Linux – Advanced Commands

Show status of ethernet interface eth0:
ethtool eth0

List addresses for interfaces:
ip addr show (OR) ip a

Set default gateway:
ip route add default via

List routing table:
ip route show

Add (or del) ip and mask (

ip addr add brd + dev eth0

Text Manipulation:

Replace string1 with string2:
sed ‘s/string1/string2/g’

Modify anystring1 to anystring2:
sed ‘s/\(.*\)1/\12/g’

Remove comments and blank lines:
sed ‘/ *#/d; /^ *$/d’

Case conversion:
echo ‘Test’ | tr ‘[:lower:]’ ‘[:upper:]’

List processes by memory(KB) usage:
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS


11572 /usr/local/apache/bin/httpd -k restart -DSSL
11896 /usr/local/apache/bin/httpd -k restart -DSSL
15228 tailwatchd
19404 MailScanner: starting child
22032 MailWatch SQL
27652 /usr/sbin/named -u named

Processes by CPU usage:
ps -e -o pcpu,cpu,nice,state,cputime,args –sort pcpu | sed ‘/^ 0.0 /d’


0.1 – 0 S 00:00:00 /usr/local/apache/bin/httpd -k restart -DSSL
0.1 – 0 S 00:00:00 /usr/local/apache/bin/httpd -k restart -DSSL
0.1 – 0 S 00:00:00 /usr/local/apache/bin/httpd -k restart -DSSL
0.1 – 0 S 09:40:37 [kjournald]

List processes in a hierarchy:
ps -e -o pid,args –forest

Show system reboot history:
last reboot

List paths that process id has open:
lsof -p $$

List processes that have specified path open:

lsof /home

Find the php files and change the permissions using find command:
find . -type f -name \*.php -exec chmod 644 {} \;

Find the full permission folders and change the permissions using find command
find . -type d -perm 777 -exec chmod 755 {} \;

List the number of current connections(top 10) of port 80 (with IP):
netstat -tn|grep :80|awk ‘{print $5}’|cut -d: -f1|sort|uniq -c|sort -rn|head

This command will list the IP’s which are currently using the mentioned port-80(http) and the number of connections of that too.


To remove apache Semaphores:
ipcs -s | grep nobody | perl -e ‘while (<STDIN>) { @a=split(/\s+/); print `ipcrm sem $a[1]`}’

This command will remove the apache semaphores.
Note: This will stop the apache and you need to start the apache again.

SCP with different port:

scp -P 25873 libfaad0-2.6.1-13.el5.x86_64.rpm root@

SCP with nohup:
nohup scp -P 52783 -r library root@ &

rsync -vrplogDtHe ‘ssh -p 25873’ /var/www/vhosts/rsync_test root@ >/dev/null 2>&1

To Find out which account originates SPAM:
ps -C exim -fH eww | grep home