Linux commands and basic concepts you need for performing essential tasks on a server as a DevOps, SRE, or SysAdmin are critical. I'll do my best to explain everything as simple as possible.
MIT License
Learning Linux: Essential commands and foundational knowledge . We started from scratch to build a complete tutorial covering everything from commands and tools to kernel structure and all the details.And even though we're not heavily focused on LPIC exams, we've included that too.
Feel free to contribute (lets-fork-it), and if there's any problem or recommendation, I'd be happy to sort it out if you raise an issue.
help
, whatis
, info
, which
, whereis
, man
, stat
cd
, ls
, pwd
, mkdir
, rmdir
, tree
, touch
, ln
, rename
, stat
, file
, chmod
, chown
, locate
, find
, cp
, mv
, rm
cat
, head
, tail
, more
, less
, sed
, vi
, grep
tar
, gzip
, zip
, unzip
groupadd
, groupdel
, groupmod
, useradd
, userdel
, usermod
, passwd
, su
, sudo
reboot
, exit
, shutdown
, date
, mount
, umount
, ps
, kill
, systemctl
, service
, crontab
curl
, wget
, telnet
, ip
, hostname
, ifconfig
, route
, ssh
, ssh-keygen
, firewalld
, iptables
, host
, nslookup
, nc
, netcat
, ping
, traceroute
, netstat
df
, du
, top
, free
, iotop
rpm
, yum
, apt-get
, dpkg
View the art of command line repo
Bios
stands for basic input/output system.Bios
doing the POST (Power-on Self-test) job.boot device
it will report No boot device found
.Linux
is installed on the hard disk, it will find the Master Boot Record at the first sector of the first hard drive./dev/sda
, /dev/hda
).512byte
=1 sector
.446 byte
) : provides information for boot loaderand
location boot loaderand
the hard drive.64 byte
) : stores information about partition
.load
the Boot Loader into memory and read the configuration - information then display the GRUB Boot Menu for the user to choose from.boot
. Table 1. Mapping between runlevels and systemd targets
βββββββββββββββββββββββββββββββββββββββββ
βRunlevel β Target β β
βββββββββββββββββββββββββββββββββββββββββ€
β0 β poweroff.target β β
βββββββββββββββββββββββββββββββββββββββββ€
β1 β rescue.target β β
βββββββββββββββββββββββββββββββββββββββββ€
β2, 3, 4 β multi-user.target β β
βββββββββββββββββββββββββββββββββββββββββ€
β5 β graphical.target β β
βββββββββββββββββββββββββββββββββββββββββ€
β6 β reboot.target β β
βββββββββββββββββββββββββββββββββββββββββ
for-deeper-view-of-kernel-click
history
)$
: ordinary user#
: user root
isdev/sda
/dev/sda3
is the 3rd primary partition on the first disk/dev/sdb5
is the first logical partition on the second disk/dev/sda7
is the 3rd logical partition of the first physical diskfdisk
root@saman:~# fdisk /dev/sda
Welcome to fdisk (util-linux 2.25.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
root@saman:~# Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x000beca1
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 43094015 43091968 20.6G 83 Linux
/dev/sda2 43094016 92078390 48984375 23.4G 83 Linux
/dev/sda3 92080126 625141759 533061634 254.2G 5 Extended
/dev/sda5 92080128 107702271 15622144 7.5G 82 Linux swap / Solaris
/dev/sda6 107704320 625141759 517437440 246.8G 83 Linux
parted
root@saman:~# sudo parted /dev/sda p
Model: ATA ST320LT000-9VL14 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 22.1GB 22.1GB primary ext4 boot
2 22.1GB 47.1GB 25.1GB primary ext4
3 47.1GB 320GB 273GB extended
5 47.1GB 55.1GB 7999MB logical linux-swap(v1)
6 55.1GB 320GB 265GB logical
In many cases, you need to resize your partitions or even install new disks and add them to your current mount points; Increasing the total size. LVM is designed for this. + Physical Volume (PV): A whole drive or a partition. It is better to define partitions and not use whole disks - unpartitioned. + Volume Groups (VG): This is the collection of one or more PVs. OS will see the vg as one big disk. PVs in one VG, can have different sizes or even be on different physical disks. + Logical Volumes (LV): OS will see lvs as partitions. You can format an LV with your OS and use it.
du -h /path/to/directory | sort -rh
USER | The name of the logged-in user |
---|---|
PATH | List of directories to search for commands, colon separated |
EDITOR | Default editor |
HISTFILE | System hostname |
HOSTNAME | Show Info |
PS1 | The Prompt! Play with it |
UID | The numeric user id of the logged-in user |
HOME | The user's home directory |
PWD | The current working directory |
SHELL | The name of the shell |
$ | The process id (or PID of the running bash shell (or other) process |
PPID | The process id of the process that started this process (that is, the id of the parent process) |
? | The exit code of the last command |
command | what it means | what it does | how to use it |
---|---|---|---|
chmod | change modifiers | edits the permissions of a file | chmod +x filename |
chattr | change attributes | edits the attributes of a file | chattr +i filename |
chown | change owner |
chmod
is used to edit the permissions on a file. There are 3 permissions and 3 groups, for a total of 9 permissions. The permissions are:
for example when using ls -la
you see all of the files permissions
(user)
|
|
| (others)
| |
-rw-r--r-- 1 username groupname date time ...
|
|
(group)
so this file the owner has rw, the group has r and everyone has r
chmod a+x filename
character | group name | who it applies to |
---|---|---|
u | user | the owner of the file |
g | group | users who are members of the files' group |
o | others | users not included in u or g |
a | all | u, g and o |
chmod can take either a set of three octal (base 8) numbers to set the permissions across all groups, or list the groups "a+" and the permissions that you want to add or "a-" and the permissions you want to subtract.
The character representations of the permissions are:
letter | number | binary | permission |
---|---|---|---|
r | 4 | 100 | read |
w | 2 | 010 | write |
x | 1 | 001 | execute |
So chmod a+rwx filename
is the same as chmod 777 filename
chmod u+x,g+w filename
chmod u=rwx,g=rw,o=r filename
chmod 764 filename
chmod a+x filename
The chown
command changes the owner and group of a file or directory. This command can authorize a user to become the owner of the specified file or change the group to which the file belongs. User can be user or user D, user group can be group name or group id. The filename can be a list of files separated by spaces, and wildcards can be included in the filename.
Only the file owner and superuser can use this command.
apt provides a high-level CLI (Command Line Interface) for the package management system and is intended as an interface for the end user which enables some options better suited for interactive usage by default compared to more specialized APT tools like apt-cache and apt-get.
Syntax :apt [...COMMANDS] [...PACKAGES]
update :apt update
full-upgrade :apt full-upgrade
install :apt install [...PACKAGES]
remove :apt remove [...PACKAGES]
purge :apt purge [...PACKAGES]
search :apt search [...REGEX]
This command is used when the user wants to search for the given regex term(s) in the list of available packages and display matches. For example, this command can be useful when you want to search for packages having a specific feature.
show :apt show [...PACKAGES]
Basic Syntax :sudo apt-get [options] [command] [package(s)]
If you want to download only one specific package, you can do:apt-get download [...PACKAGES]
Removing debian packages:apt-get remove [package(s)]
If you want to reconfigure a package that is already installed, you can use the:dpkg-reconfigure tzdata
dpkg [OPTIONS] ACTION PACKAGE
\
Wildcard characters are used in globbing and regular expressions to represent patterns of text. While the exact set of wildcard characters can vary depending on the context and programming language, here are some common wildcard characters and their meanings:
*
): Matches zero or more characters. It is often used as a wildcard for any sequence of characters.
*.txt
matches all files ending with ".txt."?
): Matches a single character. It is used to represent any character in a specific position.
file?.txt
matches "file1.txt" and "file2.txt."[]
) and Dash (-
) for Character Ranges: Square brackets are used to define character classes, and the dash is used to specify character ranges within those classes.
[aeiou]
matches any one vowel.[0-9]
matches any digit.[A-Za-z]
matches any uppercase or lowercase letter.{}
) for Alternatives: Curly braces are used to specify alternative patterns or choices.
{jpg,jpeg,png}
matches either "jpg," "jpeg," or "png."!
) or Caret (^
) (Inside Square Brackets): When placed at the beginning of a character class, these symbols negate the class, matching any character not listed in the brackets.
[^0-9]
matches any character that is not a digit..
): In regular expressions, the period is a wildcard that matches any single character.
a.c
matches "abc," "adc," etc.|
) (In Regular Expressions): Represents the logical OR operation and is used to specify alternatives.
apple|banana
matches either "apple" or "banana."\
) (Escape Character): In some contexts, the backslash is used to escape special characters, so they are treated as literal characters rather than as wildcards or metacharacters.These wildcard characters provide flexible ways to match patterns in text and are commonly used in various programming languages, command-line utilities, and regular expressions for tasks such as text searching, text processing, and file manipulation. Keep in mind that the availability and behavior of these characters can vary depending on the specific environment or tool you're using.
more info wildcard characters for globbing
how do you download a file from the terminal?
1.Download files from Linux terminal using wget command
Installing wget:
sudo apt install wget
Download a file or webpage using wget:
wget URL
2.Download files from Linux command line using curl
Installing curl:
sudo apt install curl
Download a file or webpage using curl:
curl URL
The following commands will get you the IP address list to find public IP addresses for your machine:
If you enter the command ifconfig
in the terminal, all information will be displayed. You can also use these commands:
The following commands will get you the IP address list to find public IP addresses for your machine:
curl ifconfig.me
curl -4/-6 icanhazip.com
curl ipinfo.io/ip
curl api.ipify.org
curl checkip.dyndns.org
dig +short myip.opendns.com @resolver1.opendns.com
host myip.opendns.com resolver1.opendns.com
curl ident.me
The following commands will get you the private IP address of your interfaces:
ifconfig -a
hostname -I'
ip route get 1.2.3.4'
nmcli -p device show
(best option in my opinion)Here are the Best Firewalls for Linux for Effective System Protection(We Mostly use Iptables ,(ufw for regular usages))
Key Features:
Firewall engine and Instruction Prevention system.
Offers default zones with different security policies. For example, DMZ and LAN.
Frequently updated to prevent attack vectors and security vulnerabilities.
Offers Stateful Package Inspection(SPI) firewall built on top of Netfilter.
Provides an intuitive web user interface.
Protects against Denial-of-Service attacks.
It lets users create logging and graphical reports for insights.
It can be installed on hardware devices such as Raspberry Pi.
Key Features:
FreeBSD-based.
Supports a wide variety of hardware.
Clean web interface.
It comes with commercial-grade features.
Supports VPN endpoint and wireless access point configuration.
Outbound and Inbound load balancing.
Real-time information.
Key Features:
Web filtering, application control, and cloud threat intelligence.
Auto-block malware/phishing attempts in real-time.
Instantly deploy firewall with minimal setup requirements.
Offers centralized cloud management to manage multiple firewalls.
Improves network visibility with rich analytics and reporting.
\
\
\
\
\
iptables is a powerful configuration tool for controlling traffic to and from your system. Modern Linux kernels come with a packet filtering framework called Netfilter. Netfilter provides operations such as allow, drop, and modify to control the flow of packets into and out of the system. The user-level command-line tool iptables based on the Netfilter framework provides a powerful firewall configuration function, allowing you to add rules to build firewall policies. The richness and complexity of iptables and its baroque command syntax can be overwhelming.
(chains)
(table) | (source) MASQURADE
| PREROUTING 1 | 1 1 ACCEPT
| filter -A INPUT 2 udp | xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 2 2 ------- REJECT
iptables -t nat -I FORWARDING . -P tcp -S 37.16.2.4 -d 185.674.46.4 --sport . --dport . -m module -J DROP
mangle -D OUTPUT . icmp | . . ------- | DNAT
-U POSTROUTING n | 65535 65535 | SNAT
| | (destination) |
(insert)(apend)(delete)(update) | [this is the most important thing]
|
(line you want)
connect to your srver with ssh.
open /etc/resolv.conf
with some editor like nano or vim.
change the in front of namesrver like this:
nameserver 172.29.2.100
nameserver 185.51.200.2
save changes and exit.
type the following command:
lsb_release -a
Alternate way:
cat /etc/lsb-release
Another Fun way:
you can use any kind tools you know here are some of them:
learn getting free ssl with acme step by step
mosltly use for controlling the cpu usage (nice number is from -20 to 19 ).
What is Swap ? Swap is a portion of hard drive storage that has been set aside for the operating system to temporarily store data that it can no longer hold in RAM. This lets you increase the amount of information that your server can keep in its working memory, with some caveats.
We can see if the system has any configured swap by typing:sudo swapon --show
.
If you donβt get back any output, this means your system does not have swap space available currently.
You can verify that there is no active swap using the free utility:free -h
Before we create our swap file, weβll check our current disk usage to make sure we have enough space:df -h
Now that we know our available hard drive space, we can create a swap file on our filesystem. We will allocate a file of the size that we want called swapfile in our root (/) directory.
The best way of creating a swap file is with the fallocate program. This command instantly creates a file of the specified size.
Since the server in our example has 1G of RAM, we will create a 1G file in this guide. Adjust this to meet the needs of your own server:sudo fallocate -l 1G /swapfile
We can verify that the correct amount of space was reserved by typing:ls -lh /swapfile
Now that we have a file of the correct size available, we need to actually turn this into swap space.
First, we need to lock down the permissions of the file so that only users with root privileges can read the contents. This prevents normal users from being able to access the file, which would have significant security implications.
Make the file only accessible to root by typing:sudo chmod 600 /swapfile
Verify the permissions change by typing:ls -lh /swapfile
Output
-rw------- 1 root root 1.0G jul 16 16:18 /swapfile
only the root user has the read and write flags enabled.
We can now mark the file as swap space by typing:sudo mkswap /swapfile
After marking the file, we can enable the swap file, allowing our system to start using it:sudo swapon /swapfile
Verify that the swap is available by typing:sudo swapon --show
Output
NAME TYPE SIZE USED PRIO
/swapfile file 1024M 0B -2
We can check the output of the free utility again to corroborate our findings:free -h
Output
total used free shared buff/cache available
Mem: 981Mi 123Mi 644Mi 0.0Ki 213Mi 714Mi
Swap: 1.0Gi 0B 1.0Gi
Our recent changes have enabled the swap file for the current session. However, if we reboot, the server will not retain the swap settings automatically. We can change this by adding the swap file to our /etc/fstab file.
Back up the /etc/fstab file in case anything goes wrong:sudo cp /etc/fstab /etc/fstab.bak
Add the swap file information to the end of your /etc/fstab file by typing:echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Next weβll review some settings we can update to tune our swap space.
topics:Virtual machine/Linux container/Application container/Guest drivers/SSH host keys/D-Bus machine id
To check and see if your host operating system / CPU, supports using hypervisors check for the vmx
(for Intel CPUs) or svm
(for AMD CPUs) in your /proc/cpuinfo
in flags.
Based on your CPU you should have kvm
or kvm-amd
kernel modules loaded.
lsmod | grep -i kvm
sudo modprobe kvm
(If you see hypervisor in your /proc/cpuinfo it means that you are inside a virtualized Linux machine )
Type 2 Hypervisor
These hypervisors run on a conventional operating system (OS) just as other computer programs do. A guest operating system runs as a process on the host. Type-2 hypervisors abstract guest operating systems from the host operating system.
In other words, a type 2 hypervisor is the software between the guest and host. It completely runs on the host OS and provides virtualization to the guest.
Two of the most famous Type 2 hypervisors are VirtualBox (from Oracle) and VMware.
Type 1 Hypervisor
These hypervisors run directly on the host's hardware to control the hardware and manage guest operating systems. For this reason, they are sometimes called bare-metal hypervisors. The first hypervisors, which IBM developed in the 1960s, were native hypervisors. These included the test software SIMMON and the CP/CMS operating system, the predecessor of IBM z/VM.
Some of the most famous Type 1 hypervisors are KVM, Xen & Hyper-V. KVM is built-in since Linux Kernel version 2.6.20.
First, create the machine itself. We tell the hypervisor this machine how much RAM/disk/CPU/... needs and set a name for our machine. Then we need to install the guest OS. This can be done using:
Some configurations are machine specific. For example, a network card's MAC address should be unique for whole the network. If we are cloning a machine or sometimes creating them from templates, at least we need to change these on each machine before booting them:
/etc/machine-id
and /var/lib/dbus/machine-id
and run dbus-uuidgen --ensure
. These two files might be soft links to each other)