Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

MODULE 4 - Linux Overview CERTIFICATION CYBER OPS ASSOCIATE > MODULE 4 - CERTIFICATION CYBER OPS ASSOCIATE > Flashcards

MODULE 4 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards

1
Q

Linux Basics What is Linux? Linux is an operating system that was created in 1991. Linux is open source, fast, reliable, and small. It requires very little hardware resources to run and is highly customizable.

Unlike other operating systems such as Windows and Mac OS X, Linux was created, and is currently maintained by, a community of programmers. Linux is part of several platforms and can be found on devices anywhere from “wristwatches to supercomputers”.

A

Another important aspect of Linux is that it is designed to be connected to the network, which makes it much simpler to write and use network-based applications. Because Linux is open source, any person or company can get the kernel’s source code, inspect it, modify it, and re-compile it at will.

They are also allowed to redistribute the program with or without charges. A Linux distribution is the term used to describe packages created by different organizations. Linux distributions (or distros) include the Linux kernel with customized tools and software packages.

While some of these organizations may charge for their Linux distribution support (geared towards Linux-based businesses), the majority of them also offer their distribution for free without support. Debian, Red Hat, Ubuntu, CentOS, and SUSE are just a few examples of Linux distributions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Value of Linux : Linux is often the operating system of choice in the Security Operations Center (SOC).

These are some of the reasons to choose Linux:

– Linux is open source

– The Linux CLI is very powerful

– The user has more control over the OS

– It allows for better network communication control

A

Linux is open source :

Any person can acquire Linux at no charge and modify it to fit specific needs.

This flexibility allows analysts and administrators to tailor-build an operating system specifically for security analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The Value of Linux : Linux is often the operating system of choice in the Security Operations Center (SOC).

These are some of the reasons to choose Linux:

– Linux is open source

– The Linux CLI is very powerful

– The user has more control over the OS

– It allows for better network communication control

A

The Linux CLI is very powerful :

While a GUI makes many tasks easier to perform, it adds complexity and requires more computer resources to run.

The Linux Command Line Interface (CLI) is extremely powerful and enables analysts to perform tasks not only directly on a terminal, but also remotely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Value of Linux : Linux is often the operating system of choice in the Security Operations Center (SOC).

These are some of the reasons to choose Linux:

– Linux is open source

– The Linux CLI is very powerful

– The user has more control over the OS

– It allows for better network communication control

A

The user has more control over the OS :

The administrator user in Linux, known as the root user, or superuser, has absolute power over the computer. Unlike other operating systems, the root user can modify any aspect of the computer with a few keystrokes.

This ability is especially valuable when working with low level functions such as the network stack. It allows the root user to have precise control over the way network packets are handled by the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Value of Linux : Linux is often the operating system of choice in the Security Operations Center (SOC).

These are some of the reasons to choose Linux:

– Linux is open source

– The Linux CLI is very powerful

– The user has more control over the OS

– It allows for better network communication control

A

It allows for better network communication control :

Control is an inherent part of Linux. Because the OS can be adjusted in practically every aspect, it is a great platform for creating network applications.

This is the same reason that many great network-based software tools are available for Linux only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Linux in the SOC : The flexibility provided by Linux is a great feature for the SOC. The entire operating system can be tailored to become the perfect security analysis platform.

For example, administrators can add only the necessary packages to the OS, making it lean and efficient.

Specific software tools can be installed and configured to work in conjunction, allowing administrators to build a customized computer that fits perfectly in the workflow of a SOC.

A

The figure shows Sguil, which is the cybersecurity analyst console in a special version of Linux called Security Onion.

Security Onion is an open source suite of tools that work together for network security analysis. We will work with Security Onion later in this course.

https://snipboard.io/iHEKdO.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Network packet capture software :

A crucial tool for a SOC analyst as it makes it possible to observe and understand every detail of a network transaction. Wireshark is a popular packet capture tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Malware analysis tools :

These tools allow analysts to safely run and observe malware execution without the risk of compromising the underlying system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Intrusion detection systems (IDSs) :

These tools are used for real-time traffic monitoring and inspection. If any aspect of the currently flowing traffic matches any of the established rules, a pre-defined action is taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Firewalls :

This software is used to specify, based on pre-defined rules, whether traffic is allowed to enter or leave a network or device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Log managers :

Log files are used to record events. Because a network can generate a very large number of log entries, log manager software is employed to facilitate log monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Security information and event management (SIEM) :

SIEMs provide real-time analysis of alerts and log entries generated by network appliances such as IDSs and firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The table lists a few tools that are often found in a SOC. :

– Network packet capture software

– Malware analysis tools

– Intrusion detection systems (IDSs)

– Firewalls

– Log managers

– Security information and event management (SIEM)

– Ticketing systems

A

Ticketing systems :

Task ticket assignment, editing, and recording is done through a ticket management system. Security alerts are often assigned to analysts through a ticketing system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Linux Tools :

In addition to SOC-specific tools, Linux computers that are used in the SOC often contain penetration testing tools.

