98
Chapter 11. Incident Response
Command
Function
Example
dd
Creates a bit image copy (or disk
dd if=/bin/ls of=ls.dd
dump) of files and partitions.
|md5sum ls.dd >ls sum.txt
Combined with a check of the
md5sums of each image,
administrators can compare a
pre breach image of a partition or
file with a breached system to see if
the sums match.
grep
Find useful string (text) information
ps auxw |grep /bin
on and inside files and directories
such as permissions, script changes,
file attributes, and more. Used
mostly as a piped command of
another command such as
ls
,
ps
, or
ifconfig
strings
Prints the strings of printable
strings /bin/ps |grep
characters in a file. It is most useful
'mail'
for auditing executables for
anomalies such as
mail
commands
to unknown addresses or logging to
a non standard log files.
file
Determines the characteristics of
file /bin/ls
files based on format, encoding,
libraries that it links (if any), and file
type (binary, text, and more). Useful
for determining whether an
executable such as
/bin/ls
has
been modified using static libraries,
a sure sign that that a modification
has occurred.
find
Search directories for particular
find  atime +12  name *log*
files.
find
is a useful tool for
 perm u+rw
searching the directory structure by
keyword, date and time of access,
permissions, and more. This can be
useful for administrators that
perform general system audits of
particular directories or files.
stat
Displays various information about a
stat /bin/netstat
file, including time last accessed,
permissions, UID and GID bit
settings, and more. Useful for
checking when a breached system
executable was last used and/or
when it was modified.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved