Your expert guidance towards a career in Linux.

TROOP3R

New Member
Joined
Jun 14, 2017
Messages
3
Reaction score
5
Credits
0
Greetings from India!

Hello fellow board members. My very first post on these forums intended to gather your experienced and invaluable thoughts/suggestions for a Linux newbie like myself. I do have a (windows based) technical work experience of 11 years +, but I've decided to make an everlasting career in the linux field. I've always been intrigued by linux and its mechanics however, the security/network part of it interests me more than the administration/scripting part.

So accordingly I've initiated linux classroom courses here locally for RHCSA/RHCE examination. Fortunately. I have a great linux tutor!

After getting my certification, I'll further look towards in getting the relevant work experience, then move into security, penetration testing & enhancing my linux-based experience. Then go freelancing/consultant and ultimately get into teaching and spreading linux awareness wherever I can. But in between that I want to be a self-sufficient linux user. I am 33 years old, I know I've been delayed.

What I need from you all is a good starting point or the prerequisites of getting myself into the aforementioned penetration testing route. Where to begin? What tools to be used? How to set up an internal test environment? Any other additional Red Hat based certifications etc...
I have an overview of the idea of Kali Linux, at the same time people mentioning this can be achieved with Ubuntu and setting up Kali based tools into Ubuntu and then moving ahead.

Looking forward to hearing from you all.

Thanks!
 


Hey there - welcome to the forum!

I'd keep an eye on security type mailing lists to get familiar with the various patches that come out and why.. also, if you have any extra hardware, experiment with different Linux distributions so you get a feel for the differences in each. Mostly, it'll be their package managers, but sometimes they do place applications in different spots..

Also, you can use your test boxes as pentesting targets.. install old versions of distributions that you know are vulnerable to various things so you can see some progress in your pen testing, etc..

And most of all - try to help others on Linux.org.. because every time you help someone, you learn a little yourself :)

Rob
 
I've been meaning to take some kind of Linux certification for a number of years, but I haven't been able to save up enough cash to sign up to anything just yet. :/

I've been looking at The Linux Foundation's training, which looks pretty good and it's fairly vendor neutral. You can study for the Linux foundation certifications using any Debian or Red Hat/RPM based distro. It covers both package management systems and the skills you learn are transferable to other distros which use other packaging systems too.

Whereas Red Hat training is specific to Red Hat/RPM based systems. So you need to be working on a Red-Hat based system. Which is fair enough. I'm just not a huge fan of Red-Hat. I've always preferred Debian, so the LF courses are a better fit for me.
(BTW: I'm not dissing the Red-Hat certifications - they cover the same material as the LF courses)

WRT becoming a self-sufficient Linux user:
- Use Linux as much as you can.
- Install some different distros.
- Set up and secure some servers/services.
- Rather than installing easy to install distros like Ubuntu, Debian, Red-Hat etc. Perhaps take a look at some of the more intricate distros, like Arch, Gentoo, Slackware or Linux From Scratch. These distros will force you to get your hands dirty during installation and you will learn a lot more about how a Linux-based operating system works.

If nothing else, they will at least make you appreciate the work that goes into making other distros more user-friendly at install-time! ;)



If you want to get into pen-testing, there are a lot of different places offering training and certification ATM. But there is a lot of technical material to cover and you will almost certainly need to be able to write scripts using shell-scripting. Learning at least one or two other scripting languages will also help (depends on the course - but commonly used scripting languages are Perl, Python, Ruby, Lua etc...).

It also depends how far down the rabbit-hole you want to go. If you just want to learn how to use the tools in Kali to find/exploit weaknesses using known exploits, then you probably won't need to know much more than Kali's toolset and some scripting.

But if you want to get into finding new exploits, reverse engineering, or malware analysis - you'd need to have a deep understanding of several systems programming languages like C, C++ and Assembly. Perhaps also Java.


To set up a home pen-testing lab, you could install Linux on a few different machines on a small network. It doesn't need to be top of the line, brand new machines or anything - just any old PC's/laptops you have.

Alternatively you could use something like Virtualbox to set up and network a couple of VM's on your PC/Laptop.

Initially, you'd need one machine with Kali and one with something like Metasploitable, or Damn Vulnerable Linux on it. As their names imply these are distros that are deliberately full of vulnerabilities.

There are tutorials and books/articles available online that can walk you through using various Kali tools.
Once you've learnt to use the tools in Kali to break into a system which is choc-full of security holes, you can look at replacing the deliberately vulnerable distro with something more general-purpose - like Debian or Fedora.

Once the new distro is in place, you can attempt to set-up and secure some services on it (web-server, mail server, ssh etc) and then audit its security using Kali.
 
Last edited:
Hello TROOP3R, Hi All.

Reading your Topic, I thought I would have a quick look around, and found something current here - http://resources.infosecinstitute.com/top-10-linux-distro-ethical-hacking-penetration-testing/

I am not in your shoes, nor do I have your youth on my side. If I were, and I had (I have) plenty of drive capacity, I might be looking at becoming acquainted with a number of the Linux "Families" (Debian, RPM, Gentoo, Arch, Slackware) and applying various of the solutions referenced in the article linked, to see how they fare.

If you wish to cover as broad a picture as providing both enterprise solutions for the corporate world, as well as cater to the home user; the home user is not to be discounted, as happy customers can provide positive word of mouth (about your skills and service) to people they know in the corporate sphere, and thus you generate your future income. Corporate clients for sizable revenue, and domestic services for cash flow, so to speak?

Good luck. :)

Wizard
 
Good luck @TROOP3R! Folks here have given you excellent advice and hopefully you will soon be on your way to a Linux-based career.
 
Guys, sorry for the late reply on your inputs (some work related stuff held me up!).

And I do appreciate the same enthusiasm shown in replying to my post. All of 'em are great suggestions and individual thought processing toward a given topic.

Hey there - welcome to the forum!

I'd keep an eye on security type mailing lists to get familiar with the various patches that come out and why.. also, if you have any extra hardware, experiment with different Linux distributions so you get a feel for the differences in each. Mostly, it'll be their package managers, but sometimes they do place applications in different spots..

Also, you can use your test boxes as pentesting targets.. install old versions of distributions that you know are vulnerable to various things so you can see some progress in your pen testing, etc..

And most of all - try to help others on Linux.org.. because every time you help someone, you learn a little yourself :)

Rob

Thanks Rob!

I do (in)frequently read on the posts of Linux Journal and news.ycombinator.com and try to keep myself updated.

I'll be making myself more familiar with other distros as well. The most favourable to me as of now are Ubuntu & Fedora.

Re-setting up an old system for testing purposes had also crossed my mind.

And yes!! I do agree that when you teach/help others, you learn twice!


I've been meaning to take some kind of Linux certification for a number of years, but I haven't been able to save up enough cash to sign up to anything just yet. :/

I've been looking at The Linux Foundation's training, which looks pretty good and it's fairly vendor neutral. You can study for the Linux foundation certifications using any Debian or Red Hat/RPM based distro. It covers both package management systems and the skills you learn are transferable to other distros which use other packaging systems too.

Whereas Red Hat training is specific to Red Hat/RPM based systems. So you need to be working on a Red-Hat based system. Which is fair enough. I'm just not a huge fan of Red-Hat. I've always preferred Debian, so the LF courses are a better fit for me.
(BTW: I'm not dissing the Red-Hat certifications - they cover the same material as the LF courses)

WRT becoming a self-sufficient Linux user:
- Use Linux as much as you can.
- Install some different distros.
- Set up and secure some servers/services.
- Rather than installing easy to install distros like Ubuntu, Debian, Red-Hat etc. Perhaps take a look at some of the more intricate distros, like Arch, Gentoo, Slackware or Linux From Scratch. These distros will force you to get your hands dirty during installation and you will learn a lot more about how a Linux-based operating system works.

If nothing else, they will at least make you appreciate the work that goes into making other distros more user-friendly at install-time! ;)

If you want to get into pen-testing, there are a lot of different places offering training and certification ATM. But there is a lot of technical material to cover and you will almost certainly need to be able to write scripts using shell-scripting. Learning at least one or two other scripting languages will also help (depends on the course - but commonly used scripting languages are Perl, Python, Ruby, Lua etc...).

It also depends how far down the rabbit-hole you want to go. If you just want to learn how to use the tools in Kali to find/exploit weaknesses using known exploits, then you probably won't need to know much more than Kali's toolset and some scripting.

But if you want to get into finding new exploits, reverse engineering, or malware analysis - you'd need to have a deep understanding of several systems programming languages like C, C++ and Assembly. Perhaps also Java.


To set up a home pen-testing lab, you could install Linux on a few different machines on a small network. It doesn't need to be top of the line, brand new machines or anything - just any old PC's/laptops you have.

Alternatively you could use something like Virtualbox to set up and network a couple of VM's on your PC/Laptop.

Initially, you'd need one machine with Kali and one with something like Metasploitable, or Damn Vulnerable Linux on it. As their names imply these are distros that are deliberately full of vulnerabilities.

There are tutorials and books/articles available online that can walk you through using various Kali tools.
Once you've learnt to use the tools in Kali to break into a system which is choc-full of security holes, you can look at replacing the deliberately vulnerable distro with something more general-purpose - like Debian or Fedora.

Once the new distro is in place, you can attempt to set-up and secure some services on it (web-server, mail server, ssh etc) and then audit its security using Kali.

Jas, I'll check the Linux Foundation's training and certifications course as well. It makes sense to learn both of the Debian & RH based distros, given the industry has become so much diverse.
And may I ask, why do you prefer Debian over RH any particular reason? Also, which debian distro? Core!, Lindows, Knoppix, Unbuntu etc.?

Yeah, I'm getting into using Linux as much as I can (though posting this from Windows 7, =P)
I also do like your suggestion of installing Arch, Gentoo, Slackware or Linux From Scratch and the explanation of it makes sense too.

Certainly I appreciate the work put into the user-friendly distros and hats-off to the community and their ever-evolving ideas to streamline things even more.

I'll be taking a course in shell scripting & C. The only reason I tend to avoid these are, 'coz they based on logic, and I at suck logic and reasoning.

I have installed CentOS 7 on a VM that's on my desktop. And have restricted myself to cli mode only!

Again, your advise is on point! Maybe one day I might be able to guide to someone in a similar manner.

Oh, and Jas, about your DP, is that you on that drum kit? Do you play the drums??


Hi Chester, thanks for the pdf link.


Hello TROOP3R, Hi All.

Reading your Topic, I thought I would have a quick look around, and found something current here - http://resources.infosecinstitute.com/top-10-linux-distro-ethical-hacking-penetration-testing/

I am not in your shoes, nor do I have your youth on my side. If I were, and I had (I have) plenty of drive capacity, I might be looking at becoming acquainted with a number of the Linux "Families" (Debian, RPM, Gentoo, Arch, Slackware) and applying various of the solutions referenced in the article linked, to see how they fare.

If you wish to cover as broad a picture as providing both enterprise solutions for the corporate world, as well as cater to the home user; the home user is not to be discounted, as happy customers can provide positive word of mouth (about your skills and service) to people they know in the corporate sphere, and thus you generate your future income. Corporate clients for sizable revenue, and domestic services for cash flow, so to speak?

Good luck. :)

Wizard

Thank you Mr. Wizard for your kind and timeless words! I too am planning to get my hands dirty on the distros that you've highlighted.

If I may ask, which Linux distro you personally prefer working on?

Nice hat BTW! You're blog also seems interesting.


Good luck @TROOP3R! Folks here have given you excellent advice and hopefully you will soon be on your way to a Linux-based career.

Thanks for your wishes Atanere. I'll be in touch!
 
@TROOP3R

Thank you Mr. Wizard for your kind and timeless words! I too am planning to get my hands dirty on the distros that you've highlighted.

Nice hat BTW! You're blog also seems interesting.

Kind words. Thank you. Mr Wizard was my late father, folks around here can call me Wizard or Wiz, just don't call me late for dinner.

If I may ask, which Linux distro you personally prefer working on?

... is a bit like asking "How long is a piece of string?"

I typically use 50 to 70 of them, counting different DEs (Desktop Environments) and I have a number of Faves.

If you will be patient with me, and there is interest, I will compile a standalone Topic next week or so, listing what I use, and why, based as a (very) broad Review.

