How to Change user password in Linux

This write-up is being provided to guide you through the procedure of changing your own user password in the application named Linux.

One interesting thing is that you can even forcefully make users change the password used for a login in Linux and that will be discussed here.

The procedural steps that are being provided here in this guide can also be used in other applications like Ubuntu, Debian, and CentOS.

Putting in the required changes in your already existing Password

If you wish to change the login details specifically the user password for your user login you will have to provide the command mentioned below with no other tit- bits following,

 $ passwd

Changing password for linuxize.

(Current) UNIX password:

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

Once you put in the command $ password, a screen with the text mentioned above will pop up asking you the below-mentioned questions,

  • What is your current password?
  • What is the new password? Entering new password
  • Mention the new password again

Following the procedure above you will be easily able to bring the required changes in your user password.

Always remember that while filling the answers to the above questions you will not find them being showcased on the screen and front and that is totally normal.

Finally, when you try logging in to your system you will find that your new password has been generated and you can login using the freshly brewed user password.

How to facilitate change in password of another user?

It is not a factor to be surprised with as it has been already acquainted with you that access is granted to only the user who is rooted to the account or a user who has a sudo connection to the account will be provided the required privilege for making changes in the refreshed password for the account. The process that will be mentioned below is being mentioned keeping in mind that you are someone with the privilege of being connected to the account being handled as a sudo user.

When you are designing a change in a password for a different account you will have to type in the password command and entailing it should be the username of the account needing password changes. If we consider a password change in the account named lineux then the command followed will be,

$ sudo password lineux

Next step will be you coaxed into filling in a new password and confirming it:


Enter new UNIX password:

Retype new UNIX password:

Once you are at the end of the procedure you will be faced with a command exactly like below,


$ Password: password updated successfully

How can a user be pressured to change password at next login?

It has been set by default in many applications that the password set by a user for login details does not ever expire. Now a user can be pressurized to change the password when logging in for another time by undergoing a few commands while on the portal for Linux. The command that is provided for expiration of the old password is entailed by the name of the user:

$ sudo password --expire linuxize

Once you squeeze in the command mentioned above you will find the already existing password turning out to be immediately expired.

This procedure of immediate expiration of user’s earlier or old password will put pressure on the user to finally have the user password changed because of a message that will pop up when they log in again:

$ ssh linuxize@

WARNING: Your password has expired.

You must change your password now and login again!

Changing password for linuxize.

(Current) UNIX password:

Enter new UNIX password:

Retype new UNIX password:

password: password updated successfully

Connection to closed.

You will see the connection being closed once the newly made and refreshed password is set by the user.


The write-up that was provided above was to help people with being able to bring out the required changes in their user password in a specific application named Linux.

The guidance that you got in the above right upper was how can you bring out the specific changes in the password and how can someone set an expiry limit to their password.

How to Rename Files and Directories in Linux

Renaming documents is one of the most common tasks you regularly want to carry out on a Linux system. You can rename documents by use of a GUI document manager or through the command-line terminal.

Renaming a single document is not hard however renaming more than one document at once may be a challenge, especially for customers who’re new to Linux.

In this tutorial, we will display you the way to use the mv and rename instructions to rename documents and directories.

Renaming Files with the mv Command

The mv command (short of circulate) is used to rename or circulate documents from one region to another.

Syntax used for the mv command is as follows:

mv [OPTIONS] source destination


The source may be one or more documents, or directories and destination may be a single document or directory.

If you specify more than one document as source, the destination should be a directory. In such cases, the source documents are transferred to the targeted directory.

If you specify a single document as source, and the destination target is a current directory, then the document is moved to the required directory.

To rename a document, you want to specify a single document as a source and a single document as a destination target.

For instance, to rename the document file1.txt as file2.txt you’ll run:

mv file1.txt file2.txt

Renaming more than one documents with the mv Command

The mv command can rename only one command at a time effectively  , however it may be used together with different commands which include find or inside bash for or while loops to rename more than one document.

The following instance indicates the way to use the Bash for loop to rename all .html documents in the present directory by converting the .html extension to .php.

for f in *.html; do

    mv -- "$f" "$f%.html">.php"



Let’s examine the code line by line:

The first line creates a for loop and iterates through a listing of all documents edging with .html.

The 2d line applies to every object of the listing and moves the document to a new one replacing .html with .php.

The element ${document%.html} is by use of the shell parameter expansion to get rid of the .html element from the filename.

done suggests the end of the loop segment.

Here is an example by use of mv in combination with find to gain similar above:

find . -depth -name "*.html" -exec sh -c 'f=""; mv -- "$f" "$.php"' ;

" xss="removed">Copy

The find command is passing all documents ending with .html in the present directory to mv one at a time using the -exec option. The string is the name of the document presently being processed.

As you could see from the examples above, renaming more than one document using the mv command isn’t an easy project because it requires a great amount of Bash scripting.

Renaming Files with the rename Command

The rename command is used to rename more than one document. This command is extra advanced than mv because it requires a few fundamental understanding of regular expressions. There are  variations of the rename command with unique syntax.

Here in this tutorial, we are going to use  the Perl version of the rename command. If you don’t have this version set up on your system, you could effortlessly install it by using the package manager of your distribution.

Install rename on Ubuntu and Debian

sudo apt install rename

Install rename on CentOS and Fedora

sudo yum install prename

Install rename on Arch Linux

yay perl-rename ## or yaourt -S perl-rename

The syntax for the rename command is as follows:

rename [OPTIONS] perlexpr documents


The rename command will rename the documents in step with the required perlexpr regular expression. You can study more about perl regular expressions here .

The following instance will change all documents with the extension .html to .php:

rename 's/.html/.php/' *.html

You can use the -n choice to print names of documents to be renamed, without renaming them.

rename -n 's/.html/.php/' *.html

The output will look something like this:

rename(file-90.html, file-90.php)

rename(file-91.html, file-91.php)

rename(file-92.html, file-92.php)

rename(file-93.html, file-93.php)

rename(file-94.html, file-94.php)

By default, the rename command doesn’t overwrite present documents. Pass the -f choice to permit present documents to be overwritten:

rename -f 's/.html/.php/' *.html

Below are some more common examples of how to use the rename command:

Replace areas in filenames with underscores

rename 'y/ /_/' *

Convert filenames to lowercase

rename 'y/A-Z/a-z/' *

Convert filenames to uppercase

rename 'y/a-z/A-Z/' *


Here we have shown you the way to use the mv and rename instructions to rename documents.

There also are different instructions to rename documents in Linux, which include mmv. New Linux customers who’re intimidated by the command line can use GUI batch rename equipment which include the Métamorphose .

If you’ve got any questions or feedback, Just feel free to leave a comment.

How to Rename Directories in Linux

Renaming directories is one of the most primary operations you frequently want to perform on a Linux system. You can rename directories from the GUI document manager with more than one click or the use of the command-line terminal.

This article explains a way to rename directories by the use of the command-line.

Renaming Directories

In Linux and Unix-like running systems, you may use the mv (short of move) command to rename or circulate documents and directories from one place to any other.

The syntax of the mv command for shifting directories is as follows:

mv [OPTIONS] source destination

For instance, to rename the listing dir1as dir2 you will run:

mv dir1 dir2

When renaming directories, you need to specify precisely arguments to the mv command. The first argument is the present name of the directory, and the second argument is the new name.

It is essential to notice that if dir2 already exists, dir1 is moved to the dir2 directory.

To rename a listing that isn’t in the present  running directory, you want to specify both absolutely the or relative path:

mv /home/user/dir1 /home/user/dir2

Renaming Multiple Directories

It is easy  to rename a single directory challenge, however renaming more than one directories straight away may be a challenge, specifically for new Linux users.

Renaming more than one directories straight away is not often needed.

Renaming Multiple Directories with mv

The mv command can rename the handiest one report at a time. However, it may be used along with different instructions such as find or interior loops to rename more than one document straight away.

