Ahem..There are way too many docs already, but lets look at some simple steps. š
lets start with very basic three commands , which doesn’t need any explanation
rajesh@raj-ux3:~/Work1$ uptime up 21 min, 2 users, load average: 0.00, 0.00, 0.00 rajesh@raj-ux3:~/Work1$ who root tty1 2018-03-17 21:57 rajesh pts/0 2018-03-17 21:59 (192.168.0.11) rajesh@raj-ux3:~/Work1$ date Sat Mar 17 22:19:05 PDT 2018
who shows who all are logged in the box, from where (source IP if telnet/ssh)
Now, to clear the screen,
rajesh@raj-ux3:~/Work1$clear
Now, what if you want to run three commands in one go
mkdir rajesh-test; touch ./rajesh-test/testfile ; date >> ./rajesh-test/testfile1; ls -la rajesh-test/ total 12 drwxrwxr-x 2 rajesh rajesh 4096 Mar 17 22:21 . drwxrwxr-x 6 rajesh rajesh 4096 Mar 17 22:21 .. -rw-rw-r-- 1 rajesh rajesh 0 Mar 17 22:21 testfile -rw-rw-r-- 1 rajesh rajesh 29 Mar 17 22:21 testfile1
Here, I touch a file, with name testfile which means I create a dummy file , with no content, You can see the file size as zero.
Then IĀ prints date and >>Ā aka redirect that output to a file testfile1. so test file will contain the output of date command.
The third command just does a ls to list the files.
how to figure-out what damn release/version of unix or Linux you are in ?
rajesh@raj-ux3:~/Work1$ uname -a
Linux raj-ux3 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
rajesh@raj-ux3:~/Work1$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
rajesh@raj-ux3:~/Work1$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
well, lets get more tricky, what all network services are running in this node, and who – if any – is connected to it !
[root@sjc-tools Camera]#netstat -an | grep tcp tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN <<-- SSH tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 172.19.108.8:22 10.155.69.184:59625 ESTABLISHED <<--One SSH Connection tcp6 0 0 :::81 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::23 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN [root@sjc-tools Camera]# netstat -an | grep udp udp 0 0 172.16.108.8:40121 54.236.224.171:123 ESTABLISHED <-NTP udp 0 0 172.16.108.8:60723 162.210.110.4:123 ESTABLISHED <-NTP udp 0 0 127.0.0.1:323 0.0.0.0:* udp 0 0 172.16.108.8:42873 168.235.81.25:123 ESTABLISHED udp6 0 0 ::1:323 :::*
How much disk space is in use –
[root@sjc-tools ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/cl-root 35G 3.7G 32G 11% / devtmpfs 3.9G 0 3.9G 0% /dev tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 3.9G 8.6M 3.9G 1% /run tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup /dev/sda1 1014M 184M 831M 19% /boot overlay 35G 3.7G 32G 11% /var/lib/docker/overlay/38004045a8bd1e1aa99b517e46fbcca0f4be7de9b857bf0b0dee63d131df69ec/merged shm 64M 0 64M 0% /var/lib/docker/containers/53347056e183c664370b3c4f8fc6873236b4c3eed31a811742ff2e6c9a11f407/shm tmpfs 783M 0 783M 0% /run/user/0
Lets do some scripting.
Lets make aĀ simple Script – bash – to create a simple cisco IOS config.
[root@sjc-tools ~]#for i in {1..10}
> do echo "conf t"
> echo "vlan $i"
> echo "name Data_vlan$i"
> done
#
conf t
vlan 1
name Data_vlan1
conf t
vlan 2
name Data_vlan2
conf t
vlan 3
name Data_vlan3
conf t
vlan 4
name Data_vlan4
conf t
vlan 5
name Data_vlan5
conf t
vlan 6
name Data_vlan6
conf t
vlan 7
name Data_vlan7
conf t
vlan 8
name Data_vlan8
conf t
vlan 9
name Data_vlan9
conf t
vlan 10
name Data_vlan10
[root@sjc-tools ~]#
Here I am asking bash to move variable i fromĀ 1 to 10.
