If you’re like me that test pretty much any os and apps in some sort of virtual environment. In my case I use VMware Workstation, so when I decided to test Backtrack 4 final, I needed to install the vmware Tools, and here I go over the commands needed to install the vmware tools.

1- First go to VM->Install Vmware Tools (the figure shows as Reinstall VMware Tools because I had previously installed it) but yours should say “Install”

Read the rest of this entry »

I decided to make a guide about TCP/IP configuration in Linux, and you may ask: well, what Linux distribution in specific? I know!, there are hundreds of Linux distribution, but for this guide, I’m only going to cover the two most used Linux distribution: Ubuntu and Fedora. Ubuntu is a Debian derivative, so the Ubuntu portion of TCP/IP configuration applies to any distro based on Debian. And the same goes for Fedora, which is based on RedHat Linux.

First, you want to find out what interfaces you have, and what ip address, “if any,” was assigned to your computer. For this use the “ifconfig” command:

ifconfig  #will list all enabled interfaces

if you are looking for a specific interface:

ifconfig eth0 #will only display the configuration for eth0 interface

If you get no interfaces other than the loopback address, it is time to do some troubleshooting and find out whether your network card was detected by Linux or not.

sudo lspci | grep -i ethernet #displaying all your ethernet cards

if you’re troubleshooting a wireless card just change “ethernet” for “wireless.”
other useful command when troubleshooting network card and drivers is “lsmod” Read the rest of this entry »

To see which processes are currently on a system, most people use the “ps” and “top” commands. The “ps” command gives you a snapshot (in a single list) of processes running at the moment. The “top” command offers a screen oriented, constantly updated listing of running commands, sorted as you choose ( by CPU, memory, UID, etc).

ps #List processes of current user at current shell

root@ubuntu-box:~# ps
  PID TTY          TIME CMD
 2988 pts/0    00:00:00 su
 2996 pts/0    00:00:00 bash
 3047 pts/0    00:00:00 ps

ps -u jorge #Show all jorge’s running processes

root@ubuntu-box:~# ps -u jorge
  PID TTY          TIME CMD
 2662 ?        00:00:00 x-session-manag
 2725 ?        00:00:00 VBoxClient
 2730 ?        00:00:00 VBoxClient
 2737 ?        00:00:00 VBoxClient
 2748 ?        00:00:00 ssh-agent

ps -u jorge u #Show all running processes with CPU/MEM Read the rest of this entry »

Running out of disk space can be annoying on your desktop system and potentially a disaster on your servers. To determine how much disk space is available and how much is currently in use, you can use the “df” command. To check how much space particular files and directories are consuming, use the “du” command.
The “df” command provides the “-h” options which output in a human-readable, usually in MB or GB.
This command display space on file systems in human-readable form

[root@Fedora11-vbox ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_fedora11vbox-lv_root
                      6.7G  3.6G  2.9G  56% /
/dev/sda1             194M   21M  163M  12% /boot
tmpfs                 250M  292K  250M   1% /dev/shm

If you have remote share mounted, these will show up too. So to limit the output to local systems only:

df -hl

To check for disk space usage for particular files or directories in a file system:

[root@Fedora11-vbox ~]# du -h /home/
4.0K	/home/smbuser/.mozilla/plugins
4.0K	/home/smbuser/.mozilla/extensions
12K	/home/smbuser/.mozilla
4.0K	/home/smbuser/.gnome2

If you have root priviliges, you can use the “-s” option to get a summary of disk usage; otherwise, you will get “permission denied” when trying to access directories that you don’t have access to. Read the rest of this entry »

Understanding subnetwork mask can be confusing if you’re not used to them. You may find “ipcalc” (from ipcalc package) useful to calculate a computer network’s mask.

First start by installing “ipcalc” from the repositories, depending on your distro:

sudo apt-get install ipcalc #for debian distros like ubuntu
yum install ipcalc #for fedora

then find the ip address for which you want to calculate the network for, and enter it along with “ipcalc” command

[root@Fedora11-vbox ~]# ipcalc -bmn 192.168.10.122/22
NETMASK=255.255.252.0
BROADCAST=192.168.11.255
NETWORK=192.168.8.0

So in this scenario, the subnetmask is (255.255.252.0), the broadcast address (192.168.11.255), which means that the last usable ip address for that network is (192.168.11.254), and last the network address (192.168.8.0); therefore, the first ip address for that range will be (192.168.8.1).

After you have created users accounts, and let those users loose on your somputer, there are different commands you can use to keep track of how they are using your computer. There are commands for checking such things as who is logged into your system and getting general information about the users with accounts on your system. Here are some of these commands.
last #list the most recent successful logins

root@ubuntu-box:~# last -a
smbuser  pts/2        Fri Sep 25 06:37   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:35   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:34 - 06:35  (00:00)     windows-box
 
wtmp begins Fri Sep 25 06:34:52 2009

lastb #List the most recent unsuccessful logins

root@ubuntu-vbox:~# lastb
smbuser  ssh:notty    windows-box      Fri Sep 25 05:36 - 05:36  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)

who -u #List who is currently logged in (long form) Read the rest of this entry »

Some times you need to keep a close watch on a machine that has been compromise; therefore, you might want to see the logs in real time. Well, ”tail” allows you to watch the logs in real time. Most systems related messages are logged to the “messages” log file, and security related messages are send to the “secure” log file. In the later you can find successful and unsucesful login attemps. So the “secure” log file is a good place to start when you are trying to identify whether someone has tried to break in to that box.

tail -f /var/log/secure

or

tail -f /var/log/messages

Now you can try login from a remote box or locally and watch the logs scroll down in real time. These are some logs file that might be of interest.

tail -f /var/log/secure  #security related messages
tail -f /var/log/messages  #system messages
tail -f /var/log/maillog  #mail server messages
tail -f /var/log/httpd/access_log  #web server messages

Moreover, the “grep” command can be quite useful for parsing through logs files. In this case, the grep command is use to search the “secure” log file for the string “jorge.” The -R switch is to specify the string, and the -n switch for displaying the line number.

[root@Fedora11-vbox ~]# grep -Rn smbuser /var/log/secure
81:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new group: name=smbuser, GID=501
82:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new user: name=smbuser, UID=501, GID=501, home=/home/smbuser, shell=/bin/bash
83:Sep 26 11:55:26 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser
85:Sep 26 12:00:37 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser

The “grep” command can also be used to search multiple files recursively. This command searches in the “/etc/httpd/conf” and “/etc/httpd/conf.d” directories for the string “VirtualHost.” Read the rest of this entry »