How to Get Information About Your Linux System Through the Command Line

Ask questions Research chat →

https://www.freecodecamp.org/news/get-linux-system-info-through-cli/ · scraped

terminal

Attachments

Scraped Content

— 5128 words · 2026-05-19 12:35:44 UTC ·

Excerpt

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1749636399891/4b457f71-2d18-463a-b98a-e19ff5a6b769.png) Whether you’ve just gained access to a new Linux system, ethically hacked into one as part of a security test, or you’re just curious to know more about your current machine, this article will guide you through the process. You’ll learn how you can get information related to your OS (operating system), kernel, CPU, memory, processes, disks, networks, and installed software. You’ll explore the commands and their outputs in detail. ## Table of Contents System administrators need to have an understanding of the system so they are able to: - Manage users, groups, and permissions effectively. - Configure services like web servers, databases, and so on. - Automate repetitive tasks with scripts and cron jobs. When the system is in a problematic state, a solid understanding of the system specification and configuration helps you to: - Identify and resolve system errors quickly.
![](https://cdn.hashnode.com/res/hashnode/image/upload/v1749636399891/4b457f71-2d18-463a-b98a-e19ff5a6b769.png) Whether you’ve just gained access to a new Linux system, ethically hacked into one as part of a security test, or you’re just curious to know more about your current machine, this article will guide you through the process. You’ll learn how you can get information related to your OS (operating system), kernel, CPU, memory, processes, disks, networks, and installed software. You’ll explore the commands and their outputs in detail. ## Table of Contents System administrators need to have an understanding of the system so they are able to: - Manage users, groups, and permissions effectively. - Configure services like web servers, databases, and so on. - Automate repetitive tasks with scripts and cron jobs. When the system is in a problematic state, a solid understanding of the system specification and configuration helps you to: - Identify and resolve system errors quickly. - Analyze system logs and monitor performance. - Diagnose network and hardware issues. If you are in a security related role, knowing your system in depth helps you to: - Monitor logs for unauthorized access. - Configure firewalls and security policies. - Detect and remove malicious processes or software. If you know how to gather information related to system resources, you can measure them and create a projection for the future use. You can also: - Tune system parameters for better efficiency. - Monitor resource usage (CPU, memory, disk, I/O). - Eliminate bottlenecks and optimize workloads. It is a good practice to be able to prevent issues before they occur. Once you know your system well, you can: - Schedule regular updates and backups. - Ensure system reliability and uptime. Understanding your Linux system gives you greater control, enhances system stability, and improves your overall effectiveness as a system administrator or power user. In the next section, we’ll discuss some essential commands for gathering system information. ## How to Get Your OS & Kernel Information in Linux uname -a provides full kernel information: Here is what each part means in the above command: - Linux: The kernel name. - ip-172-31-90-178: The network hostname of the system. - 6.8.0-1024-aws: The kernel version and AWS-specific build. - #26-Ubuntu: The kernel build number. - SMP: Symmetric Multi-Processing, indicating that the kernel is compiled for multiple processors. - Tue Feb 18 17:22:37 UTC 2025: The date and time when the kernel was compiled. - x86_64 x86_64 x86_64: The machine hardware name (architecture), processor type, and platform type, all indicating 64-bit x86 architecture. - GNU/Linux: The operating system name. Based on this output, I’m running on an AWS EC2 instance with a 64-bit Ubuntu Linux distribution using a kernel that was specifically built for AWS infrastructure. The uname -r and uname -s commands specify the kernel version and OS type information: The cat /etc/os-release command provides distribution