Linux Cheat Sheet

Contents

This is a really useful list of bash one-liners for Linux and Unix so you can save those 5 minutes of time googling. This is for all the people who need a simple short snippet they can paste into bash, or fish for that matter, but might need some modifications.

I will add new snippets whenever I stumble upon something more interesting.

Revision 7 (Each revision extends the article with new commands. I'll bump the number whenever I add something new)

Generic

Generate a secure random password

There are many methods to perform this task. I am just going to mention my favourites.

This method uses SHA to hash the date, runs through base64, and then outputs the first 32 characters.

Note: The sha256sum command on OS X should be substituted with: shasum -a 256.

date +%s | sha256sum | base64 | head -c 32 ; echo
date +%s | shasum -a 256 | base64 | head -c 32 ; echo

This one uses the very useful dd command. On OS X you will need to lose the -w 0 from the base64 command.

dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev

This uses openssl’s rand function, which may not be installed on your system. Good thing there are other examples, right?

openssl rand -base64 16
# To strip the equal signs at the end
openssl rand -base64 16 | head -c${1:-16}

Wait for internet connection

This will pause your script until there is network connection available. Really useful in some particular situations like boot time scripts, especially on machines relying on a WiFi connection.

for i in {1..50}; do ping -c1 google.com &> /dev/null && break; done

List IP Addresses on all interfaces

This will list all IP Addresses of all interfaces connected to the system. You can use it in an espionage script to report it's current location on the internet.

ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1  -d’/'

Webserver from current directory

If for some reason you would like to start a webserver from the current directory downwards, here is a single line snippet thar does the job:

python -m SimpleHTTPServer 8080

Linux

Disable Root Password Login

usermod -p '!' root

Creating a Swap file

This creates a swap file located at /swapfile with the correct permissions and size specified in MB (The example demonstrates the creation of 512MB swap file).

dd if=/dev/zero of=/swapfile bs=1M count=512
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile   none    swap    sw    0   0' >> /etc/fstab

Increasing the space in /tmp

As with any other tmpfs, increasing the size of the /tmp with no data loss is just a matter of a simple remount.

mount -o remount,size=6G tmpfs /tmp

Creating a user

useradd -m -G wheel -s /bin/bash username

Some explanation:

Deleting a user

userdel user

You can add the -r option to remove the user's home directory and mail spool.

Adding an existing user to a group

usermod -a -G group user
gpasswd -a user group

Removing a user from a group

gpasswd -d user group
deluser user group

Checking process listening on a port

lsof -i :port
lsof -i tcp:port
lsof -i udp:port

Where port is the port number.

OpenSSL

Generate a keypair

openssl genrsa -out private_key.pem 4096
openssl rsa -pubout -in private_key.pem -out public_key.pem

Generate a CSR

openssl req -key private_key.pem -new -out certificate_request.csr

Encrypt an RSA private key

openssl rsa -des3 -in private_key.pem -out encrypted_private_key.pem

The -des3 tells openssl to encrypt the key with DES3.

Remove the encryption from an RSA private key

openssl rsa -in server.key.org -out server.key

Encrypt a file

Symmetric encryption

openssl aes-256-cbc -salt -in file.txt -out file.txt.enc

A few notes here: * You can use -a if you want your output to be in base64. This is useful if you would like to read it with a text editor or paste it in an email. * -salt makes the encryption stronger. You are advised to use it. * This uses symmetric encryption and you will be prompted for a password.

Asymmetric encryption

1. Generate a 256bit (32 byte) random key

  openssl rand -base64 32 > key.bin

2. Encrypt the key

openssl rsautl -encrypt -inkey public_key.pem -pubin -in key.bin -out key.bin.enc 

3. Encrypt the file

openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc -pass file:./key.bin 

Note that you shouldn't encrypt the entire file with asymmetric encryption. That is too slow and inefficient. Instead you encrypt a 256bit key with which you encrypt the file. So when you are sending the encrypted file, you should send both the encrypted key and the encrypted file.
This procedure is slightly simpler when using PGP.

Decrypt a file

Symmetric encryption

openssl aes-256-cbc -d -in file.txt.enc -out file.txt

Again use -a if the input was encoded with base64.

Asymmetric encryption

1. Decrypt the key

openssl rsautl -decrypt -inkey private_key.pem -in key.bin.enc -out key.bin

2. Decrypt the file

openssl enc -d -aes-256-cbc -in file.txt.enc -out file.txt -pass file:./key.bin 

Networking

Changing your MAC address

While this is somewhat trivial, I would still like to mention it. Primarily because not many people are used to the new Linux ip utility.

You might need sudo for all of the commands.

Using ifconfig (Older Linux distros and Mac OS X)

ifconfig # to list all interfaces
ifconfig interface ether 00:00:00:00:DD

Using the new ip utility (Modern Linux distros like Arch)

ip link # To list interfaces and current configuration OR
ip link show interface # to list a specific interface.
ip link set dev interface address 00:00:00:00:DD

Note 1: You might have to turn of your interface before changing you address. This could be done with:

ifconfig interface up/down
ip link set dev interface up/down

Note 2: You have to substitute interface with your interface name. That is usually en* on Linux and OSX or wlan* for WiFi networks or the new wlp****.

Nmap

Simple Port Scan

nmap -v host # -v is for verbosity
nmap -PN 192.168.1.1 # Scans a host protected by a firewall
nmap -6 2607:f0d0:1002:51::4 # Scan an IPv6 host/address

Nmap Network Scan

Some of the arguments showed here could be used in the Port scan mode.

nmap -sP 192.168.1.0/24 # Scan a network and find out which servers and devices are up and running
nmap 192.168.1.1-20 -sA # Find out whether the host is protected by a Firewall
nmap 192.168.1.* -A # with OS and version detection
nmap 192.168.1.0/24 --exclude 192.168.1.5 # Excluding specific hosts

Created
Last updated
DownloadPlain text