Linux Fundamentals
— Complete Notes
All 16 modules. Every concept explained simply. Linux vs Windows comparisons so you understand the why, not just the commands. Free to read — no account needed.
What is Linux?
History, distros, Linux vs Windows — the full picture before touching a terminal.
What is Linux?
Linux is an operating system — just like Windows. An operating system is the software that runs your computer. It manages the hardware (CPU, RAM, disk) and lets you run programs on top of it.
Linux was created in 1991 by Linus Torvalds — a student who wanted a free version of Unix. He put the code online for anyone to use and improve. Today, Linux runs 90%+ of all web servers, every Android phone, most cloud platforms, and all supercomputers in the world.
| Topic | Linux | Windows |
|---|---|---|
| Cost | Free and open source | Paid license (~$200 for Pro) |
| Interface | Terminal first (GUI optional) | GUI first (terminal optional) |
| Used for | Servers, cloud, DevOps, development | Desktop, gaming, office, enterprise apps |
| Security | Fewer viruses, better permission model | More targeted by malware |
| Updates | You choose when and what to update | Windows decides and restarts your PC |
| Customisation | Full control over everything | Limited to what Microsoft allows |
| Package install | One command (dnf install nginx) | Download .exe, run installer, click Next |
| Servers worldwide | ~96% of all web servers | ~4% of web servers |
What is a Distro?
Linux is a kernel — the core engine. A distro (distribution) is a complete OS built on top of that kernel. Different distros package it differently — different tools, package managers, and purposes.
- RHEL
- Red Hat Enterprise Linux. Used in enterprise companies. What RHCSA is based on. Paid support.
- CentOS / AlmaLinux
- Free alternatives to RHEL. Same commands and behaviour. Good for learning RHCSA.
- Ubuntu
- Most beginner-friendly. Great for development and cloud. Uses
aptfor packages. - Fedora
- Cutting-edge features. Community version of RHEL. Uses
dnf. - Kernel
- The core of Linux. Talks to hardware. Everything else runs on top of it.
- Shell
- The program that reads your commands and runs them. Bash is the most common shell.
Course uses: AlmaLinux / RHEL 9 inside VirtualBox. All commands work identically on any RHEL-family distro.
Installation & First Boot
Install Linux in a VM. Understand partitions and the boot process.
What is a Virtual Machine?
A virtual machine (VM) is a computer inside your computer. Software called a hypervisor pretends to be hardware — your Linux install thinks it has its own CPU, RAM, and disk. Your actual Windows or Mac machine keeps running normally alongside it.
We use VirtualBox (free) as the hypervisor. You install it on your Windows laptop, then install Linux inside a VirtualBox VM.
| Step | Linux (RHEL/AlmaLinux) | Windows |
|---|---|---|
| Boot media | ISO file → boot from VirtualBox or USB | ISO or USB, same concept |
| Partitioning | You choose manually — /, /boot, swap | Usually automatic, you pick the disk |
| Software selection | Minimal install or Server with GUI | Always installs the full GUI |
| Root password | You set it during install | No root — Administrator account instead |
| Time to complete | ~10–15 minutes | ~20–30 minutes |
| Disk space needed | ~10 GB minimum | ~20 GB minimum |
Partitions — What They Are
A partition is a section of your disk. Linux separates the OS into multiple partitions for better control and safety. If one partition fills up, the others keep working.
- /
- Root partition. Everything in Linux lives under /. Like C:\ in Windows.
- /boot
- Holds the bootloader and kernel files needed to start Linux.
- swap
- Extra space on disk used as backup RAM. Like Windows page file.
- GRUB
- The bootloader. First thing that runs when you turn on the PC. Loads the Linux kernel.
- Kernel
- The core Linux program. GRUB loads it into RAM. Then it starts everything else.
- systemd
- The first process that runs after the kernel. It starts all services and brings you to login.
RAM for VMs: Assign at least 2 GB RAM to your Linux VM. 4 GB if your machine has 16 GB or more. Less RAM = slow, laggy experience.
The Terminal — Basic Commands
Navigate files, read logs, manage directories — all from the command line.
Why the Terminal?
On Windows you click through File Explorer to move files, right-click to rename, open folders in multiple windows. On Linux you type commands — and it's faster, scriptable, and works the same on any server anywhere in the world. Servers almost never have a GUI — you SSH in and use the terminal.
| Task | Linux Command | Windows Equivalent |
|---|---|---|
| List files | ls -la | File Explorer or dir |
| Change directory | cd /etc | cd C:\Windows |
| Create folder | mkdir myfolder | Right-click → New Folder |
| Delete file | rm file.txt | Delete key or del file.txt |
| Copy file | cp file.txt /tmp/ | Ctrl+C, Ctrl+V |
| Move/rename | mv old.txt new.txt | Right-click → Rename |
| Read a file | cat file.txt | Open in Notepad |
| Search in file | grep "error" log.txt | Ctrl+F in Notepad |
| Check disk space | df -h | Right-click drive → Properties |
| Current directory | pwd | Look at address bar |
| Clear screen | clear | cls |
| Command help | man ls | Google it |
# Where am I right now? pwd # Output: /home/kamran # List files (l=detailed, a=show hidden, h=human readable sizes) ls -lah # Go to /etc directory (main config folder in Linux) cd /etc # Go back to home directory cd ~ # Create a directory mkdir /tmp/mylab # Create an empty file touch /tmp/mylab/test.txt # Write text into a file echo "Hello Linux" > /tmp/mylab/test.txt # Read the file cat /tmp/mylab/test.txt # Search for a word in a file grep "Hello" /tmp/mylab/test.txt # Copy the file cp /tmp/mylab/test.txt /tmp/backup.txt # Rename or move mv /tmp/backup.txt /tmp/renamed.txt # Delete a file rm /tmp/renamed.txt # Delete a folder and everything in it rm -rf /tmp/mylab
rm -rf is permanent. There is no Recycle Bin in Linux. Deleted = gone instantly. Always double-check the path before you press Enter.
- Absolute path
- Full path from root. Starts with /. Example:
/etc/nginx/nginx.conf - Relative path
- Path from where you are now. Example:
../config/file.txt - ~
- Shortcut for your home directory.
cd ~takes you home. - Tab completion
- Press Tab to auto-complete commands and paths. Saves time, prevents typos.
- Arrow keys
- Up/down arrows scroll through previous commands. No need to retype.
- Ctrl+C
- Cancel a running command immediately.
Text Editors — Nano & Vim
Edit config files from the terminal. Nano is simple. Vim is powerful. Learn both.
Why Terminal Editors?
On a Linux server there is no desktop, no File Explorer, no right-click. You SSH into the machine and the only way to edit a config file is through a terminal text editor. Nano is what beginners reach for first — it shows you the shortcuts at the bottom. Vim is what professionals use once they learn it — faster, more powerful, works on every system.
Rule: Use nano when you're starting out. Learn vim when you're comfortable. Both are useful — you'll use whichever is available on the server you're on.
