Commands

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

Many Linux commands are used within the articles, with some having their own detailed page, such as the cheat sheets.

A

aa-status

• Ubuntu system hardening guide for desktops and servers

adduser

• Restrict SSH access to only allow rsync

alias

• How to use grep (with examples)

apt

• apt cheat sheet
• Creating audit trails – Logging commands on Linux with Snoopy
• Determine which processes need a restart with checkrestart/needrestart
• How to download a package with apt without installing it?
• How to remove a package with apt?
• How to remove unused packages with apt?
• How to see the dependencies of a package with apt?
• Pre-compress static assets with Brotli and Gzip
• Troubleshooting a full /boot partition on Ubuntu
• Ubuntu system hardening guide for desktops and servers
• Using unattended-upgrades on Debian and Ubuntu

apt-file

• apt cheat sheet
• apt-file (Search tool for files belonging to packages)

arch-audit

• Show vulnerable packages on Arch Linux with arch-audit

arp

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• ip cheat sheet

arptables

• Filtering ARP traffic with Linux arptables

auditctl

• Configuring and auditing Linux systems with Audit daemon
• Logging root actions by capturing execve system calls
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS Linux: Logging of administrative actions with root privileges
• Tuning auditd: high-performance Linux Auditing

aureport

• Linux Audit Framework: using aureport
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Tuning auditd: high-performance Linux Auditing

ausearch

• Configuring and auditing Linux systems with Audit daemon
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

ausyscall

• Auditing Linux processes: The Deep Dive!

awk

• AWK cheat sheet
• Discover to which package a file belongs to
• How to see all virtual hosts in nginx
• Linux host discovery with Nmap
• Linux password security: hashing rounds
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• RSS is cool! Some RSS feed readers are not (yet)...
• Strip one or more characters from a variable or output
• Swap memory information
• Systemd syscall filtering
• Test web server caching with curl

B

blkid

• How to see the available hard disks

brotli

• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip

C

capsh

• Linux capabilities 101

cat

• Auditing Linux processes: The Deep Dive!
• How to see the cgroup of a process
• How to see the file type on Linux
• How to see the version of Oracle Linux
• Is your /etc/hosts file healthy?
• Linux capabilities 101
• Linux system hardening: adding hidepid to /proc mount point
• Livepatch: Linux kernel updates without rebooting
• Networking
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Understanding memory information on Linux systems

chage

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

chfn

• Set default file permissions on Linux with umask

chmod

• Finding setuid binaries on Linux and BSD
• How to change file permissions
• Introduction in Linux file permissions
• Linux file permissions
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• Restrict SSH access to only allow rsync
• Set default file permissions on Linux with umask

column

• ip cheat sheet
• Linux password security: hashing rounds
• List network interfaces on Linux
• Swap memory information

compgen

• Check if a directory or file exists

cp

• Find differences between two daily Lynis audits

curl

• Adding the Expires header to improve caching static content in nginx
• Hiding the nginx version number
• How to see the IP address of your internet connection
• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip
• Test web server caching with curl

D

deluser

• Unused Linux Users: Delete or Keep Them?

df

• How to see inode usage
• How to see used and free disk space
• Troubleshooting a full /boot partition on Ubuntu

diff

• Find differences between two daily Lynis audits
• How to compare two directories and find the differences

dig

• How to see the IP address of your internet connection
• How to see the TTL value of a DNS record

dmesg

• How to use grep (with examples)
• Livepatch: Linux kernel updates without rebooting
• Understanding memory information on Linux systems

dmidecode

• dmidecode cheat sheet
• How to see BIOS details
• How to see hard disk specifications and details
• How to see memory information such as type and speed
• Understanding memory information on Linux systems

dnf

• Automatic Security Updates with DNF
• Discover to which package a file belongs to
• List installed packages on a Linux system
• Showing Available Security Updates with DNF

dpkg

• Audit installed compilers and their packages
• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to
• Finding setuid binaries on Linux and BSD
• How to show all installed packages on Ubuntu
• List installed packages on a Linux system
• Postfix Hardening Guide for Security and Privacy
• Troubleshooting a full /boot partition on Ubuntu

dpkg-reconfigure

• Using unattended-upgrades on Debian and Ubuntu

du

• How to find the biggest directories on disk
• How to find when the last modification happened in a directory
• How to see files greater than a specific size
• How to see the size of a directory

