Commands overview

This command overview shows the Linux commands that are used within the articles on this blog. It helps seeing the commands being used and the type of output it may show.

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

A

aa-status

• Ubuntu system hardening guide for desktops and servers

ab

• Rate limit HTTP clients with nginx

adduser

• Restrict SSH access to only allow rsync

alias

• How to use grep (with examples)

apropos

• apropos: search keyword in available man pages (Find related man pages)

apt

• apt cheat sheet (Package manager)
• Creating audit trails – Logging commands on Linux with Snoopy
• Determine which processes need a restart with checkrestart/needrestart
• How to download a package with apt without installing it?
• How to remove a package with apt?
• How to remove unused packages with apt?
• How to see the dependencies of a package with apt?
• How to use Lynis
• Pre-compress static assets with Brotli and Gzip
• Troubleshooting a full /boot partition on Ubuntu
• Ubuntu system hardening guide for desktops and servers
• Using unattended-upgrades on Debian and Ubuntu

apt-check

• Linux vulnerabilities: from detection to treatment

apt-file

• apt cheat sheet (Package manager)
• apt-file: show information about packages and related files (Search tool for files belonging to packages)

arch-audit

• Show vulnerable packages on Arch Linux with arch-audit

arp

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• ip cheat sheet (Shows network configuration and information)

arptables

• Beginners guide to traffic filtering with nftables
• Filtering ARP traffic with Linux arptables

auditctl

• Configuring and auditing Linux systems with Audit daemon
• How to harden a systemd service unit
• Logging of administrative actions with root privileges
• Logging root actions by capturing execve system calls
• Monitor file access by Linux processes
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)
• Tuning auditd: high-performance Linux Auditing

auditctl

• Monitoring Linux File access, Changes and Data Modifications

aureport

• Linux Audit Framework: using aureport
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Tuning auditd: high-performance Linux Auditing

ausearch

• Configuring and auditing Linux systems with Audit daemon
• How to harden a systemd service unit
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Logging root actions by capturing execve system calls
• Monitor file access by Linux processes
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

ausyscall

• Auditing Linux processes: The Deep Dive!
• Monitoring Linux File access, Changes and Data Modifications

awk

• AWK cheat sheet (Performs data extraction and reporting from files)
• Discover to which package a file belongs to
• How to see all virtual hosts in nginx
• Linux host discovery with Nmap
• Linux password security: hashing rounds
• Password Security with Linux /etc/shadow file
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• RSS is cool! Some RSS feed readers are not (yet)...
• Strip one or more characters from a variable or output
• Swap memory information
• Systemd syscall filtering
• Test web server caching with curl

B

basename

• basename: strip directory and file extension or suffix from path (Strips directory and file name suffix from a given path)

blkid

• blkid command (Shows block device information)
• How to see the available hard disks

brotli

• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip

busctl

• How to see the systemd version?

C

capsh

• capsh command (Linux capabilities testing and debugging tool)
• Linux capabilities 101
• SecureBits setting

captest

• captest command (Capabilities and privilege escalation testing tool)
• Linux capabilities 101

cat

• Auditing Linux processes: The Deep Dive!
• How to see the cgroup of a process
• How to see the file type on Linux
• How to see the version of Oracle Linux
• Is your /etc/hosts file healthy?
• Linux capabilities 101
• Linux system hardening: adding hidepid to /proc mount point
• Livepatch: Linux kernel updates without rebooting
• Networking
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Understanding memory information on Linux systems
• Using xattrs or Extended Attributes on Linux
• Yum plugins: Available plugins and built-in security support

chage

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

chfn

• Set default file permissions on Linux with umask

chmod

• Finding setuid binaries on Linux and BSD
• How to change file permissions
• Introduction in Linux file permissions
• Linux file permissions
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• Restrict SSH access to only allow rsync
• Set default file permissions on Linux with umask

chown

• Linux capabilities 101

chrt

• chrt command (Sets Linux scheduler policy and priority for a process or command)

column

• ip cheat sheet (Shows network configuration and information)
• Linux password security: hashing rounds
• List network interfaces on Linux
• Password Security with Linux /etc/shadow file
• Swap memory information

compgen

• Check if a directory or file exists

cp

• Find differences between two daily Lynis audits

curl

• Adding the Expires header to improve caching static content in nginx
• Block HTTP requests for clients that don't offer data compression
• curl cheat sheet (Performs HTTP requests)
• Hiding the nginx version number
• How to see the IP address of your internet connection
• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip
• Rate limit HTTP clients with nginx
• Test web server caching with curl

