Linux Tricks Cheatsheet
Password Generators
# pwgen
$ brew install pwgen # MacOS
$ sudo dnf install pwgen # Fedora
$ pwgen 12
sei9AhPiokai jaezooThahn4 yahghooCh5ha uquiCh7soog0 Pahthe0fe5Ku owaht4xooPhu
eet2eijeeT6E Chie8oz1Enee Piemu7pi1uqu TheebohNg8se eil2AhNeiF2s WueGh8guoxie
# apg
$ sudo dnf install apg # Fedora
$ apg -n 3 -m 12 -M SNCL # pronounceable
tit8OdcigEp~
Plaf@dryRec6
JavJu%Wudek6
$ apg -a 1 -n 3 -m 12 -M SNCL # random
,+c"e3P[Me%H
ZlL0qw_8L)Ff
1x=2nizg}x!X
# gpg
$ brew install gpg # MacOS
$ sudo dnf install gpg # Fedora
$ gpg --gen-random --armor 1 14
spdhuOS2il2JjhOq2ZU=
tree Directory Viewer
$ brew install tree # MacOS
$ sudo dnf install tree # Fedora
$ tree
$ tree /path/to/directory
$ tree [options]
$ tree [options] /path/to/directory
dnf Useful Commands
$ sudo dnf check-update # check for available updates
$ sudo dnf update # update installed packages
$ sudo dnf upgrade # a more aggressive update which may remove installed packages
$ sudo dnf install httpd # install httpd
$ sudo dnf install httpd-manual -y # assume yes
$ sudo dnf install unbound-1.4.20-28.el7.x86_64.rpm # install local package
$ sudo dnf remove httpd # remove package
$ sudo dnf reinstall httpd -y # reinstall package
$ sudo dnf search php # search for a package
$ sudo dnf provides /etc/httpd/conf/httpd.conf # which package provides the file (installed or not)
$ sudo dnf provides httpd # which package provides 'httpd' (installed or not)
$ sudo dnf info httpd # package info (installed or not)
$ sudo dnf repoquery --list httpd # list the files (to be) installed by package
$ sudo dnf history # installation history
$ sudo dnf history info 13 # what did install 13 do
$ sudo dnf history undo 13 -y # undo install 13
$ sudo dnf history redo 13 -y # redo install 13
$ sudo dnf list installed # list installed packages
$ sudo dnf grouplist # list which groups are available, installed, not-installed
$ sudo dnf groupinfo "System Tools" # what is installed by this group
$ sudo dnf repolist # reports being used
$ sudo dnf clean all # clean dnf caches
dnf5 Useful Commands
Fedora package installer changed from DNF to DNF5 starting with Fedora 41.
$ sudo dnf check-update # check for available updates
$ sudo dnf update # update installed packages
$ sudo dnf upgrade # upgrade installed packages and dependencies
$ sudo dnf install httpd # install httpd
$ sudo dnf install httpd-manual -y # assume yes
$ sudo dnf downgrade httpd # if possible downgrade
$ sudo dnf upgrade httpd # if possible upgrade
$ sudo dnf reinstall httpd # reinstall httpd
$ sudo dnf remove httpd # remove package
$ sudo dnf dnf check-update # check for available updates
$ sudo dnf update # update installed packages
$ sudo dnf install unbound-1.4.20-28.el7.x86_64.rpm # install local package
$ sudo dnf search php # search for a package
$ sudo dnf provides /etc/httpd/conf/httpd.conf # which package provides the file (installed or not)
$ sudo dnf provides httpd # which package provides 'httpd' (installed or not)
$ sudo dnf info httpd # package info (installed or not)
$ sudo dnf repoquery --list httpd # list the files (to be) installed by package
$ sudo dnf history list # installation history
$ sudo dnf history info 13 # what did install 13 do
$ sudo dnf history undo 13 -y # undo install 13
$ sudo dnf history redo 13 -y # redo install 13
$ sudo dnf list --installed # list installed packages
$ sudo dnf group list # list which groups are available, installed, not-installed
$ sudo dnf group install system-tools # installed this group
$ sudo dnf group info system-tools # what is installed by this group
$ sudo dnf repolist # reports being used
$ sudo dnf clean all # clean dnf caches
LS commands
Command |
Description |
|---|---|
lsblk |
|
lsb_release |
|
lscpu |
|
lsipc |
show information on IPC facilities currently employed in the system |
lslocks |
|
lslogins |
|
lsmem |
list the ranges of available memory with their online status |
lsns |
|
lspci |
|
lsusb |
|
lsof |
ss an alternative to netstat
Some Linux distributions do not provide netstat, but may provide ss
$ ss -tlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.11:43225 0.0.0.0:*
LISTEN 0 80 0.0.0.0:3306 0.0.0.0:*
LISTEN 0 80 [::]:3306 [::]:*
$ ss --help
envsubst command
Replace an environment variable in a text file.
