Master Essential Linux Shell Commands and Scripts for System Ops

1. Move all *.tar files to a backup directory

Find every file ending with .tar in the current directory and move it to ./backup/:

find . -name "*.tar" -exec mv {} ./backup/ \;

2. Common find options and a log‑cleanup example

Useful find flags: -mtime – filter by modification time -type f – restrict to regular files -size – filter by file size

Example: delete log files older than 30 days that are larger than 100 MiB:

find . -name "*.log" -mtime +30 -type f -size +100M | xargs rm -rf

3. Batch unzip all .zip files

Iterate over every .zip file and extract it to a target directory:

for i in $(find . -name "*.zip" -type f); do
    unzip -d /data/www/img/ "$i"
done

4. Frequently used sed one‑liners (example file: test.txt )

Remove the first character of each line: sed -i 's/^\.//g' test.txt Add an a at the beginning of each line: sed 's/^/a/' test.txt Add an a at the end of each line: sed 's/$/a/' test.txt Append a c after lines containing wuguangke: sed '/wuguangke/a c' test.txt Insert a c before lines containing wuguangke:

sed '/wuguangke/i c' test.txt

5. Test for a directory, create if missing

if [ ! -d /data/backup/ ]; then
    mkdir -p /data/backup/
else
    echo "The directory already exists"
fi

6. Monitor root‑partition usage and email when ≥90 %

Periodically check disk usage; if any partition reaches 90 % or more, send an alert email:

while sleep 5m; do
    for i in $(df -h | awk 'NR>1 {print $5}' | sed 's/%//g'); do
        if [ "$i" -ge 90 ]; then
            echo "Root partition usage $i% – please check!" |
                mail -s "Warning: Disk usage $i%" [email protected]
        fi
    done
 done

7. Top 20 IPs from an Nginx access log

cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20

8. Modify SELinux configuration with sed

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

9. Print maximum and minimum values from a file

Maximum value: sort -nr a.txt | head -1 Minimum value:

sort -n a.txt | head -1

10. Retrieve SNMP data (v2c)

snmpwalk -v2c -c public 192.168.0.241

11. Replace a suffix using sed

sed -e 's/jk$/yz/g' b.txt

12. Basic tcpdump captures

Capture HTTP traffic from a specific host: tcpdump -nn host 192.168.56.7 and port 80 Capture all traffic except a given host:

tcpdump -nn host 192.168.56.7 or ! host 192.168.0.22 and port 80

13. Show the 20 most frequently used commands

cat .bash_history | grep -v '^#' | awk '{print $1}' |
    sort | uniq -c | sort -nr | head -20

14. Delete *.log files older than three days

find . -mtime +3 -name "*.log" | xargs rm -rf

15. Move files larger than 100 kB to /tmp

find . -size +100k -exec mv {} /tmp \;

16. Simple firewall script allowing only port 80

iptables -F
iptables -X
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j REJECT

One‑liner alternative:

iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

17. Nginx log statistics – top 10 IPs

Merge rotated logs, then count IP occurrences:

cd /home/logs/nginx/default
sort -m -k4 -o access.logok access.1 access.2 access.3 ...
cat access.logok | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -10

18. Replace a directory path in a file with sed

sed -i 's:/usr/local:/tmp:g' test.txt