force filesystem check on next boot


touch /forcefsck

Socket programming with /dev/tcp


exec 3<>/dev/tcp/
echo -e "GET / HTTP/1.1\n\n" >&3
cat <&3

See what services are using a particular port

Run as root:


lsof -w -n -i (tcp|udp):<port>



netstat -luntp

See if hard drive is on its last legs


smartctl -H /dev/sda

Get reboot/shutdown history


last -x

Date utility


# Get the date from a timestamp
date -d @$TIMESTAMP
# Get the current time as a timestamp
date +%s

Find all files with a setuid/setgid bit set


find / -perm +6000 -type f -exec ls -ld {} \; > setuid.txt &

Burn an ISO from the command prompt


cdrecord -v -data image.iso

Delete user, their home directory, and their mailbox


userdel -r [user]

Add user, home directory


useradd -m [user]

Create system user


useradd -r [user]

See password policies for user


chage -l [user]

Fixing missing shared library

Find files changed in the past day


find . -ctime -1 -type f

Disable caps lock


setxkbmap -option ctrl:nocaps

Set time on machine that doesn't have NTP


date --set="$(ssh user@server date)"

Inter-user communication


# Get list of logged in users
# Send message to all users
wall [message]
# Send message to another user's terminal
write user [ttyname]
# Enable/disable terminal message
mesg [n|y]


System call table located at /usr/include/asm/unistd.h
Red Hat syscall man pages installed with man-pages RPM. man 2 syscalls for a list, man 2 <syscall> for the syscall.

Put syscall in EAX, put arguments in other ExX registers, call the interrupt, result usually in EAX

Get filesystems kernel can use


cat /proc/filesystems

Get kernel command line arguments


cat /proc/cmdline

ip command

ifconfig is deprecated, ip was added in Linux 2.2


# Get IP address
ip addr
# Get network interface stats
ip link
# Get network interface packet stats
ip -s link

# Enable interface
ip link set eth0 up
# Set IP address
ip address add dev eth0

# Show routing table
ip route show

Sneaking around the open file limit

Open a pair of domain sockets (with socketpair) that connect to the same
process. Throw the FD in one end, close the FD, then read it out of the other
end. Recursively add the ring buffers...

PipeFS, SockFS, DebugFS, SecurityFS

Kernel resources