Basic System Administration
Basic System Administration
$HOME is sometimes not /root but instead /; so watch what you delete!
Never execute any regular user's program as root (possible Trojan Horse)
Examples:
- user1 localhost=/sbin/halt user1 can halt local system
[user1@student1]$ sudo /sbin/halt
password:
[user1@student1]$ System going down now!
- user2 ALL= NOPASSWD: /sbin/halt user2 can halt any system w/o password
- user3 instructor = /usr/sbin/* user 3 can run any command in /usr/sbin
System Administration tools
man: Sections - 1 commands, 2 system calls, 3 C library routines, 4 devices
and networks, 5 file formats, 6 games and demos, 7 miscellaneous, 8 system
administration
info textinfo man page
vi editor (front-end to a lot of utilities)
su, sudo
df/du, mount
dump/restore, dd, cpio, tar, rmt, find, rsync
ps, at, batch, crontab, anacron, watch, kill, nice, nohup, killall,
useradd, usermod, userdel. passwd
groupadd, groupmod, groupdel
who, whoami, w, id
syslog
system configuration files /etc
System information
hostname
uname a
dmesg
who, whoami, w, id
last (reboot)
which, where/whereis, apropos
hwclock
date
ulimit (user limits)
sysctl (system limits/settings)
cgroups
/etc/sysconfig
/etc/security
/proc
ps, pstree,
System monitoring
sar
pmap
vmstat,
mpstat
iostat
nstat (network),
pidstat
dstat
free
lsof
top, ntop, iftop, latencytop
ulimit a (view), ulimit n (set) ulimits Hn, ulimits -Sn per user limits,
/etc/security/limits.*
See /etc/security/limits.conf: sysctl q (view), sysctl w (set) system
limits, /etc/sysctl.conf
strace (debugging)
/etc/sysconfig
The /etc/sysconfig directory is where many of the files that control the system
configuration are stored for daemon processes or system services like networking.
amd , apmd authconfig , clock , desktop , devlabel, dhcpd, firstboot, gpm, harddisks,
hwconf, i18n, init, ip6tables-config , iptables-config, irda, keyboard , kudzu, mouse,
named, netdump, network, network-scripts, ifup-xxxx, ntpd, pcmcia, radvd, rawdevices,
selinux, logrotate, samba , sendmail, spamassassin, squid , tux , vncservers, xinetd
/proc
/proc is a virtual filesystem. It's sometimes referred to as a process information pseudo-
file system. It doesn't contain 'real' files but runtime system information (e.g. system
memory, devices mounted, hardware configuration, etc) for all processes started by init
including PID and startup commands. /proc was developed as a LINUX extension to
keep track of all the complex processes started in the system
For this reason it can be regarded as a control and information centre for the kernel. In
fact, quite a lot of system utilities are simply calls to files in this directory. For example,
'lsmod' is the same as 'cat /proc/modules' while 'lspci' is a synonym for 'cat /proc/pci'. By
altering files located in this directory you can even read/change kernel parameters
(sysctl) while the system is running.
The most distinctive thing about files in this directory is the fact that all of them have a
file size of 0, with the exception of kcore, mtrr and self.
/etc/security
Central directory for system defaults
The limits.conf file defines process resource limits for users. (see ulimit)
For network:
# Enable IP spoofing protection
net.ipv4.conf.all.rp_filter=1
# Disable IP source routing
net.ipv4.conf.all.accept_source_route=0
# Ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_messages=1
# Make sure spoofed packets get logged
net.ipv4.conf.all.log_martians = 1
# disable IPv6
net.ipv6.conf.all.disable_ipv6=1
A *cgroup* associates a set of tasks with a set of parameters for one or more subsystems. A
*subsystem* is a module that makes use of the task grouping facilities provided by cgroups to treat
groups of tasks in particular ways. A subsystem is typically a "resource controller in a hierarchy of
processes.
A cgroup is mounted as a virtual filesystem and can be modified to re-alllocate kernel resources.
Each cgroup is represented by a directory in the cgroup file system containing the following files
describing that cgroup:
- tasks: list of tasks (by pid) attached to that cgroup
- releasable flag: cgroup currently removeable?
- notify_on_release flag: run the release agent on exit?
- release_agent: the path to use for release notifications (this file exists in the top cgroup only) Other
subsystems such as cpusets may add additional files in each cgroup dir.
PAM
Pluggable Authentication Module
Centralized authentication mechanism
Plug in different authentication methods
Different services can have different
authentication policies
Highly secure systems can require multiple
passwords to authenticate
PAM Framework
Modules
pstree
nohup command run a process after logging off. Nohup.out contains job
output.
Multi-user mode -
Full (text based)
3 Multi-user mode default Slackware
multi-user mode
runlevel
X11 with
4 Not used Not used KDM/GDM/XDM Multi-user mode
(session managers)
cpio - can back up individual files/directories, handles special files, packs data
tighter than tar, skips bad spots on media on restore, use with find (some
versions of find have -cpio option for this purpose)
tar - backs up directory trees, does not back up special files, poor error
handling with media errors, does not pack blocks (GNU tar solves some of
these problems). Some LINUX/UNIX systems have built-in compress with z
flag.
Can use logical backups in conjunction with find command exec option (next panel)
for differential or incremental backups
find examples
find . -name \*.c -print
find / -size +1000 -mtime +30 \ -exec ls -l {} \;
find / \( -name a.out -o -name core \ -o -name' \) -type f -atime +14 \ -exec rm -f {} \;
find / \( -perm 2000 -o -perm 4000 \) \ -print | diff - files.secure
Disk management
df
mount / umount
du | sort rn | more
/etc/group: group:passwd:gid:members
Password aging:
get: chage -l userid
set: chage -M 60 -m 7 -W 7 userid
Verify no password IDs: awk -F: '($2 == "") {print $1 }' /etc/shadow | grep /etc/passwd
Make sure they are /bin/nologin
Each system message sent to the syslog server has two descriptive
labels associated with it that makes the message easier to handle.
Example:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Note other services may record messages in other files (e.g. sendmail)
Other commands: halt, reboot, Ctrl-Alt-Del may bypass some processing. Not
recommended for production systems.