Linux Operations Cheat Sheet¶
Remember: Signal numbers to memorize: SIGHUP (1) = reload config, SIGTERM (15) = graceful shutdown, SIGKILL (9) = force kill. Mnemonic: "1 for Hangup, 15 for Terminate, 9 for Kill." Always try SIGTERM before SIGKILL — SIGTERM allows the process to clean up (flush buffers, close connections). SIGKILL is instant death with no cleanup.
Process Management¶
ps aux # All processes
ps -eo pid,ppid,%cpu,%mem,cmd --sort=-%cpu | head # Top CPU
pgrep -f pattern # Find by name
kill -15 PID # Graceful stop (SIGTERM)
kill -9 PID # Force kill (SIGKILL)
kill -0 PID # Check if process exists
pkill -f pattern # Kill by name
Systemd¶
systemctl status nginx # Service status
systemctl start/stop/restart nginx
systemctl enable/disable nginx # Boot persistence
systemctl list-units --failed # Failed services
systemctl daemon-reload # After editing unit files
journalctl -u nginx -f # Follow service logs
journalctl -u nginx --since "1 hour ago"
journalctl -p err -b # Errors since boot
journalctl --disk-usage # Log storage used
Disk & Filesystem¶
Gotcha:
df -hshows filesystem space, but disk can appear "full" even with space available if inodes are exhausted.df -ishows inode usage. A filesystem with 0% disk used but 100% inodes used will refuse to create new files. This commonly happens in directories with millions of tiny files (session stores, mail queues, package caches).
df -h # Filesystem usage
du -sh /var/log/* | sort -rh # Directory sizes
lsblk # Block devices
mount | column -t # Mounted filesystems
findmnt # Mount tree
# Inode exhaustion
df -i # Inode usage
find /var -xdev -type f | wc -l # Count files
Memory¶
free -h # Memory overview
vmstat 1 5 # 5 samples, 1s interval
cat /proc/meminfo # Detailed breakdown
slabtop # Kernel slab cache
# OOM investigation
dmesg | grep -i "out of memory"
journalctl -k | grep -i oom
Network¶
ss -tlnp # Listening TCP ports
ss -s # Socket statistics
ip addr show # IP addresses
ip route show # Routing table
curl -v telnet://host:port # Test TCP connectivity
dig domain.com +short # DNS lookup
traceroute host # Path to host
# Firewall (iptables)
iptables -L -n -v # List rules
iptables -t nat -L -n # NAT rules
# Firewall (nftables/firewalld)
nft list ruleset
firewall-cmd --list-all
Performance Triage (USE Method)¶
For each resource, check: Utilization, Saturation, Errors
CPU: uptime (load avg) → mpstat → pidstat
Memory: free → vmstat → slabtop
Disk: iostat → iotop → df -i
Network: sar -n DEV → ss → nstat
# Quick triage sequence
uptime # Load averages
dmesg -T | tail # Recent kernel messages
free -h # Memory
df -h # Disk space
iostat -xz 1 3 # Disk I/O
ss -s # Socket summary
top -bn1 | head -20 # Process overview
File Permissions¶
rwxrwxrwx = user/group/other
chmod 755 file # rwxr-xr-x
chmod 644 file # rw-r--r--
chmod u+x file # Add execute for user
chown user:group file
chown -R user:group dir/
# Special bits
chmod u+s file # SUID (run as owner)
chmod g+s dir # SGID (inherit group)
chmod +t dir # Sticky bit (only owner can delete)
Package Management¶
# Debian/Ubuntu
apt update && apt upgrade
apt install/remove package
dpkg -l | grep package # Check installed
apt-cache search keyword
# RHEL/CentOS
dnf install/remove package
dnf list installed | grep pkg
rpm -qa | grep package
Users & SSH¶
useradd -m -s /bin/bash user # Create user
usermod -aG sudo user # Add to group
passwd user # Set password
# SSH key management
ssh-keygen -t ed25519 -C "comment"
ssh-copy-id user@host
ssh -i key.pem user@host
# SSH tunneling
ssh -L 8080:localhost:80 user@remote # Local forward
ssh -R 8080:localhost:3000 user@remote # Remote forward
ssh -D 1080 user@remote # SOCKS proxy
Cron¶
crontab -l # List jobs
crontab -e # Edit jobs
# Format: min hour dom month dow command
0 2 * * * /opt/backup.sh # Daily at 2 AM
*/5 * * * * /opt/check.sh # Every 5 minutes
0 0 * * 0 /opt/weekly.sh # Sunday midnight
Log Files¶
/var/log/syslog (or /var/log/messages) # System log
/var/log/auth.log # Auth events
/var/log/kern.log # Kernel messages
/var/log/nginx/access.log # Web server access
/var/log/nginx/error.log # Web server errors