From 40cd0624071c825fd330db4156b34568838c77c8 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 26 Apr 2014 12:28:54 -0400 Subject: [PATCH 1/3] Updating format prior to categorizing --- 2besorted/gdoc_linux.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/2besorted/gdoc_linux.md b/2besorted/gdoc_linux.md index f683ac7..c2bc76b 100644 --- a/2besorted/gdoc_linux.md +++ b/2besorted/gdoc_linux.md @@ -1,4 +1,3 @@ - # Linux Google Doc Content # The content below is the raw data from the Google Doc that was first used to collect it. Over time, this content will be moved into sub-pages and organized but is placed here, now, so as to be more complete. We apologize for its appearance. @@ -23,28 +22,30 @@ The content below is the raw data from the Google Doc that was first used to col | `df -k` | mounted fs, size, % use, dev and mount point | | `mount` | mounted fs | | `last -a` | Last users logged on | -| `lastcomm` | | -| `lastlog` | | -| `lastlogin (BSD)` | | +| `lastcomm` | Print out information about previously executed commands. | +| `lastlog` | Reports the most recent login of all users or of a given user | +| `lastlogin (BSD)` | Indicate last login time of users | | `getenforce` | Get the status of SELinux (Enforcing, Permissive or Disabled) | | `dmesg` | Informations from the last system boot | | `lspci` | prints all PCI buses and devices | | `lsusb` | prints all USB buses and devices/h | | `lscpu` | prints CPU information | -| `lshw` | | -| `ex` | | -| `cat /proc/cpuinfo` | | -| `cat /proc/meminfo` | | +| `lshw` | List Hardware | +| `ex` | Start vi in ex mode | +| `cat /proc/cpuinfo` | Shows types of processers in the system | +| `cat /proc/meminfo` | Displays information about systems RAM usage | | `du -h --max-depth=1 /` | (note: can cause heavy disk i/o) | | `which nmap` | locate a command (ie nmap or nc) | -| `locate bin/nmap` | | -| `locate bin/nc` | | -| `jps -l` | | +| `locate bin/nmap` | Find the location of nmap | +| `locate bin/nc` | Find the location of netcat | +| `jps -l` | Looks for Java Virtual Machines | | `java -version` | Returns the version of Java. | ## Networking +| Command | Description / Importance | +| ------- | ------------------------ | hostname -f ip addr show ip ro show From 3f4b26d98e7d5eec30d12887c4ca56bb4be8b32f Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 26 Apr 2014 13:05:52 -0400 Subject: [PATCH 2/3] Update gdoc_linux.md --- 2besorted/gdoc_linux.md | 68 +++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/2besorted/gdoc_linux.md b/2besorted/gdoc_linux.md index c2bc76b..b149af3 100644 --- a/2besorted/gdoc_linux.md +++ b/2besorted/gdoc_linux.md @@ -41,43 +41,45 @@ The content below is the raw data from the Google Doc that was first used to col | `jps -l` | Looks for Java Virtual Machines | | `java -version` | Returns the version of Java. | - - ## Networking | Command | Description / Importance | | ------- | ------------------------ | -hostname -f -ip addr show -ip ro show -ifconfig -a -route -n -cat /etc/network/interfaces -iptables -L -n -v -iptables -t nat -L -n -v -ip6tables -L -n -v -iptables-save -netstat -anop -netstat -r -netstat -nltupw (root with raw sockets) -arp -a -lsof -nPi -to resume it ? "cat /proc/net/*" (more discreet) -what does the above mean? -> It means that all the information given by the above commands can be found by looking into the files under /proc/net , and that this approach is less likely to trigger monitoring or other stuff. -User accounts -local accounts: cat /etc/passwd -password hashes in /etc/shadow on Linux -password hashes in /etc/security/passwd on AIX -groups in /etc/group (and/or /etc/gshadow on Linux) -all accounts: getent passwd -should dump local, LDAP, NIS, whatever the system is using -same with getent group -Samba's own database: pdbedit -L -w or pdbedit -L -v -privileged accounts: cat -(above: cat ???) -mail aliases: cat /etc/aliases find /etc -name aliases, getent aliases -NIS accounts: ypcat passwd - displays NIS password file +| `hostname -f` | Show long hostname (FQDN) | +| `ip addr show` | Show IP information | +| `ip ro show` | Show routing information | +| `ifconfig -a` | Show information on network interface configuration | +| `route -n` | Show routing table for all host IPs | +| `cat /etc/network/interfaces` | Show network interfaces | +| `iptables -L -n -v` | text goes here | +| `iptables -t nat -L -n -v` | text goes here | +| `ip6tables -L -n -v` | text goes here | +| `iptables-save` | text goes here | +| `netstat -anop` | text goes here | +| `netstat -r` | text goes here | +| `netstat -nltupw ` | Requires root with raw sockets, text goes here | +| `arp -a` | text goes here | +| `lsof -nPi` | text goes here | +| `to resume it ? "cat /proc/net/*" (more discreet)` | text goes here | +| `what does the above mean? -> It means that all the information given by the above commands can be found by looking into the files under /proc/net , and that this approach is less likely to trigger monitoring or other stuff.` | text goes here | -Credentials +## User accounts +| Command | Description / Importance | +| ------- | ------------------------ | +| `cat /etc/passwd` | Display local accounts | +| `cat /etc/shadow on Linux` | Display password hashes on Linux | +| `cat /etc/security/passwd` | Display password hashes on AIX| +| `cat /etc/group` | Show system groups | +| `cat /etc/gshadow` | Show shadow group file on Linux | +| `getent passwd` | List of all user accounts from local, LDAP, NIS, and whatever the system is using | +| `getent group` | List of all groups from local, LDAP, NIS, and whatever the system is using | +| `pdbedit -L -w or pdbedit -L -v` | SAMBA Database | +| `find /etc -name aliases` | Find mail aliases | +| `cat /etc/aliases` | Display mail aliases | +| `getent aliases ` | List of all mail aliases | +| `ypcat passwd` | displays NIS password file | + + +## Credentials SSH keys, often passwordless: /home/*/.ssh/id* SSH agent: From 2dbbc0e8c7a679261e62b903d68fca187a1dd080 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 26 Apr 2014 13:29:28 -0400 Subject: [PATCH 3/3] Formatted commands Formatted system, network, and user commands --- 2besorted/gdoc_linux.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/2besorted/gdoc_linux.md b/2besorted/gdoc_linux.md index b149af3..562348b 100644 --- a/2besorted/gdoc_linux.md +++ b/2besorted/gdoc_linux.md @@ -50,17 +50,16 @@ The content below is the raw data from the Google Doc that was first used to col | `ifconfig -a` | Show information on network interface configuration | | `route -n` | Show routing table for all host IPs | | `cat /etc/network/interfaces` | Show network interfaces | -| `iptables -L -n -v` | text goes here | -| `iptables -t nat -L -n -v` | text goes here | -| `ip6tables -L -n -v` | text goes here | -| `iptables-save` | text goes here | -| `netstat -anop` | text goes here | -| `netstat -r` | text goes here | -| `netstat -nltupw ` | Requires root with raw sockets, text goes here | -| `arp -a` | text goes here | -| `lsof -nPi` | text goes here | -| `to resume it ? "cat /proc/net/*" (more discreet)` | text goes here | -| `what does the above mean? -> It means that all the information given by the above commands can be found by looking into the files under /proc/net , and that this approach is less likely to trigger monitoring or other stuff.` | text goes here | +| `iptables -L -n -v` | Display all iptables rules | +| `iptables -t nat -L -n -v` | Display iptable rules for table nat | +| `ip6tables -L -n -v` | Display IPv6 tables | +| `iptables-save` | Display iptables content | +| `netstat -anop` | Display all open network connections and processes associated | +| `netstat -r` | Display the kernel routing tables | +| `netstat -nltupw` | Requires root with raw sockets: numeric, listening, Value of watch dog timer (requires `-i`), Limit statistics to AF_UNIX family, Display program, wait | +| `arp -a` | Shows arp table | +| `lsof -nPi` | list of what processes are listening on what ports | +| `cat /proc/net/*` | Find all information about the hosts networking using only the cat command--less likely to trigger alarms | ## User accounts | Command | Description / Importance |