sysadmin di backtrack V
tulisan ini diambil dari zeestuff.wordpress.com
1. TOP
syntak :
#top
Commonly Used Hot Keys
The top command provides several useful hot keys:
| t | Displays summary information off and on. |
| m | Displays memory information off and on. |
| A | Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system. |
| f | Enters an interactive configuration screen for top. Helpful for setting up top for a specific task. |
| o | Enables you to interactively select the ordering within top. |
| r | Issues renice command. |
| k | Issues kill command. |
| z | Turn on or off color/mono |
Commonly Used Hot Keys
The top command provides several useful hot keys:
| HOT KEY | USAGE |
|---|---|
| t | Displays summary information off and on. |
| m | Displays memory information off and on. |
| A | Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system. |
| f | Enters an interactive configuration screen for top. Helpful for setting up top for a specific task. |
| o | Enables you to interactively select the ordering within top. |
| r | Issues renice command. |
| k | Issues kill command. |
| z | Turn on or off color/mono |
2: vmstat – System Activity, Hardware and System Information
sesuai dengan judulnya vmstat di gunakan untuk melihat aktivitas hardware pada sistem .
syntak :
# vmstat 3
beberapa usage options
Display Memory Utilization Slabinfo
# vmstat -m
# vmstat -m
Get Information About Active / Inactive Memory Pages
# vmstat -a
# vmstat -a
3.Melihat user-user yang lagi online dan apa yang mereka lakukan …
syntak :
#w
#w [nama user]
#w [nama user]
root@zee-IBTeam:~# w root
01:51:25 up 2:18, 2 users, load average: 0.08, 0.19, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 – 23:33 2:17m 23:07 0.00s /bin/bash /usr/bin/startx
root pts/1 :0.0 01:18 0.00s 0.05s 0.01s w root
01:51:25 up 2:18, 2 users, load average: 0.08, 0.19, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 – 23:33 2:17m 23:07 0.00s /bin/bash /usr/bin/startx
root pts/1 :0.0 01:18 0.00s 0.05s 0.01s w root
4. Melihat Durasi up-time server
melihat durasi berapa lama server atau pc kita up/on …
syntax :
#uptime
root@zee-IBTeam:~# uptime
01:53:44 up 2:21, 2 users, load average: 0.04, 0.14, 0.19
01:53:44 up 2:21, 2 users, load average: 0.04, 0.14, 0.19
dapat dilihat perintah ini juga menunjukan adanya 2 user …
5. Perintah untuk melihat proses yang berjalan
syntax :
#ps
root@zee-IBTeam:~# ps
PID TTY TIME CMD
3752 pts/1 00:00:00 bash
4594 pts/1 00:00:00 ps
PID TTY TIME CMD
3752 pts/1 00:00:00 bash
4594 pts/1 00:00:00 ps
Jika kita hendak melihat seluruh proses yang sedang berjalan , maka kita bisa menggunakan opsi A ..
Untuk melihat format yang panjang
# ps -Al
root@zee-IBTeam:~# ps -al
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1306 1279 0 80 0 – 1190 wait tty1 00:00:00 bash
0 S 0 1324 1306 0 80 0 – 1071 wait tty1 00:00:00 startx
4 S 0 1341 1324 0 80 0 – 777 wait tty1 00:00:00 xinit
4 S 0 1347 1341 0 80 0 – 898 wait tty1 00:00:00 ck-launch-sessi
0 S 0 1458 1347 0 80 0 – 6501 poll_s tty1 00:00:00 x-session-manag
1 S 0 1461 1 0 80 0 – 858 poll_s tty1 00:00:00 dbus-launch
5 S 0 1475 1 0 80 0 – 5997 poll_s tty1 00:00:00 gnome-keyring-d
0 S 0 1482 1458 0 80 0 – 5316 poll_s tty1 00:00:05 metacity
0 S 0 1489 1458 0 80 0 – 11465 poll_s tty1 00:00:09 gnome-terminal
4 S 0 1490 1458 0 80 0 – 16292 poll_s tty1 00:00:00 pidgin
0 S 0 1491 1458 0 80 0 – 11588 poll_s tty1 00:00:09 gnome-panel
0 S 0 1493 1458 0 80 0 – 22042 poll_s tty1 00:00:22 nautilus
0 S 0 1496 1458 0 80 0 – 5331 poll_s tty1 00:00:00 gnome-power-man
0 S 0 1497 1458 0 80 0 – 4658 poll_s tty1 00:00:00 polkit-gnome-au
4 S 0 1541 1489 0 80 0 – 509 unix_s tty1 00:00:00 gnome-pty-helpe
4 S 0 1671 1 13 80 0 – 123659 poll_s tty1 00:19:55 firefox-bin
4 S 0 1723 1671 2 80 0 – 38192 poll_s tty1 00:03:50 plugin-containe
4 R 0 4780 3752 0 80 0 – 638 – pts/1 00:00:00 ps
root@zee-IBTeam:~#
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1306 1279 0 80 0 – 1190 wait tty1 00:00:00 bash
0 S 0 1324 1306 0 80 0 – 1071 wait tty1 00:00:00 startx
4 S 0 1341 1324 0 80 0 – 777 wait tty1 00:00:00 xinit
4 S 0 1347 1341 0 80 0 – 898 wait tty1 00:00:00 ck-launch-sessi
0 S 0 1458 1347 0 80 0 – 6501 poll_s tty1 00:00:00 x-session-manag
1 S 0 1461 1 0 80 0 – 858 poll_s tty1 00:00:00 dbus-launch
5 S 0 1475 1 0 80 0 – 5997 poll_s tty1 00:00:00 gnome-keyring-d
0 S 0 1482 1458 0 80 0 – 5316 poll_s tty1 00:00:05 metacity
0 S 0 1489 1458 0 80 0 – 11465 poll_s tty1 00:00:09 gnome-terminal
4 S 0 1490 1458 0 80 0 – 16292 poll_s tty1 00:00:00 pidgin
0 S 0 1491 1458 0 80 0 – 11588 poll_s tty1 00:00:09 gnome-panel
0 S 0 1493 1458 0 80 0 – 22042 poll_s tty1 00:00:22 nautilus
0 S 0 1496 1458 0 80 0 – 5331 poll_s tty1 00:00:00 gnome-power-man
0 S 0 1497 1458 0 80 0 – 4658 poll_s tty1 00:00:00 polkit-gnome-au
4 S 0 1541 1489 0 80 0 – 509 unix_s tty1 00:00:00 gnome-pty-helpe
4 S 0 1671 1 13 80 0 – 123659 poll_s tty1 00:19:55 firefox-bin
4 S 0 1723 1671 2 80 0 – 38192 poll_s tty1 00:03:50 plugin-containe
4 R 0 4780 3752 0 80 0 – 638 – pts/1 00:00:00 ps
root@zee-IBTeam:~#
Untuk mengaktifkan extra full mode
# ps -AlF
0 S root 823 1 0 80 0 – 460 n_tty_ 336 1 Jul05 tty6 00:00:00 /sbin/getty -8 38400 tty6
1 S root 845 1 0 80 0 – 606 hrtime 600 1 Jul05 ? 00:00:00 cron
1 S daemon 846 1 0 80 0 – 574 hrtime 132 0 Jul05 ? 00:00:00 atd
0 S postgres 998 1 0 80 0 – 11275 poll_s 1360 1 Jul05 ? 00:00:01 /usr/lib/postgresql/8.4/bin/postgres -D /var/lib/postgresql/8.4/main -c
1 S root 1012 1 0 80 0 – 571 poll_s 72 1 Jul05 ? 00:00:00 dhclient3 -e IF_METRIC=100 -pf /var/run/dhclient.eth0.pid -lf /var/lib/d
1 S postgres 1074 998 0 80 0 – 11275 poll_s 232 0 Jul05 ? 00:00:01 postgres: writer process
1 S postgres 1075 998 0 80 0 – 11275 poll_s 312 1 Jul05 ? 00:00:01 postgres: wal writer process
1 S postgres 1076 998 0 80 0 – 11309 poll_s 636 0 Jul05 ? 00:00:00 postgres: autovacuum launcher process
1 S postgres 1077 998 0 80 0 – 3317 poll_s 416 0 Jul05 ? 00:00:00 postgres: stats collector process
5 S root 1100 1 0 80 0 – 502 poll_s 360 1 Jul05 ? 00:00:00 /usr/sbin/inetd
5 S root 1115 1 0 80 0 – 5533 poll_s 3260 0 Jul05 ? 00:00:07 /usr/bin/python -O /usr/share/wicd/daemon/wicd-daemon.py
0 S root 1136 1115 0 80 0 – 3229 poll_s 2648 0 Jul05 ? 00:00:03 /usr/bin/python -O /usr/share/wicd/daemon/monitor.py
1 S root 1137 1 0 80 0 – 1810 wait 76 1 Jul05 ? 00:00:00 /usr/sbin/squid3 -D -YC -f /etc/squid3/squid.conf
4 S proxy 1139 1137 0 80 0 – 9305 epoll_ 3332 1 Jul05 ? 00:00:43 (squid) -D -YC -f /etc/squid3/squid.conf
4 S proxy 1147 1139 0 80 0 – 1103 unix_s 980 1 Jul05 ? 00:00:00 /usr/bin/perl /pentest/zee/squidscripts/replaceImages.pl
1 S root 845 1 0 80 0 – 606 hrtime 600 1 Jul05 ? 00:00:00 cron
1 S daemon 846 1 0 80 0 – 574 hrtime 132 0 Jul05 ? 00:00:00 atd
0 S postgres 998 1 0 80 0 – 11275 poll_s 1360 1 Jul05 ? 00:00:01 /usr/lib/postgresql/8.4/bin/postgres -D /var/lib/postgresql/8.4/main -c
1 S root 1012 1 0 80 0 – 571 poll_s 72 1 Jul05 ? 00:00:00 dhclient3 -e IF_METRIC=100 -pf /var/run/dhclient.eth0.pid -lf /var/lib/d
1 S postgres 1074 998 0 80 0 – 11275 poll_s 232 0 Jul05 ? 00:00:01 postgres: writer process
1 S postgres 1075 998 0 80 0 – 11275 poll_s 312 1 Jul05 ? 00:00:01 postgres: wal writer process
1 S postgres 1076 998 0 80 0 – 11309 poll_s 636 0 Jul05 ? 00:00:00 postgres: autovacuum launcher process
1 S postgres 1077 998 0 80 0 – 3317 poll_s 416 0 Jul05 ? 00:00:00 postgres: stats collector process
5 S root 1100 1 0 80 0 – 502 poll_s 360 1 Jul05 ? 00:00:00 /usr/sbin/inetd
5 S root 1115 1 0 80 0 – 5533 poll_s 3260 0 Jul05 ? 00:00:07 /usr/bin/python -O /usr/share/wicd/daemon/wicd-daemon.py
0 S root 1136 1115 0 80 0 – 3229 poll_s 2648 0 Jul05 ? 00:00:03 /usr/bin/python -O /usr/share/wicd/daemon/monitor.py
1 S root 1137 1 0 80 0 – 1810 wait 76 1 Jul05 ? 00:00:00 /usr/sbin/squid3 -D -YC -f /etc/squid3/squid.conf
4 S proxy 1139 1137 0 80 0 – 9305 epoll_ 3332 1 Jul05 ? 00:00:43 (squid) -D -YC -f /etc/squid3/squid.conf
4 S proxy 1147 1139 0 80 0 – 1103 unix_s 980 1 Jul05 ? 00:00:00 /usr/bin/perl /pentest/zee/squidscripts/replaceImages.pl
Untuk pilihan-pilihan yang lain
# ps -AlFH [ untuk LWP and NLWP ]
# ps -AlLm [ untuk melihat thread sesudah thread ]
# ps ax # ps axu [ untuk melihat seluruh proses server ]
# ps -AlLm [ untuk melihat thread sesudah thread ]
# ps ax # ps axu [ untuk melihat seluruh proses server ]
Print A Process Tree
# ps -ejH
# ps axjf
# pstree
# ps axjf
# pstree
menampilkan Security Information
# ps -eo euser,ruser,suser,fuser,f,comm,label
# ps axZ
# ps -eM
# ps axZ
# ps -eM
Untuk melihat semua proses dengan user zee
# ps -U zee -u zee u
Set Output dalam format User-Defined
# ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm
# ps -eopid,tt,user,fname,tmout,f,wchan
# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm
# ps -eopid,tt,user,fname,tmout,f,wchan
Menampilkan proses Lighttpd dengan user tertentu
# ps -C lighttpd -o pid=
OR
# pgrep lighttpd
OR
# pgrep -u zee php-cgi
OR
# pgrep lighttpd
OR
# pgrep -u zee php-cgi
menampilkan PID tertentu 55977
# ps -p 55977 -o comm=
Melihat 10 proses yang paling menggunakan memori
# ps -auxf | sort -nr -k 4 | head -10
# ps -auxf | sort -nr -k 3 | head -10
# ps -auxf | sort -nr -k 3 | head -10
6. Melihat Memory yang masih free alias gk kepake
syntak :
#free
root@zee-IBTeam:~# free
total used free shared buffers cached
Mem: 498928 491452 7476 0 7432 141616
-/+ buffers/cache: 342404 156524
Swap: 1458172 133116 1325056
total used free shared buffers cached
Mem: 498928 491452 7476 0 7432 141616
-/+ buffers/cache: 342404 156524
Swap: 1458172 133116 1325056
7. iostat – Average CPU Load dan Disk Activity
Melihat aktivitas CPU dan disk. Pada backtrack secara default belum memiliki tools ini.. maka kita harus mengisntalnya terlebih dahulu
root@zee-IBTeam:~# apt-get install sysstat
setelah itu coba jalankan iostat nya..
root@zee-IBTeam:~# iostat
Linux 2.6.38 (zee-IBTeam) 07/06/2011 _i686_ (2 CPU)
Linux 2.6.38 (zee-IBTeam) 07/06/2011 _i686_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
7.42 0.00 1.89 2.70 0.00 87.98
7.42 0.00 1.89 2.70 0.00 87.98
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
sda 8.76 215.04 170.25 2350062 1860552
sdb 0.03 0.47 0.00 5173 3
sdc 0.12 10.83 0.00 118322 15
sda 8.76 215.04 170.25 2350062 1860552
sdb 0.03 0.47 0.00 5173 3
sdc 0.12 10.83 0.00 118322 15
8. Multiprosessor monitoring
root@zee-IBTeam:~# mpstat -P ALL
Linux 2.6.38 (zee-IBTeam) 07/06/2011 _i686_ (2 CPU)
Linux 2.6.38 (zee-IBTeam) 07/06/2011 _i686_ (2 CPU)
02:39:54 AM CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle
02:39:54 AM all 7.48 0.00 1.98 2.73 0.01 0.04 0.00 0.00 87.77
02:39:54 AM 0 7.40 0.00 2.08 4.08 0.01 0.05 0.00 0.00 86.37
02:39:54 AM 1 7.55 0.00 1.88 1.37 0.00 0.02 0.00 0.00 89.17
02:39:54 AM all 7.48 0.00 1.98 2.73 0.01 0.04 0.00 0.00 87.77
02:39:54 AM 0 7.40 0.00 2.08 4.08 0.01 0.05 0.00 0.00 86.37
02:39:54 AM 1 7.55 0.00 1.88 1.37 0.00 0.02 0.00 0.00 89.17
9. pmap
pmap akan melaporkan tentang map memori pada suatu proses yang berjalan.
syntax :
# pmap [pid]
nah kita bisa mendapatkan pid dengan perintah ps aux
root@zee-IBTeam:~# pmap -d 5182
5182: [kworker/1:2]
Address Kbytes Mode Offset Device Mapping
mapped: 0K writeable/private: 0K shared: 0K
5182: [kworker/1:2]
Address Kbytes Mode Offset Device Mapping
mapped: 0K writeable/private: 0K shared: 0K
10. netstat and ss – Network Statistics
Kalo urusan memonitoring jaringan network pada backtrack V , maka netstat dan ss merupakan favorite ane 
root@zee-IBTeam:~# ss
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.7:37084 74.125.235.23:https
SYN-SENT 0 1 192.168.1.7:48791 74.200.243.251:https
ESTAB 0 0 192.168.1.7:39879 74.125.235.23:https
root@zee-IBTeam:~#
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.7:37084 74.125.235.23:https
SYN-SENT 0 1 192.168.1.7:48791 74.200.243.251:https
ESTAB 0 0 192.168.1.7:39879 74.125.235.23:https
root@zee-IBTeam:~#
root@zee-IBTeam:~# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.7:37084 74.125.235.23:https ESTABLISHED
tcp 0 0 192.168.1.7:48787 wordpress.com:https TIME_WAIT
tcp 0 0 192.168.1.7:50073 nx-in-f139.1e100.ne:www TIME_WAIT
tcp 0 0 192.168.1.7:39879 74.125.235.23:https ESTABLISHED
udp6 0 0 localhost:46396 localhost:46396 ESTABLISHED
udp6 0 0 localhost:55467 localhost:55467 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 5398 /dev/log
unix 2 [ ] DGRAM 3721 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 58817 @/org/freedesktop/hal/udev_event
unix 3 [ ] STREAM CONNECTED 57805 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 58931
unix 3 [ ] STREAM CONNECTED 58930 @/var/run/hald/dbus-AZ5UeT59rV
unix 3 [ ] STREAM CONNECTED 57800
unix 3 [ ] STREAM CONNECTED 58929 @/var/run/hald/dbus-AZ5UeT59rV
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.7:37084 74.125.235.23:https ESTABLISHED
tcp 0 0 192.168.1.7:48787 wordpress.com:https TIME_WAIT
tcp 0 0 192.168.1.7:50073 nx-in-f139.1e100.ne:www TIME_WAIT
tcp 0 0 192.168.1.7:39879 74.125.235.23:https ESTABLISHED
udp6 0 0 localhost:46396 localhost:46396 ESTABLISHED
udp6 0 0 localhost:55467 localhost:55467 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 5398 /dev/log
unix 2 [ ] DGRAM 3721 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 58817 @/org/freedesktop/hal/udev_event
unix 3 [ ] STREAM CONNECTED 57805 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 58931
unix 3 [ ] STREAM CONNECTED 58930 @/var/run/hald/dbus-AZ5UeT59rV
unix 3 [ ] STREAM CONNECTED 57800
unix 3 [ ] STREAM CONNECTED 58929 @/var/run/hald/dbus-AZ5UeT59rV
11. iptraf
Dengan tools ini kita dapat memonitoring aktifitas pada LAN dengan fitur aktivitas LAN yang beragam seperti TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors.
Namun sangat di sayangkan pada backtrack V tools ini tidak terinstall pada default .. but dont worried kita bisa mengisntalnya kok ..
#apt-get install iptraf
syntax
# iptraf
12. tcpdump – Detailed Network Traffic Analysis
tcpdump memungkinkan kita untuk melihat traffic analysis dengan berbagai opsi ,..ok ayo kita bahas beberapa opsi tersebut
Untuk melihat info DNS traffic
root@zee-IBTeam:~# tcpdump -i eth0 ‘udp port 53′
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:03:25.075473 IP 192.168.1.7.54466 > google-public-dns-a.google.com.domain: 45835+ A? zeestuff.wordpress.com. (40)
03:03:25.201580 IP 192.168.1.7.50770 > google-public-dns-b.google.com.domain: 20304+ A? mail.google.com. (33)
^C
29 packets captured
32 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
03:03:25.075473 IP 192.168.1.7.54466 > google-public-dns-a.google.com.domain: 45835+ A? zeestuff.wordpress.com. (40)
03:03:25.201580 IP 192.168.1.7.50770 > google-public-dns-b.google.com.domain: 20304+ A? mail.google.com. (33)
^C
29 packets captured
32 packets received by filter
0 packets dropped by kernel
Nah klo kita mau melihat informasi mengenai semua IPv4 HTTP packets yang keluar masuk pada port 80, i.e.
root@zee-IBTeam:~# tcpdump ‘tcp port 80 and (((ip[2:2] – ((ip[0]&0xf)<>2)) != 0)’
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Untuk melihat FTP session pada IP address tertentu bisa menggunakan syntax
# tcpdump -i eth1 ‘dst x.x.x.x and (port 21 or 20′
Nah klo mau melihat semua HTTP session pada ip address tertentu
# tcpdump -ni eth0 ‘dst x.x.x.x and tcp and port http’
atau bisa dengan
root@zee-IBTeam:~# tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13. /Proc file system – Various Kernel Statistics
Gunakan perintah CAT untuk melihat data yang tersimpan di bawah directory /proc
file – file yang dapat kita lihat adalah sebagai berikut..
file – file yang dapat kita lihat adalah sebagai berikut..
# cat /proc/cpuinfo
# cat /proc/meminfo
# cat /proc/zoneinfo
# cat /proc/mounts
# cat /proc/meminfo
# cat /proc/zoneinfo
# cat /proc/mounts
tolong teman-teman untuk mengetesnya sendiri2 saja ya.. soalnya ini udah kepanjangan kwkwkw
ok mungkin itu dulu ya. semoga postingan saya kali ini berguna bagi teman2 sekalian .. viva backtrackers…
Tidak ada komentar:
Posting Komentar