Basic Linux
The absolute essential for mastery of the Linux system
Tools Installation and Update
updating kali linux : apt update && apt upgrade
Installing from Git
make sure to cd into a directory, basic housekeeping, recommended to clone programs into /Downloads/opt/
Tools
ftp : file transfer
impacket : collection of python classes for working with network protocols, for internal testing
To remove everything related to an installed tool or package
Turn On & Off services
1. Setting up web server - using apache2, ssh, postgresql
use service <service name> start OR stop to enable and end service, note that these closes on system shutdown
To run services on system startup that lasts even after reboot:
Basic commands
Pro Tip: In Kali you can press SHIFT + PrntScrn and you will get a crosshair to select a part of the screen you want to take a screen shot of. It will automatically copy it to your clipboard to paste where you please. I can't remember where I learned this but it's very handy dandy, and I hope it helps others
ls -ls to reveal hidden files (those with dot prefix ".")
locate <file name> - print path to the file
updatedb - use this to update database if some files recently created but cant be found
man <insert command of interest> - man stands for manual
su <username> - change user (for changing to root, use su -)
history : a log of the commands you ran, good for looking up old commands that you forgot
grep - the most useful command ever, literally grabs , combine with cat <file>
cut - slices out parts, used with grep ( -d flag stands for delimiter, -f flag stands for the occurrence, if -f 4 then its from the 4th occurrence of the delimiter)
tr for translate, used same as sed, used to cut out stuff from outputs
Copying (cp) one file from a directory to another directory
Copy multiple files to single directory destination
Common Network Commands
ping : use -c flag for count size, how many times to ping
arp -a : manipulates the System’s ARP cache. It also allows a complete dump of the ARP cache. ARP stands for Address Resolution Protocol. The primary function of this protocol is to resolve the IP address of a system to its mac address, and hence it works between level 2(Data link layer) and level 3(Network layer).
netstat -ano : shows all open ports and what's connected (works for Linux and Windows)
route : shows network routing table
File manipulation & Creation
File Creation
touch <name of file> OR nano <file name> opens editor
echo "string" > name.txt - creates name.txt with string OR overwrites the file with your new string
Files of Interest
1. etc/password
This file contains information of all users on the system including their username, UID, user home directory and login shell. Main focus is on root, the first line, and other users seen all th way at the bottom.
2. etc/shadow
The /etc/shadow file stores actual password in encrypted format (more like the hash of the password) for user's account with additional properties related to user password.
3. var/log
syslog file : Syslog is one of the main ones that you want to be looking at because it keeps track of virtually everything, except auth-related messages.
Use tail /var/log/syslog or tail -f /var/log/syslog. Tail keeps a close eye on the log file, and displays every written to it, which lets you check what’s being added to syslog in real time.
For a particular group of lines (say, the last five) type in tail -f -n 5 /var/log/syslog, and you’ll be able to see them. Use Ctrl+C to turn off the tail command.
auth.log : Keep authentication logs for both successful or failed logins, and authentication processes
/var/log/boot.log: start-up messages and boot info.
/var/log/maillog or var/log/mail.log: is for mail server logs, handy for postfix, smtpd, or email-related services info running on your server.
/var/log/kern: keeps in Kernel logs and warning info. Also useful to fix problems with custom kernels.
/var/log/dmesg: a repository for device driver messages. Use dmesg to see messages in this file.
/var/log/faillog: records info on failed logins. Hence, handy for examining potential security breaches like login credential hacks and brute-force attacks.
/var/log/cron: keeps a record of Crond-related messages (cron jobs). Like when the cron daemon started a job.
/var/log/daemon.log: keeps track of running background services but doesn’t represent them graphically.
/var/log/btmp: keeps a note of all failed login attempts.
/var/log/utmp: current login state by user.
/var/log/wtmp: record of each login/logout.
/var/log/lastlog: holds every user’s last login. A binary file you can read via lastlog command.
/var/log/yum.log: holds data on any package installations that used the yum command. So you can check if all went well.
/var/log/httpd/: a directory containing error_log and access_log files of the Apache httpd daemon. Every error that httpd comes across is kept in the error_log file. Think of memory problems and other system-related errors. access_log logs all requests which come in via HTTP.
/var/log/mysqld.log or /var/log/mysql.log : MySQL log file that records every debug, failure and success message, including starting, stopping and restarting of MySQL daemon mysqld. The system decides on the directory. RedHat, CentOS, Fedora, and other RedHat-based systems use /var/log/mariadb/mariadb.log. However, Debian/Ubuntu use /var/log/mysql/error.log directory.
/var/log/pureftp.log: monitors for FTP connections using the pureftp process. Find data on every connection, FTP login, and authentication failure here.
/var/log/spooler: Usually contains nothing, except rare messages from USENET.
/var/log/xferlog: keeps FTP file transfer sessions. Includes info like file names and user-initiated FTP transfers.
Last updated
