Josh Brade

RESUME
RESUME
Menu

Linux Commands Security Professionals Should Know

User and Group Management

  • passwd – Changes the password of a user account.
    • Example: sudo passwd username
  • useradd – Creates a new user account.
    • Example: sudo useradd -m newuser
  • userdel – Deletes a user account.
    • Example: sudo userdel username
  • usermod – Modifies a user account, such as changing the username or group.
    • Example: sudo usermod -aG sudo username
  • groupadd – Creates a new group.
    • Example: sudo groupadd newgroup
  • groupdel – Deletes a group.
    • Example: sudo groupdel oldgroup
  • groups – Displays the groups a user is a member of.
    • Example: groups username
  • id – Displays user and group information for a specified user.
    • Example: id username

Package Manager

  • apt-get – A command-line tool to handle packages on Debian-based systems, used to install, remove, or upgrade packages.
    • Example: sudo apt-get install curl
  • apt – A newer, simpler front-end for the apt-get tool for package management on Debian-based systems.
    • Example: sudo apt update
  • yum – Package management tool for RPM-based Linux distributions (like CentOS, Red Hat), used to install, update, or remove packages.
    • Example: sudo yum install curl
  • dnf – A newer package manager for RPM-based systems, replacing yum in many distributions (like Fedora).
    • Example: sudo dnf install curl
  • rpm – Command-line tool to install, remove, and query RPM packages.
    • Example: sudo rpm -ivh package.rpm
  • dpkg – The low-level package manager for Debian-based systems that installs and manages .deb packages.
    • Example: sudo dpkg -i package.deb
  • snap – A package management system for installing snaps (self-contained applications) across various Linux distributions.
    • Example: sudo snap install vlc
  • zypper – Package manager for openSUSE, used to install, update, and manage packages.
    • Example: sudo zypper install curl

Network Configuration & Monitoring

  • ifconfig – Displays and configures network interfaces (deprecated in favor of ip).
    • Example: ifconfig eth0
  • ip add – Displays IP addresses of network interfaces (part of the ip tool suite).
    • Example: ip addr show
  • ping – Sends ICMP echo requests to test network connectivity.
    • Example: ping 8.8.8.8
  • netstat – Displays network connections, routing tables, and interface statistics (deprecated in favor of ss).
    • Example: netstat -tuln
  • ss – A utility to investigate sockets and network connections, replacing netstat.
    • Example: ss -tuln
  • traceroute – Traces the route packets take to a network host, showing each hop along the way.
    • Example: traceroute google.com
  • ssh – Securely connects to a remote system using the SSH protocol.
    • Example: ssh user@hostname
  • nc – Netcat, a utility for reading/writing network connections, useful for port scanning, listening, and sending data.
    • Example: nc -zv 192.168.1.1 1-1000

Process Management

  • ps – Displays a snapshot of current running processes.
    • Example: ps aux
  • top – Displays dynamic real-time information about processes.
    • Example: top
  • kill – Sends a signal to terminate a process by its PID (process ID).
    • Example: kill 1337
  • killall – Sends a signal to terminate processes by name.
    • Example: killall firefox
  • pstree – Displays processes in a tree-like format, showing their hierarchy.
    • Example: pstree
  • htop – Interactive version of top, providing a more user-friendly, color-coded view of processes.
    • Example: htop

File and Directory Management

  • ls – Lists the contents of a directory.
    • Example: ls -l /home/user
  • pwd – Displays the current working directory.
    • Example: pwd
  • cd – Changes the current directory.
    • Example: cd /home/user/Documents
  • mkdir – Creates a new directory.
    • Example: mkdir newdir
  • mdir – Similar to mkdir, but used for creating directories on remote systems (e.g., with FTP).
    • Example: mdir /mnt/remote/dir
  • touch – Creates an empty file or updates the timestamp of an existing file.
    • Example: touch newfile.txt
  • cp – Copies files or directories.
    • Example: cp file1.txt file2.txt
  • mv – Moves or renames files or directories.
    • Example: mv oldname.txt newname.txt
  • rm – Removes files or directories. There are several options for the rm command as well (ie -force (-f), -recursive (-r), -verbose (-v), -interactive (-i))
    • Example: rm file.txt

File Viewing and Editing

  • cat – Concatenates and displays file content.
    • Example: cat file.txt
  • less – Displays file content one screen at a time, allowing scrolling backward and forward.
    • Example: less file.txt
  • more – Similar to less, but less feature-rich (only allows forward scrolling).
    • Example: more file.txt
  • nano – A simple, text-based text editor.
    • Example: nano file.txt
  • vim – A powerful text editor with advanced features for editing files.
    • Example: vim file.txt
  • gedit – A graphical text editor for GNOME-based systems.
    • Example: gedit file.txt

System Information

  • uname – Displays system information, such as the kernel version and architecture.
    • Example: uname -a
  • df – Displays disk space usage for all mounted filesystems.
    • Example: df -h
  • du – Displays disk usage for files and directories.
    • Example: du -sh /home/user
  • free – Displays memory usage, including free and used memory.
    • Example: free -h
  • lscpu – Displays detailed information about the CPU architecture.
    • Example: lscpu
  • lshw – Displays detailed hardware configuration information.
    • Example: sudo lshw -short
  • lsblk – Lists information about block devices (e.g., hard drives and partitions).
    • Example: lsblk

Permission Commands

  • chmod – Changes the file or directory permissions.
    • Example: chmod u+x file.txt
  • chown – Changes the owner and/or group of a file or directory.
    • Example: sudo chown user:group file.txt
  • chgrp – Changes the group ownership of a file or directory.
    • Example: sudo chgrp admin file.txt
  • umask – Sets default file creation permissions.
    • Example: umask 022
  • setfacl – Sets file access control lists for more granular permission control.
    • Example: setfacl -m u:username:rwx file.txt
  • getfacl – Displays the access control list (ACL) of a file or directory.
    • Example: getfacl file.txt
  • chattr – Changes file attributes for advanced file protection (e.g., immutability).
    • Example: sudo chattr +i file.txt
  • ls -l – Lists files and directories with detailed information, including permissions.
    • Example: ls -l file.txt
Side note for chmod:

The chmod command changes the file's permissions for the user, group, and others. Permissions can be set using symbolic mode or numeric mode.

Symbolic Mode: Uses letters to represent file permissions.

r (read)

w (write)

x (execute)

Numeric Mode: Uses numbers to represent permissions.

4 = read (r)

2 = write (w)

1 = execute (x)

Sum of numbers for the user, group, and others.

In numeric mode, you represent permissions using numbers. Each permission is assigned a number:

4 = read (r)

2 = write (w)

1 = execute (x)

To calculate the numeric value for each permission group (user, group, others), you add the numbers:

rwx = 4 + 2 + 1 = 7

rw- = 4 + 2 = 6

r-- = 4

-wx = 2 + 1 = 3

--x = 1