Linux Flashcards
What does uptime tell you? Where does it get its info from?
Uptime, logged in user count, load average for past 1, 5, 15 minutes
Reads from binary file /var/run/utmp
Name 3 ways to see when the system was last booted.
who -b
uptime
last reboot | head -1
Where can you see steal time? What does it affect? What is too much? What can be done?
Steal time can be seen in iostat.
It only applies to virtualization, basically it means a process had to wait for the cpu to complete some other task in a different virtualization instance.
More than 10% for 20+ minutes is no good.
Maybe the host isn’t fast enough to handle everything or maybe it’s just too crowded (in that case move to a less crowded VM).
https://scoutapm.com/blog/understanding-cpu-steal-time-when-should-you-be-worried
What is nice time? Where can you see it? What does it mean?
Can bee seen with iostat or top. It’s the amount of time processes with positive priorities are running. If things get busy, some processes will throttle back. Note, negative priority processes do not show up under nice time.
With nice/setpriority, explain which direction from zero is more favorable to the system and which is more favorable to the process. What is the max value both ways?
Positive is more favorable to the system, negative is more favorable to the process. 20/-20 are the max/min
How do you run a process with altered priority? Why would you want to do this
nice
If its non critical you can set a positive priority to allow it to throttle back if system gets busy. You can set a negative value if it’s critical and have privileges but you may want to consider a better design that doesn’t rely on this as system can become unstable if it takes over.
How do you alter the priority of an already running process?
renice
What does iostat show you?
Averages for time spent in cpu states since boot (or while running at predefined intervals) as well as block device statistics like read per second, total, etc
What is system time % (as opposed to user time %)? Where do you see it?
CPU time spent executing system code (aka kernel instructions), non userspace. Iostat or top or similiar. Should be as low as possible, but can spike high for input/output to console or else-wise.
What can sar do?
Basically logs iostat over time but extra ability is it can break down cpu stats by processor with -P ALL so you can see if a single core is going wonky.
How to diagnose hardware interrupts?
mpstat -P ALL, look where there are lots of interrupts on each processor. cat /proc/interrupts, see if any devices are generating a large number of interrupts, Can use dmesg to look for messages related to the devices with high count.
How to get memory info? And more detailed?
Free. vmstat
How do you see your routing table?
netstat -r
What does netstat -s do? Name some useful things it shows you.
Summary of network activity by protocol (since last boot).
How many outing packets were dropped
How many incoming packets had bad addresses
TCP retransmit count
Failed connection attempt count.
How do you display network connections that are currently listening? Which type of connections will this show? How do you see which programs/pids are using them? How to show only connected?
netstat -l
shoes system I-nodes (sockets) and network.
- t only tcp
- u only udp
- p is to show pids
- a to only show connected
What does w do?
Shows who is logged on and what they’re doing, cpu time for processes and current process. Can give a username to only see their info. Also shows you the 1,5,15 load averages for the system.
What do you use iotop for? How?
iotop requires root access, it gives you the the thread ids and for each shows you the priority, the disk read/write throughput, the percentage of time it is spending swapping in, and the percentage of time the process is blocking on io, and the command.
So if you had a lot of iowat time from top, iotop allows you to see exactly what is contributing to that.
Whats the different between netstat and ss?
ss queries the kernel socket directly, while netstat uses /proc/net/tcp.
netstat is deprecated.
What is iptraf?
Like wireshark, very complicated.
Tell me about collectd
Plugins to monitor system, like sar but way more.
Gathers constantly, writes at 10 min intervals (can be configured)
Only collects, doesn’t display
config, plugin loading and conf
/etc/collectd/collctd.conf
plain text file with fields and how they are derived or grabbed
/usr/share/collectd/types.db
uses rrd to collect stuff, files stored in, binary format, need rrd tool to read
/var/lib/collectd/rrr/hostname/blah
rrd - round robin database tool
stores time-series data in a circular buffer
Other viewers for collectd data
Nagios
Cacti
MRTG
Ichinga forked from Nagios
Explain what a LKM is? Where are they stored? What is their extension?
Loadable Kernel Module
Not taking up memory and loaded automatically, you manage. Like nvidia driver on linux. Loaded when needed, unloaded when not.
/lib/modules/$(uname -r)/kernel
broken out by type, multiple levels
.ko files (kernel object)
These are just storage, not indicating run or config
Name two ways to get hostname
hostname
uname -n
How do you see kernel info?
uname -a
gives you everything.
What is modules.dep? Where is it located? What uses it? What generates it?
Text couterpart to binary file modules.bin.dep that defines mapping of dependencies between LKMs.
Located within a specific kernel folder in /lib/modules
Used by tools like modprobe
Generated by depmod
When might you want to run depmod? Why?
If you or something copied a pre built LKM into /lib/modules. To map its dependencies
How do you see currently loaded LKM’s? What info do you get?
lsmod
Shows module name, size in bytes, what else is using it
How do you unload a LKM?
rmmod name_of_module
Name two ways to load a LKM.
insmod /path/to/module.ko
(find via find, or modinfo)
or
modprobe module_name
How to get info on a LKM? What do you need?
Just the name of the module, and do modinfo name.
How to load an LKM with a specific parameter?
modproble module parameter=value
This doesn’t stick on a reboot.
How to prevent an LKM from loading? Why would you want to do this?
Make a .conf in /etc/modprobe.d/ and include the line
blacklist module_name
module_name can be an alias as well, which can be found via modinfo
Maybe you want to load a different driver, or it cause a problem or interacts poorly.
What is /proc/sys? Why might you want to go in there?
It’s really the kernel in memory (not real files or filesystem)
You can echo things to the “files” to change kernel parameters in real time, or read the files to view. Changes will be reset after a reboot.
What’s the official way to change kernel parameters at runtime? How do you make them permanent?
sysctl path.inside.of.proc.sys=value
edit /etc/sysctl.conf and put the line in there but with spaces around the = so
thing.thing.thing = value
How to find info about system devices?
lspci
- k will show you kernel driver in use
- v will show you extra info
lsdev gives you info about devices interrupts, IO, and DMA
How to find out about non system devices?
lsub only newer than 3.x kernel
lsub -v -d ID will give you info on just one thing
How to monitor devices?
udevadm monitor
How to set rules for devices?
/etc/udev/rules.d
higher numbers ovverride lower
How can you tell a symlink from a hard link?
ls -l, look at inode count, should be more than one with hardlinks, softlinks will show its a link.
What’s the main difference between bin and sbin?
sbin is stuff only the superuser can run.
What does ‘usr’ stand for?
Unix system Resources
How can you figure out where a command and its info are?
whereis shows executable, code, and man pages
What does /etc stand for?
Extended text configuration
What is the /root directory?
Root’s home folder.
What’s the difference between /var and /tmp
/tmp is meant as very fast short lived storage, often aggressively purged by system. in RHEL purged every 10
/var is more permanent, maybe not purged or purged less frequently, usually slower storage (not ram, or slower disk) in RHEL purged very 30 days
What’s a difference between restart and reload of a service systemctl? Why do one over the other?
Restart stops, then starts, so gets a new PID. Reload will keep the pid the same. If you change a config, you may just want a reload, since it has that config in memory. So not to interrupt other things just reread the config from file and reload the new into memory. Maybe restart if its not working at all.
What does POSIX stand for, what is it? What about SUS?
Portable Operating System Interface for Unix
Single Unix Specification, alternate spec.
What’s the difference between hard links and soft links?
Hard links are pointers to inodes. Cannot cross filesystems. Soft links are pointers to filepaths.
What does a ‘.’ in ls output for perms indicate? What about a ‘+’?
. indicates extended attributes, most likely SELinux context.
+ indicates ACLs.
What is SUID? SGID? How you do you see it? How do you set it
Set effective user id or group id. You will see an s in the user or group section of ls permissions. It means that process will run with the effective UID of the owner.
First bit of permissions octal.
0 - nothing
2 - SGID
4 - SUID
SUID bits don’t work on ______
Scripts. anything that begins with a shebang.
What is the sticky bit? How do you set it?
A ‘t’ at the end of permissions. Anyone can write but only owner of the files can delete.
First digit of perms octal to a 1
What is file umask? How do you set it?
Files: Default 666, mask 222, result 444.
Dirs: Default 777
umask command shows you current mask and allows you to change but it is NOT persistent (only to shell session)
To make need to change the conditionals in bashrc or bash._profile (in /etc/ not in user versions)
Sudoers cheat sheet. Give it to me
uid, %group, username should not need a prefix
sudo -l -U user will show you what a user can sudo do
sudoers can do #include sudoers.d/file, the # is not a comment
Format is below, NOPASSWD is optional, leaving off runas means can only run as root
USERS HOSTS = (RUNAS) NOPASSWD COMMANDS
How to exit history search back at current line?
ctrl-g
How to edit a history item as a new command?
fc command#
How to open prompt line in editor?
ctrl-x ctrl-e in emacs mode, escape v in vi mode
Explain setuid and setgid bits?
Explain!
