Linux Cheat Sheet

The Linux command line, also known as the terminal or shell, is a powerful tool used by system administrators, developers, and users around the world. The following cheat sheet provides a reference for the most commonly used Linux shell commands, permissions, and processes.

Commands

Command Description
ls List directory contents
cd directory_name Change directory
pwd Print current working directory
mkdir directory_name Create a new directory
rmdir directory_name Delete a directory
touch filename Create an empty file
echo "content" > filename Add content to a file
cat filename Display file content
less filename View file content with pagination
man command_name Open manual page for a command
date Display current date and time
cal Show calendar of the current month
df Display disk space usage
du directory_name Calculate directory space usage
free Show memory and swap usage
uname -a Display system information
hostname Display system hostname
uptime Show system uptime and load
who List logged-in users
w Show who is logged in and what they are doing
users Display list of logged-in users
id Display user identity
groups Show user's groups
alias name='command' Create a command alias
history Show command history
clear Clear terminal screen
find /path -name "filename" Find files by name
locate filename Find files by name using a database
which command_name Locate a command binary
type command_name Display command type
zip Compress files into .zip format
unzip file.zip Uncompress .zip files
tar Compress or decompress .tar files
gzip Compress or decompress .gz files
ping domain_or_ip Check network connectivity to a domain or IP
ifconfig Show network interfaces and configuration (deprecated in some distributions)
ip a Show IP addresses
netstat Show network statistics
ss Show socket statistics
curl url Transfer data from or to a server
wget url Download files from the web

Command Description
ls List files and directories.
ls -l List files and directories with detailed information.
ls -a List all files, including hidden ones.
cd directory Change the current directory to the specified directory.
pwd Print the current working directory.
cat file Display the content of a file.
less file View the file with pagination.
head file Show the first ten lines of a file.
tail file Show the last ten lines of a file.
touch file Create an empty file.
cp source destination Copy a file or directory.
mv source destination Move or rename a file or directory.
rm file Delete a file.
rmdir directory Delete an empty directory.
mkdir directory Create a new directory.
find /path -name filename Search for a file in the specified path.
grep 'pattern' file Search for a pattern within a file.
diff file1 file2 Compare two files and display differences.
chmod permissions file Change the file permissions.
chown user:group file Change the file owner and group.
ln -s source linkname Create a symbolic link.
du Estimate file space usage.
df Display disk space usage.
tar -cvf archive.tar files Create a tarball archive of files.
tar -xvf archive.tar Extract files from a tarball archive.
gzip file Compress a file using gzip.
gunzip file.gz Decompress a gzip file.
zip archive.zip files Create a zip archive.
unzip archive.zip Extract files from a zip archive.
file file Determine file type.
wc file Count words, lines, and characters in a file.
sort file Sort the contents of a file.
cut -d'delimiter' -f1 file Cut specific fields from a file or output.
echo "text" Display text or output to a file.
alias name='command' Create a shorthand for a command.

Command Description
ls -l Display permissions for files and directories.
chmod 755 filename Set rwx for owner, rx for group and rx for others.
chmod +x filename Add execute permission to the file.
chmod -wx filename Remove write and execute permissions from the file.
chmod u=rw filename Set owner's permission to read and write only.
chmod ugo=r filename Set owner, group, and others permissions to read only.
chmod a+w filename Add write permission for all (same as ugo).
chmod +rwx filename Add read, write, and execute permissions to the file.
chmod 777 filename Set rwx for everyone.
chmod 644 filename Set rw for owner and r for group and others.
chown user:group filename Change the owner and group for the file.
chown user: filename Change only the owner of the file.
chown :group filename Change only the group of the file.
chown -R user:group directory Recursively change the owner and group for a directory and its contents.
chgrp group filename Change the group for the file.
chgrp -R group directory Recursively change the group for a directory and its contents.
setfacl -m u:username:rw filename Set file access control lists to give read-write access to a specific user.
setfacl -x u:username filename Remove specific user's ACL entry.
getfacl filename Display the file access control list.
chmod --reference=file1 file2 Change permissions of file2 to match file1.
find /dir -type f -exec chmod 644 {} \; Recursively change permissions of all files in a directory to 644.
find /dir -type d -exec chmod 755 {} \; Recursively change permissions of all directories to 755.
chmod --preserve-root 755 -R /dir Recursively change permissions but avoid affecting root by mistake.
umask Display the current mask value which determines default permissions.
umask 022 Set the default permissions for new files and directories.
chmod 4755 file Set the setuid bit (user will execute the file with permissions of the file's owner).
chmod 2755 dir Set the setgid bit (user will execute the file with permissions of the directory's group).
chmod u+s file Set the user ID on execution.
chmod g+s dir Set the group ID on execution for directories.
chmod o+t dir Set the sticky bit on a directory (only the owner can delete or rename files).
stat file Display detailed information about file permissions, timestamps, and other attributes.

Command Description
ps Show running processes for the current user.
ps aux Show detailed information about all running processes.
ps aux | grep process_name Search for a specific process by name.
top Display a real-time overview of running processes.
htop Display a more user-friendly version of top.
kill PID Terminate a process by its PID (Process ID).
killall process_name Terminate all processes with the specified name.
pkill process_name Terminate processes by name.
bg Put a process in the background.
fg Bring a process to the foreground.
jobs Display background jobs.
nohup command & Run a command in the background and keep it running after logout.
renice priority PID Change the priority of a running process.
lsof List open files and the processes that opened them.
strace command Trace system calls made by a command.
nice -n priority command Run a command with a specified priority.
uptime Display system uptime and average load.
free Show memory usage.
vmstat Display system performance statistics.
iostat Display input/output statistics.
mpstat Show CPU statistics.
netstat Show network connections and statistics.
ss Display network socket statistics.
dstat Show real-time system performance statistics.
sar Display system activity reports.
at now + 1 hour Schedule a command to run one hour from now.
atq List pending jobs scheduled with at.
atrm job_id Remove a scheduled job by job ID.
crontab -e Edit the current user's crontab file.
crontab -l List the current user's cron jobs.
crontab -r Remove the current user's cron jobs.

SELinux

What is SELinux?

SELinux, or Security-Enhanced Linux, is a Linux feature that provides a mechanism for supporting access control security policies. It is a mandatory access control (MAC) security structure implemented in the kernel.

What is it used for?

SELinux is designed to:

  1. Enhance Security: It adds another layer of security to limit the potential attack surface and prevent malicious actions on the system.
  2. Limit Damage: If an attacker or a malicious process manages to exploit a vulnerability in an application, SELinux can prevent them from accessing unrelated files, directories, or other resources.
  3. Enforce Policies: It ensures that only approved processes can access specific files and resources.

Useful Commands

Description Command
Get the current SELinux status getenforce
Set SELinux to permissive mode setenforce 0
Set SELinux to enforcing mode setenforce 1
Display SELinux policy booleans getsebool -a
Change a specific SELinux boolean value setsebool boolean_name on|off
Check the SELinux context of a file ls -Z /path/to/file
Restore default security contexts restorecon -v /path/to/file
Search the audit logs for AVC denials ausearch -m avc -ts today
Generate and analyze policy modules based on audit logs audit2allow -M mypol < /var/log/audit/audit.log
Install a policy module semodule -i mypol.pp