SSH Collection Module Linux Command Reference
The following table contains the Linux command reference for the SSH Collection Model.
|
Command |
Privileged |
Command Operation |
Reason for Use |
|
sudo true |
Yes |
Immediately returns successfully. |
Used to validate access to the sudo utility. |
|
uname -a |
|
Returns all elements in the system utsname struct. |
Used for a full descriptive string for the system. |
|
uname -s |
|
Returns the operating system name. |
Used for OS detection. |
|
uname -r |
|
Returns the operating system release version. |
Used for kernel version .detection |
|
uname -p |
|
Returns the hardware platform type. |
Used for system architecture detection. |
|
uname -m |
|
Returns the hardware machine type. |
Used for system architecture detection. |
|
uname -n |
|
Returns the system hostname. |
Used for hostname detection. |
|
cat /etc/os-release |
|
Emits the contents of a file. |
Used during OS distribution detection. |
|
cat /etc/oracle-release |
|
Emits the contents of a file. |
Used during OS distribution detection. |
|
cat /etc/redhat-release |
|
Emits the contents of a file. |
Used during OS distribution detection. |
|
find /etc -type f | grep -e '[-_]release$' -e '[-_]version$' |
|
Finds files matching a search pattern. |
Used during distribution detection, to find distribution information files not listed using previous commands. |
|
cat $file |
|
Emits the contents of a file. |
Used for to retrieve the contents of a distribution file discovered by the previous command. The filename must be recognized before operating on it. |
|
cat /proc/uptime |
|
Emits the contents of a file. |
Used to retrieve the system uptime. |
|
w -h |
|
Returns details of logged in users. |
Used to retrieve the number of current user sign ins. |
|
cat /proc/cpuinfo |
|
Emits the contents of a file. |
Used to retrieve CPU topology. |
|
cat /proc/meminfo |
|
Emits the contents of a file. |
Used to retrieve system memory size and utilization. |
|
ps axwww --no-headers -o pid,cputime,rsz,command |
|
Returns details on running processes. |
Used to retrieve a list of running processes. |
|
sudo LC_ALL=C ifconfig -a |
Yes |
Returns details on network interfaces. |
Used to retrieve details on all network interfaces. |
|
sudo ip -json address |
Yes |
Returns details on network interfaces. |
Used to retrieve details on all network interfaces. Note:Currently, this command is only executed if ifconfig is missing. |
|
cat /sys/class/net/$interface/ifindex |
|
Emits the contents of a file. |
Used to retrieve the network interface index number, where $interface is the name of a previously collected network interface. |
|
cat /sys/class/net/$interface/operstate |
|
Emits the contents of a file. |
Used to retrieve the network interface physical state, where $interface is the name of a previously collected network interface. |
|
cat /sys/class/net/$interface/mtu |
|
Emits the contents of a file. |
Used to retrieve the network interface MTU, where $interface is the name of a previously collected network interface. |
|
cat /sys/class/net/$interface/speed |
|
Emits the contents of a file. |
Used to retrieve the network interface bps rate, where $interface is the name of a previously collected network interface. |
|
readlink /sys/class/net/$interface/device/driver/module |
|
Canonicalizes the path of a symlink or file. |
Used to retrieve the network interface driver, where $interface is the name of a previously collected network interface. |
|
lsblk -dnb --output NAME,MAJ:MIN,SIZE,MODEL |
|
Returns details on disks and partitions. |
Used to retrieve physical disk details |
|
sudo fdisk -l |
Yes |
Lists or configures disk partitions. |
Used to retrieve physical disk details if lsblk is unavailable. |
|
cat /sys/block/$device/device/model |
|
Emits the contents of a file. |
Used to retrieve the disk model string, if available, where $device is the name of a previously collected disk device. |
|
cat /proc/partitions |
|
Emits the contents of a file. |
Used to retrieve disk partition details. |
|
mount |
Fallback |
Lists mounted filesystems. |
