10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Bash Shell
Bash stands for Bourne Again Shell, so the term "bash shell" is redundant. The bash shell replaced
the Bourne shell, so the name is a bit of a pun. In Linux terminology, a shell is a command processor.
If you log in to a Linux system and are presented with a text-based CLI, or you open a terminal
window from a desktop GUI to interact with a text-based CLI, you are working within a shell. Bash is
the default shell in most Linux distributions and OS X. But other shells exist. The original Bourne shell
(sh) is kept available for backward compatibility. The C shell (csh) and Korn shell (ksh) are two other
alternatives.

The shell provides the user a working environment. It provides fundamental commands to interact with
the computer system. It provides a standard I/O mechanism, generally a keyboard, and a terminal
display. It provides redirection of I/O, such as using the contents of a file as input to a program and
capturing the output of a program in a file. It provides piping the output of one command to the input of
a second command. It allows for the creation and execution of shell scripts that can be very simple
combinations of commands to very complex programs.

In this task, log in and get a quick introduction to some bash features.

Step 1

Access the desktop of Inside-Kali. The lab systems provide automatic login to the PC systems.
You are currently logged in to Inside-Kali with the user name root.

Step 2

Open a terminal window. You've actually logged in to Inside-Kali a second time, simply by
opening this terminal window. Execute the w command to list the currently logged in users.
Answer

root@Inside-Kali:~# w
13:25:40 up 2 min, 2 users, load average: 0.32, 0.38, 0.16
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root :0 :0 13:23 ?xdm? 38.49s 0.03s gdm-session
root pts/0 :0 13:23 1.00s 0.06s 0.00s w

Note the following:

Root is listed twice in the user list.

The first is running the Gnome Desktop Manager.
The second is running the w command (which produced this output).

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 1/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Other hints that you are logged in as root are that root@Inside-Kali is used in the shell
prompt and is in the title bar of this terminal window.

Step 3

While it's not common behavior, you can log in as a different user from a running bash session.
Use the command login tom and tomPass as the password.
Answer

root@Inside-Kali:~# login tom

Password: tomPass
Last login: Thu Sep 8 14:53:48 PDT 2016 on pts/0
Linux Inside-Kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.
tom@Inside-Kali:~$

Note the following:

According to the shell prompt and the window title bar, you are now logged in as the user
tom.
Optionally, repeat the w command. You should now see that tom is logged in on pseudo-
terminal 0, running the w command.

Step 4

Display the contents of your current directory using the ls command.

Answer

tom@Inside-Kali:~$ ls
alpha.txt Documents hello helloN Pictures Templates
Desktop Downloads hello5 numera.txt secretStuff

Note the following:

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 2/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The ls command is the traditional command for displaying the contents of a directory. Most
Linux distributions also support the dir command, which behaves very similarly.
The output is color-coded: directories are blue, executable files are green, and non-
executable files are white.

Step 5

You entered the ls command, but the system actually ran the command ls --
color=auto which is why the entries were color-coded by entry type. To see the current alias
definitions, enter the command alias .
Answer

tom@Inside-Kali:~$ alias
alias ls='ls --color=auto'

Step 6

What defined this alias? For a hint, enter the command ls -a .

Answer

tom@Inside-Kali:~$ ls -a
. .bashrc Desktop hello5 numera.txt
.. .bashrc.original Documents helloN Pictures
alpha.txt .cache Downloads .ICEauthority .profile
.bash_history .config .gconf .local secretStuff
.bash_logout .dbus hello .mozilla Template

Note the following:

The -a argument tells ls to display the hidden files and folders.

By default, files with names that start with a period character (.) are hidden in the directory.

Step 7

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 3/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

There is a file in the directory called .bashrc, which is a shell script that is run when you log in.
View its contents using the more command. Use the space bar to page through the file. Look
for mentions of the alias command.
Answer

tom@Inside-Kali:~$ more .bashrc

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
<output omitted>
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(
lors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'

#alias grep='grep --color=auto'

#alias fgrep='fgrep --color=auto'
#alias egrep='egrep --color=auto'
fi

# some more ls aliases

#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
<output omitted>

Note the following:

Most alias commands are preceded by a has (#) character. A line that starts with a hash (#)
character is ignored by the parse because it is considered to be a comment.
The one non-commented alias command is: alias ls='ls --color=auto' which is
consistent with it being the only alias that showed up with the alias command.
Optionally you could edit this document and uncomment some of the other alias examples,
or add your preferred aliases. You will see how to edit files later in this lab exercise.

Navigate Linux Directories

Most operating systems implement the concept of directories to aid in the organization of files. You
can think of the root directory as the file cabinet. Subdirectories of the root are like drawers in the file
cabinet. Subdirectories of them are like folders in the drawers, and subdirectories of them are like
envelopes in the folders. This analogy helps explain the hierarchy of directories, but it can

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 4/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

misrepresent the size of directories. Nested subdirectories may contain more items and larger items
than their parent directories.

To work with appropriate files, it is useful to navigate around the directory structure of a Linux system.
In this task, use the cd command to navigate and explore a bit. You will also be introduced to some
special path specifications.

Step 8

Examine the current system prompt: tom@Inside-Kali:~$. It is easy to recognize tom as the
username and Inside-Kali as the hostname of the system. The third item on the prompt, a tilde
(~), is your current working directly. The tilde (~) is a special character that is shorthand for your
home directory. To print your working directory and see your actual home directory, execute
the pwd command.
Answer

tom@Inside-Kali:~$ pwd
/home/tom

Note the following:

The /home directory is used to organize all the different users home directories in one
consistent location.

Step 9

Where the tilde (~) is shorthand for your home directory, double dot (..) is shorthand for the
parent directory of your current working directory. The cd command is used to change your
current working directory. Execute the command cd .. to change your current working
directory from your home directory to its parent directory.
Answer

tom@Inside-Kali:~$ cd ..
tom@Inside-Kali:/home$

Note the following:

The prompt can no longer use the shorthand notation for the current working directory.
You moved from /home/tom to /home.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 5/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Step 10

Use the ls command to list the contents of the /home directory.

Answer

tom@Inside-Kali:/home$ ls
alice dorothy guest huck pentest tom

Note the following:

Users' home directory names normally match the username.

Six users have their home directories here: alice, dorothy, guest, huck, pentest, and tom.

Step 11

The / character is used to separate directories in a path specification. When the / character is
used by itself or as the first character in in a path, it represents the root directory. Change to the
root directory.
Answer

tom@Inside-Kali:/home$ cd /
tom@Inside-Kali:/$

Note the following:

The command cd / will take you to the root directory, no matter what your current working
directory happens to be.

Step 12

Display the contents of the root directory and examine the names of the items.
Answer

tom@Inside-Kali:/$ ls
0 dev initrd.img live-build mnt root srv usr
bin etc lib lost+found opt run sys var
boot home lib64 media proc sbin tmp vmlinuz

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 6/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Several directories are valuable to know about:

The home directories are organized here.

Since the root account is quite special, its home directory is separated from the others in
/home.
/tmp: This directory is used for temporary files. Many Linux distributions will automatically
clear the contents of /tmp during system bootup. Users can also make use of /tmp as a
temporary holding place of files.
/etc: System configuration files are stored here. Examples include:

/etc/passwd: User accounts

/etc/shadow: Salted hashes of user account passwords
/etc/network/interfaces: IP configuration for network interface cards
/etc/resolv.conf: DNS configuration
/etc/adduser.conf: Defines the behavior of the adduser command, including home
directory assignment and shell assignment

/var: Runtime data and log files

/opt: Application software and add-on packages that are not part of the base operating
system
/bin and /sbin: Traditionally, binary files required at system bootup
/lib: Traditionally, libraries are required by executable files.
/usr: Traditionally, user space programs and data. Includes /usr/lib, /usr/bin and /usr/sbin.

Step 13

From any directory, the cd ~/.. command will navigate to the same predictable location. Can
you guess what it is? Execute the cd ~/.. command and examine the results.
Answer

tom@Inside-Kali:/etc$ cd ~/..
tom@Inside-Kali:/home$

Note the following:

The tilde (~) is shorthand for your home directory and double dot (..) is shorthand for a
directory's parent directory.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 7/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

~/.. refers to the parent directory of the user's home directory. For the root user, it will be
resolved to /. For standard users, it will resolve to /home.

Step 14

Change your working directory to the home directory of the user tom.
Answer

tom@Inside-Kali:/home$ cd ~
tom@Inside-Kali:~$

You saw that the double dot (..) represents a directory's parent. A single dot (.) represents the directory
itself. Sometimes you have to reference the local directory, usually to specify an executable file in the
local directory.

Step 15

There are a few very simple scripts in the tom home directory. Use the ls command to
recognize the scripts (they are colored green). Try to execute the hello5 script by specifying its
name, which will fail because the script will not be found. Execute ./hello5 . This time, it
should succeed. The script is found in the current working directory.
Answer

tom@Inside-Kali:~$ ls
alpha.txt Documents hello helloN Pictures Templates
Desktop Downloads hello5 numera.txt secretStuff
tom@Inside-Kali:~$ hello5
-bash: hello5: command not found
tom@Inside-Kali:~$ ./hello5
Hello 1 times
Hello 2 times
Hello 3 times
Hello 4 times
Hello 5 times

Step 16

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 8/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Enter the command echo $PATH . Make sure it is uppercase. Linux is definitely case-sensitive.
The $PATH environment variable will display. Examine its value.
Answer

tom@Inside-Kali:~$ echo $PATH

/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

Note the following:

The current environment variable $PATH will direct the system to look in these five
directories for any entered command.
The current directory (./) and the users home directory (~) are not on this list.

Step 17

Using the which command will specify where the system will find the executable command
from the $PATH variable. Display where the ls command is located.
Answer

tom@Inside-Kali:/usr/bin$ which ls
/bin/ls

Basic File and Directory Operations

This section of the lab will introduce you to some of the basics of file manipulation. You will create files
and directories. You will copy and move files. You will use wildcards to specify multiple files. You will
create symbolic links. You will delete files and directories that are very common tasks for the user of a
Linux operating system.

Step 18

Open a second terminal window by right-clicking on the application launcher. You will be logged
in as root in root's home directory.

Step 19

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 9/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The mkdir command is used to make new directories. List the contents of the directory. Use
the mkdir command to create a new directory called testdir. List the contents of the directory
again, to verify that testdir was created.
Answer

root@Inside-Kali:~# ls
Desktop Documents Downloads metasploit-modules Music Pictures Public
root@Inside-Kali:~# mkdir testdir
root@Inside-Kali:~# ls
Desktop Downloads Music Public testdir
Documents metasploit-modules Pictures Templates Videos

Step 20

Empty files can be created with the touch command. Change the directory to the new
directory testdir. Create two new files that are named file1 and file2. Use the ls command to
verify that they were created.
Answer

root@Inside-Kali:~# cd testdir
root@Inside-Kali:~/testdir# touch file1
root@Inside-Kali:~/testdir# touch file2
root@Inside-Kali:~/testdir# ls
file1 file2

Step 21

The cp command is used to copy files. Make a copy of file1 that is called file1-2. Make a copy
of file2 that is named file2-2. Use the ls command to verify that there are now four files, as
expected.
Answer

root@Inside-Kali:~/testdir# cp file1 file1-2

root@Inside-Kali:~/testdir# cp file2 file2-2

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 10/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@Inside-Kali:~/testdir# ls
file1 file1-2 file2 file2-2

Step 22

Create a fifth file that is named file-xyz2. Again, use the ls command to verify that it is
created.
Answer

oot@Inside-Kali:~/testdir# touch file-xyz2

root@Inside-Kali:~/testdir# ls
file1 file1-2 file2 file2-2 file-xyz2

Step 23

Wildcards are used to match multiple filenames. The question mark (?) is a wildcard for any
single character. The asterisk (*) is a wildcard for any number (including 0) of any character.
Use the question mark (?) wildcard to list the files with names that start with file, then have a
single character, then end with -2. Use the asterisk (*) wildcard to list all filenames that start
with file and end with 2, and any set of characters between.
Answer

root@Inside-Kali:~/testdir# ls file?-2
file1-2 file2-2
root@Inside-Kali:~/testdir# ls file*2
file1-2 file2 file2-2 file-xyz2

Step 24

Files can be moved with the mv command. The files can simply be moved to a new name, or
they can be moved to a new directory. First, use the mv command to rename file-xyz2 to file3.
Use the ls command to verify the results.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 11/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@Inside-Kali:~/testdir# mv file-xyz2 file3

root@Inside-Kali:~/testdir# ls
file1 file1-2 file2 file2-2 file3

Step 25

Now move the file that is named file3 to the current working directory's parent directory. Use
the ls command to verify that the file is no longer present in testdir. Change back to the root
home directory and use the ls command to verify that file3 is now in this directory.
Answer

root@Inside-Kali:~/testdir# mv file3 ..
root@Inside-Kali:~/testdir# ls
file1 file1-2 file2 file2-2
root@Inside-Kali:~/testdir# cd ..
root@Inside-Kali:~# ls
Desktop Downloads metasploit-modules Pictures Templates Videos
Documents file3 Music Public testdir

Step 26

Symbolic links allow a file in remote directories to be referenced in alternate directories. The ln
-s command is used to create symbolic links. Create a symbolic link for the file that is
named file1 in testdir in the current working directory. Use the ls command to verify that the
link has been created. Use ls -l (dash lower-case L) to verify creation of the link. The -
l argument will list the directory in long format, where it becomes apparent that link1 is a
symbolic link and not a file.
Answer

root@Inside-Kali:~# ln -s testdir/file1 link1

root@Inside-Kali:~# ls
Desktop Documents Downloads link1 metasploit-modules Music Pictures
root@Inside-Kali:~# ls -l
total 40
drwxr-xr-x 2 root root 4096 Jan 29 2016 Desktop
drwxr-xr-x 2 root root 4096 Jan 29 2016 Documents
drwxr-xr-x 3 root root 4096 Mar 17 08:23 Downloads
-rw-r--r-- 1 root root 0 Sep 13 05:55 file3
lrwxrwxrwx 1 root root 13 Sep 13 06:00 link1 -> testdir/file1
drwxr-xr-x 5 root root 4096 Aug 29 07:03 metasploit-modules
https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 12/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

drwxr-xr-x 2 root root 4096 Jan 29 2016 Music

drwxr-xr-x 2 root root 4096 Jan 29 2016 Pictures
drwxr-xr-x 2 root root 4096 Jan 29 2016 Public
drwxr-xr-x 2 root root 4096 Jan 29 2016 Templates
drwxr-xr-x 2 root root 4096 Sep 13 05:57 testdir
drwxr-xr-x 2 root root 4096 Jan 29 2016 Videos

Step 27

The rm command is used to remove files. Remove the file that is named file3. Use
the ls command to verify that the file no longer exists.
Answer

root@Inside-Kali:~# rm file3
root@Inside-Kali:~# ls
Desktop Downloads metasploit-modules Pictures Templates Videos
Documents link1 Music Public testdir

Step 28

The rmdir command is used to remove directories. Attempts to remove the directory that is
named testdir will fail.
Answer

root@Inside-Kali:~# rmdir testdir

rmdir: failed to remove ‘testdir’: Directory not empty

Step 29

The rmdir command can only work on empty directories. Use the rm command to delete all
the files in the testdir directory. Use ls to verify that the directory is now empty. Now remove
the testdir directory using the rmdir command. Use the ls command to verify
that testdir has been removed.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 13/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@Inside-Kali:~# rm testdir/*
root@Inside-Kali:~# ls testdir
root@Inside-Kali:~# rmdir testdir
root@Inside-Kali:~# ls -l
total 36
drwxr-xr-x 2 root root 4096 Jan 29 2016 Desktop
drwxr-xr-x 2 root root 4096 Jan 29 2016 Documents
drwxr-xr-x 3 root root 4096 Mar 17 08:23 Downloads
lrwxrwxrwx 1 root root 13 Sep 13 06:03 link1 -> testdir/file1
drwxr-xr-x 5 root root 4096 Aug 29 07:03 metasploit-modules
drwxr-xr-x 2 root root 4096 Jan 29 2016 Music
drwxr-xr-x 2 root root 4096 Jan 29 2016 Pictures
drwxr-xr-x 2 root root 4096 Jan 29 2016 Public
drwxr-xr-x 2 root root 4096 Jan 29 2016 Templates
drwxr-xr-x 2 root root 4096 Jan 29 2016 Videos

Note the following:

The directory testdir is, indeed, removed.

The link to file1 in testdir is not removed. It is colored red in the ls -l output, indicating
that the link is no longer valid.
An alternative to removing all the files in a directory and then using the rmdir command to
remove the directory is to recursively remove files. The command rm -r testdir would
have removed all the contents of the directory testdir, and then removed the directory itself,
which works with nested directory structures as well. Care must be used with recursive
removes.

Step 30

Use the rm command to remove the now orphaned link that is named link1. Use
the ls command to verify that it has been removed.
Answer

root@Inside-Kali:~# rm link1
root@Inside-Kali:~# ls
Desktop Documents Downloads metasploit-modules Music Pictures Public

File System Permissions

In Linux, users are assigned to one or more groups. Files and directories are owned by users. Files
and directories are assigned three sets of permissions. One set is for the file owner, the second set is
https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 14/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

for members of a certain group, and the third applies to all user accounts. The three potential
privileges in each set are read, write, and execute.

The first ten characters on listed for each entry by the ls -l command indicate the entry's
permissions. The first character is either a dash or the letter "d." A dash indicates that the entry is a
file, a d indicates that the entry is a directory, and an l indicates that it is a symbolic link. The next nine
characters are in groups of three. These characters represent read, write, and execute permissions.
The first group indicates the permissions for the owner, the second group indicates the permissions for
the group, and the third group indicates the privileges for everyone else.

A permission string of -rwxr-xr-x indicates that the owner has read, write, and execute permissions for
a file. The group and all other users do not have write permissions, but they do have read and execute
permissions.

A permission string of -rwxrwx--- indicates that the file owner and members of the associated group
have full read, write, and execute privileges, but no one else has any privileges to the file.

This section of the lab exercise will introduce viewing the permission settings and some simple
examples of permitted and denied activities which are based on the file system permissions.

Step 31

You just saw how the -l argument to the ls command produces a directory listing in long
format. Not only does this reveal the destination of symbolic links, it also displays the
permissions that are associated with files and directories. Return to the terminal window where
you are logged in as tom. You should be in tom's home directory. List the directory contents in
long format.
Answer

tom@Inside-Kali:~$ ls -l
total 44
-rw-r--r-- 1 tom twain 26 Sep 9 13:59 alpha.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Desktop
drwxr-xr-x 2 tom twain 4096 Sep 8 14:25 Documents
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Downloads
-rwxr-xr-x 1 tom twain 49 Sep 9 13:45 hello
-rwxr-xr-x 1 tom twain 60 Sep 9 13:49 hello5
-rwxr-xr-x 1 tom twain 66 Sep 9 13:53 helloN
-rw-r--r-- 1 tom twain 10 Sep 9 14:00 numera.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:22 Pictures

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 15/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

drwxrwx--- 2 tom twain 4096 Sep 12 07:29 secretStuff

drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Templates

Step 32

Open three more terminal windows. The option is available by right-clicking the launcher bar. In
one window, log in as huck with the password huckPass. In a second window, log in
as alice with the password alicePass. Leave the final window with root logged in. Space the
four windows on the desktop to make navigation between them relatively easy.

Step 33

From Alice's window, change to Tom's home directory, which can be represented as
either /home/tom or ~tom.
Answer

alice@Inside-Kali:~$ cd /home/tom
alice@Inside-Kali:/home/tom$

Step 34

Display the contents of Tom's home directory in long format. Examine the permissions of the
directory named secretStuff.
Answer

alice@Inside-Kali:/home/tom$ ls -l
total 44
-rw-r--r-- 1 tom twain 26 Sep 9 13:59 alpha.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Desktop
drwxr-xr-x 2 tom twain 4096 Sep 8 14:25 Documents
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Downloads
-rwxr-xr-x 1 tom twain 49 Sep 9 13:45 hello
-rwxr-xr-x 1 tom twain 60 Sep 9 13:49 hello5
-rwxr-xr-x 1 tom twain 66 Sep 9 13:53 helloN
-rw-r--r-- 1 tom twain 10 Sep 9 14:00 numera.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:22 Pictures

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 16/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

drwxrwx--- 2 tom twain 4096 Sep 12 07:49 secretStuff

drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Templates

Note the following:

Tom and members of the group that are named twain have read, write, and execute access
to the secretStuff directory, but there are no privileges for other users.

Step 35

Use the groups command to display the Alice's group membership.

Answer

alice@Inside-Kali:/home/tom$ groups
alice sudo carroll protagonists

Note the following:

Alice is a member of four groups: alice, sudo, carroll, and protagonists.

Alice is NOT a member of the twain group.

Step 36

Attempt to change directory to secretStuff. Attempt to view the contents of the

directory secretStuff. Both attempts will fail.
Answer

alice@Inside-Kali:/home/tom$ cd secretStuff
-bash: cd: secretStuff: Permission denied
alice@Inside-Kali:/home/tom$ ls secretStuff
ls: cannot open directory secretStuff: Permission denied

Note the following:

Alice does not have permission to read the secretStuff directory.

Step 37
https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 17/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Access Huck's window. Verify Huck's group membership.

Answer

huck@Inside-Kali:~$ groups
twain protagonists

Note the following:

Huck is a member of the twain group.

Step 38

From Huck's window, change directory to tom's home directory and change directory to
the secretStuff directory. Display the directory's contents.
Answer

huck@Inside-Kali:~$ cd ~tom
huck@Inside-Kali:/home/tom$ cd secretStuff/
huck@Inside-Kali:/home/tom/secretStuff$ ls
plans.txt

Note the following:

Huck, due to membership in the group twain, does have permission to access
the secretStuff directory.

Step 39

The root account has privileges to access all files and run all commands. The root account is
often referred to as a super user account. Access root's window, change directory
to /home/tom/secretStuff, and list the directory's contents.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 18/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@Inside-Kali:~# cd /home/tom/secretStuff/
root@Inside-Kali:/home/tom/secretStuff# ls
plans.txt

Some users are configured with sudo privileges. These users can elevate themselves to a super user
with the sudo -i command. They can also remain a standard user, but use the sudo command to
execute individual privileged commands. You will explore the first option here, and use the second
option later in this lab exercise.

Step 40

Alice is a user with sudo privileges. Access Alice's window. Execute the sudo -i command.
The password for the alice user is alicePass. Examine the result.
Answer

alice@Inside-Kali:/home/tom$ sudo -i
[sudo] password for alice: alicePass
root@Inside-Kali:~#

Step 41

The sudo -i command actually logs a user in as root. Use the whoami command for
verification.
Answer

root@Inside-Kali:~# whoami
root

Step 42

Verify that you can indeed change directory to /home/tom/secretStuff and display the
directory contents.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 19/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@Inside-Kali:~# cd /home/tom/secretStuff/
root@Inside-Kali:/home/tom/secretStuff# ls
plans.txt

Step 43

Currently there are three layers of login in this current window. When it opened, the root user
was automatically logged in. From there, log in as alice. From there, sudo -i to log in as root.
Verify and use the logout command to return to the alice login. Observe the prompt to verify
the current user. Use the logout command again to return to the original root login. Again,
observe the prompt to verify the current user.
Answer

root@Inside-Kali:/home/tom/secretStuff# logout
alice@Inside-Kali:/home/tom$ logout
root@Inside-Kali:~#

Command History and Tab Completion

The bash shell has some features that can reduce typing substantially. Make use of these features as
you execute this lab exercise. The first feature is command history. Using the cursor control keys, you
can recall previously entered commands and edit those commands that can be useful in many
situations. If you mistype something in a command, press the up-arrow key once and edit the typo. If
you want to use the same command with a different argument, you can recall the command and edit it.
Or, if you simply need to use a command that you had entered a few minutes ago, you can scroll back
through the history to find it.

The second very useful feature is tab completion. As long as you specify enough characters to
disambiguate the option from the other options, you can use the tab key to complete the option. For
example, given the state of the file system on Inside-Kali, cd /ho<Tab>t<Tab>Doc<Tab> is equivalent
to cd /home/tom/Documents.

Make sure to use these features as you complete the rest of this lab exercise.

Modify Permissions
File permissions are represented by the operating system as a bit per permission, which is often
represented in the octal format. Octal is also called base-8. Octal digits have values ranging from 0–7.
In binary, it takes 3 bits to represent an octal digit. Each bit of an octal digit can represent a single
permission (read, write, or execute). The 4 octal digit represents read permission, the 2 octal digit
represents write permission, and the 1 octal digit represents execute permission. The following table
depicts the octal value, the 3-bit binary representation, the included permissions, and the way the
permissions are represented in ls -l .
https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 20/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Octal Binary Permission rwx

7 111 read, write, and execute rwx

6 110 read and write rw-

5 101 read and execute r-x

4 100 read only r--

3 011 write and execute -wx

2 010 write only -w-

1 001 execute only --x

0 000 none ---

The owner of a file, and the root user can use the chmod command to change the permissions on a
file or a directory. Traditionally, permissions are specified with three octal digits. There are alternative
syntaxes available with the chmod command. In this task, you will experiment with modifying
permissions and testing the results.

Step 44

Access Tom's window and change the permissions on the secretStuff directory. Change the
permissions so Tom has read, write, and execute permissions, but no one else has any
permissions. Verify the new permissions.
Answer

tom@Inside-Kali:~$ chmod 700 secretStuff

tom@Inside-Kali:~$ ls -l
total 44
-rw-r--r-- 1 tom twain 26 Sep 9 13:59 alpha.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Desktop
drwxr-xr-x 2 tom twain 4096 Sep 8 14:25 Documents
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Downloads
-rwxr-xr-x 1 tom twain 49 Sep 9 13:45 hello
-rwxr-xr-x 1 tom twain 60 Sep 9 13:49 hello5
-rwxr-xr-x 1 tom twain 66 Sep 9 13:53 helloN
-rw-r--r-- 1 tom twain 10 Sep 9 14:00 numera.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:22 Pictures

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 21/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

drwx------ 2 tom twain 4096 Sep 12 07:49 secretStuff

drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Templates

Step 45

Return to Huck's window. Huck's current working directory is ~tom/secretStuff. Tom just
changed permissions so that Huck no longer has access. See what happens if Huck attempts
to list the contents of his current working directory.
Answer

huck@Inside-Kali:/home/tom/secretStuff$ ls
ls: cannot open directory .: Permission denied

Step 46

Move up one directory so that Huck is now in tom's home directory. Use the ls -l command
to verify the contents and permissions. Attempt to list the contents of the secretStuff directory,
which should fail.
Answer

huck@Inside-Kali:/home/tom/secretStuff$ cd ..
huck@Inside-Kali:/home/tom$ ls -l
total 44
-rw-r--r-- 1 tom twain 26 Sep 9 13:59 alpha.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Desktop
drwxr-xr-x 2 tom twain 4096 Sep 8 14:25 Documents
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Downloads
-rwxr-xr-x 1 tom twain 49 Sep 9 13:45 hello
-rwxr-xr-x 1 tom twain 60 Sep 9 13:49 hello5
-rwxr-xr-x 1 tom twain 66 Sep 9 13:53 helloN
-rw-r--r-- 1 tom twain 10 Sep 9 14:00 numera.txt
drwxr-xr-x 2 tom twain 4096 Sep 8 14:22 Pictures
drwx------ 2 tom twain 4096 Sep 12 07:49 secretStuff
drwxr-xr-x 2 tom twain 4096 Sep 8 14:20 Templates
huck@Inside-Kali:/home/tom$ ls secretStuff
ls: cannot open directory secretStuff: Permission denied

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 22/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Step 47

Log out from the Huck account and log in as alice. Use alicePass as the password.
Answer

huck@Inside-Kali:/home/tom$ logout
root@Inside-Kali:~# login alice
Password: alicePass
Last login: Tue Sep 13 08:34:28 PDT 2016 on pts/1
Linux Inside-Kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.
alice@Inside-Kali:~$

Step 48

Dorothy tried to lock down a file that she owns, but ended up locking herself out. She can no
longer edit the file. Alice is a system administrator with sudo privileges, so Alice can help out.
First, change directories to /home/dorothy/Documents.
Answer

alice@Inside-Kali:~$ cd ~dorothy/Documents/
alice@Inside-Kali:/home/dorothy/Documents$

Step 49

Execute ls -l to display the current privileges on the file that is named theEarthquake.txt.
Answer

alice@Inside-Kali:/home/dorothy/Documents$ ls -l
total 8
-r-x------ 1 dorothy dorothy 7879 Sep 8 14:35 theEarthquake.txt

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 23/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Note the following:

Dorothy set the privileges to 500 instead of 600. She has read and execute privileges instead
of read and write.

