Introduction to Linux for Blue Teaming

In this article, we will learn Linux commands that help in blue teaming to work easily.

While working as a Soc Analyst or Blue teaming you should be familiar with operating systems such as macOS, Linux, and Windows. The skills of a SOC analyst without Linux knowledge may be quite inadequate as having some Linux knowledge is very important for SOC analysts.

As a social analyst, you can encounter any operating system and you should know how to use it. if you already know some useful Linux commands make SOC analysts’ job much easier for detecting and preventing attacks on time. it can save you time and provide effective solutions to your problem in a short time. It is necessary to have a certain level of Linux knowledge as a SOC analyst.

You may like to read more about Best Top 10 Open Source Malware Analysis Tools

What You’ll Learn in This Article

Linux
File System
Basic Command
Permissions
User Management
Network Management
System Management
Package Management

Introduction to Linux

Linux is an open-source operating system built around the Linux kernel, developed by Linus Torvalds in 1991. It’s free and released under the GNU General Public License (GPL), meaning anyone can use, modify, and distribute it. Linux powers many types of devices, from personal computers to servers and mobile devices. Linux is a user-friendly operating system that provides many benefits to its users. This training explains the importance of Linux from the cyber security perspective. Linux is famous for its command line.

Linux File System Hierarchy

As in every operating system, Linux has a filing system as well. Everything in the Linux operating system consists of files. When all the files come together, they form all the components of the operating system. Files are in a grouped order by directories. In Linux, directories are in a hierarchical order. Hierarchical order means that one directory can be above or below another. In the Linux operating system, the directory structure must conform to a certain standard. The main directories in Linux and what they are used for are explained below.

Root directory (/): The top level of the file system.
Essential command binaries (/bin): Contains essential command binaries.
Device (/dev): Contains device files for accessing hardware devices (e.g., hard drives, USBs).
Mount (/mnt): Temporary mount point for filesystems (used when mounting external storage).
Optional(/opt): Optional or third-party software installation directory.
System binaries (/sbin): Contains system binaries, usually for system administration (requires root privileges).
Variable (/var): Holds variable data such as logs, databases, and spool files.
Library (/lib): Stores shared libraries and kernel modules required by system binaries.
Media (/media): Mount point for removable media like CDs, DVDs, or USBs.
Process (/proc): Virtual filesystem containing runtime system information (e.g., processes).
Runtime (/run): Stores runtime information like process IDs (PIDs) and sockets, cleared on reboot.
Services (/srv): Data for services provided by the system, like web or FTP servers.
Configuration files (/etc): Stores configuration files.
User home directories (/home): Contains home directories for users.
Variable data (/var): Holds variable data like logs and temporary files.
User programs and data (/usr): Contains user programs and data.
Temporary files (/tmp): Used for temporary files

Basic Terminal Commands - 1

The command line is a tool that takes user input via the keyboard and sends it to the operating system for execution. In Linux, the command line is called the "shell," with several types available.

Shells

bash: The default and widely used Linux shell, known for its simplicity and script support.
Zsh: An extended shell with more features than bash, offering better customization and auto-completion.
sh: The original Unix shell, basic and less feature-rich, often used for scripting

Navigating Directories:

Change directory: Use the cd command followed by the path to navigate to a different directory.

cd

List directory contents: Use the ls command to view files and directories in the current directory.

ls

Print working directory: Use the pwd command to display the current directory path.

pwd

File Operations:

Create an empty file: The touch command followed by a file name creates a new empty file

touch randomfile

Copy files: Use cp followed by the source and destination paths to copy files.

cp randomfile /path/to/copy

Move/rename files: The mv command is used to move or rename files.

mv file/folder /current/folder /path/to/move

Remove files: Use the rm command followed by the file name to delete files.

rm randomfile

Viewing File Contents:

Display file contents: The cat command shows the contents of a file.

cat randomfile

View file contents page by page: Use less to view file contents interactively.

less

Display the last 10 lines of a file: The tail command with the -n option followed by 10 shows the last ten lines.

tail

Creating directories: To create a folder mkdir

mkdir

When you do not know how to use this or any command you can use the man command to read the command manual

man cmd_name

Basic Terminal Commands - 2

Text Editing:

Edit files with Nano: Use nano followed by the file name to open and edit files in the Nano text editor.

nano randomfile

Edit files with vi: The vi command allows you to edit files using the Vi editor

vi randomfile

Searching and Finding Files:

Search for a pattern in a file: Use grep followed by the pattern and file name to search for specific text.

cat randomfile | grep text

Find files by name: The find command with the path and name of the file helps locate files on the system.

find /home/user -name "filename.txt"

System Information:

Display system information: Use uname with the -a option to show comprehensive system information

uname

Show disk usage: The df command with the -h option provides a human-readable summary of disk space usage.

df -h

Show memory usage: Use free with the -m option to display memory usage in megabytes.

free -m

Permissions Management

On Linux, each file has permissions. With these permissions, users are authorized to access related files. Management of file permissions is very important for security. The permissions of the files that each user needs to access and the permissions of the user-specific files are different.

