System Operations

File Transfer, Mounts, and Compression (Zip/Tar)

Copy file to remote host:

scp /path/to/local/file user@host:/path/to/destination

Copy file from remote host:

scp user@host:/path/to/remote/file /path/to/local/destination

Copy directory, -r for recursive:

scp -r /path/to/local/directory user@host:/path/to/destination
scp -r user@host:/path/to/remote/directory /path/to/local/destination

Other Examples:

scp -P 2222 /path/to/file user@host:/path/to/destination # Use a specific port
scp -i /path/to/key.pem /path/to/file user@host:/path/to/destination # Use a specific key, -i for identity file
scp -v /path/to/file user@host:/path/to/destination # Verbose output
scp -C /path/to/file user@host:/path/to/destination # Compress during transfer
scp -l 1000 /path/to/file user@host:/path/to/destination # Limit bandwidth to 1000 Kbps
scp -B /path/to/file user@host:/path/to/destination # Run in background
scp -p /path/to/file user@host:/path/to/destination # Preserve file attributes
scp -q /path/to/file user@host:/path/to/destination # Quiet mode

Connect via GUI:

Open the file manager
Click on "Connect to Server"
smb://windows-server-name/share-name
# click connect, enter credentials when prompted

Mount a remote SMB share:

sudo mount -t cifs -o username=user,password=pass //server/share /mnt

Unmount a remote SMB share:

sudo umount /mnt

Connect via GUI, other methods:

Open the file manager
Click on "Connect to Server", enter the server address
sftp://user@host # for SFTP
ftp://user@host # for FTP
ssh://user@host # for SSH
ssh://host # will prompt for username after attempting to connect
# click connect, enter credentials when prompted

Connecting via the GUI allows you to interact with files on a remote server as if they were part of your local file system, but it doesn’t integrate the remote filesystem into your system's file hierarchy. When you use a GUI to connect to a server, the file manager may use a virtual filesystem (VFS) layer that abstracts the actual file operations to the server, allowing you to manage files without permanently altering your system’s file structure. The connection typically lasts only for the duration of the session. Once the file manager is closed, the connection to the remote filesystem is also closed.

Mount a remote SMB share - Server Message Block (SMB), a protocol for sharing files, printers, and serial ports over a network. Commonly used in Windows environments:

sudo mount -t cifs -o username=user,password=pass //server-name/share-name /local/mount/point

Unmount a remote SMB share:

sudo umount /local/mount/point

Other examples - SMB:

# sudo apt-get install cifs-utils # Install CIFS client package
# -t to specify filesystem type, -o for options, uid and gid for user and group IDs
# file_mode and dir_mode for permissions, ro for read-only, rw for read-write
# cifs for Common Internet File System
sudo mount -t cifs -o username=user,password=pass,ro //server/share /mnt # Mount a remote SMB share with read-only permissions
sudo mount -t cifs -o username=user,password=pass,rw //server/share /mnt # Mount a remote SMB share with read-write permissions
sudo mount -t cifs -o username=user,password=pass,uid=1000,gid=1000 //server/share /mnt # Mount a remote SMB share with specific UID and GID
sudo mount -t cifs -o username=user,password=pass,file_mode=0755,dir_mode=0755 //server/share /mnt # Mount a remote SMB share with specific file permissions

NFS Mounts - Network File System Protocol. Allows you to access files over a network as if they were on your local machine. Commonly used in sharing files between Unix/Linux systems:

# sudo apt-get install nfs-common # Install NFS client package
sudo mount -t nfs -o username=user,password=pass //server/share /mnt

Unmount NFS:

sudo umount /mnt

Other examples - NFS:

sudo mount -t nfs -o ro server:/share /mnt # Mount a remote NFS share with read-only permissions
sudo mount -t nfs -o rw server:/share /mnt # Mount a remote NFS share with read-write permissions
sudo mount -t nfs -o vers=4 server:/share /mnt # Mount a remote NFS share using NFS version 4
sudo mount -t nfs -o vers=3,udp server:/share /mnt # Mount a remote NFS share using NFS version 3 and UDP protocol

SSHFS - file system client based on the SSH File Transfer Protocol. Allows you to mount a remote directory over an SSH connection. Secure and easy to use:

# sudo apt-get install sshfs # Install SSHFS
sshfs user@host:/path/to/remote/directory /local/directory/to/mount

Mounting physically integrates a remote filesystem into your system’s directory tree, making it appear as if the remote files are part of the local file hierarchy. This is used for more permanent or semi-permanent needs where regular file operations on the remote files are necessary. Mounting involves setting up a filesystem on your system that forwards operations like reading, writing, and listing to another server over a network. This is often done using specific commands in the terminal with root privileges. Once mounted, the filesystem remains integrated with your local file system until it is unmounted. This means files can be accessed by any application on your system without needing to open a specific file manager.

Zip a file or directory:

# -r for recursive, -j to exclude directory structure, -q for quiet
zip -r archive.zip /path/to/directory

Unzip a file:

unzip archive.zip

Other Examples:

zip -r archive.zip /path/to/directory -x "*.log" # Exclude files with a specific extension
unzip -d /path/to/destination archive.zip # Unzip to a specific directory
unzip -l archive.zip # List contents of a zip file
zip -e archive.zip /path/to/directory # Compress and encrypt a directory with a password, only parent level contents
zip -r -e archive.zip /path/to/directory # Compress and encrypt a directory with a password, recursively
unzip -P password archive.zip # Decrypt, and -P to specify password (will prompt for password if not provided)

Tar a file or directory:

# -c to create, -x to extract, -v for verbose, -f to specify file
tar -cvf archive.tar /path/of/directory/to/archive # Create a tar file from a directory
tar -xvf archive.tar # Extract to current directory

Other Tar Examples:

tar -cvf archive.tar /path/to/directory --exclude="*.log" # Exclude files with a specific extension
tar -xvf archive.tar -C /path/to/destination # Extract to a specific directory, -C for change to directory
tar -tvf archive.tar # List contents of a tar file

Other Compression Formats:

gzip file # Compress a file with gzip
gunzip file.gz # Decompress a file with gzip
bzip2 file # Compress a file with bzip2
bunzip2 file.bz2 # Decompress a file with bzip2
xz file # Compress a file with xz
unxz file.xz # Decompress a file with xz

Managing Users, Groups, Permissions, and Access

Add a user:

sudo adduser username

Add a user to a group:

# -a to append, -G to specify group
sudo usermod -aG groupname username

Change user password:

sudo passwd username

Delete a user:

sudo deluser username

List all users:

# /etc/passwd file contains list of users, UID, default shell, etc...
cat /etc/passwd

List all groups:

# /etc/group file contains list of groups and their members
cat /etc/group

List groups a user belongs to:

groups username

Change user's primary group:

sudo usermod -g groupname username

Change user's secondary groups:

sudo usermod -aG groupname username

Other examples and arguments:

sudo usermod -l newname oldname # Change username
sudo usermod -u 1001 username # Change UID
sudo usermod -g groupname username # Change primary group
sudo usermod -G group1,group2 username # Change secondary groups
sudo usermod -s /bin/bash username # Change default shell
sudo usermod -d /path/to/directory username # Change home directory
sudo usermod -e YYYY-MM-DD username # Set account expiration date
sudo usermod -L username # Lock account
sudo usermod -U username # Unlock account

Users and groups are used to manage file permissions and access to resources on a Linux system. Each user has a unique username and user ID (UID) that is used to identify them. Users can belong to one or more groups, which can be used to assign permissions to files and directories. Groups have a group name and group ID (GID) that is used to identify them. Users can be added to groups to grant them access to resources that are only available to members of that group. Users can also be assigned a primary group, which is the group that is used by default when creating new files and directories.

Change file permissions:

# u for user, g for group, o for others, a for all
# + to add permission, - to remove permission, = to set permission
# r for read (permission value of 4), w for write (permission value of 2), x for execute (permission value of 1)
chmod u+r file # Add read permission for user
chmod a+x file # Add execute permission for all
chmod g-w file # Remove write permission for group
chmod o=x file # Set execute permission for others
chmod a=rwx file # Set read, write, and execute permission for all, rwx is equivalent to chmod 777

Change directory permissions:

chmod -R u+r directory # Add read permission for user and all files in directory

Change file ownership:

chown username file # Change owner to username

Change group ownership:

chgrp groupname file # Change group to groupname

Change both owner and group:

chown username:groupname file # Change owner and group

Other examples and arguments:

chmod 755 file # Set read, write, and execute for user, read and execute for group and others
chmod 644 file # Set read and write for user, read for group and others
chmod 600 file # Set read and write for user, no permissions for group and others
chmod 777 file # Set read, write, and execute for all
chmod -R 755 directory # Recursively set permissions for all files in directory
chown -R username:groupname directory # Recursively change owner and group for all files in directory

Umask (user file creation mask) - Set default file permissions for new files and directories created by a user. Used to control the permissions that are automatically assigned to new files and directories:

umask 022 # Set default permissions to 755 for directories and 644 for files

Other Examples:

umask 002 # Set default permissions to 775 for directories and 664 for files
umask 027 # Set default permissions to 750 for directories and 640 for files
umask 077 # Set default permissions to 700 for directories and 600 for files

File permissions control access to files and directories on a Linux system. Each file has three sets of permissions: one for the owner of the file, one for the group that the file belongs to, and one for all other users. Permissions can be set to allow or deny read, write, and execute access for each of these groups. The owner of a file can change its permissions, as well as the owner and group of the file. Permissions can be set using symbolic notation (e.g., u+rwx) or octal notation (e.g., 755).

Run a command as root:

sudo command

Edit sudoers file:

sudo visudo # Edits the sudoers file (/etc/sudoers), e.g. add or remove users from the sudo group

Open a root shell using sudo - various methods:

# Open a root shell using sudo:
sudo -i
# Explanation: Launches a root shell similar to 'su -' but using sudo, ensuring the environment is clean as a root login session.

# Check current user's sudo permissions and allowed commands:
sudo -l
# Explanation: Lists the commands the current user can run with sudo, providing an audit of permissions.

# Run a specific command as another user:
sudo -u username command
# Explanation: Executes 'command' as the user 'username'. Useful for running scripts or commands under another user's privileges without switching to their account.

# Open a root shell, preserving the original user's environment:
sudo su -
# Explanation: Opens a shell with root privileges but retains environment variables and aliases from the original user's profile.

# Open a shell as another user, preserving their environment:
sudo su - username
# Explanation: Similar to 'sudo su -' but for another user, this keeps the user's environment intact during the session.

# Run a command as another user, preserving their environment:
sudo su -c "command"
# Explanation: Executes 'command' within a new shell session for the current root user, preserving the environment settings.

# Simulate a full login as the root user:
sudo su -l
# Explanation: Invokes a login shell as root, resetting the environment to what root would see upon a normal login.

# Simulate a full login as another user:
sudo su -l username
# Explanation: Starts a login shell as 'username', mimicking what the user would experience during a standard login, with all startup scripts executed.

# Open a shell as another user, preserving the original user's environment:
sudo -u username -s
# Explanation: Opens a shell as 'username' while maintaining the current user's environment settings.

# Open a login shell as another user:
sudo -u username -l
# Explanation: Initiates a login shell as 'username', similar to 'sudo su - username' but using sudo.

# List commands a user can run with sudo:
sudo -u username -l
# Explanation: Displays the commands 'username' can run with sudo, providing an overview of their permissions.

# Check if a user can run a specific command with sudo:
sudo -u username -l command
# Explanation: Verifies if 'username' can execute 'command' with sudo, useful for troubleshooting access issues.

# Invalidate the sudo timestamp:
sudo -k
# Explanation: Invalidates the current sudo timestamp, requiring re-authentication for the next sudo command.

# Remove the sudo timestamp, useful for logout scripts:
sudo -K
# Explanation: Removes the sudo timestamp, useful for scripts that require a clean logout process.

Sudo (superuser do) is a command that allows users to run programs with the security privileges of another user, by default the root user. It is used to perform administrative tasks without logging in as the root user. Sudo requires users to authenticate with their own password before running a command with elevated privileges. The sudoers file contains a list of users and groups that are allowed to use the sudo command, as well as the commands they are allowed to run.

Generate an SSH key pair:

# -t to specify key type, -b to specify key length, -C to add a comment
# RSA is the default key type, 4096 bits is recommended for security
ssh-keygen -t rsa -b 4096 -C "comment"

Copy the public key to a remote host:

ssh-copy-id user@host # Copies the public key to the remote host

Manually copy the public key to a remote host:

cat ~/.ssh/id_rsa.pub | ssh user@host 'cat >> ~/.ssh/authorized_keys'

Disable password authentication - this will require SSH keys for authentication:

# Edit the SSH configuration file
sudo nano /etc/ssh/sshd_config
# Set PasswordAuthentication to no
PasswordAuthentication no
# Restart the SSH service
sudo systemctl restart sshd

Other examples and arguments:

ssh-keygen -t ed25519 - # Generate an Ed25519 key
ssh-keygen -t rsa -b 2048 -C "comment" # Generate an RSA key with 2048 bits
ssh-keygen -t rsa -b 4096 -f ~/.ssh/keyfile -C "comment" # Generate an RSA key with 4096 bits and a custom filename
ssh-keygen -p -f ~/.ssh/keyfile # Change the passphrase for a key
ssh-keygen -y -f ~/.ssh/keyfile # Output the public key for a private key

SSH keys are used to authenticate users and servers when connecting to remote systems over SSH. They provide a secure way to log in to a server without entering a password each time. An SSH key pair consists of a public key and a private key. The public key is placed on the server, while the private key is kept on the client machine. When a user attempts to connect to the server, the server verifies the user's identity by checking the public key against the private key stored on the client machine. If the keys match, the user is granted access to the server.

