Josh Brade

Linux Commands Security Professionals Should Know

User and Group Management

  • passwd – Changes the password of a user account.
    • Example: sudo passwd username
  • useradd – Creates a new user account.
    • Example: sudo useradd -m newuser
  • userdel – Deletes a user account.
    • Example: sudo userdel username
  • usermod – Modifies a user account, such as changing the username or group.
    • Example: sudo usermod -aG sudo username
  • groupadd – Creates a new group.
    • Example: sudo groupadd newgroup
  • groupdel – Deletes a group.
    • Example: sudo groupdel oldgroup
  • groups – Displays the groups a user is a member of.
    • Example: groups username
  • id – Displays user and group information for a specified user.
    • Example: id username

Package Manager

  • apt-get – A command-line tool to handle packages on Debian-based systems, used to install, remove, or upgrade packages.
    • Example: sudo apt-get install curl
  • apt – A newer, simpler front-end for the apt-get tool for package management on Debian-based systems.
    • Example: sudo apt update
  • yum – Package management tool for RPM-based Linux distributions (like CentOS, Red Hat), used to install, update, or remove packages.
    • Example: sudo yum install curl
  • dnf – A newer package manager for RPM-based systems, replacing yum in many distributions (like Fedora).
    • Example: sudo dnf install curl
  • rpm – Command-line tool to install, remove, and query RPM packages.
    • Example: sudo rpm -ivh package.rpm
  • dpkg – The low-level package manager for Debian-based systems that installs and manages .deb packages.
    • Example: sudo dpkg -i package.deb
  • snap – A package management system for installing snaps (self-contained applications) across various Linux distributions.
    • Example: sudo snap install vlc
  • zypper – Package manager for openSUSE, used to install, update, and manage packages.
    • Example: sudo zypper install curl

Network Configuration & Monitoring

  • ifconfig – Displays and configures network interfaces (deprecated in favor of ip).
    • Example: ifconfig eth0
  • ip add – Displays IP addresses of network interfaces (part of the ip tool suite).
    • Example: ip addr show
  • ping – Sends ICMP echo requests to test network connectivity.
    • Example: ping 8.8.8.8
  • netstat – Displays network connections, routing tables, and interface statistics (deprecated in favor of ss).
    • Example: netstat -tuln
  • ss – A utility to investigate sockets and network connections, replacing netstat.
    • Example: ss -tuln
  • traceroute – Traces the route packets take to a network host, showing each hop along the way.
    • Example: traceroute google.com
  • ssh – Securely connects to a remote system using the SSH protocol.
    • Example: ssh user@hostname
  • nc – Netcat, a utility for reading/writing network connections, useful for port scanning, listening, and sending data.
    • Example: nc -zv 192.168.1.1 1-1000

Process Management

  • ps – Displays a snapshot of current running processes.
    • Example: ps aux
  • top – Displays dynamic real-time information about processes.
    • Example: top
  • kill – Sends a signal to terminate a process by its PID (process ID).
    • Example: kill 1337
  • killall – Sends a signal to terminate processes by name.
    • Example: killall firefox
  • pstree – Displays processes in a tree-like format, showing their hierarchy.
    • Example: pstree
  • htop – Interactive version of top, providing a more user-friendly, color-coded view of processes.
    • Example: htop

File and Directory Management

  • ls – Lists the contents of a directory.
    • Example: ls -l /home/user
  • pwd – Displays the current working directory.
    • Example: pwd
  • cd – Changes the current directory.
    • Example: cd /home/user/Documents
  • mkdir – Creates a new directory.
    • Example: mkdir newdir
  • mdir – Similar to mkdir, but used for creating directories on remote systems (e.g., with FTP).
    • Example: mdir /mnt/remote/dir
  • touch – Creates an empty file or updates the timestamp of an existing file.
    • Example: touch newfile.txt
  • cp – Copies files or directories.
    • Example: cp file1.txt file2.txt
  • mv – Moves or renames files or directories.
    • Example: mv oldname.txt newname.txt
  • rm – Removes files or directories. There are several options for the rm command as well (ie -force (-f), -recursive (-r), -verbose (-v), -interactive (-i))
    • Example: rm file.txt

File Viewing and Editing

  • cat – Concatenates and displays file content.
    • Example: cat file.txt
  • less – Displays file content one screen at a time, allowing scrolling backward and forward.
    • Example: less file.txt
  • more – Similar to less, but less feature-rich (only allows forward scrolling).
    • Example: more file.txt
  • nano – A simple, text-based text editor.
    • Example: nano file.txt
  • vim – A powerful text editor with advanced features for editing files.
    • Example: vim file.txt
  • gedit – A graphical text editor for GNOME-based systems.
    • Example: gedit file.txt

System Information

  • uname – Displays system information, such as the kernel version and architecture.
    • Example: uname -a
  • df – Displays disk space usage for all mounted filesystems.
    • Example: df -h
  • du – Displays disk usage for files and directories.
    • Example: du -sh /home/user
  • free – Displays memory usage, including free and used memory.
    • Example: free -h
  • lscpu – Displays detailed information about the CPU architecture.
    • Example: lscpu
  • lshw – Displays detailed hardware configuration information.
    • Example: sudo lshw -short
  • lsblk – Lists information about block devices (e.g., hard drives and partitions).
    • Example: lsblk

Permission Commands

  • chmod – Changes the file or directory permissions.
    • Example: chmod u+x file.txt
  • chown – Changes the owner and/or group of a file or directory.
    • Example: sudo chown user:group file.txt
  • chgrp – Changes the group ownership of a file or directory.
    • Example: sudo chgrp admin file.txt
  • umask – Sets default file creation permissions.
    • Example: umask 022
  • setfacl – Sets file access control lists for more granular permission control.
    • Example: setfacl -m u:username:rwx file.txt
  • getfacl – Displays the access control list (ACL) of a file or directory.
    • Example: getfacl file.txt
  • chattr – Changes file attributes for advanced file protection (e.g., immutability).
    • Example: sudo chattr +i file.txt
  • ls -l – Lists files and directories with detailed information, including permissions.
    • Example: ls -l file.txt
Side note for chmod (Click the Arrow)


The chmod command changes the file’s permissions for the user, group, and others. Permissions can be set using symbolic mode or numeric mode.

Symbolic Mode: Uses letters to represent file permissions.

r (read)

w (write)

x (execute)

Numeric Mode: Uses numbers to represent permissions.

4 = read (r)

2 = write (w)

1 = execute (x)

Sum of numbers for the user, group, and others.

In numeric mode, you represent permissions using numbers. Each permission is assigned a number:

4 = read (r)

2 = write (w)

1 = execute (x)

To calculate the numeric value for each permission group (user, group, others), you add the numbers:

rwx = 4 + 2 + 1 = 7

rw- = 4 + 2 = 6

r– = 4

-wx = 2 + 1 = 3

–x = 1