Also known as PenTesting, a penetration test is the process of looking for vulnerabilities in a network or computer by attacking it.

Packet generators, port scanners, and proof-of-concept exploits are examples of PenTesting tools.

A

Kali Linux is a Linux distribution groups many penetration tools together in a single Linux distribution.

Kali contains a great selection of tools. The figure shows a screenshot of Kali Linux.

Notice all the major categories of penetration testing tools.

https://snipboard.io/hfogKO.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Working in the Linux Shell The Linux Shell In Linux, the user communicates with the OS by using the CLI or the GUI.

Linux often starts in the GUI by default. This hides the CLI from the user. One way to access the CLI from the GUI is through a terminal emulator application.

These applications provide user access to the CLI and are often named as some variation of the word “terminal”. In Linux, popular terminal emulators are Terminator, eterm, xterm, konsole, and gnome-terminal.

A

Fabrice Bellard has created JSLinux which allows an emulated version of Linux to run in a browser. Search for it on the internet.

Open a Linux console in JSLinux and type the ls command to list the current directory content. Keep the tab open if you would like to try out some of the other commands discussed in this chapter.

The figure shows gnome-terminal, a popular Linux terminal emulator. Note: The terms shell, console, console window, CLI terminal, and terminal window are often used interchangeably.

https://snipboard.io/CUqPKt.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Basic Commands Linux commands are programs created to perform a specific task.

Use the man command (short for manual) to obtain documentation about commands.

As an example, man ls provides documentation about the ls command from the user manual.

A

Because commands are programs stored on the disk, when a user types a command, the shell must find it on the disk before it can be executed. The shell will look for user-typed commands in specific directories and attempt to execute them. The list of directories checked by the shell is called the path.

The path contains many directories commonly used to store commands. If a command is not in the path, the user must specify its location, or the shell will not be able to find it.

Users can easily add directories to the path, if necessary. To invoke a command via the shell, simply type its name. The shell will try to find it in the system path and execute it. The table lists basic Linux commands and their functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

mv :

Moves or renames files and directories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

chmod :

Modifies file permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

chown :

Changes the ownership of a file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

dd :

Copies data from an input to an output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

pwd :

Displays the name of the current directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

ps :

Lists the processes that are currently running in the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

su :

Simulates a login as another user or to become a superuser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The table lists basic Linux commands and their functions.

– mv

– chmod

– chown

– dd

– pwd

– ps

– su

– sudo

– grep

– ifconfig

– apt-get

– iwconfig

– shutdown

– passwd

– cat

– man

A

sudo :

