Linux

Some handy linux commands

Index

File handling
Environment variables
User management
Monitoring processes
Network commands
scp
curl
Net-SNMP
tcpdump
iptables (firewall on CentOS)
Creating archives
Miscellaneous
Export Display

File handling

Moving through directories (absolute path)

$ cd /path/to/directory

Moving through directories (relative path)

$ cd ./path/to/directory

Show current directory (absolute path)

$ pwd

Show directory contents

$ ls

Show directory contents, l=long, a=all files (on some systems also ll)

$ ls -la

Create new directory

$ mkdir <directory>

Remove empty directory

$ rmdir <directory>

Remove non-empty directory

$ rm -r <directory>

Force remove non-empty directory (without any question)

$ rm -rf <directory>

Move file

$ mv <file> <directory>

Rename file

$ mv <file1> <file2>

Copy file

$ cp <file1> <file2>

Remove file (i=interactive mode)

$ rm <file>

Copy file

$ cp <file1> <file2>

Make symbolic link (alias, shortcut)

$ ln -s <directory> <link_name>

Show help about given command

$ <command> -h

$ man <command>

Search for file inside given directory (use * unless you know exact file name)

$ find <directory> -name <file.*>

Show tail (last few lines) of the file. Use -n 100 to show last 100 lines.

$ tail -f <file>

Shutdown system

$ shutdown -h now

Environment variables

Show OS type

$ echo $OSTYPE

Show currently logged-in user

$ echo $USER

Show current shell type

$ echo $SHELL

Show home directory

$ echo $HOME

Show all environment variables

$ env

Setting custom environment variable

Set environment variable BROWSER_HOME that points to the directory.

$ BROWSER_HOME=/path/to/browser/directory
$ export BROWSER_HOME
$ echo $BROWSER_HOME
$ cd $BROWSER_HOME

As a result you should see output: /path/to/browser/directory.
This variable will only last until the user closes terminal window or logs-out of the system. To set environment variable permanently, you need to write above commands to a special file that is automatically loaded at system startup. On some Linux systems this file is /etc/bashrc (system wide setting) or ~/.bashrc (for each user); on other systems, you need to create new bash script and put it in the /etc/profile.d directory. The script is automatically executed during system startup. For other systems Google around to find where you need to put custom environment variables.

Adding environment variable to $PATH

$PATH is probably the most important environment variable among all. It defines directories where system searches for executable files. In the same way as we defined custom environment variable in previous paragraph, you add directory to the path with the following commands:

$ PATH=$PATH:$BROWSER_HOME:/path/to/any/directory
$ export PATH
$ echo $PATH

Echo command should display quite long text containing all directories that are added to the path, separated by colon (:). You should see something like this:
/usr/local/bin:/usr/bin:/bin:/path/to/browser/directory:/path/to/directory

Furthermore you can set environment variable for browser application.

$ BROWSER=$BROWSER_HOME/firefox
$ export BROWSER

Your favorite browser can now be invoked with:

$ $BROWSER

To remember PATH permanently, you need to specify PATH every time when system starts. Place custom shell script into /etc/profile.d directory. PATH will be visible to all users.

$ vi /etc/profile.d/myStartupScript.sh

#!/bin/bash

JAVA_HOME=/opt/jdk
export JAVA_HOME

PATH=$PATH:$JAVA_HOME/bin
export PATH

$ chmod +x /etc/profile.d/myStartupScript.sh

User management

Show who is currently logged-in

$ who

Show id and group id of currently logged-in user

$ id

Create new group (do it as root)

$ groupadd <groupName>

Create new user, set group and bash shell (do it as root)

$ useradd -d /home/<userName> -m -G <groupName> /bin/bash <userName>

Set password for user

$ passwd <userName>

Change ownership of directory

$ chown -R <userName>:<groupName> <directory>

Permissions
Nine bits assigned to each file define the access permissions:
-rwxrwxrwx
where r=read, w=write, x=execute, instead of dash (-), there can be also d (directory), l (link). First three bits are assigned to the owner's access permissions, next three bits are assigned to the group's permissions and last three bits to all others.

Each permission has an assigned number: r=4, w=2, x=1
To set full permission calculate all numbers: 4+2+1=7
To set read/write permission calculate numbers: 4+2=6
To set read permission use number: 4

Use above numbers in following commands to change permissions as desired

$ chmod 777 <file>     # result: rwxrwxrwx
$ chmod 755 <file>     # result: rwxr-xr-x
$ chmod 644 <file>     # result: rw-r--r--
$ chmod 000 <file>     # result: --------- (hm, i wonder what this does)
$ chmod 764 <file>     # result: rwxrw-r--

Recursively change permissions for all files in a directory

$ chmod -R 777 <directory>

If you find this complicated, there is an alternative. You can add file permissions with plus (+) and remove with minus (-) sign and with letters: u=user, g=owner group, o=others, a=all users

$ chmod a-w <file>        # result: r-xr-xr-x
$ chmod o-x <file>        # result: rwxrwxrw-
$ chmod go-rwx <file>     # result: rwx------
$ chmod u+rw <file>       # result: rw-------
$ chmod a+x <file>        # result: --x--x--x
$ chmod ug+rx <file>      # result: r-xr-x---

Changing ownership
Some directories (or files) only root user is allowed to access and modify.
To change user ownership and group ownership

$ chown <userName> <file>
$ chown <userName>:<userGroup> <file>
$ chown -R <userName> <directory>

To change group ownership of a file

$ chgrp <userGroup> <file>

Processes

Show processes, a=all, u=show users

$ ps au

Show processes

$ ps -ef | grep java

Show services and check on which run level they are started

$ chkconfig --list

Networking

Connecting to remote host with SSH

$ ssh <username>@<hostname>

Transfering files with FTP. See manual here: FTP Command Line

$ ftp <hostname>

Check network status

$ netstat -apn | grep :8080

$ netstat -tupane | grep :8080

Check for open ports

$ nmap -sT -O localhost

$ lsof -i :5223

show which application is running on port

$ lsof -iTCP:1883

Get IP address of a server

$ nslookup

When '>' prompt is displayed, type hostname of a server (eg. www.yahoo.com)

scp

Upload file to remote server

$ scp <file> user@192.168.1.100:<directory>

Download file from remote server

$ scp user@192.168.1.100:<directory> <file>

curl

Retrieve the contents of the url

$ curl <http://hostname.com>

$ curl http://matjazcerkvenik.si/home.php

$ curl --url <url>

Save the contents of the url to a file

$ curl -o <filename.html> <http://hostname.com>

$ curl http://matjazcerkvenik.si/home.php > file.html

Save the contents of the url to a file; if -O option is used, file will have the same name as it is on the server.

$ curl -O <http://hostname.com>

$ curl -O http://www.matjazcerkvenik.si/some-file.tar.gz

If the host redirects to anoter url, use -L option to folow the redirect

$ curl -L <http://hostname.com>

See the header of the requested url

$ curl -v <http://hostname.com>

See the header of the requested url

$ curl -I <http://hostname.com>

Get definition of a word using dict protocol

$ curl dict://dict.org/d:<word>

Get data with authentication

$ curl -k https://hostname.com/rest/getData -u admin:password > /root/file.txt

Net-SNMP

SNMP-GET request using Net-SNMP

$ snmpget -v 1 -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3.1.0
$ snmpget -v 1 -c public 10.29.152.208:6161 1.3.6.1.4.1.5551.1.1.3.2.0
$ snmpget -v 2c -c public 10.29.152.208 1.3.6.1.2.1.1.3.0
$ snmpget -v 3 -n "" -u NortBound -l noAuthNoPriv 172.24.24.14 1.3.6.1.4.1.161.3.10.1.7

SNMP-SET

$ snmpset -v 1 -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3.2.0 s "ALL"
$ snmpset -v 1 -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3.3.0 i 3
$ snmpset -v 1 -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3.1.0 i 1

SNMP-WALK

$ snmpwalk -v 1 -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3

Show OIDs instead of OID names in SNMP-WALK request

$ snmpwalk -v 1 -On -c public 10.29.152.208 1.3.6.1.4.1.5551.1.1.3

SNMP-BULKWALK

$ snmpbulkwalk -v 2c -c public 192.168.1.100 1.3.6.1.4.1.444.1.8

SNMP-GETBULK

$ snmpbulkget -v 2c -c public 192.168.1.100 1.3.6.1.4.1.444.1.8

By default the snmpbulkget command returns only 10 entries from the table. To read first <num> entries execute

$ snmpbulkget -v 2c -C r<num> -c public 192.168.1.100 1.3.6.1.4.1.444.1.8

tcpdump

Start tracing network traffic from host x.x.x.x on port N

$ tcpdump -nAs 2048 host 192.168.1.100 and port 162

Start tracing network traffic from host x.x.x.x on interface eth0

$ tcpdump -nAs 2048 host 192.168.1.100 -i eth0

Write captured packets in pcap file (open file with Wireshark):

$ tcpdump -nAs 2048 host 192.168.1.100 -w file.pcap

iptables - firewall on CentOS

Firewall on CentOS is called iptables.

