Pages

Showing posts with label commands. Show all posts
Showing posts with label commands. Show all posts

Monday, November 25, 2024

Fedora 41 : assembly fasm with cat command and qemu test.

I tested the basic direct binary concatenation where the second file is appended to the end of the first file, preserving all bytes exactly as they are without any linking metadata or relocations with the cat command.
Let's see how can do this.
You need to create two files: kernel.fasm and kernel2.fasm.
First will like this:
org 7C00h

; First stage bootloader
start:
    mov [bootdrive], dl
    mov ax, 0x2000  ; Load kernel at 0x2000:0
    mov es, ax
    xor bx, bx      ; ES:BX = buffer
    
    mov ah, 02h     ; Read sectors
    mov al, 6       ; Number of sectors to read
    mov ch, 0       ; Cylinder 0
    mov cl, 2       ; Start from sector 2
    mov dh, 0       ; Head 0
    mov dl, [bootdrive]
    int 13h
    
    jmp 0x2000:0    ; Jump to second stage

bootdrive db 0
times 510-($-$$) db 0
dw 0xAA55
The second one named kernel2.fasm will come with new features:
org 0

COLS equ 80
ROWS equ 25
VIDEO_MEM equ 0xB800

; Box drawing characters
BOX_DR    equ 201  ; ╔
BOX_HL    equ 205  ; ═
BOX_DL    equ 187  ; ╗
BOX_VL    equ 186  ; ║
BOX_UR    equ 200  ; ╚
BOX_UL    equ 188  ; ╝
BOX_BLOCK equ 219  ; █
...
Use fasm and cat commands to create the bin files and the result file for qemu:
mythcat@localhost:~/fasm$ ./fasm.x64 kernel.fasm kernel.bin
flat assembler  version 1.73.32  (16384 kilobytes memory, x64)
2 passes, 512 bytes.
mythcat@localhost:~/fasm$ ./fasm.x64 kernel2.fasm kernel2.bin
flat assembler  version 1.73.32  (16384 kilobytes memory, x64)
2 passes, 132 bytes.
mythcat@localhost:~/fasm$ cat kernel.bin kernel2.bin > os.img
The last step is to run qemu-system-i386 to test the result
mythcat@localhost:~/fasm$ qemu-system-i386 -fda os.img
The result is this:

Sunday, July 30, 2023

Fedora 39 : Test with eDEX-UI.

eDEX-UI is a fullscreen, cross-platform terminal emulator and system monitor that looks and feels like a sci-fi computer interface.
This can be found on this GitHub project.
This is version for 64-bit Machines, you can download it with:
$ wget -c https://github.com/GitSquared/edex-ui/releases/download/v2.2.8/eDEX-UI-Linux-x86_64.AppImage
Change the file to be executable:
$ chmod +x eDEX-UI-Linux-x86_64.AppImage
Use this command:
$ ./eDEX-UI-Linux-x86_64.AppImage --appimage-extract
Go to this folder:
$ cd squashfs-root
Run the application:
$ ./AppRun
This is the result of running the application:

Friday, May 19, 2023

Fedora 39 : Using a stick or hard disk created in Windows.

When attached to USB, Linux distribution cannot access it.
Install these packages with the DNF utility.
sudo dnf install ntfs-3g
sudo dnf install ntfsfix
Use these commands to create a folder where it will be mounted and test if it can be mounted and where it is viewed :
sudo mkdir /mnt/mydrive
sudo mount -t ntfs-3g /dev/sdb1 /mnt/mydrive
dmesg| grep usb 
sudo mount /dev/sdb /mnt/mydrive
df -h
Fix errors with this command
sudo umount /dev/sdb1
sudo ntfsfix /dev/sdb1
It resumes the operation of mounting it in the folder named /mnt/mydrive:
sudo mount -t ntfs-3g /dev/sdb1 /mnt/mydrive
This command will mount as a superuser but can be modified as a normal user.
Create a USB folder into your home folder as normal user.
You can use these commands to use your files like a normal user:
[mythcat@fedora ~]$ sudo mount -t ntfs-3g /dev/sdb1 ~/USB
[sudo] password for mythcat: 
...
[mythcat@fedora ~]$ sudo umount /dev/sdb1

Saturday, July 3, 2021

Fedora 34 : Can be better? part 018.

Fedora distro can improuve the LXDE environment.
Let's start this simple tips and tricks that change the size of the window.
You can see the window is blocked by the Task Bar.
You need to open this file named lxde-rc.xml:
[mythcat@desk ~]$ vim ~/.config/openbox/lxde-rc.xml 
Then change these lines of source code save the file and reboot:
<!-- You can reserve a portion of your screen where windows will not cover when they are
 maximized, or when they are initially placed. 
Many programs reserve space automatically, but you can use this in other cases. -->
<margins>
 <top>0</top>
 <bottom>30</bottom>
 <left>0</left>
 <right>0</right>
</margins>
After reboot the result is more good:

Sunday, June 27, 2021

Fedora 34 : Install evolution tool.

