Computer keyboard

< (same as 0<)

0

Computer monitor

> (same as 1>)

1

STDERR

2>

2

(same as 1>)

Redirects STDOUT. If redirection is to a file, the current contents of that file are overwritten.

(same as 1>>)

Redirects STDOUT. If output is written to a file, the output is appended to that file.

Redirects STDERR.

Redirects STDERR to the same destination as STDOUT. Notice that this has to be used in combination with normal output redirection, as in ls whuhiu > errout 2>&1.

(same as 0<)

Redirects STDIN.

Switches from input mode to command mode. Press this key before typing any command.

Switches from command mode to input mode at (i) or after (a) the current cursor position.

Opens a new line below the current cursor position and goes to input mode.

Writes the current file and quits.

Quits the file without applying any changes. The ! forces the command to do its work. Only add the ! if you really know what you are doing.

Writes the current file with a new filename.

Deletes the current line.

Copies the current line.

Pastes the current selection.

Enters visual mode, which allows you to select a block of text using the arrow keys. Use d to cut the selection or y to copy it.

Undoes the last command. Repeat as often as necessary.

Redoes the last undo.

Goes to the first line in the document.

Goes to the last line in the document.

Searches for text from the current cursor position forward.

Searches for text from the current cursor position backward.

Goes to the first position in the current line.

Goes to the last position in the current line.

Adds the output of ls (or any other command) in the current file.

Replaces all occurrences of old with new.

/

/boot

/dev

/etc

/home

/media, /mnt

/opt

/proc

/root

/run

/srv

/sys

/tmp

/usr

/var

Opens the text file in a pager, which allows for easy reading of the text file

Dumps the contents of the text file on the screen

Shows the first ten lines of the text file

Shows the last ten lines of the text file

Used to filter specific columns or characters from a text file

Sorts the contents of a text file

Counts the number of lines, words, and characters in a file

Matches line that starts with specified text.

Matches line that ends with specified text.

Wildcard. (Matches any single character.)

Matches a, b, or c.

Matches zero to an infinite number of the previous character.

Matches exactly two of the previous character.

Matches a minimum of one and a maximum of three of the previous character.

Matches zero or one of the previous character. This makes the previous character optional, which in this example would match both color and colour.

Not case sensitive. Matches upper- and lowercase letters.

Only shows lines that do not contain the regular expression.

Searches files in the current directory and all subdirectories.

Searches for lines matching more than one regular expression.

Shows <number> of lines after the matching regular expression.

Shows <number> of lines before the matching regular expression.

Verbose; shows in detail what is happening while establishing the connection

Enables support for graphical applications

Used to connect to an SSH service that is not listening on the default port 22

Synchronizes the entire directory tree

Also synchronizes symbolic links

Preserves symbolic links

Performs only a dry run, not actually synchronizing anything

Uses archive mode, thus ensuring that entire subdirectory trees and all file properties will be synchronized

Uses archive mode, and in addition synchronizes ACLs

Synchronizes SELinux context as well

Opens a subshell as a different user, with the advantage that commands are executed as root only in the subshell

Enables you to set up an environment where specific tasks are executed with administrative privileges

Enables you to set up graphical utilities to run with administrative privileges

Read

Write

Execute

Read

Write

Execute

SUID

User executes file with permissions of file owner.

No meaning.

SGID

User executes file with permissions of group owner.

Files created in directory get the same group owner.

Sticky bit

No meaning.

Prevents users from deleting files from other users.

0

Everything

1

Read and write

2

Read

3

Read

4

Write

5

Write

6

Nothing

7

Nothing

0

32

64

96

128

160

192

224

The label used as an identifier in the repository file.

Specifies the name of the repository.

Refers to a URL where information about mirror servers for this server can be obtained. Typically used for big online repositories only.

Refers to the base URL where the RPM packages are found.

Set to 1 if a GNU Privacy Guard (GPG) integrity check needs to be performed on the packages. If set to 1, a GPG key is required.

Specifies the location of the GPG key that is used to check package integrity.

Search for the exact name of a package

Perform a deep search in the package to look for specific files within the package

Provide more information about the package

Install the package

Remove the package

List all or installed packages

List package groups

Install all packages from a group

Update packages specified

Remove all stored metadata

The default package format. Contains files, as well as metadata that describes how to install the files. Optionally may contain pre- and post-installation scripts as well.

A delivery mechanism to install RPM packages. In a module different versions and profiles can be provided.

A specific version of the module.

A collection of packages that are installed together for a particular use case.

Uses a filename as its argument to find the specific RPM package a file belongs to.

Uses the RPM database to provide a list of files in the RPM package.

Uses the RPM database to provide package information (equivalent to yum info).

Uses the RPM database to show all documentation that is available in the package.

Uses the RPM database to show all configuration files that are available in the package.

Uses the RPM database to show scripts that are used in the package. This is particularly useful if combined with the -p option.

The -p option is used with all the previously listed options to query individual RPM package files instead of the RPM package database. Using this option before installation helps you find out what is actually in the package before it is installed.

