Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Universal configuration monitoring and system of record for IT.
Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!
Hide

Top Tags

Hide

Functions

Hide

Credits

Commands using grep from sorted by
Terminal - Commands using grep - 1,620 results
(bzcat BZIP2_FILES && cat TEXT_FILES) | grep -E "Invalid user|PAM" | grep -o -E "from .+" | awk '{print $2}' | sort | uniq >> /etc/hosts.deny
2010-01-03 04:41:51
User: jayhawkbabe
Functions: awk cat grep sort uniq
3

Searches all log files (including archived bzip2 files) for invalid user and PAM authentication errors, both of which are indicative of brute force attempts at logging into computer. A list of all unique IP addresses and domain names is appended to hosts.deny. The command (and grep error messages) will work on Mac OS X 10.6, small adjustments may be needed for other OSs.

dpkg --get-selections | grep linux-image
find . -exec grep $foo {} \; -print
2009-12-30 17:41:44
User: linuxgeek
Functions: find grep
-1

The command will help to print the location of the pattern. Above command will print all the files which contain variable "$foo" along with line containing that pattern.

Specify pattern after "grep"

stop () { ps -ec | grep $@ | kill -SIGSTOP `awk '{print $1}'`; }
2009-12-27 19:40:09
User: iridium172
Functions: grep kill ps
1

Add that and "cont () { ps -ec | grep $@ | kill -SIGCONT `awk '{print $1}'`; }" (without the quotes) to you bash profile and then use it to pause and resume processes safely

$class=ExampleClass; $path=src; for constant in `grep ' const ' $class.php | awk '{print $2;}'`; do grep -r "$class::$constant" $path; done
find . -name '*png' -printf '%h\0' | xargs -0 ls -l --hide=*.png | grep -ZB1 ' 0$'
php -i | grep php.ini
2009-12-23 15:52:20
User: jemmille
Functions: grep
Tags: bash grep PHP
5

Quick and easy way to find out which php.ini file is being used. Especially useful if you just need to find the location of the file for editing purposes.

DIR=. ; FSTYPE=$(df -TP ${DIR} | grep -v Type | awk '{ print $2 }') ; echo "${FSTYPE}"
2009-12-22 14:01:50
User: unixhome
Functions: awk df echo grep
1

Exclude 400 client hosts with NFS auto-mounted home directories.

Easily modified for inclusion in your scripts.

getent shadow | grep '^[^:]\+:!' | cut -d: -f1
getent shadow | while IFS=: read a b c; do grep -q '!' <<< "$b" && echo "$a LOCKED" || echo "$a not locked"; done
2009-12-18 15:24:19
User: sputnick
Functions: echo getent grep read
0
man 5 shadow

I think it's more reliable, because

passwd -S

dont show "locked" but "L" as second field on my Archlinux for a particular user.

( unixhome alternative ).

awk -F":" '{ print $1 }' /etc/passwd | while read UU ; do STATUS=$(passwd -S ${UU} | grep locked 2>/dev/null) ; if [[ ! -z ${STATUS} ]] ; then echo "Account ${UU} is locked." ; fi ; done
mtx -f /dev/sg13 status | grep EXPORT | cut -c 56-63
2009-12-18 04:21:51
User: JamesyBoi
Functions: cut grep
0

This reports directly using mtx what Tape is in the mailslot (Import/Export tray) on most autoloaders.

You will need to change /dev/sg13 to your autloader device file and adjust the 63 at the end to your tape label character length(ie 63 for 8 characters 64 for 9 characters)

ps aux | grep [h]ttpd | cat -n
2009-12-17 20:45:44
User: putnamhill
Functions: cat grep ps
Tags: cat
0

If you're on a system that doesn't have nl, you can use cat -n.

ps aux | grep [a]pache2 | nl
2009-12-17 18:48:09
User: donnoman
Functions: grep ps
4

Write each FILE to standard output, with line numbers added. With no FILE, or when FILE is -, read standard input.

watch -d 'sudo smartctl -a /dev/sda | grep Load_Cycle_Count ; sudo smartctl -a /dev/sda | grep Temp'
2009-12-15 00:15:24
User: vxbinaca
Functions: grep sudo watch
2

This command is a great way to check to see if acpi is doing damage to your disks by agressivly parking the read arm and wearing down it's life. As you can see, mine has lost half its life. I'm sure this could be shortened though somehow. It will use smartctl to dump the stats and then grep out just the temperature and load cycles for the disk (a load cycle is when a the read arm comes out of park and wears on the drive).

wget -q -O - http://someonewhocares.org/hosts/ | grep ^127 >> /etc/hosts
2009-12-14 17:11:16
User: torrid
Functions: grep wget
5

The above url contains over 6700 of the common ad websites. The command just pastes these into your /etc/hosts.

dumpe2fs -h /dev/DEVICE | grep 'created'
2009-12-12 14:47:33
User: eastwind
Functions: dumpe2fs grep
7

Knowing when a filesystem is created , you can deduce when an operating system was installed .

find filesystem device (/dev/) informations by using the cat /etc/fstab command.

sysctl -a | grep vm.swappiness
2009-12-11 10:33:35
User: marousan
Functions: grep sysctl
3

it provides the ratio used for the RAM and The SWAP under Linux. When swappiness is high, Swap usage is high. When swappiness is low, Ram usage is high.

od -c <FILE> | grep --color '\\.'
2009-12-11 02:15:48
User: sputnick
Functions: grep od
Tags: od
6

For fancier and cleaner output, try the following snippet :

showendlines(){ while read i; do od --address-radix=n --width=$(wc -c <<< "$i") -c <<< "$i" | perl -pe 's/.\K\s{2,3}//g'; done < $1 | grep --color '\\.'; }

Now you can run that with :

showendlines <FILE>

Thanks to prince_jammys to "debug" my English ;)

locale | grep LANG=
grep -oP '"url":"\K[^"]+' $(ls -t ~/.mozilla/firefox/*/sessionstore.js | sed q)
2009-12-09 20:34:32
User: sputnick
Functions: grep ls sed
0

Require "grep -P" ( pcre ).

If you don't have grep -P, use that :

grep -Eo '"url":"[^"]+' $(ls -t ~/.mozilla/firefox/*/sessionstore.js | sed q) | cut -d'"' -f4
grep -n . datafile ;
grep -Ri searchterm ~/.purple/logs/* | sed -e 's/<.*?>//g'
2009-12-07 19:38:18
User: Nostoc
Functions: grep sed
Tags: pidgin logs
2

will search trought pidgin conversation logs for "searchterm", and output them stripping the html tags. The "sed" command is optionnal if your logs are stored in plain text format.

for i in `mysqladmin -h x.x.x.x --user=root -pXXXX processlist | grep <<username>>| grep <<Locked>>| awk {'print $2'}` do mysqladmin -h x.x.x.x --user=root -pXXX kill $i; done;
ps aux| grep -v grep| grep httpd| awk {'print $2'}| xargs kill -9