Linux Commands Cheat Sheet

Essential Linux command-line reference — files, permissions, processes, networking, and search for everyday and pentest use.

Utilities & ShellsbashclilinuxsysadminterminalUpdated 2026-06-17

Overview

The core Linux commands you reach for constantly: navigating the filesystem, managing permissions and processes, inspecting the network, and finding things. A solid base for sysadmin work and the foundation for post-exploitation enumeration on a foothold.

Authorized use only. Run commands only on systems you own or have permission to access.

Files & navigation

List all files with details and hidden ones

ls -la

Jump back to the previous directory

cd -

Copy / move / remove

cp -r src dst   /   mv src dst   /   rm -rf dir

Find files by name (suppress errors)

find / -name '*.conf' 2>/dev/null

Create / extract a gzip tarball

tar czf out.tar.gz dir/   /   tar xzf out.tar.gz

Create a symlink

ln -s /target linkname

Viewing & searching text

Print / page / first lines / follow a log

cat / less / head -n 20 / tail -f file

Recursive, case-insensitive search with line numbers

grep -rin 'pattern' /path

Extract only matching parts (IPs here)

grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' file

Print a field split on a delimiter

awk -F: '{print $1}' /etc/passwd

Count and rank unique lines

sort file | uniq -c | sort -rn

Permissions & ownership

Set numeric perms / make executable

chmod 755 file   /   chmod +x script.sh

Change owner and group

chown user:group file

List what you can run as root (key for privesc)

sudo -l

Find SUID binaries

find / -perm -4000 -type f 2>/dev/null

Show the default permission mask

umask

Processes & system

List and filter processes

ps aux | grep proc

Live process/resource monitor

top   /   htop

Force-kill by PID / by name

kill -9 PID   /   pkill name

Disk free / per-item disk usage

df -h   /   du -sh *

Service status / its logs

systemctl status sshd   /   journalctl -u sshd

Kernel / distro info

uname -a   /   cat /etc/os-release

Networking

Interfaces and addresses / routing table

ip a   /   ip route

Listening TCP/UDP sockets with PIDs

ss -tulpn

Show your public IP

curl -s ifconfig.me

Reachability / DNS lookup

ping -c 4 host   /   dig host

Copy a file over SSH

scp file user@host:/tmp/

Handy one-liners

Re-run the last command with sudo

sudo !!

Search your command history

history | grep ssh

Make all .sh files executable

find . -name '*.sh' -exec chmod +x {} +

Watch a command refresh every 2s

watch -n2 'ss -tulpn'

Show the 10 largest files under a path

du -ah /var | sort -rh | head -10

Tips

Append 2>/dev/null to find/grep to hide permission-denied noise.
sudo -l is the first command to run on a new shell — it often reveals an instant privesc.
Use 'man cmd' or 'cmd --help' when unsure; 'tldr cmd' gives quick examples if installed.
ss has replaced netstat on modern systems — ss -tulpn is the go-to for listening ports.