Essential Linux Ops Tools: Monitoring, Performance, and Security Utilities

1. Nethogs – Process Bandwidth Monitoring

Nethogs is a terminal‑based network traffic monitor that displays the bandwidth used by each process.

Download: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

[root@localhost ~]# yum -y install libpcap-devel ncurses-devel
[root@localhost ~]# tar zxvf nethogs-0.8.0.tar.gz
[root@localhost ~]# cd nethogs
[root@localhost nethogs]# make && make install
[root@localhost nethogs]# nethogs eth0

2. IOzone – Disk I/O Performance Testing

IOzone is a Linux file‑system benchmark tool that measures read/write performance across different operating systems.

Download: http://www.iozone.org/src/current/

[root@localhost current]# tar xvf iozone3_420.tar
[root@localhost ~]# cd iozone3_420/src/current/
[root@localhost current]# make linux
[root@localhost current]# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls

-a runs in full‑automatic mode. -n sets the minimum file size (KB) for automatic mode. -g sets the maximum file size (KB) for automatic mode. -i selects which test to run. -f specifies the test file name (deleted after completion). -R outputs results to an Excel file. -b writes output to a specified file.

3. IOTop – Real‑Time Disk I/O Monitoring

IOTop shows disk I/O usage in a top‑like interface.

[root@localhost ~]# yum -y install iotop

4. IPtraf – Simple Network Traffic Analyzer

IPtraf is a lightweight Linux tool for analyzing network conditions.

[root@localhost ~]# yum -y install iptraf

5. IFTop – Real‑Time Network Bandwidth Monitoring

IFTop is a top‑like tool that provides a more visual representation of network traffic than IPtraf.

Download: http://www.ex-parrot.com/~pdw/iftop/

[root@localhost ~]# tar zxvf iftop-0.17.tar.gz
[root@localhost ~]# cd iftop-0.17
[root@localhost iftop-0.17]# ./configure
[root@localhost iftop-0.17]# make && make install
[root@localhost iftop-0.17]# iftop -i eth0

TX – transmitted traffic.

RX – received traffic.

TOTAL – total traffic.

Cumm – cumulative traffic since IFTop started.

peak – traffic peak.

rates – average traffic over 2 s, 10 s, and 40 s intervals.

6. HTop – Interactive Process Viewer

HTop is an interactive Linux process viewer that can replace the default top command.

[root@localhost ~]# yum -y install htop

7. NMON – System Resource Monitoring

NMON is a widely used monitoring and analysis tool for AIX and various Linux distributions.

Download: http://sourceforge.jp/projects/sfnet_nmon/releases/

[root@localhost ~]# chmod +x nmon_x86_64_rhel6
[root@localhost ~]# mv nmon_x86_64_rhel6 /usr/sbin/nmon
[root@localhost ~]# nmon

8. MultiTail – Simultaneous Log Monitoring

MultiTail opens multiple windows in the console to monitor several log files at once, similar to the tail command.

[root@localhost ~]# yum -y install multitail
[root@localhost ~]# multitail -e "fail" /var/log/secure
[root@localhost ~]# multitail -l "ping baidu.com"
[root@localhost ~]# multitail -i /var/log/messages -i /var/log/secure

9. Fail2ban – SSH Brute‑Force Protection

Fail2ban watches system logs, matches error patterns with regular expressions, and automatically adds firewall rules to block offending IPs.

Download: http://www.fail2ban.org/wiki/index.php/Downloads

[root@localhost ~]# cd fail2ban-0.8.11
[root@localhost fail2ban-0.8.11]# python setup.py install
[root@localhost fail2ban-0.8.11]# cp ./redhat-initd /etc/init.d/fail2ban
[root@localhost files]# service fail2ban start
[root@localhost files]# chkconfig --add fail2ban
[root@localhost files]# chkconfig fail2ban on
[root@localhost ~]# service fail2ban restart
[root@localhost ~]# fail2ban-client status

10. Tmux – Terminal Session Persistence

Tmux is a powerful terminal multiplexer that allows sessions to survive SSH disconnections.

[root@localhost ~]# yum -y install tmux

11. Agedu – Disk Space Usage Visualization

Agedu scans directories and presents disk usage in a graphical web interface.

Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

[root@localhost ~]# tar zxvf agedu-r9723.tar.gz
[root@localhost ~]# cd agedu-r9723
[root@localhost ~]# ./configure
[root@localhost ~]# make && make install
[root@localhost ~]# agedu -s /
[root@localhost ~]# agedu -w --address 192.168.0.10:80

12. NMap – Network Scanning and Security Auditing

NMap is a network discovery and security auditing tool for Linux.

Download: http://nmap.org/download.html

[root@localhost ~]# tar jxvf nmap-6.40.tar.bz2
[root@localhost nmap-6.40]# ./configure
[root@localhost nmap-6.40]# make && make install
[root@localhost ~]# nmap 192.168.0.10          # basic scan
[root@localhost ~]# nmap -O 192.168.0.10      # OS detection
[root@localhost ~]# nmap -A 192.168.0.10      # aggressive scan
[root@localhost ~]# nmap 192.168.0.0/24       # scan an entire subnet

-sS TCP SYN scan. -sV service version detection.

13. Httperf – Web Server Stress Testing

Httperf is a more powerful alternative to ab, capable of measuring maximum throughput and identifying memory usage, stability, and other performance bottlenecks.

Download: http://code.google.com/p/httperf/downloads/list

[root@localhost ~]# tar zxvf httperf-0.9.0.tar.gz
[root@localhost ~]# cd httperf-0.9.0
[root@localhost httperf-0.9.0]# ./configure
[root@localhost httperf-0.9.0]# make && make install
[root@localhost ~]# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1

--hog: generate as many connections as possible.

--num-conns: total number of connections (e.g., 10000).

--wsess: simulate user sessions; first number is sessions, second is requests per session, third is interval in seconds.