Essential Linux Ops Tools: Monitoring, Performance, and Security Utilities

This article presents several useful Linux operations tools to assist administrators.

1. Process Bandwidth Monitoring – Nethogs

Nethogs is a terminal‑based network traffic monitor that clearly shows bandwidth usage per process.

Installation and usage:

<code>[root@localhost ~]# yum -y install libpcap-devel ncurses-devel
[root@localhost ~]# tar zxvf nethogs-0.8.0.tar.gz
[root@localhost ~]# cd nethogs
[root@localhost nethogs]# make && make install
[root@localhost nethogs]# nethogs eth0</code>

2. Disk I/O Performance Testing – IOZone

IOZone is a Linux file‑system performance testing tool that evaluates read/write performance across different operating systems.

<code>[root@localhost current]# tar xvf iozone3_420.tar
[root@localhost ~]# cd iozone3_420/src/current/
[root@localhost current]# make linux
[root@localhost current]# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls</code>

-a: automatic mode -n: minimum file size (KB) for automatic mode -g: maximum file size (KB) for automatic mode -i: specify which test to run -f: name of the test file (deleted after completion) -R: output Excel to standard output -b: output to a specified file

3. Real‑Time Disk I/O Monitoring – IOTop

IOTop displays disk I/O usage in a top‑like interface.

<code>[root@localhost ~]# yum -y install iotop</code>

4. Network Traffic Monitoring – IPtraf

IPtraf is a simple Linux network status analysis tool.

<code>[root@localhost ~]# yum -y install iptraf</code>

5. Network Traffic Monitoring – iftop

iftop is a real‑time traffic monitor similar to top, offering a more visual view than iptraf.

<code>[root@localhost ~]# tar zxvf iftop-0.17.tar.gz
[root@localhost ~]# cd iftop-0.17
[root@localhost iftop-0.17]# ./configure
[root@localhost iftop-0.17]# make && make install
[root@localhost iftop-0.17]# iftop -i eth0</code>

TX: transmitted traffic

RX: received traffic

TOTAL: total traffic

Cumm: cumulative traffic since iftop started

peak: traffic peak

rates: average traffic over 2s, 10s, 40s intervals

6. Process Real‑Time Monitoring – HTop

HTop is an interactive process viewer that can replace the default top command.

<code>[root@localhost ~]# yum -y install htop</code>

7. System Resource Monitoring – NMON

NMON is a widely used monitoring and analysis tool for AIX and various Linux distributions.

<code>[root@localhost ~]# chmod +x nmon_x86_64_rhel6
[root@localhost ~]# mv nmon_x86_64_rhel6 /usr/sbin/nmon
[root@localhost ~]# nmon</code>

8. Multi‑Log Monitoring – MultiTail

MultiTail opens multiple windows in the console to monitor several log files simultaneously, similar to the tail command.

<code>[root@localhost ~]# yum -y install multitail
[root@localhost ~]# multitail -e "fail" /var/log/secure
[root@localhost ~]# multitail -l "ping baidu.com"
[root@localhost ~]# multitail -i /var/log/messages -i /var/log/secure</code>

9. SSH Brute‑Force Protection – Fail2ban

Fail2ban watches system logs, matches error patterns with regular expressions, and blocks offending IPs via the firewall.

<code>[root@localhost ~]# cd fail2ban-0.8.11
[root@localhost fail2ban-0.8.11]# python setup.py install
[root@localhost files]# cp ./redhat-initd /etc/init.d/fail2ban
[root@localhost files]# service fail2ban start
[root@localhost files]# chkconfig --add fail2ban
[root@localhost files]# chkconfig fail2ban on</code>

Typical configuration (jail.conf) snippets:

<code>ignoreip = 127.0.0.1/8
bantime  = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log
maxretry = 5</code>

10. Persistent Terminal Sessions – Tmux

Tmux is a powerful terminal multiplexer, more flexible and efficient than GNU Screen, ensuring tasks continue after SSH disconnections.

11. Disk Space Visualization – Agedu

Agedu scans directories and provides a web‑based view of disk usage.

<code>[root@localhost ~]# tar zxvf agedu-r9723.tar.gz
[root@localhost ~]# cd agedu-r9723
[root@localhost ~]# ./configure && make && make install
[root@localhost ~]# agedu -s /    # scan
[root@localhost ~]# agedu -w --address 192.168.0.10:80</code>

12. Network Scanning – NMap

NMap is a network discovery and security auditing tool for Linux.

<code>[root@localhost ~]# tar jxvf nmap-6.40.tar.bz2
[root@localhost nmap-6.40]# ./configure && make && make install
[root@localhost ~]# nmap 192.168.0.10          # basic info
[root@localhost ~]# nmap -O 192.168.0.10     # OS detection
[root@localhost ~]# nmap -A 192.168.0.10     # comprehensive scan
[root@localhost ~]# nmap 192.168.0.0/24      # scan entire subnet</code>

-sS: TCP SYN scan -sV: service/version detection

13. Web Stress Testing – Httperf

Httperf is a more powerful alternative to ab, capable of measuring maximum service capacity and identifying potential issues such as memory usage and stability.

<code>[root@localhost ~]# tar zxvf httperf-0.9.0.tar.gz
[root@localhost ~]# cd httperf-0.9.0
[root@localhost httperf-0.9.0]# ./configure && make && make install
[root@localhost ~]# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1</code>

Key parameters:

--hog: generate as many connections as possible

--num-conns: total number of connections (e.g., 10000)

--wsess: simulate user sessions (first number = sessions, second = requests per session, third = interval in seconds)