Unix | Computer Borders

Many Linux users use the ‘find’ utility when searching for files using the command line on their system. They’ll do a simple:
find / -name ‘pattern’
Really though, the power of find isn’t just in finding names of files but rather specific details about those files. For example, if you wanted to find files which are writable by both their owner and their group:
find / -perm -444 -perm /222 ! -perm /111
or perhaps find any file that’s been altered in your Download directory in the past 24 hours:
find /home/user/Downloads/ -mtime 0
As you can see, the find command is very versatile and can be used to find an array of different attributes of files. There are times though where I’m just looking for something and I don’t want to have to wait for the command to scan the entire directory tree in order to track it down. That’s where locate comes in with quick and simple results.
Using the locate command can only be accomplished if you install the mlocate package. Most major distributions have this available. If not, head over to the mlocate homepage and install manually. Once that is accomplished, you’ll need to manually run a command to index your filesystem with it…otherwise, you’ll have to wait for the command to run automatically as it registers with cron to do so on a system level. Open a terminal and change to your root user, then execute the following:
updatedb &
This updates the mlocate database that indexes your files and forks it to the background (the ‘&’ forks it to the background). You can now logout of the terminal as root and the process will quietly work in the background.
After the command completes, using mlocate is as easy as using the locate command:
locate firefox | less
The command above will look for all files with Firefox in the name and pipe the command through less so you can use the space bar or enter key to scroll the file buffer. Of course, the reason we pipe it through less is because any file that resides in the ‘firefox’ directory will be reported in the output. While this tool isn’t as granular as the find command, it is a quick way to track down paths, directories, and files you know should exist. Since the data is indexed using the updatedb command (by cron) the results are very quick and the command does not have to scan through the filesystem to return the results.
There are plenty more advanced options via flags (such as following symbolic links, making search term case-sensitive, and even using regexp). See the man page for details on how each of these options work. Play around with locate and see what you can do! It’s a powerful and quick search command!

Rootkit Hunter is a Unix-primarily based scanning tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of vital files with known good ones in online database, looking for default directories (of rootkits), improper permissions, hidden records data, suspicious strings in kernel modules and particular tests for Linux or FreeBSD. Most instances rootkits are self-hiding toolkits utilized by blackhats, crackers and script kiddies, to keep away from the attention of the system admin. If you’re unsure as to whether your system is compromised, you will get a second opinion from sources such as Linux-oriented forum. If your system is contaminated with a rootkit, cleaning it up will not be an option. Restoring can be not an option unless you might be expert, and have autonomous and an impartial means of verifying that the backup is clear, and does not include misconfigured or stale software. Never trust a potentially compromised machine! Basically a clean install of the OS is always advisable after backing up the system.