LinuxCheck: Linux information gathering tool
LinuxCheck is a small bash script for information collection, useful for emergency response on Debian and Centos systems.
Features
LinuxCheck [1] is a single script able to collect a large set of information:
- CPU TOP10, memory TOP10
- CPU usage
- boot time
- Hard disk space information
- User information, passwd information
- Environmental variable detection
- Service list
- System program changes (debsums -e and rpm -va)
- Network traffic statistics
- Network connection, listening port
- Open port
- Routing table information
- Route forwarding
- ARP
- DNS Server
- SSH login information
- SSH login IP
- iptables information
- SSH key detection
- SSH burst IP
- Crontab detection
- Crontab backdoor detection
- Find common configuration files
- Find common software
- Audit history files
- Querying HOSTS files
- lsmod exception kernel module
- Anomaly file detection (nc, tunnel, proxy common hacker tools)
- Large file detection (some large files packaged)
- Free space, hard disk mount
- Open port
- LD_PRELOAD detection
- LD_LIBRARY_PATH
- ld.so.preload
- NIC promiscuous mode
- Most used software
- Change the file mtime in the last 7 days
- Change the file ctime in the last 7 days
- View SUID file
- Find: hidden files
- Find sensitive files (nc, nmap, tunnel)
- alias
- LSOF -L1
- SSHD
- Find bash bounce shell
- php webshell scan
- jsp webshell scan
- asp / aspx webshell scan
- Detection of mining process
- rkhunter scan
Usage
First, install rkhunter and ag:
$ sudo apt purge silversearcher-ag rkhunter or, on centos: $ yum -y install the_silver_searcher rkhunter
Then, you can start the script directly from github:
bash -c "$(curl -sSL https://raw.githubusercontent.com/al0ne/LinuxCheck/master/LinuxCheck.sh)"