Commands overview

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

Many Linux commands are used within the articles, with some having their own detailed page, such as the cheat sheets.

A

aa-status

• Ubuntu system hardening guide for desktops and servers

ab

• Rate limit HTTP clients with nginx

adduser

• Restrict SSH access to only allow rsync

alias

• How to use grep (with examples)

apropos

• apropos: search keyword in available man pages (Find related man pages)

apt

• apt cheat sheet (Package manager)
• Creating audit trails – Logging commands on Linux with Snoopy
• Determine which processes need a restart with checkrestart/needrestart
• How to download a package with apt without installing it?
• How to remove a package with apt?
• How to remove unused packages with apt?
• How to see the dependencies of a package with apt?
• How to use Lynis
• Pre-compress static assets with Brotli and Gzip
• Troubleshooting a full /boot partition on Ubuntu
• Ubuntu system hardening guide for desktops and servers
• Using unattended-upgrades on Debian and Ubuntu

apt-check

• Linux vulnerabilities: from detection to treatment

apt-file

• apt cheat sheet (Package manager)
• apt-file: show information about packages and related files (Search tool for files belonging to packages)

arch-audit

• Show vulnerable packages on Arch Linux with arch-audit

arp

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• ip cheat sheet (Shows network configuration and information)

arptables

• Beginners guide to traffic filtering with nftables
• Filtering ARP traffic with Linux arptables

auditctl

• Configuring and auditing Linux systems with Audit daemon
• How to harden a systemd service unit
• Logging of administrative actions with root privileges
• Logging root actions by capturing execve system calls
• Monitor file access by Linux processes
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)
• Tuning auditd: high-performance Linux Auditing

auditctl

• Monitoring Linux File access, Changes and Data Modifications

aureport

• Linux Audit Framework: using aureport
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Tuning auditd: high-performance Linux Auditing

ausearch

• Configuring and auditing Linux systems with Audit daemon
• How to harden a systemd service unit
• Linux audit log: dealing with audit.log file
• Linux audit: Log files in /var/log/audit
• Logging root actions by capturing execve system calls
• Monitor file access by Linux processes
• Monitoring Linux File access, Changes and Data Modifications
• PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

ausyscall

• Auditing Linux processes: The Deep Dive!
• Monitoring Linux File access, Changes and Data Modifications

awk

• AWK cheat sheet (Performs data extraction and reporting from files)
• Discover to which package a file belongs to
• How to see all virtual hosts in nginx
• Linux host discovery with Nmap
• Linux password security: hashing rounds
• Password Security with Linux /etc/shadow file
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• RSS is cool! Some RSS feed readers are not (yet)...
• Strip one or more characters from a variable or output
• Swap memory information
• Systemd syscall filtering
• Test web server caching with curl

B

basename

• basename: strip directory and file extension or suffix from path (Strips directory and file name suffix from a given path)

blkid

• blkid command (Shows block device information)
• How to see the available hard disks

brotli

• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip

busctl

• How to see the systemd version?

C

capsh

• capsh command (Linux capabilities testing and debugging tool)
• Linux capabilities 101
• SecureBits setting

captest

• captest command (Capabilities and privilege escalation testing tool)
• Linux capabilities 101

cat

• Auditing Linux processes: The Deep Dive!
• How to see the cgroup of a process
• How to see the file type on Linux
• How to see the version of Oracle Linux
• Is your /etc/hosts file healthy?
• Linux capabilities 101
• Linux system hardening: adding hidepid to /proc mount point
• Livepatch: Linux kernel updates without rebooting
• Networking
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Understanding memory information on Linux systems
• Using xattrs or Extended Attributes on Linux
• Yum plugins: Available plugins and built-in security support

chage

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

chfn

• Set default file permissions on Linux with umask

chmod

• Finding setuid binaries on Linux and BSD
• How to change file permissions
• Introduction in Linux file permissions
• Linux file permissions
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• Restrict SSH access to only allow rsync
• Set default file permissions on Linux with umask

