Troubleshooting (files):
Find a file or directory
find / -type f -name "filename" 2>/dev/null
find / -type d -name "dirname" 2>/dev/null
find files that contain a pattern
find . -type f -exec grep -l 'version' {} \;
Troubleshooting (system):
Check logs if a service has executed/failed before (I needed to check if logrotate was running daily, also checked for rsyslog after)
journalctl | grep logrotate
check if machine is a vm or barebone
dmidecode -s system-manufacturer
check folder disk usage
du -hs * | sort -h
check open port
(echo > /dev/tcp/10.254.4.54/22) >/dev/null 2>&1 && echo "It's up" || echo "It's down"
check for listening ports
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo lsof -i:22 ## see a specific port such as 22 ##
sudo nmap -sTU -O IP-address-Here
Troubleshooting (SSL):
Check expiry date on .pem file
openssl x509 -enddate -noout -in /path/to/certificate.pem
Maintenance:
dry-run an update on OS
sudo yum check-update
Check if a reboot is required
needs-restarting -r
remove cache of updates for old data
rm -rf /var/cache/yum
block icmp
sysctl -w net.ipv4.icmp_echo_ignore_all=1
File manipulation:
remove empty lines from file
sed -i '/^$/d' <filename>
Account control:
change to root
sudo -i
Grep sudo users
rm -f /tmp/names; for user in $(getent passwd | cut -d: -f1); do count=$((count+1)); if sudo -l -U "$user" | grep -q "ALL"; then echo "$user" >> /tmp/names; echo "Checked $count of $(getent passwd | cut -d: -f1 | wc -l) users."; fi; done; clear; cat /tmp/names; rm -f /tmp/names
Logrotate Configuration Cheat Sheet:
This cheat sheet provides an extensive list of Logrotate configuration directives, their descriptions, and examples.
Use this as a quick reference to master log rotation on Unix-like systems.
Basic structure:
Each configuration block is tied to a log file or set of log files. Example:
/var/log/example.log {
daily
rotate 7
compress
missingok
notifempty
create 0640 root adm
}
Configuration Directives & Examples:
Basic Settings:
rotate <count>
Keep
daily | weekly | monthly | yearly
Frequency of rotation.
Compression Options:
compress
Compress old versions of log files with gzip.
nocompress
Do not compress old logs.
delaycompress
Postpone compression to the next rotation cycle (used with compress).
File Handling:
missingok
Ignore missing log files and don’t issue an error.
notifempty
Do not rotate the log if it is empty.
ifempty
Rotate the log even if it is empty (default behavior).
create <mode> <owner> <group>
Create a new log file with specified permissions.
copy
Make a copy of the log file and truncate the original.
copytruncate
Truncate the original log file after copying it (useful for active logs).
Date & Naming:
dateext
Append an extension with the current date to rotated log files.
dateformat .%Y-%m-%d
Custom format for dateext (e.g., .2025-06-06).
extension <ext>
Force specific extension for rotated files (e.g., .log).
Size-Based Rotation:
maxage <days>
Remove rotated logs older than
minsize <size>
Rotate only if log size is above
size <size>
Rotate if log file size meets threshold, regardless of time.
maxsize <size>
Do not rotate if log is larger than specified size.
Directory & Scripts:
olddir <dir>
Move rotated logs to a specified directory.
sharedscripts
Run postrotate script once for all matching logs.
postrotate/endscript
Script to run after log rotation.
prerotate/endscript
Script to run before log rotation.
firstaction/endscript
Run only once before rotation begins (before prerotate).
lastaction/endscript
Run once after rotation finishes (after postrotate).
tabooext + <ext>
Treat additional extensions as taboo (not rotated).
Full Example Configuration:
/var/log/myapp/*.log {
daily
rotate 10
size 100M
compress
delaycompress
missingok
notifempty
create 0640 appuser adm
sharedscripts
postrotate
systemctl reload myapp > /dev/null 2>&1 || true
endscript
}
Tips:
- Run
logrotate -d <config>to debug your config without applying changes. - Use
logrotate -f <config>to force rotation for testing. - Logrotate is typically triggered via cron or systemd timers.
- Keep your config DRY by centralizing shared logic in /etc/logrotate.conf and using includes.
LVM cheatsheet
Acronyms you must know
- PV = Physical Volume
- VG = Volume Group
- LV = Logical Volume
PV1 PV2 PV3 PV4
\ | | /
VG1 VG2
| | \
LV1 LV2 LV3
Step-by-Step LVM Setup
1. Add a Physical Disk
connect a physical/virtual disk to your system.
