Skip to content

Latest commit

 

History

History
759 lines (570 loc) · 14.2 KB

File metadata and controls

759 lines (570 loc) · 14.2 KB

CentOS/Red-Hat-Command-Cheatsheet

The below list are not covering all the commands for Linux Administration. These are commands that are not oftenly used but would be needed extermely in hours of matter of troubleshooting. This list is limited but can be improved much more.

Redhat Package Manager (RPM)

#Check RPM signature  
rpm --checksig <.rpm pkg>
#Install RPM package
rpm -ivh <.rpm pkg> 
#Check dependencies of RPM pkg 
rpm -qpR <.rpm pkg> 
#Install RPM pkg without dependencies
rpm -ivh --nodeps <.rpm pkg>  
#List all files of installed RPM packages
rpm -ql <.rpm pkg> 
#List installed RPM packages
rpm -qa  
#List installed RPM packages
rpm -q <.rpm pkg> 
#List all recently installed RPM packages
 rpm -qa --last  
#Upgrade a RPM package
rpm -Uvh <.rpm pkg> 
#Remove RPM package 
rpm -evvnx <.rpm pkg> 
#Remove RPM package without dependencies 
rpm -ev --nodeps 
#Query a file that belongs which RPM package 
rpm -qf /usr/bin/htpasswd 
#Show the information of installed RPM package 
rpm -qi vsftpd 
#Show the information of RPM package before install 
rpm -qip <.rpm pkg> 
#Show documentation of instal RPM package 
rpm -qdf /usr/bin/vmstat 
#Verifying a package compares information of installed files against rpm db 
rpm -Vp <.rpm pkg> 
#Verifying all packages 
rpm -Va 

YUM (Yellowdog Updater and Modifier)

yum upgrade <pkg>
yum localinsatll <pkg*>
yum remove <pkg/command/rpm>
#install/update/upgrade or transaction history
yum history list 
yum history list all 
#pkg info install/update/upgrade or transaction history by id
yum history info <id> 
#undo the transaction by id
yum history undo <id> 
#redo the transaction by id
yum history redo <id> 
#yum stores transaction in single SQLite db. To start new transaction history
yum history new 
yum whatprovides <pkg/command>
yum --showduplicates list httpd | expand
yum list available java*
yum list installed

Permission

#set suid bit such as -rwSr-xr-x. capital S means (rws)
chmod 4655 <file> 
#Setgid on dir, all dir/files in it will get same ownership as parent dir. It doesn't matter who is creating
#setting setgid bit
chmod g+s <dir/file> 
#setting sticky bit such as drwxrwxrwt. small t means (rwxt)
chmod 1777 <dir> 
#setting sticky bit such as drwxrwxrwT. capital T means (rwt)
chmod 1776 <dir> 
#asssigning recursive permission of all files/dir in  target dir
chown -R <user>:<group> <dir> 

User Administration

useradd -g itadmin -c "DB User" -u 1135 -s "/bin/sh" -d /home/techguy1 
#In the above command, we are creating the new user with custom options as simple "#useradd <user>" will create with default setting. The -g (group) -c (description) -u (user id) -s (which shell to be assigned) -d (landed home dir)
useradd -g <primary group> -G <secondary group> <user> # assign the user primary and secondary group
passwd -l <user> #locking password of user
passwd -u <user> #unlocking password of user
passwd -e <user> #expire password 
echo 'myPassword123' | sudo passwd --stdin <user> 
passwd -x -1 <user> #Turnoff password expiry
usermod -L <user> #locking user
usermod -U <user> #unlocking user
chage #set password expiry

Access Control Lists (ACLs)

setfacl -m u:priya:rw <file> #assiging the a new user 'priya' with read/write permission on the file. -m (modifying) -u (user)
setfacl -m mask:r <file> #setting mask on file
setfacl -d -m u:priya:rw <dir> #setting ACL for directory
getfacl -R <dir> > permissions.acl #BackUp ACL's in file having all info related ownership/dir inside the dir,subdir,files
setfacl --restore=permissions.acl #Restore the Permissions/Ownership

Crontab

crontab -l #show crontab for all users
crontab -u <user> -l #show crontab for specific user
crontab -e #add cron entry in crontab file

