System/Kernel
yuki@bullybox:/$ uname -a ; cat /etc/*release
Linux bullybox 5.15.0-75-generic #82-Ubuntu SMP Tue Jun 6 23:10:23 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy5.15.0-75-genericx86_64Ubuntu 22.04.2 LTS (Jammy Jellyfish)
Networks
yuki@bullybox:/$ ip route ; arp -a
default via 192.168.154.254 dev ens160 proto static
192.168.154.0/24 dev ens160 proto kernel scope link src 192.168.154.27
_gateway (192.168.154.254) at 00:50:56:9e:0f:31 [ether] on ens160
? (192.168.228.128) at <incomplete> on ens160yuki@bullybox:/$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 192.168.154.27:80 192.168.45.218:40216 ESTABLISHED -
tcp 0 301 192.168.154.27:36588 192.168.45.218:9999 ESTABLISHED 2584/sh
udp 0 0 127.0.0.53:53 0.0.0.0:* - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
Users & Groups
yuki@bullybox:/$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:104::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:104:105:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
pollinate:x:105:1::/var/cache/pollinate:/bin/false
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
syslog:x:107:113::/home/syslog:/usr/sbin/nologin
uuidd:x:108:114::/run/uuidd:/usr/sbin/nologin
tcpdump:x:109:115::/nonexistent:/usr/sbin/nologin
tss:x:110:116:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:111:117::/var/lib/landscape:/usr/sbin/nologin
usbmux:x:112:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
lxd:x:999:100::/var/snap/lxd/common/lxd:/bin/false
offsec:x:1000:1000:,,,:/home/offsec:/bin/bash
fwupd-refresh:x:113:118:fwupd-refresh user,,,:/run/systemd:/usr/sbin/nologin
yuki:x:1001:1001::/home/yuki:/bin/sh
mysql:x:114:120:MySQL Server,,,:/nonexistent:/bin/false
total 12K
4.0K drwxr-x--- 2 yuki yuki 4.0K Jun 27 2023 yuki
4.0K drwxr-xr-x 3 root root 4.0K Jun 27 2023 .
4.0K drwxr-xr-x 19 root root 4.0K Jun 15 2022 ..offsec
yuki@bullybox:/$ cut -d: -f1 /etc/passwd | xargs -n1 id
cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=101(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=102(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=103(messagebus) gid=104(messagebus) groups=104(messagebus)
uid=104(systemd-timesync) gid=105(systemd-timesync) groups=105(systemd-timesync)
uid=105(pollinate) gid=1(daemon) groups=1(daemon)
uid=106(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=107(syslog) gid=113(syslog) groups=113(syslog),4(adm)
uid=108(uuidd) gid=114(uuidd) groups=114(uuidd)
uid=109(tcpdump) gid=115(tcpdump) groups=115(tcpdump)
uid=110(tss) gid=116(tss) groups=116(tss)
uid=111(landscape) gid=117(landscape) groups=117(landscape)
uid=112(usbmux) gid=46(plugdev) groups=46(plugdev)
uid=999(lxd) gid=100(users) groups=100(users)
uid=1000(offsec) gid=1000(offsec) groups=1000(offsec)
uid=113(fwupd-refresh) gid=118(fwupd-refresh) groups=118(fwupd-refresh)
uid=1001(yuki) gid=1001(yuki) groups=1001(yuki),27(sudo)
uid=114(mysql) gid=120(mysql) groups=120(mysql)uid=1000(offsec) gid=1000(offsec) groups=1000(offsec)uid=1001(yuki) gid=1001(yuki) groups=1001(yuki),27(sudo)
SUIDs
yuki@bullybox:/$ find / -perm -04000 -ls -type f 2>/dev/null | grep -v '/snap'
