Linux Commands Cr cd Logs Move tothe logs rectory, which s located inthe eurent directory. cd MLogs Move tothe logs drecory, which s located Inthe toplevel iectoy. cd. ‘Move up one directory. ca ~ Move to your home directory (the “te” characteris et ofthe 1 ke). cd = ‘Move tothe directory you were previously in, Viewing and oon in files i) ee Ret dott Use tab completion to type filenames faster. [As you're typing a filename (or directory) hit the tab key. If there's only one file that matches what you've typed, the ‘est of the flename will be filled in. nothing happens when you hit tab, simply hit tab again to see a lst of matches, Navigating in less cat data. txt Display data et cat *.txt Display al fils that end witht head data. txt Display the fist 10 lines of data. Up/down arroK Move up/down one line. head -n 20 data.txt Display the ist 20 lines of data. CCECETETORET STOR) (GIS EATEREDOUSES Pa tail data.txt Display the last 20 ins of data. Note: requires less -S tail =n 38 data. txt Display the last 20 ine of data. pGtEan Peace tail -F data.txt Display the last 10 lines of data tet and continue ‘unning, isplaying any new ines inthe fle ‘ Goto the fist ine ote: ress CutC to ext 5 area grep malware data.txt Display allines in dara. that contain ‘malware’ F {60 tothe last ne, and display any new lines grep -v malware data.txt Display allines that donot contain ‘malware! (Simiar total -P) Note ress Cet 10 ex grep ‘mal ware’ data.txt Tosearch for phrases with spaces use single dmalware Search - goto the next ine containing the wore grep -F 1.2.3.4 data.txt Tosearch for phrases with periods, use -F FIER) eS Brep =c exe data.txt Display how many lines in data txt contain word ‘malware. Se malware Search go tothe previous line contaiing the grep =F -c 1.2.3.4 *.txt Display the numberof ines with P1.2.3.4 in word ‘malware ‘each le that ends in. tet n Repeat a previous search Less arge.fite Display are ile in less (see rght. pease Less -5 large. file Display large. in less see right), and allow for Repeat a previous search, but in the opposite side-to-side scaling direction. | (AKA “pipe”) grep malware grep malware gata.txt | tail -n 38 data.txt | grep blaster cat data.txt | sort cat data.tkt | sort | unig cat data.txt | sort | unig -c cat data.txt | sort | uniq-¢ | sort ~ > cat data.txt | sort | unig -c | sort -n | tail -n 28 cat conn.tog | bro-cut {d.resp_h prote service cat http. 1og | bro-cut -d ts method host uri Tip — Compressed Files BAT Fed Yel siecle Ti Linux commands are all well documented. To view the Files that end in g2 are compressed, and might require some different commands: © Broa documentation: Command | Modification for gx = Run the command catorgrep [Use zcat or zgrep. pce isc e te cena *+ Use the manual pages for more detail hhead or tail [Use zcat| head or zcat | tall (eg. man tail, Note: these open in less. ass the output of one command to another command Note For the “pipe” character, use the key above enter (sme key as backslash) Display the last 30 nes in data tat that contain the word ‘malware’ Display ines in data tt that contain ‘malware’ and also contain blaster.” Display data, sorted alohabetcally Display datas, sorted alphabetically, with duplicates removed Sort, remove duplicates, and display the numberof times each ine occurced Sort, remove duplicates, and display the most frequent ines Sor, remove duplicates, and display the 20 most frequent nes. (Only display the i.resp_h, proto and service columns ofthe conn Sroog. ‘Only dispaythe timestamp, method, host and ur colurms, and convert the timestamp to human-readable format. ena) Commands take longer to run on larger files. Some things to keep in mind are: Use grepF instead of plain grep. For viewing the file, useless instead of cat. Try to use grep as early as possible, soit ‘you pipe to other tools, there's les data to crunch, with help (eg. tall * 68 uc.hanes ‘>Dsolayiux syst information ‘ame Sospby kamal eeasenamation pte Shon how on the sytem has buen runing + oad hostname show system hostname osama SDs be IP adctoss fhe host ost Show syste febot story . Dipl wo ne Soa nou ged oe the ayer tea Diep lok device related infomation i Linux from Used ar ree trary (oF MS} ‘earl sam ‘Delete vse sam ‘nisosorsam had oo" ‘eormo iy user nfornation Sap => Changos a sore up feat Dipl alinormaton abut les! directories pea Show the pth of euro dire Ini drecor.name =>Crea a arocory ifn Ir drectory-aam Ii sfarocory-name =>Forestuny rove eroctory recursvoly {pile tea ‘apy flo lee opera are Copy ao 2, rats dz dows ox ‘ve He Rename sour io det! move source to aectory Ins pate same inerame ¥oroat symbole Ine leramo ch le ‘rast upto te cattle Paco staneard utr ‘ror fle ip oman of fle faa Op rt 1 nos of th pt st 0 nasa rte =>ouput cntois fle a grows string wh be Tar iolnes apa flo Enero ts 3 go Dect fe we pit the nome of ys, word, and ns i ls was ecu oonmang ines fen sana put ps Display your ourenty active processes sou [are tle ips Kat roe lal processes narod 30 pat pocessnamo =>Serd sie! lo «proves with name ba Resumes suspended jabs without Brg ther to Teregrouna ® ->Srngs te most ecat job oforaround Be brings ob note foreground FILE PERMISSION RELATED ‘Banple etx prmision or wna group. word Seta pan roman aa own coneraee le Change oane ofthe le Sone nersecouergp Hename >change er and ap own omnerserounet group delay =>Crange oe! and group ‘omne ofthe decoy ux Commands swoRK ipaaarshow ——_=>Dispay al network neces andi acraes Sadan ado 182.080. Gown cap wae pa nest >Sand echo raquo eet connecton sg rnost Rovere lookup host fest goaglecom — “SLookup ONS ip address fr the name fetoame ‘Shue al ip adress vote enna Giese Domne aan ces oa. Gevipigesntomsolnetl ep bas pacing insraut Faom sousce "2" feo pater dr Sears ec fr pater svsoreront Senco pot userhost -Connoct to host a vse Isnetoet Scenneet toe systom vg le! pot ‘tp 192168752 connec remota host eo flo sven Secure copy la. to root host inp toler -Syncroize sure odestnaton an ‘= Stow foe space on murod shaytons a3 ‘SSrow fre nes on mounted flosytoms ‘ie ‘SShow asks parton sas and pos oon ‘Siepay a usag n haan readable form oan ‘Sispay alder usago onthe cue ractry finn Sissays ergot mount pital shaystom our dvice-pam moure-pant Nour dovoe DIRECTORY TRAVERSE ci Togo upanolovel ofthe dairy toe ca SCofe Shows aracory 72