System/Kernel
webadmin@serv:~$ uname -a ; cat /etc/*release
Linux serv 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"
NAME="Ubuntu"
VERSION="20.04 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal5.4.0-42-genericx86_64Ubuntu 20.04 LTS (Focal Fossa)
Networks
webadmin@serv:~$ ip route ; /sbin/arp -a
default via 192.168.120.254 dev ens192 proto static
192.168.120.0/24 dev ens192 proto kernel scope link src 192.168.120.101
-bash: /sbin/arp: No such file or directorywebadmin@serv:~$ ss -tunlp4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* Users & Groups
webadmin@serv:~$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:110::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
landscape:x:109:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:110:1::/var/cache/pollinate:/bin/false
sshd:x:111:65534::/run/sshd:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
florianges:x:1000:1000:florianges:/home/florianges:/bin/bash
lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
proftpd:x:112:65534::/run/proftpd:/usr/sbin/nologin
ftp:x:113:65534::/srv/ftp:/usr/sbin/nologin
webadmin:$1$webadmin$3sXBxGUtDGIFAcnNTNhi6/:1001:1001:webadmin,,,:/home/webadmin:/bin/bash
total 16
drwxr-xr-x 4 root root 4096 Aug 2 2020 ./
drwxr-xr-x 21 root root 4096 Sep 28 2020 ../
drwxr-xr-x 2 florianges florianges 4096 Sep 28 2020 florianges/
drwxr-xr-x 3 webadmin webadmin 4096 Apr 27 16:36 webadmin/florianges
webadmin@serv:~$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=102(systemd-timesync) gid=104(systemd-timesync) groups=104(systemd-timesync)
uid=103(messagebus) gid=106(messagebus) groups=106(messagebus)
uid=104(syslog) gid=110(syslog) groups=110(syslog),4(adm)
uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=106(tss) gid=111(tss) groups=111(tss)
uid=107(uuidd) gid=112(uuidd) groups=112(uuidd)
uid=108(tcpdump) gid=113(tcpdump) groups=113(tcpdump)
uid=109(landscape) gid=115(landscape) groups=115(landscape)
uid=110(pollinate) gid=1(daemon) groups=1(daemon)
uid=111(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump)
uid=1000(florianges) gid=1000(florianges) groups=1000(florianges),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd)
uid=998(lxd) gid=100(users) groups=100(users)
uid=112(proftpd) gid=65534(nogroup) groups=65534(nogroup)
uid=113(ftp) gid=65534(nogroup) groups=65534(nogroup)
uid=1001(webadmin) gid=1001(webadmin) groups=1001(webadmin)uid=1000(florianges) gid=1000(florianges) groups=1000(florianges),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd)uid=1001(webadmin) gid=1001(webadmin) groups=1001(webadmin)
SUIDs
webadmin@serv:~$ find / -perm -04000 -ls -type f 2>/dev/null | grep -v '/snap'
1835828 56 -rwsr-xr-x 1 root root 55528 Apr 2 2020 /usr/bin/mount
1835497 56 -rwsr-sr-x 1 daemon daemon 55560 Nov 12 2018 /usr/bin/at
1836098 164 -rwsr-xr-x 1 root root 166056 Feb 3 2020 /usr/bin/sudo
1835694 88 -rwsr-xr-x 1 root root 88464 Apr 16 2020 /usr/bin/gpasswd
1836167 40 -rwsr-xr-x 1 root root 39144 Apr 2 2020 /usr/bin/umount
1835896 32 -rwsr-xr-x 1 root root 31032 Aug 16 2019 /usr/bin/pkexec
1835565 84 -rwsr-xr-x 1 root root 85064 Apr 16 2020 /usr/bin/chfn
1835676 40 -rwsr-xr-x 1 root root 39144 Mar 7 2020 /usr/bin/fusermount
1835842 44 -rwsr-xr-x 1 root root 44784 Apr 16 2020 /usr/bin/newgrp
1836097 68 -rwsr-xr-x 1 root root 67816 Apr 2 2020 /usr/bin/su
1835571 52 -rwsr-xr-x 1 root root 53040 Apr 16 2020 /usr/bin/chsh
1835875 68 -rwsr-xr-x 1 root root 68208 Apr 16 2020 /usr/bin/passwd
1847273 464 -rwsr-xr-x 1 root root 473576 May 29 2020 /usr/lib/openssh/ssh-keysign
1836381 16 -rwsr-xr-x 1 root root 14488 Jul 8 2019 /usr/lib/eject/dmcrypt-get-device
1835490 52 -rwsr-xr-- 1 root messagebus 51344 Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
1836596 24 -rwsr-xr-x 1 root root 22840 Aug 16 2019 /usr/lib/policykit-1/polkit-agent-helper-1SGIDs
webadmin@serv:~$ find / -perm -02000 -ls -type f 2>/dev/null | grep -v '/snap'
310 0 drwxr-sr-x 2 root systemd-journal 40 Mar 1 09:44 /run/log/journal
