3.4. Useful Commands
3.4.1. Displaying and Modifying Text Files
cat file command (intended to concatenate files to the standard output device) reads a file and displays its contents on the terminal. If the file is too big to fit on a screen, you can use a pager such as
more) to display it page by page.
editor command starts a text editor (such as Vi or Nano) and allows creating, modifying, and reading text files. The simplest files can sometimes be created directly from the command interpreter thanks to redirection:
command >file creates a file named file containing the output of the given command.
command >>file is similar except that it appends the output of the command to the file rather than overwriting it.
$ echo "Kali rules!" > kali-rules.txt
$ cat kali-rules.txt
$ echo "Kali is the best!" >> kali-rules.txt
$ cat kali-rules.txt
Kali is the best!
3.4.2. Searching for Files and within Files
find directory criteria command searches for files in the hierarchy under directory according to several criteria. The most commonly used criterion is
-name filename which allows searching for a file by name. You can also use common wildcards such as “
*” in the filename search.
$ find /etc -name hosts
$ find /etc -name "hosts*"
grep expression files command searches the contents of the files and extracts lines matching the regular expression. Adding the
-r option enables a recursive search on all files contained in the directory. This allows you to look for a file when you only know a part of its contents.
3.4.3. Managing Processes
ps aux command lists the processes currently running and helps to identify them by showing their PID. Once you know the PID of a process, the
kill -signal pid command allows you to send it a signal (if you own the process). Several signals exist; most commonly used are
TERM (a request to terminate gracefully) and
KILL (a forced kill).
The command interpreter can also run programs in the background if the command is followed by “&”. By using the ampersand, you resume control of the shell immediately even though the command is still running (hidden from view as a background process). The
jobs command lists the processes running in the background; running
fg %job-number (for foreground) restores a job to the foreground. When a command is running in the foreground (either because it was started normally, or brought back to the foreground with
fg), the Control+Z key combination pauses the process and resumes control of the command line. The process can then be restarted in the background with
bg %job-number (for background).
3.4.4. Managing Rights
Linux is a multi-user system so it is necessary to provide a permissions system to control the set of authorized operations on files and directories, which includes all the system resources and devices (on a Unix system, any device is represented by a file or directory). This principle is common to all Unix-like systems.
Each file or directory has specific permissions for three categories of users:
- Its owner (symbolized by
u, as in user)
- Its owner group (symbolized by
g, as in group), representing all the members of the group
- The others (symbolized by
o, as in other)
Three types of rights can be combined:
- reading (symbolized by
r, as in read);
- writing (or modifying, symbolized by
w, as in write);
- executing (symbolized by
x, as in eXecute).
In the case of a file, these rights are easily understood: read access allows reading the content (including copying), write access allows changing it, and execute access allows running it (which will only work if it is a program).
A directory is handled differently from a file. Read access gives the right to consult the list of its contents (files and directories); write access allows creating or deleting files; and execute access allows crossing through the directory to access its contents (for example, with the
cd command). Being able to cross through a directory without being able to read it gives the user permission to access the entries therein that are known by name, but not to find them without knowing their exact name.
Three commands control the permissions associated with a file:
chown user filechanges the owner of the file
chgrp group filealters the owner group
chmod rights filechanges the permissions for the file
There are two ways of representing rights. Among them, the symbolic representation is probably the easiest to understand and remember. It involves the letter symbols mentioned above. You can define rights for each category of users (
o), by setting them explicitly (with
=), by adding (
+), or subtracting (
-). Thus the
u=rwx,g+rw,o-r formula gives the owner read, write, and execute rights, adds read and write rights for the owner group, and removes read rights for other users. Rights not altered by the addition or subtraction in such a command remain unmodified. The letter
a, for all, covers all three categories of users, so that
a=rx grants all three categories the same rights (read and execute, but not write).
The (octal) numeric representation associates each right with a value: 4 for read, 2 for write, and 1 for execute. We associate each combination of rights with the sum of the three figures, and a value is assigned to each category of users, in the usual order (owner, group, others).
For instance, the
chmod 754 file command will set the following rights: read, write and execute for the owner (since 7 = 4 + 2 + 1); read and execute for the group (since 5 = 4 + 1); read-only for others. The
0 means no rights; thus
chmod 600 file allows for read and write permissions for the owner, and no rights for anyone else. The most frequent right combinations are
755 for executable files and directories, and
644 for data files.
To represent special rights, you can prefix a fourth digit to this number according to the same principle, where the
sticky bits are 4, 2, and 1, respectively. The command
chmod 4754 will associate the
setuid bit with the previously described rights.
