Some Useful Unix System Commands and Tools

What we say here is minimal, just a suggestion that you look for more information using man.
[ps, uname, kill, strings, file, strace, ipcs, ipcrm, netstat, ifconfig, nslookup, ping, traceroute, arp, lsof, iostat, vmstat, df, du, route, and a number of other tools ]

Here are some tool for privileged users: tcpdump, pathchar, and Sniffit and Ethereal sniffers.

Here are some system security pointers:

ps: displays current process status

   To list all your processes, enter:
            ps

   To list all processes, enter:
	    ps aux

uname: displays information about the operating system

   uname [-amnrsv]

   -a  Displays all information specified with the -m, -n, -r, -s, and -v
       options.

   -m  Displays the type of hardware running the system.

   -n  Displays the name of the node (this may be a name that the system is
       known by to a communications network).

   -r  Displays the release number of the operating system.

   -s  Displays the name of the implementation of the operating system.  (This
       option is on by default.)

   -v  Displays the operating system version.

kill: sends a signal to a running process

   To kill a process with process id 21234
	    $ kill -KILL 21234

   To stop a process with process id 21234
	    $ kill -STOP 21234

   To resume a stopped process with process id 21234
	    $ kill -CONT 21234

strings: Finds strings in an ASCII or binary file

   Used with non text files, such as object and executable files, prints out all the
   strings oconsisting of at least 4 consecutive printable characters found in the 
   file.

   strings [-ao] [-n number] [file...]
   -a Searches an entire object file, rather than just the initialized data
      space.

   -n number
      Sets the minimum string length to number rather than the default of 4.

   -o Precedes each string by its offset (in octal) in the file.

file: determine the kind of a file

   file filename
      Determines what kind of file filename is, if binary, text, if object file, if source 
      in Java ..

strace: print information on system calls made and signals received by a program

   strace command
     It executes the command printing out information about all the system calls it makes and 
     signals it receives. With qualifiers you can obtain also information about the time taken
     in the calls and between the calls.
     For example
        strace -c a.out
     prints information and timing statistics for the program a.out

ipcs: displays Interprocess Communication (IPC) facility status

   ipcs [-a|-bcopt] [-mqs]
where
  -a  Same as specifying the -b, -c, -o, -p, and -t options.

  -b  Writes the maximum number of bytes in message queues, the size of seg-
      ments for shared memory, and the number of semaphores in each semaphore
      set.

  -c  Writes the username and group name of the user that made the facility.

  -m  Writes information about active shared memory segments.

  -o  Writes the following usage information:
        Number of messages on queue
        Total number of bytes in message queues
        Number of processes attached to shared memory segments

  -p  Writes the Process number of last process to attach or detach on 
      shared memory segments

  -q  Writes information about active message queues.

  -s  Writes information about active semaphore set.

  -t  Writes the following:
        Time of the last control operation that changed the access permis-
        sions for all facilities
        Time of the last msgsnd() and last msgrcv() on message queues
        Time of the last semop() on semaphore sets

ipcrm: removes message queue, semaphore set, or shared memory identifiers

  ipcrm [-m shared_memory] [-M shared_memory_key] [-q message_queue] [-Q
         message_key] [-s semaphore_ID] [-S semaphore_key]
where:
  -m shared_memory
      Removes the shared memory identifier shared_memory. The shared memory
      segment and data structure associated with shared_memory are also
      removed after the last detach operation.

  -M shared_memory_key 
     Removes the shared memory identifier, created with key
     shared_memory_key. The shared memory segment and data structure associ-
     ated with it are also removed after the last detach.

  -q message_queue
      Removes the message queue identifier message_queue and the message
      queue and data structure associated with it.

  -Q message_key
      Removes the message queue identifier, created with key message_key, and
      the message queue and data structure associated with it.

  -s semaphore_ID
      Removes the semaphore identifier semaphore_ID and the set of semaphores
      and data structure associated with it.

  -S semaphore_key
      Removes the semaphore identifier, created with key semaphore_key, and
      the set of semaphores and data structure associated with it.

netstat: displays network statistics

  To produce the default display for network connections, enter:
            netstat

  To show the state of the configured interfaces, enter:
            $ netstat -i

   To show the routing tables, enter:
            $ netstat -r

   To show the routing tables with network addresses, enter:
            $ netstat -rn

ifconfig: configures or displays network interface parameters

   To show information about all interfaces, enter:
	    $ ifconfig -a

   To query the status of serial line interface sl0, enter:
            $  ifconfig sl0

nslookup: queries Internet name servers interactively

   To find the dotted decimal IP address of host name snowhite.cis.temple.edu
	    $ nslookup snowhite.cis.temple.edu

   To find the hostname of the dotted decimal IP address 155.247.190.207
	    $ nslookup 155.247.190.207

ping: Sends ICMP ECHO_REQUEST packets to network hosts

   To determine the status of host www.cs.stanford.edu:
	    $ ping www.cs.stanford.edu

   To also have a record of the route to www.cs.stanford.edu:
	    $ ping -R www.cs.stanford.edu

traceroute: Print the route that packets take to the network host

   To find the route to host rtfm.mit.edu, enter:
	    $ traceroute rtfm.mit.edu

arp:Displays and controls Address Resolution Protocol (ARP) tables

   To display all current ARP entries:
	    $ arp -a

lsof: list information about files opened by processes

This is a complex command not available on all unix (you can obtain a copy from ftp://vic.cc.purdue.edu/pub/tools/lsof/).
  To list all open files, use:
       lsof

  To list all open Internet, x.25 (HP-UX), and UNIX domain files, use:
       lsof -i -U

  To list all files using any protocol on any port of snowhite.cis.temple.edu, use:
       lsof -i @snowhite.cis.temple.edu

  To find the process that has /u/abe/foo open, use:
       lsof /u/abe/foo

  To find any open file, including an open UNIX domain socket file, with the
  name /dev/log, use:
       lsof /dev/log

  To obtain PID and command name field output for each process, file descrip-
  tor, file device number, and file inode number for each file of each pro-
  cess, use:
       lsof -FpcfDi

  To find an IP version 4 socket file by its associated numeric dot-form
  address, use:
       lsof -i@128.210.15.17

iostat: display I/O statistics

  iostat [drive...] [interval] [count]
For example
  iostat 1 5
displays 5 status reports taken at 1 second intervals.

vmstat: displays virtual memory statistics

  vmstat interval [count]
  vmstat [-f|-M|-P|-s]
where:
  -f  Displays only statistics about the number of forks since system startup
      (see the fork() call).
  -P  Displays accumulated statistics about physical memory use.
  -s  Displays accumulated statistics along with the page size.

df: Displays statistics on free disk space

du:Displays a summary of disk usage

   To display the disk usage of a directory tree and each of its sub-
   trees, enter:
          $ du /u/fran

   To display the disk usage of each file, enter:
          $ du -a /u/fran
   
   To display only the total disk usage of a directory tree, enter:
          $ du -rs /u/fran

route: Manipulates the routing tables manually

Requires system privilege.