SOC Blogs
Tutorials
Security Bulletins
Hey, I am Avradeep
Buy Me A Book!
Tutorials
Tutorials/
Linux 101
Linux 101/
Commonly Used Linux Troubleshooting Commands
Commonly Used Linux Troubleshooting Commands
Search
Commonly Used Linux Troubleshooting Commands

Commonly Used Linux Troubleshooting Commands

 

1. Find largest files on disk

find /* -type f -exec du -sh {} + | sort -hr | head -n10
 

2. Find the process accessing a specific file (Read or Write)

lsof /var/log/mystery_app.log

#From the output of the above command take the Process ID

ps -o cmd <PID>
 

3. Copy files from a remote server to local machine via jump server

rsync -avz -e "ssh -J jumpuser@jumpserver" remoteuser@remoteserver:/path/to/files/ /path/to/destination/
 
  • - a: archive mode, preserving file permissions, ownership, timestamps, and links
  • - v: verbose mode, displaying detailed progress information
  • - z: compress data during transfer to reduce bandwidth usage
  • - e: option specifies the remote shell to use for the transfer, which is ssh in this case.
  • - J: option specifies the jump server to use for the transfer.
 

4. Copy files from local machine to remote server via jump server

rsync -avz -e 'ssh -J user@jumpserver' /path/to/local/files user@remoteserver:/path/to/remote/directory
 

5. Important lsof commands

#List all processes that are listening on a particular port:
lsof -i :<port_number>

#List all open files for a particular process:
lsof -p <process_id>

#List all files opened by a particular user:
lsof -u <username>

#List all network connections:
lsof -i

#List all open files in a particular directory:
lsof +D <directory_path>
 

6. If you have root access how to iterate through all user’s crontab entries

sudo su
for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done
 

7. Cron logs

/var/log/cron
 

8. CURL command to find out your server’s IP Address

curl ifconfig.me && echo ""
 

9. Create a Test 2 GB File

dd if=/dev/zero of=test bs=2m count=2000
 

10. Find all files in a directory that contain a particular string

grep -ri "string" /path/to/directory
find /path/to/directory -name "*.txt" -exec grep -H "string" {} \;
 

11. Find all files in a directory but exclude file1 and file2

grep -r --exclude="file1" --exclude="file2" "your_string" /path/to/directory
 

12. How can I test if secure-boot is enabled?

mokutil --sb-state
SecureBoot enabled
 

13. Find service on port

netstat -ltnp | grep -w ':3306'
 

14. Zip And Encrypt A File

zip -e temp-sssd-resolv.zip sssd_resolv
 

15. Take A TCP Dump

sudo tcpdump -i ens5 port 3128 -w capture.pcap
 

16. Grep The PCAP File

sudo tcpdump -r capture.pcap | grep <IP address>
 

17. Remove older kernel from your local repo

sudo package-cleanup --oldkernels --count=2
 

18. Check Yum Repo For package

sudo yum list updates 'kernel*'
 

19. Check if user can sudo

sudo -l -U <linux-username>
 

20. Ping sweep

for i in $(seq 254); do ping 10.1.2.${i} -c1 -W1 & done | grep from
 
 
 
 
 
 
 

Conclusion

 
Check out my other blogs here ✏️
 
SOC Blogs
BoredToolbox.
SOC Blogs
https://boredtoolbox.pw/soc-blogs
SOC Blogs
 
Follow, Mentoring Free (& Paid) 📞
 
Bored Toolbox
I am a Security Engineer, passionate about building secure solutions that solve a problem at scale. Currently I work with Meta as a Security Engineer with the RL Trust Team solving Manufacturing Security Challenges for Reality Labs
Bored Toolbox
https://bento.me/boredtoolbox
Bored Toolbox
 
Subscribe to my free Security Focussed Newsletter 📰 
 
SOC Blogs | LinkedIn
Avradeep Bhattacharya | A security and technology focused newsletter that aims to share "interesting" stories heard around the internet.
SOC Blogs | LinkedIn
https://www.linkedin.com/newsletters/6964456220447387648/
SOC Blogs | LinkedIn