Back to all guides
BeginnerFundamentals12 min read

root@css:~$ man bash

Linux Command Line Basics for Security

Learn the essential terminal commands every security learner needs: navigating the filesystem, managing files and permissions, and inspecting processes.

What you'll learn

  • >Navigate the Linux filesystem confidently
  • >Read and modify file permissions
  • >Inspect running processes and network state

Almost every security tool — from Nmap to Wireshark to Metasploit — is driven from the command line. Before you scan a single port, you need to feel at home in a terminal. This tutorial covers the building blocks you will reuse in every other guide on this site.

1. Navigating the filesystem

Linux organizes everything under a single root directory, "/". These three commands let you move around and see where you are.

bash
pwd            # print working directory (where am I?)
ls -la         # list all files, including hidden, with details
cd /etc        # change directory to /etc
cd ~           # jump back to your home directory

// tip: Hidden files start with a dot (.bashrc, .ssh). The -a flag in "ls -la" reveals them — attackers and defenders both care about these config files.

2. Understanding file permissions

Permissions control who can read (r), write (w), and execute (x) a file. Misconfigured permissions are one of the most common real-world vulnerabilities, so learn to read them fluently.

bash
-rwxr-xr-- 1 root staff  2048 Jun  9 10:00 script.sh
│└┬┘└┬┘└┬┘
│ │  │  └── others: read only
│ │  └───── group: read + execute
│ └──────── owner: read + write + execute
└────────── file type (- = file, d = directory)
Reading the output of ls -l

Change permissions with chmod. The numeric form uses 4=read, 2=write, 1=execute, added together per role (owner, group, others).

bash
chmod 750 script.sh    # owner: rwx, group: r-x, others: none
chmod +x script.sh     # add execute for everyone
chown user:group file  # change ownership

// warning: Never blindly run "chmod 777" on files. It grants everyone full control and is a frequent cause of privilege-escalation findings in audits.

3. Inspecting processes and the network

Knowing what is running — and what is listening on the network — is the foundation of both defense and investigation.

bash
ps aux              # snapshot of all running processes
top                 # live, sorted view of resource usage
ss -tulpn           # list listening TCP/UDP ports + owning process
kill -9 <PID>       # forcefully stop a process by ID
  1. 1Open a terminal and run "ss -tulpn" to see which services listen on your machine.
  2. 2Pick an unfamiliar port and research what service uses it.
  3. 3Run "ps aux | grep <name>" to find the owning process.
  4. 4Decide whether that service should be running — disable what you do not need.

// note: Reducing your "attack surface" simply means turning off services you do not use. Fewer listening ports means fewer doors an attacker can knock on.

// ethics_notice: Practice only on systems you own or are explicitly authorized to test. These materials are for education and defense.

Next tutorial

Network Scanning with Nmap