information: ```plain text /etc/os-release noble ubuntu debian noble ubuntu-logo ``` Here is what each part means in the above command: - PRETTY_NAME="Ubuntu 24.04.2 LTS": The user-friendly name of the distribution including version and LTS (Long Term Support) designation. - NAME="Ubuntu": The name of the Linux distribution. - VERSION_ID="24.04": The version number of the Ubuntu release (Year/Month format). - VERSION="24.04.2 LTS (Noble Numbat)": The complete version information including: • 24.04: Major version (released April 2024) • .2: Point release number • LTS: Long Term Support • Noble Numbat: The release codename - VERSION_CODENAME=noble: The codename for this Ubuntu release ("Noble"). - ID=ubuntu: The machine-readable name of the operating system. - ID_LIKE=debian: Indicates that Ubuntu is based on Debian Linux. - HOME_URL, SUPPORT_URL, BUG_REPORT_URL, PRIVACY_POLICY_URL : Various official URLs for Ubuntu resources. - UBUNTU_CODENAME=noble: Reiterates the codename of this Ubuntu release. - LOGO=ubuntu-logo: Specifies the logo identifier for the distribution. This output shows that I’m running Ubuntu 24.04.2 LTS (codenamed "Noble Numbat"), which is a Long Term Support release of Ubuntu. Being an LTS version means it will receive security updates and support for an extended period (typically 5 years for Ubuntu LTS releases). hostnamectl shows the hostname, OS, and kernel info: ```plain text hostnamectl Static hostname: ip-172-31-90-178 Icon name: computer-vm Chassis: vm 🖴 Machine ID: ec272830b6dca2da0d11e41b292cfc99 Boot ID: dd12f48ff01b44a796991d99ce1bcfde Virtualization: xen Operating System: Ubuntu .2 LTS Kernel: Linux .0-1024-aws Architecture: x86-64 Hardware Vendor: Xen Hardware Model: HVM domU Firmware Version: .amazon Firmware Date: Thu -08-24 Firmware Age: 18y 9month 1w 2d ``` In the above command, here is what each part means: - Static hostname: "ip-172-31-90-178": This is the permanent hostname of the system, stored in /etc/hostname. - Icon name: "computer-vm": A symbolic icon identifier for the system, used by some desktop environments. - Chassis: "vm": Indicates this is running in a virtual machine environment. - Machine ID: "ec272830b6dca2da0d11e41b292cfc99": A unique identifier for this system, stored in /etc/machine-id. - Boot ID: "dd12f48ff01b44a796991d99ce1bcfde": A unique identifier that changes with each system boot. - Virtualization: "xen": Shows that this system is running on Xen virtualization (common for AWS instances). - Operating System: "Ubuntu 24.04.2 LTS": The current OS distribution and version. - Kernel: "Linux 6.8.0-1024-aws": The current Linux kernel version, specifically an AWS-optimized kernel. - Architecture: "x86-64": The CPU architecture of the system. - Hardware Vendor: "Xen" Hardware Model: "HVM domU": Indicates this is a Xen HVM (Hardware Virtual Machine) domain user instance. - Firmware Details: - Version: 4.11.amazon: This is the version of the firmware/BIOS specifically customized for AWS environments. - Date: Thu 2006-08-24: This is the release date of the firmware. The date might seem old (2006) but this is normal for AWS instances. - Age: 18y 9month 1w : This shows how old the firmware is relative to the current date calculated from the firmware date (2006) to now (2025). While the firmware seems old, it is still maintained and secure. This overall output shows that I’m running Ubuntu 24.04.2 LTS on an AWS EC2 instance using Xen virtualization. The system is using an AWS-optimized kernel and is configured as a HVM (Hardware Virtual Machine) instance. lscpu shows CPU architecture, cores, threads, and virtualization information: ```plain text lscpu Architecture: x86_64 CPU op-modes: -bit, -bit Address sizes: bits physical, bits virtual Byte Order: Little Endian CPUs: On-line CPUs list: Vendor ID: GenuineIntel Model name: IntelR XeonR CPU E5-2686 v4 @ .30GHz CPU family: Model: Threads per core: Cores per socket: Sockets: Stepping: BogoMIPS: Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse3 clflush mmx fxsr sse sse2 ht sysc all nx rdtscp lm constant_tsc rep_g ood nopl xtopology cpuid tsc_known_ freq pni pclmulqdq ssse3 fma cx16 p cid sse4_1 sse4_2 x2apic movbe popc nt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm pti fsgsbase bmi1 avx2 smep bmi2 e rms