Below is a quick reference to the most useful commands and techniques for a Linux sysadmin:
List of useful commands:
sudo lsof -i # view running processes and their listening ports, command must be in context of sudo to return all results
man <applicationName> # view the manual of certain application
help <[switches] commandName> # view the quick help menu of an application
netstat # shows network connections -a (all tcp/udp), -l (listening ports), -at (all tcp), -u (udp), -n (show names instead of ips)
traceroute - equivalent to Windows tracert
mtr - My Trace Route, equivalent to Windows pathping
nc -zv 127.0.0.1 <port-range> # test connection to a local or remote host on certain ports
curl # send get command to URL: -I (retrieve header), -X POST --data "u=username&p=password" (execute post command, flag contains data), -o file.html (save to a file)
env # show environmental variables: printenv <var> (print), export <var>=<value> (change, non-persistent), vi .bashrc (set changes), source .bashrc (pull stored env configs), vi /etc/environment (make changes for all users)
whoami # show current username
rmdir # remove directory
tail # shows just the last 10 lines of file
man # display manual
rm # remove item (e.g. rm -r -v ~/.config/google-chrome && rm -r -v ~/.cache/google-chrome)
date # shows current date and time
clear # clear terminal
touch # create a file
cat # read file
pwd # get current path
less # is the better more command
ls # list contents
mv # move or change file name
echo # printout to terminal
cd # change directory
cp # copy
wc # word count
mkdir # make directory
head # shows first 10 lines
sort # sort a stream or text file
uniq # remove duplicates or show only uniques
diff # shows differences between 2 files or streams
find # search live (without using indexed db)
grep # search from file or stream
du -h # disk usage information in human readable format
df # disk free
history # list previous commands
ps # process status, use with -aux to show more info about processes
top # show top processes
kill <pid> # kill a process by its pid
killall <processname> # kill all processes matching name
jobs # display current jobs
fg # switch background job into foreground
bg # switch foreground job into background
sleep # pause for a number of seconds
gzip # uses gzip with -f (force), -r (compress recursively), -d (decompress), -[1-9] (compression level)
gunzip # uses the smarter gunzip with -f (force), -c (view-only), -k (keep original zip after uncompressed), -r (recurse), -v (verbose), -d (decompress)
tar # create a tarball: cvzf (compress) vs xvzf (extract)
nano # text editor, most common
alias k='kubectl' # create an alias command basing on another command or script
xargs # accept output of a stream as arguments of a command. Example: echo 'one two three' | xargs mkdir
ln # create a hard link, use -s for symlink
who # shows all current users and sessions
su # switch user account
sudo # enter root context
passwd # change password of a user
chown # change ownership of an item
chmod # modify permissions of an item
# How to discover OS version
cat /etc/os-release
# How to get kernel version
uname -r
cat /proc/version
hostnamectl | grep Kernel
# Add a user
adduser user2 -g <groupname> # create new user and set its group membership
sudo passwd user2 # change password of user
# modify a user
sudo usermod -aG <groupname>,<group2> user2 # add user to more [non-primary] groups
sudo usermod -ag <groupname> user2 # change user's primary group
usermod -s /dev/null user2 # send user logon sessions to the black hole
usermod -d /home/user2newhome --move-home user2 # move a user's home directory
usermod -l <newusername> <oldusername>
usermod -L user2 # lock a user account
usermod -U user2 # unlock a user account
chage -l user2 # check age of user account
# Remove user
userdel -r user2
# groups management
groups <username> # get membership of user
groupadd sales
groupmod -n sales_new sales # change the group name
groupmod -gid GID <groupname> # change group ID
groupdel sales_new
# commands to check logins
whoami
id <username>
who
what
pinky (replacement of finger command)
last
# password database
- users: /etc/passwd
- passwords: /etc/shadow
- groups: /etc/group
- group passwords: /etc/gshadow
# Edit users file
sudo vipw
# Edit shadow file
sudo vipws
# User Profiles
# System-wide
- /etc/environment
- /etc/bash.bashrc
- /etc/bashrc
- /etc/profile
# personal profiles
- /home/username/.bashrc
- /home/username/.profile
- /home/username/.bash-profile
# Jobs management
ping google.com & # run a command and put into background
jobs # check jobs
ping google.com ... then [control-Z] to suspend job and put into background
bg [job number] # put background job into running status
fg [job number] # bring job into foreground
[control-Z] to halt job
nohup ping localhost & # run jobs in the background and detach from current session
nohup ping localhost >/dev/null 2>&1 :Send standard output to /dev/null, plus sending standard errors (code 2) to same destination (which is also /dev/null).
# Search devices
# ls commands
lsblk # list block storage (hard drives, DVD-rom, usb-drive)
lscpu # show cpu info
lsdev # show devices
lspci # show all PCI devices
lsusb # show usb devices
# kernel messages
dmesg
# where to find kernel & device info
/proc/ # original container for process
/sys/ # new folder to contain kernel info
/dev/ # system devices
# use cache database to look for files
sudo updatedb # update name index database prior to issuing command
locate file.txt # use indexed database to search for files
locate sshd.service # more common to search for expected libraries
# File viewing
touch
less
more
tail
cat file.txt | grep searchstring
grep searchstring file.txt
# command redirects
- STDOUT: >
- STDIN: < or |
- STDERR: 2>
- /dev/null 2>&1 : STDERR redirect to STDOUT of preceeding location (blackhole)
# command to manipulate files and streams
cat textfile.txt | tee textfile_copy.txt # STDOUT and output to a file or console
echo "newfolder" | xargs mkdir # takes STDIN as arguments and then execute
echo "test" > /dev/null > 2>&1 # send stream and errors to the void
printf '4\n1\n2\n3\n'|sort # sort the output
cut -c 1 textfile.txt # show the 1st character in each line
paste file1.txt file2.txt > joined.txt
wc -m file1.txt # display the characters count of file
awk '{print $1}' file1.txt # print first word of each line
echo "searchword other" | sed s/searchword/replaceword/g # search and replace
# soft-links and hard-links
ln -s file1.txt file1_shortcut.txt
ln file1_hardlink.txt file1.txt
find ~ -samefile file1.txt # look in user directory for files with same pointer to storage location as file1.txt
ls -li # list files with inode info
# search for file in real-time
find . -name file.txt # look in current location for file matching name
find / -name *file.txt* 2> /dev/null # redirect errors into void to show only matching results
# secure copy using scp
scp user1@linuxbox:/home/user1/testfile.txt ~/ # Get 1 file
scp testfile.txt user1@linuxbox:/home/user1/ # Put 1 file
# Network copying using rsync
rsync -av user1@linuxbox:/home/user1 . # get files recursively
rsync -av /home/user1/Desktop user1@linuxbox:/home/user1/Desktop # Put files
# Debian/Ubuntu runlevels
0 = halt
1 = single user mode
2 = full, multi-user mode [with GUI if installed]
3-5 unused
6 = Reboot
# Redhat/Centos runlevels
0 = halt (systemd boot target: poweroff)
1 = single user mode (rescue)
2 = multi-user, no network
3 = multi-user, with network (multi-user)
4 = unused
5 = multi-user with GUI (graphical)
6 = Reboot (reboot)
# systemd boot targets
poweroff
rescue
multi-user
graphical
reboot
# change runlevel
runlevel # check current runlevel
telinit 6 # reboot
vi /etc/inittab # edit default runlevels
# change boot targets
systemctl get-default # view default mode
systemctl set-default multi-user.target # change the boot target, effective on next reboot
systemctl isolate multi-user # switch to mode immediately
# systemd commands to control services
systemctl status kubelet
systemctl disable kubelet # change bootup status
systemctl enable kubelet
systemctl start kubelet
systemctl stop kubelet
# service commands
service httpd start
service httpd stop
service httpd status
chkconfig --list httpd # check config of service on runlevels
chkconfig httpd on # turn service on runlevels 2-5
chkconfig --level 1 httpd on # turn service on at specific runlevel
# Cron
# search for pre-made cron files
root@linuxbox:/$ cd /etc && ls -d -1 "$PWD/"**|grep cron
/etc/cron.d
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/crontab
/etc/cron.weekly
# format: minute hour day-of-month month day-of-week
crontab -e # edit personal crontab
# add lines to run scheduled tasks
* * * * * echo "something" # every minute
*/15 * * * * echo "something" # every 15 minutes
30 12 9-15 * 2 echo "something" # every 2nd Tuesday of each month at 12:30am
# delayed execution using at daemon
at now +1 hour # run something 1 hour from now
# printing with CUPS
web GUI is located at http://localhost:631
"Print this line" | lpr # send test to printer
lpr textfile.txt # print text file
lpq # list running print jobs
lprm [jobId] # remote a print job
# How to mount drives
# check drives
# scan for usb drives
user1@linuxbox:~$ lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 136b:2300 STEC FlashLink All-in-One Reader
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 18a5:0302 Verbatim, Ltd Flash Drive # this is the USB drive being plugged in
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
user1@linuxbox:~$ usb-devices
T: Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=480 MxCh= 9
D: Ver= 2.00 Cls=09(hub ) Sub=00 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=1d6b ProdID=0002 Rev=05.04
S: Manufacturer=Linux 5.4.0-132-generic xhci-hcd
S: Product=xHCI Host Controller
S: SerialNumber=0000:12:00.0
C: #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#=0x0 Alt= 0 #EPs= 1 Cls=09(hub ) Sub=00 Prot=00 Driver=hub
T: Bus=01 Lev=01 Prnt=01 Port=07 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=18a5 ProdID=0302 Rev=02.00
S: Manufacturer=Verbatim
S: Product=STORE N GO
S: SerialNumber=7716151047687633054
C: #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=100mA
I: If#=0x0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
kim@linux03:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 931.5G 0 disk
└─sda1 8:1 0 931.5G 0 part
└─md0 9:0 0 1.8T 0 raid10 /
sdb 8:16 0 931.5G 0 disk
└─sdb1 8:17 0 931.5G 0 part
└─md0 9:0 0 1.8T 0 raid10 /
sdc 8:32 1 29.8G 0 disk
├─sdc1 8:33 1 512M 0 part /boot/efi
└─sdc2 8:34 1 29.3G 0 part /
sdf 8:80 0 931.5G 0 disk
└─sdf1 8:81 0 931.5G 0 part
└─md0 9:0 0 1.8T 0 raid10 /
sdg 8:96 0 931.5G 0 disk
└─sdg1 8:97 0 931.5G 0 part
└─md0 9:0 0 1.8T 0 raid10 /
sdh 8:112 1 14.5G 0 disk # this is matching the expected usb drive
└─sdh1 8:113 1 14.5G 0 part
user1@linux01:/$ udevadm info /dev/sdh
P: /devices/pci0000:00/0000:00:01.2/0000:12:00.0/usb1/1-8/1-8:1.0/host10/target10:0:0/10:0:0:0/block/sdh
N: sdh
L: 0
S: disk/by-path/pci-0000:12:00.0-usb-0:8:1.0-scsi-0:0:0:0
S: disk/by-id/usb-Verbatim_STORE_N_GO_7716151047687633054-0:0
E: DEVPATH=/devices/pci0000:00/0000:00:01.2/0000:12:00.0/usb1/1-8/1-8:1.0/host10/target10:0:0/10:0:0:0/block/sdh
E: DEVNAME=/dev/sdh
E: DEVTYPE=disk
E: MAJOR=8
E: MINOR=112
E: SUBSYSTEM=block
E: USEC_INITIALIZED=4395690127950
E: SCSI_TPGS=0
E: SCSI_TYPE=disk
E: SCSI_VENDOR=Verbatim
E: SCSI_VENDOR_ENC=Verbatim
E: SCSI_MODEL=STORE_N_GO
E: SCSI_MODEL_ENC=STORE\x20N\x20GO\x20\x20\x20\x20\x20\x20
E: SCSI_REVISION=2.00
E: ID_SCSI=1
E: ID_SCSI_INQUIRY=1
E: ID_VENDOR=Verbatim
E: ID_VENDOR_ENC=Verbatim
E: ID_MODEL=STORE_N_GO
E: ID_MODEL_ENC=STORE\x20N\x20GO\x20\x20\x20\x20\x20\x20
E: ID_REVISION=2.00
E: ID_TYPE=disk
E: MPATH_SBIN_PATH=/sbin
E: ID_VENDOR_ID=18a5
E: ID_MODEL_ID=0302
E: ID_SERIAL=Verbatim_STORE_N_GO_7716151047687633054-0:0
E: ID_SERIAL_SHORT=7716151047687633054
E: ID_INSTANCE=0:0
E: ID_BUS=usb
E: ID_USB_INTERFACES=:080650:
E: ID_USB_INTERFACE_NUM=00
E: ID_USB_DRIVER=usb-storage
E: ID_PATH=pci-0000:12:00.0-usb-0:8:1.0-scsi-0:0:0:0
E: ID_PATH_TAG=pci-0000_12_00_0-usb-0_8_1_0-scsi-0_0_0_0
E: ID_PART_TABLE_UUID=0112df30
E: ID_PART_TABLE_TYPE=dos
E: DEVLINKS=/dev/disk/by-path/pci-0000:12:00.0-usb-0:8:1.0-scsi-0:0:0:0 /dev/disk/by-id/usb-Verbatim_STORE_N_GO_7716151047687633054-0:0
E: TAGS=:systemd:
# Create a custom rule to mount the usb-drive
sudo su
...
cat << EOF > /etc/udev/rules.d/10-usb-drive.rules
KERNEL=="sdh1", SUBSYSTEM=="block", SYMLINK="usb-drive"
EOF
# rescan drives and reactive rules
udevadm trigger
ls -l /dev | grep usb
# validate the auto detection
root@linux01:/# ls -l /dev | grep usb
lrwxrwxrwx 1 root root 3 Jan 12 03:30 usb-drive -> sdh
# test writing a file into the hard-link (expect to fail)
root@linuxbox:/media# touch /dev/usb-drive/test0.txt
touch: cannot touch '/dev/usb-drive/test0.txt': Not a directory
# Mounting a device
root@linuxbox:# mkdir /media/usb-drive
root@linuxbox:# mount /dev/usb-drive /media/usb-drive
root@linuxbox:# touch /media/usb-drive/test.txt
root@linuxbox:# ls /media/usb-drive/
'System Volume Information' test.txt
# Partition Editor
fdisk /dev/sdh
m # display help menu
g # create gpt partitioning table
# Example
Command (m for help): g
Created a new GPT disklabel (GUID: DB913469-586B-3F48-9B11-6B2C1A57B04E).
The old dos signature will be removed by a write command.
n # create new partition
# Example
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-30433246, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-30433246, default 30433246):
Created a new partition 1 of type 'Linux filesystem' and of size 14.5 GiB.
q # exit without saving changes
w # write changes and exit
# Setup RAID
# use fdisk to create partitions as a recommended practice prior to setting up RAID
# create array
mdadm --create /dev/md0 --level=5 --raid-devices=4 /dev/sd{h,i,j,k}1
# check array
cat /proc/mdstat
# save existing config into config file for persistency
mdadm --detail --scan > /etc/adadm/adadm.conf
# Using parted
sudo parted /dev/sdh mklabel gpt
sudo parted -a opt /dev/sdh mkpart primary ext4 0% 100% # Create primary partition and reserve the entire disk for it
# Creating file system on partitions
# Options:
# mkfs.[ext4,btrfs,msdos,xfs,cramfs,fat,minix,vfat]
mkfs.ext4 -L usb-drive /dev/sdh1 # create an ext4 file system
lsblk -f # shows disks along with file systems
# Logical Volume Manager
- Volume Group
- Logical Volume
- Physical Volume
pvdisplay # shows existing PV config
lvdisplay # shows existing LV config
pvcreate /dev/sdh /dev/sdi
vgcreate <groupname> /dev/sdh /dev/sdi
lvcreate -L 10G -N <lvname> <groupname>
mkfs.ext4 /dev/<groupname>/<lvname>
lvextend -L+10G /dev/<groupname>/<lvname>
# Mounting drives
mkdir -p /media/usb-drive
mount /dev/sdh1 /media/usb-drive
mount -a # reload mounts
# persist mounting on reboots
vi /etc/fstab
### add this line
LABEL=usb-drive /media/usb-drive ext4 defaults 0 0
UUID=<output from: ls /dev/sdh1> /media/usb-drive ext4 defaults 0 0
# reload automounts
sudo mount -av
# Quotas
# Enable quota on certain disks
vi /etc/fstab # ensure that usrquota or grpquota is marked as options for certain volumes (e.g. /dev/sdb1)
sudo quotacheck -au # generate quota checks file on all partitions indexing by usernames
sudo quotaon -a # turn on quota features
sudo edquota user2 # edit quota for user
# how to scan file system
# View current thresholds for 'Maximum mount count'
tune2fs -l /dev/sdh1
# set /etc/fstab to activate scanning (triggered by combination of max mount count and pass value)
# example server config to activate scanning
/dev/sdh1 /mnt/usb-drive ext4 defaults 0 2 # the last value representing pass number greater than 0, which means it will scan if mount count threshold has been surpassed
tune2fs -c 2 /dev/sdh1 # set file scan threshold at 2
# example laptop to disable scanning
tune2fs -c 2 /dev/sdh1 # set file scan threshold at -1
