# Commands
## One liners
### Monitor folder size
Monitors a folder and checks if it increases or decreased since the last minute.
**Linux**
```
while true; do size=$(du -sh /root/ | awk '{print $1}'); echo "$size ($(echo $size - $prev | bc) change)"; prev=$size; sleep 60; done
```
## TMUX
### Search current pane
```
press Ctrl-b [ = to enter copy mode
press Ctrl-s = to start search
```
## vim
## ls
### Finds what directory someone ran a command in
**Linux**
```
ls -la /proc/$PID | grep cwd
```
## ps
### Process tree
A process tree shows how processes on the system are linked to each other; processes whose parents have been killed are adopted by the init (or systemd).
**Linux**
```
ps -aef --forest
```
## journalctl
### **Viewing Logs**:
* `journalctl`: Displays logs from the current boot session.
* `journalctl --boot=-1`: Displays logs from the previous boot session.
* `journalctl --since "2024-05-01 00:00:00" --until "2024-05-02 23:59:59"`: Displays logs within a specific time range.
### **Filtering Logs**:
* `journalctl _SYSTEMD_UNIT=unit_name.service`: Displays logs for a specific systemd unit (service).
* `journalctl _PID=1234`: Displays logs for a specific process ID (PID).
* `journalctl -u unit_name.service`: Displays logs for a specific systemd unit (service).
* `journalctl -p err`: Displays logs with a priority level of "err" (error) or higher.
### **Output Formatting**:
* `journalctl -o json`: Outputs logs in JSON format.
* `journalctl -o short`: Outputs logs in a compact, human-readable format.
* `journalctl -o verbose`: Outputs logs with additional metadata.
### **Real-time Logging**:
* `journalctl -f`: Displays logs in real-time, similar to `tail -f`.
### **Displaying Additional Information**:
* `journalctl --disk-usage`: Displays disk usage statistics of the journal.
* `journalctl --list-boots`: Lists all available boot sessions and their respective IDs.
* `journalctl --list-unit-files`: Lists available systemd unit files.
### **Other Options**:
* `journalctl --vacuum-size=1G`: Removes old journal files until the total disk space used by the journal is reduced to 1GB.
* `journalctl --rotate`: Forces rotation of the journal files.
### **Useful:**
* `journalctl -u sshd --since "2024-05-08 16:00:00" --until "2024-05-08 18:30:00"`: Check who logged in between two times
* `journalctl -u Splunkd --since "2024-05-08 17:00:00" --until "2024-05-08 18:30:00":` Check Splunk logs between two times
## Ansible
### **Run Adhoc Command on multiple servers**
inventory needs to be a list of hosts.
**Linux**
```
ansible -i inventory all -u $USERNAME --become -k -K -m shell -a 'sudo grep somestring /path/to/file/$FILE || echo "Not found"'
```
## tar
### Archive Folder
**Linux**
```
tar -zcvf $tarName.tar.gz $folderName
```
## du
### Show biggest to smallest folders
Below shows top 6 folders
**Linux**
```
du -ah /path/to/folder | sort -rh | head -6
```
## ln
### **The difference between a hard-link and a symbolic-link (soft-link)**
#### **Hard Link**
Hard link is a mirror copy of the original file. Deleting the original file will not impact anything, because the hard link file, will act as a mirror copy of the original file.
#### Symbolic Link
A symbolic link, also known as symlink or soft link, is a special type of file that points to source file or directory in Linux. It is like a shortcut in Windows which contains the path of the original file and not the contents. In general, Symbolic links are used to link libraries and log files & folders on mounted NFS (Network File System) shares.
### Creates links to files and folders
#### Create a symbolic link to a file (or folder)
**Linux**
```
ln -s path/to/file path/to/symlink
```
#### Overwrite an existing symbolic to point to a different file
**Linux**
```
ln -sf path/to/new_file path/to/symlink
```
#### Create a hard link to a file
**Linux**
```
ln path/to/file path/to/hardlink
```
## grep
### Grep OR Statement
**Linux**
```
grep "Eps=| HT=" /opt/splunk/superconnector/current/logs/agent.out.wrapper.log
grep "Eps=|HT=|C=" /opt/arcsight/smartconnector/2pcc_wuc_2k12_srv_64bit_01/current/logs/agent.out.wrapper.log
```
### GREP Number Range
**Linux**
```
grep -E 'M1CacheDropped=[0-9]{3}' agent.log*
```
### GREP with Square Brackets in string
**Linux**
```
grep -i "No Smb Transports found for the host \[someText\]"
```
### Grep Recursive and Ignore Folders
**Linux**
```
grep -R --exclude-dir=node_modules 'some pattern' /path/to/search
```
## dig
### Check if DNS is resolving host
**Linux**
```
dig @$DNS_Server_You_Want_To_Test $Server_Your_Looking_Up
```
## scp
### Receive folder from external machine to local machine
**Linux**
```
scp $USERNAME@$LOCAL_IP:$/$FOLDER/ $FILE
```
### Send local folder on local machine to external machine
**Linux**
```
scp $LOCAL_FOLDER $USERNAME@$EXTERNAL_IP:$FOLDER/
```
## git
### Squash commits before making merge request
**Linux**
```
git rebase -I HEAD~4 = 4 commits
git rebase -I sdds8e3esd
```
## telnet
### Testing if SMTP works
```
telnet $SMTP_SERVER 25
ehlo mydomain.com
mail from:
rcpt to:
data
This is a test, please do not respond
.
quit
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://jeffgthompsons-organization.gitbook.io/blue-team/operating-systems/linux/commands.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.