The Ultimate Platform for Learning Cybersecurity
It’s Not Exactly What You Might Expect
This is the next post in a series of blog posts that build in each other. Let’s review how we got here.
In The Simple Path Towards Cybersecurity Expertise, I claimed:
90% of cybersecurity ultimately boils down to extreme system administration and networking expertise. The other 10% is learning to think the way that hackers think.
I also claimed that the first step towards cybersecurity expertise is learning how to build a computer from scratch.
Then in I Want to Learn How to Build a Computer From Scratch, but I Have No Money. Now What?, we built a virtual machine because we wanted to get the benefits from learning to build a computer from scratch.
In my last post, A Grand Tour of the Hardware in Our VirtualBox Virtual Machine, I made the following claim:
Before we install an operating system, it’s very important to understand the hardware inside of our computer.
And so we took an in-depth look at the virtual hardware devices inside of our virtual machine.
Now that we have a handle on the hardware in our virtual machine, we’re one step closer to installing an operating system.
We’re going to carry on with our assumption from previous posts that we have no money, which will limit our options for operating systems. That’s fine, though, because there are some excellent operating systems available for free. We’re going to focus on Linux, but it is worth noting that Linux is not the only free operating system.
Before we get started with installing Linux, though, we’re going to get ourselves oriented with some necessary tech history and terminology.
Why Tech History Matters
A deep and commanding knowledge of tech history is a crucial to way to gain insight into the state of modern cybersecurity. This kind of knowledge lends itself to what I think of as extreme system administration, and it is the kind of knowledge that I think that many cybersecurity experts take for granted today.
They say that those who ignore history are doomed to repeat it. The tech industry ignores its history constantly, and so you commonly see old ideas become new again. As an aspiring cybersecurity expert, you can leverage this to your advantage and exploit the fact that old ideas invariably come back around. Also, while it may seem like technology is constantly changing, there are plenty of organizations that pick a new technology and stick with it well beyond the point that it has faded into obsolescence and obscurity.
Scientia Potentia Est — Knowledge Is Power.
What is Linux?
Linux is not an operating system. Linux is a kernel — a big piece of software that coordinates all of the computer’s hardware. A kernel is the brains of an operating system, but without additional software to interact with it, it is boring and kind of useless.
Other popular operating systems, like Microsoft Windows or Mac OS, have kernels too. But, out of the box, they come complete with a kernel and a boatload of software that interacts with their respective kernels.
Lucky for us, there is a boatload of free software that interacts with Linux. A lot of this software comes from Richard Stallman’s GNU (pronounced like the word new) project, and a lot of the rest of it comes from all corners of the internet. There really is no one central place to go get the software that interacts with the Linux kernel. GNU software plus Linux is the closest thing to a full operating system, though, and as a result you will occasionally see sticklers refer to Linux as GNU/Linux.
GNU/Linux is a cumbersome phrase, and it really doesn’t have the kind of ring to it that fills marketers with glee. So when most people say Linux — myself included — what they really mean is: the Linux kernel, plus a boatload of other free software that comes from all over the internet. If you’re a music nerd — this is kind of like how a certain instrument was originally called the pianoforte but now everyone just calls it the piano.
Linux’s Origin Story
Linus Torvalds is the man responsible for Linux.
In January 1997, Wired Magazine published Glyn Moody’s The Greatest OS That (N)ever Was, which Moody wrote after interviewing Linus Torvalds in December 1996. Moody recounts —
In the autumn of 1988, Linus had entered Helsinki University to study computer science.
…
One of his course books was Andrew Tanenbaum’s Operating Systems: Design and Implementation, which provided a guide to a kind of baby Unix called Minix.
…
Minix was very limited, designed simply to teach operating systems, explains Tanenbaum, currently professor of computer science at Vrije Universiteit in Amsterdam.
…
Linus says he never intended to create a kernel, the part of an operating system where the real processing and control work is done. Instead, a purely practical need to read Usenet newsgroups drove him…
Glyn Moody’s The Greatest OS That (N)ever Was is fantastic read — highly recommended.
Torvalds posted this famous message to comp.os.minix on August 15, 1991:
Hello everybody out there using minix -
I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).
I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I’ll get something practical within a few months, and I’d like to know what features most people would want. Any suggestions are welcome, but I won’t promise I’ll implement them :-)
Linus (torvalds@kruuna.helsinki.fi)
PS. Yes — it’s free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that’s all I have :-(.
