CyberOps Associate Eğitmen Eğitimi Linux Lab Uygulaması

CyberOps Associate Eğitmen Eğitimi Linux Lab Uygulaması

Siber Güvenlik Analisti Eğitmen eğitimimiz hızla devam etmekte. Bu kapsamda Linux becerilerimiz geliştirmek adına yaptığımız lab çalışmasını sizler ile paylaşmak istedim.

Lab Uygulama Kodları

Linux LAB Notes:

CyberOps Workstation VM is based on Arch Linux: lightweight, minimalist and simple.

0 – Network Settings
———————————————

ls la
ifconfig
ls lab.support.files/scripts
cd ..
ls lab.support.files/scripts/
cat configure_as_dhcp.sh
sudo ./lab.support.files/scripts/configure_as_static.sh
ifconfig
sudo cat ./lab.support.files/scripts/configure_as_static.sh
history

I – Working in the CLI

  1. Basic Commands
    man ls
    pwd
    ls -l #show permission
    ls -a #show hidden file
    ls -al

cd ..
cd /etc/ # go etc
cd /home/analyst/ # go analyst
cd ~ #current directory
mkdir belgelerim
ls
cd belgelerim
tocuh dosya.txt
cp # copy commands
mv # move or rename file

echo “hakan” > dosya.txt # override üzerine yaz
echo “hakan” >> dosya.txt # eof add


  1. vi or vim or nano
    vi dosya.txt

vi Komut Modunda en çok kullanilan komutlar sunlardir:

Komut Eylem
i Edit Moduna geçis yapar
a Imlecin sonunda edit moduna geçer
A Imlecin bulundugu satirin sonunda edit moduna geçer
ESC Edit Modunu kapatir
u Geri Al
U Tümünü geri al
o yeni satir aç
dd Satir sil
/kelime “kelime” için arama yapar
n Aranan kelimenin ilerleyerek arama
:wq! # write quit exit

tail # default 10 lines
head # default 10 lines

nano dosya.txt
CTRL+O saves the current file;
CTRL+W opens the search menu.
After nano is open, for Help press CTRL+G

scite dosya.txt


3.List /etc files & permissions

ls -la /etc
.conf configuration files relating to system-wide services are place in the /etc directory

ls | grep conf

cat /etc/./bashrc (user behavior file)
Linux dagitimlarinda kullanicilarin terminal oturumunu kullanirken hazir olarak çalismasini istedigi
komutlarin içerdigi bir dosyadir.
bashrc Kullanim Amaci
– Oturum açan kullanicinin kendine ait komutlari çalistirabilir.
– Ortam degiskenlerini buraya yazabilir.

http://web.deu.edu.tr/doc/lis/lis-6.html

For example, the line PS1='[\e[1;32m][\u@\h\W]\$[\e[0m] ‘ defines the prompt structure.
For example, change 32m to 31m and the command prompt color will change.

Linux çok kullanicili bir isletim sistemi oldugundan,
kullanici uygulamasi yapilandirma dosyalarini /etc altina yerlestirmek
kullanicilarin uygulamalarini özellestirmesini engeller.


  1. Editing Configuration Files for Services
    ~~~~~~~~~~~

Rus Yazilim Mühendisi Igor tarafindan mail.ru için yazilan bir
web server dir.

sudo nano -l /etc/nginx/custom_server.conf

P.S: Lines that start with ‘#’ are comments and are ignored by nginx.

On line 36, change the port number from 81 to 8080.
On line 44 and change the path
from /usr/share/nginx/html/ to /home/analyst/lab.support.files/

sudo nginx -c /etc/nginx/custom_server.conf -g “pid /var/run/nginx_v.pid;”

(to tell nginx what file to use when storing the process
ID that identifies this instance of nginx.)

Open Firefox and enter 127.0.0.1:8080

To stop the nginx server:
sudo pkill nginx
Start the nginx server
sudo nginx -c custom_server.conf

sudo nano -l /etc/nginx/custom_server.conf
sudo pkill nginx
sudo pkill nginx
sudo nginx -c /etc/nginx/custom_server.conf -g “pid /var/run/nginx_v.pid;”
ps ax | grep nginx

wget http://127.0.0.1:8080

telnet 127.0.0.1 80
unable yazar
telnet 127.0.0.1 8080
erisiliyor

pstree

II – (3127) Getting Familiar with the Linux Shell:

A hard link is another file that points to the same location as the original file
Hard and softlinks: edit in both are replicated, only if u remove original, hardlnk persists

sudo ln dosya.txt hardDosya #hardlinkedfile
ln –s dosya.txt softDosya #Softinkedfile

Changes are replicated on both

mv file newfile
cat hardDosya
cat: Softinkedfile: no such file or directory

Examin file types:

ls -l /dev/

  • Block files (b)
  • Character device files (c)
  • Pipe files (p)
  • Symbolic Link files (l)
  • Socket files (s)

III – (3134) Linux Servers:

6.Processes related commands

ps –elf
(e all proc, l long format, f ASCII art forest)
ps -ejH
Use –ejH options to display the currently running process tree (indentation.)

ps -elf | grep
shows user who launched servers through which commands, notice grep command listed last as well

netstat -tunap

-a: shows both listen and non-listening sockets.
-n: use numeric output (no DNS, service port or username resolution),
-p: show the PID of the connection owner process.
-t: shows TCP connections.
–u: shows UDP connections

IV -(3214) Lab – Locating Log Files:

Security Info:

-Günlük dosyalari sorun giderme için son derece önemlidir.
-Günlük dosyasi konumu, belgelere dahil edilen veya aranan kurali takip eder.
-Tüm sistemlerin dogru zamana sahip olmasini saglamak için saatler her zaman senkronize edilmelidir.

8.Open an existing Log:

cat /var/log/logstash-tutorial.log
sudo more /var/log/messages
(show network flapping Wednesday, March 20nd, 14:28:33 through 14:29:05 (lines 5 – 12) the)

man nginx (shows: error_log /path/to/log debug; %%CONF_PATH%%; %%ERROR_LOG_PATH%%)

If nginx is not running, enter the sudo /usr/sbin/nginx

To start nginx with the custom configuration:
sudo nginx -c custom_server.conf
check if running by URL or by:
ps ax | grep nginx

ls -l /var/log/

As shown above, the /var/log directory has a subdirectory named nginx. Use the ls command again to
list the contents of /var/log/nginx.
sudo ls -l /var/log/nginx

  1. Monitoring Log files in Real Time

tail /var/log/nginx/access.log
sudo tail –n 5 /var/log/nginx/access.log
sudo tail -f /var/log/nginx/access.log (open browser, firefox to reload with no cache)

V – (3224) Navigating the Linux Filesystem and Permission Settings:

10 show mounted filesystems

mount

to display all block devices:

lsblk

  1. Mount existing device to directory

mkdir second_drive

ls -l second_drive/ >> empty

sudo mount /dev/sdb1 ~/second_drive/

ls -l second_drive/ >> filled

After the mount, /home/analyst/second_drive becomes the entry point to the filesystem physically stored in /dev/sdb1.

mount | grep sd
sudo umount /dev/sdb1
ls -l second_drive/ >> empty

Miscellaneous:

12.pacman

pacman in Archlinux like apt in Ubuntu for automating software uinstallation/removal

sudo pacman -Sy (y to synch, u to upgrade)

To remove a single package, leaving all of its dependencies installed:

pacman -R package_name

To install a single package with all of its dependencies installed:
sudo pacman -S package_name

cat /var/log/messages | grep http

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir