Monitoring the system:

Basic command line:

pstree Processes and parent-child relarionships
top Show top processes
ps -auxw process status
vmstat Monitor virtual memory
free Display amount of free and used memory in the system. (Also: cat /proc/meminfo)
pmap Display/examine memory map and libraries (so). Usage: pmap pid
cat /proc/sys/vm/freepages Display virtual memory "free pages".
One may increase/decrease this limit: echo 300 400 500 > /proc/sys/vm/freepages
uname -a print system information
cat /proc/version Display Linux kernel version in use.
cat /etc/redhat-release Display Red Hat Linux Release. (also /etc/issue)
uptime Tell how long the system has been running. Also number of users and system's load average.
w Show who is logged on and what they are doing.
/sbin/lsmod List all currently loaded kernel modules.
Same as cat /proc/modules
/sbin/runlevel Displays the system's current runlevel.
hostname Displays/changes the system's node name. (Must also manually change hostname setting in /etc/sysconfig/network. Command will change entry in /etc/hosts)
service Display status of system services.
Example: service --status-all
Help: service --help

Hardware Info:

/usr/bin/lsdev List devices and info on system hardware. Also IRQ's.(RPM package procinfo)
/sbin/lspci list all PCI devices (result of probe) Also lspci -vvx and cat /proc/pci
cat /proc/interrupts List IRQ's used by system and the device using the interrupt.
cat /proc/ioports List I/O ports used by system.
cat /proc/dma List DMA channels and device used by system.
cat /proc/cpuinfo List info about CPU.

Filesystems and Storage Devices:

Hard Drive Info:

df -k report filesystem disk space usage. (-k reports in Kbytes)
du -sh Calculates file space usage for a given directory. (and everything under it) (-s option summarizes)
mount Displays all mounted devices, their mountpoint, filesystem, and access. Used with command line arguments to mount file system.
cat /proc/filesystems Display filesystems currently in use.
cat /proc/mounts Display mounted filesystems currently in use.
showmount Displays mount info for NFS filesystems.
cat /proc/swaps Displays swap partition(s) size, type and quantity used.
cat /proc/ide/hda/any-file Displays disk information held by kernel.

Adding an extra hard drive: (See commands and dialog of adding a second IDE hard drive)

  1. fdisk /dev/<drive> - Allocate drive space and register info on the partition table. (Option "n"/"p", then "w" to write.)
    Also see: sfdisk - cfdisk
  2. mkfs -t ext3 /dev/<drive> - Create file system. (RH 7.1 and earlier use ext2, RH 7.2-8.0 use ext3)
  3. mount -t ext3 /dev/<drive's device name> /<home2 or some suitable directory> - Mount the drive
    Mount a raw ISO file: mount -t iso9660 -o loop /home/user1/RedHat-9.0-i386-Disk1.iso /mnt/iso-1
    (Fstab entry: /home/user1/RedHat-9.0-i386-Disk1.iso /mnt/iso-1 iso9660 loop,ro 0 3)

Also see: mkefs man page

Where the drive is /dev/hdb or some device as conforms to the Linux device names:

IDE drives are referred to as hda for the first drive, hdb for the second etc... IDE uses separate ribbon cables for primary and secondary drives. The partitions on each drive are referred numerically. The first partition on the first drive is referred to as hda1, the second as hda2, the third as hda3 etc ...

Linux IDE naming conventions:

Device Description Configuration
/dev/hda 1st (Primary) IDE controller Master
/dev/hdb 1st (Primary) IDE controller Slave
/dev/hdc 2nd (Secondary) IDE controller Master
/dev/hdd 2nd (Secondary) IDE controller Slave

Note: SCSI disks are labled /dev/sda, sdb, etc... For more info see SCSI info.

Use the command cat /proc/partitions to see full list of disks and partitions that your system can see.

Example of existing /etc/fstab file:

/dev/sdb6               /                       ext2    defaults        1 1
/dev/sdb1 /boot ext2 defaults 1 2
/dev/cdrom /mnt/cdrom iso9660 noauto,user,users,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
none /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/sdb5 swap swap defaults 0 0

Add SCSI drive by adding line:

/dev/sdc1               /home2                  ext2    defaults        1 2

At this point one may optionaly check the file system created with the command: fsck /dev/sdc1

Note that fsck is NOT run against a mounted file system. Unmount it first if necessary. (umount) Also see the man page for:

Mounting other file systems: (locally attached drives)

Mounting a CD: mount -r -t iso9660 /dev/cdrom /mnt/cdrom
Un-Mount the CD-ROM: umount /dev/cdrom (No "n" in umount)

This command should work for a Red Hat installation. Other distributions may require the following set-up:

        ln -sf /dev/hdc /dev/scd0     Reference SCSI device directly.
ln -sf /dev/hdc /dev/cdrom A more typical system

cd /mnt
mkdir cdrom
mount -t iso9660 -o ro /dev/cdrom /mnt/cdrom

Don't forget to un-mount the CD with umount /mnt/cdrom

Mounting Network Drives:

RPM commands and their use

RPM Command Description
rpm -qilp program_package-ver.rpm Query for information on package and list destination of files to be installed by the package.
rpm -Uvh program_package-ver.rpm Upgrade the system with the RPM package
rpm -ivh program_package-ver.rpm New Install
rpm -Fvh program_package-ver.rpm Freshen install. Removes all files of older version.
rpm -q program_package Query system RPM database (/var/lib/rpm), to see if package is installed.
rpm -qi program_package Query system RPM database for info/description on package (if installed)
rpm -ql program_package List all files on the system associated with the package.
rpm -qf file Identify the package to which this file belongs.
rpm -e program_package Uninstall package from your system
rpm -qa List ALL packages on your system. Use this with grep to find families of packages.
rpm -K --nogpg *.rpm Non sure if RPM downloded ok? Verify md5 sum.

RPM Flag Description
--nodeps RPM flag to force install even if dependancy requirements are not met.
--force Overwrite of other packages allowed.
--notriggers Don't execute scripts which are triggered by the installation of this package.
--root /directory-name Use the system chrooted at /directory-name. This means the database will be read or modified under /directory-name. (Used by developers to maintain multiple environments)
--ignorearch Allow installation even if the architectures of the binary RPM and host don't match. This is often required for RPM's which were assembled incorrectly

ogrotate - Rotate log files:

Many system and server application programs such as Apache, generate log files. If left unchecked they would grow large enough to burden the system and application. The logrotate program will periodically backup the log file by renameing it. The program will also allow the system administrator to set the limit for the number of logs or their size. There is also the option to compress the backed up files.

Configuration file: /etc/logrotate.conf
Directory for logrotate configuration scripts: /etc/logrotate.d/

Example logrotate configuration script: /etc/logrotate.d/process-name

/var/log/process-name.log {
rotate 12
errors root@localhost
/usr/bin/killall -HUP process-name 2> /dev/null || true

Using the find command:

Find man page

Form of command: find path operators


Partial list of find directives:

Directive Description
-name Find files whose name matches given pattern
-print Display path of matching files
-user Searches for files belonging to a specific user
-exec command {} \; Execute Unix/Linux command for each matching file.
-atime (+t,-t,t) Find files accessed more that +t days ago, less than -t or precisely t days ago.
-ctime (+t,-t,t) Find files changed ...
-perm Find files set with specified permissions.
-type Locate files of a specified type:
  • c: character device files
  • b: blocked device
  • d: directories
  • p: pipes
  • l: symbolic links
  • s: sockets
  • f: regular files
-size n Find file size is larger than "n" 512-byte blocks (default) or specify a different measurement by using the specified letter following "n":
  • nb: bytes
  • nc: bytes
  • nk: kilobytes
  • nw: 2-byte words

Also see:

Finding/Locating files:

locate/slocate Find location/list of files which contain a given partial name
which Find executable file location of command given. Command must be in path.
whereis Find executable file location of command given and related files
rpm -qf file Display name of RPM package from which the file was installed.

Note: The script /etc/cron.daily/updatedb.cron generates the index for the locate command. It will geberate the database /var/lib/locatedb

File Information/Status/Ownership/Security:

ls List directory contents. List file information
chmod Change file access permissions
chmod ugo+rwx file-name :Change file security so that the user, group and all others have read, write and execute privileges.
chmod go-wx file-name :Remove file access so that the group and all others have write and execute privileges revoked/removed.
chown Change file owner and group
chown root.root file-name :Make file owned by root. Group assignment is also root.
fuser Identify processes using files or sockets
If you ever get the message: error: cannot get exclusive lock
then you may need to kill a process that has the file locked. Either terminate the process through the application interface or using the fuser command: fuser -k file-name
file Identify file type.
file file-name
Uses /usr/share/magic, /usr/share/magic.mime for file signatures to identify file type. The file extention is NOT used.

CRON - Scheduling a re-occuring task:

Add shell scritp to have run hourly, daily, weekly or monthly into the appropriate directory:

These are preconfigured schedules. To assign a very specific schedule add a line to the /etc/crontab file. Cron entries may also be added to a crontab formatted file located in the directory /var/spool/cron/.

Scheduling access and control:

Man pages:

AT - Scheduling a single occurance of a task:

The at command will schedule single jobs. (cron is for re-occuring jobs) The daemon /usr/sbin/atd will run jobs scheduled with the at command. Access control to the command is controlled using the files /etc/at.allow (list of user id's permitted to use the at command) and /etc/at.deny.

Time is specified before the date:

The at command will respont with it's "at>" prompt upon which you enter the command you wish to execute folowed by "Enter". More commands may be entered. When done enter "control-d".

Input at commands from a file: at midnight today < job-list-file

List jobs with the command atq

    [prompt]$ atq
1 2002-03-07 12:00 a user-id
The first collumn lists the job number.

Delete job with the command atrm

    [prompt]$ atrm 1

Man pages: