Commonly Used Linux Troubleshooting Commands

Commonly Used Linux Troubleshooting Commands


1. Find largest files on disk

find /* -type f -exec du -sh {} + | sort -hr | head -n10

2. Find the process accessing a specific file (Read or Write)

lsof /var/log/mystery_app.log #From the output of the above command take the Process ID ps -o cmd <PID>

3. Copy files from a remote server to local machine via jump server

rsync -avz -e "ssh -J jumpuser@jumpserver" remoteuser@remoteserver:/path/to/files/ /path/to/destination/
  • - a: archive mode, preserving file permissions, ownership, timestamps, and links
  • - v: verbose mode, displaying detailed progress information
  • - z: compress data during transfer to reduce bandwidth usage
  • - e: option specifies the remote shell to use for the transfer, which is ssh in this case.
  • - J: option specifies the jump server to use for the transfer.

4. Copy files from local machine to remote server via jump server

rsync -avz -e 'ssh -J user@jumpserver' /path/to/local/files user@remoteserver:/path/to/remote/directory

5. Important lsof commands

#List all processes that are listening on a particular port: lsof -i :<port_number> #List all open files for a particular process: lsof -p <process_id> #List all files opened by a particular user: lsof -u <username> #List all network connections: lsof -i #List all open files in a particular directory: lsof +D <directory_path>

6. If you have root access how to iterate through all user’s crontab entries

sudo su for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

7. Cron logs


8. CURL command to find out your server’s IP Address

curl && echo ""

9. Create a Test 2 GB File

dd if=/dev/zero of=test bs=2m count=2000

10. Find all files in a directory that contain a particular string

grep -ri "string" /path/to/directory find /path/to/directory -name "*.txt" -exec grep -H "string" {} \;

11. Find all files in a directory but exclude file1 and file2

grep -r --exclude="file1" --exclude="file2" "your_string" /path/to/directory

12. How can I test if secure-boot is enabled?

mokutil --sb-state SecureBoot enabled

13. Find service on port

netstat -ltnp | grep -w ':3306'

14. Zip And Encrypt A File

zip -e sssd_resolv

15. Take A TCP Dump

sudo tcpdump -i ens5 port 3128 -w capture.pcap

16. Grep The PCAP File

sudo tcpdump -r capture.pcap | grep <IP address>

17. Remove older kernel from your local repo

sudo package-cleanup --oldkernels --count=2

18. Check Yum Repo For package

sudo yum list updates 'kernel*'

19. Check if user can sudo

sudo -l -U <linux-username>

20. Ping sweep

for i in $(seq 254); do ping 10.1.2.${i} -c1 -W1 & done | grep from


Check out my other blogs here ✏️
Follow, Mentoring Free (& Paid) 📞
Subscribe to my free Security Focussed Newsletter 📰