Day 1: Bash environment and shell basics

This topic matters because it deals with basic shell decisions that become security problems once they hit a real Linux box using Bash and the native Linux tooling already on the box.

The pattern

#!/usr/bin/env bash
set -euo pipefail
journalctl -n 50 | grep -E 'sudo|sshd|systemd'
systemctl --failed

I keep the shell layer thin and obvious, then let the actual host commands produce the evidence. That gives me small Bash routines with strict defaults and readable output with far less operational risk than a giant opaque script.

The concrete evidence I want to preserve usually comes from quoted variables, predictable paths, and native Linux tools under /etc and /var/log. If a tool says a control is healthy, I want the line, path, or command output that justified that statement right next to it.

The Bash habit worth keeping

Use strict defaults, name the files and services you touch, and make inconclusive checks visible. Bash is still a strong security tool when it behaves like a disciplined operator note rather than a magic trick.