Runs a command as a super user, by default, or another named user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
grep : Used to search for specific strings of characters within a file or other command outputs. To search through the output of a previous command, grep must be piped at the end of the previous command.
26
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
ifconfig : Used to display or configure network card related information. If issued without parameters, ifconfig will display the current network card(s) configuration. Note: While still widely in use, this command is deprecated. Use ip address instead.
27
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
apt-get : Used to install, configure and remove packages on Debian and its derivatives. Note: apt-get is a user-friendly command line front-end for dpkg, Debian’s package manager. The combo dpkg and apt-get is the default package manager system in all Debian Linux derivatives, including Raspbian.
28
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
iwconfig : Used to display or configure wireless network card related information. Similar to ifconfig, iwconfig will display wireless information when issued without parameters.
29
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
shutdown : Shuts down the system, shutdown can be instructed to perform a number of shut down related tasks, including restart, halt, put to sleep or kick out all currently connected users.
30
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
passwd : Used to change the password. If no parameters are provided, passwd changes the password for the current user.
31
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
cat : Used to list the contents of a file and expects the file name as the parameter. The cat command is usually used on text files.
32
The table lists basic Linux commands and their functions. -- mv -- chmod -- chown -- dd -- pwd -- ps -- su -- sudo -- grep -- ifconfig -- apt-get -- iwconfig -- shutdown -- passwd -- cat -- man
man : Used to display the documentation for a specific command. Note: It is assumed that the user has the proper permissions to execute the command. File permissions in Linux are covered later in this chapter.
33
File and Directory Commands Many command line tools are included in Linux by default. To adjust the command operation, users can pass parameters and switches along with the command. The table lists a few of the most common commands related to files and directories. -- Is -- cd -- mkdir -- cp -- mv -- rm -- grep -- cat
Is : Displays the files inside a directory cd : Changes the current directory mkdir : Creates a directory under the current directory cp : Copies files from source to destination mv : Moves files to a different directory rm : Removes files grep : Searches for specific strings of characters within a file or other commands outputs cat: Lists the contents of a file and expects the file name as the parameter
34
Working with Text Files : Linux has many different text editors, with various features and functions. Some text editors include graphical interfaces while others are command-line only tools. Each text editor includes a feature set designed to support a specific type of task. Some text editors focus on the programmer and include features such as syntax highlighting, brackets and parenthesis check, and other programming-focused features. While graphical text editors are convenient and easy to use, command line-based text editors are very important for Linux users. The main benefit of command-line-based text editors is that they allow for text file editing from a remote computer.
Consider the following scenario: a user must perform administrative tasks on a Linux computer but is not sitting in front of that computer. Using SSH, the user starts a remote shell to the remote computer. Under the text-based remote shell, the graphical interface is not available, which makes it impossible to rely on tools such as graphical text editors. In this type of situation, text-based programs are crucial. The figure shows nano, a popular command-line text editor. The administrator is editing firewall rules. Text editors are often used for system configuration and maintenance in Linux. https://snipboard.io/IoHx7K.jpg Due to the lack of graphical support, nano (or GNU nano) can only be controlled with the keyboard. For example, CTRL+O saves the current file; CTRL+W opens the search menu. GNU nano uses a two-line shortcut bar at the bottom of the screen, where commands for the current context are listed. Press CTRL+G for the help screen and a complete list of commands.
35
The Importance of Text Files in Linux In Linux, everything is treated as a file. This includes the memory, the disks, the monitor, and the directories. For example, from the operating system standpoint, showing information on the display means to write to the file that represents the display device. It should be no surprise that the computer itself is configured through files. Known as configuration files, they are usually text files used to store adjustments and settings for specific applications or services. Practically everything in Linux relies on configuration files to work. Some services have not one, but several configuration files.
Users with proper permission levels can use text editors to change the contents of configuration files. After the changes are made, the file is saved and can be used by the related service or application. Users are able to specify exactly how they want any given application or service to behave. When launched, services and applications check the contents of specific configuration files to adjust their behavior accordingly.
36
Users with proper permission levels can use text editors to change the contents of configuration files. After the changes are made, the file is saved and can be used by the related service or application. Users are able to specify exactly how they want any given application or service to behave. When launched, services and applications check the contents of specific configuration files to adjust their behavior accordingly.
In the figure, the administrator opened the host configuration file in nano for editing. The host file contains static mappings of host IP addresses to names. The names serve as shortcuts that allow connecting to other devices by using a name instead of an IP address. Only the superuser can change the host file. Note: The administrator used the command sudo nano /etc/hosts to open the file. The command sudo (short for “superuser do”) invokes the superuser privilege to use the nano text editor to open the host file. https://snipboard.io/Q7UhiN.jpg
37
Linux Servers and Clients An Introduction to Client-Server Communications Servers are computers with software installed that enables them to provide services to clients across the network. There are many types of services. Some provide external resources such as files, email messages, or web pages to clients upon request. Other services run maintenance tasks such as log management, memory management, disk scanning, and more. Each service requires separate server software. For example, the server in the figure uses file server software to provide clients with the ability to retrieve and submit files.
Client-server communications is discussed in more detail later in the course. https://snipboard.io/uiH64K.jpg
38
Servers, Services, and Their Ports In order that a computer can be the server for multiple services, ports are used. A port is a reserved network resource used by a service. A server is said to be “listening” on a port when it has associated itself to that port. While the administrator can decide which port to use with any given service, many clients are configured to use a specific port by default. It is common practice to leave the service running in its default port. The table lists a few commonly used ports and their services. These are also called “well-known ports”.
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
39
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
20/21 - File Transfer Protocol (FTP)
40
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
22 : Secure Shell (SSH)
41
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
23 : Telnet remote login service
42
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
25 Simple Mail Transfer Protocol (SMTP)
43
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
53 : Domain Name System (DNS)
44
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
67/68 : Dynamic Host Configuration Protocol (DHCP)
45
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
69 : Trivial File Transfer Protocol (TFTP)
46
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
80 : Hypertext Transfer Protocol (HTTP)
47
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
110 : Post Office Protocol version 3 (POP3)
48
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
123 : Network Time Protocol (NTP)
49
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
161/162 : Simple Network Management Protocol (SNMP)
50
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
143 : Internet Message Access Protocol (IMAP)
51
The table lists a few commonly used ports and their services. These are also called “well-known ports”. -- 20/21 -- 22 -- 23 -- 25 -- 53 -- 67/68 -- 69 -- 80 -- 110 --123 -- 143 -- 161/162 -- 443
443 : HTTP Secure (HTTPS) Ports and their uses in network communications are discussed in more detail later in the course.
52
Clients : Clients are programs or applications designed to communicate with a specific type of server. Also known as client applications, clients use a well-defined protocol to communicate with the server. Web browsers are web clients that are used to communicate with web servers through the Hyper Text Transfer Protocol (HTTP) on port 80. The File Transfer Protocol (FTP) client is software used to communicate with an FTP server. The figure shows a client uploading files to a server. https://snipboard.io/vOUazK.jpg
Clients : Clients are programs or applications designed to communicate with a specific type of server. Also known as client applications, clients use a well-defined protocol to communicate with the server. Web browsers are web clients that are used to communicate with web servers through the Hyper Text Transfer Protocol (HTTP) on port 80. The File Transfer Protocol (FTP) client is software used to communicate with an FTP server. The figure shows a client uploading files to a server. https://snipboard.io/vOUazK.jpg
53
Basic Server Administration Service Configuration Files In Linux, services are managed using configuration files. Common options in configuration files are port number, location of the hosted resources, and client authorization details. When the service starts, it looks for its configuration files, loads them into memory, and adjusts itself according to the settings in the files. Configuration file modifications often require restarting the service before the changes take effect. Because services often require superuser privileges to run, service configuration files often require superuser privileges to edit. The command output shows a portion of the configuration file for Nginx, which is a lightweight web server for Linux. https://snipboard.io/sx19U4.jpg
The next command output shows the configuration file for the network time protocol (NTP). https://snipboard.io/oUXD23.jpg The last command output shows the configuration file for Snort, a Linux-based intrusion detection system (IDS). https://snipboard.io/ZPoi9L.jpg There is no rule for a configuration file format; it is the choice of the service’s developer. However, the option = value format is often used. For example, in the last command output, the variable ipvar is configured with several options. The first option, HOME\_NET, has the value 209.165.200.224/27. The hash character (#) is used to indicate comments.
54
Hardening Devices Device hardening involves implementing proven methods of securing the device and protecting its administrative access. Some of these methods involve maintaining passwords, configuring enhanced remote login features, and implementing secure login with SSH. Defining administrative roles in terms of access is another important aspect of securing infrastructure devices because not all information technology personnel should have the same level of access to the infrastructure devices. Depending on the Linux distribution, many services are enabled by default. Some of these features are enabled for historical reasons but are no longer required. Stopping such services and ensuring they do not automatically start at boot time is another device hardening technique.
OS updates are also extremely important to maintaining a hardened device. New vulnerabilities are discovered every day. OS developers create and issue fixes and patches regularly. An up-to-date computer is less likely to be compromised. The following are basic best practices for device hardening. --Ensure physical security Minimize installed packages --Disable unused services --Use SSH and disable the root account login over SSH --Keep the system updated Disable USB auto-detection --Enforce strong passwords --Force periodic password changes --Keep users from re-using old passwords --Many other steps exist and are often service or application-dependent.
55
Monitoring Service Logs Log files are the records that a computer stores to keep track of important events. Kernel, services, and application events are all recorded in log files. It is very important for an administrator to periodically review the logs of a computer to keep it healthy. By monitoring Linux log files, an administrator gains a clear picture of the computer’s performance, security status, and any underlying issues. Log file analysis allows an administrator to guard against upcoming issues before they occur.
In Linux, log files can be categorized as: Application logs Event logs Service logs System logs Some logs contain information about daemons that are running in the Linux system. A daemon is a background process that runs without the need for user interaction. For example, the System Security Services Daemon (SSSD) manages remote access and authentication for single sign-on capabilities. The table lists a few popular Linux log files and their functions
56
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/messages This directory contains generic computer activity logs. It is mainly used to store informational and non-critical system messages. In Debian-based computers, /var/log/syslog directory serves the same purpose.
57
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/auth.log : This file stores all authentication-related events in Debian and Ubuntu computers. Anything involving the user authorization mechanism can be found in this file.
58
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/secure : This directory is used by RedHat and CentOS computers instead of /var/log/auth.log. It also tracks sudo logins, SSH logins, and other errors logged by SSSD.
59
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/boot.log : This file stores boot-related information and messages logged during the computer startup process.
60
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/dmesg : This directory contains kernel ring buffer messages. Information related to hardware devices and their drivers is recorded here. It is very important because, due to their low-level nature, logging systems such as syslog are not running when these events take place and therefore are often unavailable to the administrator in real-time.
61
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/kern.log : This file contains information logged by the kernel.
62
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/cron : Cron is a service used to schedule automated tasks in Linux and this directory stores its events. Whenever a scheduled task (also called a cron job) runs, all its relevant information including execution status and error messages are stored here.
63
The table lists a few popular Linux log files and their functions : -- /var/log/messages -- /var/log/auth.log -- /var/log/secure -- /var/log/boot.log -- /var/log/dmesg -- /var/log/kern.log -- /var/log/cron -- /var/log/mysqld.log or /var/log/mysql.log
/var/log/mysqld.log or /var/log/mysql.log : This is the MySQL log file. All debug, failure and success messages related to the mysqld process and mysqld\_safe daemon are logged here. RedHat, CentOS and Fedora Linux distributions store MySQL logs under /var/log/mysqld.log, while Debian and Ubuntu maintain the log in /var/log/mysql.log file.
64
The command output shows a portion of /var/log/messages log file. Each line represents a logged event. The timestamps at the beginning of the lines mark the moment the event took place. https://snipboard.io/7mxtTC.jpg
https://snipboard.io/7mxtTC.jpg
65
The Linux File System : The File System Types in Linux There are many different kinds of file systems, varying in properties of speed, flexibility, security, size, structure, logic and more. It is up to the administrator to decide which file system type best suits the operating system and the files it will store. The table lists a few file system types commonly found and supported by Linux.
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
66
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
ext2 (second extended file system) : ext2 was the default file system in several major Linux distributions until supplanted by ext3. Almost fully compatible with ext2, ext3 also supports journaling (see below). ext2 is still the file system of choice for flash-based storage media because its lack of a journal increases performance and minimizes the number of writes. Because flash memory devices have a limited number of write operations, minimizing write operations increases the device’s lifetime. However, contemporary Linux kernels also support ext4, an even more modern file system, with better performance and which can also operate in a journal-less mode.
67
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
ext3 (third extended file system) : ext3 is a journaled file system designed to improve the existing ext2 file system. A journal, the main feature added to ext3, is a technique used to minimize the risk of file system corruption in the event of sudden power loss. The file systems keeps a log (or journal) of all the file system changes about to be made. If the computer crashes before the change is complete, the journal can be used to restore or correct any eventual issues created by the crash. The maximum file size in ext3 file systems is 32 TB.
68
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
ext4 (fourth extended file system) : Designed as a successor of ext3, ext4 was created based on a series of extensions to ext3. While the extensions improve the performance of ext3 and increase supported file sizes, Linux kernel developers were concerned about stability issues and were opposed to adding the extensions to the stable ext3. The ext3 project was split in two; one kept as ext3 and its normal development and the other, named ext4, incorporated the mentioned extensions.
69
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
NFS (Network File System) : NFS is a network-based file system, allowing file access over the network. From the user standpoint, there is no difference between accessing a file stored locally or on another computer on the network. NFS is an open standard which allows anyone to implement it.
70
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
CDFS (Compact Disc File System) : CDFS was created specifically for optical disk media.
71
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
Swap File System : The swap file system is used by Linux when it runs out of RAM. Technically, it is a swap partition that does not have a specific file system, but it is relevant to the file system discussion. When this happens, the kernel moves inactive RAM content to the swap partition on the disk. While swap partitions (also known as swap space) can be useful to Linux computers with a limited amount of memory, they should not be considered as a primary solution. Swap partition is stored on disk which has much lower access speeds than RAM.
72
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
HFS Plus or HFS+ (Hierarchical File System Plus) : A file system used by Apple in its Macintosh computers. The Linux kernel includes a module for mounting HFS+ for read-write operations.
73
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
APFS (Apple File System) : An updated file system that is used by Apple devices. It provides strong encryption and is optimized for flash and solid-state drives.
74
The table lists a few file system types commonly found and supported by Linux. -- ext2 (second extended file system) -- ext3 (third extended file system) -- ext4 (fourth extended file system) -- NFS (Network File System) -- CDFS (Compact Disc File System) -- Swap File System -- HFS Plus or HFS+ (Hierarchical File System Plus) -- APFS (Apple File System) -- Master Boot Record (MBR)
Master Boot Record (MBR) : Located in the first sector of a partitioned computer, the MBR stores all the information about the way in which the file system is organized. The MBR quickly hands over control to a loading function, which loads the OS.
75
Mounting is the term used for the process of assigning a directory to a partition. After a successful mount operation, the file system contained on the partition is accessible through the specified directory. In this context, the directory is called the mounting point for that file system. Windows users may be familiar with a similar concept; the drive letter. The command output shows the output of the mount command issued in the Cisco CyberOPS VM.
Mounting is the term used for the process of assigning a directory to a partition. After a successful mount operation, the file system contained on the partition is accessible through the specified directory. In this context, the directory is called the mounting point for that file system. Windows users may be familiar with a similar concept; the drive letter. The command output shows the output of the mount command issued in the Cisco CyberOPS VM. https://snipboard.io/MOECgT.jpg
76
Mounting is the term used for the process of assigning a directory to a partition. After a successful mount operation, the file system contained on the partition is accessible through the specified directory. In this context, the directory is called the mounting point for that file system. Windows users may be familiar with a similar concept; the drive letter. The command output shows the output of the mount command issued in the Cisco CyberOPS VM. https://snipboard.io/MOECgT.jpg
When issued with no options, mount returns the list of file systems currently mounted in a Linux computer. While many of the file systems shown are out of the scope of this course, notice the root file system (highlighted). The root file system is represented by the “/” symbol and holds all files in the computer by default. It is also shown in the output that the root file system was formatted as ext4 and occupies the first partition of the first drive (/dev/sda1).
77
Linux Roles and File Permissions In Linux, most system entities are treated as files. In order to organize the system and enforce boundaries within the computer, Linux uses file permissions. File permissions are built into the file system structure and provide a mechanism to define permissions on every file. Every file in Linux carries its file permissions, which define the actions that the owner, the group, and others can perform with the file. The possible permission rights are Read, Write and Execute. The ls command with the -l parameter lists additional information about the file. Consider the output of the ls -l command in the command output. https://snipboard.io/mux9Fz.jpg
The output provides a lot of information about the file space.txt. The first field of the output displays the permissions that are associated with space.txt (-rwxrw-r--). File permissions are always displayed in the User, Group, and Other order. The file space.txt in has the following permissions: The dash (-) means that this is a file. For directories, the first dash would be a “d”. The first set of characters is for user permission (rwx). The user, analyst, who owns the file can Read, Write and eXecute the file. The second set of characters is for group permissions (rw-). The group, staff, who owns the file can Read and Write to the file. The third set of characters is for any other user or group permissions (r--). Any other user or group on the computer can only Read the file.
78
The output provides a lot of information about the file space.txt. The first field of the output displays the permissions that are associated with space.txt (-rwxrw-r--). File permissions are always displayed in the User, Group, and Other order. The file space.txt in has the following permissions: The dash (-) means that this is a file. For directories, the first dash would be a “d”. The first set of characters is for user permission (rwx). The user, analyst, who owns the file can Read, Write and eXecute the file. The second set of characters is for group permissions (rw-). The group, staff, who owns the file can Read and Write to the file. The third set of characters is for any other user or group permissions (r--). Any other user or group on the computer can only Read the file.
The second field defines the number of hard links to the file (the number 1 after the permissions). A hard link creates another file with a different name linked to the same place in the file system (called an inode). This is in contrast to a symbolic link, which is discussed on the next page. The third and fourth field display the user (analyst) and group (staff) who own the file, respectively. The fifth field displays the file size in bytes. The space.txt file has 253 bytes. The sixth field displays the date and time of the last modification. The seventh field displays the file name. The figure shows a breakdown of file permissions in Linux. https://snipboard.io/4pudRr.jpg
79
Use octal values to define permissions. https://snipboard.io/lns2zY.jpg
https://snipboard.io/lns2zY.jpg
80
File permissions are a fundamental part of Linux and cannot be broken. A user has only the rights to a file that the file permissions allow. The only user that can override file permission on a Linux computer is the root user. Because the root user has the power to override file permissions, the root user can write to any file. Because everything is treated as a file, the root user has full control over a Linux computer. Root access is often required before performing maintenance and administrative tasks. Because of the power of the root user, root credentials should use strong passwords and not be shared with anyone other than system administrators and other high-level users.
File permissions are a fundamental part of Linux and cannot be broken. A user has only the rights to a file that the file permissions allow. The only user that can override file permission on a Linux computer is the root user. Because the root user has the power to override file permissions, the root user can write to any file. Because everything is treated as a file, the root user has full control over a Linux computer. Root access is often required before performing maintenance and administrative tasks. Because of the power of the root user, root credentials should use strong passwords and not be shared with anyone other than system administrators and other high-level users.
81
Hard Links and Symbolic Links A hard link is another file that points to the same location as the original file. Use the command ln to create a hard link. The first argument is the existing file and the second argument is the new file. As shown in the command output, the file space.txt is linked to space.hard.txt and the link field now shows 2. https://snipboard.io/K6o9vq.jpg
Both files point to the same location in the file system. If you change one file, the other is changed, as well. The echo command is used to add some text to space.txt. Notice that the file size for both space.txt and space.hard.txt increased to 257 bytes. If you delete the space.hard.txt with the rm command (remove), the space.txt file still exists, as verified with the more space.txt command.
82
A symbolic link, also called a symlink or soft link, is similar to a hard link in that applying changes to the symbolic link will also change the original file. As shown in the command output below, use the ln command option -s to create a symbolic link. https://snipboard.io/78WAL6.jpg
Notice that adding a line of text to test.txt also adds the line to mytest.txt. However, unlike a hard link, deleting the original text.txt file means that mytext.txt is now linked to a file that no longer exists, as shown with the more mytest.txt and ls -l mytest.txt commands.
83
Although symbolic links have a single point of failure (the underlying file), symbolic links have several benefits over hard links: Locating hard links is more difficult. Symbolic links show the location of the original file in the ls -l command, as shown in the last line of output in the previous command output (mytest.txt -\> test.txt). Hard links are limited to the file system in which they are created. Symbolic links can link to a file in another file system. Hard links cannot link to a directory because the system itself uses hard links to define the hierarchy of the directory structure. However, symbolic links can link to directories.
Although symbolic links have a single point of failure (the underlying file), symbolic links have several benefits over hard links: Locating hard links is more difficult. Symbolic links show the location of the original file in the ls -l command, as shown in the last line of output in the previous command output (mytest.txt -\> test.txt). Hard links are limited to the file system in which they are created. Symbolic links can link to a file in another file system. Hard links cannot link to a directory because the system itself uses hard links to define the hierarchy of the directory structure. However, symbolic links can link to directories.
84
Working with the Linux GUI X Window System The graphical interface present in most Linux computers is based on the X Window System. Also known as X or X11, X Window is a windowing system designed to provide the basic framework for a GUI. X includes functions for drawing and moving windows on the display device and interacting with a mouse and keyboard. X works as a server which allows a remote user to use the network to connect, start a graphical application, and have the graphical window open on the remote terminal. While the application itself runs on the server, the graphical aspect of it is sent by X over the network and displayed on the remote computer.
Notice that X does not specify the user interface, leaving it to other programs, such as window managers, to define all the graphical components. This abstraction allows for great flexibility and customization as graphical components such as buttons, fonts, icons, window borders, and color schemes are all defined by the user application. Because of this separation, the Linux GUI varies greatly from distribution to distribution. Examples of window managers are Gnome and KDE. While the look and feel of window managers vary, the main components are still present. The figure displays the Gnome Window Manager. https://snipboard.io/QPx1pd.jpg
85
This figure displays the KDE Windows Manager. : https://snipboard.io/iEjeaX.jpg
This figure displays the KDE Windows Manager. : https://snipboard.io/iEjeaX.jpg
86
The Linux GUI Although an operating system does not require a GUI to function, GUIs are considered more user-friendly than the CLI. The Linux GUI as a whole can be easily replaced by the user. As a result of the large number of Linux distributions, this chapter focuses on Ubuntu when covering Linux because it is a very popular and user-friendly distribution. https://snipboard.io/8UvGEx.jpg
Ubuntu Linux uses Gnome 3 as its default GUI. The goal of Gnome 3 is to make Ubuntu even more user-friendly. The table lists the main UI components of Unity. The figure shows the location of some of the features of the Ubuntu Gnome 3 Desktop. https://snipboard.io/8UvGEx.jpg
87
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Apps Menu : The Apps Menu shows icons for the apps that are installed on the system. A right-click menu provides shortcuts that allow starting or configuring the apps. The system search box is available from Activities View.
88
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Ubuntu Dock : This is a dock on the left side of the screen that serves as an application launcher and switcher for app favorites. Click to launch an application and when the application is running, click again to switch between running applications. If more than one instance of an application is running, Launcher will display all instances. Right-click any application that is hosted on the launcher to see details about that the application.
89
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Top Bar : This multipurpose menu bar contains a menu for the application that currently has the focus. It displays the current time and indicates whether there are new system messages. It also provides access to the Activity desktop view and the system Status Menu.
90
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Calendar and System Message Tray : Click the day and time to see the full appointment calendar and any current system messages. Access the appointment calendar from here to create new appointments.
91
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Activities : Switch to application view to switch to or close running applications. A powerful search tool is available here that will find apps, files, and values within files. Allows switching between workspaces.
92
UI COMPONENT -- Apps Menu -- Ubuntu Dock -- Top Bar -- Calendar and System Message Tray -- Activities -- Status Menu
Status Menu : Allows configuration of the network adaptor and other running devices. The current user can logoff or change their settings. System configuration changes can be made here. The workstation can be locked or shutdown from here.
93
Working on a Linux Host Installing and Running Applications on a Linux Host Many end-user applications are complex programs written in compiled languages. To aid in the installation process, Linux often includes programs called package managers. A package is the term used to refer to a program and all its supporting files. By using a package manager to install a package, all the necessary files are placed in the correct file system location.
Package managers vary depending on Linux distributions. For example, pacman is used by Arch Linux while dpkg (Debian package) and apt (Advanced Packaging Tool) are used in Debian and Ubuntu Linux distributions. For this course, we will use the pacman package manager. The command output shows the output of a few apt-get commands used in Debian distributions. https://snipboard.io/LtG7Tg.jpg The apt-get update command is used to get the package list from the package repository and update the local package database. The apt-get upgrade command is used to update all currently installed packages to their latest versions.
94
Keeping the System Up to Date Also known as patches, OS updates are released periodically by OS companies to address any known vulnerabilities in their operating systems. While companies have update schedules, the release of unscheduled OS updates can happen when a major vulnerability is found in the OS code. Modern operating systems will alert the user when updates are available for download and installation, but the user can check for updates at any time.
The following table compares Arch Linux and Debian / Ubuntu Linux distribution commands to perform package system basic operations. https://snipboard.io/pb3dkH.jpg A Linux GUI can also be used to manually check and install updates. In Ubuntu for example, to install updates you would click Dash Search Box, type software updater, and then click the Software Updater icon, as shown in the figure. https://snipboard.io/ukFPqZ.jpg
95
Processes and Forks A process is a running instance of a computer program. Multitasking operating systems can execute many processes at the same time. Forking is a method that the kernel uses to allow a process to create a copy of itself. Processes need a way to create new processes in multitasking operating systems. The fork operation is the only way of doing so in Linux.
Forking is important for many reasons. One of them relates to process scalability. Apache, a popular web server, is a good example. By forking itself, Apache is able to serve a large number of requests with fewer system resources than a single-process-based server. When a process calls a fork, the caller process becomes the parent process, with the newly created process referred to as its child. After the fork, the processes are, to some extent, independent processes; they have different process IDs but run the same program code. The table lists three commands that are used to manage processes. -- ps -- top -- kill
96
Forking is important for many reasons. One of them relates to process scalability. Apache, a popular web server, is a good example. By forking itself, Apache is able to serve a large number of requests with fewer system resources than a single-process-based server. When a process calls a fork, the caller process becomes the parent process, with the newly created process referred to as its child. After the fork, the processes are, to some extent, independent processes; they have different process IDs but run the same program code. The table lists three commands that are used to manage processes. -- ps -- top -- kill
