[Completed] Professional Google Cybersecurity Specialization C4/8;Tools of the Trade: Linux and SQL Hello, and welcome to Tools of the Trade: Linux and SQL, the fourth course in the Google Cybersecurity Certificate. You're on an exciting journey!By the end of this course, you will develop a greater understanding of the basics of computing that will support your work as a security analyst. You will learn foundational concepts related to understanding operating systems, communicating with the Linux operating system through commands, and querying databases with Structured Query Language (SQL). These are key concepts in the cybersecurity field and understanding them will help you keep organizations secure. All things Operating System Introduction to Course 4 Hi! Welcome to this course  on computing basics for security. My name is Kim, and I work as  a Technical Program Manager in security. I grew up with computers and the internet  but didn't really consider security as  a career opportunity until I saw  how it was interwoven into technology. Before my first security job,  I worked on a cloud application team  and had to regularly interact with the security team. It was my first experience working with security,  but the idea of protecting information and working  with others towards that goal was exciting to me.  As a result, I decided to work towards my CISSP,  which led me to some new job  opportunities at my company,  and I was then able to move into security. At this point, if you've been following along, you've already explored a variety of  concepts useful to the security field,  including security domains and networking. I'm excited to join you  during the next part of the program. We'll take it slow so that you can  understand these topics in practical ways.  The focus of this course is computing basics.  When you understand how  the machines in an organization's system work,  it helps you do your job as  a security analyst more efficiently. Part of your job as a security analyst is to  keep systems protected from possible attacks. You're one of the first levels of  defense in protecting an organization's data.  To do this effectively, it's helpful to understand how  the system you're protecting works. In addition, you may need to  investigate events to help correct errors in the system. Being familiar with Linux operating system  and its associated commands,  and also being able to interact with an organization's data through  SQL, will help you with that. In this course, you'll learn about  operating systems and how they  relate to applications and hardware. Next, you'll explore  the Linux operating system in more detail. Then you'll use the Linux command line  within a security context. Finally, we'll discuss how you can use SQL to query  databases while working as a security analyst. I'm excited to explore all of  these topics with you. Let's get started. Course 4 content because im legally not allowed to tell you the contents of the quizzes or its answers, the contents of the self review activities or interactive plugins. i wont be sharing that stuff but if you learn whats in this book you can probs do the quizzes pretty easly. however if you suck at writing idk maybe not so easly.  Each course of this certificate program is broken into weeks. You can complete courses at your own pace, but the weekly breakdowns are designed to help you finish the entire Google Cybersecurity Certificate in about six months. What’s to come? Here’s a quick overview of the skills you’ll learn in each week of this course. Week 1: Introduction to operating systems You will learn about the relationship between operating systems, hardware, and software, and become familiar with the primary functions of an operating system. You'll recognize common operating systems in use today and understand how the graphical user interface (GUI) and command-line interface (CLI) both allow users to interact with the operating system. Week 2:  The Linux operating system You will be introduced to the Linux operating system and learn how it is commonly used in cybersecurity. You’ll also learn about Linux architecture and common Linux distributions. In addition, you'll be introduced to the Linux shell and learn how it allows you to communicate with the operating system. Week 3: Linux commands in the Bash shell You will be introduced to Linux commands as entered through the Bash shell. You'll use the Bash shell to navigate and manage the file system and to authorize and authenticate users. You'll also learn where to go for help when working with new Linux commands. Week 4: Databases and SQL   You will practice using SQL to communicate with databases. You'll learn how to query a database and filter the results. You’ll also learn how SQL can join multiple tables together in a query. What to expect Each course offers many types of learning opportunities: Videos led by Google instructors teach new concepts, introduce the use of relevant tools, offer career support, and provide inspirational personal stories.  Readings build on the topics discussed in the videos, introduce related concepts, share useful resources, and describe case studies. the following are available exclusively on Coursera Discussion prompts explore course topics for better understanding and allow you to chat and exchange ideas with other learners in the discussion forums Self-review activities and labs give you hands-on practice in applying the skills you are learning and allow you to assess your own work by comparing it to a completed example. Interactive plug-ins encourage you to practice specific tasks and help you integrate knowledge you have gained in the course. In-video quizzes help you check your comprehension as you progress through each video. Practice quizzes allow you to check your understanding of key concepts and provide valuable feedback. Graded quizzes demonstrate your understanding of the main concepts of a course. You must score 80% or higher on each graded quiz to obtain a certificate, and you can take a graded quiz multiple times to achieve a passing score. because im legally not allowed to tell you the contents of the quizzes or its answers, the contents of the self review activities or interactive plugins. i wont be sharing that stuff but if you learn whats in this book you can probs do the quizzes pretty easily. however if you suck at writing idk maybe not so easily.  Tips for success It is strongly recommended that you go through the items in each lesson in the order they appear because new information and concepts build on previous knowledge. Participate in all learning opportunities to gain as much knowledge and experience as possible. If something is confusing, don’t hesitate to replay a video, review a reading, or repeat a self-review activity. Use the additional resources that are referenced in this course. They are designed to support your learning. You can find all of these resources in the Resources tab. When you encounter useful links in this course, bookmark them so you can refer to the information later for study or review. Understand and follow the Coursera Code of Conduct to ensure that the learning community remains a welcoming, friendly, and supportive place for all members. Helpful resources and tips As a learner, you can choose to complete one or multiple courses in this program. However, to obtain the Google Cybersecurity Certificate, you must complete all the courses. This reading describes what is required to obtain a certificate and best practices for you to have a good learning experience on Coursera. Course completion to obtain a certificate To submit graded assignments and be eligible to receive a Google Cybersecurity Certificate, you must: Pay the course certificate fee or apply and be approved for a Coursera scholarship . Pass all graded quizzes in the eight courses with a score of at least 80%. Each graded quiz in a course is part of a cumulative grade for that course. Healthy habits for course completion Here is a list of best practices that will help you complete the courses in the program in a timely manner:  Plan your time: Setting regular study times and following them each week can help you make learning a part of your routine. Use a calendar or timetable to create a schedule, and list what you plan to do each day in order to set achievable goals. Find a space that allows you to focus when you watch the videos, review the readings, and complete the activities. Work at your own pace: Everyone learns differently, so this program has been designed to let you work at your own pace. Although your personalized deadlines start when you enroll, feel free to move through the program at the speed that works best for you. There is no penalty for late assignments; to earn your certificate, all you have to do is complete all of the work. You can extend your deadlines at any time by going to Overview in the navigation panel and selecting Switch Sessions . If you have already missed previous deadlines, select Reset my deadlines instead. Be curious: If you find an idea that gets you excited, act on it! Ask questions, search for more details online, explore the links that interest you, and take notes on your discoveries. The steps you take to support your learning along the way will advance your knowledge, create more opportunities in this high-growth field, and help you qualify for jobs.  Take notes: Notes will help you remember important information in the future, especially as you’re preparing to enter a new job field. In addition, taking notes is an effective way to make connections between topics and gain a better understanding of those topics. Review exemplars: Exemplars are completed assignments that fully meet an activity's criteria. Many activities in this program have exemplars for you to validate your work or check for errors. Although there are often many ways to complete an assignment, exemplars offer guidance and inspiration about how to complete the activity. Chat (responsibly) with other learners: If you have a question, chances are, you’re not alone. Use the discussion forums to ask for help from other learners taking this program. You can also visit Coursera’s Global Online Community . Other important things to know while learning with others can be found in the Coursera Honor Code and Code of Conduct .  Update your profile: Consider updating your profile on Coursera to include your photo, career goals, and more. When other learners find you in the discussion forums, they can click on your name to access your profile and get to know you better. Documents, spreadsheets, presentations, and labs for course activities To complete certain activities in the program, you will need to use digital documents, spreadsheets, presentations, and/or labs. Security professionals use these software tools to collaborate within their teams and organizations. If you need more information about using a particular tool, refer to these resources: Microsoft Word: Help and learning : Microsoft Support page for Word Google Docs : Help Center page for Google Docs Microsoft Excel: Help and learning : Microsoft Support page for Excel Google Sheets : Help Center page for Google Sheets Microsoft PowerPoint: Help and learning : Microsoft Support page for PowerPoint How to use Google Slides : Help Center page for Google Slides Common problems with labs : Troubleshooting help for Qwiklabs activities Weekly, course, and certificate glossaries This program covers a lot of terms and concepts, some of which you may already know and some of which may be unfamiliar to you. To review terms and help you prepare for graded quizzes, refer to the following glossaries: Weekly glossaries : At the end of each week’s content, you can review a glossary of terms from that week. Each week’s glossary builds upon the terms from the previous weeks in that course. The weekly glossaries are not downloadable; however, all of the terms and definitions are included in the course and certificate glossaries, which are downloadable. Course glossaries : At the end of each course, you can access and download a glossary that covers all of the terms in that course.  Certificate glossary : The certificate glossary includes all of the terms in the entire certificate program and is a helpful resource that you can reference throughout the program or at any time in the future.  You can access and download the certificate glossaries and save them on your computer. You can always find the course and certificate glossaries through the course’s Resources section. To access the Cybersecurity Certificate glossary , click the link below and select Use Template . Cybersecurity Certificate glossary OR If you don’t have a Google account, you can download the glossary directly from the attachment below. click to donwload the doc Course feedback Providing feedback on videos, readings, and other materials is easy. With the resource open in your browser, you can find the thumbs-up and thumbs-down symbols.  Click thumbs-up for materials that are helpful.  Click thumbs-down for materials that are not helpful. If you want to flag a specific issue with an item, click the flag icon, select a category, and enter an explanation in the text box. This feedback goes back to the course development team and isn’t visible to other learners. All feedback received helps to create even better certificate programs in the future.  For technical help, visit the Learner Help Center . Welcome to week 1; Introduction to operating systems How many times a week do you use a computer? For some of us, the answer might be "a lot"! They are incredible machines that  let us do everything from using  specialized applications when completing a task at work  to sending emails to loved ones in a distant place. Have you ever thought about how computers  can do all of this? Well, that's where opperating systems come in. In this section, we'll learn about  common operating systems, and we'll explore  the main functions of an operating system. Then, we'll learn the relationship between  operating systems, applications, and hardware. Finally, we'll compare  graphical user interfaces and command-line interfaces. The command-line interface will be  an essential part of your job as a security analyst. Understanding operating systems is  an important foundation for your career in security. There's so much to explore. Let's begin. Devices like computers, smartphones, and tablets all have operating systems.  If you've used a desktop or laptop computer,  you may have used the Windows or MacOs operating systems. Smartphones and  tablets run on mobile operating systems like Android and iOS. Another popular operating system is Linux. Linux is used in the security industry,  and as a security professional, it's likely that you'll interact with the Linux OS. So what exactly is an operating system? It's the interface between the computer hardware and the user. The operating system, or the OS as it's commonly called, is responsible for  making the computer run as efficiently as possible while also making it easy to use. Hardware may be another new term. Hardware refers to the physical components of a computer. The OS interface that we now rely on every day is something that early  computers didn't have. In the 1950s the biggest challenge with early computers was the amount of time  it took to run a computer program. At the time, computers could not run multiple  programs simultaneously. Instead, people had to wait for a program to finish running,  reset the computer, and load up the new program. Imagine having to turn your computer on and  off each time you had to open a new application! It would take a long time to complete a simple task like sending an email. Since then, operating systems have evolved, and  we no longer have to worry about wasting time in this way. Thanks to operating systems and their evolution,  today's computers run efficiently. They run multiple applications at once, and  they also access external devices like printers, keyboards, and mice. Another reason why operating systems are important is that they help humans and  computers communicate with each other. Computers communicate in a language called binary, which consists of 0s and 1s. The OS provides an interface to bridge this communication gap between the user  and the computer, allowing you to interact with the computer in complex ways. Operating systems are critical for the use of computers. Likewise,  OS security is also critical for the security of a computer. This involves securing files, data access, and user authentication to  help protect and prevent against threats such as viruses, worms, and malware.  Knowing how operating systems work is essential for  completing different security related tasks. For example, as a security analyst, you may be responsible for configuring and  maintaining the security of a system by managing access. You may also be responsible for managing and configuring firewalls,  setting security policies, enabling virus protection, and  performing auditing, accounting, and logging to detect unusual behavior. All these tasks require a deep understanding of operating systems, and  as we continue this course, we'll explore operating systems in greater detail. Kim: My journey into computing Hi, I'm Kim. I'm a technical program manager at Google.  I'm currently working in the security, mergers, and acquisitions team. Where I work with other companies that we purchase,  and I help them integrate into the Google environment. I've held multiple roles before getting into  cybersecurity and even technology. I first started working as a restaurant worker,  and then I became an English Tutor  for international students at my local college. After doing multiple internships,  and graduating from university,  I had my first opportunity to work in technology,  and that's where my interests in technology, and eventually cybersecurity began. I want to tell everyone with any type of  background that you can get into cybersecurity. If you're interested in protecting information,  if you're interested in protecting people in the future,  security is there for you. There are so many different roles you can do,  and all of the skills that you have now,  and that you've gathered previously,  can be applicable within security. The skill that I use the most is  connecting with people every day.  I can't get anything done unless I connect with them the right way. So that's actually the biggest skill I  lean on the most working in security. A piece of advice I would give  for someone new starting in  the cybersecurity field is to keep an open mind. I started out with a degree in business,  so I didn't even feel like I was  technical enough to be where I am today. And before that, all of my experiences  were either restaurant work,  or marketing work, or just something that felt like it was unrelated to technology.  But all of that helped me and motivated me to actually kind of get my feet more wet into technology,  and then eventually security. And before I knew it,  that self-doubt was really  replaced with more of a support  from my peers and  respect from other people that I've worked with. Compare operating systems You previously explored why operating systems are an important part of how a computer works.  In this reading, you’ll compare some popular operating systems used today. You’ll also focus on the risks of using legacy operating systems. Common operating systems The following operating systems are useful to know in the security industry: Windows, macOS®, Linux, ChromeOS, Android, and iOS. Windows and macOS Windows and macOS are both common operating systems. The Windows operating system was introduced in 1985, and macOS was introduced in 1984. Both operating systems are used in personal and enterprise computers.  Windows is a closed-source operating system, which means the source code is not shared freely with the public. macOS is partially open source. It has some open-source components, such as macOS’s kernel. macOS also has some closed-source components.  Linux The first version of Linux was released in 1991, and other major releases followed in the early 1990s. Linux is a completely open-source operating system, which means that anyone can access Linux and its source code. The open-source nature of Linux allows developers in the Linux community to collaborate. Linux is particularly important to the security industry. There are some distributions that are specifically designed for security. Later in this course, you’ll learn about Linux and its importance to the security industry. ChromeOS ChromeOS launched in 2011. It’s partially open source and is derived from Chromium OS, which is completely open source. ChromeOS is frequently used in the education field. Android and iOS Android and iOS are both mobile operating systems. Unlike the other operating systems mentioned, mobile operating systems are typically used in mobile devices, such as phones, tablets, and watches. Android was introduced for public use in 2008, and iOS was introduced in 2007. Android is open source, and iOS is partially open source. Operating systems and vulnerabilities Security issues are inevitable with all operating systems. An important part of protecting an operating system is keeping the system and all of its components up to date. Legacy operating systems A legacy operating system is an operating system that is outdated but still being used. Some organizations continue to use legacy operating systems because software they rely on is not compatible with newer operating systems. This can be more common in industries that use a lot of equipment that requires embedded software—software that’s placed inside components of the equipment. Legacy operating systems can be vulnerable to security issues because they’re no longer supported or updated. This means that legacy operating systems might be vulnerable to new threats.  Other vulnerabilities Even when operating systems are kept up to date, they can still become vulnerable to attack. Below are several resources that include information on operating systems and their vulnerabilities. Microsoft Security Response Center (MSRC) A list of known vulnerabilities affecting Microsoft products and services Apple Security Updates A list of security updates and information for Apple® operating systems, including macOS and iOS, and other products Common Vulnerabilities and Exposures (CVE) Report for Ubuntu  A list of known vulnerabilities affecting Ubuntu, which is a specific distribution of Linux Google Cloud Security Bulletin A list of known vulnerabilities affecting Google Cloud products and services Keeping an operating system up to date is one key way to help the system stay secure. Because it can be difficult to keep all systems updated at all times, it’s important for security analysts to be knowledgeable about legacy operating systems and the risks they can create. Key takeaways Windows, macOS, Linux, ChromeOS, Android, and iOS are all commonly used operating systems. Security analysts should be aware of vulnerabilities that affect operating systems. It’s especially important for security analysts to be familiar with legacy operating systems, which are systems that are outdated but still being used. Inside the operating system Previously, you learned about what operating systems are. Now, let's discuss how they work. In this video, you'll learn what happens with  an operating system, or OS,  when someone uses a computer for a task. Think about when someone drives a car. They push the gas pedal and the car moves forward. They don't need to pay attention to  all the mechanics that allow the car to move. Just like a car can't work without its engine,  a computer can't work without its operating system. The job of an OS is to help  other computer programs run efficiently. The OS does this by taking care of  all the messy details related to controlling,  the computer's hardware, so you don't have to. First, let's see what  happens when you turn on the computer. When you press the power button,  you're interacting with the hardware. This boosts the computer and  brings up the operating system. Booting the computer means that  a special microchip called a BIOS is activated. On many computers built after 2007,  the chip was replaced by the UEFI. Both BIOS and UEFI contain booting instructions that are  responsible for loading a special program  called the bootloader. Then, the bootloader is  responsible for starting the operating system. Just like that, your computer is on.  As a security analyst,  understanding these processes can be helpful for you. Vulnerabilities can occur in  something like a booting process. Often, the BIOS is not  scanned by the antivirus software,  so it can be vulnerable to malware infection. Now, that you learned how to boot the operating system,  let's look at how you and all users  communicate with the system to complete a task. The process starts with you, the user. And to complete tasks, you use applications on your computer. An application is a program  that performs a specific task. When you do this, the application  sends your request to the operating system. From there, the operating system interprets this request  and directs it to the appropriate component  of the computer's hardware. In the previous video,  we learned that the hardware consists of  all the physical components of the computer. The hardware will also send  information back to the operating system.  And this in turn is sent back to the application.  Let's give a simple overview of how this works  when you want to use the calculator on your computer. You use your mouse to click on  the calculator application on your computer. When you type in the number you want to calculate,  the application communicates with the operating system. Your operating system then sends  a calculation to a component of the hardware,  the central processing unit, or CPU. Once the hardware does the work  of determining the final number,  it sends the answer back to your operating system. Then, it can be displayed in your calculator application. Understanding this process is  helpful when investigating security events. Security analysts should be able to  trace back through this process flow  to analyze where a security event could have occurred. Just like a mechanic needs to  understand the inner workings of a car  more than an average driver,  recognizing how operating systems  work is important knowledge for a security analyst. Requests to the operating system Operating systems are a critical component of a computer. They make connections between applications and hardware to allow users to perform tasks. In this reading, you’ll explore this complex process further and consider it using a new analogy and a new example. Booting the computer When you boot, or turn on, your computer, either a BIOS or UEFI microchip is activated. The Basic Input/Output System (BIOS) is a microchip that contains loading instructions for the computer and is prevalent in older systems. The Unified Extensible Firmware Interface (UEFI) is a microchip that contains loading instructions for the computer and replaces BIOS on more modern systems. The BIOS and UEFI chips both perform the same function for booting the computer. BIOS was the standard chip until 2007, when UEFI chips increased in use. Now, most new computers include a UEFI chip. UEFI provides enhanced security features. The BIOS or UEFI microchips contain a variety of loading instructions for the computer to follow. For example, one of the loading instructions is to verify the health of the computer’s hardware. The last instruction from the BIOS or UEFI activates the bootloader. The bootloader is a software program that boots the operating system. Once the operating system has finished booting, your computer is ready for use. Completing a task As previously discussed, operating systems help us use computers more efficiently. Once a computer has gone through the booting process, completing a task on a computer is a four-part process. User The first part of the process is the user. The user initiates the process by having something they want to accomplish on the computer. Right now, you’re a user!  You’ve initiated the process of accessing this reading. Application The application is the software program that users interact with to complete a task. For example, if you want to calculate something, you would use the calculator application. If you want to write a report, you would use a word processing application. This is the second part of the process. Operating system The operating system receives the user’s request from the application. It’s the operating system’s job to interpret the request and direct its flow. In order to complete the task, the operating system sends it on to applicable components of the hardware.  Hardware The hardware is where all the processing is done to complete the tasks initiated by the user. For example, when a user wants to calculate a number, the CPU figures out the answer. As another example, when a user wants to save a file, another component of the hardware, the hard drive, handles this task.  After the work is done by the hardware, it sends the output back through the operating system to the application so that it can display the results to the user. The OS at work behind the scenes Consider once again how a computer is similar to a car. There are processes that someone won’t directly observe when operating a car, but they do feel it move forward when they press the gas pedal. It’s the same with a computer. Important work happens inside a computer that you don’t experience directly. This work involves the operating system. You can explore this through another analogy. The process of using an operating system is also similar to ordering at a restaurant. At a restaurant you place an order and get your food, but you don’t see what’s happening in the kitchen when the cooks prepare the food. Ordering food is similar to using an application on a computer. When you order your food, you make a specific request like “a small soup, very hot.” When you use an application, you also make specific requests like “print three double-sided copies of this document.”  You can compare the food you receive to what happens when the hardware sends output. You receive the food that you ordered. You receive the document that you wanted to print.  Finally, the kitchen is like the OS. You don’t know what happens in the kitchen, but it’s critical in interpreting the request and ensuring you receive what you ordered. Similarly, though the work of the OS is not directly transparent to you, it’s critical in completing your tasks. An example: Downloading a file from an internet browser Previously, you explored how operating systems, applications, and hardware work together by  examining a task involving a calculation. You can expand this understanding by exploring how the OS completes another task, downloading a file from an internet browser:  First, the user decides they want to download a file that they found online, so they click on a download button near the file in the internet browser application. Then, the internet browser communicates this action to the OS. The OS sends the request to download the file to the appropriate hardware for processing. The hardware begins downloading the file, and the OS sends this information to the internet browser application. The internet browser then informs the user when the file has been downloaded. Key takeaways Although it operates in the background, the operating system is an essential part of the process of using a computer. The operating system connects applications and hardware to allow users to complete a task. Resource allocation via the OS Now we're ready to discuss  a different aspect of your operating system. Not only does the OS  interact with other parts of your computer,  but it's also responsible for managing the resources of the system. This is a big task that requires a lot of balance to make  sure all the resources of the computer are used efficiently. Think of this like the concept of energy. A person needs energy to complete different tasks. Some tasks need more energy,  while others require less. For example, going for a run  requires more energy than watching TV. A computer's OS also needs to make sure that it  has enough energy to  function correctly for certain tasks. Running an antivirus scan on your computer will use  more energy than using the calculator application. Imagine your computer is an orchestra. Many different instruments like violins,  drums, and trumpets are all part of the orchestra. An orchestra also has  a conductor to direct the flow of the music. In a computer, the OS is the conductor. T he OS handles resource and memory management to ensure  the limited capacity of  the computer system is used where it's needed most. A variety of programs, tasks,  and processes are constantly competing for  the resources of the central processing unit, or CPU. They all have their own reasons why they need memory,  storage, and input/output bandwidth. The OS is responsible for ensuring that  each program is allocating and de-allocating resources. All this occurs in your computer at  the same time so that your system functions efficiently. Much of this is hidden from you as a user. For example, your  browser's task manager will list all of  the tasks that are being processed,  along with their memory and CPU usage.  As an analyst, it's helpful to know where a system's resources are used. Understanding usage of resources can help you respond  to an incident and troubleshoot  applications in the system. For example, if a computer is running slowly,  an analyst might discover  it's allocating resources to malware. A basic understanding of how  operating systems work will help you  better understand the security skills  you will learn later in this program. Virtualization technology You've explored a lot about operating systems. One more aspect to consider is that operating systems can run on virtual machines. In this reading, you’ll learn about virtual machines and the general concept of virtualization. You’ll explore how virtual machines work and the benefits of using them. What is a virtual machine? A virtual machine (VM) is a virtual version of a physical computer. Virtual machines are one example of virtualization. Virtualization is the process of using software to create virtual representations of various physical machines. The term “virtual” refers to machines that don’t exist physically, but operate like they do because their software simulates physical hardware. Virtual systems don’t use dedicated physical hardware. Instead, they use software-defined versions of the physical hardware. This means that a single virtual machine has a virtual CPU, virtual storage, and other virtual hardware. Virtual systems are just code. You can run multiple virtual machines using the physical hardware of a single computer. This involves dividing the resources of the host computer to be shared across all physical and virtual components. For example, Random Access Memory (RAM) is a hardware component used for short-term memory. If a computer has 16GB of RAM, it can host three virtual machines so that the physical computer and virtual machines each have 4GB of RAM. Also, each of these virtual machines would have their own operating system and function similarly to a typical computer. Benefits of virtual machines Security professionals commonly use virtualization and virtual machines. Virtualization can increase security for many tasks and can also increase efficiency. Security One benefit is that virtualization can provide an isolated environment, or a sandbox, on the physical host machine. When a computer has multiple virtual machines, these virtual machines are “guests” of the computer. Specifically, they are isolated from the host computer and other guest virtual machines. This provides a layer of security, because virtual machines can be kept separate from the other systems. For example, if an individual virtual machine becomes infected with malware, it can be dealt with more securely because it’s isolated from the other machines. A security professional could also intentionally place malware on a virtual machine to examine it in a more secure environment. Note: Although using virtual machines is useful when investigating potentially infected machines or running malware in a constrained environment, there are still some risks. For example, a malicious program can escape virtualization and access the host machine. This is why you should never completely trust virtualized systems. Efficiency Using virtual machines can also be an efficient and convenient way to perform security tasks. You can open multiple virtual machines at once and switch easily between them. This allows you to streamline security tasks, such as testing and exploring various applications. You can compare the efficiency of a virtual machine to a city bus. A single city bus has a lot of room and is an efficient way to transport many people simultaneously. If city buses didn’t exist, then everyone on the bus would have to drive their own cars. This uses more gas, cars, and other resources than riding the city bus.  Similar to how many people can ride one bus, many virtual machines can be hosted on the same physical machine. That way, separate physical machines aren't needed to perform certain tasks. Managing virtual machines Virtual machines can be managed with a software called a hypervisor. Hypervisors help users manage multiple virtual machines and connect the virtual and physical hardware. Hypervisors also help with allocating the shared resources of the physical host machine to one or more virtual machines. One hypervisor that is useful for you to be familiar with is the Kernel-based Virtual Machine (KVM). KVM is an open-source hypervisor that is supported by most major Linux distributions. It is built into the Linux kernel, which means it can be used to create virtual machines on any machine running a Linux operating system without the need for additional software. Other forms of virtualization In addition to virtual machines, there are other forms of virtualization. Some of these virtualization technologies do not use operating systems. For example, multiple virtual servers can be created from a single physical server. Virtual networks can also be created to more efficiently use the hardware of a physical network.  Key takeaways Virtual machines are virtual versions of physical computers and are one example of virtualization. Virtualization is a key technology in the security industry, and it’s important for security analysts to understand the basics. There are many benefits to using virtual machines, such as isolation of malware and other security risks. However, it’s important to remember there’s still a risk of malicious software escaping their virtualized environments.   GUI versus CLI Now that you've learned the inner workings of computers,  let's discuss how users and  operating systems communicate with each other.  So far, you've learned that a computer has an operating system, hardware, and applications. Remember, the operating system  communicates with the hardware to execute tasks. In this video, you'll learn how the  user—that's you—interacts with  the operating system in order to  send tasks to the hardware. The user communicates with  the operating system via an interface. A user interface is a program that allows  a user to control the functions of the operating system. Two user interfaces that we'll discuss are  the graphical user interface, or  GUI, and the command-line interface, or CLI. Let's cover these interfaces in more detail. A GUI is a user interface that uses icons on  the screen to manage different tasks on the computer. Most operating systems can be  used with a graphical user interface. If you've used a personal computer or a cell phone,  you have experienced operating a GUI. Most GUIs include these components:   a start menu with program groups,  a task bar for launching programs,  and a desktop with icons and shortcuts. All these components help you  communicate with the OS to execute tasks. In addition to clicking on icons,  when you use a GUI,  you can also search for files or  applications from the start menu. You just have to remember the icon or name  of the program to activate an application. Now let's discuss the command-line interface. In comparison, the command-line interface, or CLI,  is a text-based user interface  that uses commands to interact with the computer. These commands communicate with  the operating system and execute  tasks like opening programs. The command-line interface is  a much different structure  than the graphical user interface. When you use the CLI,  you'll immediately notice a difference. There are no icons or graphics on the screen. The command-line interface looks similar to  lines of code using certain text languages. A CLI is more flexible and more powerful than a GUI. Think about using a CLI  like creating whatever meal you'd like  from ingredients bought at a grocery store. This gives you a lot of control and  customization about what you're going to eat. In comparison,  using a GUI is more like ordering food from a restaurant. You can only order what's on the menu. If you want both a noodle dish and pizza,  but the first restaurant you go to only has pizza,  you'll have to go to another restaurant to order the noodles. With a graphical user interface,  you must do one task at a time. But the command-line interface allows for customization,  which lets you complete multiple tasks simultaneously. For example, imagine you  have a folder with hundreds of files of  different file types, and you need to  move only the JPEG files to a new folder. Think about how slow and  tedious this would be as you use a GUI to  find each JPEG file in  this folder and move it into the new one. On the other hand, the CLI would allow you to  streamline this process and move them all at once. As you can see, there are  very big differences in  these two types of user interfaces. As a security analyst,  some of your work may involve the command-line interface. When analyzing logs or  authenticating and authorizing users,  security analysts commonly use  a CLI in their everyday work. In this video, we discussed two types of user interfaces.  You learned that you already have experience using a graphical user interface,  as most personal computers and cell phones use a GUI. You were introduced to the command-line interface. Later in the program,  you'll learn how to use a CLI in Linux and how  relevant it is to your daily work as a security analyst. You'll get practical experience  communicating through the command line. Pretty exciting, right? The command line in use Previously, you explored graphical user interfaces (GUI) and command-line user interfaces (CLI). In this reading, you’ll compare these two interfaces and learn more about how they’re used in cybersecurity.   CLI vs. GUI A graphical user interface (GUI) is a user interface that uses icons on the screen to manage different tasks on the computer. A command-line interface (CLI) is a text-based user interface that uses commands to interact with the computer. Display One notable difference between these two interfaces is how they appear on the screen. A GUI has graphics and icons, such as the icons on your desktop or taskbar for launching programs. In contrast, a CLI only has text. It looks similar to lines of code. Function These two interfaces also differ in how they function. A GUI is an interface that only allows you to make one request at a time. However, a CLI allows you to make multiple requests at a time.  Advantages of a CLI in cybersecurity The choice between using a GUI or CLI is partly based on personal preference, but security analysts should be able to use both interfaces. Using a CLI can provide certain advantages. Efficiency Some prefer the CLI because it can be used more quickly when you know how to manage this interface. For a new user, a GUI might be more efficient because they’re easier for beginners to navigate. Because a CLI can accept multiple requests at one time, it’s more powerful when you need to perform multiple tasks efficiently. For example, if you had to create multiple new files in your system, you could quickly perform this task in a CLI. If you were using a GUI, this could take much longer, because you have to repeat the same steps for each new file. History file For security analysts, using the Linux CLI is helpful because it records a history file of all the commands and actions in the CLI. If you were using a GUI, your actions are not necessarily saved in a history file. For example, you might be in a situation where you’re responding to an incident using a playbook. The playbook’s instructions require you to run a series of different commands. If you used a CLI, you’d be able to go back to the history and ensure all of the commands were correctly used. This could be helpful if there were issues using the playbook and you had to review the steps you performed in the command line. Additionally, if you suspect an attacker has compromised your system, you might be able to trace their actions using the history file. Key takeaways GUIs and CLIs are two types of user interfaces that security analysts should be familiar with. There are multiple differences between a GUI and a CLI, including their displays and how they function. When working in cybersecurity, a CLI is often preferred over a GUI because it can handle multiple tasks simultaneously and it includes a history file. Ellen: My path into cybersecurity My name is Ellen and I am a security engineering manager at Google focused  in on how Google uses the cloud. Cybersecurity wasn't a field when I got started in technology,  something I came to later. I got started in technology when I was working retail at a poster store. And we needed to build a website and my feet hurt and I really needed to sit down. And so I asked friends to teach me how to do HTML so  I could sit down while working and I could let my blisters have a rest. While I was at the poster store, one of our customers worked at a start up and  used to get employee photos framed and they asked them for  feedback on my website, and they ended up giving me an internship. One of the specialties that I ended up having was API design or  designing the interface by which a developer communicates with the machine. As part of that, I got into a job where I was designing a miniature version of  an operating system for security technology and  started learning security from there. Most of the people I know from cyber security, especially in the early days,  do not have a degree at all. Or if they do, they have a degree like I do in something like philosophy or poetry. Almost everyone learned on their own by experimenting,  by talking to people, by reading. And so I would say no technical background is required.  And in fact, having a background where you're used to being out in the real world can sometimes make cybersecurity make more sense and  help you make more balanced choices. In almost all areas, there is a security community that you can find. Figure out where they are, look for local conferences, start talking to people. It's a lot more fun to learn that way than it is in a vacuum. I've found that most people if you come to them and say, hey, you're really good at  this thing, would you mind if I bought you a coffee and you showed me how to do it? That they'll always pretty much say yes. The advice I give to people who don't have technical backgrounds, the first one is,  I wouldn't be afraid of the technology. It can seem like only somebody with a computer science degree could ever  understand things, but these concepts,  these technologies are understandable by anyone. And so never let the fact that you might not have a technical background get  in the way, just pick an area that interests you and start diving in. And as long as you're curious, and as long as you find it interesting, you'll,  you'll learn the technology. Wrap-up; Glossary terms from week 1 We did it! What a great section of learning! The best thing is that we did this together and  covered some very useful topics. Let's recap this section's lessons. As a security analyst,  it's important that you understand the systems that you're working with. Understanding computer basics will help you do your job more effectively and  efficiently. In this section, we covered common operating systems.  We also discussed the main functions of an operating system.  Importantly, you learned about the relationship between operating systems,  applications, and hardware. It was nice to learn how they flow together like an orchestra. In addition, you learned about the differences between the graphical user  interface and the command-line interface. Understanding the command-line interface will be very important for your work. I enjoyed exploring the world of operating systems with you. Knowing how operating systems work is an important step in preparing for  a position as a security analyst. You're doing great! Let's keep moving forward with this program. In the next section,  we'll focus specifically on the Linux operating system. Terms and definitions from Course 4, Week 1 Application: A program that performs a specific task Basic Input/Output System (BIOS): A microchip that contains loading instructions for the computer and is prevalent in older systems  Bootloader: A software program that boots the operating system Command-line interface (CLI): A text-based user interface that uses commands to interact with the computer Graphical user interface (GUI): A user interface that uses icons on the screen to manage different tasks on the computer Hardware: The physical components of a computer Legacy operating system: An operating system that is outdated but still being used Operating system (OS) : The interface between computer hardware and the user Random Access Memory (RAM): A hardware component used for short-term memory Unified Extensible Firmware Interface (UEFI): A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems User interface: A program that allows the user to control the functions of the operating system Virtual machine (VM) : A virtual version of a physical computer Linux Basics Welcome to week 2; introduction to linux Welcome back! We have another important topic to explore. Previously, you learned aboutoperating systems and user interfaces. You learned how operating systems work and how resources are allocated in computers. We also reviewed several common operating systems. You may already have a favorite operating system. It's common to hear that people are fans of one over another, but in the security world, Linux is commonly used. In this section, you'll be learning more about the Linux operating system and how it's used in everyday tasks in security. First, you'll learn about the architecture of Linux. After this, we'll compare the different distributions of Linux that are available. Lastly, you'll explore the shell, a key Linux component that allows you to communicate with the system. I remember when I first learned about the Linux OS, and I'm really happy to explore it with you now.  Introduction to Linux You might have seen or heard the name Linux in the past. But did you know Linux is the most-used operating system in security today? Let's start by taking a look at Linux and how it's used in security. Linux is an open-source operating system. It was created in two parts. In the early 1990s, two different people were working separately on projects to  improve computer engineering. The first person was Linus Torvalds. At the time, the UNIX operating system was already in use. He wanted to improve it and make it open source and accessible to anyone. What was revolutionary was his introduction of the Linux kernel. We're going to learn what the kernel does later. Around the same time, Richard Stallman started working on GNU. GNU was also an operating system based on UNIX. Stallman shared Torvalds' goal of creating software that was free and  open to anyone. After working on GNU for a few years, the missing element for  the software was a kernel. Together, Torvalds' and Stallman’s innovations made what is commonly referred  to as Linux. Now that you've learned the history behind Linux,  let's take a look at what makes Linux unique. As mentioned before, Linux is open source,  meaning anyone can have access to the operating system and the source code. Linux and many of the programs that come with Linux are licensed under the terms  of the GNU Public License, which allow you to use, share, and modify them freely. Thanks to Linux's open-source philosophy as well as a strong feature set,  an entire community of developers has adopted this operating system. These developers are able to collaborate on projects and  advance computing together. As a security analyst,  you'll discover that Linux is used at different organizations. More specifically, Linux is used in many security programs. Another unique feature about Linux is the different distributions, or  varieties, that have been developed. Because of the large community contribution,  there are over 600 distributions of Linux. Later you'll learn more about distributions. Finally, let's take a look at how you would use Linux in an entry-level  security position. As a security analyst, you'll use many tools and programs in everyday work.  You might examine different types of logs to identify what's going on in the system.  For example, you might find yourself looking at an error log when investigating an issue. Another place where you will use Linux is to verify access and  authorization in an identity and access management system. In security, managing access is key in order to ensure a secure system. We'll take a closer look into access and authorization later. Finally, as an analyst, you might find yourself working  with specific distributions designed for a particular task. For example, you might use a distribution that has a digital forensic tool  to investigate what happened in an event alert. You might also use a distribution that's for  pen testing in offensive security to look for vulnerabilities in the system. Distributions are created to fit the needs of their users. I hope you're excited to learn more about Linux. This will be a very useful skill in the security field. Linux architecture Let me start with a quick question that may  seem unrelated to security. Do you have a favorite building? And what is it about  its architecture that impresses you the most? The windows? The structure of the walls?  Just like buildings, operating systems also have an architecture and are made up of  discrete components that work together to form the whole. In this video, we're going to look at  all the components that together make up Linux. The components of Linux include the user, applications,  the shell, the Filesystem Hierarchy Standard,  the kernel, and the hardware. Don't worry—we'll go into  these components one by one together. First, you are the user. The user is the person interacting with the computer.  In Linux, you're the first element to the architecture of the operating system. You're initiating the tasks or  commands that the OS is going to execute. Linux is a multi-user system. This means that more than one user can  use the system's resources at the same time. The second element of the architecture  is the applications within a system. An application is a program  that performs a specific task,  such as a word processor or a calculator. You might hear the word "applications"  and "programs" used interchangeably. As an example,  one popular Linux application that  we'll learn more about later is Nano. Nano is a text editor. This simple application helps  you keep notes on the screen. Linux applications are commonly  distributed through package managers. We'll learn more about this process later. The next component in the architecture  of Linux is the shell. This is an important element because  it is how you will communicate with the system. The shell is a command line interpreter. It processes commands and outputs the results. This might sound familiar. Previously, we learned  about the two types of user interfaces:  the GUI and the CLI.  You can think of the shell as a CLI. Another element of the architecture of  Linux is the Filesystem Hierarchy Standard,  or FHS. It's  the component of the Linux OS that organizes data. An easy way for you to think about  the FHS is to think about it as a filing cabinet of data. The FHS is how data is stored in a system.  It's a way to organize data so that it can be found when the data is accessed by the system. That brings us to the kernel. The kernel is a component of  the Linux OS that manages processes and memory. The kernel communicates with the hardware  to execute the commands sent by the shell. The kernel uses drivers to enable  applications to execute tasks. The Linux kernel helps ensure that the system  allocates resources more efficiently  and makes the system work faster. Finally, the last component of  the architecture is the hardware. Hardware refers to the physical components of a computer. You can compare this to software applications  which can be downloaded into a system. The hardware in your computer are things  like the CPU, mouse, and keyboard. Congratulations! We've now covered the architecture  of Linux. An understanding of these components will help you  become increasingly familiar with Linux. Linux architecture explained Understanding the Linux architecture is important for a security analyst. When you understand how a system is organized, it makes it easier to understand how it functions. In this reading, you’ll learn more about the individual components in the Linux architecture. A request to complete a task starts with the user and then flows through applications, the shell, the Filesystem Hierarchy Standard, the kernel, and the hardware. User The user is the person interacting with a computer. They initiate and manage computer tasks. Linux is a multi-user system, which means that multiple users can use the same resources at the same time. Applications An application is a program that performs a specific task. There are many different applications on your computer. Some applications typically come pre-installed on your computer, such as calculators or calendars. Other applications might have to be installed, such as some web browsers or email clients. In Linux, you'll often use a package manager to install applications. A package manager is a tool that helps users install, manage, and remove packages or applications. A package is a piece of software that can be combined with other packages to form an application. Shell The shell is the command-line interpreter. Everything entered into the shell is text based. The shell allows users to give commands to the kernel and receive responses from it. You can think of the shell as a translator between you and your computer. The shell translates the commands you enter so that the computer can perform the tasks you want. Filesystem Hierarchy Standard (FHS) The Filesystem Hierarchy Standard (FHS) is the component of the Linux OS that organizes data. It specifies the location where data is stored in the operating system.  A directory is a file that organizes where other files are stored. Directories are sometimes called “folders,” and they can contain files or other directories. The FHS defines how directories, directory contents, and other storage is organized so the operating system knows where to find specific data.  Kernel The kernel is the component of the Linux OS that manages processes and memory. It communicates with the applications to route commands. The Linux kernel is unique to the Linux OS and is critical for allocating resources in the system. The kernel controls all major functions of the hardware, which can help get tasks expedited more efficiently. Hardware The hardware is the physical components of a computer. You might be familiar with some hardware components, such as hard drives or CPUs. Hardware is categorized as either peripheral or internal. Peripheral devices Peripheral devices are hardware components that are attached and controlled by the computer system. They are not core components needed to run the computer system. Peripheral devices can be added or removed freely. Examples of peripheral devices include monitors, printers, the keyboard, and the mouse. Internal hardware Internal hardware are the components required to run the computer. Internal hardware includes a main circuit board and all components attached to it. This main circuit board is also called the motherboard. Internal hardware includes the following:  The Central Processing Unit (CPU) is a computer’s main processor, which is used to perform general computing tasks on a computer. The CPU executes the instructions provided by programs, which enables these programs to run.  Random Access Memory (RAM) is a hardware component used for short-term memory. It’s where data is stored temporarily as you perform tasks on your computer. For example, if you’re writing a report on your computer, the data needed for this is stored in RAM. After you’ve finished writing the report and closed down that program, this data is deleted from RAM. Information in RAM cannot be accessed once the computer has been turned off. The CPU takes the data from RAM to run programs.  The hard drive is a hardware component used for long-term memory. It’s where programs and files are stored for the computer to access later. Information on the hard drive can be accessed even after a computer has been turned off and on again. A computer can have multiple hard drives. Key takeaways It’s important for security analysts to understand the Linux architecture and how these components are organized. The components of the Linux architecture are the user, applications, shell, Filesystem Hierarchy Standard, kernel, and hardware. Each of these components is important in how Linux functions.    Linux distributions Let's learn a little bit more about Linux and  what you need to know about this operating system when working as a security analyst. Linux is a very customizable operating system. Unlike other operating systems, there are different versions available for  you to use. These different versions of Linux are called distributions. You might also hear them called distros or flavors of Linux. It's essential for you to understand the distribution that you're using  so you know what tools and apps are available to you. For example,  Debian is a distro that has different tools than the Ubuntu distribution. Let's use an analogy to describe Linux distributions. Think of the OS as a vehicle. First, we'll start with its engine—that would be the kernel. Just as the engine  makes a vehicle run, the kernel is the most important component of the Linux OS.  Because the Linux kernel is open source, anyone can take the kernel and  modify it to build a new distribution. This is comparable to a vehicle manufacturer taking an engine and  creating different types of vehicles: trucks,  cars, vans, convertibles, busses, airplanes, and so on.  These different types of vehicles can be compared to different Linux distributions. A bus is used to transport lots of people. A truck is used to transport a large number of goods across vast distances. An aircraft transports passengers or goods by air. Just as each vehicle serves its own purpose,  different distributions are used for different reasons. Additionally, vehicles all have different components which distinguish them from  each other. Aircrafts have control panels with buttons and knobs. Regular cars have four tires, but trucks can have more. Similarly, different Linux distributions contain different preinstalled programs,  user interfaces, and much more. A lot of this is based on what the Linux user needs, but  some distros are also chosen based on preference—the  same way a sports car might be chosen as a vehicle.  The advantage of using Linux as an OS is that you can customize it. Distributions include the Linux kernel, utilities,  a package management system, and an installer. We learned earlier that Linux is open source, and  anyone can contribute to adding to the source code. That is how new distributions are created.  All distros are derived from another distro, but  there are a few that are considered parent distributions. Red Hat® is the parent of CentOS, and Slackware® is the parent of SUSE®. Both Ubuntu and KALI LINUX™ are derived from Debian. As we continue, we're going to take a look at some of the distributions most commonly  used by security analysts. The more you understand these distributions,  the easier your work will be. KALI LINUX ™ In this section, we're going to cover a Linux distribution that's widely used in  security and discuss KALI LINUX™. KALI LINUX™ is a trademark of Offensive Security and is Debian derived. This open-source distro was made specifically with penetration testing and  digital forensics in mind. There are many tools pre-installed into KALI LINUX™. It's important to note that KALI LINUX™ should be used on a virtual machine. This prevents damage to your system in the event its tools are used improperly. An additional benefit is that using a virtual machine gives you the ability to  revert to a previous state. As security professionals advance in their careers, some specialize in penetration testing. A penetration test is a simulated attack that helps identify vulnerabilities in  systems, networks, websites, applications, and processes. KALI LINUX™ has numerous tools that are useful during penetration testing. Let's look at a few examples. To begin, Metasploit can be used to look for and exploit vulnerabilities on machines. Burp Suite is another tool that helps to test for weaknesses in web applications. And finally, John the Ripper is a tool used to guess passwords. As a security analyst, your work might involve digital forensics. Digital forensics is the process of collecting and  analyzing data to determine what has happened after an attack. For example,  you might take an investigative look at data related to network activity. KALI LINUX™ is also a useful distribution for  security professionals who are involved in digital forensic work. It has a large number of tools that can be used for this. As one example,  tcpdump is a command-line packet analyzer. It's used to capture network traffic. Another tool commonly used in the security profession is Wireshark. It has a graphical user interface that can be used to analyze live and  captured network traffic. And as a final example,  Autopsy is a forensic tool used to analyze hard drives and smartphones. These are just a few tools included with KALI LINUX™. This distribution has many tools used to conduct pen testing and digital forensics. We've explored how KALI LINUX™ is an important distribution that's widely  used in security,  but there are other distributions that security professionals use as well. Next we'll explore a few more distributions. quick note from the student.. the course says to use it on a VM, however you can use it as your own flavor of Linux for your desktop. its not recommended unless you know what you are doing or willing to wipe the machine :p More Linux distributions Previously, you were introduced to the different distributions of Linux. This included KALI LINUX ™. (KALI LINUX ™ is a trademark of OffSec.) In addition to KALI LINUX ™, there are multiple other Linux distributions that security analysts should be familiar with. In this reading, you’ll learn about additional Linux distributions. KALI LINUX ™ KALI LINUX ™ is an open-source distribution of Linux that is widely used in the security industry. This is because KALI LINUX ™, which is Debian-based, is pre-installed with many useful tools for penetration testing and digital forensics. A penetration test is a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. Digital forensics is the practice of collecting and analyzing data to determine what has happened after an attack. These are key activities in the security industry.  However, KALI LINUX ™ is not the only Linux distribution that is used in cybersecurity.  Ubuntu Ubuntu is an open-source, user-friendly distribution that is widely used in security and other industries. It has both a command-line interface (CLI) and a graphical user interface (GUI). Ubuntu is also Debian-derived and includes common applications by default. Users can also download many more applications from a package manager, including security-focused tools. Because of its wide use, Ubuntu has an especially large number of community resources to support users. Ubuntu is also widely used for cloud computing. As organizations migrate to cloud servers, cybersecurity work may more regularly involve Ubuntu derivatives. Parrot Parrot is an open-source distribution that is commonly used for security. Similar to KALI LINUX ™, Parrot comes with pre-installed tools related to penetration testing and digital forensics. Like both KALI LINUX ™ and Ubuntu, it is based on Debian. Parrot is also considered to be a user-friendly Linux distribution. This is because it has a GUI that many find easy to navigate. This is in addition to Parrot’s CLI. Red Hat® Enterprise Linux® Red Hat Enterprise Linux is a subscription-based distribution of Linux built for enterprise use. Red Hat is not free*, which is a major difference from the previously mentioned distributions. Because it’s built and supported for enterprise use, Red Hat also offers a dedicated support team for customers to call about issues. with my personal experience, you can use RHEL9 for personal use. also as of July of 2023, its parent company may be trying to break copyright law by limiting access to source code, and close sourcing the project. if they succeed many other distros might die or become less secure or die, like centOS. I likely wont update this but you can google it yourself to see how that went. CentOS CentOS is an open-source distribution that is closely related to Red Hat. It uses source code published by Red Hat to provide a similar platform. However, CentOS does not offer the same enterprise support that Red Hat provides and is supported through the community.  p.s. CentOS may be dead because its parent company is trying to kill it at the time of posting this page, google it to see if it has died LOL Arch Linux Arch Linux is an open-source distribution known for its simplicity and user-focused design. It adheres to the "Keep It Simple, Stupid" (KISS) principle, offering a minimal base system that users can customize to their needs, reducing potential security risks, provides more control over the system, rolling-release model ensures up-to-date security updates.  A key feature is the Arch User Repository (AUR), a community-driven repository that lets users compile and install packages from source using the Arch package manager, pacman.  Key takeaways KALI LINUX ™, Ubuntu, Parrot, Red Hat, and CentOS are all widely used Linux distributions. It’s important for security analysts to be aware of these distributions that they might encounter in their career. Package managers for installing applications Previously, you learned about Linux distributions and that different distributions derive from different sources, such as Debian or Red Hat Enterprise Linux distribution. You were also introduced to package managers, and learned that Linux applications are commonly distributed through package managers. In this reading, you’ll apply this knowledge to learn more about package managers.  Introduction to package managers A package is a piece of software that can be combined with other packages to form an application. Some packages may be large enough to form applications on their own.  Packages contain the files necessary for an application to be installed. These files include dependencies, which are supplemental files used to run an application.  Package managers can help resolve any issues with dependencies and perform other management tasks. A package manager is a tool that helps users install, manage, and remove packages or applications. Linux uses multiple package managers.  Note: It’s important to use the most recent version of a package when possible. The most recent version has the most up-to-date bug fixes and security patches. These help keep your system more secure. Types of package managers Many commonly used Linux distributions are derived from the same parent distribution. For example, KALI LINUX ™, Ubuntu, and Parrot all come from Debian. CentOS comes from Red Hat. This knowledge is useful when installing applications because certain package managers work with certain distributions. For example, the Red Hat Package Manager (RPM) can be used for Linux distributions derived from Red Hat, and package managers such as dpkg can be used for Linux distributions derived from Debian. Different package managers typically use different file extensions. For example, Red Hat Package Manager (RPM) has files which use the .rpm file extension, such as Package-Version-Release_Architecture.rpm . Package managers for Debian-derived Linux distributions, such as dpkg, have files which use the .deb file extension, such as Package_Version-Release_Architecture.deb . Package management tools In addition to package managers like RPM and dpkg, there are also package management tools that allow you to easily work with packages through the shell. Package management tools are sometimes utilized instead of package managers because they allow users to more easily perform basic tasks, such as installing a new package. Two notable tools are the Advanced Package Tool (APT) and Yellowdog Updater Modified (YUM). Advanced Package Tool (APT)  APT is a tool used with Debian-derived distributions. It is run from the command-line interface to manage, search, and install packages. Yellowdog Updater Modified (YUM) YUM is a tool used with Red Hat-derived distributions. It is run from the command-line interface to manage, search, and install packages. YUM works with .rpm files. Key takeaways A package is a piece of software that can be combined with other packages to form an application. Packages can be managed using a package manager. There are multiple package managers and package management tools for different Linux distributions. Package management tools allow users to easily work with packages through the shell. Debian-derived Linux distributions use package managers like dpkg as well as package management tools like Advanced Package Tool (APT). Red Hat-derived distributions use the Red Hat Package Manager (RPM) or tools like Yellowdog Updater Modified (YUM). Vanilla os i came accross vanilla os in a yt video and it appears to be realy interesting. i quite like gnome as a base and im thinking this is potentially one of the best options in the future if they stick with it. also theres only two updates per year and a roling release but you have to manually enable rolling releases tl;dr its stable asf, and you can run any app on it! Vanilla OS: A Unique Solution to Distro Hopping and the Future of Software Installation Vanilla OS is a Linux distribution that aims to resolve the common practice of distro hopping. This term refers to the habit among Linux users of switching between different Linux distributions to find the perfect balance of stability, hardware support, and application access. Vanilla OS offers all these features within a single, highly stable base. What sets Vanilla OS apart is its  approach to software installation. It introduces 'apx', a package manager that allows software installation from any source by installing them onto distro containers. This means that Vanilla OS can run virtually any software developed for Linux, effectively addressing the issue of distro packaging fragmentation. This unique combination of features positions Vanilla OS as a potential game-changer in the Linux ecosystem. Intuitive User Experience Vanilla OS prioritizes user-friendliness in its design. The intuitive installer guides users through the necessary steps, and post-installation, users can customize their experience, choosing between dark and light mode, enabling support for Flatpak and AppImage, and selecting their preferred apps. This user-centric approach makes Vanilla OS accessible to both beginners and technically inclined users. Immutability and Atomicity: Enhancing Security and Stability One of the distinguishing features of Vanilla OS is its immutable and atomic nature. The base system is locked down, preventing both applications and users from writing to it, except for certain directories like the home folder or partition and the /etc and /var directories. This design principle significantly bolsters the system's security. Updates in Vanilla OS are applied atomically, meaning each update either completes successfully or, if any issue arises, the entire operation is reverted, leaving the system unaltered. This ensures that any reboot will either return the system to its previous state or update it successfully. Is Vanilla OS the Future of Linux Distributions? Vanilla OS represents a promising concept that could potentially shape the future of Linux distributions. It provides access to virtually all Linux-developed software at native speeds within a highly stable base. However, it's not a one-size-fits-all solution. Users who only need software from FlatHub may not require Vanilla OS, and those unfamiliar with the command line or the concept of containers might find it challenging to use. However, with further development, such as a graphical layer on 'apx' for intuitive software installation from containers, Vanilla OS could become an optimal solution for users seeking extensive software access without compromising system stability for anyone who cares this one was written with ai, modified by me... Nix OS make page on nix os, alternative to vanilla os? Resources for completing Linux labs This course features hands-on lab activities where you’ll have the opportunity to practice Linux commands in the terminal. You’ll use a platform called Qwiklabs to complete these labs. In this reading, you’ll learn how to use Qwiklabs. This reading first provides a section on how to use Qwiklabs, which includes details on how to launch a lab, how to interact within the Qwiklabs environment, and how to end a lab. This is followed by another section on helpful navigation tips and keyboard shortcuts; these may be useful when working in the terminal. Note : You will not launch Qwiklabs directly from this reading and instead will do this through lab activities and exemplars that you encounter throughout the course. Im not posting the Qwiklabs, this is just how to use Qwiklabs, and if you use Qwiklabs thats on you. How to use Qwiklabs Launching Qwiklabs When you select a lab, you start from a Coursera page. You will need to click Launch App on that page. After you click Launch App , a new tab will open with a Qwiklabs page that contains instructions for that particular lab. Start Lab button On the Qwiklabs page, you must click Start Lab to open a temporary terminal. The instructions for the lab will move to the right side of the screen. Read the instructions and complete all the tasks in the lab by entering commands in the terminal. Note : It may take a moment for the terminal to start. Lab control dialog box After you click Start Lab , the lab control dialog box opens. It contains the End Lab  button, the timer , and the Open Linux Console button. You can hide or unhide the dialog box by clicking the following icon in the red box: The timer The timer starts when the terminal has loaded. The timer keeps track of the amount of time you have left to complete a lab. The timer counts down until it reaches 00:00:00. When it does, your temporary terminal and resources are deleted. You will have ample time to complete the labs. But, stay focused on completing the tasks to ensure you use your time well. Open Linux Console button When you click the button to Open Linux Console , the terminal opens in a new browser window: Use this feature if you want a full-screen view of the terminal. You can close this window at any time. Closing the window does not end your lab, and you can continue working in the terminal in the original tab. Check progress You can check your progress by clicking Check my progress at the end of each task. If you haven’t yet completed a task, you’ll receive hints on what you must do to complete it. You can click Check my progress whenever you want to check the completion status of a task or receive a hint. Using copy/paste commands The first time you try to use copy or paste keyboard shortcuts (such as CTRL + C ), you’ll receive a pop-up requesting permission to use your device’s clipboard:  “ googlecoursera.qwiklabs.com wants to see text and images copied to the clipboard. ” Please click Allow if you would like to be able to use these shortcuts in the Qwiklabs platform. If you choose not to allow Qwiklabs access to your clipboard, you cannot use keyboard shortcuts but you can still complete the lab. Code block Certain steps may include a code block. Click the copy button to copy the code provided and then paste it into the terminal. To paste code or other text content that you have copied from the instructions into the terminal, activate the terminal by clicking anywhere inside it. The terminal is active when the cursor in the terminal changes from a static empty outline to a flashing solid block. Once the terminal is active, use the keyboard shortcut CTRL + V (hold down the CTRL key and press the V key) to insert the copied text into the terminal at the location of the flashing cursor. Scrolling In certain situations, you may want to scroll within the terminal window. To do so, use the scroll wheel on your mouse or the touchpad of your computer. End Lab button Finally, click End Lab when you’ve completed the tasks in the lab. Note : Don't click End Lab until you're finished; you'll lose access to the work you've done throughout the lab. Tracking progress on Coursera If you complete a lab but your progress hasn’t been tracked on Coursera, you may need to refresh the page for your progress to be registered. Once you complete the lab and refresh the page, the green check mark should appear. Helpful navigation tips and keyboard shortcuts The following contains a list of navigation tips and keyboard shortcuts you may find useful when completing your Linux labs. Your cursor must be in the terminal window to use these navigation tips and keyboard shortcuts. CTRL + C : Terminates a command that is currently running; from the instructions portion of Qwiklabs, you can use CTRL + C to copy, but within the terminal, it will only terminate a command and if one isn't running, it will display ^C at the prompt CTRL + V : Pastes text clear : Clears the terminal screen; this can also be done by entering CTRL + L CTRL + A : Sets your cursor at the beginning of a command CTRL + E : Sets your cursor at the end of a command Left arrow key : Moves left within a command Right arrow key : Moves right within a command Up arrow key : Provides the last command you entered into the command line; can be entered multiple times to go through multiple commands from the command history Down arrow key : Provides the next command in the command history; must be after using the up arrow key Tab key : Provides available suggestions for completing your text Key takeaways Knowing how to navigate Qwiklabs will be useful as you complete the labs throughout this course. These labs can help you practice what you’ve learned in an interactive environment. Introduction to the shell Welcome back! In this video, we're going to discuss the Linux shell. This part of the Linux architecture is where the action will happen for  you as a security analyst. We introduced the shell with other components of the Linux OS earlier,  but let's take a deeper look at what the shell is and what it does. The shell is the command-line interpreter. That means it helps you communicate with the operating system through  the command line. Previously, we discussed a command-line interface. This is essentially the shell. The shell provides the command-line interface for you to interact with the OS. To tell the OS what to do, you enter commands into this interface. A command is an instruction telling the computer to do something. The shell communicates with the kernel to execute these commands. Earlier, we discussed how the operating system helps humans and  computers speak with each other. The shell is the part of the OS that allows you to do this. Think of this as a very helpful language interpreter between you and your system. Since you do not speak computer language or binary,  you can't directly communicate with your system. This is where the shell comes in to help you. Your OS doesn't need the shell for most of its work, but  it is an interface between you and what your system can offer. It allows you to perform math, run tests, and execute applications. More importantly, it allows you to combine these operations and  connect applications to each other  to perform complex and automated tasks. Just as there are many Linux distributions,  there are many different types of shells. We'll primarily focus on the Bash shell in this course. Let's continue to learn more about the shell. Different types of shells Knowing how to work with Linux shells is an important skill for cybersecurity professionals. Shells can be used for many common tasks. Previously, you were introduced to shells and their functions. This reading will review shells and introduce you to different types, including the one that you'll use in this course. Communicate through a shell As you explored previously, the shell is the command-line interpreter. You can think of a shell as a translator between you and the computer system. Shells allow you to give commands to the computer and receive responses from it. When you enter a command into a shell, the shell executes many internal processes to interpret your command, send it to the kernel, and return your results. Types of shells The many different types of Linux shells include the following: Bourne-Again Shell (bash) C Shell (csh) Korn Shell (ksh) Enhanced C shell (tcsh) Z Shell (zsh) PowerShell (by microsoft also on windows) All Linux shells use common Linux commands, but they can differ in other features. For example, ksh and bash use the dollar sign ( $ ) to indicate where users type in their commands. Other shells, such as zsh, use the percent sign ( % ) for this purpose. Bash Bash is the default shell in most Linux distributions. It’s considered a user-friendly shell. You can use bash for basic Linux commands as well as larger projects. Bash is also the most popular shell in the cybersecurity profession. You’ll use bash throughout this course as you learn and practice Linux commands. Key takeaways Shells are a fundamental part of the Linux operating system. Shells allow you to give commands to the computer and receive responses from it. They can be thought of as a translator between you and your computer system. There are many different types of shells, but the bash shell is the most commonly used shell in the cybersecurity profession. You’ll learn how to enter Linux commands through the bash shell later in this course. Input and output in the shell Hello again! In this video,  we're going to learn a little more about  the shell and how to communicate with it. Communicating with a computer is  like having a conversation with your friend. One person asks a question  and the other person answers with a response. If you don't know the answer,  you can just say you don't know the answer. When you communicate with the shell,  the commands in the shell can take input,  give output, or give error messages. Let's explore standard input,  standard output, and error messages in more detail. Standard input consists of information  received by the OS via the command line. This is like you asking your friend  a question during a conversation. The information is input from your keyboard to the shell. If the shell can interpret your request,  it asks the kernel for the resources it  needs to execute the related task. Let's take a look at this through echo,  a Linux command that outputs a specified string of text. String data is data consisting  of an ordered sequence of characters. In our example, we'll just have  it output the string of: hello. So, as input, we'll type: echo hello into the shell. Later, when we press enter, we'll get the output. But before we do that,  let's first discuss the concept of output in more detail. Standard output is the information  returned by the OS through the shell. In the same way that your friend  gives an answer to your question,  output is a computer's response to the command you input. Output is what you receive. Let's pick up where we left off in our example and send  the input of: echo hello to the OS by pressing enter. Immediately, the shell returns the output of: hello. Finally, standard error contains  error messages returned by the OS through the shell. Just like your friend might  indicate that they can't answer a question,  the system responds with  an error message if they can't respond to your command. Sometimes this might occur when we misspell  a command or the system  doesn't know the response to the command. Other times, it might happen because we don't have  the appropriate permissions to perform a command. We'll explore another example  that demonstrates standard error. Let's input: eco hello into the shell.  Notice I intentionally misspelled echo as e-c-o. When we press enter,  an error message appears. To wrap up, we've covered  the basics of communication with the shell. Communication with the shell can only go in one of  three ways: the system  receives a command—this is input; the system responds to the command and produces output; and finally, the system doesn't know how to respond,  resulting in an error. Later, you'll become much more familiar with this as  we explore commands useful for security professionals. Linux basics Wrap-up; Glossary terms from week 2 We've made it to the end of this section. Great work! Let's recap what you've just completed. In this section, you learned  about the Linux operating system. We examined the architecture of Linux. In our exploration of  the different distributions of Linux, we  discussed some of the most  widely used distros in security. You were introduced to KALI LINUX™, Ubuntu,  Parrot, Red Hat, and CentOS distributions. Finally, you learned about the shell and  its role as an interpreter  between the user and operating system. Congratulations! You're doing  great, and we have more useful topics to come. In the next part of the program,  you'll learn specific commands to use within  the shell while working as  a security analyst. Let's continue on.  Terms and definitions from Course 4, Week 2 Application: A program that performs a specific task Bash: The default shell in most Linux distributions CentOS: An open-source distribution that is closely related to Red Hat Central Processing Unit (CPU): A computer’s main processor, which is used to perform general computing tasks on a computer Command: An instruction telling the computer to do something Digital forensics: The practice of collecting and analyzing data to determine what has happened after an attack Directory: A file that organizes where other files are stored Distributions: The different versions of Linux File path: The location of a file or directory Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data Graphical user interface (GUI): A user interface that uses icons on the screen to manage different tasks on the computer Hard drive: A hardware component used for long-term memory Hardware : The physical components of a computer Internal hardware: The components required to run the computer Kali Linux ™ : An open-source distribution of Linux that is widely used in the security industry Kernel: The component of the Linux OS that manages processes and memory Linux: An open source operating system Package: A piece of software that can be combined with other packages to form an application Package manager: A tool that helps users install, manage, and remove packages or applications Parrot: An open-source distribution that is commonly used for security Penetration test (pen test): A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes Peripheral devices: Hardware components that are attached and controlled by the computer system Random Access Memory (RAM): A hardware component used for short-term memory Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course) : A subscription-based distribution of Linux built for enterprise use Shell: The command-line interpreter  Standard error: An error message returned by the OS through the shell Standard input: Information received by the OS via the command line Standard output: Information returned by the OS through the shell String data: Data consisting of an ordered sequence of characters Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries User: The person interacting with a computer stories Phil: Learn and grow in the cybersecurity field Hi, I'm Phil I'm the Chief Information Security Officer for Google Cloud, and a big part of that is, of course, cybersecurity. So, in cyber you've always got to learn, you've always got to stay up to date for the simple reason that technology and business and the world of our, kind of digital lives is just always changing. The online services that you use today are probably very different even just when what they were 12 months ago. In the mid '90s, I worked on one of the world's first internet banking systems. And essentially we were building and coding all of the security ourselves. I remember working on the first web browsers, the first web servers, the first implementations of encryption on the Internet. This was even before Google even existed. And so this was the very beginning of the Internet and we were literally kind of assembling and building this and learning how to do it as we went along. When you are first getting into cybersecurity, it's important to not get overwhelmed. It's a very big space. And all of us started off at where you are today. And we had to learn into that. At one point, I didn't know Linux, I didn't know how to program. I didn't know various parts of other operating systems. And I had to learn step-by-step, how all of that worked and gradually build up that knowledge over time. And even now I still have to look things up occasionally because I don't keep everything in my head all at once and that's totally fine. When you're approaching a new situation, you're always going to have a degree of anxiety about whether you're going to be able to learn it quickly enough. And generally, with enough experience, you're gradually comfortable that you will. But again, this is important to remember that you don't have to learn everything about everything all at once. Most of the time you learn enough to be enough of value in the initial part of the process, then you learn as you go. Start off by writing a few lines of simple code or looking at somebody else's code and trying to understand what it does and then change it a little bit and just incrementally work into this. Build that foundation of knowledge that gives you the ability to learn other things, and I think things will stem from that.  linux basics part 2; electric boogalooo Welcome to week 3; Linux commands via bash the bourne-again shell Learning to communicate in a new way can be exciting. Maybe you've learned a new language  and can remember this feeling. Perhaps a lot of us share this excitement with  young children as they are expanding their vocabulary. Others, including me, remember a sense of wonder when we  first used a specialized language  to communicate with their computer.  In this section, we'll continue to learn more about Linux and how to  communicate with the OS through its shell. You'll utilize the command line  to communicate with the OS. You'll learn how to input  commands in the shell and learn about some of  the core Linux commands that you'll  use as a security analyst. Specifically, this includes  navigating and managing the file system. You'll also focus on  authenticating and authorizing users. This means you'll be able to  use a command line to add and  delete users from the system and  to control what they have access to. Finally, there's always more to learn.  We'll cover accessing resources that support learning new Linux commands. I remember when I first learned about the command line  and was shocked at the capabilities it provided. I didn't need to click through  multiple screens to get tasks done. Although it took some practice and time to get used to,  it has been one of the biggest tools at my disposal. After this section, you'll have  a practical experience in an area  important to the work of  a security analyst: using Linux commands. Welcome back. Before we get  into specific Linux commands, let's  explore in more detail the basics of  communicating with the OS through the shell. Being able to utilize Linux commands is  a foundational skill for all security professionals. As a security analyst, you will work with  server logs and you'll need to know how to navigate,  manage and analyze files remotely without a graphical user interface. In addition, you'll need to know how to  verify and configure users and group access. You'll also need to give authorization  and set file permissions. That means that developing skills with the command line  is essential for your work as a security analyst. When we learned about the Linux  architecture, we learned that  the shell is one of the main components  of an operating system. We also learned that there are different shells. In this section, we'll utilize the Bash shell. Bash is the default shell in most Linux distributions. For the most part, the key Linux commands that you'll  be learning in this section are the same across shells. Now that you know what shell you'll be  using, let's go into how to write in Bash. As we discussed in a previous section,  communicating with your OS is like a conversation. You type in commands, and the OS  responds with an answer to your command. A command is an instruction  telling the computer to do something. We'll try out a command in Bash. Notice a dollar sign before the cursor. This is your prompt to enter a new command. Some commands might tell the computer to  find something like a specific file. Others might tell it to launch a program. Or, it might be to output a specific string of text. In the last section,  when we discussed input and output,  we explored how the echo command did this. Let's input the echo command again. You may notice that the command  we just input is not complete. If we're going to use the echo command  to output a specific string of  texts, we need to specify what the string of text is. This is what arguments are for. An argument is specific information needed by a command. Some commands take multiple arguments. So now let's complete the echo command with an argument. We're learning some pretty technical stuff,  so how about we output the words: "You are doing great!" We'll add this argument, and  then we'll press enter to get the output. In this example, our argument was a string of text. Arguments can provide other types of information as well. One thing that is really important in Linux is that  all commands and arguments are case sensitive. This includes file and directory names. Keep that in mind as you learn more about how to  use Linux in your day-to-day tasks as a security analyst. Okay, now that we've covered the basics of  entering Linux commands and arguments  through the Bash shell, we're ready  to learn some specific commands. This is exciting, so let's get to our next video! Core commands for navigation and reading files Welcome back. I hope you're learning  a lot about how to communicate with the Linux OS. As we continue our journey into  utilizing the Linux command line,  we'll focus on how to navigate the Linux file system. Now, I want you to imagine a tree. What did you notice first about the tree? Would you say the trunk or the branches? These might definitely get your attention,  but what about its roots? Everything about a tree starts in the roots.  