Cybersecurity Ops with bash
by Paul Troncone and Carl Albing
Copyright 2019 Digadel Corp & Carl Albing. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisitions Editor: Rachel Roumeliotis
- Developmental Editors: Virginia Wilson and John Devins
- Production Editor: Nan Barber
- Copyeditor: Sharon Wilkey
- Proofreader: Christina Edwards
- Indexer: Ellen Troutman-Zaig
- Interior Designer: David Futato
- Cover Designer: Karen Montgomery
- Illustrator: Rebecca Demarest
- April 2019: First Edition
Revision History for the First Edition
- 2019-04-01: First Release
See http://oreilly.com/catalog/errata.csp?isbn=9781492041313 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Cybersecurity Ops with bash, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
The views expressed in this work are those of the authors, and do not represent the publishers views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-492-04131-3
[LSI]
Dedication
To Erin and Kiera. You bring joy to every moment of my life.
Paul
To Cynthia, and our sons Greg, Eric, and Andrew.
Carl
Preface
What is of the greatest importance in war is extraordinary speed: one cannot afford to neglect opportunity.
Sun Tzu, The Art of War
In this day and age, the command line is sometimes overlooked. New cybersecurity practitioners may be lured away by tools with flashy graphical interfaces. More-experienced operators may dismiss or underestimate its value. However, the command line provides a wealth of capability and should be part of every practitioners toolkit. As an example, the seemingly simple tail
command that outputs the last few lines of a specified file is over 2,000 lines of C code. You could create a similar tool using Python or another programming language, but why do so when you can access its capabilities by simply invoking it from the command line?
Additionally, learning how to use the command line for complex tasks gives you a better understanding of the way an operating system functions. The most capable cybersecurity practitioners understand how tools work at a fundamental level, not just how to use them.
Cybersecurity Ops with bash teaches you how to leverage sophisticated Linux commands and the bash shell to enhance your capabilities as a security operator and practitioner. By learning these skills you will be able to rapidly create and prototype complex capabilities with as little as a single line of pipelined commands.
Although the bash shell and the commands we discuss throughout this book originated in the Unix and Linux family of operating systems, they are now ubiquitous. The techniques are easily transferable between Linux, Windows, and macOS environments.
Who This Book Is For
Cybersecurity Ops with bash is written for those who wish to achieve mastery of the command line in the context of computer security. The goal is not to replace existing tools with command-line scripts, but rather to teach you how to use the command line so you can leverage it to augment your existing security capabilities.
Throughout this book, we focus examples on security techniques such as data collection, analysis, and penetration testing. The purpose of these examples is to demonstrate the command lines capabilities and give you insight into some of the fundamental techniques used by higher-level tools.
This book assumes basic familiarity with cybersecurity, the command-line interface, programming concepts, and the Linux and Windows operating systems. Prior knowledge of bash is useful but not necessarily needed.
This book is not an introduction to programming, although some general concepts are covered in Part I.
Bash or bash
Throughout this book, we refer to the bash shell by using a lowercase letter b unless it is the first word in a sentence or is referencing the Windows program Git Bash. This convention is based on guidance provided by Chet Ramey, who is the current maintainer of the software. For more information on bash, visit the bash website. For more information on the various releases of bash, reference documentation, and examples, visit the bash Cookbook wiki page.
Script Robustness
The example scripts in this book are written to illustrate and teach concepts. The scripts are not designed to be efficient or robust enough for enterprise deployment. Use caution if you choose to use the scripts in a live environment. Be sure to follow programming best practices and test your scripts before deployment.
Workshops
We provide thought-provoking questions and practice problems at the end of each chapter to help you build your security, command-line, and bash skills. You can find solutions to some of these exercises and additional resources at the Cybersecurity Ops website.
Conventions Used in This Book
The following typographical conventions are used in this book:
ItalicIndicates new terms, URLs, email addresses, filenames, and file extensions.
Constant width
Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords.
Constant width bold
Shows commands or other text that should be typed literally by the user.
Constant width italic
Shows text that should be replaced with user-supplied values or by values determined by context.
Tip
This element signifies a tip or suggestion.
Note
This element signifies a general note.
Warning
This element indicates a warning or caution.
Using Code Examples
This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless youre reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from OReilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your products documentation does require permission.