Weekly Stand-up — The Linux Operating System (OS)
Last week I talked about Security Hardening Practices— OS hardening, Network hardening, and Cloud Network hardening. I also briefly introduced the Linux Operating System (OS). This week, I’ll give an update on my learning experience with the Linux OS.
Disclaimer: This is knowledge gained from my Google cybersecurity certification program on Coursera, and references to some articles and videos on the internet.
Linux is an open-source OS, meaning anyone can have access to the operating system and the source code. Linux is used in many security programs for different tasks. It also has several distributions or distros (due to its large community of developers and collaborations) that are used to perform specific tasks. As a security analyst, Linux helps in the examination of different types of logs to identify what’s going on in the system. It can also be used in offensive security to perform penetration testing (which is a simulated attack to look for vulnerabilities in a system).
The Linux architecture consists of the user, applications, the shell, the Filesystem Hierarchy Standard(FHS), the kernel, and the hardware.
The user is the person interacting with the OS.
The application is the program that performs a specific task, for example, Nano (a command line file editor).
The shell is the command line interpreter. This converts the instructions (standard input) to binary (code readable by the OS).
The Filesystem Hierarchy Standard (FHS) is the component of the Linux OS that organizes data. Here, files are organized in related directories (folders), subdirectories, and files
The Kernel is the component of the Linux OS that manages processes and memory. Just like the engine of a car is a core component, so is the kernel of the Linux OS.
The hardware is the physical component of the computer.
In the course of my learning, I’ll be using KALI LINUX, a distribution of the Linux OS that is Debian-derived. The Kali Linux is preinstalled with many useful tools for penetration testing and digital forensics.
Some penetration testing tools in Kali Linux are:
- Metasploit: Used to look for and exploit vulnerabilities on machines.
- Burp suite: Used to test for weaknesses in web applications.
- John the Ripper: Used to guess passwords and perform brute force attacks.
Some digital forensics tools in Kali Linux include
- tcpdump: Used to capture network traffic.
- Wireshark: It has a GUI, and is used to analyze and capture network traffic.
- Autospy: Used to analyze hardware and smartphones.
These are some of the many tools used in Kali Linux for security.
In Linux, package managers are tools used to install applications. They help users install, manage, and remove packages or applications. A package is a piece of software that can be combined with other packages to form an application. They contain the files necessary for an application to be installed. These files include dependencies, which are supplemental files used to run an application. Some packages may be large enough to form applications on their own. Package managers can help resolve any issues with dependencies and perform other management tasks. Linux uses multiple package managers.
Some Package Management Tools include
- Advanced Package Tool (APT): This is a Debian-derived distro that runs on the Command Line Interface (CLI) and is used to manage, search, and install packages.
- Yellowdog Updater Modified (YUM): This is used with the Redhat-derived distro (A distribution of Linux that enterprise-based. Has the same functions as the APT, and works with “.rpm” files.
The Shell: The shell is the command-line interpreter. There are several types of shell (Bourne-Again shell — Bash (which I’ll be using), C shell — Csh, Korn shell — Ksh, etc.). You can think of a shell as a translator between you and the computer system. Shells allow you to give commands to the computer and receive responses from it. When you enter a command into a shell, the shell executes many internal processes to interpret your command, send it to the kernel, and return your results. Knowing how to work with Linux shells is an important skill for cybersecurity professionals. Shells can be used for many common tasks. After a user types a command into the shell, the shell can return either standard output or standard error. Standard output is information returned by the OS through the shell. Standard error contains error messages returned by the OS through the shell.
Filtering contents in Linux: Filtering for information using Linux commands is an important skill for security analysts so that they can customize data to fit their needs. This is done by communicating with the OS through the CLI using Linux commands. Some Linux commands amongst many are:
grep
find
piping (|)
-mmin
-mtime
touch
rm
rmdir
mkdir
ls
chmodThese, and many others. The good thing is that you don’t have to memorize all Linux commands, you can always search the internet for the command to use for a specific task.
TASKS: At this stage in my learning, I completed various lab activities such as filtering and managing files, authorizations, and authentication of users. All of these tasks were performed using Qwiklabs in the shell.
In summary, Communication with the shell can only go in one of three ways: the system receives a command — this is input; the system responds to the command and produces output; and finally, the system doesn’t know how to respond, resulting in an error. Getting familiar with the shell is essential in the field of cybersecurity, as your job basically revolves around it.
See you next week.
