Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| elearning:workbooks:centos:8:admin:l119 [2022/02/22 15:15] – admin | elearning:workbooks:centos:8:admin:l119 [2022/06/05 17:58] (Version actuelle) – created admin | ||
|---|---|---|---|
| Ligne 3: | Ligne 3: | ||
| Version : **2022.01** | Version : **2022.01** | ||
| - | Updated: ~~LASTMOD~~ | + | Updated : ~~LASTMOD~~ |
| - | ======LCE601 | + | ======LCE513 |
| =====Contents===== | =====Contents===== | ||
| - | * **LCE601 | + | * **LCE513 |
| * Contents | * Contents | ||
| - | * Special Files | + | * Presentation |
| - | * LAB #1 - Commands | + | * The nmcli Command |
| - | * 1.1 - The lspci Command | + | * LAB #1 - Configuring the Network |
| - | * 1.2 - The lsusb Command | + | * 1.1 - Connections and Profils |
| - | * 1.3 - The dmidecode Command | + | * 1.2 - Name Resolution |
| - | * LAB #2 - The sysctl | + | * 1.3 - Adding a Second IP Address to a Profile |
| - | * 2.1 - The /proc Directory | + | * 1.4 - The hostname |
| - | * Files | + | * 1.5 - The ip Command |
| - | * / | + | * 1.6 - Manually Activating and Disactivating a Device |
| - | * / | + | * 1.7 - Static Routing |
| - | * /proc/dma | + | * The ip Command |
| - | * / | + | * Disactivating/Activating Internal Routing on a Server |
| - | * / | + | * LAB #2 - Diagnostics |
| - | * / | + | * 2.1 - The ping Command |
| - | * / | + | * 2.2 - The netstat Command |
| - | * / | + | * 2.3 - The traceroute Command |
| - | * / | + | * LAB #3 - SSH |
| - | * / | + | * 3.1 - Presentation |
| - | * / | + | * SSH-1 |
| - | * / | + | * SSH-2 |
| - | * Directories | + | * 3.2 - Configuring the Server |
| - | * ide/scsi | + | * 3.3 - Configuring the Client |
| - | * acpi | + | * 3.4 - SCP |
| - | * bus | + | * Presentation |
| - | * net | + | * Usage |
| - | * sys | + | * 3.5 - Authentication with Asymetric Keys |
| - | * 2.2 - Using the sysctl Command | + | |
| - | * LAB #3 - Interpreting Information in /proc | + | |
| - | * 3.1 - free | + | |
| - | * 3.2 - uptime ou w | + | |
| - | * 3.3 - iostat | + | |
| - | * 3.4 - hdparm | + | |
| - | * 3.5 - vmstat | + | |
| - | * 3.6 - mpstat | + | |
| - | * 3.7 - sar | + | |
| - | * USB Modules | + | |
| - | * udev | + | |
| - | * The udevadm Command | + | |
| - | * The /sys Filesystem | + | |
| - | * LAB #4 - Limiting Ressources | + | |
| - | * 4.1 - ulimit | + | |
| - | * 4.2 - CGroups | + | |
| - | * Limiting Memeory Usage | + | |
| - | * The cgcreate Command | + | |
| - | * The cgdelete Command | + | |
| - | * The / | + | |
| - | * The cgconfigparser Command | + | |
| - | =====Special Files===== | + | =====Presentation===== |
| - | In a PC, peripherals are connected to a **controler** which communicates with the processor via a **bus**. The controller and associated peripherals require specific drivers. Under Linux, these drivers are normally supplied as kernel | + | RHEL/CentOS 8 uses **Network Manager** to manage |
| + | |||
| + | | ||
| + | | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | Peripherals that require the system to be halted prior to plugging or unplugging them are refered to as **Cold Plug Devices**. Peripherals | + | **Important** : Note that IPv6 is activated by default. |
| </ | </ | ||
| - | The following output shows the typical content | + | Start by checking |
| < | < | ||
| - | [root@centos8 ~]# ls -l /dev | more | + | [root@centos8 ~]# systemctl status NetworkManager.service |
| - | total 0 | + | ● NetworkManager.service |
| - | crw-r--r--. 1 root root 10, 235 Jun 28 02:04 autofs | + | Loaded: loaded (/ |
| - | drwxr-xr-x. 2 root root 180 Jun 28 02:04 block | + | Active: active (running) since Thu 2021-07-22 05:05:29 EDT; 1 months 7 days ago |
| - | drwxr-xr-x. 2 root root 100 Jun 28 02:04 bsg | + | Docs: man:NetworkManager(8) |
| - | drwxr-xr-x. | + | Main PID: 1002 (NetworkManager) |
| - | lrwxrwxrwx. 1 root root 3 Jun 28 02:04 cdrom -> sr0 | + | |
| - | drwxr-xr-x. | + | Memory: 6.8M |
| - | drwxr-xr-x. 2 root root 80 Jun 28 02:04 cl_centos8 | + | CGroup: /system.slice/ |
| - | crw-------. | + | └─1002 |
| - | lrwxrwxrwx. | + | |
| - | drwxr-xr-x. 10 root root 200 Jun 28 02:04 cpu | + | |
| - | crw-------. | + | |
| - | drwxr-xr-x. | + | |
| - | brw-rw----. | + | |
| - | brw-rw----. | + | |
| - | drwxr-xr-x. | + | |
| - | crw-rw----. | + | |
| - | lrwxrwxrwx. 1 root root 13 Jun 28 02:04 fd -> / | + | |
| - | crw-rw-rw-. | + | |
| - | crw-rw-rw-. 1 root root 10, 229 Jun 28 02:04 fuse | + | |
| - | crw-------. 1 root root 245, 0 Jun 28 02:04 hidraw0 | + | |
| - | crw-------. | + | |
| - | drwxr-xr-x. | + | |
| - | crw-------. | + | |
| - | lrwxrwxrwx. | + | |
| - | drwxr-xr-x. | + | |
| - | crw-r--r--. | + | |
| - | lrwxrwxrwx. | + | |
| - | crw-rw----. 1 root disk 10, 237 Jun 28 02:04 loop-control | + | |
| - | crw-rw----. | + | |
| - | crw-rw----. | + | |
| - | crw-rw----. | + | |
| - | crw-rw----. | + | |
| - | drwxr-xr-x. | + | |
| - | crw-------. | + | |
| - | crw-r-----. | + | |
| - | drwxrwxrwt. | + | |
| - | drwxr-xr-x. | + | |
| - | crw-rw-rw-. | + | |
| - | --More-- | + | |
| - | </ | + | |
| - | As you can see, certain files refer to **block** devices whilst others refer to **character** devices: | + | Warning: Journal has been rotated since unit was started. Log output is incomplete or> |
| - | + | lines 1-11/11 (END) | |
| - | <code> | + | [^q] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< |
| - | ... | + | |
| - | brw-rw----. | + | |
| - | ... | + | |
| - | crw-rw-rw-. 1 root tty | + | |
| - | ... | + | |
| </ | </ | ||
| - | The major difference between these two types lies in the way that the communication between the system and the peripheral takes place. In the case of a block file, that communication uses a buffer whilst in the case of a character file the communication takes place directly byte by byte. | + | ===The nmcli Command=== |
| - | The figures that can be seen immediately before the date of the special file are called respectively the **major** and the **minor** : | + | The Network Manager Command Line Interface or **nmcli** is used to configure NetworkManager. |
| - | * the **major** identifies the peripheral' | + | The command |
| - | * the **minor** identifies the peripheral. For instance 8,1 indicates the first partition of the **sda** disk. | + | |
| - | + | ||
| - | =====LAB #1 - Commands===== | + | |
| - | + | ||
| - | ====1.1 - The lspci Command==== | + | |
| - | + | ||
| - | This command | + | |
| < | < | ||
| - | [root@centos8 ~]# lspci | + | [root@centos8 ~]# nmcli help |
| - | 00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02) | + | Usage: nmcli [OPTIONS] OBJECT { COMMAND | help } |
| - | 00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/ | + | |
| - | 00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/ | + | |
| - | 00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/ | + | |
| - | 00:01.3 Bridge: Intel Corporation 82371AB/ | + | |
| - | 00:02.0 VGA compatible controller: Device 1234:1111 (rev 02) | + | |
| - | 00:03.0 Unclassified device [00ff]: Red Hat, Inc. Virtio memory balloon | + | |
| - | 00:07.0 SATA controller: Intel Corporation 82801IR/ | + | |
| - | 00:12.0 Ethernet controller: Red Hat, Inc. Virtio network device | + | |
| - | 00:1e.0 PCI bridge: Red Hat, Inc. QEMU PCI-PCI bridge | + | |
| - | 00:1f.0 PCI bridge: Red Hat, Inc. QEMU PCI-PCI bridge | + | |
| - | </ | + | |
| - | To obtain peripheral specific information, use the **-v** or **-vv** switches whilst specifying the peripheral ID: | + | OPTIONS |
| + | -a, --ask ask for missing parameters | ||
| + | -c, --colors auto|yes|no | ||
| + | -e, --escape yes|no | ||
| + | -f, --fields < | ||
| + | -g, --get-values < | ||
| + | -h, --help | ||
| + | -m, --mode tabular|multiline | ||
| + | -o, --overview | ||
| + | -p, --pretty | ||
| + | -s, --show-secrets | ||
| + | -t, --terse | ||
| + | | ||
| + | -w, --wait < | ||
| - | < | + | OBJECT |
| - | [root@centos8 ~]# lspci -v -s 00:03.0 | + | g[eneral] NetworkManager' |
| - | 00:03.0 Unclassified device | + | n[etworking] |
| - | | + | r[adio] NetworkManager radio switches |
| - | Physical Slot: 3 | + | c[onnection] |
| - | Flags: bus master, fast devsel, latency 0, IRQ 10 | + | d[evice] |
| - | I/O ports at e000 [size=64] | + | a[gent] NetworkManager secret agent or polkit agent |
| - | | + | m[onitor] monitor NetworkManager changes |
| - | | + | |
| - | Capabilities: | + | |
| - | | + | |
| - | | + | |
| - | Capabilities: | + | |
| - | Kernel driver in use: virtio-pci | + | |
| </ | </ | ||
| - | < | + | =====LAB #1 - Configuring the Network===== |
| - | [root@centos8 ~]# lspci -vv -s 00:03.0 | + | |
| - | 00:03.0 Unclassified device [00ff]: Red Hat, Inc. Virtio memory balloon | + | |
| - | Subsystem: Red Hat, Inc. Device 0005 | + | |
| - | Physical Slot: 3 | + | |
| - | Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- | + | |
| - | Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- | + | |
| - | Latency: 0 | + | |
| - | Interrupt: pin A routed to IRQ 10 | + | |
| - | Region 0: I/O ports at e000 [size=64] | + | |
| - | Region 4: Memory at fe400000 (64-bit, prefetchable) [size=16K] | + | |
| - | Capabilities: | + | |
| - | BAR=0 offset=00000000 size=00000000 | + | |
| - | Capabilities: | + | |
| - | BAR=4 offset=00003000 size=00001000 multiplier=00000004 | + | |
| - | Capabilities: | + | |
| - | BAR=4 offset=00002000 size=00001000 | + | |
| - | Capabilities: | + | |
| - | BAR=4 offset=00001000 size=00001000 | + | |
| - | Capabilities: | + | |
| - | BAR=4 offset=00000000 size=00001000 | + | |
| - | Kernel driver in use: virtio-pci | + | |
| - | </ | + | |
| - | ===Command Line Switches=== | + | ====1.1 - Connections and Profiles==== |
| - | The command line switches | + | NetworkManager uses **connections** and **profiles** that allow for different configurations |
| < | < | ||
| - | [root@centos8 ~]# lspci --help | + | [root@centos8 ~]# nmcli c show |
| - | lspci: invalid option -- ' | + | NAME UUID TYPE DEVICE |
| - | Usage: lspci [< | + | ens18 |
| - | + | virbr0 | |
| - | Basic display modes: | + | |
| - | -mm | + | |
| - | -t Show bus tree | + | |
| - | + | ||
| - | Display options: | + | |
| - | -v Be verbose (-vv or -vvv for higher verbosity) | + | |
| - | -k Show kernel drivers handling each device | + | |
| - | -x Show hex-dump of the standard part of the config space | + | |
| - | -xxx Show hex-dump of the whole config space (dangerous; root only) | + | |
| - | -xxxx Show hex-dump of the 4096-byte extended config space (root only) | + | |
| - | -b Bus-centric view (addresses and IRQ's as seen by the bus) | + | |
| - | -D Always show domain numbers | + | |
| - | -P Display | + | |
| - | -PP | + | |
| - | + | ||
| - | Resolving of device ID's to names: | + | |
| - | -n Show numeric ID's | + | |
| - | -nn Show both textual and numeric ID's (names & numbers) | + | |
| - | -q Query the PCI ID database for unknown ID's via DNS | + | |
| - | -qq As above, but re-query locally cached entries | + | |
| - | -Q Query the PCI ID database for all ID's via DNS | + | |
| - | + | ||
| - | Selection of devices: | + | |
| - | -s [[[[< | + | |
| - | -d [< | + | |
| - | + | ||
| - | Other options: | + | |
| - | -i < | + | |
| - | -p < | + | |
| - | -M Enable `bus | + | |
| </ | </ | ||
| - | ====1.2 - The lsusb Command==== | + | Now create another profile attached |
| - | + | ||
| - | This command show a list of the peripherals connected | + | |
| < | < | ||
| - | [root@centos8 ~]# lsusb | + | [root@centos8 ~]# nmcli connection add con-name ip_fixed ifname ens18 type ethernet ip4 10.0.2.46/24 gw4 10.0.2.1 |
| - | Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd | + | Connection ' |
| - | Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub | + | |
| - | + | ||
| - | [root@centos8 ~]# lsusb -vt | + | |
| - | /: Bus 01.Port 1: Dev 1, Class=root_hub, | + | |
| - | |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, | + | |
| </ | </ | ||
| - | ===Command Line Switches=== | + | Check that it is visible: |
| - | + | ||
| - | The command line switches of this command are: | + | |
| < | < | ||
| - | [root@centos8 ~]# lsusb --help | + | [root@centos8 ~]# nmcli c show |
| - | Usage: lsusb [options]... | + | NAME |
| - | List USB devices | + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e |
| - | | + | virbr0 |
| - | Increase verbosity (show descriptors) | + | ip_fixed 0f48c74d-5d16-4c37-8220-24644507b589 |
| - | | + | |
| - | Show only devices with specified device and/or | + | |
| - | bus numbers (in decimal) | + | |
| - | -d vendor: | + | |
| - | Show only devices with the specified vendor and | + | |
| - | product ID numbers (in hexadecimal) | + | |
| - | .LAB#1 | + | |
| - | -D device | + | |
| - | | + | |
| - | | + | |
| - | Dump the physical USB device hierarchy as a tree | + | |
| - | | + | |
| - | Show version of program | + | |
| - | -h, --help | + | |
| - | Show usage and help | + | |
| </ | </ | ||
| - | ====1.3 - The dmidecode Command==== | + | Note that the output does not show that the **ip_fixed** profile is associated with **ens18** device because it has not yet been activated: |
| - | + | ||
| - | The **dmidecode** Command reads the **DMI** (//Desktop Management Interface// | + | |
| - | + | ||
| - | * the current status of each peripheral, | + | |
| - | * possible extensions. | + | |
| < | < | ||
| - | [root@centos8 ~]# dmidecode | + | [root@centos8 ~]# nmcli d show |
| - | # dmidecode 3.2 | + | GENERAL.DEVICE: |
| - | Getting SMBIOS data from sysfs. | + | GENERAL.TYPE: |
| - | SMBIOS | + | GENERAL.HWADDR: |
| - | 11 structures occupying 511 bytes. | + | GENERAL.MTU: |
| - | Table at 0x000F5870. | + | GENERAL.STATE: |
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | WIRED-PROPERTIES.CARRIER: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP4.DNS[1]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| - | Handle 0x0000, DMI type 0, 24 bytes | + | GENERAL.DEVICE: |
| - | BIOS Information | + | GENERAL.TYPE: |
| - | | + | GENERAL.HWADDR: 52: |
| - | | + | GENERAL.MTU: |
| - | | + | GENERAL.STATE: |
| - | | + | GENERAL.CONNECTION: |
| - | | + | GENERAL.CON-PATH: |
| - | ROM Size: 64 kB | + | IP4.ADDRESS[1]: 192.168.122.1/ |
| - | Characteristics: | + | IP4.GATEWAY: -- |
| - | BIOS characteristics not supported | + | IP4.ROUTE[1]: dst = 192.168.122.0/ |
| - | Targeted content distribution is supported | + | IP6.GATEWAY: |
| - | BIOS Revision: 0.0 | + | |
| - | Handle 0x0100, DMI type 1, 27 bytes | + | GENERAL.DEVICE: |
| - | System Information | + | GENERAL.TYPE: |
| - | | + | GENERAL.HWADDR: 00: |
| - | | + | GENERAL.MTU: |
| - | | + | GENERAL.STATE: |
| - | | + | GENERAL.CONNECTION: |
| - | UUID: 95bd69e3-4a74-44a7-b58c-b74fbfb86df2 | + | GENERAL.CON-PATH: |
| - | | + | IP4.ADDRESS[1]: 127.0.0.1/8 |
| - | SKU Number: Not Specified | + | IP4.GATEWAY: -- |
| - | | + | IP6.ADDRESS[1]: ::1/128 |
| + | IP6.GATEWAY: -- | ||
| + | IP6.ROUTE[1]: dst = ::1/128, nh = ::, mt = 256 | ||
| - | Handle 0x0300, DMI type 3, 22 bytes | + | GENERAL.DEVICE: virbr0-nic |
| - | Chassis Information | + | GENERAL.TYPE: tun |
| - | Manufacturer: QEMU | + | GENERAL.HWADDR: 52:54:00:79:02:66 |
| - | Type: Other | + | GENERAL.MTU: 1500 |
| - | Lock: Not Present | + | GENERAL.STATE: 10 (unmanaged) |
| - | Version: pc-i440fx-5.2 | + | GENERAL.CONNECTION: -- |
| - | Serial Number: Not Specified | + | GENERAL.CON-PATH: -- |
| - | Asset Tag: Not Specified | + | lines 28-50/50 (END) |
| - | Boot-up State: Safe | + | [q] |
| - | Power Supply State: Safe | + | </ |
| - | | + | |
| - | | + | |
| - | OEM Information: 0x00000000 | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | SKU Number: Not Specified | + | |
| - | Handle 0x0400, DMI type 4, 42 bytes | + | To activate the ip_fixed profile, use the following command: |
| - | Processor Information | + | |
| - | Socket Designation: | + | |
| - | Type: Central Processor | + | |
| - | Family: Other | + | |
| - | Manufacturer: | + | |
| - | ID: 61 0F 00 00 FF FB 8B 07 | + | |
| - | Version: pc-i440fx-5.2 | + | |
| - | Voltage: Unknown | + | |
| - | External Clock: Unknown | + | |
| - | Max Speed: 2000 MHz | + | |
| - | Current Speed: 2000 MHz | + | |
| - | Status: Populated, Enabled | + | |
| - | Upgrade: Other | + | |
| - | L1 Cache Handle: Not Provided | + | |
| - | L2 Cache Handle: Not Provided | + | |
| - | L3 Cache Handle: Not Provided | + | |
| - | Serial Number: Not Specified | + | |
| - | Asset Tag: Not Specified | + | |
| - | Part Number: Not Specified | + | |
| - | Core Count: 4 | + | |
| - | Core Enabled: 4 | + | |
| - | Thread Count: 1 | + | |
| - | Characteristics: None | + | |
| - | Handle 0x0401, DMI type 4, 42 bytes | + | < |
| - | Processor Information | + | [root@centos8 ~]# nmcli connection up ip_fixed |
| - | Socket Designation: | + | |
| - | Type: Central Processor | + | |
| - | Family: Other | + | |
| - | Manufacturer: | + | |
| - | ID: 61 0F 00 00 FF FB 8B 07 | + | |
| - | Version: pc-i440fx-5.2 | + | |
| - | Voltage: Unknown | + | |
| - | External Clock: Unknown | + | |
| - | Max Speed: 2000 MHz | + | |
| - | Current Speed: 2000 MHz | + | |
| - | Status: Populated, Enabled | + | |
| - | Upgrade: Other | + | |
| - | L1 Cache Handle: Not Provided | + | |
| - | L2 Cache Handle: Not Provided | + | |
| - | L3 Cache Handle: Not Provided | + | |
| - | Serial Number: Not Specified | + | |
| - | Asset Tag: Not Specified | + | |
| - | Part Number: Not Specified | + | |
| - | Core Count: 4 | + | |
| - | Core Enabled: 4 | + | |
| - | Thread Count: 1 | + | |
| - | Characteristics: | + | |
| - | Handle 0x1000, DMI type 16, 23 bytes | + | </ |
| - | Physical Memory Array | + | |
| - | Location: Other | + | |
| - | Use: System Memory | + | |
| - | Error Correction Type: Multi-bit ECC | + | |
| - | Maximum Capacity: 4 GB | + | |
| - | Error Information Handle: Not Provided | + | |
| - | Number Of Devices: 1 | + | |
| - | Handle 0x1100, DMI type 17, 40 bytes | + | Note that because of the IP address change, your terminal is now blocked. |
| - | Memory Device | + | |
| - | Array Handle: 0x1000 | + | |
| - | Error Information Handle: Not Provided | + | |
| - | Total Width: Unknown | + | |
| - | Data Width: Unknown | + | |
| - | Size: 4 GB | + | |
| - | Form Factor: DIMM | + | |
| - | Set: None | + | |
| - | Locator: DIMM 0 | + | |
| - | Bank Locator: Not Specified | + | |
| - | Type: RAM | + | |
| - | Type Detail: Other | + | |
| - | Speed: Unknown | + | |
| - | Manufacturer: | + | |
| - | Serial Number: Not Specified | + | |
| - | Asset Tag: Not Specified | + | |
| - | Part Number: Not Specified | + | |
| - | Rank: Unknown | + | |
| - | Configured Memory Speed: Unknown | + | |
| - | Minimum Voltage: Unknown | + | |
| - | Maximum Voltage: Unknown | + | |
| - | Configured Voltage: Unknown | + | |
| - | Handle 0x1300, DMI type 19, 31 bytes | + | <WRAP center round todo 60%> |
| - | Memory Array Mapped Address | + | **To do** - Reconnect to the VM using the **CentOS8_SSH_10.0.2.46** connection. |
| - | | + | </ |
| - | Ending Address: 0x000BFFFFFFF | + | |
| - | Range Size: 3 GB | + | |
| - | Physical Array Handle: 0x1000 | + | |
| - | Partition Width: 1 | + | |
| - | Handle 0x1301, DMI type 19, 31 bytes | + | The ip_fixed is now activated and the enp0s3 has been disactivated: |
| - | Memory Array Mapped Address | + | |
| - | Starting Address: 0x00100000000 | + | |
| - | Ending Address: 0x0013FFFFFFF | + | |
| - | Range Size: 1 GB | + | |
| - | Physical Array Handle: 0x1000 | + | |
| - | Partition Width: 1 | + | |
| - | + | ||
| - | Handle 0x2000, DMI type 32, 11 bytes | + | |
| - | System Boot Information | + | |
| - | Status: No errors detected | + | |
| - | + | ||
| - | Handle 0x7F00, DMI type 127, 4 bytes | + | |
| - | End Of Table | + | |
| - | </ | + | |
| - | + | ||
| - | ===Command Line Switches=== | + | |
| - | + | ||
| - | The command line switches of this command are: | + | |
| < | < | ||
| - | [root@centos7 | + | [root@centos8 |
| - | Usage: dmidecode [OPTIONS] | + | NAME |
| - | Options are: | + | ip_fixed 0f48c74d-5d16-4c37-8220-24644507b589 |
| - | -d, --dev-mem FILE Read memory from device FILE (default: /dev/mem) | + | virbr0 |
| - | -h, --help | + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e |
| - | -q, --quiet Less verbose output | + | |
| - | -s, --string KEYWORD | + | [root@centos8 ~]# nmcli d show |
| - | -t, --type | + | GENERAL.DEVICE: |
| - | -u, --dump | + | GENERAL.TYPE: |
| - | --dump-bin FILE Dump the DMI data to a binary file | + | GENERAL.HWADDR: |
| - | | + | GENERAL.MTU: |
| - | -V, --version | + | GENERAL.STATE: |
| - | </code> | + | GENERAL.CONNECTION: |
| + | GENERAL.CON-PATH: / | ||
| + | WIRED-PROPERTIES.CARRIER: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| - | =====LAB #2 - The sysctl Command===== | + | GENERAL.DEVICE: |
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP6.GATEWAY: | ||
| - | ====2.1 - The /proc Directory==== | + | GENERAL.DEVICE: |
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| - | The /proc directory contains virtual files and directories wich are created dynamically when consulted. Only root can consult all of the information in /proc. | + | GENERAL.DEVICE: |
| - | + | GENERAL.TYPE: tun | |
| - | < | + | GENERAL.HWADDR: |
| - | [root@centos8 ~]# ls /proc | + | GENERAL.MTU: |
| - | 1 16391 19 2212 2427 2622 431 | + | GENERAL.STATE: |
| - | 10 16476 1931 2215 2428 2659 432 | + | GENERAL.CONNECTION: |
| - | 1007 | + | GENERAL.CON-PATH: |
| - | 11 | + | lines 27-49/49 (END) |
| - | 11805 16593 2 | + | [q] |
| - | 12 | + | |
| - | 1219 | + | |
| - | 1228 | + | |
| - | 1232 | + | |
| - | 1234 | + | |
| - | 1235 | + | |
| - | 1247 | + | |
| - | 13 | + | |
| - | 1307 | + | |
| - | 1339 | + | |
| - | 1356 | + | |
| - | 14 | + | |
| - | 1441 | + | |
| - | 1443 | + | |
| - | 1444 | + | |
| - | 1446 | + | |
| - | 14977 1828 | + | |
| - | 15 | + | |
| - | 15067 183 2167 2330 2571 422 | + | |
| - | 1536 | + | |
| - | 1553 | + | |
| - | 15594 186 2187 2358 259 | + | |
| - | 15735 187 2190 2373 2593 427 | + | |
| - | 16 | + | |
| - | 16165 1883 | + | |
| - | 16167 1888 | + | |
| </ | </ | ||
| - | ===Files=== | + | To see the characteristics of **ens18** connection, use the following command: |
| - | + | ||
| - | ==/ | + | |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | [root@centos8 ~]# nmcli -p connection show ens18 |
| - | processor | + | =============================================================================== |
| - | vendor_id | + | |
| - | cpu family | + | =============================================================================== |
| - | model : 6 | + | connection.id: ens18 |
| - | model name : Common KVM processor | + | connection.uuid: |
| - | stepping | + | connection.stable-id: -- |
| - | microcode | + | connection.type: |
| - | cpu MHz : 1999.987 | + | connection.interface-name: ens18 |
| - | cache size : 16384 KB | + | connection.autoconnect: |
| - | physical | + | connection.autoconnect-priority: 0 |
| - | siblings | + | connection.autoconnect-retries: -1 (default) |
| - | core id | + | connection.multi-connect: 0 (default) |
| - | cpu cores : 4 | + | connection.auth-retries: -1 |
| - | apicid | + | connection.timestamp: 1630224060 |
| - | initial apicid | + | connection.read-only: no |
| - | fpu : yes | + | connection.permissions: -- |
| - | fpu_exception | + | connection.zone: -- |
| - | cpuid level : 13 | + | connection.master: -- |
| - | wp | + | connection.slave-type: -- |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | connection.autoconnect-slaves: -1 (default) |
| - | bugs | + | connection.secondaries: -- |
| - | bogomips | + | connection.gateway-ping-timeout: 0 |
| - | clflush size | + | connection.metered: unknown |
| - | cache_alignment | + | connection.lldp: |
| - | address sizes : 40 bits physical, 48 bits virtual | + | connection.mdns: -1 (default) |
| - | power management: | + | connection.llmnr: -1 (default) |
| - | + | connection.wait-device-timeout: -1 | |
| - | processor | + | ------------------------------------------------------------------------------- |
| - | vendor_id | + | 802-3-ethernet.port: -- |
| - | cpu family | + | 802-3-ethernet.speed: |
| - | model : 6 | + | 802-3-ethernet.duplex: -- |
| - | model name : Common KVM processor | + | 802-3-ethernet.auto-negotiate: |
| - | stepping | + | 802-3-ethernet.mac-address: -- |
| - | microcode | + | 802-3-ethernet.cloned-mac-address: -- |
| - | cpu MHz : 1999.987 | + | 802-3-ethernet.generate-mac-address-mask:-- |
| - | cache size : 16384 KB | + | 802-3-ethernet.mac-address-blacklist: -- |
| - | physical id : 0 | + | 802-3-ethernet.mtu: auto |
| - | siblings | + | 802-3-ethernet.s390-subchannels: |
| - | core id : 1 | + | 802-3-ethernet.s390-nettype: -- |
| - | cpu cores : 4 | + | 802-3-ethernet.s390-options: -- |
| - | apicid | + | 802-3-ethernet.wake-on-lan: default |
| - | initial apicid | + | 802-3-ethernet.wake-on-lan-password: -- |
| - | fpu : yes | + | ------------------------------------------------------------------------------- |
| - | fpu_exception | + | ipv4.method: |
| - | cpuid level : 13 | + | ipv4.dns: 8.8.8.8 |
| - | wp : yes | + | ipv4.dns-search: |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | ipv4.dns-options: -- |
| - | bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit | + | ipv4.dns-priority: 0 |
| - | bogomips | + | ipv4.addresses: 10.0.2.45/ |
| - | clflush size : 64 | + | ipv4.gateway: 10.0.2.1 |
| - | cache_alignment : 128 | + | ipv4.routes: -- |
| - | address sizes : 40 bits physical, 48 bits virtual | + | ipv4.route-metric: -1 |
| - | power management: | + | ipv4.route-table: 0 (unspec) |
| - | + | ipv4.routing-rules: -- | |
| - | processor | + | ipv4.ignore-auto-routes: no |
| - | vendor_id | + | ipv4.ignore-auto-dns: no |
| - | cpu family | + | ipv4.dhcp-client-id: -- |
| - | model : 6 | + | ipv4.dhcp-iaid: -- |
| - | model name : Common KVM processor | + | ipv4.dhcp-timeout: 0 (default) |
| - | stepping | + | ipv4.dhcp-send-hostname: yes |
| - | microcode | + | ipv4.dhcp-hostname: -- |
| - | cpu MHz : 1999.987 | + | ipv4.dhcp-fqdn: -- |
| - | cache size | + | ipv4.dhcp-hostname-flags: |
| - | physical id : 0 | + | ipv4.never-default: no |
| - | siblings | + | ipv4.may-fail: yes |
| - | core id : 2 | + | ipv4.dad-timeout: -1 (default) |
| - | cpu cores : 4 | + | ipv4.dhcp-vendor-class-identifier: -- |
| - | apicid | + | ipv4.dhcp-reject-servers: -- |
| - | initial apicid | + | ------------------------------------------------------------------------------- |
| - | fpu | + | ipv6.method: auto |
| - | fpu_exception | + | ipv6.dns: -- |
| - | cpuid level : 13 | + | ipv6.dns-search: -- |
| - | wp : yes | + | ipv6.dns-options: -- |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | ipv6.dns-priority: 0 |
| - | bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit | + | ipv6.addresses: -- |
| - | bogomips | + | ipv6.gateway: -- |
| - | clflush size | + | ipv6.routes: -- |
| - | cache_alignment : 128 | + | ipv6.route-metric: -1 |
| - | address sizes | + | ipv6.route-table: 0 (unspec) |
| - | power management: | + | ipv6.routing-rules: -- |
| - | + | ipv6.ignore-auto-routes: no | |
| - | processor | + | ipv6.ignore-auto-dns: no |
| - | vendor_id | + | ipv6.never-default: no |
| - | cpu family | + | ipv6.may-fail: yes |
| - | model : 6 | + | ipv6.ip6-privacy: 0 (disabled) |
| - | model name : Common KVM processor | + | ipv6.addr-gen-mode: stable-privacy |
| - | stepping | + | ipv6.ra-timeout: 0 (default) |
| - | microcode | + | ipv6.dhcp-duid: -- |
| - | cpu MHz : 1999.987 | + | ipv6.dhcp-iaid: -- |
| - | cache size | + | ipv6.dhcp-timeout: 0 (default) |
| - | physical id : 0 | + | ipv6.dhcp-send-hostname: yes |
| - | siblings | + | ipv6.dhcp-hostname: -- |
| - | core id : | + | ipv6.dhcp-hostname-flags: |
| - | cpu cores : 4 | + | ipv6.token: -- |
| - | apicid | + | ------------------------------------------------------------------------------- |
| - | initial apicid | + | proxy.method: none |
| - | fpu | + | proxy.browser-only: no |
| - | fpu_exception | + | proxy.pac-url: -- |
| - | cpuid level : 13 | + | proxy.pac-script: -- |
| - | wp | + | ------------------------------------------------------------------------------- |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | lines 56-100/100 (END) |
| - | bugs | + | [q] |
| - | bogomips | + | |
| - | clflush size | + | |
| - | cache_alignment | + | |
| - | address sizes : 40 bits physical, 48 bits virtual | + | |
| - | power management: | + | |
| - | + | ||
| - | processor | + | |
| - | vendor_id | + | |
| - | cpu family | + | |
| - | model : 6 | + | |
| - | model name | + | |
| - | stepping | + | |
| - | microcode | + | |
| - | cpu MHz : 1999.987 | + | |
| - | cache size | + | |
| - | physical | + | |
| - | siblings | + | |
| - | core id : 0 | + | |
| - | cpu cores : 4 | + | |
| - | apicid | + | |
| - | initial apicid | + | |
| - | fpu : yes | + | |
| - | fpu_exception | + | |
| - | cpuid level : 13 | + | |
| - | wp : yes | + | |
| - | flags | + | |
| - | bugs | + | |
| - | bogomips | + | |
| - | clflush size | + | |
| - | cache_alignment | + | |
| - | address sizes : 40 bits physical, 48 bits virtual | + | |
| - | power management: | + | |
| - | + | ||
| - | processor | + | |
| - | vendor_id | + | |
| - | cpu family | + | |
| - | model : 6 | + | |
| - | model name | + | |
| - | stepping | + | |
| - | microcode | + | |
| - | cpu MHz : 1999.987 | + | |
| - | cache size | + | |
| - | physical id : 1 | + | |
| - | siblings | + | |
| - | core id : 1 | + | |
| - | cpu cores : 4 | + | |
| - | apicid | + | |
| - | initial apicid | + | |
| - | fpu : yes | + | |
| - | fpu_exception | + | |
| - | cpuid level : 13 | + | |
| - | wp | + | |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | |
| - | bugs | + | |
| - | bogomips | + | |
| - | clflush size | + | |
| - | cache_alignment : 128 | + | |
| - | address sizes : 40 bits physical, 48 bits virtual | + | |
| - | power management: | + | |
| - | + | ||
| - | processor | + | |
| - | vendor_id | + | |
| - | cpu family | + | |
| - | model : 6 | + | |
| - | model name : Common KVM processor | + | |
| - | stepping | + | |
| - | microcode | + | |
| - | cpu MHz : 1999.987 | + | |
| - | cache size : 16384 KB | + | |
| - | physical id : 1 | + | |
| - | siblings | + | |
| - | core id : 2 | + | |
| - | cpu cores : 4 | + | |
| - | apicid | + | |
| - | initial apicid | + | |
| - | fpu : yes | + | |
| - | fpu_exception | + | |
| - | cpuid level : 13 | + | |
| - | wp : yes | + | |
| - | flags | + | |
| - | bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit | + | |
| - | bogomips | + | |
| - | clflush size | + | |
| - | cache_alignment : 128 | + | |
| - | address sizes : 40 bits physical, 48 bits virtual | + | |
| - | power management: | + | |
| - | + | ||
| - | processor | + | |
| - | vendor_id | + | |
| - | cpu family | + | |
| - | model : 6 | + | |
| - | model name : Common KVM processor | + | |
| - | stepping | + | |
| - | microcode | + | |
| - | cpu MHz : 1999.987 | + | |
| - | cache size | + | |
| - | physical id : 1 | + | |
| - | siblings | + | |
| - | core id : 3 | + | |
| - | cpu cores : 4 | + | |
| - | apicid | + | |
| - | initial apicid | + | |
| - | fpu : yes | + | |
| - | fpu_exception | + | |
| - | cpuid level : 13 | + | |
| - | wp : yes | + | |
| - | flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx lm constant_tsc nopl xtopology cpuid tsc_known_freq pni cx16 x2apic hypervisor lahf_lm cpuid_fault pti | + | |
| - | bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit | + | |
| - | bogomips | + | |
| - | clflush size | + | |
| - | cache_alignment : 128 | + | |
| - | address sizes : 40 bits physical, 48 bits virtual | + | |
| - | power management: | + | |
| </ | </ | ||
| - | ==/ | + | To see the characteristics of the **ip_fixed** profile, use the following command: |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | [root@centos8 ~]# nmcli -p connection show ip_fixed |
| - | CPU0 | + | =============================================================================== |
| - | 0: | + | Connection profile details (ip_fixed) |
| - | | + | =============================================================================== |
| - | 8: | + | connection.id: |
| - | 9: 0 | + | connection.uuid: |
| - | 10: | + | connection.stable-id: |
