Linux Notes
Linux Notes

Linux Notes

June 1, 2021

File System

/ (root filesystem)
The root filesystem is the top-level directory of the filesystem and contains all of the files necessary to boot the Linux system. After the system is booted, other filesystems are mounted as sub-directories of the root filesystem.
The /bin directory contains user executable files.
Contains the static boot-loader and kernel executable and configuration files required to boot a Linux computer.
This directory contains the device files for every hardware device attached to the system. These are not device drivers, rather they are files that represent each device on the computer and facilitate access to those devices.
Contains the local system configuration files for the host computer.
Home directory storage for user files. Each user has a subdirectory in /home.
Contains shared library files that are required to boot the system.
A place to mount external removable media devices such as USB thumb drives that may be connected to the host.
A temporary mountpoint for regular filesystems (as in not removable media) that can be used while the administrator is repairing or working on a filesystem.
Optional files such as vendor supplied application programs should be located here.
This is not the root (/) filesystem. It is the home directory for the root user.
System binary files. These are executables used for system administration.
Temporary directory. Used by the operating system and many programs to store temporary files. Users may also store files here temporarily. Note that files stored here may be deleted at any time without prior notice.
These are shareable, read-only files, including executable binaries and libraries, man files, and other types of documentation.
Variable data files are stored here. This can include things like log files, MySQL, and other database files, web server data files, email inboxes, and much more.
It is used as local mounting point


ps command

List all running processes:

ps aux

List all running processes including the full command string:

ps auxww

Search for a process that matches a string:

ps aux | grep {{string}}

List all processes of the current user in extra full format:

ps --user $(id -u) -F

List all processes of the current user as a tree:

ps --user $(id -u) f

Get the parent PID of a process:

ps -o ppid= -p {{pid}}

Sort processes by memory consumption:

ps --sort size
ps aux output
ps aux output
/proc folder contains information about processes and other system information
For more info visit:

pstree command

Display a tree of processes:


Display a tree of processes with PIDs:

pstree -p

Display all process trees rooted at processes owned by specified user:

pstree {{user}}
-g adds psid
-s adds parent of procces
-a adds argument of process
For more info visit:


ifconfig command

View network settings of an Ethernet adapter:

ifconfig eth0

Display details of all interfaces, including disabled interfaces:

ifconfig -a

Disable eth0 interface:

ifconfig eth0 down

Enable eth0 interface:

ifconfig eth0 up

Assign IP address to eth0 interface:

ifconfig eth0 {{ip_address}}

nmcli command

Run an nmcli subcommand:

nmcli {{agent|connection|device|general|help|monitor|networking|radio}} {{command_options}}

Display the current version of NetworkManager:

nmcli --version

Display help:

nmcli --help

Display help for a subcommand:

nmcli {{subcommand}} --help

ip command

Show / manipulate routing, devices, policy routing and tunnels.

List interfaces with detailed info:

ip address

List interfaces with brief network layer info:

ip -brief address

List interfaces with brief link layer info:

ip -brief link

Display the routing table:

ip route

Show neighbors (ARP table):

ip neighbour

Make an interface up/down:

ip link set {{interface}} up/down

Add/Delete an IP address to an interface:

ip addr add/del {{ip}}/{{mask}} dev {{interface}}

Add a default route:

ip route add default via {{ip}} dev {{interface}}

netstat command

Displays network-related information such as open connections, open socket ports, etc.

List all ports:

netstat --all

List all listening ports:

netstat --listening

List listening TCP ports:

netstat --tcp

Display PID and program names:

netstat --program

List information continuously:

netstat --continuous

List routes and do not resolve IP addresses to hostnames:

netstat --route --numeric

List listening TCP and UDP ports (+ user and process if you're root):

netstat --listening --program --numeric --tcp --udp --extend

ss command

Utility to investigate sockets.

Show all TCP/UDP/RAW/UNIX sockets:

ss -a {{-t|-u|-w|-x}}

Filter TCP sockets by states, only/exclude:

ss {{state/exclude}} {{bucket/big/connected/synchronized/...}}

Show all TCP sockets connected to the local HTTPS port (443):

ss -t src :{{443}}

Show all TCP sockets listening on the local 8080 port:

ss -lt src :{{8080}}

Show all TCP sockets along with processes connected to a remote ssh port:

ss -pt dst :{{ssh}}

Show all UDP sockets connected on specific source and destination ports:

ss -u 'sport == :{{source_port}} and dport == :{{destination_port}}'

Show all TCP IPv4 sockets locally connected on the subnet

ss -4t src {{192.168/16}}
For more info visit:

traceroute command

Print the route packets trace to network host.

Traceroute to a host:

traceroute {{host}}

Disable IP address and host name mapping:

traceroute -n {{host}}

Specify wait time for response:

traceroute -w {{0.5}} {{host}}

Specify number of queries per hop:

traceroute -q {{5}} {{host}}

Specify size in bytes of probing packet:

traceroute {{host}} {{42}}
For more info visit:

nc command

Netcat is a versatile utility for working with TCP or UDP data.

Listen on a specified port and print any data received:

nc -l {{port}}

Connect to a certain port:

nc {{ip_address}} {{port}}

Set a timeout:

nc -w {{timeout_in_seconds}} {{ipaddress}} {{port}}

Keep the server up after the client detaches:

nc -k -l {{port}}

Keep the client up even after EOF:

nc -q {{timeout}} {{ip_address}}

Scan the open ports of a specified host:

nc -v -z {{ip_address}} {{port}}

Act as proxy and forward data from a local TCP port to the given remote host:

nc -l {{local_port}} | nc {{hostname}} {{remote_port}}
For more info visit:

dig command

DNS lookup utility.

