Essential Linux Command Cheat Sheet for System Administration

Basic Operations

Shutdown and reboot the system:

# Shutdown
shutdown -h now

# Reboot
shutdown -r now

View system and CPU information:

# Kernel info
uname -a

# Kernel version
cat /proc/version

# Environment variables
env

# CPU info
cat /proc/cpuinfo

# Logical CPU count and model
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c

# Physical CPU count and cores
cat /proc/cpuinfo | grep physical | uniq -c

# Check if CPU runs in 64‑bit mode
getconf LONG_BIT

# Verify 64‑bit support
cat /proc/cpuinfo | grep flags | grep ' lm ' | wc -l

Create a symbolic link: ln -s /usr/local/jdk1.8/ jdk RPM related – check if a package is installed:

# List installed packages matching a name
rpm -qa | grep <em>package_name</em>

SSH key generation and deployment:

# Generate SSH key
ssh-keygen -t rsa -C [email protected]

# Copy the public key to the target server's authorized_keys

Command aliasing (add to .bash_profile): alias ll='ls -alF' Synchronize server time: sudo ntpdate -u ntp.api.bz Run commands in the background with nohup:

# With output file
nohup xxx &

# Discard all output
nohup xxx > /dev/null &

# Redirect both stdout and stderr to a log
nohup xxx > out.log 2>&1 &

Forcefully log out an active user (replace TTY): pkill -kill -t <em>TTY</em> Find the full path of a command: which <em>command</em> Check the maximum number of open file descriptors: ulimit -n Configure DNS resolver: vim /etc/resolv.conf Use nslookup to query DNS records: nslookup google.com Show recent login information:

# Last 5 logins
last -n 5

Set a static IP address:

ifconfig em1 192.168.5.177 netmask 255.255.255.0

Disk, File, and Directory Operations

Vim editing shortcuts:

# Global substitution
:%s/x/y/g

# Move cursor to line start / end
0
$

# Jump to file start / end
gg
G

# Toggle line numbers
:set nu
:set nonu

# Search forward and backward
/xxx
?xxx

Edit a read‑only file and save without leaving the editor: :w !sudo tee % View disk and directory size information:

# Mounted filesystems
mount

# Partition usage
df

# Directory size (recursive)
du -H -h

# Top‑level directory sizes only
du -sh *

Word count utilities:

# Line count
wc -l filename

# Word count
wc -w filename

# Length of longest line
wc -L filename

# Byte count
wc -c filename

Compress and decompress archives:

# Create archives
tar czvf xxx.tar <em>directory</em>
zip -r xxx.zip <em>directory</em>

# Extract archives
tar zxvf xxx.tar
# Extract to specific directory
tar zxvf xxx.tar -C /xxx/yyy/
unzip xxx.zip

Change file ownership: chown eagleye.eagleye xxx.log Copy, remote copy, and create directories:

# Copy file
cp xxx.log

# Force overwrite
cp -f xxx.log

# Copy directory recursively
cp -r src_dir dest_dir

# Secure copy over SSH
scp -P <em>port</em> [email protected]:/home/user/xxx /home/xxx

# Create nested directories
mkdir -p /xxx/yyy/zzz

# Batch create Java project structure
mkdir -p src/{test,main}/{java,resources}

Compare two files: diff -u 1.txt 2.txt Log performance testing by counting bytes written: tail -f xxx.log | pv -bt Remove special characters from scripts:

# Show special characters
cat -v xxx.sh

# Delete carriage‑return characters
sed -i 's/^M//g' env.sh

Convert file format to Unix line endings:

# Using dos2unix
find . -name "*.sh" | xargs dos2unix

Redirect output to both screen and file:

awk '{print $0}' xxx.log | tee test.log

Search Commands

Grep examples:

# Invert match
grep -v xxx

# Exclude empty lines
grep -v '^$' file

# Show line numbers for matches
grep -n 'pattern' file

# Count occurrences
grep -c 'pattern' file

# Case‑insensitive search
grep -i 'pattern' file

Awk examples:

# Print lines where the 5th field contains "user"
awk -F ':' '{if ($5 ~ /user/) print $0}' /etc/passwd

# Count occurrences of a character (non‑Chinese)
awk -v RS='character' 'END {print --NR}' xxx.txt

Find command examples:

# Find files with .mysql extension
find /home/eagleye -name "*.mysql" -print

# Files accessed in the last 3 days
find /usr -atime 3 -print

# Files modified in the last 5 days
find /usr -ctime 5 -print

# Files owned by user "jacky" starting with "j"
find /doc -user jacky -name "j*" -print

# Files ending with .bak and delete them
find /doc -name "*bak" -exec rm {} \;

Network Related

Identify the process using a specific port: lsof -i:port Get the machine's IP address (excluding loopback and IPv6):

/sbin/ifconfig -a | grep inet | grep -v 127.0.0.1 | grep -v inet6 | awk '{print $2}' | tr -d "addr:"

iptables firewall management:

# Show status
service iptables status

# Block an IP
iptables -I INPUT -s <em>IP</em> -j DROP

# Unblock an IP
iptables -D INPUT -s <em>IP</em> -j DROP

# Open port 9090
/sbin/iptables -I INPUT -p tcp --dport 9090 -j ACCEPT

# Start/stop/restart firewall
/etc/init.d/iptables start
/etc/init.d/iptables stop
/etc/init.d/iptables restart

Netcat (nc) for TCP testing:

# Send data to a server
nc 192.168.0.11 8000 < data.txt

# Listen and save incoming data
nc -l 8000 > received_data

# Persistent listening
nc -lk 8000

tcpdump to capture packets:

# Capture TCP packets on port 12301
tcpdump -i em1 tcp port 12301 -s 1500 -w abc.pcap

Traceroute variations:

# ICMP traceroute
traceroute -I www.163.com

# Start from TTL 3
traceroute -M 3 www.163.com

# Specify destination port
traceroute -p 8080 192.168.10.11

ss (socket statistics) examples:

# List listening sockets
ss -l

# Show process info for sockets
ss -pl

# Show all TCP sockets
ss -t -a

# Show all UDP sockets
ss -u -a

# Show established SMTP connections
ss -o state established '( dport = :smtp or sport = :smtp )'

# Show established HTTP connections
ss -o state established '( dport = :http or sport = :http )'

netstat examples:

# Count connections per IP and total
netstat -n | awk '/^tcp/ {n=split($(NF-1),a,":"); if(n<=2) ++S[a[1]]; else ++S[a[4]]; ++s[$NF]; ++N} END {for(i in S) printf("%-20s %s
", i, S[i]); printf("%-20s %s
","TOTAL_IP",NR); for(i in s) printf("%-20s %s
",i,s[i]); printf("%-20s %s
","TOTAL_LINK",N);}'

# Show connection state distribution
netstat -n | awk '/^tcp/ {++state[$NF]} END {for(k in state) print k, "\t", state[k]}'

# Find most frequent TIME_WAIT connections
netstat -n | grep TIME_WAIT | awk '{print $5}' | sort | uniq -c | sort -rn | head -n20

Linux Performance Monitoring

top – interactive process viewer (use F or O then a‑z to sort columns, R to reverse).

Column

Meaning

PID

Process ID

PPID

Parent process ID

RUSER

Real user name

UID

User ID of owner

USER

Username of owner

GROUP

Group name of owner

TTY

Terminal that started the process ("?" if none)

PR

Priority

NI

Nice value (negative = higher priority)

P

CPU used last (relevant on multi‑CPU systems)

%CPU

CPU usage percentage since last update

TIME

Total CPU time used (seconds)

%MEM

Physical memory usage percentage

VIRT

Virtual memory size (KB)

RES

Resident (non‑swapped) memory size (KB)

SHR

Shared memory size (KB)

S

Process state (D=uninterruptible sleep, R=running, S=sleep, T=stopped, Z=zombie)

COMMAND

Command name / line

dmesg – display kernel ring buffer messages: dmesg iostat – monitor disk I/O performance:

iostat -xz 1
# Columns: r/s, w/s, rkB/s, wkB/s, await (ms), avgqu‑sz, %util

free – show memory usage:

free -m
# Output includes total, used, free, shared, buffers, cached, and swap.

sar – system activity reporter for network throughput and TCP stats:

# Network device throughput
sar -n DEV 1

# TCP connection statistics
sar -n TCP,ETCP 1

vmstat – report CPU, memory, swap, I/O, and system activity:

# Sample: vmstat 2 1 (collect once after 2‑second interval)
vmstat 2 1