Unix Tech Interview Questions Flashcards
What are Load Averages?
Refers to the number of processes which are either currently being executed by the CPU or are waiting for execution. For example: An Idle system has a load of 0 with each process that is being executed or is on the waitlist, the load increase by 1.
You can find this by using $ uptime command.
What are process states?
There are five Linux process states. They are as follows: running & runnable, interruptable_sleep, uninterruptable_sleep, stopped, and zombie
What is PID/PPID and what do they mean?
- PID stands for Process ID, Which means Identification Number for currently running process in Memory.
- PPID stands for Parent Process ID, Which means Parent Process is the responsible for creating the current process(Child Process). Through Parent Process, The child process will be created. If you kill the parent process, the child process is also killed as well
What is a Unix Console?
A unix is an operating system therefore a unix console is the physical hardware? This could be the actual terminal emulator in the UNIX OS. One of the reasons why we use it is because it is faster than using the GUI. A good reason to use it would be from simply creating files, directories, folders, and checking CPU process, etc.
What is this command: $ uptime
This is a quick way to view the load averages, which indicate the number of tasks (processes) wanting torun. On Linux systems, these numbers include processes wanting to run on CPU, as well as processesblocked in uninterruptible I/O (usually disk I/O). This gives a high level idea of resource load (or demand), butcan’t be properly understood without other tools. Worth a quick look only
What is this command: $ dmesg | tail
This views the last 10 system messages, if there are any. Look for errors that can cause performanceissues. The example above includes the oomkiller, and TCP dropping a request. Don’t miss this step! dmesg is always worth checking.
What is this command: $ vmstat
Short for virtual memory stat, vmstat(8) is a commonly available tool (first created for BSD decades ago). It prints a summary of key server statistics on each line. vmstat was run with an argument of 1, to print one second summaries. The first line of output (in this versionof vmstat) has some columns that show the average since boot, instead of the previous second. For now, skip the first line, unless you want to learn and remember which column is which. Columns to check:r: Number of processes running on CPU and waiting for a turn. This provides a better signal than load averages for determining CPU saturation, as it does not include I/O. To interpret: an “r” value greater than the CPU count is saturation.free: Free memory in kilobytes. If there are too many digits to count, you have enough freememory. The “free m” command, included as command 7, better explains the state of freememory.si, so: Swapins and swapouts. If these are nonzero, you’re out of memory.us, sy, id, wa, st: These are breakdowns of CPU time, on average across all CPUs. They areuser time, system time (kernel), idle, wait I/O, and stolen time (by other guests, or with Xen, theguest’s own isolated driver domain).The CPU time breakdowns will confirm if the CPUs are busy, by adding user + system time. A constantdegree of wait I/O points to a disk bottleneck; this is where the CPUs are idle, because tasks are blockedwaiting for pending disk I/O. You can treat wait I/O as another form of CPU idle, one that gives a clue as towhy they are idle. System time is necessary for I/O processing. A high system time average, over 20%, can be interesting toexplore further: perhaps the kernel is processing the I/O inefficiently. In the above example, CPU time is almost entirely in userlevel, pointing to application level usage instead.The CPUs are also well over 90% utilized on average. This isn’t necessarily a problem; check for the degreeof saturation using the “r” column.
What is this command: $ mpstat -P ALL 1
This command prints CPU time breakdowns per CPU, which can be used to check for an imbalance. Asingle hot CPU can be evidence of a singlethreaded application.
What is this command: $ pidstat
Pidstat is a little like top’s perprocess summary, but prints a rolling summary instead of clearing the screen.This can be useful for watching patterns over time, and also recording what you saw (copynpaste) into arecord of your investigation. The above example identifies two java processes as responsible for consuming CPU. The %CPU column isthe total across all CPUs; 1591% shows that that java processes is consuming almost 16 CPUs
What is this command: $ iostat -xz 1
This is a great tool for understanding block devices (disks), both the workload applied and the resultingperformance. Look for: r/s, w/s, rkB/s, wkB/s: These are the delivered reads, writes, read Kbytes, and write Kbytes persecond to the device. Use these for workload characterization. A performance problem maysimply be due to an excessive load applied.await: The average time for the I/O in milliseconds. This is the time that the application suffers,as it includes both time queued and time being serviced. Larger than expected average times canbe an indicator of device saturation, or device problems.avgqusz: The average number of requests issued to the device. Values greater than 1 can beevidence of saturation (although devices can typically operate on requests in parallel, especiallyvirtual devices which front multiple backend disks.)%util: Device utilization. This is really a busy percent, showing the time each second that thedevice was doing work. Values greater than 60% typically lead to poor performance (whichshould be seen in await), although it depends on the device. Values close to 100% usuallyindicate saturation.If the storage device is a logical disk device fronting many backend disks, then 100% utilization may justmean that some I/O is being processed 100% of the time, however, the backend disks may be far fromsaturated, and may be able to handle much more work. Bear in mind that poor performing disk I/O isn’t necessarily an application issue. Many techniques are typically used to perform I/O asynchronously, so that the application doesn’t block and suffer the latencydirectly (e.g., readahead for reads, and buffering for writes).
What is this command: $ free -m
The right two columns show:buffers: For the buffer cache, used for block device I/O.cached: For the page cache, used by file systems.We just want to check that these aren’t nearzero in size, which can lead to higher disk I/O (confirm usingiostat), and worse performance. The above example looks fine, with many Mbytes in each. The “/+ buffers/cache” provides less confusing values for used and free memory. Linux uses free memoryfor the caches, but can reclaim it quickly if applications need it. So in a way the cached memory should beincluded in the free memory column, which this line does. There’s even a website, linuxatemyram, about thisconfusion. It can be additionally confusing if ZFS on Linux is used, as we do for some services, as ZFS has its own filesystem cache that isn’t reflected properly by the free m columns. It can appear that the system is low onfree memory, when that memory is in fact available for use from the ZFS cache as needed.
What is this command: $ sar -n DEV
Use this tool to check network interface throughput: rxkB/s and txkB/s, as a measure of workload, and alsoto check if any limit has been reached. In the above example, eth0 receive is reaching 22 Mbytes/s, which is176 Mbits/sec (well under, say, a 1 Gbit/sec limit). This version also has %ifutil for device utilization (max of both directions for full duplex), which is somethingwe also use Brendan’s nicstat tool to measure. And like with nicstat, this is hard to get right, and seems tonot be working in this example (0.00)
What is this command: $ sar -n TCP,ETCP 1
This is a summarized view of some key TCP metrics. These include:
Older PostHomePosted by Brendan Gregg at 1:38 PMLabels: linux, performanceactive/s: Number of locallyinitiated TCP connections per second (e.g., via connect()).passive/s: Number of remotelyinitiated TCP connections per second (e.g., via accept()).retrans/s: Number of TCP retransmits per second.The active and passive counts are often useful as a rough measure of server load: number of new acceptedconnections (passive), and number of downstream connections (active). It might help to think of active asoutbound, and passive as inbound, but this isn’t strictly true (e.g., consider a localhost to localhostconnection). Retransmits are a sign of a network or server issue; it may be an unreliable network (e.g., the publicInternet), or it may be due a server being overloaded and dropping packets. The example above shows justone new TCP connection persecond.
What is command : $ top? How is it used?
top command is used to show the Linux processes. It provides a dynamic real-time view of the running system. Usually, this command shows the summary information of the system and the list of processes or threads which are currently managed by the Linux Kernel. As soon as you will run this command it will open an interactive command mode where the top half portion will contain the statistics of processes and resource usage. And Lower half contains a list of the currently running processes.
PID: Shows task’s unique process id.
PR: The process’s priority. The lower the number, the higher the priority.
VIRT: Total virtual memory used by the task.
USER: User name of owner of task.
%CPU: Represents the CPU usage.
TIME+: CPU Time, the same as ‘TIME’, but reflecting more granularity through hundredths of a second.
SHR: Represents the Shared Memory size (kb) used by a task.
NI: Represents a Nice Value of task. A Negative nice value implies higher priority, and positive Nice value means lower priority.
%MEM: Shows the Memory usage of task.
RES: How much physical RAM the process is using, measured in kilobytes.
COMMAND: The name of the command that started the process.
What is syslog? What/where is it? How is it used?
Syslog is a protocol and utility for capturing and logging system information.
Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.
Syslog is one of the most important logs contained in /var/log. This particular log file logs everything except auth-related messages. Say you want to view the contents of that particular log file. To do that, you could quickly issue the command less /var/log/syslog
