Friday, August 31, 2012

Resource Management : Free


The Free command is only of the mostly used command in linux system. It displays amount of free and used memory in the system.

When you execute the free command like, it gives the details of the memory as well as the information about the buffer, shared and cached also.

[root@vx111a ~]# free –m (m option shows the memory in MB)
                  total       used       free     shared    buffers     cached
Mem:          3033        665       2367          0         25        384
-/+ buffers/cache:      255        2778
Swap:         5992          0        5992

The total available memory on the system is 3033 mb, of which 665 mb is being in use and 2367 mb as free. The last line shows you about the swap memory details.

Here are the Columns,

Shared: The Shared column says the amount of memory shared between multiple processes.

Buffers: The Buffers column says about the amount of memory being used the kernel buffers. This is used for performing the disk based operations and to speed them up by performing disk operations like read, write to be severed directly from memory. This is taken back if the applications need more memory.

Cached: This column indicates the amount of memory pages being cached by kernel for faster access .This memory can also be reclaimed for application usage.

Clearing the disk cache
it's very convenient to be able to drop the disk cache. For this, we can use the special file /proc/sys/vm/drop_caches. By writing 3 to it, we can clear most of the disk cache:

echo 3 | sudo tee /proc/sys/vm/drop_caches

-/+ buffers/cache:      255       2778

This line is very important in understanding the memory structure of Linux. This line actually indicates the amount of memory used by applications (255) and memory available to applications (2778). If it's close to zero you've run out of RAM and should act accordingly.

Total Physical Memory Available (RAM)      : 3033 MB
Used Physical Memory                              : 665 MB
Memory used by Kernel Buffers                 : 25 MB
Memory Used by Kernel Cached                 : 384 MB

Memory which is used by the kernel but can be reclaimed:  25 MB + 384 MB = 409 MB
Actual Used Physical Memory (Memory Used by Apps): 2778 - 409 MB = 2369 MB
Actual Free Physical Memory (Memory Available For Apps): 2367 MB + 409 MB = 2776 MB

So Even though the amount of physical memory shown is 2367 MB, the original free memory is 2369 MB.

We can use '-t' with free to get the total available memory, like

[root@vx111a ~]# free -m -t
                  total       used       free     shared    buffers     cached
Mem:          3033        665       2367          0         25        384
-/+ buffers/cache:       255       2778
Swap:          5992          0       5992
Total:          9026        665       8360

The free command does not provide the memory in percentages, we can use

[root@vx111a ~]# free -m | grep Mem | awk '{print ($3 / $2)*100}'
21.9255

And for swap,

[root@vx111a ~]# free -m | grep -i Swap | awk '{print ($3 / $2)*100}'
0

We can make the free command to display the statistics of the memory available for every 5 second by using,

free -ms 5

More detailed information about total memory and current memory usage can be obtained by reading the proc/meminfo file directly by using

cat /proc/meminfo  ,Which gives details of the memory.

A better command for getting memory details is,

localhsot:root-tmp $ vmstat -s -S M | grep mem
         4096 M total memory
         3099 M used memory
         2689 M active memory
          184 M inactive memory
          996 M free memory
           15   buffer memory

Happy Learning , More To Come
Read More

Wednesday, August 29, 2012

Auditing in Linux

There are cases for an admin, where he needs to identify various operations performed on a file, or number of commands a particular user has executed. Linux provides the auditing facilities for these sorts of operations. Linux Kernel (2.6.x) comes with audit daemon. It’s responsible for writing audit records to the disk much like logs information when a specific thing happens.

To Find Whether audit was already installed or not, we can check using

[root@vx111a etc]# whereis auditctl
auditctl: /sbin/auditctl /usr/share/man/man8/auditctl.8.gz

[root@vx111a etc]# which auditctl
/sbin/auditctl

Or if the audit is still not installed, you can install them like

[root@localhost ] ~ # yum install audit*
Running auditd on boot
[root@localhost ] ~ # chkconfig auditd on
[root@localhost ] ~ # ntsysv

Note : ntsysv is a simple graphical interface for configuring Run levels. This has the same effet as ‘chkconfig’

After installing the audit daemon ,we can start that using ,

Service auditd restart

Now in order to use the auditing facilities, we have 3 commands available.

Auditctl: a command to assist controlling the kernel audit system. The adding, deleting and status of the audit rules into the kernel system is done by this command. If we need to set a watch on a particular file, we can use this command.

Ausearch: This command is used to query the audit daemon logs for events based on the search criteria.

Aureport: command which produces summery reports of the audit system logs.

Autrace:Add audit rules to trace a process. Similar to strace.

Rcauditd:Controls the audit init script.

Auditd has 2 configuration files you need to care about:

/etc/audit/auditd.conf - configuration file for audit daemon.
/etc/audit/audit.rules - audit rules to be loaded at startup.
/var/log/audit/audit.log – the audit log file.

Let’s configure a watch on the /etc/passwd file like,

[root@vx111a test]# auditctl -w /etc/passwd -p war -k password-file

In the above command, we have configured a Watch on the file /etc/passwd.

-w /etc/passwd: informing Kernel to watch a file named /etc/passwd.

-p war: Set permissions files for the file watch.w – watch,a-append,r-read and x-exeucte.This also indicates that we need to watch for these actions on the /etc/passwd.

-k password-file: This is a Filter Key for the file to be watched. It can uniquely identify the audit records produced by the watch. You need to use password-file string or phrase while searching audit logs.

Once the watch is created on a file. We can see the audit rules that are available.

[root@vx111a audit]# auditctl -l
LIST_RULES: exit,always watch=/etc/passwd perm=rwa key=password-file
LIST_RULES: exit,always watch=/root/test/sample perm=rwa key=shad

Now let modify or check for contents in the file like,

[root@vx111a test]# grep 'root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin

Now we checked the file,we can see a alert generated.we can see the audit on the /etc/passwd file like

[root@vx111a test]# ausearch -f /etc/passwd
----
time->Tue Aug 28 14:46:05 2012
type=PATH msg=audit(1346145365.002:299): item=0 name="/etc/passwd" inode=1705681 dev=08:08 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1346145365.002:299): cwd="/root/test"
type=SYSCALL msg=audit(1346145365.002:299): arch=40000003 syscall=5 success=yes exit=3 a0=bfdfda16 a1=8000 a2=0 a3=8000 items=1 ppid=3339 pid=4558 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="grep" exe="/bin/grep" key="password-file"

Some of the ausearch commands,

ausearch -a audit_event_id : Run this search to view all records carrying a particular audit event ID. Each audit event message is logged along with a message ID consisting of a UNIX epoch time stamp plus a unique event ID separated by a colon.

ausearch -ul login_id : Run this search to view records associated with a particular login user ID.

ausearch -k key:Run this search to find records that contain a certain key assigned in the audit rule set. For example, use ausearch -k CFG_etc to display any records containing
the CFG_etc key

ausearch -m message_type:Run this search to find records related to a particular
message type

ausearch -f filename:Run this search to find records containing a certain filename. For example, run ausearch -f /foo/bar for.all records related to the /foo/bar file

ausearch -p process_id:Run this to search for records related to a certain process
ID. For example, use ausearch -p 13368 to search for all records related to this process ID.


Happy Learning, More To Come 
Read More

Tuesday, August 28, 2012

Run a Process On Specific Processor In Linux

Many Times, there will be a need of multiple processors on a server system to provide better performance and availability. When we use more processors, a subset of these can be made available to specific applications. This can be useful for some applications which are highly timing-sensitive, or when it is desired otherwise that an application always have one or more processors available to it. In Linux, it is possible to effectively dedicate a subset of processors to servicing one or more applications, which may help improve performance.

In Order to find out how many processors are available, we can use the proc file system like,

localhost:root-~ $ cat /proc/cpuinfo | grep processor
processor       : 0
processor       : 1

I Have 2 processors available. In Order to find on which processor a process is running, we can use ‘ps –F ax’ like this,

UID        PID  PPID  C    SZ       RSS PSR STIME TTY      STAT   TIME CMD
root         1     0      0    2591   640   0    May31 ?        Ss     0:06 init [3]
root         2     1      0     0         0     0    May31 ?        S<     0:05 [migration/0]
root         3     1      0     0         0     0    May31 ?        SN     0:00 [ksoftirqd/0]
root         4     1      0     0         0     0    May31 ?        S<     0:00 [watchdog/0]
root    5917     1       0   1315  122   1     Aug23 ?        Sl     1:09 /software/java/jdk1.6.0_16/bin/java -Djbs.name=TMP-C3 -server -Xms256m -Xmx256m –

We can see an Column in the output ‘PSR’, which actually says on which processor the process is running.

So the last java process is running on Processor 1.Linux provides the ability to change the processor for a process at runtime. This can be done by using ‘taskset’ command like,

localhost:root -~ $ taskset -p -c 0 5917
pid 5917's current affinity list: 1
pid 5917's new affinity list: 0

I have made the process that is running on the Processor ‘1’ to move to processor ‘0’.

According to Man pages,

taskset is used to set or retrieve the CPU affinity of a running process given its PID or to launch a new COMMAND with a given CPU affinity.  CPU affin-ity is a scheduler property that "bonds" a process to a given set of CPUs on the system.

Now once the taskset is done, we can check the process

UID    PID     PPID  C    SZ         RSS     PSR STIME TTY  STAT   TIME CMD
root   5917       1    0    131520 122744 0     Aug23  ?     Sl       1:09  java32/jdk1.6.0_16/bin/java -Djbs.name=TMP-C3

Some More Examples,

To set an application which is already running, having pid number 12345, to execute on CPU cores 5-8 (CPU ID's 4-7):
# taskset -p -c 4-7 12345
or this would be equally valid syntax:
# taskset -p -c 4,5,6,7 12345

Start application with specified CPU affinity
# taskset -c 4-7 /opt/foobar1.3/my-special-program

Note: The CPU affinity of a child process created via the fork system function call is inherited from its parent process, so if the application launches several related processes via fork, they will also run on the isolated CPUs.

Happy Learning , More To Come J
Read More

Monday, August 27, 2012

More DU Commands

Here are a list of 'du' commands that i use in my daily work.These will be updated regularly.

du -sh * | sort -n | tail
Get the 10 Biggest Files
du -hs */
List Complete Size Of Directories
du -sh ./* | sort -nr
Disk Usage Command Sorted by Size
du -sh
Sum File Sizes
du -ms * | sort -nr
Sort all Files Rounded to the Nearest MB
du -hs *| grep M | sort -n
Find Files With 1Mb 
du -sk .[!.]* *| sort -n  
disk usage of all subdirectories and files including hidden files within the current directory (sorted by file size)
du | sort -nr | cut -f2- | xargs du -hs
Show Sorted List of files more than 1mb
du -sk ./* | sort -k 1bn | column –t
Find Files Consuming More Space

Happy Learning 


Read More

Friday, August 24, 2012

Linux Environment Variable


An environment variable is a named object that contains data used by one or more applications. In simple terms, it is a variable with a name and a value. The value of an environmental variable can for example be the location of all executable files in the file system, the default editor that should be used, or the system locale settings. Environment variables in Linux are used by most of the activities taking place on a Linux system.

To view all the env variables as shown below ,we can use ‘export -p ‘ which gives

declare -x COLORTERM="gnome-terminal"
declare -x CVS_RSH="ssh"
declare -x DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-S3krTO7dZY,guid=b162193da5fe51c03cd49000501ffa05"
declare -x DESKTOP_SESSION="default"
declare -x DISPLAY=":0.0"
declare -x GDMSESSION="default"
declare -x GDM_XSERVER_LOCATION="local"
declare -x GNOME_DESKTOP_SESSION_ID="Default"
declare -x GNOME_KEYRING_SOCKET="/tmp/keyring-n8xiLd/socket"
declare -x GTK_RC_FILES="/etc/gtk/gtkrc:/root/.gtkrc-1.2-gnome2"
declare -x G_BROKEN_FILENAMES="1"
declare -x HISTSIZE="1000"

The same thing can be achieved by ‘env’ or ‘set’ or 'printenv' commands.

View a Specific Exported Variable

[root@vx111a ~]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:

Set an Environment Variable: To set a environment variable ,we can use the export command like ,
[root@vx111a ~]# export $TEMP=tmp

Once the variable is set we can view that using,

[root@vx111a ~]# echo $TEMP
Tmp

We can also use ,  env EDIT=VIM to set the environment variable, This will set the editor to vim.

Remove a Environment Variable: To set a environment variable, we can use the unset command like [root@vx111a ~]# unset TEM

Append a Value to an Environment Variable: Linux allows us to append to the existing variables like,

export PATH=$PATH:/usr/jdk1.6.0_14/bin;

Exporting Variables Permanently: To export variables permanently, you can add the export command in any of the following start-up files :

~/.profile
~/.bash_profile
/etc/profile

Happy Learning 
Read More

Process Based Commands


Some Process Based Commands (Updated Regularly)

List the Process based on the UID and Commands
ps -f -u wwwrun,postfix
List process based on Commands
ps -aux | grep command
or
ps -f -C run.pl (find Process by run.pl)

List the processes based on PIDs or PPIDs
ps -f --ppid

List Processes in a Hierarchy
ps -e -o pid,args –forest

Get Details of the Process
ps -L -p -o pid,lwp,pcpu,cputime,fname

Get Details of a Specific Process
ps -u dwls651 -o uname,pid,thcount,comm | grep java

