Linux Sysadmin Combined Cheat Sheet
Linux Sysadmin Combined Cheat Sheet
Ultimate Linux Sysadmin Cheat Sheet
A complete reference for Linux sysadmins, combining Basics, Advanced Tuning, and Security Hardening.
🔹 File Management
- List Files:
1 2
ls -l ls -la # show hidden files
- Copy / Move / Remove Files:
1 2 3
cp source destination mv source destination rm file
- Search Files & Content:
1 2
find /path -name "filename" grep "pattern" file
🔹 User & Group Management
- Add / Delete Users:
1 2 3
sudo useradd username sudo userdel username sudo useradd -m username # create home directory
- Change Password & Force Expiry:
1 2
passwd username sudo chage -d 0 username
- Manage Groups:
1 2
sudo usermod -aG groupname username groups username
- Check Logged In Users:
1 2 3 4
who w last lastlog
🔹 Process & System Management
- List & Monitor Processes:
1 2 3 4
ps aux pstree -p top htop - Kill Processes:
1 2
kill <pid> kill -9 <pid>
- Resource Usage:
1 2 3 4
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head mpstat -P ALL 1 free -h iostat -xz 1
- Check Boot Performance & Systemd Services:
1 2 3 4 5 6 7 8 9
systemctl list-units --type=service systemctl start|stop|restart service systemctl enable service systemctl mask|unmask service systemctl status service systemctl --failed systemd-analyze systemd-analyze blame journalctl -b
🔹 Disk & Storage
- Check Disk Usage:
1 2 3 4 5
df -hT df -i du -sh /path lsblk fdisk -l
- Mount / Unmount Filesystems:
1 2
sudo mount /dev/sdX1 /mnt sudo umount /mnt
- LVM Management:
1 2 3 4 5 6
pvcreate /dev/sdb vgcreate vg_data /dev/sdb lvcreate -L 10G -n lv_data vg_data mkfs.ext4 /dev/vg_data/lv_data lvextend -L +5G /dev/vg_data/lv_data resize2fs /dev/vg_data/lv_data
- RAID / Filesystem Checks:
1 2
cat /proc/mdstat fsck -f /dev/sda1
🔹 Networking
- IP & Routes:
1 2 3
ip addr show ip route show ip route add 10.0.0.0/24 via 192.168.1.1
- Connectivity & Ports:
1 2 3 4
ping -c 4 example.com ss -tuln nc -zv host port curl -I http://example.com
- Network Debugging:
1 2 3
traceroute example.com mtr example.com tcpdump -i eth0 port 80 - Increase Network Performance:
1 2 3 4
sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.ipv4.tcp_fin_timeout=15 sysctl -w net.ipv4.tcp_tw_reuse=1
🔹 Package Management
Debian / Ubuntu
- Package Management Commands:
1 2 3
sudo apt update && sudo apt upgrade sudo apt install package sudo apt remove package
RHEL / CentOS / Fedora
- Package Management Commands:
1 2 3 4
sudo yum update sudo dnf upgrade sudo yum install package sudo dnf remove package
🔹 Permissions & Ownership
- Change Ownership:
1
sudo chown user:group file - Modify Permissions:
1 2 3 4
chmod 755 file chmod u+x file # user execute chmod g-w file # remove group write chmod o-r file # remove others read
🔹 Logs & Monitoring
- View Logs:
1 2 3 4 5 6
journalctl -xe journalctl -u servicename tail -f /var/log/syslog tail -f /var/log/auth.log dmesg | less lsof | less
- Monitor System Performance: Tools:
htop,iotop,iftop,ncdu,glances,atop
🔹 Security & Hardening
SSH
- Harden SSH Configuration:
1 2 3 4 5
PermitRootLogin no PasswordAuthentication no AllowUsers adminuser Port 2222 sudo systemctl restart sshd
Firewall
UFW:
- Manage Firewall Rules:
1 2 3
sudo ufw enable sudo ufw allow 22/tcp sudo ufw status verbose
Firewalld:
- Manage Firewall Rules:
1 2 3
sudo firewall-cmd --add-port=443/tcp --permanent sudo firewall-cmd --reload sudo firewall-cmd --list-all
SELinux / AppArmor
- SELinux Commands:
1 2 3 4
getenforce sestatus setenforce 1 # enforcing setenforce 0 # permissive
- AppArmor Commands:
1 2 3
aa-status sudo aa-enforce /etc/apparmor.d/profile sudo aa-disable /etc/apparmor.d/profile
Audit & Logging
- Audit Commands:
1 2 3 4 5 6
auditctl -l ausearch -m avc ausearch -ts today aureport -f grep "Failed password" /var/log/auth.log lastlog
Fail2Ban
- Manage Fail2Ban:
1 2 3
sudo fail2ban-client status sudo fail2ban-client status sshd sudo systemctl restart fail2ban
Malware & Integrity
- Scan for Malware:
1 2
sudo rkhunter --check sudo chkrootkit
- File Integrity Check:
1 2 3
sudo aide --check sudo aideinit mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
Kernel Hardening
- Harden Kernel Parameters:
1 2 3 4 5
sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv4.tcp_syncookies=1 sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 sysctl -w net.ipv4.conf.all.accept_source_route=0 sysctl -w net.ipv4.conf.all.rp_filter=1
🔹 Backup & Recovery
- Backup Commands:
1 2 3
tar -czvf /backup/etc-backup.tar.gz /etc tar -xzvf /backup/etc-backup.tar.gz -C /tmp rsync -avz /etc backupserver:/backup/etc
🔹 Quick Troubleshooting
- CPU, Memory, IO:
1 2 3 4 5
top htop mpstat -P ALL 1 iostat -xz 1 free -h
- Disk Usage & Open Files:
1 2 3
df -h du -sh /path lsof | less
- Network:
1 2 3
ss -tulnp ping -c 4 host nc -zv host port
- System Logs:
1 2
journalctl -xe dmesg | less - Process Debugging:
1
strace -p <pid>
🔹 Legend (Linux Terms)
- PID – Process ID
- UID / GID – User / Group ID
- Daemon – Background process/service
- Sysctl – Kernel parameter interface
- SELinux / AppArmor – Security frameworks
- Auditd – Audit daemon
- RAID / LVM – Storage management
- Fail2Ban / IPTables / UFW – Intrusion prevention
- AIDE – File integrity checker
- SYN Cookie – Protect against TCP SYN flood
- Immutable File – Cannot be modified (
chattr +i)
🔹 Best Practices
- Keep system updated regularly
- Use least privilege and avoid root login
- Use SSH keys and disable password authentication
- Enable firewall and only allow required ports
- Monitor logs and system performance continuously
- Harden kernel parameters with sysctl
- Backup
/etc,/home, and critical configs - Remove unnecessary packages and services
- Regularly scan for malware/rootkits
- Document all sysadmin changes and configs
This post is licensed under CC BY 4.0 by the author.