Then in each step, just print (output) , “conf t“, then vlan $iĀ meaning, in each step, it will print vlan $iĀ as vlan 1, vlan 2..till vlan 10.
Next line is same, instead of vlan, i am using “name Data_Vlan$i” to get an output of name Data_vlan1 to name Data_vlan10
You can run in single line like above
[root@sjc-tools ~]#for i in {1..10}; do echo "conf t"; echo "vlan $i"; echo "name Data_vlan$i"; done
You can do even system functions with it, cascading operations
rajesh@raj-ux3:/etc$ for file in `ls *.conf``; do ls -la $file; done -rw-r--r-- 1 root root 3028 Aug 1 2017 adduser.conf -rw-r--r-- 1 root root 7788 Sep 8 2017 ca-certificates.conf -rw-r--r-- 1 root root 2969 Nov 10 2015 debconf.conf -rw-r--r-- 1 root root 604 Jul 2 2015 deluser.conf -rw-r--r-- 1 root root 280 Jun 19 2014 fuse.conf -rw-r--r-- 1 root root 2584 Feb 18 2016 gai.conf -rw-r--r-- 1 root root 4781 Mar 17 2016 hdparm.conf -rw-r--r-- 1 root root 92 Oct 22 2015 host.conf -rw-r--r-- 1 root root 771 Mar 6 2015 insserv.conf -rw-r--r-- 1 root root 144 Sep 8 2017 kernel-img.conf -rw-r--r-- 1 root root 34 Jan 27 2016 ld.so.conf -rw-r--r-- 1 root root 191 Jan 18 2016 libaudit.conf -rw-r--r-- 1 root root 703 May 5 2015 logrotate.conf -rw-r--r-- 1 root root 14867 Apr 11 2016 ltrace.conf -rw-r--r-- 1 root root 967 Oct 30 2015 mke2fs.conf -rw-r--r-- 1 root root 497 May 4 2014 nsswitch.conf -rw-r--r-- 1 root root 6816 May 11 2017 overlayroot.conf rajesh@raj-ux3:/etc$
Or may be even more. Here I am copying allĀ .conf files to the newly created directory backup in my home directory
rajesh@raj-ux3:/etc$ mkdir $HOME/backup rajesh@raj-ux3:/etc$ for file in `ls *.conf`; do cp $file $HOME/backup//; done rajesh@raj-ux3:/etc$ ls $HOME/backup adduser.conf host.conf mke2fs.conf sensors3.conf ca-certificates.conf insserv.conf nsswitch.conf sos.conf debconf.conf kernel-img.conf overlayroot.conf sysctl.conf deluser.conf ld.so.conf pam.conf ucf.conf fuse.conf libaudit.conf popularity-contest.conf updatedb.conf gai.conf logrotate.conf resolv.conf hdparm.conf ltrace.conf rsyslog.conf rajesh@raj-ux3:/etc$
Well, lets use it for Troubleshooting š scanning the network. I am pinging all IPs from 1 to 200 in the network.
