Linux

Tux the Linux MascotLinux is a free and open source alternative to the Microsoft Windows Operating System, initially developed back in 1991. It has grown in use over the years with it being used in a diverse range of situations including, powering the New York stock exchange and mobile phones, as well as super computers.

What’s with the penguin?

The penguin, or Tux to call him by name, became the mascot of the Linux operating system back in 1996. The concept came from Linus Torvalds, the creator of Linux and was designed by a man called Larry Ewing.

Distros

Unlike Windows, where Microsoft is the only organisation that produces the operating system, Linux has many distributions, or distros for short, as they are more commonly known. Each distro is based on the same core software, known as the Linux Kernel. Due to the open source nature of Linux, some distros are based on others, where a person or organisation has taken a distro, made their own enhancements and released it, for example Ubuntu is based on the Debian distro. Below are just a small number of the distros available.

CentOS LogoCentOS was first released back in May 2004. It is developed by a small core team, along with its community and is based on Red Hat Enterprise Linux.

Useful Links

Debian LogoDebian is one of the earlier distributions of Linux, which started out back in 1993, with its first stable release in 1996. It is used for personal computers, as well as network servers, and is a popular starting point for other Linux distributions, such as Ubuntu. Debian does not have the backing of a large organisation, but is instead developed by a large community of volunteers over the internet.

Useful Links

Fedora LogoFedora Linux is a Linux distribution that is developed by the Fedora Project, along with its community and is sponsored by Red Hat Inc., who provide an enterprise version of Linux. The Fedora Project was created back in 2003 when Red Hat Inc. discontinued its free offering to concentrate on its enterprise edition, which is based on Fedora Linux.

Useful Links

Gentoo LogoGentoo Linux was first released by Daniel Robbins back in 2002 and is today developed by the Gentoo Foundation, which Daniel founded back in 2004. Gentoo is a highly customisable Linux distribution that allows the creation of very efficient desktops and servers, by giving greater control over what services are installed.

Kali Linux LogoKali is based on Debian Linux and was first released back in March 2013. It is maintained and funded by Offensive Security, a company that provides information security training, as well as penetration testing services, and is designed to be used for digital forensics and penetration testing.

Useful Links

Linux Mint LogoLinux Mint has been around since 2006, when a beta release of Linux Mint 1.0 was released. The project was started by Clement Lefebvre and today continues to be developed by the Linux Mint team, together with its community. There are a number of different editions, which are either based on Ubuntu or Debian Linux directly.

Useful Links

Oracle Linux LogoOracle Linux, previously known as Oracle Enterprise Linux, is a distribution of Linux from Oracle Corporation, that is free to use. It is based on Red Hat Enterprise Linux and was first released back in 2006. Oracle also provides the "Oracle Linux Support program", which is a paid for service that customers can use to get support with Oracle Linux.

Useful Links

Qubes OS LogoQubes OS, which was first released back in September 2012, is designed to provide strong security for desktop computing through isolation and compartmentalisation. It aims to achieve this by utilising the Xen virtualisation software to create multiple security domains to isolate and compartmentalise tasks being undertaken, for example, one security domain for personal and one for work. An application in one security domain works independently of the same application in a different security domain. The Chrome web browser can be used to illustrate this, where bookmarks can exist in the personal security domain, but are not visible in the work domain. If malware were to infect the work domain, everything in the personal domain would be safe because the malware would be contained in the work domain.

Useful Links

Raspbian LogoRaspbian is a Linux distribution that is based on Debian and is optimised for use on the Raspberry Pi, which is a credit card sized computer. Although it isn't affiliated with the Raspberry Pi Foundation, who make the Raspberry Pi, it is the only distribution that the foundation officially supports.

Red Hat LogoRed Hat Enterprise Linux is developed by Red Hat Inc., a company that specialises in providing open source software to the enterprise community and has been around since 2003. Although it is open source, like other Linux distributions, Red Hat uses strict trademark rules to restrict free re-distribution of its officially supported versions. Red Hat Enterprise Linux is based on Fedora Linux, a distribution developed by the Fedora Project, together with its community and is also sponsored by Red Hat Inc.

Tails Linux LogoTails is based on Debian Linux and was first released in June 2009. It is a security focused distribution that is aimed at preserving both the privacy and anonymity of its users. All of its outgoing connections are forced to go through Tor, which is software that enables anonymous communication, whilst non-anonymous connections are blocked. It is designed to run directly from a USB device or DVD, without having to be installed, although it is also possible to use on a virtual machine.

