System Diagnostics


Display the system installation date: 

# rpm -qi basesystem | grep "^Install Date"


Display the time of the last system boot: 

# who -b

or 

# uptime


Display the system hardware components and BIOS information: 

# dmidecode


Display the state of all systemd objects (units): 

# systemctl

(implemented from RHEL 7)

Display information about a device status (supporting SMART technology): 

# smartctl -a /dev/sda


Display dynamic information about the processes loading the disks the most: 

# iotop -o


Display 5 reports of disk load statistics including their partitions and/or logical volumes at 2 second intervals: 

# iostat -dpxh 2 5

or 

# sar -dh 2 5


Display disk load statistics including their logical volumes during the specified day: 

# sar -dh -f /var/log/sa/sa<n>


Display static information about the top 10 processes using the processor: 

# ps -eo %cpu,pid,user,args --sort=-%cpu | head -11


Display dynamic information about the top processes using the processor (optionally memory or swap): 

# top


Display 5 reports of processor usage statistics at 2 second intervals: 

# mpstat -P ALL 2 5

or 

# sar -P ALL 2 5


Display processor usage statistics during the specified day: 

# sar -P ALL -f /var/log/sa/sa<n>


Display static information about the total amount of free and used physical and swap memory in MB: 

# free -m


Display static information about the top 10 processes using the memory: 

# ps -eo %mem,pid,user,args --sort=-%mem | head -11


Display 5 reports of memory usage statistics at 2 second intervals: 

# sar -hr ALL 2 5


Display memory usage statistics during the specified day: 

# sar -hr ALL -f /var/log/sa/sa<n>


Display static information about the top 10 processes using the swap space including percentage values: 

# find /proc -maxdepth 2 -path "/proc/[0-9]*/status" -readable -exec awk -v FS=":" -v TOTSWP="$(sed 1d /proc/swaps | awk 'BEGIN{sum=0} {sum=sum+$(NF-2)} END{print sum}')" '{process[$1]=$2;sub(/^[ \t]+/,"",process[$1]);} END {if(process["VmSwap"] && process["VmSwap"] != "0 kB") {used_swap=process["VmSwap"]; sub(/[ a-zA-Z]+/,"",used_swap); percent=(used_swap/TOTSWP*100); printf "%10s %-30s %20s %6.2f%\n",process["Pid"],process["Name"],process["VmSwap"],percent}}' '{}' \; | awk '{print $(NF-2),$0}' | sort -hr | head | cut -d " " -f2-


Display 5 reports of swap usage statistics at 2 second intervals: 

# sar -Sh 2 5


Display swap usage statistics during the specified day: 

# sar -Sh -f /var/log/sa/sa<n>


Display static information about the network interface traffics: 

# ifstat


Display 5 reports of network interface traffic statistics at 2 second intervals: 

# sar -n DEV -h 2 5


Display network interface traffic statistics during the specified day: 

# sar -n DEV -h -f /var/log/sa/sa<n>


Display 5 reports of statistics on memory, swap, disk and processor usage at 2 second intervals: 

# vmstat -w 2 5


Display dynamic information about the processor, memory, swap, network, disks, kernel, file systems, NFS and top processes: 

# nmon


Display file systems with a used capacity equal to or greater than 90 %: 

# fs=$(df -P | awk '+$5 >= 90 {print}'); [[ -z "$fs" ]] && echo "NONE" || echo "$fs"


Display in descending order 50 files larger than 100 MB in the /var directory: 

# find /var -type f -size +100M -exec du -h '{}' \+ | sort -rh | head -50


Display all files that have been changed during the last day in the /tmp directory: 

# find /tmp -mtime -1


Display writable files for others: 

# files="/etc /opt /tmp /usr /var"; for file in $files; do find $file \( -type f -o -type d \) -perm -o=w -exec ls -adl {} \; 2> /dev/null; done | egrep -v '^[l]|^[d].{8}t' || echo "NONE"


Verify the information about the files of all installed packages with the information in the rpm database: 