1841601 4 drwxrwsr-x 3 root staff 4096 Apr 23 2020 /usr/local/lib/python3.8
1841602 4 drwxrwsr-x 2 root staff 4096 Apr 23 2020 /usr/local/lib/python3.8/dist-packages
1847267 344 -rwxr-sr-x 1 root ssh 350504 May 29 2020 /usr/bin/ssh-agent
1835497 56 -rwsr-sr-x 1 daemon daemon 55560 Nov 12 2018 /usr/bin/at
1835510 16 -rwxr-sr-x 1 root tty 14488 Mar 30 2020 /usr/bin/bsd-write
1836209 36 -rwxr-sr-x 1 root tty 35048 Apr 2 2020 /usr/bin/wall
1847552 48 -rwxr-sr-x 1 root mlocate 47344 Jul 16 2019 /usr/bin/mlocate
1835560 84 -rwxr-sr-x 1 root shadow 84512 Apr 16 2020 /usr/bin/chage
1835658 32 -rwxr-sr-x 1 root shadow 31312 Apr 16 2020 /usr/bin/expiry
1835595 44 -rwxr-sr-x 1 root crontab 43720 Feb 13 2020 /usr/bin/crontab
1970856 16 -rwxr-sr-x 1 root utmp 14648 Sep 30 2019 /usr/lib/x86_64-linux-gnu/utempter/utempter
1841952 44 -rwxr-sr-x 1 root shadow 43160 Dec 17 2019 /usr/sbin/unix_chkpwd
1841905 44 -rwxr-sr-x 1 root shadow 43168 Dec 17 2019 /usr/sbin/pam_extrausers_chkpwd
266762 4 drwxrwsr-x 2 root staff 4096 Apr 15 2020 /var/local
266764 4 drwxrwsr-x 2 root mail 4096 Apr 23 2020 /var/mail
267589 4 drwxr-sr-x 3 root systemd-journal 4096 Aug 2 2020 /var/log/journal
265260 4 drwxr-sr-x 2 root systemd-journal 4096 Apr 27 16:36 /var/log/journal/b199c01406dc4bcfb14a99508db659ebCapabilities
webadmin@serv:~$ getcap -r / 2>/dev/null
/usr/bin/mtr-packet = cap_net_raw+ep
/usr/bin/traceroute6.iputils = cap_net_raw+ep
/usr/bin/ping = cap_net_raw+ep
/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper = cap_net_bind_service,cap_net_admin+epProcesses
webadmin@serv:~$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 1.1 104260 11856 ? Ss 15:27 0:01 /sbin/init maybe-ubiquity
root 424 0.0 2.2 67924 22308 ? S<s 15:27 0:00 /lib/systemd/systemd-journald
root 457 0.0 0.7 23328 7268 ? Ss 15:27 0:01 /lib/systemd/systemd-udevd
root 577 0.0 1.7 345752 17976 ? SLsl 15:27 0:00 /sbin/multipathd -d -s
systemd+ 607 0.0 0.6 90388 6356 ? Ssl 15:27 0:00 /lib/systemd/systemd-timesyncd
root 618 0.0 1.0 47524 10312 ? Ss 15:27 0:00 /usr/bin/VGAuthService
root 620 0.0 0.7 163416 7588 ? Ssl 15:27 0:02 /usr/bin/vmtoolsd
systemd+ 694 0.0 1.2 24044 12196 ? Ss 15:27 0:00 /lib/systemd/systemd-resolved
root 773 0.0 0.7 235548 7368 ? Ssl 15:29 0:00 /usr/lib/accountsservice/accounts-daemon
root 779 0.0 0.2 6812 2900 ? Ss 15:29 0:00 /usr/sbin/cron -f
message+ 780 0.0 0.4 7484 4436 ? Ss 15:29 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 791 0.0 1.6 29012 17020 ? Ss 15:29 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
syslog 796 0.0 0.5 224324 5032 ? Ssl 15:29 0:00 /usr/sbin/rsyslogd -n -iNONE
root 804 0.7 3.2 630484 32200 ? Ssl 15:29 0:32 /usr/lib/snapd/snapd
root 832 0.0 0.7 16804 7800 ? Ss 15:29 0:00 /lib/systemd/systemd-logind
daemon 837 0.0 0.2 3792 2216 ? Ss 15:29 0:00 /usr/sbin/atd -f
root 853 0.0 0.7 12160 7260 ? Ss 15:29 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
root 891 0.0 1.6 193628 17040 ? Ss 15:29 0:00 /usr/sbin/apache2 -k start
root 913 0.0 1.9 107828 19280 ? Ssl 15:29 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root 930 0.0 0.6 232700 6952 ? Ssl 15:29 0:00 /usr/lib/policykit-1/polkitd --no-debug
root 935 0.0 0.1 5828 1752 tty1 Ss+ 15:29 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 2249 0.0 2.0 448016 21048 ? Ssl 16:07 0:00 /usr/libexec/fwupd/fwupd
proftpd 2352 0.0 0.3 18324 3628 ? Ss 16:07 0:00 proftpd: (accepting connections)
systemd+ 2403 0.0 0.4 18544 4568 ? Ss 16:07 0:00 /lib/systemd/systemd-networkd
www-data 2866 0.0 1.1 194336 11996 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2875 0.0 1.3 194328 13612 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2902 0.0 1.1 194328 11368 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2904 0.0 1.1 194336 11884 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2922 0.0 1.2 194328 12156 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2929 0.0 1.1 194328 12008 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2931 0.0 1.1 194328 11724 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2932 0.0 1.1 194328 12040 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2939 0.0 1.1 194328 12052 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2943 0.0 1.2 194336 12068 ? S 16:12 0:00 /usr/sbin/apache2 -k start