Note: We talked about “AT-harddisks” in one of my previous posts (i.e. SATA and PATA).
Torvalds released Linux on September 17, 1991.
Free & Open Source Software
Companies like Microsoft and Apple sell their operating systems to their customers as a product. They keep the source code to their operating systems private because the source code is a part of their respective secret sauce. In a way, Microsoft’s and Apple’s source code for their operating systems is a lot like the Coca-Cola Company’s recipe for Coke. Hypothetically, if Apple got the source code for Microsoft Windows, they could compile it themselves and sell Windows at a lower price than Microsoft.
Free operating systems like Linux are very different. The maintainers of Linux’s source code give the code away for free. Anybody that wants to can compile it themselves. Instead of attempting to sell customers a product, many people that work with free and open source software tend to pay their bills by providing some kind of service to customers. Red Hat is one well known company that specializes in that kind of thing.
The upshot to all of this is that free and open source software is much more transparent than proprietary software. We can read the code — and even change it if we want. There is nothing standing in our way from understanding how Linux works, except our own ignorance. This kind of transparency is a quality that makes free and open source operating systems — like Linux — a great platform for learning about what makes computers tick. The fact that it is available for free is a quality that is great for our wallets.
Linux Distributions
Since Linux needs lots of software beyond the kernel, which has to be plucked from every corner of the internet, it is incredibly complex.
In an attempt to simplify the complexity, there are many groups out there do the legwork of bundling the Linux kernel together with free software. Many of those groups freely share their bundle of software with the world. Many of those groups also develop and provide mechanisms to install new software, keep track of installed software, and update installed software to the newest version. When a group does this, and they share their bundle of software with others, that bundle is what people refer to as a Linux distribution.
Anybody can create their own Linux distribution — doing so only requires a knowledge of how to get the Linux kernel and how to bundle it together with useful software.
A Linux distribution is essentially a meta project with the objective to build the processes and software needed to bundle the Linux kernel with useful software, distribute it, and help system administrators install it and keep it running smoothly. There is more than one way to do that! As a result, Linux distributions are as varied as the people that make them, and there are hundreds of Linux distributions today.
Linux Distribution Derivatives
Figuring out how to bundle Linux with useful software is hard work. To exacerbate the meta nature of Linux distributions, many groups make the work easier on themselves by building their own Linux distribution on top of an existing Linux distribution. These types of Linux distributions are called derivative distributions, because they are effectively an extension of an original distribution.
A group making a derivative Linux distribution will wait for some other group to release their distribution first, and then proceed to add their own software to it. A distribution that is used by another group to create a new derivative distribution is called a base distribution. Derivative distributions are said to be downstream from a base distribution. (Conversely, base distributions are said to be upstream from a derivative distribution.) There is always some amount of lag time between when a base distribution introduces something new and when a derivative distribution picks it up.
This is all probably easier to visualize by taking a look at the incredible GNU/Linux Distributions Timeline — an amazing piece of work by Andreas Lundqvist, Donjan Rodic, Mhammed A. Mustafa, and Fabio Loli.
Lineage of Linux Distributions
There may be hundreds of Linux distributions today, but the vast majority of them derive from some other distribution. There are only a handful of distinct Linux distributions that serve as a base to myriad other Linux distributions. They are:
Slackware, Debian, and Red Hat are the three oldest surviving Linux distributions. Together they have been called The Three Giants of Linux — a term that Christopher Smart coined when writing for Linux Magazine in 2010.
Quick side note — the short bio at the end of The Three Giants of Linux notes that Christopher Smart “created Kororaa Linux, which delivered the world’s first Live CD showcasing 3D desktop effects.” You can find Kororaa Linux on the GNU/Linux Distributions Timeline.
Softlanding Linux System (SLS) was one of the first Linux distributions. It died out fairly quickly, but Slackware derived directly from SLS, and Debain was influenced by SLS. Red Hat came along about a year after Debian and Slackware. Gentoo and Arch came on to the scene in the year 2000 and 2002, respectively.
All of these distributions have their own dedicated community of users, maintainers with deep institutional knowledge on how to bundle Linux with useful software, and have been around for decades. All of these distributions are outstanding, in their own ways, and depending on your objectives.
Our objective is to learn cybersecurity by first building a very high level of proficiency with Linux and computer networking. In my experience, there is one Linux distribution that helps us do that better than any other: Slackware Linux.
I’ve used Slackware Linux as a teaching tool to help mentor cybersecurity students since 2012, and so I have a lot of reasons for why I think that is the case. I’ll provide a few reasons in the remainder of this post, and I intend to highlight many more over the course of future posts, as we begin to do things with Slackware. To keep it short and sweet, for now, there is an old cliché that sums it up best:
If you want to learn Debian, install Debian.
If you want to learn Fedora, install Fedora.
If you want to learn Linux, install Slackware.
Slackware’s Origin Story
Patrick Volkerding is the man responsible for Slackware.
The story behind how Slackware came to be is fascinating, and is best told by Patrick himself. I linked to Linux Journal’s “Interview with Patrick Volkerding” by Phil Hughes earlier in this post, but I believe some direct quotes need to be explicitly highlighted here.
This story is also a good illustration of how one Linux distribution — Softlanding Linux System (SLS) — can be used as a base distribution to create a derivative distribution — Slackware. SLS eventually died out, but Slackware stood the test of time and evolved from a derivative distribution to a base distribution in its own right.
And so here is a very important excerpt from Linux Journal’s “Interview with Patrick Volkerding” by Phil Hughes — a conversation between Patrick Volkerding (Pat) and Phil Hughes (Linux Journal) on April 1, 1994.
Linux Journal: Why did you decide to do a distribution?
Pat: That’s a good one. I never really did decide to do a distribution.
What happened was that my AI professor wanted me to show him how to install Linux so that he could use it on his machine at home, and share it with some graduate students who were also doing a lot of work in LISP. So, we went into the PC lab and installed the SLS version of Linux.
Having dealt with Linux for a few weeks, I’d put together a pile of notes describing all the little things that needed to be fixed after the main installation was complete.
After spending nearly as much time going through the list and reconfiguring whatever needed it as we had putting the software on the machine in the first place, my professor looked at me and said, “Is there some way we can fix the install disks so that new machines will have these fixes right away?”. That was the start of the project.
I changed parts of the original SLS installation scripts, fixing some bugs and adding a feature that installed important packages like the shared libraries and the kernel image automatically. I also edited the description files on the installation disks to make them more informative.
Most importantly, I went through the software packages, fixing any problems I found. Most of the packages worked perfectly well, but some needed help.
The mail, networking, and uucp software had a number of incorrect file permissions that prevented it from functioning out of the box. Some applications would coredump without any explanation — for those I’d go out looking for source code on the net.
SLS only came with source code for a small amount of the distribution, but often there would be new versions out anyway, so I’d grab the source for those and port them over.
When I started on the task, I think the Linux kernel was at around 0.98pl4 (someone else may remember that better than I do…), and I put together improved SLS releases for my professor through version 0.99pl9.
By this time I’d gotten ahead of SLS on maybe half of the packages in the distribution, and had done some reconfiguration on most of the remaining half. I’d done some coding myself to fix long-standing problems like a finger bug that would say users had `Never logged in’ whenever they weren’t online. The difference between SLS and Slackware was starting to be more than just cosmetic.
In May, or maybe as late as June of `93, I’d brought my own distribution up to the 4.4.1 C libraries and Linux kernel 0.99pl11A. This brought significant improvements to the networking and really seemed to stabilize the system. My friends at MSU thought it was great and urged me to put it up for FTP.
I thought for sure SLS would be putting out a new version that included these things soon enough, so I held off for a few weeks. During this time I saw a lot of people asking on the net when there would be a release that included some of these new things, so I made a post entitled “Anyone want an SLS-like 0.99pl11A system?” I got a tremendous response to the post.
After talking with the local sysadmin at MSU, I got permission to open an anonymous FTP server on one of the machines — an old 3b2.
I made an announcement and watched with horror as multitudes of FTP connections crashed the 3b2 over, and over, and over. Those who did get copies of the 1.00 Slackware release did say some nice things about it on the net.
My archive space problems didn’t last long, either. Some people associated with Walnut Creek CDROM (and ironically enough, members of the 386BSD core group) offered me the current archive space on ftp.cdrom.com.
Linux Journal: Why did you call it Slackware?
Pat: My friend J.R. “Bob” Dobbs suggested it. ;^)
Although I’ve seen people say that it carries negative connotations, I’ve grown to like the name. It’s what I started calling it back when it was really just a hacked version of SLS and I had no intention of putting it up for public retrieval. When I finally did put it up for FTP, I kept the name
I think I named it “Slackware” because I didn’t want people to take it all that seriously at first.
It’s a big responsibility setting up software for possibly thousands of people to use (and find bugs in). […]
Linux Journal: […] I initially avoided going from SLS to Slackware because I didn’t take the name seriously. But the feedback I heard on the Internet pointed out why I should take it seriously. What did you expect to happen with the distribution?
Pat: I never planned for it to last as long as it has.
I thought Peter MacDonald (of SLS) would take a look at what I was doing and would fix the problems with SLS. Instead, he claimed distribution rights on the Slackware install scripts since they were derived from ones included in SLS.
I was allowed to keep what I had up for FTP, but told Peter I wouldn’t make other changes to Slackware until I’d written new installation scripts to replace the ones that came from SLS.
I wrote the new scripts, and after putting that much work into things I wasn’t going to give up. I did everything I could to make Slackware the distribution of choice, integrating new software and upgrades into the release as fast as they came out.
It’s a lot of work, and sometimes I wonder how long I can go on for.
Note: I’ve modified this from its original form to help it flow better on modern screens, i.e. smart phones. I’ve also cut some of the material. I used […] to indicate cuts. If this piques your curiosity, I highly recommend reading the entire “Interview with Patrick Volkerding” by Phil Hughes.
The Slackware Way
V.Harishankar captures the salient points about Slackware that lend themselves best to our objectives on a wiki page entitled The Slackware Way:
Slackware maintains a KISS philosophy. It uses text files for configuration instead of GUI configuration programs like many other distributions.
Harishankar continues with a litany of attributes to describe Slackware.
Slackware is:
• A distribution that can be installed entirely offline with the CD/DVD set.
This is increasingly uncommon today, as many distributions make the assumption that everybody has a connection to the Internet.
• A distribution which is released when stable and not according to a fixed schedule. Every release of Slackware Linux is thoroughly tested by the Slackware team and the community. Slackware places high value on stability rather than the “newness” or “freshness” of software.
A new version of Slackware is released “When it’s ready”.
• A distribution where “simplicity” is preferred over “convenience.”
Slackware is the only of the the “Three Giants of Linux” that has this kind of preference. Debian and Red Hat both introduce their own special blends of automation in an attempt to make their distributions easier to use. Note that easy and simple are not that same thing. It is probably worth pointing out that simplicity is also an explicit design goal for Arch.
• A distribution where system configuration and administration is done through simple ncurses helper scripts or by directly editing well-commented configuration files through a text editor.
• A distribution that prefers to package “vanilla” software or software that hasn’t been modified from upstream development. Little or no patching is done to upstream software and as a result, the software found in Slackware works as closely to what was intended by the original creators as practically possible.
This is an especially important attribute for our objectives. I believe this is source of the “If you want to learn Linux, install Slackware” idea.
Most Linux distributions have a habit of adding their own tweaks and patches to the free software that they bundle together. My gut tells me that this kind of thing is usually done in the name of convenience. Unfortunately, the more a distribution does this, the harder it is for a student of that distribution to pick up their skills and use them on a different Linux distribution.
This attribute also makes it very simple for us to compile open source software on our own, which is a handy thing to do if we want to explore vulnerabilities and how exploits work.
• A distribution that does not add layers of abstraction or complexity on top of existing solutions.
• A distribution which abides by the common-sense dictum “if it’s not broken, don’t fix it.”
• A distribution where the major decisions are taken by the BDFL (Benevolent Dictator for Life, the current chief maintainer Patrick Volkerding) and where the development process is more closed than purely community based distributions. As a result, Slackware is highly focused on its core strengths and values and does not cater to every preference of its community or others. For this reason, there is less pressure on the Slackware development team to be popular and cater to the larger mass market.
Experience is the Best Teacher
Out of the gate, it may be difficult to see why everything in this post adds up to the fact that Slackware is the ultimate platform for learning cybersecurity. Experience is the best teacher, so I think that this will become more clear over time and with practice.
If I had to boil it all down to a few thoughts, though, it’s this: Slackware explicitly focuses on simplicity, and it avoids adding special sauce automation and tweaks — even if those things could make things more convenient. Most of the time, convenience just a barrier between us and understanding.
Simplicity is the ultimate sophistication.
— Leonardo da Vinci
Excelsior
We’ve built a virtual machine. We took a deep dive into it’s hardware. And this concludes a our deep dive into Linux and Slackware. Next time, we’ll finally go ahead an install Slackware!
