This paper introduces several useful Linux tools, hoping to help.
1. View process bandwidth usage – nethogs
Nethogs is a network traffic monitoring tool under the terminal, which can intuitively display the bandwidth occupied by each process.
[[email protected] ~]#yum-y install libpcap-develncurses-devel [[email protected] ~]# tar zxvf nethogs-0.8.0.tar.gz [[email protected] ~]# cd nethogs [[email protected] nethogs]# make && make install [[email protected] nethogs]# nethogs eth0
2. Hard disk read performance test iozone
Iozone is a Linux file system performance testing tool, which can test the read and write performance of file systems in different operating systems.
[root]# tar xvf iozone3_420.tar [root]# cd iozone3_420/src/current/ [root]# make linux [root]# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls
- -A use fully automatic mode
- -N sets the minimum file size (Kbytes) for automatic mode.
- -G sets the maximum file size Kbytes that can be used in automatic mode.
- -I is used to specify which test to run.
- -F specifies that the name of the test file is automatically deleted after completion
- -R generates Excel to standard output
- -B specifies the output to the specified file
3. Real time monitoring disk io-iotop
The iotop command is a special command to display the IO of hard disk. The interface style is similar to the top command.
yum -y install iotop
4. Network traffic monitoring iptraf
Iptraf is a simple network analysis tool running under Linux.
# yum -y install iptraf
5. Network traffic monitoring iftop
Iftop is a real-time traffic monitoring tool similar to top under Linux. It’s more intuitive than iptraf.
[[email protected] ~]# tar zxvf iftop-0.17.tar.gz [[email protected] ~]# cd iftop-0.17 [[email protected] iftop-0.17]# ./configure [[email protected] iftop-0.17]# make && make install [[email protected] iftop-0.17]# iftop [ [email protected] Iftop-0.17] # iftop - I eth0 # specifies the monitoring network interface
- TX: sending traffic
- Rx: received traffic
- Total: total flow
- Cumm: the total flow from running iftop to the current time
- Peak: peak flow
- Rates: the average traffic in the past 2S, 10s and 40s respectively
6. Process real time monitoring htop
Htop is an interactive process browser under Linux, which can be used to replace the top command under Linux.
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_ 64. RPM (installing third party Yum source) yum -y install htop
7. System resource monitoring – nmon
Nmon is a monitoring and analysis tool widely used on AIX and various Linux operating systems
chmod +x nmon_x86_64_rhel6 mv nmon_x86_64_rhel6 /usr/sbin/nmon [[email protected] ~]# nmon
8. Monitoring multiple logs multitail
Multitail is a software that opens multiple windows on the console to monitor multiple log documents at the same time, similar to tail command.
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_ 64. RPM (installing third party Yum source) yum -y installmultitail Multitail - e "fail" / var / log / secure ා filters keywords for monitoring multitail -l "ping baidu.com "ා monitor the following command - l the command to be executed Multitail - I / var / log / messages - I / var / log / secure ා - I specifies a file name
9. SSH brute force cracking protection – fail2ban
Fail2ban can monitor your system log, and then match the error information of the log to perform the corresponding blocking action. Generally speaking, the firewall is called to block
[root]# cd fail2ban-0.8.11 [root]# python setup.py install [root]# cd files/ [root]# cp ./redhat-initd /etc/init.d/fail2ban [[email protected] files]# service fail2ban start [root]# chkconfig --add fail2ban [root]# chkconfig fail2ban on
Note: you need to configure iptables to be practical. If you restart iptables, you should also restart fail2ban, because the principle of fail2ban is to call iptables to block external attacks in real time.
grep -v "^#" /etc/fail2ban/jail.conf | grep -v "^$" [DEFAULT] ignoreip = 127.0.0.1/8 #Ignore native IP bantime = 600 #Blocking time after compliance with rules findtime = 600 #How long does it take to execute blocking according to the rules? For example, if 600 seconds reach 3 times, then execute maxtry= #Maximum attempts backend = Auto #Log modification detection logs gamin, polling and Auto: usedns = warn [SSH iptables] enabled = true #By default, false filter = sshd, action = iptables [name = SSH, port = SSH, protocol = TCP] #Sendmail whois [name = SSH, DeST = recipient mailbox, sender = sender mailbox, sendername = fail2ban "] logpath = / var / log/ sshd.log #The error log of the response is usually at / var / log / secure maxreport = 5 #The number of attempted errors covers the maxregistry in the global
Note: by default, all application protection is turned off, and we need to turn it on manually. fail2 ban.conf Files are log information, jail.conf File is the specific service and action configuration information of protection.
[root]# touch /var/log/sshd.log [root]# service fail2ban restart [root] ා fail2ban client status ා view monitoring has been turned on Status |- Number of jail:1 `- Jail list: ssh-iptables Iptables - L iptables filter table has a rule of fail2ban fail2ban-SSHtcp--anywhere anywheretcp dpt:ssh
10. Connect session terminal persistence TMUX
TMUX is an excellent terminal reuse software, similar to GNU screen, which is more aspect, flexible and efficient than screen. In order to ensure that dropping the line when connecting to SSH does not affect the task running.
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_ 64. RPM (installing third party Yum source)
11. Page shows disk space usage – agedu
tar zxvf agedu-r9723.tar.gz cd agedu-r9723 ./configure make && make install Agedu - S / ා - s scan Agedu - W -- address 192.168.0.10:80 Agedu - W -- address 192.168.0.108080 -- auth none
12. Security scanner nmap
Nmap is a network connection scanning and sniffing toolkit under Linux, which is used to scan the open network connections of computers on the Internet.
tar jxvf nmap-6.40.tar.bz2 ./configure make && make install [root] ා nmap 192.168.0.10 # get basic information [root] # nmap - O 192.168.0.10 ා get system version information [root] ා nmap - a 192.168.0.10 ා access to system comprehensive information [root] ා nmap 192.168.0.0/24 ා get the basic information of working equipment of a network segment -STCP scan -SV system version detection
13. Web stress testing httperf
Httperf is more powerful than AB, which can test the maximum amount of services that web services can carry and find potential problems, such as memory usage and stability. The biggest advantage: can specify the law to carry on the pressure test, simulates the real environment.
[root]# tar zxvf httperf-0.9.0.tar.gz [root]# cd httperf-0.9.0 [root]# ./configure [root]# make && make install [root]# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns= 10000 --wsess=10,10,0.1
- –How: let httperf generate as many connections as possible. Httperf will generate access connections regularly according to the hardware configuration
- –Num Conns: number of connections, 10000 requests in total
- –Wsess: Simulation of user’s opening web page time rule. The first 10 represents the generation of 10 session connections, the second 10 represents 10 requests per session connection, and 0.1 represents the interval time / s between each session connection request