Used to retrieve a list of mounted filesystems. |
|
sudo df -P |
Yes |
Lists filesystem utilization details. |
Used to retrieve filesystem utilization details. |
|
vmstat -w -S K 1 2 |
|
Lists various system performance details. |
Used to retrieve system performance details. It may be used without the -w flag for some systems. The command produces two metric reports with a one second wait between them. |
|
cat /proc/diskstats |
|
Emits the contents of a file. |
Used to retrieve disk performance details. |
|
sudo netstat --inet --inet6 -n -p -a -t |
Yes |
Lists open sockets. |
Used to retrieve network connections. |
|
sudo ss -n -p -t state established state listening |
Yes |
Lists open sockets. |
Used to retrieve network connections. Note:Currently, this command is only executed if netstat is missing. |
|
cat /proc/net/dev |
|
Emits the contents of a file. |
Used to retrieve various network subsystem statistics. |
|
ls /sys/devices/virtual/dmi/id |
|
Lists directory contents. |
Used to check for the existence of hardware platform data using sysfs. |
|
cat /sys/devices/virtual/dmi/id/sys_vendor |
|
Emits the contents of a file. |
Used to retrieve the system hardware vendor from sysfs. |
|
cat /sys/devices/virtual/dmi/id/product_name |
|
Emits the contents of a file. |
Used to retrieve the system product name from sysfs. |
|
cat /sys/devices/virtual/dmi/id/product_version |
|
Emits the contents of a file. |
Used to retrieve the system product version from sysfs. |
|
sudo cat /sys/devices/virtual/dmi/id/product_serial |
Yes |
Emits the contents of a file. |
Used to retrieve the system product serial number from sysfs. |
|
sudo cat /sys/devices/virtual/dmi/id/product_uuid |
Yes |
Emits the contents of a file. |
Used to retrieve the system product UUID from sysfs. |
|
cat /sys/devices/virtual/dmi/id/chassis_vendor |
|
Emits the contents of a file. |
Used to retrieve the chassis vendor from sysfs. |
|
cat /sys/devices/virtual/dmi/id/chassis_version |
|
Emits the contents of a file. |
Used to retrieve the chassis version from sysfs. |
|
sudo cat /sys/devices/virtual/dmi/id/chassis_serial |
Yes |
Emits the contents of a file. |
Used to retrieve the chassis serial number from sysfs. |
|
cat /sys/devices/virtual/dmi/id/bios_vendor |
|
Emits the contents of a file. |
Used to retrieve the BIOS vendor from sysfs. |
|
cat /sys/devices/virtual/dmi/id/bios_version |
|
Emits the contents of a file. |
Used to retrieve the BIOS version from sysfs. |
|
cat /sys/devices/virtual/dmi/id/bios_date |
|
Emits the contents of a file. |
Used to retrieve the BIOS build date from sysfs. |
|
sudo dmidecode --type system |
Yes |
Retrieves hardware info from DMI. |
Used to retrieve system hardware product information. |
|
sudo dmidecode --type chassis |
Yes |
Retrieves hardware info from DMI. |
Used to retrieve chassis hardware information. |
|
sudo dmidecode --type bios |
Yes |
Retrieves hardware info from DMI. |
Used to retrieve BIOS information. |
|
sh -c "(rpm -qf /bin/sh >>/dev/null 2>&1 && echo rpm) || (dpkg -S /bin/sh >>/dev/null 2>&1 && echo dpkg) || echo none" |
|
Queries for installed package metadata. |
Used to detect a system's primary package manager by querying for the owner of the /bin/sh file. |
|
rpm -qa --queryformat "META^|^%{NAME}^|^%{EPOCH}^|^%{VERSION}^|^%{RELEASE}^|^%{SUMMARY}\n[%{FILENAMES}\n]/ / /\n"|grep -E '^META\^\|\^|^/ / /$|^/.*bin/' |
|
Lists metadata for installed software packages. |
Used to retrieve a complete list of installed packages and their executables for systems using rpm as a package manager. |
|
dpkg-query --show --showformat='META^|^${binary:Package}^|^${Version}^|^${db:Status-Abbrev}^|^${binary:Summary}\n' |
|
Lists metadata for installed software packages. |
Used to retrieve a complete list of installed packages for systems using dpkg as a package manager. |
|
dpkg-query -S 'bin/' |
|
Lists metadata for installed software packages. |
Used to retrieve a list of executables installed on the system and the package that installed that executable for systems using dpkg as a package manager. |