1. Linux Fundamentals

1.1. What Is Linux and What Is It Doing?

The term "Linux" is often used to refer to the entire operating system, but in reality, Linux is the operating system kernel, which is started by the boot loader, which is itself started by the BIOS/UEFI. The kernel assumes a role similar to that of a conductor in an orchestra—it ensures coordination between hardware and software. This role includes managing hardware, processes, users, permissions, and the file system. The kernel provides a common base to all other programs on the system and typically runs in ring zero, also known as kernel space.

The User Space: We use the term user space to lump together everything that happens outside of the kernel.

GNU is an operating system that is free software - that is, it respects users' freedom.

Tasks handled by the Linux Kernel:

1.1.1. Driving Hardware

Control of Hardware Components:
- Detects and configures hardware at power-on or device insertion/removal (e.g., USB devices).
- Provides a simplified programming interface to higher-level software for easy device usage.
Abstraction Layer:
- Applications interact with devices without needing details (e.g., extension slot or maker/model).
- Example: Video-conferencing software uses Video for Linux (V4L) interface for webcams.

Kernel Interfaces for Device Management:

Virtual File Systems:
- /proc/: Exports hardware data.
- /sys/: Also used for hardware-related data.
Device Access via Files:
- Files under /dev/ represent specific devices:
  - /dev/sda: Disk drives.
  - /dev/sda1: Partitions.
  - /dev/input/mouse0: Mice.
  - /dev/input/event0: Keyboards.
  - /dev/snd/: Sound cards.
  - /dev/ttyS*: Serial ports.

There are two types of device files: block and character.

Block devices: These devices have a buffer for requests, which allows them to choose the order in which to respond. Block devices are associated with a file system and are used to store and retrieve data. They are common in data storage technology, such as hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, and optical discs.
Character devices: These devices are not associated with a file system and are used for unbuffered data transfers to and from a device. They are accessed through special device files in the /dev directory.

To find out the type of a given device file, inspect the first letter in the output of ls -l. It is either b, for block devices, or c, for character devices:

$ ls -l /dev/sda /dev/ttyS0
brw-rw---- 1 root disk    8,  0 Mar 21 08:44 /dev/sda
crw-rw---- 1 root dialout 4, 64 Mar 30 08:59 /dev/ttyS0

1.1.2. Unifying File Systems

File systems in Unix-like systems unify all file stores into a single hierarchy.
The hierarchy starts at the root directory (/).
Users and applications access data based on its location in the hierarchy.

Hierarchical Structure:

Root Directory (/): Starting point of the hierarchy.
- Contains subdirectories and files.
- Example: /home/kali/Desktop/hello.txt refers to a file in the Desktop subdirectory of the kali subdirectory, within the home directory of the root.
The kernel translates the hierarchical names to physical disk storage locations.

Integrating Multiple Disks

You can connect multiple disks (or storage devices) to your Linux system.
However, instead of treating them as separate drives (like C:, D: in Windows), Linux integrates them into its single file hierarchy.
How? By "mounting" these disks onto specific directories in the hierarchy.

Mounting is the process of attaching a disk to a directory in the file system hierarchy.
The directory where the disk is attached is called a mount point.

Example of Mounting `/home`

By default, user home directories (like /home/kali/) are stored inside /home/.
Suppose you have a separate disk where you want to store all user home directories. You can mount that disk to /home/.
After mounting, Linux will store all /home/ data (including /home/kali/) on the new disk instead of the default location.
Even though the /home/ data is now stored on a separate disk, the file paths remain the same.
For example:
- The file /home/kali/Desktop/hello.txt will still be accessible using the same path.
- Linux takes care of linking the new disk's data to the correct path.

File System Formats:

Common formats: ext2, ext3, ext4.
Compatibility:
- Linux supports other formats like VFAT (used by DOS and Windows) for interoperability.
Formatting:
- Prepares a disk with a file system before mounting.
- Handled by commands like mkfs.ext4 (MaKe FileSystem).
- Requires a device file (e.g., /dev/sda1 for the first partition of the first drive).
- Formatting is destructive and should be done carefully.

There are also network filesystems such as NFS, which do not store data on a local disk. Instead, data is transmitted through the network to a server that stores and retrieves them on demand. Thanks to the file system abstraction, you don't have to worry about how this disk is connected, since the files remain accessible in their usual hierarchical way.