Cheers all

Wiz

BTW - which hat? The one in the GIF or the one in my avatar?
Edited added BTW
 
Jas, I'll check the Linux Foundation's training and certifications course as well. It makes sense to learn both of the Debian & RH based distros, given the industry has become so much diverse.
And may I ask, why do you prefer Debian over RH any particular reason? Also, which debian distro? Core!, Lindows, Knoppix, Unbuntu etc.?

Don't get me wrong - Red Hat is used by a LOT of companies, so the Red-Hat qualification would definitely be valuable. As I said, I am a Debian user at home, so it would be more convenient for me to be able to study on a Debian based OS. The only reason I'd choose the Linux Foundation training over Red Hat is purely personal convenience. It's not for any technical reason. The Red-Hat training is every bit as good as The Linux Foundations. Again, the Red-Hat certification might even be more valuable to have because so many companies use Red-Hat based servers. IDK!

Why do I prefer Debian?
Well, I used to use Red Hat (actually it was Fedora) when I first got into Linux. But I quickly got frustrated with it because package management always seemed fraught. When trying to install new packages, RH always seemed to have problems resolving package conflicts. When trying to install new packages from the repos there always seemed to be dependencies whose versions conflicted with the those required by another piece of software. Then package management tools did little to solve the problem and I didn't really have enough knowledge at the time to fix it out manually. In short, it drove me completely nuts....

That said, I was quite new to Linux at the time, so it may have been a case of PICNIC (Problem In Chair, Not In Computer).

Either way, I switched to using Debian-based distros and never had any problems whatsoever. The Debian package format and package management tools have been completely rock-solid and dependable.

Since then, I've never really tried any other Red Hat based distros. I'm sure the package management situation has changed drastically by now. Things are almost certainly far better than they were back then. But those first impressions of Fedora and Red-Hat were lasting ones for me.

I've flirted with many other distros with their own package management systems - Arch, Gentoo, Slack etc. - And I've never had any problems with them either. But I always use Debian on my main PC. Again, purely personal preference. No compelling technical reasons for it.

On my main laptop - I currently use Debian Testing, installed using the net-based installer. That way I didn't have to put up with Gnome 3. I just installed X with lightdm for the login manager and dwm as my Window manager.

I'll be taking a course in shell scripting & C. The only reason I tend to avoid these are, 'coz they based on logic, and I at suck logic and reasoning.
Well, if you want to get into system administration, then shell-scripting is an absolute must. Rather than manually repeating tasks day in and day out, any sys-admin worth their salt will write a script to do it and set up a cron job to run it automatically if it is something that they will need to do often.

Likewise, If you want to get into pen-testing, then again shell-scripting and knowledge of a language like C is also a must.

As for logic and reasoning - you can work on that too. I'm sure your C programming course will go a long way to teaching you how to think when solving programming problems. And as you learn more about programming and actually start writing programs, your logic and reasoning will improve. It all comes down to study, practice and above all patience and persistence!

Again, your advise is on point! Maybe one day I might be able to guide to someone in a similar manner.
Thanks.
Well, if you want to be able to help others - use Linux as much as possible and build up your knowledge. Also stick around here and check out some threads. If you see something you think you can help with, feel free to chip in with some advice. And if you don't feel confident enough to post an answer - at least watch the thread and see what solutions other people come up with. As Rob has said, you may well end up learning something new!

Oh, and Jas, about your DP, is that you on that drum kit? Do you play the drums??

Yes, that is me at my drum kit. And yes, I do play the drums. I currently drum for a UK based progressive metal band called Kinasis.
Not what most people would call music, but it provides some fun physical and mental challenges and some much needed exercise! Heh heh! XD
 
Yes, that is me at my drum kit. And yes, I do play the drums. I currently drum for a UK based progressive metal band called Kinasis. Not what most people would call music, but it provides some fun physical and mental challenges and some much needed exercise! Heh heh! XD

I'd say you're a pretty kick-ass drummer! :cool: I like the band's sound... it's music to me. (But not so keen on the singer.)
 
@TROOP3R

Kind words. Thank you. Mr Wizard was my late father, folks around here can call me Wizard or Wiz, just don't call me late for dinner.

... is a bit like asking "How long is a piece of string?"

