System

Linux

Files and directories

Find large files

find <path> -type f -exec du -h --time {} + | sort -hr | head -20

find <path> -type f -printf "%s\t%p\n" | sort -rh | head -20

find <path> -type f -exec ls -s {} + | sort -n -r | head -20

# Do not cross filesystems
find <path> -xdev -type f -exec ls -s {} + | sort -n -r | head -20

Display files older than 60 days

find <path> -type f -mtime +60 -exec ls -s {} \;

Delete files older than 60 days

find <path> -type f -mtime +60 -exec rm -f {} \;

Find and exec a command

find <path> <args> -exec <command> {} \;
# example
find <path> -type f -exec cp {} {}.bak \;

--relative flag creates subdirectories in the target directory

find <path>/ -type f -name <name> -exec rsync -av --relative {} <path>/ \;

Follow symlinks with find command

find -L <path> ...

Sort by size

ls -lha --sort=size

Get absolute path of a file

realpath <filename>

Sync directories

rsync -av --delete --progress <src>/ <dst>/

Redirect stderr and stdout

# stdout
command 1> /dev/null
# stderr
command 2> /dev/null
# stderr to stdout to a file
command > /dev/null 2>&1
# stderr to stdout to a file
command &> /dev/null

Copy directory content including hidden files

cp -av /src/. /dst/

Copy Reference file

cp -L <src> <dst>

rsync -L <src> <dst>

With options: -p(preserve permissions), -r(recursive)

rsync -Lrp <src> <dst>

rsync multiple source directories

• Remote sync

rsync <args> <remote_host>:<dir1> :<dir2> <dest>/

• Local sync

rsync <args> <dir1> <dir2> <dest>/

Get some informations about a program

file <program>

Print shared object dependencies

ldd <program>

Display permissions and user/group with tree

tree -pugfiaD <directory>

Prevent file/dir modification and deletion

• View file extended attributes

lsattr <file>

• Set the immuable flag

chattr +i <file>

Search and replace a string in multiple files

• Search

find ./ -type f -name '*.txt' -exec grep --color -nH 'old' {} \;

• Replace

find ./ -type f -name '*.txt' -exec sed -i 's/old/new/gI' {} \;

• Backup files before replacing

find ./ -type f -name '*.txt' -exec sed -i.bak 's/old/new/gI' {} \;

Rename multiple files

for file in *old*; do mv "${file}" "${file/old/new}"; done

Archiving and compressing

• Extract Tar file

tar -xvf archive.tar.gz

tar -xvf archive.tar.gz -C <dst>

Memory, CPU and process management

Sort processes by memory usage

ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

Sort processes by cpu usage

ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head

Sort processes by start time

ps -ef --sort=start_time

• Reverse the order

ps -ef --sort=-start_time

With start time

ps -eo pid,lstart,cmd

ps using grep and displaying headers

ps -eo user,pid,ppid,lstart,%mem,%cpu,cmd --sort=start_time | { head -1; grep '\.py[[:blank:]]'; } | grep -v grep

ps -eo user,pid,ppid,lstart,%mem,%cpu,cmd --sort=start_time | sed -n '1p; /[.]py[[:blank:]]/p'

ps -eo user,pid,ppid,lstart,%mem,%cpu,cmd --sort=start_time | awk 'NR == 1 || /[.]py[[:blank:]]/'

List file descriptors

lsof -a -p <pid>

List processes based on name/pattern

pgrep -fa '<pattern>'
# example
pgrep -fa 'rsync'

Kill processes based on name/pattern

pkill -f '<pattern>'

Show CPU details

lscpu

top then, press 1 to display usage per CPU.

top

Display a tree of processes

pstree -laps <pid>

Keep processes running after exiting the shell

nohup <command> &

• Redirect to a file and to standard error and output

nohup <command> > output.log 2>&1 &

• Different files for standard output and error

nohup <command> 1> output.log 2> error.log &

Clear cache/buffer

sysctl vm.drop_caches=3

or

sync; echo 3 > /proc/sys/vm/drop_caches

Clear swap

swapoff -a
swapon -a

Disks

Input/Output(I/O) performance

dnf install sysstat

iostat -d

iostat -d /dev/sda

iostat -p /dev/sda1

LVM

• Display file system types

lsblk -o PATH,FSTYPE,MOUNTPOINT <partition_name>

Example

lsblk -o PATH,FSTYPE,MOUNTPOINT /dev/sda

• Extend a filesystem(with -r|--resizefs)

lvextend -L +<size> <filesystem> -r

Example

lvextend -L +2G /dev/mapper/vg_root-lv_home -r

• Increase size of an XFS filesystem

xfs_growfs -d <filesystem>

Example

xfs_growfs -d /dev/mapper/vg_root-lv_home

• Increase the size of a Linux LVM by expanding the virtual machine disk

DNS queries

dig +noall +answer +multiline <fqdn> any

for record_type in A AAAA CNAME MX NS TXT; do
    dig +noall +answer +multiline <fqdn> "${record_type}"
done

