Howto

How to display directory contents sorted by modification time

Learn how to sort the output of the ls command to list a directory contents by its modification time.

Summary

Show directory contents sorted by modification date and time

How to add a SSH key to the SSH agent

Learn how to load and use your SSH key together with a SSH agent.

Summary

When the SSH agent is running, the ssh-add command can be used to load a SSH key. The SSH agent then will request a password when needed, and load the key details in memory. Adding the SSH key just requires the path to the private key. ssh-add ~/.ssh/id_ed25519 When the key is loaded, use the -l or -L option to show the identities that the SSH agent has. ssh-add -l

Hardening profiles for systemd

Hardening profiles for systemd that can be used to secure your applications.

Summary

Introduction Systemd has a range of security features to help securing services running on your system. That is the good part. The big challenge with so many features is that it is hard to find out which ones you could or should apply, without breaking a service. That is why we started working on hardening profiles. The hardening profiles are pre-defined templates that are documented and tested against a default installation of a piece of software.

Run0 cheat sheet

Learn how to get everything out of the run0 tool to increase your privilege level.

Summary

Elevating permissions

How to remove trailing whitespace from a file

Learn how to remove trailing whitespace from a file using the sed command.

Summary

To remove any trailing whitespace from a file, we can use sed. By using in-place editing -i, sed can be provided with a search-and-replace action to filter out whitespace at the end of each line. By replacing it with nothing, it will effectively be removed. sed -i 's/[[:space:]]*$//' mytextfile.txt Explanation -i = inline file edit s/ = search [[:space:]]*$ = search one or more occurences of whitespace just before the end of the line // = No text, so any occurences of the whitespace will be emptied The [[:space:]] is called a character class and refers to space characters.

How to insert a line at the beginning of a file

Learn how to insert a line of text at the beginning of a file using the sed command.

Summary

To insert a line at the beginning of a file, we can use sed to achieve this task. By using in-place editing -i, we can instruct sed to make a change to an existing file. The next step is to tell sed what to change or insert and at what place. sed -i '1i # New first line' mytextfile.txt Explanation -i = inline file edit 1i = insert at first line # New first line = Text to add

Data processing: Frequently Asked Questions

Frequently asked questions about data and text processing.

Summary

How to see memory usage of a service with systemctl?

The systemctl command can be used to show the memory usage of a service managed by systemd.

Summary

The systemctl command has multiple options to show the memory usage. With the status subcommand followed by the service, it will show the basics, including memory usage. To retrieve the information that easier to parse, then use show followed by --property=MemoryCurrent and the service name. Usage The status output will include memory usage. systemctl status nginx ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.

How to see the active settings of a systemd unit

The systemctl command can be used to show the settings of a systemd unit, like a service.

Summary

The systemctl command can be used to show all settings of an unit, such as a service. To display the full list of applicable settings, use the show subcommand followed by the unit name. Besides the settings, the output will also include actual runtime information, such as memory usage, when the unit was started, etc. Usage Just provide the unit file to see all available information. # systemctl show nginx.service Type=forking Restart=no PIDFile=/run/nginx.

How to override the settings of a systemd unit

The systemctl command can be used to override settings of a systemd unit, like a service.

Summary

The systemctl command can show settings of a systemd unit, such as a service. It can also assist in overriding these settings by using the edit subcommand followed by the unit name. This will open the editor that is configured on the system and create the override file. Usage Run the edit command with the unit, and the editor like vim or nano will show up. ### Editing /etc/systemd/system/nginx.service.d/override.conf ### Anything between here and the comment below will become the new contents of the file [Service] ProtectSystem=strict ReadWritePaths=/run /var/log/nginx ### Lines below this comment will be discarded <snip> Important: Do not remove the comments and only insert or change between the specified comment lines.

Hardening nginx with systemd security features

Secure your nginx service by using security features provided by systemd.

Summary

Introduction Nginx is still a popular web server and powering a part of the web. Wouldn’t it be great if we could secure it a little bit more? In this article we use the security features to secure systemd units and services and apply it to nginx. If you are not familiar yet with the unit settings of systemd, then this document would be a good introduction into the subject.

How to see the cgroup of a process

Learn how to find the control group (cgroup) of a process by using /proc, pidof, or ps.

Summary

The control group of a process can be retrieved from the /proc directory. We only need to know the PID of the process, which can be found using ps or pidof. Usage If we know that our PID is 1234, then showing the cgroup is as easy as using cat to see the contents of the ‘cgroup’ file. cat /proc/1234/cgroup To see the cgroup for the nginx process (or one of them), we could something like this.

How to see cgroup in ps output

Want to see the control group in the output of the ps command? Here is how to tune your command options to include that.

Summary

The ps command can show the control group of a process using the -o option, followed by the right column names. Usage To show processes and the control group, we can filter the output columns. # ps -e -o pid,cgroup:64,args PID CGROUP COMMAND 1 0::/init.scope /lib/systemd/systemd --system --deserialize 58 2 - [kthreadd] 3 - [rcu_gp] <snip> 576 - [xprtiod] 634 0::/system.slice/dbus.service @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only 640 0::/system.slice/networkd-dispatcher.service /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers 645 - [nfsiod] 653 0::/system.

How to see the time synchronization details with timedatectl

Show time synchronization details with the systemd timedatectl command and related subcommands.

Summary

The timedatectl command can show the time, time zone information, and its status. Add the timesync-status subcommand to see synchronization details. Usage Use timedatectl with the timesync-status command to see the actual status. Under normal conditions, the leap should show ’normal'. # timedatectl timesync-status Server: 185.125.190.56 (ntp.ubuntu.com) Poll interval: 34min 8s (min: 32s; max 34min 8s) Leap: normal Version: 4 Stratum: 2 Reference: 4FF33C32 Precision: 1us (-25) Root distance: 762us (max: 5s) Offset: +882us Delay: 15.

What is SSH agent forwarding?

Learn more about the SSH agent forwarding feature and what problems it tries to resolve.

Summary

The agent forwarding feature in SSH allows using your local SSH agent to be reached through an existing SSH connection. This way you don’t have to store copies of your private keys on intermediate systems to use them for authentication. While SSH agent forward simplifies things, it also introduces a new risk related to Unix domain socket. If a user on the intermediate system can access the related socket, then it may abuse this connection back to the SSH agent to authenticate on your behalf.

How to start the SSH agent?

When the SSH agent is not running, how can you start it? In this article we will have a look at the options.

Summary

The ssh-agent command is started manually using eval $(ssh-agent). This will initiate the SSH agent and make it available for clients, such as ssh, to use it. To confirm that the agent is running is by looking at the SSH_AUTH_SOCK environment variable. Automatic start of SSH agent Gnome Keyring SSH Agent When using Gnome, it typically comes with its SSH agent as part of Keyring. This will automatically load any files in ~/.

What is the purpose of the SSH agent?

What is the purpose of the SSH agent and when to use it?

Summary

The ssh-agent command starts the SSH agent, a helper utility to store private keys when using public key authentication. The ssh-agent process is usually started at the the beginning of a login session and then can be connected to by a SSH client. Clients can detect the environment variable named SSH_AUTH_SOCK. Related settings on the client IdentityAgent

How to disable the usage of the SSH agent

Learn how to disable the usage of the SSH agent when authenticating.

Summary

Disable usage of SSH agent identities

How to show all installed packages with pacman

Query the pacman package manager on systems like Arch to show installed packages.

Summary

Querying pacman

How to stop all processes of a single user

Learn how to stop all processes of a single user using the killall command.

Summary

Killing processes with a filter

How to disable the SSH host key check?

Learn how to disable the SSH check of host authenticity and key fingerprint with ssh option StrictHostKeyChecking.

Summary

Disable check for host authenticity

How to terminate a SSH connection that does not respond to CTRL+C

Learn about SSH escape sequences and how they can help with terminating a SSH connection that does not respond to CTRL+C.

Summary

Use an escape sequence to terminate a connection that is stuck

How to remove the passphrase from a SSH key

Remove the password or passphrase from a SSH key using the ssh-keygen command.

Summary

Remove a passphrase from existing SSH key

How to see the available SSH keys in the OpenSSH authentication agent

Show the available SSH keys that are loaded in the SSH authentication agent.

Summary

How to see the available SSH keys in the OpenSSH authentication agent

SSH: Frequently Asked Questions

Frequently asked questions about SSH, such as SSH keys, configuration, and usage.

Summary

Hardware

Everything related to hardware in one place. From the basics of querying hardware information, up to securing physical access and limiting hardware devices.

Summary

What is a zombie process?

What is a zombie process on Linux and how to deal with it? In this article we will have a look at the details.

Summary

Zombies…

How to kill a zombie process

How to kill a zombie process if it does not respond to kill -9? Here are a few last steps that you can try.

Summary

Killing zombies, for fun?

How to show a running process name and its process ID (PID)

Find the process ID (PID) and process name on Linux with the help of the pgrep command.

Summary

Search for PID and process name

How to find all process IDs by its process name

Discover the process ID (PID) on Linux for a running process by searching for its process name.

Summary

Retrieve PIDs for a service

How to kill a running process by its name

Find and stop a running process on Linux by searching for its name using the killall or pkill command.

Summary

Stop a process by searching for its name

Processes: Frequently Asked Questions

Frequently asked questions about start and stop processes, discover information, and monitoring them.

Summary

How to see the the network IP address of your system

Show the IP address of your system with the help of the ip command.

Summary

Show your local IP address

How to see the IP address of your internet connection

Show the IP address of your internet connection using the dig command.

Summary

Query the IP address of your internet connection

How to see which DNS server is used

Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.

Summary

Show the active DNS server

How to find writable files

Learn how to the use the find command to find any files that are writable.

Summary

Find the files that are writable

Apt cheat sheet

The package manager apt gots much more options than one could think. In this cheat sheet they get uncovered.

Summary

Managing packages

How to see the size of a directory

Learn how to see the size of a directory or folder on Linux systems using the du command.

Summary

Show disk usage by files and directories

How to see hidden files

Learn how to see any hidden files on the command line or in the terminal using the ls command.

Summary

Show hidden files

How to see files great than a specific size

Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.

Summary

Show files bigger or smaller than a specified size

How to find when the last modification happened in a directory

Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.

Summary

Show when the last modification was made within a directory

How to see inode usage

Learn how to see inode usage on a Linux file system or mount point.

Summary

Show used and free disk space

How to see used and free disk space

Learn how to see used and disk space of file systems or mount point on Linux systems.

Summary

Show used and free disk space

How to find symbolic links that point to a directory

Learn how to use the find command to discover symbolic links that refer to a directory.

Summary

Find symbolic links pointing to a directory

How to compare two directories and find the differences

Learn how to compare two directories and see their differences or what files they are having in common.

Summary

Compare two directories, find their differences and what they have in common

Command-line

Tips and tricks for getting everything out of the Linux command-line or terminal.

Summary

The command-line or terminal is a great place to be productive! We collect one-liners that we used ourselves to solve an issue and are worth sharing. From daily commands up to more exotic one-time tasks, this is the place where they are stored. When we have enough to group them, the page will be split into multiple categories.

How to see the number of open connections on Linux

Show the number of open connections using the ss command on Linux.

Summary

Show number of open connections per protocol

How to see when a process was started

Show process details to learn more about when a process was started using the ps tool.

Summary

Show start time of a process

How to see when the system was started (uptime)

When did a system start? Learn how to query the boot time (uptime) of a system using commands like uptime and ps.

Summary

Show uptime of the system

System administration: Frequently Asked Questions

Frequently asked questions about system administration, system state, and how to perform common tasks.

Summary

How to see active connections and bandwidth usage on Linux

Show actual bandwidth usage and active connections using the iftop tool on Linux.

Summary

Show actual bandwidth usage

Show to clear the DNS cache with systemd

Learn how to inspect and clear the DNS cache when using the systemd resolver daemon.

Summary

Clear DNS cache using resolvectl

How to show network TCP statistics and counters

Show counters related to the TCP connections by using the nstat command. This small utility will quickly retrieve the related statistics and display them.

Summary

Show TCP connection statistics

How to see CPU details

Show CPU details such as architecture, vendor, caches, virtualization options, and even known CPU vulnerabilities such as Meltdown and Spectre.

Summary

Show CPU details

System performance

Articles and tools to troubleshoot Linux system performance issues.

Summary

Swap memory information

Articles and tools to troubleshoot Linux system performance issues with focus on swap memory and its usage.

Summary

Physical RAM is used to store information. Linux divides this RAM into smaller chunks, named memory pages. When there is no more normal memory available, the Linux kernel might need to temporarily store information aside. This is called paging or swap space. During the process of paging, memory pages will be moved from the RAM to the disk. This way memory is freed up for active processes, while older information is temporarily stored on the disk.

Tcpdump cheat sheet

Get more information out of the tcpdump tool using this cheat sheet. Find everything that is going on the network and your Linux systems.

Summary

No network packet will remain hidden

Methods to find the Linux distribution and version

Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.

Summary

Find the Linux distribution name and version

System administration

Everything related to managing Linux systems, from discovering what Linux distribution is running, up to full configuration and automation.

