Linux

Question 1

What does uptime tell you? Where does it get its info from?

Answer 1

Uptime, logged in user count, load average for past 1, 5, 15 minutes

Reads from binary file /var/run/utmp

Question 2

Name 3 ways to see when the system was last booted.

Answer 2

who -b
uptime
last reboot | head -1

Question 3

Where can you see steal time? What does it affect? What is too much? What can be done?

Answer 3

Steal time can be seen in iostat.

It only applies to virtualization, basically it means a process had to wait for the cpu to complete some other task in a different virtualization instance.

More than 10% for 20+ minutes is no good.

Maybe the host isn’t fast enough to handle everything or maybe it’s just too crowded (in that case move to a less crowded VM).

https://scoutapm.com/blog/understanding-cpu-steal-time-when-should-you-be-worried

Question 4

What is nice time? Where can you see it? What does it mean?

Answer 4

Can bee seen with iostat or top. It’s the amount of time processes with positive priorities are running. If things get busy, some processes will throttle back. Note, negative priority processes do not show up under nice time.

Question 5

With nice/setpriority, explain which direction from zero is more favorable to the system and which is more favorable to the process. What is the max value both ways?

Answer 5

Positive is more favorable to the system, negative is more favorable to the process. 20/-20 are the max/min

Question 6

How do you run a process with altered priority? Why would you want to do this

Answer 6

nice

If its non critical you can set a positive priority to allow it to throttle back if system gets busy. You can set a negative value if it’s critical and have privileges but you may want to consider a better design that doesn’t rely on this as system can become unstable if it takes over.

Question 7

How do you alter the priority of an already running process?

Answer 7

renice

Question 8

What does iostat show you?

Answer 8

Averages for time spent in cpu states since boot (or while running at predefined intervals) as well as block device statistics like read per second, total, etc

Question 9

What is system time % (as opposed to user time %)? Where do you see it?

Answer 9

CPU time spent executing system code (aka kernel instructions), non userspace. Iostat or top or similiar. Should be as low as possible, but can spike high for input/output to console or else-wise.

Question 10

What can sar do?

Answer 10

Basically logs iostat over time but extra ability is it can break down cpu stats by processor with -P ALL so you can see if a single core is going wonky.

Question 11

How to diagnose hardware interrupts?

Answer 11

mpstat -P ALL, look where there are lots of interrupts on each processor. cat /proc/interrupts, see if any devices are generating a large number of interrupts, Can use dmesg to look for messages related to the devices with high count.

Question 12

How to get memory info? And more detailed?

Answer 12

Free. vmstat

Question 13

How do you see your routing table?

Answer 13

netstat -r

Question 14

What does netstat -s do? Name some useful things it shows you.

Answer 14

Summary of network activity by protocol (since last boot).

How many outing packets were dropped
How many incoming packets had bad addresses
TCP retransmit count
Failed connection attempt count.

Question 15

How do you display network connections that are currently listening? Which type of connections will this show? How do you see which programs/pids are using them? How to show only connected?

Answer 15

netstat -l

shoes system I-nodes (sockets) and network.

• t only tcp
• u only udp
• p is to show pids
• a to only show connected

Question 16

What does w do?

Answer 16

Shows who is logged on and what they’re doing, cpu time for processes and current process. Can give a username to only see their info. Also shows you the 1,5,15 load averages for the system.

Question 17

What do you use iotop for? How?

Answer 17

iotop requires root access, it gives you the the thread ids and for each shows you the priority, the disk read/write throughput, the percentage of time it is spending swapping in, and the percentage of time the process is blocking on io, and the command.

So if you had a lot of iowat time from top, iotop allows you to see exactly what is contributing to that.

Question 18

Whats the different between netstat and ss?

Answer 18

ss queries the kernel socket directly, while netstat uses /proc/net/tcp.

netstat is deprecated.

Question 19

What is iptraf?

Answer 19

Like wireshark, very complicated.

Question 20

Tell me about collectd

Answer 20

Plugins to monitor system, like sar but way more.

Gathers constantly, writes at 10 min intervals (can be configured)

Only collects, doesn’t display

config, plugin loading and conf
/etc/collectd/collctd.conf

plain text file with fields and how they are derived or grabbed
/usr/share/collectd/types.db

uses rrd to collect stuff, files stored in, binary format, need rrd tool to read
/var/lib/collectd/rrr/hostname/blah

rrd - round robin database tool
stores time-series data in a circular buffer

Other viewers for collectd data
Nagios

Cacti

MRTG

Ichinga forked from Nagios

Question 21

Explain what a LKM is? Where are they stored? What is their extension?

Answer 21

Loadable Kernel Module

Not taking up memory and loaded automatically, you manage. Like nvidia driver on linux. Loaded when needed, unloaded when not.

/lib/modules/$(uname -r)/kernel

broken out by type, multiple levels

.ko files (kernel object)

These are just storage, not indicating run or config

Question 22

Name two ways to get hostname

Answer 22

hostname

uname -n

Question 23

How do you see kernel info?

Answer 23

uname -a

gives you everything.

Question 24

What is modules.dep? Where is it located? What uses it? What generates it?

Answer 24

Text couterpart to binary file modules.bin.dep that defines mapping of dependencies between LKMs.

Located within a specific kernel folder in /lib/modules

Used by tools like modprobe

Generated by depmod

Question 25

When might you want to run depmod? Why?

Answer 25

If you or something copied a pre built LKM into /lib/modules. To map its dependencies

Question 26

How do you see currently loaded LKM’s? What info do you get?

Answer 26

lsmod

Shows module name, size in bytes, what else is using it

Question 27

How do you unload a LKM?

Answer 27

rmmod name_of_module

Question 28

Name two ways to load a LKM.

Answer 28

insmod /path/to/module.ko
(find via find, or modinfo)

or

modprobe module_name

Question 29

How to get info on a LKM? What do you need?

Answer 29

Just the name of the module, and do modinfo name.

Question 30

How to load an LKM with a specific parameter?

Answer 30

modproble module parameter=value

This doesn’t stick on a reboot.

Question 31

How to prevent an LKM from loading? Why would you want to do this?

Answer 31

Make a .conf in /etc/modprobe.d/ and include the line
blacklist module_name

module_name can be an alias as well, which can be found via modinfo

Maybe you want to load a different driver, or it cause a problem or interacts poorly.

Question 32

What is /proc/sys? Why might you want to go in there?

Answer 32

It’s really the kernel in memory (not real files or filesystem)

You can echo things to the “files” to change kernel parameters in real time, or read the files to view. Changes will be reset after a reboot.

Question 33

What’s the official way to change kernel parameters at runtime? How do you make them permanent?

Answer 33

sysctl path.inside.of.proc.sys=value

edit /etc/sysctl.conf and put the line in there but with spaces around the = so
thing.thing.thing = value

Question 34

How to find info about system devices?

Answer 34

lspci

• k will show you kernel driver in use
• v will show you extra info

lsdev gives you info about devices interrupts, IO, and DMA

Question 35

How to find out about non system devices?

Answer 35

lsub only newer than 3.x kernel

lsub -v -d ID will give you info on just one thing

Question 36

How to monitor devices?

Answer 36

udevadm monitor

Question 37

How to set rules for devices?

Answer 37

/etc/udev/rules.d

higher numbers ovverride lower

Question 38

How can you tell a symlink from a hard link?

Answer 38

ls -l, look at inode count, should be more than one with hardlinks, softlinks will show its a link.

Question 39

What’s the main difference between bin and sbin?

Answer 39

sbin is stuff only the superuser can run.

Question 40

What does ‘usr’ stand for?

Answer 40

Unix system Resources

Question 41

How can you figure out where a command and its info are?

Answer 41

whereis shows executable, code, and man pages

Question 42

What does /etc stand for?

Answer 42

Extended text configuration

Question 43

What is the /root directory?

Answer 43

Root’s home folder.

Question 44

What’s the difference between /var and /tmp

Answer 44

/tmp is meant as very fast short lived storage, often aggressively purged by system. in RHEL purged every 10

/var is more permanent, maybe not purged or purged less frequently, usually slower storage (not ram, or slower disk) in RHEL purged very 30 days

Question 45

What’s a difference between restart and reload of a service systemctl? Why do one over the other?

Answer 45

Restart stops, then starts, so gets a new PID. Reload will keep the pid the same. If you change a config, you may just want a reload, since it has that config in memory. So not to interrupt other things just reread the config from file and reload the new into memory. Maybe restart if its not working at all.

Question 46

What does POSIX stand for, what is it? What about SUS?

Answer 46

Portable Operating System Interface for Unix

Single Unix Specification, alternate spec.

Question 47

What’s the difference between hard links and soft links?

Answer 47

Hard links are pointers to inodes. Cannot cross filesystems. Soft links are pointers to filepaths.

Question 48

What does a ‘.’ in ls output for perms indicate? What about a ‘+’?

Answer 48

. indicates extended attributes, most likely SELinux context.
+ indicates ACLs.

Question 49

What is SUID? SGID? How you do you see it? How do you set it

Answer 49

Set effective user id or group id. You will see an s in the user or group section of ls permissions. It means that process will run with the effective UID of the owner.

First bit of permissions octal.
0 - nothing
2 - SGID
4 - SUID

Question 50

SUID bits don’t work on ______

Answer 50

Scripts. anything that begins with a shebang.

Question 51

What is the sticky bit? How do you set it?

Answer 51

A ‘t’ at the end of permissions. Anyone can write but only owner of the files can delete.

First digit of perms octal to a 1

Question 52

What is file umask? How do you set it?

Answer 52

Files: Default 666, mask 222, result 444.
Dirs: Default 777

umask command shows you current mask and allows you to change but it is NOT persistent (only to shell session)

To make need to change the conditionals in bashrc or bash._profile (in /etc/ not in user versions)

Question 53

Sudoers cheat sheet. Give it to me

Answer 53

uid, %group, username should not need a prefix

sudo -l -U user will show you what a user can sudo do

sudoers can do #include sudoers.d/file, the # is not a comment

Format is below, NOPASSWD is optional, leaving off runas means can only run as root
USERS HOSTS = (RUNAS) NOPASSWD COMMANDS

Question 54

How to exit history search back at current line?

Answer 54

ctrl-g

Question 55

How to edit a history item as a new command?

Answer 55

fc command#

Question 56

How to open prompt line in editor?

Answer 56

ctrl-x ctrl-e in emacs mode, escape v in vi mode

Question 57

Explain setuid and setgid bits?

Answer 57

Explain!