Jun 25, 2007

Cài đặt Unikey trên Fedora

Download Unikey (*.rpm file) từ http://www.unikey.org/linux.php
# rpm -ihv *.rpm
Sau khi cài đặt Unikey, hãy đăng xuất (log out) rồi đăng nhập (login) trở lại. Chạy "unikey", bạn sẽ sử dụng được Unikey ngay lập tức mà không phải làm gì nữa. Nếu không ở trong trường hợp này, hãy thử các bước sau:

- Thêm các dòng sau vào tập tin ~/.bash_profile hoặc ~/.bashrc:
export XMODIFIERS="@im=unikey"
export GTK_IM_MODULE="xim"
- Đăng nhập lại
- Chạy unikey
# unikey
Chú ý:
Sau khi bạn cài đặt Unikey sẽ ảnh hưởng đến môi trường tiếng nhật bạn đang dùng

Jun 18, 2007

Managing Storage

Managing Storage

Overview of Storage Hardware

Device files

the device files for disk drives appear in the /dev/ directory.

Device type

sd – the device is SCSI-based

hd – the device is ATA-based

The first hard drive on system may appear as hda or sda

Unit

Following the two-letter device type are one or two letters denoting the specific unit

Partition

the partition on the device is represented by number in the end of device name

/dev/hda1 (ATA drive)

/dev/sdad4 (SCSI device)

Mounting file system

Mounting point

Basically, mounting points are where you mount your file systems or devices.

Seeing What is Mounted

Viewing /etc/mtab

# vi /etc/mtab

The /etc/mtab file is meant to be used to display the status of currently-mounted file systems only. It should not be manually modified.

Viewing /proc/mounts

# vi /proc/mounts

(The Proc psuedo file system is a real time, memory resident file system that tracks the processes running on your machine and the state of your system.)

df – command

Lets we know what file systems are currently mounted and the amount of free space on them.

Filesystem 1K-ブロック 使用 使用可 使用% マウント位置

/dev/mapper/VolGroup00-LogVol00

99636632 10652432 83841264 12% /

/dev/sda1 101086 16258 79609 17% /boot

/dev/mapper/VolGroup00-LogVol02

49611460 1517004 45533640 4% /data

tmpfs 511684 0 511684 0% /dev/shm

Network-Accessible Storage Under Linux

NFS (Network File System)

is a file system that may be accessed via a network connection.

The file systems an NFS server makes available to clients is controlled by the configuration file /etc/exports.

SMB (Server Message Block)

is the name for the communications protocol used by various operating systems produced by Microsoft.

Red Hat Linux supports SMB via the Samba server program.

Mounting File systems automatically with /etc/fstab

#vi /etc/fstab

Mornitoring Disk Space

df – command

# df

-h option for understand by human

Automated Monitoring Using diskcheck

Automatically check disk and send email to administrator.

Adding/Removing Storage

Adding Storage

  • Partitioning

    • Using the command-line fdisk utility program

    • Using parted, another command-line utility program

  • Formatting the partition(s)

    # mkfs

  • Updating /etc/fstab

    to automatically mount to system.

Removing Storage

  • Remove the disk drive's partition from /etc/fstab

  • Unmount the disk drive's active partitions.

    # umount path

  • Erase the contents of the disk drive.

    # badblocks -ws

Disk Quotas

Disk quotas under Red Hat Linux have the following features:

  • Per-file-system implementation

  • Per-user space accounting

  • Per-group space accounting

  • Tracks disk block usage

  • Tracks disk inode usage

  • Hard limits

  • Soft limits

  • Grace periods

Physical and Virtual Memory

Storage Access Patterns

  • Access tends to be sequential

If address N is accessed by the CPU, it it highly likely that address N+1 will be accessed next.

  • Access tends to be localized

If address X is accessed, it is likely that other addresses surrounding X will also be accessed in the future.

The Storage Spectrum

Storage technologies:

  • CPU registers

  • Cache memory

  • Ram

  • Hard drives

  • Off-line backup storage (tape, optical disk, etc.)

Virtual Memory

Virtual memory is a portion of the hard disk that operation system uses to application programs to meet the require exceeds the amount of physical memory available.

Paging occurs when an active process requires more memory than what is accessible in physical memory. Portions of the process are moved to disk so the physical memory can be used for something else.

Swapping is done by the kernel. When memory space is running low the kernel looks for a process that isn't likely to run in the near future. That process is written entirely to disk, and the newly-freed memory is reassigned to another process or job.

Virtual Memory in Redhat Linux

    Using free to get a concise overview of memory and swap utilization.

$ free

total used free shared buffers cached

Mem: 1023368 1004148 19220 0 14544 277328

-/+ buffers/cache: 712276 311092

Swap: 2031608 198436 1833172

System has 1G of RAM, about ~1004 MB is actually in use. ~198 MB of swap is in use.

sar [-a] [-A] [-b] [-c] [-d] [-g] [-k] [-m] [-p] [-q] [-r] [-u] [-v] [-w] [-y ] [ -o filename ] t [ n ]

Viewing result of sar -r

091712LINUX RESTART
09
2002 kbmemfree kbmemused %memused kbbuffers kbcached kbswpfree kbswpused %swpused kbswpcad
09
300235432 987936 96.54 30024 523368 2031444 164 0.01 0
09
400133080 990288 96.77 37776 512900 2031444 164 0.01 0
09
500113600 1009768 98.67 45868 516460 2031444 164 0.01 0
10
000157096 966272 94.42 52216 469420 2031444 164 0.01 0
平均値
: 34802 988566 96.60 41471 505537 2031444 164 0.01 0
kb: Kilobytes of memory allocated to
sar -W

091712LINUX RESTART
09
2002pswpin/s pswpout/s
09
30020.00 0.07
09
40010.00 0.00
09
50010.00 0.00
10
00010.00 0.00
平均値
: 0.00 0.02

page swap in per second (pswpin/s)
page swap out per second (pswpout/s)

Jun 13, 2007

Resource Monitoring

All systems have the following resources available:
  • CPU power
  • Bandwidth
  • Memory
  • Storage
Purpose of Resouce mornitoring:
+ System have problem, can we improve its performence? (system performence monitoring)
+ System run well now, can we keep it later? (monitoring system capacity)
  • System performence monitoring
    • Determine the cause of problem
    • Analyze the the data that produced from monitoring, to solve the problem
    • Ensure the performence problem has been resolved
  • Monitoring system capacity
Monitoring CPU Power
Monitoring Bandwidth
Monitoring Memory
Monitoring Storage
Tools for resource monitoring
free
Display amount of free and used memory in the system
# free
total used free shared buffers cached
Mem: 1023368 966064 57304 0 24704 247628
-/+ buffers/cache: 693732 329636
Swap: 2031608 164 2031444

Mem row: displays the physical memory utilization.
Swap row: displays the utilization of the system swap space.
+/- buffers/cache row: display the amount of physical memory currently devoted to system buffers.
to view it change with time using
#watch free
#watch -n 1 -d free
-n to set delay time, -d to highline the change

top
Display a lot of things.
#top
#gnome-system-monitor
vmstat
To get an overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers:
# vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 0 164 68416 10204 251848 0 0 47 38 1121 1038 8 2 89 1 0
Procs
r: The number of runnable processes waiting for access to the CPU
b: The number of processes in an uninterrupible sleep state
Memory
swpd: The amount of virtual memory used
free: The amount of free memory
buff: The amount of memory used for buffers
cache: The amount of memory used as page cache
Swap
si: The amount of memory swapped in from disk
so: The amount of memory swapped out to disk
IO
bi: Blocks sent to a block device
bo: Blocks received from a block device
System
in: The number of interrupts per second
cs: The number context switches per second
CPU
us: The percentage of the time the CPU ran user-level code
sy: The percentage of the time of CPU ran system-level code
id: The percentage of the time the CPU was idle
wa: The percentage of the time spent running non-kernel code
st: The percentage of the time stolen from a virtual machine
The Sysstat Suite of Resource Monitoring Tools
#yum -y install sysstat.i386
iostat
Display an overview of CPU utilization, along with I/O statistics for one or more disk devices
mpstat
Display more in-depth CPU statistics.
sadc (/usr/lib/sa/sadc), sar generate the reports interactively.

1. The Philosophy of System Administration

Although the specifics of being a system administrator may change from platform to platform, there are underlying themes that do not.
  • Automate everything
  • Document everything
  • Communicate as much as possible
  • Know your resources
  • Know your users
  • Know your business
  • Security cannot be an afterthought
  • Plan ahead
  • Expect the unexpected
http://www.tripwire.org/ — The Tripwire homepage.
  • crontab(1) and crontab(5) man pages — Command and file format documentation for using cron.
  • at(1) man page — Schedule commands and scripts for execution at a later time with this utility.
  • bash(1) man page — Learn more about the default shell (and shell script writing) with this documentation.
  • perl(1) man page — View pointers to the many man pages that make up perl’s online documentation.
  • gedit(1) man page and Help menu entry — Learn how to edit text files with this graphical text editor.
  • emacs(1) man page — Information (including instructions for running an online tutorial) on how to use this text editor.
  • vim(1) man page — Learn how to use this text-based editor.
  • mozilla(1) man page and Help Contents menu entry — Learn how to edit HTML files, read mail, and browse the Web.
  • Quanta Handbook menu entry — Learn how to edit HTML files with this graphical HTML editor.
  • evolution(1) man page and Help menu entry — Learn how to manage your email with this graphical email client.
  • pine(1) man page and ? menu entry — Learn how to manage your email with this text-based email client.
  • mutt(1) man page and files in /usr/share/doc/mutt-¤ version — Learn how to manage your email with this text-based email client.
  • pam(8) man page and files in /usr/share/doc/pam-¤ version — Learn how authentication takes place under Red Hat Linux.
  • tripwire(8) man page — Learn how to configure and run this intrusion detection software.

[Red Hat Linux System Administration Primer book]

Hack 2 Scan for SUID and SGID Programs

Quickly check for potential root-exploitable programs and backdoors.
What is SUID? SUID stands for set user id. When a SUID file executed, the process which runs it is granted access to system resources based on the user who owns the file and not the user who created the process.
What is SGID? SGID stands for set group id. When looking at files SGID they behave much the same as SUID files, and must be executable for it to have any effect.
Scanning systems for SUID and SGID binaries
# find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \;

Hack 1 Secure Mount Points

Using mount command to mount a new partition
#mount -o ro,nodev,noexec,nosuid partition mountpoint
example
#mount -o ro,nodev,noexec,nosuid /dev/mapper/VolGroup00-LogVol02 /data
-o (option) place any option following here
Consider the minimum permision for each mountpoint.

umount command
#umount /data