$ Linux One Liners
Back to commands

Cybersecurity Triage

Read-only, can be slow

Extract Environment Names Only

You need to see which environment names appear in config files, but must avoid exposing secrets.

Command

grep -RhoE 'ENVIRONMENT|NODE_ENV|APP_ENV|RAILS_ENV' config deploy | sort -u

Before you run this

System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.

When not to use it: Do not use it when you need values; this command intentionally prints names only.

Expected output

Unique environment variable names such as APP_ENV, NODE_ENV, or RAILS_ENV.

System impact

Read-only, can be slow. Nothing changes. Only matching environment variable names are printed.

Scope this to the smallest useful path or service on busy systems.

Recovery / rollback: no state is changed.

When to use it

Use when checking env naming consistency across deployment files.

When not to use it

Do not use it when you need values; this command intentionally prints names only.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ sed -n '1,20p' config/app.env.example

APP_ENV=staging
NODE_ENV=production
RAILS_ENV=production

$ grep -RhoE 'ENVIRONMENT|NODE_ENV|APP_ENV|RAILS_ENV' config deploy | sort -u

APP_ENV
NODE_ENV
RAILS_ENV
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. sed -n '1,20p' config/app.env.example
  2. grep -RhoE 'ENVIRONMENT|NODE_ENV|APP_ENV|RAILS_ENV' config deploy | sort -u

next steps

Related commands

Cybersecurity Triage Sensitive output

Find World-Readable Secret-Looking Files

The fastest secret audit starts with readable files that look like secrets.

find fixtures/perm-audit -type f -perm -0004 \( -iname '*secret*' -o -iname '*.env' -o -iname '*token*' -o -iname '*key*' \) -printf '%M %u:%g %p\n' | sort
Hosting Operations Can be slow

Check Image Tags in Manifests

Find the image tags your deployment files reference without printing env values.

grep -RhoE 'image:[[:space:]]*[^[:space:]]+' deploy/ | sort -u
Cybersecurity Triage Sensitive output

Count authorized_keys by User

authorized_keys is the practical SSH access list.

find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Cybersecurity Triage Can be slow

Find Config Files with Execute Bits

Config files do not usually need to be executable.

find fixtures/perm-audit -type f -perm /111 \( -path '*/config/*' -o -name '*.env' -o -name '*.conf' \) -printf '%M %u:%g %p\n' | sort
Cybersecurity Triage State change

Find Public Listeners Not Allowed by UFW

The process was public, but the firewall did not mention it.

comm -13 <(ufw status numbered | awk '/ALLOW/ {print}' | grep -Eo '[0-9]+/(tcp|udp)' | cut -d/ -f1 | sort -u) <(ss -ltnp | awk '$4 ~ /^(0[.]0[.]0[.]0|[[]::[]]|[*]):/ {n=split($4,a,":"); print a[n]}' | sort -u)
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:security-hygiene
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.