Commands
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Many Linux commands are used within the articles, with some having their own detailed page, such as the cheat sheets.
A
aa-status
adduser
alias
apt
- apt cheat sheet
- Creating audit trails – Logging commands on Linux with Snoopy
- Determine which processes need a restart with checkrestart/needrestart
- How to download a package with apt without installing it?
- How to remove a package with apt?
- How to remove unused packages with apt?
- How to see the dependencies of a package with apt?
- Pre-compress static assets with Brotli and Gzip
- Troubleshooting a full /boot partition on Ubuntu
- Ubuntu system hardening guide for desktops and servers
- Using unattended-upgrades on Debian and Ubuntu
apt-file
- apt cheat sheet
- apt-file (Search tool for files belonging to packages)
arch-audit
arp
arptables
auditctl
- Configuring and auditing Linux systems with Audit daemon
- Logging root actions by capturing execve system calls
- Monitoring Linux File access, Changes and Data Modifications
- PCI DSS Linux: Logging of administrative actions with root privileges
- Tuning auditd: high-performance Linux Auditing
aureport
- Linux Audit Framework: using aureport
- Linux audit log: dealing with audit.log file
- Linux audit: Log files in /var/log/audit
- Tuning auditd: high-performance Linux Auditing
ausearch
- Configuring and auditing Linux systems with Audit daemon
- Linux audit log: dealing with audit.log file
- Linux audit: Log files in /var/log/audit
- Monitoring Linux File access, Changes and Data Modifications
- PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)
ausyscall
awk
- AWK cheat sheet
- Discover to which package a file belongs to
- How to see all virtual hosts in nginx
- Linux host discovery with Nmap
- Linux password security: hashing rounds
- PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
- RSS is cool! Some RSS feed readers are not (yet)...
- Strip one or more characters from a variable or output
- Swap memory information
- Systemd syscall filtering
- Test web server caching with curl
B
blkid
brotli
- How to test if a website supports Brotli or Gzip compression
- Pre-compress static assets with Brotli and Gzip
C
capsh
captest command
- captest command (capabilities and privilege escalation testing tool)
cat
- Auditing Linux processes: The Deep Dive!
- How to see the cgroup of a process
- How to see the file type on Linux
- How to see the version of Oracle Linux
- Is your /etc/hosts file healthy?
- Linux capabilities 101
- Linux system hardening: adding hidepid to /proc mount point
- Livepatch: Linux kernel updates without rebooting
- Networking
- Protect against ptrace of processes: kernel.yama.ptrace_scope
- Understanding memory information on Linux systems
chage
chfn
chmod
- Finding setuid binaries on Linux and BSD
- How to change file permissions
- Introduction in Linux file permissions
- Linux file permissions
- PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
- Restrict SSH access to only allow rsync
- Set default file permissions on Linux with umask
column
- ip cheat sheet
- Linux password security: hashing rounds
- List network interfaces on Linux
- Swap memory information
compgen
cp
curl
- Adding the Expires header to improve caching static content in nginx
- Hiding the nginx version number
- How to see the IP address of your internet connection
- How to test if a website supports Brotli or Gzip compression
- Pre-compress static assets with Brotli and Gzip
- Test web server caching with curl
D
deluser
df
- How to see inode usage
- How to see used and free disk space
- Troubleshooting a full /boot partition on Ubuntu
diff
- Find differences between two daily Lynis audits
- How to compare two directories and find the differences
dig
dmesg
- How to use grep (with examples)
- Livepatch: Linux kernel updates without rebooting
- Understanding memory information on Linux systems
dmidecode
- dmidecode cheat sheet
- How to see BIOS details
- How to see hard disk specifications and details
- How to see memory information such as type and speed
- Understanding memory information on Linux systems
dnf
- Automatic Security Updates with DNF
- Discover to which package a file belongs to
- List installed packages on a Linux system
- Showing Available Security Updates with DNF
dpkg
- Audit installed compilers and their packages
- Become a Linux auditor: tips to start with auditing the Linux platform
- Conducting a Linux Server Security Audit
- Discover to which package a file belongs to
- Finding setuid binaries on Linux and BSD
- How to show all installed packages on Ubuntu
- List installed packages on a Linux system
- Postfix Hardening Guide for Security and Privacy
- Troubleshooting a full /boot partition on Ubuntu
dpkg-reconfigure
du
- How to find the biggest directories on disk
- How to find when the last modification happened in a directory
- How to see files greater than a specific size
- How to see the size of a directory
E
echo
- Find differences between two daily Lynis audits
- How to securely delete a file and its contents
- Linux and ASLR: kernel/randomize_va_space
- Set default file permissions on Linux with umask
equery
eval
execsnoop
F
fg
file
- How to securely delete a file and its contents
- How to see the file type on Linux
- Using encrypted documents with vim
filecap command
- filecap command (Display capabilities in paths)
find
- Discover to which package a file belongs to
- Finding setuid binaries on Linux and BSD
- How to find hard links or files that point to a specific file
- How to find symbolic links that point to a directory
- How to find writable files
- How to see files greater than a specific size
- Kernel hardening: Disable and blacklist Linux modules
- Lynis stuck during testing
- PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
- PCI DSS Linux: No write access to shared system binaries
- Unused Linux Users: Delete or Keep Them?
