Basic Tasks

What's happening on this machine?

Who's logged in?

w # show more info than who
who

 21:52:16 up 56 min,  1 user,  load average: 0.36, 0.53, 0.46
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
kl       tty7     :0               18:01    8:55m  9:59   0.04s /bin/sh /etc/xd

• FROM
◇ :0 means local
◇ if from remote machine, show ip address

• WHAT
◇ what is USER running

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Process Monitoring

• What is using the most cpu?
• Look for evil script. Search “.sh”

top
htop # need to install

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What ports are opened?

• If not running as root, PID/ program name will not be shown

sudo netstat -tupln

# t - tcp v4 v6
# u - udp v4 v6
# p - program using it
# l - include listening ports
# n - list numerically

Index