Here is an example displaying a way to use the Bash for loop to append the present date to the names of all directories in the present operating directory:

for d in *; do

  if [ -d "$d" ]; then

    mv -- "$d" "$d">_$(date +%Y%m%d)"



Let’s examine the code line through line:

  • The first line creates a loop and iterates by a listing of all documents.
  • The 2nd line examines if the document is a directory.
  • The 3rd line appends the present date to every directory.

Here is an answer to the same challenge the usage of mv in aggregate with find:

find . -mindepth 1 -prune -type d -exec sh -c 'd=""; mv -- "$d" "$_$(date +%Y%m%d)"' ;

The find command is passing all directories to mv one after the other the use of the -exec alternative. The string  is the name of the listing presently being processed.

As you may see from the examples, renaming more than one directories with mv isn’t an easy challenge because it requires a very good understanding of Bash scripting.

Renaming more than one directories with rename

The rename command is used to rename more than one document and directories. This command is superior to mv because it calls for a fundamental understanding of regular expressions.

There are  variations of the rename command with unique syntax. We use the Perl version of the rename command. The documents are renamed in step with the given perl ordinary expression .

The following instance suggests a way to update areas in the names of all directories in the present  operating listing with underscores:

find . -mindepth 1 -prune -type d | rename 'y/ /_/'

To be on the safe side, pass the -n alternative to rename to print names of the directories to be renamed without renaming them.

Here is any other instance displaying a way to convert listing names to lowercase:

find . -mindepth 1 -prune -type d | rename 'y/A-Z/a-z/'


We’ve proven you a way to use the mv instructions to rename directories.

If you’ve got  any questions or feedback, just  leave a comment.

How to Move Files and Directories in Linux with mv Command

Mv is one of the Linux commands that must be learned. Mv stands for transferring files or directories from one place to another and is primarily used for moving them.

The syntax is similar to the cp command in Linux, but there is a fundamental distinction between these two commands.

The cp command can be called a copy-paste method. The mv instruction, while the cut-paste process can be equivalent.

This means the file or directory is transferred to a different location using the mv command on a file or directory. The source file/directory is no longer there.

mv Command How can you use it?

The mv(transfer) command will move files and directories from place to place. It is also ideal for renaming files and folders.

mv [OPTIONS] source destination
  • The source may be a single file or directory in the above command. The destination is always a single file or directory.
  • When we have several files or folders, it is always a directory destination. Both source files and folders, in this case, are transferred to the directory of the destination. When we have a single source file and a destination directory, the file is transferred to the target folder.
  • One crucial point is that when we transfer files and folders, we will obtain permission refused if we don’t have written permissions both for the source and destination.

mv mv image.png PNG

The current working directory transfers the image.png file to the PNG folder in the current work directory.

The original filename is renamed as the destination file if the destination directory isn’t present.

The image.png file is called PNG if it is not present in the existing working directory.

Transfer several folders and files

Specify the files you want to transfer as the source to move several files and folders. For instance, you would type to transfer file1 and file2 to the directory dir1:

mv File1 File2 dir1

You can also use pattern matching with the mv button. For, e.g., you would like to transfer all pdf files to the ~/Documents directory from the existing directory:

mv *.pdf ~/Documents

Drag a folder inside a separate folder with the mv command
We may use the following command to transfer a directory within another directory:

mv mv abcd abcd_New

It passes the abcd directory to another abcd New directory in our existing working directory.
The source directory is reset to the destination directory if the destination directory is not present.

How to transfer several files to another directory:
All source files and the path to the target directory are defined to transfer several files within a different directory.

mv <source(source)file path 3>

Our current working directory transfers the files 1.jpg, 2.jpg, and 2.png into a separate image directory in the current working directory.

Within a directory, we can transfer multiple files using regular expressions that match the filenames to be transferred.

Mv *jpg JPG

All files with mv backup:
We use the -b option to back up current files. It is intended to create a backup of the overwritten ~ character file with the attached backup file name.

mv -b a.jpg 1.jpg


File rename

The mv command is essential for file renaming. The source file shall be renamed to the target file if you are using an mv command and specify a file name in your destination.
mv source_file target directory/target file

Suppose the target file does not exist in the target directory. In that case, the target file will be generated in the above case.

However, it overwrites without asking if the target file already exists. This means that with the source file’s content, the content of the current target file will be modified.

OverRight file when moving:

The existing file contents would be automatically overridden if a file is transferred and there is already a file with the same name.

In all cases, this might not be optimal. The overwriting scenario is available in a variety of ways.
You may use the -n option to avoid overwriting existing files. So mv will not overwrite the current file.

mv -n source_file target_directory

Forced movement of the file:

If you are shielded from writing the target file, you will be required to check until the target file is overwritten.

mv file1.txt target
Mv: substitute 'target/file1.txt' for 0444 overriding (r—r—r—) mode?

You may use the force option -f to bypass this prompt and overwrite the file immediately.

mv -f File1.txt target

Fdisk Command in Linux (Create Disk Partitions)

Whenever you install a new SSD or hard disk, the first thing you have to do is to partition it. A drive requires to have at least one partition before you can format it and store files on it.

In Linux, there are many tools that you can use to generate partitions, with fdisk being the most usually used one.

In this article, let us see about the fdisk command.

fdisk is a menu-driven command-line utility that enables you to design and manipulate partition tables on a hard disk.

Be aware that fdisk is a severe tool and should be used with absolute caution. Only root or users with sudo privileges can manage the partition tables.

List Partitions

To list the partition table of a project, invoke the fdisk command with the -l option, followed by the device name. For example, to list the /dev/sda partition table and partitions, you would run:

$ fdisk -l /dev/sda

When no device is given as an argument, fdisk will print partition tables of all devices listed in the /proc/partitions file:

$ fdisk -l

Disk /dev/nvme0n1: 232.91 GiB, 250059350016 bytes, 488397168 sectors

Disk model: Samsung SSD 960 EVO 250GB

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disklabel type: gpt

Disk identifier: 6907D1B3-B3AB-7E43-AD20-0707A656A1B5

Device            Start       End   Sectors   Size Type

/dev/nvme0n1p1     2048   1050623   1048576   512M EFI System

/dev/nvme0n1p2  1050624  34605055  33554432    16G Linux swap

/dev/nvme0n1p3 34605056 488397134 453792079 216.4G Linux filesystem

Disk /dev/sda: 465.78 GiB, 500107862016 bytes, 976773168 sectors

Disk model: WDC WD5000AAKS-0

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disklabel type: dos

Disk identifier: 0x0001cca3

Device     Boot Start       End   Sectors   Size Id Type

/dev/sda1        2048 976771071 976769024 465.8G 83 Linux

The output over shows the current partition tables of all devices that are connected to your system. Generally, SATA device signs follow the pattern /dev/sd[a-z], while NVMe device signs have the following pattern /dev/nvme[1-9]n[1-9].

Creating Partition Table

To start partitioning the drive, run fdisk with the device name. In this example, we will work on /dev/sdb:

fdisk /dev/sdb

The command prompt will vary, and the fdisk dialogue where you can type in commands will open:

Welcome to fdisk (util-linux 2.34).

Corrections will remain in memory only until you decide to write them.

Be careful before using the write command.

Command (m for help):
Corrections you make to the partition table won't affect you until you write them with the w command. You can exit the fdisk dialogue without saving the changes using the q command.

To get a list of all available commands, enter m

(command m for help) m

Fdisk Command in Linux

If you are partitioning a new drive, you need to create a partition table before starting to create partitions. Skip this step if the device already has a partition table and you want to keep it.

fdisk supports several partitioning schemes. MBR and GPT are the two most popular partition scheme standards that store the partitioning information on a drive differently. GPT is a newer standard allowing and has many advantages over MBR. The main points to consider when choosing what partitioning standard to use:

  • Use MBR to boot the disk in legacy BIOS mode.
  • Use GPT to boot the disk in UEFI mode.
  • The MBR standard supports creating a disk partition up to 2 TiB. If you have a disk of 2 TiB or larger, use GPT.
  • MBR has a limit of 4 primary partitions. If you need more sections, one of the preceding sections can be set as an extended partition and hold additional logical partitions. With GPT, you can have up to 128 sections. GPT doesn’t support extended or logical partitions.

In this example, we will use a GPT partition table.

Enter g to create a new empty GPT partition table:

command (m for help) g


Created a new GPT disklabel (GUID: 4649EE36-3013-214E-961C-51A9187A7503).

The next step is to create the new partitions.

We will create two partitions. The first one with a size of 100 GiB, and the second one will take the rest of the disk space.

Run the n command to create a new partition:

command (m for help) n

You’ll be prompted to enter the partition number. Hit “Enter” to use the default value (1):

Partition number (1-128, default 1):

Next, the command will ask you to specify the first sector. Generally, it is always recommended to use the default values for the first value. Hit “Enter” to use the default value (2048):

First sector (2048-500118158, default 2048):

On the next prompt, you’ll need to enter the last sector. You can use an absolute value for the previous sector or relative importance to the start sector, using the + symbol following the partition size. The size can be specified in kibibytes (K), mebibytes (M), gibibytes (G), tebibytes (T), or pebibytes (P).

Enter +100G to set the partition size to 100 GiB:

Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-500118158, default 500118158): +100G

Created a new partition 1 of type' Linux filesystem' and size 100 GiB.

By default, the new partition type is set to “Linux filesystem,” which should be sufficient for most cases if you want to change the type, press l to get a list of partition types and then press t to change the style.

Let’s create the second partition that will take the rest of the disk space:

command (m for help) n
Partition number (2-128, default 2):

First sector (209717248-625142414, default 209717248):

Last sector, +/-sectors or +/-size{K,M,G,T,P} (209717248-625142414, default 625142414):

Once done creating partitions, use the p command to display the new partition table:

command (m for help) p

Disk /dev/sdb: 298.9 GiB, 320072933376 bytes, 625142448 sectors

Disk model: nal USB 3.0

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 4096 bytes

I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Disklabel type: gpt

Disk identifier: F8365250-AF58-F74E-B592-D56E3A5DEED1

Device Start End Sectors Size Type

/dev/sdb1 2048 209717247 209715200 100G Linux filesystem

/dev/sdb2 209717248 625142414 415425167 198.1G Linux filesystem
If you want to delete a partition, use the d command.

Save the changes by running the w command:

command (m for help) p

The command will write the table to disk and exit the fdisk menu.


The partition table has been altered.

Calling ioctl() to re-read partition table.

Syncing disks.

The kernel will read the device partition table without the need to reboot the system.

Activating the Partitions

Now that the partitions have been created, the next step is to format the partitions and mount them to the system’s directory tree.

We’ll format both partitions to ext4:

sudo mkfs.ext4 -F /dev/sdb1sudo mkfs.ext4 -F /dev/sdb2

mke2fs 1.45.5 (07-Jan-2020)

Creating filesystem with 51928145 4k blocks and 12984320 inodes

Filesystem UUID: 63a3457e-c3a1-43f4-a0e6-01a7dbe7dfed

Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,

4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done

Writing inode tables: done

Creating journal (262144 blocks): done

Writing superblocks and filesystem accounting information: done

We will mount the partitions to /mnt/audio and /mnt/video directories in this example.

Create the mount points with mkdir :

sudo mkdir -p /mnt/audio /mnt/video

Mount the new partition:

sudo mount /dev/sdb1 /mnt/audio
sudo mount /dev/sdb2 /mnt/video

Partitions will stay mounted until you unmount it or shut down the machine. To automatically mount a partition when your Linux system starts up, define the mount in the /etc/fstab file.

That’s it! You can now use the new partitions to store your files.
fdisk is a command-line tool for creating partition schemes. For more information about the fdisk command, type man fdisk in your terminal.

Chown Command in Linux (File Ownership)

If you want to change the user and/or group ownership of a given file, directory, or symbolic link, the chown command is used. So in this article, we will show you how to use the chown command through practical examples.

Let us see How to Use chown.

Before moving into how to use the chown command, let’s begin by examining the basic syntax.

The chown command expressions take the subsequent form:


USER is nothing but the user name or the user ID (UID) of the new owner. The name of the group ID (GID) or the new group is GROUP. The name of one or more directories, files, or links is FILE(s). Remember, always numeric IDs should be prefixed with the + symbol.

  • USER – If only the user is defined, the defined user will grow the given file owner, the group ownership is not changed.
  • USER: – When the username is succeeded by a colon: and the group name is not given, the user will become the owner of the files, and the files group ownership is transferred to the user’s login group.
  • USER: GROUP – If both the group and the user are defined (with no space between them), the user ownership of the files is transferred to the given user, and the group ownership is transferred to the given group.
  • GROUP – If the User is canceled and the group is prefixed with a colon, only the files’ group ownership is transferred to the given group.
  • : If only a colon: is given, without defining the user and the group, no change is made in it.

By default, on success, chown doesn’t give any output and returns zero.

To find out who holds a file or what group the file refers to, use the ls -l command:

$ ls -l filename.txt

-rw-r--r-- 12 linuxize users 12.0K Apr 8 20:51 filename.txt

Regular users can replace the filegroup only if they own the file and only to a group they are a member of. Administrative users can replace the group ownership of all files.

How to Replace the Owner of a File

If you want to replace the owner of a file, then use the chown command succeeded by the user name of the new owner and the target file as an argument:


For example, the subsequent command will transfer the ownership of a file named file1 to a new owner named linuxize:

$ chown linuxize file1

To transfer the ownership of multiple files or directories, define them as a space-separated list. The command below turns the ownership of a file named file1 and directory dir1 to a new owner named linuxize:

$ chown linuxize file1 dir1

For example, the subsequent command will transfer the ownership of a file named file1 to a new owner named linuxize:

$ chown linuxize file1

To transfer the ownership of multiple files or directories, specify them as a space-separated list. The command following transfers the ownership of a directory with name dir1 and a file with name file1 to a new owner named linuxize:

$ chown linuxize file1 dir1

The alternatively used for the username is the numeric user ID (UID). The following example will transfer the ownership of a file named file2 to a new owner with a UID of 1000:

$ chown 1000 file2

If a numeric owner survives as a user name, then the ownership will be transferred to the user name. To bypass this, prefix the ID with +:

$ chown 1000 file2

How to Replace the Owner and Group of a File

If you want to replace both the owner and the group of a file, use the chown command supported by the new owner and group separated by a colon (:) with no intermediary spaces and the target file.


The subsequent command will transfer the ownership of a file named file1 to a new owner named linuxize and group users:

$ chown linuxize: users file1

If you cancel the group name after the colon (:) the group of the file is replaced to the specified user’s login group:chown linuxize: file1

How to Replace the Group of a File

To replace only the group of a file, use the chown command followed by a colon (:) and the new group name (with no space between them) and the target file as an argument:

$ chown: GROUP FILE

The subsequent command will replace the owning group of a file named file1 to www-data:

$ chown :www-data file1

Another command that you can use to replace the group ownership of files is chgrp.

How to Replace Symbolic Links Ownership

When the recursive alternative is not used, the chown command replaces the group ownership of the files to which the symlinks point, not the symbolic links themselves.

For example, if you try to replace the owner and the group of the symbolic link symlink1 that points to /var/www/file1, chown will change the ownership of the file or directory the symlink points to:

$ chown www-data: symlink1

The possibilities are that instead of changing the target ownership, you will get an error “cannot dereference ‘symlink1’: Permission denied”.

The error happens because, by default on most Linux distributions, symlinks are protected, and you cannot work on target files. This option is defined in /proc/sys/fs/protected_symlinks. One means enabled, and zero means disabled. We suggest not to disable the symlink protection.

To replace the group ownership of the symlink itself, use the -h option:

$ chown -h www-data symlink1

How to Recursively Replace the File Ownership

To recursively run on all files and directories under the given directory, use the -R (–recursive) alternative:


The following example will transfer the ownership of all files and subdirectories under the /var/www directory to a new owner and group named www-data:

$ chown -R www-data: /var/www

If the directory contains symbolic links, pass the -h option:

$ chown -hR www-data: /var/www

Other alternatives that can be used when recursively replacing the directory ownership are -H and -L.

If the argument passed to the chown command is a symbolic link pointing to a directory, the -H option will create the command to cross it. -L tells chown to cross each symbolic link to a guide that is found. Usually, it would be best to use these choices because you might mess up your system or perform a security risk.

Using a Reference File

The -- reference = ref_file option enables you to change the user and group ownership of given files to be the same as those of the detailed reference file (ref_file). Chown will use the target file user and group; if the reference file is a symbolic link.

$ chown --reference=REF_FILE FILE

For instance, the subsequent command will allow the user and group ownership of the file1 to file2

$ chown --reference=file1 file2


The chown is a Linux/UNIX command-line service for developing the file’s user and/or group ownership.

To discover more about the chown command, visit the chown man page or type man chown in your terminal. If you have any questions or feedback, please leave a comment below or contact us directly.

How To Install and Configure Debian 10 Buster with GNOME

How To Install and Configure Debian 10 Buster with GNOME

Do you need an ultimate Guide to Install and Configure Debian 10 Buster with GNOME? This tutorial is the best option for you. Here, we have provided step-by-step instructions about how to install Debian 10 Buster with a GNOME desktop. Just have a look at the features of the Debian 10 before entering to discuss how to install and configure it using GNOME.

What is Debian?

Debian is an operating system for a wide range of devices including laptops, desktops, and servers. The developers of Debian will provide the security updates for all packages for almost of their lifetime. The current stable distribution of Debian is version 10, codenamed buster. Check out the features of the current version of the buster from the below modules.

Features of Debian 10 Buster

Initially, it was released on the 6th of July 2019, and it has come with a lot of very great features for system administrators. Have a look at them:

  • JDK update from the OpenJDK 8.0 to the new OpenJDK 11.0 version.
  • Debian 10 is now using version 3.30 of GNOME, featuring an increased desktop performance, screen sharing, and improved ways to remotely connect to Windows hosts.
  • Secure boot is now enabled by default, which means that you don’t have to disable it when trying to install Debian 10 on your machine.
  • Upgrade to Bash 5.0 essentially providing more variables for sysadmins to play with (EPOCHSECONDS or EPOCHREALTIME for example).
  • A lot of software updates: Apache 2.4.38, systemd 241, Vim 8.1, Python 3 3.7.2, and many more.
  • IPtables is being replaced by NFtables, providing an easier syntax and a more efficient way to handle your firewall rules.

After referring to these above points, you know what’s available in the brand new Debian 10 buster distribution, now it’s time for installation and configuration of Debian 10.

Do Check: How To Install InfluxDB on Windows

Suggested System Requirements for Debian 10

  • 2 GB RAM
  • 2 GHz Dual Core Processor
  • 10 GB Free Hard disk space
  • Bootable Installation Media (USB/ DVD)
  • Internet connectivity (Optional)

Now, dive into the installation & configuration steps of Debian 10 Buster

How to Install and Configure Debian 10 with GNOME?

The following are the detailed steps to install and configure the current version of Debian 10 using GNOME:

Steps to Create a Bootable USB stick on Linux

In order to install Debian 10 buster, you need to “flash” an ISO image to a USB stick, making it “bootable“.

The Debian 10 buster image is about 2 GB in size (if you choose to have a desktop environment with it), so I would recommend that you choose a USB drive that is at least 3GB large or more.

If you don’t have a USB drive that large, you can opt for minimal versions of Debian 10 Buster.

I – Create a Bootable USB stick on Linux

In my home setup, I have a Xubuntu 18.04 instance, so this is what I will use to create my bootable image.

Steps are pretty much the same for other distributions. For Windows, you would need to use Rufus to create a bootable image.

a – Plug your USB stick in the USB port

Within a couple of seconds, the operating system should automatically mount your USB drive in your filesystem (it should be mounted at the /media mount point by default).

How To Install and Configure Debian 10 Buster with GNOME volume-mounted

b – Identify where your USB drive is mounted

To get the mount point of your USB drive, you can use the lsblk command.

How To Install and Configure Debian 10 Buster with GNOME lsblk-1

As you can see, my USB drive is named “sdb”, it has one partition (part) named “sdb1” and it is mounted on “/media/antoine/7830-961F”.

Alternatively, you could use the df command to have some information about the remaining space on your USB drive.

How To Install and Configure Debian 10 Buster with GNOME df-ht

c – Download Debian 10 Buster ISO file

Your USB is ready, now you can download the ISO file to flash your drive.

The distribution images are located here. For this tutorial, I am using the Debian 10 Buster GNOME edition for amd64 processors.

If you are more familiar with another environment like Cinnamon or KDE, they are all available in the downloads page.

Run a simple wget command on any folder that you want (my home folder in this case)

$ wget

If you need a more minimal distribution, you can go for the netinst version, but desktop environments might not be included.

$ wget<

How To Install and Configure Debian 10 Buster with GNOME wget

d – Copy the image to your USB drive

To copy the image, we are going to use the dd command.

$ sudo dd if=/home/antoine/debian-live-10.0.0-amd64-gnome.iso of=/dev/sdb && sync

e – Boot on the USB drive

Now that your USB drive contains the ISO file, it is time for you to boot from it.

On most configurations, you should be able to boot on the USB by pressing ESC, F1, F2, or F8 when starting your computer.

Follow the Debian 10 Graphical Installation Steps

This is the screen that you should see once you successfully booted on the Debian 10 installer.

Select the “Graphical Debian Installer” option.

How To Install and Configure Debian 10 Buster with GNOME step-1First, you are asked to select a language.

I’ll go for English for this one.

How To Install and Configure Debian 10 Buster with GNOME step-2

On the next screen, you are asked to select a location.

I’ll pick the United States as an example.

How To Install and Configure Debian 10 Buster with GNOME step-3

Then, choose your keyboard layout. (don’t worry, you can change it later on if you want).

I’ll go for American English for this example.

How To Install and Configure Debian 10 Buster with GNOME step-3

From there, a couple of automatic checks are done within your installation.

Debian 10 will try to load additional components from the bootable device and it will perform some automatic network checks.

How To Install and Configure Debian 10 Buster with GNOME step-5

After the checks, you are asked to set a hostname for your computer.

As indicated, this is the name that will be used to identify your computer on a network.

I’ll go for “Debian-10” in this case.
How To Install and Configure Debian 10 Buster with GNOME step-7
You are asked to configure the domain name for your host. You can leave this option blank.
How To Install and Configure Debian 10 Buster with GNOME step-8

Be careful on the next step, there is a little bit of a gotcha when it comes to root passwords.

You want to leave this option blank.

As a consequence, Debian will use the password of the user you will create in the next step to perform sudo operations.

Moreover, the root account will be disabled which is interesting for security purposes.

Nonetheless, if you want to specify a specific password for root, you can do it here, but I wouldn’t recommend it.

How To Install and Configure Debian 10 Buster with GNOME step-9
Click continue, and now it is time for you to specify the real name for the user.

I’ll go for JunosNotes but feel free to mention your real name and first name.

How To Install and Configure Debian 10 Buster with GNOME step-10

Then, you have to choose a username for your host.

JunoNotes will do the trick for me.

How To Install and Configure Debian 10 Buster with GNOME step-11

Then, choose a very secure password for your host.

How To Install and Configure Debian 10 Buster with GNOME step-12

Choose a time zone for your host.

Be careful on this point as time zones are very important when it comes to logging for example.

How To Install and Configure Debian 10 Buster with GNOME step-13

From there, Debian 10 Buster will start detecting disks on your host.

How To Install and Configure Debian 10 Buster with GNOME step-14

After it is done, you will be asked for a way to partition your disks.

Go for the Guided (use entire disk) version unless you have special requirements that need to set up LVM.

How To Install and Configure Debian 10 Buster with GNOME step-15

Select the disk you want to partition.

In my case, I have only one disk on the system, so I’ll pick it.

How To Install and Configure Debian 10 Buster with GNOME step-16

For the partitioning scheme, go for “All files in one partition“, which should suit your needs.

How To Install and Configure Debian 10 Buster with GNOME step-17

For the automatic partitioning, Debian 10 creates two partitions, a primary and a swap one (when you run out of memory!)

How To Install and Configure Debian 10 Buster with GNOME step-19

If you are happy with the partitioning, simply press the “Finish partitioning and write changes to disk” option.

On the next screen, you are asked for confirmation about the previous partitioning.

Simply check “Yes” on the two options prompted.

How To Install and Configure Debian 10 Buster with GNOME step-20

From there, the installation should begin on your system.

How To Install and Configure Debian 10 Buster with GNOME step-21 How To Install and Configure Debian 10 Buster with GNOME step-22

On the next step, you have prompted the choice to use a network mirror to supplement the software included in the USB drive.

You want to press “Yes

How To Install and Configure Debian 10 Buster with GNOME step-23

By pressing “Yes”, you are asked to choose a location that is close to your network. I’ll use the United States in this case.

How To Install and Configure Debian 10 Buster with GNOME step-24

Then, choose a Debian archive mirror for your distribution.

I’ll stick with the one.

How To Install and Configure Debian 10 Buster with GNOME step-25

If you are using a proxy, this is where you want to configure it. I am not using one, so I’ll leave it blank.

How To Install and Configure Debian 10 Buster with GNOME step-26

Debian 10 Buster will start configuring apt and will try to install the GRUB boot loader on your instance.

How To Install and Configure Debian 10 Buster with GNOME step-27 How To Install and Configure Debian 10 Buster with GNOME step-28

On the next step, you are asked if you want to GRUB boot loader to the master boot record, you obviously want to press “Yes” to that.

How To Install and Configure Debian 10 Buster with GNOME step-29

On the next screen, select the hard drive where you want the GRUB boot loader to be installed and press Continue.

How To Install and Configure Debian 10 Buster with GNOME step-30


The installation should be completed at this point.

How To Install and Configure Debian 10 Buster with GNOME step-32

On the lock screen, type the password that you set up in the installation phase, and this is the screen that you should see.

How To Install and Configure Debian 10 Buster with GNOME backgorund

Awesome! You now have Debian 10 on your instance.

But this tutorial is not over. Before continuing, there are a few minimal configurations that you want to do on your Debian 10 buster instance for it to be all correctly configured.

Steps to Configure your Debian 10 Buster

Before playing with your new Debian 10 buster machine, there are a few steps that you need to complete.

a – Enable unofficial Debian software download

By default, downloading Debian software (like the tools that you would find in the Software store) are disabled by default.

To enable them, head to “Activities”, and type “Software Updates”.

How To Install and Configure Debian 10 Buster with GNOME step-34-bisIn the next window, the first and the last checkbox should be already checked.

Check the “DFSG-compatible Software with Non-Free Dependencies (contrib)” option and the “Non-DFSG-compatible Software (non-free)” option.

How To Install and Configure Debian 10 Buster with GNOME step-35

Click on “Close“. From there, you will be asked to confirm your choice by reloading the information about available software.

Simply click on “Reload“.

How To Install and Configure Debian 10 Buster with GNOME step-36

Head to the Store by typing “Store” into the Activities search box.

If you are seeing third-party applications, it means that the previous step worked correctly.

How To Install and Configure Debian 10 Buster with GNOME step-38

b – Install wget to download files from Internet

wget is not installed by default on your instance.

$ sudo apt install wget

How To Install and Configure Debian 10 Buster with GNOME step-39

c – Install your NVIDIA drivers

The NVIDIA driver installation process is pretty straightforward.

Simply run the “nvidia-detect” command in your terminal and this utility will tell you which driver you have to install depending on your graphics card.

First, install nvidia-detect

$ sudo apt install nvidia-detect

How To Install and Configure Debian 10 Buster with GNOME step-42

From there, run the nvidia-detect utility in your command line.

$ nvidia-detect
Detected NVIDIA GPUs:
02:00.0 VGA compatible controller [0300]: NVIDIA Corporation GF108 [GeForce GT 430] [10de:0de1] (rev a1)
Your card is supported by the default drivers.
It is recommended to install the

As you can see, the nvidia-detect utility states that I need to install the nvidia-driver package for my instance, so this is what I am going to do.

$ sudo apt install nvidia-driver

d – Install Dash To Dock

As a Debian user, I hate going to the top left Applications menu just to find my web browser or to browse my filesystem.

As a consequence, similarly to MacOS graphical interfaces, I would like a static application dock to be visible on my desktop, all the time.

How To Install and Configure Debian 10 Buster with GNOME step-43

To install it, head to the “Store” by typing “Store” in the Applications search box. This is the window that you should see.

How To Install and Configure Debian 10 Buster with GNOME step-44

Click on “Add-ons”, and then select the “Shell Extensions tab“. You should see a list of shell extensions available for your Debian distribution.

In the top search bar, type “Dash To Dock“. Click on “Install” when you found the “Dash To Dock” store item.

How To Install and Configure Debian 10 Buster with GNOME step-40-dash-dock

Simply click “Install” on the next window that is prompted on the screen.

How To Install and Configure Debian 10 Buster with GNOME step-41-dash-dock

That’s it!

You now have a dash to dock on your desktop.

How To Install and Configure Debian 10 Buster with GNOME featured-1

Going Further

Your adventure with Debian 10 has only begun, but I would recommend that you start configuring your host if you plan on using it as a server.

Here’s a very good video of Linux Tex that explains all the things that you should do after installing your Debian 10 installation.

Some of the steps are already covered in this tutorial, but for the others, feel free to watch his video as it explains the procedures quite in detail.


How To Install Logstash on Ubuntu 18.04 and Debian 9

How To Install Logstash on Ubuntu 18.04 and Debian 9 | Tutorial on Logstash Configuration

Are you searching various websites to learn How To Install Logstash on Ubuntu 18.04 and Debian 9? Then, this tutorial is the best option for you all as it covers the detailed steps to install and configure the Logstash on Ubuntu 18.4 and Debian 9. If you are browsing this tutorial, it is apparently because you preferred to bring Logstash into your infrastructure. Logstash is a powerful tool, but you have to install and configure it properly so make use of this tutorial efficiently.

What is Logstash?

Logstash is a lightweight, open-source, server-side data processing pipeline that lets you get data from different sources, transform it on the fly, and send it to your aspired destination. It is used as a data processing pipeline for Elasticsearch, an open-source analytics and search engine that points at analyzing log ingestion, parsing, filtering, and redirecting.

Why do we use Logstash?

We use Logstash because Logstash provides a set of plugins that can easily be bound to various targets in order to gather logs from them. Moreover, Logstash provides a very expressive template language, that makes it very easy for developers to manipulate, truncate or transform data streams.

Logstash is part of the ELK stack: Elasticsearch – Logstash – Kibana but tools can be used independently.

With the recent release of the ELK stack v7.x, installation guides need to be updated for recent distributions like Ubuntu 18.04 and Debian 9.

Do Check: 


  • Java version 8 or 11 (required for Logstash installation)
  • A Linux system running Ubuntu 20.04 or 18.04
  • Access to a terminal window/command line (Search > Terminal)
  • A user account with sudo or root privileges

Steps to Install install Logstash on Ubuntu and Debian

The following are the steps to install Logstash on Ubuntu and Debian: 

1 – Install the latest version of Java

Logstash, as every single tool of the ELK stack, needs Java to run properly.

In order to check whether you have Java or not, run the following command:

$ java -version
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+7-Ubuntu-1ubuntu218.04.1)
OpenJDK 64-Bit Server VM (build 11.0.3+7-Ubuntu-1ubuntu218.04.1, mixed mode, sharing)

If you don’t have Java on your computer, you should have the following output.


You can install it by running this command.

$ sudo apt-get install default-jre

Make sure that you now have Java installed via the first command that we run.

2 – Add the GPG key to install signed packages

In order to make sure that you are getting official versions of Logstash, you have to download the public signing key and you have to install it.

To do so, run the following commands.

$ wget -qO - | sudo apt-key add -

On Debian, install the apt-transport-https package.

$ sudo apt-get install apt-transport-https

To conclude, add the Elastic package repository to your own repository list.

$ echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

3 – Install Logstash with apt

Now that Elastic repositories are added to your repository list, it is time to install the latest version of Logstash on our system.

$ sudo apt-get update
$ sudo apt-get install logstash


This directive will :

  • create a logstash user
  • create a logstash group
  • create a dedicated service file for Logstash

From there, running Logstash installation should have created a service on your instance.

To check Logstash service health, run the following command.
On Ubuntu and Debian, equipped with system

$ sudo systemctl status logstash

Enable your new service on boot up and start it.

$ sudo systemctl enable logstash
$ sudo systemctl start logstash

Having your service running is just fine, but you can double-check it by verifying that Logstash is actually listening on its default port, which is 5044.

Run a simple netstat command, you should have the same output.

$ sudo lsof -i -P -n | grep logstash
java      28872        logstash   56u  IPv6 1160098302      0t0  TCP > (ESTABLISHED)
java      28872        logstash   61u  IPv4 1160098304      0t0  UDP
java      28872        logstash   79u  IPv6 1160098941      0t0  TCP (LISTEN)

As you can tell, Logstash is actively listening for connections on ports 10514 on UDP and 9600 on TCP. It is important to note if you were to forward your logs (from rsyslog to Logstash for example, either by UDP or by TCP).

On Debian and Ubuntu, here’s the content of the service file.


# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"


The environment file (located at /etc/default/logstash) contains many of the variables necessary for Logstash to run.

If you wanted to tweak your Logstash installation, for example, to change your configuration path, this is the file that you would change.

4 – Personalize Logstash with configuration files

In this step, you need to perform two more steps like as follows:

a – Understanding Logstash configuration files

Before personalizing your configuration files, there is a concept that you need to understand about configuration files.

Pipelines configuration files

In Logstash, you define what we called pipelines. A pipeline is composed of :

  • An input: where you take your data from, it can be Syslog, Apache, or NGINX for example;
  • A filter: a transformation that you would apply to your data; sometimes you may want to mutate your data, or to remove some fields from the final output.
  • An output: where you are going to send your data, most of the time Elasticsearch, but it can be modified to send a wide variety of different sources.

a – Understanding Logstash configuration files

Those pipelines are defined in configuration files.

In order to define those “pipeline configuration files“, you are going to create “pipeline files” in the /etc/logstash/conf.d directory.

Logstash general configuration file

But with Logstash, you also have standard configuration files, that configure Logstash itself.

This file is located at /etc/logstash/logstash.yml. The general configuration files define many variables, but most importantly you want to define your log path variable and data path variable.

b – Writing your own pipeline configuration file

For this part, we are going to keep it very simple.

We are going to build a very basic logging pipeline between rsyslog and stdout.

Every single log process via rsyslog will be printed to the shell running Logstash.

As Elastic documentation highlighted it, it can be quite useful to test pipeline configuration files and see immediately what they are giving as an output.

If you are looking for a complete rsyslog to Logstash to Elasticsearch tutorial, here’s a link for it.

To do so, head over to the /etc/logstash/conf.d directory and create a new file named “syslog.conf

$ cd /etc/logstash/conf.d/
$ sudo vi syslog.conf

Paste the following content inside.

input {
  udp {
    host => ""
    port => 10514
    codec => "json"
    type => "rsyslog"

filter { }

output {
  stdout { }

As you probably guessed, Logstash is going to listen to incoming Syslog messages on port 10514 and it is going to print it directly in the terminal.

To forward rsyslog messages to port 10514, head over to your /etc/rsyslog.conf file, and add this line at the top of the file.

*.*         @


Now in order to debug your configuration, you have to locate the logstash binary on your instance.

To do so, run a simple whereis command.

$ whereis -b logstash

Now that you have located your logstash binary, shut down your service and run logstash locally, with the configuration file that you are trying to verify.

$ sudo systemctl stop logstash
$ cd /usr/share/logstash/bin
$ ./logstash -f /etc/logstash/conf.d/syslog.conf

Within a couple of seconds, you should now see the following output on your terminal.


Note : if you have any syntax errors in your pipeline configuration files, you would also be notified.

As a quick example, I removed one bracket from my configuration file. Here’s the output that I got.


5 – Monitoring Logstash using the Monitoring API

There are multiple ways to monitor a Logstash instance:

  • Using the Monitoring API provided by Logstash itself
  • By configuring the X-Pack tool and sending retrieved data to an Elasticsearch cluster
  • By visualizing data into dedicated panels of Kibana (such as the pipeline viewer for example)

In this chapter, we are going to focus on the Monitoring API, as the other methods require the entire ELK stack installed on your computer to work properly.

a – Gathering general information about Logstash

First, we are going to run a very basic command to get general information about our Logstash instance.

Run the following command on your instance:

$ curl -XGET 'localhost:9600/?pretty'
  "host" : "devconnected-ubuntu",
  "version" : "7.2.0",
  "http_address" : "",
  "id" : "05cfb06f-a652-402c-8da1-f7275fb06312",
  "name" : "devconnected-ubuntu",
  "ephemeral_id" : "871ccf4a-5233-4265-807b-8a305d349745",
  "status" : "green",
  "snapshot" : false,
  "build_date" : "2019-06-20T17:29:17+00:00",
  "build_sha" : "a2b1dbb747289ac122b146f971193cfc9f7a2f97",
  "build_snapshot" : false

If you are not running Logstash on the conventional 9600 port, make sure to adjust the previous command.

From the command, you get the hostname, the current version running, as well as the current HTTP address currently used by Logstash.

You also get a status property (green, yellow, or red) that has already been explained in the tutorial about setting up an Elasticsearch cluster.

b – Retrieving Node Information

If you are managing an Elasticsearch cluster, there is a high chance that you may want to get detailed information about every single node in your cluster.

For this API, you have three choices:

  • pipelines: in order to get detailed information about pipeline statistics.
  • jvm: to see current JVM statistics for this specific node
  • os: to get information about the OS running your current node.

To retrieve node information on your cluster, issue the following command:

$ curl -XGET 'localhost:9600/_node/pipelines'
  "host": "schkn-ubuntu",
  "version": "7.2.0",
  "http_address": "",
  "id": "05cfb06f-a652-402c-8da1-f7275fb06312",
  "name": "schkn-ubuntu",
  "ephemeral_id": "871ccf4a-5233-4265-807b-8a305d349745",
  "status": "green",
  "snapshot": false,
  "pipelines": {
    "main": {
      "ephemeral_id": "808952db-5d23-4f63-82f8-9a24502e6103",
      "hash": "2f55ef476c3d425f4bd887011f38bbb241991f166c153b283d94483a06f7c550",
      "workers": 2,
      "batch_size": 125,
      "batch_delay": 50,
      "config_reload_automatic": false,
      "config_reload_interval": 3000000000,
      "dead_letter_queue_enabled": false,
      "cluster_uuids": []

Here is an example for the OS request:

$ curl -XGET 'localhost:9600/_node/os'
  "host": "schkn-ubuntu",
  "version": "7.2.0",
  "http_address": "",
  "id": "05cfb06f-a652-402c-8da1-f7275fb06312",
  "name": "schkn-ubuntu",
  "ephemeral_id": "871ccf4a-5233-4265-807b-8a305d349745",
  "status": "green",
  "snapshot": false,
  "os": {
    "name": "Linux",
    "arch": "amd64",
    "version": "4.15.0-42-generic",
    "available_processors": 2

c – Retrieving Logstash Hot Threads

Hot Threads are threads that are using a large amount of CPU power or that have an execution time that is greater than normal and standard execution times.

To retrieve hot threads, run the following command:

$ curl -XGET 'localhost:9600/_node/hot_threads?pretty'
  "host" : "schkn-ubuntu",
  "version" : "7.2.0",
  "http_address" : "",
  "id" : "05cfb06f-a652-402c-8da1-f7275fb06312",
  "name" : "schkn-ubuntu",
  "ephemeral_id" : "871ccf4a-5233-4265-807b-8a305d349745",
  "status" : "green",
  "snapshot" : false,
  "hot_threads" : {
    "time" : "2019-07-22T18:52:45+00:00",
    "busiest_threads" : 10,
    "threads" : [ {
      "name" : "[main]>worker1",
      "thread_id" : 22,
      "percent_of_cpu_time" : 0.13,
      "state" : "timed_waiting",
      "traces" : [ "java.base@11.0.3/jdk.internal.misc.Unsafe.park(Native Method)"...]
    } ]

Installing Logstash on macOS with Homebrew

Elastic issues Homebrew formulae thus you can install Logstash with the Homebrew package manager.

In order to install with Homebrew, firstly, you should tap the Elastic Homebrew repository:

brew tap elastic/tap

Once you have clicked on the Elastic Homebrew repo, you can utilize brew install to install the default distribution of Logstash:

brew install elastic/tap/logstash-full

The above syntax installs the latest released default distribution of Logstash. If you want to install the OSS distribution, define this elastic/tap/logstash-oss.

Starting Logstash with Homebrew

To have launched start elastic/tap/logstash-full now and restart at login, run:

brew services start elastic/tap/logstash-full

To run Logstash, in the forefront, run:


Going Further

Now that you have all the basics about Logstash, it is time for you to build your own pipeline configuration files and start stashing logs.

I highly suggest that you verify Filebeat, which gives a lightweight shipper for logs and that simply be customized in order to build a centralized logging system for your infrastructure.

One of the key features of Filebeat is that it provides a back-pressure sensitive protocol, which essentially means that you are able to regulate the number that you receive.

This is a key point, as you take the risk of overloading your centralized server by pushing too much data to it.

For those who are interested in Filebeat, here’s a video about it.

Tcpdump Command in Linux

tcpdump is a command-line utility that you can manage to capture and examine network traffic going to and from your system. It is the most regularly used tool amongst network administrators for troubleshooting network issues and security testing.

Notwithstanding its name, with tcpdump, you can also catch non-TCP traffic such as UDP, ARP, or ICMP. The captured packets can be written to a file or standard output. One of the most critical features of the tcpdump command is its capacity to use filters and charge only the data you wish to analyze.

In this article, you will learn the basics of how to use the tcpdump command in Linux.

Installing tcpdump

tcpdump is installed by default on most Linux distributions and macOS. To check if the tcpdump command is available on your system type:

$ tcpdump --version

The output should look something like this:


tcpdump version 4.9.2

libpcap version 1.8.1

OpenSSL 1.1.1b 26 Feb 2019

If tcpdump is not present on your system, the command above will print “tcpdump: command not found.” You can easily install tcpdump using the package manager of your distro.

Installing tcpdump on Ubuntu and Debian

$ sudo apt update && sudo apt install tcpdump

Installing tcpdump on CentOS and Fedora

$ sudo yum install tcpdump

Installing tcpdump on Arch Linux

$ sudo pacman -S tcpdump

Capturing Packets with tcpdump

The general syntax for the tcpdump command is as follows:

tcpdump [options] [expression]

  • The command options allow you to control the behavior of the command.
  • The filter expression defines which packets will be captured.

Only root or user with sudo privileges can run tcpdump. If you try to run the command as an unprivileged user, you’ll get an error saying: “You don’t have permission to capture on that device.”

The most simple use case is to invoke tcpdump without any options and filters:

$ sudo tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes

15:47:24.248737 IP linuxize-host.ssh > desktop-machine.39196: Flags [P.], seq 201747193:201747301, ack 1226568763, win 402, options [nop,nop,TS val 1051794587 ecr 2679218230], length 108

15:47:24.248785 IP linuxize-host.ssh > desktop-machine.39196: Flags [P.], seq 108:144, ack 1, win 402, options [nop,nop,TS val 1051794587 ecr 2679218230], length 36

15:47:24.248828 IP linuxize-host.ssh > desktop-machine.39196: Flags [P.], seq 144:252, ack 1, win 402, options [nop,nop,TS val 1051794587 ecr 2679218230], length 108

... Long output suppressed

23116 packets captured

23300 packets received by filter

184 packets dropped by kernel

tcpdump will continue to capture packets and write to the standard output until it receives an interrupt signal. Use the Ctrl+C key combination to send an interrupt signal and stop the command.

For more verbose output, pass the -v option, or -vv for even more verbose output:

$ sudo tcpdump -vv

You can specify the number of packets to be captured using the -c option. For example, to capture only ten packets, you would type:

$ sudo tcpdump -c 10

After capturing the packets, tcpdump will stop.

When no interface is specified, tcpdump uses the first interface it finds and dumps all packets going through that interface.

Use the -D option to print a list of all available network interfaces that tcpdump can collect packets from:

$ sudo tcpdump -D

For each interface, the command prints the interface name, a short description, and an associated index (number):


1.ens3 [Up, Running]

2.any (Pseudo-device that captures on all interfaces) [Up, Running]

3.lo [Up, Running, Loopback]

The output above shows that ens3 is the first interface found by tcpdump and used when no interface is provided to the command. The second interface any is a special device that allows you to capture all active interfaces.

To specify the interface you want to capture traffic, invoke the command with the -i option followed by the interface name or the associated index. For example, to capture all packets from all interfaces, you would specify any interface:

$ sudo tcpdump -i any

By default, tcpdump performs reverse DNS resolution on IP addresses and translates port numbers into names. Use the -n option to disable the translation:

$ sudo tcpdump -n

Skipping the DNS lookup avoids generating DNS traffic and makes the output more readable. It is recommended to use this option whenever you invoke tcpdump.

Instead of displaying the output on the screen, you can redirect it to a file using the redirection operators > and >>:

 $ sudo tcpdump -n -i any > file.out

You can also watch the data while saving it to a file using the tee command:

$ sudo tcpdump -n -l | tee file.out

The -l option in the command above tells tcpdump to make the output line buffered. When this option is not used, the output will not be written on the screen when a new line is generated.

Understanding the tcpdump Output

tcpdump outputs information for each captured packet on a new line. Each line includes a timestamp and information about that packet, depending on the protocol.

The typical format of a TCP protocol line is as follows:

[Timestamp] [Protocol] [Src IP].[Src Port] > [Dst IP].[Dst Port]: [Flags], [Seq], [Ack], [Win Size], [Options], [Data Length]

Let’s go field by field and explain the following line:

15:47:24.248737 IP > Flags [P.], seq 201747193:201747301, ack 1226568763, win 402, options [nop,nop,TS val 1051794587 ecr 2679218230], length 108

  • 15:47:24.248737 – The timestamp of the captured packet is local and uses the following format: hours:minutes: seconds. Frac, where frac is fractions of a second since midnight.
  • IP – The packet protocol. In this case, IP means the Internet protocol version 4 (IPv4).
  • – The source IP address and port, separated by a dot (.).
  • – The destination IP address and port, separated by a dot (.).
  • Flags [P.] – TCP Flags field. In this example, [P.] means Push Acknowledgment packet, which acknowledges the previous packet and sends data. Other typical flag field values are as follows:
    • [.] – ACK (Acknowledgment)
    • [S] – SYN (Start Connection)
    • [P] – PSH (Push Data)
    • [F] – FIN (Finish Connection)
    • [R] – RST (Reset Connection)
    • [S.] – SYN-ACK (SynAcK Packet)
  • seq 201747193:201747301 – The sequence number is in the first: last notation. It shows the number of data contained in the packet. Except for the first packet in the data stream where these numbers are absolute, all subsequent packets use as relative byte positions. In this example, the number is 201747193:201747301, meaning that this packet contains bytes 201747193 to 201747301 of the data stream. Use the -S option to print absolute sequence numbers.
  • Ack 1226568763 The acknowledgment number is the sequence number of the next data expected by the other end of this connection.
  • Win 402 – The window number is the number of available bytes in the receiving buffer.
  • options [nop,nop,TS val 1051794587 ecr 2679218230] – TCP options. or “no operation,” is padding used to make the TCP header multiple of 4 bytes. TS val is a TCP timestamp, and ecr stands for an echo reply. Visit the IANA documentation for more information about TCP options.
  • length 108 – The length of payload data

tcpdump Filters

When tcpdump is invoked with no filters, it captures all traffic and produces a tremendous output, making it very difficult to find and analyze the packets of interest.

