Linux Fundamentals - Part 3 2021
The link for this lab is located here: https://tryhackme.com/room/linuxfundamentalspart3
This room covers things like CLI text editors, processes, automation, package management, logs and some general/useful utilities to know.
Task 3 - Terminal Text Editors
There are a few options that you can use for a terminal text editor. The easiest to start with is called “nano” but there is another one called “vim”.
To create or edit a file using nano, we simply use “nano filename”. Once we press enter, nano will launch. You can navigate each line using the arrow keys or start a new line by hitting Enter - similar to Microsoft Word in a way.
Nano has a few features that are easy to remember and covers the most general things you would want including:
Searching for text
Copying and pasting
Jumping to a line number
Finding out what line number you are on
To exit nano, we press CTRL+X to exit and save.
Vim is a much more advanced text editor. Some of Vim’s benefits includes:
Customizable - you can modify the keyboard shortcuts
Syntax highlighting - useful if writing code
Vim works on all terminals where nano may not be installed
There are a lot of resources such as cheat sheets, tutorials and more
Questions
Q2: Edit "task3" located in the home directory using nano. What is the flag?
A: THM{TEXT_EDITORSTask 4 - General/Useful Utilities
A fundamentals feature of computing is the ability to transfer files. The “wget” command allows us to download files from the web via HTTP. We simply provide the address of the resource that we wish to download. For example, if we wanted to download a file named “myfile.txt” onto a machine, it would look similar to this:
wget https://assets.tryhackme.com/additional/linux-fundamentals/part3/myfile.txt
Secure copy (SCP) is a means of securely copying files. Unlike the regular cp command, this command allows you to transfer files between two computers using the SSH protocol to provide both authentication and encryption.
Working on a model of SOURCE and DESTINATION, SCP allows you to:
Copy files and directories from your current system to a remote system
Copy files and directories from a remote system to your current system
Provided we know usernames and passwords for a user on your current system and a user on the remote system. For example, let’s copy an example file from our machine to a remote machine:
scp important.txt ubuntu@192.168.1.30:/home/ubuntu/transferred.txt
We can also reverse this and layout the syntax for using scp to copy a file from a remote system that we are not logged into:
ccp ubuntu@192.168.1.30:/home/ubuntu/documents.txt notes.txt
Ubuntu machines come pre-packaged with python3. Python helpfully provides a lightweight and easy to use module called HTTPServer. This module turns you computer into a quick and easy web server to serve files where they can be downloaded by another computer using commands such as curl and wget.
Python3’s HTTPServer will serve the files in the directory you run it from. Simply, all we need to do is run python3 -m http.server to start the module.
Next, we could use wget to download the file using the computer’s IP address and the name of the file. One flaw with this module is that you have no way of indexing - you MUST know the exact name and location of the file you wish to use.
In the screenshot above, the wget command successfully downloaded the file. Once downloaded, the Python server will generate a log that this file was downloaded.
Questions
Q2: Use Python3's HTTPServer module to start a webserver in the home directory of the tryhackme user on the deployed instance
A:Q3: Download the file onto your machine. What are the contents?
A: THM{WGET_WEBSERVER}Task 5 - Processes 101
We can use the “ps” command to provide a list of the running processes as our user’s session and some additional information such as its status code, the session running it, how much usage time of the CPU it is using, and the name of the actual program being executed:
To see the processes run by other users and those that don’t run from a session, we need to provide the “aux” switches:
Another very useful command is the top command - this gives you real time statistics about the processes running on your system instead of a one-time view. These stats will refresh every 10 seconds but will also refresh when you use the arrow keys to browse the various rows.
You can send signals that terminate processes; there are a variety of types of signals that correlate to exactly how “cleanly” the process is dealt with by the kernel. To kill a command, we can use the appropriately named “kill” command and the associated PID that we wish to kill; to kill PID 1337, we can use kill 1337.
Below are some of the signals that we can send to a process when it is killed:
SIGTERM - kill the process, but allow it to do some cleanup tasks before
SIGKILL - kill the process with no cleanup
SIGSTOP - stop/suspend a process
The OS uses namespaces to ultimate split up the resources available on the computer to processes. Processes within that slice will have access to a certain amount of computing power, however, it will be a small portion of what is actually available to every process overall.
Namespaces are great for security as it is a way of isolating processes from another.
The processes with an ID of 0 is a process that is started when the system boots. This process is the system’s init on Ubuntu, such as systems, which is used to provide a way of managing a user’s processes and sits in between the OS and the user.
For example, once a system boots and it initializes, systemd is one of the first processes that is started. Any program or piece of software that we want to start will start as what is known as a child process of systemd. This means that it is controlled by systemd, but will run as its own process to make it easier for us to identify and the likes.
Some apps can be started on the boot up. For example, web servers, database servers or file transfer servers. This software is often critical and is often told to start during boot by admins.
