man,apropos,whatis,which,w,who,last,lastlog,type,runlevel,namei
getting access to information in general: man,apropos,whatis,which,w,who,last,lastlog,type,runlevel,namei
getting access to information in general
• "man KEYWORD" to read the manual for keyword
• "man 3 KEYWORD" to read the manual for keyword in section 3 (in case there are multiple identical keywords in different sections)
• "apropos KEYWORD" to search in all manual pages for a command whose exact name you might not know
• "man -K KEYWORD" if apropos doesn't help and you need to brute-force search through all manuals
• "whatis KEYWORD" like "man keyword", but get just the first line from the manual, i.e. the Cliffsnotes/executive summary
• "which COMMAND" if the command actually exists and can be executed, tells you where exactly that command is stored
• "w" (short for "who") to list all users currently logged in with lots of details
• "who" (actually not the same as "w") does something very similar to "w"
• "last" list all known past logins of the current user
• "lastlog" for all users show when that user last logged in
• "type COMMAND" tells you whether a command is a shell builtin, an alias, an external command (not shell builtin) , nonexistent, etc.
• "runlevel" if you use a SysV init system, tells you the current runlevel (e.g. GUI (graphical user interface), non-GUI (graphical user interface), no network, single user)
• "namei PATH" tells you a lot of details about the given path, e.g. whether it is a symbolic link and to where that link leads
du,df,stat,mountpoint,hdparm,smartctl,lvdisplay,vgdisplay,pvdisplay,lvcreate,lvremove,lvresize,iostat,iotop,blkid,lsblk,dumpe2fs,tune2fs
information about filesystems and hard disks: du,df,stat,mountpoint,hdparm,smartctl,lvdisplay,vgdisplay,pvdisplay,lvcreate,lvremove,lvresize,iostat,iotop,blkid,lsblk,dumpe2fs,tune2fs
information about filesystems and hard disks
• "du -k PATH" (short for "disk usage") how many kilobytes does the given PATH use on disk, takes into account compression, sparse files, etc.
• "du -m PATH" the same in megabytes (strictly speaking: mebibytes) instead of kilobytes (ditto: kibibytes)
• "df -h" how much all mounted filesystems have in use and have available in a human-readable manner
• "stat PATH" detailed information about the given path, including access rights, inode number, precise timestamps, etc.
• "mountpoint PATH" has a filesystem been mounted at PATH? if yes, the root of some filesystem is there, otherwise it's just some random place within some filesystem
• "hdparm DEVICE" low level hardware information about the given hard disk/solid state disk/drive in general
• "smartctl -a DEVICE" read S.M.A.R.T. value reported by given drive, which can tell you about the health of the device. most important is the line "self-assessment test result"
• "lvdisplay LOGICA (certificate authority)L_VOLUME" info about given LVM (logical volume manager) logical volume
• "vgdisplay VOLUME_GROUP" info about given LVM (logical volume manager) volume group
• "pvdisplay PHYSICA (certificate authority)L_VOLUME" info about given LVM (logical volume manager) physical volume
• "lvcreate" create new LVM (logical volume manager) logical volume
• "lvremove LOGICA (certificate authority)L_VOLUME" remove given LVM (logical volume manager) logical volume
• "lvresize" resize LVM (logical volume manager) logical volume
• "iostat" statistics about usage of all drives
• "watch iostat" call iostat every 2 seconds to get self-updating output without having to manually execute it again and again
• "iotop" similar to iostat, but also tells you which processes are responsible for all the disk accesses
• "blkid DEVICE" get info about unique IDs (UUID (universally unique identifier)s) of given device. also works for logical devices (partitions, logical volumes, etc.)
• "lsblk" list all block devices (drives & such) and their relation to each other
• "dumpe2fs DEVICE" information about ext2/ext3/ext4 file system (the file system itself, not the device on which it is stored)
• "tune2fs DEVICE" change parameters of ext2/ext3/ext4, like changing label/name, changing frequency of automatic file system checks. only for experts
find,locate
searching for files: find,locate
searching for files
• "find -name FILENAME" search for given file name in current folder and all subfolders and output the paths of all matching files.
• "find -iname FILENAME" search for given file name ignoring uppercase/lowercase distinction.
• "find -size +10M" search for files larger than 10 megabytes (strictly speaking: mebibytes) .
• "find -size -10k" search for files smaller than 10 kilobytes (strictly speaking: kibibytes) .
• "find FOLDER1 FOLDER2" search only in the given folders.
• "find FOLDER -maxdepth 3" don't search in subfolders 4 folders deep or deeper than that.
• "find -type d" output only matches that are directories.
• "find -xdev" don't search on other filesystems. Useful if you have a small and fast and a large and slow drive and you don't want to wait for weeks.
• "find -mtime -3" search for files that have been changed in the last 3 days.
• "find -mmin +60" search for files that have not been changed in the last 60 minutes.
• "find -name '*PART1*PART2*'" search for files having both given parts in the file name, with arbitrary other characters in between, before or after the given parts.
• "find -exec ls -ld {} \;" run "ls -ld" on every found file.
• "locate FILENAME" instead of searching for the given file in the filesystem, look for it in the mlocate database. That can be many times faster, but won't find anything that was changed since the last database update. Also, you can only search for names in the database.
free,swapon,swapoff,vmstat,ipcs,ipcrm
information about RAM (random access memory)/memory: free,swapon,swapoff,vmstat,ipcs,ipcrm
information about RAM (random access memory)/memory
• "free" information about used and available RAM (random access memory) and swap space
• "swapon -s" information about swap devices
• "swapoff" can deactivate swap devices
• "vmstat" also information about RAM (random access memory)
• "ipcs" information about IPC (inter-process communication), including shared memory
• "ipcrm" remove IPC (inter-process communication) resource
ps,pstree,pgrep
running processes: ps,pstree,pgrep
running processes
• "ps -e" List all running processes.
• "pstree" List all running processes as a hierarchy/tree.
• "pgrep NAME" Quick way to get process ID of given process name.
pushd,popd,fg,help,eval,while,for
shell builtins: pushd,popd,fg,help,eval,while,for
shell builtins
• "pushd DIRECTORY" pushes the given directory on the directory stack, to be saved for later use.
• "popd" pop top entry off the directory stack and change directory to that entry.
• "fg" Move a job that was running in the background to the foreground again so that you can interact with it.
• "help TOPIC" Show help about given builtin command.
• "eval STUFF" Run the given string as a shell command. Useful if you want to create commands on the fly instead of working with fixed code. But also dangerous. Don't blow your house up.
• 'cat FILE|while read line; do COMMAND "$line"; done' Read given file line by line and run given command on each line.
• 'for i in 1 2 3 4; do COMMAND "$i"; done' Run given command on each of the given items.
• 'for i in $(seq 100); do COMMAND "$i"; done' Run given command 100 times.
• 'for i in $(seq -w 100); do COMMAND "$i"; done' Run given command 100 times and make sure short numbers begin with leading zeros.
lsmod,insmod,rmmod,modprobe,depmod,lsusb,lspci,glxinfo,xrdb,nvidia-smi,dmidecode,viosdecode,vpddecode,hwinfo,lshw,sensors/lm-sensors
hardware: lsmod,insmod,rmmod,modprobe,depmod,lsusb,lspci,glxinfo,xrdb,nvidia-smi,dmidecode,viosdecode,vpddecode,hwinfo,lshw,sensors/lm-sensors
hardware
• "lsmod" Show loaded kernel modules.
• "insmod MODULE" Load given kernel module.
• "rmmod MODULE" Unload given kernel module.
• "modprobe MODULE" Load given kernel module, resolve its dependencies and load those as well, if necessary.
• "depmod" Recalculate kernel module dependencies.
• "lsusb" List all connected USB (universal serial bus) devices, i.e. devices connected via the USB (universal serial bus) bus.
• "lspci" List all connected PCI (Peripheral Component Interconnect) devices, i.e. devices connected via the PCI (Peripheral Component Interconnect)/PCI (Peripheral Component Interconnect) Express bus.
• "glxinfo" List details of your OpenGL implementation.
• "xrdb -query" Show info about running X server.
• "nvidia-smi" If you have an Nvidia GPU (Graphics Processing Unit), see what your GPU (Graphics Processing Unit) is doing right now.
• "dmidecode" Show info about your hardware, BIOS (Basic Input/Output System)/UEFI (Unified Extensible Firmware Interface), etc.
• "viosdecode" Show info about your BIOS (Basic Input/Output System).
• "vpddecode" More hardware info, but does not work on all computer types.
• "hwinfo" Detailed info about all your hardware.
• "lshw" And another way to get info about all your hardware.
• "sensors"/"lm-sensors" Output data measured by sensors inside your hardware, like temperatures, voltages, fan RPMs, etc.
fdisk,partprobe,kpartx,partx,sfdisk,gdisk,sgdisk
hard disk partitioning: fdisk,partprobe,kpartx,partx,sfdisk,gdisk,sgdisk
hard disk partitioning
• "fdisk -l DEVICE" Show all partitions of given disk.
• "fdisk DEVICE" Edit partitions of given disk.
• "partprobe DEVICE" Tell the OS that the partition table of given disk has changed if not edited via fdisk.
• "kpartx DEVICE" Does the same thing.
• "partx DEVICE" Does the same thing.
• "sfdisk DEVICE" Alternative of fdisk.
• "gdisk DEVICE" Alternative of fdisk, but only for GPT partition tables, the new style of partition table.
• "sgdisk DEVICE" Alternative of gdisk.
service,chkconfig,invoke-rc.d,update-rc.d,sysctl,systemctl
manage services: service,chkconfig,invoke-rc.d,update-rc.d,sysctl,systemctl
manage services
• "service" Start/stop/restart a service.
• "chkconfig" If you still use a SysV init system, this tool can enable/disable services.
• "invoke-rc.d" Another way to start/stop/restart a service, but maybe only in a SysV init system.
• "update-rc.d" Another way to enable/disable services, probably only in a SysV init system.
• "sysctl" configure kernel parameters at runtime.
• "systemctl" despite the similar name, this has nothing to do with sysctl. This starts/stops/restarts/enables/disables services if you have a SystemD init system.
netstat,ifconfig,iwconfig,iwlist,ip,ethtool,host,dig,nslookup,arp,route,iptables,ip6tables,iftop,ping,arping,hping3,tcpdump
network: netstat,ifconfig,iwconfig,iwlist,ip,ethtool,host,dig,nslookup,arp,route,iptables,ip6tables,iftop,ping,arping,hping3,tcpdump
network
• "netstat" A tool for inspecting network information (active connections, listening processes, routing table, stats, etc.) . Deprecated now and replaced by "ss".
• "ifconfig" A tool for inspecting and editing network device configuration.
• "iwconfig" ifconfig for wireless networking.
• "iwlist" Get information about wireless devices.
• "ip" Modern replacement for most of the functionality of netstat and ifconfig.
• "ethtool" Tool for configuring your ethernet network devices.
• "host DOMAIN.TLD" Make DNS (domain name system) request for given domain and show reply.
• "dig DOMAIN.TLD" Ditto.
• "nslookup DOMAIN.TLD" Ditto.
• "arp" Show the ARP (Address Resolution Protocol) cache.
• "ip -6 neigh show" The equivalent of the ARP (Address Resolution Protocol) cache for IPv6.
• "route" Show the routing table.
• "ip -6 route" routing table for IPv6.
• "iptables -n -L INPUT" Show all iptables rules for the input chain, i.e. your firewall configuration.
• "iptables -S INPUT" List the rules in a different format. This allows you to make an easy backup of your configuration.
• "iptables -A INPUT -s 1.2.3.4/32 -p tcp -j DROP" Add a new rule to your input chain. Throws away all TCP (transmission control protocol) packets from the given IP address.
• "iptables -A INPUT -p tcp -m multiport --dports 22 -j DROP" Drop all packets going to TCP (transmission control protocol) port 22.
• "ip6tables" iptables for IPv6.
• "iftop" Similar to "top", but for network traffic, i.e. list bandwidth usage per connection.
• "ping HOST" Send a ping to given computer to figure out whether there are any connection problems.
• "arping HOST" Like ping, but use ARP (Address Resolution Protocol) request instead of ICMP (Internet Control Message Protocol) request.
• "hping3" Can use UDP (user datagram protocol)/TCP (transmission control protocol) packets as a kind of ping, which is useful because some hosts/networks don't allow normal pings (i.e. ICMP (Internet Control Message Protocol) requests) .
• "tcpdump host HOST" Look at what your network is doing by showing you details of all network packets between here and the given computer. Can also write the packets to a file for later inspection and analysis.
ssh,scp,screen,byobu,tmux,telnet,ssh-keygen,ssh-agent,ssh-add,vncviewer,rdesktop
working remotely: ssh,scp,screen,byobu,tmux,telnet,ssh-keygen,ssh-agent,ssh-add,vncviewer,rdesktop
working remotely
• "ssh USER@HOST" try to login remotely via encrypted channel as given user on given host/computer. Requires network connection, valid account on target system and some form of authentication (password, RSA (Rivest, Shamir, Adleman public key cryptography) key, etc.)
• "ssh USER@HOST 'ls /'" login, execute given command (instead of interactive shell) and then quit
• "ssh -p 2222 USER@HOST" try connection on port 2222 instead of default (port 22)
• "ssh -ND 9999 USER@HOST" create SOCKS proxy on given host instead of opening interactive shell. The proxy is reachable on port 9999 and can be used in your browser (network settings -> manual proxy configuration) to tunnel all your requests through the given host
• "ssh -NL LOCA (certificate authority)L_ADDR:LOCA (certificate authority)L_PORT:REMOTE_ADDR:REMOTE_PORT USER@HOST" tunnel the given port through the SSH (secure shell) connection instead of opening an interactive shell. Allows you to make arbitrary TCP (transmission control protocol) connections through that tunnel, e.g. for connecting to a VNC (virtual network computing)/MySQL (structured query language) server that is not reachable through an externally visible port for security reasons.
• "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no USER@HOST" useful if you make many connections on your LAN (local area network) and the host keys (or host names or IP addresses) are constantly changing. But that is bad security practice, so avoid it if possible.
• "ssh -X -C USER@HOST" if you have a fast, low latency connection (LAN (local area network), not internet) and the target host still uses X Window System, you can run graphical applications over the SSH (secure shell) connection, just like you would run command line applications. Will be practically unusable on a slow connection. You can test what would be possible over a fast connection by making a connection to your own computer via "ssh -X localhost".
• "ssh USER@HOST '/bin/bash -i'" helps if something is broken on the remote computer and you get the error "PTY (pseudo terminal) allocation request failed on channel ..." when trying to connect. With this command you get a shell on a "dumb" terminal, which works like a printer/typewriter. Many programs expecting a proper ANSI terminal won't work, e.g. "top".
• "ssh -q USER@HOST" annoyed by big MOTD (message of the day) banners? Get rid of them.
• "ssh -o PreferredAuthentications=publickey USER@HOST" don't get asked for password even if the remote computer allows password authentication. Requires to have a valid public key.
• "ssh -NR LOCA (certificate authority)L_ADDR:LOCA (certificate authority)L_PORT:REMOTE_ADDR:REMOTE_PORT USER@HOST" tunnel the given port through the SSH (secure shell) connection in the other direction. This allows the remote computer to make connections to you. That way you can use your local USB (universal serial bus) devices on the remote computer via "usbip" (it's still a network connection, so don't expect super high speed) .
• "scp FILE USER@HOST:/PATH" copy given file over SSH (secure shell) connection to given path on remote computer.
• "screen" once you have an SSH (secure shell) connection to the remote computer, start a detachable terminal emulator with this. Then your programs can keep running even if the connection dies. You can also have multiple emulated terminals in one screen session and switch between them, copy/paste between them, show 2 or more simultaneously in split screen mode. Screen also can do a lot of other things. If you don't use screen and the connection dies, your remote shell and everything running in it will eventually be killed.
• "byobu" alternative of screen.
• "tmux" another alternative.
• "telnet USER@HOST" the old school unencrypted granddaddy of SSH (secure shell). Should only be used over LAN (local area network). Most computers won't have a telnet server running, but some older or very simple systems might, because telnet is so much simpler
• "telnet HOST PORT" instead of as a remote shell tool, you can use telnet as an invaluable network problem diagnosis tool. It is capable of opening interactive TCP (transmission control protocol) sessions to arbitrary computers and ports and many protocols like HTTP (hypertext transfer protocol) & SMTP (simple mail transfer protocol) are plain text protocols. That means you can type HTTP (hypertext transfer protocol) or SMTP (simple mail transfer protocol) requests manually and watch the server reply in real time. Most normal HTTP (hypertext transfer protocol) & SMTP (simple mail transfer protocol) clients can't do that, making diagnosis via normal clients a pain in the ass. The most important usage is for just checking whether a given TCP (transmission control protocol) port is even accessible at all. Once the connection is established, you need to press ctrl-5 and "quit" and Enter to quit telnet.
• "ssh-keygen" allows you to create cryptographic keys for SSH (secure shell) authentication without password. Don't use password-based authentication if you can avoid it.
• "ssh-agent" start a little daemon process that can remember your SSH (secure shell) keys for you. If you use encrypted SSH (secure shell) keys, this allows you to enter the decryption key only once and then keep using the decrypted key indefinitely. That makes SSH (secure shell) usage sooo much more convenient. For example you can then use tab-completion with SSH (secure shell) & SCP (secure copy) as if everything were running locally (apart from the network latency) .
• "ssh-add" once ssh-agent is running, you need to execute this once to add your SSH (secure shell) key to the agent.
• "~/.ssh/config" not a command, but SSH (secure shell)'s configuration file. Put your commonly used user/computer-combinations there, so that making remote connections requires even less typing.
• "vncviewer HOST" make a VNC (virtual network computing) connection to the given computer/host. if you want to run any GUI (graphical user interface) applications and either you or the remote computer don't use X Window System, this will be required. Only fun over fast connections. You can even use this on a computer that doesn't have a monitor attached, or even on a computer without a GPU (Graphics Processing Unit). For that, you'd require "Xvfb", "icewm", "x11vnc". That runs a "fake" X Server, a very simple desktop environment and makes it accessible via VNC (virtual network computing).
• "vncviewer HOST::PORT" make a VNC (virtual network computing) connection to the given computer/host on the given port.
• "rdesktop HOST" if, for some inconceivable reason, you have to make a connection to a Windows machine, you can use this to connect to an RDP (remote desktop protocol) server. It's like VNC (virtual network computing), but Windows-exclusive (and it also transmits sound, which VNC (virtual network computing) doesn't do) .
• "rdesktop HOST:PORT" make a RDP (remote desktop protocol) connection to the given computer/host on the given port. Note the single colon. vncviewer uses two colons instead for the same thing.
diff,patch,cmp,sort,join,uniq,tr,xxd,tsort,tac,cat,split,rev,nl,cut,paste,head,tail,xdelta,sed,grep,agrep
simple text processing: diff,patch,cmp,sort,join,uniq,tr,xxd,tsort,tac,cat,split,rev,nl,cut,paste,head,tail,xdelta,sed,grep,agrep
simple text processing
• "diff FILE1 FILE2" compare file1 to file2 and output the differences. The files are compared line by line, not word by word or letter by letter. Only works for text files.
• "patch PATCH" use output of "diff" to produce the second file in the above entry if you already have the first. patch is supposed to be the inverse of diff. If diff is minus, patch is plus.
• "cmp FILE1 FILE2" compare file1 to file2 and quit with an error code as soon as a difference is found. Comparison is byte by byte and works for all types of files.
• "sort FILE" sort given file linewise and output the sorted file. Only works for text files.
• "sort -g FILE" sort based on numerical values. Important for files that start each line with some number.
• "sort -k2,2 -t',' FILE" sort based on column two, assuming tabular input with commas separating columns, i.e. a CSV (comma-separated values) file (Excel and LibreOffice Calc both can import and export CSV (comma-separated values) files) .
• "join -t',' -1 2 -2 3 FILE1 FILE2" join sorted files on column 2 of file 1 and column 3 of file 2, assuming tabular input with commas separating columns. Files have to be sorted on the common join column. The join is like an inner join in SQL (structured query language).
• "uniq FILE" delete duplicate lines in sorted input file. Only one line for each set of duplicates is kept. Only works on text files.
• "uniq -c FILE" delete duplicate lines and prepend each line with the number of lines in the set of duplicates.
• "tr a A FILE" replace all "a"s with "A"s in the input file and output result. Only works on text files.
• "tr -d a FILE" delete all "a"s in the input file and output result. Can be used to delete line breaks.
• "xxd FILE" read file and output a hexdump of it. Useful for inspecting binary/non-text files.
• "tsort FILE" produce a total ordering based on a given partial ordering. A bit difficult to understand, but still useful to know this exists.
• "tac FILE" output the lines in the given file in reverse order. Only works for text files.
• "cat FILE" simply output the given file.
• "cat FILE1 FILE2" output file1, then file2.
• "split -l42 FILE PREFIX" split the given file into chunks of 42 lines each, write the chunks into files whose names start with the given prefix.
• "rev FILE" output the given file with the characters in every line reversed. Only works for text files.
• "nl FILE" output the given file with the line number prepended to every line.
• "cut -f2 -d',' FILE" output column 2 of the given file, assuming tabular input with commas separating columns. A bit like SQL (structured query language)'s SELECT.
• "cut -f2,4 -d',' FILE" output column 2 and 4 of the given file.
• "paste FILE1 FILE2" output line 1 from file 1, then line 1 from file 2, and repeat for all lines.
• "head -n42 FILE" output the first 42 lines of the given file.
• "head -n-42 FILE" output all but the last 42 lines of the given file.
• "tail -n42 FILE" output the last 42 lines of the given file.
• "tail -n+42 FILE" output all but the last 42 lines of the given file.
• "xdelta delta FILE1 FILE2 FILE3" works like diff, but for binary/non-text files. the difference between file 2 and file 1 is stored in file 3.
• "xdelta patch FILE" works like patch, but for binary/non-text files.
• "sed -e 's/KEYWORD/REPLACEMENT/' FILE" replace the first occurrence of the given keyword with the given replacement in every line of the given file and output the result.
• "grep KEYWORD FILE" search for the given keyword in the given file and output every line that contains the keyword.
• "grep -v KEYWORD FILE" output all lines that don't contain the keyword.
• "grep -l KEYWORD FILE" search for the given keyword in the given file, but only return the file name if a match was found.
• "grep -rl KEYWORD" search in all files in the current folder and all subfolders and output all paths of files with a match.
• "grep -rIl KEYWORD" the same, but skip all binary files completely.
• "agrep -2 KEYWORD FILE" like grep, but allow for up to two errors per match, enabling approximate matching. E.g., allowing two errors enables a match between "pear" and "pair".
• "cat FILE|grep KEYWORD|sed -e 's/ .*$//'|sort|uniq -c|sort -g" output from the given file all lines with the given keyword, remove from all those lines everything from the first space to the end of the line, sort all lines, count the number of duplicates, sort the lines so that the most common line comes last and then output all that. Useful for scanning a logfile for certain events and then outputting the most common IP addresses causing those events, assuming the IP address is the beginning of every line and ends with a space. Just an example of how to combine these commands.
• The commands sort, join, uniq, cut, paste, head, tail, cat, rev, nl, sed give you some of the power of SQL (structured query language) (for CSV (comma-separated values) files) if you want some spreadsheet/relational database stuff done quickly and dirtily without setting up a database. But don't try to build anything longer than 10 lines of shell script out of it, there are proper databases for that.
strace,ltrace
watch what your processes are doing: strace,ltrace
watch what your processes are doing
• "strace -p PROCESS_ID" watch all system calls of given process in realtime.
• "strace COMMAND" execute given command and attach to that process for observation.
• "ltrace -p PROCESS_ID" watch all library calls of given process in realtime.
reset,showkey,xev,locale,tty,loadkeys,luit
set up your terminal: reset,showkey,xev,locale,tty,loadkeys,luit
set up your terminal
• "reset" after you output some binary data on your terminal, it may happen that everything looks fucked up, garbled. Executing "reset" will fix that and make your terminal usable again. But you'll have to type this blind, because the output of the terminal is already broken.
• "showkey -a" Start typing and see the keycodes for all keys you hit.
• "xev" Something similar, but for X Window System. Shows not just key events, but also mouse events.
• "locale" Show in what locale your terminal is running. If letters show up wrong, the wrong locale could be the culprit.
• "tty" Show the terminal device of the current shell.
• "loadkeys KEYMAP" If the wrong characters show up on your screen, try loading the right keymap, e.g. "loadkeys en" for an English keymap.
• "luit -encoding ISO-8859-1 ssh USER@HOST" If loading the right locale or keymap fails for some reason, maybe try luit for converting text encoding on the fly, in this case for connecting to a remote computer.
tee,gzip,zcat,bzip2,bzcat,lzop,nc,socat,script,watch,dd,ddrescue,tar,dar,basename,wget,curl,printf,xargs
miscellaneous: tee,gzip,zcat,bzip2,bzcat,lzop,nc,socat,script,watch,dd,ddrescue,tar,dar,basename,wget,curl,printf,xargs
miscellaneous
• "cat FILE1 | tee FILE2" read a file from standard input (in this case that would be the file 1) and output it again (like "cat" would) , but also store a copy in file 2. This allows you to split a data stream into two, like a T-intersection (that's where the name comes from) .
• "gzip FILE" compress the given file, delete the original.
• "zcat FILE" like cat, but decompress the file before outputting it (the original file remains unchanged) . can decompress only what was compressed with gzip.
• "bzip2 FILE" compress the given file, delete the original. Better, slower compression algorithm, especially for text.
• "bzcat FILE" like zcat, but for bzip2-compressed files.
• "lzop FILE" like gzip, but muuuuch faster. Slightly worse compression.
• "nc HOST PORT" netcat, like telnet, but netcat can do far more.
• "nc -u HOST PORT" like above, but send UDP (user datagram protocol) instead of TCP (transmission control protocol).
• "nc -l -p PORT" instead of opening a connection, listen for TCP (transmission control protocol) connections on given port. If someone sends something to this port, netcat will output it, but keep listening.
• "socat" similar to netcat, but far more powerful.
• "script FILE" start a shell, make a transcript of everything that happens in that shell and write it to the given file until the shell exits.
• "watch COMMAND" execute the given command once every two seconds and clear the screen between calls.
• "watch ls -l FILE" as an example, with this you can watch a file. Pretty boring if nothing happens, but useful to watch a download while it's still going.
• "dd if=FILE1 of=FILE2" read from file 1 and write to file 2.
• "dd if=DEVICE of=FILE" read from the given block device and write to the given file.
• "dd if=DEVICE bs=512 count=1000 of=FILE" write only the first 1000 blocks of 512 bytes each.
• "dd if=DEVICE1 bs=512 of=DEVICE2" read from first device, write to the second, write in blocks of 512 bytes each. Probably the most common usage. But careful, this can destroy all data on device 2.
• "ddrescue FILE1 FILE2" similar to dd, but much better, because it doesn't just ignore errors. When ddrescue encounters read errors, it tries again many times, but first will try to copy all blocks that can be read with no error and then come back to the troublemakers. The point is to rescue data from a partially broken drive that might die soon.
• "tar -cf archive.tar FILE1 FILE2" pack both file 1 and file 2 into file archive.tar. Files and metadata are preserved, but no compression takes place. The original files are not changed. The purpose is making backups, but it can be used for other purposes.
• "tar -xf archive.tar" extract all files contained in archive.tar. archive.tar is not changed.
• "tar -tf archive.tar" list the contents of archive.tar.
• "tar -czf archive.tar.gz FILE1 FILE2" like running "tar -cf archive.tar FILE1 FILE2" and then running "gzip archive.tar".
• "dar" a more modern and feature-complete alternative for tar.
• "basename FILENAME EXTENSION" remove leading directories and given extension from given file name.
• "wget URL" download/spider from given URL with HTTP (hypertext transfer protocol), optionally with recursion.
• "curl URL" alternative for wget.
• "printf 'ITEM1 ITEM2 ITEM3'|xargs COMMAND" execute given command once for each item read from standard input (3 items in this example) . The real power of this comes from the fact that the items in standard input can be produced as the output of some other command.
• "find ... -print0|xargs -0 COMMAND" the bestest way to handle file names containing characters like spaces, line breaks, etc. which are allowed by Linux, but are used only by idiots. find can output the file names as null-terminated strings and xargs is one of the few programs that can actually process null-terminated strings as input.
expect,at,batch,crontab
automation: expect,at,batch,crontab
automation
• "expect". to quote the manual: Expect is a program that "talks" to other interactive programs according to a script. The important part is the "interactive programs", because they are usually not that easy to automate.
• "echo wall hi everyone|at now + 10 hours" run a command in 10 hours. in this case a message to every logged in user (don't do that, it's annoying) .
• "echo tar -cf /b/backup.tar /impor/tant/file|batch" runs a backup as soon as the computer isn't too busy.
• "crontab -l" list all regularly executed scripts for the current user.
• "crontab -e" edit the list of those scripts.
• "man 5 crontab" explains how a crontab entry is supposed to look. An example line would be "55 5 * * * /usr/bin/wall wakey wakey. the early bird catches the worm.", which annoys everyone at 5:55 in the morning every day. You could run a daily backup every day after midnight, a weekly backup every sunday and a monthly backup every second saturday of the month.
qemu,qemu-img,virtualbox
virtualization: qemu,qemu-img,virtualbox
virtualization
• "qemu". A tool for starting and stopping virtual machines.
• "qemu-img". A tool for managing virtual hard disks for usage with Qemu virtual machines.
• "virtualbox". A commercial (free for personal use) alternative to Qemu that has the advantage of being cross-platform.
nm,ldd,lsof,lsmod,modinfo,objdump,readelf,addr2line,c++filt
working with binary files: nm,ldd,lsof,lsmod,modinfo,objdump,readelf,addr2line,c++filt
working with binary files
• "nm BINARY" Show symbols in the symbol table of given binary file.
• "ldd BINARY" Show against which shared libraries (DLLs in Windows parlance) the given binary is linked and where/whether these libraries have been found. Also tells you whether the binary uses shared libraries at all.
• "lsof -p PID" Show which files the process with the given process ID currently has opened.
• "lsmod" Show loaded kernel modules.
• "modinfo MODULE" Show information about given kernel module.
• "objdump BINARY" Show detailed human-readable information about different sections within given binary file.
• "readelf BINARY" Similar to objdump.
• "addr2line" convert addresses into file names and line numbers.
• "c++filt" can demangle C++ symbol names. C++ functions are complex enough and their name resolution depends on more than just the name, so that additional information has to be stored in the symbols for successful resolution. That makes them pretty much unreadable. c++filt can turn them back into human-readable stuff. for example, if "nm foo" outputs the symbol _ZNKSt5ctypeIcE9do_narrowEcc, "c++filt _ZNKSt5ctypeIcE9do_narrowEcc" will turn that into the human-readable "std::ctype<char>::do_narrow(char, char) const". This is particularly useful if your program dies with a stack dump, but the dump contains only mangled symbol names.
ldconfig
dynamic linker problems: ldconfig
dynamic linker problems
• "ldconfig" If your dynamic linker has trouble finding a shared library, this tool might help.
nasm,gdb,ddd
assembly, debugging: nasm,gdb,ddd
assembly, debugging
• "nasm" The standard assembler for Linux. In case C is too high-level for your taste.
• "gdb" Interactive debugger. A must if you want to find bugs.
• "ddd" Graphical frontend for gdb.
bc
math: bc
math
• "bc" A CLI (Command Line Interface) calculator.
id,users,groups,adduser,useradd,usermod,passwd
user management: id,users,groups,adduser,useradd,usermod,passwd
user management
• "id" Show your user ID.
• "users" List names of currently logged in users.
• "groups" Show in which user groups you are.
• "adduser NAME" Create new user with given name.
• "useradd NAME" Same, but low-level. Creates just the user. Better use adduser.
• "usermod" Add/Remove user to/from user groups, lock/unlock user, change login shell, stuff like that.
• "passwd" Change your password. If you're root, you can also change the password of other users.
cryptmount-setup,cryptmount,cryptsetup,ssss
encrypted devices: cryptmount-setup,cryptmount,cryptsetup,ssss
encrypted devices
• "cryptmount-setup" Set up encrypted device.
• "cryptmount" Mount/Unmount encrypted file systems.
• "cryptsetup" Open/Close plain encrypted devices.
• "ssss" Allows splitting a password into smaller parts that can be shared such that a minimum number of shares is necessary to restore the original.
git
version control: git
version control
• "git init ." Initialize a git repository in the current directory.
• "git add FILE" Add given file to git repository. Staging only, still needs a commit.
• "git commit" Commit all files that have been added before. The commit is an immutable/read-only copy of everything that was added, preserved for eternity.
• "git log" Show list of all commits in current branch of this git repository.
• "git status" Show all files that have been changed and all files that have been staged for commit.
• "git checkout COMMIT" Check out given commit.
• "git clone PATH ." Clone git repository at given path to this directory.
install
set up software: install
set up software
• "install" improved version of "cp". Not really needed any more thanks to package managers like dpkg, rpm, and so on. But if you want just a shell script to install your homegrown software, this can help.
chmod,chown,chgrp,lsattr,chattr
manage file attributes: chmod,chown,chgrp,lsattr,chattr
manage file attributes
• "chmod a+x FILE" make given file executable for everyone.
• "chmod o-r FILE" make given file unreadable for "other" users.
• "chmod u+w FILE" make given file writable for the owner.
• "chown USER FILE" change owner of given file to given user. Only root can do that.
• "chgrp GROUP FILE" change group of given file to given group.
• "lsattr FILE" list attributes of given file.
• "chattr FILE" change attributes of given file.
• "ls -Z FILE" print SELinux context of given file.
getenforce,setenforce
SELinux: getenforce,setenforce
SELinux
• "getenforce" Check whether it's active.
• "setenforce" Enable/disable it.
openssl
SSL/TLS certificates and SSL/TLS-encrypted connections: openssl
SSL/TLS certificates and SSL/TLS-encrypted connections
• "openssl x509 -in CERT.pem -noout -text" Display content of given certificate file.
• "openssl rsa -in KEY.pem -noout -text" Display content of given private RSA (Rivest, Shamir, Adleman public key cryptography) key.
• "openssl rsa -in KEY.pem -noout -modulus" Display modulus of given private RSA (Rivest, Shamir, Adleman public key cryptography) key for quick comparison with certificate.
• "openssl genrsa -out KEY.pem 2048" Generate private RSA (Rivest, Shamir, Adleman public key cryptography) key with 2048 bits and store in given file.
• "openssl req -new -key KEY.pem -out REQUEST.csr.pem" Generate certificate signing request for given private key.
• "openssl req -in REQUEST.csr.pem -days 365 -x509 -key KEY.pem -out CERT.pem" Generate self-signed certificate with the given CSR (certificate signing request), valid for 365 days.
• "openssl s_client -connect HOST:PORT" Open SSL connection to given computer and port. After successful connection, it's basically like telnet.
• "openssl s_client -servername SERVERNAME -connect HOST:PORT" Like above, but also set name for SNI (server name indication), in case you need to specify the remote computer via its IP address or you want to see the certificate for a different virtual host or you have to debug SNI (server name indication) issues.
• "openssl s_client -noservername -connect HOST:PORT" Like above, but don't use SNI (server name indication).
• "openssl s_client -CA (certificate authority)path DIRECTORY -connect HOST:PORT" Like above, but look for your CA (certificate authority) certificates in the given directory.
• "openssl s_client -starttls smtp -connect HOST:PORT" Like above, but use STARTTLS instead of encrypting immediately. Make sure the port number matches the selected protocol.
• "openssl s_client -cipher ECDHE-RSA (Rivest, Shamir, Adleman public key cryptography)-RC4-SHA -connect HOST:PORT" Like above, but force usage of given cipher if possible. Connection will fail if server doesn't support cipher IIRC (If I remember correctly). Useful for debugging whether a specific cipher actually works (some admins are in the habit of disabling certain ciphers without really understanding why) .
• "openssl s_client -ssl3 -connect HOST:PORT" Like above, but force SSL3.0 connection, if the server supports it.
• "openssl s_client -showcerts -connect HOST:PORT" Like above, but display certificates sent by server.
• "openssl s_server" The counterpart to s_client, i.e. the SSL/TLS server.
dot,twopi,circo,sfdp,gvpr
Automatically drawing graphs. Incredible useful for displaying anything that can be understood as a graph (like your filesystem, a dependency structure or the includes in your source code) : dot,twopi,circo,sfdp,gvpr
Automatically drawing graphs. Incredible useful for displaying anything that can be understood as a graph (like your filesystem, a dependency structure or the includes in your source code) .
• 'printf "digraph test { a -> b -> c; a -> c }"|dot|dot -Tpng > FILE.png' Run small directed graph through graph layout algorithm and paint graph to given PNG (portable network graphics) file.
• 'printf "digraph test { a -> b -> c; a -> c }"|twopi|dot -Tpng > FILE.png' Like above, but uses a different graph layout algorithm.
• 'printf "digraph test { a -> b -> c; a -> c }"|circo|dot -Tpng > FILE.png' Like above, but uses a different graph layout algorithm.
• 'printf "graph test { a -- b -- c; a -- c }"|sfdp|dot -Tpng > FILE.png' Like above, but uses a different graph layout algorithm. Does not work for directed graphs.
• 'gvpr' graph pattern scanning and processing language. So that you don't have to write your graphs manually.
nice,renice,ionice
Being resource-friendly: nice,renice,ionice
Being resource-friendly.
• "nice COMMAND" Run given command with reduced CPU (central processing unit) priority, so that it doesn't hog resources needed by high priority processes like your GUI (graphical user interface), your shell, etc. .
• "renice -pid PROCESS_ID" Change CPU (central processing unit) priority of given running process. Don't increase priority to the max value, you could lock up your system.
• "ionice COMMAND" Run given command with reduced I/O priority, so that it doesn't bother your slow hard disk too much. Particularly useful for long-running processes like backups.
zpool,zfs,arc_summary
ZFS tools: zpool,zfs,arc_summary
ZFS tools
• "zpool status DEVICE" Show status of given ZFS device.
• "zpool create test mirror DEVICE0 DEVICE1" Create mirrored (like RAID1) ZFS device.
• "zpool import DEVICE1" Import given ZFS device. Don't get confused, it's essentially just mounting the device.
• "zpool list" List all ZFS devices.
• "zpool get all DEVICE" Show all properties of given device.
• "zfs list" List all ZFS filesystems (a single ZFS device can have more than one) .
• "zfs list -t snapshot DEVICE" List all snapshots on given ZFS device.
• "zfs set PROPERTY DEVICE" Change property of given ZFS device.
• "zfs create DEVICE/FILESYSTEM" Create new filesystem on given ZFS device.
• "zfs snapshot DEVICE@SNAPSHOT" Create new filesystem on given ZFS device.
• "zfs unmount DEVICE" Unmount filesystems of given ZFS device.
• "arc_summary" Show information about ZFS's cache.

Written by the author; Date 20.01.2026; Updated 17.02.2026; © 2026 spinningsphinx.com