| Feature | Nano | Vim |
|---|---|---|
| Learning curve | 5 minutes | Days to weeks |
| Shortcuts shown | Yes — bottom of screen | No — must memorise |
| Modes | Just type, no modes | Normal, Insert, Visual, Command |
| Speed (once learned) | Average | Very fast |
| Pre-installed on | Most Ubuntu/Debian systems | Almost every Linux distro |
| Best for | Quick edits, beginners | Heavy editing, senior admins |
| Windows equivalent | Notepad | VS Code (once you know the shortcuts) |
# Open a file with nano nano /etc/hostname # Now you're in nano. Just type — no mode switching needed. # Edit the file normally. # Save (Write Out): Ctrl + O → press Enter to confirm filename # Exit nano: Ctrl + X # Save and exit in one go: Ctrl+X → Y → Enter # Other useful nano shortcuts: Ctrl + K → cut (delete) a line Ctrl + U → paste the cut line Ctrl + W → search (find) text in file Ctrl + G → show help
# Open a file with vim vim /etc/hostname # Vim starts in NORMAL mode — keys are commands, not text input. # To start typing, press: i → enters INSERT mode (now you can type) # After typing, press Escape to go back to NORMAL mode Esc # To save and exit (from NORMAL mode): :wq → write (save) and quit # To exit WITHOUT saving: :q! → force quit, discard changes # Other useful vim commands (all from NORMAL mode): dd → delete (cut) current line yy → copy current line p → paste :set number → show line numbers /word → search for "word" in file u → undo last action G → jump to end of file gg → jump to start of file
Stuck in vim? If you accidentally opened vim and can't exit — press Esc then type :q! and press Enter. That gets you out every time.
Which to use? Start every lab with nano. As you get comfortable, switch to vim. Within a few weeks you'll reach for vim naturally — it's faster once the shortcuts are in your fingers.
Users & Permissions
Create users, assign groups, set who can read, write, or execute files.
Why Users & Permissions Matter
Linux is a multi-user system. Multiple people can log into the same server simultaneously. Permissions control exactly who can read, write, or execute each file. This is the foundation of Linux security — no antivirus needed when access is controlled at the file level.
| Task | Linux Command | Windows |
|---|---|---|
| Add a user | useradd ahmed | Settings → Accounts → Add user |
| Set password | passwd ahmed | Set during account creation or Settings |
| Delete user | userdel -r ahmed | Settings → Accounts → Remove |
| Create group | groupadd developers | Computer Management → Groups |
| Add user to group | usermod -aG developers ahmed | Group Properties → Add member |
| List users | cat /etc/passwd | Settings → Accounts |
| Switch user | su - ahmed | Log out and log in as other user |
| Admin access | sudo command | Right-click → Run as administrator |
# Create a new user useradd ahmed # Set or change password passwd ahmed # Create user with home directory and specific shell useradd -m -s /bin/bash ahmed # Delete user and their home folder userdel -r ahmed # Create a group groupadd developers # Add user to a group (without removing existing groups) usermod -aG developers ahmed # Check which groups a user belongs to groups ahmed # Switch to another user su - ahmed # Run a command as root without logging in as root sudo dnf update
File Permissions — How They Work
Every file in Linux has three sets of permissions: one for the owner, one for the group, and one for everyone else. Each set has three options: read (r), write (w), execute (x).
When you run ls -la, you see something like -rwxr-xr--. That breaks down as: owner can read/write/execute, group can read/execute, others can only read.
# See permissions on files ls -la /etc/nginx/nginx.conf # Output: -rw-r--r-- 1 root root 2048 Jan 1 nginx.conf # ↑↑↑↑↑↑↑↑↑ = permissions | owner | group # chmod — change permissions # Numeric method (most common): # 4=read, 2=write, 1=execute. Add them up: # 7 = rwx (4+2+1), 6 = rw- (4+2), 5 = r-x (4+1), 4 = r-- chmod 755 script.sh # owner: rwx | group: r-x | others: r-x chmod 644 config.txt # owner: rw- | group: r-- | others: r-- chmod 600 id_rsa # owner: rw- | group: --- | others: --- ← SSH keys use this # chown — change who owns a file chown ahmed file.txt # change owner to ahmed chown ahmed:developers file.txt # change owner + group chown -R ahmed /var/www/html # change owner of folder + everything inside
- root
- The superuser. Like Administrator on Windows but with zero restrictions. Use carefully.
- sudo
- Run one command as root without being root. Safer than logging in as root.
- /etc/passwd
- List of all users on the system. Not passwords — those are in /etc/shadow (encrypted).
- /etc/group
- List of all groups and which users belong to each.
