DEV Community: Baridiilo Poromon

Linux Commands

Baridiilo Poromon — Thu, 27 Mar 2025 01:54:06 +0000

File and Directory Management

ls – List files in a directory

cd [directory] – Change directory

pwd – Print current working directory

mkdir [directory] – Create a new directory

rmdir [directory] – Remove an empty directory

rm [file] – Remove a file

rm -r [directory] – Remove a directory and its contents

cp [source] [destination] – Copy files or directories

mv [source] [destination] – Move or rename files

touch [file] – Create a new empty file

File Viewing and Editing

cat [file] – View file contents

nano [file] – Open file in nano text editor

vim [file] – Open file in Vim editor

head [file] – Display the first 10 lines of a file

tail [file] – Display the last 10 lines of a file

less [file] – View a file page by page

grep "text" [file] – Search for a specific string in a file

Permissions and Ownership

chmod [permissions] [file] – Change file permissions

chown [user]:[group] [file] – Change file owner

ls -l – View file permissions

Process Management

ps aux – List running processes

top – Show real-time process usage

kill [PID] – Terminate a process

kill -9 [PID] – Forcefully terminate a process

htop – Interactive process viewer (if installed)

System Information

whoami – Show current user

hostname – Show system hostname

uname -a – Show system information

df -h – Show disk space usage

du -sh [directory] – Show size of a directory

uptime – Show how long the system has been running

free -h – Show memory usage

Networking

ping [host] – Check network connectivity

ifconfig or ip a – Show IP address and network interfaces

netstat -tulnp – Show open network ports

curl [URL] – Fetch a URL's content

wget [URL] – Download a file

User Management

who – Show logged-in users

id – Show user ID and group ID

adduser [username] – Add a new user

passwd [username] – Change a user's password

su [username] – Switch to another user

sudo [command] – Run a command as superuser

Package Management

Debian/Ubuntu (APT-based)
apt update – Update package lists

apt upgrade – Upgrade installed packages

apt install [package] – Install a package

apt remove [package] – Remove a package

Red Hat/CentOS (YUM/DNF-based)

dnf update – Update system packages

dnf install [package] – Install a package

dnf remove [package] – Remove a package

Arch Linux (Pacman-based)

pacman -Syu – Update system packages

pacman -S [package] – Install a package

pacman -R [package] – Remove a package

Disk Management

fdisk -l – List available disk partitions

mount [device] [directory] – Mount a disk

umount [device] – Unmount a disk

mkfs.ext4 [device] – Format a partition

Logs and Monitoring

dmesg – View system boot logs

journalctl -xe – View system logs

tail -f /var/log/syslog – View real-time system logs

Archiving and Compression

tar -cvf archive.tar [directory] – Create a tar archive

tar -xvf archive.tar – Extract a tar archive

gzip [file] – Compress a file

gunzip [file.gz] – Decompress a file

Other Useful Commands

alias ll='ls -lah' – Create a shortcut for a command

history – Show command history

clear – Clear the terminal screen

echo "Hello" – Print text to the terminal

date – Show the current date and time

shutdown -h now – Shutdown the system

Write your first code using C#

Baridiilo Poromon — Thu, 27 Mar 2025 01:25:53 +0000

Writing the Code: The user writes the C# code into the .NET Editor

Output Display: The Console.WriteLine() function outputs the specified text ("Hello World!") to the console.

// Marks the rest of the line as a code comment.

Console.WriteLine("Hello World!"); prints out "Hello World!" to the console, but since it's commented out, it is ignored and the program will run but produce no output because nothing is executed.

Add three new lines of code to show the difference between the Console.WriteLine() and Console.Write methods.

Console.WriteLine() prints a message to the console. At the end of the line, it adds a line feed similar to pressing Enter or Return to create a new line.

To print to the output console, without adding a line feed at the end, use the second technique, Console.Write(). So, the next call to Console.Write() prints another message to the same line.

SQL Operations

Baridiilo Poromon — Mon, 23 Dec 2024 05:12:18 +0000

After entering the SQLite shell, use SQL commands to create tables. CREATE TABLE: creates a new table. For my assignment I will be making a table about athletes so I type athletes after the CREATE TABLE command.

id INTEGER PRIMARY KEY AUTOINCREMENT: Creates a unique, auto-incrementing identifier for each athlete.

name TEXT NOT NULL: Stores the athlete’s name. The NOT NULL constraint ensures this column cannot be empty.

sport TEXT NOT NULL: Stores the sport the athlete plays. Also NOT NULL.

country TEXT NOT NULL: The country the athlete represents. Also NOT NULL.

age INTEGER: The athlete's age.

height REAL: The athlete’s height (e.g., in meters).

weight REAL: The athlete’s weight (e.g., in kilograms).

INSERT INTO: Adds new data into the athletes table.

Columns Specified: (name, sport, country, age, height, weight) ensures data is added only to these columns. The id column not listed is automatically handled by the database.

VALUES: Contains the data for the specified columns in the same order.

SELECT: Retrieves data from the athletes table.

*: Selects all columns in the table.

FROM athletes: Displays all rows and columns in the athletes table.

ALTER TABLE: Modifies the structure of the existing athletes table.

ADD COLUMN team TEXT: Adds a new column named team to store the athlete’s team.

UPDATE: Modifies existing data in the athletes table.

SET team =: Updates the team column to the value of the team they play for.

WHERE name/country =: Ensures only the row where the athlete's name or country matches is updated.

DELETE FROM athletes: Removes data from the athletes table.

WHERE name =: Deletes only the row where the athlete’s name matches.

Linux Basics

Baridiilo Poromon — Sat, 07 Dec 2024 07:06:53 +0000

The sudo su command allows a user to switch to the root user, which provides administrative privileges over the system. When run, it switches the current user to root without asking for the root password.

The pwd command stands for "print working directory." It is used to display the absolute path of the current working directory in the terminal. It helps you know exactly where you are in the file system.

The ls command is used to list the contents of a directory. It shows files, directories, and other items within the current or specified directory.

The ls -l command displays the contents of a directory in long listing format. This format provides detailed information about each file and directory.

The cd .. command is used to move up one directory level in the file system hierarchy.

The touch command updates the access and modification times of files.

The mkdir command is used to create new directories (folders). You can specify one or more directory names to create them in the current location or at a specified path.

The cp command is used to copy files and directories from one location to another. It can be used for duplicating files, creating backups, or moving files to a different directory while keeping the original intact. source: The file or directory you want to copy. destination: The location where the copy should be placed. It can be a file name or a directory.

The mv command is used to move or rename files and directories. It can transfer a file or directory to a different location or give it a new name in its current location. source: The file or directory you want to move or rename. destination: The target location or new name.

The cat command is used to view, combine, and create text files. It is a tool used to display the contents of a file directly in the terminal or to process and manipulate text files.

The rm command is used to remove files and directories. It permanently deletes them from the file system.

The rmdir command is used to remove empty directories. Unlike rm, which can delete both files and directories (including non-empty ones), rmdir only works with directories that do not contain any files or other directories.

The less command is used to view the contents of a file one page at a time in the terminal. It is similar to the cat command, but more efficient for viewing large files because it allows you to scroll through the content without loading the entire file at once.

The vim command is used to open and edit text files in the Vim text editor.

The uname -a command is used to display system information. It provides detailed information about the kernel version, the operating system, the machine architecture, and other system-related details.

The df -h command is used to display disk space usage. It shows the available and used disk space on the system's file systems, making it easier to monitor disk usage.

The free -h command is used to display memory usage (RAM) on the system. It shows the total, used, and available physical memory (RAM), as well as swap space (virtual memory).

The top command is used to display real time information about the system's processes, CPU usage, memory usage, and other system statistics. Useful for monitoring system health, troubleshooting, and managing processes.

The grep command is used to search for specific patterns within files or input. It allows you to find lines in a file that match a given string or regular expression. It's a tool for filtering and searching through large amounts of data. pattern: The string or regular expression you want to search for. file: The file (or files) where the search should be performed. If no file is specified, grep searches the standard input.

To quit vim editor press the escape key then press shift and ":" then type in "wq" and push enter

Configure a data connector Data Collection Rule

Baridiilo Poromon — Thu, 29 Aug 2024 07:30:04 +0000

Task 1: Configure Data Collection rules (DCRs) in Microsoft Sentinel

In Microsoft Sentinel, go to the Configuration menu section and select Data connectors.

Search for and select Windows Security Events via AMA.

Select Open connector page.

In the Configuration area, select +Create data collection rule.

On the Basics tab enter a Rule Name.

On the Resources tab expand your subscription and the RG1 resource group in the Scope column.

Select VM1, and then select Next: Collect >

On the Collect tab leave the default of All Security Events.

Select Next: Review + create >, then select Create.

Task 2 - Create a near real-time (NRT) query detection.

In Microsoft Sentinel, go to the Configuration menu section and select Analytics.

Select + Create, and NRT query rule (Preview).

Enter a Name for the rule, and select Privilege Escalation from Tactics and techniques.

Select Next: Set rule logic >.

