Remote Shell Commands for Linux Endpoints | Trend Micro Service Central

Views:

Use the available remote shell commands to investigate Linux endpoints.

Note

When specifying a file location, be aware that UNC paths are not supported.

Command

Description

Syntax

Example

Supported on

bashhistory

List command/bash history (/root/.bash_history)

bashhistory

cat

Output the specified content of the selected file (max size 1MB)

cat [--offset <offset>
                                    <size>] [--hex] <file_location_and_extension>

Note

For the <file_location_and_extension>, specify the absolute or relative path to the file, the file name, and the file extension.

Important

The following optional parameters are only available on endpoints with the XDR Endpoint Sentor.

--offset: Optional parameter to specify the start location in the file (in bytes)
--size: Optional parameter to specify the size of the output from the start location (in bytes).
--hex: Optional parameter to output binary file content in hexadecimal format.

To output the content of the example.txt file located in the current directory (/root/Downloads):

Downloads>cat example.txt
To output the content of the example.txt file located in the /root/temp directory:

Downloads>cat /root/temp/example.txt

XDR Endpoint Sensor

cd

Change the current working directory

cd <path>

Note

For the <path>, specify the absolute or relative path.

cd /root

XDR Endpoint Sensor

clear

Clear screen

clear

XDR Endpoint Sensor

env

List environment variables

env

fileinfo

List detailed file properties

fileinfo
                                    <file_location_and_extension>

To list the file properties of the example.txt file located in the current directory (/root/Downloads):

Downloads>fileinfo example.txt
To list the file properties of the example.txt file located in the /root/temp directory:

Downloads>fileinfo /root/temp/example.txt

get

Collect a specific file and upload to Trend Vision One

Maximum file size: 4 GB

get <file_location_and_extension>

To collect the file example.txt file in the current directory /Users/admin/Downloads :

Downloads>get example.txt
To collect the file example.txt file located in the /tmp directory:

Downloads>get /tmp/example.txt

XDR Endpoint Sensor

group list

List local group information

group list

help

Display help information

help

XDR Endpoint Sensor

ipconfig

Display network configuration information

ipconfig

XDR Endpoint Sensor

kill

Terminate a running process

kill <PID>

kill 1234

XDR Endpoint Sensor

listenports

List listening ports

listenports

ls

List contents of the directory

ls [-a] [-l] [path]

-a: Optional parameter that includes entries starting with .
-l: Optional parameter that displays output in long list format

Note

For the <path>, specify the absolute or relative path.

ls

XDR Endpoint Sensor

netstat

List network statistics and active connections

netstat

XDR Endpoint Sensor

ps

List running process information

ps

XDR Endpoint Sensor

pwd

Display current directory

pwd

XDR Endpoint Sensor

run

Execute a previously uploaded script

run <script_name_and_extension> [arguments]

run demo.sh 1 "22 33" 44

XDR Endpoint Sensor

scheduletasks

List scheduled tasks

scheduletasks

service list

List service information

service list

XDR Endpoint Sensor

systeminfo

List system information

systeminfo

XDR Endpoint Sensor

taskstatus

List status of response tasks created in the current session

taskstatus [--id=<task_id>]

<task_id>: Optional parameter to specify the identifier of the response task.

taskstatus [--id=RM-20241207-00025]

XDR Endpoint Sensor

user info

List account properties

user info <username>

Note

<username> supports the use of the UID (for example, "0" for the root account).

user info john_doe

XDR Endpoint Sensor

user list

List local user accounts

user list

XDR Endpoint Sensor