What is Linux and how it differs from other OSes

Linux is not an operating system. It is a kernel, the core piece of software that talks directly to your hardware. Everything you see on screen, every file you open, every network packet you send, goes through the kernel. The rest of what people call “Linux” is actually a collection of tools, libraries, and programs built on top of that kernel.

This distinction matters because it explains why Linux comes in so many flavors (called distributions) and why it behaves differently from Windows or macOS at a fundamental level.

The kernel vs the operating system

The kernel handles four things:

1. Process management decides which programs get CPU time and when.
2. Memory management tracks which chunks of RAM belong to which process.
3. Device drivers translate between hardware (disk, keyboard, network card) and software.
4. System calls provide the interface that programs use to request services from the kernel.

When you type ls in a terminal, the ls program makes system calls to the kernel, which reads the filesystem, which talks to the disk driver. You never interact with the kernel directly.

graph TD
  A[User Applications] --> B[Shell / Desktop Environment]
  B --> C[System Libraries - glibc]
  C --> D[Linux Kernel]
  D --> E[Hardware - CPU, RAM, Disk, Network]
  style D fill:#f9a825,stroke:#f57f17,color:#000

An “operating system” in the full sense includes the kernel plus userspace tools: the shell, file utilities, package manager, init system, and optionally a graphical desktop. GNU/Linux is the technically correct name because most of those userspace tools come from the GNU project.

How Linux differs from Windows and macOS

Three things stand out:

Everything is a file. In Linux, hardware devices, running processes, and even system information are represented as files. Your hard drive is /dev/sda. Process info lives in /proc. This is not a metaphor. You can cat /proc/cpuinfo and read your CPU details as plain text.

You have real control. Linux does not hide system internals behind GUIs. You can see every running process, modify every config file, and rebuild the kernel if you want. Windows and macOS actively prevent this level of access.

The permission model is simpler and stricter. Every file has an owner, a group, and three permission levels (read, write, execute). There is no complex ACL by default, no registry, no hidden permission inheritance. This simplicity makes Linux easier to audit and harder to misconfigure in subtle ways.

Why Linux matters for developers

Most servers run Linux. As of 2024, over 96% of the top million web servers use Linux. If you deploy code, you deploy to Linux. Developing on Linux means your local environment matches production, which eliminates an entire class of “works on my machine” problems.

The toolchain is native. Compilers, interpreters, containers (Docker runs natively on Linux), and automation tools are all built for Linux first. On macOS you are often running compatibility layers. On Windows you need WSL, which is literally a Linux kernel running inside Windows.

Why Linux matters for security

Security professionals need Linux for several reasons:

• Most security tools (nmap, Wireshark, Burp Suite, Metasploit) run natively on Linux
• You need to understand Linux to attack or defend Linux servers
• Forensic analysis of compromised systems requires knowing the filesystem layout, log locations, and process model
• Privilege escalation techniques exploit Linux-specific features like SUID binaries and misconfigured permissions

Distributions: why there are so many

A Linux distribution (distro) packages the Linux kernel with a specific set of tools, a package manager, and default configurations. Think of it like this: the kernel is an engine, and each distro is a different car built around that engine.

Common distributions and when to use them:

Ubuntu is the most popular desktop and server distro. Based on Debian. Uses apt for packages. Good default choice if you have no strong preference. LTS (Long Term Support) releases get 5 years of updates.

Debian is what Ubuntu is built on. More conservative with updates. Extremely stable. Preferred for servers where you want predictability over new features.

Arch Linux gives you a minimal base and lets you build up. Rolling release means you always have the latest software. You will learn more about Linux by using Arch because nothing is done for you automatically.

Fedora is Red Hat’s community distro. Uses dnf for packages. Gets new features faster than Ubuntu. Good for developers who want recent software without Arch’s manual setup.

CentOS Stream / Rocky Linux / AlmaLinux are enterprise-grade, based on RHEL. Used in corporate servers. Long support cycles.

The open source model

Linux is released under the GPL (GNU General Public License). This means:

1. Anyone can view the source code
2. Anyone can modify it
3. Anyone can distribute their modified version
4. Modified versions must also be open source (this is the “copyleft” part)

This matters practically because bugs get found and fixed by thousands of developers worldwide. Security vulnerabilities in the kernel are typically patched within days. Compare this to proprietary systems where you wait for the vendor to acknowledge and fix the problem.

Example 1: Check your kernel version and system info

Let’s see what Linux looks like in practice. Open a terminal and run:

uname -a

Output:

Linux devbox 6.5.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 7 15:10:09 UTC 2024 x86_64 GNU/Linux

Breaking this down:

• Linux is the kernel name
• devbox is the hostname
• 6.5.0-44-generic is the kernel version
• x86_64 is the CPU architecture
• GNU/Linux confirms this is a GNU/Linux system

For more detail:

cat /etc/os-release

Output:

PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
ID=ubuntu
ID_LIKE=debian

This tells you the distribution name, version, and what it is based on (ID_LIKE=debian).

Example 2: Explore the “everything is a file” philosophy

Let’s prove that Linux really does expose hardware and system info as files.

Read CPU information:

cat /proc/cpuinfo | head -20

Output:

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 142
model name	: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
stepping	: 10
microcode	: 0xf4
cpu MHz		: 1992.000
cache size	: 8192 KB

Check available memory:

cat /proc/meminfo | head -5

Output:

MemTotal:       16384000 kB
MemFree:         8234567 kB
MemAvailable:   12456789 kB
Buffers:          234567 kB
Cached:          3456789 kB

List block devices (disks):

lsblk

Output:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      8:0    0   500G  0 disk 
├─sda1   8:1    0   512M  0 part /boot/efi
├─sda2   8:2    0   488G  0 part /
└─sda3   8:3    0  11.5G  0 part [SWAP]

Notice how sda is your physical disk, and sda1, sda2, sda3 are partitions. These are also accessible as files under /dev/:

ls -l /dev/sda*

Output:

brw-rw---- 1 root disk 8, 0 Jun 15 10:00 /dev/sda
brw-rw---- 1 root disk 8, 1 Jun 15 10:00 /dev/sda1
brw-rw---- 1 root disk 8, 2 Jun 15 10:00 /dev/sda2
brw-rw---- 1 root disk 8, 3 Jun 15 10:00 /dev/sda3

The b at the start means “block device.” This is a file that represents a physical storage device. You can read from it, write to it (carefully), and the kernel translates those operations into actual disk I/O.

What comes next

The next article in this series is Installing Linux and setting up your environment, where you will choose a distro, create a bootable USB, and get a working Linux system running.

If you are interested in why Linux security matters from an attacker’s perspective, check out How attackers think in the Cybersecurity from Scratch series.