I typically use 50 to 70 of them, counting different DEs (Desktop Environments) and I have a number of Faves.

If you will be patient with me, and there is interest, I will compile a standalone Topic next week or so, listing what I use, and why, based as a (very) broad Review.

Cheers all

Wiz

BTW - which hat? The one in the GIF or the one in my avatar?
Edited added BTW


I do apologize Wiz. I didnt know that.

That's a lot of distros there Wiz. A huge list! 50-70 Linux distros!!

I'm patient. I'll wait for that topic. Just let me know if you'll be posting that here on linux.org or on your blog?


Don't get me wrong - Red Hat is used by a LOT of companies, so the Red-Hat qualification would definitely be valuable. As I said, I am a Debian user at home, so it would be more convenient for me to be able to study on a Debian based OS. The only reason I'd choose the Linux Foundation training over Red Hat is purely personal convenience. It's not for any technical reason. The Red-Hat training is every bit as good as The Linux Foundations. Again, the Red-Hat certification might even be more valuable to have because so many companies use Red-Hat based servers. IDK!

Why do I prefer Debian?
Well, I used to use Red Hat (actually it was Fedora) when I first got into Linux. But I quickly got frustrated with it because package management always seemed fraught. When trying to install new packages, RH always seemed to have problems resolving package conflicts. When trying to install new packages from the repos there always seemed to be dependencies whose versions conflicted with the those required by another piece of software. Then package management tools did little to solve the problem and I didn't really have enough knowledge at the time to fix it out manually. In short, it drove me completely nuts....

That said, I was quite new to Linux at the time, so it may have been a case of PICNIC (Problem In Chair, Not In Computer).

Either way, I switched to using Debian-based distros and never had any problems whatsoever. The Debian package format and package management tools have been completely rock-solid and dependable.

Since then, I've never really tried any other Red Hat based distros. I'm sure the package management situation has changed drastically by now. Things are almost certainly far better than they were back then. But those first impressions of Fedora and Red-Hat were lasting ones for me.

I've flirted with many other distros with their own package management systems - Arch, Gentoo, Slack etc. - And I've never had any problems with them either. But I always use Debian on my main PC. Again, purely personal preference. No compelling technical reasons for it.

On my main laptop - I currently use Debian Testing, installed using the net-based installer. That way I didn't have to put up with Gnome 3. I just installed X with lightdm for the login manager and dwm as my Window manager.


Well, if you want to get into system administration, then shell-scripting is an absolute must. Rather than manually repeating tasks day in and day out, any sys-admin worth their salt will write a script to do it and set up a cron job to run it automatically if it is something that they will need to do often.

Likewise, If you want to get into pen-testing, then again shell-scripting and knowledge of a language like C is also a must.

As for logic and reasoning - you can work on that too. I'm sure your C programming course will go a long way to teaching you how to think when solving programming problems. And as you learn more about programming and actually start writing programs, your logic and reasoning will improve. It all comes down to study, practice and above all patience and persistence!


Thanks.
Well, if you want to be able to help others - use Linux as much as possible and build up your knowledge. Also stick around here and check out some threads. If you see something you think you can help with, feel free to chip in with some advice. And if you don't feel confident enough to post an answer - at least watch the thread and see what solutions other people come up with. As Rob has said, you may well end up learning something new!



Yes, that is me at my drum kit. And yes, I do play the drums. I currently drum for a UK based progressive metal band called Kinasis.
Not what most people would call music, but it provides some fun physical and mental challenges and some much needed exercise! Heh heh! XD

Thanks Jas once again for the motivation!

And glad to know about Kinasis. I'll give 'em a try. Looked up your band on youtube. Saw some videos listed. Will certainly listen to it.

DRUMS!! The only unplugged (non-electrical) instrument in the Heavy Metal construct!

My all time favorites drummers are;
Ian Paice, Bill Ward, Clive Burr, Dave Lombardo, Gar Sammuelson, Igor Cavalera, Pete Sadoval, Fenriz, Ole Öhman, Pete Hammoura.
(Sorry for going a bit off topic).


Thanks once again everyone for all your motivation and encouragement. Will be seeing you all around.
 

Members online


Latest posts

Top