rajesh$ for i in {1..200}; do ping -c3 192.168.0.$i; done PING 192.168.0.1 (192.168.0.1): 56 data bytes 64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=120.535 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=4.652 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=4.841 ms --- 192.168.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 4.652/43.343/120.535/54.583 ms PING 192.168.0.2 (192.168.0.2): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 === output omitted ==
Lets do more complex one,
for i in {1..2}; do ping -c3 192.168.0.$i > /dev/null; result=$?; if [ $result -eq 0 ]; then echo -e "\033[32m Ping Success for 192.168.0.$i"; echo -e "\033[0m"; else echo -e "\033[0;31m Ping Failed for 192.168.0.$i "; echo -e "\033[0m"; fi; done Ping Success for 192.168.0.1 ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is down Ping Failed for 192.168.0.2
Let me explain it here a bit more
for i in {1..2}; do ping -c3 192.168.0.$i > /dev/null; result=$?; # -- Ping the hosts as per the list # $? returns the result of the ping, Success or Failure if [ $result -eq 0 ]; # If Ping is Successful then echo -e "\033[32m Ping Success for 192.168.0.$i"; # Print the result in Green, echo -e "\033[0m"; # reset text color back to original else echo -e "\033[0;31m Ping Failed for 192.168.0.$i "; # if ping failed for any reason, print it in RED echo -e "\033[0m"; # reset text color back to originalĀ fi; done
Lets do some more advanced Scripting. If you need to telnet to a device and make some changes/clis on a bunch of devices, you need CLI Interaction.
We can use one of the very old tool to do that. Its called expect. Today its an extension of tcl, but some of the unix/linux still have the original expect.
Here is an expect Script, most of it is self explanatory. I am logging in to a Cisco IOS Style Device and Rebooting it.
#------ $Rev 1.0 , rajesh ----# # test.tcl # package require Expect set send_human {.1 .3 1 .05 1} # The above line is to adjust the speed at which commands are typed in the # Cli by the script, it cant be too fast as we need router/host time # to respond. # # # -- Start SSH with user admin, IP will be passed as CLI option -- # here is how it is specified - [lindex $argv 0] spawn ssh -o StrictHostKeyChecking=no admin@[lindex $argv 0] # # # -- Login --# expect "password:" exp_send -h "cisco123\n" # "\n" is enter/CR. # -- Logged in and I have # Prompt # expect "#" # exp_send -h "reload at 01:00 \n" expect "confirm]" exp_send -h "\n" expect "#" exp_send "exit\n" #
this is a tcl script with expect extension/package. So you run it with tclsh. You provide the IP Address of the device you need to run these commands as the cli option.
Here it is in action.
raj-Ux#tclsh test.tcl 10.1.1.1 # -- Below output is from the script executon spawn ssh -o StrictHostKeyChecking=no rajeshvs@10.1.1.1 Password: Router#reload at 01:00 /y Reload scheduled for 01:00:00 PDT Tue Jun 5 2018 (in 11 hours and 28 minutes) by rajeshvs on vty5 (198.18.74.10) Reload reason: /y Proceed with reload? [confirm] raj-Ux#
Lets combine both the above, ie bash + expect script to make quick automation scripts
raj-ux:/Rajesh/# for router in {26..47}; > do tclsh test.tcl 198.188.1.$router >done
This script above will basically invoke the expect script across multiple devices. In our case its a script to reboot, but it could be something for configuring or monitoring or doing backup.
Lets get back to Operating SystemĀ Level.
To figure out what type is a file –
rajesh@raj-ux3:/etc$ file /bin/ls /bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d0bc0fb9b3f60f72bbad3c5a1d24c9e2a1fde775, stripped rajesh@raj-ux3:/etc$ file /etc/hosts /etc/hosts: ASCII text rajesh@raj-ux3:/etc$
to poke inside and executable and find the encoded stringsĀ or in simple English, to print the text inside a non-text file.
rajesh@raj-ux3:/etc$ strings /bin/ls /lib64/ld-linux-x86-64.so.2 libselinux.so.1 _ITM_deregisterTMCloneTable __gmon_start__ _Jv_RegisterClasses _ITM_registerTMCloneTable _init fgetfilecon freecon lgetfilecon _fini libc.so.6 fflush strcpy
to get Head and Tail of a file
rajesh@raj-ux3:/etc$ head /var/log/syslog Sep 8 23:26:00 raj-ux3 rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="960" x-info="http://www.rsyslog.com"] start Sep 8 23:26:00 raj-ux3 rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ] Sep 8 23:26:00 raj-ux3 rsyslogd: rsyslogd's groupid changed to 108 Sep 8 23:26:00 raj-ux3 rsyslogd: rsyslogd's userid changed to 104 Sep 8 23:26:00 raj-ux3 rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ] Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpuset Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpu Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Initializing cgroup subsys cpuacct Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Linux version 4.4.0-87-generic (buildd@lcy01-31) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 (Ubuntu 4.4.0-87.110-generic 4.4.73) Sep 8 23:26:00 raj-ux3 kernel: [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/raj--ux3--vg-root ro rajesh@raj-ux3:/etc$ tail /var/log/syslog Mar 17 21:59:20 raj-ux3 systemd[1]: Started User Manager for UID 1000. Mar 17 22:09:01 raj-ux3 CRON[1914]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean) Mar 17 22:12:17 raj-ux3 /usr/lib/snapd/snapd[1006]: snapmgr.go:422: No snaps to auto-refresh found Mar 17 22:12:17 raj-ux3 systemd[1]: Starting Cleanup of Temporary Directories... Mar 17 22:12:17 raj-ux3 systemd-tmpfiles[1955]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Mar 17 22:12:17 raj-ux3 snapd[1006]: 2018/03/17 22:12:17.049466 snapmgr.go:422: No snaps to auto-refresh found Mar 17 22:12:17 raj-ux3 systemd[1]: Started Cleanup of Temporary Directories. Mar 17 22:17:01 raj-ux3 CRON[1962]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 17 22:17:16 raj-ux3 /usr/lib/snapd/snapd[1006]: snapmgr.go:496: DEBUG: Next refresh scheduled for 2018-03-18 03:50:39.966008933 -0700 PDT. Mar 17 22:39:01 raj-ux3 CRON[2432]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean) rajesh@raj-ux3:/etc$
use tail -f if you wanna follow the file
Bit on the hardware side, list PCI devices
rajesh@raj-ux3:/etc$ lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (rev 01)
00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge (rev 01)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 08)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:07.7 System peripheral: VMware Virtual Machine Communication Interface (rev 10)
00:0f.0 VGA compatible controller: VMware SVGA II Adapter
00:10.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 01)
00:11.0 PCI bridge: VMware PCI bridge (rev 02)
00:15.0 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.1 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.2 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.3 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.4 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.5 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.6 PCI bridge: VMware PCI Express Root Port (rev 01)