# rpm -Va


Display the login time of all users to the system during the last period: 

# last


Display potentially vulnerable services enabled: 

# if [[ -n $(which systemctl 2> /dev/null) ]]; then { vs1=$(systemctl list-unit-files -t service | egrep -w "avahi-daemon|bind|cups|dhcpd|dhcp-server|dnsmasq|dovecot|finger|http|ldap|named|^nfs[ ]|nfs-server|nmb|postfix|rexec|rlogin|rpcbind|rsh|rstatd|rsync|rusersd|sendmail|slapd|smb|snmp|squid|telnet|tftp|vsftpd|who|xinetd" | grep "enabled" | awk '{print $1}'); [[ -n "$vs1" ]] && echo "$vs1";}; else if [[ -n $(which chkconfig 2> /dev/null) ]]; then { vs2=$(chkconfig --list | egrep -i "avahi-daemon|bind|cups|dhcpd|dhcp-server|dnsmasq|dovecot|finger|http|ldap|named|^nfs[ ]|nfs-server|nmb|postfix|rexec|rlogin|rpcbind|rsh|rstatd|rsync|rusersd|sendmail|slapd|smb|snmp|squid|telnet|tftp|ttdbserver|vsftpd|who|xinetd" | grep "on" | awk '{print $1}'); [[ -n "$vs2" ]] && echo "$vs2";}; fi; fi
if [[ -f /etc/xinetd.conf ]]; then { vs3=$(grep -R "disable" /etc/xinetd.d | grep "no"); [[ -n "$vs3" ]] && echo "$vs3";}; else if [[ -f /etc/inetd.conf ]]; then { vs4=$(sed '/^[^#]/!d' /etc/inetd.conf | egrep 'bootps|chargen|cmsd|daytime|discard|dtspcd|echo|finger|ftp|imap|netstat|nntp|pcnfsd|pop-3|rexd|rexec|rlogin|rsh|rstatd|rsync|rusersd|rwalld|rwho|sprayd|systat|talk|telnet|tftp|time|ttdbserver|who'); [[ -n "$vs4" ]] && echo "$vs4";}; fi; fi


Display potentially vulnerable standard ports open: 

# ports="avahi chargen daytime discard dns echo finger ldap ldaps netstat nntp nntps snmp systat time"; avahi="5353"; chargen="19"; daytime="13"; discard="9"; dns="53"; echo="7"; finger="79"; ldap="389"; ldaps="636"; netstat="15"; nntp="119"; nntps="563"; snmp="161"; systat="11"; time="37"; for port in $ports; do open_ports=$(netstat -antu | awk 'NR>2{print $4}' | awk -F ":" '{print $NF}' | egrep -w "${!port}$" | uniq); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
ports="cups dtspcd ftp http https imap imaps pop3 pop3s rexec rlogin rsh rsync smb smtp smtps squid telnet"; cups="631"; dtspcd="6112"; ftp="21"; http="80"; https="443"; imap="143"; imaps="993"; pop3="110"; pop3s="995"; rexec="512"; rlogin="513"; rsh="514"; rsync="873"; smb="445"; smtp="25"; smtps="465"; squid="3128"; telnet="23"; for port in $ports; do open_ports=$(netstat -ant | awk 'NR>2{print $4}' | awk -F ":" '{print $NF}' | egrep -w "${!port}$" | uniq); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
ports="bootps nmb rwho talk tftp who"; bootps="67"; nmb="137"; rwho="513"; talk="517"; tftp="69"; who="513"; for port in $ports; do open_ports=$(netstat -anu | awk 'NR>2{print $4}' | awk -F ":" '{print $NF}' | egrep -w "${!port}$" | uniq); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done
ports="cmsd nfs pcnfsd rstatd rusersd rwalld sprayd ttdbserver"; for port in $ports; do open_ports=$(rpcinfo -p 2> /dev/null | grep -i $port); if [[ -n "$open_ports" ]]; then echo "${port} --> YES"; else echo "${port} --> NO"; fi; done


Display SELinux status: 

# getenforce