How to remove files using INODE ! [LINUX]

Hello everyone, today I’ll talk about how to remove files using the INODE number. The INODE definition is :

An inode is a data structure on a filesystem on Linux and other Unix-like operating systems that stores all the information about a file except its name and its actual data. A data structure is a way of storing data so that it can be used efficiently. < read more here : http://www.linfo.org/inode.html&gt;

There are situations in *unix world that you will be not able to remove files using the file name, normally it happen with files with special characters in the name or with a big structure of letters+special characters+numbers.

Note : There are some sceneries you can also remove the files using the filename between ” (i.e. rm “filename” )  or you also can scape every single especial character using \ (i.e. rm \-\!\$file\ -2).

Anyway, sometimes is easier you create a LOOP to remove the files using the INODE instead of escape every single special character…So… lets start it.
(more…)

How to find the camera model used to picture a photo ?

Hello All, good day!

I hope the post be useful someday for you, it is not very CRITICAL IMPORTANT, but it can help you to prove that a photo was pictured by the suspect camera.

Software used : metacam #User apt-get install metacam to install the program

For better understanding I’ll use the following picture as example : http://bit.ly/cfeiN8

root@duck:/tmp# wget http://bit.ly/cfeiN8
--2015-07-06 13:01:47-- http://bit.ly/cfeiN8
Resolving bit.ly (bit.ly)... 69.58.188.39, 69.58.188.40
Connecting to bit.ly (bit.ly)|69.58.188.39|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://fl410.files.wordpress.com/2010/02/img_1626.jpg [following]
--2015-07-06 13:01:48-- http://fl410.files.wordpress.com/2010/02/img_1626.jpg
Resolving fl410.files.wordpress.com (fl410.files.wordpress.com)... 192.0.72.28, 192.0.72.29
Connecting to fl410.files.wordpress.com (fl410.files.wordpress.com)|192.0.72.28|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://fl410.files.wordpress.com/2010/02/img_1626.jpg [following]
--2015-07-06 13:01:48-- https://fl410.files.wordpress.com/2010/02/img_1626.jpg
Connecting to fl410.files.wordpress.com (fl410.files.wordpress.com)|192.0.72.28|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 874603 (854K) [image/jpeg]
Saving to: `cfeiN8'

100%[============================================================================================================>] 874,603 322K/s in 2.7s 

2015-07-06 13:01:52 (322 KB/s) - `cfeiN8' saved [874603/874603]

Now, lets check the picture headers

(more…)

How to find the last Access / Modify / Change date of a file ?

During forensics investigation, you may need to know when was the last time that a file or directory was modified, accessed and changed. That information is very easy to be found in a Linux based system.

The command used is stat, it is a native command and can be found in different Linux flavors.

root@duck:~/Desktop/forense/caso00# stat paola-carvalho.jpg 
 File: `paola-carvalho.jpg'
 Size: 103391 Blocks: 204 IO Block: 2048 regular file
Device: 700h/1792d Inode: 137 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2010-08-13 00:00:00.000000000 -0300
Modify: 2006-01-01 15:56:00.000000000 -0200
Change: 2010-08-13 16:25:03.000000000 -0300
 Birth: -

root@duck:~/Desktop/forense/caso00# ls -l paola-carvalho.jpg 
-rwxr-xr-x 1 root root 103391 Jan 1 2006 paola-carvalho.jpg

AIX Toolbox for Linux Applications – GNU and open source tools for AIX

AIX® Toolbox for Linux® Applications contains a collection of open source and GNU software built for AIX IBM Systems. These tools provide the basis of the development environment of choice for many Linux application developers. All the tools are packaged using the easy to install RPM format. There is a strong affinity between Linux and AIX for applications. The AIX operating system (OS) has a long history of standards compliance and it is generally straightforward to rebuild Linux applications for AIX. The AIX Toolbox for Linux Applications demonstrates the strong affinity between Linux and AIX operating systems.(Text copied from http://www-03.ibm.com/systems/power/software/aix/linux/)

The AIX Toolbox for Linux Applications contains a wide variety of software, including but not limited to :

  • Application Development – gcc, g++, gdb, rpm, cvs, automake, autoconf, libtool, bison, flex, gettext
  • Desktop Environments – Gnome and KDE
  • GNU base utilities – gawk, m4, indent, sed, tar, diffutils, findutils, grep, coreutils
  • Programming Languages – guile, python, tcl/tk, rep-gtk
  • System Utilities – emacs, vim, bzip2, gzip, git, elm, ncftp, rsync, wget, lsof, less, samba, zip, unzip, zoo
  • Graphics Applications – ImageMagick, transfig, xfig, xpdf, ghostscript, gv, mpage,Gimp
  • Libraries – ncurses, readline, libtiff, libpng, libjpeg, slang, fnlib, db, gtk+, qt
  • System Shells – bash, tcsh, zsh
  • Window Managers – metacity, enlightenment

Further information :
http://www-03.ibm.com/systems/power/software/aix/linux/

Download (curl) error for ‘https://nu.novell.com/…’

Hello all,

today I’m going to show you how to resolve a simple proxy problem during zypper refresh. I did some search in the google and as I could see there are a lot of people with this problem.. and sometimes what I’ll show resolve the problem… So lets do it.

Scenario

Error during zypper refresh :

servername:~ # zypper ls
# | Alias         | Name          | Enabled | Refresh | Type
--+---------------+---------------+---------+---------+-----
1 | nu_novell_com | nu_novell_com | Yes     | No      | ris 

servername:~ # zypper ref -s
Refreshing service 'nu_novell_com'.
Problem retrieving the repository index file for service 'nu_novell_com':
Download (curl) error for 'https://nu.novell.com/repo/repoindex.xml?cookies=0&credentials=NCCcredentials':
Error code: Connection failed
Error message: couldn't connect to host

Check if the URI is valid and accessible.
Skipping service 'nu_novell_com' because of the above error.
Could not refresh the services because of errors.
There are no enabled repositories defined.
Use 'zypper addrepo' or 'zypper modifyrepo' commands to add or enable repositories.

(more…)

How to check the most swap usage process in Linux using a native command.

Sometimes linux administrators find themselves  in situations that the server is consuming so much swap so that the server is almost getting locked. And how can we easily check it without install a new software or use an unknown script found under the internet ?

To find the top usage swap process is very easy, you can use the TOP command, that is a native command/package. The Top is available for all the linux flavors such as Debian, RedHat, SuSe…

So let’s see how to check it.

(more…)

What is SYS and SYSPLANAR in AIX.

What is SYS0 and SYSPLANAR in AIX.

Hello everyone, today a new employee where I work asked me what is the difference between SYS and SYSPLANAR.

# lsdev -Cc sys
sys0 Available  System Object

# lsdev -Cc planar
sysplanar0 Available  System Planar

In a nutshell the sys is the system kernel of the AIX. Some system attributes are set in SYS device, such as maximum length for userid, automatically reboot os After a crash, system console login, chown restriction.. and other attributes :

# lsattr -El sys0
SW_dist_intr    false                                Enable SW distribution of interrupts              True
autorestart     true                                 Automatically REBOOT OS after a crash             True
boottype        disk                                 N/A                                               False
capacity_inc    0.01                                 Processor capacity increment                      False
capped          false                                Partition is capped                               False
chown_restrict  true                                 Chown Restriction Mode                            True
conslogin       enable                               System Console Login                              False
cpuguard        enable                               CPU Guard                                         True
dedicated       false                                Partition is dedicated                            False
enhanced_RBAC   true                                 Enhanced RBAC Mode                                True
ent_capacity    4.00                                 Entitled processor capacity                       False
frequency       6400000000                           System Bus Frequency                              False
fullcore        false                                Enable full CORE dump                             True
fwversion       IBM,AM760_068                        Firmware version and revision levels              False
ghostdev        0                                    Recreate devices in ODM on system change          True
id_to_partition XXXXXXXXXXXXXXXXXX                   Partition ID                                      False
id_to_system    XXXXXXXXXXXXXXXXXX                   System ID                                         False
iostat          true                                 Continuously maintain DISK I/O history            True
keylock         normal                               State of system keylock at boot time              False
log_pg_dealloc  true                                 Log predictive memory page deallocation events    True
max_capacity    8.00                                 Maximum potential processor capacity              False
max_logname     9                                    Maximum login name length at boot time            True
maxbuf          1000                                 Maximum number of pages in block I/O BUFFER CACHE True
maxmbuf         0                                    Maximum Kbytes of real memory allowed for MBUFS   True
maxpout         8193                                 HIGH water mark for pending write I/Os per file   True
maxuproc        131072                               Maximum number of PROCESSES allowed per user      True
min_capacity    1.00                                 Minimum potential processor capacity              False
minpout         4096                                 LOW water mark for pending write I/Os per file    True
modelname       IBM,9117-MMD                         Machine name                                      False
ncargs          256                                  ARG/ENV list size in 4K byte blocks               True
nfs4_acl_compat secure                               NFS4 ACL Compatibility Mode                       True
os_uuid         XXXXXXXXXXXXXXXXXX-XXXX-XXXX-XX      N/A                                               True
pre430core      false                                Use pre-430 style CORE dump                       True
pre520tune      disable                              Pre-520 tuning compatibility mode                 True
realmem         8388608                              Amount of usable physical memory in Kbytes        False
rtasversion     1                                    Open Firmware RTAS version                        False
sed_config      select                               Stack Execution Disable (SED) Mode                True
systemid        IBM,02106F1E7                        Hardware system identifier                        False
variable_weight 255                                  Variable processor capacity weight                False

And the sysplanar is the main board,  it is your on-board controller of the motherboard.

What is NIST (National Institute of Standards and Technology) ?

NIST (National Institute of Standards and Technology) is a non-regulatory federal agency within the U.S. Department of Commerce. Founded in 1901, NIST aims to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security. NIST maintains four cooperative programs including the NIST Laboratories which conducts research that advances the nation’s technology infrastructure and the Technology Innovation Program, which provides cost-shared awards to industry, universities, and consortia for research on potentially revolutionary technologies.

The NIST standards are often used to determine potential threats and associated risk. The output of the process helps to identify appropriate controls to reduce or eliminate risk. (Used by : Audit and pentest consulting).

The “audit” is performed in 9 steps, they are :

  1. System Characterization : Where you get information about the company, system mission, people, hardware…
  2. Threat Identification : You have to define the threat agent, if he is internal or not. Normally the threat is a people, I mean a class of people who needs to get an specific information. Example:  suppliers, users, competitors, partisans, crackers…
  3. Vulnerability Identification : List of vulnerabilities from your system with can be exploited.
  4. Control Analysis : Analyse what is the current control, such as firewall, polices, password control, security policies, switch, data center access…
  5. Likelihood determination : What is the probability of an event happen, I Meant an attack.
  6. Determine the impact : If an attack happen, who much critical is the information for you company ?
  7. Determining Risk : Based on the probability and the impact what is the risk of this ? Ex :
    risk
  8. Control Recommendations : Based on your scenario, what are the recommendations to reduce your eliminate the risk? Ex : Implement VLAN, implementation of firewall, squid, monthly audit…
  9.  Documentation : Is the documentation of everything that you did between STEP 1 to 8. You write every information you got in the documentation, like what kind of criteria was used, which tool you used to find the vulnerabilities… 

I hope you liked, if you still have any doubts, let me know… Thank y 😉