TuxResponse - Linux Incident Response

TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems and enable you to triage systems quickly, while not compromising with the results. Usually corporate systems would have some kind of monitoring and control, but there are exceptions due to shadow IT and non-standard images deployed in corps. What amounts to typing of 10 commands with trial end testing, can be done in a press of a button. Tested on: Ubuntu 14+ CentOS 7+ Primary purpose: Take advantage of built-in tools and functionality in Linux (tools like dd, awk, grep, cat, netstat, etc) Reduce the amount of commands incident responder needs to remember/use in response scenario. Automation External tools in the package: LiME Exif Chckrootkit Yara + Linux scanning rules (needs network to fetch the repo) Example automation: INSTALL LiME function init_lime(){ if [ -f /usr/bin/yum ]; then yum -y....