DOCSLIB.ORG

1. Directories and Moving 2. Listing Files 3. Links

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
1. Directories and Moving 2. Listing Files 3. Links 1. Directories and moving § mkdir dir1 § mkdir -p dir1/dir2 § cd § cd . § cd .. § cd ~user § cd into symlinks o cd .. (depends on the shell/command interpreter) 2. Listing files § ls o ls is often an alias in shell/command interpreter o cd o alias § /bin/ls § the real unix command § unalias ls § ls -l § ls –d § ls -s § ls -s | more –c (note different output - ls use isatty()) § ls -a § ls -a .??* § ls -lad .??* § ls –lt § ls –lu § ls -lS § ls -rtl § ls -rlS § ls -rlS -h § ls -rlS –si § man ls 3. Links § Hard link - gives another name to a file o ln file4 file4.hlink o File is removed when it has no more link o Hard link limited to filesystem § Symbolic links o ln -s file4 file4.hlink o Symbolic links can cross filesystems 4. Redirection and IPCs § proc1 > output1 § proc1 2> error1 § proc1 2>error1 > output1 § proc1 | proc2 § proc1 | tee output2 § proc1 2>&1 | tee output2 § named pipes § mkfifo /tmp/bar § proc1 > /tmp/bar § proc2 < /tmp/bar § cat beers > /tmp/bar & sort /tmp/bar 5. File times (and status) § file times o access time read data o modified time write data o change time inode change (e.g. permission) § ls -l --time=use § ls -l --time=,ctime § stat 6. Moving/Copying file § mv file1 file2 § mv file1 dir1 § cp file1 file2 § cp file1 dir1 o cp –p (preserve perm/time - useful for config backup) o cp -r o cp –i § Ask confirmation before overwriting 7. User and group ownership § /etc/passwd, /etc/group o uid, gid, gecos § /etc/shadow, /etc/gshadow § useradd, groupadd § chown § chgrp 8. File types and protection § file types o directory o regular o symbolic link o named pipes o ... § file protection modes § special bits o setuid for executables o setgid for directories o sticky bit for files o sticky bit for directories § special cases o rwx for directories 9. Devices files § ls -l /dev directory --> Special files for devices § Real devices o /dev/audio, /dev/dsp, /dev/sdax, /dev/hdax, ... § Pseudo devices o /dev/null, /dev/zero, /dev/random, ... 10. Disk space § Files are taking space on disk § Space occupied by a directory o du o du * o du -s o du -s * o du -s -k o du -s -h * o du -s --si * o What about hard links ? § counted once o What about Symbolic links § du -L § Disk space used by a user o du may not be suitable o quota § Disk space used on a partition o df o df –k o df –h o df --si 11. Finding files § find (pathname expression) o type f, d, l, p, c, b, s § In ~home • find . -type f • find * -type f -ls • find * -type d -ls § In /dev • find . -type d • find . -type p -ls • find . -type s -ls o perm mode, -mode, +mode with negation (!) o In ~home § find . -perm 0600 -ls § find . \! -type d -perm 644 -ls § find . \! -type d -perm 111 -ls § find . \! -type d -perm -111 -ls § find . \! -type d -perm +111 -ls o mtime/atime/ctime § o In ~home § find . -type f -mtime -2 § find . -type f -atime -2 § find . -type f -mtime +1200 o size o In ~home § find . -type f -size +120000k -ls o name o path o In ~home § find . -type f -name \*dir\* § find . -type f -path \*dir\* o user (nouser) o In ~psp § find . -nouser -ls o group (nogroup) § locate o run periodically o on sync with delete (on good UNIX implementation). § Advanced find o find -name \*.gz -mtime +7 -size +500M -size -1G –ls o find . -name \*.gz -mtime +7 -size +500M -size -1G -exec rm -f {} \; o find . -name \*.gz -mtime +7 -size +500M -size -1G –delete o find . -name \*.gz -mtime +7 -size +500M -size -1G -execdir gzip {} \; 12. Files comparison § Diff § diff –C § patch 13. Files archives / compression § gzip § gzip file § gzid -d file.gz § gzip -v9 file § gzip -v1 file § gzip -dc file.gz | proc1 § gzip -dcf message* | proc1 § xz § tar o tar cvf archive.tar ./data o tar tvf archive.tar o tar xvf archive.tar o gzip -v9 arctive.tar o gzip integrated into tar with z option 14. Process management § finding processes o ps o ps u o ps xu § (x = proc without terminals) o ps aux o ps auxw o ps auxww o ps alx § On a system V UNIX o ps -ef o PATH=/usr/ucb:$PATH § top o nProc & MultiThread (1) § States & Priorities o R, S, W, D(U), N, < § nice, renice § /proc o environ o fd o cpuinfo o sys o meminfo § lsof 15. Elementary filters § From the tarball airnav.tar.gz § grep o grep Belgium lands o grep belgium lands o grep -i belgium lands o grep -i niger o grep -i -w niger o grep -i -c niger o grep -i -v belgium o grep -i -w london */* o grep -i -w -l london */* § dirname, basename o dirname CA/apt.txt o dirname /usr/bin/ls o basename CA/apt.txt o basename CA/apt.txt .txt § awk o awk -F: '{print $2}' apt.txt o awk -F: '{print "ICAO", $1, $2}' apt.txt o awk -F: '{printf "ICAO %4s %20s\n", $1, $2}' apt.txt o awk -F: '{ if( ! $1 ) printf "%20s\n", $2}' apt.txt o awk -F: '{ printf "%20s : %2d\n", $2, length($2);}' apt.txt o awk -F: '{ printf "%-20s: %2d\n", $2, length($2);}' apt.txt § tr o see man tr ... ! § sort o sort apt.txt o sort -t: -k3,3 apt.txt o sort -t: -k 3,3n apt.txt § head, tail o head -n o tail -n o tail -f (= -tail--follow=descriptor) o tail -F (= -tail--follow=name) § xargs o xargs –nn o xargs –ln § echo a b c d e f g h I j | xargs –n2 echo | xargs –l1 echo o xargs –I replace-str o file hosts-expe.txt (with host names) o cat hosts-expe.txt | xargs -l1 -iH xargs \ wget -O results-H.txt http://H/results.txt 16. Advanced filters § grep -l -i london */apt.txt | awk -F/ '{print $1;}' \| xargs -I {} -l 1 grep {} lands § cat lands.txt | tr "[:lower:]" "[:upper:]" | sort -n § cat */apt.txt | sort -t: -k7,7n | tail -5 § grep -l -i london */apt.txt \| xargs -l1 -i{} sh -c "mail -v -s {} [email protected] < {}" 17. More filters § Editors o Discussion about editors § dd, ex, vi, emacs, nemacs, pico o Stream editors § sed -e '/brolle/d' < file_in > file_out § sed -e 's/regex1/exptr2/' < file_in > file_out § sed -e 's/regex1/exptr2/g' < file_in > file_out § cat vs tac (on modern linux system) o file0 § 11 mai § 12 mai o file1 § 5 mai § 10 mai o cat file0 file1 o cat file1 file0 o cat file* o cat file[01] o cat file[10] o tac file* o tac file* | tac 18. Shells § shell est l'interpréteur de commande § shell est aussi le nom générique d'un command file § Il n'y a pas un seul interpreteur de commande: o sh - csh - ksh - bash - tcsh - zsh o explication de quelques differences entre les shells § programming syntax § history § rappel: shell par defaut dernier champs de /etc/passwd o valid shells: /etc/shells 19. Bash programming § Programming --> variables § Exemple mysh01.sh o suffix is irrelevant o file type determined by magic characters (/usr/share/file/magic) o #! perl, sh, bash, ... could be print § Variables can be local or global (environment) § Variables can be predefined: o $$ (pid) o $* o $? o $0 o $# o $1 $2 $3 $4 ... o $BASH_VERSION § Demo global variable avec mysh01.sh et prenv o /proc/pid/environment is the startup environment o cat /proc/pid(mysh01.sh)/environ | tr '\0' '\n'| grep GLOVAR --> nothing o cat /proc/pid(prenv)/environ | tr '\0' '\n'| grep GLOVAR --> OK 20. Wild characters (expansion by the shell) § ls a* § ls *.