System/Kernel
[elliot@insanityhosting ~]$ uname -a ; cat /etc/*release
Linux insanityhosting.vm 3.10.0-1127.18.2.el7.x86_64 #1 SMP Sun Jul 26 15:27:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.8.2003 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)3.10.0-1127.18.2.el7.x86_64x86_64CentOS Linux 7 (Core)
Networks
[elliot@insanityhosting ~]$ ip route ; arp -a
default via 192.168.103.254 dev ens256 proto static metric 100
192.168.103.0/24 dev ens256 proto kernel scope link src 192.168.103.124 metric 100
-bash: arp: command not found[elliot@insanityhosting ~]$ ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:10000 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 50 *:3306 *:*
tcp LISTEN 0 100 *:143 *:*
tcp LISTEN 0 128 *:10000 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 10 127.0.0.1:25 *:*
tcp LISTEN 0 100 *:993 *:*
tcp LISTEN 0 128 127.0.0.1:9000 *:*
tcp LISTEN 0 100 [::]:143 [::]:*
tcp LISTEN 0 128 [::]:80 [::]:*
tcp LISTEN 0 32 [::]:21 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 100 [::]:993 [::]:* *:3306*:143*:10000127.0.0.1:25*:993127.0.0.1:9000UDP 127.0.0.1:323
Users & Groups
[elliot@insanityhosting ~]$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin
admin:x:1000:1000::/home/admin:/bin/bash
saslauth:x:997:76:Saslauthd user:/run/saslauthd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:996:994:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
otis:x:1001:1001::/home/otis:/sbin/nologin
nicholas:x:1002:1002::/home/nicholas:/bin/bash
elliot:x:1003:1003::/home/elliot:/bin/bash
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
dockerroot:x:995:993:Docker User:/var/lib/docker:/sbin/nologin
monitor:x:1004:1004::/home/monitor:/bin/bash
total 0
drwx------. 2 admin admin 62 Aug 16 2020 admin
drwx------. 4 elliot elliot 128 Dec 15 2020 elliot
drwx------. 3 monitor monitor 99 Aug 16 2020 monitor
drwx------. 2 nicholas nicholas 83 Aug 16 2020 nicholas
drwx------. 3 otis otis 95 Aug 16 2020 otisadminotisnicholasmonitor
[elliot@insanityhosting ~]$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(bin) gid=1(bin) groups=1(bin)
uid=2(daemon) gid=2(daemon) groups=2(daemon)
uid=3(adm) gid=4(adm) groups=4(adm)
uid=4(lp) gid=7(lp) groups=7(lp)
uid=5(sync) gid=0(root) groups=0(root)
uid=6(shutdown) gid=0(root) groups=0(root)
uid=7(halt) gid=0(root) groups=0(root)
uid=8(mail) gid=12(mail) groups=12(mail)
uid=11(operator) gid=0(root) groups=0(root)
uid=12(games) gid=100(users) groups=100(users)
uid=14(ftp) gid=50(ftp) groups=50(ftp)
uid=99(nobody) gid=99(nobody) groups=99(nobody)
uid=192(systemd-network) gid=192(systemd-network) groups=192(systemd-network)
uid=81(dbus) gid=81(dbus) groups=81(dbus)
uid=999(polkitd) gid=998(polkitd) groups=998(polkitd)
uid=74(sshd) gid=74(sshd) groups=74(sshd)
uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail)
uid=998(chrony) gid=996(chrony) groups=996(chrony)
uid=48(apache) gid=48(apache) groups=48(apache)
uid=27(mysql) gid=27(mysql) groups=27(mysql)
uid=1000(admin) gid=1000(admin) groups=1000(admin)
uid=997(saslauth) gid=76(saslauth) groups=76(saslauth)
uid=97(dovecot) gid=97(dovecot) groups=97(dovecot),12(mail)
