
Reading this article will take approximately 13 minutes.
Source: Internet, please delete if infringing.
Basic Operations
Linux Shutdown and Restart
# Shutdown
shutdown -h now
# Restart
shutdown -r now
View System and CPU Information
# View system kernel information
uname -a
# View system kernel version
cat /proc/version
# View current user environment variables
env
cat /proc/cpuinfo
# View number of logical CPUs, including CPU model
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
# View number of CPUs and cores per CPU
cat /proc/cpuinfo | grep physical | uniq -c
# Check if current CPU is running in 32bit or 64bit mode
getconf LONG_BIT
# Result greater than 0 indicates support for 64bit computation. lm indicates long mode, supporting lm means 64bit
cat /proc/cpuinfo | grep flags | grep ' lm ' | wc -l
Create Soft Links
ln -s /usr/local/jdk1.8/ jdk
RPM Related
# Check if the software is installed via RPM
rpm -qa | grep software_name
SSH Key
# Create SSH Key
ssh-keygen -t rsa -C [email protected]
# Copy the contents of id_rsa.pub to the home/username/.ssh/authorized_keys of the server to be controlled, create if it does not exist (.ssh permission is 700, authorized_keys permission is 600)
Command Renaming
# Add renaming configuration in each user's .bash_profile
alias ll='ls -alF'
Synchronize Server Time
sudo ntpdate -u ntp.api.bz
Run Commands in Background
# Run in background with nohup.out output
nohup xxx &
# Run in background without any log output
nohup xxx > /dev/null &
# Run in background and redirect error messages to log
nohup xxx >out.log 2>&1 &
Force Active User Logout
# Command to force active user logout. TTY represents the terminal name
pkill -kill -t [TTY]
View Command Path
which <command>
View Maximum Open File Descriptors for Processes
ulimit -n
Configure DNS
vim /etc/resolv.conf
nslookup, View Domain Routing Table
nslookup google.com
last, Recent Login Information List
# Last 5 logged in accounts
last -n 5
Set Static IP
ifconfig em1 192.168.5.177 netmask 255.255.255.0
View Loaded Environment Variables in Process
# You can also go to the /proc directory to see what is loaded in the process memory
ps eww -p XXXXX(process_id)
View Process Tree to Find Server Processes
ps auwxf
View Process Startup Path
cd /proc/xxx(process_id)
ls -all
# cwd corresponds to the startup path
Add Users and Configure Sudo Permissions
# Add new user
useradd username
passwd username
# Add sudo permissions
vim /etc/sudoers
# Modify the file as follows:
# root ALL=(ALL) ALL
# username ALL=(ALL) ALL
Force Close All Processes Containing xxx
ps aux|grep xxx | grep -v grep | awk '{print $2}' | xargs kill -9
Disk, File, and Directory Related Operations
vim Operations
# In normal mode, g represents global, x represents the search content, y represents the replacement content
:%s/x/y/g
# In normal mode
0 # Move cursor to the beginning of the line (number 0)
$ # Move cursor to the end of the line
shift + g # Jump to the end of the file
gg # Jump to the beginning of the file
# Display line numbers
:set nu
# Remove line numbers
:set nonu
# Search
/xxx(search content) # Search from the beginning, press n to find the next
?xxx(search content) # Search from the end
Open Read-Only Files and Save After Modification (without Switching Users)
# In normal mode
:w !sudo tee %
View Basic Information of Disk, File Directory
# View disk mount status
mount
# View disk partition information
df
# View the size of directories and subdirectories
du -H -h
# View the space occupied by each file and folder in the current directory without recursion
du -sh *
wc Command
# View how many lines in the file
wc -l filename
# View how many words in the file
wc -w filename
# View the length of the longest line in the file
wc -L filename
# Count the number of bytes
wc -c
Common Compression and Decompression Commands
Compression Commands
tar czvf xxx.tar compress_directory
zip -r xxx.zip compress_directory
Decompression Commands
tar zxvf xxx.tar
# Decompress to specified folder
tar zxvf xxx.tar -C /xxx/yyy/
unzip xxx.zip
Change File Ownership and User Group
chown eagleye.eagleye xxx.log
cp, scp, mkdir
# Copy
cp xxx.log
# Copy and force overwrite the same file
cp -f xxx.log
# Copy directory
cp -r xxx(source_directory) yyy(target_directory)
# Remote copy
scp -P ssh_port [email protected]:/home/username/xxx /home/xxx
# Cascade create directories
mkdir -p /xxx/yyy/zzz
# Batch create directories, will create java, resources folders in both test and main
mkdir -p src/{test,main}/{java,resources}
Compare Two Files
diff -u 1.txt 2.txt
Log Output Byte Count, Can Be Used for Performance Testing
# For performance testing, you can output "." to the log each time it runs, so the byte count in the log is the actual number of performance test runs, and you can also see the real-time rate.
