Linux

What is Linux?

Most people think of Linux as another operating system, just like Windows or Mac OS, that must be installed on a computer, rather than as a Kernel or a family of operating systems. This is an easy explanation, abstract enough to bring some sense and understanding to people.

What is a Kernel?

The kernel is the essential foundation of a computer's operating system (OS). It is the core that provides basic services for all other parts of the OS. It is the main layer between the OS and underlying computer hardware, and it helps with tasks such as process and memory management, file systems, device control and networking.

Summary

Linux is basically a Kernel. But in simpler terms, Linux is a technology.

To make it clearer, you can comparing operating systems with cars:

Windows | It is a complete car, with motorcycles, wheels, windows and steering wheel. You use this car to make all your activities, travelling, commuting to work (it is a popular car) and almost everyone that you know has a similar model. Microsoft do that car from the beginning to the end (all components), and Microsoft has an absolute control over all features and how it will looks like. Microsoft will lease that car for you through a license, and from time to time it launches some new models.
Mac OS | It is a very similar car, but free. The difference is you can only use the card if you live in a determined city, that Apple controls (Apple's devices). Living in this city can be very expensive, despite the car is free. You can do all your activities with this car in that city, but everytime you try to leave that city with the car, you will face some difficulties.

In both cases, you would be a customer of Microsoft and Apple, driving their cars.

Linux | Linux wouldn't be a complete car, but an essential component, like an engine. It can be used to create different types of cars. You don't need to pay for your Linux engine, so you are not a Linux's customer and nobody will tell you what you can do with the engine. If you transform this engine in a motorcycle, that's up to you. With the engine you receives a manual, explaining how it works and how to assemble it. The Linux engine is assemble for many companies around the world.

But now you are thinking that it's not possible to drive a engine, you need all the other components to make a car. And that where systems based on Linux are born, or distribution (distros). A very common Linux-based operating system is Ubuntu.

Linux was created by "Linus Torvalds", a Finnish developer, in 1991.

Linux Distros (Distributions Full List)

This is a list of the most relevant Linux distributions categorized by distros-based and their respective variants.

Linux Distros	Distributions Based / Variants	Description
grml	Debian-based > Other Variants	Live CD for system recovery[76]
HandyLinux	Debian-based > Other Variants	Designed for senior citizens running old computers for which Windows has become too slow[77]
Kali Linux	Debian-based > Other Variants	Made to be a completely customizable OS, used for penetration testing. It is based on Debian and is used mostly by security experts.[78] Originally named BackTrack (named after the homonym class of backtracking algorithms), it is developed by Offensive Security.[79] In March 2013, the Offensive Security team rebuilt BackTrack on Debian and released it under the name Kali Linux.[80]
Kali NetHunter	Debian-based > Other Variants	Mobile version based on Kali Linux.
Kanotix	Debian-based > Other Variants	An installable live DVD/CD for desktop usage using KDE and LXDE, focusing on convenient scripts and GUI for ease of use.[81]
LEAF Project	Debian-based > Other Variants	The Linux Embedded Appliance Framework. A tiny primarily floppy-based distribution for routers, firewalls and other appliances.[82]
Libranet	Debian-based > Other Variants	A discontinued operating system based on Debian.
LiMux	Debian-based > Other Variants	An ISO 9241 industry workplace certified Linux distribution, deployed at the City of Munich, Germany.[83]
LMDE	Debian-based > Other Variants	A Debian-based version of Linux Mint that does not use any elements of Ubuntu linux, maintained to ensure continuity should Ubuntu stop being maintained or other issue effecting the core Mint distribution.[84]
Maemo	Debian-based > Other Variants	A development platform for hand held devices such as the Nokia N800, N810, and Nokia N900 Internet Tablets and other Linux kernel–based devices.[85]
MEPIS	Debian-based > Other Variants	A discontinued OS that focused on ease of use. Significant derivatives include antiX and MX Linux.
MintPPC	Debian-based > Other Variants	For PowerPC computers. Although MintPPC uses some Linux Mint Debian Edition code, it is not Linux Mint.[86]
Musix GNU+Linux	Debian-based > Other Variants	Intended for music production, graphic design, audio, video editing, and other tasks. It is built with only free software.[87]
MX Linux	Debian-based > Other Variants	A midweight OS based on Debian Stable with core components from antiX and using Xfce, offering simple configuration, high stability, solid performance and medium-sized footprint.[88]
NepaLinux	Debian-based > Other Variants	A Debian- and Morphix-based distribution focused for desktop usage in Nepali language computing.[89]
OpenZaurus	Debian-based > Other Variants	Debian packages and ROM image for the Sharp Zaurus PDA. Replaced by Ångström distribution.[90]
Pardus	Debian-based > Other Variants	Developed by Turkish National Research Institute of Electronics and Cryptology. Prior to 2013 it used PISI as the package manager, with COMAR as the configuration framework. Starting with Pardus 2013, it is Debian-based.
Parrot OS	Debian-based > Other Variants	A Linux distribution based on Debian used by penetration testers.
Parsix[91]	Debian-based > Other Variants	Optimized for personal computers and laptops. Built on top of Debian testing branch and comes with security support.[92]
PelicanHPC	Debian-based > Other Variants	Dedicated to setting up a computer cluster.[93]
PureOS	Debian-based > Other Variants	A Linux distribution based on Debian with a focus on privacy, security, and convenience.[94][95][96][97]
Q4OS	Debian-based > Other Variants	A light-weight Linux distribution with Trinity and Plasma desktop environments.[98]
Raspberry Pi OS	Debian-based > Other Variants	Desktop-oriented distribution, formerly known as Raspbian. Developed by the Raspberry Pi Foundation as the official OS for their family of low-power Raspberry Pi single-board computers.
SolydXK	Debian-based > Other Variants	Xfce and KDE desktop focused on stability, security and ease of use.[99]
SparkyLinux	Debian-based > Other Variants	A Debian-based Linux distribution which provides ready to use, out of the box operating system with a set of slightly customized lightweight desktops. Sparky is targeted to all the computer's users who want replace existing, proprietary driven OS to an open-sourced..
Sunwah Linux	Debian-based > Other Variants	A Chinese Linux distribution[100]
TAILS (Amnesic Incognito)	Debian-based > Other Variants	The Amnesic Incognito Live System' or Tails is aimed at preserving privacy and anonymity, with all outgoing connections forced to go through Tor.[101]
TurnKey Linux	Debian-based > Other Variants	Open source project developing a family of free, Debian-based appliances optimized for ease of use in server-type usage scenarios.[102] Based on Debian since 2012; previously based on Ubuntu.
Twister OS	Debian-based > Other Variants	Raspberry Pi OS based distribution using Xfce with themes based on other OSes intended for the Raspberry Pi, RK3399 CPU, and x86-64 architecture.
Univention Corporate Server	Debian-based > Other Variants	Enterprise distribution with integrated IT infrastructure and identity management system by the company Univention GmbH, Germany. A full version for up to 5 users for tests and for private use can be downloaded for free.[103]
Webconverger	Debian-based > Other Variants	Debian Live-based browser only distribution, similar to ChromeOS. However based on Firefox and dwm, with no user sign-in, no special hardware required and designed for public places.[104]
Vyatta	Debian-based > Other Variants	Commercial open source network operating system includes routing, firewall, VPN, intrusion prevention and more. Designed to be an open source Cisco replacement.[105]
VyOS	Debian-based > Other Variants	Free routing platform. Because VyOS is run on standard amd64, i586 and ARM systems, it is able to be used as a router and firewall platform for cloud deployments.
Pacman	Pacman-based	Pacman is a package manager that is capable of resolving dependencies and automatically downloading and installing all necessary packages. It is primarily developed and used by Arch Linux and its derivatives.
Arch Linux	Pacman-based	Arch Linux is an independently developed, x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.
Antergos	Pacman-based > Arch Linux-based	Antergos is a discontinued Linux distribution based on Arch Linux.
Arch Linux ARM	Pacman-based > Arch Linux-based	Port of Arch Linux for ARM processors.
ArchBang	Pacman-based > Arch Linux-based	Based on Arch Linux, but also provides Live CDs with working system and graphical installation scripts; uses i3 as default window manager.
Artix Linux	Pacman-based > Arch Linux-based	Based on Arch Linux, but using Dinit, OpenRC, Runit, or s6 as init system instead of systemd.
ArchLabs	Pacman-based > Arch Linux-based	Based on Arch Linux, with a custom installer, offers many choices of desktop environments and window managers.

Debian Operating System

Debian had a long history. Founded in 1993 by Ian Murdock, it is one of the early Linux distributions and one that is the basis for many other Linux distributions.

Debian releases are named for characters from the Toy Story movies.

