Master Essential Linux Commands for Efficient System Operations

Preface

After years of working in operations, I remember starting with only simple commands and writing overly long, inefficient scripts. Advanced commands such as xargs, pipelines, and automatic response utilities can dramatically simplify scripts, and I want to share their usage for mutual benefit.

1. Practical xargs Command

The xargs command is useful for feeding the output of one command as arguments to another. For example, to locate all files ending with .conf under / and classify them, you can avoid the cumbersome two‑step approach of saving results to a file and then processing it.

Example: Find .conf files and run file on each.

Command: # find / -name *.conf -type f -print | xargs file Result:

2. Running Commands or Scripts in the Background

When performing long‑running operations such as database import/export, you often need the process to continue after the terminal session ends. Using nohup allows the command to run in the background and redirects output to a file.

Example: Run a MySQL dump in the background and save output.

nohup mysqldump -uroot -pxxxxx --all-databases > ./alldatabases.sql &  # xxxxx is the password

If you prefer not to expose the password in plain text:

nohup mysqldump -uroot -p --all-databases > ./alldatabases.sql  # omit the trailing &

After starting the command, you can press Ctrl+Z and then type bg to move it to the background while keeping the password prompt hidden. The execution creates a nohup.out file in the current directory where you can check for errors.

3. Identify High‑Memory Processes

To sort processes by memory usage, use:

Command: # ps -aux | sort -rnk 4 | head -20 Output (example):

4. Identify High‑CPU Processes

To sort processes by CPU usage, use:

Command: # ps -aux | sort -rnk 3 | head -20 Output (example):

5. View Multiple Logs Simultaneously

Instead of opening separate terminals for each log, the multitail tool can display several log files in one window with highlighting and filtering.

Install:

# wget ftp://ftp.is.co.za/mirror/ftp.rpmforge.net/redhat/el6/en/x86_64/dag/RPMS/multitail-5.2.9-1.el6.rf.x86_64.rpm
# yum -y localinstall multitail-5.2.9-1.el6.rf.x86_64.rpm

Example: Monitor /var/log/secure for the keyword “Accepted” while simultaneously showing live ping output.

Command:

# multitail -e "Accepted" /var/log/secure -l "ping baidu.com"

Result:

6. Continuous Ping Logged to a File

To record ping results with timestamps for later analysis, use:

ping api.jpush.cn | awk '{ print $0"\t" strftime("%Y-%m-%d %H:%M:%S",systime()) }' >> /tmp/jiguang.log &

The file /tmp/jiguang.log receives one line per second. Example output:

7. Check TCP Connection States

To view the distribution of TCP connection states on port 80:

Command:

# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn

Result:

8. Find Top 20 IPs Requesting Port 80

When traffic spikes, you can identify the IPs generating the most requests, which may indicate an attack.

# netstat -anlp | grep 80 | grep tcp | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n20

Result:

9. SSH Port Forwarding

SSH can also be used for port forwarding, allowing you to access internal services without exposing them directly.

Scenario: A bastion host (192.168.1.15) must forward requests to an Elasticsearch node (192.168.1.19) on port 9200.

Command:

ssh -p 22 -C -f -N -g -L 9200:192.168.1.19:9200 [email protected]

Prerequisite: SSH key exchange must be set up first. After execution, accessing 192.168.1.15:9200 actually reaches 192.168.1.19:9200.