover a new command through a colleague or online resource and
want to know more.
BAB 4

Databases
database as an organized collection of information or data. Databases are often compared to
spreadsheets.
Databases advantages:
• Databases can be accessed by multiple people simultaneously
• Can store massive amounts of data.
• Databases can also perform complex tasks while accessing data
Using databases allow us to store large amounts of data while keeping it quick and easy to
access

Relational Database
is a structured database containing tables that are related to each other.

Primary Key
refers to a column where every row has a unique entry. The primary key must not have any
duplicate values, or any null or empty values. The primary key allows us to uniquely identify
every row in our table.

Foreign Key
is a column in a table that is a primary key in another table. Foreign keys, unlike primary keys,
can have empty values and duplicates. The foreign key allows us to connect two tables together.

Structured Query Language (SQL)

SQL is a programming language used to create, interact with, and request information from a
database. The different versions of SQL only have slight differences in their structure, like
where to place quotation marks
Query
is a request for data from a database table or a combination of tables. Nearly all relational
databases rely on some version of SQL to query data

Log
is a record of events that occur within an organization's systems. As a security analyst, you
might be tasked with reviewing logs for various reasons.

SELECT
indicates which columns to return.

FROM
indicates which table to query.

ORDER BY
is an important keyword for organizing the data you extract from a table. ORDER BY sequences
the records returned by a query based on a specified column or columns. Ascending order
SELECT customerid, city, country FROM customers ORDER BY city
ORDER BY also can be order by descending
SELECT customerid, city, country FROM customers ORDER BY city DESC;

Syntax
refers to the rules that determine what is correctly structured in a computing language. In SQL,
keywords are not case-sensitive, so you could also write select and from in lowercase, but we're
placing them in capital letters because it makes the query easier to understand. Another aspect
of this syntax is that semicolons are placed at the end of the statement.

Asterisk (*)
It means all
Qwiklabs SQL Shortcuts

Filtering
is selecting data that match a certain condition. Think of filtering as a way of only choosing
the data we want.
Operator

is a symbol or keyword that represents an operation. An example of an operator would be the

equal to operator. For example, if we wanted to find all records that have USA in the country
column, we use country = 'USA'

WHERE
indicates the condition for a filter. After the keyword WHERE, the specific condition is listed
using operators

SELECT firstname, lastname, title, email FROM employees WHERE

title = 'IT Staff%';

Wildcard (%) or (_)

for unspecified characters
• The percentage sign substitutes for any number of other characters.
• The underscore symbol only substitutes for one other character.

LIKE
is an operator used with WHERE to search for a pattern in a column. Since LIKE is an operator,
similar to the equal sign, we use it instead of the equal sign
 SELECT lastname, firstname, title, email FROM employees
WHERE title LIKE 'IT%';
String Data
is data consisting of an ordered sequence of characters. These characters could be numbers,
letters, or symbols. For example, you'll encounter string data in user names, such as a user
name: analyst10.

Numeric Data
is data consisting of numbers, such as a count of log-in attempts. Unlike strings, mathematical
operations can be used on numeric data, like multiplication or addition.

Date and Time Data

refers to data representing a date and/or time.

BETWEEN
is an operator that filters for numbers or dates within a range.

SELECT firstname, lastname, hiredate FROM employees WHERE

hiredate BETWEEN '2002-01-01' AND '2003-01-01';

AND
is an operator that specifies that both conditions must be met simultaneously.

SELECT firstname, lastname, email, country, supportrepid FROM

customers WHERE supportrepid = 5 AND country = 'USA';

OR
operator is an operator that specifies that either condition can be met. In a Venn diagram, let's
say each circle represents a condition. When they are joined with OR, SQL would select all
rows that satisfy one of the conditions. And it's also ok if it meets both conditions.
 SELECT firstname, lastname, email, country FROM customers
WHERE country = 'Canada' OR country = 'USA';
NOT
negates a condition. In a diagram, we can show this by selecting every entry that does not match
our condition.

SELECT firstname, lastname, email, country FROM customers

WHERE NOT country = 'USA';

INNER JOIN
returns rows matching on a specified column that exists in more than one table

SELECT * FROM employees INNER JOIN machines ON

employees.device_id = machines.device_id;

LEFT JOIN
returns all of the records of the first table, but only returns rows of the second table that match
on a specified column

SELECT * FROM employees LEFT JOIN machines ON

employees.device_id = machines.device_id;

RIGHT JOIN
returns all of the records of the second table but only returns rows from the first table that match
on a specified column.

SELECT * FROM employees RIGHT JOIN machines ON

employees.device_id = machines.device_id;
FULL OUTER JOIN
returns all records from both tables. Using our same example, a FULL OUTER JOIN returns
all columns from all tables. If a row doesn't have a value for a particular column, it returns
NULL.

SELECT * FROM employees FULL OUTER JOIN machines ON

employees.device_id = machines.device_id;

COUNT
returns a single number that represents the number of rows returned from your query.

SELECT COUNT(firstname) FROM customers;

AVG
returns a single number that represents the average of the numerical data in a column.

SELECT AVG(rating) FROM customers;

SUM
returns a single number that represents the sum of the numerical data in a column.

SELECT SUM(rating) FROM customers;