8988 20 -rwsr-xr-x 1 root root 18736 Feb 26 2022 /usr/libexec/polkit-agent-helper-1
13848 36 -rwsr-xr-- 1 root messagebus 35112 Oct 25 2022 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
13727 332 -rwsr-xr-x 1 root root 338536 Nov 23 2022 /usr/lib/openssh/ssh-keysign
1109 56 -rwsr-xr-x 1 root root 55672 Feb 21 2022 /usr/bin/su
8174 40 -rwsr-xr-x 1 root root 40496 Nov 24 2022 /usr/bin/newgrp
3009 44 -rwsr-xr-x 1 root root 44808 Nov 24 2022 /usr/bin/chsh
3004 72 -rwsr-xr-x 1 root root 72712 Nov 24 2022 /usr/bin/chfn
896 32 -rwsr-xr-x 1 root root 30872 Feb 26 2022 /usr/bin/pkexec
3013 72 -rwsr-xr-x 1 root root 72072 Nov 24 2022 /usr/bin/gpasswd
679 36 -rwsr-xr-x 1 root root 35200 Mar 23 2022 /usr/bin/fusermount3
1185 36 -rwsr-xr-x 1 root root 35192 Feb 21 2022 /usr/bin/umount
3015 60 -rwsr-xr-x 1 root root 59976 Nov 24 2022 /usr/bin/passwd
828 48 -rwsr-xr-x 1 root root 47480 Feb 21 2022 /usr/bin/mount
4718 228 -rwsr-xr-x 1 root root 232416 Apr 3 2023 /usr/bin/sudoSGIDs
yuki@bullybox:/$ find / -perm -02000 -ls -type f 2>/dev/null | grep -v '/snap'
412 0 drwxr-sr-x 2 root systemd-journal 40 Aug 3 2024 /run/log/journal
12243 4 drwxrwsr-x 2 root staff 4096 Apr 18 2022 /var/local
12245 4 drwxrwsr-x 2 root mail 4096 Apr 21 2022 /var/mail
12664 4 drwxr-sr-x 3 root systemd-journal 4096 Jun 15 2022 /var/log/journal
278494 4 drwxr-sr-x 2 root systemd-journal 4096 Mar 31 16:19 /var/log/journal/43fddd5fdaac48989c811e81838aeb4d
297316 4 drwxr-s--- 2 mysql adm 4096 Jun 27 2023 /var/log/mysql
136845 16 -rwxr-sr-x 1 root utmp 14488 Mar 24 2022 /usr/lib/x86_64-linux-gnu/utempter/utempter
1240 24 -rwxr-sr-x 1 root tty 22912 Feb 21 2022 /usr/bin/write.ul
1227 24 -rwxr-sr-x 1 root tty 22904 Feb 21 2022 /usr/bin/wall
595 40 -rwxr-sr-x 1 root crontab 39568 Mar 23 2022 /usr/bin/crontab
3011 24 -rwxr-sr-x 1 root shadow 23136 Nov 24 2022 /usr/bin/expiry
3000 72 -rwxr-sr-x 1 root shadow 72184 Nov 24 2022 /usr/bin/chage
13626 288 -rwxr-sr-x 1 root _ssh 293304 Nov 23 2022 /usr/bin/ssh-agent
8416 28 -rwxr-sr-x 1 root shadow 26776 Feb 2 2023 /usr/sbin/unix_chkpwd
8229 24 -rwxr-sr-x 1 root shadow 22680 Feb 2 2023 /usr/sbin/pam_extrausers_chkpwdCapabilities
yuki@bullybox:/$ getcap -r / 2>/dev/null
/snap/core20/1518/usr/bin/ping cap_net_raw=ep
/snap/core20/1950/usr/bin/ping cap_net_raw=ep
/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper cap_net_bind_service,cap_net_admin=ep
/usr/bin/mtr-packet cap_net_raw=ep
/usr/bin/ping cap_net_raw=epProcesses
yuki@bullybox:/$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 167556 12996 ? Ss 16:17 0:01 /sbin/init
root 490 0.0 0.7 47856 15704 ? S<s 16:17 0:00 /lib/systemd/systemd-journald
root 534 0.0 1.3 354884 27100 ? SLsl 16:17 0:00 /sbin/multipathd -d -s
root 535 0.0 0.3 26484 7300 ? Ss 16:17 0:00 /lib/systemd/systemd-udevd
systemd+ 717 0.0 0.3 89352 6532 ? Ssl 16:17 0:00 /lib/systemd/systemd-timesyncd
root 735 0.0 0.5 51128 11860 ? Ss 16:17 0:00 /usr/bin/VGAuthService
root 736 0.0 0.4 242328 9888 ? Ssl 16:17 0:01 /usr/bin/vmtoolsd
systemd+ 841 0.0 0.4 16232 8160 ? Ss 16:17 0:00 /lib/systemd/systemd-networkd
systemd+ 843 0.0 0.6 25528 12316 ? Ss 16:17 0:00 /lib/systemd/systemd-resolved
