CIS 228 - UNIX System Administration Lab 9: Basic system administration - task, process, memory, daemon management, system activity Review process execution: fork, &, exec, . /command, Scheduling and running tasks “at” command (see also “batch”) Example: at now +1 minutes –f somecommandfile.txt 1) Login as user1 2) Read man page on “at” 3) echo ‘ echo hi there >> ~/attest.out ‘ > attest 4) chmod attest 755 5) at now + 1 minutes –f /home/user1/attest 6) atq, at-l, atrm, batch (interactive at) 7) as root, create at.deny entry for user1 (man at.deny) “cron” command: crontab –e (uses vi command set) 8) verify cron is running 9) crontab –e */1 * * * * echo “hi there” >> home/user1/attest.out 2>&1 10) crontab –l 11) cron.allow, cron.deny 12) alt F2, login as user1 13) see /etc/crontab Process management: “su” command 14) su –c ‘some root command’ “nohup” command 15) modify attest as follows: while [ true ] do sleep 15 echo hi there >> ~/attest.out done 16) nohup ./attest & 17) logoff user1. log back in 1 minute later. 18) ps -ef | grep attest Check nohup.out Lab 9: Basic system administration - task, process, daemon management, system activity “kill” command 19) ./attest & 20) ps 21) jobs 22) fg [job#] 23) Ctrl Z 24) bg [job#] 25) kill “attest pid” “nice” command 26) nice ./attest & “sudo” command 27) visudo user1 localhost=NOPASSWD:/sbin/halt - allow everyone to mount CDROMs on /mnt/cdrom deamon management 28) ps –ef 29) sysvinit: - service <name> stop/start - chkconfig <name> level 30) systemd: (see /etc/systemd) - systemctl list-units -t service --all - systemctl status ssh.service - systemctl start/stop sshd.service - systemctl enable/disable sshd.service - systemctl is-enabled sshd.service; echo $? - ps xawf -eo pid,user,cgroup,args –OR- systemd-cgls - systemctl kill sshd.service - systemctl kill -s HUP --kill-who=main crond.service - CHAGE – List/set user password and related details. See MAN page. 17) List user info: chage –-list username (or) chage -l username 18) Set password expiry date chage -M number-of-days username 19) Set account expiration date: chage -E "2009-05-31" username Lab 9: Basic system administration - task, process, memory, daemon management, system activity 20) Force the user account to be locked after X number of inactivity days chage -I 10 username 21) Disable password aging for an user account chage -m 0 -M 99999 -I -1 -E -1 username -m 0 will set the minimum number of days between password change to 0 -M 99999 will set the maximum number of days between password change to 99999 -I -1 (number minus one) will set the “Password inactive” to never -E -1 (number minus one) will set “Account expires” to never. 22) Lock/unlock an account passwd –l userid passwd –u userid 23) Limit password reuse: vi /etc/pam.d/system-auth (RHEL/Fedora) vi /etc/pam.d/common-password (Ubuntu) Add: password sufficient pam_unix.so use_authtok md5 shadow remember=10 24) Set a system wide session inactivity timeout: vi /etc/profile HOSTNAME=`/bin/hostname` HISTSIZE=1000 TMOUT=7200 (seconds) export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE TMOUT INPUTRC 25) Review /etc/shadow defaults in /etc/login.defs vi /etc/login.defs PASS_MAX_DAYS from 99999 to 90 PASS_MIN_DAYS from 0 to 1 Change PASS_MIN_LEN from 5 to 8 UMASK is set to 077 PASS_WARN_AGE 7 26) vi /etc/default/useradd INACTIVE 14 Number of days after password expiration that account is disabled. EXPIRE Account expiration date in the format YYYY-MM-DD. Lab 9: Basic system administration - task, process, daemon management, system activity System activity: yum install <service> which one for “top”? 31) top 32) ntop 33) iftop 34) iotop 35) htop 36) latencytop 37) free 38) iostat. iostat –c, iostat –d, iostat –n, iostat –m, iostat –p /dev/sda2, iostat –x /dev/sda2, iostat –L (LVM for later) 39) vmstat, vmstat –a, vmstat –d, vmstat –p /dev/sda2, vmstat –m, vmstat –s, vmstat –d, vmstat -2 10, vmstat –w 1 3, vmstat –S m 40) mpstat, mpstat –A, mpstat –P ALL, mpstat -0 -1 etc 41) pidstat 42) free 43) ps –aux | sort 44) ps –ef | sort System Activity Reporter (see /etc/cron.d/sysstat) 45) sar, sar –u, sar –u 1 3, sar –P ALL, sar –r 1 3, sar –S, sar –b, sar –d, sar –w, sar –q, sar –n 46) sa1 – generates daily binary stats to /var/log/sa/saXX sa2 – generate daily summary report to /var/log/sa/sarXX sar -q -f /var/log/sa/sa23 -s 10:00:01 – generate queue report for day 23 starting at 10AM 47) ulimit –a, see /etc/security/limits.conf ulimit –n, ulimit –Sn, ulimit -Hn 48) sysctl –q, see /etc/sysctl.conf sysctl -w See also anacron, /etc/crontab, /etc/anacrontab, systemd, nfsiostat, cifsiostat .