linux fixes you can inspect first

Fix the Linux problem in front of you.

Short, copyable commands for common Linux, hosting, server, and terminal problems. Every published fix includes safety notes, when not to use it, and simulated output from a disposable demo environment.

Current library

85 checked one-liners across Linux basics, web hosting, dangerous commands, and server triage.

85/85 commands have disposable demo output.

verified fixes

Start here

Linux Survival Basics safe

Find the Files Eating Your Disk

The disk was full, but guessing at folders was the slow part.

find /var -type f -printf '%s %p\n' | sort -nr | head -20
Linux Survival Basics safe

Find Errors Before Reading Every Log Line

The error was in the log. The problem was finding it without reading noise.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
Linux Survival Basics safe

Find the Exact Log Line Before You Scroll

The error was there. The useful part was knowing exactly where it was.

grep -inE 'error|failed|denied|timeout' /var/log/nginx/error.log
Linux Survival Basics safe

Show Only Recent Errors

The log had old failures too. I only cared about the newest ones.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -10
Dangerous Commands caution

Preview What Rsync Would Delete

`rsync --delete` is useful. It is also how people erase the wrong side.

rsync -avhn --delete ./source/ ./backup/ | grep '^deleting'
Linux Survival Basics safe

Check Owner and Mode in One Line

The file existed. The owner and mode explained why it still failed.

stat -c '%A %U:%G %n' /var/www/example/index.html
Linux Survival Basics safe

Find the Processes Using Memory

The server felt slow. Memory pressure was the first thing to rule out.

ps -eo pid,comm,%mem,%cpu --sort=-%mem | head
Linux Survival Basics safe

Show Big Files in Human Units

Byte counts are precise. Human units are faster under pressure.

find /var -type f -printf '%s %p\n' | sort -nr | head -10 | awk '{printf "%.1f MB %s\n", $1/1024/1024, $2}'
Apple Terminal safe

Find Large Files Inside a Project

Before committing, check whether a huge video, build artifact, or export slipped into your repo.

find . -type f -size +100M -print
Apple Terminal caution

Flush macOS DNS Cache

Changed DNS but your Mac still visits the old place? Flush the resolver cache.

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Hosting Operations safe

Tail the Failing CI Lines

Skip the full CI log and jump straight to lines that usually explain the failure.

grep -RInE 'error|failed|exception|traceback|fatal' logs/ | tail -50
Hosting Operations safe

List Newest Build Artifacts

Confirm what your pipeline actually produced before you deploy it.

find artifacts/ -type f -printf '%TY-%Tm-%Td %TH:%TM %10s %p\n' | sort | tail -20
Web Server Rescue safe

Check the Current Release Symlink

One glance tells you which release directory production is pointing at.

readlink -f releases/current && ls -ld releases/current
Linux Survival Basics safe

Find the Largest CI Logs

Huge logs often point to loops, noisy tests, or runaway debug output.

find logs/ -type f -printf '%s %p\n' | sort -nr | head -10
Hosting Operations safe

Show Release Directory Ages

See your newest release directories without opening a dashboard.

find releases/ -mindepth 1 -maxdepth 1 -type d -printf '%T@ %TY-%Tm-%Td %TH:%TM %p\n' | sort -nr | head -10 | cut -d' ' -f2-
Cybersecurity Triage safe

Extract Environment Names Only

Audit environment labels without printing secret values.

grep -RhoE 'ENVIRONMENT|NODE_ENV|APP_ENV|RAILS_ENV' config deploy | sort -u
Web Server Rescue safe

Smoke Check an HTTP Status

A deploy is not done until the endpoint answers.

curl -fsS -o /dev/null -w '%{http_code} %{time_total}s\n' https://example.com/health
Hosting Operations safe

Compare Artifact Checksums

Verify two artifact copies match before blaming deployment code.

sha256sum artifacts/app.tar.gz releases/current/app.tar.gz
Linux Survival Basics safe

Count Failures by Test File

Turn noisy test logs into a ranked failure list.

grep -RhoE '[A-Za-z0-9_./-]+\.(test|spec)\.(js|ts|py|rb)' logs/ | sort | uniq -c | sort -nr | head
Web Server Rescue safe

Inspect Release Disk Usage

Disk pressure during deploys often starts in old release directories.

du -sh releases/* 2>/dev/null | sort -h | tail -10
Hosting Operations safe

Check Image Tags in Manifests

Find the image tags your deployment files reference without printing env values.

grep -RhoE 'image:[[:space:]]*[^[:space:]]+' deploy/ | sort -u
Hosting Operations safe

Show Containers in a Clean Triage Table

Turn noisy docker ps output into the few fields operators scan first.

docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Image}}\t{{.Ports}}'
Web Server Rescue safe

Find Restarting Containers Fast

Restart loops hide in plain sight unless you filter for them.

docker ps -a --filter status=restarting --format 'table {{.Names}}\t{{.Status}}\t{{.Image}}'
Hosting Operations safe

Check Container Health Status

Docker may say a container is running while its health check says otherwise.

docker inspect --format '{{.Name}} health={{if .State.Health}}{{.State.Health.Status}}{{else}}none{{end}} status={{.State.Status}}' web
Web Server Rescue caution

Read Recent Container Logs

Skip the million-line log scroll and read only the recent failure window.

docker logs --since 10m --tail 100 api
Hosting Operations safe

Snapshot Container CPU and Memory

Get Docker resource usage once, without leaving a live dashboard running.

docker stats --no-stream --format 'table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}'
Web Server Rescue safe

Show Published Container Ports

When a service is unreachable, confirm Docker is publishing the port you think it is.

docker port web
Hosting Operations safe

Summarize Docker Disk Usage

See how Docker storage is split across images, containers, volumes, and cache.

docker system df -v
Cybersecurity Triage caution

Inspect Container Environment Names

Check what environment variables exist without printing their secret values.

docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' api | sed 's/=.*$/=/'
Hosting Operations safe

See Container Network Attachments

A container can be healthy and still attached to the wrong network.

docker inspect --format '{{.Name}} {{range $name, $net := .NetworkSettings.Networks}}{{$name}} {{$net.IPAddress}} {{end}}' api
Cybersecurity Triage safe

Review Recent Docker Events

Docker keeps a recent event trail for starts, stops, pulls, and health changes.

docker events --since 30m --until 0s
Hosting Operations safe

Test Nginx Before Reload

The config looked fine. Nginx disagreed before reload broke anything.

nginx -t
Hosting Operations safe

Show Enabled Nginx Sites

The config existed, but it was not enabled.

ls -l /etc/nginx/sites-enabled/
Hosting Operations safe

Inspect Response Headers

The page loaded, but the headers told the operational story.

curl -sI https://example.com
Hosting Operations safe

Check a Domain A Record

The site was fine. The domain was pointed somewhere else.

dig +short example.com A
Hosting Operations safe

List Certbot Certificates

The certificate existed. The question was which domains it covered.

certbot certificates
Hosting Operations safe

Check the Current Release Symlink

The deploy finished. The symlink told me what was actually live.

readlink -f /srv/www/example.com/current
Hosting Operations safe

Find Top 404 URLs

The missing file was not random. The access log had a pattern.

awk '$9==404 {print $7}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head
Hosting Operations safe

See Top Referrers

LinkedIn traffic was not a guess. The referrer field showed it.

awk -F'"' '{print $4}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head
Hosting Operations safe

Find the Processes Burning CPU

A server feels slow, but you need proof before restarting anything.

ps -eo pid,ppid,stat,pcpu,pmem,comm,args --sort=-pcpu | head -n 10
Hosting Operations safe

Find the Processes Eating Memory

Memory pressure can look like a slow app, a stuck deploy, or random crashes.

ps -eo pid,ppid,stat,pcpu,pmem,rss,comm,args --sort=-pmem | head -n 10
Web Server Rescue safe

Find Large Directories with du

Once you know a filesystem is full, the next question is where.

du -xh --max-depth=1 /var 2>/dev/null | sort -h
Cybersecurity Triage safe

Find Listening Ports with ss

Before blaming the firewall, check whether anything is actually listening.

ss -ltnp
Linux Survival Basics safe

Show Failed systemd Units

One command tells you which services systemd already knows are broken.

systemctl --failed --no-pager
Linux Survival Basics safe

Check If a Service Is Active

Get a clean yes-or-no service state without the full status page.

systemctl is-active nginx
Linux Survival Basics safe

Show Recent Server Reboots

Confirm whether the server actually rebooted and when.

last -x reboot | head -5
Linux Survival Basics safe

List Upcoming systemd Timers

Cron is not the only scheduler on modern Linux servers.

systemctl list-timers --all --no-pager
Hosting Operations safe

Summarize HTTP Status Codes

Before chasing individual lines, get the shape of the whole log.

awk '{count[$9]++} END {for (code in count) print count[code], code}' ./fixtures/nginx/access.log | sort -nr
Cybersecurity Triage safe

Find the IPs Creating the Most 4xx Noise

One address can turn a normal access log into a wall of failed requests.

awk '$9 ~ /^4/ {count[$1]++} END {for (ip in count) print count[ip], ip}' ./fixtures/nginx/access.log | sort -nr | head
Hosting Operations safe

