Linux shell / bash /commands cheatsheet

Explain shell commands

https://explainshell.com/

Bash redirection

• command > stdout.txt
• command 2> stderr.txt
• command &> stdout_and_err.txt
• command > stdout.txt 2> stderr.txt

Advanced:

• command | tee > stdout.txt    outputs stdout to shell and stdout.txt

Output stdout+stderr and log to files:

• command > >(tee --append stdout.txt) 2> >(tee --append stderr.txt >&2) | cat

Ideal for cronjobs: Logs stdout and stderr to the same file, outputs stderr but hides stdout

• command > >(tee --append command.log > /dev/null) 2> >(tee --append command.log >&2) | cat

From: http://stackoverflow.com/questions/692000/how-do-i-write-stderr-to-a-file-while-using-tee-with-a-pipe
The final "| cat" returns to the prompt

 

Remove all partitions

dd if=/dev/zero of=/dev/sdb bs=512 count=1

List all network devices in local network

nmap -sP 192.168.122.1/24

All running processes

ps -aux

Kill a process: kill -9 2745

Log Top 10 Processes

watch -t -n 10 "top -b -n 1 | head -n 17 | tee -a /var/log/top.log"

• watch -n 10 (every 10 seconds) -t (without header)
• top -b (batch)  -n 1 (only one iteration/refresh)
• head -n 17 (show the first 17 lines)
• tee -a log.log (-a append)

List open ports

netstat -pntl

Number of files in directory

ls -1 | wc -l

Delete files modified older than one month

Values are in minutes

find /var/lib/php/sessions/ -type f -cmin +43200 -delete

Inodes

Inode information:

df -i

Find directory which uses most inodes

find /var -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n

lsof

"list open files" - show all open handels. Can be used as a last resort action to find out who blocks a file/device

lsof | grep /mnt

fatrace

Shows which process access the harddrive (with "-c"  in the current directory)

fatrace -c

Monitor which files a process accesses

strace -p 1234

Log harddrive access

E.g. to find out what wakes up a hdd

• echo 1 | sudo tee /proc/sys/vm/block_dump
• tail -f /var/log/syslog | grep sdb

du

total foreach subdir

du --max-depth=1 -h

or

du ./* -shx

Force du to include hidden directories (.dir/)

du .[!.]* * -shx

sort by size, human readable

du -hs ./* | sort -h

Find big files

http://askubuntu.com/questions/36111/whats-a-command-line-way-to-find-large-files-directories-to-remove-and-free-up

find / -size +10M -ls

date

Get the current unix timestamp

date +%s

parted

Get a list of disks

• parted
  • print devices

Get uuids of disks for fstab

• blkid

Get uuid for a device

• blkid -o value -s UUID /dev/sda1

Great overview over disks and partitions

• lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,TYPE,LABEL

Remove MBR

E.g. from bootable USB-Stick

• sudo dd if=/dev/zero of=/dev/sdc bs=446 count=1

fsck

• fsck.ext3 -v -f -c -y /dev/sdb1
• smartctl -a /dev/sdb

GUI: palimpsest

tcpdump

Look for incoming ssh traffic

tcpdump 'tcp port 80'

iotop

Look for i/o intensive processes

ip link

Show hardware network interfaces

Correct edit time of files

30 minutes in the future. For the past use "30 minutes ago"

touch -d "30 minutes" filename.txt

@see: http://www.cyberciti.biz/tips/linux-unix-get-yesterdays-tomorrows-date.html

Permanently disable a service

systemctl disable smartmontools

Show logs of shutdown / reboots

Display list of last reboot entries: last reboot | less

Display list of last shutdown entries: last -x | less

or more precisely: last -x | grep shutdown | less

Use comments in single line commands

• date; `# show the current date`; ls -l; `# show contents of current directory`; hostname --fqdn; `# show fqdn of hostname`

Or split to multiple lines for better readability

• date;             `# show the current date`; \
  ls -l;            `# show contents of current directory`; \
  hostname --fqdn;  `# show fqdn of hostname`

Add user with disabled password

• adduser --disabled-password myusername

Get current network interface name

ls /sys/class/net | grep enp

Search and Replace with sed

• sed 's/search/replace/g'
• sed 's/^search/replace/g'
  • "search" needs to be at the begining of the line