A curated list of the most important Linux commands for cybersecurity work, from basic file operations to advanced network analysis.
File System Navigation
ls -la # List all files including hidden, with details
cd /var/log # Navigate to log directory
find / -perm -4000 2>/dev/null # Find SUID binaries
Network Commands
ip a # Show network interfaces
ss -tulnp # Show listening ports
netstat -antup # Alternative to ss
tcpdump -i eth0 -w capture.pcap # Capture network traffic
Process Management
ps aux # List all running processes
top # Real-time process monitor
kill -9 <PID> # Force kill a process
User & Permission Management
whoami # Current user
id # User ID and group info
sudo -l # List sudo permissions
chmod 755 script.sh # Set file permissions
Log Analysis
tail -f /var/log/auth.log # Monitor auth logs in real time
grep "Failed" /var/log/auth.log # Find failed login attempts
journalctl -xe # System logs
Bonus: One-Liners for Security
# Find world-writable files
find / -writable -type f 2>/dev/null
# Check for running cron jobs
crontab -l && cat /etc/crontab
# Quick port scan with bash (no nmap needed)
for port in {1..1000}; do (echo >/dev/tcp/10.10.10.50/$port) 2>/dev/null && echo "Port $port open"; done
These commands form the foundation of any security professional’s toolkit. Practice them regularly and they’ll become second nature.