Useful Links

Ubuntu LogoUbuntu is based on the Debian distro and developed by a company called Canonical Ltd, which is based in the Isle of Man and owned by Mark Shuttleworth. Canonical also provides technical support and other Ubuntu related services, which is where their revenue comes from, as Ubuntu itself is free.

Useful Links

Whonix LogoWhonix is a security focused Linux distribution, based on Debian, which aims to provide privacy, security and anonymity. It was first released back in February 2012 and is developed by The Tor Project, Inc, a research-education non-profit organisation, based in Massachusetts, USA. Unlike most Linux distributions it is designed to run purely within a virtual machine and is distributed as two separate virtual machine images that are used together, a Workstation image and a Gateway image, that utilises Tor to enable anonymous communication.

Useful Links

Shell Commands

The Shell is a command language interpreter that executes commands read from a standard input device, such as a keyboard, or from a file. Each command has a number of options, which tailor the output of the command in question. An option follows the command, and is made up of a '-', followed by one or more letters of the alphabet. These shell commands can be run within an application called 'Terminal'.

dd

A backup to a disk image can be created as follows. The 'if' is used to specify the input file, whilst the 'of' is used for the output file.

dd if=/dev/sda of=/tmp/sda/image.img

This image can be restored by reversing the process.

dd if=/tmp/sda/image.img of=/dev/sda

su

The 'su' command, on its own, switches the user to the root user for the remainder of the terminal session. The password for the root user will need to be entered.

su

The command can also be used to switch to a named user. Again, the password for the user will need to be entered.

su adminuser
sudo

The 'sudo' command elevates privileges just for the command being run. This will only be successful if the current logged in user is an administrator. This can, for example, be used with the 'shutdown' command.

sudo shutdown -h now

df Displays the disk space available on all filesystems that the user has access to. In the below example, the '-h' ensures that it is in a human readable format, such as KB, MB or GB.
df -h

man

The 'man' command, short for manual, can be used in conjunction with a specified command, such as 'ls', to get help on this command. To exit the manual pages for a particular command, use the letter 'q'.

man ls

chmod

All files have permissions associated with them, for the owner, or creator, of the file, the group that the owner is in, along with everyone else. For each of these, permissions for reading, writing and executing the file in question can be assigned.

-rw-rw----   1 fredbloggs  examplegroup 0 26 Mar 17:43 file1.txt

The first dash signifies that these permissions are for a file. If it were a 'd', this would signify a directory. Following this, the 'rw-' relate to the read, write and execute permissions for the owner of the file, who, in this case, has read and write permissions. The next 'rw-' relate to the group, which again has read and write permissions. The final three dashes relate to everyone else. These permissions can be assigned to the file as follows.

chmod 660 file1.txt

Each digit relates to the decimal equivalent of the binary total for the owner, group and everyone else, with read permissions being equivalent to four, write is two and execute is one. As the owner and group have read and write permissions, it is four for read, plus the two for write.

chown

The 'chown' command can be utilised to change the owner and group of a particular file or directory.

sudo chown fredbloggs:examplegroup file1.txt

passwd

In order to change the password of the current user, or a named user, the 'passwd' command needs to be used. Specifying 'passwd' on its own will allow for the changing of the current user password. Using 'passwd' in conjunction with 'sudo' and a username of a specified user, will allow the password to be changed for that user.

passwd
sudo passwd root

ps

The 'ps' command can be used to list processes running on the system. Using it on its own will list the processes specific to the current user. Stipulating the 'e' option will include all processes, not just those for the current user.

ps
ps -e
kill

Using the 'kill' command, along with a process ID, will terminate that particular process.

kill 1234
killall

If it is necessary to terminate all processes associated with a particular application, such as Firefox, then the 'killall' command can be used to achieve this. Note that elevated privileges are required to run this. It can also be used to abort a shutdown that has been scheduled for some point in the future.

sudo killall firefox
sudo killall shutdown

clear

Clear the command prompt window of any previously run commands, along with their results.

clear

cd

Change the current directory. A '/' can be used to move to the route of the file system. Specifying a path moves to that location. The '..' moves up one level.

cd /
cd /bin 
cd ..
file

Examine a file and return the file type.

file file1.txt
grep

The 'grep' command can be used to search for a specified piece of text within a file, for example, the word 'help' in a file called 'file1.txt'.

grep help file1.txt
less

View the contents of a file. When done, press 'q' to return to the command prompt.

less file1.txt
ls

Displays a list of files and subdirectories in a directory, either the current working directory, or one that is specified. The 'a' option includes files that begin with a '.', while the 'l' option signifies that full details should be shown such as, file permissions, user and group ownership, file size and a timestamp.

ls
ls /bin
ls -al /bin
pwd

Display the current working directory.

pwd
tail

View the last few lines of a file. By default this is the last 10 lines, however, this can be altered by using the 'n' option. Specifying the 'f' option will update the terminal as the file changes.

tail file1.txt
tail -n 20 file1.txt
tail -f file1.txt

ifconfig

Interface Configuration (ifconfig) can be used to view or change network interfaces and IP configuration. Run on its own, with no additional options, will list the active network interfaces, both wired and wireless, on the system.

ifconfig

Including the 'a' option adds in those interfaces which are currently down.

ifconfig -a

In order to view the configuration of a specific interface, its name can be specified as an option.

ifconfig eth0

If an interface is currently inactive, 'ifconfig' can be used to make it active. Note that elevated privileges are needed for this.

sudo ifconfig eth0 up

Similarly, if an interface is active, 'ifconfig' can be used to make it inactive.

sudo ifconfig eth0 down

If DHCP isn't being used, 'ifconfig' can be utilised to assign an IP address, subnet mask and broadcast address.

sudo ifconfig eth0 192.168.2.5 netmask 255.255.255.0 broadcast 192.168.2.7

It should be noted that the 'ifconfig' command is replaced by the 'ip' command in modern Linux distributions.

ip

The 'ip' command is the replacement for 'ifconfig' in modern Linux distributions, and is used to both view and change network interfaces and IP configuration. Run on its own, with no additional options, will list all the options available with the command.

ip

For a general view of the network devices configuration currently running, either one of the below options can be used to produce the same result.

ip address
ip addr show

It is possible to limit the information returned to just IPv4 or IPv6 if that is what is desired.

ip -4 a
ip -6 a

The output can also be limited to a particular device, for example, 'eth0'

ip addr show dev eth0

If an interface is currently inactive, 'ip' can be used to make it active. Note that elevated privileges are needed for this.

sudo ip link set up eth0

Similarly, if an interface is active, 'ip' can be used to make it inactive.

sudo ip link set down eth0

As well as making an interface active or inactive, 'ip' can be used to release and assign an IP address.

sudo ip addr del 192.168.0.10 dev eth0
sudo ip addr add 192.168.0.11 dev eth0
iwconfig

The 'iwconfig' command is similar to 'ifconfig', but only handles the wireless interfaces. It is used to set the parameters of the network interface, which are specific to the wireless operation. Run on its own, with no options will display information relating to the wireless interfaces, such as IEEE 802.11 standards compatibility, the Extended Service Set Identifier (ESSID), the mode and frequency, along with some other information.

iwconfig

The parameters listed using 'iwconfig' on its own, can also be set with the same command.

sudo iwconfig wlan0 essid "Home network"
sudo iwconfig wlan0 mode Managed
sudo iwconfig wlan0 freq 2.422G
sudo iwconfig wlan0 channel 3

netstat

Used to determine what type of network connections are occurring inbound as well as outbound from the machine in question. It shows the protocol, local address, including the ephemeral port number, foreign address, including ephemeral port number, and the state.

netstat

Specifying the 'a' option displays more detail, showing all connections and listening ports.

netstat -a

This can be subdivided into the TCP and UDP protocols by adding 't' and 'u' respectively.

netstat -at
netstat -au

To return just the listening ports, the 'l' option can be used.

netstat -l

Again, this can be broken down by protocol by adding 't' or 'u', for either TCP or UDP.

netstat -lt
netstat -lu

The 'p' option allows for the displaying of the Process ID (PID) and program associated with the connection. These results can be displayed all together or broken down by protocol, with 't' and 'u' for TCP and UDP.

netstat -p
netstat -pt
netstat -pu

Statistics by protocol can also be returned using the 's' option, which again can be limited to just TCP or UDP by adding 't' or 'u'.

netstat -s
netstat -st
netstat -su

apt-get

The Advanced Packaging Tool, or APT for short, is the default package manager in Debian based Linux distributions. It can be used to install and update software, as well as updating the operating system itself. A repository is kept of all the available versions of numerous pieces of software, locally on the computer in question. This repository needs to periodically be updated with the latest information.

sudo apt-get update

Note that 'apt-get' commands require elevated privileges. Once this repository is updated, it can then be used to upgrade the various packages on the system.

sudo apt-get upgrade

APT can also be used to install new pieces of software, for example, to install the 'netstat' and 'ifconfig' utilities, the 'net-tools' package needs to be installed.

sudo apt-get install net-tools

Similarly, for the 'iwconfig' and 'traceroute' utilities to be used, the 'wireless-tools' and 'traceroute' packages needs to be installed.

sudo apt-get install wireless-tools
sudo apt-get install traceroute

Packages can also be removed using 'apt-get'.

sudo apt-get remove traceroute
dnf

The 'dnf' package management tool is the default for more recent versions of Linux distributions such as Fedora and Red Hat, along with other Red Hat based distros. It replaced the package management tool 'yum'. With elevated privileges, 'dnf' can be used to upgrade the various packages that are installed on the system.

sudo dnf upgrade

If a new package needs to be installed, such as the Chromium web browser, this can be achieved with the 'install' command.

sudo dnf install chromium

Similarly, an individual package can be removed, with the 'remove' command.

sudo dnf remove chromium
yum

The 'yum' package management tool has been replaced by 'dnf', but may still be found on older versions of Fedora and Red Had Linux, as well as other Red Hat based distros. With elevated privileges, 'yum' can be used to upgrade the various packages that are installed on the system.

sudo yum upgrade

If a new package needs to be installed, such as the Chromium web browser, this can be achieved with the 'install' command.

sudo yum install chromium

Similarly, an individual package can be removed, with the 'remove' command.

sudo yum remove chromium

nslookup

This can be used to lookup information from DNS servers, such as canonical names and IP addresses.

nslookup www.stuartsplace.com

If you get a non-authoritative answer it means that it is from local cache, rather than the DNS server that would normally provide DNS information for the website in question.

A lookup can also be done in the other direction, by using an IP address.

nslookup 8.8.8.8

Note that, if the 'nslookup' utility isn't included with the Linux distribution in use, it will need to be installed. An example of how to do this using 'APT' is as follows.

sudo apt-get install dnsutils

traceroute

This is a diagnostic tool that can be used to determines the route, from the current machine, to a destination, by sending Internet Control Message Protocol (ICMP) echo packets to the destination. The resulting information shows the time taken in milliseconds to each router, as well as the IP address. It should be noted that some routers are design not to return back any details, so you may not get all the information you require.

traceroute www.stuartsplace.com

This also works with an IP address.

traceroute 8.8.8.8

shutdown

The 'shutdown' command can be used to shutdown or restart the system, either straightaway, using 'now', or a specified number of minutes in the future. A system shutdown is initiated with the 'h' option, with 'r' being required for a restart.

sudo shutdown -h now
sudo shutdown -h +30
sudo shutdown -r now
sudo shutdown -r +30

ping

The 'ping' command is a utility that tests the reachability of a host over an IP network, such as a Local Area Network (LAN), or the Internet. It uses Internet Control Message Protocol (ICMP) echo request messages to contact the host and corresponding replies are received if the host is reachable. By default, echo requests are sent until Ctrl+C is used to stop the requests. Included with each response is the corresponding IP address, the round-trip time in milliseconds and the time to live (TTL), which signifies how many hops it took to reach the destination.

ping www.stuartsplace.com

To specify the number of echo requests, the 'c' option can be used, followed by a number to limit the requests.

ping -c 4 www.stuartsplace.com

An IP address can also be used with the 'ping' command, instead of a domain name.

ping 8.8.8.8

More

cp

Copy one or more files to a different location. Here, a file is copied to the same location, but with a different name.

cp file1.txt file2.txt

In order to force a prompt to appear before a file is overwritten, the 'i' option can be used.

cp -i file1.txt file2.txt

To avoid overwriting an existing file, the 'n' option needs to be utilised.

cp -n file1.txt file2.txt

To preserve file attributes such as modification time, access time, file flags, file mode, the owner, and group, the 'p' option is required.

cp -p file1.txt file2.txt

Feedback can also be provided for each individual file being copied using the 'v' option.