* § ls *.sh § ls ? § ls ????.* § ls *.[08] § ls *.[0-9] § ls *.{pl,sh} § advanced: (shopt - shopt -s extglob) § ls *([a-z0-9]).? a comparer avec ls *[a-z0-9].? § ls *[0-9]+([0-9]).sh § ls *.? 21. Shell escaping § \ § simple quotes § double quotes § demo prargs o ./prargs 0 o ./prargs \0 o ./prargs \\0 o ./prargs "\0" o ./prargs '\0' o ./prargs "$0" o ./prargs '$0' § var=3232 o ./prargs $var o ./prargs \$var o ./prargs "$var" o ./prargs '$var' § ./prargs * § ./prargs \* 22. Wild characters (advanced) § If nothing match a wild character expansion, the argument is passed as is to the program § demo from Annexes-11 o ./prargs *.{awk,pl} o ./prargs /usr/bin/*.{awk,pl} o ./prargs *.doc *.c 23. Shell constructs § for loop o based on file list: § mysh02.sh • introduction of basename (and dirname) • introduction of md5sum o based on string words § mysh03.sh § expr for arithmetic expression o cnt=1 o cnt=$(expr $cnt + 1) § while loop o mysh04.sh o Warning test syntax (man test) § simple tests o Example 1 - test number of arguments (mysh05a.sh) o Example 2 - test file existence o Example 3 - test if root (mysh05b.sh) o Example 4 - test exit value (mysh05c.sh) 24. Subshells § cmd1 & § cmd1 & cmd2 & cmd3 & § prodd 10 & ls § prodd 10 && ls § prodd 11 & & ls § cmd1 ; cmd2 ; cmd3 § (cmd1 ; cmd2) o (date ; ls) | mail -v -s testfile [email protected] .
Load more

Recommended publications
  • At—At, Batch—Execute Commands at a Later Time
    at—at, batch—execute commands at a later time at [–csm] [–f script] [–qqueue] time [date] [+ increment] at –l [ job...] at –r job... batch at and batch read commands from standard input to be executed at a later time. at allows you to specify when the commands should be executed, while jobs queued with batch will execute when system load level permits. Executes commands read from stdin or a file at some later time. Unless redirected, the output is mailed to the user. Example A.1 1 at 6:30am Dec 12 < program 2 at noon tomorrow < program 3 at 1945 pm August 9 < program 4 at now + 3 hours < program 5 at 8:30am Jan 4 < program 6 at -r 83883555320.a EXPLANATION 1. At 6:30 in the morning on December 12th, start the job. 2. At noon tomorrow start the job. 3. At 7:45 in the evening on August 9th, start the job. 4. In three hours start the job. 5. At 8:30 in the morning of January 4th, start the job. 6. Removes previously scheduled job 83883555320.a. awk—pattern scanning and processing language awk [ –fprogram–file ] [ –Fc ] [ prog ] [ parameters ] [ filename...] awk scans each input filename for lines that match any of a set of patterns specified in prog. Example A.2 1 awk '{print $1, $2}' file 2 awk '/John/{print $3, $4}' file 3 awk -F: '{print $3}' /etc/passwd 4 date | awk '{print $6}' EXPLANATION 1. Prints the first two fields of file where fields are separated by whitespace. 2. Prints fields 3 and 4 if the pattern John is found.
    [Show full text]
  • Unix Introduction
    Unix introduction Mikhail Dozmorov Summer 2018 Mikhail Dozmorov Unix introduction Summer 2018 1 / 37 What is Unix Unix is a family of operating systems and environments that exploits the power of linguistic abstractions to perform tasks Unix is not an acronym; it is a pun on “Multics”. Multics was a large multi-user operating system that was being developed at Bell Labs shortly before Unix was created in the early ’70s. Brian Kernighan is credited with the name. All computational genomics is done in Unix http://www.read.seas.harvard.edu/~kohler/class/aosref/ritchie84evolution.pdfMikhail Dozmorov Unix introduction Summer 2018 2 / 37 History of Unix Initial file system, command interpreter (shell), and process management started by Ken Thompson File system and further development from Dennis Ritchie, as well as Doug McIlroy and Joe Ossanna Vast array of simple, dependable tools that each do one simple task Ken Thompson (sitting) and Dennis Ritchie working together at a PDP-11 Mikhail Dozmorov Unix introduction Summer 2018 3 / 37 Philosophy of Unix Vast array of simple, dependable tools Each do one simple task, and do it really well By combining these tools, one can conduct rather sophisticated analyses The Linux help philosophy: “RTFM” (Read the Fine Manual) Mikhail Dozmorov Unix introduction Summer 2018 4 / 37 Know your Unix Unix users spend a lot of time at the command line In Unix, a word is worth a thousand mouse clicks Mikhail Dozmorov Unix introduction Summer 2018 5 / 37 Unix systems Three common types of laptop/desktop operating systems: Windows, Mac, Linux. Mac and Linux are both Unix-like! What that means for us: Unix-like operating systems are equipped with “shells”" that provide a command line user interface.
    [Show full text]
  • Administering Unidata on UNIX Platforms
    C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta UniData Administering UniData on UNIX Platforms UDT-720-ADMU-1 C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Notices Edition Publication date: July, 2008 Book number: UDT-720-ADMU-1 Product version: UniData 7.2 Copyright © Rocket Software, Inc. 1988-2010. All Rights Reserved. Trademarks The following trademarks appear in this publication: Trademark Trademark Owner Rocket Software™ Rocket Software, Inc. Dynamic Connect® Rocket Software, Inc. RedBack® Rocket Software, Inc. SystemBuilder™ Rocket Software, Inc. UniData® Rocket Software, Inc. UniVerse™ Rocket Software, Inc. U2™ Rocket Software, Inc. U2.NET™ Rocket Software, Inc. U2 Web Development Environment™ Rocket Software, Inc. wIntegrate® Rocket Software, Inc. Microsoft® .NET Microsoft Corporation Microsoft® Office Excel®, Outlook®, Word Microsoft Corporation Windows® Microsoft Corporation Windows® 7 Microsoft Corporation Windows Vista® Microsoft Corporation Java™ and all Java-based trademarks and logos Sun Microsystems, Inc. UNIX® X/Open Company Limited ii SB/XA Getting Started The above trademarks are property of the specified companies in the United States, other countries, or both. All other products or services mentioned in this document may be covered by the trademarks, service marks, or product names as designated by the companies who own or market them. License agreement This software and the associated documentation are proprietary and confidential to Rocket Software, Inc., are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice.
    [Show full text]
  • Ocaml Standard Library Ocaml V
    OCaml Standard Library OCaml v. 3.12.0 | June 7, 2011 | Copyright c 2011 OCamlPro SAS | http://www.ocamlpro.com/ Standard Modules module List module Array Basic Data Types let len = List.length l let t = Array.create len v let t = Array.init len (fun pos -> v_at_pos) Pervasives All basic functions List.iter (fun ele -> ... ) l; let v = t.(pos) String Functions on Strings let l' = List.map(fun ele -> ... ) l t.(pos) <- v; Array Functions on Polymorphic Arrays let l' = List.rev l1 let len = Array.length t List Functions on Polymorphic Lists let acc' = List.fold left (fun acc ele -> ...) acc l let t' = Array.sub t pos len Char Functions on Characters let acc' = List.fold right (fun ele acc -> ...) l acc let t = Array.of_list list Int32 Functions on 32 bits Integers if List.mem ele l then ... let list = Array.to_list t Int64 Functions on 64 bits Integers if List.for all (fun ele -> ele >= 0) l then ... Array.iter (fun v -> ... ) t; Nativeint Functions on Native Integers if List.exists (fun ele -> ele < 0) l then ... let neg = List.find (fun x -> x < 0) ints Array.iteri (fun pos v -> ... ) t; Advanced Data Types let negs = List.find all (fun x -> x < 0) ints let t' = Array.map (fun v -> ... ) t let t' = Array.mapi (fun pos v -> ... ) t Buffer Automatically resizable strings let (negs,pos) = List.partition (fun x -> x < 0) ints let ele = List.nth 2 list let concat = Array.append prefix suffix Complex Complex Numbers Array.sort compare t; Digest MD5 Checksums let head = List.hd list Hashtbl Polymorphic Hash Tables let tail = List.tl list let value = List.assoc key assocs Queue Polymorphic FIFO module Char Stack Polymorphic LIFO if List.mem assoc key assocs then ..
