Compare operating systems

You previously explored why operating systems are an important part of how
a computer works. In this reading, you’ll compare some popular operating
systems used today. You’ll also focus on the risks of using legacy operating
systems.

Common operating systems

The following operating systems are useful to know in the security industry:
Windows, macOS®, Linux, ChromeOS, Android, and iOS.

Windows and macOS

Windows and macOS are both common operating systems. The Windows
operating system was introduced in 1985, and macOS was introduced in 1984.
Both operating systems are used in personal and enterprise computers.

Windows is a closed-source operating system, which means the source code is

not shared freely with the public. macOS is partially open source. It has some
open-source components, such as macOS’s kernel. macOS also has some
closed-source components.

Linux

The first version of Linux was released in 1991, and other major releases
followed in the early 1990s. Linux is a completely open-source operating
system, which means that anyone can access Linux and its source code. The
open-source nature of Linux allows developers in the Linux community to
collaborate.

Linux is particularly important to the security industry. There are some

distributions that are specifically designed for security. Later in this course,
you’ll learn about Linux and its importance to the security industry.

ChromeOS

ChromeOS launched in 2011. It’s partially open source and is derived from
Chromium OS, which is completely open source. ChromeOS is frequently used
in the education field.

Android and iOS

Android and iOS are both mobile operating systems. Unlike the other
operating systems mentioned, mobile operating systems are typically used in
mobile devices, such as phones, tablets, and watches. Android was introduced
for public use in 2008, and iOS was introduced in 2007. Android is open
source, and iOS is partially open source.

Operating systems and vulnerabilities

Security issues are inevitable with all operating systems. An important part of
protecting an operating system is keeping the system and all of its
components up to date.

Legacy operating systems

 A legacy operating system is an operating system that is outdated but still
being used. Some organizations continue to use legacy operating systems
because software they rely on is not compatible with newer operating
systems. This can be more common in industries that use a lot of equipment
that requires embedded software—software that’s placed inside components
of the equipment.

Legacy operating systems can be vulnerable to security issues because they’re

no longer supported or updated. This means that legacy operating systems
might be vulnerable to new threats.

Other vulnerabilities

Even when operating systems are kept up to date, they can still become
vulnerable to attack. Below are several resources that include information on
operating systems and their vulnerabilities.

 Microsoft Security Response Center (MSRC): A list of known vulnerabilities

affecting Microsoft products and services
 Apple Security Updates: A list of security updates and information for Apple®
operating systems, including macOS and iOS, and other products
 Common Vulnerabilities and Exposures (CVE) Report for Ubuntu: A list of
known vulnerabilities affecting Ubuntu, which is a specific distribution of
Linux
 Google Cloud Security Bulletin: A list of known vulnerabilities affecting Google
Cloud products and services
Keeping an operating system up to date is one key way to help the system stay
secure. Because it can be difficult to keep all systems updated at all times, it’s
important for security analysts to be knowledgeable about legacy operating
systems and the risks they can create.

Key takeaways

Windows, macOS, Linux, ChromeOS, Android, and iOS are all commonly used
operating systems. Security analysts should be aware of vulnerabilities that
affect operating systems. It’s especially important for security analysts to be
familiar with legacy operating systems, which are systems that are outdated
but still being used.

Requests to the operating system

Operating systems are a critical component of a computer. They make
connections between applications and hardware to allow users to perform
tasks. In this reading, you’ll explore this complex process further and consider
it using a new analogy and a new example.

Booting the computer

When you boot, or turn on, your computer, either a BIOS or UEFI microchip is
activated. The Basic Input/Output System (BIOS) is a microchip that
contains loading instructions for the computer and is prevalent in older
systems. The Unified Extensible Firmware Interface (UEFI) is a microchip
that contains loading instructions for the computer and replaces BIOS on
more modern systems.

The BIOS and UEFI chips both perform the same function for booting the
computer. BIOS was the standard chip until 2007, when UEFI chips increased
in use. Now, most new computers include a UEFI chip. UEFI provides
enhanced security features.

The BIOS or UEFI microchips contain a variety of loading instructions for the
computer to follow. For example, one of the loading instructions is to verify
the health of the computer’s hardware.

The last instruction from the BIOS or UEFI activates the bootloader. The
bootloader is a software program that boots the operating system. Once the
operating system has finished booting, your computer is ready for use.

Completing a task

As previously discussed, operating systems help us use computers more

efficiently. Once a computer has gone through the booting process, completing
a task on a computer is a four-part process.

User
The first part of the process is the user. The user initiates the process by
having something they want to accomplish on the computer. Right now, you’re
a user! You’ve initiated the process of accessing this reading.

Application

The application is the software program that users interact with to complete a
task. For example, if you want to calculate something, you would use the
calculator application. If you want to write a report, you would use a word
processing application. This is the second part of the process.

Operating system

The operating system receives the user’s request from the application. It’s the
operating system’s job to interpret the request and direct its flow. In order to
complete the task, the operating system sends it on to applicable components
of the hardware.

Hardware

The hardware is where all the processing is done to complete the tasks
initiated by the user. For example, when a user wants to calculate a number,
the CPU figures out the answer. As another example, when a user wants to
save a file, another component of the hardware, the hard drive, handles this
task.

After the work is done by the hardware, it sends the output back through the
operating system to the application so that it can display the results to the
user.
The OS at work behind the scenes

Consider once again how a computer is similar to a car. There are processes
that someone won’t directly observe when operating a car, but they do feel it
move forward when they press the gas pedal. It’s the same with a computer.
Important work happens inside a computer that you don’t experience directly.
This work involves the operating system.

You can explore this through another analogy. The process of using an
operating system is also similar to ordering at a restaurant. At a restaurant
you place an order and get your food, but you don’t see what’s happening in
the kitchen when the cooks prepare the food.

Ordering food is similar to using an application on a computer. When you

order your food, you make a specific request like “a small soup, very hot.”
When you use an application, you also make specific requests like “print three
double-sided copies of this document.”

You can compare the food you receive to what happens when the hardware
sends output. You receive the food that you ordered. You receive the
document that you wanted to print.

Finally, the kitchen is like the OS. You don’t know what happens in the kitchen,
but it’s critical in interpreting the request and ensuring you receive what you
ordered. Similarly, though the work of the OS is not directly transparent to
you, it’s critical in completing your tasks.

An example: Downloading a file from an internet browser

 Previously, you explored how operating systems, applications, and hardware
work together by examining a task involving a calculation. You can expand
this understanding by exploring how the OS completes another task,
downloading a file from an internet browser:

 First, the user decides they want to download a file that they found online, so
they click on a download button near the file in the internet browser
application.
 Then, the internet browser communicates this action to the OS.
 The OS sends the request to download the file to the appropriate hardware for
processing.
 The hardware begins downloading the file, and the OS sends this information
to the internet browser application. The internet browser then informs the
user when the file has been downloaded.

Key takeaways

Although it operates in the background, the operating system is an essential

part of the process of using a computer. The operating system connects
applications and hardware to allow users to complete a task.
Virtualization technology
You've explored a lot about operating systems. One more aspect to consider is
that operating systems can run on virtual machines. In this reading, you’ll
learn about virtual machines and the general concept of virtualization. You’ll
explore how virtual machines work and the benefits of using them.

What is a virtual machine?

A virtual machine (VM) is a virtual version of a physical computer. Virtual

machines are one example of virtualization. Virtualization is the process of
using software to create virtual representations of various physical machines.
The term “virtual” refers to machines that don’t exist physically, but operate
like they do because their software simulates physical hardware. Virtual
systems don’t use dedicated physical hardware. Instead, they use software-
defined versions of the physical hardware. This means that a single virtual
machine has a virtual CPU, virtual storage, and other virtual hardware. Virtual
systems are just code.

You can run multiple virtual machines using the physical hardware of a single
computer. This involves dividing the resources of the host computer to be
shared across all physical and virtual components. For example, Random
Access Memory (RAM) is a hardware component used for short-term
memory. If a computer has 16GB of RAM, it can host three virtual machines so
that the physical computer and virtual machines each have 4GB of RAM. Also,
each of these virtual machines would have their own operating system and
function similarly to a typical computer.

Benefits of virtual machines

Security professionals commonly use virtualization and virtual machines.

Virtualization can increase security for many tasks and can also increase
efficiency.

Security

One benefit is that virtualization can provide an isolated environment, or a

sandbox, on the physical host machine. When a computer has multiple virtual
machines, these virtual machines are “guests” of the computer. Specifically,
they are isolated from the host computer and other guest virtual machines.
This provides a layer of security, because virtual machines can be kept
separate from the other systems. For example, if an individual virtual machine
becomes infected with malware, it can be dealt with more securely because
it’s isolated from the other machines. A security professional could also
intentionally place malware on a virtual machine to examine it in a more
secure environment.

Note: Although using virtual machines is useful when investigating potentially

infected machines or running malware in a constrained environment, there
are still some risks. For example, a malicious program can escape
virtualization and access the host machine. This is why you should never
completely trust virtualized systems.

Efficiency
Using virtual machines can also be an efficient and convenient way to perform
security tasks. You can open multiple virtual machines at once and switch
easily between them. This allows you to streamline security tasks, such as
testing and exploring various applications.

You can compare the efficiency of a virtual machine to a city bus. A single city
bus has a lot of room and is an efficient way to transport many people
simultaneously. If city buses didn’t exist, then everyone on the bus would have
to drive their own cars. This uses more gas, cars, and other resources than
riding the city bus.

Similar to how many people can ride one bus, many virtual machines can be
hosted on the same physical machine. That way, separate physical machines
aren't needed to perform certain tasks.

Managing virtual machines

Virtual machines can be managed with a software called a hypervisor.

Hypervisors help users manage multiple virtual machines and connect the
virtual and physical hardware. Hypervisors also help with allocating the
shared resources of the physical host machine to one or more virtual
machines.

One hypervisor that is useful for you to be familiar with is the Kernel-based
Virtual Machine (KVM). KVM is an open-source hypervisor that is supported
by most major Linux distributions. It is built into the Linux kernel, which
means it can be used to create virtual machines on any machine running a
Linux operating system without the need for additional software.
Other forms of virtualization

In addition to virtual machines, there are other forms of virtualization. Some

of these virtualization technologies do not use operating systems. For
example, multiple virtual servers can be created from a single physical server.
Virtual networks can also be created to more efficiently use the hardware of a
physical network.

Key takeaways

Virtual machines are virtual versions of physical computers and are one
example of virtualization. Virtualization is a key technology in the security
industry, and it’s important for security analysts to understand the basics.
There are many benefits to using virtual machines, such as isolation of
malware and other security risks. However, it’s important to remember
there’s still a risk of malicious software escaping their virtualized
environments.
The command line in use
Previously, you explored graphical user interfaces (GUI) and command-line
interfaces (CLI). In this reading, you’ll compare these two interfaces and learn
more about how they’re used in cybersecurity.

CLI vs. GUI

A graphical user interface (GUI) is a user interface that uses icons on the
screen to manage different tasks on the computer. A command-line interface
(CLI) is a text-based user interface that uses commands to interact with the
computer.

Display

One notable difference between these two interfaces is how they appear on
the screen. A GUI has graphics and icons, such as the icons on your desktop or
taskbar for launching programs. In contrast, a CLI only has text. It looks
similar to lines of code.

Function

These two interfaces also differ in how they function. A GUI is an interface that
only allows you to make one request at a time. However, a CLI allows you to
make multiple requests at a time.

Advantages of a CLI in cybersecurity

The choice between using a GUI or CLI is partly based on personal preference,
but security analysts should be able to use both interfaces. Using a CLI can
provide certain advantages.

Efficiency

Some prefer the CLI because it can be used more quickly when you know how
to manage this interface. For a new user, a GUI might be more efficient
because they’re easier for beginners to navigate.

Because a CLI can accept multiple requests at one time, it’s more powerful
when you need to perform multiple tasks efficiently. For example, if you had
to create multiple new files in your system, you could quickly perform this
task in a CLI. If you were using a GUI, this could take much longer, because you
have to repeat the same steps for each new file.

History file

For security analysts, using the Linux CLI is helpful because it records a
history file of all the commands and actions in the CLI. If you were using a GUI,
your actions are not necessarily saved in a history file.

For example, you might be in a situation where you’re responding to an

incident using a playbook. The playbook’s instructions require you to run a
series of different commands. If you used a CLI, you’d be able to go back to the
history and ensure all of the commands were correctly used. This could be
helpful if there were issues using the playbook and you had to review the
steps you performed in the command line.
Additionally, if you suspect an attacker has compromised your system, you
might be able to trace their actions using the history file.

Key takeaways

GUIs and CLIs are two types of user interfaces that security analysts should be
familiar with. There are multiple differences between a GUI and a CLI,
including their displays and how they function. When working in
cybersecurity, a CLI is often preferred over a GUI because it can handle
multiple tasks simultaneously and it includes a history file.

Linux architecture explained

Understanding the Linux architecture is important for a security analyst.
When you understand how a system is organized, it makes it easier to
understand how it functions. In this reading, you’ll learn more about the
individual components in the Linux architecture. A request to complete a task
starts with the user and then flows through applications, the shell, the
Filesystem Hierarchy Standard, the kernel, and the hardware.

User

The user is the person interacting with a computer. They initiate and manage
computer tasks. Linux is a multi-user system, which means that multiple users
can use the same resources at the same time.
Applications

An application is a program that performs a specific task. There are many

different applications on your computer. Some applications typically come
pre-installed on your computer, such as calculators or calendars. Other
applications might have to be installed, such as some web browsers or email
clients. In Linux, you'll often use a package manager to install applications. A
package manager is a tool that helps users install, manage, and remove
packages or applications. A package is a piece of software that can be
combined with other packages to form an application.

Shell

The shell is the command-line interpreter. Everything entered into the shell is
text based. The shell allows users to give commands to the kernel and receive
responses from it. You can think of the shell as a translator between you and
your computer. The shell translates the commands you enter so that the
computer can perform the tasks you want.

Filesystem Hierarchy Standard (FHS)

The Filesystem Hierarchy Standard (FHS) is the component of the Linux OS

that organizes data. It specifies the location where data is stored in the
operating system.

A directory is a file that organizes where other files are stored. Directories
are sometimes called “folders,” and they can contain files or other directories.
The FHS defines how directories, directory contents, and other storage is
organized so the operating system knows where to find specific data.
Kernel

The kernel is the component of the Linux OS that manages processes and
memory. It communicates with the applications to route commands. The
Linux kernel is unique to the Linux OS and is critical for allocating resources in
the system. The kernel controls all major functions of the hardware, which can
help get tasks expedited more efficiently.

Hardware

The hardware is the physical components of a computer. You might be

familiar with some hardware components, such as hard drives or CPUs.
Hardware is categorized as either peripheral or internal.

Peripheral devices

Peripheral devices are hardware components that are attached and

controlled by the computer system. They are not core components needed to
run the computer system. Peripheral devices can be added or removed freely.
Examples of peripheral devices include monitors, printers, the keyboard, and
the mouse.

Internal hardware

Internal hardware are the components required to run the computer.

Internal hardware includes a main circuit board and all components attached
to it. This main circuit board is also called the motherboard. Internal
hardware includes the following:
 The Central Processing Unit (CPU) is a computer’s main processor, which is
used to perform general computing tasks on a computer. The CPU executes
the instructions provided by programs, which enables these programs to run.
 Random Access Memory (RAM) is a hardware component used for short-
term memory. It’s where data is stored temporarily as you perform tasks on
your computer. For example, if you’re writing a report on your computer, the
data needed for this is stored in RAM. After you’ve finished writing the report
and closed down that program, this data is deleted from RAM. Information in
RAM cannot be accessed once the computer has been turned off. The CPU
takes the data from RAM to run programs.
 The hard drive is a hardware component used for long-term memory. It’s
where programs and files are stored for the computer to access later.
Information on the hard drive can be accessed even after a computer has been
turned off and on again. A computer can have multiple hard drives.

Key takeaways

It’s important for security analysts to understand the Linux architecture and
how these components are organized. The components of the Linux
architecture are the user, applications, shell, Filesystem Hierarchy Standard,
kernel, and hardware. Each of these components is important in how Linux
functions.
More Linux distributions
Previously, you were introduced to the different distributions of Linux. This
included KALI LINUX ™. (KALI LINUX ™ is a trademark of OffSec.) In addition
to KALI LINUX ™, there are multiple other Linux distributions that security
analysts should be familiar with. In this reading, you’ll learn about additional
Linux distributions.

