Cheat sheet untuk linux server reconnaissance untuk mengumpulkan informasi tentang system, network, dan security. Ini dapat berguna untuk troubleshooting, audits, atau initial setup checks.
| Command |
Description |
uname -a |
Show kernel version and system architecture. |
hostnamectl |
Display hostname and OS details. |
lsb_release -a |
Show distribution-specific information. |
uptime |
Check system uptime. |
whoami |
Display current user. |
id |
Show user ID, group ID, and groups. |
last |
Display login history. |
dmesg | tail |
Show log kernel |
cat /etc/os-release |
View OS release information. |
vmstat |
Check system performance metrics. |
¶ CPU, Memory, and Disk
| Command |
Description |
top / htop |
Real-time process monitoring. |
free -h |
Display memory usage in human-readable format. |
df -h |
Show disk space usage of all mounted partitions. |
du -sh /path/to/dir |
Show disk usage of a specific directory. |
lsblk |
Display information about block devices. |
iostat |
CPU, device, and I/O statistics. |
lscpu |
Display CPU architecture info. |
cat /proc/cpuinfo |
Detailed CPU information. |
cat /proc/meminfo |
Detailed memory info. |
smartctl -a /dev/sdX |
Check SMART status of a disk (install smartmontools). |
| Command |
Description |
ip a or ifconfig |
Show network interfaces and their IP addresses. |
ip r or route -n |
Display routing table. |
ss -tuln or netstat -tuln |
Show listening ports and services. |
ping <IP/hostname> |
Check connectivity to a host. |
traceroute <IP/hostname> |
Trace route to a host. |
curl -I http://example.com |
Fetch HTTP headers of a website. |
nslookup <hostname> / dig |
Query DNS information. |
tcpdump -i eth0 |
Capture network packets on interface eth0. |
nmap -sS <IP> |
Scan for open ports on a server (install nmap). |
¶ User and Permissions
| Command |
Description |
who |
Show logged-in users. |
w |
Display who is logged in and what they are doing. |
cat /etc/passwd |
List system users. |
cat /etc/group |
List user groups. |
sudo -l |
Show allowed sudo commands for current user. |
find / -perm 4000 |
Find all SUID binaries. |
getfacl /path/to/file |
View ACL permissions of a file. |
¶ Services and Processes
| Command |
Description |
ps aux |
Display all running processes. |
systemctl list-units --type=service |
List all services and their statuses. |
service --status-all |
Show status of all services (older distros). |
journalctl -u <service> |
View logs for a specific service. |
crontab -l |
List cron jobs for current user. |
cat /etc/crontab |
Show system-wide cron jobs. |
| Command |
Description |
dpkg -l / rpm -qa |
List installed packages (Debian/RedHat). |
apt list --installed |
List installed packages with APT. |
which <command> |
Show path of a command. |
history |
Display shell command history. |
pip list |
Show installed Python packages. |
| Command |
Description |
journalctl |
Show all logs (systemd systems). |
journalctl -p err |
Show error-level logs. |
tail -f /var/log/syslog |
Real-time system logs (Debian/Ubuntu). |
tail -f /var/log/messages |
Real-time system logs (RedHat/CentOS). |
cat /var/log/auth.log |
View authentication logs. |
¶ Security and Firewall
| Command |
Description |
ufw status |
Show firewall rules (Ubuntu/Debian with UFW). |
iptables -L |
List iptables rules. |
auditctl -l |
Show audit rules. |
chkconfig --list |
List services and their run-level info. |
fail2ban-client status |
Check Fail2Ban status (if installed). |