Linux File Systems

Kali Linux, being a Debian-based distribution, follows the Linux Filesystem Hierarchy Standard (FHS). Understanding the file system is crucial for cybersecurity professionals, especially for penetration testing, forensic investigations, and system administration.

1. Root Directory (/)

The root directory is the top-level directory in Kali Linux. All other directories branch from it.

---

2. Important Directories in Kali Linux

Here’s a breakdown of key directories:

System Directories

Directory	Description
/bin	Essential user binaries (e.g., ls, cat, cp, mv, bash) used in single-user mode.
/sbin	System binaries (e.g., fdisk, iptables, reboot), primarily used by the root user.
/boot	Contains the Linux kernel (vmlinuz), bootloader (GRUB), and initrd files.
/dev	Device files for hardware components like disks (/dev/sda), USB (/dev/ttyUSB0), and random number generators (/dev/random).
/etc	Configuration files for system-wide settings (e.g., /etc/passwd, /etc/shadow, /etc/apt/sources.list).
/lib	Shared libraries for binaries in /bin and /sbin.
/lib64	Libraries for 64-bit binaries.
/opt	Optional software, often used for third-party tools.
/srv	Data for services (e.g., web server files).
/tmp	Temporary files. Gets cleared on reboot.
/var	Variable files like logs (/var/log), spool files (/var/spool), and caches (/var/cache).

---

User-Specific Directories

Directory	Description
/home	Home directories for regular users (/home/username).
/root	Home directory for the root user.

---

Mount Points

Directory	Description
/mnt	Temporarily mounted filesystems (USB, external drives, etc.).
/media	Automatically mounted removable media (CDs, USB drives).
/proc	Virtual filesystem containing process and kernel information (e.g., /proc/cpuinfo).
/sys	Virtual filesystem with system and kernel information, like /sys/class/net for network interfaces.

---

3. Kali-Specific Directories

Since Kali Linux is a penetration testing distribution, it has some unique tools and configurations:

Directory	Description
/usr/share/kali-linux	Kali-specific resources and scripts.
/usr/share/wordlists	Pre-installed wordlists (e.g., rockyou.txt for password cracking).
/usr/share/exploitdb	Exploit Database (exploitdb) with exploit scripts.
/usr/bin	Contains most penetration testing tools like nmap, metasploit, john, etc.
/etc/kali-linux	Configuration files for Kali's specific security settings.

---

4. File System Permissions

Understanding file permissions is crucial for security:

• ls -l command displays permissions.

• Permissions follow the rwx (read, write, execute) format, e.g.:

  -rw-r--r--  1 root root 12345 Mar 18 12:00 example.txt

  • User (root): rw- (read, write)

  • Group (root): r-- (read)

  • Others: r-- (read)

• Common permission commands:

  • chmod 755 file: Assign read/write/execute to owner, read/execute to others.

  • chown root:users file: Change file ownership.

  • sudo su or sudo -i: Switch to the root user.

---

5. Kali File System for Forensics & Security

• Log Files (/var/log): Useful for forensic investigations.

• Mounted Devices (/mnt, /media): Checking for malicious USBs.

• Hidden Files (. files in home directories): Used for persistence techniques.

• Proc File System (/proc): Checking for suspicious running processes.

---

Conclusion

Understanding the Kali Linux file system helps in system administration, penetration testing, and forensic investigations. Mastering key directories, permissions, and logs is essential for securing and analyzing a Kali system.

Would you like specific commands or real-world use cases related to any of these directories? 🚀