Sep 302014
 

tux-terminal.jpg
Article by Daniel Miessler first posted on his blog

lsof is the sysadmin/security über-tool. I use it most for getting network connection related information from a system, but that’s just the beginning for this powerful and too-little-known application. The tool is aptly called lsof because it “lists openfiles“. And remember, in UNIX just about everything (including a network socket) is a file.

Interestingly, lsof is also the Linux/Unix command with the most switches. It has so many it has to use both minuses andpluses.

usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cgG]]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+|-M] [-o [o]]
 [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]

As you can see, lsof has a truly staggering number of options. You can use it to get information about devices on your system, what a given user is touching at any given point, or even what files or network connectivity a process is using.

For me, lsof replaces both netstat and ps entirely. It has everything I get from those tools and much, much more. So let’s look at some of its primary capabilities:

Continue reading »

flattr this!

Sep 292014
 

The most new and dangerous bug around it’s the one called “shellshock”, this is a security bug in the widely used Unix Bash shell which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

The bug causes Bash to unintentionally execute commands when they are stored in specially crafted environment variables. Within days, a series of further related vulnerabilities in Bash were found, leading to the need for further patches.

By 25 September, botnets based on computers compromised with this exploit were being used by attackers for distributed denial-of-service attacks and vulnerability scanning, source wikipedia

Let’s see how to check if your computer or server is vulnerable.
Continue reading »

flattr this!

Sep 142014
 

sanctum

I’ve recently bought an offer for Sanctum 2 on Steam, and while at the start I was a bit skeptic, I must say that I like this mix between a Tower Defense and an FPS.

Sanctum 2 is the sequel to the world’s first Tower Defense/FPS hybrid game
Pick from four unique character classes and take up the mission of protecting the Cores from hordes of mysterious aliens. In Sanctum 2 you play your character exactly the way you want through the new and extensive customization system. Pick your own loadout of towers, weapons and perks, and pick well, because you are humanity’s last defense against the hordes set out to destroy it.

The normal cost of the complete bundle that includes the game + 5 DLC it’s around 23 € on Steam, but if you like it I suggest to put it on your wishlits and wait for some offer, the game it’s a bit old and so offers should be frequent, I got it with a discount of the 70%

The game has a great graphics, still it’s playable on my crappy computer, and both the solo campaign and the online co-op multiplayer are funny enough, so let’s see now some detail about this game:

Continue reading »

flattr this!

An introduction to systemd for CentOS 7

An introduction to systemd for CentOS 7

Article by Stuart Burns first posted on Openlogic.com With Red Hat Enterprise Linux 7 released and CentOS version 7 newly unveiled, now is a good time to cover systemd, the replacement for legacy System V (SysV) startup scripts and runlevels. Red Hat-based distributions are migrating to systemd because it provides more efficient ways of managing services and [...]

How to share on linux the output of your shell commands

How to share on linux the output of your shell commands

Some time ago I posted an article about shelr.tv a website and a service that was made to allow you to share your terminal records directly from the website. Now the website of shelr.tv seems dead and so I’ve took a look around to see if there are similar websites and I’ve found commands.com. For [...]