Process

ps -a #all terminal 
ps -e #list of all the processes
ps -o #customer properties
ps -ao tty,comm,pid,%mem,%cpu #<command/script> & #run the task in background
ps -fp $(pgrep -d, -x logrotate)
pgrep -u <userid> unison
ps -p <pid> -o etime #process execution time
ps -eo user,pid,ppid,%mem,%cpu --sort=-%cpu | head
ps lax
ps fax

Network

dig +trace www.google.com
nmcli dev status
nmcli con del <interface name>
ip addr show <interface name>
nmcli con show
nmcli con add con-name <interface name> type <ethernet> ifname <interface name> ip4 <ip address> gw4 <gateway>
nmcli con up <interface name>
nmcli con mod <interface name> ipv4.gateway <ip address>
hostnamectl set-hostname <hostname>
netstat -rn
route -n
tcpdump -i <interface>
tcpdump -i <interface> host <ipaddress>  -nn
tcpdump -i <interface> -s 0 -w <output file name example.pcap> host <ipaddress/hostname> and udp
ping <hostname/ipaddress>
telnet <hostname/ipaddress> <port>
nslookup <domain/hostname>
netstat -an |grep <ipaddress>.<port>|grep ESTAB|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -rn #show which remote hosts make how many connection to specfic port, the output is sort on number of connections by host to port 

Memory

egrep --color 'Mem|Cache|Swap' /proc/meminfo | awk '{print $1 " " $2/1000/1000 "GB"}' #show information in GB
smem -s swap -t -k -n -r
smem -u -p -r
free -h

Disk

df -h
df -Th
du -sh <path/*>
df --local -P #in KBs
du -sch .[!.]* * | grep --regex="[0-9]*G"
lsof -u <user> #list of openfiles by specific user
lsof | grep delete #list of openfiles that are deleted
lsof | awk '{print $1}' | sort | uniq -c | sort -r -n #sort number of open files by process

SFTP/SCP

sftp -oPort=<port> <user>@<ipaddress/domain>
sftp -oPort=<port> -oIdentityFile=<path to key> <user>@<ipaddress/domain>
sftp -o KexAlgorithms=<keyExchangeAlgo> -o HostKeyAlgorithms=<HostKeyAlgoName> -oIdentityFile=<path to key> -oPort=<port> <user>@<domain/ipaddress>
sftp -oPort=<port> -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-dss -oIdentityfile=<path to key> <user>@<domain/ipaddress>
scp -P <port> <path to src file> <user>@<domain/ipaddress>:<target path> #send the file to target system
scp -P <port> <user>@<domain/ipaddress>:<src file path> <target file path locally> #fetch/download file from the target system
scp -r /path/to/local/source user@ssh.example.com:/path/to/remote/destination #send dir from the target system
scp -r user@ssh.example.com:/path/to/remote/source /path/to/local/destination #fetch/download dirctory from the target system

Bolt

For the --tmpdir flag we can use the home directory path of the remote user which will logged in on the behalf of the bolt. At some time /tmp is not executable due to which the command gets failed. (~mizz - will be confirm)

bolt command run "<command>"  --no-host-key-check --tmpdir=/tmp -p <password>  --tty --targets @<ipaddress/hostname list file>  -u <user>
bolt command run "<command>"  --no-host-key-check --tmpdir=/tmp -p <password>  --tty --targets <ipaddress/hostname separate by ,>  -u <user>
bolt script run <script>  --no-host-key-check --tmpdir=/tmp -p <password>  --tty --targets @<ipaddress/hostname list file>  -u <user>
bolt script run <script>  --no-host-key-check --tmpdir=/tmp -p <password>  --tty --targets <ipaddress/hostname separate by ,>  -u <user>

Sed

sed -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be stdout
sed -i -n -e "/<$hostname>/,/ismail.com/ p" <targetfile> #replace the string by variable, result will be saved in target file
sed -i 's/stringtoreplace/newstring/g' myfile.txt #replace the string from the file globally

