ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Commands
  • SysV
  • Boot Process
  • Boot Levels
  • Systemd
  • Milestones (Runlevels)

Was this helpful?

  1. Linux
  2. System Ops
  3. System Info

Init System Identification

Identify the init system in use.

Commands

ps -p 1

Checks the PID 1 process. The name can indicate the init system (systemd, init, etc.).

ps -p 1 -o comm=

PID 1 CMD field only.

systemctl

Presence indicates systemd. If command runs, your system uses systemd.

systemctl --version

If present, usually indicates systemd.

stat /proc/1/exe

Displays info about the init process. Follow the symlink to see if it points to systemd, upstart, etc.

stat /sbin/init

Symbolic link to Upstart's process.

/proc/1/comm

Reads the process name of PID 1 directly from the kernel.

ls /sbin/init

Checks what /sbin/init points to. It can be a symlink to the actual init system like systemd or upstart.

ls /etc/init.d

Presence of scripts in /etc/init.d often suggests sysvinit or *Upstart.

ls /etc/init

Presence of upstart config files means it's Upstart.

initctl

If present, Upstart is likely.

lsb_release -a

Displays Linux distribution information, sometimes including init system type.

man init

Can reveal Init System.

Checks for a systemd-specific directory:

test -d /run/systemd/system && echo "systemd"

Shows location of init files (SysV, SystemD, Upstart, etc):

sudo ls -latr /proc/1/exe

Reading CMD Field for PID 1: systemd: systemd sysvinit: init Upstart: /sbin/init (symbolic link to Upstart's process)

SysV

Boot Process

BIOS

MBR - Finds and executes GRUB

GRUB - Select OS to run, loads kernel

Kernel - Once kernel connects to filesystem it moves to init phase

Init - kernel reads script /sbin/init. This script kicks off services. It looks in /etc/inittab for the initdefault entry (initdefault:3). Once it finds this level, it looks for the run scripts which are stored in /etc/rc.d OR /etc.

The scripts look like this:

/etc/rc.d/rc3.d OR /etc/rc3.d

Run - Once these scripts are done, the system is running.

Boot Levels

0 – Halt

1 – Single User

2 – Multi User (Without NFS or networking features)

3 – Multi User (Typically the default. Can have GUI, but most systems use run level 5 for that.)

4 – User Defined (Basically means if you want to create your own run level you can.)

5 – X11: A graphical protocol that allows you to have a GUI.

6 – Reboot

Systemd

Milestones (Runlevels)

poweroff.target SysV's Halt - 0

rescue.target recovery shell, single user-mode - 1

multiuser.target SysV's 2-4. Allows you to turn features off an of without restart

graphical.target GUI - 5

reboot.target Reboot - 6

runlevel - shows current runlevel.

PreviousPatches & UpdatesNextHostname / Host ID

Last updated 1 year ago

Was this helpful?

🐧