Enter the use of systemctl - this command allows us to interact with the systemd process/daemon. Continuing on with our example, systemctl is an easy to use command that takes the following formatting - systemctl [option] [service]
We can do four options with systemctl:
Start
Stop
Enable
Disable
Processes can run in two states - in the background and in the foreground. Commands that you run in your terminal such as echo or things similar will run in the foreground. To make a program run in the background, use the “&” operator.
This is great for commands such as copying files because it means that we can run the command and continue on with whatever further commands we wish to execute.
We can do the exact same when executing things like scripts - rather than relying on the & operator, we can use CTRL+Z on our keyboard to background a process.
Now that we have a process running in the background, we can back-pedal and bring this process back to the foreground. To do this, we use the “fg” command to bring it back to focus.
Questions
Q2: If we were to launch a process where the previous ID was 300, what would the ID of this new process be?
A: 301Q3: If we wanted to cleanly kill a process, what signal would we send it?
A: SIGTERMQ4: Locate the process that is running on the deployed instance. What flag is given?
A: THM{PROCESSES}Q5: What command would we use to stop the service “myservice”?
A: systemctl stop myserviceQ6: What command would we use to start the same service on the boot up?
A: systemctl enable myserviceQ7: What command would we use to bring a previously backgrounded process back to the foreground?
A: fgTask 6 - Automation
Users may want to schedule a certain action or task to take place after the system has booted. For example, running commands, backing up files or launching a program. Crontab is one of the processes that is started during boot, which is responsible for facilitating and managing cron jobs.
A crontab is simply a special file with formatting that is recognized by the “cron” process to execute each line. Crontab requires 6 specific values:
MIN - what minute to execute at
HOUR - what hour to execute at
DOM - what day of the month to execute at
MON - what month to execute at
DOW - what day of the week to execute at
CMD - the command to execute
As an example, you may wish to backup the Documents directory every 12 hours. The following formatting would be used:
An interesting feature of crontabs is that these also support the wildcard or asterisk. If we do not wish to provide a value for a specific field, we simply just place an asterisk (*).
Crontabs can be edited by using “crontab -e”, where you can select an editor to edit your crontab.
Questions
Q1: When will the crontab on the deployed instance run?
A: @rebootTask 7 - Package Management
When developers wish to submit software to the community, they will submit it to an “apt” repository. If approved, their programs and tools will be released into the wild. Two of the most redeeming features of Linux shine to light - user accessibility and the merit of open source tools.
When using the ls command on an Ubuntu 20.04 Linux machine, these files server as the gateway/registry.
Whilst OS vendors will maintain their own repositories, you can also add community repositories to your list. This allows you to extend the capabilities of your OS. Additional repositories can be added by using the “add-apt-repository” command or by listing another provider. For example, some vendors will have a repository that is closer to their geographical location.
Normally, we use the apt command to install software onto our Ubuntu system. The “apt” command is a part of the package management software also named “apt”. Apt contains a whole suite of tools that allows us to manage the packages and sources of our software, and to install or remove software at the same time.
Whilst you can install software through the use of package installers such as dpkg, the benefits of apt means that whenever we update our system, the repository that contains the piece of software that we add also gets checked for updates.
When adding software, the integrity of what we download is guaranteed by the use of what is called GPG (GNU Privacy Guard) keys. These keys are essentially a safety check from the developers saying “here’s our software”. If the keys do NOT match, then the software is not downloaded.
To start, we need to add the GPG key for the developers of Sublime Text 3. To download the key, we use the following command:
wget -qO - https://download.sublimetext.com/sublimhq-pub.gpg | sudo apt-key add -
Next, we add Sublime Text’s repository to our apt sources list. A good practice is to have a separate file for every different community/3rd party repository that we add.
We can create a file named sublime-text.list in /etc/apt/sources.list.d and enter the repository information like so:
And now, we use Nano to add and save the Sublime Text 3 repository into this new file
After we have added this entry, we need to update apt to recognize this new entry - this is done using the apt update command. Once updated, we can now proceed to install the software that we have trusted and added to apt using apt install sublime-text.
Removing packages is as easy as reversing. This process is done by using the add-apt-repository --remove ppa:PPA_NAME/ppa command or by manually deleting the file we previously fulfilled. Once removed, we can just use apt remove [software] command.
Task 8 - Logs
Located in the /var/log directory, these files and folders contain logging information for apps and services running on your system. The OS has become pretty good at automatically managing these logs in a process that is known as rotating.
These services and logs are a great way in monitoring the health of your system and protecting it. Not only that, but the logs for services such as a web server contain information about every single request - allowing developers or administrators to diagnose performance issues or investigate an intruder’s activity. For example, the two types of log files below that are of interest:
Access log
Error log
There are logs that store information about how the OS is running itself and actions that are performed by users such as authentication attempts as well.