Introduction to the Open-Source Operating System: Linux
If you spend any time in tech, you quickly realize that Linux is everywhere. It runs cloud infrastructure, enterprise servers, Android devices, network routers, and every one of the world’s top supercomputers. For most people, it hums along invisibly in the background. But for cybersecurity professionals, Linux is something else entirely — it is the foundation on which penetration testing, digital forensics, threat hunting, and security operations are built.
What makes Linux so central to security work is its open-source philosophy. Anyone can read the kernel source code, compile a custom build, or strip the OS down to exactly what a specific task requires. There are no hidden components and no relying on a vendor’s word about what the software actually does.
“Linux is not just an operating system; it’s a philosophy that empowers users with control, freedom, and security.” — Linus Torvalds
To work securely with Linux, you need to understand how the kernel coordinates between user applications and physical hardware. The diagram below shows the relationship between User Space — where regular processes run with restricted privileges — and Kernel Space, where the core OS manages hardware with full access rights.
(Web Browser, Shell, Server)"]:::component Lib["System Libraries
(glibc)"]:::component end subgraph KernelSpace ["Kernel Space (Full Privileges)"] Syscall["System Call Interface
(sys_read, sys_write, etc.)"]:::component LSM["Linux Security Modules (LSM)
(AppArmor, SELinux)"]:::security KernelCore["Kernel Core Services
(Process, Memory, Network, VFS)"]:::component Drivers["Device Drivers & Hardware"]:::component end App --> Lib Lib -->|System Calls| Syscall Syscall --> LSM LSM -->|Access Decision| KernelCore KernelCore --> Drivers style UserSpace fill:#1e293b,stroke:#4c566a,stroke-width:2px,color:#88c0d0 style KernelSpace fill:#0f172a,stroke:#4c566a,stroke-width:2px,color:#88c0d0
Understanding the Linux Directory Structure
Linux organizes everything under a single root directory /. Following the Unix principle that “everything is a file” — including hardware devices, processes, and network sockets — the structure is standardized across all major distributions.
| Directory | Standard Purpose | Security & Auditing Context |
|---|---|---|
/ | The root directory that anchors the entire filesystem tree. | Every path originates here. Unauthorized write access to root is a critical risk. |
/bin | Essential user binaries required in single-user mode. | Contains core commands like ls, cp, and bash. Audit for unauthorized modifications. |
/sbin | Essential system binaries reserved for administrative tasks. | Contains utilities like iptables, reboot, and fdisk. Restricted to root or sudoers. |
/boot | Bootloader configurations, kernel images (vmlinuz), and initramfs. | Critical for boot integrity. Write-protect to prevent evil maid attacks and bootkits. |
/dev | Device nodes representing physical and virtual hardware. | Contains devices like /dev/sda (raw storage) and /dev/urandom. Raw drive access must be restricted. |
/etc | System-wide configuration files and databases. | Houses credentials (/etc/shadow), user lists (/etc/passwd), and service configs. A primary audit target. |
/home | Home directories for standard users (e.g., /home/alice). | Holds user files, shell history, and SSH keys. Often monitored for indicators of compromise. |
/root | Dedicated home directory for the superuser (root). | Separated from /home to remain accessible if user storage partitions fail. Strictly privileged. |
/lib & /lib64 | Shared libraries required by system binaries. | Contains shared objects (.so files). Must be protected against library preloading and hijacking. |
/media & /mnt | Mount points for removable media and manual filesystem mounts. | Used when mounting external drives during incident response or forensic analysis. |
/opt | Add-on application software packages. | Third-party tools install here. Check regularly for unpatched binaries. |
/proc | Virtual filesystem exposing kernel state and process details. | Exists only in memory. Security tools query /proc/<PID>/ to inspect process memory and arguments. |
/sys | Virtual filesystem exposing hardware and driver parameters. | Used to query and modify kernel configurations and security settings at runtime. |
/tmp | Temporary directory accessible by all users. | Uses the Sticky Bit to limit deletion. Watch for staging files during exploitation or malware execution. |
/usr | User binaries, libraries, documentation, and source code. | Contains /usr/bin and /usr/share. Kept read-only on hardened systems. |
/var | Variable files such as mail queues, databases, and logs. | Contains /var/log (syslog, auth logs). Forward logs off-host to prevent tampering. |
Discretionary Access Control: File Permissions
Linux controls access through user ownership and permission bits. Every file and directory is assigned to an owner and a group. The system checks three tiers of access rights:
- User (u): The user who owns the file.
- Group (g): Members of the group associated with the file.
- Others (o): Everyone else on the system.
Running ls -l shows permissions as a character string like this:
-rwxr-xr-x 1 webadmin developers 1234 May 31 10:00 deploy.sh
Breaking it down:
- The first character is the file type (
-for regular file,dfor directory,lfor symlink). - The next nine characters are three permission triplets:
rwx(Owner):webadmincan read, write, and execute.r-x(Group): Thedevelopersgroup can read and execute.r-x(Others): Everyone else can read and execute.
For a full guide covering octal notation, special bits (SUID, SGID, Sticky Bit), and Access Control Lists (ACLs), see our dedicated post on Linux File Permissions and Ownership Management .
Essential Linux Commands
Almost all Linux work happens at the command line. Commands follow this general format:
command [options] [arguments]
These are the foundational commands you’ll use constantly:
| Command | Purpose | Basic Example |
|---|---|---|
ls | Lists directories and file details. Use -la to show hidden files and permissions. | ls -la /var/log |
cd | Changes the current working directory. | cd /etc/ssh |
pwd | Prints the absolute path of the current directory. | pwd |
touch | Creates an empty file or updates timestamps of an existing file. | touch honeypot.log |
rm | Removes files or directories. Use -r for recursive and -f to force. | rm -rf /tmp/malicious_payload |
chmod | Modifies access permissions on a file or directory. | chmod 600 ~/.ssh/id_rsa |
nano / vim | Terminal-based text editors for editing configuration files. | sudo vim /etc/hosts |
man | Opens the manual page for any command. | man iptables |
Why Choose Linux? A Cybersecurity Perspective
Linux offers real, measurable advantages over proprietary operating systems from a security standpoint:
- Auditable Source Code: The kernel is open, so security researchers, enterprises, and government agencies can inspect every line. Vulnerabilities get found and patched by the community rather than waiting on a single vendor’s timeline.
- Minimal Attack Surface: Unlike consumer operating systems that bundle dozens of services by default, a Linux installation can be stripped down to exactly what you need. Running servers without a GUI and disabling unused services means fewer entry points for attackers.
- Granular Privilege Control: The root account is the absolute superuser, but day-to-day administrative tasks are delegated through
sudowith strict logging. Access controls go further with mandatory security frameworks at the kernel level. - Native Hardening Frameworks: Linux Security Modules (LSMs) like SELinux and AppArmor enforce mandatory access controls that restrict processes to specific files and operations — limiting the blast radius when an application gets compromised.
- Stability and Performance: Linux manages memory and system resources efficiently and almost never requires reboots. That matters for security infrastructure like firewalls and IDS/IPS that must stay online continuously.
