Essential System Diagnostics: Probing an Unknown Linux Server

Imagine that you have SSH connected to an unknown Linux host. To get around in the system you need to get the basic information from it. There are several commands and steps you can take to gather information. Here's a structured approach:

  1. Hostname and User:

    • hostname: To find out the hostname of the system.

    • whoami: To check which user you're logged in as.

  2. Operating System and Kernel:

    • cat /etc/os-release: This will give you the specific Linux distribution and version.

    • uname -a: For kernel version and additional system info.

  3. Network Configuration:

    • ip addr or ifconfig: To check the network interfaces and their configurations.

    • ss -tulwn or netstat -tulwn: To see listening ports and services.

  4. System Hardware:

    • lscpu: Displays CPU architecture information.

    • lsblk: Lists out the block devices (like disks).

    • free -h: To see memory usage.

    • lspci: Lists out all PCI devices.

    • lsusb: Lists USB devices.

  5. Mounted File Systems:

    • df -h: To see disk space usage on all mounted filesystems.

    • mount | column -t: To get a list of all mounted filesystems.

  6. User Information:

    • getent passwd: To list all users.

    • id [username]: To get the user ID, group ID, and groups a user belongs to.

  7. Running Processes:

    • ps aux: To view all running processes.

    • top or htop: For real-time process monitoring.

  8. Scheduled Tasks:

    • crontab -l: Lists scheduled cron jobs for the current user.

    • sudo crontab -l: Lists root's cron jobs (if you have sudo privileges).

  9. System Services:

    • systemctl list-units --type=service --all: Lists all services on systemd-based systems.

    • service --status-all: On SysVinit systems to list service status.

  10. Environment Variables:

    • env: Displays all environment variables.
  11. Historical and Current User Activity:

    • w: Show who is logged on and what they are doing.

    • last: Shows last logins of users and reboots.

    • history: Shows the command history for the current user.

  12. Checking for Root Access:

    • sudo -l: Lists what commands you can run as root or other users using sudo.
  13. Checking System Logs:

    • sudo less /var/log/syslog: For system events (mainly Debian-based systems).

    • sudo less /var/log/messages: General message and system related logs (mainly on Red Hat-based systems).

  14. Software and Services:

    • dpkg -l: On Debian-based systems to list installed packages.

    • rpm -qa: On Red Hat-based systems for the same purpose.

    • systemctl list-unit-files: To see enabled and disabled systemd services.

Remember, if you are not the administrator of the system, running certain commands may violate policies or privacy expectations, so you should have proper authorization before proceeding. Additionally, some commands might require root privileges to provide useful output, which may not be available to your user.

Open-source tools to get system info:

Several open-source tools can be used to gather comprehensive system information on Linux:

  1. Neofetch: A command-line system information tool written in bash that displays information about your system next to an image, your OS logo, or any ASCII file of your choice. It provides a quick overview of system information such as OS, kernel, uptime, packages, shell, resolution, DE, WM, WM theme, theme, icons, terminal, CPU, GPU, and memory.

  2. Inxi: A full-featured system information script that can display various hardware and software data in a user-friendly format. It can show system hardware, CPU, drivers, Xorg, Desktop, Kernel, GCC version(s), processes, memory, and a wide variety of other useful information.

  3. HardInfo: Also known as the System Profiler and Benchmark, HardInfo displays hardware and some software information in a GUI, with options to generate reports.

  4. lshw: A small tool to provide detailed information on the hardware configuration of the machine. It can report the exact memory configuration, firmware version, mainboard configuration, CPU version and speed, cache configuration, bus speed, etc.

  5. Sysinfo: Another GUI tool for Linux that can display system information such as current CPU performance, available memory, network connectivity, and hard drive stats.

  6. dmidecode: A tool for dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format. This table contains a description of the system's hardware components, as well as other useful pieces of information such as serial numbers and BIOS revision.

These tools are generally found in the default repositories of most Linux distributions and can be installed using the package manager. For example, on Ubuntu or Debian-based distributions, you can install them using commands like:

sudo apt-get update
sudo apt-get install neofetch inxi hardinfo lshw sysinfo dmidecode

After installation, you can simply run the tool's name as a command in the terminal to get the system information.