Linux Commands Cheat Sheet.
All Useful Linux Commands In One Place
This whole repository is created to track all the useful linux commands in one place. Created for my own use but you can also star this repository to keep a track on this.
General Commands
- w: w displays information about currently logged in users and what each user is doing.
$ w
23:35:01 up 2:29, 1 user, load average: 0.72, 1.07, 1.04
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
recon :1 :1 21:04 ?xdm? 34:58 0.01s /usr/lib
- who Shows information about currently logged in user.
$ who
recon :1 2021-11-01 21:04 (:1)
Here, from left, recon – Login Name of the User
:1 – User terminal
2021-11-01 21:04 – Date & Time of login
- whoami: Shows the system’s username
$ whoami
recon
id: This command is used to find out user and group names and numeric ID’s (UID or group ID) of the current user or any other user in the server.
$ id
uid=1000(recon) gid=1000(recon) groups=1000(recon),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),132(lxd),133(sambashare)
- groups: This command is used to display all the groups for which the user belongs to.
$ groups
recon adm cdrom sudo dip plugdev lpadmin lxd sambashare
- users: Displays usernames of all users currently logged on the system.
users: Displays usernames of all users currently logged on the system.
- last: Displays a list of all last logged in users. The list can be huge according to the number of user logins.
$ last
recon :1 :1 Mon Nov 1 21:04 gone - no logout
reboot system boot 5.13.0-20-generi Mon Nov 1 15:06 still running
recon :1 :1 Mon Nov 1 20:30 - crash (-5:24)
reboot system boot 5.13.0-20-generi Mon Nov 1 20:30 still running
recon :1 :1 Mon Nov 1 23:53 - down (-3:24)
reboot system boot 5.13.0-20-generi Mon Nov 1 23:53 - 20:29 (-3:23)
recon :1 :1 Sun Oct 31 23:31 - down (01:56)
reboot system boot 5.13.0-20-generi Sun Oct 31 23:30 - 01:27 (01:56)
- lastlog: This command is used to find the details of a recent login of all users or a particular user pass through as a flag.
$ lastlog
Username Port From Latest
root **Never logged in**
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
sync **Never logged in**
games **Never logged in**
man **Never logged in**
lp **Never logged in**
mail **Never logged in**
news **Never logged in**
- Man: This command shows the documentation of every command of linux.
$ man ls
- Date: Shows date
$ date
Mon Nov 1 11:57:01 PM +06 2021
- History: History command shows all the previously used terminal commands in a list.
$ history
1 ls
2 lspci
3 lsusb
4 sudo lspci
5 sudo apt-get update
6 sudo apt-get upgrade
7 lspci
- whatis: Whatis shows a short particular information about a command.
Date: Shows date
- whereis: Shows the location of binary, source and manual files for commands.
$ whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz
- alias: Rename a long repitive command with a short name. For example you can make the command ls -la to any of your suitable name like below example. Then you can use that name to use the command.
$ ls -la
drwxr-xr-x 8 recon recon 4096 Nov 2 11:25 .
drwxr-xr-x 4 recon recon 4096 Nov 2 10:58 ..
-rw------- 1 recon recon 765 Nov 2 13:26 .bash_history
-rw-r--r-- 1 recon recon 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 recon recon 3564 Oct 27 16:56 .bashrc
$ alias nr="ls -la"
$ nr
drwxr-xr-x 8 recon recon 4096 Nov 2 11:25 .
drwxr-xr-x 4 recon recon 4096 Nov 2 10:58 ..
-rw------- 1 recon recon 765 Nov 2 13:26 .bash_history
-rw-r--r-- 1 recon recon 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 recon recon 3564 Oct 27 16:56 .bashrc
- To unalias type,
unalias <your alias name>
$ unalias nr
- clear: Clears the terminal
$ clear
File Management Commands
- pwd The pwd(Present Working Directory) command is used to show current working directory.
$ pwd
/home/recon
- ls: The ls command is used to list directories and files.
- Basic command to list files and directories exclusing hidden files:
$ ls
- List all the files with hidden files and directories that will be denoted as . at the start of the file or directory names.:
$ ls -a
- Use -la flag to list all the files with their permission details:
$ ls -la
- mkdir The mkdir (make directory) command allows users to create directories or folders.
$ mkdir mydir
$ ls
mydir
- The flag ‘-p’ is used to create multiple directories or parent directories at once.
$ mkdir -p dir1/dir2/dir3
$ cd dir1/dir2/dir3
~/home/recon/dir1/dir2/dir3$
- rmdir: The rmdir (remove directories) is used to remove empty directories. To delete directories that contains files and fodlers refer to
rm -r directoryName.
- Remove empty directory:
$ rmdir directoryName
- Remove multiple directories:
$ rmdir dir1 dir2 dir3
- Remove entire directory tree. This command is similar to
rmdir a/b/c a/b a:
$ rmdir -p a/b/c
rm: The rm (remove) command is used to remove files, directories, symbolic links etc from the file system.
- Remove file: The rm command is used to remove or delete a file.
$ rm <filename> or <path of file>
- Remove file forcefully: The rm command with -f option is used to remove file without prompting for confirmation.
$ rm -f filename
- Remove directory: The rm command with -r option is used to remove the directories that contains files. The -r flag is used to delete the contents recursively.
$ rm -r directoryName
- Remove directory forcefully: The rm command with -rf option is used to forcefully remove directory recursively.
rm -rf directoryName
- touch: The touch command is used to create new empty files. Touch is also used to change timestamps on existing files and directories.
- Create a file: You can create a single empty file using touch command.
$ touch file1.txt
- The above command will create a file titled file1.txt.
- Create multiple files: You can create the multiple numbers of files at the same time.
$ touch file1 file2 file3
- Change access time: The touch command with
-aoption is used to change the access time of a file.
$ touch -a file1.txt
- Change modification time: The touch command with
-moption is used to change the modified time.
$ touch -m file_name
- Use timestamp of other file: The touch command with
roption is used to get timestamp of another file.
$ touch -r file2 file1
- The above command will get the timestamp of file1 and will assign it to file2.
- Create file with Specific time: The touch command with ‘-t’ option is used to create a file with specified time.
$ touch -t 1911010000 file_name
- cp: The cp (copy) command is used to copy files and directories from one location to another location of the system.
- Copy file: The cp command is used to copy a file.
$ cp file1 /home/recon/files
- In this example file1 will be copied to the files directory which is at “/home/recon/files” path. 2. Copy directory: The cp command with -r option is used to copy whole directory with its files recursively.
$ cp -r directory1 /home/recon/myfiles
- In this example the whole directory1 will be copied to myfiles directory. 3. Copy files inside directory:
$ cp -r dir1/* /home/recon/myfiles
- In the above example, all the files inside dir1 will be copied myfiles folder. The dir1 will not be copied. Only the files inside it will be copied. You can also specify which files to copy by the following example.
$ cp -r dir1/*.txt /home/recon/myfiles
- The above example will copy only text files.
- Copy files without overriding: The cp command with -i will show you interactive prompt to replace if the destination directory already has the file.
cp -i myfile /home/recon/files
- mv: The mv (copy) command usage is almost similar to the cp command and it is used to move or rename files or folders.
- Rename files: mv command is also used to rename files in the following way.
$ mv oldname newname
- In this example file1 will be copied to the files directory which is at “/home/recon/files” path. 2. Move files:
$ mv file.txt /home/recon/myfiles
- You can also move mutiple files in one command.
$ mv file1 file2 file3 /home/recon/myfiles
- Move Directories:
$ mv dir1 /home/recon/myfiles
- Move files without overriding:
mv -i myfile /home/recon/files
- cat: The cat command is used to view contents of single or multiple files, concatenate files and redirect output in terminal or files.
$ cat file1 file2
- file: The file command is used to know the file type.
$ file file1.txt
file1.txt: ASCII text
Text Processing
- cut: The cut command is used to extract portion of texts from a file.
$ cut -c 4 file.txt
- This will show 4th character from each line of that file. You can also modify it in the follwing way to specify your range.
$ cut -c 4-10 file.txt
- Here the character range is 4-10. To cut off according to fields, -f option is used.
$ cut -f 2 file.txt
- By default it uses TABs as the delimiter. so everything separated by a TAB is considered a field.
- paste: The paste command is almost similar to cat command. But instead of just showing the text of the file it merges the lines of the file in one line. For example suppose
file1.txthas the below text.
Terminal
is
awesome
- Now apply the following command on the text file.
$ paste -s file1.txt
- The output will be ‘Terminal is awesome’. By default it is using TABs as the delimiter. But you can set custom delimiter as the following example.
$ paste -d ' ' -s file1.txt
The above example will use spaces the delimiter.
- head: the head command is used the view the first 10 lines of a text file. It’s very useful the see the contents of a huge log files.
$ head /var/log/syslog
- You can also define how many lines you want to view by the -n option.
$ head -n 20 /var/log/syslog
- tail: The tail command is almost similar to the head command. But instead of showing the first 10 lines, it will show you the last 10 lines as default.
$ less /var/log/syslog
Use the following command to navigate through less:
q – Used to quit out of less and go back to your shell.
Page up, Page down, Up and Down – Navigate using the arrow keys and page keys.
g – Moves to beginning of the text file.
G – Moves to the end of the text file.
/search – You can search for specific text inside the text document. Prefacing the words you want to search with /
h – If you need a little help about how to use less while you’re in less, use help.
- expand and unexpand: expand is used to convert all the TABs in a text file to spaces.
$ expand file1.txt
To convert the spaces back to TABs. Use the unexpand command.
$ unexpand -a file1.txt
- sort: The sort command is used to sort the lines in a text file.
$ sort file1.txt
- To do a reverse sort the -r option is used.
$ sort -r file1.txt
- tr: the tr (translate) command is used to translate a set of character to another one. The following example will convert all lowercase character to uppercase one.
$ tr a-z A-Z
terminal
TERMINAL
- uniq: Just as the name says it it, the uniq (Unique) command is used to remove all the duplicate texts from a file.
$ uniq file1.txt
- wc: The wc command is used to show count of words, lines and bytes from file respectively.
$ wc file1.txt
- To see only the line counts use the following.
$ wc -l file1.txt
Similarly, -w, -c can be used to show only count of words and bytes respectively.
- grep: When it comes to text processing or filtering results of other commands, grep is probably the most used command in such cases. The main syntax is following.
$ grep pattern file
- You can also defines the patterns that are case sensitive by -i flag.
$ grep -i pattern file
- Grep can also be used with commands as a pipeline.
$ ls /recon/home | grep -i file1
- The above command will show the file1 from /recon/home directory. To search for the lines which doesn’t contain the particular keyword use the -v option.
$ ps aux | grep -v grep
The above example will ignore all the grep processes and shows the others.
- Grep can also be used with regular expressions.
$ grep "one$" file1.txt
The above command will show the lines which are ending the word one. Some other useful regular expressions with grep are as follows.
- Matching any character: To match any character with a particular word the period (.) is used.
$ grep "..rent" file.txt
The above command will match anything that has two characters and then the string rent
- Bracket Expressions: You can also specify mutiple words with a particular character by enclosing them with a bracket.
$ grep "swe[ea]t" file.txt
The above command will match this two words sweet and sweat
- To find every line which starts with a capital letter,
$ grep "^[A-Z]" file.txt
- Instead of using character ranges POSIX classes can also be used for the above example,
$ grep "^[[:upper:]]" file.txt
- To find each line that contains an opening and closing parenthesis, with only letters and single spaces in between, the following expression can be used,
$ grep "([A-Za-z ]*)" file.txt
- To escape meta characters, the backslash character () in front of the characters are used.
$ grep "^[A-Z].*\.$" file.txt
The above example will find any line that begins with a capital letter and ends with a period. But it escapes the ending period so that it represents a literal period.
- Extended Regex: To use extended regular expression the -E option is used. To group multiple expressions, enclose them in a paratheses.
$ grep -E "(Color|Colour)" file.txt
The above example will find either Color or Colour from the text.
- To find any words between chracter range, enclose the range with
{ }brackets.
$ grep -E "[[:alpha:]]{5,10}"
The above command will find all words that have between 5-10 characters.
- To ignore any lines that are commented or blank use the following grep command,
$ sudo grep -vE '^(#|$)'
It’s very useful to find lines in a big configuration file.
Permission Commands
Linux has four types of permissions.
r = read
w = write
x = execute
– = no permission
Each file and directory has three types of owners. i. User: Owner of the file who created it. ii. Group: Group of users with the same access permissions to the file or directory. iii. Other: Applies to all other users on the system
Changing Permission: The chmod command is used to change file or directory permissions. There are two types of usage of this command.