Permissions are assigned to three groups:

Owner: The person who owns the file.

Group: A set of users who belong to a specific group.

Others: All other users.

rwx-rwx-rwx

r : readable

w : writable

x : executable

- : empty

Viewing Permissions:

List files with permissions: Use the ls -l command to display file permissions alongside file details.

bash

Viewing Permissions:

List files with permissions: Use ls with the -l option to show file permissions along with file details.

ls -l

Changing Permissions:

Change permissions: The chmod command followed by permission settings (e.g., 755) adjusts file permissions.

chmod 755 filename

Add execute permission for the user: Use chmod with the u+x option to add execute permission for the file owner.

chmod u+x file

Changing Ownership:

Change file owner and group: The chown command followed by the new owner and group names changes the ownership of a file.

chown newuser:newgroup filename.txt

User Management and Groups

Managing users and groups ensures controlled access to system resources:

User Management:

Add a new user: Use adduser followed by the username to create a new user account.

adduser kali

Change user password: The passwd command followed by the username allows you to change the user's password.

Delete a user: Use deluser followed by the username to remove a user account.

Group Management:

Add a new group: The addgroup command followed by the group name creates a new group.

Add a user to a group: Use usermod with the -aG option to add a user to a specified group.

sudo usermod -aG groupname username

Delete a group: The delgroup command followed by the group name removes a group.

Archive File Formats

Creating Archives:

Create a tar archive: Use the tar command with the -cvf option followed by the archive name and directory path to create a tar archive.

tar -cvf archive_name.tar /path/to/directory

Create a gzip-compressed tar archive: The tar command with the -czvf option creates a gzip-compressed archive.

Extracting Archives:

Extract a tar archive: Use tar with the -xvf option followed by the archive name to extract a tar file.

tar -xvf archive_name.tar

Extract a gzip-compressed tar archive: The tar command with the -xzvf option extracts gzip-compressed archives.

Process Management

Managing processes ensures system stability and performance:

Viewing Processes:

Display all running processes: The ps command with the aux option shows all active processes.

ps aux

Interactive process viewer: Use top to view processes in real-time.

Managing Processes:

Terminate a process by PID: The kill command followed by the process ID (PID) ends a specific process.

kill PID

Terminate all processes by name: Use killall followed by the process name to stop all instances of a process.

Network Management

Network configuration and troubleshooting are vital for system administration:

Network Configuration:

Display network interfaces: The ifconfig command shows network interface configurations.

Show IP addresses: Use ip addr to view IP address details.

ip addr

Network Troubleshooting:

Test connectivity: The ping command followed by a hostname tests network connectivity.

Display network connections: Use netstat with the -tuln option to display active network connections.

Package Management

Installing and managing software packages is essential for system maintenance:

Debian-based Systems:

Update package list: Use apt with the update option to refresh the package list.

Install a package: The apt command followed by install and the package name installs new software.

Remove a package: Use apt with the remove option to uninstall a package.

Red Hat-based Systems :

Update package list: The yum command with the update option refreshes the package list.

Install a package: Use yum with the install option to add new software.

Remove a package: The yum command followed by remove uninstalls a package.

Service Management

Managing services is crucial for running and maintaining applications:

Systemd-based Systems:

Start a service: Use systemctl with the start option followed by the service name to start a service.

Stop a service: The systemctl command with the stop option halts a running service.

Enable a service to start at boot: Use systemctl with the enable option to ensure a service starts automatically during boot.

Check the status of a service: The systemctl command with the status option provides information on the service's state.

Scheduled Tasks

Automating tasks with scheduled jobs enhances productivity:

Cron Jobs:

Edit the cron table: The crontab command with the -e option opens the cron table for editing.

List cron jobs: Use crontab with the -l option to display the current cron jobs.

Example Cron Job:

Run a script every day at 2am: A cron job entry like 0 2 * * * /path/to/script.sh schedules a script to run daily at 2am.

By learning all the above command you are good to go for Soc analyst.

You may like to read more about Download Free Top Latest Crack Rats for windows and Android

This information is helpful to you make sure to save bookmarks of our blog for more amazing content and join our Telegram channel to get the latest updates.

Want to be a certified hacker and gain hands-on offensive hacking experience from zero to hero?