Evolution is a personal information management application that provides integrated mail, calendaring and address book functionality, see the wiki gnome page.
[root@desk mythcat]# dnf search evolution
Last metadata expiration check: 3:46:10 ago on Sun 27 Jun 2021 10:18:50 AM EEST.
======================= Name Exactly Matched: evolution ========================
evolution.x86_64 : Mail and calendar client for GNOME
... 
[root@desk mythcat]# dnf install evolution.x86_64
Last metadata expiration check: 3:48:05 ago on Sun 27 Jun 2021 10:18:50 AM EEST.
Dependencies resolved.
================================================================================
 Package                  Arch        Version                Repository    Size
================================================================================
Installing:
 evolution                x86_64      3.40.2-1.fc34          updates      3.7 M
Installing dependencies:
 evolution-langpacks      noarch      3.40.2-1.fc34          updates      5.6 M
 highlight                x86_64      3.60-3.fc34            fedora       887 k
 libytnef                 x86_64      1:1.9.3-5.fc34         fedora        39 k

Transaction Summary
================================================================================
Install  4 Packages

Total download size: 10 M
Installed size: 56 M
Is this ok [y/N]: y
...
Installed:
  evolution-3.40.2-1.fc34.x86_64    evolution-langpacks-3.40.2-1.fc34.noarch   
  highlight-3.60-3.fc34.x86_64      libytnef-1:1.9.3-5.fc34.x86_64             

Complete!
The consfiguration of email account is easy.
I used my yahoo account.
The yahoo mail server ask me a token, but I close and I login again and work well.
You can see a video tutorial from my youtube channel.

Fedora 34 : ASP.NET Core application - part 001.

This tutorial is about creating an ASP project on Fedora 34 Linux distro.
Let's create a folder for a new ASP project:
[mythcat@desk ~]$ cd CSharpProjects/
[mythcat@desk CSharpProjects]$ mkdir ASPProjects
[mythcat@desk CSharpProjects]$ cd ASPProjects/
[mythcat@desk ASPProjects]$ dotnet new web -o ASP001
The template "ASP.NET Core Empty" was created successfully.

Processing post-creation actions...
Running 'dotnet restore' on ASP001/ASP001.csproj...
  Determining projects to restore...
  Restored /home/mythcat/CSharpProjects/ASPProjects/ASP001/ASP001.csproj (in 152 ms).
Restore succeeded.
In the ASP001 folder project will run these commands:
[mythcat@desk ASPProjects]$ cd ASP001/
[mythcat@desk ASP001]$ dotnet restore
  Determining projects to restore...
  All projects are up-to-date for restore.
[mythcat@desk ASP001]$ dotnet run
Building...
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: https://localhost:5001
This program will show
info: Microsoft.Hosting.Lifetime[14] Now listening on: http://localhost:5000 info: Microsoft.Hosting.Lifetime[0] Application started. Press Ctrl+C to shut down. info: Microsoft.Hosting.Lifetime[0] Hosting environment: Development info: Microsoft.Hosting.Lifetime[0] Content root path: /home/mythcat/CSharpProjects/ASPProjects/ASP001 ^Cinfo: Microsoft.Hosting.Lifetime[0] Application is shutting down...
This program will show on browser localhost the text: Hello World!
With the dotnet restore command, we download the necessary dependencies.
It calls into NuGet - .NET package manager to restore the tree of dependencies.
Let's see the files from this project:
[mythcat@desk ASP001]$ ls
appsettings.Development.json  ASP001.csproj  obj	 Properties
appsettings.json	      bin	     Program.cs
[mythcat@desk ASP001]$ cat Program.cs 
using System;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Hosting;

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}

app.MapGet("/", (Func<string>)(() => "Hello World!"));

app.Run();
[mythcat@desk ASP001]$ cat ASP001.csproj 
...
This is the most simple tutorial about the ASP project.

Saturday, June 19, 2021

Fedora 34 : Test with the new .NET 6.0 SDK.

Now Fedora 34 distro comes integrated in the repo with DotNet 5.
Today I tested DotNet 6.
Let's create a new folder for the .NET 6.0 SDK .
[mythcat@desk ~]$ mkdir -p $HOME/dotnet
[mythcat@desk ~]$ cd dotnet/
First open your browser and download the .NET 6.0 SDK from the official website.
[mythcat@desk dotnet]$ ls
dotnet-sdk-6.0.100-preview.5.21302.13-linux-x64.tar.gz
Use the following commands to extract the SDK and make the commands available at the terminal.
[mythcat@desk dotnet]$ tar zxf dotnet-sdk-6.0.100-preview.5.21302.13-linux-x64.tar.gz  -C $HOME/dotnet
[mythcat@desk dotnet]$ export DOTNET_ROOT=$HOME/dotnet
[mythcat@desk dotnet]$ export PATH=$PATH:$HOME/dotnet
Let's see the content of the dotnet folder:
[mythcat@desk dotnet]$ ls
dotnet							sdk
dotnet-sdk-6.0.100-preview.5.21302.13-linux-x64.tar.gz	sdk-manifests
host							shared
LICENSE.txt						templates
packs							ThirdPartyNotices.txt
Let's run the binary dotnet from this folder:
[mythcat@desk dotnet]$ ./dotnet --version
6.0.100-preview.5.21302.13 
I added to PATH into .bashrc file:
[mythcat@desk dotnet]$cat ~/.bashrc 
export PS1="[\u@\h \W]\$ "
PATH=$PATH:$HOME/dotnet

Friday, June 18, 2021

Fedora 34 : Defragmenting an XFS file system with xfs_fsr.

The xfs_fsr tool improves the organization of mounted filesystems.
The XFS is an extent-based file system, it is usually unnecessary to defragment a whole file system
I can use this command to Defragmenting my XFS file system.
[root@desk mythcat]# xfs_fsr /dev/mapper/fedora-root -v -d
...
set temp attr
DEBUG: fsize=6774 blsz_dio=6656 d_min=512 d_max=2147483136 pgsz=4096
Temporary file has 1 extents (2 in original)
extents before:2 after:1 DONE ino=95047551
ino=95050118
ino=95050118 extents=2 can_save=1 tmp=/.fsr/ag14/tmp10249
orig forkoff 288, temp forkoff 0
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 296
orig forkoff 288, temp forkoff 288
set temp attr
DEBUG: fsize=6541 blsz_dio=6144 d_min=512 d_max=2147483136 pgsz=4096
Temporary file has 1 extents (2 in original)
extents before:2 after:1 DONE ino=95050118
This is all about this command.

Wednesday, June 16, 2021

Fedora 34 : The grubby command line tool.

The grubby command line tool used to configure bootloader menu entries across multiple architectures.
All information can be find with the manual linux commands:
[root@desk mythcat]# man grubby
Let's see some simple examples.
This command can list all the installed kernel:
[root@desk mythcat]# grubby --info=ALL | grep ^kernel
kernel="/boot/vmlinuz-5.12.10-300.fc34.x86_64"
kernel="/boot/vmlinuz-5.12.8-300.fc34.x86_64"
kernel="/boot/vmlinuz-0-rescue-fc76db87af524282b0c7e05a9c5d18f4
To get more details on the installed kernel:
[root@desk mythcat]# grubby --info="/boot/vmlinuz-$(uname -r)"
index=0
kernel="/boot/vmlinuz-5.12.10-300.fc34.x86_64"
args="ro resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet splash 
acpi_osi=Linux"
root="/dev/mapper/fedora-root"
initrd="/boot/initramfs-5.12.10-300.fc34.x86_64.img"
title="Fedora (5.12.10-300.fc34.x86_64) 34 (MATE-Compiz)"
id="fc76db87af524282b0c7e05a9c5d18f4-5.12.10-300.fc34.x86_64"
Add selinux=0 to the kernel with this tool:
[root@desk mythcat]# grubby --update-kernel ALL --args selinux=0
Let's see if is added:
[root@desk mythcat]# grubby --info="/boot/vmlinuz-$(uname -r)"
index=0
kernel="/boot/vmlinuz-5.12.10-300.fc34.x86_64"
args="ro resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet splash 
acpi_osi=Linux selinux=0"
root="/dev/mapper/fedora-root"
initrd="/boot/initramfs-5.12.10-300.fc34.x86_64.img"
title="Fedora (5.12.10-300.fc34.x86_64) 34 (MATE-Compiz)"
id="fc76db87af524282b0c7e05a9c5d18f4-5.12.10-300.fc34.x86_64"
Remove the selinux=0 option from the bootloader with this tool:
[root@desk mythcat]# grubby --update-kernel ALL --remove-args selinux
Let's see if is removed:
[root@desk mythcat]# grubby --info="/boot/vmlinuz-$(uname -r)"
index=0
kernel="/boot/vmlinuz-5.12.10-300.fc34.x86_64"
args="ro resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet splash 
acpi_osi=Linux"
root="/dev/mapper/fedora-root"
initrd="/boot/initramfs-5.12.10-300.fc34.x86_64.img"
title="Fedora (5.12.10-300.fc34.x86_64) 34 (MATE-Compiz)"
id="fc76db87af524282b0c7e05a9c5d18f4-5.12.10-300.fc34.x86_64"
You can see is removed.
Get the index number of all the installed kernels:
[root@desk mythcat]# grubby --info=ALL | grep -E "^kernel|^index"
index=0
kernel="/boot/vmlinuz-5.12.10-300.fc34.x86_64"
index=1
kernel="/boot/vmlinuz-5.12.8-300.fc34.x86_64"
index=2
kernel="/boot/vmlinuz-0-rescue-fc76db87af524282b0c7e05a9c5d18f4"
I can set the default kernel by index with this tool:
[root@desk mythcat]# grubby --set-default-index=1
These are not all features of this command.

Sunday, March 7, 2021

Fedora 33 : Electron based terminal named Hyper.

Hyper is an Electron-based terminal built on HTML/CSS/JS.
About Electron is an open-source software framework developed and maintained by GitHub.
The original Hyper renderer was based on the DOM, and now Hyper 3 use Electron from V1 to V3 and is tested with V4.
You can install multiple plugins and themes to make your work easier.
The install process is easy, just download the RPM package and use the DNF tool to install it:
[root@desk mythcat]# dnf install Downloads/hyper-3.0.2.x86_64.rpm 
Last metadata expiration check: 0:14:49 ago on Sun 07 Mar 2021 11:22:49 AM EET.
Dependencies resolved.
================================================================================
 Package        Architecture    Version             Repository             Size
================================================================================
Installing:
 hyper          x86_64          3.0.2-3440          @commandline           37 M

Transaction Summary
================================================================================
Install  1 Package

Total size: 37 M
Installed size: 141 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : hyper-3.0.2-3440.x86_64                                1/1 
  Running scriptlet: hyper-3.0.2-3440.x86_64                                1/1 
  Verifying        : hyper-3.0.2-3440.x86_64                                1/1 

Installed:
  hyper-3.0.2-3440.x86_64                                                       

Complete!
The Hyper terminal is installed on the LXDE main menu on the Other submenu.
You can find more information on the official webpage.
The next image is a screenshot from my Fedora 33 distro with Hyper terminal.

Sunday, October 18, 2020

Fedora 32 : About positive and negative lookahead with Bash commands.

Today I will talk about something more complex in Linux commands called: positive and negative lookahead.
This solution can be found in several programming languages including Bash
The lookahead process is part of regular expressions.
The lookahead process looks ahead in the string and sees if it matches the given pattern, but then disregard it and move on.
It is very useful when we want to go through the strings.
The lookahead process can be both positive and negative depending on the purpose.
Negative lookahead is indispensable if you want to match something not followed by something else and looks like this:
q(?!s).
The string is the question q is analyzed and if it does not match and is not followed by s returns the result.
The positive lookahead it works the same way only now it is parsed if it corresponds to s.
The positive lookahead looks like this:
q(?=s)
Let's look at a simple example of detecting the PAE option for the processor.
We can use this command but we will find a lot of information ...
[root@desk mythcat]# cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 58
model name	: Intel(R) Celeron(R) CPU G1620 @ 2.70GHz
stepping	: 9
...
In some cases, the resulting information can be taken using pipe and grep but they will be increasingly fragmented.
I will use the same command cpuinfo and we will look for the pae information in the flags.
All CPU flags can be found here.
Let's prove with internal lookahead to find the pae flag.
[root@desk mythcat]# cat /proc/cpuinfo | grep -oP '(?='pae')...' 
pae
pae
This result gives me additional information, namely that there are two cores.
Do you have a question?

Sunday, February 2, 2020

Fedora 31 : Using the dmesg command on Linux operating system.

The dmesg command is used to display the kernel-related messages on Unix like systems. Today I will show you how to use this command on the Linux operating system. Simply use the command:
[mythcat@desk ~]$ dmesg 
[    0.000000] microcode: microcode updated early to revision 0x21, date = 2019-02-13
...
Show the latest message that fits on screen:
[mythcat@desk ~]$ dmesg | less
... 
Use it to see infoermation about motherboard:
[mythcat@desk ~]$ dmesg | grep -i memory
...
[mythcat@desk ~]$ dmesg | grep -i dma
...
[mythcat@desk ~]$ dmesg | grep -i usb
...
[mythcat@desk ~]$ dmesg | grep -i tty
...
Same reult with a single command using multiple grep option:
[mythcat@desk ~]$ dmesg | grep -E "memory|dma|usb|tty"
This display logs related to error and warning:
[root@desk mythcat]# dmesg --level=err,warn
The dmesg comes with supported log facilities:
  • kern - kernel messages;
  • user - random user-level messages;
  • mail - mail system;
  • daemon - system daemons;
  • auth - security/authorization messages;
  • syslog - messages generated internally by syslogd;
  • lpr - line printer subsystem;
  • news - network news subsystem;
See output facility only for one:
[mythcat@desk ~]$ dmesg --facility=daemon
Use root user to clear dmesg logs after the reading them:
[root@desk mythcat]# dmesg -C
If you want then you can show the outpout into the colored messages:
# dmesg -L

Tuesday, May 28, 2019

Fedora 30 : Commands and tools that handle assembly files - part 002.

Another good approach to this topic is this Fedora tool.
The development team tells us: GNUSim8085 is a graphical simulator, assembler and debugger for the Intel 8085 microprocessor in Linux and Windows.

  • A simple editor component with syntax highlighting.
  • A keypad to input assembly language instructions with appropriate arguments.
  • Easy view of register contents.
  • Easy view of flag contents.
  • Hexadecimal - Decimal converter.
  • View of stack, memory and I/O contents.
  • Support for breakpoints for program debugging.
  • Stepwise program execution.
  • One click conversion of assembly program to opcode listing.
  • Printing support.
  • UI translated in various languages.
Let's install this fedora package:
[root@desk mythcat]# dnf install gnusim8085.x86_64
...
Installed:
  gnusim8085-1.3.7-19.fc30.x86_64         electronics-menu-1.0-21.fc30.noarch   
  gtksourceview2-2.11.2-27.fc29.x86_64   

Complete!
Now you can run it with this command:
[mythcat@desk ~]$ gnusim8085
The GUI interface is simple to understand and easy to use for a developer.
The Intel 8085 has seven internal general-purpose 8-bit registers A, B, C, D, E, H, L, and 5 flags — S (sign), Z (zero), AC (Aux Carry), P (Parity) and CY (Carry).
The processor has a total of 246 instructions with which we can manipulate data in the processor registers and memory.
The assembler Intel 8085 mnemonics with the instruction strings, labels define with a named point in the code, the target for JMP or CALL instructions, comments start line with a semicolon ‘;’ is ignored by the assembler and pseudo codes to the assembler that provides some features to the coding process.
For another development assembly tools for hardware, you can find more info on this wiki page.

Friday, December 28, 2018

Fedora 29 : The most common BIOS commands.

Fedora Distribution has many things that many overlook in the maintenance process.
Today I will show you some commands for your BIOS.
These are fairly common and are fairly recent.
First is efibootmgr:
[root@desk mythcat]# efibootmgr
EFI variables are not supported on this system.
The next one is dmidecode, see:
[root@desk mythcat]# dmidecode -t 11
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.4 present.
[root@desk mythcat]# dmidecode --type processor
# dmidecode 3.2
...
The dmidecode command can be used with the arg -t from 0 to 39, or you can use the --type with this keywords:
  • baseboard
  • bios
  • cache
  • chassis;
  • connector
  • memory
  • processor
  • slot
  • system
The last one I used with Fedora 29 is biosdecode.
The dmidecode and biosdecode commands are Linux distro independent and preinstalled in most of them.
Let's see commands that depend on hardware.
The vpddecode command for IBM and Lenovo hardware only, the vpd stands for vital product data.
The ownership command is for only Compaq hardware, to get Compaq specific ownership tag info.

Monday, November 26, 2018

Fedora 29 : Commands and tools that handle assembly files - part 001.

This commands and tools that handle assembly files, object files, and libraries are very useful for development. In order to test these commands and tools, we need an executable file. I used this assembly source code created for FASM assembly. This assembly source code sums a variable named rad with a size of 8 bytes:
[mythcat@desk fasm]$ vim sum.asm 
format elf64
extrn printf

section '.data' writeable align 16
rad dq 90.0
fmt db "%.30lf",0ah,0

section '.text' executable align 16
public main
main:
    push rbp
    mov rbp,rsp
    pxor xmm0,xmm0
    movsd xmm0,[rad]
    movsd xmm2,[rad]
    addsd xmm0,xmm2
    mov rax,1
    mov rdi,fmt
    call printf

    mov rsp,rbp
    pop rbp
    ret
Let's create the output with the fasm tool:
[mythcat@desk fasm]$ ./fasm sum.asm 
flat assembler  version 1.73.04  (16384 kilobytes memory)
1 passes, 784 bytes.
The nm command can list symbols from object file. Let's see:
[mythcat@desk fasm]$ nm -A sum.o
sum.o:0000000000000000 T main
sum.o:                 U printf
Using the gcc tool I created the binary executable file and I run it:
[mythcat@desk fasm]$ gcc -s sum.o -o sum -lm
[mythcat@desk fasm]$ ./sum 
180.000000000000000000000000000000
The readelf can display information from elf file, see the output:
[mythcat@desk fasm]$ readelf -h sum 
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x401040
  Start of program headers:          64 (bytes into file)
  Start of section headers:          13552 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         11
  Size of section headers:           64 (bytes)
  Number of section headers:         28
  Section header string table index: 27
The strings can display printable char sequence from object files:
[mythcat@desk fasm]$ strings sum
/lib64/ld-linux-x86-64.so.2
libm.so.6
__gmon_start__
libc.so.6
printf
__libc_start_main
GLIBC_2.2.5
H=@@@
[]A\A]A^A_
;*3$"
V@%.30lf
GCC: (GNU) 8.2.1 20181105 (Red Hat 8.2.1-5)
gcc 8.2.1 20181105
GA*GOW
GA+stack_clash
GA*cf_protection
GA+GLIBCXX_ASSERTIONS
GA*FORTIFY
GA!stack_realign
gcc 8.2.1 20181105
GA*GOW
GA+stack_clash
GA*cf_protection
GA*FORTIFY
GA+GLIBCXX_ASSERTIONS
GA!stack_realign
.shstrtab
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.dynamic
.got
.got.plt
.data
.bss
.comment
.gnu.build.attributes
The most used is the objdump. This will come with many options for many exeecutable binary files:
[mythcat@desk fasm]$ objdump --help
objdump: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 pei-i386 pei-x86-64 elf64-l1om elf64-k1om 
elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex 
binary ihex objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel 
i386:x64-32:intel i386:nacl i386:x86-64:nacl i386:x64-32:nacl iamcu iamcu:intel l1om l1om:intel k1om k1om:intel plugin

The following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):
  x86-64      Disassemble in 64bit mode
  i386        Disassemble in 32bit mode
  i8086       Disassemble in 16bit mode
  att         Display instruction in AT&T syntax
  intel       Display instruction in Intel syntax
  att-mnemonic
              Display instruction in AT&T mnemonic
  intel-mnemonic
              Display instruction in Intel mnemonic
  addr64      Assume 64bit address size
  addr32      Assume 32bit address size
  addr16      Assume 16bit address size
  data32      Assume 32bit data size
  data16      Assume 16bit data size
  suffix      Always display instruction suffix in AT&T syntax
  amd64       Display instruction in AMD64 ISA
  intel64     Display instruction in Intel64 ISA
Report bugs to .
Let's test some features of the objdump. The arg -t can show the symbol table:
[mythcat@desk fasm]$ objdump -t sum 

sum:     file format elf64-x86-64

SYMBOL TABLE:
no symbols
The arg -d can display selected information from object files by the disassemble file:
[mythcat@desk fasm]$ objdump -d sum

sum:     file format elf64-x86-64

Disassembly of section .init:

0000000000401000 <.init>:
  401000:    f3 0f 1e fa              endbr64 
  401004:    48 83 ec 08              sub    $0x8,%rsp
  401008:    48 8b 05 e9 2f 00 00     mov    0x2fe9(%rip),%rax        # 403ff8 
  40100f:    48 85 c0                 test   %rax,%rax
  401012:    74 02                    je     401016 
  401014:    ff d0                    callq  *%rax
  401016:    48 83 c4 08              add    $0x8,%rsp
  40101a:    c3                       retq   

Disassembly of section .plt:

0000000000401020 :
  401020:    ff 35 e2 2f 00 00        pushq  0x2fe2(%rip)        # 404008 
  401026:    ff 25 e4 2f 00 00        jmpq   *0x2fe4(%rip)        # 404010 
  40102c:    0f 1f 40 00              nopl   0x0(%rax)

0000000000401030 :
  401030:    ff 25 e2 2f 00 00        jmpq   *0x2fe2(%rip)        # 404018 
  401036:    68 00 00 00 00           pushq  $0x0
  40103b:    e9 e0 ff ff ff           jmpq   401020 

Disassembly of section .text:

0000000000401040 <.text>:
  401040:    f3 0f 1e fa              endbr64 
  401044:    31 ed                    xor    %ebp,%ebp
  401046:    49 89 d1                 mov    %rdx,%r9
  401049:    5e                       pop    %rsi
  40104a:    48 89 e2                 mov    %rsp,%rdx
  40104d:    48 83 e4 f0              and    $0xfffffffffffffff0,%rsp
  401051:    50                       push   %rax
  401052:    54                       push   %rsp
  401053:    49 c7 c0 e0 11 40 00     mov    $0x4011e0,%r8
  40105a:    48 c7 c1 70 11 40 00     mov    $0x401170,%rcx
  401061:    48 c7 c7 30 11 40 00     mov    $0x401130,%rdi
  401068:    ff 15 82 2f 00 00        callq  *0x2f82(%rip)        # 403ff0 
  40106e:    f4                       hlt    
  40106f:    90                       nop
  401070:    f3 0f 1e fa              endbr64 
  401074:    c3                       retq   
  401075:    66 2e 0f 1f 84 00 00     nopw   %cs:0x0(%rax,%rax,1)
  40107c:    00 00 00 
  40107f:    90                       nop
  401080:    b8 40 40 40 00           mov    $0x404040,%eax
  401085:    48 3d 40 40 40 00        cmp    $0x404040,%rax
  40108b:    74 13                    je     4010a0 
  40108d:    b8 00 00 00 00           mov    $0x0,%eax
  401092:    48 85 c0                 test   %rax,%rax
  401095:    74 09                    je     4010a0 
  401097:    bf 40 40 40 00           mov    $0x404040,%edi
  40109c:    ff e0                    jmpq   *%rax
  40109e:    66 90                    xchg   %ax,%ax
  4010a0:    c3                       retq   
  4010a1:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4010a8:    00 00 00 00 
  4010ac:    0f 1f 40 00              nopl   0x0(%rax)
  4010b0:    be 40 40 40 00           mov    $0x404040,%esi
  4010b5:    48 81 ee 40 40 40 00     sub    $0x404040,%rsi
  4010bc:    48 c1 fe 03              sar    $0x3,%rsi
  4010c0:    48 89 f0                 mov    %rsi,%rax
  4010c3:    48 c1 e8 3f              shr    $0x3f,%rax
  4010c7:    48 01 c6                 add    %rax,%rsi
  4010ca:    48 d1 fe                 sar    %rsi
  4010cd:    74 11                    je     4010e0 
  4010cf:    b8 00 00 00 00           mov    $0x0,%eax
  4010d4:    48 85 c0                 test   %rax,%rax
  4010d7:    74 07                    je     4010e0 
  4010d9:    bf 40 40 40 00           mov    $0x404040,%edi
  4010de:    ff e0                    jmpq   *%rax
  4010e0:    c3                       retq   
  4010e1:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4010e8:    00 00 00 00 
  4010ec:    0f 1f 40 00              nopl   0x0(%rax)
  4010f0:    f3 0f 1e fa              endbr64 
  4010f4:    80 3d 45 2f 00 00 00     cmpb   $0x0,0x2f45(%rip)        # 404040 
  4010fb:    75 13                    jne    401110 
  4010fd:    55                       push   %rbp
  4010fe:    48 89 e5                 mov    %rsp,%rbp
  401101:    e8 7a ff ff ff           callq  401080 
  401106:    c6 05 33 2f 00 00 01     movb   $0x1,0x2f33(%rip)        # 404040 
  40110d:    5d                       pop    %rbp
  40110e:    c3                       retq   
  40110f:    90                       nop
  401110:    c3                       retq   
  401111:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  401118:    00 00 00 00 
  40111c:    0f 1f 40 00              nopl   0x0(%rax)
  401120:    f3 0f 1e fa              endbr64 
  401124:    eb 8a                    jmp    4010b0 
  401126:    66 2e 0f 1f 84 00 00     nopw   %cs:0x0(%rax,%rax,1)
  40112d:    00 00 00 
  401130:    55                       push   %rbp
  401131:    48 89 e5                 mov    %rsp,%rbp
  401134:    66 0f ef c0              pxor   %xmm0,%xmm0
  401138:    f2 0f 10 05 f0 2e 00     movsd  0x2ef0(%rip),%xmm0        # 404030 
  40113f:    00 
  401140:    f2 0f 10 15 e8 2e 00     movsd  0x2ee8(%rip),%xmm2        # 404030 
  401147:    00 
  401148:    f2 0f 58 c2              addsd  %xmm2,%xmm0
  40114c:    48 c7 c0 01 00 00 00     mov    $0x1,%rax
  401153:    48 bf 38 40 40 00 00     movabs $0x404038,%rdi
  40115a:    00 00 00 
  40115d:    e8 ce fe ff ff           callq  401030 
  401162:    48 89 ec                 mov    %rbp,%rsp
  401165:    5d                       pop    %rbp
  401166:    c3                       retq   
  401167:    66 0f 1f 84 00 00 00     nopw   0x0(%rax,%rax,1)
  40116e:    00 00 
  401170:    f3 0f 1e fa              endbr64 
  401174:    41 57                    push   %r15
  401176:    49 89 d7                 mov    %rdx,%r15
  401179:    41 56                    push   %r14
  40117b:    49 89 f6                 mov    %rsi,%r14
  40117e:    41 55                    push   %r13
  401180:    41 89 fd                 mov    %edi,%r13d
  401183:    41 54                    push   %r12
  401185:    4c 8d 25 74 2c 00 00     lea    0x2c74(%rip),%r12        # 403e00 
  40118c:    55                       push   %rbp
  40118d:    48 8d 2d 74 2c 00 00     lea    0x2c74(%rip),%rbp        # 403e08 
  401194:    53                       push   %rbx
  401195:    4c 29 e5                 sub    %r12,%rbp
  401198:    48 83 ec 08              sub    $0x8,%rsp
  40119c:    e8 5f fe ff ff           callq  401000 
  4011a1:    48 c1 fd 03              sar    $0x3,%rbp
  4011a5:    74 1f                    je     4011c6 
  4011a7:    31 db                    xor    %ebx,%ebx
  4011a9:    0f 1f 80 00 00 00 00     nopl   0x0(%rax)
  4011b0:    4c 89 fa                 mov    %r15,%rdx
  4011b3:    4c 89 f6                 mov    %r14,%rsi
  4011b6:    44 89 ef                 mov    %r13d,%edi
  4011b9:    41 ff 14 dc              callq  *(%r12,%rbx,8)
  4011bd:    48 83 c3 01              add    $0x1,%rbx
  4011c1:    48 39 dd                 cmp    %rbx,%rbp
  4011c4:    75 ea                    jne    4011b0 
  4011c6:    48 83 c4 08              add    $0x8,%rsp
  4011ca:    5b                       pop    %rbx
  4011cb:    5d                       pop    %rbp
  4011cc:    41 5c                    pop    %r12
  4011ce:    41 5d                    pop    %r13
  4011d0:    41 5e                    pop    %r14
  4011d2:    41 5f                    pop    %r15
  4011d4:    c3                       retq   
  4011d5:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4011dc:    00 00 00 00 
  4011e0:    f3 0f 1e fa              endbr64 
  4011e4:    c3                       retq   

Disassembly of section .fini:

00000000004011e8 <.fini>:
  4011e8:    f3 0f 1e fa              endbr64 
  4011ec:    48 83 ec 08              sub    $0x8,%rsp
  4011f0:    48 83 c4 08              add    $0x8,%rsp
  4011f4:    c3                       retq 
The arg -h can show some debug sections from file:
[mythcat@desk fasm]$ objdump -h sum 

sum:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001c  00000000004002a8  00000000004002a8  000002a8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  00000000004002c4  00000000004002c4  000002c4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  00000000004002e4  00000000004002e4  000002e4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     0000001c  0000000000400308  0000000000400308  00000308  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000060  0000000000400328  0000000000400328  00000328  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       00000049  0000000000400388  0000000000400388  00000388  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  00000008  00000000004003d2  00000000004003d2  000003d2  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  00000000004003e0  00000000004003e0  000003e0  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rela.dyn     00000030  0000000000400400  0000000000400400  00000400  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rela.plt     00000018  0000000000400430  0000000000400430  00000430  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         0000001b  0000000000401000  0000000000401000  00001000  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000020  0000000000401020  0000000000401020  00001020  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .text         000001a5  0000000000401040  0000000000401040  00001040  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         0000000d  00000000004011e8  00000000004011e8  000011e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .rodata       00000010  0000000000402000  0000000000402000  00002000  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 15 .eh_frame_hdr 00000034  0000000000402010  0000000000402010  00002010  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame     000000c8  0000000000402048  0000000000402048  00002048  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .init_array   00000008  0000000000403e00  0000000000403e00  00002e00  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .fini_array   00000008  0000000000403e08  0000000000403e08  00002e08  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .dynamic      000001e0  0000000000403e10  0000000000403e10  00002e10  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got          00000010  0000000000403ff0  0000000000403ff0  00002ff0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .got.plt      00000020  0000000000404000  0000000000404000  00003000  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data         00000020  0000000000404020  0000000000404020  00003020  2**4
                  CONTENTS, ALLOC, LOAD, DATA
 23 .bss          00000008  0000000000404040  0000000000404040  00003040  2**0
                  ALLOC
 24 .comment      0000002c  0000000000000000  0000000000000000  00003040  2**0
                  CONTENTS, READONLY
 25 .gnu.build.attributes 00000558  0000000000406048  0000000000406048  0000306c  2**2
                  CONTENTS, READONLY
This is just a part from all commands and tools that handle assembly files.

Wednesday, August 1, 2018

Fedora 28 : Unusual arguments for the dnf command.

Today I will introduce you in this tutorial some more unusual arguments for the dnf command.

  • first is check which package provides that file;
  • [root@desk mythcat]# dnf provides /etc/httpd/conf/httpd.conf
    Last metadata expiration check: 0:23:46 ago on Wed 01 Aug 2018 09:31:44 AM EEST.
    httpd-2.4.34-3.fc28.x86_64 : Apache HTTP Server
    Repo        : @System
    Matched from:
    Filename    : /etc/httpd/conf/httpd.conf
    
    httpd-2.4.34-3.fc28.x86_64 : Apache HTTP Server
    Repo        : updates
    Matched from:
    Filename    : /etc/httpd/conf/httpd.conf
    
    httpd-2.4.33-2.fc28.x86_64 : Apache HTTP Server
    Repo        : fedora
    Matched from:
    Filename    : /etc/httpd/conf/httpd.conf
  • get detailed information of a package can be viewed with the ‘info’ argument;
  • [root@desk mythcat]# dnf info httpd
    Last metadata expiration check: 0:29:01 ago on Wed 01 Aug 2018 09:31:44 AM EEST.
    Installed Packages
    Name         : httpd
    Version      : 2.4.34
    Release      : 3.fc28
    Arch         : x86_64
    Size         : 4.2 M
    Source       : httpd-2.4.34-3.fc28.src.rpm
    Repo         : @System
    From repo    : updates
    Summary      : Apache HTTP Server
    URL          : https://httpd.apache.org/
    License      : ASL 2.0
    Description  : The Apache HTTP Server is a powerful, efficient, and extensible
                 : web server.
  • allows us to see what has happened to our Linux system over time, and even undo, redo, or roll back a transaction;
  • [root@desk mythcat]# dnf history
    ID     | Command line             | Date and time    | Action(s)      | Altered
    -------------------------------------------------------------------------------
       178 | upgrade                  | 2018-08-01 09:33 | Update         |   27   
       177 | upgrade                  | 2018-07-31 12:54 | Update         |   11   
       176 | upgrade                  | 2018-07-30 20:43 | Update         |    1
  • take actions will be quicker with the ‘makecache’ argument
  • [root@desk mythcat]# time dnf makecache
    Last metadata expiration check: 0:34:10 ago on Wed 01 Aug 2018 09:31:44 AM EEST.
    Metadata cache created.
    
    real    0m4.529s
    user    0m1.420s
    sys    0m0.229s
  • list all packages that are currently installed on your Linux system;
  • [root@desk mythcat]# dnf list installed
    Installed Packages
    CharLS.x86_64                          1.0-16.fc28              @System         
    Field3D.x86_64                         1.7.2-10.fc28            @System         
    GConf2.x86_64                          3.2.6-20.fc28            @updates-testing
    GeoIP.x86_64                           1.6.12-3.fc28            @fedora         
    GeoIP-GeoLite-data.noarch              2018.06-1.fc28           @updates        
    ImageMagick.x86_64                     1:6.9.9.38-1.fc28        @updates-testing
    ImageMagick-c++.x86_64                 1:6.9.9.38-1.fc28        @updates-testing
    ImageMagick-libs.x86_64                1:6.9.9.38-1.fc28        @updates-testing
    LibRaw.x86_64                          0.18.13-1.fc28           @updates        
    ModemManager.x86_64                    1.6.12-3.fc28            @fedora 

Thursday, January 25, 2018

Fedora 27 : About storage management and LVM.

About storage management offering flexibility like a complex task and LVM contributes to this complexity.
If you have seen incorrect usage of LVM many times and users are often neither aware of the possibilities or alternatives for the particular storage stacks.
If you use a VirtualBox software the you can increase the vdi file:
VBoxManage modifyhd fedora.vdi --resize 30960
About LVM
The wikipedia tell us:
In Linux, Logical Volume Manager is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

To create a LVM, we need to run through the following steps:
  • Select the physical storage devices for LVM 
  • Create the Volume Group from Physical Volumes 
  • Create Logical Volumes from Volume Group
All linux commands start in this case with lv and pv .
If you want to have a good management of storage then one most common task is :

The resize the PV (Physical Volume) with all free space.

All LVM commands start with lv so try to find all into your terminal by type lv ant then use keys TAB+TAB.
To resize the LVM use this commands:
$sudo su 
# pvs
  PV         VG              Fmt  Attr PSize   PFree
...
# lvdisplay
  --- Logical volume ---
  LV Path                /dev/fedora/root
  LV Name                
...
# lvextend -l+100%FREE /dev/fedora/root 
...
# df -Th
If you use Volume group on LVM then you need to use:
vgextend your_vg /dev/sda...

Wednesday, January 3, 2018

Fedora 27 : Fix your distro with package-cleanup command.

Happy New Year 2018 !
A new beginning for us, fedora distribution users, and I prefer to write about what we all use in Fedora and maybe is less well known by new  readers.
Let's start with the development process of Fedora distro come and all the installed kernels.
Normally reason why you maybe want remove kernels is limited disk space, fix problems and see what is wrong with your Fedora distro.
First issue is about installed kernels, use this command:
#rpm -q kernel
Install this package tool named dnf-utils (is a collection of add-on tool for dnf tool).
#dnf install dnf-utils
Let's start with this command, we see that several packages are seemingly installed more than once:
#package-cleanup --cleandupes
If there’s any remaining trouble with the yum database you can see with this command:
#package-cleanup --problems
To remove installed kernels from old Fedora distros use this command:
#package-cleanup --oldkernels --count=2
... the Fedora 27 use this command:
#package-cleanup --oldkernels 2
To obtain list of orphaned packages currently residing in the system:
#package-cleanup --leaves

Saturday, July 15, 2017

Fedora 26 server 64bit - tested VM.

I install Fedora 26 into simple way with the Netinstall Image (64-bit 484MB ) from here.
I used the last VirtualBox to test this Fedora 26 net image.
It took some time because the hardware used is without the dedicated video card and an I5 processor. The basic idea of this test was to see how to install it.
It's interesting to watch: the number of packages installed per time unit, the startup steps for the base installation and the work environment.
The other steps are more complex because it matters what you want to do with this linux. It depends on how much you want to adapt it to your hardware machine or whether you will make it a web server, ftp, sftp or a graphics rendering or video rendering station.
The total installation time in VirtualBox was one hour and seven minutes. The resulting video was modified by changing the number of frames for a faster viewing, (from 72 to 172).
The reason was the first steps to install Fedora not to set a specific linux server.
I use linux command under root account to install and set Fedora 26:
#dnf update 
#dnf upgrade 
#dnf grouplist 
#dnf grouplist -v
#dnf install @cinnamon-desktop
#dnf -y group install "Fedora Workstation"
#dnf install setroubleshoot
#sestatus
#sestatus -v
#getenforce
#dnf install clamtk
#echo "exec /usr/bin/cinnamon-session" >> ~/.xinitrc
#startx
Let's see the record video of this test install :

Saturday, April 15, 2017

Linux: tools to scan a Linux server for malware and rootkits.

This tools are: chkrootkit, rkhunter, fuser and ISPProtect. All of this tools can be install under Fedora 25 with dnf tool. First tool is chkrootkit is a classic rootkit scanner. It checks your server for suspicious rootkit processes and checks for a list of known rootkit files.
[root@localhost mythcat]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
...
The Rootkit Hunter named rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.
[root@localhost mythcat]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
[root@localhost mythcat]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 136
[root@localhost mythcat]# rkhunter -c --enable all --disable none
[ Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/chmod                                           [ OK ]
    /usr/bin/chown                                           [ OK ]
    /usr/bin/cp                                              [ OK ]
...
Another tool is fuser
[root@localhost mythcat]# fuser -vn tcp 5222
...
The output of this command let you to see the recall of anything on your machine that should be listening on tcp port 5222.
[root@localhost mythcat]# fuser -vn tcp 19635
...
This output indicates that there is a process named "foo" running with PID number and listening on port 19635. The last tool is ISPProtect. ISPProtect is a malware scanner for web servers, it scans for malware in website files and CMS systems like Wordpress, Joomla, Drupal