1.3. 信息收集 - Linux
1.3.1. 获取内核,操作系统和设备信息
版本信息*
<span class="pre">uname</span><span> </span><span class="pre">-a</span>所有版本<span class="pre">uname</span><span> </span><span class="pre">-r</span>内核版本信息<span class="pre">uname</span><span> </span><span class="pre">-n</span>系统主机名字<span class="pre">uname</span><span> </span><span class="pre">-m</span>Linux内核架构
- 内核信息
<span class="pre">cat</span><span> </span><span class="pre">/proc/version</span> - CPU信息
<span class="pre">cat</span><span> </span><span class="pre">/proc/cpuinfo</span> 发布信息*
<span class="pre">cat</span><span> </span><span class="pre">/etc/*-release</span><span class="pre">cat</span><span> </span><span class="pre">/etc/issue</span>
- 主机名
<span class="pre">hostname</span> - 文件系统
<span class="pre">df</span><span> </span><span class="pre">-a</span>
1.3.2. 用户和组
- 列出系统所有用户
<span class="pre">cat</span><span> </span><span class="pre">/etc/passwd</span> - 列出系统所有组
<span class="pre">cat</span><span> </span><span class="pre">/etc/group</span> - 列出所有用户hash(root)
cat /etc/shadow 用户* 查询用户的基本信息
<span class="pre">finger</span>- 当前登录的用户
<span class="pre">users</span><span class="pre">who</span><span> </span><span class="pre">-a</span>
- 当前登录的用户
- 目前登录的用户
<span class="pre">w</span> - 登入过的用户信息
<span class="pre">last</span> - 显示系统中所有用户最近一次登录信息
<span class="pre">lastlog</span>
1.3.3. 用户和权限信息
- 当前用户
<span class="pre">whoami</span> - 当前用户信息
<span class="pre">id</span> - 可以使用sudo提升到root的用户(root)
<span class="pre">cat</span><span> </span><span class="pre">/etc/sudoers</span> - 列出目前用户可执行与无法执行的指令
<span class="pre">sudo</span><span> </span><span class="pre">-l</span>
1.3.4. 环境信息
- 打印系统环境信息
<span class="pre">env</span> - 打印系统环境信息
<span class="pre">set</span> - 环境变量中的路径信息
<span class="pre">echo</span> <span> </span><span class="pre">$PATH</span> - 打印历史命令
<span class="pre">history</span> - 显示当前路径
<span class="pre">pwd</span> - 显示默认系统遍历
<span class="pre">cat</span><span> </span><span class="pre">/etc/profile</span> - 显示可用的shell
<span class="pre">cat</span><span> </span><span class="pre">/etc/shells</span>
1.3.5. 服务信息
- 查看进程信息
<span class="pre">ps</span><span> </span><span class="pre">aux</span> - 由inetd管理的服务列表
<span class="pre">cat</span><span> </span><span class="pre">/etc/inetd.conf</span> - 由xinetd管理的服务列表
<span class="pre">cat</span><span> </span><span class="pre">/etc/xinetd.conf</span> - nfs服务器的配置
<span class="pre">cat</span><span> </span><span class="pre">/etc/exports</span>
1.3.6. 作业和任务
- 显示指定用户的计划作业(root)
<span class="pre">crontab</span><span> </span><span class="pre">-l</span><span> </span><span class="pre">-u</span><span> </span><span class="pre">%user%</span> - 计划任务
<span class="pre">ls</span><span> </span><span class="pre">-la</span><span> </span><span class="pre">/etc/cron*</span>
1.3.7. 网络、路由和通信
- 列出网络接口信息
<span class="pre">/sbin/ifconfig</span><span> </span><span class="pre">-a</span> - 列出网络接口信息
<span class="pre">cat</span><span> </span><span class="pre">/etc/network/interfaces</span> - 查看系统arp表
<span class="pre">arp</span><span> </span><span class="pre">-a</span> - 打印路由信息
<span class="pre">route</span> - 查看dns配置信息
<span class="pre">cat</span><span> </span><span class="pre">/etc/resolv.conf</span> - 打印本地端口开放信息
<span class="pre">netstat</span><span> </span><span class="pre">-an</span> - 列出iptable的配置规则
<span class="pre">iptables</span><span> </span><span class="pre">-L</span> - 查看端口服务映射
<span class="pre">cat</span><span> </span><span class="pre">/etc/services</span>
