Skip to main content

My 5 favorite Linux sysadmin tools

There are a lot of lovable Linux tools available, but here are my top five picks.
Favorite Tools
"NDF_0879-CC" by robkemme is licensed under CC BY-SA 2.0

Every system administrator has a secret and sacred toolbox to help them manage Linux systems. Favorite applications, favorite command-line scripts, and favorite tools are all part of the sysadmin's life script. We carry our tools from job to job. We promote our tools to other sysadmins. We love to collect tools, but we're also practical in that we want tools that work and do their jobs without being too fiddly, or too high maintenance. None of us have the luxury of time to learn a hundred different options and tweaks to get what we want. We need efficient tools that are unencumbered by complexity and high cost.

These five meet all of the requirements for essential system administration tools. They are my favorites. Most of them have helped me for more than 15 years. I'm loyal to them and they to me. You should get acquainted with them and add them to your toolbox. Here is your opportunity to do just that. These are in no particular order.


The System Activity Reporter (sar) has been a favorite of mine for many years and is part of the sysstat package that is now installed by default. I can't possibly explain all of the options provided by sar. If you want to understand why, enter man sar at a prompt and see for yourself. There are just too many options to explain in anything short of a 60-page manual.

The sar command provides a lot of system performance statistics that cover every aspect of every subsystem's performance. For example, look at sar -C to display CPU performance:

$ sar -C
Linux 4.18.0-80.el8.x86_64 (rhel8) 	12/09/2019 	_x86_64_	(1 CPU)

15:43:09     LINUX RESTART	(1 CPU)

03:50:32 PM     CPU     %user     %nice   %system   %iowait    %steal     %idle
04:00:16 PM     all      0.01      0.09      0.22      0.10      0.00     99.58
04:10:32 PM     all      0.01      0.00      0.18      0.01      0.00     99.80
04:20:32 PM     all      0.01      0.00      0.17      0.01      0.00     99.82
04:30:16 PM     all      0.00      0.00      0.18      0.01      0.00     99.81
04:40:32 PM     all      0.00      0.00      0.17      0.01      0.00     99.82
04:50:32 PM     all      0.00      0.00      0.18      0.01      0.00     99.81
05:00:16 PM     all      0.01      0.05      0.18      0.01      0.00     99.75
05:10:32 PM     all      0.00      0.00      0.18      0.00      0.00     99.81
05:20:32 PM     all      0.04      0.00      0.19      0.02      0.00     99.76
Average:        all      0.01      0.02      0.18      0.02      0.00     99.77

If you don't have sar, it's easy to get by installing the sysstat package. Since the sysstat package has been around so long, there's plenty of documentation for it and all of the commands in its suite.

To learn more about sysstat and sar, read Linux capacity planning: 5 things you need to do and Troubleshooting slow servers.


Wireshark is one of my favorite sysadmin tools. It is so useful and so essential to advanced troubleshooting that its use should be a requirement for all mid-to-senior level system administrator positions. Formally, Wireshark is a network protocol analyzer, but it is actually a packet sniffer.

Right. A packet sniffer.

To use Wireshark, select a local NIC to "listen" on for network packets. Once you start a capture, your NIC will capture all passing network packets. Be warned: There are a ton of them. A one-minute capture can capture hundreds of network packets. It's kind of fun and interesting to perform these captures and get a feel for the TCP/IP conversations happening on your network. You'll see broadcast packets, DNS "who has" packets, mail checks, and much more. If you've never done it, you should download Wireshark and have a look at just how chatty your network is.

First, take a few minutes to learn how to start and stop a capture. Then, do a bit of Googling to find out what each type of message means. Using Wireshark helps you troubleshoot a range of network and application-related problems, from DDoS attacks to network probes and other naughty activities, plus a zillion standard messages that happen on every network.

For more, check out contributor Anthony Critelli's packet sniffer overview using tcpdump.


A longtime favorite of mine for performing network probes is the Nmap security scanner. In a nutshell, Nmap scans your network to determine which hosts are online, what services (web servers, mail servers, databases, etc.) they offer, the operating system they're running, and a lot more. Nmap is an essential system administrator tool that I use on an almost weekly basis. 

One of the first things I do when starting a new job, or working for a new client company, is a thorough Nmap scan. Yes, I know this tool can set off alerts because of the intense port scanning, but the value of the information gathered is worth the inconvenience of having the security guys look at me with disdain. I need to be able to see our network like a hacker who has breached our defenses sees our network. Hopefully, the security team runs regular probes as well. In any case, it's just something I do on a regular basis to be sure there are no rogue services or systems operating on my network.

Redhatter and contributor Shashank Hegde wrote 6 practical uses for Nmap, which provides you with six scans that you can perform today and do a little reconnaissance of your own.


To say that I couldn't live without Webmin is an understatement. It has been my constant companion for almost as long as I've used Linux. It was one of the most valuable discoveries I've ever made and I've never given it up. Webmin is a web-based sysadmin interface for Linux. It covers just about everything in its default gaggle of configuration and operation applets. What it doesn't cover, you can possibly find third-party modules for also on the site.

At its core, Webmin is a web-enabled collection of Perl scripts that help you manage Linux systems. It is protected by a username/password pair and can be secured via HTTPS, which can be done within Webmin itself. At a higher level, Webmin is a web-based management interface that gives a system administrator the capability to manage the entire range of hardware, software, and services for Linux systems.

For more, check out my article, Webmin: A web-based Linux management tool, that covers the high points of this essential system administrator tool.


Oracle's VirtualBox is a so-called Type 2 hypervisor, which means that you can run a standard operating system (such as Linux, Mac, or Windows) as a host system and install VirtualBox as an application that "containerizes" other operating systems as virtual machines. VirtualBox is one of my favorite sysadmin tools and I've used it, written about it, and promoted it for its entire lifetime. It allows system administrators to install multiple operating systems for testing, for security administration, and for compatibility use in their jobs.

I find VirtualBox so useful and so essential that it is one of the first applications I install on every system I work on. If I use a Mac, I install it so that I can work with Linux and Windows systems. If I have a Windows system, I do the same. And, yes, VirtualBox works on Linux too. I use it on Linux servers, as well as workstations, so that I can more efficiently leverage my hardware and provide containerized services to other users and to myself.

Every article I write uses a Linux virtual machine on VirtualBox. VirtualBox ticks all the boxes for me: It's free of charge, it's easy to use, it doesn't interfere with the regular operation of my computers, and it provides me with the capability to use diverse operating systems regardless of which host I'm currently using.

To prove my point about how useful VirtualBox is, I've written two articles for Enable Sysadmin that explicitly use VirtualBox as the host: Linux sysadmin basics: Start NIC at boot and Red Hat Enterprise Linux 8 installation tips and tricks.

Wrap up

I love my sysadmin tools and thought you should know which ones I consider to be my top five. If I could take only five tools with me to my next job, you know now the ones I'd grab. I, like you, have more than five favorites, but that's a topic for another article. In the meantime, if you have favorite tools that you can't live without, let us know what they are.

Want to try out Red Hat Enterprise Linux? Download it now for free.

Topics:   Linux  
Author’s photo

Ken Hess

Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. Ken also has 20+ years of experience as an enterprise sysadmin with Unix, Linux, Windows, and Virtualization. More about me

Red Hat Summit 2022: On Demand

Get the latest on Ansible, Red Hat Enterprise Linux, OpenShift, and more from our virtual event on demand.

Related Content