1. Navigating the *NIX File System:

    cd, ls, file, find, cp, mv, ln

    Resources:

    Solving the Challenges should prompt you to research

    Challenges:

    1. overthewire.org Bandit Levels 0 - Levels 12
  2. Managing processes

    ps, &, fg, bg, start, stop, kill, Ctrl+C, Ctrl+D, Ctrl+Z, ;, |

    Resources:

    http://www.thegeekstuff.com/2013/07/linux-process-life-cycle/

    By now you're familiar with man pages. Find and read manuals for: ps, start, stop, kill. Built-in shell commands have no man pages. We use help. Read the help pages for fg, bg, kill

    Challenges:

    1. How would you run the command gedit tool.c in background?

      Answer: gedit tools.c &

    2. What signals do the following send:

      Ctrl+C: SIGINT Can be intercepted incase the program wishes to clean up nicely

      Ctrl+D: EOF Not really a signal

      Ctrl+Z: SIGSTOP Cannot be intercepted by program

    3. Why or when would you ever use the ps command?

      Answer: Enumerate processes, investigate running processes.

    4. What are the most common options used with the ps command?

      Answer: possibly aux

    5. I ran a program or command. I think it's stuck. Suggest two ways I can end the program?

      Answer: Ctrl-C or kill <pid>

    6. What are child and parent processes?

      Answer: A process that forks to create another process is called parent. The forked process is child.

    7. What process has ID 1

      Answer: The init process owned by root.

    8. Briefly explain the output of the ps aux

      Answer: Lists all processes attached to terminal or not, in user oriented format. this is different from ps -aux. See the man page.

  3. Bash scripting/tricks

    chmod, file extensions or not

    Write a script to:

    1. print your name 10 times
    2. accept two numbers as cmdline arg; perform the following
      1. print max
      2. print sum
    3. Write above scripts without delimiting with spaces
    4. Write above scripts using any bash tricks you learned

    Resources: http://wiki.bash-hackers.org/

    Challenges:

    1. What is command injection (CI)?

      Answer: A type fo vulnerability that allows user input to be executed with a shell. Possibly due to improper sanitization. See exploit-exercises.com Nebula level 07

    2. Why is it bad idea to write code that calls system() on user input

      Answer: Improper user input sanitization may result in CI vulnerability.

    3. I can prevent CI by using any of the following:

      1. Sanitize user input by removing spaces (T/F)

      2. Sanitize user input by converting to upper case (T/F)

        See exploit-exercises.com Nebula level 16

    4. What is the shebang?

      Answer: #!/path/to/executable Specifies the executable with which the following instructions should be executed

    5. How do I make my script executable?

      Answer: By adding the executable bit to the corresponding type of users; owner, group and others. For example, chmod ugo+x script.py adds the executable bit for owner, group and others. chmod u+x script.py adds the bit for just owner.

    6. How do I find out if a script is executable?

      Answer: use ls -l <script> to list permissions on the script. An x specifies for whom this script is executable.

    7. How important is a file extension?

      Answer: Doesn't matter much in Linux env. However, it's up to programmers to uphold this. For example, you don't need .sh extension to run a shell script.

    8. How do I know the format of a file without an extension?

      Answer: file <file>. Example file steps.pdf yields: steps.pdf: PDF document, version 1.5.

      Stripping the pdf extension doesn't change the output.