Unit-4

System Administration:

Linux is a major force in computing technology, powering everything from

mobile phones and personal computers to supercomputers and servers. The job
of a systems administrator is to manage the operations of a computer system.
As most computing devices are powered by Linux, it makes sense to learn it. By
the end of this article, you should be able to know and understand:

 Linux file systems

 File system hierarchy
 Linux online manual page
 Root/super user
 Handling files and directories
All the commands are demonstrated using a CentOS Linux distro.

The Linux file system

A file system is a method of storing files on a hard disk. There are different
types of file systems supported by Linux:

 Conventional disk file systems: ext2, ext3, ext4, XFS, Btrfs, JFS, NTFS,
etc.
 Flash storage file systems: ubifs, JFFS2, YAFFS, etc.
 Special-purpose file systems: procfs, sysfs, tmpfs, debugfs, etc.
File system hierarchy standards
The Linux system stores files according to a standard layout called the ‘file
system hierarchy’. The most common Linux directory structure is shown in
Figure 1.

Linux online manual page

One of the key features of Linux is that it provides online help about every
single command. To access the Linux manual (man) page, type the following
command:

[bhargab@localhost~]$man ls
This will provide the manual page of the ls command.

Root or super user

This is a special kind of user account, which holds all kinds of permissions to do
any alteration to a program or service of Linux.  The su command is used to
become a root or super user.  Type the following command, and enter the root
password to become a root or super user.

[bhargab@localhost~]$su

Figure 1: Linux file system hierarchy

Handling files and directories
In Linux, ‘Everything is a file’. This means that when we are dealing with normal
text files or with device files, we interact with them through file operation
related commands.  Some operations on files are discussed below.

Creating a file: There are two commands to create a file: touch and cat.

The touch command simply creates an empty file. Type the following command
to create an empty document:

[bhargab@localhost~]$touch file1
cat is used to create and view a file. Type the following command to create a
file:

[bhargab@localhost~]$cat>file1
To view a file type, use the command given below:

[bhargab@localhost~]$cat file1
Copying a file: The cp command is used to copy a file from one location to
another, as shown below:

[bhargab@localhost~]$cp file1 /home/bhargab/Documents/

This command copies a file from the current working directory
to /home/bhargab/Documents/.

Removing a file: To remove a file, type the following command:

[bhargab@localhost~]$rm file1
Renaming and moving a file: The mv command is used to move and rename
a file. To move a file from one location to another, use the following command:

[bhargab@localhost~]$mv file1 /home/bhargab/Document

The above command will move file1 to the Document directory
under  /home/bhargab/.
To rename a file, file1 to file2, type the following command:

[bhargab@localhost~]$mv file1 file2

Listing files and directories: ls lists the contents (files and directories) of the
current directory or specified directory. Type the following command to display
the contents of the current directory:

[bhargab@localhost~]$ls
This command simply lists the file name and directory name. To list all files in
your home directory, including the hidden files, type the following command:

[bhargab@localhost~]$ls –a
To view files in a‘long listing’format, type ls with the  –l option, as follows:

[bhargab@localhost~]$ls –l
A portion of the output is shown below.

total 48
 
drwxr-xr-x. 2 bhargab bhargab 4096 Jan 25 21:32 Desktop
drwxr-xr-x. 2 bhargab bhargab 4096 Apr 24 16:33 Documents
drwxr-xr-x. 6 bhargab bhargab 4096 Jan 20 23:55 Downloads
-rw-rw-r--. 1 bhargab bhargab    1024 Apr 28 22:18 file1
-rw-rw-r--. 1 bhargab bhargab    1024 Apr 28 22:01 file2
-rw-rw-r--. 1 bhargab bhargab    1024 Apr 28 22:01 file3
drwxr-xr-x. 2 bhargab bhargab 4096 Dec 20 08:48 Music
drwxr-xr-x. 2 bhargab bhargab 4096 Dec 20 08:48 Pictures
drwxr-xr-x. 2 bhargab bhargab 4096 Dec 20 08:48 Public
drwxr-xr-x. 2 bhargab bhargab 4096 Dec 20 08:48 Videos
The total, 48, indicates that the total number of disk blocks occupied is 48.
There are nine columns in each of the lines. Each column in the succession
represents the following—permission, number of links, owner name, group
name, size in bytes, date and time, and file name. The permission field consists
of 10 sub-fields. The first field represents the type of file. The next three fields
represent owner (u) permission. The fifth, sixth and seventh fields represent
group (g) permissions. The last three fields represent other (o) permissions. ‘w’
represents write permission, ‘x’ represents execute permission and ‘r’
represents read permission.

Hard link and soft link

A link is a connection between a file name and actual data in the hard disk.
There are two types of these -– the hard link and soft link.
A hard link can be created by typing the following command:
[bhargab@localhost~]$ln file1 file2
And a soft link by typing the following command:

[bhargab@localhost~]$ln –S file1 file3

Change Mod
In Linux, every file is associated with three types of permissions—read (r), write
(w), and execute (x). The existing file permission can be changed by the owner
of the file or the super user. The following command will embed a write
permission to the group:

[bhargab@localhost~]$chmod g+w file1

Similarly, to give an execute permission to other users, use the command given
below:

[bhargab@localhost~]$chmod o+x file1

In order to take away execute permissions from a group, type the following
command:

[bhargab@localhost~]$chmod g-x file1

Current working directory
The pwd command displays the current working directory, as follows:

[bhargab@localhost~]$pwd
/home/bhargab
This means that the current working directory is /home/bhargab/.

Creating a directory
The mkdir command is used to create a directory, as follows:

[bhargab@localhost~]$mkdir myDir
This will create a directory, myDir, under  /home/bhargab/.

Removing a directory
The rmdir command is used to remove an empty directory, as shown below:

[bhargab@localhost~]$rmdir myDir
rmdir with the –p option removes not only the specified directory but also
parent directories.

[bhargab@localhost~]$rmdir – p myDir
++++++++++++++++++++++++++++++

Basic ConfigurationPermalink
These tips cover some of the basic steps and issues encountered during the beginning
of system configuration. We provide a general Getting Started guide for your
convenience if you’re new to Linode and basic Linux system administration.
Additionally, you may find our Introduction to Linux Concepts guide useful.

Set the HostnamePermalink

Please follow our instructions for setting your hostname. You can use the following
commands to make sure it is set properly:
hostname
hostname -f

The first command should show your short hostname, and the second should show your
fully qualified domain name (FQDN).

Set the Time ZonePermalink

When setting the time zone of your server, it may be best to use the time zone of the
majority of your users. If you’re not sure which time zone would be best, consider using
Universal Coordinated Time or UTC (i.e., Greenwich Mean Time).

By default, Linodes are set to UTC. Many operating systems provide built-in, interactive
methods for changing time zones:

Set the Time Zone in Debian or UbuntuPermalink

Issue the following command and answer the questions as prompted on the screen:

dpkg-reconfigure tzdata

Set the Time Zone in CentOS 7 or Arch LinuxPermalink

1. View the list of available time zones:

2. timedatectl list-timezones

Use the Up, Down, Page Up and Page Down keys to navigate to the correct zone. Remember it,
write it down or copy it as a mouse selection. Then press q to exit the list.
3. Set the time zone (change America/New_York to the correct zone):
4. timedatectl set-timezone 'America/New_York'

Set the Time Zone Manually on a Linux SystemPermalink

Find the appropriate zone file in /usr/share/zoneinfo/ and link that file to /etc/localtime.
See the examples below for possibilities:
Universal Coordinated Time:

ln -sf /usr/share/zoneinfo/UTC /etc/localtime

Eastern Standard Time:

ln -sf /usr/share/zoneinfo/EST /etc/localtime

American Central Time (including Daylight Savings Time):

ln -sf /usr/share/zoneinfo/US/Central /etc/localtime

American Eastern Time (including Daylight Savings Time):

ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime

Configure the /etc/hosts FilePermalink

The /etc/hosts file provides a list of IP addresses with corresponding hostnames. This
allows you to specify hostnames for an IP address in one place on the local machine,
and then have multiple applications connect to external resources via their hostnames.
The system of host files precedes DNS, and hosts files are always checked before DNS
is queried. As a result, /etc/hosts can be useful for maintaining small “internal” networks,
for development purposes, and for managing clusters.
Some applications require that the machine properly identify itself in the /etc/hosts file.
As a result, we recommend configuring the /etc/hosts file shortly after deployment. Here
is an example file:
/etc/hosts
1 127.0.0.1 localhost.localdomain localhost
2 103.0.113.12 username.example.com username

You can specify a number of hostnames on each line separated by spaces. Every line
must begin with one and only one IP address. In the above example,
replace 103.0.113.12 with your machine’s IP address. Consider a few
additional /etc/hosts entries:
/etc/hosts
1 198.51.100.30 example.com
2 192.168.1.1 stick.example.com

In this example, all requests for the example.com hostname or domain will resolve to the IP
address 198.51.100.30, which bypasses the DNS records for example.com and returns an
alternate website.
The second entry tells the system to look to 192.168.1.1 for the domain stick.example.com.
These kinds of host entries are useful for using “private” or “back channel” networks to
access other servers in a cluster without needing to send traffic on the public network.

Network DiagnosticsPermalink
In this section, we’ll review some basic Linux commands that will help you assess and
diagnose network problems. If you suspect connectivity issues, adding the output from
the relevant commands to your support ticket can help our staff diagnose your issue.
This is particularly helpful in cases where networking issues are intermittent.
The ping CommandPermalink
The ping command tests the connection between the local machine and a remote
address or machine. The following commands “ping” google.com and 216.58.217.110:
ping google.com
ping 216.58.217.110

These commands send a small amount of data (an ICMP packet) to the remote host
and wait for a response. If the system is able to make a connection, it will report on the
“round trip time” for every packet. Here is the sample output of four pings to
google.com:

PING google.com (216.58.217.110): 56 data bytes

64 bytes from 216.58.217.110: icmp_seq=0 ttl=54 time=14.852 ms
64 bytes from 216.58.217.110: icmp_seq=1 ttl=54 time=16.574 ms
64 bytes from 216.58.217.110: icmp_seq=2 ttl=54 time=16.558 ms
64 bytes from 216.58.217.110: icmp_seq=3 ttl=54 time=18.695 ms
64 bytes from 216.58.217.110: icmp_seq=4 ttl=54 time=25.885 ms

The time field specifies in milliseconds the duration of the round trip for an individual
packet. When you’ve gathered the amount of information you need, use Control+C to
interrupt the process. You’ll be presented with some statistics once the process is
stopped. This will resemble:
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 33.890/40.175/53.280/7.679 ms

There are several important data points to notice:

 Packet Loss, or the discrepancy between the number of packets sent and the number of
packets that return successfully. This number shows the percentage of packets that are
dropped.
 Round Trip Time (rtt) statistics on the final line report information about all the ping
responses. For this ping we see that the fastest packet round trip (min) took 33.89
milliseconds. The average round trip (avg) took 40.175 milliseconds. The longest packet
(max) took 53.28 milliseconds. A single standard deviation unit (mdev) for these four packets
is 7.67 milliseconds.
The ping command is useful as an informal diagnostic tool to measure point-to-point
network latency, and as a tool to simply ensure you are able to make a connection to a
remote server.

The traceroute CommandPermalink

The traceroute command expands on the functionality of the ping command. It provides
a report on the path that the packets take to get from the local machine to the remote
machine. Each step (intermediate server) in the path is called a hop. Route information
is useful when troubleshooting a networking issue: if there is packet loss in one of the
first few hops the problem is often related to the user’s local area network (LAN) or
Internet service provider (ISP). By contrast, if there is packet loss near the end of the
route, the problem may be caused by an issue with the server’s connection.
Here is an example of output from a traceroute command:
traceroute to google.com (74.125.53.100), 30 hops max, 40 byte packets
1 207.192.75.2 (207.192.75.2) 0.414 ms 0.428 ms 0.509 ms
2 vlan804.tbr2.mmu.nac.net (209.123.10.13) 0.287 ms 0.324 ms 0.397 ms
3 0.e1-1.tbr2.tl9.nac.net (209.123.10.78) 1.331 ms 1.402 ms 1.477 ms
4 core1-0-2-0.lga.net.google.com (198.32.160.130) 1.514 ms 1.497 ms 1.519 ms
5 209.85.255.68 (209.85.255.68) 1.702 ms 72.14.238.232 (72.14.238.232) 1.731 ms 21.031 ms
6 209.85.251.233 (209.85.251.233) 26.111 ms 216.239.46.14 (216.239.46.14) 23.582 ms 23.468 ms
7 216.239.43.80 (216.239.43.80) 123.668 ms 209.85.249.19 (209.85.249.19) 47.228 ms 47.250 ms
8 209.85.241.211 (209.85.241.211) 76.733 ms 216.239.43.80 (216.239.43.80) 73.582 ms 73.570 ms
9 209.85.250.144 (209.85.250.144) 86.025 ms 86.151 ms 86.136 ms
10 64.233.174.131 (64.233.174.131) 80.877 ms 216.239.48.34 (216.239.48.34) 76.212 ms
64.233.174.131 (64.233.174.131) 80.884 ms
11 216.239.48.32 (216.239.48.32) 81.267 ms 81.198 ms 81.186 ms
12 216.239.48.137 (216.239.48.137) 77.478 ms pw-in-f100.1e100.net (74.125.53.100) 79.009 ms
216.239.48.137 (216.239.48.137) 77.437 ms

Often the hostnames and IP addresses on either side of a failed jump are useful in
determining who operates the machine where the routing error occurs. Failed jumps are
designated by lines with three asterisks (* * *).
Adding traceroute output to Linode support tickets is sometimes useful when trying to
diagnose network issues. You may also want to forward traceroute information to your
Internet Service Provider (ISP) if you suspect that the connectivity issue is with your
ISP’s network. Recording traceroute information is particularly useful if you are
experiencing an intermittent issue.

The mtr CommandPermalink

The mtr command, like the traceroute tool, provides information about the route that
internet traffic takes between the local system and a remote host. However, mtr provides
additional information about the round trip time for the packet. In a way, you can think
of mtr as a combination of traceroute and ping.
Here is an example of output from an mtr command:
HOST: username.example.com Loss% Snt Last Avg Best Wrst StDev
1. 256.129.75.4 0.0% 10 0.4 0.4 0.3 0.6 0.1
2. vlan804.tbr2.mmu.nac.net 0.0% 10 0.3 0.4 0.3 0.7 0.1
3. 0.e1-1.tbr2.tl9.nac.net 0.0% 10 4.3 4.4 1.3 11.4 4.1
4. core1-0-2-0.lga.net.google.com 0.0% 10 64.9 11.7 1.5 64.9 21.2
5. 209.85.255.68 0.0% 10 1.7 4.5 1.7 29.3 8.7
6. 209.85.251.9 0.0% 10 23.1 35.9 22.6 95.2 27.6
7. 72.14.239.127 0.0% 10 24.2 24.8 23.7 26.1 1.0
8. 209.85.255.190 0.0% 10 27.0 27.3 23.9 37.9 4.2
9. gw-in-f100.1e100.net 0.0% 10 24.1 24.4 24.0 26.5 0.7

Like the ping command, mtr tracks the speed of the connection in real time until you exit
the program with CONTROL+C. To have mtr stop automatically and generate a report
after ten packets, use the --report flag:
mtr --report

Be aware that mtr will pause for a few moments while generating output. For more
information regarding mtr consider our diagnosing network issues with mtr guide.

System DiagnosticsPermalink
If you’re having an issue with your Linode that is neither related to networking nor
another application issue, it may help to rule out “hardware” and operating system level
issues. Use the following tools to better diagnose and resolve these.
If you determine that you have a problem with memory usage, refer to our guide
on resolving memory usage issues. Use the following tools and approaches to
determine the specific cause of your troubles.

Check Current Memory UsagePermalink

To see how much memory your system is currently using:

free -m

On a Linode 2GB under moderate use, the output should resemble the following:

total used free shared buffers cached

Mem: 1999 954 1044 105 34 703
-/+ buffers/cache: 216 1782
Swap: 255 0 255

This output takes a bit of careful reading to interpret. Out of a total 1999 megabytes of
memory (RAM), the system is using 954 megabytes and has 1044 megabytes
free. However, the system also has 703 megabytes of “stale” data buffered and stored
in cache. The operating system will “drop” the caches if it needs the space, but retains
the cache if there is no other need for the space. It is normal for a Linux system to leave
old data in RAM until the space is needed, so don’t be alarmed if only a small amount of
memory is “free.”
In the above example, there are 1782 megabytes of memory that are actually free. This
means 1782 megabytes are available to your system when you start an additional
process or a running application needs more memory.

Monitor I/O Usage with vmstatPermalink

The vmstat tool provides information about memory, swap utilization, I/O wait, and
system activity. It is particularly useful for diagnosing I/O-related issues.
If you think you’re having an I/O issue then run the following command:

vmstat 1 20

This runs a vmstat every second, twenty times, giving a sample of the current state of
the system. The output generated resembles the following:

procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----

r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 4 32652 47888 110824 0 0 0 2 15 15 0 0 100 0
0 0 4 32644 47888 110896 0 0 0 4 106 123 0 0 100 0
0 0 4 32644 47888 110912 0 0 0 0 70 112 0 0 100 0
0 0 4 32644 47888 110912 0 0 0 0 92 121 0 0 100 0
0 0 4 32644 47888 110912 0 0 0 36 97 136 0 0 100 0
0 0 4 32644 47888 110912 0 0 0 0 96 119 0 0 100 0
 0 0 4 32892 47888 110912 0 0 0 4 96 125 0 0 100 0
0 0 4 32892 47888 110912 0 0 0 0 70 105 0 0 100 0
0 0 4 32892 47888 110912 0 0 0 0 97 119 0 0 100 0
0 0 4 32892 47888 110912 0 0 0 32 95 135 0 0 100 0
0 0 4 33016 47888 110912 0 0 0 0 75 107 0 0 100 0
0 0 4 33512 47888 110912 0 0 0 24 113 134 0 0 100 0
0 0 4 33512 47888 110912 0 0 0 0 175 244 0 0 100 0
0 0 4 33512 47888 110912 0 0 0 0 92 148 0 0 100 0
0 0 4 33512 47888 110912 0 0 0 0 114 162 0 0 100 0
0 0 4 33512 47888 110912 0 0 0 36 100 157 0 0 100 0
0 0 4 33388 47888 110912 0 0 0 0 116 166 0 0 100 0
0 0 4 33388 47888 110912 0 0 0 0 97 157 0 0 100 0
0 0 4 33388 47888 110912 0 0 0 0 89 144 0 0 100 0
0 0 4 33380 47888 110912 0 0 0 0 181 185 0 0 99 0

The memory and swap columns provide the same kind of information provided by the
“free -m” command, albeit in a slightly harder to understand format. The most relevant
information produced by this command is the wa column, which is the final column in
most implementations. This field displays the amount of time the CPU spends waiting
for I/O operations to complete.
If this number is consistently and considerably higher than 0, you might consider taking
measures to address your IO usage. However, if the vmstat output resembles the above,
you can be sure in the knowledge that you’re not experiencing an IO-related issues.
If you are experiencing an intermittent issue, you will need to run vmstat when you
experience the issue in order to properly diagnose or rule out an I/O issue. vmstat output
can sometimes help support diagnose problems.

Monitor Processes, Memory, and CPU Usage with htopPermalink

If you want a more organized, real-time view of the current state of your system, we
recommend a tool called htop. This is not installed by default on most systems. To
install htop, issue one of the following commands, depending on which distribution you
use:
apt-get install htop
yum install htop
pacman -S htop
emerge sys-process/htop

To start the program:

htop

You can quit at any time by pressing the F10 or Q keys. There are a couple
of htop behaviors that may not be initially intuitive. Take note of the following:
 The memory utilization graph displays used memory, buffered memory, and cached memory.
The numbers displayed at the end of this graph reflect the total amount of memory available
and the total amount memory on the system as reported by the kernel.
 The default configuration of htop presents all application threads as independent processes,
which may not be clear if you’re not aware of it. You can disable this by selecting the “setup”
option with F2, then “Display Options,” and then toggling the “Hide userland threads” option.
  You can toggle a “Tree” view with the F5 key that displays the processes in a hierarchy and
shows which processes were spawned by other processes in an organized format. This is
helpful in diagnosing a problem when you’re having trouble distinguishing among processes.

File System ManagementPermalink

Web developers and editors often use the FTP protocol to transfer and manage files on
a remote system. FTP, however, is very insecure and inefficient for managing the files
on a system when you have SSH access.

If you’re new to Linux systems administration, consider our “Tools & Reference” section
and articles including: installing and using WinSCP, using rsync to synchronize
files and using SSH and the terminal.
Caution
If you are giving other users access to upload files to your server, consider the security
implications of all additional access that you grant to third parties.

Upload Files to a Remote ServerPermalink

If you’re used to using an FTP client, OpenSSH (which is included and active with all of
the Linode distribution images) allows you to use an FTP-like interface over the SSH
protocol. Known as “SFTP,” many clients support this protocol, including WinSCP for
Windows, Cyberduck for Mac OS X, and Filezilla for Linux, OS X, and Windows
desktops.
If you are accustomed to FTP, SFTP will be very familiar to you. By default, whatever
access a user has to a file system at the command line, that user will also have over
SFTP. Consider the implications of file permissions when configuring user access.
You can also use Unix utilities including scp and rsync to securely transfer files to your
Linode. On a local machine, a command to copy team-info.tar.gz would look like:
scp team-info.tar.gz [email protected]:/home/username/backups/

The command, scp, is followed by the path of the file on the local file system to be
transferred. Next, the username and hostname of the remote machine follow, separated
by an “at” sign (@). Follow the hostname with a colon (:) and the path on the remote
server to where the file should be uploaded. Using a more generalized example:
scp [/path/to/local/file] [remote-username]@[remote-hostname]:[/path/to/remote/file]

This command is available by default on OS X and Linux machines. You can use it to
copy files to a Linode, as well as between remote servers. If you use SSH keys, you can
use the scp command without entering a password for every transfer.
The syntax of scp follows the form scp [source] [destination]. You can copy files from a
remote host to the local machine by reversing the order of the paths in the above
example.

Protect Files on a Remote ServerPermalink

Because Linode servers are network accessible and often have a number of distinct
users, maintaining the security of files is often an important concern. We recommend
you familiarize yourself with our basic security guide. Our guide on access control with
user accounts and permissions may provide additional insight.
We suggest the following best practices for maintaining security:

 Only give users the permission to do what they need to. This includes application-specific
users.
 Only run services on public interfaces that you are actively using. One common source of
security vulnerabilities is in unused daemons that are left running. This includes database
servers, HTTP development servers, and FTP servers.
 Use SSH connections whenever possible to secure and encrypt the transfer of sensitive
information.
Manage Files on a Linux SystemPermalink
If you’re new to using Linux and manipulating files on the terminal interface we
encourage you to consider our guide on using the terminal. This section provides a list
of basic commands to manage the contents of your filesystem.
To copy files:
cp /home/username/todo.txt /home/username/archive/todo.01.txt

This copies todo.txt to an archive folder, and adds a number to the file name. If you
want to recursively copy all of the files and subdirectories in a directory to another
directory, use the -R option. This command looks like:
cp -R /home/username/archive/ /srv/backup/username.01/

To move a file or directory:

mv /home/username/archive/ /srv/backup/username.02/

You can also use the mv command to rename a file.

To delete a file:
rm scratch.txt

This will delete the scratch.txt file from the current directory.

For more information about file system navigation and manipulation, please consider
our documentation of file system navigation.
Package ManagementPermalink
Most Linux systems use package management tools to facilitate the installation and
maintenance of all software on your system. For more in-depth coverage of this topic,
please reference our package management guide.
While these tools provide a number of powerful features, it is easy to look past the
benefits of package management. If you install software manually without package
management tools, it becomes difficult to keep your system up to date and to manage
dependencies. For these reasons, we recommend installing all software through
package management tools unless other means are absolutely necessary. The
following tips outline a couple of basic package management tasks.

Find Packages Installed on Your SystemPermalink

Because packages are so easy to install, and often pull in a number of dependencies, it
can be easy to lose track of what software is installed on your system. The following
commands provide a list of installed packages on your system.

For Debian and Ubuntu systems:

dpkg -l

The following example presents the first few lines of the output of this command on a
production Debian Lenny system.

||/ Name Version Description

+++-============================-============================-===============================
ii adduser 3.110 add and remove users and groups
ii apache2-mpm-itk 2.2.6-02-1+lenny2 multiuser MPM for Apache 2.2
ii apache2-utils 2.2.9-10+lenny4 utility programs for webservers
ii apache2.2-common 2.2.9-10+lenny4 Apache HTTP Server common files
ii apt 0.7.20.2+lenny1 Advanced front-end for dpkg
ii apt-utils 0.7.20.2+lenny1 APT utility programs
ii bash 3.2-4 The GNU Bourne Again SHell

For CentOS and Fedora systems:

yum list installed

The following example shows a few lines of this command’s output:

MAKEDEV.i386 3.23-1.2 installed

SysVinit.i386 2.86-15.el5 installed

CentOS and Fedora systems provide the name of the package ( SysVinit), the
architecture it was compiled for (i386), and the version of the build installed on the
system (2.86-15.el5).
For Arch Linux systems:
pacman -Q

This command provides a total list of all packages installed on the system. Arch also
allows you to filter these results to display only packages that were explicitly installed
(with the -Qe option) or that were automatically installed as dependencies (with the -
Qd option). The above command is actually a combination of the output of two
commands:
pacman -Qe
pacman -Qd

The following is an example of the output:

perl-www-mechanize 1.60-
perl-yaml 0.70-1
pkgconfig 0.23-1
procmail 3.22-2
python 2.6.4-1
rsync 3.0.6-1

For Gentoo Linux systems:

emerge -evp --deep world

The following is a sample of this output:

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild R ] sys-libs/ncurses-5.6-r2 USE="unicode -debug -doc -gpm -minimal -nocxx
-profile -trace" 0 kB
[ebuild R ] virtual/libintl-0 0 kB
[ebuild R ] sys-libs/zlib-1.2.3-r1 0 kB

Because there are often a large number of packages installed on any given system, the
output of these commands can be quite large. As a result, it is often useful to use tools
like grep and less to make these results more useful. For example:
dpkg -l | grep "python"

This will return a list of all packages with the word “python” in their name or description.
Similarly, you can use less:
dpkg -l | less

This will return the same list as the plain “dpkg -l; however, the results will appear in
the less pager, which allows you to search and scroll more easily.
You can append | grep "[string]" to these commands to filter package list results, or |
less to display the results in a pager, regardless of distribution.
Find Package Names and InformationPermalink
Sometimes the name of a package isn’t intuitive, based on the name of the software. As
a result, most package management tools make provide an option to search the
package database. These search tools may be helpful if you’re looking for a specific
piece of software but don’t know what it’s called.

For Debian and Ubuntu systems:

apt-cache search [package-name]

This will search the local package database for a given term and generate a list with
descriptions. An excerpt of the output for apt-cache search python follows:
txt2regex - A Regular Expression "wizard", all written with bash2 builtins
vim-nox - Vi IMproved - enhanced vi editor
vim-python - Vi IMproved - enhanced vi editor (transitional package)
vtk-examples - C++, Tcl and Python example programs/scripts for VTK
zope-plone3 - content management system based on zope and cmf
zorp - An advanced protocol analyzing firewall
groovy - Agile dynamic language for the Java Virtual Machine
python-django - A high-level Python Web framework
python-pygresql-dbg - PostgreSQL module for Python (debug extension)
python-samba - Python bindings that allow access to various aspects of Samba
Note that apt-cache search queries the full records for all of the packages and not simply
the titles and the descriptions displayed here, hence the inclusion of vim-
nox and groovy which both mention python in their descriptions. To see the full record on
a specific package:
apt-cache show [package-name]

This provides information regarding the maintainer, the dependencies, the size, the
homepage of the upstream project, and a description of the software.

For CentOS and Fedora systems:

yum search [package-name]

This generates a list of all packages available in the package database that match the
given term. The following is an example of the output of yum search wget:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: centos.secsup.org
* base: centos.secsup.org
* extras: centos.secsup.org
* updates: styx.biochem.wfubmc.edu
================================ Matched: wget =================================
wget.i386 : A utility for retrieving files using the HTTP or FTP protocols.

You can use the package management tools to discover more information about a
specific package. Use the following command to get a full record from the package
database:

yum info [package-name]

This output presents more in-depth information concerning the package, its
dependencies, origins, and purpose.

For Arch Linux systems:

pacman -Ss [package-name]

This will perform a search of the local package database. Here is an excerpt of results
for a search for “python”:

extra/twisted 8.2.0-1
Asynchronous networking framework written in Python.
community/emacs-python-mode 5.1.0-1
Python mode for Emacs

The terms “extra” and “community” refer to which repository the software is located in.
To request more information about a specific package issue a command in the following
form:

pacman -Si [package-name]

Running pacman with the -Si option generates the package’s record from the database.
This record includes dependencies, package size, and a brief description.
For Gentoo Linux systems:
emerge --search [package-name]
emerge --searchdoc [package-name]

The first command only searches the database for package names. The second
command searches through the database for package names and descriptions. These
commands will allow you to search your local package tree (i.e., portage) for the specific
package name or term. The output of either command is similar to the excerpt below.

Searching...
[ Results for search key : wget ]
[ Applications found : 4 ]

* app-emacs/emacs-wget
Latest version available: 0.5.0
Latest version installed: [ Not Installed ]
Size of files: 36 kB
Homepage: http://pop-club.hp.infoseek.co.jp/emacs/emacs-wget/
Description: Wget interface for Emacs
License: GPL-2

Because the output provided by the emerge --search command is verbose, there is no

“show more information” tool, unlike other distributions’ tools. The emerge
--search command accepts input in the form of a regular expression if you need to
narrow results even further.
Since there are often a large number of results for package searches, these commands
output a great quantity of text. As a result it is often useful to use tools
like grep and less to make these results easier to scroll through. For example:
apt-cache search python | grep "xml"

This will return the subset of the list of packages which matched for the search term
“python” and that mention xml in their name or short description. Similarly:

apt-cache search python | less

This will return the same list as the plain apt-cache search python but the results will
appear in the less pager. This allows you to search and scroll more conveniently.
You can append | grep "[string]" to any of these commands to filter package search
results, or | less to display the results in the less pager, regardless of distribution.
Text ManipulationPermalink
Among Linux and UNIX-like systems, nearly all system configuration information is
stored and manipulated in plain text form. These following sections show a list of basic
Linux commands and tools to manipulate text files.

Becoming a system administrator

Since there's no Linux system administrator college major and no real learning
track for Linux system administrators, how does one become a Linux system
administrator? Most Linux system administrators (SAs) entered the field by
accident. No, seriously. Just ask one. Some SAs took up Linux as a sideline,
to their duties as Unix SAs, as interest and adoption grew in the late 1990s.
As Linux became a data center standard and the various Unix "flavors" waned
in popularity, those who'd dabbled in it were converted to Linux administrators
out of need.

Career Advice
 Take a sysadmin skills assessment
 Explore training and certification options
 Read a guide to human communication for sysadmins

For new Linux administrators, many enter the job from their interests as home
enthusiasts, gamers, or clandestine administrators of college servers. This is
how it happened for me. As soon as I saw Linux for the first time in 1995, I
was hooked. By January of 1996, I had started the local Linux User's Group
(LUG) here in Tulsa, Oklahoma, much to the chagrin of the Unix Special
Interest Group (Unix SIG). 

My beginnings with Linux were rocky. I first ran across Linux in a magazine
where I could purchase a 2 CD set in early 1995 when I worked at WorldCom
(Yes, that WorldCom). I installed a group FTP/download server for my
desktop support group coworkers. A few weeks later, I was told by one of the
"gurus" in another group, "We don't allow Lye-nix on our network." I wasn't
convinced of course that it mattered what was allowed and what was not, so I
kept the server but installed Samba on it and changed daemon header
information to make it look like my little system was a Windows server.

After I left the Desktop support group, I moved on to Windows domain

administration. I installed a Red Hat Linux 4.0 system that I also hid under my
desk from prying eyes. I also installed Samba on it to fool network probes and
my annoying team leader who once asked, "What is that Linux server doing
for us?" My answer was, "It isn't doing anything for us, but it's doing a lot
for me. I use it for research." I kept the Red Hat Linux system until I moved to
a different group. Linux was still not allowed on the network. I still didn't care.
Yes, I was defiant and terrible but I was also not going to sit around messing
with Windows 3.11 and Windows 95 while the rest of the world embraced
Linux.
Even getting the LUG started was difficult. I had only about eight people who
were interested and it was very frustrating. After almost a year of being too
frustrated to continue, I passed the LUG torch to another group member. The
Tulsa Linux User's Group is still going today and meets once a month on the
University of Tulsa campus. They still have install fests and lots of activities.
And, believe it or not, Linux is now the major *nix operating system in that
chilly data center that once didn't allow it. It's no longer WorldCom but some
iteration of Verizon. The same people work there and none have ever
apologized for their behavior nor have they said, "Hey, Ken, you were right
about Linux." I'm not going to hold my breath waiting either.

Other than sneaking into Linux system administration by some circuitous path,
the more direct and recommended route is to still learn on your own but take
some formalized Linux classes to prove your learning milestones. Being self-
taught is great, but you'll always just be an enthusiast or hobbyist unless you
can formalize your knowledge with certifications or some other proof of
knowledge. Self-education is commendable but you'll have significant gaps in
your learning. You should set certification knowledge as your goal, whether
you become certified or choose not to do so. For a good start, check out
Professor Messer's videos on YouTube.

Also, use free resources such as Opensource.com and Enable Sysadmin to

enhance your knowledge and to expand your network of learning
opportunities.

What a Linux System Administrator does

A Linux system administrator wears many hats and the smaller your
environment, the more hats you will wear. Linux administration covers
backups, file restores, disaster recovery, new system builds, hardware
maintenance, automation, user maintenance, filesystem housekeeping,
application installation and configuration, system security management, and
storage management. System administration covers just about every aspect
of hardware and software management for both physical and virtual systems.

Oddly enough, you also need a broad knowledge base of network

configuration, virtualization, interoperability, and yes, even Windows operating
systems. A Linux system administrator needs to have some technical
knowledge of network security, firewalls, databases, and all aspects of a
working network. The reason is that, while you're primarily a Linux SA, you're
also part of a larger support team that often must work together to solve
complex problems. Security, in some form or another, is often at the root of
issues confronting a support team. A user might not have proper access or
too much access. A daemon might not have the correct permissions to write
to a log directory. A firewall exception hasn't been saved into the running
configuration of a network appliance. There are hundreds of fail points in a
network and your job is to help locate and resolve failures.

Linux system administration also requires that you stay on top of best
practices, learn new software, maintain patches, read and comply with
security notifications, and apply hardware updates. An SA's day is very full. In
fact, you never really finish, but you have to pick a point in time to abandon
your activities. Being an SA is a 24x7x365 job, which does take its toll on you
physically and mentally. You'll hear a lot about burnout in this field. We, at
Enable Sysadmin, have written several articles on the topic.

The hardest part of the job

Doing the technical stuff is relatively easy. It's dealing with people that makes
the job really hard. That sounds terrible but it's true. On one side, you deal
with your management, which is not always easy. You are the person who
gets blamed when things go wrong and when things go right, it's "just part of
your job." It's a tough place to be. 

Coworkers don't seem to make life better for the SA. They should, but they
often don't. You'll deal with lazy, unmotivated coworkers so often that you'll
feel that you're carrying all the weight of the job yourself. Not all coworkers are
bad. Some are helpful, diligent, proactive types and I've never had the
pleasure of working with too many of them. It's hard to do your work and then
take on the dubious responsibility of making sure everyone else does theirs as
well.

And then there are users. Oh the bane of every SA's life, the end user. An SA
friend of mine once said, "You know, this would be a great job if I just didn't
have to interface with users." Agreed. But then again, with no users, there's
probably also not a job. Dealing with computers is easy. Dealing with people
is hard. Learn to breathe, smile, and comply if you want to survive and
maintain your sanity.

+++++++++++++++++++++

Modify User Permissions:

Ownership and Permissions
As a regular user, try to enter root's home directory by entering the command cd /root/.
Note the error message:

-bash: cd: /root/: Permission denied

That was one demonstration of Linux's security features. Linux, like UNIX, is a multi-
user system and file permissions are one way the system protects against malicious
tampering.
One way to gain entry when you are denied permission is to enter the command su -.
This is because whoever knows the root password has complete access.
However, switching to the superuser is not always convenient or recommended, since it
is easy to make mistakes and alter important configuration files as the superuser.
All files and directories are "owned" by the person who created them. You created the
file foo.txt (refer to Section 4.9.2  Using Redirection) in your login directory,
so foo.txt belongs to you.
That means you can specify who is allowed to read the file, write to the file, or (if it is an
application instead of a text file) who can execute the file.
Reading, writing, and executing are the three main settings in permissions. Since users
are placed into a group when their accounts are created, you can also specify whether
certain groups can read, write to, or execute a file.
Take a closer look at foo.txt with the ls command using the -l option (refer to Figure 4-
11).
A lot of detail is provided here. You can see who can read (r) and write to (w) the file, as
well as who created the file (user), and to which group the owner belongs (user). (By
default, the name of your group is the same as your login name.)

Figure 4-11. Permissions for foo.txt

Other information to the right of the group includes file size, date and time of file
creation, and file name.
The first column shows current permissions; it has ten slots. The first slot represents the
type of file. The remaining nine slots are actually three sets of permissions for three
different categories of users.
For example:

-rw-rw-r--
Those three sets are the owner of the file, the group in which the file belongs, and
"others," meaning other users on the system.

- (rw-) (rw-) (r--) 1 user user

The first item, which specifies the file type, will probably be one of the following:
 d — a directory
 - (dash) — a regular file (rather than directory or link)
 l — a symbolic link to another program or file elsewhere on the system
Others are possible, but are beyond the scope of this manual. Refer to the Red Hat
Enterprise Linux System Administration Guide for more information.
Beyond the first item, in each of the following three sets, you may see one of the
following:
 r — file can be read
 w — file can be written to
 x — file can be executed (if it is a program)
 - (dash) — specific permission has not been assigned
When you see a dash in owner, group, or others, it means that particular permission
has not been granted. Look again at the first column of foo.txt and identify its
permissions.

ls -l foo.txt
-rw-rw-r-- 1 user user 150 Mar 19 08:08 foo.txt

The file's owner (in this case, user) has permission to read and write to the file. The
group, user, has permission to read and write to foo.txt, as well. It is not a program, so
neither the owner or the group has permission to execute it.

4.11.1. The chmod Command
Use the chmod command to change permissions. This example shows how to change
the permissions on foo.txt with the chmod command.
The original file looks like this, with its initial permissions settings:

-rw-rw-r-- 1 user user 150 Mar 19 08:08 foo.txt

If you are the owner of the file or are logged into the root account, you can change any
permissions for the owner, group, and others.
Right now, the owner and group can read and write to the file. Anyone outside of the
group can only read the file (r--).
In the following example, you want to allow everyone to write to the file, so they can
read it, write notes in it, and save it. That means you must change the "others" section
of the file permissions.
Take a look at the file first. At the shell prompt, type:

ls -l foo.txt

The previous command displays this file information:

-rw-rw-r-- 1 user user 150 Mar 19 08:08 foo.txt

Now, type the following:

chmod o+w foo.txt

The o+w command tells the system you want to give others write permission to the
file foo.txt. To check the results, list the file's details again. Now, the file looks like this:

-rw-rw-rw- 1 user user 150 Mar 19 08:08 foo.txt

Now, everyone can read and write to the file.

To remove read and write permissions from foo.txt use the chmod command to take
away both the read and write permissions.

chmod go-rw foo.txt

By typing go-rw, you are telling the system to remove read and write permissions for the
group and for others from the file foo.txt.
The result looks like this:

-rw------- 1 user user 150 Mar 19 08:08 foo.txt

Think of these settings as a kind of shorthand when you want to change permissions
with chmod, because all you really have to do is remember a few symbols and letters
with the chmod command.
Here is a list of what the shorthand represents:
Identities
u — the user who owns the file (that is, the owner)
g — the group to which the user belongs
o — others (not the owner or the owner's group)
 a — everyone or all (u, g, and o)
Permissions
r — read access
w — write access
x — execute access
Actions
+ — adds the permission
- — removes the permission
= — makes it the only permission
Want to test your permissions skills? Remove all permissions from foo.txt — for
everyone.

chmod a-rwx foo.txt

Now, see if you can read the file with the command cat foo.txt, which should return the
following:

cat: foo.txt: Permission denied

Removing all permissions, including your own, successfully locked the file. But since the
file belongs to you, you can always change its permissions back with the following
command:

chmod u+rw foo.txt

Use the command cat foo.txt to verify that you, the file owner, can read the file again.
Here are some common examples of settings that can be used with chmod:
 g+w — adds write access for the group
 o-rwx — removes all permissions for others
 u+x — allows the file owner to execute the file
 a+rw — allows everyone to read and write to the file
 ug+r — allows the owner and group to read the file
 g=rx — allows only the group to read and execute (not write)
By adding the -R option, you can change permissions for entire directory trees.
Because you can not really "execute" a directory as you would an application, when you
add (or remove) the execute permission for a directory, you are really allowing (or
denying) permission to search through that directory.
Examine the dir1/ directory you created in section FIXME by listing all of the files in your
home directory.

ls -l /home/>user</

The permissions on this directory are:

drwxrwxr-x 2 mgoldin mgoldin 4096 Jan 6 15:05 dir1

If you do not allow others to have execute permission on the dir1/ directory, it does not
matter who has read or write access. No one can access the directory unless they know
the exact file name.
For example, type

chmod a-x dir1/

to remove everyone's execute permissions.

Here is what happens when you try to change directories using the cd dir1/ command
after removing everyone's execute permissions:

bash: dir1/: Permission denied

Next, restore your own and your group's access:

chmod ug+x dir1/

If you check your work with ls -l, you can see that only others are denied access to
the /dir1/ directory.

4.11.2. Changing Permissions With Numbers

Another way to change permissions uses numeric representations.
Go back to the original permissions for foo.txt:

-rw-rw-r-- 1 user user 150 Mar 19 08:08 foo.txt

Each permission setting can be represented by a numerical value:

 r=4
 w=2
  x=1
 -=0
When these values are added together, the total is used to set specific permissions. For
example, if you want read and write permissions, you would have a value of 6; 4 (read)
+ 2 (write) = 6.
For foo.txt, here are the numerical permissions settings:

- (rw-) (rw-) (r--)

The total for the user is six(4+2+0), the total for the group is six(4+2+0), and the total for
others is four(4+0+0). The permissions setting is read as 664.
If you want to change foo.txt so those in your group do not have write access, but can
still read the file, remove the access by subtracting two (2) from that set of numbers.
The numerical values then become six, four, and four (644).
To implement these new settings, type:

chmod 644 foo.txt

Now verify the changes by listing the file. Type:

ls -l foo.txt

The output should be:

-rw-r--r-- 1 user user 150 Mar 19 08:08 foo.txt

Now, neither the group nor others have write permission to foo.txt. To return the
group's write access for the file, add the value of w (2) to the second set of permissions.

chmod 664 foo.txt

Here is a list of some common settings, numerical values and their meanings:

Setting Numerical Meaning

-rw------- (600) Only the owner has read and

-rw-r--r-- (644) Only the owner has read and

-rwx------ (700) Only the owner has read, write

Setting Numerical Meaning

-rwxr-xr-x (755) The owner has read, write, an

execute.

-rwx--x--x (711) The owner has read, write, an

-rw-rw-rw- (666) Everyone can read and write t

-rwxrwxrwx (777) Everyone can read, write, and

Table 4-3. File permissions settings, numerical values, and their meanings
Here are some common settings for directories:

Setting Numerical Meaning

drwx------ (700) Only the user can read, write i

drwxr-xr-x (755) Everyone can read the directo

Table 4-4. Directory permissions settings, numerical values, and their meanings

+++++++++++++++++++++++

Commands to Know as a System Administrator

If you are working as a support in a production environment then most probably you will
need to deal with performance related issues in Linux environment.

Are you in support function and working on Linux server?

Let’s go through some of the most used Linux command line utilities to diagnose
performance-related issues.

Note: Some of the commands listed below may not be installed by default, so you got to
install them manually.

lsof
lsof stands for “list open files” to help you to find all the opened files and processes
along with the one who opened them. The lsof utility can be convenient to use in some
scenarios.

To list, all the files opened by particular PID

# lsof –p PID

Count number of files & processes

[root@localhost ~]# lsof -p 4271 | wc -l

34
[root@localhost ~]#

Check the currently opened log file

# lsof –p | grep log

Find out port number used by daemon

[root@localhost ~]# lsof -i -P |grep 4271

nginx     4271   root   6u IPv4 51306     0t0 TCP *:80

(LISTEN)

nginx     4271   root   7u IPv4 51307     0t0 TCP *:443

(LISTEN)

[root@localhost ~]#

pidstat
pidstat can be used to monitor tasks managed by Linux kernel. Troubleshooting I/O
related issue can be the ease with this command.

List I/O statistics of all the PID

# pidstat –d

To displace I/O stats for particular PID

# pidstat –p 4271 –d
If you are doing real-time troubleshooting for some process, then you can monitor the
I/O in an interval. Below example is to monitor every 5 seconds.

[root@localhost ~]# pidstat -p 4362 -d 5

Linux 3.10.0-327.13.1.el7.x86_64 (localhost.localdomain)

08/13/2016             _x86_64_         (2 CPU) 

07:01:30 PM   UID       PID   kB_rd/s   kB_wr/s kB_ccwr/s

Command

07:01:35 PM     0     4362     0.00     0.00     0.00 nginx

07:01:40 PM     0     4362     0.00     0.00     0.00 nginx

07:01:45 PM     0     4362     0.00     0.00     0.00 nginx

07:01:50 PM     0     4362     0.00     0.00     0.00 nginx

top
Probably one of the most used commands on Linux would be top. The top command
can be used to display system summary information and current utilization.

Just executing top command can show you CPU utilization, process details, a number
of tasks, memory utilization, a number of zombie processes, etc.
To display process details for specific user

# top –u username

To kill the process, you can execute top and press k. It will prompt you to enter the PID
to be killed.

ps
ps stands for process status and widely used a command to get a snapshot of the
running process. Very useful to find out if a process is running or not and if running then
prints PID.

To find out the PID and process details by some word

# ps –ef |grep word

tcpdump
Troubleshooting network issue is always challenging, and one of the essential
commands to use is tcpdump.

You can use tcpdump to capture the network packets on a network interface.

To capture the packets on particular network interface

# tcpdump –i $interface –w /tmp/capture

As you can see above has captured the traffic flow on “eno16777736” interface.

To capture network traffic between source and destination IP

# tcpdump src $IP and dst host $IP

Capture network traffic for destination port 443

# tcpdump dst port 443

tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
listening on pktap, link-type PKTAP (Packet Tap), capture size
262144 bytes
12:02:30.833845 IP 192.168.1.2.49950 > ec2-107-22-185-
206.compute-1.amazonaws.com.https: Flags [.], ack 421458229,
win 4096, length 0
12:02:32.076893 IP 192.168.1.2.49953 > 104.25.133.107.https:
Flags [S], seq 21510813, win 65535, options [mss
1460,nop,wscale 5,nop,nop,TS val 353259990 ecr 0,sackOK,eol],
length 0
12:02:32.090389 IP 192.168.1.2.49953 > 104.25.133.107.https:
Flags [.], ack 790725431, win 8192, length 0
12:02:32.090630 IP 192.168.1.2.49953 > 104.25.133.107.https:
Flags [P.], seq 0:517, ack 1, win 8192, length 517
12:02:32.109903 IP 192.168.1.2.49953 > 104.25.133.107.https:
Flags [.], ack 147, win 8187, length 0

Read the captured file

# tcpdump –r filename

For ex: to read above captured file

# tcpdump –r /tmp/test

iostat
iostat stands for input-output statistics and often used to diagnose performance issue
with storage devices. You can monitor CPU, Device & Network file system utilization
report with iostat.

Display disk I/O statistics

[root@localhost ~]# iostat -d

Linux 3.10.0-327.13.1.el7.x86_64 (localhost.localdomain)
08/13/2016             _x86_64_         (2 CPU)
Device:           tps   kB_read/s   kB_wrtn/s   kB_read  
kB_wrtn
sda               1.82       55.81       12.63     687405    
155546
[root@localhost ~]#

Display CPU statistics

[root@localhost ~]# iostat -c

Linux 3.10.0-327.13.1.el7.x86_64 (localhost.localdomain)
08/13/2016             _x86_64_         (2 CPU)
avg-cpu: %user   %nice %system %iowait %steal   %idle
           0.59   0.02   0.33   0.54   0.00   98.52
[root@localhost ~]#

ldd
ldd stands for list dynamic dependencies to show shared libraries needed by the library.
The ldd command can be handy to diagnose the application startup problem.

If some program is not starting due to dependencies not available then you can ldd to
find out the shared libraries it’s looking for.

[root@localhost sbin]# ldd httpd

            linux-vdso.so.1 => (0x00007ffe7ebb2000)
            libpcre.so.1 => /lib64/libpcre.so.1
(0x00007fa4d451e000)
            libselinux.so.1 => /lib64/libselinux.so.1
(0x00007fa4d42f9000)
            libaprutil-1.so.0 => /lib64/libaprutil-1.so.0
(0x00007fa4d40cf000)
            libcrypt.so.1 => /lib64/libcrypt.so.1
(0x00007fa4d3e98000)
            libexpat.so.1 => /lib64/libexpat.so.1
(0x00007fa4d3c6e000)
            libdb-5.3.so => /lib64/libdb-5.3.so
(0x00007fa4d38af000)
            libapr-1.so.0 => /lib64/libapr-1.so.0
(0x00007fa4d3680000)
            libpthread.so.0 => /lib64/libpthread.so.0
(0x00007fa4d3464000)
            libdl.so.2 => /lib64/libdl.so.2
(0x00007fa4d325f000)
            libc.so.6 => /lib64/libc.so.6 (0x00007fa4d2e9e000)
            liblzma.so.5 => /lib64/liblzma.so.5
(0x00007fa4d2c79000)
            /lib64/ld-linux-x86-64.so.2 (0x00007fa4d4a10000)
            libuuid.so.1 => /lib64/libuuid.so.1
(0x00007fa4d2a73000)
            libfreebl3.so => /lib64/libfreebl3.so
(0x00007fa4d2870000)
[root@localhost sbin]#

netstat
netstat (Network Statistics) is a popular command to print network connections,
interface statistics and to troubleshoot various network related issue.

To show stats of all protocols

# netstat –s

You can use grep to find out if any errors

[root@localhost sbin]# netstat -s | grep error

   0 packet receive errors
   0 receive buffer errors
   0 send buffer errors
[root@localhost sbin]#

To show kernel routing table

[root@localhost sbin]# netstat -r

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS
Window irtt Iface
default         gateway         0.0.0.0         UG       0
0         0 eno16777736
172.16.179.0   0.0.0.0         255.255.255.0   U         0
0         0 eno16777736
192.168.122.0   0.0.0.0         255.255.255.0   U         0
0         0 virbr0
[root@localhost sbin]#

free
If your Linux server is running out of memory or just want to find out how much memory
available out of available memory, then the free command will help you.

[root@localhost sbin]# free -g

             total       used       free     shared
buff/cache   available
Mem:             5           0           3          
0           1           4
Swap:             5           0           5
[root@localhost sbin]#

-g means to show the details in GB. So as you can see total available memory is 5 GB
and 3 GB is free.

sar
sar (System Activity Report) will be helpful to collect a number of a report including
CPU, Memory and device load.

By just executing sar command will show you system utilization for the entire day.

By default, it stores utilization report in 10 minutes. If you need something shorter in

real-time, you can use as below.

Show CPU report for 3 times every 3 seconds

[root@localhost sbin]# sar 3 2

Linux 3.10.0-327.13.1.el7.x86_64 (localhost.localdomain)
08/13/2016             _x86_64_         (2 CPU)
11:14:02 PM     CPU     %user     %nice   %system   %iowait  
%steal     %idle
11:14:05 PM     all     1.83     0.00     0.50     0.17    
0.00     97.51
11:14:08 PM     all     1.50     0.00      0.17     0.00    
0.00     98.33
Average:       all     1.67     0.00     0.33     0.08    
0.00     97.92
[root@localhost sbin]#

Show Memory usage report

# sar –r

Show network report

# sar –n ALL

ipcs
ipcs (InterProcess Communication System) provides a report on the semaphore, shared
memory & message queue.

To list the message queue

# ipcs –q

To list the semaphores

# ipcs –s

To list the shared memory

# ipcs –m

To display current usage status of IPC

[root@localhost sbin]# ipcs -u

------ Messages Status --------

allocated queues = 0
used headers = 0
used space = 0 bytes

------ Shared Memory Status --------

segments allocated 5
pages allocated 2784
pages resident 359
pages swapped   0
Swap performance: 0 attempts       0 successes

------ Semaphore Status --------

used arrays = 0
allocated semaphores = 0
[root@localhost sbin]#

++++++++++++++++++++++++++++++

SAR command in Linux to monitor system

performance
sar : System Activity Report
It can be used to monitor Linux system’s resources like CPU usage, Memory utilization,
I/O devices consumption, Network monitoring, Disk usage, process and thread
allocation, battery performance, Plug and play devices, Processor performance, file
system and more.Linux system Monitoring and analyzing aids understanding system
resource usage which can help to improve system performance to handle more
requests.
By default SAR command displays result on the output screen, in addition result can
also be stored in the file specified by the -o filename option.
Any user can collect information about system performance using system activities
flags. The SAR command will show only CPU monitoring activity if any flag is not
specifies by user.
Syntax :
$ sar -[ options ] time_interval number_of_tines_to_display
Examples :
1. To see help

2. To verify the sar version :

3. hduser@mahesh-Inspiron-3543:~$ sar -V
4. sysstat version 11.2.0
5. (C) Sebastien Godard (sysstat orange.fr)
6. To report CPU details total 5 times with the interval of 2 seconds. If the interval
command is set to zero, average statistics from the time system started are
presented. If the count is not provided and the interval is given, statistics are
provided continuously after every interval.
7. hduser@mahesh-Inspiron-3543:~$ sar -u 2 5
8. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
9.
10. 04:00:20 IST CPU %user %nice %system %iowait
%steal %idle
11. 04:00:22 IST all 0.25 0.00 0.00 0.00
0.00 99.75
12. 04:00:24 IST all 0.25 0.00 0.13 0.00
0.00 99.62
13. 04:00:26 IST all 0.88 0.00 0.25 1.13
0.00 97.75
14. 04:00:28 IST all 0.00 0.00 0.25 0.13
0.00 99.62
15. 04:00:30 IST all 0.25 0.00 0.38 0.12
0.00 99.25
16. Average: all 0.33 0.00 0.20 0.28
0.00 99.20
17. To report about amount of memory used, amount of memory free, available
cache, available buffers total 3 times with the interval of 1 second.
18. hduser@mahesh-Inspiron-3543:~$ sar -r 1 3
19. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
20.
21. 04:05:12 IST kbmemfree kbmemused %memused kbbuffers kbcached
kbcommit %commit kbactive kbinact kbdirty
22. 04:05:13 IST 6067308 2017252 24.95 62300 853612
4303644 35.89 1308856 525628 60
23. 04:05:14 IST 6067308 2017252 24.95 62300 853612
4303644 35.89 1308856 525628 60
24. 04:05:15 IST 6067308 2017252 24.95 62300 853612
4303644 35.89 1308856 525628 60
25. Average: 6067308 2017252 24.95 62300 853612
4303644 35.89 1308856 525628 60
26. To report about file systems mounted on the device total 5 times with the interval
of 2 seconds.
27. hduser@mahesh-Inspiron-3543:~$ sar -F 2 5
28. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
29.
30. 04:02:38 IST MBfsfree MBfsused %fsused %ufsused Ifree
Iused %Iused FILESYSTEM
31. 04:02:40 IST 78181 18727 19.32 24.43 6066698
249334 3.95 /dev/sda11
32. 04:02:40 IST 441 55 11.04 11.04 0
0 0.00 /dev/sda1
33. 04:02:40 IST 2123 1747 45.13 45.13 0
0 0.00 /dev/sdb1
34. 04:02:40 IST 28846 205214 87.68 87.68 29589586
145270 0.49 /dev/sda8
35. To report about block devices details total 3 times with the interval of 1 second.
36. hduser@mahesh-Inspiron-3543:~$ sar -d 1 3
37. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
38.
39. 04:04:34 IST DEV tps rd_sec/s wr_sec/s avgrq-sz
avgqu-sz await svctm %util
40. 04:04:35 IST dev8-0 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00
41. 04:04:35 IST dev8-16 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00
42. To report run queue length, number of processes and load average
43. hduser@mahesh-Inspiron-3543:~$ sar -q 2 5
44. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
45.
46. 04:01:54 IST runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15
blocked
47. 04:01:56 IST 0 491 0.21 0.16 0.15
0
48. 04:01:58 IST 0 491 0.21 0.16 0.15
0
49. 04:02:00 IST 0 491 0.19 0.16 0.15
0
50. 04:02:02 IST 0 491 0.19 0.16 0.15
0
51. 04:02:04 IST 0 491 0.18 0.16 0.14
0
52. Average: 0 491 0.20 0.16 0.15
0
53. To report cpu usage for given core :
54. hduser@mahesh-Inspiron-3543:~$ sar -P 1 1 3
55. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
56.
57. 04:16:38 IST CPU %user %nice %system %iowait
%steal %idle
58. 04:16:39 IST 1 0.00 0.00 0.00 0.00
0.00 100.00
59. 04:16:40 IST 1 0.99 0.00 0.99 0.00
0.00 98.02
60. 04:16:41 IST 1 1.00 0.00 0.00 0.00
0.00 99.00
61. Average: 1 0.66 0.00 0.33 0.00
0.00 99.00
62. To report about network interface, network speed, IPV4, TCPV4, ICMPV4
network traffic and errors
63. hduser@mahesh-Inspiron-3543:~$ sar -n DEV 1 3 | egrep -v lo
64. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
65.
66. 04:04:00 IST IFACE rxpck/s txpck/s rxkB/s txkB/s
rxcmp/s txcmp/s rxmcst/s %ifutil
67. 04:04:01 IST enp0s29u1u2 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00
68. 04:04:01 IST enp7s0 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00
69. To report details about the process, kernel thread, i-node, and the file tables
70. hduser@mahesh-Inspiron-3543:~$ sar -v 1 3
71. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
72.
73. 04:25:26 IST dentunusd file-nr inode-nr pty-nr
74. 04:25:27 IST 43219 7584 46874 17
75. 04:25:28 IST 43219 7584 46873 17
76. 04:25:29 IST 43219 7584 46873 17
77. Average: 43219 7584 46873 17
78. To report messages, semaphores and processes details for all processors and
system-wide.
79. hduser@mahesh-Inspiron-3543:~$ sar -mu -P ALL
80. To report statistics about swapping
81. hduser@mahesh-Inspiron-3543:~$ sar -S 1 3
82. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
83.
84. 04:08:09 IST kbswpfree kbswpused %swpused kbswpcad %swpcad
85. 04:08:10 IST 3906556 0 0.00 0 0.00
86. 04:08:11 IST 3906556 0 0.00 0 0.00
87. 04:08:12 IST 3906556 0 0.00 0 0.00
88. Average: 3906556 0 0.00 0 0.00
89. To report details about I/O operations like transaction per second, read per
second, write per second
90. hduser@mahesh-Inspiron-3543:~$ sar -b 1 3
91. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
92.
93. 04:08:41 IST tps rtps wtps bread/s bwrtn/s
94. 04:08:42 IST 0.00 0.00 0.00 0.00 0.00
95. 04:08:43 IST 2.00 0.00 2.00 0.00 64.00
96. 04:08:44 IST 0.00 0.00 0.00 0.00 0.00
97. Average: 0.67 0.00 0.67 0.00 21.33
98. To report statistics about context switching, number of processes created per
second, number of swap per second
99. hduser@mahesh-Inspiron-3543:~$ sar -w 1 3
100. Linux 4.4.0-31-generic (mahesh-Inspiron-3543) Sunday 18 March
2018 _x86_64_ (4 CPU)
101.
102. 04:09:42 IST proc/s cswch/s
103. 04:09:43 IST 0.00 480.00
104. 04:09:44 IST 0.00 637.00
105. 04:09:45 IST 0.00 859.00
 106. Average: 0.00 658.67
107. To report paging statistics (KBs paged-in/sec, KBs paged-out/sec, pagefault/sec
etc.)
108. hatim.lokhandwala@ET-C02PR06MG8:~$ sar -B 2 5
109. Linux 3.2.0-4-amd64 (ET-C02PR06MG8) 04/26/2019 _x86_64_
(6 CPU)
110.
111. 11:36:32 PM pgpgin/s pgpgout/s fault/s majflt/s pgfree/s
pgscank/s pgscand/s pgsteal/s %vmeff
112. 11:36:34 PM 0.00 14.00 13.50 0.00 24.00
0.00 0.00 0.00 0.00
113. 11:36:36 PM 0.00 291.50 6265.50 0.00 1858.00
0.00 0.00 0.00 0.00
114. 11:36:38 PM 0.00 270.00 8.50 0.00 41.00
0.00 0.00 0.00 0.00
115. 11:36:40 PM 0.00 40.50 8.50 0.00 21.00
0.00 0.00 0.00 0.00
116. 11:36:42 PM 0.00 1796.50 8.50 0.00 28.00
0.00 0.00 0.00 0.00
117. Average: 0.00 482.50 1260.90 0.00 394.40
0.00 0.00 0.00 0.00

w – Find out who is logged on and what they are doing

w command displays information about the users currently on the machine, and their processes.
# w username
# w vivek
Sample Outputs:

17:58:47 up 5 days, 20:28, 2 users, load average: 0.36, 0.26, 0.24

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

root pts/0 10.1.3.145 14:55 5.00s 0.04s 0.02s vim
/etc/resolv.conf

root pts/1 10.1.3.145 17:43 0.00s 0.03s 0.00s w

4. uptime – Tell how long the Linux system has been running

uptime command can be used to see how long the server has been running. The current time, how
long the system has been running, how many users are currently logged on, and the system load
averages for the past 1, 5, and 15 minutes.
# uptime
Output:

18:02:41 up 41 days, 23:42, 1 user, load average: 0.00, 0.00, 0.00

ps – Displays the Linux processes

ps command will report a snapshot of the current processes. To select all processes use the -A or -e
option:
# ps -A
Sample Outputs:

PID TTY TIME CMD

1 ? 00:00:02 init

2 ? 00:00:02 migration/0

3 ? 00:00:01 ksoftirqd/0

4 ? 00:00:00 watchdog/0

5 ? 00:00:00 migration/1
 6 ? 00:00:15 ksoftirqd/1

....

.....

4881 ? 00:53:28 java

4885 tty1 00:00:00 mingetty

4886 tty2 00:00:00 mingetty

4887 tty3 00:00:00 mingetty

4888 tty4 00:00:00 mingetty

4891 tty5 00:00:00 mingetty

4892 tty6 00:00:00 mingetty

4893 ttyS1 00:00:00 agetty

12853 ? 00:00:00 cifsoplockd

12854 ? 00:00:00 cifsdnotifyd

14231 ? 00:10:34 lighttpd

14232 ? 00:00:00 php-cgi

54981 pts/0 00:00:00 vim

55465 ? 00:00:00 php-cgi

55546 ? 00:00:00 bind9-snmp-stat

55704 pts/1 00:00:00 ps

ps is just like top but provides more information.

Show Long Format Output

# ps -Al
To turn on extra full mode (it will show command line arguments passed to process):
# ps -AlF

Display Threads ( LWP and NLWP)

# ps -AlFH

Watch Threads After Processes

# ps -AlLm

Print All Process On The Server

# ps ax
# ps axu

Want To Print A Process Tree?

# ps -ejH
# ps axjf
# pstree

Get Security Information of Linux Process

# ps -eo euser,ruser,suser,fuser,f,comm,label
# ps axZ
# ps -eM

Let Us Print Every Process Running As User Vivek

# ps -U vivek -u vivek u

Configure ps Command Output In a User-Defined Format

# ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm
# ps -eopid,tt,user,fname,tmout,f,wchan

Try To Display Only The Process IDs of Lighttpd

# ps -C lighttpd -o pid=
OR
# pgrep lighttpd
OR
# pgrep -u vivek php-cgi

Print The Name of PID 55977

# ps -p 55977 -o comm=

Top 10 Memory Consuming Process

# ps -auxf | sort -nr -k 4 | head -10

Show Us Top 10 CPU Consuming Process

# ps -auxf | sort -nr -k 3 | head -10
Show All Running Processes in Linux

6. free – Show Linux server memory usage

free command shows the total amount of free and used physical and swap memory in the system,
as well as the buffers used by the kernel.
# free
Sample Output:

total used free shared buffers cached

Mem: 12302896 9739664 2563232 0 523124 5154740

-/+ buffers/cache: 4061800 8241096

Swap: 1052248 0 1052248

1. Linux Find Out Virtual Memory PAGESIZE

2. Linux Limit CPU Usage Per Process
3. How much RAM does my Ubuntu / Fedora Linux desktop PC have?

7. iostat – Montor Linux average CPU load and disk

activity
iostat command report Central Processing Unit (CPU) statistics and input/output statistics for
devices, partitions and network filesystems (NFS).
# iostat
Sample Outputs:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/2009

avg-cpu: %user %nice %system %iowait %steal %idle

3.50 0.09 0.51 0.03 0.00 95.86

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 22.04 31.88 512.03 16193351 260102868

sda1 0.00 0.00 0.00 2166 180

sda2 22.04 31.87 512.03 16189010 260102688

sda3 0.00 0.00 0.00 1615 0

Linux Track NFS Directory / Disk I/O Stats

8. sar – Monitor, collect and report Linux system
activity
sar command used to collect, report, and save system activity information. To see network counter,
enter:
# sar -n DEV | more
The network counters from the 24th:
# sar -n DEV -f /var/log/sa/sa24 | more
You can also display real time usage using sar:
# sar 4 5
Sample Outputs:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/2009

06:45:12 PM CPU %user %nice %system %iowait %steal

%idle

06:45:16 PM all 2.00 0.00 0.22 0.00 0.00

97.78

06:45:20 PM all 2.07 0.00 0.38 0.03 0.00

97.52

06:45:24 PM all 0.94 0.00 0.28 0.00 0.00

98.78

06:45:28 PM all 1.56 0.00 0.22 0.00 0.00

98.22

06:45:32 PM all 3.53 0.00 0.25 0.03 0.00

96.19

Average: all 2.02 0.00 0.27 0.01 0.00

mpstat – Monitor multiprocessor usage on Linux

mpstat command displays activities for each available processor, processor 0 being the first one.
mpstat -P ALL to display average CPU utilization per processor:
# mpstat -P ALL
Sample Output:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 06/26/2009

06:48:11 PM CPU %user %nice %sys %iowait %irq %soft %steal

%idle intr/s

06:48:11 PM all 3.50 0.09 0.34 0.03 0.01 0.17 0.00

95.86 1218.04

06:48:11 PM 0 3.44 0.08 0.31 0.02 0.00 0.12 0.00

96.04 1000.31

06:48:11 PM 1 3.10 0.08 0.32 0.09 0.02 0.11 0.00

96.28 34.93

06:48:11 PM 2 4.16 0.11 0.36 0.02 0.00 0.11 0.00

95.25 0.00

06:48:11 PM 3 3.77 0.11 0.38 0.03 0.01 0.24 0.00

95.46 44.80

06:48:11 PM 4 2.96 0.07 0.29 0.04 0.02 0.10 0.00

96.52 25.91

06:48:11 PM 5 3.26 0.08 0.28 0.03 0.01 0.10 0.00

96.23 14.98

06:48:11 PM 6 4.00 0.10 0.34 0.01 0.00 0.13 0.00

95.42 3.75

06:48:11 PM 7 3.30 0.11 0.39 0.03 0.01 0.46 0.00

95.69 76.89

Linux display each multiple SMP CPU processors utilization individually.

10. pmap – Montor process memory usage on Linux

pmap command report memory map of a process. Use this command to find out causes of memory
bottlenecks.
# pmap -d PID
To display process memory information for pid # 47394, enter:
# pmap -d 47394
Sample Outputs:

47394: /usr/bin/php-cgi

Address Kbytes Mode Offset Device Mapping

0000000000400000 2584 r-x-- 0000000000000000 008:00002 php-cgi

0000000000886000 140 rw--- 0000000000286000 008:00002 php-cgi

00000000008a9000 52 rw--- 00000000008a9000 000:00000 [ anon ]

0000000000aa8000 76 rw--- 00000000002a8000 008:00002 php-cgi

000000000f678000 1980 rw--- 000000000f678000 000:00000 [ anon ]

000000314a600000 112 r-x-- 0000000000000000 008:00002 ld-2.5.so

000000314a81b000 4 r---- 000000000001b000 008:00002 ld-2.5.so

000000314a81c000 4 rw--- 000000000001c000 008:00002 ld-2.5.so

000000314aa00000 1328 r-x-- 0000000000000000 008:00002 libc-2.5.so

000000314ab4c000 2048 ----- 000000000014c000 008:00002 libc-2.5.so

.....

......

..

00002af8d48fd000 4 rw--- 0000000000006000 008:00002 xsl.so

00002af8d490c000 40 r-x-- 0000000000000000 008:00002 libnss_files-2.5.so

00002af8d4916000 2044 ----- 000000000000a000 008:00002 libnss_files-2.5.so

00002af8d4b15000 4 r---- 0000000000009000 008:00002 libnss_files-2.5.so

00002af8d4b16000 4 rw--- 000000000000a000 008:00002 libnss_files-2.5.so

00002af8d4b17000 768000 rw-s- 0000000000000000 000:00009 zero (deleted)

00007fffc95fe000 84 rw--- 00007ffffffea000 000:00000 [ stack ]

ffffffffff600000 8192 ----- 0000000000000000 000:00000 [ anon ]

mapped: 933712K writeable/private: 4304K shared: 768000K

The last line is very important:

 mapped: 933712K total amount of memory mapped to files

 writeable/private: 4304K the amount of private address space
 shared: 768000K the amount of address space this process is sharing with others

Linux find the memory used by a program / process using pmap command

11. netstat – Linux network and statistics monitoring

tool
netstat command displays network connections, routing tables, interface statistics, masquerade
connections, and multicast memberships.
# netstat -tulpn
# netstat -nat

12. ss – Network Statistics

ss command use to dump socket statistics. It allows showing information similar to netstat. Please
note that the netstat is mostly obsolete. Hence you need to use ss command. To ss all TCP and
UDP sockets on Linux:
# ss -t -a
OR
# ss -u -a
Show all TCP sockets with process SELinux security contexts:
# ss -t -a -Z
See the following resources about ss and netstat commands:

 ss: Display Linux TCP / UDP Network and Socket Information

 Get Detailed Information About Particular IP address Connections Using netstat Command

13. iptraf – Get real-time network statistics on Linux

iptraf command is interactive colorful IP LAN monitor. It is an ncurses-based IP LAN monitor that
generates various network statistics including TCP info, UDP counts, ICMP and OSPF information,
Ethernet load info, node stats, IP checksum errors, and others. It can provide the following info in
easy to read format:

 Network traffic statistics by TCP connection

 IP traffic statistics by network interface
 Network traffic statistics by protocol
 Network traffic statistics by TCP/UDP port and by packet size
 Network traffic statistics by Layer2 address

Fig
.02: General interface statistics: IP traffic statistics by network interface
 Fig
.03 Network traffic statistics by TCP connection
Install IPTraf on a Centos / RHEL / Fedora Linux To Get Network Statistics

14. tcpdump – Detailed network traffic analysis

tcpdump command is simple command that dump traffic on a network. However, you need good
understanding of TCP/IP protocol to utilize this tool. For.e.g to display traffic info about DNS, enter:
# tcpdump -i eth1 'udp port 53'
View all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for
example, SYN and FIN packets and ACK-only packets, enter:
# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) -
((tcp[12]&0xf0)>>2)) != 0)'
Show all FTP session to 202.54.1.5, enter:
# tcpdump -i eth1 'dst 202.54.1.5 and (port 21 or 20'
Print all HTTP session to 192.168.1.5:
# tcpdump -ni eth0 'dst 192.168.1.5 and tcp and port http'
Use wireshark to view detailed information about files, enter:
# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

15. iotop – Linux I/O monitor

iotop command monitor, I/O usage information, using the Linux kernel. It shows a table of current I/O
usage sorted by processes or threads on the server.
$ sudo iotop
Sample outputs:

Linux iotop: Check What’s Stressing And Increasing Load On Your Hard Disks

16. htop – interactive process viewer

htop is a free and open source ncurses-based process viewer for Linux. It is much better than top
command. Very easy to use. You can select processes for killing or renicing without using their PIDs
or leaving htop interface.
$ htop
Sample outputs:

 CentOS / RHEL: Install htop An Interactive Text-mode Process Viewer

17. atop – Advanced Linux system & process monitor

atop is a very powerful and an interactive monitor to view the load on a Linux system. It displays the
most critical hardware resources from a performance point of view. You can quickly see CPU,
memory, disk and network performance. It shows which processes are responsible for the indicated
load concerning CPU and memory load on a process level.
$ atop

 CentOS / RHEL: Install atop (Advanced System & Process Monitor) Utility

18. ac and lastcomm –

You must monitor process and login activity on your Linux server. The psacct or acct package
contains several utilities for monitoring process activities, including:

1. ac command : Show statistics about users’ connect time

2. lastcomm command : Show info about about previously executed commands
3. accton command : Turns process accounting on or off
4. sa command : Summarizes accounting information

How to keep a detailed audit trail of what’s being done on your Linux systems

19. monit – Process supervision

Monit is a free and open source software that acts as process supervision. It comes with the ability
to restart services which have failed. You can use Systemd, daemontools or any other such tool for
the same purpose. This tutorial shows how to install and configure monit as Process supervision on
Debian or Ubuntu Linux.

20. nethogs- Find out PIDs that using most bandwidth

on Linux
NetHogs is a small but handy net top tool. It groups bandwidth by process name such as Firefox,
wget and so on. If there is a sudden burst of network traffic, start NetHogs. You will see which PID is
causing bandwidth surge.
$ sudo nethogs

Linux: See Bandwidth Usage Per Process With Nethogs Tool

21. iftop – Show bandwidth usage on an interface by

host
iftop command listens to network traffic on a given interface name such as eth0. It displays a table of
current bandwidth usage by pairs of hosts.
$ sudo iftop

22. vnstat – A console-based network traffic monitor

vnstat is easy to use console-based network traffic monitor for Linux. It keeps a log of hourly, daily
and monthly network traffic for the selected interface(s).
$ vnstat

 Keeping a Log Of Daily Network Traffic for ADSL or Dedicated Remote Linux Server
 CentOS / RHEL: Install vnStat Network Traffic Monitor To Keep a Log Of Daily Traffic
 CentOS / RHEL: View Vnstat Graphs Using PHP Web Interface Frontend

23. nmon – Linux systems administrator, tuner,

benchmark tool
nmon is a Linux sysadmin’s ultimate tool for the tunning purpose. It can show CPU, memory,
network, disks, file systems, NFS, top process resources and partition information from the cli.
$ nmon
Install and Use nmon Tool To Monitor Linux Systems Performance

24. glances – Keep an eye on Linux system

glances is an open source cross-platform monitoring tool. It provides tons of information on the small
screen. It can also work in client/server mode.
$ glances
Linux: Keep An Eye On Your System With Glances Monitor

25. strace – Monitor system calls on Linux

Want to trace Linux system calls and signals? Try strace command. This is useful for debugging
webserver and other server problems. See how to use to trace the process and see What it is doing.

26. /proc/ file system – Various Linux kernel statistics

/proc file system provides detailed information about various hardware devices and other Linux
kernel information. See Linux kernel /proc documentations for further details. Common /proc
examples:
# cat /proc/cpuinfo
# cat /proc/meminfo
# cat /proc/zoneinfo
# cat /proc/mounts

27. Nagios – Linux server/network monitoring

Nagios is a popular open source computer system and network monitoring application software. You
can easily monitor all your hosts, network equipment and services. It can send alert when things go
wrong and again when they get better. FAN is “Fully Automated Nagios”. FAN goals are to provide a
Nagios installation including most tools provided by the Nagios Community. FAN provides a CDRom
image in the standard ISO format, making it easy to easilly install a Nagios server. Added to this, a
wide bunch of tools are including to the distribution, in order to improve the user experience around
Nagios.