Linux detective work

When looking at logs, if an attack has taken place and the IP can be discovered of the attacking machine, then it is possible to reverse trace the attacker and potentially find out their pc details, open ports, isp etc.

From linux, open a bash terminal:

dig -x 1.2.3.4

Where 1.2.3.4 is an IP address. This command may return a pointer record. Next, try a whois:

whois 1.2.3.4

This command should give the netblock owner, ISP etc. You can also try using the commands available at www.robtex.com

Finally, try an nmap command:

nmap -O 1.2.3.4

Determining free disk space in Linux

Just use the df command:

df /

or

df -P

will generate a usage table.

To just extract the 'used' portion:

df=($(LC_ALL=C df -P /)); echo "${df[11]}"

Email the report from a shell script:

df -h | mail -s “disk space report” fromage@cheese.com

If you don't have mail installed, you can use sendmail, which would be:

df-h | sendmail fromage@cheese.com

OR if you want to get the results of this (or any other linux command) in a pop up x window then first redirect the output of a command to a file:

df -h > otterlog.txt

Then open this file in a pop up:

xmessage -file otterlog.txt

Useful Bash script stuff

When writing shell scripts it is sometimes useful to pop up a message in X or display a file, use the following to do so:

xmessage "this is my message"

xmessage -center "Hello World"

xmessage -center -file "opensomefile.txt"