Track 2 Workshop PacNOG 10 System Administration --------------------- 1. Reboot your system To restart your system, you could use: $ sudo shutdown -r TIME ... where time can be a day, hour, minute... Or you could try and reboot your machine *NOW*: $ sudo shutdown -r now The "-r" means reboot. Another command for doing this is "reboot". To stop a machine you can do: # halt -p or # shutdown -h -P now Be careful when using halt on remote systems! 2. Go to single user mode - DON'T ACTUALLY DO THIS, YOU WILL LOSE Network conectivity to your machine! *IF* you wanted to go into single user mode, you could do: $ sudo init 1 This would take you down to single user mode. You can only log in as the root user, and only from the console. Some systems will require you to enter your password to access the shell. If you then wanted to go back to multi-user mode type: # exit 3. Figure out how your machine has been partitioned You want to display free disk space, or "df": $ df -h Use: $ man df to understand what the "-h" option does. Look in /etc/fstab. This is where file systems are mounted in Linux. Read the man page on this file: $ man fstab Notice that defined file systems are pointing to /dev/sda*. Have a look at these files: $ ls -lah /dev/sda* $ file /dev/sda* What type of files are these? 4. Create a new group In a terminal window first do: $ sudo groupadd track2 Now lets add some members to this group: $ sudo vigr You will now be in the /etc/group file using the default EDITOR - vi or joe, or... Find the entry for "track2" - Easiest way is to press the "/" key, type "track2" and press /track2 [press ] You will be on this line: track2:x:1002: Change the line to look like: track2:x:1002:sysadm And save the file and quit. Verify that your sysadm user is now in the track2 group: $ su - sysadm $ groups 5. Editing the command line revisited: We did this exercise in the introduction to Linux session. We will repeat it here. It is particularly useful to realize that you can edit a command just as you would a line of text in a file. For instance, you can: - Use your back-arrow and forward-arrow keys to change text in a command. Use the Home and End keys to go to the start and the end of a command. Note: you do not need to go to the end of a command before pressing to execute the command. You can use the history command with grep to find a previous command. For long commands this can save considerable time. You you can also use the reverse-search feature of bash: 1.) Press ctrl-r 2.) type the term you are searching for 3.) Press ctrl-r to cycle through all occurrences of the term in your history 4.) Press the right or left-arrow, HOME or END key to start editing the command. First, let's make sure we have a command to play with. Do the following command: $ grep sysadm /etc/passwd Let's give some of these editing rules a try. Instead of searching for the sysadm user in the /etc/passwd file we'll search for the root user. 1.) Press 'ctrl-r' 2.) type sysadm 3.) If necessary press ctrl-r again until you see the original command you used to search for the sysadm user in the /etc/password file ("grep sysadm /etc/passwd"). 4.) Use the arrows keys to move in the command and change sysadm to root. You should now have the following on your command line: $ grep root /etc/passwd With your cursor positioned over just past the 't' in 'root', press to execute the command. You should see: root:x:0:0:root:/root:/bin/bash That's it. You can practice repeating the above with other parts of commands you have already executed (ls, grep, cat, etc.). 5. Installing a package We're going to use the 'lsof' command in the next exercise, so let's install it: $ sudo apt-get install lsof 6. Using the pipe command Let's run a command with multiple lines of output: $ sudo lsof -i Find the Process ID (PID) of one of the ssh server that is running on your machine: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 988 root 3u IPv4 5040 0t0 TCP *:ssh (LISTEN) sshd 988 root 4u IPv6 5042 0t0 TCP *:ssh (LISTEN) Your PID will be different. Now let's look at all the associated files with this process: $ sudo lsof -p PID (replace PID with the number you got from the "lsof -i" command above, for example 988 here) There are a fair number of files that are "open" by the ssh server, or daemon - the sshd command. Let's look at more interesting output from the prior command: $ sudo lsof -p PID | grep REG Now let's see how many files the sshd program has open: $ sudo lsof -p PID | grep REG | wc -l To see what these commands are doing read: $ man lsof $ man grep $ man wc 7. Use the top command The top command let's us see the status of our system at a quick glance. To use top simply do: $ top The item at the top of list of running processes is the process using the most CPU resources. Open a new SSH connection to your PC. In that window type: $ ls -lahR / Now in the other window where top is running you should start to see the "ls" process listed using some amount of your total CPU. At the top of the top window you'll see something like: top - 08:10:23 up 16:14, 2 users, load average: 0.00, 0.00, 0.00 Tasks: 91 total, 1 running, 90 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1016348k total, 568532k used, 447816k free, 91904k buffers Swap: 2973688k total, 0k used, 2973688k free, 325908k cached This is a good, quick way to see how much RAM, Virtual memory, CPU, total running processes, etc. that your machine has, and is using. You can adjust the output of top as it is running. Exit from top by typing "q" and then do: $ man top Now run top again and change what it is displaying interactively. All the information in top is part of a dynamic file system located in /proc. As an example do the following: $ cd /proc $ ls The numbered directories correspond to actual Process IDs of processes that are running. Look at the file meminfo: $ less meminfo Note that it includes your total RAM. Top uses this file to get this information. Same for cpuinfo, loadavg, uptime, etc. If you want to know what command was executed to start a number process you can type (for instance): $ less /proc/1/cmdline You'll see that the first process started on the system is init. 8. A couple more useful tools $ sudo apt-get install ifstat $ ifstat ... what does ifstat do ? $ vmstat -a 1 ... what does vmstat do ?