CIS 228 - Oakton



CIS 228 - UNIX System Administration

Lab 9: Basic system administration - task, process, memory, daemon management, system activity

Remember process execution: fork, &, exec, . /command,

Scheduling and running tasks

• “at” command (see also “batch”)

Example: at now +1 minutes –f somecommandfile.txt

1) Login as user1

2) Read man page on “at”

3) echo ‘ echo hi there >> ~/attest.out ‘ > attest

4) chmod attest 755

5) at now + 1 minutes –f /home/user1/attest

6) atq, at-l, atrm, batch (interactive at)

7) as root, create at.deny entry for user1 (man at.deny)

• “cron” command: crontab –e (uses vi command set)

8) verify cron is running

9) crontab –e

*/1 * * * * echo “hi there” >> home/user1/attest.out 2>&1

10) crontab –l

11) cron.allow, cron.deny

12) alt F2, login as user1

13) see /etc/crontab

Process management:

• “su” command

14) su –c ‘some root command’

• “nohup” command

15) modify attest as follows:

while [ true ]

do

sleep 15

echo hi there >> ~/attest.out

done

16) nohup ./attest &

17) logoff user1. log back in 1 minute later.

18) ps -ef | grep attest Check nohup.out

Lab 9: Basic system administration - task, process, daemon management, system activity

• “kill” command

19) ./attest &

20) ps

21) jobs

22) fg [job#]

23) Ctrl Z

24) bg [job#]

25) kill “attest pid”

• “nice” command

26) nice ./attest &

• “sudo” command

27) visudo

user1 localhost=NOPASSWD:/sbin/halt

- allow everyone to mount CDROMs on /mnt/cdrom

deamon management

28) ps –ef

29) sysvinit service startup

30) rpm –qa | grep upstart

31) service –status-all

32) service iptables start

33) service iptables stop

34) chkconfig

35) chkconfig --level 12345 bluetooth off

CHAGE – List/set user password and related details. See MAN page.

17) List user info:

chage –-list username (or) chage -l username

18) Set password expiry date

chage -M number-of-days username

19) Set account expiration date:

chage -E "2009-05-31" username

Lab 9: Basic system administration - task, process, memory, daemon management, system activity

Force the user account to be locked after X number of inactivity days

chage -I 10 username

Disable password aging for an user account

chage -m 0 -M 99999 -I -1 -E -1 username

• -m 0 will set the minimum number of days between password change to 0

• -M 99999 will set the maximum number of days between password change to 99999

• -I -1 (number minus one) will set the “Password inactive” to never

• -E -1 (number minus one) will set “Account expires” to never.

20) Lock/unlock an account

passwd –l userid

passwd –u userid

21) Limit password reuse:

vi /etc/pam.d/system-auth (RHEL/Fedora)

vi /etc/pam.d/common-password (Ubuntu)

Add: password sufficient pam_unix.so use_authtok md5 shadow remember=10

22) Set a system wide session inactivity timeout:

vi /etc/profile

HOSTNAME=`/bin/hostname`

HISTSIZE=1000

TMOUT=7200 (seconds)

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE TMOUT INPUTRC

23) Review /etc/shadow defaults in /etc/login.defs

vi /etc/login.defs

PASS_MAX_DAYS from 99999 to 90

PASS_MIN_DAYS from 0 to 1

Change PASS_MIN_LEN from 5 to 8

UMASK is set to 077

PASS_WARN_AGE 7

24) vi /etc/default/useradd

INACTIVE 14 Number of days after password expiration that account is disabled.

EXPIRE Account expiration date in the format YYYY-MM-DD.

Lab 9: Basic system administration - task, process, daemon management, system activity

System activity: yum install which one for “top”?

36) top

37) ntop

38) iftop

39) iotop

40) htop

41) latencytop

42) free

43) iostat. iostat –c, iostat –d, iostat –n, iostat –m, iostat –p /dev/sda2, iostat –x /dev/sda2, iostat –L (LVM for later)

44) vmstat, vmstat –a, vmstat –d, vmstat –p /dev/sda2, vmstat –m, vmstat –s,

vmstat –d, vmstat -2 10, vmstat –w 1 3, vmstat –S m

45) mpstat, mpstat –A, mpstat –P ALL, mpstat -0 -1 etc

46) pidstat

47) dstat

48) free

49) ps –aux | sort

50) ps –ef | sort

System Activity Reporter (see /etc/cron.d/sysstat)

51) sar, sar –u, sar –u 1 3, sar –P ALL, sar –r 1 3, sar –S, sar –b, sar –d, sar –w,

sar –q, sar –n

52) sa1 – generates daily binary stats to /var/log/sa/saXX

sa2 – generate daily summary report to /var/log/sa/sarXX

sar -q -f /var/log/sa/sa23 -s 10:00:01

– generate queue report for day 23 starting at 10AM

53) ulimit –a, see /etc/security/limits.conf

ulimit –n, ulimit –Sn, ulimit -Hn

54) sysctl –q, see /etc/sysctl.conf

sysctl -w

See also anacron, /etc/crontab, /etc/anacrontab, systemd, nfsiostat, cifsiostat

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download