Pipes and Redirection
LikeDOS, Linux allows you to redirect the output of a command from the standard output (usually the display or "console") to another device or file. This is useful for tasks like creating an output file that contains a list of files on a mounted volume, or in a directory. For example:
ls -al > filelist.txt
The above command would output a long list of all the files in the current directory. Instead of outputting the list to the console, a new file called "filelist.txt" will be created that will contain the list. If the file "filelist.txt" already existed, then it will be overwritten. Use the following command to append the output of the command to the existing file, instead of overwriting it:
ls -al >> filelist.txt
Another useful tool similar to that available on DOS is thecommand pipe. The command pipe takes the output of one command and "pipes" it straight to the input of another command. This is an extremely powerful tool for the command line. Look at the following process list:
ps -ax
PID TTY STAT TIME COMMAND
1 ? S 0:04 init
232 ? S 0:00 syslogd -m 0
271 ? S 0:00 inetd
tty1 SW 0:00 [login]
tty2 S 0:00 login -- root
tty3 SW 0:00 [mingetty] 340 tty1 SW 0:00 [bash]
353 tty1 SW 0:00 [startx]
tty1 SW 0:00 [xinit]
? R 2:41 /etc/X11/X :0 -auth /home/barry/.Xauthority
519 pts/0 S 0:00 bash
2490 tty2 S 0:00 -bash
2727 pts/1 R 0:00 ps -ax
What if all you wanted to see were those processes ID's that indicated a bash shell? You could "pipe" the output ofpsto the input ofgrep, specifying "bash" as the pattern for grep to search. The result would give you only those lines of the output frompsthat contained the pattern "bash".
ps -ax | grep bash
340 tty1 SW 0:00 [bash] 519 pts/0 S 0:00 bash
2490 tty2 S 0:00 -bash
A little later on we will cover using pipes on the command line to help with analysis. Stringing multiple powerful commands together is one of using Linux for forensic analysis.