invpcid xsaveopt Virtualization features: Hypervisor vendor: Xen Virtualization type: full Caches sum of all: L1d: KiB instance L1i: KiB instance L2: KiB instance L3: MiB instance NUMA: NUMA nodes: NUMA node0 CPUs: Vulnerabilities: Gather data sampling: Not affected Itlb multihit: KVM: Mitigation: VMX unsupported L1tf: Mitigation PTE Inversion Mds: Vulnerable: Clear CPU buffers attem pted, no microcode SMT Host state unknown Meltdown: Mitigation PTI Mmio stale data: Vulnerable: Clear CPU buffers attem pted, no microcode SMT Host state unknown Reg data sampling: Not affected Retbleed: Not affected Spec rstack overflow: Not affected Spec store bypass: Vulnerable Spectre v1: Mitigation usercopy/swapgs barrier s and __user pointer sanitization Spectre v2: Mitigation Retpolines STIBP disab led RSB filling PBRSB-eIBRS Not a ffected BHI Retpoline Srbds: Not affected Tsx async abort: Not affected ``` Here is a brief explanation of the output above: 1. Basic CPU Info - Architecture: x86_64 (64-bit) - CPU Model: Intel Xeon E5-2686 v4 (2.3 GHz) - Cores/Threads: 1 core, 1 thread (no Hyper-Threading) - Physical CPU (Socket): 1 2. Performance & Features - - L1: 32 KiB (data) + 32 KiB (instructions) - L2: 256 KiB - L3: 45 MiB (large, typical for Xeon) - Flags: Supports AVX, AES, SSE4.1/4.2 (useful for encryption/vector ops). 3. Virtualization - Hypervisor: Running on Xen (full virtualization). - Virtualization Support: Yes (Intel VT-x). 4. Security (Vulnerabilities) - Meltdown/Spectre: Mostly mitigated (PTI, Retpolines). - MDS/MMIO: Vulnerable (no microcode fixes). - Spec Store Bypass: Vulnerable (no mitigation). 5. NUMA (Memory) - Single NUMA node (no multi-processor complexity). The output shows that my machine is a single-core Intel Xeon (in a virtualized/cloud environment) with large L3 cache but has some unpatched CPU vulnerabilities. cat /proc/cpuinfo provides more in-depth details about the CPU: ```plain text /proc/cpuinfo processor vendor_id GenuineIntel cpu family model model name IntelR XeonR CPU E5-2686 v4 @ .30GHz stepping microcode 0xd000404 cpu MHz cache size KB physical siblings core cpu cores apicid initial apicid fpu fpu_exception cpuid level wp flags fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm pti fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt bugs cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_stale_data bhi bogomips clflush size cache_alignment address sizes bits physical, bits virtual power management: ``` nproc shows the core count: The above command output shows there is one available processor. You can use the free -h command to know the total/used/free RAM: ```plain text total used shared buff/cache available Mem: 957Mi 406Mi 218Mi 920Ki 522Mi 551Mi Swap: 0B 0B 0B ``` Here is a breakdown of the output shared above: - total: The total amount of physical memory (RAM) or swap space available on the system. - used: The amount of memory currently being used by applications and the system. Calculated as: total - free - buffers - cache. - free: The amount of memory that is completely unused. - shared: Memory that may be simultaneously accessed by multiple programs. - buff/cache: Combines two types of memory: - Buffers: Memory used for block device I/O buffering. - Cache: Memory used for file system page cache - This memory can be reclaimed when needed by applications. - available: It includes the 'free' memory plus memory that can be reclaimed from buff/cache. This is the most important column for determining if you have enough memory. vmstat stands for Virtual Memory Statistics, a tool to monitor system performance. It provides information about memory usage, CPU activity, Processes, Disk I/O and Swap usage. You can also use vmstat to extract live information. Here is how you can do that: ```plain text procs -----------memory---------- ---swap-- -----io---- -system-- -------cpu------- r b swpd buff cache si so bi bo cs us sy wa st gu ``` Here is what the above command is doing: 1. Captures 5 snapshots of system performance. 2. Each snapshot is taken 1 second apart, giving near real-time insights. 