ps : Used to list the processes running on the computer at the time it is invoked. It can be instructed to display running processes that belong to the current user or other users. While listing processes does not require root privileges, killing or modifying other user’s processes does.
97
Forking is important for many reasons. One of them relates to process scalability. Apache, a popular web server, is a good example. By forking itself, Apache is able to serve a large number of requests with fewer system resources than a single-process-based server. When a process calls a fork, the caller process becomes the parent process, with the newly created process referred to as its child. After the fork, the processes are, to some extent, independent processes; they have different process IDs but run the same program code. The table lists three commands that are used to manage processes. -- ps -- top -- kill
top : Used to list running processes, but unlike ps, top keeps displaying running processes dynamically. Press q to exit top.
98
Forking is important for many reasons. One of them relates to process scalability. Apache, a popular web server, is a good example. By forking itself, Apache is able to serve a large number of requests with fewer system resources than a single-process-based server. When a process calls a fork, the caller process becomes the parent process, with the newly created process referred to as its child. After the fork, the processes are, to some extent, independent processes; they have different process IDs but run the same program code. The table lists three commands that are used to manage processes. -- ps -- top -- kill
kill : Used to modify the behavior of a specific process. Depending on the parameters, kill will remove, restart, or pause a process. In many cases, the user will run ps or top before running kill. This is done so the user can learn the PID of a process before running kill.
99
The command output shows the output of the top command on a Linux computer. : https://snipboard.io/IG92MF.jpg
The command output shows the output of the top command on a Linux computer. : https://snipboard.io/IG92MF.jpg
100
Malware on a Linux Host Linux malware includes viruses, Trojan horses, worms, and other types of malware that can affect the operating system. Due to a number of design components such as file system structure, file permissions, and user account restrictions, Linux operating systems are generally regarded as better protected against malware. While arguably better protected, Linux is not immune to malware. Many vulnerabilities have been found and exploited in Linux. These range from server software to kernel vulnerabilities. Attackers are able to exploit these vulnerabilities and compromise the target. Because Linux is open source, fixes and patches are often made available within hours of the discovery of such problems.
If a malicious program is executed, it will cause damage, regardless of the platform. A common Linux attack vector is its services and processes. Vulnerabilities are frequently found in server and process code running on computers connected to the network. An outdated version of the Apache web server could contain an unpatched vulnerability which can be exploited by an attacker, for example. Attackers often probe open ports to assess the version and nature of the server running on that port. With that knowledge, attackers can research if there are any known issues with that particular version of that particular server to support the attack. As with most vulnerabilities, keeping the computer updated and closing any unused services and ports is a good way to reduce the opportunities for attack in a Linux computer. The command output shows an attacker using the Telnet command to probe the nature and version of a web server (port 80). https://snipboard.io/n6eR4Z.jpg The attacker has learned that the server in question is running nginx version 1.12.0. The next step would be to research known vulnerabilities in the nginx 1.12.0 code.
101
Rootkit Check A rootkit is a type of malware that is designed to increase an unauthorized user’s privileges or grant access to portions of the software that should not normally be allowed. Rootkits are also often used to secure a backdoor to a compromised computer.
Rootkit Check : The installation of a rootkit can be automated (done as part of an infection) or an attacker can manually install it after compromising a computer. A rootkit is destructive because it changes kernel code and its modules, changing the most fundamental operations of the OS itself. With such a deep level of compromise, rootkits can hide the intrusion, remove any installation tracks, and even tamper with troubleshooting and diagnostic tools so that their output now hides the presence of the rootkit. While a few Linux vulnerabilities through history have allowed rootkit installation via regular user accounts, the vast majority of rootkit compromises require root or administrator access.
102
Rootkit Check : : Because the very nature of the computer is compromised, rootkit detection can be very difficult. Typical detection methods often include booting the computer from trusted media such as a diagnostics operating system live CD. The compromised drive is mounted and, from the trusted system toolset, trusted diagnostic tools can be launched to inspect the compromised file system. Inspection methods include behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Rootkit removal can be complicated and often impossible, especially in cases where the rootkit resides in the kernel; re-installation of the operating system is usually the only real solution to the problem. Firmware rootkits usually require hardware replacement.
Rootkit Check : chkrootkit is a popular Linux-based program designed to check the computer for known rootkits. It is a shell script that uses common Linux tools such as strings and grep to compare the signatures of core programs. It also looks for discrepancies as it traverses the /proc file system comparing the signatures found there with the output of ps. While helpful, keep in mind that programs to check for rootkits are not 100% reliable. The command output shows the output of chkrootkit on an Ubuntu Linux. https://snipboard.io/KoU9RB.jpg
103
Piping Commands : Although command line tools are usually designed to perform a specific, well-defined task, many commands can be combined to perform more complex tasks by a technique known as piping. Named after its defining character, the pipe (|), piping consists of chaining commands together, feeding the output of one command into the input of another.
Piping Commands : : For example, the ls command is used to display all the files and directories of a given directory. The grep command compares searches through a file or text looking for the specified string. If found, grep displays the entire contents of the folder where the string was found. The two commands, ls and grep, can be piped together to filter out the output of ls. This is shown in the output of the ls -l | grep host command and the ls -l | grep file command. https://snipboard.io/YA3Tx6.jpg

MODULE 4 - Linux Overview CERTIFICATION CYBER OPS ASSOCIATE (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions