Essential Linux Ops Tools: Monitoring, Performance, and Security Utilities

This article introduces several practical Linux operations tools that can help system administrators with monitoring, performance testing, and security.

1. Nethogs

Nethogs is a terminal‑based network traffic monitor that shows bandwidth usage per process.

Download: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

# yum -y install libpcap-devel ncurses-devel
# tar zxvf nethogs-0.8.0.tar.gz
# cd nethogs
# make && make install
# nethogs eth0

2. IOzone

IOzone is a Linux filesystem performance testing tool that measures read/write speeds across different operating systems.

Download: http://www.iozone.org/src/current/

# tar xvf iozone3_420.tar
# cd iozone3_420/src/current/
# make linux
# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls

-a use automatic mode -n set minimum file size (KB) -g set maximum file size (KB) -i select test to run -f specify test file name (deleted after run) -R output Excel to stdout -b specify output file

3. iotop

iotop displays real‑time disk I/O usage, with an interface similar to the top command.

# yum -y install iotop

4. IPtraf

IPtraf is a simple Linux network status analysis tool.

# yum -y install iptraf

5. iftop

iftop is a real‑time network traffic monitor that provides a more visual view than iptraf.

Download: http://www.ex-parrot.com/~pdw/iftop/

# tar zxvf iftop-0.17.tar.gz
# cd iftop-0.17
# ./configure
# make && make install
# iftop -i eth0

TX: transmitted traffic

RX: received traffic

TOTAL: total traffic

Cumm: cumulative traffic since start

peak: traffic peak

rates: average over 2s, 10s, 40s

6. htop

htop is an interactive process viewer for Linux that can replace the default top command.

# yum -y install htop

7. nmon

nmon is a widely used monitoring and analysis tool for AIX and various Linux distributions.

Download: http://sourceforge.jp/projects/sfnet_nmon/releases/

# chmod +x nmon_x86_64_rhel6
# mv nmon_x86_64_rhel6 /usr/sbin/nmon
# nmon

8. MultiTail

MultiTail opens multiple windows in the console to monitor several log files simultaneously, similar to the tail command.

# yum -y install multitail
# multitail -e "fail" /var/log/secure   # filter by keyword
# multitail -l "ping baidu.com"       # monitor command output
# multitail -i /var/log/messages -i /var/log/secure   # monitor multiple files

9. Fail2ban

Fail2ban watches system logs, matches error patterns with regular expressions, and blocks offending IPs via the firewall.

Download: http://www.fail2ban.org/wiki/index.php/Downloads

# cd fail2ban-0.8.11
# python setup.py install
# cp ./redhat-initd /etc/init.d/fail2ban
# service fail2ban start
# chkconfig --add fail2ban
# chkconfig fail2ban on

Typical configuration (jail.conf) sets ignore IPs, ban time, find time, max retries, and specifies actions such as iptables for SSH.

# grep -v "^#" /etc/fail2ban/jail.conf | grep -v "^$" [DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log
maxretry = 5

10. tmux

tmux is a powerful terminal multiplexer that provides more flexibility and efficiency than GNU Screen, keeping sessions alive after SSH disconnections.

11. Agedu

Agedu visualizes disk space usage.

Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

# tar zxvf agedu-r9723.tar.gz
# cd agedu-r9723
# ./configure
# make && make install
# agedu -s /    # scan
# agedu -w --address 192.168.0.10:80
# agedu -w --address 192.168.0.108080 --auth none

12. NMap

NMap is a network scanning and fingerprinting toolkit for Linux.

Download: http://nmap.org/download.html

# tar jxvf nmap-6.40.tar.bz2
# ./configure
# make && make install
# nmap 192.168.0.10          # basic info
# nmap -O 192.168.0.10       # OS detection
# nmap -A 192.168.0.10       # comprehensive scan
# nmap 192.168.0.0/24        # scan whole subnet

-sS TCP SYN scan -sV service version detection

13. Httperf

Httperf is a web stress testing tool more powerful than ab, capable of simulating realistic traffic patterns.

Download: http://code.google.com/p/httperf/downloads/list

# tar zxvf httperf-0.9.0.tar.gz
# cd httperf-0.9.0
# ./configure
# make && make install
# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1

Key parameters:

--hog: generate as many connections as possible

--num-conns: total number of connections (e.g., 10000)

--wsess: simulate web sessions (sessions, requests per session, interval)

© Article originally sourced from the web; all rights belong to the original author.