| - | 11: 0 | + | connection.type: |
| - | 12: | + | connection.interface-name: |
| - | 14: | + | connection.autoconnect: |
| - | 15: 7376 0 144 0 0 0 0 84588 IO-APIC 15-edge ata_piix | + | connection.autoconnect-priority: 0 |
| - | 24: | + | connection.autoconnect-retries: |
| - | 25: | + | connection.multi-connect: |
| - | 26: 36 | + | connection.auth-retries: |
| - | 27: 0 | + | connection.timestamp: |
| - | NMI: | + | connection.read-only: no |
| - | LOC: 870537 | + | connection.permissions: |
| - | SPU: | + | connection.zone: |
| - | PMI: 0 | + | connection.master: |
| - | IWI: | + | connection.slave-type: |
| - | RTR: 0 | + | connection.autoconnect-slaves: |
| - | RES: 178171 | + | connection.secondaries: |
| - | CAL: | + | connection.gateway-ping-timeout: 0 |
| - | TLB: 2295 | + | connection.metered: |
| - | TRM: | + | connection.lldp: |
| - | THR: | + | connection.mdns: |
| - | DFR: | + | connection.llmnr: |
| - | MCE: | + | connection.wait-device-timeout: -1 |
| - | MCP: | + | ------------------------------------------------------------------------------- |
| - | HYP: | + | 802-3-ethernet.port: -- |
| - | HRE: | + | 802-3-ethernet.speed: |
| - | HVS: | + | 802-3-ethernet.duplex: -- |
| - | ERR: 0 | + | 802-3-ethernet.auto-negotiate: |
| - | MIS: 0 | + | 802-3-ethernet.mac-address: |
| - | PIN: | + | 802-3-ethernet.cloned-mac-address: |
| - | NPI: 0 0 0 0 0 0 0 0 Nested posted-interrupt event | + | 802-3-ethernet.generate-mac-address-mask: |
| - | PIW: 0 0 0 0 0 0 | + | 802-3-ethernet.mac-address-blacklist: -- |
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: -- | ||
| + | 802-3-ethernet.s390-nettype: -- | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: default | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: 10.0.2.46/24 | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: -- | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: -- | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv6.method: | ||
| + | ipv6.dns: -- | ||
| + | ipv6.dns-search: -- | ||
| + | ipv6.dns-options: -- | ||
| + | ipv6.dns-priority: 0 | ||
| + | ipv6.addresses: -- | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: -- | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: -- | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: yes | ||
| + | ipv6.dhcp-hostname: -- | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | =============================================================================== | ||
| + | Activate connection details (0f48c74d-5d16-4c37-8220-24644507b589) | ||
| + | =============================================================================== | ||
| + | GENERAL.NAME: ip_fixed | ||
| + | GENERAL.UUID: 0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | GENERAL.DEVICES: ens18 | ||
| + | GENERAL.IP-IFACE: ens18 | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: yes | ||
| + | GENERAL.DEFAULT6: no | ||
| + | GENERAL.SPEC-OBJECT: -- | ||
| + | GENERAL.VPN: no | ||
| + | GENERAL.DBUS-PATH: / | ||
| + | GENERAL.CON-PATH: / | ||
| + | GENERAL.ZONE: -- | ||
| + | GENERAL.MASTER-PATH: -- | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP4.ADDRESS[1]: 10.0.2.46/24 | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.0.2.1, mt = 100 | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | lines 83-127/127 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | <WRAP center round important 60%> | + | To see a list of the profiles associated with a device, use the following command: |
| - | **Important** : The use of an IRQ by a peripheral is exclusive. | + | |
| - | </ | + | |
| - | + | ||
| - | ==/ | + | |
| < | < | ||
| - | [root@centos8 ~]# cat /proc/dma | + | [root@centos8 ~]# nmcli -f CONNECTIONS device show ens18 |
| - | 4: cascade | + | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: |
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | ||
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: 0f48c74d-5d16-4c37-8220-24644507b589 | ip_fixed | ||
| </ | </ | ||
| - | ==/proc/ioports== | + | The configuration files for the **ens18** device can be found in the **/etc/sysconfig/ |
| < | < | ||
| - | root@centos8 ~]# cat /proc/ioports | + | [root@centos8 ~]# ls -l /etc/sysconfig/ |
| - | 0000-0cf7 : PCI Bus 0000:00 | + | -rw-r--r--. 1 root root 417 Jun 16 06:39 ifcfg-ens18 |
| - | 0000-001f : dma1 | + | -rw-r--r--. 1 root root 326 Aug 29 03:58 ifcfg-ip_fixed |
| - | 0020-0021 : pic1 | + | |
| - | 0040-0043 : timer0 | + | |
| - | 0050-0053 : timer1 | + | |
| - | 0060-0060 : keyboard | + | |
| - | 0064-0064 : keyboard | + | |
| - | 0070-0077 : rtc0 | + | |
| - | 0080-008f : dma page reg | + | |
| - | 00a0-00a1 : pic2 | + | |
| - | 00c0-00df : dma2 | + | |
| - | 00f0-00ff : fpu | + | |
| - | 0170-0177 : 0000:00:01.1 | + | |
| - | 0170-0177 | + | |
| - | 01f0-01f7 : 0000: | + | |
| - | 01f0-01f7 : ata_piix | + | |
| - | 0376-0376 : 0000: | + | |
| - | 0376-0376 : ata_piix | + | |
| - | 03c0-03df : vga+ | + | |
| - | 03f6-03f6 : 0000:00:01.1 | + | |
| - | 03f6-03f6 | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | <WRAP center round alert 60%> | + | ====1.2 - Name Resolution==== |
| - | **Important** - If two peripherals use the same IO Port, both become unusable. | + | |
| - | </ | + | |
| - | ==/proc/devices== | + | Looking at the **/etc/sysconfig/ |
| < | < | ||
| - | [root@centos8 ~]# cat /proc/devices | + | [root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ip_fixed |
| - | Character devices: | + | TYPE=Ethernet |
| - | 1 mem | + | PROXY_METHOD=none |
| - | 4 /dev/vc/0 | + | BROWSER_ONLY=no |
| - | 4 tty | + | BOOTPROTO=none |
| - | 4 ttyS | + | IPADDR=10.0.2.46 |
| - | 5 /dev/tty | + | PREFIX=24 |
| - | 5 / | + | GATEWAY=10.0.2.1 |
| - | 5 /dev/ptmx | + | DEFROUTE=yes |
| - | 7 vcs | + | IPV4_FAILURE_FATAL=no |
| - | | + | IPV6INIT=yes |
| - | 13 input | + | IPV6_AUTOCONF=yes |
| - | 21 sg | + | IPV6_DEFROUTE=yes |
| - | 29 fb | + | IPV6_FAILURE_FATAL=no |
| - | 128 ptm | + | IPV6_ADDR_GEN_MODE=stable-privacy |
| - | 136 pts | + | NAME=ip_fixed |
| - | 162 raw | + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 |
| - | 180 usb | + | DEVICE=ens18 |
| - | 188 ttyUSB | + | ONBOOT=yes |
| - | 189 usb_device | + | |
| - | 202 cpu/msr | + | |
| - | 203 cpu/cpuid | + | |
| - | 226 drm | + | |
| - | 244 aux | + | |
| - | 245 hidraw | + | |
| - | 246 usbmon | + | |
| - | 247 bsg | + | |
| - | 248 watchdog | + | |
| - | 249 ptp | + | |
| - | 250 pps | + | |
| - | 251 rtc | + | |
| - | 252 dax | + | |
| - | 253 tpm | + | |
| - | 254 gpiochip | + | |
| - | + | ||
| - | Block devices: | + | |
| - | 8 sd | + | |
| - | 9 md | + | |
| - | 11 sr | + | |
| - | 65 sd | + | |
| - | 66 sd | + | |
| - | 67 sd | + | |
| - | 68 sd | + | |
| - | 69 sd | + | |
| - | 70 sd | + | |
| - | 71 sd | + | |
| - | 128 sd | + | |
| - | 129 sd | + | |
| - | 130 sd | + | |
| - | 131 sd | + | |
| - | 132 sd | + | |
| - | 133 sd | + | |
| - | 134 sd | + | |
| - | 135 sd | + | |
| - | 253 device-mapper | + | |
| - | 254 mdp | + | |
| - | 259 blkext | + | |
| </ | </ | ||
| - | ==/ | + | As a result there is currently no name resolution : |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | [root@centos8 ~]# ping www.free.fr |
| - | xt_CHECKSUM 16384 1 - Live 0xffffffffc09a8000 | + | ping: www.free.fr: |
| - | ipt_MASQUERADE 16384 3 - Live 0xffffffffc09a3000 | + | |
| - | xt_conntrack 16384 1 - Live 0xffffffffc099e000 | + | |
| - | ipt_REJECT 16384 2 - Live 0xffffffffc0999000 | + | |
| - | nft_compat 20480 16 - Live 0xffffffffc0993000 | + | |
| - | nf_nat_tftp 16384 0 - Live 0xffffffffc098b000 | + | |
| - | nft_objref 16384 1 - Live 0xffffffffc0986000 | + | |
| - | nf_conntrack_tftp 16384 3 nf_nat_tftp, | + | |
| - | nft_counter 16384 33 - Live 0xffffffffc097c000 | + | |
| - | tun 53248 1 - Live 0xffffffffc096e000 | + | |
| - | bridge 192512 0 - Live 0xffffffffc093e000 | + | |
| - | stp 16384 1 bridge, Live 0xffffffffc0939000 | + | |
| - | llc 16384 2 bridge,stp, Live 0xffffffffc0930000 | + | |
| - | nft_fib_inet 16384 1 - Live 0xffffffffc08f5000 | + | |
| - | nft_fib_ipv4 16384 1 nft_fib_inet, | + | |
| - | nft_fib_ipv6 16384 1 nft_fib_inet, | + | |
| - | nft_fib 16384 3 nft_fib_inet, | + | |
| - | nft_reject_inet 16384 5 - Live 0xffffffffc08de000 | + | |
| - | nf_reject_ipv4 16384 2 ipt_REJECT, | + | |
| - | nf_reject_ipv6 16384 1 nft_reject_inet, | + | |
| - | nft_reject 16384 1 nft_reject_inet, | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | ==/ | + | Modify the **ip_fixed** profile to rectify this: |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | [root@centos8 ~]# nmcli connection mod ip_fixed ipv4.dns |
| - | 8 0 sda 15481 112 1445637 154103 10272 2377 277530 890611 0 237219 1044714 0 0 0 0 | + | |
| - | 8 1 sda1 402 3 66754 13349 31 18 392 4632 0 2824 17981 0 0 0 0 | + | |
| - | 8 2 sda2 14915 109 1375516 140528 8450 2359 277138 869788 0 225416 1010316 0 0 0 0 | + | |
| - | 8 16 sdb 230 0 5991 36 0 0 0 0 0 110 36 0 0 0 0 | + | |
| - | 11 0 sr0 10 0 4 2 0 0 0 0 0 9 2 0 0 0 0 | + | |
| - | | + | |
| - | | + | |
| </ | </ | ||
| - | ==/proc/partitions== | + | Consulting the **/etc/sysconfig/ |
| < | < | ||
| - | [root@centos8 ~]# cat /proc/partitions | + | [root@centos8 ~]# cat /etc/sysconfig/ |
| - | major minor # | + | TYPE=Ethernet |
| - | + | PROXY_METHOD=none | |
| - | 8 0 | + | BROWSER_ONLY=no |
| - | 8 1 1048576 sda1 | + | BOOTPROTO=none |
| - | 8 | + | IPADDR=10.0.2.46 |
| - | 8 | + | PREFIX=24 |
| - | | + | GATEWAY=10.0.2.1 |
| - | 253 0 | + | DEFROUTE=yes |
| - | 253 1 3358720 dm-1 | + | IPV4_FAILURE_FATAL=no |
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixed | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | DNS1=8.8.8.8 | ||
| </ | </ | ||
| - | ==/ | + | Restart the NetworkManager service to apply this change: |
| < | < | ||
| - | [root@centos8 ~]# cat /proc/swaps | + | root@centos8 ~]# systemctl restart NetworkManager.service |
| - | Filename | + | [root@centos8 ~]# systemctl status NetworkManager.service |
| - | /dev/dm-1 | + | ● NetworkManager.service - Network Manager |
| - | </code> | + | |
| + | | ||
| + | Docs: man: | ||
| + | Main PID: 973390 (NetworkManager) | ||
| + | | ||
| + | Memory: 4.6M | ||
| + | | ||
| + | └─973390 | ||
| - | ==/ | + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: |
| - | + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | |
| - | <code> | + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: |
| - | [root@centos8 | + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: < |
| - | 0.00 0.00 0.00 1/697 16936 | + | Aug 29 04: |
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | lines 1-20/20 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | ==/proc/meminfo== | + | Now check that the **/etc/resolv.conf** file has been modified to check the change made: |
| < | < | ||
| - | [root@centos8 ~]# cat /proc/meminfo | + | [root@centos8 ~]# cat /etc/resolv.conf |
| - | MemTotal: | + | # Generated by NetworkManager |
| - | MemFree: | + | search ittraining.loc |
| - | MemAvailable: | + | nameserver 8.8.8.8 |
| - | Buffers: | + | |
| - | Cached: | + | |
| - | SwapCached: | + | |
| - | Active: | + | |
| - | Inactive: | + | |
| - | Active(anon): | + | |
| - | Inactive(anon): | + | |
| - | Active(file): | + | |
| - | Inactive(file): | + | |
| - | Unevictable: | + | |
| - | Mlocked: | + | |
| - | SwapTotal: | + | |
| - | SwapFree: | + | |
| - | Dirty: | + | |
| - | Writeback: | + | |
| - | AnonPages: | + | |
| - | Mapped: | + | |
| - | Shmem: | + | |
| - | KReclaimable: | + | |
| - | Slab: | + | |
| - | SReclaimable: | + | |
| - | SUnreclaim: | + | |
| - | KernelStack: | + | |
| - | PageTables: | + | |
| - | NFS_Unstable: | + | |
| - | Bounce: | + | |
| - | WritebackTmp: | + | |
| - | CommitLimit: | + | |
| - | Committed_AS: | + | |
| - | VmallocTotal: | + | |
| - | VmallocUsed: | + | |
| - | VmallocChunk: | + | |
| - | Percpu: | + | |
| - | HardwareCorrupted: | + | |
| - | AnonHugePages: | + | |
| - | ShmemHugePages: | + | |
| - | ShmemPmdMapped: | + | |
| - | FileHugePages: | + | |
| - | FilePmdMapped: | + | |
| - | HugePages_Total: | + | |
| - | HugePages_Free: | + | |
| - | HugePages_Rsvd: | + | |
| - | HugePages_Surp: | + | |
| - | Hugepagesize: | + | |
| - | Hugetlb: | + | |
| - | DirectMap4k: | + | |
| - | DirectMap2M: | + | |
| </ | </ | ||
| - | ==/ | + | Lastly, check the name resolution: |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | [root@centos8 ~]# ping www.free.fr |
| - | Linux version 4.18.0-305.3.1.el8.x86_64 | + | PING www.free.fr (212.27.48.10) 56(84) bytes of data. |
| + | 64 bytes from www.free.fr (212.27.48.10): icmp_seq=1 ttl=47 time=29.3 ms | ||
| + | 64 bytes from www.free.fr | ||
| + | 64 bytes from www.free.fr | ||
| + | 64 bytes from www.free.fr | ||
| + | ^C | ||
| + | --- www.free.fr ping statistics --- | ||
| + | 4 packets transmitted, | ||
| + | rtt min/ | ||
| </ | </ | ||
| - | ===Répertoires=== | + | <WRAP center round important 60%> |
| + | **Important** : Notez qu'il existe un front-end graphique en mode texte, **nmtui**, pour configurer NetworkManager. | ||
| + | </ | ||
| - | ==ide/scsi== | + | ====1.3 - Adding a Second IP Addresse to a Profile==== |
| - | This sub-directory contains disk capacity, disk type and disk geometry information. | + | To add a second IP address, use the following command: |
| - | + | ||
| - | ==acpi== | + | |
| - | + | ||
| - | This sub-directory contains information on energy management, temperatures, | + | |
| - | + | ||
| - | ==bus== | + | |
| - | + | ||
| - | This sub-directory contains | + | |
| - | + | ||
| - | ==net== | + | |
| - | + | ||
| - | This sub-directory contains information concerning the network. | + | |
| - | + | ||
| - | ==sys== | + | |
| - | + | ||
| - | This sub-directory contains files used by root to configure the kernel. For instance, the following command | + | |
| - | + | ||
| - | # echo 1 > / | + | |
| - | + | ||
| - | ====2.2 - Using the sysctl Command==== | + | |
| - | + | ||
| - | Files in the **/ | + | |
| - | + | ||
| - | The **sysctl** command applies rules at system boot that are defined in the **/ | + | |
| < | < | ||
| - | [root@centos8 ~]# cat /etc/sysctl.conf | + | [root@centos8 ~]# nmcli connection mod ip_fixed +ipv4.addresses 192.168.1.2/24 |
| - | # sysctl settings are defined through files in | + | |
| - | # / | + | |
| - | # | + | |
| - | # Vendors settings live in / | + | |
| - | # To override a whole file, create a new file with the same in | + | |
| - | # / | + | |
| - | # only specific settings, add a file with a lexically later | + | |
| - | # name in / | + | |
| - | # | + | |
| - | # For more information, | + | |
| - | + | ||
| - | [root@centos8 ~]# ls -l / | + | |
| - | total 0 | + | |
| - | lrwxrwxrwx. 1 root root 14 Mar 16 15:42 99-sysctl.conf -> ../sysctl.conf | + | |
| - | [root@centos8 ~]# ls -l / | + | |
| - | total 24 | + | |
| - | -rw-r--r--. 1 root root 1810 Dec 22 2020 10-default-yama-scope.conf | + | |
| - | -rw-r--r--. 1 root root 524 Mar 16 15:42 50-coredump.conf | + | |
| - | -rw-r--r--. 1 root root 1270 Mar 16 15:42 50-default.conf | + | |
| - | -rw-r--r--. 1 root root 246 Jun 15 2020 50-libkcapi-optmem_max.conf | + | |
| - | -rw-r--r--. 1 root root 636 Mar 16 15:42 50-pid-max.conf | + | |
| - | -rw-r--r--. 1 root root 499 Nov 26 2019 60-libvirtd.conf | + | |
| - | + | ||
| - | [root@centos8 ~]# cat / | + | |
| - | # This file is part of systemd. | + | |
| - | # | + | |
| - | # systemd is free software; you can redistribute it and/or modify it | + | |
| - | # under the terms of the GNU Lesser General Public License as published by | + | |
| - | # the Free Software Foundation; either version 2.1 of the License, or | + | |
| - | # (at your option) any later version. | + | |
| - | + | ||
| - | # See sysctl.d(5) and core(5) for documentation. | + | |
| - | + | ||
| - | # To override settings in this file, create a local file in /etc | + | |
| - | # (e.g. / | + | |
| - | # there. | + | |
| - | + | ||
| - | # System Request functionality of the kernel (SYNC) | + | |
| - | # | + | |
| - | # Use kernel.sysrq = 1 to allow all keys. | + | |
| - | # See https:// | + | |
| - | # of values and keys. | + | |
