Basically i am talking about Linux terminal and without installing any new programs. I will also not use any programming languages. I am not digging into regexp details, please refer to their documentations. Many programs have their own regexp and syntax so I usually pipe the output to the input of egrep or such to satisfy my needs. This document is for reference and only states how i use them. These are obviously not the only ways.
1. ls (dir also does things similar) : List the contents. Ls is the first command I use to search in Linux. Obviously the very basic but also, very useful if you know in which directory your file is. This command was written partly by Richard stallman himself. To do a simple search just type ls followed by the file name. Other examples: # To search file names with a fixed file-type (Using Wildcard)# Here I am searching for mp3 files in my current directory
ls -C *.mp3
* this matches everything that has a ‘.mp3’ anywhere in the filename and puts it in a column (-C).
# To search for file whose filetype and first starting character I remember
# I am searching for mp3 files whose first character is y
ls | egrep ‘^[Yy].*.mp3$’
* this matches everything starting(‘^’ for starting character) with a ‘Y or y’ and any number (here ‘*’ for any number of times) of character (here ‘.’ for any character) following it which ends in “.mp3” (here $ as end of line).
2. locate : Locate is a command line file search utility which finds file by it’s name until regexp is used. Unlike ls, locate searches for files in all directories. But it has a major drawback. It uses a database(‘/var/lib/mlocate/mlocate.db’) to search from, which might not be updated all the time. # To update the database use
updatedb 3. who (also, finger and w) : While a little different, it searches for users who are logged into the computer right now. Finger provides a little more detail
# To find out who logged into the system after the computer booted type:
who -a -H
4. whatis (apropos and man) : These commands searches for discription about some binaries, files whose manual pages are available. It is very useful to find out if an application is installed which additionally displays descriptions (short description in whatis and broader and long description in apropos and a complete manual with man) of the application. whatis and apropos supports regex and wildcards. # To find out if ls is installed in your system with whatis type:
whatis ls
# To do the same with apropos
apropos -e ls
5. whereis : Whereis searches for binary files, source files and manual pages about the binary or source.
It is useful to find out where a binary is located and where is it executed from. It doesnot support regex and wildcards.
# To find out where ls is located type
whereis ls 6. find: The most advance tool to search from command line installed by default is find. It searches for files in a directory hierarchy. # Ls like command from Find
find Desktop/ -print # Starting from root Find file with filename
find / -name fname
# Starting from root find string ‘fname’ in a filename
find / -name “*fname*”
# To Find all setuid and setgid programs on your host
sudo find / -type f -perm +6000 -ls 2>/dev/null * “Set-user-ID root” programs run as the root user, regardless of who is executing them,
and are a frequent cause of buffer overflows. So, I’ll find them to remove selected ones.
# Find all world-writable files on your system
sudo find / -perm -2 ! -type l -ls 2>/dev/null
* The stderr (here ‘2’) is sent to (with ‘>’) /dev/null (a null file in linux). # Identify all files that do not have an owner or belong to a group
sudo find / -nouser -o -nogroup
# Suppose that, I want to find out a file whose name I don’t remember but could decide which file it is by viewing the first line find Desktop/ -print0 | xargs -0 head –lines 1 2>/dev/null
* Find prints full filenames of Desktop to stdout followed by null character. Which is piped to xargs which manages spaces and characters and blissfully redirects the output to child processes that prints 1 line from it’s start which are created every-time a filename is encountered.
7. ps:ps displays information about a selection of the active processes. If
you want a repetitive update of the selection and the displayed
information, use top instead. Other ps like commands are (top,pgrep and pstree)
# To see every process in the system
ps -ef
# To print a process tree
ps -ejH or a beautiful one with ps -ef –forest
# To see every process running as root
ps -U root -u root u
# Send Termination signal to Process ‘MySql’ after finding it’s id
sudo kill -s TERM ‘ps -C mysqld -o pid=’
# Sort according to cpu usage
ps u -e –sort cp
# Sort according to memory uses
ps u -e –sort pmem 8. netstat: Netstat prints information about the Linux networking subsystem. # To display a complete information
netstat
# To display information interface wise
netstat -i
# To display information about routing
netstat -r # Show network statistics
netstat -s
# Display lsof type result
netstat -p
9. proc: Proc file system is a pseudo-file system which is a kernel and process information gathering virtual filesystem. To access a process and it’s information use syntax: “/proc/[pid]/…” # To Find a processes status
cat /proc/[pid]/stat
# To find the command line for a process
cat /proc/[pid]/cmdline
# To find the environment variable of the process
(cat /proc/1/environ; echo) | tr ’00’ ‘\n’
# To fetch information about your battery where BAT0 is battery id
cat /proc/acpi/battery/BAT0/info
# To fetch information about your cpu
cat /proc/cpuinfo
# To fetch information about filesystems in your computer
cat /proc/filesystems
# An alternative to fstab
cat /proc/mounts
10. lsof :
# List open files used by internet
lsof -i
# List files opened by internet and used by example.com and port 20
lsof -i @example.com:20
# List all open files on device sda1
lsof /dev/sda1
Leave a comment