https://www.stationx.net/unix-commands-cheat-sheet/
$ touch [-d|t] # creation date/time
$ mkdir
$ mv
$ cp [-r] # recursive
$ rm [-rf] # remove, force
> Xcopy /E /I <SourceFolder> <DestinationFolder>
$ ls [-laRh] # list, all, recursive, human-readable
$ ll # ls -l
$ la # ls -a
$ type nul > <file.txt>
$ echo.> <tile.txt>
$ echo
$ cat
$ less
$ more
$ head
$ tail
$ sudo <user>
$ sudo -l # current user privileges
$ shutdown -r now
$ gnome-session-quit # logout
$ dd if=<dir> of=<dir> # input/output
$ sudo rm -frv ~/.Trash
> del /s /q /f /a .DS_STORE
> del /s /q /f /a ._.*
> powercfg /batteryreport
$ clear && printf '\\e[3J' # fully clear terminal
<command> > file.txt # write output to file
<command> | tee (-a) file.txt # stdout and >>
<command> 2> file.txt # error codes
<command> >> file.txt # append output to file
<command> | tee file.txt # to STDOUT and file
<command> < file.txt # use file as input for command
file.txt | <command> # same as <
<command1> && <command2> # second if first successful
<command1> || <command2> # second if first fails
<command1> ; <command2> # do both commands even if first fails
<command1> | <command2> # pass output of first to second
<command> | xargs <command> # use output of first as arguments for second
<command> | [cut|sort|uniq|..]
<command> | xclip -sel c # to clipboard, inc pwd
<command> -- <input> # -- signifies end of options/parameters
# e.g. rm -f -- -f # force remove a file called -f
# system
$ uname -a
$ hostname [-s|f]
/etc/hostname
$ hostnamectl set-hostname <hostname>
$ nmcli general hostname [<hostname>] # [] to change
$ timedatectl [set-ntp no]
$ date [+%D -s YYYY-MM-DD]
$ date [+%T -s hh:mm:ss -u]
$ hwclock [-w|-s|--set --date "MM/DD/YYYY[ hh:mm:ss]"] # -w sys->hw, -s hw->sys
/usr/share/zoneinfo/ # timezones available
$ cp /usr/share/zoneinfo/[location] /etc/localtime
/etc/hosts
# file type
$ file <file>
# metadata
$ stat <file>
# open file
$ xdg-open . # file manager
$ xdg-open <file> # default program
$ od -t [c|o|h|...] <file> # open as ascii/octal/hex/etc
# mounting
$ mount # list currently mounted
$ mount </dev/sdb1> </mnt/dir>
$ umount
/etc/fstab # automounting, settings, quota etc
$ df -ah # disk free; all, human-readable
$ du # disk usage; -s for whole folder, -h for MB/GB not B
$ ncdu / # interactive df
$ [watch] free # live
$ fdisk -l # list disks
$ fdisk </dev/sba> # edit partition table
$ sfdisk # similar to fdisk
$ mkfs # create filesystem
$ mke2fs
$ fsck # filesystem check
# xfs filesystems
$ xfs_info, xfs_growfs, xfs_admin, xfs_repair, xfs_db
# ext filesystems
$ tune2fs, dumpe2fs, debugfs
$ quotacheck [-augvf]
$ repquota [-augvs]
$ quotaon [-augv]
$ setquota [-u|g] [<user>|<group>] <args>
$ edquota [-u|g] [<user>|<group>]
$ gparted
# eject disks or they'll be locked
$ dmesg
# explains linux filesystem (hierarchy)
$ man hier
# services
$ systemctl status/start/stop/enable/disable/reload/restart <service> # 'new' style
$ service <name> status/start/stop # 'old' style
$ update-rc.d
# logs
/etc/rsyslog.conf
/etc/logrotate.conf
$ logrotate
$ logger
$ journalctl
-p crit
--list-boots
--boot=<code>
# links
$ ln [-s] <file> <link> # make [symbolic] link - for s, use absolute path
# scalpel
# edit /etc/scalpel/scalpel.conf to determine types of files to find
$ scalpel -b -o <output_folder> <file.img>
# PowerShell rename to add folder name
PS> dir | Rename-Item -NewName {$_.Directory.Name + " - " + $_.Name}
# search file for search_term
$ grep "search_term" <file/directory>
*.* # search all files in directory
./* -R # search all files in directory and subdirectories
-- -n # search for -n
-i # ignore case
-w # full words
-R # recursive
-n # which line of file it is
-v # invert (i.e. not)
-A1 # print 1 line above
-B1 # print 1 line below
-C1 # print 1 linerm of context
grep "^......$" rockyou.txt > rockyou6letters.txt
> dir /s <file>
> dir /a /r .DS_STORE
$ find <start-location>
-name "<filename>"
-iname "<filename>" # ignore case
-type [d|b|c|l] # dir block char link
-size <#[k|M|G|...]
