Best Linux distro for learning Linux

[Sintezza]

1 minute ago, Mr Robot said:

OK thanks. But just so you know

http://linuxbsdos.com/2013/03/15/add-a-non-root-user-account-to-kali-linux/

I also tried Kali, but i personaly dont realy see the value of that distribution for a daily use system.

But of course its your choice.

[Sintezza]

1 minute ago, Mr Robot said:

OK thanks. But just so you know

http://linuxbsdos.com/2013/03/15/add-a-non-root-user-account-to-kali-linux/

I also tried Kali, but i personaly dont realy see the value of that distribution for a daily use system.

But of course its your choice.

[CRSaka..]

rewrite

Edited September 7, 2016 by CRSaka..
rewrite for better quote

[CRSaka..]

4 hours ago, Mr Robot said:

I want to learn the Linux terminal but i don't which distro to use, i'd like to start with kali but i've heard that it's not good for beginners. Why?

It's a highly tailored distrobution that is not intended to be used as a daily driver...Most people that know what they're doing in Kali will not utilize it as a daily driver as it is not the best option in any way.< literally no way shape or form for daily use

 

People that are learning Linux could really really mess up hard in Kali and end up in prison... That's is why you shouldn't recommend it to someone who has already stated their interest in learning. That person will explore and might unknowingly do some very naughty things. That peeve people that know how to find them and send the police. It happens more often then you think.

 

4 hours ago, Mr Robot said:

learn linux terminal...a step by step guide to learning it?

Google is your friend!

A few useful resources:

Bash Refernce Manual

The Bourne-Again Shell

Shellcheck - Check bash scripts for common errors

[Fourthdwarf]

A bit late, but yes, Kali is designed for one task, and yes, Gentoo is not something for newbies.

 

When you set up partitions though, I suggest the following: 2x 20-30gb partitions (15GB at the *very* least), and one taking up the rest of the space you want to use.

 

So that your partitions look like this:

 

partition1 20gb mounted at /

partition2 20gb unused

partition3 (many go) mounted at /home

 

This will make easier if you choose to dabble in Arch and later Gentoo or even LFS.

 

If you didn't understand any of that though, it's best you don't try it.

[CRSaka..]

1 hour ago, Fourthdwarf said:

This will make easier if you choose to dabble in Arch and later Gentoo or even LFS.

using an lvm partition might be a good option if you are unaware of the future use as well.

[Urishima]

6 hours ago, Fourthdwarf said:

So that your partitions look like this:

 

partition1 20gb mounted at /

partition2 20gb unused

partition3 (many go) mounted at /home

 

This will make easier if you choose to dabble in Arch and later Gentoo or even LFS.

 

If you didn't understand any of that though, it's best you don't try it.

Don't forget your EFI system partition.

[CRSaka..]

22 hours ago, Urishima said:

Don't forget your EFI system partition.

and /boot ... needs to be encrypted to protect from init=/bin/sh source

in a nutshell it should be more like

/boot/efi -not encrypted

/boot -encrypted

--suggest lvm here -encryption not necessary

-/

-/home

...

blank partition () not mounted no fs

 

Edited September 9, 2016 by CRSaka..
added blank partition

[Urishima]

2 hours ago, CRSaka.. said:

and /boot ... needs to be encrypted to protect from init=/bin/sh source

That only works if you have physical access to the machine. It is, honestly, a feature that is left in deliberately for performing system maintenance.

 

If an attacker has physical access to your machine, you have majorly fucked up anyway. You can encrypt /boot all you want, the attacker can simply grab the drive and take it with him and access it later with his own hardware. If he can gain access to the machine, it would be foolish to think that he couldn't just waltz out with your drive afterwards. Unless you actually encrypt you data on /home or wherever you store your important files, your files are not safe. Encrypting /boot makes no difference in that case.

Restricting physical access is a critical part of security. Some might say it is the most important part, the thing you should worry about first.

 

As for the ESP, you might as well mount it as /boot.

[CRSaka..]

1 hour ago, Urishima said:

Unless you actually encrypt you data on /home or wherever you store your important files, your files are not safe. Encrypting /boot makes no difference in that case.

Yes sir. Only thing you can get to is the efi that points into the encrypted boot. 1 failed attempt = locked system physical reset required.

sda
├─sda1  /boot/efi
├─sda2
│ └─cryptboot crypt /boot
└─sda3 part  
  └─lvm crypt
    ├─root  lvm   /
    └─home  lvm   /home

 

[Urishima]

Just now, CRSaka.. said:

Yes sir. Only thing you can get to is the efi that points into the encrypted boot. 1 failed attempt = locked system physical reset required.

sda
├─sda1  /boot/efi
├─sda2
│ └─cryptboot crypt /boot
└─sda3 part  
  └─lvm crypt
    ├─root  lvm   /
    └─home  lvm   /home

 

Ok, then why encrypt /boot and lock myself out of init=/bin/sh for maintanance purposes, when my data is secure anyway by encrypting the lvm? Or am i missing something here?

 

My point still stands, the best protection against an attack via init=/bin/sh is a strong lock.

[CRSaka..]

9 minutes ago, Urishima said:

Ok, then why encrypt /boot and lock myself out of init=/bin/sh for maintanance purposes, when my data is secure anyway by encrypting the lvm? Or am i missing something here?

 

My point still stands, the best protection against an attack via init=/bin/sh is a strong lock.

I agree with your point. In (my theory) it should throw a wrench in a platform reset attacks.

[Urishima]

17 minutes ago, CRSaka.. said:

I agree with your point. In (my theory) it should throw a wrench in a platform reset attacks.

Well, it would, yes. But I think the amount of inconvenience it creates for our attacker is relatively minor, especially when compared to the effort he had to go through to actually get to your machine/s. Like I said, he is already there, so there is nothing stopping him from ripping out the drive and mounting the LVM at home. Well, unless there is another lock on your rack/machine.

Now, if you encrypted the LVM only, he might give up right then and there, because he would see the encryption and know that he isn't getting through that within his lifetime. If both (/boot and LVM) are encrypted, he might just take the drive on a hunch, hoping that the data itself has not been encrypted.

Unless his goal is to simply cause damage, not actually to get at some data, then he might take it regardless of what has or hasn't been encrypted. For that sort of attack, separately stored backups are your only protection.

 

That all assumes of course that you have set up the machine so that the attacker can't just boot a live Linux off an USB-drive or a CD. Removing other devices than your HDD from the boot-order and password-protecting BIOS/UEFI should sort that out.

 

[EDIT]

 

By 'it should throw a wrench in a platform reset attacks.' you meant disabling init=/bin/sh, correct?

[CRSaka..]

6 minutes ago, Urishima said:

That all assumes of course that you have set up the machine so that the attacker can't just boot a live Linux off an USB-drive or a CD. Removing other devices than your HDD from the boot-order and password-protecting BIOS/UEFI should sort that out.

In other words no need for the encryption on boot just set a BIOS password and limit boot to harddrive. I can live with that. Though I won't reformat too remove the encryption it. But I do concede to your points. Good discussion. /boot does not need encryption, locking down BIOS is the better option.

[CRSaka..]

13 hours ago, Urishima said:

[EDIT]

 

By 'it should throw a wrench in a platform reset attacks.' you meant disabling init=/bin/sh, correct?

No referring to cold-boot attacks. Imagine 2 RSA keys that are almost identical (the actual key not password). Considering how cold-boot tool kits have come along and are even capable of reconstructing lost data by making reasonable assumptions. The pressence of the second key may mess up the entire attack depending on if they were able to keep the memory in good condition until they could swap it into a system they could dump the data with. So it "might" save my a*s from that sort of attack. I'm not willing to drop the keys out of DRAM or reduce my computers performance so this is my attempt at countering that very one off attack. ( my theory )

 

[ edit ] note init=/bin/sh can still be performed at grub menu, but the decryption passwords are still required prior.

Edited September 9, 2016 by CRSaka..
see edit

[fireclawx]

Ok, you guys are gonna hate me (probably) but I'm honestly gonna recommend that you start with Arch.

Before you castrate me, hear me out on this one:

-Yes, the Arch install is a f*cking pain in the ass x100.

-Yes, you will type in some commands and have 0 idea what they mean and do

 

HOWEVER

If you want to learn about UNIX, the basic commands, and just learn how your computer works (how it boots, what is an EFI partition, what does all this sh*t mean/do) then there is no better way to learn than to do it yourself.

 

So with that said, here's what I recommend you do.

Step 1: Get a new/wiped HDD that you don't give a sh*t about. (there's a very good reason for this, you might f*ck up and accidentally wipe it, or have to wipe it after you f*ck up).

Step 2: Unplug all the other drives from your system before you start (this reduces the chance of you wiping a drive you didn't mean to, it's easier than it sounds).

Step 3: Follow this guide on YouTube. https://www.youtube.com/watch?v=MMkST5IjSjY

Step 4: THIS IS IMPORTANT!!! In order to actually learn anything, you can't just blindly type in whatever you see in the video. GOOGLE EVERYTHING. Does he type in a command and you don't know what it means? Get your laptop or your phone and google that shit.

 

It's a time consuming, and daunting process for a noob, but you'll learn a lot and I highly recommend it.

Good luck!

 

EDIT: The arch wiki is also an awesome resource. You can find it here: https://wiki.archlinux.org/

Edited September 15, 2016 by fireclawx
Added a link to the arch wiki :)

[Mr Robot]

Thanks is arch harder or equal to gentoo

[kz6fittycent]

I'd use Ubuntu if I were you. A quick Google search regarding terminal commands will most likely render millions of hits all related to using said commands in Ubuntu. I've been using Linux for a long time (since 2005) and I've used a TON of distros, including Kali. I wouldn't suggest Kali as a daily driver as it's more of a "tool kit".

 

You'd probably be better off with Ubuntu 16.04LTS as it's stable, includes all the new(er) stuff and Canonical is going to support it for some time. 

 

The other choices you've no doubt read are good, too. Though I don't like Linux Mint's security model and it's a bear to upgrade (or can be).

 

It really comes down to what you plan to do with your machine. If you plan to game, I'd like to think that using a distro with a light-weight Desktop would be ideal (something like KDE or MATE, maybe Budgie).

 

In the end, it's all about choice. I suggest TRYING them out. See what you like and dislike. You can always uninstall or install applications. 

 

You're really looking for the Desktop Experience and SUPPORT. As a new user, honestly UBUNTU-based distros are your best option.

[jabolotai]

If you actually want to learn, try them all. Break things. Fix things. RTFM and wonder what you're doing at 1am trying to recompile your kernel.

 

Either set up a physical machine you can trash, or create a virtual machine. With Virtualbox you have the benefit of snapshots so you can set "save" points before doing something risky or unknown.

 

Try Kali, but I guarantee you won't use 99% of the pre-installed packages until you are at the very least comfortable in your shell. Everything pre-installed is tailored to infosec, not day to day use. As a good learning exercise, pick a tool that comes with Kali (e.g wireshark) and install it on Debian. man -k <query> is your friend. Once you've worked out how to use the package manager, try building something from source. Learn what GNU means.

 

Try a few different distros from different trees, there are many to choose from (if you're overwhelmed, at least try something Debian based and something Redhat based). Try different window managers like Gnome, KDE, XFCE and LXDE. Try different shells besides bash. Just try it and see for yourself.

[LargeHadronCollider]

On 07/09/2016 at 11:11 AM, Nena360 said:

Ubuntu I guess?

Eeehhhnnn... There's good and there's bad about Ubuntu. Here I am typing from Xubuntu, probably lost that damn raffle for a Razer.

[CRSaka..]

8 hours ago, Mr Robot said:

Thanks is arch harder or equal to gentoo

Arch's documentation and package managment are "straightforward and simple" compared to Gentoo's. They are both higher level Linux distros (minimalistic), but for this question I'd honestly push the other way Gentoo is slightly more difficult than Arch.

[Mr Robot]

Ok thanks for all the help

[fireclawx]

On 9/13/2016 at 9:35 PM, CRSaka.. said:

Arch's documentation and package managment are "straightforward and simple" compared to Gentoo's. They are both higher level Linux distros (minimalistic), but for this question I'd honestly push the other way Gentoo is slightly more difficult than Arch.

 

On 9/14/2016 at 4:58 PM, Mr Robot said:

Ok thanks for all the help

Yeah. Just to add on to this (and I should have actually put it into my original post, I'll edit it in) here's the link to the Arch Wiki (which is pretty comprehensive). Between the YouTube video I linked, and the Arch Wiki (which you can find here https://wiki.archlinux.org/) you should be able to easily get started

[Bigun]

Define "Learning Linux" for me.  1)  Do you want to just nail the concepts?  2) Or do you want an in-depth understanding so that you can work on most distros?

If #1:  Any distro will do, find one your comfortable with and does what you want it to do, and run with it

If #2:  I recommend Gentoo, it has (without a doubt) the steepest learning curve, but if you stick with it, you can do quite a bit in just about any distro

 

I started as an old Red Hat user back in the 7.x days, eventually moved to Gentoo when I got sick of package dependency issues.  Still use it for my server environment today.

[Guest]

.