blueteamsec

669 readers

36 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat@infosec.pub

witr: Why is this running? - Linux - It explains where a running thing came from, how it was started, and what chain of systems is responsible for it existing right now, in a single, human-readable (github.com)

submitted 2 months ago by digicat@infosec.pub to c/blueteamsec@infosec.pub

5 comments fedilink hide all child comments

all 6 comments

sorted by: hot top controversial new old

[–] eleijeep@piefed.social 11 points 2 months ago (1 children)

🤖 LLM generated README

Tools that interact with the system require a certain level of trust. For a 2 week old project (with 9k stars already?) with an AI generated README, I'll stick to the standard tools that already do this, thanks.

[–] AmbiguousProps@lemmy.today 3 points 2 months ago (1 children)

I'm interested in what the standard tools that do this are, got any names or links by chance?

[–] eleijeep@piefed.social 4 points 2 months ago (1 children)

I regularly use ps pstree lsof netstat ss and the /proc/ filesystem, and when containers are involved lsns nsenter and if it's flatpak sometimes flatpak enter

Learning how to use /proc/ is indispensable

[–] eleijeep@piefed.social 4 points 2 months ago (1 children)

And for realtime monitoring, in addition to your favourite top program for process info, there's also iostat and iftop which are very useful for IO and network monitoring respectively, but that's not really what the tool in this post was about.

[–] AmbiguousProps@lemmy.today 3 points 2 months ago

Cool, thanks! I knew some of those but not all of them. Appreciate it!