master
Raw Download raw file

Linux based survey

Situational Awarness

  • date
  • date -u
  • id
  • ifconfig -a
  • w
  • last
  • ps -ef --sort start_time

Security Status (SELinux)

  • sestatus
  • getenforce

Network Triage

  • hostname
  • netstat -antup - only add p process flag if you are root
  • lsof -p [pids of listening processes]
  • netstat -nr
  • arp -v
  • cat /etc/resolv.conf
  • cat /etc/sysconfig/network
  • cat /etc/sysconfig/network-scripts/ifcfg-*
  • iptables -vL -t filter
  • iptables -vL -t nat
  • iptables -vL -t mangle
  • iptables -vL -t raw
  • iptables -vL -t security
  • ip neighbor show
  • ip route show
  • ip address show
  • ip link show
  1. On disk network config
    • cat /etc/sysconfig/network-scripts/ifcfg-<interface name>
    • cat /etc/sysconfig/network-scripts/route-<interface name>
    • ls /etc/sysconfig/networking/devices/ # additional configs
    • ls /etc/sysconfig/networking/profiles/default # additional configs

System Profiling

  • vmstat
  • free
  • uptime
  • hostid
  • uname -a
  • runlevel
  • cat /proc/cpuinfo (psrinfo -v #solaris)
  • lsmod (modinfo -c #solaris)
  • df -h

Startup / Running

  • history
  • cat /etc/inittab
  • chkconfig --list
  • sort <(services --status-all) <(chkconfig --list | grep :3)
  • ls -latr /etc/rc.d/rc3.d/
  • ls -latr /etc/cron*
  • ls -latr /var/spool/*

Disk / User Triage

show the contents of all directories which have ‘bin’ in them

  • find / -maxdepth 3 -name *bin -type d 2>/dev/null | xargs ls -l
  • cat /etc/passwd
  • ls -latr /root
  • ls -latr /home/*
  • ls -latr /export/home/*
  • ls -latr /tmp
  • cat <FILE> with FILE:
    • /root/.bash_history
    • /root/.history
    • /home/<USER>/.bash_history
    • /home/<USER>/.history
      • or just do: ls -1 /home/*/\.*history /root/\.*history | xargs tail -n +1
  • ls -latr /var/log