<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Babatunde Ilesanmi</title>
    <description>The latest articles on DEV Community by Babatunde Ilesanmi (@teebabs).</description>
    <link>https://dev.to/teebabs</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4004950%2F0de72fe4-70cd-4215-84de-39c190b4836e.jpg</url>
      <title>DEV Community: Babatunde Ilesanmi</title>
      <link>https://dev.to/teebabs</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/teebabs"/>
    <language>en</language>
    <item>
      <title># Lab 001: Setting Up a Linux Security Lab &amp; Command-Line Fundamentals</title>
      <dc:creator>Babatunde Ilesanmi</dc:creator>
      <pubDate>Sat, 04 Jul 2026 22:45:18 +0000</pubDate>
      <link>https://dev.to/teebabs/-lab-001-setting-up-a-linux-security-lab-command-line-fundamentals-4ied</link>
      <guid>https://dev.to/teebabs/-lab-001-setting-up-a-linux-security-lab-command-line-fundamentals-4ied</guid>
      <description>&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Program:&lt;/strong&gt; Cybersecurity &lt;br&gt;
&lt;strong&gt;Module/Week:&lt;/strong&gt; Week 1 — Linux Lab Setup &amp;amp; CLI Orientation&lt;br&gt;
&lt;strong&gt;Date Completed:&lt;/strong&gt; 2026-06-27&lt;br&gt;
&lt;strong&gt;Difficulty:&lt;/strong&gt; ⭐⭐☆☆☆&lt;br&gt;
&lt;strong&gt;Tools Used:&lt;/strong&gt; &lt;code&gt;VirtualBox&lt;/code&gt; &lt;code&gt;Kali Linux&lt;/code&gt; &lt;code&gt;hostnamectl&lt;/code&gt; &lt;code&gt;uname&lt;/code&gt; &lt;code&gt;lsblk&lt;/code&gt; &lt;code&gt;df&lt;/code&gt; &lt;code&gt;man&lt;/code&gt; &lt;code&gt;apropos&lt;/code&gt;&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🎯 Objective
&lt;/h2&gt;

&lt;p&gt;This lab covered three foundational areas:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;1A&lt;/strong&gt; — Installing and validating a Kali Linux virtual machine (VM) using VirtualBox&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;1B&lt;/strong&gt; — Orienting to the Linux command line: understanding who you are, where you are, and what the system is running&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;1C / 2A–2C&lt;/strong&gt; — Using built-in help systems, navigating the filesystem, and discovering the Linux directory structure&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The goal was to arrive at a functional, verified lab environment and develop command-line confidence from scratch.&lt;/p&gt;




&lt;h2&gt;
  
  
  🧠 Background / Why This Matters
&lt;/h2&gt;

&lt;p&gt;Nearly every cybersecurity tool — vulnerability scanners, packet analysers, exploit frameworks, forensic utilities — runs on Linux. Kali Linux is the industry-standard penetration testing and security research distribution, used by red teams, CTF competitors, and SOC analysts worldwide. Setting it up inside a &lt;strong&gt;virtual machine (VM)&lt;/strong&gt; is the standard practice because:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A VM is &lt;strong&gt;isolated&lt;/strong&gt; from your host machine — if something goes wrong (malware, a misconfigured firewall rule, a broken kernel module), you can simply delete and rebuild it without affecting your main OS&lt;/li&gt;
&lt;li&gt;VMs are &lt;strong&gt;snapshottable&lt;/strong&gt; — you can take a snapshot of a clean state before running risky commands, and roll back if needed&lt;/li&gt;
&lt;li&gt;Running Kali on a VM means you can safely experiment with tools that would be dangerous to run on a real production system&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Why Kali Linux specifically?&lt;/strong&gt; Kali is a Debian-based distribution maintained by Offensive Security, pre-loaded with hundreds of security tools (Wireshark, Nmap, Metasploit, Burp Suite, and many more). Instead of spending hours installing and configuring tools, Kali gives you a ready-to-use security research environment from the moment it boots.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Compliance connection:&lt;/strong&gt; From a risk and controls perspective, isolated lab environments mirror the concept of &lt;strong&gt;sandboxing&lt;/strong&gt; and &lt;strong&gt;environment segregation&lt;/strong&gt; — core principles in frameworks like ISO 27001 (Annex A.12.1.4: Separation of development, testing, and operational environments) and NIST SP 800-53 (SC-7: Boundary Protection). What we do manually here with VirtualBox, enterprise teams do with network segmentation, VLANs, and cloud VPCs.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  🛠️ Environment &amp;amp; Setup
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Item&lt;/th&gt;
&lt;th&gt;Details&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Hypervisor&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;VirtualBox (Type 2 — runs on top of host OS)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Guest OS&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Kali GNU/Linux Rolling (2026.02)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Kernel&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;6.18.12+kali-amd64&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;VM Hostname&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;Teebabs&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Architecture&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;amd64 (64-bit)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Disk Allocated&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;50GB total (20GB used, 28GB free at setup)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h2&gt;
  
  
  📋 Step-by-Step Walkthrough
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Part 1A — Validating the Linux VM
&lt;/h3&gt;

&lt;p&gt;After installing VirtualBox and the Kali Linux ISO, the first job was to verify the environment was running correctly. The commands below are what I used — and what any Linux administrator or security analyst would run when first accessing a new system.&lt;/p&gt;




&lt;h4&gt;
  
  
  &lt;code&gt;hostnamectl&lt;/code&gt; — System Identity
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;hostnamectl
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output (summarised):&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Static hostname: Teebabs
Operating System: Kali GNU/Linux Rolling
Kernel: Linux 6.18.12+kali-amd64
Architecture: x86-64
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What this does:&lt;/strong&gt; &lt;code&gt;hostnamectl&lt;/code&gt; queries &lt;strong&gt;systemd&lt;/strong&gt; (the Linux init system and service manager) for authoritative system information. It shows the hostname, OS name, kernel version, and hardware architecture in one clean output.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; When you first land on a system — whether it's your own VM, a cloud instance, or a compromised host during incident response — this is often the first command you run. It tells you immediately: &lt;em&gt;What am I looking at? What OS and kernel version? What's this machine called?&lt;/em&gt; In a security context, knowing the kernel version is critical because specific kernel versions have known CVEs (Common Vulnerabilities and Exposures) that an attacker — or a penetration tester — might exploit for privilege escalation.&lt;/p&gt;




&lt;h4&gt;
  
  
  &lt;code&gt;uname -r&lt;/code&gt; — Kernel Version
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;uname&lt;/span&gt; &lt;span class="nt"&gt;-r&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;6.19.14+kali-amd64
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What this does:&lt;/strong&gt; &lt;code&gt;uname&lt;/code&gt; (short for "Unix name") prints system information. The &lt;code&gt;-r&lt;/code&gt; flag shows just the &lt;strong&gt;kernel release version&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; Software packages, kernel modules, and drivers are often version-specific. If you're installing a tool that requires kernel headers, or troubleshooting a driver issue, you need to know the exact kernel version. From a security perspective, this is also how you check whether a system is patched against kernel-level exploits — one of the first things a penetration tester checks.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Quick reference — &lt;code&gt;uname&lt;/code&gt; flags:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;uname -r&lt;/code&gt; → kernel version only&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;uname -a&lt;/code&gt; → everything (kernel, hostname, architecture, build date)&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;uname -m&lt;/code&gt; → machine architecture only (e.g., &lt;code&gt;x86_64&lt;/code&gt;)&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;




&lt;h4&gt;
  
  
  &lt;code&gt;cat /etc/os-release&lt;/code&gt; — Distribution Information
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;cat&lt;/span&gt; /etc/os-release
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output (summarised):&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight conf"&gt;&lt;code&gt;&lt;span class="n"&gt;NAME&lt;/span&gt;=&lt;span class="s2"&gt;"Kali GNU/Linux"&lt;/span&gt;
&lt;span class="n"&gt;VERSION&lt;/span&gt;=&lt;span class="s2"&gt;"2026.02"&lt;/span&gt;
&lt;span class="n"&gt;ID&lt;/span&gt;=&lt;span class="n"&gt;kali&lt;/span&gt;
&lt;span class="n"&gt;ID_LIKE&lt;/span&gt;=&lt;span class="n"&gt;debian&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What this does:&lt;/strong&gt; Reads and displays the &lt;code&gt;/etc/os-release&lt;/code&gt; file — a standardised plain-text file that every modern Linux distribution provides, containing the distribution name, version, and family.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; &lt;code&gt;hostnamectl&lt;/code&gt; gives you the OS name, but &lt;code&gt;cat /etc/os-release&lt;/code&gt; is the raw source of truth. This matters when writing scripts that need to behave differently on different distros — e.g., a setup script that runs &lt;code&gt;apt install&lt;/code&gt; on Debian-based systems (like Kali, Ubuntu) but &lt;code&gt;yum install&lt;/code&gt; on Red Hat-based systems (like CentOS, Fedora).&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;What &lt;code&gt;cat&lt;/code&gt; actually does:&lt;/strong&gt; &lt;code&gt;cat&lt;/code&gt; stands for "concatenate". It reads one or more files and prints their content to the terminal. For a single file, it's essentially "show me this file." It's one of the most-used commands in Linux because configuration, logs, and system information are almost always stored as plain text files.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h4&gt;
  
  
  &lt;code&gt;lsblk&lt;/code&gt; — Block Storage Devices
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;lsblk
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output (example):&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight console"&gt;&lt;code&gt;&lt;span class="go"&gt;NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0   50G  0 disk
├─sda1   8:1    0   49G  0 part /
└─sda2   8:2    0    1G  0 part [SWAP]
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What this does:&lt;/strong&gt; &lt;code&gt;lsblk&lt;/code&gt; (list block devices) shows all storage devices connected to the system — hard drives, SSDs, USB drives, and their partitions — in a tree format.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; In a security lab, you'll often work with USB drives (for booting live OS environments), disk images (for forensic analysis), or external storage. &lt;code&gt;lsblk&lt;/code&gt; tells you what's attached, what it's called (device names like &lt;code&gt;sda&lt;/code&gt;, &lt;code&gt;sdb&lt;/code&gt;), and whether it's mounted. During incident response or digital forensics, this is one of the first commands run to identify storage media before any analysis begins.&lt;/p&gt;




&lt;h4&gt;
  
  
  &lt;code&gt;df -h /&lt;/code&gt; — Disk Space
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;df&lt;/span&gt; &lt;span class="nt"&gt;-h&lt;/span&gt; /
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Output:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight console"&gt;&lt;code&gt;&lt;span class="go"&gt;Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        50G   20G   28G  42% /
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What this does:&lt;/strong&gt; &lt;code&gt;df&lt;/code&gt; (disk free) reports filesystem disk space usage. The &lt;code&gt;-h&lt;/code&gt; flag makes the output &lt;strong&gt;human-readable&lt;/strong&gt; (GB instead of raw block counts). The &lt;code&gt;/&lt;/code&gt; argument limits the output to just the root filesystem.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; Security tools can generate enormous amounts of data — packet captures, log files, scan outputs. Running out of disk space mid-investigation is a real operational problem. Checking available space is a basic hygiene step. Also, in incident response, an unexpectedly full disk can itself be an indicator of compromise (an attacker exfiltrating data, or malware generating large log files to fill the disk and cause a denial of service).&lt;/p&gt;




&lt;h3&gt;
  
  
  Part 1B — Command-Line Orientation
&lt;/h3&gt;

&lt;p&gt;These commands establish &lt;strong&gt;situational awareness&lt;/strong&gt; at the command line — the equivalent of asking "who am I, where am I, and what am I working with?"&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Command&lt;/th&gt;
&lt;th&gt;What it tells you&lt;/th&gt;
&lt;th&gt;Real-world use&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;whoami&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Your current username&lt;/td&gt;
&lt;td&gt;Confirm you're running as the right user before executing commands&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;id&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Your UID, GID, and all group memberships&lt;/td&gt;
&lt;td&gt;Understand what you're authorised to access; check if you're in the &lt;code&gt;sudo&lt;/code&gt; group&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;pwd&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Your current directory (full path)&lt;/td&gt;
&lt;td&gt;Never get lost; confirm you're in the right place before running commands&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;echo "$SHELL"&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Your active shell (e.g., &lt;code&gt;/bin/bash&lt;/code&gt;, &lt;code&gt;/bin/zsh&lt;/code&gt;)&lt;/td&gt;
&lt;td&gt;Scripts written for one shell may not work in another&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;date&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Current system date and time&lt;/td&gt;
&lt;td&gt;Timestamps on log files and forensic evidence depend on accurate system time&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;`history \&lt;/td&gt;
&lt;td&gt;tail -n 25`&lt;/td&gt;
&lt;td&gt;Last 25 commands you ran&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Why &lt;code&gt;id&lt;/code&gt; matters more than &lt;code&gt;whoami&lt;/code&gt;:&lt;/strong&gt; &lt;code&gt;whoami&lt;/code&gt; just tells you the username. &lt;code&gt;id&lt;/code&gt; shows your full identity — including every group you belong to. On a Linux system, group membership controls access to files, devices, and capabilities. For example, being in the &lt;code&gt;sudo&lt;/code&gt; group is what lets you run commands as root. Being in the &lt;code&gt;wireshark&lt;/code&gt; group is what lets non-root users capture network packets. Group membership is something attackers look for during privilege escalation enumeration.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h3&gt;
  
  
  Part 1C — Using Built-In Help Systems
&lt;/h3&gt;

&lt;p&gt;Linux has multiple parallel help systems, each suited to different situations:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Help system&lt;/th&gt;
&lt;th&gt;How to use&lt;/th&gt;
&lt;th&gt;Best for&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;man &amp;lt;command&amp;gt;&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;man pwd&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Full, authoritative documentation — use when you need to understand a command deeply&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;&amp;lt;command&amp;gt; --help&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;`ls --help \&lt;/td&gt;
&lt;td&gt;head -n 20`&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;help &amp;lt;builtin&amp;gt;&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;help cd&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Shell built-in commands (they don't have &lt;code&gt;man&lt;/code&gt; pages because they're part of the shell itself)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;apropos &amp;lt;keyword&amp;gt;&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;apropos archive&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Discover commands by topic when you don't know what to look for&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;whatis &amp;lt;command&amp;gt;&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;whatis tar&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;One-line description of what a command does&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;command -V &amp;lt;cmd&amp;gt;&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;command -V ls&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Find out if something is an external binary or a shell built-in, and where it lives&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h4&gt;
  
  
  Why the distinction between built-ins and external commands matters
&lt;/h4&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;command&lt;/span&gt; &lt;span class="nt"&gt;-V&lt;/span&gt; &lt;span class="nb"&gt;ls&lt;/span&gt;     &lt;span class="c"&gt;# Output: ls is /usr/bin/ls  (external binary)&lt;/span&gt;
&lt;span class="nb"&gt;command&lt;/span&gt; &lt;span class="nt"&gt;-V&lt;/span&gt; &lt;span class="nb"&gt;cd&lt;/span&gt;     &lt;span class="c"&gt;# Output: cd is a shell builtin&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;cd&lt;/code&gt; is part of the shell itself — it doesn't exist as a file on disk. This is why &lt;code&gt;man cd&lt;/code&gt; might not work in all shells (use &lt;code&gt;help cd&lt;/code&gt; instead). External commands like &lt;code&gt;ls&lt;/code&gt; are standalone programs that live in places like &lt;code&gt;/usr/bin/&lt;/code&gt;. The shell finds them by searching through the directories listed in your &lt;code&gt;$PATH&lt;/code&gt; environment variable.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;The &lt;code&gt;apropos&lt;/code&gt; trick:&lt;/strong&gt; If you need to do something but don't know what command to use, &lt;code&gt;apropos &amp;lt;keyword&amp;gt;&lt;/code&gt; searches manual page descriptions. &lt;code&gt;apropos archive&lt;/code&gt; returns &lt;code&gt;tar&lt;/code&gt;, &lt;code&gt;zip&lt;/code&gt;, &lt;code&gt;gzip&lt;/code&gt;, and related tools. This is how experienced Linux users discover tools they didn't know existed.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h3&gt;
  
  
  Part 2 — Filesystem Navigation &amp;amp; Directory Structure
&lt;/h3&gt;

&lt;h4&gt;
  
  
  The Linux Filesystem Hierarchy
&lt;/h4&gt;

&lt;p&gt;Linux organises everything under a single root &lt;code&gt;/&lt;/code&gt;. Understanding this structure is essential — tools, config files, logs, and user data all live in specific, standardised locations.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Directory&lt;/th&gt;
&lt;th&gt;Purpose&lt;/th&gt;
&lt;th&gt;Security relevance&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Root of the entire filesystem — everything lives under here&lt;/td&gt;
&lt;td&gt;The top of the permission hierarchy&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/etc&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;System-wide configuration files&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;High value target&lt;/strong&gt; — passwords, SSH config, service configs all live here&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/home&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Personal directories for each user (e.g., &lt;code&gt;/home/babs&lt;/code&gt;)&lt;/td&gt;
&lt;td&gt;User data; attackers target &lt;code&gt;/home&lt;/code&gt; for credentials, SSH keys, browser data&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/tmp&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Temporary files, world-writable, auto-cleared on reboot&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;Common attacker staging area&lt;/strong&gt; — malware often writes to &lt;code&gt;/tmp&lt;/code&gt; because any user can write here&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/usr&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;User-installed applications and shared libraries&lt;/td&gt;
&lt;td&gt;Most tools you install via &lt;code&gt;apt&lt;/code&gt; land here&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/bin&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Essential system binaries (basic commands like &lt;code&gt;ls&lt;/code&gt;, &lt;code&gt;cat&lt;/code&gt;, &lt;code&gt;cp&lt;/code&gt;)&lt;/td&gt;
&lt;td&gt;Required for the system to function at all&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/sbin&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;System administration binaries (used by root: &lt;code&gt;fdisk&lt;/code&gt;, &lt;code&gt;ifconfig&lt;/code&gt;)&lt;/td&gt;
&lt;td&gt;Privileged tools — regular users generally can't run these&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Security note on &lt;code&gt;/tmp&lt;/code&gt;:&lt;/strong&gt; The fact that &lt;code&gt;/tmp&lt;/code&gt; is world-writable (any user can create files here) makes it a common target in privilege escalation attacks and malware staging. One of the hardening recommendations in the CIS Linux Benchmark is to mount &lt;code&gt;/tmp&lt;/code&gt; with the &lt;code&gt;noexec&lt;/code&gt; flag — preventing code placed there from being executed directly.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h4&gt;
  
  
  Exit Status — The Silent Signal
&lt;/h4&gt;

&lt;p&gt;One of the most important concepts introduced in this lab was &lt;strong&gt;exit status codes&lt;/strong&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;ls&lt;/span&gt; /home          &lt;span class="c"&gt;# Works — exit status: 0 (success)&lt;/span&gt;
&lt;span class="nb"&gt;ls&lt;/span&gt; /nonexistent   &lt;span class="c"&gt;# Fails — exit status: 2 (error)&lt;/span&gt;
&lt;span class="nb"&gt;echo&lt;/span&gt; &lt;span class="nv"&gt;$?&lt;/span&gt;           &lt;span class="c"&gt;# Prints the exit status of the PREVIOUS command&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Every command returns an exit status when it finishes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;0&lt;/code&gt; = success&lt;/li&gt;
&lt;li&gt;Any non-zero value = failure (the specific number often indicates what went wrong)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; Exit status codes are the foundation of shell scripting, automation, and monitoring. A backup script that checks &lt;code&gt;if [ $? -ne 0 ]; then alert...&lt;/code&gt; is using exit status to detect failures. In cybersecurity, this is how SIEM and monitoring tools detect when commands fail — a series of non-zero exit codes for privileged commands can indicate an attacker probing for access.&lt;/p&gt;




&lt;h2&gt;
  
  
  🔍 Key Findings / Results
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Task&lt;/th&gt;
&lt;th&gt;Status&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;VirtualBox installed&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;Host: Windows&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Kali Linux VM running&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;Hostname: &lt;code&gt;Teebabs&lt;/code&gt;, Kernel: &lt;code&gt;6.18.12+kali-amd64&lt;/code&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;System validation commands&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;
&lt;code&gt;hostnamectl&lt;/code&gt;, &lt;code&gt;uname -r&lt;/code&gt;, &lt;code&gt;cat /etc/os-release&lt;/code&gt;, &lt;code&gt;lsblk&lt;/code&gt;, &lt;code&gt;df -h /&lt;/code&gt; all executed successfully&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CLI orientation&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;
&lt;code&gt;whoami&lt;/code&gt;, &lt;code&gt;id&lt;/code&gt;, &lt;code&gt;pwd&lt;/code&gt;, &lt;code&gt;echo "$SHELL"&lt;/code&gt;, &lt;code&gt;date&lt;/code&gt;, &lt;code&gt;history&lt;/code&gt; understood and run&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Help systems&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;
&lt;code&gt;man&lt;/code&gt;, &lt;code&gt;--help&lt;/code&gt;, &lt;code&gt;help&lt;/code&gt;, &lt;code&gt;apropos&lt;/code&gt;, &lt;code&gt;whatis&lt;/code&gt;, &lt;code&gt;command -V&lt;/code&gt; all tested&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Filesystem navigation&lt;/td&gt;
&lt;td&gt;✅ Complete&lt;/td&gt;
&lt;td&gt;Linux directory hierarchy understood; &lt;code&gt;cd&lt;/code&gt;, &lt;code&gt;pwd&lt;/code&gt;, &lt;code&gt;ls&lt;/code&gt; practiced&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h2&gt;
  
  
  🧩 Challenges &amp;amp; How I Solved Them
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Challenge 1:&lt;/strong&gt; Understanding the difference between &lt;code&gt;man&lt;/code&gt; and &lt;code&gt;help&lt;/code&gt;&lt;br&gt;&lt;br&gt;
&lt;strong&gt;What confused me:&lt;/strong&gt; Running &lt;code&gt;man cd&lt;/code&gt; didn't work as expected&lt;br&gt;&lt;br&gt;
&lt;strong&gt;What worked:&lt;/strong&gt; &lt;code&gt;help cd&lt;/code&gt; — because &lt;code&gt;cd&lt;/code&gt; is a shell built-in, not an external binary, so it doesn't have a traditional &lt;code&gt;man&lt;/code&gt; page&lt;br&gt;&lt;br&gt;
&lt;strong&gt;Lesson learned:&lt;/strong&gt; Built-ins live inside the shell. External commands live on disk. &lt;code&gt;command -V &amp;lt;name&amp;gt;&lt;/code&gt; tells you which category any command belongs to.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Challenge 2:&lt;/strong&gt; Reading &lt;code&gt;lsblk&lt;/code&gt; output — the tree structure was new&lt;br&gt;&lt;br&gt;
&lt;strong&gt;What confused me:&lt;/strong&gt; Multiple &lt;code&gt;sda&lt;/code&gt; entries (&lt;code&gt;sda&lt;/code&gt;, &lt;code&gt;sda1&lt;/code&gt;, &lt;code&gt;sda2&lt;/code&gt;)&lt;br&gt;&lt;br&gt;
&lt;strong&gt;What worked:&lt;/strong&gt; Understanding that &lt;code&gt;sda&lt;/code&gt; is the whole disk, while &lt;code&gt;sda1&lt;/code&gt; and &lt;code&gt;sda2&lt;/code&gt; are partitions on it — like a physical hard drive being divided into sections&lt;br&gt;&lt;br&gt;
&lt;strong&gt;Lesson learned:&lt;/strong&gt; In Linux, disks are named &lt;code&gt;sda&lt;/code&gt;, &lt;code&gt;sdb&lt;/code&gt;, &lt;code&gt;sdc&lt;/code&gt; (first, second, third drive). Partitions on those disks are numbered: &lt;code&gt;sda1&lt;/code&gt;, &lt;code&gt;sda2&lt;/code&gt;. This naming matters when mounting, formatting, or analysing disks in forensic scenarios.&lt;/p&gt;




&lt;h2&gt;
  
  
  💡 Key Takeaways
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;A VM is your safe sandbox&lt;/strong&gt; — isolated, snapshottable, and expendable. Always do risky security work in a VM.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Exit status &lt;code&gt;0&lt;/code&gt; = success; non-zero = failure&lt;/strong&gt; — this underpins scripting, automation, and monitoring across all of Linux.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;id&lt;/code&gt; &amp;gt; &lt;code&gt;whoami&lt;/code&gt;&lt;/strong&gt; — group membership is the real picture of what a user is authorised to do on a system.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;/tmp&lt;/code&gt; is world-writable&lt;/strong&gt; — convenient for labs, but a known staging area for malware in the real world.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Linux has three help systems: &lt;code&gt;man&lt;/code&gt; (full docs), &lt;code&gt;--help&lt;/code&gt; (quick flags), &lt;code&gt;help&lt;/code&gt; (built-ins)&lt;/strong&gt; — knowing which to use saves time and frustration.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;apropos&lt;/code&gt; is the command-line Yellow Pages&lt;/strong&gt; — search by topic when you don't know the tool name.&lt;/li&gt;
&lt;/ol&gt;




&lt;h2&gt;
  
  
  🔗 Real-World Application
&lt;/h2&gt;

&lt;p&gt;Every component of this lab maps to real professional scenarios:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;VM setup&lt;/strong&gt; = how security teams build isolated testing environments before deploying tools to production&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;System validation commands&lt;/strong&gt; = the standard "orientation checklist" when an analyst first SSH's into an unknown host during incident response&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;code&gt;/etc&lt;/code&gt; directory awareness&lt;/strong&gt; = knowing where credentials, SSH configs, and service configurations live is essential for both defenders (auditing) and attackers (exploitation)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Exit status understanding&lt;/strong&gt; = foundational for reading SIEM alerts and writing detection logic&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;From my compliance background: the Linux directory structure, file ownership, and permission model are the &lt;em&gt;implementation layer&lt;/em&gt; beneath the access control policies I've reviewed in audits. Understanding how &lt;code&gt;/etc/passwd&lt;/code&gt;, &lt;code&gt;/etc/sudoers&lt;/code&gt;, and file permissions actually work means I can now verify that what a policy says is happening is what's actually configured on the system.&lt;/p&gt;




&lt;h2&gt;
  
  
  📚 Resources &amp;amp; Further Reading
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;a href="https://linuxcommand.org/tlcl.php" rel="noopener noreferrer"&gt;The Linux Command Line (free online)&lt;/a&gt; — William Shotts; the best free Linux reference for beginners&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://www.kali.org/docs/" rel="noopener noreferrer"&gt;Kali Linux Official Documentation&lt;/a&gt; — setup guides and tool references&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://refspecs.linuxfoundation.org/fhs.shtml" rel="noopener noreferrer"&gt;Linux Filesystem Hierarchy Standard&lt;/a&gt; — the official spec behind the directory structure&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://tryhackme.com/module/linux-fundamentals" rel="noopener noreferrer"&gt;TryHackMe: Linux Fundamentals&lt;/a&gt; — three free hands-on rooms that build directly on what this lab covers&lt;/li&gt;
&lt;li&gt;
&lt;a href="https://explainshell.com" rel="noopener noreferrer"&gt;explainshell.com&lt;/a&gt; — paste any command to get a breakdown of every flag and argument&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  ⏭️ What's Next
&lt;/h2&gt;

&lt;p&gt;Next up: &lt;strong&gt;Lab 002&lt;/strong&gt; — continuing with Linux, likely covering file permissions (&lt;code&gt;chmod&lt;/code&gt;, &lt;code&gt;chown&lt;/code&gt;), user and group management, and process control. I want to go deeper on how &lt;code&gt;sudo&lt;/code&gt; is configured (&lt;code&gt;/etc/sudoers&lt;/code&gt;) because understanding privilege escalation paths starts with understanding how privileges are granted in the first place.&lt;/p&gt;




&lt;h2&gt;
  
  
  🏷️ Tags
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;cybersecurity&lt;/code&gt; &lt;code&gt;linux&lt;/code&gt; &lt;code&gt;kali-linux&lt;/code&gt; &lt;code&gt;virtualbox&lt;/code&gt; &lt;code&gt;command-line&lt;/code&gt; &lt;code&gt;linux-fundamentals&lt;/code&gt; &lt;code&gt;learning-in-public&lt;/code&gt; &lt;code&gt;career-change&lt;/code&gt; &lt;code&gt;bootcamp&lt;/code&gt; &lt;code&gt;blue-team&lt;/code&gt; &lt;code&gt;security-operations&lt;/code&gt;&lt;/p&gt;




</description>
      <category>cybersecurity</category>
      <category>linux</category>
      <category>chomd</category>
      <category>acesscontrol</category>
    </item>
  </channel>
</rss>
