Top 10 utilities for your Linux server to check if it is hacked and monitoring activities

Users of Linux systems are sometimes not aware of all the tools and functions on the system. Thinking about this situation, digital forensics specialists from the International Institute of Cyber Security (IICS) listed the top 10 Linux commands for system administration, network monitoring, and other tasks.

As usual, we remind you that this material was prepared for informational purposes only, so IICS is not responsible for any misuse of this information.


This is a tool to decorate system logs.

$ apt-get install ccze


$ tailf / var / log / syslog | ccze

List of modules:

$ ccze –l

Save the record in HTML format:

tailf / var / log / syslog | ccze -h> /home/tux/Desktop/rajneesh.html


According to digital forensics experts, this is a flexible tool that can be used to monitor memory, processes, networks and more. Not a bad replacement for ifstat, iostat, dmstat and similar tools.

$apt-get install dstat

Detailed information about the processor, hard disk, and network:

$ dstat

Processor information only:

$ dstat –c

Learn more about the processor:

$ dstat -cdl -D sda1

Disk information:

$ dstat –d


Digital forensics specialists use this command to find mounted file systems. The command displays a list of connected devices, as well as the option to connect and disconnect a device.


$ findmnt

Output in list format:

$ findmnt –l

Sort by file type:

$ findmnt -t ext4


Nmon is a tool that displays information about system performance.

$ sudo apt-get install nmon
$ nmon 

The tool can display information about network, CPU, memory, and disk usage.

Processor Information:

Network information:


The ‘du’ version with cursor support is used to analyze the disk space used.

$apt-get install ncdu
$ncdu / 

Final output:


A useful tool written in Python that can graphically display the system’s activity. The details are represented by colored bar charts.

Install Python:

$ sudo apt-add-repository ppa:fkrull/deadsnakes

Upgrade your system:

$ sudo apt-get update

Download Python:

$ sudo apt-get install python3.2

Download and unzip

$ unzip && cd ranwhen-master

Run the tool:

$ python3.2


This is a good substitute for netstat and is even faster in certain circumstances.


Output of all connections:

$ ss | less

Tcp traffic-only output:

$ ss -A tcp

Display of process names and pids:

$ ss –ltp


This is another great utility for system monitoring.

$ sudo apt-get install saidar


$ saidar

Colored output:

$ saider –c


According to digital forensics experts, this is a CLI tool designed to monitor network interfaces.

$ apt-get install slurm


$ slurm -i <interface>
$ slurm -i eth1


This utility lists the logged-on users and the processes they are running.



$ w –h

Current user information:

$ w <username>

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.