E

echo

• Find differences between two daily Lynis audits
• How to securely delete a file and its contents
• Linux and ASLR: kernel/randomize_va_space
• Set default file permissions on Linux with umask

equery

• Discover to which package a file belongs to

eval

• How to add a SSH key to the SSH agent

execsnoop

• Understanding what runs on your Linux system (and why)

F

fg

• Kill a process that won't respond to CTRL+C

file

• How to securely delete a file and its contents
• How to see the file type on Linux
• Using encrypted documents with vim

find

• Discover to which package a file belongs to
• Finding setuid binaries on Linux and BSD
• How to find hard links or files that point to a specific file
• How to find symbolic links that point to a directory
• How to find writable files
• How to see files greater than a specific size
• Kernel hardening: Disable and blacklist Linux modules
• Lynis stuck during testing
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• PCI DSS Linux: No write access to shared system binaries
• Unused Linux Users: Delete or Keep Them?

free

• Swap memory information
• Understanding what runs on your Linux system (and why)

G

gcc

• Linux and ASLR: kernel/randomize_va_space

gdb

• Understand and configure core dumps on Linux

getcap

• Linux Capabilities: Hardening Linux binaries by removing setuid

getconf

• Linux capabilities 101

getent

• How to test if an account has a password set?
• Is your /etc/hosts file healthy?
• The purpose of the /etc/networks file
• Unused Linux Users: Delete or Keep Them?

getfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security

getfattr

• Using xattrs or Extended Attributes on Linux

grep

• Configure a SSH welcome message or banner
• How to deal with Lynis suggestions?
• How to see all virtual hosts in nginx
• How to see the SSH log?
• How to show network TCP statistics and counters
• How to use grep (with examples)
• How to use Lynis
• Linux Security
• Lynis stuck during testing
• Network
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Protect Linux systems against SSLv3 Poodle vulnerability
• Systemd syscall filtering
• Test web server caching with curl
• Understanding what runs on your Linux system (and why)

groupadd

• Linux system hardening: adding hidepid to /proc mount point

gzip

• Pre-compress static assets with Brotli and Gzip

H

hdparm

• How to see hard disk specifications and details

head

• How to find the biggest directories on disk

hexdump

• Understanding the output of the stat command

hostname

• Is your /etc/hosts file healthy?

hostnamectl

• How to show the systemd machine ID
• Methods to find the Linux distribution and version

htpasswd

• Nginx security hardening guide

hwinfo

• Understanding memory information on Linux systems

I

ifconfig

• ip cheat sheet
• List network interfaces on Linux

iftop

• How to see active connections and bandwidth usage on Linux
• How to see the number of open connections on Linux
• iftop (Bandwidth usage monitor)
• Network

insmod

• Increase kernel integrity with disabled Linux kernel modules loading

iosnoop

• Understanding what runs on your Linux system (and why)

iostat

• How to monitor disk activity (I/O) on Linux

iotop

ip

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• How to secure a Linux system
• How to see errors and dropped packets on a network interface on Linux
• How to see the default gateway on Linux
• How to see the the network IP address of your system
• ip cheat sheet
• Linux Audit: Auditing the Network Configuration
• Linux Security Guide for Hardening IPv6
• List network interfaces on Linux
• Network
• Networking

ip6tables

• Block IP addresses in Linux with iptables

ipset

iptables

• Beginners guide to traffic filtering with nftables
• Block IP addresses in Linux with iptables
• Ubuntu system hardening guide for desktops and servers

J

jobs

• Kill a process that won't respond to CTRL+C

journalctl

• Finding boot logs in systemd journals
• How to clear systemd journal logs by time
• How to limit the disk usage of the systemd journal
• How to see kernel messages with journalctl
• How to see logging for a specific unit or service
• How to see new log entries automatically with journalctl
• How to see only recent journal entries
• How to see the last X lines with journalctl
• How to see the size of the systemd journal
• How to see the SSH log?
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux

jq

• ip cheat sheet

K

kill

• How to kill a zombie process
• How to stop all processes of a single user
• kill (Sending signals to processes)
• Kill a process that won't respond to CTRL+C
• lsof cheat sheet
• OpenSSH security and hardening
• Understand and configure core dumps on Linux

killall

• How to kill a running process by its name
• How to stop all processes of a single user

L

last

• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

less

• How to deal with Lynis suggestions?
• Unix security audit: Perform an audit in 3 minutes

logger

• Configuration and collecting of Linux audit events

ls

• How to change file permissions
• How to display directory contents sorted by modification time
• How to find hard links or files that point to a specific file
• How to see hidden files
• How to see the size of a file
• How to see the version of Oracle Linux
• Linux Capabilities: Hardening Linux binaries by removing setuid
• Linux file permissions
• Methods to find the Linux distribution and version
• Understanding the output of the stat command
• Understanding what runs on your Linux system (and why)

lsb_release

• Methods to find the Linux distribution and version

lsblk

• How to see the available hard disks

lscpu

• How to see CPU details
• lscpu (CPU information, virtualization features, CPU vulnerabilities)

lshw

• How to see hard disk specifications and details
• How to see the available hard disks

lsmod

• Beginners guide to traffic filtering with nftables
• In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
• Kernel hardening: Disable and blacklist Linux modules
• Monitoring USB communications using usbmon interface

lsof

• Become a Linux auditor: tips to start with auditing the Linux platform
• Determine which processes need a restart with checkrestart/needrestart
• Hardening nginx with systemd security features
• lsof cheat sheet
• Which Linux process is using a particular network port?

lsusb

• How to list all USB devices
• Monitoring USB communications using usbmon interface

lynis

• How to create custom tests in Lynis
• How to keep Lynis up-to-date?
• How to update Lynis
• How to use Lynis
• How to use Lynis plugins
• Installation of Lynis on Arch Linux systems
• Lynis hardening index
• Troubleshooting guide for Lynis
• Unix security audit: Perform an audit in 3 minutes
• Viewing available test categories in Lynis

M

mail

• Postfix Hardening Guide for Security and Privacy

mkdir

• Granting temporary access to your servers (using signed SSH keys)
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

modinfo

• Beginners guide to traffic filtering with nftables
• Kernel hardening: Disable and blacklist Linux modules

modprobe

• Monitoring USB communications using usbmon interface

mosh

• Mosh, the SSH Alternative Option for System Administration

mount

• Become a Linux auditor: tips to start with auditing the Linux platform
• Linux system hardening: adding hidepid to /proc mount point

mv

• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

N

netstat

• Conducting a Linux Server Security Audit
• In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
• List network interfaces on Linux
• Which Linux process is using a particular network port?

netstat -g

• ip cheat sheet

netstat -r

networkctl

• Linux Audit: Auditing the Network Configuration

nft

• Exporting nftables rules and configuration

nginx

• Adding the Expires header to improve caching static content in nginx
• Hiding the nginx version number
• How to block POST requests in nginx
• How to log only some requests to a log file in nginx
• How to see all virtual hosts in nginx
• Nginx security hardening guide
• Securing nginx configurations: implementing OCSP stapling

nmap

• Linux host discovery with Nmap

nmcli

• Linux Security Guide for Hardening IPv6

nstat

• How to show network TCP statistics and counters
• Network
• nstat (Network statistics and counters)

nvme

• How to see hard disk specifications and details

O

openssl

• Create random passwords with OpenSSL/LibreSSL
• Postfix Hardening Guide for Security and Privacy
• Protect Linux systems against SSLv3 Poodle vulnerability
• Random data
• Troubleshooting guide for Lynis

P

pacman

• Discover to which package a file belongs to
• How to show all installed packages with pacman
• pacman cheat sheet

passwd

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

pgrep

• How to kill a running process by its name
• How to see when a process was started
• How to show a running process name and its process ID (PID)
• Understanding what runs on your Linux system (and why)

pidof

• Hardening nginx with systemd security features
• How to find all process IDs by its process name
• How to see the cgroup of a process
• How to see when a process was started
• Swap memory information

pidstat

• pidstat (Monitoring CPU, memory, and disk activity)
• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

ping

• Linux Capabilities: Hardening Linux binaries by removing setuid
• Network

ping6

• Linux Security Guide for Hardening IPv6

pkill

• How to kill a running process by its name
• How to show a running process name and its process ID (PID)

postconf

• Postfix Hardening Guide for Security and Privacy

postqueue

ps

• Auditing Linux processes: The Deep Dive!
• Become a Linux auditor: tips to start with auditing the Linux platform
• How to check if systemd is being used or active
• How to see cgroup in ps output
• How to see the cgroup of a process
• How to see when a process was started
• How to see when the system was started (uptime)
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Understanding memory information on Linux systems
• Understanding what runs on your Linux system (and why)
• Unused Linux Users: Delete or Keep Them?

pwck

• File Integrity of Password Files
• In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

pwscore

• Configure the minimum password length on Linux systems

R

readlink

• Configure the time zone (TZ) on Linux systems

regex-rename

• Linux tools to bulk rename files

rename

resolvectl

• How to see which DNS server is used
• Network
• Networking
• resolvectl (Name resolution information from resolve daemon)
• Show to clear the DNS cache with systemd

rm

• How to securely delete a file and its contents

rmmod

• Increase kernel integrity with disabled Linux kernel modules loading

rngd

• GPG key generation: Not enough random bytes available

rnr

• Linux tools to bulk rename files

route

• ip cheat sheet

rpm

• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to

rpmbuild

• How to update Lynis

rsync

• Restrict SSH access to only allow rsync

run0

• How to disable the background color of run0
• Run0: introduction and usage
• What is run0?

S

sed

• How to Disable "System program problem detected"
• How to insert a line at the beginning of a file
• How to remove trailing whitespace from a file
• Strip one or more characters from a variable or output

semanage

• Change SSH server port number

service

• Hiding the nginx version number
• Linux Security Guide for Hardening IPv6

setarch

• Linux and ASLR: kernel/randomize_va_space

setcap

• Linux Capabilities: Hardening Linux binaries by removing setuid

setfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security
• Using xattrs or Extended Attributes on Linux

setsebool

• Installing ClamAV on CentOS 7 and Using Freshclam

shred

• How to securely delete a file and its contents

shuf

• Random data

smem

• smem (Memory usage)
• Swap memory information

sort

• How to find hard links or files that point to a specific file
• How to find the biggest directories on disk
• How to see all virtual hosts in nginx
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Swap memory information
• Systemd syscall filtering

ss

• Alternative for netstat: ss tool
• Conducting a Linux Server Security Audit
• Configuration and collecting of Linux audit events
• How to see open ports on Linux
• How to see the number of open connections on Linux
• How to see which process is using a port
• In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
• OpenSSH security and hardening
• ss cheat sheet
• Which Linux process is using a particular network port?

ssh

• Granting temporary access to your servers (using signed SSH keys)
• How to add a SSH key to the SSH agent
• How to disable the SSH host key check?
• How to disable the usage of the SSH agent
• How to find the OpenSSH version
• SSH client configuration
• SSH configuration files
• SSH ForwardAgent option
• SSH IdentityAgent option
• SSH PasswordAuthentication option
• SSH ProxyJump option
• SSH StrictHostKeyChecking option
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• What is the purpose of the SSH agent?

ssh-add

• How to add a SSH key to the SSH agent
• How to see the available SSH keys in the OpenSSH authentication agent
• How to start the SSH agent?
• Using SSH keys instead of passwords

ssh-agent

• How to start the SSH agent?
• What is the purpose of the SSH agent?

ssh-copy-id

• Distributing SSH keys: using ssh-copy-id, manually, or automated

ssh-key

• How to see the available SSH keys in the OpenSSH authentication agent

ssh-keygen

• Granting temporary access to your servers (using signed SSH keys)
• How to remove the passphrase from a SSH key
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• Using SSH keys instead of passwords

sshd

• Change SSH server port number
• Configure a SSH welcome message or banner
• How to test the sshd configuration for configuration errors?
• OpenSSH security and hardening
• SSH server configuration

stat

• How to see the creation date of a file
• How to see the size of a file
• Understanding the output of the stat command

strace

• Is your /etc/hosts file healthy?
• Which Linux process is using a particular network port?

strings

• Hardening nginx with systemd security features
• Systemd syscall filtering

sudo

• How to Disable "System program problem detected"

sysctl

• Increase kernel integrity with disabled Linux kernel modules loading
• kernel.tainted
• Linux and ASLR: kernel/randomize_va_space
• Linux hardening with sysctl settings
• Linux kernel security and how to improve it
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Sysctl
• Sysctl: ipe.enforce
• Sysctl: ipe.success_audit
• Sysctl: kernel.perf_event_paranoid
• Sysctl: net.ipv4.ip_forward
• Understand and configure core dumps on Linux

systemctl

• Auditing systemd: solving failed units with systemctl
• Change SSH server port number
• Configure a SSH welcome message or banner
• Hardening nginx with systemd security features
• How to check if 'systemctl daemon-reload' is needed
• How to disable a systemd unit with systemctl
• How to limit the disk usage of the systemd journal
• How to override the settings of a systemd unit
• How to reload or restart a systemd service?
• How to see active systemd timers
• How to see all active systemd units of one type
• How to see all enabled services with systemctl
• How to see all masked units with systemctl
• How to see memory usage of a service with systemctl?
• How to see only running services with systemctl
• How to see the active settings of a systemd unit
• How to see the available systemd unit types
• How to see the dependencies of a systemd unit
• How to see when a process was started
• How to show failed units with systemctl
• How to start and enable a unit with systemctl
• How to use systemctl edit to change a service?
• Linux Security Guide for Hardening IPv6
• OpenSSH security and hardening
• RuntimeDirectoryMode setting
• Securing nginx configurations: implementing OCSP stapling
• Systemd features to secure units and services
• Systemd timers
• Systemd units and their purpose
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux
• Using SSH keys instead of passwords
• What does systemctl daemon-reload do?
• What is a masked systemd unit?
• What is the difference between systemctl disable and systemctl mask?
• Why does systemctl list-units show units as 'not-found'?

systemd-analyze

• How to limit the disk usage of the systemd journal
• How to see which syscalls are part of a systemd syscall filter set
• How to verify a systemd unit for errors?
• systemd-analyze (Performance and security analyzer of systemd components)

systemd-run

• PrivateTmp setting
• UMask setting

T

tail

• Creating audit trails – Logging commands on Linux with Snoopy
• How to see the SSH log?
• Lynis stuck during testing

tar

• How to use Lynis
• Postfix Hardening Guide for Security and Privacy
• tar cheat sheet

tcpdump

• BPFILTER: the next-generation Linux firewall
• tcpdump cheat sheet

test

• Check if a directory or file exists

timedatectl

• Configure the time zone (TZ) on Linux systems
• How to see the time synchronization details with timedatectl

tlsdate

• tlsdate: The Secure Alternative for ntpd, ntpdate and rdate

top

• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

touch

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

tr

• How to see all virtual hosts in nginx
• Strip one or more characters from a variable or output

tzselect

• Configure the time zone (TZ) on Linux systems

U

udevadm

• How to list all USB devices

ulimit

• Understand and configure core dumps on Linux

umask

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

uname

• Auditing Linux processes: The Deep Dive!
• How to check if your Arch Linux system needs a reboot
• Methods to find the Linux distribution and version

unattended-upgrade

• Upgrading External Packages with unattended-upgrade

uniq

• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Systemd syscall filtering

uptime

• How to see when the system was started (uptime)

V

vigr

• File Integrity of Password Files

vim

• Using encrypted documents with vim

vipw

• File Integrity of Password Files

vmstat

• How to monitor disk activity (I/O) on Linux
• Swap memory information
• vmstat (virtual memory information, disk IO, CPU activity)

W

wget

• How to use Lynis

which

• Discover to which package a file belongs to

X

xmllint

• Linux host discovery with Nmap

Y

yaourt

• Installation of Lynis on Arch Linux systems

yum

• Auditing Linux: Software Packages and Managers
• Discover to which package a file belongs to

Z

zgrep

• How to use grep (with examples)

zypper

• Audit SuSE with zypper: vulnerable packages
• Discover to which package a file belongs to
• List installed packages on a Linux system