Contents

1 Linux Environment
2 User Management
3 File Permissions, Ownerships and attributes
4 Linux Services
5 Troubleshooting tips and gathering information
6 Linux Resources
7 File Compressing and Zipping
8 Logical Volume Management
9 Linux Kernel
10 Linux Networking
11 IP Tables and Firewall
12 Process Management
13 Scheduling Jobs (CRON)

KALI Linux
1 Basic Terminologies
2
3
4
5
6
7
8
9
10
11
12
13

Page | 1 Linux
1 – Linux Environment
A. ListCommand
No. Description Command
1 Lists file size ,ownerships and ls –lh
permissions in human
readable form
drwxr-xr-x → permissions
root → owner
root→owner
4.0K size
Sep 4 21:04→ Creation date
Desktop → directory
2 Lists file size, ownerships, ls -l
etc.
3 Lists all files including hidden ls –a
files

. before any file/directory indicates that it is a hidden

file.
4 Sort the files by their sizes ls –S

B. MakeDirectory and RemoveDirectory Command

No. Description
1 Make directory
2 Make parent directory as
well as child directories
3 Remove directory
Command
mkdir {directory filename}
mkdir –p
Parentdirectory/Childdirectory/Grandchilddirectory
- To remove an empty directory:
rm directory-name
- To remove directory and its contents:
rm –rf directory-name

C. ChangeDirectory Command
No. Description Command
1 Make one step up in cd ..
directory
2 Change directory to home cd ~
3 Change directory to root cd /

Page | 2 Linux
D. Copy/Move/Rename Command
No. Description Command
1 Copies files cp file-name Destination
2 Moves files mv file-name Destination
3 Renaming files mv old-file-name new-file-name
E. Print/Less Command
No. Description Command
1 Print working directory pwd
2 Views the content of a file cat /directory/filename
3 Views the contents of a file less /directory/filename

PageUp/PageDown is used for navigation.

j is used for line by line scrolling downwards
k is used for line by line scrolling upwards
q is used for quit

F. Echo Command
No. Description Command
1 It is used to replace the echo “text” > file
commands or variables in a
file.

G. MAN/INFO Command
No. Description Command
1 Displays man page man command
2 Same as man page but info command
displays more information

H. VIM Editor
- Updated editor of vi.
- j for scroll down. k for scroll up.
- i to enter insert mode. ESC to return to normal mode.
- :wq to save and close with file name
- :wq filename to save and close with a different file name.

Page | 3 Linux
I. File Compression and Zipping
- Zip first and then compress if you’re sending a file.
No. Description Command
1 Zipping directory into single tar –cvf filename.tar /directory/
TAR ball
2a Compressing a tar file into tar –czvf filename.tar.gz /directory/
tar.gz compression
2b Compressing a tar file into tar –cjvf filename.tar.bz2 /directory/
tar.bz2 compression
4a Uncompressing a gz file tar –xzvf filename.tar.gz /directory/
4b Uncompressing a bz2 file tar –xjvf filename.tar.bz2 /directory/

Example: Compress and zip the 2 files: anaconda-ks.config (1646) and install.log.syslog (10565)
Step 1: Move both files to a folder say TEST1
Step 2: Zipping the directory into single TAR ball→ tar –cvf test1.tar TEST1
Step 3 :Compress the test1.tar file using gz compression → tar –czvf test1.tar.gz test1

J. SSH and SCP

- Provided secure communication among remote machines.
- SSH configurations are stored in /etc/ssh/sshd_config
No. Description Command
1 SSH a remote ssh username@destinationIPaddr
machine
2a Secure copy scp sourcefile username@destinationIPAddr:/directory
2b Secure copy scp –p sourcefile username@destinationIPAddr:/directory
(maintain file
permission after
copy)