List all threads for a particular process     
ps -C java -L -o pid,tid,pcpu,state,nlwp,args

Outputs the highest %MEM at bottom
ps aux --sort pmem (see the %MEM column)

find out which cpu processor a process is running on    
ps -eo pid,args,psr

Lists all current processes for the user named username in full listing format 
ps -f -u username
Return Number of kernal Threads Owned by a process
ps -o thcount -p
Display the top running process according by memory usage
ps aux | sort -nk +4 | tail
Process List By User
ps hax -o user | sort | uniq -c

Show all process by their memory & CPU Usage
ps aux --sort=%mem,%cpu
Show How much memory a Fire Fox (or Process) is using
ps -o %mem= -C firefox
View Process by Hierarchy , allows us to know what needs to be killed
ps -Hacl -F S -A f
Current Running Shell
ps -p $$

List Process By Highest CPU Usage
ps -ef --sort=-%cpu

Display Date of the Process Started
ps -o lstart

List Threads By PID along with Thread Start Time
ps -o pid,lwp,lstart --pid –L

Top Memory Usage
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS

print a stack trace of a running process
Pstack

Find Information abt the Parent Process
ps -o ppid= | xargs ps –p

Count Threads OF a JVM Process
ps uH p | wc –l

Kill Zombie process
kill -9 `ps -xaw -o state -o ppid | grep Z | grep -v PID | awk '{print $2}'`
 Happy Learning , More To Come.
Read More

Process In Linux


A Process is a running instance of a program. So whenever we start something, there is a process associated with that. If you have two files opened on your window, then we have 2 process belonging to those files available. A process started will contain all of its variables and also states.

The CPU runs switches from one process to other process making the user think that it is running multiple processes at a time, but a cpu is capable of running only one process at a time.

Process ID

Process ID : Each process in a linux is identified by a process ID which is also referred as pid.This is 16bit number that are assigned to process whenever a new one starts. To find the process id , we can use 'ps' command like

[root@vx111a ~]# ps
  PID TTY          TIME CMD
 3477 pts/1    00:00:00 bash
 5333 pts/1    00:00:00 ps

The PID column gives the process ID of the instance running (bash terminal has process ID 3477).

Every process has a parent process associated to it. A process will look much like a tree in linux. The parent process Id is referred as ppid.

[root@vx111a ~]# ps -eo pid,ppid | head
  PID  PPID
    1     0
    2     1
    3     1
    4     1

The PID is the process id and PPID is the parent process that started the process.

Viewing Process: In order to view the process, as i said above we can use 'ps' command.

We can various sort of information about the process by passing parameters to the ps command like ,

[root@vx111a ~]# ps -e -o pid,ppid,command  | head
  PID  PPID COMMAND
    1     0 init [5]                            
    2     1 [migration/0]
    3     1 [ksoftirqd/0]
    4     1 [watchdog/0]
    5     1 [migration/1]
    6     1 [ksoftirqd/1]

This gathers information like pid,ppid and command running that process. 

Killing a process

We can kill a process using the 'kill' command like,

kill -9 3477

Process Scheduling

In Linux, we are never aware that which process will be completed first either the child or parent. We cant even say which process will be given more time for its execution. We have facilities in linux to start a process with less priority or high.

Every process can be associated with a niceness value to it. Every process has a niceness of zero. A higher niceness value means that the process is given a lesser execution priority. A process with a lower value (that is, negative) niceness gets more execution time. Priorities run from 19 (lowest) to -20 (highest). Only root may set the negative (higher) priorities.

A niceness should not be confused with a scheduling priority, which lets applications determine the order in which threads are scheduled to run. Unlike a priority, a niceness is merely advice to the scheduler, which the scheduler is free to ignore.

In order to check the nice values for the processes running, we can use

[root@vx111a ~]# ps axl | head
F   UID   PID  PPID PRI  NI    VSZ      RSS WCHAN  STAT TTY        TIME COMMAND
4     0     1     0      15   0      10364  640     ?             Ss   ?          0:09 init [3]
1     0     2     1     -100  -      0         0        migrat     S<   ?          0:07 [migration/0]
1     0     3     1       34  19     0         0        ksofti       SN   ?          0:01 [ksoftirqd/0]
6th column (NI) with value 0 is the nice.

When we run a process on background it takes the nice value as '0'

[root@vx111a ~]# ./sam.sh &
[1] 1789

[root@vx111a ~]# ps axl | grep sam
0     0  1789  3769  16   0   4488   988 wait   S    pts/2      0:00 /bin/bash ./sam.sh

We can give a nice value (greater) by using,

nice --10 ./test.sh & (-10). The negative values can only be provided by the root user.

Linux also provides facilities for increasing or decreasing the nice values by using renice command.
if you run CPU-bond processes you must use nice command used to start process with modified scheduling priority / nicenesses. renice command is used to change the priority of a process that's already running. To increase the nice value (thus reducing the priority), execute the renice command as shown below.

[root@vx111a ~]# ps axl | grep sam
0     0  1789  3769  16   0   4488   988 wait   S    pts/2      0:00 /bin/bash ./sam.sh
[root@vx111a ~]# renice 16 -p 1789
1789: old priority 0, new priority 16
[root@vx111a ~]# ps axl | grep sam
0     0  1789  3769  33  16   4488   988 wait   SN   pts/2      0:00 /bin/bash ./sam.sh

Signals

Signals are mechanisms for communicating with and manipulating processes in Linux.When ever we give a kill command to a process , it sends a signal (9 : force kill) to the process.when a process receives a signal, it processes the signal immediately, without finishing the cur-rent function.We can also use

kill -s pid

Some of the linux signals and Id's are

0          SIGNULL
1          SIGHUP                       wake up an idling program
2          SIGINT                        Interrupt
3          SIGQUIT                      quit,Terminate with core dump
9          SIGKILL                       Force Termination
15        SIGTERM                     Terminate
24        SIGSTOP                     stop
26        SIGCONT                     continue
            SIGBUS                       bus error
            SIGSEGV                     segmentation violation
            SIGFPE                        floating point exception


Process Termination

A process terminates in one of two ways. Either the executing program calls the exit function, or the program’s main function returns. Each process has an exit code: a number that the process returns to its parent. The exit code is the argument passed to the exit function, or the value returned from main.

Zombie Processes

A zombie process is a process that has terminated but has not been cleaned up yet. It is the responsibility of the parent process to clean up its zombie children.

The status of the zombie process will be in 'z' state. We can find the zombie process using ,

ps aux | awk '{ print $8 " " $2 }' | grep -w Z

BackGround and ForeGround Jobs

Executing a background job : Appending an ampersand ( & ) to the command runs the job in the background.

[root@vx111a ~]# ./sam.sh &
[1] 2105

Move a foreground job to background by,

Press ‘CTRL+Z’ which will suspend the current foreground job.
Execute bg to make that command to execute in background.

[root@vx111a ~]# ./sam.sh
[1]+  Stopped                 ./sam.sh (ctrl +z Pressed)

[root@vx111a ~]# bg
[1]+ ./sam.sh &

View all the background jobs: To view all the jobs running background ,we can use the 'jobs' command like

[root@vx111a ~]# jobs
[1]+  Running                 ./sam.sh &

job from the background to the foreground

[root@vx111a ~]# jobs
[1]+  Running                 ./sam.sh &
[root@vx111a ~]# fg %1
./sam.sh

Kill a specific background job using kill %
[root@vx111a ~]# ./sam.sh

[1]+  Stopped                 ./sam.sh
[root@vx111a ~]# jobs
[1]+  Stopped                 ./sam.sh
[root@vx111a ~]# kill %1
[1]+  Terminated              ./sam.sh


display a tree of processes : To display a tree of process from parent to child ,we can pstree command like

[root@vx111a ~]# ./sam.sh

[1]+  Stopped                 ./sam.sh
[root@vx111a ~]# ps ux | grep sam
root      2229  0.0  0.0   4488   984 pts/2    T    02:26   0:00 /bin/bash ./sam.sh
root      2232  0.0  0.0   3920   664 pts/2    S+   02:26   0:00 grep sam
[root@vx111a ~]# pstree 2229
sam.sh───sleep

Process Status Code : For every process In Linux , there is a status code available.When ever we run 'ps ux' command , the 'STAT' column in the output says about the status of the Process.The available status codes in linux are

D : Un interruptiable Sleep ( usually I/O ) 
R : Running Or Runnable ( On Run Queue )
S : Interruptible Sleep (Waiting for an Event to complete)
T : Stopped
X : dead
Z : Zombie


sleep

sleep is a command in linux which delays some thing for a specified amount of time.we can use sleep like

sleep 5 && echo "jagadesh"

usleep

    Micro sleep (the u may be read as the Greek mu, or micro- prefix). This is the same as sleep, above, but "sleeps" in microsecond intervals. It can be used for fine-grained timing, or for polling an ongoing process at very frequent intervals.

Happy learning, more to come.
Read More