Connect to a remote host:

ssh user@host

Connect to a remote host on a specific port:

ssh -p 2222 user@host

Connect to a remote host with a specific identity file:

ssh -i /path/to/key.pem user@host

Run a command on a remote host:

ssh user@host 'command'

Copy a file from a remote host:

scp user@host:/path/to/remote/file /path/to/local/destination

Other examples and arguments:

ssh -l username host # Connect using a specific username, -l for login name
ssh -X user@host # Enable X11 forwarding, useful for GUI applications
ssh -v user@host # Verbose output
ssh -o "ProxyCommand ssh -W %h:%p gateway" user@host # Use a proxy command, e.g. to connect through a gateway
ssh -L 8080:localhost:80 user@host # Local port forwarding, e.g. to access a web server
ssh -R 8080:localhost:80 user@host # Remote port forwarding, e.g. to expose a local service
ssh -D 8080 user@host # Dynamic port forwarding, e.g. to create a SOCKS proxy

SSH (Secure Shell) is a cryptographic network protocol used to securely connect to remote systems over an unsecured network. It provides a secure channel for data exchange between two devices, allowing users to log in to remote systems, execute commands, and transfer files securely. SSH uses public-key cryptography to authenticate users and encrypt data during transmission. It is widely used in system administration, software development, and network security.

Analyzing Host Logs, Processes, and Performance

View system logs:

cat /var/log/syslog # View system log - stores messages from system services
cat /var/log/auth.log # View authentication log - records user logins and authentication attempts
cat /var/log/kern.log # View kernel log - contains kernel messages
cat /var/log/dmesg # View kernel ring buffer - displays kernel messages during boot
cat /var/log/messages # View general system messages
cat /var/log/secure # View security log - contains security-related messages
cat /var/log/maillog # View mail log - records mail server activity
cat /var/log/cron # View cron log - logs cron job activity
cat /var/log/boot.log # View boot log - records system boot messages
cat /var/log/lastlog # View last login log - shows last login times for users
cat /var/log/wtmp # View login log - records login and logout times
cat /var/log/btmp # View failed login log - records failed login attempts
cat /var/log/utmp # View current login log - shows current login sessions
cat /var/log/audit/audit.log # View audit log - records security events
cat /var/log/yum.log # View YUM log - logs package installation and updates
cat /var/log/httpd/access_log # View Apache access log - records HTTP requests
cat /var/log/httpd/error_log # View Apache error log - records Apache errors
cat /var/log/nginx/access.log # View Nginx access log - records HTTP requests
cat /var/log/nginx/error.log # View Nginx error log - records Nginx errors
cat /var/log/mysql/error.log # View MySQL error log - records MySQL errors
# etc...

View log entries with timestamps:

journalctl

Filter log entries by priority:

journalctl -p err # Show only error messages
journalctl -p warning # Show warning messages

Filter log entries by unit (service):

journalctl -u sshd # Show logs for the SSH service

Other examples and arguments:

journalctl -b # Show logs from the current boot
journalctl -k # Show kernel messages
journalctl -f # Follow log output
journalctl --since "2022-01-01" # Show logs since a specific date
journalctl --until "2022-01-01" # Show logs until a specific date
journalctl --disk-usage # Show disk usage of journal files

Other commands related to logging:

dmesg # Display kernel ring buffer messages
tail -f /var/log/syslog # Follow system log in real-time
tail -f /var/log/auth.log # Follow authentication log in real-time
last # Show last logins
lastb # Show failed login attempts
lastlog # Show last login times
lastcomm # Show last executed commands
cat ~/.bash_history # View user command history

Logs are records of events that occur on a system, providing valuable information for troubleshooting, monitoring, and security analysis. System logs contain messages from various components of the operating system, including the kernel, services, and applications. Logs are stored in files located in the /var/log directory and can be viewed using tools like cat, less, or journalctl. The journalctl command is used to query and display logs managed by the systemd journal service, which provides advanced filtering and querying capabilities.

List running processes:

ps aux # Show all processes
ps aux | grep processname # Show processes matching a name

Show process tree:

pstree

Kill a process by PID:

kill PID

Kill a process by name:

pkill processname

Other examples and arguments:

top # Interactive process viewer
htop # Interactive process viewer with more features
pgrep processname # Find process ID by name
kill -9 PID # Forcefully kill a process
killall processname # Kill all processes by name

Processes are running instances of programs on a system. Each process has a unique process ID (PID) that identifies it and allows it to be managed. The ps command is used to list running processes, while tools like top and htop provide interactive views of system processes. Processes will consume system resources such as CPU, memory, and disk I/O, and can be managed using commands like kill and pkill to stop or terminate them.

View system information:

uname -a # Display all system information
hostname # Display the system's network name
date # Show the current date and time
cal # Show the calendar

Check system performance:

top # Show system summary

Get entire system information:

lscpu # List CPU information
lsblk # List block devices
lsmem # List memory information
free -h # Show memory usage

Check disk usage:

df -h # Show disk space usage
du -h /path # Show directory disk usage

List hardware configuration:

lshw # List hardware
lspci # List all PCI devices

Monitor system performance:

vmstat 1 # Show virtual memory statistics
iostat 1 # Show I/O statistics
mpstat 1 # Show CPU statistics

Check network performance:

iftop # Show network bandwidth usage

Other examples and arguments:

free -h # Show memory usage
uptime # Show system uptime
sar -u 1 # Show CPU usage
sar -r 1 # Show memory usage
sar -n DEV 1 # Show network statistics

System performance monitoring is essential for maintaining the health and stability of a system. Monitoring tools provide insights into resource usage, bottlenecks, and potential issues that may impact system performance. Commands like top, vmstat, iostat, and iftop provide real-time data on CPU, memory, disk, and network usage. Monitoring disk space, memory usage, and network performance helps identify potential problems and optimize system performance.

Start a service:

sudo systemctl start service

Stop a service:

sudo systemctl stop service

Restart a service:

sudo systemctl restart service

Enable a service to start on boot:

sudo systemctl enable service

Disable a service from starting on boot:

sudo systemctl disable service

Check the status of a service:

sudo systemctl status service

Other examples and arguments:

sudo systemctl reload service # Reload configuration changes
sudo systemctl mask service # Prevent a service from starting
sudo systemctl unmask service # Allow a masked service to start
sudo systemctl is-active service # Check if a service is active
sudo systemctl is-enabled service # Check if a service is enabled
sudo systemctl is-failed service # Check if a service has failed

Services are background processes that run on a system to perform specific tasks or provide functionality. Services are managed by the init system, such as systemd on modern Linux distributions. The systemctl command is used to start, stop, restart, enable, disable, and manage services on a Linux system. Monitoring the status of services helps ensure that critical processes are running correctly and that the system is functioning as expected.

Check system uptime:

uptime

Show system load averages:

Display the last system reboot time:

last reboot

Show the current time and date:

date

Other examples and arguments:

who -b # Show the last system boot time
who -r # Show the current runlevel
who -a # Show all users logged in

Uptime refers to the amount of time a system has been running without a reboot. Monitoring uptime provides insights into system stability, performance, and availability. The uptime command displays the current time, system uptime, number of users logged in, and system load averages. Checking system uptime helps identify issues related to system crashes, reboots, and performance degradation.

Kill a process by PID:

kill PID

Kill a process by name:

pkill processname

Forcefully kill a process by PID:

kill -9 PID

Other examples and arguments:

killall processname # Kill all processes by name
pkill -u username # Kill all processes by user
pkill -f pattern # Kill processes by name pattern

The kill command is used to terminate processes on a Linux system. Each process has a unique process ID (PID) that can be used to identify and kill it. The kill command sends a signal to a process, instructing it to exit. The default signal sent by kill is SIGTERM, which allows the process to perform cleanup tasks before exiting. The -9 option sends a SIGKILL signal, which forcefully terminates the process without allowing it to clean up.

Interactive process viewer:

htop

Sort processes by CPU usage:

htop -s PERCENT_CPU

Sort processes by memory usage:

htop -s PERCENT_MEM

Filter processes by name:

htop -u username

Other examples and arguments:

htop -p PID # Monitor a specific process
htop -t # Tree view of processes
htop -d delay # Set update delay
htop -C # Show full command path
htop -u username # Filter processes by user

htop is an interactive process viewer that provides a real-time overview of system processes and resource usage. htop displays a color-coded list of processes, CPU and memory usage, and system load averages. It allows users to interactively manage processes, sort and filter them by various criteria, and monitor system performance in a user-friendly interface. htop is a popular alternative to the top command for monitoring system processes.