Step 50

Try to set the permissions to 600 so Dorothy has read and write privileges for the text file, but
no one else has permissions. This attempt should fail.
Answer

alice@Inside-Kali:/home/dorothy/Documents$ chmod 600 theEarthquake.txt

chmod: changing permissions of ‘theEarthquake.txt’: Operation not permitted

Step 51

Preface the previous command with sudo, so the command is run under sudo. The easiest way
is to use the up-arrow key to recall the previous command, Ctrl-A to move to the beginning of
the line, and then type sudo<space>, and finally, press <Enter>. You will be challenged for
alice's password (alicePass).
Answer

alice@Inside-Kali:/home/dorothy/Documents$ sudo chmod 600 theEarthquake.txt

[sudo] password for alice: alicePass

Step 52

Use the ls -l command to verify that the permissions are now as desired.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 24/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

alice@Inside-Kali:/home/dorothy/Documents$ ls -l
total 8
-rw------- 1 dorothy dorothy 7879 Sep 8 14:35 theEarthquake.txt

I/O Piping and Redirection

In a Linux shell, the keyboard is the standard input and the terminal is the standard output. Piping is
an operation where the standard output of one program is fed to the standard input of another
program. Redirection is where the standard output of a program is sent to something other than
another program or the standard output. Most commonly, output is redirected to a file. You will
experiment with piping and redirection in this section of the lab exercise

Step 53

First, simplify the desktop of Inside-Kali by closing the terminal windows except for the one
logged in as root.

Step 54

The echo command is a very simple command that is commonly used in bash scripts to
display output. But it can also be used from the command line. You saw earlier how you could
print the $PATH system variable. Enter the echo 'The username is' $USER command.
Examine the results.
Answer

root@Inside-Kali:~# echo 'The username is' $USER

The username is root

Note the following:

The echo command was given two arguments: the string 'The username is' and the system
variable $USER.
The echo command printed the two arguments to the standard output.

Step 55

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 25/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The greater-than (>) symbol redirects output to a file. Use the up-arrow key to recall the
previous command and add > username.txt . Then display the contents of the current directory
and verify that username.txt was created.
Answer

root@Inside-Kali:~# echo 'The username is' $USER > username.txt

root@Inside-Kali:~# ls
Desktop Downloads Music Public username.txt
Documents metasploit-modules Pictures Templates Videos

Step 56 Show Me

Use the cat command to display the contents of username.txt.

Step 57

Create a second text file that is called userhome.txt, using the echo command, and specifying
the string 'The home directory is' and the $HOME system variable. Use the cat command to
display the contents of the new text file.
Answer

root@Inside-Kali:~# echo 'The home directory is' $HOME > userhome.txt

root@Inside-Kali:~# cat userhome.txt
The home directory is /root

Step 58

The cat command gets its name from concatenate. It can concatenate multiple files to
standard out. Enter the command cat username.txt userhome.txt and observe the results.
Answer

root@Inside-Kali:~# cat username.txt userhome.txt

The username is root

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 26/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The home directory is /root

Step 59

Use the cat command and redirection to create a third text file that is
named userinfo.txt. This file contains the data in username.txt and userhome.txt. Again,
command recall should be helpful here. Then display the contents of userinfo.txt.
Answer

root@Inside-Kali:~# cat username.txt userhome.txt > userinfo.txt

root@Inside-Kali:~# cat userinfo.txt
The username is root
The home directory is /root

Using the greater-than (>) symbol to redirect output to a file will create the file if it does not exist, and it
will overwrite the file if it exists. Using two greater-than (>>) symbols will append the output to an
existing file.

Step 60

Use the echo command to display the string 'The shell is' followed by the value of
the $SHELL environment variable, and append this output to the end of the userinfo.txt file.
Display the contents of the file to verify the operation.
Answer

root@Inside-Kali:~# echo 'The shell is' $SHELL >> userinfo.txt

root@Inside-Kali:~# cat userinfo.txt
The username is root
The home directory is /root
The shell is /bin/bash

Step 61

To show an example of piping output, a relatively long text file is needed. Change the directory
to the Documents subdirectory of alice's home directory (~alice/Documents). This is a good

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 27/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

time to use tab completion (for example, ~al<Tab>Doc<Tab>). Display the contents of this
directory.
Answer

root@Inside-Kali:~# cd ~alice/Documents/
root@Inside-Kali:/home/alice/Documents# ls
DownTheRabbitHole.txt

Step 62

Use the cat command to display the contents of the DownTheRabbitHole.txt file.
Answer

root@Inside-Kali:/home/alice/Documents# cat DownTheRabbitHole.txt

<output omitted>
So she set to work, and very soon finished off the cake.
* * * * * * *
* * * * * *
* * * * * * *

Note the following:

The output scrolls by too fast to read.

Step 63

This time, use the vertical bar character (|) to pipe the output of the previous command to
the more command. Enter cat DownTheRabbitHole.txt | more . Observe the results. You can
progress through the file one page at a time with the space bar, one line at a time with
the Enter key, and quit with either the Q key or Ctrl-C.

Step 64

By default, the more command takes a filename as an argument. So more

DownTheRabbitHole.txt and cat DownTheRabbitHole.txt | more result in the same thing. A
better example may be to take a command that produces a lot of output and pipe that to more .

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 28/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

As an example, enter ps aux | more . Examine the output, but don't worry about understanding
it yet. You will see the ps command later in this lab exercise.

For now, appreciate that there is a lot of output and you can control the flow of the output. Again, you
can progress through the output one page at a time with the space bar, one line at a time with
the Enter key, and quit with either the Q key or Ctrl-C.

Step 65

For one more example, execute the ps aux | less command. Examine the results.
The less command is a newer command than the more command. It also allows scrolling
through output using the space bar and Enter, just like the more command. But it allows
scrolling in both directions.

You can use the up-arrow and down-arrow keys to scroll up and down one line. You can use
the Page Up and Page Down keys to scroll up and down one page at a time.

Step 66

The less command has many other features as well, such as searching with the slash
character. Try entering /apache within the less command.

Step 67

After a bit of experimentation, enter Q to quit.

The grep Command

The grep command is used to search for patterns in files and print the lines that match the patterns.
The grep command can be used in many creative ways, but one very simple example is to search
through log files. Linux systems maintain authentication logs. Some distributions keep the logs
in /var/log/auth.log, others keep them in /var/log/audit/audit.log. An example log file has been
prepared for you and placed on the CDROM. In this task, you will explore the grep command using
this log file.

Step 68

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 29/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Change the working directory to /media/cdrom/SECFND.

Answer

root@Inside-Kali:/home/alice/Documents# cd /media/cdrom/SECFND/
root@Inside-Kali:/media/cdrom/SECFND#

Step 69

The file that you will be working with is named auth.log. Optionally, you can use
the ls command to verify that it is here. To get an idea of how big the file is, enter the wc
auth.log command.
Answer

root@Inside-Kali:/media/cdrom/SECFND# wc auth.log
496 5947 51948 auth.log

Note the following:

wc is short for word count.

