Skip to content

CLI Guide

Introduction

About this Document

The AXS Guard CLI guide serves as a reference source for technical personnel and system administrators. It explains how to use the AXS Guard console tool for advanced troubleshooting.

Examples used in this Guide

All setups and configuration examples in this guide are executed as an advanced administrator. Some options are not available if you log in as a full administrator or a user with lower access privileges.

As software development and documentation are ongoing processes, the screenshots shown in this guide may slightly deviate from the current user interface.

Local Access to the Console

About

The console tool is a text-based command line interface (CLI) to edit and display critical AXS Guard configuration parameters via menus. It also allows you to execute commands for advanced troubleshooting, such as network traffic analysis.

There are 2 ways to access the AXS Guard console tool:

Method Description

Local Access

Connect a keyboard and monitor directly to the AXS Guard appliance. Access privileges to the console tool are required.

Remote Access

The user connects to the AXS Guard console from a remote PC with an SSH client. Access privileges to the console tool and a key pair are both required.

Connecting a Keyboard and Screen

You can access the console tool locally by connecting a keyboard and monitor to the rear connectors of the AXS Guard appliance (shown below). Only users with console tool access privileges can log in to the console tool. Another option is to log in with the sysadmin account, which has access to the console tool by default.

AXS Guard Connectors for Display and Keyboard

Info

  • USB keyboards are not supported.
  • QWERTY (US) is the default keyboard layout.

Providing Access to the Console

Important

  • This is not required for the sysadmin account, which has access by default.
  • The console tool is only accessible to users with basic administrator privileges or above.
  1. Log in to the AXS Guard appliance.

  2. Navigate to Users & Groups > Users.

  3. Click on the user name of the administrator who needs access to the AXS Guard console tool.

  4. Click on the AXS Guard Administration Tab.

  5. Check the Console Tool Access option.

  6. Copy the public RSA or DSA key of the user into the public key field (only required for remote access).

  7. Update your configuration.

    Allowing Access to the Console Tool

Parameter

Description

Console Tool Access

Check to enable access to the console tool.

Console Tool RSA/DSA Public Key

Copy and paste the user’s public key, generated with ssh-keygen or PuTTYgen.

Logging in to the Console Tool

  1. Press Alt + F2 to log in to the AXS Guard console tool.

  2. Log in with the sysadmin account or a user with console tool access.

    Console Login Screen

Info

See the AXS Guard Getting Started and System Administration guides for additional information about the sysadmin account.

Remote Access to the Console

Prerequisites

The following is required to log in to the console tool from a remote host:

  • A user with console tool access privileges.

  • A valid DSA or RSA key pair, generated with PuTTY or ssh-keygen.

  • A host with an SSH client, e.g. PuTTY.

Windows

PuTTY Key Generator

PuTTYgen is a free RSA and DSA key pair generator, manager and converter for use with the Windows PuTTY client. Use PuTTYgen to generate the required key pairs to access the AXS Guard console tool.

Windows PuTTYgen Application

About Key Pairs

A key pair is a set of digital keys; a public key, which needs to be copied to the AXS Guard, and a private key, which needs to be securely stored on the client workstation or another portable medium, such as a portable USB drive. The private key must be secured and not be accessible to anyone but the intended user. A public key is identified by its key fingerprint.

About Key Fingerprints

A key fingerprint is a string of numbers and characters or ASCII art that uniquely identifies a public key.

The key fingerprint is shown when connecting to the AXS Guard console tool for the first time. It is up to the user to inspect, verify and accept (or deny) the key on the client side. This verification is an extra step towards security and exists to prevent man-in-the-middle (MITM) attacks.

Generating a Key Pair with PuTTYgen

  1. Start the PuTTYgen application.

  2. Select the type of key to generate, e.g. SSH-2 RSA. This is the default type.

  3. Generate your key pair.

  4. Log in to the AXS Guard appliance and copy / paste the public key into the appropriate user profile with console tool access privileges.

