Linux Server Commands CHEATSHEET (for newb admins)

My personal quicklist of Linux server commands.

FYI, these commands are mostly for Apache/LiteSpeed servers on RHEL Linux distro. I don’t work as much with NGINX servers and Debian distro. Will add more over time.

Last updated Apr 1, 2026.

OS:

• hostnamectl – see operating system and version, reference link
• hostname – see current temporary hostname (I recommend not to use this, and to use hostnamectl instead.)
• hostnamectl set-hostname server.domain.com – change hostname to any desired domain. You may also have to edit hostname in files /etc/hosts and /etc/sysconfig/network, and possibly /etc/sysconfig/network-scripts/*networkdevicename* (if you manually set it here).
• whoami – shows your user name (useful for knowing if you’re executing commands as root user or another user)
• su, su -, sudo -i – switch to root user if you haven’t already. “su -” is probably more proper since it creates a login shell with new environment.
• passwd – change password for current user
• logout – log out of current user
• uname -r – see Linux kernel version, lsb_release -a to see distro version.
• yum update – update server packages for RHEL distros (useful before doing new software installs).
• apt update – update server packages for Debian distros (useful before doing new software installs). There are other variations use apt-get update and apt-get upgrade. Issues: install all updates before, packages held back.
• Auto completion – press [TAB] key while typing commands to auto-complete file/directory names.
• sudo dmesg -n 1 – suppress annoying kernel messages every 10 seconds. Add this command to etc/rc.local (or its equivalent) to run it at boot. More info

SSH:

• Connect to ssh ssh user@ip -p 2222 (-p & port number not needed if using default port 22)
• /etc/ssh/sshd_config – editing SSHD, changing SSH port number, allowing/disabling SSH or password authenthication, etc.
• getting SSH port grep Port /etc/ssh/sshd_config (may need “sudo” in front)
• systemctl restart sshd.service – restart sshd. Link.
• cat ~/.ssh/authorized_keys – lists authorized SSH keys, add more public SSH keys here to give access other admins or support staff. The location might also be /root/.ssh/authorized_keys.

SSH key – generate on Macbook terminal:

• generate SSH key ssh-keygen -t rsa
• choose private key save location or leave empty for default /Users/username/.ssh/id_rsa, choose passphrase for private key if you want (I usually leave empty)
• cat /Users/username/.ssh/id_rsa.pub to see public key, copy and import it to where you need. TIP: sometimes when copying off the command line, it adds line-breaks that you need to delete when pasting elsewhere.
• ssh-add /Users/user/.ssh/id_rsa to load private key in terminal
• ssh-keygen -R 123.123.123.123 – solves the “known host issue” by removing a known host. Useful for when you rebuild a server but keep the same IP.

SSH key – generate on Linux:

• generate SSH key ssh-keygen -t rsa -b 4096, and press enter through all the prompts (about 3).
• cat /root/.ssh/id_rsa.pub to see public key.
• cat /root/.ssh/id_rsa to see private key.

Navigating around command line (full guide):

• ls, ls -a – list files in directory, use ls -S to sort by size or ls -Sr to reverse order, show hidden files
• ls -l – list files but also show permissions, # of hardlinks, file owner and group, size and modification time. You can combine together ls -la
• ls *.php – lists only files with .php extension.
• cd – goes to user home directory.
• cd / – goes to root directory. cd or cd ~ goes to user home directory (of whichever user is logged in). cd returns to default working directory in linux (ideally, the root but often not the case)
• cd [directoryname] is relative whereas cd /directory is absolute
• cd .. – goes up to parent directory
• cd - – goes to previous directory
• pwd – shows path to current directory
• clear or CTRL+L to clear the screen

Files & Directories (create, delete, move, copy, archive):

• mkdir test – make directory called “test”, rmdir test removes it
• rm test – delete file or directory called “test”
• rm -rf test – deletes “test” directory without prompting you for every file
• rm -rf *test* – deletes all files/directories with the string “test” in the name.
• rm -fv *.txt removes all files in current directory with “.txt” extension.
• find . -name *.ext -type f -delete deletes all files with “ext” extension including within subdirectories. Other options.
• cp test /location – copy “test” file or directory to “/location” directory. Other options.
• cp oldname.txt newname.txt copies file to new name in same directory.
• 'cp' -R -rf file location use this to do recursive overwrite without any prompt.
• cp -avr /path/dir1 /path/dir2 copies one directory (and contents) to another.
• mv test /location – move “test” to “/location” directory. Use mv -f to force overwrites. Other options.
• mv oldname.txt newname.txt – renames the file. mv command also used for renaming directories as well.
• tar -czvf folder.tar.gz folder – archive “folder” directory into folder.tar.gz file. Other compression commands.
• tar -xzvf folder.tar.gz – extract archive in current working directory. Other options.
• gzip -d database.sql.gz – extract sql.gz files.
• zip -r folder.zip folder archives the “folder” directory into zip format. You don’t actually need to put “.zip” but I find it makes the command easier to remember. (Don’t forget the -r option as it makes the command recursive and includes every file within subdirectories as well.)
• unzip folder.zip unzips archive to current directory.
• Hide files and show hidden files

Files & Directories (ownership, permissions):

• Change file ownership – chown USER:GROUP FILE or chown -R USER:GROUP FILE for recursive. Useful after migrating files from another server and they don’t work. Another link.
• chmod -R 755 /path/to/file.php changes that file permission to 755. For more explanations about change permissions and recursively change permissions (symbolic vs numeric method).
• find /path/to/dir -type d -exec chmod 755 {} \; and find /path/to/dir -type f -exec chmod 644 {} \; are much betters ways to recursively set all directory permissions to 755 and file permissions to 644 (as common web practice).
• save command output to a file https://askubuntu.com/questions/420981/how-do-i-save-terminal-output-to-a-file

Files (searching & hack detection):

• grep -r "string" /home/user – (recursively) searches all instances of “string” for all files within /home/user directory. Can also do grep -r -l 'pattern' /path/to/dir to list only the files. Example patterns.
• find /home/user -type f -name "something.php" – searches /home/user directory for all files named “something.php”.
• find /home/user -type f -ctime -7 – searches all files within /home/user directory changed within 7 days or less. (Change to + sign if you want to search for changes older…usually uncommon.)
• find /home/user -type f -name "*.php" -ctime -30 – finds all files with .php extension changed within past 30 days. More find examples.
• find /etc -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort – finds most recently changed files, listed in order of less recent to most recent. More find examples.
• zgrep -Eo "string" /path/to/gzippedfile.gz – searches for the text “string” within an archive. Can use all grep options.
• find . -type f | wc -l – counts number of total files in current directory and subdirectories

File Transfer:

• wget https://address.com/to/file.zip – download external file to current working directory
• curl -0 https://addres.com/to/file.zip can also work if wget doesn’t (other alternatives to wget)
• rsync -a [email protected]:/remote/dir /local/dir copies (pulls) remote directory to local directory.
• rsync -a /local/dir [email protected]:/remote/dir copies (pushes) local directory to remote directory.
• rsync -avz --rsh='ssh -p2220' /local/dir [email protected]:/remote/dir pushes to remote site using specified ssh port 2220.
• sftp user@IPorhostname:/path/to/file /local/dir downloads remote file via SFTP to specific directory. This command will ask you for SFTP password. Can also try this command with “scp -r” instead of “sftp” if you need recursive copy.

SFTP:

• sftp user@serverIP_or_hostname – do this from destination server. (Use sftp -oPort=1234 user@serverIP_or_hostname if there’s a custom SFTP port other than 22.)
• Use cd and ls commands to navigate around the remote computer.
• get filename.zip – to download file local.
• Reference link

VI/vim text editor:

• vi filename.txt – opens file in vi editor, this command also creates file if it doesn’t exist
• : enters normal mode (aka “command mode” by some documentation. Vi starts in this mode already.
• to enter “insert” mode (aka editing) from normal mode:
  • i enters text before cursor, I enters at beginning of line
  • a enters after cursor, A enters at end of line
  • o starts new line above current line, O starts new line after current line
• press[ESC] after editing – to switch back to normal mode
• dd (from normal mode) – deletes current line behind cursor. Other delete commands.
• G (normal mode) – skips to last line
• :q! (normal mode) – quit without saving
• :wq (normal mode) – quit with saving, :w saves but doesn’t quit
• cat /path/to/file – prints the file.
• cat /path/to/file | more – prints file but showing full lines.
• grep database wp-config.php – prints only lines with the string “database” in wp-config.php.
• grep -A 1 "database" wp-config.php – prints all lines with “database” (but also INCLUDING 1 line after). Can use -B 1 to show 1 line before, or -C 1 to show both one line before and after.

Disks, usage & space:

• Check available space – df (default), df -h (friendly KB/MB/GB format), df -l (local size only)
• du -sh * – check sizes within current directory
• df -k
• df -k /tmp – checks free space of “/tmp” directory
• sudo du -a /home/ | sort -n -r | head -n 20 – lists largest files in “/home” directory.
• find large files
• mount
• unmount – umount /path/to/mount (removes from /etc/fstab)
• view mounts – cat /etc/fstab
• disk space commands and more du commands
• du -hsx /* | sort -rh | head -10

Ports:

• Check for listening ports sudo lsof -i -P -n | grep LISTEN

Processes:

• kill processes – pkill 12345, replacing “12345” with actual process ID

Databases (MySQL & MariaDB):

• restart MariaDB – systemctl start mariadb
• export (aka “dump”) mysql database into a file – mysqldump -u dbuser -p dbname > dbfile.sql, you will be prompted for password
• import sql file into db (assuming db’s and users already created) – mysql -u dbuser -p dbname < dbfile.sql, you will be prompted for password. (Add -f flag after the “-p” to force an import to skip errors.)
• cat /root/.my.cnf – recover mysql root pass, or reset it
• managing databases and users from SSH, nice video and explanation
• creating databases and users from SSH
• curious about trying non-default mysql configs? Try this.

MySQL commands (for MySQL/MariaDB shell/prompt):

• mysql -u user -p logs you in, exit logs you out
• SHOW DATABASES; list all databases
• CREATE DATABASE database_name; – creates DB
• DROP DATABASE database_name; – drops DB
• SELECT user, host FROM mysql.user; – list all DB users
• CREATE USER 'database_user'@'localhost' IDENTIFIED BY 'user_password'; – creates DB user
• DROP USER 'database_user'@'localhost'; – deletes DB user
• GRANT ALL PRIVILEGES ON database_name.* TO 'database_user'@'localhost'; – grant all privileges to specified user for specified database
• GRANT ALL PRIVILEGES ON *.* TO 'database_user'@'localhost'; – grant all privileges to specified user for all databases
• REVOKE ALL PRIVILEGES ON database_name.* TO 'database_user'@'localhost'; – revoke privileges
• SHOW GRANTS FOR 'database_user'@'localhost'; – see all user privileges
• show global variables like 'log_error' – show location of error log file.

LiteSpeed web server:

• installing LS
• reset LS console pass – cd /usr/local/lsws/admin/misc and then ./admpass.sh
• version check – /usr/local/lsws/bin/lshttpd -v
• start LS – /usr/local/lsws/bin/lswsctrl start
• restart LS – /usr/local/lsws/bin/lswsctrl reload
• upgrade OLS – yum update', then 'yum upgrade openlitespeed
• enable crawler (cPanel) – vi /etc/apache2/conf.d/includes/pre_main_global.conf and add
• view logs /tmp/lshttpd/.status
• More LS license commands

WHM/cPanel:

• refresh disk quota
• license check
• force run backups – /usr/local/cpanel/bin/backup --force (more info)
• update WHM /scripts/upcp or /scripts/upcp --force (if it’s already updated)
• Reset max deferred email limit – delete `rm /var/cpanel/email_send_limits/max_deferfail_thedomain.com`

CyberPanel:

• Error logs – cat /home/cyberpanel/error-logs.txt (log files on CyberPanel)
• Cron schedules – /etc/crontab clear out unnecessary cronjobs eating up server resources (backups)

Security:

• CSF firewall – CSF firewall installation and basic commands
• opening port 1234 – iptables -I INPUT -p tcp --dport 1234 -j ACCEPT
• closing ports 111 – iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP, iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP
• sudo dmesg -n 1 – disable annoying kernel messages
• Security log-scanning commands, please see Recovering from HACKED server

Firewalld:

• systemctl status firewalld – check status
• systemctl start firewalld – start it
• systemctl enable firewalld – enables it
• firewall-cmd --list-all, firewall-cmd --list-ports
  – see open ports, alternate: for s in firewall-cmd --list-services; do firewall-cmd --permanent --service "$s" --get-ports; done;`
• open port, firewall-cmd --permanent --add-port=1234/tcp (using whichever port number you need) , then firewall-cmd --reload
• systemctl stop firewalld – stops it
• systemctl disable firewalld – disables it

Configuration files (common locations):

Logs (locations, common commands, hack detection):

• tail /path/to/log shows last 10 lines of log file
• tail -n 100 /path/to/log shows last 100 lines
• tail -f /path/to/log keeps watching last 10 lines of log file
• You can also use “less +F” (but generally not for big files)
• grep "abc" /file/name to find lines with the string “abc” in them. See other grep examples. Using Tail, Grep, Journalctl.
• grep -i "xmlrpc" access_log – searches all instances of “xmlrpc” in log file, i option means case-insensitive.
• sudo truncate -s 0 /var/log/* or >/var/log/*(if root user) to truncate log files instead of deleting them (which causes problems when services try to recreate them, and may require service reinstall). Helpful option if you didn’t want to install/configure logrotate.

Disks (format, partition, mount):

• df -Th show mounted disks/partitions and file systems
• lsblk show attached storage disks
• Partition & format disk – sudo fdisk /dev/diskname replace “diskname” with what you want (usually sda1/vdb1). From partition command line, n follow defaults, then a to make it bootable (if needed), p to check that it partitioned correctly, and w to write these partition changes. Try lsblk afterwards to check everything worked.
• sudo mkfs.ext4 /dev/partitionname partition name is usually disk name with a partition number (sda1, sda2, etc). You can also switch ext4 file system to something else like xfs.
• Mount new disk – sudo mkdir /disk1 to create new “disk1” directory in your root (use another name if you want). sudo mount /dev/partitionname /disk1 mounts partition to the directory.
• https://upcloud.com/community/tutorials/adding-removing-storage-devices/ for more info on automatically mounting at boot, etc.

Scripts:

• bash scriptname.sh to run the script, sh scriptname.sh is another option