Linux response commands
uptime:
system uptime
uname -a:
OS type and kernel build
date:
date and time
fdisk -l:
Partition map
memdump:
Dump memory. You can nc pipe to remote machine for the suspicious worksation memory.
mac-robber and mactime:
Mac-robber creates a timeline file (body file). E.g ./mac-robber / | nc 192.169.1.1 2222 to pipe the timeline file for entire root. Mactime use mac-robber output file as input file to generate a readable output file (you can specify a certain time).
lsof -i (-t, -n, -p process id):
List open files with certain process id.
netstat -nap:
List network connections.
pcat:
A utility in TCT. Copy process memory from live system. E.g: ./pcat process_id | ./strings | ./less
check command history at /root/.bash_history, and other log files under /var/log.
ifconfig eth0 192.168.2.2 netmask 255.255.255.0
Assign static IP to eth0
ifdown eth0:
shutdown eth0
ifup eth0:
bring up eth0
or /etc/init.d/network restart
mount /dev/cdrom /mnt/cdrom:
mount cdrom
/etc/sysconfig/network-scripts/ifcfg-eth0
Eth0 configuration file on Linux.