| - | kernel.sysrq = 16 | + | |
| - | + | ||
| - | # Append the PID to the core filename | + | |
| - | kernel.core_uses_pid = 1 | + | |
| - | + | ||
| - | # https:// | + | |
| - | kernel.kptr_restrict = 1 | + | |
| - | + | ||
| - | # Source route verification | + | |
| - | net.ipv4.conf.all.rp_filter = 1 | + | |
| - | + | ||
| - | # Do not accept source routing | + | |
| - | net.ipv4.conf.all.accept_source_route = 0 | + | |
| - | + | ||
| - | # Promote secondary addresses when the primary address is removed | + | |
| - | net.ipv4.conf.all.promote_secondaries = 1 | + | |
| - | + | ||
| - | # Fair Queue CoDel packet scheduler to fight bufferbloat | + | |
| - | net.core.default_qdisc = fq_codel | + | |
| - | + | ||
| - | # Enable hard and soft link protection | + | |
| - | fs.protected_hardlinks = 1 | + | |
| - | fs.protected_symlinks = 1 | + | |
| </ | </ | ||
| - | The command line switches of this command are: | + | Reload the profile: |
| < | < | ||
| - | Usage: | + | [root@centos8 ~]# nmcli con up ip_fixed |
| - | | + | |
| - | + | ||
| - | Options: | + | |
| - | -a, --all display all variables | + | |
| - | -A alias of -a | + | |
| - | -X alias of -a | + | |
| - | --deprecated | + | |
| - | -b, --binary | + | |
| - | -e, --ignore | + | |
| - | -N, --names | + | |
| - | -n, --values | + | |
| - | -p, --load[=< | + | |
| - | -f alias of -p | + | |
| - | --system | + | |
| - | -r, --pattern < | + | |
| - | | + | |
| - | -q, --quiet | + | |
| - | -w, --write | + | |
| - | -o does nothing | + | |
| - | -x does nothing | + | |
| - | -d alias of -h | + | |
| - | + | ||
| - | -h, --help | + | |
| - | -V, --version | + | |
| - | + | ||
| - | For more details see sysctl(8). | + | |
| </ | </ | ||
| - | =====LAB#3 - Interpreting Information in / | + | Check that the new IP address is visible: |
| - | + | ||
| - | The information found in files in the /proc filesystem can be interpreted using the following commands: | + | |
| - | + | ||
| - | * free, | + | |
| - | * uptime et w, | + | |
| - | * iostat, | + | |
| - | * hdparm | + | |
| - | * vmstat, | + | |
| - | * mpstat, | + | |
| - | * sar. | + | |
| - | + | ||
| - | ====3.1 - The free Command==== | + | |
| - | + | ||
| - | The **free** command shows total, used, free, shared, buffered, cached and swapped memory: | + | |
| < | < | ||
| - | [root@centos8 ~]# free -m | + | [root@centos8 ~]# nmcli connection show ip_fixed |
| - | | + | connection.id: |
| - | Mem: 3735 1135 1818 14 | + | connection.uuid: |
| - | Swap: | + | connection.stable-id: |
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: -- | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | GENERAL.NAME: | ||
| + | GENERAL.UUID: | ||
| + | GENERAL.DEVICES: | ||
| + | GENERAL.IP-IFACE: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: | ||
| + | GENERAL.DEFAULT6: | ||
| + | GENERAL.SPEC-OBJECT: | ||
| + | GENERAL.VPN: | ||
| + | GENERAL.DBUS-PATH: | ||
| + | GENERAL.CON-PATH: | ||
| + | GENERAL.ZONE: | ||
| + | GENERAL.MASTER-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.ADDRESS[2]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP4.ROUTE[3]: | ||
| + | IP4.DNS[1]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | lines 72-116/116 (END) | ||
| + | [q] | ||
| </ | </ | ||
| - | In the above example, you can see: | + | <WRAP center round important 60%> |
| + | **Important** : Note the second address on the **ipv4.addresses: | ||
| + | </ | ||
| - | | + | Now check the **/ |
| - | | + | |
| - | | + | |
| - | + | ||
| - | The command line switches of this command are: | + | |
| < | < | ||
| - | [root@centos8 ~]# free --help | + | [root@centos8 ~]# cat / |
| - | + | TYPE=Ethernet | |
| - | Usage: | + | PROXY_METHOD=none |
| - | free [options] | + | BROWSER_ONLY=no |
| - | + | BOOTPROTO=none | |
| - | Options: | + | IPADDR=10.0.2.46 |
| - | -b, --bytes | + | PREFIX=24 |
| - | --kilo | + | GATEWAY=10.0.2.1 |
| - | --mega | + | DEFROUTE=yes |
| - | --giga | + | IPV4_FAILURE_FATAL=no |
| - | --tera | + | IPV6INIT=yes |
| - | --peta | + | IPV6_AUTOCONF=yes |
| - | -k, --kibi | + | IPV6_DEFROUTE=yes |
| - | -m, --mebi | + | IPV6_FAILURE_FATAL=no |
| - | -g, --gibi | + | IPV6_ADDR_GEN_MODE=stable-privacy |
| - | --tebi | + | NAME=ip_fixed |
| - | | + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 |
| - | -h, --human | + | DEVICE=ens18 |
| - | --si use powers of 1000 not 1024 | + | ONBOOT=yes |
| - | -l, --lohi | + | DNS1=8.8.8.8 |
| - | -t, --total | + | IPADDR1=192.168.1.2 |
| - | -s N, --seconds N | + | PREFIX1=24 |
| - | -c N, --count N | + | |
| - | -w, --wide | + | |
| - | + | ||
| - | | + | |
| - | -V, --version | + | |
| - | + | ||
| - | For more details see free(1). | + | |
| </ | </ | ||
| - | ====3.2 - The uptime and w Commands==== | + | <WRAP center round important 60%> |
| - | + | **Important** : Note the addition | |
| - | Each of these commands show the load average over the past 1, 5 and 15 minutes: | + | </ |
| - | + | ||
| - | <code> | + | |
| - | [root@centos8 ~]# uptime | + | |
| - | | + | |
| - | + | ||
| - | [root@centos8 ~]# w | + | |
| - | | + | |
| - | USER | + | |
| - | trainee | + | |
| - | </ | + | |
| - | + | ||
| - | The **load average** indicates | + | |
| - | + | ||
| - | If the load average of a single-core system was **3.48 4.00 3.85** this would indicate a bottleneck since, on average: | + | |
| - | * 2.48 processes would have been waiting to be executed over the last minute, | + | ====1.4 - The hostname Command==== |
| - | * 3.00 processes would have been waiting to be executed over the last 5 minutes, | + | |
| - | * 2.85 processes would have been waiting to be executed over the last 15 minutes, | + | |
| - | The command line switches of these commands are: | + | Any change to the hostname is immediate and permanent: |
| < | < | ||
| - | [root@centos8 ~]# uptime --help | + | [root@centos8 ~]# hostname |
| + | centos8.ittraining.loc | ||
| - | Usage: | + | [root@centos8 ~]# nmcli general hostname centos.ittraining.loc |
| - | | + | |
| - | Options: | + | [root@centos8 ~]# cat / |
| - | -p, --pretty | + | centos.ittraining.loc |
| - | -h, --help | + | |
| - | -s, --since | + | |
| - | -V, --version | + | |
| - | For more details see uptime(1). | + | [root@centos8 ~]# hostname |
| + | centos.ittraining.loc | ||
| - | [root@centos8 ~]# w --help | + | [root@centos8 ~]# nmcli general |
| - | + | ||
| - | Usage: | + | |
| - | w [options] | + | |
| - | + | ||
| - | Options: | + | |
| - | -h, --no-header | + | |
| - | -u, --no-current | + | |
| - | -s, --short | + | |
| - | -f, --from | + | |
| - | -o, --old-style | + | |
| - | -i, --ip-addr | + | |
| - | | + | [root@centos8 ~]# cat / |
| - | -V, --version | + | centos8.ittraining.loc |
| - | For more details see w(1). | + | [root@centos8 ~]# hostname |
| + | centos8.ittraining.loc | ||
| </ | </ | ||
| - | ====3.3 - The iostat | + | ====1.5 - The ip Command==== |
| - | The **iostat** command | + | Use of the **ip** command |
| < | < | ||
| - | [root@centos8 ~]# iostat | + | [root@centos8 ~]# ip address |
| - | bash: iostat: command not found... | + | 1: lo: < |
| - | Install package ' | + | link/loopback 00:00: |
| - | + | inet 127.0.0.1/8 scope host lo | |
| - | + | valid_lft forever preferred_lft forever | |
| - | * Waiting in queue... | + | inet6 ::1/128 scope host |
| - | The following packages have to be installed: | + | valid_lft forever preferred_lft forever |
| - | lm_sensors-libs-3.4.0-22.20180522git70f7e08.el8.x86_64 Lm_sensors core libraries | + | 2: ens18: < |
| - | sysstat-11.7.3-5.el8.x86_64 | + | |
| - | Proceed with changes? [N/y] y | + | inet 10.0.2.46/24 brd 10.0.2.255 scope global noprefixroute ens18 |
| - | + | valid_lft forever preferred_lft forever | |
| - | + | inet 192.168.1.2/24 brd 192.168.1.255 scope global noprefixroute ens18 | |
| - | * Waiting in queue... | + | valid_lft forever preferred_lft forever |
| - | * Waiting for authentication... | + | inet6 fe80:: |
| - | * Waiting in queue... | + | valid_lft forever preferred_lft forever |
| - | * Downloading packages... | + | 3: virbr0: <NO-CARRIER, |
| - | * Requesting data... | + | |
| - | * Testing changes... | + | inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 |
| - | * Installing packages... | + | valid_lft forever preferred_lft forever |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | 4: virbr0-nic: < |
| - | + | | |
| - | avg-cpu: %user %nice %system %iowait | + | |
| - | 0.03 0.00 0.03 0.01 0.00 | + | |
| - | + | ||
| - | Device | + | |
| - | sda 0.28 7.67 1.49 | + | |
| - | sdb | + | |
| - | scd0 0.00 | + | |
| - | dm-0 0.26 | + | |
| - | dm-1 0.00 0.02 0.00 | + | |
| </ | </ | ||
| - | < | + | ===Command Line Switches=== |
| - | [root@centos8 ~]# iostat -d -x | + | |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | |
| - | + | ||
| - | Device | + | |
| - | sda 0.20 0.16 | + | |
| - | sdb 0.00 0.00 0.02 0.00 | + | |
| - | scd0 | + | |
| - | dm-0 | + | |
| - | dm-1 | + | |
| - | </ | + | |
| The command line switches of this command are: | The command line switches of this command are: | ||
| < | < | ||
| - | [root@centos8 ~]# iostat | + | [root@centos8 ~]# ip --help |
| - | Usage: | + | Usage: |
| - | Options are: | + | |
| - | [ -c ] [ -d ] [ -h ] [ -k | -m ] [ -N ] [ -s ] [ -t ] [ -V ] [ -x ] [ -y ] [ -z ] | + | where OBJECT |
| - | [ -j { ID | LABEL | PATH | UUID | ... } ] [ --human ] [ -o JSON ] | + | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | |
| - | [ [ -H ] -g < | + | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | |
| - | [ < | + | vrf | sr | nexthop | mptcp } |
| - | </ | + | |
| - | + | | |
| - | ====3.4 | + | -f[amily] |
| - | + | | |
| - | The hdparm command measures disk reads: | + | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | |
| - | + | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | | |
| - | < | + | |
| - | [root@centos8 ~]# hdparm -t /dev/sda | + | -c[olor]} |
| - | /dev/sda: | ||
| - | | ||
| </ | </ | ||
| - | ====3.5 - La Commande vmstat==== | + | ====1.6 - Manually Activating and Disactivating a Device==== |
| - | The **vmstat** | + | Two commands |
| < | < | ||
| - | [root@centos8 ~]# vmstat 1 10 | + | # nmcli device disconnect enp0s3 |
| - | procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- | + | # nmcli device connect enp0s3 |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | </ | + | |
| - | + | ||
| - | The command line switches of this command are: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# vmstat --help | + | |
| - | + | ||
| - | Usage: | + | |
| - | | + | |
| - | + | ||
| - | Options: | + | |
| - | -a, --active | + | |
| - | -f, --forks | + | |
| - | -m, --slabs | + | |
| - | -n, --one-header | + | |
| - | -s, --stats | + | |
| - | -d, --disk | + | |
| - | -D, --disk-sum | + | |
| - | -p, --partition < | + | |
| - | -S, --unit < | + | |
| - | -w, --wide | + | |
| - | -t, --timestamp | + | |
| - | + | ||
| - | -h, --help | + | |
| - | -V, --version | + | |
| - | + | ||
| - | For more details see vmstat(8). | + | |
| </ | </ | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** : By default vmstat shows statistics from boot until current time. | + | **Important** : Do **NOT** execute these two commands. |
| </ | </ | ||
| - | ====3.6 - The mpstat Command==== | + | ====1.7 - Static Routing==== |
| - | La commande **mpstat** affiche des statistiques détaillées sur le CPU : | + | ===The ip Command=== |
| - | < | + | To delete the 192.168.1.0 route, use the following command: |
| - | [root@centos8 ~]# mpstat | + | |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | |
| - | + | ||
| - | 04: | + | |
| - | 04: | + | |
| - | </ | + | |
| - | + | ||
| - | If there are several CPU's in the system, statistics can be viewed by core and as an average: | + | |
| < | < | ||
| - | [root@centos8 ~]# mpstat -P ALL | + | [root@centos8 ~]# ip route |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) 29/06/21 _x86_64_(8 CPU) | + | default via 10.0.2.1 dev ens18 proto static metric 100 |
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.1.0/24 dev ens18 proto kernel scope link src 192.168.1.2 metric 100 | ||
| + | 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown | ||
| - | 04: | + | root@centos8 ~]# ip route del 192.168.1.0/24 via 0.0.0.0 |
| - | 04: | + | [root@centos8 ~]# ip route |
| - | 04: | + | default via 10.0.2.1 dev ens18 proto static metric 100 |
| - | 04: | + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 |
| - | 04: | + | 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| </ | </ | ||
| - | Finally, mpstat is capable of showing statistics over time. In the following | + | To add a route for the 192.168.1.0 network, use the following |
| < | < | ||
| - | [root@centos8 ~]# mpstat -P ALL 2 5 | + | [root@centos8 ~]# ip route add 192.168.1.0/24 via 10.0.2.1 |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | [root@centos8 ~]# ip route |
| - | + | default via 10.0.2.1 dev ens18 proto static metric | |
| - | 04: | + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric |
| - | 04: | + | 192.168.1.0/24 via 10.0.2.1 |
| - | 04: | + | 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | + | ||
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | + | ||
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | + | ||
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | + | ||
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | 04: | + | |
| - | + | ||
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| </ | </ | ||
| - | The command line switches of this command are: | + | <WRAP center round important 60%> |
| - | + | **Important** | |
| - | <code> | + | </ |
| - | [root@centos8 ~]# mpstat --help | + | |
| - | Usage: mpstat [ options ] [ < | + | |
| - | Options are: | + | |
| - | [ -A ] [ -n ] [ -u ] [ -V ] [ -I { SUM | CPU | SCPU | ALL } ] | + | |
| - | [ -N { < | + | |
| - | </ | + | |
| - | + | ||
| - | ====3.7 | + | |
| - | + | ||
| - | The **sar** command can survey all system resources dependant upon the switch that is used. Several important switches are: | + | |
| - | ^ Switch ^ Description ^ | + | ===Disactivating/ |
| - | | -u | CPU usage in % | | + | |
| - | | -q | Number of processes in the process queue | | + | |
| - | | -r | Memory usage | | + | |
| - | | -w | Swap usage | | + | |
| - | | -p | Pagination usage | | + | |
| - | | -b | Buffer usage | | + | |
| - | | -d | Disk usage | | + | |
| - | The **/ | + | To disactivate internal routing between interfaces, use the following |
| < | < | ||
| - | [root@centos8 ~]# ls /usr/lib64/sa | + | [root@centos8 ~]# cat /proc/sys/net/ |
| - | sa1 sa2 sadc | + | 1 |
| + | [root@centos8 ~]# echo 0 > / | ||
| + | [root@centos8 ~]# cat / | ||
| + | 0 | ||
| </ | </ | ||
| - | The **/ | + | To activate internal routing between interfaces, use the following |
| - | + | ||
| - | ^ Switch ^ Description ^ | + | |
| - | | -t | Interval | | + | |
| - | | -n | Count | | + | |
| - | + | ||
| - | The **/ | + | |
| < | < | ||
| - | [root@centos8 ~]# ls /var/log/sa/ | + | [root@centos8 ~]# echo 1 > /proc/sys/net/ipv4/ |
| - | sa29 s | + | [root@centos8 ~]# cat / |
| - | + | 1 | |
| - | + | ||
| - | ar29 | + | |
| </ | </ | ||
| - | Using CentOS / RHEL 8, the interval between collects is configured using systemd **timers** de systemd and not cron as was previously the case: | + | =====LAB #2 - Diagnostics===== |
| - | < | + | ====2.1 - ping==== |
| - | [root@centos8 ~]# cat / | + | |
| - | # / | + | |
| - | # (C) 2014 Tomasz Torcz < | + | |
| - | # | + | |
| - | # sysstat-11.7.3 systemd unit file: | + | |
| - | # Activates activity collector every 10 minutes | + | |
| - | + | ||
| - | [Unit] | + | |
| - | Description=Run system activity accounting tool every 10 minutes | + | |
| - | + | ||
| - | [Timer] | + | |
| - | OnCalendar=*:00/10 | + | |
| - | + | ||
| - | [Install] | + | |
| - | WantedBy=sysstat.service | + | |
| - | </ | + | |
| - | + | ||
| - | The **OnCalendar** value indicates a collect every 10 minutes. | + | |
| - | To change this value, you need to create an **override** file in **/ | + | To test whether a destination can be reached, use the **ping** command: |
| < | < | ||
| - | [root@centos8 ~]# systemctl edit sysstat-collect.timer | + | [root@centos8 ~]# ping -c4 10.0.2.1 |
| - | [root@centos8 ~]# cat / | + | PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data. |
| - | [Unit] | + | 64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.104 ms |
| - | Description=Run system activity accounting tool every 2 minutes | + | 64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.325 ms |
| + | 64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.250 ms | ||
| + | 64 bytes from 10.0.2.1: icmp_seq=4 ttl=64 time=0.123 ms | ||
| - | [Timer] | + | --- 10.0.2.1 ping statistics --- |
| - | OnCalendar= | + | 4 packets transmitted, |
| - | OnCalendar=*: | + | rtt min/avg/ |
| - | AccuracySec=0 | + | |
| </ | </ | ||
| - | <WRAP center round important 60%> | + | ===Command Line Switches=== |
| - | **Important** : Note the line **OnCalendar=** which is required to override the default value. | + | |
| - | </ | + | |
| - | Now check if the configuration has been applied: | + | The command line switches of this command are: |
| < | < | ||
| - | [root@centos8 ~]# systemctl status sysstat-collect.timer | + | [root@centos8 ~]# ping --help |
| - | ● sysstat-collect.timer | + | ping: invalid option |
| - | Loaded: loaded (/ | + | Usage: ping [-aAbBdDfhLnOqrRUvV64] [-c count] [-i interval] [-I interface] |
| - | Drop-In: / | + | [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] |
| - | | + | [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] |
| - | Active: active (waiting) since Tue 2021-06-29 06:16:04 EDT; 3h 2min ago | + | [-w deadline] [-W timeout] [hop1 ...] destination |
| - | | + | Usage: ping -6 [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] |
| - | + | [-l preload] [-m mark] [-M pmtudisc_option] | |
| - | Jun 29 06:16:04 centos8.ittraining.loc systemd[1]: Started Run system activity accounting tool every 10 minutes. | + | [-N nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] |
| + | | ||
| + | [-W timeout] destination | ||
| </ | </ | ||
| - | < | + | ====2.2 - netstat |
| - | [root@centos8 ~]# journalctl -g sysstat-collect.service | + | |
| - | -- Logs begin at Mon 2021-06-28 02:04:10 EDT, end at Tue 2021-06-29 09:18:00 EDT. -- | + | |
| - | Jun 29 06:20:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 06:26:29 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 06:30:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 06:40:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 06:50:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:00:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:10:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:20:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:30:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:40:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:50:33 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:53:56 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:54:00 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:56:00 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 07:58:00 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | Jun 29 08:00:00 centos8.ittraining.loc systemd[1]: sysstat-collect.service: | + | |
| - | ... | + | |
| - | </ | + | |
| - | Execute | + | To see networking statistics, use the **netstat** |
| < | < | ||
| - | [root@centos8 ~]# sar | + | [root@centos8 ~]# netstat |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | Kernel Interface table |
| - | + | Iface | |
| - | 06: | + | ens18 1500 |
| - | + | lo 65536 10936 | |
| - | 06: | + | virbr0 |
| - | 06: | + | |
| - | 06: | + | |
| - | 06: | + | |
| - | 06: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | Average: | + | |
| - | + | ||
| - | 07: | + | |
| - | + | ||
| - | 07: | + | |
| - | 07: | + | |
| - | 08:00:00 | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 08: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | + | ||
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | Average: | + | |
| </ | </ | ||
| - | ===CPU Stats=== | + | ===Command Line Switches=== |
| - | Use the -u switch: | + | The command line switches of this command are: |
| < | < | ||
| - | [root@centos8 ~]# sar -u 5 3 | + | [root@centos8 ~]# netstat |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | usage: netstat [-vWeenNcCF] [< |
| + | | ||
| + | | ||
| - | 09: | + | -r, --route |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | Average: | + | |
| - | </ | + | -M, --masquerade |
| - | More information can be shown by using the **ALL** argument: | + | -v, --verbose |
| + | -W, --wide | ||
| + | -n, --numeric | ||
| + | --numeric-hosts | ||
| + | --numeric-ports | ||
| + | --numeric-users | ||
| + | -N, --symbolic | ||
| + | -e, --extend | ||
| + | -p, --programs | ||
| + | -o, --timers | ||
| + | -c, --continuous | ||
| - | < | + | |
| - | [root@centos8 ~]# sar -u ALL 5 3 | + | -a, --all display all sockets |
| - | Linux 4.18.0-305.3.1.el8.x86_64 | + | -F, --fib display Forwarding Information Base (default) |
| + | -C, --cache | ||
| + | -Z, --context | ||
| - | 01: | + | |
| - | 01:49:19 all 0.03 0.00 0.00 0.00 0.00 0.03 0.00 0.00 0.00 99.95 | + | {-x|--unix} --ax25 --ipx --netrom |
| - | 01:49:24 all 0.03 0.00 0.03 0.00 0.00 0.10 0.05 0.00 0.00 99.80 | + | < |
| - | 01: | + | List of possible address families (which support routing): |
| - | Average: | + | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) |
| + | | ||
| + | x25 (CCITT X.25) | ||
| </ | </ | ||
| - | To see the statistics from a specific core, use the **-P** switch: | + | ====2.3 |
| - | < | + | This command is used to discover |
| - | [root@centos8 ~]# sar -u -P 1 5 3 | + | |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | |
| - | + | ||
| - | 01: | + | |
| - | 01: | + | |
| - | 01: | + | |
| - | 01: | + | |
| - | Average: | + | |
| - | [root@centos8 ~]# sar -u -P 5 5 3 | + | |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | |
| - | + | ||
| - | 01: | + | |
| - | 01: | + | |
| - | 01: | + | |
| - | 01: | + | |
| - | Average: | + | |
| - | </ | + | |
| - | + | ||
| - | ===Memory and Swap Statistics=== | + | |
| - | + | ||
| - | Use the **-r** switch | + | |
| < | < | ||
| - | [root@centos8 ~]# sar -r 5 3 | + | [root@centos8 ~]# traceroute www.ittraining.network |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | bash: traceroute: command not found... |
| + | Install package ' | ||
| - | 07: | ||
| - | 07: | ||
| - | 07: | ||
| - | 07: | ||
| - | Average: | ||
| - | </ | ||
| - | Use the **-S** switch | + | * Waiting in queue... |
| + | The following packages have to be installed: | ||
| + | | ||
| + | Proceed with changes? [N/y] y | ||
| - | < | ||
| - | [root@centos8 ~]# sar -S 5 3 | ||
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | ||
| - | 07: | + | * Waiting in queue... |
| - | 07: | + | * Waiting for authentication... |
| - | 07: | + | * Waiting in queue... |
| - | 07: | + | * Downloading packages... |
| - | Average: | + | * Requesting data... |
| + | * Testing changes... | ||
| + | * Installing packages... | ||
| + | traceroute to www.ittraining.network (109.228.56.52), | ||
| + | | ||
| + | 2 79.137.68.252 (79.137.68.252) | ||
| + | | ||
| + | 4 10.50.0.16 (10.50.0.16) | ||
| + | 5 10.73.248.192 (10.73.248.192) | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | 10 ae-14.bb-b.fr7.fra.de.oneandone.net (212.227.120.149) | ||
| + | 11 port-channel-3.gw-ngcs-1.dc1.con.glo.gb.oneandone.net (88.208.255.131) | ||
| + | 12 109.228.63.209 (109.228.63.209) | ||
| + | 13 * 109.228.63.209 (109.228.63.209) | ||
| + | 14 * * * | ||
| + | 15 * * * | ||
| + | 16 * * * | ||
| + | 17 * * * | ||
| + | 18 * * * | ||
| + | 19 * * * | ||
| + | 20 * * * | ||
| + | 21 * * * | ||
| + | 22 * * * | ||
| + | 23 * * * | ||
| + | 24 * * * | ||
| + | 25 * * * | ||
| + | 26 * * * | ||
| + | 27 * * * | ||
| + | 28 * * * | ||
| + | 29 * * *^C | ||
| </ | </ | ||
| - | ===I/O Statistics=== | + | ===Command Line Switches=== |
| - | Use the **-b** switch: | + | The command line switches of this command are: |
| < | < | ||
| - | [root@centos8 ~]# sar -b 5 3 | + | [root@centos8 ~]# traceroute |
| - | Linux 4.18.0-305.3.1.el8.x86_64 | + | Usage: |
| + | traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w MAX, | ||
| + | Options: | ||
| + | -4 Use IPv4 | ||
| + | -6 Use IPv6 | ||
| + | -d --debug | ||
| + | -F --dont-fragment | ||
| + | -f first_ttl | ||
| + | Start from the first_ttl hop (instead from 1) | ||
| + | -g gate,... --gateway=gate, | ||
| + | Route packets through the specified gateway | ||
| + | (maximum 8 for IPv4 and 127 for IPv6) | ||
| + | -I --icmp | ||
| + | -T --tcp Use TCP SYN for tracerouting (default port is 80) | ||
| + | -i device | ||
| + | Specify a network interface to operate with | ||
| + | -m max_ttl | ||
| + | Set the max number of hops (max TTL to be | ||
| + | reached). Default is 30 | ||
| + | -N squeries | ||
| + | Set the number of probes to be tried | ||
| + | simultaneously (default is 16) | ||
| + | -n Do not resolve IP addresses to their domain names | ||
| + | -p port --port=port | ||
| + | initial udp port value for " | ||
| + | (incremented by each probe, default is 33434), or | ||
| + | initial seq for " | ||
| + | default from 1), or some constant destination | ||
| + | port for other methods (with default of 80 for | ||
| + | " | ||
| + | -t tos --tos=tos | ||
| + | traffic class) value for outgoing packets | ||
| + | -l flow_label | ||
| + | Use specified flow_label for IPv6 packets | ||
| + | -w MAX, | ||
| + | Wait for a probe no more than HERE (default 3) | ||
| + | times longer than a response from the same hop, | ||
| + | or no more than NEAR (default 10) times than some | ||
| + | next hop, or MAX (default 5.0) seconds | ||
| + | point values allowed too) | ||
| + | -q nqueries | ||
| + | Set the number of probes per each hop. Default is | ||
| + | 3 | ||
| + | -r Bypass the normal routing and send directly to a | ||
| + | host on an attached network | ||
| + | -s src_addr | ||
| + | Use source src_addr for outgoing packets | ||
| + | -z sendwait | ||
| + | Minimal time interval between probes (default 0). | ||
| + | If the value is more than 10, then it specifies a | ||
| + | number in milliseconds, | ||
| + | seconds (float point values allowed too) | ||
| + | -e --extensions | ||
| + | -A --as-path-lookups | ||
| + | print results directly after the corresponding | ||
| + | addresses | ||
| + | -M name --module=name | ||
| + | for traceroute operations. Most methods have | ||
| + | their shortcuts (`-I' means `-M icmp' etc.) | ||
| + | -O OPTS, | ||
| + | Use module-specific option OPTS for the | ||
| + | traceroute module. Several OPTS allowed, | ||
| + | separated by comma. If OPTS is " | ||
| + | about available options | ||
| + | --sport=num | ||
| + | `-N 1' | ||
| + | --fwmark=num | ||
| + | -U --udp Use UDP to particular port for tracerouting | ||
| + | (instead of increasing the port per each probe), | ||
| + | default port is 53 | ||
| + | -UL Use UDPLITE for tracerouting (default dest port | ||
| + | is 53) | ||
| + | -D --dccp | ||
| + | is 33434) | ||
| + | -P prot --protocol=prot | ||
| + | --mtu | ||
| + | `-F -N 1' | ||
| + | --back | ||
| + | print if it differs | ||
| + | -V --version | ||
| + | --help | ||
| - | 09:24:49 tps rtps wtps | + | Arguments: |
| - | 09: | + | + |
| - | 09: | + | |
| - | 09: | + | |
| - | Average: | + | |
| </ | </ | ||
| - | ===Disk I/O Statistics=== | + | ===== LAB #3 - SSH==== |
| - | Use the **-d** switch: | + | ====3.1 |
| - | < | + | There are two types of SSH. |
| - | [root@centos8 ~]# sar -d 5 3 | + | |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | |
| - | 09: | + | ===SSH-1=== |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09:25:50 DEV | + | To authenticate there are six possible methods: |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | |
| - | 09: | + | * **Rhosts**, |
| - | 09: | + | * **%%RhostsRSA%%**, |
| - | 09: | + | * **Asymetric Keys**, |
| - | 09: | + | * **TIS**, |
| - | 09: | + | * **Password**. |
| - | Average: | + | ==SSH-2== |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | </ | + | |
| - | The **DEV** column identifies the disks by their major/minor numbers. | + | To authenticate there are three possible methods: |
| - | < | + | * **Asymetric Keys**, |
| - | [root@centos8 ~]# sar -p -d 5 3 | + | * **%%RhostsRSA%%**, |
| - | Linux 4.18.0-305.3.1.el8.x86_64 (centos8.ittraining.loc) | + | * **Password** |
| - | 07: | + | ===Command Line Switches=== |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | + | ||
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | + | ||
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | 07: | + | |
| - | + | ||
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | Average: | + | |
| - | </ | + | |
| The command line switches of this command are: | The command line switches of this command are: | ||
| < | < | ||
| - | [root@centos8 ~]# sar --help | + | [root@centos8 ~]# ssh --help |
| - | Usage: sar [ options | + | unknown option -- - |
| - | Main options and reports (report name between square brackets): | + | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] |
| - | | + | [-b bind_address] |
| - | -b I/O and transfer rate statistics | + | [-E log_file] |
| - | | + | |
| - | -F [ MOUNT ] | + | |
| - | Filesystems statistics | + | |
| - | -H Hugepages utilization statistics | + | [-w local_tun[:remote_tun]] destination |
| - | | + | |
| - | | + | |
| - | | + | |
| - | Power management statistics | + | |
| - | Keywords are: | + | |
| - | CPU CPU instantaneous clock frequency | + | |
| - | FAN Fans speed | + | |
| - | FREQ CPU average clock frequency | + | |
| - | IN Voltage inputs | + | |
| - | TEMP Devices temperature | + | |
| - | USB USB devices plugged into the system | + | |
| - | | + | |
| - | | + | |
| - | Keywords are: | + | |
| - | DEV | + | |
| - | EDEV Network interfaces (errors) | + | |
| - | NFS NFS client | + | |
| - | NFSD NFS server | + | |
| - | SOCK Sockets (v4) | + | |
| - | IP IP traffic | + | |
| - | EIP IP traffic | + | |
| - | ICMP ICMP traffic | + | |
| - | EICMP ICMP traffic | + | |
| - | TCP TCP traffic | + | |
| - | ETCP TCP traffic | + | |
| - | UDP UDP traffic | + | |
| - | SOCK6 | + | |
| - | IP6 IP traffic | + | |
| - | EIP6 IP traffic | + | |
| - | ICMP6 ICMP traffic | + | |
| - | EICMP6 | + | |
| - | UDP6 UDP traffic | + | |
| - | FC Fibre channel HBAs | + | |
| - | SOFT Software-based network processing | + | |
| - | -q Queue length and load average statistics | + | |
| - | | + | |
| - | | + | |
| - | -S Swap space utilization statistics | + | |
| - | | + | |
| - | CPU utilization statistics | + | |
| - | -v Kernel tables statistics | + | |
| - | | + | |
| - | -w Task creation and system switching statistics | + | |
| - | -y TTY devices statistics | + | |
| </ | </ | ||
| - | =====USB Modules===== | + | ====3.2 - Configuring the Server==== |
| - | The Universal Serial Bus can offer data transfer speeds of upto 480Mb/s for version 2.0 and upto 4.8 Gb/s for version 3.0. Under Linux the USB modules are: | + | The server is configured by editing the **/etc/ssh/ |
| - | ^ USB Version ^ Module ^ Name ^ | + | < |
| - | | 1.0\1.1 | + | [root@centos8 ~]# cat /etc/ssh/sshd_config |
| - | | | + | # |
| - | | 2.0 | **EHCI** | //Enhanced Host Controller Interface// | | + | |
| - | | 3.0 | **XHCI** | // | + | |
| - | The following table shows a list of commonly used USB modules: | + | # This is the sshd server system-wide configuration file. See |
| + | # sshd_config(5) for more information. | ||
| - | ^ Module ^ Peripheral ^ | + | # This sshd was compiled with PATH=/ |
| - | | **usb_storage** | + | |
| - | | **usbhid** | + | |
| - | | **snd-usb-audio** | + | |
| - | | **usbvidéo** | + | |
| - | | **irda-usb** | + | |
| - | | **usbnet** | + | |
| - | These modules can be loaded by any one of the following: | + | # The strategy used for options in the default sshd_config shipped with |
| + | # OpenSSH is to specify options with their default value where | ||
| + | # possible, but leave them commented. | ||
| + | # default value. | ||