root 3582 0.0 0.8 13920 8936 ? Ss 16:36 0:00 sshd: webadmin [priv]
webadmin 3600 0.0 0.9 18556 9852 ? Ss 16:36 0:00 /lib/systemd/systemd --user
webadmin 3602 0.0 0.3 105600 3736 ? S 16:36 0:00 (sd-pam)
webadmin 3702 0.0 0.5 13920 5796 ? S 16:36 0:00 sshd: webadmin@pts/0
webadmin 3705 0.0 0.4 8376 4968 pts/0 Ss 16:36 0:00 -bash
webadmin 3953 0.0 0.3 9060 3544 pts/0 R+ 16:39 0:00 ps -auxwwwroot 779 0.0 0.2 6812 2900 ? Ss 15:29 0:00 /usr/sbin/cron -froot 2249 0.0 2.0 448016 21048 ? Ssl 16:07 0:00 /usr/libexec/fwupd/fwupd
Cron & Systemd
webadmin@serv:~$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for webadmin
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES >
Sun 2025-04-27 17:09:00 UTC 28min left Sun 2025-04-27 16:39:08 UTC 1min 36s ago phpsessionclean.timer phpsessionclean.s>
Mon 2025-04-28 00:00:00 UTC 7h left Sun 2025-04-27 16:07:32 UTC 33min ago fstrim.timer fstrim.service >
Mon 2025-04-28 00:00:00 UTC 7h left Sun 2025-04-27 16:07:32 UTC 33min ago logrotate.timer logrotate.service>
Mon 2025-04-28 00:00:00 UTC 7h left Sun 2025-04-27 16:07:32 UTC 33min ago man-db.timer man-db.service >
Mon 2025-04-28 00:53:46 UTC 8h left Sun 2025-04-27 16:07:32 UTC 33min ago motd-news.timer motd-news.service>
Mon 2025-04-28 04:40:36 UTC 11h left Sun 2025-04-27 16:07:32 UTC 33min ago fwupd-refresh.timer fwupd-refresh.ser>
Mon 2025-04-28 05:19:22 UTC 12h left Sun 2025-04-27 16:07:32 UTC 33min ago apt-daily.timer apt-daily.service>
Mon 2025-04-28 06:50:59 UTC 14h left Sun 2025-04-27 16:07:32 UTC 33min ago apt-daily-upgrade.timer apt-daily-upgrade>
Mon 2025-04-28 15:42:46 UTC 23h left Sat 2025-03-01 09:59:22 UTC 1 months 26 days ago systemd-tmpfiles-clean.timer systemd-tmpfiles->
Sun 2025-05-04 03:10:38 UTC 6 days left Sun 2025-04-27 16:07:32 UTC 33min ago e2scrub_all.timer e2scrub_all.servi>
10 timers listed.
Pass --all to see loaded but inactive timers, too.Services
webadmin@serv:~$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
session-5.scope loaded active running Session 5 of user webadmin
accounts-daemon.service loaded active running Accounts Service
apache2.service loaded active running The Apache HTTP Server
atd.service loaded active running Deferred execution scheduler
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
fwupd.service loaded active running Firmware update daemon
getty@tty1.service loaded active running Getty on tty1
multipathd.service loaded active running Device-Mapper Multipath Device Controller
networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
polkit.service loaded active running Authorization Manager
proftpd.service loaded active running LSB: Starts ProFTPD daemon
rsyslog.service loaded active running System Logging Service
snapd.service loaded active running Snap Daemon
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-networkd.service loaded active running Network Service
systemd-resolved.service loaded active running Network Name Resolution
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
user@1001.service loaded active running User Manager for UID 1001
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
multipathd.socket loaded active running multipathd control socket
snapd.socket loaded active running Socket activation for snappy daemon
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-networkd.socket loaded active running Network Service Netlink Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
37 loaded units listed.apache2.servicefwupd.serviceproftpd.service
Sudo Version
webadmin@serv:~$ sudo --version
Sudo version 1.8.31
Sudoers policy plugin version 1.8.31
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.31Sudo version 1.8.31
Glibc Version
webadmin@serv:~$ ldd --version
ldd (Ubuntu GLIBC 2.31-0ubuntu9) 2.31
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.31-0ubuntu9) 2.31