Table of Contents
Though not required, the Network Security Toolkit has a full set of tools for accessing various file systems. If you are already familiar with the mount command you may want to skip this section (though I'd recommend skimming through Loopback Tricks).
If you use your Network Security Toolkit probe to mount and umount a lot file systems, its easy to lose track of what file systems you currently have mounted. The mount and df -k commands are very useful in determing what file systems are currently available (and where they map).
The following was invoked after I'd been playing around
with the -rdir DIRECTORY option to the
/usr/local/bin/setup_snort script.
Figure 4.1. Finding Mounted File Systems
[root@probe root]#mount/dev/ram on / type ext2 (rw) none on /proc type proc (rw) none on /dev/pts type devpts (rw,gid=5,mode=620) none on /dev/shm type tmpfs (rw) /dev/cdrom on /mnt/cdrom type iso9660 (ro,nosuid,nodev) usbdevfs on /proc/bus/usb type usbdevfs (rw) //rice/public on /mnt/samba type smbfs (0) /mnt/samba/tmp/nst/loop-ext3 on /mnt/loop type ext3 (rw,sync,loop=/dev/loop0) /dev/sda1 on /mnt/nst type vfat (rw)[root@probe root]#df -kFilesystem 1K-blocks Used Available Use% Mounted on /dev/ram 63461 31459 32002 50% / none 159972 0 159972 0% /dev/shm /dev/cdrom 490464 490464 0 100% /mnt/cdrom //rice/public 20161024 18031616 2129408 90% /mnt/samba /mnt/samba/tmp/nst/loop-ext3 198337 20597 167500 11% /mnt/loop /dev/sda1 127716 90318 37398 71% /mnt/nst[root@probe root]#
From the above ouput, I see that I have a samba file
system (//rice/public - a shared folder on
a Windows machine) mounted to the directory
/mnt/samba). In addition, I see that I have
a file on this shared folder mounted as a loop back device at
/mnt/loop (this reminds me that I was still
experimenting with keeping a permanent copy of the snort
logs using space on a shared folder from a Windows
machine).
I can also tell that my thumb drive is
71% full (OK it's not
technically my thumb drive - I borrowed my
wife's MP3 player).