Below you can find a list with miscellaneous Linux commands that are not as frequently used as the essential Linux commands listed in this article, but are still very useful in various situations. All commands will work on the latest version of Debian, the majority of them will work on Debian-based distributions such as Ubuntu, Mint, Knoppix, PureOS, Kali, Tails, etc., and some of them will work on all distributions. These commands can be run in a terminal, on a laptop or desktop, but also on a remote VPS or dedicated server, while connected to it via SSH. When you run them, replace the strings in red with your own values.
➤ Show details about the current Linux kernel
cat /proc/version
The output of this command will show the exact version of the kernel, the name and version of the compiler used, the date of compilation, etc.:
Linux version 4.19.0-14-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.171-2 (2021-01-30)
➤ Kill a process directly
First find the PID of the process that you want to kill by using the top
command and looking at the PID column, on the row of the process. If you know the name of the process, you can list its PID by running pgrep processname
. Let’s say that the process has the PID 9524
. To kill it run:
kill 9524
➤ Kill a process telling it to finish what it is doing, then exit
First find the PID of the process that you want to kill by using the top
command, or by running pgrep processname
. If the process has the PID for example 11526
, to tell the process to finish what it is doing and then exit, run:
kill -SIGTERM 11526
➤ Mount a remote directory to a local directory using SSHFS (SSH Filesystem)
SSHFS is a filesystem client that allows mounting remote directories and files over a SSH connection.. First install SSHFS by running apt-get install sshfs
. Then, create a new directory on your local laptop/desktop:
mkdir /mnt/newdir
Next, mount the /path/to/dir
remote directory to the newly created directory:
sshfs -p 6354 username@123.123.123.123:/path/to/dir /mnt/newdir -o allow_other
where 6354
is the SSH port, username
is the name of the user, 123.123.123.123
is the public IP of the remote server and /path/to/dir
is the remote directory.
If you want to mount the remote directory as read only, add the ro
option, like this:
sshfs -p 6354 username@123.123.123.123:/path/to/dir /mnt/newdir -o allow_other -o ro
Please note that if you mount the remote directory as a regular user, you won’t have permission to access all the directories and files of the remote server. If you want to mount the remote directory using the root
user, so as to have permission to see and edit all the remote directories and files, you have to make sure that temporarily, the PermitRootLogin
parameter in the /etc/ssh/sshd_config
file is set to yes
, then restart the SSH service with systemctl restart ssh
.
➤ Send a file via SCP (Secure Copy Protocol) to a remote server
scp -P 6582 /path/to/local/file username@123.123.123.123:/path/to/remote-directory
The -P
option is used to specify the SSH port when it’s different from the default 22. Change 6582
to your actual SSH port. username
is the user that can log in via SSH to the remote server, 123.123.123.123
is the public IP of the remote server, and /path/to/remote-directory
is the remote directory where you want to transfer the file.
➤ Override systemd service files without modifying them directly
If you want to modify a systemd service without editing it directly, in order to avoid loosing your changes on future updates, you can create a service file that will override the original service file. To do so, run:
systemctl edit servicename.service
This command creates the /etc/systemd/system/servicename.service.d
directory and the override.conf
file inside that directory. The settings inside override.conf
override the settings in the original servicename.service
file located in the /lib/systemd/system
directory or in the /etc/systemd/system
directory.
➤ Generate HTTP authentication passwords
First install the apache2-utils
package, which contains the htpasswd
tool:
apt-get install apache2-utils
Then, create the directory to hold the password files (it’s assumed that you use Nginx as a web server, and not Apache):
mkdir /etc/nginx/htpass
Next, if you want to generate a password for HTTP authentication for the user john
, run:
htpasswd -c /etc/nginx/htpass/passwd john
Change passwd
with your desired name for the password file, and john
with the username for which you want to generate the password. The command from above will prompt you to type and retype a password for the user john
and will create a file called passwd
in which it will store the username followed by the password, hashed with the default MD5 algorithm. The content of the file will look similar to this:
john:$dae1$dNqvAUPd$JBOs/szkb5MAkN94/sNGm2
Don’t forget to restrict permissions for the password file (400 permissions should be enough).
To add the credentials for a new user tom
to the /etc/nginx/htpass/passwd
file, you should run a similar command but without the -c
option, because the file has been already created:
htpasswd /etc/nginx/htpass/passwd tom
➤ Find all the files with the setUID bit set, inside a specific directory and its subdirectories
find /path/to/directory -type f -perm /4000
➤ Find all the directories with the setGID bit set, inside a specific directory and its subdirectories
find /path/to/directory -type d -perm /2000
➤ Find all the directories with the sticky bit set, inside a specific directory and its subdirectories
find /path/to/directory -type d -perm /1000
➤ Mark a package as ‘automatically installed’
apt-mark auto packagename
When a package is marked as ‘automatically installed’, this will cause the package to be removed with the apt-get autoremove
command, if there are no other packages that depend on it. This command can be used for example if you accidentally reinstall a package that has been already installed as a dependency, by other package. When you reinstall it accidentally, it will be marked as ‘manually installed’ and because of this, it will be left behind when you will uninstall the package that needs it as a dependancy and you will use the apt-get autoremove
command. To be able to remove it with the apt-get autoremove
command when no other packges depend on it, you can mark it as ‘automatically installed’ with the command from above.
➤ Mark a package as ‘manually installed’
apt-mark manual packagename
When a package is marked as being ‘manually installed’, this will prevent the package from being automatically removed with the apt-get autoremove
command when no other packages depend on it. When a package is installed as a dependancy by other package, it is marked as ‘automatically installed’. This means that when you uninstall the package that needs it as a dependancy, you can use the apt-get autoremove
command to uninstall it automatically. However, if you want it to remain installed even after uninstalling the package that depends on it and after running apt-get autoremove
, you can mark it as ‘manually installed’ with the command from above.
➤ Verify the integrity of the /etc/passwd file and its corresponding shadow file
pwck
This command verifies the integrity of the users and authentication information. It checks that all the entries in the /etc/passwd
and /etc/shadow
files have the proper format and contain valid data. The user is prompted to correct the entries that are improperly formatted or have other errors.
Please note that the pwck
command complains about a series of home directories that it can’t find. Ignore the following messages, because they don’t indicate real problems:
user 'lp': directory '/var/spool/lpd' does not exist
user 'news': directory '/var/spool/news' does not exist
user 'uucp': directory '/var/spool/uucp' does not exist
user 'list': directory '/var/list' does not exist
user 'irc': directory '/var/run/ircd' does not exist
user 'gnats': directory '/var/lib/gnats' does not exist
user 'nobody': directory '/nonexistent' does not exist
user '_apt': directory '/nonexistent' does not exist
user 'messagebus': directory '/nonexistent' does not exist
user 'openvpn_server': directory '/home/openvpn_server' does not exist
user 'mysql': directory '/nonexistent' does not exist
user 'memcache': directory '/nonexistent' does not exist
user 'dovenull': directory '/nonexistent' does not exist
user 'policyd-spf': directory '/nonexistent' does not exist
user 'spamass-milter': directory '/var/lib/spamass-milter' does not exist
user 'lool': directory '/home/lool' does not exist
pwck: no changes
➤ Verify the integrity of the /etc/group file and its corresponding gshadow file
grpck
➤ Remove the deb archives of packages that are no longer installed on the system, from the package cache
apt-get autoclean
This command removes all the deb
archives of the packages that are no longer installed on the system, from the /var/cache/apt/archives
directory.
➤ Remove all the packages from the package cache
apt-get clean
This command removes all the packages from the package cache, which means all the packages saved in the /var/cache/apt/archives
and /var/cache/apt/archives/partial
directories. It only leaves the /var/cache/apt/archives/lock
file in place.