tail -f xxx.log | pv -bt
View and Remove Special Characters
# View special characters
cat -v xxx.sh
# Remove special characters
sed -i 's/^M//g' env.sh # Remove special characters from the file, such as ^M: need to input like this: ctrl+v+enter
Handle Special Character Issues in Files Caused by System Reasons
# Can convert to the file format under this system
cat file.sh > file.sh_bak
# First copy the contents of file.sh, then run, then paste the content, finally ctrl + d to save and exit
cat > file1.sh
# Set file encoding and format in vim
:set fileencodings=utf-8, then w (save) to convert to utf8 format,
:set fileformat=unix
# Use dos2unix for file formatting on mac
find . -name "*.sh" | xargs dos2unix
tee, Redirect While Outputting to Screen
awk '{print $0}' xxx.log | tee test.log
Search Related
grep
# Reverse match, find content that does not contain xxx
grep -v xxx
# Exclude all empty lines
grep -v '^$'
# Return result 2, indicating that the second line is empty
grep -n "^$" 111.txt
# Query lines starting with abc
grep -n "^abc" 111.txt
# Also list the line number where the word appears in the article
grep 'xxx' -n xxx.log
# Count how many times the substring appears
grep 'xxx' -c xxx.log
# When comparing, ignore case differences
grep 'xxx' -i xxx.log
awk
# Use ':' as a delimiter, if the fifth field contains user, output that line
awk -F ':' '{if ($5 ~ /user/) print $0}' /etc/passwd
# Count the occurrences of a character (string) in a single file (Chinese is invalid)
awk -v RS='character' 'END {print --NR}' xxx.txt
find Search Command
# Find files with .mysql suffix in the directory
find /home/eagleye -name '*.mysql' -print
# Search from the /usr directory down, find files accessed in the last 3 days.
find /usr -atime 3 –print
# Search from the /usr directory down, find files modified in the last 5 days.
find /usr -ctime 5 –print
# Search from the /doc directory down, find files owned by jacky, starting with j.
find /doc -user jacky -name 'j*' –print
# Search from the /doc directory down, find files starting with ja or ma.
find /doc \( -name 'ja*' -o- -name 'ma*' \) –print
# Search from the /doc directory down, find and delete files ending with bak. -exec option means execute, rm is the delete command, { } indicates filename, "\;" indicates the end of the command.
find /doc -name '*bak' -exec rm {} \;
Network Related
View Which Process is Using the Port
lsof -i:port
Get Local IP Address
/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"
iptables
# View iptables status
service iptables status
# To block an IP
iptables -I INPUT -s ***.***.***.*** -j DROP
# To unblock an IP, use the command below:
iptables -D INPUT -s ***.***.***.*** -j DROP
Note: The parameter -I means Insert (add), -D means Delete (remove). The following is the rule, INPUT indicates inbound, ***.***.***.*** indicates the IP to be blocked, DROP indicates to abandon the connection.
# Allow access to port 9090
/sbin/iptables -I INPUT -p tcp --dport 9090 -j ACCEPT
# Firewall start, stop, restart
/etc/init.d/iptables status
/etc/init.d/iptables start
/etc/init.d/iptables stop
/etc/init.d/iptables restart
nc Command, TCP Debugging Tool
# Send TCP request to a specific endpoint, sending the content of data to the other end
nc 192.168.0.11 8000 < data.txt
# nc can act as a server, listening on a port, storing the content of a request in received_data
nc -l 8000 > received_data
# The above only listens once, if you want to listen multiple times, add the -k parameter
nc -lk 8000
tcpdump
# Dump TCP packets from local port 12301
tcpdump -i em1 tcp port 12301 -s 1500 -w abc.pcap
Trace Network Routing Path
# traceroute uses UDP by default, if -I it switches to ICMP
traceroute -I www.163.com
# Trace from the 3rd hop of ttl
traceroute -M 3 www.163.com
# Add port for tracing
traceroute -p 8080 192.168.10.11
ss
# Display all local open ports
ss -l
# Display each process's specific open socket
ss -pl
# Display all TCP sockets
ss -t -a
# Display all UDP sockets
ss -u -a
# Display all established SMTP connections
ss -o state established '( dport = :smtp or sport = :smtp )'
# Display all established HTTP connections
ss -o state established '( dport = :http or sport = :http )'
# Find all processes connected to the X server
ss -x src /tmp/.X11-unix/*
# List current socket statistics
ss -s
# Explanation: netstat traverses each PID directory under /proc, ss directly reads statistics information under /proc/net. Therefore, ss consumes less resources and time than netstat.
netstat
# Output the number of connections for each IP and the total number of connections in each state
netstat -n | awk '/^tcp/ {n=split($(NF-1),array,":");if(n<=2)++S[array[(1)]];else++S[array[(4)]];++s[$NF];++N} END {for(a in S){printf("%-20s %s\n", a, S[a]);++I}printf("%-20s %s\n","TOTAL_IP",I);for(a in s) printf("%-20s %s\n",a, s[a]);printf("%-20s %s\n","TOTAL_LINK",N);}'
# Count all connection states,
# CLOSED: No connections are active or in progress
# LISTEN: The server is waiting for incoming calls
# SYN_RECV: A connection request has arrived, waiting for confirmation
# SYN_SENT: The application has started to open a connection
# ESTABLISHED: Normal data transmission state
# FIN_WAIT1: The application says it has finished
# FIN_WAIT2: The other side has agreed to release
# ITMED_WAIT: Waiting for all packets to die
# CLOSING: Both sides attempt to close
# TIME_WAIT: The actively closed connection side has not yet waited for the other side to feedback
# LAST_ACK: Waiting for all packets to die
netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'
# Find many time_wait connections
netstat -n|grep TIME_WAIT|awk '{print $5}'|sort|uniq -c|sort -rn|head -n20
Monitor Linux Performance Commands
top
Press capital F or O, then press a-z to sort the process by the corresponding column, then press enter. The capital R key can reverse the current sorting
Column Name
Meaning
|
PID |
Process ID |
|
PPID |
Parent Process ID |
|
RUSER |
Real User Name |
|
UID |
User ID of the process owner |
|
USER |
Username of the process owner |
|
GROUP |
Group name of the process owner |
|
TTY |
Terminal name that started the process. Processes not started from a terminal will display as ? |
|
PR |
Priority |
|
NI |
Nice value. Negative value indicates high priority, positive value indicates low priority |
|
P |
Last used CPU, only meaningful in multi-CPU environments |
|
%CPU |
Percentage of CPU time used since the last update |
|
TIME |
Total CPU time used by the process, in seconds |
|
TIME+ |
Total CPU time used by the process, in 1/100 seconds |
|
%MEM |
Percentage of physical memory used by the process |
|
VIRT |
Total amount of virtual memory used by the process, in KB. VIRT=SWAP+RES |
|
SWAP |
Size of virtual memory swapped out, in KB. |
|
RES |
Size of physical memory used that has not been swapped out, in KB. RES=CODE+DATA |
|
CODE |
Size of physical memory occupied by executable code, in KB |
|
DATA |
Size of physical memory occupied by parts other than executable code (data segment + stack), in KB |
|
SHR |
Size of shared memory, in KB |
|
nFLT |
Number of page faults |
|
nDRT |
Number of pages modified since last write. |
|
S |
Process status. D=Uninterruptible sleep, R=Running, S=Sleeping, T=Tracing/Stopped, Z=Zombie process |
|
COMMAND |
Command name/command line |
|
WCHAN |
If the process is sleeping, display the name of the system function in sleep |
|
Flags |
Task flags, refer to sched.h |
dmesg, View System Logs
dmesg
iostat, Monitor Disk IO
iostat -xz 1
# r/s, w/s, rkB/s, wkB/s: respectively indicate read/write counts per second and read/write data volume (in kilobytes). Excessive read/write volume may cause performance issues.
# await: Average wait time for IO operations, in milliseconds. This is the time the application spends interacting with the disk, including IO wait and actual operation time. If this value is too high, it may indicate that the hardware device is bottlenecked or malfunctioning.
# avgqu-sz: Average number of requests sent to the device. If this value exceeds 1, it may indicate that the hardware device is saturated (some front-end hardware devices support parallel writing).
# %util: Device utilization. This value indicates the busyness of the device. The empirical value is that if it exceeds 60, it may affect IO performance (can refer to average wait time for IO operations). If it reaches 100%, it indicates that the hardware device is saturated.
# If the displayed data is for logical devices, then device utilization does not represent that the actual hardware device is saturated. It is worth noting that even if IO performance is not ideal, it does not necessarily mean that application performance will be poor; strategies such as pre-reading and write caching can be used to enhance application performance.
free, Memory Usage
free -m
eg:
total used free shared buffers cached
Mem: 1002 769 232 0 62 421
-/+ buffers/cache: 286 715
Swap: 1153 0 1153
First part Mem line:
total Total memory: 1002M
used Memory already used: 769M
free Free memory: 232M
shared Currently discarded, always 0
buffers Buffer cache memory: 62M
cached Page cache memory:421M
Relation: total(1002M) = used(769M) + free(232M)
Second part (-/+ buffers/cache):
(-buffers/cache) used memory: 286M (refers to used from the first part - buffers - cached)
(+buffers/cache) free memory: 715M (refers to free from the first part + buffers + cached)
The -buffers/cache reflects the memory actually consumed by the program, while +buffers/cache reflects the total available memory that can be allocated.