Page | 4 Linux
2 – User Management
No. Description Command
1a Add a user to system useradd username
1b Adding a user with complete name useradd –c “complete–name” username
2 Deleting a user userdel username
Note:
▪ The above command will delete a user
but will keep home directory of that
user. To completely remove that user,
use userdel –r username.
3a Creating a user with password useradd –p password username
3b Changing the password of a user passwd username
4a Locking a user passwd –l username
4b Unlocking a user passwd –u username
5a Force a user to change password after chage –M days username
days
5b Warning a user to change the password chage –W days username
before specific number of days
5c Block a user after this date chage –E YYYY–MM–DD username
5d Set an expiry date of password for user chage –t YYYY–MM–DD username
6 Viewing the policies applied to a user chage –l username

Note:
i.Users remain inactive until a password is set for that user.
ii.User can modify only his password but root can modify everyone’s passwords.
iii.Passwords are saved in /etc/passwd file.
Command: less /etc/passwd
Variable Description
x indicates password is set
0 user–ID
0 Group–ID
root Group
/root Home directory
/bin/bash Login Shell

iv.Shadow file contains the passwords in encrypted form.To view, less /etc/shadow
is used.
Variable Description
Root User
$6$....Bck Password

Page | 5 Linux
3 – File Permission, Ownership and
Attributes
1. Introduction
- Command to check the file permissions: ls –al

Variable Description
drwx–xr–x Permissions set at the moment
drwx→User permission
xr→Groupe Permission
x→Others
2 Links to that file
root Owner
root Group
4096 Filesize
Sep 1 22:22 Timestamp
.config Filename

- Permissions are of three types: Read, Write and Execute.

Page | 6 Linux
2. Changing Permissions and Ownership
- Permissions can be changed by two ways: Absolute Method and Symbolic Method.

A. Absolute Permission
Number(Decimal) Number(Binary) Permission Ref
0 000 No permission ---
1 001 Execute --x
2 010 Write -w-
3 011 Write/Execute -wx
4 100 Read r--
5 101 Read/Execute r-x
6 110 Read/Write rw-
7 111 Read/Write/Execute rwx
Property User Group Other
Permission Read Write Execute Read Write Execute Read Write Execute
Bit Weight 4 2 1 4 2 1 4 2 1
Bits 1 1 1 1 0 0 0 0 1
Octal Value 7 4 1

B. Symbolic Permission
Operators + → Adds permissions – → Removes permissions = → Sets permissions
Notations u → user g → group o → other

Commands:
No. Description Command
1 Changing chmod {u|g|o} {+|–|=} filename
permissions
2 Modifying chown –r owner:group filename
ownership Note:
▪ –r switch is used for recursion. It changes ownership of child
folders as well.
3 Changing chgrp group–name file–name
group ownership
4 Changing chattr –r {+|–|=} {+|–|=} attribute filename
Attributes A atime record is not updated.
i immutabled. File cannot be modified.
d No more candidate for backup when dump process is running.
u When file with this attribute is deleted, its data is saved.
a Append data w/o modifying the exisiting data of the file.
Verification: lsattr

Page | 7 Linux
Note:
▪ All permissions are placed in /etc/sudoers file. To view, less /etc/sudoers is used.
▪ It’s not recommended to modify this file. If required, use the command visudo to modify

C. Permissions through Access–Lists

No. Description Command
1 Viewing permission through getfacl file–name
accesslist
2 Setting permissions for a user setfacl –m u:username:{rwx} /directory/
3 Removing permissions for a setfacl –x u:username:{rwx} /directory/
user

Page | 8 Linux
4 – Linux Services
- Continuously running in the background.For example, for web services http is used.
- All services are located in /etc/init.d
- Viewing Services: ls /etc/init.d
- Every service runs on 6 levels.
- Services Commands:
No. Description Command
1 Viewing services less /etc/init.d
2 Reading Service file less service–name
3. Checking services systemctl {start |stop |restart |status} service–name
service service–name start |stop |restart |status}
4. To check service level chkconfig –list [service–name]
5. Starting/Stopping a chkconfig –level level service=name {on |off}
service on particular level
6. Check which services are chkconfig –list | grep 5:off
off on level 5

