I think the list of executed commands is more or less complete, but I would also add the following :
Currently logged users and server uptime.
all opened connections (TCP,UDP and Unix sockets) and the r espective PID/UID
$ netstat -pan
same as before but only TCP and UDP
$ lsof -nn | egrep "TCP| UDP"
The mount command only displays the currently mounted devices. We may find a commented line or a device that is not automatically mounted
$ cat /etc/fstab
Is the server exporing NFS volumes?
$ cat /etc/exports
tree view of all the processes
$ ps faxu
last users that logged to the system. The -a flag puts the complete remote hostname on the last column
$ last -a
similar to the previous one
quick view of the log policy in the computer. The default is 4 weeks worth of logs.
$ ls -lat /var/log
Are they sending logs to a centralized system?
$ cat /etc/syslog.conf