All cheatsheets
Linux · Cheatsheet
Linux for DevOps — Cheatsheet
Top 100 commands every DevOps engineer uses daily. Plus systemd, networking, and log triage.
Updated 2026-05-21 10 min
File & directory navigation
| pwd | Print current working directory |
| ls -lah | List all (incl. hidden) with human-readable sizes |
| cd - | Jump back to previous directory |
| tree -L 2 | Tree view, 2 levels deep (install: apt install tree) |
| find . -name '*.log' -mtime -1 | Files modified in last 24h |
| find . -size +100M | Files larger than 100 MB |
| du -sh * | sort -h | Size of each item in PWD, sorted |
| df -hT | Disk free, human-readable, with FS type |
File contents & search
| cat -n file.log | Print with line numbers |
| tail -f -n 200 app.log | Follow last 200 lines (live) |
| less +F app.log | Like tail -f, press Ctrl+C then q to quit |
| grep -rIn 'TODO' . | Recursive search, ignore binaries, show line nums |
| grep -E 'ERROR|FATAL' app.log | Multi-pattern grep |
| awk '{print $1, $NF}' access.log | Print first + last field |
| sed -i 's/old/new/g' file.txt | In-place find/replace |
| jq '.items[] | .name' data.json | Extract field from JSON |
Process & resource monitoring
| ps -ef | grep nginx | Find nginx processes |
| top / htop / btop | Live CPU + memory (btop is gorgeous) |
| pidof nginx | Get PID of a process |
| kill -9 <pid> | Force kill |
| lsof -i :8080 | Who is listening on port 8080 |
| free -h | Memory in human-readable form |
| vmstat 2 5 | 5 samples, 2-sec interval — CPU + memory + IO |
| iostat -xz 2 | Disk IO stats (install: sysstat package) |
Networking
| ip a / ip route | Show interfaces / routing table |
| ss -tlnp | Listening TCP ports + process (replaces netstat) |
| curl -v https://example.com | Verbose HTTP request |
| curl -w '%{http_code} %{time_total}s\n' -o /dev/null -s URL | HTTP code + time only |
| dig +short example.com | DNS lookup, just the answer |
| traceroute -T -p 443 example.com | Trace route over TCP 443 |
| mtr example.com | Live continuous traceroute |
| tcpdump -i eth0 port 443 | Sniff traffic on a port |
Systemd
| systemctl status nginx | Service status + last log lines |
| systemctl restart nginx | Restart unit |
| systemctl enable --now nginx | Start now + at boot |
| systemctl daemon-reload | Reload after editing a unit file |
| journalctl -u nginx -f | Follow logs for one unit |
| journalctl --since '10 min ago' | Logs in last 10 minutes |
| journalctl -p err -b | Errors since last boot |
| systemctl list-units --failed | List failed services |
Users, permissions, security
| whoami / id | Who am I + my groups |
| sudo -u ec2-user -i | Become another user (login shell) |
| chmod 640 file | rw- r-- --- (owner rw, group r, other none) |
| chown -R app:app /opt/app | Recursively change owner + group |
| getfacl path | Show extended ACLs |
| ssh -i key.pem ec2-user@host | SSH with PEM key |
| ssh-keygen -t ed25519 -C 'me@example.com' | Generate modern SSH key |
| sha256sum file.tar.gz | Verify file integrity |
Compression & transfer
| tar -czf out.tar.gz dir/ | Create gzipped tarball |
| tar -xzf in.tar.gz | Extract gzipped tarball |
| rsync -avz --progress src/ user@host:/dst/ | Sync directory over SSH |
| scp file user@host:/path/ | Copy single file over SSH |
| wget -c https://... | Resumable download |
| curl -O https://... | Download keeping remote filename |
Want the full hands-on training behind this?
Cloudadhar batches walk you through every command in a real production setup — with labs, code reviews, and 1:1 doubt sessions.