# install if missing, for example on fedora
$ sudo dnf install gettext-envsubst
# create file
$ cat > infile <<'EOF'
> VAR1=${VAR1}
> VAR2=${VAR2}
> VAR3=${VAR3}
> EOF
# create environment variables
$ export VAR1="one" VAR2="two" VAR3="three"
# replace all
$ envsubst < infile
VAR1=one
VAR2=two
VAR3=three
# selective replace
$ envsubst '${VAR1} ${VAR3}' < infile
VAR1=one
VAR2=${VAR2}
VAR3=three
# change the values
$ export VAR1="once" VAR2="twice" VAR3="thrice"
$ envsubst < infile
VAR1=once
VAR2=twice
VAR3=thrice
Terminal Pagers
Stolen from the Fedora Magazine: 5 cool terminal pages post.
$ more --help # trusty original with limited features
$ more <file> #
$ more <file1> <file2> <file3> # ':n' next file, ':p' previous file
$ less --help # many features
$ less <file> #
$ less <file1> <file2> <file3> # ':n' next file, ':p' previous file, ':e' new file
$ most --help # good for 'wide' files
$ most <file> # screens: 'ctl-x 2' split, 'ctl-x 1' close , 'ctl-x o' switch
$ most <file1> <file2> <file3> # split-screen and ':n' next file, ':p' previous file
$ pspg --help # table friendly pager
$ cat t.csv
a;b;c;d;e
1;2;3;4;5
$ cat t.csv | pspg --csv
mysql> pager pspg; # replace less or more as pager
$ export PAGER=pspg; mycli ... # MySQL CLI example
$ export PAGER=pspg; pgcli ... # PostgreSQL CLI example
Cat File Tricks
$ cat -n <filename> # adds line number prefix
$ cat -e <filename> # shows crlf ending (Unix, DOS, MacOS)
$ cat -n <filename> | head -5 # (beginning) first 5 lines
$ cat -n <filename> | tail -5 # (ending) last 5 lines
$ cat -n <filename> | tail -10 | head -5 # (middle) first 5 of last 10 lines
Grep File Tricks
$ cat flintstones.yaml
---
family: flintstones
members:
- Name: Fred
Age: 35
Gender: male
- Name: Wilma
Age: 25
Gender: female
- Name: Pebbles
Age: 1
Gender: female
- Name: Dino
Age: 5
Gender: male
$ grep Fred flintstones.yaml
- Name: Fred
$ grep Name flintstones.yaml
- Name: Fred
- Name: Wilma
- Name: Pebbles
- Name: Dino
$ grep "Name|Age" flintstones.yaml # no output
$ grep -E "Name|Age" flintstones.yaml # Extended (a.k.a egrep)
- Name: Fred
Age: 35
- Name: Wilma
Age: 25
- Name: Pebbles
Age: 1
- Name: Dino
Age: 5
$ grep Age flintstones.yaml -A 1 # one line After match
Age: 35
Gender: male
--
Age: 25
Gender: female
--
Age: 1
Gender: female
--
Age: 5
Gender: male
$ grep Age flintstones.yaml -B 1 # one line Before match
- Name: Fred
Age: 35
--
- Name: Wilma
Age: 25
--
- Name: Pebbles
Age: 1
--
- Name: Dino
Age: 5
$ grep Age flintstones.yaml -C 1 # one line Context (before/after) match
- Name: Fred
Age: 35
Gender: male
- Name: Wilma
Age: 25
Gender: female
- Name: Pebbles
Age: 1
Gender: female
- Name: Dino
Age: 5
Gender: male
JSON, YAML File Filtering
jqis a lightweight command-line JSON processor, similar tosed.yqis a Python command-line (jqwrapper) YAML/XML processor.
# Installation
$ sudo dnf install jq # Fedora
$ brew install jq # MacOS
$ pip install yq # Python
$ winget install jqlang.jq # Windows
# Command Line examples
$ echo '{"fruit":{"name":"apple","color":"green","price":1.20}}' | jq '.' # pretty-print
{
"fruit": {
"name": "apple",
"color": "green",
"price": 1.2
}
}
# Get International Space Station Current Location
$ curl http://api.open-notify.org/iss-now.json | jq '.' # pretty-print HTTP response
{
"message": "success",
"iss_position": {
"longitude": "103.2534",
"latitude": "-44.3309"
},
"timestamp": 1719322950
}
# Installation
# Linux
$ VERSION=v4.43.1
$ BINARY=yq_linux_amd64
$ sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq
$ sudo chmod +x /usr/bin/yq
$ brew install yq # MacOS
$ winget install --id MikeFarah.yq # Windows
# Command Line examples
$ echo '{"fruit":{"name":"apple","color":"green","price":1.20}}' | yq '.'
{"fruit": {"name": "apple", "color": "green", "price": 1.20}}
# Get International Space Station Current Location
$ curl http://api.open-notify.org/iss-now.json | yq '.' # pretty-print HTTP GET response
{"message": "success", "iss_position": {"longitude": "103.9546", "latitude": "-44.0234"}, "timestamp": 1719322960}
XML, HTML File Filtering
xq XML and HTML beautifier and content extractor
# Installation
$ sudo dnf install xq # Fedora
$ brew install xq # MacOS
$ curl -sSL https://bit.ly/install-xq | sudo bash # Linux, installs into /usr/local/bin
# Command Line example
$ curl -s https://www.w3schools.com/xml/note.xml | xq
<?xml version="1.0" encoding="UTF-8"?>
<note>
<to>Tove</to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Don't forget me this weekend!</body>
</note>
Repology
Repology shows you in which repositories a given project is packaged, which version is the latest and which needs updating, who maintains the package, and other related information.
HTTP Header Checking
$ curl -I 127.0.0.1:8080
HTTP/1.1 200 OK
Server: nginx/1.27.0
Date: Sat, 01 Jun 2024 15:14:01 GMT
Content-Type: text/html
Content-Length: 4253
Last-Modified: Sat, 01 Jun 2024 14:14:45 GMT
Connection: keep-alive
ETag: "665b2cd5-109d"
Accept-Ranges: bytes
$ wget -S --spider 127.0.0.1:8080
Spider mode enabled. Check if remote file exists.
--2024-06-01 17:13:56-- http://127.0.0.1:8080/
Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx/1.27.0
Date: Sat, 01 Jun 2024 15:13:56 GMT
Content-Type: text/html
Content-Length: 4253
Last-Modified: Sat, 01 Jun 2024 14:14:45 GMT
Connection: keep-alive
ETag: "665b2cd5-109d"
Accept-Ranges: bytes
Length: 4253 (4.2K) [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
Email Checking
Shameless copy of the LinkedIn post by Jan Schaumann
$ sudo dnf install bind-utils # Install dig, if necessary
$ dig +short MX yahoo.com # DNS MX records
$ dig +short TXT yahoo.com | grep spf # domain spoofing check
$ dig +short TXT selector._domainkey.yahoo.com # DKIM email authentication method
$ dig +short TXT _dmarc.yahoo.com # DMARC (spf and/or DKIM)
$ dig +short TXT _mta-sts.yahoo.com # MTA-STS (is TLS enforced)
$ curl https://mta-sts.yahoo.com/.well-known/mta-sts.txt # MTA-STS (is TLS enforced)
$ dig +short TXT _smtp._tls.yahoo.com # SMTP TLS Reporting
$ dig +short TLSA _port._tcp.yahoo.com # DANE check (no results?)
$ dig +short TXT default._bimi.yahoo.com # BIMI check (no results?)
To help understand these commands
Gnome Desktop Custom Launcher
Using PyCharm Community Edition as an example,
download the PyCharm Community Edition and unpack the
tar.gz file into $HOME/Applications
Create the com.jetbrains.pycharm.community.desktop file, modify it as necessary, and then copy it to
$HOME/.local/share/applications
$ cat com.jetbrains.pycharm.community.desktop
[Desktop Entry]
Encoding=UTF-8
Name=PyCharm
Exec=/home/<user>/Applications//bin/pycharm.sh
Icon=/home/<user>/Applications/pycharm-community/bin/pycharm.png
Type=Application
Version=2022.2.2
Terminal=false
Categories=Development;
$ cp ./com.jetbrains.pycharm.community.desktop $HOME/.local/share/applications
Base 64 Encode/Decode
$ echo -n "EncodeMe-in-Base64" | base64
RW5jb2RlTWUtaW4tQmFzZTY0
$ echo -n "RW5jb2RlTWUtaW4tQmFzZTY0" | base64 -d
EncodeMe-in-Base64
Using Python
>>> import base64
>>> _ascii = "EncodeMe-in-Base64".encode("ascii")
>>> _b64bytes = base64.b64encode(_ascii)
>>> print(_b64bytes.decode("ascii"))
RW5jb2RlTWUtaW4tQmFzZTY0
>>> import base64
>>> _ascii = "RW5jb2RlTWUtaW4tQmFzZTY0".encode("ascii")
>>> _b64bytes = base64.b64decode(_ascii)
>>> print(_b64bytes.decode("ascii"))
EncodeMe-in-Base64
WSL2 on Windows
Read the prerequisites in, Install Linux on Windows with WSL
Installation can now be done via the Microsoft Store
First enable Windows optional features to run WSL, so the sequence is as follows.
1. Windows -> Settings -> Optional Features -> More Windows Features
- [x] Virtual Machine Platform
- [x] Windows Subsystem for Linux
2. Reboot
3. Install WSL from Microsoft Store
4. Reboot
5. Install Ubuntu (20.04.6 LTS) from Microsoft Store
Update Ubuntu
$ man apt-get
$ sudo apt-get update # sync the package index files
$ sudo apt-get upgrade # install the newest versions
$ sudo reboot
$ man apt
$ sudo apt update # sync the package index files
$ sudo apt upgrade # install the newest versions
$ sudo reboot
$ apt --help
Testing Remote Connections
The examples are testing for SSH daemon (port 22) on host 192.168.0.1
ncat - Concatenate and redirect sockets
$ nc [-options] [HostName or IP] [PortNumber]
$ nc -zvw10 192.168.0.1 22
# z: zero-I/O mode which is used for scanning
# v: verbose output
# w10: timeout wait 10 seconds
nmap - Network exploration tool and security / port scanner
$ nmap [-options] [HostName or IP] [-p] [PortNumber]
$ nmap 192.168.0.1 -p 22
# v: verbose output
# z: only scan for open ports
telnet - user interface to the TELNET protocol
# Maybe not installed
$ telnet [HostName or IP] [PortNumber]
$ telnet 192.168.0.1 22
Python: telnetlib — Telnet client
Warning
‘telnetlib’ was deprecated in Python 3.12 and removed in Python 3.13
$ python3.12 -c "import telnetlib; tel=telnetlib.Telnet('192.168.0.1','22',10); print(tel.host,tel.port); tel.close()"
$ python
>>> import telnetlib
>>> tel = telnetlib.Telnet('192.168.0.1', 22, 10) # 10 second timeout
>>> print(tel.host, tel.port) # 192.168.0.1 22
>>> tel.close()
>>> exit()
Python: socket — Low-level networking interface
$ python3 -c "import socket; s = socket.socket(); s.settimeout(10); s.connect(('192.168.0.1', 22)); print(s)"
$ python3
>>> import socket
>>> s = socket.socket()
>>> s.settimeout(10)
>>> s.connect(('192.168.0.1', 22))
>>> print(s) # "<socket.socket fd=1376, family=2, type=1, proto=0, laddr=('127.0.0.1', 52243), raddr=('192.168.0.1', 22)>"
>>> exit()
curl - transfer a URL
cURL can do much much more see, cURL - The Ultimate Reference Guide and Everything curl
$ curl -v telnet://<remote server>:port
$ curl -v telnet://192.168.0.1:22
Linux Network Tools
Command |
Description |
|---|---|
Send ICMP ECHO_REQUEST to network hosts |
|
TCP/IP equivalent of ping |
|
Access URL meta-data or content |
|
Show / manipulate traffic control settings |
|
DNS lookup utilities |
|
Secure client connection and copy |
|
Insecure client connection and copy |
|
Sophisticated remote/local file-copying |
|
Dump and analyze network traffic |
|
Network grep |
|
Show/manipulate ip routing, devices, and tunnels |
|
Configure a wireless network interface |
|
Network exploration tool and security/port scanner |
|
Identify remote systems passively |
|
Secure VPN tunnels |
|
Arbitrary TCP and UDP connections and listeners |
|
Troubleshoot connections, processes, file usage Dump socket statistics List open files Identify processes using files or sockets |
|
Firewall, TCP/IP packet filtering and NAT |
|
Manipulate the system ARP cache |
|
Print the route packets take to network host Combined traceroute and ping Traceroute implementation using TCP packets |
|
Interactive Colorful IP LAN Monitor Net top tool grouping bandwidth per process Display bandwidth usage on an interface by host Display top network users |
|
Apache HTTP server benchmarking tool Displays the current network usage Throughput, latency, link capacity, responsiveness |
|
An IPv4 Netmask/broadcast/etc calculator Format, calculate, show, filter IPv6/IPv4/MAC |
|
Run program in different namespaces |
|
HTTP serve files in CWD, |
Brendan Gregg’s Homepage
G’Day. I use this site to share and bookmark various things, mostly my work with computers. While I currently work on large scale cloud computing performance at Intel (previously Netflix), this site reflects my own opinions and work from over the years. I have a personal blog, and I’m also on twitter.
This page lists everything: Documentation, Videos, Software, Misc. For a short selection of most popular content, see my Overview page.
Managing .rc files
By default, rcm uses ~/.dotfiles for storing all the dotfiles it manages.
A managed dotfile is actually stored inside ~/.dotfiles, and a symlinked.
For example, if ~/.bashrc is tracked by rcm, a long listing would look like this.
$ ls -l ~/.bashrc
lrwxrwxrwx. 1 link link 27 Dec 16 05:19 .bashrc -> /home/geoff/.dotfiles/bashrc
rcm consists of 4 commands:
mkrc– convert a file into a dotfile managed by rcmlsrc– list files managed by rcmrcup– synchronize dotfiles managed by rcmrcdn– remove all the symlinks managed by rcm
Fedora 36 Live CD install
Note
Fedora 37, 38 and 39 Install media don’t boot in UEFI mode on certain motherboards
Of course backup everything you want to keep because you are going to reformat the HDD or SSD!
The live installation is process is well documented and robust so simply follow:
Next add the RPM Fusion repositories, by installing and configuring them as described in RPMFusion Configuration
Finally consult Fedora Quick Docs especially the Adding and managing software section.
Some of the perennial audio and video playback issues are still there, so follow these instructions.
$ sudo dnf install gstreamer1-plugins-{bad-\*,good-\*,base} gstreamer1-plugin-openh264 gstreamer1-libav --exclude=gstreamer1-plugins-bad-free-devel
$ sudo dnf install lame\* --exclude=lame-devel
$ sudo dnf group upgrade --with-optional Multimedia