➤ Restart the networking service
systemctl restart networking
➤ Find the default gateway of the system
route -n
The output of this command will look similar to this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 123.123.123.1 0.0.0.0 UG 0 0 0 ens3
123.123.123.1 0.0.0.0 255.255.255.255 UH 0 0 0 ens3
The default gateway will be listed in the ‘Gateway’ column, on the row with the ‘Destination’ 0.0.0.0
. In this case it’s 123.123.123.1
.
➤ Enable mouse support in nano, so that you can place the cursor where you click
To enable mouse support press Alt + m
. To disable it, press Alt + m
again.
Please note that while the mouse support is enabled, you cannot select text by clicking and then dragging with the mouse.
➤ Get a list with all the installed systemd units together with their status
systemctl list-unit-files
➤ Get the list with the installed kernels
dpkg --list | grep linux-image
➤ Check the version of an installed package
dpkg -s packagename | grep Version
➤ Get hardware information from the BIOS
dmidecode
➤ Get hardware information with the lshw command
First install the lshw
utility with apt-get install lshw
, then run:
lshw
➤ Get information about the CPU with the lscpu command
lscpu
➤ Get the current CPU frequency
watch -n 0 "lscpu | grep 'MHz'"
To get out of the command’s output window, press Ctrl + c
.
➤ Get the CPU average load
uptime
The output of this command will look similar to this:
15:56:28 up 82 days, 10:20, 1 user, load average: 0.00, 0.03, 0.00
15:56:28
– this is the system’s current time displayed as hour:minute:second.up 82 days, 10:20
– this shows how long the system has been running (the ‘uptime’) in days, hours and minutes.1 user
– this shows how many users are currently logged on.load average: 0.00, 0.03, 0.00
– this indicates the system’s load averages for the past 1, 5, and 15 minutes respectively.
➤ Get the available storage space
df -h
The output of this command will look similar to this:
Filesystem Size Used Avail Use% Mounted on
udev 3.8G 0 3.8G 0% /dev
tmpfs 779M 81M 699M 11% /run
/dev/sda1 49G 3.8G 42G 8% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
The available storage space is listed on the lines beginning with /dev
, in the Avail
column. The total space is listed in the Size
column. In the example from above, the total storage space is 49 GiB
, of which 42 GiB
is free.
➤ Get the current RAM usage
vmstat -s
The output of this command will look similar to this:
7975668 K total memory
1934832 K used memory
2765744 K active memory
1044088 K inactive memory
3621604 K free memory
132400 K buffer memory
2286832 K swap cache
...
The most important data is the ‘total memory’ (7975668 KiB
) and the ‘used memory’ (1934832 KiB
).
➤ Test SSD/hard disk read speed
First install hdparm
:
apt-get install hdparm
Then, get the name of the storage device that you want to test, by running the df -h
command. The storage device can be /dev/sda1
, /dev/sda2
, /dev/vda1
, etc. If the device is /dev/sda1
, to test its read spead, run:
hdparm -tT /dev/sda1
The result of this command will be similar to this:
/dev/sda1:
Timing cached reads: 15620 MB in 1.99 seconds = 7849.76 MB/sec
Timing buffered disk reads: 894 MB in 3.01 seconds = 297.44 MB/sec
The actual read speed is the one listed in ‘Timing buffered disk reads’. In this example the read speed is 297.44 MB/sec
. It’s recommended to run the command from above multiple times, since the result can vary from one run to the other because of different factors that influence disk read speed.
➤ Test SSD/hard disk write speed
First, get the name of the storage device that you want to test, by running the df -h
command. The storage device can be /dev/sda1
, /dev/sda2
, /dev/sdb1
, etc. If the device is /dev/sda1
, to test its write spead, run:
sync ; time sh -c "dd if=/dev/sda1 of=/tmp/testfile bs=10k count=1k && sync" ; rm /tmp/testfile
The output of this command will look similar to this:
1024+0 records in
1024+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0.0241044 s, 435 MB/s
real 0m0.055s
user 0m0.006s
sys 0m0.020s
The actual write speed is the one listed at the end of the third line of the output, 435 MB/s
in this example. It’s recommended to run the command from above multiple times, since the result can vary from one run to the other because of different factors that influence disk write speed.
The command shown above writes a file called testfile
in the /tmp
directory and measures that time needed to complete this task, then removes the /tmp/testfile
file. If your system has multiple storage devices, let’s say two storage devices: /dev/sda1
and /dev/sdb1
, for the command to succeed, you have to make sure that the test file is written on the storage device that you are testing. If you want to test the /dev/sdb1
device and the operating system (with the /tmp
directory) is installed on /dev/sda1
, the command from above won’t succeed, because the /tmp/testfile
file will be written on the /dev/sda1
device. Therefore, you will have to run the command so that it will write the test file on the second storage device, like this:
sync ; time sh -c "dd if=/dev/sdb1 of=/path/to/testfile bs=10k count=1k && sync" ; rm /path/to/testfile
➤ Check the file system type
df -T -h
The output of this command will look like this:
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs tmpfs 779M 81M 699M 11% /run
/dev/sda1 ext4 49G 3.8G 42G 8% /
tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
The file system type is listed in the Type
column.
➤ Update the ClamAV virus definitions
freshclam
Scan all the files and subdirectories inside a directory with the clamdscan command and save the scan report to a file
clamdscan --fdpass --quiet /path/to/directory -l /path/to/report.txt
--fdpass
– pass the file descriptor permissions to clamd
so as to avoid errors if clamd
is running as a different user than the owner of the directories that are scanned.--quiet
– run in quiet mode. Only show the error messages./path/to/directory
– this is the path to the directory to be scanned.
– write the scan report to the
-l /path/to/report/path/to/report.txt
file.
To scan multiple directories, add them one after the other, separated by a single space.
If you want to also remove the files that are found, you can add --remove
after --fdpass
, but this is dangerous. You won’t be able to check if the detected files are false positives, because they will be deleted the very moment they will be found.
➤ Scan all the files and subdirectories inside a directory with the clamscan command and list all the scanned files
clamscan -r /path/to/directory
To scan multiple directories, add them one after the other separated by a single space.
➤ Scan all the files and subdirectories inside a directory with the clamscan command and list only the infected files
clamscan -ir /path/to/directory
➤ Scan all the files and subdirectories inside a directory with the clamscan command and generate a report with the paths to all infected files
clamscan -r /path/to/directory | grep FOUND >> /path/to/report.txt
➤ Test the Internet speed
First download the speedtest.py
script, whose official GitHub repository is here, to the /tmp
directory, saving it as speedtest
:
cd /tmp
wget -O speedtest https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
Then move the script to the /usr/local/bin
directory:
mv speedtest /usr/local/bin
Change ownership and permissions:
chown root:root /usr/local/bin/speedtest
chmod 755 /usr/local/bin/speedtest
Create a symlink from /usr/bin/python3
to /usr/bin/python
:
ln -s /usr/bin/python3 /usr/bin/python
From now on, you can test the Internet data transfer speed by running:
speedtest
The output of the command will be similar to this:
Retrieving speedtest.net configuration...
Testing from ... (123.123.123.123)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ... [152.54 km]: 32.489 ms
Testing download speed................................................................................
Download: 100.64 Mbit/s
Testing upload speed................................................................................................
Upload: 102.78 Mbit/s
In this example, the download speed is 100.64 Mbit/s
and the upload speed is 102.78 Mbit/s
. As you can see, to test the Internet speed, the speedtest
script uses the servers offered by speedtest.net, a well-known provider of network speed testing services.
Once you have the speedtest script installed as described above, you can get the list of all the available speedtest.net servers around the world, by running:
speedtest --list | more
This command will output a long list of servers located in different regions of the world, each server on a new line. Each line begins with a number associated with that respective server. You can use a server’s number to test the Internet speed to that server. For example, if you want to test the speed to the server that is listed as:
3156) Plexicomm, LLC (Binghamton, NY, United States) [1256.84 km]
you have to run:
speedtest --server 3156
➤ List the content of iptables
If for whatever reason, you don’t want to manage the firewall using UFW (Uncomplicated Firewall), you can modify the iptables directly.
iptables is a firewall utility that is preinstalled in all major Linux distributions. It allows users to configure specific rules that are enforced by the kernel’s netfilter framework. Network traffic is made up of data packets. iptables tries to match each data packet crossing the network interface against a set of rules, to decide what to do with them. iptables uses several tables (files containing similar actions), which are made up of chains (sets of rules). A rule is a statement that tells the system what to do with a data packet. A target is a decision of what to do with a data packet. The target can be:
- ACCEPT – the packet that comes through the iptables firewall is accepted.
- DROP – the packet is dropped and is not matched against any further rule. When the packet is dropped, the system trying to connect will not receive any error message.
- RETURN – the packet is sent back to the originating chain, so that it can be matched against other rules.
- REJECT – the packet is rejected and an error message is sent to the connecting device.
The most frequently used table is the filter table which has 3 default chains: Input, Output, Forward. New chains can be added to the default ones.
To list all the chains and rules of the filter table of iptables, run:
iptables -L
You can list all the chains and rules of the filter table of ip6tables similarly:
ip6tables -L
If you want to list all the rules with line numbers, run:
iptables -L --line-numbers
➤ Open a port in the firewall for incoming traffic, using the iptables command
To open the 3415
port in the firewall for incoming traffic over TCP, run:
iptables -A INPUT -p tcp --dport 3415 -j ACCEPT
A similar command can be run for ip6tables (you just replace iptables
with ip6tables
).
Please note that the -A
option stands for append and it adds the rule at the end of the specified chain (the INPUT chain in this example). If you want to insert the rule in the specified chain at a given position, let’s say at line number 8
, you should use the -I
option, which stands for insert, like this:
iptables -I INPUT 8 -p tcp --dport 3415 -j ACCEPT
If you use the -I
option and you don’t specify a line number, the rule will be inserted at the top of the chain.
➤ Open a port in the firewall for outgoing traffic, using the iptables command
iptables -A OUTPUT -p tcp --dport 4625 -j ACCEPT
where 4625
is the port that you want to open. A similar command can be run for ip6tables.
➤ Block incoming traffic on a port, using the iptables command
iptables -A INPUT -p tcp --dport 3962 -j DROP
where 3962
is the port for which you want to block incoming TCP traffic. A similar command can be run for ip6tables.
If you want to block the connections and also send an error message to the connecting devices, you will have to replace DROP with REJECT.
➤ Block outgoing traffic on a port, using the iptables command
iptables -A OUTPUT -p tcp --dport 4837 -j DROP
where 4837
is the port for which you want to block outgoing TCP traffic. A similar command can be run for ip6tables.
➤ Block all incoming connections from a specific IP address, using the iptables command
iptables -A INPUT -s 123.123.123.123 -j DROP
This command will block all incoming connections from 123.123.123.123
. A similar command can be run for ip6tables and an IPv6 address.
➤ Block all incoming connections over TCP from a specific IP address, on a specific port, using the iptables command
iptables -A INPUT -p tcp --dport 3624 -s 123.123.123.123 -j DROP
This command will block all incoming connections over TCP from 123.123.123.123
, on port 3624
. A similar command can be run for ip6tables and an IPv6 address.
➤ Block all outgoing connections to a specific IP address, using the iptables command
iptables -A OUTPUT -d 123.123.123.123 -j DROP
This command will block all outgoing connections to 123.123.123.123
. A similar command can be run for ip6tables and an IPv6 address.
➤ Block all incoming connections from a range of IP addresses, using the iptables command
iptables -A INPUT -m iprange --src-range 123.123.123.100-123.123.123.200 -j DROP
This command will block all incoming connections from the IPs in the range 123.123.123.100-123.123.123.200
. A similar command can be run for ip6tables and an IPv6 address.
