Essential Linux Command Cheat Sheet: Find, Move, Sed, Monitoring & More

1. Find all .tar files in the current directory and move them to a backup folder: find . -name "*.tar" -exec mv {} ./backup/ ; Explanation: find -name searches by filename; -exec or xargs can act on results. Additional options include -mtime for modification time, -type for file type (f for file, d for directory), and -size for size.

2. Find and delete log files older than 30 days and larger than 100M:

find . -name "*.log" -mtime +30 -type f -size +100M | xargs rm -rf {} ;

3. Batch unzip all .zip files in the current directory to a target directory:

for i in $(find . -name "*.zip" -type f); do
    unzip -d $i /data/www/img/
 done

Note: the for …; do …; done construct iterates over the list returned by find.

4. Common sed one‑liners (example file test.txt):

Remove the first character of each line: sed -i 's/^.{1}//' test.txt Prefix each line with “a”: sed 's/^/a/' test.txt Append “a” to the end of each line: sed 's/$/a/' test.txt After a specific line, insert “c”: sed '/pattern/a c' test.txt Before a specific line, insert “c”: sed '/pattern/i c' test.txt Refer to the sed manual for more commands.

5. Check if a directory exists; create it if missing, otherwise print a message:

if [ ! -d /data/backup/ ]; then
    mkdir -p /data/backup/
else
    echo "The directory already exists, please exit"
fi

6. Monitor root partition usage and send an email when usage reaches 90 %:

while sleep 5m; do
    for i in $(df -h | awk 'NR>1 {print $5}' | sed 's/%//g'); do
        if [ $i -ge 90 ]; then
            echo "Root partition usage is $i%, please check!" | mail -s "Disk warning $i%" [email protected]
        fi
    done
 done

7. List the top 20 IP addresses by request count in an Nginx access log:

cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20

8. Replace SELinux mode from enforcing to disabled in its config file:

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

9. Print the maximum and minimum values in a file:

cat a.txt | sort -nr | awk 'NR==1{max=$1} END{print "max:",max}'

Another approach using sed and sort is also shown.

10. Use SNMP to query a device (v2c community “public”): snmpwalk -v2c -c public 192.168.0.241 11. Replace lines ending with “jk” by “yz” in a text file: sed -e 's/jk$/yz/g' b.txt 12. Capture network traffic with tcpdump : tcpdump -nn host 192.168.56.7 and port 80 Additional examples show how to exclude a host or port.

13. Show the 20 most frequently used commands from Bash history:

cat .bash_history | grep -v '^#' | awk '{print $1}' | sort | uniq -c | sort -nr | head -20

14. Find *.log files older than three days and delete them:

find . -mtime +3 -name "*.log" | xargs rm -rf {} ;

15. Move files larger than 100 KB from a directory to /tmp: find . -size +100k -exec mv {} /tmp ; 16. Simple firewall script allowing only remote access to port 80:

iptables -F
iptables -X
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j REJECT

Alternative rule using connection tracking is also provided.

17. Nginx log analysis to list the top 10 IP addresses:

cat /home/logs/nginx/default/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -10