Linux Commands Every CompTIA Candidate Must Know — A+, Network+ & Security+ 2026

⚡ Why Linux Matters for CompTIA Now

The A+ 220-1202 (Core 2) exam added Linux to its scope — you need to know basic navigation, file permissions, and process management commands. Network+ tests Linux networking commands (ifconfig, ip, netstat). Security+ tests log analysis, file integrity, and hardening commands. You don't need to be a Linux admin — you need to recognise what each command does and pick the right one for a given scenario.

What Each Cert Tests

A+ 220-1202

📁 ls, cd, pwd, mkdir, rm
📄 cat, cp, mv, touch
🔐 chmod, chown
👤 sudo, su
📦 apt, yum (package mgmt)
🔍 grep, find
📊 ps, top, kill

Network+ N10-009

🌐 ifconfig / ip addr
📡 ping, traceroute
🔍 netstat, ss
🔎 nslookup, dig
📶 iwconfig / iw
🛣️ route / ip route
🔥 iptables basics

Security+ SY0-701

📋 journalctl, tail -f
🔐 chmod, chown, umask
🔑 ssh, scp, sftp
🔍 grep, awk (log analysis)
🛡️ iptables / ufw
🔒 passwd, usermod
💾 dd, sha256sum

Navigation & File Management

List directory contents

A+ Network+ Security+

Lists files and directories. The most commonly used Linux command — equivalent to dir in Windows. With flags it shows hidden files, permissions, file sizes, and modification times.

ls                          # list current directory
ls -l                        # long format — shows permissions, owner, size, date
ls -a                        # show hidden files (names starting with .)
ls -la                       # long format + hidden files (most common)
ls -lh                       # long format with human-readable file sizes
ls /etc                      # list contents of /etc directory

cd / pwd / mkdir / rm

Navigate and manage directories

A+

Core navigation commands. cd changes directory, pwd prints the current working directory, mkdir creates directories, rm removes files and directories.

pwd                          # print current directory path
cd /home/user               # absolute path navigation
cd Documents                # relative path (from current dir)
cd ..                        # go up one directory
cd ~                         # go to home directory
mkdir newfolder             # create a directory
mkdir -p path/to/folder    # create nested directories
rm file.txt                 # delete a file
rm -r folder               # delete directory and all contents (recursive)
rm -rf folder              # force delete — no prompts (dangerous!)

Exam tip: rm -rf is non-recoverable — no Recycle Bin in Linux. The exam may present a scenario asking which flag deletes a directory and its contents: -r (recursive). ~ always means the current user's home directory.

cat / cp / mv / touch

File viewing, copying, and moving

A+ Security+

cat displays file contents, cp copies files, mv moves or renames files, touch creates empty files or updates timestamps.

cat file.txt                # display file contents
cat /etc/passwd             # view the user account file
cp source.txt dest.txt      # copy a file
cp -r folder/ backup/       # copy directory recursively
mv old.txt new.txt          # rename a file
mv file.txt /tmp/           # move a file to another directory
touch newfile.txt           # create empty file / update timestamp

Exam tip: mv is both move AND rename — if the destination is in the same directory, it renames. cat /etc/passwd is a common Security+ scenario — the passwd file stores user account info (not actual passwords, which are in /etc/shadow).

Permissions & Ownership

chmod

Change file permissions

A+ Security+

Controls who can read, write, and execute a file. The most permission-related command on the exam. Permissions are set for three entities: owner (u), group (g), and others (o). Can be set symbolically (+x) or numerically (octal notation).

chmod 755 script.sh         # owner=rwx, group=rx, others=rx
chmod 644 file.txt          # owner=rw, group=r, others=r (typical file)
chmod 600 private.key       # owner=rw only — SSH keys must be 600
chmod +x script.sh          # add execute for everyone
chmod u+x script.sh         # add execute for owner only
chmod go-w file.txt         # remove write from group and others
chmod -R 755 folder/        # apply recursively to all files in folder

Value	Binary	Permissions
7	111	Read + Write + Execute (rwx)
6	110	Read + Write (rw-)
5	101	Read + Execute (r-x)
4	100	Read only (r--)
0	000	No permissions (---)

Exam tip: chmod 777 gives everyone full read/write/execute — a Security+ red flag for misconfiguration. SSH private key files must be 600 (owner read/write only) — SSH will refuse to use a key with broader permissions. Remember: three digits = owner / group / others.

chown

Change file owner and group

A+ Security+

Changes who owns a file or directory. Requires root/sudo. Distinct from chmod — chown changes who owns the file, chmod changes what they can do with it.

chown alice file.txt          # change owner to alice
chown alice:devteam file.txt  # change owner AND group
chown -R alice:devteam folder/ # recursive — all files in folder
chown :devteam file.txt       # change group only (no owner change)

Exam distinction: chmod = change permissions (what can be done). chown = change ownership (who owns it). A scenario asking "which command grants a user ownership of a file" → chown. "Which command restricts a file to read-only" → chmod.

