Linux: Complete Visual Guide

From first command to production administration, everything simplified

7 Fundamentals

7 System

7 Network & Security

1. What is Linux

🐧 What is Linux

KernelCreated by Linus Torvalds in 1991, the core of the OS LicenseOpen source, GNU General Public License (GPL) Multi-userMultiple users can work simultaneously Multi-taskingRun thousands of processes concurrently Runs EverywhereServers, cloud, IoT, phones (Android), supercomputers Server Share96%+ of the top 1 million web servers run Linux Supercomputers100% of the top 500 supercomputers run Linux Philosophy"Everything is a file", devices, processes, sockets are files

🏗️ Linux Architecture

Applications / User Space Browsers, editors, scripts, containers

Shell bash, zsh, fish, command interpreter

System Libraries glibc, bridge between apps and kernel

Kernel Process, memory, device, file system management

Hardware CPU, RAM, disk, NIC, GPU

☁️ Why Linux for Cloud & DevOps

Cloud VMsEvery major cloud (AWS, GCP, Azure) runs Linux by default ContainersDocker and all containers are built on Linux kernel features KubernetesAll K8s nodes run Linux, control plane and workers DevOps ToolsTerraform, Ansible, Jenkins, all Linux-native CI/CDGitHub Actions, GitLab CI, runners are Linux CostFree, no licensing fees, massive community support

2. Linux Distributions

📦 Major Linux Distributions

Distro	Base	Pkg Manager	Use Case
Ubuntu	Debian	apt	General purpose, cloud VMs, most popular
Debian	Independent	apt	Servers, stability-focused
RHEL	Independent	yum / dnf	Enterprise production, paid support
CentOS / Rocky	RHEL	yum / dnf	Enterprise (free RHEL alternative)
Fedora	RHEL upstream	dnf	Cutting-edge features, developer desktop
Alpine	Independent	apk	Containers, minimal ~5MB base image
Amazon Linux	RHEL	yum	AWS-optimized instances
SUSE / openSUSE	Independent	zypper	Enterprise (SAP, Europe)
Arch	Independent	pacman	Rolling release, advanced users

⚔️ Debian Family vs RHEL Family

🔵 Debian / Ubuntu

Package: .deb
Manager: apt / dpkg
Config: /etc/apt/
Popular for cloud VMs
Huge community

🔴 RHEL / CentOS / Rocky

Package: .rpm
Manager: yum / dnf
Config: /etc/yum.repos.d/
Enterprise standard
Paid support available

🎯 How to Choose a Distro

Cloud VMsUbuntu or Debian, most cloud-friendly EnterpriseRHEL or Rocky Linux, certified, supported ContainersAlpine, tiny footprint, fast builds DesktopUbuntu or Fedora, best hardware support AWS WorkloadsAmazon Linux, kernel tuned for EC2 LearningUbuntu, largest community, most tutorials

3. File System Hierarchy

🗂️ FHS, Filesystem Hierarchy Standard

/ (root)

/bin, Essential user commands (ls, cp, mv)

/sbin, System admin binaries (fdisk, mount)

/etc, Configuration files (all system configs)

/home, User home directories (/home/alice)

/var, Variable data (logs, spool, cache)

/tmp, Temporary files (cleared on reboot)

/usr, User programs and data (/usr/bin, /usr/lib)

/opt, Third-party software packages

/dev, Device files (/dev/sda, /dev/null)

/proc, Virtual FS, process and kernel info

/sys, Virtual FS, hardware and driver info

/boot, Bootloader, kernel, initramfs

/lib, Shared libraries for /bin and /sbin

/mnt, Temporary mount point for filesystems

/media, Removable media (USB, CD-ROM)

/srv, Service data (web, FTP)

/root, Root user's home directory

/run, Runtime data since last boot

📁 Key Directories

/etcAll system configuration files /var/logLog files (syslog, auth, kern) /homeUser home directories /tmpTemporary files (world-writable) /usr/binUser-installed programs /usr/localLocally compiled software /optThird-party applications /procLive process and system info /devDevice files (/dev/null, /dev/zero)

📄 File Types in Linux

Symbol	Type	Example
-	Regular file	/etc/passwd
d	Directory	/home/alice
l	Symbolic link	/usr/bin/python → python3
b	Block device	/dev/sda
c	Character device	/dev/tty
p	Named pipe (FIFO)	mkfifo mypipe
s	Socket	/var/run/docker.sock