Managing Users

• Add user

useradd -d <home_dir> -s <shell> <username> -G <group1> <group2>

• Change password

passwd <username>

• Change UID and GID

usermod -u <id> <username>

usermod -g <id> <groupname>

• Change user primary group

usermod -g <primary_groupname> <username>

SSH

Generate SSH key pair

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "<email or comment>"

ssh-keygen -t rsa -b 4096 -C "<email or comment>"

Start ssh-agent in the background

eval "$(ssh-agent -s)"

Add the SSH key to the ssh-agent

ssh-add ~/.ssh/id_ed25519

Disable Strict Host Key Checking

ssh -o StrictHostKeyChecking=no username@remotehost

Useful params

ssh -o ConnectTimeout=5 -n -T ${REMOTE_HOST}

Execute multi-line SSH command

ssh -T <remote_host> <<EOSSH
    <command1>
    <command2>
EOSSH

Get SSH version

echo ~ | nc localhost 22

Permissions

chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
chmod 644 ~/.ssh/config
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

User config file

Host *
    LogLevel error
Host <name1>
    HostName <ip or fqdn>
    User <username>
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa
Host <name2>
    HostName <ip or fqdn>
    User <username>
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa
    ProxyCommand ssh -W %h:%p <name1>

Regenerate SSH host keys

On RHEL, if missing, ssh_host keys are generated during the boot

rm -f /etc/ssh/ssh_host_*

ssh-keygen -f /etc/ssh/ssh_host_rsa_key     -N '' -q -t rsa
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key   -N '' -q -t ecdsa
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -q -t ed25519

systemctl restart sshd

Logs

tail -f -n 100 /var/log/secure | grep sshd

grep sshd /var/log/secure

SSHFS

Install(client side)

dnf install fuse-sshfs

Mount a remote FS

sshfs <user>@<host>:<dir> <mountpoint> <options>

Example

sshfs fedora@192.168.0.10:/data /mnt/data

Automatically mount the remote FS

# file: /etc/fstab
fedora@192.168.0.10:/data /mnt/data fuse.sshfs

SSL

Check a certificate

openssl x509 -in <certificate>.crt -text -noout

• Check a certificate encoded in PKCS7

openssl pkcs7 -print_certs -in <certificate>.p7b

Extract the private key from the PFX file

openssl pkcs12 -in <file>.pfx -nocerts -out <private>.key

Extract the certificate from the PFX file

openssl pkcs12 -in <file>.pfx -clcerts -nokeys -out <certificate>.crt

Extract the decrypted private key

openssl rsa -in <private.key> -out <decrypted.key>

Extract the CA chain from the PFX file

 openssl pkcs12 -in <file.pfx> -cacerts -nokeys -chain -out <ca.pem>

View a CSR file

openssl req -in <csr_name>.csr -noout -text

Get a website certificate

echo | openssl s_client -showcerts -servername <example.com> -connect <example.com>:443 2>/dev/null | openssl x509 -inform pem -noout -text

Git

Setup git configuration

git config --global user.name "<name>"

git config --global user.email "<email>"

git config --global http.proxy http://<ip_or_fqdn>:<port>

• Customizing Git

Display config

git config --list

Work with Git

Stage all changes

git add -A

Commit staged changes

git commit -m <commit_message>

• Edit previous commit message

git commit --amend

Revert to a previous commit

git reset --hard HEAD~

git reset --soft HEAD~

git reset --hard <commit_id>

Discard local changes

git fetch origin

git reset --hard origin/<branch_name>

Diff between commits

git diff <commit_id>..<commit_id>

Diff between last commit and the working tree

git diff

Show informations recorded in the reflogs

git reflog show

~/.gitconfig

[credential]
  helper = store --file /path/to/.gitcred
[user]
  name = <name>
  email = <email>
    # GPG config
  signingkey = <signingkey>
[http]
[http "https://gitlab.example.com"]
  proxy = http://<ip or fqdn>:<port>
[core]
    # vscode as a default editor
  editor = code --wait
[commit]
    # GPG config
  gpgsign = true
[alias]
  graph = log --oneline --graph --decorate
  llog = log --graph --name-status --pretty=format:\"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset\" --date=relative
  acp = "!f() { git add -A && git commit -m \"$@\" && git push; }; f"

Multiple configs

[includeIf "gitdir:~/personal/"]
  path = ~/.gitconfig-personal
[includeIf "gitdir:~/work/"]
  path = ~/.gitconfig-work

Vim

Find and replace

# Syntax
:[range]s/{pattern}/{string}/<flags>
# Replace in all lines
:%s/hello/hi/g
# Confirm before replacing
:%s/hello/hi/gc
# Case-insensitive search
:%s/hello/hi/gi
# Replace between lines 1 to 5
:1,5s/hello/hi/g

Comment

# Syntax
:<start line>,<end line>s/^/#
# Comment line 1 to 5
:1,5s/^/#

Uncomment

# Uncomment line 1 to 5
:1,5s/^#//

Set number

:set number

Unset number

:set number!

Undo and redo

Undo = Press u Redo = Press CTRL+R

List the available undo options

:undolist

Delete blank lines

:g/^$/d

Show EOL characters

:set list

systemd

List all running systemd services

systemctl list-units --type=service --state=running

List all enabled systemd services

systemctl list-unit-files --type=service --state=enabled

List all services with activating status

systemctl list-units --type=service --state=activating

List all failed systemd services

systemctl list-units --type=service --state=failed

List all active sockets

systemctl list-sockets

Debug services with non-zero exit code

while IFS= read -r svc_name; do
    echo "---"
    svc_name=$(echo "${svc_name}" | awk '{print $1}')
    systemctl status "${svc_name}"
done < <(systemctl list-units --type=service --state=activating --quiet)

Show the most recent system errors

journalctl -xe

Monitor logs in real-time

journalctl -f

Monitor logs in real-time for a specific service

journalctl -u <unit> -f

Show log entries since a specific date and time.

journalctl --since "YYYY-MM-DD HH:MM:SS"

Display the paths and directories used by the systemd system

systemd-path

Show the current locale and keyboard settings

localectl

Grub

Modify /etc/default/grub

vim /etc/default/grub

Update grub.cfg file

grub2-mkconfig -o /boot/grub2/grub.cfg

Cron

# * * * * * <command to execute>
# | | | | |
# | | | | day of the week (0–6) (Sunday to Saturday; 
# | | | month (1–12)             7 is also Sunday on some systems)
# | | day of the month (1–31)
# | hour (0–23)
# minute (0–59)

VirtualBox

Error: Please disable the KVM kernel extension, recompile your kernel and reboot (VERR_SVM_IN_USE).

Fix for VirtualBox 7.1.4 and Kernel 6.12

Update /etc/default/grub file: Add kvm.enable_virt_at_load=0 parameter to GRUB_CMDLINE_LINUX_DEFAULT

Networking

NetworkManager

Check if NetworkManager is running

nmcli general

List all connection profiles

nmcli con show 

Check device status

nmcli device status

Get details about connection

nmcli con show <con_name>

Configure network

nmcli con mod <con_name> connection.autoconnect yes

nmcli con mod <con_name> ipv4.addresses <ip_addr/mask> ipv4.method manual ipv4.gateway <gw> ipv4.dns "<dns1> <dns2>" ipv4.dns-search <domain>

nmcli con up <con_name>

Restart NetworkManager

systemctl restart NetworkManager

Network configuration with network scripts(doc)

vim /etc/sysconfig/network-scripts/ifcfg-<if_name>

Example

vim /etc/sysconfig/network-scripts/ifcfg-eth0

Routing and host information for all network interface: /etc/sysconfig/network

vim /etc/sysconfig/network

Network connections and statistics

Monitoring all listening TCP connections

ss -ltnp

Monitoring all listening UDP connections

ss -lunp

Monitoring all listening port(tcp/udp) and established connections

ss -plantus

Display CLOSE-WAIT socket connections

ss --tcp state CLOSE-WAIT

Kill CLOSE-WAIT socket connections

ss --tcp state CLOSE-WAIT --kill

Test TCP connections

nc -zv <ip_dst> <port>

nc -zv -s <ip_src> <ip_dst> <port>

Test UDP connections

nc -zv -u <ip_dst> <port>

Debug

tcpdump (with root)

