Linux Server Administration Commands

[Neo]

All commands in Linux are equally important to manage Linux system / server.
Here I have listed some important commands that are widely used in Linux system / server administration.

Checking running Process on the server. [ ps, pstree ]

ps
This command is used to check the process running on the server. " ps " command will list all the running process with there respective process ID.

Example:
root@server [~]$ ps
PID TTY TIME CMD
22438 pts/3 00:00:00 su
22439 pts/3 00:00:00 bash
22517 pts/3 00:00:00 ps

Use the following option to get more process information from the " ps " commands,
root@server [~]$ ps -aux

Also you can grep any particular process on the server.
root@server [~]$ ps -aux | grep exim

pstree
This command is also used the check the process on the server. " pstree " command will list all the running process in the form of a tree structure.

Example:
root@server [~]$ pstree
init???agetty
??antirelayd
??bdflush
??chkservd
??4*[courierlogger???couriertcpd]
??courierlogger???authdaemond???5*[authdaemond???authProg]
??cpanellogd
??cpdavd
??cphulkd.pl
??cpsrvd-ssl???cpsrvd-ssl
??crond
??entropychat
??exim???exim???3*[exim]
? ??spamc
??2*[exim]
??exim???20*[exim]
??eximstats
??hpt_wt
??httpd???56*[httpd]
??interchange
??keventd
??7*[kjournald]
??klogd
??ksoftirqd_CPU0
??ksoftirqd_CPU1
??ksoftirqd_CPU2
??ksoftirqd_CPU3
??kswapd
??kupdated
??mailmanctl???8*[python2.4]
??mdrecoveryd
??6*[mingetty]
??mysqld_safe???mysqld???mysqld???26*[mysqld]
??named???named???6*[named]
??portsentry
??pure-authd
??pure-ftpd
??10*[python2.4]
??scsi_eh_0
??spamd???2*[spamd]
??ssh
??sshd???sshd???sshd???bash???su???bash
? ??sshd???sshd???bash???su???bash???pstree
??syslogd
??xinetd

Also try the following options for " pstree ".
root@server [~]$ pstree -p
init(1)???agetty(7480)
??antirelayd(8658)
??bdflush(8)
??chkservd(6224)
??courierlogger(6833)???couriertcpd(6834)
??courierlogger(6840)???couriertcpd(6841)
??courierlogger(6846)???couriertcpd(6847)
??courierlogger(6852)???couriertcpd(6853)
??courierlogger(6858)???authdaemond(6859)???authdaemond(6873)
? ??authdaemond(6874)???authProg(26164)
? ??authdaemond(6875)???authProg(17488)
? ??authdaemond(6876)???authProg(8194)
? ??authdaemond(6877)???authProg(29956)



Load on a server [ top, w , uptime ]

top

This command is used to find the load on the server. " top " command can also be used to find the process and users that causes load on the server. It gives information about the total process, sleeping process, the zombie process etc.

Example:

root@server [~]$ top -cd3

11:32:03 up 15 days, 23:57, 2 users, load average: 4.95, 5.13, 5.94

220 processes: 219 sleeping, 1 running, 0 zombie, 0 stopped

CPU states: cpu user nice system irq softirq iowait idle

total 1.5% 1.6% 2.4% 0.0% 0.0% 0.0% 94.3%

cpu00 3.4% 2.8% 2.8% 0.0% 0.0% 0.0% 90.9%

cpu01 0.3% 3.1% 0.0% 0.0% 0.0% 0.0% 96.5%

cpu02 2.5% 0.3% 6.5% 0.0% 0.0% 0.0% 90.6%

cpu03 0.0% 0.3% 0.3% 0.0% 0.0% 0.0% 99.3%

Mem: 3104932k av, 2909432k used, 195500k free, 0k shrd, 284548k buff

1201588k active, 1558304k inactive

Swap: 3004112k av, 499936k used, 2504176k free 1015264k cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND

3754 root 16 0 1252 1252 896 R 1.4 0.0 0:01 2 top -cd3

3620 nobody 9 0 61460 45M 28768 S 0.6 1.4 2:23 0 /usr/local/apache/bin/httpd -DSSL

3604 mailnull 9 0 4204 4116 2816 S 0.2 0.1 0:00 0 /usr/sbin/exim -bd -q60m

29956 root 9 0 4684 3384 2640 S 0.1 0.1 0:31 0 /etc/authlib/authProg

1 root 8 0 468 440 416 S 0.0 0.0 0:34 2 init [3]

From the above example you can see the load average, total processes, sleeping processes and the CPU usage. You can find the load average ( here the load average is " 4.95 " ), the memory usage, stats, swap and the list of process and its users.

w

This command is also find the load and users on the server. " w " command will provide a brief description about the load, time, number of users and the uptime of the server.

Example:

root@server [~]$ w

11:39:18 up 16 days, 4 min, 2 users, load average: 5.33, 5.37, 5.74

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

user1 pts/0 user - ip1 8:26am 3:13m 0.09s 0.00s sshd: user1 [priv]

user2 pts/3 user - ip2 11:09am 0.00s 0.13s 0.02s sshd: user2 [priv]

uptime

This command gives the basic information about the uptime and load of the server.

Example:

root@server [~]$ uptime

11:42:52 up 16 days, 8 min, 2 users, load average: 4.91, 5.35, 5.67
From the above example you can find the load and the number of days server running with out failure etc..

Killing process on a server [ kill, pkill, killall -9 ]

kill

This command is used to kill a running process on the server. You need to process id to execute the kill command. Consider you run " pstree -p " which will list all the process with its respective process id. To kill a particular process use the command " kill <process-id> ".

Example:

root@server [~]$ kill 27209

or

root@server [~]$ kill -9 27209

The above command will kill the process id 27209.

pkill

This command will kill the child processes of a particular process. Consider you want kill httpd on the server.

Example:

root@server [~]$ pkill httpd

or

root@server [~]$ pkill -9 httpd

or

root@server [~]$ pkill -HUP httpd

The above command will only kill all the child process of " httpd ". Using this command the parent process will be running and all the child process will be killed.

killall

This command is used to kill all the processes ( parent process and child process ).

Example:
root@server [~]$ killall -9 httpd

Checking the number of connection's to the server [ netstat, mysqladmin processlist ]

netstat

This command is used to find the number of connections to the server. " netstat " command will list all the connections using httpd, exim, ftp etc. You can grep the needed port and find the number of connections to a particular port. You can find the Local Address, Foreign Address, State, port etc of all the connections.

Example:

root@server [~]$ netstat -plan

or

root@server [~]$ netstat -plan | grep ":80"

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15496/httpd

tcp 0 0 65.254.34.21:80 165.21.14.92:42469 SYN_RECV -

tcp 0 0 65.254.34.21:80 71.7.8.253:3922 SYN_RECV -

tcp 0 0 65.254.34.21:80 165.21.154.10:28343 SYN_RECV -

tcp 0 0 65.254.34.21:80 85.100.25.208:2157 TIME_WAIT -

mysqladmin processlist

This command is used to find the connections to the mysql database. It gives information about Id, User, Host, db, Command, Time, State and Info of a mysql request to the server.

Example:

root@server [~]$ mysqladmin processlist

+--------+-----------------+-----------+-----------------------------+---------+-------+-------+

| Id | User | Host | db | Command | Time | State | Info |

+--------+-----------------+-----------+-----------------------------+---------+-------+-------+

| 186678 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 28337 | | |

| 188706 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 27051 | | |

| 195090 | kronosho_usifu | localhost | kroho_sifu | Sleep | 23069 | | |
| 201227 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 19655 | |

Blocking IP [ apf, csf ]

APF and CSF are firewall software’s.

You can use these commands to block a particular IP from connecting to the server. This command is mainly used when you find too many connections from a particular IP. Normally too many connection might be a attack to the server. So it is important to block such IP before it interrupts the balance of the server.

Check which firewall is installed on your server and use it accordingly.

Example:

root@server [~]$ apf -d <IP>

or

root@server [~]$ csf -d <IP>

Checking the port if open or not [ telnet, nmap ]

telnet

TELNET (TELecommunication NETwork) is a network protocol used on the Internet. TELNET is a client-server protocol, based on a reliable connection-oriented transport. This command will help us to find if a particular port on the server is open or not.

Example:

root@server [~]$ telnet google.com 80

Trying 64.233.187.99...

Connected to google.com (64.233.187.99)

From the above example you could find that port 80 is open on google server. If we receive a " connection refused " signal, that mean's the particular port is not open on the server.

nmap

This command nmap is a Network exploration tool and a security scanner.

Installing software’s [ yum ]

yum

This command is used to install software’s to the server without any dependences.

Example:

yum install <software>
If you find any software’s missing on the server, you can directly install it using this yum command. It will install the particular software on the server without dependencies.