3. Displays key metrics about: - Memory usage (free, buffered, cached). - CPU activity (user, system, idle, waiting). - Processes (running, blocked). - Disk I/O (blocks read/written). - Swap usage (if swapping is happening). Note that, you can replace the interval and number of snapshots accordingly. Here’s a detailed breakdown of the output above: - - r: Number of processes waiting for run time. - b: Number of processes in uninterruptible sleep - Memory (in KB): - swpd: Amount of virtual memory used - free: Amount of idle memory - buff: Memory used as buffers - cache: Memory used as cache - - si: Memory swapped in from disk (KB/s) - so: Memory swapped out to disk (KB/s) - - bi: Blocks received from a block device (blocks/s) - bo: Blocks sent to a block device (blocks/s) - - in: Number of interrupts per second - cs: Number of context switches per second - CPU (percentages): 1. us: Time spent running user code 2. sy: Time spent running system code 3. id: Time spent idle 4. wa: Time spent waiting for IO 5. st: Time stolen from a virtual machine 6. gu: Time running guest code (virtual CPU) From the output, you can see that my system: - Has very low CPU usage (high idle percentage) - Has no swap being used (swpd = 0) - Has about 99MB free memory - Shows minimal IO activity - Is running in a virtualized environment (notice the st (stolen) time column has non-zero value The first line shows averages since the last reboot, while subsequent lines show the real-time statistics for each second. cat /proc/meminfo shows detailed memory stats: ```plain text /proc/meminfo MemTotal: kB MemFree: kB MemAvailable: kB Buffers: kB Cached: kB SwapCached: kB Active: kB Inactive: kB Activeanon: kB Inactiveanon: kB Activefile: kB Inactivefile: kB Unevictable: kB Mlocked: kB SwapTotal: kB SwapFree: kB Zswap: kB Zswapped: kB Dirty: kB Writeback: kB AnonPages: kB Mapped: kB Shmem: kB KReclaimable: kB Slab: kB SReclaimable: kB SUnreclaim: kB KernelStack: kB PageTables: kB SecPageTables: kB NFS_Unstable: kB Bounce: kB WritebackTmp: kB CommitLimit: kB Committed_AS: kB VmallocTotal: kB VmallocUsed: kB VmallocChunk: kB Percpu: kB HardwareCorrupted: kB AnonHugePages: kB ShmemHugePages: kB ShmemPmdMapped: kB FileHugePages: kB FilePmdMapped: kB Unaccepted: kB HugePages_Total: HugePages_Free: HugePages_Rsvd: HugePages_Surp: Hugepagesize: kB Hugetlb: kB DirectMap4k: kB DirectMap2M: kB ``` Here is a detailed breakdown of the output shared above: - - MemTotal: Total physical RAM available. - MemFree: Completely unused memory. - MemAvailable: Memory available for new applications. - - Buffers: Memory used for block device I/O buffering. - Cached: Memory used for file system cache. - SwapCached: Memory pages stored in both RAM and swap. - - Active: Recently used memory. - Inactive: Less recently used memory. - Active(anon): Recently used anonymous memory. - Active(file): Recently used file-backed memory. - - SwapTotal: Swap space configured. - SwapFree: Swap space available. - Zswap: Compressed swap in RAM. - - Dirty: Memory waiting to be written to disk. - Mapped: Files mapped into memory. - Slab: Kernel data structures cache. - CommitLimit: Total memory available for allocation. - Committed_AS: Total memory currently allocated. A healthy memory usage is indicated by a good amount of available memory, active caching mechanisms in place and no memory pressure (no swap usage needed). ### tree -d -L 1 Command tree -d -L 1 shows the file system details from the folder it is executed in. To find the complete file system details, run it from the root / folder: ```plain text tree ├── bin - usr/bin ├── bin.usr-is-merged ├── boot ├── dev ├── etc ├── home ├── lib - usr/lib ├── lib.usr-is-merged ├── lib64 - usr/lib64 ├── lost+found ├── media ├── mnt ├── opt ├── proc ├── root ├── run ├── sbin - usr/sbin ├── sbin.usr-is-merged ├── snap ├── srv ├── sys ├── tmp ├── usr └── var directories ``` The command output of tree -d -L 1 shows a directory tree structure with the following options: - d: Shows only directories (ignores files) - L 1: Limits the depth of the tree to one level (only shows the immediate subdirectories) - df -h: mounted filesystems and usage: ```plain text Filesystem Size Used Avail Use% Mounted on /dev/root 29G .6G 26G % / tmpfs 479M 479M % /dev/shm tmpfs 192M 908K 191M % /run tmpfs .0M .0M % /run/lock /dev/xvda16 881M 144M 676M % /boot /dev/xvda15 105M .1M 99M % /boot/efi tmpfs 96M 12K 96M % /run/user/1000 ``` The above output from the df -h command shows the following disk space usage information: - Filesystem: The name of the mounted filesystem/device. - Size: Total size of the filesystem. - Used: Amount of space used. - Avail: Amount of space available. - Use%: Percentage of space used. - Mounted on: The mount point where the filesystem is attached lsblk stands for ‘list block devices’ and shows information about all available block devices like hard drives, SSDs, and so on. ```plain text lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 :0 .3M loop /snap/amazon-ssm-agent/9881 loop1 :1 .9M loop /snap/core22/1748 loop2 :2 .4M loop /snap/snapd/23545 loop3 :3 .9M loop /snap/snapd/24505 loop4 :4 .9M loop /snap/core22/1963 loop5 :5 .2M loop /snap/amazon-ssm-agent/11320 xvda :0 30G disk ├─xvda1 :1 29G part / ├─xvda14 :14 4M part ├─xvda15 :15 106M part /boot/efi └─xvda16 :0 913M part /boot ``` The output above shows the following details: - NAME: Device name. - MAJ:MIN: Major and minor device numbers. - RM: Removable flag (1 for removable, 0 for fixed). - SIZE: Device size. - RO: Read-only flag (1 for read-only, 0 for read-write). - TYPE: Device type (disk, part for partition, loop for loop device). - MOUNTPOINTS: Where the device is mounted. fdisk -l shows all disk devices and their partitions on your system: ```plain text Disk /dev/xvda: GiB, bytes, sectors Units: sectors of * bytes Sector size logical/physical: bytes / bytes I/O size minimum/optimal: bytes / bytes Disklabel type: gpt Disk identifier: E3478E01-32E3-4FC2-8E79-1BCCDE89C2D7 Device Start End Sectors Size Type /dev/xvda1 29G Linux filesystem /dev/xvda14 4M BIOS boot /dev/xvda15 106M EFI System /dev/xvda16 913M Linux extended boot ``` The above output shows the partition information for the the main system disk (/dev/xvda) which is 30 GiB in size and has four partitions: - /dev/xvda1: 29G Linux filesystem (main system partition). - /dev/xvda14: 4M BIOS boot partition. - /dev/xvda15: 106M EFI System partition (for UEFI boot). - /dev/xvda16: 913M Linux extended boot partition. mount shows all currently mounted filesystems in the format: device/source "on" mount_point "type" filesystem_type (mount_options), displaying where and how each filesystem is attached to your system's directory tree. Here is an example line from the output of mount: Some common mount options you’ll see are: - rw: Read-write access. - ro: Read-only access. - nosuid: Disable SUID/SGID bits. - nodev: Prevent device file interpretation. - noexec: Prevent execution of binaries. - relatime: Update access times relatively. du -sh * provides a summary of the disk usage for each file and directory in the current directory (good for finding disk hogs): The lshw command provides detailed information about the computer's hardware configuration. It can report: - Memory configuration. - Firmware version. - Mainboard configuration. - CPU version and speed. - Cache configuration. - Bus speed and more. It's particularly useful for system administrators and users who need to gather detailed hardware information. The command can output information in various formats including HTML, XML, JSON, or plain text. Here is a portion of the output from lshw: ```plain text *-pci description: Host bridge product: 440FX - 82441FX PMC Natoma vendor: Intel Corporation physical id: bus info: pci@0000:00:00.0 version: 02 width: bits clock: 33MHz *-isa description: ISA bridge product: 82371SB PIIX3 ISA Natoma/Triton II vendor: Intel Corporation physical id: bus info: pci@0000:00:01.0 version: 00 width: bits clock: 33MHz capabilities: isa bus_master configuration: ``` lspci displays information about all PCI (Peripheral Component Interconnect) buses and devices connected to your system. ```plain text lspci 00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC Natoma rev 02 00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA Natoma/Triton II 00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE Natoma/Triton II 00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI rev 01 00:02.0 VGA compatible controller: Cirrus Logic GD 00:03.0 Unassigned class ff80: XenSource, Inc. Xen Platform Device rev 01 ``` From the output, we can see that: - Each line starts with a bus:device.function address (like "00:00.0") - - A Host bridge (Intel 440FX), which manages