Created
September 20, 2019 19:39
-
-
Save droberson/7167d7cfd6b2caac6816ca84bf7cf4f8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
LOGFILE="volatile.log" | |
exectee () { | |
echo "[+] $@" | tee -a $LOGFILE | |
$@ | tee -a $LOGFILE | |
echo | tee -a $LOGFILE | |
} | |
date | tee $LOGFILE | |
echo | tee -a $LOGFILE | |
exectee uname -a | |
exectee id | |
exectee "cat /etc/*release*" | |
exectee ps faux | |
exectee service --status-all | |
exectee systemctl list-unit-files | |
exectee ifconfig -a | |
exectee netstat -anp | |
exectee iptables -L | |
exectee lsmod | |
exectee lsof | |
exectee w | |
exectee lastlog | |
exectee find /root/ /home/ -name authorized_keys -exec ls -l {} \; -exec cat {} \; | |
if [ -e /usr/bin/dpkg ]; then | |
exectee dpkg -l | |
echo "[+] Verifying .deb packages" | tee -a $LOGFILE | |
for pkg in $(dpkg -l |awk {'print $2'}); do | |
dpkg -V $pkg 2>/dev/null | tee -a $LOGFILE | |
done | |
fi | |
if [ -e /usr/bin/rpm ]; then | |
exectee rpm -qa | |
echo "[+] Verifying .rpm packages" |tee -a $LOGFILE | |
for pkg in $(rpm -qa); do | |
rpm -V $pkg | tee -a $LOGFILE | |
done | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment