Skip to main content

Computer Systems Security Planning for Success

Dr. Jan Pearce, Editor

Section 1 Commands Cheat Sheet

Purpose of this Cheat Sheet.

The following is intended to be useful in better understanding bash shell commands as well as understanding commands that run programs in the bash shell and which are used in this book.
🔗
🔗

Help Commands.

man <command-name>
🔗
Use the built-in manual.
🔗
  • e.g. man cd retrieves the manual for the change directory command.
    🔗
    🔗
<command-name> --help
🔗
Request the help page (when it exists) for the specified command. Note that not every command supports --help.
🔗
  • e.g. cd --help retrieves help for the change directory command.
    🔗
    🔗
🔗
🔗

File and Directory Commands.

pwd
🔗
Print working directory displays the path of the current working directory.
🔗
  • e.g. pwd prints the path of the current working directory.
    🔗
    🔗
whoami
🔗
The whoami prints the userid of the current user.
🔗
  • e.g. whoami prints the userid.
    🔗
    🔗
ls
🔗
List displays basic information about files and directories.
🔗
  • e.g. ls lists directories and files in the current directory.
    🔗
    🔗
  • e.g. ls -l lists directories and files in the current directory using a long listing.
    🔗
    🔗
  • e.g. ls ~ lists directories and files in the user’s home directory.
    🔗
    🔗
🔗
touch <file-name>
🔗
The touch command is commonly used for file creation. Its intended primary function is to update its timestamp, by "touching" it. See man touch for more information on the intended use.
🔗
  • e.g. touch newfile.txt creates an empty file named newfile.txt.
    🔗
    🔗
cd <dir-name>
🔗
Change directory to <dir-name>.
  • e.g. cd / changes the current directory to the root directory.
    🔗
    🔗
  • e.g. cd ~ changes the current directory to the user’s home directory.
    🔗
    🔗
  • e.g. cd .. changes the directory to the immediate parent directory.
    🔗
    🔗
🔗
mv <old> <new>
🔗
Move (or rename) files or directories.
🔗
  • e.g. mv old.txt new.txt changes the name of old.txt to new.txt.
    🔗
    🔗
rm <file-name>
🔗
Remove deletes a file or directory.
🔗
  • e.g. rm junk.txt removes the file named junk.txt.
    🔗
    🔗
mkdir <dir-name>
🔗
Make directory with name <dir-name>.
  • e.g. mkdir newdir makes a new directory with the name newdir.
    🔗
    🔗
🔗
rmdir <dir-name>
🔗
Remove directory with specified name <dir-name>
  • e.g. rmdir olddir removes (deletes) the directory with the name olddir.
    🔗
    🔗
🔗
find <path> <criteria>
🔗
The find command searches for files and directories within a specified path based on various criteria.
🔗
  • e.g. find /var/log -name "*.log" finds all files ending in .log in the /var/log directory.
    🔗
    🔗
  • e.g. find /home -perm 777 finds all files and directories with world-writable permissions.
    🔗
    🔗
🔗
🔗

The Basics: Reading, Writing, Counting, etc.

echo <text>
🔗
The echo command displays a line of text and/or requests the value of a variable from the shell and displays its value. Often used with output redirection.
  • e.g. echo "Hello World!" prints the text "Hello World!"" on the standard output.
    🔗
    🔗
  • e.g. echo "my string" >> ./myfile.txt uses the redirect to create or overwrite a file named myfile.txt containing "my string" as its contents.
    🔗
    🔗
  • e.g. echo $USER prints the value of the USER environment variable on the standard output.
    🔗
    🔗
🔗
cat <file-name>
🔗
The concatenate prints file contents on the standard output after concatenation. Note that with a single file, it just prints that file. It is often used with output redirection.
  • e.g. cat file.txt prints the contents of file.txt on the standard output.
    🔗
    🔗
  • e.g. cat file1.txt file2.txt prints the contents of the concatenation of file1.txt and file2.txt on the standard output.
    🔗
    🔗
🔗
read <variable-name>
🔗
The read command reads a line or variable from the keyboard. It is often used with scripts or input redirection.
  • e.g. read MYVAR takes input from the keyboard and directs it into a variable called MYVAR.
    🔗
    🔗
🔗
wc <file-name>
🔗
The word count command performs a count of lines, words, and bytes for each file.
  • e.g. wc file.txt reports the count of lines, words, and bytes in file.txt.
    🔗
    🔗
🔗
history
🔗
The history command displays a list of previously executed shell commands, allowing users to review their command history.
  • e.g. history could display:
    🔗
    1  git init
2  git add main.c
3  git commit -m "Initial commit"
4  git remote add origin https://github.com/username/repo.git
5  git push -u origin master
6  history
    🔗
🔗
grep <pattern> <name>
🔗
The grep command searches for specified patterns or text within files and displays matching lines. It is essential for log analysis and searching through system files.
  • e.g. grep "error" /var/log/messages searches for lines containing "error" in the system log file.
    🔗
    🔗
  • e.g. grep -i "failed login" /var/log/auth.log searches for failed login attempts (case-insensitive) in the authentication log.
    🔗
    🔗
🔗
🔗
🔗

Input and Output Redirection.

