Running out of disk space can be annoying on your desktop system and potentially a disaster on your servers. To determine how much disk space is available and how much is currently in use, you can use the “df” command. To check how much space particular files and directories are consuming, use the “du” command.
The “df” command provides the “-h” options which output in a human-readable, usually in MB or GB.
This command display space on file systems in human-readable form
[root@Fedora11-vbox ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_fedora11vbox-lv_root
6.7G 3.6G 2.9G 56% /
/dev/sda1 194M 21M 163M 12% /boot
tmpfs 250M 292K 250M 1% /dev/shmIf you have remote share mounted, these will show up too. So to limit the output to local systems only:
df -hl
To check for disk space usage for particular files or directories in a file system:
[root@Fedora11-vbox ~]# du -h /home/ 4.0K /home/smbuser/.mozilla/plugins 4.0K /home/smbuser/.mozilla/extensions 12K /home/smbuser/.mozilla 4.0K /home/smbuser/.gnome2
If you have root priviliges, you can use the “-s” option to get a summary of disk usage; otherwise, you will get “permission denied” when trying to access directories that you don’t have access to. Read the rest of this entry »
Understanding subnetwork mask can be confusing if you’re not used to them. You may find “ipcalc” (from ipcalc package) useful to calculate a computer network’s mask.
First start by installing “ipcalc” from the repositories, depending on your distro:
sudo apt-get install ipcalc #for debian distros like ubuntu yum install ipcalc #for fedora
then find the ip address for which you want to calculate the network for, and enter it along with “ipcalc” command
[root@Fedora11-vbox ~]# ipcalc -bmn 192.168.10.122/22 NETMASK=255.255.252.0 BROADCAST=192.168.11.255 NETWORK=192.168.8.0
So in this scenario, the subnetmask is (255.255.252.0), the broadcast address (192.168.11.255), which means that the last usable ip address for that network is (192.168.11.254), and last the network address (192.168.8.0); therefore, the first ip address for that range will be (192.168.8.1).
After you have created users accounts, and let those users loose on your somputer, there are different commands you can use to keep track of how they are using your computer. There are commands for checking such things as who is logged into your system and getting general information about the users with accounts on your system. Here are some of these commands.
last #list the most recent successful logins
root@ubuntu-box:~# last -a smbuser pts/2 Fri Sep 25 06:37 still logged in windows-box jorge pts/1 Fri Sep 25 06:35 still logged in windows-box jorge pts/1 Fri Sep 25 06:34 - 06:35 (00:00) windows-box wtmp begins Fri Sep 25 06:34:52 2009
lastb #List the most recent unsuccessful logins
root@ubuntu-vbox:~# lastb smbuser ssh:notty windows-box Fri Sep 25 05:36 - 05:36 (00:00) jorge :0 Fri Sep 18 17:28 - 17:28 (00:00) jorge :0 Fri Sep 18 17:28 - 17:28 (00:00) jorge :0 Fri Sep 18 17:27 - 17:27 (00:00) jorge :0 Fri Sep 18 17:27 - 17:27 (00:00) jorge :0 Fri Sep 18 17:27 - 17:27 (00:00)
who -u #List who is currently logged in (long form) Read the rest of this entry »
Some times you need to keep a close watch on a machine that has been compromise; therefore, you might want to see the logs in real time. Well, ”tail” allows you to watch the logs in real time. Most systems related messages are logged to the “messages” log file, and security related messages are send to the “secure” log file. In the later you can find successful and unsucesful login attemps. So the “secure” log file is a good place to start when you are trying to identify whether someone has tried to break in to that box.
tail -f /var/log/secure
or
tail -f /var/log/messages
Now you can try login from a remote box or locally and watch the logs scroll down in real time. These are some logs file that might be of interest.
tail -f /var/log/secure #security related messages tail -f /var/log/messages #system messages tail -f /var/log/maillog #mail server messages tail -f /var/log/httpd/access_log #web server messages
Moreover, the “grep” command can be quite useful for parsing through logs files. In this case, the grep command is use to search the “secure” log file for the string “jorge.” The -R switch is to specify the string, and the -n switch for displaying the line number.
[root@Fedora11-vbox ~]# grep -Rn smbuser /var/log/secure 81:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new group: name=smbuser, GID=501 82:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new user: name=smbuser, UID=501, GID=501, home=/home/smbuser, shell=/bin/bash 83:Sep 26 11:55:26 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser 85:Sep 26 12:00:37 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser
The “grep” command can also be used to search multiple files recursively. This command searches in the “/etc/httpd/conf” and “/etc/httpd/conf.d” directories for the string “VirtualHost.” Read the rest of this entry »
VNC is considered to be an insecure protocol. The password is sent using fairly weak encryption, and the rest of the session is not encrypted at all. For that reason, when using VNC over an untrusted network or internet, I recommend you tunnel it over SSH.
To forward VNC port 5900 on localhost to remote host port 5900
ssh -L 5900:localhost:5900 vncserver
If your ssh server is listening on other port like: 222
ssh -L 5900:localhost:5900 vncserver -p 222
The same procedure can be done on a window$ machine using putty Read the rest of this entry »
tar is a compression utility that allows you to compress files and backup up your system.
Here are some useful tar commands to backup and restore files.
if you want to backup the content of /home and /etc:
tar cvpf /mnt/backup/tarball_bakup /home /etc
Once you have a full backup of your system you could do incremental backups using the –newer option, which backs up everything that has changed since the specified date
tar cvpf /mnt/backup/tarball_backup --newer 19Aug09 /home /etc
when things go wrong and you want to restore the content of backup
tar xvpf /mnt/backup/tarball_backup home/user
Sometimes you accidentally deleted a file; therefore, you only need to restore a single file. Remember when restoring from a tar archive, there’s no absolute path, in other words, tar removes all the leading slash “/” so /home/user/file1 becomes home/user/file1. And you should be in the / “root” directory.
tar xvpf /mnt/backup/tarball_backup home/user/shell1.sh
What about if you don’t know the exact name of the file but only part of the file name
tar tvpf /mnt/backup/tarball_backup | grep shell*
or
tar tvpf /mnt/backup/tarball_backup | more
to page trhough the backup file.
Here’s a good shell script that performs monthly, weekly, and daily backus to a tgz file. Read the rest of this entry »
Ok, the previous video was kind of out dated, so I posted a new one. Credits to g0tmi1k. This video goes beyond just cracking wpa, it also shows how the different tools perform. This video explains the methodology really simple. Let me say that cracking WPA is not like cracking WEP, in WEP you’re exploiting a vulnerability in the way the encryption algorithm is implemented, but in WPA the only vulnerability will be in the strength of the user passphrase. Yes you’ve guessed it, when cracking WPA basically what you’re doing is brute-forcing the user password, in other words the success of your attack will depend on your dictionary or password list. If the user’s passphrase is not in your dictionary, you will never crack the WPA key. There are several types of WPA dictionary list out there, but I highly recommend using rainbow-tables which can be several Gigs in size. How to find them?… Google is your friend! Read the rest of this entry »
Subscribe
Designed By :