Summary

Dmidecode cheat sheet

Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.

Summary

All hardware exposed

How to see memory information such as type and speed

Show memory information and details such as the number of banks in use, the memory type and speed.

Summary

Show memory details

How to securely delete a file and its contents

Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.

Summary

Learn how to purge data before deleting a file

How to see the creation date of a file

Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.

Summary

Find out when a file was initially created

Cheat sheets

All cheat sheets to simplify your system administration and Linux security activities. Something missing? Let it know.

Summary

With many commands available on Linux, the number of options and remembering them can be overwhelming. This collection of Linux cheat sheets is intended as a reference for common tools and how to use them. With the included examples, it is also an easy way to learn about the options that they have to offer.

Tar cheat sheet

Become a master in archiving and compressing files using the tar tool with this cheat sheet.

Summary

Archiving all the data

Kernel: Frequently Asked Questions

Frequently asked questions about the Linux kernel and kernel security.

Summary

Ip cheat sheet

Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.

Summary

No more networking secrets

How to see errors and dropped packets on a network interface on Linux

Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.

Summary

Show network link statistics to discover errors or dropped packets

How to see the default gateway on Linux

Show the network routing table to discover the default gateway used on a Linux system.

Summary

Show network table to discover the default gateway

How to see which process is using a port

Show which process is already opened an UDP or TCP port on Linux by using the ss command.

Summary

Show which process is listening to a port

Lsof cheat sheet

Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.

Summary

Show open file information

How to see open ports on Linux

Show which UDP/TCP ports are opened on a Linux system, including the related process. Use the ss tool to see more details about these sockets.

Summary

Show open network ports such as TCP and UDP

Ss cheat sheet

If you want to learn more about network connections on Linux, then ss is the tool to get the job done. Learn how to use it with this cheat sheet.

Summary

Reveal all those sockets

Networking: Frequently Asked Questions

Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.

Summary

How to see the TTL value of a DNS record

Learn how to query the Time To Live (TTL) for a DNS record by using the dig tool.

Summary

Query DNS to reveal the TTL value of a DNS record.

How to show all installed packages on Ubuntu

Query the package manager to show installed packages on Ubuntu systems including version details.

Summary

Query tools like dpkg to show installed packages

Package manager: Frequently Asked Questions

Frequently asked questions about software, such as package manager, package versions, and how to configure them.

Summary

List installed packages on a Linux system

Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.

Summary

Show installed package on the most common Linux distributions

Package manager

Everything related to package managers like apt, dnf, yum, and zypper. Learn how to use the tools to install and configure packages.

Summary

Software

Everything related to software, including package managers, building software packages, and more.

Summary

How to list all USB devices

Retrieve device information from USB hubs and devices using the lsusb command.

Summary

Retrieve USB device information using lsusb

How to see the available hard disks

Show the available hard disks in a system by using the right Linux tool. There are multiple options to pick, so let's have a look.

Summary

Query the available hard disk(s)

How to see hard disk specifications and details

Show more detailed information about the available hard disks in the system. Specifications like speed, serial number, firmware, and other details.

Summary

More in-depth information about the available hard disks

How to see BIOS details

Show bios details from within a Linux system. Learn how to query these details and where to find more information.

Summary

Show BIOS information using dmidecode

Hardware: Frequently Asked Questions

Frequently asked questions about hardware information such as bios, USB devices, memory, and other details.

Summary

Du cheat sheet

Get more out of the du utility with this cheat sheet. Use it as a reference to find often-used options or those that come handy in time.

Summary

Find out who is using up that disk space

Systemd

Everything related to systemd in one place. From the basics like the different units tips, up to advanced troubleshooting.

Summary

Introduction Systemd is a system and service manager for Linux. For many Linux distributions it replaced the existing SysV init system, modernizing how services are started and monitored. Some basics about systemd: Author: Lennart Poettering First release: 2010 First adopter: Fedora Linux Common usage by major Linux distributions: 2015 Learn more: What is systemd? Systemd units To monitor and manage services on a system using systemd, unit files are used. These text-based files define what to run or do, relevant conditions, and any applicable dependencies.

How to find the biggest directories on disk

Find the biggest directories and files on disk by using the du command.

Summary

Leverage the du command to find the biggest directories

How to see all masked units with systemctl

Want to find all masked unit files? In this article we show how to do this with systemctl and query those units.

Summary

Show all masked units

How to see the last X lines with journalctl

Limit the output from journalctl by defining the number of lines you want to see.

Summary

Perform smarter queries when requesting information from journalctl

How to disable a systemd unit with systemctl

Want to disable a service or specific systemd unit? Use systemctl to configure units and disable it on boot or completely.

Summary

Disable a service or specific unit with systemctl

How to start and enable a unit with systemctl

Combine the start and enable command when using systemctl to get a unit like a service started at boot and right away.

Summary

Start and enable a unit with one command

How to show failed units with systemctl

Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.

Summary

Show failed systemd units with systemctl

Systemd: Frequently Asked Questions

Frequently asked questions about systemd, systemctl, and journalctl. Learn by pratical examples how to use these tools.

Summary

File systems: Frequently Asked Questions

Frequently asked questions about file systems, file permissions, directories and files.

Summary

Find cheat sheet

The find utility is probably the best tool to find files on your system, but it has some learning curve. We help you to achieve that with this cheat sheet.

Summary

Learn to search and to find

Systemd cheat sheet

Increase your system administration skills with this systemd cheat sheet, including how to configure and monitor systemd units.

Summary

Make a new friend?

Test web server caching with curl

Want to test your web server and see if static files are properly cached? Curl can help and with some scripting even automate the task for you.

Summary

Learn how to use curl to test if your web server is properly caching static files

Systemctl cheat sheet

Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.

Summary

Control those processes and timers

Journalctl cheat sheet

Learn how to get every piece of information from systemd journals with the journalctl command. This cheat sheet will help you with the task.

Summary

Query the journal and find the needle

Adding the Expires header to improve caching static content in nginx

Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.

Summary

Learn how to define the Expires header in nginx to improve the caching of static assets.

Curl cheat sheet

One of the best HTTP clients is the open source tool curl. With ongoing development and new updates, it is worth getting everything out of this powerful tool!

Summary

Download files and troubleshoot issues faster with curl

Nginx security hardening guide

Learn how to secure your nginx configuration with this hardening guide. It includes examples and tips to implement security measures step by step.

Strip one or more characters from a variable or output

Want to delete one or more characters from a variable or piped output? There are multiple ways to achieve this using standard system utilities.

AWK cheat sheet

When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners

Summary

Parse files quicker with smarter expressions

How to see all virtual hosts in nginx

Want to see all configured virtual hosts on a server running nginx? Here is a method to achieve this quickly by using a default configuration option.

Summary

How to display the configured hosts by filtering out the server_name entries

How to log only some requests to a log file in nginx

Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!

Summary

Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!" Log only some events by HTTP status Creating a map using $status The $status variable contains the HTTP status code that is normally returned to each request. We can leverage this status code to set a so-called boolean (true/false, or 1/0). Let’s define first the map and use the HTTP status.

How to find the OpenSSH version

Searching for the installed version of OpenSSH? Here are some commands to discover what software you are running.

Summary

SSH or Secure Shell is a popular protocol for doing system administration on Linux systems. Sometimes you may need to know what version you are running to know if some specific configuration options are available. In this article we have a look at the available options. Local OpenSSH version The easiest way to find the installed OpenSSH version is using the ssh -V command. This works when being logged in to the system itself.

Linux tools to bulk rename files

Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.

Summary

Rnr The first tool to cover is called rnr and is written in Rust. It can be downloaded on GitHub where also some good examples can be found on how to use the tool. Let’s try it out on a directory that we have with Markdown files. Due to a conversion, the file names include a date. As this is no longer needed, we want to strip out the date and only get the bit after the third hyphen.

How to test if an account has a password set?

Want to determine if a Linux account has a password set or its related properties? Here are few methods to check this and the steps to perform.

Summary

Sometimes you might want to check if an account on the system has a password set. One of the reasons is to disable those, so you can enforce that only SSH authentication might be used, for example. There are a few ways to see if a password is set. Using the passwd command The first command that comes to mind is using the passwd command. Normally you would use that to change your password, but it can actually also reveal useful details about existing accounts.

How to test if a website supports Brotli or Gzip compression

Optimizing a web server and its content can be done using brotli and gzip compression. This article shows a few ways to test your website.

Summary

After migrating this blog to Hugo we performed some optimization steps to ensure it is as quick as possible. Pages are slim and small in size, but still can be compressed. Normally we would do this on the end of the web server, by enabling dynamic compression. So each time a client requested a compressed page, the web server would compress is and send over the data. This time we turned things around.

Strace cheat sheet

The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!

Summary

Troubleshoot and monitor all processes