Common Commands
Install and Update
Understanding your device
Networking Commands
Services
SSH Service
HTTP Service
Processes
Users and privileges
File Manipulation
Common Directories you will use:
/bin - basic programs (ls, cd, cat, etc...) /sbin - system programs (fdisk, mkfs, sysctl, etc...) /etc - config files /tmp - temporary files (typically deleted on boot) /usr/bin - applications (apt, ncat, nmap, etc...) /usr/share - application support and data files
File Creation
File searching
Text printing
File permissions
For more info on the permissions codes, see here: https://www.guru99.com/file-permissions.html
File manipulation and Searching in a file
Comparing files
Monitoring files
Downloading files
Command History
Commands entered in the terminal are tracked using the
HISTFILE
environment variable and are written to the~/.bash_history
file when a user logs off.it is possible for credentials and passwords to be stored as plaintext in the
/.bash_history
Variables can also be seen when stored in the bash config file, .bashrc
One way a user can prevent credentials from being recorded is by starting each command with a leading space character. For example the command
" echo 'hello world'"
will not be saved, whereas"echo 'hello world'"
will be.To prevent users from hiding commands, the
HISTCONTROL
variable can be set to"ignoredup"
, and users prevented from changing the environment variable. This will ensure all commands are captured and stored in the bash history.cat theywillneverfindmeheere
Sudo History
The amount of time that sudo credentials are cached for can be set using the
timestamp_timeout
variable. Setting the value oftimestamp_timeout
to0
causes sudo to require a password every time it is executed; if no value is set, it will default to 5 or 15 minutes depending on the operating system.By default sudo will honour TTY session segregation, meaning that if you were to run
sudo
in one terminal window and then again in a separate one, you would have to authenticate both times. Thetty_tickets
flag can be used to disable session segregation, causing all sessions to use the same record.Session timeouts are tracked using file records. The location of these files can vary depending on the flavour of Linux but often reside at
/run/sudo/ts/<username>
(/var/db/sudo
on macOS). The files used to track sessions persist beyond a user’s login session. If a user successfully authenticates usingsudo
, logs out, logs in again and runssudo
within the set timeout, they may not have to re-enter their password.
Last updated