- FHS
- Filesystem Hierarchy Standard — the standard layout of Linux directories under root (/).
- /
- The root of the entire Linux filesystem; everything mounts beneath it.
- /etc
- System-wide configuration files (text), e.g. /etc/passwd, /etc/fstab.
- /var
- Variable data that changes at runtime — logs (/var/log), spools, caches, mail.
- /home
- Regular users' home directories (e.g. /home/alice).
- /usr
- Installed programs, libraries, and documentation (largely read-only).
- /bin and /sbin
- Essential user and system binaries (often symlinked into /usr).
- /tmp
- Temporary files; world-writable with the sticky bit; often cleared on reboot.
- /dev
- Device files representing hardware and pseudo-devices (e.g. /dev/sda, /dev/null).
- /proc
- A virtual filesystem exposing live per-process and kernel data from memory.
- /sys
- A virtual filesystem exposing kernel device and subsystem information.
- /boot
- Holds the kernel, initramfs, and bootloader (GRUB) files needed to start the system.
- /opt
- Optional, self-contained third-party application packages.
- /var/log
- The directory where system and service log files are written.
- Mount point
- A directory where a filesystem is attached so its contents become accessible.
- BIOS vs UEFI
- Firmware that starts the boot process; UEFI reads the EFI System Partition, legacy BIOS reads the MBR.
- GRUB2
- The GRand Unified Bootloader v2 — loads the Linux kernel and initramfs at boot.
- initramfs
- A temporary in-memory root filesystem holding drivers needed to mount the real root.
- Kernel
- The core of the OS that manages hardware, memory, processes, and system calls.
- Linux boot order
- Firmware (UEFI/BIOS) → GRUB2 → kernel + initramfs → systemd (PID 1) → target → login.
- systemd
- The modern init system and service manager; runs as PID 1 and supervises units.
- PID 1
- The first user-space process started by the kernel — systemd on most distributions.
- Unit (systemd)
- A systemd-managed resource: a service, socket, mount, timer, or target.
- Target (systemd)
- A grouping of units defining a system state; replaces SysV runlevels.
- multi-user.target
- The systemd target for multi-user, command-line (non-graphical) operation.
- graphical.target
- The systemd target that starts the GUI on top of multi-user.
- systemctl
- The command to control systemd: start, stop, restart, enable, disable, status.
- systemctl enable
- Configure a service to start automatically at boot (does not start it now).
- systemctl start
- Start a service immediately (does not survive a reboot unless also enabled).
- systemctl enable --now
- Enable a service at boot AND start it right now in one command.
- systemctl status
- Show a service's current state, PID, and recent log lines.
- journalctl
- Query the systemd journal (logs); filter by unit, boot, time, and priority.
- journalctl -u
- Show the journal entries for one specific systemd unit/service.
- journalctl -b
- Show journal entries from the current boot.
- Package manager
- A tool that installs, updates, and removes software and resolves dependencies.
- apt
- The high-level package manager for Debian/Ubuntu; installs .deb packages.
- dpkg
- The low-level Debian package tool that operates on a single .deb file.
- dnf
- The high-level package manager for RHEL/Fedora/CentOS (successor to yum); installs .rpm.
- yum
- The older RHEL-family package manager, now succeeded by dnf.
- rpm
- The low-level package format and tool for RHEL-family distributions.
- zypper
- The high-level package manager for openSUSE/SLES (.rpm).
- apt update
- Refresh the local package index from the configured repositories (Debian/Ubuntu).
- apt install
- Install a package and its dependencies on Debian/Ubuntu (apt install <pkg>).
- dnf install
- Install a package and its dependencies on RHEL/Fedora (dnf install <pkg>).
- snap and flatpak
- Universal, sandboxed package formats that bundle dependencies and work across distros.
- Compile from source
- Build software with ./configure && make && make install.
- Repository
- A configured source of packages a package manager downloads from.
- lsblk
- List block devices (disks and partitions) and their mount points.
- fdisk / parted
- Create and manage disk partitions (parted handles GPT and large disks).
- mkfs.ext4
- Create an ext4 filesystem on a partition.
- mkfs.xfs
- Create an XFS filesystem on a partition (default on RHEL).
- ext4
- A widely used, mature Linux journaling filesystem.
- XFS
- A high-performance journaling filesystem; the default on RHEL.
- Btrfs
- A modern copy-on-write Linux filesystem with snapshots and pooling.
- mount
- Attach a filesystem to a mount point so its contents are accessible.
- umount
- Detach a mounted filesystem from its mount point.
- /etc/fstab
- Lists filesystems to mount at boot, with mount points and options (use UUIDs).
- df -h
- Report filesystem disk space usage in human-readable form.
- du -sh
- Show the total size of a directory (summary, human-readable).
- LVM
- Logical Volume Management — pool disks into resizable logical volumes.
- LVM layers
- Physical Volume (PV) → Volume Group (VG) → Logical Volume (LV).
- pvcreate / vgcreate / lvcreate
- Create the LVM physical volume, volume group, and logical volume.
- mdadm
- Create and manage Linux software RAID arrays.
- RAID 0 vs 1
- RAID 0 stripes for speed (no redundancy); RAID 1 mirrors for redundancy.
- Process
- A running instance of a program, identified by a PID with a state and owner.
- PID
- Process ID — the unique number identifying a running process.
- ps aux
- List all running processes with their owner, PID, CPU, and memory usage.
- top / htop
- Show live, interactive process and resource usage (htop is friendlier).
- kill
- Send a signal to a process by PID (default TERM = graceful stop).
- kill -9
- Send SIGKILL to forcibly terminate a process that won't stop gracefully.
- SIGTERM vs SIGKILL
- TERM (15) asks a process to exit cleanly; KILL (9) forces it immediately.
- nice / renice
- Set or change a process's CPU scheduling priority (-20 highest, 19 lowest).
- nohup
- Run a command immune to hangups so it keeps running after you log out.
- Background job (&)
- Append & to a command to run it in the background; manage with jobs, fg, bg.
- cron
- The time-based job scheduler daemon that runs jobs on a schedule.
- crontab
- A user's table of scheduled cron jobs; edit with crontab -e, list with crontab -l.
- cron fields
- Five fields: minute, hour, day-of-month, month, day-of-week, then the command.
- 0 2 * * *
- A cron schedule meaning 'run every day at 2:00 a.m.'
- systemd timer
- The modern alternative to cron for scheduling systemd units.
- at
- Schedule a command to run once at a specified future time.
- /etc/passwd
- User account records (username, UID, GID, home directory, shell) — no passwords.
- /etc/shadow
- Stores users' hashed passwords and password-aging policy.
- /etc/group
- Defines groups and their members.
- useradd
- Create a new user account.
- usermod
- Modify an existing user account (e.g. add to a group with -aG).
- userdel
- Delete a user account (use -r to also remove the home directory).
- groupadd
- Create a new group.
- passwd
- Set or change a user's password.
- id
- Show a user's UID, GID, and group memberships.
- Primary vs secondary group
- Each user has one primary group and may belong to several secondary groups.
- ip addr
- Show network interfaces and their IP addresses (modern replacement for ifconfig).
- ip route
- Show the routing table, including the default gateway.
- nmcli
- Command-line tool to manage NetworkManager connections.
- /etc/resolv.conf
- Configures the DNS resolvers (nameservers) the system uses.
- /etc/hosts
- Static hostname-to-IP mappings, checked before DNS.
- ss -tulpn
- List listening TCP/UDP sockets and the processes that own them.
- hostnamectl
- View or set the system hostname (and related metadata).
- uname -r
- Print the running kernel release/version.
- lsmod / modprobe
- List loaded kernel modules / load a kernel module.
- tar
- Archive multiple files into one (.tar); add -z for gzip, -j for bzip2 compression.
- gzip / bzip2 / xz
- Compression tools producing .gz, .bz2, and .xz files.
- ln -s
- Create a symbolic (soft) link pointing to another file or directory.
- Hard vs soft link
- A hard link is another name for the same inode; a soft link is a pointer to a path.
- find
- Search the filesystem for files by name, size, time, type, or permissions.
- locate
- Quickly find files by name using a prebuilt index (updatedb).
- chroot
- Change the apparent root directory for a process and its children (a sandbox).
- Linux permissions
- Read (r=4), write (w=2), execute (x=1) for owner, group, and others.
- rwxr-xr--
- Owner rwx (7), group r-x (5), others r-- (4) = octal 754.
- chmod
- Change a file's permission bits, numeric (754) or symbolic (u+x).
- chmod 644
- Owner read/write; group and others read-only — typical for a regular file.
- chmod 755
- Owner read/write/execute; group and others read/execute — typical for a script/dir.
- chown
- Change a file's owner (chown user file) and optionally group (user:group).
- chgrp
- Change a file's group ownership.
- umask
- Subtracts default permission bits from newly created files and directories.
- Execute bit on a directory
- Required to enter (cd into) the directory, not just read it.
- File type character
- The first ls -l character: - file, d directory, l symlink, b/c device.
- SUID
- Special bit (4) that runs a program with the privileges of its file owner (e.g. passwd).
- SGID
- Special bit (2) that runs a file as its group, or makes new files inherit a dir's group.
- Sticky bit
- Special bit (1) on a directory letting users delete only files they own (e.g. /tmp).
- chmod 4755
- Sets the SUID bit plus rwxr-xr-x.
- chmod 1777
- Sets the sticky bit plus rwxrwxrwx (the /tmp permissions).
- ACL (setfacl/getfacl)
- Access Control Lists grant fine-grained per-user/per-group permissions beyond rwx.
- chattr / lsattr
- Set/view extended file attributes (e.g. +i makes a file immutable).
- MAC
- Mandatory Access Control — a system-enforced policy users cannot override.
- DAC
- Discretionary Access Control — the file owner decides permissions (standard rwx).
- SELinux
- Label-based mandatory access control; default on RHEL-family systems.
- SELinux modes
- Enforcing (block + log), permissive (log only), and disabled.
- getenforce
- Show the current SELinux mode (Enforcing, Permissive, or Disabled).
- setenforce
- Temporarily switch SELinux between enforcing (1) and permissive (0).
- sestatus
- Show detailed SELinux status and policy information.
- restorecon
- Reset a file's SELinux context to the policy default.
- semanage
- Manage SELinux policy (ports, file contexts, booleans) persistently.
- /etc/selinux/config
- Where the persistent SELinux mode is set across reboots.
- AppArmor
- Path-based mandatory access control using profiles; default on Ubuntu/SUSE.
- AppArmor modes
- Enforce (apply the profile) and complain (log only).
- aa-status
- Show the status of loaded AppArmor profiles.
- SELinux vs AppArmor
- SELinux labels objects (RHEL); AppArmor targets program paths (Ubuntu/SUSE).
- PAM
- Pluggable Authentication Modules — the framework controlling how users authenticate.
- sudo
- Run a single command as another user (usually root) per /etc/sudoers rules.
- visudo
- Safely edit /etc/sudoers; it validates syntax so a typo can't break sudo.
- su vs sudo
- su switches to another user entirely; sudo runs one command with elevation and logs it.
- Least privilege
- Grant users and processes only the access they actually need.
- wheel / sudo group
- The group whose members are allowed to use sudo (wheel on RHEL, sudo on Debian).
- SSH
- Secure Shell — an encrypted protocol for remote login and file transfer.
- ssh-keygen
- Generate an SSH public/private key pair.
- authorized_keys
- The server file (~/.ssh/authorized_keys) holding clients' public keys.
- SSH key authentication
- Client proves it holds the private key matching a public key on the server.
- ssh-copy-id
- Copy your public key to a server's authorized_keys for passwordless login.
- /etc/ssh/sshd_config
- The SSH server config; harden by disabling root login and password auth.
- scp / sftp
- Copy files over SSH (scp) or transfer interactively over SSH (sftp).
- firewalld
- A dynamic, zone- and service-based firewall manager (RHEL family).
- firewall-cmd
- The command-line client for firewalld.
- ufw
- Uncomplicated Firewall — a simple front-end to iptables/nftables (Ubuntu).
- iptables
- The legacy packet-filtering framework for defining firewall rules.
- nftables
- The modern successor to iptables for packet filtering.
- Default-deny
- A firewall posture that blocks everything except explicitly allowed traffic.
- LUKS
- Linux Unified Key Setup — the standard for full-disk (block-device) encryption.
- cryptsetup
- The tool used to set up and manage LUKS-encrypted volumes.
- gpg
- GNU Privacy Guard — encrypt, decrypt, and digitally sign files.
- Hashing
- A one-way function (e.g. sha256sum) used to verify integrity, not to encrypt.
- TLS certificate
- Secures a service's traffic in transit and authenticates its identity.
- Defense in depth
- Layer multiple controls (permissions, MAC, firewall, encryption) so one failure isn't fatal.
- fail2ban
- Monitors logs and bans IPs after repeated failed login attempts.
- Public vs private key
- Encrypt/verify with the public key; decrypt/sign with the private key.
- MFA
- Multi-factor authentication — combine something you know, have, and/or are.
- getfacl / setfacl
- View and set Access Control Lists for fine-grained per-user permissions.
- setsebool
- Toggle an SELinux boolean to allow or deny optional policy behavior.
- Open a port in firewalld
- firewall-cmd --add-service=http --permanent, then --reload.
- /etc/sudoers.d/
- A directory for drop-in sudoers files, kept separate from /etc/sudoers.
- Shebang
- The first script line (#!/bin/bash) naming the interpreter that runs the file.
- Make a script executable
- chmod +x script.sh, then run it with ./script.sh.
- Variable (Bash)
- name="value" with no spaces; reference it as $name or "$name".
- Exit code ($?)
- The status of the last command: 0 = success, non-zero = error.
- if statement (Bash)
- if [[ condition ]]; then ... fi — runs commands when the test is true.
- test / [[ ]]
- Evaluate a condition (file checks, numeric/string comparisons) for if and while.
- for loop (Bash)
- for f in *.log; do ... done — iterate over a list of items.
- while loop (Bash)
- while [[ condition ]]; do ... done — repeat while the test stays true.
- until loop (Bash)
- until [[ condition ]]; do ... done — repeat until the test becomes true.
- case statement
- Match a variable against patterns — a cleaner multi-way branch than nested ifs.
- Pipe ( | )
- Send one command's standard output as the next command's standard input.
- Redirection > and >>
- > writes output to a file (overwrite); >> appends to it.
- Input redirection ( < )
- Feed a file's contents to a command as standard input.
- 2>&1
- Redirect standard error to the same place as standard output.
- grep
- Search text for lines matching a pattern (regular expression).
- grep -i / -r / -v
- Ignore case / search recursively / invert the match.
- sed
- A stream editor for filtering and transforming text (e.g. find-and-replace).
- awk
- A text-processing language for working with columns and fields.
- cut / sort / uniq
- Extract columns / sort lines / collapse or count duplicate lines.
- Command substitution
- $(command) inserts a command's output into another command or variable.
- && and ||
- && runs the next command only if the previous succeeded; || only if it failed.
- Positional parameters
- $1, $2, ... are a script's arguments; $0 is the script name, $# the count.
- Function (Bash)
- name() { commands; } — group reusable commands into a callable block.
- trap
- Catch signals (e.g. EXIT, INT) in a script to run cleanup before exiting.
- Globbing
- Shell wildcards: * (any chars), ? (one char), [abc] (a character set).
- read
- Read a line of input into a variable, often for interactive scripts.
- echo / printf
- Print text to standard output (printf gives precise formatting).
- Git
- A distributed version-control system tracking changes via commits, branches, merges.
- git clone
- Copy a remote repository to your local machine.
- git add
- Stage changes so they'll be included in the next commit.
- git commit
- Save a snapshot of staged changes (git commit -m "message").
- git push / git pull
- Send commits to the remote / fetch and merge from the remote.
- git branch / checkout
- Create branches and switch between them to work in isolation.
- git merge
- Combine the changes from another branch into the current one.
- git status / git log
- Show the working-tree state / view the commit history.
- Container
- A lightweight, isolated process packaging an app and its dependencies; shares the host kernel.
- Container vs VM
- Containers share the host kernel (lightweight); VMs run a full guest OS (heavier).
- Docker image
- A read-only template built from a Dockerfile; the basis for containers.
- Docker container
- A running instance of a Docker image.
- Dockerfile
- A text file of instructions used to build a Docker image.
- docker build
- Build an image from a Dockerfile.
- docker run
- Create and start a container from an image.
- docker ps
- List running containers (add -a to include stopped ones).
- docker images
- List the images stored locally.
- Docker Compose
- Define and run multi-container applications from a YAML file.
- Podman
- A daemonless, rootless container engine that is largely Docker-compatible.
- Container registry
- A store for container images (e.g. Docker Hub) that you push to and pull from.
- Kubernetes
- An orchestrator that automates deploying, scaling, and managing containers.
- Ansible
- An agentless automation tool using YAML playbooks pushed over SSH.
- Idempotency
- Running an automation repeatedly yields the same end state, changing only what differs.
- Ansible playbook
- A YAML file describing the desired state as a series of tasks.
- Ansible inventory
- A file listing the hosts (and groups) Ansible manages.
- Ansible module
- A reusable unit of work (e.g. apt, copy, service) a task invokes.
- Puppet
- An agent-based configuration-management tool using a declarative language.
- Chef
- An agent-based configuration-management tool using Ruby 'recipes'.
- Terraform
- A declarative infrastructure-as-code tool that provisions infrastructure.
- IaC
- Infrastructure as Code — manage systems with version-controlled config files.
- cloud-init
- Initializes a cloud instance on first boot (users, keys, packages, scripts).
- YAML
- A human-readable data format (indentation-based) used by Compose, Ansible, and Kubernetes.
- Environment variable
- A named value in the shell environment (export NAME=value) available to processes.
- alias
- Create a shortcut for a longer command (alias ll='ls -la').
- Troubleshooting methodology
- Identify, theorize, test, plan, implement/escalate, verify, document.
- First step of troubleshooting
- Identify the problem — gather info, question users, find what changed.
- Last step of troubleshooting
- Document the findings, actions, and outcomes.
- Read the logs first
- journalctl (systemd), /var/log (text logs), and dmesg (kernel) before theorizing.
- df -h
- Find which filesystem is full (human-readable disk usage).
- du -sh *
- Find which directory is consuming the space (sort with | sort -h).
- df -i
- Check inode usage — a disk can be 'full' of inodes with free space remaining.
- Inode
- A filesystem structure storing a file's metadata; exhaustion blocks new files.
- Deleted-but-open file
- Space isn't freed until the holding process closes; find it with lsof | grep deleted.
- fsck
- Check and repair a filesystem — run only on an unmounted filesystem.
- Disk full troubleshooting
- df -h to find the filesystem, du to find the directory, df -i for inodes.
- logrotate
- Rotates and compresses logs so /var/log doesn't fill the root filesystem.
- ping
- Test reachability and round-trip time to a host using ICMP.
- traceroute / mtr
- Show the per-hop path to a destination to find where traffic stops.
- dig / nslookup
- Test DNS name resolution.
- Ping by IP but not name
- Connectivity works but DNS is broken — a name-resolution problem.
- tcpdump
- Capture and inspect network packets for deep analysis.
- ss / netstat
- List sockets/connections and listening ports (ss is the modern tool).
- No IP address
- Points to a DHCP failure or interface misconfiguration.
- Can't reach the gateway
- A local connectivity or routing problem (check ip route).
- top / htop
- Show live CPU, memory, load average, and per-process resource usage.
- Load average
- Average processes wanting CPU over 1, 5, 15 minutes; compare to core count.
- High load average
- A value well above the core count means processes are queuing for CPU.
- free -h
- Show total, used, available memory and swap in human-readable form.
- vmstat
- Report virtual memory, CPU, and system activity (including swap usage).
- iostat
- Report CPU and per-device disk I/O statistics to find I/O bottlenecks.
- sar
- Collect and report historical system activity (CPU, memory, I/O) over time.
- uptime
- Show how long the system has run and the 1/5/15-minute load averages.
- Zombie process
- A finished process not yet reaped by its parent; shows a Z state, harmless but a bug sign.
- Orphan process
- A running process whose parent died; it's re-parented to PID 1 (systemd).
- Process state D
- Uninterruptible sleep — usually blocked on disk or network I/O.
- OOM killer
- The kernel terminates a process under severe memory pressure to recover.
- Find OOM events
- Look in dmesg or the journal for 'Out of memory' / 'Killed process' messages.
- dmesg
- Display the kernel ring buffer — hardware, driver, and boot messages.
- lsof
- List open files and the processes holding them (e.g. what holds a port or deleted file).
- strace
- Trace the system calls a process makes — useful for diagnosing hangs and failures.
- kill / pkill
- Send a signal to stop a process by PID (kill) or by name (pkill).
- Service won't start
- Check systemctl status <svc> and journalctl -u <svc> for the failure reason.
- Permission denied (despite rwx)
- Suspect SELinux/AppArmor — check the audit log and contexts.
- ausearch / audit2allow
- Search SELinux audit denials and suggest a policy to allow them.
- Swapping / thrashing
- Heavy swap use slows the system; check free -h and vmstat for swap activity.
- Boot failure: GRUB
- An error at the GRUB stage points to the bootloader or its config.
- Boot failure: kernel panic
- The kernel can't continue (often a missing root or initramfs issue).
- Cannot mount filesystem
- Check /etc/fstab, the device/UUID, and run fsck if corrupted.
- nice value too high
- A process set to a low priority (high nice) may run slowly under contention.
- Check listening ports
- ss -tulpn shows which ports are open and which process owns each.
- DNS misconfigured
- Check /etc/resolv.conf and test with dig; the resolver may be wrong or down.
- Time out of sync
- Check the NTP/chrony service; clock skew breaks TLS, Kerberos, and logs.
- High CPU one process
- Identify it in top/htop, then renice, fix, or kill the runaway process.
- Read-only filesystem
- Often a sign of filesystem errors; the kernel remounts ro to protect data — check dmesg.
- mtr
- Combines ping and traceroute into a continuous per-hop network diagnostic.
- Cannot resolve hostname
- Test with dig/nslookup; fix /etc/resolv.conf or the upstream DNS server.
- watch
- Re-run a command at intervals to watch a value change (e.g. watch df -h).
- journalctl -p err
- Filter the journal to error-priority (and worse) messages.
- Quota exceeded
- A user hit a disk quota; check with quota and repquota, then adjust or clean up.
- uptime load > cores
- More demand than CPUs — investigate top CPU, memory pressure, or blocked I/O.