Cheat Sheet System Admin

The Ultimate System Administrator’s Cheat Sheet: Essential Commands, Concepts, and Troubleshooting

This comprehensive system administrator’s cheat sheet provides a rapid reference for critical commands, common configurations, and essential troubleshooting techniques across various operating systems and core IT infrastructure components. Its purpose is to maximize efficiency, reduce downtime, and empower sysadmins with immediate access to vital information. We will delve into Linux command-line utilities, Windows Server management, networking fundamentals, virtualization, cloud computing basics, security best practices, and crucial troubleshooting methodologies.

Linux Command-Line Essentials

The Linux command line is the backbone of many server environments. Mastering these fundamental commands is paramount for effective administration.

• File and Directory Management:

  • ls: List directory contents. Options: -l (long listing), -a (show hidden files), -h (human-readable sizes).
  • cd: Change directory. cd .. (up one level), cd ~ (home directory).
  • pwd: Print working directory.
  • mkdir: Create a new directory.
  • rmdir: Remove an empty directory.
  • cp: Copy files and directories. Options: -r (recursive for directories), -p (preserve attributes).
  • mv: Move or rename files and directories.
  • rm: Remove files and directories. Options: -r (recursive), -f (force). Use with extreme caution.
  • touch: Create an empty file or update timestamps.
  • cat: Concatenate and display file content.

• Text Manipulation and Searching:

  • grep: Search for patterns in files. Options: -i (case-insensitive), -v (invert match), -r (recursive), -n (line numbers).
  • sed: Stream editor for filtering and transforming text. Common usage: sed 's/old/new/g' file.
  • awk: Pattern scanning and processing language. Useful for columnar data.
  • head: Display the beginning of a file.
  • tail: Display the end of a file. Option: -f (follow file for changes, essential for log monitoring).
  • sort: Sort lines of text files.
  • uniq: Report or omit repeated lines.
  • diff: Compare files line by line.

• Process Management:

  • ps: Report a snapshot of current processes. Options: aux (all processes, user-oriented format), ef (full format listing).
  • top: Display dynamic real-time view of running processes. k to kill a process, q to quit.
  • htop: An interactive, more user-friendly version of top.
  • kill: Terminate a process. Use kill -9 <PID> for forceful termination.
  • killall: Kill processes by name.
  • nice: Run a program with a modified scheduling priority.
  • renice: Change the priority of a running process.

• System Information and Monitoring:

  • uname: Print system information. Option: -a (all information).
  • df: Report file system disk space usage. Option: -h (human-readable).
  • du: Estimate file space usage. Option: -sh (summary, human-readable).
  • free: Display amount of free and used memory. Option: -h (human-readable).
  • iostat: Report CPU statistics and I/O statistics for devices and partitions.
  • vmstat: Report virtual memory statistics.
  • dmesg: Print the kernel ring buffer message. Essential for hardware and driver issues.
  • sysctl: Tune kernel parameters at runtime.

• User and Permissions Management:

  • useradd, usermod, userdel: Add, modify, or delete user accounts.
  • groupadd, groupmod, groupdel: Manage groups.
  • chmod: Change file mode bits (permissions). Syntax: chmod [ugoa][+-=][rwx] file. Octal notation: 755, 644.
  • chown: Change file owner and group.
  • sudo: Execute a command as another user (typically root).

• Networking Commands:

  • ping: Send ICMP ECHO_REQUEST to network hosts.
  • traceroute/mtr: Trace the route to a network host. mtr is often preferred for its continuous updates.
  • ip addr show / ifconfig (older): Display network interface configuration.
  • netstat -tulnp: List listening network ports and associated processes.
  • ss -tulnp: A modern replacement for netstat.
  • dig: Query DNS name servers.
  • nslookup: Query Internet domain name servers (older).
  • wget/curl: Download files from the web. curl is more versatile for API interactions and data transfer.
  • iptables/firewalld: Configure Linux firewall rules.

• Package Management:

  • Debian/Ubuntu (apt):
    • apt update: Refresh package lists.
    • apt upgrade: Upgrade installed packages.
    • apt install <package>: Install a package.
    • apt remove <package>: Remove a package.
    • apt search <package>: Search for packages.
    • apt show <package>: Display package details.
  • Red Hat/CentOS/Fedora (yum/dnf):
    • yum update / dnf update: Update all packages.
    • yum install <package> / dnf install <package>: Install a package.
    • yum remove <package> / dnf remove <package>: Remove a package.
    • yum search <package> / dnf search <package>: Search for packages.
    • yum info <package> / dnf info <package>: Display package details.

Windows Server Management Essentials

Windows Server environments require a different set of tools and approaches.

• Command Prompt and PowerShell:

  • Command Prompt:
    • ipconfig: Display network configuration. /all for detailed information.
    • ping: Test network connectivity.
    • tracert: Trace route to a destination.
    • netstat: Display network connections, routing tables, etc.
    • tasklist: Display running processes.
    • taskkill /IM <ImageName.exe> or /PID <ProcessID>: Terminate tasks.
    • sfc /scannow: System File Checker to repair corrupted system files.
    • chkdsk: Check and repair disk errors.
  • PowerShell: A much more powerful object-oriented shell.
    • Get-NetIPAddress: Get network interface configuration.
    • Test-Connection: Equivalent to ping.
    • Trace-Command: Equivalent to tracert.
    • Get-NetTCPConnection: Equivalent to netstat.
    • Get-Process: Get running processes.
    • Stop-Process -Name <ProcessName> or -Id <ProcessId>: Terminate processes.
    • Get-WindowsUpdate: Query available updates.
    • Invoke-Command -ComputerName <RemoteComputer> -ScriptBlock {...}: Run commands on remote servers.

• Server Manager: A graphical console for managing roles and features, local users and groups, and event logs.

• Active Directory Users and Computers (ADUC): For managing users, groups, and organizational units (OUs).

• Group Policy Management Console (GPMC): For defining and enforcing configurations across the domain.

• Event Viewer: Crucial for troubleshooting. Filters by level (Error, Warning, Information), source, and time range are essential. Key logs: System, Application, Security.

• Task Manager: Real-time process, performance, and startup application monitoring.

• Resource Monitor: Advanced performance monitoring tool providing detailed CPU, Memory, Disk, and Network usage.

• Registry Editor (regedit): For modifying the Windows Registry. Use with extreme caution.

• Services Console (services.msc): For starting, stopping, and configuring Windows services.

• Disk Management: For partitioning, formatting, and managing hard drives.

• Performance Monitor: For collecting and analyzing performance counter data over time.

Networking Fundamentals and Troubleshooting

A strong understanding of networking is critical for any sysadmin.

• TCP/IP Model (Simplified):

  • Application Layer: HTTP, FTP, DNS, SMTP.
  • Transport Layer: TCP (reliable, connection-oriented), UDP (unreliable, connectionless).
  • Internet Layer: IP (addressing and routing), ICMP (error reporting).
  • Network Interface Layer: Ethernet, Wi-Fi (physical transmission).

• Key Concepts:

  • IP Addressing: IPv4 (e.g., 192.168.1.1), IPv6 (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). Subnet masks determine network vs. host portions.
  • Subnetting: Dividing a larger network into smaller ones.
  • DNS (Domain Name System): Resolves hostnames to IP addresses.
  • DHCP (Dynamic Host Configuration Protocol): Automatically assigns IP addresses and network configurations.
  • Gateways: The device (router) that connects a local network to other networks.
  • Firewalls: Network security devices that control incoming and outgoing network traffic.
  • VLANs (Virtual Local Area Networks): Segmenting a physical network into multiple logical networks.
  • NAT (Network Address Translation): Allows multiple devices on a private network to share a single public IP address.

• Common Networking Problems & Troubleshooting Steps:

  • No Connectivity:
    • Check physical cables.
    • ping the gateway, then external IPs (e.g., 8.8.8.8).
    • Check IP address, subnet mask, and default gateway configuration (ip addr show, ipconfig).
    • traceroute to identify the point of failure.
    • Check DNS resolution (dig, nslookup).
    • Verify firewall rules.
  • Slow Network Performance:
    • Monitor bandwidth usage (iftop, nload, Task Manager’s Resource Monitor).
    • Check for network congestion (high latency, packet loss).
    • Identify bandwidth hogs.
    • Check for duplex mismatches on network interfaces.
    • Test network throughput with tools like iperf3.
  • Application-Specific Issues:
    • Check listening ports (netstat -tulnp, ss -tulnp, Get-NetTCPConnection).
    • Verify firewall rules for specific ports.
    • Test connectivity to the specific service’s IP and port.