The file has 496 lines, 5947 words, and is 51,948 bytes long.
The log file is large enough to demonstrate the power of grep.

Step 70

To use the grep command, you must have an idea of what you are looking for within the log
file. Imagine that you were interested in activity originating from the IP address 10.10.6.10. You
can use grep to display the lines in the log file that have this IP address. Enter grep
10.10.6.10 auth.log .
Answer

root@Inside-Kali:/media/cdrom/SECFND# grep 10.10.6.10 auth.log

Sep 12 14:22:48 Inside-Kali sshd[4061]: Accepted password for huck from 10.

Note the following:

Exactly 1 line matched the pattern.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 30/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The log shows that the user huck logged in from 10.10.6.10, via SSH, on September 12 at
14:22:48.

Step 71

Seeing Huck logged in from this address spurs some interest in huck. Use the grep command
to display all the lines in auth.log that include the string huck.
Answer

oot@Inside-Kali:/media/cdrom/SECFND# grep huck auth.log

Sep 12 07:14:32 Inside-Kali groupadd[1891]: group added to /etc/group: name
Sep 12 07:14:32 Inside-Kali groupadd[1891]: group added to /etc/gshadow: na
Sep 12 07:14:32 Inside-Kali groupadd[1891]: new group: name=huck, GID=1006
Sep 12 07:14:32 Inside-Kali useradd[1895]: new user: name=huck, UID=1005, G
Sep 12 07:14:49 Inside-Kali passwd[1902]: pam_unix(passwd:chauthtok): passw
Sep 12 07:15:09 Inside-Kali chfn[1936]: changed user 'huck' information
Sep 12 07:31:12 Inside-Kali gdm-password]: pam_unix(gdm-password:session):
Sep 12 07:31:12 Inside-Kali systemd-logind[661]: New session 6 of user huck
Sep 12 07:31:12 Inside-Kali systemd: pam_unix(systemd-user:session): sessio
Sep 12 07:36:31 Inside-Kali systemd: pam_unix(systemd-user:session): sessio
Sep 12 08:11:13 Inside-Kali login[2243]: pam_unix(login:session): session o
Sep 12 11:39:50 Inside-Kali login[2243]: pam_unix(login:session): session c
Sep 12 14:22:48 Inside-Kali sshd[4061]: Accepted password for huck from 10.
Sep 12 14:22:48 Inside-Kali sshd[4061]: pam_unix(sshd:session): session ope
Sep 12 14:22:48 Inside-Kali systemd: pam_unix(systemd-user:session): sessio
Sep 12 14:22:48 Inside-Kali systemd-logind[663]: New session 30 of user huc
Sep 12 14:23:35 Inside-Kali sudo: huck : user NOT in sudoers ; TTY=pts/
Sep 12 14:23:41 Inside-Kali sshd[4061]: pam_unix(sshd:session): session clo

Note the following:

It looks like huck is a new account. It was created on September 12 at 07:14:32.

There have been a few logins from this user.
Huck attempted to use the sudo command, but was not authorized.

Step 72

Seeing that Huck attempted a sudo command and wasn't authorized might make you wonder
if anyone else did the same thing. Use grep to display the lines in auth.log that include the
string sudo.
https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 31/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Answer

root@Inside-Kali:/media/cdrom/SECFND# grep sudo auth.log

Sep 12 10:21:20 Inside-Kali sudo: pam_unix(sudo:session): session closed fo
Sep 12 10:21:37 Inside-Kali sudo: pam_unix(sudo:session): session closed fo
Sep 12 10:22:57 Inside-Kali sudo: pam_unix(sudo:auth): authentication failu
Sep 12 10:23:04 Inside-Kali sudo: tom : user NOT in sudoers ; TTY=pts/
Sep 12 14:23:35 Inside-Kali sudo: huck : user NOT in sudoers ; TTY=pts/

Note the following:

It seems that both Tom and Huck were attempting unauthorized access.

Step 73

The grep command also supports the use of regular expressions. Regular expressions are like
wildcards, but they are much more powerful. Formal coverage of regular expressions is beyond
the scope of this exercise, but here is an example that can demonstrate the power of regular
expressions: Enter the command grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" auth.log .
Answer

root@Inside-Kali:/media/cdrom/SECFND# grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3

Sep 8 15:00:16 Inside-Kali sshd[657]: Server listening on 0.0.0.0 port 22.
Sep 9 13:43:35 Inside-Kali sshd[588]: Server listening on 0.0.0.0 port 22.
Sep 9 13:43:39 Inside-Kali sshd[588]: Server listening on 0.0.0.0 port 22.
Sep 12 07:13:51 Inside-Kali sshd[656]: Server listening on 0.0.0.0 port 22.
Sep 12 07:37:17 Inside-Kali sshd[657]: Server listening on 0.0.0.0 port 22.
Sep 12 14:22:48 Inside-Kali sshd[4061]: Accepted password for huck from 10.
Sep 12 14:31:56 Inside-Kali sshd[4127]: Accepted password for alice from 10
Sep 13 02:11:29 Inside-Kali sshd[7147]: Accepted password for root from 10.
Sep 13 02:13:50 Inside-Kali sshd[7174]: pam_unix(sshd:auth): authentication
Sep 13 02:13:53 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:13:56 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:14:00 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:14:05 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:14:09 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:14:13 Inside-Kali sshd[7174]: Failed password for alice from 10.1
Sep 13 02:14:13 Inside-Kali sshd[7174]: Disconnecting: Too many authenticat
Sep 13 02:14:13 Inside-Kali sshd[7174]: PAM 5 more authentication failures;
Sep 13 02:16:24 Inside-Kali sshd[7147]: Received disconnect from 10.10.4.20

Note the following:

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 32/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The regular expression matches strings of four numbers, up to three digits each, separated
by periods (0.0.0.0 through 999.999.999.999).
All lines in the file that included an IP address will match.
Constructing the regular expression:

[0-9]{1,3} matches on between 1 and 3 numeric digits

[\.] matches the period character. The period is a special character in regular expressions;
matching the period literally requires escaping with the backslash.
([0-9]{1,3}[\.]) matches on a 1-3 digit number followed by a period.
([0-9]{1,3}[\.]){3} matches exactly 3 1-3 digit numbers followed periods.
([0-9]{1,3}[\.]){3}[0-9]{1,3} matches on exactly 3 1-3 digit numbers followed by periods
with a 4th 1-3 digit number at the end.

Linux Processes
An executing program is called a process. When a user executes a program, it initiates a process.
Processes are uniquely tracked by identification numbers called PIDs. Many processes that run in the
background are referred to as daemons. One process may launch other processes. When a process
launches another process, it is referred to as forking. The child process is a fork of the parent process.
The ps command is the main command for listing processes that are running on a Linux system. In
this task, you will gain some experience with ps commands and the workings of processes.

Step 74

Enter the ps command without any arguments. Examine the results.