  5. Store your private key in a secure location, preferably in a private (encrypted) folder.

    Public Key to copy to AXS Guard

Important

  • It is highly recommended to protect your private key with a strong password. The private key must not be accessible to anyone but the intended user. A password protects your private key against theft or accidental loss.
  • PuTTYgen automatically adds extra information to the public key when it is saved to a file. Do no copy the contents of the file to the AXS Guard profile of the user with console tool access privileges or the SSH connection will fail. Copy and paste the public key instead.

Logging in to the Console with PuTTY

PuTTY is a free and open-source SSH (Secure Shell) and Telnet client, developed for Windows platforms.

  1. Start the PuTTY application.

  2. Go to Window > Translation and change the remote character set to iso-8859-5.

  3. Go to Connection > Data and enter the AXS Guard user name in the auto-login username field. This is the user with console tool access privileges. Use the correct cases, as usernames are case-sensitive.

  4. Navigate to Connection > SSH > Auth and add the user’s private key to the authentication parameters.

  5. Go to Session and enter the LAN IP address of the AXS Guard, e.g. 192.168.250.254. Press enter to connect.

    image

Info

  • Save your session so you don’t have to reconfigure the PuTTY client the next time you log in.
  • If your private key is password-protected (recommended), you will be prompted to enter it before connecting to the AXS Guard console tool.

Unix-like Operating Systems

Generating a Key Pair with ssh-keygen

It is highly recommended to protect your private key with a password. The private key must not be accessible to anyone but the intended user.

ssh-keygen is a Linux command to generate, manage and convert RSA and DSA authentication keys. It supports the creation of keys for the SSH protocol versions 1 and 2.

To generate a key pair with ssh-keygen:

  1. Start a console.

  2. Type ssh-keygen without any arguments and press enter.

  3. Follow the on-screen instructions.

  4. Copy and paste the contents of the public key file into the AXS Guard profile of the user with console tool access privileges.

    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/axsguard
    Enter passphrase (empty for no passphrase): *********************
    Enter same passphrase again: *********************
    Your identification has been saved in /home/user/.ssh/axsguard.
    Your public key has been saved in /home/user/.ssh/axsguard.pub.
    The key fingerprint is:
    20:cb:b6:a6:c5:81:73:ac:6f:b9:f2:f8:d8:9b:d2:01 user@user
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |    . .          |
    |  E+ o .         |
    |  o.B   S        |
    |   *.o           |
    |  ..=o           |
    |  oO+.           |
    |  +*Oo           |
    +-----------------+

Logging in to the Console with SSH

SSH stands for Secure Shell. ssh is a free program which allows remote users to securely log in to another computer.

To log in to the AXS Guard console tool with ssh:

  1. Start a Linux console.

  2. Specify the private key with the -i parameter, e.g.:

    ssh -i /home/yourhomedir/.ssh/axsguard admin@192.168.250.254

Info

  • If your private key is password-protected (recommended), you will be prompted to enter it before connecting to the console tool.
  • Replace yourhomedir with the appropriate path.
  • Replace admin with the appropriate user.
  • Replace 192.168.250.254 with the LAN IP address of your AXS Guard appliance.

AXS Guard Console Tool

Console Tool Menus

General Information

General System Information

Menu Item

Description

Date and Time

Shows the current system date and time in the MM/DD/YY format. The current system time is displayed in the HH:MM:SS format. A correct system time is crucial for time-sensitive processes, such as DIGIPASS and Kerberos authentication.

Uptime

Shows the system’s uptime and current load average.

  • Load < 1: There are no processes waiting. The number of processes to be handled is inferior to the CPU’s capabilities.

  • Load = 1: There are no processes waiting. The processes are handled as soon as they are invoked. The system’s operation is optimal.

  • Load > 1: The number of processes to be handled is temporarily exceeding the capabilities of the system’s CPU(s). The processes are queued.

Serial Number

Shows the serial number of your appliance. It contains the same information as shown under System > Status > System Info in the system’s web-based configuration tool. Note that virtual appliances do not have a serial number.

License Number

The software license number of your appliance.

Host Key

The host key of your appliance. The host key is linked to your software license.

Network

Network Interface Settings

Submenu

Description

Status

Shows the runtime information of the selected network interface.

Configuration

Select this option to configure the network devices of the appliance. Use the CIDR notation to assign IP addresses, e.g. 192.168.250.254/24. Note that a system reboot is required to activate the new settings.

Rescue

Select to open TCP ports 22 and 82 of the primary secure LAN device of the appliance in case these ports were accidentally closed. The primary secure LAN device is used by:

  • The web-based configuration tool

  • The proxy server

  • DNS zone transfers

  • The synchronization of appliances in a High Availability configuration

System

System Menu

Submenu

Description

Reboot

Select to reboot the appliance, e.g. in case you cannot reboot the appliance via the web-based administrator tool.

Shutdown

Select to shut down the appliance, e.g. in case you cannot shut it down via the web-based administrator tool.

Factory Default

Select to restore the appliance to its factory default settings.

Back up your system!

Resetting the appliance to its factory default settings will:

  • Reset the sysadmin password to the system default value.
  • Delete all configured users, groups, computers and other system configuration settings.
  • Delete all user data, such as e-mails.
  • Delete the latest IPS rule sets and virus definitions.
  • Clear out the customer information.
  • Delete the license and change the configuration key. See the section about relicensing.

Utilities

Utilities Menu

Select this menu to access the shell of the AXS Guard appliance. The shell allows you to execute commands to troubleshoot problems. A list of available commands is provided at the end of this document.

Useful Console Commands

Getting Help

Info

For assistance with a particular command, go to http://linux.die.net/man/

Current Kernel Version

The uname -r command shows the current AXS Guard kernel version. This information is useful if you intend to deploy AXS Guard in a virtual environment.

4.14-axs-virtual

The w command

w displays information about the users that are currently logged on to the appliance and their processes. The header shows the current time, how long the system has been running, how many users are currently logged on and the system load averages for the past 1, 5, and 15 minutes.

The uptime command

uptime tells you how long the appliance has been running.

13:14:32 up  2:07,  0 users,  load average: 0.73, 1.12, 1.10

The ip Command

The ip command must not be used to change any IP settings. Use the Administrator Tool or the Interfaces menu instead.

ip addr list

Displays the information of all available AXS Guard network interfaces.

ip addr list eth0

Displays the information of a specific AXS Guard network interface, e.g. eth0

  • link/ether: The MAC address of the specified network interface, e.g. 00:0C:29:38:24:16.

  • inet: The IP address and subnet mask (CIDR notation) of the specified network interface, e.g. 192.168.208.254/24.

  • brd: The Broadcast IP address of the subnet to which the interface is connected, e.g. 192.168.208.255.

The ifconfig Command

Important

  • The ifconfig command must not be used to change any IP settings. Use the Administrator Tool or the Interfaces menu instead.
  • Aliases are not shown with ifconfig. Use the ip command to display alias information.

ifconfig

If no arguments are provided, ifconfig displays the status of all active network interfaces, physical and virtual (VLANs).

ifconfig eth0

Displays the information of the eth0 device. If eth1 is provided as an argument, only the information for the eth1 device is displayed, etc.

  • Hwaddr: The MAC address of the specified network interface, e.g. 00:0C:29:38:24:16

  • inet addr: The IP address of the specified network interface, e.g. 192.168.208.254.

  • Bcast: The Broadcast IP address of the subnet to which the interface is attached, e.g. 192.168.208.255.

  • Mask: The Subnet Mask or network segment in which the interface operates, e.g. 255.255.255.0

[zed@isdead ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:08:54:56:2E:BB
          inet addr:10.32.64.162  Bcast:10.32.64.255  Mask:255.255.255.0
          inet6 addr: fe80::208:54ff:fe56:2ebb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2246368 errors:0 dropped:172 overruns:0 frame:0
          TX packets:1271927 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2670287774 (2546.5 Mb)  TX bytes:114690905 (109.3 Mb)
          Interrupt:16 Base address:0xcc00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8640 (8.4 Kb)  TX bytes:8640 (8.4 Kb)

The ping command

ping -b

pings a broadcast address to check which hosts are alive (up), e.g. ping -b 192.168.1.255

ping -c

pings the number of times specified, e.g. ping -c 3 192.168.250.254

ping -I

pings from a specific network device, e.g. ping -I 192.168.250.254 www.google.com

Packet Tracing with traceroute

traceroute -i

Specifies the interface through which traceroute should send packets, e.g. traceroute -i eth1 www.google.com.

traceroute -m

Specifies the maximum number of hops (max time-to-live value) traceroute will probe, e.g. traceroute -m 15 www.google.com. The default is 30.

Packet Tracing with tracepath

tracepath -n

Only shows the IP addresses, e.g. tracepath -n www.vasco.com

tracepath -b

Shows the hostnames and corresponding IP addresses, e.g. tracepath -b www.vasco.com

Monitoring Bandwidth Usage with iftop

iftop -i

Specifies the interface for which network traffic information is to be displayed, e.g. iftop -i eth0

iftop -F

Displays the network traffic from and to the specified IP address , e.g. iftop -i eth0 -F 192.168.250.254

iftop -n

Do not perform host name lookups, e.g. iftop -i eth0 -n -F 192.168.250.254

iftop -B

Displays bandwidth rates in bytes per second rather than bits per second, e.g. iftop -i eth0 -n -B -F 192.168.250.254

iftop -P

Displays the ports (IP / Port pairs), e.g. iftop -i eth0 -n -B -P -F 192.168.250.254

Using grep to search through Files

grep -i

Toggles case insensitive pattern search, e.g. grep -i 'drop' 2008-09-29

grep -r

Toggles recursion. Search all files recursively within a specified directory, e.g. grep -ir 'drop' /log/fw

grep -v

Excludes the specified string from the search, e.g. grep -iv 'drop' /log/fw/2008-09-29

Examples

This example demonstrates how to search for network traffic which was:

  • dropped by the Firewall

  • logged on June 11th 2009 between 10:15 AM and 10:20 AM (10:20 AM is not included in the result)

grep -i 'drop' /log/fw/ | grep '10:1'

This example demonstrates how to search for network traffic in the proxy logs that is related to the access of a specific website (www.google.com).

grep -ir 'www.google.com' /log/proxy

This example demonstrates how to search for network traffic which was:

  • dropped by the Firewall

  • logged on June 11th 2009 between 10:15 AM and 10:20 AM (10:20 is excluded from the result) and

  • not originating from source IP 172.16.77.1

grep -i 'drop' /log/fw/2009-06-11 | grep -v '172.16.77.1' | grep '10:1'

Viewing Log Entries with tail

tail file

file is the path to the file, including the file name, e.g. tail /log/fw/fileX

tail -f

Displays data as it is appended to the file in real-time, e.g. tail -f /log/fw/fileX

Analyzing Network Traffic with tcpdump

Command Options

tcpdump -i

Specifies the network interface to capture traffic from, e.g. tcpdump -i eth0

tcpdump -n

Does not resolve IP addresses to host names. Only displays IP addresses, e.g. tcpdump -ni eth0

tcpdump -v

Produces verbose output, such as TTL, ICMP header checksum, etc., e.g. tcpdump -v -ni eth0

tcpdump -c

Specifies the number of packets to capture, e.g. tcpdump -vvv -c10 -ni eth0

tcpdump -s

Specifies the length (in bytes) of each packet to be captured, rather than the default of 68, e.g. tcpdump -vvv -c10 -ni eth0 -s0 Setting the value to 0 means that tcpdump automatically uses the required length.

tcpdump -w

Writes the raw packets to a file rather than parsing them and displaying them on the screen, e.g. tcpdump -vvv -c10 -ni eth0 -s0 -w mydumpfile. This option is used to analyze the packets with a protocol analyzer, such as Wireshark.

  • More verbose output is provided for each additional v, e.g. tcpdump -vvv -ni eth0

  • Consult the online tcpdump man page for additional information.

Matching Network Traffic

The output of the tcpdump command can be matched with the following:

  • A specific destination or source host, e.g. dst host 192.168.250.254

  • A specific destination or source port, e.g. dst port 80

  • A specific network protocol, e.g. udp port 53

  • Matches can be combined using the and, or & not operands.

Examples

tcpdump -ni eth0 host 192.168.250.254

Captures network packets on the eth0 network interface that match with IP address 192.168.250.254.

tcpdump -ni eth0 port 22

Captures network packets on the eth0 network interface and displays all network traffic related to port 22 (SSH).

tcpdump -ni eth0 icmp

Captures network packets on the eth0 network interface and displays all ICMP network traffic.

tcpdump -ni eth0 host 192.168.250.254 and port 25

Captures network packets on the eth0 network interface that match with IP address 192.168.250.254. Only network traffic related to port 25 (SMTP) is captured.

tcpdump -ni eth0 host 192.168.250.254 and not port 22

Captures network packets on the eth0 network interface that match with IP address 192.168.250.254. All traffic is displayed, except traffic related to port 22 (excluded).

tcpdump -ni eth0 host 192.168.250.254 and not port 22 -s0

Performs the same operation as explained in the previous example, but in addition tcpdump automatically captures the required packet length, since the -s0 parameter is added.

tcpdump -ni eth0 host 192.168.250.254 and not port 22 -s0 -w mycapfile

Performs the same operation as explained in the previous example, but in addition the command output is written to a file, allowing further analysis with a protocol analyzer, such as Wireshark.

Press CTRL + C to exit tcpdump

Telnet

telnet -4 host.domain.com

Forces IPv4 address resolution.

telnet -6 host.domain.com

Forces IPv6 address resolution.

Netcat

Common uses include:

  • simple TCP proxies

  • network daemon testing

  • SOCKS or HTTP ProxyCommand for ssh

nc -l 2389

Starts server mode on the specified port and listens for incoming connections.

nc somehost.com 2389

Starts client mode and tries to connect to the specified host on the specified port

Dig

dig google.com

Queries the DNS server(s) as configured on your system and returns any record that matches google.com.

dig mx google.com @1.1.1.1

Specifically queries the DNS server with IP 1.1.1.1 for the MX record of the Google domain.

Nslookup

nslookup www.vasco.com
Server:         10.32.64.1
Address:        10.32.64.1#53

Non-authoritative answer:
Name:   www.vasco.com
Address: 62.58.227.146

nslookup followed by a domain name will display the A Record (IP Address) of that domain.

nslookup -query=mx google.com
Server:         10.32.64.1
Address:        10.32.64.1#53

Non-authoritative answer:
google.com      mail exchanger = 50 alt4.aspmx.l.google.com.
google.com      mail exchanger = 20 alt1.aspmx.l.google.com.
google.com      mail exchanger = 40 alt3.aspmx.l.google.com.
google.com      mail exchanger = 30 alt2.aspmx.l.google.com.
google.com      mail exchanger = 10 aspmx.l.google.com.

Looks up the MX record for the specified domain name and lists the mail exchange servers for that domain.

Mtr

mtr is a network diagnotic tool that combines the functionalities of the traceroute and the ping commands.

mtr www.axsguard.com

iperf

iperf is a command that enables system administrators to measure the network bandwidth and check the quality of a network link.

iperf -c 1.1.1.1

Client connecting to IP 1.1.1.1 on TCP port 5001 (iperf default)

Troubleshooting

The AXS GUARD ConsoleTool option is not available

  • You can only enable Console Tool access for a user if you are logged on to the AXS Guard Administrator Tool as an advanced administrator. More information about AXS Guard user levels is available in the AXS Guard System Administration How To, which can be accessed by clicking on the permanently available Documentation button in the Administration Tool.

  • Ensure that you have selected Basic Administration or above for the given user.

The user cannot log on to the AXS GUARD Console Tool

  • Verify if the Public Key has been copied correctly. The smallest error will prevent the user from logging on.

  • Verify if the user is allowed to access the console.

  • Verify whether the user login option is enabled in the user’s AXS Guard profile.

  • Verify if the credentials are entered correctly. Check your keyboard layout. US QWERTY is the default keyboard layout.

Console Tool rendering issues

Change the value of the TERM variable to an appropriate value for your terminal program. The $TERM shell value in Ubuntu and PuTTY defaults to xterm for a console login. The TERM variable stores the name of an entry in the terminfo database that helps the OS determine how to display information in your terminal. Changing the TERM value to vte for terminals that use the GTK console input widget resolves the issue. Alternatively, you can use the xterm program to log in to the console; no extra configuration is required.

