Essential Linux Command-Line Tricks for System Administration
This guide presents a collection of practical Linux command-line snippets—including file searching, batch extraction, text processing with sed, directory checks, disk usage monitoring, log analysis, firewall rules, and SNMP configuration—to help system administrators automate routine tasks efficiently.
1. Find and move .tar files
Find all files ending with .tar in the current directory and move them to a backup directory. find . -name "*.tar" -exec mv {} ./backup/ ; Explanation: find -name searches by filename; -exec or xargs can act on the results. Additional options such as -mtime, -type, and -size allow filtering by modification time, file type, or size (e.g., delete log files older than 30 days and larger than 100 M).
2. Batch unzip .zip files
Extract every .zip archive in the current directory into a specified target directory.
for i in `find . -name "*.zip" -type f`
do
unzip -d $i /data/www/img/
doneThe for … in $(command); do … done construct iterates over the list of files returned by find.
3. Common sed one‑liners (example file: test.txt)
# Remove the first character of each line
sed -i 's/^\.//g' test.txt
# Prepend an "a" to the beginning of each line
sed -i 's/^/a/g' test.txt
# Append an "a" to the end of each line
sed -i 's/$/a/' test.txt
# After a specific line, add a "c"
sed -i '/wuguangke/a c' test.txt
# Insert a "c" before a specific line
sed -i '/wuguangke/i c' test.txtRefer to the sed manual for many more editing patterns.
4. Test for a directory and create it if missing
if [ ! -d /data/backup/ ]; then
mkdir -p /data/backup/
else
echo "The Directory already exists, please exit"
fiThe if … then … else … fi construct checks existence with -d; the exclamation mark negates the test.
5. Monitor root partition usage and send an alert
Print the root partition usage percentage:
df -h | sed -n '/\//p' | awk '{print $5}' | awk -F'%' '{print $1}'Continuously check every 5 minutes and send an email when usage reaches 90 %:
while sleep 5m
do
for i in `df -h | sed -n '/\//p' | awk '{print $5}' | sed 's/%//g'`
do
echo $i
if [ $i -ge 90 ]; then
echo "More than 90% of Linux disk space used, please check!" \
| mail -s "Warn Linux Disk $i%" [email protected]
fi
done
done6. List the top 20 IP addresses in an Nginx access log
cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20sortorders the lines, uniq -c counts occurrences, and the final sort -nr shows the most frequent IPs.
7. Disable SELinux enforcement via sed
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/configAnother example replaces /tmp with /tmp/abc/ in test.txt:
sed -i 's:/tmp:/tmp/abc/:g' test.txt8. Print the maximum and minimum values from a file
# Print the maximum value (first line after numeric sort descending)
sort -nr a.txt | head -1
# Print the minimum value (last line after numeric sort ascending)
sort -n a.txt | head -1A compact one‑liner using sed:
sed 's/ / /g' a.txt | sort -nr | sed -n '1p;$p'9. Retrieve SNMP v2c data with snmpwalk
snmpwalk -v2c -c public 192.168.0.24110. Replace lines ending with "jk" by "yz"
sed -e 's/jk$/yz/g' b.txt11. Capture network traffic with tcpdump
# Capture HTTP traffic to a specific host
tcpdump -nn host 192.168.56.7 and port 80
# Capture all traffic except a specific host
tcpdump -nn host 192.168.56.7 or ! host 192.168.0.22 and port 80The OSI model layers are: physical, data link, network, transport, session, presentation, application.
12. Configure SNMP community on H3C devices
snmp-agent sys-info version v1 v2c
snmp-agent community read public13. Show the 20 most frequently used commands from Bash history
cat .bash_history | grep -v '^#' | awk '{print $1}' | sort | uniq -c | sort -nr | head -2014. Delete .log files older than three days
find . -mtime +3 -name "*.log" | xargs rm -rf15. Move files larger than 100 KB to /tmp
find . -size +100k -exec mv {} /tmp ;16. Firewall script to allow only remote access to port 80
iptables -F
iptables -X
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j REJECTOr a more specific rule:
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT17. Nginx log statistics for the top 10 IPs
# Change to the log directory
cd /home/logs/nginx/default
# Merge rotated logs (example command)
sort -m -k4 -o access.logok access.1 access.2 access.3 ...
# Count and list top 10 IPs
cat access.logok | awk '{print $1}' | sort | uniq -c | sort -nr | head -1018. Replace a directory path in a file using sed
sed 's:/user/local:/tmp:g' test.txtOr in‑place editing:
sed -i 's:/usr/local:/tmp:g' test.txtSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.