Commands to learn about an unfamiliar system

a dual-use question! Either a Software Archaeologist or an Evil Hacker could use the answers to this question! Now, which am I?

I always used to use ps -ef versus ps -augxww to find out what I was on. Linux and System V boxes tended to like "-ef" and error on "-augxww", vice versa for BSD and old SunOS machines. The output of ps can let you know a lot as well.

If you can log in as root, and it's a Linux machine, you should do lsusb and lspci - that will get you 80% of the way towards knowing what the hardware situation is. dmesg | more can help you understand any current problems on just about anything.

It's beginning to be phased out, but doing ifconfig -a can usually tell you a lot about the network interfaces, and the networking. Running mii-tool and/or ethtool on the interfaces you see in ifconfig output that look like cabled ethernet can give you some info too.

Runnin ip route or netstat -r can be informative about Internet Protocol routing, and maybe something about in-use network interfaces.

A mount invocation can tell you about the disk(s) and how they're mounted.

Running uptime, and then last | more can tell you something about the current state of maintenance. Uptimes of 100+ days probably means "it's time to change the oil and fluids", metaphorically speaking. Running who is also

Looking at /etc/resolv.conf and /etc/hosts can tell you about the DNS setup of that machine. Maybe do nslookup or dig to see if DNS is mostly functional.

It's always worth watching what errors ("command not found") and what variants of commands ("ps -ef" vs "ps augxww") work to determine what variant of Unix or Linux or BSD you just ended up on.

The presence or absence of a C compiler, and where it lives is important. Do which cc or better, which -a cc to find them.

cat /etc/*release* is a nice command for getting an overview of which distro is running. might be handy to review, otherwise I usually poke around under /etc (accounts, init stuff, hints of OS flavor, etc) and crontab -l and look through the ps list for things to learn about.

Also "as root" is super scary, as I've had to fix systems where a Linux admin doing such an investigation set all the Solaris hostnames to -f.

Also df is a dangerous command, a great way to oh whoops hung on blocking I/O. So never run that until you've at least investigated the mounts, or know you can get another session open somehow.

Use very simple commands (uname, cd /etc; ls, cat, $PAGER) until you figure out what the host is, and if you're unfamiliar with it, check a rosetta or always read the man page before assuming some command or flag to a command does what it does on more popular systems.