- chmod
- Change permissions on a file or folder.
- chown
- Change the owner and group of a file or folder.
Package Management
Install, update, and remove software with a single command.
What is a Package Manager?
On Windows you install software by downloading an .exe or .msi file from a website, running it, clicking through a wizard, accepting agreements, and hoping it doesn't install toolbars. On Linux, a package manager does all of this with one command — it downloads, installs, and manages dependencies automatically.
| Task | Linux (RHEL/AlmaLinux) | Windows |
|---|---|---|
| Install software | dnf install nginx | Download .exe → click through installer |
| Remove software | dnf remove nginx | Control Panel → Uninstall |
| Update all software | dnf update | Windows Update (often forces restart) |
| Search for software | dnf search nginx | Google it, visit website |
| See installed packages | dnf list installed | Control Panel → Programs |
| Dependencies | Installed automatically | Often manual or bundled in installer |
| Source of packages | Official repos (verified, safe) | Any website — no verification |
# Install a package dnf install nginx -y # -y means yes to all prompts dnf install httpd git vim -y # install multiple at once # Remove a package dnf remove nginx -y # Update everything dnf update -y # Update only one package dnf update nginx -y # Search for a package dnf search "web server" # Get info about a package dnf info nginx # List all installed packages dnf list installed # Clean cache dnf clean all
# Same concept, different command apt update # refresh package list (do this first) apt install nginx -y apt remove nginx -y apt upgrade -y # update all installed packages apt search nginx apt show nginx
dnf vs yum: Older RHEL systems used yum. RHEL 8+ uses dnf. Commands are almost identical — dnf is faster and smarter. Both still work.
Storage & LVM
Add disks, create partitions, mount them, resize live with LVM.
What is LVM?
LVM (Logical Volume Manager) is a layer between your physical disks and the filesystem. Instead of partitioning a disk directly, LVM lets you create flexible "logical volumes" that can be resized on the fly — even while the server is running and files are being accessed. It's how production servers manage storage without downtime.
| Task | Linux | Windows |
|---|---|---|
| View disks | lsblk or fdisk -l | Disk Management GUI |
| Partition a disk | fdisk /dev/sdb | Right-click → New Simple Volume |
| Format a partition | mkfs.xfs /dev/sdb1 | Format → NTFS |
| Mount a disk | mount /dev/sdb1 /data | Automatic when you plug in |
| Auto-mount on boot | Add entry to /etc/fstab | Automatic |
| Resize partition live | Yes — with LVM, no downtime | Requires reboot in most cases |
| Check disk usage | df -h, du -sh /var | Right-click drive → Properties |
# Step 1: Create a Physical Volume from a disk pvcreate /dev/sdb # Step 2: Create a Volume Group (a pool of storage) vgcreate myvg /dev/sdb # Step 3: Create a Logical Volume (like a partition, but flexible) lvcreate -L 10G -n mydata myvg # Step 4: Format it mkfs.xfs /dev/myvg/mydata # Step 5: Create a mount point and mount it mkdir /data mount /dev/myvg/mydata /data # Step 6: Auto-mount on boot — add to /etc/fstab echo "/dev/myvg/mydata /data xfs defaults 0 0" >> /etc/fstab # --- Later: Extend the volume (add 5 more GB live) --- lvextend -L +5G /dev/myvg/mydata xfs_growfs /data # resize the filesystem to use new space # Check disk usage df -h lvdisplay
Processes & Services
See what's running, manage services, read logs.
What is a Process?
Every program running on your system is a process — it has a PID (Process ID), uses CPU and RAM, and is owned by a user. On Windows you see processes in Task Manager. On Linux you use ps, top, or htop.