Input redirection using <
🔗
Input redirection uses using <to allow the user to redirect the input from a file rather than the keyboard.
  • e.g. wc < info2count.txt performs the wc command on the information in the file info2count.txt.
    🔗
    🔗
🔗
Output redirection using > or >>
🔗
Output redirection allows the user to redirect the output from the standard output to a file using > for overwriting or >> for appending.
  • e.g. echo 'I love open source!' > file.txt writes the line ’I love open source!’ into the file file.txt replacing the current contents or making a new file if it doesn’t already exist.
    🔗
    🔗
🔗
Piping |
🔗
A pipe | in the bash shell allows you to redirect (pipe) the output of one command into the input of another command.
  • e.g. ls | wc runs the command ls>and uses the output of the ls command as the input into the wc command.
    🔗
    🔗
🔗
🔗
🔗

System Administration and Security.

sudo <command>
🔗
The sudo command allows a permitted user to execute a command as another user, typically as the superuser (root). It is essential for performing administrative tasks securely.
  • e.g. sudo cat /etc/shadow displays the shadow password file using administrator privileges.
    🔗
    🔗
  • e.g. sudo useradd alice creates a new user account named alice with administrative privileges.
    🔗
    🔗
🔗
ps <options>
🔗
The ps command displays information about currently running processes. It is crucial for monitoring system activity and identifying running services.
  • e.g. ps aux shows all running processes with detailed information including user, CPU usage, and memory usage.
    🔗
    🔗
  • e.g. ps -ef | grep ssh displays all processes related to SSH services.
    🔗
    🔗
🔗
su <username>
🔗
The su (substitute user) command allows you to switch to another user account. When used without a username, it defaults to switching to the root super user. Unlike sudo, su starts a new shell session as the target user.
🔗
  • e.g. su switches to the root super user account after prompting for the root password.
    🔗
    🔗
  • e.g. su dave switches to the user account named dave after prompting for dave’s password.
    🔗
    🔗
🔗
🔗

File Permissions.

chown <name> <file>
🔗
The chown command is used to change the file owner and/or group.
🔗
  • e.g. chown pearcej file.txt changes the owner of file.txt to pearcej.
    🔗
    🔗
  • e.g. chown :friends file.txt changes the group of file.txt to friends.
    🔗
    🔗
chmod <flags> <file>
🔗
The chmod command is used to change permissions. The following symbols are the most commonly used:
🔗
+ change by adding permission
🔗
- change by removing permission
🔗
r which permission: read
🔗
w which permission: write
🔗
x which permission: execute
🔗
  • e.g. chmod +x helloworld.sh adds execute permission for all users to the helloworld.sh file.
    🔗
    🔗
🔗
🔗

Key Security Programs Used in this Text.

john
🔗
John the Ripper is a password cracking tool that tests password strength by attempting to crack encrypted passwords using word lists and brute force methods.
🔗
  • e.g. john --wordlist=password.lst /etc/shadow attempts to crack passwords using the wordlist called password.lst against the standard shadow password file.
    🔗
    🔗
  • e.g. john --show /etc/shadow displays previously cracked passwords.
    🔗
    🔗
md5sum
🔗
The md5sum program calculates and verifies 128-bit MD5 hashes, producing a compact digital fingerprint of a file.
🔗
  • e.g. md5sum <file-name> computes the MD5 hash of the specified <file-name> file.
    🔗
    🔗
nmap
🔗
Network Mapper (Nmap) is a network discovery and security auditing tool used to scan networks and identify open ports, services, and operating systems.
🔗
  • e.g. nmap <IP> scans <IP>for 1000 well-known ports which are used by popular services like SQL, SNTP, apache, and others.
    🔗
    🔗
  • e.g. nmap -sP <IP> performs a ping scan to discover live hosts on <IP>.
    🔗
    🔗
  • e.g. nmap -A <IP> performs an aggressive scan with OS detection and version identification on <IP>.
    🔗
    🔗
scapy
🔗
Scapy is an interactive packet manipulation program that allows users to create, send, and analyze network packets for security testing and analysis. Scapy mainly does two things: sends packets and receives answers, matching requests with answers and returning a list of packet couples (request, answer) and a list of unmatched packets. To use it you need to install it using something like pip install scapy. The following are some examples of how to use it:
🔗
  • e.g. ping = Ether()/IP(dst="192.168.1.1")/ICMP() creates an ICMP ping packet.
    🔗
    🔗
  • e.g. srp1(packet) stands for (Send Response Packet 1) sends a packet and receives only 1 response at Layer 2.
    🔗
    🔗
🔗
🔗

Need more detail?

For more information on any of these commands, use the --help flag or the man pages.
🔗
🔗
🔗
PrevTopNext