Hey everyone, welcome back to another video here on TryHackMe. I am John, and today we're going to be taking a look at the Linux Fundamentals Part 3 room. Power up your Linux skills and get hands on with some common utilities that you're likely to use day to day. This room is the third and final room in the Linux Fundamentals series, and with that being said, let's go ahead and dive right into Task 1, Introduction.
Welcome to Part 3 and the finale of the Linux Fundamentals module. So far throughout the series, you have got hands-on with some fundamental concepts and used some important commands. This room is going to showcase some useful utilities and applications that you are likely to use day-to-day.
You're also going to advance your Linux Foo skills by learning about automation, package management, and service slash application logging. Let's proceed. We'll go ahead and mark this as completed and move into task two and deploy our machine.
So I'm going to glaze through this since we've already covered this in part two. In order to proceed with this room, we need to start with the machine that's attached to this task and the information about that machine is going to appear at the top. And then we also want to start the attack box with this blue button up here. We'll go ahead and glaze through this.
Looks like we are going to be SSH-ing into this machine with the credentials of TriHackMe and then a password of TriHackMe. So we'll mark this as completed and I will pause the recording. Once the machine is up, we will go ahead and... SSH into our target box and we're back.
So I've gone ahead and let the machine load and then we have also pulled up a terminal here. Let's go in SSH into our target machine. Now one note, there is an IP address that will populate down here. The TriHackMe rooms, wherever you see that machine IP that will be replaced once the box is actually live and it has that IP address assigned and you can just see it in line with the text and that was the case right here. That being said, let's go in and SSH in with the credentials try hack me at 10.10.231.247 and make sure that you are not using my box IP.
This will not work for you. You need to make sure that you're typing in the one that you are targeting. And there we go.
If you have any difficulties with this, please jump back to part two. Right at the beginning of that, I go through how to SSH into a machine like this. in further detail.
That being said, let's go ahead and move on to task three, terminal text editors. Throughout the series so far, we have only stored text and files using a combination of the echo command and the pipe operators. So a single greater than, which is the redirection operator, and then the appension operator, double greater than.
This is an inefficient way to handle data when you're working with files with multiple lines in the sorts. Introducing terminal text editors. There are a few options that you can use, all with a variety of friendliness and utility.
This task is going to introduce you to Nano, but also show you an alternative named Vim, which TriHack may have a room dedicated to. This is worth checking out, that room is very educational. Nano.
It's easy to get started with Nano. To create or edit a file using Nano, we simply use the command Nano and then the file name, replacing file name with the name of the file you wish to edit. If that file does not exist and you have permissions to write that to that directory, you can use nano and then the file that you want to create for the file name. And then as long as you save when you exit, that file will be created. Otherwise, it will just either overwrite or start modifying whatever file you select, as long as you have permissions to write to it.
Once we press enter to execute the command, nano will launch. where we can just begin to start entering or modifying our text. So here we can see that after running that, we are greeted with the nano text editor.
This is a little bit small on my screen. However, going through and playing with this, you'll become very used to using nano very quickly. It's very intuitive, and it's the text editor that I use pretty regularly on the command line. That being said, while we're going to go over nano, it's worth having at least a minimum comfort level with a couple of the other text editors just because nano won't always be installed. And...
and the other editors are not too tricky to learn either. That being said, let's go ahead and move on. You can navigate each line using the up and down arrow keys, or start a new line using the enter key on your keyboard.
So very similar to Less, and when we were reviewing the Man pages, very, very similar to that where we can navigate with the arrow keys. And here you can see we have a bunch of shortcuts here. Nano has a few great features that are easy to remember and covers the most general things you would want out of a text editor. including searching for text, which you can see right here with the control W, copying and pasting, and you should be able to see, I'm not seeing it. Oh, there we go.
Right there. Jumping to a line number and then finding out what line number you're on. Very basic things, and they're very nice, especially if you need to edit a program, edit a script, or you're just taking notes in Nano.
You can use these features of Nano by pressing the control key, which is represented as a caret or an up arrow on Linux, and you can see that right here. and a corresponding letter. So for example, if we wanted to exit, we would want to press Ctrl and then X to exit nano.
Now one thing to note, if you've modified a file, it will prompt you to press Y or N to confirm if you want to keep those changes or discard them, and you can see the exit command over here in the corner in case you ever forget it. Let's talk briefly about Vim. Vim is a much more advanced text editor. Whilst you're not expected to know all advanced features, it's helpful to mention it for powering up your Linux skills.
And here you can see this is the basic Vim text editor. Some of Vim's benefits, albeit taking a much longer time to become familiar with, include customizability. You can heavily modify the keyboard shortcuts to be of your choosing. I believe you might be able to do this in Nano as well.
However, Vim, it's just a lot easier, and generally speaking, if you need advanced features, you're probably going to be moving on to using Vim anyways. Syntax highlighting. This is useful if you're writing or maintaining code, making it a popular choice for software developers. Very common to be using Vim, especially if you are in a developer environment and you are just remoted into whatever machine is running your test web server.
If you want to try a simple change in your test environment, changing it to Vim is probably your best option. Vim works on all terminals where Nano may not be installed. Nano is not always installed.
Vim will typically always be installed. It's very rare to not have Vim available. There are lots of resources such as cheat sheets, and I recommend bookmarking this.
tutorials, and sorts available for you to use. And again, TriHackMe is a room just on Vim. I highly recommend going through this. We've mentioned previously in part two that there is a find command room.
I recommend going through that and the Vim room. They are both very helpful. And especially the find command, it was very insightful when I went through it. Create a file using nano.
Let's go ahead and do that right now. So we'll do nano and then let's call it hello. So Here we have the nano text editor, very straightforward.
We saw this early in the task. If I type something in here such as hello world, we can do control x and we can see that it wants just to confirm the changes that we've made to the file. And in this case, since we can write to it, we can write just press y and we save our file and we confirm that the name of the file is going to be hello.
Press enter and there we go. We've exited. And if we run ls, we can see that we have hello available there.
And if we check it as well using file, we can confirm that we created an ASCII text file. Pretty cool. Edit task 3 located in TriHackMe's home directory using nano.
What is the flag? Let's do nano task 3. And we can see that our flag is THM text underscore editors. And there we go.
Cool. Let's go ahead and close out of that, and note because I didn't make any changes, Nano did not prompt me to confirm those changes. Let's move on to task 4, general slash useful utilities. Downloading files.
A pretty fundamental feature of computing is the ability to transfer files. For example, you may want to download a program, a script, or even a picture. Thankfully for us, there are multiple ways in which we can retrieve these files.
We're going to cover the use of wget. This command allows us to download files from the web via HTTP, as if you were accessing the file in your browser. HTTP is just the basic web protocol for a website that's running without encryption. You've probably interacted with a website like this before.
You don't need to know too much about the actual web protocols. Just know that this is one way that websites can respond. We see the other way, or the other major way, I should say, is HTTPS.
The S... stands for encryption, so there is the SSL socket layer running there. Don't worry too much about that.
It's outside of the scope of this room. Just know that that is there. This is in clear text, but it's useful if you just want to download things.
We simply need to provide the address of the resource that we wish to download if we want to download something in this manner. For example, if I wanted to download a file named myfile.txt onto my machine, assuming I knew the web address it is at, It would look something like this, and you can see an example down below, where we have wgint, and then we have the file that we're actually going to download. That downloads the file to our current working directory, so just wherever we're running this command from. Transferring files from your host using scp via ssh.
Secure copy, or scp, is just that, a means of securely copying files. Unlike the regular cp command, This command allows you to transfer files between two computers using the SSH protocol to provide both authentication and encryption. Very, very helpful.
And this may be overwhelming at first, but I promise you that the syntax on this is very intuitive once you've used it a couple times. Working on a model of source and destination, SCP allows you to copy files and directories both to and from your current system and remote systems. As long as you have SSH access.
You can go through and copy files. Very cool and very straightforward. Provided that we know usernames and passwords for a user on your current system and a user on the remote system, we can go ahead and copy files from our machine to a remote machine.
And here we can see that the command has already been laid out in this table. I'm going to go ahead and walk through it in the full command down below, and let's break this down now. First, we have the command scp, which specifies that we're using secure copy.
We are copying a file from our computer here, so the source is here. This would be flipped around if we wanted to grab this from a remote machine. However, we're grabbing something from our local machine named important.txt, and we're transferring it to a machine where we are logging into as Ubuntu.
And then again, note this is the same syntax as SSH with the IP address here. And then we have a colon with the actual location of where we're going to transfer that to. So very straightforward.
Think of this as SSH and CP if they were combined together. Again, if we wanted to transfer something from the remote system to our local system, it will be reversed, and we can see that down here below. Where we have scp, the command, which is just ssh, and then the actual location of the file, and then we're copying it to our current working directory and having it named as notes.
Note, we can rename things as we copy. Again, this is very straightforward and very similar to what we saw with the cp command, the normal copy command. Serving files from your host with web.
Ubuntu machines come prepackaged with Python 3. Python helpfully provides a lightweight and easy-to-use module called HTTP Server. This module turns your computer into a quick and easy web server that you can use to serve your own files, where they can be downloaded by another computer using commands such as wget and curl. Python 3's HTTP Server will serve the files in the directory that you run the command from.
But this can be changed by providing options that can be found in the man pages. Simply, all we need to do is run python3-m for the module that we're going to run, and then http.server. Now note there's an extra space here.
You don't need these two spaces. It's just one space. And even then, Python should just ignore that extra space. So running that will start the module, and note that this will occupy your terminal because it's a running process. This is an example where having this running in the...
the background can be very helpful, especially if you want to work in one terminal and you're not working with something like TMUX. TMUX and other multitasking solutions are again outside of the scope of this room, however, just know that they exist and there are other ways that you can accomplish these tasks. In the screenshot below, we are serving from the directory called web server, which is a single file named file.
So we are in on this computer, the web server directory in this user's home directory, and then we can see that there's this file. Then we run the Python 3 server or the Python 3 web server rather and note that it starts by default on port 8000 you can specify this by using the dash lowercase P switch and you can see more in the man page for this There's a bunch of different options and it's very very cool by and large This is going to be one of your best friends as far as tools go Especially if you were going further into pen testing and need to transfer things to and from a remote machine now Let's use wget to download the file using the computer's IP address and the name of the file. One flaw with this module is that you have no way of indexing, so you must know the exact name and location of the file that you wish to use. And the author talks a little bit about Updog here. This is actually what I use as well.
It is a very nice Python module outside of the scope of this room, but I definitely recommend looking into this as it is incredibly useful just for file transfers in general. That being said, here we have an example broken down. We are running ls to confirm that there's nothing in this current working directory of files, and then we are running wget. This is on our same host, so we're just downloading something from one part of our machine to another, but it's just an example.
And we specify the full web URL, specifying that it is on port 3000, and that we want to, or 8000 rather, and that we want to pull the file named, well, file. We can see that it is in the process of downloading it here and this will actually move as you are running this command so if it's pretty big it will show a progress bar down here and it's nice it's very intuitive to use. Once we've completed that we can see we've downloaded the file here.
In the screenshot above we can see that the Wget has successfully downloaded the file named file to our machine. This request is logged by SimpleHttpServer much as any web server would which I've captured in the screenshot below. And here you can see that this is an example of the web server logs.
We saw a little bit of this in the Linux Fundamentals Part 1 room, and you can see that that log is very much real. That was, I believe, an Apache 2 log. However, you can see an example of even how this, as a simple HTTP server, is able to actually do this. Ensure that you are connected to the deployed instance.
We've gone ahead and done that. We've SSH'd in. If you have not, I recommend backtracking and making sure that you are SSH'd into it. Now use Python 3's HTTP server module to start a web server in the home directory of the Triacme user on the deployed instance.
Let's go ahead and do that now. So I've cleared the screen with control and L and we want to do Python 3 dash m HTTP dot server. And there we go. Again, like I said, this consumes your terminal, so running this in the background can be really helpful or running it in another tab, which you can see up here. However, let me go ahead and not kill my process.
There we go. And I'm going to go ahead and open up another tab like so. We'll mark this as completed since we've gone ahead and pulled that file or inserted the web server rather. Now we want to download a file hosted at this address. We can go ahead and do that now with wget http and then 10 10 231 dot 247 and then we need to do colon 8000 again because this is running on port 8000 and we're going to grab the dot flag file or dot flag dot txt file and we're just downloading that to our current working directory.
And there we go. It's pretty fast. We can see now.
If we do lstack a rather, and let me clear the screen, we can see that we have this.flag file now. If we go ahead and cat.flag.txt, we can see that we have our flag for the web server, which is thm wget underscore web server. And there we go.
Create and download files to further apply your learning. So play around with this a little bit, try uploading and downloading some files or downloading some files rather. It is good to get some practice with this and this is something that you will use very regularly. So just keep that in mind.
Once you're done with that, we'll go ahead and go back to our remote machine and use control and C to interrupt that process and close it out. And again, I've cleared the screen after that with control now. Let's go ahead and mark that as completed and move into task five, processes 101. Processes are the programs that are running on your machine. They're managed by the kernel, where each process will have an ID associated with it known as its PID or process ID. The PID increments for the order in which the process starts.
So for example, the 60th process will have a PID of 60 and so on and so forth. Viewing processes. We can use the friendly ps command short for process to provide a list of running processes as our user session and some additional information such as its status code, the session that is running it, and how much time of the CPU it is using, as well as the name of the actual program or command being executed.
And we'll dive into this in just a little bit to get more information on what's actually running on this system. Note how in the screenshot above, the second process, ps, has a pid of 204 and then the command below it has the 205. This is just incremented and it's showing that each process is going to have a subsequent PID number incremented by one. To see the processes run by other users and those that don't run from a session, so for example system processes, things that are started when your computer starts and they're just running on the computer without any user attached to them, we need to provide aux to the ps command like so. And we can see by running that we have a lot more information as well as commands that aren't being run. by our current user.
So quite a bit of information, the user that's running over here, the PID, CPU and memory usage, a couple other bits of information, which I won't worry too much about, the start time and date here, and then the command that's actually being run. Note that we can see a total of five processes. Note how we now have root and cmnatic here.
So we can see that over there. Another very useful command is the top command. Top gives you real-time statistics.
about the processes running on your system instead of a one-time view. These statistics will refresh every 10 seconds, but will also refresh when you use the arrow keys to browse the various rows. Another great command to gain insight into your system is via the top command or htop, which will give you a colored version of this. And you can see an example output of the top command there. Now one thing to note, that is a process that you have to use control C to exit.
It will take up your current terminal and you just need to close it once you are done looking at what's actually running. Managing processes. You can send signals that terminate processes, and there are a variety of types of signals that correlate to exactly how cleanly the process is dealt with by the kernel.
To kill a command, we can use the appropriately named kill command and the associated PID or process ID that we wish to kill. So for example, we can use to kill the process ID 1337, we'd use kill and then the process ID number. Below are some examples of signals that we can send to a process when it is killed.
So we have sigterm, sigkill, and sigstop. This is kind of the varying levels of niceness that you can stop things with. So sigterm, we kill the process, but we do allow it to do some cleanup tasks. So we're telling it, hey, you need to stop, but you can clean up after yourself.
Sigkill kills the process and it doesn't do any cleanup. And then sigstop just stops it. It doesn't allow it to do anything. It doesn't actually end the process.
It's just pausing it. or suspending it in this specific case. How do processes start? Let's start by taking or talking about namespaces. The operating system or OS uses namespaces to ultimately split up the resources available on the computer to processes.
So those resources specifically we're looking at are CPU, RAM, and then the priority at which they run. Priority is how important they are for the system and if there is contention for that CPU time. This is outside of the scope of this room, just as a heads up.
If there's contention for the CPU and RAM usage, the higher priority process will get that the priority there. Think of it as splitting up your computer into slices similar to a cake. Processes within that slice will have access to a certain amount of computing power.
However, it will be a small portion of what is actually available to every process overall. Namespaces are great for security as it is a way of isolating processes from each other. Only those that are in the same namespace will be able to see each other. So think of it as just kind of sections of like a cake.
If you have a section of a cake and you hand it to someone else and they walk away with it, they don't know what the rest of the cake looks like. And that's kind of how a namespace works in this specific way. They might be able to guess, but ultimately they have no idea. We previously talked about how PID works, and this is where it comes into play.
The process with an ID of 0 is a process that is started when the system boots. This process is the system's in it on Ubuntu, such as systems, which is used to provide a way of managing a user's processes and sits between the operating system and the user. So what does this actually mean?
This is the process that is the manager. It handles how the other processes actually run, and it's ultimately kind of the overlord of the process realm. For example, once a system boots and it initializes, systemd is one of the first processes that are started.
program or piece of software that we want to start will start as what's known as a child process of systemd. This means that it is controlled by systemd but will run as its own process although sharing resources from sharing the resources from systemd to make it easier for us to identify and the likes. And here you can see that it has the pid of one in this example and that's just taking a look at this with top. Getting processes slash services to start on boot.
Some applications can be started on the boot of the system that we own. For example, web servers, database servers, or file transfer servers. This software is often critical and is often told to start during the boot up of the system by administrators.
Generally speaking, if you're running a web server and you want to have that web server constantly running on that machine, whenever you reboot it, you want it to start up automatically. And that's where this can be really useful. This is also very useful if you're hosting game servers and other things like that. In this example, we're going to be telling the Apache web server to...
be starting Apache manually and then telling the system to launch Apache 2 on boot. Don't worry too much about what this is, again, outside of the scope of this room, just know that this is a general, a very common web server that we will see in the wild. Enter the use of systemctl, or system control.
This command allows us to interact with the systemd process slash daemon, and continuing on with our example, systemctl is an easy to use command that takes the following formatting. So we have systemctl, the actual option that we want. So for example, these options down below, and then what service we're actually targeting. Very straightforward. Once you do this a couple of times, this is very intuitive and something that's very, very easy to guess at what the service name is.
For example, to tell Apache to start up, we'll use the system CTL, start as the actual option, and then we're targeting the Apache 2 service. Seems simple enough, right? Same with if we wanted to stop Apache 2, we just replace the option right here with stop instead of start like provided.
And here are the four options that we have. So minus status, there are a couple more options here. Status will tell you what the actual status of that process is, if it exited with an error, or if it's running, so on and so forth.
Then we have start, stop, enable, which enables it to actually run at startup, and then disable, which tells it, hey, I don't want you to run at startup. An introduction to backgrounding and foregrounding in Linux. Processes can run in two states, in the background and in the foreground. For example, commands that you run in your terminal such as echo or things of that sort will run in the foreground of your terminal as it is only the only command provided that hasn't been told to run in the background. And again, I preface this a little bit earlier when we were talking about having things running in your terminal and kind of consuming that space.
Running things in the background, especially if you're doing a file transfer that's going to take a while, it's easy just to background them and then forget about them until they're done. Echo is a great example as the output of echo will return to you in the foreground, but it wouldn't in the background. So here we can see that we're running echo and this is without it being backgrounded and we run it again.
So normal output there, running it again with it being backgrounded and it gives us back our input or the actual echo here later on after it's started this background process with this process ID. Here we're running echo high THM where we would expect the output to return to us. like it is at the start, but after adding the ampersand or the background operator to the command, we're instead just given the ID of the echo process rather than the actual output it is running in the background.
This is great for commands such as copying files because it means that we can run the command in the background and continue on with whatever further commands we wish to execute without having to wait for the file to finish copying first. We can do the exact same when executing things like scripts. Rather than relying on the background operator, rather, we can use control and then z to force a process to background. This is an effective way of pausing the execution of the script or command like in the example below.
So we have this process that's running on loop and it's just permanently running on loop until we cancel it or just tell it to sig kill or something like that. We are going to go ahead and force it into the background with control and z and it's just running the background. It's no longer consuming our terminal.
and we have our terminal teletype prompt back up. This script will keep on repeating, this will keep on looping until I stop, until I stop or suspend the process. By using ctrl and z as indicated by the caret and then z right there, we've gone ahead and background it and our terminal is no longer filled up with these messages until we foreground it, which we'll discuss right now.
Foregrounding a process. Now that we have a process running in the background, for example our script background at sh. which can be confirmed by using the psaux command, we can backpanel and bring this process back to the foreground to interact with, as this is just going to keep running in the background until it finishes or until we kill it. With our process backgrounded using either Ctrl and Z or the ampersand background operator, we can use fg, that command, to bring this back to focus like below, where we can see the fg command is being used to bring the background process back into use on the terminal. where the output of the script is now returned to us.
