List of useful FreeBSD Commands

Below is a list of my favorite commands I often use during my daily system administration duties and others I use just for fun. I hope my readers will find this informative and learn a few things by the end of this post. Most of these will also work on Linux.

Check the weather

install curl

# pkg install curl

Now check the weather

# curl http://wttr.in

ever wonder what development stack or CMS a website is using?

Install whatweb

# pkg install whatweb

Find out what stack that site uses

# whatweb medium.com
http://medium.com [301 Moved Permanently] CloudFlare, Cookies[__cfduid,__cfruid], Country[UNITED STATES][US], HTTPServer[cloudflare], HttpOnly[__cfduid,__cfruid], IP[104.16.121.127], RedirectLocation[https://medium.com/], Title[301 Moved Permanently], UncommonHeaders[cf-cache-status,x-content-type-options,cf-ray,alt-svc,cf-request-id]
https://medium.com/ [200 OK] CloudFlare, Cookies[__cfduid,__cfruid,optimizelyEndUserId,sid,uid], Country[UNITED STATES][US], Email[9ygdqoKprhwuTVKUM0DLPA@2x.png,haCUs0wF6TgOOvfoY-jEoQ@2x.png,u002F589e367c28ca47b195ce200d1507d18b@sentry.io,uULpIlImcO5TDuBZ6lm7Lg@2x.png], Google-Analytics[Universal][UA-24232453–2], HTML5, HTTPServer[cloudflare], HttpOnly[__cfduid,__cfruid,sid,uid], IP[104.16.122.127], Open-Graph-Protocol[website][542599432471018], OpenSearch[/osd.xml], Script[application/ld+json], Strict-Transport-Security[max-age=15552000; includeSubDomains; preload], UncommonHeaders[sepia-upstream,medium-fulfilled-by,x-envoy-upstream-service-time,cf-cache-status,expect-ct,x-content-type-options,cf-ray,alt-svc,cf-request-id], X-Frame-Options[allow-from medium.com]

Check if a reboot is required on a FreeBSD system; if versions do not match a reboot is required

# uname -r; freebsd-version

check if reboot is required on a Debian based systems; if output reads “ No such file or directory” than a reboot is not required”

# cat /var/run/reboot-required

Gnu-watch (just watch on Linux) is a helpful command that can be used in conjunction with any command that gives output but does not have an option to provide continued or real-time output of the command; for example anyone who has ever managed a mail/postfix server will be familiar with another one of my go to commands “mailq”. This command which prints out all queued messages that are pending delivery due to various reason such as being blocked by a spam list or users on the system sending emails to incorrect address’s.

Often times when you discover an issue with mail delivery this is the go to command to determine the reason, then once you have identified the root cause, and resolved the issue there is nothing more satisfying than seeing the number of messages in the queue go down lower and lower until they are all released from the queue.

Install gnu-watch

# pkg install gnu-watch

To monitor the mailq and print out an update every 5 seconds you would simply run

# gnu-watch -n 5 mailq

Ctrl+C to close.

Another equally awesome command to monitor the mailq in real time which provides a more comprehensive overview of the the queue is pfqueue

install pfqueue

# pkg install pfqueue

check the mailq

# pfqueue

aww yea! an empty mailq just what I like to see :)

RSYNC Commands

Rsync a very powerful tool to copy files locally and remotely and can also be scripted to create backup scripts. Check out this example of these scripts that perfrom both local and off-site backups a LAMP stack applications.

install rsync

# pkg install rsync

sync local folder nginx to a local directory, external drive, or nfs share.

# rsync -av /root/backup/nginx/ /mnt/nas02/lb01/
sending incremental file list
./
nginx-backup_test-2020.tar.gz
nginx-backup_test2–2020.tar.gz
nginx-backup_test3–2020.tar.gz
sent 18,555,489 bytes received 76 bytes 37,111,130.00 bytes/sec
total size is 102,235,136 speedup is 5.51

sync a local folder to a remote server over ssh (this is known as push)

# rsync -avzh username@host:/local/folder/ /remote/files/to/copy

sync a folder on a remote system to your local machine (this is know as pull)

# rsync -avzh username@host:/local/folder/ /remote/files/to/copy

sync directory while excluding a sub-directory

# rsync — exclude=folder_to_exclude/ -avhP /local/folder/username@host:/remote/folder/to/copy/files/to

MYSQL

export mysql database

# mysqldump -u username -p database_name > data-dump.sql

import mysql database

Login to mysql console

mysql -u root -p

create database name if it does not already exist.

# CREATE DATABASE new_database;

now import database

# mysql -u username -p new_database < data-dump.sql

reset mysql root password

# service mysqld stop
# mysqld_safe — skip-grant-tables &
# mysql — user=root mysql
# update user set Password=PASSWORD(‘new-password’) where user=’root’;
# flush privileges;
# exit;

Viewing and manipulating files & logs

view a file

# cat filename.txt

tail a log file for real-time viewing or example the mail log

# tail /var/log/maillog

search a file for a specific word, in the below example I’m searching the mailq for an email address, which is useful when you are trying to track down issue with an inbox that may not be receiving or sending mail

# tail -f /var/log/mail.log | grep “email@domain.com”

sometimes its helpful to narrow down what we are looking for by viewing the lines before and after each targeted word.

this command will display five lines after outputting what we are looking for

# tail -f /var/log/maillog | grep -A 5 “email@domain.com”

print 5 lines before outputting what we are looking for

# tail -f varlog/maillog | grep -B 5 “email@domain.com”

search all files that contain a word

# grep -i -r some_word

or a phrase

# grep -r ‘word or phrase’ *

list files that contain words; this method is much cleaner & faster then above commands (The word(s) you use are case-sensitive)

# grep -rli word

Or, if you only want to search in .txt files, combine it with find

# find /some/dir -name ‘*.txt’ -exec grep -li ‘searchstring’ {} \;

append text to an existing file

# echo ‘add this text to end of file’ >> file.txt

prepend text to an exiting file (add text to beginning of the file)

# printf ‘%s\n’ 0a “add this to begining “ . w | ed -s textfile.txt

or prepend multiple lines

# printf ‘%s\n’ 0a “line 1” “line 2” . w | ed -s textfile.tx

delete files that are X days old from a directory

the below command will purge any file(s) within /usr/jails/ezjail_archives that are 14 days or older

# find /usr/jails/ezjail_archives/* -mtime +14 -exec rm {} \;

delete files & folders that are 14 days or old

# find /folder/location/* -mtime +14 -exec rm -rf {} \;

search entire file system for a file by name

# find / -name filename

find files by searching only part of their name in a specific directory

# find /path/of/folder/to/be/searched/* -name ‘*Untraceable*’

Compress a file with tar.gz

# tar -czvf archive-name.tar.gz /path/to/directory-or-file

unpack file we just created

# tar -xzvf archive-name.tar.gz

DNS related commands

check if a domain uses DNSSEC you will see RRSIG records in the reply if DNSSEC is requested

isc.org does support DNSSEC

# dig +dnssec isc.org dnskey
; <<>> DiG 9.16.2 <<>> +dnssec isc.org dnskey
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22304
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;isc.org.   IN DNSKEY
;; ANSWER SECTION:
isc.org.  7199 IN DNSKEY 257 3 13 zEoOfseNFDM+E8spu7RR2Ar/GzFqAehe4yapWLiv6McIUF6xmI5GcIQ3 +uLAizS2cNWHt6EArVj8ogjtrRXwfw==
isc.org.  7199 IN DNSKEY 256 3 13 1CS+VQcRn4lGTK+b3wDjVO0hFDx4DV7s3Q1Fwxuq9ahd255FRny4f4vd ZOMMMxpbRH5Zhwoh/706IV0v9JwjlA==
isc.org.  7199 IN RRSIG DNSKEY 13 2 7200 20200601130852 20200502125806 7250 isc.org. CsMS1qIiBQTFvbDR6SZQqB69+wFpHRQJcTwHW8m7GCnSUdVH7ms/MzSd C8fpNskQkGlyUtt4JkltV8WrCvk7Gw==
isc.org.  7199 IN RRSIG DNSKEY 13 2 7200 20200601130852 20200502125806 27566 isc.org. qLbAt8qocFP9FZTCpob1tGkvrDMOp9E7HaF9pTWHzS4rW30olAqSIYzR 4EeuGWqucOvujZuklS4JX8HL+rjMQg==
;; Query time: 46 msec
;; SERVER: 192.168.4.1#53(192.168.4.1)
;; WHEN: Sat May 09 07:46:46 EDT 2020
;; MSG SIZE  rcvd: 402

ypcr.com does not support DNSSEC

# dig +dnssec ypcr.com dnskey
; <<>> DiG 9.16.2 <<>> +dnssec ypcr.com dnskey
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36012
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;ypcr.com.   IN DNSKEY
;; AUTHORITY SECTION:
ypcr.com.  585 IN SOA ns23.domaincontrol.com. dns.jomax.net. 2020031509 28800 7200 604800 600
;; Query time: 18 msec
;; SERVER: 192.168.4.1#53(192.168.4.1)
;; WHEN: Sat May 09 07:49:33 EDT 2020
;; MSG SIZE  rcvd: 105

lookup name servers for a domain name

# host -t ns domain.com
domain.com name server ns-1250.awsdns-28.org.
domain.com name server ns-166.awsdns-20.com.
domain.com name server ns-2022.awsdns-60.co.uk.
domain.com name server ns-683.awsdns-21.net.

lookup a domain’s mail server (mx records)

# host -t mx gmail.com
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.

lookup a domain’s txt records (find spf records)

# host -t txt hotmail.com
hotmail.com descriptive text "v=spf1 ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.outlook.com include:spf-b.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
hotmail.com descriptive text "google-site-verification=gqFmgDKSUd3XGU_AzWWdojRHtW3_66W_PC3oFvQVZEw"

lookup domain’ss soa records

# host -t soa yahoo.com
yahoo.com has SOA record ns1.yahoo.com. hostmaster.yahoo-inc.com. 2020050900 3600 300 1814400 600

lookup DNS TTL value must use the domain’s ns server which can be found by “host -t ns domain.com”. This is if your default DNS server is not the authoritative server for the zone you are digging; dig will show the time remaining (until the next refresh) instead of the raw TTL value in this position. In short without defining the name server than dig will use your networks name server. you can lookup the name server to any domain using host -t ns domain.com

# dig +nocmd +noall +answer @nameserver_in_use_by_domain domain.com

or

lookup dns TTL value count down

# dig +nocmd +noall +answer domain.com

note: the dig tool is not installed by default in recent version of FreeBSD, this is because dig ships with BIND, which was removed from the base system in 10.x. alternately you can use drill which replacedldns-tools which has replaced BIND and shares the same syntax as dig. You can also obtain dig by installing bind-tools

# pkg install bind-tools

command to lookup public IP behind NAT/router

# dig +short domain.com @resolver1.opendns.com

FreeBSD Pro tip: Never miss a FreeBSD related post on twitter, follow @FreeBSD_Bot it retweets everything with #FreeBSD

Enjoy!