Your expert guidance towards a career in Linux.

I’ve been meaning to take some kind of Linux certification for a number of years, but I haven’t been able to save up enough cash to sign up to anything just yet. :/

I’ve been looking at The Linux Foundation’s training, which looks pretty good and it’s fairly vendor neutral. You can study for the Linux foundation certifications using any Debian or Red Hat/RPM based distro. It covers both package management systems and the skills you learn are transferable to other distros which use other packaging systems too.

Whereas Red Hat training is specific to Red Hat/RPM based systems. So you need to be working on a Red-Hat based system. Which is fair enough. I’m just not a huge fan of Red-Hat. I’ve always preferred Debian, so the LF courses are a better fit for me.

(BTW: I’m not dissing the Red-Hat certifications – they cover the same material as the LF courses)

WRT becoming a self-sufficient Linux user:

– Use Linux as much as you can.

– Install some different distros.

– Set up and secure some servers/services.

– Rather than installing easy to install distros like Ubuntu, Debian, Red-Hat etc. Perhaps take a look at some of the more intricate distros, like Arch, Gentoo, Slackware or Linux From Scratch. These distros will force you to get your hands dirty during installation and you will learn a lot more about how a Linux-based operating system works.

If nothing else, they will at least make you appreciate the work that goes into making other distros more user-friendly at install-time!

If you want to get into pen-testing, there are a lot of different places offering training and certification ATM. But there is a lot of technical material to cover and you will almost certainly need to be able to write scripts using shell-scripting. Learning at least one or two other scripting languages will also help (depends on the course – but commonly used scripting languages are Perl, Python, Ruby, Lua etc…).

It also depends how far down the rabbit-hole you want to go. If you just want to learn how to use the tools in Kali to find/exploit weaknesses using known exploits, then you probably won’t need to know much more than Kali’s toolset and some scripting.

But if you want to get into finding new exploits, reverse engineering, or malware analysis – you’d need to have a deep understanding of several systems programming languages like C, C++ and Assembly. Perhaps also Java.

To set up a home pen-testing lab, you could install Linux on a few different machines on a small network. It doesn’t need to be top of the line, brand new machines or anything – just any old PC’s/laptops you have.

Alternatively you could use something like Virtualbox to set up and network a couple of VM’s on your PC/Laptop.

Initially, you’d need one machine with Kali and one with something like Metasploitable, or Damn Vulnerable Linux on it. As their names imply these are distros that are deliberately full of vulnerabilities.

There are tutorials and books/articles available online that can walk you through using various Kali tools.

Once you’ve learnt to use the tools in Kali to break into a system which is choc-full of security holes, you can look at replacing the deliberately vulnerable distro with something more general-purpose – like Debian or Fedora.

Once the new distro is in place, you can attempt to set-up and secure some services on it (web-server, mail server, ssh etc) and then audit its security using Kali.