System/Kernel
bash-4.2$ uname -a ; cat /etc/*release
Linux snookums 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.8.2003 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)3.10.0-1127.10.1.el7.x86_64x86_64CentOS Linux release 7.8.2003 (Core)
Networks
bash-4.2$ ip route ; arp -a
default via 192.168.132.254 dev ens192
169.254.0.0/16 dev ens192 scope link metric 1003
192.168.132.0/24 dev ens192 proto kernel scope link src 192.168.132.58
gateway (192.168.132.254) at 00:50:56:9e:df:ab [ether] on ens192bash-4.2$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 192.168.132.58:49944 192.168.45.192:139 ESTABLISHED 10512/bash
udp 0 0 0.0.0.0:905 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 127.0.0.1:323 0.0.0.0:* - Users & Groups
bash-4.2$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
michael:x:1000:1000:Michael:/home/michael:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
total 0
0 drwx------. 2 michael michael 100 Jul 9 2020 michael
0 drwxr-xr-x. 3 root root 21 Jun 9 2020 .
0 dr-xr-xr-x. 17 root root 224 Jun 9 2020 ..bash-4.2$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(bin) gid=1(bin) groups=1(bin)
uid=2(daemon) gid=2(daemon) groups=2(daemon)
uid=3(adm) gid=4(adm) groups=4(adm)
uid=4(lp) gid=7(lp) groups=7(lp)
uid=5(sync) gid=0(root) groups=0(root)
uid=6(shutdown) gid=0(root) groups=0(root)
uid=7(halt) gid=0(root) groups=0(root)
uid=8(mail) gid=12(mail) groups=12(mail)
uid=11(operator) gid=0(root) groups=0(root)
uid=12(games) gid=100(users) groups=100(users)
uid=14(ftp) gid=50(ftp) groups=50(ftp)
uid=99(nobody) gid=99(nobody) groups=99(nobody)
uid=192(systemd-network) gid=192(systemd-network) groups=192(systemd-network)
uid=81(dbus) gid=81(dbus) groups=81(dbus)
uid=999(polkitd) gid=998(polkitd) groups=998(polkitd)
uid=74(sshd) gid=74(sshd) groups=74(sshd)
uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail)
uid=998(chrony) gid=996(chrony) groups=996(chrony)
uid=1000(michael) gid=1000(michael) groups=1000(michael)
uid=48(apache) gid=48(apache) groups=48(apache)
uid=27(mysql) gid=27(mysql) groups=27(mysql)
uid=59(tss) gid=59(tss) groups=59(tss)
uid=32(rpc) gid=32(rpc) groups=32(rpc)uid=1000(michael) gid=1000(michael) groups=1000(michael)
SUIDs
bash-4.2$ find / -perm -04000 -ls -type f 2>/dev/null
12798513 76 -rwsr-xr-x 1 root root 73888 Aug 8 2019 /usr/bin/chage
12798514 80 -rwsr-xr-x 1 root root 78408 Aug 8 2019 /usr/bin/gpasswd
13035908 24 -rws--x--x 1 root root 23968 Apr 1 2020 /usr/bin/chfn
13035911 24 -rws--x--x 1 root root 23880 Apr 1 2020 /usr/bin/chsh
12798517 44 -rwsr-xr-x 1 root root 41936 Aug 8 2019 /usr/bin/newgrp
13072594 32 -rwsr-xr-x 1 root root 32128 Apr 1 2020 /usr/bin/su
13230761 144 ---s--x--x 1 root root 147336 Apr 1 2020 /usr/bin/sudo
13035977 44 -rwsr-xr-x 1 root root 44264 Apr 1 2020 /usr/bin/mount
13072598 32 -rwsr-xr-x 1 root root 31984 Apr 1 2020 /usr/bin/umount
13127301 60 -rwsr-xr-x 1 root root 57656 Aug 8 2019 /usr/bin/crontab
13072822 24 -rwsr-xr-x 1 root root 23576 Apr 1 2020 /usr/bin/pkexec
13281660 32 -rwsr-xr-x 1 root root 32096 Oct 30 2018 /usr/bin/fusermount
12798738 28 -rwsr-xr-x 1 root root 27856 Mar 31 2020 /usr/bin/passwd
312831 36 -rwsr-xr-x 1 root root 36272 Apr 1 2020 /usr/sbin/unix_chkpwd
312828 12 -rwsr-xr-x 1 root root 11232 Apr 1 2020 /usr/sbin/pam_timestamp_check
431466 12 -rwsr-xr-x 1 root root 11296 Mar 31 2020 /usr/sbin/usernetctl
4511979 16 -rwsr-xr-x 1 root root 15432 Apr 1 2020 /usr/lib/polkit-1/polkit-agent-helper-1
4511767 60 -rwsr-x--- 1 root dbus 58024 Mar 14 2019 /usr/libexec/dbus-1/dbus-daemon-launch-helper312828 12 -rwsr-xr-x 1 root root 11232 Apr 1 2020 /usr/sbin/pam_timestamp_check431466 12 -rwsr-xr-x 1 root root 11296 Mar 31 2020 /usr/sbin/usernetctl
SGIDs
bash-4.2$ find / -perm -02000 -ls -type f 2>/dev/null
7705 0 drwxr-sr-x 3 root systemd-journal 60 Jan 30 02:48 /run/log/journal
7706 0 drwxr-s--- 2 root systemd-journal 80 Mar 23 15:49 /run/log/journal/a60bfb3060ae4fc88bee82492a6b2233
12594374 16 -r-xr-sr-x 1 root tty 15344 Jun 9 2014 /usr/bin/wall
13072604 20 -rwxr-sr-x 1 root tty 19544 Apr 1 2020 /usr/bin/write
13218057 376 ---x--s--x 1 root nobody 382216 Aug 8 2019 /usr/bin/ssh-agent
431461 12 -rwxr-sr-x 1 root root 11224 Mar 31 2020 /usr/sbin/netreport
451421 216 -rwxr-sr-x 1 root postdrop 218560 Apr 1 2020 /usr/sbin/postdrop
451524 260 -rwxr-sr-x 1 root postdrop 264128 Apr 1 2020 /usr/sbin/postqueue
8690041 12 -rwx--s--x 1 root utmp 11192 Jun 9 2014 /usr/libexec/utempter/utempter
4512288 456 ---x--s--x 1 root ssh_keys 465760 Aug 8 2019 /usr/libexec/openssh/ssh-keysignCapabilities
bash-4.2$ getcap -r / 2>/dev/null
/usr/bin/newgidmap = cap_setgid+ep
/usr/bin/newuidmap = cap_setuid+ep
/usr/bin/ping = cap_net_admin,cap_net_raw+p
/usr/sbin/arping = cap_net_raw+p
/usr/sbin/clockdiff = cap_net_raw+p
/usr/sbin/suexec = cap_setgid,cap_setuid+epProcesses
bash-4.2$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 128012 6644 ? Ss 15:19 0:00 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root 574 0.0 0.4 39084 7572 ? Ss 15:19 0:01 /usr/lib/systemd/systemd-journald
root 589 0.0 0.3 201104 5952 ? Ss 15:19 0:00 /usr/sbin/lvmetad -f
root 599 0.0 0.2 48284 5292 ? Ss 15:19 0:00 /usr/lib/systemd/systemd-udevd
root 707 0.0 0.0 55532 852 ? S<sl 15:19 0:00 /sbin/auditd
polkitd 730 0.0 0.6 612248 13148 ? Ssl 15:19 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 734 0.0 0.3 99688 6180 ? Ss 15:19 0:00 /usr/bin/VGAuthService -s
root 735 0.0 0.3 311680 6888 ? Ssl 15:19 0:02 /usr/bin/vmtoolsd
dbus 738 0.0 0.1 66472 2556 ? Ssl 15:19 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
rpc 739 0.0 0.0 69344 1492 ? Ss 15:19 0:00 /sbin/rpcbind -w
chrony 748 0.0 0.0 117808 1692 ? S 15:19 0:00 /usr/sbin/chronyd
root 759 0.0 0.0 26384 1756 ? Ss 15:19 0:00 /usr/lib/systemd/systemd-logind
root 772 0.0 0.0 126392 1676 ? Ss 15:19 0:00 /usr/sbin/crond -n
root 782 0.0 0.0 110208 856 tty1 Ss+ 15:19 0:00 /sbin/agetty --noclear tty1 linux
root 797 0.0 0.4 550236 8916 ? Ssl 15:19 0:00 /usr/sbin/NetworkManager --no-daemon
root 1023 0.0 0.9 574308 17460 ? Ssl 15:20 0:00 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
root 1025 0.0 0.6 314948 12868 ? Ss 15:20 0:00 /usr/sbin/httpd -DFOREGROUND
root 1026 0.0 0.2 112924 4332 ? Ss 15:20 0:00 /usr/sbin/sshd -D
root 1035 0.0 0.5 230956 10628 ? Ssl 15:20 0:00 /usr/sbin/rsyslogd -n
root 1037 0.0 0.0 53288 708 ? Ss 15:20 0:01 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
mysql 1073 0.1 19.8 1351424 373636 ? Ssl 15:20 0:10 /usr/sbin/mysqld
root 1535 0.0 0.6 454188 12788 ? Ss 15:21 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1537 0.0 0.2 450220 3892 ? S 15:21 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1538 0.0 0.2 450680 4024 ? S 15:21 0:00 /usr/sbin/smbd --foreground --no-process-group
