Home > Articles > Linux Operating System

Linux Operating System

Chapter Description

In this sample chapter from CCNA Cybersecurity Operations Companion Guide and the Cisco Networking Academy, learn how to perform basic Linux operations as well as administrative and security-related tasks.

Linux Hosts (3.3)

In this section, you will learn about working with Linux hosts through the GUI and the CLI.

Working with the Linux GUI (3.3.1)

In this topic, you will learn about the Linux GUI.

X Window System (3.3.1.1)

The graphical interface present in most Linux computers is based on the X Window System. Also known as X or X11, X Window is a windowing system designed to provide the basic framework for a GUI. X includes functions for drawing and moving windows on the display device and interacting with a mouse and keyboard.

X works as a server and, as such, allows a remote user to use the network to connect, start a graphical application, and have the graphical window open on the remote terminal. While the application itself runs on the server, the graphical aspect of it is sent by X over the network and displayed on the remote computer.

Notice that X does not specify the user interface, leaving it to other programs such as window managers to define all the graphical components. This abstraction allows for great flexibility and customization as graphical components such as buttons, fonts, icons, window borders, and color scheme are all defined by the user application. Because of this separation, the Linux GUI varies greatly from distribution to distribution. Examples of window managers are Gnome and KDE, as shown in Figures 3-9 and 3-10, respectively. While the look and feel of window managers vary, the main components are still present.

Figure 3-9

Figure 3-9 Gnome Window Manager

Figure 3-10

Figure 3-10 KDE Window Manager

For more information on Gnome, visit the following website:

https://www.gnome.org/

For more information on KDE, visit the following website:

https://www.kde.org/

The Linux GUI (3.3.1.2)

Although an operating system does not require a GUI to function, GUIs are considered more user-friendly than the CLI. The Linux GUI as a whole can be easily replaced by the user. As a result of the large number of Linux distributions, this chapter focuses on Ubuntu when covering Linux because it is a very popular and user-friendly distribution.

Ubuntu Linux uses Unity as its default GUI. Unity’s goal is to make Ubuntu even more user-friendly. The main UI components of Unity include:

  • Top Menu Bar: This multipurpose menu bar contains the currently running application. It includes the maximize, minimize, and exit buttons of the application in focus, as well as the system toggles including settings, logout, and shutdown, clock, and other notifications.

  • Launcher: This is a dock on the left side of the screen that serves as the application launcher and switcher. Click to launch an application and when the application is running, click again to switch between running applications. If more than one instance of an application is running, Launcher will display all instances.

  • Quicklist: Right-click any application hosted on the Launcher to access a short list of tasks the application can perform.

  • Dash Search Box: This holds the Search tool and a list of recently used applications. Dash includes Lenses at the bottom of the Dash area which allow the user to fine-tune Dash search results. To access Dash, click the Ubuntu button on the top of the Launcher.

  • System and Notification Menu: Many important functions are located in the indicator menu, located at the top right corner of the screen. Use the indicator menu to switch users, shut down your computer, control the volume level, or change network settings.

Figure 3-11 shows a breakdown of the Ubuntu Unity Desktop.

Figure 3-11

Figure 3-11 Ubuntu Unity GUI

To experience Unity desktop in your web browser, visit the following website:

http://tour.ubuntu.com/en/

Working on a Linux Host (3.3.2)

In this topic, you will learn how to install and run Linux applications, keep your system up to date, and guarding against malware on a Linux host.

Installing and Running Applications on a Linux Host (3.3.2.1)

Many end-user applications are complex programs written in compiled languages. To aid in the installation process, Linux often includes programs called package managers. A package is the term used to refer to a program and all its supported files. By using a package manager to install a package, all the necessary files are placed in the correct file system location.

There are several package managers. For this course, we will use the Advanced Packaging Tool (apt) package manager. Example 3-9 shows the output of a few apt commands. The apt-get update command is used to fetch the package list from the package repository and update the local package database. The apt-get upgrade command is used to update all currently installed packages to their latest versions.

Example 3-9 The Advanced Packaging Tool (APT) Package Manager

analyst@cuckoo:~$ sudo apt-get update
[sudo] password for analyst:
Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [534 kB]
<output omitted>
Fetched 4,613 kB in 4s (1,003 kB/s)
Reading package lists... Done
analyst@cuckoo:~$
analyst@cuckoo:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
 linux-generic-hwe-16.04 linux-headers-generic-hwe-16.04
  linux-image-generic-hwe-16.04
The following packages will be upgraded:
 firefox firefox-locale-en gir1.2-javascriptcoregtk-4.0 gir1.2-webkit2-4.0
  libjavascriptcoregtk-4.0-18
 libwebkit2gtk-4.0-37 libwebkit2gtk-4.0-37-gtk2 libxen-4.6 libxenstore3.0 linux-
  libc-dev logrotate openssh-client
 qemu-block-extra qemu-kvm qemu-system-common qemu-system-x86 qemu-utils snapd
  ubuntu-core-launcher zlib1g
 zlib1g-dev
21 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 85.7 MB of archives.
After this operation, 1,576 kB of additional disk space will be used.
Do you want to continue? [Y/n]

Keeping the System Up to Date (3.3.2.2)

Also known as patches, OS updates are released periodically by OS companies to address any known vulnerabilities in their operating system. While companies have update schedules, the release of unscheduled OS updates can happen when a major vulnerability is found in the OS code. Modern operating systems will alert the user when updates are available for download and installation but the user can check for updates at any time.

To update the local package metadata database using the CLI, use the apt-get update command.

To upgrade all the currently installed packages using the CLI, use the apt-get upgrade command.

To manually check and install updates on Linux using the GUI, click Dash Search Box, type software updater, and click the Software Updater icon, as shown in Figure 3-12.

Figure 3-12

Figure 3-12 The Ubuntu GUI-Based Software Updater

Processes and Forks (3.3.2.3)

A process is a running instance of a computer program. Multitasking operating systems can execute many processes at the same time.

Forking is a method that the kernel uses to allow a process to create a copy of itself. Processes need a way to create new processes in multitasking operating systems. The fork operation is the only way of doing so in Linux.

Forking is important for many reasons. One of them relates to process scalability. Apache, a popular web server, is a good example. By forking itself, Apache is able to serve a large number of requests with fewer system resources than a single-process-based server.

When a process calls fork, the caller process becomes the parent process, with the newly created process referred to as its child. After the fork, the processes are, to some extent, independent processes; they have different process IDs but run the same program code.

The following are a few commands used to manage processes:

  • ps: This command is used to list the processes running on the computer at the time it is invoked. ps can be instructed to display running processes that belong to the current user or other users. While listing processes does not require root privileges, killing or modifying other users’ processes does.

  • top: This command is also used to list running processes, but unlike ps, top keeps displaying running processes dynamically. Press q to exit top.

  • kill: This command is used to modify the behavior of a specific process. Depending on the parameters, kill will remove, restart, or pause a process. In many cases, the user will run ps or top before running kill. This is done so the user can learn the PID of a process before running kill.

Example 3-10 shows the output of the top command on a Linux computer.

Example 3-10 Output of the top Command

top - 12:37:51 up 28 min,  1 user,  load average: 0.07, 0.02, 0.02
Tasks:  99 total,   1 running,  98 sleeping,   0 stopped,   0 zombie
%Cpu0  :   2.8/0.7     3[|||                                                ]
GiB Mem : 94.6/0.981    [                                                   ]
GiB Swap:  0.0/0.000    [                                                   ]

  PID USER      PR  NI    VIRT    RES %CPU %MEM     TIME+ S COMMAND
    1 root      20   0    8.9m   3.8m  0.0  0.4   0:00.70 S systemd
  173 root      20   0   70.6m   2.4m  0.0  0.2   0:00.06 S  `- systemd-journal
  205 root      20   0   15.0m   1.8m  0.0  0.2   0:00.09 S  `- systemd-udevd
  270 root      20   0    5.5m   0.3m  0.0  0.0   0:00.09 S  `- ovsdb-server
  272 root      20   0    5.7m   0.9m  0.0  0.1   0:00.00 S  `- start_pox.sh
  281 root      20   0   42.0m   8.2m  0.7  0.8   0:03.47 S      `- python2.7
  274 root      20   0   23.2m   1.6m  0.0  0.2   0:00.00 S  `- rsyslogd
  276 root      20   0    7.0m   1.3m  0.0  0.1   0:00.00 S  `- systemd-logind
  277 dbus      20   0    6.4m   2.0m  0.0  0.2   0:00.18 S  `- dbus-daemon
  283 systemd+  20   0   16.6m   0.5m  0.0  0.1   0:00.00 S  `- systemd-network
  284 root      20   0    7.5m   1.2m  0.0  0.1   0:00.00 S  `- ovs-vswitchd
  297 root      20   0   29.3m   1.5m  0.0  0.2   0:00.19 S  `- VBoxService
  314 root      20   0    5.2m   0.7m  0.0  0.1   0:00.00 S  `- vsftpd
  317 root      20   0    7.6m   0.9m  0.0  0.1   0:00.00 S  `- sshd
  320 root      20   0   35.3m   6.7m  0.0  0.7   0:00.04 S  `- lightdm
  332 root      20   0  164.3m  61.5m  2.6  6.1   0:05.76 S      `- Xorg
  385 root      20   0   31.2m   2.9m  0.0  0.3   0:00.01 S      `- lightdm
  396 analyst   20   0    5.5m   1.0m  0.0  0.1   0:00.00 S          `- sh
  416 analyst   20   0   75.7m  26.8m  0.0  2.7   0:00.07 S              `- xfce4-session
  426 analyst   20   0   60.0m  28.9m  0.0  2.9   0:00.41 S                  `- xfwm4
  427 analyst   20   0   57.6m  25.6m  0.0  2.6   0:00.06 S                  `- Thunar
  428 analyst   20   0   70.3m  31.9m  0.0  3.2   0:00.28 S                  `- xfce4-panel
  459 analyst   20   0   56.7m  26.0m  0.0  2.6   0:00.08 S                      `- panel-6-systray
  462 analyst   20   0   57.9m  25.5m  0.0  2.5   0:00.09 S                      `- panel-2-actions
  432 analyst   20   0   90.2m  33.6m  0.0  3.3   0:00.57 S                  `- xfdesktop
  444 analyst   20   0   78.5m  25.9m  0.0  2.6   0:00.06 S                  `- polkit-gnome-au
  329 root      20   0    7.5m   0.5m  0.0  0.1   0:00.00 S  `- nginx
  330 http      20   0    8.8m   1.3m  0.0  0.1   0:00.00 S      `- nginx
  333 root      20   0   38.0m   2.8m  0.0  0.3   0:00.03 S  `- accounts-daemon
  340 polkitd   20   0   71.2m  10.3m  0.0  1.0   0:00.07 S  `- polkitd
  391 analyst   20   0    8.9m   1.8m  0.0  0.2   0:00.00 S  `- systemd
  392 analyst   20   0   12.2m   1.1m  0.0  0.1   0:00.00 S      `- (sd-pam)
  408 analyst   20   0    6.4m   1.8m  0.0  0.2   0:00.02 S      `- dbus-daemon
  420 analyst   20   0   10.2m   2.4m  0.0  0.2   0:00.01 S      `- xfconfd
  671 analyst   20   0   42.9m   6.4m  0.0  0.6   0:00.01 S      `- at-spi-bus-laun
  423 analyst   20   0    4.7m   0.2m  0.0  0.0   0:00.00 S  `- ssh-agent
  425 analyst   20   0   23.3m   0.2m  0.0  0.0   0:00.02 S  `- gpg-agent
  430 analyst   20   0   67.9m  26.3m  0.0  2.6   0:00.03 S  `- xfsettingsd
  440 analyst   20   0   80.0m  26.6m  0.0  2.6   0:00.08 S  `- xfce4-power-man
  448 analyst   20   0   79.8m  26.5m  0.0  2.6   0:00.02 S  `- xfce4-power-man
  463 root      20   0   52.6m   2.5m  0.0  0.2   0:00.02 S  `- upowerd
  478 analyst   20   0   15.2m   0.3m  0.0  0.0   0:00.00 S  `- VBoxClient
  487 analyst   20   0   17.4m   0.4m  0.7  0.0   0:01.78 S      `- VBoxClient
  479 analyst   20   0   15.2m   0.3m  0.0  0.0   0:00.00 S  `- VBoxClient
  484 analyst   20   0   16.9m   0.4m  0.0  0.0   0:00.01 S      `- VBoxClient

