nmap
tool (in the package with the same name) will quickly identify Internet services hosted by a network connected machine without even requiring to log in to it. Simply call the following command on another machine connected to the same network:
$
nmap mirwiz
Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-29 14:41 CEST Nmap scan report for mirwiz (192.168.1.104) Host is up (0.00062s latency). Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 5666/tcp open nrpe 9999/tcp open abyss Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
ps auxw
displays a list of all processes with their user identity. By checking this information against the output of the who
or w
commands, which give a list of logged in users, it is possible to identify rogue or undeclared servers or programs running in the background. Looking at crontabs
(tables listing automatic actions scheduled by users) will often provide interesting information on functions fulfilled by the server (a complete explanation of cron
is available in Section 9.7, “Scheduling Tasks with cron
and atd
”).
/etc/
, but they may be located in a sub-directory of /usr/local/
. This is the case if a program has been installed from sources, rather than with a package. In some cases, one may also find them under /opt/
.
/etc/debian_version
, which usually contains the version number for the installed Debian system (it is part of the base-files package). If it indicates codename/sid
, it means that the system was updated with packages coming from one of the development distributions (either testing or unstable).
apt-show-versions
program (from the Debian package of the same name) checks the list of installed packages and identifies the available versions. aptitude
can also be used for these tasks, albeit in a less systematic manner.
/etc/apt/sources.list
file (and /etc/apt/sources.list.d/
directory) will show where the installed Debian packages likely came from. If many unknown sources appear, the administrator may choose to completely reinstall the computer's system to ensure optimal compatibility with the software provided by Debian.
sources.list
file is often a good indicator: the majority of administrators keep, at least in comments, the list of APT sources that were previously used. But you should not forget that sources used in the past might have been deleted, and that some random packages grabbed on the Internet might have been manually installed (with the help of the dpkg
command). In this case, the machine is misleading in its appearance of being a “standard” Debian system. This is why you should pay attention to any indication that will give away the presence of external packages (appearance of deb
files in unusual directories, package version numbers with a special suffix indicating that it originated from outside the Debian project, such as ubuntu
or lmde
, etc.).
/usr/local/
directory, whose purpose is to contain programs compiled and installed manually. Listing software installed in this manner is instructive, since this raises questions on the reasons for not using the corresponding Debian package, if such a package exists.
Table 3.1. Matching operating system and architecture
Operating System | Architecture(s) |
---|---|
DEC Unix (OSF/1) | alpha, mipsel |
HP Unix | ia64, hppa |
IBM AIX | powerpc |
Irix | mips |
OS X | amd64, powerpc, i386 |
z/OS, MVS | s390x, s390 |
Solaris, SunOS | sparc, i386, m68k |
Ultrix | mips |
VMS | alpha |
Windows 95/98/ME | i386 |
Windows NT/2000 | i386, alpha, ia64, mipsel |
Windows XP / Windows Server 2008 | i386, amd64, ia64 |
Windows RT | armel, armhf, arm64 |
Windows Vista / Windows 7-8-10 | i386, amd64 |