Linux DevOps Commands Cheat Sheet
System Observability & Resources
| Command | Usage Example | DevOps Context |
uptime | uptime | Checks system load averages (1, 5, 15 mins). |
htop | htop | Interactive process viewer (replaces top). |
free -m | free -h | Checks RAM usage in human-readable format. |
df -h | df -h / | Monitors disk space on specific partitions. |
du -sh | du -sh /var/log/* | Finds which logs are consuming the most space. |
iostat | iostat -xz 1 | Monitors disk I/O latency and saturation. |
vmstat | vmstat 1 | Monitors memory, swap, and CPU context switches. |
iotop | sudo iotop -o | Identifies which process is “thrashing” the disk. |
dmesg | dmesg | tail -20 | Checks kernel logs for OOM (Out of Memory) kills. |
uname | uname -a | Verifies kernel version and architecture. |
Also read about Networking in Linux: Types, Advantages, and Disadvantages
Networking & Connectivity
| Command | Usage Example | DevOps Context |
ip addr | ip a | Modern way to view IP addresses (replaces ifconfig). |
ss | ss -tulnp | Lists listening ports and associated PIDs. |
curl | curl -I localhost:80 | Tests if a local web server is responding. |
dig | dig google.com | Troubleshoots DNS resolution issues. |
nc (netcat) | nc -zv 10.0.0.5 22 | Checks if a remote port is open/reachable. |
tcpdump | sudo tcpdump -i eth0 | Captures and inspects raw network packets. |
mtr | mtr google.com | Combined ping and traceroute for path analysis. |
wget | wget --spider <URL> | Checks if a file exists on a remote server. |
nslookup | nslookup <domain> | Quick DNS record check. |
nmap | nmap -sP 192.168.1.0/24 | Scans a subnet for active devices. |
Text Processing & Log Analysis
| Command | Usage Example | DevOps Context |
grep | grep -r "error" /var/log | Searches for patterns recursively in files. |
awk | awk '{print $1}' access.log | Extracts specific columns (e.g., IPs) from logs. |
sed | sed -i 's/old/new/g' cf.env | Automates text replacement in config files. |
tail -f | tail -f /var/log/syslog | Streams logs in real-time. |
less | less +G large_file.log | Opens large logs at the end for quick viewing. |
wc -l | ls | wc -l | Counts the number of files or lines. |
sort | sort -nr | Sorts data numerically in reverse. |
uniq -c | uniq -c | Counts occurrences of unique lines. |
cut | cut -d',' -f2 data.csv | Extracts data based on a specific delimiter. |
jq | curl ... | jq '.' | Formats and parses JSON (critical for APIs/Cloud). |
Also read about Explain File Permissions In Linux & Ownership With Examples
File Management & Permissions
| Command | Usage Example | DevOps Context |
chmod | chmod 400 key.pem | Secures SSH private keys. |
chown | sudo chown -R www-data: /var/www | Changes ownership for web server directories. |
find | find . -mtime +7 | Finds files older than 7 days for cleanup. |
rsync | rsync -avz local/ remote:/tmp | Efficiently syncs files between servers. |
tar | tar -czvf backup.tar.gz /data | Compresses directories for backup. |
lsblk | lsblk | Lists all block devices (disks/partitions). |
ln -s | ln -s /path/a /path/b | Creates symbolic links for versioning apps. |
lsof | lsof -i :8080 | Lists which process “owns” a specific port. |
shred | shred -u sensitive.txt | Securely wipes a file so it can’t be recovered. |
stat | stat config.yaml | Displays detailed file metadata (creation/mod time). |
Service & Process Control
| Command | Usage Example | DevOps Context |
systemctl | systemctl restart docker | Manages systemd services. |
journalctl | journalctl -u nginx -f | Follows logs for a specific service. |
ps aux | ps aux | grep python | Lists all running processes. |
kill -9 | kill -9 <PID> | Forces a “zombie” or stuck process to exit. |
nohup | nohup ./script.sh & | Runs a script that survives terminal logout. |
bg / fg | fg %1 | Manages background and foreground jobs. |
crontab -e | crontab -e | Schedules recurring maintenance tasks. |
nice | nice -n 10 ./build.sh | Lowers a process priority to save CPU for others. |
strace | strace -p <PID> | Traces system calls to debug application hangs. |
screen / tmux | tmux attach | Maintains persistent terminal sessions. |
User & Security
| Command | Usage Example | DevOps Context |
sudo !! | sudo !! | Re-runs the last command with root privileges. |
whoami | whoami | Confirms the current effective user. |
id | id jenkins | Checks UID/GID and group memberships. |
usermod | usermod -aG docker $USER | Adds a user to the Docker group. |
visudo | sudo visudo | Safely edits the /etc/sudoers file. |
history | history | grep ssh | Searches for previously executed commands. |
Also read about Explain User And Group Management In Linux With Examples
Linux commands for DevOps interview questions
In a 2026 DevOps interview, the focus has shifted from simple “What is a command?” questions to scenario-based troubleshooting and internal architecture. Interviewers want to see that you understand the “why” behind the system behavior, especially in containerized and cloud-native environments.
System Observability & Troubleshooting
Q: A developer reports their application is “slow” on a Linux server.
- Answer: I follow the USE Method (Utilization, Saturation, and Errors).
uptime/top: Check load average. Is it CPU-bound or I/O-bound?free -m: Check for memory exhaustion or heavy swapping.iostat -xz 1: Check if disk latency is high (Wait %).ss -tuln&ping: Verify network connectivity and port availability.dmesg | tail: Look for OOM (Out of Memory) kills or hardware errors.
Q: You see a “No space left on device” error, but df -h it shows 50% free space. What is happening?
- Answer: This usually points to two possibilities:
- Inode Exhaustion: The filesystem has run out of index nodes. Check with
df -i. - Deleted files still open: A large file (like a log) was deleted, but a running process still holds the file handle. The space won’t be freed until the process is restarted. Check with
lsof | grep deleted.
- Inode Exhaustion: The filesystem has run out of index nodes. Check with
Kernel & Architecture (Cloud-Native focus)
Q: How do Docker containers actually “isolate” processes from each other on a single Linux host?
- Answer: They use two primary kernel features:
- Namespaces: Provide isolation (PID, Network, Mount, User). This makes the process think it has its own private resources.
- Cgroups (Control Groups): Provide resource limits (CPU, RAM, I/O). This prevents a process from consuming the entire host’s resources.
Q: What is the difference between a Hard Link and a Soft Link (Symlink)?
- Answer:
- Hard Link: Points directly to the inode of the data. Deleting the original file doesn’t break the hard link. (Cannot cross filesystems).
- Soft Link: Points to the filename. If the original file is moved or deleted, the link breaks (“dangling link”).
Also read about What Is Linux In Cloud & DevOps? Importance, And Commands
Service Management (systemd)
Q: What is the difference between systemctl stop and systemctl kill?
- Answer:
stopsends a SIGTERM to the service, allowing it to perform a “graceful shutdown” (closing db connections, finishing tasks).killsends a SIGKILL by default, which immediately terminates the process without cleanup.
Q: How do you check why a service failed to start two hours ago?
- Answer: Use
journalctl -u <service_name> --since "2 hours ago". If the system is rebooted, ensure persistent logging is enabled in/etc/systemd/journald.conf.
Automation & Scripting
Q: Write a one-liner to find all .log files in /var/log larger than 100MB, and delete them.
- Answer:
find /var/log -name "*.log" -type f -size +100M -delete
Q: What is the purpose of the #! (shebang) at the start of a script?
- Answer: It tells the kernel which interpreter to use to execute the script (e.g.,
#!/bin/bashor#!/usr/bin/env python3). Using/usr/bin/envis generally more portable across different Linux distributions.
Security & Networking
Q: How do you check which process is listening on Port 80?
- Answer:
sudo lsof -i :80orsudo ss -tulpn | grep :80.
Q: What are the three modes of SELinux?
- Answer:
- Enforcing: Policy is enabled, and access is blocked.
- Permissive: Policy is enabled, but access is not blocked (violations are just logged).
- Disabled: The security module is completely off.
Also read about Linux Troubleshooting Commands With Examples & Cheat Sheet