    [Show full text]
  • CS101 Lecture 9
    How do you copy/move/rename/remove files? How do you create a directory ? What is redirection and piping? Readings: See CCSO’s Unix pages and 9-2 cp option file1 file2 First Version cp file1 file2 file3 … dirname Second Version This is one version of the cp command. file2 is created and the contents of file1 are copied into file2. If file2 already exits, it This version copies the files file1, file2, file3,… into the directory will be replaced with a new one. dirname. where option is -i Protects you from overwriting an existing file by asking you for a yes or no before it copies a file with an existing name. -r Can be used to copy directories and all their contents into a new directory 9-3 9-4 cs101 jsmith cs101 jsmith pwd data data mp1 pwd mp1 {FILES: mp1_data.m, mp1.m } {FILES: mp1_data.m, mp1.m } Copy the file named mp1_data.m from the cs101/data Copy the file named mp1_data.m from the cs101/data directory into the pwd. directory into the mp1 directory. > cp ~cs101/data/mp1_data.m . > cp ~cs101/data/mp1_data.m mp1 The (.) dot means “here”, that is, your pwd. 9-5 The (.) dot means “here”, that is, your pwd. 9-6 Example: To create a new directory named “temp” and to copy mv option file1 file2 First Version the contents of an existing directory named mp1 into temp, This is one version of the mv command. file1 is renamed file2. where option is -i Protects you from overwriting an existing file by asking you > cp -r mp1 temp for a yes or no before it copies a file with an existing name.
    [Show full text]
  • Common Commands Cheat Sheet by Mmorykan Via Cheatography.Com/89673/Cs/20411
    Common Commands Cheat Sheet by mmorykan via cheatography.com/89673/cs/20411/ Scripting Scripting (cont) GitHub bash filename - Runs script sleep value - Forces the script to wait value git clone <url​ > - Clones gitkeeper url Shebang - "#​ !bi​ n/b​ ash​ " - First line of bash seconds git add <fil​ ena​ me>​ - Adds the file to git script. Tells script what binary to use while [[ condition ]]; do stuff; done git commit - Commits all files to git ./file​ name - Also runs script if [[ condition ]]; do stuff; fi git push - Pushes all git files to host # - Creates a comment until [[ condition ]]; do stuff; done echo ${varia​ ble} - Prints variable words="​ h​ ouse dogs telephone dog" - Package / Networking hello_int = 1 - Treats "1​ " as a string Declares words array dnf upgrade - Updates system packages Use UPPERC​ ASE for constant variables for word in ${words} - traverses each dnf install - Installs package element in array Use lowerc​ ase​ _wi​ th_​ und​ ers​ cores for dnf search - Searches for package for counter in {1..10} - Loops 10 times regular variables dnf remove - Removes package for ((;;)) - Is infinite for loop echo $(( ${hello​ _int} + 1 )) - Treats hello_int systemctl start - Starts systemd service as an integer and prints 2 break - exits loop body systemctl stop - Stops systemd service mktemp - Creates temporary random file for ((count​ er=1; counter -le 10; counter​ ++)) systemctl restart - Restarts systemd service test - Denoted by "[[ condition ]]" tests the - Loops 10 times systemctl reload - Reloads systemd service condition
    [Show full text]
  • Linux Commands Cheat Sheet