Something similar happens when we think about the Linux file system. Previously, we learned about  the components of the Linux architecture. The Filesystem Hierarchy Standard,  or FHS, is  the component of the Linux OS that organizes data. This file system is  a very important part of Linux because  everything we do in Linux is considered  a file somewhere in the system's directory. The FHS is a hierarchical system,  and just like with a tree,  everything grows and branches out from the root. The root directory is  the highest-level directory in Linux. It's designated by a single slash.  Subdirectories branch off from the root directory.  The subdirectories branch out  further and further away from the root directory. When describing the directory structure in Linux, slashes  are used when tracing  back through these branches to the root. For example, here,  the first slash indicates the root directory. Then it branches out a level into the home subdirectory. Another slash indicates it is branching out again. This time it's to  the analyst subdirectory that is located within home. When working in security,  it is essential that you learn to navigate  a file system to locate and analyze logs,  such as log files. You'll analyze these log files for  application usage and authentication. With that background, we're now ready to learn  the commands commonly used  for navigating the file system. First, pwd prints the working directory onto the screen. When you use this command,  the output tells you which directory you're currently in.  Next, ls displays the names of files and directories in the current working directory. And finally,  cd navigates between directories. This is the command you'll use  when you want to change directories. Let's use these commands in Bash. First, we'll type the command  pwd to display the current location and then press enter. The output is the path to  the analyst directory where we're currently working. Next, let's input ls to display  the files and directories within the analyst directory. The output is the name of  four directories: logs, oldreports,  projects, and reports, and one file named updates.txt. So let's say we now want to go into  the logs directory to check for unauthorized access. We'll input: cd logs  to change directories. We won't get any output  on the screen from the cd command,  but if we enter pwd again,  its output indicates that the working directory is logs. Logs is a subdirectory of the analyst directory. As a security analyst,  you'll also need to know how to  read file content in Linux. For example, you may need to read  files that contain configuration settings to  identify potential vulnerabilities. Or, you might look at user access reports  while investigating unauthorized access. When reading file content,  there are some commands that will help you. First, cat displays the content of a file.  This is useful, but sometimes you won't want the full contents of a large file. In these cases, you can use the head command.  It displays just the beginning of a file, by default ten lines. Let's try out these commands. Imagine that we want to read the contents of  access.txt, and we're  already in the working directory where it's located. First, we input the cat command  and then follow it with the name of the file,  access.txt.  And Bash returns the full contents of this file. Let's compare that to the head command.  When we input the head command followed by our file name, only the first 10 lines of this file are displayed. Wow, this section had lots  of action, and it's just the beginning! I'm glad you learned how security analysts can use  essential commands to navigate the system. Next, we'll explore how to manage the system. Navigate Linux and read file content In this reading, you’ll review how to navigate the file system using Linux commands in Bash. You’ll further explore the organization of the Linux Filesystem Hierarchy Standard, review several common Linux commands for navigation and reading file content, and learn a couple of new commands. Filesystem Hierarchy Standard (FHS) Previously, you learned that the Filesystem Hierarchy Standard (FHS) is the component of Linux that organizes data. The FHS is important because it defines how directories, directory contents, and other storage is organized in the operating system. This diagram illustrates the hierarchy of relationships under the FHS: Under the FHS, a file’s location can be described by a file path. A file path is the location of a file or directory. In the file path, the different levels of the hierarchy are separated by a forward slash ( / ). Root directory The root directory is the highest-level directory in Linux, and it’s always represented with a forward slash ( / ).  All subdirectories branch off the root directory. Subdirectories can continue branching out to as many levels as necessary. Standard FHS directories Directly below the root directory, you’ll find standard FHS directories. In the diagram, home , bin , and etc are standard FHS directories. Here are a few examples of what standard directories contain: /home : Each user in the system gets their own home directory. /bin : This directory stands for “binary” and contains binary files and other executables. Executables are files that contain a series of commands a computer needs to follow to run programs and perform other functions. /etc : This directory stores the system’s configuration files. /tmp : This directory stores many temporary files. The /tmp directory is commonly used by attackers because anyone in the system can modify data in these files. /mnt : This directory stands for “mount” and stores media, such as USB drives and hard drives. Pro Tip : You can use the man hier command to learn more about the FHS and its standard directories. User-specific subdirectories Under home are subdirectories for specific users. In the diagram, these users are   analyst and analyst2 . Each user has their own personal subdirectories, such as projects , logs , or reports . Note: When the path leads to a subdirectory below the user’s home directory, the user’s home directory can be represented as the tilde ( ~ ). For example, /home/analyst/logs can also be represented as ~/logs . You can navigate to specific subdirectories using their absolute or relative file paths. The absolute file path is the full file path, which starts from the root. For example, /home/analyst/projects is an absolute file path. The relative file path is the file path that starts from a user's current directory. Note: Relative file paths can use a dot ( . ) to represent the current directory, or two dots ( .. ) to represent the parent of the current directory. An example of a relative file path could be ../projects . Key commands for navigating the file system The following Linux commands can be used to navigate the file system: pwd , ls , and cd . pwd The pwd command prints the working directory to the screen. Or in other words, it returns the directory that you’re currently in.  The output gives you the absolute path to this directory. For example, if you’re in your home directory and your username is analyst , entering pwd returns /home/analyst .  Pro Tip : To learn what your username is, use the whoami command. The whoami command returns the username of the current user. For example, if your username is analyst , entering whoami returns analyst . ls The ls command displays the names of the files and directories in the current working directory. For example, in the video, ls returned directories such as logs , and a file called updates.txt .  Note : If you want to return the contents of a directory that’s not your current working directory, you can add an argument after ls with the absolute or relative file path to the desired directory. For example, if you’re in the /home/analyst directory but want to list the contents of its projects subdirectory, you can enter ls /home/analyst/projects or just ls projects . cd The cd command navigates between directories. When you need to change directories, you should use this command. To navigate to a subdirectory of the current directory, you can add an argument after cd with the subdirectory name. For example, if you’re in the /home/analyst directory and want to navigate to its projects subdirectory, you can enter cd projects . You can also navigate to any specific directory by entering the absolute file path. For example, if you’re in /home/analyst/projects , entering cd /home/analyst/logs changes your current directory to /home/analyst/logs . Pro Tip : You can use the relative file path and enter cd .. to go up one level in the file structure. For example, if the current directory is /home/analyst/projects , entering cd .. would change your working directory to /home/analyst .  Common commands for reading file content The following Linux commands are useful for reading file content: cat , head , tail , and less . cat The cat command displays the content of a file. For example, entering cat updates.txt returns everything in the updates.txt file. h.l. The cat command in Linux is short for "concatenate", which means to link things together in a series or chain. The cat command is one of the most commonly used commands in Unix-like operating systems like Linux. It reads data from files and outputs their contents. It can also concatenate and display the contents of more than one file. head The head command displays just the beginning of a file, by default 10 lines. The head command can be useful when you want to know the basic contents of a file but don’t need the full contents. Entering head updates.txt returns only the first 10 lines of the updates.txt file. Pro Tip : If you want to change the number of lines returned by head , you can specify the number of lines by including -n . For example, if you only want to display the first five lines of the updates.txt file, enter head -n 5 updates.txt . tail The tail command does the opposite of head . This command can be used to display just the end of a file, by default 10 lines. Entering tail updates.txt returns only the last 10 lines of the updates.txt file. Pro Tip : You can use tail to read the most recent information in a log file. less The less command returns the content of a file one page at a time. For example, entering less updates.txt changes the terminal window to display the contents of updates.txt one page at a time. This allows you to easily move forward and backward through the content.  Once you’ve accessed your content with the less command, you can use several keyboard controls to move through the file: Space bar : Move forward one page b : Move back one page Down arrow : Move forward one line Up arrow : Move back one line q : Quit and return to the previous terminal window note to future NaruZkurai, this control scheme is ascinine, i will be ripping this command then creating one called nzkread Key takeaways It’s important for security analysts to be able to navigate Linux and the file system of the FHS. Some key commands for navigating the file system include pwd , ls , and cd . Reading file content is also an important skill in the security profession. This can be done with commands such as cat , head , tail , and less .  Find what you need with Linux Now that we covered: pwd, ls,  and cd and are familiar with  these basic commands for  navigating the Linux file system,  let's look at a couple of ways to  find what you need within this system. As a security analyst,  your work will likely involve  filtering for the information you need. Filtering means searching your system for  specific information that can  help you solve complex problems. For example, imagine that your team  determines a piece of  malware contains a string of characters. You might be tasked with finding other files with  the same string to determine if  those files contain the same malware. Later, we'll learn more about how  you can use SQL to filter a database,  but Linux is a good place to start basic filtering. First, we'll start with grep.  The grep command searches a specified file and returns all lines in  the file containing a specified string.  Here's an example of this.  Let's say we have a file called updates.txt, and we're currently looking for lines that contain the word: OS. If the file is large,  it would take a long time to visually scan for this. Instead, after navigating to  the directory that contains updates.txt,  we'll type the command:  grep OS updates.txt into the shell. Notice how the grep command is followed by two arguments.  The first argument is the string we're searching for; in this case, OS. The second argument is the name of the file  we're searching through, updates.txt. When we press enter,  Bash returns all lines containing the word OS. Now let's talk about piping. Piping is a Linux command that  can be used for a variety of purposes. In a moment, we'll focus on  how it can be used for filtering. But first, let's talk about the general idea of piping. The piping command sends a standard output of  one command as standard input  into another command for further processing. It's represented by the vertical bar character.  In our context, we can refer to this as the pipe character. Take a moment and imagine a physical pipe. Physical pipes have two ends. On one end, for example,  water might enter the pipe from a hot water tank. Then, it travels through the pipe and  comes out on the other end in a sink. Similarly, in Linux,  piping also involves redirection. Output from one command is sent through  the pipe and then is used on the other side of the pipe. Earlier in this video,  I explained how grep can be used to filter for  strings of characters within a file. Grep can also be incorporated after a pipe. Let's focus on this example. The first command, ls,  instructs the operating system to output the file  and directory contents of their reports subdirectory. But because the command is followed by the pipe,  the output isn't returned to the screen. Instead, it's sent to the next command. As we just learned,  grep searches for a specified string of characters; in this case, it's users. But where is it searching? Since grep follows a pipe,  the output of the previous command  indicates where to search. In this case, that output is a list of  files and directories within the reports subdirectory. It will return all files and  directories that contain the word: users. Let's explore this in Bash. So we can better understand how the filter works,  let's first output everything in the reports directory. If we were already in the directory,  we would just need to input ls. But since we're not, we'll also  specify the path to this directory. When we press enter,  the output indicates there are  seven files in the reports directory. Because we want to return  only the files that contain the word users,  we'll combine this ls command  with piping and the grep command. As the output demonstrates,  Linux has been instructed to return  only files that contain the word users.  The two files that don't contain this string no longer appear. So now you have two different ways that you can  filter in Linux while working as an analyst. Navigating through files and  filtering are just part of what you need to know. Let's keep exploring the Linux command line. Filter content in Linux In this reading, you’ll continue exploring Linux commands, which can help you filter for the information you need. You’ll learn a new Linux command,  find , which can help you search files and directories for specific information. Filtering for information You previously explored how filtering for information is an important skill for security analysts. Filtering is selecting data that match a certain condition. For example, if you had a virus in your system that only affected the .txt files, you could use filtering to find these files quickly. Filtering allows you to search based on specific criteria, such as file extension or a string of text. grep The grep command searches a specified file and returns all lines in the file containing a specified string. The grep command commonly takes two arguments: a specific string to search for and a specific file to search through. For example, entering grep OS updates.txt returns all lines containing OS in the updates.txt file. In this example, OS is the specific string to search for, and updates.txt is the specific file to search through. Piping The pipe command is accessed using the pipe character ( | ). Piping sends the standard output of one command as standard input to another command for further processing. As a reminder, standard output is information returned by the OS through the shell, and standard input is information received by the OS via the command line.  The pipe character ( | ) is located in various places on a keyboard. On many keyboards, it’s located on the same key as the backslash character ( \ ). On some keyboards, the | can look different and have a small space through the middle of the line. If you can’t find the | , search online for its location on your particular keyboard. When used with grep , the pipe can help you find directories and files containing a specific word in their names. For example, ls /home/analyst/reports | grep users returns the file and directory names in the reports directory that contain users . Before the pipe, ls indicates to list the names of the files and directories in reports . Then, it sends this output to the command after the pipe. In this case, grep users returns all of the file or directory names containing users from the input it received. Note: Piping is a general form of redirection in Linux and can be used for multiple tasks other than filtering. You can think of piping as a general tool that you can use whenever you want the output of one command to become the input of another command. find The find command searches for directories and files that meet specified criteria. There’s a wide range of criteria that can be specified with find . For example, you can search for files and directories that Contain a specific string in the name, Are a certain file size, or Were last modified within a certain time frame. When using find , the first argument after find indicates where to start searching. For example, entering find /home/analyst/projects searches for everything starting at the projects directory. After this first argument, you need to indicate your criteria for the search. If you don’t include a specific search criteria with your second argument, your search will likely return a lot of directories and files.  Specifying criteria involves options. Options modify the behavior of a command and commonly begin with a hyphen ( - ).  -name and -iname One key criteria analysts might use with find is to find file or directory names that contain a specific string. The specific string you’re searching for must be entered in quotes after the -name or -iname options. The difference between these two options is that -name is case-sensitive, and -iname is not.  For example, you might want to find all files in the projects directory that contain the word “log” in the file name. To do this, you’d enter find /home/analyst/projects -name "*log*" . You could also enter find /home/analyst/projects -iname "*log*" . In these examples, the output would be all files in the projects directory that contain log surrounded by zero or more characters. The "*log*" portion of the command is the search criteria that indicates to search for the string “log”. When -name is the option, files with names that include Log or LOG , for example, wouldn’t be returned because this option is case-sensitive. However, they would be returned when -iname is the option. Note : An asterisk ( * ) is used as a wildcard to represent zero or more unknown characters. -mtime Security analysts might also use find to find files or directories last modified within a certain time frame. The -mtime option can be used for this search. For example, entering find /home/analyst/projects -mtime -3 returns all files and directories in the projects directory that have been modified within the past three days.  The -mtime option search is based on days, so entering -mtime +1 indicates all files or directories last modified more than one day ago, and entering -mtime -1 indicates all files or directories last modified less than one day ago.  Note: The option -mmin can be used instead of -mtime if you want to base the search on minutes rather than days. Key takeaways Filtering for information using Linux commands is an important skill for security analysts so that they can customize data to fit their needs. Three key Linux commands for this are grep , piping ( | ), and find . These commands can be used to navigate and filter for information in the file system. Create and modify directories and files Let's make some branches! What do I mean by that? Well, in a previous video,  we discussed root directories and  how other subdirectories branch  off of the root directory. Let's think again about  the file directory system as a tree. The subdirectories are the branches of the tree. They're all connected from the same root  but can grow to make a complex tree. In this video, we'll create  directories and files and learn how to modify them. When it comes to working with data in  security, organization is key. If we know where information is located,  it makes it easier to detect  issues and keep information safe. In a previous video,  we've already discussed navigating between directories,  but let's take a moment to  examine directories more closely. It's possible you're familiar with the concept  of folders for organizing information.  In Linux, we have directories.  Directories help organize files and subdirectories. For example, within a directory for reports , an analyst may need to create two subdirectories:  one for drafts and one for final reports.  Now that we know why we need directories,  et's take a look at  some essential Linux commands for  managing directories and files. First, let's take note of  commands for creating and removing directories. The mkdir command creates a new directory.  In contrast, rmdir removes or deletes a directory.  A helpful feature of this command is  its built-in warning that lets you  know a directory is not empty. This saves you from accidentally deleting files.  Next, you'll use other commands for creating and removing files. The touch command creates a new file,  and then the rm command removes or deletes a file. And last, we have our commands for copying  and moving files or directories. The mv command moves a file or directory to new location,  and cp copies a file or directory into a new location. Now, we're ready to try out these commands. First, let's use the pwd command,  and then let's display the names of the files and  directories in the analyst directory with the ls command. Imagine that we no longer need  the oldreports directory that  appears among the file contents. Let's take a look at how to remove it. We input the rmdir command and follow it with  the name of the directory we want to remove: oldreports. We can use the ls command to confirm that  oldreports has been deleted  and no longer appears among the contents. Now, let's make another change. We want a new directory for drafts of reports. We need to use the command: mkdir  and specify a name for this directory: drafts. If we input ls again,  we'll notice the new directory drafts  included among the contents of the analyst directory. Let's change into this new directory  by entering: cd drafts. If we run ls,  it doesn't return any output,  indicating that this directory is currently empty. But next, we'll add some files to it. Let's say we want to draft new reports on  recently installed email and OS patches. To create these files,  we input: touch email_patches.txt and then: touch OS_patches.txt. Running ls indicates that  these files are now in the drafts directory. What if we realize that we only need a new report on  OS patches and we want  to delete the email patches report? To do this, we input the rm command and specify the file  to delete as: email_patches.txt. Running ls confirms that it's been deleted.  Now, let's focus on our commands for moving and copying.  We realized that we have a file called email  policy in the reports folder  that is currently in draft format. We want to move it into the newly created drafts folder.  To do this, we need to change into the directory that currently has that file. Running ls in that directory indicates that it contains  several files, including email_policy.txt. Then to move that file,  we'll enter the mv command followed by two arguments. The first argument  after mv identifies the file to be moved. The second argument indicates where to move it. If we change directories into  drafts and then display its contents,  we'll notice that the email policy file  has been moved to this directory. We'll change back into reports. Displaying the file contents confirms that  email_policy is no longer there. Okay, one more thing. vulnerabilities.txt is  a file that we want to keep in the reports directory. But since it affects an upcoming project,  we also want to copy it into the project's directory. Since we're already in the directory that has this file,  we'll use the cp command to  copy it into the projects directory. Notice that the first argument  indicates which file to copy,  and the second argument provides  the path to the directory that it will be copied into.  When we press Enter, this copies the vulnerabilities file into  the projects directory while also  leaving the original within reports. Isn't it cool what we can do with these commands? Now, let's focus on  one more concept related to modifying files. In addition to using commands,  you can also use applications to help you edit files. As a security analyst,  file editors are often necessary for  your daily tasks, like writing or editing reports. A popular file editor is nano.  It's good for beginners.  You can access this tool through the nano command. Let's get familiar with nano together. We'll add a title to  our new draft report: OS_patches.txt. First, we change into  the directory containing that file, then we input nano  followed by the name of the file we want  to edit: OS_patches.txt. This brings up the nano file editor with that file open. For now, we'll just enter  the title OS Patches by typing this into the editor. We need to save this before  returning to the command line, and to do so,  we press Ctrl+O  and then enter to save it with the current file name.  Then to exit, we press Ctrl+X.  Great work! We've covered a lot of topics here—from  creating and removing directories and files  to copying or moving them,  and just now,  we've added editing files. You're well on your way to learning Linux commands! Manage directories and files Previously, you explored how to manage the file system using Linux commands. The following commands were introduced:  mkdir , rmdir , touch , rm , mv , and cp . In this reading, you’ll review these commands, the nano text editor, and learn another way to write to files. Creating and modifying directories mkdir The mkdir command creates a new directory. Like all of the commands presented in this reading, you can either provide the new directory as the absolute file path, which starts from the root, or as a relative file path, which starts from your current directory. For example, if you want to create a new directory called network in your /home/analyst/logs directory, you can enter mkdir /home/analyst/logs/network to create this new directory. If you’re already in the /home/analyst/logs directory, you can also create this new directory by entering mkdir network . Pro Tip : You can use the ls command to confirm the new directory was added. rmdir The rmdir command removes, or deletes, a directory. For example, entering rmdir /home/analyst/logs/network would remove this empty directory from the file system. Note : The rmdir command cannot delete directories with files or subdirectories inside. For example, entering rmdir /home/analyst returns an error message.  Creating and modifying files touch and rm The touch command creates a new file. This file won’t have any content inside. If your current directory is /home/analyst/reports , entering touch permissions.txt creates a new file in the reports subdirectory called permissions.txt . The rm command removes, or deletes, a file. This command should be used carefully because it’s not easy to recover files deleted with rm . To remove the permissions file you just created, enter rm permissions.txt .  Pro Tip: You can verify that permissions.txt was successfully created or removed by entering ls . mv and cp You can also use mv and cp when working with files. The mv command moves a file or directory to a new location, and the cp command copies a file or directory into a new location. The first argument after mv or cp is the file or directory you want to move or copy, and the second argument is the location you want to move or copy it to. To move permissions.txt into the logs subdirectory, enter mv permissions.txt /home/analyst/logs . Moving a file removes the file from its original location. However, copying a file doesn’t remove it from its original location. To copy permissions.txt into the logs subdirectory while also keeping it in its original location, enter cp permissions.txt /home/analyst/logs . Note : The mv command can also be used to rename files. To rename a file, pass the new name in as the second argument instead of the new location. For example, entering mv permissions.txt perm.txt renames the permissions.txt file to perm.txt . nano text editor nano is a command-line file editor that is available by default in many Linux distributions. Many beginners find it easy to use, and it’s widely used in the security profession. You can perform multiple basic tasks in nano, such as creating new files and modifying file contents.  To open an existing file in nano from the directory that contains it, enter nano followed by the file name. For example, entering nano permissions.txt from the /home/analyst/reports directory opens a new nano editing window with the permissions.txt file open for editing. You can also provide the absolute file path to the file if you’re not in the directory that contains it. You can also create a new file in nano by entering nano followed by a new file name. For example, entering nano authorized_users.txt from the /home/analyst/reports directory creates the authorized_users.txt file within that directory and opens it in a new nano editing window. Since there isn't an auto-saving feature in nano, it’s important to save your work before exiting. To save a file in nano, use the keyboard shortcut Ctrl + O . You’ll be prompted to confirm the file name before saving. To exit out of nano, use the keyboard shortcut Ctrl + X . Note : Vim and Emacs are also popular command-line text editors. Standard output redirection There’s an additional way you can write to files. Previously, you learned about standard input and standard output. Standard input is information received by the OS via the command line, and standard output is information returned by the OS through the shell. You’ve also learned about piping. Piping sends the standard output of one command as standard input to another command for further processing. It uses the pipe character ( | ).  