https://github.com/exfil0/ir-linux

Incident Response Linux Investigation Tool: A concise, efficient script for system administrators and IT professionals, perfect for Linux system diagnostics. It gathers essential data on user accounts, processes, logs, and network configurations, ensuring secure and effective incident response and troubleshooting.
https://github.com/exfil0/ir-linux

command-line-tool incident-response it-infrastructure linux-system-analysis log-analysis network-security system-administration system-audit troubleshooting

Last synced: 8 months ago
JSON representation

Incident Response Linux Investigation Tool: A concise, efficient script for system administrators and IT professionals, perfect for Linux system diagnostics. It gathers essential data on user accounts, processes, logs, and network configurations, ensuring secure and effective incident response and troubleshooting.

• Host: GitHub
• URL: https://github.com/exfil0/ir-linux
• Owner: exfil0
• Created: 2024-01-01T14:07:13.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-01T14:18:54.000Z (over 2 years ago)
• Last Synced: 2025-01-05T13:44:10.147Z (over 1 year ago)
• Topics: command-line-tool, incident-response, it-infrastructure, linux-system-analysis, log-analysis, network-security, system-administration, system-audit, troubleshooting
• Language: Shell
• Homepage: https://github.com/exfil0/IR-Linux
• Size: 1.85 MB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
![alt text](https://github.com/exfil0/IR-Linux/blob/main/IR-Linux-Wallpaper.png)

# Incident Response Linux Investigation Script Guide

## Introduction

This guide is for using the Incident Response Linux Investigation script. This script gathers extensive information about a Linux system's current state, vital for incident response and troubleshooting.

## Prerequisites

- **Root Access**: The script requires root privileges.

- **Linux Environment**: Designed for Linux systems, compatibility varies.

- **Command Line Knowledge**: Basic understanding of Linux command line is needed.

## Getting Started

### Locate the Script

Ensure the script `IRLinuxInvestigation.sh` is on the system where it needs to run.

### Make the Script Executable

```bash

chmod +x IRLinuxInvestigation.sh

```

### Run the Script

Execute as root:

```bash

sudo ./IRLinuxInvestigation.sh

```

Follow prompts to enter your password.

## User Input

The script prompts for:

- **Username**: Check password status.

- **Process ID**: List open files for a process.

- **Filename**: Search for a file.

- **Number of Days**: Find recently modified or accessed files.

- **File Size**: Locate large files.

## Output

All output is redirected to `/tmp/IRLinux.txt`.

## Script Sections

- **User Accounts**: User account details and activities.

- **Log Entries**: System logs including boot logs and authentication logs.

- **System Resources**: Running processes and system usage data.

- **Processes**: Information on current processes.

- **Services**: System service statuses.

- **Files**: File permissions and specific file details.

- **Network Settings**: Network interfaces and connections, firewall rules.

- **Additional Commands**: Scheduled tasks, DNS settings, etc.

## Safety and Security

- Perform read-only operations; however, ensure data backups.

- Handle the output file securely as it contains sensitive data.

## Troubleshooting

- Install missing utilities via your distribution's package manager.

- Run the script with root privileges for permission-related issues.

## Conclusion

This script is essential for system administrators and IT professionals in incident response, providing an efficient way to gather system information securely.