Linux Commands

This page sheds light on commands which may not be known to newbies of Linux OS

Just like apt (the package manager) is used to install services, "apt purge" can be used to remove the same.

nl

Just like cat command is used to display the contents of the file, if suppose line number is also required against the content, then nl is the command for it

tac

It is simply reverse of cat.

Wildcards

?, *, [], [!] are some of the wildcards that can be used in linux. The ? wildcard represents one character, the * represents any number of characters, the list of characters contained in the [] represents one character, but the character must be a member of the list, and the list of characters contained in [!] represents one character, but the character cannot be a member of the list.

sort

As per help section, sort has the following options:

who, w and last

who is the command which is equivalent of "query user" or "qwinsta" in Windows, which basically tells the currently logged in users. Similarly, last is used to check the last logged on users, basically the login history. Lastly w tells the same information as who but with more details.

Note, in Debian/Ubuntu login logs (equivalent of WIndows Event Viewer -> Security Logs) are stored in information is stored in /var/log/auth.log, while for Redhat/CentOS, it is stored in /var/log/secure and for Debian/Ubuntu system logs (equivalent of WIndows Event Viewer -> System Logs) are stored at /var/log/syslog while for RHEL/CentOS machine, the output is stored in /var/log/messages

Note: A user in sudoers group can switch to profile of other user . Command is: sudo su - <username>

In Fedora Distributions, the sudoers group is called wheel

xargs

Xargs is an utility that can simplify the processing of complex operations, repetitive tasks, batch processing, and large data manipulation. Xargs reads data from stdin, and then executes the command supplied to it as an argument. By default, xargs reads data separated by blanks because it treats spaces as delimiter, and then executes a command once for each argument. Note that blank lines are ignored.

test, expr and let

These commands can use the following operands:

test is used to check file types and compare values and returns true or false. Another way to use test is to use the construct [...]

Note that test would return 0 if true and 1 if false. this can be demonstrated using echo $? which tells the op of last command

expr command evaluates arithmetic or string expressions and sends the result to stdout. When one use the expr command to perform multiplication in an expression, one must use a backslash as an escape character before the multiplication operator, as the * character is recognized by the shell as a special character. This is as shown below. The construct for expr is $((...))

Note, to substitute a variable, use $variable-name

let command is equivalent to enclosing an arithmetic expression in double parentheses. The construct for let is ((...))

tree

This is equivalent of the following command but displays files in form of branches of a tree:

ls -R

ln

It is used for creating hard links and symlinks (soft links) in linux.

Note: Symlinks are file-system objects used for creating symbolic links which are just pointers pointing to a file or directory, where as Hard links creates a direct association with the target file by acting as its mirror (because a hard link creates an alias, or an associated name with the same inode number)

Note, to revoke permissions in linux, one can simply use chmod with zero i.e., chmod 700 will only take permissions from group and others and will keep rwx with owner.

head and tail

head lets user view only the top 10 lines of data in a file. one can also pass the argument n to mention how much lines should the head command display. tail is the exact opposite which displays the last 10 lines of a file.

wc

wc or word count simply tells the number of lines, word count, byte and characters count

more and less

diff

This is used to compare two files.

Note: zless and zdiff are basically commands used to the same operations as less and diff but for files in an compressed archive.

which and whereis

which is a tool for locating the path to a command while whereis also does the same but also returns the location of manpage

locate and find

locate and find - both are used to search a file by its name. The key difference is that locate uses a previously built database while file searches in the filesystem. While locate is faster, find is more aggressive with options such as -name, -type and -exec

file

It is used to know more about the type of file to the user. please note that file commands reports on the basis of the contents inside the file and not based on file extension.

Just like the Sysinternals utility strings64.exe, in linux, there is a command called as strings which dumps printable character sequences in any file regardless of its type

apropos

This command is used to find other commands based on the keyword that has been passed as an argument

top and htop

top is similar to task manager of windows i.e., to see the running processes. htop unlike top is interactive process viewer with functionality such as searching, tree view and capability to use a mouse with it

ps lists a snapshot of the running processes. By default, it only shows processes owned by the user executing the command. The -a flag shows processes of all owners. The -u flag provides verbose o/p. The -x flag includes processes i.e., services started by the host on startup.

ss

To list running services, one can use the ss command

useradd, usermod and userdel are used for creating, modifying and deleting a user.

lsof

lsof command stands for List Open Files. Since Linux sees every object as a file, such as devices, directories, etc., unidentified open files prevent users from modifying them.

sed

It is stream editor. It brings the contents of a file into a stream, where modification operations such as text substitution or other text manipulation operations like insert, delete, search, and more. Please note that it doesn't change the actual file but in the stream. To change in the actual file, one can use re-director (>) to ultimately save the content in new file.

Redirector

In the world of Linux and Unix, there is something called as file descriptors. File descriptors are used to represent and manage input and output streams between processes and files, sockets, pipes, and other sources or destinations of data. A file descriptor is a unique non-negative integer that serves as a handle or identifier for an open file or communication channel. At least one file descriptor exists for every open file on the system. When a program asks to open a file — or another data resource, like a network socket — the kernel grants access, creates an entry in the global file table and provides the software with the location of that entry i.e., the global file table has entries pointing to inode number where a particular stream of a file is sent.

Usually there are two out streams: one is main o/p and one is error. When only > is used, only o/p is redirected to a file or process but when both needs to be redirected, then 2>&1 has to be used

gpg and gpgtar

gpg (GNU Privacy Guard) is used for creating encrypted keys and actually encrypting a file. As part of encryption for data at rest, gpgtar is used for encrypting files or directories using tar for compression of the said file.

Note, encfs is usually used for mounting or creating an encrypted virtual filesystem. cryptsetup is used for encryption of entire volume.

/dev/null - Whatever is written to this file vanishes, and reading from the file outputs nothing. So one can use this file is used to eliminate the standard output or error of a shell command, by redirecting it to this file.

/dev/zero - Upon reading, this file provides an endless stream of zeros and anything written to the file vanishes.

dd, du and df

dd is also known as disk/data duplicator. As per manpage, dd can be explained as follows:

// To take backup of entire disk by copy pasting using dd
dd if=/dev/sda of=/dev/sdb conv=noerror, sync

// Note, because default bs is 512, a 1.5 kb file will take 3 turns to copy as 1.5 kb=512bytes*3
and if we want to copy 1/3 of a file then we can simply provide count=1, so that only 1st default size of 512 bytes is copied, so command can be:

dd if=/etc/shadow of=realdeal count=1

du is used to check the space of an entire directory w.r.t to what size a particular file or subdirectory has taken while df is used to check the overall disk space.

tmux

Also known as terminal multiplexer. This is particularly used to maintain terminal continuity across sessions. So, let's just say, one person is taking ssh and ran a command which will take, let's just 16 hours and in between, the person closed the terminal, so when he/she comes back, the command that was running needs to be re-run because when the session was closed, the command was also mid-way terminated. To solve, this problem, tmux was brought in. The logic is that once ssh access is taken, one needs to start a tmux session in that terminal and type all commands in that tmux, so even if ssh access is closed, ssh session when regained, can access the tmux to continue the work.

// For creating a new named session
tmux new -s <name-of-session> 

// For attaching to a named session
tmux attach -t <name-of-session>

// For copying from a tmux session
Ctrl + b [

// For increasing the scrollback buffer to 2 lac lines
Ctrl +b
: set -g history-limit 200000

// For deteaching a tmux session
Ctrl + b 
d 
OR
Ctrl + b
: detach

// For listing a tmux session, one can do the following:
tmux list-sessions

// For killing a tmux session, once you are inside the session
Ctrl + b
: kill-session 

// For moving up inside a tmux session,
Ctrl + b
[
Use up arrows to go up and down in copy mode and then press q to come back

// For splitting the screen horizontally in tmux, do the following:
After pressing, Ctrl + b, leave the keyboard and then press "

// For splitting the screen vertically, do the following:
After pressing, Ctrl + b, leave the keyboard and then press %

Note: After splitting, press Ctrl + b, and then use arrow keys to mopve around. 
Lastly, its better to use take ssh from cmd instead of putty for terminal splitting

dig

It is the newer alternative for older nslookup.

It has following options:

ssh

Type of Shell

ssh has a switch option called as -t which can be used to specify the shell one wants while ssh'ing

One can also determine the type of shell using the command:

script_shell="$(readlink /proc/$$/exe | sed "s/.*\///")"; echo $script_shell

Local Port Forwarding

Everyone knows ssh, but suppose one is accessing a remote server via ssh and the remote server doesn't have GUI, only terminal then the following commands can use tunnelling using port forwarding to access an application running locally on the remote server from host machine.

ssh <username>@<ip-address> -N -f -o ServerAliveInterval=60 -L <localport>:<hostinterfaceaddress>:<hostport>

Here, -N is only for port forwarding and not executing remote commands, -f backgrounds ssh, -o is used for passing configuration values (serveraliveinterval is used to keep the connection alive after every 60 seconds), -L is used to forward a local port to the remote server's port

Note: One can also use -q for quiet mode

For example, to access the python server which is running on localhost of linux server, one can issue the following command: ssh <username>@<ip-address> -N -f -o ServerAliveInterval=60 -L 8000:localhost:8000

Dynamic Port forwarding

Here, -D is used for the remote linux server to act as socks proxy and -C is used for compression to save bandwidth.

ssh -D <local-port> -f -C -N -q <username>@<ip-address>

The operation can be easily understood as shown below:

Remote Port forwarding

Now, let's just assume that there is a remote server, where one can ssh into from local machine, but from that remote server, if one wants to access a webserver hosted on local machine, then reverse port forwarding can be quite helpful.

ssh -N -f -R <local-port>:<remote-server-address>:<remote-server-port> <username>@<ip-address>

Let's take the following example:

On local machine, a webserver is hosted on port 8088

Now, for this webserver to be available to linux server, one can open terminals, one for reverse port forwarding (telling that remote server when access webserver locally on 8088, it will connect with webserver hosted on local machine) and other for interaction as shown below:

One more important option is use of -J which is to specify the jump host, so if a server A is not accessible directly, but via server B only, then ssh -J user@serverB user@serverA

This command would work when password authentication is being used on both serverB and serverA

For it to work via pem key, one need to create the following config file under .ssh and access it via the command:

ssh remote

Host jump
	HostName <jump-box-public-ip>
	IdentityFile .ssh/<pemkeyfile>.pem
	Port 22
	User ec2-user

Host remote
	HostName <remote-server-private-ip>	
	IdentityFile .ssh/<pemfilekey>.pem
	Port 22
	User ec2-user
	ProxyJump jump

socat

Its purpose is to establish a relationship between two data sources, where each data source can be a file, a Unix socket, UDP, TCP, or standard input.

It can be best described as written below from manpages:

One of the most used option is to use socat to connect to two TCP streams on separate streams. As per syntax, socat options <bi-address> <bi-address>

Thus the following command can be used to connect two data streams as shown below:

socat TCP-L:443,reuseaddr,fork TCP:localhost:8088 &

Note: fork - put every connection into a new process, reuseaddr - keeps the port open after a connection is made, & - backgrounds the application

Note, if one wants to create only listener or only connect, then give the 1st bidirectional address as hypen (-)