Audit Your Way to Security: A Guide to Linux Auditing with auditd

 

Audit Your Way to Security: A Guide to Oracle Linux Auditing with auditd

Keeping your Linux secure requires vigilance. One essential tool for this task is auditd, the audit daemon. This blog post will serve as your guide to using auditd to track and analyze system activity on your Oracle Linux machine.

What is auditd?

Think of auditd as a watchful guardian, meticulously recording system events. These events can be anything from login attempts to file modifications. By analyzing these logs, you can identify potential security breaches and take appropriate action.

Getting Started with Auditd

Out of the box, Oracle Linux likely has the audit package pre-installed. If not, you can install it using sudo dnf install audit. The auditd service might also be running by default. You can check its status with sudo systemctl status auditd. If it's not running, use sudo service auditd start to get it going, and sudo systemctl enable auditd to ensure it starts automatically at boot.

Exploring Audit Logs and Rules

Audit logs are typically stored in /var/log/audit/audit.log. The rules that dictate which events are logged reside in /etc/audit/audit.rules. These rules are pre-configured, but you can customize them using the auditctl utility.

Customizing Audit Rules with auditctl

Let's say you want to keep a close eye on your SSH configuration file, /etc/ssh/sshd_config. You can use sudo auditctl -w /etc/ssh/sshd_config -p rwxa -k sshd_config to create a rule that monitors any attempts to read from, write to, or execute the file. This rule will be temporary, though.

Making it Permanent: Adding Custom Rules

To ensure your rule survives a reboot, you need to add it to a custom rule file placed in the /etc/audit/rules.d/ directory. For instance, you can create a file named my.rules and add the rule there.

Advanced Auditing with ausearch

Once you have audit logs, you'll want to analyze them. The ausearch command is your friend here. You can use it to search for specific events based on keywords or rules.

Keeping Your System Secure with Auditd

By effectively using auditd, you gain valuable insights into system activity. This allows you to detect potential security threats and take proactive measures to safeguard your [your_hostname] environment. Remember to explore the man pages for auditd, auditctl, and ausearch to delve deeper into their functionalities.

Happy and Secure Auditing!

 # Check if the audit package is installed
sudo dnf list installed "audit"

# Install the audit package if not installed
sudo dnf install -y audit

# Check the current status of auditd
sudo systemctl status auditd

# Start the auditd service
sudo service auditd start

# Enable auditd to start at boot time
sudo systemctl enable auditd

# Check the status of the kernel Audit subsystem
sudo auditctl -s

# Temporarily disable auditd
sudo auditctl -e 0

# Re-enable auditd
sudo auditctl -e 1

# View audit rules
sudo cat /etc/audit/audit.rules
sudo cat /etc/audit/rules.d/audit.rules

# Add an audit rule to log attempts to read or modify /etc/ssh/sshd_config
sudo auditctl -w /etc/ssh/sshd_config -p rwxa -k sshd_config

# Show current audit rules
sudo auditctl -l

# Add a permanent rule to /etc/audit/rules.d/my.rules
sudo tee /etc/audit/rules.d/my.rules > /dev/null <<'EOF'
-w /etc/ssh/sshd_config -p rwxa -k sshd_config
EOF

# Show the content of /etc/audit/rules.d/my.rules
sudo cat /etc/audit/rules.d/my.rules

# Search audit logs for the key sshd_config
sudo cat /var/log/audit/audit.log | grep sshd_config

# Search audit logs using ausearch
sudo ausearch --key sshd_config
sudo ausearch -i -k sshd_config

# Check if there are any rule changes to load
sudo augenrules --check

# Delete the previously added sshd_config custom rule
sudo auditctl -D -k sshd_config

# Merge the custom rule file
sudo augenrules --load

# Check active audit rules
sudo auditctl -l

# Add new rules to a new file /etc/audit/rules.d/new.rules
sudo tee /etc/audit/rules.d/new.rules > /dev/null <<'EOF'
-w /etc/passwd -p wa -k passwd_changes
-w /etc/selinux/ -p wa -k selinux_changes
EOF

# Load the new rules
sudo augenrules --load

# Re-check the active rules
sudo auditctl -l

# View the merged audit rules
sudo cat /etc/audit/audit.rules

# List files in /etc/audit
sudo ls -l /etc/audit

https://gist.github.com/Neo23x0/9fe88c0c5979e017a389b90fd19ddfee?permalink_comment_id=2394437

Auditing user activity on Linux is important for security, compliance, and troubleshooting. Here’s a comprehensive guide on how to audit user activity:

1. Why Audit User Activity?

• Security: Detect unauthorized access and potential security breaches.
• Compliance: Meet regulatory requirements (e.g., GDPR, HIPAA).
• Troubleshooting: Identify the cause of system issues.
• Accountability: Ensure users are responsible for their actions on the system.

2. What to Audit?

• User logins and logouts: Track who is accessing the system and when.
• Command execution: Monitor which commands are being executed.
• File access and modifications: Identify changes to critical files.
• Process creation: Observe processes started by users.
• System configuration changes: Keep track of modifications to system settings.

3. How to Audit?

Using auditd (Linux Auditing System)

Install auditd:

sudo yum install audit -y  # For Red Hat based systems
sudo systemctl enable auditd
sudo systemctl start auditd 

Configure Audit Rules:

-w /etc/passwd -p wa -k passwd_changes  # Monitor changes to /etc/passwd
-a always,exit -F arch=b64 -S execve -k commands  # Monitor all command executions 

Reload Audit Rules:

Using rsyslog for Authentication Logs

sudo auditctl -R /etc/audit/audit.rules

Configure rsyslog:

Ensure rsyslog is installed and running.

sudo yum install rsyslog -y
sudo systemctl enable rsyslog
sudo systemctl start rsyslog

Using last and lastb Commands

last
lastb  # For failed login attempts 

Search Audit Logs:

sudo ausearch -k commands  # Search for command execution logs
sudo ausearch -k passwd_changes  # Search for password file changes

Generate Audit Reports:

sudo aureport -au  # Authentication report
sudo aureport -x  # Executed command report

4. How to Analyze?

• Manual Analysis:

sudo grep "user" /var/log/audit/audit.log  # Find entries related to a specific user 

• Automated Analysis: Set up automated scripts or use third-party tools (e.g., Splunk, ELK Stack) to parse and analyze logs.

5. How to Improve?

• Regular Audits: Schedule regular audits to ensure ongoing compliance and security.
• Alerting: Set up alerts for suspicious activities using tools like auditd, rsyslog, or third-party monitoring solutions.
• Training: Train administrators on best practices for auditing and analyzing logs.
• Update Rules: Continuously update audit rules to cover new security threats and compliance requirements.

6. Here’s What Else to Consider

• Performance Impact: Excessive auditing can impact system performance. Balance the granularity of auditing with performance considerations.
• Storage Management: Ensure adequate log storage and implement log rotation to manage space.
• Security of Logs: Protect log files from unauthorized access and tampering. Use secure storage and transfer mechanisms.

By following these steps, you can effectively audit user activity on Linux systems, ensuring security, compliance, and efficient troubleshooting.

#OracleLinux #LinuxSecurity #Auditd #SecurityCompliance #SystemMonitoring #UserActivityAudit #LogAnalysis #redhat #oraclelinux

The Agile Triangle vs. the Triple Constraint: A Comparison of Project Management Concepts

The Agile Triangle and the Triple Constraint are two of the most important concepts in project management. Both concepts focus on the three key factors that can impact the success of a project: scope, time, and cost. However, there are some key differences between the two concepts.

The Triple Constraint is a traditional project management concept that views these three factors as fixed, and that any change to one factor will require a corresponding change to the others. This can make it difficult to manage projects that are complex or have changing requirements.

The Agile Triangle is a more flexible approach to project management that views these three factors as being more fluid. This allows for more adaptability and responsiveness to change, which can be important in Agile projects.

In the Agile Triangle, the three key elements are:

1. Quality: Represents the level of excellence or fitness for purpose of the deliverables produced in the project. Quality encompasses aspects such as customer satisfaction, meeting user needs, and adhering to industry standards.

2. Value: Refers to the business value or benefits derived from the project's outcomes. Agile methodologies focus on delivering incremental value throughout the project, with a strong emphasis on satisfying customer needs and maximizing the return on investment (ROI).

3. Constraints: These are the limitations or boundaries within which the project operates. Constraints can include factors such as time, cost, resources, and scope. While Agile approaches are flexible and adaptable, they recognize that certain limitations still exist and need to be managed effectively.

The Agile Triangle acknowledges that in Agile project management, the scope may change dynamically, and it prioritizes customer satisfaction and value delivery over fixed scope and rigid timeframes. The emphasis is on producing high-quality deliverables that provide the most value to the customer or end-user.

The Agile Triangle is a visual representation of the Agile mindset and serves as a reminder that Agile projects focus on delivering value in an iterative and adaptive manner, with an unwavering commitment to quality and responsiveness to changing needs and priorities.

In this article, we will discuss the Agile Triangle and the Triple Constraint in more detail. We will also compare the two concepts and discuss the implications for project managers

Let's dive into the differences between these approaches.

The Triple Constraint is a traditional project management concept that sees scope, time, and cost as fixed entities. It suggests that any change in one of these factors will inevitably impact the others. While this can work well for straightforward projects, it can pose challenges when dealing with complex or evolving requirements.

On the other hand, we have the Agile Triangle, which takes a more flexible and adaptable approach. It recognizes that scope, time, and cost can be fluid and subject to change. This allows for greater adaptability and responsiveness, which is particularly valuable in Agile projects.

To help visualize the differences, let's look at a comparison table:

While both concepts have their merits, choosing the right approach depends on the specific project and stakeholder needs. The Agile Triangle is particularly useful for project managers seeking flexibility and adaptability in managing projects.

Let's delve into a few additional points of comparison:

1. Emphasis: The Agile Triangle places more emphasis on value and quality, while the Triple Constraint focuses primarily on scope, time, and cost.

2. Adaptability: The Agile Triangle allows for greater adaptability to change, while the Triple Constraint can be more rigid and resistant to change.

3. Applicability: The Agile Triangle is well-suited for Agile projects, while the Triple Constraint can be utilized in both traditional and Agile projects.

Remember, the most effective approach to project management depends on the project and its unique requirements. The Agile Triangle offers project managers a more flexible and adaptable framework for managing projects.

I hope this comparison helps you understand the differences between the Agile Triangle and the Triple Constraint. If you have any questions or thoughts on these concepts, please feel free to share!

What are Init Containers in Kubernetes?

 

What are Init Containers in Kubernetes?

An init container is a special type of container in Kubernetes that is used to perform tasks before the main application containers in a pod are started. Init containers are always run to completion, and each init container must complete successfully before the next one starts.

This allows you to ensure that certain conditions are met before your application containers start, such as:

1. Downloading and installing dependencies

2. Creating or mounting volumes

3. Running scripts to configure the environment

4. Ensuring that the pod has access to certain resources

Init containers are a powerful way to improve the reliability and security of your Kubernetes applications.

They can help you to:

• Reduce the attack surface of your application containers by running security-sensitive tasks in separate containers

• Avoid errors caused by dependencies not being available when your application containers start

• Improve the performance of your application containers by performing time-consuming tasks before they start

Here are some examples of tasks that you can perform in an init container:

1. Download and install dependencies

2. Create or mount volumes

3. Run scripts to configure the environment

4. Ensuring that the pod has access to certain resources

5. Wait for a certain condition to be met, such as the availability of a database

6. Run health checks to ensure that the pod is ready to start

Unlike jobs, init containers are always run as part of the pod's lifecycle. This means that they are always deleted when the pod is deleted, even if the pod fails.

Here is a simple example of an init container that downloads and installs the curl command:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  initContainers:
  - name: install-curl
    image: busybox
    command: ["sh", "-c", "curl -sL https://curl.haxx.se/download/curl-7.82.0.tar.gz | tar -xz"]
  containers:
  - name: my-app
    image: my-app

This init container will download the curl command from the curl website and extract it to the current directory. Once the init container completes, the my-app container will start.

#kubernetes #initcontainers #containers #pod #devops

The Importance of a Project Charter and Project Business Case

The Importance of a Project Charter and Project Business Case

Project Charter : 

A project charter is a formal document that describes the purpose, scope, objectives, and stakeholders of a project. It is used to obtain approval for the project and to provide a high-level overview of the project to key stakeholders.

The project charter is typically created by the project manager, with input from the project sponsor, key stakeholders, and other members of the project team. It is reviewed and approved by the project sponsor before the project can begin.

The project charter should be a living document that is updated as the project progresses. This ensures that the project remains aligned with the organization's strategic goals and that the project team is aware of any changes to the project scope or objectives.

Components of a Project Charter : 

The following are the key components of a project charter:

• Project Purpose or Justification: This section outlines the rationale for undertaking the project, including the identified business need or opportunity that the project aims to address.

• Project Objectives: Clear and measurable objectives are defined to determine the project's success criteria. These objectives should align with the organization's strategic goals.

• Project Scope: The scope statement defines the boundaries of the project by specifying what is included and what is excluded. It helps in clarifying the project's focus and avoiding scope creep.

