When doing an audit of an existing Linux server a good first step is to find out what distribution is running and if the server is running a 32 or 64 bit architecture.
To find out what architecture a server is running you can run the uname command, which will print out certain system information. This must be supplied with the -a flag in order to print out as much information as possible.
This will print out a line similar to the following on an Ubuntu system.
Linux vlad 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
This can be broken down bit by bit and will contain the following information.
- Linux - This is the kernel name. This can also be printed on it's own using the -s or --kernel-name flags.
- vlad - This is the network node hostname, which can also be returned using the 'hostname' command. Printed using the -n or --nodename flags.
- 3.2.0-23-generic - This is the kernel release. Printed using the -r or --kernel-release flags.
- #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 - This is the kernel version. Printed using the -v or --kernel-version flags.
- x86_64 - This is the machine hardware name. Printed using the -m or --machine flags.
- x86_64 - This this is the processor type, which will either be the type of processor or 'unknown'. Printed using the -p or --processor flags.
- x86_64 - This is the hardware platform, which will either be the type of hardware platform or 'unknown'. Printed using the -i or --hardware-platform flags.
- GNU/Linux - This is the operating system. Printed using the -o or --operating-system flags.
The machine hardware name and the hardware platform are used to determine the system architecture. In the example above this is 64bit (denoted by x86_64). If these values read i686 or i386 then the architecture is 32 bit.
Instead of using 'uname -a' an alternative is to use the 'arch' command, or to look at the contents of the file /sbin/init file. Either way is fine, but I find the uname command prints out the information I need.
You'll notice from the above that we still don't know the distribution, although we can tell that it's an Ubuntu box. To find out the distribution and version of the system you are running you can look in the files that end in 'release' in the /etc/ directory. These files are different on every system so an alternative is to just print out the contents of any file that ends in 'release'. This will print out the distribution in a human readable format.
You can run both of these commands in succession by separating them with a double ampersand (&&).
$ uname -a && cat /etc/*release
When running the above command on a Ubuntu 12.04 system you would see output similar to the following.
$ uname -a && cat /etc/*release Linux vlad 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
Here an example of running the above command on a CentOS 6.5 server.
$ uname -a && cat /etc/*release Linux webserver2 2.6.32-358.23.2.el6.x86_64 #1 SMP Wed Oct 16 18:37:12 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux CentOS release 6.5 (Final) CentOS release 6.5 (Final) CentOS release 6.5 (Final)
This three line repeat is because, in CentOS, the /etc/redhat-release and /etc/system-release files are really symbolic links to the file /etc/centos-release.