Use ls -l, first character shows the type

4. Essential Commands

⌨️ Navigation & File Commands

Command	Description	Example
pwd	Print working directory	pwd → /home/alice
ls	List directory contents	ls -la (all + details)
cd	Change directory	cd /var/log, cd .., cd ~
mkdir	Create directory	mkdir -p dir/sub/deep
rmdir	Remove empty directory	rmdir olddir
touch	Create file / update timestamp	touch newfile.txt
cp	Copy files/directories	cp -r src/ dest/
mv	Move or rename	mv old.txt new.txt
rm	Remove files/directories	rm -rf dir/ (caution!)
find	Search for files	find / -name "*.log"
locate	Fast file search (indexed)	locate nginx.conf
which	Show command path	which python3
file	Identify file type	file image.png
stat	Detailed file info	stat /etc/passwd
tree	Directory tree view	tree -L 2
ln	Create links	ln -s target link (symlink)
realpath	Resolve full path	realpath ./script.sh

📖 File Content Commands

Command	Description	Example
cat	Display entire file	cat /etc/hostname
less	Paginated viewer (scroll)	less /var/log/syslog
head	First N lines	head -20 file.txt
tail	Last N lines / follow	tail -f /var/log/syslog
wc	Count lines, words, bytes	wc -l file.txt
sort	Sort lines	sort -n numbers.txt
uniq	Remove adjacent duplicates	sort file \| uniq -c
diff	Compare two files	diff file1 file2
tee	Read stdin, write to file + stdout	echo hi \| tee out.txt
cut	Extract columns	cut -d: -f1 /etc/passwd
tr	Translate / delete characters	echo HELLO \| tr A-Z a-z

🔀 Wildcards & Redirection

Pattern	Meaning
*	Match any characters (zero or more)
?	Match exactly one character
[abc]	Match one of the listed characters
[0-9]	Match a range of characters

Operator	Function
>	Redirect stdout (overwrite)
>>	Redirect stdout (append)
<	Redirect stdin (input)
2>	Redirect stderr
&>	Redirect both stdout + stderr
\|	Pipe, send output to next command

🕐 Aliases & History

alias ll='ls -la'Create a shortcut unalias llRemove the alias historyShow command history !!Repeat last command !42Run history command #42 Ctrl+RReverse search through history Ctrl+CCancel current command Ctrl+LClear screen Ctrl+A / Ctrl+EJump to start / end of line

Aliases go in ~/.bashrc or ~/.zshrc for persistence

5. File Permissions

🔐 Permission Model

Every file has 3 permission groups:

Group	Symbol	Applies to
Owner	u	The file's creator
Group	g	Users in the file's group
Others	o	Everyone else

Each group has 3 permissions:

Permission	Symbol	Numeric	File	Directory
Read	r	4	View contents	List files
Write	w	2	Modify	Create/delete files
Execute	x	1	Run as program	Enter (cd into)

Example: rwxr-xr-- = 754

Owner
rwx
4+2+1 = 7

Group
r-x
4+0+1 = 5

Others
r--
4+0+0 = 4

-rwxr-xr-- 1 alice devs 4096 file.txt
│└─Owner─┘└Group┘└Others┘

🛠️ Permission Commands

Command	Description	Example
chmod	Change mode	chmod 755 script.sh
chmod	Symbolic mode	chmod u+x,g-w file
chown	Change owner	chown alice:devs file
chgrp	Change group	chgrp devs file
umask	Default permission mask	umask 022 → new files get 644

Symbolic: u (user), g (group), o (others), a (all). + add, - remove, = set exact

⚡ Special Permissions

Permission	Numeric	Symbol	Effect
SUID	4000	s on owner x	Run as file owner (e.g. /usr/bin/passwd)
SGID	2000	s on group x	New files inherit group / run as group
Sticky Bit	1000	t on others x	Only owner can delete files (e.g. /tmp)

/tmpdrwxrwxrwt, sticky bit set, anyone writes but only owners delete /usr/bin/passwd-rwsr-xr-x, SUID set, runs as root to update /etc/shadow

📋 Common Permission Patterns

Numeric	Symbolic	Use Case
755	rwxr-xr-x	Executables and public directories
644	rw-r--r--	Regular files (config, text)
600	rw-------	Private files (SSH keys, secrets)
700	rwx------	Private directories, ~/.ssh
444	r--r--r--	Read-only for everyone
777	rwxrwxrwx	AVOID, full access to everyone

6. Users & Groups

👥 User Management Commands

Command	Description	Example
useradd	Create user	useradd -m -s /bin/bash alice
usermod	Modify user	usermod -aG docker alice
userdel	Delete user	userdel -r alice (with home dir)
passwd	Set password	passwd alice
groupadd	Create group	groupadd devops
groupdel	Delete group	groupdel devops
id	Show user/group IDs	id alice
whoami	Current username	whoami → alice
who / w	Who is logged in	w (detailed view)
last	Login history	last -10
su	Switch user	su - alice
sudo	Run as superuser	sudo apt update