In addition to the pipe ( | ), you can also use the right angle bracket ( > ) and double right angle bracket ( >> ) operators to redirect standard output. When used with echo , the > and >> operators can be used to send the output of echo to a specified file rather than the screen. The difference between the two is that > overwrites your existing file, and >> adds your content to the end of the existing file instead of overwriting it. The > operator should be used carefully, because it’s not easy to recover overwritten files. When you’re inside the directory containing the permissions.txt file, entering echo "last updated date" >> permissions.txt adds the string “last updated date” to the file contents. Entering echo "time" > permissions.txt after this command overwrites the entire file contents of permissions.txt with the string “time”. Note: Both the > and >> operators will create a new file if one doesn’t already exist with your specified name. Key takeaways Knowing how to manage the file system in Linux is an important skill for security analysts. Useful commands for this include: mkdir , rmdir , touch , rm , mv , and cp . When security analysts need to write to files, they can use the nano text editor, or the > and >> operators. File permissions and ownership Hi there. It's great to have you back! Let's continue to learn more about how to  work in Linux as a security analyst. In this video, we'll explore  file and directory permissions. We'll learn how Linux represents permissions  and how you can check for the permissions  associated with files and directories. Permissions are the type of  access granted for a file or directory. Permissions are related to authorization. Authorization is the concept of granting  access to specific resources in a system. Authorization allows you to limit  access to specified files or directories. A good rule to follow is that  data access is on a need-to-know basis. You can imagine the security risk  it would impose if anyone  could access or modify anything they wanted to on a system. There are three types of permissions in  Linux that an authorized user can have. The first type of permission is read.  On a file, read permissions means contents on the file can be read. On a directory,  this permission means you can read  all files in that directory. Next are write permissions.  Write permissions on a file allow modifications of contents of the file. On a directory, write permissions indicate that  new files can be created in that directory. Finally, there are also execute permissions. Execute permissions on files mean that  the file can be executed if it's an executable file. Execute permissions on directories allow users to  enter into a directory and access its files. Permissions are granted for  three different types of owners. The first type is the user. The user is the owner of the file. When you create a file,  you become the owner of the file,  but the ownership can be changed. Group is the next type. Every user is a part of a certain group. A group consists of several users,  and this is one way to manage a multi-user environment. Finally, there is other. Other can be considered all other users on the system. Basically, anyone else with access  to the system belongs to this group. In Linux, file permissions are  represented with a 10-character string. For a directory with full permissions for the user group, this string would be: drwxrwxrwx.  Let's examine what this means more closely. The first character indicates the file type. As shown in this example,  d is used to indicate it is a directory. If this character contains a hyphen instead,  it would be a regular file. The second, third, and  fourth characters indicate the permissions for the user. In this example, r  indicates the user has read permissions,  w indicates the user has write permissions,  x indicates the user has execute permissions.  If one of these permissions was missing, there would be a hyphen instead of the letter. In the same way, the fifth, sixth,  and seventh characters indicate  permissions for the next owner type group. As it shows here,  the type group also has read,  write, and execute permissions. There are no hyphens to indicate that  any of these permissions haven't been granted. Finally, the eighth through tenth characters  indicate permissions for the last owner type: other. They also have read, write,  and execute permissions in this example. Ensuring files and directories are set  with their appropriate access permissions is  critical to protecting sensitive files and  maintaining the overall security of a system. For example, payroll departments  handle sensitive information. If someone outside of  the payroll group could read this file,  this would be a privacy concern. Another example is when the user,  the group, and other can all write to a file. This type of file is considered a world-writable file. World-writable files can pose significant security risks. So how do we check permissions? First, we need to understand what options are. Options modify the behavior of the command. The options for a command  can be a single letter or a full word. Checking permissions involves adding  options to the ls command. First, ls -l displays permissions to files and directories.  You might also want to display  hidden files and identify their permissions. Hidden files, which begin with  a period before their name, don't normally appear when you use ls to display file contents. Entering ls -a displays hidden files. Then you can combine these two options to do both. Entering ls -la displays permissions  to files and directories, including hidden files. Let's get into Bash and try out these options. Right now, we're in the project subdirectory. First, let's use the ls command to display its contents. The output displays the files in this directory,  but we don't know anything about their permissions. By using ls -l instead,  we get expanded information on  these files. Let's do this. The file names are now on the right side of each row. The first piece of information in each row  shows the permissions in  the format that we discussed earlier. Since these are all files and not directories,  notice how the first character is a hyphen. Let's focus on one specific file: project1.txt. The second through fourth characters of its  permissions show us the user  has both read and write permissions  but lacks execute permissions. In both the fifth through  seventh characters and eighth through tenth characters,  the sequence is r--. This means group and other have only read privileges. After the permissions, ls -l first displays the username. Here, that's us, analyst. Next comes the group name; in our case, the security group.  Now let's use ls -a The output includes two more files—hidden  files with the names: .hidden1.txt  and .hidden2.txt Finally, we can also use  ls -la to show the permissions for all files,  including these hidden files. I thought that was pretty interesting. Did you? You now know a little more about  file permissions and ownership. This will be helpful when working in  security because monitoring and  setting correct permissions is essential for protecting information. Take a small break and meet me in the next video. Permission commands Previously, you explored file permissions and the commands that you can use to display and change them.  In this reading, you’ll review these concepts and also focus on an example of how these commands work together when putting the principle of least privilege into practice. Reading permissions In Linux, permissions are represented with a 10-character string. Permissions include: read : for files, this is the ability to read the file contents; for directories, this is the ability to read all contents in the directory including both files and subdirectories write : for files, this is the ability to make modifications on the file contents; for directories, this is the ability to create new files in the directory execute : for files, this is the ability to execute the file if it’s a program; for directories, this is the ability to enter the directory and access its files These permissions are given to these types of owners: user : the owner of the file group : a larger group that the owner is a part of other : all other users on the system Each character in the 10-character string conveys different information about these permissions. The following table describes the purpose of each character: Character Example Meaning 1st d rwxrwxrwx file type d for directory - for a regular file 2nd d r wxrwxrwx read permissions for the user r if the user has read permissions - if the user lacks read permissions 3rd dr w xrwxrwx write permissions for the user w if the user has write permissions - if the user lacks write permissions 4th drw x rwxrwx execute permissions for the user x if the user has execute permissions - if the user lacks execute permissions 5th drwx r wxrwx read permissions for the group r if the group has read permissions - if the group lacks read permissions 6th drwxr w xrwx write permissions for the group w if the group has write permissions - if the group lacks write permissions 7th drwxrw x rwx execute permissions for the group x if the group has execute permissions - if the group lacks execute permissions 8th drwxrwx r wx read permissions for other r if the other owner type has read permissions - if the other owner type lacks read permissions 9th drwxrwxr w x write permissions for other w if the other owner type has write permissions - if the other owner type lacks write permissions 10th drwxrwxrw x execute permissions for other x if the other owner type has execute permissions - if the other owner type lacks execute permissions Exploring existing permissions You can use the ls command to investigate who has permissions on files and directories. Previously, you learned that ls displays the names of files in directories in the current working directory. There are additional options you can add to the ls command to make your command more specific. Some of these options provide details about permissions. Here are a few important ls options for security analysts: ls -a : Displays hidden files. Hidden files start with a period ( . ) at the beginning. ls -l : Displays permissions to files and directories. Also displays other additional information, including owner name, group, file size, and the time of last modification. ls -la : Displays permissions to files and directories, including hidden files. This is a combination of the other two options. Changing permissions The principle of least privilege is the concept of granting only the minimal access and authorization required to complete a task or function. In other words, users should not have privileges that are beyond what is necessary. Not following the principle of least privilege can create security risks. The chmod   command can help you manage this authorization. The chmod command changes permissions on files and directories. Using chmod The chmod command requires two arguments. The first argument indicates how to change permissions, and the second argument indicates the file or directory that you want to change permissions for.  For example, the following command would add all permissions to login_sessions.txt : chmod u+rwx,g+rwx,o+rwx login_sessions.txt If you wanted to take all the permissions away, you could use chmod u-rwx,g-rwx,o-rwx login_sessions.txt Another way to assign these permissions is to use the equals sign ( = ) in this first argument. Using = with chmod sets, or assigns, the permissions exactly as specified. For example, the following command would set read permissions for login_sessions.txt for user, group, and other: chmod u=r,g=r,o=r login_sessions.txt This command overwrites existing permissions. For instance, if the user previously had write permissions, these write permissions are removed after you specify only read permissions with = . The following table reviews how each character is used within the first argument of chmod : Character Description u indicates changes will be made to user permissions g indicates changes will be made to group permissions o indicates changes will be made to other permissions + adds permissions to the user, group, or other - removes permissions from the user, group, or other = assigns permissions for the user, group, or other Note: When there are permission changes to more than one owner type, commas are needed to separate changes for each owner type. You should not add spaces after those commas. The principle of least privilege in action As a security analyst, you may encounter a situation like this one: There’s a file called bonuses.txt within a compensation directory. The owner of this file is a member of the Human Resources department with a username of hrrep1 . It has been decided that hrrep1 needs access to this file. But, since this file contains confidential information, no one else in the hr group needs access. You run ls -l to check the permissions of files in the compensation directory and discover that the permissions for bonuses.txt are -rw-rw---- . The group owner type has read and write permissions that do not align with the principle of least privilege. To remedy the situation, you input chmod g-rw bonuses.txt . Now, only the user who needs to access this file to carry out their job responsibilities can access this file. Key takeaways Managing directory and file permissions may be a part of your work as a security analyst. Using ls with the -l and -la options allows you to investigate directory and file permissions. Using chmod allows you to change user permissions and ensure they are aligned with the principle of least privilege. File permissions and ownership Hi there. It's great to have you back! Let's continue to learn more about how to  work in Linux as a security analyst. In this video, we'll explore  file and directory permissions. We'll learn how Linux represents permissions  and how you can check for the permissions  associated with files and directories. Permissions are the type of  access granted for a file or directory. Permissions are related to authorization.  Authorization is the concept of granting access to specific resources in a system. Authorization allows you to limit  access to specified files or directories. A good rule to follow is that  data access is on a need-to-know basis. You can imagine the security risk  it would impose if anyone  could access or modify  anything they wanted to on a system. There are three types of permissions in  Linux that an authorized user can have. The first type of permission is read. On a file, read permissions  means contents on the file can be read. On a directory,  this permission means you can read  all files in that directory. Next are write permissions. Write permissions on a file allow  modifications of contents of the file. On a directory, write permissions indicate that  new files can be created in that directory. Finally, there are also execute permissions. Execute permissions on files mean that  the file can be executed if it's an executable file. Execute permissions on directories allow users to  enter into a directory and access its files. Permissions are granted for  three different types of owners. The first type is the user. The user is the owner of the file. When you create a file,  you become the owner of the file,  but the ownership can be changed. Group is the next type. Every user is a part of a certain group. A group consists of several users,  and this is one way to manage a multi-user environment. Finally, there is other. Other can be considered all other users on the system. Basically, anyone else with access  to the system belongs to this group. In Linux, file permissions are  represented with a 10-character string. For a directory with full permissions for the user group,  this string would be: drwxrwxrwx. Let's examine what this means more closely. The first character indicates the file type. As shown in this example,  d is used to indicate it is a directory. If this character contains a hyphen instead,  it would be a regular file. The second, third, and  fourth characters indicate the permissions for the user. In this example, r  indicates the user has read permissions,  w indicates the user has write permissions,  and x indicates the user has execute permissions.  If one of these permissions was missing, there would be a hyphen instead of the letter. In the same way, the fifth, sixth,  and seventh characters indicate  permissions for the next owner type group. As it shows here,  the type group also has read,  write, and execute permissions. There are no hyphens to indicate that  any of these permissions haven't been granted. Finally, the eighth through tenth characters  indicate permissions for the last owner type: other. They also have read, write,  and execute permissions in this example. Ensuring files and directories are set  with their appropriate access permissions is  critical to protecting sensitive files and maintaining the overall security of a system. For example, payroll departments  handle sensitive information. If someone outside of  the payroll group could read this file,  this would be a privacy concern. Another example is when the user, the group, and other can all write to a file. This type of file is considered a world-writable file. World-writable files can pose significant security risks. So how do we check permissions? First, we need to understand what options are. Options modify the behavior of the command. The options for a command  can be a single letter or a full word. Checking permissions involves adding  options to the ls command. First, ls -l displays  permissions to files and directories. You might also want to display  hidden files and identify their permissions. Hidden files, which begin with  a period before their name, don't  normally appear when you use ls to display file contents. Entering ls -a displays hidden files. Then you can combine these two options to do both. Entering ls -la displays permissions  to files and directories, including hidden files. Let's get into Bash and try out these options. Right now, we're in the project subdirectory. First, let's use the ls command to display its contents. The output displays the files in this directory,  but we don't know anything about their permissions. By using ls -l instead,  we get expanded information on  these files. Let's do this. The file names are now on the right side of each row. The first piece of information in each row  shows the permissions in  the format that we discussed earlier. Since these are all files and not directories,  notice how the first character is a hyphen. Let's focus on one specific file: project1.txt. The second through fourth characters of its  permissions show us the user  has both read and write permissions  but lacks execute permissions. In both the fifth through  seventh characters and eighth through tenth characters,  the sequence is r--. This means group and other have only read privileges. After the permissions, ls -l first displays the username. Here, that's us, analyst. Next comes the group name;  in our case, the security group. Now let's use ls -a  The output includes two more files—hidden  files with the names: .hidden1.txt  and .hidden2.txt Finally, we can also use  ls -la to show the permissions for all files,  including these hidden files. I thought that was pretty interesting. Did you? You now know a little more about  file permissions and ownership. This will be helpful when working in  security because monitoring and  setting correct permissions is  essential for protecting information. Take a small break and meet me in the next video. Change permissions Hi there! In the previous video,  you learned how to check permissions for a user. In this video, we're going  to learn about changing permissions. When working as a security analyst,  there may be many reasons to  change permissions for a user. A user may have changed departments  or been assigned to a different work group. A user might simply no longer be working on  a project that requires certain permissions. These changes are necessary in order to protect  system files from being  accidentally or deliberately altered or deleted. Let's explore a related command  that helps control this access. In this video, we'll learn about chmod. chmod changes permissions on files and directories. The command chmod stands for change mode. There are two modes for changing permissions,  but we'll focus on symbolic. The best way to  learn about how chmod works is through an example. I know this has a lot of details,  but we'll break this down. Also, please keep in mind that, like many Linux commands,  you don't have to memorize  the information and can always find a reference. With chmod, you need to identify which  file or directory you want to adjust permissions for. This is the final argument,  in this case, a file named: access.txt. The first argument, added directly after  the chmod command, indicates how to change permissions. Right now, this might seem hard to interpret,  but soon we'll understand why  this is called symbolic mode. Previously, we learned about the three types  of owners: user, group, and other. To identify these with chmod,  we use u to represent the user,  g to represent the group,  and o to represent other. In this particular example,  g indicates we will make  some changes to group permissions,  and o to permissions for other. These owner types are separated  by a comma in this argument. But do we want to add or take away permissions? Well, for this, we use mathematical operators. So, the plus sign after g  means we want to add permissions for group. The minus sign after o  means we want to take them away from other.  And the last question is: what kind of changes?  We've already learned that r represents read permissions,  w represents write permissions,  and x represents execute permissions. So in this case, the w indicates  that we're adding write permissions to the group,  and r indicates that we are taking  away read permissions from other. This is still very complex. But now that we've broken it down,  perhaps it doesn't seem quite  so much like a foreign language. And remember, you don't have to memorize this all. Let's give this new command a try. We'll start out in the logs sub-directory. If we use the ls -l command,  it will output the permissions for the file. It shows the permissions for the only file  in this directory: access.txt. Previously, we learned how to read these permissions.  The second through fourth characters  indicate that the user has read and write permissions. The fifth through seventh characters  show the group only has read permissions. And the eighth to tenth characters show  that other only has read permissions. We need to adjust these permissions. We want to ensure analysts in  the security group have write permission,  but takeaway read permissions from the owner-type other,  so we add write permissions for  group and remove read permissions for other. Let's run ls -l again.  This shows a change in the permissions for access.txt. Notice how in the middle segment  of permissions for the group,  w has been added to give write permissions. And another change is that  the r has been removed in the last segment,  indicating that read permissions  for other have been removed. As mentioned earlier, these hyphens  indicate a lack of permissions. Now, other is lacking all permissions. Though it requires practice, working in Linux becomes more natural with time. I'm glad you're learning a little more about how to use Linux. Permission commands Previously, you explored file permissions and the commands that you can use to display and change them.  In this reading, you’ll review these concepts and also focus on an example of how these commands work together when putting the principle of least privilege into practice. Reading permissions In Linux, permissions are represented with a 10-character string. Permissions include: read : for files, this is the ability to read the file contents; for directories, this is the ability to read all contents in the directory including both files and subdirectories write : for files, this is the ability to make modifications on the file contents; for directories, this is the ability to create new files in the directory execute : for files, this is the ability to execute the file if it’s a program; for directories, this is the ability to enter the directory and access its files These permissions are given to these types of owners: user : the owner of the file group : a larger group that the owner is a part of other : all other users on the system Each character in the 10-character string conveys different information about these permissions. The following table describes the purpose of each character: Character Example Meaning 1st d rwxrwxrwx file type d for directory - for a regular file 2nd d r wxrwxrwx read permissions for the user r if the user has read permissions - if the user lacks read permissions 3rd dr w xrwxrwx write permissions for the user w if the user has write permissions - if the user lacks write permissions 4th drw x rwxrwx execute permissions for the user x if the user has execute permissions - if the user lacks execute permissions 5th drwx r wxrwx read permissions for the group r if the group has read permissions - if the group lacks read permissions 6th drwxr w xrwx write permissions for the group w if the group has write permissions - if the group lacks write permissions 7th drwxrw x rwx execute permissions for the group x if the group has execute permissions - if the group lacks execute permissions 8th drwxrwx r wx read permissions for other r if the other owner type has read permissions - if the other owner type lacks read permissions 9th drwxrwxr w x write permissions for other w if the other owner type has write permissions - if the other owner type lacks write permissions 10th drwxrwxrw x execute permissions for other x if the other owner type has execute permissions - if the other owner type lacks execute permissions Exploring existing permissions You can use the ls command to investigate who has permissions on files and directories. Previously, you learned that ls displays the names of files in directories in the current working directory. There are additional options you can add to the ls command to make your command more specific. Some of these options provide details about permissions. Here are a few important ls options for security analysts: ls -a : Displays hidden files. Hidden files start with a period ( . ) at the beginning. ls -l : Displays permissions to files and directories. Also displays other additional information, including owner name, group, file size, and the time of last modification. ls -la : Displays permissions to files and directories, including hidden files. This is a combination of the other two options. Changing permissions The principle of least privilege is the concept of granting only the minimal access and authorization required to complete a task or function. In other words, users should not have privileges that are beyond what is necessary. Not following the principle of least privilege can create security risks. The chmod   command can help you manage this authorization. The chmod command changes permissions on files and directories. Using chmod The chmod command requires two arguments. The first argument indicates how to change permissions, and the second argument indicates the file or directory that you want to change permissions for.  For example, the following command would add all permissions to login_sessions.txt : chmod u+rwx,g+rwx,o+rwx login_sessions.txt If you wanted to take all the permissions away, you could use chmod u-rwx,g-rwx,o-rwx login_sessions.txt Another way to assign these permissions is to use the equals sign ( = ) in this first argument. Using = with chmod sets, or assigns, the permissions exactly as specified. For example, the following command would set read permissions for login_sessions.txt for user, group, and other: chmod u=r,g=r,o=r login_sessions.txt This command overwrites existing permissions. For instance, if the user previously had write permissions, these write permissions are removed after you specify only read permissions with = . The following table reviews how each character is used within the first argument of chmod : Character Description u indicates changes will be made to user permissions g indicates changes will be made to group permissions o indicates changes will be made to other permissions + adds permissions to the user, group, or other - removes permissions from the user, group, or other = assigns permissions for the user, group, or other Note: When there are permission changes to more than one owner type, commas are needed to separate changes for each owner type. You should not add spaces after those commas. The principle of least privilege in action As a security analyst, you may encounter a situation like this one: There’s a file called bonuses.txt within a compensation directory. The owner of this file is a member of the Human Resources department with a username of hrrep1 . It has been decided that hrrep1 needs access to this file. But, since this file contains confidential information, no one else in the hr group needs access. You run ls -l to check the permissions of files in the compensation directory and discover that the permissions for bonuses.txt are -rw-rw---- . The group owner type has read and write permissions that do not align with the principle of least privilege. To remedy the situation, you input chmod g-rw bonuses.txt . Now, only the user who needs to access this file to carry out their job responsibilities can access this file. Key takeaways Managing directory and file permissions may be a part of your work as a security analyst. Using ls with the -l and -la options allows you to investigate directory and file permissions. Using chmod allows you to change user permissions and ensure they are aligned with the principle of least privilege. Add and delete users Welcome back! In this video, we are  going to discuss adding and deleting users. This is related to the concept of authentication. Authentication is the process of a user  proving that they are who they say  they are in the system. Just like in a physical building,  not all users should be allowed in. Not all users should get access to the system. But we also want to make sure everyone  who should have access to the system has it. That's why we need to add users. New users can be new to  the organization or new to a group. This could be related to a change in  organizational structure or simply a directive  from management to move someone. And also, when users leave the organization,  they need to be deleted. They should no longer have  access to any part of the system. Or if they simply changed groups,  they should be deleted from groups  that they are no longer a part of. Now that we've sorted out why it's  important to add and delete users,  let's discuss a different type of user, the root user. A root user, or superuser,  is a user with elevated privileges to modify the system. Regular users have limitations,  where the root does not. Individuals who need to perform  specific tasks can be temporarily added as root users. Root users can create, modify,  or delete any file and run any program. Only root users or accounts with  root privileges can add new users.  So you may be wondering how you become a superuser. Well, one way is logging in as the root user,  but running commands as the root user is  considered to be bad practice when using Linux. Why is running commands as  a root user potentially problematic? The first problem with logging in  as root is the security risks. Malicious actors will try to breach the root account. Since it's the most powerful account, to stay safe,  the root account should have logins disabled. Another problem is that it's very  easy to make irreversible mistakes. It's very easy to type the wrong command in the CLI,  and if you're running as the root user,  you run a higher risk of making an irreversible mistake,  such as permanently deleting a directory. Finally, there's the concern of accountability. In a multi-user environment like Linux,  there are many users. If a user is running as root,  there is no way to track who exactly ran a command. One solution to help solve this problem is sudo. sudo is a command that temporarily grants  elevated permissions to specific users. This provides more of  a controlled approach compared to root,  which runs every command with root privileges. sudo solves lots of  problems associated with running as root. sudo comes from super-user-do  and lets you execute commands as  an elevated user without having  to sign in and out of another account. Running sudo will prompt you to enter  the password for the user you're currently logged in as. Not all users on a system can become a superuser. Users must be granted sudo access through  a configuration file called the sudoers file. Now that we've learned about sudo,  let's learn how we can use it with  another command to add users. This command is useradd.  useradd adds a user to the system.  Only root or users with  sudo privileges can use a useradd command. Let's look at a specific example  in which we need to add a user. We'll imagine a new representative is joining  the sales department and will be given  the username of salesrep7. We're tasked with adding them to the system. Let's try adding the new user. First, we need to use the sudo command,  followed by the useradd command,  and then last, the username we want to add,  in this case, salesrep7. This command doesn't display anything on the screen. But since we get a new Bash cursor  and not an error message,  we can feel confident that the command worked successfully. If it didn't, an error message would have appeared. Sometimes an error has to do with  something simple like misspelling useradd. Or, it might be because we didn't have sudo privileges. Now let's learn how to do the opposite. Let's learn how to delete a user with userdel. userdel deletes a user from the system. Similarly, we need root permissions that we'll  access through sudo to use userdel. Let's go back to our example of the user we added. Let's imagine two months later,  the sales representative that we just  added to the system leaves the company. That user should no longer have access to the system.  