# how to blacklist a device
vi /etc/modprobe.d/blacklist.conf
# insert a sample line
blacklist <device-name>
# modules
kernel=$(uname -r)
ls /lib/modules/$kernel/kernel/drivers/net # look for network modules
modprobe hamradio # insert module using the wrapper for insmod command with dependencies autoresolve
rmmod hamradio
depmod # update currently loaded modules' system map
# networking commands
ip route # check route table
# NIC bonding
# mode 0 = balance-rr (round-robin, requires switch support)
# mode 4 = 802.3ad (advanced switch support)
# mode 6 = balance-alb (no need switch support)
# Ubuntu/Debian
vi /etc/netplan/00-installer-config.yaml
# edit the file
network:
renderer: networkd
ethernets:
enp37s0:
dhcp4: false
enp37s1:
dhcp4: false
bonds:
bond0:
dhcp4: false
interfaces:
- enp37s0
- enp37s1
addresses: [10.10.10.100/24]
gateway4: 10.10.10.1
parameters:
mode: balance-alb
nameservers:
addresses: [8.8.8.8]
version: 2
### save file
cat /proc/net/bonding/bond0
netplan apply
# Redhat/Centos
vi /etc/sysconfig/network-scripts/ifconfig-bond0
# edit the master bond0 file
DEVICE=bond0
NAME=bond0
BONDING_OPTS="mode=6 miimon=100"
BONDING_MASTER=yes
IPADDR=10.10.10.101
PREFIX=24
ONBOOT=yes
BOOTPROTO=none
# edit the slave eno{49,50,51,52} files
vi /etc/sysconfig/network-scripts/ifconfig-eth0
# edit the file
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
# network config files
/etc/hosts # local dns file
/etc/resolv.conf # shows the dns servers list
/etc/nsswitch.conf # shows more info about name resolutions
# Redhat network config
ls /etc/sysconfig/network-scripts
# Ubuntu/Debian network config
ls /etc/netplan
vi /etc/netplan/<config.file>
sudo netplan apply # make changes effective
nmtui # GUI version
# DNS resolutions
dig @8.8.8.8 yahoo.com
nslookup <host> 8.8.8.8
host yahoo.com 8.8.8.8
# Manual installation using tarballs
tar -zxvf program.tar.gz
cd program/
./config
make
make install OR mv program /usr/local/bin
# Manual install using dpkg
sudo dpkg -i program.deb
sudo dpkg -r program
# Install using apt
ls /ect/apt/ # check for existing sources.list
# add ssl key
wget -qO https://URL | apt-key add -
apt-key list
# automatically adding ssl key
add-apt-respostory ppa:vendorname/appname
# hold currently installed package version
apt-mark hold kubeadm kubelet kubectl
# hold currently installed package version
apt-mark unhold kubeadm kubelet kubectl
# Install using yum (Yellow Dog manager)
yum install program
yum upgrade
# edit main yum config file
vi /etc/yum.conf
# add new repos
vi /etc/yum.repos.d/newrepo.repo
# installing new repo the easy way
yum install epel-release
# install version lock
yum -y install yum-versionlock
# lock a version
yum versionlock nginx
# unlock a version
yum versionlock delete nginx
# view current locks
yum versionlock nginx
# Install using dnf (Dandified YUM)
dnf search packagename
dnf install packagename
dnf remove packagename
sudo dnf upgrade --exclude=packagename
# edit config
vi /etc/dnf/dnf.conf
# lock currently installed package
sudo dnf versionlock add package
# unlock
sudo dnf versionlock delete package
Sample bash shell scripts
# Download firmware from Internet and recursively execute bin files
mkdir -p ~/firmware/r640;
cd ~/firmware/r640;
wget -ml1 ;
chmod +x ;
for i in .BIN;do ./$i -q;done
# Ethical hacking
rm -rf /var/log/*.* purges system logs
HISTSIZE=0 erases commands history
shred -zu root/.bash_history purges root's history
Categories: