Rootkit.nl Logo - By Henry
   Home | Projects | Articles | Security Net | Contributors | Contact | Wishlist  

Home » Security Net » Unix » Unix list

« Found an error? Add a suggestion! »


 AIXDebianFreeBSDHP-UXOpenBSDRedHatSolaris
FamilySYS VLinuxBSDSYS VBSDLinuxBSD and SYS V
Password file/etc/passwd/etc/passwd/etc/passwd/etc/passwd/etc/passwd/etc/passwd/etc/password and /etc/default/password
Password file consistency/usr/bin/pwdck and /usr/bin/usrckpwck-/usr/sbin/pwckUnknownpwckpwck
Shadow file/etc/security/passwd/etc/shadow/etc/master.passwd/.secure/etc/passwd and /etc/shadow/etc/master.passwd/etc/shadow/etc/shadow and /etc/oshadow (optional)
Valid shells/etc/shells/etc/shells/etc/shells/etc/shells/etc/shells/etc/shells/etc/shells (optional file)
RemarksCheck current runlevel (0-9): who -rBackup list of installed packages
dpkg --get-selections > file.txt
Restore list of installed packages
dpkg --set-selections < file.txt
dselect

Reboot:
shutdown -r now
printcap check: chkprintcapReboot:
shutdown -r 0
UnknownBackup list of installed packages:
rpm -qa > installed-software.txt

Restore:
for i in $(cat installed-software.txt) ; do packages+="$i " ; done
yum install $packages


printcap check: checkpc
Default run level can be found with who -r

/usr/proc/bin contains some usefull tools for monitoring PID handling (per process), process stack, process parent/children relation.

Extra binary directories:
/usr/openwin/bin /usr/dt/bin /usr/sfw/bin /opt/sfw/bin /usr/xpg4/bin /usr/ccs/bin /usr/ucb
Websitewww.ibm.com/servers/aix/http://www.debian.org/http://www.freebsd.orgwww.hp.com/products1/unix/operating/http://www.openbsd.orghttp://www.redhat.comhttp://www.sun.com/software/solaris/
Show installed softwarelslpp
installp -l
dpkg --get-selectionspkg_info
pkg_version
swlistpkg_inforpm -qapkginfo
Install packageinstallpapt-get install foo
dpkg --install foo_xxx-xxx.deb
dselect
aptitude install
pkg_add
cd /usr/ports/category/tool/ &&
make install
swinstall -spkg_addrpm -ipkgadd
Deinstall packageinstallp -uapt-get --purge remove foo
apt-get remove foo
dpkg --purge foo
dpkg --remove foo
aptitude remove
pkg_deinstall
pkg_delete
cd /usr/ports/category/tool/ &&
make deinstall
swremovepkg_deleterpm -epkgrm
Init default runlevel2 (not SYS V style)2No runlevel3 or 4-3 (cui) or 5 (gui)3
Boot to single user modeUnknownUnknownboot -sUnknownUnknownUnknownb -s
Config file for init/etc/inittab/etc/inittab/etc/ttys/etc/inittab-/etc/inittab/etc/inittab
Startup scriptsDirectory: /etc/rc.d/rc2.d (/etc/rc.d/init.d on AIX 5.2 and higher)
/etc/init.d
/etc/rcX.d
/etc/rc.d
/usr/local/etc/rc.d
/sbin/pre_init_rc
/sbin/rc

Directories:
/sbin/rcX.d
/sbin/init.d
/etc/rc.config.d


/etc/rc
/etc/rc.local
/etc/init.d
/etc/rcX.d/
/etc/rc.d/rc.sysinit
/etc/rcX.d
/etc/init.d
Configure servicesUnknownAdd service to startup scripts:
# update-rc.d [service name] defaults

Disable service at startup:
# update-rc.d -f [service name] remove
/etc/rc.conf to enable servicesUnknown/etc/rc.conf
/etc/rc.conf.local
Start/enable a service:
# chkconfig httpd --add
# chkconfig httpd on --level 2,3,5