Enter the KQL query into the Rule query form:

code
SecurityEvent
| where EventID == 4732
| where TargetAccount == "Builtin\Administrators"

Select Next: Incident settings >, and select Next: Automated response >.

Select Next: Review + Create.

When validation is complete select Save.

Task 3: Configure automation in Microsoft Sentinel

In Microsoft Sentinel, go to the Configuration menu section and select Automation.

Select + Create, and Automation rule.

Enter an Automation rule name, and select Assign owner from Actions
Assign Operator1 as the owner.

Select Apply

Install Microsoft Sentinel Content Hub solutions and data connectors

Baridiilo Poromon — Thu, 29 Aug 2024 05:27:04 +0000

Task 1: Deploy a Microsoft Sentinel Content Hub solution

In Microsoft Sentinel, go to the Content management menu section and select Content Hub.

Search for and select Windows Security Events.

Select the link for View details.

Select Windows Security Events plan, and select Create.

Select the RG2 resource group that includes the Microsoft Sentinel workspace, and select the Workspace.

Select Next to the Data Connectors tab (solution will deploy 2 data connectors).

Select Next to the Workbooks tab (solution installs workbooks).

Select Next to the Analytics tab (solutions installs analytics rules).

Select Next to the Hunting queries tab (solution instals hunting queries).

Select Review + create.

Select Create.

Repeat these steps for the Azure Activity and the Microsoft Defender for Cloud solutions.

Task 2 - Set up the data connector for Azure Activity

In Microsoft Sentinel, go to the Content management menu section and select Content Hub.

In the Content hub, filter Status for Installed solutions.

Select the Azure Activity solution and select Manage.

Select the Azure Activity Data connector and select Open connector page.

In the Configuration area under the Instructions tab, scroll down to 2. Connect your subscriptions..., and select Launch Azure Policy Assignment Wizard>.

In the Basics tab, select the ellipsis button (…) under Scope and select your subscription from the drop-down list and click Select.

Select the Parameters tab, choose your workspace from the Primary Log Analytics workspace drop-down list.

Select the Remediation tab and select the Create a remediation task checkbox.

Select the Review + Create button to review the configuration.

Select Create to finish.

Task 3: Set up the for Defender for Cloud data connector

In Microsoft Sentinel, go to the Content management menu section and select Content Hub.

In the Content hub, filter Status for Installed solutions.

Select the Microsoft Defender for Cloud solution and select Manage.

Select the Subscription-based Microsoft Defender for Cloud (Legacy) Data connector and select Open connector page.

In the Configuration area under the Instructions tab, scroll down to your subscription and move the slider in the Status column to Connected.

Make sure Bi-directional sync is Enabled.

Task 4: Create an analytics rule

In Microsoft Sentinel, go to the Configuration menu section and select Analytics.

In the Rule templates tab, search for Suspicious number of resource creation or deployment activities.

Select the Suspicious number of resource creation or deployment activities, and select Create rule.

Leave the defaults on the General tab and select Next: Set rule logic >.

Leave the default Rule query and configure Query scheduling using the setting value as 1 hour for both 'run query every' and 'lookup data from the last'.

Leave the defaults and select Next: Automated response >.

Leave the defaults and select Next: Review and create >.

Select Save.

Task 5: Ensure that the Azure Activity workbook is available in My workbooks.

In Microsoft Sentinel, go to the Content management menu section and select Content Hub.

In the Content hub, filter Status for Installed solutions.

Select the Azure Activity solution and select Manage.

Select the Azure Activity workbook checkbox, and then select Configuration.

Select the Azure Activity workbook and select Save.

Choose the Azure Region for your Microsoft Sentinel workspace.

Configure SIEM Operations using Microsoft Sentinel

Baridiilo Poromon — Thu, 29 Aug 2024 04:31:12 +0000

Task 1: Create a Log Analytics workspace

In the Azure portal, search for and select Microsoft Sentinel.
Select + Create.

Select Create a new workspace.

Select RG2 as the Resource Group.

Enter a valid name for the Log Analytics workspace

Select the region for the workspace.

Select Review + create to validate the new workspace.

Select Create to deploy the workspace.

Task 2: Deploy Microsoft Sentinel to a workspace

When the workspace deployment completes, select Refresh to display the new workspace.

Select the workspace you want to add Sentinel to (created in Task 1).

Select Add.

Task 3: Assign a Microsoft Sentinel role to a user

Go to the Resource group RG2.

Select Access control (IAM).

Select Add and Add role assignment.

In the search bar, search for and select the Microsoft Sentinel Contributor role.

Select Next.

Select the option User, group, or service principal.

Select + Select members.

Search for the Operator1.

Select the user icon.

Select Select.

Select “Review + assign”.

