akde/infosec

Information security is ultimately about managing risk

Linux incidence response

Note: See many, many com­mands from the Lin­ux privesc post.

Analyze logs

On sys­tems: Browse through the /var/log files.

On new­er sys­tems with systemd:

  • See all recent logs:
    journalctl
  • See all logs from a ser­vice:
    journalctl -t sudo
  • See all logs from a ser­vice with­in a time­frame:
    journalctl -t ssh --since 2025-01-01 --until 2025-02-02

Note: If you have an image, you can also ana­lyze logs from a mount­ed image like journalctl --root /mnt/hdd23 -t ssh ...

Analyze startup services

On SysVinit: Browse through /etc/init.d/

On sys­temd: Browse through /etc/systemd/

Analyze filesystem

See the ext3 Lin­ux file sys­tem blog post.

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';