Null Puliya Linux

This presentation by Anant Shrivastava at a Null Meet Bangalore Puliya session provides a foundational introduction to Linux for security professionals. Covering everything from the Unix/Linux family tree and filesystem basics through essential commands, shell scripting, SSH configuration, and task automation via cron, the session is designed as a hands-on primer to equip attendees with the practical Linux skills needed for security work. The talk includes scripting exercises and covers topics specifically relevant to security practitioners such as file permissions, privilege escalation concepts, and service configuration.

Key Topics Covered

• *Understanding nix Systems: The Unix family encompasses Unix, Linux, and BSD variants (FreeBSD, OpenBSD, etc.) that share common standards for filesystem layout and directory structure. Linux is free and open source (“free as in free speech, not free beer”), with anyone able to create their own distribution — from serious enterprise distros to novelty ones like Hannah Montana Linux.

• Linux Distributions: Key distribution families include Debian-based (using apt-get/dpkg) and RedHat-based (using yum/rpm). Understanding the distinction between LTS (Long Term Support) and rolling releases is important for choosing a stable security testing platform.

• Filesystem Basics: The fundamental Unix principle that “everything is a file” underpins the entire system. The standard filesystem layout starts with / as the root, /etc for configuration files, and /home for user directories. The presentation covers filesystem types including ext2, ext3 (with journaling, introduced in kernel 2.4.15), and ext4 (from kernel 2.6.19, supporting files up to 16 TB and filesystems up to 1 EB).

• File Permissions and Special Bits: Standard Unix permissions (-rwxrwxrwx), SUID bits (-rwsrwxrwx), SGID bits (-rwxrwsrwx), and the sticky bit (-rwxrwxrwt). The first character indicates file type: l (symlink), c (character device), b (block device), d (directory), or - (regular file). These concepts are critical for understanding privilege escalation in security assessments.

• Sudo and Privilege Management: UID 0 (root) is omnipotent in Linux. Best practice is to avoid using root directly and instead use sudo for elevated operations, enabling auditable privilege escalation.

• Standard I/O Redirection: Input (<), output (>), and error redirection (2>) — essential for scripting and log management in security workflows.

• Essential Commands: A comprehensive set of commands for daily security work: ls, cd, mkdir for navigation; cut, grep, sed, sort, uniq for text processing; xargs and find for batch operations; tr for character translation; ps for process management; screen for persistent sessions; netstat -lntp for network connections; and file for file type identification.

• Text Editors: Overview of Vim, Nano, and Emacs — including the classic challenge of how to exit Vim.

• Software Installation: Package management across ecosystems: apt-get install (Debian), yum install (RedHat), pip install (Python), gem install (Ruby), and npm install (Node.js).

• Useful Tricks: Quick HTTP server with python -m SimpleHTTPServer, !! to repeat the last command, cd ~ and cd - for directory navigation, mtr for network diagnostics, mount and format operations, and environment variable management.

• Crontab and Task Automation: Scheduling periodic tasks using crontab with the six-field format (minute, hour, day of month, month, day of week, year). Essential for automating security scans, log rotation, and maintenance tasks.

• SSH Configuration and Security: SSH configuration via /etc/ssh/sshd_config, key-based authentication setup using ~/.ssh/authorized_keys, and the security advantages of key-based auth over password authentication.

• Shell Scripting Fundamentals: Shebang lines, positional parameters ($1, $2, $*, $@, $0), read for input, echo and cat for output, conditionals, loops, and brace expansion. Practical exercises include writing scripts for simple interest calculation, even/odd checking, and prime number generation.

• Command Overloading with Aliases: Using alias to customize commands, understanding when aliases are appropriate versus modifying PATH to overload default commands.

Actionable Takeaways

1. Master the core text processing pipeline (grep, sed, sort, uniq, cut, xargs) as these commands form the backbone of log analysis, data extraction, and security scripting on Linux systems.
2. Set up SSH key-based authentication and disable password login on all servers you manage — this is a baseline security practice that eliminates brute-force password attacks.
3. Understand Linux file permissions including SUID/SGID bits, as these are common vectors for privilege escalation in penetration testing engagements.
4. Use crontab to automate recurring security tasks such as vulnerability scans, log collection, and backup verification rather than relying on manual execution.
5. Practice shell scripting by building small utility scripts for your security workflow — start with the exercises in this presentation (simple interest, even/odd, prime numbers) to build fluency before tackling more complex automation.
6. Always use sudo for privileged operations rather than logging in as root, and familiarize yourself with netstat -lntp for quickly auditing open ports and listening services on a system.