General :: End Goal - Administrator/security/investigator Specializing In Forensics?
Nov 19, 2010
newbie changing to Linux, but not comps.as I said in newbie forum, putting them together since mid 80's w/5150's. that said most exp is old dos command line and commodore 64 basic. our economy here in USA causes change for many of us. I am now reading CompTIA study guide for Linux+ certification by Robb H. Tracy, pro Linux administration by James Turnbull,Peter Lieverdink, and Dennis Matotek. I have downloaded and installed PcLinuxOs, Fedora, SuSe.(three separate disks) have Linux Mint, Ubuntu, on cd. I also have Helix, DEFT, FIRE, FCCU, and Live Forensics Toolkit for Windows. because of pending legislation in our state and current or pending in others, taking classes@community college for private investigator. end goal?: Linux Systems Administrator/security/private investigator specializing in forensics?as I learn I'll probably install a server version on 1 of my drives and ask some of you to use it to work with/hack me/give me help in general.
lets say I install Ubuntu 10.10 on my laptop. I check the box that says encrypt my home directory, and my password is a randomly generated 10 character password using uppercase and lowercase letters and numbers. The next day my laptop gets stolen or something. How hard would it be for someone to decrypt the home directory if that were the goal?
I'm often deep inside a directory tree, moving upwards and downwards to perform various tasks. Is there anything more efficient than going 'cd ../../../..'?I was thinking something along the lines of this: If I'm in /foo/bar/baz/qux/quux/corge/grault and want to go to /foo/bar/baz, I want to do something like 'cdto baz'. I can write some bash script for this, but I'd first like to know if it already exists in some form.
I'm on the horns of a dilemma. Someone of the local network deleted a directory from the public share and I want to find who did this. I have searched the smbd logs but no answer till now. How can I easily do it ? I know the date but the logs show nothing, I found that when I create a file/directory on that share samba logs this event. So, for deleted files/folders there must be some notes somewhere ... The thing is I don't really know for what word to grep.
I am looking for an application I used in 2001.It was a curses application that displayed devices or files in hexadecimal format, and allowed searching through them and other functionality.
Certain commands like: fdisk -l nmap -sT 192.168.0.1/24 iftop
require administrator privileges to run. A while ago i read a post(forgot where i read it) about being able to let a user run these commands in a script (that contains the desired command) created by the administrator/root without the user having to do a sudo and entering a password. Does anyone know how i can go about doing this?
I am only user on this ubuntu 10.10 install. I have admin rights but when I try to change some settings via Ubuntu tweak unlock or alter user and groups via advanced tab I never get the option to enter my password. I have added a new user 'tempuser' via safe mode and this user is administrator too but everything works fine from this user..
Results from $ grep admin /etc/group lpadmin:105:heath,tempuser admin:119:firstuser,tempuser,heath
Results from groups admin adm dialout fax cdrom floppy tape audio dip video plugdev fuse lpadmin sambashare I am thinking of making a fresh install if I cant sort this but would like to fix if possible.
I love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
I am trying to find Helix 1.8 distros which no sites currently have them but I am able to find them just can't download them. It appears to be "empty" on the server to which the Helix ISO distros is hosted at. I have tried many sites that I found has Helix 1.7, 1.8, and 3.0. 3.0 does not come with some features that 1.8 does, like Endeavour File Management, so that I can go to Forensics > Retriever. I currently have Helix3 Pro, which does not have, Forensics program > Retriever. Frankly, 1.8 does Endeavour File Management build in. So I am able to access Forensics > Retriever.
Is there anything that could betray the time the USB memory drive was last removed ? I can't find it and the time would help me pinpoint what happened to it.fstab file last access time or something like that ?
I finished my Bachelor's degree in Electronics and communication engineering in 2007. I finished RHCE in 12th July 2010. I don't have any work experience in the field of linux. Previously i had been working in knowledge processioning outsourcing which is completely not related to the field of linux. I have no experience in the field of linux. I have also finished CCNA in 2008. I have no experience to what I have studied. Can I get a job as a linux administrator? If I want to get a job what are the necessary things should i do?
I'm trying to take backup for my data for rhel, but I not able to take all backup. Could anybody help show me how I take incremental and full backups? What is the process?
I installed Linux Mint 9 a couple of days ago (from a live usb) and my 'Account type' was set as 'Custom'.
I had to change the 'Account type' to 'Administrator' so I could edit the 'Network Manager' configuration (the 'Apply' button in Network Manager was disabled until I changed to Administrator).
Is it ok to leave it as 'Administrator' or should I change it to 'Desktop user' until I need to change system settings again?
I have been trying to install the drivers for my Egalax Touch Screen. I keep getting the message that I do not have permission, and at the end it says "are you root?" I have searched topics on the internet, then remember Linux.
does any linux admins out there have any mailing lists that they subscribe to? I go to lots of sites for knowledge but i was trying to put together the double whammy and pull together a solid mailing list for linux admins as well.
I'm trying to install Skype on an Aspire One netbook, it shows the file in the downloads section but every time I click on it it asks for an administrator password. If I put this in the window closes and then comes up asking for it again a few seconds later, but if I put in the wrong password it gives me the option of changing it, but still won't allow me to run the programme
am using RHEL 5 ,i would like the system to send me an email for every time some one attempts to login to the server remotely. i have created the emailing script in perl and it works. but i want it to be triggered if someone tries to access the server. how can this be possible
Is there a way to crack the windows Administrator password in Linux (using the SAM file) WITHOUT resetting it?
Ok so Ive already got Ubuntu 10.10 on a usb bootstick. Chntpw is installed as well. What I'm wondering is are there any programs to crack as in decrypt the SAM file and show the password but not erase it? Most Linux programs Ive come across don't do this. They just reset the password.
I have install mysql on my fedora12. My different mysql server is located in us. I want to check health status and hits per seconds everything. Is it possible with mysql-administrator command.
now a these days i am connect through ssh and excuting below command
#mytop mysql -u root -p <passwd>
In my mysql db i have added the userip & passwd (allowed the privileages for that ip)
If i use mysql-administrator i am getting below error
MySQL Error Nr. 2003 Can't connect to MySQL server on '66.98.152.64' (111)
I am using VMware to install RHEL 5.0 through an .ISO image in my lappy, bcoz my DVD-ROM is not working.While installation it didn't ask anything except user-name and password and it got installed correctly.But the problem is that, when I open a terminal it always opens in USER mode ($- prompt) and working directory shows(/home/user).how can I use the administrator(/root) ---> # -prompt.
I was wondering if there was an option like what windows has, where, while in explorer, you can right-click a file, choose "Run as Administrator...", enter your password in the dialog box, and open the program with admin privileges. Is there a script out there for linux to do this? If so, where is it, and how can i install it?
I have created a Joomla! website on a subdomin that I host. The site has a mangement section URL... and I am trying to secure the administrator section only using SSL/https.So far I created the self-signed certificate and installed mod_ssl. I have added a *:443 virtual hosts in my httpd conf .This is really confusing me because the page exists, it works for http and https is just another protocol. Its almost like ssl does not have permission to access those files... Is there something im missing in ssl.conf or http.conf?I am not entirely sure I am going about this the right way.
I had a quick search through the joomla forums and found lots of errors, but not really any instructions. I have done some google searches and there seems to be about 10 different ways to skin the cat.