Common Linux Commands Collected Over the Years

Common Linux Commands Collected Over the Years

Although most of my work is related to networking, I also deal with Linux systems, especially after using Mac, where I work daily in a command-line environment with a black background. My memory is not very good, and I can’t remember many useful Linux commands. Therefore, I am gradually summarizing them for future reference.

Basic Operations

Linux Shutdown and Restart
# Shutdown
shutdown -h now

# Restart
shutdown -r now
View System and CPU Information
# View system kernel information
uname -a

# View system kernel version
cat /proc/version

# View current user environment variables
env

cat /proc/cpuinfo

# View the number of logical CPUs, including CPU model
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c

# View the number of CPUs and how many cores each has
cat /proc/cpuinfo | grep physical | uniq -c

# Check if the current CPU is running in 32-bit or 64-bit mode
getconf LONG_BIT

# If the result is greater than 0, it indicates support for 64-bit computation. lm indicates long mode, supporting lm means it's 64-bit
cat /proc/cpuinfo | grep flags | grep ' lm ' | wc -l
Create Symbolic Links
ln -s /usr/local/jdk1.8/ jdk
RPM Related
# Check if the software was installed via RPM
rpm -qa | grep software_name
SSH Key
# Create SSH key
ssh-keygen -t rsa -C [email protected]

# Copy the content of id_rsa.pub to home/username/.ssh/authorized_keys on the server to be controlled; create it if it doesn't exist (.ssh permission should be 700, authorized_keys permission should be 600)
Command Renaming
# Add renaming configuration in each user's .bash_profile
alias ll='ls -alF'
Sync Server Time
sudo ntpdate -u ntp.api.bz
Run Commands in Background
# Run in background, with nohup.out output
nohup xxx &

# Run in background, without any logging output
nohup xxx > /dev/null &

# Run in background and redirect error messages to the log
nohup xxx >out.log 2>&1 &
Force Active User Logout
# Command to force active user logout. TTY indicates terminal name
pkill -kill -t [TTY]
View Command Path
which <command>
View Maximum Open File Descriptor Count for Processes
ulimit -n
Configure DNS
vim /etc/resolv.conf
nslookup, View Domain Routing Table
nslookup google.com
last, Recent Login Information List
# Last 5 logged-in accounts
last -n 5
Set Static IP
ifconfig em1  192.168.5.177 netmask 255.255.255.0
View Loaded Environment Variables in Processes
# You can also go to the /proc directory to view what is loaded in the process memory
ps eww -p XXXXX (process ID)
View Process Tree to Find Server Processes
ps auwxf
View Process Startup Path
cd /proc/xxx (process ID)
ls -all
# cwd corresponds to the startup path
Add User, Configure Sudo Permissions
# Add new user
useradd username
passwd username

# Add sudo permissions
vim /etc/sudoers
# Modify the file to include
# root    ALL=(ALL)       ALL
# username ALL=(ALL)       ALL
Forcefully Close All Processes Containing xxx
ps aux|grep xxx | grep -v grep | awk '{print $2}' | xargs kill -9

Disk, File, and Directory Related Operations

Vim Operations
# In normal mode, g indicates global, x indicates the content to be searched, y indicates the content to be replaced
:%s/x/y/g

# In normal mode
0  # Move cursor to the beginning of the line (number 0)
$  # Move cursor to the end of the line
shift + g # Jump to the end of the file
gg # Jump to the beginning of the file

# Show line numbers
:set nu

# Remove line numbers
:set nonu

# Search
/xxx (search content)  # Search from the beginning, press n to find the next
?xxx (search content)  # Search from the end
Open Read-Only Files and Save After Modification (without switching users)
# In normal mode
:w !sudo tee %
View Basic Information of Disk and File Directory
# View disk mount status
mount

# View disk partition information
df

# View directory and subdirectory sizes
du -H -h

# View the size of each file and folder in the current directory, without recursion
du -sh *
wc Command
# View how many lines are in the file
wc -l filename

# View how many words are in the file
wc -w filename

# View the length of the longest line in the file
wc -L filename

# Count the number of bytes
wc -c

Common Compression and Decompression Commands

Compression Commands
tar czvf xxx.tar directory_to_compress

zip -r xxx.zip directory_to_compress
Decompression Commands
tar zxvf xxx.tar

# Decompress to a specified folder
tar zxvf xxx.tar -C /xxx/yyy/

unzip xxx.zip

Change File Ownership and User Group

chown eagleye.eagleye xxx.log

cp, scp, mkdir

# Copy
cp xxx.log

# Copy and force overwrite the same file
cp -f xxx.log

# Copy directory
cp -r xxx (source_directory) yyy (target_directory)

# Remote copy
scp -P ssh_port [email protected]:/home/username/xxx /home/xxx

# Cascade create directories
mkdir -p /xxx/yyy/zzz

# Batch create directories, will create java, resources folders in both test and main
mkdir -p src/{test,main}/{java,resources}
Compare Two Files
diff -u 1.txt 2.txt
Log Output Byte Count, Can Be Used for Performance Testing. Additionally, Search for “进阶” in the Top-Level Python Backend of the Public Account to Get a Surprise Gift Package.
# For performance testing, you can output a “.” to the log each time it executes, so the byte count in the log will be the actual number of times the performance test runs, and you can also see the real-time rate.
tail -f xxx.log | pv -bt
View and Remove Special Characters
# View special characters
cat -v xxx.sh

# Remove special characters
sed -i 's/^M//g' env.sh  # Remove special characters from the file, for example ^M: you need to input: ctrl+v+enter
Handle Special Character Issues in Files Caused by System Reasons
# Convert to the file format under this system
cat file.sh > file.sh_bak

# First copy the content of file.sh, then run it, then paste the content, and finally ctrl + d to save and exit
cat > file1.sh

# In vim, set file encoding and file format as follows
:set fileencodings=utf-8, then w (save) to convert to utf8 format,
:set fileformat=unix

# Use dos2unix for file formatting on Mac
find . -name "*.sh" | xargs dos2unix
tee, Redirect While Outputting to the Screen
awk '{print $0}' xxx.log | tee test.log

Search Related

grep
# Reverse match, find content that does not contain xxx
grep -v xxx

# Exclude all empty lines
grep -v '^/pre>

# If the result is 2, it indicates that the second line is empty
grep -n "^$" 111.txt    

# Query lines starting with abc
grep -n "^abc" 111.txt 

# List the line number where the word appears in the article
grep 'xxx' -n xxx.log

# Count how many times the substring appears
grep 'xxx' -c xxx.log

# When comparing, do not consider case differences
grep 'xxx' -i xxx.log
awk
# Use ':' as the delimiter, if the fifth field contains user, output that line
awk -F ':' '{if ($5 ~ /user/) print $0}' /etc/passwd 

# Count the occurrences of a specific character (string) in a single file (Chinese is invalid)
awk -v RS='character' 'END {print --NR}' xxx.txt
find Search Command
# Find files with the .mysql extension in the directory
find /home/eagleye -name '*.mysql' -print

# Search from the /usr directory down, find files accessed in the last 3 days.
find /usr -atime 3 –print

# Search from the /usr directory down, find files modified in the last 5 days.
find /usr -ctime 5 –print

# Search from the /doc directory down, find files owned by jacky that start with j.
find /doc -user jacky -name 'j*' –print

# Search from the /doc directory down, find files that start with ja or ma.
find /doc \( -name 'ja*' -o -name 'ma*' \) –print

# Search from the /doc directory down, find and delete all files ending with bak. The -exec option means execute, rm is the delete command, {} indicates the filename, and "\;" indicates the end of the command.
find /doc -name '*bak' -exec rm {} \;

Network Related

View Which Process is Using the Port
lsof -i:port
Get Local IP Address
/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"
iptables
# Check iptables status
service iptables status

# To block an IP
iptables -I INPUT -s ***.***.***.*** -j DROP

# To unblock an IP, use the following command:
iptables -D INPUT -s ***.***.***.*** -j DROP

# Note: The parameter -I means Insert (add), -D means Delete (remove). The rule follows, INPUT means inbound, ***.***.***.*** means the IP to be blocked, DROP means to drop the connection.

# Open access to port 9090
/sbin/iptables -I INPUT -p tcp --dport 9090 -j ACCEPT 

# Firewall start, stop, restart
/etc/init.d/iptables status
/etc/init.d/iptables start
/etc/init.d/iptables stop
/etc/init.d/iptables restart
nc Command, TCP Debugging Tool
# Send TCP request to a specific endpoint, sending the contents of data to the other end
nc 192.168.0.11 8000 < data.txt

# nc can act as a server, listening on a certain port, storing the contents of a request in received_data
nc -l 8000 > received_data

# The above only listens once; to listen multiple times, add the -k parameter
nc -lk 8000
tcpdump
# Dump TCP packets on local port 12301
tcpdump -i em1 tcp port 12301 -s 1500 -w abc.pcap
Trace Network Routing Path
# traceroute defaults to using UDP; if -I is used, it changes to ICMP
traceroute -I www.163.com

# Trace from the 3rd hop of ttl
traceroute -M 3 www.163.com  

# Add port tracing
traceroute -p 8080 192.168.10.11
ss
# Display all local open ports
ss -l 

# Display specific open sockets for each process
ss -pl 

# Display all TCP sockets
ss -t -a 

# Display all UDP sockets
ss -u -a 

# Display all established SMTP connections
ss -o state established '( dport = :smtp or sport = :smtp )'  

# Display all established HTTP connections 
ss -o state established '( dport = :http or sport = :http )'  

# Find all processes connected to the X server
ss -x src /tmp/.X11-unix/*  

# List current socket statistics
ss -s 

# Explanation: netstat traverses each PID directory under /proc, while ss directly reads the statistics under /proc/net. Therefore, ss consumes fewer resources and time than netstat when executed.
netstat
# Output the number of connections for each IP, as well as the total number of connections in each state
netstat -n | awk '/^tcp/ {n=split($(NF-1),array,":");if(n<=2)++S[array[(1)]];else++S[array[(4)]];++s[$NF];++N} END {for(a in S){printf("%-20s %s\n", a, S[a]);++I}printf("%-20s %s\n","TOTAL_IP",I);for(a in s) printf("%-20s %s\n",a, s[a]);printf("%-20s %s\n","TOTAL_LINK",N);}'

# Count all connection states,
# CLOSED: No connection is active or ongoing
# LISTEN: Server is waiting for incoming calls
# SYN_RECV: A connection request has arrived, waiting for confirmation
# SYN_SENT: The application has started, opening a connection
# ESTABLISHED: Normal data transmission state
# FIN_WAIT1: The application says it has completed
# FIN_WAIT2: The other side has agreed to release
# ITMED_WAIT: Waiting for all packets to die
# CLOSING: Both sides are trying to close
# TIME_WAIT: The actively closing connection end has not yet waited for feedback from the other end
# LAST_ACK: Waiting for all packets to die
netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'

# Find connections in TIME_WAIT state
netstat -n|grep TIME_WAIT|awk '{print $5}'|sort|uniq -c|sort -rn|head -n20

Monitor Linux Performance Commands

top
Press the uppercase F or O key, then press a-z to sort processes according to the corresponding column, then press enter. The uppercase R key can reverse the current sorting.
PID Process ID
PPID Parent Process ID
RUSER Real User Name
UID User ID of the process owner
USER Username of the process owner
GROUP Group Name of the process owner
TTY Terminal name that started the process. Processes not started from a terminal are displayed as ?
PR Priority
NI Nice value. Negative values indicate high priority, positive values indicate low priority
P Last used CPU, meaningful only in multi-CPU environments
%CPU Percentage of CPU time used since the last update
TIME Total CPU time used by the process, in seconds
TIME+ Total CPU time used by the process, in 1/100 seconds
%MEM Percentage of physical memory used by the process
VIRT Total amount of virtual memory used by the process, in KB. VIRT=SWAP+RES
SWAP Size of virtual memory used by the process that has been swapped out, in KB.
RES Size of physical memory used by the process that has not been swapped out, in KB. RES=CODE+DATA
CODE Size of physical memory occupied by executable code, in KB
DATA Size of physical memory occupied by parts other than executable code (data segment + stack), in KB
SHR Shared memory size, in KB
nFLT Number of page faults
nDRT Number of pages modified since last write.
S Process state. D=uninterruptible sleep state, R=running, S=sleeping, T=traced/stopped, Z=zombie process
COMMAND Command name/command line
WCHAN If the process is sleeping, the name of the system function in which it is sleeping
Flags Task flags, refer to sched.h
dmesg, View System Logs
dmesg
iostat, Monitor Disk IO Status
iostat -xz 1

# r/s, w/s, rkB/s, wkB/s: respectively represent read/write counts per second and read/write data volume (in KB). Excessive read/write volume may cause performance issues.
# await: Average wait time for IO operations, in milliseconds. This is the time the application spends interacting with the disk, including IO wait and actual operation time. If this value is too high, it may indicate that hardware devices are bottlenecked or malfunctioning.
# avgqu-sz: Average number of requests sent to the device. If this value is greater than 1, it may indicate that the hardware device is saturated (some front-end hardware devices support parallel writing).
# %util: Device utilization. This value indicates the degree of busyness of the device; the empirical value is that if it exceeds 60, it may affect IO performance (can refer to the average wait time for IO operations). If it reaches 100%, it indicates that the hardware device is saturated.
# If the displayed data is for logical devices, then device utilization does not represent that the actual hardware device is saturated. It is worth noting that even if IO performance is not ideal, it does not necessarily mean that application performance will be poor; strategies such as pre-reading and write caching can be used to improve application performance.

free, Memory Usage Status

free -m

eg:

     total       used       free     shared    buffers     cached
Mem:          1002        769        232          0         62        421
-/+ buffers/cache:          286        715
Swap:          1153          0       1153
First part Mem line:
total Total memory: 1002M
used Memory already used: 769M
free Free memory: 232M
shared Currently deprecated, always 0
buffers Buffer cache memory: 62M
cached Page cache memory:421M
Relationship: total(1002M) = used(769M) + free(232M)
Second part (-/+ buffers/cache):
(-buffers/cache) Used memory: 286M (referring to used in the first part of Mem line - buffers - cached)
(+buffers/cache) Free memory: 715M (referring to free in the first part of Mem line + buffers + cached)

It can be seen that -buffers/cache reflects the memory actually consumed by the program, while +buffers/cache reflects the total amount of memory that can be allocated.

The third part refers to the swap partition.

sar, View Network Throughput Status
# The sar command can be used to view the throughput of network devices. When troubleshooting performance issues, the throughput of network devices can be used to determine if they are saturated.
sar -n DEV 1

#
# The sar command can also be used to view TCP connection status, including:
# active/s: Number of TCP connections initiated locally per second, created via the connect call;
# passive/s: Number of TCP connections initiated remotely per second, created via the accept call;
# retrans/s: Number of TCP retransmissions per second;
# The number of TCP connections can be used to determine if performance issues are due to establishing too many connections; further, it can be determined whether the connections are actively initiated or passively accepted. TCP retransmissions may be due to poor network conditions or excessive server load causing packet loss.
sar -n TCP,ETCP 1
vmstat, Monitor CPU Usage, Memory Usage, Virtual Memory Interaction, IO Read/Write Over Time
# 2 indicates collecting status information every 2 seconds, 1 indicates collecting once (ignoring continuous collection)
vmstat 2 1

eg:
r b swpd free buff cache si so bi bo in cs us sy id wa
1 0 0 3499840 315836 3819660 0 0 0 1 2 0 0 0 100 0
0 0 0 3499584 315836 3819660 0 0 0 0 88 158 0 0 100 0
0 0 0 3499708 315836 3819660 0 0 0 2 86 162 0 0 100 0
0 0 0 3499708 315836 3819660 0 0 0 10 81 151 0 0 100 0
1 0 0 3499732 315836 3819660 0 0 0 2 83 154 0 0 100 0

  • r Indicates the run queue (how many processes are actually allocated to the CPU); my tested server currently has a relatively idle CPU, with no processes running. When this value exceeds the number of CPUs, a CPU bottleneck will occur. This is also related to the load in top; generally, a load exceeding 3 is considered high, exceeding 5 is very high, and exceeding 10 is abnormal, indicating that the server is in a dangerous state. The load in top is similar to the running queue per second. If the running queue is too large, it indicates that your CPU is very busy, usually resulting in high CPU usage.

