Skip to content

ubuntu_cmd

Jump to bottom
Ayush Maskey edited this page Aug 26, 2020 · 19 revisions

Table of content for linux commands

maintenance

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get clean
sudo apt-get autoclean
sudo apt-get autoremove
sudo ucaresystem-core
sudo reboot
sudo rm -rf /var/lib/apt/list/*

#do not remove kernel
uname -r
#list of kernel
dpkg --list | grep linux-image
#remove rest
sudo apt-get purge linux-image-X.X.X-X-generic

sudo update-grub2

grive

#hold shift during restart to get to grub2
memtestx86

time

sudo dpkg-reconfigure tzdata
sudo ntpdate ntp.ubuntu.com pool.ntp.org

firewall

sudo so-allow

**virtual terminal**
get in --> `alt + ctrl + F4`
get out --> `alt + ctrl + fn + F7`

Environment

  • path name of the files which would be executed in current environment which nodejs
  • who is logged in who
  • clear screen clear
  • change password passwd root
  • Ubuntu Versionlsb_release -a
  • maintenance package sudo apt-get installlocalepurge
  • ucaresystem
sudo add-apt-repository ppa:utappia/stable
sudo apt update
sudo apt install ucaresystem-core
  • move file across ssh
# linux to linux
scp /pwd/fileName amaskey@ip:pwd/fileName
# windows to linux(https://community.nxp.com/thread/220596)
* install putty
# in cmd line
set PATH=C:\Program Files\PuTTY
pscp "c:\..\..\desktop\filename.txt" username@ubuntu:/home/user
  • adding trusted cert
In ubuntu:
    Go to /usr/local/share/ca-certificates/
    Create a new folder, i.e. "sudo mkdir school"
    Copy the .crt file into the school folder
    Make sure the permissions are OK (755 for the folder, 644 for the file)
    Run "sudo update-ca-certificates"
  • display manual of specified command man ls 
alias pd="pwd"						#create shortcuts no space pd="pwd"
export USER="me myself and I"				#export makes the variable available to all child session
echo $USER						#current user or alias, $ used to return variable value
export PS1=">>"						#change prompt from $ to >>
history							#history of commands used in the session
env							#returns list of all environment variables for current user
  • shorten path name in terminal
gedit ~/.bashrc

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u\[\033[00m\]:\[\033[01;34m\]\W\[\033[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\u:\W\$ '
fi

make ???- maintain group of programs systemd-analyze blame

  • remove error message
ls -l /var/crash
sudo rm /var/crash/*

Directory

print working directory pwd

list directory

ls -alt
 -a 	hidden files and folders
 -l 	more details
 -t 	newest first
ls -d */							#show directory only
ls -la | less							#one page at a time
ls intel*							#all files starting with intel.
ls /								#look at root

estimate file space usage

ls -sh
 -s 	size
 -h 	human readable
du -hs
  -h	human readable
  -s 	size
  
#size of each folder with files
du -abch --max-depth=1

create or delete

mkdir
rmdir
rm -r 								#recursively remove dir and all the files

change

cd 
cd ../FolderName 						# go to parent directory and open folder
cd ~ or cd 							# home
cd - 								# back to last directory

copy or move

mv ./* ~Google/							# move all files and folders
cp -a ./sourceFolder ./targetFolder

unix folders

config file /etc

store optional stuff /opt/

log files /var/log, /bin, /sbin, /usr/bin, /usr/local

Files

delete file rm

move and copy

mv "filename" ~\newLocation 						#move files
mv file1 file 2 							#file1 renamed to file2

cp file1 file2 								#copy content of file1 to file2
cp dir/file1 . 								#copy file1 to current directory

move all files not like

folder="weird"; file="_2019-02"; mv ./$folder/!($folder$file*) ./training_dataset/$folder/

** move all file like**

folder="weird"; file="_2019-02"; mv ./$folder/$folder$file* ./testing_dataset/$folder/

create new file touch fileName.ext create and write

echo "Hello" > Hello.txt						#create new file Hello.txt and write "Hello

display words on terminal echo hello

file content

cat hello.txt
cat Hello.txt > bye.txt						#overwright content of bye with content of hello
cat hello.txt >> bye.txt					#append content of hello to end of bye
cat hello.txt | wc						#output of whats left of pipe and uses it as input for the right
  -wc 								#number of lines
cat h.txt | wc | cat > b.txt					#get content of h.txt, count num of lines and overwright it in b.txt
sort hello.txt							#sort and display content of hello
cat hello.txt | sort > bye.txt						#get content of hello, sort it and overwright bye.txt
uniq hello.txt							#check the next line and if it is similar then show show only one
sort hello.txt | uniq						#sort first and then get unique 
sort h.txt | uniq > r.txt					#sort first and then get unique and then overwright to r.txt

grep

grep Mount mountain.txt						#search mountain.txt and look for "Mount"
grep -i Mount mountain.txt					#search mountain.txt and look for "Mount" or "mount"
grep -R "Ayush" home/Google					#search all files in the directory recursively for "Ayush" and output filename + the line 
grep -Rl "Ayush" home/Google					#output only fileName. No line

sed

sed 's/hello/bye' hello.txt					#change first occurence of hello to bye in each line of hello.txt
sed 's/hello/bye/g' hello.txt					#change all instance of hello to bye

one page less hello.txt

file type file hello.txt

open file

gedit "TextFileName.txt"
evince "pdfFileName.pdf"
libreoffice "fileName.doc .pptx .xls"

tail

  • print last 10 lines sudo tail -f /etc/logstash/logstash.log
  • print last 30 lines sudo tail -30 /var/log/nsm/securityonion/sguid.log

vim

vim fileName

insert mode

i 	#insert before cursor
I	#insert at the beginning of the line
a	#append after cursor
A	#append at the end of the line
esc	#end insert mode

quit

:q	#quit
:wq	#save and exit
:q!	#quit without saving

split screen :split fileName

goto line number :512

find phrase ? phrase

nano

nano hello.txt								#open hello in text editor
ctrl+o									#save
ctrl+x									#exit
nano ~/.bash_profile							#stores environment variables

users groups and permissions

  • current permission
ll
  -rwxrwxrwx	username	group
  drws------

  • first: dash '-' then normal file, if 'd' then directory

  • next 3 = owner permission: r (read), w(write), x(execute), -(no permission)

  • next 3 = group permission

  • final 3 = rest of the world permission

  • first - owner of file

  • second - group the file belongs to #groups to get groups memmbership

  • permission number representation 0(---), 1(--x), 2(-w-), 3(-wx), 4(r--), 5(r-x), 6(rw-), 7(rwx)

  • change permission chmod 664 test.html ( rw-rw-r-- )

  • take ownership chown <username> -R filename

  • recursively change ownership of all files and folders chown -R hduser:hduser /opt/hdfs

  • add user interactive adduser <username>

  • add user to group usermod -aG sudo <username>

  • all users compgen -u

  • all groups compgen -g

  • all groups of user groups <username>

  • test sudo access sudo - <username>

  • change password sudo passwd <username>

disable ipv6

nano /etc/sysctl.conf

#add 
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sudo sysctl -p

cat /proc/sys/net/ipv6/conf/all/disable_ipv6
#return 1

wget

download file wget http://www.example.com/filename

download entire website wget -r http://www.example.com

download entire website and external links wget -r -H http://www.example.com

tar

untar

tar -xzvf fileName.tar.gz
 -x flag to extract
 -z uncompress
 -v verbose output
 -f specify that we are extracting from a file

read file without untar

tar -tf fileName
 -t list

zip

unzip unzip file.zip -d "dest_folder"

gz

compress and remove original file gzip access.log

uncompress and remove original .gz file gunzip access.log.gz

ssh with sublime

server side

wget -O /usr/local/bin/rsub \https://raw.github.com/aurora/rmate/master/rmate
chmod a+x /usr/local/bin/rsub

client sublime

ctrl + shift + P 	#to open package mannager 
choose Package control: install package
search rsub and install

ssh into remote machine

#linux
ssh -R 52698:localhost:52698 user@serverIP

#putty
host_ip 
port - 22
category --> connection --> SSH --> Tunnels
source port: 52698
Destination: localhost:52698
remote and auto
ADD
Forwarded Ports: 
R52698 localhost:52698
Open

on server terminal rsub ~/path_to_file/fileName

VPN

sudo openconnect -b https://
sudo pkill -SIGINT openconnect

firewall

  • enable sudo ufw enable
  • disbale sudo ufw disable
  • status sudo ufw status
  • allow sudo ufw allow 443/tcp
  • allow range sudo ufw allow 6000:6010
  • deny sudo ufw deny 443

jitsi

# download key
wget https://download.jitsi.org/jitsi-key.gpg.key

# check if key has been tampered --> get ID of the key
gpg jitsi-key.gpg.key

#verify id with third party
gpg --search-keys dev@jitsi.org

#find who signed the key and who trusts it
gpg --list-sigs dev@jitsi.org

#add key to keychain
apt-key add jitsi-key.gpg.key

#add repo to apt
echo 'deb https://download.jitsi.org stable/' > /etc/apt/source.list.d/jitsi-stable.list

cronjob

crontab is schedule of cron entries to be run at specific time

58 21 * 12 * cd /home/Documents/ && .run_this.py >> log_this.log > 2>&1
(58 min, 9pm, * or all days of month, dec month, * or all days of week, directory, cmd, log,  )
echo test 1> file.txt 		#stdout to file.txt
echo test 2> file.txt		#stderr to file.txt
& - redirect
2>&1				#redirect stderr to stdout
crontab -l		#list crontab
crontab -e		#edit crontab
crontab -r		#delete all crontab
crontab elastic.cron	#replace

[awk]

geeks for geeks life hacker

YouTube

# print every line - actions inside curly braces
awk '{print}' shopping_list

# find lines that have the string 'produce'
awk '/produce/ {print}' shopping_list

# $2 says second word of the line
awk '/produce/ {print $2}' shopping_list

# execute awk program --> fileName -f .awk --> input shopping_list file
awk -f parse_groceries.awk shopping_list

tcpdump

#tcp duump version
tcpdump -h

#interfaces
sudo tcpdump -D
  * any displays all interface
  * lo is loopback

# capture packets on all interfaces
sudo tcpdump -i any

# first 5 
sudo tcpdump -i any -c 5

# -c converts ip to hostname, -n reverses back to ip
sudo tcpdump -i any -c 5 -n

# first 29 bytes --> default and max 65525 
sudo tcpdump -i any -c 5 -n -s29

# tcp result
time sourceIP destainationIP TcpFlags[ack(.)/syn(S)/rst(R)] seq win length

- seq --> sequence num, relative num, only first one is real seq num
- win -> window size, say 333, wscale =7 in handshake so real window size = 333 * 2^7
- length

# traffic on one direction in one tcp session
sudo tcpdump -t any -c20 -n tcp and dst port 49952 -t

# -S to turn off relative seq number
sudo tcpdump -t any -c20 -n tcp and dst port 49952 -t -S

# save capture files to capture.pcap
sudo tcpdump -i any -w capture.pcap

# -v verbose
sudo tcpdump -i any -w capture.pcap -v

# -c limit the size of capture 
sudo tcpdump -i any -w capture.pcap -v -c20

# read pcap file
sudo tcpdump -n -r capture.pcap

sudo tcpdump -n -r capture.pcap | less 

# capture between certain host
sudo tcpdump -i eth1 -n host 10.0.0.1 and host 10.0.0.3 -c5

# on certain ports
sudo tcpdump -i eth1 -n host  host 10.0.0.3 and port 80 -c5

# complex query need to be inside "" coz () means something else in bash
sudo tcpdump -i eth1 -n "host 10.0.0.1 and (port 80 or port 443)" -c5

# traffic going out and not inside the network
sudo tcpdump -i eth0 -n -c100 "src net 192.168.0.0/16 \
and not dst net 192.168.0.0/16 and not dst net 10.0.0.0/8"

# filters on mac address --> ether
sudo tcpdump -i eth0 ether host 28:16:2e:1f:25:49

# see mac address of responding host
sudo tcpdump -i eth0 ether host 28:16:2e:1f:25:49 -e

# look for ipv6
sudo tcpdumo -i any ipv6

#look for syn only
sudo tcpdump -i any "tcp[tcpflags] \ 
& tcp-syn != 0"

# look for reset
sudo tcpdump -i any "tcp[tcpflags] & tcp-rst != 0"

# http data -A
sudo tcpdump -i eth0 port 80 -c7 -A

remote login

__ Host machine settings __

sudo apt-get install vnc4server
sudo apt intall xfce4 xfce4-goodies tightvncserver			#install xfce4 and tightvnc in client machine
gsettings set org.gnome.Vino require-encryption false		#remote access from VNC

readlink

#find default path of java
readlink -f /usr/bin/java | sed "s:bin/java::"

text editor

vi - 
su - log in as super user 
su amaskey - switch user to amsaskey
sudo - run single command with root previledge

curl
dpkg - dpkg -l, 
aptitude

all user directories stay here

/home
shell/env variables, echo, export, bashrc, profile, source cmd
tar, gzip, zip
adduser, useradd

rpm

ssh and key generation and passwordless login

ssh, ssh-keygen -t rsa, .ssh/, authorized_keys ip a, /etc/hosts, ping

install deb

sudo dpkg -i /home/amaskey/Downloads/intellij-idea-community_2017.2.2-1_all.deb install dependencies sudo dpkg --configure -a --force-depends sudo apt-get install -f

ssh - add deffiehellman sha1 to ~/.ssh/config

cisco packet capture capture capin interface inside match ip any any capture capout interface outside match ip any any (any can be replaced by ip and subnet) show capture show capture capin https:///admin/capture/capin no capture capin interface inside no capture capout interface outside

#change \w to \W in both PS1 source ~/.bashrc #reset terminal

add cert to trusted

sudo mkdir /usr/share/ca-certificates/folder
sudo cp foo.crt /usr/share/ca-certificates/folder/foo.crt
sudo dpkg-reconfigure ca-certificates

foot

Table of Content

Powershell

Ubuntu

Git

Docker

Security Onion

Python

Certified Ethical Hacker

Meteor

Mongo

Systems Admin

Upgrade

IDE shortcuts

Warehouse

Clone this wiki locally