Command Quick Reference
I’ve been meaning to do this for awhile now… Here’s my own list of handy commands/one-liners.
Azure - Bash
az group create --name <resourcegroupname> --location <region>
- Create a resource group in bash cloud console.
az acr create --resource-group <resourcegroupname> --name <acrinstancename> --sku Basic
- Create a new Azure Container Registry (ACR) instance. Note: The name of the ACR must be globally unique.
az group list --query "[?name=='<resourcegroupname>']" -o table
- Verify that a resource group was created.
az acr list --resource-group <resourcegroupname>
- Confirm that a new ACR was created.
Azure - Powershell
Remove-AzResourceGroup -Name "<ResourceGroupName>" -Force -AsJob
- Delete resource group and everything thing inside it.
Test-AzDnsAvailability -DomainNameLabel <custom-label> -Location '<location>'
- Quick little command to confirm if a DNS name is available (unused) within a given location.
Azure - Log Analytics Workspace Queries (Kusto)
AzureActivity
| where HTTPRequest<>dynamic({"clientIpAddress":'1.2.3.4'}) and Level == 'Information'
Azure activity logs where the client IP address is not 1.2.3.4 and the log level is not categorized as information-level severity.
SecurityEvent
| where EventID == '4625'
Rule looking for windows event id 4625 (failed login).
Docker
Docker - General Administration
docker container start <container id>
- Launches/runs a container.
docker container start --attach <container id>
- Launches/runs a container and attaches the terminal to it so we can see debug logs output on screen without having to run the logs
output.
docker exec <container id> <command>
- Run a command from within the container.
docker images
- List all locally-stored images on docker.
docker images --digests
- Lists all locally-stored images on docker by SHA-256 digest.
docker kill <container id>
- Instructs docker to terminate the container that matches the container id. The container id does not have to be a complete ID string.
docker ps
- Outputs a list of containers we've created and that are actively running.
docker ps --all
- Outputs a list of all containers created (including those that are not running).
docker ps -aq | xargs docker rm
- Generate a list of all loaded containers (just the container IDs) and then feed those ids to docker rm so that we can remove them all in one pass.
docker run <image name>:<image label>
- creates, runs, and attaches a docker container.
docker rm <container id>
- Removes a container that is stopped. It will not remove a container that it actively running.
docker rm -f <container id>
- Remove a container. This will remove a container even if it is running.
docker rmi <repository/image name>
- Removes docker image from local system.
docker search <search criteria>
- Searches docker hub registry for images.
docker search --filter is-official=true --filter stars=100 <search criteria>
- Searches docker hub registry for images but filters for images that are official and images that have a rating of 100 stars.
docker stop <container id>
- Instructs docker to gracefully stop container (if possible).
docker stop -t 0 <container id>
- Instructs docker to stop the container (non-gracefully).
docker volume ls
- List docker volumes
docker volume inspect <volume name>
- Additional details regarding volume including mount point, name, options, and scope.
Docker - Troubleshooting and performance tuning
docker inspect
- inspect the details of docker objects (output in JSON)
docker logs <container id>
- Generates recent log output for container. The container id does not have to be a complete ID string. It can be the first few characters.
docker logs <container id> --follow
- Essentially the same as tail -f
in linux. It keeps displaying real-time log output as it get generated.
docker stats
- Provides statistics on the system resource utilization of a running container. Details include things like memory usage, networking I/O, PIDs, etc.
docker system prune
- Instructs docker to remove all stopped containers, all networks not used by at least one container, all dnagling images, and unused build cache.
docker top <container id>
- Displays
Ethtool
ethtool -p <interface name>
- Blink the physical network light to signify which interface the system actually thinks is “eth0” “eth1” etc.
Git
Note: Github has an excellent cheatsheet here
git add [file]
- add a file as it looks now to your next commit (stage)
git reset [file]
- unstage a file while retaining the changes in working directory.
git commit -m "[descriptive message]"
- commit your staged content as a new commit snapshot
git rm [file]
- delete the file from project and stage the removal for commit
git status
- show modified files in working directory, staged for next commit
Java Keytool
keytool -delete -alias <cert alias> -keystore <jks keystore file>
- Deletes the certificate that has the specified alias name.
keytool -list -v -keystore <jks keystore file>
- Provides information on the certificate(s) inside a JKS file.
Kubernetes
kubectl apply -f fooexample.yaml
- Execute/install instructions from "fooexample.yaml" file.
kubectl cluster-info
- Provides information on the kubernetes cluster(s).
kubectl delete -f example.yaml
- Deletes active namespaces that are specified in a yaml file called "example.yaml".
kubectl describe pod foopod -n development
- Provides status/health related information about a pod (called "foopod" in this example) that's running in the "development" example namespace.
kubectl exec -it foopod -- /bin/sh
Request an interactive terminal (-it
) so we can run shell commands from within a pod.
kubectl get deployments -n development
- Looks for any kubernetes deployments that match the name "development"
kubectl get namespaces
- Provides information on current namespaces.
kubectl get nodes
- Provides information on the kubernetes node(s)
kubectl get pods -A
- Provides information on pods in every namespace.
kubectl get pods -n development -o wide
- Provides information on pods running in the "development" namespace. The -o wide
switch tells the system to return additional information.
kubectl get services -A
- Provides a list of services running in a cluster.
kubectl logs foopod -n development
- Provides most recent logs for pod (in this case, podname of "foopod") in the "development" namespace.
Linux - Disk Usage
df -h
- View disk partition space usage.
du -h <dir> | grep '[0-9\.]\+G'
- Return disk space usage for directories consuming 1 GB or more.
Linux - DNS
dig @<nameserver><common name><record type> +short
- Returns just the IP/data for the record.
Linux - ftp
get <filename>
- Retrieve a file and store it locally on the client machine.
Linux - Kernel Information
uname -a
- Provides general information about the linux kernel, system hostname, etc.
cat /proc/cmdline
- Provides information on the booted kernel parameters / flags.
Linux - miscellaneous
hashid <hash value>
- Analyze a hash and determine which hashing algorithm could be used to generate it.
Linux - modprobe
modprobe -q vmxnet3 && echo "vmxnet3 installed" || "vmxnet3 not installed"
- Confirm if vmxnet3 network driver is installed.
Linux - netcat
nc -nvlp <port>
Create a netcat listener for inbound connections on a specific port.
Linux - openssl
openssl s_client -cert <path to tls cert> -connect <remote mail server fqdn or ip>:25 -starttls smtp -state -msg | tee <log file path>
- Debugs SMTP starttls negotiation.
openssl s_client -connect <remote host>:<destination port>
- Debugs the HTTPS transaction between client and remote host.
openssl x509 -noout -in cert.pem -dates
- Returns the dates that a pem formatted certificate is valid for.
openssl s_client -connect google.com:443 -tls1_2
- Tests to see if a remote site can support TLS 1.2. The -tls1_1 and -tls1 arguments can be used instead too.
Linux - User, Group, and Process Information
adduser foouser --ingroup sudo
- Create a new local user and add them to the sudo admin group.
find / -group foo 2>/dev/null
- Starting with the root directory (/), search for any files that belong to a group called "foo".
ps -eo pid,ppid,rss,vsize,pcpu,pmem,cmd -ww –sort=pid | grep -i <command that corresponds to process> | grep -iv grep
- Provides the process details for a specific process that matches the grep search. Details include: process id, parent process id, non-swapped physical memory being used (in kB), swapped memory being used, CPU utilization, physical memory utilization, and command path. Also uses an inverse grep search to eliminate the grep search itself from the output.
id
- Provides information on the user ID and group ids that the issuing user belongs to.
Linux - rsync
rsync --list-only <target_ip>::
Connect to target machine and list all available directories.
Linux - Searching
grep -iv <search string><file path>
Returns case insensitive entries that DON’T match the search string.
Linux - sendmail
for x in `find . -type f -name “qf*” | xargs grep -l [email protected] | cut -b3-`; do y=d`echo $x | cut -b2-`; mv $x /root/loopingmessages; mv $y /root/loopingmessages/; done`
- Search QF header files for an email address, identify corresponding df counter-part, and move both of the files to a looping message directory. (Huge thanks to Zack Train on this one).
Linux - System Info
dpkg-reconfigure tzdata
- Change system time zone in Ubuntu server.
hostnamectl set-hostname foohost
- Change hostname on Ubuntu server to "foohost".
lsb_release -a
- Display system information on linux distributor ID, description, release version, and codena
Linux - ufw
sudo ufw allow from <source IP, subnet, or "any"> to <destination ip, subnet, or "any"> port <destination port> proto <tcp|udp>
rule syntax for allowing traffic for a specific port/protocol via ufw firewall. Note: all ufw rule changes happen immediately and are persistent
sudo ufw delete <full rule command>
- delete rule from rule list
sudo ufw disable
- Shuts down ufw firewall
sudo ufw enable
- Starts/enables ufw firewall
sudo ufw status verbose
- Displays the status of ufw and what rules are configured.
minikube
minikube update-check
- Check for the current version of minikube installed on system and compare that with the latest available version.
mongodb
db.<collectionName>.find().pretty();
- Display the contents of a mongodb collection and format the data to look better.
use <databaseName>;
- Select a database to perform queries.
show collections;
- Query the list of collections stored in a mongodb database.
show dbs;
- List local databases
nmap
nmap -p- --min-rate=1000 -sV <target_ip>
- Run a nmap scan looking for all TCP ports (0-65535) and attempt to determine the version of the service running on the port. Send a minimum of 1000 packets per second (to speed up progress of scan) .
Postgresql
\c <database name>
or \connect <database name>
- Tells the system that we want to connect to a specific database.
\l
or \list
- List the existing databases