D

deluser

• Unused Linux Users: Delete or Keep Them?

df

• How to see inode usage
• How to see used and free disk space
• Troubleshooting a full /boot partition on Ubuntu

diff

• Find differences between two daily Lynis audits
• How to compare two directories and find the differences
• Postfix Hardening Guide for Security and Privacy

dig

• dig cheat sheet (Performs DNS requests)
• How to see the IP address of your internet connection
• How to see the TTL value of a DNS record

dmesg

• dmesg: show log events from kernel ring buffer (Shows kernel log messages)
• How to use grep (with examples)
• Livepatch: Linux kernel updates without rebooting
• Understanding memory information on Linux systems
• What is a kernel ring buffer?

dmidecode

• dmidecode cheat sheet (Shows hardware information)
• How to see BIOS details on Linux?
• How to see hard disk specifications and details
• How to see memory information such as type and speed
• Understanding memory information on Linux systems

dnf

• Automatic Security Updates with DNF
• Discover to which package a file belongs to
• How to use Lynis
• List installed packages on a Linux system
• Showing Available Security Updates with DNF

dnscap

• How to see all DNS requests on the system?

dnstop

• How to see all DNS requests on the system?

dpkg

• Audit installed compilers and their packages
• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to
• Finding setuid binaries on Linux and BSD
• How to show all installed packages on Ubuntu
• List installed packages on a Linux system
• Postfix Hardening Guide for Security and Privacy
• Troubleshooting a full /boot partition on Ubuntu
• Using ClamAV for Linux PCI DSS requirement 5: Malware

dpkg-reconfigure

• Using unattended-upgrades on Debian and Ubuntu

du

• du cheat sheet (Shows disk size usage for paths)
• How to find the biggest directories on disk
• How to find when the last modification happened in a directory
• How to see files greater than a specific size
• How to see the size of a directory

E

ebtables

• Beginners guide to traffic filtering with nftables

echo

• Find differences between two daily Lynis audits
• How to securely delete a file and its contents
• Linux and ASLR: kernel/randomize_va_space
• Set default file permissions on Linux with umask

env

• How to protect yourself against Shellshock Bash vulnerability

equery

• Discover to which package a file belongs to

eval

• How to add a SSH key to the SSH agent

execsnoop

• Understanding what runs on your Linux system (and why)

F

fg

• Kill a process that won't respond to CTRL+C

file

• How to securely delete a file and its contents
• How to see the file type on Linux
• The 101 of ELF files on Linux: Understanding and Analysis
• Using encrypted documents with vim
• Yum plugins: Available plugins and built-in security support

filecap

• filecap command (Display of Linux capabilities set on binaries in paths)
• firejail command (Sandboxing tool for Linux)

find

• Discover to which package a file belongs to
• find cheat sheet (Searches specified paths or its meta-data)
• Finding setuid binaries on Linux and BSD
• How to find hard links or files that point to a specific file
• How to find symbolic links that point to a directory
• How to find writable files
• How to see files greater than a specific size
• Kernel hardening: Disable and blacklist Linux modules
• Lynis stuck during testing
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• PCI DSS Linux: No write access to shared system binaries
• Unused Linux Users: Delete or Keep Them?
• Yum plugins: Available plugins and built-in security support

firejail

• firejail command (Sandboxing tool for Linux)
• How to see all DNS requests on the system?

free

• Swap memory information
• Understanding memory information on Linux systems
• Understanding what runs on your Linux system (and why)

fuser

• fuser command (Show processes using a file or socket)

G

gcc

• Linux and ASLR: kernel/randomize_va_space
• ProtectClock setting
• The 101 of ELF files on Linux: Understanding and Analysis

gdb

• Understand and configure core dumps on Linux

getcap

• getcap command (Show file capabilities)
• Linux Capabilities: Hardening Linux binaries by removing setuid

getconf

• Linux capabilities 101

getent

• How to test if an account has a password set?
• Is your /etc/hosts file healthy?
• Password Security with Linux /etc/shadow file
• The purpose of the /etc/networks file
• Unused Linux Users: Delete or Keep Them?

getfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security
• Using xattrs or Extended Attributes on Linux

getfattr

• Using xattrs or Extended Attributes on Linux

getpcaps

• getpcaps command (Show process capabilities)
• Linux capabilities 101

grep

• Configure a SSH welcome message or banner
• How to deal with Lynis suggestions?
• How to find all unique words in a file?
• How to harden a systemd service unit
• How to see all virtual hosts in nginx
• How to see the SSH log?
• How to show network TCP statistics and counters
• How to use grep (with examples)
• How to use Lynis
• Linux guide to achieve PCI DSS compliance and certification
• Linux Security
• Lynis stuck during testing
• Network
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Protect Linux systems against SSLv3 Poodle vulnerability
• Systemd syscall filtering
• Test web server caching with curl
• Understanding what runs on your Linux system (and why)
• Using xattrs or Extended Attributes on Linux
• Yum plugins: Available plugins and built-in security support

groupadd

• Linux system hardening: adding hidepid to /proc mount point

gzip

• Pre-compress static assets with Brotli and Gzip

H

hdparm

• How to see hard disk specifications and details

head

• head: show first number of lines from a file (Show the first number of lines from a file)
• How to find the biggest directories on disk

hexdump

• The 101 of ELF files on Linux: Understanding and Analysis
• Understanding the output of the stat command

hostname

• Is your /etc/hosts file healthy?
• Linux Audit: Auditing the Network Configuration

hostnamectl

• How to show the systemd machine ID
• Linux Audit: Auditing the Network Configuration
• Methods to find the Linux distribution and version

htpasswd

• Nginx security hardening guide

hwinfo

• Understanding memory information on Linux systems

I

ifconfig

• ip cheat sheet (Shows network configuration and information)
• Linux Security Guide for Hardening IPv6
• List network interfaces on Linux

iftop

• How to see active connections and bandwidth usage on Linux
• How to see the number of open connections on Linux
• iftop (Bandwidth usage monitor)
• Network

insmod

• Increase kernel integrity with disabled Linux kernel modules loading

iosnoop

• Understanding what runs on your Linux system (and why)

iostat

• How to monitor disk activity (I/O) on Linux

iotop

• How to monitor disk activity (I/O) on Linux

ip

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• How to secure a Linux system
• How to see errors and dropped packets on a network interface on Linux
• How to see the default gateway on Linux
• How to see the the network IP address of your system
• ip cheat sheet (Shows network configuration and information)
• Linux Audit: Auditing the Network Configuration
• Linux Security Guide for Hardening IPv6
• List network interfaces on Linux
• Network
• Networking
• nstat (Network statistics and counters)

ip6tables

• Beginners guide to traffic filtering with nftables
• Block IP addresses in Linux with iptables

ipset

• Block IP addresses in Linux with iptables
• How to secure a Linux system

iptables

• Beginners guide to traffic filtering with nftables
• Block IP addresses in Linux with iptables
• Ubuntu system hardening guide for desktops and servers

J

jobs

• Kill a process that won't respond to CTRL+C

journalctl

• Finding boot logs in systemd journals
• How to clear systemd journal logs by time
• How to harden a systemd service unit
• How to limit the disk usage of the systemd journal
• How to see kernel messages with journalctl
• How to see logging for a specific unit or service
• How to see new log entries automatically with journalctl
• How to see only recent journal entries
• How to see the last X lines with journalctl
• How to see the size of the systemd journal
• How to see the SSH log?
• journalctl cheat sheet (Logging facility for Linux systems using systemd)
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux

jq

• ip cheat sheet (Shows network configuration and information)

K

kill

• How to kill a zombie process
• How to stop all processes of a single user
• kill (Sending signals to processes)
• Kill a process that won't respond to CTRL+C
• lsof cheat sheet (Shows open files and sockets)
• OpenSSH security and hardening
• Understand and configure core dumps on Linux

killall

• How to kill a running process by its name
• How to stop all processes of a single user

L

last

• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

ldd

• Linux guide to achieve PCI DSS compliance and certification
• The 101 of ELF files on Linux: Understanding and Analysis

less

• How to deal with Lynis suggestions?
• Unix security audit: Perform an audit in 3 minutes

logger

• Configuration and collecting of Linux audit events

ls

• How to change file permissions
• How to display directory contents sorted by modification time
• How to find hard links or files that point to a specific file
• How to see hidden files
• How to see the size of a file
• How to see the version of Oracle Linux
• Linux Capabilities: Hardening Linux binaries by removing setuid
• Linux file permissions
• Methods to find the Linux distribution and version
• Monitoring Linux Systems for Rootkits
• Understanding the output of the stat command
• Understanding what runs on your Linux system (and why)

lsb_release

• Methods to find the Linux distribution and version

lsblk

• How to see the available hard disks

lscpu

• How to see CPU details
• lscpu (CPU information, virtualization features, CPU vulnerabilities)

lsfd

• lsfd command (Shows open file descriptors for processes)

lshw

• How to see hard disk specifications and details
• How to see the available hard disks

lsmod

• Beginners guide to traffic filtering with nftables
• Kernel hardening: Disable and blacklist Linux modules
• Linux guide to achieve PCI DSS compliance and certification
• Monitoring Linux Systems for Rootkits
• Monitoring USB communications using usbmon interface

lsns

• lsns: show active Linux namespaces (Shows used namespaces)

lsof

• Become a Linux auditor: tips to start with auditing the Linux platform
• Determine which processes need a restart with checkrestart/needrestart
• Hardening nginx with systemd security features
• lsfd command (Shows open file descriptors for processes)
• lsof cheat sheet (Shows open files and sockets)
• Monitor file access by Linux processes
• Which Linux process is using a particular network port?

lsusb

• How to list all USB devices
• lsusb command (Show USB devices)
• Monitoring USB communications using usbmon interface

ltrace

• Monitor file access by Linux processes

lynis

• How to create custom tests in Lynis
• How to keep Lynis up-to-date?
• How to update Lynis
• How to use Lynis
• How to use Lynis plugins
• Installation of Lynis on Arch Linux systems
• lynis command (Performs a Linux security audit and configuration check)
• Lynis hardening index
• Troubleshooting guide for Lynis
• Unix security audit: Perform an audit in 3 minutes
• Viewing available test categories in Lynis

M

mail

• Postfix Hardening Guide for Security and Privacy

mkdir

• Granting temporary access to your servers (using signed SSH keys)
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

modinfo

• Beginners guide to traffic filtering with nftables
• Kernel hardening: Disable and blacklist Linux modules

modprobe

• Kernel hardening: Disable and blacklist Linux modules
• Monitoring USB communications using usbmon interface

mosh

• Mosh, the SSH Alternative Option for System Administration

mount

• Become a Linux auditor: tips to start with auditing the Linux platform
• Linux system hardening: adding hidepid to /proc mount point

mv

• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

N

netcap

• netcap command (Display available capabilities for running processes using network sockets)

netstat

• Conducting a Linux Server Security Audit
• ip cheat sheet (Shows network configuration and information)
• Linux guide to achieve PCI DSS compliance and certification
• List network interfaces on Linux
• Monitoring Linux Systems for Rootkits
• nstat (Network statistics and counters)
• Which Linux process is using a particular network port?

networkctl

• Linux Audit: Auditing the Network Configuration

nft

• Exporting nftables rules and configuration

nginx

• Adding the Expires header to improve caching static content in nginx
• Block HTTP requests for clients that don't offer data compression
• Hiding the nginx version number
• How to block POST requests in nginx
• How to log only some requests to a log file in nginx
• How to see all virtual hosts in nginx
• Nginx security hardening guide
• Rate limit HTTP clients with nginx
• Securing nginx configurations: implementing OCSP stapling

nice

• Linux kernel scheduler
• nice: start a command with specified priority (Runs commands with specified priority)

nmap

• Linux host discovery with Nmap

nmcli

• Linux Security Guide for Hardening IPv6

nstat

• How to show network TCP statistics and counters
• Network
• nstat (Network statistics and counters)

ntpdate

• Troubleshooting Linux Time Synchronization with NTP

ntpq

• Troubleshooting Linux Time Synchronization with NTP

numactl

• Explanation of the values in /proc/PID/sched
• numactl: control NUMA policy for processes and shared memory (Controls NUMA policy for processes and shared memory)

numastat

• Explanation of the values in /proc/PID/sched

nvme

• How to see hard disk specifications and details

O

objdump

• The 101 of ELF files on Linux: Understanding and Analysis

openssl

• Create random passwords with OpenSSL/LibreSSL
• Postfix Hardening Guide for Security and Privacy
• Protect Linux systems against SSLv3 Poodle vulnerability
• Random data
• Troubleshooting guide for Lynis

P

pacman

• Discover to which package a file belongs to
• How to show all installed packages with pacman
• pacman cheat sheet (Package manager)
• Using ClamAV for Linux PCI DSS requirement 5: Malware

pam_tally2

• Locking users after X failed login attempts with pam_tally2

passwd

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

peekfd

• peekfd command (Tracks a process and show file descriptor activity)

pgrep

• How to kill a running process by its name
• How to see when a process was started
• How to show a running process name and its process ID (PID)
• Linux capabilities 101
• Understanding what runs on your Linux system (and why)

pidof

• Hardening nginx with systemd security features
• How to find all process IDs by its process name
• How to see the cgroup of a process
• How to see when a process was started
• pidof: retrieve PID when searching for process names (Returns process IDs for a process name)
• Swap memory information

pidstat

• pidstat (Monitoring CPU, memory, and disk activity)
• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

pidwait

• pidwait command (Wait for process to stop)

ping

• firejail command (Sandboxing tool for Linux)
• Linux Capabilities: Hardening Linux binaries by removing setuid
• Network

ping6

• Linux Security Guide for Hardening IPv6

pkill

• How to kill a running process by its name
• How to show a running process name and its process ID (PID)

pmap

• pmap command (Shows memory mapping of process)

postconf

• Postfix Hardening Guide for Security and Privacy

postqueue

• Postfix Hardening Guide for Security and Privacy

prtstat

• prtstat command (Shows process details for selected process like state, CPU and memory usage)

ps

• Auditing Linux processes: The Deep Dive!
• Become a Linux auditor: tips to start with auditing the Linux platform
• How to check if systemd is being used or active
• How to see cgroup in ps output
• How to see the cgroup of a process
• How to see when a process was started
• How to see when the system was started (uptime)
• Linux system hardening: adding hidepid to /proc mount point
• Monitoring Linux Systems for Rootkits
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• SecureBits setting
• Understanding memory information on Linux systems
• Understanding what runs on your Linux system (and why)
• Unused Linux Users: Delete or Keep Them?

pscap

• pscap command (Display available capabilities for running processes)

pslog

• pslog command (Shows which log files a process has opened)

pstree

• pstree command (Show active processes and children like a tree)

pwck

• File Integrity of Password Files
• Linux guide to achieve PCI DSS compliance and certification
• Password Security with Linux /etc/shadow file

pwdx

• pwdx command (Shows current working directory of a process)

pwscore

• Configure the minimum password length on Linux systems

R

rdate

• Troubleshooting Linux Time Synchronization with NTP

readelf

• The 101 of ELF files on Linux: Understanding and Analysis

readlink

• Configure the time zone (TZ) on Linux systems

regex-rename

• Linux tools to bulk rename files

rename

• Linux tools to bulk rename files

renice

• Explanation of the values in /proc/PID/sched
• renice: change scheduler priority of a running process (Changes the priority of running processes)

repoquery

• Yum plugins: Available plugins and built-in security support

resolvectl

• How to see which DNS server is used
• Network
• Networking
• resolvectl (Name resolution information from resolve daemon)
• Show to clear the DNS cache with systemd

rev

• rev command (Shows text in reverse order)

rm

• How to securely delete a file and its contents

rmmod

• Increase kernel integrity with disabled Linux kernel modules loading

rngd

• GPG key generation: Not enough random bytes available

rnr

• Linux tools to bulk rename files

route

• ip cheat sheet (Shows network configuration and information)

rpm

• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to
• Using ClamAV for Linux PCI DSS requirement 5: Malware

rpmbuild

• How to update Lynis

rsync

• Restrict SSH access to only allow rsync

run0

• How to disable the background color of run0
• run0 cheat sheet (Executes commands with additional privileges)
• Run0: introduction and usage
• What is run0?

S

sed

• How to Disable "System program problem detected"
• How to insert a line at the beginning of a file
• How to remove trailing whitespace from a file
• Strip one or more characters from a variable or output

semanage

• Change SSH server port number

service

• Hiding the nginx version number
• Linux Security Guide for Hardening IPv6

setarch

• Linux and ASLR: kernel/randomize_va_space

setcap

• Linux Capabilities: Hardening Linux binaries by removing setuid
• setcap command (Add or remove Linux capabilities to a file)

setfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security
• Using xattrs or Extended Attributes on Linux

setsebool

• Installing ClamAV on CentOS 7 and Using Freshclam

shred

• How to securely delete a file and its contents

shuf

• Random data

slabtop

• slabtop: showing memory slab usage for the Linux kernel (Shows slab usage of kernel)

smem

• smem (Show memory usage including swap)
• Swap memory information

sort

• How to find all unique words in a file?
• How to find hard links or files that point to a specific file
• How to find the biggest directories on disk
• How to see all virtual hosts in nginx
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Swap memory information
• Systemd syscall filtering

ss

• Alternative for netstat: ss tool
• Conducting a Linux Server Security Audit
• Configuration and collecting of Linux audit events
• How to see open ports on Linux
• How to see the number of open connections on Linux
• How to see which process is using a port
• Linux guide to achieve PCI DSS compliance and certification
• OpenSSH security and hardening
• ss cheat sheet (Shows information about sockets)
• Which Linux process is using a particular network port?

ssh

• Granting temporary access to your servers (using signed SSH keys)
• How to add a SSH key to the SSH agent
• How to disable the SSH host key check?
• How to disable the usage of the SSH agent
• How to find the OpenSSH version
• SSH client configuration
• SSH configuration files
• SSH ForwardAgent option
• SSH IdentityAgent option
• SSH PasswordAuthentication option
• SSH ProxyJump option
• SSH StrictHostKeyChecking option
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• What is the purpose of the SSH agent?

ssh-add

• How to add a SSH key to the SSH agent
• How to see the available SSH keys in the OpenSSH authentication agent
• How to start the SSH agent?
• Using SSH keys instead of passwords

ssh-agent

• How to start the SSH agent?
• What is the purpose of the SSH agent?

ssh-copy-id

• Distributing SSH keys: using ssh-copy-id, manually, or automated
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• Using SSH keys instead of passwords

ssh-key

• How to see the available SSH keys in the OpenSSH authentication agent

ssh-keygen

• Granting temporary access to your servers (using signed SSH keys)
• How to remove the passphrase from a SSH key
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• Using SSH keys instead of passwords

sshd

• Change SSH server port number
• Configure a SSH welcome message or banner
• How to test the sshd configuration for configuration errors?
• Locking users after X failed login attempts with pam_tally2
• OpenSSH security and hardening
• SSH server configuration

stat

• How to see the creation date of a file
• How to see the size of a file
• Understanding the output of the stat command

strace

• How to harden a systemd service unit
• Is your /etc/hosts file healthy?
• Monitor file access by Linux processes
• ProtectClock setting
• RestrictNamespaces setting
• strace cheat sheet (Inspects running process)
• Troubleshooting a failed systemd unit (with examples)
• Which Linux process is using a particular network port?

strings

• Hardening nginx with systemd security features
• How to harden a systemd service unit
• RestrictNamespaces setting
• Systemd syscall filtering

sudo

• How to Disable "System program problem detected"
• Logging of administrative actions with root privileges
• SecureBits setting

sysctl

• Explanation of the values in /proc/PID/sched
• Increase kernel integrity with disabled Linux kernel modules loading
• kernel.sched_schedstats
• kernel.tainted
• Linux and ASLR: kernel/randomize_va_space
• Linux hardening with sysctl settings
• Linux kernel scheduler
• Linux kernel security and how to improve it
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Sysctl
• Sysctl: ipe.enforce
• Sysctl: ipe.success_audit
• Sysctl: kernel.perf_event_paranoid
• Sysctl: net.ipv4.ip_forward
• Understand and configure core dumps on Linux

systemctl

• Auditing systemd: solving failed units with systemctl
• Block HTTP requests for clients that don't offer data compression
• Change SSH server port number
• Configure a SSH welcome message or banner
• Hardening nginx with systemd security features
• How to check if 'systemctl daemon-reload' is needed
• How to disable a systemd unit with systemctl
• How to harden a systemd service unit
• How to limit the disk usage of the systemd journal
• How to list all services with systemctl?
• How to override the settings of a systemd unit
• How to reload or restart a systemd service?
• How to see active systemd timers
• How to see all active systemd units of one type
• How to see all enabled services with systemctl
• How to see all masked units with systemctl
• How to see memory usage of a service with systemctl?
• How to see only running services with systemctl
• How to see the active settings of a systemd unit
• How to see the available systemd unit types
• How to see the dependencies of a systemd unit
• How to see the systemd version?
• How to see when a process was started
• How to show failed units with systemctl
• How to start and enable a unit with systemctl
• How to use systemctl edit to change a service?
• Linux Security Guide for Hardening IPv6
• Locking users after X failed login attempts with pam_tally2
• OpenSSH security and hardening
• Rate limit HTTP clients with nginx
• RuntimeDirectoryMode setting
• Securing nginx configurations: implementing OCSP stapling
• systemctl cheat sheet (Interfaces with systemd components)
• Systemd features to secure units and services
• Systemd timers
• Systemd units and their purpose
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux
• Using SSH keys instead of passwords
• What does systemctl daemon-reload do?
• What is a masked systemd unit?
• What is the difference between systemctl disable and systemctl mask?
• Why does systemctl list-units show units as 'not-found'?

systemd-analyze

• How to limit the disk usage of the systemd journal
• How to see which syscalls are part of a systemd syscall filter set
• How to verify a systemd unit for errors?
• systemd-analyze (Performance and security analyzer of systemd components)

systemd-run

• PrivateNetwork setting
• PrivatePIDs setting
• PrivateTmp setting
• PrivateUsers setting
• ProtectClock setting
• SecureBits setting
• UMask setting

T

tail

• Creating audit trails – Logging commands on Linux with Snoopy
• How to see the SSH log?
• Lynis stuck during testing

tar

• How to use Lynis
• Postfix Hardening Guide for Security and Privacy
• tar cheat sheet (Creates or unpacks file archives)

tcpdump

• BPFILTER: the next-generation Linux firewall
• How to see all DNS requests on the system?
• iftop (Bandwidth usage monitor)
• tcpdump cheat sheet (Monitors network traffic on specified interface)

test

• Check if a directory or file exists

timedatectl

• Configure the time zone (TZ) on Linux systems
• How to see the time synchronization details with timedatectl

tlsdate

• tlsdate: The Secure Alternative for ntpd, ntpdate and rdate

top

• Linux system hardening: adding hidepid to /proc mount point
• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

touch

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

tr

• How to see all virtual hosts in nginx
• Strip one or more characters from a variable or output

tshark

• Monitoring USB communications using usbmon interface

tzselect

• Configure the time zone (TZ) on Linux systems

U

udevadm

• How to list all USB devices

ulimit

• Understand and configure core dumps on Linux

umask

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

uname

• Auditing Linux processes: The Deep Dive!
• How to check if your Arch Linux system needs a reboot
• Kernel hardening: Disable and blacklist Linux modules
• Methods to find the Linux distribution and version
• uname: show basic system information (Shows basic system information)

unattended-upgrade

• Linux vulnerabilities: from detection to treatment
• Upgrading External Packages with unattended-upgrade
• Using unattended-upgrades on Debian and Ubuntu

uniq

• How to find all unique words in a file?
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Systemd syscall filtering

units

• units command (Converts a unit into another one, like from Celcius to Fahrenheit)

unix-privesc-check

• Understanding Linux privilege escalation and defending against it

uptime

• How to see when the system was started (uptime)
• uptime command (Shows uptime of system)

V

vigr

• File Integrity of Password Files

vim

• Using encrypted documents with vim

vipw

• File Integrity of Password Files

vmstat

• How to monitor disk activity (I/O) on Linux
• Swap memory information
• Understanding memory information on Linux systems
• vmstat: system statistics about memory, processes, disks, block IO, CPU, and more (Shows virtual memory information, disk IO, CPU activity)

W

watch

• watch command (Monitors changes in output of specified command)

wget

• How to use Lynis

whatis

• whatis: show one-line description for keyword (Shows small description of matched entries in man pages)

which

• Discover to which package a file belongs to
• How to harden a systemd service unit

X

xattr

• Using xattrs or Extended Attributes on Linux

xmllint

• Linux host discovery with Nmap

Y

yaourt

• Installation of Lynis on Arch Linux systems

yum

• Audit installed compilers and their packages
• Auditing Linux: Software Packages and Managers
• Discover to which package a file belongs to
• How to protect yourself against Shellshock Bash vulnerability
• Yum plugins: Available plugins and built-in security support

Z

zgrep

• How to use grep (with examples)

zypper

• Audit SuSE with zypper: vulnerable packages
• Discover to which package a file belongs to
• Linux vulnerabilities: from detection to treatment
• List installed packages on a Linux system