awk '{print $1}' file.txt                           # print first column
awk -F: '{print $1, $7}' /etc/passwd                # usernames and shells from passwd
awk '{sum+=$1} END {print sum}' numbers.txt         # sum the first column
awk '$9 >= 500' /var/log/apache2/access.log         # HTTP 5xx errors
awk '{counts[$1]++} END {for (k in counts) print counts[k], k}' ips.txt  # count by key

cat file1.txt file2.txt                 # combine two files
cat -n file.txt                         # print with line numbers
cat /dev/null > file.txt                # empty a file without deleting it

cut -d: -f1 /etc/passwd                 # extract usernames
cut -d: -f1,7 /etc/passwd               # extract usernames and shells
cut -f1-3 report.tsv                    # first three tab-delimited fields
cut -c1-32 checksums.txt                # first 32 characters (md5sum width)

diff file1.txt file2.txt                            # basic comparison
diff -u config.old config.new                       # unified diff for reviewing changes
diff -r dir1/ dir2/                                 # compare two directories
diff <(sort file1.txt) <(sort file2.txt)            # compare sorted versions

grep "Failed password" /var/log/auth.log            # find failed SSH logins
grep -c "ERROR" /var/log/app.log                    # count error lines
grep -r "PermitRootLogin" /etc/ssh/                 # search SSH config recursively
grep -v '^#' /etc/nginx/nginx.conf | grep -v '^$'  # non-comment, non-blank lines
grep -E '^(web|db|cache)-[0-9]+' /etc/hosts        # match server naming patterns

head -20 /var/log/syslog                # first 20 lines
ls /bin | head -5                       # first 5 filenames
head -3 access.log | wc -w             # count words in first 3 lines

md5sum /etc/passwd                                  # compute hash
md5sum *.txt | cut -d' ' -f1 | sort | uniq -c       # find duplicate files
md5sum -c checksums.md5                             # verify a list of files

paste names.txt scores.txt                          # tab-delimited columns
paste -d, first.txt last.txt                        # comma-delimited
paste -d '\n' evens.txt odds.txt                    # interleave lines
paste <(seq 1 5) <(seq 6 10)                        # combine generated sequences

rev /etc/shells | cut -d/ -f1 | rev     # extract last path component from each line
echo "hello" | rev                       # olleh

sed 's/old/new/g' file.txt                          # replace all occurrences
sed -i 's/old-host/new-host/g' config.conf          # in-place replacement
sed '/^#/d' config.conf                             # delete comment lines
sed -n '5,10p' /var/log/syslog                      # print lines 5 through 10
sed -n '/ERROR/p' app.log                           # print error lines only
echo "2025-03-29" | sed 's/\([0-9]*\)-\([0-9]*\)-\([0-9]*\)/\3\/\2\/\1/'  # reformat date

sha1sum /etc/ssh/sshd_config                        # compute a hash before editing
sha1sum deployment.tar.gz                           # verify a downloaded archive
sha1sum -c published_checksums.txt                  # batch verification

sort /etc/hosts                                     # alphabetical sort
sort -rn numbers.txt                                # numeric descending
sort -k3 access.log                                 # sort by third field
sort -u /var/log/ips.txt                            # sorted, unique IPs
cut -f1 grades | sort | uniq -c | sort -rn          # grade frequency analysis

tac /var/log/apache2/access.log | head -20          # most recent 20 log entries
tac changelog.txt                                   # read a changelog newest-first

tail -f /var/log/nginx/error.log                    # live log monitoring
tail -n 50 /var/log/syslog                          # last 50 lines
tail -n +3 /etc/hosts                               # from line 3 to end
tail -F /var/log/app.log                            # follow through log rotation

echo $PATH | tr ':' '\n'                            # print PATH entries one per line
echo "HELLO" | tr '[A-Z]' '[a-z]'                   # convert to lowercase
echo "hello world" | tr -d ' '                      # remove spaces
echo "a   b" | tr -s ' '                            # squeeze multiple spaces to one

sort ips.txt | uniq                                 # unique IP addresses
sort access.log | uniq -c | sort -rn                # most frequent log entries
awk '{print $9}' access.log | sort | uniq -c | sort -rn | head  # HTTP status codes

wc -l /var/log/auth.log                             # line count
wc -w /etc/nginx/nginx.conf                         # word count
ls -1 /etc | wc -l                                  # number of entries in a directory
grep "ERROR" app.log | wc -l                        # count error lines

cd /var/log                     # absolute path
cd ..                           # parent directory
cd -                            # previous directory
cd                              # home directory
cd ~user                        # home directory of another user

chmod +x deploy.sh                                  # make a script executable
chmod 755 /usr/local/bin/myscript                   # standard executable permissions
chmod 644 /etc/app/config.conf                      # standard config file permissions
chmod -R 750 /var/app/                              # recursive, owner and group only

chown alice file.txt                                # change owner to alice
chown alice:developers project/                     # change owner and group
chown -R www-data:www-data /var/www/html/           # fix web server file ownership

chgrp developers /var/app/config.conf
chgrp -R staff /shared/docs/

cp config.conf config.conf.bak                      # back up a file before editing
cp -a /var/www/html/ /var/www/html.backup/          # archive copy of a directory
cp -r /etc/app/ /tmp/app_backup/                    # recursive copy

df -h                                               # all mounted filesystems
df -h /var                                          # usage for a specific mount
df -h / | awk 'NR==2 {print $5}'                    # root disk usage percentage

find /etc -name "*.conf" -type f                    # config files in /etc
find /var -size +50M                                # large files
find /home -mtime -1 -type f                        # files changed today
find /tmp -type f -mtime +7 -delete                 # clean up old temp files
find / -name "authorized_keys" 2>/dev/null          # locate SSH authorized key files

ls -lh /var/log                                     # long listing with sizes
ls -lt /etc | head -10                              # 10 most recently modified files
ls -la ~                                            # all files including hidden
ls -1 /etc | wc -l                                  # count files in a directory

mkdir /var/app/logs                                 # create a directory
mkdir -p /var/app/{logs,config,data}                # create multiple directories with parents
mkdir -p deploy/{staging,production}/configs        # nested structure in one command

mv config.conf config.conf.bak                      # rename a file
mv *.log /var/archive/                              # move files to another directory
mv /tmp/new_config.conf /etc/app/config.conf        # deploy a new config

namei -l /etc/nginx/nginx.conf              # check permissions on every path component
namei -l /home/ryan/scripts/hosts.txt       # diagnose permission denied on a deeply nested file

rm old_report.txt                                   # delete a file
rm -i *.tmp                                         # delete with confirmation
rm -rf /tmp/build_cache/                            # force-delete a directory tree

tar -czf backup.tar.gz /var/www/html/               # create a compressed archive
tar -xzf backup.tar.gz                              # extract
tar -tzf backup.tar.gz                              # list contents
tar -czf "${HOSTNAME}_logs_$(date +%Y%m%d).tar.gz" /var/log   # timestamped log archive

touch new_file.txt                                  # create an empty file
touch -t 202501010000 file.txt                      # set a specific timestamp
touch file{0..999}.txt                              # create 1000 empty files at once

bg                  # resume the most recently suspended job
bg %2               # resume job number 2

fg                  # foreground the most recent job
fg %1               # foreground job number 1

jobs                # list jobs with status
jobs -l             # include process IDs

kill 12345                      # send SIGTERM to process 12345
kill -9 12345                   # force-kill
kill %1                         # kill background job 1
kill -l                         # list all signals

ps aux                                              # all processes
ps aux | grep nginx                                 # find nginx processes
ps aux --sort=-%mem | head -10                      # top 10 by memory usage
ps -ef | grep "[p]ython"                            # find Python processes (brackets avoid matching grep itself)

sleep 5                         # pause for 5 seconds
sleep 0.5                       # pause for half a second
sleep 2h                        # pause for 2 hours (suffixes: s, m, h, d)

timeout 5s ping -c 1 host                           # kill ping if it hasn't finished in 5 seconds
timeout 5s ping -c 1 -W 1 "${host}" &> /dev/null   # reachability check with hard deadline
timeout -s SIGKILL 10s ./long-running-script.sh     # force-kill after 10 seconds

arp -a                          # display the ARP table

arp-scan 172.16.10.10 -I br_public
Interface: br_public, type: EN10MB, MAC: de:06:27:4e:8b:01, IPv4: 172.16.10.1
Starting arp-scan 1.10.0 with 1 hosts (https://github.com/royhills/arp-scan)
172.16.10.10    ea:21:3b:d3:be:cd    (Unknown: locally administered)

1 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 1 hosts scanned in 0.348 seconds (2.87 hosts/sec). 1 responded

arp-scan 172.16.10.0/24 -I br_public
Interface: br_public, type: EN10MB, MAC: de:06:27:4e:8b:01, IPv4: 172.16.10.1
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
172.16.10.10    ea:21:3b:d3:be:cd    (Unknown: locally administered)
172.16.10.11    1a:94:51:d8:e2:ee    (Unknown: locally administered)
172.16.10.12    86:5e:f8:1d:71:1b    (Unknown: locally administered)
172.16.10.13    ca:3b:ee:2b:b8:5d    (Unknown: locally administered)

4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.004 seconds (127.74 hosts/sec). 4 responded

arp-scan -f files/172-16-10-hosts.txt -I br_public
Interface: br_public, type: EN10MB, MAC: de:06:27:4e:8b:01, IPv4: 172.16.10.1
Starting arp-scan 1.10.0 with 254 hosts (https://github.com/royhills/arp-scan)
172.16.10.10    ea:21:3b:d3:be:cd    (Unknown: locally administered)
172.16.10.11    1a:94:51:d8:e2:ee    (Unknown: locally administered)
172.16.10.12    86:5e:f8:1d:71:1b    (Unknown: locally administered)
172.16.10.13    ca:3b:ee:2b:b8:5d    (Unknown: locally administered)

4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 254 hosts scanned in 1.972 seconds (128.80 hosts/sec). 4 responded

curl https://example.com/api/health                 # check an endpoint
curl -O https://example.com/file.tar.gz             # download a file
curl -s https://api.example.com/status | jq .       # parse JSON response
curl -I https://example.com                         # inspect response headers

ip addr show                            # list all interfaces and IP addresses
ip addr show eth0                       # show a specific interface
ip route                                # display the routing table
ip link show                            # show link status for all interfaces

netstat -an | grep :80                              # connections on port 80
netstat -tlnp                                       # listening TCP ports with process info
ss -tlnp                                            # modern equivalent with ss

nmap -sn 172.16.10.0/24                         # discover live hosts on a subnet

# extract just the IP addresses from a ping scan
nmap -sn 172.16.10.0/24 | grep "Nmap scan" | awk -F'report for ' '{print $2}'

ping google.com                         # continuous ping until interrupted
ping -c 4 192.168.1.1                   # send exactly 4 packets
ping -c 1 -q 10.0.0.1                   # quiet single-packet reachability check
ping -c 5 -i 0.2 host                   # fast ping: 5 packets, 0.2s apart

scp file.txt user@host:/tmp/                        # copy to remote machine
scp user@host:/var/log/app.log /tmp/                # copy from remote machine
scp -r ./configs/ user@host:/etc/app/               # recursive copy

ssh user@host                                       # interactive session
ssh user@host ps aux                                # run a single command
ssh user@host bash < ./deploy.sh                    # run a local script remotely
echo "df -h" | ssh -T user@host                     # pipe a command to SSH

wget https://example.com/file.tar.gz                # download a file
wget -q -O /tmp/status.json https://api.example.com/status  # quiet, custom filename

cal                     # current month
cal 2025                # full year calendar
cal 3 2025              # March 2025

date                                    # current date and time
date +%Y-%m-%d                          # ISO 8601 date
date +%s                                # Unix epoch timestamp
date --date "2 weeks ago" +%Y-%m-%d     # date relative to today

iostat                          # summary since boot
iostat 2 5                      # report every 2 seconds, 5 times

last                            # all logins
last -n 20                      # last 20 logins
last alice                      # login history for user alice
last reboot                     # system reboots

mount                           # list all mounted filesystems
mount | grep /var               # check if /var is mounted

sar 1 5                         # CPU usage every second, 5 times
sar -r 1 5                      # memory usage
sar -d 1 5                      # disk activity

uname -a                        # full system information
uname -r                        # kernel version

vmstat                          # snapshot
vmstat 2 5                      # report every 2 seconds, 5 times

w                               # logged-in users with activity
w alice                         # activity for a specific user

who                             # current users
who am i                        # your own login info: name, terminal, login time, and origin

whoami                          # useful in scripts to check if running as root
[ "$(whoami)" = "root" ] || { echo "Must run as root" >&2; exit 1; }

alias                           # list all aliases
alias ll="ls -lh"               # define an alias
alias rm="rm -i"                # safer rm
unalias ll                      # remove an alias

export PATH=$HOME/bin:$PATH     # extend PATH
export DB_HOST=db.internal      # pass configuration to scripts
export EDITOR=vim               # set default editor

history                         # all history
history 20                      # last 20 commands
history | grep ssh              # filter history
history -c                      # clear history

printenv                        # all environment variables
printenv PATH                   # a specific variable
printenv | sort                 # sorted listing

read -p "Enter hostname: " HOST
read -s -p "Password: " PASS
readarray -t LINES < /etc/hosts

seq 1 10                        # 1 to 10
seq 0 2 20                      # 0, 2, 4, ... 20
seq -w 1 10                     # zero-padded: 01, 02, ... 10
seq -s, 1 5                     # 1,2,3,4,5 (comma-separated)

set                             # list all variables
set -x                          # enable debug output (trace commands)
set +x                          # disable debug output
set -e                          # exit on error
set -u                          # treat unset variables as errors

source ~/.bashrc                # reload shell configuration
source ./env.sh                 # load environment variables into current shell
. ~/.bashrc                     # shorthand for source

type ls                         # ls is /usr/bin/ls
type cd                         # cd is a shell builtin
type ll                         # ll is aliased to `ls -lh`
type if                         # if is a shell keyword
type -t cat                     # print type only: "file"

which python3                   # /usr/bin/python3
which bash                      # /usr/bin/bash

find . -name "*.py" -print0 | xargs -0 wc -l           # line count across all Python files
cat servers.txt | xargs -I {} ssh {} uptime             # run uptime on each server
find . -name "*.log" -print0 | xargs -0 grep "ERROR"   # search logs with null separators
ls *.jpg | xargs -n1 -I {} convert {} -resize 800x {}_thumb.jpg  # batch image resize

chgrp developers /var/app/                          # change group
chgrp -R staff /shared/docs/                        # recursive

passwd                          # change your own password
sudo passwd alice               # change another user's password (as root)