Answer

root@Inside-Kali:/media/cdrom/SECFND# ps
PID TTY TIME CMD
1871 pts/0 00:00:00 bash
2672 pts/0 00:00:00 ps

Note the following:

The list includes all processes that are associated with this command shell.
Two processes are listed. The bash shell is the first process. The ps command is executing
to produce this output, and it is the second process in the list.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 33/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Step 75

Execute the more auth.log command to start a process and keep it running.
Answer

root@Inside-Kali:/media/cdrom/SECFND# more auth.log

Step 76

Open a new terminal window. Enter the ps command without any arguments and examine the
results.
Answer

root@Inside-Kali:~# ps
PID TTY TIME CMD
2703 pts/1 00:00:00 bash
2709 pts/1 00:00:00 ps

Step 77

Run the ps command with the u argument.

Answer

root@Inside-Kali:~# ps u
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 746 0.0 0.0 12836 1944 tty1 Ss+ 03:20 0:00 /sbin/aget
root 792 0.2 1.3 231752 43012 tty7 Ssl+ 03:20 0:10 /usr/bin/X
root 1871 0.0 0.2 24600 6604 pts/0 Ss 03:21 0:00 bash
root 2698 0.0 0.0 7996 1924 pts/0 S+ 04:39 0:00 more auth.
root 2703 0.0 0.2 24524 6420 pts/1 Ss 04:39 0:00 bash
root 2712 0.0 0.0 19028 2476 pts/1 R+ 04:40 0:00 ps u

Note the following:

The u argument adds detail to the display and includes all processes that are launched by
the current user.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 34/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The agetty process is associated with logins from the system console (for example, the
keyboard and monitor that are attached to the system).
The Xorg process is associated with the Gnome desktop environment.
You see both the bash shells and the processes executing in those bash shells.

Step 78

Using the --forest argument of the ps command will graphically display the parent child
relationships between processes. Execute ps u --forest and observe the results.
Answer

root@Inside-Kali:~# ps u --forest
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 2703 0.0 0.2 24524 6420 pts/1 Ss 04:39 0:00 bash
root 2725 0.0 0.0 19024 2492 pts/1 R+ 04:43 0:00 \_ ps u -
root 1871 0.0 0.2 24600 6604 pts/0 Ss 03:21 0:00 bash
root 2698 0.0 0.0 7996 1924 pts/0 S+ 04:39 0:00 \_ more a
root 792 0.2 1.3 231752 43012 tty7 Ssl+ 03:20 0:11 /usr/bin/X
root 746 0.0 0.0 12836 1944 tty1 Ss+ 03:20 0:00 /sbin/aget

Note the following:

Each process has a unique PID. The assigned numbers are highly dynamic. You should
expect differences between this sample transcript and your results in the live lab
environment.
The ps u --forest process was launched from within the bash shell with PID 2703. PID
2703 is the parent process; PID 2725 is the child process.
The more auth.log process was launched from within the bash shell with PID 1871. PID
1871 is the parent process; PID 2698 is the child process.
The fork call is not always followed by an exec call. A program may contain code for both the
parent and the child process. For example, a daemon that listens on a TCP port may fork a
child copy of itself when a new connection is initiated. The child process handles all aspects
of that TCP connection. The parent process can fork multiple copies of itself to handle
concurrent TCP connections.

Step 79

The ps command with aux as arguments will list all processes of all users. Run ps aux and
pipe the output to more .

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 35/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Answer

root@Inside-Kali:~# ps aux | more

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 176388 5436 ? Ss 03:20 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 03:20 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 03:20 0:00 [ksoftirqd
root 5 0.0 0.0 0 0 ? S< 03:20 0:00 [kworker/0
root 6 0.0 0.0 0 0 ? S 03:20 0:00 [kworker/u
root 7 0.0 0.0 0 0 ? S 03:20 0:01 [rcu_sched
root 8 0.0 0.0 0 0 ? S 03:20 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S 03:20 0:00 [migration
<output omitted>
root 2698 0.0 0.0 7996 1924 pts/0 S+ 04:39 0:00 more auth.
root 2703 0.0 0.2 24524 6420 pts/1 Ss 04:39 0:00 bash
root 2715 0.0 0.0 0 0 ? S 04:40 0:00 [kworker/0
root 2729 0.0 0.0 19028 2484 pts/1 R+ 04:43 0:00 ps aux
root 2730 0.0 0.0 7996 1992 pts/1 S+ 04:43 0:00 more

Note the following:

There will be over 150 processes.

Most of these processes are daemons: they run in the background without direct local user
I/O.
Enter Q to quit the display after you have examined some processes.

Step 80

Sometimes you need to know the process ID for a particular background daemon. If you pipe
the ps aux output through grep , you can find the details quickly. Execute the command ps
aux --forest | grep apache and observe the results.
Answer

root@Inside-Kali:~# ps aux --forest | grep apache

root 996 0.0 0.8 254944 27152 ? Ss 03:20 0:00 /usr/sbin/
www-data 2246 0.0 0.3 254976 9676 ? S 03:25 0:00 \_ /usr/s
www-data 2247 0.0 0.2 254968 9256 ? S 03:25 0:00 \_ /usr/s
www-data 2248 0.0 0.2 254968 9256 ? S 03:25 0:00 \_ /usr/s
www-data 2250 0.0 0.2 254968 9256 ? S 03:25 0:00 \_ /usr/s
www-data 2253 0.0 0.2 254968 9256 ? S 03:25 0:00 \_ /usr/s

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 36/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

www-data 2254 0.0 0.2 254968 9256 ? S 03:25 0:00 \_ /usr/s

root 2738 0.0 0.0 12656 1692 pts/1 S+ 04:45 0:00 \_ gr

Note the following:

Seven processes are associated with the apache2 HTTP daemon.

The first was launched under the root account.
The remaining six were forked from the main process and they run under the www-data
account.
The last line seems to indicate that grep apache was forked from the last apache2 forks,
which is because many lines were skipped by the grep filter. The grep apache process is
what you just launched in the current bash shell. It is a fork of that bash shell.

Step 81

To provide an example of using the PID, you will use the kill command to terminate a
process. Run the ps command with the u argument. Find the PID associated with the more
auth.log command that is running in the other terminal window. Execute the kill command,
providing the appropriate PID as an argument.
Answer

root@Inside-Kali:~# ps u
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 746 0.0 0.0 12836 1944 tty1 Ss+ 03:20 0:00 /sbin/aget
root 792 0.2 1.3 231752 43012 tty7 Ssl+ 03:20 0:10 /usr/bin/X
root 1871 0.0 0.2 24600 6604 pts/0 Ss 03:21 0:00 bash
root 2698 0.0 0.0 7996 1924 pts/0 S+ 04:39 0:00 more auth.
root 2703 0.0 0.2 24524 6420 pts/1 Ss 04:39 0:00 bash
root 2712 0.0 0.0 19028 2476 pts/1 R+ 04:40 0:00 ps u
root@Inside-Kali:~# kill 2698 <substitute the PID from your lab environment

Step 82

Return to the other terminal window. You should find that the more auth.log command has
been terminated.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 37/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Sep 8 14:06:22 Inside-Kali systemd-logind[666]: Removed session c4.

Sep 8 14:06:22 Inside-Kali systemd: pam_unix(systemd-user:session): sessio
sed for user Debian-gdm
--More--(4%)Terminated
root@Inside-Kali:/media/cdrom/SECFND#

The netstat Command

The netstat command is important in monitoring the status of network connections on a Linux
system. The netstat command lists the TCP and UDP ports that the system is listening on, which is
critical information relating to the system's attack surface. You can also list the active connections to
the system. In this task, you will experiment with the netstat command on the Inside-Srv, which has
more going on than Inside-Kali. You will start by preparing a few connections to and from the Inside-
Srv. You will then see what can be seen with the netstat command.

Step 83

Initiate some IMAP connections to the Inside-Srv. Access the desktop of Inside-Win. Launch
the Thunderbird email client. Ignore any error messages. You don't have to do anything else
on Inside-Win.

Step 84

Initiate an outbound SSH connection from the Inside Server. Access the desktop of the Inside-
Srv. Open a terminal window and enter the command ssh dmz-srv.abc.public or ssh
172.16.1.10, which will open an SSH connection to the DMZ-Srv using the current username
on the local bash shell (root). Authenticate using Cisco123! as the password. You may have to
accept the DMZ-Srv public key.
Answer

root@inside-srv:~# ssh dmz-srv.abc.public (or ssh 172.16.1.10)

The authenticity of host 'dmz-srv (172.16.1.10)' can't be established.
ECDSA key fingerprint is 05:d1:ec:71:fe:f8:f1:54:f0:21:b3:53:f1:ca:d3:6e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dmz-srv' (ECDSA) to the list of known hosts.
root@dmz-srv's password: Cisco123!
Linux dmz-srv 3.14-kali1-amd64 #1 SMP Debian 3.14.5-1kali1 (2014-06-07) x86

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 38/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.
root@dmz-srv:~#

Step 85

Return to the desktop of Inside-Kali. Establish SSH connection to the Inside-Srv. Again,
use Cisco123! as the password. You may have to accept the Inside-Srv public key.
Answer

root@Inside-Kali:~# ssh inside-srv

The authenticity of host 'inside-srv (10.10.4.20)' can't be established.
ECDSA key fingerprint is 05:d1:ec:71:fe:f8:f1:54:f0:21:b3:53:f1:ca:d3:6e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'inside-srv,10.10.4.20' (ECDSA) to the list of k
root@inside-srv's password: Cisco123!
Linux inside-srv 3.14-kali1-amd64 #1 SMP Debian 3.14.5-1kali1 (2014-06-07)

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.
root@inside-srv:~#

Step 86

You will perform the rest of this task from this Inside-Kali SSH connection to the Inside-Srv.
The netstat command can accept various arguments: The argument -t limits the output to
TCP; the argument -e limits the output to established connections. Execute the netstat -
te command and examine the results.
Answer

root@inside-srv:~# netstat -te

Active Internet connections (w/o servers)

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 39/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 inside-srv.abc.pr:42768 dmz-srv.abc.public ESTABLISH
tcp 0 224 inside-srv.abc.priv:ssh 10.10.6.11:58772 ESTABLISH
tcp6 0 0 inside-srv.abc.pr:imap2 10.10.6.10:1563 ESTABLISH
tcp6 0 0 inside-srv.abc.pr:imap2 10.10.6.10:1586 ESTABLISH

Note the following:

There should be at least four current connections. Two or more connections are to the IMAP
port on the Inside-Srv from Inside-Win (10.10.6.10). The ports on Inside-Win will be dynamic
ports.
There should be one connection from a dynamic port on the Inside-Srv to the SSH port on
the DMZ-Srv (172.16.1.10).
There should be one connection to the SSH port on the Inside-Srv from Inside-Kali
(10.10.6.11).

Step 87

The -n argument instructs the netstat command to provide data numerically. That is, it
should use IP addresses instead of hostnames and port numbers instead of port names.
Execute the command netstat -ten to observe the results.
Answer

root@inside-srv:~# netstat -ten

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.10.4.20:42768 172.16.1.10:22 ESTABLISH
tcp 0 224 10.10.4.20:22 10.10.6.11:58772 ESTABLISH
tcp6 0 0 10.10.4.20:143 10.10.6.10:1563 ESTABLISH
tcp6 0 0 10.10.4.20:143 10.10.6.10:1586 ESTABLISH

Note the following:

As before, the -t and -e limit the output to TCP and established connections.
This time, 10.10.4.20 is displayed in place of inside-srv.abc.private, and 172.16.1.10 is
displayed in place of dmz-serv.abc.public.
All the ports are also represented with their numeric values: IMAP2 is 143; SSH is 22.

Step 88

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 40/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

The -u filter includes UDP. The -l (lower-case 'L') filter lists listening ports. Execute netstat
-tul to display the TCP ports and UDP ports that the Inside-Srv is listening on.
Answer

root@inside-srv:~# netstat -tul

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ldap *:* LISTEN
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:tacacs *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 inside-srv.abc.p:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost:953 *:* LISTEN
tcp6 0 0 [::]:ldap [::]:* LISTEN
tcp6 0 0 [::]:pop3 [::]:* LISTEN
tcp6 0 0 [::]:imap2 [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:smtp [::]:* LISTEN
tcp6 0 0 localhost:953 [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
udp 0 0 inside-srv.abc.p:domain *:*
udp 0 0 localhost:domain *:*
udp 0 0 *:bootps *:*
udp 0 0 *:tftp *:*
udp 0 0 inside-srv.abc.priv:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:20885 *:*
udp6 0 0 fe80::804:aff:fe0a::ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
udp6 0 0 [::]:4462 [::]:*

Note the following:

Provided are all the TCP ports and UDP ports that are open on this system.
The foreign IP addresses and port numbers are listed as asterisks because they are
currently unknown. The Inside-Srv is prepared to receive connections from any valid remote
IP address and remote port.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 41/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

Step 89

Sometimes you need to know the process that is listening on a particular port.
The netstat command uses the -p argument. Execute netstat -tlp to list all the TCP ports
that are in a listening state, and the processes that are associated with them.
Answer

root@inside-srv:~# netstat -tlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ldap *:* LISTEN
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:tacacs *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 inside-srv.abc.p:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost:953 *:* LISTEN
tcp6 0 0 [::]:ldap [::]:* LISTEN
tcp6 0 0 [::]:pop3 [::]:* LISTEN
tcp6 0 0 [::]:imap2 [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:smtp [::]:* LISTEN
tcp6 0 0 localhost:953 [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN

Note the following:

The output is similar to the previous example, but now the right-most column displays both
the process ID and the name of the file that contains the executing code.

Step 90

One more common use of the netstat command is to display the systems routing table.
The -r argument displays the routing table. It is often paired with the -n argument.
Execute netstat -rn to display the Inside-Srv routing table.
Answer

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 42/43
10/23/23, 6:06 AM Explore the Linux Operating System | Understanding Linux Operating System Basics

root@inside-srv:~# netstat -rn

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt If
0.0.0.0 10.10.4.1 0.0.0.0 UG 0 0 0 et
10.10.4.0 0.0.0.0 255.255.255.0 U 0 0 0 et

Note the following:

Most Linux systems with a single NIC are simply configured with a default gateway.
With the Inside-Srv, the 0.0.0.0/0.0.0.0 route is the default route, hence the default gateway
is 10.10.4.1.
Anything on the 10.10.4.0/255.255.255.0 network is reachable directly from the interface
eth0.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_22/pages/32 43/43