Linux vs. Windows: The Enterprise Security Battle
| Feature | Linux | Windows |
|---|---|---|
| Security Architecture | Discretionary Access Control (DAC) with optional MAC via SELinux or AppArmor. Low kernel footprint. | Discretionary Access Control (DAC) with Mandatory Integrity Control (MIC) and Active Directory integration. |
| Attack Surface & Vectors | Primarily targeted via web application exploits, unpatched network services, misconfigured permissions, and container breakouts. | Historically targeted by user-focused malware, phishing, macro scripts, Active Directory credential harvesting, and local privilege escalation. |
| Patching Operations | Software repositories allow seamless system updates. Supports live-patching to update a running kernel without reboots. | Windows Update handles OS patches, but major security updates often require reboots, causing downtime. |
| Transparency & Auditability | Open-source. Enables binary verification, reproducible builds, and deep code inspection by anyone. | Closed-source. Relies on vendor trust and third-party EDR integrations for visibility. |
| Customizability | Highly customizable — unused kernel modules, libraries, and utilities can be removed to reduce the attack surface. | Monolithic design makes stripping core components difficult, leaving a larger software footprint. |
Popular Linux Distributions (Distros)
Because Linux is open-source, developers package the kernel with different tools, libraries, and package managers to create distinct distributions. Picking the right one depends on what you’re doing:
- Ubuntu & Debian: Ubuntu is user-friendly and widely supported, making it a popular choice for developers and cloud deployments. Debian is renowned for rock-solid stability and conservative package updates — a reliable base for production servers.
- Red Hat Enterprise Linux (RHEL), Fedora & Rocky Linux: The standard in enterprise environments. These distros ship with SELinux policies enabled by default and offer commercial support, which matters for compliance-heavy organizations.
- Arch Linux: A minimalist rolling-release distro built for advanced users. You start with a bare shell and build up exactly the system you want. Maximum flexibility, but it demands hands-on maintenance.
- Kali Linux & Parrot OS: Debian-based distributions configured specifically for penetration testing and digital forensics. They come preloaded with hundreds of security tools, from packet sniffers to exploitation frameworks.
- Alpine Linux: An ultra-lightweight distro (~5MB base) built around BusyBox and musl libc. It is heavily used in Docker containers because a tiny image means a dramatically smaller attack surface.
- Tails & Qubes OS: Tails runs entirely from RAM and routes all traffic through Tor, leaving no forensic traces on disk. Qubes OS enforces security through compartmentalization, isolating applications in separate Xen virtual machines.
Modern Networking and Connectivity Commands
Understanding network traffic and socket states is essential for both troubleshooting and detecting intrusions.
[!NOTE] Legacy tools like
ifconfigandnetstatare deprecated in modern distributions. They have been replaced by faster, more capable utilities from theiproute2package.
| Modern Utility | Legacy Replacement | Description | Common Usage |
|---|---|---|---|
ip addr | ifconfig | Displays IP addresses, MAC addresses, and network interface configurations. | ip a or ip addr show |
ss | netstat | Investigates active sockets and shows listening network ports. | ss -tulpn (TCP/UDP listeners with PIDs) |
ping | N/A | Sends ICMP echo requests to test connectivity to a host. | ping -c 4 10.0.0.1 |
traceroute | N/A | Maps the routing path packets take to reach a destination. | traceroute 8.8.8.8 |
curl / wget | N/A | Command-line HTTP clients for downloading files or querying APIs. | curl -I https://example.com |
ssh | N/A | Opens encrypted interactive sessions and port forwards to remote hosts. | ssh -i key.pem user@host |
# Identify listening ports and the processes behind them
sudo ss -tulpn
Frequently Asked Questions
Q: Is Linux inherently more secure than Windows?
Linux was designed with strict privilege separation, and its open-source nature means vulnerabilities often get patched quickly. That said, no operating system is secure by default. A poorly configured Linux server with weak SSH passwords, open ports, and unpatched web applications is just as exploitable as any Windows machine. Security comes down to configuration, hardening, and continuous monitoring — not the OS logo.
Q: Can Linux systems be infected by malware?
Absolutely. Classic desktop viruses are less common on Linux, but servers are a prime target. Linux malware typically takes the form of ELF-based rootkits, persistent backdoors, PHP shells, and IoT botnets like Mirai. Ransomware groups also actively target VMware ESXi hypervisors and cloud infrastructure running Linux kernels.
Q: Is Linux harder to learn than Windows?
The learning curve is steeper at first because Linux relies heavily on the command line rather than a graphical interface. But that investment pays off — it unlocks the ability to automate complex tasks, manage remote servers efficiently, and write scripts that would take hours to do manually through a GUI.
Additional Resources
- The Linux Foundation — Official documentation and open-source project governance.
- Ubuntu Command Line Tutorial — Hands-on practice for command-line beginners.
- GTFOBins — A curated list of Unix binaries that can be abused to bypass local security restrictions.
Advanced Linux Concepts
Once you’re comfortable with basic commands, learning shell scripting and kernel-level process management is what separates casual users from people who can actually operate and secure Linux systems at scale.
Shell Scripting and Automation
Shell scripts let you chain commands together and automate recurring tasks — things like backups, log rotation, or system health checks. Here is a practical backup script with input validation and logging:
#!/bin/bash
# Backup Script with basic input validation and logging
SOURCE_DIR="/var/www/html"
BACKUP_DIR="/opt/backups"
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
LOG_FILE="/var/log/backup_service.log"
# Verify execution as root or sudo
if [[ $EUID -ne 0 ]]; then
echo "[CRITICAL] This backup script must be run as root." >&2
exit 1
fi
# Validate source directory exists
if [ ! -d "$SOURCE_DIR" ]; then
echo "[ERROR] Source directory $SOURCE_DIR not found. Aborting." >> "$LOG_FILE"
exit 1
fi
mkdir -p "$BACKUP_DIR"
chmod 700 "$BACKUP_DIR"
# Execute backup using tar archiving
BACKUP_FILE="$BACKUP_DIR/backup_$TIMESTAMP.tar.gz"
tar -czf "$BACKUP_FILE" "$SOURCE_DIR" 2>> "$LOG_FILE"
if [ $? -eq 0 ]; then
echo "[SUCCESS] Backup of $SOURCE_DIR saved to $BACKUP_FILE on $(date)" >> "$LOG_FILE"
chmod 600 "$BACKUP_FILE"
else
echo "[FAILED] Backup execution failed on $(date)" >> "$LOG_FILE"
fi
[!WARNING] Shell Scripting Security Best Practices:
- Never hardcode secrets. Keep API keys, database passwords, and private keys out of scripts. Use environment variables or a secrets manager like HashiCorp Vault.
- Restrict execution permissions. Run
chmod 700 script.shso only the owner can read and execute it.- Quote all variables. Use
"$VAR"to prevent word splitting, globbing, and command injection vulnerabilities.
Managing Processes and Signals
The Linux kernel tracks every running application by Process ID (PID). Processes run either in the foreground (blocking the terminal) or the background.
- Background Execution: Append
&to run a command without locking up your terminal:nmap -sV -p- 10.0.0.1 > scan_results.txt & - Signal Transmission: Processes respond to signals sent via the
killcommand:SIGTERM(Signal 15): The default signal. Asks the process to clean up and exit gracefully.SIGKILL(Signal 9): Forces the process to stop immediately at the kernel level, skipping any cleanup.
| Command | Description |
|---|---|
top | Shows live system resource usage and process tables. |
htop | An interactive, colorized process viewer with filtering. |
ps aux | Snapshot of all active processes on the system. |
kill -15 <PID> | Requests graceful termination of a process. |
kill -9 <PID> | Forces immediate termination of a process. |
nice / renice | Sets or adjusts the CPU scheduling priority of a process. |
Package Management Systems
Package managers handle installation, configuration, and upgrades of software from cryptographically signed repositories. No manual downloads, no version hunting.
| Distro Family | Primary Manager | Install Command | Update System |
|---|---|---|---|
| Debian / Ubuntu | apt | sudo apt install ufw | sudo apt update && sudo apt upgrade |
| RHEL / Rocky / Fedora | dnf (formerly yum) | sudo dnf install firewalld | sudo dnf upgrade |
| Arch Linux | pacman | sudo pacman -S nmap | sudo pacman -Syu |
[!IMPORTANT] Package managers verify integrity using GPG (GNU Privacy Guard) keys. If a package signature cannot be verified, the manager warns you and aborts — preventing the installation of tampered files.
Linux in Cybersecurity and Server Management
Linux dominates backend infrastructure, which means security teams need to understand both standard server administration and the security tooling built around the OS.
Tools for Security Operations and Pentesting
Modern security distributions come preconfigured with tools designed to analyze hosts, audit configurations, and reverse-engineer files:
- Nmap: Port scanning, service version detection, and OS fingerprinting.
- Metasploit Framework: A modular exploitation platform for validating vulnerabilities and executing controlled payloads.
- Wireshark: A graphical packet analyzer that decodes protocols and inspects traffic interactions.
- tcpdump: A lightweight command-line packet capture tool for headless servers where Wireshark isn’t available.
- John the Ripper / Hashcat: High-performance password auditing tools for testing password database strength.
Linux as a Secure Server OS
Linux can be configured to fulfill specific network roles with minimal overhead:
- Web Servers: Run Apache (
httpd) or Nginx to serve static content or act as reverse proxies. - File Servers: Use Samba for Windows interoperability or NFS for Unix-to-Unix directory sharing.
- Database Servers: Host PostgreSQL, MySQL, or MongoDB.
- Reverse Proxies & Load Balancers: Distribute traffic using HAProxy, Nginx, or Traefik to keep applications highly available.
Enterprise-Grade Security Hardening Best Practices
Deploying a default Linux installation directly to the internet is asking for trouble. These five steps establish a hardened baseline:
1. Enable Automated Updates
Configure the system to apply security patches automatically. On Ubuntu or Debian, use unattended-upgrades:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
2. Configure a Host Firewall
Limit open ports to exactly what you need. Use ufw to deny all incoming traffic except SSH and web services:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp comment 'SSH Access'
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'
sudo ufw enable
3. Harden the SSH Daemon
Edit /etc/ssh/sshd_config to disable root login and password authentication, enforcing key-based access only:
# Disable root logins over SSH
PermitRootLogin no
# Enforce SSH public key authentication
PasswordAuthentication no
# Limit login access to specific users
AllowUsers security_admin sysop
Test the configuration before restarting to avoid locking yourself out:
sudo sshd -t && sudo systemctl restart sshd
4. Monitor Log Files
Audit authentication logs regularly for brute-force indicators:
- Systemd Journal: Query active logs with
journalctl:sudo journalctl -u ssh -g "Failed password" -f - Fail2Ban: Automatically block IPs that exceed login failure thresholds:
sudo apt install fail2ban sudo systemctl enable --now fail2ban
5. Audit Local SUID Binaries
Find executables that run with root privileges and confirm no untrusted binaries have been granted these permissions:
find / -perm -4000 -type f 2>/dev/null
Take Your Linux Skills Further
Recommended Reading
- “The Linux Command Line” by William Shotts — An excellent introduction to terminal usage for all skill levels.
- “Linux Basics for Hackers” by OccupyTheWeb — Perfect for understanding Linux through a security and offensive tooling lens.
- “How Linux Works” by Brian Ward — A deep dive into kernel internals, the boot process, and device drivers.
Online Training
- The Linux Foundation Training — Official courses and certifications (LFCS, LFCE).
- NDG Linux Unhatched (Cisco Networking Academy) — A solid entry point for beginners.
100 Essential Linux Commands
The following reference guide covers 100 essential Linux commands organized by function, with descriptions and usage examples.
1. File and Directory Operations
| Command | Description | Usage Example |
|---|---|---|
ls | Lists files and directories in the current folder. | ls -lh |
cd | Changes the current working directory. | cd /var/log |
pwd | Displays the absolute path of the current directory. | pwd |
mkdir | Creates a new empty directory. | mkdir -p /opt/data/scripts |
rmdir | Removes an empty directory. | rmdir /tmp/empty_dir |
rm | Deletes files or directories. | rm -rf /tmp/staging_area |
cp | Copies files or folders to a new destination. | cp config.conf config.conf.bak |
mv | Moves or renames files and directories. | mv temp_file.txt /var/www/ |
touch | Creates an empty file or updates access timestamps. | touch access.log |
ln | Creates symbolic links to files or folders. | ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled/ |
find | Searches for files by name, size, or permissions. | find /etc -name "*.conf" |
locate | Searches files quickly using a pre-indexed database. | locate shadow |
stat | Shows detailed filesystem metadata about a file. | stat /etc/shadow |
file | Identifies the file type and encoding. | file /bin/bash |
tree | Displays directory contents in a nested tree structure. | tree -d /var/log |
2. Text Processing and Search
| Command | Description | Usage Example |
|---|---|---|
cat | Prints file contents to the terminal. | cat /etc/hostname |
less | Opens file contents in an interactive pager. | less /var/log/syslog |
more | Older, simple file pager for reading in the console. | more /var/log/messages |
head | Displays the first lines of a file (default: 10). | head -n 20 /etc/passwd |
tail | Displays the last lines of a file. | tail -f /var/log/auth.log |
grep | Searches text using patterns or regular expressions. | grep -i "failed" /var/log/auth.log |
awk | Text scanning and processing language. | awk -F: '{print $1}' /etc/passwd |
sed | Stream editor for filtering and transforming text. | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' sshd_config |
cut | Extracts sections from each line of a file. | cut -d',' -f1 users.csv |
sort | Sorts lines of text alphabetically or numerically. | sort -n numbers.txt |
uniq | Filters duplicate lines from a sorted file. | uniq -c sorted_ips.txt |
wc | Counts lines, words, and characters in a file. | wc -l access.log |
diff | Compares two files and shows the differences. | diff config.old config.new |
tee | Redirects stdin to both stdout and a file simultaneously. | `echo “baseline” |
xargs | Passes output from one command as arguments to another. | `find /tmp -name “*.log” |
3. System Information and Hardware
| Command | Description | Usage Example |
|---|---|---|
uname | Prints OS and kernel release information. | uname -a |
hostname | Displays or sets the system hostname. | hostname -f |
uptime | Shows how long the system has been running and CPU load. | uptime |
whoami | Displays the effective user ID of the current shell. | whoami |
who | Lists users currently logged into the system. | who |
w | Shows who is logged in and what they are running. | w |
last | Displays a historical record of logged-in users. | last -n 10 |
dmesg | Prints messages from the kernel ring buffer. | `dmesg -T |
lshw | Shows detailed system hardware information. | sudo lshw -short |
lspci | Lists PCI buses and attached devices. | lspci |
4. Disk Management and Filesystems
| Command | Description | Usage Example |
|---|---|---|
df | Reports filesystem disk space usage. | df -h |
du | Estimates directory and file sizes. | du -sh /var/www/* |
lsblk | Lists block devices (hard drives, partitions). | lsblk |
mount | Mounts a physical or network filesystem. | mount /dev/sdb1 /mnt/backup |
umount | Unmounts a mounted filesystem. | umount /mnt/backup |
fdisk | Modifies partition tables on block devices. | sudo fdisk -l |
parted | Modern partition tool supporting GPT. | sudo parted /dev/sda print |
mkfs | Formats a partition with a filesystem type. | sudo mkfs.ext4 /dev/sdb1 |
fsck | Checks and repairs filesystem errors. | sudo fsck /dev/sdb1 |
blkid | Displays UUIDs and properties of block devices. | sudo blkid |
5. Process Management and Performance