cp -v file1.txt file2.txt

If more than one file of the same type, for example, text files, needs to be copied, the '*' wildcard can be used. In this instance, the files are copied to a folder called 'backup' that resides in the current location.

cp *.txt backup

To copy all the contents of a directory, including subdirectories and their contents, the 'r' option can be used. Here, items are copied into a folder called 'backup', that resides one level up. The '..' is shorthand for referring to one level up from the current location.

cp -r * ../backup
mv

The 'mv' command can be used to move one or more files to a different location, or rename a file in the current location.

mv file1.txt file2.txt

To move a file into a different location, the folder, or path needs to be specified, for example, a folder called 'backup' in the current location.

mv file1.txt backup

The '*' wildcard can be used to move multiple files, for example, all text files, to a specified location.

mv *.txt backup
rm

The 'rm' command can be used to delete both files and directories. A single file can be deleted on its own, or multiple files can be deleted with the use of the '*' wildcard.

rm file1.txt
rm *.txt

In order to delete a directory, along with its contents, the 'r' option needs to be used, in conjunction with 'rm'.

rm -r backup
mkdir

If it is necessary to create a directory from the command line, the 'mkdir' command can be used to achieve this.

mkdir backup
vi Open a file for editing in the Vi editor. Note that this command also creates the file if it doesn't already exist.

vi file1.txt

Vi Commands

Vi (Visual editor) is a command line text editor that can be found in the UNIX, Linux and macOS operating systems. This is a glossary of some of the commands found in vi.

r Replace one character.
R Replace many characters, until Esc is pressed.
cw change the current word with new text, starting with the character under the cursor, until Esc is pressed.
cNw Change N words beginning with character under the cursor, until Esc is pressed e.g. c5w changes 5 words.
C Change (replace) the characters in the current line, until Esc is pressed.
cc Change (replace) the entire current line, stopping when Esc is pressed.
Ncc or cNc Change (replace) the next N lines, starting with the current line, stopping when is pressed.

yy Copy (yank) the current line into the buffer.
Nyy or yNy Copy (yank) the next N lines, including the current line, into the buffer.
p Put (paste) the line(s) in the buffer into the text after the current line.

x Delete a single character under the cursor.
Nx Delete N characters, starting with the character under the cursor.
dw Delete a single word beginning with character under the cursor.
dNw Delete N words beginning with character under cursor e.g. d5w deletes 5 words.
D Delete the remainder of the line, starting with the current cursor position.
dd Delete the entire current line.
Ndd or dNd Delete N lines, beginning with the current line e.g. 5dd deletes 5 lines.

:.= Returns the line number of the current line at bottom of the screen.
:= Returns the total number of lines at bottom of screen.
^g Provides the current line number, along with the total number of lines, in the file at the bottom of the screen.

:x Quit vi, writing out modified file to file named in original invocation.
:wq Quit vi, writing out modified file to file named in original invocation.
:q Quit (or exit) vi.
:q! Quit vi even though latest changes have not been saved for this vi call.

i Insert before cursor.
I Insert before line.
a Append after cursor.
A Append after line.
o Open a new line after current line.
O Open a new line before current line.

h Move left.
j Move down.
k Move up.
l Move right.
w Move to next word.
W Move to next blank delimited word.
b Move to the beginning of the word.
B Move to the beginning of blank delimited word.
e Move to the end of the word.
E Move to the end of Blank delimited word.
( Move a sentence back.
) Move a sentence forward.
{ Move a paragraph back.
} Move a paragraph forward.
0 Move to the beginning of the line.
$ Move to the end of the line.
1G Move to the first line of the file.
G Move to the last line of the file.
nG Move to nth line of the file.
:n Move to nth line of the file.
fc Move forward to 'c'.
Fc Move back to 'c'.
H Move to top of screen.
M Move to middle of screen.
L Move to bottom of screen.
% Move to associated ( ), { }, [ ].

/string Search forward for occurrence of 'string' in text.
?string Search backward for occurrence of 'string' in text.
n Move to the next occurrence of the search string.
N Move to the next occurrence of the search string in the opposite direction.

Vi can be started from the shell or terminal window.
vi filename Edit the named file starting at line 1.
vi -r filename Recover the named file that was being edited when the system crashed.

Useful Links

General

Sandboxes and Application Isolation

System Information Software

Podcasts