Forsenic analysis of a living server?

Post #261,551 by inthane-chan 7/13/06 12:28:21 PM Reply	Forsenic analysis of a living server? We had a departure here recently of an individual who had his own fiefdom here. He never liked the way anybody else did things, and while I admire his ability to keep things working the way he wanted them to, he didn't document shit, and had an attitude of "his way or the highway" to the point where he actually took departments he was responsible for, put them on their own subnet, and filtered them out from the rest of the system. I've been tasked with dissecting the tangled mess of lines and making sure it's all working, documenting it, then reintegrating the various departments with the main network. There are three servers that I know of, all running Redhat Fedora, which I am not very familiar with. I do have a 'yum list installed' response from all three. Any suggestions on dissecting these machines without killing them? Hurt me if you must, but let the duckie go!
Post #261,577 by folkert 7/13/06 2:01:22 PM Reply	/etc is typically where everything... Is stored and kept, relating to configs and such. /usr/local/etc for some add-ons /opt/* for other things. It is all a matter of parsing config files. Looking at the obvious files for system config (/etc/sysconfig/) Among other files for Important packages like Bind or Samba. Fiefdoms in Linux are not really to hard to fixup. Usually it is more of understand the whole /etc/ setup. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ i_wethey* Freedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0; 0 rows returned.
Post #261,636 by scoenye 7/13/06 5:39:42 PM Reply	netstat -l may cut down on the workload That'll give you the overview of all things listening on the network (and by extension points of interest in /etc). In addition 'lsof \| grep port_name' is useful in locating custom compiled binaries in funny places.

Welcome to IWETHEY!