| Command | Description | Usage Example |
|---|---|---|
ps | Lists a snapshot of active processes. | `ps aux |
top | Real-time process monitoring. | top |
htop | Interactive, user-friendly process viewer. | htop |
kill | Sends a signal to a process. | kill -15 1234 |
killall | Kills processes by name. | killall apache2 |
pkill | Sends signals to processes matching a search string. | pkill -u www-data |
pgrep | Lists PIDs of processes matching a name. | pgrep sshd |
bg | Sends a suspended process to the background. | bg %1 |
fg | Pulls a background process to the foreground. | fg %1 |
jobs | Lists active jobs in the current terminal session. | jobs |
6. User, Group, and Privilege Management
| Command | Description | Usage Example |
|---|---|---|
sudo | Runs a command with elevated root privileges. | sudo apt update |
su | Switches the session to another user. | su - admin |
id | Displays UID, GID, and group memberships for a user. | id webadmin |
passwd | Changes passwords or locks user accounts. | passwd alice |
useradd | Creates a new user on the system. | sudo useradd -m bob |
userdel | Removes a user and their home directory. | sudo userdel -r bob |
usermod | Modifies user settings and group memberships. | sudo usermod -aG sudo bob |
groupadd | Creates a new user group. | sudo groupadd pentesting |
groupdel | Deletes a user group. | sudo groupdel pentesting |
chage | Manages password expiration policies. | sudo chage -l alice |
7. Networking and Connectivity
| Command | Description | Usage Example |
|---|---|---|
ping | Sends ICMP echo requests to verify connectivity. | ping -c 5 google.com |
ip | Manages interface configurations and routing. | ip route show |
ss | Shows active socket connections (replaces netstat). | ss -antp |
traceroute | Maps network hops to a destination. | traceroute 1.1.1.1 |
nslookup | Queries DNS servers to resolve hostnames. | nslookup target.local |
dig | Advanced DNS lookup tool (preferred over nslookup). | dig MX google.com |
curl | Command-line HTTP client for requests and downloads. | curl -O https://example.com/payload.txt |
wget | Standard file downloader over HTTP/FTP. | wget -c https://example.com/iso.img |
ssh | Opens secure encrypted sessions on remote hosts. | ssh sysop@192.168.1.50 |
scp | Copies files securely between hosts over SSH. | scp local_file.txt user@host:/var/www/ |
rsync | Efficient incremental directory sync tool. | rsync -avz /src/ /backup/ |
netstat | Legacy network analysis tool. | netstat -an |
ifconfig | Legacy network interface manager. | ifconfig eth0 |
nmap | Port scanner and network security mapper. | nmap -sS -p 22,80,443 192.168.1.0/24 |
tcpdump | Captures raw packet traffic on an interface. | sudo tcpdump -i eth0 port 80 -w web.pcap |
8. Package Management
| Command | Description | Usage Example |
|---|---|---|
apt | Package manager for Debian and Ubuntu. | sudo apt install fail2ban |
dnf | Package manager for Fedora, Rocky, and RHEL. | sudo dnf install httpd |
pacman | Package manager for Arch Linux. | sudo pacman -Syu |
dpkg | Installs or removes local .deb packages. | sudo dpkg -i package.deb |
rpm | Installs or removes local .rpm packages. | sudo rpm -ivh package.rpm |
9. Compression and Archiving
| Command | Description | Usage Example |
|---|---|---|
tar | Archives files (-c create, -x extract). | tar -czvf backup.tar.gz /var/www |
gzip | Compresses a file using GNU zip. | gzip logs.txt |
gunzip | Decompresses gzip files. | gunzip logs.txt.gz |
zip | Compresses files into a zip archive. | zip -r web.zip /var/www/html |
unzip | Extracts a zip archive. | unzip web.zip -d /opt/web |
10. Shell Builtins and Command History
| Command | Description | Usage Example |
|---|---|---|
echo | Prints text to terminal output. | echo $PATH |
history | Lists previously typed commands. | history 15 |
alias | Defines shortcuts for commands. | alias ll='ls -la' |
clear | Clears the terminal display. | clear |
exit | Closes the current shell session. | exit |
Pro Tip: Use man <command> to pull up the full manual page for any command — it shows all available flags, options, and usage examples.
Keep experimenting, keep learning! ✨
