Tools, cheat sheets and other useful resources

This is a Wiki post; a wiki post is a special type of post that any member of our community can edit!

Join me in editing and populating this Wiki post by sharing tools, scripts, cheat sheets, etc., that you frequently refer to or have saved to your bookmarks.

Config Provisioning & Management

• Ansible – open-source software provisioning, config management, and app-deployment tool.
• Chef Infra – infrastructure automation framework that turns infrastructure into code.
• Puppet – centralizes and automates system administration tasks.
• SaltStack – event-driven, infrastructure management and remote execution platform.
• Terraform – infrastructure as code to provision and manage cloud or on-prem resources.
• OpenTofu – open-source Terraform-compatible IAC.
• Pulumi – infrastructure as code in real programming languages.
• Packer – automated machine image building for many platforms.
• cloud-init – cross-distro cloud instance initialization.
• Foreman – lifecycle management for physical and virtual servers.
• CFEngine – policy-based automation at scale.
• Rudder – configuration management with built-in compliance.
• Nix – declarative package and system configuration management.

Backups

• Timeshift – system restore tool for Linux.
• HashBackup – encrypted, deduplicated, compressed backups.
• Déjà Dup – simple desktop backup tool.
• BorgBackup – deduplicating backups with compression and encryption.
• restic – modern backups to many storage types.
• Duplicati – encrypted, incremental backups to cloud services.
• rclone – command-line sync and backup to cloud storage and more.
• duplicity – encrypted, bandwidth-efficient backups using rsync algorithm.
• Kopia – fast, encrypted snapshots with CLI and GUI.
• borgmatic – simple automation wrapper for Borg.
• Proxmox Backup Server – deduplicated backups for VMs, containers, and hosts.
• Bacula – enterprise-ready network backup.
• Amanda – network backups for multiple hosts.
• UrBackup – client/server backups with web UI.
• rsnapshot – snapshot-style backups based on rsync.
• rdiff-backup – reverse incremental backups.

Benchmarking

• Bench-scripts – compilation of Linux server benchmark scripts.
• YABS – simple script to estimate server performance.
• Phoronix Test Suite – comprehensive cross-platform benchmarking.
• iperf3 – network throughput testing.
• fio – flexible I/O benchmarking tool.
• stress-ng – system stress testing toolkit.
• sysbench – modular CPU, memory, I/O, and DB benchmark.
• Even more see bench-scripts: A compilation of Linux server benchmarking scripts.

Data Removal

• Darik’s Boot and Nuke – DBAN – bootable data wiping tool.
• ShredOS – bootable Linux for secure disk erase (uses nwipe).
• nwipe – standalone secure disk eraser.
• shred – securely overwrite files to prevent recovery.
• wipe – secure file deletion utility.

Cloning & Imaging

• Rescuezilla – GUI disk imaging, compatible with Clonezilla images.
• Ventoy – multiboot USB for many ISOs/images.
• Clonezilla – disk imaging and cloning.
• partclone – back up and restore partitions.
• dd – built-in Unix tool to copy and convert data at a raw level.
• FOG Project – PXE-based network imaging and deployment.
• FSArchiver – filesystem-aware backup and restore.
• GNU ddrescue – data recovery from failing media.
• Redo Rescue – simple live backup, restore, and recovery.

Security

• rootkit hunter (rkhunter) – checks for rootkits and suspicious changes.
• fail2ban – bans hosts after repeated auth failures.
• ConfigServer Firewall (CSF) – firewall and login failure detection.
• ClamAV – open-source antivirus engine.
• Lynis – security auditing and system hardening.
• Tripwire – file integrity checker and IDS.
• AIDE – Advanced Intrusion Detection Environment (file integrity).
• Wazuh – host-based IDS with SIEM and XDR features.
• chkrootkit – local rootkit detection.
• CrowdSec – collaborative, behavior-based IPS.
• OpenSCAP – compliance scanning and policy enforcement.
• Falco – runtime security for containers and Kubernetes.

System Health

• atop – system and process monitor with logging.
• btop – modern terminal resource monitor.
• Cockpit – web-based server administration.
• Glances – curses-based cross-platform dashboard.
• Netdata – real-time performance monitoring and visualization.
• nmon – performance monitor for CPU, memory, network, disk.
• sysstat (sar) – performance collection tools (sar, iostat, mpstat).
• htop – interactive process viewer.
• iotop – per-process disk I/O monitor.
• iftop – per-interface bandwidth usage.
• bmon – bandwidth monitor and rate estimator.
• vnStat – network traffic monitor.

Monitoring

• Cacti – web-based network graphing.
• Checkmk – comprehensive monitoring with auto-discovery.
• Monit – process/service monitoring and autorestart.
• Munin – networked resource monitoring and graphing.
• Nagios Core – classic host and service monitoring.
• Zabbix – enterprise monitoring for networks and applications.
• Icinga – modern monitoring and alerting, Nagios-compatible.
• Observium – network monitoring with auto-discovery.
• Prometheus – metrics collection and alerting toolkit.
• Grafana – visualization and analytics dashboards.
• LibreNMS – auto-discovering network monitoring.
• NetXMS – scalable network and infrastructure monitoring.
• Uptime Kuma – self-hosted status and uptime monitoring.
• SmokePing – latency monitoring and graphing.
• Telegraf – metrics and log collector agent.
• More: Free Linux Server Monitoring and APM solutions for SysAdmins
• Even more: 100 Top Observability Tools (+ Server Monitoring and APM solutions)

Text Editors

• micro – modern and intuitive terminal-based text editor.
• nano – simple, user-friendly command-line text editor installed by default on many distros.
• vim – powerful and highly configurable text editor with a large ecosystem of plugins.
• Neovim – hyperextensible Vim-based editor with async and LSP support.
• emacs – extensible, customizable text editor with a vast ecosystem.
• Doom Emacs – an Emacs framework focused on speed and ergonomics.
• XNEdit – classic X11 editor with Unicode and antialiasing.
• Helix – modal editor with tree-sitter and LSP.
• Kakoune – selection-focused modal editor.
• Lapce – fast, Rust-based code editor.
• Even more, see 50 Linux Text Editors You Should Know About.

