Sysadmin Cheatsheet
①
Networking Fundamentals
OSI · IPv4 · TCP/UDP · DNS
OSI Model
| # | Layer | Protocol / Tech | Key Role |
|---|---|---|---|
| 7 | Application | HTTP, FTP, DNS, SMTP, SNMP | User-facing data exchange |
| 6 | Presentation | SSL/TLS, JPEG, ASCII | Encoding, encryption, compression |
| 5 | Session | NetBIOS, RPC, PPTP | Open/maintain/close sessions |
| 4 | Transport | TCP, UDP | Segmentation, ports, reliability |
| 3 | Network | IP, ICMP, OSPF, BGP | Logical addressing, routing |
| 2 | Data Link | Ethernet, MAC, ARP, VLANs | Physical addressing, framing |
| 1 | Physical | Cables, hubs, bits, NICs | Raw bit transmission |
IPv4 Address Ranges
| Range | Type | Notes |
|---|---|---|
10.0.0.0/8 | Private | Class A, large networks |
172.16.0.0/12 | Private | Class B (172.16-31.x) |
192.168.0.0/16 | Private | Class C, home/SOHO |
127.0.0.0/8 | Loopback | 127.0.0.1 = localhost |
169.254.0.0/16 | APIPA | Auto-assigned when DHCP fails |
224.0.0.0/4 | Multicast | One-to-many delivery |
0.0.0.0 | Unspecified | Default route / all interfaces |
DNS Record Types
| Record | Purpose | Example |
|---|---|---|
| A | IPv4 address | example.com → 93.184.216.34 |
| AAAA | IPv6 address | example.com → 2606:… |
| CNAME | Canonical alias | www → example.com |
| MX | Mail server | Priority + mail host |
| NS | Nameservers | Delegates zone authority |
| TXT | Text data | SPF, DKIM, site verification |
| SOA | Zone authority | Primary NS, serial, TTLs |
| PTR | Reverse DNS | IP → hostname lookup |
| SRV | Service location | _sip._tcp.example.com |
TCP vs UDP
| Property | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless, no handshake |
| Reliability | Guaranteed delivery, retransmits lost packets | Best-effort, packets may be lost |
| Ordering | Sequenced delivery guaranteed | Out-of-order delivery possible |
| Speed | Slower (overhead from acks, windowing) | Faster, minimal overhead |
| Use cases | HTTP/S, SSH, FTP, SMTP, RDP, databases | DNS, DHCP, VoIP, video streams, NTP |
②
CIDR & Subnets
Subnet masks · Host counts · Block sizes
| CIDR | Subnet Mask | Hosts | Block Size | Example / Use |
|---|---|---|---|---|
/8 | 255.0.0.0 | 16,777,214 | 16M | 10.0.0.0/8 - large org |
/16 | 255.255.0.0 | 65,534 | 64K | 172.16.0.0/16 - campus |
/20 | 255.255.240.0 | 4,094 | 4K | AWS default VPC subnets |
/24 | 255.255.255.0 | 254 | 256 | 192.168.1.0/24 - typical LAN |
/25 | 255.255.255.128 | 126 | 128 | 192.168.1.0/25 - split /24 in half |
/26 | 255.255.255.192 | 62 | 64 | 192.168.1.0/26 - quarter of a /24 |
/27 | 255.255.255.224 | 30 | 32 | 192.168.1.0/27 - small dept segment |
/28 | 255.255.255.240 | 14 | 16 | 192.168.1.0/28 - server cluster |
/29 | 255.255.255.248 | 6 | 8 | Point-to-point link |
/30 | 255.255.255.252 | 2 | 4 | Router-to-router link |
/31 | 255.255.255.254 | 2 | 2 | RFC 3021 p2p (no broadcast) |
/32 | 255.255.255.255 | 1 | 1 | Single host route / loopback |
Tip: Usable hosts = 2n - 2 (subtract network + broadcast). /31 is the exception (RFC 3021).
③
Ports & VPN Technologies
Well-known ports · VPN protocols
Well-Known Ports
| Port(s) | Protocol | Service | Notes |
|---|---|---|---|
| 20 / 21 | TCP | FTP | 20=data, 21=control. Use SFTP/FTPS instead |
| 22 | TCP | SSH / SFTP / SCP | Secure remote shell and file transfer |
| 23 | TCP | Telnet | Plaintext - disable, use SSH |
| 25 | TCP | SMTP | Mail relay between servers |
| 53 | TCP/UDP | DNS | UDP for queries, TCP for zone transfers/large |
| 67 / 68 | UDP | DHCP | 67=server, 68=client |
| 80 | TCP | HTTP | Unencrypted web - redirect to 443 |
| 88 | TCP/UDP | Kerberos | Authentication in AD environments |
| 110 | TCP | POP3 | Email retrieval - use POP3S (995) |
| 123 | UDP | NTP | Time sync - critical for Kerberos/logs |
| 143 | TCP | IMAP | Email access - use IMAPS (993) |
| 161 / 162 | UDP | SNMP | 161=poll, 162=trap. Use v3 with auth |
| 389 | TCP/UDP | LDAP | Directory services - use LDAPS (636) |
| 443 | TCP | HTTPS | HTTP over TLS. Also used by some VPNs |
| 445 | TCP | SMB | Windows file shares - block at perimeter |
| 465 / 587 | TCP | SMTPS / SMTP-TLS | Encrypted mail submission |
| 514 | UDP | Syslog | Log forwarding - use TLS syslog (6514) |
| 636 | TCP | LDAPS | LDAP over TLS |
| 993 | TCP | IMAPS | IMAP over TLS |
| 995 | TCP | POP3S | POP3 over TLS |
| 1433 | TCP | MS SQL Server | Default SQL Server port |
| 1521 | TCP | Oracle DB | Oracle database listener |
| 3306 | TCP | MySQL / MariaDB | Common web app database port |
| 3389 | TCP | RDP | Remote Desktop - never expose to internet |
| 5432 | TCP | PostgreSQL | Default Postgres port |
| 5900 | TCP | VNC | Remote desktop - use only over VPN/tunnel |
| 6379 | TCP | Redis | No auth by default - bind to localhost |
| 8080 / 8443 | TCP | HTTP/S Alt | Dev servers, proxies, alt web services |
| 27017 | TCP | MongoDB | No auth by default - secure before exposing |
VPN Technologies
| Type | Protocol | Port(s) | Notes |
|---|---|---|---|
| IPSec / IKEv2 | ESP / IKE | UDP 500 / 4500 | Fast, native on most OS, preferred for site-to-site |
| OpenVPN | TLS | UDP/TCP 1194 | Flexible, open-source, common for remote access |
| WireGuard | UDP | 51820 | Modern, minimal code, fastest throughput |
| SSL VPN | HTTPS | TCP 443 | Works through firewalls, browser or client-based |
| L2TP/IPSec | L2TP + ESP | UDP 1701 / 500 / 4500 | Common legacy, double-encapsulation overhead; 4500 for NAT-T |
| PPTP | GRE + TCP | TCP 1723 | Obsolete - broken crypto, avoid |
④
Security, Threats & Hardening
Attacks · Hardening · Crypto · Auth
Threat / Attack Reference
| Category | Attack | Description |
|---|---|---|
| Phishing | Phishing / Spear / Whaling | Fraudulent emails targeting all users / specific individuals / executives |
| Phishing | Vishing / Smishing | Voice call or SMS-based social engineering |
| Web App | SQL Injection | Malicious SQL inserted into input fields to query or corrupt the DB |
| Web App | XSS (Cross-Site Scripting) | Injected scripts execute in victim's browser via a trusted site |
| Web App | CSRF | Forged request tricks authenticated user into unwanted action |
| Web App | IDOR | Accessing objects by changing an ID in the URL/request |
| Malware | Ransomware | Encrypts files, demands payment for key |
| Malware | Rootkit | Hides malware presence at OS/kernel level |
| Malware | Keylogger | Records keystrokes to capture credentials |
| Network | MITM | Attacker intercepts communication between two parties |
| Network | ARP Spoofing | Links attacker MAC to legitimate IP to intercept LAN traffic |
| Network | DDoS / SYN Flood | Overwhelm target with traffic / half-open TCP connections |
| Social Eng. | Pretexting / Tailgating | Fabricated scenario to obtain info / following into secure area |
| Insider | Privilege Escalation | Exploiting vuln or misconfiguration to gain higher access |
Hardening Checklist
| Action | |
|---|---|
| DO | Disable unused ports and services |
| DO | Enable MFA / 2FA on all accounts |
| DO | Apply least privilege (PoLP) everywhere |
| DO | Patch OS within 30 days of release |
| DO | Enable host-based firewall (UFW/iptables) |
| DO | Use key-based SSH auth, disable password auth |
| DO | Disable root SSH login (PermitRootLogin no) |
| DO | Encrypt data at rest and in transit |
| DO | Log and monitor all auth events |
| DON'T | Use default credentials on any device |
| DON'T | Run services as root unnecessarily |
| DON'T | Expose RDP / management ports to internet |
| DON'T | Disable SELinux/AppArmor without a plan |
| DON'T | Store plaintext credentials in scripts/repos |
Cryptography Algorithms
| Algorithm | Type | Key Size / Notes |
|---|---|---|
| AES-256 | Symmetric | 256-bit. NIST standard, fastest for bulk data |
| ChaCha20 | Symmetric | Stream cipher, faster than AES on mobile |
| RSA | Asymmetric | 2048+ min (4096 recommended for long-term) |
| ECDSA / ECDH | Asymmetric | ECC - same security as RSA with shorter keys |
| Ed25519 | Asymmetric | Preferred for SSH keys, fast and secure |
| SHA-256 / SHA-3 | Hash | Use for integrity checks, digital signatures |
| bcrypt / Argon2 | Password hash | Argon2 is winner of Password Hashing Competition |
| TLS 1.3 | Protocol | Only version to use - 1.0/1.1 deprecated, 1.2 legacy |
Authentication Methods
| Method | Use Case |
|---|---|
| Password + MFA/TOTP | Baseline for all user accounts |
| SSH Key Pairs (Ed25519) | Server access, CI/CD pipelines |
| PKI / X.509 Certificates | TLS, client auth, code signing |
| OAuth 2.0 / OIDC | Web app delegation, "Sign in with Google" |
| SAML 2.0 | Enterprise SSO, IdP federation |
| Kerberos | Active Directory authentication (tickets) |
| RADIUS | Network access (WiFi 802.1X, VPN auth) |
| LDAP / Active Directory | Centralized user/group directory |
⑤
OS & Commands
Linux · Windows/PS · Storage · RAID · Backup
Linux - Process & Performance
| Command | Description |
|---|---|
top / htop | Real-time process monitor. htop is interactive |
ps aux | All processes with user and CPU/mem usage |
ps aux | grep nginx | Find process by name |
kill -9 <PID> | Force-kill process by PID (SIGKILL) |
pkill -f nginx | Kill all processes matching name pattern |
systemctl status sshd | Check service status (systemd) |
systemctl restart nginx | Restart a systemd service |
systemctl enable nginx | Enable service to start on boot |
journalctl -u nginx -f | Follow systemd logs for a service |
free -h | Memory usage in human-readable format |
vmstat 1 | CPU/IO/memory stats every 1 second |
uptime | System uptime and load averages (1/5/15 min) |
Linux - Networking & Firewall
| Command | Description |
|---|---|
ip addr show | Show all network interfaces and IP addresses |
ip route show | Display routing table |
ss -tulnp | TCP/UDP listening ports with process names |
netstat -tulnp | Listening ports (legacy, use ss on modern systems) |
ping -c 4 8.8.8.8 | Test connectivity (4 packets) |
traceroute 8.8.8.8 | Trace route hops to destination |
nmap -sV -p 1-1000 <IP> | Scan top 1000 ports with service version |
dig example.com A | DNS lookup for A record |
curl -I https://example.com | Fetch HTTP response headers only |
Linux - Files, Permissions & Users
| Command | Description |
|---|---|
chmod 755 file | rwxr-xr-x - owner full, group/other read+exec |
chmod u+x script.sh | Add execute permission for owner |
chown user:group file | Change file owner and group |
find / -perm -4000 | Find all SUID binaries (privilege escalation risk) |
useradd -m -s /bin/bash u | Create user with home dir and bash shell |
usermod -aG sudo username | Add user to sudo group |
passwd username | Set or change user password |
grep -r "error" /var/log/ | Recursively search logs for "error" |
tail -f /var/log/syslog | Follow log file in real-time |
df -h | Disk usage by filesystem in human-readable |
du -sh /var/log/* | Size of each item in /var/log |
tar -czf out.tar.gz /dir | Create gzipped tarball of directory |
rsync -avz src/ dest/ | Sync files with verbose output and compression |
Linux Filesystem Hierarchy
| Path | What Lives Here |
|---|---|
/ | Root of the entire filesystem tree - everything hangs off here |
/bin | Essential user binaries (ls, cp, mv, bash) needed before /usr is mounted |
/sbin | Essential system binaries for root (fdisk, ifconfig, init, fsck) |
/usr | Read-only user data: most installed apps, libraries, and docs go here |
/usr/bin | Non-essential user commands (gcc, python3, git, curl, vim) |
/usr/local | Locally compiled or admin-installed software - not managed by the package manager |
/etc | System-wide configuration files (/etc/ssh/sshd_config, /etc/hosts, /etc/cron.d) |
/var | Variable data that grows: logs (/var/log), mail, spool, databases, package cache |
/var/log | System and service logs (syslog, auth.log, dmesg, journald writes here) |
/tmp | Temporary files - cleared on reboot, world-writable, no exec in hardened configs |
/home | User home directories (/home/alice). Root's home is /root, not here |
/root | Home directory for the root account |
/dev | Device files: disks (/dev/sda), terminals (/dev/tty), null (/dev/null) |
/proc | Virtual FS exposing kernel and process info (/proc/cpuinfo, /proc/meminfo) |
/sys | Virtual FS for kernel devices and drivers - used by udev and hardware management |
/boot | Kernel images, initramfs, and GRUB config - keep separate partition for safety |
/lib | Shared libraries needed by /bin and /sbin at boot |
/opt | Optional third-party software installed as self-contained packages (e.g. /opt/splunk) |
/mnt | Temporary mount point for manually mounted filesystems |
/media | Auto-mount point for removable media (USB drives, DVDs) |
/srv | Service data served to the network (web root, FTP files) |
/run | Runtime data since last boot: PID files, sockets, lock files (tmpfs) |
Windows Filesystem Hierarchy
Drive-letter based (C:, D:). NTFS is standard - supports permissions, ACLs, compression, and encryption.
| Path | What Lives Here |
|---|---|
C:\ | Root of the drive - each volume has its own root under a drive letter |
C:\Windows | OS root containing system binaries, configuration files, and critical subdirectories |
C:\Windows\System32 | 64-bit system executables, DLLs, and management tools (cmd.exe, notepad.exe, etc.) |
C:\Windows\SysWOW64 | 32-bit system binaries for backward compatibility on 64-bit Windows |
C:\Windows\System32\drivers | Kernel-mode drivers (.sys files) loaded at boot |
C:\Windows\Temp | System-wide temporary files - safe to clear periodically |
C:\Program Files | Default install directory for 64-bit applications |
C:\Program Files (x86) | Default install directory for 32-bit applications on 64-bit Windows |
C:\ProgramData | System-wide app data and config shared across all users (hidden by default) |
C:\Users\Public | Shared folder accessible to all local users |
C:\Users\%USERNAME% | Per-user profile root - contains all personal folders and app data |
...\AppData\Roaming | Per-user config that follows domain profiles (Outlook, VS Code settings, etc.) |
...\AppData\Local | Local-only app data: cache, application state, Temp subfolder |
...\AppData\Local\Temp | User-specific temp files - a common target for malware drops |
...\Desktop / Downloads | Standard personal folders inside each user profile |
Windows / PowerShell
| Command | Description |
|---|---|
Get-Process | List all running processes (PS) |
Stop-Process -Name notepad | Kill process by name (PS) |
Get-Service | Where Status -eq Running | List only running services (PS) |
systeminfo | OS version, RAM, hotfixes, uptime |
net user /domain | List domain users |
net localgroup administrators | List local admins |
Get-HotFix | Sort-Object InstalledOn -Descending | Installed Windows Updates and KBs, newest first |
Get-ExecutionPolicy | Check current PowerShell script execution policy |
Get-CimInstance Win32_OperatingSystem | select LastBootUpTime | When the system last rebooted |
Get-WinEvent -LogName Security -MaxEvents 50 | Recent Security event log entries (PS) |
RAID Types
| RAID | Method | Min Disks | Fault Tolerance |
|---|---|---|---|
| RAID 0 | Striping | 2 | None - any disk failure = total loss |
| RAID 1 | Mirroring | 2 | 1 disk failure tolerated |
| RAID 5 | Stripe + parity | 3 | 1 disk failure tolerated |
| RAID 6 | Stripe + dual parity | 4 | 2 disk failures tolerated |
| RAID 10 | Stripe of mirrors | 4 | 1 per mirror pair |
Backup Strategy Types
| Type | What It Backs Up | Speed | Restore |
|---|---|---|---|
| Full | All data every time | Slowest | Single set - fastest restore |
| Incremental | Changes since last backup (any) | Fastest | Need all incrementals + last full |
| Differential | Changes since last full only | Medium | Last full + latest differential |
| Snapshot | Point-in-time copy (CoW) | Instant | Instant rollback, storage overhead |
Windows Networking
| Command | Description |
|---|---|
ipconfig /all | Full adapter info including MAC address, DNS servers, DHCP lease, and gateway |
netstat -ano | All active TCP/UDP connections with associated PIDs (legacy but universal) |
Get-NetTCPConnection | Modern netstat equivalent - active TCP connections with state and owning process ID |
Get-DnsClientCache | View locally cached DNS records - useful for diagnosing stale or poisoned entries |
Get-NetRoute | Display the full routing table - equivalent to route print |
Get-NetAdapter | List physical and virtual network adapters with link speed and status |
(Invoke-RestMethod ipinfo.io/json).ip | Retrieve public egress IP address from PowerShell - no browser needed |
Restart-Computer -ComputerName "PC01" -Force | Remotely restart a machine by name - requires WinRM or admin share access |
Windows Storage & Services
| Command | Description |
|---|---|
Get-Disk | List all physical disks with size, partition style (MBR/GPT), and health status |
Get-Volume | Show all volumes with drive letter, filesystem, total size, and free space |
Get-PhysicalDisk | select FriendlyName, HealthStatus, OperationalStatus | SMART-based health status per physical disk - spot failing drives early |
Get-ChildItem C:\Path -Recurse | Measure-Object -Sum Length | Calculate total disk usage of a directory tree in bytes |
Get-Service | Where Status -eq Running | List only services currently in a Running state |
Get-Service | where Status -eq 'StartPending' | Find services stuck in Starting - indicates a hung or deadlocked service |
Restart-Service -Name sshd | Restart a named service by its service name (not display name) |
Get-CimInstance Win32_Service | select Name, PathName, StartMode | Service binary path and start mode - useful for spotting malicious service installs |
⑥
Logs & Monitoring
Linux logs · Windows Event IDs · Cron
Linux Log Paths
| Path / Command | Contents |
|---|---|
/var/log/auth.log | SSH logins, sudo, auth failures (Debian/Ubuntu) |
/var/log/secure | Same as auth.log on RHEL/CentOS |
/var/log/syslog | General system messages and daemon output |
/var/log/messages | Kernel + system messages (RHEL/CentOS) |
/var/log/kern.log | Kernel ring buffer messages |
/var/log/nginx/access.log | HTTP requests to Nginx web server |
/var/log/nginx/error.log | Nginx errors and connection issues |
/var/log/apache2/error.log | Apache web server errors |
/var/log/cron | Cron job execution history |
journalctl -u nginx | Systemd journal for a specific service |
journalctl -b -p err | All errors since last boot (systemd) |
Windows Event IDs
| Event ID | Log | Meaning |
|---|---|---|
| 4624 | Security | Successful logon |
| 4625 | Security | Failed logon attempt |
| 4648 | Security | Logon with explicit credentials (runas) |
| 4672 | Security | Special privileges assigned to new logon |
| 4688 | Security | New process created (process tracking) |
| 4720 | Security | User account created |
| 4740 | Security | Account locked out |
| 4776 | Security | DC validated credentials (NTLM) |
| 7045 | System | New service installed on the system |
| 1102 | Security | Audit log cleared - investigate immediately |
Log Query Tools
| Tool / Command | Use |
|---|---|
Event Viewer (eventvwr.msc) | Windows GUI for all event logs |
Get-WinEvent -LogName Security | PowerShell security log access |
grep "Failed" /var/log/auth.log | Filter failed SSH attempts |
last -n 20 | Last 20 logins from /var/log/wtmp |
lastb | Failed login attempts (/var/log/btmp) |
Cron Job Syntax
| Field | Range | Example | Meaning |
|---|---|---|---|
| Minute | 0-59 | 30 | At minute 30 |
| Hour | 0-23 | 14 | At 14:00 (2pm) |
| Day/Month | 1-31 | 1 | On the 1st of month |
| Month | 1-12 | */3 | Every 3 months |
| Day/Week | 0-7 | 1-5 | Mon-Fri (0=7=Sunday) |
* | any | * | Every value in field |
*/n | step | */15 | Every n units |
, | list | 1,15,30 | At specific values |
| Cron Expression | Schedule |
|---|---|
0 2 * * * | Every day at 02:00 |
*/5 * * * * | Every 5 minutes |
0 0 1 * * | First day of every month, midnight |
30 8 * * 1-5 | Weekdays at 08:30 |
0 */4 * * * | Every 4 hours on the hour |
@reboot /path/script | Run once at system startup |
0 3 * * 0 | Weekly Sunday at 03:00 |
0 12 1 1 * | Yearly - January 1st at noon |
⑦
Certificates & Firewall
OpenSSL · UFW · iptables
OpenSSL Certificate Commands
| Command | Purpose |
|---|---|
openssl x509 -in cert.pem -text -noout | Inspect cert: expiry, SAN, issuer, subject |
openssl req -new -key key.pem -out csr.pem | Generate CSR from existing private key |
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 | Self-signed cert with new 4096-bit RSA key |
openssl verify -CAfile ca.pem cert.pem | Verify cert chain against a CA bundle |
openssl s_client -connect host:443 | Test TLS handshake, view cert chain live |
openssl pkcs12 -export -out bundle.pfx | Export cert + key to PFX/PKCS12 format |
openssl dhparam -out dh.pem 2048 | Generate Diffie-Hellman params for TLS |
certbot renew --dry-run | Test Let's Encrypt auto-renewal (Certbot) |
certbot certonly --nginx -d example.com | Issue/renew cert for nginx domain |
UFW / iptables Rules
| Command | Action |
|---|---|
ufw enable | Activate UFW firewall |
ufw status verbose | Show all rules with details |
ufw allow 22/tcp | Allow SSH (TCP port 22) |
ufw allow from 10.0.0.0/8 | Allow all traffic from subnet |
ufw deny 23 | Block Telnet port |
ufw delete allow 80/tcp | Remove a specific allow rule |
iptables -L -n -v | List all iptables rules with packet counts |
iptables -A INPUT -p tcp --dport 443 -j ACCEPT | Accept HTTPS inbound traffic |
iptables -A INPUT -j DROP | Drop all other inbound (default deny) |
iptables-save > /etc/iptables.rules | Persist iptables rules across reboots |
⑧
DevOps Tools
Docker · Git · Kubernetes basics · IaC
Docker Essential Commands
| Command | Description |
|---|---|
docker build -t name:tag . | Build image from Dockerfile in current dir |
