Linux Fundamentals Part 3

beginner40 minWriteup

Advanced Linux topics and automation

Learning Objectives

  • Edit files with nano/vim
  • Manage processes
  • Automate with cron
  • Manage packages

The final part of Linux Fundamentals covers system administration tasks: text editors, process management, scheduled tasks, and package management. These skills are essential for maintaining access, creating persistence, and understanding how targets operate.

Text Editors

bash
1606070;"># Nano - Beginner-friendly editor
2nano file.txt
3606070;"># Ctrl+O = Save
4606070;"># Ctrl+X = Exit
5606070;"># Ctrl+K = Cut line
6606070;"># Ctrl+U = Paste
7 
8606070;"># Vim - Powerful but has learning curve
9vim file.txt
10606070;"># Press 'i' to enter Insert mode
11606070;"># Press Esc to exit Insert mode
12606070;"># :w = Save
13606070;"># :q = Quit
14606070;"># :wq = Save and quit
15606070;"># :q! = Quit without saving
16606070;"># dd = Delete line
17606070;"># yy = Copy line
18606070;"># p = Paste
19 
20606070;"># Quick edits with sed
21sed -i 606070;">#a5d6ff;">'s/old/new/g' file.txt    # Replace in file
22echo 606070;">#a5d6ff;">"line" | sed 's/old/new/'   # Replace in stream

Vim for Quick Edits

Even if you prefer nano, learn basic vim commands. Many servers only have vi/vim installed. Also, vim can escape restricted shells sometimes!

Process Management

bash
1606070;"># Viewing Processes
2ps              606070;"># Your processes
3ps aux          606070;"># All processes, detailed
4ps auxf         606070;"># Process tree
5top             606070;"># Live process monitor
6htop            606070;"># Better live monitor (if installed)
7 
8606070;"># Key ps output columns:
9606070;"># USER  PID %CPU %MEM    VSZ   RSS TTY STAT  TIME COMMAND
10606070;"># root    1  0.0  0.3 225848  9368 ?   Ss   0:03 /sbin/init
11 
12606070;"># Finding processes
13ps aux | grep apache
14pgrep -l apache
15pidof apache2
16 
17606070;"># Process signals
18kill PID            606070;"># Graceful termination (SIGTERM)
19kill -9 PID         606070;"># Force kill (SIGKILL)
20killall processname 606070;"># Kill by name
21pkill processname   606070;"># Kill by pattern
22 
23606070;"># Background/foreground
24command &           606070;"># Run in background
25jobs                606070;"># List background jobs
26fg                  606070;"># Bring to foreground
27fg %1               606070;"># Bring job 1 to foreground
28bg                  606070;"># Send to background
29Ctrl+Z              606070;"># Suspend current process
30nohup command &     606070;"># Run immune to hangups
31 
32606070;"># Nice values (priority)
33nice -n 10 command  606070;"># Start with lower priority
34renice -n 5 -p PID  606070;"># Change priority

Scheduled Tasks (Cron)

bash
1606070;"># Cron - Schedule tasks to run automatically
2 
3606070;"># View your cron jobs
4crontab -l
5 
6606070;"># Edit cron jobs
7crontab -e
8 
9606070;"># Cron format:
10606070;"># ┌───────────── minute (0-59)
11606070;"># │ ┌───────────── hour (0-23)
12606070;"># │ │ ┌───────────── day of month (1-31)
13606070;"># │ │ │ ┌───────────── month (1-12)
14606070;"># │ │ │ │ ┌───────────── day of week (0-6, Sunday=0)
15606070;"># │ │ │ │ │
16606070;"># * * * * * command
17 
18606070;"># Examples:
19606070;"># Every minute
20* * * * * /path/to/script.sh
21 
22606070;"># Every hour at minute 0
230 * * * * /path/to/script.sh
24 
25606070;"># Every day at midnight
260 0 * * * /path/to/backup.sh
27 
28606070;"># Every Monday at 3am
290 3 * * 1 /path/to/weekly.sh
30 
31606070;"># Every 5 minutes
32*/5 * * * * /path/to/check.sh
33 
34606070;"># System-wide cron locations (check for privesc!)
35/etc/crontab           606070;"># System cron table
36/etc/cron.d/           606070;"># Additional cron files
37/etc/cron.daily/       606070;"># Daily scripts
38/etc/cron.hourly/      606070;"># Hourly scripts
39/etc/cron.weekly/      606070;"># Weekly scripts
40/etc/cron.monthly/     606070;"># Monthly scripts
41/var/spool/cron/       606070;"># User cron tabs

Cron = Persistence Vector

Attackers use cron for persistence. During defense, check all cron locations for suspicious entries. During offense, writable cron files are privilege escalation opportunities!

Package Management

bash
1606070;"># Debian/Ubuntu (apt)
2apt update                    606070;"># Update package list
3apt upgrade                   606070;"># Upgrade all packages
4apt install package           606070;"># Install package
5apt remove package            606070;"># Remove package
6apt search keyword            606070;"># Search for packages
7apt show package              606070;"># Package info
8dpkg -l                       606070;"># List installed packages
9dpkg -i package.deb           606070;"># Install .deb file
10 
11606070;"># Red Hat/CentOS (yum/dnf)
12yum update                    606070;"># Update all
13yum install package           606070;"># Install
14yum remove package            606070;"># Remove
15yum search keyword            606070;"># Search
16rpm -qa                       606070;"># List installed
17rpm -ivh package.rpm          606070;"># Install .rpm file
18 
19606070;"># Arch Linux (pacman)
20pacman -Syu                   606070;"># Update all
21pacman -S package             606070;"># Install
22pacman -R package             606070;"># Remove
23pacman -Ss keyword            606070;"># Search
24 
25606070;"># Python packages (pip)
26pip install package
27pip list
28pip freeze > requirements.txt

Service Management

bash
1606070;"># Systemd (Modern Linux)
2systemctl status service      606070;"># Check status
3systemctl start service       606070;"># Start service
4systemctl stop service        606070;"># Stop service
5systemctl restart service     606070;"># Restart service
6systemctl enable service      606070;"># Start on boot
7systemctl disable service     606070;"># Don't start on boot
8systemctl list-units          606070;"># List all services
9 
10606070;"># Examples
11systemctl status apache2
12systemctl start ssh
13systemctl enable nginx
14 
15606070;"># Legacy init.d
16service apache2 status
17service apache2 start
18/etc/init.d/apache2 restart
19 
20606070;"># Check what's running on ports
21netstat -tulpn
22ss -tulpn
23lsof -i :80

Knowledge Check

Quick Quiz
Question 1 of 3

What cron schedule runs a command every day at midnight?

Key Takeaways

  • nano for easy editing, vim for power and ubiquity
  • ps aux shows all processes, kill -9 force-terminates
  • Cron schedules tasks - check /etc/cron* for persistence/privesc
  • apt (Debian), yum (RedHat) for package management
  • systemctl manages services on modern Linux