Forensics
How to find symbolic links that point to a directory
Learn how to use the find command to discover symbolic links that refer to a directory.
Summary
Find symbolic links pointing to a directory
Smem
The command smem can help showing memory usage, including the usage of swap.
Summary
How to securely delete a file and its contents
Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.
Summary
Learn how to purge data before deleting a file
How to see the creation date of a file
Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.
Summary
Find out when a file was initially created
Understanding memory information on Linux systems
Linux memory management is an extensive subject. This guide helps you understanding the how to analyze it and obtain available memory information.
Summary
Every operating system needs memory to store program code segments and data. This is also true for Linux systems. The problem: there is a lot of information available regarding memory usage and its behavior. Let’s discover how Linux manages its memory and how we can gather memory information. After reading this guide, you will be able to: Show the total amount of memory Display all memory details Understand the details listed in /proc/meminfo Use tools like dmesg, dmidecode, free, and vmstat Linux memory information Random access memory When we talk about memory in this article, we usually mean random access memory (RAM).
How to see the file type?
Learn how to determine the details of most types of files on Linux, together with the understanding how these tools do their job.
Summary
Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal.
Auditing Linux processes: The Deep Dive!
In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.
Summary
From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes with ps.
Configuring and auditing Linux systems with Audit daemon
Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.
Summary
The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect unauthorized changes Monitoring of system calls and functions Detect anomalies like crashing processes Set tripwires for intrusion detection purposes Record commands used by individual users Components The framework itself has several components:
How to deal with a compromised Linux system
Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.
Summary
Learn the steps to take when you suspect that your Linux system is compromised.