Linux commands provides users with a way to interact with the system at a basic level. Typically, these commands are executed within the terminal.
For this article, I have put together a list of Linux commands that I find useful and efficient. I will discuss not only my personal favorites but also ones that are handy for everyday users.
Why Are Linux Commands Important?
Linux commands are important to know because much of the user’s interaction with the Linux system will involve operations in the terminal. At their core, commands are stored as programs within the Linux system. Programs installed by default are stored in the /bin directory, while user-installed programs and commands are stored in the /usr/bin directory.
File and folder manipulation
Linux commands are useful for manipulating files and folders. They enable tasks like creating, deleting, moving, copying, and renaming files and folders.
An alternative to the GUI
Using Linux commands within the terminal presents an alternative to using the graphical user interface (GUI). By using commands, users can tap into the full potential of the operating system. The terminal often offers more flexibility and power than the GUI, resulting in faster and more efficient operations.
Linux commands can be incorporated into scripts, offering flexibility in performing operations.
Command line tools
Certain tools and applications are only available for use in the terminal using commands. Commands can be combined through the pipeline, and redirector operators can be used in the terminal – things that can’t be done in the GUI.
Basic-level OS interaction
Linux commands allow the user to engage with the operating system at a fundamental level. The terminal serves as a gateway to the OS. Mastering the terminal and use of commands grants complete access to the Linux OS' capabilities.
Efficiency in command line work
Working with commands in the command line often outpaces GUI interactions in terms of speed and efficiency. It also allows for the automation of repetitive tasks.
A Comprehensive List of the Best Linux Commands
Before reviewing this list, remember that you can get help with a specific command by simply typing the command followed by --help. Doing so will display all the available options for the command, often including switches and examples.
For more detailed information on a command, you can use the man command to access the manual pages (more on this below).
ls command (list files)
The ls command is used to list files. The command can be useful for providing a visual representation of the contents within a particular directory. In Figure 1, you can see the output of listing the file contents of my downloads folder.
Figure 1. Output of the ls command.
In Figure 2, I have used the -l and -a flags, representing “long” and “all” respectively. These flags produce an extended format of the command’s output, showing all files, including files that are hidden.
Figure 2. Output of the ls -la command. This format will show hidden files, which are usually prefixed with a dot (.).
cd command (change directory)
The cd (change directory) command is highly useful for navigating directories in the terminal. There are many ways to use the command.
To move into the parent directory of your current location, use the cd .. command.
The cd command can also take absolute and relative file paths for directory navigation. With an absolute file path, the command would look something like this (see Figure 3):
To use a relative file path, you only need to use part of the path. Here’s an example (see Figure 4):
Figure 3. Output of the cd command with an absolute file path.
Figure 4. Output of the cd command with a relative file path.
mkdir command (create a new directory)
The mkdir command is used to create new directories in the command line, as can be seen in Figure 5.
Figure 5. The mkdir command in action, creating a new directory.
cp command (copy files and directories)
The cp command enables you to copy files and directories across different locations. This command can also copy entire directories (folders). If you want to copy over a directory and its folder contents, use the -r option for recursion.
Figure 6. The cp command is used to copy a file to another directory.
mv command (move files and directories)
For relocating files or directories to new locations, or for renaming them, you can use the mv command. If you move a file or directory without assigning a new name, it retains its original name, as can be seen in Figure 7.
Figure 7. Demonstration of the mv command.
sudo command (execute commands with root privileges)
When working in IT, one should use the “least privileged rule.” This principle advocates operating with the lowest level of privilege necessary. Only when a specific administrative task is required should one escalate to administrator privileges, promptly reverting to standard or lower privileges afterward. This practice protects the system from potential damage resulting from accidental errors. In terms of security, this concept is important.
In Linux, the sudo command lets us execute a single command with elevated privileges, temporarily elevating the user to an administrative status solely for that task. Following completion, the user reverts to standard user status.
Some files in the file system require root privileges to access. Figure 8 shows this by using the sudo command to access the /etc/sudoers file, which is only accessible using root privileges.
Figure 8. The sudo command is used to access the sudoers file.
ifconfig command (display and modify network interfaces)
The ifconfig command is used to both display and modify network interfaces. When executed without any additional options, the command will display all the network interfaces on the system, along with their current status. The ifconfig command is powerful, so I recommend consulting the --help and man pages to learn its full capabilities.
A common use of the ifconfig command is to get the IP address of the system you are working on (see Figure 9).
Figure 9. Demonstration of the ifconfig command.
netstat command (display network connections and traffic)
The netstat command displays all network connections and traffic, as can be seen in Figure 10.
Figure 10. Output of the netstat command.
ping command (assess network connectivity)
The ping command is a powerful utility available on all operating systems. It allows you to check the status of your network, test that a remote host is available, and even send data, as it uses the Internet Control Message Protocol to work.
The ping command sends small packets of data to the remote system and requests a response. The output shows if any packets were dropped, as well as the time in milliseconds it took for the ping to occur. In Figure 11, I use the ping command to assess the status of the Google DNS server at 188.8.131.52.
Figure 11. The ping command is used to check network connectivity by sending ICMP packets to a remote host.
In Linux, the ping command will keep running until manually interrupted using the keyboard, which is activated by pressing Ctrl + C. So, when you have sent and received the desired amount of pings, use the keyboard interrupt to terminate the process. The terminal will then provide you with the status report.
man command (display detailed help for a command)
As noted earlier, the man command, short for “manual pages,” is used to get detailed guidance about a Linux command. In Figure 12 and Figure 13, I use the man command to get information about the ls command.
Figure 12. Using the man command to get information about the ls command.
Figure 13. Output of the man command.
You can navigate through the content of the manual pages using the up and down arrow keys. To exit the interactive terminal, simply press the q key.
zip command (create archives)
Creating compressed archive files is easily done with the zip command. The zip command is a powerful file packaging utility, allowing both compression and extraction. It also supports encryption and can be used to list an archive’s contents. Figure 14 shows the process of creating a compressed folder to house important files. In this example, the -r command ensures recursive inclusion, while a new archive with some folders is established.
Figure 14. The basic process of forming an archive using the zip command.
You could do the same thing with one directory or as many as you like. In the Figure 14 example, I archived three directories.
unzip command (extract archive files)
Archive files can be extracted using the unzip command (see Figure 15).
Figure 15. The unzip command extracts files from an archive.
curl command (download from the web)
The Linux curl command is both a command line tool and a library. It can be extremely useful in security contexts and worked into scripts. If you run the curl command with an IP address or a URL as the option, it will download the respective HTML page. The curl command is can download files from the World Wide Web, too. In Figure 16, I provide a simple example of getting an HTML version of the Ubuntu download page.
Figure 16. The simplest implementation of curl is to get the HTML version of a website.
To download a file using curl, use this command structure (shown in Figure 17):
Use the --output option to specify the desired name for the downloaded file. As an example, we will download a free GNU sticker book from here: https://www.cyberciti.biz/files/sticker/sticker_book.pdf. You must specify the output file with the -o option.
Figure 17. The curl command is used to download a PDF of a free GNU sticker book.
wget command (download from the web)
Much like the curl command, the wget command is another tool for downloading from the web. The wget command can also be run on scripts with multiple URLs.
Here’s how to check if Wget is on the system:
- On Debian-based systems, use the dpkg -l | grep wget command.
- On Red Hat and other Linux systems, use the rpm -q wget command.
Executing the command will display the system’s packages and pipe it to the grep command to search for the word “wget,” as shown in Figure 18.
Figure 18. Output of the dpkg wget | grep wget command to see if wget is installed on the system.
If wget is not installed, install it using sudo apt install wget. To see the wget version you are running on the system, use wget --version. To view the available options and get help, use the wget --help command.
To show the wget command in action, we will use the Index of gnu/wget to download a file from https://ftp.gnu.org/gnu/wget/.
Crucially, wget can be worked into scripts for downloading files. It will retrieve single files, storing them in the current directory. It also displays download progress, size, date, and time (see Figure 19).
Figure 19. The wget command is used to download from the internet.
grep command (search within files)
The grep command uses regular expressions to search. I use it frequently when doing memory forensics. Here’s my workflow: I run a plugin using volatility3 and use the standard output redirector to create a file with the artifacts that I want to search. Then, I simply run grep on this .txt file to look for things like attempted connections to command and control servers.
After I have run volatility3 and outputted the contents to a .txt file, I can now use grep to search for HTTP communication. I have used the NetScan plugin for this example, which returns network objects in memory.
