Your work as system admin includes installing and running software, controlling access, monitoring, ensuring availability, backups, restoring backups, and of course firefighting. 😜 In this article, we review some of the commands frequently used by Linux system administrators in their day to day work.
uname
Use uname command with the -a flag to print system information. This command will show you the kernel name, kernel release, kernel version, hostname, processor type & your hardware platform information. Here is what this means:
df
Use df command to verify the size of the filesystem and the space available. This command used by itself shows output in 1K blocks. Option -h shows output in a human-readable format, that is in MB and GB. To ignore any file system, for example, tmpfs, that is for a cleaner output, use flag -x To list a specific filesystem type only, use -t flag. for example, to view only ext4 filesystem: Using total flag will add a line showing grand totals:
du
To check disk space usage in a directory, use du command. For example to see disk space usage in the /var/log directory. Use -h flag for human-readable format. To see only the total usage only use -s (summary) flag.
free
Use free command to see total, used, and free system memory. Use -h flag for human-readable format.
ps
Use ps to display status information about processes running on the system. To see all processes owned by user ubuntu, use -u flag with the user name: To view all processes run ps with aux flags: where
top
While ps command shows a snapshot of the state of processes at any moment, top shows a continuously updating (every three seconds, by default) list of system processes in order of process activity. The top command output consists of two main parts: The system summary at the top and the table of processes sorted by CPU activity. Some of the fields in the system summary are as follows: Process table fields are as follows: While top is running, you can issue a number of commands. Press h or ? to see commands which can be run while top is running. Press k to kill a process. Press q to quit top.
dig
dig is a great tool for DNS queries. It is used as follows : where
To suppress verbose output, use +short flag. To view A record for google.com use: To see MX records for google.com use: If you need to query DNS records on the Internet, you can use the DNS lookup tool.
who and w
who shows users who are logged on. w shows users currently logged on and their processes. The header shows the current time, system uptime, number of users logged on, and system load averages. The next part shows the usernames, the terminal, and the remote IP from which they are logged on, login time, idle time, JCPU, PCPU, and the program they are running. JCPU is the time used by all processes attached to the tty whereas PCPU is the time used by the current process.
tar
With GNU tar you can archive multiple files into a single file. As an example create a directory myfiles and three files a.txt, b.txt, c.txt in myfiles directory: Now to create an archive named allfiles.tar containing all files in myfiles directory: List all files in the current directory. You can see myfiles directory and allfiles.tar archive: You may unpack an archive with -x flag. So, to unpack allfiles.tar: You may also compress this archive with -z flag. This would create an archive compressed with gzip. To unpack a compressed archive use -z with -x flag.
grep
grep is used to search for a pattern in a file, or a set of files. It print all lines matching that pattern. For example, to search for the line containing “ServerRoot” in /etc/apache2/apache2.conf: To search in all files in a directory use *. To include search in subdirectories use -r (recursive) flag. So, to search for all lines containing the pattern “VirtualHost” in all files in /etc/apache2:
rsync
rsync is a fast command-line tool for synchronizing files and directories between two locations. Can be used for both local and remote copying and is fast because it sends only the differences between the source files and the existing files in the destination. It is widely used for backups and as an improved copy command for daily use. Here is an example: To copy/rsync all files from myfiles directory to backups directory: To rsync all files from myfiles directory to backups directory on a remote host, include remote_user @remote_host in destination name. So, to rsync myfiles folder to a remote host with IP 10.0.0.50:
ss
ss command is used to dump socket statistics, similar to the legacy netstat utility. To display TCP sockets use -t flag. This would not display sockets that are listening. To include both listening and non-listening sockets use -t and -a flags.
locate
The locate command uses a database to search for files and actually can be much faster than find command. Very simple to use, to search for a file, say, apache2.conf: You can use -c flag if you want only the count of files matching the search pattern. At times, you may need to refresh the database used by locate, which is mlocate. To update the database use updatedb command. This would need superuser privileges.
find
One of the most frequently used commands on Linux. Use it to search for files based on filenames, permissions, userid, groupid, size, file type, besides other criteria. To search for a file by name in the current directory, use -name flag followed by the filename to search.: To search for directories, use -type d flag: To search for files by size, say files larger than 20MB, use -size flag:
systemctl
Now that systemd has replaced SysV init process in most Linux distributions, use systemctl command to manage systemd services and units. To start a service, for example apache2: You may leave the service suffix. To stop a service: To see service status, use systemctl status command. The following example shows apache2 status while it is running:
ufw command
UFW – uncomplicated firewall is an easy to use frontend for iptables. It is available by default, on Ubuntu-based distributions. On CentOS, you can install ufw from the EPEL repository. To enable ufw: Check firewall status with ufw status: Default UFW policies allow all outgoing traffic and block all incoming traffic. The following command allows incoming traffic on HTTP port: You can deny traffic on any port. Here is an example to block traffic on port 21:
journalctl
Use journalctl to view logs collected by systemd. systemd collects log in a central location in a binary format. To view these logs: Mostly, you would prefer seeing the logs in reverse order, that is, the latest logs first: To view logs of a specific service, for example mysql use -u flag:
kill and killall
You may need to kill a runaway process or when you need to free some system resources. kill with -l flag shows all the signals you can send to a process. Two most commonly used signals are SIGTERM AND SIGKILL. You can also use -9 for SIGKILL and -15 for SIGTERM. SIGTERM allows a process to complete before it is terminated and therefore is called soft kill. SIGKILL terminates the process immediately. Here is an example: List all apache2 processes To kill apache2 process with process id 45525: Again view the list of apache2 processes: Use killall to kill a program by name. Which means killall kills the control(parent) process and all child processes. To kill all instances of the apache2 process in the example above: Use kill and killall with caution. These commands might leave the system in an unstable state.
IP
The ip command replaces ifconfig in the newer Linux distributions. Use it to configure and display network interfaces. Also used to display and modify IP addresses, routes, and neighbor objects. Display information about all network interfaces: To bring an interface up or down use ip link set dev followed by the device name. For example, to bring the interface eth0 online: And to bring it down:
date
A very commonly used command, here we explore some interesting ways to use this command. To see next Sunday’s date: To see last Sunday’s date: You can also use –date instead of -d flag: To see date 6 days ago: Date 6 days from now: You can easily control date output format. Here is an example:
Summary
You as a system administrator, keep the world’s computing infrastructure running. You need to solve problems, maintain and keep the systems running optimally while ensuring security. Hope these commands will come in handy and help you do your job better. Here are some FTP/SFTP Clients and the best Vim cheat sheets for Developers and Sysadmin.