Procedure for checking System, after login
check for suspicious activity when you login
- check the environment...
...]# set
- show who is logged on and what they are doing...
...]# w
- report process status -- make sure all needed processes are running (ex: apache, mysql, ssh)...
...]# ps -auxf
- display used/free memory...
...]# free -m
- display network interface information -- make sure your interfaces are up and running...
...]# ifconfig
- show network connections -- see what ports your system is listening on and the programs behind those ports...
...]# netstat -ape
- view logged activity...
...]# less /var/log/secure
- view logged activity...
...]# less /var/log/messages
- show listing of last logged in users...
...]# last
- show log of login activity by user name...
...]# lastlog
- list loaded modules...
...]# lsmod
Services
chkconfig is a tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.
- lists all of the services which chkconfig knows about...
...]# chkconfig --list
- turn services OFF or ON, on specified System Run-Levels...
...]# chkconfig --level 0123456 service off/on
Killing processes
- list running processes with their pids, hierarchical structure...
...]# ps -auxf
- kill process...
...]# kill pid
- kill process, if previous kill is unsuccessful...
...]# kill -9 pid
Changing Hostname
- Edit /etc/sysconfig/network...
- Edit
HOSTNAME="www.domain.com"
- Edit
DOMAINNAME="domain.com"
- Edit
- Restart
...]# hostname
- www.domain.com
- Prompt will now display as
[user@www dir]#
Update local host aliases
- Edit /etc/hosts...
- Format is
IP <tab> www.your.domain <tab> alias
- For localhost:
127.0.0.1 <tab> localhost.localdomain <tab> localhost
- Format is
Add an extra IP address
...]# cd /etc/sysconfig/network-scripts/
/etc/sysconfig/network-scripts]# cp ifcfg-eth0 ifcfg-eth0:1
- Edit ifcfg-eth0:1...
- Edit
DEVICE="eth0:1"
- Edit
IPADDR="put.extra.ip.here"
- Edit
- Bind IP address with...
...]# ifup eth0:1
Put NIC into Promiscuous Mode
Promiscuous mode allows your NIC to read ALL the data that is sent over the wire, not just your IP.
...]# ifconfig eth0 promisc
- Remove promiscuous mode with...
...]# ifconfig eth0 -promisc
View Process info and Network connections
...]# ps -auxf
...]# netstat -ape
System info
- Display Bootup messages:
...]# dmesg
- Display System information:
...]# uname -a
- Linux www.domain.com 2.4.20-19.7 #1 Tue Jul 15 13:44:14 EDT 2003 i686 unknown
File Ownership
- Change file owner and group:
...]# chown owner:group file
- Change dir/file owner and group recursively:
...]# chown -R owner:group dir
- Recursive: every file and sub-directory under the specified directory
Red Hat Network up2date, command line
- Register with the Red Hat Network...
...]# rhn_register --nox
- Change up2date options...
...]# up2date --configure
- configuration file: /etc/sysconfig/rhn/up2date
- Packages/headers located under /var/spool/up2date
- Update the update program...
...]# up2date --nox up2date
- Show available relevant updated packages...
...]# up2date --nox -l
- Update system with all relevant packages...
...]# up2date --nox -u
- Install or Update package...
...]#up2date --nox package_name