On Fri, Aug 05, 2022 at 05:45:53PM +0200, Uwe Brauer via Gnupg-users wrote:
1. just for the first very rough analysis what is a convenient command to
get a list of files that have high entropy?
The first step might be to install tripwire and only check files, which
tripwire reports as changed. See "man tripwire" after installing it.
Regarding your attempt to find candidate files:
find . -iname '*.*' -follow -print -exec ent {} \;
Files don't need to have a dot in their name. But they might have unusual
characters in their names instead. So you might actually want to use
find -type f -print0 | xargs -0 ent
Tip: "man find" and "man xargs" describe what those zeroes mean.
So I am not sure what is the best line, but the question boils down to
this, anybody know enough sed or awk or whatsoever to tell me how ot filter the
ent output?
Gentle suggestion: you'd need to learn such basic usage yourself, before
you rely on them as a tool. especially when attempting to secure your
systems.
Tips (for example):
https://www.amazon.de/Learning-Perl-Making-Things-Possible/dp/1492094951 or
https://www.amazon.de/Effective-awk-Programming-Universal-Processing/dp/1491904615
Regards, JC
--
Experience is the worst teacher. It always gives the test first and the
instruction afterward.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
