命令:# find / -type f ( -perm -04000 -o -perm -02000 ) –print
命令:# find / -name ".*" –print
命令:# ps –ef
UID 进程所有者的用户ID PID 进程ID PPID 父进程的进程ID C CPU占用率 STIME 以小时、分和秒表示的进程启动时间 TIME 进程自从启动以后占用CPU的全部时间 CMD 生成进程的命令名
命令: #netstat–an
命令: #cat/etc/inetd.conf
命令:# cat /etc/passwd
bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm:
命令:# cat /etc/shadow
sys: CVLoXsQvCgK62:6445:::::: adm: CVLoXsQvCgK62:6445::::::
命令:# cat ftpusers
root daemon bin sys adm lp uucp nuucp listen nobody noaccess nobody4
命令:# cat /etc/group
root::0:root other::1: bin::2:root,bin,daemon sys::3:root,bin,sys,adm adm::4:root,adm,daemon uucp::5:root,uucp mail::6:root tty::7:root,tty,adm lp::8:root,lp,adm nuucp::9:root,nuucp staff::10: daemon::12:root,daemon sysadmin::14: nobody::60001: noaccess::60002: nogroup::65534:
命令:# cat hosts # # Internet host table # 127.0.0.1 localhost 192.168.0.180 Solaris8x86 loghost
命令:# cat /etc/default/login
# Set the TZ environment variable of the shell. # #TIMEZONE=EST5EDT # ULIMIT sets the file size limit for the login. Units are disk blocks. # The default of zero means no limit. # #ULIMIT=0 # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # CONSOLE=/dev/console #现在root是不能远程登录的 # PASSREQ determines if login requires a password. # PASSREQ=YES
命令:# ls -la /var/log
total 8 drwxr-xr-x 2 root sys 512 Jan 12 03:54. drwxr-xr-x 28 root sys 512 Jan 12 04:28.. -rw------- 1 root sys 0 Jan 12 03:46 authlog -rw-r--r-- 1 root other 424 Jan 12 04:28 sysidconfig.log -rw-r--r-- 1 root sys 766 Jan 12 04:57 syslog
命令:# ls -la /、var/adm
total 114 drwxrwxr-x 6 root sys 512 Jan 12 05:11. drwxr-xr-x 28 root sys 512 Jan 12 04:28.. -rw------- 1 uucp bin 0 Jan 12 03:46 aculog -r--r--r-- 1 root other 2828 Jan 12 05:08 lastlog drwxr-xr-x 2 adm adm 512 Jan 12 03:46 log -rw-r--r-- 1 root root 25859 Jan 12 04:57 messages drwxr-xr-x 2 adm adm 512 Jan 12 03:46 passwd drwxr-xr-x 2 root sys 512 Jan 12 03:55 sm.bin -rw-rw-rw- 1 root bin 0 Jan 12 03:46 spellhist drwxr-xr-x 2 root sys 512 Jan 12 03:46 streams -rw------- 1 root root 99 Jan 12 05:13 sulog -rw-r--r-- 1 root bin 3348 Jan 12 05:08 utmpx -rw-r--r-- 1 root root 244 Jan 12 04:57 vold.log -rw-r--r-- 1 adm adm 15996 Jan 12 05:08 wtmpx
命令:/var/spool/cron/crontabs/root
# cat /var/spool/cron/crontabs/root #ident "@(#)root 1.19 98/07/06 SMI" /*SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # The rtc command is run to adjust the real time clock if and when # daylight savings time changes. # 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
命令:# /usr/sbin/modinfo
# cat /etc/syslog.conf #ident "@(#)syslog.conf 1.5 98/12/14 SMI" /*SunOS 5.0*/ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST',/var/log/authlog,@loghost) mail.debug ifdef(`LOGHOST',/var/log/syslog,@loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef('LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root,operator'
命令:#md5 /usr/bin/cat
MD5 (/usr/bin/cat) = db2d19bdebb690eb1870d2c49fd98d2f
/usr/bin/* /usr/sbin/* /usr/local/bin/* /etc/passwd /etc/shadow /etc/inetd.conf /etc/services /etc/inittab /etc/syslog.conf /etc/default/login /etc/default/passwd
Solaris SPARC - 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.5.1, 2.6, Solaris 7 and Solaris 8 Solaris x86 - 2.1, 2.4, 2.5, 2.5.1, 2.6, Solaris 7 and Solaris 8 Solaris PPC - 2.5.1 Trusted Solaris SPARC - 2.5, 2.5.1 and 7 Trusted Solaris 7 x86 Most CDs bundled with Solaris 2.6 and later.
- The end -
网络安全资料列表
原文始发于微信公众号(计算机与网络安全):网络安全应急响应:Unix安全初始化快照
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论