Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shell tricks (Re: bash if file exists)



 On Fri, Apr 04, 2008 at 09:48:14AM -0400, Ben Holland wrote: 
> Just as a quick question and i'm not trying to be a dick about it, but if 
> you have a major file system corruption, why would the ability to know what 
> files are there be important. 

There are a few cases where this might be useful. John mentioned a 
historic one, that I think doesn't really apply anymore...  In 
general, if you have good back-ups, it's probably easier to simply 
re-install and restore.  If you have a kickstart server (or similar), 
it will take you less than an hour to get your system back, at which 
point you'll just have to worry about restoring data. 

However, if your back-ups aren't so great, or you are working in a 
secure environment where you need to be sure of what happened before 
you trash the system and restore it, this could come in handy for 
damage assessment and/or forensic investigation.  If, for example, 
you're concerned that your system might be trojaned, you might want to 
poke around with something like this.  Root kits often trojan the ls 
command to hide themselves, but it's less common to trojan the shell. 
Especially if you have extra shells installed, or have a shell 
installed in an unusual location, root kits will probably miss at 
least one of those, making it possible to detect files that would be 
missed with trojaned ls commands. 

If you inherited a system that does not have good back-ups (I say 
inherited, because of course everyone here always has good back-ups:), 
then it might be possible to recover some important config files. 
Using tricks like this will help you see what you can recover... 

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02 
-=-=-=-=- 
This message is posted from an invalid address.  Replying to it will result in 
undeliverable mail due to spam prevention.  Sorry for the inconvenience. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org