The following commands are used to extract information out of a Linux Operating System. While these commands should work with most variants of the LINUX this code has been verified to work with the Debian distribution. If you are running a different variant please inform contact with which variant and version so that the command line code can be verified with your particular version.
The following queries may assist you in determining your Linux system general info.
hostnamectl > sysinfo.txt
uname -a > sysinfo.txt
lsb_release -a > sysinfo.txt
cat /etc/*-release > sysinfo.txtThe following query obtains a system-wide configuration file
cp /etc/ssh/sshd_config sshd.config.txtThis command shows default information about all system and user accounts on the system as well as information about the user's last login to the system, and whether their password is locked or login by password disabled.
lslogins -o USER,PWD-CHANGE,PWD-EMPTY,PWD-LOCK,PWD-DENY,PWD-MIN,PWD-MAX,PWD-WARN,PWD-EXPIR,SHELL >> LoginSetting.txtThis command will find all accounts including network accounts.
getent passwd > Accounts.txtIf you are running Red Hat Enterprise Linux use the following command.
cp /etc/passwd accounts.txtIf you are running UNIX use the following command.
cat /etc/passwd > accounts.txtThis is to determine if an account or group is assigned to another group. Ex: If group A is given root access and Group B is part of Group A then those assigned to Group B has root privileges. Same goes if Group C is assigned to Group B.
getent group > Group.txtIf you are running Red Hat Enterprise Linux use the following command.
cp /etc/group group.txtIf you are running UNIX use the following command.
cat /etc/group > group.txtRun the following query if PAM is required for authentication.
cp /etc/pam.d/password-auth-ac password-auth-ac.txtThis is to determine what groups/accounts can run commands as root.
sudo cat /etc/sudoers > Sudo.txtPlease check the contents of /etc/sudoers and send files referenced by an include directive ("#include" for a single file or "#includedir" for an entire directory). If the referenced file doesn't exist, provide evidence through executing ls -a
These 2 commands will show all accounts and the password settings that are being applied to them. Run both as each command outputs different components of the password settings.
sudo passwd --status --all > PasswordSetting.txtAlternative Commands:
Run if the above command for minimum and maximum password age does not work.
sudo cat /etc/login.defs > PasswordSetting.txtOR
sudo passwd -S -a > PasswordSetting.txtIf you are running Oracle Enterprise Linux Server use the following command. Note: You MUST run this command as root otherwise it will fail.
for u in `cat /etc/passwd | cut -d: -f1 | sort`; do passwd -S $u >> PasswordSetting.txt; doneOR
for u in $(cat /etc/passwd | cut -d: -f1 | sort); do passwd -S $u >> PasswordSetting.txt; doneIf you are running UNIX use the following command. Note: You MUST run this command in the /etc/ folder otherwise it will fail.
passwd -s -a > PasswordSetting.txtsudo cat /etc/security/pwquality.conf > Pwquality.txtNOTE: If the server does not have a pwquality.conf file, please provide a screenshot of the "find -name pwquality.conf" command showing the file does not exist on the server.
This command is to determine what shells are valid to login to the system.
sudo cat /etc/shells > LoginShells.txt