KALI LINUX ™

KALI LINUX ™ is an open-source distribution of Linux that is widely used in

the security industry. This is because KALI LINUX ™, which is Debian-based, is
pre-installed with many useful tools for penetration testing and digital
forensics. A penetration test is a simulated attack that helps identify
vulnerabilities in systems, networks, websites, applications, and processes.
Digital forensics is the practice of collecting and analyzing data to determine
what has happened after an attack. These are key activities in the security
industry.

However, KALI LINUX ™ is not the only Linux distribution that is used in
cybersecurity.

Ubuntu

Ubuntu is an open-source, user-friendly distribution that is widely used in

security and other industries. It has both a command-line interface (CLI) and a
graphical user interface (GUI). Ubuntu is also Debian-derived and includes
common applications by default. Users can also download many more
applications from a package manager, including security-focused tools.
Because of its wide use, Ubuntu has an especially large number of community
resources to support users.

Ubuntu is also widely used for cloud computing. As organizations migrate to

cloud servers, cybersecurity work may more regularly involve Ubuntu
derivatives.

Parrot

Parrot is an open-source distribution that is commonly used for security.

Similar to KALI LINUX ™, Parrot comes with pre-installed tools related to
penetration testing and digital forensics. Like both KALI LINUX ™ and Ubuntu,
it is based on Debian.

Parrot is also considered to be a user-friendly Linux distribution. This is

because it has a GUI that many find easy to navigate. This is in addition to
Parrot’s CLI.

Red Hat® Enterprise Linux®

Red Hat Enterprise Linux is a subscription-based distribution of Linux built

for enterprise use. Red Hat is not free, which is a major difference from the
previously mentioned distributions. Because it’s built and supported for
enterprise use, Red Hat also offers a dedicated support team for customers to
call about issues.

AlmaLinux

AlmaLinux is a community-driven Linux distribution that was created as a

stable replacement for CentOS. CentOS was an open-source distribution that is
closely related to Red Hat, and its final stable release, CentOS 8, was in
December 2021. CentOS used source code published by Red Hat to provide a
similar platform. AlmaLinux is designed to be a drop-in replacement for
CentOS 8. This ensures that applications and configurations that worked on
CentOS will continue to function on AlmaLinux.

Key takeaways

KALI LINUX ™, Ubuntu, Parrot, Red Hat, and CentOS are all widely used Linux
distributions. It’s important for security analysts to be aware of these
distributions that they might encounter in their career.

Package managers for installing

applications
Previously, you learned about Linux distributions and that different
distributions derive from different sources, such as Debian or Red Hat
Enterprise Linux distribution. You were also introduced to package managers,
and learned that Linux applications are commonly distributed through
package managers. In this reading, you’ll apply this knowledge to learn more
about package managers.

Introduction to package managers

A package is a piece of software that can be combined with other packages to

form an application. Some packages may be large enough to form applications
on their own.
Packages contain the files necessary for an application to be installed. These
files include dependencies, which are supplemental files used to run an
application.

Package managers can help resolve any issues with dependencies and
perform other management tasks. A package manager is a tool that helps
users install, manage, and remove packages or applications. Linux uses
multiple package managers.

Note: It’s important to use the most recent version of a package when
possible. The most recent version has the most up-to-date bug fixes and
security patches. These help keep your system more secure.

Types of package managers

Many commonly used Linux distributions are derived from the same parent
distribution. For example, KALI LINUX ™, Ubuntu, and Parrot all come from
Debian. CentOS comes from Red Hat.

This knowledge is useful when installing applications because certain package

managers work with certain distributions. For example, the Red Hat Package
Manager (RPM) can be used for Linux distributions derived from Red Hat, and
package managers such as dpkg can be used for Linux distributions derived
from Debian.

Different package managers typically use different file extensions. For

example, Red Hat Package Manager (RPM) has files which use the .rpm file
extension, such as Package-Version-Release_Architecture.rpm. Package
managers for Debian-derived Linux distributions, such as dpkg, have files
which use the .deb file extension, such as Package_Version-
Release_Architecture.deb.

Package management tools

In addition to package managers like RPM and dpkg, there are also package
management tools that allow you to easily work with packages through the
shell. Package management tools are sometimes utilized instead of package
managers because they allow users to more easily perform basic tasks, such as
installing a new package. Two notable tools are the Advanced Package Tool
(APT) and Yellowdog Updater Modified (YUM).

Advanced Package Tool (APT)

APT is a tool used with Debian-derived distributions. It is run from the

command-line interface to manage, search, and install packages.

Yellowdog Updater Modified (YUM)

YUM is a tool used with Red Hat-derived distributions. It is run from the
command-line interface to manage, search, and install packages. YUM works
with .rpm files.

Key takeaways

A package is a piece of software that can be combined with other packages to

form an application. Packages can be managed using a package manager.
There are multiple package managers and package management tools for
different Linux distributions. Package management tools allow users to easily
work with packages through the shell. Debian-derived Linux distributions use
package managers like dpkg as well as package management tools like
Advanced Package Tool (APT). Red Hat-derived distributions use the Red Hat
Package Manager (RPM) or tools like Yellowdog Updater Modified (YUM).

Resources for completing Linux labs

Qwiklabs has updated their terms of services to include an age requirement of
18+ to use the platform, in order to comply with regulations in the US and EU.
Learners without access to Qwiklabs are still able to complete the certification
and gain the badge by reviewing the Qwiklab instructions, exemplars, and
participating in other hands-on activities throughout the certificate. This
participation is essential to understanding the certificate’s concepts and
preparing learners for graded assessments.

This course features hands-on lab activities where you’ll have the opportunity
to practice Linux commands in the terminal. You’ll use a platform called
Qwiklabs to complete these labs. In this reading, you’ll learn how to use
Qwiklabs.

This reading first provides a section on how to use Qwiklabs, which includes
details on how to launch a lab, how to interact within the Qwiklabs
environment, and how to end a lab. This is followed by another section on
helpful navigation tips and keyboard shortcuts; these may be useful when
working in the terminal.

Note: You will not launch Qwiklabs directly from this reading and instead will
do this through lab activities and exemplars that you encounter throughout
the course.

How to use Qwiklabs

Launching Qwiklabs

When you select a lab, you start from a Coursera page. You will need to click
Launch App on that page. After you click Launch App, a new tab will open
with a Qwiklabs page that contains instructions for that particular lab.

Start Lab button

On the Qwiklabs page, you must click Start Lab to open a temporary terminal.
The instructions for the lab will move to the right side of the screen.

Read the instructions and complete all the tasks in the lab by entering
commands in the terminal.

Note: It may take a moment for the terminal to start.

Lab control dialog box

After you click Start Lab, the lab control dialog box opens. It contains the End
Lab button, the timer, and the Open Linux Console button.

You can hide or unhide the dialog box by clicking the following icon in the red
box:

The timer

The timer starts when the terminal has loaded. The timer keeps track of the
amount of time you have left to complete a lab. The timer counts down until it
reaches 00:00:00. When it does, your temporary terminal and resources are
deleted.

You will have ample time to complete the labs. But, stay focused on
completing the tasks to ensure you use your time well.

Open Linux Console button

When you click the button to Open Linux Console, the terminal opens in a
new browser window:

Use this feature if you want a full-screen view of the terminal. You can close
this window at any time. Closing the window does not end your lab, and you
can continue working in the terminal in the original tab.

Check progress
You can check your progress by clicking Check my progress at the end of
each task.

If you haven’t yet completed a task, you’ll receive hints on what you must do
to complete it.

You can click Check my progress whenever you want to check the
completion status of a task or receive a hint.

Using copy/paste commands

The first time you try to use copy or paste keyboard shortcuts (such as CTRL
+ C), you’ll receive a pop-up requesting permission to use your device’s
clipboard: “googlecoursera.qwiklabs.com wants to see text and images
copied to the clipboard.” Please click Allow if you would like to be able to
use these shortcuts in the Qwiklabs platform. If you choose not to allow
Qwiklabs access to your clipboard, you cannot use keyboard shortcuts but you
can still complete the lab.

Code block

Certain steps may include a code block. Click the copy button to copy the code
provided and then paste it into the terminal.

To paste code or other text content that you have copied from the instructions
into the terminal, activate the terminal by clicking anywhere inside it. The
terminal is active when the cursor in the terminal changes from a static empty
outline to a flashing solid block.

Once the terminal is active, use the keyboard shortcut CTRL + V (hold down
the CTRL key and press the V key) to insert the copied text into the terminal
at the location of the flashing cursor.

Scrolling

In certain situations, you may want to scroll within the terminal window. To
do so, use the scroll wheel on your mouse or the touchpad of your computer.

End Lab button

Finally, click End Lab when you’ve completed the tasks in the lab.

Note: Don't click End Lab until you're finished; you'll lose access to the work
you've done throughout the lab.

Tracking progress on Coursera

If you complete a lab but your progress hasn’t been tracked on Coursera, you
may need to refresh the page for your progress to be registered. Once you
complete the lab and refresh the page, the green check mark should appear.

Helpful navigation tips and keyboard shortcuts

 The following contains a list of navigation tips and keyboard shortcuts you
may find useful when completing your Linux labs. Your cursor must be in the
terminal window to use these navigation tips and keyboard shortcuts.

 CTRL + C: Terminates a command that is currently running; from the

instructions portion of Qwiklabs, you can use CTRL + C to copy, but within the
terminal, it will only terminate a command and if one isn't running, it will
display ^C at the prompt
 CTRL + V: Pastes text
 clear: Clears the terminal screen; this can also be done by entering CTRL + L
 CTRL + A: Sets your cursor at the beginning of a command
 CTRL + E: Sets your cursor at the end of a command
 Left arrow key: Moves left within a command
 Right arrow key: Moves right within a command
 Up arrow key: Provides the last command you entered into the command
line; can be entered multiple times to go through multiple commands from the
command history
 Down arrow key: Provides the next command in the command history; must
be after using the up arrow key
 Tab key: Provides available suggestions for completing your text

Key takeaways

Knowing how to navigate Qwiklabs will be useful as you complete the labs
throughout this course. These labs can help you practice what you’ve learned
in an interactive environment.
Lab tips and troubleshooting steps
Qwiklabs has updated their terms of services to include an age requirement of
18+ to use the platform, in order to comply with regulations in the US and EU.
Learners without access to Qwiklabs are still able to complete the certification
and gain the badge by reviewing the Qwiklab instructions, exemplars, and
participating in other hands-on activities throughout the certificate. This
participation is essential to understanding the certificate’s concepts and
preparing learners for graded assessments.

Throughout this certificate you will use Qwiklabs and Jupyter Notebooks to
complete hands-on activities that include Linux command line, packet
capture, and Python programming tasks. In this reading, we will cover some
tips and troubleshooting steps for using Qwiklabs and Jupyter Notebooks on
your computer.

Browser compatibility

Make sure your internet browser is updated regularly. Qwiklabs and Jupyter
Notebooks require the latest version of Google Chrome, Firefox, or Microsoft
Edge. If your browser is outdated or you are using a browser that is not
supported by Qwiklabs or Jupyter Notebooks, you may encounter a problem.
If your browser is up to date and you are using one of the browsers listed
above and still encountering problems try restarting your browser or clearing
your browser’s cache and cookies. You can also use incognito mode which
prevents your browser from storing cookies and other temporary data.

Note: The Qwiklabs user interface works best with Google Chrome.
 Internet connection

Qwiklabs and Jupyter Notebooks require a stable internet connection. If you

are experiencing problems starting or completing Qwiklabs or Jupyter
Notebooks, your internet connection may be slow or unreliable. Some signs of
an unstable internet connection may be freezing labs, difficulty connecting to
virtual machines, or the inability to type or enter commands within the lab
environment.

Pro Tip: If you are unable to complete a Qwiklab or Jupyter Notebooks lab on
one device, try using another device.

Troubleshooting steps

To summarize, here are the troubleshooting steps to try if you encounter a

problem with Qwiklabs or Jupyter Notebooks.

1. Make sure you are using the latest version of a supported browser: Google
Chrome, Firefox, or Microsoft Edge.

2. Restart your browser and clear your browser’s cache and cookies. You can
also use incognito mode.

3. Check your internet connection and make sure it is stable. You can try
restarting your router and modem to regain a stable connection.

4. Try restarting Qwiklabs or Jupyter Notebooks again.

5. For Qwiklabs only: If problems persist or you receive a message stating that
you have exceeded the quota for a Qwiklab, submit this form to Qwiklabs
support for assistance.

Activity: Install software in a Linux

distribution
experimentLabschedule1 houruniversal_currency_altNo
costshow_chartIntroductory

infoThis lab may incorporate AI tools to support your learning.

Activity overview

In this lab activity, you’ll use the Advanced Package Tool (APT) and sudo to
install and uninstall applications in a Linux Bash shell.

While installing Linux applications can be a complex task, the APT package
manager manages most of this complexity for you and allows you to quickly
and reliably manage the applications in a Linux environment.
You'll use Suricata and tcpdump as an example. These are network security
applications that can be used to capture and analyze network traffic.

The virtual machine you access in this lab has a Debian-based distribution of
Linux running, and that works with the APT package manager. Using a virtual
machine prevents damage to a system in the event its tools are used
improperly. It also gives you the ability to revert to a previous state.

As a security analyst, it's likely you'll need to know how to install and manage
applications on a Linux operating system. In this lab activity, you’ll learn how
to do exactly that!

Scenario

Your role as a security analyst requires that you have the Suricata and
tcpdump network security applications installed on your system.

In this scenario, you have to install, uninstall, and reinstall these applications
on your Linux Bash shell. You also need to confirm that you’ve installed them
correctly.

Here’s how you'll do this: First, you’ll confirm that APT is installed on your
Linux Bash shell. Next, you’ll use APT to install the Suricata application and
confirm that it is installed. Then, you’ll uninstall the Suricata application and
confirm this as well. Next, you’ll install the tcpdump application and list the
applications currently installed. Finally, you’ll reinstall the Suricata
application and confirm that both applications are installed.

OK, it's time to learn how to install some applications!

Note: The lab starts with your user account, called analyst, already logged in to
the Bash shell. This means you can start with the tasks as soon as you click
the Start Lab button.Disclaimer: For optimal performance and compatibility,
it is recommended to use either Google Chrome or Mozilla Firefox browsers
while accessing the labs.

Start your lab

You'll need to start the lab before you can access the materials. To do this,
click the green “Start Lab” button at the top of the screen.

After you click the Start Lab button, you will see a shell, where you will be
performing further steps in the lab. You should have a shell like this:
 When you have completed all the tasks, refer to the End your Lab section that
follows the tasks for information on how to end your lab.

Task 1. Ensure that APT is installed

First, you’ll check that the APT application is installed so that you can use it to
manage applications. The simplest way to do this is to run the apt command in
the Bash shell and check the response.

The Bash shell is the command-line interpreter currently open on the left side
of the screen. You’ll use the Bash shell by typing commands after the prompt.
The prompt is represented by a dollar sign ($) followed by the input cursor.

 Confirm that the APT package manager is installed in your Linux environment.
To do this, type apt after the command-line prompt and press ENTER.
When installed, apt displays basic usage information when you run it. This
includes the version information and a description of the tool:

apt 1.8.2.3 (amd64)

Usage: apt [options] command

apt is a commandline package manager and provides commands for

searching and managing as well as querying information about packages.
It provides the same functionality as the specialized APT tools,
like apt-get and apt-cache, but enables options more suitable for
interactive use by default.
...
APT is already installed by default in the Linux Bash shell in this lab because
this is a Debian-based system. APT is also the recommended package manager
for Debian. If you’re using another distribution, a different package manager,
such as YUM, may be available instead.

Click Check my progress to verify that you have completed this task correctly.

Ensure that APT is installed

Check my progress

Task 2. Install and uninstall the Suricata application

In this task, you must install Suricata, a network analysis tool used for
intrusion detection, and verify that it installed correctly. Then, you’ll uninstall
the application.

1. Use the APT package manager to install the Suricata application.

Type sudo apt install suricata after the command-line prompt and
press ENTER.

Note: The apt install and apt remove commands must be prefixed with
the sudo command as elevated privileges are required to install and uninstall
software in Linux.

The Suricata application can take a few minutes to install.

When you install an application with APT, the output displays details of all the
software to be installed. This may include additional applications that depend
on the new software. These additional applications are called the
dependencies of the software to be installed.

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)

2. Verify that Suricata is installed by running the newly installed

application.
Type suricata after the command-line prompt and press ENTER.

When Suricata is installed, version and usage information is listed:

Suricata 4.1.2
USAGE: suricata [OPTIONS] [BPF FILTER]
 -c : path to configuration file
-T : test configuration file (use with -c)
...
3. Use the APT package manager to uninstall Suricata.
Type sudo apt remove suricata after the command-line prompt and
press ENTER. Press ENTER (Yes) when prompted to continue.

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)

4. Verify that Suricata has been uninstalled by running the application

command again.
Type suricata after the command-line prompt and press ENTER.

If you have uninstalled Suricata, the output is an error message:

-bash: /usr/bin/suricata: No such file or directory

This message indicates that Suricata can't be found anymore.

Click Check my progress to verify that you have completed this task correctly.

Install and uninstall the Suricata application

Check my progress

Task 3. Install the tcpdump application

 In this task, you must install the tcpdump application. This is a command-line
tool that can be used to capture network traffic in a Linux Bash shell.

 Use the APT package manager to install tcpdump.

Type sudo apt install tcpdump after the command-line prompt and
press ENTER.

Click Check my progress to verify that you have completed this task correctly.

Install the tcpdump application

Check my progress

Task 4. List the installed applications

Next, you need to confirm that you’ve installed the required applications. It's
important to be able to validate that the correct applications are installed.
Often you may want to check that the correct versions are installed as well.

1. Use the APT package manager to list all installed applications.

Type apt list --installed after the command-line prompt and press ENTER.

This produces a long list of applications because Linux has a lot of software
installed by default.

2. Search through the list to find the tcpdump application you installed.
The Suricata application is not listed because you installed and then
uninstalled that application:

...
tcpdump/oldstable,now 4.9.3-1~deb10u2 amd64 [installed]
...
Note: The specific version of tcpdump that you see displayed may be different
from what is shown above.

Click Check my progress to verify that you have completed this task correctly.

List the installed applications

Check my progress

Task 5. Reinstall the Suricata application

In this task, you must reinstall the Suricata application and verify that it has
installed correctly.

1. Run the command to install the Suricata application.

Type sudo apt install suricata after the command-line prompt and
press ENTER.

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)
 2. Use the APT package manager to list the installed applications.
Type apt list --installed after the command-line prompt and press ENTER.

3. Search through the list to confirm that the Suricata application has been
installed.
The output should include the following lines:

...
suricata/oldstable,now 1:4.1.2-2+deb10u1 amd64 [installed]
...
tcpdump/oldstable,now 4.9.3-1~deb10u2 amd64 [installed]
...
Click Check my progress to verify that you have completed this task correctly.

Reinstall the Suricata application

Check my progress

Conclusion

Great work!

You now have practical experience with the APT package manager. You
learned to

 install applications,
 uninstall applications, and
 list installed applications.
Being able to manage installed applications in Linux is a key skill for any
security analyst.

End your lab

Before you end the lab, make sure you’re satisfied that you’ve completed all
the tasks, and follow these steps:

1. Click End Lab. A pop-up box will appear. Click Submit to confirm that
you're done. Ending the lab will remove your access to the Bash shell.
You won’t be able to access the work you've completed in it again.
2. Another pop-up box will ask you to rate the lab and provide feedback
comments. You can complete this if you choose to.
3. Close the browser tab containing the lab to return to your course.
4. Refresh the browser tab for the course to mark the lab as complete.

Exemplar: Install software in a Linux

distribution
Activity overview
In this lab activity, you used the Advanced Package Tool (APT) and sudo to
install and uninstall applications in a Linux Bash shell.

While installing Linux applications can be a complex task, the APT package
manager manages most of this complexity for you and allows you to quickly
and reliably manage the applications in a Linux environment.

You used Suricata and tcpdump as an example. These are network security
applications that can be used to capture and analyze network traffic.

The virtual machine you accessed in this lab has a Debian-based distribution
of Linux running, and that works with the APT package manager. Using a
virtual machine prevents damage to a system in the event its tools are used
improperly. It also gives you the ability to revert to a previous state.

As a security analyst, it's likely you'll need to know how to install and manage
applications on a Linux operating system. In this lab activity, you’ll learn how
to do exactly that!

This exemplar is a walkthrough of the previous Qwiklab activity, including

detailed instructions and solutions. You may use this exemplar if you were
unable to complete the lab and/or you need extra guidance in competing lab
tasks. You may also refer to this exemplar to prepare for the graded quiz in
this module.

Scenario
Your role as a security analyst requires that you have the Suricata and
tcpdump network security applications installed on your system.

In this scenario, you have to install, uninstall, and reinstall these applications
on your Linux Bash shell. You also need to confirm that you’ve installed them
correctly.

Here’s how you'll do this: First, you’ll confirm that APT is installed on your
Linux Bash shell. Next, you’ll use APT to install the Suricata application and
confirm that it is installed. Then, you’ll uninstall the Suricata application and
confirm this as well. Next, you’ll install the tcpdump application and list the
applications currently installed. Finally, you’ll reinstall the Suricata
application and confirm that both applications are installed.

OK, it's time to learn how to install some applications!

Note: The lab starts with your user account, called analyst, already logged in to
the Bash shell. This means you can start with the tasks as soon as you click
the Start Lab button.

Task 1. Ensure that APT is installed

First, you’ll check that the APT application is installed so that you can use it to
manage applications. The simplest way to do this is to run the apt command in
the Bash shell and check the response.

The Bash shell is the command-line interpreter currently open on the left side
of the screen. You’ll use the Bash shell by typing commands after the prompt.
The prompt is represented by a dollar sign ($) followed by the input cursor.
 Confirm that the APT package manager is installed in your Linux environment.
To do this, type apt after the command-line prompt and press ENTER.

The command to complete this step:

1
apt

When installed, apt displays basic usage information when you run it. This
includes the version information and a description of the tool:

1
2
3
4
5
6
7
8
9
apt 1.8.2.3 (amd64)
Usage: apt [options] command

apt is a commandline package manager and provides commands for

 searching and managing as well as querying information about packages.
It provides the same functionality as the specialized APT tools,
like apt-get and apt-cache, but enables options more suitable for
interactive use by default.
...

APT is already installed by default in the Linux Bash shell in this lab because
this is a Debian-based system. APT is also the recommended package manager
for Debian. If you’re using another distribution, a different package manager,
such as YUM, may be available instead.

Task 2. Install and uninstall the Suricata application

In this task, you must install Suricata, a network analysis tool used for
intrusion detection, and verify that it installed correctly. Then, you’ll uninstall
the application.

1. Use the APT package manager to install the Suricata application.

Type sudo apt install suricata after the command-line prompt and
press ENTER.

The command to complete this step:

1
sudo apt install suricata
 Note: The apt install and apt remove commands must be prefixed with
the sudo command as elevated privileges are required to install and uninstall
software in Linux.

The Suricata application can take a few minutes to install.

When you install an application with APT, the output displays details of all the
software to be installed. This may include additional applications that depend
on the new software. These additional applications are called the
dependencies of the software to be installed.

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)

1. Verify that Suricata is installed by running the newly installed application.

Type suricata after the command-line prompt and press ENTER.

The command to complete this step:

1
suricata
When Suricata is installed, version and usage information is listed:

1
2
3
4
5
6
Suricata 4.1.2
USAGE: suricata [OPTIONS] [BPF FILTER]

-c : path to configuration file

-T : test configuration file (use with -c)
...

3. Use the APT package manager to uninstall Suricata.

Type sudo apt remove suricata after the command-line prompt and
press ENTER. Press ENTER (Yes) when prompted to continue.

The command to complete this step:

1
sudo apt remove suricata

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)

4. Verify that Suricata has been uninstalled by running the application

command again.

Type suricata after the command-line prompt and press ENTER.

The command to complete this step:

1
suricata

If you have uninstalled Suricata, the output is an error message:

1
-bash: /usr/bin/suricata: No such file or directory
 This message indicates that Suricata can't be found anymore.

Task 3. Install the tcpdump application

In this task, you must install the tcpdump application. This is a command-line
tool that can be used to capture network traffic in a Linux Bash shell.

 Use the APT package manager to install tcpdump.

Type sudo apt install tcpdump after the command-line prompt and
press ENTER.

The command to complete this step:

1
sudo apt install tcpdump

Task 4. List the installed applications

Next, you need to confirm that you’ve installed the required applications. It's
important to be able to validate that the correct applications are installed.
Often you may want to check that the correct versions are installed as well.

1. Use the APT package manager to list all installed applications.

Type apt list --installed after the command-line prompt and press ENTER.

The command to complete this step:

1
apt list --installed

This produces a long list of applications because Linux has a lot of software
installed by default.

2. Search through the list to find the tcpdump application you installed.

The Suricata application is not listed because you installed and then
uninstalled that application:

1
2
3
...
tcpdump/oldstable,now 4.9.3-1~deb10u2 amd64 [installed]
...
Note: The specific version of tcpdump that you see displayed may be different
from what is shown above.

Task 5. Reinstall the Suricata application

In this task, you must reinstall the Suricata application and verify that it has
installed correctly.

1. Run the command to install the Suricata application.

Type sudo apt install suricata after the command-line prompt and
press ENTER.

The command to complete this step:

1
sudo apt install suricata

When prompted to continue, press the ENTER key to respond with the default
response. (In this case, the default response is Yes.)

2. Use the APT package manager to list the installed applications.

Type apt list --installed after the command-line prompt and press ENTER.

The command to complete this step:

 1
apt list --installed

3. Search through the list to confirm that the Suricata application has been
installed.

The output should include the following lines:

1
2
3
4
5
...
suricata/oldstable,now 1:4.1.2-2+deb10u1 amd64 [installed]
...
tcpdump/oldstable,now 4.9.3-1~deb10u2 amd64 [installed]
...

Conclusion
 Great work!

You now have practical experience with the APT package manager. You
learned to

 install applications,
 uninstall applications, and
 list installed applications.

Being able to manage installed applications in Linux is a key skill for any
security analyst.

Different types of shells

Knowing how to work with Linux shells is an important skill for cybersecurity
professionals. Shells can be used for many common tasks. Previously, you
were introduced to shells and their functions. This reading will review shells
and introduce you to different types, including the one that you'll use in this
course.

Communicate through a shell

As you explored previously, the shell is the command-line interpreter. You

can think of a shell as a translator between you and the computer system.
Shells allow you to give commands to the computer and receive responses
from it. When you enter a command into a shell, the shell executes many
 internal processes to interpret your command, send it to the kernel, and
return your results.

Types of shells

The many different types of Linux shells include the following:

 Bourne-Again Shell (bash)

 C Shell (csh)
 Korn Shell (ksh)
 Enhanced C shell (tcsh)
 Z Shell (zsh)

All Linux shells use common Linux commands, but they can differ in other
features. For example, ksh and bash use the dollar sign ($) to indicate where
users type in their commands. Other shells, such as zsh, use the percent sign
(%) for this purpose.

Bash

Bash is the default shell in most Linux distributions. It’s considered a user-
friendly shell. You can use bash for basic Linux commands as well as larger
projects.

Bash is also the most popular shell in the cybersecurity profession. You’ll use
bash throughout this course as you learn and practice Linux commands.

Key takeaways
Shells are a fundamental part of the Linux operating system. Shells allow you
to give commands to the computer and receive responses from it. They can be
thought of as a translator between you and your computer system. There are
many different types of shells, but the bash shell is the most commonly used
shell in the cybersecurity profession. You’ll learn how to enter Linux
commands through the bash shell later in this course.

Exemplar: Examine input/output in

the Linux shell
experimentLabschedule1 houruniversal_currency_altNo
costshow_chartIntroductory

infoThis lab may incorporate AI tools to support your learning.

Activity overview

Previously, you discussed how the Bash shell helps you communicate with a
computer’s operating system.
When you communicate with the shell, the commands in the shell can take
input and return output or error messages.

In this lab activity, you’ll use the echo command to examine how input is
received and how output is returned in the shell. Next, you’ll use
the expr command to further explore input and output while performing some
basic calculations in the shell.

This activity will build foundations in understanding how you communicate

with the Linux operating system through the shell. As a security analyst, you'll
need to input commands into the shell and recognize when the shell returns
either output or an error message.

Next, you'll explore the scenario!

Scenario

As a security professional, it’s important to understand the concept of

communicating with your computer via the shell.

In this scenario, you have to input a specified string of text that you want the
shell to return as output. You'll also need to input a few mathematical
calculations so the OS (operating system) can return the result.

Here’s how you’ll do this: First, you’ll use the echo command to generate
some output in the shell. Second, you’ll use the expr command to perform
basic mathematical calculations. Next, you’ll use the clear command to clear
the Bash shell window. Finally, you’ll have an opportunity to explore
the echo and expr commands further.

Get ready to examine input and output in the Bash shell!

Note: The lab starts with your user account, called analyst, already logged in to
the Bash shell. This means you can start with the tasks as soon as you click
the Start Lab button.Disclaimer: For optimal performance and compatibility,
it is recommended to use either Google Chrome or Mozilla Firefox browsers
while accessing the labs.

Start your lab

You'll need to start the lab before you can access the materials. To do this,
click the green “Start Lab” button at the top of the screen.

After you click the Start Lab button, you will see a shell, where you will be
performing further steps in the lab. You should have a shell like this:
When you have completed all the tasks, refer to the End your Lab section that
follows the tasks for information on how to end your lab.

Task 1. Generate output with the echo command

The echo command in the Bash shell outputs a specified string of text. In this
task, you’ll use the echo command to generate output in the Bash shell.

1. Type echo hello into the shell and press ENTER.

The command to complete this step:

echo hello
Copied!

content_copy
The hello string should be returned:

hello
The command echo hello is the input to the shell, and hello is the output from
the shell.

2. Rerun the command, but include quotation marks around the string
data. Type echo "hello" into the shell and press ENTER.
The command to complete this step:

echo "hello"
Copied!

content_copy

The hello string should be returned again:

hello
Note: The output is the same as before. The quotation marks are optional in
this case, but they tell the shell to group a series of characters together. This can
be useful if you need to pass a string that contains certain characters that might
be otherwise misinterpreted by the command.

3. Use the echo command to output your name to the shell.

Type echo "name" into the shell, replacing "name" with your own name, and
press ENTER.

The command to complete this step:

echo "Your name"

Copied!

content_copy

The name you’ve entered as the string should return as the output.

Click Check my progress to verify that you have completed this task correctly.

Generate output with the echo command

Check my progress

Task 2. Generate output with the expr command

In this task, you’ll use the expr command to generate some additional output
in the Bash shell. The expr command performs basic mathematical
calculations and can be useful when you need to quickly perform a calculation.

Imagine that the system has shown you that you have 32 alerts, but only 8
required action. You want to calculate how many alerts are false positives so
that you can provide feedback to the team that configures the alerts.

To do this, you need to subtract the number of alerts that required action from
the total number of alerts.

1. Calculate the number of false positives using the expr command.

Type expr 32 - 8 into the shell and press ENTER.
The command to complete this step:

expr 32 - 8
Copied!

content_copy

The following result should be returned:

24
Note: The expr command requires that all terms and operators in an expression
are separated by spaces. For example: expr 32 - 8, and not expr 32-8.

Now, you need to calculate the average number of login attempts that are
expected over the course of a year. From the information you have, you know
that an average of 3500 login attempts have been made each month so far this
year.

So, you should be able to calculate the total number of logins expected in a
year by multiplying 3500 by 12.

2. Type expr 3500 * 12 into the shell and press ENTER.

The command to complete this step:

expr 3500 * 12
Copied!

content_copy

The correct result should now be returned:

42000
 Click Check my progress to verify that you have completed this task correctly.

Generate output with the expr command

Check my progress

Task 3. Clear the Bash shell

In this task, you’ll use the clear command to clear the Bash shell of all existing
output. This allows you to start with the cursor at the top of the Bash shell
window.

When you work in a shell environment, the screen can fill with previous input
and output data. This can make it difficult to process what you’re working on.
Clearing the screen allows you to create a clutter-free text environment to
allow you to focus on what is important at that point in time.

 Type clear into the shell and press ENTER.

The command to complete this step:

clear
Copied!

content_copy

Note: All previous commands and output will be cleared, and the user prompt
and cursor will return to the upper left of the shell window.
Click Check my progress to verify that you have completed this task correctly.

Clear the Bash shell

Check my progress

Optional task: Perform more calculations with the expr command

You have the opportunity to explore input and output further using
the echo and expr commands.

1. Generate at least one new output using the echo command.

(Remember the echo "hello" output you generated).

The command to complete this step:

echo "Example text"

Copied!

content_copy

2. Perform at least one new calculation using the expr command.

The mathematical operators you can use with the expr command for adding,
subtracting, dividing, and multiplying are +, -, / and *.

Note: The expr command performs integer mathematical calculations only, so

you cannot use the decimal point or expect a fractional result. All results are
rounded down to the nearest integer. Also, all terms and operators in an
 expression need to be separated by spaces. For example: expr 25 + 15,
and not expr 25+15.

Conclusion

Great work!

You now have practical experience in using basic Linux Bash shell commands
to

 generate output with the echo command,

 generate output with the expr command, and
 clear the Bash shell with the clear command.
Understanding input and output is essential when communicating through the
shell. It’s important that you’re comfortable with these basic concepts before
you go on to work with additional commands.

End your lab

Before you end the lab, make sure you’re satisfied that you’ve completed all
the tasks, and follow these steps:
 1. Click End Lab. A pop-up box will appear. Click Submit to confirm that
you're done. Ending the lab will remove your access to the Bash shell.
You won’t be able to access the work you've completed in it again.
2. Another pop-up box will ask you to rate the lab and provide feedback
comments. You can complete this if you choose to.
3. Close the browser tab containing the lab to return to your course.
4. Refresh the browser tab for the course to mark the lab as complete.

Navigation in the Linux shell is crucial for

several reasons:
1. File Management: The shell is a primary interface for managing files and
directories. Effective navigation allows users to locate, access, and manipulate
files and directories efficiently.

2. System Administration: System administrators often use the shell to

configure, maintain, and troubleshoot systems. Navigating through different
directories is essential for accessing configuration files, logs, and scripts.

3. Scripting and Automation: Many tasks in Linux are automated using

shell scripts. Navigation commands are fundamental in scripting to ensure
that scripts can find and interact with the correct files and directories.
4. Efficiency: Mastering navigation commands (like cd, ls, pwd, etc.) allows
users to perform tasks more quickly and efficiently than using a graphical
interface, especially for repetitive or complex tasks.

5. Remote Access: When working on remote servers (often headless,

without a graphical interface), the shell is the primary means of interaction.
Navigation skills are essential for managing files and executing commands on
these remote systems.

6. Understanding the File System: Navigating the Linux file system helps
users understand its structure, which is important for troubleshooting,
security, and optimizing system performance.

7. Accessing Tools and Applications: Many tools and applications in Linux

are command-line based. Proper navigation ensures that users can run these
tools from the correct directories and with the correct file paths.

Common Navigation Commands:

• cd: Change directory.

• ls: List directory contents.

• pwd: Print working directory.

• mkdir: Create a new directory.

• rmdir: Remove an empty directory.

• cp: Copy files and directories.

• mv: Move or rename files and directories.

• rm: Remove files or directories.

Example:

bash

Copy

cd /var/log # Change to the /var/log directory

ls # List the contents of the directory

pwd # Print the current directory path

In summary, navigation in the Linux shell is fundamental for effective system

management, automation, and overall productivity. It allows users to interact
with the file system, execute commands, and manage resources efficiently.

Navigate Linux and read file content

In this reading, you’ll review how to navigate the file system using Linux
commands in Bash. You’ll further explore the organization of the Linux
Filesystem Hierarchy Standard, review several common Linux commands for
navigation and reading file content, and learn a couple of new commands.

Filesystem Hierarchy Standard (FHS)

Previously, you learned that the Filesystem Hierarchy Standard (FHS) is the
component of Linux that organizes data. The FHS is important because it
defines how directories, directory contents, and other storage is organized in
the operating system.

This diagram illustrates the hierarchy of relationships under the FHS:

Under the FHS, a file’s location can be described by a file path. A file path is
the location of a file or directory. In the file path, the different levels of the
hierarchy are separated by a forward slash (/).

Root directory

The root directory is the highest-level directory in Linux, and it’s always
represented with a forward slash (/). All subdirectories branch off the root
directory. Subdirectories can continue branching out to as many levels as
necessary.

Standard FHS directories

Directly below the root directory, you’ll find standard FHS directories. In the
diagram, home, bin, and etc are standard FHS directories. Here are a few
examples of what standard directories contain:
 /home: Each user in the system gets their own home directory.
 /bin: This directory stands for “binary” and contains binary files and other
executables. Executables are files that contain a series of commands a
computer needs to follow to run programs and perform other functions.
 /etc: This directory stores the system’s configuration files.
 /tmp: This directory stores many temporary files. The /tmp directory is
commonly used by attackers because anyone in the system can modify data in
these files.
 /mnt: This directory stands for “mount” and stores media, such as USB drives
and hard drives.

Pro Tip: You can use the man hier command to learn more about the FHS and
its standard directories.

User-specific subdirectories

Under home are subdirectories for specific users. In the diagram, these users
are analyst and analyst2. Each user has their own personal subdirectories,
such as projects, logs, or reports.

Note: When the path leads to a subdirectory below the user’s home directory,
the user’s home directory can be represented as the tilde (~). For example,
/home/analyst/logs can also be represented as ~/logs.

You can navigate to specific subdirectories using their absolute or relative file
paths. The absolute file path is the full file path, which starts from the root.
For example, /home/analyst/projects is an absolute file path. The relative
file path is the file path that starts from a user's current directory.
Note: Relative file paths can use a dot (.) to represent the current directory, or
two dots (..) to represent the parent of the current directory. An example of a
relative file path could be ../projects.

Key commands for navigating the file system

The following Linux commands can be used to navigate the file system: pwd,
ls, and cd.

pwd

The pwd command prints the working directory to the screen. Or in other
words, it returns the directory that you’re currently in.

The output gives you the absolute path to this directory. For example, if you’re
in your home directory and your username is analyst, entering pwd returns
/home/analyst.

Pro Tip: To learn what your username is, use the whoami command. The
whoami command returns the username of the current user. For example, if
your username is analyst, entering whoami returns analyst.

ls

The ls command displays the names of the files and directories in the current
working directory. For example, in the video, ls returned directories such as
logs, and a file called updates.txt.

Note: If you want to return the contents of a directory that’s not your current
working directory, you can add an argument after ls with the absolute or
relative file path to the desired directory. For example, if you’re in the
/home/analyst directory but want to list the contents of its projects
subdirectory, you can enter ls /home/analyst/projects or just ls projects.

cd

The cd command navigates between directories. When you need to change

directories, you should use this command.

To navigate to a subdirectory of the current directory, you can add an

argument after cd with the subdirectory name. For example, if you’re in the
/home/analyst directory and want to navigate to its projects subdirectory,
you can enter cd projects.

You can also navigate to any specific directory by entering the absolute file
path. For example, if you’re in /home/analyst/projects, entering cd
/home/analyst/logs changes your current directory to
/home/analyst/logs.

Pro Tip: You can use the relative file path and enter cd .. to go up one level in
the file structure. For example, if the current directory is
/home/analyst/projects, entering cd .. would change your working
directory to /home/analyst.

Common commands for reading file content

The following Linux commands are useful for reading file content: cat, head,
tail, and less.

cat
The cat command displays the content of a file. For example, entering cat
updates.txt returns everything in the updates.txt file.

head

The head command displays just the beginning of a file, by default 10 lines.
The head command can be useful when you want to know the basic contents
of a file but don’t need the full contents. Entering head updates.txt returns
only the first 10 lines of the updates.txt file.

Pro Tip: If you want to change the number of lines returned by head, you can
specify the number of lines by including -n. For example, if you only want to
display the first five lines of the updates.txt file, enter head -n 5 updates.txt.

tail

The tail command does the opposite of head. This command can be used to
display just the end of a file, by default 10 lines. Entering tail updates.txt
returns only the last 10 lines of the updates.txt file.

Pro Tip: You can use tail to read the most recent information in a log file.

less

The less command returns the content of a file one page at a time. For
example, entering less updates.txt changes the terminal window to display
the contents of updates.txt one page at a time. This allows you to easily move
forward and backward through the content.
 Once you’ve accessed your content with the less command, you can use
several keyboard controls to move through the file:

 Space bar: Move forward one page

 b: Move back one page
 Down arrow: Move forward one line
 Up arrow: Move back one line
 q: Quit and return to the previous terminal window

Key takeaways

It’s important for security analysts to be able to navigate Linux and the file
system of the FHS. Some key commands for navigating the file system include
pwd, ls, and cd. Reading file content is also an important skill in the security
profession. This can be done with commands such as cat, head, tail, and less.
Activity overview

Previously, you learned about Linux and how to communicate with the OS
through the shell. You also learned how to use some of the core commands to
navigate the Linux file system and read content from files it contains.

These are essential skills. For example, when investigating unauthorized

access, you might navigate to and then read a user access report.

In this lab activity, you’ll navigate a Linux file structure, locate files, and read
the contents of files. You’ll also need to answer a few multiple-choice
questions based on the information contained in these files.

As a security analyst, it’s key that you know how to navigate, manage, and
analyze files remotely via a Linux shell without a graphical user interface.

Scenario

In this scenario, you have to locate and analyze the information of certain files
located in the /home/analyst directory.

Here’s how you’ll do this: First, you’ll get the information of the current
working directory you’re in and display the contents of the directory. Second,
you’ll navigate to the reports directory and list the subdirectories it
contains. Third, you’ll navigate to the users subdirectory and display the
contents of the Q1_added_users.txt file. Finally, you’ll navigate to
the logs directory and display the first 10 lines of a file it contains.

To complete these tasks, you'll need to use commands that you've previously
learned in this course. Well, it's time to practice what you’ve learned. Let’s do
this!

Note: The lab starts with your user account, called analyst, already logged in to
the Bash shell. This means you can start with the tasks as soon as you click
the Start Lab button.Disclaimer: For optimal performance and compatibility,
it is recommended to use either Google Chrome or Mozilla Firefox browsers
while accessing the labs.

Start your lab

You'll need to start the lab before you can access the materials. To do this,
click the green “Start Lab” button at the top of the screen.

After you click the Start Lab button, you will see a shell, where you will be
performing further steps in the lab. You should have a shell like this:
When you have completed all the tasks, refer to the End your Lab section that
follows the tasks for information on how to end your lab.

Task 1. Get the current directory information

In this task, you must use the commands you learned about to check the
current working directory and list its contents.

1. Display your working directory.

2. Display the names of the files and directories in the current working
directory.
Which directory is your current working directory?
/var/logs
/home
/home/analyst
/home/analyst/logs
Submit
How many directories does the current working directory contain?
Five
Four
Two
One
Submit
Click Check my progress to verify that you have completed this task correctly.

Get the current directory information

Check my progress
Note: There is no penalty for clicking Check my progress and you’ll be shown a
hint.

Task 2. Change directory and list the subdirectories

In this task, you must navigate to a new directory and determine the
subdirectories it contains.

1. Navigate to the /home/analyst/reports directory.

2. Display the files and subdirectories in
the /home/analyst/reports directory.
What is the name of the subdirectory in the /home/analyst/reports directory?
users
projects
analyst
logs
Submit
Click Check my progress to verify that you have completed this task correctly.

Change directory and list the subdirectories

Check my progress

Task 3. Locate and read the contents of a file

In this task, you must navigate to a subdirectory and read the contents of a file
it contains.

1. Navigate to the /home/analyst/reports/users directory.

2. List the files in the current directory.
3. Display the contents of the Q1_added_users.txt file.
What department does the employee with the username aezra work in?
Human Resources
Sales
Information Technology
Finance
Submit
What is the employee_id of the user mreed in the Information Technology
department?
1177
1188
1104
1001
Submit
Click Check my progress to verify that you have completed this task correctly.

Locate and read the contents of a file

Check my progress

Task 4. Navigate to a directory and locate a file

In this task, you must navigate to a new directory, locate a file, and examine
the contents of the file.

1. Navigate to the /home/analyst/logs directory.

2. Display the name of the file it contains.
3. Display the first 10 lines of this file.
How many warning messages are in the first 10 lines of the server_logs.txt
file?
One
Six
 Two
Three
Submit
Click Check my progress to verify that you have completed this task correctly.

Navigate to a directory and locate a file

Check my progress

Conclusion

Great work!

You now have practical experience in using basic Linux Bash shell commands
to

 navigate directory structures with the cd command,

 display the current working directory with the pwd command,
 list the contents of a directory with the ls command, and
 display the contents of files with the cat and head commands.
Navigating through directories and reading file contents are fundamental
skills that you’ll often use when communicating through the shell.
End your lab

Before you end the lab, make sure you’re satisfied that you’ve completed all
the tasks, and follow these steps:

1. Click End Lab. A pop-up box will appear. Click Submit to confirm that
you're done. Ending the lab will remove your access to the Bash shell.
You won’t be able to access the work you've completed in it again.
2. Another pop-up box will ask you to rate the lab and provide feedback
comments. You can complete this if you choose to.
3. Close the browser tab containing the lab to return to your course.
4. Refresh the browser tab for the course to mark the lab as complete.
Task 1. Get the current directory
information
In this task, you must use the commands you learned about to check the
current working directory and list its contents.

1. Display your working directory.

2. Display the names of the files and directories in the current working
directory.

To complete this task, follow these steps:

Step 1: Display Your Current Working Directory

Use the pwd (print working directory) command:

pwd

This will show the full path of the directory you are currently in.

Step 2: Display the Names of Files and Directories in the Current

Working Directory

Use the ls (list) command:

ls
This will list all files and directories in your current location.

Bonus: Additional Options

1. To see hidden files and detailed information, use:

2. ls -la
3. To check the type of a specific file or directory, use:
4. file <filename>

Final Summary of Commands

pwd # Step 1: Show the current working directory

ls # Step 2: List the files and directories

Try these commands and let me know if you need more help! 🚀
Task 2. Change directory and list the
subdirectories
In this task, you must navigate to a new directory and determine the
subdirectories it contains.

1. Navigate to the /home/analyst/reports directory.

2. Display the files and subdirectories in
the /home/analyst/reports directory.

To complete Task 2, follow these steps:

Step 1: Navigate to the /home/analyst/reports Directory

Use the cd (change directory) command:

cd /home/analyst/reports

This will move you into the reports directory.

Step 2: Display the Files and Subdirectories in /home/analyst/reports

Use the ls (list) command:

ls
This will show all files and subdirectories in reports.

To specifically list only directories, use:

ls -d */

For a detailed list including file permissions, sizes, and timestamps, use:

ls -l

Final Summary of Commands

cd /home/analyst/reports # Step 1: Navigate to the directory

ls # Step 2: List files and subdirectories
ls -d */ # (Optional) Show only subdirectories

Let me know if you need more help! 🚀

Task 3. Locate and read the contents of a
file
In this task, you must navigate to a subdirectory and read the contents of a file
it contains.

1. Navigate to the /home/analyst/reports/users directory.

2. List the files in the current directory.
3. Display the contents of the Q1_added_users.txt file.

To complete Task 3, follow these steps:

Step 1: Navigate to the /home/analyst/reports/users Directory

Use the cd (change directory) command:

cd /home/analyst/reports/users

Step 2: List the Files in the Current Directory

Use the ls (list) command:

ls

This will show all files in the users directory.

Step 3: Display the Contents of Q1_added_users.txt

Use the cat command to view the entire file:

cat Q1_added_users.txt

If the file is long, use the less command to scroll through it:

less Q1_added_users.txt

Press q to exit less.

Alternatively, use head to display the first 10 lines:

head Q1_added_users.txt

Or tail to display the last 10 lines:

tail Q1_added_users.txt

Final Summary of Commands

cd /home/analyst/reports/users # Step 1: Navigate to the directory

ls # Step 2: List files
cat Q1_added_users.txt # Step 3: Display file contents

Let me know if you need further clarification! 🚀

Task 4. Navigate to a directory and locate
a file
In this task, you must navigate to a new directory, locate a file, and examine
the contents of the file.

1. Navigate to the /home/analyst/logs directory.

2. Display the name of the file it contains.
3. Display the first 10 lines of this file.

To complete Task 4, follow these steps:

Step 1: Navigate to the /home/analyst/logs Directory

Use the cd command:

cd /home/analyst/logs

Step 2: Display the Name of the File in This Directory

Use the ls command:

ls

This will show all files in the logs directory. Note the filename displayed.
Step 3: Display the First 10 Lines of the File

If the filename is, for example, system.log, use the head command:

head system.log

Replace system.log with the actual filename you found in Step 2.

Final Summary of Commands

cd /home/analyst/logs # Step 1: Navigate to the directory

ls # Step 2: List files
head <filename> # Step 3: Display first 10 lines (replace <filename> with
actual file)

Let me know if you need more help! 🚀

Exemplar: Find files with Linux commands

Activity overview
Previously, you learned about Linux and how to communicate with the OS
through the shell. You also learned how to use some of the core commands to
navigate the Linux file system and read content from files it contains.
These are essential skills. For example, when investigating unauthorized
access, you might navigate to and then read a user access report.

In this lab activity, you’ll navigate a Linux file structure, locate files, and read
the contents of files. You’ll also need to answer a few multiple-choice
questions based on the information contained in these files.

As a security analyst, it’s key that you know how to navigate, manage, and
analyze files remotely via a Linux shell without a graphical user interface.

This exemplar is a walkthrough of the previous Qwiklab activity, including

detailed instructions and solutions. You may use this exemplar if you were
unable to complete the lab and/or you need extra guidance in competing lab
tasks. You may also refer to this exemplar to prepare for the graded quiz in
this module.

Scenario

In this scenario, you have to locate and analyze the information of certain files
located in the /home/analyst directory.

Here’s how you’ll do this: First, you’ll get the information of the current
working directory you’re in and display the contents of the directory. Second,
you’ll navigate to the reports directory and list the subdirectories it
contains. Third, you’ll navigate to the users subdirectory and display the
contents of the Q1_added_users.txt file. Finally, you’ll navigate to
the logs directory and display the first 10 lines of a file it contains.
 To complete these tasks, you'll need to use commands that you've previously
learned in this course. Well, it's time to practice what you’ve learned. Let’s do
this!

Task 1. Get the current directory information

In this task, you must use the commands you learned about to check the
current working directory and list its contents.

1. Display your working directory.

The command to complete this step:

1
pwd

This will show that your current working directory is your home directory.

1
/home/analyst
2. Display the names of the files and directories in the current working
directory.

The command to complete this step:

1
ls

The output should be:

1
logs projects reports temp

Which directory is your current working directory?

Answer: The lab starts with /home/analyst as your current working

directory.

How many directories does the current working directory contain?

Answer: The lab starts with four subdirectories in

the /home/analystdirectory, namely logs, notes, temp, and reports.
 Task 2. Change directory and list the subdirectories

In this task, you must navigate to a new directory and determine the
subdirectories it contains.

1. Navigate to the /home/analyst/reports directory.

The command to complete this step using a relative path:

1
cd reports

Note: The cd command accepts absolute and relative paths. An absolute path
includes all the directories from the root of the file system and starts with a /. An
alternative is a relative path, which is expressed starting from the current
directory and starts without the initial /. The above command uses a relative
path.

The command to complete this step using an absolute path:

1
cd /home/analyst/reports
2. Display the files and subdirectories in
the /home/analyst/reports directory.

The command to complete this step:

1
ls

The output should be:

1
users

What is the name of the subdirectory in the /home/analyst/reports directory?

Answer: The subdirectory contained in

the /home/analyst/reports directory is called users.

Task 3. Locate and read the contents of a file

In this task, you must navigate to a subdirectory and read the contents of a file
it contains.
1. Navigate to the /home/analyst/reports/users directory.

The command to complete this step:

1
cd /home/analyst/reports/users

The above command uses an absolute path. You could also use a relative path
as follows:

1
cd users

2. List the files in the current directory.

The command to complete this step:

1
ls
3. Display the contents of the Q1_added_users.txt file.

The command to complete this step:

1
cat Q1_added_users.txt

Note: The cat command prints the contents of a file to the shell. You can specify
the file to display using absolute or relative paths.

The same command using an absolute path:

1
cat /home/analyst/reports/users/Q1_added_users.txt

What department does the employee with the username aezra work in?

Answer: The employee with username aezra works in the Human Resources
department.
What is the employee_id of the user mreed in the Information Technology
department?

Answer: The employee_id of the employee with username mreed in the

Information Technology department is 1104.

Task 4. Navigate to a directory and locate a file

In this task, you must navigate to a new directory, locate a file, and examine
the contents of the file.

1. Navigate to the /home/analyst/logs directory.

The command to complete this step:

1
cd /home/analyst/logs

2. Display the name of the file it contains.

The command to complete this step:

1
ls
This command will display the following output:

1
server_logs.txt

3. Display the first 10 lines of this file.

The command to complete this step:

1
head server_logs.txt

Note: The head command displays just the beginning of a file, by default ten
lines. You can specify how many lines to display using the -n argument, which
specifies the number of lines to display.

How many warning messages are in the first 10 lines of the server_logs.txt
file?
 Answer: There are three warning messages in the first 10 lines of
the server_logs.txt file.

Conclusion

Great work!

You now have practical experience in using basic Linux Bash shell commands
to

 navigate directory structures with the cd command,

 display the current working directory with the pwd command,
 list the contents of a directory with the ls command, and
 display the contents of files with the cat and head commands.

Navigating through directories and reading file contents are fundamental

skills that you’ll often use when communicating through the shell.

Filter content in Linux

In this reading, you’ll continue exploring Linux commands, which can help you
filter for the information you need. You’ll learn a new Linux command, find,
which can help you search files and directories for specific information.

Filtering for information

You previously explored how filtering for information is an important skill for
security analysts. Filtering is selecting data that match a certain condition.
For example, if you had a virus in your system that only affected the .txt files,
you could use filtering to find these files quickly. Filtering allows you to search
based on specific criteria, such as file extension or a string of text.

grep

The grep command searches a specified file and returns all lines in the file
containing a specified string or text. The grep command commonly takes two
arguments: a specific string to search for and a specific file to search through.

For example, entering grep OS updates.txt returns all lines containing OS in

the updates.txt file. In this example, OS is the specific string to search for, and
updates.txt is the specific file to search through.

Let’s look at another example: grep error time_logs.txt. Here grep is used to
search for the text pattern. error is the term you are looking for in the
time_logs.txt file. When you run this command, grep will scan the
time_logs.txt file and print only the lines containing the word error.

Piping
The pipe command is accessed using the pipe character (|). Piping sends the
standard output of one command as standard input to another command for
further processing. As a reminder, standard output is information returned
by the OS through the shell, and standard input is information received by
the OS via the command line.

The pipe character (|) is located in various places on a keyboard. On many

keyboards, it’s located on the same key as the backslash character (\). On
some keyboards, the | can look different and have a small space through the
middle of the line. If you can’t find the |, search online for its location on your
particular keyboard.

When used with grep, the pipe can help you find directories and files
containing a specific word in their names. For example, ls
/home/analyst/reports | grep users returns the file and directory names in
the reports directory that contain users. Before the pipe, ls indicates to list
the names of the files and directories in reports. Then, it sends this output to
the command after the pipe. In this case, grep users returns all of the file or
directory names containing users from the input it received.

Note: Piping is a general form of redirection in Linux and can be used for
multiple tasks other than filtering. You can think of piping as a general tool
that you can use whenever you want the output of one command to become
the input of another command.

find
 The find command searches for directories and files that meet specified
criteria. There’s a wide range of criteria that can be specified with find. For
example, you can search for files and directories that

 Contain a specific string in the name,

 Are a certain file size, or
 Were last modified within a certain time frame.

When using find, the first argument after find indicates where to start
searching. For example, entering find /home/analyst/projects searches for
everything starting at the projects directory.

After this first argument, you need to indicate your criteria for the search. If
you don’t include a specific search criteria with your second argument, your
search will likely return a lot of directories and files.

Specifying criteria involves options. Options modify the behavior of a

command and commonly begin with a hyphen (-).

-name and -iname

One key criteria analysts might use with find is to find file or directory names
that contain a specific string. The specific string you’re searching for must be
entered in quotes after the -name or -iname options. The difference between
these two options is that -name is case-sensitive, and -iname is not.

For example, you might want to find all files in the projects directory that
contain the word “log” in the file name. To do this, you’d enter find
/home/analyst/projects -name "*log*". You could also enter find
/home/analyst/projects -iname "*log*".

In these examples, the output would be all files in the projects directory that
contain log surrounded by zero or more characters. The "*log*" portion of the
command is the search criteria that indicates to search for the string “log”.
When -name is the option, files with names that include Log or LOG, for
example, wouldn’t be returned because this option is case-sensitive. However,
they would be returned when -iname is the option.

Note: An asterisk (*) is used as a wildcard to represent zero or more unknown

characters.

-mtime

Security analysts might also use find to find files or directories last modified
within a certain time frame. The -mtime option can be used for this search.
For example, entering find /home/analyst/projects -mtime -3 returns all
files and directories in the projects directory that have been modified within
the past three days.

The -mtime option search is based on days, so entering -mtime +1 indicates

all files or directories last modified more than one day ago, and entering -
mtime -1 indicates all files or directories last modified less than one day ago.

Note: The option -mmin can be used instead of -mtime if you want to base
the search on minutes rather than days.

Key takeaways
Filtering for information using Linux commands is an important skill for
security analysts so that they can customize data to fit their needs. Three key
Linux commands for this are grep, piping (|), and find. These commands can
be used to navigate and filter for information in the file system.

 Consider the privacy and security implications of using AI. Consider

how using AI tools may affect the security of other people or organizations.

Task 1. Search for error messages in a log

file
In this task, you must navigate to the /home/analyst/logs directory and
report on the error messages in the server_logs.txt file. You’ll do this by
using grep to search the file and output only the entries that are for errors.

1. Navigate to the /home/analyst/logs directory.

2. Use grep to filter the server_logs.txt file, and return all lines containing
the text string error.

To complete Task 1: Search for error messages in a log file, follow these
steps:
Step 1: Navigate to the /home/analyst/logs Directory

Use the cd (change directory) command:

cd /home/analyst/logs

Step 2: Use grep to Search for Error Messages

To find lines containing the word "error" in server_logs.txt, run:

grep "error" server_logs.txt

This will display all lines in the file that contain the word "error".

Additional Tips

1. Case-Insensitive Search: If you want to match both "Error" and

"error," use the -i option:
2. grep -i "error" server_logs.txt
3. Count the Number of Errors:
4. grep -c "error" server_logs.txt

This will return the number of error messages in the file.

5. View Line Numbers: If you want to see which lines contain errors, use:
6. grep -n "error" server_logs.txt
Final Summary of Commands

cd /home/analyst/logs # Step 1: Navigate to the logs directory

grep "error" server_logs.txt # Step 2: Search for error messages

Let me know if you need more help! 🚀

Task 2. Find files containing

specific strings
In this task, you must navigate to the /home/analyst/reports/users directory
and use the correct Linux commands and arguments to search for user data
files that contain a specific string in their names.

1. Navigate to the /home/analyst/reports/users directory.

2. Using the pipe character (|), pipe the output of the ls command to
the grep command to list only the files containing the string Q1 in their
names.

To complete Task 2: Find files containing specific strings, follow these

steps:
Step 1: Navigate to the /home/analyst/reports/users Directory

Use the cd (change directory) command:

cd /home/analyst/reports/users

Step 2: List Files and Filter with grep

Use the ls command and pipe (|) the output to grep to filter files containing
"Q1" in their names:

ls | grep "Q1"

This will display only the files with "Q1" in their names.

Explanation of Commands

1. ls → Lists all files and directories in the current location.

2. | (pipe) → Passes the output of ls to grep.
3. grep "Q1" → Filters and displays only the lines (file names) containing
"Q1".

Extra Tips

 Case-Insensitive Search: If "Q1" might be in lowercase (e.g., "q1"), use:

 ls | grep -i "q1"
  Display Only File Names (Ignoring Directories):
 ls -p | grep -v /

Final Summary of Commands

cd /home/analyst/reports/users # Navigate to the directory

ls | grep "Q1" # List only files containing "Q1" in their names

Let me know if you need more help! 🚀

How many files in the /home/analyst/reports/users

directory contain “access” in their names?

To count how many files in the /home/analyst/reports/users directory

contain "access" in their names, follow these steps:

Step 1: Navigate to the Directory

Use the cd command:

cd /home/analyst/reports/users

Step 2: Count Files Containing "access"

Use the ls command with grep and wc -l to count matching files:

ls | grep "access" | wc -l

Explanation of Commands

1. ls → Lists all files and directories.

2. grep "access" → Filters and displays only the files containing "access" in
their names.
3. wc -l → Counts the number of lines (i.e., the number of matching files).

Alternative (Case-Insensitive Search)

If filenames might have "ACCESS" or "Access", use:

ls | grep -i "access" | wc -l

The -i flag makes the search case-insensitive.

This will return the number of files that have "access" in their names. Let me
know if you need more help! 🚀

Task 3. Search more file contents

In this task, you must search for information contained in user files and report
on users that were added and deleted from the system.

1. Display the files in the /home/analyst/reports/users directory.

2. Search the Q2_deleted_users.txt file for the username jhill.
3. Search the Q4_added_users.txt file to list the users who were added to
the Human Resources department.

To complete this task, follow these steps:

Step 1: Navigate to the users directory

Run the following command to go to the correct directory:

cd /home/analyst/reports/users

Step 2: Display the files in the directory

Use the ls command to list all files:

ls

Step 3: Search for the username "jhill" in Q2_deleted_users.txt

Use the grep command to search for jhill:

grep "jhill" Q2_deleted_users.txt

Step 4: List users added to the Human Resources department

If the Q4_added_users.txt file contains department information, search for

"Human Resources":

grep "Human Resources" Q4_added_users.txt

Explanation of Commands

 cd /home/analyst/reports/users → Changes the directory to

/home/analyst/reports/users.
 ls → Lists all files in the directory.
 grep "jhill" Q2_deleted_users.txt → Searches for the username "jhill"
in the Q2_deleted_users.txt file.
 grep "Human Resources" Q4_added_users.txt → Lists all users added
to the Human Resources department.

Let me know if you need further clarification! 🚀

Task 1. Search for error messages in a log file

In this task, you must navigate to the /home/analyst/logs directory and

report on the error messages in the server_logs.txt file. You’ll do this by
using grep to search the file and output only the entries that are for errors.

1. Navigate to the /home/analyst/logs directory.

The command to complete this step:

cd logs
Copied!
content_copy
2. Use grep to filter the server_logs.txt file, and return all lines containing
the text string error.
Note: If you enter a command incorrectly and it fails to return to the command-
line prompt, you can press CTRL+C to stop the process and force the shell to
return to the command-line prompt.
The command to complete this step:

grep error server_logs.txt

Copied!
content_copy
This grep command will filter server_logs.txt file, and return a list of the lines
that match the text string error.

Note: The first argument passed to grep is the string you're searching for, and
the second argument is the name of the file you're searching through.
How many error lines are there in the server_logs.txt file?
Eight
checkSix
Two
Three
Submit
Answer: There are six entries in the server_logs.txt file that include
the error string.

Click Check my progress to verify that you have completed this task correctly.

Search for error messages in a log file

Check my progress

Task 2. Find files containing specific strings

In this task, you must navigate to the /home/analyst/reports/users directory

and use the correct Linux commands and arguments to search for user data
files that contain a specific string in their names.

1. Navigate to the /home/analyst/reports/users directory.

The command to complete this step:

cd /home/analyst/reports/users
Copied!
content_copy
 2. Using the pipe character (|), pipe the output of the ls command to
the grep command to list only the files containing the string Q1 in their
names.
The command to complete this step:

ls | grep Q1
Copied!
content_copy
How many files in the /home/analyst/reports/users subdirectory contain
“Q1” in their names?
checkThree
Five
Two
One
Submit
Answer: There are three files in the reports/users directory that have Q1 in
their names.