chown

• Linux capabilities 101

chrt

• chrt command (Sets Linux scheduler policy and priority for a process or command)

column

• ip cheat sheet (Shows network configuration and information)
• Linux password security: hashing rounds
• List network interfaces on Linux
• Password Security with Linux /etc/shadow file
• Swap memory information

compgen

• Check if a directory or file exists

cp

• Find differences between two daily Lynis audits

curl

• Adding the Expires header to improve caching static content in nginx
• Block HTTP requests for clients that don't offer data compression
• curl cheat sheet (Performs HTTP requests)
• Hiding the nginx version number
• How to see the IP address of your internet connection
• How to test if a website supports Brotli or Gzip compression
• Pre-compress static assets with Brotli and Gzip
• Rate limit HTTP clients with nginx
• Test web server caching with curl

D

deluser

• Unused Linux Users: Delete or Keep Them?

df

• How to see inode usage
• How to see used and free disk space
• Troubleshooting a full /boot partition on Ubuntu

diff

• Find differences between two daily Lynis audits
• How to compare two directories and find the differences
• Postfix Hardening Guide for Security and Privacy

dig

• dig cheat sheet (Performs DNS requests)
• How to see the IP address of your internet connection
• How to see the TTL value of a DNS record

dmesg

• dmesg: show log events from kernel ring buffer (Shows kernel log messages)
• How to use grep (with examples)
• Livepatch: Linux kernel updates without rebooting
• Understanding memory information on Linux systems
• What is a kernel ring buffer?

dmidecode

• dmidecode cheat sheet (Shows hardware information)
• How to see BIOS details on Linux?
• How to see hard disk specifications and details
• How to see memory information such as type and speed
• Understanding memory information on Linux systems

dnf

• Automatic Security Updates with DNF
• Discover to which package a file belongs to
• How to use Lynis
• List installed packages on a Linux system
• Showing Available Security Updates with DNF

dnscap

• How to see all DNS requests on the system?

dnstop

• How to see all DNS requests on the system?

dpkg

• Audit installed compilers and their packages
• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to
• Finding setuid binaries on Linux and BSD
• How to show all installed packages on Ubuntu
• List installed packages on a Linux system
• Postfix Hardening Guide for Security and Privacy
• Troubleshooting a full /boot partition on Ubuntu
• Using ClamAV for Linux PCI DSS requirement 5: Malware

dpkg-reconfigure

• Using unattended-upgrades on Debian and Ubuntu

du

• du cheat sheet (Shows disk size usage for paths)
• How to find the biggest directories on disk
• How to find when the last modification happened in a directory
• How to see files greater than a specific size
• How to see the size of a directory

E

ebtables

• Beginners guide to traffic filtering with nftables

echo

• Find differences between two daily Lynis audits
• How to securely delete a file and its contents
• Linux and ASLR: kernel/randomize_va_space
• Set default file permissions on Linux with umask

env

• How to protect yourself against Shellshock Bash vulnerability

equery

• Discover to which package a file belongs to

eval

• How to add a SSH key to the SSH agent

execsnoop

• Understanding what runs on your Linux system (and why)

F

fg

• Kill a process that won't respond to CTRL+C

file

• How to securely delete a file and its contents
• How to see the file type on Linux
• The 101 of ELF files on Linux: Understanding and Analysis
• Using encrypted documents with vim
• Yum plugins: Available plugins and built-in security support

filecap

• filecap command (Display of Linux capabilities set on binaries in paths)
• firejail command (Sandboxing tool for Linux)

find

• Discover to which package a file belongs to
• find cheat sheet (Searches specified paths or its meta-data)
• Finding setuid binaries on Linux and BSD
• How to find hard links or files that point to a specific file
• How to find symbolic links that point to a directory
• How to find writable files
• How to see files greater than a specific size
• Kernel hardening: Disable and blacklist Linux modules
• Lynis stuck during testing
• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)
• PCI DSS Linux: No write access to shared system binaries
• Unused Linux Users: Delete or Keep Them?
• Yum plugins: Available plugins and built-in security support

firejail

• firejail command (Sandboxing tool for Linux)
• How to see all DNS requests on the system?

free

• Swap memory information
• Understanding memory information on Linux systems
• Understanding what runs on your Linux system (and why)

fuser

• fuser command (Show processes using a file or socket)

G

gcc

• Linux and ASLR: kernel/randomize_va_space
• ProtectClock setting
• The 101 of ELF files on Linux: Understanding and Analysis

gdb

• Understand and configure core dumps on Linux

getcap

• getcap command (Show file capabilities)
• Linux Capabilities: Hardening Linux binaries by removing setuid

getconf

• Linux capabilities 101

getent

• How to test if an account has a password set?
• Is your /etc/hosts file healthy?
• Password Security with Linux /etc/shadow file
• The purpose of the /etc/networks file
• Unused Linux Users: Delete or Keep Them?

getfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security
• Using xattrs or Extended Attributes on Linux

getfattr

• Using xattrs or Extended Attributes on Linux

getpcaps

• getpcaps command (Show process capabilities)
• Linux capabilities 101

grep

• Configure a SSH welcome message or banner
• How to deal with Lynis suggestions?
• How to find all unique words in a file?
• How to harden a systemd service unit
• How to see all virtual hosts in nginx
• How to see the SSH log?
• How to show network TCP statistics and counters
• How to use grep (with examples)
• How to use Lynis
• Linux guide to achieve PCI DSS compliance and certification
• Linux Security
• Lynis stuck during testing
• Network
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Protect Linux systems against SSLv3 Poodle vulnerability
• Systemd syscall filtering
• Test web server caching with curl
• Understanding what runs on your Linux system (and why)
• Using xattrs or Extended Attributes on Linux
• Yum plugins: Available plugins and built-in security support

groupadd

• Linux system hardening: adding hidepid to /proc mount point

gzip

• Pre-compress static assets with Brotli and Gzip

H

hdparm

• How to see hard disk specifications and details

head

• head: show first number of lines from a file (Show the first number of lines from a file)
• How to find the biggest directories on disk

hexdump

• The 101 of ELF files on Linux: Understanding and Analysis
• Understanding the output of the stat command

hostname

• Is your /etc/hosts file healthy?
• Linux Audit: Auditing the Network Configuration

hostnamectl

• How to show the systemd machine ID
• Linux Audit: Auditing the Network Configuration
• Methods to find the Linux distribution and version

htpasswd

• Nginx security hardening guide

hwinfo

• Understanding memory information on Linux systems

I

ifconfig

• ip cheat sheet (Shows network configuration and information)
• Linux Security Guide for Hardening IPv6
• List network interfaces on Linux

iftop

• How to see active connections and bandwidth usage on Linux
• How to see the number of open connections on Linux
• iftop (Bandwidth usage monitor)
• Network

insmod

• Increase kernel integrity with disabled Linux kernel modules loading

iosnoop

• Understanding what runs on your Linux system (and why)

iostat

• How to monitor disk activity (I/O) on Linux

iotop

• How to monitor disk activity (I/O) on Linux

ip

• Filtering ARP traffic with Linux arptables
• How to clear the ARP cache on Linux?
• How to secure a Linux system
• How to see errors and dropped packets on a network interface on Linux
• How to see the default gateway on Linux
• How to see the the network IP address of your system
• ip cheat sheet (Shows network configuration and information)
• Linux Audit: Auditing the Network Configuration
• Linux Security Guide for Hardening IPv6
• List network interfaces on Linux
• Network
• Networking
• nstat (Network statistics and counters)

ip6tables

• Beginners guide to traffic filtering with nftables
• Block IP addresses in Linux with iptables

ipset

• Block IP addresses in Linux with iptables
• How to secure a Linux system

iptables

• Beginners guide to traffic filtering with nftables
• Block IP addresses in Linux with iptables
• Ubuntu system hardening guide for desktops and servers

J

jobs

• Kill a process that won't respond to CTRL+C

journalctl

• Finding boot logs in systemd journals
• How to clear systemd journal logs by time
• How to harden a systemd service unit
• How to limit the disk usage of the systemd journal
• How to see kernel messages with journalctl
• How to see logging for a specific unit or service
• How to see new log entries automatically with journalctl
• How to see only recent journal entries
• How to see the last X lines with journalctl
• How to see the size of the systemd journal
• How to see the SSH log?
• journalctl cheat sheet (Logging facility for Linux systems using systemd)
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux

jq

• ip cheat sheet (Shows network configuration and information)

K

kill

• How to kill a zombie process
• How to stop all processes of a single user
• kill (Sending signals to processes)
• Kill a process that won't respond to CTRL+C
• lsof cheat sheet (Shows open files and sockets)
• OpenSSH security and hardening
• Understand and configure core dumps on Linux

killall

• How to kill a running process by its name
• How to stop all processes of a single user

L

last

• PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

ldd

• Linux guide to achieve PCI DSS compliance and certification
• The 101 of ELF files on Linux: Understanding and Analysis

less

• How to deal with Lynis suggestions?
• Unix security audit: Perform an audit in 3 minutes

logger

• Configuration and collecting of Linux audit events

ls

• How to change file permissions
• How to display directory contents sorted by modification time
• How to find hard links or files that point to a specific file
• How to see hidden files
• How to see the size of a file
• How to see the version of Oracle Linux
• Linux Capabilities: Hardening Linux binaries by removing setuid
• Linux file permissions
• Methods to find the Linux distribution and version
• Monitoring Linux Systems for Rootkits
• Understanding the output of the stat command
• Understanding what runs on your Linux system (and why)

lsb_release

• Methods to find the Linux distribution and version

lsblk

• How to see the available hard disks

lscpu

• How to see CPU details
• lscpu (CPU information, virtualization features, CPU vulnerabilities)

lsfd

• lsfd command (Shows open file descriptors for processes)

lshw

• How to see hard disk specifications and details
• How to see the available hard disks

lsmod

• Beginners guide to traffic filtering with nftables
• Kernel hardening: Disable and blacklist Linux modules
• Linux guide to achieve PCI DSS compliance and certification
• Monitoring Linux Systems for Rootkits
• Monitoring USB communications using usbmon interface

lsns

• lsns: show active Linux namespaces (Shows used namespaces)

lsof

• Become a Linux auditor: tips to start with auditing the Linux platform
• Determine which processes need a restart with checkrestart/needrestart
• Hardening nginx with systemd security features
• lsfd command (Shows open file descriptors for processes)
• lsof cheat sheet (Shows open files and sockets)
• Monitor file access by Linux processes
• Which Linux process is using a particular network port?

lsusb

• How to list all USB devices
• lsusb command (Show USB devices)
• Monitoring USB communications using usbmon interface

ltrace

• Monitor file access by Linux processes

lynis

• How to create custom tests in Lynis
• How to keep Lynis up-to-date?
• How to update Lynis
• How to use Lynis
• How to use Lynis plugins
• Installation of Lynis on Arch Linux systems
• lynis command (Performs a Linux security audit and configuration check)
• Lynis hardening index
• Troubleshooting guide for Lynis
• Unix security audit: Perform an audit in 3 minutes
• Viewing available test categories in Lynis

M

mail

• Postfix Hardening Guide for Security and Privacy

mkdir

• Granting temporary access to your servers (using signed SSH keys)
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

modinfo

• Beginners guide to traffic filtering with nftables
• Kernel hardening: Disable and blacklist Linux modules

modprobe

• Kernel hardening: Disable and blacklist Linux modules
• Monitoring USB communications using usbmon interface

mosh

• Mosh, the SSH Alternative Option for System Administration

mount

• Become a Linux auditor: tips to start with auditing the Linux platform
• Linux system hardening: adding hidepid to /proc mount point

mv

• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

N

netcap

• netcap command (Display available capabilities for running processes using network sockets)

netstat

• Conducting a Linux Server Security Audit
• ip cheat sheet (Shows network configuration and information)
• Linux guide to achieve PCI DSS compliance and certification
• List network interfaces on Linux
• Monitoring Linux Systems for Rootkits
• nstat (Network statistics and counters)
• Which Linux process is using a particular network port?

networkctl

• Linux Audit: Auditing the Network Configuration

nft

• Exporting nftables rules and configuration

nginx

• Adding the Expires header to improve caching static content in nginx
• Block HTTP requests for clients that don't offer data compression
• Hiding the nginx version number
• How to block POST requests in nginx
• How to log only some requests to a log file in nginx
• How to see all virtual hosts in nginx
• Nginx security hardening guide
• Rate limit HTTP clients with nginx
• Securing nginx configurations: implementing OCSP stapling

nice

• Linux kernel scheduler
• nice: start a command with specified priority (Runs commands with specified priority)

nmap

• Linux host discovery with Nmap

nmcli

• Linux Security Guide for Hardening IPv6

nstat

• How to show network TCP statistics and counters
• Network
• nstat (Network statistics and counters)

ntpdate

• Troubleshooting Linux Time Synchronization with NTP

ntpq

• Troubleshooting Linux Time Synchronization with NTP

numactl

• Explanation of the values in /proc/PID/sched
• numactl: control NUMA policy for processes and shared memory (Controls NUMA policy for processes and shared memory)

numastat

• Explanation of the values in /proc/PID/sched

nvme

• How to see hard disk specifications and details

O

objdump

• The 101 of ELF files on Linux: Understanding and Analysis

openssl

• Create random passwords with OpenSSL/LibreSSL
• Postfix Hardening Guide for Security and Privacy
• Protect Linux systems against SSLv3 Poodle vulnerability
• Random data
• Troubleshooting guide for Lynis

P

pacman

• Discover to which package a file belongs to
• How to show all installed packages with pacman
• pacman cheat sheet (Package manager)
• Using ClamAV for Linux PCI DSS requirement 5: Malware

pam_tally2

• Locking users after X failed login attempts with pam_tally2

passwd

• How to test if an account has a password set?
• Unused Linux Users: Delete or Keep Them?

peekfd

• peekfd command (Tracks a process and show file descriptor activity)

pgrep

• How to kill a running process by its name
• How to see when a process was started
• How to show a running process name and its process ID (PID)
• Linux capabilities 101
• Understanding what runs on your Linux system (and why)

pidof

• Hardening nginx with systemd security features
• How to find all process IDs by its process name
• How to see the cgroup of a process
• How to see when a process was started
• pidof: retrieve PID when searching for process names (Returns process IDs for a process name)
• Swap memory information

pidstat

• pidstat (Monitoring CPU, memory, and disk activity)
• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

pidwait

• pidwait command (Wait for process to stop)

ping

• firejail command (Sandboxing tool for Linux)
• Linux Capabilities: Hardening Linux binaries by removing setuid
• Network

ping6

• Linux Security Guide for Hardening IPv6

pkill

• How to kill a running process by its name
• How to show a running process name and its process ID (PID)

pmap

• pmap command (Shows memory mapping of process)

postconf

• Postfix Hardening Guide for Security and Privacy

postqueue

• Postfix Hardening Guide for Security and Privacy

prtstat

• prtstat command (Shows process details for selected process like state, CPU and memory usage)

ps

• Auditing Linux processes: The Deep Dive!
• Become a Linux auditor: tips to start with auditing the Linux platform
• How to check if systemd is being used or active
• How to see cgroup in ps output
• How to see the cgroup of a process
• How to see when a process was started
• How to see when the system was started (uptime)
• Linux system hardening: adding hidepid to /proc mount point
• Monitoring Linux Systems for Rootkits
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• SecureBits setting
• Understanding memory information on Linux systems
• Understanding what runs on your Linux system (and why)
• Unused Linux Users: Delete or Keep Them?

pscap

• pscap command (Display available capabilities for running processes)

pslog

• pslog command (Shows which log files a process has opened)

pstree

• pstree command (Show active processes and children like a tree)

pwck

• File Integrity of Password Files
• Linux guide to achieve PCI DSS compliance and certification
• Password Security with Linux /etc/shadow file

pwdx

• pwdx command (Shows current working directory of a process)

pwscore

• Configure the minimum password length on Linux systems

R

rdate

• Troubleshooting Linux Time Synchronization with NTP

readelf

• The 101 of ELF files on Linux: Understanding and Analysis

readlink

• Configure the time zone (TZ) on Linux systems

regex-rename

• Linux tools to bulk rename files

rename

• Linux tools to bulk rename files

renice

• Explanation of the values in /proc/PID/sched
• renice: change scheduler priority of a running process (Changes the priority of running processes)

repoquery

• Yum plugins: Available plugins and built-in security support

resolvectl

• How to see which DNS server is used
• Network
• Networking
• resolvectl (Name resolution information from resolve daemon)
• Show to clear the DNS cache with systemd

rev

• rev command (Shows text in reverse order)

rm

• How to securely delete a file and its contents

rmmod

• Increase kernel integrity with disabled Linux kernel modules loading

rngd

• GPG key generation: Not enough random bytes available

rnr

• Linux tools to bulk rename files

route

• ip cheat sheet (Shows network configuration and information)

rpm

• Become a Linux auditor: tips to start with auditing the Linux platform
• Conducting a Linux Server Security Audit
• Discover to which package a file belongs to
• Using ClamAV for Linux PCI DSS requirement 5: Malware

rpmbuild

• How to update Lynis

rsync

• Restrict SSH access to only allow rsync

run0

• How to disable the background color of run0
• run0 cheat sheet (Executes commands with additional privileges)
• Run0: introduction and usage
• What is run0?

S

sed

• How to Disable "System program problem detected"
• How to insert a line at the beginning of a file
• How to remove trailing whitespace from a file
• Strip one or more characters from a variable or output

semanage

• Change SSH server port number

service

• Hiding the nginx version number
• Linux Security Guide for Hardening IPv6

setarch

• Linux and ASLR: kernel/randomize_va_space

setcap

• Linux Capabilities: Hardening Linux binaries by removing setuid
• setcap command (Add or remove Linux capabilities to a file)

setfacl

• Plus sign in ls output
• Using File ACLs on Linux for Additional Security
• Using xattrs or Extended Attributes on Linux

setsebool

• Installing ClamAV on CentOS 7 and Using Freshclam

shred

• How to securely delete a file and its contents

shuf

• Random data

slabtop

• slabtop: showing memory slab usage for the Linux kernel (Shows slab usage of kernel)

smem

• smem (Show memory usage including swap)
• Swap memory information

sort

• How to find all unique words in a file?
• How to find hard links or files that point to a specific file
• How to find the biggest directories on disk
• How to see all virtual hosts in nginx
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Swap memory information
• Systemd syscall filtering

ss

• Alternative for netstat: ss tool
• Conducting a Linux Server Security Audit
• Configuration and collecting of Linux audit events
• How to see open ports on Linux
• How to see the number of open connections on Linux
• How to see which process is using a port
• Linux guide to achieve PCI DSS compliance and certification
• OpenSSH security and hardening
• ss cheat sheet (Shows information about sockets)
• Which Linux process is using a particular network port?

ssh

• Granting temporary access to your servers (using signed SSH keys)
• How to add a SSH key to the SSH agent
• How to disable the SSH host key check?
• How to disable the usage of the SSH agent
• How to find the OpenSSH version
• SSH client configuration
• SSH configuration files
• SSH ForwardAgent option
• SSH IdentityAgent option
• SSH PasswordAuthentication option
• SSH ProxyJump option
• SSH StrictHostKeyChecking option
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• What is the purpose of the SSH agent?

ssh-add

• How to add a SSH key to the SSH agent
• How to see the available SSH keys in the OpenSSH authentication agent
• How to start the SSH agent?
• Using SSH keys instead of passwords

ssh-agent

• How to start the SSH agent?
• What is the purpose of the SSH agent?

ssh-copy-id

• Distributing SSH keys: using ssh-copy-id, manually, or automated
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• Using SSH keys instead of passwords

ssh-key

• How to see the available SSH keys in the OpenSSH authentication agent

ssh-keygen

• Granting temporary access to your servers (using signed SSH keys)
• How to remove the passphrase from a SSH key
• Restrict SSH access to only allow rsync
• Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
• Using SSH keys instead of passwords

sshd

• Change SSH server port number
• Configure a SSH welcome message or banner
• How to test the sshd configuration for configuration errors?
• Locking users after X failed login attempts with pam_tally2
• OpenSSH security and hardening
• SSH server configuration

stat

• How to see the creation date of a file
• How to see the size of a file
• Understanding the output of the stat command

strace

• How to harden a systemd service unit
• Is your /etc/hosts file healthy?
• Monitor file access by Linux processes
• ProtectClock setting
• RestrictNamespaces setting
• strace cheat sheet (Inspects running process)
• Troubleshooting a failed systemd unit (with examples)
• Which Linux process is using a particular network port?

strings

• Hardening nginx with systemd security features
• How to harden a systemd service unit
• RestrictNamespaces setting
• Systemd syscall filtering

sudo

• How to Disable "System program problem detected"
• Logging of administrative actions with root privileges
• SecureBits setting

sysctl

• Explanation of the values in /proc/PID/sched
• Increase kernel integrity with disabled Linux kernel modules loading
• kernel.sched_schedstats
• kernel.tainted
• Linux and ASLR: kernel/randomize_va_space
• Linux hardening with sysctl settings
• Linux kernel scheduler
• Linux kernel security and how to improve it
• Protect against ptrace of processes: kernel.yama.ptrace_scope
• Sysctl
• Sysctl: ipe.enforce
• Sysctl: ipe.success_audit
• Sysctl: kernel.perf_event_paranoid
• Sysctl: net.ipv4.ip_forward
• Understand and configure core dumps on Linux

systemctl

• Auditing systemd: solving failed units with systemctl
• Block HTTP requests for clients that don't offer data compression
• Change SSH server port number
• Configure a SSH welcome message or banner
• Hardening nginx with systemd security features
• How to check if 'systemctl daemon-reload' is needed
• How to disable a systemd unit with systemctl
• How to harden a systemd service unit
• How to limit the disk usage of the systemd journal
• How to list all services with systemctl?
• How to override the settings of a systemd unit
• How to reload or restart a systemd service?
• How to see active systemd timers
• How to see all active systemd units of one type
• How to see all enabled services with systemctl
• How to see all masked units with systemctl
• How to see memory usage of a service with systemctl?
• How to see only running services with systemctl
• How to see the active settings of a systemd unit
• How to see the available systemd unit types
• How to see the dependencies of a systemd unit
• How to see the systemd version?
• How to see when a process was started
• How to show failed units with systemctl
• How to start and enable a unit with systemctl
• How to use systemctl edit to change a service?
• Linux Security Guide for Hardening IPv6
• Locking users after X failed login attempts with pam_tally2
• OpenSSH security and hardening
• Rate limit HTTP clients with nginx
• RuntimeDirectoryMode setting
• Securing nginx configurations: implementing OCSP stapling
• systemctl cheat sheet (Interfaces with systemd components)
• Systemd features to secure units and services
• Systemd timers
• Systemd units and their purpose
• Troubleshooting a failed systemd unit (with examples)
• Understand and configure core dumps on Linux
• Using SSH keys instead of passwords
• What does systemctl daemon-reload do?
• What is a masked systemd unit?
• What is the difference between systemctl disable and systemctl mask?
• Why does systemctl list-units show units as 'not-found'?

systemd-analyze

• How to limit the disk usage of the systemd journal
• How to see which syscalls are part of a systemd syscall filter set
• How to verify a systemd unit for errors?
• systemd-analyze (Performance and security analyzer of systemd components)

systemd-run

• PrivateNetwork setting
• PrivatePIDs setting
• PrivateTmp setting
• PrivateUsers setting
• ProtectClock setting
• SecureBits setting
• UMask setting

T

tail

• Creating audit trails – Logging commands on Linux with Snoopy
• How to see the SSH log?
• Lynis stuck during testing

tar

• How to use Lynis
• Postfix Hardening Guide for Security and Privacy
• tar cheat sheet (Creates or unpacks file archives)

tcpdump

• BPFILTER: the next-generation Linux firewall
• How to see all DNS requests on the system?
• iftop (Bandwidth usage monitor)
• tcpdump cheat sheet (Monitors network traffic on specified interface)

test

• Check if a directory or file exists

timedatectl

• Configure the time zone (TZ) on Linux systems
• How to see the time synchronization details with timedatectl

tlsdate

• tlsdate: The Secure Alternative for ntpd, ntpdate and rdate

top

• Linux system hardening: adding hidepid to /proc mount point
• Troubleshooting CPU usage
• Understanding what runs on your Linux system (and why)

touch

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

tr

• How to see all virtual hosts in nginx
• Strip one or more characters from a variable or output

tshark

• Monitoring USB communications using usbmon interface

tzselect

• Configure the time zone (TZ) on Linux systems

U

udevadm

• How to list all USB devices

ulimit

• Understand and configure core dumps on Linux

umask

• Granting temporary access to your servers (using signed SSH keys)
• Set default file permissions on Linux with umask

uname

• Auditing Linux processes: The Deep Dive!
• How to check if your Arch Linux system needs a reboot
• Kernel hardening: Disable and blacklist Linux modules
• Methods to find the Linux distribution and version
• uname: show basic system information (Shows basic system information)

unattended-upgrade

• Linux vulnerabilities: from detection to treatment
• Upgrading External Packages with unattended-upgrade
• Using unattended-upgrades on Debian and Ubuntu

uniq

• How to find all unique words in a file?
• PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)
• Systemd syscall filtering

units

• units command (Converts a unit into another one, like from Celcius to Fahrenheit)

unix-privesc-check

• Understanding Linux privilege escalation and defending against it

uptime

• How to see when the system was started (uptime)
• uptime command (Shows uptime of system)

V

vigr

• File Integrity of Password Files

vim

• Using encrypted documents with vim

vipw

• File Integrity of Password Files

vmstat

• How to monitor disk activity (I/O) on Linux
• Swap memory information
• Understanding memory information on Linux systems
• vmstat: system statistics about memory, processes, disks, block IO, CPU, and more (Shows virtual memory information, disk IO, CPU activity)

W

watch

• watch command (Monitors changes in output of specified command)

wget

• How to use Lynis

whatis

• whatis: show one-line description for keyword (Shows small description of matched entries in man pages)

which

• Discover to which package a file belongs to
• How to harden a systemd service unit

X

xattr

• Using xattrs or Extended Attributes on Linux

xmllint

• Linux host discovery with Nmap

Y

yaourt

• Installation of Lynis on Arch Linux systems

yum

• Audit installed compilers and their packages
• Auditing Linux: Software Packages and Managers
• Discover to which package a file belongs to
• How to protect yourself against Shellshock Bash vulnerability
• Yum plugins: Available plugins and built-in security support

Z

zgrep

• How to use grep (with examples)

zypper

• Audit SuSE with zypper: vulnerable packages
• Discover to which package a file belongs to
• Linux vulnerabilities: from detection to treatment
• List installed packages on a Linux system