CMD and Terminal

Quick Reference

Admin:

Reading logs:

Authentication Logs:

sudo grep "Accepted" /var/log/auth.log*: show all successful login, even in past log rotations
sudo grep "Failed password" /var/log/auth.log: list failed login attempts
sudo tail -n 20 -f /var/log/auth.log: read most recent 20 entries in ssh/authentication log

sudo grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | head: see top IPs attempting SSH attacks
sudo grep sshd /var/log/auth.log: show all SSH-related events in authentication log

sudo tail -f /var/log/nginx/access.log: reading nginx logs live
sudo tail -n 20 -f /var/log/nginx/access.log: show the most recent 20 entries in log
sudo tail -f /var/log/nginx/error.log: reading logs live
sudo tail -n 20 -f /var/log/nginx/error.log: show the most recent 20 entries in log

cat /etc/passwd | sort: list all users
who: show all logged in users
getent group sudo: see who has admin privileges
Users control:

sudo useradd -m [username]: add a new user and make a home directory
sudo passwd [username]: set password for a user
sudo usermod [username] sudo: add a user to the sudo group
sudo userdel -r [username]: delete user and their home directory
sudo nano /etc/ssh/sshd_config: edit SSH access permission for users

AllowUsers [username1 username2 ...] deploy: allow certain users to ssh and deny everyone else
DenyUsers [username1 username2 ...] deploy: deny certain users ssh; Deny rules will override allow rules
AllowGroups [group ...] deploy
DenyGroups [group ...] deploy

Priority:

DenyUsers
AllowUsers
DenyGroups
AllowGroups

sudo systemctl restart ssh: restart ssh

Setup:

ssh -i [private key] [user]@[host]: connect to a remote host using SSH
q / exit: quit the current session
Ctrl + L: clear the terminal screen
sudo apt update && sudo apt upgrade -y: update and upgrade packages
sudo apt install wget curl unzip git -y: install common utilities

wget: download files from the web through HTTP/HTTPS/FTP

wget [URL] - download a file from the specified URL

curl: testing REST APIs, sending POST/PUT requests
unzip: extract .zip files since Linux only handle .tar.gz files
git: version control system

VARIABLE=value: set an environment variable
export VARIABLE=value: export an environment variable to make it available to child processes/subshells
sudo apt install nginx -y: install Nginx web server

setup reverse proxy and rate limiting rules, also ssh limit

Navigation:

pwd: print current directory
cd [directory]: change directory
mkdir [directory]: create a new directory
cp [source] [destination]: copy files or directories
scp [source] [user]@[host]:[destination]: securely copy files between local and remote hosts

scp -r [source] [user]@[host]:[destination]: securely copy directories recursively

rsync -avz [source] [user]@[host]:[destination]: copying large files and synchronizing directories
mv [source] [destination]: move or rename files or directories
rm [file]: remove a file

rm -r [directory]: remove a directory and its contents recursively

printenv | grep [variable]: search for environment variables
ls: list directory contents

ls -a -1f: list all files, one per line, with file type indicators
ls [directory]: list contents of a specific directory

tree -a -L 2: display all files and directory structure up to 2 levels deep
which [command]: display the path of the executable for a command
find [directory] -name [filename]: search for a file in a directory and its subdirectories

find [directory/to/search] -type d -name [directory]: search for a folder in a directory and its subdirectories

File Edit, Extract/Compress, and Firewall:
cat -n [file]: display the contents of a file with line numbers

cat [file] | grep [pattern]: search for a pattern in a file
cat [file1] [file2]> [combined file]: concatentate file1 and file2 into a combined file

nano -l [file]: edit file with line numbers on left

Ctrl + O: save the current file
Ctrl + X: exit the editor
Ctrl + W: search within the file
Ctrl + _: jump to specific line #

tar: compress and extract .tar.gz files

tar -czf [archive.tar.gz] [/path/to/directory]: create a compressed archive of a directory
tar -xf [archive.tar.gz] - extract a compressed archive

ufw: Uncomplicated Firewall

ufw status - display the current status of the firewall
sudo ufw allow from [hostname] to [remoteAddress/any] app [appname] - allow traffic from a specific host to all the ports listed by the app profile

sudo ufw allow from [home] to any app OpenSSH

ufw app list - list available applications

ufw app info [appname] - display network information about a specific application

ufw delete [rule] - delete a specific rule
sudo ufw allow [port #]/[tcp/udp] - allow traffic on a specific port
sudo ufw deny [port #]/[tcp/udp] - deny traffic on a specific port

Port 22: SSH
Port 80: HTTP/Nginx
Port 443: HTTPS/Nginx

Linux Commands

Basics:

Format: command -option /argument
Help Commands:

{command} --help - display help information for a command
man {command} - display the manual page for a command
info {command} - display detailed information about a command
Shortcuts:

U: return to parent menu
B: goes back to beginning of node
Q: quit
PageUp / PageDown: scroll through the manual

Piping command1 | command2: sends the output of command1 as input to command2
Protecting:

Single Quote: protect everything from being shell expansion
Double Quote: allow variable expansion but protect spaces

Good for protecting variables from being expanded into multiple variables because of spaces

Backslash: escape the single following character and also used to split long commands to a separate line

File Globbing

* - matches any number of characters
? - matches a single character
[abc] - matches any one of the characters a, b, or c
[a-z] - matches any one character in the range a to z

Ctrl + L - clear the terminal
Ctrl + D - exit terminal

Directories:

pwd - print current directory
cd /path/to/directory - change directory

cd - - change to the previous directory
cd . - stay in the current directory
cd .. - change to the parent directory
cd ~ - change to the home directory

ls - list files in the current directory
ls -l filename - list detailed information about a specific file
getfacl filename - display the access control list (ACL) of a file
find /directory - list out whole hierarchy of directory
find /path/to/directory -name "d*"" - find a file matching a pattern in a directory
find /course -perm 755 - find files with specific permissions

Aliases:

alias cp='cp -i' - create an alias for a command; useful to change default command options
ln -s /path/to/original /path/to/link - create a symbolic link or alias for directory

Example: ln -s /projects/android and then cd android

Copy, Move/Rename, Create, Delete, Redirecting/Appending:

cp source destination - copy a file or directory

cp -r source destination - copy a directory and its contents recursively

mv source destination - move/rename a file or directory
mkdir directory - create a new directory

mkdir -p /path/to/directory - create a directory and any necessary parent directories

rm file - delete a file

rm file[12] - delete multiple files matching a pattern
rm -r directory - delete a directory and its contents recursively

> - redirect output to a file
>> - append output to a file

Variable:

$variableName - define a variable
PATH=$PATH: - create/add to the PATH variable (separated by colons)

History:

history - list past commands
!# or !88 - rerun 88th command in history
!e - rerun last command that starts with e
Ctrl + R - search command history

Converting Case

tr '[:lower:]' '[:upper:]' - convert lowercase to uppercase
tr '[:upper:]' '[:lower:]' - convert uppercase to lowercase
${variableName^^} - convert variable value to uppercase
${variableName^} - convert first character of variable to uppercase
${variableName,,} - convert variable value to lowercase
${variableName,} - convert first character of variable to lowercase

Command does not replace the value stored in the variable

Hardware Management:

uptime: gives info about how busy the system is (number of users and load average)
top: gives detailed info about how busy the system is, including load average and memories usage

Load average should be below number of CPU cores or else there is a queue in returning requests

uname: display system information
lscpu: display detailed info about the CPU architecture
lspci: display detailed info about the motherboard, PCI buses, and devices
lsusb: display detailed info about USB buses and devices
lsmod: display loaded kernel modules
lsblk: display information about disks and partitions

Writing Scripts:

Shebang: specifify the shell interpreter and what is used to run script

Debug Tip: use bash -x script.sh - run the script with debugging enabled to see the command and output together
#!/bin/bash - example of a shebang for a Bash script
chmod u+x script.sh - make a script executable
./script.sh - run the script in a separate fork process
source script.sh - run the script in the current shell process
$1 - first positional parameter passed to the script
$? - exit status of the last command executed; anything beside 0 means failure/warning
Conditionals:

test -z "$variable" - check if a variable is empty
test -z "$variable" && echo "Variable is empty" - check if a variable is empty and print a message
test -n "$variable" - check if a variable is not empty
test "$variable" = "value" - check if a variable equals a value

test can be replaced with brackets: [ -z "$variable" ]

if [ -z "$variable" ]; then echo "Variable is empty"; fi - if statement block to check if a variable is empty and print a message

Loops:

for i in {1..5}; do echo "Iteration $i" done - for loop example
while [ condition ]; do # commands to execute done - while loop template

Prompts:

NAME="$1" # create a variable and assign it the value of the first positional parameter read -p "Enter your name: " NAME - prompt user for input and store in variable

Administration:

sudo command: run a command with superuser privileges

sudo -i: start a root shell

su username: switch to another user account
getent passwd: display all local users
getent group: display all local groups
newgrp groupname: switch to a new group
chgrp groupname file/directory: change the group ownership of a file/directory
sudo chown username:groupname file/directory: change the owner and group of a file/directory
sudo useradd -m username: add a new user with a home directory in a private group
sudo useradd -m -N username: add a new user with a home directory in the default group
sudo useradd -m -r username: add a new system user with a home directory
sudo usermod username: modify a user account

usermod username -a -G groupname: add a user to a group
useradd -d: shows the default options for creating a user account, including the default shell and home directory location

sudo groupadd groupname: add a new group
sudo groupmod groupname: modify a group
sudo groupdel groupname: delete a group
sudo gpasswd -a username groupname: add a user to a group
id: display user identity information

id -Gn: display the name of the current user's primary group

who or w: display who is logged in
lastlog: display the last login of all users

Permissions:

ls -l file/directory: display detailed info about a file including permissions

Linux system will match the file permissions to the userID first, and if no match was found, then the groupID, and finally others
Linux permissions are not cumulative so permission from one group does not affect the others
Deleting a files has to do with the directory permissions and not the file permissions
Symbolic Permissions

r: read permission
w: write permission
x: execute permission

Octal Permissions

7: read + write + execute
6: read + write
5: read + execute
4: read
2: write
1: execute

chmod permissions file/directory: change the permissions of a file or directory

chmod u=r,g=rw,o=rwx file/directory: change permissions symbolically for user, group, and others
chmod u-w file/directory: remove write permission for the user
chmod u+w file/directory: add write permission for the user
chmod 755 file/directory: change permissions using octal notation

Networking:

ip a: display all network interfaces and their IP addresses

ifconfig/ipconfig:(deprecated) display all network interfaces and their IP addresses
For ipv4 address 127.0.0.1/8 address, the 127 is the network while 0.0.0.1 is the host with a mask of 8
For ipv4 address 192.168.0.21/24 address, the 192.168.0 is the network while 21 is the host with a mask of 24
For ipv6 address 2001:db8:abcd:0012::0/64 address, the 2001:db8:abcd:0012 is the network while 0 is the host with a mask of 64

arp -a: list all systems on the local network, ie the ARP cache
ping hostname: send ICMP ECHO_REQUEST to network hoststo check connectivity

Example: ping google.com or ping 192.168.0.1

traceroute/tracert hostname: trace the path to a network host
route: display or modify the IP routing table
getent hosts: display IP address and hostname mappings in the local host file
host hostname: display IP address for a hostname
dig hostname: display DNS information for a hostname
netstat: display all active network connections on the device

ss: display socket & network statistics on Linux systems

ss -t: shows active TCP sockets
ss -at: shows all TCP sockets
ss -atn: shows all TCP sockets with numeric port numbers
ss -atnp: shows all TCP sockets with numeric port numbers and process information
ss -u: shows active UDP sockets

nmap: scan remote device for opened ports; network exploration tool and security scanner

nmap -sT -sU localhost: shows the open TCP and UDP ports on the local machine

nc: opens network connections for reading/writing data across network connections in raw text

The command is only available on Mac and Linux systems. But apps like PuTTY/Telnet can be used instead on Windows systems
telnet hostname portNumber : opens a Telnet connection to a remote host through a specified port

Firewall:

ufw: Uncomplicated Firewall, a user-friendly interface for managing firewall rules on Linux systems

ufw enable
ufw status: will also list the current rules of the firewall; if no rules are listed then all inbound traffic will be blocked
ufw allow portNumber/tcp: allow incoming TCP traffic on a specific port
sudo ufw allow from [hostname] to [remoteAddress/any] app [appname] - allow traffic from a specific host to all the ports listed by the app profile
ufw app list: list available applications for firewall rules

ufw app info {appname}: display information about a specific application

ufw delete 2: delete the second rule on the list from ufw status

CMD Commands

Common Terminal Commands (macOS/Linux vs Windows PowerShell)
Task	macOS / Linux	Windows (PowerShell)	Example
Show current directory	pwd	Get-Location (alias: pwd)	`pwd`
List files	ls	Get-ChildItem (alias: ls)	`ls -la`
Change directory	cd	Set-Location (alias: cd)	`cd projects`
Move up one directory	cd ..	Set-Location (alias: cd ..)	`cd .. projects`
Make directory	mkdir	New-Item -ItemType Directory (alias: mkdir)	`mkdir assets`
Remove empty directory	rmdir	Remove-Item -Force (alias: rmdir)	`rmdir old`
Remove directory (recursive)	rm -r	Remove-Item -Recurse	`rm -rf build`
Copy file	cp	Copy-Item (alias: cp)	`cp a.txt b.txt`
Move/Rename	mv	Move-Item (alias: mv, ren)	`mv app.js app.old.js`
Delete file	rm	Remove-Item (alias: rm, del)	`rm notes.tmp`
View file (print)	cat	Get-Content (alias: cat, type)	`cat README.md`
Paged view	less / more	more	`less big.log`
Search in files	grep	Select-String (similar to grep)	`grep -R "TODO" .`
Find files by name	find	Get-ChildItem -Recurse	`find . -name "*.js"`
Show running processes	ps / top	Get-Process	`ps aux`
Kill process	kill / kill -9	Stop-Process / taskkill.exe	`kill -9 12345`
Show username	whoami	whoami (or $env:USERNAME)	`whoami`
Environment variables	printenv / export	Get-ChildItem Env: / $env:VAR=	`printenv PATH`
Make empty file	touch	New-Item file.txt (or > file.txt)	`touch .gitignore`
Download HTTP	curl / wget	Invoke-WebRequest (alias: curl, iwr)	`curl -O https://example.com/file.zip`
Archive (tar)	tar	tar (on recent Windows) / Compress-Archive	`tar -czf site.tgz dist/`
Disk usage	du -sh	Get-ChildItem \| Measure-Object -Sum Length	`du -sh *`
Free disk space	df -h	Get-PSDrive	`df -h`
Network config	ifconfig / ip	ipconfig	`ipconfig`
Ping host	ping	ping	`ping example.com`
Change file mode	chmod	(No direct equivalent; use file properties/ACLs)	`chmod +x script.sh`
Change owner	chown	(Use icacls / Set-Acl)	`sudo chown user:group file`
Print text	echo	Write-Output / echo	`echo "Hello"`
Show manual/help	man	Get-Help	`man ls`

npm Commands

Command	Alias	Purpose	Example	Notes
`npm init`	—	Create a `package.json`	`npm init -y`	`-y` skips prompts with defaults.
`npm --version`	npm -v	Check installed version of npm
`npm install <pkg>`	`npm i`	Install a dependency	`npm i react`	Saved to `dependencies` by default.
`npm install --save-dev <pkg>`	`npm i -D`	Install a dev dependency	`npm i -D typescript`	Saves under `devDependencies`.
`npm install`	`npm i`	Install from `package.json`	`npm install`	Reads versions from `package.json`/`package-lock.json`.
`npm uninstall <pkg>`	`npm remove`, `npm rm`	Remove a dependency	`npm uninstall lodash`	Updates `package.json` and lockfile.
`npm update`	`npm up`	Update deps within semver ranges	`npm up`	Uses ranges in `package.json`.
`npm outdated`	—	Show available updates	`npm outdated`	Compares current, wanted, latest.
`npm run <script>`	—	Run a script from `package.json`	`npm run build`	Scripts are under `"scripts"`.
`npm start`	—	Run `scripts.start`	`npm start`	Shortcut for `npm run start`.
`npm test`	`npm t`	Run `scripts.test`	`npm test`	Shortcut for `npm run test`.
`npm exec <bin>`	`npm x`	Run a package binary	`npm exec eslint .`	Uses local `node_modules/.bin` if present.
`npx <bin>`	—	Execute a package (no install)	`npx create-vite@latest`	Convenience tool bundled with npm.
`npm list`	`npm ls`	List installed packages	`npm ls --depth=0`	Add `--depth=0` for top-level only.
`npm view <pkg>`	`npm v`, `npm info`	Show package metadata	`npm view react version`	Great for checking latest versions.
`npm audit`	—	Scan for vulnerabilities	`npm audit`	Use `npm audit fix` to apply fixes.
`npm cache clean --force`	—	Clear npm cache	`npm cache clean --force`	`--force` required for cleaning.
`npm ci`	—	Clean install from lockfile	`npm ci`	Faster, reproducible installs (CI).
`npm link`	—	Symlink a package for local dev	`npm link`	Use in package & consumer repos.
`npm pack`	—	Create a tarball of the package	`npm pack`	Useful to inspect what will publish.
`npm publish`	—	Publish to the registry	`npm publish --access public`	Requires login & proper settings.
`npm login` / `logout`	—	Authenticate with the registry	`npm login`	Stores credentials for publish, etc.
`npm version <type>`	—	Bump version & tag	`npm version patch`	`patch` \| `minor` \| `major` or exact.
`npm prune`	—	Remove extraneous packages	`npm prune`	Keeps only what’s in `package.json`.
`npm dedupe`	`npm ddp`	Reduce duplicate dependencies	`npm dedupe`	Flattens dependency tree where possible.
`npm config get/set`	—	Manage npm config	`npm config set registry <url>`	Use `--global` for global config.
`npm doctor`	—	Diagnose common issues	`npm doctor`	Checks environment & configuration.
`npm fund`	—	Show funding info	`npm fund`	Lists packages seeking funding.
`npm explain <pkg>`	—	Explain why a pkg is installed	`npm explain ansi-regex`	Shows dependency path(s).

Tools

Quick Reference

Linux Commands

CMD Commands

npm Commands