Baseline and perform analysis on dead Linux machine mounted via image file.
Prior to executing the baseline.sh script, ensure you have already mounted the target file system.
sudo ./baseline.sh /mnt/<drive>- Device Settings (OS, Kernel, Processor, Time Zone, Last Shutdown)
- Users (Username, UID, Groups, Shell)
- Sudoers (Look in
/etc/sudoers.d) - Installed Software (Install Date, Name, Version)
- Persistence Mechanisms (Cron)
- Network Configuration
- System Logs (Detect Anomalous Behavior)
- Web Server (Configuration, Logs)
- Database Server (Configuration, Logs)
- User Profiles
- User CLI History (Bash, Zsh)
- Last Modified Files
- List sudo users
- Format last shutdown
- Fix bash history
- Fix remote sessions (show more/pertinent information)
- Detect malicious activity using ruleset
- More features in web logs
- Analyse auth logs
- passwd/shadow/group changes (diff/stat)
- Fix web brute force attempts
- Add SSH brute force attempts
- Fix last logins
- Add auto mount for E01 files
- Hash E01 file