xeusnguyen.xyz

Search

SearchSearch

Recent Notes

See 161 more →

Awesome Linux Shell Commands

Oct 05, 2025, 16 min read

center

Info

Place to archive and snapshot the incredible command or pipe command with Linux OS platform such as Debian, Ubuntu, CentOS, …

In-house Commands

awk command

Skip first line Usually header when you use awk to print column variables

awk 'NR>1 {print $3}'

Get the last param when seperate by / or any symbol, you can use F and $NF to get the result

awk -F/ '{print $NF}'

cat command

Explore more about cat command and utilities

chmod command

Explore more about chmod and couples of topics around

# Grant full permission for file
chmod 777 /path/to/file
 
# Grant execute for file
chmod +x /path/to/file

du command

You can use du command for list all size inside your directory

# List folder only
du -csh xeusnguyen.xyz
 
# List file inside
du -csh xeusnguyen.xyz/*

echo command

Decode string with specify unicode-escaped with -e flag, read more at: StackOverFlow - How to convert \uXXXX unicode to UTF-8 using console tools in *nix

Note

You can use uni2ascii for instead if you want to integrate with 3rd party

echo -e "unicode-string"

fdisk command

Documentation: What is FDISK and how does it work?

Use fdisk when you want to hangout with your hard disk drive, like integrate multiple way for formatting or partitioning a hard disk drive, or to delete different portions of it. FDISK is an external utility. It is most commonly used to prepare and partition a hard drive

# to view details of available disk partitions.
sudo fdisk -l
# to view the partitions on a specific disk.
sudo fdisk -l /dev/sda
# to create a hard disk partition.
sudo fdisk /dev/sda
# to view the partition size.
sudo fdisk -s /dev/sda

And when you want to hit to interaction mode you can try with

sudo fdisk /dev/sda

And when you hit keyboard with m, you can see the helper

Command (m for help): m
 
Help:
 
  GPT
   M   enter protective/hybrid MBR
 
  Generic
   d   delete a partition
   F   list free unpartitioned space
   l   list known partition types
   n   add a new partition
   p   print the partition table
   t   change a partition type
   v   verify the partition table
   i   print information about a partition
 
  Misc
   m   print this menu
   x   extra functionality (experts only)
 
  Script
   I   load disk layout from sfdisk script file
   O   dump disk layout to sfdisk script file
 
  Save & Exit
   w   write table to disk and exit
   q   quit without saving changes
 
  Create a new label
   g   create a new empty GPT partition table
   G   create a new empty SGI (IRIX) partition table
   o   create a new empty DOS partition table
   s   create a new empty Sun partition table

find command

Find the folder with find base on the regex format

find . -maxdepth 1 -type d -regex '.*/azp/_work/\d+$'

Find directory in current location but expose that in format ls

find . -type d -ls

Find the file or directory to provide you last in path of file and directory

find . -maxdepth 2 -type d | awk -F/ '{print $NF}'

grep command

Explore more example with grep via

Use grep with exclude by -v flag

grep -v "dotnet" .

To grep include multiple word

Info

Use -i flag to execute that. Especially add with \| symbol between two words. Read more at: How to Grep for Multiple Strings, Patterns or Words, extending with multiple situations (HELPFUL)

grep -i "Hostname\|Port"

iostat command

You can use iostat for listing and monitoring your input and output of your disk, by this action you can doube-check state and bottleneck inside

Disk I/O Monitoring - This displays disk I/O statistics every 5 seconds, including utilization, queue length, and wait time

iostat -xz 5

iptables command

Learn more about iptables commands from links down below

Allow only traffic from external IP to host via port

sudo iptables -A INPUT -s <source> -p <tcp/udp> --dport <destination-port> -j ACCEPT

Block all traffic to specify port in host

sudo iptables -A INPUT -p <tcp/udp> --dport <destination-port> -j DROP

List all rule and table rule

# List all rules
sudo iptables -S
 
# list all tables rules
sudo iptables -L -v -n | more
 
# list all rules for INPUT tables
sudo iptables -L INPUT -v -n

Delete rule in iptables

# Basic command to delete
sudo iptables -F
 
# To specify you want
# Find your rule base on number
iptables -L INPUT --line-numbers
# Remove that base on number of line
iptables -D INPUT <specific-line-number>
 
# IYKYN, use `-D` flag for same command `-A` to remove that rule

journalctl command

Documentation:

Capture and logged full events of service

journalctl -u service-name.service

To see only log messages for the current boot

journalctl -u service-name.service -b

Find your boots in list

journalctl --list-boots

See the error log with command

journalctl -p err -b

Info

You can exchange -p option with pram

  • 0: emerg
  • 1: alert
  • 2: crit
  • 3: err
  • 4: warning
  • 5: notice
  • 6: info
  • 7: debug

Check the log systemd in catalog and pagination, you can use

journalctl -xeu service-name.service
 
--catalog         -x  -- Show explanatory texts with each log line 
--pager-end       -e  -- Jump to the end of the journal in the pager
--unit            -u  -- Show data only from the specified unit

jq command

List of articles relate jq with helpful solution

You can use jq to select multiple variable

cat app.json | jq -r '.expo | .name, .version'

You can use jq to select multiple variable and concat that to one string

cat app.json | jq -r '(.expo.name + "." + .expo.version)'

You can use jq with variable to pass through from command or define to your jq

# Good way
curl -H "PRIVATE-TOKEN: $PRIVATE_GLAB_TOKEN" "https://gitlab.com/api/v4/users/$GLAB_USER_ID/contributed_projects" | jq --arg REPO_CHECKED_NAME "$REPO_CHECKED_NAME" '.[] | select(.name == $REPO_CHECKED_NAME) | .id'
 
# Trick way
curl -H "PRIVATE-TOKEN: $PRIVATE_GLAB_TOKEN" "https://gitlab.com/api/v4/users/$GLAB_USER_ID/contributed_projects" | jq '.[] | select(.name == "'${REPO_CHECKED_NAME}'") | .id'

jq support for another arg like json, you can try to concat object this one with your existence object. Explore more at Add an object to existing JSON using jq and Append JSON Objects using jq

cat ~/config-bk.json | jq -r --argjson addon "$(cat ~/.docker/config.json | jq -r ".auths")" '.auths+=$addon'

Convert json to string for multiple purpose

cat file.json | jq -c | jq -R

Get first keys in list object with jq

cat config-bk.json | jq  'keys[]'

Select the keys if value of a field is “auto”. Explore at Select the keys if value of a field is “auto”

# Get the object with value = auto
jq 'map_values(select(.value == "auto"))' file
# Get key with same situation
jq -r 'map_values(select(.value == "auto"))|keys[]' file

If you wanna encode URL with jq, you can follow this

# use for encode
jq --slurp --raw-input --raw-output @uri <(printf 'http://example.com/E = mc^2')

In the situation, if you want to decode jwt token, you can try with jq

jq -R 'split(".") | .[1] | @base64d | fromjson' <<< "$1"

You wanna update the all of key match with your request with new value, you can use walk with jq >= 1.7. In the end, It will overwrite your current file with new value.

jq 'walk(if type == "object" then with_entries( if .key == "KEY_WANT_UPDATE" then .value = "NEW_VALUE" else . end ) else . end)' "/path/json/file" > "/path/json/file.tmp" \
        && mv "/path/json/file.tmp" "/path/json/file"

lsblk command

If you want to take the look with your storage device like HDD or SSD, you can use lsblk to see what format of those devices

# View information about your disk
lsblk -o NAME,HCTL,SIZE,MOUNTPOINT
 
# View output info about filesystems
lsblk -f
File SystemSupported File SizeCompatibilityIdeal Usage
FAT32up to 4 GBWindows, Mac, LinuxFor maximum compatibility
NTFS16 EiB – 1 KBWindows, Mac (read-only), most Linux distributionsFor internal drives and Windows system file
Ext416 GiB – 16 TiBWindows, Mac, Linux (requires extra drivers to access)For files larger than 4 GB

lsof command

lsof is a command for LiSting Open Files. Find and explore more at documentation

To check network connection, you can use

lsof -i -P -n

Find files open to a process with known PID, e.g: 1234, you can use

lsof -p 1234

mkfs command

You can use mkfs command to formatting your device. Read more at How to Use the mkfs Command on Linux

mkfs [options] [-t type fs-options] device [size]

modprobe command

Info

The kernel uses modprobe to request modules. The modprobe command searches through the standard installed module directories to find the necessary drivers.

