Linux Cheat Sheet
The Linux command line, also known as the terminal or shell, is a powerful tool used by system administrators, developers, and users around the world. The following cheat sheet provides a reference for the most commonly used Linux shell commands, permissions, and processes.
Commands
| Command | Description |
|---|---|
ls
|
List directory contents |
cd directory_name
|
Change directory |
pwd
|
Print current working directory |
mkdir directory_name
|
Create a new directory |
rmdir directory_name
|
Delete a directory |
touch filename
|
Create an empty file |
echo "content" > filename
|
Add content to a file |
cat filename
|
Display file content |
less filename
|
View file content with pagination |
man command_name
|
Open manual page for a command |
date
|
Display current date and time |
cal
|
Show calendar of the current month |
df
|
Display disk space usage |
du directory_name
|
Calculate directory space usage |
free
|
Show memory and swap usage |
uname -a
|
Display system information |
hostname
|
Display system hostname |
uptime
|
Show system uptime and load |
who
|
List logged-in users |
w
|
Show who is logged in and what they are doing |
users
|
Display list of logged-in users |
id
|
Display user identity |
groups
|
Show user's groups |
alias name='command'
|
Create a command alias |
history
|
Show command history |
clear
|
Clear terminal screen |
find /path -name "filename"
|
Find files by name |
locate filename
|
Find files by name using a database |
which command_name
|
Locate a command binary |
type command_name
|
Display command type |
zip
|
Compress files into .zip format |
unzip file.zip
|
Uncompress .zip files |
tar
|
Compress or decompress .tar files |
gzip
|
Compress or decompress .gz files |
ping domain_or_ip
|
Check network connectivity to a domain or IP |
ifconfig
|
Show network interfaces and configuration (deprecated in some distributions) |
ip a
|
Show IP addresses |
netstat
|
Show network statistics |
ss
|
Show socket statistics |
curl url
|
Transfer data from or to a server |
wget url
|
Download files from the web |
| Command | Description |
|---|---|
ls
|
List files and directories. |
ls -l
|
List files and directories with detailed information. |
ls -a
|
List all files, including hidden ones. |
cd directory
|
Change the current directory to the specified directory. |
pwd
|
Print the current working directory. |
cat file
|
Display the content of a file. |
less file
|
View the file with pagination. |
head file
|
Show the first ten lines of a file. |
tail file
|
Show the last ten lines of a file. |
touch file
|
Create an empty file. |
cp source destination
|
Copy a file or directory. |
mv source destination
|
Move or rename a file or directory. |
rm file
|
Delete a file. |
rmdir directory
|
Delete an empty directory. |
mkdir directory
|
Create a new directory. |
find /path -name filename
|
Search for a file in the specified path. |
grep 'pattern' file
|
Search for a pattern within a file. |
diff file1 file2
|
Compare two files and display differences. |
chmod permissions file
|
Change the file permissions. |
chown user:group file
|
Change the file owner and group. |
ln -s source linkname
|
Create a symbolic link. |
du
|
Estimate file space usage. |
df
|
Display disk space usage. |
tar -cvf archive.tar files
|
Create a tarball archive of files. |
tar -xvf archive.tar
|
Extract files from a tarball archive. |
gzip file
|
Compress a file using gzip. |
gunzip file.gz
|
Decompress a gzip file. |
zip archive.zip files
|
Create a zip archive. |
unzip archive.zip
|
Extract files from a zip archive. |
file file
|
Determine file type. |
wc file
|
Count words, lines, and characters in a file. |
sort file
|
Sort the contents of a file. |
cut -d'delimiter' -f1 file
|
Cut specific fields from a file or output. |
echo "text"
|
Display text or output to a file. |
alias name='command'
|
Create a shorthand for a command. |
| Command | Description |
|---|---|
ls -l
|
Display permissions for files and directories. |
chmod 755 filename
|
Set rwx for owner, rx for group and rx for others. |
chmod +x filename
|
Add execute permission to the file. |
chmod -wx filename
|
Remove write and execute permissions from the file. |
chmod u=rw filename
|
Set owner's permission to read and write only. |
chmod ugo=r filename
|
Set owner, group, and others permissions to read only. |
chmod a+w filename
|
Add write permission for all (same as ugo). |
chmod +rwx filename
|
Add read, write, and execute permissions to the file. |
chmod 777 filename
|
Set rwx for everyone. |
chmod 644 filename
|
Set rw for owner and r for group and others. |
chown user:group filename
|
Change the owner and group for the file. |
chown user: filename
|
Change only the owner of the file. |
chown :group filename
|
Change only the group of the file. |
chown -R user:group directory
|
Recursively change the owner and group for a directory and its contents. |
chgrp group filename
|
Change the group for the file. |
chgrp -R group directory
|
Recursively change the group for a directory and its contents. |
setfacl -m u:username:rw filename
|
Set file access control lists to give read-write access to a specific user. |
setfacl -x u:username filename
|
Remove specific user's ACL entry. |
getfacl filename
|
Display the file access control list. |
chmod --reference=file1 file2
|
Change permissions of file2 to match file1. |
find /dir -type f -exec chmod 644 {} \;
|
Recursively change permissions of all files in a directory to 644. |
find /dir -type d -exec chmod 755 {} \;
|
Recursively change permissions of all directories to 755. |
chmod --preserve-root 755 -R /dir
|
Recursively change permissions but avoid affecting root by mistake. |
umask
|
Display the current mask value which determines default permissions. |
umask 022
|
Set the default permissions for new files and directories. |
chmod 4755 file
|
Set the setuid bit (user will execute the file with permissions of the file's owner). |
chmod 2755 dir
|
Set the setgid bit (user will execute the file with permissions of the directory's group). |
chmod u+s file
|
Set the user ID on execution. |
chmod g+s dir
|
Set the group ID on execution for directories. |
chmod o+t dir
|
Set the sticky bit on a directory (only the owner can delete or rename files). |
stat file
|
Display detailed information about file permissions, timestamps, and other attributes. |
| Command | Description |
|---|---|
ps
|
Show running processes for the current user. |
ps aux
|
Show detailed information about all running processes. |
ps aux | grep process_name
|
Search for a specific process by name. |
top
|
Display a real-time overview of running processes. |
htop
|
Display a more user-friendly version of top. |
kill PID
|
Terminate a process by its PID (Process ID). |
killall process_name
|
Terminate all processes with the specified name. |
pkill process_name
|
Terminate processes by name. |
bg
|
Put a process in the background. |
fg
|
Bring a process to the foreground. |
jobs
|
Display background jobs. |
nohup command &
|
Run a command in the background and keep it running after logout. |
renice priority PID
|
Change the priority of a running process. |
lsof
|
List open files and the processes that opened them. |
strace command
|
Trace system calls made by a command. |
nice -n priority command
|
Run a command with a specified priority. |
uptime
|
Display system uptime and average load. |
free
|
Show memory usage. |
vmstat
|
Display system performance statistics. |
iostat
|
Display input/output statistics. |
mpstat
|
Show CPU statistics. |
netstat
|
Show network connections and statistics. |
ss
|
Display network socket statistics. |
dstat
|
Show real-time system performance statistics. |
sar
|
Display system activity reports. |
at now + 1 hour
|
Schedule a command to run one hour from now. |
atq
|
List pending jobs scheduled with at. |
atrm job_id
|
Remove a scheduled job by job ID. |
crontab -e
|
Edit the current user's crontab file. |
crontab -l
|
List the current user's cron jobs. |
crontab -r
|
Remove the current user's cron jobs. |
SELinux
What is SELinux?
SELinux, or Security-Enhanced Linux, is a Linux feature that provides a mechanism for supporting access control security policies. It is a mandatory access control (MAC) security structure implemented in the kernel.
What is it used for?
SELinux is designed to:
- Enhance Security: It adds another layer of security to limit the potential attack surface and prevent malicious actions on the system.
- Limit Damage: If an attacker or a malicious process manages to exploit a vulnerability in an application, SELinux can prevent them from accessing unrelated files, directories, or other resources.
- Enforce Policies: It ensures that only approved processes can access specific files and resources.
Useful Commands
| Description | Command |
|---|---|
| Get the current SELinux status |
getenforce
|
| Set SELinux to permissive mode |
setenforce 0
|
| Set SELinux to enforcing mode |
setenforce 1
|
| Display SELinux policy booleans |
getsebool -a
|
| Change a specific SELinux boolean value |
setsebool boolean_name on|off
|
| Check the SELinux context of a file |
ls -Z /path/to/file
|
| Restore default security contexts |
restorecon -v /path/to/file
|
| Search the audit logs for AVC denials |
ausearch -m avc -ts today
|
| Generate and analyze policy modules based on audit logs |
audit2allow -M mypol < /var/log/audit/audit.log
|
| Install a policy module |
semodule -i mypol.pp
|