SSH Collection Module Linux Command Reference
The following table contains the Linux command reference for the SSH Collection Model.
| Command | Privileged | Command Operation | Reason for Use |
|---|---|---|---|
| sudo true | Yes | Immediately returns successfully. | Used to validate access to the sudo utility. |
| uname -a | Returns all elements in the system utsname struct. | Used for a full descriptive string for the system. | |
| uname -s | Returns the operating system name. | Used for OS detection. | |
| uname -r | Returns the operating system release version. | Used for kernel version .detection | |
| uname -p | Returns the hardware platform type. | Used for system architecture detection. | |
| uname -m | Returns the hardware machine type. | Used for system architecture detection. | |
| uname -n | Returns the system hostname. | Used for hostname detection. | |
| cat /etc/os-release | Emits the contents of a file. | Used during OS distribution detection. | |
| cat /etc/oracle-release | Emits the contents of a file. | Used during OS distribution detection. | |
| cat /etc/redhat-release | Emits the contents of a file. | Used during OS distribution detection. | |
| find /etc -type f \ | grep -e '[-_]release$' -e '[-_]version$' | Finds files matching a search pattern. | |
| cat $file | Emits the contents of a file. | Used for to retrieve the contents of a distribution file discovered by the previous command. The filename must be recognized before operating on it. | |
| cat /proc/uptime | Emits the contents of a file. | Used to retrieve the system uptime. | |
| w -h | Returns details of logged in users. | Used to retrieve the number of current user sign ins. | |
| cat /proc/cpuinfo | Emits the contents of a file. | Used to retrieve CPU topology. | |
| cat /proc/meminfo | Emits the contents of a file. | Used to retrieve system memory size and utilization. | |
| ps axwww --no-headers -o pid,cputime,rsz,command | Returns details on running processes. | Used to retrieve a list of running processes. | |
| sudo LC_ALL=C ifconfig -a | Yes | Returns details on network interfaces. | Used to retrieve details on all network interfaces. |
| sudo ip -json address | Yes | Returns details on network interfaces. | Used to retrieve details on all network interfaces. Currently, this command is only executed if ifconfig is missing. |
| cat /sys/class/net/$interface/ifindex | Emits the contents of a file. | Used to retrieve the network interface index number, where $interface is the name of a previously collected network interface. | |
| cat /sys/class/net/$interface/operstate | Emits the contents of a file. | Used to retrieve the network interface physical state, where $interface is the name of a previously collected network interface. | |
| cat /sys/class/net/$interface/mtu | Emits the contents of a file. | Used to retrieve the network interface MTU, where $interface is the name of a previously collected network interface. | |
| cat /sys/class/net/$interface/speed | Emits the contents of a file. | Used to retrieve the network interface bps rate, where $interface is the name of a previously collected network interface. | |
| readlink /sys/class/net/$interface/device/driver/module | Canonicalizes the path of a symlink or file. | Used to retrieve the network interface driver, where $interface is the name of a previously collected network interface. | |
| lsblk -dnb --output NAME,MAJ:MIN,SIZE,MODEL | Returns details on disks and partitions. | Used to retrieve physical disk details | |
| sudo fdisk -l | Yes | Lists or configures disk partitions. | Used to retrieve physical disk details if lsblk is unavailable. |
| cat /sys/block/$device/device/model | Emits the contents of a file. | Used to retrieve the disk model string, if available, where $device is the name of a previously collected disk device. | |
| cat /proc/partitions | Emits the contents of a file. | Used to retrieve disk partition details. | |
| mount | Fallback | Lists mounted filesystems. | Used to retrieve a list of mounted filesystems. |
| sudo df -P | Yes | Lists filesystem utilization details. | Used to retrieve filesystem utilization details. |
| vmstat -w -S K 1 2 | Lists various system performance details. | Used to retrieve system performance details. It may be used without the -w flag for some systems. The command produces two metric reports with a one second wait between them. | |
| cat /proc/diskstats | Emits the contents of a file. | Used to retrieve disk performance details. | |
| sudo netstat --inet --inet6 -n -p -a -t | Yes | Lists open sockets. | Used to retrieve network connections. |
| sudo ss -n -p -t state established state listening | Yes | Lists open sockets. | Used to retrieve network connections. Currently, this command is only executed if netstat is missing. |
| cat /proc/net/dev | Emits the contents of a file. | Used to retrieve various network subsystem statistics. | |
| ls /sys/devices/virtual/dmi/id | Lists directory contents. | Used to check for the existence of hardware platform data using sysfs. | |
| cat /sys/devices/virtual/dmi/id/sys_vendor | Emits the contents of a file. | Used to retrieve the system hardware vendor from sysfs. | |
| cat /sys/devices/virtual/dmi/id/product_name | Emits the contents of a file. | Used to retrieve the system product name from sysfs. | |
| cat /sys/devices/virtual/dmi/id/product_version | Emits the contents of a file. | Used to retrieve the system product version from sysfs. | |
| sudo cat /sys/devices/virtual/dmi/id/product_serial | Yes | Emits the contents of a file. | Used to retrieve the system product serial number from sysfs. |
| sudo cat /sys/devices/virtual/dmi/id/product_uuid | Yes | Emits the contents of a file. | Used to retrieve the system product UUID from sysfs. |
| cat /sys/devices/virtual/dmi/id/chassis_vendor | Emits the contents of a file. | Used to retrieve the chassis vendor from sysfs. | |
| cat /sys/devices/virtual/dmi/id/chassis_version | Emits the contents of a file. | Used to retrieve the chassis version from sysfs. | |
| sudo cat /sys/devices/virtual/dmi/id/chassis_serial | Yes | Emits the contents of a file. | Used to retrieve the chassis serial number from sysfs. |
| cat /sys/devices/virtual/dmi/id/bios_vendor | Emits the contents of a file. | Used to retrieve the BIOS vendor from sysfs. | |
| cat /sys/devices/virtual/dmi/id/bios_version | Emits the contents of a file. | Used to retrieve the BIOS version from sysfs. | |
| cat /sys/devices/virtual/dmi/id/bios_date | Emits the contents of a file. | Used to retrieve the BIOS build date from sysfs. | |
| sudo dmidecode --type system | Yes | Retrieves hardware info from DMI. | Used to retrieve system hardware product information. |
| sudo dmidecode --type chassis | Yes | Retrieves hardware info from DMI. | Used to retrieve chassis hardware information. |
| sudo dmidecode --type bios | Yes | Retrieves hardware info from DMI. | Used to retrieve BIOS information. |
| sh -c "(rpm -qf /bin/sh >>/dev/null 2>&1 && echo rpm) \ | \ | (dpkg -S /bin/sh >>/dev/null 2>&1 && echo dpkg) \ | \ |
| rpm -qa --queryformat "META^\ | ^%{NAME}^\ | ^%{EPOCH}^\ | ^%{VERSION}^\ |
| dpkg-query --show --showformat='META^\ | ^${binary:Package}^\ | ^${Version}^\ | ^${db:Status-Abbrev}^\ |
| dpkg-query -S 'bin/' | Lists metadata for installed software packages. | Used to retrieve a list of executables installed on the system and the package that installed that executable for systems using dpkg as a package manager. |