00:15.7 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.0 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.1 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.2 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.3 PCI bridge: VMware PCI Express Root Port (rev 01)
00:16.4 PCI bridge: VMware
Check Process or grep for specific process, ssh for example here
root@raj-ux3:/home/rajesh# ps -aef UID PID PPID C STIME TTY TIME CMD root 1 0 2 10:42 ? 00:00:01 /sbin/init root 2 0 0 10:42 ? 00:00:00 [kthreadd] root 3 2 0 10:42 ? 00:00:00 [ksoftirqd/0] root 4 2 0 10:42 ? 00:00:00 [kworker/0:0] root 5 2 0 10:42 ? 00:00:00 [kworker/0:0H] root 6 2 0 10:42 ? 00:00:00 [kworker/u256:0] root 7 2 0 10:42 ? 00:00:00 [rcu_sched] root 8 2 0 10:42 ? 00:00:00 [rcu_bh] root 9 2 0 10:42 ? 00:00:00 [migration/0] root 10 2 0 10:42 ? 00:00:00 [watchdog/0] root 11 2 0 10:42 ? 00:00:00 [kdevtmpfs] root 12 2 0 10:42 ? 00:00:00 [netns] root 13 2 0 10:42 ? 00:00:00 [perf] root 14 2 0 10:42 ? 00:00:00 [khungtaskd] root 15 2 0 10:42 ? 00:00:00 [writeback] root 16 2 0 10:42 ? 00:00:00 [ksmd] root 17 2 0 10:42 ? 00:00:00 [khugepaged] root 18 2 0 10:42 ? 00:00:00 [crypto] root 19 2 0 10:42 ? 00:00:00 [kintegrityd] root 20 2 0 10:42 ? 00:00:00 [bioset] root 21 2 0 10:42 ? 00:00:00 [kblockd] root 22 2 0 10:42 ? 00:00:00 [ata_sff] root 23 2 0 10:42 ? 00:00:00 [md] root 24 2 0 10:42 ? 00:00:00 [devfreq_wq] root 25 2 0 10:42 ? 00:00:00 [kworker/u256:1] root 26 2 0 10:42 ? 00:00:00 [kworker/0:1] root 28 2 0 10:42 ? 00:00:00 [kswapd0] root 29 2 0 10:42 ? 00:00:00 [vmstat] root 30 2 0 10:42 ? 00:00:00 [fsnotify_mark] root 31 2 0 10:42 ? 00:00:00 [ecryptfs-kthrea] root 47 2 0 10:42 ? 00:00:00 [kthrotld] root 48 2 0 10:42 ? 00:00:00 [acpi_thermal_pm] root 49 2 0 10:42 ? 00:00:00 [bioset] root 50 2 0 10:42 ? 00:00:00 [bioset] root 51 2 0 10:42 ? 00:00:00 [bioset] root 52 2 0 10:42 ? 00:00:00 [bioset] root 53 2 0 10:42 ? 00:00:00 [bioset] root 54 2 0 10:42 ? 00:00:00 [bioset] root 55 2 0 10:42 ? 00:00:00 [bioset] root 56 2 0 10:42 ? 00:00:00 [bioset] root 273 2 0 10:42 ? 00:00:00 [bioset] root 275 2 0 10:42 ? 00:00:00 [kworker/0:1H] root 340 2 0 10:42 ? 00:00:00 [raid5wq] root 365 2 0 10:42 ? 00:00:00 [kdmflush] root 366 2 0 10:42 ? 00:00:00 [bioset] root 381 2 0 10:42 ? 00:00:00 [bioset] root 408 2 0 10:42 ? 00:00:00 [jbd2/dm-0-8] root 409 2 0 10:42 ? 00:00:00 [ext4-rsv-conver] root 457 2 0 10:42 ? 00:00:00 [kworker/0:4] root 476 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-journald root 480 2 0 10:42 ? 00:00:00 [iscsi_eh] systemd+ 737 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-timesyncd root 909 2 0 10:42 ? 00:00:00 [kdmflush] root 912 2 0 10:42 ? 00:00:00 [bioset] root 945 1 0 10:42 ? 00:00:00 /usr/sbin/acpid root 948 1 0 10:42 ? 00:00:00 /usr/sbin/cron -f root 952 1 0 10:42 ? 00:00:00 /lib/systemd/systemd-logind root 955 1 0 10:42 ? 00:00:00 /usr/bin/lxcfs /var/lib/lxcfs/ syslog 956 1 0 10:42 ? 00:00:00 /usr/sbin/rsyslogd -n daemon 965 1 0 10:42 ? 00:00:00 /usr/sbin/atd -f root 970 1 0 10:42 ? 00:00:00 /usr/lib/accountsservice/accounts-daemon root 972 1 0 10:42 ? 