Note that the use of octal notation only allows you to set all the rights at once on a file; you cannot use it to add a new right, such as read access for the group owner, since you must take into account the existing rights and compute the new corresponding numerical value.
The octal representation is also used with the
umask command, which is used to restrict permissions on newly created files. When an application creates a file, it assigns indicative permissions, knowing that the system automatically removes the rights defined with
umask in a shell; you will see a mask such as
0022. This is simply an octal representation of the rights to be systematically removed (in this case, the write rights for the group and other users).
If you give it a new octal value, the
umask command modifies the mask. Used in a shell initialization file (for example,
~/.bash_profile), it will effectively change the default mask for your work sessions.
3.4.5. Getting System Information and Logs
free command displays information on memory; disk free (
df) reports on the available disk space on each of the disks mounted in the file system. Its
-h option (for human readable) converts the sizes into a more legible unit (usually mebibytes or gibibytes). In a similar fashion, the
free command supports the
-g options, and displays its data either in mebibytes or in gibibytes, respectively.
total used free shared buff/cache available
Mem: 2052944 661232 621208 10520 770504 1359916
Swap: 0 0 0
Filesystem 1K-blocks Used Available Use% Mounted on
udev 1014584 0 1014584 0% /dev
tmpfs 205296 8940 196356 5% /run
/dev/vda1 30830588 11168116 18073328 39% /
tmpfs 1026472 456 1026016 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 1026472 0 1026472 0% /sys/fs/cgroup
tmpfs 205296 36 205260 1% /run/user/132
tmpfs 205296 24 205272 1% /run/user/0
id command displays the identity of the user running the session along with the list of groups they belong to. Since access to some files or devices may be limited to group members, checking available group membership may be useful.
uid=1000(buxy) gid=1000(buxy) groups=1000(buxy),27(sudo)
uname -a command returns a single line documenting the kernel name (
Linux), the hostname, the kernel release, the kernel version, the machine type (an architecture string such as
x86_64), and the name of the operating system (
GNU/Linux). The output of this command should usually be included in bug reports as it clearly defines the kernel in use and the hardware platform you are running on.
$ uname -a
Linux kali-rolling 4.4.0-kali1-amd64 #1 SMP Debian 4.4.6-1kali1 (2016-03-18)
All these commands provide run-time information, but often you need to consult logs to understand what happened on your computer. In particular, the kernel emits messages that it stores in a ring buffer whenever something interesting happens (such as a new USB device being inserted, a failing hard disk operation, or initial hardware detection on boot). You can retrieve the kernel logs with the
Systemd’s journal also stores multiple logs (stdout/stderr output of daemons, syslog messages, kernel logs) and makes it easy to query them with
journalctl. Without any arguments, it just dumps all the available logs in a chronological way. With the
-r option, it will reverse the order so that newer messages are shown first. With the
-f option, it will continuously print new log entries as they are appended to its database. The
-u option can limit the messages to those emitted by a specific systemd unit (ex:
journalctl -u ssh.service).
3.4.6. Discovering the Hardware
The kernel exports many details about detected hardware through the
/sys/ virtual filesystems. Several tools summarize those details. Among them,
lspci (in the pciutils package) lists PCI devices,
lsusb (in the usbutils package) lists USB devices, and
lspcmcia (in the pcmciautils package) lists PCMCIA cards. These tools are very useful for identifying the exact model of a device. This identification also allows more precise searches on the web, which in turn, lead to more relevant documents. Note that the pciutils and usbutils packages are already installed on the base Kali system but pcmciautils must be installed with
apt install pcmciautils. We will discuss more about package installation and management in a later chapter.
Example 3.1. Example of information provided by
00:02.1 Display controller: Intel Corporation Mobile 915GM/GMS/910GML Express
Graphics Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI
Express Port 1 (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family)
USB UHCI #1 (rev 03)
01:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5751 Gigabit
Ethernet PCI Express (rev 01)
02:03.0 Network controller: Intel Corporation PRO/Wireless 2200BG Network
Connection (rev 05)
Bus 005 Device 004: ID 413c:a005 Dell Computer Corp.
Bus 005 Device 008: ID 413c:9001 Dell Computer Corp.
Bus 005 Device 007: ID 045e:00dd Microsoft Corp.
Bus 005 Device 006: ID 046d:c03d Logitech, Inc.
Bus 002 Device 004: ID 413c:8103 Dell Computer Corp. Wireless 350 Bluetooth
These programs have a
-v option that lists much more detailed (but usually unnecessary) information. Finally, the
lsdev command (in the procinfo package) lists communication resources used by devices.
lshw program is a combination of the above programs and displays a long description of the hardware discovered in a hierarchical manner. You should attach its full output to any report about hardware support problems.