# Hackathon 0: Linux Fundamentals

This is a hands-on introduction walkthrough for getting familiar with Linux operating system and in general as an introduction to technical inforamtion before starting a Capture The Flag.

The basic commands in Linux is of course browsing the folders etc. So open a terminal and run some commands to check the folders.

The following command provides the list of files

In [26]:
!ls

sample_data


You can see in which folder you are right now.

In [25]:
!pwd

/content


To go one folder higher or deeper use cd

In [37]:
!cd /content

In [39]:
!ls

sample_data


Open the sample_data using nano or preview using one of the commands cat, head, tail

In [41]:
!cd sample_data/

In [None]:
!hostname

Executing !hostname in Google Colab returns a string of characters like "58fc39a04e6b", which is the hostname of the virtual machine running the code. This string serves as a unique identifier for the virtual machine instance. In a normal Linux system the command will return the hostname of the machine, which is typically set during the system configuration. The hostname could be something like "mycomputer" or "example.com", depending on how the system administrator has configured it. It's usually a user-friendly name rather than a randomly generated string like in the case of Google Colab.

### Exercise 1: Verify the Hostname

Run the `hostname` command on your own machine. What is the hostname of your computer?

## 2. Understanding the System: Kernel Information

### Command: `uname -a`
```bash
uname -a
```
The `uname -a` command provides comprehensive information about the system, including the kernel version, machine hardware name, processor type, and operating system. This information is crucial for identifying potential kernel vulnerabilities that could be exploited.

In [43]:
!uname -a

Linux 5c56c80119a4 6.1.85+ #1 SMP PREEMPT_DYNAMIC Thu Jun 27 21:05:47 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux


The command uname -a is a Unix/Linux command that retrieves system information about the operating system.

1. Kernel Version: "6.1.85+ #1 SMP PREEMPT_DYNAMIC" - This indicates the version of the Linux kernel running on the system. The kernel is the core component of the operating system responsible for managing system resources and facilitating communication between software and hardware.

2. System Time: "Sun Apr 28 14:29:16 UTC 2024" - This specifies the date and time when the kernel was built or when the system was last booted. In this case, the system was last booted on Sunday, April 28, 2024, at 14:29:16 UTC.

3. Architecture: "x86_64 x86_64 x86_64" - This indicates the system architecture, which is x86_64. It means that the system is capable of running 64-bit software. The repetition of "x86_64" suggests that the system has multiple CPUs or CPU cores, all of which are 64-bit capable.

4. Operating System: "GNU/Linux" - This specifies the operating system type. In this case, it's a Linux-based operating system.

## 3. Who Am I?

### Command: `whoami`
```bash
whoami
```
The `whoami` command simply returns the username of the current user. This can be useful for quickly verifying your user identity, especially when switching between different accounts or using sudo.

In [44]:
!whoami

root


When the response returns as "root," it denotes a significant level of authority. "Root" isn't merely a username; it symbolizes the superuser account, embodying the pinnacle of system access. As the superuser, one wields unparalleled control over the system's resources and functionalities. With the power to execute commands, modify critical system files, and administer user privileges, the root user stands as the ultimate arbiter of the system's fate. However, such omnipotence demands vigilance, as even a single erroneous command can have far-reaching consequences, potentially jeopardizing the stability and security of the entire system. Thus, while the root user commands immense authority, exercising it judiciously is paramount to ensuring the integrity and reliability of the system.

### Exercise 3: Check Current User

Run the `whoami` command. What is the current username you are logged in with?

## 4. Distribution Information

### Command: `lsb_release -a`
```bash
lsb_release -a
```
The `lsb_release -a` command provides detailed information about the Linux distribution. This includes the distributor ID, description, release number, and codename. This information is essential for identifying the exact OS version in use.

In [45]:
!lsb_release -a

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.3 LTS
Release:	22.04
Codename:	jammy


Google Colab, being a cloud-based service, doesn't include all the components and modules typically found in a full Linux distribution like LSB.

---

The Linux Standard Base (LSB) is a project initiated by the Linux Foundation to standardize the structure and components of Linux distributions. Its primary goal is to increase compatibility among different Linux distributions by defining a common set of standards and APIs (Application Programming Interfaces). This helps developers create software that can run seamlessly across various Linux distributions without needing to be modified for each specific distribution.

Key components of the LSB include:

1. Filesystem Hierarchy Standard (FHS): Defines the directory structure and organization of files within a Linux system, ensuring consistency across distributions.

2. Binary Compatibility: Specifies standards for binary executables and libraries, enabling applications compiled on one LSB-compliant system to run on another without compatibility issues.

3. Core Libraries: Defines a set of core libraries and APIs that must be present on LSB-compliant systems, ensuring a common foundation for software development.

4. Command-line Interfaces (CLI): Specifies standard command-line utilities and options, promoting uniformity in how users interact with the system.

5. Packaging Formats: Recommends packaging formats and tools for distributing software, facilitating software installation and management across distributions.

## 5. OS Release Information

### Command: `cat /etc/*-release`
```bash
cat /etc/*-release
```
The `/etc/*-release` files contain release information for the operating system. These files can include details like the OS name, version, and more. They provide a broader range of details compared to `lsb_release`.

In [46]:
!cat /etc/*-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy


* Distributor ID: Indicates that the distribution is Ubuntu.
* Release: Specifies the version of Ubuntu (22.04).
* Codename: Gives the code name of the Ubuntu release (Jammy).
* Description/Pretty Name: Provides a detailed description of the Ubuntu version, including the LTS (Long-Term Support) designation and the code name.
* Version ID: Specifies the version number of Ubuntu (22.04).
* Version: Further details the version as 22.04.3 LTS (Jammy Jellyfish).
* Version Codename: Reiterates the code name of the Ubuntu release (jammy).
* ID/Like: Mentions that Ubuntu is similar to Debian, a popular Linux distribution.
* Home URL/SUPPORT_URL/BUG_REPORT_URL/PRIVACY_POLICY_URL: Provide links for * Ubuntu's home page, support, bug reporting, and privacy policy.
* UBUNTU_CODENAME: Again specifies the code name of the Ubuntu release (jammy).

### Exercise 5: Check OS Release Information

View the contents of `/etc/*-release` on your system. Compare this information with the output of `lsb_release -a`.

## 6. Kernel Version

### Command: `uname -r`
```bash
uname -r
```
The `uname -r` command returns only the kernel version, making it a quick way to check the kernel version without the extra details provided by `uname -a`.

In [47]:
!uname -r

6.1.85+


The kernel release version of the current operating system. In your provided output "6.1.85+", "6.1.85" represents the kernel version, and the additional "+" symbol typically indicates that the kernel version includes additional patches or modifications beyond the base version.

### Exercise 6: Check Kernel Version

Run the `uname -r` command. What is the kernel version of your system?

## 7. System Architecture

### Command: `arch`
```bash
arch
```
The `arch` command displays the architecture of the machine, such as `x86_64` for 64-bit systems. This is useful for understanding the hardware capabilities of the system.

Run this command to determine the system architecture:

In [48]:
!arch

x86_64


This means that your system supports 64-bit instructions and can run 64-bit software.

## 8. System Uptime

### Command: `uptime`
```bash
uptime
```
The `uptime` command shows how long the system has been running, the number of users, and the system load averages. This can be useful for understanding the system's stability and current load.

Use this command to check the system's uptime and load:

In [None]:
!uptime

* Uptime: The system has been up
* Users: Currently, there are no users logged in.
* Load Average: The load average values represent the system load over the last 1, 5, and 15 minutes, respectively. In this case, the load averages are 0.35, 0.24, and 0.20. These numbers indicate the average number of processes that are either in a runnable state or waiting for CPU time over the specified time intervals. Lower load averages generally indicate a system that is not heavily loaded.

## 9. CPU Information

### Command: `lscpu`
```bash
lscpu
```
The `lscpu` command provides detailed information about the CPU architecture, including the number of CPUs, threads, cores, sockets, and more. This information is crucial for performance tuning and understanding the processing power of the system.

Use this command to gather detailed CPU information:

In [49]:
!lscpu

Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          46 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   2
  On-line CPU(s) list:    0,1
Vendor ID:                GenuineIntel
  Model name:             Intel(R) Xeon(R) CPU @ 2.20GHz
    CPU family:           6
    Model:                79
    Thread(s) per core:   2
    Core(s) per socket:   1
    Socket(s):            1
    Stepping:             0
    BogoMIPS:             4399.99
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 cl
                          flush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc re
                          p_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3
                           fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand
                           hypervisor lahf_lm abm 3dnowprefetch i

## 10. Memory Usage

### Command: `free -h`
```bash
free -h
```
The `free -h` command displays the system's memory usage in a human-readable format. It shows the total, used, and free memory, along with buffers and cache used by the kernel.

Run this command to check the memory usage of the system:

In [50]:
!free -h

               total        used        free      shared  buff/cache   available
Mem:            12Gi       809Mi       8.4Gi       5.0Mi       3.5Gi        11Gi
Swap:             0B          0B          0B


## 11. Disk Usage

### Command: `df -h`
```bash
df -h
```
The `df -h` command displays disk space usage in a human-readable format. It shows the total, used, and available space on all mounted filesystems.

Use this command to check the disk usage on the system:

In [51]:
!df -h

Filesystem      Size  Used Avail Use% Mounted on
overlay         108G   28G   81G  26% /
tmpfs            64M     0   64M   0% /dev
shm             5.8G     0  5.8G   0% /dev/shm
/dev/root       2.0G  1.2G  820M  59% /usr/sbin/docker-init
tmpfs           6.4G  4.3M  6.4G   1% /var/colab
/dev/sda1        70G   46G   24G  66% /kaggle/input
tmpfs           6.4G     0  6.4G   0% /proc/acpi
tmpfs           6.4G     0  6.4G   0% /proc/scsi
tmpfs           6.4G     0  6.4G   0% /sys/firmware


From the output you provided, it seems to list various filesystem types mounted on different directories within the Linux filesystem hierarchy. Here's a breakdown:

1. overlay: This is likely the root filesystem (or "/" directory) of the system. It's utilizing the overlay filesystem, which is commonly used in containerization technologies like Docker.

2. tmpfs: This is a temporary filesystem stored in the system's memory (RAM). It's often used for temporary files and directories that don't need to be persisted across reboots.

3. shm: This is another temporary filesystem, specifically a shared memory filesystem. It's used for creating shared memory segments that can be accessed by multiple processes.

4. /dev/root: This appears to be a block device filesystem mounted at the root directory ("/"). It's likely the primary filesystem for the system, containing the operating system and other essential files.

5. /dev/sda1: This is a block device filesystem, typically representing a partition on a physical disk (such as a hard drive or SSD). It's mounted at the directory specified, providing additional storage space for the system.

6. tmpfs: Another temporary filesystem stored in memory.

Linux (Debian distributions or Ubuntu) uses apt to simplify the process of software management on Debian-based Linux systems, providing users with a convenient and efficient way to install, update, and remove software packages.

The first command, "!apt update", triggers an update of the package information sourced from the repositories configured on the system. This ensures that the user has access to the latest software updates and versions. Following this, the second command, "!apt install hwinfo", proceeds to install the "hwinfo" package using the "apt" package manager.

In [53]:
!apt update
!apt install hwinfo
!apt install net-tools

[33m0% [Working][0m            Hit:1 https://cloud.r-project.org/bin/linux/ubuntu jammy-cran40/ InRelease
[33m0% [Connecting to archive.ubuntu.com (91.189.91.82)] [Waiting for headers] [Connecting to ppa.launch[0m                                                                                                    Hit:2 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  InRelease
[33m0% [Waiting for headers] [Waiting for headers] [Connecting to ppa.launchpadcontent.net (185.125.190.[0m                                                                                                    Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
[33m0% [Waiting for headers] [Waiting for headers] [Connecting to ppa.launchpadcontent.net (185.125.190.[0m                                                                                                    Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
[33m0% [Waiting for headers] [Waiting for

## 12. Hardware Information

### Command: `hwinfo`
```bash
sudo hwinfo
```
The `hwinfo` command provides detailed information about the hardware present in the system. It includes details about CPU, memory, disks, network interfaces, and more. This command is often used for diagnosing hardware issues or for inventory purposes.

Gather comprehensive hardware details using this command:

In [54]:
!sudo hwinfo

libhd version 21.72 (x86-64) [7688]
using /var/lib/hardware
kernel version is 6.1
----- /proc/cmdline -----
  BOOT_IMAGE=/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=6F16D21A-3550-4D4B-923B-42C1E08F3A52 PARTUUID=6F16D21A-3550-4D4B-923B-42C1E08F3A52 4096 4096 509696 509696 sha256 f3dd89d35d7a784a5c3b3574a3c2ba9b6e048393a45ea7c0db0ce6e2bb5ea722 efea93e6ad805a12fcbe2a0bb849c96749911d0d45e3598c7f468ca913f88c20" mitigations=off retbleed=off psi=1
----- /proc/cmdline end -----
debug = 0xff7ffff7
probe = 0x15938fcdaa17fcf9fffe (+memory +pci +isapnp +net

## 13. Network Configuration

### Command: `ifconfig`
```bash
sudo ifconfig
```
The `ifconfig` command displays the network configuration for all network interfaces on the system. It includes details about IP addresses, MAC addresses, and more. The ifconfig command is included in the package namely net-tools and provides a set of command-line tools for network monitoring and configuration.

Check the network configuration using this command:

In [55]:
!sudo ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.28.0.12  netmask 255.255.0.0  broadcast 172.28.255.255
        ether 02:42:ac:1c:00:0c  txqueuelen 0  (Ethernet)
        RX packets 8925  bytes 17701644 (17.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7576  bytes 2040545 (2.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 59154  bytes 17943701 (17.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 59154  bytes 17943701 (17.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



The provided output details the configuration and statistics of the network interface "eth0". It reveals that the interface is currently active and operational, supporting broadcasting and multicast traffic. The IP address assigned to the interface is "172.28.0.12

The IP address "172.28.0.12" is often associated with Docker containers, especially when using Docker in a local development environment or within a containerized setup. Google Colab's backend infrastructure utilizes Docker or similar containerization technologies internally, and the reported IP address reflects this.

### Exercise 13: Inspect Network Configuration

Run the `ifconfig` command. What network interfaces are available on your system, and what IP addresses are assigned to them?

## 14. Network Statistics

### Command: `netstat -an`
```bash
sudo netstat -an
```
The `netstat -an` command provides detailed information about network connections, including listening and established connections, along with their state.

Use this command to analyze network statistics:

In [56]:
!sudo netstat -an

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:3453          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.11:33247        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:34683         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:9000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:39821         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53905         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        172.28.0.12:46750       TIME_WAIT  
tcp        0      0 172.28.0.12:60894       172.28.0.12:6000        ESTABLISHED
tcp        0      0 172.28.0.12:6000        172.28.0.12:46766       TIME_WAIT  
tcp        0      0 172.28.0.12:55222       172.28.0.12:9000      

The provided network socket entries illustrate the status of TCP connections on a system. The first line, "tcp 0 0 172.28.0.12:6000 0.0.0.0:* LISTEN", indicates that the system is actively listening for incoming connections on port 6000 of the local IP address "172.28.0.12". The IP address "0.0.0.0" denotes that it's listening on all available network interfaces. The second line, "tcp 0 0 172.28.0.12:6000 172.28.0.12:60066 ESTABLISHED", reveals an established connection between the local machine and a remote host located at IP address "172.28.0.12" on port "60066". This connection is in the "ESTABLISHED" state, indicating that data transfer is actively occurring between the local and remote hosts. Such information is vital for network administrators and system operators to monitor and manage network activity, ensuring the efficient functioning and security of the system.

For TCP connections, details include the protocol (TCP), the Receive and Send queues (Recv-Q and Send-Q), the local and foreign addresses, and the state of the connection. The state indicates whether the connection is listening for incoming requests, established, or in a time-wait state after closure.

For UDP connections, only the local and foreign addresses are shown, along with the protocol (UDP).

Additionally, the text presents active UNIX domain sockets, specifying the protocol (Unix), reference count, flags, type, state, and the corresponding file path for each socket.

This summary provides a comprehensive snapshot of the network activity and socket usage on the system, facilitating network monitoring and troubleshooting tasks.

## 15. Environmental Variables


The output of the env command provides a list of environment variables that are set in the current shell session, each specifying certain configurations and settings for the environment. For example, SHELL=/bin/bash indicates that the default shell for the session is Bash, a popular Unix shell. NV_LIBCUBLAS_VERSION=12.2.5.6-1 specifies the version of the NVIDIA cuBLAS library, a GPU-accelerated library for dense linear algebra computations, used for high-performance computing tasks. NVIDIA_VISIBLE_DEVICES=all signifies that all available NVIDIA GPU devices are accessible, which is particularly relevant in environments that support GPU acceleration, like Google Colab. Lastly, COLAB_JUPYTER_TRANSPORT=ipc indicates the transport mechanism used by Jupyter in Colab, where ipc (inter-process communication) is utilized for communication between processes. These environment variables configure and control various aspects of the system's behavior and resource usage, facilitating customized and efficient execution of tasks within the environment.



