CIS 228 - Oakton
CIS 228 - UNIX System Administration
Lab 9: Basic system administration - task, process, memory, daemon management, system activity
Remember process execution: fork, &, exec, . /command,
Scheduling and running tasks
• “at” command (see also “batch”)
Example: at now +1 minutes –f somecommandfile.txt
1) Login as user1
2) Read man page on “at”
3) echo ‘ echo hi there >> ~/attest.out ‘ > attest
4) chmod attest 755
5) at now + 1 minutes –f /home/user1/attest
6) atq, at-l, atrm, batch (interactive at)
7) as root, create at.deny entry for user1 (man at.deny)
• “cron” command: crontab –e (uses vi command set)
8) verify cron is running
9) crontab –e
*/1 * * * * echo “hi there” >> home/user1/attest.out 2>&1
10) crontab –l
11) cron.allow, cron.deny
12) alt F2, login as user1
13) see /etc/crontab
Process management:
• “su” command
14) su –c ‘some root command’
• “nohup” command
15) modify attest as follows:
while [ true ]
do
sleep 15
echo hi there >> ~/attest.out
done
16) nohup ./attest &
17) logoff user1. log back in 1 minute later.
18) ps -ef | grep attest Check nohup.out
Lab 9: Basic system administration - task, process, daemon management, system activity
• “kill” command
19) ./attest &
20) ps
21) jobs
22) fg [job#]
23) Ctrl Z
24) bg [job#]
25) kill “attest pid”
• “nice” command
26) nice ./attest &
• “sudo” command
27) visudo
user1 localhost=NOPASSWD:/sbin/halt
- allow everyone to mount CDROMs on /mnt/cdrom
deamon management
28) ps –ef
29) sysvinit service startup
30) rpm –qa | grep upstart
31) service –status-all
32) service iptables start
33) service iptables stop
34) chkconfig
35) chkconfig --level 12345 bluetooth off
CHAGE – List/set user password and related details. See MAN page.
17) List user info:
chage –-list username (or) chage -l username
18) Set password expiry date
chage -M number-of-days username
19) Set account expiration date:
chage -E "2009-05-31" username
Lab 9: Basic system administration - task, process, memory, daemon management, system activity
Force the user account to be locked after X number of inactivity days
chage -I 10 username
Disable password aging for an user account
chage -m 0 -M 99999 -I -1 -E -1 username
• -m 0 will set the minimum number of days between password change to 0
• -M 99999 will set the maximum number of days between password change to 99999
• -I -1 (number minus one) will set the “Password inactive” to never
• -E -1 (number minus one) will set “Account expires” to never.
20) Lock/unlock an account
passwd –l userid
passwd –u userid
21) Limit password reuse:
vi /etc/pam.d/system-auth (RHEL/Fedora)
vi /etc/pam.d/common-password (Ubuntu)
Add: password sufficient pam_unix.so use_authtok md5 shadow remember=10
22) Set a system wide session inactivity timeout:
vi /etc/profile
HOSTNAME=`/bin/hostname`
HISTSIZE=1000
TMOUT=7200 (seconds)
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE TMOUT INPUTRC
23) Review /etc/shadow defaults in /etc/login.defs
vi /etc/login.defs
PASS_MAX_DAYS from 99999 to 90
PASS_MIN_DAYS from 0 to 1
Change PASS_MIN_LEN from 5 to 8
UMASK is set to 077
PASS_WARN_AGE 7
24) vi /etc/default/useradd
INACTIVE 14 Number of days after password expiration that account is disabled.
EXPIRE Account expiration date in the format YYYY-MM-DD.
Lab 9: Basic system administration - task, process, daemon management, system activity
System activity: yum install which one for “top”?
36) top
37) ntop
38) iftop
39) iotop
40) htop
41) latencytop
42) free
43) iostat. iostat –c, iostat –d, iostat –n, iostat –m, iostat –p /dev/sda2, iostat –x /dev/sda2, iostat –L (LVM for later)
44) vmstat, vmstat –a, vmstat –d, vmstat –p /dev/sda2, vmstat –m, vmstat –s,
vmstat –d, vmstat -2 10, vmstat –w 1 3, vmstat –S m
45) mpstat, mpstat –A, mpstat –P ALL, mpstat -0 -1 etc
46) pidstat
47) dstat
48) free
49) ps –aux | sort
50) ps –ef | sort
System Activity Reporter (see /etc/cron.d/sysstat)
51) sar, sar –u, sar –u 1 3, sar –P ALL, sar –r 1 3, sar –S, sar –b, sar –d, sar –w,
sar –q, sar –n
52) sa1 – generates daily binary stats to /var/log/sa/saXX
sa2 – generate daily summary report to /var/log/sa/sarXX
sar -q -f /var/log/sa/sa23 -s 10:00:01
– generate queue report for day 23 starting at 10AM
53) ulimit –a, see /etc/security/limits.conf
ulimit –n, ulimit –Sn, ulimit -Hn
54) sysctl –q, see /etc/sysctl.conf
sysctl -w
See also anacron, /etc/crontab, /etc/anacrontab, systemd, nfsiostat, cifsiostat
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.