name: Security Recon

on:
  push:
    branches:
      - security-audit

jobs:
  recon:
    runs-on: ubuntu-latest
    steps:
      - name: Recon
        shell: bash
        run: |
          set +e
          set +o pipefail
          echo "=== WHOAMI ===" ; whoami ; id
          echo "=== UNAME ===" ; uname -a
          echo "=== OS RELEASE ===" ; cat /etc/os-release 2>/dev/null
          echo "=== HOSTNAME ===" ; hostname
          echo "=== CAPABILITIES ===" ; grep -i cap /proc/self/status
          echo "=== CGROUP ===" ; cat /proc/1/cgroup 2>/dev/null
          echo "=== MOUNT ===" ; mount 2>/dev/null
          echo "=== DOCKER SOCKET ===" ; ls -la /var/run/docker.sock 2>/dev/null ; echo "exit: $?"
          echo "=== DOCKER CLI ===" ; which docker 2>/dev/null ; docker ps 2>&1 ; echo "exit: $?"
          echo "=== FDISK ===" ; fdisk -l 2>/dev/null
          echo "=== LSBLK ===" ; lsblk 2>/dev/null
          echo "=== DEVICES ===" ; ls -la /dev/ 2>/dev/null | head -50
          echo "=== IP ADDR ===" ; ip addr 2>/dev/null
          echo "=== IP ROUTE ===" ; ip route 2>/dev/null
          echo "=== TOOLS ==="
          which nsenter 2>/dev/null ; echo "nsenter: $?"
          which chroot 2>/dev/null ; echo "chroot: $?"
          echo "=== SUID ===" ; find / -perm -4000 -type f 2>/dev/null | head -20
          echo "=== PS ===" ; ps aux 2>/dev/null
          echo "=== PID1 ===" ; cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' ; echo
          echo "=== PROC COUNT ===" ; ls /proc/*/cmdline 2>/dev/null | wc -l
          echo "=== DONE ==="
          exit 0