Virtualization and Cloud Computing Basics

• Virtualization Concepts:

  • Hypervisor: Software that creates and runs virtual machines (VMs). Types: Type 1 (bare-metal, e.g., VMware ESXi, Hyper-V) and Type 2 (hosted, e.g., VirtualBox, VMware Workstation).
  • VMs: Emulated computer systems running on host hardware.
  • Snapshots: Point-in-time copies of a VM’s state, useful for backups and testing.
  • Cloning: Creating an exact copy of a VM.
  • vMotion/Live Migration: Migrating a running VM from one host to another without downtime.

• Common Virtualization Platforms: VMware vSphere, Microsoft Hyper-V, KVM, Xen.

• Cloud Computing Concepts:

  • IaaS (Infrastructure as a Service): Provides virtualized computing resources over the internet (e.g., AWS EC2, Azure VMs, Google Compute Engine).
  • PaaS (Platform as a Service): Provides a platform for developing, running, and managing applications (e.g., Heroku, AWS Elastic Beanstalk, Azure App Service).
  • SaaS (Software as a Service): Software delivered over the internet on a subscription basis (e.g., Google Workspace, Microsoft 365, Salesforce).
  • Public Cloud: Resources owned and operated by third-party providers (AWS, Azure, GCP).
  • Private Cloud: Cloud infrastructure dedicated to a single organization.
  • Hybrid Cloud: A combination of public and private clouds.

• Cloud Provider CLI Tools: AWS CLI, Azure CLI, gcloud (Google Cloud SDK). Essential for scripting and automation.

Security Best Practices

• Principle of Least Privilege: Grant users and applications only the minimum permissions necessary.
• Regular Patching and Updates: Keep operating systems and applications updated to fix vulnerabilities.
• Strong Password Policies: Enforce complexity, length, and regular changes. Consider multi-factor authentication (MFA).
• Firewall Configuration: Implement and regularly review firewall rules.
• Intrusion Detection/Prevention Systems (IDS/IPS): Monitor network traffic for malicious activity.
• Log Monitoring and Analysis: Regularly review system and application logs for suspicious activity.
• Regular Backups and Disaster Recovery Planning: Ensure data can be restored in case of failure or attack.
• Secure Remote Access: Use VPNs and SSH with key-based authentication.
• Endpoint Security: Antivirus, anti-malware, and endpoint detection and response (EDR) solutions.
• Network Segmentation: Isolate critical systems from less secure ones.

Essential Troubleshooting Methodology

A systematic approach is crucial for efficient problem-solving.

1. Define the Problem: Clearly understand the symptoms, impact, and affected systems/users.
2. Gather Information: Collect relevant logs (system, application, security), user reports, and configuration details.
3. Formulate a Hypothesis: Based on the gathered information, propose a likely cause for the problem.
4. Test the Hypothesis: Implement a controlled change or diagnostic step to verify or refute the hypothesis.
5. Analyze Results: Evaluate the outcome of the test. Did it resolve the issue? Did it change the symptoms?
6. Iterate or Implement Solution:
   • If the hypothesis was correct, implement the permanent fix.
   • If the hypothesis was incorrect, discard it and form a new one based on new information.
7. Document the Solution: Record the problem, the steps taken, and the resolution for future reference and knowledge sharing.
8. Monitor and Verify: Ensure the problem does not recur and that the solution has no unintended side effects.

Key Troubleshooting Areas and Tools:

• Connectivity: ping, traceroute/mtr, netstat/ss, telnet (for specific ports).
• Performance: top/htop, vmstat, iostat, free, Task Manager, Resource Monitor, Performance Monitor.
• Application Errors: Application-specific logs, Event Viewer, journalctl (Linux).
• Disk Space: df -h, du -sh, Disk Management.
• Permissions: ls -l, chmod, chown, File Explorer/icacls (Windows).
• DNS Issues: dig, nslookup, resolvectl status.
• Service Failures: systemctl status <service>, service <service> status, Services console.

This cheat sheet serves as a foundational reference. Continuous learning, practice, and adaptation to new technologies are essential for effective system administration. Mastering these commands and concepts will significantly enhance your ability to manage, maintain, and troubleshoot complex IT environments.