Linux System Inspection Checklist: A Checklist Used by Senior Operations and Maintenance Professionals

Welcome to like and bookmarkLinux System Inspection Checklist: A Checklist Used by Senior Operations and Maintenance Professionals

Introduction: An Avoidable “Midnight Alarm”

Last Wednesday at 2 AM, I was woken up by a phone call:“Web server CPU at 100%, users can’t access the website!”

Logging in urgently, I found:One application server’s disk space had reached100%, log files were growing uncontrollably, causing MySQL to be unable to write, and the entire service was down.

What’s more embarrassing is—

Actually, the monitoring system had sent a“Disk usage > 90%” alert the previous afternoon, but no one acted on it.

This made me realize: No matter how good the monitoring is, it cannot replaceproactive inspections.Many “sudden failures” actually have early signs.

Today, I am sharing my“Linux System Inspection Checklist” that I have used for ten years without reservation, so that beginners can follow it, and experienced professionals can fill in the gaps. It’s all in plain language, with commands + explanations, ensuring you can understand and use it.

1. Why Perform System Inspections?

Many people think: “Monitoring is enough, why check every day?”

But the reality is:

  • Monitoring may miss alerts

  • Too many alerts become “the wolf is coming”

  • Some issues need to be identified by “trends”

System inspections are like regular health check-ups:

Don’t wait until you have a “heart attack” to go to the hospital, but rather detect the signs of “three highs” in advance.

Recommended frequency:

  • Core servers: once a day

  • Regular servers: once a week

  • Automated inspections: future goal

2. Five Dimensions of Linux System Inspection (with Commands + Interpretations)

We will check in the order ofCPU → Memory → Disk → Network → Logs across five dimensions.

✅ Dimension 1: CPU Usage and System Load

Inspection Goals:

  • Is the CPU overloaded?

  • Is the system “too busy”?

Common Commands: top

%Cpu(s) Line:

  • <span><span>us</span></span> (user mode) > 80%? → Application is CPU intensive

  • <span><span>sy</span></span> (kernel mode) > 30%? → Too many system calls

  • <span><span>id</span></span> (idle) < 10%? → CPU is nearing its limit

Load Average:

  • 1-minute load > CPU cores × 0.7? → Warning
  • Consistently above the number of cores? → Severe overload

💡 Example: For a 4-core server, load average > 3 should raise a flag.

Dimension 2: Memory and Swap Usage

Inspection Goals:

  • Is memory running low?

  • Is Swap (virtual memory) being used frequently?

Common Commands: free -h

Mem Line:

  • used close to <span><span>total</span></span>? → High memory pressure

Swap Line::

  • used > 10%? → Risk signal
  • <span><span>si/so</span></span> (swap in/out) consistently > 0? → Performance may slow down

⚠️Golden Rule: Avoid using Swap in production environments, otherwise the system will “lag like a PowerPoint presentation”.

✅ Dimension 3: Disk Space and I/O Performance

Inspection Goals:

  • Is the disk nearly full?

  • Is read/write slowing down?

Common Commands: df -h & iostat -x 1 3

<span><span>df -h</span></span>:

  • Any partition > 90%? → Must be addressed
  • Pay special attention to <span><span>/</span></span>, <span><span>/var</span></span>, and <span><span>/home</span></span>

<span><span>iostat -x</span></span>:

  • %util > 80%? → Disk I/O bottleneck
  • <span><span>await</span></span> > 20ms? → High latency (SSD should be < 1ms)

💡Recommendation: Clean logs and temporary files daily to avoid “log explosions”.

✅ Dimension 4: Network Connections and Port Status

Inspection Goals:

  • Is the network functioning normally?

  • Are there any abnormal connections?

Common Commands: netstat -tulnp & ss -s

<span><span>netstat -tulnp</span></span>:

  • Are critical service ports listening? (e.g., 80, 443, 3306)
  • Are there any suspicious external connections? (e.g., unknown IPs, unusual ports)

<span><span>ss -s</span></span>:

  • Check total TCP connections; a sudden increase may indicate DDoS or connection leaks

🔐Security Recommendation: Close unnecessary ports and use firewalls to restrict access.

✅ Dimension 5: System Logs and Security Audits

Inspection Goals:

  • Are there any errors or warnings?

  • Are there any illegal login attempts?

Common Commands:

Linux System Inspection Checklist: A Checklist Used by Senior Operations and Maintenance Professionals

What to Focus On:

  • Are there continuous occurrences of <span><span>Out of memory</span></span>, <span><span>Timeout</span></span>, or <span><span>Connection refused</span></span>?

  • More than 10 failed SSH login attempts? → Possible brute force attack

🛡️Recommendation: Use <span><span>fail2ban</span></span> to automatically block IPs, or switch to key-based login.

3. Linux System Inspection Checklist

Linux System Inspection Checklist: A Checklist Used by Senior Operations and Maintenance Professionals

4. Conclusion: The Best Operations and Maintenance is “No Incidents”

Servers do not crash suddenly; they will “run a fever”, “cough”, or “struggle to breathe”.

True experts are not those who fix issues quickly, but those who detect problems in advance.

Starting today,

spend 5 minutes to perform a system inspection,

which may help avoid a “midnight fire-fighting” situation.

📬 Follow【Enterprise Security Guide】

  • One article every week in layman’s terms for technical popularization,

  • Aid you in avoiding IT pitfalls and improving work efficiency.

  • Next issue preview: Linux automated inspection shell script

Leave a Comment