00:00:00 /usr/bin/vmtoolsd message+ 975 1 0 10:42 ? 00:00:00 /usr/bin/dbus-daemon --system --address=syst root 995 1 0 10:42 ? 00:00:00 /usr/lib/snapd/snapd root 1009 1 0 10:42 ? 00:00:00 /sbin/mdadm --monitor --pid-file /run/mdadm/ root 1014 1 0 10:42 ? 00:00:00 /usr/lib/policykit-1/polkitd --no-debug root 1069 1 0 10:42 ? 00:00:00 /sbin/dhclient -1 -v -pf /run/dhclient.ens33 root 1205 1 0 10:42 ? 00:00:00 /usr/sbin/sshd -D root 1229 1 0 10:42 ? 00:00:00 /sbin/iscsid root 1230 1 0 10:42 ? 00:00:00 /sbin/iscsid mysql 1234 1 2 10:42 ? 00:00:00 /usr/sbin/mysqld root 1298 1 0 10:42 tty1 00:00:00 /bin/login -- root 1303 1 0 10:42 ? 00:00:00 /bin/sh /etc/init.d/ondemand background root 1324 1303 0 10:42 ? 00:00:00 sleep 60 root 1347 1 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start www-data 1350 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start www-data 1351 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start www-data 1352 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start www-data 1353 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start www-data 1354 1347 0 10:42 ? 00:00:00 /usr/sbin/apache2 -k start root 1559 1 0 10:43 ? 00:00:00 /lib/systemd/systemd --user root 1561 1559 0 10:43 ? 00:00:00 (sd-pam) root 1567 1298 0 10:43 tty1 00:00:00 -bash root 1588 1205 0 10:43 ? 00:00:00 sshd: rajesh [priv] rajesh 1590 1 0 10:43 ? 00:00:00 /lib/systemd/systemd --user rajesh 1591 1590 0 10:43 ? 00:00:00 (sd-pam) rajesh 1625 1588 0 10:43 ? 00:00:00 sshd: rajesh@pts/0 rajesh 1626 1625 0 10:43 pts/0 00:00:00 -bash root 1638 1626 0 10:43 pts/0 00:00:00 su root 1639 1638 0 10:43 pts/0 00:00:00 bash root 1649 1639 0 10:43 pts/0 00:00:00 ps -aef root@raj-ux3:/home/rajesh# ps -aef | grep sshd root 1205 1 0 10:42 ? 00:00:00 /usr/sbin/sshd -D root 1588 1205 0 10:43 ? 00:00:00 sshd: rajesh [priv] rajesh 1625 1588 0 10:43 ? 00:00:00 sshd: rajesh@pts/0 root 1652 1639 0 10:43 pts/0 00:00:00 grep --color=auto sshd root@raj-ux3:/home/rajesh#
Partitions
rajesh@raj-ux3:/proc$ cat partitions
major minor #blocks name
8 0 20971520 sda
8 1 498688 sda1
8 2 1 sda2
8 5 20469760 sda5
11 0 1048575 sr0
252 0 19419136 dm-0
252 1 1048576 dm-1
rajesh@raj-ux3:/proc
to check loaded Modules/Drivers
rajesh@raj-ux3:/proc$ cat /proc/modules
vmw_vsock_vmci_transport 28672 1 - Live 0x0000000000000000
vsock 36864 2 vmw_vsock_vmci_transport, Live 0x0000000000000000
ppdev 20480 0 - Live 0x0000000000000000
vmw_balloon 20480 0 - Live 0x0000000000000000
coretemp 16384 0 - Live 0x0000000000000000
joydev 20480 0 - Live 0x0000000000000000
input_leds 16384 0 - Live 0x0000000000000000
serio_raw 16384 0 - Live 0x0000000000000000
snd_ens1371 28672 0 - Live 0x0000000000000000
uvcvideo 90112 0 - Live 0x0000000000000000
videobuf2_vmalloc 16384 1 uvcvideo, Live 0x0000000000000000
snd_ac97_codec 131072 1 snd_ens1371, Live 0x0000000000000000
gameport 16384 1 snd_ens1371, Live 0x0000000000000000
videobuf2_memops 16384 1 videobuf2_vmalloc, Live 0x0000000000000000
videobuf2_v4l2 28672 1 uvcvideo, Live 0x0000000000000000
snd_rawmidi 32768 1 snd_ens1371, Live 0x0000000000000000
videobuf2_core 36864 2 uvcvideo,videobuf2_v4l2, Live 0x0000000000000000
