Howto
How to display directory contents sorted by modification time
Learn how to sort the output of the ls command to list a directory contents by its modification time.
Summary
Show directory contents sorted by modification date and time
How to add a SSH key to the SSH agent
Learn how to load and use your SSH key together with a SSH agent.
Summary
When the SSH agent is running, the ssh-add command can be used to load a SSH key. The SSH agent then will request a password when needed, and load the key details in memory. Adding the SSH key just requires the path to the private key. ssh-add ~/.ssh/id_ed25519 When the key is loaded, use the -l or -L option to show the identities that the SSH agent has. ssh-add -l
Hardening profiles for systemd
Hardening profiles for systemd that can be used to secure your applications.
Summary
Introduction Systemd has a range of security features to help securing services running on your system. That is the good part. The big challenge with so many features is that it is hard to find out which ones you could or should apply, without breaking a service. That is why we started working on hardening profiles. The hardening profiles are pre-defined templates that are documented and tested against a default installation of a piece of software.
Run0 cheat sheet
Learn how to get everything out of the run0 tool to increase your privilege level.
Summary
Elevating permissions
How to remove trailing whitespace from a file
Learn how to remove trailing whitespace from a file using the sed command.
Summary
To remove any trailing whitespace from a file, we can use sed. By using in-place editing -i, sed can be provided with a search-and-replace action to filter out whitespace at the end of each line. By replacing it with nothing, it will effectively be removed. sed -i 's/[[:space:]]*$//' mytextfile.txt Explanation -i = inline file edit s/ = search [[:space:]]*$ = search one or more occurences of whitespace just before the end of the line // = No text, so any occurences of the whitespace will be emptied The [[:space:]] is called a character class and refers to space characters.
How to insert a line at the beginning of a file
Learn how to insert a line of text at the beginning of a file using the sed command.
Summary
To insert a line at the beginning of a file, we can use sed to achieve this task. By using in-place editing -i, we can instruct sed to make a change to an existing file. The next step is to tell sed what to change or insert and at what place. sed -i '1i # New first line' mytextfile.txt Explanation -i = inline file edit 1i = insert at first line # New first line = Text to add
Data processing: Frequently Asked Questions
Frequently asked questions about data and text processing.
Summary
How to see memory usage of a service with systemctl?
The systemctl command can be used to show the memory usage of a service managed by systemd.
Summary
The systemctl command has multiple options to show the memory usage. With the status subcommand followed by the service, it will show the basics, including memory usage. To retrieve the information that easier to parse, then use show followed by --property=MemoryCurrent and the service name. Usage The status output will include memory usage. systemctl status nginx ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.
How to see the active settings of a systemd unit
The systemctl command can be used to show the settings of a systemd unit, like a service.
Summary
The systemctl command can be used to show all settings of an unit, such as a service. To display the full list of applicable settings, use the show subcommand followed by the unit name. Besides the settings, the output will also include actual runtime information, such as memory usage, when the unit was started, etc. Usage Just provide the unit file to see all available information. # systemctl show nginx.service Type=forking Restart=no PIDFile=/run/nginx.
How to override the settings of a systemd unit
The systemctl command can be used to override settings of a systemd unit, like a service.
Summary
The systemctl command can show settings of a systemd unit, such as a service. It can also assist in overriding these settings by using the edit subcommand followed by the unit name. This will open the editor that is configured on the system and create the override file. Usage Run the edit command with the unit, and the editor like vim or nano will show up. ### Editing /etc/systemd/system/nginx.service.d/override.conf ### Anything between here and the comment below will become the new contents of the file [Service] ProtectSystem=strict ReadWritePaths=/run /var/log/nginx ### Lines below this comment will be discarded <snip> Important: Do not remove the comments and only insert or change between the specified comment lines.
Hardening nginx with systemd security features
Secure your nginx service by using security features provided by systemd.
Summary
Introduction Nginx is still a popular web server and powering a part of the web. Wouldn’t it be great if we could secure it a little bit more? In this article we use the security features to secure systemd units and services and apply it to nginx. If you are not familiar yet with the unit settings of systemd, then this document would be a good introduction into the subject.
How to see the cgroup of a process
Learn how to find the control group (cgroup) of a process by using /proc, pidof, or ps.
Summary
The control group of a process can be retrieved from the /proc directory. We only need to know the PID of the process, which can be found using ps or pidof. Usage If we know that our PID is 1234, then showing the cgroup is as easy as using cat to see the contents of the ‘cgroup’ file. cat /proc/1234/cgroup To see the cgroup for the nginx process (or one of them), we could something like this.
