Commit 4923d3a
Changed files (2)
unix
meta
unix/meta/survey.md
@@ -1,56 +0,0 @@
-CentOS
-
-date
-
-### Situational Awarness
-ifconfig -a
-cat /etc/resolv.conf
-cat /etc/sysconfig/network
-cat /etc/sysconfig/network-scripts/ifcfg-*
-w
-last
-ps -ef
-
-## Network Triage
-hostname
-netstat -antup
-lsof -p [pids of listening processes]
-netstat -nr
-arp -a
-iptables -vL -t filter
-iptables -vL -t nat
-iptables -vL -t mangle
-iptables -vL -t raw
-iptables -vL -t security
-
-ip neighbor show
-ip route show
-ip address show
-ip link show
-
-### Security Status
-sestatus
-getenforce
-
-### System Profiling
-vmstat
-free
-uptime
-hostid
-uname -a
-cat /proc/cpuinfo (psrinfo -v #solaris)
-lsmod (modinfo -c #solaris)
-
-### Startup / Running
-history
-cat /etc/inittab
-chkconfig --list
-sort <(services --status-all) <(chkconfig --list | grep :3)
-ls -lart /etc/rc.d/rc3.d/
-ls -al /etc/cron*
-
-### Disk Triage
-# show the contents of all directories which have 'bin' in them
-find / -maxdepth 3 -name *bin -type d 2>/dev/null | xargs ls -l
-cat /etc/passwd
-
unix/meta/survey_linux.md
@@ -0,0 +1,69 @@
+## Linux based survey
+
+
+### Situational Awarness
+* `date`
+* `date -u `
+* `id`
+* `ifconfig -a `
+* `w`
+* `last`
+* `ps -ef --sort start_time`
+
+### Security Status (SELinux)
+* `sestatus`
+* `getenforce`
+
+## Network Triage
+* `hostname`
+* `netstat -antup` - only add `p` process flag if you are root
+* `lsof -p [pids of listening processes]`
+* `netstat -nr`
+* `arp -v`
+* `cat /etc/resolv.conf`
+* `cat /etc/sysconfig/network`
+* `cat /etc/sysconfig/network-scripts/ifcfg-*`
+* `iptables -vL -t filter`
+* `iptables -vL -t nat`
+* `iptables -vL -t mangle`
+* `iptables -vL -t raw`
+* `iptables -vL -t security`
+* `ip neighbor show`
+* `ip route show`
+* `ip address show`
+* `ip link show`
+
+### System Profiling
+* `vmstat`
+* `free`
+* `uptime`
+* `hostid`
+* `uname -a`
+* `cat /proc/cpuinfo (psrinfo -v #solaris)`
+* `lsmod (modinfo -c #solaris)`
+* `df -h`
+
+### Startup / Running
+* `history`
+* `cat /etc/inittab`
+* `chkconfig --list`
+* `sort <(services --status-all) <(chkconfig --list | grep :3)`
+* `ls -latr /etc/rc.d/rc3.d/`
+* `ls -latr /etc/cron*`
+* `ls -latr /var/spool/* `
+
+### Disk / User Triage
+# show the contents of all directories which have 'bin' in them
+* `find / -maxdepth 3 -name *bin -type d 2>/dev/null | xargs ls -l`
+* `cat /etc/passwd`
+* `ls -latr /root`
+* `ls -latr /home/*`
+* `ls -latr /export/home/*`
+* `cat <FILE>` with FILE:
+ * `/root/.bash_history`
+ * `/root/.history`
+ * `/home/<USER>/.bash_history`
+ * `/home/<USER>/.history`
+ or just do:
+
+