Top 13 Essential Linux Tools for System Monitoring and Security

This article introduces several practical Linux operation tools that are useful for system administrators, covering monitoring, performance testing, and security.

1. Nethogs – Process Bandwidth Monitor

Nethogs is a terminal‑based network traffic monitor that displays bandwidth usage per process.

Download: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

<code># yum -y install libpcap-devel ncurses-devel
# tar zxvf nethogs-0.8.0.tar.gz
# cd nethogs
# make && make install
# nethogs eth0</code>

2. IOZone – Disk I/O Performance Test

IOZone is a Linux file‑system performance testing tool that measures read/write speeds across different operating systems.

Download: http://www.iozone.org/src/current/

<code># tar xvf iozone3_420.tar
# cd iozone3_420/src/current/
# make linux
# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls</code>

-a runs in full‑automatic mode; -n sets minimum file size; -g sets maximum file size; -i selects tests; -f specifies output file; -R outputs Excel; -b writes to a file.

3. IOTop – Real‑time Disk I/O Monitor

IOTop displays real‑time disk I/O usage, similar in style to the top command.

<code># yum -y install iotop</code>

4. IPtraf – Simple Network Traffic Analyzer

IPtraf is a lightweight Linux tool for analyzing network conditions.

<code># yum -y install iptraf</code>

5. IFTop – Real‑time Network Bandwidth Monitor

IfTop provides a top‑like interface for monitoring network traffic, offering a more visual view than iptraf.

Download: http://www.ex-parrot.com/~pdw/iftop/

<code># tar zxvf iftop-0.17.tar.gz
# cd iftop-0.17
# ./configure
# make && make install
# iftop -i eth0</code>

TX: transmitted traffic, RX: received traffic, TOTAL: total traffic, Cumm: cumulative traffic, peak: peak traffic, rates: average rates over 2s/10s/40s.

6. HTop – Interactive Process Viewer

HTop is an interactive process browser that can replace the default top command.

<code># yum -y install htop</code>

7. NMON – System Resource Monitor

NMON is a widely used monitoring and analysis tool for AIX and various Linux distributions.

Download: http://sourceforge.jp/projects/sfnet_nmon/releases/

<code># chmod +x nmon_x86_64_rhel6
# mv nmon_x86_64_rhel6 /usr/sbin/nmon
# nmon</code>

8. MultiTail – Simultaneous Log Monitoring

MultiTail opens multiple windows in the console to monitor several log files simultaneously, similar to the tail command.

<code># yum -y install multitail
# multitail -e "fail" /var/log/secure
# multitail -l "ping baidu.com"
# multitail -i /var/log/messages -i /var/log/secure</code>

9. Fail2ban – SSH Brute‑Force Protection

Fail2ban monitors system logs, matches error patterns with regular expressions, and blocks offending IPs via iptables.

Download: http://www.fail2ban.org/wiki/index.php/Downloads

<code># cd fail2ban-0.8.11
# python setup.py install
# cp ./redhat-initd /etc/init.d/fail2ban
# service fail2ban start
# chkconfig --add fail2ban
# chkconfig fail2ban on</code>

Key configuration options include ignoreip, bantime, findtime, maxretry, backend, and logpath.

10. Tmux – Persistent Terminal Sessions

Tmux is a powerful terminal multiplexer that is more flexible and efficient than GNU Screen, ensuring SSH sessions remain active.

11. Agedu – Disk Space Usage Viewer

Agedu visualizes disk space consumption.

Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

<code># tar zxvf agedu-r9723.tar.gz
# cd agedu-r9723
# ./configure
# make && make install
# agedu -s /
# agedu -w --address 192.168.0.10:80</code>

12. NMap – Network Scanner

NMap is a network discovery and security auditing tool for Linux.

Download: http://nmap.org/download.html

<code># tar jxvf nmap-6.40.tar.bz2
# ./configure
# make && make install
# nmap 192.168.0.10
# nmap -O 192.168.0.10
# nmap -A 192.168.0.10
# nmap 192.168.0.0/24</code>

Common options: -sS TCP SYN scan, -sV version detection.

13. Httperf – Web Stress Testing

Httperf is a more powerful alternative to ab, capable of measuring maximum service capacity and identifying bottlenecks such as memory usage and stability.

Download: http://code.google.com/p/httperf/downloads/list

<code># tar zxvf httperf-0.9.0.tar.gz
# cd httperf-0.9.0
# ./configure
# make && make install
# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1</code>

Parameters: --hog generates as many connections as possible; --num-conns sets total connections; --wsess defines session behavior (sessions, requests per session, think time).

Source: "求知无坦途，学问无捷径！" blog