Shows dependencies for a specific package.

Shows which parts of a specific package have been changed since installation.

Verifies all installed packages and shows which parts of the package have been changed since installation. This is an easy and convenient way to do a package integrity check.

Lists all packages that are installed on this server.

Starts the command immediately in the background.

Stops the job temporarily so that it can be managed. For instance, it can be moved to the background.

Sends the End Of File (EOF) character to the current job to indicate that it should stop waiting for further input.

Can be used to cancel the current interactive job.

Continues the job that has just been frozen using Ctrl-Z in the background.

Brings back to the foreground the last job that was moved to background execution.

Shows which jobs are currently running from this shell. Displays job numbers that can be used as an argument to the commands bg and fg.

The process is currently active and using CPU time, or in the queue of runnable processes waiting to get services.

The process is waiting for an event to complete.

The process is in a sleep state that cannot be stopped. This usually happens while a process is waiting for I/O.

The process has been stopped, which typically has happened to an interactive shell process, using the Ctrl-Z key sequence.

The process has been stopped but could not be removed by its parent, which has put it in an unmanageable state.

The best compromise between power usage and performance

Based on the balanced profile, but tuned for better response to interactive applications

Tuned for maximum throughput

Based on latency-performance, but with additional options to reduce network latency

Based on throughput-performance, optimizes older CPUs for streaming content

Tunes for maximum power saving

Tunes for maximum throughput

Optimizes Linux for running as a virtual machine

Optimizes Linux for use as a KVM host

The unit file has been processed and the unit is active.

The unit is running with one or more active processes.

The unit has successfully completed a one-time run.

The unit is running and waiting for an event.

The unit is not running.

The unit will be started at boot time.

The unit will not be started at boot time.

The unit cannot be enabled but may be started by another unit automatically.

Shows only service units

Shows all active service units (same result as the previous command)

Shows inactive service units as well as active service units

Shows all services that have failed

Shows detailed status information about services

The most commonly used log file, it is the generic log file where most messages are written to.

Contains kernel log messages.

Contains authentication-related messages. Look here to see which authentication errors have occurred on a server.

Look here for messages that are related to system startup.

Contains audit messages. SELinux writes to this file.

Look here for mail-related messages.

Provides log files for the Samba service. Notice that Samba by default is not managed through rsyslog, but writes directly to the /var/log directory.

Contains messages that have been written by the sssd service, which plays an important role in the authentication process.

Contains log messages that were generated by the print service CUPS.

Directory that contains log files that are written by the Apache web server. Notice that Apache writes messages to these files directly and not through rsyslog.

Messages related to authentication.

Messages generated by the crond service.

Generic facility that can be used for nonspecified daemons.

Kernel messages.

Messages generated through the legacy lpd print system.

Email-related messages.

Special facility that can be used to write a marker periodically.

Messages generated by the NNTP news system.

Same as auth/authpriv. Should not be used anymore.

Messages generated by the syslog system.

Messages generated in user space.

Messages generated by the legacy UUCP system.

Messages generated by services that are configured by any of the local0 through local7 facilities.

Debug messages that will give as much information as possible about service operation.

Informational messages about normal service operation.

Informational messages about items that might become an issue later.

Something is suboptimal, but there is no real error yet.

A noncritical error has occurred.

A critical error has occurred.

Used when the availability of the service is about to be discontinued.

Message generated when the availability of the service is discontinued.

/dev/sda

A hard disk that uses the SCSI driver. Used for SCSI and SATA disk devices. Common on physical servers but also in VMware virtual machines.

The first hard disk on an NVM Express (NVMe) interface. NVMe is a server-grade method to address advanced SSD devices. Note at the end of the device name that the first disk in this case is referred to as n1 instead of a (as in common with the other types).

The (legacy) IDE disk device type. You will seldom see this device type on modern computers.

A disk in a KVM virtual machine that uses the virtio disk driver. This is the common disk device type for KVM virtual machines.

A disk in a Xen virtual machine that uses the Xen virtual disk driver. You see this when installing RHEL as a virtual machine in Xen virtualization. RHEL 8 cannot be used as a Xen hypervisor, but you might see RHEL 8 virtual machines on top of the Xen hypervisor using these disk types.

The default file system in RHEL 8.

The default file system in previous versions of RHEL; still available and supported in RHEL 8.

The previous version of Ext4. On RHEL 8, there is no need to use Ext3 anymore.

A very basic file system that was developed in the early 1990s. There is no need to use this file system on RHEL 8 anymore.

A relatively new file system that is not supported in RHEL 8.

A Windows-compatible file system that is not supported on RHEL 8.

A file system that offers compatibility with Windows and Mac and is the functional equivalent of the FAT32 file system. Useful to use on USB thumb drives that are used to exchange data with other computers but not on a server’s hard disks.

The device that must be mounted. A device name, UUID, or label can be used.

The directory or kernel interface where the device needs to be mounted.