Documentation:

To add module to kernel in linux via command

# Default add module
sudo modprobe <module-name> # e.g: iscsi_tcp
 
# Add multiple module
sudo modprobe -all <first module name> <second module name>
 
# Confirm module or add for first time with --first-time opt
sudo modprobe <module name> --first-time

To remove module from kernel via command

# Remove module
sudo modprobe -r <module-name> # e.g: iscs_tcp
 
# Double-check already remove or first time remove
sudo modprobe -r <module-name> --first-time

To check and find module add into kernel, you can handle with couple of commands

# Check via lsmod
lsmod | grep -e "<module-name>"
 
# Check via find command
find /lib/modules/$(uname -r) -type f -name '*.ko*' | grep -e "<module-name>"
 
# Combine awk and modinfo command (easily output)
# Source: https://stackoverflow.com/questions/23645595/how-to-find-linux-module-path
awk '{ print $1 }' /proc/modules | xargs modinfo -n | sort | grep -e "<module_name>"

ps command

You can use ps command to check process inside your machine to identify CPU spike or memory leak or moreover

Find CPU-Intensive Processes - This lists the top 10 processes by CPU usage, showing the percentage, process ID, user, and command.

ps -eo pcpu,pid,user,args | sort -r | head -10

Find Memory Leaks - This updates every 5 seconds to show the top memory-consuming processes, helping you identify memory leaks

watch -n 5 "ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head"

Check Running Processes - This lists the top 10 processes sorted by CPU usage, helping you quickly identify resource-intensive processes.

ps aux --sort=-%cpu | head -10

scp command

Documentation: SCP Command in Linux {13 Examples}

scp is protocol which permit use copy and transfer file from remote and local machine with bi-direction, or cp from remote to remote

# From local to remote
scp /path/file/local user@ip:/path/file/remote
 
# From remote to local
scp user@ip:/path/file/remote /path/file/local
 
# From remote to remote
scp user1@ip1:/path/file/remote1 user2@ip2:/path/file/remote2
 
# From remote to remote (but your machine is mediate)
scp -3 user1@ip1:/path/file/remote1 user2@ip2:/path/file/remote2

In some special case, you can integrate with option with your scp command to specific

Different Port: Usually scp use SSH (Port 22) to mediate help you secure transfer data through that port, but in other situation SSH not work in Port 22, you can use -p to specific

scp -p 2222 /path/file/local user@ip:/path/file/remote

Recursive: To copy whole folder, usually we use recursive mode and scp does have with -r

scp -r /path/folder/ user@ip:/path/file/remote

ss command

If you familiar with netstat which usually not install from starting with almost Linux Distro, but instead of this one, you can try to use ss which integrate into default tool to debug networking

To show listening port in your host, you can use

# command will show progress with port openning
ss -tupl

When you want to add filter socket port number, you can use

# Use Port Number
ss -at '( dport = :22 or sport = :22 )'
 
# Use Service
ss -at '( dport = :ssh or sport = :ssh )'

Info

If you are not found ss command, you can read file /etc/services for alternative which show us port and service mapping

sed command

Documentation

To replace a string in file with sed, you can use command with format

# Replace in file (Global)
sed -i 's/OLD/NEW/g' path/file #Replace string inside a file

To replace in the string, you can control action with

echo "[MASKED]" | sed -e "s/\[MASKED\]/123456789/g"

To replace the string with content return from executing command, you can use

sed -i 's/OLD/'$(echo $NEW)'/g' path/file

ssh command

Documentations and articles

Use tunneling mode of ssh to reverse shell from remote to your local host

Info

Command below to port-forward from port 127.0.0.1:8080 from remote host and send the traffic to port :8080 inside your host

ssh -N -L 8080:127.0.0.1:8080 -i /path/to/your/private_key <user>@<remote-host> -p <port-ssh> # Default ssh via port 22, use -p if you need to specific

systemctl command

Documentations and articles

Use systemctl command to check available service inside your host with state running

sudo systemctl list-units --type=service --state=running

Use one of option Disable/Enable/Restart/Stop/Start with service inside host for changing state

sudo systemctl disable/enable/restart/stop/start <name_of_service>

Check configure or state of service with systemctl command

sudo systemctl show/status <name_of_services>

ufw command

Documentations and articles

tr command

Use tr to delete with -d flag

tr -d "HostName:Port" # If find 2 word, seperate with space
tr -d "HostNamePort" # If find 2 word, no space add-on

Use tr to change space to colon, :

tr -s "[:blank:]" ":"

tree command

Print the sub-directory of folder with configuration level

tree -d -L 2 .

Print the sub file and folder with filter not include smt with -I option. Explore at StackOverFlow - tree command for multiple includes and excludes

# With only
tree -a -L 1 -I .git
 
# With multiple
tree -a -L 1 -I '.git|.terraform.lock.hcl'

Print tree with combine full path, include and exclude pattern

tree -f -I "bin|unitTest" -P "*.[ch]|*.[ch]pp." your_dir/

nc command

To check port open or not, you can use nc with some options to retrieve information. Explore more at:

# Check port TCP open or not after 5s timeout
nc -z -v -w5 <host> <port>
# Check list port tcp from X to Y open or not after 5s timeout
nc -z -v -w5 <host> <portX>-<portY>
# Check port UDP or not
nc -z -u -v <host> <port>

tar command

When you want to extract or compress file into tar.gz format, you can use tar for handle this task

First of all, when you want to extract, you can use command

# Use when it have gz (gunzip)
tar -xzf /file/example.tar.gz
 
# Use when it has only tar
tar -xz /file/example.tar
 
# If you want to strip the folder inside, e.g level 1 or level 2
tar -xzf /file/example.tar.gz --strip-components <level-number>
 
# If you want to output your extract to output
mkdir -p /folder/to/output # make sure folder exist
tar -xzf /file/example.tar.gz -C /folder/to/output

Next, when you want to compress, you can use

# Use with file
tar -czf /file/to/compress.tar.gz file # Use can use multiple file
 
# Use to package folder
tar -czf /file/to/compress.tar.gz folder/*

At the end, when you want to see what inside the compress, you can use

tar -tvf /file/to/compress.tar.gz

hostnamectl command

When you think about change your current hostname for present your machine in network, ssh connection, you can use hostnamectl for hand-on it. Explore more at

First of all, you can check your hostname information by

# Simple
hostnamectl
# Complete command
hostnamectl status

Next, you can exchange your hostname for couple of types with option set-hostname (NOTE: required root permission), including

# transient - Assigned by mDNS server or DHCP server during run time
hostnamectl set-hostname new-name --transient
 
# static - used to initialize the kernel hostname during boot time
hostnamectl set-hostname new-name --static
 
# pretty - the hostname presented to the user, not to other computers on a network
hostnamectl set-hostname new-name --pretty
 
# combine three types, transient, static and pretty
hostnamectl set-hostname new-name

External Commands

Pip3 & Python3

center

Break system to install

With Python3 from version 3.12, there isn’t gonna easy for us to install package, so if you want to force install with python3-pip, you can add the optional --break-system-packages after the pip command

pip3 install numpy --break-system-packages

With read from file, we can do same way

pip3 install -r requirements.txt --break-system-packages

Specific Torch version

In some situations, your environment have higher version CUDA or driver of NVIDIA compare with Torch, you can use this version to bypass and migrate your torch to compatible version with your graphic card. Read more at Reddit - RTX 5090 Training Issues - PyTorch Doesn’t Support Blackwell Architecture Yet?

pip install -U torch torchvision torchaudio --index-url https://download.pytorch.org/whl/cu128

Create virtual environment with venv

With Python3 from version 3.12, it require venv or use --break-system-packages for global environment. But in some situation, you need find out to conda or venv to make your environment become more convenience to install external package

To setup venv, Read more in official documentation venv — Creation of virtual environments

First of all, create new environment with command

python3 -m venv /path/to/new/venv

Active the environment

source /path/to/new/venv/bin/active

When you finish and want to comeback to global environment, in the venv shell, you can use command

deactivate

Keytool (Java)

Explore more about keytool through Common Java Keytool Commands

Get keystroke information

To view and check information which store inside keystroke, which generate from keytool - key generator integrate into Java

keytool -list -v -keystore /path/to/your/keystore-file.keystore -alias your-key-alias -storepass your-keystore-password -keypass your-key-password

OpenVPN

Generate Client CA

To generate a completely Client CA for connecting to OpenVPN Server, you can use command

# Instruction
./etc/openvpn/server/easy-rsa/easyrsa build-client-full <file_name_base> [ cmd-opts ]
 
# Example
./etc/openvpn/server/easy-rsa/easyrsa build-client-full xeusnguyen nopass

Trick commands

Rerun the previous command

You can use previous command with !! on your shell, for example

# First if you use clear screen
clear
 
# You can call clear screen again with !!
!!

Also you can reuse the previous command arguments, for example

$ command <args>
$ 2nd command !$

Graph View

Backlinks