du command

Working with du command in linux efficiently

1. Find the Largest Directories (Sorted)

sudo du -ahx / | sort -rh | head -20

• -a → Show both files and directories
• -h → Human-readable sizes (e.g., MB, GB)
• -x → Stay on the same filesystem (avoid mounted drives)
• sort -rh → Sort by size, largest first
• head -20 → Show top 20 largest directories/files

2. Find the Largest Directories Only (Excluding Files)

sudo du -hx --max-depth=3 / | sort -rh | head -20

• --max-depth=3 → Limits output to top 3 levels for better readability

3. Find the Largest Files (Over 500MB)

sudo find / -type f -size +500M -exec du -h {} + | sort -rh | head -20

• -type f → Only files
• -size +500M → Files larger than 500MB
• du -h → Show file sizes in human-readable format

4. Exclude Certain Directories (Like /proc, /sys, etc.)

sudo du -ahx --exclude={/proc,/sys,/dev,/run,/snap,/tmp,/mnt,/media} / | sort -rh | head -20

• This avoids system directories that don’t consume real disk space.

5. Find the Largest Users (Disk Usage by User)

sudo du -sh /home/* 2>/dev/null

• This shows how much each user is consuming in /home.

6. Save Output to a File

If you want to analyze later:

sudo du -ahx / | sort -rh > large_files.txt

Then open it:

less large_files.txt

Next Steps After Finding Large Files:

1. Check logs:

   sudo du -sh /var/log/*

   • You can clear logs with:

     sudo journalctl --vacuum-time=7d  # Keep logs for 7 days

2. Check package cache:

   sudo du -sh /var/cache/apt

   • Clean it with:

     sudo apt clean

3. Check old kernels:

   dpkg --list | grep linux-image

   • Remove old ones (except the current):

     sudo apt remove --purge linux-image-OLD-VERSION

Essential Linux Security Tools

Essential Linux Security Tools for Kali Linux

Introduction

Linux provides a vast collection of security tools for penetration testing, network analysis, and system hardening. This guide covers essential tools with installation steps and example usage.

🔎 Network Scanning and Enumeration

1️⃣ Nmap - Network Mapper

Nmap is a powerful tool for discovering hosts and services on a network.

Installation:

sudo apt update && sudo apt install nmap -y

Basic Usage:

• Scan a single host:

  nmap <target-ip>

• Scan a subnet:

  nmap 192.168.1.0/24

• Detect OS and services:

  nmap -A <target-ip>

📡 Packet Analysis

2️⃣ Wireshark - Network Traffic Analysis

Wireshark captures and inspects network traffic in real time.

Installation:

sudo apt install wireshark -y

Run Wireshark:

wireshark

Capture packets via CLI:

sudo tshark -i eth0

🎯 Exploitation Frameworks

3️⃣ Metasploit - Penetration Testing Framework

Metasploit is a tool for discovering, exploiting, and validating vulnerabilities.

Installation:

sudo apt install metasploit-framework -y

Basic Usage:

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target-ip>
exploit

🔑 Password Cracking

4️⃣ Hashcat - GPU-Accelerated Password Cracking

Hashcat is a high-speed password recovery tool.

Installation:

sudo apt install hashcat -y

Crack a hash:

hashcat -m 0 -a 0 hashes.txt rockyou.txt

5️⃣ John the Ripper - Password Recovery

John the Ripper is another tool for brute-force password attacks.

Installation:

sudo apt install john -y

Crack a password hash:

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

🛡 System Hardening

6️⃣ Lynis - Security Auditing

Lynis performs system audits to detect security weaknesses.

Installation:

sudo apt install lynis -y

Run a system audit:

sudo lynis audit system

7️⃣ Fail2Ban - Brute Force Protection

Fail2Ban monitors logs and bans IPs after multiple failed login attempts.

Installation:

sudo apt install fail2ban -y

Enable and start Fail2Ban:

sudo systemctl enable --now fail2ban

🔥 Firewall and Intrusion Detection

8️⃣ UFW - Uncomplicated Firewall

UFW is a simple tool for managing iptables firewall rules.

Installation:

sudo apt install ufw -y

Basic Firewall Rules:

• Enable UFW:

  sudo ufw enable

• Allow SSH:

  sudo ufw allow ssh

• Check firewall status:

  sudo ufw status

9️⃣ Suricata - Network Intrusion Detection System (IDS)

Suricata is an advanced intrusion detection system.

Installation:

sudo apt install suricata -y

Start Suricata:

sudo systemctl enable --now suricata

🕵️ Rootkit Detection

🔟 Chkrootkit - Rootkit Scanner

Chkrootkit scans the system for known rootkits.

