Why Learn Linux Commands
- Linux is everywhere: From servers and cloud VMs to routers and CTF boxes, Linux powers the systems you’ll study and defend.
- You think in steps, the shell does the work: Commands are small building blocks. By combining them with pipes and redirection, you automate real tasks quickly.
- Speed & precision for security work: CLI tools are fast, scriptable, and reproducible—perfect for evidence-based workflow.
- Clarity and repeatability: Every command you run leaves a trail you can document, repeat, and share with your team.
- Confidence & control: Knowing what a command does (and its flags) means fewer surprises.
- Career advantage: Whether you become a SOC analyst, pentester, DFIR specialist, or DevOps engineer, solid command-line skills are expected and respected.
Tips: Always test new commands in a safe directory such as ~/playground.
The 15 Commands (Detailed for Beginners)
1. ls — list files and folders
Why: This command is your window into the filesystem. It shows you what files and directories exist where you are. Without it, you’d be navigating blind. With options, it reveals permissions, hidden files, file sizes, and timestamps, which are crucial for understanding context during security investigations or project work.
ls -lahls -l /etc2. pwd — show current directory
Why: Linux doesn’t always display your full path in the prompt. pwd is like GPS—it tells you your exact location in the filesystem. This helps when writing scripts, because relative paths can get confusing. Beginners often get lost, and pwd quickly clears up where you are.
pwd3. cd — move around directories
Why: This is your movement tool. Without cd, you can’t explore or manage different folders. It teaches beginners how paths work: absolute (/home/user/docs) vs relative (../docs). It also introduces shortcuts like cd ~ (home) and cd - (previous folder).
cd /var/logcd ..cd ~cd -4. mkdir — create directories
Why: Organization matters. mkdir helps you structure your workspace—separate logs, scripts, and reports. Beginners learn that Linux folders don’t magically appear; you must create them. With -p, you can build nested folders in one step.
mkdir notesmkdir -p lab/day1/screenshots5. cp — copy files and directories
Why: Beginners often worry about overwriting or losing data. cp lets you make safe copies first. This builds confidence: test on the copy, not the original. In security work, analysts duplicate evidence before examining it, so they don’t alter the source file.
cp report.txt report.bak.txtcp -r src/ src_backup/6. mv — move or rename
Why: Renaming files clearly helps with version control (draft.txt → final.txt). Moving lets you rearrange your workspace. Beginners quickly realize how tidy naming avoids confusion later. In Linux, mv is both ‘move’ and ‘rename’.
mv draft.txt final.txtmv final.txt docs/7. rm — delete files and folders
Why: This teaches respect. rm permanently deletes—there’s no recycle bin. Beginners learn to double-check names. Adding -i makes Linux ask before each deletion, a good habit. In cybersecurity, safe deletion also matters for sensitive files.
rm old.txtrm -r tmp_dirrm -i important.txt8. cat — quick view of file content
Why: Beginners often want to ‘open’ a file. cat streams its content directly in the terminal—simple and fast for small files. It helps students understand text-based configuration and logs. Later, they can combine it with grep for searching.
cat README.md9. grep — search text by pattern
Why: Logs are huge. grep gives beginners a flashlight in the dark—it highlights the lines that matter. This is one of the first ‘power tools’ they’ll love: simple keyword search, case-insensitive matching, or combined with pipes.
grep -in "error" /var/log/syslogdmesg | grep -i usb10. man — built-in manuals
Why: Instead of Googling, beginners can type man. It’s a self-contained library of help. This teaches self-reliance: every command documents itself. Students also learn how to navigate manuals with arrows, search (/word), and quit (q).
man ls11. ps — list running processes
Why: Linux systems often run many processes silently. ps teaches beginners that every task has a PID (process ID). It’s the foundation for managing performance or killing frozen apps. In forensics, it helps identify suspicious activity.
ps aux | headps aux | grep ssh12. touch — create files
Why: This is the simplest way to create a file without opening an editor. It’s useful for quick tests, empty placeholders, or preparing files to edit later. Beginners see that in Linux, everything starts as a file.
touch todo.txt13. wget — download files
Why: Instead of using a browser, wget shows beginners how to fetch directly from the internet. It’s great for pulling scripts, wordlists, or packages during CTFs. It also introduces the idea of URLs as resources.
wget https://example.com/sample.txt14. df — check disk usage
Why: Storage errors confuse beginners. df gives a clear picture of what’s full. With -h, it shows gigabytes instead of raw bytes. Understanding disk space is crucial for avoiding crashes during labs or real operations.
df -h15. wc — count lines, words, and characters
Why: Beginners often underestimate how useful quick statistics are. wc counts words, lines, and characters. It’s perfect for checking log size, analyzing datasets, or even verifying if a file contains expected data.
wc -l access.logwc -w notes.txtwc -m notes.txtQuick Cheat Sheet
- List :
ls -lah - Where am I :
pwd - Move :
cd,mv - Make folder :
mkdir -p path/to/new - Copy :
cp file dest|cp -r dir dest - Delete :
rm file|rm -r dir|rm -i - View :
cat file - Search :
grep -in "text" file - Processes :
ps aux | grep name - Disk space :
df -h - New file :
touch file - Download :
wget URL - Count :
wc -l/-w/-m file - Help :
man <command>
Safety First
- Work in a sandbox: Use
~/playgroundfor learning. - Use
rm -i: Confirm before deletion. - Avoid
sudo: Don’t run as root unless needed.