Issue with Console Tool menu borders

PuTTY uses utf-8 encoding by default, which is not yet supported by the AXS Guard console tool. Change the character set in PuTTY to iso-8859-5 to solve this issue (window > translation).

Borders with Default PuTTY Character Set

Support

If you encounter a problem

If you encounter a problem with AXS Guard, follow the steps below:

  1. Check the troubleshooting section of the feature-specific manual.

  2. Check the knowledge base on this site for information about special configurations.

  3. If no solution is available in any of the above sources, contact your AXS Guard vendor.

Contact Information

(+32) 15-504-400
support@axsguard.com

List of available commands

arp (8)

manipulate the system ARP cache

arpd (8)

userspace arp daemon.

base64 (1)

base64 encode/decode data and print to standard output

basename (1)

strip directory and suffix from filenames

bash (1)

GNU Bourne Again SHell

bashbug (1)

report a bug in bash

c_rehash (1)

Create symbolic links to files named by the hash values

cat (1)

concatenate files and print on the standard output

chage (1)

change user password expiry information

chcon (1)

change file security context

chfn (1)

change real user name and information

chgpasswd (8)

update group passwords in batch mode

chgrp (1)

change group ownership

chmod (1)

change file mode bits

chown (1)

change file owner and group

chpasswd (8)

update passwords in batch mode

chsh (1)

change login shell

chvt (1)

change foreground virtual terminal

cksum (1)

checksum and count the bytes in a file

clear (1)

clear the terminal screen

comm (1)

compare two sorted files line by line

compress (1)

compress and expand data

cp (1)

copy files and directories

csplit (1)

split a file into sections determined by context lines

ctstat (8)

unified linux network statistics

cut (1)

remove sections from each line of files

date (1)

print or set the system date and time

dd (1)

convert and copy a file

deallocvt (1)

deallocate unused virtual consoles

df (1)

report file system disk space usage

dig (1)

DNS lookup utility

dir (1)

list directory contents

dircolors (1)

color setup for ls

dirname (1)

strip last component from file name

dnsdomainname (1)

show the system’s DNS domain name

domainname (1)

show or set the system’s NIS/YP domain name

du (1)

estimate file space usage

dumpkeys (1)

dump keyboard translation tables

echo (1)

display a line of text

egrep (1)

print lines matching a pattern

env (1)

run a program in a modified environment

expand (1)

convert tabs to spaces

expiry (1)

check and enforce password expiration policy

expr (1)

evaluate expressions

factor (1)

factor numbers

faillog (8)

display faillog records or set login failure limits

false (1)

do nothing, unsuccessfully

fgconsole (1)

print the number of the active VT.

fgrep (1)

print lines matching a pattern

fmt (1)

simple optimal text formatter

fold (1)

wrap each input line to fit in specified width

free (1)

Display amount of free and used memory in the system

gawk (1)

pattern scanning and processing language

getkeycodes (8)

print kernel scancode::to::keycode mapping table

gpasswd (1)

administer /etc/group and /etc/gshadow

grep (1)

print lines matching a pattern

groupadd (8)

create a new group

groupdel (8)

delete a group

groupmems (8)

administer members of a user’s primary group

groupmod (8)

modify a group definition on the system

groups (1)

display current group names

grpck (8)

verify integrity of group files

grpconv (8)

convert to and from shadow passwords and groups

grpunconv (8)

convert to and from shadow passwords and groups

gunzip (1)

compress or expand files

gzexe (1)

compress executable files in place

gzip (1)

compress or expand files

head (1)

output the first part of files

host (1)

DNS lookup utility

hostid (1)

print the numeric identifier for the current host

hostname (1)

show or set the system’s host name

id (1)

print real and effective user and group IDs

ifconfig (8)

configure a network interface

iftop (8)

display bandwidth usage on an interface by host

igawk (1)

gawk with include files

install (1)

copy files and set attributes

ip (8)

show / manipulate routing, devices, policy routing and tunnels

iperf (1)

perform network throughput tests

join (1)

join lines of two files on a common field

kbd_mode (1)

report or set the keyboard mode

kbdrate (8)

reset the keyboard repeat rate and delay time

kill (1)

send a signal to a process

lastlog (8)

reports the most recent login of all users or of a given user

less (1)

opposite of more

lessecho (1)

expand metacharacters

lesskey (1)

specify key bindings for less

link (1)

call the link function to create a link to a file

ln (1)

make links between files

lnstat (8)

unified linux network statistics

loadkeys (1)

load keyboard translation tables

loadunimap (8)

load the kernel unicode::to::font mapping table

login (1)

begin session on the system

logname (1)

print user’s login name

logoutd (8)

enforce login time restrictions

ls (1)

list directory contents

lspci (8)

list all PCI devices

mapscrn (8)

load screen output mapping table

md5sum (1)

compute and check MD5 message digest

mkdir (1)

make directories

mkfifo (1)

make FIFOs (named pipes)

mkhomedir_helper (8)

Helper binary that creates home directories

mknod (1)

make block or character special files

mktemp (1)

create a temporary file or directory

mtr (8)

a network diagnostic tool

mv (1)

move (rename) files

nameif (8)

name network interfaces based on MAC addresses

netcat (1)

GNU Netcat Manual

netstat (8)

Print network connections, routing tables, interface statistics, masquerade connections, and m…

newgidmap (1)

set the gid mapping of a user namespace

newgrp (1)

log in to a new group

newuidmap (1)

set the uid mapping of a user namespace

newusers (8)

update and create new users in batch

nice (1)

run a program with modified scheduling priority

nisdomainname (1)

show or set system’s NIS/YP domain name

nl (1)

number lines of files

nm (1)

list symbols from object files

nohup (1)

run a command immune to hangups, with output to a non::tty

nproc (1)

print the number of processing units available

nslookup (1)

query Internet name servers interactively

nstat (8)

network statistics tools.

numfmt (1)

Convert numbers from/to human::readable strings

objdump (1)

display information from object files.

od (1)

dump files in octal and other formats

openssl (1)

OpenSSL command line tool

openvt (1)

start a program on a new virtual terminal (VT).

pam_tally (8)

The login counter (tallying) module

pam_tally2 (8)

The login counter (tallying) module

pam_timestamp_check (8)

Check to see if the default timestamp is valid

passwd (1)

compute password hashes

paste (1)

merge lines of files

pathchk (1)

check whether file names are valid or portable

pgrep (1)

look up or signal processes based on name and other attributes

pinky (1)

lightweight finger

pkill (1)

look up or signal processes based on name and other attributes

plipconfig (8)

fine tune PLIP device parameters

pmap (1)

report memory map of a process

pr (1)

convert text files for printing

printenv (1)

print all or part of environment

printf (1)

format and print data

ps (1)

report a snapshot of the current processes.

psfaddtable (1)

add a Unicode character table to a console font

psfgettable (1)

extract the embedded Unicode character table from a console font

psfstriptable (1)

remove the embedded Unicode character table from a console font

psfxtable (1)

handle Unicode character tables for console fonts

ptx (1)

produce a permuted index of file contents

pwck (8)

verify integrity of password files

pwconv (8)

convert to and from shadow passwords and groups

pwd (1)

print name of current/working directory

pwdx (1)

report current working directory of a process

pwunconv (8)

convert to and from shadow passwords and groups

rarp (8)

manipulate the system RARP table

readelf (1)

Displays information about ELF files.

readlink (1)

print resolved symbolic links or canonical file names

realpath (1)

print the resolved path

reset (1)

terminal initialization

resizecons (8)

change kernel idea of the console size

rm (1)

remove files or directories

rmdir (1)

remove empty directories

route (8)

show / manipulate the IP routing table

routef (8)

flush routes

routel (8)

list routes with pretty output format

rtacct (8)

network statistics tools.

rtmon (8)

listens to and monitors RTnetlink

rtstat (8)

unified linux network statistics

runcon (1)

run command with specified security context

scp (1)

secure copy (remote file copy program)

sed (1)

stream editor for filtering and transforming text

seq (1)

print a sequence of numbers

setfont (8)

load EGA/VGA console screen font

setkeycodes (8)

load kernel scancode::to::keycode mapping table entries

setleds (1)

set the keyboard leds

setmetamode (1)

define the keyboard meta key handling

setpci (8)

configure PCI devices

setvtrgb (8)

set the virtual terminal RGB colors

sftp (1)

secure file transfer program

sg (1)

execute command as different group ID

sha1sum (1)

compute and check SHA1 message digest

sha224sum (1)

compute and check SHA224 message digest

sha256sum (1)

compute and check SHA256 message digest

sha384sum (1)

compute and check SHA384 message digest

sha512sum (1)

compute and check SHA512 message digest

showconsolefont (8)