root 857 0.0 0.1 6892 2924 ? Ss 16:17 0:00 /usr/sbin/cron -f -P
message+ 858 0.0 0.2 8756 4776 ? Ss 16:17 0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 869 0.0 0.1 82828 3996 ? Ssl 16:17 0:00 /usr/sbin/irqbalance --foreground
root 871 0.0 0.8 32792 17772 ? Ss 16:17 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
root 873 0.0 0.3 234496 6816 ? Ssl 16:17 0:00 /usr/libexec/polkitd --no-debug
syslog 874 0.0 0.2 222400 5620 ? Ssl 16:17 0:00 /usr/sbin/rsyslogd -n -iNONE
root 876 0.3 2.0 949336 42192 ? Ssl 16:17 0:10 /usr/lib/snapd/snapd
root 879 0.0 0.3 15020 7336 ? Ss 16:17 0:00 /lib/systemd/systemd-logind
root 881 0.0 0.6 392564 12752 ? Ssl 16:17 0:00 /usr/libexec/udisks2/udisksd
root 893 0.0 0.0 6172 1080 tty1 Ss+ 16:17 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 925 0.0 0.4 15420 9288 ? Ss 16:17 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
root 926 0.0 0.6 317956 12116 ? Ssl 16:17 0:00 /usr/sbin/ModemManager
mysql 984 12.2 5.2 1539784 106332 ? Ssl 16:17 6:02 /usr/sbin/mariadbd
root 986 0.0 1.0 109748 20336 ? Ssl 16:17 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root 1317 0.0 1.1 217220 23748 ? Ss 16:17 0:00 /usr/sbin/apache2 -k start
root 1872 0.0 1.0 295636 20176 ? Ssl 16:23 0:00 /usr/libexec/packagekitd
yuki 2364 0.4 1.2 218256 24364 ? S 16:37 0:07 /usr/sbin/apache2 -k start
yuki 2482 0.3 1.6 292808 32884 ? S 16:39 0:06 /usr/sbin/apache2 -k start
yuki 2494 0.2 1.1 218272 23372 ? S 16:39 0:04 /usr/sbin/apache2 -k start
yuki 2536 0.1 1.2 217880 24204 ? S 16:41 0:02 /usr/sbin/apache2 -k start
yuki 2545 0.1 1.1 218320 23996 ? S 16:41 0:02 /usr/sbin/apache2 -k start
yuki 2550 0.1 1.2 218280 24456 ? S 16:42 0:01 /usr/sbin/apache2 -k start
yuki 2551 0.1 1.2 217880 24488 ? S 16:42 0:01 /usr/sbin/apache2 -k start
yuki 2553 0.1 1.2 218288 24964 ? S 16:42 0:01 /usr/sbin/apache2 -k start
yuki 2562 0.0 1.2 217880 24556 ? S 16:42 0:00 /usr/sbin/apache2 -k start
yuki 2569 0.0 1.1 217872 23104 ? S 16:46 0:00 /usr/sbin/apache2 -k start
yuki 2584 0.0 0.0 2888 980 ? S 17:02 0:00 sh -c uname -a; w; id; /bin/sh -i
yuki 2588 0.0 0.0 2888 984 ? S 17:02 0:00 /bin/sh -i
yuki 2593 0.0 0.4 17844 9288 ? S 17:03 0:00 python3 -c import pty; pty.spawn("/bin/bash")
yuki 2594 0.0 0.2 9044 5096 pts/0 Ss 17:03 0:00 /bin/bash
yuki 2669 0.0 0.1 10672 3560 pts/0 R+ 17:06 0:00 ps -auxwwwroot 857 0.0 0.1 6892 2924 ? Ss 16:17 0:00 /usr/sbin/cron -f -Proot 873 0.0 0.3 234496 6816 ? Ssl 16:17 0:00 /usr/libexec/polkitd --no-debug
Cron & Systemd
yuki@bullybox:/$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for yuki
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
# You can also override PATH, but by default, newer versions inherit it from the environment
#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED >
Mon 2025-03-31 17:09:00 UTC 1min 2s left Mon 2025-03-31 16:39:01 UTC 28min ago>
Mon 2025-03-31 17:27:28 UTC 19min left Wed 2023-06-21 10:57:55 UTC 1 year 9 >
Mon 2025-03-31 18:39:08 UTC 1h 31min left Wed 2023-06-21 10:56:29 UTC 1 year 9 >
Mon 2025-03-31 20:33:54 UTC 3h 25min left Wed 2023-06-21 10:57:55 UTC 1 year 9 >
Mon 2025-03-31 22:39:33 UTC 5h 31min left Mon 2025-03-31 16:36:01 UTC 31min ago>