snd_seq_device 16384 1 snd_rawmidi, Live 0x0000000000000000
ac97_bus 16384 1 snd_ac97_codec, Live 0x0000000000000000
snd_pcm 106496 2 snd_ens1371,snd_ac97_codec, Live 0x0000000000000000
v4l2_common 16384 1 videobuf2_v4l2, Live 0x0000000000000000
btusb 45056 0 - Live 0x0000000000000000
btrtl 16384 1 btusb, Live 0x0000000000000000
btbcm 16384 1 btusb, Live 0x0000000000000000
btintel 16384 1 btusb, Live 0x0000000000000000
videodev 176128 4 uvcvideo,videobuf2_v4l2,videobuf2_core,v4l2_common, Live 0x0000000000000000
snd_timer 32768 1 snd_pcm, Live 0x0000000000000000
bluetooth 520192 5 btusb,btrtl,btbcm,btintel, Live 0x0000000000000000
media 24576 2 uvcvideo,videodev, Live 0x0000000000000000
snd 81920 6 snd_ens1371,snd_ac97_codec,snd_rawmidi,snd_seq_device,snd_pcm,snd_timer, Live 0x0000000000000000
soundcore 16384 1 snd, Live 0x0000000000000000
shpchp 36864 0 - Live 0x0000000000000000
i2c_piix4 24576 0 - Live 0x0000000000000000
vmw_vmci 65536 2 vmw_vsock_vmci_transport,vmw_balloon, Live 0x0000000000000000
nfit 36864 0 - Live 0x0000000000000000
8250_fintek 16384 0 - Live 0x0000000000000000
parport_pc 32768 0 - Live 0x0000000000000000
parport 49152 2 ppdev,parport_pc, Live 0x0000000000000000
mac_hid 16384 0 - Live 0x0000000000000000
ib_iser 49152 0 - Live 0x0000000000000000
rdma_cm 49152 1 ib_iser, Live 0x0000000000000000
iw_cm 45056 1 rdma_cm, Live 0x0000000000000000
ib_cm 45056 1 rdma_cm, Live 0x0000000000000000
ib_sa 36864 2 rdma_cm,ib_cm, Live 0x0000000000000000
ib_mad 49152 2 ib_cm,ib_sa, Live 0x0000000000000000
ib_core 106496 6 ib_iser,rdma_cm,iw_cm,ib_cm,ib_sa,ib_mad, Live 0x0000000000000000
ib_addr 16384 2 rdma_cm,ib_core, Live 0x0000000000000000
iscsi_tcp 20480 0 - Live 0x0000000000000000
libiscsi_tcp 24576 1 iscsi_tcp, Live 0x0000000000000000
libiscsi 53248 3 ib_iser,iscsi_tcp,libiscsi_tcp, Live 0x0000000000000000
scsi_transport_iscsi 98304 4 ib_iser,iscsi_tcp,libiscsi, Live 0x0000000000000000
autofs4 40960 2 - Live 0x0000000000000000
btrfs 987136 0 - Live 0x0000000000000000
raid10 49152 0 - Live 0x0000000000000000
raid456 110592 0 - Live 0x0000000000000000
async_raid6_recov 20480 1 raid456, Live 0x0000000000000000
async_memcpy 16384 2 raid456,async_raid6_recov, Live 0x0000000000000000
async_pq 16384 2 raid456,async_raid6_recov, Live 0x0000000000000000
async_xor 16384 3 raid456,async_raid6_recov,async_pq, Live 0x0000000000000000
async_tx 16384 5 raid456,async_raid6_recov,async_memcpy,async_pq,async_xor, Live 0x0000000000000000
xor 24576 2 btrfs,async_xor, Live 0x0000000000000000
raid6_pq 102400 4 btrfs,raid456,async_raid6_recov,async_pq, Live 0x0000000000000000
libcrc32c 16384 1 raid456, Live 0x0000000000000000
raid1 36864 0 - Live 0x0000000000000000
raid0 20480 0 - Live 0x0000000000000000
multipath 16384 0 - Live 0x0000000000000000
linear 16384 0 - Live 0x0000000000000000
hid_generic 16384 0 - Live 0x0000000000000000
usbhid 49152 0 - Live 0x0000000000000000
hid 118784 2 hid_generic,usbhid, Live 0x0000000000000000
crct10dif_pclmul 16384 0 - Live 0x0000000000000000
crc32_pclmul 16384 0 - Live 0x0000000000000000
ghash_clmulni_intel 16384 0 - Live 0x0000000000000000
aesni_intel 167936 0 - Live 0x0000000000000000
aes_x86_64 20480 1 aesni_intel, Live 0x0000000000000000
lrw 16384 1 aesni_intel, Live 0x0000000000000000
gf128mul 16384 1 lrw, Live 0x0000000000000000
glue_helper 16384 1 aesni_intel, Live 0x0000000000000000
ablk_helper 16384 1 aesni_intel, Live 0x0000000000000000
cryptd 20480 3 ghash_clmulni_intel,aesni_intel,ablk_helper, Live 0x0000000000000000
vmwgfx 237568 1 - Live 0x0000000000000000
ttm 98304 1 vmwgfx, Live 0x0000000000000000
drm_kms_helper 155648 1 vmwgfx, Live 0x0000000000000000
psmouse 131072 0 - Live 0x0000000000000000
syscopyarea 16384 1 drm_kms_helper, Live 0x0000000000000000
sysfillrect 16384 1 drm_kms_helper, Live 0x0000000000000000
sysimgblt 16384 1 drm_kms_helper, Live 0x0000000000000000
fb_sys_fops 16384 1 drm_kms_helper, Live 0x0000000000000000
ahci 36864 0 - Live 0x0000000000000000
libahci 32768 1 ahci, Live 0x0000000000000000
e1000 135168 0 - Live 0x0000000000000000
mptspi 24576 2 - Live 0x0000000000000000
mptscsih 40960 1 mptspi, Live 0x0000000000000000
drm 364544 4 vmwgfx,ttm,drm_kms_helper, Live 0x0000000000000000
mptbase 102400 2 mptspi,mptscsih, Live 0x0000000000000000
scsi_transport_spi 32768 1 mptspi, Live 0x0000000000000000
pata_acpi 16384 0 - Live 0x0000000000000000
fjes 28672 0 - Live 0x0000000000000000
rajesh@raj-ux3:/proc$
CPU
rajesh@raj-ux3:/proc$ cat cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 158
model name : Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz
stepping : 9
microcode : 0x58
cpu MHz : 3094.113
cache size : 8192 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 22
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch epb fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
bugs :
bogomips : 6188.22
clflush size : 64
cache_alignment : 64
address sizes : 42 bits physical, 48 bits virtual
power management:
sniffing traffic –
root@raj-ux3:/home/rajesh# tcpdump -i ens33 dst port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 11:01:05.115221 IP 172.16.129.1.63112 > 172.16.129.128.telnet: Flags [SEW], seq 1333940134, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 623195467 ecr 0,sackOK,eol], length 0 ^C 1 packet captured 3 packets received by filter 0 packets dropped by kernel root@raj-ux3:/home/rajesh# tcpdump -i ens33 dst port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 11:01:40.314869 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [S], seq 3797991664, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 623230412 ecr 0,sackOK,eol], length 0 11:01:40.315192 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 2789728594, win 4117, options [nop,nop,TS val 623230412 ecr 210178], length 0 11:01:42.041250 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [P.], seq 0:7, ack 1, win 4117, options [nop,nop,TS val 623232125 ecr 210178], length 7: HTTP: get / 11:01:42.043238 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 484, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0 11:01:42.043250 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [.], ack 485, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0 11:01:42.043362 IP 172.16.129.1.63119 > 172.16.129.128.http: Flags [F.], seq 7, ack 485, win 4102, options [nop,nop,TS val 623232126 ecr 210610], length 0