Basic Linux Commands (Tips and Tricks)

This post is to collect some basic linux commands I used while working on some Linux system:

Upgrade System
Basic Commands
Iptable firewalls
User and Group
Change Interface IP Address
Fold and Disk Commands
Cron Job
Create SSH Trust Relationship between two Linux Machines
Find Big Files in Linux File System
Find Out My Linux Distribution Name and Version
Check Your Public IP Address from CLI
PS command
VI Command
Check Hardware Info
Install a software on Linux
Use ssh key to encrypt / decrypt files
AWS Amazon Linux Instance Commands
Change Time Zone
Add/Remove Route
Remove Specific SSH Host Key

Upgrade System

For Ubuntu:

apt-get -y update & apt-get -y upgrade & apt-get -y dist-upgrade

for CentOS

yum - y update & yum -y upgrade

Basic Commands

man ： manual
ls ：List Directory Contents

pwd ：print working directory
cd ：change directory
mkdir ：Make directory
cp ：Copy
mv ：Move
find, locate, which and whereis : four commands to search file / folder in Linux
kill:
Linux Developing History

passwd ：Password
md5sum ：Compute and Check MD5 Message Digest
history ：History (Event) Record。
sudo ：(super user do)
touch ：Update the access and modification times of each FILE to the current time
chmod ：change file mode bits
chown ：change file owner and group
apt ：Advanced Package Tool
dd: Convert and Copy a file
[email protected]:~# dd if=/home/user/Downloads/debian.iso of=/dev/sdb1 bs=512M; sync
tar : Tape Archive
cal : Calendar
cat : Concatenation. Concatenate (join) two or more plain file and/or print contents of a file on standard output.
grep : searches the given file for lines containing a match to the given strings or words
ps : (Process)
service : command controls the Starting, Stopping or Restarting of a ‘service‘
df : disk usages of file system
du : disk usages
cmp : compare
wget : a free utility for non-interactive (i.e., can work in background) download of files from the Web
mount
gcc : is the in-built compiler for ‘c‘ language in Linux Environment.
g++ is the in-built compiler for ‘C++‘ , the first object oriented programming language.
Java is one of the world’s highly used programming language and is considered fast, secure, and reliable. Most of the the web based service of today runs on java.

Iptable firewalls

2.1 Delete IPtable firewall rules

[[email protected] ~]# /sbin/iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
74M 53G RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 18M packets, 1069M bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
5462 734K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
46700 2228K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
719 34592 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
63M 52G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3094 150K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10M 1029M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

[[email protected] ~]# /sbin/service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[[email protected] ~]# /sbin/service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[[email protected] ~]# /sbin/iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[[email protected] ~]# /sbin/service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]

Or we can use the following command or script to stop the rules:

#!/bin/sh
echo "Saving current firewall rules at /root/current.firewall file..."
iptables-save > /root/current.firewall
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

2.2. Changing Debian IPTABLES Rules To Survive Reboot

2.2.1. iptables scripts to enhance the rules at /usr/local/scripts/rc.iptables during a reboot

Linux1~# cat /etc/init.d/iptables
#!/bin/sh
#
IPTABLES_CONFIG=/usr/local/scripts/rc.iptables
PATH=/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin

if [ ! -x /sbin/iptables ]; then
exit 0
fi

start() {
if [ -f $IPTABLES_CONFIG ]; then
iptables -F
iptables -X
echo $"Applying iptables firewall rules: "
$IPTABLES_CONFIG
echo
touch /var/lock/subsys/iptables
fi
}

stop() {
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
echo
rm -f /var/lock/subsys/iptables
}

case "$1" in
start)
start
;;

stop)
stop
;;

restart)
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac

exit 0

Linux1~# vi /usr/local/scripts/rc.iptables

Linux1~# /etc/init.d/iptables restart

Linux1~#iptables -L -v -n | more

2.2.2. using iptables-restore and iptables-save to edit iptables rules

iptables-save > /etc/iptables.test.rule

editor /etc/iptables.test.rule

iptables-restore < /etc/iptables.test.rule

iptables-save > /etc/iptables.up.rule

editor /etc/network/if-pre-up.d/iptables

Add these lines to iptables file:
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rule

The iptables file under /etc/network/if-pre-up.d/ needs to be executable so change the permissions:

chmod +x /etc/network/if-pre-up.d/iptables

Note: What I found is in some old Debian system, method b does not work. But method a works all the time.

User and Group

[[email protected] ~]# useradd test1
[[email protected] ~]# passwd test1
Changing password for user test1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

[[email protected] ~]# usermod -a -G root test
[[email protected] ~]# id test
uid=501(test) gid=501(test) groups=501(test),0(root) context=root:system_r:unconfined_t:s0-s0:c0.c1023
[[email protected] ~]# groups
root bin daemon sys adm disk wheel
[[email protected] ~]# users
root root
[[email protected] ~]# groupadd network

[[email protected] ~]# groups
root bin daemon sys adm disk wheel
[[email protected] ~]# cat /etc/group
root:x:0:root,test,test1
test:x:501:
test1:x:502:
network:x:503:
[[email protected] ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
test1:x:502:502::/home/test1:/bin/bash

Change Interface IP Address

Temporary:

ifconfig eth1 192.168.2.50 netmask 255.255.255.0 up

Permanently

RHEL / Red hat / Fedora / CentOS Linux eth1 config file - /etc/sysconfig/network-scripts/ifcfg-eth1
Debian / Ubuntu Linux - /etc/network/interfaces

Restart the networking service, enter:
# /etc/init.d/network restart

Fold and Disk Commands

[[email protected] var]# rm -r dbbackup/ -f
[[email protected] var]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 7.6G 7.3G 0 100% /
/dev/hda1 244M 12M 219M 6% /boot
tmpfs 504M 0 504M 0% /dev/shm
/dev/hdb1 197G 197G 0 100% /data

[[email protected] var]# du -s
4779468 .

Cron Job

[[email protected] ~]$ sudo su -
Password:
[[email protected] ~]# crontab -l
@daily scp -r find /var/netscreen/dbbackup/ -mtime -1 -type d -print [email protected]:/data
@daily mv /root/CP_MGMT_*.tgz /data/backup/cp/

[[email protected] ~]# crontab -e
[[email protected] ~]#

There are 5 fields before the actual command:
field allowed values
----- --------------
minute 0-59
hour 0-23
day of month 1-31
month 1-12 (or names)
day of week 0-7 (0 or 7 is Sun, or use names)

Run a command once/week scheduled Saturday morning at 6am:

0 6 * * sat /path/to/command

0 6 * * 6 /path/to/command

Note: Website crontab.guru to write a proper cron job . https://wdt.io/ can provide cron job monitor service. For example, reboot httpd service every four hour:

[[email protected] log]# vi /etc/crontab 

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

0 */4 * * * root sudo service httpd restart && curl -sm 30 k.wdt.io/[email protected]/reboot_httpd_4h?c=0_*/4_*_*_*

Create SSH Trust Relationship between two Linux Machines

Become root:
sudo su -

Change to user nsm:
su nsm

Go to the /home/nsm directory:
cd /home/nsm

Create the keys: (Path should be /home/nsm/.ssh/id_rsa. Leave the passphrase blank.)

ssh-keygen -t rsa

Secure copy the public key to the other server as the admin user: (use admin password)

scp /home/nsm/.ssh/id_rsa.pub [email protected]<ipAddressOfOtherServer>:/home/admin/authorized_keys

or Go to the remote server. The command below will add the key that is in temp1 file to the end of the authorized_keys file.

cat temp1 >> authorized_keys

Repeat steps 2-6 on deviceB. On deviceB, become root: (from user nsm, exit to root). Move the authorized_keys file that was copied to admin into nsm/.ssh:

mv /home/admin/authorized_keys /home/nsm/.ssh/authorized_keys

Change ownership of authorized_keys:

chown nsm:nsm /home/nsm/.ssh/authorized_keys

At this point, you will be able to SSH between both servers without it asking for a password.

ssh [email protected]

Find Big Files in Linux File System

find . -type f -size +10000 -exec ls -lh {} \;
find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
Find large files (>10M) in current folder

find . -type f -size +10000k

a. Juniper Firewall

Sample output:

[email protected]% find . -type f -size +10000 -exec ls -lh {} \;
-rw-r--r-- 1 930 929 134M Jan 5 17:34 ./cf/packages/junos-11.4R6.6-domestic
-rw-r--r-- 1 root wheel 139M Sep 8 2011 ./cf/var/log/junos-srxsme-11.2R2.4-domestic.tgz
-rw-r----- 1 root wheel 4.9M Feb 11 17:12 ./cf/var/db/idpd/db/secdb_02.db
-rw-r----- 1 root wheel 6.7M Feb 11 17:13 ./cf/var/db/idpd/db/secdb_03.db
-rw-r----- 1 root wheel 64M Feb 11 17:13 ./cf/var/db/idpd/db/secdb_06.db
-rwxr-xr-x 1 admin 20 24M May 23 08:38 ./cf/var/db/idpd/nsm-download/SignatureUpdate.xml
.....
b. Checkpoint Firewall gateway:
[[email protected]]# find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
./sysimg/CPwrapper/linux/CPEndpointSecurity/EndpointSecurityServer.bin: 145M
./sysimg/CPwrapper/linux/windows/SmartConsole.exe: 194M
./sysimg/CPwrapper/linux/CPrt/CPrt-R75.40-00.i386.rpm: 53M
./sysimg/CPwrapper/linux/CPportal/CPportal-R75.40-00.i386.rpm: 59M
./var/log/db: 336M
....

Find Out My Linux Distribution Name and Version

[[email protected] ~]# cat /etc/*-release
Red Hat Enterprise Linux Server release 5.5 Beta (Tikanga)

[[email protected] ~]# cat /proc/version
Linux version 2.6.18-186.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Wed Jan 27 18:14:15 EST 2010

Linux1:~# cat /proc/version
Linux version 2.6.26-2-amd64 (Debian 2.6.26-27) ([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Wed Sep 21 03:36:44 UTC 2011

[[email protected] ~]# lsb_release -a
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 5.5 Beta (Tikanga)
Release: 5.5
Codename: Tikanga

Linux1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 5.0.9 (lenny)
Release: 5.0.9
Codename: lenny

uname = (Unix Name),

[[email protected] ~]# uname -a
Linux Linux01p 2.6.18-186.el5 #1 SMP Wed Jan 27 18:14:15 EST 2010 i686 i686 i386 GNU/Linux

[[email protected] ~]# uname -mrs
Linux 2.6.18-186.el5 i686

Check Your Public IP Address from CLI

curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
curl icanhazip.com
telnet www.checkmyip.com 80 | grep confidence | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'
wget -O - -q icanhazip.com
wget http://ipinfo.io/ip -qO -
curl ifconfig.me

PS command

Display the top 5 processes consuming most of the cpu:

[[email protected]]# ps aux --sort=-pcpu | head -5
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
admin 3935 14.9 1.0 33032 10344 ? Ss 09:27 5:13 /bin/confd
admin 3941 5.0 58.1 559724 556864 ? Ss 09:27 1:46 /bin/monitord
admin 4215 1.4 3.6 251040 35412 ? Ssl 09:28 0:28 cpd

admin 3937 0.7 0.2 26076 2808 ? Ssl 09:27 0:15 /bin/searchd

VI Command

Cut and paste:

Position the cursor where you want to begin cutting.
Press v to select characters (or uppercase V to select whole lines).
Move the cursor to the end of what you want to cut.
Press d to cut (or y to copy).
Move to where you would like to paste.
Press P to paste before the cursor, or p to paste after.

Check Hardware Info

For CPU:
$ cat /proc/cpuinfo
$ lscpu

For Memory :$ free -m (give you result by MB)
$ cat /proc/meminfo

For HDD:$ df -h (give you human readable result)
$ sudo fdisk -l
$ hdparm -i /dev/device (for example sda1, hda3...)

Install/Uninstall a software on Linux

For Red Hat/Fedora:
$ yum install firefox

If you are using Red Hat Enterprise Linux, it happens that the package you are looking for is in EPEL, so you can install that:
sudo rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

and then you can:
yum install ncdu.

For Ubuntu ( run this as root ) :
# apt-get install firefox

For Debian/Ubuntu
# aptitude install firefox

Use ssh key to encrypt / decrypt files

Create a file:
echo ‘This is a sekret’ >/tmp/msg.txt

Export public key:
openssl rsa -in ~/private.pem -out /tmp/public.pub -outform PEM -pubout

Encrypt file with public key (anyone can have this key):
openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc

Decrypt the file with private key (only you should have the private key):
openssl rsautl -decrypt -inkey ~/private.pem -in /tmp/file.enc -out /tmp/decrypted.txt

Check decoded message:
cat /tmp/decrypted.txt

AWS Amazon Linux Instance Commands

sudo yum update -y
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
sudo service httpd star

sudo chkconfig httpd on
chkconfig --list httpd
curl http://localhost

sudo usermod -a -G apache ec2-user
groups
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
sudo yum list installed httpd24 php70 mysql56-server php70-mysqlnd
sudo service mysqld start
sudo chkconfig mysqld on
sudo service httpd restart

Change Time Zone

Ubuntu

[email protected]:/var/log/apache2$ timedatectl list-timezones | grep Toronto
America/Toronto
[email protected]:/var/log/apache2$ sudo timedatectl set-timezone America/Toronto
sudo: unable to resolve host ip-10-1-1-50
[email protected]:/var/log/apache2$ date
Fri Sep 29 22:09:11 EDT 2017

AWS Linux/CentOS/RHEL 6/5

[[email protected] ~]$ sudo su
[[email protected] ec2-user]# mv /etc/localtime /root/localtime.old
[[email protected] ec2-user]# ln -s /usr/share/zoneinfo/America/Toronto /etc/localtime
[[email protected] ec2-user]# date
Fri Sep 29 22:11:00 EDT 2017
[[email protected] ec2-user]#

Add/Remove Route


LinuxSvr:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 10.9.2.10
        netmask 255.255.255.0
        network 10.9.2.0
        broadcast 10.9.2.255
        gateway 10.94.22.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 10.9.1.5
        dns-search accounts.intern gdc.intern intern
        #
        #up route add -net 19.18.0.0/16 gw 10.9.2.3
        #up route add -net 172.1.0.0/16 gw 10.9.2.3
        #up route add -net 10.0.0.0/24 gw 10.9.2.3
mta:~#

Remove Specific SSH Host Key

If you have remote server system has changed, your ssh session might failed because ssh fingerprint is not matching what you have now for that host. To fix this issue, you will just need to remove existing host's fingerprint.

users-Mac-mini:~ user$ ssh -lroot 111.67.205.98

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

SHA256:V9o8sh2Vxm56r+2q42minB4D88a8yTanlAPs4h/VAMY.

Please contact your system administrator.

Add correct host key in /Users/user/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /Users/user/.ssh/known_hosts:4

ECDSA host key for 111.67.205.98 has changed and you have requested strict checking.

Host key verification failed.

users-Mac-mini:~ user$ vim ~/.ssh/known_hosts

and hit

dd

then save it.

Reference:

Latest Posts

Basic Linux Commands (Tips and Tricks)

Upgrade System

For Ubuntu:

Basic Commands

Iptable firewalls

User and Group

Cron Job

Find Big Files in Linux File System

a. Juniper Firewall

Check Your Public IP Address from CLI

PS command

VI Command

Cut and paste:

Check Hardware Info

No comments

Search This Blog

Categories

Cyber Security Blog Archive

Comments

YouTube Channel

Translate

Follow by Email

Contact Form

Popular Posts