Linux basic command for cybersecurity Engineer as a quick revision

I recommend to all use -h, --help, or man <command> to learn more about what options are available to each command.

1. ls :- ls is short for list structure. It is equivalent to the dir command in DOS and Windows. On its own, the command just provides a list of the files and directories within the current directory.

2. ls -l :- will get output with file sizes, permissions and ownership of each file and directory.

3. ls -la / ls -a :- -a (or a combined -la) command list will show hidden files or files preceded by a period (.)

4. ls -R / tree :- lists all the files in the directory structure

5. cd :- This command allows one to change directories. The command cd <path> will change the directory to the one represented by <path>.

The symbol ~ represents the user’s home directory.

. is the current directory and, in short, this really doesn’t change the directory

.. is the parent of the current directory

6. pwd :- pwd or Present Working Directory shows the full path of the current directory.

7. cp <source> <destination> :- cp is short for copy

if you want to copy a directory and its contents, you include the -R switch. With this switch, the copy command will traverse the entire directory structure. Without it, only the directory is copied, but none of its contents are.

8. mv <source> <destination> :- mv is short for move. Like copy, it requires a <source> and <destination> and these can either be directories or files. Keep in mind, unlike cp, mv does not require the -R switch when moving a directory to another path. Moving a directory includes all of the contents within itself and subordinate directories.

9. ln -s <source> <target_link> :- ln is a command for creating a symbolic link. Unlike a shortcut in Windows, Linux treats a symbolic link as if a file or directory exists where the symbolic link resides.

10. rm <filename> :- rm is short for remove. Just like del in Windows, it is used for deleting files and directories. When rm uses the -r, -R, or --recursive flag to tell rm to walk through the subordinate directories and delete the files with the filename. If you try to delete a directory that is not empty, you receive an error and the rm command fails. The -f or --force flag overrides this limitation and deletes the directory, regardless of if it is empty or not.

11. mkdir <directory_name> :- Short for make directory, mkdir is used to create a directory. If <directory_name> is a path, the command creates the last directory in the path. With the -p or --parents flag, mkdir will create all of the folders that do not currently exist in the path.

12. rmdir <directory_name> :- Short for remove directory, this command does the opposite of make directory. With the -p or --parents flag, the command will delete all of the directories in the path as long as your account has the necessary permissions to do so.

13. touch <file_name> :- The touch command creates <file_name>. The file will be empty. This is useful for creating files that will receive output from other sources

14. chmod [-R] <permissions> <target>:- chmod is short for change mode. Mode refers to the permissions individuals have regarding the file or directory. There are three basic permissions and four classifications of users change mode can affect. The three permissions are read, write, and execute. Each of these permissions has a numeric value and a letter designation. Read is r or 4. Write is w or 2. Execute is x or 1. The different user classifications are user/owner (u), group (g), others (o), or all (a).

A few things to keep in mind:

If you want to change a permission of all files in a directory, use the -R flag and the target is the directory.

All folders must have the execute permission, for otherwise their contents cannot be explored.

When assigning different symbolic values, separate them with commas (i.e., o+wr, g-w, o-wrx)

15. chown [-R] <owner>[<group>] <target>: Short for change owner, this command allows you to change the owner (and group owner) of a file or directory. The -R flag will make the change recursively to all files and directories subordinate to the directory you target.

16. chgrp [-R] <group> <target> :- Short for change group, this command allows you to change the group owner of a file or directory. The -R flag will make the change recursively to all files and directories subordinate to the directory you target.

17. cat <target>, zcat <target> :- Short for concatenate, this command displays the contents of the target file.

18. less <target>, zless <target>:- Similar to cat, less lets you control how you scroll through a document you are viewing. It also affords you the ability to search forward using the forward slash (/) or search backwards with question mark (?). zless, like zcat, lets you look at a compressed file and provides all of the functionality of less.

19. head : - The head command displays the top few lines from document. It is similar to cat but it just dumps those 10 lines.

The -n n or --lines=n displays n number of lines different from the default. Instead of determining the number of lines, you can specify the n number of bytes to display -c n or --bytes=n.

20. tail :- The reverse of head is tail. It shows the last 10 lines of the file. You can use the same switches I mentioned for the head command. Another useful flag to use with tail is -f. This flag keeps an open connection to the file and continues refreshing what appears in the terminal as content is added to the file. This is a very useful feature when you want to continuously monitor a log file, particularly when one is trying to troubleshoot why a script fails or what errors are generated when interacting with a service.

21. Diff <file1> <file2> :- Short for difference, diff compares to files and displays differences between two files.

22. Zdiff <file1.gz> <file2.gz> :- Performs the same function as diff but it compares two compressed files.

23. echo <string>:- echo displays a string in the terminal. This can be the value of a variable or a string. You can also redirect the string to a file with the greater than symbol (>) followed by a file name replacing its current content. If you use a double greater than (>>), the echo is appended to the contents of the target file. Be careful when using this functionality because of the overwrite nature of the first option.

24. wc <target> :- Short for word count, this command counts and reports back the number of lines, words, and characters in the document.

25. clear :- Serves the same function as Windows cls. It simply refreshes the terminal screen, bringing the command line up to the top of the terminal.

26. history :- As the name implies, it displays a series of the most recent commands entered. The default is 150 lines.

27. man <command> :- Short for manual, this command displays a formatted help file for the command specified. The contents of the file will generally include the flags, switches, and options you can include on the command line. Depending on the command developer, it will go into detail about the role of the command and how it can interact with the host. How much detail the manual file contains will depend on the details the developer believes is useful for the user.

28. which <command> :- This is a tool for locating commands. which <command> returns the full path to <command>.

29. find :- find is a very versatile tool when searching for files. Its versatility comes from the switches and options one can use to find files. One of the simplest options is the ability to specify the path to search. Using the -name switch one can specify the <filename> with or without wildcards (*, ?, etc.). Another switch allows you to filter the search by type with -type f for files, and -type d for directories. One of the best options is the -exec switch where you can search inside the document with grep or perform an action on the document

30. file <file_name> :- The file command analyzes the specified file and reports back the file’s type to the user. This is based on the contents of the file not extension of the file.

31. grep :- grep is a tool for finding text inside a document. It can be a literal string or one with wildcards or a regular expression. The -l switch suppresses displaying the line within the document and instead displays the name of the file if it contains the term searched for.

32. df :- This utility displays a report of the different volumes on the host’s hard drives. To make the command more useful, the -h or --human-readable changes the storage information that is more easily understood.

33. du :- Short for disk usage, this command reports back the disk space used by the individual files in a tree of directories. The report also includes summaries of each of the directories and the total overall. The -h or --human-readable switches work here as with df. The -s flag provides just the total space used in the tree. The -P or --no-dereference tells du not to follow symbolic links.

34. tar :- tar is a utility for bundling files into and extracting them from files referred to as tarballs. There are numerous flags and switches you need to use to perform the bundling and extractions. -c or --create tells tar to create a tarball while -x or --extract extracts the files. You can also compress and uncompress the tarball with a flag for the particular compression algorithm. Two standards are gzip (-z or --gzip) and bzip (-j or --bzip2). You can also verify proper extraction or compression with the -v flag. The last flag is -f or --flag for specifying the file. Watch the video below to see tar in action.

35. top :- The top command displays real-time data about the resources in use by the host. It regularly refreshes to provide up-to-the-second information regarding the performance of the host.

36. htop :- An application similar to top, but htop provides greater functionality including searches, filtering, and a tree view to find parent and child processes. htop also provides resource bars and the ability to use a mouse for interacting with the application.

37. free :- free displays the resources available on the server at the time the user enters the command.

38. ps :- ps lists a snapshot of the running processes. By default, it only shows processes owned by the user executing the command. The -a flag shows all processes with the terminal regardless of the owner. The -u flag provides a more detailed report. The -x flag includes processes beyond the terminal (i.e. automated services started by the host).The -U <username> flag lists processes owned by a particular user.

39. systemctl [stop|start|restart|status|enable|disable] <service_name> : -The systemctl command is an administrator’s best friend when it comes to managing services. The action options function as their names imply. start, and stop run or stop the service gracefully (see kill below for how to terminate the process). restart is a graceful way to stop and start a process with one command. This is used when an administrator wants to enable a configuration change to the named service. status produces a concise status of a service, regardless of whether or not it is currently running. Use enable and disable to determine whether or not the service will start when the host reboots.

40. kill :- The kill command is used to stop processes that cannot be shut down cleanly. It is always better to shut processes down with their own integrated utility. Sometimes kill won’t do it alone. It requires the use of switches to make sure the processes are properly terminated. In some cases, a process generates sub-processes to handle tasks. In these situations, killing the main process may not terminate the subordinate tasks. This is when the -9 flag is used.

41. netscan -tulpn, ss -tulpn :- The deprecated netscan command or its replacement ss lists services running on the host.

42. nmap :- nmap scans hosts for ports in a listening state. A listening service is one awaiting a connection from a remote host.

43. lsof :- Another tool for finding a local machine’s open files, ports, directories, and sockets, lsof takes the -i <port> option to filter for results on the specified port.

44. ping <hostname|ip_address> :- The ping command sends a packet of data to the specified hostname or IP address and waits for the response.

45. wget :-The wget command downloads the file at the URL of the argument provided.

46. hostname :- The hostname command returns the host’s name as configured in the /etc/hostname file.

47. useradd -d <home_dir> -p <password> -m <username> :- The useradd command creates a new user on the host. Standard user accounts should not be able to create a new account by default. But as a security professional, you must be aware of this command and its syntax. Administrators use the sudo command to execute a useradd command as the root account. More on sudo later.

The -d or --home-directory lets you specify a special home directory in place of the default (/home/<username>). The -m flag instructs useradd to create the home directory. The -p <password> or --password <password> allows the administrator to set the initial password. There are flags for adding the user account to special groups as well as many others. I recommend checking the documentation when you need to customize this command.

48. userdel <username> :- The userdel command deletes a user account from the host.

49. usermod :- This command allows you to update or change the settings of the user account. One of the typical uses of usermod is to add the user to a new group or groups. The syntax for this is usermod -a -G <group_name|group_id>,<group_name|group_id> <username>. In this case, the -a switch tells usermod to append the new groups to the user account. Otherwise, -G will replace current groups with the new groups

50. passwd :- The passwd command lets a user reset their own password. An administrator can reset any user’s password by specifying a username with passwd <username>.

51. sudo <command and arguments> :- Super User Do or sudo is a very powerful and potentially dangerous command. It allows authorized users to execute commands as the root user or other user with the -u <username> flag. To use sudo you must belong to a designated user group. This is a preconfigured security measure. Learn more about sudo in the following video, and you can also learn more about securing sudo in Cybrary's Linux Hardening course.

52. ssh [user@]host_ip|server_name] :- Secure Shell or ssh is a secure means for connecting to remote hosts. At a minimum, you must specify either the ip address or hostname of the remote host. I will show you how to connect with ssh and a PKI certificate in a later lesson.

Use the -i <file_path/file_name> option when you want to use a PKI key to log into the server. The private key (id_rsa) needs to be in the user’s .ssh directory on the local host, and the public key (authorized_keys) needs to be in the user’s .ssh directory on the remote host.

53. apt [update|upgrade|autoclean|autoremove|install|purge] [package_name] :

Aptitude or apt is the means for updating Ubuntu. There are multiple facets of apt. The update option runs an update apt's database of packages. Running the upgrade option updates any out-of-date packages. The autoremove option removes outdated dependencies previously installed. The install option installs the specified package(s), and purge uninstalls them.