Cat
(→Related link) |
m (Reverted edits by DavidYoung (talk) to last revision by Jimbo) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | Found in /bin/cat, when [[ | + | Found in /bin/cat, when [[cat]] is given a file as an argument, it will print out the file contents to your console, or it can be [[redirected]] to another file or process. |
− | + | ||
− | + | ||
samizdata# '''cat /etc/fstab''' | samizdata# '''cat /etc/fstab''' | ||
# Device Mountpoint FStype Options Dump Pass# | # Device Mountpoint FStype Options Dump Pass# | ||
/dev/da0b none swap sw 0 0 | /dev/da0b none swap sw 0 0 | ||
− | /dev/da1b | + | /dev/da1b none swap sw 0 0 |
− | + | ||
− | + | ||
/dev/da0a / ufs rw 1 1 | /dev/da0a / ufs rw 1 1 | ||
/dev/da0d /tmp ufs rw 2 2 | /dev/da0d /tmp ufs rw 2 2 | ||
Line 21: | Line 17: | ||
Oct 19 20:47:49 ph34r sshd[35558]: Illegal user alan from 218.38.28.136 | Oct 19 20:47:49 ph34r sshd[35558]: Illegal user alan from 218.38.28.136 | ||
Oct 19 20:47:52 ph34r sshd[35560]: Illegal user frank from 218.38.28.136 | Oct 19 20:47:52 ph34r sshd[35560]: Illegal user frank from 218.38.28.136 | ||
− | Oct 19 20:47:54 ph34r sshd[35562]: | + | Oct 19 20:47:54 ph34r sshd[35562]: Illegal user george from 218.38.28.136 |
− | + | ||
− | + | ||
Oct 19 20:47:56 ph34r sshd[35564]: Illegal user henry from 218.38.28.136 | Oct 19 20:47:56 ph34r sshd[35564]: Illegal user henry from 218.38.28.136 | ||
Oct 19 20:47:59 ph34r sshd[35566]: Illegal user john from 218.38.28.136 | Oct 19 20:47:59 ph34r sshd[35566]: Illegal user john from 218.38.28.136 |
Latest revision as of 17:20, 25 August 2012
Found in /bin/cat, when cat is given a file as an argument, it will print out the file contents to your console, or it can be redirected to another file or process.
samizdata# cat /etc/fstab # Device Mountpoint FStype Options Dump Pass# /dev/da0b none swap sw 0 0 /dev/da1b none swap sw 0 0 /dev/da0a / ufs rw 1 1 /dev/da0d /tmp ufs rw 2 2 /dev/da1e /usr ufs rw 2 2 /dev/da1d /var ufs rw 2 2 /dev/cd0 /cdrom cd9660 ro,noauto 0 0
Related commands are zcat (aka gzcat) and bzcat, for use with gzipped and bzipped archives, respectively. Very useful for easily reading rotated, compressed logfiles - for example, let's say I'm tracking down some jackass that keeps trying to find a way into my server, and I want to look at one of the older sections of my auth log:
ph34r# bzcat auth.log.0.bz2 | grep Illegal Oct 19 20:47:47 ph34r sshd[35556]: Illegal user adam from 218.38.28.136 Oct 19 20:47:49 ph34r sshd[35558]: Illegal user alan from 218.38.28.136 Oct 19 20:47:52 ph34r sshd[35560]: Illegal user frank from 218.38.28.136 Oct 19 20:47:54 ph34r sshd[35562]: Illegal user george from 218.38.28.136 Oct 19 20:47:56 ph34r sshd[35564]: Illegal user henry from 218.38.28.136 Oct 19 20:47:59 ph34r sshd[35566]: Illegal user john from 218.38.28.136 Oct 19 20:48:14 ph34r sshd[35578]: Illegal user test from 218.38.28.136
Without having to muck around with multiple steps or temporary files or any of that business, I told my server to load up the bzip archive of the last section of my auth log, decompress it, and send the results to grep so that I'd only see the entries related to "Illegal" users. And voila - I can see that the idiot at the APNIC address 218.38.28.136 is trying a dictionary-style username attack on my server.