How to see cgroup in ps output
Want to see the control group in the output of the ps command? Here is how to tune your command options to include that.
Summary
The ps command can show the control group of a process using the -o option, followed by the right column names. Usage To show processes and the control group, we can filter the output columns. # ps -e -o pid,cgroup:64,args PID CGROUP COMMAND 1 0::/init.scope /lib/systemd/systemd --system --deserialize 58 2 - [kthreadd] 3 - [rcu_gp] <snip> 576 - [xprtiod] 634 0::/system.slice/dbus.service @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only 640 0::/system.slice/networkd-dispatcher.service /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers 645 - [nfsiod] 653 0::/system.
How to see the time synchronization details with timedatectl
Show time synchronization details with the systemd timedatectl command and related subcommands.
Summary
The timedatectl command can show the time, time zone information, and its status. Add the timesync-status subcommand to see synchronization details. Usage Use timedatectl with the timesync-status command to see the actual status. Under normal conditions, the leap should show ’normal'. # timedatectl timesync-status Server: 185.125.190.56 (ntp.ubuntu.com) Poll interval: 34min 8s (min: 32s; max 34min 8s) Leap: normal Version: 4 Stratum: 2 Reference: 4FF33C32 Precision: 1us (-25) Root distance: 762us (max: 5s) Offset: +882us Delay: 15.
What is SSH agent forwarding?
Learn more about the SSH agent forwarding feature and what problems it tries to resolve.
Summary
The agent forwarding feature in SSH allows using your local SSH agent to be reached through an existing SSH connection. This way you don’t have to store copies of your private keys on intermediate systems to use them for authentication. While SSH agent forward simplifies things, it also introduces a new risk related to Unix domain socket. If a user on the intermediate system can access the related socket, then it may abuse this connection back to the SSH agent to authenticate on your behalf.
How to start the SSH agent?
When the SSH agent is not running, how can you start it? In this article we will have a look at the options.
Summary
The ssh-agent command is started manually using eval $(ssh-agent). This will initiate the SSH agent and make it available for clients, such as ssh, to use it. To confirm that the agent is running is by looking at the SSH_AUTH_SOCK environment variable. Automatic start of SSH agent Gnome Keyring SSH Agent When using Gnome, it typically comes with its SSH agent as part of Keyring. This will automatically load any files in ~/.
What is the purpose of the SSH agent?
What is the purpose of the SSH agent and when to use it?
Summary
The ssh-agent command starts the SSH agent, a helper utility to store private keys when using public key authentication. The ssh-agent process is usually started at the the beginning of a login session and then can be connected to by a SSH client. Clients can detect the environment variable named SSH_AUTH_SOCK. Related settings on the client IdentityAgent
How to disable the usage of the SSH agent
Learn how to disable the usage of the SSH agent when authenticating.
Summary
Disable usage of SSH agent identities
How to show all installed packages with pacman
Query the pacman package manager on systems like Arch to show installed packages.
Summary
Querying pacman
How to stop all processes of a single user
Learn how to stop all processes of a single user using the killall command.
Summary
Killing processes with a filter
How to disable the SSH host key check?
Learn how to disable the SSH check of host authenticity and key fingerprint with ssh option StrictHostKeyChecking.
Summary
Disable check for host authenticity
How to terminate a SSH connection that does not respond to CTRL+C
Learn about SSH escape sequences and how they can help with terminating a SSH connection that does not respond to CTRL+C.
Summary
Use an escape sequence to terminate a connection that is stuck
How to remove the passphrase from a SSH key
Remove the password or passphrase from a SSH key using the ssh-keygen command.
Summary
Remove a passphrase from existing SSH key
How to see the available SSH keys in the OpenSSH authentication agent
Show the available SSH keys that are loaded in the SSH authentication agent.
Summary
How to see the available SSH keys in the OpenSSH authentication agent
SSH: Frequently Asked Questions
Frequently asked questions about SSH, such as SSH keys, configuration, and usage.
Summary
Hardware
Everything related to hardware in one place. From the basics of querying hardware information, up to securing physical access and limiting hardware devices.
Summary
What is a zombie process?
What is a zombie process on Linux and how to deal with it? In this article we will have a look at the details.
Summary
Zombies…
How to kill a zombie process
How to kill a zombie process if it does not respond to kill -9? Here are a few last steps that you can try.
Summary
Killing zombies, for fun?
How to show a running process name and its process ID (PID)
Find the process ID (PID) and process name on Linux with the help of the pgrep command.
Summary
Search for PID and process name
How to find all process IDs by its process name
Discover the process ID (PID) on Linux for a running process by searching for its process name.
Summary
Retrieve PIDs for a service
How to kill a running process by its name
Find and stop a running process on Linux by searching for its name using the killall or pkill command.
Summary
Stop a process by searching for its name
Processes: Frequently Asked Questions
Frequently asked questions about start and stop processes, discover information, and monitoring them.
Summary
How to see the the network IP address of your system
Show the IP address of your system with the help of the ip command.
Summary
Show your local IP address
How to see the IP address of your internet connection
Show the IP address of your internet connection using the dig command.
Summary
Query the IP address of your internet connection
How to see which DNS server is used
Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.
Summary
Show the active DNS server
How to find writable files
Learn how to the use the find command to find any files that are writable.
Summary
Find the files that are writable
Apt cheat sheet
The package manager apt gots much more options than one could think. In this cheat sheet they get uncovered.
Summary
Managing packages
How to see the size of a directory
Learn how to see the size of a directory or folder on Linux systems using the du command.
Summary
Show disk usage by files and directories
How to see hidden files
Learn how to see any hidden files on the command line or in the terminal using the ls command.
Summary
Show hidden files
How to see files great than a specific size
Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.
Summary
Show files bigger or smaller than a specified size
How to find when the last modification happened in a directory
Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.
Summary
Show when the last modification was made within a directory
How to see inode usage
Learn how to see inode usage on a Linux file system or mount point.
Summary
Show used and free disk space
How to see used and free disk space
Learn how to see used and disk space of file systems or mount point on Linux systems.
Summary
Show used and free disk space
How to find symbolic links that point to a directory
Learn how to use the find command to discover symbolic links that refer to a directory.
Summary
Find symbolic links pointing to a directory
How to compare two directories and find the differences
Learn how to compare two directories and see their differences or what files they are having in common.
Summary
Compare two directories, find their differences and what they have in common
Command-line
Tips and tricks for getting everything out of the Linux command-line or terminal.
Summary
The command-line or terminal is a great place to be productive! We collect one-liners that we used ourselves to solve an issue and are worth sharing. From daily commands up to more exotic one-time tasks, this is the place where they are stored. When we have enough to group them, the page will be split into multiple categories.
How to see the number of open connections on Linux
Show the number of open connections using the ss command on Linux.
Summary
Show number of open connections per protocol
How to see when a process was started
Show process details to learn more about when a process was started using the ps tool.
Summary
Show start time of a process
How to see when the system was started (uptime)
When did a system start? Learn how to query the boot time (uptime) of a system using commands like uptime and ps.
Summary
Show uptime of the system
System administration: Frequently Asked Questions
Frequently asked questions about system administration, system state, and how to perform common tasks.
Summary
How to see active connections and bandwidth usage on Linux
Show actual bandwidth usage and active connections using the iftop tool on Linux.
Summary
Show actual bandwidth usage
Show to clear the DNS cache with systemd
Learn how to inspect and clear the DNS cache when using the systemd resolver daemon.
Summary
Clear DNS cache using resolvectl
How to show network TCP statistics and counters
Show counters related to the TCP connections by using the nstat command. This small utility will quickly retrieve the related statistics and display them.
Summary
Show TCP connection statistics
How to see CPU details
Show CPU details such as architecture, vendor, caches, virtualization options, and even known CPU vulnerabilities such as Meltdown and Spectre.
Summary
Show CPU details
System performance
Articles and tools to troubleshoot Linux system performance issues.
Summary
Swap memory information
Articles and tools to troubleshoot Linux system performance issues with focus on swap memory and its usage.
Summary
Physical RAM is used to store information. Linux divides this RAM into smaller chunks, named memory pages. When there is no more normal memory available, the Linux kernel might need to temporarily store information aside. This is called paging or swap space. During the process of paging, memory pages will be moved from the RAM to the disk. This way memory is freed up for active processes, while older information is temporarily stored on the disk.
Tcpdump cheat sheet
Get more information out of the tcpdump tool using this cheat sheet. Find everything that is going on the network and your Linux systems.
Summary
No network packet will remain hidden
Methods to find the Linux distribution and version
Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.
Summary
Find the Linux distribution name and version
System administration
Everything related to managing Linux systems, from discovering what Linux distribution is running, up to full configuration and automation.
Summary
Dmidecode cheat sheet
Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.
Summary
All hardware exposed
How to see memory information such as type and speed
Show memory information and details such as the number of banks in use, the memory type and speed.
Summary
Show memory details
How to securely delete a file and its contents
Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.
Summary
Learn how to purge data before deleting a file
How to see the creation date of a file
Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.
Summary
Find out when a file was initially created
Cheat sheets
All cheat sheets to simplify your system administration and Linux security activities. Something missing? Let it know.
Summary
With many commands available on Linux, the number of options and remembering them can be overwhelming. This collection of Linux cheat sheets is intended as a reference for common tools and how to use them. With the included examples, it is also an easy way to learn about the options that they have to offer.
Tar cheat sheet
Become a master in archiving and compressing files using the tar tool with this cheat sheet.
Summary
Archiving all the data
Kernel: Frequently Asked Questions
Frequently asked questions about the Linux kernel and kernel security.
Summary
Ip cheat sheet
Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.
Summary
No more networking secrets
How to see errors and dropped packets on a network interface on Linux
Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.
Summary
Show network link statistics to discover errors or dropped packets
How to see the default gateway on Linux
Show the network routing table to discover the default gateway used on a Linux system.
Summary
Show network table to discover the default gateway
How to see which process is using a port
Show which process is already opened an UDP or TCP port on Linux by using the ss command.
Summary
Show which process is listening to a port
Lsof cheat sheet
Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.
Summary
Show open file information
How to see open ports on Linux
Show which UDP/TCP ports are opened on a Linux system, including the related process. Use the ss tool to see more details about these sockets.
Summary
Show open network ports such as TCP and UDP
Ss cheat sheet
If you want to learn more about network connections on Linux, then ss is the tool to get the job done. Learn how to use it with this cheat sheet.
Summary
Reveal all those sockets
Networking: Frequently Asked Questions
Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.
Summary
How to see the TTL value of a DNS record
Learn how to query the Time To Live (TTL) for a DNS record by using the dig tool.
Summary
Query DNS to reveal the TTL value of a DNS record.
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details.
Summary
Query tools like dpkg to show installed packages
Package manager: Frequently Asked Questions
Frequently asked questions about software, such as package manager, package versions, and how to configure them.
Summary
List installed packages on a Linux system
Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.
Summary
Show installed package on the most common Linux distributions
Package manager
Everything related to package managers like apt, dnf, yum, and zypper. Learn how to use the tools to install and configure packages.
Summary
Software
Everything related to software, including package managers, building software packages, and more.
Summary
How to list all USB devices
Retrieve device information from USB hubs and devices using the lsusb command.
Summary
Retrieve USB device information using lsusb
How to see the available hard disks
Show the available hard disks in a system by using the right Linux tool. There are multiple options to pick, so let's have a look.
Summary
Query the available hard disk(s)
How to see hard disk specifications and details
Show more detailed information about the available hard disks in the system. Specifications like speed, serial number, firmware, and other details.
Summary
More in-depth information about the available hard disks
How to see BIOS details
Show bios details from within a Linux system. Learn how to query these details and where to find more information.
Summary
Show BIOS information using dmidecode
Hardware: Frequently Asked Questions
Frequently asked questions about hardware information such as bios, USB devices, memory, and other details.
Summary
Du cheat sheet
Get more out of the du utility with this cheat sheet. Use it as a reference to find often-used options or those that come handy in time.
Summary
Find out who is using up that disk space
Systemd
Everything related to systemd in one place. From the basics like the different units tips, up to advanced troubleshooting.
Summary
Introduction Systemd is a system and service manager for Linux. For many Linux distributions it replaced the existing SysV init system, modernizing how services are started and monitored. Some basics about systemd: Author: Lennart Poettering First release: 2010 First adopter: Fedora Linux Common usage by major Linux distributions: 2015 Learn more: What is systemd? Systemd units To monitor and manage services on a system using systemd, unit files are used. These text-based files define what to run or do, relevant conditions, and any applicable dependencies.
How to find the biggest directories on disk
Find the biggest directories and files on disk by using the du command.
Summary
Leverage the du command to find the biggest directories
How to see all masked units with systemctl
Want to find all masked unit files? In this article we show how to do this with systemctl and query those units.
Summary
Show all masked units
How to see the last X lines with journalctl
Limit the output from journalctl by defining the number of lines you want to see.
Summary
Perform smarter queries when requesting information from journalctl
How to disable a systemd unit with systemctl
Want to disable a service or specific systemd unit? Use systemctl to configure units and disable it on boot or completely.
Summary
Disable a service or specific unit with systemctl
How to start and enable a unit with systemctl
Combine the start and enable command when using systemctl to get a unit like a service started at boot and right away.
Summary
Start and enable a unit with one command
How to show failed units with systemctl
Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.
Summary
Show failed systemd units with systemctl
Systemd: Frequently Asked Questions
Frequently asked questions about systemd, systemctl, and journalctl. Learn by pratical examples how to use these tools.
Summary
File systems: Frequently Asked Questions
Frequently asked questions about file systems, file permissions, directories and files.
Summary
Find cheat sheet
The find utility is probably the best tool to find files on your system, but it has some learning curve. We help you to achieve that with this cheat sheet.
Summary
Learn to search and to find
Systemd cheat sheet
Increase your system administration skills with this systemd cheat sheet, including how to configure and monitor systemd units.
Summary
Make a new friend?
Test web server caching with curl
Want to test your web server and see if static files are properly cached? Curl can help and with some scripting even automate the task for you.
Summary
Learn how to use curl to test if your web server is properly caching static files
Systemctl cheat sheet
Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.
Summary
Control those processes and timers
Journalctl cheat sheet
Learn how to get every piece of information from systemd journals with the journalctl command. This cheat sheet will help you with the task.
Summary
Query the journal and find the needle
Adding the Expires header to improve caching static content in nginx
Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.
Summary
Learn how to define the Expires header in nginx to improve the caching of static assets.
Curl cheat sheet
One of the best HTTP clients is the open source tool curl. With ongoing development and new updates, it is worth getting everything out of this powerful tool!
Summary
Download files and troubleshoot issues faster with curl
Nginx security hardening guide
Learn how to secure your nginx configuration with this hardening guide. It includes examples and tips to implement security measures step by step.
Strip one or more characters from a variable or output
Want to delete one or more characters from a variable or piped output? There are multiple ways to achieve this using standard system utilities.
AWK cheat sheet
When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners
Summary
Parse files quicker with smarter expressions
How to see all virtual hosts in nginx
Want to see all configured virtual hosts on a server running nginx? Here is a method to achieve this quickly by using a default configuration option.
Summary
How to display the configured hosts by filtering out the server_name entries
How to log only some requests to a log file in nginx
Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!
Summary
Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!" Log only some events by HTTP status Creating a map using $status The $status variable contains the HTTP status code that is normally returned to each request. We can leverage this status code to set a so-called boolean (true/false, or 1/0). Let’s define first the map and use the HTTP status.
How to find the OpenSSH version
Searching for the installed version of OpenSSH? Here are some commands to discover what software you are running.
Summary
SSH or Secure Shell is a popular protocol for doing system administration on Linux systems. Sometimes you may need to know what version you are running to know if some specific configuration options are available. In this article we have a look at the available options. Local OpenSSH version The easiest way to find the installed OpenSSH version is using the ssh -V command. This works when being logged in to the system itself.
Linux tools to bulk rename files
Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.
Summary
Rnr The first tool to cover is called rnr and is written in Rust. It can be downloaded on GitHub where also some good examples can be found on how to use the tool. Let’s try it out on a directory that we have with Markdown files. Due to a conversion, the file names include a date. As this is no longer needed, we want to strip out the date and only get the bit after the third hyphen.
How to test if an account has a password set?
Want to determine if a Linux account has a password set or its related properties? Here are few methods to check this and the steps to perform.
Summary
Sometimes you might want to check if an account on the system has a password set. One of the reasons is to disable those, so you can enforce that only SSH authentication might be used, for example. There are a few ways to see if a password is set. Using the passwd command The first command that comes to mind is using the passwd command. Normally you would use that to change your password, but it can actually also reveal useful details about existing accounts.
How to test if a website supports Brotli or Gzip compression
Optimizing a web server and its content can be done using brotli and gzip compression. This article shows a few ways to test your website.
Summary
After migrating this blog to Hugo we performed some optimization steps to ensure it is as quick as possible. Pages are slim and small in size, but still can be compressed. Normally we would do this on the end of the web server, by enabling dynamic compression. So each time a client requested a compressed page, the web server would compress is and send over the data. This time we turned things around.
Strace cheat sheet
The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!
Summary
Troubleshoot and monitor all processes