Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: What command or script to capture a system snapshot?
Special Forums Cybersecurity What command or script to capture a system snapshot? Post 302272079 by SecureMe on Monday 29th of December 2008 04:10:12 PM
Old 12-29-2008
Question What command or script to capture a system snapshot?
Some background on what I am trying to accomplish - Accreditation/Certification for DoD (Unix/Linux) system: I am trying to improve the process for capturing key system information in preparation for performing a formal security review of a Unix or Linux system. This is in addition to the SRR scripts (from IASE) against said system. In other words, I need to capture system name, OS version, running services, Ethernet connections and their settings, etc..etc.. After all the data is captured, it will be brought back to the lab (along with the SRR script results) for formal review on security evaluation. The information captured (or snapshot) will assist in putting together the report and aid in answering all the questions and hopefully prevent an extra trip of returning to the system (in question) and running more commands because something pertinent wasn't captured the first time.
Please help me brainstorm (or simply identify) the commands, scripts, or series of commands I need to run in order to capture all the needed data on a Unix system.
Thank you in advance!
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Trouble with tee command to capture script outputs

function GetInput { print -n "Input" read input export INPUT=$input } export COMMAND="GetInput" $COMMAND echo "$INPUT" $COMMAND | tee -a Log.log echo "$INPUT" The first one without "tee" works fine. echo "$INPUT" displays the values I type in for input. The second... (5 Replies)
Discussion started by: muthubharadwaj
5 Replies

2. Shell Programming and Scripting

[Perl] Capture system call error message.

Hi, I googled a bit, but could not find the answer to my problem. But I am sure it is a common issue. I have this code: #!/bin/perl -w #-d use strict; sub remsh_test() { my $host = $_; printf "\n----\n\n"; printf "remsh to $host with system call\n"; my $result = system... (3 Replies)
Discussion started by: ejdv
3 Replies

3. Solaris

fssnap error :snapshot error: File system could not be write locked

Hi Guys. This is part of my filesystem structure : Filesystem size used avail capacity Mounted on /dev/md/dsk/d0 47G 5.2G 42G 12% / /devices 0K 0K 0K 0% /devices ctfs 0K 0K 0K 0% ... (2 Replies)
Discussion started by: aggadtech08
2 Replies

4. Shell Programming and Scripting

How to call the System command twice in the same perl script...

Hello experts, I have a perl script which looks for the ARGV and then loads the data as per it. Example. #Checking the server to connect if ($ARGV eq 'QA') { $ENV{"ORACLE_HOME"} = "/oracle/product/11.2.0"; $ENV{"PATH"} = "$ENV{'PATH'}:/oracle/product/11.2.0/bin"; ... (1 Reply)
Discussion started by: msrahman
1 Replies

5. Shell Programming and Scripting

Capture IP and command type in linux script

hi guys, is there any way to capture the ip address of users who log-in to linux then capture the command executed together with the time and date? example output 192.1.1.1 : ls -ltr Aug 6 16:38:40thanks in advance. (2 Replies)
Discussion started by: d3xt3r
2 Replies

6. Shell Programming and Scripting

How to write bash script for lvm snapshot?

Hi Team I am trying to put together a nice small script to mount my lvm snapshot Here are my objectives 1 Check whether snapshot is currently mounted. If so echo umount snapshot and exit from the script. 2 If it's not mounting, check whether the mount point exist, If so, create lvm... (0 Replies)
Discussion started by: fugeulu
0 Replies

7. Shell Programming and Scripting

How to capture system() function output in variable

How to capture system() function output in awk variable and the print that awk variable..... (8 Replies)
Discussion started by: bharat1211
8 Replies

8. Ubuntu

Create a CD with snapshot of the system after install and configuration

Hello folks, I pretend install Lubuntu 16.04 LTS in pc for any employer use this pc! I think create an user with, only, permission to read and write, 770. This is the best scenario? I think create this user through terminal, because I pretend create a script, and I don't where wizard has... (0 Replies)
Discussion started by: enodev
0 Replies

9. Shell Programming and Scripting

Capture std out snapshot after 15 seconds

I have a program that scans and updates its results to std out every second. I would like to capture its output for further processing, but there is a catch. I would like to capture a snapshot after about 15 seconds as the results become more accurate and close the program. Obviously I can simply... (4 Replies)
Discussion started by: Riker1204
4 Replies

10. Shell Programming and Scripting

Need command to capture word from shell script and send email

Hello Experts, Greeting to all of you. I have a requirement, that we have a shell script status.sh that check the status of server and server status shows as status.sh Enterprise Server - Running Admin Server - Shutdown Requirement is like whenever the output shows shutdown it should... (2 Replies)
Discussion started by: aks_1902
2 Replies

LEARN ABOUT NETBSD

pcap-savefile

PCAP-SAVEFILE(5)						File Formats Manual						  PCAP-SAVEFILE(5)

NAME

       pcap-savefile - libpcap savefile format

DESCRIPTION

       NOTE:  applications  and libraries should, if possible, use libpcap to read savefiles, rather than having their own code to read savefiles.
       If, in the future, a new file format is supported by libpcap, applications and libraries using libpcap to read savefiles will  be  able	to
       read  the new format of savefiles, but applications and libraries using their own code to read savefiles will have to be changed to support
       the new file format.

       ``Savefiles'' read and written by libpcap and applications using libpcap start with a per-file header.  The format of the  per-file  header
       is:

	      +------------------------------+
	      |        Magic number	     |
	      +--------------+---------------+
	      |Major version | Minor version |
	      +--------------+---------------+
	      |      Time zone offset	     |
	      +------------------------------+
	      |     Time stamp accuracy      |
	      +------------------------------+
	      |       Snapshot length	     |
	      +------------------------------+
	      |   Link-layer header type     |
	      +------------------------------+
       All  fields  in the per-file header are in the byte order of the host writing the file.	The first field in the per-file header is a 4-byte
       magic number, with the value 0xa1b2c3d4.  The magic number, when read by a host with the same byte order as the host that wrote	the  file,
       will  have the value 0xa1b2c3d4, and, when read by a host with the opposite byte order as the host that wrote the file, will have the value
       0xd4c3b2a1.  That allows software reading the file to determine whether the byte order of the host that wrote the file is the same  as  the
       byte order of the host on which the file is being read, and thus whether the values in the per-file and per-packet headers need to be byte-
       swapped.

       Following this are:

	      A 2-byte file format major version number; the current version number is 2.

	      A 2-byte file format minor version number; the current version number is 4.

	      A 4-byte time zone offset; this is always 0.

	      A 4-byte number giving the accuracy of time stamps in the file; this is always 0.

	      A 4-byte number giving the "snapshot length" of the capture; packets longer than the snapshot length are truncated to  the  snapshot
	      length, so that, if the snapshot length is N, only the first N bytes of a packet longer than N bytes will be saved in the capture.

	      a 4-byte number giving the link-layer header type for packets in the capture; see pcap-linktype(7) for the LINKTYPE_ values that can
	      appear in this field.

       Following the per-file header are zero or more packets; each packet begins with a per-packet header, which is immediately followed  by  the
       raw packet data.  The format of the per-packet header is:

	      +---------------------------------------+
	      |      Time stamp, seconds value	      |
	      +---------------------------------------+
	      |    Time stamp, microseconds value     |
	      +---------------------------------------+
	      |    Length of captured packet data     |
	      +---------------------------------------+
	      |Un-truncated length of the packet data |
	      +---------------------------------------+
       All  fields  in	the  per-packet header are in the byte order of the host writing the file.  The per-packet header begins with a time stamp
       giving the approximate time the packet was captured; the time stamp consists of a 4-byte value, giving the time in seconds since January 1,
       1970,  00:00:00 UTC, followed by a 4-byte value, giving the time in microseconds since that second.  Following that are a 4-byte value giv-
       ing the number of bytes of captured data that follow the per-packet header and a 4-byte value giving the number of bytes  that  would  have
       been present had the packet not been truncated by the snapshot length.  The two lengths will be equal if the number of bytes of packet data
       are less than or equal to the snapshot length.

SEE ALSO

       pcap(3), pcap-linktype(7)

								  21 October 2008						  PCAP-SAVEFILE(5)
All times are GMT -4. The time now is 08:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy