Linux has been an daily affair for a few years and i have quite enjoyed working and knowing it more and more!
Linux sometime may seem to be pretty vast with literally hundreds of switches (options like -a etc) for each command which you will eventually learn as you get along. Through this guide i essentially want to create a reference point and would be glad it it has helped you in some way.
1. System Hardware Information
- Get system architecture
[root@localhost ~]# arch
x86_64x86_64 means 64 bit with x86 instruction set processor, i386 / i586 / i686 would mean 32 bit systems
- CPU details
[root@localhost ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 60
Stepping: 3
CPU MHz: 2594.006
BogoMIPS: 5188.01
Hypervisor vendor: VMware
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 3072K
NUMA node0 CPU(s): 0Here we can get various hardware information, such as number of cpu’s “CPU(s)”, CPU clock speed “CPU Mhz” etc.
note: Total number of virtual cpu’s also known as vcpu’s is calculated by ( No of Socket(s) * No of Core(s) per socket * Thread(s) per core )
- Memory Usage
[root@localhost ~]# free -g
total used free shared buffers cached
Mem: 1 1 0 0 0 0
-/+ buffers/cache: 0 1
Swap: 1 0 1free command gives used memory (RAM), cache and swap space details
-g shows usage per GB, -m per MB and -k is per KB
- Disk Usage
[root@localhost ~]# df -kh
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 18G 2.4G 15G 15% /
tmpfs 931M 344K 931M 1% /dev/shm
/dev/sda1 291M 39M 238M 14% /bootnote: df -i is quite useful as it displays the number of free inodes[root@localhost ~]# df -i
[root@localhost ~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda2 1160992 95794 1065198 9% /
tmpfs 238319 7 238312 1% /dev/shm
/dev/sda1 76912 39 76873 1% /bootinodes are limited at the time of OS installation and should you run out of this number even though you physically have disk space. Then we cant write any further data into the disk as inodes are exhausted
2. System OS Information
- OS version
[root@localhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)This file name is different on different distributions like redhat,oracle,fedora,SuSE,centos etc. you need to replace the OS distribution name in the above command to get specific OS information
note: On newer OS we have /etc/os-release file which can be viewed irrespective of the distibution type
- Kernel version
[root@localhost ~]# uname -r
2.6.32-431.el6.x86_643. Searching
- Searching a file / folder
[root@localhost ~]# find / -type f -name core.*/ is the path we can specify any path or . (dot) operator to search recursively inside present working directory
-type can be f for file and d for directories.
[root@localhost ~]# find / -size +20Mfor size based searching, use +, -, M, G etc optional switchesAlternatively locate can also be used which is not that powerful as find
[root@localhost ~]# locate core.*note: “updatedb” command is run to update the locate database in the OS, Sometimes when locate fails to show a file/ folder this could be handy
4. Grep
- grep command
Let us show the sample text file ‘testfile.txt’ that we have created to demonstrate grep switches
[root@localhost ~]# cat testfile.txt
Sample text file to show usage of grep utility
This is the second line
This is the third LINERegular grep
[root@localhost ~]# cat testfile.txt |grep LINE
This is the third LINECase insensitive grep
[root@localhost ~]# cat testfile.txt |grep -i LINE
This is the second line
This is the third LINEInverted grep
[root@localhost ~]# cat testfile.txt |grep -v LINE
Sample text file to show usage of grep utility
This is the second lineCombined case insensitive and inverted grep
[root@localhost ~]# cat testfile.txt |grep -iv LINE
Sample text file to show usage of grep utilityCount the number of occurrences
[root@localhost ~]# cat testfile.txt |grep -c LINE
1Count the number of occurrences (Case insensitive)
[root@localhost ~]# cat testfile.txt |grep -ic LINE
2Exact grep, looks for complete string
[root@localhost ~]# cat testfile.txt |grep -w Sampl
[root@localhost ~]# cat testfile.txt |grep -w Sample
Sample text file to show usage of grep utility4. PS Command
- To check processes
[root@localhost ~]# ps -aef|grep pulse
root 7613 1 0 13:00 ? 00:00:03 /usr/bin/pulseaudio --start
root 7619 7613 0 13:00 ? 00:00:00 /usr/libexec/pulse/gconf-helperConsider the first entry, “root” is the user which started the process, 7613 is the pid or process id, 1 is the ppid or the parent process id. ppid=1 indicates that this process was forked by the INIT process. Since INIT process is a system process which is responsible for forking all the other processes. This process starts at the time of OS booting
Do note that the pid 7613 is the ppid in the second entry which essentially means it is the parent for the second process (pid 7619). This is the way parent and child process works in the unix world
5. System OS limits
- Check the limits
[root@localhost ~]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14733
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14733
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimitedThis is a useful command. It specifies the system limits for various system attributes like (core file size, open files, file size etc)
Consider “core file size”; Its set to 0 indicates that any (GCC based) executable if crashes then no core file should be saved in the system.
To set / increase the limits for any attribute like “core file size” we can use the below command
ulimit -c unlimited
to set unlimited size, do note each attribute has a different switch i.e. -c for “core file size”
ulimit -c 50000to set 50k max size, if core is below 50k bytes then it will be generated not otherwise
Similarly ‘file size’ indicates max file size allowed, ‘open files’ indicates maximum open files allowed
If you want to understand open file you must explore “lsof” command as below
[root@localhost ~]# ps -ef|grep sshd
root 7034 1 0 12:59 ? 00:00:00 /usr/sbin/sshd
[root@localhost ~]# lsof -p 7034
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 7034 root cwd DIR 8,2 4096 2 /
sshd 7034 root rtd DIR 8,2 4096 2 /
sshd 7034 root txt REG 8,2 546680 413918 /usr/sbin/sshd
sshd 7034 root mem REG 8,2 65928 261664 /lib64/libnss_files-2.12.so
sshd 7034 root DEL REG 8,2 261676 /lib64/librt-2.12.so
sshd 7034 root DEL REG 8,2 261705 /lib64/libnspr4.so
sshd 7034 root DEL REG 8,2 261707 /lib64/libplds4.so
sshd 7034 root DEL REG 8,2 261706 /lib64/libplc4.so
sshd 7034 root DEL REG 8,2 395118 /usr/lib64/libnssutil3.soShowing a snippet of the lsof command run on the sshd pid, while the actual output is a bit longer
lsof shows you the variety of files that a particular process is cross referencing or linked while the process is in execution state
trivia: If you don’t already know anything and everything in unix is a file; A cpus is a file, RAM is a file, keyword & mices are treadted as different types of files
6. Netstat Command
- Network statistics
[root@localhost ~]# netstat -anp|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1174/sshd
tcp 0 0 1.2.1.4:22 1.2.1.4:45967 ESTABLISHED 13623/sshd
tcp 0 0 1.2.1.4:22 1.2.1.4:51176 ESTABLISHED 26157/sshd
tcp 0 52 1.2.1.4:22 1.1.1.124:63040 ESTABLISHED 15227/sshd
tcp 0 0 :::22 :::* LISTEN 1174/sshd
unix 2 [ ] DGRAM 1373605517 15227/sshd
unix 2 [ ] DGRAM 1369863453 26157/sshdWe have taken a netstat on the sshd (ssh daemon process which is the server and lets us using client application such as PuTTY) to connect with the server remotely
Consider the first line
it says a socket of type ‘tcp’ protocol is in ‘LISTEN’ state with Server IP:Port pair being ‘0.0.0.0:22’ and allowed client IP:Port pair being ‘0.0.0.0:*’ with a process id 1174
Now lets understand the 0.0.0.0 notation, Its basically termed as an (‘no particular address’) which means anyone is allowed to make connections
Now you might wonder what are the 2 distinct 0 and 0 mean. These the the tcp Receieve Queue (recvQ) and Send Queue (sendQ) which are temporary buffers which are made use of in tcp protocol for reliable data transmission
note: If you really want to see some action in the recvQ and sendQ run a watch command with 100 mili second delay over any actively running process like below. Feel free to change mysql to any other process based on the applications that you are running
watch -n 0.1 "netstat -anp|grep mysql"back to our netstat command, lets take the second line in our original netstat output we can again see its a ‘tcp’ socket with current recvQ and sendQ as 0 0 for “1.2.1.4:22 ←> 1.2.1.4:45967”. Always know that server LISTENS in standard ports like 22 (bash), 80(httpd), 3306 (mysql) etc and client takes up any of the free temporary available port, in this case its “45967”
the last 2 entries are of a different protocol (unix) which we are not much interested as majorly we deal with only tcp / udp protocols
