Linux Commands Every DevOps Engineer Must Know

command  -flag  argument
   |       |       |
   |       |    What you operate on (a file, a name, a path)
   |    Modifies how the command behaves
The program you are running

ls
ls -l
ls -lah /var/log

drwxr-xr-x  3 root root 4.0K Jan  1 10:00 nginx/
-rw-r--r--  1 root root  12K Jan  1 09:55 syslog

find /etc -name "*.conf" -type f
find /var -name "*.log" -mtime -1
find . -name "*.py" -size +1M

find / -name "app.conf" -type f 2>/dev/null

du -sh /var/lib/docker
du -sh /* 2>/dev/null | sort -rh | head -10

# Create a directory (and all parent directories if they don't exist)
mkdir -p /app/config/envs

# Copy a file
cp config.yml config.yml.backup

# Copy an entire folder
cp -r ./myapp ./myapp-backup

# Move or rename
mv old-name.txt new-name.txt
mv ./file.txt /opt/app/file.txt

# Delete a file
rm file.txt

# Delete a folder and everything inside it (DANGEROUS — no undo!)
rm -rf /tmp/build-artifacts

# Compress a folder into a .tar.gz file
tar -czf backup.tar.gz ./myapp

# Extract a .tar.gz file into a specific folder
tar -xzf backup.tar.gz -C /opt/myapp

chmod 755 deploy.sh
chmod 600 ~/.ssh/id_rsa
chown -R appuser:appgroup /var/app

top
htop

top - 14:23:01 up 5 days, load average: 0.52, 0.48, 0.45
Tasks: 142 total,   1 running, 141 sleeping
%Cpu(s):  5.2 us,  1.3 sy, 92.8 id
MiB Mem :   3934.0 total,    412.3 free,   2100.4 used

ps aux
ps aux | grep nginx
ps -ef --forest

USER   PID  %CPU  %MEM   VSZ    RSS  TTY   STAT  START   TIME  COMMAND
root   123   0.0   0.1  5120   1024  ?     Ss    10:00   0:00  nginx: master

kill -9 1234
pkill -f "python app.py"
killall nginx

systemctl status nginx
systemctl start nginx
systemctl stop nginx
systemctl restart nginx
systemctl reload nginx
systemctl enable nginx
systemctl disable nginx

● nginx.service - A high performance web server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: active (running) since Mon 2024-01-01 10:00:00; 5 days ago
 Main PID: 1234 (nginx)

journalctl -u nginx
journalctl -u nginx -f
journalctl -u nginx --since "2 hours ago"
journalctl -u nginx --since "2024-01-01 10:00" --until "2024-01-01 11:00"
journalctl -p err -b
journalctl --disk-usage

journalctl -u nginx -n 50 --no-pager

free -h
df -h
df -h /var

              total        used        free      shared  buff/cache   available
Mem:          3.8Gi       2.1Gi       400Mi       150Mi       1.3Gi       1.4Gi
Swap:         2.0Gi       100Mi       1.9Gi

Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1       50G   38G   12G  77% /
/dev/xvdb1      100G   80G   20G  80% /var/lib/docker

# Create a new user (also creates their home directory at /home/username)
adduser devops

# Add an existing user to the sudo group (grants admin privileges)
usermod -aG sudo devops

# Change a user's password
passwd devops

# Delete a user AND their home directory
userdel -r olduser

su - devops          # Switch to devops user (need THEIR password)
sudo -i              # Get a root shell (need YOUR own password)
sudo systemctl restart nginx   # Run one command as root
sudo -u postgres psql          # Run as a specific non-root user

ping -c 4 8.8.8.8
traceroute google.com
mtr google.com

nslookup example.com
dig example.com
dig example.com A              # only get IPv4 address (A) records
dig example.com MX             # get mail server records
dig @8.8.8.8 example.com       # use Google's DNS instead of your system DNS
dig +short example.com         # just the IP, no extra output

;; ANSWER SECTION:
example.com.    3600    IN    A    93.184.216.34
                  |                    |
           TTL in seconds         The IP address

# Basic GET request — see the response body
curl https://api.example.com

# Get only the HTTP response headers
curl -I https://api.example.com/health

# Get just the HTTP status code (e.g., 200, 404, 500)
curl -s -o /dev/null -w "%{http_code}" https://api.example.com/health

# Send a POST request with a JSON body
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer mytoken" \
  -d '{"name": "hemanth", "role": "devops"}' \
  https://api.example.com/users

