🎉 DevOps Interview Prep Bundle is live — 1000+ Q&A across 20 topicsGet it →
All Cheatsheets

Linux Cheatsheet

Essential Linux commands for DevOps engineers — file system, processes, networking, permissions, systemd, and performance.

7 sections80 commandsClick any row to copy

File System

ls -lah
find / -name '*.log' -mtime -7
find /var/log -size +100M
du -sh /var/log/*
df -h
df -ih
cp -r src/ dst/
rsync -avz src/ user@host:dst/
tar -czf archive.tar.gz /path/to/dir
tar -xzf archive.tar.gz -C /target
ln -s /actual/path /symlink/path
stat filename

List files with human-readable sizes and hidden files

Find all .log files modified in last 7 days

Find files larger than 100MB

Show disk usage of each item in /var/log

Show disk space usage on all filesystems

Show inode usage (useful when disk full but du shows space)

Copy directory recursively

Sync directory to remote (preserves permissions)

Create compressed tarball

Extract tarball to specific directory

Create symbolic link

Show file metadata (permissions, size, timestamps)

Permissions

chmod 755 script.sh
chmod 600 ~/.ssh/id_rsa
chmod -R 644 /var/www/html
chown user:group file
chown -R www-data:www-data /var/www
umask 022
sudo -u www-data command
visudo
groups username
usermod -aG docker $USER

rwx for owner, rx for group/others

Read/write for owner only (SSH key)

Recursively set permissions

Change file owner and group

Recursively change ownership

Default permissions mask (new files get 644)

Run command as another user

Safely edit sudoers file

Show groups a user belongs to

Add user to docker group

Processes

ps aux | grep nginx
ps aux --sort=-%cpu | head -10
top -b -n 1 | head -20
htop
kill -9 PID
pkill -f 'python app.py'
lsof -i :8080
fuser -k 8080/tcp
nohup command &
command &
jobs
fg %1
strace -p PID

Find processes matching nginx

Top 10 CPU-consuming processes

Snapshot of top processes (non-interactive)

Interactive process viewer (install separately)

Force kill process by PID

Kill process by name/pattern

Which process is using port 8080

Kill process using port 8080

Run command immune to hangups

Run command in background

List background jobs

Bring job 1 to foreground

Trace system calls of a running process

Networking

ss -tlnp
netstat -tlnp
curl -v https://example.com
curl -o /dev/null -s -w '%{http_code}' URL
wget -q -O - URL
nslookup domain.com
dig domain.com A
traceroute domain.com
nc -zv host 443
iptables -L -n -v
ip addr show
ip route show
tcpdump -i eth0 port 80

Show all listening TCP ports with process names

Same as above (older systems)

Verbose HTTP request showing headers

Get HTTP status code only

Download URL content to stdout

DNS lookup

Detailed DNS A record lookup

Trace network path to host

Test if port is open

List all iptables rules

Show all network interfaces and IPs

Show routing table

Capture HTTP traffic on eth0

Systemd & Services

systemctl status nginx
systemctl start|stop|restart nginx
systemctl enable nginx
systemctl disable nginx
systemctl reload nginx
systemctl list-units --failed
journalctl -u nginx -f
journalctl -u nginx --since '1 hour ago'
journalctl -p err -b
systemctl daemon-reload

Show service status and recent logs

Start, stop, or restart service

Enable service to start on boot

Disable service from starting on boot

Reload config without downtime

Show all failed services

Follow service logs in real time

Service logs from last hour

Show error-level logs since last boot

Reload systemd after changing unit files

Performance & Monitoring

free -h
vmstat 1 5
iostat -xz 1
sar -u 1 5
uptime
dmesg | tail -20
cat /proc/cpuinfo | grep processor | wc -l
cat /proc/meminfo | head -5
lscpu
lsblk

Show RAM and swap usage

CPU, memory, I/O stats every 1s (5 times)

Disk I/O statistics

CPU utilization history

System load average (1, 5, 15 min)

Kernel messages (OOM kills, hardware errors)

Number of CPU cores

Detailed memory information

CPU architecture details

List block devices (disks, partitions)

Text Processing

grep -r 'error' /var/log/ --include='*.log'
grep -i 'ERROR\|WARN' app.log | tail -50
awk '{print $1, $4}' access.log
awk '/ERROR/{count++} END{print count}' app.log
sed -i 's/old/new/g' file.txt
sort -k2 -n file.txt
sort | uniq -c | sort -rn
cut -d',' -f1,3 file.csv
wc -l file.txt
tail -f /var/log/syslog | grep -v DEBUG
jq '.items[] | .metadata.name' data.json
xargs -I{} command {}

Recursive grep in log files

Case-insensitive multi-pattern grep

Print columns 1 and 4

Count ERROR occurrences

In-place find and replace

Sort by second column numerically

Count and sort occurrences

Extract columns 1 and 3 from CSV

Count lines in file

Follow log, exclude DEBUG lines

Parse JSON with jq

Execute command for each stdin line