Commonly Used Linux Troubleshooting Commands

1. Find largest files on disk

find /* -type f -exec du -sh {} + | sort -hr | head -n10

2. Find the process accessing a specific file (Read or Write)

lsof /var/log/mystery_app.log

#From the output of the above command take the Process ID

ps -o cmd <PID>

3. Copy files from a remote server to local machine via jump server

rsync -avz -e "ssh -J jumpuser@jumpserver" remoteuser@remoteserver:/path/to/files/ /path/to/destination/

• - a: archive mode, preserving file permissions, ownership, timestamps, and links

• - v: verbose mode, displaying detailed progress information

• - z: compress data during transfer to reduce bandwidth usage

• - e: option specifies the remote shell to use for the transfer, which is ssh in this case.

• - J: option specifies the jump server to use for the transfer.

4. Copy files from local machine to remote server via jump server

rsync -avz -e 'ssh -J user@jumpserver' /path/to/local/files user@remoteserver:/path/to/remote/directory

5. Important lsof commands

#List all processes that are listening on a particular port:
lsof -i :<port_number>

#List all open files for a particular process:
lsof -p <process_id>

#List all files opened by a particular user:
lsof -u <username>

#List all network connections:
lsof -i

#List all open files in a particular directory:
lsof +D <directory_path>

6. If you have root access how to iterate through all user’s crontab entries

sudo su
for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

7. Cron logs

/var/log/cron

8. CURL command to find out your server’s IP Address

curl ifconfig.me && echo ""

9. Create a Test 2 GB File

dd if=/dev/zero of=test bs=2m count=2000

10. Find all files in a directory that contain a particular string

grep -ri "string" /path/to/directory
find /path/to/directory -name "*.txt" -exec grep -H "string" {} \;

11. Find all files in a directory but exclude file1 and file2

grep -r --exclude="file1" --exclude="file2" "your_string" /path/to/directory

12. How can I test if secure-boot is enabled?

mokutil --sb-state
SecureBoot enabled

13. Find service on port

netstat -ltnp | grep -w ':3306'

14. Zip And Encrypt A File

zip -e temp-sssd-resolv.zip sssd_resolv

15. Take A TCP Dump

sudo tcpdump -i ens5 port 3128 -w capture.pcap

16. Grep The PCAP File

sudo tcpdump -r capture.pcap | grep <IP address>

17. Remove older kernel from your local repo

sudo package-cleanup --oldkernels --count=2

18. Check Yum Repo For package

sudo yum list updates 'kernel*'

19. Check if user can sudo

sudo -l -U <linux-username>

20. Ping sweep

for i in $(seq 254); do ping 10.1.2.${i} -c1 -W1 & done | grep from

Conclusion: