Getting Started with Linux

2
 Key Features of Linux
• Everything in the filesystem is a file, including
directories
– Each file has an inode data structure with the information
about the file
• root is the super user of the system
– This name can be changed, but it is not recommended
• Multi-user
– Allows for multiple users to log in at the same time
• Command line is case sensitive

3
 The Linux Kernel
• Core of the Linux operating system
• Loaded into RAM when the system loads
• Linux kernel uses modules to help with efficiency
– Modules can be linked and unlinked at runtime
• Execution states
– User Mode - no access to kernel data structures or programs
– Kernel Mode
• Kernel Handles
– Process management
• Forking off new processes
– Memory allocation
– Interact with I/O devices via device drivers

4
 Kernel Versioning
• Old versioning system (2.X.X)
– The “2” series was around from 1996 until mid 2011
– Second digit represents the type of build
• Even number was for stable builds (2.2, 2.4, 2.6)
• Odd number was for development builds (2.1, 2.3, 2.5)
– Third digit represents the patch level
• Versioning after 2.6.8 (2.6.X-X)
– Added a fourth digit to mark bug fixes and patches
– Third digit became major release
• Versioning after 3.0 (3.X.X)
– Back to the original style, without the development builds

5
 Linux Distribution
• A distribution is a collection of applications and
features packaged together
– Some fit on a disk as small as a floppy (back when we had
those)
– Others are LiveCDs which provide a bootable CD that does not
need to be loaded to the HDD to run
• There are hundreds of different distributions of Linux
• http://www.distrowatch.com
– Monitors the number of downloads per day of all the popular
Linux distributions

6
 Different Linux Distributions
• Ubuntu
– Popular desktop and server release
• Backtrack / Kali
– Used by pentesters and other security professionals
– Backtrack is based on Ubuntu; Kali is based on Debian 7
• Red Hat
– Very popular server version of the OS
– Company provides excellent support and training
• CentOS
– Based on Red Hat without the trademarks
• Fedora
– Development branch for Red Hat
– Also includes a desktop version

7
 Graphical Interfaces
• KDE
– Similar to Windows with a “Start” like button at the bottom
left
• Gnome
– Similar to Mac with a top bar and a bottom bar with the
running applications
• Unity
– Similar to Mac with the application icons on the left instead of
the bottom and a top bar
• Enlightenment
– Lightweight UI based almost entirely on the mouse
• Many more…

8
The Basics

9
 Starting off
• To bring up the GUI from the command line interface
type startx
• In the GUI, to open a terminal window
– Fedora = Applications -> System Tools -> Terminal
– Kali = Applications -> Accessories -> Terminal
– Right click desktop -> Open [in] Terminal
• The CLI prompt ($PS1)
– Fedora = [username@hostname directory]: $
– Kali = username@hostname:directory #
• The <TAB> key is used to auto-complete both
commands and file/directory names
– If no completion occurs, hit <TAB> again to get a list of
possibilities

10
 Getting Help
• Most commands use either -h or --help switch, which
will display the usage for that particular command
• man and info commands for addition help
• apropos and whatis commands for finding commands
to use

11
 The info Command
Description:
Provides information about a particular command.

Usage:
info COMMAND

Examples:
info ls
info file
Additional Info:
This will open up the info file in a pager for easier navigation. In order to get out of
the file press q. Using “/string” will search for the string within the text of the
document. The string can also be a regular expression.

12
 The man Command
Description:
This command provides a simple way of looking at documentation for anything from
commands to files.
Usage:
man [section] FILE|COMMAND

Examples:
man ls
man 5 shadow
Additional Info:
There are 9 different sections: 5 - File Formats
1 - User commands 6 - Games
2 - System Calls 7 - Miscellaneous
3 - Subroutines 8 - System Administration
4 - Devices n - new

13
 The whatis Command
Description:
Searches the whatis database for complete words in the command column.

Usage:
whatis STRING

Examples:
whatis who
whatis dig
Additional Info:
Run mandb to refresh the database.

14
 The apropos Command
Description:
Searches the whatis database for strings in both the command and description
columns.
Usage:
apropos STRING

Examples:
apropos dns
apropos hostname
Additional Info:
Run mandb to refresh the database.

15
 The which Command
Description:
Searches the user’s path for the command, providing the location of the binary.

Usage:
which STRING

Examples:
which ls
which java
Additional Info:
This command is used to find which executable binary will be used when a
command is run. There could be multiple instances of the binary in the PATH,
but the first instance will be used. This can help with troubleshooting a
command not working properly. On some distributions the aliases are also
searched.

16
 The su Command
Description:
Switches the current user.

Usage:
su [USERNAME]

Examples:
su -
su apache
Additional Info:
To switch back to the previous user use exit.
It is also important to note that the user’s environment information is not set unless
the ‘-’ is used with the command. The ‘-’ will cause a login event to occur which
will run the appropriate scripts to setup the environment for the new user.