uid=996(dovenull) gid=994(dovenull) groups=994(dovenull)
uid=47(mailnull) gid=47(mailnull) groups=47(mailnull)
uid=51(smmsp) gid=51(smmsp) groups=51(smmsp)
uid=1001(otis) gid=1001(otis) groups=1001(otis)
uid=1002(nicholas) gid=1002(nicholas) groups=1002(nicholas),993(dockerroot)
uid=1003(elliot) gid=1003(elliot) groups=1003(elliot)
uid=59(tss) gid=59(tss) groups=59(tss)
uid=995(dockerroot) gid=993(dockerroot) groups=993(dockerroot)
uid=1004(monitor) gid=1004(monitor) groups=1004(monitor)uid=1000(admin) gid=1000(admin) groups=1000(admin)uid=1001(otis) gid=1001(otis) groups=1001(otis)uid=1002(nicholas) gid=1002(nicholas) groups=1002(nicholas),993(dockerroot)uid=1003(elliot) gid=1003(elliot) groups=1003(elliot)uid=1004(monitor) gid=1004(monitor) groups=1004(monitor)
SUIDs
[elliot@insanityhosting ~]$ find / -perm -04000 -ls -type f 2>/dev/null | grep -v '/snap'
25485669 24 -rws--x--x 1 root root 23968 Apr 1 2020 /usr/bin/chfn
25485672 24 -rws--x--x 1 root root 23880 Apr 1 2020 /usr/bin/chsh
25422847 76 -rwsr-xr-x 1 root root 73888 Aug 9 2019 /usr/bin/chage
25422848 80 -rwsr-xr-x 1 root root 78408 Aug 9 2019 /usr/bin/gpasswd
25422851 44 -rwsr-xr-x 1 root root 41936 Aug 9 2019 /usr/bin/newgrp
25508009 44 -rwsr-xr-x 1 root root 44264 Apr 1 2020 /usr/bin/mount
25508024 32 -rwsr-xr-x 1 root root 32128 Apr 1 2020 /usr/bin/su
25508028 32 -rwsr-xr-x 1 root root 31984 Apr 1 2020 /usr/bin/umount
25628996 144 ---s--x--x 1 root root 147336 Apr 1 2020 /usr/bin/sudo
25548135 60 -rwsr-xr-x 1 root root 57656 Aug 9 2019 /usr/bin/crontab
25532341 24 -rwsr-xr-x 1 root root 23576 Apr 1 2020 /usr/bin/pkexec
25628962 28 -rwsr-xr-x 1 root root 27856 Apr 1 2020 /usr/bin/passwd
26539908 32 -rwsr-xr-x 1 root root 32096 Oct 30 2018 /usr/bin/fusermount
476691 36 -rwsr-xr-x 1 root root 36272 Apr 1 2020 /usr/sbin/unix_chkpwd
476689 12 -rwsr-xr-x 1 root root 11232 Apr 1 2020 /usr/sbin/pam_timestamp_check
553380 12 -rwsr-xr-x 1 root root 11296 Apr 1 2020 /usr/sbin/usernetctl
1742465 40 -rws--x--x 1 root root 40328 Aug 9 2019 /usr/sbin/userhelper
553306 16 -rwsr-xr-x 1 root root 15432 Apr 1 2020 /usr/lib/polkit-1/polkit-agent-helper-1
553280 60 -rwsr-x--- 1 root dbus 57936 Jul 13 2020 /usr/libexec/dbus-1/dbus-daemon-launch-helperSGIDs
[elliot@insanityhosting ~]$ find / -type f -perm -02000 -ls 2>/dev/null | grep -v '/snap'
25190637 16 -r-xr-sr-x 1 root tty 15344 Jun 10 2014 /usr/bin/wall
25508034 20 -rwxr-sr-x 1 root tty 19544 Apr 1 2020 /usr/bin/write
25602221 376 ---x--s--x 1 root nobody 382216 Aug 9 2019 /usr/bin/ssh-agent
26165212 20 -rwxr-sr-x 1 root mail 19824 Nov 28 2017 /usr/bin/lockfile
25602316 40 -rwx--s--x 1 root slocate 40520 Apr 11 2018 /usr/bin/locate
553343 12 -rwxr-sr-x 1 root root 11224 Apr 1 2020 /usr/sbin/netreport
635426 216 -rwxr-sr-x 1 root postdrop 218560 Apr 1 2020 /usr/sbin/postdrop
635433 260 -rwxr-sr-x 1 root postdrop 264128 Apr 1 2020 /usr/sbin/postqueue
1053821 820 -rwxr-sr-x 1 root smmsp 836920 Apr 1 2020 /usr/sbin/sendmail.sendmail
25436133 12 -rwx--s--x 1 root utmp 11192 Jun 10 2014 /usr/libexec/utempter/utempter
564029 456 ---x--s--x 1 root ssh_keys 465760 Aug 9 2019 /usr/libexec/openssh/ssh-keysignCapabilities
[elliot@insanityhosting ~]$ getcap -r / 2>/dev/null
/usr/bin/newgidmap = cap_setgid+ep
/usr/bin/newuidmap = cap_setuid+ep
/usr/bin/ping = cap_net_admin,cap_net_raw+p
/usr/sbin/arping = cap_net_raw+p
/usr/sbin/clockdiff = cap_net_raw+p
/usr/sbin/suexec = cap_setgid,cap_setuid+epProcesses
[elliot@insanityhosting ~]$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.3 125508 3976 ? Ss 13:00 0:00 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root 485 0.0 0.1 37236 2000 ? Ss 13:00 0:00 /usr/lib/systemd/systemd-journald
root 503 0.0 0.1 190376 1336 ? Ss 13:00 0:00 /usr/sbin/lvmetad -f
root 509 0.0 0.1 45028 1948 ? Ss 13:00 0:00 /usr/lib/systemd/systemd-udevd
polkitd 634 0.0 1.1 613024 11960 ? Ssl 13:00 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 635 0.0 0.1 26384 1764 ? Ss 13:00 0:00 /usr/lib/systemd/systemd-logind
root 636 0.0 0.6 99692 6184 ? Ss 13:00 0:00 /usr/bin/VGAuthService -s
root 637 0.0 0.7 314624 7388 ? Ssl 13:00 0:00 /usr/bin/vmtoolsd
dbus 640 0.0 0.2 58244 2468 ? Ss 13:00 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
chrony 643 0.0 0.1 117808 1744 ? S 13:00 0:00 /usr/sbin/chronyd
root 659 0.0 0.1 126384 1576 ? Ss 13:00 0:00 /usr/sbin/crond -n
root 666 0.0 2.9 358972 29616 ? Ssl 13:00 0:00 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
root 667 0.0 0.0 110204 852 tty1 Ss+ 13:00 0:00 /sbin/agetty --noclear tty1 linux
root 1001 0.0 1.6 417580 16832 ? Ss 13:00 0:00 /usr/sbin/httpd -DFOREGROUND
root 1002 0.0 0.0 115956 636 ? Ss 13:00 0:00 /usr/bin/rhsmcertd
root 1004 0.0 1.5 483920 15364 ? Ss 13:00 0:00 php-fpm: master process (/etc/opt/remi/php72/php-fpm.conf)
root 1005 0.0 1.9 586440 20112 ? Ssl 13:00 0:00 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
root 1006 0.0 0.4 112924 4308 ? Ss 13:00 0:00 /usr/sbin/sshd -D
root 1010 0.0 0.3 220920 3268 ? Ssl 13:00 0:00 /usr/sbin/rsyslogd -n
root 1021 0.0 0.0 53288 576 ? Ss 13:00 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
apache 1082 0.0 0.7 483920 7376 ? S 13:00 0:00 php-fpm: pool www
mysql 1088 0.0 0.1 113412 1596 ? Ss 13:00 0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
apache 1133 0.0 0.9 417580 9136 ? S 13:00 0:00 /usr/sbin/httpd -DFOREGROUND
mysql 1314 0.0 9.0 971032 92200 ? Sl 13:00 0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
root 1437 0.0 2.1 92260 21904 ? Ss 13:00 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 1984 0.0 0.1 16084 1152 ? Ss 13:01 0:00 /usr/sbin/dovecot
dovecot 1986 0.0 0.1 9748 1112 ? S 13:01 0:00 dovecot/anvil
root 1987 0.0 0.1 9880 1296 ? S 13:01 0:00 dovecot/log
root 1989 0.0 0.2 12912 2368 ? S 13:01 0:00 dovecot/config
root 2248 0.0 0.8 476796 8964 ? Ssl 13:02 0:00 /usr/sbin/NetworkManager --no-daemon
root 2341 0.0 0.2 88848 2684 ? Ss 13:02 0:00 sendmail: accepting connections
smmsp 2358 0.0 0.1 84284 1920 ? Ss 13:02 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root 2407 0.0 0.6 161536 6188 ? Ss 13:03 0:00 sshd: elliot [priv]
elliot 2409 0.0 0.2 161536 2328 ? S 13:03 0:00 sshd: elliot@pts/0
elliot 2410 0.0 0.1 115516 1968 pts/0 Ss 13:03 0:00 -bash
elliot 2561 0.0 0.1 155444 1760 pts/0 R+ 13:06 0:00 ps -auxwwwchrony 643 0.0 0.1 117808 1744 ? S 13:00 0:00 /usr/sbin/chronydroot 659 0.0 0.1 126384 1576 ? Ss 13:00 0:00 /usr/sbin/crond -nroot 666 0.0 2.9 358972 29616 ? Ssl 13:00 0:00 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopidroot 1001 0.0 1.6 417580 16832 ? Ss 13:00 0:00 /usr/sbin/httpd -DFOREGROUNDroot 1002 0.0 0.0 115956 636 ? Ss 13:00 0:00 /usr/bin/rhsmcertdroot 1021 0.0 0.0 53288 576 ? Ss 13:00 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.confmysql 1314 0.0 9.0 971032 92200 ? Sl 13:00 0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sockroot 1437 0.0 2.1 92260 21904 ? Ss 13:00 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.confroot 1984 0.0 0.1 16084 1152 ? Ss 13:01 0:00 /usr/sbin/dovecotdovecot 1986 0.0 0.1 9748 1112 ? S 13:01 0:00 dovecot/anvilroot 1987 0.0 0.1 9880 1296 ? S 13:01 0:00 dovecot/logroot 1989 0.0 0.2 12912 2368 ? S 13:01 0:00 dovecot/config
Cron & Systemd
[elliot@insanityhosting ~]$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for elliot
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
NEXT LEFT LAST PASSED UNIT ACTIVATES
Fri 2025-07-04 13:15:05 BST 7min left n/a n/a systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.Services
[elliot@insanityhosting ~]$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
session-5.scope loaded active running Session 5 of user elliot
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
dovecot.service loaded active running Dovecot IMAP/POP3 email server
firewalld.service loaded active running firewalld - dynamic firewall daemon
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
mariadb.service loaded active running MariaDB database server
NetworkManager.service loaded active running Network Manager
php72-php-fpm.service loaded active running The PHP FastCGI Process Manager
polkit.service loaded active running Authorization Manager
rhsmcertd.service loaded active running Enable periodic update of entitlement certificates.
rsyslog.service loaded active running System Logging Service
sendmail.service loaded active running Sendmail Mail Transport Agent
sm-client.service loaded active running Sendmail Mail Transport Client
sshd.service loaded active running OpenSSH server daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-udevd.service loaded active running udev Kernel Device Manager
tuned.service loaded active running Dynamic System Tuning Daemon
vgauthd.service loaded active running VGAuth Service for open-vm-tools
vmtoolsd.service loaded active running Service for virtual machines hosted on VMware
vsftpd.service loaded active running Vsftpd ftp daemon
webmin.service loaded active running LSB: web-based administration interface for Unix systems
dbus.socket loaded active running D-Bus System Message Bus Socket
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
33 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.chronyd.servicecrond.servicedovecot.servicefirewalld.servicehttpd.servicemariadb.servicerhsmcertd.servicesendmail.servicevsftpd.service
Sudo Version
[elliot@insanityhosting ~]$ sudo --version
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23Sudo version 1.8.23
Glibc Version
[elliot@insanityhosting ~]$ ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (GNU libc) 2.17