Appendix. A chapter-by-chapter, command-line review
1. Welcome to Linux
ls -lh /var/log—Lists the contents and full, human-friendly details of the /var/log/ directory.
cd—Returns you to your home directory.
cp file1 newdir—Copies a file called file1 to the directory called newdir.
mv file? /some/other/directory/—Moves all files containing the letters file and one more character to the target location.
rm -r *—Deletes all files and directories below the current location—use with great care.
man sudo—Opens the man documentation file on using sudo with commands.
2. Linux virtualization: Building a Linux working environment
apt install virtualbox—Uses apt to install a software package from a remote repository.
dpkg -i skypeforlinux-64.deb—Directly installs a downloaded Debian package on a Ubuntu machine.
wget https://example.com/document-to-download—A command-line program that downloads files.
dnf update—or yum update or apt update—Synchronizes the local software index with what’s available from online repositories.
shasum ubuntu-16.04.2-server-amd64.iso—Calculates the checksum for a downloaded file to confirm that it matches the provided value, meaning that the contents haven’t
been corrupted in transit.
vboxmanage clonevm Kali-Linux-template --name newkali—Uses the vboxmanage tool to clone an existing VM.
lxc-start -d -n mycont—Starts an existing LXC container.
ip addr—Displays information on each of a system’s network interfaces (including their IP addresses).
exit—Leaves a shell session without shutting down the machine.
dpkg -s ssh—Checks the status of an Apt-based software package.
systemctl status ssh—Checks the status of a system process (systemd).
systemctl start ssh—Starts a system process.
ip addr—Lists all the network interfaces on a computer.
ssh-keygen—Generates a new pair of SSH keys.
$ cat .ssh/id_rsa.pub | ssh [email protected] "cat >> .ssh/authorized_keys"—Copies a local key, and pastes it on a remote machine.
ssh -i .ssh/mykey.pem [email protected]—Specifies a particular key pair.
scp myfile [email protected]:/home/ubuntu/myfile—Safely copies a local file to a remote computer.
ssh -X [email protected]—Logs in to a remote host for a graphics-enabled session.
ps -ef | grep init—Displays all currently running system process, and filters results by the string init.
pstree -p—Displays all currently running system processes in a visual tree format.
4. Archive management: Backing up or copying entire file systems
df -h—Displays all currently active partitions with sizes shown in a human readable format.
tar czvf archivename.tar.gz /home/myuser/Videos/*.mp4—Creates a compressed archive from video files in a specified directory tree.
split -b 1G archivename.tar.gz archivename.tar.gz.part—Splits a large file into smaller files of a set maximum size.
find /var/www/ -iname "*.mp4" -exec tar -rvf videos.tar {} ;—Finds files meeting set criteria, and streams their names to tar to include in an archive.
chmod o-r /bin/zcat—Removes read permissions for the username others.
dd if=/dev/sda2 of=/home/username/partition2.img—Creates an image of the sda2 partition, and saves it to your home directory.
dd if=/dev/urandom of=/dev/sda1—Overwrites a partition with random characters to obscure the old data.
#!/bin/bash—The so-called “shebang line” that tells Linux which shell interpreter you’re going to be using for a script.
||—Inserts an “or” into a script, meaning either the command to the left is successful or execute the command to the right.
&&—Inserts an “and” into a script, meaning if the command to the left is successful, execute the command to the right.
test -f /etc/filename—Tests for the existence of the specified file or directory name.
chmod +x upgrade.sh—Makes a script file executable.
pip3 install --upgrade --user awscli—Installs the AWS command-line interface using Python’s pip package manager.
aws s3 sync /home/username/dir2backup s3://linux-bucket3040—Synchronizes the contents of a local directory with the specified S3 bucket.
21 5 * * 1 root apt update && apt upgrade—A cron directive that executes two apt commands at 5:21 each morning.
NOW=$(date +"%m_%d_%Y")—Assigns the current date to a script variable.
systemctl start site-backup.timer—Activates a systemd system timer.
6. Emergency tools: Building a system recovery device
sha256sum systemrescuecd-x86-5.0.2.iso—Calculates the SHA256 checksum of a .ISO file.
isohybrid systemrescuecd-x86-5.0.2.iso—Adds a USB-friendly MBR to a live-boot image.
dd bs=4M if=systemrescuecd-x86-5.0.2.iso of=/dev/sdb && sync—Writes a live-boot image to an empty drive.
mount /dev/sdc1 /run/temp-directory—Mounts a partition to a directory on the live file system.
ddrescue -d /dev/sdc1 /run/usb-mount/sdc1-backup.img /run/usb-mount/sdc1-backup.logfile—Saves files on a damaged partiton to an image named sdc1-backup.img, and writes events to a log file.
chroot /run/mountdir/—Opens a root shell on a file system.
7. Web servers: Building a MediaWiki server
apt install lamp-server^—Ubuntu command that installs all the elements of a LAMP server.
systemctl enable httpd—Launches Apache on a CentOS machine at every system boot.
firewall-cmd --add-service=http --permanent—Permits HTTP browser traffic into a CentOS system.
mysql_secure_installation—Resets your root password and tightens database security.
mysql -u root -p—Logs in to MySQL (or MariaDB) as the root user.
CREATE DATABASE newdbname;—Creates a new database in MySQL (or MariaDB).
yum search php- | grep mysql—Searches for available packages related to PHP on a CentOS machine.
apt search mbstring—Searches for available packages related to multibyte string encoding.
8. Networked file sharing: Building a Nextcloud file-sharing server
a2enmod rewrite—Enables the rewrite module so Apache can edit URLs as they move between a client and server.
nano /etc/apache2/sites-available/nextcloud.conf—Creates or edits an Apache host configuration file for Nextcloud.
chown -R www-data:www-data /var/www/nextcloud/—Changes the user and group ownership of all website files to the www-data user.
sudo -u www-data php occ list—Uses the Nextcloud CLI to list available commands.
aws s3 ls s3://nextcloud32327—Lists the contents of an S3 bucket.
9. Securing your web server
firewall-cmd --permanent --add-port=80/tcp—Opens port 80 to incoming HTTP traffic, and configures it to reload at boot time.
firewall-cmd --list-services—Lists the currently active rules on a firewalld system.
ufw allow ssh—Opens port 22 for SSH traffic using UncomplicatedFirewall on Ubuntu.
ufw delete 2—Removes the second ufw rule as listed by the ufw status command.
ssh -p53987 username@remote_IP_or_domain—Logs in to an SSH session using a nondefault port.
certbot --apache—Configures an Apache web server to use Let’s Encrypt encryption certificates.
selinux-activate—Activates SELinux on an Ubuntu machine.
setenforce 1—Toggles enforcing mode in an SELinux configuration.
ls -Z /var/www/html/—Displays the security context of the files in a specified directory.
usermod -aG app-data-group otheruser—Adds the otheruser user to the app-data-group system group.
netstat -npl—Scans for open (listening) network ports on a server.
10. Securing network connections: Creating a VPN or DMZ
hostname OpenVPN-Server—Sets the command-prompt description to make it easier to keep track of which server you’re logged in to.
cp -r /usr/share/easy-rsa/ /etc/openvpn—Copies the Easy RSA scripts and environment configuration files to the working OpenVPN directory.
./build-key-server server—Generates an RSA key pair set with the name server.
./pkitool client—Generates a client set of keys from an existing RSA key infrastructure.
openvpn --tls-client --config /etc/openvpn/client.conf—Launches OpenVPN on a Linux client using the settings from the client.conf file.
iptables -A FORWARD -i eth1 -o eth2 -m state --state NEW,ESTABLISHED, RELATED -j ACCEPT—Allows data transfers between the eth1 and eth2 network interfaces.
man shorewall-rules—Displays documentation on the rules file used by Shorewall.
systemctl start shorewall—Starts the Shorewall firewall tool.
vboxmanage natnetwork add --netname dmz --network "10.0.1.0/24" --enable --dhcp on—Uses the VirtualBox CLI to create and configure a virtual NAT network with DHCP for VirtualBox VMs.
vboxmanage natnetwork start --netname dmz—Starts a virtual NAT network.
dhclient enp0s3—Requests an IP address for the enp0s3 interface from a DHCP server.
11. System monitoring: Working with log files
Alt-F<n>—Opens a virtual console from a non-GUI shell.
journalctl -n 20—Displays the 20 most recent log entries in the journal.
journalctl --since 15:50:00 --until 15:52:00—Displays only events between the since and until times.
systemd-tmpfiles --create --prefix /var/log/journal—Instructs systemd to create and maintain a persistent journal file rather than one that is destroyed with every boot.
cat /var/log/auth.log | grep -B 1 -A 1 failure—Displays matching lines along with the lines immediately before and after.
cat /var/log/mysql/error.log | awk '$3 ~/[Warning]/' | wc—Searches the MySQL error log for events classified as a Warning.
sed "s/^[0-9]//g" numbers.txt—Removes numbers at the start of each line of a file.
tripwire --init—Initializes the database of a Tripwire installation.
twadmin --create-cfgfile --site-keyfile site.key twcfg.txt—Generates a new encrypted tw.cfg file for Tripwire.
12. Sharing data over a private network
/home 192.168.1.11(rw,sync)—An entry in the NFS server /etc/exports file that defines a remote client share.
firewall-cmd --add-service=nfs—Opens a CentOS firewall for client access to your NFS share.
192.168.1.23:/home /nfs/home nfs—A typical entry in the /etc/fstab file of an NFS client, which loads an NFS share.
smbpasswd -a sambauser—Adds Samba functionality (and a unique password) to an existing Linux user account.
nano /etc/samba/smb.conf—Samba is controlled by the smb.conf file on the server.
smbclient //localhost/sharehome—Logs in to a local Samba share (using the Samba user account).
ln -s /nfs/home/ /home/username/Desktop/—Creates a symbolic link, allowing a user to easily access an NFS share by clicking a desktop icon.
13. Troubleshooting system performance issues
uptime—Returns the CPU load averages over the past 1, 5, and 15 minutes.
cat /proc/cpuinfo | grep processor—Returns the number of system CPU processors.
top—Displays real-time statistics for running Linux processes.
killall yes—Shuts down all running instances of the yes command.
nice --15 /var/scripts/mybackup.sh—Raises the priority of the mybackup.sh script for system resources.
free -h—Displays total and available system RAM.
df -i—Displays the available and total inodes for each file system.
find . -xdev -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n—Counts and displays numbers of files by parent directory.
apt-get autoremove—Removes old and unused kernel headers.
nethogs eth0—Displays processes and transfers data related to network connections using the eth0 interface.
tc qdisc add dev eth0 root netem delay 100ms—Slows all network transfers through the eth0 interface by 100 milliseconds.
nmon -f -s 30 -c 120—Records data from a series of nmon scans to a file.
14. Troubleshooting network issues
ip addr—Lists the active interfaces on a Linux system. May be shortened to ip a or lengthened to ip address; it’s your choice.
lspci—Lists the PCI devices currently connected to your computer.
dmesg | grep -A 2 Ethernet—Searches the dmesg logs for references to the string Ethernet, and displays references along with the subsequent two lines of output.
ip route add default via 192.168.1.1 dev eth0—Manually sets a new network route for a computer.
dhclient enp0s3—Requests a dynamic (DHCP) IP address for the enp0s3 interface.
ip addr add 192.168.1.10/24 dev eth0—Assigns a static IP address to the eth0 interface (doesn’t persist past the next system restart).
ip link set dev enp0s3 up—Starts the enp0s3 interface (useful after editing the configuration).
netstat -l | grep http—Scans a local machine for a web service listening on port 80.
nc -z -v bootstrap-it.com 443 80—Scans a remote website for services listening on port 443 or 80.
15. Troubleshooting peripheral devices
lshw -c memory (or lshw -class memory)—Displays the memory section of a system’s hardware profile.
ls /lib/modules/`uname -r`—Lists the contents of the directory under /lib/modules/ containing modules for your current, active kernel.
lsmod—Lists all active modules.
modprobe -c—Lists all available modules.
find /lib/modules/$(uname -r) -type f -name ath9k*—Searches for a file among the available kernel modules with a name starting with ath9k.
modprobe ath9k—Loads the specified module into the kernel.
GRUB_CMDLINE_LINUX_DEFAULT="systemd.unit=runlevel3.target"—The /etc/ default/grub file loads Linux as multiuser, non-graphic session.
lp -H 11:30 -d Brother-DCP-7060D /home/user/myfile.pdf—Schedules a print job to the Brother printer at 11:30 UTC.
16. DevOps tools: Deploying a scripted server environment using Ansible
add-apt-repository ppa:ansible/ansible—Adds the Debian Ansible software repository to allow apt to install Ansible on an Ubuntu/Debian machine.
ansible webservers -m ping—Tests all the hosts in the webservers host group for network connectivity.
ansible webservers -m copy -a "src=/home/ubuntu/stuff.html dest=/var/www/html/"—Copies a local file to the specified file location on all the hosts in the webservers group.
ansible-doc apt—Displays syntax and usage information on the apt module.
ansible-playbook site.yml—Launches an operation based on the site.yml playbook.
ansible-playbook site.yml --ask-vault-pass—Uses a Vault password to authenticate and perform playbook operations.