nmap
工具 (在同名软件包中) 可以在未登录的前提下,快速地探测一台线上机器上运行着哪些互联网服务。只需在连接到同一网络的另一台计算机上调用以下命令:
$
nmap mirwiz
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-20 00:15 CEST Nmap scan report for mirwiz (192.168.1.104) Host is up (0.00062s latency). Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 5666/tcp open nrpe 9999/tcp open abyss Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
ps auxw
指令可以显示所有进程及其所属用户的列表。再对比 who
或 w
命令输出的登录用户名单,就可以找到在后台运行的流氓程序、未声明的服务或程序。使用 crontabs
(显示用户定期执行程序的时程表)可以查看服务器提供的服务信息(cron
的完整说明在 第 9.7 节 “使用 cron
和 atd
运行计划任务”)。
/etc/
文件夹内,有时也放在 /usr/local/
的子文件夹里。比如源码安装的程序,配置档就会放在前述的子文件夹内,有时候也被放在 /opt/
。
/etc/debian_version
,它通常包括 Debian 系统的版本号 (它是 base-files 软件包的一部分)。若该文件以 代码/sid
方式呈现,则表示此系统从开发版本(测试版或不稳定版)发行版获取软件包更新。
apt-show-versions
程序 (来自 Debian 同名软件包) 检查已安装软件包的列表并标识可用的版本。aptitude
程序可以做到同样的工作,但是不是特别系统化。
/etc/apt/sources.list
文件(以及 /etc/apt/sources.list.d/
目录)可看到已安装 Debian 软件包的来源。若出现不明来源,管理员可能要选择重新安装电脑系统确保其软件与 Debian 兼容。
sources.list
file is often a good indicator: the majority of administrators keep, at least in comments, the list of APT sources that were previously used. But you should not forget that sources used in the past might have been deleted, and that some random packages grabbed on the Internet might have been manually installed (with the help of the dpkg
command). In this case, the machine is misleading in its appearance of being a “standard” Debian system. This is why you should pay attention to any indication that will give away the presence of external packages (appearance of deb
files in unusual directories, package version numbers with a special suffix indicating that it originated from outside the Debian project, such as ubuntu
or lmde
, etc.). Below are two examples, showcasing unusual version suffixes and a third-party package without a source.
$
dpkg -l
Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=============================-==============================-============-=================== [..] ii docker-buildx-plugin 0.14.0-1~debian.12~bookworm amd64 Docker Buildx cli plugin. ii docker-ce 5:26.1.3-1~debian.12~bookworm amd64 Docker: the open-source application container engine ii docker-ce-cli 5:26.1.3-1~debian.12~bookworm amd64 Docker CLI: the open-source application container engine ii docker-ce-rootless-extras 5:26.1.3-1~debian.12~bookworm amd64 Rootless support for Docker. [..]
$
apt-show-versions | grep No
hc-utils:all 0.0.4-1 installed: No available version in archive
/usr/local/
目录的内容,这里应当存放手动编译和安装的程序。这里安装的软件列表值得考究,出于某种原因使用者没有选择对应的 Debian 软件包。
表 3.1. 操作系统与架构对照表
操作系统 | 架构 |
---|---|
DEC Unix (OSF/1) | alpha, mipsel |
HP Unix | ia64, hppa |
IBM AIX | powerpc |
Irix | mips |
OS X | amd64, powerpc, i386 |
z/OS, MVS | s390x, s390 |
Solaris, SunOS | sparc, i386, m68k |
Ultrix | mips |
VMS | alpha |
Windows 95/98/ME | i386 |
Windows NT/2000 | i386, alpha, ia64, mipsel |
Windows XP / Windows Server 2003-2008 | i386, amd64, ia64 |
Windows RT | armel, armhf, arm64 |
Windows Vista / Windows 7-8-10-11 / Windows Server 2010- | amd64 |