find

find /tmp/* -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days 
find /home/ -type f -name ".errors*.gz" -mtime +7 -exec rm {} \; #remove files from dir "tmp/" that are older than 7 days - with filename
find /home/ -type f -size +500M -name "*tempfile*" -exec du -sh {} \; #found the tempfile that has file size >500MB
find /home/ -type f -size +1G -exec ls -lh {} \; | awk '{ print $9 "|| Size : " $5 }' #find output in custom defined format like in this "dirname || Size:_"
#Combine find exec multiple commands
find /tmp/dir1/ -type f -exec chown root:root {} \; -exec chmod o+x {} \;
#Combine find exec multiple commands
find /tmp/dir1/ -type f -exec chown root:root {} \; -exec chmod o+x {} \;
#World-Writable dir
#CIS
find / -path /proc -prune -o -path /sys -prune -o -type d -perm -0002 -mindepth 3 -maxdepth 4 -printf "World-Writable dir %p\n" 2>/dev/null
#find files with permission
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f 
#4000 for suid, 2000 for guid
#Combine find exec shell script function
#[Ref: https://www.golinuxcloud.com/find-exec-multiple-commands-examples-unix/#:~:text=Linux%20or%20Unix.-,Find%20exec%20multiple%20commands%20syntax,%5C%3B%20or%20as%20%22%20%3B%20%22.]
find /tmp/dir1/ -type f -exec bash -c '
for item do
[[ $item =~ "file1" ]] && mv -v $item ${item}_renamed
done
' bash {} +

grep

cat myfile | grep -B 1 -A 4 -i 'string one\|string two' #it will show 1 line before and 4 lines after matching the strings form myfile
grep -lr "string" * #search recursively the string from all filesystem hierarchy, as its start from which current dir you are standing and it will list files
grep -ir "string" <* or file> #search recursively the string from all filesystem hierarchy and show the content what matches - * for all files otherwise specify a single file
grep -E -s "<regex>" <file>
#grep with -E extended regex -s with silent mode as no error message on screen
grep -P -s -- "<regex>" <file>
#grep with -P perl regex -s with silent mode as no error message on screen
grep -Eq '<regex>' <file> && grep -Eq '<regex>' file2 && result=pass
#grep with -E extended regex -q with quite mode as no error/stdout message on screen

Gzip/Tar/Compress directory

#The gzip command in Linux can only be used to compress a single file. In order to compress a folder, tar + gzip (which is basically tar -z) is used.
#ref: https://www.educative.io/edpresso/how-to-gzip-a-directory-in-linux
tar -zcvf myfolder.tar.gz myfolder #Compress folder/dir with -z in Linux
tar -tf myfolder.tar.gz #view the content of compressed file
gzip filename #view the content of compressed file
unzip file.gz #uncompress the zip file

AWK

#Multiple Conditional Statement - Not Equal, Regex, Equal
awk -F: '($1!="root" && $1!="sync" ) {print}' /etc/passwd
awk -F: '($1!="root" && $1!~/^\+/) {print}' /etc/passwd
awk -F: '($1=="virusgroup") {print $3}' /etc/group
du -sh * | grep G | awk '($1~/[0-9]+\.?[0-9]*G$/)'
awk '/^\s*UID_MIN/{print $2}' /etc/login.defs
df --local -P | awk {'if (NR!=1) print $6'} #skip first or header line
df --local -P | awk {'if (NR!=1) print $6'} #skip first or header line
#Variable in awk statement
awk -F: -v GID="$(awk -F: '($1=="shadow") {print $3}' /etc/group)" '($4==GID) {print $1}' /etc/passwd
#Awk result with loop
awk -F: -v GID="$(awk -F: '($1=="shadow") {print $3}' /etc/group)" '($4==GID) {print $1}' /etc/passwd | (while read -r usr; do
        [ -z "$output" ] && output="\"$usr\"" || output=",\"$usr\""
done

XARGS

#XARGS Application - to use last command result for next command
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -printf "%p has no owner\n" 2>/dev/null

stat

stat -L -c "%A" "$dir"
stat --printf='Name: %n\nPermissions: %a\n' /etc
stat --printf='User: %U | Group: %G' /etc 

lsof

lsof -u <user> #list the openfiles by a user

Other

top -b -n 1 | head -n +5
uptime
sestatus #check selinux status
collectl -sc -p /var/log/collectl/server1-20220411-000000.raw.gz --top --from 00:00-03:00 -oTm
collectl -scn -p /var/log/collectl/server2-20220411-000000.raw.gz --from 00:15-00:41 --top
collectl -scD -p server1-000000.raw.gz --from 00:00-00:55 --top iokb | grep -w 'cp\|sdb\|Wait\|Pct\|PID' | less