Commit a369e44
Changed files (2)
unix
unix/meta/survey_linux.md
@@ -39,6 +39,7 @@
* `uptime`
* `hostid`
* `uname -a`
+* `runlevel`
* `cat /proc/cpuinfo (psrinfo -v #solaris)`
* `lsmod (modinfo -c #solaris)`
* `df -h`
@@ -59,11 +60,13 @@
* `ls -latr /root`
* `ls -latr /home/*`
* `ls -latr /export/home/*`
+* `ls -latr /tmp`
* `cat <FILE>` with FILE:
* `/root/.bash_history`
* `/root/.history`
* `/home/<USER>/.bash_history`
* `/home/<USER>/.history`
- or just do:
+ * or just do: `ls -1 /home/*/\.*history /root/\.*history | xargs tail -n +1`
+* `ls -latr /var/log`
unix/meta/survey_solaris.md
@@ -0,0 +1,58 @@
+## Linux based survey
+
+
+### Situational Awarness
+* `date`
+* `date -u `
+* `id`
+* `ifconfig -a `
+* `w`
+* `last`
+* `ps -elf`
+
+## Network Triage
+* `hostname`
+* `netstat -anP tcp`
+* `netstat -anP udp`
+* `pfiles [pids of listening processes]`
+* `netstat -nr`
+* `ls -1 /proc | xargs pfiles | egrep '^[0-9]|AF_INET'`
+* `arp -an`
+* `cat /etc/resolv.conf`
+* TODO: on disk network config
+* TODO: solaris filewall
+
+### System Profiling
+* `vmstat`
+* `uptime`
+* `hostid`
+* `uname -a`
+* `who -r` *runlevel*
+* `psrinfo -v`
+* `modinfo -c`
+* `prtpicl`
+* `df -h`
+
+### Startup / Running
+* `history`
+* `cat /etc/inittab`
+* TODO: list running and config'd to run services
+* `ls -latr /etc/rc.d/rc3.d/`
+* `ls -latr /etc/cron*`
+* `ls -latr /var/spool/* `
+
+### Disk / User Triage
+# show the contents of all directories which have 'bin' in them
+* `find / -maxdepth 3 -name *bin -type d 2>/dev/null | xargs ls -l`
+* `cat /etc/passwd`
+* `ls -latr /root`
+* `ls -latr /home/*`
+* `ls -latr /export/home/*`
+* `ls -latr /tmp`
+* `cat <FILE>` with FILE:
+ * `/.bash_history`
+ * `/.history`
+ * `/export/home/<USER>/.bash_history`
+ * `/export/home/<USER>/.history`
+* `ls -latr /var/log`
+* `ls -latr /var/adm`