Commonly Used Linux Troubleshooting Commands

Commonly Used Linux Troubleshooting Commands

 

1. Find largest files on disk

find /* -type f -exec du -sh {} + | sort -hr | head -n10
 

2. Find the process accessing a specific file (Read or Write)

lsof /var/log/mystery_app.log #From the output of the above command take the Process ID ps -o cmd <PID>
 

3. Copy files from a remote server to local machine via jump server

rsync -avz -e "ssh -J jumpuser@jumpserver" remoteuser@remoteserver:/path/to/files/ /path/to/destination/
 
  • - a: archive mode, preserving file permissions, ownership, timestamps, and links
  • - v: verbose mode, displaying detailed progress information
  • - z: compress data during transfer to reduce bandwidth usage
  • - e: option specifies the remote shell to use for the transfer, which is ssh in this case.
  • - J: option specifies the jump server to use for the transfer.
 

4. Copy files from local machine to remote server via jump server

rsync -avz -e 'ssh -J user@jumpserver' /path/to/local/files user@remoteserver:/path/to/remote/directory
 

5. Important lsof commands

#List all processes that are listening on a particular port: lsof -i :<port_number> #List all open files for a particular process: lsof -p <process_id> #List all files opened by a particular user: lsof -u <username> #List all network connections: lsof -i #List all open files in a particular directory: lsof +D <directory_path>
 

6. If you have root access how to iterate through all user’s crontab entries

sudo su for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done
 

7. Cron logs

/var/log/cron
 

8. CURL command to find out your server’s IP Address

curl ifconfig.me && echo ""
 

9. Create a Test 2 GB File

dd if=/dev/zero of=test bs=2m count=2000
 

10. Find all files in a directory that contain a particular string

grep -ri "string" /path/to/directory find /path/to/directory -name "*.txt" -exec grep -H "string" {} \;
 

11. Find all files in a directory but exclude file1 and file2

grep -r --exclude="file1" --exclude="file2" "your_string" /path/to/directory
 

12. How can I test if secure-boot is enabled?

mokutil --sb-state SecureBoot enabled
 

13. Find service on port

netstat -ltnp | grep -w ':3306'
 

14. Zip And Encrypt A File

zip -e temp-sssd-resolv.zip sssd_resolv
 

15. Take A TCP Dump

sudo tcpdump -i ens5 port 3128 -w capture.pcap
 

16. Grep The PCAP File

sudo tcpdump -r capture.pcap | grep <IP address>
 

17. Remove older kernel from your local repo

sudo package-cleanup --oldkernels --count=2
 

18. Check Yum Repo For package

sudo yum list updates 'kernel*'
 

19. Check if user can sudo

sudo -l -U <linux-username>
 

20. Ping sweep

for i in $(seq 254); do ping 10.1.2.${i} -c1 -W1 & done | grep from
 
 
 
 
 
 
 

Conclusion


 
Check out my other blog posts here ✏️
 
 
If you want to chit-chat, discuss security topics, learn how to get into security or just plain hang out feel free to reach out via my socials or setup a mentoring call:
📞