Here’s a set of Useful Linux Commands I’ve historically found useful, hopefully you will too…

Check a disk

yum install smartmontools
/usr/sbin/smartctl -i /dev/sda
/usr/sbin/smartctl -t short /dev/sda
/usr/sbin/smartctl -a /dev/sda

Set FSCK at reboot

touch /forcefsck
echo AUTOFSCK_DEF_CHECK=yes>>/etc/sysconfig/autofsck

Save a cron

crontab -l>$USER+$HOSTNAME.cron

Load a cron

crontab $USER+$HOSTNAME.cron

ClamAV ERROR: Malformed database

rm -fr /usr/share/clamav/daily.cvd
rm -fr /usr/share/clamav/main.cld
rm -fr /usr/share/clamav/mirrors.dat

Setup ClamAV to update daily

echo #!/bin/sh>/etc/cron.daily/freshclam
echo /usr/local/cpanel/3rdparty/bin/freshclam --quiet>/etc/cron.daily/freshclam
chmod 755 /etc/cron.daily/freshclam

Replace strings in files

sed -e ‘s/OLDUSERNAME/NEWUSERNAME/g’ /etc/users > /etc/users2
mv -f /etc/users2 /etc/users

bash: vzctl: command not found

export PATH=$PATH:/usr/sbin:/sbin

Read exim log

tail -f /var/log/exim_mainlog

Read maillog (dovecot)

tail -f /var/log/maillog

Edit the dovecot (pop3) config

nano -w /etc/dovecot/dovecot.conf

Virus scan using clamav

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections

How to monitor the server during high load

#eg: sar -f /var/log/sa/sa`date +%d` | less

Search for string in files, out filename, and line number

grep -H -r "string here" /home/user/

Filter files

ls -allh | grep Oct | awk {'print $9'} | xargs file

Mirror an MP3 site

wget -dc -np -H --mirror -UMSIE6 -Amp3 <URL>

Archive files

tar -cf backup.tar file1.txt file2.txt file3.txt
tar -cfz backup.tar.gz dir

Search messages log for named on a certain date

cat /var/log/messages | grep named | grep "Sep 26" | grep near

Upgrading PHP on CentOS

CentOS 4

wget -q -O - | sh
yum --en=atomic update php

CentOS 5

cd /etc/yum.repos.d
yum --en=c5-testing update php

Setup NTP

yum -y install ntp
chkconfig ntpd on
/etc/init.d/ntpd start

Setup latest imagick

cvs -d :pserver:[email protected]/repository checkout pecl/imagick && cd pecl/imagick && phpize && ./configure

Find the distro

cat /etc/redhat-release

Count lines in all php files in a dir

find . -name "*.php" | xargs wc -l

Shows hard disk drives in Megs and Gigs

df -h

Find out which users are taking up disk space use

du -sh /home/*
du /home | sort -rn
du -h /home | sort -rh

Find out which OpenVZ container is taking up disk space use

du -sh /vz/private/*

Find ftp passwords

find '/home/' -type f -name '*' -size -10000k -exec grep -i -e 'ftp\:\/\/.*\:.*\@.*' {} \;

Hardware Details


apt-get install dmidecode or yum install dmidecode

Usage: dmidecode | more

echo 'Type: ' `/usr/sbin/dmidecode --string system-product-name`
echo 'Serial: ' `/usr/sbin/dmidecode --string system-serial-number`
echo 'RAM: ' `grep '^MemTotal:' /proc/meminfo | awk '{ mem=($2)/(1024)/1024 ; printf "%0.0fGB\n", mem }'`
echo 'CPU: ' `grep -c ^processor /proc/cpuinfo`x `grep 'model name' /proc/cpuinfo | uniq | awk -F': ' '{print $2}'`
echo 'HDD: ' `df -h | awk 'BEGIN {tot=0} {tot=tot+$1} END {print (tot)}'GB`

Finds .htaccess that have errordocument 401 in them

find /home/ -type f -name ‘.htaccess’ -exec grep “ErrorDocument 401” {} \; -print`

Config the firewall from an interface


Watch your messages constantly

tail -f /var/log/messages


nano /etc/sysconfig/network

Configure network


Port forwarding for VNC

/sbin/iptables -A PREROUTING -t nat -p tcp -d $NATIP --dport 5900 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to

Port forwarding for HTTPD

/sbin/iptables -A PREROUTING -t nat -p tcp -d $NATIP --dport 81 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to


chkconfig [--level <levels>] <name> <on|off|reset>

eg: chkconfig --add pure-ftpd chkconfig --level 345 pure-ftpd on



Change password via command line

requires: apt-get install whois (for mkpasswd)

usermod -p mkpasswd -H md5 password``


echo df90jk42390kd | passwd backup --stdin

Watch the httpd/monitor apache

cd /proc;watch " ls -al */cwd|grep public_html"

Monitor apache httpd logs

tail -f /usr/local/apache/logs/error_log
tail -f /usr/local/apache/logs/access_log
tail -f /usr/local/apache/logs/*


tail -f /var/log/httpd/error_log
tail -f /var/log/httpd/access_log
tail -f /var/log/httpd/*

Show all processes

This command will show all active processes in a tree view:

ps auxfc

Top 10 memory using processes

ps -auxf | sort -nr -k 4 | head -10

Using netstat

How to list the connections to port 80

netstat -alntp | grep :80

How to check the number of connections to port 80

netstat -alntp | grep :80 | wc -l

How to list the remote IPs connecting to your server on port 80

netstat -alntp | grep :80 | awk '{print $5}' | cut -d: -f1 | sort

How to list the uniq remote IPs and the number of connections from each IP

netstat -alntp | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n


Quick and dirty:

watch mysqladmin proc


Change shell

chsh <user> -s /bin/bash

This will change the shell to bash for the .

Migrate MySQL database

mysqldump tom_wp > tom_wp.sql
mysql dave_wp < tom_wp.sql

Find possible malicious code infections

grep -r "base64_decode" .
grep --include="*.php" -r "base64_decode" . | grep -v '.off' | grep -v 'virtfs' | more
grep --include="*.php" -r "String.fromCharCode" . | grep -v '.off' | grep -v 'virtfs' | more

Force Reinstall MySQL daemon

service mysqld stop
rm -fr /var/lib/mysql
mv -f /etc/my.cnf /etc/my.cnf.old
rm /var/log/mysqld.log*
yum remove mysql-server
yum install mysql-server
service mysqld start

Set the timezone

Using system-config-date

yum install system-config-date

Or, just files:

echo 'Europe/London' >/etc/timezone
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime

Setup Xdebug

yum install php-devel gcc gcc-c++ autoconf automake
pecl install Xdebug
echo "; Enable xdebug extension module" > /etc/php.d/xdebug.ini
echo ";" >> /etc/php.d/xdebug.ini
echo "zend_extension=/usr/lib/php/modules/" >> /etc/php.d/xdebug.ini

Troubleshoot /bin/rm: Argument list too long

find . -name '**' -print0 | xargs -0 rm

cPanel virus scan using clamav

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

Live tail of the cPanel error log

tail -f /usr/local/cpanel/logs/error_log

Tail the httpd error log

tail -f /etc/httpd/logs/error_log

Tail the httpd access log

tail -f /etc/httpd/logs/access_log

Force restart the HTTPD

killall httpd; /scripts/restartsrv_httpd

Restart MySQL service


Suspend/Unsuspend? a user account

/scripts/suspendacct <username>
/scripts/unsuspendacct <username>

List of all the error_log files on the server

find /home -name error_log

Find large files (over 1gb) on disk

find / -type f -size 1000000k

Force a Backup to run on cPanel

/usr/local/cpanel/bin/backup --force