LINUX BASIC COMMANDS FOR SPLUNK

Splunk is a software platform that transform machine generated data

into operational intelligence
Splunk acts as a google for data
Splunk is a SIEM (Security Information and Event Management) tool
Splunk is a software that:
- helps to collect data from different servers and others
- helps to structure and store the data
- helps to search stored data
- helps to analyze, visualize and to add new knowledges / values to
the data search results

Splunk runs on OS. It can use different type of OS.

OS= Operating System
An operating system manages the communication between your
software and your hardware. Without the operating system (OS), the
software wouldn’t function.

Different types of OS available for Splunk package are

 For Splunk Enterprise
- Windows
- Linux
- Mac OS
 For Splunk Forwarder
 - Windows
- Linux
- Mac OS
- Solaris
- Free BSD
- AIX
The most popular OS that companies use is Linux
In this class, we will be focusing on using Linux for our labs.

WHY LINUX?
Because Linux is free, it is an open source
It’s free and easy to install. In fact, installing a full-blown web server
(that includes a database server), is just a few clicks or commands away
while with other you need to pay. Linux is generally far less vulnerable
to such attacks.
For example: Compare to windows, it is very difficult to have issues
with ransomware, malware, or viruses.

Open source
Linux is also distributed under an open source license. Open source
follows these key tenants:

 The freedom to run the program, for any purpose.

 The freedom to study how the program works and change it to
make it do what you wish.
  The freedom to redistribute copies so you can help your
neighbor.
 The freedom to distribute copies of your modified versions to
others.

It’s about freedom and freedom of use and freedom of choice.

Various linux distributions

- Red hat enterprise linux (commercial and free) for Centos
- Fedora (commercial)
- Debian ( free)
Others free popular distributions include: Ubuntu, Linux Mint, CentOS,
openSUSE/SUSE Linux Enterprise …..
The prefer distribution is Red Had Enterprise because their services are
secure, stable, reliable, extremely powerful and very fast . It is
intended for servers and workstations and their free version is called
CentOS and that is what we will be using in this class

Linux features
- Simplified updates for all installed software using the CLI
(Command Line Interface ) while in windows it is GUI ( Graphical
User Interface). “ $ sudo yum update java” command for software
update
- Free Software Licensing
- Access to Source Code (ubuntu or centos are available for your
development and you can customize it )
- Multiple Distributions
 - Better Malware Protection ( for example, with windows you need
anti-virus while with Linux, you don’t need any anti-virus, it is
completely anti virus free)
-
Linux Kernel
The Kernel is the central nervous system of Linux. It provides all other
programs that run under Linux and manage them.

HOW TO ACCESS LINUX TERMINAL /CLI ( Command Line Interface)

/INSTANCE

We can access Linux terminal using a VM Virtual box or any cloud

instances ( AWS, AZURE, GOOGLE CLOUD etc)
1 instance == 1 machine/server (often a virtual machine)
You can use a VMWARE with VM virtual box ( oracle VM virtualBox)
You can use a cloud instance with virtual box too
To configure applications on your instances, you can connect using
Secure Shell (SSH) for Linux instances or Remote Desktop Protocol
(RDP) for Windows Server instances.
Using SSH, it should be through putty and to use putty , you must have
a virtual machine installed to your machine.

With AWS, it exists a short cut, you just need to connect your instance
from AWS and it will bring you directly to your terminal / CLI. This is
what we will be using in this class for our lab.
CLI = Command Line Interface

BASIC LINUX COMMANDS

 Open terminal or instance

 To know where you are: pwd (Present Working Directory)

 Create a directory/ folder in your home directory: mkdir

Example : mkdir knowUrfuture

And type ls (list) command to see what you created

 To change the current working directory : cd

Let’s create another directory called “student”
 And switch from home directory to knowUrfuture directory

The ls command here also helps you to list all your directory. In this
case, we have 2 directories.
 Create some empty file with “ touch” command and list them
Let’s create 3 files ( file1, file2, file3) and use ls to list them
Note: create the files under the directory knowUfuture

 Reconfirm your location, meaning that you are working and at

certain point you want to know your location, just type : pwd
ABSOLUTE PATH AND RELATIVE PATH
What is path?
A path is a unique location to file or a folder file system of an OS. A path
to a file is a combination of alpha-numeric characters.

What is an absolute path?

An absolute path is defined as the specifying the location of a file or
directory from the root directory(/). In other words, we can say
absolute path is a complete path from start of filesystem from
/directory.
Absolute path starts with a slash
Example of absolute path
/home/ec2-user/knowUrfuture

What is an relative path?

A relative path starts without the slash.
Example.
knowUrfuture/class1

 Copy files into directory to another directory : cp file_name

directory_name/
Under the directory knowUrfuture create another directory called
class1
copy the file1 into directory knowUrfuture and to directory
student
 list the directory class1, the file1 will be there

 Moving directory from one location to another : mv

directory_name_to_move directory_name_into which you want
to put the moved dir/
From directory knowUfuture, move the dir class2 to dir class3

 “copy” also is to make another copy of the file with the same
content but different name
Copy file1 to file4

 Moving file to another directory : mv file_name name_of the dir

in which you want to put the file in/
Move file3 to dir class1
 Removing a file from a directory : rm name_directory
Add file2 ti directory class1 and remove it

 Removing a directory from a directory : rm -rf name_of_dir your

are removing/
Remove class2 under class3 directory

 Edit the content of a file: vi

Vi name of the file
Type “I” to have the insert mode
Type your text
Type the key board “esc + shift and then “:” to have the quick
prompt
And to save type “wq!” and to quick without saving type “q!”
 See the content of file : cat name_of_ the file
 The command “dir “ or “ls” helps to see the content of the
directory

 Use cd ..  to move back 1 time from where you are

 Use cd ../..  to move back 2 times from where you are

For the rest of commands, will see it during the class.

Now, we were doing all this above as user

IMPORTANT

To install any application on Linux , it is required to be root

Root is the the linux user which super privileges
Root is the linux administrator, he is the one who has all privileges

When you connect to the CLI, you appear as a simple user $

 To switch to root: sudo -i

From here you can start working if you are executing something
that requires root privileges
Otherwise, you need to switch back to user

In this class we will be working as root.

 A command to create a user: adduser name_of_user

 A command to create a user password: passwd name_of_user
Create user with your name with your password

 Switch from one user to another one : su name-of the user

 Switch to your name

Switch back to root

 Change permission of a file : chmod octal name_file

The octal is represented with owner, group and world

Number 4 for read (r)

Number 2 for write (w)
Number 1 for execute (x)

Owner ( the user who create the file) = rwx = 421=7 = the
owner has permission to read , to write and to execute
Group= ( the group in which the owner belong) = rwx= 420  any
one in this group has the permission to read and to write only
World ( everybody else) = rwx=400 everybody else has only
permission to read

Example = chmod 764 filename

 Change ownership : chown filename new_user_owner

 Command to have a help on a command : man command_name
or help command_name
  A command to output the last 10 lines of the file : tail file_name
 A command to output the first 10 lines of the file : head file_name

And others etc…