By John Doe
As a Linux system administrator, you need to be familiar with a variety of commands to monitor, maintain, and optimize Linux systems. Here are 20 of the most important Linux commands that every sysadmin should know.
1. uname – Print system information
The uname command prints detailed information about your Linux system, including the kernel name, version, and machine hardware details.
uname -aSample output:
Linux server1 5.4.0-104-generic #118-Ubuntu SMP Fri Jan 28 22:10:00 UTC 2022 x86_64 x86_64 x86_64 GNU/LinuxThis shows the kernel name (Linux), hostname (server1), kernel release (5.4.0-104-generic), version (#118-Ubuntu), architecture (x86_64), and operating system (GNU/Linux).
The -a flag prints all system information. You can also view specific details with flags like -r for kernel release and -m for machine hardware name.
2. df – Report file system disk space usage
The df command shows disk usage statistics for file systems. To show all filesystems:
df -hThis prints usage in human-readable format in GB/MB (the -h flag).
Sample output:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 99G 18G 76G 19% /
/dev/sda15 105M 3.6M 101M 4% /boot/efiFlags like -t filter output to show specific fs types only.
3. free – Display memory usage statistics
The free command shows total, used, free, shared, cached, and available memory in the system.
free -h
total used free shared buff/cache available
Mem: 15Gi 2.8Gi 11Gi 139Mi 1.5Gi 12Gi
Swap: 16Gi 0B 16GiThis gives a quick overview of how much memory is free vs in use. The -h flag shows output in human readable format.
4. top – Display process activities
The top command shows dynamic real-time information about running processes. It gives a quick overview of system resource utilization by processes.
top - 14:25:32 up 44 days, 11:37, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 114 total, 1 running, 59 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.0 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 15669 total, 3005 free, 3147 used, 9516 buff/cache
MiB Swap: 16384 total, 16384 free, 0 used. 12192 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
24 root 20 0 44528 3944 3368 R 0.3 0.0 0:00.15 topThis shows:
- System summary: Uptime, load avg, tasks, CPU, Memory
- Process list: PID, USER, PRIO, VIRT, RES, CPU%, MEM%
top is useful for identifying processes hogging system resources.
5. ps – Report process status
The ps command displays information about currently running processes. Some examples:
Show all processes for current user:
ps -u $USERShow all processes including their arguments:
ps -auxSample output:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 162988 6396 ? Ss Jan05 0:07 /usr/lib/systemd/systemd --switched-root --system --deserialize 25
root 2 0.0 0.0 0 0 ? S Jan05 0:00 [kthreadd]
mysql 2952 0.0 2.4 1120632 24984 ? Sl Jan28 0:00 /usr/sbin/mariadbd --basedir=/usr
john 17393 0.1 0.2 1120632 18626 ? Sl 10:11 0:00 mysqladmin --defaults-extra-file=/tmp/tmpciApkZ status
john 29599 0.0 0.1 15928 1028 pts/0 S+ 10:28 0:00 ps -auxThis shows the process name, PID, cpu usage, memory usage, and other details.
6. kill – Terminate processes
The kill command sends signals to running processes to terminate or control them.
Common syntax:
kill [options] <PID>Some example signals you can send:
SIGTERM (15): Request process terminationSIGKILL (9): Force kill process
Kill process with PID 29599:
kill 29599This will send the SIGTERM signal allowing process to gracefully shutdown.
7. ss – Investigate sockets
The ss command dumps socket statistics and replaces the older netstat command.
View all TCP sockets:
ss -t Sample output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 *:ssh *:*
LISTEN 0 128 :::ssh :::*
ESTAB 0 0 192.168.0.12:52418 34.207.103.127:443This gives an overview of established connections and listening ports on the system.
8. dmesg – Print kernel messages
dmesg shows messages from the Linux kernel ring buffer – useful for troubleshooting and debugging issues.
dmesg | lessSample output:
[ 0.000000] Linux version 5.4.0-104-generic (buildd@lcy01-amd64-027) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #118~18.04.1-Ubuntu SMP Fri Jan 28 22:10:00 UTC 2022
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-104-generic root=UUID=c7c48c94-3ed3-400f-9edb-701253ba9efa ro quiet splash vt.handoff=1
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
...Filter by kernel subsystem with flags like -k (for kernel) or -u (for USB).
9. less – View file contents
less allows scrolling through contents of a text file. Useful for viewing logs and debugging output.
dmesg | lessNavigate with arrows up/down. Quit with q. Search using /.
10. find – Search for files
The find command recursively searches directories for matching files.
Some examples:
Search by name:
find . -name install.logSearch by modification time:
find . -mtime -1 Find files over 20 MB:
find . -size +20MDelete files over 30 days old:
find . -type f -mtime +30 -deleteExtremely versatile for finding files based on various criteria.
11. grep – Search file contents
grep searches text content in files matching a regular expression.
Search for "ERROR" in messages log:
grep ERROR /var/log/messagesRecursively search current directory for "localhost":
grep -R localhost .Print 3 lines before and after match:
grep -A3 -B3 ERROR /var/log/messages Great for quickly searching logs and debugging issues.
12. tar – Archive files
The tar command archives multiple files and directories into a single .tar file.
Archive files directory:
tar -cvf files.tar filesExtract archive contents:
tar -xvf files.tarSome useful flags:
-ccreate archive-xextract archive-vverbose output-ffilename of archive
You can also compress .tar into .gz or .bz2 formats.
13. rsync – Sync files and folders
rsync synchronizes files/folders between two locations – local or remote. Useful alternative to scp for copying files.
Local file sync example:
rsync -avh source/ destinationSync source to remote host [email protected]:/backups:
rsync -avhP /path/to/source [email protected]:/backups Useful flags:
-aarchive mode-vverbose-hhuman-readable-zcompress
14. dig – DNS lookup utility
The dig command performs DNS lookups and can be used to test/troubleshoot DNS issues.
Query A record for domain:
dig marketingscoop.com
; <<>> DiG 9.16.1-Ubuntu <<>> marketingscoop.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32162
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
...
marketingscoop.com. 14399 IN A 104.21.62.29Specify record type, eg: dig marketingscoop.com MX.
15. nmap – Network discovery and security auditing
nmap scans networked computers to determine open ports, services, OS detection, and other characteristics.
Scan a single IP:
nmap 192.168.0.1Scan a subnet:
nmap 192.168.0.1/24Scan a range of IPs:
nmap 192.168.0.1-255Nmap has tons of advanced functionality for network discovery, port scanning, OS fingerprinting and more.
16. tcpdump – Capture network traffic
tcpdump captures network traffic on a specific interface. Useful for network troubleshooting.
Capture traffic on eth0:
tcpdump -i eth0Write capture to a file:
tcpdump -w output.pcapRead capture file:
tcpdump -r output.pcapFilter captured packets:
tcpdump tcp port 2217. traceroute – Print network path to host
traceroute prints the route packets take to a network host – useful for troubleshooting connectivity issues.
Trace route to marketingscoop.com:
traceroute marketingscoop.comSample output:
traceroute to marketingscoop.com (104.21.62.29), 30 hops max, 60 byte packets
1 gateway (192.168.0.1) 0.202 ms 0.173 ms 0.161 ms
2 10.88.0.1 (10.88.0.1) 3.235 ms 3.212 ms 3.185 ms
3 * * *
...
15 104.21.62.29 (104.21.62.29) 2.123 ms 2.090 ms 2.040 ms18. ping – Test connectivity to host
The basic ping command tests connectivity between two hosts using ICMP echo requests.
Ping marketingscoop.com:
ping marketingscoop.comSample output:
PING marketingscoop.com (104.21.61.29) 56(84) bytes of data.
64 bytes from marketingscoop.com (104.21.61.29): icmp_seq=1 ttl=52 time=34.1 ms
64 bytes from marketingscoop.com (104.21.61.29): icmp_seq=2 ttl=52 time=34.3 ms
...
--- marketingscoop.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9041ms Ping continuously with -t flag. Stop with Ctrl-C.
19. mtr – Traceroute and ping combination
mtr combines functionality of traceroute and ping into a single network diagnostic tool.
mtr marketingscoop.comSample output:
HOST: test Loss% Snt Last Avg Best Wrst StDev
1.|-- 10.88.0.1 0.0% 10 1.2 2.2 1.1 10.3 2.8
2.|-- ge-4-3-ur01.sandiego.ca. 0.0% 10 4.0 6.0 3.6 23.5 6.2
3.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
4.|-- be3037.ccr31.lax05.atlas 0.0% 10 19.0 25.3 18.6 40.6 7.4
5.|-- be3037.ccr42.ord01.atla 0.0% 10 22.9 20.5 18.6 30.1 3.3
...20. iperf3 – Network bandwidth measurement
iperf3 measures maximum network throughput between hosts using TCP, UDP or SCTP.
Server mode on host1:
iperf3 -sClient mode on host2:
iperf3 -c host1Sample server output:
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.10.5, port 50708
[ 5] local 192.168.10.2 port 5201 connected to 192.168.10.5 port 50709
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 1.07 GBytes 9.16 Gbits/sec
[ 5] 1.00-2.00 sec 1.10 GBytes 9.39 Gbits/secThis shows bandwidth and quality metrics for the TCP connection.
That covers some of the most useful commands Linux system administrators should be familiar with! Let me know in the comments if you have any other favorite commands to add.