docker run -d -p 80:80 --name c nginx | Run detached container with port mapping |
docker ps -a | List all containers (running + stopped) |
docker exec -it <id> bash | Open interactive shell in running container |
docker logs -f <id> | Follow container log output |
docker stop <id> | Gracefully stop a container (SIGTERM) |
docker rm <id> | Remove stopped container |
docker images | List locally stored images |
docker rmi name:tag | Delete a local image |
docker pull nginx:alpine | Pull image from Docker Hub |
docker push registry/img:tag | Push image to registry |
docker-compose up -d | Start all services in docker-compose.yml |
docker system prune -af | Remove all unused containers, images, networks |
docker inspect <id> | Full JSON metadata for container/image |
Git Essentials
| Command | Description |
|---|---|
git init | Initialize new local repository |
git clone <url> | Clone remote repository locally |
git status | Show working tree and staging area status |
git add -p | Interactively stage chunks of changes |
git commit -m "message" | Commit staged changes with message |
git push origin main | Push local commits to remote |
git pull --rebase | Fetch and rebase onto remote changes |
git branch -a | List all local and remote branches |
git checkout -b feature/x | Create and switch to new branch |
git merge --no-ff feature/x | Merge feature branch, preserve history |
git stash pop | Apply most recent stash and remove it |
git log --oneline --graph | Compact visual branch history |
git reset HEAD~1 | Undo last commit, keep changes staged |
git revert <hash> | Create new commit that undoes a past commit |
DevOps Tool Landscape
| Category | Tools |
|---|---|
| Containers | Docker, Podman, containerd |
| Orchestration | Kubernetes, Docker Swarm, Nomad |
| CI/CD | GitHub Actions, GitLab CI, Jenkins, CircleCI |
| IaC | Terraform, Pulumi, CloudFormation, Bicep |
| Config Mgmt | Ansible, Chef, Puppet, SaltStack |
| Monitoring | Prometheus, Grafana, Datadog, New Relic |
| Logging | ELK Stack, Loki, Splunk, CloudWatch |
| Secrets | HashiCorp Vault, AWS Secrets Manager, SOPS |
⑨
Networking Deep Dive
DNS resolution · Cables · WiFi 802.11
DNS Resolution - 8-Step Process
| Step | Who Acts | What Happens |
|---|---|---|
| 1 | Browser / OS | Check local DNS cache (TTL-based). If hit, done. |
| 2 | OS | Check /etc/hosts (Linux) or C:\Windows\System32\drivers\etc\hosts |
| 3 | OS to Resolver | Query sent to configured recursive resolver (ISP or 8.8.8.8) |
| 4 | Resolver to Root | Resolver queries a root server (.) - 13 root server clusters |
| 5 | Resolver to TLD | Root refers resolver to .com / .org / .io TLD server |
| 6 | Resolver to Auth NS | TLD refers resolver to the authoritative nameserver for the domain |
| 7 | Auth NS responds | Returns A/AAAA record (the actual IP address) |
| 8 | Resolver caches | Stores result per TTL, returns to client. Client caches too. |
Cable Types
| Cable | Max Speed | Max Length | Notes |
|---|---|---|---|
| Cat5 | 100 Mbps | 100m | Obsolete, avoid for new installs |
| Cat5e | 1 Gbps | 100m | Minimum current standard |
| Cat6 | 10 Gbps | 55m | Common for new installs |
| Cat6A | 10 Gbps | 100m | 10G at full 100m distance |
| Cat7 | 10 Gbps | 100m | Shielded, proprietary connectors |
| Fiber MM | 10+ Gbps | 2km | Multimode, shorter runs, cheaper |
| Fiber SM | 100+ Gbps | 100km | Single-mode, long distance, datacenter |
| T568B | Std | - | Orange-wh, Orange, Green-wh, Blue… (standard) |
| T568A | Std | - | Crossover: swap pairs 2 and 3 from T568B |
WiFi 802.11 Standards
| Standard | Band | Max Speed | Notes |
|---|---|---|---|
| 802.11b | 2.4 GHz | 11 Mbps | Legacy, long range, slow |
| 802.11g | 2.4 GHz | 54 Mbps | Backward compat with b |
| 802.11n | 2.4/5 GHz | 600 Mbps | MIMO, dual band - WiFi 4 |
| 802.11ac | 5 GHz | 3.5 Gbps | Wave 2, MU-MIMO - WiFi 5 |
| 802.11ax | 2.4/5/6 GHz | 9.6 Gbps | OFDMA, BSS coloring - WiFi 6/6E |
| 802.11be | 2.4/5/6 GHz | 46 Gbps | Multi-link operation - WiFi 7 |
Cloud Service Models
| Model | You Manage | Examples |
|---|---|---|
| IaaS | OS, runtime, apps, data | AWS EC2, Azure VMs, GCP Compute |
| PaaS | App and data only | Heroku, Azure App Service, App Engine |
| SaaS | Nothing (just use it) | Office 365, Salesforce, Gmail |
| FaaS | Code only | AWS Lambda, Azure Functions, Cloud Run |
⑩
Cloud Platforms - AWS & Azure
Core services · IAM · VNet/VPC · Shared responsibility
AWS Core Services
| Service | Category | What it Does |
|---|---|---|
EC2 | Compute | Virtual machines - pay-as-you-go, reserved, or spot pricing |
Lambda | Compute | Serverless functions - event-driven, pay-per-execution |
ECS / EKS | Containers | ECS = managed containers; EKS = managed Kubernetes |
S3 | Storage | Object storage - 11-nines durability, unlimited scale |
EBS | Storage | Block storage volumes attached to EC2 instances |
EFS | Storage | Managed NFS for Linux - shared across multiple EC2s |
RDS | Database | Managed SQL DB - MySQL, Postgres, SQL Server, Oracle, Aurora |
DynamoDB | Database | Fully managed NoSQL - key-value and document model |
VPC | Networking | Isolated virtual network with subnets, route tables, NACLs, SGs |
Route 53 | Networking | DNS + health checks + routing policies (failover, latency, geo) |
CloudFront | Networking | CDN with 400+ PoPs, caches S3/EC2 content globally |
IAM | Security | Users, groups, roles, and policies for access control |
CloudWatch | Monitoring | Metrics, logs, alarms, dashboards for all AWS services |
CloudFormation | IaC | Infrastructure as Code using JSON/YAML templates |
Azure Core Services
| Service | Category | What it Does |
|---|---|---|
| Virtual Machines | Compute | IaaS VMs - VM Scale Sets for autoscaling, Availability Zones for HA |
| App Service | Compute | PaaS web hosting - no OS management, built-in autoscale, deployment slots |
| Azure Functions | Compute | Serverless event-driven code - pay-per-execution |
| ACI / AKS | Containers | ACI = serverless containers; AKS = managed Kubernetes cluster |
| Blob Storage | Storage | Object store - Hot/Cool/Archive tiers, lifecycle management |
| Azure Disk | Storage | Managed disks: Standard HDD, Standard SSD, Premium SSD |
| Azure Files | Storage | Managed SMB/NFS file shares - cloud and hybrid use |
| Azure SQL / Cosmos DB | Database | Managed SQL; Cosmos = multi-model NoSQL (DynamoDB equivalent) |
| VNet | Networking | Isolated virtual network with subnets, NSGs, route tables, peering |
| Azure DNS | Networking | Host DNS zones, manage records, private DNS zones for VNets |
| Azure CDN / Front Door | Networking | CDN delivery + global load balancing with WAF |
| Azure AD (Entra ID) | Identity | Cloud identity: users, groups, MFA, SSO, Conditional Access |
| Azure Monitor | Monitoring | Metrics, Log Analytics workspace, alerts, Application Insights |
| ARM Templates / Bicep | IaC | JSON/Bicep Infrastructure as Code for Azure resources |
AWS vs Azure Service Mapping
| AWS | Azure | Category |
|---|---|---|
EC2 | Virtual Machines | Compute |
Lambda | Azure Functions | Serverless |
ECS / EKS | ACI / AKS | Containers |
S3 | Blob Storage | Object Store |
EBS | Azure Disk | Block Storage |
EFS | Azure Files | File Share |
RDS | Azure SQL Database | Managed SQL |
DynamoDB | Cosmos DB | NoSQL DB |
VPC | VNet | Networking |
Security Groups | NSG (Network Security Group) | Firewall |
Route 53 | Azure DNS | DNS |
CloudFront | Azure CDN / Front Door | CDN |
IAM | Azure AD + RBAC | Identity |
CloudWatch | Azure Monitor | Monitoring |
CloudFormation | ARM Templates / Bicep | IaC |
Direct Connect | ExpressRoute | Private Link |
AWS VPN Gateway | Azure VPN Gateway | VPN |
AWS Config | Azure Policy | Compliance |
Azure RBAC Built-in Roles
| Role | Read | Grant | Create/Del | Scope |
|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | Full control of all resources |
| Contributor | ✓ | ✓ | All actions except access grants | |
| Reader | ✓ | View only, no changes | ||
| User Access Admin | ✓ | ✓ | Manage user access only | |
| Global Admin (AAD) | - | - | - | All Azure AD resources |
| User Admin (AAD) | - | - | - | Users, groups, passwords |
AWS vs Azure Pricing
| Model | AWS | Azure |
|---|---|---|
| Pay-as-you-go | On-Demand | Pay-as-you-go |
| Reserved (1-3yr) | Reserved Instances | Reserved Instances |
| Spot / Preemptible | Spot Instances | Spot VMs (up to 90% off) |
| Savings Plans | Compute Savings Plans | Azure Savings Plan |
| Ingress | Free | Free |
| Egress | Charged (per GB) | Charged (per GB out) |
Shared Responsibility Model
| Layer | On-Premises | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Physical DC / Hardware | YOU | Provider | Provider | Provider |
| Hypervisor / Host OS | YOU | Provider | Provider | Provider |
| Guest OS / Runtime | YOU | YOU | Provider | Provider |
| Middleware / Application | YOU | YOU | YOU (app) | Provider |
| Data / Content | YOU | YOU | YOU | YOU |
