Misc. Helpful Linux Commands and Tricks


Over the years, I've slowly accumulated an assortment of useful command snippets and names of programs which I've found useful, but don't use often enough to remember. I'm trying to clean out my digital junk drawer today and figured my website was as good a place as any to keep track of these.

0. Store and encrypt default MySQL credentials

This is taken directly from the wonderful Stack Overflow answer here.

Yes, you can store default credentials and other options in your home directory, in a file called $HOME/.my.cnf

$ cat > $HOME/.my.cnf
user = scott
password = tiger
host = mydbserver

In MySQL 5.6, you can also store an encrypted version of this file in $HOME/.mylogin.cnf, see (dev.mysql.com)[http://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html]

$ mysql_config_editor set --user=scott --host=mydbserver --password
Enter password: ********
WARNING : 'client' path already exists and will be overwritten.
 Continue? (Press y|Y for Yes, any other key for No) : y

$ mysql_config_editor print --all
user = scott
password = *****
host = mydbserver

1. Logging cron output to syslog instead of email

I use cron a lot, but find it's default behavior of sending the results to email annoying. I rarely check the local email, especially for servers that don't need frequent maintenance. So sending that output to syslog (where I'm more likely to see errors) is an improvement in my opinion. To do that for a specific line/command in your crontab, append 2>& | /usr/bin/logger -t crontab to it. So your crontab might look something like this:

0 1 * * * rsync -a user@server:/srv/* /backups/server/srv/ 2>&1 | /usr/bin/logger -t crontab

The -t flag allows you to set the "tag" shown in syslog along with each line of output, so you can replace crontab with whatever you like.

2. Find how many CPUs, Cores, and Threads a server has

This is especially useful for sorting out how many of the CPUs showing up in top or htop are physical.

lscpu | egrep '^Thread|^Core|^Socket|^CPU('

3. Get the number of updates available (and how many of those are security updates) [Ubuntu-specifc]

/usr/lib/update-notifier/apt-check --human-readable

4. Check whether a reboot is required (due to previous updates) [Ubuntu-specific]


5. Find all local users in a group (e.g. sudo)

grep -Po '^sudo.+:\K.*$' /etc/group

6. Find all computers on the LAN

sudo arp-scan -l --interface=eth0

7. Find all ports listening on this server

This is really well known, but I don't do it enough to remember.

sudo netstat -tlpn

8. See who is logged in and what command they are currently running

This is nice to quickly see who is logged in similar to users but w also shows what they're running along with load and uptime information:

john@your-server ~ $ w
 14:17:48 up 9 days, 21:47,  2 users,  load average: 0.08, 0.02, 0.00
USER    TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
john    pts/0      14:16   28.00s  0.08s  0.03s sshd: john [priv]
john    pts/1      14:17    0.00s  0.04s  0.00s w

9. See network stats

vnstat will likely require you to install it first at which point it will begin storing stats. However it's not resource intensive and provides a nice high-level overview.

Example output:

josh@josh-desktop ~ $ vnstat
Database updated: Tue Feb 20 13:37:56 2018

   eno1 since 05/11/2017

          rx:  143.49 GiB      tx:  85.87 GiB      total:  229.35 GiB

                     rx      |     tx      |    total    |   avg. rate
       Jan '18     12.66 GiB |   52.05 GiB |   64.72 GiB |  202.69 kbit/s
       Feb '18     34.28 GiB |    1.57 GiB |   35.85 GiB |  175.98 kbit/s
     estimated     48.53 GiB |    2.22 GiB |   50.75 GiB |

                     rx      |     tx      |    total    |   avg. rate
     yesterday      3.34 MiB |    9.75 MiB |   13.08 MiB |    1.24 kbit/s
         today     10.92 GiB |  242.78 MiB |   11.16 GiB |    1.91 Mbit/s
     estimated     19.25 GiB |     426 MiB |   19.67 GiB |

10. Have Apache provide less information to requests

By default, Apache will return the operating system name, its name, and version info. This can be nice, but it's mostly unnecessary and might be useful to hackers if you don't keep Apache updated (shame on you). To provide the least amount of info possible, change the following conf lines:

ServerTokens Prod
ServerSignature Off

11. Get LDAP record for a user

ldapsearch -x -LLL -H ldap://ldap.yourcompany.com:389 -t "uid=JohnDoe"

12. Check LDAP password for a user

ldapwhoami -vvv -h -p 389 -D 'uid=JohnDoe,ou=People,dc=YourCompany,dc=com' -x -W

13. Get the contents of an LDAP group

ldapsearch -ZZ -D 'cn=Manager,dc=YourCompany,dc=com' -W -x -b 'ou=Group,dc=YourCompany,dc=com' 'cn=GroupName'

14. Find and/or kill all process with a certain name (and belonging to a certain user)

15. CAC on Linux

sudo apt install coolkey libpcsclite1 pcscd pcsc-tools

16. Disable autostart for libvirt VM

virsh autostart YOUR_VM_NAME --disable