Menu

Useful Linux Scripts

Author image Wouter Dullaert on #administration, #cli, #linux, #script, #server

This article originally appeared on http://olezfdtd.wordpress.com I’ve copied it over to my current blog to consolidate all my blogging efforts over the years in one place.

We didn’t come up with this one, but it’s a very handy reference guide. In good medieval monastery style, we’re copying it here in order to safeguard this information for future generations.

PS command:

The PS command is useful to check for performance problems:

  1. Displaying top CPU-consuming processes:

    ps aux | head -1; ps aux | sort -rn +2 | head -10

  2. Displaying top 10 memory-consuming processes:

    ps aux | head -1; ps aux | sort -rn +3 | head

  3. Displaying process in order of being penalized:

    ps -eakl | head -1; ps -eakl | sort -rn +5

  4. Displaying process in order of priority:

    ps -eakl | sort -n +6 | head

  5. Displaying process in order of nice value

    ps -eakl | sort -n +7

  6. Displaying the process in order of time

    ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10

  7. Displaying the process in order of real memory use

    ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10

  8. Displaying the process in order of I/O

    ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10

  9. Displaying WLM classes

    ps -a -o pid, user, class, pcpu, pmem, args

  10. Determinimg process ID of wait processes:

    ps vg | head -1; ps vg | grep -w wait

  11. Wait process bound to CPU (replace PID with the actual process number)

    ps -mo THREAD -p PID

lsof Command

  1. List all open files:

    lsof

  2. List all open Internet, x.25 (HP-UX), and UNIX domain files:

    lsof -i -U

  3. List all open IPv4 network files in use by the process whose PID is 1234:

    lsof -i 4 -a -p 1234

  4. List all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.purdue.edu:

    lsof -i @wonderland.cc.purdue.edu:513-515

  5. List all files using any protocol on any port of mace.cc.purdue.edu (cc.purdue.edu is the default domain)::

    lsof -i @mace

  6. List all open files for login name “abe”, or user ID 1234, or process 456, or process 123, or process 789:

    lsof -p 456,123,789 -u 1234,abe

  7. List all open files on device /dev/hd4:

    lsof /dev/hd4

  8. Find the process that has /u/abe/foo open:

    lsof /u/abe/foo

  9. Send a SIGHUP to the processes that have /u/abe/bar open:

    kill -HUP `lsof -t /u/abe/bar`

  10. Find any open file, including an open UNIX domain socket file, with the name /dev/log:

    lsof /dev/log

  11. Find processes with open files on the NFS file system named /nfs/mount/point whose server is inaccessible, and presuming your mount table supplies the device number for /nfs/mount/point:

    lsof -b /nfs/mount/point

  12. Do the preceding search with warning messages suppressed:

    lsof -bw /nfs/mount/point

  13. Ignore the device cache file:

    lsof -Di

  14. Obtain PID and command name field output for each process, file descriptor, file device number, and file inode number for each file of each process:

    lsof -FpcfDi

  15. List the files at descriptors 1 and 3 of every process running the lsof command for login ID “abe” every 10 seconds:

    lsof -c lsof -a -d 1 -d 3 -u abe -r10

  16. List the current working directory of processes running a command that is exactly four characters long and has an o or O in character three with this regular expression form of the -c c option:

    lsof -c /^..o.$/i -a -d cwd

  17. Find an IP version 4 socket file by its associated numeric dot-form address:

    lsof [email protected]

  18. Display list of open ports:

    lsof -i

  19. List information about TCP sessions on your server (specifically SSH in this example):

    lsof -i tcp@`hostname`:22

  20. List information about all TCP session:

    lsof -i tcp@`hostname`

  21. List information about all sockets using port 53 (will display named information on UDP/TCP)

    lsof -i @`hostname`:53

  22. List information about all UDP sessions

    lsof -i udp@`hostname`

  23. List all open files with “ssh” in them:

    lsof -c ssh

  24. List everything but with UIDs insted of the UID name from /etc/passwd:

    lsof -l

  25. List all open files with “ssh” and only the UIDs:

    lsof -l -c ssh

  26. List all open files for the /tmp dir. Very slow, but good for finding that nasty process that’s holding a file open (although: fuser -m /tmp, will do the same thing):

    lsof+D /tmp

fuser and netstat Commands

  1. Kill all processes accessing the file system /home in any way:

    fuser -km /home

  2. Invoke something if no other process is using /dev/ttyS1:

    if fuser -s /dev/ttyS1; then :; else something; fi

  3. Some Important Command to find DDOS Attack:

    fuser telnet/tcp shows all processes at the (local) TELNET port.

    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

    netstat -ntu | grep -v TIME_WAIT | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

    bash netstat -an | grep :80 | awk '{print $5}' | cut -f1 -d":" | sort | uniq -c | sort -n `

  4. netstat command example:

    netstat –listen

  5. Display open ports and established TCP connections:

    netstat -vatn

  6. For UDP port try following command:

    netstat -vaun

  7. If you want to see FQDN then remove -n flag:

    netstat -vat

Wouter Dullaert

Code, running, jazz and beats.

Belgium https://wdullaer.com