Top 13 Essential Linux Ops Tools Every Sysadmin Should Master

Linux Operations Tools Overview

1. Nethogs – Process Bandwidth Monitor

Nethogs is a terminal‑based network traffic monitor that shows bandwidth usage per process.

Download: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

# yum -y install libpcap-devel ncurses-devel
# tar zxvf nethogs-0.8.0.tar.gz
# cd nethogs
# make && make install
# nethogs eth0

2. IOZone – Disk I/O Performance Test

IOZone tests file system read/write performance across different operating systems.

Download: http://www.iozone.org/src/current/

# tar xvf iozone3_420.tar
# cd iozone3_420/src/current/
# make linux
# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls

-a: automatic mode -n: minimum file size (KB) for auto mode -g: maximum file size (KB) for auto mode -i: select test to run -f: test file name (deleted after run) -R: output Excel to stdout -b: output to specified file

3. IOTop – Real‑time Disk I/O Monitor

IOTop displays disk I/O usage per process, similar in style to the top command.

# yum -y install iotop

4. IPtraf – Simple Network Traffic Analyzer

IPtraf provides a straightforward view of network status on Linux.

# yum -y install iptraf

5. IFTOP – Real‑time Network Bandwidth Monitor

iftop is a top‑like tool for monitoring network traffic, more visual than iptraf.

Download: http://www.ex-parrot.com/~pdw/iftop/

# tar zxvf iftop-0.17.tar.gz
# cd iftop-0.17
# ./configure
# make && make install
# iftop
# iftop -i eth0   # monitor specific interface

TX: transmitted traffic

RX: received traffic

TOTAL: total traffic

Cumm: cumulative traffic since start

peak: traffic peak

rates: average over 2s, 10s, 40s

6. HTop – Interactive Process Viewer

HTop is an interactive process browser that can replace the default top command.

# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# yum -y install htop

7. NMON – System Performance Monitor

NMON is widely used on AIX and various Linux distributions for monitoring and analysis.

Download: http://sourceforge.jp/projects/sfnet_nmon/releases/

# chmod +x nmon_x86_64_rhel6
# mv nmon_x86_64_rhel6 /usr/sbin/nmon
# nmon

8. MultiTail – Simultaneous Log Monitoring

MultiTail opens multiple windows in the console to monitor several log files at once, similar to the tail command.

# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# yum -y install multitail
# multitail -e "fail" /var/log/secure   # filter by keyword
# multitail -l "ping baidu.com"       # monitor command output
# multitail -i /var/log/messages -i /var/log/secure   # monitor multiple files

9. Fail2ban – SSH Brute‑Force Protection

Fail2ban watches system logs, matches error patterns with regular expressions, and blocks offending IPs via firewall rules.

Download: http://www.fail2ban.org/wiki/index.php/Downloads

# cd fail2ban-0.8.11
# python setup.py install
# cd files/
# cp ./redhat-initd /etc/init.d/fail2ban
# service fail2ban start
# chkconfig --add fail2ban
# chkconfig fail2ban on

Configuration example (excerpt):

ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
enabled = true
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log

10. Tmux – Terminal Multiplexer

Tmux allows persistent sessions and window management, ensuring tasks continue running after SSH disconnections.

# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

11. Agedu – Disk Space Visualizer

Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

# tar zxvf agedu-r9723.tar.gz
# cd agedu-r9723
# ./configure
# make && make install
# agedu -s /               # scan filesystem
# agedu -w --address 192.168.0.10:80   # web interface

12. NMap – Network Scanner

NMap scans open ports and services on remote hosts.

Download: http://nmap.org/download.html

# tar jxvf nmap-6.40.tar.bz2
# ./configure
# make && make install
# nmap 192.168.0.10               # basic info
# nmap -O 192.168.0.10            # OS detection
# nmap -A 192.168.0.10            # comprehensive scan
# nmap 192.168.0.0/24             # scan entire subnet

-sS: TCP SYN scan -sV: service version detection

13. Httperf – Web Stress Test Tool

Httperf is more powerful than ab, capable of measuring maximum service capacity and uncovering issues such as memory usage and stability.

Download: http://code.google.com/p/httperf/downloads/list

# tar zxvf httperf-0.9.0.tar.gz
# cd httperf-0.9.0
# ./configure
# make && make install
# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1

Key parameters:

--hog: generate as many connections as possible

--num-conns: total number of connections (e.g., 10000)

--wsess: session pattern – first number = sessions, second = requests per session, third = think time (seconds)