Malware on a Linux Host (3.3.2.4)

Linux malware includes viruses, Trojan horses, worms, and other types of malware that can affect the operating system. Due to a number of design components such as file system structure, file permissions, and user account restrictions, Linux operating systems are generally regarded as better protected against malware.

While arguably better protected, Linux is not immune to malware. Many vulnerabilities have been found and exploited in Linux. These range from server software to kernel vulnerabilities. Attackers are able to exploit these vulnerabilities and compromise the target. Due to the open source nature of Linux, fixes and patches are often made available within hours of the discovery of such problems.

If a malicious program is executed, it will cause damage, regardless of the platform. A common Linux attack vector is its services and processes. Vulnerabilities are frequently found in server and process code running on computers connected to the network. An outdated version of the Apache web server could contain an unpatched vulnerability which can be exploited by an attacker, for example. Attackers often probe open ports to assess the version and nature of the server running on that port. With that knowledge, attackers can research if there are any known issues with that particular version of that particular server to support the attack. As with most vulnerabilities, keeping the computer updated and closing any unused services and ports is a good way to reduce the opportunities for attack in a Linux computer.

Example 3-11 shows an attacker using the telnet command to probe the nature and version of a web server. The attacker has learned that the server in question is running nginx version 1.12.0. The next step would be to research known vulnerabilities in the nginx 1.12.0 code.

Example 3-11 Using telnet to Probe a Web Server

[analyst@secOps ~]$ telnet 209.165.200.224 80
Trying 209.165.200.224...
Connected to 209.165.200.224.
Escape character is '^]'.
type anything to force an HTTP error response
HTTP/1.1 400 Bad Request
Server: nginx/1.12.0
Date: Wed, 17 May 2017 14:27:30 GMT
Content-Type: text/html
Content-Length: 173
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.12.0</center>
</body>
</html>
Connection closed by foreign host.
[analyst@secOps ~]$

Rootkit Check (3.3.2.5)

A rootkit is a set of software tools designed to increase a user’s privileges, or grant access to portions of the software that should not normally be allowed. Rootkits are also often used to secure a backdoor to a compromised computer.

The installation of a rootkit can be automated (done as part of an infection) or an attacker can manually install it after compromising a computer. A rootkit is destructive because it changes kernel code and its modules, changing the most fundamental operations of the OS itself. With such a deep level of compromise, rootkits can hide the intrusion, remove any installation tracks, and even tamper with troubleshooting and diagnostics tools so that their output now hides the presence of the rootkit. While a few Linux vulnerabilities through history have allowed rootkit installation via regular user accounts, the vast majority of rootkit compromises require root or administrator access.

Because the very nature of the computer is compromised, rootkit detection can be very difficult. Typical detection methods often include booting the computer from trusted media such as a diagnostics operating system live CD. The compromised drive is mounted and, from the trusted system toolset, trusted diagnostic tools can be launched to inspect the compromised file system. Inspection methods include behavioral-based methods, signature scanning, difference scanning, and memory dump analysis.

Rootkit removal can be complicated and often impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system is usually the only real solution to the problem. Firmware rootkits usually require hardware replacement.

chkrootkit is a popular Linux-based program designed to check the computer for known rootkits. It is a shell script that uses common Linux tools such as strings and grep to compare the signatures of core programs. It also looks for discrepancies as it traverses the /proc file system comparing the signatures found there with the output of the ps command For more information about chkrootkit, visit the following website:

http://www.chkrootkit.org/

While helpful, keep in mind that programs to check for rootkits are not 100% reliable.

Example 3-12 shows the output of chkrootkit on Ubuntu Linux.

Example 3-12 Output of the chkrootkit Command

analyst@cuckoo:~$ sudo ./chkrootkit
[sudo] password for analyst:
ROOTDIR is `/’
Checking `amd’... not found
Checking `basename’... not infected
Checking `biff’... not found
Checking `chfn’... not infected
Checking `chsh’... not infected
Checking `cron’... not infected
Checking `crontab’... not infected
Checking `date’... not infected
Checking `du’... not infected
Checking `dirname’... not infected
Checking `echo’... not infected
Checking `egrep’... not infected
Checking `env’... not infected
Checking `find’... not infected
Checking `fingerd’... not found
Checking `gpm’... not found
Checking `grep’... not infected
Checking `hdparm’... not infected
Checking `su’... not infected
Checking `ifconfig’... not infected
Checking `inetd’... not tested
Checking `inetdconf’... not found
Checking `identd’... not found
Checking `init’... not infected
Checking `killall’... not infected
Checking `ldsopreload’... not infected
Checking `login’... not infected
Checking `ls’... not infected
Checking `lsof’... not infected
Checking `mail’... not found
Checking `mingetty’... not found
Checking `netstat’... not infected
Checking `named’... not found
Checking `passwd’... not infected
Checking `pidof’... not infected
Checking `pop2’... not found
Checking `pop3’... not found
Checking `ps’... not infected
Checking `pstree’... not infected
Checking `rpcinfo’... not found
Checking `rlogind’... not found
Checking `rshd’... not found
Checking `slogin’... not infected
Checking `sendmail’... not found
Checking `sshd’... not infected
Checking `syslogd’... not tested
Checking `tar’... not infected
Checking `tcpd’... not infected
Checking `tcpdump’... not infected
Checking `top’... not infected
Checking `telnetd’... not found
Checking `timed’... not found
Checking `traceroute’... not found
Checking `vdir’... not infected
Checking `w’... not infected
Checking `write’... not infected
Checking `aliens’... no suspect files
Searching for sniffer’s logs, it may take a while... nothing found
Searching for HiDrootkit’s default dir... nothing found
Searching for t0rn’s default files and dirs... nothing found
Searching for t0rn’s v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA’s default files and dir... nothing found
Searching for RH-Sharpe’s default files... nothing found
Searching for Ambient’s rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/debug/.build-id /lib/modules/4.8.0-36-generic/vdso/.build-id /lib/
  modules/4.8.0-52-generic/vdso/.build-id /lib/modules/4.8.0-49-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.8.0-36-generic/vdso/.build-id /lib/
  modules/4.8.0-52-generic/vdso/.build-id /lib/modules/4.8.0-49-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... not tested
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for Mumblehard Linux ... nothing found
Searching for Backdoor.Linux.Mokes.a ... nothing found
Searching for Malicious TinyDNS ... nothing found
Searching for Linux.Xor.DDoS ... nothing found
Searching for Linux.Proxy.1.0 ... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp’... not infected
Checking `bindshell’... not infected
Checking `lkm’... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs’... not found
Checking `sniffer’... enp0s3: PF_PACKET(/sbin/dhclient)
virbr0: not promisc and no PF_PACKET sockets
Checking `w55808’... not infected
Checking `wted’... chkwtmp: nothing deleted
Checking `scalper’... not infected
Checking `slapper’... not infected
Checking `z2’... user analyst deleted or never logged from lastlog!
Checking `chkutmp’...  The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID          PID TTY    CMD
! analyst      2597 pts/5  bash
! root         3733 pts/5  sudo ./chkrootkit
! root         3734 pts/5  /bin/sh ./chkrootkit
! root         4748 pts/5  ./chkutmp
! root         4749 pts/5  sh -c ps ax -o "tty,pid,ruser,args"
! root         4750 pts/5  ps ax -o tty,pid,ruser,args
chkutmp: nothing deleted
Checking `OSX_RSPLUG’... not tested
analyst@cuckoo:~$