17
 The sudo Command
Description:
Run a single command as another user.

Usage:
sudo [OPTIONS] COMMAND

Examples:
sudo ifup eth0
sudo -u apache service httpd start
Additional Info:
A user needs to be in the sudoers group to be able to run commands as the root
user. This information is located in the /etc/sudoers file. The most common
groups are listed below:
Red Hat family = wheel
Debian = admin / adm / sudoers

18
Navigation

19
 Navigation
• Relative paths - the file or directory is relative to the
current working directory
– A single . (dot) represents the current working directory
• Often used with running a binary or script in the directory
– ./myawesomescript
– .. (dot dot) represents the parent directory
• The parent directory of root (/) is itself
• ../../../var/www/html
• Absolute paths - path starting at the root directory of
the file system
– / is the root directory of the file system
• /var/www/html

20
 The cd Command
Description:
Used to change the working directory.

Usage:
cd [OPTIONS] [DIRECTORY]

Examples:
cd /home/user cd ~
cd - (navigates to last directory cd
Additional Info:
This command will start in the current directory unless an absolute path is used.
The output of this command is just changing the current working directory of the
current process. /proc/$$/cwd

21
 The pwd Command
Description:
Displays the current working directory.

Usage:
pwd [OPTION]

Examples:
pwd

Additional Info:
This command is useful to help determine where you are in the file system.
Just displays the contents of /proc/$$/cwd

22
 The ls Command
Description:
This command is used to list the contents of a directory. If the directory is not
specified it will display the contents of the current directory
Usage:
ls [OPTIONS] [DIRECTORY]

Examples:
ls -al /home ls -haltr /var/logs
ls -hal
Additional Info:
-l = long list format, displaying additional information about the files and directories
-a = displays all files; including hidden files
-h = displays the file size in human readable format
-I = displays the inode number along with the filename
-t = Orders the results by timestamp
-r = Reverses the sorted order

23
 “Hidden” Files
• Any file that begins with a . (dot) is considered to be
hidden
• In order to view these “hidden” files use the -a (all)
option with ls

24
 Long List Format Breakdown
• Results of an ‘ls -l /home/user/test’
-rwxr-xr-x. 3 user user 156 Oct 2 15:14 file1
Item Desription
- Type of file (- = standard file; d = directory)
rwxr-xr-x. Permissions (Owner, Group, Others)
3 Number of Hard links to file
user Owner of the file
user Group ownership of the file
156 File size
Oct 2 15:14 Last Modify time of the file
file1 Filename

25
 File Types

File Type Represented by

Regular File -
Directory d
Block file b
Character Device File c
Symbolic Link l
Socket s
Named pipe file p

26
 Viewing File Contents
• Full Contents
– cat = dumps the entire file
– more = displays the file one screen buffer at a time;
interactive
– less = displays the file in a configurable reader; interactive
• Partial Contents
– tail = displays the end of the file
– head = displays the beginning of the file

27
 The cat Command
Description:
Dumps the contents of the file to STDOUT. Can be used to concatenate 2 or more
files together.
Usage:
cat [OPTIONS] [FILENAME]

Examples:
cat /home/mark/Documents/myfile
cat -n /etc/init.d/httpd
Additional Info:
-n = displays the file with line numbers

Most commonly used to dump a single file to the screen for reading.

28
 The more Command
Description:
Pager that displays the contents of the file one screen buffer at a time (the size of
the current terminal window). Requires an interactive connection.
Usage:
more [OPTIONS] [FILENAME]

Examples:
more /home/mark/Documents/myfile
more /etc/init.d/httpd
Additional Info:
This pager can only navigate down the file, there is no ability to go back after a
section has been passed.
Distributions differ in the binary used for more, some use the space bar to advance
the screen, others use the <enter> key.
Use q to exit the pager.

29
 The less Command
Description:
A pager that displays the contents of the file in a configurable viewer. Requires an
interactive connection.
Usage:
less [OPTIONS] [FILENAME]

Examples:
less /home/mark/Documents/myfile
less /etc/init.d/httpd
Additional Info:
Similar to more, except the pager allows you to go back up the file.
Use q to exit the pager.

30
 The tail Command
Description:
Displays the last 10 lines of the file or STDIN.

Usage:
tail [OPTIONS] [FILENAME]

Examples:
tail -n 25 /var/log/messages tail -20 /var/log/apache/access.log
tail -f /var/log/auth.log
Additional Info:
-f is very useful for system administrators. This allows for active monitoring of the
log files. Monitors the file for changes and keeps piping the results to STDOUT.

31
 The head Command
Description:
Displays the first 10 lines of a file or STDIN.

Usage:
head [OPTIONS] [FILENAME]

Examples:
head -25 /var/log/apache/access.log
head /var/log/dmesg
Additional Info:
-n = The number of lines to display

32