Linux Diagnostics Guide
Section titled “Linux Diagnostics Guide”Linux provides a deep set of command-line tools for inspecting system state, troubleshooting performance issues, checking hardware, reviewing logs, and validating security posture.
System Overview
Section titled “System Overview”System Information
Section titled “System Information”Check the operating system, kernel, CPU architecture, and basic host details:
uname -a # Show kernel, hostname, architecture, and OS detailshostnamectl # Show hostname, OS, kernel, and machine informationlscpu # Show CPU architecture and processor detailscat /etc/os-release # Show Linux distribution and versionUptime and Load
Section titled “Uptime and Load”Review how long the system has been running and whether it is under load:
uptime # Show uptime, users, and load averagesw # Show logged-in users and load averagesvmstat 1 # Show CPU, memory, swap, and I/O stats every secondlast reboot # Show reboot historyCPU and Memory
Section titled “CPU and Memory”CPU Performance
Section titled “CPU Performance”Monitor process activity, CPU utilization, and CPU frequency information:
top # Interactive process and CPU monitorhtop # Enhanced interactive process monitormpstat -P ALL 1 # Show CPU usage per core every secondcpufreq-info # Show CPU frequency governor and frequency detailsInstall optional tools when needed:
sudo apt install htop sysstat cpufrequtilsMemory Diagnostics
Section titled “Memory Diagnostics”Inspect memory usage, swap activity, and process-level memory consumption:
free -h # Show used and available memorywatch -n 1 free -h # Refresh memory summary every secondvmstat 1 # Watch memory, swap, I/O, and CPU activitysmem # Show proportional memory usage by processInstall smem if it is not available:
sudo apt install smemDisk and Filesystems
Section titled “Disk and Filesystems”Filesystem Usage
Section titled “Filesystem Usage”Check mounted filesystems, directory sizes, partitions, and block devices:
df -h # Show filesystem disk usagedu -h --max-depth=1 # Show directory sizes one level deeplsblk # List disks, partitions, and mount pointsfindmnt # Show mounted filesystems as a treeFilesystem Checks
Section titled “Filesystem Checks”Inspect and repair filesystems carefully. Run fsck on unmounted filesystems whenever possible:
sudo fsck /dev/sdX # Check and repair filesystem errorssudo badblocks -v /dev/sdX # Scan a device for bad blocksStorage Performance and Health
Section titled “Storage Performance and Health”Measure disk performance and review SMART health data:
sudo hdparm -tT /dev/sdX # Test buffered and cached disk readssudo smartctl -a /dev/sdX # Show SMART health and device diagnosticsInstall SMART tooling if needed:
sudo apt install smartmontoolsProcesses and Services
Section titled “Processes and Services”Process Diagnostics
Section titled “Process Diagnostics”List processes, find specific services, and stop hung processes:
ps aux # List active processespgrep -a <process_name> # Find matching processes with full command linetop # Monitor active processes in real timekill <pid> # Ask a process to terminatekill -9 <pid> # Force-kill a hung processSystemd Services
Section titled “Systemd Services”Inspect system services and troubleshoot service failures:
systemctl list-units --type=service # List loaded servicessystemctl status <service_name> # Show service status and recent logssystemctl restart <service_name> # Restart a servicejournalctl -u <service_name> -xe # Show detailed logs for a serviceNetwork Diagnostics
Section titled “Network Diagnostics”Interfaces and Connectivity
Section titled “Interfaces and Connectivity”Inspect network interfaces, routes, DNS, and basic connectivity:
ip a # Show network interfaces and addressesip route # Show routing tableresolvectl status # Show DNS resolver statusping google.com # Test basic connectivitytraceroute google.com # Trace network path to a hostPorts and Sockets
Section titled “Ports and Sockets”Find listening ports and active network connections:
ss -tuln # Show TCP and UDP listening socketsss -tunap # Show sockets with process detailsnetstat -tuln # Older alternative to sssudo lsof -i -P -n # Show processes using network socketsNetwork Speed
Section titled “Network Speed”Measure public internet speed when speedtest-cli is installed:
speedtest-cli # Run an internet speed testsudo apt install speedtest-cli # Install speedtest-cli on Debian-based systemsLogs and Kernel Diagnostics
Section titled “Logs and Kernel Diagnostics”System Logs
Section titled “System Logs”Use journalctl for systemd logs and files under /var/log for distribution-specific logs:
journalctl -xe # Show recent high-priority system log entriesjournalctl -b # Show logs from the current bootjournalctl --since "1 hour ago" # Show logs from a time rangecat /var/log/auth.log # Show authentication logs on Debian-based systemsKernel Messages and Modules
Section titled “Kernel Messages and Modules”Inspect kernel messages and loaded modules:
dmesg | tail -n 50 # Show recent kernel messageslsmod # List loaded kernel modulesdmesg | grep <module_name> # Search kernel messages for a modulesudo modprobe -r <module_name> # Remove a kernel moduleHardware Information
Section titled “Hardware Information”Device Inventory
Section titled “Device Inventory”List hardware, PCI devices, USB devices, and power status:
sudo lshw # Show detailed hardware overviewlspci # List PCI deviceslsusb # List USB devicesupower -i /org/freedesktop/UPower/devices/battery_BAT0 # Show laptop battery detailsPackage Management
Section titled “Package Management”Debian-Based Systems
Section titled “Debian-Based Systems”Inspect installed packages, search package repositories, and update the system:
dpkg --get-selections # List installed package selectionsapt search <package_name> # Search available packagessudo apt update # Refresh package metadatasudo apt upgrade # Upgrade installed packagesSecurity Diagnostics
Section titled “Security Diagnostics”Local Exposure
Section titled “Local Exposure”Check local services, permissions, and privileged files:
sudo nmap -sT localhost # Scan local TCP servicesss -tuln # Show listening socketsls -l # Show file permissions and ownershipfind / -perm -4000 2>/dev/null # Find SUID binariesBackup and Recovery
Section titled “Backup and Recovery”Disk Image Backups
Section titled “Disk Image Backups”Create and compress a raw disk or partition image:
sudo dd if=/dev/sdX of=backup.img bs=64K conv=noerror,sync status=progressgzip backup.imgUse dd with care because reversing if and of can overwrite the wrong device.