Disable:
# chkconfig httpd off
# chkconfig httpd --del

Check runlevels:
# chkconfig --list httpd

Start/stop/restart service:
# service httpd start
# service httpd stop
# service httpd restart
Unknown
 AIXDebianFreeBSDHP-UXOpenBSDRedHatSolaris
Log file for login errors/etc/security/failedlogin/var/log/auth.log/var/log/auth.logUnknown/var/log/authlog/var/log/secure/var/log/secure and /var/log/auth
Log file for messages/var/adm/syslog and /var/adm/messages/var/log/messages/var/log/messages/var/adm/syslog/syslog.log/var/log/messages/var/log/messages/var/adm/messages
Accounting related filesAccount files:
/etc/security/audit/config /etc/security/audit/events
/etc/security/audit/bincmds
/etc/security/audit/streamcmds
/etc/security/audit/objects

Start accounting:
/etc/audit start
/var/log/account/pacct
/var/run/utmp
/var/run/utmpx
/var/account/acct
(see man 8 accton)
/usr/adm/pacct/var/account/acctaccton /var/log/[file]
/var/account/pacct
/var/adm/acct/ (directory)
InetdUnknowninetd or xinetdinetdinetdinetdxinetdinetd
System manager/toolssmit, smitty or wsm-sysinstallsam-linuxconfadmintool
File system tab file/etc/fstab and /etc/filesystems/etc/fstab/etc/fstab/etc/fstab/etc/fstab/etc/fstab and /etc/mtab/etc/vfstab /etc/fstab
Common used file systemsjfsext2 ext3ufsVxFS, HFSffsext2 ext3UFS, VxFS, QFS, ZFS
Network configuration (files)UnknownConfigure IP address:
# ifconfig eth0 inet up 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255

Configure route:
# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.1 dev eth0

Network configuration file:
/etc/network/interfaces

DH
Interfaces are configured in /etc/rc.conf

ifconfig_[IFNAME]="inet 172.16.1.1 netmask 255.255.0.0"
defaultrouter="172.16.1.254"
Setting IP address (static):
INTERFACE_NAME[0]="lan0"
IP_ADDRESS[0]="192.6.1.1"
SUBNET_MASK[0]="255.255.255.0"
BROADCAST_ADDRESS[0]=""
INTERFACE_STATE[0]=""
DHCP_ENABLE[0]="0"

Gateway (static):
- Open /etc/rc.config.d/netconf
- Add gateway to R
/etc/hostname.[IF NAME]/etc/sysconfig/network

Configuration of interfaces:
/etc/sysconfig/network-scripts/ifcfg-*

Static routes:
/etc/sysconfig/static-routes

Gateway:
route add -net default gw 172.16.1.254 metric 1
Enable interface:
ifconfig [interface] plumb
Assign IP address:
ifconfig [interface] 172.16.1.1 netmask 255.255.0.0 up
Gateway can be specified with: route add default 172.16.1.254 1
and in /etc/defaultrouter
Hostname: /etc/nodename
Restarting network serviceUnknown/etc/init.d/networking restart/etc/netstartUnknownsh /etc/netstart/etc/init.d/network restart/etc/init.d/network and /etc/init.d/inetinit
Kernel configuration pathUnknown/usr/src/usr/src/sys/[arch]UnknownUnknown/usr/src/linux/etc/system
Tools for showing processestopas
nmom / nmom analyser
ps aux, topiostat (report IO stats)
ps aux
top
glance
gpm
ps
top
pgrep
ps -ef
top
ps
psig
top
Trace process callsUnknownstracetrussUnknownktrace, kdumpstracetruss
Shutdown systemshutdownshutdown or poweroffshutdown -p nowshutdown -h -y [seconds]shutdown -hp nowshutdown -h nowpoweroff
Enable/disable GUI loginUnknownUnknownUnknownUnknownUnknown/etc/inittab/usr/dt/bin/dtconfig -e / -d
Add usermkuseruseradd or adduseradduseruseradduseradduseradd or redhat-config-usersuseradd
 AIXDebianFreeBSDHP-UXOpenBSDRedHatSolaris
Change userchuserusermodchsh or chpassusermodusermodusermod or redhat-config-usersusermod
Delete userrmuseruserdel or deluserrmuseruserdeluserdeluserdel or redhat-config-usersuserdel
Show logged in usersUnknownw, who, last, lastloglastlogin
w
who
whodo
lastlogin
users, wusers
w
who

