Linux Notes (certification)
From TheBeard Science Project Wiki
CertBlaster test http://www.dtipublishing.com.
ftp://ftp.certblaster.com/1/Course/c_linux+09.exe.
REVIEW QUESTIONS ON PAGES: 63, 104, 152, 200, 269, 313, 360, 409, 446, 493, 542, 593, 639, 688
^
CURRENTLY ON PAGE: 680
EXAM QUESTION NOTES:
kernel tuning still effective after reboot
gpl software is not freeware
ftp public directory should not be owned by the ftp user
bash, tc, and korn are common shells
realVNC and tightVNC are common vnc for windows
in debian, /etc/inetd.conf controls the internet super daemon
version #: major.minor.revision
minor # shows stability. odd # = developmental kernel. even # = production kernel.
hot fix: a bug is reported and the company tests and fixes the bug promptly.
architectures
Intel x86/x64
Itanium
Mainframe (S/390)
ARM
Alpha
MIPS
M68K
PA-RISC
SPARC
UltraSPARC
PowerPC
Linux User Groups (LUG): groups which meet to discuss linux
unix written by ken thompson and dennis ritchie of at&t bell labs 1969
MIT, bell labs, and general electric developed MULTICS (Multiplexed Information and Computing Service) in 1965
1973 - jargon file released
1983 - the hacker dictionary
1984 - gnu project
1991 - linux
dennis ritchie invented C
UNIX derived
MINIX developed my andrew tannenbaum
AIX - IBM
BSD - AT&T at Univ California in Berkeley
Solaris - Sun
HP-UX - HP
Linux Documentation Project (LDP)
GNU Network Object Model Environment(GNOME) written in C used gtk toolkit
K desktop environment (KDE) written in C++ uses qt toolkit
gdm (GNOME Display Manager) - gnome login screen
MTAs: sendmail, postfix, smail, qmail
MUAs: mutt, pine, printmail, elm, mail, Thunderbird, Evolution, Eudora
firewalls: ipchains, netfilter/iptables
squid known for caching
Common Gateway Interface (CGI) - runs on web server allowing access to internal servers like databases.
news servers: InterNetNews (INN)
newsreaders: Gnews, PAN, Gnus, Thunderbird, pine
most common database management systems (DBMS): PostgreSQL, MySQL
fedora 13 system requirements:
processor: 200MHz min, 400MHz recomm
ram: 256mb text, 384mb gui, 512mb gui recomm
disk: 90mb min, 10gb full, 20gb recomm
installation programs: syslinux, anaconda
hard disks:
max 4 primary partitions
extended partition can contain unlimited partitions called logical drives
MBR limited to 2tb drives
GUID Partition Table (GPT) can install on larger disks
swap should be twice the ram
filesystems:
normal: ext2, vfat
journal: ext3, ext4, reiser
manual sections
1 - commands any user can use
2 - linux system calls
3 - library routines
4 - special device files
5 - file formats
6 - games
7 - misc
8 - commands only root can use
9 - linux kernel routines
n - uncategorized commands
makewhatis - command which indexes man page for newly installed programs
NIS (network information service) - standardizes config files across linux systems
NTP (network time protocol) - keeps the time across a network
winbind - allows a linux system to auth with ms active dir
READ REGEX FILE
ls -F - shows files with characters at the end of them signifying their type
/ - directory
@ - link
* - executable
head and tail display 10 lines
Filesystem Hierarchy Standard (FHS)
c header files located in /usr/include
/usr/local - most common place for additional programs
/usr/share - files that are architecture independent
/usr/src - source code
/usr/X11R6 - X window system
/opt - additional software programs
/lib - shared libraries and kernel modules
cp -i - interactive mode
to ensure that a wildcard is interpreted by 'find' and not the shell put it in quotes (ie "file*")
find
-name "name"
-size +4096k - greater than
-4096k - less than
4096k - exactly
-type d
b
c
-empty
-user "user" - file owned by user
-amin +-n - accessed minutes
-atime +-n - accessed days
-mmin +-n - modified minutes
-mtime +-n - modified days
which searches directories under PATH
filesystem has 3 main sections:
superblock: store general information (num of inodes, data blocks, size of each block)
inode table: contains inodes (information nodes) for every file/directory. has unique number, file size, data block location, modified, permissions, owner.
data blocks: obvious
hard links share an inode
link count is number after permission set when using "ls -l". this number indicates the number of files that share the inode.
ls -i - shows inode number
data blocks of symbolic link contain path name to target file. symlinks have different inode and size.
groups - command to see group membership
chgrp - change group of a file
permissions is also referred to as 'mode'
suid can only be set on compiled binary files
sgid can be set on binary files and directories.
if user creates file in directory with sgid, owner of file will be the creator, but the group will be of the directory.
sticky bit can only be set on directories. files can be created in dir but cannot be deleted except by owner.
rwsrwsrwt - set and sticky bits with execute permissions set
rwSrwSrwT - set and sticky bits without execute permissions set. useless
setting special bits
chmod [1]777
1 - sticky
2 - sgid
4 - suid
/dev/st0 - scsi tape
/dev/lp0 - parallel port
/dev/sr0 - scsi cd or dvd
/dev/sg0 - used to write to cd or dvd
device major number: points to device driver for device
device minor number: indicates device itself (ie fd0 minor is 0)
when a block device file becomes corrupt it becomes a normal file. "find /dev -type f" can help find corrupt block devices.
in case of corruption:
rm -f /dev/fd0
mknod /dev/fd0 b 2 0
mknod <file> <type> <major#> <minor#>
/proc/devices - contains devices currently in use
filesystems:
bfs - boot filesystem. commonly used in unix
cramfs - compressed rom filesystem. read-only fs typically used in embedded linux systems.
hfs/hfsplus - hierarchical fs. native mac os.
hpsf - high performance fs. ibm proprietary os/2 that supports long file names and optimized for large disks.
iso9660 - cd and dvd
minix - used in early development of linux
msdos - fat
ntfs - hurr durr
reiserfs - journaling fs best suited for databases
udf - universal disk format fs. used by programs which write to cd-rw/dvd-rw
vfat - virtual fat. supports long file names
vxfs - journaling fs with large file support and acl. commonly used by major versions of unix.
xfs - high performance/high volume fs developed by Silicon Graphics for IRIX UNIX systems.
mkfs -t ext3 /dev/sda3 - make filesystem. ext2 is default.
other mkfs commands:
fat
mkdosfs
mkfs.msdos
mkfs.vfat
ext2
mkfs.ext2
mke2fs
mke2fs -t ext2
ext3
mkfs.ext3
mke2fs -t ext3
ext4
mkfs.ext4
mke2fs -t ext4
iso
mkisofs
reiser
mkreiserfs
mkfs.reiserfs
xfs
mkfs.xfs
ntfs
mkntfs
mkfs.ntfs
/etc/mtab - currently mounted filesystems
fuser -u /media/floppy - check if a user is using the filesystem
/etc/fstab
<device> <mount point> <type> <options> <dump#> <fsck#>
dump# - used by dump command. 1 means backup, 0 means not
fsck# - chech filesystem before mount. 0 means don't check, 1 is checked first, then 2 ...
mkisofs -RJ -o newimage.iso /dir - makes an iso image of directory tree
-R - Rock Ridge support
-J - Joliet support
advantages of partitions:
- segregate different types of information
- different types of file systems
- reduce chance of fs corruption making system unusable
- speed up access to data
partition types:
type 83 - linux partition (ext fs)
type 82 - swap
fdisk:
t - change type
afterwards use L to list types
cfdisk - more graphical fdisk
mkswap /dev/derp - prepare partition for use as swap
swapon /dev/derp - use as swap
swapoff - deactivate swap
change entry in fstab to make permanent
LVM components:
physical volumes (PV): unused partitions on hard disk that lvm can use to store info
volume groups (VG): contains PVs.
logical volume (LV): usable space created by LVM using the available storage within a VG. contains filesystem. can be easily resized.
physical extent (PE) size: block size for saving data
pvcreate /dev/sda4 - creates physical volume usable by LVM
pvdisplay - shows PVs
vgcreate <name> <device> <device>... - create volume group from PVs and give the group a name. name becomes device name.
-s <size> - change PE size
vgdisplay - shows VGs
lvcreate -L 20GB -n name <vgroup> - create logical volume from VG
lvdisplay - show LVs
other volume information commands:
pvscan
vgscan
lvscan
extending:
add new PV then add the PV to a VG using "vgextend". then increase size of LV with "lvextend".
du -s - only total size
dumpe2fs -h <device> - show inode info
fsck /dev/derp
-f - full check
-a - automatically fix
-A - check filesystems in fstab which are tagged for checking
-C - show progress bar
-R - skip root filesystem
-V - verbose
e2fsck /dev/derp- check ext fs more thoroughly
-c - automatically add bad blocks to bad block list so they are not used
tune2fs -i 0 /dev/derp - changes fs check interval to 0 (disabled)
QUOTAS:
soft limit: a limit that the user can exceed for a period of time. default: 7 days
hard limit: cannot exceed
turning on and off:
quotaon
quotaoff
setup:
add "usrquota" and "grpquota" as options to the fs in fstab
create files "/aquota.user" and "/aquota.group"
run "quotacheck -mavug" (adds to database)
run "quotaon -avug" (turns on)
edquota -u <username> - edit quotas for user
edquota -u -t - edit time limit for soft quota
repquota /mountpoint - quota report
quota - users can view their own quota
quota -u <username> - quote of other user
SCSI:
Small Computer System Interface
terminator - in parallel, each end of cable needs on to prevent signals from returning
SCSI ID or Target ID - 0-15. uniquely identifies devices and assigns priority. highest priority is 7, then 6,5,4,3,2,1,0,15,14,13,12,11,10,9,8
SCSI became industry-defined standard in 1986
TYPES:
parallel
serial attached SCSI (SAS)
0
HISTORY:
SCSI-1(slow/narrow) 1986 8-bit 7-devices 5mb/s 50-pin centronics or LPT (Line Port Terminal)
SCSI-2(fast) 1994 8-bit 7-devices 10mb/s 50-pin LPT
SCSI-2(wide) 1994 16-bit 15-devices 20mb/s 68-pin LPT
SCSI-3(ultra) - 16-bit 15-devices 40mb/s 68-pin LPT or 80-pin SCA (Single Connector Adapter)
SCSI-3(ultra2 wide) 16-bit 15-devices 80mb/s 68-pin LPT or 80-pin SCA
SCSI-3(ultra3 wide) 16-bit 15-devices 160mb/s 68-pin LPT or 80-pin SCA
SCSI-3(ultra320) 16-bit 15-devices 320mb/s 68-pin LPT or 80-pin SCA
SCSI-3(ultra640) 16-bit 15-devices 640mb/s 68-pin LPT or 80-pin SCA
SAS 65535-devices 768mb/s 7-63-pin
iSCSI(Internet SCSI) - the computer attached to an iSCSI device over a network is called an iSCSI initiator.
iSCSI is a SAN technology.
RAID-0 - spanning or striping with no fault tolerance
RAID-1 - mirroring
RAID-2 - like RAID-1 bu provided error checking. no longer used because drives do this automatically.
RAID-3 - minimum 3 drives: 2 with data and 1 with parity. if parity disk failed, recovery is not possible.
RAID-4 - like RAID-3 but stores data in blocks, increasing access speed.
RAID-5 - referred to as 'disk striping with parity.' minimum 3 disks. parity information is stored on all drives.
RAID-6 - like RAID-5 but with added parity information allowing 2 drives to fail.
RAID-10 - spanning or striping with mirroring
RAID-15 - stripped/parity mirrored with another stripped/parity
software RAID - controlled by software
hardware RAID - controlled by interface card
firmware RAID - controlled by BIOS.
for firmware RAID, choose special disk config during linux installation.
for software RAID, choose normal disk config, and create custom layout later.
in software RAID, partitions will start at /dev/md0
at initial grub screen, press tab and add 'ask-method' to the end of the boot options line
automatic installation:
scripts called kickstart files are used.
after an installation, anaconda creates a file /root/anaconda-ks.cfg which can be used for later installations.
partition section in script are commented out for safety. uncomment them and make changes as necessary.
replace 'clearpart <whatever>' with 'clearpart --all' to erase partitions before installation.
add 'zerombr yes' above 'clearpart' to rewrite mbr.
'ignoredisk' may or may not be necessary.
system-config-kickstart - gui kickstart script creator
to use ks file:
at initial grub screen, press tab and add 'ks=<device>:<path>' where device can be 'floppy', 'cdrom', 'hd:sdb1' -- and path is absolute, ie '/ks.cfg'
'linux text' loads installation in text mode
installation problem categories:
- install start problems
- during install problems
freezing during installation - try disabling plug-n-play support
fatal signal 11 = segmentation fault - when program accesses area of RAM which is not assigned. check RAM for errors. also can be caused by, laptop power management, overclocked cpu, incorrect ram voltage.
if memtest86 finds no errors, it's likely a hardware fault somewhere else. try turning off CPU cache memory or increasing the number of memory wait states.
- after install problems
check install logs: /root/install.log and /root/install.log.syslog
/proc directory - contained within RAM:
apm - advanced power managment info
cmdline - location of kernel
cpuinfo - cpu info
devices - char and block devices currently in use
execdomains - execution domains for processes
fb - frame buffer devices (ie video cards)
filesystems - list of filesystems supported by the system
interrupts - IRQs in use
iomem - momory addresses in use
ioports - memory address ranges reserved for device use
kcore - representation of physical memory (binary - do no view)
kmesg - temp storage for kernel messages
loadavg - processor performance statistics
locks - files currently locked by kernel
mdstat - multiple-disk RAID configuration
meminfo - memory info
misc - misc devices
modules - modules in use
mounts - currently mounted filesystems
partitions - partitions currently loaded
pci - pci devices on the system
scsi - scsi device info
swaps - swap info
version - version info
/var/log/messages - startup messages
System Rescue mounts filesystem at /mnt/sysimage
filter command - a command that can take stdin and turn it into stdout
pr -formats a file for printing
pr -d - formats double-spaced
awk - manipulated using pattern-action statements
sed - manipulates using search/replace expression
sed - sed s/<search>/<replace>/ (ie cat file|sed s/THE/the/) ONLY REPLACES FIRST OCCURRENCE
sed s/<search>/<replace>/g REPLACES ALL
sed /<string>/s/<search>/<replace>/g ONLY ON LINES THAT CONTAIN <string>
sed 1,2,3s/<search>/<replace>/g ONLY ON LINES 1, 2, AND 3
sed /<string>/d DELETE ALL LINES THAT CONTAIN <string>
awk - awk treats output like a database. each word on a line can be referenced using $1, $2, etc.
awk '/<string>/ {$1, $4}' - only displays words 1 and 4
-F <char> - changes delimiter character to <char>
cmdline prompt: \u - username
\h - hostname
\W - current directory
BASH - location of shell
BASH_VERSION - version of shell
DISPLAY - used to redirect output of X window to display of another device
ENV - location of config (ie ~/.bashrc)
EUID - uid
HISTFILE - location of history file
HISTFILESIZE - history file max size
HISTSIZE - max size of history that can be stored in memory
HOME - home
HOSTNAME - hostname
LOGNAME - username
MAIL - location of mailbox
OSTYPE - os
PATH - binary directories
PS1 - prompt
PWD - working directory
RANDOM - variable which creates a random number when accessed
SHELL - location of current shell
TERM - determines terminal settings. 'linux' or 'xterm' on newer systems, 'console' on older systems.
TERMCAP - determines terminal settings on old systems using termcap databases (/etc/termcap)
set - shows all variables
env - shows exported/user-defined variables
alias <alias>="<command>"
to make variable available all the time place it in an "environment file" (ie ~/.bashrc)
typically only 1 env file is executed, the one that is found first
~/.bash_logout - cleanup commands
#! - is called a hashpling
\a - beep
\b - backspace
\c - prevents newline following command
\f - form feed
\n - new line
\r - carriage return
\t - tab
\v - vertical tab
if statements:
test conditions contained in [] or preceded by the word 'test'
-eq - =
-ne - !=
-lt - <
-gt - >
-le - <=
-ge - >=
-r - readable
-w - writable
-x - executable
-d - directory
-o - or
-a - and
! - not
/etc/profile is always executed
aliases and functions have higher priority than actual command
BOOT PROCESS:
POST - Power-On Self-Test
BIOS check its configs for boot devices to search for.
BIOS looks for OSs on any boot media.
if fails, BIOS looks for instruction on MBR/GPT of first hard disk.
boot loader, if present in MBR/GPT, boots the OS kernel.
sometimes MBR/GPT contains pointer to a partition which has a boot loader on the first sector. the partition is referred to as a "active partition." there can be only 1 per hard disk.
boot loader is unloaded after the OS is fully loaded.
OS then loads init (initialize daemon).
init initiates all other processes.
linux kernel stored in /boot.
Some virtualization software: KVM, QEMU, Xen
GRUB:
stage 1 - resides on MBR/GPT and points to stage 1.5
stage 1.5 - reside in /boot/grub. loads filesystem support and loads stage 2.
stage 2 - reside in /boot/grub. displays the actual screen and boots kernels and stuff.
grub does NOT need to be reinstalled after changing the config.
config: /boot/grub/grub.conf
hard drive notation: (hd<drive#>,<partition#>) starting at 0
global config:
hiddenmenu - no additional menus
password --md5 <hash> - set grub password (use grub-md5-crypt to generate hash)
default=<#> - default OS to load. # starts with 0.
timeout=<#> - prompt timeout in seconds.
splashimage=(hd0,1)/path - path to background image. usually compressed, ie file.xpm.gz
kernel config (must be tabbed like this):
title <name>
root (hd0,1)
kernel /path <parameters>
initrd /path
title <windows OS>
rootnoverify (hd0,0)
chainloader +1
kernel parameters:
rhgb (red hat graphical boot) - use splash
nosmp - disables symmetrical multi-processing support
mem=<#>M - forces detection of physical memory
grub refers to the partition which contains stage 2 as the "grub root partition". if on separate partition, usually the config is /grub/grub.conf instead.
at grub menu:
e - edit
c - cli
grub cli:
help
can type "kernel <options>" [enter]
"initrd <options>" [enter]
"boot"
grub-install - command available in restore mode. reinstalls damaged grub
grub-install /dev/sda - installs grub stage 1 into MBR. also do grub-install /dev/sda1 to install onto first partition.
LILO:
lilo stands for Linux Loader.
when lilo "boot:" prompt appears, you can:
press Tab to see list of available OSs
enter the name of an OS
hit enter to load default.
config: /etc/lilo.conf
# = comment
global config:
prompt - display boot prompt if no message is provided.
message=/path - path to image file that contains graphical screen.
timeout=<#> - prompt timeout. 10 = 1 second.
default=<name> - the name (specified in label=) of default OS to load.
boot=/dev/sda - specifies disk (or partition, ie /dev/sda1) on which lilo is installed.
map=/boot/map - specifies the file which contains the exact location of linux kernel.
install=/boot/boot.b - specifies file which contains physical layout of disk.
lba32 - specifies Large Block Addressing (32-bit) for disks with more than 1024 cylinders.
linear - specifies that lilo should use linear sector addressing. optional.
kernel config:
image=/path - path to kernal
initrd=/path - path to initrd image
label=<name> - name of OS
append="<options>" - parameters passed to kernel. ie "rhgb quiet root=/dev/sda1". root= is crucial.
read-only - initially mount filesystem read-only.
windows config:
other=/dev/sda1 - partition containing windows OS.
optional - prevents checking for linux kernel
label=<windows OS> - the label
after editing the config file, use the 'lilo' command to reinstall lilo with the new config.
lilo -U - uninstall lilo.
error messages:
L - first part of boot loader failed. can be caused by incorrect dard disk parameter. may be fixed by adding 'linear' to the config.
LI - second part failed or /boot/boot.b file is missing. adding 'linear' may fix it.
LIL, LIL-, LIL? - lilo loaded fine, but cant find certain files such as /boot/boot.b or /boot/map. adding 'linear' may fix it.
ELILO - lilo for EFI instead of BIOS.
USING WINDOWS BOOT LOADER TO DUAL BOOT LINUX:
if windows overwrites MBR, use System Rescue to modify /boot/grub/grub.conf and reinstall grub.
alternatively, you can use windows boot loader to load linux. to do this, you must add additional components to the windows boot loader.
EasyBCD can be downloaded from neosmart.net.
using EasyBCD:
copy grub.conf to removable media
install windows
install EasyBCD on windows
open EasyBCD and click Add New Entry
click the NeoGrub tab
click install in the NeoGrub tab
click Configure. this opens C:\NST\menu.lst in notepad
copy the contents of grub.conf into menu.lst
INIT:
runlevels are also called initstates.
fedora 13 uses the new upstart init system.
'N' in runlevel command means nonexistent.
'S', 's', or 'single' means single user mode.
in the old init, /etc/inittab held all configs.
rc stands for 'runtime configuration'.
/etc/rc.d/rc.sysinit is the first script run and sets environment variables such as PATH.
dmesg shows output of kernel and rc.sysinit.
init scripts are executed in alphabetical order.
init order of operations:
run /etc/rc.d/rc.sysinit
read /etc/inittab
run /etc/rc.d.rc 5 (this runs the next step)
run the appropriate rc scripts for that runlevel
run /etc/rc.d/rc.local
scripts are located in /etc/init.d
use service and chkconfig to manage daemons.
ntsysv - can also be used as a somewhat graphical daemon management tool. use '--level <#>'.
system-config-services - full graphical.
X WINDOW SYSTEM:
1984 - X Windows created by Digital Equipment Corporation (DEC) and MIT in. Originally called Project Athena.
1985 - X Window was released.
1988 - MIT releases version 11 release 2 (X11R2). After which, it was maintained by the Open Group.
199? - XFree86 open source version of X.
1995 - The Open Group Releases version 11 release 6 (X11R6).
2004 - X now maintained as open source software by X.Org Foundation.
window manager runs on top of X. examples:
compiz - uses 3D acceleration.
enlightenment
fvwm
kwin
lxde
metacity - used by gnome
mwm
sawfish
twm
wmaker
desktop environment is set of GUI tool such as browser, file manager, etc. examples:
Gnome - released in 1997. Uses metacity and GTK+ toolkit for C.
KDE - released by Matthias Ettrich in 1996. Uses kwin and Qt toolkit for C++.
GTK+ originally written for GNU Image Manipulation Program (GIMP)
Gnome Display Manager (gdm) starts the login screen. variant of X Display Manager (xdm)
/etc/gdm/custom.conf - gdm config file
KDE Display Manager (kdm)
The desktop environment for each user is stored in the .dmrc (display manager runtime config) file in the user home folder.
to allow root login through gdm edit files "/etc/pam.d/gdm" and "/etc/pam.d/gdm-password" and comment out the line "auth required pam_succeed_if.so user != root quiet"
gdm - command used to start a login screen
behavior of 'startx' can be determined by the file ".xinitrc" in the user home folder. it is not there by default.
.xinitrc file lines:
exec startkde
exec gnome-session
X CONFIG:
X.Org:
hardware information stored in /etc/X11/xorg.conf
XFree86:
hardware information stored in /etc/X11/XF86Config
mouse-test - command to detect mouse manually
system-config-keyboard - gui config
system-config-display - gui config
ctrl+alt+backspace - log out of X
xvidtune - used to change hsync and vsync of monitor
PROCESSES:
daemon - process not associated with a terminal
every process has PID and PPID (parent process id) that identifies the process that started it.
init has PID 1/PPID 0 (aka the kernel)
ps -ef - all processes with full info
-l - even more info
a - all processes across terminals (berkley style option)
x - all non terminal processes (berkley style option)
TTY - a '?' means it is a daemon
UID - usr who started it
C - CPU cycles
STIME - start time
TIME - time the process took
CMD - kernel processes are in [brackets]
F - flag indicates particular features. '4' means it was ran by root.
PRI - priority. 0=high, 127=low.
NI - nice value. can indirectly influence priority.
-20=greater chance of high priority
19=low chance of high priority
0=default
some systems give background process a value of 4
ADDR - memory address
WCHAN - what the process is waiting for.
SZ - memory size im KB.
STAT - state.
W - process has no contents in memory
< - high priority
N - low priority
S - current state of process.
S=sleeping
R=running
T=stopped/being traced
Z=zombie
[kthreadd] - sort of like a kernel space init
zombie (aka defunct) processes are processes that have finished but still retain a PID because the parent didnt release it.
zombie processes can be fixed by killing the parent.
rogue process - process using up tons of system resources.
top - system monitor
z - toggle colors
Z - change color mapping
B - toggle bold
b - toggle bold/reverse
<,> - change sort field
x - toggle highlight sort field
y - toggle highlight running processes
c - toggle full command names
k - kill process
r - renice. change NI value to alter priority
d or s - set update interval
W - write config file
h - help
q - quit
l,t,m - toggle summaries at top
1 - toggle CPU display
I - irix/solaris mode
i - idle processes
f - change fields
o - change display order
F or O - sort field
R - reverse sort
H - toggle threads
S - toggle cumulative time
u - show specific user only
n or # - set max tasks displayed
kill
-l - list of kill signals
kill signals:
1 - SIGHUP. signal hang-up. restarts process with same PID.
2 - SIGINT. signal interrupt. weak. used by ctrl+c.
3 - SIGQUIT. core dump. copies memory content of process and saves it in a file called 'core' in working directory.
15 - SIGTERM. software terminate. default for kill command.
9 - SIGKILL. absolute kill. forces kill by sending the process's resources to /dev/null. no process can trap this.
3 main types of linux commands:
binary programs
shell scripts
shell functions
forking: the creation of subshells.
subshells use the 'exec' function to execute the binary that was evoked, the parent shell uses the 'wait' function, then the subshell uses 'exit'.
jobs:
when viewing background jobs, a + symbol marks the most recent job and a - symbol marks the second most recent.
when refering to a job ID, use %<#>. Using % alone will refer to the most recent job (the one with the +)
time slice: amount of time a process has to use the CPU, usually measured in milliseconds.
nice -n <+/-#> <command> - rune command with nice value.
renice <+/-#> <PID> <PID> ... - change nice value of process(es)
-u <user> <user> ... - instead of PID, root can renice process of user(s)
-g <group> <group> ... - renice group(s)
SCHEDULING COMMANDS:
atd - at daemon. used for scheduling tasks. displays "at>" prompts after evoking the "at" command.
syntatx: at <time>. time can be many different phrases. FINISH COMMANDS WITH CTRL+D.
-f <file> - read commands from file instead of stdin.
-m - send mail to user eve if no output.
-l - list jobs. use 'atq' command instead. root user sees all jobs.
-d - delete jobs. use 'atrm' command instead.
-c <job> - shows commands to be executed by job.
files:
/var/spool/at/ - shell environments and scheduled commands are stored in this directory.
/etc/at.allow - users allowed to use atd. if allow/deny files do not exist, only root can use atd.
/etc/at.deny - users not allowed to use atd. create this file and leave it blank to allow all user. this id default in Fedora.
if output is not redirected to file, the output will be mailed to the user.
time phrases:
now
tomorrow
teatime (4pm)
monday
tue
midnight Jul 10 2012
noon July 5
now + 2 days
now + 4 hours
now + 30 minutes
now + 2 weeks
9am 10/31/2012
4:20pm 10312012
4:20 10.31.2012
crond - cron daemon. uses configuration file called cron tables.
configs:
/etc/cronbtab - system tasks
/etc/cron.d/ - caontains system cron tables
/var/spool/cron/ - contains user cron tables. files are saved by username.
/etc/cron.allow - users allowed to use cron. if allow/deny files do not exist, only root can use cron. this file has priority over cron.deny.
/etc/cron.deny - users not allowed to use cron. create this file and leave it blank to allow all user. this id default in Fedora.
/etc/cron.hourly/ - place shell scripts in here to be run at the given time interval.
/etc/cron.daily/ - place shell scripts in here to be run at the given time interval.
/etc/cron.weekly/ - place shell scripts in here to be run at the given time interval.
/etc/cron.monthly/ - place shell scripts in here to be run at the given time interval.
other:
* = wildcard
numbers can be comma separated (20,40)
numbers can be a range (1-5)
time is in 24-hour format
commands:
1 2 3 4 5 command
1 = minute past the hour (0-59)
2 = hour past midnight (0-23)
3 = day of month (1-31)
4 = month of year (1-12)
5 = day of week (0=sun 1=mon 2=tue 3=wed 4=thu 5=fri 6=sat 7=sun)
crontab - command that helps manage cron jobs
-u <user> - specify a user
-e - edit. opens crontab in editor of choice.
-l - list current crontab
-i - remove current crontab with a prompt.
-r - remove current crontab. NO PROMPT!
example:
20,40 17 * * 1-5 /myscript - runs 'myscript' at 5:20pm and 5:40pm each day, mondat through friday
0 4 1 * * /backup - runs 'backup' at the 1st of the month every month at 4:00am.
PRINTER ADMINISTRATION:
CUPS - common unix printing system
/var/spool/cups - print spool/queue directory
/etc/cups/lpoptions - printer options configuration
/home/user/.lpoptions- personal printer options configuration
PRINTER or LPDEST - default printer environment variables
lpstat - shows all print jobs in queue
-a - shows printers that are accepting jobs
-d - shows default printer
-o <printer> - shows jobs for specific printer
-p - shows printers that are enabled
-r - shows whether cups is running
-t - show status of all printers
output shows scheduler is running, printer name, printer device, enabled, accepting requests, and if any print jobs.
cupsenable <printer> - enables printer
cupsdisable <printer> - disables printer, still accepts jobs into queue
-r <message>
cupsaccept <printer> - accept jobs into queue
cupsreject <printer> - reject jobs
cancel -a - cancel all jobs
lpoptions -d <printer> - set printer as default. (stored in /etc/cups/lpoptions)
lpadmin -u allow:root,user1 -u deny:all -d printer1
print job names are <printer name>-<#> (such as LaserPrinter033-1)
traditional systems use LPD
LPD commands:
lpr - print to default printer in LPD system
-H <host:port> - alternate server
-E - use encryption
-#<#> - number of copies
-q - hold job for printing
lpc status - view status of printers
lpq - show print jobs in queue
-h <host:port> - alternate server
-E - use encryption
-U <username>
-P <printer>
-l - verbose
-a - show all
lprm <options> <#> - remove print jobs
-h <host:port> - alternate server
-E - use encryption
-U <username>
-a - cancel all jobs
If printer does not support PnP (Plug and Play), you must select "other" in system-config-printer and provide a URI.
"printer class" allows a set of default settings to be applied to a group of printers.
go to Server menu > New > Class
manage printer by navigating to http://servername:631
LOG FILE ADMINISTRATION:
boot.log - daemon startup during system init
cron - cron and atd daemons
dmesg - system hardware detection
maillog - sendmail
secure - network access such as sshd and xinetd
wtmp - history of all login sessions
rpmpkgs,yum.log - list of packages installed by rpm
xferlog - ftp log
Xorg.0.log,XFree86 - X windows
lastlog - list of users and the time they last logged in. must use the 'lastlog' command
messages - important messages generated during and after system init
rsyslogd - system log daemon. creates the socket /dev/log
/etc/rsyslog.conf - config file
/etc/rsyslog.d/ - contains extra configs
arguments:
* = wildcard
; = separator
<facility>.<priority> /path/logfile - logs the specified item(s) into logfile. path can be a file or a socket via @host:port (default port 514)
facility - where rsyslog should listen. can be comma separated.
kern - listen to kernel messages
news - listen to news daemon
auth - login, getty, su, etc.
security - same as auth
authpriv - network login
cron
daemon - system daemons such as ftp
lpr - printing system
mail - sendmail
mark - timestamps used my rsyslog. internal only
syslog
user - messages from user processes
uucp - Unix to Unix Copy daemon
local<0-7> - can be customized
priority (in order of seriousness)
debug - all messages
info - normal messages
notice - notice messages. not an error
warning,warn - warning messages. might be error, but not system critical
error,err - error messages. generic
crit - critical messages. such as disk failure.
alert - alert messages. must be dealt with immediately such as system database corruption
emerg,panic - serious messages. things normally broadcast to all users.
format
=warning - only warning
!=warn - not warning
log server:
on the server open /etc/rsyslog.conf and uncomment all lines with:
$ModLoad
$UDPServerRun
$InputTCPServerRun
on the client open /etc/rsyslog.conf and add a line similar to:
auth.info @server:514
log management:
clear a log by writing to it via ">/log/file" with nothing before it. do not delete the file, permissions may get screwed up.
it's best to save a backup of logs before clearing.
logrotate:
/etc/logrotate.conf - config file
/etc/logrotate.d/ - contains extra config files
logrotate would rename test.log to test.log.YYYMMDD
arguments:
rotate 4 - keep 4 weeks worth of backlogs
postrotate - starts a script
[script]
endscript
USERS AND GROUPS:
dfdffpwunconv - command causes system to use /etc/passwd file only
pwconf - command causes system to use /etc/passwd and /etc/shadow
/etc/passwd - name:password:uid:gid:GECOS:home:shell
GECOS - a description of the user from the old General Electric Comprehensive Operating System. not used anymore.
/etc/shadow - name:password:lastchange::min:max:warn:disable1:disable2:
specific date fields are measured in number of days since 1/1/1970
password - might be '*' or '!!'. if hash begins with '!' or '!!' then the account is locked.
lastchange - specific date password was last changed
min - number of days user must wait before changing password
max - number of days user can keep password
warn - warning will pop up this number of days before expiration
disable1 - number of days user can still log in after expiration
disable2 - specific date for account expiration
/etc/group - group:password:gid:member,member...
password is usually 'x'. group password can be set using 'gpasswd' command.
/etc/login.defs - contains defaults for user creation
/etc/default/useradd - contains defaults for user creation
/etc/skel - contains files that are put into new user home directories
useradd <user> - create user
-c "<description>"
-d <home>
-e <expiration date>
-f <disable1>
-g <group> - primary group
-G <group,group,..> - secondary groups
-m create home directory when user is created. default in fedora.
-k <skeleton directory>
-s <shell>
-u <#> - specify UID
usermod - modify user accounts
-c "<description>"
-d <home>
-e <expiration date>
-f <disable1>
-g <group> - primary group
-G <group,group,..> - secondary groups
-l <name>
-L - lock account. places '!' at beginning of password hash.
-s <shell>
-u <#> - specify UID
-U - unlock account. removes '!' at beginning of password hash.
change <username> - changes min, max, and warn values for user
-m <#> - min
-M <#> - max
-W <#> - warn
passwd <username> - modify password
-l - lock account. places '!!' at beginning of password hash.
-u - unlock account. removes '!!' at beginning of password hash.
another way to make user unable to use system is changing shell to /bin/false.
you can edit /etc/passwd, use usermod -s /bin/false user, or use chsh -s /bin/false user.
userdel <username> - delete user
-r - remove all user files
groupadd <group name>
-g <gid>
groupmod
groupdel
groups - lists the current user's groups
id - shows groups with GIDs
newgrp <group name> - temporarily change primary group. good for creating files with certain group permissions.
system-config-users - gui program
COMPRESSION:
compression ratio - file reduced to 52% size = 48% compression ration
compression tools:
compress - package name: ncompress. preserves perm data. uses Adaptive Lempel-Ziv coding (LZW). has compression ration of 40%-50%. file extension: .z
-c - display contents of compressed file
-f - force
-r - recursive
-v - verbose. displays compression ratio
uncompress
-f - force. do not prompt
-v - verbose
gzip - GNU Zip. uses Lempel-Ziv coding (LZ77). compression ration 60%-70%.
-<#> - number representing compression to use. 1=fast/low-compression, 9=slow/high-compression. default: 6.
-c - display contents of compressed file
-d - decompress
-f - force
-n - not preserve metadata
-q - quiet
-r - recursive
-S <.x> - specify different file extension
-t - test
-v - verbose. displays compression ratio
gunzip
-f - force. do not prompt
-v - verbose
bzip2 - uses Burrows-Wheeler Block Sorting Huffman Coding. compression ratio 50%-75%. no recursive option.
-<#> - number representing compression to use. 1=fast/low-compression, 9=slow/high-compression. default: 6.
-c - display contents of compressed file
-d - decompress
-f - force
-k - keep original file and create new file
-q - quiet
-s - minimize memory usage during compression
-t - test
-v - verbose. displays compression ratio
bunzip2
-f - force. do not prompt
-v - verbose
zcat,zless,zmore - shows contents of file compressed with 'compress' or 'gzip'
bzcat,bzless,bzmore - shows contents of file compressed with 'bzip2'
BACKUPS:
tar - Tape Archive. format: tar <options/actions> <archive> <content>
-A - appends whole archive to another archive
-c - create archive
--exclude <file> - exclude files
-f <file> - location of archive (file or device)
-h - not backup symlinks. instead, backup target files of symlinks.
-j - compress/decompress using bzip2
-z - compress/decompress using gzip
-Z - compress/decompress using compress
-r - appends files to existing archive
-u - appends files to existing archive only if files are newer that files in archive
-t - list contents of existing archive. for compressed archives, you must use -z with it
-v - verbose
-w - prompt user
-W - verify contents after archive is created
-x - extract from archive
cpio - Copy In/Out. Most options similar to tar. uses absolute path names by default. accepts list of absolute file names from stdio.
-i - extract
-o - create
-I <file> - input file
-O <file> - output file
-A - append
-B - change block size from 512 to 5k, speeding up the transfer
-L - not backup symlinks. instead, backup target files of symlinks.
-t - list
-v - verbose
dump - only works ext2 or ext3 filesystems. can backup files/directories, but designed to backup whole filesystems.
/etc/dumpdates - file keeps track of backups
-<#> - number representing backup type. 0=full, 1-9=incremental (different types)
-b <#> - block size in kb. default: 10kb
-f <file> - pathname to archive.
-u - update the /etc/dumpdates file after backup
-n - notify user of any errors
-v - verbose
restore
-r - extract an archive
-x <file> - extract certain file(s)
-i - interactive
-t - list
-v - verbose
INSTALLING SOFTWARE:
"./configure" checks system requirements and makes a list in a file called "Makefile"
Makefile might have commented lines that can be uncommented to turn on certain features
"make" looks for Makefile and compiles source code into binary files that reside in the working directory.
"make install" moves the files to the appropriate locations in the system. most go under /usr/local
rpm
/var/lib/rpm/ - directory stores rpm database
-i - install
-e - remove
-v - verbose
-h - "hash marks" progress bar
-F - update specific package
-q - query specific
-qi - query with more info
-qa - query all
-qc - show location of configuration files
-ql - list binaries associated with package
-qf - provide filename to find package it's associated with
yum
/etc/yum.conf, /etc/yum.repos.d/* - yum configs. provide sources lists
KPackageKit - graphical package manager
NETWORKING:
'AND' operation - compare two binary bits (A and B). if A and B both equal 1, then result is 1. otherwise, result is 0.
CIDR - Classless Inter-Domain Routing
class A 1-126, class B 128-191, class C 192-223, class D 224-239, class E 240-255
169.254.x.x - APIPA
ipv6 loopback = ::1
ipv6 host portion is called "link local" portion
kernel modules end with .ko (kernel object) and stored in /lib/modules
modules are loaded during boot by entries in files located in /etc/modprobe.d/
dist.conf - most are loaded from this file
alias <name> <driver> - line in dist.conf gives alias (such as eth0) to a driver
blacklist.conf - modules to not be loaded
APIPA - Automatic Private IP Addressing
ICMP - Internet Control Message Protocol - used to negotiate APIPA address with other hosts
netstat -i - can also show interface info
/etc/sysconfig/network-scripts/ifcfg-<interface> - interface config
/etc/sysconfig/network-scripts/ifcfg-<ISP> - ppp interface config
modem (modulator-demodulator) uses PPP to transmit tcp/ip over a serial line, typically at 56k
linux usually creates /dev/modem symlink to correct serial device port.
ISDN - 128k
variants of DSL - Asynchronous DSL (ADSL) most common in homes, High-bitrate DSL (HDSL) common in business
variants are simplified as xDSL
DSL can get up to 20M
pppd - ppp daemon. ppp also requires kernel modules
/etc/ppp/ and /etc/isdn/ - contain configs for the pppd daemon
most common connection problem with ppp is incorrect passwords
/etc/ppp/pap-secrets (PAP = password authentication protocol) - contains passwords for ppp if ISP accelts plain text passwords.
/etc/ppp/chap-secrets (CHAP = challenge handshake authentication protocol) - contains passwords for ppp if passwords are not sent in plain text.
ifup <ISP> - connect to ppp
NAME RESOLUTION:
set hostname by editing the /etc/sysconfig/network file. HOSTNAME=server1.domain.com
NIS can share the hosts file
/etc/resolv.conf file can contain up to 3 nameserver entries
3 dns commands: nslookup, dig, host <name>
/etc/nsswitch.conf - specified order for name resolution. older systems used host.conf, it still exists for legacy use.
ROUTING:
netstat -r does same as 'route'
hosts with more than one interface are called "multihomed hosts" and can be configured for IP forwarding
IPv4 forwarding - place a 1 in file /proc/sys/net/ipv4/ip_forward
IPv6 forwarding - place a 1 in file /proc/sys/net/ipv6/conf/all/forwarding
IPv4 forwarding at boot - line 'net.ipv4.ip_forward = 1' in file /etc/sysctl.conf
IPv6 forwarding at boot - line 'net.ipv6.conf.default.forwarding = 1' in file /etc/sysctl.conf
route del <route> - deletes route
ip route add <dest-net> via <outbound-net>
add route commands to rc.local to load route tables on boot
quagga - routing software that can use rip and ospf
NETWORK SERVICES:
/etc/services - services and port numbers
ports:
ftp - tcp 20,21
ssh - tcp 22
telnet - tcp 23
smtp - tcp 25
http - tcp 80
https - tcp 443
rlogin - tcp 513
dns - tcp/udp 53
tftp - udp 69
pop3 - tcp 110
pop3s - tcp 995
nntp - tcp 119
nntps - tcp 995
imap4 - tcp 143
imap4s - tcp 993
daemons that connect directly are called stand-alone daemons. otherwise, they use xinetd, the internet super daemon
/etc/xinet.conf - config file
/etc/xinet.d/ - contains extra config files
innd - Internetwork News Server - manages newsgroups - config: /etc/news/inn.conf
ipop3d - pop3 server
imapd - imap server
in.rlogind - rlogin server
in.rshd - rsd server
in.telnetd - telnet server - package name: telnet-server
REMOTE ADMINISTRATION:
/etc/securetty - settings in this file prevent root from using remote shells. remove it or rename it to enable.
enable telnet - install telnet-server and put disable = no in /etc/xinetd.d/telnet
enable rsh - install rsh-server and put disable = no in /etc/xinetd.d/rsh and /etc/xinetd.d/rlogin. on remote hosts, add host names to /etc/hosts.equiv
r commands:
rlogin - get shell on remote machine
rcp - get file on remote machine
rsh - execute command on remote machine
X windows clients listen on port 0.
enable remote X - add line DisallowTCP=false to file /etc/gdm/custom.conf under the [security] section.
use remote X - remote into another host using telnet or ssh, then run 'export DISPLAY="<ip-address>:0.0"' where ip-address is your local system, :0 is port 0, and .0 is display 0.
VNC uses Remote FrameBuffer (RFB). it listens on port 5900 + display#, therefore 5902 for display 2.
enable vnc - install vnc-server. add following lines to /etc/sysconfig/vncservers:
VNCSERVERS="2:root" #display:user
VNCSERVERARGS="-geometry 1024x768 -depth 16"
after that, use the vncpasswd command to create a password. passwords are stored in ~/.vnc/passwd
vncviewer <addr>:<port>:<display#> - connect to remote vnc server
CONFIGURING NETWORK SERVICES:
dhcp request:
client -> dhcpdiscover
client <- dhcpoffer
client -> dhcprequest
client <- dhcpack
or client -> dhcpdecline
at 50% lease time, client will send dhcprequest. if server unavailable, at 87.5% client will send dhcpdiscover. when lease expires, ip config goes to apipa.
dhcpd - dhcp server. package name: dhcp. config files: /etc/dhcp/dhcpd.conf and /etc/dhcp/dhcpd6.conf
config args:
default-lease-time <seconds>;
option routers <addr>;
option domain-name-servers <addr>;
subnet <addr> netmask <mask> {
range <addr> <addr>
}
current leases stored in /var/lib/dhcp/dhcpd.leases and /var/lib/dhcp/dhcpd6.leases
DNS:
iterative query - when reply is generated from a cache
recursive query - when server repeats the forward lookup. the responder replies with the IP address for the correct server.
master (primary) server - master server for a zone
slave (secondary) server - slave server for a zone
zone transfer - slave periodically downloads record updates from master
/var/named/ - contains all dns files
/var/named/chroot/ - named chroot direcotry
/var/named/chroot/etc/named.conf - config used withing chroot
zone files are .db or .zone files
<name>.in-addr.arpa - contains PTR records
named.local/named.ip6.local OR named.localhost OR named.loopback - identifies loopback
named.ca OR named.root - dns cache file. contains ip address of top-level dns servers
BIND - Berkeley Internet Name Daemon
system-config-bind - gui tool
NTP:
NTP - Network Time Protocol. uses udp 123. hierarchical structure of sources called strata.
stratum 0 - atomic or gps clocks
stratum 1 - servers obtain time from stratum 0
stratum 2 - clients/servers obtain time from stratum 1, etc.
supports up to 256 strata. lower strata not necessarily more reliable
ntpd - ntp daemon
/etc/ntp.conf - config file contains lines specifying servers to get time from.
server <domain-name>
restrict <addr> netmask <mask> nomodify notrap - allows another host to query your system for time information
to correct the time: stop ntpd, run the 'ntpdate -u <domain-name>' command (possible several times), and start ntpd again
hwclock - command used to work with bios system clock
ntpq -p - shows the servers the system is synchronized with
NIS:
NIS - Network Information Service. synchronizes config files
in a nis domain, nis masters provide nis maps (files) to nis slaves (optionally) which then provide maps for nis clients.
ypserv - nis daemon
configuring nis server:
install ypserv
use 'domainname <nis-domain>' command OR edit /etc/sysconfig/network and add line 'NISDOMAIN="<nis-domain>"'
edit /var/yp/Makefile, find line that starts with 'all:', and list the files to be shared using nis
if there are no slave servers add the line 'NOPUSH=true'
if there are slaves list the slaves in /var/yp/ypservers
add names and ip addresses of allowed clients to /var/yp/securenets
allow those clients to the maps by editing the /etc/ypserv.conf file
start the ypserv daemon
start the yppasswdd daemon
generate maps by using the '/usr/lib/yp/ypinit -m' command
start ypbind daemon to allow clients to connect
configuring nis client:
use 'domainname <nis-domain>' command OR edit /etc/sysconfig/network and add line 'NISDOMAIN="<nis-domain>"'
edit /etc/yp.conf and add line 'domain <nis-domain> server <name>' OR add line 'domain <nis-domain> broadcast' to listen to broadcasts
start ypbind daemon
locate nis server using 'ypwhich' command
edit /etc/passwd and add line '+:*:0:0:::'
create alias so that yppasswd is used instead of passwd
WEB:
apachectl - command used to manage apache. works like 'service httpd'
ab - "apache benchmark" command used to monitor performance.
ab -n1000 -c100 http://127.0.0.1 - sends 1000 requests 100 at a time to localhost
SAMBA:
nmblookup - netbios lookup command
daemons: smb, nmb
adding a local user for access to shares:
useradd <user>
passwd <user>
smbpasswd -a <user>
/etc/samba/smb.conf
netbios name = <name>
smbclient -L <server> - lists shares on a samba server
-U <user>
-N - no password
testparm - tests config file
FTP:
wu-ftpd - Washington University FTP Daemon - the traditional ftp
if login with anonymous user, you will be placed in /var/ftp
lcd - changes current directory on local machine
EMAIL:
smtp - tcp port 25
pop - post office protocol
imap - internet message access protocol
sendmail - smtp server
telnet <hostname> 25 - telnet into mail server
EHLO <hostname> - test ESMTP support
HELO <hostname> - test SMTP support
mail from: <email> - adds a return address fro a new email
rcpt to: <email> - recipient's email
data - begin writing a message after this
. - put this on a line by itself to end the message
/etc/aliases - contains aliases for users
<alias>: <user>
newaliases - command used to update the alias database after editing the aliases file
to make sendmail accept pop or imap, edit the /etc/mail/sendmail.mc file
make -C/etc/mail - command used to recompile the /etc/mail/sendmail.cf after changes were made to sendmail.mc
postfix is easier to configure than sendmail
/etc/postfix/main.cf
mydomain = <domain>
myorigin = $mydomain - set local access to domain name
inet_interfaces = <int> - set interfaces to listen on or specify "all"
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain - configures destination domain
mynetworks_style = class - trust emails from local network
/var/spool/mail/<user> - user mailbox
/var/log/maillog - log file
SQL:
PostgreSQL
postgres - user created by postgresql with home folder /var/lib/pgsql. must assign password
service postgresql initdb - run this before starting daemon
/var/lib/pgsql/data/postgresql.conf - main config file for the daemon
/var/lib/pgsql/data/pg_hba.conf - file containing allowed hosts
/var/lib/pgsql/data/pg_ident.conf - authentication information
configure:
log in as postgres user
createdb <db> - create database
psql <db> - manage database
createuser
dropuser
dropdb
pg_dump - backup pgsql settings
pg_dumpall
pg_restore
\l - list databases
\c <db> - switch to another database
\d - list tables in current database
TROUBLESHOOTING:
tail -f <logfile> - continuously view updated log file
prioritize by severity
solve the root of the problem
collect info
isolate problem
list possible solutions
implement and test solution until resolved
document
to find underlying cause, justify the solution that worked
three categories: hardware, software, user interface
hardware:
make sure:
all scsi terminated
video/monitor settings configured properly
hardware on compatibility list
view dmesg, /var/log/boot.log, or /var/log/messages
lsusb - command to list usb devices
if non-critical partition fails:
power down and replace hdd
boot linux
use fdisk to create partitions
lvm optional
use mkfs to create fs
restore data
edit entries in /etc/fstab
if root partition fails:
power down and replace hdd
reinstall linux (use original partition structure)
restore data
software:
problems:
missing libraries and files
process restrictions
conflicting applications
when compiling source, if the configure script fails to find required files, it fails to create the Makefile
rpm -V <package-name> - view missing files
ldd /bin/<program> - show shared libraries used by program
ldconfig - cammand to update list of libraries in files /etc/ld.so.conf and /etc/ld.so.cache
LD_LIBRARY_PATH - bash variable contains list of directories containing shared libraries
ulimit -n <#> - change default file handle restriction for processes. default: 1024
ulimit -u <#> - change maximum number of user processes
file handles - connections to files on fs (as well as stdout, stdin, stderr)
linux restricts number of file handles for a program to 1024 by default
when resource conflict:
restart process by sending it the SIGHUP signal
try running it in single user mode
look for newer version or fix
OS:
problems:
X windows
bootloader
filesystems
if display problem (X/gdm):
config using system-config-display
check /var/log/Xorg.0.log
use xwininfo or xdpyinfo commands
LILO:
sometimes replacing the word "compact" with "linear" in /etc/lilo.conf fixes it
GRUB:
usually due to missing file in /boot
large disk problems:
make sure kernel resides before cylinder 1024
make sure "lba32" (large block addressing) is specified on bootloader config file
if non-critical filesystem becomes corrupt:
unmount
run fsck -f <dev>
restore data
if root filesystem becomes corrupt:
boot from disk and enter system rescue
use mkfs to recreate filesystem
restore data
Knoppix and BBC Linux contain more restore utilities
User Interface:
Assistive Technologies - software used to modify desktop experience
Orca - braille translation
keyboard config:
repeat keys - sim repeated press when held
sticky keys - sim simultaneous press when two held
slow keys - only accept long press
bounce keys - ignore fast duplicate key
mouse keys - control mouse with keys
PERFORMANCE:
jabbering - defunct hardware sends excessive info to CPU when not in use
bus mastering - adding peripheral devices to take load off CPU
put CD/DVD drives on separate disk controllers from hdds
sysstat (system statistics) - set of tools for benchmarking, baselining, and monitoring. package name is sysstat
mpstat (multiple processor statistics) - CPU stats.
%sys should be less than %usr or %nice. if not, there is a problem.
%iowait shows time CPU waited for IO request
%irq and %soft shows response time to interrupts
%guest shows time executing virtual CPUs
%steal shows time CPU is waiting to respond to virtual CPU requests
%idle is idle time and should not be less than 25% of long period of time
-P <#> - specify processor #
mpstat <interval-seconds> <measurements> - show current measurements (ie 'mpstat 1 5' will show a table with 5 rows and update every 1 sec)
iostat - CPU and disk stats
tps - transfers/sec
iostat <interval-seconds> <measurements>
sar (system activity reporter) - displays far more info
scheduled using cron. default 10 min. change interval by editing /etc/cron.d/sysstat
info logged in /var/log/sa/sa# where #=day of month
-f /var/log/sa/sa# - view from file
-A - all
-b - io
-B - swap
-d - io for each disk
-n ALL - all network
-o <file> - save to file
-P <#> - CPU number
-q - CPU queue
-r - memory and swap
-R - memory
-u - CPU (default)
-v - fs (kernal-related)
-W - swapping
sar <interval-seconds> <measurements>
vmstat - virtual memory stats
SECURITY:
restrict physical access
remove media devices
disable USB boot
set BIOS password
set bootloader password
nohup <command> & - runs command in background and allow you to exit shell without killing the process of the command
ntsysv - command similar to chkconfig
if possible, make sure network service are not running as root
make sure daemon user shells are set to /sbin/nologin
nologin - prints text in /etc/nologin.txt or a standard message if file does not exist.
/usr/sbin/tcpd - a TCP wrapper that can start a network daemon
it checks the /etc/hosts.allow and /etc/hosts.deny files
edit /etc/xinetd.d/<service> file to look like this:
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
web files should be owned by the web developer, not the apache user. apache user needs read permissions.
FIREWALL:
rule chains:
INPUT - packets destined for localhost
FORWARD - packets passing through
OUTPUT - packets originating at localhost
to config as NAT router, use rules PREROUTING, OUTPUT, and POSTROUTING
iptables -F - flush rules from memory
iptables -P FORWARD DROP - set default policy for FORWARD to DROP
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -L - list tables
SELINUX:
/etc/selinux/config
SELINUX = <enforcing|permissive|disabled>
SELINUXTYPE = <targeted|strict>
targeted - only targeted network daemons
strict - all daemons
SELinux Troubleshooter - gui tool for managing alerts
ENCRYPTION:
GPG - GNU Privacy Guard
RSA - Rivest Shamir Adleman
DSA - Digital Signature Algorithm
ssh - uses rsa to encrypt data and dsa to digitally sign data
key pairs stored in /etc/ssh
ssh_host_dsa_key - dsa private
ssh_host_rsa_key - rsa private
ssh_host_dsa_key.pub - dsa public
ssh_host_rsa_key.pub - rsa public
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
ssh-add
ssh-agent
gpg - command used to manage gpg keys
~/.gnupg/ - directory containing gpg configs and keys
INTRUSION:
PAM - Pluggable Authentication Module
/var/log/secure - PAM logs auth info here
/var/log/wtmp - list of users who have logged into a bash shell. must use who '/var/log/wtmp'
lsof - command lists currently open files
hackers will try to create binary files owned by root with SUID
use 'find / -type f -perm +4000' to search for files with SUID
tripwire - file integrity checker
to configure tripwire:
edit /etc/tripwire/twpol.txt and edit the line "HOSTNAME=localhost" to include your hostname
run 'tripwire-setup-keyfiles' and enter a tripwire admin password. this creates /etc/tripwire/tw.cfg
afterward you can use the 'twadmin' command to edit the settings
run 'tripwire --init' to create the database
run 'tripwire --check' periodically to check file integrity
IDS programs:
AIDE - Advanced Intrusion Detection Environment - integrity checker
ICU - Integrity Checking Utility - perl-based. works with AIDE to check integrity remotely
PortSentry - detects port scanning
Snort Airsnort - complex IDS. captures traffic. detects port scanning
LIDS - Linux Intrusion Detection System - modifies linux kernel
SWATCH - Simple WATCHer - watches log files and alerts admins
EXTRA NOTES:
lspci is not used to troubleshoot X Windows
the book thinks ctrl+alt+f1 is gui
with ls -F:
* - executable
@ - link
regex: ^[x]=beginning, [^x]="NOT"
FHS - Filesystem Heirarchy Standard
permissions: s=suid with execute, S=suid, t=sticky with execute, T=sticky
default perm: file=rw-rw-rw-,dir=rwxrwxrwx
after using chgrp to change ownership, use chown to change it back.
symlinks can go across filesystems. hard links cannot.
number after permissions in ls -l shows how man files are attached to the inode
use mknod to create device file if major/minor #s known. if not, use /dev/MAKEDEV
/dev/mtab = currently used filesystems
dumpe2fs -h - shows superblock information