So we've run the foreground command, FG, and now our terminal is filled with garbage. But we've brought it back to the foreground. Readme.
We've gone ahead and done that, so we'll mark that as complete. If we were to launch a new process, or a process where the previous process ID was 300, what would the ID of this new process be? That's going to be 301. Again, that increments by one every time we run a new process. If we wanted to cleanly kill a process, what signal would we send it? That should be sigterm, and that gives the process time to clean up after it's off and things.
Locate the process that is running on the deployed instance. What flag is given? So we're going to go ahead and run psaux, and then I'm going to use a couple other things that we haven't necessarily learned to make this easier for the sake of the video.
I'm using the pipe operator, which takes the output from this psaux command and passes it straight into another command called las. Less is like catting things, but it gives us the ability to scroll through the output and it's much easier for the sake of the video. So we can go ahead and scroll down and at some point we'll be able to see a flag just kind of hanging out in here. And it might take a moment, but we should be able to find it. There we go.
So here we can see, and it's a little bit squished because I have everything zoomed in on my screen, but we have THM and then processes for our flag. Processes, there we go. What command would be used to stop the service, my service?
And that would be the, let's see, we want system. ctl stop my service took me a moment to think about that what command would we use to start the same service on boot up of the system that would be system ctl enable because we wanted to run on boot and then my service and then what command would we use to bring a previously backgrounded process back to the foreground that will be fg short for foreground Let's go ahead and move into task six, maintain your system with automation. Users may want to schedule a certain action or task to take place after the system is booted. Take, for example, running commands, backing up files, or launching your favorite programs on such as Spotify or Google Chrome.
We're going to be talking about the cron process, but more specifically, how we can interact with it via the use of cron tabs. Cron tabs are one of the processes that are started during boot, and it's responsible for facilitating what are known as cron jobs. Think of that as just auto-shirting things. They're tasks, for example, I believe Windows, it's called Task Scheduler. I haven't used it in a little bit, but that is the same way that you would do this on Windows, and I'm sure that OSX has a similar way to do this as well.
A cron tab is simply a special file with formatting like so, and we'll walk through this in a moment, that is recognized by the cron process. to execute each line step by step. CronTabs requires six specific values.
And we can see that these values, these first five, are so we can specify when we want this to run and then the actual command we want to run. Pretty straightforward. I won't walk through this. I recommend adding those to your notes though. Let's use the example of backing up files.
You may wish to back up CMNatics documents every 12 hours, and we would use the following command formatting to do exactly that. So here we see that we have our full command written out. An interesting feature of crontabs is that we also support the wildcard asterisk, and this can be found on the 8 key to actually specify that we want this to run at every single interval in that specific field. If we do not wish to provide a value for that specific field, i.e. we don't care what month, day, or year it is executed, only that it is executed every 12 hours, we simply pray it.
place an asterisk. And here we can see that in this first field that we're specifying that this is going to happen at the start of the hour, every 12 hours, and every day of the month, and every month of the year, and every day of the week. And then we have actually our command here at the end of that.
This can be a little bit confusing to begin with, and don't worry too much about this. This is something that you just need to have a general knowledge of. However, there are some great resources online, such as the crontab generator. I recommend bookmarking that.
And that allows you to use a friendly application, or it's a friendly application rather, to generate formatting for you, as well as the site Chrome Guru. So if you know what you want to do, but maybe you're not the most comfortable with this formatting, you can use crontab generator to get it all whipped up for you. Pretty straightforward.
Crontabs can be edited using crontab-e specifying edit, where you can select an editor, such as nano, and it will prompt you for this on your first time using this to edit your crontab. And here you can see an example of the crontab generator there. And we can see editing it with nano down below. Ensure you are connected to the deployed instance and look at the running crontabs. So let's go ahead and use crontab-e.
And we can see all the crontabs on the system. And if I scroll down, we can see that there is one process. How frequently does this crontab run? This is a special instance of how we can run this with app. Reboot specifying that every time the system reboots, we want to run this process.
And there we go. We can go ahead and use control X to now exit nano and exit editing that crontab. Let's move into task seven, maintaining your system with package management. Introducing packages and software repos. When developers wish to submit software to the community, they will submit it into an app repository.
If approved, their programs and tools will be released into the world. the wild. Two of the most redeeming features of Linux shine to light here, user accessibility and the merit of open source tools. When using the ls command on a Ubuntu 20.04, don't worry too much about this release number. It's just the same as like Windows 7 or Windows 10 and specific sub versions of that rather.
Linux machine, these files will serve as the gateway slash registry. Don't worry too much about this. This is just so that you have a general idea of how you can add different sources in.
If you ever install something such as Sublime Text, The Sublime Text website will give you the command to do this and just having a general idea of where this is actually taking place is the important part. So here we can see that we have our sources.list file. This is the directory that all this information is stored in and then we have the sources.list file here.
This shows all of the sources that we're pulling things from whenever we want to go through and update things. So for example, when using the apt command, which we'll go into in just a moment, this is what it's actually looking at. Whilst operating system vendors will maintain their own repositories, you can also add community repositories to your list. This allows you to extend the capabilities of your operating system. Additional repositories can be added using the add after repository command or by listing another provider.
For example, some vendors have or will have a repository that is closer to their geographical location and that's fairly common to see. This is also something that if you install Docker you will probably have to add in a new repository for this as the default installation of the default one that's available in these repositories is usually out of date. Managing your repositories via adding and removing. Normally, we can use the apt command to install software onto our Ubuntu system. The apt command is a part of the package management software, also named apt.
Apt contains a whole suite of tools that allows us to manage the packages and sources of our software, and to install or remove software at the same time. Let's walk through adding or removing a repository using addaptrepository. or the add apt repository command we illustrated above.
Whilst you can install software through the use of the package installers such as dpkg or debium package, the benefits of apt means that whenever we update our system, the repository that contains the pieces of software that we add also gets checked for updates. So think of this as just a more automated way of installing new things to our system. In this example, we are going to add the text editor Sublime Text, great example as I mentioned above, to our Ubuntu machine as a repository, as it is not part of the default Ubuntu repositories.
I believe this might have changed. I think it might actually be in there now. However, this is still a great example.
When adding software, the integrity of what we download is guaranteed by the use of what is called GPG or New Privacy Guard keys. If you ever are... communicating securely with email, finding a GPG key like this is very common. And this is something that if you are interested in privacy on the internet, I definitely recommend looking a little bit more into.
It's a very fascinating topic. These keys are essentially a safety check from the developer saying, here's our software. And this is kind of a digital fingerprint that verifies, hey, this is coming from who we think it's coming from.
If the keys do not match up with what your system trusts and what the developers used, then the software will not be downloaded. So, to start, we need to add the GPG key for the developers of Sublime Text 3. Note that the TriHackMe instances don't have access to the internet, so we're not actually expecting you to follow along here. This is just so you understand what this process looks like. And a lot of times, whenever you're installing something like this, you're going to be given the commands anyways, so don't worry too much. Just feel free to sit back and just follow along.
Let's download the GPG key and use apt-key to trust it. So, here you can see we're using wget. to download this gpg key and then we are piping it like i used before to sudo add or apt dash key add and then dash don't worry about the breakdown on that we're downloading the key and just adding it to our trusted sources now that we've gone ahead and done that what we can go ahead and do is add that repository to our app sources list and our a good practice is to have a separate file for each different community slash third-party repository that we add Let's create a file named sublime-text.list in etsy-appsources.list.d and enter the repository information like so. So we're going to put a file in this folder, and here we can see that we've created that, and we're going to go ahead and edit it with a similar formatting to what we saw above.
This is just the repository that we're adding. It is good practice to add a comment here saying, hey, I used this repository for this. This is why it's here.
just to have a little bit of backup information there. It's pretty straightforward with Sublime Text, but when you start adding a lot of these in, which you might do, it just depends on your use case for Linux, it is good to have these all annotated, especially at the time of downloading it because you know what you're using it for. After we've added this repository, we need to update app to recognize this new entry.
And we can do this with the app to update command. Once we've successfully left that complete, we can now use app to install software from that repository, such as using the command, apt install sublime-text. And then we can reverse that for uninstalling things if we want to remove a repository.
And we can see just an example of that there. And this will automatically remove the repository. And then if we wanted to remove the software package, we can do that like so. And here's an example if we wanted to uninstall Sublime Text. Since Triagma instances do not have an internet connection, just make sure that you've understood what's going on here as a general process, that we are adding the key so that we know what to trust.
and then we're adding where we're actually downloading things from, and then we have the ability to install new software. Let's mark that as completed and move on to task 8, maintaining your system with logs. We briefly touched upon log files and where they can be found in Linux Fundamentals Part 1. However, let's quickly recap.
Located in the var log directory, these files and folders contain logging information for applications and services running on your system. The operating system, or OS, has become pretty good at automatically managing these logs in a process that is known as rotating. I have highlighted some logs from three services running on an Ubuntu machine.
We have an Apache 2 web server log right over here, a Feldman log service. If you ever do cyber defense clubs, Field of Band is going to be your best friend. This is a way that you can prevent brute force logins.
Don't worry about this too much, but if you ever do cyber defense or things like that, this is a great thing to know about. And then UFW or uncomplicated firewall, which as it sounds is just a firewall service. Also very useful if you're doing a cyber defense competition. These services and logs are a great way of monitoring the health of your system and protecting it. Not only that, but the logs for services such as a web server contain information about every single request.
allowing developers or administrators to diagnose performance issues or investigate an intruder's activity. For example, the two types of log files below are of interest, where we have an access log and an error log. This is what people actually do and what errors are generated. And you can see that we have examples of that here in the Apache 2 directory. There are, of course, logs that store information about how the operating system is running itself and actions that are performed by users such as authentication attempts.
If you go into the defensive side of information security, this is something you will look into pretty heavily, especially using monitoring sources such as Splunk or any other SIM. There are a whole bunch of rooms on that. If that's something that interests you, I recommend going through the beginner pathway and then moving into a defensive pathway, which if it's not released at this time, it will be released fairly soon afterwards. So just keep that in mind. Look for the Apache 2 logs on the deployable Linux machine.
So, we can go ahead and cd to var log Apache 2, since we know where it's at from the example. You can also look in the var log folder and just find it that way. Mark that as completed, and then we need to find the IP address of the user that visited the site. Now, if we take a look at the ownership permissions of these files, we'll find that there are only two files that we can actually read. We have this error log, which gives us permissions right there, and then we have the access log.
Since we're looking for someone that successfully visited the site, we're going to take a look at this access log. Let's go ahead and use less and then access.log.1. And we can see that we have our IP address right over here. And that is going to be 10.9.232.1.1.1. And then what file did they access?
That is going to be catsanddogs.jpg. Catsanddogs.jpg. And there we go.
We can press Q to close out of less, and then I'll do Ctrl-L to clear the screen. Let's move into our final task, conclusions and summaries. Welcome to the end of the Linux Fundamentals module.
Your familiarity with Linux will improve as you interact or get to interact with it over time. Practice makes perfect as you use it, and you'll probably start using it on a daily basis. Even if you're not using it now, as you practice you'll get used to this very quickly.
Linux has the potential to do very powerful things with relative ease. as you have hopefully discovered throughout this module. To recap, this room introduced you to the following topics.
Using terminal text editors such as nano and vim, general utilities such as downloading and serving contents using a Python web server, and I do recommend looking into UpDog, it is worth your time, it'll take like 5-10 minutes, a look into processes, and then finally maintaining and automating your system by the use of crontabs, package management, and reviewing logs. Continue your learning in some other TriHackMe rooms that are dede- Kitted to Linux tools or utilities. And there's a couple things that we mentioned here. First, we have the find command. Excellent room.
This is one of my favorite rooms on TriHackMe, just to give you a general idea and very comprehensive understanding of how to use this in your daily workload. And especially as someone working in information security or even just general IT. Then we have a room about bash scripting. And then another one about regular expressions.
Terminating the machine deployed in this task from task two. Let's go ahead and scroll up. we'll terminate that there mark that as completed and then continue your learning in other linux dedicated rooms we'll mark that as completed and that's going to do it for this video if you have any questions as always we have the try hack me discord and try hack me subreddit linked in the video description below but until next time happy hacking