Scanning for Block Devices
You can scan for block devices that may be used as physical volumes with the lvmdiskscan
command, as shown in the following example.
# lvmdiskscan
lvmdiskscan
[-d|--debug]
[-h|--help]
[-l|--lvmpartition]
[--version]
Scanning for rootkits with rkhunter
The first thing we want to do after installation is to update the signatures and files rkhunter uses to detect anomalies:
sudo /usr/local/bin/rkhunter –update
Interactive mode
sudo /usr/local/bin/rkhunter -c
That command starts rkhunter in an interactive mode.
When it gets to the end of a particular scan, you need to press ‘enter’ to continue.
If you want to skip the interactive prompts, add the -sk option at the end:
sudo /usr/local/bin/rkhunter -c -sk
Scanning Hosts with Nmap for vulnerability assessment.
Using Nmap
Nmap can be run from a shell prompt by typing the nmap command followed by the hostname or IP address of the machine to scan.
Administrators can use Nmap on a network to find host systems and open ports on those systems.
Nmap is a popular tool included in Red Hat Enterprise Linux that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. An excellent man page is included that provides a de-
tailed description of its options and usage.
Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host.
# nmap 127.0.0.1
Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-16 16:05 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
For more information about using Nmap, refer to the official homepage at the following URL: http://www.insecure.org/
Scanning Disks for Volume Groups to Build the Cache File
The vgscan command scans all supported disk devices in the system looking for LVM physical volumes and volume groups. This builds the LVM cache in the /etc/lvm/.cache file, which maintains a listing of current LVM devices.
LVM runs the vgscan command automatically at system startup and at other times during LVM operation, such as when you execute a vgcreate command or when LVM detects an inconsistency. You may need to run the vgscan command manually when you change your hardware configuration, causing new devices to be visible to the system that were not present at system bootup. This may be necessary, for example, when you add new disks to the system on a SAN or hotplug a new disk that has been labeled as a physical volume.
You can define a filter in the lvm.conf file to restrict the scan to avoid specific devices.
SYNOPSIS
DESCRIPTION
lvm.conf is loaded during the initialisation phase of lvm (8). This file can in turn lead to other files being loaded - settings read in later override earlier settings. File timestamps are checked between commands and if any have changed, all the files are reloaded.
Use lvm dumpconfig to check what settings are in use.
# lvm dumpconfig
devices {
dir=”/dev”
scan=”/dev”
preferred_names=[]
filter=”a/.*/”
cache_dir=”/etc/lvm/cache”
cache_file_prefix=”"
write_cache_state=1
sysfs_scan=1
md_component_detection=1
ignore_suspended_devices=0
}
Scanning for Block Devices
You can scan for block devices that may be used as physical volumes with the lvmdiskscan command, as shown in the following example.
# lvmdiskscan
/dev/ram0 [ 16.00 MB]
/dev/sda [ 17.15 GB]
/dev/root [ 13.69 GB]
/dev/ram [ 16.00 MB]
/dev/sda1 [ 17.14 GB] LVM physical volume
/dev/VolGroup00/LogVol01 [ 512.00 MB]
/dev/ram2 [ 16.00 MB]
lvmdiskscan scans all SCSI, (E)IDE disks, multiple devices and a bunch of other block devices in the system looking for LVM physical volumes. The size reported is the real device size. Define a filter in lvm.conf(5) to restrict the scan to avoid a CD ROM, for example.
If run as a user then.
$ lvmdiskscan
WARNING: Running as a non-root user. Functionality may be unavailable.
0 disks
0 partitions
0 LVM physical volume whole disks
0 LVM physical volumes