Linux Cheat Sheet - System Administration Commands

Linux System Administration Cheat Sheet #

This is a curated list of Linux commands for myself that I’ve kept written down over the span of five years into my career in IT. I use this often when I can’t remember spesific commands when in a rush.

Quick Reference Categories #

  • User Management & SSH: Setting up users and SSH access
  • Ansible: Automation and configuration management
  • Git: Version control operations
  • File Operations: rsync, grep, and file management
  • SELinux: Security context management
  • Network Configuration: nmcli and network setup
  • System Monitoring: Process and resource monitoring
  • Package Management: RHEL/CentOS package operations
  • Virtualization: KVM/virsh commands
  • Containers: Docker and Podman operations
  • Troubleshooting: Network, DNS, and system diagnostics

User Management & SSH # 

#add ansible user to server
useradd ansible
passwd ansible
usermod -aG wheel ansible
mkdir -p /home/ansible/.ssh
chmod 700 /home/ansible/.ssh
chown ansible:ansible /home/ansible/.ssh
"ssh-rsa..." | sudo tee /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys

#show octal permissions of file
stat authorized_keys

Ansible # 

#run ansible playbook in vscode as ansible user
eval "$(ssh-agent)"
ssh-add ansible_id_rsa
ansible-playbook playbook.yml --user ansible --private-key .ssh/ansible_id_rsa --inventory inventory.ini

Git # 

#git cheat sheet
git init
git status
git add .
git commit -m "Commit message"
git remote add origin <url>
git push -u origin <branch>
git rm -r --cached public/

#show what's modified in detail
git diff
git diff themes/hugo-book
git diff --submodule=diff themes/hugo-book

#submodule operations
git submodule status
git rm --cached themes/hugo-book

File Operations # 

#show rsync progress
rsync -avh --progress /var/lib/libvirt/images/mc.home.arpa.qcow2 /mnt/backups/

#use inverse grep to exclude things
df -Th | grep -v "tmpfs|squashfs"

#find string in files
grep -i 'keeper' -R /etc/apt

#find string in compressed files
zgrep -i "connected" *.log.gz

#pipe command output as argument
rpm -qa | grep htop | xargs rpm -e

#show available disk space nicely formatted
du -hs /* | sort -hr | head

#create a file filled with zeroes (1024M)
dd if=/dev/zero of=/tmp/file.txt count=1024 bs=1024

#grep multiple terms
rpm -qa | grep -Ei 'fuse-libs|libcurl|python36'

#display filetree of the root folder and another folder (with a depth of 1 and hidden files)
tree . themes/hugo-book/ -L 1 -a

#download multiple files
wget -i urls.txt -P files/ --progress=bar

SELinux # 

#check and fix what SELinux is blocking
tail /var/log/audit/audit.log
grep "1675516978.657:437" /var/log/audit/audit.log | audit2why
grep "nginx" /var/log/audit/audit.log | audit2allow -M nginx
ls nginx.pp
semodule -i nginx.pp

#find SELinux errors (requires policycoreutils-python-utils)
audit2why < /var/log/audit/audit.log

Network Configuration # 

#nmcli add backup vlan to NIC team
nmcli connection add type vlan con-name backup dev team0 id 2186 ip4 10.215.159.196/29  ipv4.never-default yes +ipv4.routes "81.175.254.0/24 10.215.159.193"  ipv6.method ignore
#nmcli add another NIC to regular VM (no bond)
mcli con add con-name "grpc" ifname ens162 type ethernet ip4 172.20.13.132/26 ipv4.method manual ipv6.method ignore ipv4.never-default yes +ipv4.routes "172.20.13.128/26 172.20.13.129"
#nmcli list devices
nmcli device status

#add proxy to session
export http_proxy=http://proxy.home.arpa:8080
export https_proxy=http://wproxy.home.arpa:8080
export PATH="$HOME/.local/bin:$PATH"

#test web proxy connection
curl -I https://google.com/ -x proxy.home.arpa:8080
# located in /etc/yum.conf
# proxy=http://wproxy.dnaip.fi:8080
curl -L -O https://github.com/healthchecks/healthchecks/archive/refs/heads/master.zip -x proxy.home.arpa:8080

System Monitoring # 

#check what's using CPU
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu| head

#show processes with PID for /proc
ps -xj

#display process tree
ps -e --forest

#list of commands you use most often
history | awk '{a[$2]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head

#view journalctl for spesific program
journalctl -eu named -f -l

#show what ports host is listening to
netstat -tulpn | grep LISTEN

Package Management # 

#rhel subs-manager commands
subscription-manager status
subscription-manager list --consumed
subscription-manager refresh
subscription-manager attach --auto
subscription-manager status
dnf repolist -v

#rhel satellite rejoin
subscription-manager status
subscription-manager release
subscription-manager repos --list-enabled
subscription-manager unregister
subscription-manager register --org='asd' --activationkey='activation-key' --force --release=<7Server,8,9>
subscription-manager attach --auto
subscription-manager repos --enable=rhel-6-server-optional-rpms

#check which packages were installed from yum history
yum history
yum history info 10

#show which package provides the command 'netstat'
yum whatprovides netstat

Virtualization # 

#get IP addresses of KVM VMs
virsh list | awk '{print $2}' | xargs

#Connect to KVM with virt-manager
virt-manager --connect qemu+ssh://root@kvm.home.arpa/system

#create a checkpoint (snapshot) of a VM
virsh snapshot-create-as test.home.arpa checkpoint-name --description "Checkpoint before update"

#list all checkpoints for a VM
virsh snapshot-list test.home.arpa

#revert VM to a checkpoint
virsh snapshot-revert test.home.arpa checkpoint-name

#delete a checkpoint
virsh snapshot-delete test.home.arpa checkpoint-name

#create checkpoint with memory state (live snapshot)
virsh snapshot-create-as test.home.arpa checkpoint-name --description "Live checkpoint" --memspec file=/var/lib/libvirt/qemu/save/test.home.arpa.save

Containers # 

#podman cheat sheet
podman build ./Dockerfile -t yt-dlp:latest
podman images
podman rmi 8121a9f5303b
podman run --name youtube -dt yt-dlp:latest
podman ps

#kubectl
kubectl get nodes
kubectl apply -f nginx.yaml
kubectl get deploy -A
kubectl delete deploy nginx -n default
kubectl get services
kubectl logs nginx-deployment-78c9ff5d49-cmbdn

#docker install
dnf -y install dnf-plugins-core
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#docker cheat sheet
docker ps -a
docker exec -ti awx_task /bin/bash
docker stats
docker-compose up -d
docker-compose down -d
docker-compose logs nginx
docker-compose config
docker images
docker system prune --all

#update docker compose containers
docker compose pull
docker compose up -d --force-recreate

Troubleshooting # 

#check which DNS server offers results
dig 97.94.87.in-addr.arpa NS +short

#list all DNS records using dig (requires bind-utils)
dig +nocmd example.com any +multiline +noall +answer

#TXT record lookup via dig
dig -t txt lenovo.com

#test UDP port 53
nc -vz -u 1.1.1.1 53
#test TCP port 22
nc -zv 10.10.10.100 22

#tcpdump examples
tcpdump -i ens160 dst port 5544 and host 10.10.10.150 -vvv
tcpdump tcp -X -i ens192 dst port 514 and host 10.10.10.10 -w /tmp/mycap.pcap -vvv
tcpdump tcp -X -i ens192 dst 10.10.10.10 -w /tmp/mycap.pcap -vvv

#ping flooding with max packet size
ping -f -l 65536 -s 1500 10.10.10.9

#ngrep show port's traffic
ngrep -d any port 25

#simulate syslog messages (UDP) via netcat
echo 'test' | nc -u 10.10.10.50 5555

#scan all TCP and UDP ports
nmap -sU -sT -p0-65535 10.0.0.1

Fun & Novelty # 

#novelty
ssh chat.shazow.net
telnet mapscii.me
fortune | cowsay
cat greeting.txt | boxes -d diamonds -a c