Master Essential Linux Shell Commands for File Management, Monitoring, and Automation

1. Find all .tar files in the current directory and move them to a backup folder:

find . -name "*.tar" -exec mv {} ./backup/ ;

Note: find -name searches by filename; -exec or xargs can act on the results. Common extensions include -mtime for modification time, -type for file type, and -size for size filtering.

2. Find and delete .log files older than 30 days and larger than 100 MB:

find . -name "*.log" -mtime +30 -type f -size +100M | xargs rm -rf {};

3. Batch unzip all .zip files in the current directory to a target directory:

for i in `find . -name "*.zip" -type f`
do
  unzip -d $i /data/www/img/
done

Explanation: the for i in (command); do … done loop iterates over each found file.

4. Common sed operations (example file: test.txt):

Remove the first character of each line: sed -i 's/^.{1}//g' test.txt Add an a at the beginning of each line: sed 's/^/a/g' test.txt Add an a at the end of each line: sed 's/$/a/' test.txt Append a c after a specific line: sed '/pattern/a c' test.txt Insert a c before a specific line: sed '/pattern/i c' test.txt Refer to the sed documentation for more commands.

5. Check if a directory exists; create it if not, otherwise print a message:

if [ ! -d /data/backup/ ]; then
  mkdir -p /data/backup/
else
  echo "The Directory already exists, please exit"
fi

Note: ! -d means the directory does not exist.

6. Monitor root partition usage and send an email alert when usage reaches 90%:

# Print root partition usage percentage
usage=$(df -h | awk 'NR==2 {print $5}' | tr -d '%')
while sleep 5m; do
  if [ "$usage" -ge 90 ]; then
    echo "More than 90% disk space used, please check!" | mail -s "Disk Warning $usage%" [email protected]
  fi
done

Explanation: awk '{print $5}' extracts the fifth field; -F sets a field separator.

7. List the top 20 IP addresses by request count from an Nginx access log:

cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20

Key tools: sort for ordering, uniq for counting duplicate lines.

8. Use sed to modify SELinux configuration (disable enforcing mode):

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

Result: changes enforcing to disabled in the config file.

9. Print the maximum and minimum values from a file:

cat a.txt | sort -nr | awk 'NR==1 {print $0}'   # maximum
cat a.txt | sort -n  | awk 'END {print $0}'   # minimum

Alternative one‑liner: sed 's/ / /g' a.txt | sort -nr | sed -n '1p;$p' 10. Retrieve SNMP v2c data using snmpwalk : snmpwalk -v2c -c public 192.168.0.241 11. Replace lines ending with jk with yz in a file: sed -e 's/jk$/yz/g' b.txt 12. Capture network packets with tcpdump for a specific host and port: tcpdump -nn host 192.168.56.7 and port 80 To exclude a host:

tcpdump -nn host 192.168.56.7 or ! host 192.168.0.22 and port 80

13. Show the 20 most frequently used commands from Bash history:

cat .bash_history | grep -v ^# | awk '{print $1}' | sort | uniq -c | sort -nr | head -20

14. Delete .log files created more than 3 days ago:

find . -mtime +3 -name "*.log" | xargs rm -rf {} ;

15. Move files larger than 100 KB from a directory to /tmp : find . -size +100k -exec mv {} /tmp ; 16. Configure a firewall to allow only remote access to port 80:

iptables -F
iptables -X
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j REJECT

Alternative using state matching:

iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

17. Generate an Nginx IP access ranking (top 10) from merged logs:

cd /home/logs/nginx/default
sort -m -k4 -o access.logok access.1 access.2 access.3 ...
cat access.logok | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -10

18. Replace a directory path in a file using sed : sed 's:/user/local:/tmp:g' test.txt Or in‑place editing:

sed -i 's:/usr/local:/tmp:g' test.txt