Useful Sysadmin Commands

A collection of helpful Linux / Freebsd commands I find helpful for day to day use

Finding files and executing actions on them

Find and delete files with filename length of 5:

find . -type f -name '?????' -exec rm -f {} \;

Remove all data from file without deleting file:

truncate -s0 access.log

List all file and directory disk space usage sorted by 10 largest directories:

sudo du -cks * | sort -rn | head

Listing processes and process system usage

List memory usage by category of process:

ps aux | awk '{print $4"\t"$11}' | sort | uniq -c | awk '{print $2" "$1" "$3}' | sort -nr

List memcache objects:

ngrep -W none -T -d any "^(get|set|delete|END|STORED|VALUE|DELETED)" port 11211 | awk '{print $1 " " $2}'

SSH Commands

Forward custom port (local requests to MySQL in this example) to a remote host:

ssh -fND 3306 username@bestwebsiteintheworld.com

Troubleshooting Network Traffic

List open ports:

netstat -tulpn
nmap -v -sU localhost

Capture http headers with tcpdump:

tcpdump -s 1024 -C 1024000 -w /tmp/httpcapture dst port 80

Check for connections to a database not closing (left in TIME_WAIT status):

netstat -an | grep TIME_WAIT

Capture packets for a particular Destination IP and Port:

tcpdump -w packet_capture_results.pcap -i eth0 dst 10.0.1.8 and port 22

Capture all packets except those that match packet type filter:

tcpdump -i eth0 not arp and not rarp

Capture UDP packets:

tcpdump -i eth0 udp

Show list of banned ips:

sudo iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}'

Show list of all banned ips with jails:

sh -c "fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status"

Tar Commands

Tar a directory and encrypt it in one line:

tar cvzf - example_dir | openssl des3 -salt -k secretkey | dd of=encrypted_example_dir

To decrypt:

dd if=encrypted_example_dir | openssl des3 -d -k secretkey | tar xvzf -