Shulou(Shulou.com)06/01 Report--

This article is about what commands are commonly used by Linux system administrators. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The system administrator (sysadmins) is responsible for the daily maintenance of production systems and services. One of the key tasks is to ensure that functional services work 24 hours a day. To do this, they have to plan backup methods, disaster management strategies, scheduled maintenance, security reviews, and so on.

Whether you are a novice developer or want to manage your own application, here are 20 basic system management commands to help you better understand your application. They can also help resolve system failures such as why applications work locally but not on remote hosts. These commands apply to the Linux development environment, containers, and virtual machines.

1. Curl

Curl is used to transmit a URL. You can use this command to test the endpoint of the application or the connection to the upstream service endpoint. Curl can also be used to check whether your application can connect to other services, such as databases, or to check that your service is in a healthy state.

For example, if your application throws a HTTP 500error, it means that the MongoDB database cannot be accessed:

$curl-I-s myapplication:5000HTTP/1.0 500INTERNAL SERVER ERROR

The-I option is used to display header information, and the-s option indicates that silent mode is used and no errors and progress are displayed. Check that the endpoint of the database is correct:

$curl-I-s database:27017HTTP/1.0 200OK

So what could be the problem? Check that your application can access locations other than the database:

$curl-I-s https://opensource.comHTTP/1.1 200OK

This seems to be no problem, now try to access the database. Your application is using the hostname of the database, so try it first:

$curl database:27017curl: (6) Couldn't resolve host 'database'

This means that your application cannot resolve the database because the URL for the database is not available or the host (container or VM) does not have a domain name server that can be used to resolve hostnames.

2. Python-m json.tool / jq

After using curl, the output of the API call may be less readable. Sometimes you want to format the output of the generated JSON data to find a specific entry. Python has a built-in library to help you implement this requirement. You can use python-m json.tool to indent and organize JSON. To use Python's JSON module, you need to use the piping mechanism to write the output of the JSON file as input to the python-m json.tool command line.

$cat test.json {"title": "Person", "type": "object", "properties": {"firstName": {"type": "string"}, "lastName": {"type": "string"}, "age": {"description": "Age in years", "type": "integer", "minimum": 0}}, "required": ["firstName", "lastName"]}

To use the Python library, use the-m (module) option to combine the output and the Python library into a pipeline.

$cat test.json | python-m json.tool {"properties": {"age": {"description": "Age in years", "minimum": 0, "type": "integer"}, "firstName": {"type": "string"} "lastName": {"type": "string"}, "required": ["firstName", "lastName"], "title": "Person", "type": "object"}

For more advanced JSON parsing, you can install jq. Jq provides some options for extracting specific values from JSON input. To format the JSON output like the Python module above, simply apply the jq to the output.

$cat test.json | jq {"title": "Person", "type": "object", "properties": {"firstName": {"type": "string"}, "lastName": {"type": "string"}, "age": {"description": "Age in years", "type": "integer", "minimum": 0} "required": ["firstName", "lastName"]} 3.ls

Ls is used to list files in the directory, and system administrators and developers often use this command. In the container space, this command helps determine the directories and files in the container image. In addition to finding files, ls can also be used to check permissions. In the following example, you cannot run myapp due to permission issues. When you use ls-l to check permissions, you will find that its permissions do not have "x" in-rw-r-r-, only read and write permissions.

$. / myappbash:. / myapp: Permission denied$ ls-l myapp-rw-r--r--. 1 root root 33 Jul 21 18:36 myapp4. Tail

Tail displays the last part of the file. In general, you do not need to browse each line of logs to troubleshoot. Instead, you need to check the log for a description of the latest request for the application. For example, when you make a request to an Apache HTTP server, you can use tail to check what is happening in the log.

Use tail-f to track log files and view them when a request is made.

The-f option means to follow, and it outputs logs when they are written to a file. The following example has a background script that accesses the endpoint every few seconds, and the log logs the request. In addition to tracking the log in real time, you can use tail with the-n option to view the last 100 lines of the file.

$tail-n 100 / var/log/httpd/access_log5. Cat

Cat is mainly used to view the contents of files and merge files. You may use cat to check the contents of the dependency file or to confirm the version of the application that has been built locally.

$cat requirements.txtflaskflask_pymongo

The above example checks to see if your Python Flask application has Flask as a dependency.

6. Grep

Grep can search for text using specific pattern matches, including regular expressions. If you look for a specific mode in the output of another command, grep will highlight the relevant line. Use this command to search for log files, specific processes, and so on. If you want to see if Apache Tomcat is started, you may flood the number of command lines. But the contents of the output and the grep command are combined into a pipeline that separates the lines that indicate that the server has been started.

$cat tomcat.log | grep org.apache.catalina.startup.Catalina.start01-Jul-2017 18 INFO 03INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 681 ms7. Ps

Ps is used to view various status information of a process. Use this command to determine which application is running or to confirm the expected process. For example, if you want to check the running Tomcat Web server, you can use ps with the option to get the process ID of Tomcat.

$ps-efUID PID PPID C STIME TTY TIME CMDroot 1 02 18:55? 00:00:02 / docker-java-home/jre/biroot 59 00 18:55 pts/0 00:00:00 / bin/shroot 75 59 0 18:57 pts/0 00:00:00 ps-ef

For better readability, grep and ps can be combined to form a pipeline.

$ps-ef | grep tomcatroot 1 0 1 18:55? 00:00:02 / docker-java-home/jre/bi8. Env

Env is used to list and assign values to all environment variables. During troubleshooting, you may find that you need to check for incorrect environment variables to prevent the application from starting. In the following example, this command is used to check the environment variables set on the program host.

$envPYTHON_PIP_VERSION=9.0.1HOME=/rootDB_NAME=testPATH=/usr/local/bin:/usr/local/sbinLANG=C.UTF-8PYTHON_VERSION=3.4.6PWD=/DB_URI=mongodb://database:27017/test

Note that the application is using Python 3 and has environment variables that connect to the MongoDB database.

9. Top

Top is used to display the information and resource utilization of each process in the system, similar to the task manager of Windows. Use this command to determine which processes are running and how much memory and CPU they are consuming. A common situation is that when you run an application, it dies after a minute. At this point, you first check the application's return error and find that it is a memory error.

$tail myapp.logTraceback (most recent call last): MemoryError

Is your application really out of memory? To confirm this problem, use top to see how much CPU and memory the application consumes. When you use the top command, you notice that a Python application uses most of the CPU, and its memory usage increases rapidly. When it is running, if the process is your application, press the "C" key to view the complete command and reverse engineer. It turns out to be your memory-intensive application (memeater.py). When your application has run out of memory, the system kills it and returns an out of memory (OOM) error.

The application's memory and CPU usage increased and was eventually killed because of insufficient memory.

By pressing the "C" key, you can see the complete command to start the application

In addition to checking the application, you can also use top to debug other processes that use CPU or memory.

10. Netstat

Netstat is used to display network status information. This command displays the network ports in use and their incoming connections. However, netstat cannot be used out of the box in Linux. If you need to install it, you need to find it in the net-tools package. As a developer experimenting locally or pushing an application to a host, he may receive an error that the port has been assigned or the address has been used. Use netstat to get the protocol, process, and port information. The following figure shows that the Apache HTTP server has used port 80 on the following host.

Using netstat-tulpn indicates that Apache has used port 80 on this machine.

11. Ip address

If ip address is not available on your host, you must install it using the iproute2 package. IViep address is used to display the host interface and IP address of the application. You can use ip address* to verify the IP address of your container or host. For example, when your container is connected to two networks, ip address can show which interface is connected to which network. For a simple check, you can use the ip address command to obtain the IP address of the host at any time. The following example shows that the IP address of the Web layer container on interface eth0 is 172.17.0.2

Use ip address to show that the IP address of the eth0 interface is 172.17.0.2

12. Lsof

Lsof is used to list the files currently open by the system (list open files). On some Linux systems, you may need to use the lsof package to install lsof. In Linux, almost any interaction with the system is treated as a file. Therefore, if your application writes a file or opens a network connection, lsof will map this interaction to a file. Similar to netstat, you can use lsof to check the listening port. For example, if you want to check if port 80 is in use, use lsof to check which process is using it. In the following example, you can see httpd (Apache) listening on port 80. You can also use lsof to check httpd's process ID and check the location of the Web server's binaries (/ usr/sbin/httpd).

Lsof indicates that httpd is listening on port 80. Checking httpd's process ID can also show all the files httpd that need to be run.

The name of the open file in the open file list helps to determine the source of the process, especially the Apache.

13. Df

You can use df to display free disk space (display free disk space) to troubleshoot disk space problems. When you block the application from running on the container manager, you may receive an error message indicating a lack of free space on the container host. Although disk space should be managed and optimized by the hypervisor, you can still use df to find out the existing space in the directory and confirm that there is no space.

Df displays the disk space, absolute space, and availability of each file system.

The-h option indicates that the information is displayed in a highly readable manner, and the above example indicates that the host has a lot of disk space.

14. Du

The du command is also used to view usage space, but unlike the df command, the du command is a view of the space used by files and directory disks. To get more details about which files use disk space in the directory, you can use the du command, which is somewhat different from the df command. For example, if you want to know which log file takes up the most space in the / var/log directory, you can use the du command with the-h option and the-s option to get the total size.

$du-sh / var/log/*1.8M / var/log/anaconda384K / var/log/audit4.0K / var/log/boot.log0 / var/log/chrony4.0K / var/log/cron4.0K / var/log/maillog64K / var/log/messages

The example above shows that the maximum directory under / var/log is / var/log/audit. You can use du with df to determine the disk space used on the host of the application.

15. Id

To check the user running the application, use the id command to return the user's identity. The id command displays the real and valid user ID (UID) and group ID (GID). The following example uses Vagrant to test the application and isolate its development environment. After logging into the Vagrant box, if you try to install Apache HTTP Server (dependencies), you will be prompted to execute the command as root. To check your user ID and group ID, use the id command and you will find that you are running as the "vagrant" user in the "vagrant" group.