Let's delete that user from the system. Again, the sudo command is used first,  then we add the userdel command. Last, we add the name of the user we want to delete. Again, we know it ran successfully because  there is a new Bash cursor and not an error message. Now, we've covered how to add and delete  users and how these actions require sudo. When using sudo, we have to use our best judgment. These special privileges must be used  responsibly to ensure a secure system. Responsible use of sudo Previously, you explored authorization, authentication, and Linux commands with sudo , useradd , and userdel . The sudo command is important for security analysts because it allows users to have elevated permissions without risking the system by running commands as the root user. You’ll continue exploring authorization, authentication, and Linux commands in this reading and learn two more commands that can be used with sudo : usermod and chown .  Responsible use of sudo To manage authorization and authentication, you need to be a root user, or a user with elevated privileges to modify the system. The root user can also be called the “super user.” You become a root user by logging in as the root user. However, running commands as the root user is not recommended in Linux because it can create security risks if malicious actors compromise that account. It’s also easy to make irreversible mistakes, and the system can’t track who ran a command. For these reasons, rather than logging in as the root user, it’s recommended you use sudo in Linux when you need elevated privileges. The sudo command temporarily grants elevated permissions to specific users. The name of this command comes from “super user do.” Users must be given access in a configuration file to use sudo . This file is called the “sudoers file.” Although using sudo is preferable to logging in as the root user, it's important to be aware that users with the elevated permissions to use sudo might be more at risk in the event of an attack. You can compare this to a hotel with a master key. The master key can be used to access any room in the hotel. There are some workers at the hotel who need this key to perform their work. For example, to clean all the rooms, the janitor would scan their ID badge and then use this master key. However, if someone outside the hotel’s network gained access to the janitor’s ID badge and master key, they could access any room in the hotel. In this example, the janitor with the master key represents a user using sudo for elevated privileges. Because of the dangers of sudo , only users who really need to use it should have these permissions. Additionally, even if you need access to sudo , you should be careful about using it with only the commands you need and nothing more. Running commands with sudo allows users to bypass the typical security controls that are in place to prevent elevated access to an attacker. Note : Be aware of sudo if copying commands from an online source. It’s important you don’t use sudo accidentally.  Authentication and authorization with sudo You can use sudo with many authentication and authorization management tasks. As a reminder, authentication is the process of verifying who someone is, and authorization is the concept of granting access to specific resources in a system. Some of the key commands used for these tasks include the following: useradd The useradd command adds a user to the system. To add a user with the username of fgarcia with sudo , enter sudo useradd fgarcia . There are additional options you can use with useradd : -g : Sets the user’s default group, also called their primary group -G : Adds the user to additional groups, also called supplemental or secondary groups To use the -g option, the primary group must be specified after -g . For example, entering sudo useradd -g security fgarcia adds fgarcia as a new user and assigns their primary group to be security . To use the -G option, the supplemental group must be passed into the command after -G . You can add more than one supplemental group at a time with the -G option. Entering sudo useradd -G finance,admin fgarcia adds fgarcia as a new user and adds them to the existing finance and admin groups. usermod The usermod command modifies existing user accounts. The same -g and -G options from the useradd command can be used with usermod if a user already exists.  To change the primary group of an existing user, you need the -g option. For example, entering sudo usermod -g executive fgarcia would change fgarcia ’s primary group to the executive group. To add a supplemental group for an existing user, you need the -G option. You also need a -a option, which appends the user to an existing group and is only used with the -G option. For example, entering sudo usermod -a -G marketing fgarcia would add the existing fgarcia user to the supplemental marketing group. Note: When changing the supplemental group of an existing user, if you don't include the -a option, -G will replace any existing supplemental groups with the groups specified after usermod .  Using -a with -G ensures that the new groups are added but existing groups are not replaced. There are other options you can use with usermod to specify how you want to modify the user, including: -d : Changes the user’s home directory. -l : Changes the user’s login name. -L : Locks the account so the user can’t log in. The option always goes after the usermod command. For example, to change fgarcia ’s home directory to /home/garcia_f , enter sudo usermod -d /home/garcia_f fgarcia . The option -d directly follows the command usermod before the other two needed arguments. userdel The userdel command deletes a user from the system. For example, entering sudo userdel fgarcia deletes fgarcia as a user. Be careful before you delete a user using this command. The userdel command doesn’t delete the files in the user’s home directory unless you use the -r option. Entering sudo userdel -r fgarcia would delete fgarcia as a user and delete all files in their home directory. Before deleting any user files, you should ensure you have backups in case you need them later. Note : Instead of deleting the user, you could consider deactivating their account with usermod -L . This prevents the user from logging in while still giving you access to their account and associated permissions. For example, if a user left an organization, this option would allow you to identify which files they have ownership over, so you could move this ownership to other users. chown The chown command changes ownership of a file or directory. You can use chown to change user or group ownership. To change the user owner of the access.txt file to fgarcia , enter sudo chown fgarcia access.txt . To change the group owner of access.txt to security , enter sudo chown :security access.txt . You must enter a colon ( : ) before security to designate it as a group name. Similar to useradd , usermod , and userdel , there are additional options that can be used with chown .  Key takeaways Authentication is the process of a user verifying their identity, and authorization is the process of determining what they have access to. You can use the sudo command to temporarily run commands with elevated privileges to complete authentication and authorization management tasks. Specifically, useradd , userdel, usermod , and chown can be used to manage users and file ownership. The Linux community There are so many others just like you  who will be using the command line. Linux's popularity and ease of use  has created a large online community  that constantly publishes information to  help users learn how to operate Linux. Since Linux is open-source,  it has become a global community of  users that contribute frequently. This global community is a huge resource for  all Linux users because users  can find answers for everyday tasks. Just searching on the internet will provide many answers. The easiest way to troubleshoot a task is to search and  read about how someone else has done it. Looking for resources on how to execute  a task is a good way for beginners to continue learning. So far, you've learned how to add users,  but imagine if later you want to add a new group. One way to learn how to do this is to search online. Let's give this a try through a Google search. The search results give us  many options for adding a group in Linux. Another reputable source is a  Unix & Linux Stack Exchange. Their answers are ranked with  points to display high-quality answers. Many questions relate to  more advanced users and  are geared towards troubleshooting. Well, now you know where to get some extra support  whenever in doubt about topics in Linux. There is a lot of support just a click away. Coming up, we'll learn how to get support  from within the command line itself. Join me. Linux resources Previously, you were introduced to the Linux community and some resources that exist to help Linux users. Linux has many options available to give users the information they need. This reading will review these resources. When you’re aware of the resources available to you, you can continue to learn Linux independently. You can also discover even more ways that Linux can support your work as a security analyst. Linux community Linux has a large online community, and this is a huge resource for Linux users of all levels. You can likely find the answers to your questions with a simple online search. Troubleshooting issues by searching and reading online is an effective way to discover how others approached your issue. It’s also a great way for beginners to learn more about Linux. The UNIX and Linux Stack Exchange is a trusted resource for troubleshooting Linux issues. The Unix and Linux Stack Exchange is a question and answer website where community members can ask and answer questions about Linux. Community members vote on answers, so the higher quality answers are displayed at the top. Many of the questions are related to specific topics from advanced users, and the topics might help you troubleshoot issues as you continue using Linux. Integrated Linux support Linux also has several commands that you can use for support. man The man command displays information on other commands and how they work. It’s short for “manual.” To search for information on a command, enter the command after man . For example, entering man chown returns detailed information about chown , including the various options you can use with it. The output of the man command is also called a “man page.” apropos The apropos command searches the man page descriptions for a specified string. aprops comes from the French phrase à propos, meaning “to the purpose”. Man pages can be lengthy and difficult to search through if you’re looking for a specific keyword. To use apropos , enter the keyword after apropos .  You can also include the -a option to search for multiple words. For example, entering apropos -a graph editor outputs man pages that contain both the words “graph" and "editor” in their descriptions. whatis The whatis command displays a description of a command on a single line. For example, entering whatis nano outputs the description of nano . This command is useful when you don't need a detailed description, just a general idea of the command. This might be as a reminder. Or, it might be after you discover a new command through a colleague or online resource and want to know more.  Key takeaways There are many resources available for troubleshooting issues or getting support for Linux. Linux has a large global community of users who ask and answer questions on online resources, such as the Unix and Linux Stack Exchange. You can also use integrated support commands in Linux, such as man , apropos , and whatis . Resources for more information There are many resources available online that can help you learn new Linux concepts, review topics, or ask and answer questions with the global Linux community. The Unix and Linux Stack Exchange is one example, and you can search online to find others. Wrap-up; Glossary terms from week 3 Congratulations! You completed another section in this course. Take a minute to think about what you've achieved. You learned a lot in this section. Let's recap what we covered. In this section, you utilized the command line to communicate with the OS. Part of this was using commands for navigating and managing the file system. And you used other commands for authenticating and authorizing users. These are all tasks that a security analyst is likely to encounter. Finally, you learned about accessing resources that support learning new Linux commands. With this knowledge, you'll be able to continue learning more and more about using the command line. We did it! we learned how to communicate with Linux. That's a great accomplishment, and one that will be very useful to you in your career as a security analyst. You should be proud of the work that you've done so far.   Terms and definitions from Course 4, Week 3   Absolute file path: The full file path, which starts from the root Argument (Linux): Specific information needed by a command Authentication: The process of verifying who someone is Authorization: The concept of granting access to specific resources in a system Bash: The default shell in most Linux distributions Command: An instruction telling the computer to do something File path: The location of a file or directory Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data Filtering: Selecting data that match a certain condition nano: A command-line file editor that is available by default in many Linux distributions Options: Input that modifies the behavior of a command Permissions: The type of access granted for a file or directory Principle of least privilege: The concept of granting only the minimal access and authorization required to complete a task or function Relative file path: A file path that starts from the user's current directory Root directory: The highest-level directory in Linux Root user (or superuser): A user with elevated privileges to modify the system Standard input: Information received by the OS via the command line Standard output: Information returned by the OS through the shell   Damar: My journey into Linux commands My name is Damar, I'm a security engineer here at Google. I've always wanted to get into cybersecurity since I was a kid. A lot of the cartoons I watched, they had like floppy disks or flash drives, and  they would put that in the computer and kind of like cause havoc. [LAUGH] So I always thought that was really cool. I've had quite a bit of jobs before coming to Google. I originally started out making smoothies at Jamba Juice. I got my first IT technological kind of job at Geek Squad and  then eventually came here and became a security engineer. My advice to people trying to get into cybersecurity is it may be a lot easier  than you think. [LAUGH] It definitely was a lot easier than I thought. Something that I learned jumping in myself is that you're not going to be able to  learn everything all at once, and  you're not going to need to know everything all at once.  Linux is very important because it's broadly  used across pretty much every company. You may use Linux to curate logs. It's a very common practice you may also use Linux to set up  bash jobs that will help with routine tasks within Linux. I first got interested in learning Linux from the Jurassic Park movie. There's a scene in the movie where they need to reactivate the electrical doors,  and they have to use a UNIX operating system to do so. So later on, I learned what UNIX was and how Linux came from it,  and it inspired me to learn more about Linux. The best advice I can give someone that's trying to learn Linux and  Linux commands is, don't get discouraged by any small hiccups that come up. Just keep with it. Stick with it. Think of it as when you first learned to swim, right,  you probably weren't that great at it. [LAUGH] It was frustrating, and you were probably a little scared, but  you're stuck with it and I hope that you're able to swim now. [LAUGH] There are a plethora of support resources when learning Linux. One good example is the discussion forum in the certificate course. Another avenue of support for learning Linux is just googling answers using  Stack Overflow, maybe even making a Reddit post. I love working in cybersecurity. It's pretty satisfying to know that me and my team and  then like all the other security teams here at Google are helping protect people  online from things they may not even know about. SQL and Databases Welcome to week 4; SQL and Databases In the world of security, diversity is important. Diverse perspectives are often  needed to find effective solutions. This is also true of the tools we use. Your job will often require  you to use a lot of diverse tools. In the last section,  we studied the Linux command line and learned how  this tool can help you search and filter through data,  navigate through the Linux file system,  and authenticate users. Now, we'll learn about another tool. In this section, we'll explore SQL and how it allows  you to analyze data in a way  needed for your role as a security analyst. We're going to start off by learning about  relational databases and how they're structured. From there, we're going to introduce  SQL queries and how to use  them to access data from databases. We then move on to SQL filters,  which help us refine our queries  to get the exact information we need. Lastly, we'll explore SQL joins,  which allow you to combine tables together. When I'm presented with a problem or a project at work,  I often have to sift through a large amount of data. When I use SQL,  I'm able to review data quickly and provide results with  confidence since the queries are consistent and easily executed. SQL is a very powerful and flexible tool. Throughout this section, you'll  learn how to use the parts of it you  need as a security analyst and gain hands-on experience. Good luck, and I'll join you for the rest of the course! Introduction to databases Our modern world is filled with data and  that data almost always guides us in making important decisions. When working with large amounts of data, we need to know how to store it, so  it's organized and quick to access and process. The solution to this is through databases, and  that's what we're exploring in this video! To start us off,  we can define a database as an organized collection of information or data. Databases are often compared to spreadsheets. Some of you may have used Google Sheets or  another common spreadsheet program in the past. While these programs are convenient ways to store data, spreadsheets  are often designed for a single user or a small team to store less data. In contrast, databases can be accessed by multiple people simultaneously and  can store massive amounts of data. Databases can also perform complex tasks while accessing data. As a security analyst,  you'll often need to access databases containing useful information. For example, these could be databases containing information on login attempts,  software and updates, or machines and their owners. Now that we know how important databases are for us,  let's talk about how they're organized and how we can interact with them. Using databases allow us to store large amounts of data while keeping it quick and  easy to access. There are lots of different ways we can structure a database, but in this course,  we'll be working with relational databases. A relational database is a structured database containing tables that  are related to each other. Let's learn more about what makes a relational database. We'll start by examining an individual table in  a larger database of organizational information. Each table contains fields of information. For example, in this table on employees,  these would include fields like employee_id, device_id, and username. These are the columns of the tables. In addition, tables contain rows also called records. Rows are filled with specific data related to the columns in the table. For example, our first row is a record for an employee whose id is 1,000 and who works in the marketing department. Relational databases often have multiple tables. Consider an example where we have two tables from a larger database, one with  employees of the company and another with machines given to those employees. We can connect two tables if they share a common column. In this example,  we establish a relationship between them with a common employee_id column. The columns that relate two tables to each other are called keys. There are two types of keys.  The first is called a primary key.  The primary key refers to a column where every row has a unique entry. The primary key must not have any duplicate values, or any null or  empty values. The primary key allows us to uniquely identify every row in our table. For the table of employees, employee_id is a primary key. Every employee_id is unique and there are no employee_ids that are duplicate or  empty. The second type of key is a foreign key. The foreign key is a column in a table that is a primary key in another table. Foreign keys, unlike primary keys, can have empty values and duplicates. The foreign key allows us to connect two tables together. In our example, we can look at the employee_id column in the machines table. We previously identified this as a primary key in the employees table, so  we can use this to connect every machine to their corresponding employee. It's also important to know that a table can only have one primary key, but  multiple foreign keys. With this information, we're ready to move on to the basics of SQL,  the language that lets us work with databases. Throughout this section,  we'll gain hands-on experience working with the concepts we just covered! SQL filtering versus Linux filtering Previously, you explored the Linux commands that allow you to filter for specific information contained within files or directories. And, more recently, you examined how SQL helps you efficiently filter for the information you need. In this reading, you'll explore differences between the two tools as they relate to filtering. You'll also learn that one way to access SQL is through the Linux command line. Accessing SQL There are many interfaces for accessing SQL and many different versions of SQL. One way to access SQL is through the Linux command line. To access SQL from Linux, you need to type in a command for the version of SQL that you want to use. For example, if you want to access SQLite, you can enter the command sqlite3 in the command line. After this, any commands typed in the command line will be directed to SQL instead of Linux commands. Differences between Linux and SQL filtering  Although both Linux and SQL allow you to filter through data, there are some differences that affect which one you should choose. Structure SQL offers a lot more structure than Linux, which is more free-form and not as tidy. For example, if you wanted to access a log of employee log-in attempts, SQL would have each record separated into columns. Linux would print the data as a line of text without this organization. As a result, selecting a specific column to analyze would be easier and more efficient in SQL. In terms of structure, SQL provides results that are more easily readable and that can be adjusted more quickly than when using Linux. Joining tables Some security-related decisions require information from different tables. SQL allows the analyst to join multiple tables together when returning data. Linux doesn’t have that same functionality; it doesn’t allow data to be connected to other information on your computer. This is more restrictive for an analyst going through security logs. Best uses As a security analyst, it’s important to understand when you can use which tool. Although SQL has a more organized structure and allows you to join tables, this doesn’t mean that there aren’t situations that would require you to filter data in Linux. A lot of data used in cybersecurity will be stored in a database format that works with SQL. However, other logs might be in a format that is not compatible with SQL. For instance, if the data is stored in a text file, you cannot search through it with SQL. In those cases, it is useful to know how to filter in Linux.  Key takeaways To work with SQL, you can access it from multiple different interfaces, such as the Linux command line. Both SQL and Linux allow you to filter for specific data, but SQL offers the advantages of structuring the data and allowing you to join data from multiple tables. Adedayo: SQL in cybersecurity My name is Adedayo,  and I'm a Security Engineer at Google. A lot of people think you need to have a degree in  computer science, right to be able to get  into cybersecurity. I don't think that's true. Take me for an example,  I started learning IT from Lagos,  Nigeria where I was born and raised,  and then I'm all the way here now in Silicon Valley, working for Google. I think that's just amazing and a dream come true. You taking this certificate is a first step to you  making a commitment to switching  your career to cybersecurity. Kudos to you on that. SQL is one of  the skillset you need to have in your toolbox as a  cybersecurity professional because you can  very quickly make decisions,  not just off the bat,  but make decisions with data backing you,  and be able to communicate with your team,  with stakeholders about why you made  a decision because it's one thing to be able to say,  we need to do this, it's another thing to say we need to do this  and here's the data that I wrote my SQL statements about. I learned SQL by, first,  as a coursework in school, that was really great,  but I think I forgot everything about that after school. The next step that I took was taking online courses,  such as the one you're taking right now to learn  SQL and the fundamentals about it and how to really use it. Then the first time I used SQL practically was at Google. You really need to practice. I think with anything else, practice makes perfect. Being able to, even if it's just a few hours a week,  put aside time to practice writing SQL statement. Having that skill is something that will  be very applicable to your first job,  and you can use that to make data-driven decisions. I feel very fulfilled working in cybersecurity. I feel very energized,  come into work every day. Not only because I get to work on  really complex problems and  try to figure out solutions for them,  but I also have great teammates that we  all come together and tackle the problem. Being able to go to bed at night,  knowing that the work that I do is for the better of  Google users and Google employees is a very rewarding feeling for me. Basic queries In this video, we're going to be  running our very first SQL query! This query will be based on  a common work task that you might  encounter as a security analyst. We're going to determine  which computer has been assigned to a certain employee. Let's say we have access to the employees table. The employees table has five columns. Two of them, employee_id and device_id,  contain the information that we need. We'll write a query to this table that  returns only those two columns from the table. The two SQL keywords we need for  basic SQL queries are SELECT and FROM. SELECT indicates which columns to return. FROM indicates which table to query. The use of these keywords in SQL is very similar  to how we would use these words in everyday language. For example, we can ask a friend to select  apples and bananas from  the big box when going out to buy fruit. This is already very similar to SQL. So let's go ahead and use SELECT and FROM in SQL to  return the information we need on  employees and the computers they use. We start off by typing in the SQL statement. After FROM, we've identified  that the information will be  pulled from the employees table. And after SELECT, employee_id and device_id  indicate the two columns we  want to return from this table. Notice how a comma separates  the two columns that we want to return. It's also worth mentioning a couple of  key aspects related to the syntax of SQL here. Syntax refers to the rules that determine  what is correctly structured in a computing language. In SQL, keywords are not case-sensitive, so  you could also write select and from in lowercase,  but we're placing them in capital letters because it makes the query easier to understand. Another aspect of this syntax  is that semicolons are  placed at the end of the statement. And now, we'll run the query by pressing Enter. The output gives us the information we  need to match employees to their computers. We just ran our very first SQL query! Suppose you wanted to know  what department the employee using  the computer is from, or their  username, or the office they work in. To do that, we can use SQL to make  another statement that prints out  all of the columns from the table. We can do this by placing an asterisk after SELECT. This is commonly referred to as select all. Now, let's run this query to the employees table in SQL. And now we have the full table in the output. You just made it through a basic query  in SQL, congratulations! In the next video,  we'll learn how to add filters to  our queries, so I'll meet you there! Query a database Previously, you explored how SQL is an important tool in the world of cybersecurity and is essential when querying databases. You examined a few basic SQL queries and keywords used to extract needed information from a database. In this reading, you’ll review those basic SQL queries and learn a new keyword that will help you organize your output. You'll also learn about the Chinook database, which this course uses for queries in readings and quizzes. Basic SQL query There are two essential keywords in any SQL query: SELECT and FROM . You will use these keywords every time you want to query a SQL database. Using them together helps SQL identify what data you need from a database and the table you are returning it from. The video demonstrated this SQL query: SELECT employee_id, device_id FROM employees; In readings and quizzes, this course uses a sample database called the Chinook database to run queries. The Chinook database includes data that might be created at a digital media company. A security analyst employed by this company might need to query this data.  For example, the database contains eleven tables, including an employees table, a customers table, and an invoices table. These tables include data such as names and addresses. As an example, you can run this query to return data from the customers table of the Chinook database: SELECT customerid, city, country FROM customers; +------------+---------------------+----------------+ | CustomerId | City | Country | +------------+---------------------+----------------+ | 1 | São José dos Campos | Brazil | | 2 | Stuttgart | Germany | | 3 | Montréal | Canada | | 4 | Oslo | Norway | | 5 | Prague | Czech Republic | | 6 | Prague | Czech Republic | | 7 | Vienne | Austria | | 8 | Brussels | Belgium | | 9 | Copenhagen | Denmark | | 10 | São Paulo | Brazil | | 11 | São Paulo | Brazil | | 12 | Rio de Janeiro | Brazil | | 13 | Brasília | Brazil | | 14 | Edmonton | Canada | | 15 | Vancouver | Canada | | 16 | Mountain View | USA | | 17 | Redmond | USA | | 18 | New York | USA | | 19 | Cupertino | USA | | 20 | Mountain View | USA | | 21 | Reno | USA | | 22 | Orlando | USA | | 23 | Boston | USA | | 24 | Chicago | USA | | 25 | Madison | USA | +------------+---------------------+----------------+ (Output limit exceeded, 25 of 59 total rows shown) The SELECT keyword indicates which columns to return. For example, you can return the customerid column from the Chinook database with SELECT customerid You can also select multiple columns by separating them with a comma. For example, if you want to return both the customerid and city columns, you should write SELECT customerid, city . If you want to return all columns in a table, you can follow the SELECT keyword with an asterisk ( * ). The first line in the query will be SELECT * . Note: Although the tables you're querying in this course are relatively small, using SELECT * may not be advisable when working with large databases and tables; in those cases, the final output may be difficult to understand and might be slow to run.  FROM The SELECT keyword always comes with the FROM keyword. FROM indicates which table to query. To use the FROM keyword, you should write it after the SELECT keyword, often on a new line, and follow it with the name of the table you’re querying. If you want to return all columns from the customers table, you can write: SELECT * FROM customers; When you want to end the query here, you put a semicolon ( ; ) at the end to tell SQL that this is the entire query. Note: Line breaks are not necessary in SQL queries, but are often used to make the query easier to understand. If you prefer, you can also write the previous query on one line as SELECT * FROM customers; and here would be the databases answer for SELECT * FROM customers ORDER BY country, city; +------------+-----------+-------------+--------------------------------------------------+--------------------------------------+---------------------+-------+----------------+------------+---------------------+--------------------+-------------------------------+--------------+ | CustomerId | FirstName | LastName | Company | Address | City | State | Country | PostalCode | Phone | Fax | Email | SupportRepId | +------------+-----------+-------------+--------------------------------------------------+--------------------------------------+---------------------+-------+----------------+------------+---------------------+--------------------+-------------------------------+--------------+ | 56 | Diego | Gutiérrez | None | 307 Macacha Güemes | Buenos Aires | None | Argentina | 1106 | +54 (0)11 4311 4333 | None | diego.gutierrez@yahoo.ar | 4 | | 55 | Mark | Taylor | None | 421 Bourke Street | Sidney | NSW | Australia | 2010 | +61 (02) 9332 3633 | None | mark.taylor@yahoo.au | 4 | | 7 | Astrid | Gruber | None | Rotenturmstraße 4, 1010 Innere Stadt | Vienne | None | Austria | 1010 | +43 01 5134505 | None | astrid.gruber@apple.at | 5 | | 8 | Daan | Peeters | None | Grétrystraat 63 | Brussels | None | Belgium | 1000 | +32 02 219 03 03 | None | daan_peeters@apple.be | 4 | | 13 | Fernanda | Ramos | None | Qe 7 Bloco G | Brasília | DF | Brazil | 71020-677 | +55 (61) 3363-5547 | +55 (61) 3363-7855 | fernadaramos4@uol.com.br | 4 | | 12 | Roberto | Almeida | Riotur | Praça Pio X, 119 | Rio de Janeiro | RJ | Brazil | 20040-020 | +55 (21) 2271-7000 | +55 (21) 2271-7070 | roberto.almeida@riotur.gov.br | 3 | | 1 | Luís | Gonçalves | Embraer - Empresa Brasileira de Aeronáutica S.A. | Av. Brigadeiro Faria Lima, 2170 | São José dos Campos | SP | Brazil | 12227-000 | +55 (12) 3923-5555 | +55 (12) 3923-5566 | luisg@embraer.com.br | 3 | | 10 | Eduardo | Martins | Woodstock Discos | Rua Dr. Falcão Filho, 155 | São Paulo | SP | Brazil | 01007-010 | +55 (11) 3033-5446 | +55 (11) 3033-4564 | eduardo@woodstock.com.br | 4 | | 11 | Alexandre | Rocha | Banco do Brasil S.A. | Av. Paulista, 2022 | São Paulo | SP | Brazil | 01310-200 | +55 (11) 3055-3278 | +55 (11) 3055-8131 | alero@uol.com.br | 5 | | 14 | Mark | Philips | Telus | 8210 111 ST NW | Edmonton | AB | Canada | T6G 2C7 | +1 (780) 434-4554 | +1 (780) 434-5565 | mphilips12@shaw.ca | 5 | | 31 | Martha | Silk | None | 194A Chain Lake Drive | Halifax | NS | Canada | B3S 1C5 | +1 (902) 450-0450 | None | marthasilk@gmail.com | 5 | | 3 | François | Tremblay | None | 1498 rue Bélanger | Montréal | QC | Canada | H2G 1A7 | +1 (514) 721-4711 | None | ftremblay@gmail.com | 3 | | 30 | Edward | Francis | None | 230 Elgin Street | Ottawa | ON | Canada | K2P 1L7 | +1 (613) 234-3322 | None | edfrancis@yachoo.ca | 3 | | 29 | Robert | Brown | None | 796 Dundas Street West | Toronto | ON | Canada | M6J 1V1 | +1 (416) 363-8888 | None | robbrown@shaw.ca | 3 | | 15 | Jennifer | Peterson | Rogers Canada | 700 W Pender Street | Vancouver | BC | Canada | V6C 1G8 | +1 (604) 688-2255 | +1 (604) 688-8756 | jenniferp@rogers.ca | 3 | | 32 | Aaron | Mitchell | None | 696 Osborne Street | Winnipeg | MB | Canada | R3L 2B9 | +1 (204) 452-6452 | None | aaronmitchell@yahoo.ca | 4 | | 33 | Ellie | Sullivan | None | 5112 48 Street | Yellowknife | NT | Canada | X1A 1N6 | +1 (867) 920-2233 | None | ellie.sullivan@shaw.ca | 3 | | 57 | Luis | Rojas | None | Calle Lira, 198 | Santiago | None | Chile | None | +56 (0)2 635 4444 | None | luisrojas@yahoo.cl | 5 | | 5 | František | Wichterlová | JetBrains s.r.o. | Klanova 9/506 | Prague | None | Czech Republic | 14700 | +420 2 4172 5555 | +420 2 4172 5555 | frantisekw@jetbrains.com | 4 | | 6 | Helena | Holý | None | Rilská 3174/6 | Prague | None | Czech Republic | 14300 | +420 2 4177 0449 | None | hholy@gmail.com | 5 | | 9 | Kara | Nielsen | None | Sønder Boulevard 51 | Copenhagen | None | Denmark | 1720 | +453 3331 9991 | None | kara.nielsen@jubii.dk | 4 | | 44 | Terhi | Hämäläinen | None | Porthaninkatu 9 | Helsinki | None | Finland | 00530 | +358 09 870 2000 | None | terhi.hamalainen@apple.fi | 3 | | 42 | Wyatt | Girard | None | 9, Place Louis Barthou | Bordeaux | None | France | 33000 | +33 05 56 96 96 96 | None | wyatt.girard@yahoo.fr | 3 | | 43 | Isabelle | Mercier | None | 68, Rue Jouvence | Dijon | None | France | 21000 | +33 03 80 73 66 99 | None | isabelle_mercier@apple.fr | 3 | | 41 | Marc | Dubois | None | 11, Place Bellecour | Lyon | None | France | 69002 | +33 04 78 30 30 30 | None | marc.dubois@hotmail.com | 5 | +------------+-----------+-------------+--------------------------------------------------+--------------------------------------+---------------------+-------+----------------+------------+---------------------+--------------------+-------------------------------+--------------+ (Output limit exceeded, 25 of 59 total rows shown) ORDER BY Database tables are often very complicated, and this is where other SQL keywords come in handy. ORDER BY is an important keyword for organizing the data you extract from a table. ORDER BY sequences the records returned by a query based on a specified column or columns. This can be in either ascending or descending order. Sorting in ascending order To use the ORDER BY keyword, write it at the end of the query and specify a column to base the sort on. In this example, SQL will return the customerid , city , and country columns from the customers table, and the records will be sequenced by the city column: SELECT customerid, city, country FROM customers ORDER BY city; +------------+--------------+----------------+ | CustomerId | City | Country | +------------+--------------+----------------+ | 48 | Amsterdam | Netherlands | | 59 | Bangalore | India | | 36 | Berlin | Germany | | 38 | Berlin | Germany | | 42 | Bordeaux | France | | 23 | Boston | USA | | 13 | Brasília | Brazil | | 8 | Brussels | Belgium | | 45 | Budapest | Hungary | | 56 | Buenos Aires | Argentina | | 24 | Chicago | USA | | 9 | Copenhagen | Denmark | | 19 | Cupertino | USA | | 58 | Delhi | India | | 43 | Dijon | France | | 46 | Dublin | Ireland | | 54 | Edinburgh | United Kingdom | | 14 | Edmonton | Canada | | 26 | Fort Worth | USA | | 37 | Frankfurt | Germany | | 31 | Halifax | Canada | | 44 | Helsinki | Finland | | 34 | Lisbon | Portugal | | 52 | London | United Kingdom | | 53 | London | United Kingdom | +------------+--------------+----------------+ (Output limit exceeded, 25 of 59 total rows shown) The ORDER BY keyword sorts the records based on the column specified after this keyword. By default, as shown in this example, the sequence will be in ascending order. This means if you choose a column containing numeric data, it sorts the output from the smallest to largest. For example, if sorting on customerid , the ID numbers are sorted from smallest to largest. if the column contains alphabetic characters, such as in the example with the  city column, it orders the records from the beginning of the alphabet to the end.  Sorting in descending order You can also use the ORDER BY with the DESC keyword to sort in descending order. The DESC keyword is short for "descending" and tells SQL to sort numbers from largest to smallest, or alphabetically from Z to A. This can be done by following ORDER BY with the DESC keyword. For example, you can run this query to examine how the results differ when DESC is applied: SELECT customerid, city, country FROM customers ORDER BY city DESC; +------------+---------------------+----------------+ | CustomerId | City | Country | +------------+---------------------+----------------+ | 33 | Yellowknife | Canada | | 32 | Winnipeg | Canada | | 49 | Warsaw | Poland | | 7 | Vienne | Austria | | 15 | Vancouver | Canada | | 27 | Tucson | USA | | 29 | Toronto | Canada | | 10 | São Paulo | Brazil | | 11 | São Paulo | Brazil | | 1 | São José dos Campos | Brazil | | 2 | Stuttgart | Germany | | 51 | Stockholm | Sweden | | 55 | Sidney | Australia | | 57 | Santiago | Chile | | 28 | Salt Lake City | USA | | 47 | Rome | Italy | | 12 | Rio de Janeiro | Brazil | | 21 | Reno | USA | | 17 | Redmond | USA | | 5 | Prague | Czech Republic | | 6 | Prague | Czech Republic | | 35 | Porto | Portugal | | 39 | Paris | France | | 40 | Paris | France | | 30 | Ottawa | Canada | +------------+---------------------+----------------+ (Output limit exceeded, 25 of 59 total rows shown) Now, cities at the end of the alphabet are listed first. Sorting based on multiple columns You can also choose multiple columns to order by. For example, you might first choose the country and then the city column. SQL then sorts the output by country , and for rows with the same country , it sorts them based on city . You can run this to explore how SQL displays this: SELECT customerid, city, country FROM customers ORDER BY country, city; +------------+---------------------+----------------+ | CustomerId | City | Country | +------------+---------------------+----------------+ | 56 | Buenos Aires | Argentina | | 55 | Sidney | Australia | | 7 | Vienne | Austria | | 8 | Brussels | Belgium | | 13 | Brasília | Brazil | | 12 | Rio de Janeiro | Brazil | | 1 | São José dos Campos | Brazil | | 10 | São Paulo | Brazil | | 11 | São Paulo | Brazil | | 14 | Edmonton | Canada | | 31 | Halifax | Canada | | 3 | Montréal | Canada | | 30 | Ottawa | Canada | | 29 | Toronto | Canada | | 15 | Vancouver | Canada | | 32 | Winnipeg | Canada | | 33 | Yellowknife | Canada | | 57 | Santiago | Chile | | 5 | Prague | Czech Republic | | 6 | Prague | Czech Republic | | 9 | Copenhagen | Denmark | | 44 | Helsinki | Finland | | 42 | Bordeaux | France | | 43 | Dijon | France | | 41 | Lyon | France | +------------+---------------------+----------------+ (Output limit exceeded, 25 of 59 total rows shown) Key takeaways SELECT and FROM are important keywords in SQL queries. You use SELECT to indicate which columns to return and FROM to indicate which table to query. You can also include ORDER BY in your query to organize the output. These foundational SQL skills will support you as you move into more advanced queries. find table name and comumns definintion for SQL and variences Standard SQL: For databases that support the ANSI SQL standard and have the INFORMATION_SCHEMA views available, you can use the following query: SELECT table_name, column_name FROM information_schema.columns; you can append if you want to specify where WHERE table_schema = 'your_database_name';  if you want Database-specific Queries:  If you are working with a specific database system and the standard SQL approach doesn't work, you can try the following methods: MySQL/MariaDB: SELECT table_name, column_name FROM information_schema.columns; or SHOW TABLES; DESCRIBE table_name; PostgreSQL:  SELECT table_name, column_name FROM information_schema.columns; SQLite: SELECT name AS table_name, sql AS column_definition FROM sqlite_master WHERE type = 'table'; You would run this SQLite command when you want to list all the tables in your SQLite database along with their SQL schema. SQLite keeps a system table, sqlite_master , where it stores metadata about the database. Each row of sqlite_master represents an object (table, index, etc.) in the database. The columns are: type: the type of the database object, such as 'table' or 'index'. name: the name of the object. tbl_name: the name of the table to which the object is associated. For a table, it's the same as name . rootpage: the page number in the database file where the root B-tree page for the object is stored. sql: the SQL statement that created the object. This command specifies type = 'table' in the WHERE clause, so it only selects tables, not other types of objects like indices. For each table, it selects the name (renamed as table_name for clarity) and the SQL statement that created the table (as column_definition ). So this command is useful when you need to know the structure of all tables in your SQLite database, such as the table names and their corresponding column definitions. It's a handy tool for exploring a database when you don't have the schema in front of you or when you've inherited a database and need to understand its structure. Basic filters on SQL queries One of the most powerful features of SQL is its ability to filter. In this video, we're going to learn how this helps us make better queries and  select more specific pieces of data from a database. Filtering is selecting data that match a certain condition. Think of filtering as a way of only choosing the data we want. Let's say we wanted to select apples from a fruit cart. Filtering allows us to specify what kind of apples we want to choose. When we go buy apples, we might explicitly say, "Choose only apples that are fresh." This removes apples that aren't fresh from the selection. This is a filter! As a security analyst, you might filter a log-in attempts table to find all attempts  from a specific country. This could be done by applying a filter on the country column. For example, you could filter to just return records containing Canada. Before we get started, we need to focus on an important part of the syntax of SQL. Let's learn about operators. An operator is a symbol or keyword that represents an operation. An example of an operator would be the equal to operator. For example, if we wanted to find all records that  have USA in the country column, we use country = 'USA'  To filter a query in SQL, we simply add an extra line to the SELECT and FROM statement we used before. This extra line will use a WHERE clause. In SQL, WHERE indicates the condition for a filter. After the keyword WHERE, the specific condition is listed using operators. So if we wanted to find all of the login attempts made in the United States,  we would create this filter. In this particular condition, we're indicating to return all records that  have a value in the country column that is equal to USA. Let's try putting it all together in SQL. We're going to start with selecting all the columns from the  log_in_attempts table. And then add the WHERE filter. Don't forget the semicolon! This tells us we finished the SQL statement. Now, let's run this query! Because of our filter, only the rows  where the country of the log-in attempt was USA are returned. In the previous example, the condition for our filter was based simply on returning  records that are equal to a particular value. We can also make our conditions more complex by searching for  a pattern instead of an exact word. For example, in the employees table, we have a column for office. We could search for records in this column that match a certain pattern. Perhaps we might want all offices in the East building. To search for a pattern, we used the percentage sign to act as a wildcard for  unspecified characters. If we ran a filter for 'East%', this would return all records that start with East -- for example, the offices East-120, East-290, and East-435. When searching for patterns with the percentage sign,  we cannot use the equals operator. Instead, we use another operator, LIKE. LIKE is an operator used with WHERE to search for a pattern in a column. Since LIKE is an operator, similar to the equal sign,  we use it instead of the equal sign. So, when our goal is to return all values in the office column that start with the word  East, LIKE would appear in a WHERE clause. Let's go back to the example in which we wanted to filter for  log-in attempts made in the United States. Imagine that we realize that our database contains inconsistencies with how  the United States is represented. Some entries use US while others use USA. Let's get into SQL and apply this new type of filter with LIKE. We're going to start with the same first two lines of  code because we want to select all columns from the log-in attempts table. And we're going to add a filter with LIKE so that records will be returned if  they contain a value in the country column beginning with the characters US. This includes both US and USA. Let's run this query to check if the output changes. This returns all  the entries where the user location was in the United States. And now we can use the LIKE clause to filter columns based on a pattern! Wow, we've already learned how to get very precise with our database and  get exactly the data we need with one single query. I'm excited for what's next! The WHERE clause and basic operators Previously, you focused on how to refine your SQL queries by using the WHERE clause to filter results. In this reading, you’ll further explore how to use the WHERE clause, the LIKE operator and the percentage sign ( % ) wildcard. You’ll also be introduced to the underscore ( _ ), another wildcard that can help you filter queries. How filtering helps As a security analyst, you'll often be responsible for working with very large and complicated security logs. To find the information you need, you'll often need to use SQL to filter the logs. In a cybersecurity context, you might use filters to find the login attempts of a specific user or all login attempts made at the time of a security issue. As another example, you might filter to find the devices that are running a specific version of an application. WHERE  To create a filter in SQL, you need to use the keyword WHERE . WHERE indicates the condition for a filter. If you needed to email employees with a title of IT Staff, you might use a query like the one in the following example. You can run this example to examine what it returns:  SELECT firstname, lastname, title, email FROM employees WHERE title = 'IT Staff'; +-----------+----------+----------+------------------------+ | FirstName | LastName | Title | Email | +-----------+----------+----------+------------------------+ | Robert | King | IT Staff | robert@chinookcorp.com | | Laura | Callahan | IT Staff | laura@chinookcorp.com | +-----------+----------+----------+------------------------+ Rather than returning all records in the employees table, this WHERE clause instructs SQL to return only those that contain 'IT Staff' in the title column. It uses the equals sign ( = ) operator to set this condition. Note: You should place the semicolon ( ; ) where the query ends. When you add a filter to a basic query, the semicolon is after the filter.   Filtering for patterns You can also filter based on a pattern. For example, you can identify entries that start or end with a certain character or characters. Filtering for a pattern requires incorporating two more elements into your WHERE clause: a wildcard  the LIKE operator Wildcards A wildcard is a special character that can be substituted with any other character. Two of the most useful wildcards are the percentage sign ( % ) and the underscore ( _ ): The percentage sign substitutes for any number of other characters.  The underscore symbol only substitutes for one other character. These wildcards can be placed after a string, before a string, or in both locations depending on the pattern you’re filtering for. The following table includes these wildcards applied to the string 'a' and examples of what each pattern would return. Pattern Results that could be returned 'a%' apple123, art, a 'a_' as, an, a7 'a__'  ant, add, a1c '%a' pizza, Z6ra, a '_a' ma, 1a, Ha '%a%' Again, back, a '_a_' Car, ban, ea7 LIKE To apply wildcards to the filter, you need to use the LIKE operator instead of an equals sign ( = ). LIKE is used with WHERE to search for a pattern in a column.  For instance, if you want to email employees with a title of either 'IT Staff' or 'IT Manager' , you can use LIKE operator combined with the % wildcard: SELECT lastname, firstname, title, email FROM employees WHERE title LIKE 'IT%'; +----------+-----------+------------+-------------------------+ | LastName | FirstName | Title | Email | +----------+-----------+------------+-------------------------+ | Mitchell | Michael | IT Manager | michael@chinookcorp.com | | King | Robert | IT Staff | robert@chinookcorp.com | | Callahan | Laura | IT Staff | laura@chinookcorp.com | +----------+-----------+------------+-------------------------+ This query returns all records with values in the title column that start with the pattern of 'IT' . This means both 'IT Staff' and 'IT Manager' are returned. As another example, if you want to search through the invoices table to find all customers located in states with an abbreviation of 'NY' , 'NV' , 'NS' or 'NT' , you can use the 'N_' pattern on the state column: SELECT firstname,lastname, state, country FROM customers WHERE state LIKE 'N_'; +-----------+----------+-------+---------+ | FirstName | LastName | State | Country | +-----------+----------+-------+---------+ | Michelle | Brooks | NY | USA | | Kathy | Chase | NV | USA | | Martha | Silk | NS | Canada | | Ellie | Sullivan | NT | Canada | +-----------+----------+-------+---------+ This returns all the records with state abbreviations that follow this pattern. Key takeaways Filters are important when refining what your query returns. WHERE is an essential keyword for adding a filter to your query.  You can also filter for patterns by combining the LIKE operator with the percentage sign ( % ) and the underscore ( _ ) wildcards. Filter dates and numbers In this video, we're going to continue using SQL queries and filters,  but now we're going to apply them to new data types. First, let's explore the three common data types that you will find in databases: string, numeric, and date and time. String data is data consisting of an ordered sequence of characters. These characters could be numbers, letters, or symbols. For example, you'll encounter string data in user names,  such as a user name: analyst10. Numeric data is data consisting of numbers,  such as a count of log-in attempts. Unlike strings, mathematical operations can be used on numeric data,  like multiplication or addition. Date and time data refers to data representing a date and/or time. Previously, we applied filters using string data, but  now let's work with numeric and date and time data. As a security analyst, you'll often need to query numbers and dates. For example, we could filter patch dates to find machines that need an update,  or we could filter log-in attempts to return only those made in a certain period of time. We learned about operators in the last video, and  we're going to use them again for numbers and dates. Common operators for working with numeric or date and  time data types include: equals, greater than, less than,  not equal to, greater than or equal to, and less than or equal to. Let's say you want to find the log-in attempts made after 6 pm. Because this is past normal business hours,  you want to look for suspicious patterns. You can identify these attempts by using the greater than operator in your filter. We'll start writing our query in SQL. We begin by indicating that we want to select all columns FROM the  log_in_attempts table. Then we'll add our filter with WHERE. Our condition indicates that the value in the time column must be greater than, or  for dates and times, later than '18:00', which is how 6 pm is written in SQL. Let's run this and examine the output. Perfect! Now we have a list of log-in attempts made after 6 pm. We can also filter for numbers and dates by using the BETWEEN operator. BETWEEN is an operator that filters for numbers or dates within a range. An example of this would be when looking for  all patches installed within a certain range. Let's do this! Let's find all the patches installed between March 1st,  2021 and September 1st, 2021. In our query, we start with selecting all records FROM the machines table. And we add the BETWEEN operator in the WHERE statement. Let's break down the statement. First, after WHERE, we indicate which column to filter,  in our case, OS_patch_date. Next, comes our operator BETWEEN. We then add the beginning of our range, type AND,  then finish by adding the end of our range and a semicolon. Now, let's run this and explore the output. And now we have a list of all machines patched between those two dates! Before we wrap up, an important thing to note is that when we filter for strings, dates, and times, we use quotation marks to specify what we're looking for. However, for numbers, we don't use quotation marks. With this new knowledge,  you're now ready to work on all sorts of interesting filters for numbers and dates. In the next video, we'll be able to expand our filtering even further by  using multiple conditions in one query. Operators for filtering dates and numbers Previously, you examined operators like less than ( < ) or greater than ( > ) and explored how they can be used in filtering numeric and date and time data types. This reading summarizes what you learned and provides new examples of using operators in filters. Numbers, dates, and times in cybersecurity Security analysts work with more than just string data , or data consisting of an ordered sequence of characters.  They also frequently work with numeric data , or data consisting of numbers. A few examples of numeric data that you might encounter in your work as a security analyst include: the number of login attempts the count of a specific type of log entry the volume of data being sent from a source the volume of data being sent to a destination You'll also encounter date and time data , or data representing a date and/or time. As a first example, logs will generally timestamp every record. Other time and date data might include: login dates login times dates for patches  the duration of a connection Comparison operators In SQL, filtering numeric and date and time data often involves operators. You can use the following operators in your filters to make sure you return only the rows you need: operator use < less than > greater than = equal to <= less than or equal to >= greater than or equal to <> not equal to Note: You can also use != as an alternative operator for not equal to. Incorporating operators into filters These comparison operators are used in the WHERE clause at the end of a query. The following query uses the > operator to filter the birthdate column. You can run this query to explore its output: SELECT firstname, lastname, birthdate FROM employees WHERE birthdate > '1970-01-01'; +-----------+----------+---------------------+ | FirstName | LastName | BirthDate | +-----------+----------+---------------------+ | Jane | Peacock | 1973-08-29 00:00:00 | | Michael | Mitchell | 1973-07-01 00:00:00 | | Robert | King | 1970-05-29 00:00:00 | +-----------+----------+---------------------+ This query returns the first and last names of employees born after, but not on, '1970-01-01' (or January 1, 1970). If you were to use the >= operator instead, the results would also include results on exactly '1970-01-01' . In other words, the > operator is exclusive and the >= operator is inclusive.  An exclusive operator is an operator that does not include the value of comparison. An inclusive operator is an operator that includes the value of comparison. BETWEEN Another operator used for numeric data as well as date and time data is the BETWEEN operator. BETWEEN filters for numbers or dates within a range. For example, if you want to find the first and last names of all employees hired between January 1, 2002 and January 1, 2003, you can use the BETWEEN operator as follows: SELECT firstname, lastname, hiredate FROM employees WHERE hiredate BETWEEN '2002-01-01' AND '2003-01-01'; +-----------+----------+---------------------+ | FirstName | LastName | HireDate | +-----------+----------+---------------------+ | Andrew | Adams | 2002-08-14 00:00:00 | | Nancy | Edwards | 2002-05-01 00:00:00 | | Jane | Peacock | 2002-04-01 00:00:00 | +-----------+----------+---------------------+ Note: The BETWEEN operator is inclusive. This means records with a hiredate of January 1, 2002 or January 1, 2003 are included in the results of the previous query. Key takeaways Operators are important when filtering numeric and date and time data. These include exclusive operators such as < and inclusive operators such as  <= . The BETWEEN operator, another inclusive operator, helps you return the data you need within a range. Filters with AND, OR, and NOT In the previous lesson,  we learned about even more ways to filter queries in  SQL to work with some typical security analyst tasks. However, when working with real security questions,  we often have to filter for multiple conditions. Vulnerabilities, for instance,  might depend on more than one factor. For example, a  security vulnerability might be related to  machines using a specific email client  on a specific operating system. So, to find the possible vulnerabilities,  we need to find machines using  both the email client and the operating system. To make a query with  multiple conditions that must be met,  we use the AND operator between two separate conditions. AND is an operator that specifies that  both conditions must be met simultaneously. Bringing this back to our fruit and vegetable analogy,  this is the same as asking someone to select apples from  the big box where the apples are large and fresh. This means our results won't include any small apples  even if they're fresh, or  any rotten apples even if they're large. They'll only include large fresh apples. The apples must meet both conditions. Going back to our database,  the machines table lists  all operating systems and email clients. We want a list of machines running Operating System  1 and a list of machines using Email Client 1. We'll use the left and right circles in  the Venn diagram to represent these groups. We need SQL to select the machines that  have both OS 1 and Email Client 1. The filled-in area at the intersection of  these circles represents this condition. Let's take this and implement it in SQL. First, we're going to start by  building the first lines of the query,  telling SQL to SELECT*  all columns FROM the machines table. Then, we'll add the WHERE clause.  Let's examine this more closely. First, we indicate  the first condition that it must meet,  that the operating system column has a value of '0S 1' Then, we use AND to join this to another condition. And finally, we enter the other condition,  in this case that  the email client column should  have a value of 'Email Client 1'  And this is how you use the AND operator in SQL! Let's run this to get the query results. Perfect! All the results match both our conditions! Let's keep going and explore more ways to combine  different conditions by working with the OR operator. The OR operator is an operator that  specifies that either condition can be met. In a Venn diagram,  let's say each circle represents a condition. When they are joined with OR, SQL would select all rows that  satisfy one of the conditions. And it's also ok if it meets both conditions. Let's run another query and use the OR operator. Let's say that we wanted the  filter to identify machines that have  either OS 1 or OS 3 because both types need a patch. We'll type in these conditions. Let's examine this more closely. After WHERE, our first condition indicates we want to  filter, so that the query selects machines with 'OS 1' We use the OR operator because we also want  to find records that match another condition. This additional condition is placed after OR and  indicates to also select machines running 'OS 3' Executing the query,  our results now include records that have a value of  either OS 1 or OS 3 in the operating system column. Good job, we're running some complex queries. The last operator we're going to go  into is the NOT operator. NOT negates a condition. In a diagram,  we can show this by selecting  every entry that does not match our condition. The condition is represented by the circle. The filled-in portion outside  the circle represents what gets returned. This is all data that does not match the condition. For example, when picking out fruit,  you can be looking for any fruit that is not an apple. That is a lot more efficient  than telling your friend you want  a banana or an orange or a lime, and so on. Suppose you wanted to update  all of the devices in  your company except for the ones using OS 3. Bringing this into SQL,  we can write this query. We place NOT after  WHERE and before the condition of the filter. Executing these queries gives us the list  of all the machines that aren't running OS 3, and  now we know which machines to update. That was a lot of new content that we just looked into,  but you're learning more and more SQL that you  can use on your journey to become an analyst! In the next video,  we'll be learning how to combine and  join two tables together to  expand the kinds of queries we can run. I'll meet you there! More on filters with AND, OR, and NOT Previously, you explored how to add filters containing the  AND , OR , and NOT operators to your SQL queries. In this reading, you'll continue to explore how these operators can help you refine your queries. Logical operators AND , OR , and NOT allow you to filter your queries to return the specific information that will help you in your work as a security analyst. They are all considered logical operators. AND First, AND is used to filter on two conditions. AND specifies that both conditions must be met simultaneously.  As an example, a cybersecurity concern might affect only those customer accounts that meet both the condition of being handled by a support representative with an ID of 5 and the condition of being located in the USA. To find the names and emails of those specific customers, you should place the two conditions on either side of the AND operator in the WHERE clause: SELECT firstname, lastname, email, country, supportrepid FROM customers WHERE supportrepid = 5 AND country = 'USA'; +-----------+----------+-------------------------+---------+--------------+ | FirstName | LastName | Email | Country | SupportRepId | +-----------+----------+-------------------------+---------+--------------+ | Jack | Smith | jacksmith@microsoft.com | USA | 5 | | Kathy | Chase | kachase@hotmail.com | USA | 5 | | Victor | Stevens | vstevens@yahoo.com | USA | 5 | | Julia | Barnett | jubarnett@gmail.com | USA | 5 | +-----------+----------+-------------------------+---------+--------------+ Running this query returns four rows of information about the customers. You can use this information to contact them about the security concern. OR The OR operator also connects two conditions, but OR specifies that either condition can be met. It returns results where the first condition, the second condition, or both are met. For example, if you are responsible for finding all customers who are either in the USA or Canada so that you can communicate information about a security update, you can use an OR operator to find all the needed records. As the following query demonstrates, you should place the two conditions on either side of the OR operator in the WHERE clause: SELECT firstname, lastname, email, country FROM customers WHERE country = 'Canada' OR country = 'USA'; +-----------+----------+-------------------------+---------+--------------+ | FirstName | LastName | Email | Country | SupportRepId | +-----------+----------+-------------------------+---------+--------------+ | Jack | Smith | jacksmith@microsoft.com | USA | 5 | | Kathy | Chase | kachase@hotmail.com | USA | 5 | | Victor | Stevens | vstevens@yahoo.com | USA | 5 | | Julia | Barnett | jubarnett@gmail.com | USA | 5 | +-----------+----------+-------------------------+---------+--------------+ The query returns all customers in either the US or Canada. Note: Even if both conditions are based on the same column, you need to write out both full conditions. For instance, the query in the previous example contains the filter WHERE country = 'Canada' OR country = 'USA' . NOT Unlike the previous two operators, the NOT operator only works on a single condition, and not on multiple ones. The NOT operator negates a condition. This means that SQL returns all records that don’t match the condition specified in the query.  For example, if a cybersecurity issue doesn't affect customers in the USA but might affect those in other countries, you can return all customers who are not in the USA. This would be more efficient than creating individual conditions for all of the other countries. To use the NOT operator for this task, write the following query and place NOT directly after WHERE : SELECT firstname, lastname, email, country FROM customers WHERE NOT country = 'USA'; +-----------+-------------+-------------------------------+----------------+ | FirstName | LastName | Email | Country | +-----------+-------------+-------------------------------+----------------+ | Luís | Gonçalves | luisg@embraer.com.br | Brazil | | Leonie | Köhler | leonekohler@surfeu.de | Germany | | François | Tremblay | ftremblay@gmail.com | Canada | | Bjørn | Hansen | bjorn.hansen@yahoo.no | Norway | | František | Wichterlová | frantisekw@jetbrains.com | Czech Republic | | Helena | Holý | hholy@gmail.com | Czech Republic | | Astrid | Gruber | astrid.gruber@apple.at | Austria | | Daan | Peeters | daan_peeters@apple.be | Belgium | | Kara | Nielsen | kara.nielsen@jubii.dk | Denmark | | Eduardo | Martins | eduardo@woodstock.com.br | Brazil | | Alexandre | Rocha | alero@uol.com.br | Brazil | | Roberto | Almeida | roberto.almeida@riotur.gov.br | Brazil | | Fernanda | Ramos | fernadaramos4@uol.com.br | Brazil | | Mark | Philips | mphilips12@shaw.ca | Canada | | Jennifer | Peterson | jenniferp@rogers.ca | Canada | | Robert | Brown | robbrown@shaw.ca | Canada | | Edward | Francis | edfrancis@yachoo.ca | Canada | | Martha | Silk | marthasilk@gmail.com | Canada | | Aaron | Mitchell | aaronmitchell@yahoo.ca | Canada | | Ellie | Sullivan | ellie.sullivan@shaw.ca | Canada | | João | Fernandes | jfernandes@yahoo.pt | Portugal | | Madalena | Sampaio | masampaio@sapo.pt | Portugal | | Hannah | Schneider | hannah.schneider@yahoo.de | Germany | | Fynn | Zimmermann | fzimmermann@yahoo.de | Germany | | Niklas | Schröder | nschroder@surfeu.de | Germany | +-----------+-------------+-------------------------------+----------------+ (Output limit exceeded, 25 of 46 total rows shown) SQL returns every entry where the customers are not from the USA. Pro tip: Another way of finding values that are not equal to a certain value is by using the <> operator or the != operator. For example, WHERE country <> 'USA' and WHERE country != 'USA' are the same filters as WHERE NOT country = 'USA' . Combining logical operators Logical operators can be combined in filters. For example, if you know that both the USA and Canada are not affected by a cybersecurity issue, you can combine operators to return customers in all countries besides these two. In the following query, NOT is placed before the first condition, it's joined to a second condition with AND , and then NOT is also placed before that second condition. You can run it to explore what it returns: SELECT firstname, lastname, email, country FROM customers WHERE NOT country = 'Canada' AND NOT country = 'USA'; +-----------+-------------+-------------------------------+----------------+ | FirstName | LastName | Email | Country | +-----------+-------------+-------------------------------+----------------+ | Luís | Gonçalves | luisg@embraer.com.br | Brazil | | Leonie | Köhler | leonekohler@surfeu.de | Germany | | Bjørn | Hansen | bjorn.hansen@yahoo.no | Norway | | František | Wichterlová | frantisekw@jetbrains.com | Czech Republic | | Helena | Holý | hholy@gmail.com | Czech Republic | | Astrid | Gruber | astrid.gruber@apple.at | Austria | | Daan | Peeters | daan_peeters@apple.be | Belgium | | Kara | Nielsen | kara.nielsen@jubii.dk | Denmark | | Eduardo | Martins | eduardo@woodstock.com.br | Brazil | | Alexandre | Rocha | alero@uol.com.br | Brazil | | Roberto | Almeida | roberto.almeida@riotur.gov.br | Brazil | | Fernanda | Ramos | fernadaramos4@uol.com.br | Brazil | | João | Fernandes | jfernandes@yahoo.pt | Portugal | | Madalena | Sampaio | masampaio@sapo.pt | Portugal | | Hannah | Schneider | hannah.schneider@yahoo.de | Germany | | Fynn | Zimmermann | fzimmermann@yahoo.de | Germany | | Niklas | Schröder | nschroder@surfeu.de | Germany | | Camille | Bernard | camille.bernard@yahoo.fr | France | | Dominique | Lefebvre | dominiquelefebvre@gmail.com | France | | Marc | Dubois | marc.dubois@hotmail.com | France | | Wyatt | Girard | wyatt.girard@yahoo.fr | France | | Isabelle | Mercier | isabelle_mercier@apple.fr | France | | Terhi | Hämäläinen | terhi.hamalainen@apple.fi | Finland | | Ladislav | Kovács | ladislav_kovacs@apple.hu | Hungary | | Hugh | O'Reilly | hughoreilly@apple.ie | Ireland | +-----------+-------------+-------------------------------+----------------+ (Output limit exceeded, 25 of 38 total rows shown) Key takeaways Logical operators allow you to create more specific filters that target the security-related information you need. The AND operator requires two conditions to be true simultaneously, the OR operator requires either one or both conditions to be true, and the NOT operator negates a condition. Logical operators can be combined together to create even more specific queries. Join tables in SQL You've already learned a lot about  SQL queries and filters. Nice work! The last concept we're introducing in  this section is joining tables when querying a database. This is helpful when you need  information from two different tables in a database. Let's say we have two tables:  one that tells us about security vulnerabilities of  different operating systems, and one  about different machines in our company,  including their operating systems. Having the ability to combine them  gives us a list of vulnerable machines. That's pretty cool, right? First, let's start talking about the syntax of joins. Since we're working with two tables now,  we need a way to tell SQL  what table we're picking columns from.  In our example database, we have an employee_id column  in both the employees table and the machines table. In SQL statements that contain two columns,  SQL needs to know which column we're referring to. The way to resolve this is by  writing the name of the table first,  then a period, and then the name of a column. So, we would have employees followed by a period,  followed by the column name. This is the employee_id column for the employees table. Similarly, this is the employee_id column  for the machines table. Now that we understand this syntax,  let's apply it to a join! Imagine that we want to get  a deeper understanding of  the employees accessing the machines in our company. By joining the employees and  the machines tables, we can do this! We first need to identify  the shared column that we'll  use to connect the two tables. In this case, we'll use a primary key and  one table to connect to  another table where it's a foreign key. The primary key of the employees table is employee_id,  which is a foreign key in the machines table. employee_id is a primary key  in the employees table because it has  a unique value for every row in the employees table, and no empty values. We don't have a guarantee that the employee_id column in  the machines table follows  the same criteria since it's a foreign key and not a primary key. Next, we'll use a type of join called an INNER JOIN. An INNER JOIN returns rows matching on  a specified column that exists in more than one table. Tables usually contain many more rows,  but to further explain what we mean by INNER JOIN,  let's focus on just four rows from  the employees table and four rows from the machines table. We'll also look at  just a few columns of each table for this example. Let's say we choose  employee_id in both tables to perform an INNER JOIN. Let's look at the two rows where there is a match. Both tables have 1188 and  1189 in their respective employee_id columns,  so they are considered a match. The results of the join is the two rows that have 1188  and 1189 and all columns from both tables.  Before we move on to the queries,  we have to talk about the NULL values in the tables. In SQL, NULL represents a missing value due to any reason. In this case, this might be  machines that are not assigned to any employee. Now, let's bring this into SQL  and do an INNER JOIN on the full tables. Let's imagine we want to join  these tables in order to get a list of users and  their office location that also shows what operating system they use on their machines. employee_id is a common column between these tables, and  we can use this to join them. But we won't need to show this column in the results. First, let's start with a basic query  that indicates we want to select the username,  office, and operating_system columns. We want employees to be our first or left table, so  we'll use that in our FROM statement. Now, we write the part of the query that tells SQL  to join the machines table with the employees table. Let's break down this query. INNER JOIN tells SQL to perform the INNER JOIN. Then, we name the second table  we want to combine with the first. This is called the right table. In this case, we want to join machines with  the employees table that was  already identified after FROM. Lastly, we tell SQL what column to base the join on. In our case, we're using the employee_id column. Since we're using two tables,  we have to identify the table  and follow that with the column name. So, we have employees.employee_id. And machines.employee_id. Let's review the output. Perfect! We have now joined two tables. The results of our query displays  the records that match on the employee_id column. Notice that these records  contain columns from both tables,  but only the ones we've  indicated through our SELECT statement. There are other types of joins that don't  require a match to join two tables, and  we're going to discuss those in the next video. I'll meet you there! Types of joins Welcome back. I hope you enjoyed working on inner joins. In the previous video and  exercises, we saw how inner joins can be useful by only returning records  that share a value in specify columns. However, in some situations, we might need  all of the entries from one or both of our tables. This is where we need to use outer joins. There are three types of outer joins: LEFT JOIN,  RIGHT JOIN, and FULL OUTER JOIN. Similar to inner joins,  outer joins combine two tables together;  however, they don't necessarily need  a match between columns to return a row. Which rows are returned depends on the type of join. LEFT JOIN returns all of the records of the first table, but only returns rows of  the second table that match on a specified column. Like we did in the previous video, let's  examine this type of join by  looking at just four rows of  two tables with a small number of columns. Employees is the left table, or the first table,  and machines is the right table, or the second table. Let's join on employee_id.  There's a matching value in this column for two of the four records. When we execute the join,  SQL returns these rows with the matching value,  all other rows from  the left table, and all columns from both tables. Records from the employees table that  didn't match but were returned through the LEFT  JOIN contain NULL values in columns that came from the machines table. Next, let's talk about right joins.  RIGHT JOIN returns all  of the records of the second table  but only returns rows from  the first table that match on a specified column. With a RIGHT JOIN on the previous example,  the full result returns matching rows from both,  all the rows from  the second table, and all the columns in both tables.  For the values that don't exist in either table,  we are left with a NULL value. Last, we'll discuss full outer joins. FULL OUTER JOIN returns all records  from both tables. Using our same example,  a FULL OUTER JOIN returns all columns from all tables. If a row doesn't have a value for  a particular column, it returns NULL. For example, the machines table  do not have any rows with employee_id  1190, so the values for that row and the columns that came from the machines table is NULL. To implement left joins, right joins,  and full outer joins in SQL, you use  the same syntax structure as the INNER JOIN  but use these keywords: LEFT JOIN, RIGHT JOIN,  and FULL OUTER JOIN.  As a security analyst, you're not required to know all of these from memory. Once you understand the type of join you need, you can quickly search and find all the information you need to execute these queries. With this information on joins, we've now covered some very important information you'll need as a security analyst using SQL. Thank you for joining me in this video. Compare types of joins Previously, you explored SQL joins and how to use them to join data from multiple tables when these tables share a common column. You also examined how there are different types of joins, and each of them returns different rows from the tables being joined. In this reading, you'll review these concepts and more closely analyze the syntax needed for each type of join. Inner joins The first type of join that you might perform is an inner join. INNER JOIN returns rows matching on a specified column that exists in more than one table. It only returns the rows where there is a match, but like other types of joins, it returns all specified columns from all joined tables. For example, if the query joins two tables with SELECT * , all columns in both of the tables are returned. Note: If a column exists in both of the tables, it is returned twice when SELECT * is used. The syntax of an inner join To write a query using INNER JOIN , you can use the following syntax: SELECT * FROM employees INNER JOIN machines ON employees.device_id = machines.device_id; SELECT thing1, thing2, thingX FROM table1 inner join table2 ON table1.commun_colomn =  table2.common_colomn; You must specify the two tables to join by including the first or left table after FROM and the second or right table after INNER JOIN . After the name of the right table, use the ON keyword and the = operator to indicate the column you are joining the tables on. It's important that you specify both the table and column names in this portion of the join by placing a period ( . ) between the table and the column. In addition to selecting all columns, you can select only certain columns.  For example, if you only want the join to return the username , operating_system and device_id columns, you can write this query: SELECT username, operating_system, employees.device_id FROM  employees INNER JOIN machines ON employees.device_id = machines.device_id; it makes more sense for it to be all in one row for me so heres an explanation of each part how it works SELECT thing_1, thing_2, thing_X FROM table1 INNER JOIN table2 ON table1.common_column =  table2.common_column; Note : In the example query, username and operating_system only appear in one of the two tables, so they are written with just the column name. On the other hand, because device_id appears in both tables, it's necessary to indicate which one to return by specifying both the table and column name ( employees.device_id ). Outer joins Outer joins expand what is returned from a join. Each type of outer join returns all rows from either one table or both tables. Left joins When joining two tables, LEFT JOIN returns all the records of the first table, but only returns rows of the second table that match on a specified column.  The syntax for using LEFT JOIN is demonstrated in the following query: SELECT * FROM employees LEFT JOIN machines ON employees.device_id = machines.device_id; As with all joins, you should specify the first or left table as the table that comes after FROM and the second or right table as the table that comes after LEFT JOIN . In the example query, because employees is the left table, all of its records are returned. Only records that match on the device_id column are returned from the right table, machines .  Right joins When joining two tables, RIGHT JOIN returns all of the records of the second table, but only returns rows from the first table that match on a specified column. The following query demonstrates the syntax for RIGHT JOIN : SELECT * FROM employees RIGHT JOIN machines ON employees.device_id = machines.device_id; RIGHT JOIN has the same syntax as LEFT JOIN , with the only difference being the keyword RIGHT JOIN instructs SQL to produce different output. The query returns all records from machines , which is the second or right table. Only matching records are returned from employees , which is the first or left table. Note:   You can use LEFT JOIN and RIGHT JOIN and return the exact same results if you use the tables in reverse order. The following RIGHT JOIN query returns the exact same result as the LEFT JOIN query demonstrated in the previous section: SELECT * FROM machines RIGHT JOIN employees ON employees.device_id = machines.device_id; All that you have to do is switch the order of the tables that appear before and after the keyword used for the join, and you will have swapped the left and right tables. Full outer joins  FULL OUTER JOIN returns all records from both tables. You can think of it as a way of completely merging two tables. You can review the syntax for using FULL OUTER JOIN in the following query: SELECT * FROM employees FULL OUTER JOIN machines ON employees.device_id = machines.device_id; The results of a FULL OUTER JOIN query include all records from both tables. Similar to INNER JOIN , the order of tables does not change the results of the query. Key takeaways When working in SQL, there are multiple ways to join tables.  All joins return the records that match on a specified column. INNER JOIN will return only these records. Outer joins also return all other records from one or both of the tables. LEFT JOIN returns all records from the first or left table, RIGHT JOIN returns all records from the second or right table, and FULL OUTER JOIN returns all records from both tables.  Continuous learning in SQL You've explored a lot about SQL, including applying filters to SQL queries and joining multiple tables together in a query.  There's still more that you can do with SQL. This reading will explore an example of something new you can add to your SQL toolbox: aggregate functions. You'll then focus on how you can continue learning about this and other SQL topics on your own. Aggregate functions In SQL, aggregate functions are functions that perform a calculation over multiple data points and return the result of the calculation. The actual data is not returned.  There are various aggregate functions that perform different calculations: COUNT returns a single number that represents the number of rows returned from your query. AVG returns a single number that represents the average of the numerical data in a column. SUM returns a single number that represents the sum of the numerical data in a column.  Aggregate function syntax To use an aggregate function, place the keyword for it after the SELECT keyword, and then in parentheses, indicate the column you want to perform the calculation on. For example, when working with the customers table, you can use aggregate functions to summarize important information about the table. If you want to find out how many customers there are in total, you can use the COUNT function on any column, and SQL will return the total number of records, excluding NULL values. You can run this query and explore its output: SELECT COUNT(firstname) FROM customers; +------------------+ | COUNT(firstname) | +------------------+ | 59 | +------------------+ The result is a table with one column titled COUNT(firstname) and one row that indicates the count. If you want to find the number of customers from a specific country, you can add a filter to your query: SELECT COUNT(firstname) FROM customers WHERE country = 'USA'; +------------------+ | COUNT(firstname) | +------------------+ | 13 | +------------------+ With this filter, the count is lower because it only includes the records where the country column contains a value of 'USA' . There are a lot of other aggregate functions in SQL. The syntax of placing them after SELECT is exactly the same as the COUNT function. Continuing to learn SQL SQL is a widely used querying language, with many more keywords and applications. You can continue to learn more about aggregate functions and other aspects of using SQL on your own. Most importantly, approach new tasks with curiosity and a willingness to find new ways to apply SQL to your work as a security analyst. Identify the data results that you need and try to use SQL to obtain these results. Fortunately, SQL is one of the most important tools for working with databases and analyzing data, so you'll find a lot of support in trying to learn SQL online. First, try searching for the concepts you've already learned and practiced to find resources that have accurate easy-to-follow explanations. When you identify these resources, you can use them to extend your knowledge. Continuing your practical experience with SQL is also important. You can also search for new databases that allow you to perform SQL queries using what you've learned. Key takeaways Aggregate functions like COUNT , SUM , and AVG allow you to work with SQL in new ways. There are many other additional aspects of SQL that could be useful to you as an analyst. By continuing to explore SQL on your own, you can expand the ways you can apply SQL in a cybersecurity context. Wrap-up; Glossary terms from week 4 Congratulations! We've made it  together through the end of our focus on SQL. You've put in a lot of  work and learned an important tool that  will help you on your journey as a security analyst. Let's take a moment to go through all  of the topics you learned in this section. We started by learning about  the structure of relational databases  and how we can access them by  using the query language SQL. We then got hands-on practice  with writing our own SQL queries. We used SQL to bring up information you might  need on the job when working as an analyst. We then focused on SQL filters. We started with simple conditions with strings,  and by the end, we learned how to use  multiple filters in one query. We concluded the unit with SQL  joins and learned how to join multiple tables,  giving us even more information at once. By completing this course,  you just took a very big step in  your future career as a security analyst. You have been introduced to  a powerful tool that can help you in your work. Whenever you need to,  I encourage you to revisit the materials in this course. Learning a querying language like SQL takes time. Thank you again for joining me in this journey. I hope you'll enjoy using SQL as much as I do.  Terms and definitions from Course 4, Week 4 Database : An organized collection of information or data Date and time data: Data representing a date and/or time Exclusive operator : An operator that does not include the value of comparison Filtering: Selecting data that match a certain condition Foreign key: A column in a table that is a primary key in another table  Inclusive operator: An operator that includes the value of comparison Log: A record of events that occur within an organization's systems Numeric data: Data consisting of numbers Operator: A symbol or keyword that represents an operation Primary key: A column where every row has a unique entry Query: A request for data from a database table or a combination of tables Relational database: A structured database containing tables that are related to each other String data : Data consisting of an ordered sequence of characters SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database Syntax: The rules that determine what is correctly structured in a computing language Wildcard : A special character that can be substituted with any other character Course wrap-up You made it to the end of this course! Congratulations—you did it! I hope you are proud of all you learned. The focus of this course was computing basics. Understanding the basics of computing is a valuable skill as you transition into your career as a security analyst. Let's recap what you learned in this course. We first focused on operating systems and how they relate to applications and hardware. Understanding how the system you're protecting works is essential for doing your job effectively. That brings us to the Linux operating system. When working in the security profession, familiarity with Linux is important. We first discussed this architecture and various distributions. Then, we used a Linux command line to carry out tasks you might encounter as a security analyst. Finally, we looked at another useful tool and used SQL to query databases. After this course, I hope you have a better understanding of how these foundations of computing support a security analyst in their daily work. I also hope you continue your path with this program. There are a lot of other useful and exciting topics ahead. Once again, congratulations. You've finished another course. Building skills is something you should be proud of. Keep it up as you progress through this program. Terms and definitions from Course 4 A Absolute file path: The full file path, which starts from the root Application: A program that performs a specific task Argument (Linux): Specific information needed by a command Authentication: The process of verifying who someone is Authorization: The concept of granting access to specific resources in a system B Bash: The default shell in most Linux distributions Basic Input/Output System (BIOS): A microchip that contains loading instructions for the computer and is prevalent in older systems  Bootloader: A software program that boots the operating system C CentOS: An open-source distribution that is closely related to Red Hat Central Processing Unit (CPU): A computer’s main processor, which is used to perform general computing tasks on a computer Command: An instruction telling the computer to do something Command-line interface (CLI): A text-based user interface that uses commands to interact with the computer D Database : An organized collection of information or data Date and time data: Data representing a date and/or time Digital forensics: The practice of collecting and analyzing data to determine what has happened after an attack Directory: A file that organizes where other files are stored Distributions: The different versions of Linux E Exclusive operator : An operator that does not include the value of comparison F File path: The location of a file or directory Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data Filtering: Selecting data that match a certain condition Foreign key: A column in a table that is a primary key in another table  G Graphical user interface (GUI): A user interface that uses icons on the screen to manage different tasks on the computer H Hard drive: A hardware component used for long-term memory Hardware: The physical components of a computer I Inclusive operator: An operator that includes the value of comparison Internal hardware: The components required to run the computer K Kali Linux ™ : An open-source distribution of Linux that is widely used in the security industry Kernel: The component of the Linux OS that manages processes and memory L Legacy operating system: An operating system that is outdated but still being used Linux: An open-source operating system Log: A record of events that occur within an organization's systems N nano: A command-line file editor that is available by default in many Linux distributions Numeric data: Data consisting of numbers O Operating system (OS) : The interface between computer hardware and the user Operator: A symbol or keyword that represents an operation Options: Input that modifies the behavior of a command P Package: A piece of software that can be combined with other packages to form an application Package manager: A tool that helps users install, manage, and remove packages or applications Parrot: An open-source distribution that is commonly used for security Penetration test (pen test): A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes Peripheral devices: Hardware components that are attached and controlled by the computer system Permissions: The type of access granted for a file or directory Primary key: A column where every row has a unique entry Principle of least privilege: The concept of granting only the minimal access and authorization required to complete a task or function Q Query: A request for data from a database table or a combination of tables R Random Access Memory (RAM): A hardware component used for short-term memory Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course) : A subscription-based distribution of Linux built for enterprise use Relational database: A structured database containing tables that are related to each other Relative file path: A file path that starts from the user's current directory Root directory: The highest-level directory in Linux Root user (or superuser): A user with elevated privileges to modify the system S Shell: The command-line interpreter  SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database Standard error: An error message returned by the OS through the shell Standard input: Information received by the OS via the command line Standard output: Information returned by the OS through the shell String data: Data consisting of an ordered sequence of characters Syntax: The rules that determine what is correctly structured in a computing language U Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries Unified Extensible Firmware Interface (UEFI): A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems User: The person interacting with a computer  User interface: A program that allows the user to control the functions of the operating system V Virtual machine (VM) : A virtual version of a physical computer W Wildcard : A special character that can be substituted with any other character