tcpdump -i <interface_name> -w <filename>.pcap

tcpdump -i <interface_name> dst <ip addr or fqdn> -w <filename>.pcap

tcpdump -i <interface_name> port <port> -w <filename>.pcap

Checksum: md5sum or sha256sum

find -type f -exec md5sum '{}' \;

find -type f -exec sha256sum '{}' \; > hashes.txt
sha256sum --check hashes.txt

md5sum --check hashes.txt

sha256sum --check hashes.txt

echo "<hash>  <filename>" | sha256sum --check

echo -n 'hi' | sha256sum

sha256sum <filename>

Hardware

# Show USB ports details
lsusb

Trace system calls and signals

Basic usage

strace <command>

Attach to an running process

strace -p <pid>

Auditd

Failed login attempts

ausearch --message USER_LOGIN --success no --interpret

Failed system call

ausearch --start yesterday --end now -m SYSCALL -sv no -i

AUID system call

ausearch --start yesterday --end now -ua <auid> -i

List of login events

aureport --login -i

$HOME

~/.bashrc

shopt -s histappend
PROMPT_COMMAND="history -a;$PROMPT_COMMAND"
HISTCONTROL=ignoreboth
HISTFILESIZE=50000
HISTSIZE=${HISTFILESIZE}
HISTTIMEFORMAT="$(date +"%Y-%m-%dT%H:%M:%S%z") "

if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
fi

# Setup the ssh-agent
if [ ! -S ~/.ssh/ssh_auth_sock ]; then
  eval `ssh-agent`
  ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
fi
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
ssh-add -l > /dev/null || ssh-add

GPG_TTY=$(tty)
export GPG_TTY

export DATE_ISO8601=$(date +"%Y-%m-%dT%H-%M-%S%z")

[ -f ~/.fzf.bash ] && source ~/.fzf.bash

source <(kubectl completion bash)

# Custom Prompt
# Display exit code if not equal 0
__sh_exitcode() { ret=$?; if [[ $ret != 0 ]]; then echo "$ret "; fi }

if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
        PS1='\[\033[1;31m\]$(__sh_exitcode)\[\033[1;32m\](label) \[\033[1;37m\]\u\[\033[0;39m\]@\[\033[1;37m\]\h\[\033[0;39m\]:\[\033[1;34m\]\w\[\033[0;39m\]\$\[\033[0;39m\] '
else
    PS1='$(__sh_exitcode)\u@\h:\w\$ '
fi

~/.inputrc

set show-all-if-ambiguous off
set colored-completion-prefix on
set colored-stats on

"\e[A": history-search-backward
"\e[B": history-search-forward
"\e[C": forward-char
"\e[D": backward-char
# pgup
"\e[6~": menu-complete-backward
# pgdn
"\e[5~": menu-complete

~/.tmux.conf

#unbind C-b
#set -g prefix C-a
#bind -n C-a send-prefix

unbind C-c
bind -n C-k killp
bind -n C-Left split-window -h
bind -n C-Right split-window -h
bind -n C-Down split-window -v
bind -n C-Up split-window -v

bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D

bind -n C-x setw synchronize-panes

set -g visual-activity off
set -g visual-bell off
set -g visual-silence off
set -g monitor-activity off
set -g bell-action none
set -g mouse on

bind z source-file ~/.tmux.conf

~/.bash_aliases

# https://opensource.com/article/19/7/bash-aliases
# Sort by modification time
alias ll="ls -lthrA --color=auto"
# Sort by file size
alias lt="ls --human-readable --size -1 -S --classify"
# View only mounted drives
alias mnt="mount | awk -F' ' '{ printf \"%s\t%s\n\",\$1,\$3; }' | column -t | egrep ^/dev/ | sort"
# Count files
alias count="find . -type f | wc -l"
# Add a copy progress bar
alias cpv="rsync -ah --info=progress2"
# Find a command in your grep history
# Example: gh <search_something>
alias gh="history | grep"
# Get all paths of json doc
alias jpaths="jq -r '[paths | join(".")]'"

Date and time

Show current time settings

timedatectl status

Set timezone

timedatectl set-timezone UTC

RabbitMQ

• Check RabbitMQ cluster status

rabbitmqctl cluster_status

rabbitmq-diagnostics check_running

• List queues

rabbitmqctl list_queues

• List consumers

rabbitmqctl list_consumers

Tools

• Extract full paths of json keys

jq -r '[paths | join(".")]'  <json_file>

• Example

k get deploy <deployment_name> -o json | jq -r '[paths | join(".")]'

