Linux Basics Every Cybersecurity Beginner Must Know
A practical primer on essential Linux skills—filesystem, permissions, and commands—that every aspiring cybersecurity professional needs.
Why Linux Matters in Cybersecurity
Almost every security tool, server, and pentesting distribution you'll encounter runs on Linux. Kali Linux, Parrot OS, most web servers, cloud infrastructure, and even the routers you'll be probing during an assessment are built on Linux or Unix-like systems. If you can't navigate a terminal confidently, you'll struggle to use the tools that define the field. Learning Linux isn't optional background knowledge—it's foundational.
The Filesystem Hierarchy
Unlike Windows with its drive letters, Linux organizes everything under a single root directory (/). Understanding key directories will save you time and confusion:
/etc— system-wide configuration files/var/log— logs, critical for forensics and troubleshooting/home— user directories/tmp— temporary files, often abused by attackers for staging payloads/binand/usr/bin— executable binaries
Spend time exploring these with ls, cd, and cat. Knowing where things live is half the battle when investigating a compromised system.
Essential Commands to Master
You don't need to memorize hundreds of commands—just get fluent with a core set:
ls -la # list files with details, including hidden ones
cd /path # change directory
cat file.txt # display file contents
grep -r "text" . # search recursively for a string
find / -name "*.conf" # locate files by name
chmod 755 script.sh # modify permissions
chown user:group file # change ownership
ps aux # view running processes
netstat -tulnp # view listening ports and services
Each of these has direct security relevance. grep and find are indispensable during log analysis. ps and netstat (or its modern replacement ss) help you spot suspicious processes or unexpected open ports.
Understanding Permissions
Linux permissions are a frequent source of both misconfigurations and exploitation opportunities. Every file has three permission sets—owner, group, and others—each with read (r), write (w), and execute (x) rights, often shown as a numeric mode like 755 or 644.
Run ls -l and you'll see something like:
-rwxr-xr-- 1 alice devs 1024 Jan 1 12:00 script.sh
This tells you the owner can read/write/execute, the group can read/execute, and everyone else can only read. Misconfigured permissions—like world-writable files in sensitive directories—are a classic privilege escalation vector. Practicing chmod and chown until they're second nature will pay off when you start working through privilege escalation labs.
Users, Groups, and Sudo
Linux enforces a clear separation between regular users and the root superuser. Most security work involves understanding how privilege boundaries are enforced—and how they're broken. Learn to inspect /etc/passwd and /etc/shadow, understand what sudo -l reveals about a user's permitted commands, and get comfortable with su versus sudo. Many real-world privilege escalation paths hinge on sudo misconfigurations or SUID binaries, which you can hunt for with:
find / -perm -4000 -type f 2>/dev/null
Package Management and Services
Different distributions use different package managers—apt on Debian/Ubuntu, yum or dnf on RHEL/CentOS/Fedora, pacman on Arch. Knowing how to install, update, and remove software (apt install, apt update, apt remove) is basic hygiene. Equally important is managing services with systemctl:
systemctl status ssh
systemctl stop apache2
systemctl enable nginx
Attackers and defenders alike need to know what's running, what starts on boot, and how to shut things down quickly during incident response.
Logs: Your Best Friend
Linux logging lives mostly under /var/log. Files like auth.log (authentication attempts), syslog, and application-specific logs are where you'll piece together what happened during an incident. Get comfortable with tail -f for real-time monitoring and journalctl on systemd-based systems for querying the system journal.
Building the Habit
The fastest way to internalize these basics is repetition in a real environment. Spin up a virtual machine, break things intentionally, and fix them using only the command line. Avoid relying on GUI tools early on—the terminal fluency you build now becomes second nature during high-pressure incident response or penetration testing engagements later.
Where to Go From Here
Once you're comfortable navigating, managing permissions, and reading logs, you're ready to explore shell scripting, network reconnaissance tools, and privilege escalation techniques that build directly on these fundamentals.
Explore related Linux, Systems, and Offensive security segments on Korra Studio to continue building your foundation.
This article was generated with AI assistance and published to the Korra Studio knowledge base.
This is one note from the Korra Studio knowledge base — the platform pairs every topic with 1-to-1 mentoring.
Get started freearrow_forward