Tue 2025-04-01 00:00:00 UTC 6h left Mon 2025-03-31 16:19:28 UTC 48min ago>
Tue 2025-04-01 00:00:00 UTC 6h left Mon 2025-03-31 16:19:28 UTC 48min ago>
Tue 2025-04-01 00:17:19 UTC 7h left Wed 2023-06-21 10:57:54 UTC 1 year 9 >
Tue 2025-04-01 06:51:44 UTC 13h left Mon 2025-03-31 16:23:36 UTC 44min ago>
Tue 2025-04-01 16:22:23 UTC 23h left Mon 2025-03-31 16:22:23 UTC 45min ago>
Tue 2025-04-01 16:32:21 UTC 23h left Mon 2025-03-31 16:32:21 UTC 35min ago>
Thu 2025-04-03 20:28:42 UTC 3 days left Wed 2022-06-15 07:50:16 UTC 2 years 9>
Sun 2025-04-06 03:10:43 UTC 5 days left Mon 2025-03-31 16:19:28 UTC 48min ago>
Mon 2025-04-07 01:12:45 UTC 6 days left Mon 2025-03-31 16:52:01 UTC 15min ago>
14 timers listed.
Pass --all to see loaded but inactive timers, too.Services
yuki@bullybox:/$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION >
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable >
init.scope loaded active running System and Service Ma>
apache2.service loaded active running The Apache HTTP Server
cron.service loaded active running Regular background pr>
dbus.service loaded active running D-Bus System Message >
getty@tty1.service loaded active running Getty on tty1
irqbalance.service loaded active running irqbalance daemon
mariadb.service loaded active running MariaDB 10.6.12 datab>
ModemManager.service loaded active running Modem Manager
multipathd.service loaded active running Device-Mapper Multipa>
networkd-dispatcher.service loaded active running Dispatcher daemon for>
open-vm-tools.service loaded active running Service for virtual m>
packagekit.service loaded active running PackageKit Daemon
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
snapd.service loaded active running Snap Daemon
ssh.service loaded active running OpenBSD Secure Shell >
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-networkd.service loaded active running Network Configuration
systemd-resolved.service loaded active running Network Name Resoluti>
systemd-timesyncd.service loaded active running Network Time Synchron>
systemd-udevd.service loaded active running Rule-based Manager fo>
udisks2.service loaded active running Disk Manager
unattended-upgrades.service loaded active running Unattended Upgrades S>
vgauth.service loaded active running Authentication servic>
dbus.socket loaded active running D-Bus System Message >
multipathd.socket loaded active running multipathd control so>
snapd.socket loaded active running Socket activation for>
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/>
systemd-journald.socket loaded active running Journal Socket
systemd-networkd.socket loaded active running Network Service Netli>
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
36 loaded units listed.apache2.servicemariadb.service
Sudo Version
yuki@bullybox:/$ sudo --version
Sudo version 1.9.9
Sudoers policy plugin version 1.9.9
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.9
Sudoers audit plugin version 1.9.9Sudo version 1.9.9
Glibc Version
yuki@bullybox:/$ ldd --version
ldd (Ubuntu GLIBC 2.35-0ubuntu3.1) 2.35
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.35-0ubuntu3.1) 2.35