free
G
gcc
gdb
getcap
getconf
getent
- How to test if an account has a password set?
- Is your /etc/hosts file healthy?
- The purpose of the /etc/networks file
- Unused Linux Users: Delete or Keep Them?
getfacl
getfattr
grep
- Configure a SSH welcome message or banner
- How to deal with Lynis suggestions?
- How to see all virtual hosts in nginx
- How to see the SSH log?
- How to show network TCP statistics and counters
- How to use grep (with examples)
- How to use Lynis
- Linux Security
- Lynis stuck during testing
- Network
- PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
- Protect Linux systems against SSLv3 Poodle vulnerability
- Systemd syscall filtering
- Test web server caching with curl
- Understanding what runs on your Linux system (and why)
groupadd
gzip
H
hdparm
head
hexdump
hostname
hostnamectl
htpasswd
hwinfo
I
ifconfig
iftop
- How to see active connections and bandwidth usage on Linux
- How to see the number of open connections on Linux
- iftop (Bandwidth usage monitor)
- Network
insmod
iosnoop
iostat
iotop
ip
- Filtering ARP traffic with Linux arptables
- How to clear the ARP cache on Linux?
- How to secure a Linux system
- How to see errors and dropped packets on a network interface on Linux
- How to see the default gateway on Linux
- How to see the the network IP address of your system
- ip cheat sheet
- Linux Audit: Auditing the Network Configuration
- Linux Security Guide for Hardening IPv6
- List network interfaces on Linux
- Network
- Networking
ip6tables
ipset
iptables
- Beginners guide to traffic filtering with nftables
- Block IP addresses in Linux with iptables
- Ubuntu system hardening guide for desktops and servers
J
jobs
journalctl
- Finding boot logs in systemd journals
- How to clear systemd journal logs by time
- How to limit the disk usage of the systemd journal
- How to see kernel messages with journalctl
- How to see logging for a specific unit or service
- How to see new log entries automatically with journalctl
- How to see only recent journal entries
- How to see the last X lines with journalctl
- How to see the size of the systemd journal
- How to see the SSH log?
- Troubleshooting a failed systemd unit (with examples)
- Understand and configure core dumps on Linux
jq
K
kill
- How to kill a zombie process
- How to stop all processes of a single user
- kill (Sending signals to processes)
- Kill a process that won't respond to CTRL+C
- lsof cheat sheet
- OpenSSH security and hardening
- Understand and configure core dumps on Linux
killall
L
last
less
logger
ls
- How to change file permissions
- How to display directory contents sorted by modification time
- How to find hard links or files that point to a specific file
- How to see hidden files
- How to see the size of a file
- How to see the version of Oracle Linux
- Linux Capabilities: Hardening Linux binaries by removing setuid
- Linux file permissions
- Methods to find the Linux distribution and version
- Understanding the output of the stat command
- Understanding what runs on your Linux system (and why)
lsb_release
lsblk
lscpu
- How to see CPU details
- lscpu (CPU information, virtualization features, CPU vulnerabilities)
lshw
lsmod
- Beginners guide to traffic filtering with nftables
- In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
- Kernel hardening: Disable and blacklist Linux modules
- Monitoring USB communications using usbmon interface
lsof
- Become a Linux auditor: tips to start with auditing the Linux platform
- Determine which processes need a restart with checkrestart/needrestart
- Hardening nginx with systemd security features
- lsof cheat sheet
- Which Linux process is using a particular network port?
lsusb
lynis
- How to create custom tests in Lynis
- How to keep Lynis up-to-date?
- How to update Lynis
- How to use Lynis
- How to use Lynis plugins
- Installation of Lynis on Arch Linux systems
- Lynis hardening index
- Troubleshooting guide for Lynis
- Unix security audit: Perform an audit in 3 minutes
- Viewing available test categories in Lynis
M
mkdir
- Granting temporary access to your servers (using signed SSH keys)
- Restrict SSH access to only allow rsync
- Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
modinfo
- Beginners guide to traffic filtering with nftables
- Kernel hardening: Disable and blacklist Linux modules
modprobe
mosh
mount
- Become a Linux auditor: tips to start with auditing the Linux platform
- Linux system hardening: adding hidepid to /proc mount point
mv
N
netcap command
- netcap command (Display available capabilities for running processes using network sockets)
netstat
- Conducting a Linux Server Security Audit
- In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
- List network interfaces on Linux
- Which Linux process is using a particular network port?
netstat -g
netstat -r
networkctl
nft
nginx
- Adding the Expires header to improve caching static content in nginx
- Hiding the nginx version number
- How to block POST requests in nginx
- How to log only some requests to a log file in nginx
- How to see all virtual hosts in nginx
- Nginx security hardening guide
- Securing nginx configurations: implementing OCSP stapling
nmap
nmcli
nstat
- How to show network TCP statistics and counters
- Network
- nstat (Network statistics and counters)
nvme
O
openssl
- Create random passwords with OpenSSL/LibreSSL
- Postfix Hardening Guide for Security and Privacy
- Protect Linux systems against SSLv3 Poodle vulnerability
- Random data
- Troubleshooting guide for Lynis
P
pacman
- Discover to which package a file belongs to
- How to show all installed packages with pacman
- pacman cheat sheet
passwd
pgrep
- How to kill a running process by its name
- How to see when a process was started
- How to show a running process name and its process ID (PID)
- Understanding what runs on your Linux system (and why)
pidof
- Hardening nginx with systemd security features
- How to find all process IDs by its process name
- How to see the cgroup of a process
- How to see when a process was started
- Swap memory information
pidstat
- pidstat (Monitoring CPU, memory, and disk activity)
- Troubleshooting CPU usage
- Understanding what runs on your Linux system (and why)
ping
ping6
pkill
- How to kill a running process by its name
- How to show a running process name and its process ID (PID)
postconf
postqueue
ps
- Auditing Linux processes: The Deep Dive!
- Become a Linux auditor: tips to start with auditing the Linux platform
- How to check if systemd is being used or active
- How to see cgroup in ps output
- How to see the cgroup of a process
- How to see when a process was started
- How to see when the system was started (uptime)
- PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
- Understanding memory information on Linux systems
- Understanding what runs on your Linux system (and why)
- Unused Linux Users: Delete or Keep Them?
pscap command
- pscap command (Display available capabilities for running processes)
pwck
- File Integrity of Password Files
- In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
pwscore
R
readlink
regex-rename
rename
resolvectl
- How to see which DNS server is used
- Network
- Networking
- resolvectl (Name resolution information from resolve daemon)
- Show to clear the DNS cache with systemd
rm
rmmod
rngd
rnr
route
rpm
- Become a Linux auditor: tips to start with auditing the Linux platform
- Conducting a Linux Server Security Audit
- Discover to which package a file belongs to
rpmbuild
rsync
run0
S
sed
- How to Disable "System program problem detected"
- How to insert a line at the beginning of a file
- How to remove trailing whitespace from a file
- Strip one or more characters from a variable or output
semanage
service
setarch
setcap
setfacl
- Plus sign in ls output
- Using File ACLs on Linux for Additional Security
- Using xattrs or Extended Attributes on Linux
setsebool
shred
shuf
smem
- smem (Memory usage)
- Swap memory information
sort
- How to find hard links or files that point to a specific file
- How to find the biggest directories on disk
- How to see all virtual hosts in nginx
- PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
- Swap memory information
- Systemd syscall filtering
ss
- Alternative for netstat: ss tool
- Conducting a Linux Server Security Audit
- Configuration and collecting of Linux audit events
- How to see open ports on Linux
- How to see the number of open connections on Linux
- How to see which process is using a port
- In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
- OpenSSH security and hardening
- ss cheat sheet
- Which Linux process is using a particular network port?
ssh
- Granting temporary access to your servers (using signed SSH keys)
- How to add a SSH key to the SSH agent
- How to disable the SSH host key check?
- How to disable the usage of the SSH agent
- How to find the OpenSSH version
- SSH client configuration
- SSH configuration files
- SSH ForwardAgent option
- SSH IdentityAgent option
- SSH PasswordAuthentication option
- SSH ProxyJump option
- SSH StrictHostKeyChecking option
- Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
- What is the purpose of the SSH agent?
ssh-add
- How to add a SSH key to the SSH agent
- How to see the available SSH keys in the OpenSSH authentication agent
- How to start the SSH agent?
- Using SSH keys instead of passwords
ssh-agent
ssh-copy-id
ssh-key
ssh-keygen
- Granting temporary access to your servers (using signed SSH keys)
- How to remove the passphrase from a SSH key
- Restrict SSH access to only allow rsync
- Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
- Using SSH keys instead of passwords
sshd
- Change SSH server port number
- Configure a SSH welcome message or banner
- How to test the sshd configuration for configuration errors?
- OpenSSH security and hardening
- SSH server configuration
stat
- How to see the creation date of a file
- How to see the size of a file
- Understanding the output of the stat command
strace
strings
sudo
sysctl
- Increase kernel integrity with disabled Linux kernel modules loading
- kernel.tainted
- Linux and ASLR: kernel/randomize_va_space
- Linux hardening with sysctl settings
- Linux kernel security and how to improve it
- Protect against ptrace of processes: kernel.yama.ptrace_scope
- Sysctl
- Sysctl: ipe.enforce
- Sysctl: ipe.success_audit
- Sysctl: kernel.perf_event_paranoid
- Sysctl: net.ipv4.ip_forward
- Understand and configure core dumps on Linux
systemctl
- Auditing systemd: solving failed units with systemctl
- Change SSH server port number
- Configure a SSH welcome message or banner
- Hardening nginx with systemd security features
- How to check if 'systemctl daemon-reload' is needed
- How to disable a systemd unit with systemctl
- How to limit the disk usage of the systemd journal
- How to override the settings of a systemd unit
- How to reload or restart a systemd service?
- How to see active systemd timers
- How to see all active systemd units of one type
- How to see all enabled services with systemctl
- How to see all masked units with systemctl
- How to see memory usage of a service with systemctl?
- How to see only running services with systemctl
- How to see the active settings of a systemd unit
- How to see the available systemd unit types
- How to see the dependencies of a systemd unit
- How to see when a process was started
- How to show failed units with systemctl
- How to start and enable a unit with systemctl
- How to use systemctl edit to change a service?
- Linux Security Guide for Hardening IPv6
- OpenSSH security and hardening
- RuntimeDirectoryMode setting
- Securing nginx configurations: implementing OCSP stapling
- Systemd features to secure units and services
- Systemd timers
- Systemd units and their purpose
- Troubleshooting a failed systemd unit (with examples)
- Understand and configure core dumps on Linux
- Using SSH keys instead of passwords
- What does systemctl daemon-reload do?
- What is a masked systemd unit?
- What is the difference between systemctl disable and systemctl mask?
- Why does systemctl list-units show units as 'not-found'?
systemd-analyze
- How to limit the disk usage of the systemd journal
- How to see which syscalls are part of a systemd syscall filter set
- How to verify a systemd unit for errors?
- systemd-analyze (Performance and security analyzer of systemd components)
systemd-run
T
tail
- Creating audit trails – Logging commands on Linux with Snoopy
- How to see the SSH log?
- Lynis stuck during testing
tar
tcpdump
test
timedatectl
- Configure the time zone (TZ) on Linux systems
- How to see the time synchronization details with timedatectl
tlsdate
top
touch
- Granting temporary access to your servers (using signed SSH keys)
- Set default file permissions on Linux with umask
tr
tzselect
U
udevadm
ulimit
umask
- Granting temporary access to your servers (using signed SSH keys)
- Set default file permissions on Linux with umask
uname
- Auditing Linux processes: The Deep Dive!
- How to check if your Arch Linux system needs a reboot
- Methods to find the Linux distribution and version
unattended-upgrade
uniq
uptime
V
vigr
vim
vipw
vmstat
- How to monitor disk activity (I/O) on Linux
- Swap memory information
- vmstat (virtual memory information, disk IO, CPU activity)