Show the current EGA/VGA console screen font

showkey (1)

examine the codes sent by the keyboard

shred (1)

overwrite a file to hide its contents, and optionally delete it

shuf (1)

generate random permutations

size (1)

list section sizes and total size.

slabtop (1)

display kernel slab cache information in real time

slattach (8)

attach a network interface to a serial line

sleep (1)

delay for a specified amount of time

slogin (1)

OpenSSH SSH client (remote login program)

sort (1)

sort lines of text files

split (1)

split a file into pieces

ss (8)

another utility to investigate sockets

ssh (1)

OpenSSH SSH client (remote login program)

ssh::add (1)

adds private key identities to the authentication agent

ssh::agent (1)

authentication agent

ssh::keygen (1)

authentication key generation, management and conversion

ssh::keyscan (1)

gather ssh public keys

sshd (8)

OpenSSH SSH daemon

stat (1)

display file or file system status

stdbuf (1)

Run COMMAND, with modified buffering operations for its standard streams.

strings (1)

print the strings of printable characters in files.

stty (1)

change and print terminal line settings

su (1)

change user ID or become superuser

sum (1)

checksum and count the blocks in a file

sync (1)

Synchronize cached writes to persistent storage

sysctl (8)

configure kernel parameters at runtime

tabs (1)

set tabs on a terminal

tac (1)

concatenate and print files in reverse

tail (1)

output the last part of files

tc (8)

show / manipulate traffic control settings

tcpdump (1)

dump traffic on a network

tee (1)

read from standard input and write to standard output and files

telnet (1)

User interface to TELNET

test (1)

check file types and compare values

tftp (1)

TFTP client

timeout (1)

run a command with a time limit

tload (1)

graphic representation of system load average

top (1)

display Linux processes

touch (1)

change file timestamps

tput (1)

initialize a terminal or query terminfo database

tr (1)

translate or delete characters

traceroute (8)

print the route packets trace to network host

true (1)

do nothing, successfully

truncate (1)

shrink or extend the size of a file to the specified size

tset (1)

terminal initialization

tsort (1)

perform topological sort

tty (1)

print the file name of the terminal connected to standard input

uname (1)

print system information

unexpand (1)

convert spaces to tabs

unicode_start (1)

put keyboard and console in unicode mode

unicode_stop (1)

revert keyboard and console from unicode mode

uniq (1)

report or omit repeated lines

unix_chkpwd (8)

Helper binary that verifies the password of the current user

unix_update (8)

Helper binary that updates the password of a given user

unlink (1)

call the unlink function to remove the specified file

update::pciids (8)

download new version of the PCI ID list

uptime (1)

Tell how long the system has been running.

useradd (8)

create a new user or update default new user information

userdel (8)

delete a user account and related files

usermod (8)

modify a user account

users (1)

print the user names of users currently logged in to the current host

vdir (1)

list directory contents

vigr (8)

edit the password, group, shadow::password or shadow::group file

vipw (8)

edit the password, group, shadow::password or shadow::group file

vmstat (8)

Report virtual memory statistics

w (1)

Show who is logged on and what they are doing.

watch (1)

execute a program periodically, showing output fullscreen

wc (1)

print newline, word, and byte counts for each file

who (1)

show who is logged on

whoami (1)

print effective userid

yes (1)

output a string repeatedly until killed

ypdomainname (1)

show or set the system’s NIS/YP domain name

zcat (1)

compress or expand files

zcmp (1)

compare compressed files

zdiff (1)

compare compressed files

zforce (1)

force a .gz extension on all gzip files

zgrep (1)

search possibly compressed files for a regular expression

zless (1)

file perusal filter for crt viewing of compressed text

zmore (1)

file perusal filter for crt viewing of compressed text

znew (1)

recompress .Z files to .gz files