Most attack targets (web servers, databases, cloud infrastructure) run Linux
Security tools like Wireshark, Metasploit, Nmap, and Burp Suite were built for it
You need it to understand what you're trying to defend or attack
CTFs, penetration testing, blue team work — all assume Linux literacy
// Distros Explained
A distribution (distro) is Linux + a package manager + a set of pre-installed software. Think of Linux as an engine — a distro is the car built around it.
Distro
Good For
Ubuntu
Beginners. Large community, easy to search for help, stable.
Kali Linux
Penetration testing. Pre-loaded with 600+ security tools. NOT a daily driver.
Arch Linux
Learning by doing. You build it yourself. Intense. (My daily driver.)
Debian
Rock-solid. Ubuntu is based on it. Great for servers.
Parrot OS
Security + privacy. Lighter than Kali, good alternative.
💡 Start with Ubuntu if you're brand new. You'll learn the same core skills and won't spend 3 hours debugging your bootloader before you've even opened a terminal.
// 02 — Getting Started
Your First Terminal Session
Opening a terminal for the first time and seeing a blinking cursor is either exciting or terrifying depending on your mindset. Let's demystify what you're looking at.
// How to Open a Terminal
Ubuntu: Press Ctrl + Alt + T or search "Terminal" in apps
Any Linux: Right-click desktop → "Open Terminal" (if available)
GNOME: Super key → type "terminal"
// What the Prompt Means
ky@thinkpad:~$# This is your command prompt# ky = your username# thinkpad = your machine's hostname (its "name")# ~ = current directory (~ means home folder)# $ = regular user (# means root/admin)
// Terminal vs Shell vs Bash
Term
What it actually is
Terminal
The window/emulator you're typing in. Just the visual container.
Shell
The program interpreting your commands. The brain.
Bash
One specific shell. "Bourne Again Shell." The default on most Linux distros.
// How to Not Panic
Ctrl + C — kill a running command. Your escape button.
Ctrl + L or clear — clear the screen
Up arrow — scroll through previous commands
Tab — autocomplete. Use it obsessively.
If something is frozen: Ctrl + C, then q, then Ctrl + Z.
// Try It Yourself — Practice Terminal
Type a command below and hit Enter. Try: whoami, pwd, ls, date, echo hello, clear, help
goofygoober@thinkpad: ~
goofygoober@thinkpad:~$
// 03 — Navigation
Navigation Commands
The filesystem is just folders inside folders. Learning to move around it fast is 90% of feeling confident in a terminal.
// pwd — Print Working Directory
ky@linux:~$pwd/home/ky
// ls — List Directory Contents
ky@linux:~$lsDesktop Documents Downloads projects scriptsky@linux:~$ls -la# long format + hidden filesdrwxr-xr-x 8 ky ky 4096 May 1 14:23 .
-rw-r--r-- 1 ky ky 220 Apr 28 09:01 .bash_profile
drwxr-xr-x 2 ky ky 4096 May 1 14:20 Desktop
// cd — Change Directory
ky@linux:~$cd Documents# go into Documentsky@linux:~/Documents$cd ..# go up one levelky@linux:~$cd ~# go to home dir, alwaysky@linux:~$cd /etc/nginx# absolute path (starts with /)ky@linux:/etc/nginx$cd ../ssh# relative path (no leading /)
// Absolute vs Relative Paths
Type
Starts with
Example
Absolute
/
/home/ky/projects — full path from root
Relative
letter or .
projects/notes — from where you currently are
⚡ SESSION ALERT — after section 03
Getting lost navigating the filesystem? Mixing up absolute and relative paths? This is the #1 thing I help beginners fix in their first 1:1 session. You'll go from confused to confident in 15 minutes.
ky@linux:~$rm notes.txt# delete fileky@linux:~$rmdir empty_folder# delete empty dirky@linux:~$rm -rfmy_project/# delete dir + all contents
⚠ WARNING:rm -rf has no trash, no undo, no mercy. Deleted = gone. Always double-check your path before running this.
// 05 — Reading Files
Reading and Editing Files
Log files, config files, text files. In cybersecurity, you spend a lot of time reading files that tell you what happened on a system. Here's your toolkit.
ky@linux:~$less /var/log/syslog# scroll with arrows, q to quitky@linux:~$more bigfile.txt# spacebar to advance
// head and tail — Specific Lines
ky@linux:~$head -20access.log# first 20 linesky@linux:~$tail -50error.log# last 50 linesky@linux:~$tail -f/var/log/auth.log# live follow (Ctrl+C to stop)
💡 tail -f is one of the most useful commands in security work. Watch live authentication attempts and system events in real time.
Searching through filesystems and file contents is a core security skill. Incident response, log analysis, and hunting for misconfigs all rely on finding things fast.
// find — Locate Files
ky@linux:~$find /etc-name"*.conf"# find .conf filesky@linux:~$find /home-type f -perm 777# world-writable filesky@linux:~$find .-mtime -1# modified in last day
// grep — Search Inside Files
ky@linux:~$grep "failed"/var/log/auth.log# failed loginsky@linux:~$grep -i"error"app.log# case-insensitiveky@linux:~$grep -r"password"/etc/# recursiveky@linux:~$grep -n"root"/etc/passwd# show line numbers
// Pipes — Chain Commands Together
# The | symbol pipes output from one command into the nextky@linux:~$cat /var/log/auth.log | grep "Failed" | tail -20# Last 20 failed authentication attemptsky@linux:~$ps aux | grep "nginx"# Check if nginx is running
💡 Mastering grep + pipes = reading logs like a pro. In security, this is how you hunt for indicators of compromise.
// next_steps
What's your next move?
You finished the Linux guide. Here's what to do next depending on where you're at.