Core Code
Core Code Modern Dev Handbook
LINUX-PRODUCTION Contents
Linux Fundamentals for Production
Filesystem Layout (FHS) in Practice Users, Groups, and Service Accounts Permissions & ACLs (chmod/chown/setuid) Sudoers Safe Defaults Packages: apt/dnf, Repos, and Pinning Shell & Environment Hygiene Editing Configs Safely Time, Timezones, and NTP System Introspection Toolkit
Processes & Signals
Linux Process Model (PID, PPID, Fork/Exec) ps/top/htop: Finding What Hurts Signals in Practice (TERM/KILL/HUP) nice/renice and Scheduling Basics ulimits and Resource Limits Background Jobs (nohup, tmux, systemd-run) /proc and What It Tells You cgroups Basics (CPU/Memory Isolation) Zombies, Orphans, and Stuck Processes
systemd & Services
systemd Unit Types Overview Service Unit Best Practices Dependencies & Ordering (After/Wants/Requires) Restart Policies and Backoff Environment Files and Secrets Handling journald Basics (Reading, Filtering, Retention) Logging Practices with systemd Timers vs Cron Debugging systemd Services
Networking Basics for Production
ip, routes, and interfaces DNS Debugging (dig, resolvectl, hosts) Ports and Sockets with ss curl for HTTP Debugging TCP Basics (Handshake, States, Retries) Firewall Overview (nftables/iptables/ufw) NAT and Port Forwarding Concepts TLS and Certificates Basics Network Troubleshooting Playbook
Storage & Filesystems
Disk Layout and Partitioning (lsblk/fdisk) Filesystems (ext4/xfs) Basics Mounts and /etc/fstab Safety Disk Usage: df vs du (and Why They Differ) Inodes and “Disk Full” Mysteries Swap Strategy in Production Log Rotation (logrotate) Basics Temporary and Runtime Storage Hygiene Backup Storage Considerations
Security Basics
SSH Hardening in Production Users and Least Privilege in Production Firewall Minimum Rules for Production Linux Patching Strategy in Production Managing Secrets on Linux Hosts Linux Audit and Basic Logging in Production Fail2ban and Rate Limiting in Production SELinux and AppArmor Overview in Production Linux Security Baseline Checklist for Production
Observability on Linux
Linux Log Sources Map in Production journalctl Power Usage in Production Log Structure and Correlation in Production Metrics Hooks Overview in Production Health Checks and Readiness in Production Tracing Mindset for Linux and Production Systems Core Dumps Basics in Production Debug Packages and Symbols in Production Linux Observability Checklist for Production
Performance & Debugging
Load Average Explained for Production Debugging CPU Profiling Basics in Linux Production Memory Pressure Basics in Linux Production IO Bottlenecks and iostat in Production lsof and Open Files in Production Debugging Practical strace Usage in Production Sockets Debugging Tools in Linux Production dmesg and Kernel Signals for Production Debugging Production Debugging Workflow for Linux Systems
Deployment Patterns
Environment and Configuration Management in Production Release Directory Pattern for Safe Linux Deployments Zero-Downtime Restarts in Production Running Migrations Safely in Production Secrets Deploy Patterns in Production Backups and Restore Drills in Production Rollback Strategies for Production Deployments Maintenance Windows in Production Operations Production Deployment Checklist for Linux Systems
Production Checklists
Writing Effective Runbooks for Production Systems Failure Modes Mapping for Linux Production Systems Incident Response Basics for Linux Production Break-Glass Access in Production Capacity Planning Basics for Linux Production Systems Monitoring and Alerting Baseline for Linux Production Production Readiness Review for Linux Systems Configuration Drift in Linux Production Systems Go-Live Checklist

System Introspection Toolkit

Know your host fast: uname, lsb_release, df, free, lscpu, lsblk, and friends.
On this page

Why Fast System Introspection Matters

In production, speed matters — but not the “random commands” kind. You need a repeatable, reliable checklist to understand a host quickly: what it is, how it is configured, where it is failing, and what is about to fail.

The 60-Second Host Snapshot

If you can only run a few commands, run these: 

uname -a
uptime
df -h
free -h
ps aux --sort=-%cpu | head
ss -lntp | head

This tells you:

  • Kernel and OS basics
  • Load and runtime duration
  • Disk pressure
  • Memory pressure
  • Top CPU consumers
  • What is listening on ports

OS and Distribution

Identify distro and version clearly (useful for package decisions): 

cat /etc/os-release
lsb_release -a

CPU, Memory, and Hardware

lscpu
nproc
free -h
vmstat 1 5

What to look for:

  • CPU cores vs load average
  • Memory available vs used
  • Swap usage trends
  • Context switching and run queue pressure

Storage and Filesystem Reality

lsblk
df -h
mount | head -n 30

Production checks:

  • Is /var filling up?
  • Are mounts correct?
  • Any unexpected tmpfs usage?

Disk Pressure and “Deleted But Still Open”

If df says full but you cannot find large files, check: 

lsof | grep deleted | head

Common production issue: logs deleted while process still holds file handle.

Networking Snapshot

ip a
ip route
resolvectl status
ss -lntp

What to confirm:

  • Correct IP and routes
  • DNS resolver health
  • Listening services match expectation

System Limits and Kernel Signals

ulimit -a
sysctl -a | head
dmesg | tail -n 50

dmesg is where you often see:

  • OOM killer events
  • Disk I/O errors
  • Kernel warnings

Service Inventory (What Is Running?)

systemctl --type=service --state=running
systemctl status myapp --no-pager

Production engineers keep an inventory mindset: what should be running vs what is running.

Common Production Mistakes

  • Running random commands without a mental model
  • Ignoring disk and memory signals until outage
  • Not correlating load with CPU cores
  • Forgetting to check dmesg during weird failures

Mental Model

You are building situational awareness. Every command you run should answer one question: CPU? Memory? Disk? Network? Services? If you cannot state what you are checking, you are debugging blindly.

Production Checklist

  • 60-second snapshot commands known by heart
  • Disk/memory/network inspected before deep dives
  • dmesg checked for kernel-level clues
  • systemctl inventory used to verify expectations