Note: Piping sends the standard output of one command to the standard input
of another command for further processing. In the example, the output of
the grep command is piped to the ls command and the output displayed in the
shell.
3. List the files that contain the word access in their names.
The command to complete this step:

ls | grep access
Copied!
content_copy
How many files in the /home/analyst/reports/users directory contain
“access” in their names?
Five
Three
checkFour
None
Submit
Answer: There are four files in the reports/users directory that have the text
string access in their names.

Click Check my progress to verify that you have completed this task correctly.

Find files containing specific strings

Check my progress

Task 3. Search more file contents

In this task, you must search for information contained in user files and report
on users that were added and deleted from the system.

1. Display the files in the /home/analyst/reports/users directory.

The command to complete this step:

ls
Copied!
content_copy
2. Search the Q2_deleted_users.txt file for the username jhill.
The command to complete this step:

grep jhill Q2_deleted_users.txt

Copied!
content_copy
Did you find the username jhill in the Q2_deleted_users.txt file?
No
checkYes
Submit
Answer: Yes, the user jhill is listed in the Q2_deleted_users.txt file.

3. Search the Q4_added_users.txt file to list the users who were added to
the Human Resources department.
The command to complete this step:

grep "Human Resources" Q4_added_users.txt

Copied!
content_copy
Note: In order for grep to interpret a string of two or more words correctly, you
must enclose it in quotes ("Human Resources").
How many users were added to the Human Resources department in quarter
4?
Five
Three
 One
checkTwo
Submit
Answer: Two new users were added to the Human Resources department in
quarter 4.

Click Check my progress to verify that you have completed this task correctly.

Search more file contents

Check my progress

Conclusion

Great work!

You now have practical experience in using grep to:

 search for specific information contained in files, and

 find files containing specific strings that were piped into grep.
You’re well on your way to using fundamental tools in Linux to filter the
information you need.
Understanding Directory, Subdirectory,
and Files in Linux
In Linux (or any operating system), everything is organized in a hierarchical
structure using directories (folders) and files.

1. Directory (Folder)

A directory is like a container that holds files and other directories. It helps
organize files efficiently.

 It is similar to a folder in Windows.

 It can contain files and subdirectories.
 Example:
o /home/analyst/ is a directory.
o /home/analyst/reports/ is also a directory inside
/home/analyst/.

🔹 Creating a Directory

mkdir my_directory

🔹 Listing Directories

ls -d */

2. Subdirectory
A subdirectory is a directory inside another directory.

 Example:
 /home/analyst/
 ├── reports/
 │ ├── users/ ← (Subdirectory of reports)
 │ ├── Q1_report.txt
 │ ├── Q2_report.txt
 │
 ├── logs/
 ├── system_logs.txt
 In this case:
o users/ is a subdirectory of reports/.
o reports/ and logs/ are both subdirectories of /home/analyst/.

🔹 Creating a Subdirectory

mkdir reports/users

🔹 Navigating to a Subdirectory

cd reports/users

3. Files

A file is a document that stores data. It can be:

 Text files (.txt, .log, .csv)

 Executable files (programs, scripts)
  Configuration files (.conf, .ini)
 Images, videos, PDFs, etc.

Example:

/home/analyst/reports/users/Q1_added_users.txt

Here, Q1_added_users.txt is a file inside the users subdirectory.

🔹 Creating a File

touch myfile.txt

🔹 Viewing File Contents

cat myfile.txt

4. Difference Between Directory, Subdirectory, and File

Feature Directory Subdirectory File

A container
Definitio that holds A directory inside
A document that stores data
n files and another directory
directories
Files and
Can Files and
subdirectorie Data (text, images, code, etc.)
Contain subdirectories
s
/home/ /home/analyst/ /home/analyst/reports/
Example
analyst/ reports/ Q1_report.txt
Feature Directory Subdirectory File
Comman
mkdir mkdir
d to touch filename
dirname parent_dir/child_dir
Create

Conclusion

 Directories help organize files.

 Subdirectories are directories inside other directories.
 Files store information.
 You can create, navigate, and manipulate them using Linux commands.

Would you like to practice with some hands-on tasks? 😊

Task 1. Create a new directory

First, you must create a dedicated subdirectory called logs, which will be used
to store all future log files.

1. Create a new subdirectory called logs in the /home/analyst directory.

2. List the contents of the /home/analyst directory to confirm that you’ve
successfully created the new logs subdirectory.
The output should list the original three directories and the
new logs subdirectory:

You can complete Task 1 by following these steps:

Step 1: Navigate to the /home/analyst Directory

Run this command in the terminal to ensure you are in the correct directory:

cd /home/analyst

You can check your current directory by running:

pwd

This should output:

/home/analyst

Step 2: Create a New Subdirectory Named "logs"

Use the mkdir command to create the logs subdirectory:

mkdir logs

Step 3: Verify That the logs Subdirectory Exists

Run the ls command to list the contents of /home/analyst:

ls

You should see output similar to this:

projects reports temp logs

The logs directory should now be listed along with the existing directories.
✅ Task Completed! 🎉
Let me know if you need any clarifications! 😊

Task 2. Remove a directory

Next, you must remove the temp directory, as you’ll no longer be placing items
in it.

1. Remove the /home/analyst/temp directory.

2. List the contents of the /home/analyst directory to confirm that you
have removed the temp subdirectory.
The temp directory should no longer be listed:

You can complete Task 2 by following these steps:

Step 1: Navigate to the /home/analyst Directory

Ensure you are in the correct directory by running:

cd /home/analyst

You can verify your location by using:

pwd
It should return:

/home/analyst

Step 2: Remove the temp Directory

Use the rmdir command to remove the temp directory:

rmdir temp

🔴 Note: rmdir only works if the directory is empty.

If the directory contains files, use the rm -r command:

rm -r temp

⚠️Be careful when using rm -r, as it deletes all contents inside the directory.

Step 3: Verify That the temp Directory Has Been Removed

Run the ls command to list the remaining directories:

ls

Expected output:

projects reports logs

The temp directory should no longer be listed.

✅ Task Completed Successfully! 🎉
Let me know if you need further clarification. 😊

Task 3. Move a file

The Q3patches.txt file contains notes taken on third-quarter patches and is
now in the correct reporting format.

You must move the Q3patches.txt file from the notes directory to
the reports directory.

1. Navigate to the /home/analyst/notes directory.

2. Move the Q3patches.txt file from the /home/analyst/notes directory to
the /home/analyst/reports directory.
3. List the contents of the /home/analyst/reports directory to confirm
that you have moved the file successfully.
When you list the contents of the reports directory, it should show that three
quarterly report files are now in the reports directory:

You can complete Task 3 by following these steps:

Step 1: Navigate to the /home/analyst/notes Directory

Use the cd command to go to the notes directory:

cd /home/analyst/notes
Confirm your location using:

pwd

Expected output:

/home/analyst/notes

Step 2: Move the Q3patches.txt File to the Reports Directory

Use the mv command to move the file:

mv Q3patches.txt /home/analyst/reports/

This moves the Q3patches.txt file from the notes directory to the reports
directory.

Step 3: Verify That the File Has Been Moved

Navigate to the reports directory:

cd /home/analyst/reports

List the contents:

ls

Expected output:

Q1_report.txt Q2_report.txt Q3patches.txt

This confirms that Q3patches.txt is now inside the reports directory.

✅ Task Completed Successfully! 🎉

Let me know if you have any questions. 😊

Task 4. Remove a file

Next, you must delete an unused file called tempnotes.txt from
the /home/analyst/notes directory.

1. Remove the tempnotes.txt file from the /home/analyst/notes directory.

2. List the contents of the /home/analyst/notes directory to confirm that
you’ve removed the file successfully.
No files should be listed in the notes directory.

You can complete Task 4 by following these steps:

Step 1: Navigate to the /home/analyst/notes Directory

Use the cd command:

cd /home/analyst/notes

Verify your current location:

pwd
Expected output:

/home/analyst/notes

Step 2: Remove the tempnotes.txt File

Use the rm (remove) command:

rm tempnotes.txt

This permanently deletes the tempnotes.txt file.

Step 3: Verify That the File Has Been Removed

List the contents of the notes directory:

ls

Expected output:

(No output means the directory is empty, confirming the file was successfully
removed.)

✅ Task Completed Successfully! 🎉

Let me know if you need any help. 😊
Task 5. Create a new file
Now, you must create a file named tasks.txt in
the /home/analyst/notes directory that you’ll use to document completed
tasks.

1. Use the touch command to create an empty file called tasks.txt in

the /home/analyst/notes directory.
2. List the contents of the /home/analyst/notes directory to confirm that
you have created a new file.
A file called tasks.txt should now exist in the notes directory:

You can complete Task 5 by following these steps:

Step 1: Navigate to the /home/analyst/notes Directory

Use the cd command:

cd /home/analyst/notes

Verify your current location:

pwd

Expected output:

/home/analyst/notes
Step 2: Create an Empty File Named tasks.txt

Use the touch command:

touch tasks.txt

This will create an empty file named tasks.txt in the directory.

Step 3: Verify That the File Has Been Created

List the contents of the notes directory:

ls

Expected output:

tasks.txt

This confirms that tasks.txt now exists.

✅ Task Completed Successfully! 🎉

Let me know if you need further help. 😊
Task 6. Edit a file
Finally, you must use the nano text editor to edit the tasks.txt file and add a
note describing the tasks you’ve completed.

1. Using the nano text editor, open the tasks.txt file that is located in
the /home/analyst/notes directory.
Note: This action changes the shell from the normal Bash interface to the nano
text editor interface.
2. Copy and paste the following text into the text input area of the nano
editor:
Completed tasks
1. Managed file structure in /home/analyst
Copied!
content_copy
3. Press CTRL+X to exit the nano text editor.
This triggers a prompt asking Save modified bufferer?

4. Press Y to confirm that you want to save the new data to your file.
(Answering "no" will discard changes.)

5. Press ENTER to confirm that File Name to Write is tasks.txt.

Note: The recommended sequence of commands for saving a file with the
nano text editor is to use CTRL+O to tell nano to save the file and then
use CTRL+X to exit immediately.
 In this web-based lab environment, the CTRL+O command is intercepted
by your web browser and is interpreted as a request to save the web page.
The sequence used here is a commonly used alternative that achieves the
same end result.

6. Use the clear command to clear the Bash shell window and remove any
traces of the nano text input area.

Note: Most Bash shells typically handle the screen cleanup after you exit nano.
In this lab environment, nano sometimes leaves some text clutter around the
edges of the screen that the clear command cleans up for you.
7. Display the contents of the tasks.txt file to confirm that it contains the
updated task details.
This file should now contain the contents of the tasks.txt file that you added
and saved in previous steps:

You can complete Task 6 by following these steps:

Step 1: Navigate to the /home/analyst/notes Directory

Use the cd command:

cd /home/analyst/notes

Verify your current location:

pwd

Expected output:
/home/analyst/notes

Step 2: Open the tasks.txt File in the Nano Text Editor

Use the nano command:

nano tasks.txt

This will open the nano text editor.

Step 3: Add the Required Text

Once inside the nano editor, type or copy-paste the following text:

Completed tasks
1. Managed file structure in /home/analyst

Step 4: Save and Exit Nano

1. Press CTRL + X to exit.

2. When prompted with Save modified buffer?, press Y (Yes).
3. Press ENTER to confirm the file name (tasks.txt).

Step 5: Clear the Terminal

Use the clear command to clean up any clutter in the shell:

clear

Step 6: Verify the File Contents

To confirm the file contains the correct text, use:

cat tasks.txt

Expected output:

Completed tasks
1. Managed file structure in /home/analyst

✅ Task Completed Successfully! 🎉

Let me know if you need any further assistance. 😊

Task 1. Create a new directory

First, you must create a dedicated subdirectory called logs, which will be used
to store all future log files.

1. Create a new subdirectory called logs in the /home/analyst directory.

The command to complete this step:
mkdir logs
Copied!
content_copy
2. List the contents of the /home/analyst directory to confirm that you’ve
successfully created the new logs subdirectory.
The command to complete this step:

ls
Copied!
content_copy
The output should list the original three directories and the
new logs subdirectory:

logs notes reports temp

Click Check my progress to verify that you have completed this task correctly.

Create a new directory

Check my progress

Task 2. Remove a directory

Next, you must remove the temp directory, as you’ll no longer be placing items
in it.

1. Remove the /home/analyst/temp directory.

The command to complete this step:

rmdir temp
Copied!
content_copy
2. List the contents of the /home/analyst directory to confirm that you
have removed the temp subdirectory.
The command to complete this step:

ls
Copied!
content_copy
The temp directory should no longer be listed:

logs notes reports

Click Check my progress to verify that you have completed this task correctly.

Remove a directory

Check my progress

Task 3. Move a file

The Q3patches.txt file contains notes taken on third-quarter patches and is

now in the correct reporting format.
You must move the Q3patches.txt file from the notes directory to
the reports directory.

1. Navigate to the /home/analyst/notes directory.

The command to complete this step:

cd /home/analyst/notes
Copied!
content_copy
The previous command used the absolute path, you could use the relative
path as follows:

cd notes
Copied!
content_copy
2. Move the Q3patches.txt file from the /home/analyst/notes directory to
the /home/analyst/reports directory.
The command to complete this step:

mv Q3patches.txt /home/analyst/reports/
Copied!
content_copy
3. List the contents of the /home/analyst/reports directory to confirm
that you have moved the file successfully.
The command to complete this step:

ls /home/analyst/reports
Copied!
content_copy
When you list the contents of the reports directory, it should show that three
quarterly report files are now in the reports directory:

Q1patches.txt Q2patches.txt Q3patches.txt

Click Check my progress to verify that you have completed this task correctly.

Move a file

Check my progress

Task 4. Remove a file

Next, you must delete an unused file called tempnotes.txt from

the /home/analyst/notes directory.

1. Remove the tempnotes.txt file from the /home/analyst/notes directory.

The command to complete this step:

rm tempnotes.txt
Copied!
content_copy
2. List the contents of the /home/analyst/notes directory to confirm that
you’ve removed the file successfully.
The command to complete this step:
ls
Copied!
content_copy
No files should be listed in the notes directory.

Click Check my progress to verify that you have completed this task correctly.

Remove a file

Check my progress

Task 5. Create a new file

Now, you must create a file named tasks.txt in

the /home/analyst/notes directory that you’ll use to document completed
tasks.

1. Use the touch command to create an empty file called tasks.txt in

the /home/analyst/notes directory.
The command to complete this step:

touch tasks.txt
Copied!
content_copy
2. List the contents of the /home/analyst/notes directory to confirm that
you have created a new file.
The command to complete this step:

ls
Copied!
content_copy
A file called tasks.txt should now exist in the notes directory:

tasks.txt
Click Check my progress to verify that you have completed this task correctly.

Create a new file

Check my progress

Task 6. Edit a file

Finally, you must use the nano text editor to edit the tasks.txt file and add a
note describing the tasks you’ve completed.

1. Using the nano text editor, open the tasks.txt file that is located in
the /home/analyst/notes directory.
The command to complete this step:

nano tasks.txt
Copied!
content_copy
Note: This action changes the shell from the normal Bash interface to the nano
text editor interface.
2. Copy and paste the following text into the text input area of the nano
editor:
Completed tasks
1. Managed file structure in /home/analyst
Copied!
content_copy
3. Press CTRL+X to exit the nano text editor.
This triggers a prompt asking Save modified bufferer?

4. Press Y to confirm that you want to save the new data to your file.
(Answering "no" will discard changes.)

5. Press ENTER to confirm that File Name to Write is tasks.txt.

Note: The recommended sequence of commands for saving a file with the
nano text editor is to use CTRL+O to tell nano to save the file and then
use CTRL+X to exit immediately.

In this web-based lab environment, the CTRL+O command is intercepted

by your web browser and is interpreted as a request to save the web page.
The sequence used here is a commonly used alternative that achieves the
same end result.

6. Use the clear command to clear the Bash shell window and remove any
traces of the nano text input area.

The command to complete this step:

clear
Copied!
content_copy
Note: Most Bash shells typically handle the screen cleanup after you exit nano.
In this lab environment, nano sometimes leaves some text clutter around the
edges of the screen that the clear command cleans up for you.
7. Display the contents of the tasks.txt file to confirm that it contains the
updated task details.
cat tasks.txt
Copied!
content_copy
This file should now contain the contents of the tasks.txt file that you added
and saved in previous steps:

Completed tasks
1. Managed file structure in /home/analyst
Click Check my progress to verify that you have completed this task correctly.

Edit a file

Check my progress

Conclusion

Great work!
 You now have practical experience in using basic Linux Bash shell commands
to

 create and remove directories,

 copy, move, and remove files, and
 edit files with the nano text editor.
You’re well on your way to managing directories and files in a Linux
environment!

Permission commands
Previously, you explored file permissions and the commands that you can use
to display and change them. In this reading, you’ll review these concepts and
also focus on an example of how these commands work together when putting
the principle of least privilege into practice.

Reading permissions

In Linux, permissions are represented with a 10-character string. Permissions

include:

 read: for files, this is the ability to read the file contents; for directories, this is
the ability to read all contents in the directory including both files and
subdirectories
 write: for files, this is the ability to make modifications on the file contents;
for directories, this is the ability to create new files in the directory
 execute: for files, this is the ability to execute the file if it’s a program; for
directories, this is the ability to enter the directory and access its files

These permissions are given to these types of owners:

 user: the owner of the file

 group: a larger group that the owner is a part of
 other: all other users on the system

Each character in the 10-character string conveys different information about

these permissions. The following table describes the purpose of each
character:

Character Example Meaning

1st drwxrwxrwx file type

d for directory
- for a regular file

2nd drwxrwxrwx read permissions for the user

r if the user has read permissions

- if the user lacks read permissions

3rd drwxrwxrwx write permissions for the user

w if the user has write permissions

Character Example Meaning
- if the user lacks write permissions

4th drwxrwxrwx execute permissions for the user

x if the user has execute permissions

- if the user lacks execute permissions

5th drwxrwxrwx read permissions for the group

r if the group has read permissions

- if the group lacks read permissions

6th drwxrwxrwx write permissions for the group

w if the group has write permissions

- if the group lacks write permissions

7th drwxrwxrwx execute permissions for the group

x if the group has execute permissions

- if the group lacks execute permissions

8th drwxrwxrwx read permissions for other

r if the other owner type has read permissions

- if the other owner type lacks read permissions

9th drwxrwxrwx write permissions for other

w if the other owner type has write permissions

 Character Example Meaning
- if the other owner type lacks write permissions

10th drwxrwxrwx execute permissions for other

x if the other owner type has execute permissions

- if the other owner type lacks execute permissions

Exploring existing permissions

You can use the ls command to investigate who has permissions on files and
directories. Previously, you learned that ls displays the names of files in
directories in the current working directory.

There are additional options you can add to the ls command to make your
command more specific. Some of these options provide details about
permissions. Here are a few important ls options for security analysts:

 ls -a: Displays hidden files. Hidden files start with a period (.) at the beginning.
 ls -l: Displays permissions to files and directories. Also displays other
additional information, including owner name, group, file size, and the time of
last modification.
 ls -la: Displays permissions to files and directories, including hidden files. This
is a combination of the other two options.

Changing permissions

The principle of least privilege is the concept of granting only the minimal
access and authorization required to complete a task or function. In other
words, users should not have privileges that are beyond what is necessary.
Not following the principle of least privilege can create security risks.

The chmod command can help you manage this authorization. The chmod
command changes permissions on files and directories.

Using chmod

The chmod command requires two arguments. The first argument indicates
how to change permissions, and the second argument indicates the file or
directory that you want to change permissions for. For example, the following
command would add all permissions to login_sessions.txt:

chmod u+rwx,g+rwx,o+rwx login_sessions.txt

If you wanted to take all the permissions away, you could use

chmod u-rwx,g-rwx,o-rwx login_sessions.txt

Another way to assign these permissions is to use the equals sign (=) in this
first argument. Using = with chmod sets, or assigns, the permissions exactly
as specified. For example, the following command would set read permissions
for login_sessions.txt for user, group, and other:

chmod u=r,g=r,o=r login_sessions.txt

This command overwrites existing permissions. For instance, if the user

previously had write permissions, these write permissions are removed after
you specify only read permissions with =.
The following table reviews how each character is used within the first
argument of chmod:

Character Description
u indicates changes will be made to user permissions
g indicates changes will be made to group permissions
o indicates changes will be made to other permissions
+ adds permissions to the user, group, or other
- removes permissions from the user, group, or other
= assigns permissions for the user, group, or other

Note: When there are permission changes to more than one owner type,
commas are needed to separate changes for each owner type. You should not
add spaces after those commas.

The principle of least privilege in action

As a security analyst, you may encounter a situation like this one: There’s a file
called bonuses.txt within a compensation directory. The owner of this file is a
member of the Human Resources department with a username of hrrep1. It
has been decided that hrrep1 needs access to this file. But, since this file
contains confidential information, no one else in the hr group needs access.

You run ls -l to check the permissions of files in the compensation directory

and discover that the permissions for bonuses.txt are -rw-rw----. The group
owner type has read and write permissions that do not align with the
principle of least privilege.
To remedy the situation, you input chmod g-rw bonuses.txt. Now, only the
user who needs to access this file to carry out their job responsibilities can
access this file.

Key takeaways

Managing directory and file permissions may be a part of your work as a

security analyst. Using ls with the -l and -la options allows you to investigate
directory and file permissions. Using chmod allows you to change user
permissions and ensure they are aligned with the principle of least privilege.

Permission commands
Previously, you explored file permissions and the commands that you can use
to display and change them. In this reading, you’ll review these concepts and
also focus on an example of how these commands work together when putting
the principle of least privilege into practice.

Reading permissions

In Linux, permissions are represented with a 10-character string. Permissions

include:
 read: for files, this is the ability to read the file contents; for directories, this is
the ability to read all contents in the directory including both files and
subdirectories
 write: for files, this is the ability to make modifications on the file contents;
for directories, this is the ability to create new files in the directory
 execute: for files, this is the ability to execute the file if it’s a program; for
directories, this is the ability to enter the directory and access its files

These permissions are given to these types of owners:

 user: the owner of the file

 group: a larger group that the owner is a part of
 other: all other users on the system

Each character in the 10-character string conveys different information about

these permissions. The following table describes the purpose of each
character:

Character Example Meaning

1st drwxrwxrwx file type

d for directory
- for a regular file

2nd drwxrwxrwx read permissions for the user

r if the user has read permissions

- if the user lacks read permissions

3rd drwxrwxrwx write permissions for the user

Character Example Meaning

w if the user has write permissions

- if the user lacks write permissions

4th drwxrwxrwx execute permissions for the user

x if the user has execute permissions

- if the user lacks execute permissions

5th drwxrwxrwx read permissions for the group

r if the group has read permissions

- if the group lacks read permissions

6th drwxrwxrwx write permissions for the group

w if the group has write permissions

- if the group lacks write permissions

7th drwxrwxrwx execute permissions for the group

x if the group has execute permissions

- if the group lacks execute permissions

8th drwxrwxrwx read permissions for other

r if the other owner type has read permissions

- if the other owner type lacks read permissions

9th drwxrwxrwx write permissions for other

 Character Example Meaning

w if the other owner type has write permissions

- if the other owner type lacks write permissions

10th drwxrwxrwx execute permissions for other

x if the other owner type has execute permissions

- if the other owner type lacks execute permissions

Exploring existing permissions

You can use the ls command to investigate who has permissions on files and
directories. Previously, you learned that ls displays the names of files in
directories in the current working directory.

There are additional options you can add to the ls command to make your
command more specific. Some of these options provide details about
permissions. Here are a few important ls options for security analysts:

 ls -a: Displays hidden files. Hidden files start with a period (.) at the beginning.
 ls -l: Displays permissions to files and directories. Also displays other
additional information, including owner name, group, file size, and the time of
last modification.
 ls -la: Displays permissions to files and directories, including hidden files. This
is a combination of the other two options.

Changing permissions
The principle of least privilege is the concept of granting only the minimal
access and authorization required to complete a task or function. In other
words, users should not have privileges that are beyond what is necessary.
Not following the principle of least privilege can create security risks.

The chmod command can help you manage this authorization. The chmod
command changes permissions on files and directories.

Using chmod

The chmod command requires two arguments. The first argument indicates
how to change permissions, and the second argument indicates the file or
directory that you want to change permissions for. For example, the following
command would add all permissions to login_sessions.txt:

chmod u+rwx,g+rwx,o+rwx login_sessions.txt

If you wanted to take all the permissions away, you could use

chmod u-rwx,g-rwx,o-rwx login_sessions.txt

Another way to assign these permissions is to use the equals sign (=) in this
first argument. Using = with chmod sets, or assigns, the permissions exactly
as specified. For example, the following command would set read permissions
for login_sessions.txt for user, group, and other:

chmod u=r,g=r,o=r login_sessions.txt

This command overwrites existing permissions. For instance, if the user
previously had write permissions, these write permissions are removed after
you specify only read permissions with =.

The following table reviews how each character is used within the first
argument of chmod:

Character Description
u indicates changes will be made to user permissions
g indicates changes will be made to group permissions
o indicates changes will be made to other permissions
+ adds permissions to the user, group, or other
- removes permissions from the user, group, or other
= assigns permissions for the user, group, or other

Note: When there are permission changes to more than one owner type,
commas are needed to separate changes for each owner type. You should not
add spaces after those commas.

The principle of least privilege in action

As a security analyst, you may encounter a situation like this one: There’s a file
called bonuses.txt within a compensation directory. The owner of this file is a
member of the Human Resources department with a username of hrrep1. It
has been decided that hrrep1 needs access to this file. But, since this file
contains confidential information, no one else in the hr group needs access.

You run ls -l to check the permissions of files in the compensation directory

and discover that the permissions for bonuses.txt are -rw-rw----. The group
owner type has read and write permissions that do not align with the
principle of least privilege.

To remedy the situation, you input chmod g-rw bonuses.txt. Now, only the
user who needs to access this file to carry out their job responsibilities can
access this file.

Key takeaways

Managing directory and file permissions may be a part of your work as a

security analyst. Using ls with the -l and -la options allows you to investigate
directory and file permissions. Using chmod allows you to change user
permissions and ensure they are aligned with the principle of least privilege.

Task 1. Check file and directory

details
In this task, you must explore the permissions of the projects directory and
the files it contains. The lab starts with /home/researcher2 as the current
working directory. This is because you're changing permissions for files and
directories belonging to the researcher2 user.

1. Navigate to the projects directory.

The command to complete this step:

cd projects
Copied!
content_copy
2. List the contents and permissions of the projects directory.
The command to complete this step:

ls -l
Copied!
content_copy
The permissions of the files in the projects directory are as follows:

total 20
drwx--x--- 2 researcher2 research_team 4096 Oct 14 18:40 drafts
-rw-rw-rw- 1 researcher2 research_team 46 Oct 14 18:40 project_k.txt
-rw-r----- 1 researcher2 research_team 46 Oct 14 18:40 project_m.txt
-rw-rw-r-- 1 researcher2 research_team 46 Oct 14 18:40 project_r.txt
-rw-rw-r-- 1 researcher2 research_team 46 Oct 14 18:40 project_t.txt
Note: The date and time information returned is the same as the date and time
when you ran the command. Therefore, it is different from the date and time in
the example.
 As you may recall from the video lesson, a 10-character string begins each
entry and indicates how the permissions on the file are set. For instance, a
directory with full permissions for all owner types would be drwxrwxrwx:

 The 1st character indicates the file type. The d indicates it’s a directory. When
this character is a hyphen (-), it's a regular file.
 The 2nd-4th characters indicate the read (r), write (w), and execute (x)
permissions for the user. When one of these characters is a hyphen (-) instead,
it indicates that this permission is not granted to the user.
 The 5th-7th characters indicate the read (r), write (w), and execute (x)
permissions for the group. When one of these characters is a hyphen (-)
instead, it indicates that this permission is not granted for the group.
 The 8th-10th characters indicate the read (r), write (w), and execute (x)
permissions for the owner type of other. This owner type consists of all other
users on the system apart from the user and the group. When one of these
characters is a hyphen (-) instead, that indicates that this permission is not
granted for other.
The second block of text in the expanded directory listing is the user who
owns the file. The third block of text is the group owner of the file.

What is the name of the group that owns the files in the projects directory?
security_team
other_users
research_team
researcher2
Submit
Answer: The research_team owns the files in the projects directory.
 3. Check whether any hidden files exist in the projects directory.
The command to complete this step:

ls -la
Copied!
content_copy
Which of these files is hidden in the projects directory?
.project_r.txt
.project_m.txt
.project_x.txt
There are no hidden files
Submit
Answer: The .project_x.txt file is hidden.

Click Check my progress to verify that you have completed this task correctly.

Check file and directory details

Check my progress

Task 2. Change file permissions

In this task, you must determine whether any files have incorrect permissions
and then change the permissions as needed. This action will remove
unauthorized access and strengthen security on the system.
None of the files should allow the other users to write to files.

1. Check whether any files in the projects directory have write

permissions for the owner type of other.
The command to complete this step:

ls -l
Copied!
content_copy
Which file grants other users write permissions?
project_t.txt
project_k.txt
project_m.txt
Submit
Answer: The project_k.txt file has write permissions for other users.

2. Change the permissions of the file identified in the previous step so that
the owner type of other doesn’t have write permissions.
chmod o-w project_k.txt
Copied!
content_copy
Note: Permissions are granted for three different types of owners, namely user,
group, and other.
In the chmod command, u sets the permissions for the user who owns the
file, g sets the permissions for the group that owns the file, and o sets the
permissions for others.
 3. The file project_m.txt is a restricted file and should not be readable or
writable by the group or other; only the user should have these
permissions on this file. List the contents and permissions of the current
directory and check if the group has read or write permissions.
The command to complete this step:

ls -l
Copied!
content_copy
What are the group permissions on the project_m.txt file?
Read and write
Read, write, and execute
Read only
Submit
Answer: The group permissions of the project_m.txt file is read only.

4. Use the chmod command to change permissions of the project_m.txt file

so that the group doesn’t have read or write permissions.
The command to complete this step:

chmod g-r project_m.txt

Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Change file permissions

Check my progress
Task 3. Change file permissions
on a hidden file
In this task, you must determine if a hidden file has incorrect permissions and
then change the permissions as needed. This action will further remove
unauthorized access and strengthen security on the system.

The file .project_x.txt is a hidden file that has been archived and should not be
written to by anyone. (The user and group should still be able to read this
file.)

1. Check the permissions of the hidden file .project_x.txt and answer the
question that follows.
The command to complete this step:

ls -la
Copied!
content_copy
Which owner type has the incorrect write permissions?
Just the user
Just the group
The user and the group
Submit
Answer: The user and group owner types have incorrect write permissions.

2. Change the permissions of the file .project_x.txt so that both the user
and the group can read, but not write to, the file.
Note: Be sure to start the name of a hidden file with a period (.).
The command to complete this step:

chmod u-w,g-w,g+r .project_x.txt

Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Change file permissions on a hidden file

Check my progress

Task 4. Change directory

permissions
In this task, you must change the permissions of a directory. First, you’ll check
the group permissions of the /home/researcher2/projects/drafts directory
and then modify the permissions as required. (You should be in
the projects directory while managing the permissions of its
subdirectory drafts.)

Only the researcher2 user should be allowed to access the drafts directory and
its contents. (This means that only researcher2 should have execute
privileges.)

1. Check the permissions of the drafts directory and answer the following
question.
The command to complete this step:

ls -l
Copied!
content_copy
Does the group have permissions set to access the drafts directory and its
contents?
Yes
No
Submit
Answer: Yes, the group has execute permissions and therefore has access to
the drafts directory.

2. Remove the execute permission for the group from the drafts directory.
The command to complete this step:

chmod g-x drafts

Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Change directory permissions

Check my progress

Conclusion
 Great work!

You now have practical experience in using basic Linux Bash shell commands
to

 examine file and directory permissions,

 change permissions on files, and
 change permissions on directories.
This is an important milestone on your journey toward managing
authorization in Linux!bm

Responsible use of sudo

Previously, you explored authorization, authentication, and Linux commands
with sudo, useradd, and userdel. The sudo command is important for
security analysts because it allows users to have elevated permissions without
risking the system by running commands as the root user. You’ll continue
exploring authorization, authentication, and Linux commands in this reading
and learn two more commands that can be used with sudo: usermod and
chown.

Responsible use of sudo

To manage authorization and authentication, you need to be a root user, or a

user with elevated privileges to modify the system. The root user can also be
called the “super user.” You become a root user by logging in as the root user.
However, running commands as the root user is not recommended in Linux
because it can create security risks if malicious actors compromise that
account. It’s also easy to make irreversible mistakes, and the system can’t
track who ran a command. For these reasons, rather than logging in as the
root user, it’s recommended you use sudo in Linux when you need elevated
privileges.

The sudo command temporarily grants elevated permissions to specific users.

The name of this command comes from “super user do.” Users must be given
access in a configuration file to use sudo. This file is called the “sudoers file.”
Although using sudo is preferable to logging in as the root user, it's important
to be aware that users with the elevated permissions to use sudo might be
more at risk in the event of an attack.

You can compare this to a hotel with a master key. The master key can be used
to access any room in the hotel. There are some workers at the hotel who
need this key to perform their work. For example, to clean all the rooms, the
janitor would scan their ID badge and then use this master key. However, if
someone outside the hotel’s network gained access to the janitor’s ID badge
and master key, they could access any room in the hotel. In this example, the
janitor with the master key represents a user using sudo for elevated
privileges. Because of the dangers of sudo, only users who really need to use it
should have these permissions.

Additionally, even if you need access to sudo, you should be careful about
using it with only the commands you need and nothing more. Running
 commands with sudo allows users to bypass the typical security controls that
are in place to prevent elevated access to an attacker.

Note: Be aware of sudo if copying commands from an online source. It’s

important you don’t use sudo accidentally.

Authentication and authorization with sudo

You can use sudo with many authentication and authorization management
tasks. As a reminder, authentication is the process of verifying who someone
is, and authorization is the concept of granting access to specific resources in
a system. Some of the key commands used for these tasks include the
following:

useradd

The useradd command adds a user to the system. To add a user with the
username of fgarcia with sudo, enter sudo useradd fgarcia. There are
additional options you can use with useradd:

 -g: Sets the user’s default group, also called their primary group
 -G: Adds the user to additional groups, also called supplemental or secondary
groups

To use the -g option, the primary group must be specified after -g. For
example, entering sudo useradd -g security fgarcia adds fgarcia as a new
user and assigns their primary group to be security.

To use the -G option, the supplemental group must be passed into the
command after -G. You can add more than one supplemental group at a time
 with the -G option. Entering sudo useradd -G finance,admin fgarcia adds
fgarcia as a new user and adds them to the existing finance and admin
groups.

usermod

The usermod command modifies existing user accounts. The same -g and -G
options from the useradd command can be used with usermod if a user
already exists.

To change the primary group of an existing user, you need the -g option. For
example, entering sudo usermod -g executive fgarcia would change
fgarcia’s primary group to the executive group.

To add a supplemental group for an existing user, you need the -G option. You
also need a -a option, which appends the user to an existing group and is only
used with the -G option. For example, entering sudo usermod -a -G
marketing fgarcia would add the existing fgarcia user to the supplemental
marketing group.

Note: When changing the supplemental group of an existing user, if you don't
include the -a option, -G will replace any existing supplemental groups with
the groups specified after usermod. Using -a with -G ensures that the new
groups are added but existing groups are not replaced.

There are other options you can use with usermod to specify how you want
to modify the user, including:

 -d: Changes the user’s home directory.

 -l: Changes the user’s login name.
 -L: Locks the account so the user can’t log in.

The option always goes after the usermod command. For example, to change
fgarcia’s home directory to /home/garcia_f, enter sudo usermod -d
/home/garcia_f fgarcia. The option -d directly follows the command
usermod before the other two needed arguments.

userdel

The userdel command deletes a user from the system. For example, entering
sudo userdel fgarcia deletes fgarcia as a user. Be careful before you delete a
user using this command.

The userdel command doesn’t delete the files in the user’s home directory
unless you use the -r option. Entering sudo userdel -r fgarcia would delete
fgarcia as a user and delete all files in their home directory. Before deleting
any user files, you should ensure you have backups in case you need them
later.

Note: Instead of deleting the user, you could consider deactivating their
account with usermod -L. This prevents the user from logging in while still
giving you access to their account and associated permissions. For example, if
a user left an organization, this option would allow you to identify which files
they have ownership over, so you could move this ownership to other users.

chown
The chown command changes ownership of a file or directory. You can use
chown to change user or group ownership. To change the user owner of the
access.txt file to fgarcia, enter sudo chown fgarcia access.txt. To change the
group owner of access.txt to security, enter sudo chown :security
access.txt. You must enter a colon (:) before security to designate it as a
group name.

Similar to useradd, usermod, and userdel, there are additional options that
can be used with chown.

Key takeaways

Authentication is the process of a user verifying their identity, and

authorization is the process of determining what they have access to. You can
use the sudo command to temporarily run commands with elevated
privileges to complete authentication and authorization management tasks.
Specifically, useradd, userdel, usermod, and chown can be used to manage
users and file ownership.

sudo usermod -a -G sales_team researcher9

The command:

sudo usermod -a -G sales_team researcher9

is used to add a user (researcher9) to a group (sales_team) in Linux. Let’s

break it down step by step.
1. Understanding usermod

 usermod stands for User Modify and is used to change user account
settings in Linux.
 This command allows adding or removing users from groups, changing
home directories, modifying usernames, etc.

2. Breaking Down the Command

sudo usermod -a -G sales_team researcher9

 sudo → Runs the command as a superuser (required for modifying

users).
 usermod → Modifies a user account.
 -a (append) → Adds the user to a new group without removing them
from existing groups.
 -G sales_team → Specifies the group (sales_team) to which the user
should be added.
 researcher9 → The username of the account being modified.

3. Why -a (Append) is Important

If you forget to use -a and only use -G, it removes the user from all other
groups except the one specified.
For example:
sudo usermod -G sales_team researcher9

🚨 This will remove researcher9 from all other groups and make them a
member of only sales_team.

4. Checking If the User Was Added Successfully

After running the command, verify the user's group membership with:

groups researcher9

or:

id researcher9

Expected output:

researcher9 : sales_team other_group another_group

This confirms that researcher9 is now part of sales_team along with their
previous groups.

5. When Does the Change Take Effect?

 The user may need to log out and log back in for the group changes to
apply.
 To apply changes immediately without logging out, use:
 newgrp sales_team
6. Practical Use Cases

 Granting access to shared files and directories that belong to a specific

group.
 Managing permissions for teams or departments.
 Controlling access to software or system resources.

Conclusion

✅ The command sudo usermod -a -G sales_team researcher9 adds

researcher9 to the sales_team group without removing them from other
groups.
Let me know if you need more details! 😊

Exemplar: Add and manage users with

Linux commands

Task 1. Add a new user

A new employee has joined the Research department. In this task, you must
add them to the system. The username assigned to them is researcher9.
 1. Write a command to add a user called researcher9 to the system.
The command to complete this step:

sudo useradd researcher9

Copied!
content_copy
Next, you need to add the new user to the research_team group.

2. Use the usermod command and -g option to add researcher9 to

the research_team group as their primary group.
The command to complete this step:

sudo usermod -g research_team researcher9

Copied!
content_copy
You could alternatively use the following variation of useradd when creating
the user to perform both steps at once:

sudo useradd researcher9 -g research_team

Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Add a new user

Check my progress
 Task 2. Assign file ownership
The new employee, researcher9, will take responsibility for project_r. In this
task, you must make them the owner of the project_r.txt file.

The project_r.txt file is located in the /home/researcher2/projects directory,

and owned by the researcher2 user.

 Use the chown command to make researcher9 the owner

of /home/researcher2/projects/project_r.txt.
The command to complete this step:

sudo chown researcher9 /home/researcher2/projects/project_r.txt

Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Assign file ownership

Check my progress

Task 3. Add the user to a secondary group

A couple of months later, this employee's role at the organization has changed,
and they are working in both the Research and the Sales departments.
 In this task, you must add researcher9 to a secondary group (sales_team).
Their primary group is still research_team.

 Use the usermod command with the -a and -G options to add researcher9 to
the sales_team group as a secondary group.
The command to complete this step:

sudo usermod -a -G sales_team researcher9

Copied!
content_copy
Note: Options for Linux commands are case-sensitive, so make sure you use a
lowercase -a and an uppercase -G.
Click Check my progress to verify that you have completed this task correctly.

Add the user to a secondary group

Check my progress

Task 4. Delete a user

A year later, researcher9, decided to leave the company. In this task, you must
remove them from the system.

1. Run a command to delete researcher9 from the system:

sudo userdel researcher9
Copied!
content_copy
This command will output the following message:

Userdel: Group researcher9 not removed because it is not the primary group
of user researcher9.
This is expected.

Note: When you create a new user in Linux, a group with the same name as the
user is automatically created and the user is the only member of that group.
After removing users, it is good practice to clean up any such empty groups that
may remain behind.
2. Run the following command to delete the researcher9 group that is no
longer required:
sudo groupdel researcher9
Copied!
content_copy
Click Check my progress to verify that you have completed this task correctly.

Delete a user

Check my progress

Conclusion

Great work!
 You now have practical experience in using basic Linux Bash shell commands
to

 add a new user,

 add a user to a group,
 change user permissions on files, and
 delete a user.
This is an important milestone on your journey toward managing users in
Linux!

Linux resources
Previously, you were introduced to the Linux community and some resources
that exist to help Linux users. Linux has many options available to give users
the information they need. This reading will review these resources. When
you’re aware of the resources available to you, you can continue to learn Linux
independently. You can also discover even more ways that Linux can support
your work as a security analyst.

Linux community

Linux has a large online community, and this is a huge resource for Linux
users of all levels. You can likely find the answers to your questions with a
simple online search. Troubleshooting issues by searching and reading online
is an effective way to discover how others approached your issue. It’s also a
great way for beginners to learn more about Linux.
The UNIX and Linux Stack Exchange is a trusted resource for troubleshooting
Linux issues. The Unix and Linux Stack Exchange is a question and answer
website where community members can ask and answer questions about
Linux. Community members vote on answers, so the higher quality answers
are displayed at the top. Many of the questions are related to specific topics
from advanced users, and the topics might help you troubleshoot issues as
you continue using Linux.

Integrated Linux support

Linux also has several commands that you can use for support.

man

The man command displays information on other commands and how they
work. It’s short for “manual.” To search for information on a command, enter
the command after man. For example, entering man chown returns detailed
information about chown, including the various options you can use with it.
The output of the man command is also called a “man page.”

apropos

The apropos command searches the man page descriptions for a specified
string. Man pages can be lengthy and difficult to search through if you’re
looking for a specific keyword. To use apropos, enter the keyword after
apropos.
You can also include the -a option to search for multiple words. For example,
entering apropos -a graph editor outputs man pages that contain both the
words “graph" and "editor” in their descriptions.

whatis

The whatis command displays a description of a command on a single line.

For example, entering whatis nano outputs the description of nano. This
command is useful when you don't need a detailed description, just a general
idea of the command. This might be as a reminder. Or, it might be after you
discover a new command through a colleague or online resource and want to
know more.

Key takeaways

There are many resources available for troubleshooting issues or getting

support for Linux. Linux has a large global community of users who ask and
answer questions on online resources, such as the Unix and Linux Stack
Exchange. You can also use integrated support commands in Linux, such as
man, apropos, and whatis.

Resources for more information

There are many resources available online that can help you learn new Linux
concepts, review topics, or ask and answer questions with the global Linux
community. The Unix and Linux Stack Exchange is one example, and you can
search online to find others.
Exemplar: Get help in the command line

Task 1. Learn more about commands

In this task, you need to explore a few commands you can use in the shell to
learn more about the functionality of other commands.

First, imagine you can’t quite remember what the cat command does and
want a quick reminder.

1. Run the whatis command to get a short description of cat.

The command to complete this step:

whatis cat
Copied!
content_copy
What are the first two words of the short description of cat returned by
whatis?
the cat
cat is
concatenate files
file concatenator
Submit
Answer: The first two words of the short description returned are
“concatenate files”.

Next, imagine that you want more details about cat and all of its options.

2. Use the man command to get more details about cat.

The command to complete this step:

man cat
Copied!
content_copy
The man command returns a general description of cat and information about
each of its options:

CAT(1) User Commands

CAT(1)

NAME
cat - concatenate files and print on the standard output

SYNOPSIS
cat [OPTION]... [FILE]...

DESCRIPTION
Concatenate FILE(s) to standard output.
 With no FILE, or when FILE is -, read standard input.

-A, --show-all
equivalent to -vET

-b, --number-nonblank
number nonempty output lines, overrides -n

-e equivalent to -vE

--More--
When the first page of information returned by man is displayed, the output
pauses.

Note: You can output more information one line at a time by pressing
the ENTER key or output the next page of the manual by pressing the space bar.
What option can you use to number the output lines of the cat command?
-e, --enumerate
-n, --number
-b, --number-nonblank
none - it is the default option
Submit
Answer: The -n,--number option numbers all the output lines.

3. Press Q to exit this manual page.

Now, imagine you’ve remembered there’s a command that prints just the first
part of a file, but you can’t remember the exact command.
The apropos command is useful in these instances. You can use keywords
with apropos to find a command.

4. Use apropos to find a command that returns the first part of a file:
apropos -a first part file
Copied!
content_copy
Note: There is no right and wrong when using apropos in terms of keywords.
Think of it as a very focused search. It will only return commands that
correspond to keywords you supply. Keep trying if the first returned command
does not provide what you need. Also, keep in mind that using the -a option will
limit results to only those commands that match all keywords supplied.
Which command returns the first part of a file?
tail
head
list
cat
Submit
Answer: The head command returns only the first part of a file.

Click Check my progress to verify that you have completed this task correctly.

Learn more about commands

Check my progress
Task 2. Explore the useradd
command
In this task, imagine that you want to set the expiration date for a temporary
user account. You know that you need to use the useradd command for this,
but you’re not quite sure how to complete the task. You realize it might
involve adding an option to the command.

1. Use the most appropriate Linux command to get help on

the useradd command and learn more about all of its options.
The command to complete this step:

man useradd
Copied!
content_copy
Note: You can output more information one line at a time by pressing
the ENTER key or output the next page of the manual by pressing the space bar.
Which option can be used with the useradd command to set an expiration
date for a temporary user account?
-d
-f
-e
-x
Submit
Answer: The -e option can be used to set an expiration date for a temporary
user account.
 2. Press Q to exit this manual page.
Click Check my progress to verify that you have completed this task correctly.

Explore the useradd command

Check my progress

Task 3. Explore the rm and rmdir

commands
In this task, you need to determine the difference between
the rm and rmdir commands.

Imagine that you’ve used these commands before, but you can’t remember
how they’re different.

 Use the most appropriate Linux command to quickly remind yourself what
each command does.
Note: This task will require entering two commands, one with rm and one
with rmdir .
The commands to complete this step:

whatis rm
Copied!
content_copy
whatis rmdir
 Copied!
content_copy
Which of these commands removes only empty directories?
rmdir
rm
Submit
Answer: The rmdir command removes only empty directories.

Click Check my progress to verify that you have completed this task correctly.

Explore the rm and rmdir commands

Check my progress

Task 4. Determine which command to use

In this task, imagine that you need to create a new group but you can’t
remember what command to use. You need to identify a command that will do
this by searching for it through keywords. In this case, use the
keywords create new group.

 Use the most appropriate Linux command with these keywords to identify
what command to use.
The correct command to solve this step:

apropos -a create new group

Copied!
content_copy
What command can you use to create a new group?
 groupadd
newgroup
addnewgroup
setsid
Submit
Answer: The groupadd can be used to create a new group.

Click Check my progress to verify that you have completed this task correctly.

Determine which command to use

Check my progress

Conclusion

Great work!

You now have practical experience in using basic Linux Bash shell commands
to

 get a short description of a command,

 display the man pages for a command, and
 find commands based on keywords about their function.
This ability will be valuable as you navigate the Linux command line.