    LINUX COMMANDS CHEAT SHEET System File Permission uname => Displays Linux system information chmod octal filename => Change file permissions of the file to octal uname -r => Displays kernel release information Example uptime => Displays how long the system has been running including chmod 777 /data/test.c => Set rwx permissions to owner, group and everyone (every- load average one else who has access to the server) hostname => Shows the system hostname chmod 755 /data/test.c => Set rwx to the owner and r_x to group and everyone hostname -i => Displays the IP address of the system chmod 766 /data/test.c => Sets rwx for owner, rw for group and everyone last reboot => Shows system reboot history chown owner user-file => Change ownership of the file date => Displays current system date and time chown owner-user: owner-group => Change owner and group owner of the file timedatectl => Query and change the System clock file_name chown owner-user:owner-group- => Change owner and group owner of the directory cal => Displays the current calendar month and day directory w => Displays currently logged in users in the system whoami => Displays who you are logged in as Network finger username => Displays information about the user ip addr show => Displays IP addresses and all the network interfaces Hardware ip address add => Assigns IP address 192.168.0.1 to interface eth0 192.168.0.1/24 dev eth0 dmesg => Displays bootup messages ifconfig => Displays IP addresses of all network interfaces cat /proc/cpuinfo => Displays more information about CPU e.g model, model name, cores, vendor id ping host => ping command sends an ICMP echo request to establish a connection to server / PC cat /proc/meminfo => Displays more information about hardware memory e.g.
    [Show full text]
  • A Brief Introduction to Unix-2019-AMS
    Brief Intro to Linux/Unix Brief Intro to Unix (contd) A Brief Introduction to o Brief History of Unix o Compilers, Email, Text processing o Basics of a Unix session o Image Processing Linux/Unix – AMS 2019 o The Unix File System Pete Pokrandt o Working with Files and Directories o The vi editor UW-Madison AOS Systems Administrator o Your Environment [email protected] o Common Commands Twitter @PTH1 History of Unix History of Unix History of Unix o Created in 1969 by Kenneth Thompson and Dennis o Today – two main variants, but blended o It’s been around for a long time Ritchie at AT&T o Revised in-house until first public release 1977 o System V (Sun Solaris, SGI, Dec OSF1, AIX, o It was written by computer programmers for o 1977 – UC-Berkeley – Berkeley Software Distribution (BSD) linux) computer programmers o 1983 – Sun Workstations produced a Unix Workstation o BSD (Old SunOS, linux, Mac OSX/MacOS) o Case sensitive, mostly lowercase o AT&T unix -> System V abbreviations 1 Basics of a Unix Login Session Basics of a Unix Login Session Basics of a Unix Login Session o The Shell – the command line interface, o Features provided by the shell o Logging in to a unix session where you enter commands, etc n Create an environment that meets your needs n login: username n Some common shells n Write shell scripts (batch files) n password: tImpAw$ n Define command aliases (this Is my password At work $) Bourne Shell (sh) OR n Manipulate command history IHateHaving2changeMypasswordevery3weeks!!! C Shell (csh) n Automatically complete the command
    [Show full text]
  • Cygwin User's Guide
    Cygwin User’s Guide Cygwin User’s Guide ii Copyright © Cygwin authors Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .4 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select . .7 1.7 What’s new and what changed in Cygwin . .7 1.7.1 What’s new and what changed in 3.2 .
    [Show full text]
  • Chapter 19 RECOVERING DIGITAL EVIDENCE from LINUX SYSTEMS
    Chapter 19 RECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS Philip Craiger Abstract As Linux-kernel-based operating systems proliferate there will be an in­ evitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not neces­ sarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools. Keywords: Digital evidence, Linux system forensics !• Introduction Linux systems will be increasingly encountered at crime scenes as Linux increases in popularity, particularly as the OS of choice for servers. The skills and expertise required to recover evidence from a Microsoft- Windows-based system, however, do not necessarily translate to the same tasks on a Linux system. For instance, the Microsoft NTFS, FAT, and Linux EXT2/3 file systems work differently enough that under­ standing one tells httle about how the other functions. In this paper we demonstrate digital forensics procedures for Linux systems using Linux command line utilities. The ability to gather evidence from a running system is particularly important as evidence in RAM may be lost if a forensics first responder does not prioritize the collection of live evidence. The forensic procedures discussed include methods for identifying and recovering deleted files from RAM and magnetic media, identifying no- 234 ADVANCES IN DIGITAL FORENSICS tables files and Trojans, and finding hidden files and renamed files (files with renamed extensions.
    [Show full text]
  • “Linux at the Command Line” Don Johnson of BU IS&T  We’Ll Start with a Sign in Sheet
    “Linux at the Command Line” Don Johnson of BU IS&T We’ll start with a sign in sheet. We’ll end with a class evaluation. We’ll cover as much as we can in the time allowed; if we don’t cover everything, you’ll pick it up as you continue working with Linux. This is a hands-on, lab class; ask questions at any time. Commands for you to type are in BOLD The Most Common O/S Used By BU Researchers When Working on a Server or Computer Cluster Linux is a Unix clone begun in 1991 and written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. 64% of the world’s servers run some variant of Unix or Linux. The Android phone and the Kindle run Linux. a set of small Linux is an O/S core programs written by written by Linus Richard Stallman and Torvalds and others others. They are the AND GNU utilities. http://www.gnu.org/ Network: ssh, scp Shells: BASH, TCSH, clear, history, chsh, echo, set, setenv, xargs System Information: w, whoami, man, info, which, free, echo, date, cal, df, free Command Information: man, info Symbols: |, >, >>, <, ;, ~, ., .. Filters: grep, egrep, more, less, head, tail Hotkeys: <ctrl><c>, <ctrl><d> File System: ls, mkdir, cd, pwd, mv, touch, file, find, diff, cmp, du, chmod, find File Editors: gedit, nedit You need a “xterm” emulation – software that emulates an “X” terminal and that connects using the “SSH” Secure Shell protocol. ◦ Windows Use StarNet “X-Win32:” http://www.bu.edu/tech/support/desktop/ distribution/xwindows/xwin32/ ◦ Mac OS X “Terminal” is already installed Why? Darwin, the system on which Apple's Mac OS X is built, is a derivative of 4.4BSD-Lite2 and FreeBSD.
    [Show full text]
  • High Performance Multi-Node File Copies and Checksums for Clustered File Systems∗
    High Performance Multi-Node File Copies and Checksums for Clustered File Systems∗ Paul Z. Kolano, Robert B. Ciotti NASA Advanced Supercomputing Division NASA Ames Research Center, M/S 258-6 Moffett Field, CA 94035 U.S.A. {paul.kolano,bob.ciotti}@nasa.gov Abstract To achieve peak performance from such systems, it is Mcp and msum are drop-in replacements for the stan- typically necessary to utilize multiple concurrent read- dard cp and md5sum programs that utilize multiple types ers/writers from multiple systems to overcome various of parallelism and other optimizations to achieve maxi- single-system limitations such as number of processors mum copy and checksum performance on clustered file and network bandwidth. The standard cp and md5sum systems. Multi-threading is used to ensure that nodes are tools of GNU coreutils [11] found on every modern kept as busy as possible. Read/write parallelism allows Unix/Linux system, however, utilize a single execution individual operations of a single copy to be overlapped thread on a single CPU core of a single system, hence using asynchronous I/O. Multi-node cooperation allows cannot take full advantage of the increased performance different nodes to take part in the same copy/checksum. of clustered file system. Split file processing allows multiple threads to operate This paper describes mcp and msum, which are drop- concurrently on the same file. Finally, hash trees allow in replacements for cp and md5sum that utilize multi- inherently serial checksums to be performed in parallel. ple types of parallelism to achieve maximum copy and This paper presents the design of mcp and msum and de- checksum performance on clustered file systems.
    [Show full text]