communications between the CPU and other components. - An ISA bridge (Intel PIIX3), for legacy device support. - An IDE interface for storage devices. - An ACPI bridge for power management. - A VGA graphics controller (Cirrus Logic). - A Xen Platform Device (this suggests you're running in a Xen virtualized environment). The command is particularly useful for: - Troubleshooting hardware issues - Verifying hardware detection - Finding hardware details for driver installation - Checking system configuration ### ip a Command ip a displays information about all network interfaces on your system: ```plain text : lo: LOOPBACK,UP,LOWER_UP - This is the loopback interface localhost - MTU Maximum Transmission Unit is bytes - IP address: .0.1/8 IPv4 - IPv6 address: ::1/128 . Network Interface enX0: enX0: BROADCAST,MULTICAST,UP,LOWER_UP - This is your main network interface - MTU is bytes - MAC address link/ether: :16:a6:d3:b3:61 - IPv4 address: .90.178/20 - IPv6 address: fe80::1016:a6ff:fed3:b361/64 Link-local ``` Here are the key elements in the output: - Interface state (UP/DOWN). - MAC address (link/ether). - IPv4 and IPv6 addresses. - Network scope (host, global, link). - Address validity lifetime (valid_lft). - Broadcast address (brd). ip r shows the system’s routing table: ```plain text r default via .80.1 dev enX0 proto dhcp src .90.178 metric .0.2 via .80.1 dev enX0 proto dhcp src .90.178 metric .80.0/20 dev enX0 proto kernel scope src .90.178 metric .80.1 dev enX0 proto dhcp scope src .90.178 metric ``` The above ip r output shows my system's routing table with the following routes: - - Default via 172.31.80.1: All traffic not matching other rules goes through this gateway. - Using interface enX0. - Configured via DHCP. - Source IP: 172.31.90.178. - - 172.31.80.0/20: Local subnet (covers IPs from 172.31.80.0 to 172.31.95.255) - Directly connected to enX0 interface - Kernel-managed route (proto kernel) - For packets originating from 172.31.90.178 - - Direct route to DHCP server (172.31.80.1) - Via interface enX0 All routes have a metric of 100, which determines route priority (lower values are preferred). netstat -tuln shows active listening ports: ```plain text Active Internet connections only servers Proto Recv-Q Send-Q Local Address Foreign Address State tcp .0.54:53 .0.0:* LISTEN tcp .0.0:80 .0.0:* LISTEN tcp .0.53:53 .0.0:* LISTEN tcp6 :::80 :::* LISTEN tcp6 :::22 :::* LISTEN udp .0.54:53 .0.0:* udp .0.53:53 .0.0:* udp .90.178:68 .0.0:* udp .0.1:323 .0.0:* udp6 ::1:323 :::* ``` You can check installed packages with dpkg -l, apt list --installed (Debian/Ubuntu). Here is a snippet from the output: ```plain text vim-common/noble-updates,noble-security,now :9.1.0016-1ubuntu7.8 all installed,automatic vim-runtime/noble-updates,noble-security,now :9.1.0016-1ubuntu7.8 all installed,automatic vim-tiny/noble-updates,noble-security,now :9.1.0016-1ubuntu7.8 amd64 installed,automatic vim/noble-updates,noble-security,now :9.1.0016-1ubuntu7.8 amd64 installed,automatic ``` systemctl list-units --type=service lists the services. You can also use systemctl status <service> and replace <service> with the one you want. Here’s the output for cron.service: ```plain text systemctl status cron.service ● cron.service - Regular background program processing daemon Loaded: loaded /usr/lib/systemd/system/cron.service enabled preset: enabled Active: active running since Wed -05-14 :46:58 UTC weeks days ago Docs: man:cron Main PID: cron Tasks: limit: Memory: .7M peak: .7M CPU: .890s CGroup: /system.slice/cron.service └─625 /usr/sbin/cron Jun 03 09:25:01 ip-172-31-90-178 CRON: pam_unixcron:session: session closed user root Jun 03 09:35:01 ip-172-31-90-178 CRON: pam_unixcron:session: session opened user rootuid by rootuid Jun 03 09:35:01 ip-172-31-90-178 CRON: root CMD command debian-sa1 /dev/null debian-sa1 Jun 03 09:35:01 ip-172-31-90-178 CRON: pam_unixcron:session: session closed user root Jun 03 09:45:01 ip-172-31-90-178 CRON: pam_unixcron:session: session opened user rootuid by rootuid Jun 03 09:45:01 ip-172-31-90-178 CRON: root CMD command debian-sa1 /dev/null debian-sa1 Jun 03 09:45:01 ip-172-31-90-178 CRON: pam_unixcron:session: session closed user root Jun 03 09:55:01 ip-172-31-90-178 CRON: pam_unixcron:session: session opened user rootuid by rootuid Jun 03 09:55:01 ip-172-31-90-178 CRON: root CMD command debian-sa1 /dev/null debian-sa1 Jun 03 09:55:01 ip-172-31-90-178 CRON: pam_unixcron:session: session closed user root lines -21/21 END ``` ps aux shows all processes with their respective status: ```plain text aux PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root ? Ss May14 :35 /usr/lib/systemd/systemd root ? S May14 :00 kthreadd root ? S May14 :00 pool_workqueue_release root ? I May14 :00 kworker/R-rcu_g root ? I May14 :00 kworker/R-rcu_p root ? I May14 :00 kworker/R-slub_ ``` Here's an explanation of each column in the ps aux output: - USER: The owner of the process - PID: Process ID number - %CPU: CPU usage percentage - %MEM: Memory usage percentage - VSZ: Virtual Memory Size in kilobytes (total program size) - RSS: Resident Set Size in kilobytes (actual memory used) - TTY: Terminal associated with the process ('?' means no terminal) - - S: Sleeping - R: Running - I: Idle - Z: Zombie - T: Stopped - s: Session leader - <: High priority - N: Low priority - START: Time when the process started - TIME: Cumulative CPU time used - COMMAND: The command with all its arguments top or htop can be used for live usage overview, and for showing a dynamic view of system performance and running processes. Here's what it displays: - - System uptime and number of logged-in users. - Load average values for the last 1, 5, and 15 minutes. - Total number of processes and their states (running, sleeping, stopped, zombie) - - CPU usage breakdown (user, system, idle, etc.). - Memory usage (total, free, used, cached). - Swap space usage - Process List:Shows a sorted list of running processes (by default sorted by CPU usage)For each process, displays: - Process ID (PID). - User who owns the process. - CPU and memory usage. - Process priority and nice value. - Memory usage details (virtual, resident, shared). - Process status. - Running time. ```plain text - :04:25 up days, :17, user, load average: , , Tasks: total, running, sleeping, stopped, zombie %Cpus: us, sy, ni, id, wa, hi, si, st MiB Mem total, free, used, buff/cache MiB Swap: total, free, used. avail Mem PID PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND root S :35.08 systemd root S :00.16 kthreadd root S :00.00 pool_workqueue_release root I :00.00 kworker/R-rcu_g root I :00.00 kworker/R-rcu_p root I :00.00 kworker/R-slub_ root I :00.00 kworker/R-netns root I :00.00 kworker/0:0H-events_highpri root I :00.00 kworker/R-mm_pe root I :00.00 rcu_tasks_rude_kthread root I :00.00 rcu_tasks_trace_kthread ``` The top command updates this information regularly (by default every 3 seconds) and is commonly used for: - Monitoring system performance - Identifying resource-intensive processes - Troubleshooting system slowdowns - You can also interact with top while it's running using various keyboard commands (like 'k' to kill a process, '1' to see cpu cores, etc.). Based on the system configuration, a number of logs are generated. These can be audit logs, system logs, cron logs, and so on. They all carry useful information. Here are some commands that you can use to view logs: - dmesg | less: Kernel ring buffer (hardware issues, boot messages) - journalctl -xe: Recent critical logs (systemd systems) - /var/log/syslog or /var/log/messages: General system logs whoami shows the current user’s username. id shows detailed information about a user's identity on the system. Let's break down the output: - User ID (uid): uid=1000(ubuntu) means the user ID is 1000, with username "ubuntu" - Primary Group ID (gid): gid=1000(ubuntu) means the primary group ID is 1000, named "ubuntu" - Supplementary Groups (groups): The user belong to the following groups: - ubuntu (1000): Your primary group. - adm (4): For system monitoring tasks. - cdrom (24): For accessing CD-ROM devices. - sudo (27): Allows you to execute commands with superuser privileges. - dip (30): For managing dial-up connections. - lxd (105): For managing LXD containers. The id command is useful for checking user and group IDs, verifying group memberships, troubleshooting permissions issues and confirming sudo access. who displays information about users currently logged into the system: The output breakdown is shown below: - Username: "ubuntu" - Terminal: "pts/0" (pseudo-terminal) - Login time: "2025-06-03 08:45" - Remote host: "(39.43.159.5)" - the IP address from where the connection was made - wshows who is logged in and what they are doing: ```plain text w :21:46 up days, :35, user, load average: , , TTY FROM LOGIN@ IDLE JCPU PCPU WHAT ubuntu pts/0 .159.5 08:45 :56 .00s .02s sshd: ubuntu priv ``` Here is the result breakdown: First line: - 10:21:46: Current system time - up 19 days, 14:35: System uptime (how long the system has been running) - 1 user: Number of users currently logged in - load average: 0.24, 0.05, 0.02: System load averages for the past 1, 5, and 15 minutes - Numbers below 1.0 indicate low system load - Higher numbers indicate more system load/stress - TTY: Terminal device being used. - FROM: Remote host from where the user is connected. - LOGIN@: Time when the user logged in. - IDLE: Time since the user's last activity. - JCPU: CPU time used by all processes attached to the tty. - PCPU: CPU time used by the current process. - WHAT: Current process/command being run. last shows a history of user logins and system reboots: ```plain text last ubuntu pts/1 .159.5 Tue Jun :15 - :17 00:02 ubuntu pts/0 .159.5 Tue Jun 08:45 still logged ubuntu pts/0 .159.5 Tue Jun 05:23 - 08:29 03:06 ubuntu pts/0 .159.5 Sun Jun 06:32 - :24 05:52 ubuntu pts/0 .159.5 Thu May 05:39 - 05:58 00:18 ubuntu pts/0 .32.93 Wed May :45 - :47 00:01 ubuntu pts/0 .32.93 Wed May :58 - :49 01:51 ubuntu pts/0 .159.5 Wed May 05:05 - 05:12 00:06 ubuntu pts/0 .159.5 Tue May :41 - :45 03:04 ubuntu pts/0 .159.5 Thu May 06:12 - 06:12 00:00 ubuntu pts/0 .159.5 Thu May 06:05 - 06:12 00:07 ubuntu pts/0 .107.27 Wed May :06 - :08 00:01 ubuntu pts/0 .185.39 Wed May :48 - :50 00:01 system boot .0-1024-aws Wed May :46 still running wtmp begins Wed May :46:47 ``` Each line shows: - Username (in this case, all logins are from 'ubuntu' user). - Terminal device (pts/0 indicates a pseudo-terminal, typically used for SSH connections). - Remote host IP address (where the connection came from). - Login time and date. - Logout time or status. - Session duration in parentheses. sudo -l shows what the current user can do with sudo. ```plain text Matching Defaults entries ubuntu on ip-172-31-90-178: env_reset, mail_badpass, /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin, use_pty User ubuntu may run the following commands on ip-172-31-90-178: ALL ALL ALL ALL NOPASSWD: ALL ``` This output indicates that the 'ubuntu' user has: - Full sudo access (can execute any command) - No password requirement for sudo commands - Complete administrative privileges on the system In this section you’ll learn about two commands that display the information we have seen before in a presentable and aesthetic form. neofetch - displays system info along with the distribution logo: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1748945743174/9cef1af7-fce8-4657-ad26-7d75b5755dd1.png) Terminal output of the neofetch command displaying Ubuntu system information, including OS, kernel, uptime, CPU, GPU, memory, and a colorful ASCII logo btop displays dynamic stats with different modes: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1748945510465/8c8c200c-bb1a-4123-8db7-c30bb6a1c9bf.gif) A realtime snapshot of the btop system monitor showing real-time CPU, memory, disk, and network usage in a terminal. Colorful graphs display performance metrics for processes, temperatures, and uptime Thank you for reading the article until the end. If you found it helpful, consider sharing it with others. Stay Connected and Continue Your Learning Journey! I read every message, come say hi 👋 1. Connect with me on: - LinkedIn: I share content related to Linux, Cyber security and DevOps. Leave a recommendation on LinkedIn and endorse me on relevant skills. My articles are part of my mission to increase accessibility to quality content for everyone. Each piece takes a lot of time and effort to write. This article will be free, forever. If you've enjoyed my work and want to keep me motivated, consider buying me a coffee. Thank you once again and happy learning!

Visibility

Visible to everyone

Reading Status

Related Bookmarks

My Note


Saved!

Annotations

Select text in the content to add an annotation.

Export as Markdown
+ Annotate selection

Add Annotation