$yum-y install httpdLoaded plugins: fastestmirrorYou need to be root to perform this command.$ iduid=1000 (vagrant) gid=1000 (vagrant) groups=1000 (vagrant) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

To resolve this issue, you must run the command as a superuser, which provides elevated permissions.

16. Chmod

The chmod command is used to change the permissions of a file or directory. When you first run the application's binaries on the host, you may receive the error message "access denied". As shown in the example of ls, it can be used to check the permissions of application binaries.

$ls-ltotal 4 Murray RW Murray RW Murray. 1 vagrant vagrant 34 Jul 11 02:17 test.sh

This indicates that you do not have permission (no "x") to run binaries. * * c**hmod can modify permissions to enable users to run binaries.

$chmod + x test.sh [vagrant@localhost ~] $ls-ltotal 4-rwxrwxr-x. 1 vagrant vagrant 34 Jul 11 02:17 test.sh

As shown in the example, this updates the permission so that it has executable permissions. Now when you try to execute binaries, the application does not throw an access denied error. Chmod can be useful when loading binaries into a container. It ensures that the container has the appropriate permissions to execute binaries.

17. Dig / nslookup

The dig command is a commonly used domain name query tool, which can be used to test whether the domain name system is working properly. Domain name servers (DNS) help resolve URL into a set of application servers. However, you will find that some URL cannot be parsed, which can lead to connectivity problems in the application. For example, suppose you try to access your database from the host of the application. You received an "unresolvable" error. To troubleshoot, you try to use dig (DNS query tool) or nslookup (query Internet Domain name Server) to determine why the application seems to be unable to parse the data.

$nslookup mydatabaseServer: 10.0.2.3Address: 10.0.2.3 "53" * server can't find mydatabase: NXDOMAIN

Unable to parse mydatabase using nslookup display. Try to solve the problem with dig, but the result is the same.

$dig mydatabase; > DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 > mydatabase;; global options: + cmd;; connection timed out; no servers could be reached

These errors may be caused by many different problems. If you cannot debug the root cause, contact your system administrator for more investigation. For local testing, these problems may indicate that your host's domain name server is not configured correctly. To use these commands, you need to install the BIND Utilities package * *. **

18. Iptables

Iptables is used to block or allow traffic on Linux hosts and for IP packet filter management, similar to network firewalls. This tool prevents some applications from receiving or sending requests. More specifically, if your application has difficulty accessing another endpoint, traffic may have been denied access to that endpoint by iptables. For example, suppose the host of your application cannot access Opensource.com, and you use curl to test the connection.

$curl-vvv opensource.com* About to connect () to opensource.com port 80 (# 0) * Trying 54.204.39.132. * Connection timed out* Failed connect to opensource.com:80; Connection timed out* Closing connection 0curl: (7) Failed connect to opensource.com:80; Connection timed out

The connection timed out. You suspect that something might block traffic, so you use the-S option to display iptables rules.

$iptables-Smuri P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-An INPUT-p tcp-m tcp-- dport 22-j ACCEPT-An INPUT-I eth0-p udp-m udp-- sport 53-j ACCEPT-An OUTPUT-p tcp-m tcp-- sport 22-j ACCEPT-An OUTPUT-o eth0-p udp-m udp-- dport 53-j ACCEPT

The first three rules show that traffic has been discarded by default. The remaining rules indicate that SSH and DNS traffic are allowed. In this case, if you need a rule that allows traffic to external endpoints, follow sysadmin. If this is a host for local development or testing, use the iptables command to allow the appropriate traffic. Be careful when adding rules that allow traffic to hosts.

19. Sestatus

SELinux (a Linux security module) is typically used on the host of an enterprise-managed application. SELinux provides minimal access to processes running on the host, preventing potentially malicious processes from accessing important files on the system. In some cases, applications need to access specific files, but errors may occur. To check if SELinux blocks the application, use tail and grep to look for "denied" (rejected) information in the / var/log/audit log record. Otherwise, use sestatus to check if SELinux is started.

$sestatusSELinux status: enabledSELinuxfs mount: / sys/fs/selinuxSELinux root directory: / etc/selinuxLoaded policy name: targetedCurrent mode: enforcingMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 28

The above output indicates that the host of the application has SELinux enabled. In a local development environment, SELinux can be updated to make permissions more relaxed.

20. History

When you use a large number of commands for testing and debugging, you may forget useful commands. Each shell has a variant of the history command. It displays a history of commands that have been used since the beginning of the session. You can use history to record the commands used to troubleshoot the application. The history command is used to display a specified number of command commands, read directories in the history command file into the history command buffer, and write directories in the history command buffer to the command file.

$history 1 clear 2 df-h 3 du

What if you want to execute the commands in the previous history, but you don't want to re-enter them? Use symbols! OK, you can use symbols! Executes the history command of the specified sequence number. For example, to execute the second history command, enter *! * 2

Add before the specified number of the command that needs to be reexecuted! Can be re-executed.

Thank you for reading! This is the end of this article on "what commands are commonly used by Linux system administrators?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.