| - | * Initramfs, | + | # If you want to change |
| - | * The init process, | + | # SELinux about this change. |
| - | * kmod by using the **/ | + | # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER |
| - | * udev, | + | |
| - | * manually. | + | |
| - | + | ||
| - | =====udev===== | + | |
| - | + | ||
| - | Since the 2.6 Kernel series, Linux capable of **hotplugging**. Linux uses three componants | + | |
| - | + | ||
| - | * Udev, | + | |
| - | * HAL, | + | |
| - | * Dbus. | + | |
| - | + | ||
| - | The roles of each componant are as follows: | + | |
| - | + | ||
| - | * Udev dynamically creates/ | + | |
| - | * HAL obtains information from udev, creates a files in XML format representing the peripheral and then informs Nautilus by using Dbus, | + | |
| - | * Dbus acts as a system | + | |
| - | + | ||
| - | When Linux is booted, udev plays an important role: | + | |
| - | + | ||
| - | * at boot **tmpfs** is mounted on /dev, | + | |
| - | * udev copies any statically configured nodes from **/ | + | |
| - | * the **udevd** daemon collects **uevents** from the kernel and looks for anappropriate rule in the **/ | + | |
| - | * udev creates the nodes and any required symbolic links specified in the rule previously identified, | + | |
| - | * udev stores in RAM the rules from **/ | + | |
| - | * when a change | + | |
| - | + | ||
| - | udev uses the **sysfs** filesystem mounted on /sys which renders the peripherals visible to udev in user space. For example when a USB stick is inserted, udev creates **/ | + | |
| - | + | ||
| - | The main configuration file for udev is **/ | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# cat / | + | |
| - | # see udev.conf(5) for details | + | |
| # | # | ||
| - | # udevd is also started in the initrd. | + | #Port 22 |
| - | # also want to rebuild the initrd, so that it will include the modified configuration. | + | #AddressFamily any |
| + | # | ||
| + | # | ||
| - | # | + | HostKey / |
| - | </code> | + | HostKey / |
| + | HostKey /etc/ssh/ssh_host_ed25519_key | ||
| - | Rules files can be foud in **/ | + | # Ciphers and keying |
| + | #RekeyLimit default none | ||
| - | < | + | # This system is following system-wide crypto policy. The changes to |
| - | [root@centos8 ~]# ls / | + | # crypto properties (Ciphers, MACs, ...) will not have any effect here. |
| - | 01-md-raid-creating.rules 70-uaccess.rules | + | # They will be overridden by command-line options passed to the server |
| - | 10-dm.rules 70-wacom.rules | + | # on command line. |
| - | 11-dm-lvm.rules 71-biosdevname.rules | + | # Please, check manual pages for update-crypto-policies(8) and sshd_config(5). |
| - | 11-dm-mpath.rules | + | |
| - | 11-dm-parts.rules 71-prefixdevname.rules | + | |
| - | 13-dm-disk.rules | + | |
| - | 39-usbmuxd.rules | + | |
| - | 40-elevator.rules | + | |
| - | 40-libgphoto2.rules | + | |
| - | 40-redhat.rules | + | |
| - | 40-usb-blacklist.rules | + | |
| - | 40-usb_modeswitch.rules | + | |
| - | 50-udev-default.rules | + | |
| - | 60-alias-kmsg.rules | + | |
| - | 60-block.rules | + | |
| - | 60-cdrom_id.rules | + | |
| - | 60-drm.rules | + | |
| - | 60-evdev.rules | + | |
| - | 60-fido-id.rules | + | |
| - | 60-input-id.rules | + | |
| - | 60-libfprint-2-autosuspend.rules | + | |
| - | 60-net.rules | + | |
| - | 60-persistent-alsa.rules | + | |
| - | 60-persistent-input.rules | + | |
| - | 60-persistent-storage.rules | + | |
| - | 60-persistent-storage-tape.rules | + | |
| - | 60-persistent-v4l.rules | + | |
| - | 60-raw.rules | + | |
| - | 60-rdma-ndd.rules | + | |
| - | 60-rdma-persistent-naming.rules | + | |
| - | 60-sensor.rules | + | |
| - | 60-serial.rules | + | |
| - | 60-tpm-udev.rules | + | |
| - | 61-gdm.rules | + | |
| - | 61-gnome-bluetooth-rfkill.rules | + | |
| - | 61-gnome-settings-daemon-rfkill.rules | + | |
| - | 61-scsi-sg3_id.rules | + | |
| - | 62-multipath.rules | + | |
| - | 63-fc-wwpn-id.rules | + | |
| - | 63-md-raid-arrays.rules | + | |
| - | 63-scsi-sg3_symlink.rules | + | |
| - | 64-btrfs.rules | + | |
| - | 64-md-raid-assembly.rules | + | |
| - | 65-libwacom.rules | + | |
| - | 65-md-incremental.rules | + | |
| - | 65-sane-backends.rules | + | |
| - | 66-kpartx.rules | + | |
| - | 68-del-part-nodes.rules | + | |
| - | 69-btattach-bcm.rules | + | |
| - | 69-cd-sensors.rules | + | |
| - | 69-dm-lvm-metad.rules | + | |
| - | 69-libmtp.rules | + | |
| - | 69-md-clustered-confirm-device.rules | + | |
| - | 70-hypervfcopy.rules | + | |
| - | 70-hypervkvp.rules | + | |
| - | 70-hypervvss.rules | + | |
| - | 70-joystick.rules | + | |
| - | 70-mouse.rules | + | |
| - | 70-nvmf-autoconnect.rules | + | |
| - | 70-power-switch.rules | + | |
| - | 70-printers.rules | + | |
| - | 70-spice-vdagentd.rules | + | |
| - | 70-touchpad.rules | + | |
| - | </ | + | |
| - | <WRAP center round important 60%> | + | # Logging |
| - | **Important** : You can create your own rules by putting them in the **99-local.rules** file. | + | # |
| - | </ | + | SyslogFacility AUTHPRIV |
| + | #LogLevel INFO | ||
| - | The default udev rule file is **50-udev-default.rules**: | + | # Authentication: |
| - | < | + | # |
| - | [root@centos8 ~]# cat / | + | PermitRootLogin yes |
| - | # do not edit this file, it will be overwritten on update | + | # |
| + | #MaxAuthTries 6 | ||
| + | #MaxSessions 10 | ||
| - | # run a command on remove events | + | #PubkeyAuthentication yes |
| - | ACTION==" | + | |
| - | ACTION==" | + | |
| - | SUBSYSTEM==" | + | # The default is to check both .ssh/authorized_keys and .ssh/ |
| + | # but this is overridden so installations will only check .ssh/ | ||
| + | AuthorizedKeysFile | ||
| - | # select " | + | #AuthorizedPrincipalsFile none |
| - | SUBSYSTEM==" | + | |
| - | SUBSYSTEM==" | + | |
| - | SUBSYSTEM==" | + | # |
| - | ENV{MODALIAS}!="", | + | # |
| - | ACTION!=" | + | # For this to work you will also need host keys in / |
| + | # | ||
| + | # Change to yes if you don't trust ~/ | ||
| + | # HostbasedAuthentication | ||
| + | # | ||
| + | # Don't read the user's ~/.rhosts and ~/.shosts files | ||
| + | # | ||
| - | SUBSYSTEM==" | + | # To disable tunneled clear text passwords, change to no here! |
| - | SUBSYSTEM==" | + | # |
| - | SUBSYSTEM==" | + | # |
| - | SUBSYSTEM==" | + | PasswordAuthentication yes |
| - | SUBSYSTEM==" | + | |
| - | SUBSYSTEM==" | + | |
| - | SUBSYSTEM==" | + | |
| - | KERNEL==" | + | |
| - | SUBSYSTEM==" | + | # Change to no to disable s/key passwords |
| + | # | ||
| + | ChallengeResponseAuthentication no | ||
| - | SUBSYSTEM==" | + | # Kerberos options |
| - | SUBSYSTEM==" | + | # |
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| - | SUBSYSTEM==" | + | # GSSAPI options |
| - | SUBSYSTEM==" | + | GSSAPIAuthentication yes |
| - | SUBSYSTEM==" | + | GSSAPICleanupCredentials no |
| - | SUBSYSTEM==" | + | # |
| - | SUBSYSTEM==" | + | # |
| - | SUBSYSTEM==" | + | # |
| - | SUBSYSTEM==" | + | # Set this to ' |
| - | SUBSYSTEM==" | + | # and session processing. If this is enabled, PAM authentication will |
| + | # be allowed through the ChallengeResponseAuthentication and | ||
| + | # PasswordAuthentication. | ||
| + | # PAM authentication via ChallengeResponseAuthentication may bypass | ||
| + | # the setting of "PermitRootLogin without-password". | ||
| + | # If you just want the PAM account and session checks to run without | ||
| + | # PAM authentication, then enable this but set PasswordAuthentication | ||
| + | # and ChallengeResponseAuthentication to ' | ||
| + | # WARNING: ' | ||
| + | # problems. | ||
| + | UsePAM yes | ||
| - | SUBSYSTEM==" | + | # |
| - | | + | # |
| - | --More-- | + | # |
| - | </ | + | X11Forwarding yes |
| + | # | ||
| + | # | ||
| + | #PermitTTY yes | ||
| - | Each rule has the following format: | + | # It is recommended to use pam_motd in / |
| + | # as it is more configurable and versatile than the built-in version. | ||
| + | PrintMotd no | ||
| - | KEY, [KEY, ...] NAME [, SYMLINK] | + | # |
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | #UseDNS no | ||
| + | #PidFile / | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| - | The Key is a **type=value** pair which uniquely identifies a peripheral. The **type** can be one of the following: | + | # no default banner path |
| + | #Banner none | ||
| - | ^ Type ^ Description ^ Examples ^ | + | # Accept locale-related environment variables |
| - | | BUS | Bus type | usb, scsi, ide | | + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES |
| - | | KERNEL | The default name given to the peripheral by the kernel | hda, ttyUSB0, lp0 | | + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT |
| - | | SUBSYSTEM | The default sub-system name given by the Kernel, generally identical to the BUS value | usb, scsi | | + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE |
| - | | DRIVER | The name of the module used by the peripheral | usb-storage | | + | AcceptEnv XMODIFIERS |
| - | | ID | The position of the peripheral on its bus | PCI bus id, USB id | | + | |
| - | | PLACE | The topological position of a USB oeripheral on its bus. | S/O | | + | |
| - | | SYSFS{filename} | The name of the peripheral file in /sys. This file contains the manufacturer' | + | |
| - | | PROGRAM | An eventual external program to be called in order to identify the peripheral | S/O | | + | |
| - | | RESULT | Value expected from PROGRAM | S/O | | + | |
| - | NAME and SYMLINK are used to tell udev what to do with the peripheral: | + | # override default of no subsystems |
| + | Subsystem | ||
| - | ^ Type ^ Description ^ | + | # Example |
| - | | NAME | The name of the peripheral in /dev | | + | #Match User anoncvs |
| - | | SYMLINK | The eventual symbolic links that point to NAME | | + | # |
| - | + | # AllowTcpForwarding no | |
| - | ====The udevadm Command==== | + | # |
| - | + | # | |
| - | To obtain information from udev on a particular peripheral, you can use the **udevadm** command which has replaced the **udevinfo** command available in Red Hat/CentOS 5: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# udevadm info --query=all -n /dev/sda | + | |
| - | P: / | + | |
| - | N: sda | + | |
| - | S: disk/ | + | |
| - | S: disk/ | + | |
| - | S: disk/ | + | |
| - | S: disk/ | + | |
| - | S: disk/ | + | |
| - | E: DEVLINKS=/ | + | |
| - | E: DEVNAME=/ | + | |
| - | E: DEVPATH=/ | + | |
| - | E: DEVTYPE=disk | + | |
| - | E: ID_ATA=1 | + | |
| - | E: ID_ATA_FEATURE_SET_SMART=1 | + | |
| - | E: ID_ATA_FEATURE_SET_SMART_ENABLED=1 | + | |
| - | E: ID_ATA_SATA=1 | + | |
| - | E: ID_ATA_WRITE_CACHE=1 | + | |
| - | E: ID_ATA_WRITE_CACHE_ENABLED=1 | + | |
| - | E: ID_BUS=ata | + | |
| - | E: ID_MODEL=QEMU_HARDDISK | + | |
| - | E: ID_MODEL_ENC=QEMU\x20HARDDISK\x20\x20\x20 | + | |
| - | E: ID_PART_TABLE_TYPE=dos | + | |
| - | E: ID_PART_TABLE_UUID=b39ec5c8 | + | |
| - | E: ID_PATH=pci-0000: | + | |
| - | E: ID_PATH_TAG=pci-0000_00_07_0-ata-1 | + | |
| - | E: ID_REVISION=2.5+ | + | |
| - | E: ID_SCSI=1 | + | |
| - | E: ID_SCSI_INQUIRY=1 | + | |
| - | E: ID_SERIAL=QEMU_HARDDISK_QM00005 | + | |
| - | E: ID_SERIAL_SHORT=QM00005 | + | |
| - | E: ID_TYPE=disk | + | |
| - | E: ID_VENDOR=ATA | + | |
| - | E: ID_VENDOR_ENC=ATA\x20\x20\x20\x20\x20 | + | |
| - | E: MAJOR=8 | + | |
| - | E: MINOR=0 | + | |
| - | E: SCSI_IDENT_LUN_ATA=QEMU_HARDDISK_QM00005 | + | |
| - | E: SCSI_IDENT_LUN_T10=ATA_QEMU_HARDDISK_QM00005 | + | |
| - | E: SCSI_IDENT_LUN_VENDOR=QM00005 | + | |
| - | E: SCSI_IDENT_SERIAL=QM00005 | + | |
| - | E: SCSI_MODEL=QEMU_HARDDISK | + | |
| - | E: SCSI_MODEL_ENC=QEMU\x20HARDDISK\x20\x20\x20 | + | |
| - | E: SCSI_REVISION=2.5+ | + | |
| - | E: SCSI_TPGS=0 | + | |
| - | E: SCSI_TYPE=disk | + | |
| - | E: SCSI_VENDOR=ATA | + | |
| - | E: SCSI_VENDOR_ENC=ATA\x20\x20\x20\x20\x20 | + | |
| - | E: SUBSYSTEM=block | + | |
| - | E: TAGS=: | + | |
| - | E: USEC_INITIALIZED=8735808 | + | |
| </ | </ | ||
| - | The command | + | To remove all empty and comment lines, use the following |
| < | < | ||
| - | [root@centos8 ~]# udevadm | + | [root@centos8 ~]# cd /tmp ; grep -E -v ' |
| - | udevadm [--help] [--version] [--debug] COMMAND [COMMAND OPTIONS] | + | [root@centos8 |
| - | + | HostKey / | |
| - | Send control commands or test the device manager. | + | HostKey / |
| - | + | HostKey / | |
| - | Commands: | + | SyslogFacility AUTHPRIV |
| - | info Query sysfs or the udev database | + | PermitRootLogin yes |
| - | trigger | + | AuthorizedKeysFile |
| - | settle | + | PasswordAuthentication yes |
| - | control | + | ChallengeResponseAuthentication no |
| - | monitor | + | GSSAPIAuthentication yes |
| - | test Test an event run | + | GSSAPICleanupCredentials no |
| - | test-builtin | + | UsePAM yes |
| - | + | X11Forwarding yes | |
| - | [root@centos8 | + | PrintMotd no |
| - | udevadm info [OPTIONS] [DEVPATH|FILE] | + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES |
| - | + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | |
| - | Query sysfs or the udev database. | + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE |
| - | + | AcceptEnv XMODIFIERS | |
| - | -h --help | + | Subsystem |
| - | -V --version | + | |
| - | -q --query=TYPE | + | |
| - | name Name of device node | + | |
| - | symlink | + | |
| - | path sysfs device path | + | |
| - | property | + | |
| - | all All values | + | |
| - | -p --path=SYSPATH | + | |
| - | -n --name=NAME | + | |
| - | -r --root | + | |
| - | -a --attribute-walk | + | |
| - | of parent devices | + | |
| - | -d --device-id-of-file=FILE Print major:minor of device containing this file | + | |
| - | -x --export | + | |
| - | -P --export-prefix | + | |
| - | -e --export-db | + | |
| - | -c --cleanup-db Clean up the udev database | + | |
| </ | </ | ||
| - | =====The /sys Filesystem===== | + | This file now has to be hardened |
| - | + | ||
| - | The virtual filesystem **/sys** was introduced with the 2.6 Kernel. Its role is to identify and describe peripherals for udev: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# ls -l /sys | + | |
| - | total 0 | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. | + | |
| - | drwxr-xr-x. 153 root root 0 Jul 12 08:15 module | + | |
| - | drwxr-xr-x. | + | |
| - | </ | + | |
| - | + | ||
| - | Each directory contains specific information: | + | |
| - | + | ||
| - | * **block** | + | |
| - | * information concerning block devices | + | |
| - | * **bus** | + | |
| - | * information concerning buses | + | |
| - | * **class** | + | |
| - | * information concerning classes | + | |
| - | * **devices** | + | |
| - | * information concerning the posiion of devices on their bus | + | |
| - | * **firmware** | + | |
| - | * information concerning APCI | + | |
| - | * **module** | + | |
| - | * information concerning kernel modules | + | |
| - | * **power** | + | |
| - | * information concerning power management | + | |
| - | * **fs** | + | |
| - | * information concerning | + | |
| - | + | ||
| - | For example: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos ~]# cat / | + | |
| - | 2097152 | + | |
| - | </ | + | |
| - | + | ||
| - | The figure returned is in sectors. | + | |
| - | + | ||
| - | =====LAB #4 - Limiting Ressources===== | + | |
| - | + | ||
| - | ====4.1 - ulimit==== | + | |
| - | + | ||
| - | Resources available | + | |
| - | + | ||
| - | The **ulimit** command manages two limits: | + | |
| - | + | ||
| - | * a //hard// hard limit by specifying the **-H** switch, | + | |
| - | * a //soft// soft limit by specifying the **-S** switch. | + | |
| - | + | ||
| - | The soft limit is the limit imposed on the user whilst the hard limit is the limit that a user can obtain once he has gone over the soft limit. | + | |
| - | + | ||
| - | Only root can position a hard limit and only if the limit does not exceed real resource levels. | + | |
| - | + | ||
| - | Root can define limits by editing | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# cat / | + | |
| - | # / | + | |
| - | # | + | |
| - | #This file sets the resource limits for the users logged in via PAM. | + | |
| - | #It does not affect resource limits of the system services. | + | |
| - | # | + | |
| - | #Also note that configuration files in / | + | |
| - | #which are read in alphabetical order, override the settings in this | + | |
| - | #file in case the domain is the same or more specific. | + | |
| - | #That means for example that setting a limit for wildcard domain here | + | |
| - | #can be overriden with a wildcard setting in a config file in the | + | |
| - | # | + | |
| - | #with a user specific setting in the subdirectory. | + | |
| - | # | + | |
| - | #Each line describes a limit for a user in the form: | + | |
| - | # | + | |
| - | #< | + | |
| - | # | + | |
| - | #Where: | + | |
| - | #< | + | |
| - | # - a user name | + | |
| - | # - a group name, with @group syntax | + | |
| - | # - the wildcard *, for default entry | + | |
| - | # - the wildcard %, can be also used with %group syntax, | + | |
| - | # for maxlogin limit | + | |
| - | # | + | |
| - | #< | + | |
| - | # - " | + | |
| - | # - " | + | |
| - | # | + | |
| - | #< | + | |
| - | # - core - limits the core file size (KB) | + | |
| - | # - data - max data size (KB) | + | |
| - | # - fsize - maximum filesize (KB) | + | |
| - | # - memlock - max locked-in-memory address space (KB) | + | |
| - | # - nofile - max number of open file descriptors | + | |
| - | # - rss - max resident set size (KB) | + | |
| - | # - stack - max stack size (KB) | + | |
| - | # - cpu - max CPU time (MIN) | + | |
| - | # - nproc - max number of processes | + | |
| - | # - as - address space limit (KB) | + | |
| - | # - maxlogins - max number of logins for this user | + | |
| - | # - maxsyslogins - max number of logins on the system | + | |
| - | # - priority - the priority to run user process with | + | |
| - | # - locks - max number of file locks the user can hold | + | |
| - | # - sigpending - max number of pending signals | + | |
| - | # - msgqueue - max memory used by POSIX message queues (bytes) | + | |
| - | # - nice - max nice priority allowed to raise to values: [-20, 19] | + | |
| - | # - rtprio - max realtime priority | + | |
| - | # | + | |
| - | #< | + | |
| - | # | + | |
| - | + | ||
| - | #* | + | |
| - | #* | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | #ftp | + | |
| - | # | + | |
| - | + | ||
| - | # End of file | + | |
| - | </ | + | |
| - | + | ||
| - | <WRAP center round important 60%> | + | |
| - | **Important** : The limit can be a number or the word **unlimited**. | + | |
| - | </ | + | |
| - | + | ||
| - | For example if root adds the two following lines to / | + | |
| < | < | ||
| - | ... | + | AllowGroups adm |
| - | trainee | + | Banner /etc/issue.net |
| - | trainee | + | HostbasedAuthentication no |
| - | ... | + | IgnoreRhosts yes |
| + | LoginGraceTime 60 | ||
| + | LogLevel INFO | ||
| + | PermitEmptyPasswords no | ||
| + | PermitRootLogin no | ||
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| </ | </ | ||
| - | the number of open files for trainee is limited to 1024. However trainee can increase | + | The file should look like this: |
| < | < | ||
| - | $ ulimit | + | [root@centos8 tmp]# vi sshd_config |
| + | [root@centos8 tmp]# cat sshd_config | ||
| + | AllowGroups adm | ||
| + | Banner / | ||
| + | HostbasedAuthentication no | ||
| + | IgnoreRhosts yes | ||
| + | LoginGraceTime 60 | ||
| + | LogLevel INFO | ||
| + | PermitEmptyPasswords no | ||
| + | PermitRootLogin no | ||
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | SyslogFacility AUTHPRIV | ||
| + | PermitRootLogin yes | ||
| + | AuthorizedKeysFile | ||
| + | PasswordAuthentication yes | ||
| + | ChallengeResponseAuthentication no | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | UsePAM yes | ||
| + | PrintMotd no | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | Subsystem | ||
| </ | </ | ||
| - | To see the list of the current | + | Rename |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | core file size (blocks, -c) unlimited | + | |
| - | data seg size | + | |
| - | scheduling priority | + | |
| - | file size | + | |
| - | pending signals | + | |
| - | max locked memory | + | |
| - | max memory size | + | |
| - | open files (-n) 1024 | + | |
| - | pipe size (512 bytes, -p) 8 | + | |
| - | POSIX message queues | + | |
| - | real-time priority | + | |
| - | stack size (kbytes, -s) 8192 | + | |
| - | cpu time | + | |
| - | max user processes | + | |
| - | virtual memory | + | |
| - | file locks (-x) unlimited | + | |
| </ | </ | ||
| - | The command line switches of this command are: | + | Copy the **/ |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | ulimit: ulimit [-SHabcdefiklmnpqrstuvxPT] [limit] | + | cp: overwrite |
| - | Modify shell resource limits. | + | |
| - | + | ||
| - | Provides control over the resources available to the shell and processes | + | |
| - | it creates, on systems that allow such control. | + | |
| - | + | ||
| - | Options: | + | |
| - | -S use the `soft' | + | |
| - | -H use the `hard' | + | |
| - | -a all current limits are reported | + | |
| - | -b the socket buffer size | + | |
| - | -c the maximum size of core files created | + | |
| - | -d the maximum size of a process' | + | |
| - | -e the maximum scheduling priority (`nice' | + | |
| - | -f the maximum size of files written by the shell and its children | + | |
| - | -i the maximum number of pending signals | + | |
| - | -k the maximum number of kqueues allocated for this process | + | |
| - | -l the maximum size a process may lock into memory | + | |
| - | -m the maximum resident set size | + | |
| - | -n the maximum number of open file descriptors | + | |
| - | -p the pipe buffer size | + | |
| - | -q the maximum number of bytes in POSIX message queues | + | |
| - | -r the maximum real-time scheduling priority | + | |
| - | -s the maximum stack size | + | |
| - | -t the maximum amount of cpu time in seconds | + | |
| - | -u the maximum number of user processes | + | |
| - | -v the size of virtual memory | + | |
| - | -x the maximum number of file locks | + | |
| - | -P the maximum number of pseudoterminals | + | |
| - | -T the maximum number of threads | + | |
| - | + | ||
| - | Not all options are available on all platforms. | + | |
| - | + | ||
| - | If LIMIT is given, it is the new value of the specified resource; the | + | |
| - | special LIMIT values `soft', | + | |
| - | current soft limit, the current hard limit, and no limit, respectively. | + | |
| - | Otherwise, the current value of the specified resource is printed. | + | |
| - | no option is given, then -f is assumed. | + | |
| - | + | ||
| - | Values are in 1024-byte increments, except for -t, which is in seconds, | + | |
| - | -p, which is in increments of 512 bytes, and -u, which is an unscaled | + | |
| - | number of processes. | + | |
| - | + | ||
| - | Exit Status: | + | |
| - | Returns success unless an invalid option is supplied or an error occurs. | + | |
| </ | </ | ||
| - | ====4.2 - CGroups==== | + | Restart |
| - | + | ||
| - | Control Groups, also called **CGroups** are another, more modern way, of limiting resources. | + | |
| - | + | ||
| - | CGroups are organised hierarchially just like processes. However as opposed to processes, CGroups are organised into **multiples** hierarchies called **Resource Controllers** or simply **Controllers**. | + | |
| - | + | ||
| - | To consult | + | |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | bash: lssubsys: command not found... | + | [root@centos8 tmp]# systemctl status sshd |
| - | Install package ' | + | ● sshd.service |
| + | Loaded: loaded (/ | ||
| + | | ||
| + | Docs: man: | ||
| + | | ||
| + | Main PID: 1042039 (sshd) | ||
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | └─1042039 | ||
| - | + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | |
| - | * Waiting in queue... | + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: Server listening on 0.0.0.0 port 22. |
| - | The following packages have to be installed: | + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: |
| - | | + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Started OpenSSH server daemon. |
| - | libcgroup-tools-0.41-19.el8.x86_64 | + | [q] |
| - | Proceed with changes? | + | |
| - | + | ||
| - | + | ||
| - | * Waiting in queue... | + | |
| - | * Waiting for authentication... | + | |
| - | * Waiting in queue... | + | |
| - | * Downloading packages... | + | |
| - | * Requesting data... | + | |
| - | * Testing changes... | + | |
| - | * Installing packages... | + | |
| - | cpuset / | + | |
| - | cpu,cpuacct / | + | |
| - | blkio / | + | |
| - | memory / | + | |
| - | devices / | + | |
| - | freezer / | + | |
| - | net_cls, | + | |
| - | perf_event / | + | |
| - | hugetlb / | + | |
| - | pids / | + | |
| - | rdma / | + | |
| </ | </ | ||
| - | < | + | Put **trainee** in the **adm** group: |
| - | [root@centos8 ~]# lssubsys -am | + | |
| - | cpuset / | + | |
| - | cpu,cpuacct / | + | |
| - | blkio / | + | |
| - | memory / | + | |
| - | devices / | + | |
| - | freezer / | + | |
| - | net_cls, | + | |
| - | perf_event / | + | |
| - | hugetlb / | + | |
| - | pids / | + | |
| - | rdma / | + | |
| - | </ | + | |
| - | + | ||
| - | **Systemd** organises the processes | + | |
| - | + | ||
| - | At the top of the hierarchy we can see the root slice -**-.slice**, under which we can find: | + | |
| - | + | ||
| - | * **system.slice** - system services, | + | |
| - | * **user.slice** - user sessions, | + | |
| - | * **machine.slice** - virtiual machines and containers. | + | |
| - | + | ||
| - | Under these slices can be found: | + | |
| - | + | ||
| - | * **scopes** -processes created by a **Fork**, | + | |
| - | * **services** - processes created by a **Unit**. | + | |
| - | + | ||
| - | Slices can be consulted with the following command: | + | |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | UNIT LOAD | + | trainee : trainee |
| - | -.slice | + | [root@centos8 tmp]# usermod |
| - | machine.slice | + | [root@centos8 tmp]# groups trainee |
| - | system-getty.slice | + | trainee : trainee adm |
| - | system-lvm2\x2dpvscan.slice | + | |
| - | system-sshd\x2dkeygen.slice | + | |
| - | system-systemd\x2dfsck.slice | + | |
| - | system-systemd\x2dhibernate\x2dresume.slice loaded active active system-systemd\x2dhibernate\x2dresume.slice | + | |
| - | system-user\x2druntime\x2ddir.slice | + | |
| - | system-vncserver.slice | + | |
| - | system.slice | + | |
| - | user-1000.slice | + | |
| - | user-42.slice | + | |
| - | user.slice | + | |
| - | + | ||
| - | LOAD = Reflects whether the unit definition was properly loaded. | + | |
| - | ACTIVE = The high-level unit activation state, i.e. generalization of SUB. | + | |
| - | SUB = The low-level unit activation state, values depend on unit type. | + | |
| - | + | ||
| - | 13 loaded units listed. Pass --all to see loaded but inactive units, too. | + | |
| - | To show all installed unit files use ' | + | |
| </ | </ | ||
| - | CGroup hierarchies can be seen by using the **systemd-cgls** command: | + | To generate |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | Control group /: | + | Generating public/private dsa key pair. |
| - | -.slice | + | Enter file in which to save the key (/root/.ssh/id_dsa): |
| - | ├─user.slice | + | Enter passphrase |
| - | │ ├─user-42.slice | + | Enter same passphrase again: |
| - | │ │ ├─session-c1.scope | + | Your identification has been saved in /etc/ssh/ssh_host_dsa_key. |
| - | │ │ │ ├─1317 gdm-session-worker [pam/gdm-launch-environment] | + | Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. |
| - | │ │ │ ├─1459 / | + | The key fingerprint is: |
| - | │ │ │ ├─1856 / | + | SHA256: |
| - | │ │ │ ├─1882 / | + | The key's randomart image is: |
| - | │ │ │ ├─2059 / | + | +---[DSA 1024]----+ |
| - | │ │ │ ├─2132 ibus-daemon --xim --panel disable | + | | | |
| - | │ │ │ ├─2135 / | + | | |
| - | │ │ │ ├─2138 / | + | |.o . o.+ | |
| - | │ │ │ ├─2251 / | + | |E. o.*.. . | |
| - | │ │ │ ├─2261 / | + | |+ooo.o +S o o | |
| - | │ │ │ ├─2268 / | + | |X==++ o o o | |
| - | │ │ │ ├─2271 / | + | |B/=+oo | |
| - | │ │ │ ├─2272 / | + | |Ooo++ |
| - | │ │ │ ├─2273 / | + | |. .o | |
| - | │ │ │ ├─2274 / | + | +----[SHA256]-----+ |
| - | │ │ │ ├─2275 / | + | </ |
| - | │ │ │ ├─2280 / | + | |
| - | │ │ │ ├─2281 / | + | |
| - | │ │ │ ├─2283 / | + | |
| - | │ │ │ ├─2284 / | + | |
| - | │ │ │ ├─2285 / | + | |
| - | │ │ │ ├─2290 / | + | |
| - | │ │ │ ├─2321 / | + | |
| - | │ │ │ ├─2328 / | + | |
| - | │ │ │ ├─2333 / | + | |
| - | │ │ │ └─2432 / | + | |
| - | │ │ └─user@42.service | + | |
| - | │ │ | + | |
| - | │ │ │ └─2170 | + | |
| - | │ │ | + | |
| - | │ │ │ └─1455 | + | |
| - | │ │ | + | |
| - | │ │ │ ├─1357 | + | |
| - | │ │ │ └─1377 | + | |
| - | │ │ | + | |
| - | │ │ │ ├─2090 | + | |
| - | │ │ │ ├─2095 / | + | |
| - | │ │ │ └─2098 | + | |
| - | │ │ | + | |
| - | │ │ | + | |
| - | │ │ | + | |
| - | │ └─user-1000.slice | + | |
| - | │ | + | |
| - | │ │ ├─gvfs-goa-volume-monitor.service | + | |
| - | │ │ │ └─2369 / | + | |
| - | │ │ ├─xdg-permission-store.service | + | |
| - | │ │ │ └─2191 / | + | |
| - | │ │ ├─tracker-store.service | + | |
| - | │ │ │ └─2653 / | + | |
| - | │ │ ├─evolution-calendar-factory.service | + | |
| - | │ │ │ ├─2605 / | + | |
| - | │ │ │ └─2706 / | + | |
| - | │ │ ├─pulseaudio.service | + | |
| - | │ │ │ └─1456 / | + | |
| - | │ │ ├─gvfs-daemon.service | + | |
| - | │ │ │ ├─1896 / | + | |
| - | │ │ │ └─1901 / | + | |
| - | │ │ ├─evolution-source-registry.service | + | |
| - | │ │ │ └─2206 / | + | |
| - | │ │ ├─gvfs-udisks2-volume-monitor.service | + | |
| - | │ │ │ └─2243 / | + | |
| - | │ │ ├─init.scope | + | |
| - | │ │ │ ├─1239 / | + | |
| - | │ │ │ └─1318 (sd-pam) | + | |
| - | │ │ ├─gvfs-gphoto2-volume-monitor.service | + | |
| - | │ │ │ └─2269 / | + | |
| - | │ │ ├─at-spi-dbus-bus.service | + | |
| - | │ │ │ ├─1964 / | + | |
| - | │ │ │ ├─1969 / | + | |
| - | │ │ │ └─1972 | + | |
| - | │ │ ├─dbus.service | + | |
| - | │ │ │ ├─1786 / | + | |
| - | │ │ │ ├─2183 / | + | |
| - | │ │ │ ├─2201 / | + | |
| - | │ │ │ ├─2225 / | + | |
| - | │ │ │ ├─2397 / | + | |
| - | │ │ │ └─2721 / | + | |
| - | │ │ ├─evolution-addressbook-factory.service | + | |
| - | │ │ │ ├─2727 / | + | |
| - | │ │ │ └─2771 / | + | |
| - | │ │ ├─gvfs-mtp-volume-monitor.service | + | |
| - | lines 44-86 | + | |
| - | </ | + | |
| - | + | ||
| - | Using Systemd, several resources can be limited: | + | |
| - | + | ||
| - | * **CPUShares** - default value = 1024, | + | |
| - | * **MemoryLimit** - expressed in MB or GB, there is no default value, | + | |
| - | * **BlockIOWeight** - expressed as a value between 10 and 1000, there is no default value, | + | |
| - | * **StartupCPUShares** - the same as CPUShares but only used during startup, | + | |
| - | * **StartupBlockIOWeight** - the same as BlockIOWeight but only used during startup, | + | |
| - | * **CPUQuota** - used to limit CPU usage even when the system is doing nothing. | + | |
| - | + | ||
| - | <WRAP center round important 60%> | + | |
| - | **Important** : You can check the systemd.resource-control(5) manual to see which CGroup parameters can be passed to systemctl. | + | |
| - | </ | + | |
| - | + | ||
| - | ===Limiting Memory Usage=== | + | |
| - | + | ||
| - | Start by creating the **hello-world.sh** script that will be used to work with CGroups : | + | |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | [root@centos8 | + | Generating public/ |
| - | #!/bin/bash | + | Enter file in which to save the key (/ |
| - | while [ 1 ]; do | + | Enter passphrase (empty for no passphrase): |
| - | | + | Enter same passphrase again: |
| - | | + | Your identification has been saved in / |
| - | done | + | Your public key has been saved in / |
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[RSA 3072]----+ | ||
| + | | | ||
| + | | o oo o=+ . | | ||
| + | |.. oo=+=o . + | | ||
| + | |oo .+E++.+ = * | | ||
| + | |o.. +.S B * . | | ||
| + | |. B + = | | ||
| + | | = | | ||
| + | | | ||
| + | | . | | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/root/.ssh/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |++*=+ | ||
| + | |oX.=o+ o o | | ||
| + | |o %.B + + | | ||
| + | |...O.= o | ||
| + | |..E.o . S o | | ||
| + | |. . o = | | ||
| + | | . * . | | ||
| + | | . ... o | | ||
| + | | ..ooo.. | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 tmp]# ssh-keygen -t ed25519 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | | ||
| + | | . .. . o| | ||
| + | | . . . +.| | ||
| + | | o . oB ..o.=| | ||
| + | | o o S*+=o* *+| | ||
| + | | . . .o.*o*.+.B| | ||
| + | | . o o +o++| | ||
| + | | o =o| | ||
| + | | . o| | ||
| + | +----[SHA256]-----+ | ||
| </ | </ | ||
| - | Make the script runnable and test it: | + | Public keys have a **.pub** extension: |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | [root@centos8 ~]# ./ | + | moduli |
| - | hello world | + | ssh_config |
| - | ^C | + | |
| </ | </ | ||
| - | Now create a CGroup in the **memory** sub-system called **helloworld** | + | Restart |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | </code> | + | [root@centos8 tmp]# systemctl status sshd.service |
| + | ● sshd.service - OpenSSH server daemon | ||
| + | | ||
| + | Active: active (running) since Mon 2021-08-30 02:24:57 EDT; 9s ago | ||
| + | Docs: man: | ||
| + | | ||
| + | Main PID: 1042204 (sshd) | ||
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| - | By default, this CGroup inherits the use of the **all** of the available memory. To avoid that, create a **40, | + | Aug 30 02:24:57 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... |
| - | + | Aug 30 02: | |
| - | < | + | Aug 30 02:24:57 centos8.ittraining.loc sshd[1042204]: Server listening on :: port 22. |
| - | [root@centos8 | + | Aug 30 02: |
| - | [root@centos8 | + | [q] |
| - | 39997440 | + | |
| </ | </ | ||
| - | <WRAP center round important 60%> | + | ====3.3 |
| - | **Important** | + | |
| - | </ | + | |
| - | Now run the **helloworld.sh** script: | + | To generate |
| < | < | ||
| - | [root@centos8 | + | [root@centos8 |
| - | [1] 35148 | + | logout |
| + | [trainee@centos8 ~]$ ssh-keygen -t dsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/home/ | ||
| + | Created directory '/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[DSA 1024]----+ | ||
| + | | =o+o.o+OB| | ||
| + | | o +o=o oo=| | ||
| + | | . +.+oB+ | | ||
| + | | o o.&+o.| | ||
| + | | S o o.*.o| | ||
| + | | o o o.| | ||
| + | | . + + | | ||
| + | | + . o | | ||
| + | | E .| | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t rsa | ||
| + | Generating public/ | ||
| - | [root@centos8 ~]# hello world | + | Enter file in which to save the key (/ |
| - | [Enter] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< | + | Enter same passphrase again: |
| - | + | Your identification has been saved in / | |
| - | [root@centos8 ~]# ps aux | grep hello-world | + | Your public key has been saved in / |
| - | root | + | The key fingerprint is: |
| - | root | + | SHA256: |
| + | The key's randomart image is: | ||
| + | +---[RSA 3072]----+ | ||
| + | |o+o++oo | ||
| + | |=+o.oo . .=B . | | ||
| + | |=. ..o o+... | | ||
| + | |. =.o o.. . | | ||
| + | | oS= = o | | ||
| + | | .. = = | | ||
| + | | | ||
| + | | +...E | | ||
| + | | . o+... | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t ecdsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |o.. | | ||
| + | |.oo | | ||
| + | |.*o . . | | ||
| + | |+.++ B | | ||
| + | |+o =B + S | | ||
| + | |=*oo.* = | | ||
| + | |B.* o O . | | ||
| + | |.= = = o.. | | ||
| + | |. E o oo+. | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t ed25519 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in /home/trainee/.ssh/id_ed25519. | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | ..o*=++=. | | ||
| + | | o==O+Boo | | ||
| + | | o ooE.O. | | ||
| + | | | ||
| + | | S | ||
| + | | | ||
| + | | . + o.o| | ||
| + | | + +.oo| | ||
| + | | o..o.| | ||
| + | +----[SHA256]-----+ | ||
| </ | </ | ||
| - | Note that there is **no** memory limit: | + | The keys can be found in the **~/.ssh/** directory: |
| < | < | ||
| - | [root@centos8 ~]# ps -ww -o cgroup 35148 | + | [trainee@centos8 ~]$ ls .ssh |
| - | CGROUP | + | id_dsa |
| - | 12: | + | |
| </ | </ | ||
| - | NOw insert the PID of the script into the **helloworld** CGroup: | + | ====3.4 - Authentication using Asymetric Keys==== |
| - | < | + | Connect to your own virtual machine as if it were the server: |
| - | [root@centos8 ~]# echo 35148 > / | + | |
| - | </ | + | |
| - | + | ||
| - | NOw you can see a memory limit - **12: | + | |
| < | < | ||
| - | [root@centos8 ~]# ps -ww -o cgroup 35148 | + | [root@centos8 ~]# ssh -l trainee 127.0.0.1 |
| - | CGROUP | + | \S |
| - | 12: | + | Kernel \r on an \m |
| - | </ | + | trainee@127.0.0.1's password: trainee |
| + | Activate the web console with: systemctl enable | ||
| - | Now check the actual memory consumption: | + | [trainee@centos8 ~]$ ls -la | grep .ssh |
| - | + | drwx------. | |
| - | < | + | |
| - | [root@centos8 ~]# cat / | + | |
| - | 274432 | + | |
| </ | </ | ||
| - | Kill the **hello-world.sh** script: | + | Now transfer |
| < | < | ||
| - | [root@centos8 ~]# kill 35148 | + | [trainee@centos8 ~]$ exit |
| - | [root@centos8 ~]# ps aux | grep hello-world | + | logout |
| - | root | + | Connection to 127.0.0.1 closed. |
| - | [1]+ Terminated | + | |
| - | </ | + | |
| - | Create a more restrictive CGroup called **helloworld1** : | + | [root@centos8 ~]# exit |
| + | logout | ||
| - | < | + | [trainee@centos8 ~]$ scp .ssh/id_ecdsa.pub trainee@127.0.0.1: |
| - | [root@centos8 ~]# mkdir /sys/fs/cgroup/memory/helloworld1 | + | The authenticity of host ' |
| - | [root@centos8 ~]# echo 6000 > /sys/fs/cgroup/memory/ | + | ECDSA key fingerprint is SHA256:Q7T/CP0SLiMbMAIgVzTuEHegYS/spPE5zzQchCHD5Vw. |
| - | [root@centos8 ~]# cat / | + | Are you sure you want to continue connecting (yes/no/[fingerprint])? |
| - | 4096 | + | Warning: Permanently added ' |
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1' | ||
| + | id_ecdsa.pub | ||
| </ | </ | ||
| - | Re-run the script and put the PID in the new CGroup: | + | Re-connect to your own virtual machine as if it were the server: |
| < | < | ||
| - | [root@centos8 ~]# ./hello-world.sh & | + | [trainee@centos8 ~]$ ssh -l trainee localhost |
| - | [1] 35389 | + | The authenticity of host ' |
| + | ECDSA key fingerprint is SHA256:Q7T/CP0SLiMbMAIgVzTuEHegYS/ | ||
| + | Are you sure you want to continue connecting (yes/no/[fingerprint])? yes | ||
| + | Warning: Permanently added ' | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | Activate the web console with: systemctl enable --now cockpit.socket | ||
| - | [root@centos8 ~]# hello world | + | Last login: Mon Aug 30 03:57:14 2021 from 127.0.0.1 |
| - | [Enter] | + | [trainee@centos8 ~]$ |
| - | + | ||
| - | [root@centos8 ~]# echo 35389 > / | + | |
| - | </ | + | |
| - | + | ||
| - | Wait for **hello world** to appear. You will notice that the script has stopped: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# hello world | + | |
| - | [Enter] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< | + | |
| - | [1]+ Killed | + | |
| - | </ | + | |
| - | + | ||
| - | ===The cgcreate Command=== | + | |
| - | + | ||
| - | This command creates a CGroup: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# cgcreate -g memory:helloworld2 | + | |
| - | [root@centos8 ~]# ls -l / | + | |
| - | total 0 | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 cgroup.clone_children | + | |
| - | --w--w----. 1 root root 0 Jul 13 10:39 cgroup.event_control | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 cgroup.procs | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.failcnt | + | |
| - | --w--w----. 1 root root 0 Jul 13 10:39 memory.force_empty | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.failcnt | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.limit_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.max_usage_in_bytes | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.kmem.slabinfo | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.tcp.failcnt | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.tcp.limit_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.kmem.tcp.max_usage_in_bytes | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.kmem.tcp.usage_in_bytes | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.kmem.usage_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.limit_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.max_usage_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.memsw.failcnt | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.memsw.limit_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.memsw.max_usage_in_bytes | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.memsw.usage_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.move_charge_at_immigrate | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.numa_stat | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.oom_control | + | |
| - | ----------. 1 root root 0 Jul 13 10:39 memory.pressure_level | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.soft_limit_in_bytes | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.stat | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.swappiness | + | |
| - | -r--r--r--. 1 root root 0 Jul 13 10:39 memory.usage_in_bytes | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 memory.use_hierarchy | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 notify_on_release | + | |
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:39 tasks | + | |
| - | </ | + | |
| - | + | ||
| - | Set a memory limit for **helloworld2**: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# echo 40000000 > / | + | |
| - | </ | + | |
| - | + | ||
| - | ==The cgexec Command== | + | |
| - | + | ||
| - | This command inserts the limit into the CGroup **and** launches the script: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# cgexec -g memory: | + | |
| - | [1] 37670 | + | |
| - | + | ||
| - | [root@centos8 ~]# hello world | + | |
| - | [Enter] | + | |
| - | + | ||
| - | [root@centos8 ~]# | + | |
| - | </ | + | |
| - | + | ||
| - | ==THe cgdelete Command== | + | |
| - | + | ||
| - | Once the sxcript has terminated, this command deletes the CGroup: | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# ps aux | grep *.sh | + | |
| - | root | + | |
| - | root | + | |
| - | + | ||
| - | [root@centos8 ~]# kill 37670 | + | |
| - | + | ||
| - | root@centos8 ~]# ps aux | grep *.sh | + | |
| - | root | + | |
| - | [1]+ Terminated | + | |
| - | + | ||
| - | [root@centos8 ~]# cgdelete memory: | + | |
| - | + | ||
| - | [root@centos8 ~]# ls -l / | + | |
| - | ls: cannot access '/ | + | |
| - | </ | + | |
| - | + | ||
| - | ==The / | + | |
| - | + | ||
| - | In order for limites to be persistent, it is necessary to edit the **/ | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# vi / | + | |
| - | [root@centos8 ~]# cat / | + | |
| - | # | + | |
| - | # Copyright IBM Corporation. 2007 | + | |
| - | # | + | |
| - | # Authors: | + | |
| - | # This program is free software; you can redistribute it and/or modify it | + | |
| - | # under the terms of version 2.1 of the GNU Lesser General Public License | + | |
| - | # as published by the Free Software Foundation. | + | |
| - | # | + | |
| - | # This program is distributed in the hope that it would be useful, but | + | |
| - | # WITHOUT ANY WARRANTY; without even the implied warranty of | + | |
| - | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | + | |
| - | # | + | |
| - | # | + | |
| - | # By default, we expect systemd mounts everything on boot, | + | |
| - | # so there is not much to do. | + | |
| - | # See man cgconfig.conf for further details, how to create groups | + | |
| - | # on system boot using this file. | + | |
| - | group helloworld2 { | + | |
| - | cpu { | + | |
| - | cpu.shares = 100; | + | |
| - | } | + | |
| - | memory { | + | |
| - | memory.limit_in_bytes = 40000; | + | |
| - | } | + | |
| - | } | + | |
| </ | </ | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - Here you have created **two** limits : a memory limit of 40,000 Bytes and a **cpu.shares** limoit of **100**. This latter corresponds to about 9,77% of the CPU. | + | **Important** - Note that no password is required. |
| </ | </ | ||
| - | |||
| - | Now create the **two** CGroups: | ||
| - | |||
| - | < | ||
| - | [root@centos8 ~]# cgcreate -g memory: | ||
| - | [root@centos8 ~]# ls -l / | ||
| - | total 0 | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 cgroup.clone_children | ||
| - | --w--w----. 1 root root 0 Jul 13 10:46 cgroup.event_control | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 cgroup.procs | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.failcnt | ||
| - | --w--w----. 1 root root 0 Jul 13 10:46 memory.force_empty | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.failcnt | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.limit_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.max_usage_in_bytes | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.kmem.slabinfo | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.tcp.failcnt | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.tcp.limit_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.kmem.tcp.max_usage_in_bytes | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.kmem.tcp.usage_in_bytes | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.kmem.usage_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.limit_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.max_usage_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.memsw.failcnt | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.memsw.limit_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.memsw.max_usage_in_bytes | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.memsw.usage_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.move_charge_at_immigrate | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.numa_stat | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.oom_control | ||
| - | ----------. 1 root root 0 Jul 13 10:46 memory.pressure_level | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.soft_limit_in_bytes | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.stat | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.swappiness | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:46 memory.usage_in_bytes | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 memory.use_hierarchy | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 notify_on_release | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:46 tasks | ||
| - | </ | ||
| - | |||
| - | < | ||
| - | [root@centos8 ~]# cgcreate -g cpu: | ||
| - | [root@centos8 ~]# ls -l / | ||
| - | total 0 | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cgroup.clone_children | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cgroup.procs | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.stat | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpuacct.usage | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_all | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_percpu | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_percpu_sys | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_percpu_user | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_sys | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpuacct.usage_user | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpu.cfs_period_us | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpu.cfs_quota_us | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpu.rt_period_us | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpu.rt_runtime_us | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 cpu.shares | ||
| - | -r--r--r--. 1 root root 0 Jul 13 10:47 cpu.stat | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 notify_on_release | ||
| - | -rw-rw-r--. 1 root root 0 Jul 13 10:47 tasks | ||
| - | </ | ||
| - | |||
| - | ==The cgconfigparser Command== | ||
| - | |||
| - | Apply the contents of the **/ | ||
| - | |||
| - | < | ||
| - | [root@centos8 ~]# cgconfigparser -l / | ||
| - | [root@centos8 ~]# cat / | ||
| - | 36864 | ||
| - | [root@centos8 ~]# cat / | ||
| - | 100 | ||
| - | </ | ||
| ----- | ----- | ||
| - | Copyright © 2021 Hugh Norris. | + | Copyright © 2022 Hugh Norris |
