Administration Utilities Objectives –to use standard administration utilities Contents –manual...
23
Administration Utilities • Objectives – to use standard administration utilities • Contents – manual pages – identifying your system – communicating with Users – finding files – looking at files and logs – system defaults – Syslog – Logrotate – logserver • Practicals – to become familiar with these commands • Summary
-
Upload
phillip-briggs -
Category
Documents
-
view
221 -
download
1
Transcript of Administration Utilities Objectives –to use standard administration utilities Contents –manual...
Administration Utilities
• Objectives– to use standard administration utilities
• Contents– manual pages
– identifying your system
– communicating with Users
– finding files
– looking at files and logs
– system defaults
– Syslog
– Logrotate
– logserver
• Practicals– to become familiar with these commands
• Summary
On-Line Manuals
$ man man $ man –k tcp$ man passwd$ man 5 passwd
$ man man $ man –k tcp$ man passwd$ man 5 passwd
• On-line manuals in many sections: May vary on systems1 user commands 5 fileformats like /etc/paswd
(8)1M maintenance commands 6 games
2 system calls 7 Miscellaneous
3 functions and libraries 8 System administration commands
4 special files found in /dev 9 Kernel routines
• man <command> displays first manual page found
• man –k <keyword> <command>
• man <section> <command><command> is optional with <keyword>
• Some systems provide a whatis database (originally BSD)– whatis command one line description of command
– apropos command keyword search for command
– Info command more information about command
– /usr/ucb/catman re-creates database from manual source files
• Manual pages are stored under /usr/share/man/ and /usr/local/man
man[1-8] troff/nroff format manual pages (gz compressed)
cat[1-8] formatted manual pages (gz compressed)
• Manuals can be stored in different or multiple directories by setting the MANPATH variable
– don’t forget to include /usr/share/man if defining MANPATH
• Manuals pages are displayed using a pager program– less is default in SuSE but usually more is used by default
– set the PAGER variable to override default
• SuSE Application documentation is in /usr/share/doc
Adding Manual Entries
$ MANPATH=/usr/share/man:/usr/X11/man$ export MANPATH$ man xterm
$ MANPATH=/usr/share/man:/usr/X11/man$ export MANPATH$ man xterm
$ PAGER=less; export PAGER $ man xterm$ PAGER=less; export PAGER $ man xterm
Identifying the Unix System
• The uname command (uname) shows system information– the command hostname also identifies the current host
• options-a all information
-n system name (nodename on network)
-s O/S name
-r O/S release number
-v O/S version number
-m machine hardware
-p processor type
$ uname -aLinux linux 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686 i686 i386 GNU/Linux$ hostnamemash4077
$ uname -aLinux linux 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686 i686 i386 GNU/Linux$ hostnamemash4077
Identifying active users
• The who command shows who is currently logged on– information kept in /var/run/utmp
– a history of every login is also kept in /var/log/wtmp
• Who can also be used to identify the current effective user
who am i
• Who can also be used to identify the original user
whoami
• The command id identifies the current user in more details
• some systems also have a w command (originally BSD)
• The last command show all historical logins
$ whotrapper pts/0 Jul 25 11:01hawkeye console Jul 25 11:31$ who am ihawkeye console Jul 25 11:31
$ whotrapper pts/0 Jul 25 11:01hawkeye console Jul 25 11:31$ who am ihawkeye console Jul 25 11:31
$ iduid=318(hawkeye) gid=300(users)$ who /var/log/wtmphistory of all system logins$ last 10history of 10 system logins
$ iduid=318(hawkeye) gid=300(users)$ who /var/log/wtmphistory of all system logins$ last 10history of 10 system logins
Talking to users
• Use write to display a message on a user's terminal– user's can disable messages using mesg n command
– root can always write to a user
• Write all (wall) will display to all logged in users– useful for sending out broadcasts
– used by the system shutdown mechanism
• Use the talk command to set up a two way dialogue.
• Block all exept wall with mesg n
• Enable all again with mesg y
$ write trapperDo you know where the system logbook is?^D$ mesg is no$ mesg y
$ write trapperDo you know where the system logbook is?^D$ mesg is no$ mesg y
$ talk trapper$ talk trapper
Finding Files• The find command locates files using specified search criteria
find directories... search_criteria... action
• Search Criteria:-name name finds only files called name (can use shell wildcards)
-user name finds only files owned by user name
-type letter finds files of specified type: f (plain files) d (dirs), etc.
-mtime n finds files modified n days ago, less than (-n ), greater than (+n )
-size n[c|K] finds files of size n , larger than (+n ), smaller than (-n ), c=chars, K=kilobytes (when omitted, 512 block size is implied)
-newer pathname finds files newer than specified file
-mount don't cross disk boundaries
• Action:-print print filenames found
-exec cmd {} \; executes given command (filename will be given in place of {})
-ok cmd {} \; executes command but prompts for confirmation
Exercise - Revision Of Using find
• What do the following find commands mean?
# find . -print
# find /etc -type d -print
# find /home -name .bash_profile -exec more {} \;
# find /dev -type f -mtime -7 -exec ls -l {} \;
# find /sbin /usr/sbin -name "user*" -exec ls -ld {} \;
# find . -print
# find /etc -type d -print
# find /home -name .bash_profile -exec more {} \;
# find /dev -type f -mtime -7 -exec ls -l {} \;
# find /sbin /usr/sbin -name "user*" -exec ls -ld {} \;
The grep Family
• All grep commands provide pattern matching criteria for filtering lines containing a patternfgrep [options] pattern [files...]
– fgrep uses fixed (simple patterns)
grep [options] pattern [files...]
– grep uses "regular expressions" to define powerful pattern matching templates
egrep [options] pattern|pattern [files...]
– egrep uses extended regular expressions, allows multi-pattern search
• common options-v output non-matched lines
-c output count of lines matched
-i ignore lower/upper case
-n mark each matched line with its relative line number
Exercise - Revision Of Using grep
• Always using single quotes round grep regular expression
• What do the following grep commands mean?
# ls -l | grep '^d'
# grep 'bash$' /etc/passwd
# ls -a | grep '^\.[^.]'
# fgrep 'su:' /var/log/messages
# who | egrep '(hawkeye|trapper)'
# ls -l | grep '^d'
# grep 'bash$' /etc/passwd
# ls -a | grep '^\.[^.]'
# fgrep 'su:' /var/log/messages
# who | egrep '(hawkeye|trapper)'
Looking Inside Files• Use the file command to identify a file type• Command dependency is found with ldd command • Text files: use less or more to look at the file• Data files: use octal dump (od)
– some systems supply a hex dump (hd) program– use the -c option to characters where possible
• Use the strings command to list ASCII strings in a data file• MS-DOS files can be examined with mtype
# file /bin/bash/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped# od -c /bin/bash | less
# file /bin/bash/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped# od -c /bin/bash | less
Inspecting Log Files
• Use a pager such as less or more or mcedit– can be slow when working with large log files
• Use grep to look for particular words
• Use the tail command to look at the last 10 lines– if the log file is growing than use the -f option
• Use view (vi read only) to read the whole file
Whatever method you choose:
DO LOOK AT LOG FILES
# tail /var/messages
...
Sep 24 19:40:32 linux su: (to root) peter on /dev/pts/0
Sep 24 22:35:16 linux su: (to lp) peter on /dev/pts/0
# tail /var/messages
...
Sep 24 19:40:32 linux su: (to root) peter on /dev/pts/0
Sep 24 22:35:16 linux su: (to lp) peter on /dev/pts/0
System Default Files & logbooks
• SuSE & RedHat sysconfig /etc/sysconfig/ – SuSE specific setup and boot files
• General linux config /etc/– Many files, system wide configs
• Useradd enviroment /etc/default– When adding users /etc/skel is added to user enviroment
– Useradd takes also information from /etc/login.defs
• Unix system logbooks (exherpt only)Undependent of syslog/syslog-ng:
/var/log/maillog : Mail
/var/log/samba/ : Samba server logs
SuSE log catalog standards:
/var/log/messages : (SYSLOG) Systems services & hardware log
/var/log/boot.* : System boot messages
/var/log/mail.* : Mailsystem messages
/var/log/warn : Warnings from system services
Syslog-ng Controlling logfiles• SuSE comes with syslog engine called syslog next generation
Syslog-ng is much more flexable than majority of unix system using syslog
• Syslog-NG source: http://www.balabit.com/• Syslog-ng is a client server engine• Usally local workstation forwards all important logfiles to central logserver
Logserver increases security and system stability.
• SuSE comes with syslog setup to log locally only• To stop / start and check the logging facility:
• Configuration is found in: /etc/syslog-ng/Here you define log sources, message filters and destinationsSources/Destinations can be local or remote sevices and servers.
# /etc/init.d/syslog stop
Shutting down syslog services done
# /etc/init.d/syslog start
Starting syslog services done
# /etc/init.d/syslog status
Checking for service syslog: running
# /etc/init.d/syslog stop
Shutting down syslog services done
# /etc/init.d/syslog start
Starting syslog services done
# /etc/init.d/syslog status
Checking for service syslog: running
Mastering Syslog-ng logging
• Syslog options– How syslog behaves what permissions files should have and so on.
• Syslog source– Define where the data sources is collected (local or network)
• Syslog destination– Define destination directories to send collected datasources (local or network)
• Syslog log– Connection of syslog sources to syslog destionation directories
• Syslog filter– Define message filters
• Syslog-ng listens for network sources to be a logservUnlike a regular syslog server which listens for client messages on UDP port 514,
syslog-ng also listens on TCP port 514
Syslog Facility and Levels• Facility(…)
– auth Messages generated by authorization programs. – daemon Messages generated by system server processes. – local0-7 Names reserved for user-defined facilities. – mail Messages generated by a mail system. – news Messages generated by a news system. – syslog Messages generated by the syslog daemon. – user Messages generated by a process (user). – mark Messages generated by a mark signal from the syslog daemon.– cron Messages generated by cronograph.– kern Messages generated by kernel.
• Level(…)– emerg — system service is unusable.– alert — Action must be taken immediately to address the problem.– crit — A critical condition has occurred.– err(or) — An error has occurred.– warn(ing) — A significant event that may require attention has occurred.– notice — An event that does not affect system operation has occurred.– info — An normal operation has occurred.– debug — Diagnostic output detailing normal operations.
Syslog Filters
• Define filters– Use filter blocks to match or exclude logs. The following shows two
example filters.
• Use filters– log blocks to join source to destination with optional filter specifications.
filter notdebug {level(info...emerg);
}
filter notmail {not facility(mail);
}
filter notdebug {level(info...emerg);
}
filter notmail {not facility(mail);
}
log {source(local);filter(notdebug);filter(notmail);destination(messages)
};
log {source(local);filter(notdebug);filter(notmail);destination(messages)
};
Syslog servers• You can setup four types of logservers
– Syslog local logserver only (standard)– Syslog proxy– Syslog forward only (Syslog client)– Syslog logserver
• Syslog logserver, the server named ”loghost”Enter loghost ip address in /etc/hosts
192.168.0.42 server.ikea.se server loghost
192.168.0.231 client.ikea.se client local0
SuSE mandatory /etc/syslog-ng/syslog-ng.conf.in uncomment by removing ”#” on line 43:
udp(ip("0.0.0.0") port(514));
Apply configuration the SuSE way:
Check that server is listening:
Manually restart your client logserver:
# netstat –a | grep syslog
udp 0 0 *:syslog *:*
# netstat –an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
# netstat –a | grep syslog
udp 0 0 *:syslog *:*
# netstat –an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* # /etc/init.d/syslog restart
Shutting down syslog services done
Starting syslog services done
# /etc/init.d/syslog restart
Shutting down syslog services done
Starting syslog services done
# SuSEconfig --module syslog-ng
…
Finished.
# SuSEconfig --module syslog-ng
…
Finished.
Syslog forward only (Syslog Client)
• Syslog client config OPTIONSIn /etc/syslog-ng/syslog-ng.conf.in at OPTIONS add or change:
SuSE Defines options for local logging only
you prepare for sending logs to logserver.
If you like you can keep all but sync(0)!
• Syslog client config SOURCEMost sources are predefined so you can leave this out!
The general linux/unix source convention looks like this:
SuSE SOURCE looks like this:
• Next will be to FILTER and route SOURCE to logserver
source local {unix-dgram("/var/run/log");file("/dev/klog");udp(ip(127.0.0.1) port(514));internal();};
source local {unix-dgram("/var/run/log");file("/dev/klog");udp(ip(127.0.0.1) port(514));internal();};
options {use_fqdn(no);log_fifo_size(8192);};
options {use_fqdn(no);log_fifo_size(8192);};
source src {
internal();
# variables from /etc/sysconfig/syslog:
@SuSEconfig_SOCKETS@
#udp(ip("0.0.0.0") port(514));
};
source src {
internal();
# variables from /etc/sysconfig/syslog:
@SuSEconfig_SOCKETS@
#udp(ip("0.0.0.0") port(514));
};
Syslog forward only (Syslog Client)• Syslog client config FILTER
Goto end of file /etc/syslog-ng/syslog-ng.conf.in and adda very simple filter that look like this:
SuSE predefines filter for any logging situation regarding mail server, kernel messages and so on, and is little more comples than the simple above.
For examle one mail filer looks like this:
• Syslog client config DESTINATIONWe need to declare where to send log files, standard is local log file, in our case we
want log on the logserver.Go to end of file: /etc/syslog-ng/syslog-ng.conf.in and add:
• Syslog client config LOGFilter and Destination themself does not do anything, we must connect source with
filter and destination. Add after your new destination:
• Parse and apply the new syslog-ng configuration
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter notdebug { level(info...emerg); }
filter notdebug { level(info...emerg); }
destination loghost {udp("loghost" port (514));};
destination loghost {udp("loghost" port (514));};
log { source(src);filter(notdebug);destination(loghost); };
log { source(src);filter(notdebug);destination(loghost); };
# SuSEconfig --module syslog-ng
# SuSEconfig --module syslog-ng
Logrotate• The /etc/logrotate.conf File
– This is logrotate's general configuration file. You can specify either "weekly" or "daily" rotation parameter. The "rotate" parameter specifies the number of copies of log files The "create" parameter creates a new log file after each rotation
• Sample contents of /etc/logrotate.conf
• Logrotate is controlled by ”cron” /etc/cron.daily/logrotateAll files that sit in /etc/cron.daily is executed one time per day.
# rotate log files weekly
Weekly
# rotate log files daily
# daily
# keep 4 weeks worth of backlogs
rotate 4
# keep 7 days worth of backlogs
# rotate 7
# create new (empty) log files after rotating old ones
create
# configuration by service/facility
include /etc/logrotate.d/
# rotate log files weekly
Weekly
# rotate log files daily
# daily
# keep 4 weeks worth of backlogs
rotate 4
# keep 7 days worth of backlogs
# rotate 7
# create new (empty) log files after rotating old ones
create
# configuration by service/facility
include /etc/logrotate.d/
Logrotate for general service’s• Placeholder is defined as default to be /etc/logrotate.d directory
– This directory contains all logrotaion configuration for services generating logs
• The /etc/logrotate.d/syslog File– This is the system general logfiles– Format is: logfile { logrotate handling }
It should look something like this:/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages /var
/log/firewall {
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
create 640 root root
sharedscripts
postrotate
/etc/init.d/syslog reload
endscript
}
• Samba and Apache is included in logrotate, if they are instaled/var/log/samba/*.log { logrotate handling }
• Forcing logrotate to runlogrotate –f Whole logrotate
logrotate -f /etc/logrotate.d/syslog Only syslog
Summary
• Unix administrators have a wide suite of utility programs for interrogating the system
man
uname
who, id
write, wall, talk
find
grep
pg/more, tail
• Learn what programs are available
• Read the manual pages to find out what the programs can do besides their basic function
• Learn reading logs and howto find anamoly states
