util-linux

util-linux contains a wide array of command-line tools essential for Linux system administration. These utilities handle core system tasks including disk partitioning (fdisk, cfdisk, sfdisk), filesystem mounting and unmounting (mount, umount), swap management (swapon, swapoff), and process control (renice, chrt, ionice). The package is divided into several sub-packages like bsdextrautils, bsdutils, fdisk, mount, and the main util-linux package, each providing specialized BSD-derived or Linux-specific functionality.

Common use cases include partitioning hard drives, managing removable media (eject), monitoring block devices (lsblk, blkid), and controlling system resources like CPU affinity (taskset) and I/O scheduling (ionice). Tools like dmesg for kernel messages and hwclock for RTC management are crucial for troubleshooting and time synchronization. The collection supports both interactive and scripted operations, making it indispensable for system maintenance and forensics.

These utilities are particularly valuable in cybersecurity contexts for disk analysis, live system manipulation, and evidence collection during forensic investigations. Many tools support verbose output, JSON formatting, and raw data modes suitable for automation and parsing in security tools.

util-linux tools interact directly with Linux kernel interfaces via syscalls, ioctls, and /proc filesystem. Disk utilities like fdisk manipulate partition tables (MBR/GPT) by reading/writing directly to block devices. Mount/umount use kernel mount API with fstab integration and label/UUID resolution via libblkid. Process tools like taskset use sched_setaffinity() syscall for CPU binding, while ionice modifies I/O scheduler classes through block layer interfaces. Many tools leverage libsmartcols for formatted output and libmount for filesystem operations. BSD utilities provide text processing capabilities optimized for terminal output formatting.