In [57]:
!env

SHELL=/bin/bash
NV_LIBCUBLAS_VERSION=12.2.5.6-1
NVIDIA_VISIBLE_DEVICES=all
COLAB_JUPYTER_TRANSPORT=ipc
NV_NVML_DEV_VERSION=12.2.140-1
NV_CUDNN_PACKAGE_NAME=libcudnn8
CGROUP_MEMORY_EVENTS=/sys/fs/cgroup/memory.events /var/colab/cgroup/jupyter-children/memory.events
NV_LIBNCCL_DEV_PACKAGE=libnccl-dev=2.19.3-1+cuda12.2
NV_LIBNCCL_DEV_PACKAGE_VERSION=2.19.3-1
VM_GCE_METADATA_HOST=169.254.169.253
HOSTNAME=5c56c80119a4
LANGUAGE=en_US
TBE_RUNTIME_ADDR=172.28.0.1:8011
COLAB_TPU_1VM=
GCE_METADATA_TIMEOUT=3
NVIDIA_REQUIRE_CUDA=cuda>=12.2 brand=tesla,driver>=470,driver<471 brand=unknown,driver>=470,driver<471 brand=nvidia,driver>=470,driver<471 brand=nvidiartx,driver>=470,driver<471 brand=geforce,driver>=470,driver<471 brand=geforcertx,driver>=470,driver<471 brand=quadro,driver>=470,driver<471 brand=quadrortx,driver>=470,driver<471 brand=titan,driver>=470,driver<471 brand=titanrtx,driver>=470,driver<471 brand=tesla,driver>=525,driver<526 brand=unknown,driver>=525,driver<526 brand=nvidia,driver>=5

## 16. PS command

The ps command in Linux is used to display information about the currently running processes. It can provide a snapshot of the processes running at a given moment.

Show all processes:

```
ps -e
```

```
ps -A
```

Detailed information about all processes:
```
ps -ef
```
Show processes in a user-oriented format:
```
ps -u username
```
Display processes in full-format listing:
```
ps -f
```
Display processes by a specific user:

```
ps -u username
```
Show process tree:

```
ps -e --forest
```

Here’s an example script to monitor CPU and memory usage of processes:

```
#!/bin/sh

echo "Top CPU consuming processes:"
ps -eo pid,comm,%cpu --sort=-%cpu | head -n 10

echo ""
echo "Top memory consuming processes:"
ps -eo pid,comm,%mem --sort=-%mem | head -n 10
```

In [58]:
!ps -e

    PID TTY          TIME CMD
      1 ?        00:00:00 docker-init
      6 ?        00:00:08 node
     10 ?        00:00:01 oom_monitor.sh
     12 ?        00:00:00 run.sh
     14 ?        00:00:01 kernel_manager_
     36 ?        00:00:00 tail
     62 ?        00:00:07 python3 <defunct>
     63 ?        00:00:00 colab-fileshim.
     85 ?        00:00:06 jupyter-noteboo
     86 ?        00:00:02 dap_multiplexer
   1449 ?        00:00:16 python3
   1476 ?        00:00:06 python3
   1504 ?        00:00:02 language_servic
   1515 ?        00:00:19 node
  49138 ?        00:00:00 sleep
  49139 ?        00:00:00 ps


In [59]:
!ps -eo pid,comm,%cpu --sort=-%cpu | head -n 10

    PID COMMAND         %CPU
   1515 node             0.8
   1449 python3          0.7
      6 node             0.3
     62 pytho <defunct>  0.2
     85 jupyter-noteboo  0.2
   1476 python3          0.2
     86 dap_multiplexer  0.1
      1 docker-init      0.0
     10 oom_monitor.sh   0.0


## 17. Top command
The top command in Linux provides a dynamic, real-time view of the system’s running processes, similar to the Task Manager in Windows. It displays system summary information and a list of processes or threads currently being managed by the Linux kernel.

