Common shell commands for linux System Management

1. display the 10 processes that consume the most memory/CPU psaux | sort-nk + 4 | tailpsaux | sort-nk + 3 | tail2. view the processes in the ascending order of memory ps-e- o & quot; % C: % p: % z: % a & quot; | sort-k5-nr3. ps-e-o & quot; % C: 1. display the 10 processes that consume the most memory/CPU ps aux | sort-nk + 4 | tailps aux | sort-nk + 3 | tail2. view the process
Ps-e-o "% C: % p: % z: % a "| sort-k5-nr3. sort ps-e-o" % C: % p: % z by cpu utilization from large to small: % a "| sort-nr3. view the number of Apache concurrent requests and their TCP connection status netstat-n | awk '/^ tcp/{++ S [$ NF]} END {( a in S) print a, S [a]} '4. find the process wget-c http://linux.web.psi.ch/dist/scientific/5/gfa/all/dstat-0.6.7-1.rf.noarch.rpm that occupies the most disk IO
Dstat-M topio-d-M topbio5. find the 10 most commonly used commands and the number of times of use (or the maximum number of ip addresses accessed) sed-e's/|/\ n/G '~ /. Bash_history | cut-d ''-f 1 | sort | uniq-c | sort-nr | head6. the first field in the log indicates the connection time, calculate the average connection time cat access_log | grep "connect cbp" | awk 'in in {sum = 0; count = 0 ;}{ sum + =$ 10; count ++ ;} END {printf ("sum = % d, count = % d, avg = % f \ n", sum, count, sum/count)} '7. the lsof command lsof abc.txt displays the process lsof-I for opening the file abc.txt: 22. You know what program is running on port 22, lsof-c abc. The file lsof-p That the abc process is currently open is displayed. rsync command (only the compressed files of one day must be synchronized, and the remote directory must be consistent with the local directory)/usr/bin/rsyn C-azvR? Password-file =/etc/rsync. secrets 'Find. -name "* required yesterday.gz"-type F' storage@192.168.2.23: logbackup/13.21/9. directory *. THE sh file is renamed *. SHfind. -name "*. sh "| sed's /\(. *\)\. sh/mv \ 0 \ 1.SH/ '| shfind. -name "*. sh "| sed's /\(. *\)\. sh/mv & \ 1.SH/ '| sh (same effect as above) 10. ssh executes a remote program and displays ssh-n-l zouyunhao 192.168.2.14 "ls-al/home/zouyunhao" 11 locally. shell segment comment: <'echo hello, world! '12. check whether the NIC has a physical connection/sbin/mii-tool13. view the meaning of the linux system or mysql error code, for example, view the meaning of the 13 Error code: perror 1314. delete the 0-byte file find-type f-size 0-exec rm-rf {}\; 15. 1. how to kill the mysql process: ps aux | grep mysql | grep-v grep | awk '{print $2}' | xargs kill-9 (learn how to use awk) pgrep mysql | xargs kill-9 killall-TERM mysqldkill-9 'cat/usr/local/apache2/logs/httpd. pid 'try to find and kill the process PID

16. Run the three-level services: ls/etc/rc3.d/S * | cut-c 15-(learn about the purpose of cut and extract data)

17. How to display multiple information in a SHELL, using EOFcat <EOF
+ -------------------------------------------------------------- +
| === Welcome to Tunoff services ===|
+ -------------------------------------------------------------- +
EOF18. IP Address: ifconfig eth0 | sed-n '2p' | awk '{print $2}' | cut-c 6-30 or: ifconfig eth0 | grep "inet addr: "| awk '{print $2}' | cut-c 6-or ifconfig | grep 'inet addr: '| grep-V' 127. 0.0.1 '| cut-d:-f2 | awk' {print $1} 'or: ifconfig eth0 | sed-n'/inet/{s /. * addr: //; s /. * //; p} 'perl: ifconfig-a | Perl-ne 'if (m/^ \ s * inet (? : Addr :)? ([\ D.] + ).*? Cast/) {print qq ($1 \ n); exit 0;} '19. memory size: free-m | grep "Mem" | awk '{print $2 }'
20 CPU load # cat/proc/loadavg
Check whether the first three output values exceed 4 times the system logic CPU.

