Security
See also: Firewalls, Permissions
Anti-Virus
clamscan
A free and open source anti-virus command line utility. Run “freshclam” to update the anti-virus database.
Usage |
Explanation |
|---|---|
-r |
recursively through folders |
-i |
only output infected files |
–move=<PATH> |
specify path to move infected files to |
Audit
Package: audit
For Audit to work properly, the service needs to be started.
$ sudo systemctl start auditctl
auditctl
Log verbose modifications and access to a file.
Usage |
Explanation |
|---|---|
-w |
watch a file |
-p arwx |
watch for appending, reading, writing and executing of the file |
ausearch
used after setting up auditctl on a file
Usage |
Explanation |
|---|---|
-f |
views log of a given file |
-t |
check for changes during a certain time |
Kerberos
kadmin (Command)
Package: krb5-workstation
Manage the Kerberos Distribution Center (KDC).
Usage |
Explanation |
|---|---|
-q |
run interactive commands |
kadmin (Interactive)
Usage |
Explanation |
|---|---|
? |
view the available commands |
addprinc <USER> |
create a new principal for a user |
addprinc host/<HOSTNAME> |
create a new principal to allow authentication from a server |
addprinc nfs/<HOSTNAME> |
create an NFS principal |
addprinc cifs/<HOSTNAME> |
create a CIFS/SMB principal |
addprinc ftp/<HOSTNAME> |
create a FTP principal |
ktadd host/<HOSTNAME> |
save the principal to the /etc/krb5.keytab file |
ktremove host/<HOSTNAME> |
remove the principal from the keytab file |
delprinc |
delete a principal |
listprincs |
list principals |
klist
View authentication information about Kerberos.
Usage |
Explanation |
|---|---|
show the current ticket validation status |
|
-k |
show the contents of the /etc/krb5.keytab file |
kdestroy
Revoke a user’s Kerberos ticket.
Usage |
Explanation |
|---|---|
write zeros to the cached ticket file to securely remove it |
Local System
Miscellaneous commands for managing security on local systems.
genkey
Package: crypto-keys
Generate SSL/TLS certificates.
Usage |
Explanation |
|---|---|
<DOMAIN_NAME> |
create a self-signed SSL |
gpg
Package: gnupg
Usage |
Explanation |
|---|---|
–output <NEW_FILE>.gpg –encrypt <FILE> |
encrypt a specified file, saving it as a new file |
–output <FILE> –decrypt <NEW_FILE>.gpg |
decrypt an encrypted file, saving it as a new file |
lastb
Package: util-linux
Usage |
Explanation |
|---|---|
shows last failed login attempts |
lastlog
Package: shadow-utils
Usage |
Explanation |
|---|---|
shows inform about the last logins |
sudo
Package: sudo
Allow non-root accounts to temporarily run privileged commands.
Usage |
Explanation |
|---|---|
-E |
keeps sudo enabled for the current shell session |