  • b Indicates blocked processes; this is not to be elaborated, a blocked process is understood by all.

  • swpd Size of virtual memory used; if greater than 0, it indicates that your machine’s physical memory is insufficient. If not due to memory leaks, you should upgrade the memory or migrate memory-consuming tasks to other machines.

  • free Size of free physical memory; my machine has a total of 8G memory, with 3415M remaining.

  • buff Cache memory used by Linux/Unix systems to store what content is in directories, permissions, etc.; my machine uses about 300M.

  • cache Cache memory used to remember files we open, providing buffering for files; my machine uses about 300M (this is the smart part of Linux/Unix, taking part of the free physical memory to cache files and directories to improve program execution performance. When a program uses memory, buffer/cached will be quickly utilized).

  • si Size of virtual memory read from disk per second; if this value is greater than 0, it indicates insufficient physical memory or memory leaks; check for memory-consuming processes to resolve the issue. My machine has sufficient memory, everything is normal.

  • so Size of virtual memory written to disk per second; if this value is greater than 0, the same applies.

  • bi Number of blocks received per second from block devices; block devices refer to all disks and other block devices on the system; the default block size is 1024 bytes. My machine has no IO operations, so it remains 0, but I have seen it reach 140000/s on machines processing large amounts of data (2-3T), with disk write speeds of about 140M per second.

  • bo Number of blocks sent per second from block devices; for example, when we read files, bo will be greater than 0. Bi and bo should generally be close to 0; otherwise, it indicates excessive IO, requiring adjustment.

  • in Number of interrupts per second for the CPU, including time interrupts.

  • cs Number of context switches per second; for example, when we call system functions, context switches occur, and thread switches also require process context switches. This value should be as small as possible; if too large, consider reducing the number of threads or processes. For example, in web servers like apache and nginx, we usually conduct performance tests with thousands or even tens of thousands of concurrent users, and the choice of web server processes can be adjusted downwards until cs reaches a relatively small value, which indicates the appropriate number of processes and threads. System calls also cause context switches each time we call a system function, which is resource-intensive and should be avoided as much as possible. Excessive context switch counts indicate that your CPU is mostly wasted on context switching, resulting in less time for the CPU to do real work, which is undesirable.

  • us User CPU time; I once saw it close to 100 on a server doing frequent encryption and decryption, with the running queue reaching 80 (the machine was under stress testing, performance was poor).

  • sy System CPU time; if too high, it indicates long system call times, such as frequent IO operations.

  • id Idle CPU time; generally, id + us + sy = 100; I generally consider id to be idle CPU usage, us to be user CPU usage, and sy to be system CPU usage.

  • wt Waiting IO CPU time.

Related posts

  1. Basic Knowledge of Car Audio Modification – Sources, Speakers, Amplifiers, DSP
  2. Comprehensive Collection of Common Linux Commands
  3. Modern Alternatives to 5 Basic Linux Command Line Tools
  4. Linux Wireless RFKill Subsystem
  5. How to Install Nutstore on Linux Mint
  6. Learn Linux File System and Common File Operations Easily!
  7. 12 Methods to Create Files in Linux: A Comprehensive Guide
  8. How to Learn Embedded Linux Kernel? Sharing My Years of Experience
  9. Using Linux Text Processing Tools for Subdomain Search
  10. Comprehensive Linux Tools: Top Resources and Applications
  11. Essential Guide to Yum and Vim Tools for Linux Beginners
  12. 18 Most Common Linux Commands
  13. What Are GCC and G++? Understanding Their Differences
  14. Training for BvD Database: Enhance Your Research Skills
  15. How to Check the Number of Users in Linux
  16. How to Determine if Your Linux System is CentOS 7.9
  17. Comprehensive Guide to Common Linux Commands
  18. Embedded Linux Development: Common Techniques and Tips
  19. Linux Basics Tutorial

Leave a Comment