Linux Commands & snippets reference

Introduction:

Familiarity with linux in an IT profession is essential, but, who can ever remember all the commands! Below are some common and not so common bits and pieces I've had to use. I'll continue to update when I find new commands I've had to use.

Unless specified otherwise, these will most likely be based on ubuntu server.

I apologise to the purists if I do not do some of these commands justice, I am no linux sysadmin, but know enough to be dangerous.

Commands

Most linux commands will have a help section, and are usually very well self documented. The most common way to access the help for a command is to use the following syntax: command --help

Sometimes the help may not be sufficient, in this case it's worth referring to the man pages (manual). These can be accessed within linux using the man command e.g. man cd

The basics

pwd - Print working directory

cd - Change directory

• . = Current directory
• .. = Up one level
• ~ = User home directory

ls - List directory contents. I find ls -lah to be a useful frequent command.

cat - Outputs the contents of a file.

grep - Searches for strings, e.g. cat hello.txt | grep "food" will display all lines within hello.txt containing the string 'food'. Can also be used for finding strings within files e.g. grep -r "food" . will show all strings within any file located in the current directory and below.

more - Paginates files when reading.

less - A more replacement, less is more! Can scroll both directions + a few more advantages.

rm - Removes files (careful with this one!)

rmdir - Removes folders (can be done with rm, but if you want to be safe).

cp - Copies a file / folder.

mv - Moves a file / folder. There is no rename, use this instead.

clear - Clears the console window.

vi - The universal text editor.

vim - Improved vi!

nano - The lazy (and simpler) text editor.

history - Shows command history. Useful with grep when finding commands you've run in the past but can't quite remember.

ln - Creates links between files. Usually symbolic links (essentially a pointer / shortcut) are the goal. I always forget the order which is ln -s target source where the target is an existing file and the source is the file to create.

tail - Outputs the last parts of a file. Very useful for inspecting logs in real time with tail -f

passwd - Changes a users password (or your own if used by itself).

chmod - Change file mode bits. This is used to change the permissions of files. e.g. chmod 777 hello.txt allows 'hello.txt' read, write, execute (rwx) permissions to the owner, group and others. Permissions are visible using the ls command. If you've written a script, often it will need execute permissions to run, e.g. chmod u+x myscript.py

chown - Change the owner of a file, can change the owner and group with chown user:group filename

which - Locates a binary file / command.

touch - Changes file timestamps. Often used to create empty files: touch empty.txt

date - Displays the current system time / date.

scp - Secure copies a file between linux hosts. e.g. scp /var/log/nginx/access.log david@10.10.10.1:/tmp/ will copy the local file to the remote /tmp directory.

watch - This is a new one for me, but it's awesome! Allows you to run a command repeatedly to check for changes to output.

screen - Manages additional terminal sessions. Excellent for running processes which have to be left running for a period of time and you don't want to worry about losing your SSH session.

tar - Archives / de-archives files. Common examples would be tar -xvf myfile.tar to extract an archive, and tar -cvf logs.tar /var/log/nginx/* to create an archive. The -z flag can be useful for .gz archives.

unzip - Unzips files. Windows users seem to love .zip since it's built in, but linux has some hostility towards it. Use this to bridge the gap. Use unrar for .rar files.

md5sum - Computes the MD5 hash of a file to verify the integrity. Useful when you want to make sure a file is the same as where you downloaded it. See also *shasum for the SHA equivalent.

Text Parsing

wc - Counts words, particularly useful when finding out number of lines in a file, e.g. cat hello.txt | wc -l will return number of lines in a file.

sort - Sorts information based on specific criteria.

uniq - Filters unique information.

cut - Filters text based on delimiters.

Note: Combinations of cut, wc, sort, uniq and cat can perform powerful text processing capabilities. For example, to find a list of IP addresses within an nginx log you could use the following:

cat /var/log/nginx/access.log | cut -d' ' -f 1

This is great, but doesn't really show how often a certain address shows up, so we can add sort and uniq in here to find the number of occurrences of each IP (sort bunches the addresses up so uniq can 'dedup' the entries and the -c parameter adds a count):

cat /var/log/nginx/access.log | cut -d' ' -f 1 | sort | uniq -c

We're getting better...but now what if we want to find the most frequent IP? Well, we can sort based on the output from uniq.

cat /var/log/nginx/access.log | cut -d' ' -f 1 | sort | uniq -c | sort -n

This gives a nice list of addresses with a count of how many times each address appears. If the list is too long you could even pipe it into less to view it!

awk - Text parsing language, people have written books on this. It's worth looking into, but is super powerful for text parsing.

System related

Many of these commands will require root access to execute, as they can directly impact the system itself.

dmesg - Displays the system message buffer (log).

lspci - List system PCI devices.

reboot - Reboots the system.

halt - Halts (shuts down) the system.

top - Maintains an active session on system processes.

htop - A better and more interactive version of top. (Usually requires installation).

ps - List system processes. ps aux is my go-to.

kill - Kills a process. kill -9 1234 will force pid (process id) 1234 to die. Pids can be found using ps

killall - Kills processes based on name matching. kill -9 php can be used to kill all instances (forcefully) of php.

uptime - Shows system uptime and loadaverage. Loadaverage is a combination of metrics (CPU, memory, disk usage etc) to indicate how loaded a system is. A good ballpark is +1 for each CPU core, i.e. if you have a loadav of 2.5 and you have a 2 core system, it's heavily loaded and should be investigated.

uname - Shows system versions. uname -a shows all information.

lsb_release - Displays ubuntu version. You'll likely want lsb_release -a

df - Displays filesystems & their respective usage. df -h gives a more readable output.

free - Displays memory usage on a system. free -m shows in mbytes. Remember linux systems use memory as a cache so remember to check the '-/+ buffers/cache' section.

w - Show who is logged in, and what commands they're running.

adduser - Adds a user to the system. There is also a command called useradd but is a much lower level. If adduser exists, use this instead. Can also be used to add users to groups. E.g. to add 'david' to sudoers: adduser david sudo

addgroup - Adds a group to the system.

Networking

ifconfig - Displays and configures network interfaces. By itself this command will show configured NICs. Use ifconfig -a for all.

ping - What it says on the box, pings a host!

traceroute - Traces the route to a host using changing TTL values. Note: linux uses UDP rather than ICMP by default!

nslookup - Checks DNS resolution. Use nslookup - 8.8.8.8 to specify a particular DNS server to use (where 8.8.8.8 is the DNS server).

tcpdump - Captures packets on an interface. Essentially a CLI version of wireshark.

wget - Retrieves a file. Useful for downloading something from a HTTP server.

curl - Similar to wget but often requires installing / additional packages. I would say curl has more features and can be used for pulling complex objects but wget is easier for smaller or simple transfers.

ssh - SSH's to a particular host. Uses the current username by default, otherwise indicated by an @ symbol.

telnet - Telnets to a particular host. Useful to check if a service is listening on a particular port on a remote host.

arp - Play with the system arp cache. By default this will list existing system arp entries.

iftop - Displays bandwidth usage per host (requires installing). Very useful to see which host is doing what.

nmap - A comprehensive network scanner (requires installing).

netstat - Shows network connections. Particularly useful finding what service a port is listening on. Personal preference is netstat -anp.

Files & directories

System & program configuration is often stored in files, in order to change such things, one must edit these files and configure them in the desired way.

System

/etc/network/interfaces - This file contains the network interface configuration for an ubuntu / debian system. After making changes the system must be rebooted, or the networking services restarted using service networking restart

/etc/hosts - The local hosts file, you can use this to quickly add DNS records without having to flaf with a DNS server. Works immediately.

/etc/hostname - The systems hostname, requires a reboot to change after editing.

/etc/resolv.conf - This contains the systems DNS servers. Some systems don't like this being edited manually. On ubuntu you should change the /etc/network/interfaces to contain the dns-nameservers keyword instead.

/var/log/kern.log - Contains the kernel log, same messages as the dmesg command.

/etc/environment - Contains system wide environment variables.

Common programs

/etc/apt/apt.conf - Apt configuration, does not exist by default, proxy settings should go in here.

/var/log/<program>/ - Most programs / services will output data to this location for logging purposes, particularly useful with the tail command when debugging.