Find Files from Shell

find <path> -name <filename>

Find largest files

# List all files bigger than 100M
find / -xdev -type f -size +100M

# List all files bigger than 100M + details
find / -xdev -type f -size +100M -exec ls -la {} \; | sort -nk 5

# List top 50 files bigger than 100M, sort from the largest
find / -xdev -type f -size +100M -exec du -sh {} ';' | sort -rh | head -n50


Clear Memory Cache & Buffer

# Clear PageCache only (OK in production)
sudo sh -c "sync; echo 1 > /proc/sys/vm/drop_caches"

# Clear dentries and inodes
sudo sh -c "sync; echo 2 > /proc/sys/vm/drop_caches"

# Clear PageCache, dentries and inodes
sudo sh -c "sync; echo 3 > /proc/sys/vm/drop_caches"


  1. https://www.tecmint.com/clear-ram-memory-cache-buffer-and-swap-space-on-linux/
  2. https://unix.stackexchange.com/questions/58553/how-to-clear-memory-cache-in-linux
  3. https://stackoverflow.com/questions/29870068/what-are-pagecache-dentries-inodes

See process pid information

cat /proc/<pid>/status

Check system message

sudo tail -f /var/log/syslog
sudo dmesg

Double dash

Double dash in linux, for example:

grep -- -v file

Is used to signify the end of optional parameters. From that point onward positional parameters will be accepted.

See here


Split a line into multiple values. Use space as separator.

# Will print first column
ls -l | awk '{print $1}'

# Will print all columns
ls -l | awk '{print $0}'


Cat each files in this directory.

ls -l | awk '{print $9}' | xargs -I{} cat {}


Considering that we have file test.txt containing this:


And we want to get the list of the second column only, we can do this using cut:

cat test.txt | cut -d';' -f2


Word counting in Unix.

# Count number of lines from stdout
sudo ls | wc -l

Communication via Socket

  1. https://en.wikipedia.org/wiki/Unix_file_types
  2. https://askubuntu.com/questions/372725/what-are-socket-files
  3. https://unix.stackexchange.com/questions/243265/how-to-get-more-info-about-socket-file
  4. https://troydhanson.github.io/network/Unix_domain_sockets.html

Removing an ipaddress from known_hosts

ssh-keygen -R <ipaddress>

Check how many file descriptors are being used

# Find out pid of the process first
ps aux | grep <process-name>

# Check file descriptors being used by a particular process (Opt 1)
lsof -a -p <pid>

# Check file descriptors being used by a particular process (Opt 2)
cd /proc/28290/fd

# Then do
ls -l | less

# Or
ls -l | wc -l

# Check file descriptors being used (total)
lsof | wc -l

See also here

Measuring request and response time using curl

curl -X <request-type> \
  -w %{time_connect}:%{time_starttransfer}:%{time_total} \
  server:port \
  -d <payload>

See also here


Manually executing log rotation

For global logrotate:

sudo logrotate -v -f /etc/logrotate.conf

For a single conf file:

sudo logrotate -v -f /etc/logrotate.d/someapp.conf


Some references for auditing our machines.