Objectives

• Understand the origins and philosophy of Linux.
• Distinguish between major distribution families.
• Learn how to prepare and verify installation media.

1. The Linux Philosophy

• The Kernel vs. The OS:
• Technically, Linux is just the kernel—the core software that manages hardware resources (CPU, memory, I/O).
• What we commonly call the "Linux Operating System" is more accurately GNU/Linux, as it combines the Linux kernel with the essential system tools and libraries provided by the GNU Project (like the Bash shell, compiler, and core utilities).
• Open Source & GPL (GNU General Public License):
• Linux is released under the GPL, which guarantees four fundamental freedoms: the freedom to run the program for any purpose, to study and change the source code, to redistribute copies, and to distribute modified versions.
• In practice, this prevents "vendor lock-in" and ensures that the software can be audited for security and improved by a global community.
• The CLI First Approach:
• While modern Linux has excellent graphical interfaces (GUIs), the Command Line Interface (CLI) remains the primary tool for administrators, especially in Cloud Computing.
• Power of CLI:
  • Remote Management: Efficiently manage servers across the world via SSH with minimal bandwidth.
  • Automation & Scripting: Tasks that take hours in a GUI (e.g., creating 100 user accounts or searching 10GB of logs) can be automated with a simple script.
  • Reproducibility: A sequence of commands can be documented and repeated exactly, which is critical for Infrastructure as Code (IaC).

2. Linux Distributions & Families

A "Distribution" (or "Distro") is the Linux kernel bundled with a selection of software, a package manager, and default configurations.

• The Family Tree:
• Debian Family:
  • Members: Debian, Ubuntu, Linux Mint, Kali Linux.
  • Characteristics: Uses the .deb package format and the apt package manager.
  • Focus: Debian is the "grandfather" of this family, famous for its rigorous testing and extreme stability, making it a top choice for production servers. Ubuntu adds a layer of user-friendliness and more frequent updates.
• Red Hat Family:
  • Members: RHEL (Red Hat Enterprise Linux), Fedora, CentOS Stream, AlmaLinux, Rocky Linux.
  • Characteristics: Uses the .rpm package format and the dnf (formerly yum) package manager.
  • Focus: RHEL is the industry standard for enterprise environments, providing long-term support and certifications. Fedora serves as the upstream testing ground for RHEL, featuring the latest "bleeding-edge" technologies.
• SUSE Family: openSUSE, SLE (SUSE Linux Enterprise). Known for the YaST configuration tool and the zypper package manager.
• Independent: Distributions like Arch Linux or Gentoo follow a "Rolling Release" model, where updates are provided continuously rather than in major version jumps. These are highly customizable but require more advanced knowledge.
• Choosing a Distribution:
• For a Server: You typically prioritize Stability.
  • Example: Debian Stable or RHEL are preferred because their packages don't change frequently, reducing the risk of a system update breaking a critical service.
• For a Developer Workstation: You might prioritize Modernity.
  • Example: Fedora or Ubuntu provide newer versions of compilers, runtimes (Python, Go, Node.js), and kernels, which are essential for modern software development.
• Specialized Tasks:
  • Kali Linux for penetration testing and forensics.
  • Alpine Linux for lightweight Docker containers (very small footprint).

3. Preparing for Installation

Before installing Linux, you must ensure that your installation source is both intact and authentic.

• The ISO Image: An ISO file is an "optical disk image"—a single file containing the complete filesystem of an installation disk.
• Always download ISOs from the official distribution website (e.g., debian.org, getfedora.org) to avoid malware.
• Integrity & Authenticity Verification:

• Checksums (SHA256): A checksum is a unique "fingerprint" of a file. If even a single bit of the ISO changes (due to a bad download or malicious tampering), the checksum will not match.

  ```bash

  Calculate the SHA256 sum of the downloaded ISO

  sha256sum debian-12.0.0-amd64-netinst.iso

  Compare it against the official SHA256SUMS file

  If it returns "OK", the file is intact

  sha256sum -c SHA256SUMS --ignore-missing ```

• GPG (GNU Privacy Guard) Signatures: While a checksum proves the file hasn't changed, a GPG signature proves that the checksum file itself was created by the official developers. This protects against supply-chain attacks.

  ```bash

  1. Download and import the developer's public GPG key

  gpg --keyserver keyring.debian.org --recv-keys 64E628F8D684696D

  2. Verify the signature of the checksum file

  gpg --verify SHA256SUMS.sign SHA256SUMS

  Look for: "Good signature from..."

  ```

• Creating Bootable Media: Once verified, the ISO must be "burned" to a USB drive.

• Linux CLI (dd): A powerful tool to copy data byte-by-byte.

  ```bash

  WARNING: This will erase all data on the target drive (/dev/sdX)

  if=input file, of=output file, bs=block size, status=progress

  sudo dd if=linux.iso of=/dev/sdX bs=4M status=progress conv=fdatasync ```

• GUI Tools: Rufus (Windows), BalenaEtcher (Cross-platform), or Ventoy (allows multiple ISOs on one drive).

4. Practical Activity: Verification Demo

This session concludes with a hands-on demonstration of the security principles discussed.

• Instructor Demo:
• Navigate to the Debian CD image mirror.
• Download the SHA256SUMS and SHA256SUMS.sign files alongside a small netinst ISO.
• Perform the sha256sum -c check and explain why the --ignore-missing flag is used (since we didn't download all ISOs listed in the file).
• Student Exercise:
• Open your terminal and create a dummy file: echo "Hello Linux" > test.txt.
• Calculate its hash: sha256sum test.txt.
• Modify the file (echo "Hello linux" > test.txt) and observe how the hash changes completely (the "Avalanche Effect").

Resources

• Debian Official Site
• DistroWatch