The below list are not covering all the commands for Linux Administration. These are commands that are not oftenly used but would be needed extermely in hours of matter of troubleshooting. This list is limited but can be improved much more.
Redhat Package Manager (RPM)
#Check RPM signature
rpm --checksig <.rpm pkg>#Install RPM package
rpm -ivh <.rpm pkg> #Check dependencies of RPM pkg
rpm -qpR <.rpm pkg> #Install RPM pkg without dependencies
rpm -ivh --nodeps <.rpm pkg> #List all files of installed RPM packages
rpm -ql <.rpm pkg> #List installed RPM packages
rpm -qa #List installed RPM packages
rpm -q <.rpm pkg> #List all recently installed RPM packages
rpm -qa --last #Upgrade a RPM package
rpm -Uvh <.rpm pkg> #Remove RPM package
rpm -evvnx <.rpm pkg> #Remove RPM package without dependencies
rpm -ev --nodeps #Query a file that belongs which RPM package
rpm -qf /usr/bin/htpasswd #Show the information of installed RPM package
rpm -qi vsftpd #Show the information of RPM package before install
rpm -qip <.rpm pkg> #Show documentation of instal RPM package
rpm -qdf /usr/bin/vmstat #Verifying a package compares information of installed files against rpm db
rpm -Vp <.rpm pkg> #Verifying all packages
rpm -Va YUM (Yellowdog Updater and Modifier)
yum upgrade <pkg>
yum localinsatll <pkg*>
yum remove <pkg/command/rpm>
#install/update/upgrade or transaction history
yum history list
yum history list all
#pkg info install/update/upgrade or transaction history by id
yum history info <id>
#undo the transaction by id
yum history undo <id>
#redo the transaction by id
yum history redo <id>
#yum stores transaction in single SQLite db. To start new transaction history
yum history new
yum whatprovides <pkg/command>
yum --showduplicates list httpd | expand
yum list available java*
yum list installed
Permission
#set suid bit such as -rwSr-xr-x. capital S means (rws)
chmod 4655 <file>
#Setgid on dir, all dir/files in it will get same ownership as parent dir. It doesn't matter who is creating#setting setgid bit
chmod g+s <dir/file> #setting sticky bit such as drwxrwxrwt. small t means (rwxt)
chmod 1777 <dir> #setting sticky bit such as drwxrwxrwT. capital T means (rwt)
chmod 1776 <dir> #asssigning recursive permission of all files/dir in target dir
chown -R <user>:<group> <dir> User Administration
useradd -g itadmin -c "DB User" -u 1135 -s "/bin/sh" -d /home/techguy1
#In the above command, we are creating the new user with custom options as simple "#useradd <user>" will create with default setting. The -g (group) -c (description) -u (user id) -s (which shell to be assigned) -d (landed home dir)useradd -g <primary group> -G <secondary group> <user> # assign the user primary and secondary group
passwd -l <user> #locking password of user
passwd -u <user> #unlocking password of user
passwd -e <user> #expire password
echo 'myPassword123' | sudo passwd --stdin <user>
passwd -x -1 <user> #Turnoff password expiry
usermod -L <user> #locking user
usermod -U <user> #unlocking user
chage #set password expiry
Access Control Lists (ACLs)
setfacl -m u:priya:rw <file> #assiging the a new user 'priya' with read/write permission on the file. -m (modifying) -u (user)setfacl -m mask:r <file> #setting mask on filesetfacl -d -m u:priya:rw <dir> #setting ACL for directorygetfacl -R <dir> > permissions.acl #BackUp ACL's in file having all info related ownership/dir inside the dir,subdir,filessetfacl --restore=permissions.acl #Restore the Permissions/OwnershipCrontab
crontab -l #show crontab for all userscrontab -u <user> -l #show crontab for specific usercrontab -e #add cron entry in crontab fileProcess
ps -a #all terminal ps -e #list of all the processesps -o #customer properties
ps -ao tty,comm,pid,%mem,%cpu #<command/script> & #run the task in background
ps -fp $(pgrep -d, -x logrotate)
pgrep -u <userid> unison
ps -p <pid> -o etime #process execution time
ps -eo user,pid,ppid,%mem,%cpu --sort=-%cpu | head
ps lax
ps fax
Network
dig +trace www.google.com
nmcli dev status
nmcli con del <interface name>
ip addr show <interface name>
nmcli con show
nmcli con add con-name <interface name> type <ethernet> ifname <interface name> ip4 <ip address> gw4 <gateway>
