By John Doe
As a Linux system administrator, you need to be familiar with a variety of commands to monitor, maintain, and optimize Linux systems. Here are 20 of the most important Linux commands that every sysadmin should know.
1. uname – Print system information
The uname
command prints detailed information about your Linux system, including the kernel name, version, and machine hardware details.
uname -a
Sample output:
Linux server1 5.4.0-104-generic #118-Ubuntu SMP Fri Jan 28 22:10:00 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
This shows the kernel name (Linux), hostname (server1), kernel release (5.4.0-104-generic), version (#118-Ubuntu), architecture (x86_64), and operating system (GNU/Linux).
The -a
flag prints all system information. You can also view specific details with flags like -r
for kernel release and -m
for machine hardware name.
2. df – Report file system disk space usage
The df
command shows disk usage statistics for file systems. To show all filesystems:
df -h
This prints usage in human-readable format in GB/MB (the -h
flag).
Sample output:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 99G 18G 76G 19% /
/dev/sda15 105M 3.6M 101M 4% /boot/efi
Flags like -t
filter output to show specific fs types only.
3. free – Display memory usage statistics
The free
command shows total, used, free, shared, cached, and available memory in the system.
free -h
total used free shared buff/cache available
Mem: 15Gi 2.8Gi 11Gi 139Mi 1.5Gi 12Gi
Swap: 16Gi 0B 16Gi
This gives a quick overview of how much memory is free vs in use. The -h
flag shows output in human readable format.
4. top – Display process activities
The top
command shows dynamic real-time information about running processes. It gives a quick overview of system resource utilization by processes.
top - 14:25:32 up 44 days, 11:37, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 114 total, 1 running, 59 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.0 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15669 total, 3005 free, 3147 used, 9516 buff/cache
MiB Swap: 16384 total, 16384 free, 0 used. 12192 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24 root 20 0 44528 3944 3368 R 0.3 0.0 0:00.15 top
This shows:
- System summary: Uptime, load avg, tasks, CPU, Memory
- Process list: PID, USER, PRIO, VIRT, RES, CPU%, MEM%
top
is useful for identifying processes hogging system resources.
5. ps – Report process status
The ps
command displays information about currently running processes. Some examples:
Show all processes for current user:
ps -u $USER
Show all processes including their arguments:
ps -aux
Sample output:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 162988 6396 ? Ss Jan05 0:07 /usr/lib/systemd/systemd --switched-root --system --deserialize 25
root 2 0.0 0.0 0 0 ? S Jan05 0:00 [kthreadd]
mysql 2952 0.0 2.4 1120632 24984 ? Sl Jan28 0:00 /usr/sbin/mariadbd --basedir=/usr
john 17393 0.1 0.2 1120632 18626 ? Sl 10:11 0:00 mysqladmin --defaults-extra-file=/tmp/tmpciApkZ status
john 29599 0.0 0.1 15928 1028 pts/0 S+ 10:28 0:00 ps -aux
This shows the process name, PID, cpu usage, memory usage, and other details.
6. kill – Terminate processes
The kill
command sends signals to running processes to terminate or control them.
Common syntax:
kill [options] <PID>
Some example signals you can send:
SIGTERM (15)
: Request process terminationSIGKILL (9)
: Force kill process
Kill process with PID 29599:
kill 29599
This will send the SIGTERM
signal allowing process to gracefully shutdown.
7. ss – Investigate sockets
The ss
command dumps socket statistics and replaces the older netstat
command.
View all TCP sockets:
ss -t
Sample output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 *:ssh *:*
LISTEN 0 128 :::ssh :::*
ESTAB 0 0 192.168.0.12:52418 34.207.103.127:443
This gives an overview of established connections and listening ports on the system.
8. dmesg – Print kernel messages
dmesg
shows messages from the Linux kernel ring buffer – useful for troubleshooting and debugging issues.
dmesg | less
Sample output:
[ 0.000000] Linux version 5.4.0-104-generic (buildd@lcy01-amd64-027) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Fri Jan 28 22:10:00 UTC 2022
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-104-generic root=UUID=c7c48c94-3ed3-400f-9edb-701253ba9efa ro quiet splash vt.handoff=1
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
...
Filter by kernel subsystem with flags like -k
(for kernel) or -u
(for USB).
9. less – View file contents
less
allows scrolling through contents of a text file. Useful for viewing logs and debugging output.
dmesg | less
Navigate with arrows up/down. Quit with q
. Search using /
.
10. find – Search for files
The find
command recursively searches directories for matching files.
Some examples:
Search by name:
find . -name install.log
Search by modification time:
find . -mtime -1
Find files over 20 MB:
find . -size +20M
Delete files over 30 days old:
find . -type f -mtime +30 -delete
Extremely versatile for finding files based on various criteria.
11. grep – Search file contents
grep
searches text content in files matching a regular expression.
Search for "ERROR" in messages
log:
grep ERROR /var/log/messages
Recursively search current directory for "localhost":
grep -R localhost .
Print 3 lines before and after match:
grep -A3 -B3 ERROR /var/log/messages
Great for quickly searching logs and debugging issues.
12. tar – Archive files
The tar
command archives multiple files and directories into a single .tar
file.
Archive files
directory:
tar -cvf files.tar files
Extract archive contents:
tar -xvf files.tar
Some useful flags:
-c
create archive-x
extract archive-v
verbose output-f
filename of archive
You can also compress .tar
into .gz
or .bz2
formats.
13. rsync – Sync files and folders
rsync
synchronizes files/folders between two locations – local or remote. Useful alternative to scp for copying files.
Local file sync example:
rsync -avh source/ destination
Sync source
to remote host [email protected]:/backups
:
rsync -avhP /path/to/source [email protected]:/backups
Useful flags:
-a
archive mode-v
verbose-h
human-readable-z
compress
14. dig – DNS lookup utility
The dig
command performs DNS lookups and can be used to test/troubleshoot DNS issues.
Query A record for domain:
dig marketingscoop.com
; <<>> DiG 9.16.1-Ubuntu <<>> marketingscoop.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32162
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
...
marketingscoop.com. 14399 IN A 104.21.62.29
Specify record type, eg: dig marketingscoop.com MX
.
15. nmap – Network discovery and security auditing
nmap
scans networked computers to determine open ports, services, OS detection, and other characteristics.
Scan a single IP:
nmap 192.168.0.1
Scan a subnet:
nmap 192.168.0.1/24
Scan a range of IPs:
nmap 192.168.0.1-255
Nmap has tons of advanced functionality for network discovery, port scanning, OS fingerprinting and more.
16. tcpdump – Capture network traffic
tcpdump
captures network traffic on a specific interface. Useful for network troubleshooting.
Capture traffic on eth0:
tcpdump -i eth0
Write capture to a file:
tcpdump -w output.pcap
Read capture file:
tcpdump -r output.pcap
Filter captured packets:
tcpdump tcp port 22
17. traceroute – Print network path to host
traceroute
prints the route packets take to a network host – useful for troubleshooting connectivity issues.
Trace route to marketingscoop.com:
traceroute marketingscoop.com
Sample output:
traceroute to marketingscoop.com (104.21.62.29), 30 hops max, 60 byte packets
1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms
2 10.88.0.1 (10.88.0.1) 3.235 ms 3.212 ms 3.185 ms
3 * * *
...
15 104.21.62.29 (104.21.62.29) 2.123 ms 2.090 ms 2.040 ms
18. ping – Test connectivity to host
The basic ping
command tests connectivity between two hosts using ICMP echo requests.
Ping marketingscoop.com:
ping marketingscoop.com
Sample output:
PING marketingscoop.com (104.21.61.29) 56(84) bytes of data.
64 bytes from marketingscoop.com (104.21.61.29): icmp_seq=1 ttl=52 time=34.1 ms
64 bytes from marketingscoop.com (104.21.61.29): icmp_seq=2 ttl=52 time=34.3 ms
...
--- marketingscoop.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9041ms
Ping continuously with -t
flag. Stop with Ctrl-C.
19. mtr – Traceroute and ping combination
mtr
combines functionality of traceroute
and ping
into a single network diagnostic tool.
mtr marketingscoop.com
Sample output:
HOST: test Loss% Snt Last Avg Best Wrst StDev
1.|-- 10.88.0.1 0.0% 10 1.2 2.2 1.1 10.3 2.8
2.|-- ge-4-3-ur01.sandiego.ca. 0.0% 10 4.0 6.0 3.6 23.5 6.2
3.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
4.|-- be3037.ccr31.lax05.atlas 0.0% 10 19.0 25.3 18.6 40.6 7.4
5.|-- be3037.ccr42.ord01.atla 0.0% 10 22.9 20.5 18.6 30.1 3.3
...
20. iperf3 – Network bandwidth measurement
iperf3
measures maximum network throughput between hosts using TCP, UDP or SCTP.
Server mode on host1:
iperf3 -s
Client mode on host2:
iperf3 -c host1
Sample server output:
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.10.5, port 50708
[ 5] local 192.168.10.2 port 5201 connected to 192.168.10.5 port 50709
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 1.07 GBytes 9.16 Gbits/sec
[ 5] 1.00-2.00 sec 1.10 GBytes 9.39 Gbits/sec
This shows bandwidth and quality metrics for the TCP connection.
That covers some of the most useful commands Linux system administrators should be familiar with! Let me know in the comments if you have any other favorite commands to add.