1.1.3. Managing Processes

A process is a running instance of a program, which requires memory to store both the program itself and its operating data. The kernel is in charge of creating and tracking processes. When a program runs, the kernel first sets aside some memory, loads the executable code from the file system into it, and then starts the code running. It keeps information about this process, the most visible of which is an identification number known as the process identifier (PID).

Unix-like systems, including Linux, support multi-tasking by running many processes seemingly at the same time. However, only one process runs at a time, as the kernel divides CPU time into very short slices (milliseconds). This creates the illusion of parallel execution, even though processes are active only during their assigned slice and idle otherwise.

The kernel adjusts scheduling to balance system responsiveness and performance. Long slices may make applications feel unresponsive, while very short slices waste time on task switching. Process priorities help refine this by giving high-priority tasks more CPU time and more frequent slices than low-priority ones.

Multi-Processor Systems (and Variants)

The limitation described above, of only one process running at a time, doesn't always apply: the actual restriction is that there can be only one running process per processor core. Multi-processor, multi-core, or hyper-threaded systems allow several processes to run in parallel. The same time-slicing system is used, though, to handle cases where there are more active processes than available processor cores. This is not unusual: a basic system, even a mostly idle one, almost always has tens of running processes.

The kernel allows several independent instances of the same program to run, but each is allowed to access only its own time slices and memory. Their data thus remains independent.

1.1.4. Rights Management

Unix-like systems support multiple users and groups and allow control of permissions. Most of the time, a process is identified by the user who started it. That process is only permitted to take actions permitted for its owner. For instance, opening a file requires the kernel to check the process identity against access permissions.

1.2. The Command Line

By "command line", we mean a text-based interface that allows you to enter commands, execute them, and view the results. You can run a terminal (a textual screen within the graphical desktop, or the text console itself outside of any graphical interface) and a command interpreter inside it (the shell).

1.2.1. How To Get a Command Line

The program handling your input and executing your commands is called a shell (or a command-line interpreter). The default shell provided in Kali Linux is ZSH (it stands for Z SHell). The trailing "$" or "#" character indicates that the shell is awaiting your input. It also indicates whether ZSH recognizes you as a normal user (the former case with the dollar, $) or as a super user (the latter case with the hash, #).

1.2.2. Command Line Basics: Browsing the Directory Tree and Managing Files

pwd (Print Working Directory):
- Displays the current location in the filesystem.
cd (Change Directory):
- cd directory: Moves to the specified directory.
- cd (no arguments): Returns to the home directory.
- cd -: Switches to the previous working directory.
Special Directories:
- . (one dot): Refers to the current directory.
- .. (two dots): Refers to the parent directory.
ls (List Directory Contents):
- Lists the contents of a directory.
- Defaults to the current directory if no parameters are given.
Create a Directory:
- mkdir directory: Creates a new directory.
Remove an Empty Directory:
- rmdir directory: Deletes an existing empty directory.
Move or Rename:
- mv source destination: Moves or renames files and directories.
Remove a File:
- rm file: Deletes a file.
Copy a File:
- cp source-file target-file: Copies a file to a new location.Command Execution:
The shell runs commands by finding the first matching program in the directories listed in the PATH environment variable.
Common Program Directories:
- /bin, /sbin, /usr/bin, /usr/sbin.
- Example: The ls command is located in /bin/ls.
Command Location:
- Use which command to find the location of an executable.
Shell Built-in Commands:
- Some commands, like cd and pwd, are handled directly by the shell (built-in commands).
- Use type command to determine if a command is a built-in or an external program.

Note the usage of the echo command, which simply displays a string on the terminal. In this case, it is used to print the contents of an environment variable since the shell automatically substitutes variables with their values before executing the command line.

Environment Variables

Environment variables allow storage of global settings for the shell or various other programs. They are contextual but inheritable. For example, each process has its own set of environment variables (they are contextual). Shells, like login shells, can declare variables, which will be passed down to other programs they execute (they are inheritable).

These variables can be defined system-wide in /etc/profile or per-user in ~/.profile but variables that are not specific to command line interpreters are better put in /etc/environment, since those variables will be injected into all user sessions thanks to a Pluggable Authentication Module (PAM) – even when no shell is executed.