-maxdepth <2>
-perm </111> # permissions
-exec <cmd> '{}' \\;
$ locate <file>
$ updatedb # to reindex
# see also: fdfind
# find line # of file
sed '#q;d' <file>.txt
$ which <file> # searches path for binary
$ whereis <file> # also man pages, source files, etc
> <command> | findstr "<string>"
> tasklist | find "<search_term>"
$ jobs
$ fg <job-id> # bring job to foreground
$ <command> & # immediately send job to background
ctrl-z # send job to background
$ ps
-ef # all, full format
-[u/g/p] # user, group, pid
aux # lots
$ pstree
$ strace
$ top # bit like task manager, htop better
$ mpstat
$ sar
$ iostat
$ vmstat
$ perf
$ echo $$ # terminal PID
$ pidof <process>
$ cd /proc/<pid>
$ cat [stat|status|maps|uptime|...]
$ nice -n <+|-#> <application> # for new process
$ renice <+|-#> # for running process
-p <pid>
-u <user>
$ kill <num> <pid> # num opt, default 15, 9 is extreme kill
$ pkill
$ xkill # click window
$ lsof # list open files
<path/to/file> # processes using file
-p <pid>
-i :80 # port 80
-i tcp
$ w # is logged in, with info
$ last # last logged in users
$ who # is logged in
$ adduser <new_user> # useradd also available; do not use -p
$ groupadd <new_group>
$ addgroup <user> <group> # e.g. sudo
$ deluser <user> # userdel also available
$ passwd <user> # change password
$ chage -[d|E|m|M] # <user> # password rules
$ usermod
-L/U <user> # un/lock
-l <new_username> <old_username>
-u <user_ID> <user>
-e <expiry-date> <user>
-d <days-until-password-expires> <user>
aG <group-to-add-user-to> <user> # wheel for CentOs root
$ ulimit
$ chown [-R] <user>[:<group>] <file> # recursive
$ chgrp [-R] <group> <file>
$ chmod [-R] <num><num><num>
# owner group all
# binary-coded decimal; 4 read 2 write 2 execute
$ chmod +x <file>
$ chmod [ugoa][=+-][rwx|s] <file> # user group others all ; read write execute, can mix and match ; guid
$ umask # what permissions to *remove* for new files
$ chattr [+|-]i <file> # immutable
$ lsattr <file> # check immutability
$ getfacl <file>
$ setfacl [-[m|x] [u|g]:[<user>|<group>]:<permission>] [-R] <file>
-d # default
# Pluggable Authentication Modules (PAM)
$ ldd </usr/sbin/sshd> | grep libpam.so # is <sshd> PAM-aware?
$ gedit /etc/pam.d/sshd && gedit /etc/pam.d/login
auth required pam_listfile.so \\
onerr=succeed item=user sense=deny file=/etc/ssh/deniedusers
$ gedit /etc/ssh/deniedusers && chmod 600 /etc/ssh/deniedusers
<user-to-block-ssh-access> # e.g. root
$ su <username> # change user
$ sudo -i # access root on Ubuntu
# see superusers
$ cat /etc/group | grep sudo
# setuid/SUID and setguid/SGID binaries
$ find / -perm -4000 -o -perm -2000
# password requirements
/etc/login.defs
/etc/passwd # see users
/etc/shadow # see hashes
# linux
$ sha256sum <file>
$ sha1sum <file>
$ md5sum <file>
$ echo -n <string> | md5sum
# powershell
PS> get-filehash -algorithm <md5/sha1> <file>
# baselining
> fciv "C:\\Program Files" -r -xml c_programfiles_baseline.xml
> fciv -v -xml c_programfiles_baseline.xml > hashcheck.txt
# base64
$ echo "<thing>" | iconv -t utf-16le | base64 -w 0 # for powershell -enc
/etc/chron.d/ # user
/etc/crontab # global
$ crontab -e # edit, init
$ crontab -l # list
$ anacron # if system off, at next possible time
$ at <time> -> <actions> -> ctrl-d
-l # list
-d # delete
# allow/block users from editing
/etc/[at|cron].[allow|deny]
> schtasks /create /SC hourly /TN <name> /TR <path-to-python path-to-file>
/ST 15:00 # start time at 3pm
/SC MINUTE/HOURLY/DAILY/WEEKLY/MONTHLY # frequency
> schtasks /query /TN <name>
> schtasks /delete /TN <name>
# <https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks>
man <command>
whatis <command>
apropos <command> # search manual page names
# windows
<command> /?