Linux Command-Line for Analysts and Operators with Hal Pomeranz

The DevOps folks are pushing Linux, your red-team friends are doing serious damage with Linux-based tools, and the Linux users on your Incident Response team are doing mysteriously powerful things. You’re ready to see if some of the Linux magic can rub off on you, but you don’t know where to start.

This 16-hour course is a quick jumpstart on the Linux command-line. Start from the basics and work all the way up to command-line programming. Short learning modules and lots of practical hands-on activities will put you on the road to Linux command-line mastery. And electronic copies of everything are yours to take home, so you can continue the learning even after class is over.

Getting Around

• The Linux file system
• cd, pwd, and ls
• Relative vs absolute pathnames
• Tab completion
• <<LAB>> Directory Jeopardy!

Basic Commands

• File manipulation (cp, mv, and rm)
• Getting to know ls
• Getting help
• Command history searching and editing
• cat and less
• Effective use of wildcards
• su and sudo
• <<LAB>> Only Seven Commands? No Worries!

Building Blocks

• The Unix/Linux command design
• Slicing and dicing (cut and awk)
• Selecting (grep)
• Sorting and collecting (sort and uniq)
• Sampling (head, tail, wc)
• <<LAB>> Learning to Linux

Output Redirection

• stdin, stdout, stderr
• Best practices
• Output splitting (tee)
• Argument substitution (“$(…)”)
• <<LAB>> Redirect This!

Loops

• The humble echo statement
• Simple wildcard loops
• Loops in pipelines
• Other argument lists
• Reading from files
• Field splitting
• <<LAB>> Get in the Loop

Conditionals

• “if … then”
• Short-circuit operations
• Test operator (“[[…]]”)
• <<LAB>> Choose Your Own Adventure

Other Iterators

• Implicit loop operations (awk, grep)
• find command
• Adding xargs
• Dealing with whitespace in file names
• <<LAB>> Find All the Things!

Regular Expressions

• Basic regular expressions
• Extended regular expression syntax
• When to use which syntax
• <<LAB>> Express Yourself

AWK, sed, and tr

• Advanced selection with awk
• Transforming strings with sed
• Easy transforms with tr
• <<LAB>> Transformers

Processes

• The different modes of ps
• Seeing network information (netstat)
• Terminating processes (kill, pkill)
• Process priority (renice)
• All hail lsof
• Best of /proc
• <<LAB>> Processing

Users, Groups, and Permissions

• Understanding users and groups
• Command interface (id, who, whoami, groups)
• File ownership
• File permissions
• With chown, chgrp, chmod, and find
• About umask
• <<LAB>> Mine, Ours, Theirs

Who Should Take This Course

Anybody who wants to improve their effectiveness on the Linux command line!

• Analysts who need to review data and alerts in the Linux environment
• Penetration testers and operators looking to more effectively live off the land on Linux networks
• Administrators and developers building and defending Linux application infrastructures

Audience Skill Level

No familiarity with Linux is assumed. Experience with some command line (e.g. Windows command or Powershell) is helpful but not necessary.

What Each Student Should Bring

A properly configured laptop (see “System Requirements”) and natural curiosity

What Each Student Will Be Provided With

Students will receive course slides in PDF form along with lab exercises which they can run on their own Linux system. This material can be downloaded from GitHub – halpomeranz/LinuxCmdLine: Create lab environment for Linux Command Line course

• A laptop with a working Linux virtual machine (or running Linux natively)