I Built a Site Where You Fix Broken Linux Servers — Entirely in Your Browser

⏱ approx. 7 min views 26 likes 0 LOG_DATE:2026-07-04
TOC

Reading Linux articles can make you feel like you understand — until you face an actually broken server and your hands freeze. To close that gap, I built and released a practice site where you investigate and repair a broken Linux server entirely in your browser. No installation, no account, free of charge. The VM runs inside your own browser, so no matter how badly you break it, nobody else is affected.

▸ The practice site

Linux Troubleshooting Trainer — https://holmes-jp.github.io/linux-trainer-web/
Just open it in a desktop browser (the first boot takes a moment while the disk image streams in). Progress is saved in your browser (localStorage), so there is no account to create. The UI is currently Japanese.

20
Scenarios
6
Categories
3
Difficulty levels
$0
Price (no ads)
01

What it is — fix the broken server, get graded automatically #

The concept is the same as SadServers, the popular Linux incident-response practice site — reimagined as browser-only, Japanese, and free. One scenario flows like this:

1. Pick a scenario
Filter the list by difficulty (easy / medium / hard) and category. The detail page shows the situation and the commands you are expected to need before you launch.
2. The VM boots and "breaks" itself
Once Debian boots in the browser, the scenario's setup script deliberately sabotages the server — smashed permissions, deleted config files, a runaway process, and so on.
3. Investigate and repair in the terminal
Use a real shell — ls, grep, chmod, ps — to find the cause and fix it. Staged hints are available when you get stuck.
4. Check grades you automatically
Hit Check (or Ctrl+Enter) to be graded. Judging looks only at the final state, so any repair method counts. Your clear time is recorded too.
▸ Why grading looks at final state, not command history

The grader does not watch what you type. It only checks the current state — is the service running, are the file permissions correct. Real-world troubleshooting has no single correct procedure: fix it with vim or fix it with sed, and either way, fixed is fixed.

Scenarios span six categories: permissions / filesystem / processes / disk / services / logs — including security-flavored ones like "find the intrusion traces in the logs" and "clean out the planted backdoor".

02

How it works — a real x86 Linux running inside the browser #

The heart of the site is WebVM (CheerpX): a virtualization engine with an x86-to-WebAssembly JIT compiler that runs an unmodified Debian inside the browser. The terminal on screen is not a "Linux-like simulation" — it is real bash, real coreutils, and a real filesystem.

Aspect Traditional setups (VirtualBox / cloud VM) This site (WebVM)
Setup Install software / create accounts / configure billing Just open a browser
Where it runs Your PC or the cloud In the browser (fully client-side)
After you break it Restore snapshots, clean up Reload the page and it's pristine
Root access Depends on the environment Root from the start — break anything
Network attack practice Depends on the environment Not possible (browser constraints)

From a security standpoint, the interesting part is that the "victim server" exists only inside your browser's sandbox. There is no VM on the server side at all, so whatever you destroy stays inside the tab. A learning environment where even rm -rf experiments are genuinely safe is rarer than you might think.

▸ Known limitations

Because the VM lives in the browser, network exercises (ssh connections, port scanning, etc.) are not possible. The first load takes a while as the disk image streams in, and execution is slower than a native VM. The design deliberately focuses on strength training for Linux operation and troubleshooting.

03

How to get the most out of it — pair it with the theory #

Reading this site's Linux explainer first — kernel, filesystem, processes, permissions — makes the commands click much faster once you start the exercises. The reverse also works: get stuck in a scenario, then come back to the theory and watch the permission model suddenly make sense.

If your goal is hacking, remember that the foundation of CTFs and penetration testing is ultimately the ability to investigate quickly on a Linux box. Digging through logs, spotting a suspicious process, noticing a permission hole — the trainer's six categories map directly onto the basic fitness of offensive security.

▸ Start with an easy one

→ Open Linux Troubleshooting Trainer
The source code is public at GitHub (Holmes-JP/linux-trainer-web). Bug reports and scenario requests are welcome via GitHub Issues.

𝕏 Post B! Hatena

COMMENTS 0

No comments yet — be the first to leave one.

Post a comment