I’m Ops guy at heart - I tend to learn by doing

https://shell.cloud.google.com/

I’ve been using the shell to just get sharper at understanding when where and why to write certain commands - think of this as a living breathing wiki.

I like to believe anything can be tackled with a bit of practice and the 20/80 rule - most problems have been solved before - which is great! That just means you have to take a little effort to internalize things.

I think there are some classic tasks anyone working with the shell should know how to do

1. Verify identity & host — whoami && hostname && uptime Why: confirm you’re on the right machine and check load. Real-world: check your badge & dashboard before touching equipment.

2. Current working dir & disk free — pwd; df -h . Why: know where you are and filesystem free space for current path. Parallel: check your workstation table and fuel gauge.

3. Show top CPU/mem processes — ps -eo pid,cmd,%cpu,%mem --sort=-%cpu | head -n 12 Why: find runaway processes quickly. Parallel: spot the machine hog in a rack.

4. Live interactive monitor — top or htop Why: live view of processes, CPU, memory, load. Parallel: a live camera on the assembly line.

5. Check system logs (journal) — journalctl -n 200 --no-pager Why: recent system-level events (boots, crashes). Parallel: read the last few pages of the maintenance logbook.

6. Tail an app log — tail -F /var/log/myapp.log Why: watch logs in real time during deploys or tests. Parallel: listen to the machine’s heartbeat.

7. Count recent ERRORs — tail -n 1000 /var/log/syslog | grep -cE "ERROR|CRITICAL" Why: quick metric for severity spike. Parallel: count how many failed items on the line.

8. Find top erroring services — tail -n 2000 /var/log/syslog | grep -Eo '([A-Za-z0-9_.+-]+)\[[0-9]+\]' | sed 's/\[.*//' | sort | uniq -c | sort -nr | head Why: identify the service that’s spamming errors. Parallel: which machine pulls the fire alarm most.

9. Disk usage by directory — du -sh /var/* 2>/dev/null | sort -hr | head -n 20 Why: find directories using most space. Parallel: which storeroom has the most pallets.

10. Largest files on filesystem — sudo find / -xdev -type f -printf '%s %p\n' 2>/dev/null | sort -nr | head -n 20 | awk '{printf "%.1f MB\t%s\n",$1/1024/1024,$2}' Why: locate big files before disk full issues. Parallel: find the oversized boxes blocking the aisle.

11. Recently modified files — find /var -type f -mtime -1 -ls 2>/dev/null | head -n 50 Why: detect recent changes to config/logs. Parallel: check which machines were serviced in last 24h.

12. Inode usage — df -i Why: avoid inode exhaustion (many small files). Parallel: number of slots on the shelf, not total volume.

13. Find many small files dir — find /path -maxdepth 2 -type d -exec bash -c 'echo -n "{}: "; find "{}" -type f | wc -l' \; | sort -nr -k2 | head Why: identify dirs with too many files (backup pain). Parallel: a warehouse full of tiny screws.

14. Check open deleted files — sudo lsof +L1 Why: processes holding deleted files still use space. Parallel: boxes tossed out but still attached to machines.

15. Who’s listening (sockets) — ss -tuln Why: verify expected services are bound to ports. Parallel: which doors are open in the building.

16. Check specific port/service health — curl -fsS -m 5 http://127.0.0.1:8080/health || echo "failed" Why: quick HTTP health probe. Parallel: take the pulse of a service.

17. DNS resolution test — dig +short example.com A Why: confirm DNS answers correctly. Parallel: check the address book returns the right warehouse address.

18. Traceroute / network path — tracepath 8.8.8.8 Why: see hops/latency to a remote host. Parallel: follow the delivery route to troubleshoot delays.

19. Check firewall rules — sudo iptables -L -n or sudo nft list ruleset Why: ensure traffic allowed or blocked as intended. Parallel: confirm which doors are locked.

20. Test TLS expiry — echo | openssl s_client -connect host:443 2>/dev/null | openssl x509 -noout -dates Why: check certificate expiry to avoid downtime. Parallel: check the passport expiration before travel.

21. Check service status — systemctl status <service> Why: health and start logs for a systemd unit. Parallel: pull up the service’s maintenance log.

22. Tail unit logs — journalctl -u <service> -n 200 --no-pager Why: focus on a single service’s history. Parallel: read the operator’s notes for that machine.

23. Restart service (safe) — sudo systemctl restart <service> && sudo systemctl status <service> Why: controlled restart then verify. Parallel: power-cycle a misbehaving piece of equipment and verify.

24. Check cron jobs — crontab -l; ls -l /etc/cron.* Why: ensure scheduled jobs exist and are running. Parallel: check the scheduled maintenance roster.

25. Check package versions — dpkg -l | head or rpm -qa | head Why: confirm software versions for troubleshooting. Parallel: check model numbers of components.

26. Check for available updates — sudo apt update && apt list --upgradable Why: plan security/patch windows. Parallel: list pending firmware updates.

27. Disk SMART health — sudo smartctl -a /dev/sda Why: detect failing disks early. Parallel: check the drive’s heartbeat for impending failure.

28. LVM status — sudo lvdisplay && sudo vgdisplay Why: verify logical volumes and free space. Parallel: check virtual storage partitions in the warehouse.

29. Mount points & fstab — mount | column -t and cat /etc/fstab Why: ensure expected mounts are present and persistent. Parallel: check whether storage racks are attached correctly.

30. Check NFS mounts & stats — mount | grep nfs and df -h /path/to/nfs Why: verify network storage availability. Parallel: ensure shared shelving is accessible.

31. Find broken symlinks — find / -type l ! -exec test -e {} \; -print 2>/dev/null | head -n 50 Why: stale symlinks can break services. Parallel: map pointing to a shelf that no longer exists.

32. World-writable files (audit) — sudo find / -perm -0002 -type f -printf '%M %u %g %p\n' 2>/dev/null | head -n 50 Why: security hygiene (unexpected writable files). Parallel: doors unlocked in restricted rooms.

33. Setuid/setgid binaries — sudo find / -perm /6000 -type f -printf '%M %u %g %p\n' 2>/dev/null Why: audit privileged binaries that can escalate access. Parallel: machines with master keys attached.

34. Orphaned files (no owner/group) — sudo find / -nouser -o -nogroup -print 2>/dev/null | head Why: leftover files after user deletion — security/cleanup. Parallel: orphaned crates with no owner sticker.

35. Find core dumps — sudo find / -type f -iname 'core*' -o -iname '*.core' 2>/dev/null | head Why: crash artifacts and debugging clues. Parallel: broken parts left after a machine fails.

36. Search file contents for secrets (careful) — sudo grep -RIn --exclude-dir={/proc,/sys,/dev} 'BEGIN RSA PRIVATE KEY\|AKIA' / 2>/dev/null | head Why: detect accidentally committed secrets (rotate if found). Parallel: detect leaked keys to the safe.

37. Duplicate files (potential reclaim) — fdupes -r /path || echo "install fdupes" Why: reclaim space by deduping (inspect before deleting). Parallel: two identical pallets stored twice.

38. Check recently created files — find /var/log -type f -ctime -1 -ls Why: spot new logs/configs after a deploy. Parallel: note new shipment arrivals.

39. Count files in directory — find /var/log -maxdepth 1 -type f | wc -l Why: detect directories with explosion of files. Parallel: one shelf suddenly overflowing.

40. Find files >100MB — find / -xdev -type f -size +100M -printf '%s %p\n' 2>/dev/null | sort -nr | head Why: identify unusually large files quickly. Parallel: oversized crates creating storage issues.

41. Check open ports & connections — ss -s && ss -tupan Why: summarize socket usage and active connections. Parallel: overall traffic and open doors.

42. View process FD usage — ls -l /proc/<PID>/fd (or lsof -p <PID>) Why: find files a process is using (logs, sockets). Parallel: what tools an operator currently has open.

43. Check file descriptors per process (leak detection) — for p in $(ps -e -o pid=); do echo -n "$p "; ls /proc/$p/fd 2>/dev/null | wc -l; done | sort -n -k2 -r | head Why: spot FD leaks. Parallel: see who left too many doors open.

44. Restart vs reload — sudo systemctl reload <service> (if supported) or restart Why: prefer reload for config changes when service supports it. Parallel: adjust settings without powering full cycle.

45. Reopen logs (logrotate safe) — kill -HUP <pid> (daemon that supports reopen) Why: make daemons reopen log files after rotation. Parallel: tell a machine to switch to a fresh logbook.

46. Rotate logs manually — mv /var/log/myapp.log /var/log/myapp.log.1 && kill -USR1 <pid> Why: emergency rotation if disk filling fast. Parallel: archive the current ledger and start a new one.

47. Atomic write pattern — echo '{"ok":true}' | (tmp=$(mktemp /tmp/out.tmp.XXXX) && cat >"$tmp" && mv "$tmp" /tmp/out.json) Why: avoid half-written files visible to readers. Parallel: stage a crate behind the curtain, then roll it into place.

48. Create a temporary directory for safe ops — tmpdir=$(mktemp -d) && echo $tmpdir Why: ephemeral workspace that’s unique and secure. Parallel: use a temporary workbench rather than the production table.

49. Check crontab health / last run — grep -R "cron" /var/log/* 2>/dev/null | tail -n 50 Why: see cron jobs’ recent outputs and failures. Parallel: confirm scheduled maintenance actually ran.

50. Minimal incident runbook template (capture quickly) — `cat > ~/incident-$(date +%FT%T).md <<'MD' && sed -n '1,20p' ~/incident-*.md

Rubber Ducking

I think a lot of the paranoia around shell scripting - from yours truly included comes from simply never having written these commands - so you have no mental model. No matter how smart you are - you need some degree of muscle memory: I’d hate to have a surgeon who never had to use a scalpel decide to use one on me today…

Keeping that in mind - I intend little by little to work up from practicing basic stuff to learning how to classic triage scripts and then we can keep working our way through classic issues. Perhaps this blog would be better off as a book?