Users, Sudo & Privileges

sudo / su

Elevate privileges

A+ Security+

sudo (superuser do) runs a single command with root privileges without switching to the root account. su switches to another user account entirely. sudo is the modern, auditable, preferred method — su is older and considered less secure.

sudo apt update              # run apt as root
sudo -i                       # open a root shell (interactive)
sudo !!                        # re-run last command as sudo
su alice                      # switch to user alice (requires alice's password)
su -                          # switch to root (requires root password)
passwd                         # change your own password
sudo passwd alice             # change another user's password (as admin)

Security+ angle: sudo is the principle of least privilege in practice — users run as non-root by default and only elevate for specific commands. Sudo activity is logged to /var/log/auth.log, making it auditable. Giving all users sudo access defeats the purpose.

useradd / usermod / userdel

Manage user accounts

A+ Security+

Create, modify, and delete Linux user accounts. Requires root/sudo. User account data is stored in /etc/passwd, passwords in /etc/shadow, groups in /etc/group.

sudo useradd alice            # create user alice
sudo useradd -m -s /bin/bash alice # create user with home dir and bash shell
sudo usermod -aG sudo alice   # add alice to sudo group
sudo usermod -L alice          # lock alice's account (disable login)
sudo userdel alice            # delete user (keeps home directory)
sudo userdel -r alice         # delete user AND home directory

Exam tip: usermod -L locks an account without deleting it — the correct action when an employee leaves temporarily or an account is compromised. -aG means "append to Group" — using -G without -a replaces all existing group memberships.

Searching & Text Processing

grep

Search text in files or output

A+ Security+

Searches for a pattern in files or piped output. Arguably the most useful command for log analysis and Security+ forensics scenarios. Combined with | (pipe), it filters the output of other commands.

grep "error" /var/log/syslog    # find lines containing "error"
grep -i "failed" auth.log     # case-insensitive search
grep -r "password" /etc/      # recursive search through directory
grep -v "#" config.txt        # invert — show lines NOT containing #
grep -n "root" /etc/passwd    # show line numbers
grep -c "Failed" auth.log     # count matching lines
cat auth.log | grep "ssh"     # pipe — filter cat output for ssh lines

Security+ log analysis: grep -i "failed password" /var/log/auth.log finds failed SSH login attempts — key in an incident response scenario. grep -v "#" strips comments from config files to see active configuration only.

find

Search for files by name, type, or attribute

A+ Security+

Searches the filesystem for files matching given criteria — by name, type, size, permissions, owner, or modification time. More powerful than a simple filename search and useful for forensics scenarios.

find /home -name "*.txt"       # find all .txt files under /home
find / -name "config.ini"     # find specific file anywhere on system
find /var -type f -size +10M  # files larger than 10MB
find / -perm 777               # files with 777 permissions (security concern)
find /tmp -mtime -1            # files modified in last 24 hours
find / -user alice              # all files owned by alice

Forensics use: find / -perm 777 is a hardening check — world-writable files are a security risk. find / -mtime -1 finds recently modified files — useful when investigating a breach to see what was changed.

Processes & System Monitoring

ps / top / kill

View and manage running processes

A+ Security+

ps shows a snapshot of current processes. top shows a live, updating view (like Task Manager). kill sends a signal to a process — usually to terminate it. Every process has a PID (process ID).

ps                             # show processes for current user/terminal
ps aux                        # show ALL processes, all users, with details
ps aux | grep apache         # find apache processes specifically
top                            # live process monitor (q to quit)
kill 1234                      # send SIGTERM to PID 1234 (graceful stop)
kill -9 1234                   # send SIGKILL — force kill, no cleanup
killall apache2               # kill all processes named apache2

Exam tip: ps aux is the standard way to see all running processes — the a (all users) u (user-oriented format) x (no terminal) flags together. kill -9 is a forced kill that cannot be blocked — use when a process is frozen and not responding to normal kill.

Networking Commands

ifconfig / ip addr

View and configure network interfaces

Network+ Security+

ifconfig is the legacy command for network interface configuration, still widely used and tested. ip addr is the modern replacement. Both show IP addresses, MAC addresses, and interface status. CompTIA tests both.

ifconfig                       # show all active interfaces
ifconfig eth0                  # show specific interface
ifconfig eth0 192.168.1.10    # assign IP address (temporary)
ifconfig eth0 down             # disable interface
ip addr                        # modern equivalent of ifconfig
ip addr show eth0             # show specific interface
ip link set eth0 up           # bring interface up
ip route show                  # display routing table

Exam tip: ifconfig is being replaced by the ip command suite but both appear on exams. Key output to read: inet = IPv4 address, inet6 = IPv6 address, ether = MAC address, lo = loopback interface (127.0.0.1).

netstat / ss

Network connections and listening ports

Network+ Security+

Shows active network connections, listening ports, and socket statistics. Critical for identifying what services are running and detecting suspicious connections. ss is the modern replacement for netstat.

netstat -tuln                  # show listening TCP/UDP ports (numeric)
netstat -tulnp                 # also show process name/PID
netstat -an                    # all connections, numeric addresses
ss -tuln                       # modern equivalent — listening ports
ss -tulnp                      # with process info

Security+ use: netstat -tulnp shows which process owns each listening port — used to detect unexpected services (e.g., a backdoor listening on an unusual port). Flag breakdown: t=TCP, u=UDP, l=listening, n=numeric (no DNS lookup), p=process.