/var/run/utmp contains information
w
Group file/etc/group and /etc/security/group/etc/group/etc/group/etc/group/etc/groups/etc/group and /etc/gshadow/etc/group
Check consistency group filegrpckgrpck/usr/sbin/chkgrp/usr/sbin/grpckpwd_mkdb -Cgrpckgrpck
Add groupmkgroupgroupadd or addgrouppw groupadd [groupname]groupaddgroupadd (group add)groupadd or redhat-config-usersgroupadd
Change groupchgroupgroupmodpw groupmod [groupname]groupmodgroupmod (group mod)groupmod or redhat-config-usersgroupmod
Delete grouprmgroupdelgrouppw groupdel [groupname]groupdelgroupdel (group del)groupdel or redhat-config-usersgroupdel
Show group membershiplsgroupgroupsgroups [username] or pw groupshow [group]UnknowngroupsUnknowngroups
Show physical memorylsattr –El mem0grep MemTotal /proc/meminfodmesg -a | grep 'real memory'echo "selclass qualifier memory;info;wait;infolog" | /usr/sbin/cstm | grep 'Total Configured'

/etc/dmesg | grep -i phys
dmesg | grep mem
top
grep MemTotal /proc/meminfoprtconf | grep 'Memory size:'
Show disk informationUnknowndf, du# sysctl kern.disks
kern.disks: ad4
Unknowndu, df, atactl, fdisk(8), disklabelUnknowniostat -xn
(shows disks, fdc)
Adding hot plug disksUnknownUnknownUnknownUnknownraid, raidctl, softraid, bioctlUnknowndrvconfig ; disks
(both are needed to activate a disk after hot plugging it)
Build systemUnknownapt-get update; apt-get upgrade OR apt-get update ; apt-build world# make buildworld
# make buildkernel
# make installkernel
# reboot
Boot to single user mode (boot -s)
# mergemaster -p
# make installworld
# mergemaster
# reboot
UnknownCompile sourcesUnknownUnknown
Build/update kernelUnknownUnknown# cd /usr/src/sys/i386/conf
# cp GENERIC CUSTOM
Change indent line
Optional: backup kernel directory
# cp -r /boot/kernel /home/yourname/GENERIC-kernel
# cd /usr/src
# make buildkernel KERNCONF=CUSTOM
# reboot
Unknown# cd /usr/src/sys/arch/ARCH/conf
# config GENERIC
# cd ../compile/GENERIC
# make clean && make depend && make
# make install
# cd /usr/src
Unpack kernel
# tar xfvz [file]
# ln -s linux-[version] linux
# cd linux
Tip: backup your .config file (/usr/src/linux)
# make menuconfig
# make dep bzImage modules modules_install
Copy the bzImage (kernel) to /boot
# cp /usr/src/linux/arch/i386/boot/bzImage /boot/mynewkernel
# Edit the boot loader to include the new kernel

Note: most distro's have their own way to upgrade the kernel, so read the distro specific information before doing an upgrade.
Unknown
Download toolUnknownUnknownUnknownUnknownftp (also for other than FTP)Unknowncurl


Lynis Enterprise Suite

This website is also part of our mission to help individuals and companies to secure their systems and comply with regulations. As such, this website is additional guide for the open source community and our users of the Lynis Enterprise Suite:

Complete solution to audit, harden and secure your Linux/Unix environment.

Benefits:
  • Perform audits within a few minutes
  • Central management
  • Powerful reporting
  • Additional plugins and more tests

Lynis Enterprise screenshot
Lynis Enterprise Screenshot: Output of a customized implementation plan

Tell me more »


Testimonials

"A master piece of software and a must for every server admin." - Jose

"Happy installing Lynis on every server I install. Also made some changes for automation and having regular scans of the system. For several customers I made some custom checks on integrity." - Rick Voormolen


About
» About

Thanks to
» Contributors
» Sponsors








Valid XHTML 1.0!


[PHPips enabled]
 
Copyright 2003-2014 Rootkit.nl and Michael Boelen, supported by CISOfy
All rights reserved
Hosted by Shock Media