➤ Accept all incoming connections from a specific IP address, using the iptables command
iptables -A INPUT -s 123.123.123.123 -j ACCEPT
This command will accept all incoming connections from 123.123.123.123. A similar command can be run for ip6tables and an IPv6 address.
➤ Remove iptables rules
To delete an iptables rule using the chain name and line number, first list all the rules with line numbers, by adding the --line-numbers
option:
iptables -L --line-numbers
The output of this command will look similar to this:
Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-postfix tcp -- anywhere anywhere multiport dports smtp,submissions,submission
2 f2b-named-refused tcp -- anywhere anywhere multiport dports domain,domain,953
3 f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,submissions,imap2,imaps,pop3,pop3s,submission
4 ufw-before-logging-input all -- anywhere anywhere
5 ufw-before-input all -- anywhere anywhere
6 ufw-after-input all -- anywhere anywhere
7 ufw-after-logging-input all -- anywhere anywhere
8 ufw-reject-input all -- anywhere anywhere
9 ufw-track-input all -- anywhere anywhere
...
Each rule, under each chain, will be preceded by a number. To delete, for example the 5th rule in the INPUT chain, run:
iptables -D INPUT 5
where INPUT
is the name of the chain and 5
is the rule’s line number. A similar command can be run for ip6tables.
Another method to delete an iptables rule is by rule specification. For example, to delete the rule added with the command:
iptables -A INPUT -s 123.123.123.123 -j DROP
you run:
iptables -D INPUT -s 123.123.123.123 -j DROP
Please note the -D
option added after the iptables
command. -D
stands for delete. A similar command can be run for ip6tables.
➤ Make the changes applied to iptables/ip6tables persist after reboot
After you have added or removed firewall rules by modifying the iptables or ip6tables directly, to make them persist after reboot, run:
/sbin/iptables-save
/sbin/ip6tables-save
➤ Get the last line of the output of a command
command | tail -1
➤ Split a long command on multiple lines, in a script
Add a backslash at the end of each line, like this
first part of command \
second part of command \
third part of command \
fourth part of command
➤ Check if any packages are in a half installed state
dpkg --audit
➤ Check if any packages are on hold
dpkg --get-selections | grep hold
➤ Find all the obsolete packages installed on the system
If a software package is installed on the system but it can no longer be found in any of the current configured repositories, that package is considered ‘obsolete’. You can find all the obsolete packages on the system by running:
apt search '~o'
If this command returns any packages and you don’t need them anymore, you can remove them with the apt-get purge packagename
command.
➤ Generate 16 bytes of random hexadecimal characters, with the openssl command
openssl rand -hex 16
This command will generate 32 characters, because 32 hexadecimal characters can be encoded in 16 bytes.
➤ Generate 24 bytes of random base64 characters, with the openssl command
openssl rand -base64 24
➤ Log in to MariaDB on localhost
mariadb -u username -p
This command will prompt you to enter username
‘s password, and after you enter it, you will be logged in to MariaDB:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4767
Server version: 10.3.29-MariaDB-0+deb10u1 Debian 10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
After you run your SQL commands, to exit just type exit
and press Enter.
You can also log in to MariaDB by running mysql -u username -p
. Even if you have MariaDB installed on your system and not MySQL, since MariaDB is a fork of MySQL and very similar, all the commands that contain the term mariadb
can be also run using the term mysql
instead.
➤ Change the password of a MariaDB user
Once you log in to MariaDB with mariadb -u username -p
, you can change username
‘s password with:
MariaDB [(none)]> alter user 'username'@'localhost' identified by 'newpassword';
➤ Create a new MariaDB user
MariaDB [(none)]> create user 'username'@'localhost' identified by 'password';
➤ Grant all privileges (including GRANT) on a database to a specific user
MariaDB [(none)]> grant all privileges on databasename to 'username'@'localhost' with grant option;
➤ Grant all privileges (including GRANT) on any database on localhost to a specific user
MariaDB [(none)]> grant all privileges on *.* to 'username'@'localhost' with grant option;
MariaDB [(none)]> flush privileges;
➤ Grant specific privileges on a database to a specific user
MariaDB [(none)]> grant select,insert,update,delete,create,drop on databasename to 'username'@'localhost';
➤ List all the privileges of a user
MariaDB [(none)]> show grants for 'username'@'localhost';
➤ Revoke all the privileges on a database for a specific user
MariaDB [(none)]> revoke all privileges on databasename from 'username'@'localhost';
➤ Delete a MariaDB user
MariaDB [(none)]> drop user 'username'@'localhost';
➤ Create a MariaDB database
MariaDB [(none)]> create database newdatabasename;
➤ Delete a MariaDB database
MariaDB [fruit]> drop database databasename;
➤ List all the MariaDB databases on localhost
Once you log in to MariaDB, to list all the databases, run:
MariaDB [(none)]> show databases;
To log in to a particular database, run:
MariaDB [(none)]> use databasename;
➤ List all the tables in the current MariaDB database
MariaDB [databasename]> show tables;
➤ Show information about all the columns of a table
MariaDB [databasename]> describe tablename;
➤ Delete a table in a database
MariaDB [databasename]> drop table tablename;
➤ Export a MySQL/MariaDB database located on localhost, with the mysqldump command
mysqldump -u username -p databasename > /path/to/directory/saveddatabase.sql
After you run this command, you will be asked for username
‘s password. This command will save the databasename
database as an sql
file in the /path/to/directory
directory.
➤ Export a MySQL/MariaDB database located on a host different from localhost, with the mysqldump command
mysqldump -h hostname -u username -p databasename > /path/to/directory/saveddatabase.sql
hostname
can be the hostname of the remote host (like data.example.com
), or the IP address of the remote host (like 123.123.123.123
).
➤ Export a table from a MySQL/MariaDB database located on localhost
mysqldump -u username -p databasename tablename > /path/to/example.sql
➤ Import a MySQL/MariaDB database from an sql file
First create a new empty database with the same name as the database you want to import:
mariadb -u username -p
Enter password:
MariaDB [(none)]> create database databasename;
Then run:
mysql -u username -p databasename < /path/to/databasename.sql
The databasename.sql
file can have any name, although in general, it has the same name as the database that has been exported to it.
➤ Import a table in a MySQL/MariaDB database from an sql file
mysql -u username -p databasename < /path/to/table/example.sql
➤ List the kernel modules that are currently loaded
lsmod
➤ Load a kernel module manually
modprobe module-name
➤ Unload a kernel module manually
rmmod module-name
➤ Generate a new RSA private key with the openssl command
openssl genrsa -out /path/to/server.key 2048
2048 is the number of bits for the key. You can replace it with 4096 for a stronger encryption key. The private key file can have the name of a domain or any other name, and a different termination, such as pem
.
➤ Generate a new Certificate Signing Request (CSR) with the openssl command
If the private key is /path/to/myserver.key
, you can generate the CSR file by running:
openssl req -new -key /path/to/myserver.key -out /path/to/csr/file/server.csr
The CSR file can have the name of a domain or any other name, and a different termination, such as txt
.
➤ Generate a new RSA private key and a Certificate Signing Request (CSR) in one command, with the openssl command
openssl req -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr
2048 is the number of bits for the key. You can replace it with a larger value. You will be asked to enter a few details, such as Country Name, Organization Name, Common Name etc. If you want to leave a field empty, just press Enter.
The -nodes
option stands for ‘no DES’, which means ‘do not encrypt the private key in a PKCS#12 file’. Without this option, the private key will be encrypted and you will be prompted to enter a passphrase for this encryption step.
The command from above will create the myserver.key
file containing the private key and the server.csr
file containing the Certificate Signing Request (CSR). Don’t forget to restrict access to the private key file.
➤ Generate a self-signed SSL certificate while having the private key and using a self-generated Certificate Signing Request (CSR), with the openssl command
If the private key is /path/to/privatekey/myserver.key
, run:
openssl req -x509 -days 73000 -in /path/to/server.csr -signkey /path/to/privatekey/myserver.key -out /path/to/certificate/cert.crt
You can change the number of days the SSL certificate will be valid for, from 73000
(200 years) to other value. However, if you enter a short period of time, you will have to remember to manually regenerate the certificate before it expires. The certificate file can have a different termination, such as pem
.
X.509 is a format standard for digital certificates.
➤ Generate a self-signed SSL certificate, having a private key but without using a self-generated Certificate Signing Request (CSR), with the openssl command
openssl req -x509 -days 73000 -new -nodes -key /path/to/privatekey/myserver.key -out /path/to/certificate/cert.crt
➤ Generate a private key and a self-signed SSL certificate without using a self-generated Certificate Signing Request (CSR), with the openssl command
openssl req -x509 -days 73000 -newkey rsa:2048 -nodes -keyout /path/to/privatekey/myserver.key -out /path/to/certificate/cert.crt
➤ Find the expiration date of a SSL certificate
openssl x509 -in /path/to/certificate/cert.crt -noout -enddate
➤ Generate a Diffie-Hellman parameter with the openssl command
openssl dhparam -out /path/to/dhparam.pem 2048
2048 is the number of bits for the parameter and you can replace it with a larger value.
➤ Regenerate the self-signed snakeoil certificate and key
On Debian, when the ssl-cert
package is installed, a private key (/etc/ssl/private/ssl-cert-snakeoil.key
) and a self-signed certificate (/etc/ssl/certs/ssl-cert-snakeoil.pem
) are automatically created. They can be regenerated by running:
make-ssl-cert generate-default-snakeoil --force-overwrite
➤ Recover a RSA public key in OpenPGP format from the private key with the gpg command
If you don’t have the private key, first import it from a file by running:
gpg --import private_key_file
Then export the public key to a file by running:
gpg --armor --export 0xD504264E > pubkey.asc
where D504264E
is the key ID (the last 8 digits of the key’s fingerprint, that can be found with the gpg --list-keys
command). The --export
option will export the public key of the RSA key with the ID D504264E
, to the pubkey.asc
file, in ASCII armored format. The command will also work if you don’t prepend 0x
to the key ID.
Instead of the key ID, you can use the email address associated with the key (which can be found with the gpg --list-keys
command), like this:
gpg --armor --export email@example.com > pubkey.asc
➤ Use ApacheBench to assess the number of requests per second a web server can serve
First install the apache2-utils
package, which contains the ApacheBench tool:
apt-get install apache2-utils
If https://www.example.com
is a website hosted on the server whose performance you want to test, run:
ab -c 100 -n 1000 https://www.example.com/
Where -c
specifies the number of concurent users and -n
specifies the number of requests that will be sent to the web server. Don’t forget to add the slash at the end of the URL, otherwise the command will fail.
You can also add the -t
option to specify the maximum number of seconds in which the test will be performed. If the number of requests specified with the -n
option has been sent and the total amount of time is not over, additional requests will be sent, until the specified period of time will be over. The following command will perform the test within 60 seconds:
ab -c 100 -n 1000 -t 60 https://www.example.com/
➤ Working with Git
If you need to use Git, you can find a complete list with the essential Git commands here.
➤ Delete the content of a file but not the file itself
cat /dev/null > /path/to/filename
➤ Decompress a gz file and keep the original file
gunzip -k filename.gz
➤ Remove a file securely by overwriting it 7 times before deleting it
shred -n 7 -u /path/to/filename
You can choose a different number of overwrites than 7. If you run it without adding the -n 7
option, the shred
command will overwrite the file 3 times (which is the default number), and then delete it.
➤ Send a POST request to a URL using the curl command
First install curl
by running apt-get install curl
. Then run:
curl --data "param1=value1¶m2=value2" https://example.com/script.php
The command from above sends two parameters, param1
and param2
, having the values value1
and value2
respectively, in a POST request, to the script.php
script, that can be accessed at the URL: https://example.com/script.php
.
➤ List the manual page of a Linux command
man command