| Network Configuration | YOU | Shared | Shared | Provider |
| Identities / Accounts | YOU | YOU | YOU | YOU |
VNet / VPC Key Concepts
| Concept | AWS (VPC) | Azure (VNet) |
|---|---|---|
| Address Space | CIDR block (e.g. 10.0.0.0/16) | CIDR block, can add multiple prefixes |
| Subnets | Public (IGW route) / Private | Any subnet - NSG controls inbound/outbound |
| Firewall (stateful) | Security Groups (instance level) | Network Security Groups (NSG) |
| Firewall (stateless) | NACLs (subnet level) | NSG has stateful rules, no separate NACL |
| Peering | VPC Peering (same/cross-region) | VNet Peering / Global VNet Peering |
| Private WAN | Direct Connect | ExpressRoute |
| VPN | AWS VPN Gateway | Azure VPN Gateway |
| NAT | NAT Gateway (managed, per-AZ) | NAT Gateway (managed) |
| DNS | Route 53 / VPC DNS (169.254.169.253) | Azure DNS / Private DNS Zones |
| Flow Logs | VPC Flow Logs to S3/CloudWatch | NSG Flow Logs to Storage/Log Analytics |
HA vs Fault Tolerance vs Disaster Recovery
| Concept | Goal | Downtime | AWS Example | Azure Example |
|---|---|---|---|---|
| High Availability | Keep running despite single failures | Minutes (auto-heal) | Multi-AZ RDS, ALB across AZs | Availability Zones, Azure Load Balancer |
| Fault Tolerance | Zero downtime, no errors, continuous | Near zero | S3 (11-nines), DynamoDB, Global Tables | Cosmos DB, Storage LRS/ZRS/GRS |
| Disaster Recovery | Restore after regional catastrophe | Hours (RTO goal) | Pilot light, warm standby, multi-region | Azure Site Recovery, geo-replication |
RPO (Recovery Point Objective) = max acceptable data loss in time. RTO (Recovery Time Objective) = max acceptable downtime after disaster.
⑪
Resources & Tools
Communities · Core tools · Diagnostics
Communities & Learning
| Resource | URL / Location | What it Covers |
|---|---|---|
| r/sysadmin · r/linux · r/linuxadmin · r/netsec | reddit.com | Community Q&A, incident threads, war stories, tooling discussions |
| Brutalist Report | brutalist.report | Daily tech & security headlines, aggregated and unformatted |
| Microsoft Learn | learn.microsoft.com | Free official docs, learning paths, and certifications for Azure, Windows, and M365 |
| O'Reilly Topics | oreilly.com/topics | Broad technical learning - books, videos, courses |
| Ask Ubuntu | askubuntu.com | Ubuntu-focused Q&A, highly indexed by search engines |
| DigitalOcean Tutorials | digitalocean.com | Clear, practical guides for Linux, OSS, and infra topics |
| ServerFault | serverfault.com | Stack Exchange for professional sysadmins and network engineers |
Core Tools
| Tool | URL / Source | What it Does |
|---|---|---|
| MX Toolbox | mxtoolbox.com | DNS, mail, SPF / DMARC / DKIM checks in one place |
| Sysinternals Suite | Microsoft / learn.microsoft.com | Windows diagnostics & troubleshooting (Process Monitor, Autoruns, TCPView…) |
| PuTTY | putty.org | SSH, Telnet, serial - still essential for Cisco and console work |
| WinSCP | winscp.net | Fast file transfer over FTP / SFTP / SSH with GUI |
| Angry IP Scanner / Advanced IP Scanner | angryip.org | Quick network sweeps - host discovery and port scan |
| WinDbg | Microsoft Store / WDK | Windows kernel and crash dump debugging |
| Wireshark | wireshark.org | Packet capture and deep protocol analysis |
| Rufus | rufus.ie | Write bootable USB images (ISO → USB) on Windows |
| Nmap | nmap.org | Network scanning, host discovery, OS fingerprinting, port enumeration |
| OpenSSL | openssl.org | TLS, certificate generation, cert inspection, and crypto utilities |
| Git | git-scm.com | Version control for scripts, configs, and infrastructure-as-code |
| Crontab Guru | crontab.guru | Cron expression editor and validator - instant visual feedback |
| cheat.sh | cheat.sh | Instant CLI cheatsheets from the terminal: curl cheat.sh/tar |
| End-of-Life Info | endoflife.date | Support and EoL timelines for OS, runtimes, databases, and tools |
Diagnostics & Security
| Tool | URL | What it Does |
|---|---|---|
| WhatIsMyIPAddress | whatismyipaddress.com | IP lookup with strong GeoIP resolution - useful for egress verification |
| Cloudflare Speed Test | speed.cloudflare.com | Clean download / upload / latency test - no ads, no Flash |
| VirusTotal | virustotal.com | Malware and URL scanning across 60+ antivirus engines simultaneously |
| ANY.RUN | app.any.run | Interactive sandbox for malware and phishing analysis - watch execution live |
No results found. Try a different search term.