The following commands are used to extract information out of a Linux Operating System. While these commands should work with most variants of the LINUX this code has been verified to work with the Debian distribution. If you are running a different variant please inform contact with which variant and version so that the command line code can be verified with your particular version.
The following queries may assist you in determining your Linux system general info.
hostnamectl > sysinfo.txt
uname -a > sysinfo.txt
lsb_release -a > sysinfo.txt
cat /etc/*-release > sysinfo.txt
The following query obtains a system-wide configuration file
cp /etc/ssh/sshd_config sshd.config.txt
This command shows default information about all system and user accounts on the system as well as information about the user's last login to the system, and whether their password is locked or login by password disabled.
lslogins -o USER,PWD-CHANGE,PWD-EMPTY,PWD-LOCK,PWD-DENY,PWD-MIN,PWD-MAX,PWD-WARN,PWD-EXPIR,SHELL >> LoginSetting.txt
This command will find all accounts including network accounts.
getent passwd > Accounts.txt
If you are running Red Hat Enterprise Linux use the following command.
cp /etc/passwd accounts.txt
If you are running UNIX use the following command.
cat /etc/passwd > accounts.txt
This is to determine if an account or group is assigned to another group. Ex: If group A is given root access and Group B is part of Group A then those assigned to Group B has root privileges. Same goes if Group C is assigned to Group B.
getent group > Group.txt
If you are running Red Hat Enterprise Linux use the following command.
cp /etc/group group.txt
If you are running UNIX use the following command.
cat /etc/group > group.txt
Run the following query if PAM is required for authentication.
cp /etc/pam.d/password-auth-ac password-auth-ac.txt
This is to determine what groups/accounts can run commands as root.
sudo cat /etc/sudoers > Sudo.txt
Please check the contents of /etc/sudoers and send files referenced by an include directive ("#include" for a single file or "#includedir" for an entire directory). If the referenced file doesn't exist, provide evidence through executing ls -a
These 2 commands will show all accounts and the password settings that are being applied to them. Run both as each command outputs different components of the password settings.
sudo passwd --status --all > PasswordSetting.txt
Alternative Commands:
Run if the above command for minimum and maximum password age does not work.
sudo cat /etc/login.defs > PasswordSetting.txt
OR
sudo passwd -S -a > PasswordSetting.txt
If you are running Oracle Enterprise Linux Server use the following command. Note: You MUST run this command as root otherwise it will fail.
for u in `cat /etc/passwd | cut -d: -f1 | sort`; do passwd -S $u >> PasswordSetting.txt; done
OR
for u in $(cat /etc/passwd | cut -d: -f1 | sort); do passwd -S $u >> PasswordSetting.txt; done
If you are running UNIX use the following command. Note: You MUST run this command in the /etc/ folder otherwise it will fail.
passwd -s -a > PasswordSetting.txt
sudo cat /etc/security/pwquality.conf > Pwquality.txt
NOTE: If the server does not have a pwquality.conf file, please provide a screenshot of the "find -name pwquality.conf" command showing the file does not exist on the server.
This command is to determine what shells are valid to login to the system.
sudo cat /etc/shells > LoginShells.txt