• Stakeholders: Identification of key stakeholders, including the project sponsor, customer, and other relevant parties, is essential. Understanding their expectations and requirements is crucial for project success.

• High-Level Requirements: This section highlights the major requirements that the project needs to meet. It provides an overview of what the project is expected to deliver.

• Assumptions and Constraints: Assumptions are factors considered to be true, real, or certain for planning purposes, while constraints are factors that limit the project team's options. Both need to be documented to provide clarity and guide decision-making.

• Milestones or Deliverables: Key project milestones or deliverables are identified to monitor progress and provide a basis for project control.

• Project Organization: The project charter typically includes the roles and responsibilities of the project team members, project sponsor, and other relevant stakeholders.

• High-Level Risks: Major risks or potential obstacles that may impact the project are identified. These risks can be further assessed and managed during the project planning phase.

Importance of a Project Charter

The project charter is an important document that serves several purposes, including:

• Obtaining approval for the project: The project charter is used to obtain approval for the project from the project sponsor and other key stakeholders. It provides them with a high-level overview of the project and helps them to understand the benefits of the project and the risks involved.

• Communicating the project's purpose and scope: The project charter communicates the project's purpose and scope to the project team and other stakeholders. This helps to ensure that everyone is on the same page and that the project is aligned with the organization's strategic goals.

• Serving as a reference document: The project charter serves as a reference document throughout the project lifecycle. It can be used to track the project's progress, make decisions, and resolve conflicts.

• Establishing a baseline for project control: The project charter establishes a baseline for project control. This means that the project's objectives, scope, and budget are set at the beginning of the project and are used to measure the project's progress throughout the lifecycle.

Creating a Project Charter:

The following are some tips for creating a project charter:

• Involve key stakeholders: The project charter should be created with input from key stakeholders. This ensures that the project charter reflects the needs and expectations of all stakeholders.

• Keep it concise: The project charter should be concise and easy to understand. It should not be longer than a few pages.

• Use clear and concise language: The project charter should be written in clear and concise language that is easy to understand. Avoid using jargon or technical terms.

• Be specific: The project charter should be specific and provide clear details about the project. This includes the project's purpose, objectives, scope, deliverables, and stakeholders.

• Be realistic: The project charter should be realistic and achievable. It should not set unrealistic expectations for the project.

• Be flexible: The project charter should be flexible and adaptable. It should be able to accommodate changes to the project's scope, objectives, or budget.

The project charter is an important document that serves several purposes. It is used to obtain approval for the project, communicate the project's purpose and scope, serve as a reference document, and establish a baseline for project control. The project charter should be created with input from key stakeholders and should be concise, clear, specific, realistic, and flexible.

Project Business Case:

In PMBOK7, the project charter is replaced by the "Project Business Case". The Project Business Case is developed during the Define Project or Phase process, which is part of the new Initiating and Planning domain.

The Project Business Case is a document that describes the business need for the project, the project's objectives, the project's benefits, and the project's risks. It is used to obtain approval for the project from the project sponsor and other key stakeholders.

The Project Business Case should be concise, clear, and specific. It should be written in a way that is easy for the project sponsor and other key stakeholders to understand.

The following are the key components of a Project Business Case:

• Business Need: This section describes the business need for the project. It should explain why the project is necessary and how it will benefit the organization.

• Project Objectives: This section defines the project's objectives. It should be clear, measurable, and achievable.

• Project Benefits: This section describes the benefits that the project will deliver to the organization. It should be quantifiable and realistic.

• Project Risks: This section identifies the risks that could impact the project. It should include a risk assessment and a plan for mitigating the risks.

The Project Business Case is an important document that serves several purposes. It is used to obtain approval for the project, communicate the project's purpose and scope, serve as a reference document, and establish a baseline for project control. The Project Business Case should be created with input from key stakeholders and should be concise, clear, specific, realistic, and flexible.

Here are some of the benefits of using a Project Business Case:

• Increased project success: Projects with a well-defined business case are more likely to be successful. This is because the business case provides a clear understanding of the project's purpose, objectives, and benefits.

• Improved decision-making: The business case provides information that can be used to make informed decisions about the project. This includes decisions about the project's scope, budget, and schedule.

• Increased stakeholder alignment: The business case helps to ensure that all stakeholders are aligned on the project's purpose, objectives, and benefits. This can help to reduce conflict and improve communication throughout the project lifecycle.

