Linux Scripts

Useful Linux admin scripts with MSP-style cards. Filter by area, edit variables inline, copy, or download as .sh.

System Health Snapshot
CPU, memory, disk, load and top process summary for fast triage.
System bash coreutils procps
Required package/command
bash coreutils procps
Run first
sudo -v
Script
#!/usr/bin/env bash
set -euo pipefail

echo "=== Host ==="
hostnamectl || true

echo "\n=== Uptime / Load ==="
uptime

echo "\n=== CPU (top 10) ==="
ps -eo pid,cmd,%cpu --sort=-%cpu | head -n 11

echo "\n=== Memory ==="
free -h

echo "\n=== Disk Usage ==="
df -hT

echo "\n=== Top memory processes ==="
ps -eo pid,cmd,%mem --sort=-%mem | head -n 11
APT Patch + Cleanup
Update index, apply upgrades, remove stale dependencies, and clean cache.
Maintenance apt
Required package/command
apt
Run first
sudo -v
Script
#!/usr/bin/env bash
set -euo pipefail

sudo apt update
sudo DEBIAN_FRONTEND=noninteractive apt -y upgrade
sudo apt -y autoremove --purge
sudo apt -y autoclean

echo "Patch maintenance complete"
Export Critical/Error Journal Logs
Collects recent priority 0-3 logs into a timestamped file in /tmp.
Logs systemd-journald
Required package/command
systemd-journald
Run first
sudo -v
Edit Variables
Look-back (hours)
Script
#!/usr/bin/env bash
set -euo pipefail

HOURS="##HOURS##"
OUT_FILE="/tmp/journal-errors-$(date +%F-%H%M).log"

sudo journalctl --since "${HOURS} hour ago" -p 3 --no-pager > "$OUT_FILE"

echo "Saved: $OUT_FILE"
head -n 80 "$OUT_FILE"
Restart + Validate Service
Restarts a systemd service and prints status + recent logs.
System systemd
Required package/command
systemd
Run first
sudo -v
Edit Variables
Service name
Script
#!/usr/bin/env bash
set -euo pipefail

SERVICE_NAME="##SERVICE_NAME##"

sudo systemctl restart "$SERVICE_NAME"
sudo systemctl status "$SERVICE_NAME" --no-pager
sudo journalctl -u "$SERVICE_NAME" -n 80 --no-pager
Disk Growth Report by Directory
Shows biggest directories for a target path to locate storage growth quickly.
Storage du sort
Required package/command
du sort
Run first
sudo -v
Edit Variables
Target path
Rows to show
Script
#!/usr/bin/env bash
set -euo pipefail

TARGET_PATH="##TARGET_PATH##"
TOP_N="##TOP_N##"

sudo du -xhd 1 "$TARGET_PATH" 2>/dev/null | sort -hr | head -n "$TOP_N"
Failed Login Audit (SSH/Auth)
Summarizes failed authentication attempts and top source IPs.
Security journalctl awk
Required package/command
journalctl awk
Run first
sudo -v
Edit Variables
Look-back (hours)
Script
#!/usr/bin/env bash
set -euo pipefail

SINCE_HOURS="##SINCE_HOURS##"

echo "Top failed SSH/auth sources (last ${SINCE_HOURS}h):"
sudo journalctl --since "${SINCE_HOURS} hour ago" --no-pager |
  grep -Ei 'Failed password|authentication failure' |
  grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' |
  sort | uniq -c | sort -nr | head -n 25
SSH Hardening Baseline
Applies baseline sshd settings and reloads daemon.
Security openssh-server
Required package/command
openssh-server
Run first
sudo -v
Script
#!/usr/bin/env bash
set -euo pipefail

SSHD_CONFIG="/etc/ssh/sshd_config"

sudo cp "$SSHD_CONFIG" "${SSHD_CONFIG}.bak.$(date +%F-%H%M%S)"

sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONFIG"
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG"
sudo sed -i 's/^#\?X11Forwarding.*/X11Forwarding no/' "$SSHD_CONFIG"

sudo sshd -t
sudo systemctl reload ssh || sudo systemctl reload sshd

echo "SSH baseline applied"
UFW Server Baseline
Configures default deny inbound + allows SSH/HTTP/HTTPS.
Security ufw
Required package/command
ufw
Run first
sudo -v
Edit Variables
SSH port
Script
#!/usr/bin/env bash
set -euo pipefail

SSH_PORT="##SSH_PORT##"

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow "${SSH_PORT}/tcp"
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable
sudo ufw status verbose
Docker Safe Cleanup
Prunes stopped containers, dangling images, and unused build cache.
Docker docker
Required package/command
docker
Run first
sudo -v
Script
#!/usr/bin/env bash
set -euo pipefail

sudo docker container prune -f
sudo docker image prune -f
sudo docker builder prune -f
sudo docker volume prune -f

echo "Docker cleanup complete"
Docker Compose Pull + Recreate
Pulls latest images and recreates services with minimal commands.
Docker docker compose
Required package/command
docker compose
Run first
sudo -v
Edit Variables
Compose stack directory
Script
#!/usr/bin/env bash
set -euo pipefail

STACK_DIR="##STACK_DIR##"

cd "$STACK_DIR"
sudo docker compose pull
sudo docker compose up -d
sudo docker compose ps
Network Latency + Packet Loss Test
Pings a target and summarizes min/avg/max latency and packet loss.
Network iputils-ping
Required package/command
iputils-ping
Run first
true
Edit Variables
Target host
Ping count
Script
#!/usr/bin/env bash
set -euo pipefail

TARGET="##TARGET##"
COUNT="##COUNT##"

ping -c "$COUNT" "$TARGET"
DNS Resolver Diagnostics
Runs dig against multiple resolvers for a hostname.
Network dnsutils
Required package/command
dnsutils
Run first
true
Edit Variables
Hostname
Script
#!/usr/bin/env bash
set -euo pipefail

HOSTNAME_TO_CHECK="##HOSTNAME_TO_CHECK##"
for r in 1.1.1.1 8.8.8.8 9.9.9.9; do
  echo "\\n=== Resolver: $r ==="
  dig +short "$HOSTNAME_TO_CHECK" A @"$r"
  dig +short "$HOSTNAME_TO_CHECK" AAAA @"$r"
done
TCP Port Smoke Test
Checks a list of TCP ports against a host.
Network netcat-openbsd
Required package/command
netcat-openbsd
Run first
true
Edit Variables
Host
Ports (space-separated)
Script
#!/usr/bin/env bash
set -euo pipefail

HOST="##HOST##"
PORTS="##PORTS##"

for p in $PORTS; do
  if nc -z -w3 "$HOST" "$p"; then
    echo "OPEN  $HOST:$p"
  else
    echo "CLOSED $HOST:$p"
  fi
done
Tar Backup with Rotation
Creates compressed backups and removes files older than N days.
Backup tar gzip
Required package/command
tar gzip
Run first
sudo -v
Edit Variables
Source directory
Backup directory
Retention (days)
Script
#!/usr/bin/env bash
set -euo pipefail

SOURCE_DIR="##SOURCE_DIR##"
BACKUP_DIR="##BACKUP_DIR##"
KEEP_DAYS="##KEEP_DAYS##"

mkdir -p "$BACKUP_DIR"
FILE="$BACKUP_DIR/backup-$(date +%F-%H%M%S).tar.gz"

tar -czf "$FILE" -C "$SOURCE_DIR" .
find "$BACKUP_DIR" -type f -name 'backup-*.tar.gz' -mtime +"$KEEP_DAYS" -delete

echo "Backup written: $FILE"
MySQL Dump with Rotation
Creates SQL dump and rotates old dump files.
Backup mysql-client
Required package/command
mysql-client
Run first
sudo -v
Edit Variables
Database name
Database user
Database password
Backup directory
Retention (days)
Script
#!/usr/bin/env bash
set -euo pipefail

DB_NAME="##DB_NAME##"
DB_USER="##DB_USER##"
DB_PASS="##DB_PASS##"
BACKUP_DIR="##BACKUP_DIR##"
KEEP_DAYS="##KEEP_DAYS##"

mkdir -p "$BACKUP_DIR"
OUT_FILE="$BACKUP_DIR/${DB_NAME}-$(date +%F-%H%M%S).sql.gz"

mysqldump -u"$DB_USER" -p"$DB_PASS" "$DB_NAME" | gzip > "$OUT_FILE"
find "$BACKUP_DIR" -type f -name "${DB_NAME}-*.sql.gz" -mtime +"$KEEP_DAYS" -delete

echo "Dump written: $OUT_FILE"
Nginx Top Talkers
Shows highest-request IPs and most-hit URLs from access log.
Logs awk
Required package/command
awk
Run first
sudo -v
Edit Variables
Nginx access log
Rows to show
Script
#!/usr/bin/env bash
set -euo pipefail

LOG_FILE="##LOG_FILE##"
TOP_N="##TOP_N##"

echo "Top client IPs:"
awk '{print $1}' "$LOG_FILE" | sort | uniq -c | sort -nr | head -n "$TOP_N"

echo "\nTop requested paths:"
awk '{print $7}' "$LOG_FILE" | sort | uniq -c | sort -nr | head -n "$TOP_N"
TLS Expiry Scan
Checks TLS certificate expiry dates for a list of domains.
Network openssl
Required package/command
openssl
Run first
true
Edit Variables
Domains (space-separated)
Script
#!/usr/bin/env bash
set -euo pipefail

DOMAINS="##DOMAINS##"

for d in $DOMAINS; do
  echo "=== $d ==="
  echo | openssl s_client -servername "$d" -connect "$d:443" 2>/dev/null |
    openssl x509 -noout -dates
  echo
 done
No scripts match your search.

Related tools

Cloud Scripts Ready-to-run PowerShell scripts for Exchange Online, Microsoft 365, Entra ID and… Windows Scripts Simple Windows PowerShell scripts for common admin tasks, health checks and quic… Submit a Script Submit Linux, Windows, or Cloud scripts for moderation and community publication…

Frequently asked questions

Are these scripts safe to run as-is?
Review each script before use and test in non-production first. Some commands require sudo or restart services.
Which distros do these support?
Most examples are distro-agnostic, with package-management snippets primarily for Debian/Ubuntu. Adapt for RHEL/Alma/Rocky where needed.
Can I customize script variables?
Yes. Expand a card, edit variable fields, then copy or download the rendered script.