Here are some tool for privileged users: tcpdump, pathchar, and Sniffit and Ethereal sniffers.
Here are some system security pointers:
To list all your processes, enter:
ps
To list all processes, enter:
ps aux
uname [-amnrsv]
-a Displays all information specified with the -m, -n, -r, -s, and -v
options.
-m Displays the type of hardware running the system.
-n Displays the name of the node (this may be a name that the system is
known by to a communications network).
-r Displays the release number of the operating system.
-s Displays the name of the implementation of the operating system. (This
option is on by default.)
-v Displays the operating system version.
To kill a process with process id 21234 $ kill -KILL 21234 To stop a process with process id 21234 $ kill -STOP 21234 To resume a stopped process with process id 21234 $ kill -CONT 21234
Used with non text files, such as object and executable files, prints out all the
strings oconsisting of at least 4 consecutive printable characters found in the
file.
strings [-ao] [-n number] [file...]
-a Searches an entire object file, rather than just the initialized data
space.
-n number
Sets the minimum string length to number rather than the default of 4.
-o Precedes each string by its offset (in octal) in the file.
file filename
Determines what kind of file filename is, if binary, text, if object file, if source
in Java ..
strace command
It executes the command printing out information about all the system calls it makes and
signals it receives. With qualifiers you can obtain also information about the time taken
in the calls and between the calls.
For example
strace -c a.out
prints information and timing statistics for the program a.out
ipcs [-a|-bcopt] [-mqs]
where
-a Same as specifying the -b, -c, -o, -p, and -t options.
-b Writes the maximum number of bytes in message queues, the size of seg-
ments for shared memory, and the number of semaphores in each semaphore
set.
-c Writes the username and group name of the user that made the facility.
-m Writes information about active shared memory segments.
-o Writes the following usage information:
Number of messages on queue
Total number of bytes in message queues
Number of processes attached to shared memory segments
-p Writes the Process number of last process to attach or detach on
shared memory segments
-q Writes information about active message queues.
-s Writes information about active semaphore set.
-t Writes the following:
Time of the last control operation that changed the access permis-
sions for all facilities
Time of the last msgsnd() and last msgrcv() on message queues
Time of the last semop() on semaphore sets
ipcrm [-m shared_memory] [-M shared_memory_key] [-q message_queue] [-Q
message_key] [-s semaphore_ID] [-S semaphore_key]
where:
-m shared_memory
Removes the shared memory identifier shared_memory. The shared memory
segment and data structure associated with shared_memory are also
removed after the last detach operation.
-M shared_memory_key
Removes the shared memory identifier, created with key
shared_memory_key. The shared memory segment and data structure associ-
ated with it are also removed after the last detach.
-q message_queue
Removes the message queue identifier message_queue and the message
queue and data structure associated with it.
-Q message_key
Removes the message queue identifier, created with key message_key, and
the message queue and data structure associated with it.
-s semaphore_ID
Removes the semaphore identifier semaphore_ID and the set of semaphores
and data structure associated with it.
-S semaphore_key
Removes the semaphore identifier, created with key semaphore_key, and
the set of semaphores and data structure associated with it.
To produce the default display for network connections, enter:
netstat
To show the state of the configured interfaces, enter:
$ netstat -i
To show the routing tables, enter:
$ netstat -r
To show the routing tables with network addresses, enter:
$ netstat -rn
To show information about all interfaces, enter:
$ ifconfig -a
To query the status of serial line interface sl0, enter:
$ ifconfig sl0
To find the dotted decimal IP address of host name snowhite.cis.temple.edu $ nslookup snowhite.cis.temple.edu To find the hostname of the dotted decimal IP address 155.247.190.207 $ nslookup 155.247.190.207
To determine the status of host www.cs.stanford.edu: $ ping www.cs.stanford.edu To also have a record of the route to www.cs.stanford.edu: $ ping -R www.cs.stanford.edu
To find the route to host rtfm.mit.edu, enter: $ traceroute rtfm.mit.edu
To display all current ARP entries: $ arp -a
To list all open files, use:
lsof
To list all open Internet, x.25 (HP-UX), and UNIX domain files, use:
lsof -i -U
To list all files using any protocol on any port of snowhite.cis.temple.edu, use:
lsof -i @snowhite.cis.temple.edu
To find the process that has /u/abe/foo open, use:
lsof /u/abe/foo
To find any open file, including an open UNIX domain socket file, with the
name /dev/log, use:
lsof /dev/log
To obtain PID and command name field output for each process, file descrip-
tor, file device number, and file inode number for each file of each pro-
cess, use:
lsof -FpcfDi
To find an IP version 4 socket file by its associated numeric dot-form
address, use:
lsof -i@128.210.15.17
iostat [drive...] [interval] [count] For example iostat 1 5 displays 5 status reports taken at 1 second intervals.
vmstat interval [count]
vmstat [-f|-M|-P|-s]
where:
-f Displays only statistics about the number of forks since system startup
(see the fork() call).
-P Displays accumulated statistics about physical memory use.
-s Displays accumulated statistics along with the page size.
To display the disk usage of a directory tree and each of its sub-
trees, enter:
$ du /u/fran
To display the disk usage of each file, enter:
$ du -a /u/fran
To display only the total disk usage of a directory tree, enter:
$ du -rs /u/fran