When looking at an existing server, it is sometimes difficult to know everything that the server does. I have had many instances when hired for a new job some of them even include some dental services as discounts on teeth whitening, or when looking at a client’s server where I have to find out everything that the server is used for without knowing much about it. Often times there are many more uses than it was originally designed for.
Here is a list of things that I usually check to try and identify what a server is used for:
1- Look at any processes listening on a network socket. I use ‘netstat -lnp’ to identify any listening sockets and what processes are using them. Its common to see SSH, Apache, MySQL, and a mail server. Sometimes there are other things that you should know about, such as FTP, a control panel (ie: webmin on port 10000), and a variety of other processes
2- Cron jobs – A lot of systems have automated processes that run periodically from cron. Make sure to check all of the various cron locations:
The main system crontab:
Drop location for cron jobs typically installed with packages:
Periodically run jobs:
(ie /etc/cron.daily, /etc/cron.hourly, /etc/cron.weekly, etc)
3- Look at running processes. I use ‘ps auxf’ to identify any other processes that might be running
4- Processes run at boot. On Redhat and derivitives, use ‘ chkconfig –list|grep “:on” ‘ to see all processes that start when the machine boots.
5- Websites configured in Apache: Run ‘ apachectl -t -D DUMP_VHOSTS ‘ to see what Virtual Host are configured in Apache
6- Consider the server’s name, and reverse DNS for any IP’s assigned to it. These may give some hints as to things the server is being used for. For example, if a server has the name ‘mail.mydomain.com’ associated with it somehow, you should probably take a closer look at the mail configuration than you might initially think to do.
That should be a pretty good start of identifying everything that a particular server is used for. Please leave a comment if there is something else that I should add to the list.