5 – Troubleshooting Tips and

Gathering Information
What is the error?
Troubleshooting Last Activity Performed (Server/Workstation)
Tips R&D for solution(Internet)
Study, deploy and Test(on test machine)
/var/log/messages
Gathering /var/log/audit/audit.log
Information Firewall Issues → /var/log/secured
Web Server → /var/log/http,mail,ftp

Page | 9 Linux
6 – Linux Resources
No. Description Command
1 To Check CPU TOP
ps –ef
lscpu
sar –u time–interval
2 To check Space df –h
df –ah
du –shx path
3 To check RAM free [– –mega| – –giga| –b]

– –mega → MegaBytes
– –giga → GigaBytes
–b → Bytes
4 To check HardDisk fdisk –l
5 To check pci lspci
6 To check usb lsusb
7 To check BIOS dmidecode

7 – Logical Volume Management

- Volume groups (VG) are located in /dev/mapper.
- LVM management can be done using CMD as well CLI.
- LVM uses of disks (Physical Volumes aka PV).
- Logical volumes that contain file system are created from PV.
- LVM allows online resizing without downtime.

Page | 10 Linux
8 – Linux Kernel
- Kernel is the heart of Linux OS and performs the following functions.
i.System Startup
ii.Process Management
iii.Network Management
iv.Memory Management
v.Security (Permissions/FW/SELinux)
- Versioning Scheme: <major>.<minor>.<patch>–<build>.elx.<architecture>
- Command to check kernel version : uname –r
- Always install new kernel rather than updating it.
- To install a kernel:
rpm –ivh <kernel–name>
yum install <kernel–name>
- Kernel modules are located in /lib/modules/kernel–version
- At runtime, following directories are created by kernel
▪ /proc → Stores running processes and kernel parameters
▪ /sys → Stores system devices and their drivers
▪ /dev → Provides access points for devices and their drivers
- Enable the password on kernel to make it secure, only restricted users will be able to boot it
up.
Step Description Command
1 Generated Hashed value and copy grub–mkpasswd–pbkdf2  Kali
it grub–md5–crypt  RHEL
2 Edit the grub configuration file and vi /boot/grub/grub.config
paste the hashed value password –md5 hashed–value

Page | 11 Linux
12 – Process Management
A. Basic Commands
No. Description Command
1 Shows processes including parent processes pstree
2 Shows processes with PID pstree –p
3 Show processes with CL options being used to pstree –a
start the process
4 Show the processes that running for a particular ps –U username
user
5 Shows detailed processes running under the ps u
current logged in user
6 Shows all the processes for the users ps aux
7 Update processes status in real time top
8 Sends a graceful studown message to process kill PID
9 Sends termination signal to process kill –s 15 PID
10 Force close the process (non-clean shutdown) kill –s 9 PID
killall –s 9 service

B. Process Priorities
- Changing the process priorities tells the system to allocate how much or how less CPU and
other resources for the process.
- Starting value for each process is 0 which is called “nice”. Range: -19 to +20.
- Higher the number is, lesser the CPU a process gets.

Page | 12 Linux
9– Linux Networking
- All networking configuration files are located in
RHEL →/etc/sysconfig/network–script
KALI → /etc/network
- Commands.
No. Description
1 Check interface config
2 Configuring an interface ifconfig interface ipadd netmask subnet–mask
3 Turning an interface
ON/OFF
4 Speed/Duplex of NIC:
Ethtool
5 Adding/Deleting a route
Adding a default route
6 Displaying routing table
7 To view ip address info
8 To get ip address from
DHCP on interface
9 Netstat
Page | 13
Command
ifconfig
Note:
▪ This change will be lost when machine is rebooted. To
make the change permanent, write the values in script
file.
{ifdown| ifup} interface [boot]
Note:
▪ To make an interface up/down even when booted,
keyword boot is used.
ethtool interface-id
Note:
▪ To set speed/duple of an interface:
vi etc/sysconfig/network-scripts/ifcfg-interfaceid
route {add|del} –net destination-NW/Subnet-Mask gw
gateway-ip-address
route add default gw gateway-ip-address
route
ip addr show [interface]
dhclient [interface]
netstat [–a] [–p protocol] [–r] [–i] [–g]
a → This switch displays active TCP connections, TCP
connections with the listening state, as well as UDP
ports that are being listened to.
p → Use the –p switch to show connections or statistics
only for a particular protocol. You can not define
more than one protocol at once, nor can you
execute netstat with –p without defining a protocol.
When specifying a protocol with the –p option, you
can use tcp, udp, tcpv6, or udpv6. –r →Display routing
I → Displays interface info
g → Displays MAC address info
Linux
 10 Packing Capturing tcpdump -s 0 -A {IPv4-address | hostname} and port port-
TCPDump number

tcpdump -s 0 -A {IPv4-address | hostname} and port udp

port-number

11 Name Resolution:DNS - Name resolution configuration file→ resolv.conf

nslookup domain server–you–want–to–query
12 Domain Information dig domain-to-be-queried
Groper:DIG
13 Resolving IP Address: - Used to resolve the IP address.
WHOIS whois ip-to-be-resolved
14 ARP Table arp -e

Page | 14 Linux
11 – IPTables and Firewall
- IPTables are kernel level ip filtering mechanism. It does allow you to make routing decisions
and so on IP packets.
- Uncomplicated firewall (UFW) is a simple firewall mechanism that is implemented on top of
iptables.
- UFW provides a basic default FW and allows you turn on and off basic services.
- Basic UFW / IPtables Configurations
No. Description Command
1 Installing UFW apt–get install ufw
Installing IPTables apt–get install iptables
2 Removing IPTables apt remove iptables
3 UFW Service systemctl {start |stop |restart |status} ufw.service
4 UFW help ufw ––help
5 UFW ufw {enable| disable}
Enabling/Disabling
6 Setting UFW log ufw logging {high| medium| low}
7 Checking UFW ufw status verbose
Defaults

deny(incoming) Deny incoming connections

allow(outgoing) Allow outgoing connections
disabled)routed Routing is disabled and forwarding is blocked. This is a
good default provided your machine is not acting as a
router.
8 Changing Defaults ufw default {allow|deny} {incoming|outgoing}
9 Adding rules ufw {allow|deny} from network–ID/SM to any port port
protocol {TCP|UDP}
10 Deleting rules ufw delete rule–name
11 Viewing rules ufw show added
12 IP tables iptables –L –n –v

Example:
Command Description
ufw allow 22 Allow traffic from anywhere to on port 22
ufw deny 111 Deny all traffic on port 111
ufw allow 80/TCP Allow traffic on port 80 or protocol TCP
ufw allow http/TCP
ufw allow from 10.20.40.60 Allow traffic from specific IP
ufw allow from 10.0.0.0/24 Allow traffic from specific subnet
ufw allow from 10.20.40.60 to any port 22 allow traffic from specific ip, port and protocol
protocol tcp
ufw delete allow 80 deleting a rule that allows traffic on port 80

Page | 15 Linux
13 – Scheduling Jobs (CRON)
- CRON: works for jobs that execute recursively.
- It is usually used for sysadmin jobs such as backups or cleaning /tmp/ directories and more.
- The cron service (daemon) runs in the background and constantly checks the /etc/crontab file,
and /etc/cron.*/ directories. It also checks the /var/spool/cron/ directory.
- Cron jobs are created and then added to scripts (hourly ,daily, weekly, etc.)

A. Types of Cron Configuration Files

- There are different types of configuration files:
a. The UNIX / Linux system crontab: Usually, used by system services and critical jobs that
requires root like privileges. The sixth field (see below for field description) is the name of a
user for the command to run as. This gives the system crontab the ability to run commands
as any user.
b. The user crontabs: User can install their own cron jobs using the crontab command. The
sixth field is the command to run, and all commands run as the user who created the
crontab.

B. Syntax
- The syntax is: MIN HOUR DOM MON DOW CMD
Field Description Allowed Value
MIN Minute field 0 to 59
HOUR Hour field 0 to 2
DOM Day of Month 1-31
MON Month field 1-12
DOW Day Of Week 0-6 (0=Sunday)
CMD Command Any command to be executed.

C. Use of operators
Operator Description
Asterik This operator specifies all possible values for a field. For example, an asterisk in
(*) the hour time field would be equivalent to every hour or an asterisk in the
month field would be equivalent to every month.
Comma This operator specifies a list of values, for example: “1,5,10,15,20, 25”.
(,)
Dash This operator specifies a range of values, for example: “5-15” days , which is
(-) equivalent to typing “5,6,7,8,9,….,13,14,15” using the comma operator.
Separator This operator specifies a step value, for example: “0-23/” can be used in the
(/) hours field to specify command execution every other hour. Steps are also
permitted after an asterisk, so if you want to say every two hours, just use */2.

Page | 16 Linux
Example1:
Command
0 3 * * * /root/backup.sh
5 0 * * * /path/to/command
15 14 1 * * /path/to/script.sh
* 22 * * 1-5 /scripts/phpscript.php
5 4 * * sun /path/to/unixcommand
Description
run /root/backup.sh run every day at 3am
run /path/to/command five minutes after midnight,
every day
Run /path/to/script.sh at 2:15pm on the first of every
month
Run /scripts/phpscript.php at 10 pm on weekdays
Run /path/to/unixcommand at 5 minutes after 4am
every Sunday

D. Use Special Strings to Save time

- Instead of the first five fields, you can use any one of eight special strings. It will not just save
your time but it will improve readability.
Special String Description
@reboot Run once, at startup.
@yearly Run once a year, “0 0 1 1 *”
@annually (same as @yearly)
@monthly Run once a month, “0 0 1 * *”
@weekly Run once a week, “0 0 * * 0”
@daily Run once a day, “0 0 * * *”
@midnight (same as @daily)
@hourly Run once an hour, “0 * * * *”

Example2:
Command Description
@hourly /path/to/ntpdate ntpdate command every hour
@daily /path/to/backup/script.sh Make a backup everyday

E. Other Cron Commands

No. Description Command
1 Displays the format of crontab cat /etc/crontab
2 List all cron tabs crontab –l
3 List all cron tabs of a user crontab –u username –l
4 Edit a crontab entry crontab –e
5 cronjob directory cd /var/spool/cron
6 Any file put here shall execute daily by the system cd /etc/cron.daily
7 Remove all crontab jobs crontab –r
8 Delete job for a specific user. Must be run as a root crontab –r –u username
user

Page | 17 Linux
14– Logs Overview and SYSLOG
A. Overview of Logs
- Very important for troubleshooting and security purposes.
- All system logs are located under /var/log directory. Each service maintains its own logs under
this directory.
- Logs needs to be monitored constantly for system safety and uptime.
- Primary log file is /var/log/messages. It includes messages from all system software and boot
issues not related to kernel.
- Some important Log directories and files
Path Description
/var/log/mesg Contains messages from kernel during boot process.
/var/log/secure Contains messages from security related things like
tcp_wrappers,logins etc.
/var/log/audit/audit.log files includes messages from SELinux and Access Vector Cache
(AVC)
/var/log/yum.log Includes software installation logs.
/var/log/boot.log Includes system bootup messages.
/var/log/httpd Includes logs from web server.

B. Syslog
- Sending system logs to remote server.
No. Description Command
1 Syslog service systemctl {start |stop |restart |s tatus} rsyslog
2 Sending logs to Step1: Determine the syslog flavor ls -d /etc/*syslog*
remote server Step2: Edit the syslog/rsyslog configuration file
Vi /etc/{syslog.conf |rsyslog.conf}
Step3: Configure an entry in the configuration file
*.*@ Remote-server-IPaddr:port (Default=514
Step4: Write and quit the file
:wq!
Note:
▪ @@ for TCP and @ for UDP.
▪ Restart service after configuration.

Page | 18 Linux