# Download a file, saving with the same filename
curl -O https://example.com/file.tar.gz

# Download and save with a custom name
curl -o custom-name.tar.gz https://example.com/file.tar.gz

STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://myapp.com/health)
if [ "$STATUS" != "200" ]; then
  echo "Health check failed! Got HTTP $STATUS"
  exit 1
fi
echo "Service is healthy!"

ss -tulnp
ss -tulnp | grep 8080

Netid  State   Local Address:Port   Process
tcp    LISTEN  0.0.0.0:80          users:(("nginx",pid=1234))
tcp    LISTEN  0.0.0.0:443         users:(("nginx",pid=1234))
tcp    LISTEN  127.0.0.1:5432      users:(("postgres",pid=5678))

# Connect to a remote server using a password
ssh username@192.168.1.10

# Connect using an SSH private key (common for AWS EC2 instances)
ssh -i ~/.ssh/mykey.pem ubuntu@ec2-52-10-x-x.compute.amazonaws.com

# Create a tunnel: access remote PostgreSQL on your local port 5432
ssh -L 5432:localhost:5432 user@remote-server
# Now open another terminal and: psql -h localhost -U myuser mydb

# Copy a file TO a remote server
scp ./deploy.sh ubuntu@10.0.0.5:/home/ubuntu/

# Copy a file FROM a remote server to your current folder
scp ubuntu@10.0.0.5:/var/log/app.log ./

# Copy an entire folder recursively
scp -r ./myapp ubuntu@10.0.0.5:/opt/myapp

# Sync a folder efficiently (only transfers changed files)
rsync -avz ./local/ user@remote:/remote/
# Also delete files on remote that were deleted locally:
rsync -avz --delete ./local/ user@remote:/remote/

grep "ERROR" app.log
grep -rn "ERROR" /var/log/ --include="*.log"
grep -v "DEBUG" app.log
grep -E "ERROR|WARN|CRITICAL" app.log
grep -c "500" access.log
grep -A 5 -B 2 "NullPointerException" app.log

grep -B 10 "Exception" app.log | tail -60

# Show the last 50 lines
tail -n 50 app.log

# Follow a log file live — stays open, prints new lines as they arrive
tail -f /var/log/syslog

# Follow AND filter at the same time — only show 5xx HTTP errors
tail -f /var/log/nginx/access.log | grep " 5[0-9][0-9] "

# Show only the first 20 lines (good for reading config file headers)
head -n 20 config.yml

# Print only the first field (column) of each line
awk '{print $1}' access.log

# Print the 1st and 9th columns (IP and HTTP status in nginx logs)
awk '{print $1, $9}' access.log

# Count unique IP addresses in an nginx access log — full pipeline
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -20

# Change the field separator (for CSV files use comma)
awk -F',' '{print $1, $3}' data.csv

# Sum a numeric column (e.g., bytes sent — column 10 in nginx logs)
awk '{sum += $10} END {print "Total bytes:", sum}' access.log

# Skip the header row (NR = line Number of Record)
awk -F',' 'NR>1 {sum += $3} END {print sum}' data.csv

awk '{print $1}' access.log     # Step 1: Extract IP column
  | sort                        # Step 2: Sort them (groups same IPs together)
  | uniq -c                     # Step 3: Count consecutive identical lines
  | sort -rn                    # Step 4: Sort by count, highest first
  | head -20                    # Step 5: Show only the top 20

# Replace all occurrences and save back to the file (-i means in-place)
sed -i 's/localhost/prod-db.internal/g' config.yml

# Preview the replacement WITHOUT modifying the file (no -i flag)
sed 's/localhost/prod-db.internal/g' config.yml

# Delete all comment lines (lines starting with #)
sed -i '/^#/d' config.conf

# Delete all blank/empty lines
sed -i '/^$/d' file.txt

# Print only specific line numbers (useful for huge log files)
sed -n '10,20p' bigfile.log

# Preview first
sed 's/staging-db.internal/prod-db.internal/g' app.yml | head -30

# Apply if it looks right
sed -i 's/staging-db.internal/prod-db.internal/g' app.yml

# Pretty-print a JSON response (adds indentation and colors)
kubectl get pod my-pod -o json | jq .

# Extract a specific field from JSON
kubectl get pods -o json | jq '.items[].metadata.name'

# Reshape the output — create a new JSON object with selected fields
kubectl get nodes -o json | jq '.items[] | {name: .metadata.name, cpu: .status.capacity.cpu}'

# Filter results based on a condition
kubectl get pods -o json | jq '.items[] | select(.status.phase != "Running")'

# Navigate nested paths
cat response.json | jq '.data.user.email'

# Get the count of items in an array
cat pods.json | jq '.items | length'

aws ec2 describe-instances | jq '.Reservations[].Instances[].InstanceId'

# See running containers
docker ps

# See ALL containers including stopped ones
docker ps -a

# Run a new container from an image
docker run -d -p 8080:80 --name web nginx

# Start a stopped container
docker start web

# Stop gracefully (sends SIGTERM, waits 10s, then SIGKILL)
docker stop web

# Restart
docker restart web

# Remove a stopped container
docker rm web

# Force remove even if it's still running
docker rm -f web

# Remove ALL containers (stopped and running)
docker rm -f $(docker ps -aq)
# $(command) runs the inner command first and substitutes its output
# docker ps -aq = list all container IDs quietly (just IDs, no headers)

# List all local images
docker images

# Download an image from Docker Hub
docker pull ubuntu:22.04
# Format: image_name:tag. If you omit the tag, "latest" is used.

# Build an image from your Dockerfile in the current directory
docker build -t myapp:v1.0 .

# Tag an image for a private registry
docker tag myapp:v1.0 myregistry.io/myteam/myapp:v1.0

# Push the tagged image to the registry
docker push myregistry.io/myteam/myapp:v1.0

# Remove a local image
docker rmi myapp:v1.0

# View container logs
docker logs web

# Stream live logs with the last 100 lines shown first
docker logs -f --tail=100 web

# Get an interactive shell inside a running container
docker exec -it web bash
docker exec -it web sh          # use sh if bash is not installed in the image

# Run a single command inside the container without opening a shell
docker exec web nginx -t        # test nginx config

# Inspect all details about a container (network, mounts, env vars, etc.)
docker inspect web

# Live resource usage for all running containers
docker stats
docker stats web                # for one specific container

# Get the container's internal IP address
docker inspect web | jq '.[0].NetworkSettings.IPAddress'

# Get all environment variables
docker inspect web | jq '.[0].Config.Env'

# Get mounted volumes
docker inspect web | jq '.[0].Mounts'

# Nuclear option — removes ALL unused containers, networks, images, and build cache
docker system prune -af

# Only remove dangling (unnamed/untagged) images
docker image prune -f

# Remove volumes not attached to any container (WARNING: deletes data!)
docker volume prune -f

# Check how much disk space Docker is using overall
docker system df

# Start all services defined in docker-compose.yml (in background)
docker-compose up -d

# Rebuild images before starting (do this after changing Dockerfile or source code)
docker-compose up -d --build

# Stop and remove containers (keeps named volumes — your data is safe)
docker-compose down

# Stop, remove containers AND delete volumes (DESTROYS DATA!)
docker-compose down -v

# Check the status of your services
docker-compose ps

# Stream logs from one specific service
docker-compose logs -f app

# Get a shell inside a running service container
docker-compose exec app bash

# Run a one-off command in a fresh container (removed automatically after)
docker-compose run --rm app python manage.py migrate

# List all clusters you are configured to talk to
kubectl config get-contexts

# Switch to a different cluster
kubectl config use-context prod-cluster

# Set a default namespace so you don't have to type -n on every command
kubectl config set-context --current --namespace=ml-team

# Check which cluster/context you are currently using
kubectl config current-context

# List pods in the current namespace
kubectl get pods

# List pods in a specific namespace
kubectl get pods -n kube-system

# List pods across ALL namespaces
kubectl get pods -A

# Show more detail: which Node the pod runs on and its cluster IP
kubectl get pods -o wide

# Filter pods by label
kubectl get pods -l app=myapp

# Get FULL details about a pod — the go-to debugging command
kubectl describe pod my-pod-xyz

# Delete a pod (if managed by a Deployment, Kubernetes will recreate it automatically)
kubectl delete pod my-pod-xyz

# Delete all pods in a namespace (the Deployment will recreate them)
kubectl delete pods --all -n staging

Events:
  Warning  Failed    2m   kubelet  Failed to pull image "myapp:v2": not found
  Warning  BackOff   1m   kubelet  Back-off restarting failed container
  Normal   Pulling   30s  kubelet  Pulling image "myapp:v2"

# Basic log view
kubectl logs my-pod

# Stream live logs (stays open, prints new lines)
kubectl logs -f my-pod

# Only show the last 100 lines
kubectl logs my-pod --tail=100

# Logs from a specific container in a multi-container Pod
kubectl logs -f my-pod -c sidecar-container

# Logs from the PREVIOUS (crashed) container — critical for crash loops!
kubectl logs my-pod --previous

# Stream logs from ALL pods of a Deployment at once
kubectl logs -f deploy/my-app --tail=50

# Open an interactive bash shell inside a running pod
kubectl exec -it my-pod -- bash

# If bash is not installed in the image, use sh
kubectl exec -it my-pod -- sh

# Open a shell in a specific container within a multi-container pod
kubectl exec -it my-pod -c sidecar -- sh

# Run a single command without opening a shell
kubectl exec my-pod -- cat /etc/config/app.yml
kubectl exec my-pod -- env | grep DB_HOST

kubectl exec -it my-pod -- bash
# You are now inside the pod
curl http://postgres-service:5432        # can we reach the service?
nslookup postgres-service               # is DNS resolving inside the cluster?
env | grep DB_                          # are the right env variables injected?

# List all deployments
kubectl get deployments -A

# See detailed info about a deployment
kubectl describe deployment my-app

# Watch the progress of a rolling update in real time
kubectl rollout status deploy/my-app

# See the history of all rollouts
kubectl rollout history deploy/my-app

# Roll back to the previous version (immediately!)
kubectl rollout undo deploy/my-app

# Roll back to a specific older version
kubectl rollout undo deploy/my-app --to-revision=3

# Trigger a rolling restart — replaces all pods one by one with zero downtime
kubectl rollout restart deploy/my-app

# Scale the number of pods up or down
kubectl scale deploy/my-app --replicas=5

# Update the container image (triggers a rolling update)
kubectl set image deploy/my-app app=myregistry.io/myapp:v2.0

# Apply a YAML manifest (creates resources if they don't exist, updates if they do)
kubectl apply -f manifest.yaml

# ALWAYS dry-run first in production — see what would change without doing it
kubectl apply -f manifest.yaml --dry-run=client

# Apply all YAML files in a directory
kubectl apply -f ./k8s/

# Delete all resources defined in a manifest
kubectl delete -f manifest.yaml

# See a human-readable diff of what will change
kubectl diff -f manifest.yaml

# Step 1: Check the diff
kubectl diff -f deployment.yaml

# Step 2: Dry run
kubectl apply -f deployment.yaml --dry-run=client

# Step 3: Apply for real
kubectl apply -f deployment.yaml

# Step 4: Watch the rollout
kubectl rollout status deploy/my-app

# List secrets in a namespace
kubectl get secrets -n production

# See metadata about a secret (the values are hidden)
kubectl describe secret db-credentials

# Read the actual value of a secret (decodes base64 for you)
kubectl get secret db-credentials -o jsonpath='{.data.password}' | base64 --decode

# Create a secret from the command line
kubectl create secret generic db-creds \
  --from-literal=username=admin \
  --from-literal=password=super-secret-password

# Create a secret from a file (e.g., a TLS certificate)
kubectl create secret tls my-tls \
  --cert=tls.crt \
  --key=tls.key

# View a ConfigMap
kubectl get configmap app-config -o yaml

# List all nodes with their status and OS/version info
kubectl get nodes -o wide

# Full details and events for a specific node
kubectl describe node worker-node-1

# Cordon — prevent new pods from being scheduled on this node
kubectl cordon worker-node-1

# Uncordon — allow pods to be scheduled on this node again
kubectl uncordon worker-node-1

# Drain — safely evict all pods off the node (for maintenance/shutdown)
kubectl drain worker-node-1 \
  --ignore-daemonsets \        # skip DaemonSet pods (they run on every node by design)
  --delete-emptydir-data       # allow eviction of pods that use emptyDir volumes

# Check resource usage across all nodes
kubectl top nodes
kubectl top pods -A --sort-by=memory

# Step 1: Find what is not in a healthy state
kubectl get pods -A | grep -v Running | grep -v Completed

# Step 2: Look at recent events to see what just happened
kubectl get events -n mynamespace --sort-by='.lastTimestamp' | tail -20

# Step 3: Describe the failing pod — read the Events section carefully
kubectl describe pod failing-pod -n mynamespace

# Step 4: Read the logs — current and previous
kubectl logs failing-pod -n mynamespace --tail=100
kubectl logs failing-pod -n mynamespace --previous

# Step 5: If the pod is running but behaving wrongly, shell in and investigate
kubectl exec -it failing-pod -n mynamespace -- bash

# Step 6: If OOMKilled (out of memory), check resource usage
kubectl top pods -n mynamespace

# Set a variable (available for this terminal session and any commands you run)
export DB_HOST=prod-db.internal
export DB_PORT=5432

# Use a variable
echo $DB_HOST
echo "Connecting to ${DB_HOST}:${DB_PORT}"

# List all environment variables
printenv
printenv | grep DB_        # only show DB-related ones

# Remove a variable from the current session
unset MY_VAR

# Load variables from a .env file (skip comment lines)
export $(cat .env | grep -v '#' | xargs)

#!/bin/bash
set -euo pipefail
# -e: Exit immediately if any command returns a non-zero exit code
# -u: Treat unset variables as errors (avoids silent bugs)
# -o pipefail: A pipeline fails if ANY command in it fails (not just the last)

# Use default values for optional variables
DB_HOST=${DB_HOST:-"localhost"}     # use "localhost" if DB_HOST is not set
DB_PORT=${DB_PORT:-"5432"}

# Kubernetes shortcuts
alias k='kubectl'
alias kgp='kubectl get pods'
alias kgpa='kubectl get pods -A'
alias kgn='kubectl get nodes -o wide'
alias kns='kubectl config set-context --current --namespace'
alias kdp='kubectl describe pod'
alias klf='kubectl logs -f'

# Docker shortcuts
alias dps='docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"'
alias dex='docker exec -it'

# General shortcuts
alias ll='ls -lah'
alias grep='grep --color=auto'
alias ..='cd ..'
alias ...='cd ../..'

# Interactive reverse history search — start typing to find past commands
Ctrl + R

# Run the previous command again
!!

# Run the previous command with sudo (very useful!)
sudo !!

# Run the last command that started with "kubectl"
!kubectl

# Show your recent command history
history | tail -20
history | grep "docker build"

# Open your personal crontab file in an editor
crontab -e

# View your current cron jobs
crontab -l

# View system-wide cron jobs
cat /etc/cron.d/*
ls /etc/cron.daily/

┌───── minute (0-59)
│ ┌─────── hour (0-23)
│ │ ┌───────── day of month (1-31)
│ │ │ ┌─────────── month (1-12)
│ │ │ │ ┌───────────── day of week (0=Sunday, 6=Saturday)
│ │ │ │ │
* * * * *   /path/to/command

# Run at 2:30 AM every day
30 2 * * * /opt/scripts/backup.sh >> /var/log/backup.log 2>&1

# Run every 5 minutes
*/5 * * * * /opt/scripts/healthcheck.sh >> /var/log/health.log 2>&1

# Run every Monday at 9 AM
0 9 * * 1 /opt/scripts/weekly-report.sh

# Run at midnight on the 1st of every month
0 0 1 * * /opt/scripts/monthly-cleanup.sh

# Run every hour at the top of the hour
0 * * * * /opt/scripts/sync.sh

# Watch a command refresh every 2 seconds (live dashboard)
watch -n 2 kubectl get pods -A

# Find and kill whatever process is using port 8080
kill -9 $(lsof -t -i:8080)

# Count how many times each HTTP status code appears in nginx logs
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn

# Monitor logs live with errors highlighted (the trailing | keeps stream open)
tail -f app.log | grep --color=always -E "ERROR|WARN|$"

# Decode a Kubernetes secret value (the full pipeline)
kubectl get secret mysecret -o jsonpath='{.data.password}' | base64 --decode && echo

# List all unique container images running across the entire cluster
kubectl get pods -A -o jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}' | sort -u

# Check SSL certificate expiry for a domain
echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

# Run the same command across multiple servers
for host in web1 web2 web3; do
  echo "=== $host ==="
  ssh $host "systemctl status nginx --no-pager | head -5"
done

# Find the 10 largest files anywhere on the system
find / -type f -printf '%s %p\n' 2>/dev/null | sort -rn | head -10

# Test if a remote port is reachable (without curl or telnet)
cat < /dev/null > /dev/tcp/hostname/8080 && echo "Port is open" || echo "Port is closed"