Linux

What is Linux?

Most people think of Linux as another operating system, just like Windows or Mac OS, that must be installed on a computer, rather than as a Kernel or a family of operating systems. This is an easy explanation, abstract enough to bring some sense and understanding to people.

What is a Kernel?

The kernel is the essential foundation of a computer's operating system (OS). It is the core that provides basic services for all other parts of the OS. It is the main layer between the OS and underlying computer hardware, and it helps with tasks such as process and memory management, file systems, device control and networking.

Summary

Linux is basically a Kernel. But in simpler terms, Linux is a technology.

To make it clearer, you can comparing operating systems with cars:

Windows | It is a complete car, with motorcycles, wheels, windows and steering wheel. You use this car to make all your activities, travelling, commuting to work (it is a popular car) and almost everyone that you know has a similar model. Microsoft do that car from the beginning to the end (all components), and Microsoft has an absolute control over all features and how it will looks like. Microsoft will lease that car for you through a license, and from time to time it launches some new models.
Mac OS | It is a very similar car, but free. The difference is you can only use the card if you live in a determined city, that Apple controls (Apple's devices). Living in this city can be very expensive, despite the car is free. You can do all your activities with this car in that city, but everytime you try to leave that city with the car, you will face some difficulties.

In both cases, you would be a customer of Microsoft and Apple, driving their cars.

Linux | Linux wouldn't be a complete car, but an essential component, like an engine. It can be used to create different types of cars. You don't need to pay for your Linux engine, so you are not a Linux's customer and nobody will tell you what you can do with the engine. If you transform this engine in a motorcycle, that's up to you. With the engine you receives a manual, explaining how it works and how to assemble it. The Linux engine is assemble for many companies around the world.

But now you are thinking that it's not possible to drive a engine, you need all the other components to make a car. And that where systems based on Linux are born, or distribution (distros). A very common Linux-based operating system is Ubuntu.

Linux was created by "Linus Torvalds", a Finnish developer, in 1991.

Linux Distros (Distributions Full List)

This is a list of the most relevant Linux distributions categorized by distros-based and their respective variants.

Linux Distros	Distributions Based / Variants	Description
Slax	Slackware-based	A live CD which aims to provide a complete desktop for general use for low-powered computers. Its download size is about 300 MB, almost the same as Puppy Linux's. It can run from RAM, from Live CD, USB or hard drive. Permanent installation of Slax is not recommended or supported; it is designed for "live" use only. Also can be run from a USB flash drive. Originally based on Slackware, then switched to Debian since v9.2.1. Returned to a Slackware base as of v15.0.
Topologilinux	Slackware-based	Designed to run from within Microsoft Windows, Topologilinux can be installed without any changes to the user's hard disk. Outdated.
VectorLinux	Slackware-based	A lightweight Linux distribution designed to be easy to use even for new users. Generally considered well-suited for older hardware.
Zenwalk	Slackware-based	Originally a minimal version of Slackware, Zenwalk has evolved into a very different operating system; however, compatibility with Slackware is still maintained.
ZipSlack	Slackware-based	A lightweight and portable version of Slackware.
Android	Android-based	Android is a mobile operating system bought and currently being developed by Google, based on a Google modified Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets.[120] Despite Android's core mobile focus, some laptop oriented derivatives like Android-x86 have come out over the years since its initial release
/e/	Android-based	/e/ (also known as /e/ OS and /e/OS, formerly Eelo) is an Android-based mobile operating system and associated online services. The operating system is a fork of LineageOS and Android.
Android-x86	Android-based	Android-x86 is an open source project which produces an unofficial port of the Android mobile operating system. It is developed by the Open Handset Alliance, and is made to run on devices powered by x86 processors, rather than RISC-based ARM chips. Respective mods CyanogenMod and LineageOS for x86 were and are available.
CalyxOS	Android-based	CalyxOS is an operating system for smartphones based on Android with mostly free and open-source software. It is produced by the Calyx Institute as part of its mission to "defend online privacy, security and accessibility."
CopperheadOS	Android-based	CopperheadOS is a mobile operating system for smartphones, based on the Android mobile platform. It adds privacy and security features to the official releases of the Android Open Source Project by Google.
CyanogenMod	Android-based	A discontinued open-source operating system for mobile devices, based on the Android mobile platform. LineageOS is an actively maintained fork of CyanogenMod.[121][122]
DivestOS	Android-based	DivestOS is a free operating system (OS) based on the Android mobile platform. It is a soft fork of LineageOS that aims to increase security and privacy, and support older devices. As much as possible it removes proprietary Android components and includes only free-software.
Fire OS	Android-based	An Android-based mobile operating system produced by Amazon for its Fire Phone and Kindle Fire range of tablets, Echo and Echo Dot, and other content delivery devices like Fire TV.
GrapheneOS	Android-based	GrapheneOS (formerly Android Hardening or AndroidHardening) is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel smartphones.
LineageOS	Android-based	A free and open-source operating system for smartphones, tablet computers, and set-top boxes, based on the Android mobile platform.
OmniROM	Android-based	OmniROM is an open-source operating system for smartphones and tablet computers, based on the Android mobile platform. It involves a number of prominent developers from other projects, including the discontinued CyanogenMod operating system.[123]
Paranoid Android	Android-based	Paranoid Android is an open-source operating system for smartphones and tablet computers, based on the Android mobile platform.
Remix OS	Android-based	Remix OS was a computer operating system for personal computers with x86 and ARM architectures that, prior to discontinuation of development, shipped with a number of 1st- and 3rd-party devices. Remix OS allowed PC users to run Android mobile apps on any compatible Intel-based PC.
Replicant	Android-based	A free operating system (OS) based on the Android mobile platform that aims to replace all proprietary Android components with free-software counterparts.
Resurrection Remix OS	Android-based	Resurrection Remix OS, abbreviated as RR, is a free and open-source operating system for smartphones and tablet computers, based on the Android mobile platform.
CRUX	Source-based	CRUX is a lightweight, x86-64-optimized Linux distribution targeted at experienced users. The focus is "keep it simple", which is reflected in a simple tar.xz-based package system, BSD-style initscripts, and a relatively small collection of trimmed packages. Inspiration for Arch Linux.
GNU Guix System	Source-based	A distribution built around the GNU Guix package manager, which provides purely functional package management with build automation, build isolation, easy system upgrades and rollbacks, and an emphasis on free software.[124] Supports amongst others unprivileged package management and per-user profiles.
GoboLinux	Source-based	A Linux distribution which redefines the file system hierarchy by installing everything belonging to one application in one folder under /Programs, and using symlinks from /System and its subfolders to point to the proper files.
NixOS	Source-based	Declarative Linux distribution with atomic upgrades and rollbacks built on top of Nix package manager. Any package build is able to be freely edited and rebuilt from source. An official binary cache is also available for unmodified packages.
Source Mage	Source-based	A source code-based Linux distribution, descended from Sorcerer.
T2 SDE	Source-based	A System Development Environment for building a Linux distribution.
4MLinux	Non-categorized Distributions	a lightweight Linux distribution made for both 32-bit and 64-bit. When installing programs with the distribution, the distribution will retrieve the Windows version rather than the Linux version due to it coming pre-installed with Wine (A compatibility layer for Windows applications), and not having any package manager.
Alpine Linux	Non-categorized Distributions	A security-oriented, lightweight Linux distribution based on musl and BusyBox. Has a derivative, postmarketOS, for mobile devices.
CHAOS	Non-categorized Distributions	a small (6 MB) Linux distribution designed for creating ad hoc computer clusters.
Chimera Linux	Non-categorized Distributions	An independent Linux distribution that uses FreeBSD utilities, LLVM and Clang for compiling software, dinit init system, and musl libc.
Clear Linux OS	Non-categorized Distributions	Intel's rolling-release Linux distribution, optimized for Intel's own processors for performance and security.
DD-WRT	Non-categorized Distributions	Embedded firewall Linux distribution.
Dragora GNU/Linux-Libre	Non-categorized Distributions	A Linux distribution written entirely from scratch[125] and sharing some similarities with Slackware. Approved by the GNU Project as a free operating system.[126]
ELinOS	Non-categorized Distributions	Linux distribution for embedded systems by SYSGO. ELinOS focuses on industrial application and provides real-time extensions.
Firefox OS	Non-categorized Distributions	A discontinued open-source operating system – made for smartphones, tablet computers and smart TVs – designed by Mozilla and external contributors.
fli4l	Non-categorized Distributions	A router and firewall Linux distribution[127]
Foresight Linux	Non-categorized Distributions	A rolling release Linux distribution built around the Conary package manager.
GeeXboX	Non-categorized Distributions	Live CD media center Linux distribution, mainly to play special-encoded video files (e.g.: .ogg, XVID) on home theater.
Jlime	Non-categorized Distributions	Linux distribution for the HP Jornada 6xx and 7xx and NEC MobilePro 900(c) handhelds.
KaiOS	Non-categorized Distributions	A mobile operating system based on Linux, developed by KaiOS Technologies, a US-based company.