nmcli con up <interface name>
nmcli con mod <interface name> ipv4.gateway <ip address>
hostnamectl set-hostname <hostname>
netstat -rn
route -n
tcpdump -i <interface>
tcpdump -i <interface> host <ipaddress> -nn
tcpdump -i <interface> -s 0 -w <output file name example.pcap> host <ipaddress/hostname> and udp
ping <hostname/ipaddress>
telnet <hostname/ipaddress> <port>
nslookup <domain/hostname>
netstat -an |grep <ipaddress>.<port>|grep ESTAB|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -rn #show which remote hosts make how many connection to specfic port, the output is sort on number of connections by host to port
Memory
egrep --color 'Mem|Cache|Swap' /proc/meminfo | awk '{print $1 " " $2/1000/1000 "GB"}' #show information in GB
smem -s swap -t -k -n -r
smem -u -p -r
free -h
Disk
df -h
df -Th
du -sh <path/*>
df --local -P #in KBsdu -sch .[!.]* * | grep --regex="[0-9]*G"
lsof -u <user> #list of openfiles by specific user
lsof | grep delete #list of openfiles that are deleted
lsof | awk '{print $1}' | sort | uniq -c | sort -r -n #sort number of open files by process
SFTP/SCP
sftp -oPort=<port> <user>@<ipaddress/domain>
sftp -oPort=<port> -oIdentityFile=<path to key> <user>@<ipaddress/domain>
sftp -o KexAlgorithms=<keyExchangeAlgo> -o HostKeyAlgorithms=<HostKeyAlgoName> -oIdentityFile=<path to key> -oPort=<port> <user>@<domain/ipaddress>
sftp -oPort=<port> -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-dss -oIdentityfile=<path to key> <user>@<domain/ipaddress>
scp -P <port> <path to src file> <user>@<domain/ipaddress>:<target path> #send the file to target system
scp -P <port> <user>@<domain/ipaddress>:<src file path> <target file path locally> #fetch/download file from the target system
scp -r /path/to/local/source user@ssh.example.com:/path/to/remote/destination #send dir from the target system
scp -r user@ssh.example.com:/path/to/remote/source /path/to/local/destination #fetch/download dirctory from the target system
Bolt
For the --tmpdir flag we can use the home directory path of the remote user which will logged in on the behalf of the bolt. At some time /tmp is not executable due to which the command gets failed. (~mizz - will be confirm)
bolt command run "<command>" --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets @<ipaddress/hostname list file> -u <user>
bolt command run "<command>" --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets <ipaddress/hostname separate by ,> -u <user>
bolt script run <script> --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets @<ipaddress/hostname list file> -u <user>
bolt script run <script> --no-host-key-check --tmpdir=/tmp -p <password> --tty --targets <ipaddress/hostname separate by ,> -u <user>
Sed
sed -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be stdout
sed -i -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be saved in target file
sed -i 's/stringtoreplace/newstring/g' myfile.txt #replace the string from the file globally
find
find /tmp/* -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days
find /home/ -type f -name ".errors*.gz" -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days - with filename
find /home/ -type f -size +500M -name "*tempfile*" -exec du -sh {} \; #found the tempfile that has file size >500MB
find /home/ -type f -size +1G -exec ls -lh {} \; | awk '{ print $9 "|| Size : " $5 }' #find output in custom defined format like in this "dirname || Size:_"
#Combine find exec multiple commands
find /tmp/dir1/ -type f -exec chown root:root {} \; -exec chmod o+x {} \;#Combine find exec multiple commands
find /tmp/dir1/ -type f -exec chown root:root {} \; -exec chmod o+x {} \;#World-Writable dir
#CIS
find / -path /proc -prune -o -path /sys -prune -o -type d -perm -0002 -mindepth 3 -maxdepth 4 -printf "World-Writable dir %p\n" 2>/dev/null#find files with permission
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f
#4000 for suid, 2000 for guid#Combine find exec shell script function
#[Ref: https://www.golinuxcloud.com/find-exec-multiple-commands-examples-unix/#:~:text=Linux%20or%20Unix.-,Find%20exec%20multiple%20commands%20syntax,%5C%3B%20or%20as%20%22%20%3B%20%22.]