Task 4: Configure data retention

Go to the Log Analytics workspace created in Task 1 step 5.

Select Usage and estimated costs.

Select Data retention.

Change data retention period to 180 days.

Select OK.

Record and resolve domain names internally in Azure

Baridiilo Poromon — Wed, 14 Aug 2024 09:13:07 +0000

Azure Private DNS offers a dependable and secure DNS service for managing and resolving domain names within a virtual network, eliminating the need for a custom DNS solution. With private DNS zones, you can utilize your own custom domain names instead of the default Azure-provided names.

To create a private DNS zone enter and select Private DNS zones in the search bar.

Select + Create.

On the Basics tab of Create private DNS zone, enter the required information as listed in the table below:

Property Value
Subscription -- Select your subscription
Resource group -- RG1
Name -- contoso.com
Region -- East US

Select Review + create and then select Create.

To create a virtual network link to your private DNS zone enter and select Private DNS zones in the search bar.

Select contoso.com.

Select + Virtual network link.

Select + Add

On the Basics tab of Create virtual network link, enter the required information as listed in the table below:

Property Value
Link name -- app-vnet-link
Virtual network -- app-vnet
Enable auto registration -- Enabled

Select OK

Lastly, to create a DNS record set enter and select Private DNS zones in the search of the Azure portal.

Select contoso.com.

Select + Record set.

On the Basics tab of Create record set, enter the required information as listed in the table below:

Property Value
Name backend
Type A
TTL 1
IP address 10.1.1.4
Select OK

Check that contoso.com has a record set named backend.

Route traffic to the Firewall in Azure

Baridiilo Poromon — Wed, 14 Aug 2024 08:52:55 +0000

The first step in routing traffic to the firewall is to create a route table.

To record the private and public IP address of app-vnet-firewall, enter and select Firewall in the search bar in the Azure portal.

Select app-vnet-firewall.

Select Overview.

Record the Private IP address.

In the Overview pane select on fwpip

Record the Public IP address.

Next, In the search bar, enter and select Route table. Click + Create.

On the Basics tab, enter the required information as listed in the table below:

Property Value
Subscription -- Select your subscription
Resource group -- RG1
Region -- East US
Name -- app-vnet-firewall-rt

Select Review + create and then select Create.

Now, to associate the route table to the subnets, enter and select Route tables in the search bar.

Select app-vnet-firewall-rt.

Select Subnets.

Select + Associate.

On the Associate subnet page, enter the required information as listed in the table below:

Property Value
Virtual network -- app-vnet (RG1)
Subnet-- frontend

Select OK.

Repeat the steps above to associate the app-vnet-firewall-rt route table to the backend subnet in app-vnet.

Lastly, to create a route in the route table enter and select Route tables in the search bar.

Select app-vnet-firewall-rt.

Select Routes.

Select + Add.

On the Add route page, enter the required information as listed in the table below:

Property Value
Route name -- outbound-firewall
Destination type -- IP addresses
Destination IP addresses/CIDR range -- 0.0.0.0/0
Next hop type -- Virtual appliance
Next hop address -- private IP address of the firewall recorded earlier

Select Add.

Now the outbound traffic from the front end and backend subnet will route to the firewall.

Protect the web application from malicious traffic and block unauthorized access in Azure

Baridiilo Poromon — Tue, 13 Aug 2024 08:59:51 +0000

To create an Azure Firewall subnet in the existing virtual network enter and select Virtual networks in the search bar.

Select app-vnet.

Select Subnets.

Select + Subnet.

Enter the required information and select Save.
Property Value
Name AzureFirewallSubnet
Address range 10.1.63.0/24

To Create an Azure Firewall enter and select Firewall in the Azure search portal.

Select + Create.

Create a firewall by using the values in the following table. Use the default for any property that is not specified.

Property Value:
Resource group -- RG1
Name -- app-vnet-firewall
Firewall SKU -- Standard
Firewall management -- Use a Firewall Policy to manage this firewall
Firewall policy -- select Add new
Policy name -- fw-policy
Region -- East US
Policy Tier -- Standard
Choose a virtual network -- Use existing
Virtual network -- app-vnet (RG1)
Public IP address -- Add new: fwpip

Select Review + create and then select Create.

To update the Firewall Policy enter and select Firewall Policies in the search bar.

Select fw-policy.

Select Application rules.

Click on ”+ Application rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-rule-collection
Rule collection type -- Application
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultApplicationRuleCollectionGroup

Under rules use the values with the following information:

Property Value:
Name -- AllowAzurePipelines
Source type -- IP address
Source -- 10.1.0.0/23
Protocol -- https
Destination type -- FQDN
Destination -- dev.azure.com, azure.microsoft.com
and press Add

To create a network rule collection that contains a single IP Address rule by using the values in the following table. Use the default for any property that is not specified.

Select Network rules.

Select on ”+ Network rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-nrc-dns
Rule collection type -- Network
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultNetworkRuleCollectionGroup

Under rules use the values with the following information:

Property -- Value
Rule -- AllowDns
Source -- 10.1.0.0/23
Protocol -- UDP
Destination ports -- 53
Destination addresses -- 1.1.1.1, 1.0.0.1
And select Add.

To verify that the Azure Firewall and Firewall Policy provisioning state show Succeeded enter and select app-vnet-firewall and fw-policy respectively then validate that the provisioning state is succeeded.

Control the network traffic to and from the web application in Azure

Baridiilo Poromon — Sun, 11 Aug 2024 08:50:22 +0000

An application security group (ASGs) enables you to group together servers with similar functions, such as web servers.

To create an Application Security Group enter and select Application security group in the search box of the Azure portal. Click + Create.

On the Basics tab of create an application security group, enter the required information: Select your subscription, Resource group "RG1" Name "app-backend-asg" and Region "East US". Select Review + create and then select Create.

A network security group (NSG) secures network traffic in your virtual network. NSGs contain a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated with subnets and/or individual network interfaces attached to Azure Virtual Machines (VM).

To Create and Associate a Network Security Group enter and select Network Security Group in the search box of the Azure portal. Click + Create.

On the Basics tab of Create network security group, enter the required information: Select your subscription, Resource group "RG1", Name "app-vnet-nsg, Region "East US".

Select Review + create and then select Create.

The next steps are to associate the network security group with the subnet of the virtual network that was created earlier.

Enter and select Network security group in the search bar.

Select "app-vnet-nsg" from the list of network security groups.

Select Subnets from the Settings section of app-vnet-nsg.

In the Subnets page, select + Associate

Under Associate subnet, select app-vnet (RG1) for Virtual network. and select Backend for Subnet, and then select OK.

A network security group (NSG) secures network traffic in your virtual network.

To create Network Security Group rules, enter and select Network security group in the Azure portal search bar.

Select app-vnet-nsg from the list of network security groups.

Select Inbound security rules from the Settings section of app-vnet-nsg.

Select + Add.

On the Add inbound security rule page, enter the information required:

Property Value
Source Any
Source port ranges *
Destination Application Security group
Destination application security group app-backend-asg
Service SSH
Action Allow
Priority 100
Name AllowSSH

Deploy an ARM template using Cloud Shell to create the VMs needed

In the Azure portal, open the Azure Cloud Shell by selecting the icon in the top right of the Azure Portal.

If prompted to select either Bash or PowerShell, select PowerShell.

Deploy the following ARM template using Cloud Shell to create the VMs needed for this exercise:

$RGName = "RG1"

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json

to Verify that both the VM1 and VM2 virtual machines are running, navigate to the RG1 resource group and select VM1 then validate that the status of the virtual machine is Running.

Repeat the previous step for VM2.

Associate the application security group to the network interface of the VM

When you created the VMs, Azure created a network interface for each VM, and attached it to the VM.

Add the application security group you created previously to the network interface of VM2.

Navigate to the RG1 resource group in the Azure portal and select VM2.

Go to the networking tab of the VM, select + Add application security groups from the Application security groups section.

Select app-backend-asg from the list of application security groups.

Select Add.

Providing a shared services hub virtual network with isolation and segmentation

Baridiilo Poromon — Wed, 07 Aug 2024 06:51:36 +0000

Navigate to the Azure portal and login.
Type and select “Virtual Networks” in the search of the portal and then
select “+ Create”.

Fill out the resource group, VN name, region, address space, subnet name and subnet address range.

Leave all other settings as their defaults. Select “Next” to advance to the next tab, and "Create" to create the virtual network.

Following the same steps as above, create the Azure virtual network Hub-vnet by using the values in the following table

Once the deployment is complete, type “resource groups” and select Resource Groups” in the search bar. Select the resource group in the main pane and confirm that both virtual networks have been deployed.

Setting up a peer relationship between the two virtual networks will allow traffic to flow in both directions between the virtual networks. To do this, in the portal in the resource group view select on one of the app virtual network.

On the context menu on the left hand side of the portal scroll down and select on peerings. In the app-vnet peerings pane, Select + Add.
Fill out the form with the virtual network peering link name, remote virtual network peering link name, and virtual network.

Leave all other settings as their defaults. Select “Add” to create the virtual network peering.

Once the process completes, and after the configuration updates, validate that the Peering status is set to connected.