Lookup the IP(s) associated with a hostname (A records):

dig +short {{}}

Get a detailed answer for a given domain (A records):

dig +noall +answer {{}}

Query a specific DNS record type associated with a given domain name:

dig +short {{}} {{A|MX|TXT|CNAME|NS}}

Get all types of records for a given domain name:

dig {{}} ANY

Specify an alternate DNS server to query:

dig @{{}} {{}}

Perform a reverse DNS lookup on an IP address (PTR record):

dig -x {{}}

Find authoritative name servers for the zone and display SOA records:

dig +nssearch {{}}

Perform iterative queries and display the entire trace path to resolve a domain name:

dig +trace {{}}
For more info visit:


chown command

Permission management tool

Change the owner user of a file/directory:

chown {{user}} {{path/to/file_or_directory}}

Change the owner user and group of a file/directory:

chown {{user}}:{{group}} {{path/to/file_or_directory}}

Recursively change the owner of a directory and its contents:

chown -R {{user}} {{path/to/directory}}

Change the owner of a symbolic link:

chown -h {{user}} {{path/to/symlink}}

Change the owner of a file/directory to match a reference file:

chown --reference={{path/to/reference_file}} {{path/to/file_or_directory}}

chmod command

Give the [u]ser who owns a file the right to e[x]ecute it:

chmod u+x {{path/to/file}}

Give the [u]ser rights to [r]ead and [w]rite to a file/directory:

chmod u+rw {{path/to/file_or_directory}}

Remove e[x]ecutable rights from the [g]roup:

chmod g-x {{path/to/file}}

Give [a]ll users rights to [r]ead and e[x]ecute:

chmod a+rx {{path/to/file}}

Give [o]thers (not in the file owner's group) the same rights as the [g]roup:

chmod o=g {{path/to/file}}

Remove all rights from [o]thers:

chmod o= {{path/to/file}}

Change permissions recursively giving [g]roup and [o]thers the ability to [w]rite:

chmod -R g+w,o+w {{path/to/directory}}

Recursively give [a]ll users [r]ead permissions to files and e[X]ecute permissions to sub-directories within a directory:

chmod -R a+rX {{path/to/directory}}



Generate ssh keys used for authentication, password-less logins, and other things.

Generate a key interactively:


Specify file in which to save the key:

ssh-keygen -f {{~/.ssh/filename}}

Generate an ed25519 key with 100 key derivation function rounds:

ssh-keygen -t {{ed25519}} -a {{100}}

Generate an RSA 4096-bit key with email as a comment:

ssh-keygen -t {{dsa|ecdsa|ed25519|rsa}} -b {{4096}} -C "{{comment|email}}"

Remove the keys of a host from the known_hosts file (useful when a known host has a new key):

ssh-keygen -R {{remote_host}}

Retrieve the fingerprint of a key in MD5 Hex:

ssh-keygen -l -E {{md5}} -f {{~/.ssh/filename}}

Change the password of a key:

ssh-keygen -p -f {{~/.ssh/filename}}

Change the type of the key format (for example from OPENSSH format to PEM), the file will be rewritten in-place:

ssh-keygen -p -N "" -m {{PEM}} -f {{~/.ssh/OpenSSH_private_key}}


Secure Shell is a protocol used to securely log onto remote systems.

Connect to a remote server:

ssh {{username}}@{{remote_host}}

Connect to a remote server with a specific identity (private key):

ssh -i {{path/to/key_file}} {{username}}@{{remote_host}}

Connect to a remote server using a specific port:

ssh {{username}}@{{remote_host}} -p {{2222}}

Run a command on a remote server with a [t]ty allocation allowing interaction with the remote command:

ssh {{username}}@{{remote_host}} -t {{command}} {{command_arguments}}

SSH tunneling: Dynamic port forwarding (SOCKS proxy on localhost:1080):

ssh -D {{1080}} {{username}}@{{remote_host}}

SSH tunneling: Forward a specific port (localhost:9999 to along with disabling pseudo-[T]ty allocation and executio[N] of remote commands:

ssh -L {{9999}}:{{}}:{{80}} -N -T {{username}}@{{remote_host}}

SSH jumping: Connect through a jumphost to a remote server (Multiple jump hops may be specified separated by comma characters):

ssh -J {{username}}@{{jump_host}} {{username}}@{{remote_host}}

Agent forwarding: Forward the authentication information to the remote machine (see man ssh_config for available options):

ssh -A {{username}}@{{remote_host}}
More information:

ssh-copy-id command

Install your public key in a remote machine's authorized_keys.

Copy your keys to the remote machine:

ssh-copy-id {{username@remote_host}}

Copy the given public key to the remote:

ssh-copy-id -i {{path/to/certificate}} {{username}}@{{remote_host}}

Copy the given public key to the remote with specific port:

ssh-copy-id -i {{path/to/certificate}} -p {{port}} {{username}}@{{remote_host}}

journalctl command

Query the systemd journal.

Show all messages with priority level 3 (errors) from this [b]oot:

journalctl -b --priority={{3}}

Show all messages from last [b]oot:

journalctl -b -1

Delete journal logs which are older than 2 days:

journalctl --vacuum-time={{2d}}

[f]ollow new messages (like

tail -f

for traditional syslog):

journalctl -f

Show all messages by a specific [u]nit:

journalctl -u {{unit}}

Filter messages within a time range (either timestamp or placeholders like "yesterday"):

journalctl --since {{now|today|yesterday|tomorrow}} --until {{YYYY-MM-DD HH:MM:SS}}

Show all messages by a specific process:

journalctl _PID={{pid}}

Show all messages by a specific executable:

journalctl {{path/to/executable}}