If you’re prepping for the Security+ exam, you might wonder how many Linux commands you need to know. In short, not many. However, if you know some basics, you’ll be better prepared to answer the live questions. As an example, can you answer this question?
Q. After entering the following command on a Linux system, what are you likely to see?
cat /etc/shadow | grep root
A. The contents of the Linux password file
B. The password for the root account
C. The encrypted password of the root account
D. The encrypted password of the grep account
The answer and explanation is available at the end of this post.
Linux Commands and CompTIA
CompTIA seems to be increasing their testing of Linux commands in their different certification exams. For example, the CompTIA A+ exam now includes testing of the following commands. Do you know their meaning? If not click the links to learn more.
- ls (short for list)
- grep (short for global-regular-expression-print)
- cd (short for change directory)
- shutdown (not short for anything – it means shutdown)
- pwd (short for print working directory)
- password (used to change the password)
- mv (short for move)
- cp (short for copy)
Another commonly used command is cat (short for concatenate), which is commonly used to read the contents of one or more files. This is similar to how the type command is used on Windows systems.
Linux and Passwords
Passwords are stored in the /etc/password file in an encrypted format. Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide mentions this in the context of directory traversal attacks.
How the passwords are stored is complex though. They are typically combined with a salt (random bits) before being hashed with a hashing algorithm. Additionally, the result is sometimes encrypted. With that in mind, the following command won’t show you the actual passwords stored in the /etc/password file.
cat /etc/shadow
It will show you the hashed, salted hashed, and/or salted hashed and encrypted passwords.
The Pipe Command
Many scripting languages (including typical Linux commands) support the pipe command (|). The pipe command is placed between two commands to filter the first command based on the requirements of the second command.
As an example, the grep command searches for a string in a file or output. You can use this to filter the output of an initial command. Consider this command:
cat /etc/shadow | grep root
The first command (cat /etc/shadow) retrieves all of the passwords in the /etc/shadow file (in their encrypted format).
Combined with the pipe symbol and grep root, it filters the output to show only the password stored for the root user.
The actual output of the full command may look something like this:
root:$5$34vblkKfr1$nvGr6FcDeF92R5xF/CiskfdnEnnWNtLdl.Etq5oLVqj.UVhoWJKF4.FstCXcrj4SkARtpAigfRm1:15045:0:99999:7:::
There is some meaning to the output, but the key point is that it shows the stored data for the root account.
Last, it’s worth mentioning that if a non-administrator executed the command, the result would be simply “Permission denied.”
So, can you answer this question?
Q. After entering the following command on a Linux system, what are you likely to see?
cat /etc/shadow | grep root
A. The contents of the Linux password file
B. The password for the root account
C. The encrypted password of the root account
D. The encrypted password of the grep account
C is correct. This command will show you the encrypted password of the root account. This should be apparent because it is using the /etc/shadow file and it uses the Linux root account. However, the command is complex.
The cat command (short for concatenation) is a Linux command used to read the contents of one or more files. In this example, it is used to read the /etc/shadow file, which is the password file on a Linux system.
The grep command (short for globally search a regular expression and print) is available on Linux/Unix computers. It can search for a specific string or pattern of text within a file, and in this example is searching for the string “root”, which is the name of the administrator account.
The | character indicates that you are “piping” the output of the first command (cat /etc/shadow) to the second command (grep root). In effect, the first command gives you a large output, and the second command filters the output to narrow the search.
When grep root is used with the cat command against the /etc/shadow file it reads the password for the root account. However, the root password is encrypted so you don’t see it in clear text.
A is incorrect. Because the command is filtered with grep root, it doesn’t show the full contents of the Linux password file.
B is incorrect. Because the password is encrypted, it isn’t accurate to say that the command shows the password for the root account.
D is incorrect. Grep is a command, not the name of an account.