Figure 20. This shows my use of volatility3 to output network objects to a .txt file that I will now search for port 3389 (which is used for Windows Remote Desktop Protocol). This opens up avenues for further exploration, such as digging deeper into processes, examining loaded libraries, and more.
Memory forensics with Volatility3 is beyond this article’s scope. My intention is to illustrate how grep helps me search files for digital forensics, as can be seen in Figure 21.
Figure 21. When I use the grep command to search for any string or character, it displays the result in red.
whoami command (display the currently logged-in user)
You can use the whoami command to display the currently logged-in user, as can be seen in Figure 22.
Figure 22. Output of the whoami command, telling us that it is grant that is logged in.
pwd command (display the working directory)
The pwd (“print working directory”) command is a fundamental and useful utility to display the file path of your current working directory (see Figure 23).
Figure 23. Demonstration of the pwd command.
arch command (get the current computer architecture)
The arch command may be good to know. In Figure 24, I used the arch command to reveal that I am using X86_64 architecture.
Figure 24. The arch command shows which type of instruction set architecture is in use.
chmod command (change file and folder permissions)
The chmod (change mode) command is a valuable tool for changing the permissions for specific roles. Initially, you select the role whose permissions you want to modify. In the terminal, the file owner is denoted by a u, the group by a g, and all other users by an o. We then use a plus symbol (+) to add permissions or a minus symbol (-) to remove permissions for a given role.
After specifying the role within the command, the actual permission is added as a parameter. In the Linux terminal, r is for read permissions, w is for write permissions, and x is for execute (run) permissions.
So, to add write permissions for the group role, the command would look like this:
sudo chmod g+w
The output can be seen in Figure 25.
Figure 25. Output of the chmod command to change the permissions for a file.
tar command (create and extract tar archives)
In Linux, you can use the tar command to create and unpack tarball archives via the command line. The tar command is highly versatile, so I recommend checking the --help page to learn about its options. Tar archives are widely used.
To extract a tar file, run the tar command with the -x flag for extraction and the -f flag to specify the file. In Figure 26, I have used the tar command to extract a tarball. The .gz extension stands for “G Zip,” which is the compression algorithm used to create the archive. LZMA2 is a newer and better compression algorithm, identified by the .xz suffix. The command principles remain the same whether dealing with tar.gz or tar.xz archives.
Figure 26. The tar command extracts the contents of a downloaded tarball.
In Figure 27, I illustrate how to use the tar command with the -c option (for “create”) to establish a new tarball.
Figure 27. Demonstration of how to create a new tarball in the terminal.
diff command (compare two code or text files side by side)
Most developers, myself included, often use the diff command to compare two text files or programs side by side or line by line. This makes it easy to spot the differences in the files.
Simply run the diff command followed by the file names of the items that you wish to compare, as can be seen in Figure 29.
But first, refer to Figure 28 to see how impractical it is to visually compare scripts after simply printing them out.
Figure 28. This shows the difficulty in trying to visually compare two small files. Can you imagine a large script with hundreds or thousands of lines of code?
Figure 29. This shows how the diff command helps to compare two files. The command tells us the lines that are different.
As we can see, the diff command shows us only the lines that have been changed between two files. The < symbol signifies a line has been removed from the first file, while the > symbol marks a line that was added to the second file. The “6c6” means that the 6th line in the first file was replaced by the 6th line in the second file. The “c” character in between the two numbers stands for “changed.”
When we run the -u (unified) option alongside the diff command, it shows the changed lines with more context, as can be seen in Figure 30. The unified format uses a minus sign (-) for removed lines and a plus sign (+) for newly added lines.
Figure 30. Output in the unified format.
Frequently Asked Questions (FAQ)
Q: What are the best Linux commands?
A: This is a tough race since there are so many great contenders. The best commands are the ones that accomplish tasks without wasting resources, both human and otherwise. Proficiency in Linux commands will greatly enhance productivity and job satisfaction.
Q: Why are Linux commands used?
A: Like their role in Windows, commands in Linux are important tools for system administration. The approach makes it possible for you to automate repetitive tasks and incorporate commands into scripts.
Additional Resources and Links
Here are several links to additional resources to help you on your way.
- Volatility3: https://volatility3.readthedocs.io/en/latest/
- Volatility3 GitHub: https://github.com/volatilityfoundation/volatility3
- GNU Sticker Book: https://www.cyberciti.biz/files/sticker/sticker_book.pdf\