1. Check the bandwidth occupied by the process-Nethogs
Nethogs is a network traffic monitoring tool under a terminal that can visually display the bandwidth occupied by each process.
2. Hard disk read performance test-IOZone
IOZone is a Linux file system performance testing tool that can test the read and write performance of file systems in different operating systems.
Download: http://www.iozone.org/src/current/
-
-a use fully automatic mode
-
-n sets the minimum file size (Kbytes) for automatic mode.
-
-g sets the maximum file size Kbytes that can be used in automatic mode.
-
-i is used to specify which test to run.
-
-f specifies the name of the test file to be automatically deleted after completion
-
-R produces Excel to standard output
-
-b specifies output to the specified file
3. Real-time monitoring of disk IO-IOTop
The IOTop command is a command that specifically displays the hard disk IO, and the interface style is similar to the top command.
4. Network traffic monitoring-IPtraf IPtraf is a simple network condition analysis tool running under Linux.
5. Network traffic monitoring-IFTop
iftop is a real-time traffic monitoring tool similar to top under linux. It is more intuitive than iptraf.
Download: http://www.ex-parrot.com/~pdw/iftop/
-
TX: send traffic
-
RX: receive traffic
-
TOTAL: total traffic
-
Cumm: Total traffic from running iftop to the current time
-
peak: peak flow
-
Rates: respectively represent the average traffic in the past 2s, 10s, and 40s
6. Real-time process monitoring-hyop
htop is an interactive process browser under Linux that can be used to replace the top command under Linux.
7. System resource monitoring-NMON
NMON is a monitoring and analysis tool widely used on AIX and various Linux operating systems
Download: http://sourceforge.jp/projects/sfnet_nmon/releases/
8. Monitor multiple logs-MultiTail
MultiTail is a software that opens multiple windows on the console to monitor multiple log files at the same time, similar to the tail command.
yum -y installmultitail
multitail -e "fail" /var/log/secure #筛选关键字进行监控
multitail -l "ping baidu.com" #监控后面的命令-l将要执行的命令
multitail -i /var/log/messages -i /var/log/secure #-i指定一个文件名
9. SSH brute force cracking protection-Fail2ban
Fail2ban can monitor your system log and match the error information of the log. Regular expression matching performs the corresponding shielding action. Generally, it is to call the firewall shield
Download: http://www.fail2ban.org/wiki/index.php/Downloads
Note: You need to configure iptables utility. If you restart iptables, you must restart fail2ban, because the principle of fail2ban is to call iptables to block external attacks in real time.
grep -v "^#" /etc/fail2ban/jail.conf | grep -v "^$"
[DEFAULT] ignoreip = 127.0.0.1/8
#忽略本机IP bantime= 600
#符合规则后封锁时间 findtime= 600
#在多长时间内符合规则执行封锁如600秒达到3次则执行 maxretry =
#最大尝试次数 backend = auto
#日志修改检测日志gamin、polling和auto这三种 usedns = warn [ssh-iptables] enabled= true
#默认是禁用false filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp]
# sendmail-whois[name=SSH,dest=收件人邮箱, sender=发件人邮箱, sendername="Fail2Ban"] logpath= /var/log/sshd.log
#响应的错误日志一般在/var/log/secure maxretry = 5
#尝试错误次数覆盖全局中的maxretry
Note: All application protections are turned off by default, and we need to manually turn it on. The fail2ban.conf file is the log information, and the jail.conf file is the specific service and action configuration information to be protected.
[root]# touch /var/log/sshd.log
[root]# service fail2ban restart
[root]# fail2ban-client status#查看监控已经开启
Status
|- Number of jail:1
`- Jail list: ssh-iptables
iptables -L iptables过滤表有fail2ban一条规则
fail2ban-SSHtcp--anywhere anywheretcp dpt:ssh
10. Continuous connection to the session terminal-Tmux
tmux is an excellent terminal multiplexing software similar to GNU Screen, which is more aspect, flexible and efficient than Screen. In order to ensure that the disconnection during SSH connection does not affect task operation.
Many tab pages can be opened, and each tab page can also open many windows. The last page in the above figure opens 8 windows. The function is very powerful, but there are certain thresholds for learning its commands and configuration.
Before contacting tmux, I used screen. After contacting, I gave up screen decisively.
11. The page shows disk space usage-Agedu
Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/
12. Security Scanning Tool-NMap
NMap is a network connection scanning and sniffing toolkit under Linux used to scan open network connections of computers on the Internet.
Download: http://nmap.org/download.html
13. Web stress test-Httperf
Httperf is more powerful than ab, and can test the maximum amount of services that a web service can carry and find potential problems; such as memory usage and stability. The biggest advantage: you can specify the rules for stress testing and simulate the real environment.
Download: http://code.google.com/p/httperf/downloads/list