Useful Resources

• addr.tools – useful tools for the Internet.
• Awesome-sysadmin – curated open-source sysadmin resources.
• Linux Insides – deep dives into Linux kernel internals.
• Awesome bash alias – curated Bash aliases.
• Linux Filesystem – overview of common directories and their purpose.
• tldr pages – simplified, community-driven man pages.
• sshaudit.com – audit SSH server or client configuration.
• Arch Linux Wiki – high-signal community documentation.
• cheat.sh – instant cheat sheets via web or curl.
• explainshell – explain any shell command’s parts.

Containers & Virtualization

• Docker – container platform for building and running applications.
• containerd – industry-standard container runtime.
• Podman – daemonless, rootless-compatible container engine.
• Kubernetes – container orchestration for deployment and scaling.
• K3s – lightweight Kubernetes distribution.
• MicroK8s – single-command Kubernetes for workstations and edge.
• LXC – system containers for lightweight virtualization.
• LXD – system container and VM manager.
• QEMU – machine emulator and virtualization.
• KVM – Linux kernel virtualization infrastructure.
• libvirt – virtualization API and tooling.
• Vagrant – reproducible development environments.
• Proxmox VE – virtualization platform with clustering and web UI.
• Nomad – simple, flexible scheduler for containers and VMs.
• Harbor – open-source container registry with security and policies.

VPN

• OpenVPN – classic open-source VPN protocol and software.
• openvpn-install – one-command OpenVPN server installer.
• WireGuard – modern, fast VPN with strong cryptography.
• strongSwan – IPsec-based VPN (site-to-site and remote access).
• SoftEther VPN – multi-protocol, cross-platform VPN.
• Tinc – mesh VPN daemon with automatic peer connections.
• Algo VPN – on-demand WireGuard/IPsec VPN server deployer.
• Outline – self-hosted access server based on Shadowsocks.
• Tailscale – zero-config WireGuard-based mesh VPN.
• ZeroTier – virtual network overlay and SD-WAN.
• Headscale – self-hosted Tailscale-compatible control server.
• Netmaker – WireGuard-based virtual networking.
• Nebula – scalable, encrypted mesh overlay network.

Web Analytics

• GoAccess – real-time web log analyzer (terminal and HTML).
• Matomo – open-source, self-hosted web analytics.
• AWStats – log file analyzer for web stats.
• Plausible – lightweight, privacy-friendly analytics.
• Open Web Analytics – self-hosted analytics framework.
• GoatCounter – simple, privacy-focused analytics.
• Shynet – modern, cookie-free analytics.
• Umami – open-source, privacy-first analytics.
• Countly – product analytics, web and mobile.
• Ackee – self-hosted, privacy-aware analytics.

Feel free to jump in and edit this Wiki post. Simply edit to add listing(s), then add your @username to the ‘Editors’

I think with all of us “putting heads together," as it were, we will be able to discover even more great tools, solutions, and resources!

Wow. I need to install glances!! It looks so nice!

Fantastic idea. Compiling a lot of resources in one place will be super useful to both experts and newbies.

Should we post these in the thread itself?

Thanks! I really hope so.

This is a wiki post, so Level 1 and above members can edit the first post directly.

Also see:

.

A post was split to a new topic: Octopussy - Open Source Log Management

Updated original post: Feel free to add your fav tools/resources.

@tmick Thanks for editing and adding the list.

Updated with come of my favorite free monitoring tools. Feel free to edit this wiki post and add your fav tools.

Open call to our new (and old) members to add their favorite tools, cheat sheets and other resources by editing the above WiKi post.

Nice. I didn’t know this thread was a thing. Added a few things to the list.

Matomo and ConfigServer Firewall.

If I think of some more, I will be back.

Nice! Both are great tools. Matomo used to be Piwik or something like that. I’m still enslaved to Google Analytics lol

Making some additions.

I just stumbled upon this and think it could be helpful to others. I’m going through it now and it seems pretty competent.

Linux Internals

And bookmarked, thanks

This is pretty cool. Looks to be a book that’s a work in progress. Somewhere in the forums we also have a link to Awesome llinks which is a similar project. We can probably connect these two threads. Will try to font it late.

Here’s more about this project:

https://0xax.gitbooks.io/linux-insides/content/index.html

I was wondering if there was a common bash alias addon that Linux users commonly utilize?

I found this on git, but I was wondering if there’s something a little more formal, that’s common/mainstream among other Linux users.

Funny that people alias “clear” – I always thought it was just ctrl-L …

To be fair, I did alias “cls” to “clear” way back in the day, when I first switched from DOS.

Also, isn’t “exit” just “ctrl-D”?

The first 4 under “system state” are not ones that I ever alias. In fact, I never “sudo” those commands – I always sudo to a root shell and then run the command. Reason: I often use ! for command replay, and I specifically do not want a poweroff/reboot/halt/shutdown in my command history.

Funny that he aliases “myip” – a while back I wrote a portable script that determines a system’s primary IP address (among other things), no matter how many addresses are on the system, and it works on BSD, Linux, and macOS.

I found the original topic. It’s a Wiki post so we all can edit. I will add Linux Internals to it now as well. Thanks!!

Edited and added more solutions and tools.

EDIT: Added addr.tools to the list.

EDIT Sept 1, 2025: Updated with many more tools and solutions for us Linux power users.