unixcommands.docx
Please research the following unix commands - and then provide summary explaining how the command can be used by a security analyst.
|
watch ss -tp
|
Network connections
|
|
netstat -ant
|
Tcp connections -anu=udp
|
|
netstat -tulpn
|
Connections with PIDs
|
|
lsof -i
|
Established connections
|
|
smb:// ip /share
|
Access windows smb share
|
|
share user x.x.x.x c$
|
Mount Windows share
|
|
smbclient -0 user\\\\ ip \\ share
|
Sl1B connect
|
|
ifconfig eth# ip I cidr
|
Set IP and netmask
|
|
ifconfig ethO:l ip I cidr
|
Set virtual interface
|
|
route add default gw gw lp
|
Set GW
|
|
ifconfig eth# mtu [size]
|
Change MTU size
|
|
export l1AC=xx: XX: XX: XX: XX: XX
|
Change MAC
|
|
ifconfig int hw ether t~AC
|
Change MAC
|
|
macchanger -m l1AC int
|
Backtrack MAC changer
|
|
iwlist int scan
|
Built-in wifi scanner
|
|
dig -x ip
|
Domain lookup for IP
|
|
host ip
|
Domain lookup for IP
|
|
host -t SRV service tcp.url.com
|
Domain SRV lookup
|
|
dig @ ip domain -t AXrR
|
DNS Zone Xfer
|
|
host -1 domain namesvr
|
DNS Zone Xfer
|
|
ip xfrm state list
|
Print existing VPN kejs
|
|
ip addr add ip I cidr aev ethO
|
Adds 'hidden' interface
|
|
/var/log/messages I grep DHCP
|
List DHCP assignments
|
|
tcpkill host ip and port port
|
Block ip:port
|
|
echo "1" /proc/sys/net/ipv4/ip forward
|
Turn on IP Forwarding
|
|
echo ''nameserver x.x.x.x'' /etc7resolv.conf
|
Add DNS Server
|
|
nbtstat -A <ip>
|
Get hostname for <ip>
|
|
id
|
Current username
|
|
w
|
Logged on users
|
|
who -a
|
User information
|
|
last -a
|
Last users logged on
|
|
ps -ef
|
Process listing (top)
|
|
df -h
|
Disk usage (free)
|
|
uname -a
|
Kernel version/CPU info
|
|
mount
|
t1ounted file Sjstems
|
|
getent passwd
|
Show list of users
|
|
PATH~$PATH:/home/mypath
|
Add to PATH variable
|
|
kill pid
|
Kills process with pid
|
|
cat /etc/issue
|
Show OS info
|
|
cat /etc/'release'
|
Show OS version info
|
|
cat /proc/version
|
Show kernel info
|
|
rpm --querJ -all
|
Installed pkgs (Redhat)
|
|
rpm -ivh ) .rpm
|
Install RPM (-e~remove)
|
|
dpkg -get-selections
|
Installed pkgs (Obuntu)
|
|
dpkg -I '.deb
|
Install DEB (-r~remove)
|
|
pkginfo
|
Installed pkgs (Solaris)
|
|
which tscsh/csh/ksh/bash
|
Show location of executable
|
|
chmod -so tcsh/csh/ksh
|
Disable shell , force bash
|