Linux system Administrator's command-line Toolbox directory (GO)

The system administrator (SysAdmins) is responsible for the daily maintenance of production systems and services. One of the key tasks is to ensure that functional services work 24 hours a day. For this, they have to be careful. Plan backup methods, disaster management strategies, scheduled maintenance, security audits, and more. As with any other management, system administrators have their own tools. Using the right tools at the right time can help maintain the robustness of the operating system, achieving minimal service disruption and maximum uptime.

This article describes some of the most common and effective command-line tools that are used by system administrators in their daily activities. If you want to recommend other useful tools that are not listed here, don't forget to share them in the comments section.

Network Tools

Ping: Check the end-to-end connectivity of the remote host (RTT delay, jitter, packet loss) via ICMP response/reply messages. It's good to check the system status and connectivity.

hping: A network scan and detection tool that can generate ICMP/TCP/UDP ping packets. Often used for advanced port scanning, firewall testing, Manual MTU path discovery, and fragmentation testing.

traceroute: A third-tier forwarding path from the local host to the remote destination host is discovered through the TTL-qualified ICMP/UDP/TCP packet detection package. Used to debug network connectivity and routing issues.

mtr: A variant of the traceroute that organizes packet loss/jitter for each hop according to runtime statistics. It's good to evaluate the routing path delay.

netcat/socat: Swiss Army Knife in TCP/IP network, can read/write TCP/UDP protocol byte stream. It's good to debug firewall policies and service availability.

dig: DNS debugging tool that can generate forward queries, reverse queries, search domain name servers, check cname,mx and other DNS records. You can query a specific DNS server at the time of debugging.

nslookup: Another DNS check/debug tool. All DNS queries and records are supported. You can query a specific DNS server.

dnsyo: A DNS Test tool that tests DNS transfers by performing DNS queries against a large number of open parsers in 1500 different networks worldwide.

lsof: Displays the file information that the process opened (for example, normal file, pipe, or socket). It's good to monitor the network connection.

iftop: A ncurses-based command-line interface application that can monitor network connectivity and bandwidth consumption on the physical interfaces of each network in real time. The applications, users, destinations, and ports used to record the hogging bandwidth are good.

netstat: A network statistics tool that can display status and statistics, current network connections (TCP/UDP ports, IP addresses), routing tables, TX/RX traffic, and network protocols. For network-related diagnostics and performance debugging is very good.

tcpdump: A commonly used packet detection tool based on the libpcap-scratch-bag library. You can define the catch conditions according to the Berkeley packet filter format.

tshark: Another command-line grab Kit tool, and its GUI version Wireshark is fully compatible. 1000 protocols are supported and the list is growing. It's good to debug, analyze, and save real-time network packet information.

IP: A versatile command-line network tool that is part of the IPROUTE2 package. You can examine and modify routing tables, network device status, and IP tunneling settings. Useful for viewing routing tables, adding/removing static routes, configuring network interfaces, and debugging routing problems.

ifup/ifdown: Used to activate and deactivate a specific network interface. Often used to restart the entire Network service.

autossh: A program that can establish an SSH connection and automatically reconnect after a wire break. It is useful to create an SSH tunnel that is long-kept across a strict corporate network.

iperf: A network test tool that measures bidirectional maximum throughput between hosts by sending custom TCP/UDP data streams.

Elinks/lynx: A text-based web browser for use in a command-line-based server environment.

Security Tools

1. iptables: A command-line tool under a user space for configuring the Linux kernel firewall. You can create and modify network packet receive, forward, and send rules for Linux kernel space.

2. nmap: A common port scan and Network Discovery tool for security review purposes. Useful for finding out which hosts are up and running on the local network and which ports are open for a particular host.

3. TCP Wrappers: A host-side Network access Control List tool that can filter incoming/outgoing network requests/replies. Often used in conjunction with iptables as an additional layer of security.

4. getfacl/setfacl: View and customize access control lists for files and directories as extensions to traditional file permissions.

5. cryptsetup: Used to create and manage Luks encrypted disk partitions.

6. Lynis: A command-line vulnerability scanning Tool. You can scan the entire Linux system and report on potential vulnerabilities and possible solutions.

7. Maldet: A malicious software scan command-line tool that detects and isolates potentially infected files. You can run long-term monitoring in the background.

8. rkhunter/chkrootkit: A command-line tool that scans the local system for potential Trojans, hides backdoor and suspicious exploits, and disables them.

Storage Tools

1. fdisk: A disk partition editing tool. A partition that is used to view, create, and modify local disks or removable disks.

2. Sfdisk: A variant of fdisk that can access or update a disk partition table in a non-interactive way. It is useful to automate the partitioning of the disks in the backup and recovery process.

3. parted: Another disk partition editor that supports the GPT (GUID partition table) format for disks that exceed 2TB. GParted is a front-end GTK + graphical interface for parted.

4. DF: Used/Available storage space and mount point for viewing different partitions or file paths. There is also a variant DFC that is easier to use.

5. du: Used to view the current disk usage of different files and directories (for example, Du-sh *).

6. mkfs: A disk format command that is used to establish a file system on a separate partition of the disk. There are multiple file system related versions: Ext2, Ext3, EXT4, BFS, NTFS, Vfat/fat.

7. fsck: A command-line tool to check for file system errors and try possible fixes. It is usually run automatically at startup, but it can also be run manually after you unmount a partition.

8. Mount: Used to map a physical disk partition, network share, or remote Storage to a local mount point. Any read/write operation on the mount point is the actual data read/write corresponding to the actual storage.

9. mdadm: A command-line tool for managing software RAID devices on a physical block device. You can create, construct, grow, or monitor RAID arrays.

10. LVM: A set of command-line toolsets for managing volume groupings and physical/logical volumes that can be created, resized, split, and merged on multiple physical disks with minimal downtime.

Log Access Tool

1. tail: Used to view the tail of a (growing) log file. There are several variants, including multitail (Multi-window Viewing) and Ztail (support for inotify and regular expression filtering, and color).

2. logrotate: A command-line tool that can split, compress, and send old/large log files over a set period of time. It is useful to manage busy hosts that can generate a large number of log files.

3. grep/egrep: Log content can be filtered by a specific pattern or regular expression. Variants include user-friendly ACK and faster AG.

4. awk: A versatile text scanning and processing tool. Often used to find a specific column or content from a text/log file and output it to another tool.

5. sed: A text flow editing tool that can filter and change (for example, delete lines/spaces, replace/convert words, add count) text streams and connect to Stdout/stderr or other tools by pipe.

Backup tools

1. rsync: A fast one-way incremental backup and Mirroring tool (LCTT: rsync should be bidirectional). Often used to replicate a data warehouse to offline storage, you can choose an encrypted connection via SSH or Stunnel.

2. rdiff-backup: Another incremental backup tool that effectively leverages bandwidth. Manages the difference between two consecutive snapshots.

3. duplicity: An encrypted incremental backup tool. Use GNUPG to encrypt the backup and upload it to the remote server via SSH.

Performance monitoring Tools

1. Top: A command-line process Viewer program. You can monitor system load, process state, CPU, and memory consumption. There is a more easily used variant of htop.

2. PS: Displays a snapshot of all running processes in the system. The output can be set to display PID, PPID, User, load, memory, accumulated user/system time, startup time, and more. There is a variant pstree can be used to display the process in a tree structure.

3. nethogs: A bandwidth monitoring tool that displays active network connections by process, with real-time reporting of the (upload/download) bandwidth consumed by each process.

4. ngxtop: A Web server access log parsing and monitoring tool, the interface is inspired by the top command. It can report the list of collated page requests in real time, including frequency, size, HTTP return value, IP address, and so on.

5. Vmstat: A simple command-line tool that can display multiple real-time system features, such as number of processes, remaining memory, paging status, CPU usage, block device I/O activity, interrupt/Context switch statistics, and more.

6. iotop: A ncurses-based I/O monitoring tool that enables real-time sequencing of disk I/O activity for all running processes.

7. iostat: A command-line tool that can report current CPU usage and device I/O usage, where I/O usage (for example, block transfer speed, byte read/write speed) is reported by device or partition.

Efficiency tools

1. screen: Used to split a single terminal into a number of persistent virtual terminals, but also support remote user access, similar to the TeamViewer display sharing function.

2. Tmux: Another terminal multiplexing tool that can support multiple long-term sessions and split the terminal horizontally/vertically.

3. Cheat: A simple command-line tool that lets you view memos for multiple common Linux commands, handy at your fingertips. The built-in memos can also be fully customizable.

4. Apropos: Useful for finding descriptions or keywords in Help manuals.

Package Management Tools

1. apt: a de facto package management tool based on the Debian system, such as Debian, Ubuntu, or backtrack. A life buoy.

2. Apt-fast: A support application for apt-get that can significantly increase the download speed of apt-get through multiple parallel connections.

3. apt-file: Used to see which of the. Deb packages a particular file belongs to, or to display all files in a specific. deb package. Both installed and non-installed packages can be supported.

4. dpkg: A command-line tool for manually installing the. deb package. It is highly recommended to use apt as much as possible.

5. Yum: Automated package management tools for Red hat-based systems such as Rhel, CentOS, or Fedora. This is another life buoy!

6. rpm: Usually I use RPM to work with Yum. There are many useful parameters, such as-Q,-F,-L can be used to query, specify files and paths, respectively.

Hardware Tools

1. lspci: A command-line tool that can display various information about installed PCI devices, such as model name, device driver, device function, memory address, PCI bus address.

2. lshw: A command-line tool that can query and display details about the hardware configuration under different classifications (for example, processor, memory, motherboard, network, storage). Supports multiple output formats: HTML, XML, JSON, text

Linux system Administrator's command-line Toolbox directory (GO)