Linux System Administration, level 1

Session 8:Day to Day Administration chores

Part I Process ControlPart II Using rpmPart III Archiving with tar and bzipPart IV Scheduling jobs with cron and atPart V Reading system logs

©2004 Ken Barber Some Rights ReservedThis work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To

view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.

Processes & threads

● Each running executable is a process that

– Has its own Process ID (PID)

– May have multiple threads

– Has been assigned a priority by the kernel scheduler

– Is in one of several states● Running● Sleeping● Stopped● Zombie

Tools for managing processes

● ps List running processes (snapshot)

● top List running processes (continuous)

– Also gnome-system-monitor

● kill Terminate a running process

● renice Change the “nice” value of a process

● The /proc filesystem

– More information than you'll ever want to know

ps

-e Lists all processes by PID

– Gives name and PID, but not owner

-aux Lists all processes by owner

– Can be piped to grep to quickly find, for instance,● All processes with a particular owner● The PID of a process that you want to kill

top

● Lots more information than ps

– System, processor, memory and swap statistics

– Process status, cpu & memory usage, and more

● While it's running press

– P (that's a capital P) to sort by CPU usage

– k to kill a process

– q to quit

– h for help

GUI system monitors

● gnome-system-monitor

– Similar to top, but also gives nice graphs

● gkrellm

– AFAIK not part of the distro, but easily yummable

● System Monitor on panel

– Right-click on blank area of panel, choose

Add to Panel -> Utility -> System Monitor

– Watch system loads in real time

kill

● Syntax: kill -signal PID

● Get the PID from ps or top

– Can also get PID with kill -p procname

● Commonly-used signals:

TERM or 15 (default) Terminate gracefully

KILL or 9 You Die NOW!!!

● Beware! This also kills all child processes!

renice

● Changes the “nice” value of a process

– From -20 to +20

– Negative number: not nice at all (greedy)● Usually only system processes ● Only root can renice to negative numbers

– Positive number: higher = nicer● 20 = very nice; will only run when no other process wants

CPU time (everything is sleeping or waiting for I/O)

● Syntax: renice PID

Redhat Package Manager (RPM)

● Packages consist of zipped executables with scripts and headers

● Database of installed packages lives on local HD

● Most packages depend on certain other packages to also be installed

● Dependencies are listed in package header

● RPM only checks dependencies; doesn't resolve

Some RPM tasks

● Check the integrity of packages rpm -K

● Install packages rpm -ivh

● Remove packages rpm -e

● Update ("Freshen") packages rpm -Fvh

● Query packages rpm -qsomething

– See next page for a list of “somethings”

rpm -q: querying packages

-qa Produces a list of all installed packages

– Pipe to grep to find particular packages

-ql packagename List the files in a package

-qi packagename Get Info (short description) about a package

-q --whatprovides /full/path/to/filenameWhich package installs the named file on the system?

-q --whatrequires package Which packages depend on this one?

RPM security considerations

● Joe Blackhat 0wnz a router or DNS server

● You THINK you're downloading updates from RedHat or an authorized mirror, but...

● What you're REALLY downloading is a Trojan

● Now YOUR system is 0wned and you don't even know it

● ALWAYS run -K before installing/updating packages!

rpm -K

● Two ways an RPM can be bad:

– Bad download (corrupted file)

– Trojan Horse (created by evil hacker)[ken@localhost i686]$ rpm -K *

glibc-2.3.2-27.9.i686.rpm: (sha1) dsa sha1 md5 gpg OK

openssl-0.9.7a-5.i686.rpm: (sha1) dsa sha1 md5 gpg OK

● Hashes check for corrupted downloads

● GPG checks digital signature

– Public Key must be installed first

A little bit of tar

tar operation options -f filename (subtree)

● Operations and options can occur in any order

● Operations:

-c create the named archive

-x extract files from the archive

CAVEAT: Extracting OVERWRITES files of the same name WITHOUT WARNING!

-t list the files in the archive

A little bit of tar

tar operation options -f filename (subtree)

● Options:

-v verbose – list files on stdout as they're tarred

-z zip or unzip tarball with GNU zip

-M backup onto multiple volumes

-L length of tape (size of each volume) in K

-W Verify backup (does not work with -M)

At end of command: 2>&1 > logfile to log the backup & error messages

A little bit more of tar

tar operation options -f filename (subtree)

● filename can be a device

– such as a tape drive or floppy

– But not a CD burner

● At end of command: 2>&1 > logfile creates a log of what was backed up (if you invoked with -v) and error messages

Backup solution for SOHO users

Find and download CdBk from SourceForge.net

● Works with CD-RW discs

● Once a full backup is made, it only backs up new/changed files

● Can run in cron job in the middle of the night

● Easy to find what you want to restore

● Shell script: easy to modify (& learn scripting!)

Scheduling jobs

Three tools:

● cron Schedules jobs to run regularly

– i.e., hourly, daily, weekly, monthly

● at Schedules jobs to run once at some

future time

● anacron Runs cron jobs that were missed because the system was shut off at the time they were supposed to run

Running cron jobs

● Four directories:

– /etc/cron.hourly

– /etc/cron.daily

– /etc/cron.weekly

– /etc/cron.monthly

● To schedule a script, place it in the directory you want

● Configured in /etc/crontab

Running cron jobs, part 2

● Or create your own crontab

– You can schedule jobs at weird times

– Use crontab command

– Creates “personal crontabs” in /var/spool/cron

– Syntax is tricky, consult man crontab before using

● See MAJOR security vulnerability next page

Securing at and cron

WARNING! Security Vulnerability! Unprivileged users can write malicious scripts

and use crontab to run them AS ROOT!

● Disable by creating two empty files, writeable ONLY by root:

/etc/at.allow

/etc/cron.allow

Understanding system logs

● Two daemons:

– klogd – Logs kernel messages

– syslogd – logs everything else

● By default, most logs are in /var/log/messages

● Configure in /etc/syslog.conf

– See next page for details

● Read initial kernel messages with dmesg

Configuring logging

/etc/syslog.conf

● Can send log messages to a file, device or email

● Can select by severity or process or both, e.g.

– Critical events get emailed to a cell phone

– Events from a certain app (such as Samba) can go to their own logfile

● Can schedule log rotation, how many old logs to retain, etc.

Conclusion

That's about all for tonight, folks