📂 Key User Files

/etc/passwdUser accounts, name:x:UID:GID:info:home:shell /etc/shadowEncrypted passwords (root-only) /etc/groupGroup definitions, name:x:GID:members /etc/sudoersSudo access rules (edit with visudo) /etc/login.defsPassword aging and UID ranges /etc/skelTemplate for new user home directories

🆔 User Types

Type	UID Range	Purpose
Root	0	Superuser, full system access
System	1–999	Services (www-data, mysql, nobody)
Regular	1000+	Human users (alice, bob)

Check with: id username, shows UID, GID, and groups

🛡️ sudo, Superuser Do

What is sudoRun a single command as root without switching users sudo commandExecute command as root sudo -u alice cmdRun as a specific user visudoSafe editor for /etc/sudoers NOPASSWDalice ALL=(ALL) NOPASSWD: ALL sudo vs susudo = one command, su = switch entire session Best practiceNever log in as root, always use sudo

7. Text Editors

📝 Vim Essentials

Mode	Key	Action
Normal → Insert	i	Insert before cursor
Normal → Insert	a	Append after cursor
Normal → Insert	o	Open new line below
Any → Normal	Esc	Return to normal mode
Normal	dd	Delete (cut) entire line
Normal	yy	Yank (copy) line
Normal	p	Paste after cursor
Normal	u	Undo
Normal	/pattern	Search forward
Normal	n / N	Next / previous match
Command	:w	Save file
Command	:q	Quit
Command	:wq	Save and quit
Command	:q!	Quit without saving
Command	:%s/old/new/g	Find and replace all

Modes: Normal (navigate) → Insert (type) → Visual (select) → Command (:)

✏️ Nano Essentials

Shortcut	Action
Ctrl+O	Save (Write Out)
Ctrl+X	Exit nano
Ctrl+K	Cut current line
Ctrl+U	Paste (Uncut)
Ctrl+W	Search text
Ctrl+\\	Find and replace
Ctrl+G	Help
Ctrl+_	Go to line number
Alt+U	Undo

Nano shows shortcuts at the bottom, ^ means Ctrl

⚖️ Vim vs Nano

⚡ Vim

Steep learning curve
Extremely powerful once mastered
Modal editing (modes)
Available on every Linux
Plugins, syntax highlighting
Best for power users

📝 Nano

Easy to learn (2 minutes)
What-you-see-is-what-you-get
Shortcuts shown on screen
Available on most systems
No modes, just type
Best for quick edits

8. Package Management

📦 APT vs YUM / DNF

Task	APT (Debian/Ubuntu)	YUM/DNF (RHEL/CentOS)
Install package	apt install nginx	dnf install nginx
Remove package	apt remove nginx	dnf remove nginx
Update package list	apt update	dnf check-update
Upgrade all	apt upgrade	dnf upgrade
Search	apt search nginx	dnf search nginx
List installed	apt list --installed	dnf list installed
Show info	apt show nginx	dnf info nginx
Clean cache	apt clean	dnf clean all
Auto-remove unused	apt autoremove	dnf autoremove

🔄 Package Lifecycle

Repository

→

Download

→

Dependency Resolution

→

Install

→

Configure

→

Update / Remove

Repositories defined in /etc/apt/sources.list (Debian) or /etc/yum.repos.d/ (RHEL)

🧩 Other Package Tools

snapUniversal packages (Canonical), snap install code flatpakUniversal packages (Fedora), desktop apps pipPython packages, pip install flask npmNode.js packages, npm install express gemRuby packages, gem install rails From source./configure → make → make install

Prefer system packages (apt/dnf) over compiling from source when possible

9. Process Management

⚙️ Process Commands

Command	Description	Example
ps	List processes	ps aux (all processes, detailed)
top	Live process monitor	top (q to quit)
htop	Better top (interactive)	htop (install if missing)
kill	Send signal to process	kill -15 1234 (graceful)
kill -9	Force kill	kill -9 1234 (last resort)
killall	Kill by name	killall nginx
pkill	Kill by pattern	pkill -f "python app"
nice	Start with priority	nice -n 10 command
renice	Change running priority	renice -5 -p 1234
nohup	Survive logout	nohup script.sh &
bg / fg	Background / foreground	Ctrl+Z then bg
jobs	List background jobs	jobs -l
&	Run in background	./script.sh &
pgrep	Find PID by name	pgrep nginx

🔄 Process States

Created (fork/exec)

Ready (waiting for CPU)

Running (executing on CPU)

Sleeping (S)
Waiting for I/O

Stopped (T)
Ctrl+Z / signal

Zombie (Z)
Exited, not reaped

Terminated (exit code returned)

📡 Signals

Signal	Number	Shortcut	Effect
SIGHUP	1	,	Hangup, reload config
SIGINT	2	Ctrl+C	Interrupt, graceful stop
SIGQUIT	3	Ctrl+\\	Quit, core dump
SIGKILL	9	,	Force kill, cannot be caught
SIGTERM	15	,	Terminate, graceful (default)
SIGSTOP	19	Ctrl+Z	Pause process
SIGCONT	18	,	Resume paused process

Always try kill -15 (SIGTERM) before kill -9 (SIGKILL)

📊 /proc Filesystem

/proc/PID/statusProcess name, state, memory, threads /proc/PID/cmdlineCommand that started the process /proc/PID/fd/Open file descriptors /proc/cpuinfoCPU model, cores, speed /proc/meminfoTotal / free / available memory /proc/loadavgSystem load (1, 5, 15 minute avg) /proc/uptimeSeconds since boot /proc/versionKernel version string

/proc is a virtual filesystem, files are generated on the fly by the kernel

10. Systemd & Services

🎛️ systemctl Commands

Command	Description
systemctl start nginx	Start service now
systemctl stop nginx	Stop service now
systemctl restart nginx	Stop then start
systemctl reload nginx	Reload config without downtime
systemctl enable nginx	Start on boot
systemctl disable nginx	Don't start on boot
systemctl status nginx	Show current status and recent logs
systemctl is-active nginx	Check if running (returns active/inactive)
systemctl is-enabled nginx	Check if enabled at boot
systemctl list-units --type=service	List all loaded services
systemctl daemon-reload	Reload unit files after changes
systemctl mask nginx	Prevent starting (even manually)
systemctl unmask nginx	Allow starting again

📄 Unit File Structure

[Unit]Metadata and dependencies Description=Human-readable name of the service After=Start after these units (e.g. network.target) Requires=Hard dependency, fail if missing [Service]How to run the service ExecStart=Command to start the service Restart=always / on-failure / no User=Run as this user WorkingDirectory=Working directory for the process [Install]How to enable the service WantedBy=Target that pulls in this unit (multi-user.target)

Unit files live in /etc/systemd/system/ (custom) or /lib/systemd/system/ (packages)

🚀 Linux Boot Process

BIOS / UEFI

→

GRUB Bootloader

→

Kernel

→

systemd (PID 1)

→

Targets

→

Services

systemd replaced SysVinit, it is PID 1, the first process, parent of all others

🎯 Targets & Logging

Target	Equivalent	Purpose
multi-user.target	Runlevel 3	CLI multi-user (servers)
graphical.target	Runlevel 5	GUI desktop
rescue.target	Runlevel 1	Single-user, minimal repair
emergency.target	,	Root shell only, no services

journalctlView systemd logs journalctl -u nginxLogs for a specific service journalctl -fFollow live (like tail -f) journalctl --since "1 hour ago"Time-filtered logs

11. Disk & Storage

💾 Disk Commands

Command	Description	Example
df	Disk space (filesystem level)	df -h (human-readable)
du	Directory disk usage	du -sh /var/log
lsblk	List block devices	lsblk -f (with filesystem)
fdisk	Partition manager	fdisk -l /dev/sda
parted	Advanced partitioning	parted /dev/sda print
mkfs	Create filesystem	mkfs.ext4 /dev/sdb1
mount	Attach filesystem	mount /dev/sdb1 /mnt/data
umount	Detach filesystem	umount /mnt/data
blkid	Show block device UUIDs	blkid /dev/sda1
free	Memory usage (RAM + swap)	free -h
swapon	Enable swap	swapon /swapfile

📀 Filesystem Types

ext4Default Linux FS, journaling, stable, up to 1 EB xfsRHEL default, fast, good for large files btrfsAdvanced, snapshots, compression, RAID tmpfsRAM-based FS, /tmp, /run (fast, volatile) swapVirtual memory on disk (when RAM is full) vfatFAT32, USB drives, EFI partition nfsNetwork File System, shared over network

🧱 LVM, Logical Volume Manager

Physical Volume (PV)

→

Volume Group (VG)

→

Logical Volume (LV)

→

Filesystem

pvcreateInitialize physical volume vgcreateCreate volume group from PVs lvcreateCreate logical volume from VG lvextendGrow a logical volume (online resize) AdvantagesResize volumes, snapshots, span multiple disks

