Questions about this topic? Sign up to ask in the talk tab.

Bash

From NetSec
(Redirected from Bash firewall manipulation)
Jump to: navigation, search
RPU0j.png
Bash is currently in-progress. You are viewing an entry that is unfinished.

Getting Started

Bash, (bourne-again shell) is the linux command line utility similar to MS-DOS.

You will need some version of Linux to run this.

Usually the application you are looking for is `xterm' or `terminal' in the desktop, or you can access this via ssh. It will be easier to learn all of this if you have the root password, or if you are listed in the sudoers file. The two most important commands are `info' and `man'. Many tutorials will teach you about the `man' pages. You can access any command's manual by typing `man commandname'. What many tutorials do not tell you about is `info coreutils'. Here's a small snippet of `info coreutils' listing:

  • Introduction:: Caveats, overview, and authors
  • Common options:: Common options
  • Output of entire files:: cat tac nl od base64
  • Formatting file contents:: fmt pr fold
  • Output of parts of files:: head tail split csplit
  • Summarizing files:: wc sum cksum md5sum sha1sum sha2

The info command will let you move with pageup and pagedown, as well as use errors to select words and hit enter to follow the link kind of in a wiki like format.

If you want to view details of a command type "man <command here> in your linux terminal

File System

Linux's File System hierarchy differs greatly from that of Windows. Windows only understands NTFS (New Technology File System) and FAT16/32 (File Allocation Table) systems. Linux on the other hand is able to manage dozens of filesystems, the supported ones on a real installation will depend on the kernel modules loaded/compiled, but the most used File Systems are EXT2/3/4, XFS, and ReiserFS. These file systems are journaling file systems, unlike Windows' NTFS, which in short makes the file-system more robust and less prone to data loss, and due to design principles those file systems do not fragment either.

Understanding the way Linux views files and file systems is important, since Linux follows the UNIX mentality of "everything is a file". From hardware devices to sockets, everything can be seen as a file on disk, from which a program can read from or write to.

If you run the following command:

 
user@host:~$ df -h
 

You will get as output the currently mounted file systems. It will look similar to this:

  Filesystem                Size  Used Avail Use% Mounted on
  /dev/sda2                 100G   10G   90G  10% / 
  /dev/sda1                 100M   30M   70M  30% /boot
  tmpfs                     1.5G     0  1.5G   0% /dev/shm

As you can see, the hard drive is treated as a file itself, namely /dev/sda. The number X in /dev/sdaX corresponds to that particular partition on the hard drive.

Your partitions are not formatted into drive letters. The ``mount points are directories under root (which is /), and taking the above output of df as an example, the first partition on disk /dev/sda is mounted to /boot, so writing to /boot will write to that first partition. The mount points can be found in:

  • /proc/mounts
  • /etc/fstab
  • /etc/mtab

You can also view these with the following commands:

  • mount
  • fdisk
  • cfdisk

Directories

You can change directory with the 'cd' command. Listing directories is done with the `ls' command. On certain systems, the `dir' command has been setup as a shortcut to `ls' to help new linux users. Example:

 
user@host:~$ ls -a
 

ls -a will show you all of the hidden files and folders alongside the normal files and folders. On linux a hidden file/folder has a . in front of it so you can keep it in the background and not display them all every time you want to just use "ls".

  .gconfd                .sudo_as_admin_successful  Pictures
  .xsession-errors       .cache                     Public
  .gconf                 .pulse                     Templates
  .config                .nautilus                  Videos
  .gnome2                .gtk-bookmarks             Desktop
  .thumbnails            .esd_auth                  Downloads

Another way of displaying files is using the `-lash' flags with `ls'. As an example:

 
user@host:/proc$ ls -lash
 
total 4.0K
  0 dr-xr-xr-x 207 root       root           0 2010-12-01 20:35 .
  0 drwxr-xr-x  22 root       root        4.0K 2010-12-02 20:03 ..
  0 dr-xr-xr-x  10 root       root           0 2010-12-01 20:35 acpi
  0 dr-xr-xr-x   4 root       root           0 2010-12-02 20:50 asound
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 buddyinfo
  0 dr-xr-xr-x   4 root       root           0 2010-12-02 20:50 bus
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cgroups
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cmdline
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cpuinfo
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 crypto
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 devices
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 diskstats
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 dma
  0 dr-xr-xr-x   3 root       root           0 2010-12-02 20:50 driver
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 execdomains
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 fb
  0 -r--r--r--   1 root       root           0 2010-12-02 20:50 filesystems
  0 dr-xr-xr-x   8 root       root           0 2010-12-01 20:38 fs

Using the `-lash' argument will display all files and file permission which we'll discuss later on.

You can also list only directories by using 'grep' and | which lets the terminal know you want to use the second command in conjunction with the first as shown below:

 
user@host:~/Downloads$ ls | grep randomfi
 
randomfile.jpg randomfino.txt randomfilooo.mp3

/proc

Properties:<toggledisplay>

  • Filesystem Type: procfs
  • Does not support ext3 attributes (chattr)
  • Recommended additional mount flags: nosuid
 Should be owned by root for user and group
 Should have permissions: 0555 (dr-xr-xr-x)

</toggledisplay> Using this virtual filesystem you can obtain information about the system and processes running on it. These two files contain information about the hardware, specifically the capabilities of the CPU and RAM:

  • /proc/cpuinfo
  • /proc/meminfo

/proc/mounts contains all of the information that is used by the `mount' command.

/proc/PID/environ contains all of the environment variables for the associated PID.

/proc/PID/maps contains an index of all loaded files by the associated PID in memory.

/etc

Properties: <toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay> This partition is normally used to contain global configuration files, for example, /etc/X11/xorg.conf is the system's configuration file for X Windows.

/bin

Properties:<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0755 (drwxr-xr-x)

</toggledisplay> This directory contains essential commands that need to be accessible anytime the system is operable (i.e., even in single user mode), and are accessible by all users. Examples: cat, ls, cp, mv.

/sbin

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay> This directory contains essential system binaries that regular users should not have access to. Examples: mount, init, shutdown.

/var

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay> This directory holds `Variable Files', a temporary (but not volatile) storage directory which contains files that are used to keep and manage states for applications. For example, the MySQL keeps its socket files in this directory when it is running, and the client looks for those files here when connecting locally.

/home

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay> This is the directory in which user files are stored. Each non-daemon user tends to have a directory under here named /home/user, where `user' is the user's account name. This is the user's private directory.

/tmp

<toggledisplay>

  • Filesystem Type: tmpfs
  • Recommended additional mount flags: nosuid,noexec,nodev
 Should be owned by root for user and group
 Should have permissions: 1777 (drwxrwxrwt)

</toggledisplay> This directory keeps temporary or `scratch' files. Most applications will use this directory when putting temporary files to work on, or will create a directory here for caches. If this is mounted on a ramdisk, it is volatile. Many times this directory is wiped periodically or upon system boot / shutdown.

Files

You can view files for now using the commands:

  • cat
  • less
  • more

You can exit `more' or `less' by typing `q'. You can search for text by pressing `/' and go to a specific line number by typing `:'.

The syntax is simply [command] [filename]. You can edit files with:

  • nano
  • pico
  • vi
  • vim
  • emacs

Nano and pico are the easiest to use. To learn to vim, use the `vimtutor' command.

You can search for things inside of files using the grep command.

You can delete files using the rm command.

.bashrc

.ssh/known_hosts

/etc/motd

Partitioning & Formatting

fdisk

  • fdisk is the command-line utility that provides disk partitioning functions for almost all operating systems.

fidsk is a very powerful tool, it can allow you to look at something as little as a list of drives and all the information gathered about those drives, or it can be used to format almost seemingly broken hard drives into perfectly working machines once again. fdisk is a very powerful tool that has been around for many years and will not be going anywhere anytime soon.

The fdisk commands can be found by going into your command-line interface (CLI), and typing fdisk. It will spit out this onto your screen.

Example:

 livecd ~ # fdisk
 Usage:
  fdisk [options] <disk>    change partition table
  fdisk [options] -l <disk> list partition table(s)
  fdisk -s <partition>      give partition size(s) in blocks
 Options:
  -b <size>                 sector size (512, 1024, 2048 or 4096)
  -c                        switch off DOS-compatible mode
  -h                        print help
  -u <size>                 give sizes in sectors instead of cylinders
  -v                        print version
  -C <number>               specify the number of cylinders
  -H <number>               specify the number of heads
  -S <number>               specify the number of sectors per track

cfdisk,mkfs

Commands

Text Manipulation

`cat',`tac',`head',`tail',`sed',`awk',`grep'

File Manipulation

>, >> , &>, touch, rm

Process Manipulation

ps, top, kill, skill, pkill, killall

Debugging

strace ptrace gdb kgdb

Network Manipulation

ifconfig, dhcp clients, packet injectors, sniffers

Firewall Manipulation

iptables nufw

FileSystem Manipulation

mount, umount, losetup

Pipes & Golfing in Bash

piping to sh

Bash is part of a series on administration.