• Base64 Encoding/Decoding

Encoding

echo -n 'string' | base64

base64 <filename>

Decoding

echo -n 'string' | base64 --decode

base64 --decode <filename>

• Convert Yaml file to Json file

yq -o=json <yaml_file> > <json_file>

• Diff between two directories

diff -r <dir_a> <dir_b>

• Remove comments and blank lines

grep -Ev '^$|#' <filename>

• Create kickstart boot ISO

dnf install lorax

mkksiso -a <file or directory> <kickstart>.ks <installer>.iso <updated_installer>.iso

• Check if a TCP port is open or closed

timeout 3 bash -c ">/dev/tcp/<ip_addr or fqdn>/<port_number>" && echo Open || echo Closed

• Repeating a character N times

printf '*%.0s' {1..150}

With new line

printf '*%.0s' {1..150};printf '\n'

• Decoding JSON Web Token(JWT)

jq -R 'split(".") | .[0],.[1] | @base64d | fromjson' <<< "<jwt>"

Shell scripting

• Read a file line by line

FILE_PATH=<path_file>

while IFS= read -r line; do
    echo "${line}"
done < "${FILE_PATH}"

• List all executables

IFS=:;
set -f;
find -L $PATH -maxdepth 1 -type f -perm -100 -print;

• Use tabs as delimiter

IFS=$'\t'

• Run local script on remote machine

ssh <username>@<remote_host> 'bash -s' < local-script.sh

• Interactive SSH terminal in script

ssh -t <remote_host> < /dev/tty

RedHat-based Linux

Admin

List installed packages

dnf list installed

dnf list installed | grep <package_name>

rpm -qa | grep <package_name>

List all available versions of a package

dnf list <package_name> --showduplicates

Update a package

dnf update <package_name>

Download RPM package file

dnf download <package_name>

• Resolve and download needed dependencies

dnf download --resolve <package_name>

Downgrade a package

dnf downgrade <package_name>-<version>

versionlock: Protect packages from being updated

dnf install python3-dnf-plugin-versionlock -y

dnf versionlock <package_name>-<version>

dnf versionlock list

Finds the packages providing the given file

dnf provides <filename>

Exclude package from getting updated

dnf update --exclude=PACKAGENAME 

Example

dnf update --exclude=kernel*

Clean all cached files(packages included)

rm -rf /var/cache/yum/*

or

rm -rf /var/cache/dnf/*

then

dnf clean all

Remove old kernels

dnf remove --oldinstallonly --setopt installonly_limit=2 kernel

Disable/Enable Repo

Show all repos

dnf repolist --all

Disable a repo

dnf config-manager --disable <repo_name>

Show disabled repos

dnf repolist --disabled

Enable a repo

dnf config-manager --enable <repo_name>

Show enabled repos

dnf repolist --enabled

or

dnf repolist

View transaction history

dnf history

Security and bugfixes updates

Check security and/or bugfixes updates

dnf check-update --security

dnf check-update --bugfix

dnf check-update --security --bugfix

check-update command doc

Display information about update advisories

dnf updateinfo list --security

dnf updateinfo list --bugfix

dnf updateinfo list --security --bugfix

updateinfo command doc

Install security and/or bugfixes updates

dnf update --security

dnf update --bugfix

dnf update --security --bugfix

upgrade command info

Display information about CVE

dnf updateinfo list --cve=<cve_id>

Display information about RHSA ID

dnf updateinfo info <advisory_id>

Install specific update

dnf update --advisory=<advisory_id>

Example

dnf update --advisory=RHSA-2023:4102

Windows

Powershell

• Test a connection

Test-NetConnection <ip_addr or fqdn> -port <port>

• Network stats

netstat

• Get the basic network adapter properties

Get-NetAdapter

• Get routing table

Get-NetRoute

• Find large files

Get-ChildItem c:\ -r -Force -ErrorAction SilentlyContinue |sort -descending -property length | select -first 10 FullName, Length

Get-ChildItem c:\ -r -Force -ErrorAction SilentlyContinue |sort -descending -property length | select -first 10 name, DirectoryName, @{Name="GB";Expression={[Math]::round($_.length / 1GB, 2)}}

Admin

• Local administrator account.

.\Administrator 

Shortcuts

ctrl + alt + F2	x11: Get a virtual terminal
ctrl + alt + F9	x11: Back to X