📋 /etc/fstab, Auto-Mount

Field	Description	Example
Device	UUID or /dev path	UUID=xxxx-xxxx
Mount Point	Where to mount	/mnt/data
FS Type	Filesystem	ext4
Options	Mount options	defaults,noatime
Dump	Backup flag	0 (skip)
Pass	fsck order	2 (check after root)

Always use UUID= instead of /dev/sdX, device names can change on reboot

12. Logs & Journald

📋 Important Log Files

/var/log/syslogGeneral system log (Debian/Ubuntu) /var/log/messagesGeneral system log (RHEL/CentOS) /var/log/auth.logAuthentication events (login, sudo, SSH) /var/log/kern.logKernel messages /var/log/dmesgBoot and hardware messages /var/log/apt/Package manager log (Debian) /var/log/yum.logPackage manager log (RHEL) /var/log/nginx/Nginx access and error logs /var/log/cronCron job execution log

🔍 journalctl, Systemd Logs

Command	Description
journalctl	All logs (oldest first)
journalctl -u nginx	Logs for specific unit
journalctl -f	Follow live logs (tail -f style)
journalctl --since "1h ago"	Since a time
journalctl --until "2024-01-01"	Until a date
journalctl -p err	Only errors and above
journalctl -b	Logs from current boot
journalctl -b -1	Logs from previous boot
journalctl --no-pager	Output without paging
journalctl --disk-usage	Check journal disk usage

🔄 Log Rotation

logrotateRotates, compresses, and manages log files Config/etc/logrotate.conf (global), /etc/logrotate.d/ (per-app) rotate NKeep N rotated copies daily/weekly/monthlyRotation frequency compressGzip old logs to save space maxsize 100MRotate when file exceeds size missingokDon't error if log file is missing notifemptyDon't rotate if file is empty

logrotate runs daily via cron (/etc/cron.daily/logrotate)

13. Cron & Scheduling

⏰ Crontab Format

Minute
0–59

Hour
0–23

Day
1–31

Month
1–12

Weekday
0–7

Command
/path/to/script.sh

*Every value (every minute, every hour, etc.) */5Every 5th value (every 5 minutes) 1,15Specific values (1st and 15th) 1-5Range (Monday through Friday, if weekday field)

📅 Common Cron Patterns

Schedule	Crontab
Every minute	*** * * * *** command
Every 5 minutes	**/5 * * *** command
Every hour	0 * * * * command
Every day at midnight	0 0 * * * command
Every Sunday midnight	*0 0 * 0** command
First of every month	0 0 1 * * command
Weekdays at 9 AM	*0 9 * 1-5** command
Every 30 min, 9-5	**/30 9-17 * *** command

🛠️ Cron Tools & Alternatives

crontab -eEdit current user's crontab crontab -lList current user's crontab crontab -rRemove current user's crontab /etc/crontabSystem-wide crontab (has user field) /etc/cron.d/Drop-in cron files /etc/cron.daily/Scripts run daily by anacron /etc/cron.hourly/Scripts run every hour atRun command once at a specific time (at 5pm) systemd timersModern alternative, more features, journald logging

14. Environment Variables

🌍 Key Environment Variables

PATHDirectories searched for commands (/usr/bin:/usr/local/bin:...) HOMECurrent user's home directory (/home/alice) USERCurrent username SHELLDefault shell (/bin/bash, /bin/zsh) LANGSystem locale (en_US.UTF-8) EDITORDefault text editor (vim, nano) TERMTerminal type (xterm-256color) PS1Shell prompt format string HISTSIZENumber of history entries to keep LD_LIBRARY_PATHExtra shared library search paths

⚙️ Working with Variables

Command	Description
export VAR=value	Set and export to child processes
echo $VAR	Print variable value
env	Show all environment variables
printenv VAR	Print specific variable
set	Show all shell variables (env + local)
unset VAR	Remove a variable

~/.bashrcLoaded for interactive non-login shells ~/.bash_profileLoaded for login shells ~/.profileLoaded if no .bash_profile /etc/environmentSystem-wide variables (all users) /etc/profile.d/*.shSystem-wide login scripts

🔄 Shell Config Load Order

/etc/profile

→

~/.bash_profile

→

~/.bashrc

→

~/.bash_logout

Non-login shell (new terminal tab):

~/.bashrc only

Tip: Put exports in ~/.bashrc and source it from ~/.bash_profile for consistency

15. Linux Networking

🌐 Network Commands

Command	Description	Example
ip addr	Show IP addresses and interfaces	ip addr show eth0
ip route	Show routing table	ip route show
ip link	Manage network interfaces	ip link set eth0 up
ss	Socket statistics (connections)	ss -tlnp (TCP listening)
ping	Test connectivity (ICMP)	ping -c 4 google.com
traceroute	Trace packet path	traceroute google.com
dig	DNS lookup (detailed)	dig google.com A
nslookup	DNS lookup (simple)	nslookup google.com
curl	Transfer data (HTTP, etc.)	curl -I https://example.com
wget	Download files	wget https://example.com/file.tar.gz
nc (netcat)	TCP/UDP swiss-army knife	nc -zv host 80 (port check)
hostname	Show or set hostname	hostnamectl set-hostname web01
nmcli	NetworkManager CLI	nmcli device status

📂 Network Config Files

/etc/hostsStatic hostname to IP mapping (local DNS override) /etc/resolv.confDNS server addresses (nameserver 8.8.8.8) /etc/hostnameSystem hostname /etc/nsswitch.confName resolution order (files, dns) /etc/network/interfacesNetwork config (Debian, older) /etc/sysconfig/network-scripts/Network config (RHEL/CentOS) /etc/netplan/*.yamlNetwork config (Ubuntu 18.04+)

🔄 Modern vs Legacy Commands

Legacy (deprecated)	Modern Replacement
ifconfig	ip addr, ip link
route	ip route
netstat	ss
arp	ip neigh
traceroute	tracepath (no root needed)

The ip command from iproute2 replaces ifconfig, route, and arp

🔧 Network Troubleshooting Flow

1. Check interface: ip addr, Is it UP? Has IP?

2. Check gateway: ip route, Default route exists?

3. Ping gateway: ping GATEWAY_IP, Layer 2/3 OK?

4. Ping DNS: ping 8.8.8.8, Internet reachable?

5. DNS test: dig google.com, Name resolution OK?

6. Check firewall: iptables -L / ufw status

16. SSH, Secure Shell

🔑 SSH Connection Flow

Client runs
ssh user@host

→

Connect to
Port 22

→

Key Exchange
(Diffie-Hellman)

→

Authentication
(key or password)

→

Encrypted
Session

⌨️ SSH Commands

Command	Description
ssh user@host	Connect to remote server
ssh -p 2222 user@host	Connect on custom port
ssh-keygen -t ed25519	Generate SSH key pair
ssh-copy-id user@host	Copy public key to server
scp file user@host:/path	Secure copy file to remote
sftp user@host	Interactive secure file transfer
ssh-agent bash	Start SSH agent
ssh-add ~/.ssh/id_ed25519	Add key to agent
ssh -L 8080:localhost:80 host	Local port forwarding (tunnel)
ssh -J jump host	SSH via jump host (ProxyJump)

~/.ssh/configClient SSH config (aliases, keys, options) ~/.ssh/authorized_keysAllowed public keys on server ~/.ssh/known_hostsFingerprints of known servers /etc/ssh/sshd_configServer-side SSH configuration

🔐 SSH Key Authentication Flow

1. Generate key pair: ssh-keygen -t ed25519

2. Copy public key to server: ssh-copy-id user@host

3. Client sends public key fingerprint to server

4. Server checks ~/.ssh/authorized_keys, match found

5. Access granted, no password needed

Ed25519Recommended, fast, secure, short keys RSA (4096-bit)Widely compatible, good fallback ECDSAElliptic curve, faster than RSA

🛡️ SSH Hardening

PermitRootLogin noDisable root SSH login PasswordAuthentication noKey-only authentication Port 2222Change default port (avoid scanners) AllowUsers alice bobWhitelist specific users MaxAuthTries 3Limit login attempts ClientAliveInterval 300Timeout idle sessions (5 min) fail2banBan IPs after failed attempts Key permissions~/.ssh = 700, private key = 600, authorized_keys = 644

After editing /etc/ssh/sshd_config, run: systemctl restart sshd

17. Firewall

🧱 iptables Chain Flow

Incoming Packet

→

PREROUTING

→

Routing Decision

→

INPUT (local)
or FORWARD (transit)

→

OUTPUT (local out)

→

POSTROUTING

Table	Purpose	Chains
filter	Allow/deny packets (default)	INPUT, FORWARD, OUTPUT
nat	Network address translation	PREROUTING, OUTPUT, POSTROUTING
mangle	Packet header modification	All chains
raw	Skip connection tracking	PREROUTING, OUTPUT

🔵 UFW (Ubuntu Firewall)

Command	Description
ufw enable	Activate firewall
ufw disable	Deactivate firewall
ufw status verbose	Show rules and status
ufw allow 22	Allow SSH
ufw allow 80/tcp	Allow HTTP (TCP only)
ufw deny 3306	Block MySQL port
ufw allow from 10.0.0.0/8	Allow from subnet
ufw delete allow 80	Remove a rule
ufw reset	Reset to defaults