Installation:

sudo apt install chkrootkit -y

Run a scan:

sudo chkrootkit

1️⃣1️⃣ Rkhunter - Rootkit Hunter

Rkhunter detects rootkits, backdoors, and local exploits.

Installation:

sudo apt install rkhunter -y

Scan for rootkits:

sudo rkhunter --check

Conclusion

These tools help enhance Linux security, detect vulnerabilities, and prevent attacks. Regularly updating and using these tools can significantly improve your system’s defense against cyber threats.

🚀 Stay secure and keep learning!

Iphone storage on Linux

Iphone storage on Linux

• On Debian and Ubuntu use the following command sudo apt install usbmuxd libimobiledevice6 libimobiledevice-utils ifuse

• On Fedora or RHEL sudo dnf install libimobiledevice ifuse usbmuxd

Kali Essential Security

Hardening Kali Linux is essential for maintaining security, especially since it is a penetration testing distro that can be a target for attackers.

**0. Change kali-rolling to kali-last-snapshot

It is not explicitly associated with security but it affects it implicitly.

In addition to this it affects the stability of whole system.

deb https://kali.download kali-last-snapshot <keep others here>

1. Update and Upgrade Regularly

Ensure your system is always updated with the latest security patches.

sudo apt update && sudo apt full-upgrade -y

For kernel updates:

sudo apt dist-upgrade -y

Remove unnecessary packages:

sudo apt autoremove -y && sudo apt clean

2. Secure User Accounts and Authentication

Disable Root Login

Kali uses kali as the default user. Ensure root login is disabled.

sudo passwd -l root

Use Strong Passwords

Use a strong password or configure password complexity policies:

sudo apt install libpam-pwquality
sudo nano /etc/security/pwquality.conf

Modify:

minlen = 12
dcredit = -1
ucredit = -1
lcredit = -1
ocredit = -1

Enable Two-Factor Authentication (2FA)

sudo apt install libpam-google-authenticator
google-authenticator

Configure /etc/pam.d/sshd:

auth required pam_google_authenticator.so

Restart SSH:

sudo systemctl restart ssh

3. Configure SSH Securely

Edit SSH config:

sudo nano /etc/ssh/sshd_config

Modify:

PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
UsePAM yes
MaxAuthTries 3
AllowUsers your_username

Restart SSH:

sudo systemctl restart ssh

4. Enable Firewall (UFW)

sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp  # If using SSH
sudo ufw enable
sudo ufw status verbose

5. Enable AppArmor or SELinux

AppArmor (default in Kali):

sudo apt install apparmor apparmor-profiles apparmor-utils -y
sudo systemctl enable --now apparmor

For SELinux (optional):

sudo apt install selinux-basics selinux-policy-default auditd -y
sudo selinux-activate
sudo reboot

6. Configure Automatic Security Updates

Edit:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Add:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

7. Remove Unnecessary Services

List enabled services:

systemctl list-unit-files --type=service | grep enabled

Disable unneeded ones:

sudo systemctl disable avahi-daemon
sudo systemctl disable bluetooth
sudo systemctl disable cups

8. Harden Networking

Disable IPv6 (if not needed)

Edit GRUB:

sudo nano /etc/default/grub

Modify:

GRUB_CMDLINE_LINUX="ipv6.disable=1"

Update GRUB:

sudo update-grub && sudo reboot

Enable SYN Flood Protection

echo "net.ipv4.tcp_syncookies = 1" | sudo tee -a /etc/sysctl.conf

Disable ICMP Responses (Optional)

echo "net.ipv4.icmp_echo_ignore_all = 1" | sudo tee -a /etc/sysctl.conf

Apply changes:

sudo sysctl -p

9. Secure Bootloader

Prevent unauthorized access by setting a GRUB password:

sudo grub-mkpasswd-pbkdf2

Copy the generated hash and add it to /etc/grub.d/40_custom:

sudo nano /etc/grub.d/40_custom

Add:

set superusers="root"
password_pbkdf2 root <hashed-password>

Update GRUB:

sudo update-grub

10. Use Encrypted Disk or LUKS for Sensitive Data

Encrypt a partition:

sudo cryptsetup luksFormat /dev/sdX
sudo cryptsetup luksOpen /dev/sdX secure_data

For full disk encryption, use LUKS during installation.

11. Install an Intrusion Detection System (IDS)

AIDE (File Integrity Monitoring)

sudo apt install aide -y
sudo aideinit
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Check system integrity:

sudo aide --check

Tripwire (Alternative IDS)

sudo apt install tripwire -y

Initialize and configure rules.

12. Harden Browser and Online Privacy

• Use Firefox with NoScript and uBlock Origin.
• Enable DNS over HTTPS (DoH) in Firefox.
• Configure Tor and VPN for anonymous browsing.

13. Secure Logging and Monitoring

Enable Log Rotation

sudo nano /etc/logrotate.conf

Ensure logs are rotated and archived.

Use AuditD for Logging

sudo apt install auditd -y
sudo systemctl enable --now auditd

Check logs:

sudo ausearch -m avc

14. Restrict USB Access (Optional)

To disable USB storage:

echo "blacklist usb-storage" | sudo tee /etc/modprobe.d/usb-storage.conf

Apply changes:

sudo update-initramfs -u && sudo reboot

15. Physical Security Measures

• Disable unattended access (lock screen with Ctrl + Alt + L).
• Use BIOS/UEFI password.
• Disable booting from USB/CD in BIOS.

16. Sandboxing and Isolation

Firejail for Application Isolation

sudo apt install firejail -y
firejail --seccomp firefox

17. Encrypt Swap and TMP

Edit /etc/fstab:

sudo nano /etc/fstab

Add:

tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0

For encrypted swap:

sudo apt install cryptsetup -y
sudo cryptsetup luksFormat /dev/sdX
sudo cryptsetup luksOpen /dev/sdX swap
mkswap /dev/mapper/swap
swapon /dev/mapper/swap

18. Remove Unnecessary Tools

Since Kali comes with many tools, remove what you don’t use:

sudo apt remove wireshark metasploit-framework -y

19. Enable MAC Address Randomization

For better anonymity:

sudo nano /etc/NetworkManager/conf.d/wifi_scan-rand-mac.conf

Add:

[device]
wifi.scan-rand-mac-address=yes

Restart NetworkManager:

sudo systemctl restart NetworkManager

20. Use a Hardened Kernel (Optional)

Consider using the grsecurity or linux-hardened kernel.

Disabling gnome-tracker

Disabling GNOME Tracker and Other Info

=======================================

GNOME’s tracker is a CPU and privacy hog. There’s a pretty good case as to why it’s neither useful nor necessary here: http://lduros.net/posts/tracker-sucks-thanks-tracker/

After discovering it chowing 2 cores, I decided to go about disabling it.

Directories

~/.cache/tracker
~/.local/share/tracker

After wiping and letting it do a fresh index on my almost new desktop, the total size of each of these directories was a whopping 3.9 GB!

Startup Files

On my Ubuntu GNOME setup, I found the following files:

$ ls  /etc/xdg/autostart/tracker-*
/etc/xdg/autostart/tracker-extract.desktop
/etc/xdg/autostart/tracker-miner-fs.desktop
/etc/xdg/autostart/tracker-store.desktop
/etc/xdg/autostart/tracker-miner-apps.desktop
/etc/xdg/autostart/tracker-miner-user-guides.desktop

You can disable these by adding Hidden=true to them. It’s best done in your local .config directory because 1) you don’t need sudo and 2) you are pretty much guaranteed that your changes won’t be blown away by an update.

The tracker Binary

Running tracker will give you a vast array of tools to check on tracker and manage its processes.

$ tracker
usage: tracker [--version] [--help]
               <command> [<args>]

Available tracker commands are:
   daemon    Start, stop, pause and list processes responsible for indexing content
   info      Show information known about local files or items indexed
   index     Backup, restore, import and (re)index by MIME type or file name
   reset     Reset or remove index and revert configurations to defaults
   search    Search for content indexed or show content by type
   sparql    Query and update the index using SPARQL or search, list and tree the ontology
   sql       Query the database at the lowest level using SQL
   status    Show the indexing progress, content statistics and index state
   tag       Create, list or delete tags for indexed content

See 'tracker help <command>' to read about a specific subcommand.

Non-Invasive Disable Cheat Sheet

This disables everything but tracker-store, which even though it has a .desktop file, seems tenacious and starts up anyway. However, nothing gets indexed.

tracker daemon -t
cd ~/.config/autostart
cp -v /etc/xdg/autostart/tracker-*.desktop ./
for FILE in tracker-*.desktop; do echo Hidden=true >> $FILE; done
rm -rf ~/.cache/tracker ~/.local/share/tracker

Note that tracker daemon -t is for graceful termination. If you are having issues terminating processes or just want to take your frustration out, tracker daemon -k immediately kills all processes.

After this is done, tracker-store will still start on the next boot. However, nothing will be indexed. Your disk and CPU will be better for wear.

$ tracker status
Currently indexed: 0 files, 0 folders
Remaining space on database partition: 123 GB (78.9%)
All data miners are idle, indexing complete

Other References

• https://wiki.gnome.org/Projects/Tracker/
• https://wiki.ubuntu.com/Tracker
• http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s05.html