Piping Commands (3.3.2.6)

Although command line tools are usually designed to perform a specific, well-defined task, many commands can be combined to perform more complex tasks by a technique known as piping. Named after its defining character, the pipe (|), piping consists of chaining commands together, feeding the output of one command into the input of another.

For example, the ls command is used to display all the files and directories of a given directory. The grep command compares searches through a file or text looking for the specified string. If found, grep displays the entire contents of the folder where the string was found. The two commands, ls and grep, can be piped together to filter out the output of ls, as shown in Example 3-13 with the ls -l | grep nimda command.

Example 3-13 Output of the grep Command

[analyst@secOps ~]$ ls -l lab.support.files
total 584
-rw-r--r-- 1 analyst analyst    649 Jun 28  2017 apache_in_epoch.log
-rw-r--r-- 1 analyst analyst    126 Jun 28  2017 applicationX_in_epoch.log
drwxr-xr-x 4 analyst analyst   4096 Aug 24 12:36 attack_scripts
-rw-r--r-- 1 analyst analyst    102 Jul 20 09:37 confidential.txt
-rw-r--r-- 1 analyst analyst   2871 Dec 15  2016 cyops.mn
-rw-r--r-- 1 analyst analyst     75 May 24  2017 elk_services
-rw-r--r-- 1 analyst analyst    373 Feb 16  2017 h2_dropbear.banner
-rw-r--r-- 1 analyst analyst    147 Mar 21  2017 index.html
drwxr-xr-x 2 analyst analyst   4096 Aug 24 12:36 instructor
-rw-r--r-- 1 analyst analyst    255 May  2  2017 letter_to_grandma.txt
-rw-r--r-- 1 analyst analyst  24464 Feb  7  2017 logstash-tutorial.log
drwxr-xr-x 2 analyst analyst   4096 May 25  2017 malware
-rwxr-xr-x 1 analyst analyst    172 Jul 25 16:27 mininet_services
drwxr-xr-x 2 analyst analyst   4096 Feb 14  2017 openssl_lab
drwxr-xr-x 2 analyst analyst   4096 Aug 24 12:35 pcaps
drwxr-xr-x 7 analyst analyst   4096 Sep 20  2016 pox
-rw-r--r-- 1 analyst analyst 473363 Feb 16  2017 sample.img
-rw-r--r-- 1 analyst analyst     65 Feb 16  2017 sample.img_SHA256.sig
drwxr-xr-x 3 analyst analyst   4096 Aug 24 10:47 scripts
-rw-r--r-- 1 analyst analyst  25553 Feb 13  2017 SQL_Lab.pcap
[analyst@secOps ~]$ ls -l lab.support.files | grep ap
-rw-r--r-- 1 analyst analyst    649 Jun 28  2017 apache_in_epoch.log
-rw-r--r-- 1 analyst analyst    126 Jun 28  2017 applicationX_in_epoch.log
drwxr-xr-x 2 analyst analyst   4096 Aug 24 12:35 pcaps
-rw-r--r-- 1 analyst analyst  25553 Feb 13  2017 SQL_Lab.pcap
[analyst@secOps ~]$
7. Summary (3.4) | Next Section Previous Section

There are currently no related articles. Please check back later.