Project Business Case VS. Project Charter: 

Feature	Project Business Case	Project Charter
Purpose	To justify the need for the project and obtain approval from stakeholders	To formally authorize the project and define its scope, objectives, and stakeholders
Content	* Business need * Project objectives * Project benefits * Project risks * Financial analysis * Implementation plan	* Project purpose * Project objectives * Project scope * Project stakeholders * Assumptions and constraints * High-level risks * Milestones or deliverables * Project organization
Format	Formal document	Informal document
Audience	Project sponsor and other key stakeholders	Project manager and other project team members
Timing	Created during the initiation phase of the project	Created during the initiating process group
Use	Used to obtain approval for the project and to communicate the project's purpose and scope to stakeholders	Used to formally authorize the project and to define its scope, objectives, and stakeholders

The Project Business Case and the Project Charter serve different purposes and have different contents.

The Project Business Case focuses on justifying the need for the project and obtaining approval from stakeholders. It includes information such as the business need, project objectives, project benefits, project risks, financial analysis, and implementation plan. The Project Business Case is a formal document that is created during the initiation phase of the project and is primarily intended for the project sponsor and other key stakeholders.

On the other hand, the Project Charter is used to formally authorize the project and define its scope, objectives, and stakeholders. It includes information such as the project purpose, project objectives, project scope, project stakeholders, assumptions and constraints, high-level risks, milestones or deliverables, and project organization. The Project Charter is typically an informal document created during the initiating process group and is primarily intended for the project manager and other project team members.

While both the Project Business Case and the Project Charter are important documents, they serve different purposes and have different audiences. The Project Business Case focuses on justifying the need for the project and obtaining approval, while the Project Charter focuses on formally authorizing the project and defining its scope and objectives. However, both documents are crucial in ensuring project success, as they provide a clear understanding of the project's purpose, objectives, benefits, and risks

#ProjectCharter 

#BusinessCase

#ProjectManagement

#ProjectSuccess

#ProjectPlanning

#ProjectExcellence

#ProjectLeadership

#ProjectStrategy

#ProjectObjectives

#StakeholderEngagement

#ProjectClarity

#DecisionMaking

#ProjectJustification

#ProjectViability

#ProjectAlignment

#ProjectBenefits

#CostBenefitAnalysis

#ProjectRisks

#ProjectImplementation

#ProjectOutcomes

#projectmanagemen 

#projectsuccess 

#projectleadership

#projectteamwork

#projectcommunication

#projectplanning

#projectexecution

#projectcontrol

#projectclosure

#projectmanagementtips

#projectmanagementtools

#projectmanagementresources

#projectmanagementcareers

#projectmanagementcommunity

#projectmanagementbooks

#projectmanagementpodcasts

#projectmanagementconferences

#projectmanagementblog

Closing the Charter Gap: Aligning Requirements with Benefits

 🔑 Closing the Charter Gap: Aligning Requirements with Benefits 🔑

As certified PMPs, we excel at controlling scope, managing schedules, and delivering projects on budget. However, we often encounter a common challenge: successful project delivery in terms of scope may not always translate into the expected benefits. This discrepancy between the project charter and scope can introduce unforeseen covert constraints that hinder the project's impact.

The repercussions of this gap are numerous, ranging from the need for additional sub-projects, funding, and configuration changes to project management credibility and stakeholder management drama. To mitigate these issues, we must focus on closing the Charter Gap.

Closing the Charter Gap entails validating project requirements against anticipated benefits and the business case. By doing so, we ensure that the end-product will deliver the envisioned financial, service, and cultural outcomes.

Let's bridge the Charter Gap and unlock the true potential of our projects!

💪💼🌟 #ProjectManagement #PMP #CharterGap #RequirementsAndBenefits #BusinessCase #ProjectSuccess

Example of scripts and solution

Practice Exercises:

Exercise 1:

Write a shell script that prints "Shell Scripting is Fun!" on the screen.

Hint 1:  Remember to make the shell script executable with the chmod command.

Hint 2:  Remember to start your script with a shebang !

Exercise 2:

Modify the shell script from exercise 1 to include a variable.  The variable will hold the contents of the message "Shell Scripting is Fun!".

Exercise 3:

Store the output of the command "hostname" in a variable.  Display "This script is running on _______." where "_______" is the output of the "hostname" command.

Hint:  It's a best practice to use the ${VARIABLE} syntax if there is text or characters that directly precede or follow the variable.

Exercise 4:

Write a shell script to check to see if the file "/etc/shadow" exists.  If it does exist, display "Shadow passwords are enabled."  Next, check to see if you can write to the file.  If you can, display "You have permissions to edit /etc/shadow."  If you cannot, display "You do NOT have permissions to edit /etc/shadow."

Exercise 5:

Write a shell script that displays "man", "bear", "pig", "dog", "cat", and "sheep" on the screen with each appearing on[…]”

Excerpt From: Cannon, Jason. “Shell Scripting: How to Automate Command Line Tasks Using Bash Scripting and Shell Programming”. Apple Books. 

“Solutions to the Practice Exercises

Exercise 1:

#!/bin/bash

echo "Shell Scripting is Fun!"

Exercise 2:

#!/bin/bash

MESSAGE="Shell Scripting is Fun!"

echo "$MESSAGE"

Exercise 3:

#!/bin/bash

HOST_NAME=$(hostname)

echo "This script is running on ${HOST_NAME}."

Exercise 4:

#!/bin/bash

FILE="/etc/shadow"

if [ -e "$FILE" ]

then

  echo "Shadow passwords are enabled."

fi

if [ -w "$FILE" ]

then

  echo "You have permissions to edit ${FILE}."

else

  echo "You do NOT have permissions to edit ${FILE}."

fi

Exercise 5:

#!/bin/bash

for ANIMAL in man bear pig dog cat sheep

do

“ echo "$ANIMAL"

done

Exercise 6:

#!/bin/bash

read -p "Enter the path to a file or a directory: " FILE

if [ -f "$FILE" ]

then

  echo "$FILE is a regular file."

elif [ -d "$FILE" ]

then

  echo "$FILE is a directory."

else

  echo "$FILE is something other than a regular file or directory."

fi

ls -l $FILE

Exercise 7:

#!/bin/bash

FILE=$1

if [ -f "$FILE" ]

then

  echo "$FILE is a regular file."

elif [ -d "$FILE" ]

then

  echo "$FILE is a directory."

else

  echo "$FILE is something other than a regular file or directory."

fi

ls -l $FILE

Exercise 8:

#!/bin/bash

for FILE in $@

do

  if [ -f "$FILE" ]

  then

    echo "$FILE is a regular file."

  elif [ -d "$FILE" ]

  then

    echo "$FILE is a directory."

  else

    echo "$FILE is something other than a regular file or directory."

  fi

  ls -l $FILE

done”

Excerpt From: Cannon, Jason. “Shell Scripting: How to Automate Command Line Tasks Using Bash Scripting and Shell Programming”. Apple Books. 

Why you should do shell scripting and what is The Shebang: ?

Why you should do shell scripting :

Whether you have you perform the same task, again and again, every day and it is boring, right?  “For example, if there is a slight chance that you will have to perform the same set of commands again, to make it easier you should try to create a shell script then and there you have to do it again.  
When I need to do that task again, I could execute that script.  If maintenance needs to be performed on a system at 3:00 in the morning, we can write a script that does the required work and schedule a job to run it.”

SHELL SCRIPTING, in brief:- 

• A script is a command-line program that contains a series of commands. 
• The commands contained in the script are executed by an interpreter. 
• In the case of shell scripts, the shell acts as the interpreter and executes the commands listed in the script one after the other.
• Anything you can execute at the command line, you can put into a shell script.  
• Shell scripts are great at automating tasks.  
• If you find yourself running a series of commands to accomplish a given task and will need to perform that task again in the future, you can—and probably should—create a shell script for that task.

A simple shell script:-

The name of this script is the script.sh  

#!/bin/bash

echo "Hello, this is my first script and it's awesome!"

Before you try to execute the script, make sure that it is executable

$ chmod 755 script1.sh

$ chmod  +x script1.sh

Here is what happens when you execute the script.

$ ./script.sh

The Shebang:

You'll notice that the first line of the script starts with #! followed by the path to the bash shell program, /bin/bash. 

The number sign is very similar to the sharp sign used in music notations - “Also, some people refer to the exclamation mark as a "bang."  So, #! can be spoken as "sharp bang."  The term "Shebang" is an inexact contraction of "sharp bang."

When a script's first line starts with a shebang, what follows is used as the interpreter for the commands listed in the script.  Here are three examples of shell scripts, each using a different shell program as the interpreter.”

- Excerpt From Cannon, Jason. “Shell Scripting: How to Automate Command Line Tasks Using Bash Scripting and Shell Programming”. Apple Books.