Command Reference Cheat Sheet
This appendix is your quick-reference survival guide. It is organized by category so you can find what you need fast. For each command you get the syntax, the flags you will actually use, and a brief example. Print this out, laminate it, tape it to your monitor -- whatever works.
Tip: Every command listed here has a manual page. When in doubt, run
man <command>or<command> --help.
File Operations
ls -- List directory contents
$ ls # List files in current directory
$ ls -la # Long format, show hidden files
$ ls -lh # Long format, human-readable sizes
$ ls -lt # Sort by modification time (newest first)
$ ls -lS # Sort by file size (largest first)
$ ls -R # List recursively into subdirectories
cd -- Change directory
$ cd /var/log # Go to an absolute path
$ cd .. # Go up one level
$ cd ~ # Go to your home directory
$ cd - # Go back to the previous directory
cp -- Copy files and directories
$ cp file.txt backup.txt # Copy a file
$ cp -r /src/dir /dst/dir # Copy a directory recursively
$ cp -p file.txt backup.txt # Preserve permissions, timestamps
$ cp -i file.txt backup.txt # Prompt before overwriting
$ cp -a /src/ /dst/ # Archive mode (preserves everything)
mv -- Move or rename files
$ mv old.txt new.txt # Rename a file
$ mv file.txt /tmp/ # Move a file to another directory
$ mv -i file.txt /tmp/ # Prompt before overwriting
$ mv -n file.txt /tmp/ # Never overwrite
rm -- Remove files and directories
$ rm file.txt # Delete a file
$ rm -r directory/ # Delete a directory and its contents
$ rm -i file.txt # Prompt before each removal
$ rm -f file.txt # Force removal (no prompts, no errors)
Warning:
rm -rf /will destroy your entire system. There is no undo, no trash can. Double-check your paths.
mkdir -- Create directories
$ mkdir newdir # Create a single directory
$ mkdir -p parent/child/grandchild # Create nested directories
$ mkdir -m 755 newdir # Create with specific permissions
touch -- Create empty files or update timestamps
$ touch newfile.txt # Create an empty file (or update timestamp)
$ touch -t 202501011200 file.txt # Set a specific timestamp
find -- Search for files
$ find /var/log -name "*.log" # Find by name
$ find / -type f -size +100M # Find files larger than 100MB
$ find . -type f -mtime -7 # Modified in the last 7 days
$ find . -type f -name "*.tmp" -delete # Find and delete
$ find . -type f -perm 777 # Find by permissions
$ find . -type f -user alice # Find by owner
$ find /etc -name "*.conf" -exec grep -l "port" {} \; # Find and grep
locate -- Find files by name (uses a database)
$ locate nginx.conf # Fast filename search
$ sudo updatedb # Update the locate database
stat -- Display detailed file information
$ stat file.txt # Show inode, size, timestamps, permissions
file -- Determine file type
$ file mystery_file # Is it a binary? Text? Image?
Text Processing
cat -- Concatenate and display files
$ cat file.txt # Display entire file
$ cat -n file.txt # Display with line numbers
$ cat file1.txt file2.txt > merged.txt # Concatenate files
less -- Paged file viewer
$ less /var/log/syslog # View a large file page by page
Inside less: Space = next page, b = previous page, /pattern = search, q = quit.
head and tail -- View beginning or end of files
$ head -n 20 file.txt # First 20 lines
$ tail -n 20 file.txt # Last 20 lines
$ tail -f /var/log/syslog # Follow a log file in real time
$ tail -F /var/log/syslog # Follow, even if file is rotated
grep -- Search text with patterns
$ grep "error" logfile.txt # Search for a string
$ grep -i "error" logfile.txt # Case-insensitive search
$ grep -r "TODO" /src/ # Search recursively in a directory
$ grep -n "error" logfile.txt # Show line numbers
$ grep -c "error" logfile.txt # Count matching lines
$ grep -v "debug" logfile.txt # Invert match (lines NOT matching)
$ grep -E "error|warning" logfile.txt # Extended regex (OR)
$ grep -l "error" *.log # List only filenames with matches
sed -- Stream editor
$ sed 's/old/new/' file.txt # Replace first occurrence per line
$ sed 's/old/new/g' file.txt # Replace all occurrences
$ sed -i 's/old/new/g' file.txt # Edit file in place
$ sed -n '10,20p' file.txt # Print lines 10-20
$ sed '/^#/d' file.txt # Delete comment lines
$ sed -i.bak 's/old/new/g' file.txt # In-place edit with backup
awk -- Pattern scanning and processing
$ awk '{print $1}' file.txt # Print the first column
$ awk -F: '{print $1, $3}' /etc/passwd # Custom delimiter, print fields 1 and 3
$ awk '$3 > 1000' file.txt # Print lines where field 3 > 1000
$ awk '{sum += $1} END {print sum}' file.txt # Sum a column
$ awk 'NR==5,NR==10' file.txt # Print lines 5 through 10
sort -- Sort lines
$ sort file.txt # Alphabetical sort
$ sort -n file.txt # Numeric sort
$ sort -r file.txt # Reverse sort
$ sort -k2 -t: file.txt # Sort by field 2, delimiter is :
$ sort -u file.txt # Sort and remove duplicates
$ sort -h file.txt # Sort human-readable sizes (1K, 2M, 3G)
uniq -- Report or filter repeated lines
$ sort file.txt | uniq # Remove adjacent duplicates
$ sort file.txt | uniq -c # Count occurrences
$ sort file.txt | uniq -d # Show only duplicates
cut -- Remove sections from lines
$ cut -d: -f1 /etc/passwd # Extract field 1, delimiter is :
$ cut -c1-10 file.txt # Extract characters 1-10
wc -- Word, line, and byte counts
$ wc -l file.txt # Count lines
$ wc -w file.txt # Count words
$ wc -c file.txt # Count bytes
tr -- Translate or delete characters
$ echo "hello" | tr 'a-z' 'A-Z' # Convert to uppercase
$ echo "hello world" | tr -s ' ' # Squeeze repeated spaces
$ echo "hello123" | tr -d '0-9' # Delete digits
tee -- Read from stdin, write to stdout AND a file
$ command | tee output.log # See output and save it
$ command | tee -a output.log # Append instead of overwrite
diff -- Compare files line by line
$ diff file1.txt file2.txt # Show differences
$ diff -u file1.txt file2.txt # Unified diff format (most readable)
$ diff -r dir1/ dir2/ # Compare directories recursively
xargs -- Build and execute commands from stdin
$ find . -name "*.log" | xargs rm # Delete found files
$ find . -name "*.log" -print0 | xargs -0 rm # Handle filenames with spaces
$ cat urls.txt | xargs -n1 curl # Run curl for each URL
$ seq 10 | xargs -P4 -I{} wget "http://example.com/{}" # Parallel execution
Process Management
ps -- Report process status
$ ps aux # All processes, detailed view
$ ps -ef # Full format listing
$ ps aux --sort=-%mem # Sort by memory usage (descending)
$ ps -p 1234 # Show process with specific PID
$ ps -u alice # Processes owned by user alice
top -- Dynamic process viewer
$ top # Interactive process monitor
Inside top: P = sort by CPU, M = sort by memory, k = kill a process, q = quit.
htop -- Better interactive process viewer
$ htop # Much nicer than top
kill -- Send signals to processes
$ kill 1234 # Send SIGTERM (graceful shutdown)
$ kill -9 1234 # Send SIGKILL (force kill)
$ kill -HUP 1234 # Send SIGHUP (reload config)
$ kill -0 1234 # Check if process exists (no signal sent)
killall and pkill -- Kill processes by name
$ killall nginx # Kill all processes named nginx
$ pkill -f "python script.py" # Kill by full command line match
$ pkill -u alice # Kill all of alice's processes
bg, fg, jobs -- Job control
$ command & # Run command in background
$ jobs # List background jobs
$ fg %1 # Bring job 1 to foreground
$ bg %1 # Resume job 1 in background
$ Ctrl+Z # Suspend the current foreground job
nohup -- Run a command immune to hangups
$ nohup long_running_script.sh & # Continues running after you log out
nice and renice -- Process scheduling priority
$ nice -n 10 ./cpu_intensive_task # Start with lower priority
$ renice -n 5 -p 1234 # Change priority of running process
lsof -- List open files
$ lsof -i :80 # What process is using port 80?
$ lsof -u alice # Files opened by user alice
$ lsof -p 1234 # Files opened by PID 1234
$ lsof +D /var/log/ # Processes with open files in a directory
strace -- Trace system calls
$ strace ls # Trace system calls of ls
$ strace -p 1234 # Attach to a running process
$ strace -e open,read ls # Trace only specific syscalls
$ strace -c ls # Summary of syscall counts and timing
Networking
ip -- Modern network configuration tool
$ ip addr show # Show all IP addresses
$ ip addr add 192.168.1.100/24 dev eth0 # Assign an IP address
$ ip link show # Show network interfaces
$ ip link set eth0 up # Bring an interface up
$ ip route show # Show routing table
$ ip route add default via 192.168.1.1 # Add default gateway
$ ip neigh show # Show ARP table
ss -- Socket statistics (replacement for netstat)
$ ss -tlnp # TCP listening sockets with process info
$ ss -ulnp # UDP listening sockets with process info
$ ss -s # Summary statistics
$ ss -t state established # Show established connections
$ ss -t dst 10.0.0.1 # Connections to a specific host
ping -- Test connectivity
$ ping google.com # Continuous ping
$ ping -c 4 google.com # Send 4 pings then stop
$ ping -i 0.5 google.com # Ping every 0.5 seconds
traceroute / tracepath -- Trace the route to a host
$ traceroute google.com # Show each hop to the destination
$ tracepath google.com # Similar, does not require root
dig -- DNS lookup
$ dig example.com # Query A record
$ dig example.com MX # Query MX record
$ dig @8.8.8.8 example.com # Query using a specific DNS server
$ dig +short example.com # Just the answer, no fluff
$ dig -x 93.184.216.34 # Reverse DNS lookup
curl -- Transfer data from URLs
$ curl http://example.com # Fetch a URL
$ curl -o file.html http://example.com # Save to file
$ curl -O http://example.com/file.tar.gz # Save with remote filename
$ curl -I http://example.com # Show only HTTP headers
$ curl -u user:pass http://example.com # Basic authentication
$ curl -X POST -d "key=value" http://example.com # POST request
$ curl -k https://self-signed.example.com # Skip TLS verification
wget -- Non-interactive web downloader
$ wget http://example.com/file.tar.gz # Download a file
$ wget -c http://example.com/file.tar.gz # Resume a broken download
$ wget -r -l 2 http://example.com # Recursive download, depth 2
$ wget --mirror http://example.com # Mirror an entire site
scp -- Secure copy over SSH
$ scp file.txt user@host:/remote/path/ # Copy to remote
$ scp user@host:/remote/file.txt ./ # Copy from remote
$ scp -r local_dir/ user@host:/remote/ # Copy directory recursively
$ scp -P 2222 file.txt user@host:/path/ # Use a non-standard port
rsync -- Efficient file sync
$ rsync -avz /src/ /dst/ # Local sync (archive, verbose, compress)
$ rsync -avz /src/ user@host:/dst/ # Sync to remote
$ rsync -avz --delete /src/ /dst/ # Mirror (delete extra files at dst)
$ rsync -avz --exclude='*.log' /src/ /dst/ # Exclude patterns
$ rsync -avzn /src/ /dst/ # Dry run (show what would change)
ssh -- Secure shell
$ ssh user@host # Connect to a remote host
$ ssh -p 2222 user@host # Non-standard port
$ ssh -i ~/.ssh/mykey user@host # Specify identity file
$ ssh -L 8080:localhost:80 user@host # Local port forwarding
$ ssh -D 1080 user@host # SOCKS proxy
$ ssh -t user@host 'sudo reboot' # Force pseudo-terminal
nmap -- Network scanner
$ nmap 192.168.1.0/24 # Scan a subnet
$ nmap -sV -p 22,80,443 host # Scan specific ports, detect versions
$ nmap -sn 192.168.1.0/24 # Ping sweep (no port scan)
netcat (nc) -- The networking Swiss army knife
$ nc -zv host 80 # Test if port 80 is open
$ nc -l 1234 # Listen on port 1234
$ echo "hello" | nc host 1234 # Send data to a port
Disk & Storage
df -- Report filesystem disk space usage
$ df -h # Human-readable sizes
$ df -hT # Include filesystem type
$ df -i # Show inode usage
du -- Estimate file space usage
$ du -sh /var/log # Total size of a directory
$ du -h --max-depth=1 / # Size of each top-level directory
$ du -ah /var/log | sort -rh | head -10 # Top 10 largest files/dirs
mount and umount -- Mount/unmount filesystems
$ mount /dev/sdb1 /mnt/usb # Mount a partition
$ mount -t nfs server:/share /mnt/nfs # Mount an NFS share
$ mount -o remount,rw / # Remount root filesystem read-write
$ umount /mnt/usb # Unmount
$ mount | column -t # List all mounts, nicely formatted
lsblk -- List block devices
$ lsblk # Show block devices as a tree
$ lsblk -f # Include filesystem info
$ lsblk -o NAME,SIZE,FSTYPE,MOUNTPOINT # Custom columns
fdisk and parted -- Partition management
$ sudo fdisk -l # List all partitions
$ sudo fdisk /dev/sdb # Interactive partitioning
$ sudo parted /dev/sdb print # Show partitions (GPT-aware)
mkfs -- Create a filesystem
$ sudo mkfs.ext4 /dev/sdb1 # Create ext4 filesystem
$ sudo mkfs.xfs /dev/sdb1 # Create XFS filesystem
fsck -- Filesystem check and repair
$ sudo fsck /dev/sdb1 # Check and repair (unmount first!)
$ sudo fsck -n /dev/sdb1 # Check only, no changes
dd -- Low-level block copy
$ dd if=/dev/sda of=/backup/disk.img bs=4M status=progress # Disk image
$ dd if=/dev/zero of=/dev/sdb bs=4M # Wipe a disk
$ dd if=/dev/urandom of=testfile bs=1M count=100 # Create 100MB test file
swap management
$ sudo swapon --show # Show active swap
$ sudo mkswap /dev/sdb2 # Create swap space
$ sudo swapon /dev/sdb2 # Enable swap
$ sudo swapoff /dev/sdb2 # Disable swap
User Management
useradd / adduser -- Create users
$ sudo useradd -m -s /bin/bash alice # Create user with home dir and shell
$ sudo adduser alice # Interactive (Debian/Ubuntu)
$ sudo useradd -G sudo,docker alice # Create user in supplementary groups
usermod -- Modify a user account
$ sudo usermod -aG docker alice # Add alice to docker group
$ sudo usermod -s /bin/zsh alice # Change shell
$ sudo usermod -L alice # Lock the account
$ sudo usermod -U alice # Unlock the account
userdel -- Delete a user
$ sudo userdel alice # Delete user (keep home dir)
$ sudo userdel -r alice # Delete user and home directory
passwd -- Change passwords
$ passwd # Change your own password
$ sudo passwd alice # Change another user's password
$ sudo passwd -l alice # Lock an account
$ sudo passwd -e alice # Force password change at next login
groups / id -- Show group membership
$ groups # Your groups
$ groups alice # alice's groups
$ id # UID, GID, and all groups
$ id alice # Same, for alice
su and sudo -- Switch users, elevated privileges
$ su - alice # Switch to alice (login shell)
$ sudo command # Run command as root
$ sudo -u alice command # Run command as alice
$ sudo -i # Root login shell
$ sudo -l # List your sudo privileges
Package Management
APT (Debian, Ubuntu, Mint)
$ sudo apt update # Refresh package index
$ sudo apt upgrade # Upgrade installed packages
$ sudo apt install nginx # Install a package
$ sudo apt remove nginx # Remove (keep config)
$ sudo apt purge nginx # Remove and delete config
$ sudo apt autoremove # Remove unused dependencies
$ apt search nginx # Search for packages
$ apt show nginx # Show package details
$ dpkg -l | grep nginx # List installed packages matching a pattern
$ dpkg -L nginx # List files installed by a package
DNF / YUM (RHEL, Fedora, Rocky, Alma)
$ sudo dnf update # Upgrade all packages
$ sudo dnf install nginx # Install a package
$ sudo dnf remove nginx # Remove a package
$ dnf search nginx # Search for packages
$ dnf info nginx # Show package details
$ dnf list installed # List all installed packages
$ rpm -ql nginx # List files installed by a package
$ rpm -qf /usr/sbin/nginx # Which package owns this file?
pacman (Arch, Manjaro)
$ sudo pacman -Syu # Full system upgrade
$ sudo pacman -S nginx # Install a package
$ sudo pacman -R nginx # Remove a package
$ sudo pacman -Rs nginx # Remove with unused dependencies
$ pacman -Ss nginx # Search for packages
$ pacman -Qi nginx # Show installed package info
$ pacman -Ql nginx # List files owned by a package
systemd Service Management
systemctl -- Control the systemd system and service manager
$ systemctl status nginx # Check service status
$ sudo systemctl start nginx # Start a service
$ sudo systemctl stop nginx # Stop a service
$ sudo systemctl restart nginx # Restart a service
$ sudo systemctl reload nginx # Reload configuration without restart
$ sudo systemctl enable nginx # Start automatically at boot
$ sudo systemctl disable nginx # Do not start at boot
$ sudo systemctl enable --now nginx # Enable and start in one command
$ systemctl is-active nginx # Check if running (returns active/inactive)
$ systemctl is-enabled nginx # Check if enabled at boot
$ systemctl list-units --type=service # List all loaded services
$ systemctl list-units --failed # List failed services
$ systemctl daemon-reload # Reload unit files after editing
journalctl -- Query the systemd journal
$ journalctl -u nginx # Logs for a specific service
$ journalctl -u nginx --since "1 hour ago" # Recent logs
$ journalctl -u nginx -f # Follow logs in real time
$ journalctl -b # Logs since last boot
$ journalctl -b -1 # Logs from previous boot
$ journalctl -p err # Only error-level and above
$ journalctl --disk-usage # How much disk space journals use
$ sudo journalctl --vacuum-size=500M # Shrink journals to 500MB
timedatectl, hostnamectl, localectl -- System settings
$ timedatectl # Show time/date/timezone info
$ sudo timedatectl set-timezone Asia/Kolkata # Set timezone
$ hostnamectl # Show hostname info
$ sudo hostnamectl set-hostname myserver # Set hostname
$ localectl # Show locale info
Permissions & Ownership
chmod -- Change file permissions
$ chmod 755 script.sh # rwxr-xr-x
$ chmod 644 file.txt # rw-r--r--
$ chmod u+x script.sh # Add execute for owner
$ chmod g-w file.txt # Remove write for group
$ chmod o= file.txt # Remove all permissions for others
$ chmod -R 755 /var/www/ # Apply recursively
Permission reference:
7 = rwx (read + write + execute)
6 = rw- (read + write)
5 = r-x (read + execute)
4 = r-- (read only)
0 = --- (no permissions)
chown -- Change file owner and group
$ sudo chown alice file.txt # Change owner
$ sudo chown alice:devs file.txt # Change owner and group
$ sudo chown -R alice:devs /var/www/ # Apply recursively
$ sudo chown :devs file.txt # Change group only
chgrp -- Change group ownership
$ sudo chgrp devs file.txt # Change group
$ sudo chgrp -R devs /project/ # Apply recursively
umask -- Set default file creation permissions
$ umask # Show current umask
$ umask 022 # New files: 644, new dirs: 755
$ umask 077 # New files: 600, new dirs: 700
Special permissions
$ chmod u+s /usr/bin/program # Set SUID bit
$ chmod g+s /shared/dir # Set SGID bit
$ chmod +t /tmp # Set sticky bit
$ find / -perm -4000 -ls # Find all SUID files
getfacl / setfacl -- Access Control Lists
$ getfacl file.txt # Show ACLs
$ setfacl -m u:alice:rw file.txt # Grant alice read/write
$ setfacl -m g:devs:rx /project/ # Grant devs group read/execute
$ setfacl -x u:alice file.txt # Remove ACL for alice
$ setfacl -b file.txt # Remove all ACLs
Compression & Archiving
tar -- Archive files
$ tar cf archive.tar files/ # Create archive
$ tar czf archive.tar.gz files/ # Create gzip-compressed archive
$ tar cjf archive.tar.bz2 files/ # Create bzip2-compressed archive
$ tar cJf archive.tar.xz files/ # Create xz-compressed archive
$ tar xf archive.tar.gz # Extract (auto-detects compression)
$ tar xf archive.tar.gz -C /dst/ # Extract to a specific directory
$ tar tf archive.tar.gz # List contents without extracting
$ tar czf backup.tar.gz --exclude='*.log' /data/ # Exclude patterns
Memory aid for tar flags:
c = create x = extract t = list
z = gzip j = bzip2 J = xz
f = filename v = verbose C = change directory
gzip / gunzip -- Compress/decompress
$ gzip file.txt # Compress (replaces original with file.txt.gz)
$ gunzip file.txt.gz # Decompress
$ gzip -k file.txt # Keep the original file
$ gzip -9 file.txt # Maximum compression
$ zcat file.txt.gz # View compressed file without extracting
zip / unzip
$ zip archive.zip file1.txt file2.txt # Create a zip file
$ zip -r archive.zip directory/ # Zip a directory
$ unzip archive.zip # Extract
$ unzip -l archive.zip # List contents
$ unzip archive.zip -d /dst/ # Extract to a specific directory
xz -- High-ratio compression
$ xz file.txt # Compress (replaces original)
$ xz -d file.txt.xz # Decompress
$ xz -k file.txt # Keep the original
System Information
uname -- System information
$ uname -a # All system info
$ uname -r # Kernel version only
$ uname -m # Machine architecture
hostname -- Show or set the hostname
$ hostname # Show hostname
$ hostname -I # Show all IP addresses
uptime -- How long has the system been running
$ uptime # Uptime, users, load averages
free -- Memory usage
$ free -h # Human-readable memory info
$ free -h -s 5 # Repeat every 5 seconds
dmesg -- Kernel ring buffer messages
$ dmesg # All kernel messages
$ dmesg -T # Human-readable timestamps
$ dmesg | tail -20 # Most recent kernel messages
$ dmesg -w # Follow new messages in real time
vmstat, iostat, mpstat -- Performance statistics
$ vmstat 1 5 # System stats every 1 second, 5 times
$ iostat -xz 1 # I/O stats every second
$ mpstat -P ALL 1 # Per-CPU stats every second
Miscellaneous Power Tools
watch -- Execute a command repeatedly
$ watch -n 2 df -h # Run df -h every 2 seconds
$ watch -d ls -la # Highlight changes between runs
alias -- Create command shortcuts
$ alias ll='ls -la' # Create an alias
$ alias gs='git status' # Shorter git status
$ unalias ll # Remove an alias
history -- Command history
$ history # Show command history
$ history | grep ssh # Search history
$ !123 # Re-run command number 123
$ !! # Re-run the last command
$ sudo !! # Re-run the last command with sudo
screen / tmux -- Terminal multiplexers
$ tmux new -s work # New named session
$ tmux ls # List sessions
$ tmux attach -t work # Reattach to a session
$ Ctrl+b d # Detach from a session
$ Ctrl+b c # New window
$ Ctrl+b % # Split pane vertically
$ Ctrl+b " # Split pane horizontally
date -- Show or set the date and time
$ date # Current date and time
$ date +%Y-%m-%d # Formatted date (2025-01-15)
$ date +%s # Unix timestamp
$ date -d @1700000000 # Convert timestamp to date
crontab -- Manage cron jobs
$ crontab -l # List your cron jobs
$ crontab -e # Edit your cron jobs
$ sudo crontab -l -u alice # List alice's cron jobs
Cron format:
* * * * * command
│ │ │ │ │
│ │ │ │ └── Day of week (0-7, 0 and 7 = Sunday)
│ │ │ └──── Month (1-12)
│ │ └────── Day of month (1-31)
│ └──────── Hour (0-23)
└────────── Minute (0-59)
Examples:
0 2 * * * command # Every day at 2:00 AM
*/15 * * * * command # Every 15 minutes
0 9 * * 1-5 command # Weekdays at 9:00 AM
0 0 1 * * command # First of every month at midnight
Quick Pipelines Worth Memorizing
These are not individual commands but combinations that solve common real-world problems:
# Top 10 largest files under current directory
$ find . -type f -exec du -h {} + | sort -rh | head -10
# Count lines of code in a project (excluding blanks)
$ find . -name "*.py" -exec cat {} + | grep -cv '^$'
# Watch who is consuming the most memory right now
$ ps aux --sort=-%mem | head -10
# Find which process is listening on port 443
$ sudo ss -tlnp | grep :443
# Show all failed SSH login attempts
$ grep "Failed password" /var/log/auth.log | tail -20
# Live monitor of network connections per state
$ watch -n 1 'ss -s'
# Quick disk usage audit
$ du -h --max-depth=1 / 2>/dev/null | sort -rh | head -15
# Extract unique IP addresses from an access log
$ awk '{print $1}' /var/log/nginx/access.log | sort -u | wc -l
# Check if a service is running, restart if it is not
$ systemctl is-active --quiet nginx || sudo systemctl restart nginx
That is your cheat sheet. Bookmark this page, keep it handy, and with practice, these commands will become muscle memory. When you need more detail on any command, the man pages are always one man <command> away.