Debian 1.1 Buzz (June 17th, 1996): Named for the Buzz Lightyear.
Debian 1.2 Rex (December 12th, 1996): Named for the plastic dinosaur in the Toy Story movies.
Debian 1.3 Bo (June 5th, 1997): Named for Bo Peep, the shepherdess.
Debian 2.0 Hamm (July 24th, 1998): Named for the piggy-bank in the Toy Story movies.
Debian 2.1 Slink (March 9th, 1999): Named for the slinky-dog in the movie.
Debian 2.2 Potato (15 August 2000): Named for "Mr Potato Head" in the Toy Story movies.
Debian 3.0 Woody (19 July 2002): Named for the main character the Toy Story movies: "Woody" the cowboy.
Debian 3.1 Sarge (6 June 2005): Named for the sergeant of the Green Plastic Army Men.
Debian 4.0 Etch (8 April 2007): Named for the sketch toy in the movie.
Debian 5.0 Lenny (February 2009): Named for the wind up binoculars in the Toy Story movies.
Debian 6.0 Squeeze (February 2011): Named for the green three-eyed aliens.
Debian 7.0 Wheezy (May 2013): Named for the rubber toy penguin with a red bow tie.
Debian 8 Jessie (April 2015): Named for the cow girl doll who first appeared in Toy Story 2.
Debian 9 Stretch (June 2017): Named for the toy rubber octopus with suckers on her eight long arms that appeared in Toy Story 3.
Debian 10 Buster (July 2019): Named for Andy's pet dog, received as Christmas present in the end of Toy Story.
Debian 11 Bullseye (August 14th, 2021): Named for Woody's wooden toyhorse that appeared in Toy Story 2.

User Interface (UI) | CLI vs GUI

Usually there are two different interfaces available in all operating systems. These interfaces are Command Line Interface (CLI) and Graphical User Interface (GUI).

What are the different types of UIs (User Interfaces)?

CLI (Command-Line Interface) | A command-line interface is a means of interacting with a computer program by inputting lines of text called command-lines. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user-friendly alternative to the non-interactive interface available with punched cards.
GUI (Graphical User Interface) | A graphical user interface is a form of user interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation. In many applications, GUIs are used instead of text-based UIs, which are based on typed command labels or text navigation.

Linux GUI | Graphical User Interface

Linux provides variety of GUI known as desktop environment. Each desktop environment has peculiar features. The most popular and widely used desktop environments available on Linux are:

GNOME | GNOME is bundled as the default desktop environment for many distributions, including RHEL, Fedora, CentOS, SUSE Linux Enterprise, and Debian. GNOME has menu-based navigation
KDE | KDE is another popular desktop environment, KDE is often used in SUSE and openSUSE
XFCE | XFCE is a free and open-source desktop environment for Linux and other Unix-like operating systems. Xfce aims to be fast and lightweight while still being visually appealing and easy to use. It embodies the traditional Unix philosophy of modularity and re-usability
LXDE | LXDE (Lightweight X11 Desktop Environment) is a free, open-source desktop environment for Linux that is designed to be fast, energy-efficient, and lightweight. It's a good choice for older or resource-constrained computers, such as netbooks, mobile devices, or cloud computers
Unity | In Unity, the graphical user interface (GUI) is a subset of the user interface (UI) that includes graphical representations like images, animations, and icons

SSH (Secure Shell) | Remote Access

Secure Shell (SSH) is a network protocol that allows users to securely connect to and access computers, routers, and servers over an unsecured network. SSH is often used for remote logins, file transfers, and managing applications.

Key Features

Encryption: SSH encrypts communication between computers, making it suitable for use on insecure networks
Remote access: SSH allows users to remotely log in to and perform operations on other computers
File transfer: SSH enables users to securely transfer files between computers
Tunneling: SSH also enables tunneling
Automated access: SSH tools can be used by non-human entities to access other devices with little to no human intervention

SSH Design: The first version of SSH designed in 1995 by Tatu Ylönen, a researcher at Helsinki University of Technology in Finland.

How to access Linux terminal remotely through Windows

It is possible to access the Linux terminal remotely using Windows PowerShell through SSH (Secure Shell).

Installing SSH on Linux

For non-root users, use the command "sudo" to perform administrative tasks
Update the list of available packages and their versions stored | Command: apt update
Install SSH | Command: apt install openssh-server

Accessing SSH

On Windows, open "Powershell"
Establish connection | Command: SSH <username>@<linux ip>
- Example: SSH johnsmith@10.10.1.217
When connection question pops up, choose "Yes"
Insert your "Password"
The Linux Terminal will be connected

Accessing SSH using "Root" User

On Linux machine, open the Terminal
For non-root users, use the command "sudo" to perform administrative tasks
(Optional) If you've never used "root" user before, change password | Command: sudo passwd root
Inform your password to elevate your "sudo" rights, than inform the "root" password, and confirm it
Edit the SSH config to "Permit Root Login" | Command: nano /etc/ssh/sshd_config
Find the line "#PermitRootLogin prohibit-password" and change to "PermitRootLogin yes"
Press "Ctrl+X", yes to save it
Restart the SSH service
- 1 Option | Restart only the SSH service | Command: systemctl restart ssh
- 2 Option | Restart the Linux machine | Command: shutdown -r now
Try to access again with "root" user (see all steps above) | Command: ssh root@<linux ip>

Installing Packages

How to install packages on Ubuntu with one command line.

Preparing to install the packages

For non-root users, use the command "sudo" to perform administrative tasks
It is recommended run the update command (if your system is not updated) | Command: apt update
Than, check if you already have the package | Command: <package> --version

Installing the desired packages

Netstat | Command: apt install net-tools
- Netstat derived from the words network and statistics and it is a command-line utility used by system administrators for analyzing network statistics. It displays a whole manner of statistics such as open ports and corresponding addresses on the host system, routing table, and masquerade connections
NMap | Command: apt install nmap
- Nmap is a powerful network discovery and security auditing utility that is free, open-source, and easy to install. Nmap scans for vulnerabilities on your network, performs inventory checks, and monitors host or service uptime, alongside many other useful features.
Snap | Command: apt install snapd
- Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system
Curl | Command: apt install curl
- Curl (Client URL) is a command-line tool used for transferring data with various protocols, including HTTP, HTTPS, FTP, and many more. Ubuntu, being one of the most popular Linux distributions, often has curl available in its software repositories. This allows users to easily install and update curl using Ubuntu’s package management tools like apt
Crontab | Command: apt install cron
- The cron command-line utility is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs, also known as cron jobs, to run periodically at fixed times, dates, or intervals.

Hostname

How to check and manage hostname

For non-root users, use the command "sudo" to perform administrative tasks
Check your current Hostname | Command: hostname
Check additional Hostname information | Command: hostnamectl
Change the Hostname | Command: hostnamectl set-hostname <New-Hostname>
- Example: hostnamectl set-hostname ubuntu

Linux | Timezone

How to check and manage timezone

For non-root users, use the command "sudo" to perform administrative tasks
Check your current Timezone | Command: timedatectl
Verify the list of all timezones | Command: timedatectl list-timezones
Or you can find the right timezone per city | Command: timedatectl list-timezones | grep <city>
- Example: timedatectl list-timezones | grep London
Change the Timezone | Command: timedatectl set-timezone <timezone>
- Example: timedatectl set-timezone Europe/London
Check your new Timezone | Command: timedatectl

Linux | Mounting an SMB Drive

How to Mount an SMB Drive on Ubuntu

Mount an SMB Password-Protected Share Drive

Open your Linux Terminal
For non-root users, use the command 'sudo' to perform administrative tasks
Install CIFS | Command: apt install cifs-utils
Create the Mount Directory | Command: mkdir <local-directory>
- Example: mkdir /mnt/smb-media
(Optional) Check details about file systems | Command: stat <local-directory>
- Example: stat /mnt/smb-media
- File System Info | Access: (0777/drwxrwxrwx) UID: (0/root) GID: (0/root)
- Changing Directory Permission | If you need change the directory permission | Check it here
Mount the SMB Drive | Command: mount -t cifs -o username=<user>,password=<password>,uid=0,gid=0,rw,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777 //<smb-ip-address>/<sharedrive-name> <local-directory>
- Example: mount -t cifs -o username=JohnSmith,password=Secret123,uid=0,gid=0,rw,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777 //192.168.0.115/storage /mnt/smb-media
- (Optional) If you want to mount a specific directory inside the SMB drive | //<smb-ip-address>/<sharedrive-name>/<directory> | Example: //192.168.115/storage/media
Verify that SMB is mounted correctly | Command: ls <local-directory>
- Example: ls /mnt/smb-media

Auto-mount on boot an SMB Password-Protected Share Drive Permanently

Open your Linux Terminal
For non-root users, use the command 'sudo' to perform administrative tasks
Install CIFS | Command: apt install cifs-utils
Create the Mount Directory | Command: mkdir <local-directory>
- Example: mkdir /mnt/smb-media
Edit the 'fstab' file | Command: nano /etc/fstab
Add this line | //<smb-ip-address>/<sharedrive-name> <local-directory> cifs username=<user>,password=<password> 0 0
- Example: //192.168.0.115/storage /mnt/smb-media cifs username=JohnSmith,password=Secret123 0 0
- (Optional) If you want to mount a specific directory inside the SMB drive | //<smb-ip-address>/<sharedrive-name>/<directory> | Example: //192.168.115/storage/media
Reload the new 'fstab' version | Command: systemctl daemon-reload
Mount the SMB Drive | Command: mount <local-directory>
- Example: mount /mnt/smb-media

Verify that SMB is mounted correctly | Command: ls <local-directory>
- Example: ls /mnt/smb-media

Unmount the SMB Drive

1 Option | Unmount the drive
- (Optional) If you are inside the drive, leave the directory or it will be currently busy | Command: cd
- Unmount the Drive| Command: umount -i <local-drive>
  - Example: umount -i /mnt/smb-media

2 Option | Unmount the permanent drive
- Edit the 'fstab' file| Command: nano /etc/fstab
- Remove the previous added line | //<smb-ip-address>/<sharedrive-name> <local-directory> cifs username=<user>,password=<password> 0 0
- Reload the new 'fstab' version | Command: systemctl daemon-reload
- (Optional) If you are inside the drive, leave the directory or it will be currently busy | Command: cd
- Unmount the Drive| Command: umount -i <local-drive>
  - Example: umount -i /mnt/smb-media
3 Option | Unmount the drive if the target is busy or currently in use (be careful) | Laze Unmount
- (Optional) Verify the processes | Command: lsof | grep <local-drive>
  - Example: lsof | grep /mnt/smb-media
- Leave the directory | Command: cd
- Unmount the Drive (laze unmount)| Command: umount -l <local-drive>
  - Example: umount -l /mnt/smb-media

Linux | Change Mode (chmod) | Access Permission

Purpose

The chmod, or change mode, command allows an administrator to set or modify a file’s permissions. Every UNIX/Linux file has an owner user and an owner group attached to it, and every file has permissions associated with it.

The permissions are as follows: Read, Write, or Execute.

Application

UNIX/Linux systems have many users. In this context, a user may refer to an individual or a system operation. UNIX/Linux identifies each user with a UID, and users may be organized into groups.

Syntax

Chmod Syntax for Files| Command: chmod <mode/access-code> <file>
- Example: chmod 720 readme.txt

Chmod Syntax for Directories| Command: chmod <mode/access-code> <directory>
- Example: chmod 777 /mnt/sharedfolder

Each number in the mode parameter represents the permissions for a user or group of users:

The first number represents the file’s owner
The second number represents the file’s group
The third number represents everyone else

The Change Mode (chmod) Parameters Reference Table below shows the eight numbers that can be used within the chmod parameter.

The RWX specifies Read, Write, and Execute access, offering a binary value for each operation.

1 = "Yes"
0 = "No"

If RWX reads 110, then that permission may Read and Write, but not Execute.

Parameters Reference

Number 0 | None | RWX 000

Number 1 | Execute Only | RWX 001

Number 2 | Write Only | RWX 010

Number 3 | Write and Execute | RWX 011

Number 4 | Read Only | RWX 100

Number 5 | Read and Execute | RWX 101

Number 6 | Read and Write | RWX 110

Number 7 | Read, Write, and Execute | RWX 111

Example 1

Access Code = 720
- 7 = File’s owner may Read, Write and Execute the file
- 2 = File’s group may only Write the file
- 0 = All others cannot access the file

Example 2

Access Code = 600
- 6 = File’s owner may Read and Write the file
- 0 = File’s group cannot access the file
- 0 = All others cannot access the file

Linux | File Hierarchy Structure

Linux file hierarchy structure describes the directory structure and it's contents in Unix and Unix-like Operating systems. It is maintained by Linux Foundation.

/bin
- /bin | This directory contains executable programs which are needed in single user mode and to bring the system up or repair it
- /usr/X11R6/bin | Binaries which belong to the X-Window system; often, there is a symbolic link from the more traditional /usr/bin/X11 to here.
- /usr/bin | This is the primary directory for executable programs. Most programs executed by normal users which are not needed for booting or for repairing the system and which are not installed locally should be
- /usr/local/bin | Binaries for programs local to the site. It contains binaries of the third-party apps we install. Any local executable that didn't come with the Linux install may get it's place here
/boot
/dev
/etc
/lib
/media
/mnt
/opt
/home
/var
/usr
/tmp
/sys
/proc
/root
/sbin | It contains the binaries for root users

/etc/ssl/certs/

/etc/ssh/sshd_config

/etc/passwd

Linux | SAMBA (SMB)

Samba is an open-source software package that allows users to share files and print services across a network, including between Linux and Windows systems. It's a common way to network Ubuntu and Windows computers.

Samba uses the Server Message Block (SMB) and Common Internet File System (CIFS) protocols, making it available to clients running Linux, macOS, and Windows. It's a useful service for organizations that support multiple operating systems, and can also be useful on networks that are homogeneous.

Here are some things Samba can do:

File sharing: Samba allows users to share files, directories, and print services across a network
Access permissions: Samba allows users to grant read, write, and anonymous access permissions on a shared directory
Authentication and authorization: Samba supports authentication and authorization
Name resolution: Samba supports name resolution, such as DNS
Service announcements: Samba supports service announcements between Linux/Unix servers and Windows clients

Install and Configure Samba on Ubuntu

Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
Install Samba | Command: apt install samba
(Optional) Check the installation | Command: whereis samba
- Output Example: samba: /usr/sbin/samba /usr/lib/samba /etc/samba /usr/share/samba /usr/share/man/man7/samba.7.gz /usr/share/man/man8/samba.8.gz
(Optional) Create a directory to share | Command: mkdir /home/public
Configuring Samba File, open the CONF file | Command: nano /etc/samba/smb.conf
- Copy and paste the lines below in the bottom of the file and save it:
  - Lines:

[share]
comment = Ubuntu File Server Share
path = /home/public
browsable = yes
guest ok = yes
read only = no
create mask = 0755

Restart the service | Command: service smbd restart
(Optional) Maybe you need to adjust your firewall | Command: ufw allow samba

* Warning: Your directory maybe not showing in the Windows Network, but it is there, and you can map it as network drive

Linux | Certificates

How to add a Certificate on Ubuntu

Issue your Certificate
Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
(Optional) If your system id not updated | Update Ubuntu | Command: apt update
(Optional) If you don't have the CA-Certificate | Command: apt install ca-certificates -y
1 Option | If you already have your Certificate file in the system
- Go to certificate directory | Command: cd <directory-of-certificate>
- Copy the certificate to right directory | Command: cp local-ca.crt /usr/local/share/ca-certificates
2 Option | Create the certificate ".crt" file direct in the directory
- Go to Certificate directory | Command: cd /usr/local/share/ca-certificates
- Create the file ".crt" | Command: nano <FileName>.crt
  - Example: nano myCert.crt
- Copy and Past you Certificate key to the file, exit "Ctrl+X" and Save it
Update the Certificates | Command: update-ca-certificates
The CA trust store (as generated by update-ca-certificates) will be available, as a single file (PEM bundle), at /etc/ssl/certs/ca-certificates.crt
You can check the file | Command: nano /etc/ssl/certs/ca-certificates.crt

Linux | Unattended Upgrades

Check the Debian Unattended Upgrades page: https://wiki.debian.org/UnattendedUpgrades

Install Unattended Upgrades on Ubuntu

Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
Install Unattended-Upgrades package | Command: apt-get install unattended-upgrades apt-listchanges

Configuring Unattended Upgrades

Copy file | Command: cp /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/52unattended-upgrades-local
Configure the unattended upgrades | Command: nano /etc/apt/apt.conf.d/52unattended-upgrades-local
- This '50' file will be overwritten by '52': /etc/apt/apt.conf.d/50unattended-upgrades
Configure '20auto-upgrades' | Command: dpkg-reconfigure unattended-upgrades
- Confirm with 'yes'
- This file is modified (you can also configure directly) | File: /etc/apt/apt.conf.d/20auto-upgrades
Configure 'apt-listchanges' | Command: nano /etc/apt/listchanges.conf

Changing Schedules

Update Schedule | Command: systemctl edit apt-daily.timer
- Restart Schedule | Command: systemctl restart apt-daily.timer
- (Optional) Checking Status | Command: systemctl status apt-daily.timer
- Original schedule file | File: /lib/systemd/system/apt-daily.timer
  - Recommended to not change the original, but if you do, reload it | Command: systemctl daemon-reload
- Gets overridden by | File: /etc/systemd/system/apt-daily.timer.d/override.conf
Upgrade Schedule | Command: systemctl edit apt-daily-upgrade.timer
- Restart Schedule | Command: systemctl restart apt-daily-upgrade.timer
- (Optional) Checking Status | Command: systemctl status apt-daily-upgrade.timer
- Original schedule file | File: /lib/systemd/system/apt-daily-upgrade.timer
  - Recommended to not change the original, but if you do, reload it | Command: systemctl daemon-reload
- Gets overridden by| File: /etc/systemd/system/apt-daily-upgrade.timer.d/override.conf

Verifying Unattended Upgrades

(Optional) Manual Run | Command: unattended-upgrade -d
(Optional) Check Unattended Upgrades Log | Command: nano /var/log/unattended-upgrades/unattended-upgrades.log

Warnings

Email: To receive emails, you need to set up email first (using postfix for example) and then set up unattended updates
Schedule: You only check the agenda correctly the next day, after the calendar is reset correctly

Config Files

Example of how to override the download time via 'apt-daily.timer'

[Unit]

Description=Daily apt download activities

[Timer]

OnCalendar=

OnCalendar=*-*-* 6,18:00

RandomizedDelaySec=12h

Persistent=true

[Install]

WantedBy=timers.target

Example of how to override the download time via 'apt-daily-upgrade.timer'

[Unit]

Description=Daily apt upgrade and clean activities
After=apt-daily.timer

[Timer]

OnCalendar=

OnCalendar=*-*-* 06:00

RandomizedDelaySec=2h

Persistent=true

[Install]

WantedBy=timers.target

Example of 'listchanges.conf'

[apt]
frontend=pager
which=both
email_address=root
email_format=text
confirm=false
headers=false
reverse=false
save_seen=/var/lib/apt/listchanges.db

Bash Scripting

How to Create and Execute Bash scripts

Script naming conventions

By naming convention, bash scripts end with ".sh". However, bash scripts can run perfectly fine without the "sh" extension.

Adding the Shebang

Bash scripts start with a "shebang". Shebang is a combination of "bash #" and "bang !" followed by the bash shell path. This is the first line of the script. Shebang tells the shell to execute it via bash shell. Shebang is simply an absolute path to the bash interpreter.

Bash Shell Path | Command: which bash

Examples of the shebang statement:

#! /bin/bash
#! /user/bin/bash

Creating your Bash Script

For non-root users, use the command "sudo" to perform administrative tasks
Creating a directory to your script | Command: mkdir <directory>
- Example: mkdir /home/script
Creating the file name with "touch" | Command: touch <filename>
- Example: touch /home/script/update.sh
Assign execution rights to your user, to make the script executable | Command: chmod u+x <filename>
- Example: chmod u+x /home/script/update.sh
- "chmod" modifies the ownership of a file for the current user "u"
- "+x" adds the execution rights to the current user. This means that the user who is the owner can now run the script
- "update.sh" is the file we wish to run
Open with editor "nano" to create your script | Command: nano <filename>
- Example: nano /home/script/update.sh
Write your Script | Check the example below to update your Ubuntu
When you finish it, press Ctrl+X and Save
To run your script | Command: bash <filename>
- Example: bash /home/script/update.sh
- Other example: sh /home/script/update.sh

Example to run the update

---

#! /bin/bash

# Update and Upgrade

apt-get update; apt-get dist-upgrade -y

# Remove and Clean

apt-get autoremove; apt-get autoclean

#Write a Log

echo "Update Run: `date`" >> /home/script/update.log

# End

exit

---

Executing Bash Scripts on Multiple Remote Servers

How to access a remote server bypassing the password prompt

You can use a RSA Keypair to bypass the password request.

Open your Linux Terminal on Local Server
For non-root users, use the command "sudo" to perform administrative tasks
Generating a RSA Keypair | Command: ssh-keygen
- Enter file in which to save the key: Blank
- Passphrase: Blank
- Confirm Passphrase: Blank
Two files will be created
- Example: "id_rsa" ans "id_rsa.pub"
- You can see the files in the ssh directory | Command: cd ~/.ssh
Copy the keypair to the Remote Server | Command: ssh-copy-id <userid>@<hostname>
- Example: ssh-copy-id root@ubuntu.home.arpa
- You can see the rsa keypair copied | Command: cat ~/.ssh/authorized_keys
Now you can log in without a password | Command: ssh <userid>@<hostname>
- Example: ssh root@ubuntu.home.arpa

How to run a local script on a remote server

You can use the options below to run a local script on a remote server without having the script on your remote server.

Option 1 | Command: ssh user@remote_server 'bash -s' < localfile
Option 2 | Command: ssh user@remote_server "$(< localfile)"

Option 3 | Command: cat localfile | ssh user@remote_server

How to run a local script on multiple remote servers

You can create a script to run a script on multiple remote servers.

Username = This is the username of your remote server

Hosts = This is your remote servers

Script = This is your command to run your script (see options above)

Example:

---

#! /bin/bash
USERNAME="root"
HOSTS="ubuntu1.home.arpa ubunt2.home.arpa"
SCRIPT="bash -s < /home/update.sh"
for HOSTNAME in ${HOSTS}
do
ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"
done

---

Linux | Commands

ssh - Secure Shell command in Linux
sudo - Command to escalate privileges in Linux
ls - The most frequently used command in Linux to list directories
pwd - Print working directory command in Linux
cd - Linux command to navigate through directories
mkdir - Command used to create directories in Linux
mv - Move or rename files in Linux
cp - Similar usage as mv but for copying files in Linux
rm - Delete files or directories
touch - Create blank/empty files
ln - Create symbolic links (shortcuts) to other files
cat - Display file contents on the terminal
clear - Clear the terminal display
echo - Print any text that follows the command
less - Linux command to display paged outputs in the terminal
man - Access manual pages for all Linux commands
uname - Linux command to get basic information about the OS
whoami - Get the active username
tar - Command to extract and compress files in Linux
grep - Search for a string within an output
head - Return the specified number of lines from the top
tail - Return the specified number of lines from the bottom
diff - Find the difference between two files
cmp - Allows you to check if two files are identical
comm - Combines the functionality of diff and cmp
sort - Linux command to sort the content of a file while outputting
export - Export environment variables in Linux
zip - Zip files in Linux
unzip - Unzip files in Linux
service - Linux command to start and stop services
ps - Display active processes
kill and killall - Kill active processes by process ID or name
df - Display disk filesystem information
mount - Mount file systems in Linux
chmod - Command to change file permissions
chown - Command for granting ownership of files or folders
ifconfig - Display network interfaces and IP addresses
traceroute - Trace all the network hops to reach the destination
wget - Direct download files from the internet
ufw - Firewall command
iptables - Base firewall for all other firewall utilities to interface with
apt, pacman, yum, rpm - Package managers depending on the distro
cal - View a command-line calendar
alias - Create custom shortcuts for your regularly used commands
dd - Majorly used for creating bootable USB sticks
whereis - Locate the binary, source, and manual pages for a command
whatis - Find what a command is used for
top - View active processes live with their system usage
useradd and usermod - Add new user or change existing users data
passwd - Create or update passwords for existing users

Command	Description	Type	Example	Comments
pwd	Show current directory	File Management
rm -Rf <dirname>	Remove a non-empty directory	File Management
rm <filename>	Remove file	File Management
rmdir <dirname>	Remove an empty directory	File Management
touch <filename>	Create a new empty file	File Management
apk add net-tools	Install netstat	Netstat	sudo apk add net-tools	Netstat is command-line utility to analyze network and statistics
apt install net-tools	Install netstat	Netstat	sudo apt install net-tools	Netstat is command-line utility to analyze network and statistics
emerge -a sys-apps/net-tools	Install netstat	Netstat	sudo emerge -a sys-apps/net-tools	Netstat is command-line utility to analyze network and statistics
netstat -ai	Display Network Interface Statistics	Netstat		If you don't have the Netstat, you just need install it
netstat -ant	Show Network Connections	Netstat		If you don't have the Netstat, you just need install it
netstat -nr	Viewing the Network Routing Table	Netstat		If you don't have the Netstat, you just need install it
netstat -pnltu	Show Network Services	Netstat		If you don't have the Netstat, you just need install it

References: Wikipedia (www.wikipedia.org); Google (www.google.com); Oracle (www.oracle.com); Raspberry PI (www.raspberrypi.org); Microsoft (www.microsoft.com); CloudFlare (www.cloudflare.com)