1.3.1. The Filesystem Hierarchy Standard

As with other Linux distributions, Kali Linux is organized to be consistent with the Filesystem Hierarchy Standard (FHS), allowing users of other Linux distributions to easily find their way around Kali. The FHS defines the purpose of each directory. The top-level directories are described as follows:

/bin/: basic programs.
/boot/: Kali Linux kernel and other files required for its early boot process.
/dev/: device files.
/etc/: configuration files.
/home/: user's personal files.
/lib/: basic libraries.
/media/: mount points for removable devices (CD/DVD-ROM, USB keys, and so on).
/mnt/: temporary mount point.
/opt/: extra applications provided by third parties.
/root/: administrator's (root's) personal files.
/run/: volatile runtime data that does not persist across reboots (not yet included in the FHS).
/sbin/: system programs.
/srv/: data used by servers hosted on this system.
/tmp/: temporary files (this directory is often emptied at boot).
/usr/: applications (this directory is further subdivided into bin, sbin, lib according to the same logic as in the root directory) Furthermore, /usr/share/ contains architecture-independent data. The /usr/local/ directory is meant to be used by the administrator for installing applications manually without overwriting files handled by the packaging system (dpkg).
/var/: variable data handled by services. This includes log files, queues, spools, and caches.
/proc/ and /sys/ are specific to the Linux kernel (and not part of the FHS). They are used by the kernel for exporting data to user space.

1.3.2. The User's Home Directory

Home Directory Reference:
- Often referred to by the tilde (~) symbol.
- The tilde is automatically replaced by the correct directory path (stored in the HOME environment variable, typically /home/user/).
Dotfiles (Hidden Files):
- Application configuration files are traditionally stored directly in the home directory.
- These filenames usually start with a dot (.), making them hidden by default.
- To list hidden files, use the ls -a command or configure graphical file managers to display them.
Configuration Directory Structure:
- Some programs use multiple configuration files organized in a directory (e.g., ~/.ssh/).
- Directories can also store large caches (e.g., Firefox browser cache).
Clutter and XDG Base Directory Specification:
- Dotfiles can clutter the home directory.
- The XDG Base Directory Specification proposes a more organized approach:
  - Configuration files → ~/.config/
  - Cache files → ~/.cache/
  - Application data → ~/.local/
Desktop and Email Directory:
- Graphical desktops often link to ~/Desktop/ for user convenience.
- Incoming emails may be stored in ~/Mail/.

1.4.1. Displaying and Modifying Text Files

The cat file command (intended to concatenate files to the standard output device) reads a file and displays its contents on the terminal. If the file is too big to fit on a screen, you can use a pager such as less (or more) to display it page by page.

The editor command starts a text editor (such as Vi or Nano) and allows creating, modifying, and reading text files. The simplest files can sometimes be created directly from the command interpreter thanks to redirection: command > file creates a file named file containing the output of the given command. command >> file is similar except that it appends the output of the command to the file rather than overwriting it.

$ echo "Kali rules!" > kali-rules.txt
$ cat kali-rules.txt
Kali rules!
$ echo "Kali is the best!" >> kali-rules.txt
$ cat kali-rules.txt
Kali rules!
Kali is the best!

1.4.2. Searching for Files and within Files

The find directory criteria command searches for files in the hierarchy under directory according to several criteria. The most commonly used criterion is -name filename, which allows searching for a file by name. You can also use common wildcards such as "*" in the filename search.

$ find /etc -name hosts
/etc/hosts
/etc/avahi/hosts
$ find /etc -name "hosts*"
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
/etc/avahi/hosts

The grep expression files command searches the contents of the files and extracts lines matching the regular expression. Adding the -r option enables a recursive search on all files contained in the directory. This allows you to look for a file when you only know a part of its contents.

1.4.3. Managing Processes

Viewing Processes:
- Use ps aux to list all running processes along with their PID (Process ID).
Sending Signals to Processes:
- Use kill -signal pid to send signals to a process.
  - Common signals:
    TERM: Requests the process to terminate gracefully.
    KILL: Forcefully stops the process.
Running Processes in the Background:
- Append & to a command to run it in the background.
  - Example: command & resumes shell control while the process runs.
Managing Background Jobs:
- Use jobs to list background processes.
- Bring a process back to the foreground: fg %job-number.
- Pause a foreground process: Press Control+Z.
- Restart a paused process in the background: bg %job-number.

1.4.4. Managing Rights

Basics of Permissions

Categories of Users:
- u (User): Owner of the file.
- g (Group): Group that owns the file.
- o (Others): All other users.
Types of Permissions:
- r (Read): View the file or list directory contents.
- w (Write): Modify the file or create/delete files in a directory.
- x (Execute): Run a file (if it is a program) or traverse a directory.

Special Permissions

setuid (s): Allows a program to execute with the owner's permissions.
setgid (s): Allows a program to execute with the group’s permissions. For directories, it ensures new files inherit the parent directory's group.
Sticky bit (t): Restricts deletion in a directory so only the file's owner or the directory’s owner can delete files (commonly used in /tmp/).

Managing Permissions

Commands to Modify Permissions:
- chown user file: Changes the owner.
- chgrp group file: Changes the group.
- chmod rights file: Changes file permissions.
Changing User and Group Together:
- Use chown user:group file to update both the owner and group in one command.

Permission Representation

Symbolic Representation:
- Example: u=rwx,g+rw,o-r
  - Grants the owner full rights, adds read/write for the group, and removes read for others.
- Use a for all categories (e.g., a=rx gives read/execute rights to all).
Octal (Numeric) Representation:
- Values: 4 (read), 2 (write), 1 (execute).
- Combine values for each category:
  - Example: chmod 754 file → Owner: rwx (7), Group: r-x (5), Others: r-- (4).
- Special Rights:
  - Add a fourth digit: 4 (setuid), 2 (setgid), 1 (sticky).
  - Example: chmod 4754 file → Adds setuid with 754 permissions.

umask (Default Permissions)

Definition: Restricts permissions on newly created files by masking specific rights.
Example:
- umask 0022: Removes write permissions for group and others.
- Add to ~/.bash_profile to set default permissions for sessions.

Recursive Operations

Add -R to commands for recursive changes in directories and subdirectories.
Symbolic "X" for Execute:
- Applies execute permission only to directories or files already executable by any user.
- Example: chmod -R a+X directory.

1.4.5. Getting System Information and Logs

Memory and Disk Usage

free: Displays memory usage.
- Key columns:
  - total: Total memory.
  - used: Memory in use.
  - free: Free memory.
  - available: Memory available for use.
- Options:
  - -m: Display in mebibytes.
  - -g: Display in gibibytes.
df: Displays available disk space for mounted file systems.
- Key columns:
  - 1K-blocks: Disk size in 1K blocks.
  - Used: Space in use.
  - Available: Free space.
  - Use%: Percentage of space used.
- Option:
  - -h: Converts sizes to human-readable units (e.g., MiB, GiB).

User and Group Information

id: Displays user identity and group memberships.
- Useful for verifying access to files/devices restricted to specific groups.

System and Kernel Information

uname -a: Outputs system and kernel details.
- Includes:
  - Kernel name, hostname, kernel version, architecture (e.g., x86_64), OS type.
- Helpful for bug reports and identifying hardware/kernel versions.

System Logs

dmesg: Retrieves kernel logs from a ring buffer.
- Logs include:
  - New USB device connections.
  - Disk operation errors.
  - Hardware detection during boot.
journalctl: Queries logs managed by systemd's journal.
- Options:
  - -r: Display logs in reverse order (newest first).
  - -f: Continuously display new log entries.
  - -u: Filter logs by specific systemd unit (e.g., journalctl -u ssh.service).

1.4.6. Discovering the Hardware

Virtual Filesystems for Hardware Details

/proc/ and /sys/: Virtual filesystems that provide detailed hardware information.

Hardware Listing Tools

lspci (PCI devices): Lists PCI devices, available in the pciutils package.
lsusb (USB devices): Lists USB devices, available in the usbutils package.
lspcmcia (PCMCIA cards): Lists PCMCIA cards, available in the pcmciautils package.
- Note: Install pcmciautils with:
  apt update && apt install pcmciautils
lsdev (Device communication resources): Lists communication resources used by devices, available in the procinfo package.

Options for Detailed Output

Add -v to commands (lspci -v, lsusb -v, etc.) for verbose, detailed information (usually unnecessary for most tasks).

Comprehensive Hardware Information

lshw (Hardware information): Provides hierarchical and detailed descriptions of all discovered hardware.
- Usage: Attach its full output when reporting hardware support problems.

Hacker's Mantra: Kali Linux is not a tool for criminals; it is a weapon for ethical warriors. -- Anonymous

PreviousKLCP Exam (PEN-103) - Notes Next2. Introduction

Last updated 2 months ago

Was this helpful?