Overview of block devices
lsblk
Used/available space on mounted filesystems
df -h
2. Create Physical Volumes
Info
pvck # Check PV metadata
pvdisplay # Display PV attributes
pvs # Report PV information
pvscan # Scan for PVs
Create
pvcreate /dev/sda /dev/sdb /dev/sdc /dev/sdd
Delete
pvremove /dev/sdX
Edit
pvchange # Change PV attributes
pvmove # Move physical extents
pvresize # Resize PV
3. Create Volume Groups
Info
vgck # Check VG metadata
vgdisplay # VG attributes
vgs # Report VG info
vgscan # Scan for VGs
Create
vgcreate vg0 /dev/sda
Delete
vgremove vg_name
Edit
vgcfgbackup # Backs up volume group (VG) metadata
vgcfgrestore # Restores VG metadata from backup
vgchange # Change VG attributes
vgconvert # Metadata format change
vgexport # Exports a VG to make it unknown to the system
vgimport # Imports a VG previously exported
vgimportclone # Imports and renames a VG to avoid conflicts
vgmerge # Merges two VGs into one
vgsplit # Splits a VG into two separate VGs
vgextend vg0 /dev/sdc /dev/sdd # Adds physical volumes to a VG
vgreduce # Removes physical volumes from a VG
vgrename # Renames a VG
vgmknodes # Recreates device nodes for LVM devices
4. Create Logical Volumes
Info
lvdisplay # Show LV attributes
lvmdiskscan # Scan for devices
lvs # Report info
lvscan # Scan for LVs
Create
lvcreate -n lvbackup -L 50G vgbackup -r
Delete
lvremove /dev/vg_name/lv_name
Edit
lvchange # Change LV attributes
lvconvert # Mirror/snapshot conversion
lvextend /dev/vg_name/lv_name
lvreduce # Reduce size
lvresize # Resize
lvrename # Rename
resize2fs /dev/vg0/lv_root # Resize filesystem
xfs_growfs -d /dev/vg-group-name/lv-name
5. Create a filesystem on your Logical Volume
mkfs.ext4 /dev/vgbackup/lvbackup
6. Mounting the Logical Volume
blkid /dev/vgbackup/lvbackup # Get UUID
mkdir /path/to/folder # Mount point
vim /etc/fstab # Add entry with UUID
mount -a # Mount all from fstab
Overview Commands
pvs # List physical volumes
vgs # List volume groups
lvs # List logical volumes
pvdisplay
vgdisplay
lvdisplay
Snapshotting
lvcreate --size 1G --snapshot --name snap_name /dev/vg0/lvdata
lvconvert --merge /dev/vg0/snap_name
Filesystem Resize After LV Resize
lvextend -L +10G /dev/vgbackup/lvbackup
resize2fs /dev/vgbackup/lvbackup
xfs_growfs /path/to/your/mount/point
Helpful Tips
- Always back up metadata:
vgcfgbackup - Reload partition tables without rebooting:
partprobe /dev/sdX
fdisk cheatsheet:
fdisk is a powerful, text-based utility used to create, delete, and manage disk partitions in Linux systems. It supports MBR (Master Boot Record) partition tables and is best suited for systems not using GPT (GUID Partition Table).
Basic syntax
fdisk [options] /dev/sdX
Where /dev/sdX is the disk you want to operate on (e.g., /dev/sda, /dev/sdb).
Always double-check the disk name to avoid data loss.
Key commands in fdisk interactive mode
| Command | Description |
|---|---|
| m | Print help menu |
| p | Display existing partition table |
| n | Create a new partition |
| d | Delete a partition |
| t | Change a partition’s system ID (type) |
| a | Toggle bootable flag |
| w | Write changes and exit |
| q | Quit without saving changes |
Common workflow examples
1. View partition table
sudo fdisk -l
Lists all disks and their partitions.
2. Start fdisk on a specific disk
sudo fdisk /dev/sdX
Enters interactive mode.
3. Create a new partition
Command (m for help): n
Select default or choose primary (p) or extended (e)
Partition number: 1
First sector: [Press Enter to accept default]
Last sector: +1G # or specify size like +20G
4. Change partition type
Command (m for help): t
Partition number: 1
Hex code (type L for list): 83 # Linux filesystem
5. Set bootable flag
Command (m for help): a
Partition number: 1
6. Write changes to disk
Command (m for help): w
Writes the partition table to disk and exits.
7. Quit without saving
Command (m for help): q
Exits without modifying the disk.
Important options
-f # Use a script file
-l # List partition tables for all devices
-u # Display sectors in cylinders or sectors
Partition type codes
| Code | Filesystem Type |
|---|---|
| 83 | Linux |
| 82 | Linux swap |
| 7 | HPFS/NTFS/exFAT |
| b | W95 FAT32 |
| c | W95 FAT32 (LBA) |
| a5 | FreeBSD |
To list all type codes:
Command (m for help): L
Post partitioning
After creating partitions, always format them:
mkfs.ext4 /dev/sdX1
mkfs.vfat /dev/sdX2
Mount the partition:
mount /dev/sdX1 /mnt/mydisk
Helpful tips
- Use
partprobeor reboot after changing partition table:sudo partprobe /dev/sdX - Use
lsblkorblkidto view and identify new partitions:lsblk blkid
TCPDump cheatsheet
General Syntax
tcpdump [options] [expression]
Packet Capturing Options
| Switch | Syntax | Description |
|---|---|---|
| -i any | tcpdump -i any | Capture from all interfaces |
| -i eth0 | tcpdump -i eth0 | Capture from specific interface ( Ex Eth0) |
| -c | tcpdump -i eth0 -c 10 | Capture first 10 packets and exit |
| -D | tcpdump -D | Show available interfaces |
| -A | tcpdump -i eth0 -A | Print in ASCII |
| -w | tcpdump -i eth0 -w tcpdump.txt | To save capture to a file |
| -r | tcpdump -r tcpdump.txt | Read and analyze saved capture file |
| -n | tcpdump -n -I eth0 | Do not resolve host names |
| -nn | tcpdump -n -i eth0 | Stop Domain name translation and lookups (Host names or port names ) |
| tcp | tcpdump -i eth0 -c 10 -w tcpdump.pcap tcp | Capture TCP packets only |
| port | tcpdump -i eth0 port 80 | Capture traffic from a defined port only |
| host | tcpdump host 192.168.1.100 | Capture packets from specific host |
| net | tcpdump net 10.1.1.0/16 | Capture files from network subnet |
| src | tcpdump src 10.1.1.100 | Capture from a specific source address |
| dst | tcpdump dst 10.1.1.100 | Capture from a specific destination address |
<service> | tcpdump http | Filter traffic based on a port number for a service |
<port> | tcpdump port 80 | Filter traffic based on a service |
| port range | tcpdump portrange 21-125 | Filter based on port range |
| -S | tcpdump -S http | Display entire packet |
| ipv6 | tcpdunp -IPV6 | Show only IPV6 packets |
| -d | tcpdump -d tcpdump.pcap | display human readable form in standard output |
| -F | tcpdump -F tcpdump.pcap | Use the given file as input for filter |
| -I | tcpdump -I eth0 | set interface as monitor mode |
| -L | tcpdump -L | Display data link types for the interface |
| -N | tcpdump -N tcpdump.pcap | not printing domian names |
| -K | tcpdump -K tcpdump.pcap | Do not verify checksum |
| -p | tcpdump -p -i eth0 | Not capturing in promiscuous mode |
Logical Operators
| Operator | Syntax | Example | Description |
|---|---|---|---|
| AND | and, && | tcpdump -n src 192.168.1.1 and dst port 21 | Combine filtering options |
| OR | or, | ||
| EXCEPT | not, ! | tcpdump dst 10.1.1.1 and not icmp | Negation of the condition |
| LESS | < | tcpdump <32 | Shows packets size less than 32 |
| GREATER | > | tcpdump >=32 | Shows packets size greater than 32 |
Output options
| Switch | Description |
|---|---|
| -q | Quite and less verbose mode display less details |
| -t | Do not print time stamp details in dump |
| -v | Little verbose output |
| -vv | More verbose output |
| -vvv | Most verbose output |
| -x | Print data and headers in HEX format |
| -xx | Print data with link headers in HEX format |
| -X | Print output in HEX and ASCII format excluding link headers |
| -XX | Print output in HEX and ASCII format including link headers |
| -e | Print Link (Ethernet) headers |
| -S | Print sequence numbers in exact format |
Protocols
- Ether
- fddi
- icmp
- ip
- ip6
- ppp
- radio
- rarp
- slip
- tcp
- udp
- wlan
Common Commands with Protocols for Filtering Captures
| Command | Description |
|---|---|
| src/ dsthost (host name or IP) | Filter by source or destination IP address or host |
| ether src/ dst host (ethernet host name or IP) | Ethernet host filtering by source or destination |
| src/ dstnet (subnet mask in CIDR) | Filter by subnet |
| tcp/udp src/dst port ( port number) | Filter TCP or UDP packets by source or destination port |
| tcp/udp src/dst port range ( port number range) | Filter TCP or UDP packets by source or destination port range |
| ether/ip broadcast | Filter for Ethernet or IP broadcasts |
| ether/ip multicast | Filter for Ethernet or IP multicasts |
Script: add sudo user
Create a sudo user that won’t prompt for password on executing sudo commands.
#!/bin/bash
# Ensure script is run as root
if [[ $EUID -ne 0 ]]; then
echo "❌ This script must be run as root"
exit 1
fi
# Prompt for new username
read -p "Enter new username: " username
# Check if user already exists
if id "$username" &>/dev/null; then
echo "⚠️ User '$username' already exists."
exit 1
fi
# Prompt for password (silent input)
read -s -p "Enter password for $username: " password
echo
read -s -p "Confirm password: " password_confirm
echo
# Check passwords match
if [[ "$password" != "$password_confirm" ]]; then
echo "❌ Passwords do not match."
exit 1
fi
# Create user with home directory and bash shell
useradd -m -s /bin/bash "$username"
# Set user password
echo "${username}:${password}" | chpasswd
# Add user to sudo group
usermod -aG sudo "$username"
# Create a sudoers file to allow passwordless sudo
echo "$username ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$username"
chmod 440 "/etc/sudoers.d/$username"
echo "✅ User '$username' created with bash shell and passwordless sudo access."