A service is a process that runs in the background — like nginx serving web pages or sshd listening for SSH connections. Linux uses systemd to start, stop, and monitor services.
| Task | Linux | Windows |
|---|---|---|
| View running processes | ps aux or top | Task Manager (Ctrl+Shift+Esc) |
| Kill a process | kill 1234 or kill -9 1234 | End Task in Task Manager |
| Start a service | systemctl start nginx | Services → Start |
| Stop a service | systemctl stop nginx | Services → Stop |
| Enable on boot | systemctl enable nginx | Services → Startup type: Automatic |
| Service status | systemctl status nginx | Services → check Status column |
| View logs | journalctl -u nginx | Event Viewer |
# Start, stop, restart a service systemctl start nginx systemctl stop nginx systemctl restart nginx systemctl reload nginx # reload config without full restart # Enable/disable auto-start on boot systemctl enable nginx # start automatically when server boots systemctl disable nginx # Check if service is running systemctl status nginx # Start AND enable in one command systemctl enable --now nginx # List all running services systemctl list-units --type=service --state=running # View logs for a service (live) journalctl -u nginx -f # -f = follow (like tail -f) # View last 50 lines of logs journalctl -u nginx -n 50
# See all running processes ps aux # Live process monitor (like Task Manager) top # basic htop # better (install with: dnf install htop -y) # Find a process by name ps aux | grep nginx # Kill a process by PID kill 1234 # polite kill (asks process to stop) kill -9 1234 # force kill (process has no choice) # Kill by name pkill nginx
Networking Basics
IPs, interfaces, SSH, firewall — the essentials for managing any Linux server.
How Networking Works on Linux
Every device on a network has an IP address — a unique number that identifies it. Linux manages network interfaces (like your ethernet card or WiFi adapter) through the ip command and NetworkManager. To connect to a remote Linux server, you use SSH — a secure encrypted terminal session over the network.
| Task | Linux | Windows |
|---|---|---|
| Check IP address | ip addr show | ipconfig |
| Set static IP | nmcli or edit config file | Network adapter properties → TCP/IP |
| Test connectivity | ping 8.8.8.8 | ping 8.8.8.8 |
| DNS lookup | dig domain.com or nslookup | nslookup or ping domain |
| Remote access | SSH (ssh user@ip) | RDP (Remote Desktop) |
| Open firewall port | firewall-cmd --add-port=80/tcp | Windows Firewall → Allow an app |
| Check open ports | ss -tulnp | netstat -an or Resource Monitor |
# Check your IP address ip addr show ip addr show ens33 # specific interface # Test connectivity ping 8.8.8.8 # Google DNS — tests internet access ping -c 4 8.8.8.8 # stop after 4 packets # DNS lookup dig google.com nslookup google.com # Set a static IP using nmcli nmcli con mod "ens33" ipv4.addresses 192.168.1.100/24 nmcli con mod "ens33" ipv4.gateway 192.168.1.1 nmcli con mod "ens33" ipv4.dns 8.8.8.8 nmcli con mod "ens33" ipv4.method manual nmcli con up "ens33" # SSH into a remote server ssh ahmed@192.168.1.50 ssh -i ~/.ssh/id_rsa ahmed@192.168.1.50 # with SSH key # Firewall — open a port firewall-cmd --permanent --add-port=80/tcp firewall-cmd --permanent --add-service=http firewall-cmd --reload # Check which ports are listening ss -tulnp
SELinux Basics
Linux's built-in security layer — what it is and how to work with it.
What is SELinux?
SELinux (Security-Enhanced Linux) is an extra security layer built into the kernel. Even if a process is running as root, SELinux can restrict what it can access. Think of it as a second gate after file permissions — even if you unlock the door, SELinux can still block you.
It's the reason many beginners get "permission denied" on RHEL even when the file permissions look correct. Once you understand SELinux, you stop fighting it and start using it.
| Concept | Linux (SELinux) | Windows |
|---|---|---|
| Extra security layer | SELinux — built into kernel | Windows Defender + UAC |
| Controls | What every process can access — file, port, network | UAC prompts for admin actions |
| Default on RHEL | Yes — enforcing mode by default | Always on |
| When it blocks | Silently in logs — you see "permission denied" | Shows UAC popup |
| Check what's blocked | ausearch -m avc | Event Viewer → Security |
# Check current SELinux mode getenforce # Outputs: Enforcing | Permissive | Disabled # Enforcing = actively blocks violations # Permissive = logs violations but does NOT block (good for troubleshooting) # Disabled = completely off (not recommended on production) # Temporarily set to permissive (resets on reboot) setenforce 0 # permissive setenforce 1 # enforcing # Permanently change mode — edit config file nano /etc/selinux/config # Change: SELINUX=enforcing → SELINUX=permissive # Check SELinux context (label) on a file ls -Z /var/www/html/index.html # Fix context on web files (common fix for Apache permission denied) restorecon -Rv /var/www/html/ # Check what SELinux blocked recently ausearch -m avc -ts recent
Golden rule: If a service works in permissive mode but not in enforcing mode, SELinux is the issue. Run ausearch -m avc -ts recent to see what it blocked, then fix the context or policy — never just disable SELinux on production.
Web Server — Apache & Nginx
Set up a working web server and host a website from your Linux machine.
What Does a Web Server Do?
A web server is software that waits for HTTP requests (when someone types a URL in a browser) and responds with HTML files, images, or data. Apache and Nginx are the two most common on Linux. Windows uses IIS (Internet Information Services) — same concept, different software.
| Feature | Apache | Nginx |
|---|---|---|
| Best for | Traditional web apps, .htaccess | High traffic, reverse proxy, static files |
| Config file | /etc/httpd/conf/httpd.conf | /etc/nginx/nginx.conf |
| Default port | 80 (HTTP), 443 (HTTPS) | 80 (HTTP), 443 (HTTPS) |
| Web root | /var/www/html/ | /usr/share/nginx/html/ |
| Windows equivalent | IIS (Internet Information Services) | |
# Install Apache (called httpd on RHEL) dnf install httpd -y # Start and enable on boot systemctl enable --now httpd # Open firewall for web traffic firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload # Create a test web page echo "<h1>Hello from Devriston</h1>" > /var/www/html/index.html # Fix SELinux context on web files restorecon -Rv /var/www/html/ # Now visit http://your-ip in a browser # Check Apache logs tail -f /var/log/httpd/access_log tail -f /var/log/httpd/error_log
# Install Nginx dnf install nginx -y # Start and enable systemctl enable --now nginx # Open firewall firewall-cmd --permanent --add-service=http firewall-cmd --reload # Test config before applying changes nginx -t # Reload config without downtime systemctl reload nginx # Nginx logs tail -f /var/log/nginx/access.log tail -f /var/log/nginx/error.log
DHCP Server
Automatically assign IP addresses to devices on your network.
What is DHCP?
DHCP (Dynamic Host Configuration Protocol) automatically gives IP addresses to devices when they connect to a network. Without DHCP, you'd have to manually set the IP, gateway, and DNS on every single device — every phone, laptop, and printer in an office. DHCP does it automatically. Your home router runs a DHCP server. So does every office network.
| Task | Linux (dhcpd) | Windows Server |
|---|---|---|
| Install | dnf install dhcp-server | Server Manager → Add Role → DHCP |
| Config file | /etc/dhcp/dhcpd.conf | DHCP Manager GUI |
| View leases | cat /var/lib/dhcpd/dhcpd.leases | DHCP Manager → Address Leases |
| Restart service | systemctl restart dhcpd | Right-click → Restart |
# Install DHCP server dnf install dhcp-server -y # Edit config file nano /etc/dhcp/dhcpd.conf
# Global settings default-lease-time 600; # lease for 600 seconds (10 min) max-lease-time 7200; # max lease 2 hours # Subnet definition subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; # IP range to hand out option routers 192.168.1.1; # default gateway option domain-name-servers 8.8.8.8, 8.8.4.4; # DNS servers option domain-name "devriston.local"; }
# Enable and start systemctl enable --now dhcpd # Open firewall for DHCP firewall-cmd --permanent --add-service=dhcp firewall-cmd --reload # Check active leases cat /var/lib/dhcpd/dhcpd.leases
DNS Server
Build your own DNS server with BIND. Translate domain names to IPs.
What is DNS?
DNS (Domain Name System) translates human-readable domain names (like google.com) into IP addresses (like 142.250.80.46) that computers actually use. It's like a phone book for the internet — you look up the name, it gives you the number. Every time you type a URL, a DNS lookup happens before your browser can connect.
| Concept | Linux (BIND) | Windows Server |
|---|---|---|
| Software | BIND9 (named) | Windows DNS Server role |
| Config file | /etc/named.conf | DNS Manager GUI |
| Zone files | /var/named/ | Stored in GUI, exported as text |
| Forward zone | domain → IP (A records) | Same concept in GUI |
| Reverse zone | IP → domain (PTR records) | Same in GUI |
| Test DNS | dig, nslookup | nslookup |
# Install BIND dnf install bind bind-utils -y # Edit main config nano /etc/named.conf
# Add inside named.conf:
zone "devriston.local" IN {
type master;
file "/var/named/devriston.local.zone";
allow-update { none; };
};
$TTL 86400
@ IN SOA ns1.devriston.local. admin.devriston.local. (
2024010101 ; Serial
3600 ; Refresh
900 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; Name servers
@ IN NS ns1.devriston.local.
; A Records (name → IP)
ns1 IN A 192.168.1.10
www IN A 192.168.1.20
mail IN A 192.168.1.30
# Check config for errors named-checkconf named-checkzone devriston.local /var/named/devriston.local.zone # Start DNS systemctl enable --now named # Open firewall firewall-cmd --permanent --add-service=dns firewall-cmd --reload # Test it dig @192.168.1.10 www.devriston.local nslookup www.devriston.local 192.168.1.10
File Sharing — NFS & Samba
Share folders between Linux machines (NFS) and with Windows machines (Samba).
NFS vs Samba — What's the Difference?
NFS (Network File System) shares folders between Linux/Unix machines. Fast and simple but Windows can't access NFS natively. Samba implements the Windows SMB protocol on Linux — so Windows machines see your Linux server as a Windows file share. No special software on the Windows side.
| Feature | Linux (Samba) | Windows |
|---|---|---|
| Protocol | SMB (via Samba) | SMB native |
| Config | /etc/samba/smb.conf | File Explorer → Share tab |
| Windows access | \\IP\sharename — works natively | \\Server\share |
| User auth | Samba users (separate from Linux users) | Windows users/AD |
| Install | dnf install samba | Built in |
# Install Samba dnf install samba samba-client samba-common -y # Create a shared folder mkdir -p /srv/shared chmod 0775 /srv/shared # Edit Samba config nano /etc/samba/smb.conf
[shared]
comment = Devriston File Share
path = /srv/shared
browseable = yes
writable = yes
valid users = ahmed
# Add Samba password for a Linux user smbpasswd -a ahmed # Enable and start Samba services systemctl enable --now smb nmb # Open firewall firewall-cmd --permanent --add-service=samba firewall-cmd --reload # Fix SELinux for Samba setsebool -P samba_export_all_rw 1 # Test config testparm # On Windows: open File Explorer and type: # \\192.168.1.10\shared
Security Hardening
SSH keys, firewall rules, fail2ban, and audit logs — production-safe from day one.
Why Harden a Server?
A fresh Linux server on the internet gets attacked within minutes — bots scan for SSH, try default passwords, probe every open port. Hardening means closing every unnecessary door and making the remaining ones require a key, not a password. These steps are standard on every production server.
# On your LOCAL machine — generate SSH key pair ssh-keygen -t ed25519 -C "ahmed@devriston" # Creates: ~/.ssh/id_ed25519 (private key — never share this) # ~/.ssh/id_ed25519.pub (public key — goes on server) # Copy public key to server ssh-copy-id ahmed@192.168.1.50 # Now you can SSH without password: ssh ahmed@192.168.1.50 # On the SERVER — disable password login (after key works!) nano /etc/ssh/sshd_config # Change these lines: PasswordAuthentication no PermitRootLogin no Port 2222 # optional: change default port # Restart SSH systemctl restart sshd
# Install fail2ban dnf install fail2ban -y # Create local config (don't edit the main file) cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local nano /etc/fail2ban/jail.local # Set these values: [sshd] enabled = true maxretry = 3 # ban after 3 failed attempts bantime = 3600 # ban for 1 hour findtime = 600 # count attempts in 10 minute window # Start fail2ban systemctl enable --now fail2ban # Check banned IPs fail2ban-client status sshd # Unban an IP fail2ban-client set sshd unbanip 192.168.1.99
| Security Feature | Linux | Windows |
|---|---|---|
| Brute-force protection | fail2ban | Account lockout policy (Group Policy) |
| Firewall | firewalld / iptables | Windows Firewall / Defender |
| Remote access security | SSH keys (no password) | Certificate-based RDP or VPN |
| Audit logs | auditd + journalctl | Event Viewer → Security logs |
| Disable root login | PermitRootLogin no in sshd_config | No direct Administrator login via RDP |
Shell Scripting — Automate It
Write bash scripts that do in seconds what would take you minutes manually.
What is a Shell Script?
A shell script is a text file full of Linux commands that run one after another. Instead of typing 10 commands every morning to check disk space, restart services, and send a report — you write one script and run it. Or schedule it with cron to run automatically at 6am every day. This is the entry point to automation.
| Feature | Bash (Linux) | PowerShell (Windows) |
|---|---|---|
| File extension | .sh | .ps1 |
| Run a script | bash script.sh or ./script.sh | .\script.ps1 |
| Variables | name="Ahmed" | $name = "Ahmed" |
| Output text | echo "Hello" | Write-Output "Hello" |
| Available on | Every Linux server on earth | Windows (and now Linux via PS Core) |
#!/bin/bash # The first line (shebang) tells the system to run this with bash # Variables NAME="Ahmed" DATE=$(date +%Y-%m-%d) # capture command output into variable # Print echo "Hello $NAME" echo "Today is $DATE" # Conditions if [ -f "/etc/nginx/nginx.conf" ]; then echo "Nginx config exists" else echo "Nginx not installed" fi # Loops for USER in ahmed kamran ali; do echo "Creating user: $USER" useradd $USER done
#!/bin/bash # Alert if any disk is over 80% full THRESHOLD=80 df -h | grep -vE '^Filesystem|tmpfs' | awk '{ print $5 " " $6 }' | while read USAGE MOUNT; do USE=$(echo $USAGE | sed 's/%//') if [ "$USE" -gt "$THRESHOLD" ]; then echo "WARNING: $MOUNT is at $USAGE" fi done
# Open crontab editor crontab -e # Cron format: minute hour day month weekday command # Examples: # Run disk check every day at 6am 0 6 * * * /home/ahmed/scripts/disk-alert.sh # Run backup every Sunday at 2am 0 2 * * 0 /home/ahmed/scripts/backup.sh # Run every 5 minutes */5 * * * * /home/ahmed/scripts/check.sh # List all scheduled cron jobs crontab -l
Make a script executable: After writing a .sh file, run chmod +x script.sh to make it runnable. Then execute it with ./script.sh.
Ready to go beyond reading?
The live course includes hands-on labs, Q&A sessions, and a final enterprise project for your GitHub portfolio. Same instructor who wrote these notes.
💬 Enroll via WhatsApp →Batch info & fee on request