UFW is a user-friendly frontend for iptables, ideal for Ubuntu servers

🔴 firewalld (RHEL/CentOS)

Command	Description
firewall-cmd --state	Check if running
firewall-cmd --list-all	Show all rules
firewall-cmd --add-service=http	Allow HTTP
firewall-cmd --add-port=8080/tcp	Allow port 8080
firewall-cmd --remove-port=8080/tcp	Remove port rule
firewall-cmd --reload	Apply pending changes
firewall-cmd --zone=public --list-all	Show zone rules
--permanent	Persist across reboots (add to any cmd)

⚖️ Firewall Comparison

Feature	iptables	UFW	firewalld
Complexity	High	Low	Medium
Distro	Any	Debian/Ubuntu	RHEL/CentOS/Fedora
Zones	No	No	Yes
Live reload	Immediate	Immediate	--reload needed
Backend	Kernel netfilter	iptables	nftables / iptables

nftablesModern replacement for iptables, unified syntax, better performance

18. Linux Security

🛡️ Security Checklist

Update regularlyapt upgrade / dnf upgrade, patch vulnerabilities Use sudo, not rootNever login as root, use sudo for privilege escalation Strong passwordsUse password policies, length, complexity, expiry SSH keys onlyDisable password auth, PasswordAuthentication no Firewall enabledUFW or firewalld, deny all, allow specific Disable unused servicessystemctl disable service, reduce attack surface Monitor logsCheck /var/log/auth.log and journalctl regularly File permissionsPrinciple of least privilege, 600 for secrets, 755 for scripts SELinux / AppArmorMandatory access control, enforcing mode in production Automatic updatesunattended-upgrades (Debian) or dnf-automatic (RHEL)

🔒 SELinux vs AppArmor

SELinux (RHEL)

Label-based MAC
Very granular control
Complex to configure
Default on RHEL/CentOS

AppArmor (Ubuntu)

Path-based MAC
Easier to learn
Profile per application
Default on Ubuntu/SUSE

getenforceCheck SELinux mode setenforce 1Set SELinux to enforcing sestatusDetailed SELinux status aa-statusAppArmor status

🔧 Security Tools

fail2banAuto-ban IPs after failed logins (SSH brute-force protection) auditdSystem audit daemon, track file access, syscalls rkhunterRootkit detection scanner ClamAVOpen-source antivirus (mail servers, file scanning) lynisSecurity audit tool, scans and scores your system nmapNetwork scanner, find open ports and services OpenSCAPCompliance scanning (CIS benchmarks)

🏰 Hardening Best Practices

Disable root SSHPermitRootLogin no in sshd_config Remove unused packagesapt autoremove / dnf autoremove Password policies/etc/login.defs, PASS_MAX_DAYS, PASS_MIN_LEN Auto updatesunattended-upgrades or dnf-automatic Audit loggingEnable auditd, log file access and privilege use Disk encryptionLUKS for full disk encryption at rest Limit cron/etc/cron.allow, only listed users can use cron Banner warning/etc/issue.net, legal warning before login

19. Text Processing

🔤 Core Text Processing Tools

Tool	Purpose	Example
grep	Search text by pattern	grep "error" /var/log/syslog
sed	Stream editor (find/replace)	sed 's/old/new/g' file
awk	Column processing & reporting	awk '(print $1, $3)' file
cut	Extract fields / columns	cut -d: -f1 /etc/passwd
sort	Sort lines	sort -t: -k3 -n /etc/passwd
uniq	Remove duplicate lines	sort file \| uniq -c
tr	Translate or delete chars	echo HELLO \| tr A-Z a-z
xargs	Build commands from stdin	find . -name "*.log" \| xargs rm
tee	Write to file and stdout	echo hi \| tee log.txt

🔍 grep, Pattern Search

Flag	Description
-i	Case insensitive search
-r	Recursive (search all files in dir)
-n	Show line numbers
-v	Invert match (lines NOT matching)
-c	Count matching lines
-l	Show only filenames with matches
-E	Extended regex (egrep)
-w	Match whole words only
-A 3	Show 3 lines after match
-B 3	Show 3 lines before match

grep -rn "TODO" ., recursively find all TODOs with line numbers

✂️ sed, Stream Editor

Command	Description
sed 's/old/new/'	Replace first occurrence per line
sed 's/old/new/g'	Replace all occurrences
sed -i 's/old/new/g' file	In-place edit (modify file)
sed '/pattern/d'	Delete lines matching pattern
sed -n '5,10p'	Print only lines 5–10
sed '3i\new text'	Insert text before line 3
sed '3a\new text'	Append text after line 3

Always test without -i first, then add -i to modify in place

📊 awk, Column Processing

awk '(print $1)'Print first column (space-delimited) awk -F: '(print $1)'Use : as field separator awk '$3 > 1000'Filter rows where column 3 > 1000 awk 'NR==5'Print only line 5 (NR = line number) awk 'END (print NR)'Print total number of lines NFNumber of fields in current line

Pipe chain example:

This gets the top 10 IP addresses from an access log

20. Shell Scripting

📜 Script Basics

Shebang#!/bin/bash, first line tells which interpreter to use VariablesVAR=value (no spaces around =), use with $VAR $1, $2, $3Positional arguments passed to script $@All arguments as separate strings $#Number of arguments $?Exit code of last command (0 = success) $$PID of current script Single quotes'literal', no variable expansion Double quotes"expand $VAR", variables are expanded $(command)Command substitution, capture output Exit codes0 = success, 1-255 = error. Use: exit 0

🔀 Control Structures

Structure	Syntax
if	if [ condition ]; then ... elif ...; then ... else ... fi
for	for i in 1 2 3; do echo $i; done
for (C-style)	for ((i=0; i<10; i++)); do echo $i; done
while	while [ condition ]; do ... done
until	until [ condition ]; do ... done
case	case $VAR in pattern1) cmd;; pattern2) cmd;; esac
function	my_func() ( echo "hello"; ), define reusable block

Test conditions: [ -f file ] (file exists), [ -d dir ] (dir exists), [ -z "$str" ] (empty string)

🧩 Useful Patterns

Read inputread -p "Enter name: " name File exists?if [ -f /path/file ]; then ... fi Dir exists?if [ -d /path/dir ]; then ... fi String compareif [ "$a" = "$b" ]; then ... fi Numeric compare-eq, -ne, -lt, -gt, -le, -ge Arithmeticresult=$((5 + 3)) or let "result = 5 + 3" Arraysarr=(one two three); echo $arr[0] → but use arr notation Cmd substitutiontoday=$(date +%Y-%m-%d) Default valuename=$( 1:-"default" ), if $1 empty, use "default"

✅ Best Practices

set -euo pipefailExit on error, undefined var, pipe failure Always quote "$VAR"Prevent word splitting and globbing bugs Check return codesif ! command; then echo "failed"; exit 1; fi Use functionsBreak scripts into reusable, testable functions Add loggingecho "[INFO] message" or use logger command Use shellcheckStatic analysis, catches common bugs. Run: shellcheck script.sh Trap signalstrap cleanup EXIT, clean up on script exit Use /bin/bashAvoid /bin/sh if using bash features (arrays, etc.)

21. Linux Quick Reference

📋 Master Command Cheat Sheet

Category	Command	Description
Navigation	pwd	Print working directory
	ls -la	List all files with details
	cd /path	Change directory
	find / -name "file"	Find files by name
	tree -L 2	Show directory tree
Files	cp -r src dest	Copy files/directories
	mv old new	Move or rename
	rm -rf dir	Remove directory (caution!)
	cat / less / head / tail	View file contents
	tar -czf archive.tar.gz dir/	Create compressed archive
Permissions	chmod 755 file	Change file mode
	chown user:group file	Change owner and group
	umask 022	Set default permissions
	ls -la	View permissions
Users	useradd -m user	Create user with home dir
	passwd user	Set user password
	usermod -aG group user	Add user to group
	sudo command	Run as superuser
Packages	apt update && apt upgrade	Update packages (Debian)
	apt install pkg	Install package (Debian)
	dnf install pkg	Install package (RHEL)
	apt search pkg	Search packages
Processes	ps aux	List all processes
	top / htop	Live process monitor
	kill -15 PID	Gracefully stop process
	kill -9 PID	Force kill process
	systemctl status service	Check service status
Network	ip addr	Show IP addresses
	ss -tlnp	Show listening ports
	ping host	Test connectivity
	curl -I url	HTTP headers check
	dig domain	DNS lookup
Disk	df -h	Disk space usage
	du -sh dir/	Directory size
	lsblk	List block devices
	free -h	Memory usage
Logs	journalctl -u service	View service logs
	tail -f /var/log/syslog	Follow live logs
	dmesg \| tail	Recent kernel messages
Services	systemctl start service	Start a service
	systemctl enable service	Enable at boot
	systemctl restart service	Restart a service
	systemctl daemon-reload	Reload unit files
SSH	ssh user@host	Connect to remote server
	ssh-keygen -t ed25519	Generate SSH key pair
	scp file user@host:/path	Secure copy to remote