CtrlK

Fundamentals

Terminal

Shortcuts

Clear Terminal: [CTRL] + L
Search Through Command History:
[CTRL] + R - Search through command history for commands we typed previously that match our search patterns.
[↑] / [↓] - Go to the previous/next command in the command history.
Cycle through argument history:
[Alt] + .
Erase The Current Line
[CTRL] + U - Erase everything from the current position of the cursor to the beginning of the line.
[Ctrl] + K - Erase everything from the current position of the cursor to the end of the line.
[Ctrl] + W - Erase the word preceding the cursor position.
Running previous command
!$ : References the last argument of the previous command.
!* : References all arguments of the previous command (excluding the command name itself).
!:n : References the nth argument (e.g., !:1 for the first argument).
!! : References the entire previous command. (sudo v helpful)

user permissions and file permissions

Non root permissions: ALL=(ALL:!root) NOPASSWD: ALL
UID of root: #0 but sudo (versions < 1.8.28) bypasses this with sudo -u#-1 [command] (CVE-2019-14287)
To see contents of directory: Execute permission must be present
To modify files or subdirectories of directory: Write permission must be present

Change owner of a file:
chown [user]:[group] [file/directory]

Sticky bit: In a shared directory, only the file's owner, the directory's owner, or the root user can delete or rename files. Other users can still access the directory but can’t modify files they don’t own.
Sticky bit is capitalized (T): all other users do not have execute (x) permissions, therefore, cannot see the contents of the folder nor run any programs from it.
Sticky bit is lowercase (t): execute (x) permissions have been set, others can view and run the file but no modify or delete it.

Execute a command as a different user:
su -c "ls /etc/shadow or any other command" [root or other user]

Modifying users:

CommandDescription
suExecute command as different user
useraddCreates a new user
userdelDeletes a user account
usermodModifies a user
addgroupAdds a group
delgroupRemoves a group
passwdChanges user password

System information:

Description
Current Usernamewhoami
Group membership of usersid
name of systemhostname
OS infouname -a, -r
currently logged inwho
lists opened fileslsof
lists blocked deviceslsblk
lists USB deviceslsusb
lists PCI deviceslspci

• Info about a specific package:
apt-cache show [package_name]

find

optionswitch
older than a date-newermt full_date
size-size +5k or -size -5k
name-name *.conf or -name * .bak
Remove fails or errors> /dev/null
Execute command for the found file-exec ls -al {} ; 2>/dev/null
executable or not-executable or ! -executable

Here, {} is placeholder for the file name backslash ; to escape the ;

changing directories

pushd [directory you want to go]
popd # returns to original directory

location of program/tool

which [program_name]

Full path of a file

realpath [filename]

info about files: ls

decreasing order of modification date: newest first
ls -t
ls -t | head -n 1 #shows top most, most recent modified

inode number of file
ls -i

Location of log files of common services

ServiceDescription
ApacheAccess logs are stored in the /var/log/apache2/access.log file (or similar, depending on the distribution).
NginxAccess logs are stored in the /var/log/nginx/access.log file (or similar).
OpenSSHAccess logs are stored in the /var/log/auth.log file on Ubuntu and in /var/log/secure on CentOS/RHEL.
MySQLAccess logs are stored in the /var/log/mysql/mysql.log file.
PostgreSQLAccess logs are stored in the /var/log/postgresql/postgresql-version-main.log file.
SystemdAccess logs are stored in the /var/log/journal/ directory.