System Summary:
- uptime: How long the system has been running.
- users: Number of logged-in users.
- load average: System load averages for the last 1, 5, and 15 minutes.
- tasks: Total number of tasks and their states (running, sleeping, stopped, zombie).
- CPU usage: Percentage of CPU time used by different categories (user, system, idle, etc.).
- Memory usage: Total, used, free, and buffer/cache memory.
- Swap usage: Total, used, and free swap space.

In [None]:
!top

[?1h=[H[2J[mtop - 16:32:38 up 2 min,  0 users,  load average: 0.99, 0.64, 0.26[m[m[m[m[K
Tasks:[m[m[1m  16 [m[mtotal,[m[m[1m   1 [m[mrunning,[m[m[1m  14 [m[msleeping,[m[m[1m   0 [m[mstopped,[m[m[1m   1 [m[mzombie[m[m[m[m[K
%Cpu(s):[m[m[1m  3.4 [m[mus,[m[m[1m 20.7 [m[msy,[m[m[1m  0.0 [m[mni,[m[m[1m 13.8 [m[mid,[m[m[1m 62.1 [m[mwa,[m[m[1m  0.0 [m[mhi,[m[m[1m  0.0 [m[msi,[m[m[1m  0.0 [m[mst[m[m[m[m[K
MiB Mem :[m[m[1m  12979.0 [m[mtotal,[m[m[1m   7593.8 [m[mfree,[m[m[1m    774.0 [m[mused,[m[m[1m   4611.2 [m[mbuff/cache[m[m[m[m[K
MiB Swap:[m[m[1m      0.0 [m[mtotal,[m[m[1m      0.0 [m[mfree,[m[m[1m      0.0 [m[mused.[m[m[1m  11885.4 [m[mavail Mem [m[m[m[m[K
[K
[7m    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                      [m[m[K
[m      1 root      20   0    1076      8      0 S   0.0   0.0   0:00.01 docker-init 

In [None]:
!apt install htop

# 18. Netstat

The netstat command in Linux provides information about network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

List all active connections and listening ports:

```
netstat -a
```
Show only listening ports:

```
netstat -l
```
Display routing table:

```
netstat -r
```
Show network interface statistics:

```
netstat -i
```
Show extended information (includes user and inode):
```
netstat -e
```
Display TCP connections:
```
netstat -t
```
Display UDP connections:
```
netstat -u
```
Show raw socket connections:
```
netstat -w
```
Show summary statistics for each protocol:
```
netstat -s
```

In [11]:
!apt install net-tools

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 45 not upgraded.
Need to get 204 kB of archives.
After this operation, 819 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 net-tools amd64 1.60+git20181103.0eebece-1ubuntu5 [204 kB]
Fetched 204 kB in 0s (900 kB/s)
Selecting previously unselected package net-tools.
(Reading database ... 122203 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20181103.0eebece-1ubuntu5_amd64.deb ...
Unpacking net-tools (1.60+git20181103.0eebece-1ubuntu5) ...
Setting up net-tools (1.60+git20181103.0eebece-1ubuntu5) ...
Processing triggers for man-db (2.10.2-1) ...


In [60]:
!netstat -tuln

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:3453          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.11:33247        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:34683         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:9000        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:39821         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53905         0.0.0.0:*               LISTEN     
tcp        0      0 172.28.0.12:6000        0.0.0.0:*               LISTEN     
tcp6       0      0 :::8080                 :::*                    LISTEN     
udp        0      0 127.0.0.11:57255        0.0.0.0:*                          


# 19. Sudo -l

The sudo -l command in Linux is used to list the allowed (and forbidden) commands for the invoking user on the current host. This command helps users and administrators understand what commands the user can run with elevated privileges without actually running them.

In [61]:
!sudo -l

Matching Defaults entries for root on 5c56c80119a4:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
    use_pty

User root may run the following commands on 5c56c80119a4:
    (ALL : ALL) ALL


The first ALL means that root can run commands as any user, including root and any other user on the system.
The second ALL means that root can run commands as any group.
ALL:

The final ALL means that root can run any command.

In [15]:
!ps aux | grep sudo

root        5239  0.0  0.0   7376  3540 ?        S    18:13   0:00 /bin/bash -c ps aux | grep sudo
root        5241  0.0  0.0   6484  2288 ?        S    18:13   0:00 grep sudo


shows all processes related to sudo. This command uses ps aux to list all running processes and grep sudo to filter and display only those that include sudo in their command or output.

In [62]:
!ls -la /etc/cron.*

/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Oct  4  2023 .
drwxr-xr-x 1 root root 4096 Jul  5 18:34 ..
-rw-r--r-- 1 root root  201 Jan  8  2022 e2scrub_all

/etc/cron.daily:
total 24
drwxr-xr-x 1 root root 4096 Jul  3 13:16 .
drwxr-xr-x 1 root root 4096 Jul  5 18:34 ..
-rwxr-xr-x 1 root root 1478 Apr  8  2022 apt-compat
-rwxr-xr-x 1 root root  123 Dec  5  2021 dpkg
-rwxr-xr-x 1 root root 1330 Mar 17  2022 man-db

/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Jul  3 13:16 .
drwxr-xr-x 1 root root 4096 Jul  5 18:34 ..
-rwxr-xr-x 1 root root 1020 Mar 17  2022 man-db


ls: List directory contents.
- -la: Use two options together:
0 -l: Use a long listing format.
- -a: Include hidden files (those starting with a dot .).
- /etc/cron.*: Specifies the path and pattern to match files and directories:
- /etc/: The directory where the search is focused.
- cron.\*: A wildcard pattern that matches any file or directory name starting with cron..

The cron.* pattern typically matches the following files and directories in /etc:

- /etc/crontab: The system-wide crontab file.
- /etc/cron.d/: A directory where individual cron job files can be placed.
- /etc/cron.daily/: A directory for scripts that are executed daily.
- /etc/cron.hourly/: A directory for scripts that are executed hourly.
- /etc/cron.monthly/: A directory for scripts that are executed monthly.
- /etc/cron.weekly/: A directory for scripts that are executed weekly.

#20. Lynis
Lynis is an open-source security auditing tool for Unix-based systems, including Linux and macOS. It helps system administrators and security professionals to perform in-depth security scans and audits, identify vulnerabilities, and provide recommendations for hardening the system.

In [19]:
!apt install lynis

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  menu
Suggested packages:
  dnsutils apt-listbugs debsecan debsums tripwire samhain aide fail2ban menu-l10n gksu
  | kde-runtime | ktsuss
The following NEW packages will be installed:
  lynis menu
0 upgraded, 2 newly installed, 0 to remove and 45 not upgraded.
Need to get 581 kB of archives.
After this operation, 3,164 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 lynis all 3.0.7-1 [227 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/universe amd64 menu amd64 2.1.47ubuntu4 [354 kB]
Fetched 581 kB in 0s (1,853 kB/s)
Selecting previously unselected package lynis.
(Reading database ... 122252 files and directories currently installed.)
Preparing to unpack .../archives/lynis_3.0.7-1_all.deb ...
Unpacking lynis (3.0.7-1) ...
Selecting previously unselected package menu.
Preparing to unp

In [20]:
!sudo lynis audit system


[1;37m[ Lynis 3.0.7 ][0m

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2021, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] [1;33mInitializing program[0m
------------------------------------
[2C- Detecting OS... [41C [ [1;32mDONE[0m ]
[2C- Checking profiles...[37C [ [1;32mDONE[0m ]

  ---------------------------------------------------
  Program version:           3.0.7
  Operating system:          Linux
  Operating system name:     Ubuntu
  Operating system version:  22.04
  Kernel version:            6.1.85+
  Hardware platform:         x86_64
  Hostname:           

**Key Sections in Lynis Output:**
- System Tools: Checks the presence and versions of essential security tools.
- Boot and Services: Reviews boot loader files and running services.
- Kernel Hardening: Examines kernel parameters and hardening options.
- File Integrity: Checks for tools and configurations related to file integrity monitoring.
- User Accounts: Inspects user account configurations and policies.
- Malware Scanners: Looks for installed malware scanners and configurations.
- Hardening Index: Provides an overall hardening score and suggests areas for improvement.

## Conclusion

In this guide, we've explored a variety of manual enumeration techniques using Linux commands. These techniques provide valuable insights into the target system's configuration, which is crucial for identifying potential vulnerabilities and securing the system against cyber threats.

By mastering these commands and understanding their output, cybersecurity professionals can effectively assess the security posture of their systems and take proactive measures to mitigate risks.