bizante Ian Walker Technical Blog » bash commands

Quickly find any text string in any set of files

admin — Tue, 28 Jun 2011 15:35:37 +0000

To quickly find any text string within any text file, try this from a terminal window:
grep -l [text to find] [files to look in]
For example, grep -l 123abc *.html will list the name of any file in the current directory that ends in .html and contains the string 123abc.

(That’s a lower-case-L following the GREP)

Quite powerful, and fairly fast. Now, if you have some spare time, and want to see what it can really do, try this:
su root
cd /
grep -lr “text to find” *
This will tell the OS to find the “text to find” in every file in every directory, all the way down through the tree. The -r flag tells grep to recursively search directories.

Of course, OS X has something like 6,000 files, so this can take a very long time!

remove outdated non secure services

admin — Tue, 25 Jan 2011 17:21:42 +0000

Avoid Using FTP, Telnet, And Rlogin / Rsh

Under most network configurations, user names, passwords, FTP / telnet / rsh commands and transferred files can be captured by anyone on the same network using a packet sniffer.
The common solution to this problem is to use either OpenSSH , SFTP, or FTPS (FTP over SSL), which adds SSL or TLS encryption to FTP.
Type the following command to delete NIS, rsh and other outdated service:

# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve

chkrootkit software

admin — Tue, 25 Jan 2011 17:17:45 +0000

Chkrootkit – chkrootkit is a tool to locally check for signs of a rootkit. Type the following command to install chkrootkit

$ yum install chkrootkit

to run type

$ chkrootkit

or to search for suspicious strings type

$ chkrootkit -x | less

how to find no-owner files

admin — Tue, 25 Jan 2011 17:01:16 +0000

Files not owned by any user or group can pose a security problem. Just find them with the following command which do not belong to a valid user and a valid group

find /dir -xdev $ -nouser -o -nogroup $ -print

You need to investigate each reported file and either assign it to an appropriate user and group or remove it.

how to find world-writable files

admin — Tue, 25 Jan 2011 16:59:47 +0000

Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files:

find /dir -xdev -type d $ -perm -0002 -a ! -perm -1000 $ -print

You need to investigate each reported file and either set correct user and group permission or remove it.

list all open network ports

admin — Tue, 25 Jan 2011 16:56:45 +0000

Use the following command to list all open ports and associated programs:

netstat -tulpn

disable unwanted services

admin — Tue, 25 Jan 2011 16:54:31 +0000

Disable all unnecessary services and daemons (services that runs in the background).

Type the following command to list all services which are started at boot time in run level # 3:

# chkconfig –list | grep ’3:on’

To disable service, enter:

# service serviceName stop
# chkconfig serviceName off

make sure no non-root accounts have UID set to 0

admin — Tue, 25 Jan 2011 16:36:47 +0000

Only root account have UID 0 with full permissions to access the system.

Type the following command to display all accounts with UID set to 0:
# awk -F: ‘($3 == “0″) {print}’ /etc/passwd

You should only see one line as follows:

root:x:0:0:root:/root:/bin/bash

If you see other lines, delete them or make sure other accounts are authorized by you to use UID 0.

how to lock all accounts with empty passwords

admin — Tue, 25 Jan 2011 16:35:25 +0000

# passwd -l accountName

how to verify no accounts have empty passwords?

admin — Tue, 25 Jan 2011 16:34:37 +0000

Type the following command
# awk -F: ‘($2 == “”) {print}’ /etc/shadow