The third part refers to the swap partition
sar, View Network Throughput Status
# The sar command can be used to view the throughput of network devices. When troubleshooting performance issues, you can determine if the network device is saturated by its throughput.
sar -n DEV 1
# The sar command can also be used to view TCP connection status, including:
# active/s: Number of TCP connections initiated locally per second, i.e., TCP connections created by the connect call;
# passive/s: Number of TCP connections initiated remotely per second, i.e., TCP connections created by the accept call;
# retrans/s: Number of TCP retransmissions per second;
# The number of TCP connections can help determine whether performance issues are caused by establishing too many connections, and further determine if they are actively initiated or passively accepted connections. TCP retransmissions may be due to poor network conditions or excessive server load causing packet loss.
sar -n TCP,ETCP 1
vmstat, Monitor CPU Usage, Memory Usage, Virtual Memory Interaction, IO Read/Write Over Time
# 2 indicates collect status information every 2 seconds, 1 indicates collect once (ignore continuous collection)
vmstat 2 1
eg:
r b swpd free buff cache si so bi bo in cs us sy id wa
1 0 0 3499840 315836 3819660 0 0 0 1 2 0 0 0 100 0
0 0 0 3499584 315836 3819660 0 0 0 0 88 158 0 0 100 0
0 0 0 3499708 315836 3819660 0 0 0 2 86 162 0 0 100 0
0 0 0 3499708 315836 3819660 0 0 0 10 81 151 0 0 100 0
1 0 0 3499732 315836 3819660 0 0 0 2 83 154 0 0 100 0
-
r represents the running queue (how many processes are actually allocated to the CPU), the CPU on the server I tested is relatively idle, with no programs running; when this value exceeds the number of CPUs, it indicates a CPU bottleneck. This is also related to the load in top; generally, if the load exceeds 3, it is considered high; if it exceeds 5, it is high; if it exceeds 10, it is abnormal; the server’s state is very dangerous. The load in top is similar to the running queue per second. If the running queue is too large, it indicates that your CPU is very busy, which usually leads to high CPU usage. -
b indicates blocked processes, which is self-explanatory; processes are blocked, everyone understands. -
swpd indicates the size of virtual memory used; if greater than 0, it indicates that your machine’s physical memory is insufficient. If this is not due to memory leak from the program, then you should upgrade the memory or migrate memory-intensive tasks to other machines. -
free indicates the size of free physical memory; my machine has a total of 8G memory, with 3415M remaining. -
buff is used by Linux/Unix systems to store what content is in the directory, permissions, etc.; my machine occupies around 300M. -
cache is used to remember the files we open, providing a buffer for files; my machine occupies around 300M (this is the clever part of Linux/Unix, taking a portion of the free physical memory to cache files and directories to improve program execution performance; when programs use memory, buffer/cached will be used quickly). -
si indicates the size of virtual memory read from disk per second; if this value is greater than 0, it indicates that physical memory is insufficient or there is a memory leak; you should find memory-consuming processes to resolve it. My machine has sufficient memory, everything is normal. -
so indicates the size of virtual memory written to disk per second; if this value is greater than 0, it indicates the same as above. -
bi indicates the number of blocks received per second from block devices; block devices refer to all disks and other block devices on the system; the default block size is 1024 bytes; my machine has no IO operations, so it is always 0; however, I have seen it reach 140000/s on machines handling large data copies (2-3T), with disk write speeds of about 140M per second. -
bo indicates the number of blocks sent per second from block devices; for example, when we read files, bo should be greater than 0. bi and bo should generally be close to 0; otherwise, it indicates excessive IO frequency, requiring adjustment. -
in indicates the number of CPU interrupts per second, including time interrupts. -
cs indicates the number of context switches per second; for example, when we call system functions, context switches occur; thread switches also require process context switches; this value should be kept as low as possible; if it is too high, consider reducing the number of threads or processes. For example, in web servers like apache and nginx, we usually conduct performance tests with thousands or even tens of thousands of concurrent requests, and the choice of web server processes can be continuously adjusted down until cs reaches a relatively low value; this process and thread count is considered suitable. System calls also require context switching each time we call a system function, leading to resource consumption; thus, we should avoid frequent calls to system functions. Excessive context switching indicates that your CPU is mostly wasting time on context switching, reducing the time spent on meaningful work, which is undesirable. -
us indicates user CPU time; I have seen this approach close to 100 on a server frequently performing encryption and decryption; the running queue reached 80 (the machine was under stress testing, and performance was poor). -
sy indicates system CPU time; if it is too high, it indicates that system call time is long, such as frequent IO operations. -
id indicates idle CPU time; generally, id + us + sy = 100; I believe id is the idle CPU usage rate, us is user CPU usage rate, and sy is system CPU usage rate. -
wt indicates waiting IO CPU time.
– END –