Linux Commands to Check Hardware and System Information

Contents

1. 1. Hardware Information
   1. 1.1. Hardware Information
   2. 1.2. CPU
      1. 1.2.1. CPU Information
      2. 1.2.2. CPU Usage
   3. 1.3. Disk
      1. 1.3.1. Disk Information
      2. 1.3.2. Disk Usage
   4. 1.4. Memory
      1. 1.4.1. Memory Information
      2. 1.4.2. Memory Usage
   5. 1.5. Network
      1. 1.5.1. Network Traffic
      2. 1.5.2. Network Speed
      3. 1.5.3. IP Address
      4. 1.5.4. Check Open Ports
2. 2. Operating System Information
   1. 2.1. Operating System
   2. 2.2. Environment Variables
   3. 2.3. Processes
      1. 2.3.1. Processes Management
      2. 2.3.2. Process Information
3. 3. References

Hardware Information

Hardware Information

sudo lshw
sudo lshw -short
sudo lshw -html > lshw.html

CPU

CPU Information

lscpu

CPU Usage

vmstat

echo "CPU Usage: "$[100-$(vmstat 1 2|tail -1|awk '{print $15}')]"%"

/proc/stat

grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print "CPU Usage: " usage "%"}'

cat /proc/stat |grep cpu |tail -1|awk '{print ($5*100)/($2+$3+$4+$5+$6+$7+$8+$9+$10)}'|awk '{print "CPU Usage: " 100-$1 "%"}'

top

top -bn2 | grep '%Cpu' | tail -1 | grep -P '(....|...) id,'|awk '{print "CPU Usage: " 100-$8 "%"}'

Disk

Disk Information

Block Devices Information

lsblk
lsblk -a

Disk Usage

df -h

Folder Disk Space Usage

# all subdirectories size and total size
du -h <folder_name>
# -s total size of a directory
du -sh <folder_name>
# -a all files size, subdirectories size and total size 
du -ah <folder_name>
# -c add total usage to the last line
du -ch <folder_name>

File Disk Space Usage

ls -lh .
du -ah <folder_name>

Memory

Memory Information

sudo dmidecode -t memory

Memory Usage

free -h
# Print the percentage of memory in use
free | grep Mem | awk '{print $3/$2 * 100.0 "%"}'

Network

Network Traffic

Total network traffic

nload
speedometer -t eth0
bmon

traffic by socket

iftop
iftop -F 192.168.0.1/16

traffic by process ID (PID)

nethogs

Network Speed

speedtest-cli

# install speedtest-cli
sudo apt install speedtest-cli
# or
sudo yum instsall speedtest-cli

# run speed test
speedtest-cli
speedtest-cli --simple
# or
speedtest
speedtest --simple

IP Address

LAN/private IP address

ifconfig
# or
hostname -I
# or
ip route get 1.2.3.4 | awk '{print $7}'

Public IP address

curl ifconfig.me
curl ipinfo.io/ip

Public IP Information

curl ipinfo.io

Check Open Ports

nmap

Nmap adapts its techniques to use the best available methods using the current privilege level, unless you explicitly request something different. The things that Nmap needs root (or sudo) privilege for on Linux are: Sniffing network traffic with libpcap. Sending raw network traffic.

# fast scan top 100 open parts (-F)
sudo nmap --min-hostgroup 100 -sS -n -T4 -F <Target_IP>

# fast scan top 100 open parts (-F) when ping is disabled. Add -Pn.
sudo nmap --min-hostgroup 100 -sS -n -T4 -F -Pn <Target_IP>

# fast scan top 1000 ports (-top-ports)
sudo nmap --min-hostgroup 100 -sS -n -T4 -top-ports 1000 <Target_IP>

# fast scan a range of ports 20-80
sudo nmap --min-hostgroup 100 -sS -n -T4 -p20-80 <Target_IP>

# fast scan some specific ports 80,8080
sudo nmap --min-hostgroup 100 -sS -n -T4 -p80,8080 <Target_IP>

# scan ports are listening for TCP connections
sudo nmap -sT -p- <ip>

# scan for UDP ports use -sU instead of -sT
sudo nmap -sU -p- <ip>

• Scan method
  • -sS: (TCP SYN scan) - SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections.
  • -sT: (TCP connect scan)
  • -sU: (UDP scans)
• Faster scan
  • -n: (No DNS resolution) - Tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be slow even with Nmap’s built-in parallel stub resolver, this option can slash scanning times.
  • -T: Set a timing template
    • -T4: prohibits the dynamic scan delay from exceeding 10 ms for TCP ports. Note that a faster speed can be less accurate if either the connection or the computer at the other end can’t handle it, and is more likely to trigger firewalls or IDSs.
    • -T5: prohibits the dynamic scan delay from exceeding 5 ms for TCP ports.
  • --min-hostgroup numhosts: (Adjust parallel scan group sizes) Nmap has the ability to port scan or version scan multiple hosts in parallel.
• Speicify ports
  • -F: (Fast (limited port) scan) Scan fewer ports than the default scan. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.
  • –top-ports [number]: to scan the top [number] most common ports.
  • -p-: to scan 65535 TCP ports. Scanning all ports is too slow.
  • -p<from>-<to>: to scan a range of ports.
  • -p<port1>,<port2>: to scan specific ports.
  • -p<from>-<to>,<port1>,<port2>: to scan multiple ports.
• Other
  • -Pn: (No ping) This option skips the host discovery stage altogether. When ping is disabled on target server, we need add -Pn to skip ping.

States of nmap

• Accessible states
  • open: An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port.
  • closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it.
  • unfiltered: The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed.
• Inaccessible states
  • filtered: Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.
  • open|filtered: Nmap places ports in this state when it is unable to determine whether a port is open or filtered.
  • closed|filtered: This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.

Operating System Information

Operating System

Linux Distro name and version

cat /etc/os-release
cat /etc/*-release
# or
lsb_release -a
# or
hostnamectl

Linux kernel version

uname -a
uname -r
uname -mrs
# or
cat /proc/version

System hostname and related settings

hostnamectl

Start date and time of operating system

uptime -s
uptime
# start time of the pid=1 proccess
ps -p 1 -o lstart

Environment Variables

Environment variables

env
# or
printenv

PATH

echo -e ${PATH//:/\\n}

Processes

Processes Management

View Processes

top
ps -ef
ps aux

View listening ports

sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo nmap -sTU -O IP-address-Here

Kill a Process

kill <PID>
kill -9 <PID>

Kills a process by searching for its name

ps -ef | grep YOUR_PROCESS_NAME | awk '{print $2}' | head -1 | xargs kill -9
# or
ps -ef | grep YOUR_PROCESS_NAME | awk '{print $2}' | tail -1 | xargs kill -9

Process Information

Process start time

ps -p <pid> -o lstart,etime

Process basic information

ps -p <pid> -o pid,cmd,lstart,etime,pcpu,pmem,rss,thcount

• lstart: accurate start time. e.g. Thu Nov 14 13:42:17 2019
• start: start time of today or date. e.g. 13:42:17 or Nov 14
• etime: elapsed time since the process was started, in the form [[DD-]hh:]mm:ss.
• etimes: elapsed time since the process was started, in seconds
• pid: process ID.
• cmd: simple name of executable
• pcpu: %CPU
• pmem: %MEM
• rss: memory use in bytes
• thcount: thread count

References

[1] 10 Commands to Collect System and Hardware Info in Linux

[2] bash shell configuration files

[3] Configuration Files in Linux