Skip to content

Latest commit

 

History

History
449 lines (343 loc) · 10.3 KB

nix.md

File metadata and controls

449 lines (343 loc) · 10.3 KB
Raw

adduser

# add a new user interactively
sudo adduser '<NEW_USERNAME>'

# add a new service account interactively
sudo adduser --disabled-password '<NEW_USERNAME>'

# add a new service account non-interactively
sudo adduser --disabled-password --gecos "" '<NEW_USERNAME>'

curl

# perform a GET request, print headers to stdout
curl -s -L -D - -o /dev/null '<URL>'

dd

# Write ISO to a USB.  Be sure to unmount any mounted partitions before attempting.
sudo dd bs=4M if='<PATH_TO_ISO>' of='<PATH_TO_USB_BLOCK_DEVICE>' && sync

diff

# recursively compare two directories and list differences
diff -rq directory1/ directory2/

# diff output of 2 commands
diff <(command1 arg1 arg2) <(command2 arg1 arg2)

dig

# get everything
dig example.com

# return MX records only
dig example.com MX

# use a specific dns server (e.g. cloudflare)
dig @1.1.1.1 A 'example.com'

eyeD3

eyeD3 -A '<ALBUM_NAME>' -b '<ALBUM_NAME>' --add-image '<PATH_TO_FILE>':FRONT_COVER '<INPUT_MP3>'

exiftool

# delete all GPS and XMP metadata from a media file
exiftool -gps:all= -xmp-exif:all= '<FILES_TO_PROCESS>'

find

# find all files in a directory older than 10 days and delete them
find '<PATH_TO_DIRECTORY>' -mtime +10 -name '*.pdf' -type f -delete


# Recursively delete music metadata files
find . -name '*.nfo' -type f -delete
find . -name '*.m3u' -type f -delete
find . -name '*.m3u8' -type f -delete

git

# remove a file from git index but don't delete the local copy.
git rm --cached '<PATH_TO_FILE>'

# squash the last 3 commits
git reset --soft HEAD~3 && git commit -m '<NEW_MESSAGE>' && git push -f

# delete the most recent commit and rollback changes to the previous commit
git reset --hard HEAD~1

# add upstream to a GitHub fork
git remote add upstream 'https://github.com/<ORIGINAL_OWNER>/<ORIGINAL_REPOSITORY>.git'

# sync a GitHub fork with master.  Be sure to have added 'upstream' as a remote
git fetch upstream && git checkout master && git merge upstream/master

# show content of last stash
git stash show -p

# delete your local changes and replace with what is currently on master
git fetch --all && git reset --hard origin/master

# don't use your system keychain for this repository
git config --local credential.helper ""

# Have git prompt for your new password next push
git config --global --unset user.password

# sync a branch with master
git checkout master && git pull && git checkout '<BRANCH_TO_SYNC>' && git merge master

# cherry pick a commit
git cherry-pick -x '<COMMIT_SHA>'

# clear saved git passwords in macOS keychain, make sure to press enter key after each line.
git credential-osxkeychain erase
host=github.com
protocol=https

# permanently delete all dangling commits
git reflog expire --expire-unreachable=now --all
git gc --prune=now

gpg

# generate a key
gpg --full-generate-key

# list keys and show short IDs (used by gradle)
gpg --list-keys --keyid-format SHORT

# list keys for which I have both the public and private keys
gpg --list-secret-keys --keyid-format LONG

# Print GPG public key in ASCII armor format
gpg --armor --export "<GPG_KEY_ID>"

# Publish a public key (using Ubuntu's keyservers)
gpg --keyserver keyserver.ubuntu.com --send-keys "<GPG_KEY_ID>"

# Force gpg to output a secring.gpg file in the current directory
gpg --export-secret-keys -o secring.gpg

grep

# recursive grep for text in files 
grep -rnw '<ROOT_DIRECTORY_TO_SEARCH>' -e '<PATTERN>'

groups and users

# list current user's groups
groups

# list another user's groups
groups '<USERNAME>'

# Add existing user to new group
sudo usermod -a -G '<GROUP_TO_ADD>' '<USERNAME>'

# list users on a system
compgen -u

imagemagick

# Remove a white background from an image
convert '<INPUT_FILE>' -fuzz 20% -transparent white out.png

# Make a GIF from JPG files in a directory
convert -dispose none -loop 0 -delay 100 *.JPG -resize 20% out.gif

# Create a favicon from a square png
convert '<SOURCE_PNG_FILE>' -background transparent -define icon:auto-resize=16,24,32,48,64,72,96,128,256 favicon.ico

# Convert a pdf to png (high resolution)
convert -density 288 '<INPUT_PDF>' '<OUTPUT_PNG>'

# Convert a svg to png with height 1000, high density, and alpha transparency
convert -resize x1000 -density 1200 -background none '<INPUT_SVG>' 'OUTPUT_PNG'

# get detailed information about an image
magick identify -verbose '<PATH_TO_IMG>'

iperf3

# Start iperf3 server
iperf3 -s

# connect to server with iperf3 client
iperf3 -c '<SERVER_IP>'

lsof

# Quickly (-n) list all open sockets by port (-P) on local device
lsof -Pn -i4

ln

# create symlink.  Omit trailing slashes
ln -s '<DIRECTORY_TO_LINK_TO>' '<NEW_SYM_LINK_NAME>'

nginx

# restart an nginx service
sudo nginx -t && sudo systemctl restart nginx

nmap

# Scan all ports, no ping (-Pn), no DNS resolution (-n, helps reduce scan time)
nmap -n -Pn -p 0-65535 127.0.0.1

# Scan specific ports, no ping
nmap -Pn -p 80,443,555 127.0.0.1

# Scan all ports, be aggressive, probe for OS/app versions
nmap -p 1-65535 -T4 -A -v 127.0.0.1

# Host discovery on a CIDR range
nmap -sP 10.0.1.0/24

other options

  • -A - enables OS/version detection, script scanning, and traceroute
  • --allports - enables scanning on 9100, a printer port. Caveat: some printers print anything sent to this port.
  • -T4/-T5 - use an aggressive/insane timing template

nc

# check if a port is open, close connection immediately
nc -vz '<SERVER_IP>' '<PORT>'

php

# Initalize a dev php server at localhost:8080 rooted at ./public_html
php -S localhost:8080 -t public_html/

ps

# get process name if you have its pid
ps -p '<PID>' -o comm=

# get detailed information about process with PID
ps -Flw -p '<THE_PID>'

rdfind

# Recursively delete duplicate files in a directory
rdfind -deleteduplicates true '<PATH_TO_DIRECTORY>'

rsync

# archive, show progress, delete files on dest.  Note trailing slash on SOURCE_FOLDER
rsync -avh --progress --delete "<SOURCE_FOLDER>/" "<DEST_FOLDER>"

# archive, use ssh to copy to dest on server
rsync -avh "<SOURCE_FOLDER>/" "[email protected]:<DEST_FOLDER>"

notes

-a stands for "archive mode", implies:

  • -r: recursive
  • -l: copy symlinks as symlinks
  • -p: preserve permissions
  • -t: preserve times
  • -g: preserve group
  • -o: preserve owner (super-user only)
  • -D: preserve device files and special files

other interesting args:

  • -v - verbose
  • -h - human readable
  • -P - show progress bar and keep partially copied files
  • -n - dry run
  • --delete - delete files on dest which are not in source
  • -u - skip files that are newer on destination

pgrep

# compare against entire process name (why isn't this the default?!)
pgrep -f '<PATTERN>'

poppler

# Extract images from pdf
pdfimages -all '<INPUT_PDF>' '<OUTPUT_DIR>/<IMAGE_PREFIX_TO_USE>'

screen

# Start a new screen
screen '<PROGRAM_TO_RUN>' '<PROGRAM_ARGUMENTS>'
  • Enter command mode, use shortcut Control + a while running a screen.
  • To detach from the screen, press d.
  • To kill the current screen, press k.
  • To get documentation, press ?.
# List screens from bash
screen -ls

# Reattach a screen
screen -r '<PID>' # pid comes from doing screen -ls

samba

# create or change password of samba user
smbpasswd -a '<USERNAME_TO_CREATE_OR_CHANGE>'

# enable the account of an existing samba user
sudo smbpasswd -e '<USERNAME_TO_CREATE_OR_CHANGE>'

# create a system user for use with samba
sudo adduser --no-create-home --shell /usr/sbin/nologin --disabled-password --disabled-login --ingroup sambashare '<USERNAME>'

# Various ways to get status/information about smbd:
smbstatus
pdbedit -L -v
net usershare info --long
smbtree

sox

# Generate a spectrogram for an audio file
sox '<INPUT_FILE>' -n spectrogram -o out.png

ssh

# run a local script on a server
ssh 'username@hostname' 'bash -s' < '<LOCAL_PATH_TO_SCRIPT>'

# List supported key types on a client
ssh -Q key

# Probe a server about its supported ssh algorithims
nmap --script ssh2-enum-algos -sV -Pn -p 22 '<HOSTNAME_OR_IP>'

# Get info about an existing ssh key (either pub or priv key)
ssh-keygen -l -f '<PATH_TO_FILE>'

# Remove an entry from known_hosts
ssh-keygen -R '<HOSTNAME_OR_IP>'

# Generate a new ed25519 priv/pub pair (best practice)
ssh-keygen -t ed25519 -C '<DESCRIPTION>'

# Generate a new rsa priv/pub pair (legacy systems)
ssh-keygen -t rsa -b 4096 -C '<DESCRIPTION>'

systemctl/systemd

# get status of a service
systemctl status '<SERVICE_NAME>'

# enable service at boot
systemctl enable '<SERVICE_NAME>'

# list all known services
systemctl list-units --all

# list all known unit files
systemctl list-unit-files

# display a unit file
systemctl cat '<SERVICE_NAME>'

# display service's dependencies
systemctl list-dependencies '<SERVICE_NAME>'

# mark a service as unstartable by nobody
systemctl mask '<SERVICE_NAME>'

# unmask a service and return it to its previous state
systemctl unmask '<SERVICE_NAME>'

# reload unit files after editing them
systemctl daemon-reload

tar

# Extract .tar.gz
tar -xvzf '<PATH_TO_TAR_FILE>'

# Create .tar.xz, based out of the specified dir
tar -cJf '<NAME_OF_FILE>.tar.xz' -C 'DIR_TO_USE_AS_ROOT_OF_TAR' .

# Create .tar.xz, use as many threads as possible
XZ_OPT='-T0' tar -cJf '<NAME_OF_FILE>.tar.xz' .

ufw

# see all registered firewall profiles
ufw app list

# allow a profile/rule
ufw allow '<PROFILE/PORT>'

# show status
ufw status

# show status with rule priority
ufw status numbered

# delete a rule with id obtained from 'ufw status numbered'
ufw delete '<RULE_ID>'

# start firewall
ufw enable

wget

# download all media files on a page
wget -nd -r -l 1 -H -A png,gif,jpg,svg,jpeg,webm -e robots=off '<WEBSITE_URL>'

# recursively download the contents of a website
wget -e robots=off -m -k -np -w 5 '<URL>'

# download contents of an open directory (not recursive)
wget --no-directories --no-parent -r -l 1 -H '<URL>'

whois

# get whois data for host
whois example.com

xxd

# view binary files
xxd -b '<THE_FILE>' | less

yt-dlp

# rip embedded vimeo
yt-dlp '<LINK_TO_VIDEO>' --referer '<LINK_TO_PAGE_VIDEO_IS_EMBEDED_ON>'