liminfo

Linux Reference

Free reference guide: Linux Reference

46 results

About Linux Reference

The Linux Reference is a searchable cheat sheet covering the essential commands used in day-to-day Linux system administration and development. It is organized into eight categories — Files, Users, Packages, Network, Processes, Disk, Logs, and Security — so sysadmins and developers can quickly find the right command with a working example without consulting man pages for every task.

System administrators, DevOps engineers, backend developers, and Linux students use this reference when managing servers, configuring cloud instances, and writing shell scripts. The Files section covers the full range of file operations: ls -la for detailed listings, cp -r for recursive copies, chmod for permission management, chown for ownership changes, tar -czf for compressed archives, ln -s for symbolic links, and find with -name and -mtime filters for searching. The Users section includes useradd -m, usermod -aG for group membership, passwd, userdel -r, and id for inspecting user attributes.

The Network section provides commands for modern Linux networking: ip addr show, ss -tulnp to identify open ports and listening processes, curl -I for HTTP header inspection, iptables -L -n for firewall rules, and traceroute. The Security section is especially practical, covering ssh-keygen -t ed25519 for modern key pair generation, ufw for UFW firewall management, fail2ban-client status for brute-force monitoring, openssl genrsa for RSA key generation, and sestatus for SELinux inspection.

Key Features

  • File management: ls -la, cp -r, mv, rm -rf, find with -name/-mtime, chmod, chown, tar, ln -s, and stat
  • User administration: useradd -m, usermod -aG for groups, passwd, userdel -r, and id for UID/GID info
  • Package managers: apt update/upgrade/install for Debian/Ubuntu, yum for RHEL/CentOS, dnf for Fedora/RHEL8+
  • Networking: ip addr, ss -tulnp for open ports, curl -I for HTTP headers, iptables, netstat, traceroute
  • Process management: ps aux, top/htop, kill -9 with pgrep, systemctl status/start/stop, nice for priority
  • Disk and storage: df -h, du -sh, lsblk -f, mount with filesystem type, fdisk -l for partition tables
  • Log inspection: journalctl -u with --since, tail -f for live logs, dmesg for kernel messages, last, logrotate
  • Security: ssh-keygen ed25519, ufw rules, fail2ban-client, openssl genrsa 2048, sestatus for SELinux

Frequently Asked Questions

What does the Linux Reference cover?

It covers eight practical areas of Linux system administration: file management (permissions, archives, search), user and group management, package installation across distributions (apt, yum, dnf), network inspection and firewall management, process monitoring and control, disk usage and partitioning, log analysis with journalctl and syslog, and security tools including SSH keys, UFW, fail2ban, and SELinux.

What is the difference between ss -tulnp and netstat -tulnp?

Both commands show open ports and listening processes, but ss (socket statistics) is the modern replacement for netstat and is faster because it reads directly from the kernel. netstat is from the net-tools package which is deprecated on many distributions. On current Debian/Ubuntu and RHEL systems, ss -tulnp is preferred.

How do I add a user to a group in Linux?

Use usermod -aG groupname username. The -a flag appends to existing groups instead of replacing them, and -G specifies the group. For example, usermod -aG docker ubuntu adds the ubuntu user to the docker group without removing them from other groups. The user must log out and back in for the change to take effect.

How do I check which process is using a specific port?

Run ss -tulnp | grep :PORT or lsof -i :PORT. The ss command shows the process name and PID in the last column. For example, ss -tulnp | grep :80 shows what is listening on port 80. You may need sudo to see process names for ports owned by other users.

What is the difference between journalctl and tail -f for log monitoring?

journalctl is the systemd journal reader and shows structured logs from all services. journalctl -u nginx --since "1 hour ago" shows nginx logs from the past hour with timestamps and metadata. tail -f /var/log/syslog reads a plain text log file in real time. journalctl is preferred on modern systemd-based distributions.

How do I find and delete log files older than 30 days?

Use find /var/log -name "*.log" -mtime +30 -delete. The -mtime +30 flag matches files whose modification time is more than 30 days ago, and -delete removes them. Always test without -delete first by replacing it with -ls to preview which files would be affected.

How do I generate an SSH key pair for a server?

Run ssh-keygen -t ed25519 -C "your@email.com". ED25519 is the modern recommended algorithm — it is faster and more secure than RSA 2048. The command generates a private key (~/.ssh/id_ed25519) and public key (~/.ssh/id_ed25519.pub). Copy the public key to the server with ssh-copy-id user@host.

How do I check SELinux status and what does it do?

Run sestatus or sestatus -v for verbose output. SELinux (Security-Enhanced Linux) enforces mandatory access control policies that restrict what processes can do, even if they run as root. On RHEL/CentOS/Fedora systems it is enabled by default in enforcing mode. Use getenforce to check the current mode and setenforce 0 to temporarily switch to permissive mode for debugging.