- Absolute mode: In this mode file permission is represented by an octal value. The numeric representation of the values are the following.
- 4: read permission
- 2: write permission
- 1: execute permission
$ sudo chmod 755 myfile
The above commands means the following. 7 = 4 + 2 + 1, 7 is the user permissions and it has read, write and execute permissions
5 = 4 + 1, the group has read and execute permission
5 = 4 + 1, and all other users have read and execute permissions
- Symbolic mode: In this mode permissions can be changed for specific owners. The owners are represented in below table.
| Owner | Description |
|---|---|
| u | user/owner |
| g | group |
| o | other |
| a | all |
The permissions can be add, remove and assign by using mathematical symbols like as below.
+: Add permission-: remove permission=: Assign permission
$ chmod u+x file
The above command will add execute permission to user. Similarly, You can add or remove permission like below examples.
$ chmod u-x file
Removes execute permission from user.
$ chmod ug+x file
Adds execute permission to both user and group.
$ chmod g-w file
Removes write permission from group.
$ chmod o+r file
Add read permission to others.
Changing Ownership:
1. User ownership: User ownership can be updated by using the chown command.
$ chown user file
or,
$ chown username:groupname file
2. Group ownership: Group ownership can be modified by using the chgrp command.
$ chgrp groupname file
Networking Commands
- ifconfig: The
ifconfigcommand is used to display and configure all network interfaces.
$ ifconfig -a
To create an interface and bring it up use the following command.
$ ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up
- ifup and ifdown:
$ ifup eth0
$ ifdown eth0
ifup is to enable a network device and ifdown will disable it.
- ip command: the
ipcommand is a versatile command and is the replacement for bothifconfigcommand androutecommand. It can be used for mutiple puposes.
Showing interfaces: Equavalent to ifconfig command.
$ ip link show
Showing interface statistics:
$ ip -s link show eth0
Showing ip address assigned to interfaces:
$ ip address show
or,
$ ip addr show
To bring interfaces up and down: Equlavalent to ifup and ifdown command
$ ip link set eth0 up
$ ip link set eth0 down
Add an IP address to an interface:
$ ip address add 192.168.0.1/24 dev eth0
Showing routing table: Equavalent to route command.
$ ip route list
Add a route: Equavalent to route add command.
$ ip route add 192.168.0.1/24 via 10.10.12.3
Remove a route: Equavalent to route del command.
$ ip route delete 192.168.0.1/24
- route command: The
routecommand is used to command is used to show, add or delete routes.
Showing routing table: Equavalent to route command.
$ sudo route -n
Add a route: Equavalent to ip route add command.
$ sudo route add -net 192.168.0.1/24 gw 10.10.12.3
Remove a route: Equavalent to ip route delete command.
$ sudo route del -net 192.168.0.1/24
- ping: the
pingcommand is used to check whether a packet can reach to the destination host or not.
$ ping google.com
- whois: The
Whoiscommand is used to get whois information of a domain.
$ whois google.com
- traceroute: The
traceroutecommand is used to see how packets are getting routed.
$ traceroute google.com
- netstat: The
netstatcommand is used to show the detailed information about the network.
$ netstat -at
To view the active ports of the device use the following command.
$ netstat -pnltu
- tcpdump: The
tcpdumpis to monitor packet activities. It will not be available by default in the operating system. It can be installed bysudo apt install tcpdumpcommand.
$ sudo tcpdump -i wlan0
- dig: The
digcommand is used to view the DNS information. It is equavalent tonslookupcommand.
$ dig www.google.com
- nslookup: The
nslookupcommand can be also useful in case of DNS information. It is equavalent todigcommand.
$ nslookup www.google.com
- nmcli:
nmclicommand allows one to control and modify NetworkManager
$ sudo nmcli
For more usage information use man nmcli command.
- dhclient: The
dhclientcommand is used to obtain a fresh IP from the DHCP server.
$ sudo dhclient
- arp: The
arpcommand is used to show the arp cache of your device.
$ arp -a
- hostname:
hostnamecommand can be usedful to view the device IP.
$ hostname -I
- nmap: The
nmapcommand is used to scan open services and ports of a server.
$ nmap -A reconshell.com
To view the firewall setting with all information use the following command.
$ nmap -sA reconshell.com