Group Server Errors by URL Path

A 500 spike is easier to triage when the broken path is obvious.

awk '$9 ~ /^5/ {count[$7]++} END {for (path in count) print count[path], path}' ./fixtures/nginx/access.log | sort -nr | head
Cybersecurity Triage safe

Spot Unusual HTTP Methods in Access Logs

Most site traffic is boring. The weird methods are worth a look.

awk '$6 !~ /^"(GET|POST|HEAD|OPTIONS)$/ {print $1, $6, $7, $9}' ./fixtures/nginx/access.log | sort | uniq -c | sort -nr
Cybersecurity Triage safe

Count the Most Common User Agents

A strange traffic spike often has a strange user agent.

awk -F'"' '{print $6}' ./fixtures/nginx/access.log | sort | uniq -c | sort -nr | head
Cybersecurity Triage safe

Find Common Admin Probe Paths

A site does not need WordPress to receive WordPress-looking probes.

awk '$7 ~ /(admin|login|wp-|phpmyadmin)/ {print $1, $7, $9}' ./fixtures/nginx/access.log | sort | uniq -c | sort -nr | head
Cybersecurity Triage safe

Find Paths Repeatedly Returning 404

One missing URL is normal. A repeated missing URL is a signal.

awk '$9==404 {count[$7]++} END {for (path in count) if (count[path] >= 3) print count[path], path}' ./fixtures/nginx/access.log | sort -nr | head
Cybersecurity Triage safe

Spot Request Bursts by Minute

Traffic spikes are easier to read when you bucket them by time.

awk '{minute=substr($4,2,17); count[minute]++} END {for (m in count) print count[m], m}' ./fixtures/nginx/access.log | sort -nr | head
Hosting Operations safe

Find Unusually Large Web Responses

A few huge responses can explain bandwidth, latency, and suspicious download patterns.

awk '$10 ~ /^[0-9]+$/ && $10 > 1000000 {print $10, $1, $7, $9}' ./fixtures/nginx/access.log | sort -nr | head
Cybersecurity Triage safe

Find Clients Repeating the Same Path

The suspicious pattern is sometimes one client hammering one URL.

awk '{key=$1 " " $7; count[key]++} END {for (k in count) if (count[k] >= 5) print count[k], k}' ./fixtures/nginx/access.log | sort -nr | head

problem areas

Browse by what broke

Use the category that matches the problem: disk pressure, logs, permissions, Nginx, DNS, defensive checks, or Mac terminal work.

Cybersecurity Triage

Defensive commands for checking exposure, logs, permissions, and suspicious activity.

Hosting Operations

Web hosting, SSL, DNS, Nginx, deployment, backups, and VPS management.

Apple Terminal

macOS and Apple-adjacent terminal workflows for developers and power users.

how to read a fix

Copy less blindly

  1. Start with the problem statement and check that it matches your situation.
  2. Read the danger rating and the “when not to use it” note.
  3. Compare your expected output to the simulated output.
  4. Copy the command only after the context makes sense.

demo vessel

See example output first

Each demo uses fake files, fake services, and safe fixtures so you can see what the command does before trying it on a real machine.

85/85 demos passed

Generated 2026-06-25T12:33:15Z with docker.

Demo summary JSON

quality bar

No mystery pastebin commands

Every fix needs a clear use case, safety notes, recovery guidance, and a reproducible example.

Required

Problem, command, danger rating, when not to use it, undo or recovery, expected output, and demo commands.

Distribution

Short demos and transcripts are generated from the same checked lesson data.

Business signal

Useful pages get expanded into deeper guides, videos, and related troubleshooting paths.

project feeds

Machine-readable outputs

These feeds support videos, transcripts, and future tooling. Most readers can ignore them.

Shorts metadata

Titles, captions, target duration, playlist, and voiceover seed text.

LinkedIn post seeds

Hooks, command snippets, questions, and calls to action for engagement testing.

Analytics event contract

Privacy-light events to measure copy clicks, export clicks, lesson depth, and outbound video intent.

roadmap

What is being added next

The library is expanding by problem area: Linux basics, hosting, security triage, macOS, CI/CD, and data workflows.

  1. publish ten Linux Survival Basics lessons to test search demand
  2. add web hosting, DNS, SSL, and VPS troubleshooting fixes
  3. add defensive cybersecurity triage commands
  4. add Apple/macOS terminal fixes
  5. add comments with SSO after moderation controls are ready
  6. collect first-party page, click, copy, scroll, referrer, viewport, and timing events
  7. expand useful pages into short videos and deeper troubleshooting paths