Show rules in iptables

$ iptables -L

Show rules in iptables

$ iptables --line -vnL

Add new rule: allow incoming connections to port 8080 (the problem with this command is that the rule is added after the REJECT all rule)

$ iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Add new rule: allow incoming connections to port 8080 (insert rule in position 5 in INPUT chain)

$ iptables -I INPUT 5 -p tcp --dport 8080 -j ACCEPT

The rule was applied on the 5-th position (just before REJECT)

[root@localhost ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 97 8969 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
6 2 342 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 6 packets, 744 bytes)
num pkts bytes target prot opt in out source destination

Add new rule (allow only incoming tcp connections on port 8080 on eth0 interface from selected network)

$ iptables -A INPUT -i eth0 -p tcp --dport 8080 -s 192.168.1.0/24 -j ACCEPT

Remember to save the iptables, so the rules will be applied at next reboot

$ service iptables save

Delete a rule

$ iptables -D INPUT -p tcp --dport 8080 -j ACCEPT

Deleta a rule (based on number in chain)

$ iptables -D INPUT 5

Alternative

Simply modify file

$ vi /etc/sysconfig/iptables

Restart iptables service

$ /sbin/service iptables restart

Creating and compressing archives

Create tar archive

$ tar -cvf <file.tar> <directory>

Add additional directory to existing tar archive

$ tar -rv -f <file.tar> <directory>

Extract tar archive

$ tar -xvf <file.tar>

Compress file (output is .gz file)

$ gzip <file>

Extract tar.gz archive

$ tar -zxvf <file.tar>

Extract .gz file. Gunzip it.

$ gunzip <file.gz>

Extract tar.bz2 archive

$ tar -jxvf <file.tar.bz2>

Miscelaneous

$ su - root

Show disk usage

$ df -h

$ du -ch /path/to/directory

Reboot the server

$ reboot

Shutdown server after 1 minute (use 'now' to shutdown immediately)

$ shutdown -h +1

Or simply use

$ halt

Show current date and time

$ date

Show list of commands and brief description

$ info

Display list last n commands

$ history <n>

Execute n-th command (from history)

$ !n

Execute previous command

$ !!

Screen command is used to switch between multiple consoles inside one. <name> is custom name of the screen. Create new screen

$ screen -S <name>

To exit the screen press

ctrl + a, then d

See the list of opened screens

$ screen -ls

Switch between opened screens

$ screen -r <name>

Close the screen (PID can be seen from result of screen -ls command)

$ kill <PID>

Using echo command

This will just display (echo) the text - no big deal

$ echo blablabla

First calculate, then display text

$ echo "The sum of 2 and 3 is $[2+3]"

First execute command, then display text

$ echo "There are $(ls | wc -w) files in this directory"

Piping commands

The pipe character (|) connects the output of one command to the input of another.

This command lists the contents of /usr/bin directory, sorts the files alphabetically and pipes the output to less.

$ ls /usr/bin | sort -f | less

Show processes containing string blabla

$ ps -ef | grep blabla

Reading and writing to file

Simple readings and writings from/to a file can be made with characters:
< - content of a file to command line
> - command output to a file (overwrite)
>> - command output to a file (append)

Examples:

$ mail root < ~/.bashrc

$ chmod | col -b > /tmp/chmod

$ echo "I finished the project on $(date)" >> ~/projects

Export display from Linux

1. Start X client:

On Windows system start XMing (or any other X client). In XMing check 'No Access Control' option.
On OS X system start X11 application. Check 'Allow connections from network clients' option in Preferences >> Security tab and restart X11 application. In X11 terminal window execute command: $ xhost + to disable access control.

2. Execute the following command on Linux (<IP> is IP address of your local system (Windows or OS X)):

$ export DISPLAY=<IP>:0.0

3. Run an application on Linux:

$ wireshark &

Jstack

Get PID of Java prosesses

$ jps -l

Dump java stack to file:

$ /opt/jdk1.6/bin/jstack PID > jstack-01.txt