linux system administration, level 1 -...
TRANSCRIPT
Linux System Administration, level 1
Session 8:Day to Day Administration chores
Part I Process ControlPart II Using rpmPart III Archiving with tar and bzipPart IV Scheduling jobs with cron and atPart V Reading system logs
©2004 Ken Barber Some Rights ReservedThis work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To
view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
Processes & threads
● Each running executable is a process that
– Has its own Process ID (PID)
– May have multiple threads
– Has been assigned a priority by the kernel scheduler
– Is in one of several states● Running● Sleeping● Stopped● Zombie
Tools for managing processes
● ps List running processes (snapshot)
● top List running processes (continuous)
– Also gnome-system-monitor
● kill Terminate a running process
● renice Change the “nice” value of a process
● The /proc filesystem
– More information than you'll ever want to know
ps
-e Lists all processes by PID
– Gives name and PID, but not owner
-aux Lists all processes by owner
– Can be piped to grep to quickly find, for instance,● All processes with a particular owner● The PID of a process that you want to kill
top
● Lots more information than ps
– System, processor, memory and swap statistics
– Process status, cpu & memory usage, and more
● While it's running press
– P (that's a capital P) to sort by CPU usage
– k to kill a process
– q to quit
– h for help
GUI system monitors
● gnome-system-monitor
– Similar to top, but also gives nice graphs
● gkrellm
– AFAIK not part of the distro, but easily yummable
● System Monitor on panel
– Right-click on blank area of panel, choose
Add to Panel -> Utility -> System Monitor
– Watch system loads in real time
kill
● Syntax: kill -signal PID
● Get the PID from ps or top
– Can also get PID with kill -p procname
● Commonly-used signals:
TERM or 15 (default) Terminate gracefully
KILL or 9 You Die NOW!!!
● Beware! This also kills all child processes!
renice
● Changes the “nice” value of a process
– From -20 to +20
– Negative number: not nice at all (greedy)● Usually only system processes ● Only root can renice to negative numbers
– Positive number: higher = nicer● 20 = very nice; will only run when no other process wants
CPU time (everything is sleeping or waiting for I/O)
● Syntax: renice PID
Redhat Package Manager (RPM)
● Packages consist of zipped executables with scripts and headers
● Database of installed packages lives on local HD
● Most packages depend on certain other packages to also be installed
● Dependencies are listed in package header
● RPM only checks dependencies; doesn't resolve
Some RPM tasks
● Check the integrity of packages rpm -K
● Install packages rpm -ivh
● Remove packages rpm -e
● Update ("Freshen") packages rpm -Fvh
● Query packages rpm -qsomething
– See next page for a list of “somethings”
rpm -q: querying packages
-qa Produces a list of all installed packages
– Pipe to grep to find particular packages
-ql packagename List the files in a package
-qi packagename Get Info (short description) about a package
-q --whatprovides /full/path/to/filenameWhich package installs the named file on the system?
-q --whatrequires package Which packages depend on this one?
RPM security considerations
● Joe Blackhat 0wnz a router or DNS server
● You THINK you're downloading updates from RedHat or an authorized mirror, but...
● What you're REALLY downloading is a Trojan
● Now YOUR system is 0wned and you don't even know it
● ALWAYS run -K before installing/updating packages!
rpm -K
● Two ways an RPM can be bad:
– Bad download (corrupted file)
– Trojan Horse (created by evil hacker)[ken@localhost i686]$ rpm -K *
glibc-2.3.2-27.9.i686.rpm: (sha1) dsa sha1 md5 gpg OK
openssl-0.9.7a-5.i686.rpm: (sha1) dsa sha1 md5 gpg OK
● Hashes check for corrupted downloads
● GPG checks digital signature
– Public Key must be installed first
A little bit of tar
tar operation options -f filename (subtree)
● Operations and options can occur in any order
● Operations:
-c create the named archive
-x extract files from the archive
CAVEAT: Extracting OVERWRITES files of the same name WITHOUT WARNING!
-t list the files in the archive
A little bit of tar
tar operation options -f filename (subtree)
● Options:
-v verbose – list files on stdout as they're tarred
-z zip or unzip tarball with GNU zip
-M backup onto multiple volumes
-L length of tape (size of each volume) in K
-W Verify backup (does not work with -M)
At end of command: 2>&1 > logfile to log the backup & error messages
A little bit more of tar
tar operation options -f filename (subtree)
● filename can be a device
– such as a tape drive or floppy
– But not a CD burner
● At end of command: 2>&1 > logfile creates a log of what was backed up (if you invoked with -v) and error messages
Backup solution for SOHO users
Find and download CdBk from SourceForge.net
● Works with CD-RW discs
● Once a full backup is made, it only backs up new/changed files
● Can run in cron job in the middle of the night
● Easy to find what you want to restore
● Shell script: easy to modify (& learn scripting!)
Scheduling jobs
Three tools:
● cron Schedules jobs to run regularly
– i.e., hourly, daily, weekly, monthly
● at Schedules jobs to run once at some
future time
● anacron Runs cron jobs that were missed because the system was shut off at the time they were supposed to run
Running cron jobs
● Four directories:
– /etc/cron.hourly
– /etc/cron.daily
– /etc/cron.weekly
– /etc/cron.monthly
● To schedule a script, place it in the directory you want
● Configured in /etc/crontab
Running cron jobs, part 2
● Or create your own crontab
– You can schedule jobs at weird times
– Use crontab command
– Creates “personal crontabs” in /var/spool/cron
– Syntax is tricky, consult man crontab before using
● See MAJOR security vulnerability next page
Securing at and cron
WARNING! Security Vulnerability! Unprivileged users can write malicious scripts
and use crontab to run them AS ROOT!
● Disable by creating two empty files, writeable ONLY by root:
/etc/at.allow
/etc/cron.allow
Understanding system logs
● Two daemons:
– klogd – Logs kernel messages
– syslogd – logs everything else
● By default, most logs are in /var/log/messages
● Configure in /etc/syslog.conf
– See next page for details
● Read initial kernel messages with dmesg
Configuring logging
/etc/syslog.conf
● Can send log messages to a file, device or email
● Can select by severity or process or both, e.g.
– Critical events get emailed to a cell phone
– Events from a certain app (such as Samba) can go to their own logfile
● Can schedule log rotation, how many old logs to retain, etc.