Get quick control over your Linux server with server commands by Jack Wallen Linux is a powerful environment for both the desktop and server: Both systems have matured so any action can be managed with a simple point and click. Often, however, it is necessary or preferable to administer a Linux server with only commands. Enter the Linux server command primer. Below you'll find summarizations for some of the most useful commands. You should have familiarity with the terms before examining the man pages. arp Arp manipulates the kernel's ARP cache. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, arp also allows a complete dump of the ARP cache. USE arp arp arp arp arp arp [-evn] [-H type] [-i if] -a [hostname] [-v] [-i if] -d hostname [pub] [-v] [-H type] [-i if] -s hostname hw_addr [temp] [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub [-v] [-H type] [-i if] -Ds hostname ifa [netmask nm] pub [-vnD] [-H type] [-i if] -f [filename] In all instances where a hostname is expected, one can also enter an IP address in dotted-decimal notation. As a special case for compatibility, the order of the hostname and the hardware address can be exchanged. Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P flag. df The df command is useful to display filesystem information. This command is the fastest way to keep track of hard disk drive space on a machine. USE df [ -F FSType ] [-a [-b] [-e] [-g] [-k] [-l] [-n] [-t] [-V ] [ -o FSTypespecific_options ] [block_device | directory | file | resource ... ] [-P] The most common use of the df command is df -h, which renders output in human-readable format. du The display usage command is helpful in identifying the size of files and/or programs within directories. Although rudimentary, this is a very good way to keep track of security on a system as there are certain programs and files that should never change size. USE du [-a] [-k] [-s] [-d] [-L] [-o] [-r] [-x] directories The most common usage of the du command, under a specific directory, is du -a. (NOTE: You should not run this command from the root (/) directory, as it will display size for every file on the entire Linux hard disk drive.) find The find command helps find locations of files and directories quickly across the entire filesystem. This command is best used as the root user, when in admin mode. One of the most powerful aspects of this command is its ability to accept regular expressions. Since all options of find always return true, it is best to place the options at the beginning of the expression. USE find [path...] [expression] The most common use of the find command would be: find / -name appname -type d -xdev where appname is the name of the file or application to be searched for. There are other commands that can take the place of find, such as locate or slocate. ifconfig The ifconfig tool is the best way to configure network interfaces on a server. This is especially necessary when dealing with a server with no GUI installed. USE ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength] [dest_address]] [parameters] ifconfig interface destroy ifconfig -a [-L] [-d] [-m] [-u] [address_family] ifconfig -l [-d] [-u] [address_family] ifconfig [-L] [-d] [-m] [-u] [-C] If you run the ifconfig command without an option, the command will return to you the details of the configured network interfaces on the server. This lets you check that your network hardware is working properly. Of course, ifconfig is not just about offering up information. The ifconfig command, as the name would imply, allows you to configure the network interface from the command line. For example, to set up basic information for a network card, ifconfig would be run (as root) as such: ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 up Where 192.168.0.1 is the IP address of your machine, 255.255.255.0 is the network mask (which decides the potential size of your network), the number 192.168.0.255 is the broadcast address, and the up keyword loads the module related to the Ethernet card into the kernel and makes it ready to receive and send data. Ifup/ifdown/ifstatus I’ve put these commands together because their usage is so similar. These commands either bring a network interface up, down, or give the status of said interface. It's quite useful when having to stop and start a network on a machine. USE ifup/ifdown/ifstatus interface where interface is the name of the network device, such as eth0. init Although not as obvious as some commands, init will allow you to change a server to a different runlevel. Let's say, for example, you decide to install your server along with the GUI (to make network configuration easier). But, at some point, you decide you do not want to load the GUI at boot. To do this, init will be your friend. USE init [ -a ] [ -s ] [ -b ] [ -z xxx ] [ 0123456Ss ] If your server boots into GUI mode, it is in runlevel 5. To change the runlevel to 3 (text-only) run the command: init 3. This, of course, is not a permanent change. To make the change permanently, you have to change the /etc/inittab file. Open up that file (as root) and look for the line: id:5:initdefault: and change it to: id:3:initdefault: Now your server will only boot into text-based mode. netstat The netstat command gives a summary of network connections and status of sockets on a server. When viewing the netstat readout, the top few lines are going to be the most helpful for server administration. USE netstat [-veenNcCF] [] -r netstat {-V|--version|-h|--help} netstat [-vnNcaeol] [ ...] netstat { [-veenNac] -i | [-cnNe] -M | -s } [delay] The most common uses of netstat include netstat (with no options) and netstat | head (or netstat -r). The -r option offers a look at the network routing addresses. nslookup The nslookup command checks the domain name and IP information of a server. Where this command will come in most handy is if you suspect server intrusion. Take a look at the server logs and run the nslookup to gain DNS information on possible intruders. Nslookup has two modes: interactive and non- interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Interactive mode is entered when either no arguments are given (the default name server will be used) or when the first argument is a hyphen (-) and the second argument is the host name or Internet address of a name server. USE nslookup [ - option ] ... host [ server ] The most common use of nslookup is nslookup www.hostname.com ping The tried-and-true ping command simply sends test packets to a specified server to check if it is responding properly. This is an extremely useful command for testing network connectivity and response time of servers. Ping creates a series of test packets that are bounced to the server and back indicating if a server (or interface) is operating correctly. USE ping -s [-d] [-l] [-L] [-n] [-r] [-R] [-v] [ -i interface_address ] [-I interval] [-t ttl] host [packetsize] [count] The most common use of ping is ping address (where address is either a FQDN or IP address.) Ping is the first line of testing if a network failure occurs. If ping returns information indicating that your network is live, then there is another issue. If, say for example, you are able to ping www.yahoo.com but can not ping your mail server, your mail server is having issues. ps The ps command lists all existing processes on the server. This is helpful because it will let you know if Apache is running on your Web server. If you can't hit your Web server, but you know the machine is up and connected properly, running ps will let you know if Apache is, in fact, running. One problem, however, is that often you will have more processes than will fit on a screen. To overcome this issue, pipe ps to the more command with the | character: ps | more With this in place, you will be able to see the output one screen at a time. USE ps [-a] [-A] [-c] [-d] [-e] [-f] [-j] [-l] [-L] [-P] [-y] [ -g grplist ] [ -n namelist ] [-o format ] [ -p proclist ] [ -s sidlist ] [ -t term] [ -u uidlist ] [ -U uidlist ] [ -G gidlist ] Most common uses: ps and also ps -f |more The f switch is most handy because it causes ps to generate a full listing of information. route The route command lists the routing tables for your server. The route command is identical to netstat -r so it's just a matter of preference which you run. Of course, with the route command, you can use the add or del options to modify a routing table manually. Most common use: route -v This is essentially the exact same output as the command netstat -r. shred Although not directly related to configuring a network or a server, there are times when it would be necessary to obviate files on a server. This would most likely be used on confidential information that had to be deleted (customer information for example). To do this, shred deletes a file securely (and completely) by overwriting its contents. The results of using shred on a file is that the file deleted will never be retrieved again. USE shred [OPTIONS] FILE [...] The most common use of shred is shred -v filename (Where filename is the name of a specific file.) The -v (verbose) option is useful since it provides extra view of what exactly the shred tool is doing while you wait. (NOTE: With large files, shred can take quite a long time.) top The top command displays system statistics and details regarding active processes. Top is a command that, when run, keeps an open window of processes-and the resources they use-continually updating. This command is very convenient when trying to solve a runaway process that’s eating up precious memory. When used in conjunction with ps, top is an administrator’s best friend. USE top [-] [d delay] [p pid] [q] [c] [C] [S] [s] [i] [n iter] [b] The most common use of the top command is simply: top traceroute The traceroute command traces the existing network routing for a remote or local server. Probably one of the most powerful commands in the net admin toolkit, traceroute gives the exact information about the route between the machine you are on and the server you are trying to reach. This tool is quite helpful when trying to trace down a network slowdown. By running traceroute, you can view the route the trace takes one hop at a time. As each hop goes by, you are given information not only on server name, but time taken between hops. This alone can help determine network outages or slowdowns. USE traceroute [-d] [-F] [-I] [-n] [-v] [-x] [-f first_ttl] [-g gateway [-g gateway] | -r] [-i iface] [-m max_ttl] [-p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime ] host [packetlen] The most common use of the traceroute command is: traceroute hostname (where hostname is the name of the server you are trying to reach.) w The w command offers details of all users currently on the server and what processes they are running. The difference between w and who is that w displays the process the user is running. USE w [options] [user] The most common use of the w command is without option or argument. All that and more Although mostly basic, this toolkit of Linux commands will get you started administering Linux servers. Each of these commands can be researched more intensely with their man pages (enter the command man followed by the command name. For example, man netstat will give you the manual page on the netstat command. Of course, being a Linux network administrator is more than just having a toolkit of commands at hand. You must understand networking and network security on a fundamental level; you’ll also need to learn about server applications, such as Apache and Sendmail. But, knowing the basics, you’re at a good starting point.