Remote Shell Commands for Linux Endpoints

Use the available remote shell commands to investigate Linux endpoints.

Command

Description

Syntax

Example

Supported on

bashhistory

List command/bash history (/root/.bash_history)

bashhistory

bashhistory

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

cat

Output the specified content of the selected file (max size 1MB)

cat [--offset <offset> <size>] [--hex] <file_location_and_extension>

Note:

For the <file_location_and_extension>, specify the absolute or relative path to the file, the file name, and the file extension.

Important:

The following optional parameters are only available on endpoints with the XDR Endpoint Sentor.

  • --offset: Optional parameter to specify the start location in the file (in bytes)

  • --size: Optional parameter to specify the size of the output from the start location (in bytes).

  • --hex: Optional parameter to output binary file content in hexadecimal format.

  • To output the content of the example.txt file located in the current directory (/root/Downloads):

    Downloads>cat example.txt

  • To output the content of the example.txt file located in the /root/temp directory:

    Downloads>cat /root/temp/example.txt

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

cd

Change the current working directory

cd <path>

Note:

For the <path>, specify the absolute or relative path.

cd /root

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

clear

Clear screen

clear

clear

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

env

List environment variables

env

env

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

fileinfo

List detailed file properties

fileinfo <file_location_and_extension>

  • To list the file properties of the example.txt file located in the current directory (/root/Downloads):

    Downloads>fileinfo example.txt

  • To list the file properties of the example.txt file located in the /root/temp directory:

    Downloads>fileinfo /root/temp/example.txt

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

get

Collect a specific file and upload to Trend Micro Vision One

Maximum file size: 4 GB

get <file_location_and_extension>

  • To collect the file example.txt file in the current directory /Users/admin/Downloads :

    Downloads>get example.txt

  • To collect the file example.txt file located in the /tmp directory:

    Downloads>get /tmp/example.txt

  • XDR Endpoint Sensor

group list

List local group information

group list

group list

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

help

Display help information

help

help

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

ipconfig

Display network configuration information

ipconfig

ipconfig

  • XDR Endpoint Sensor

kill

Terminate a running process

kill <PID>

kill 1234

  • XDR Endpoint Sensor

listenports

List listening ports

listenports

listenports

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

ls

List contents of the directory

ls [-a] [-l] [path]

  • -a: Optional parameter that includes entries starting with .

  • -l: Optional parameter that displays output in long list format

Note:

For the <path>, specify the absolute or relative path.

ls

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

netstat

List network statistics and active connections

netstat

netstat

  • XDR Endpoint Sensor

ps

List running process information

ps

ps

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

pwd

Display current directory

pwd

pwd

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

run

Execute a previously uploaded script

run <script_name_and_extension> [arguments]

run demo.sh 1 "22 33" 44

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

scheduletasks

List scheduled tasks

scheduletasks

scheduletasks

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

service list

List service information

service list

service list

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

systeminfo

List system information

systeminfo

systeminfo

  • XDR Endpoint Sensor

user info

List account properties

user info <username>

Note:

<username> supports the use of the UID (for example, "0" for the root account).

user info john_doe

  • XDR Endpoint Sensor

user list

List local user accounts

user list

user list

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)
Parent topic: Start Remote Shell Session Task