Filters are one of the most powerful features of the tcpdump command. They since they allow you to capture only those packets matching the expression. For example, when troubleshooting issues related to a web server, you can use filters to obtain only the HTTP traffic.

tcpdump uses the Berkeley Packet Filter (BPF) syntax to filter the captured packets using various machining parameters such as protocols, source and destination IP addresses and ports, etc.

In this article, we’ll take a look at some of the most common filters. For a list of all available filters, check the pcap-filter manpage.

Filtering by Protocol

To restrict the capture to a particular protocol, specify the protocol as a filter. For example, to capture only the UDP traffic, you would run:

sudo tcpdump -n udp

Another way to define the protocol is to use the proto qualifier, followed by the protocol number. The following command will filter the protocol number 17 and produce the same result as the one above:

sudo tcpdump -n proto 17

For more information about the numbers, check the IP protocol numbers list.

Filtering by Host

To capture only packets related to a specific host, use the host qualifier:

$ sudo tcpdump -n host

The host can be either an IP address or a name.

You can also filter the output to a given IP range using the net qualifier. For example, to dump only packets related to, you would use:

$ sudo tcpdump -n net 10.10

Filtering by Port

To limit capture only to packets from or to a specific port, use the port qualifier. The command below captures packets related to the SSH (port 22) service by using this command:

$ sudo tcpdump -n port 23

The port range qualifier allows you to capture traffic in a range of ports:

sudo tcpdump -n port range 110-150

Filtering by Source and Destination

You can also filter packets based on the origin or target port or host using src, dst, src and dst, and src or dst qualifiers.

The following command captures coming packets from a host with IP

sudo tcpdump -n src host

To find the traffic coming from any source to port 80, you would use:

sudo tcpdump -n dst port 80

Complex Filters

Filters can be mixed using the and (&&), or (||), and not (!) operators.

For example, to catch all HTTP traffic coming from a source IP address, you would use this command:

sudo tcpdump -n src and tcp port 80

You can also use parentheses to group and create more complex filters:

$ sudo tcpdump -n 'host and (tcp port 80 or tcp port 443)'

To avoid parsing errors when using special characters, enclose the filters inside single quotes.

Here is another example command to capture all traffic except SSH from a source IP address

$ sudo tcpdump -n src and not dst port 22

Packet Inspection

By default tcpdump, catches only the packet headers. However, sometimes you may need to examine the content of the packets.

tcpdump enables you to print the content of the packets in ASCII and HEX.

The -A option tells tcpdump to print each packet in ASCII and -x in HEX:

$ sudo tcpdump -n -A

To show the packet’s contents in both HEX and ASCII, use the -X option:

$ sudo tcpdump -n -X

Reading and Writing Captures to a File

Another useful feature of tcpdump is to write the packets to a file.

This is handy when you are taking a large number of packages or carrying packets for later analysis.

To start writing to a file, use the -w option followed by the output capture file:

$ sudo tcpdump -n -w data.pcap

This command up will save the capture to a file named data. pcap. You can name the file as you want, but it is a standard protocol to use the .pcap extension (packet capture).

When the -w option is used, the output is not represented on the screen. tcpdump writes raw packets and generates a binary file that cannot be read with a regular text editor.

To inspect the contents of the file, request tcpdump with the -r option:

$ sudo tcpdump -r data.pcap

If you need to run tcpdump in the background, add the ampersand symbol (&) at the command end.

The capture file can also be examined with other packet analyzer tools such as Wireshark.

When obtaining packets over a long period, you can allow file rotation. tcpdump enables you to generate new files and rotate the dump file on a defined time interval or fixed size. The following command will create up to ten 200MB files, named file.pcap0, file.pcap1, and so on: before overwriting older files.

$ sudo tcpdump -n -W 10 -C 200 -w /tmp/file.pcap

Once ten files are created, the older files will be overwritten.

Please take care that you should only run tcpdump only during troubleshooting issues.

If you need to start tcpdump at a particular time, you can use a cronjob. tcpdump does not have an alternative to exit after a given time. You can use the timeout command to stop tcpdump after any time. For example, to exit after 5 minutes, you would use:

$ sudo timeout 300 tcpdump -n -w data.pcap


To analyze and troubleshoot network related issues, the tcpdump command-line tool is used.

This article presented you with the basics of tcpdump usage and syntax. If you have any queries related to tcpdump, feel free to contact us.

Pwd Command in Linux (Current Working Directory)

Among those who work with Linux, the command’ pwd’ is very helpful that tells the directory you are in, starting from the root directory (/). For Linux newbies, who may get lost amid the wide variety of directories found on the command line, ‘pwd’ (Print Working Directory) comes to the rescue. ‘pwd ‘stands for ‘print working directory’ As you can tell, the command ‘pwd ‘prints where the user is currently at. It prints the current directory name, combined with the complete path, with the root folder listed first. This manual command is built into the shell and is available on most of the shells.

If both ‘-L ‘and ‘-P’ options are used, option ‘L ‘is taken into priority. If a choice isn’t specified at the prompt, pwd will only traverse symbolic links, i.e., take option -P into consideration. Using the pwd command, we will demonstrate how to identify your current working directory.

What is the working directory?

The working directory is that in which the user is currently working. When you are working in the command prompt each time, you are in a directory. The default directory in which a Linux system opens when it is first booted is a user’s home directory. Change directories by using the cd command to delete any file from the current working directory (root directory), you would type:

$ cd /tmp

If you have a customized shell prompt, the path to your current working directory may be displayed.



pwd Command

The pwd command is “print working directory.” It is one of the essential and most commonly used Linux commands. When this command is invoked, the complete path to the current working directory will be displayed. The /pwd command is a command introduced in most modern shells such as bash and zsh. The standalone/bin/pwd is not the same as the /bin/pwd executable. The type command lets you display all files containing the “pwd” string.

$ type -a pwd

pwd refers to the shell builtin.

pwd is /bin/pwd

From the output, you can see the built-in Bash function ‘pwd’ has priority over the Bash standalone program and is used whenever you enter ‘pwd.’ If you wish to use the /bin/pwd standalone executable, enter the full path you saved the binary file how to change your current directory.

To find out the current directory, type pwd in your terminal and press return.

$ pwd

The resulting outputs will look similar to this.


The pwd command determines the path of the PWD environment variable. The final output will be the same if you write:

$ echo $PWD


The pwd command accepts only two arguments:

  • -L (—logical) – Do not resolve symlinks.
  • -P (—physical) – Display the physical directory without any symbolic links.

If no passphrase is specified, pwd behaves as if the -L option is specified.

To illustrate the operation of the -P option, I will create a directory and symlink.

$ mkdir /tmp/directoryln

$ -s /tmp/directory /tmp/symlink

Now, if you want navigate to the /tmp/symlink directory and you type pwd in your terminal:

$ pwd

The output shows your current working directory: /tmp/symlink

If you run the same command using -P option: $ pwd -P

The command will print the directory to which the symlink points to: /tmp/directory


The working directory is the current directory that your terminal is in. The pwd command lets you know where you are right now. If you have any kind of issues or comments, we would be delighted to hear them.