Practical Linux Forensics by Bruce Nikkel
Author:Bruce Nikkel [Bruce Nikkel]
Language: eng
Format: epub
Publisher: No Starch Press
Published: 2021-10-11T16:00:00+00:00
Path-Based Activation
Path-based activation uses a kernel feature called inotify that allows the monitoring of files and directories. The *.path unit files define which files to monitor (see the systemd.path(5) man page). A *.service file with the same name is activated when the path unit fileâs conditions are met. In this example, a canary.txt file is monitored to detect possible ransomware. The canary file, path unit, and service unit are shown here:
$ cat /home/sam/canary.txt If this file is encrypted by Ransomware, I will know! $ cat /home/sam/.config/systemd/user/canary.path [Unit] Description=Ransomware Canary File Monitoring [Path] PathModified=/home/sam/canary.txt $ cat /home/sam/.config/systemd/user/canary.service [Unit] Description=Ransomware Canary File Service [Service] Type=simple ExecStart=logger "The canary.txt file changed!"
Two unit files, canary.path and canary.service, are located in the userâs ~/.config/systemd/user/ directory and define the path-activated service. If the file is modified, the service is started and the command executed, which is shown in the journal:
Dec 13 10:14:39 pc1 systemd[13161]: Started Ransomware Canary File Service. Dec 13 10:14:39 pc1 sam[415374]: The canary.txt file changed! Dec 13 10:14:39 pc1 systemd[13161]: canary.service: Succeeded.
Here, the logs show the canary service starting, executing (the logger command output), and finishing (Succeeded). A user must be logged in for their own unit files to be active.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7265)
Linux Device Driver Development Cookbook by Rodolfo Giometti(3335)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2304)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2091)
Docker on Windows by Stoneman Elton(2059)
The Infinite Retina by Robert Scoble Irena Cronin(2006)
Hands-On AWS Penetration Testing with Kali Linux by Karl Gilbert(1792)
Computers For Seniors For Dummies by Nancy C. Muir(1764)
The Old New Thing by Raymond Chen(1710)
Hands-On Linux for Architects by Denis Salamanca(1706)
Programming in C (4th Edition) (Developer's Library) by Stephen G. Kochan(1683)
MCSA Windows Server 2016 Study Guide: Exam 70-741 by William Panek(1472)
Embedded Systems Architecture by Daniele Lacamera(1369)
Installing and Configuring Windows 10: 70-698 Exam Guide by Bekim Dauti(1369)
Mastering PowerShell Scripting - Fourth Edition by Chris Dent(1353)
Database Reliability Engineering: Designing and Operating Resilient Database Systems by Campbell Laine & Majors Charity(1343)
Raspberry Pi Beginners Guide: Ultimate Guide For Rasberry Pi, User guide To Get The Most Out Of Your Investment, Hacking, Programming, Python, Best Hardware, Beginners Guide To Rasberry Pi by Steven Giles(1330)
Learn Computer Forensics by William Oettinger(1318)
Linux Phrasebook (Developer's Library) by Granneman Scott(1311)