• General Links
• Terminals
• Shell Scripting
• Unix + S3 mounting via rclone
• Process Control
• Utilities
• Networking
• DNS - NetworkManager
• Scripting
• Security
• Hardening & Auditing - General

General Links

• Regex101.com: An online aid platform to practice Regex
• Very cool visual man page for shell explainshell.com (Recommended)
• AWK guide by Melvyn Drag (YouTube - 51 mins)
• Regex tutorial from scratch by Corey Schafer (YouTube - 38 mins)
• Linux CLI and shell environment from MIT (Youtube - Highly recommended. Very deep and comprehensive)

Terminals

This is not about scripting. It's about Shells, Terminal emulators, etc.

(Session Managers, Terminals & Emulators - Tmux, Terminator, Warp, Teleport, Termius, WSL, Tricks like Vim in Bash, etc.)

explainshell.com - match command-line arguments to their help text

match command-line arguments to their help text

explainshell.com

Shell Scripting

(Only references):

deer-run.com

deer-run.com

Bash scripting cheatsheet

Variables · Functions · Interpolation · Brace expansions · Loops · Conditional execution · Command substitution · One-page guide to Bash scripting

devhints.io

Unix + S3 mounting via rclone

Amazon S3

The S3 backend can be used with a number of different providers: Paths are specified as remote:bucket (or remote: for the lsd command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir.

rclone.org

Process Control

Nohup vs. Disown:

nohup and disown are both used to run a command in the background and detach it from the terminal, but they work in slightly different ways:

• nohup (short for "no hangup") is a command that is used to run a command in the background and prevent it from being terminated when the terminal is closed or the user logs out. This is done by redirecting the input and output of the command to a file called nohup.out and ignoring the SIGHUP signal (which is the signal that is sent to a process when the terminal is closed or the user logs out).
• disown is a command that is used to remove a job from the job control of the current shell. Once a job has been disowned, it can still be running in the background, but it can no longer be controlled by the shell. This means that it will not be affected by the terminal being closed or the user logging out.

In summary, nohup is used to run a command in the background and prevent it from being terminated when the terminal is closed or the user logs out, while disown is used to remove a job from the job control of the current shell.

# Keep a process Running in the background after session is terminated:
nohup <command> & # Will not throw anything to stdout, while:
#
nohup mycommand > mycommand.log & # Will "catch" the stdout generated

Utilities

Symlinks: ln -s /original /newFolder

How to Create Symbolic Links at Command Line of Mac OS X

A symbolic link created at the command line allows a linked object in the file system to point to an original object in a different location. In this way, symbolic links behave much like an alias does in the Mac OS X GUI, except that the linking and reference between files or folders is done at a lower level, and thus can be pointed directly to by various applications or user purposes.

osxdaily.com

Networking

DNS - NetworkManager

(Systemctl & NetworkManager)

vim /etc/NetworkManager/conf.d/dns.conf

[main]
dns=none

# (Modify /etc/resolv.conf) - Optional: Remove "Generated by NetworkManager" in /etc/resolv.conf
systemctl reload NetworkManager

Scripting

"Command Line Kung Fu"

Bash Scripting Cheatsheet

Bash scripting cheatsheet

Variables · Functions · Interpolation · Brace expansions · Loops · Conditional execution · Command substitution · One-page guide to Bash scripting

devhints.io

General Linux info/how-to

Free On-line Linux Technical Books and Tutorials

Free On-line Linux Technical Books and Tutorials

www.linuxtopia.org

Security

Building Custom Profiles

Contents Introduction The Access Control Layer Building Security Profiles Testing Security Profiles Customizing Security Profiles A More Complex Example jailcheck Conclusion Introduction Building F…

firejail.wordpress.com

ACM - Access Control Model

• Discretionary Access Control (DAC) At user's "Discretion" (sudo, Permissions, privileges), based on files & users. Model: Subject/Object.
• NDAC - Non-discretionary Access Control
• RBAC - Role-Based Access Control (Groups)
• MAC - Mandatory Access Control - Groups + Object/Subject. Labeling objects based on privileges, clearance of subject, etc. Example: SELinux

Security Frameworks

Software, Modules - GrSecurity / AppArmor / SELinux:

• Apparmor -> Per program & permissions. Easiest to setup. Lightweight.
• SELinux -> Implements MAC model Limits permissions of programs/users. Strong & Heavy Administration Load. For static systems (Web Servers, etc.).
• GrSecurity -> Low configuration. Not default. Link:https://micahflee.com/2016/01/debian-grsecurity/ (Comprehensive)Link:https://grsecurity.net/compare
• GrSecurity enabled kernels for debian: ColdKernel

Comparison: (OLD) https://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html

PAX -> Patch 4 linux kernel. Least-privilege approach. PaX + Frameworks

Link: https://alpinelinux.org/downloads/

LSM - Linux Security Modules:

Linux Security Modules

Linux Security Modules (LSM) is a framework allowing the Linux kernel to support without bias a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the Linux kernel since Linux 2.6. AppArmor, SELinux, Smack, and TOMOYO Linux are the currently approved security modules in the official kernel.

en.wikipedia.org

Semi-hardened Linux Distributions:

• Pentoo Linux
• Alpine Linux - Main Features: Security/lightweight (VERY lightweight - takes a while to boot it for the first time)
• Arch Linux (Uses PaX & GrSecurity)

Hardening & Auditing - General

Vuls · Agentless Vulnerability Scanner for Linux/FreeBSD

Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog. Vuls v0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors.

vuls.io

• General Links
• Terminals
• Shell Scripting
• Unix + S3 mounting via rclone
• Process Control
• Utilities
• Networking
• DNS - NetworkManager
• Scripting
• Security
• Hardening & Auditing - General

Configure and apply hardening rules in minutes with Ubuntu CIS Benchmark tooling

CIS benchmark has hundreds of configuration recommendations, so hardening a system manually can be very tedious. To drastically improve this process for ente...

www.youtube.com

Sans Hardening and security Checklist: