Agenda: system-admin-exercises.txt

Track 2 Workshop
PacNOG 10

System Administration
---------------------

1. Reboot your system

To restart your system, you could use:

        $ sudo shutdown -r TIME

... where time can be a day, hour, minute...

Or you could try and reboot your machine *NOW*:

        $ sudo shutdown -r now

The "-r" means reboot.  Another command for doing this is "reboot".

To stop a machine you can do:

        # halt -p

or

        # shutdown -h -P now

Be careful when using halt on remote systems!


2. Go to single user mode - DON'T ACTUALLY DO THIS, YOU WILL LOSE
   Network conectivity to your machine!

*IF* you wanted to go into single user mode, you could do:

        $ sudo init 1

This would take you down to single user mode.
You can only log in as the root user, and only from the console.

Some systems will require you to enter your password to access the
shell.

If you then wanted to go back to multi-user mode type:

        # exit

3. Figure out how your machine has been partitioned

You want to display free disk space, or "df":

        $ df -h

Use:

        $ man df

to understand what the "-h" option does. 

Look in /etc/fstab. This is where file systems are mounted in Linux. Read the
man page on this file:

        $ man fstab

Notice that defined file systems are pointing to /dev/sda*. Have a look
at these files:

        $ ls -lah /dev/sda*
        $ file /dev/sda*

What type of files are these?


4. Create a new group

In a terminal window first do:

        $ sudo groupadd track2

Now lets add some members to this group:

        $ sudo vigr

You will now be in the /etc/group file using the default EDITOR - vi or
joe, or...

Find the entry for "track2" - Easiest way is to press the "/" key, type
"track2" and press <ENTER>

        /track2         [press <ENTER>]

You will be on this line:

        track2:x:1002:

Change the line to look like:

        track2:x:1002:sysadm

And save the file and quit.


Verify that your sysadm user is now in the track2 group:

        $ su - sysadm
        $ groups


5. Editing the command line revisited:

We did this exercise in the introduction to Linux session. We will
repeat it here.

It is particularly useful to realize that you can edit a command just as
you would a line of text in a file.

For instance, you can:

- Use your back-arrow and forward-arrow keys to change text in a command.
  Use the Home and End keys to go to the start and the end of a command.

Note: you do not need to go to the end of a command before pressing
<ENTER> to execute the command. You can use the history command with
grep to find a previous command.  For long commands this can save
considerable time.

You you can also use the reverse-search feature of bash:

1.) Press ctrl-r
2.) type the term you are searching for
3.) Press ctrl-r to cycle through all occurrences of the term in your history
4.) Press the right or left-arrow, HOME or END key to start editing the command.

First, let's make sure we have a command to play with. Do the following command:

        $ grep sysadm /etc/passwd

Let's give some of these editing rules a try. Instead of searching for
the sysadm user in the /etc/passwd file we'll search for the root user.

1.) Press 'ctrl-r'
2.) type sysadm 
3.) If necessary press ctrl-r again until you see the original command
you used to search for the sysadm user in the /etc/password file
("grep sysadm /etc/passwd").

4.) Use the arrows keys to move in the command and change sysadm to root.
You should now have the following on your command line:

$ grep root /etc/passwd

With your cursor positioned over just past the 't' in 'root', press
<ENTER> to execute the command.

You should see:

root:x:0:0:root:/root:/bin/bash

That's it. You can practice repeating the above with other parts of
commands you have already executed

(ls, grep, cat, etc.). 

5. Installing a package

We're going to use the 'lsof' command in the next exercise, so let's install
it:

        $ sudo apt-get install lsof

6. Using the pipe command

Let's run a command with multiple lines of output:

        $ sudo lsof -i

Find the Process ID (PID) of one of the ssh server that is running on
your machine:

        COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
        sshd        988 root    3u  IPv4   5040      0t0  TCP *:ssh (LISTEN)
        sshd        988 root    4u  IPv6   5042      0t0  TCP *:ssh (LISTEN)

Your PID will be different. Now let's look at all the associated files
with this process:

        $ sudo lsof -p PID

        (replace PID with the number you got from the "lsof -i" command
        above, for example 988 here)

There are a fair number of files that are "open" by the ssh server, or
daemon - the sshd command.

Let's look at more interesting output from the prior command:

        $ sudo lsof -p PID | grep REG

Now let's see how many files the sshd program has open:

        $ sudo lsof -p PID | grep REG | wc -l

To see what these commands are doing read:

        $ man lsof
        $ man grep
        $ man wc


7. Use the top command

The top command let's us see the status of our system at a quick
glance. To use top simply do:

        $ top

The item at the top of list of running processes is the process using
the most CPU resources.

Open a new SSH connection to your PC. In that window type:

        $ ls -lahR /

Now in the other window where top is running you should start to see the "ls"
process listed using some amount of your total CPU.

At the top of the top window you'll see something like:

        top - 08:10:23 up 16:14,  2 users,  load average: 0.00, 0.00, 0.00
        Tasks:  91 total,   1 running,  90 sleeping,   0 stopped,   0 zombie
        Cpu(s):  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
        Mem:   1016348k total,   568532k used,   447816k free,    91904k buffers
        Swap:  2973688k total,        0k used,  2973688k free,   325908k cached

This is a good, quick way to see how much RAM, Virtual memory, CPU,
total running processes, etc. that your machine has, and is using.

You can adjust the output of top as it is running. Exit from top by
typing "q" and then do:

        $ man top

Now run top again and change what it is displaying interactively.

All the information in top is part of a dynamic file system located in
/proc. As an example do the following:

        $ cd /proc
        $ ls

The numbered directories correspond to actual Process IDs of processes
that are running. Look at the file meminfo:

        $ less meminfo

Note that it includes your total RAM. Top uses this file to get this
information. Same for cpuinfo, loadavg, uptime, etc.

If you want to know what command was executed to start a number process
you can type (for instance):

        $ less /proc/1/cmdline

You'll see that the first process started on the system is init.

8. A couple more useful tools

        $ sudo apt-get install ifstat

        $ ifstat

... what does ifstat do ?

        $ vmstat -a 1

... what does vmstat do ?