CIS 228 - System Administration

Lab 9: Basic system administration - task, process, memory, daemon management, system activity

Review process execution: fork, &, exec, . /command,

Scheduling and running tasks

 “” command (see also “batch”) Example: at now +1 minutes –f somecommandfile.txt

1) Login as user1 2) Read on “at” 3) ‘ echo hi there >> ~/attest.out ‘ > attest 4) attest 755 5) at now + 1 minutes –f /home/user1/attest 6) atq, at-l, atrm, batch (interactive at) 7) as root, create at.deny entry for user1 (man at.deny)

 “” command: crontab –e (uses command set)

8) verify cron is running 9) crontab –e */1 * * * * echo “hi there” >> home/user1/attest.out 2>&1 10) crontab –l 11) cron.allow, cron.deny 12) alt F2, login as user1 13) see /etc/crontab

Process management:

 “su” command 14) su –c ‘some root command’

 “nohup” command 15) modify attest as follows: while [ true ] do 15 echo hi there >> ~/attest.out done 16) nohup ./attest & 17) logoff user1. log back in 1 minute later. 18) -ef | attest Check nohup.out Lab 9: Basic system administration - task, process, daemon management, system activity

 “” command 19) ./attest & 20) ps 21) jobs 22) fg [job#] 23) Ctrl Z 24) bg [job#] 25) kill “attest pid”

 “” command 26) nice ./attest &

 “sudo” command 27) visudo user1 localhost=NOPASSWD:/sbin/halt - allow everyone to mount CDROMs on /mnt/cdrom deamon management

28) ps –ef 29) sysvinit: - service stop/start - chkconfig level

30) systemd: (see /etc/systemd) - systemctl list-units -t service --all - systemctl status ssh.service - systemctl start/stop sshd.service - systemctl enable/disable sshd.service - systemctl is-enabled sshd.service; echo $? - ps xawf -eo pid,user,cgroup,args –OR- systemd-cgls - systemctl kill sshd.service - systemctl kill -s HUP --kill-=main crond.service -

CHAGE – List/set user password and related details. See MAN page. 17) List user info: chage –-list username (or) chage -l username 18) Set password expiry date chage -M number-of-days username 19) Set account expiration date: chage -E "2009-05-31" username

Lab 9: Basic system administration - task, process, memory, daemon management, system activity

20) Force the user account to be locked after X number of inactivity days chage -I 10 username 21) Disable password aging for an user account chage -m 0 -M 99999 -I -1 -E -1 username  -m 0 will set the minimum number of days between password change to 0  -M 99999 will set the maximum number of days between password change to 99999  -I -1 (number minus one) will set the “Password inactive” to never  -E -1 (number minus one) will set “Account expires” to never. 22) Lock/unlock an account passwd –l userid passwd –u userid 23) Limit password reuse: vi /etc/pam.d/system-auth (RHEL/Fedora) vi /etc/pam.d/common-password (Ubuntu) Add: password sufficient pam_unix.so use_authtok md5 shadow remember=10 24) Set a system wide session inactivity timeout: vi /etc/profile HOSTNAME=`/bin/hostname` HISTSIZE=1000 TMOUT=7200 (seconds) export PATH USER MAIL HOSTNAME HISTSIZE TMOUT INPUTRC

25) Review /etc/shadow defaults in /etc/login.defs vi /etc/login.defs

PASS_MAX_DAYS from 99999 to 90 PASS_MIN_DAYS from 0 to 1 Change PASS_MIN_LEN from 5 to 8 is set to 077 PASS_WARN_AGE 7

26) vi /etc/default/useradd INACTIVE 14 Number of days after password expiration that account is disabled. EXPIRE Account expiration date in the format YYYY-MM-.

Lab 9: Basic system administration - task, process, daemon management, system activity

System activity: yum install which one for “”?

31) top 32) ntop 33) iftop 34) iotop 35) htop 36) latencytop 37) free 38) iostat. iostat –c, iostat –d, iostat –n, iostat –m, iostat –p /dev/sda2, iostat –x /dev/sda2, iostat –L (LVM for later) 39) , vmstat –a, vmstat –d, vmstat –p /dev/sda2, vmstat –m, vmstat –s, vmstat –d, vmstat -2 10, vmstat –w 1 3, vmstat –S m 40) mpstat, mpstat –A, mpstat –P ALL, mpstat -0 -1 etc 41) pidstat 42) free 43) ps –aux | 44) ps –ef | sort

System Activity Reporter (see /etc/cron.d/sysstat) 45) sar, sar –u, sar –u 1 3, sar –P ALL, sar –r 1 3, sar –S, sar –b, sar –d, sar –w, sar –q, sar –n 46) sa1 – generates daily binary stats to /var/log/sa/saXX sa2 – generate daily summary report to /var/log/sa/sarXX sar -q -f /var/log/sa/sa23 -s 10:00:01 – generate queue report for day 23 starting at 10AM

47) ulimit –a, see /etc/security/limits.conf ulimit –n, ulimit –Sn, ulimit -Hn

48) sysctl –q, see /etc/sysctl.conf sysctl -w

See also anacron, /etc/crontab, /etc/anacrontab, systemd, nfsiostat, cifsiostat