Package Management

apt / yum / dnf

Install and manage software packages

A+

Linux software is installed via package managers. apt is used on Debian/Ubuntu. yum and dnf are used on Red Hat/CentOS/Fedora. The A+ exam tests awareness of both — you need to know which distro family uses which tool.

# Debian / Ubuntu (apt)
sudo apt update                # refresh package list
sudo apt upgrade               # upgrade all installed packages
sudo apt install nginx         # install a package
sudo apt remove nginx          # remove a package

# Red Hat / CentOS / Fedora (yum / dnf)
sudo yum update                # update packages (older systems)
sudo dnf install httpd         # install package (newer Fedora/RHEL)
sudo dnf remove httpd          # remove package

Exam tip: apt = Ubuntu/Debian. yum/dnf = RHEL/CentOS/Fedora. apt update refreshes the list of available packages — it doesn't install anything. apt upgrade actually installs the updates. You need to run update before upgrade or you may install an outdated version.

Quick Reference Table

Command	Purpose	Key Flag / Example	Certs
ls -la	List files with permissions + hidden	`-l` long, `-a` hidden	A+, Network+, Security+
chmod 755	Set file permissions (octal)	7=rwx, 6=rw, 5=rx, 4=r	A+, Security+
chown user:grp	Change file ownership	`-R` recursive	A+, Security+
sudo	Run command as root	`sudo -i` = root shell	A+, Security+
grep -i "term"	Search text in file	`-i` case-insensitive, `-v` invert	A+, Security+
find / -name	Locate files by name/attribute	`-perm 777` find world-writable	A+, Security+
ps aux	Show all running processes	pipe to grep to filter	A+, Security+
kill -9 PID	Force-kill a process	SIGKILL = cannot be blocked	A+
ifconfig / ip addr	View network interfaces + IPs	`ip addr show eth0`	Network+, Security+
netstat -tulnp	Show listening ports + processes	t=TCP u=UDP l=listen n=numeric	Network+, Security+
apt / yum / dnf	Install software packages	apt=Debian/Ubuntu, yum=RHEL	A+
tail -f /var/log	Live-follow a log file	`-f` = follow (real-time)	Security+
sha256sum file	Generate/verify file hash	Used for file integrity verification	Security+

Exam Scenarios

💬 "A security analyst needs to find all files on a Linux system with world-writable permissions. Which command accomplishes this?" → find / -perm 777 — searches the entire filesystem for files where owner, group, and others all have full rwx permissions. These are a security risk.

💬 "A technician creates a shell script but cannot execute it. The file permissions show -rw-r--r--. Which command adds execute permission for the owner only?" → chmod u+x script.sh — u = user (owner), +x = add execute. Alternatively chmod 744 gives owner rwx, group r, others r.

💬 "An admin needs to check which process is listening on port 443. Which command shows listening ports with their associated process IDs?" → netstat -tulnp or ss -tulnp — the p flag adds process name and PID to the output.

💬 "After a suspected intrusion, a forensic analyst needs to find all files modified in the last 24 hours. Which command is correct?" → find / -mtime -1 — -mtime -1 = modified less than 1 day ago. This helps identify what was changed during an attack.

💬 "A Linux admin needs to search the auth log for all failed SSH login attempts. Which command is most appropriate?" → grep -i "failed" /var/log/auth.log — the -i flag makes the search case-insensitive, catching "Failed", "FAILED", etc. This is a core incident response skill.

💬 "A user on Ubuntu needs to install the curl package. They are not the root user. Which command is correct?" → sudo apt install curl — Ubuntu uses apt (Debian-based). sudo is required since package installation needs root privileges. On RHEL/CentOS it would be sudo yum install curl.

💬 "An SSH private key file has permissions set to 644. When attempting to connect, SSH refuses to use the key. What is the problem?" → SSH rejects keys that are too permissive. Private key files must be chmod 600 (owner read/write only). Run chmod 600 ~/.ssh/id_rsa to fix.

Ready to pass the A+ exam?

See the best study guides, video courses, and practice tests for 220-1201 and 220-1202.

See A+ Resources →

Linux Commands for CompTIA Exams

What Each Cert Tests

Navigation & File Management

Permissions & Ownership

Users, Sudo & Privileges

Searching & Text Processing

Processes & System Monitoring

Networking Commands

Package Management

Quick Reference Table

Exam Scenarios

Ready to pass the A+ exam?

Related Articles