Essential Linux Commands Every Sysadmin Should Master

Preface

After several years of working in operations, I remember starting with only simple commands and writing overly long, inefficient scripts. Learning advanced commands such as xargs, pipelines, and automatic response commands would have allowed me to write concise, effective scripts.

1. Practical xargs Command

xargs

is useful for passing the output of one command as arguments to another. For example, to find all files ending with .conf under the root directory and classify them: find / -name *.conf -type f -print | xargs file The result can be directly displayed (image omitted).

You can also combine find with tar to archive the found files:

find / -name *.conf -type f \</code><code>-print | xargs tar cjf test.tar.gz

2. Running Commands or Scripts in the Background

To ensure long‑running operations (e.g., database import/export) continue after the terminal session ends, use nohup:

nohup mysqldump -uroot -pxxxxx \</code><code>--all-databases > ./alldatabases.sql &

If you prefer not to expose the password in plain text:

nohup mysqldump -uroot -pxxxxx \</code><code>--all-databases > ./alldatabases.sql

After starting the command, you can press Ctrl+Z and then bg to move it to the background. The output is stored in a nohup.out file in the current directory.

3. Finding Processes with High Memory Usage

To list the top memory‑consuming processes: ps -aux | sort -rnk 4 | head -20 The fourth column shows memory usage percentage; the last column shows the corresponding process (image omitted).

4. Finding Processes with High CPU Usage

To list the top CPU‑consuming processes: ps -aux | sort -rnk 3 | head -20 The third column shows CPU usage percentage; the last column shows the corresponding process (image omitted).

5. Viewing Multiple Logs Simultaneously

Install multitail to monitor several log files in one terminal:

wget ftp://ftp.is.co.za/mirror/ftp.rpmforge.net/redhat/el6/x86_64/dag/RPMS/multitail-5.2.9-1.el6.rf.x86_64.rpm</code><code>yum -y localinstall multitail-5.2.9-1.el6.rf.x86_64.rpm

Example: watch /var/log/secure for the keyword "Accepted" while simultaneously pinging Baidu:

multitail -e "Accepted" /var/log/secure -l "ping baidu.com"

This allows correlating log output with network activity without switching terminals (image omitted).

6. Continuous Ping with Timestamp Logging

Record ping results with timestamps to a log file:

ping api.jpush.cn | awk '{ print $0 " " strftime("%Y-%m-%d %H:%M:%S",systime()) }' >> /tmp/jiguang.log &

The log file receives one line per second (image omitted).

7. Viewing TCP Connection States

Show the distribution of TCP connection states, useful for analyzing connections or attacks:

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn

Result screenshot omitted.

8. Top 20 IPs Requesting Port 80

Identify the IP addresses generating the most requests on port 80:

netstat -anlp | grep 80 | grep tcp | awk '{print $5}' \</code><code>| awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n200

Result screenshot omitted.

9. SSH Port Forwarding

Use SSH to forward a local port to a remote server without exposing the remote service directly:

ssh -p 22 -C -f -N -g -L 9200:192.168.1.19:9200 [email protected]

Ensure key‑based authentication is set up beforehand. After execution, accessing 192.168.1.15:9200 actually reaches 192.168.1.19:9200.