Scanning Linux For Intrusion With RKHunter

Thursday, July 16, 2015 - 17:07

RKHunter (or Root Kit Hunter) is a program that can be used to scan a Linux machine to see if there is anything there that might be a sign of a security breach. It will scan all of the files on the system and look out for any suspicious files or unexpected changes to system files that might indicate a security breach. Just like anti-virus systems it has a database of root kit definitions that it will use to compare files against to see if they are infected but will also just check for changes to core system files.

Find Architecture And Version Of A Linux Box

Tuesday, August 12, 2014 - 23:20

When doing an audit of an existing Linux server a good first step is to find out what distribution is running and if the server is running a 32 or 64 bit architecture.

To find out what architecture a server is running you can run the uname command, which will print out certain system information. This must be supplied with the -a flag in order to print out as much information as possible. uname -a

This will print out a line similar to the following on an Ubuntu system.


Print A Specific Block Of Lines From A File In Linux

Tuesday, May 20, 2014 - 21:08

If you have a large file of data that you are trying to import, or a log file you are trying to dissect then you'll rarely want to print it directly out to the screen. Using commands like more or programs like vim can make things a little easier but you still have to run through potentially thousands of lines to find the correct block.


Automatically List Directory Contents When Changing Directory In Linux

Tuesday, January 28, 2014 - 23:56

When navigating around a Linux box I tend to find I use the same two commands a lot. The first is 'cd' to change a directory, and the second is 'ls' in order to see what is in the new directory. Rather than do this over and over again I decided to look around for a good solution to automate this.


Copying Files With Secure Copy

Saturday, June 15, 2013 - 19:52

The secure copy command (run using scp) is a Linux command that allows the transfer of files between two computers. This can be locally to a remote server, from a remote server to a local location, or even between two remote servers.

When copying to or from a remote host scp uses ssh for the data transfer. This means that authentication is required, but the files are copied in a secure fashion. When starting a scp request the command first sets up an ssh connection to the remote location, which is then used for the rest of the transfer.


Uzing Tar To Compress And Uncompress Files

Sunday, February 3, 2013 - 22:13

The tar command can be used to compress or extract one or more files in Linux. A tar file isn't actually a compressed format, instead it is a collection of files within a single file. The tar command can take one or more files, convert them into a tar file and then compress it into a gzip file format. The file created will have the extension tar.gz.

There are a large number of flags that can be used but the main ones for everyday use are.