image
A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System program changes (debsums -e and rpm -va) Network traffic statistics Network connection, listening port Open port Routing table information Route forwarding ARP DNS Server SSH login information SSH login IP iptables information SSH key detection SSH burst IP Crontab detection Crontab backdoor detection Find common configuration files Find common software Audit history files Querying HOSTS files lsmod exception kernel module Anomaly file detection (nc, tunnel, proxy common hacker tools) Large file detection (some large files packaged) Free space, hard disk mount Open port LD_PRELOAD detection LD_LIBRARY_PATH ld.so.preload NIC promiscuous mode Most used software Change the file mtime in the last 7 days Change the file ctime in the last 7 days View SUID file Find: hidden files Find sensitive files (nc, nmap, tunnel) alias LSOF -L1 SSHD Find bash bounce shell php webshell scan jsp webshell scan asp / aspx webshell scan Detection of mining process rkhunter scan Usage Networking status: apt-get install silversearcher-ag yum -y install the_silver_searcher Offline status: Debian:dpkg -i…