The file system type.

Mount options.

Use 1 to enable support to back up using the dump utility. This may be necessary for some backup solutions.

Specifies whether the file system should be checked automatically when booting. Use 0 to disable automated check, 1 if this is the root file system and it has to be checked automatically, and 2 for all other file systems that need automatic checking while booting. Network file systems should have this option set to 0.

The file system will [not] be mounted automatically.

Adds support for file system access control lists (see Chapter 7, “Permissions Management”).

Adds support for user-extended attributes (see Chapter 7).

Mounts the file system in read-only mode.

Disables or enables access time modifications.

Denies or allows execution of program files from the file system.

Use this to mount a network file system. This tells fstab to wait until the network is available before mounting this file system.

Creates physical volumes

Shows a summary of available physical volumes

Shows a list of physical volumes and their properties

Removes the physical volume signature from a block device

Creates volume groups

Shows a summary of available volume groups

Shows a detailed list of volume groups and their properties

Removes a volume group

Creates logical volumes

Shows a summary of all available logical volumes

Shows a detailed list of available logical volumes and their properties

Removes a logical volume

Lists currently loaded kernel modules

Displays information about kernel modules

Loads kernel modules, including all of their dependencies

Unloads kernel modules, considering kernel module dependencies

Hardware configuration (F2, Esc, F10, or another key).

Replace hardware.

BIOS/UEFI configuration or hardware boot menu.

Replace hardware or use rescue system.

grub2-install and edits to /etc/defaults/grub.

GRUB boot prompt and edits to /etc/defaults/grub, followed by grub2-mkconfig.

Edits to the GRUB configuration and /etc/dracut.conf.

GRUB boot prompt and edits to /etc/defaults/grub, followed by grub2-mkconfig.

Compiled into initramfs.

init= kernel boot argument, rd.break kernel boot argument.

Compiled into initramfs.

Not typically required.

Edits to the /etc/fstab file.

Edits to the /etc/fstab file.

Using systemctl set-default to create the /etc/systemd/system/default.target symbolic link

Start the rescue.target as a kernel boot argument.

Defines the TCP listening port.

Indicates whether to allow or disallow root login.

Specifies the maximum number of authentication tries. After reaching half of this number, failures are logged to syslog.

Indicates the maximum number of sessions that can be open from one IP address.

Specifies a space-separated list of users who are allowed to connect to the server.

Specifies whether to allow password authentication. This option is on by default.

Indicates whether authentication through the GSSAPI needs to be enabled. Used for Kerberos-based authentication.

Specifies whether or not to clean up inactive TCP connections.

Specifies the interval, in seconds, that packets are sent to the client to figure out if the client is still alive.

Specifies the number of client alive packets that need to be sent.

If on, uses DNS name lookup to match incoming IP addresses to names.

Specifies the interval, in seconds, that a client sends a packet to a server to keep connections alive.

Specifies the maximum number of packets a client sends to a server to keep connections alive.

A collection of rules that define which source has access to which target.

The object that is trying to access a target. Typically a user or a process.

The thing that a source domain is trying to access. Typically a file or a port.

A security label that is used to categorize objects in SELinux.

A specific part of the policy that determines which source domain has which access permissions to which target domain.

Same as a context label, defined to determine which source domain has access to which target domain.

Incoming network connections are rejected with an “icmp-host-prohibited” message. Only network connections that were initiated on this system are allowed.

For use on computers in the demilitarized zone. Only selected incoming connections are accepted, and limited access to the internal network is allowed.

Any incoming packets are dropped and there is no reply.

For use on external networks with masquerading (Network Address Translation [NAT]) enabled, used especially on routers. Only selected incoming connections are accepted.

For use with home networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

For use in internal networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

For use in public areas. Other computers in the same network are not trusted, and limited connections are accepted. This is the default zone for all newly created network interfaces.

All network connections are accepted.

For use in work areas. Most computers on the same network are trusted, and only selected incoming connections are accepted.

Lists all available zones

Shows the zone currently set as default zone

Changes the default zone

Shows all available services

Shows services currently in use

Adds a service to the current default zone or the zone that is specified

Removes a service from the configuration

Lists all configurations in a zone

Adds a port and protocol

Removes a port from the configuration

Adds an interface to the default zone or a specific zone that is specified

Removes an interface from a specific zone

Adds a specific IP address

Removes an IP address from the configuration

Writes configuration to disk and not to runtime

Reloads the on-disk configuration

The hardware clock that resides on the main card of a computer system

Same as the hardware clock

The time that is maintained by the operating system

Similar to system time

A worldwide standard time

Calculation that is made to change time automatically when DST changes occur

The time that corresponds to the time in the current time zone

Manages local time

Manages hardware time

Developed to manage all aspects of time on RHEL 8

Shows current time settings

Sets the current time

Sets the current time zone

Shows a list of all time zones

Controls whether the RTC (the real-time clock, normally referred to as the hardware clock) is in local time

Controls whether NTP is enabled