find /tmp/dir1/ -type f -exec bash -c '
for item do
[[ $item =~ "file1" ]] && mv -v $item ${item}_renamed
done
' bash {} +grep
cat myfile | grep -B 1 -A 4 -i 'string one\|string two' #it will show 1 line before and 4 lines after matching the strings form myfile
grep -lr "string" * #search recursively the string from all filesystem hierarchy, as its start from which current dir you are standing and it will list files
grep -ir "string" <* or file> #search recursively the string from all filesystem hierarchy and show the content what matches - * for all files otherwise specify a single file
grep -E -s "<regex>" <file>
#grep with -E extended regex -s with silent mode as no error message on screengrep -P -s -- "<regex>" <file>
#grep with -P perl regex -s with silent mode as no error message on screengrep -Eq '<regex>' <file> && grep -Eq '<regex>' file2 && result=pass
#grep with -E extended regex -q with quite mode as no error/stdout message on screenGzip/Tar/Compress directory
#The gzip command in Linux can only be used to compress a single file. In order to compress a folder, tar + gzip (which is basically tar -z) is used.
#ref: https://www.educative.io/edpresso/how-to-gzip-a-directory-in-linuxtar -zcvf myfolder.tar.gz myfolder #Compress folder/dir with -z in Linux
tar -tf myfolder.tar.gz #view the content of compressed filegzip filename #view the content of compressed fileunzip file.gz #uncompress the zip fileAWK
#Multiple Conditional Statement - Not Equal, Regex, Equal
awk -F: '($1!="root" && $1!="sync" ) {print}' /etc/passwd
awk -F: '($1!="root" && $1!~/^\+/) {print}' /etc/passwd
awk -F: '($1=="virusgroup") {print $3}' /etc/group
du -sh * | grep G | awk '($1~/[0-9]+\.?[0-9]*G$/)'
awk '/^\s*UID_MIN/{print $2}' /etc/login.defs
df --local -P | awk {'if (NR!=1) print $6'} #skip first or header linedf --local -P | awk {'if (NR!=1) print $6'} #skip first or header line#Variable in awk statement
awk -F: -v GID="$(awk -F: '($1=="shadow") {print $3}' /etc/group)" '($4==GID) {print $1}' /etc/passwd#Awk result with loop
awk -F: -v GID="$(awk -F: '($1=="shadow") {print $3}' /etc/group)" '($4==GID) {print $1}' /etc/passwd | (while read -r usr; do
[ -z "$output" ] && output="\"$usr\"" || output=",\"$usr\""
doneXARGS
#XARGS Application - to use last command result for next command
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -printf "%p has no owner\n" 2>/dev/null
stat
stat -L -c "%A" "$dir"
stat --printf='Name: %n\nPermissions: %a\n' /etc
stat --printf='User: %U | Group: %G' /etc
lsof
lsof -u <user> #list the openfiles by a user
Other
top -b -n 1 | head -n +5
uptime
sestatus #check selinux status
collectl -sc -p /var/log/collectl/server1-20220411-000000.raw.gz --top --from 00:00-03:00 -oTm
collectl -scn -p /var/log/collectl/server2-20220411-000000.raw.gz --from 00:15-00:41 --top
collectl -scD -p server1-000000.raw.gz --from 00:00-00:55 --top iokb | grep -w 'cp\|sdb\|Wait\|Pct\|PID' | less