Commands Run by the SSH Probe

Last updated on: March 26th, 2021

The SSH probe runs an array of commands and parses the output from them. The exact set of commands depends slightly on the linux distribution or unix flavour identified.

vScope will attempt to run sudo if the setting always try without sudo first is not activated in the SSH credential. vScope will only attempt sudo once.

If the vScope user does not have sudo rights then you need allow access to the list of commands below to ensure that vScope is able to extract information about the target system.
List of commands

Amazon AWS

wget -T 5 -t 1 -q -O - http://169.254.169.254/latest/meta-data/instance-id

System serial numbers

cat /sys/class/dmi/id/product_serial
cat /sys/class/dmi/id/board_serial
cat /sys/class/dmi/id/product_uuid

CPU information

cat /proc/cpuinfo
sysctl

Storage system

camcontrol devlist
diskinfo -v
gpart show -p
fdisk -l
ls -ld /sys/block/sd*/device
grep "" /sys/class/scsi_host/host*/proc_name

File system

df
df -T
df -T -l
exportfs -v

Last system boot

who -b
cat /proc/uptime
sysctl kern.boottime
date

Last logins

last -w | egrep -i 'tty|pts'
last
LVM information
vgdisplay -v
vgdisplay
lvdisplay
pvdisplay
dmsetup ls

Memory

sysctl hw.physmem hw.pagesize vm.stats.vm.v_inactive_count vm.stats.vm.v_cache_count vm.stats.vm.v_free_count
free | grep -i 'mem'

Operating system

uname -a
uname -r
uname -o
uname -v
uname -n
ls -1 /etc/*-rel*
ls -1 /etc/*_ver*

Network

ip address show
ifconfig
netstat -rn
route -n
for i in `lanscan -i | awk '{print $1}'` ; do ifconfig $i ; done
lanscan -v

Software

dpkg -l
swlist -l bundle
rpm -qa --queryformat 'PACKAGE: %{NAME} | %{VERSION}-%{RELEASE} | %{VENDOR} | %{LICENSE} | %{GROUP} | %{SUMMARY} | %{INSTALLTIME} | %{URL}\n'
pkg_info
SSHd port config
grep '^Port' /etc/ssh/sshd_config

DNS

cat /etc/resolv.conf

Users and groups

cat /etc/passwd
cat /etc/group
cat /etc/shadow
cat /etc/shells

Active sessions

who
w

Leave a Reply