General Information

Basic Info

whoami; id; hostname;

Networking

ip a

Can you run anything as sudo

sudo -l

What operating system do we have?

cat /etc/os-release

Check user path

echo $PATH

check environment variables

env

Check kernel version

uname -a
cat /proc/version

Check CPU info

lscpu

Check login shells

cat /etc/shells

Check attached printers:

lpstat

Check users and groups:

cat /etc/passwd
cat /etc/group

Check who is in a group:

getent group sudo

Check home directories of users on system and inspect their history files:

find /home -maxdepth 2 -type f -name ".*history" -exec ls -l {} \; 2>/dev/null
find /home -type f -name ".bash_history" -o -name ".zsh_history" 2>/dev/null

Check running processes as root

ps aux | grep root

Env vars

env
printenv

Check mounted filesystems

mount
df -h

Check open network sockets:

ss -tulpn
netstat -tulpn

check crons

crontab -l 2>/dev/null
ls -la /var/spool/cron/crontabs
ls -la /etc/cron.*
cat /etc/crontab

Check system information available in /proc:

find /proc -name cmdline -exec cat {} \; 2>/dev/null | tr " " "\n"

Kernel version

uname -a
uname -r