paperlined.org
rosetta_stone > os
document updated 6 days ago, on Feb 13, 2025

the first time you log into a Linux/Unix server

What network ports are active?

List all public listening TCP/UDP ports:

lsof -iTCP -sTCP:LISTEN -P -n

netstat -n -l -p | awk '/UNIX domain/{exit} !/127\.0\.0\.1|:.* 0\.0\.0\.0/{print}'

(for systems that don't have this installed (?!? why would you not have the net-tools package installed??), perhaps use Perl's Linux::Proc::Net::TCP)

List all currently-active TCP connections:

lsof -iTCP -sTCP:ESTABLISHED

What files are open?

lsof -Fn / | sed '/n/!d; s/^n//' | sort | uniq | xargs ls -1dF -- — list all currently-open files

inotifywaitstats /var/log — gather statistics about frequently-updated log files

tree -fDrt /var/log — list recently-updated log files

find /var/log -mmin -120 -type f | xargs ls -lrtF -- — list recently-updated log files

TODO — it might be nice to have something like service --status-all that 1) uses ANSI colors to make it easier to skim, 2) works with both SystemV and systemd [2], 3) is also able to auto-magically figure out 3a) any uids dedicated to that service, 3b) public listening ports for that service, and 3c) maybe even uses lsof to try to auto-magically determine top-level directories that might be used solely by that service. (TODO — any chance something like this exists already?)

What processes are running?

ps auxf — process tree

per-process information

List basic info:

lsof -p 999 — list open files

TODO: There's now a tool to record per-process information to tcpdump logs. Try this! (it does require a newer Linux kernel ≥5.2, that was compiled with BPF and BTF support.