Commands to learn about an unfamiliar system
a dual-use question! Either a Software Archaeologist or an Evil Hacker could use the answers to this question! Now, which am I?
I always used to use
ps -ef versus
ps -augxww to find out what I was on. Linux and System V boxes tended to like "-ef" and error on "-augxww", vice versa for BSD and old SunOS machines. The output of
ps can let you know a lot as well.
If you can log in as root, and it's a Linux machine, you should do
lspci - that will get you 80% of the way towards knowing what the hardware situation is.
dmesg | more can help you understand any current problems on just about anything.
It's beginning to be phased out, but doing
ifconfig -a can usually tell you a lot about the network interfaces, and the networking. Running
ethtool on the interfaces you see in
ifconfig output that look like cabled ethernet can give you some info too.
ip route or
netstat -r can be informative about Internet Protocol routing, and maybe something about in-use network interfaces.
mount invocation can tell you about the disk(s) and how they're mounted.
uptime, and then
last | more can tell you something about the current state of maintenance. Uptimes of 100+ days probably means "it's time to change the oil and fluids", metaphorically speaking. Running
who is also
/etc/hosts can tell you about the DNS setup of that machine. Maybe do
nslookup google.com or
dig bing.com to see if DNS is mostly functional.
It's always worth watching what errors ("command not found") and what variants of commands ("ps -ef" vs "ps augxww") work to determine what variant of Unix or Linux or BSD you just ended up on.
The presence or absence of a C compiler, and where it lives is important. Do
which cc or better,
which -a cc to find them.
cat /etc/*release* is a nice command for getting an overview of which distro is running.
http://bhami.com/rosetta.html might be handy to review, otherwise I usually poke around under
/etc (accounts, init stuff, hints of OS flavor, etc) and
crontab -l and look through the
ps list for things to learn about.
Also "as root" is super scary, as I've had to fix systems where a Linux admin doing such an investigation set all the Solaris hostnames to
df is a dangerous command, a great way to oh whoops hung on blocking I/O. So never run that until you've at least investigated the mounts, or know you can get another session open somehow.
Use very simple commands (
cd /etc; ls,
$PAGER) until you figure out what the host is, and if you're unfamiliar with it, check a rosetta or always read the man page before assuming some command or flag to a command does what it does on more popular systems.