21 CPU load # mpstat 1 1
Check whether % idle is too low (for example, less than 5%)

22. memory space # free
You can also use # cat/proc/meminfo to check whether the free value is too low.

23 swap space # free
Check whether the value of swap used is too high. If the value of swap used is too high, further check whether swap actions are frequent:
# Vmstat 1 5
Check whether the si and so values are large.

24 disk space # df-h
Check whether partition usage (Use %) is too high (for example, more than 90%). If you find that a partition space is close to exhausted, you can enter the mount point of the partition, run the following command to find the most occupied files or directories:
# Du-cks * | sort-rn | head-n 10

25 disk I/O load # iostat-x 1 2
Check if I/O usage (% util) exceeds 100%

26 network load # sar-n DEV
Check whether the network traffic (rxbyt/s, txbyt/s) is too high.

24 network errors # netstat-I
Run the following command to check whether a network error exists (drop fifo colls carrier): # cat/proc/net/dev

25 network connection count # netstat-an | grep-E "^ (tcp)" | cut-c 68-| sort | uniq-c | sort-n

26 processes # ps aux | wc-l
Check whether the number of processes is normal (for example, more than 250)

27. Number of processes that can be run # vmwtat 1 5
The column shows the number of processes that can be run. Check whether the number exceeds 4 times the system logic CPU.


28 process # top-id 1
Check for abnormal Processes

29 check whether the network status can be properly connected, such as DNS and gateway.

30 users # who | wc-l
Run the following command to check whether there are too many login users (for example, more than 50): # uptime

31 system logs # cat/var/log/rflogview/* errors
You can also search for some exception keywords to check whether there are any error records, for example:
# Grep-I error/var/log/messages
# Grep-I fail/var/log/messages
# Egrep-I 'error | Warn'/var/log/messages view system exceptions
32 core logs # dmesg
Check for abnormal error records

34. Number of opened files # lsof | wc-l
Check whether there are too many open files

35 logs # logwatch? Print configuration/etc/log. d/logwatch. conf, set Mailto as your email address, and start the mail service (sendmail or postfix), so that you can receive the log report every day.
By default, logwatch only reports logs of yesterday. Can I use # logwatch? Print? Range all to obtain all log analysis results.
Can I use # logwatch? Print? Detail high obtains more specific log analysis results (not just error logs ).

36. kill the process lsof-I: 80 | grep-v "PID" | awk '{print "kill-9", $2}' | sh37. clear the zombie process. Ps-eal | awk '{if ($2 = "Z") {print $4}' | kill-938. tcpdump packet capture, to prevent port 80 from being attacked, you can analyze the data # tcpdump-c 10000-I eth0-n dst port 80>/root/pkts39. then check the number of IP duplicates and sort them in ascending order. note that "-t \ + 0" contains two spaces # less pkts | awk {'printf $3 "\ n" '} | cut-d. -f 1-4 | sort | uniq-c | awk {'printf $1 "" $2 "\ n" '} | sort-n-t \ + 0

40. check the number of active php-cgi processes netstat-anp | grep php-cgi | grep ^ tcp | wc-l41. use iptables to initiate a simple attack against netstat-an | grep-v LISTEN | awk '{print $5}' | grep-v 127.0.0.1 | grep-v local ip address | sed "s /:: ffff: // g | awk 'in in {FS = ":"} {Num [$1] ++} END {for (I in Num) if (Num> 8) {print I} '| grep' [0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \} '| xargs-I [] iptables-I INPUT-s []-j DROP

Num> 8 is set to the threshold value. In this sentence, more than a certain number of connections from the same IP address found in netstat-an are automatically included in the prohibited range. Change the local ip address to the ip address of your server.

42. How do I know the CPU on which a process runs? # Ps-eo pid, args, AND SrS
43. Count the files in the var directory in MB size and list them.
Find/var-type f | xargs ls-s | sort-rn | awk '{size = $1/1024; printf ("% dMb % s \ n", size, $2);} '| head
Search for files larger than MB in the var directory and count the number of files
Find/var-size + 100 M-type f | tee file_list | wc-l

44. sed search and replace the sed-I "s/varnish/LTCache/g" 'grep "Via"-rl/usr/local/src/varnish-100'

Sed-I "s/X-Varnish/X-LTCache/g" 'grep "X-Varnish"-rl/usr/local/src/varnish-100'
45. count the file size in the directory (print and display by M) du $1 -- max-depth = 1 | sort-n | awk '{printf "% 7.2fM ----> % s \ n", $1/1024, $2} '| sed's :/. */\ ([^/] \ {1, \} \) $: \ 1: G'
46. Statistical statistics on the implementation of CND on the number of directories in a directory
Ls-l | awk '/^ d/' | wc-l counts the number of files in a directory.
Ls-l | awk '/^-/' | wc-l counts the total number of files in a directory
Find./-type f-print | wc-l counts the number of all subdirectories in a directory.
Find./-type d-print | wc-l:
Find. /-name "*. jpg "-exec wc-c {}\; | awk '{print $1}' | awk '{a + = $1} END {print a}' 47. remove the awk '{for (I = 2; I <= NF; I ++) if (I! = NF) {printf $ I ""} else {print $ I} 'list48. view the total memory occupied by the PHP-CGI: total = 0; for I in 'ps-C php-cgi-o rss = '; do total = $ ($ total + $ I); done; echo "PHP-CGI Memory usage: $ total kb"

49. Check which processes are currently running. view the files opened by the process:
Ps-A; lsof-p PID
50. Count and sort the occurrence frequency of each word
Awk '{arr [$1] + = 1} END {for (I in arr) {print arr "\ t" I }}' File Name | Sort-r



51. List the directory size of the current folder, which is displayed in G, M, and K.
Du-B -- max-depth 1 | sort-nr | perl-pe's {([0-9] +)} {sprintf "%. 1f % s ", $1> = 2 ** 30? ($1/2 ** 30, "G"): $1> = 2 ** 20? ($1/2 ** 20, "M"): $1> = 2 ** 10? ($1/2 ** 10, "K"): ($1, "")} E'

Shaw answer: du-hs $ (du-sk./'LS-F | grep/'| sort-nr | awk' {print $ NF }')
But it is not perfect. But remember.

52. Clear linux buffer cache
Sync & echo 3>/proc/sys/vm/drop_caches

53. Convert all file names in the current directory to lowercase letters.
For I in *; do mv "$ I" $ (echo $ I | tr A-Z a-z) "; done

53. Several methods for eliminating ^ M in vim
1) dos2unformatted filename
2) sed-e's/^ M // 'filename
3) in vim: s/^ M // gc
4) col-bx <dosfile> newfile
5) tr-s "\ r \ n" "\ n" <file> newfile

54. Clear all arp caches
Arp-n | awk '/^ [1-9]/{print "arp-d" $1}' | sh

55. Bind the arp Address of a known Machine
Cat/proc/net/arp | awk '{print $1 "" $4}' | sort-t.-n + 3-4>/etc/ethers

Perl
Perl-ne'm/^ ([^ #] [^ \ s =] +) \ s * (=. * |)/& printf ("%-35 s % s \ n", $1, $2) '/etc/my. cnf55. view the ip address of the ssh Brute force attack and the number of attacks grep-o '[0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \}\. [0-9] \ {1, 3 \} '/var/log/secure | sort | uniq-c