Get quick control over your Linux server with server commands
by Jack Wallen
Linux is a powerful environment for both the desktop and server: Both systems have matured so any
action can be managed with a simple point and click. Often, however, it is necessary or preferable to
administer a Linux server with only commands.
Enter the Linux server command primer. Below you'll find summarizations for some of the most useful
commands. You should have familiarity with the terms before examining the man pages.
arp
Arp manipulates the kernel's ARP cache. The primary options are clearing an address mapping entry
and manually setting up one. For debugging purposes, arp also allows a complete dump of the ARP
cache.
USE
arp
arp
arp
arp
arp
arp
[-evn] [-H type] [-i if] -a [hostname]
[-v] [-i if] -d hostname [pub]
[-v] [-H type] [-i if] -s hostname hw_addr [temp]
[-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub
[-v] [-H type] [-i if] -Ds hostname ifa [netmask nm] pub
[-vnD] [-H type] [-i if] -f [filename]
In all instances where a hostname is expected, one can also enter an IP address in dotted-decimal
notation. As a special case for compatibility, the order of the hostname and the hardware address can be
exchanged.
Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked
with M and published entries have the P flag.
df
The df command is useful to display filesystem information. This command is the fastest way to keep
track of hard disk drive space on a machine.
USE
df [ -F FSType ] [-a [-b] [-e] [-g] [-k] [-l] [-n] [-t] [-V ] [ -o
FSTypespecific_options ] [block_device | directory | file | resource ... ] [-P]
The most common use of the df command is df -h, which renders output in human-readable format.
du
The display usage command is helpful in identifying the size of files and/or programs within
directories. Although rudimentary, this is a very good way to keep track of security on a system as
there are certain programs and files that should never change size.
USE
du [-a] [-k] [-s] [-d] [-L] [-o] [-r] [-x] directories
The most common usage of the du command, under a specific directory, is du -a. (NOTE: You should
not run this command from the root (/) directory, as it will display size for every file on the entire
Linux hard disk drive.)
find
The find command helps find locations of files and directories quickly across the entire filesystem. This
command is best used as the root user, when in admin mode. One of the most powerful aspects of this
command is its ability to accept regular expressions. Since all options of find always return true, it is
best to place the options at the beginning of the expression.
USE
find [path...] [expression]
The most common use of the find command would be:
find / -name appname -type d -xdev
where appname is the name of the file or application to be searched for.
There are other commands that can take the place of find, such as locate or slocate.
ifconfig
The ifconfig tool is the best way to configure network interfaces on a server. This is especially
necessary when dealing with a server with no GUI installed.
USE
ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength]
[dest_address]] [parameters]
ifconfig interface destroy
ifconfig -a [-L] [-d] [-m] [-u] [address_family]
ifconfig -l [-d] [-u] [address_family]
ifconfig [-L] [-d] [-m] [-u] [-C]
If you run the ifconfig command without an option, the command will return to you the details of the
configured network interfaces on the server. This lets you check that your network hardware is working
properly.
Of course, ifconfig is not just about offering up information. The ifconfig command, as the name would
imply, allows you to configure the network interface from the command line. For example, to set up
basic information for a network card, ifconfig would be run (as root) as such:
ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 up
Where 192.168.0.1 is the IP address of your machine, 255.255.255.0 is the network mask (which
decides the potential size of your network), the number 192.168.0.255 is the broadcast address, and the
up keyword loads the module related to the Ethernet card into the kernel and makes it ready to receive
and send data.
Ifup/ifdown/ifstatus
I’ve put these commands together because their usage is so similar. These commands either bring a
network interface up, down, or give the status of said interface. It's quite useful when having to stop
and start a network on a machine.
USE
ifup/ifdown/ifstatus interface
where interface is the name of the network device, such as eth0.
init
Although not as obvious as some commands, init will allow you to change a server to a different
runlevel. Let's say, for example, you decide to install your server along with the GUI (to make network
configuration easier). But, at some point, you decide you do not want to load the GUI at boot. To do
this, init will be your friend.
USE
init [ -a ] [ -s ] [ -b ] [ -z xxx ] [ 0123456Ss ]
If your server boots into GUI mode, it is in runlevel 5. To change the runlevel to 3 (text-only) run the
command: init 3.
This, of course, is not a permanent change. To make the change permanently, you have to change the
/etc/inittab file. Open up that file (as root) and look for the line:
id:5:initdefault:
and change it to:
id:3:initdefault:
Now your server will only boot into text-based mode.
netstat
The netstat command gives a summary of network connections and status of sockets on a server. When
viewing the netstat readout, the top few lines are going to be the most helpful for server administration.
USE
netstat [-veenNcCF] [] -r
netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [ ...]
netstat { [-veenNac] -i | [-cnNe] -M | -s } [delay]
The most common uses of netstat include netstat (with no options) and netstat | head (or netstat -r).
The -r option offers a look at the network routing addresses.
nslookup
The nslookup command checks the domain name and IP information of a server. Where this command
will come in most handy is if you suspect server intrusion. Take a look at the server logs and run the
nslookup to gain DNS information on possible intruders. Nslookup has two modes: interactive and non-
interactive. Interactive mode allows the user to query name servers for information about various hosts
and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name
and requested information for a host or domain.
Interactive mode is entered when either no arguments are given (the default name server will be used)
or when the first argument is a hyphen (-) and the second argument is the host name or Internet address
of a name server.
USE
nslookup [ - option ] ... host [ server ]
The most common use of nslookup is nslookup www.hostname.com
ping
The tried-and-true ping command simply sends test packets to a specified server to check if it is
responding properly. This is an extremely useful command for testing network connectivity and
response time of servers. Ping creates a series of test packets that are bounced to the server and back
indicating if a server (or interface) is operating correctly.
USE
ping -s [-d] [-l] [-L] [-n] [-r] [-R] [-v] [ -i interface_address ] [-I interval]
[-t ttl] host [packetsize] [count]
The most common use of ping is ping address (where address is either a FQDN or IP address.)
Ping is the first line of testing if a network failure occurs. If ping returns information indicating that
your network is live, then there is another issue. If, say for example, you are able to ping
www.yahoo.com but can not ping your mail server, your mail server is having issues.
ps
The ps command lists all existing processes on the server. This is helpful because it will let you know if
Apache is running on your Web server. If you can't hit your Web server, but you know the machine is
up and connected properly, running ps will let you know if Apache is, in fact, running. One problem,
however, is that often you will have more processes than will fit on a screen. To overcome this issue,
pipe ps to the more command with the | character:
ps | more
With this in place, you will be able to see the output one screen at a time.
USE
ps [-a] [-A] [-c] [-d] [-e] [-f] [-j] [-l] [-L] [-P] [-y] [ -g grplist ] [ -n
namelist ] [-o format ] [ -p proclist ] [ -s sidlist ] [ -t term] [ -u uidlist ] [
-U uidlist ] [ -G gidlist ]
Most common uses: ps and also ps -f |more
The f switch is most handy because it causes ps to generate a full listing of information.
route
The route command lists the routing tables for your server. The route command is identical to netstat -r
so it's just a matter of preference which you run. Of course, with the route command, you can use the
add or del options to modify a routing table manually.
Most common use: route -v
This is essentially the exact same output as the command netstat -r.
shred
Although not directly related to configuring a network or a server, there are times when it would be
necessary to obviate files on a server. This would most likely be used on confidential information that
had to be deleted (customer information for example). To do this, shred deletes a file securely (and
completely) by overwriting its contents. The results of using shred on a file is that the file deleted will
never be retrieved again.
USE
shred [OPTIONS] FILE [...]
The most common use of shred is shred -v filename (Where filename is the name of a specific file.)
The -v (verbose) option is useful since it provides extra view of what exactly the shred tool is doing
while you wait. (NOTE: With large files, shred can take quite a long time.)
top
The top command displays system statistics and details regarding active processes. Top is a command
that, when run, keeps an open window of processes-and the resources they use-continually updating.
This command is very convenient when trying to solve a runaway process that’s eating up precious
memory. When used in conjunction with ps, top is an administrator’s best friend.
USE
top [-] [d delay] [p pid] [q] [c] [C] [S] [s] [i] [n iter] [b]
The most common use of the top command is simply: top
traceroute
The traceroute command traces the existing network routing for a remote or local server. Probably one
of the most powerful commands in the net admin toolkit, traceroute gives the exact information about
the route between the machine you are on and the server you are trying to reach. This tool is quite
helpful when trying to trace down a network slowdown. By running traceroute, you can view the route
the trace takes one hop at a time. As each hop goes by, you are given information not only on server
name, but time taken between hops. This alone can help determine network outages or slowdowns.
USE
traceroute [-d] [-F] [-I] [-n] [-v] [-x] [-f first_ttl] [-g gateway [-g gateway] |
-r] [-i iface] [-m max_ttl] [-p port] [-q nqueries] [-s src_addr] [-t tos] [-w
waittime ] host [packetlen]
The most common use of the traceroute command is: traceroute hostname (where hostname is the
name of the server you are trying to reach.)
w
The w command offers details of all users currently on the server and what processes they are running.
The difference between w and who is that w displays the process the user is running.
USE
w [options] [user]
The most common use of the w command is without option or argument.
All that and more
Although mostly basic, this toolkit of Linux commands will get you started administering Linux
servers. Each of these commands can be researched more intensely with their man pages (enter the
command man followed by the command name. For example, man netstat will give you the manual
page on the netstat command.
Of course, being a Linux network administrator is more than just having a toolkit of commands at
hand. You must understand networking and network security on a fundamental level; you’ll also need
to learn about server applications, such as Apache and Sendmail. But, knowing the basics, you’re at a
good starting point.