Debian Operating System

Debian had a long history. Founded in 1993 by Ian Murdock, it is one of the early Linux distributions and one that is the basis for many other Linux distributions.

Debian releases are named for characters from the Toy Story movies.

Debian 1.1 Buzz (June 17th, 1996): Named for the Buzz Lightyear.
Debian 1.2 Rex (December 12th, 1996): Named for the plastic dinosaur in the Toy Story movies.
Debian 1.3 Bo (June 5th, 1997): Named for Bo Peep, the shepherdess.
Debian 2.0 Hamm (July 24th, 1998): Named for the piggy-bank in the Toy Story movies.
Debian 2.1 Slink (March 9th, 1999): Named for the slinky-dog in the movie.
Debian 2.2 Potato (15 August 2000): Named for "Mr Potato Head" in the Toy Story movies.
Debian 3.0 Woody (19 July 2002): Named for the main character the Toy Story movies: "Woody" the cowboy.
Debian 3.1 Sarge (6 June 2005): Named for the sergeant of the Green Plastic Army Men.
Debian 4.0 Etch (8 April 2007): Named for the sketch toy in the movie.
Debian 5.0 Lenny (February 2009): Named for the wind up binoculars in the Toy Story movies.
Debian 6.0 Squeeze (February 2011): Named for the green three-eyed aliens.
Debian 7.0 Wheezy (May 2013): Named for the rubber toy penguin with a red bow tie.
Debian 8 Jessie (April 2015): Named for the cow girl doll who first appeared in Toy Story 2.
Debian 9 Stretch (June 2017): Named for the toy rubber octopus with suckers on her eight long arms that appeared in Toy Story 3.
Debian 10 Buster (July 2019): Named for Andy's pet dog, received as Christmas present in the end of Toy Story.
Debian 11 Bullseye (August 14th, 2021): Named for Woody's wooden toyhorse that appeared in Toy Story 2.

User Interface (UI) | CLI vs GUI

Usually there are two different interfaces available in all operating systems. These interfaces are Command Line Interface (CLI) and Graphical User Interface (GUI).

What are the different types of UIs (User Interfaces)?

CLI (Command-Line Interface) | A command-line interface is a means of interacting with a computer program by inputting lines of text called command-lines. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user-friendly alternative to the non-interactive interface available with punched cards.
GUI (Graphical User Interface) | A graphical user interface is a form of user interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation. In many applications, GUIs are used instead of text-based UIs, which are based on typed command labels or text navigation.

Linux GUI | Graphical User Interface

Linux provides variety of GUI known as desktop environment. Each desktop environment has peculiar features. The most popular and widely used desktop environments available on Linux are:

GNOME | GNOME is bundled as the default desktop environment for many distributions, including RHEL, Fedora, CentOS, SUSE Linux Enterprise, and Debian. GNOME has menu-based navigation
KDE | KDE is another popular desktop environment, KDE is often used in SUSE and openSUSE
XFCE | XFCE is a free and open-source desktop environment for Linux and other Unix-like operating systems. Xfce aims to be fast and lightweight while still being visually appealing and easy to use. It embodies the traditional Unix philosophy of modularity and re-usability
LXDE | LXDE (Lightweight X11 Desktop Environment) is a free, open-source desktop environment for Linux that is designed to be fast, energy-efficient, and lightweight. It's a good choice for older or resource-constrained computers, such as netbooks, mobile devices, or cloud computers
Unity | In Unity, the graphical user interface (GUI) is a subset of the user interface (UI) that includes graphical representations like images, animations, and icons

SSH (Secure Shell) | Remote Access

Secure Shell (SSH) is a network protocol that allows users to securely connect to and access computers, routers, and servers over an unsecured network. SSH is often used for remote logins, file transfers, and managing applications.

Key Features

Encryption: SSH encrypts communication between computers, making it suitable for use on insecure networks
Remote access: SSH allows users to remotely log in to and perform operations on other computers
File transfer: SSH enables users to securely transfer files between computers
Tunneling: SSH also enables tunneling
Automated access: SSH tools can be used by non-human entities to access other devices with little to no human intervention

SSH Design: The first version of SSH designed in 1995 by Tatu Ylönen, a researcher at Helsinki University of Technology in Finland.

How to access Linux terminal remotely through Windows

It is possible to access the Linux terminal remotely using Windows PowerShell through SSH (Secure Shell).

Installing SSH on Linux

For non-root users, use the command "sudo" to perform administrative tasks
Update the list of available packages and their versions stored | Command: apt update
Install SSH | Command: apt install openssh-server

Accessing SSH

On Windows, open "Powershell"
Establish connection | Command: SSH <username>@<linux ip>
- Example: SSH johnsmith@10.10.1.217
When connection question pops up, choose "Yes"
Insert your "Password"
The Linux Terminal will be connected

Accessing SSH using "Root" User

On Linux machine, open the Terminal
For non-root users, use the command "sudo" to perform administrative tasks
(Optional) If you've never used "root" user before, change password | Command: sudo passwd root
Inform your password to elevate your "sudo" rights, than inform the "root" password, and confirm it
Edit the SSH config to "Permit Root Login" | Command: nano /etc/ssh/sshd_config
Find the line "#PermitRootLogin prohibit-password" and change to "PermitRootLogin yes"
Press "Ctrl+X", yes to save it
Restart the SSH service
- 1 Option | Restart only the SSH service | Command: systemctl restart ssh
- 2 Option | Restart the Linux machine | Command: shutdown -r now
Try to access again with "root" user (see all steps above) | Command: ssh root@<linux ip>

Installing Packages

How to install packages on Ubuntu with one command line.

Preparing to install the packages

For non-root users, use the command "sudo" to perform administrative tasks
It is recommended run the update command (if your system is not updated) | Command: apt update
Than, check if you already have the package | Command: <package> --version

Installing the desired packages

Netstat | Command: apt install net-tools
- Netstat derived from the words network and statistics and it is a command-line utility used by system administrators for analyzing network statistics. It displays a whole manner of statistics such as open ports and corresponding addresses on the host system, routing table, and masquerade connections
NMap | Command: apt install nmap
- Nmap is a powerful network discovery and security auditing utility that is free, open-source, and easy to install. Nmap scans for vulnerabilities on your network, performs inventory checks, and monitors host or service uptime, alongside many other useful features.
Snap | Command: apt install snapd
- Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system
Curl | Command: apt install curl
- Curl (Client URL) is a command-line tool used for transferring data with various protocols, including HTTP, HTTPS, FTP, and many more. Ubuntu, being one of the most popular Linux distributions, often has curl available in its software repositories. This allows users to easily install and update curl using Ubuntu’s package management tools like apt
Crontab | Command: apt install cron
- The cron command-line utility is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs, also known as cron jobs, to run periodically at fixed times, dates, or intervals.

Hostname

How to check and manage hostname

For non-root users, use the command "sudo" to perform administrative tasks
Check your current Hostname | Command: hostname
Check additional Hostname information | Command: hostnamectl
Change the Hostname | Command: hostnamectl set-hostname <New-Hostname>
- Example: hostnamectl set-hostname ubuntu

Linux | Timezone

How to check and manage timezone

For non-root users, use the command "sudo" to perform administrative tasks
Check your current Timezone | Command: timedatectl
Verify the list of all timezones | Command: timedatectl list-timezones
Or you can find the right timezone per city | Command: timedatectl list-timezones | grep <city>
- Example: timedatectl list-timezones | grep London
Change the Timezone | Command: timedatectl set-timezone <timezone>
- Example: timedatectl set-timezone Europe/London
Check your new Timezone | Command: timedatectl

Linux | Mounting an SMB Drive

How to Mount an SMB Drive on Ubuntu

Mount an SMB Password-Protected Share Drive

Open your Linux Terminal
For non-root users, use the command 'sudo' to perform administrative tasks
Install CIFS | Command: apt install cifs-utils
Create the Mount Directory | Command: mkdir <local-directory>
- Example: mkdir /mnt/smb-media
(Optional) Check details about file systems | Command: stat <local-directory>
- Example: stat /mnt/smb-media
- File System Info | Access: (0777/drwxrwxrwx) UID: (0/root) GID: (0/root)
- Changing Directory Permission | If you need change the directory permission | Check it here
Mount the SMB Drive | Command: mount -t cifs -o username=<user>,password=<password>,uid=0,gid=0,rw,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777 //<smb-ip-address>/<sharedrive-name> <local-directory>
- Example: mount -t cifs -o username=JohnSmith,password=Secret123,uid=0,gid=0,rw,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777 //192.168.0.115/storage /mnt/smb-media
- (Optional) If you want to mount a specific directory inside the SMB drive | //<smb-ip-address>/<sharedrive-name>/<directory> | Example: //192.168.115/storage/media
Verify that SMB is mounted correctly | Command: ls <local-directory>
- Example: ls /mnt/smb-media

Auto-mount on boot an SMB Password-Protected Share Drive Permanently

Open your Linux Terminal
For non-root users, use the command 'sudo' to perform administrative tasks
Install CIFS | Command: apt install cifs-utils
Create the Mount Directory | Command: mkdir <local-directory>
- Example: mkdir /mnt/smb-media
Edit the 'fstab' file | Command: nano /etc/fstab
Add this line | //<smb-ip-address>/<sharedrive-name> <local-directory> cifs username=<user>,password=<password> 0 0
- Example: //192.168.0.115/storage /mnt/smb-media cifs username=JohnSmith,password=Secret123 0 0
- (Optional) If you want to mount a specific directory inside the SMB drive | //<smb-ip-address>/<sharedrive-name>/<directory> | Example: //192.168.115/storage/media
Reload the new 'fstab' version | Command: systemctl daemon-reload
Mount the SMB Drive | Command: mount <local-directory>
- Example: mount /mnt/smb-media

Verify that SMB is mounted correctly | Command: ls <local-directory>
- Example: ls /mnt/smb-media

Unmount the SMB Drive

1 Option | Unmount the drive
- (Optional) If you are inside the drive, leave the directory or it will be currently busy | Command: cd
- Unmount the Drive| Command: umount -i <local-drive>
  - Example: umount -i /mnt/smb-media

2 Option | Unmount the permanent drive
- Edit the 'fstab' file| Command: nano /etc/fstab
- Remove the previous added line | //<smb-ip-address>/<sharedrive-name> <local-directory> cifs username=<user>,password=<password> 0 0
- Reload the new 'fstab' version | Command: systemctl daemon-reload
- (Optional) If you are inside the drive, leave the directory or it will be currently busy | Command: cd
- Unmount the Drive| Command: umount -i <local-drive>
  - Example: umount -i /mnt/smb-media
3 Option | Unmount the drive if the target is busy or currently in use (be careful) | Laze Unmount
- (Optional) Verify the processes | Command: lsof | grep <local-drive>
  - Example: lsof | grep /mnt/smb-media
- Leave the directory | Command: cd
- Unmount the Drive (laze unmount)| Command: umount -l <local-drive>
  - Example: umount -l /mnt/smb-media

Linux | Change Mode (chmod) | Access Permission

Purpose

The chmod, or change mode, command allows an administrator to set or modify a file’s permissions. Every UNIX/Linux file has an owner user and an owner group attached to it, and every file has permissions associated with it.

The permissions are as follows: Read, Write, or Execute.

Application

UNIX/Linux systems have many users. In this context, a user may refer to an individual or a system operation. UNIX/Linux identifies each user with a UID, and users may be organized into groups.

Syntax

Chmod Syntax for Files| Command: chmod <mode/access-code> <file>
- Example: chmod 720 readme.txt

Chmod Syntax for Directories| Command: chmod <mode/access-code> <directory>
- Example: chmod 777 /mnt/sharedfolder

Each number in the mode parameter represents the permissions for a user or group of users:

The first number represents the file’s owner
The second number represents the file’s group
The third number represents everyone else

The Change Mode (chmod) Parameters Reference Table below shows the eight numbers that can be used within the chmod parameter.

The RWX specifies Read, Write, and Execute access, offering a binary value for each operation.

1 = "Yes"
0 = "No"

If RWX reads 110, then that permission may Read and Write, but not Execute.

Parameters Reference

Number 0 | None | RWX 000

Number 1 | Execute Only | RWX 001

Number 2 | Write Only | RWX 010

Number 3 | Write and Execute | RWX 011

Number 4 | Read Only | RWX 100

Number 5 | Read and Execute | RWX 101

Number 6 | Read and Write | RWX 110

Number 7 | Read, Write, and Execute | RWX 111

Example 1

Access Code = 720
- 7 = File’s owner may Read, Write and Execute the file
- 2 = File’s group may only Write the file
- 0 = All others cannot access the file

Example 2

Access Code = 600
- 6 = File’s owner may Read and Write the file
- 0 = File’s group cannot access the file
- 0 = All others cannot access the file

Linux | File Hierarchy Structure

Linux file hierarchy structure describes the directory structure and it's contents in Unix and Unix-like Operating systems. It is maintained by Linux Foundation.

/bin
- /bin | This directory contains executable programs which are needed in single user mode and to bring the system up or repair it
- /usr/X11R6/bin | Binaries which belong to the X-Window system; often, there is a symbolic link from the more traditional /usr/bin/X11 to here.
- /usr/bin | This is the primary directory for executable programs. Most programs executed by normal users which are not needed for booting or for repairing the system and which are not installed locally should be
- /usr/local/bin | Binaries for programs local to the site. It contains binaries of the third-party apps we install. Any local executable that didn't come with the Linux install may get it's place here
/boot
/dev
/etc
/lib
/media
/mnt
/opt
/home
/var
/usr
/tmp
/sys
/proc
/root
/sbin | It contains the binaries for root users

/etc/ssl/certs/

/etc/ssh/sshd_config

/etc/passwd

Linux | SAMBA (SMB)

Samba is an open-source software package that allows users to share files and print services across a network, including between Linux and Windows systems. It's a common way to network Ubuntu and Windows computers.

Samba uses the Server Message Block (SMB) and Common Internet File System (CIFS) protocols, making it available to clients running Linux, macOS, and Windows. It's a useful service for organizations that support multiple operating systems, and can also be useful on networks that are homogeneous.

Here are some things Samba can do:

File sharing: Samba allows users to share files, directories, and print services across a network
Access permissions: Samba allows users to grant read, write, and anonymous access permissions on a shared directory
Authentication and authorization: Samba supports authentication and authorization
Name resolution: Samba supports name resolution, such as DNS
Service announcements: Samba supports service announcements between Linux/Unix servers and Windows clients

Install and Configure Samba on Ubuntu

Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
Install Samba | Command: apt install samba
(Optional) Check the installation | Command: whereis samba
- Output Example: samba: /usr/sbin/samba /usr/lib/samba /etc/samba /usr/share/samba /usr/share/man/man7/samba.7.gz /usr/share/man/man8/samba.8.gz
(Optional) Create a directory to share | Command: mkdir /home/public
Configuring Samba File, open the CONF file | Command: nano /etc/samba/smb.conf
- Copy and paste the lines below in the bottom of the file and save it:
  - Lines:

[share]
comment = Ubuntu File Server Share
path = /home/public
browsable = yes
guest ok = yes
read only = no
create mask = 0755

Restart the service | Command: service smbd restart
(Optional) Maybe you need to adjust your firewall | Command: ufw allow samba

* Warning: Your directory maybe not showing in the Windows Network, but it is there, and you can map it as network drive

Linux | Certificates

How to add a Certificate on Ubuntu

Issue your Certificate
Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
(Optional) If your system id not updated | Update Ubuntu | Command: apt update
(Optional) If you don't have the CA-Certificate | Command: apt install ca-certificates -y
1 Option | If you already have your Certificate file in the system
- Go to certificate directory | Command: cd <directory-of-certificate>
- Copy the certificate to right directory | Command: cp local-ca.crt /usr/local/share/ca-certificates
2 Option | Create the certificate ".crt" file direct in the directory
- Go to Certificate directory | Command: cd /usr/local/share/ca-certificates
- Create the file ".crt" | Command: nano <FileName>.crt
  - Example: nano myCert.crt
- Copy and Past you Certificate key to the file, exit "Ctrl+X" and Save it
Update the Certificates | Command: update-ca-certificates
The CA trust store (as generated by update-ca-certificates) will be available, as a single file (PEM bundle), at /etc/ssl/certs/ca-certificates.crt
You can check the file | Command: nano /etc/ssl/certs/ca-certificates.crt

Linux | Unattended Upgrades

Check the Debian Unattended Upgrades page: https://wiki.debian.org/UnattendedUpgrades

Install Unattended Upgrades on Ubuntu

Open your Linux Terminal
For non-root users, use the command "sudo" to perform administrative tasks
Install Unattended-Upgrades package | Command: apt-get install unattended-upgrades apt-listchanges

Configuring Unattended Upgrades

Copy file | Command: cp /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/52unattended-upgrades-local
Configure the unattended upgrades | Command: nano /etc/apt/apt.conf.d/52unattended-upgrades-local
- This '50' file will be overwritten by '52': /etc/apt/apt.conf.d/50unattended-upgrades
Configure '20auto-upgrades' | Command: dpkg-reconfigure unattended-upgrades
- Confirm with 'yes'
- This file is modified (you can also configure directly) | File: /etc/apt/apt.conf.d/20auto-upgrades
Configure 'apt-listchanges' | Command: nano /etc/apt/listchanges.conf

Changing Schedules

Update Schedule | Command: systemctl edit apt-daily.timer
- Restart Schedule | Command: systemctl restart apt-daily.timer
- (Optional) Checking Status | Command: systemctl status apt-daily.timer
- Original schedule file | File: /lib/systemd/system/apt-daily.timer
  - Recommended to not change the original, but if you do, reload it | Command: systemctl daemon-reload
- Gets overridden by | File: /etc/systemd/system/apt-daily.timer.d/override.conf
Upgrade Schedule | Command: systemctl edit apt-daily-upgrade.timer
- Restart Schedule | Command: systemctl restart apt-daily-upgrade.timer
- (Optional) Checking Status | Command: systemctl status apt-daily-upgrade.timer
- Original schedule file | File: /lib/systemd/system/apt-daily-upgrade.timer
  - Recommended to not change the original, but if you do, reload it | Command: systemctl daemon-reload
- Gets overridden by| File: /etc/systemd/system/apt-daily-upgrade.timer.d/override.conf

Verifying Unattended Upgrades

(Optional) Manual Run | Command: unattended-upgrade -d
(Optional) Check Unattended Upgrades Log | Command: nano /var/log/unattended-upgrades/unattended-upgrades.log

Warnings

Email: To receive emails, you need to set up email first (using postfix for example) and then set up unattended updates
Schedule: You only check the agenda correctly the next day, after the calendar is reset correctly

Config Files

Example of how to override the download time via 'apt-daily.timer'

[Unit]

Description=Daily apt download activities

[Timer]

OnCalendar=

OnCalendar=*-*-* 6,18:00

RandomizedDelaySec=12h

Persistent=true

[Install]

WantedBy=timers.target

Example of how to override the download time via 'apt-daily-upgrade.timer'

[Unit]

Description=Daily apt upgrade and clean activities
After=apt-daily.timer

[Timer]

OnCalendar=

OnCalendar=*-*-* 06:00

RandomizedDelaySec=2h

Persistent=true

[Install]

WantedBy=timers.target

Example of 'listchanges.conf'

[apt]
frontend=pager
which=both
email_address=root
email_format=text
confirm=false
headers=false
reverse=false
save_seen=/var/lib/apt/listchanges.db

Bash Scripting

How to Create and Execute Bash scripts

Script naming conventions

By naming convention, bash scripts end with ".sh". However, bash scripts can run perfectly fine without the "sh" extension.

Adding the Shebang

Bash scripts start with a "shebang". Shebang is a combination of "bash #" and "bang !" followed by the bash shell path. This is the first line of the script. Shebang tells the shell to execute it via bash shell. Shebang is simply an absolute path to the bash interpreter.

Bash Shell Path | Command: which bash

Examples of the shebang statement:

#! /bin/bash
#! /user/bin/bash

Creating your Bash Script

For non-root users, use the command "sudo" to perform administrative tasks
Creating a directory to your script | Command: mkdir <directory>
- Example: mkdir /home/script
Creating the file name with "touch" | Command: touch <filename>
- Example: touch /home/script/update.sh
Assign execution rights to your user, to make the script executable | Command: chmod u+x <filename>
- Example: chmod u+x /home/script/update.sh
- "chmod" modifies the ownership of a file for the current user "u"
- "+x" adds the execution rights to the current user. This means that the user who is the owner can now run the script
- "update.sh" is the file we wish to run
Open with editor "nano" to create your script | Command: nano <filename>
- Example: nano /home/script/update.sh
Write your Script | Check the example below to update your Ubuntu
When you finish it, press Ctrl+X and Save
To run your script | Command: bash <filename>
- Example: bash /home/script/update.sh
- Other example: sh /home/script/update.sh

Example to run the update

---

#! /bin/bash

# Update and Upgrade

apt-get update; apt-get dist-upgrade -y

# Remove and Clean

apt-get autoremove; apt-get autoclean

#Write a Log

echo "Update Run: `date`" >> /home/script/update.log

# End

exit

---

Executing Bash Scripts on Multiple Remote Servers

How to access a remote server bypassing the password prompt

You can use a RSA Keypair to bypass the password request.

Open your Linux Terminal on Local Server
For non-root users, use the command "sudo" to perform administrative tasks
Generating a RSA Keypair | Command: ssh-keygen
- Enter file in which to save the key: Blank
- Passphrase: Blank
- Confirm Passphrase: Blank
Two files will be created
- Example: "id_rsa" ans "id_rsa.pub"
- You can see the files in the ssh directory | Command: cd ~/.ssh
Copy the keypair to the Remote Server | Command: ssh-copy-id <userid>@<hostname>
- Example: ssh-copy-id root@ubuntu.home.arpa
- You can see the rsa keypair copied | Command: cat ~/.ssh/authorized_keys
Now you can log in without a password | Command: ssh <userid>@<hostname>
- Example: ssh root@ubuntu.home.arpa

How to run a local script on a remote server

You can use the options below to run a local script on a remote server without having the script on your remote server.

Option 1 | Command: ssh user@remote_server 'bash -s' < localfile
Option 2 | Command: ssh user@remote_server "$(< localfile)"

Option 3 | Command: cat localfile | ssh user@remote_server

How to run a local script on multiple remote servers

You can create a script to run a script on multiple remote servers.

Username = This is the username of your remote server

Hosts = This is your remote servers

Script = This is your command to run your script (see options above)

Example:

---

#! /bin/bash
USERNAME="root"
HOSTS="ubuntu1.home.arpa ubunt2.home.arpa"
SCRIPT="bash -s < /home/update.sh"
for HOSTNAME in ${HOSTS}
do
ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"
done

---

Linux | Commands

ssh - Secure Shell command in Linux
sudo - Command to escalate privileges in Linux
ls - The most frequently used command in Linux to list directories
pwd - Print working directory command in Linux
cd - Linux command to navigate through directories
mkdir - Command used to create directories in Linux
mv - Move or rename files in Linux
cp - Similar usage as mv but for copying files in Linux
rm - Delete files or directories
touch - Create blank/empty files
ln - Create symbolic links (shortcuts) to other files
cat - Display file contents on the terminal
clear - Clear the terminal display
echo - Print any text that follows the command
less - Linux command to display paged outputs in the terminal
man - Access manual pages for all Linux commands
uname - Linux command to get basic information about the OS
whoami - Get the active username
tar - Command to extract and compress files in Linux
grep - Search for a string within an output
head - Return the specified number of lines from the top
tail - Return the specified number of lines from the bottom
diff - Find the difference between two files
cmp - Allows you to check if two files are identical
comm - Combines the functionality of diff and cmp
sort - Linux command to sort the content of a file while outputting
export - Export environment variables in Linux
zip - Zip files in Linux
unzip - Unzip files in Linux
service - Linux command to start and stop services
ps - Display active processes
kill and killall - Kill active processes by process ID or name
df - Display disk filesystem information
mount - Mount file systems in Linux
chmod - Command to change file permissions
chown - Command for granting ownership of files or folders
ifconfig - Display network interfaces and IP addresses
traceroute - Trace all the network hops to reach the destination
wget - Direct download files from the internet
ufw - Firewall command
iptables - Base firewall for all other firewall utilities to interface with
apt, pacman, yum, rpm - Package managers depending on the distro
cal - View a command-line calendar
alias - Create custom shortcuts for your regularly used commands
dd - Majorly used for creating bootable USB sticks
whereis - Locate the binary, source, and manual pages for a command
whatis - Find what a command is used for
top - View active processes live with their system usage
useradd and usermod - Add new user or change existing users data
passwd - Create or update passwords for existing users

Command	Description	Type	Example	Comments
<program> --help	Display this help	System	wireshark --help
<program> --version	Check installed program version	System	wireshark --version
hostname	Show hostname	System
lsb_release -a	Display Linux release information	System
man <command>	Display the user manual	System	man groups	Show de manual of the command groups
reboot now	Reboot system now	System
shutdown -h now	Shutdown system now	System
sudo	Super User privileges to run commands	System		Temporarily elevate your current user account to have root privileges
uname -a	Display information about your system	System
adduser <user> <user group>	Add a User to a Group	User Management	adduser john001 group1
chgrp <group> <group file>	Change group ownership	User Management	chgrp wireshark /usr/bin/dumpcap	Changes the group of the file or directory specified by the File or Directory parameter to the group specified by the Group parameter
deluser <username>	Delete a user	User Management	sudo deluser john001

References: Wikipedia (www.wikipedia.org); Google (www.google.com); Oracle (www.oracle.com); Raspberry PI (www.raspberrypi.org); Microsoft (www.microsoft.com); CloudFlare (www.cloudflare.com)