root 1540 0.0 0.2 454172 4096 ? S 15:21 0:00 /usr/sbin/smbd --foreground --no-process-group
root 2387 0.0 0.0 125488 1144 ? Ss 16:01 0:00 /usr/sbin/anacron -s
apache 10503 0.0 0.4 315340 8884 ? S 16:41 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10504 0.0 0.4 314948 8288 ? S 16:41 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10505 0.0 0.4 314948 8284 ? S 16:41 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10506 0.0 0.4 315340 8896 ? S 16:41 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10507 54.2 0.4 315340 8884 ? R 16:42 5:04 /usr/sbin/httpd -DFOREGROUND
apache 10508 0.0 0.4 314948 8284 ? S 16:42 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10510 0.0 0.3 314948 6764 ? S 16:45 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10511 0.0 0.3 314948 6764 ? S 16:45 0:00 /usr/sbin/httpd -DFOREGROUND
apache 10512 0.0 0.0 11688 1324 ? S 16:46 0:00 bash
apache 10536 0.0 0.0 10604 740 ? S 16:48 0:00 script /dev/null -c bash
apache 10538 0.0 0.0 10608 380 ? S 16:48 0:00 script /dev/null -c bash
apache 10539 0.0 0.0 11824 1800 pts/0 Ss 16:48 0:00 bash
apache 10660 0.0 0.0 51756 1724 pts/0 R+ 16:51 0:00 ps -auxwwwpolkitd 730 0.0 0.6 612248 13148 ? Ssl 15:19 0:00 /usr/lib/polkit-1/polkitd --no-debugchrony 748 0.0 0.0 117808 1692 ? S 15:19 0:00 /usr/sbin/chronydroot 772 0.0 0.0 126392 1676 ? Ss 15:19 0:00 /usr/sbin/crond -nroot 1025 0.0 0.6 314948 12868 ? Ss 15:20 0:00 /usr/sbin/httpd -DFOREGROUNDmysql 1073 0.1 19.8 1351424 373636 ? Ssl 15:20 0:10 /usr/sbin/mysqldroot 1535 0.0 0.6 454188 12788 ? Ss 15:21 0:00 /usr/sbin/smbd --foreground --no-process-group
Cron & Systemd
bash-4.2$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for apache
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
NEXT LEFT LAST PASSED
Mon 2025-03-24 15:34:43 EDT 22h left Thu 2025-01-30 03:03:48 EST 1 months 22 d
1 timers listed.
Pass --all to see loaded but inactive timers, too.
lines 1-5/5 (END)Services
bash-4.2$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable Fil
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
mysqld.service loaded active running MySQL Server
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
rpcbind.service loaded active running RPC bind service
rsyslog.service loaded active running System Logging Service
smb.service loaded active running Samba SMB Daemon
sshd.service loaded active running OpenSSH server daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-udevd.service loaded active running udev Kernel Device Manager
tuned.service loaded active running Dynamic System Tuning Daemon
vgauthd.service loaded active running VGAuth Service for open-vm-to
vmtoolsd.service loaded active running Service for virtual machines
vsftpd.service loaded active running Vsftpd ftp daemon
dbus.socket loaded active running D-Bus System Message Bus Sock
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
rpcbind.socket loaded active running RPCbind Server Activation Soc
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
28 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
lines 14-36/36 (END) httpd.servicemysqld.servicepolkit.servicerpcbind.servicesmb.servicevsftpd.service
Sudo Version
bash-4.2$ sudo --version
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23Sudo version 1.8.23
Glibc Version
bash-4.2$ ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (GNU libc) 2.17