CIS 218 Advanced UNIX 1 User and System Information CIS 218.

CIS 218 Advanced UNIX 1

User and System Information

CIS 218


System resourcesSystem resources System resources: cpu, memory, disk, System resources: cpu, memory, disk,

processes (32K or 64K)processes (32K or 64K) Display CPU using: Display CPU using: toptop Display CPU/Memory using: Display CPU/Memory using: vmstatvmstat Display disk using: Display disk using: iostat or iostat or vmstatvmstat

Display disk using: Display disk using: ps –ef, ps aux, ps –ef, ps aux, ps -auxps -aux


File SystemsFile Systems

Separate areas on disks are placed under Separate areas on disks are placed under different directories called different directories called mountpointsmountpoints

The are displayed with the The are displayed with the mount mount commandcommand

Different areas can be formatted with Different areas can be formatted with different different filesystemfilesystem formats. formats.

The are displayed with the The are displayed with the df df commandcommand


/etc/passwd/etc/passwd

The password file:The password file:root:jheVopR58x9Fx:0:1:The superuser:/:/bin/shnobody:*:65534:65534::/:stevens:3hKVD8R58r9Fx:224:100:

Richard Stevens:/home/stevens:/bin/ksh

Colon separates seven fields:userid, encrypted Colon separates seven fields:userid, encrypted password, uid, gid, user info (finger), HOMEpassword, uid, gid, user info (finger), HOME– $ man passwd$ man passwd


Special /etc/passwd valuesSpecial /etc/passwd values rootroot has the user ID 0 has the user ID 0 ““system” uids less than 100 system” uids less than 100 nobodynobody cannot login, but programs can run cannot login, but programs can run

as as nobodynobody. n. nobodyobody can only access world recan only access world readable or writable filesadable or writable files

// sbin/nologin sbin/nologin uused for “daemon” processessed for “daemon” processes that don’t login but used to secure files and that don’t login but used to secure files and directoriesdirectories


/etc//etc/shadowshadow

Passwords now stored in Passwords now stored in /etc/shadow/etc/shadow The password is encrypted using The password is encrypted using crypt()crypt()

– one-wayone-way: there is no known way to decrypt (decode: there is no known way to decrypt (decode) a password) a password

nobodynobody cannot login, but programs can run cannot login, but programs can run as as nobodynobody. n. nobodyobody can only access world readacan only access world readable or writable filesble or writable files


/etc//etc/shadowshadow /etc/shadow/etc/shadow stores encrypted password strings stores encrypted password strings

– only readable by only readable by rootroot. . suid by suid by loginlogin – /etc/passwd/etc/passwd contains only ‘ contains only ‘xx’s in its password fi’s in its password fi

eleldsds– In older systems In older systems pwconvpwconv pwconv converts to pwconv converts to

/etc/shadow usage/etc/shadow usage This prevents password cracking by copying This prevents password cracking by copying /etc/passwd/etc/passwd and then using ‘guess and test’ and then using ‘guess and test’– many passwords are very simplemany passwords are very simple unless newer unless newer

system enforces password xcompleity rules.system enforces password xcompleity rules.


FingerFinger

fingerfinger accesses the GECOS field: accesses the GECOS field:stevens:3hKVD8R58r9Fx:224:100:stevens:3hKVD8R58r9Fx:224:100:

Richard &, B232, 555-1111, 555-2222Richard &, B232, 555-1111, 555-2222::/home/stevens:/bin/ksh/home/stevens:/bin/ksh

– different fields different fields within GECOS within GECOS are separated by are separated by commas: commas:

user name, office, work and home phone numbersuser name, office, work and home phone numbers

– && is replaced by the capitalised user name is replaced by the capitalised user name


//etc/groupetc/group

Lists every group on the system, an optional Lists every group on the system, an optional password, its group ID, and the users who apassword, its group ID, and the users who are members:re members:

wheel:*:0:root, rachelwheel:*:0:root, racheluucp:*:10:uucpuucp:*:10:uucpvision:AweHG67Ket4Ds:101:keith, arlinvision:AweHG67Ket4Ds:101:keith, arlinusers:*:100:users:*:100:

$ man group


Joining GroupsJoining Groups

/etc/group/etc/group lists group users lists group users in addition to the in addition to the onesones who are members because of their who are members because of their /etc/passwd/etc/passwd group ID. group ID.– e.g. e.g. stevensstevens is in is in usersusers because he has because he has

group ID 100group ID 100

A user can change group with A user can change group with newgrpnewgrp

– usually must be a member of that groupusually must be a member of that group– some groups have passwords (e.g. some groups have passwords (e.g. visionvision))


Supplementary Group IDsSupplementary Group IDs

In earlier UNIXs, each user belonged to one In earlier UNIXs, each user belonged to one group at a time. group at a time. – change was possible with change was possible with newgrpnewgrp

Current systems use same uid and gid by Current systems use same uid and gid by default for ordinary user idsdefault for ordinary user ids

Some UNIXs now have supplementary grouSome UNIXs now have supplementary group IDs:p IDs:– a user can belong to up to 16 additional groupsa user can belong to up to 16 additional groups– no longer need to use no longer need to use newgrpnewgrp (so much) (so much)


Keeps track of the network addresses for everKeeps track of the network addresses for every host on the local network.y host on the local network.

Often incomplete since the system can also asOften incomplete since the system can also ask address servers on other machines.k address servers on other machines.

Typical Typical /etc/hosts/etc/hosts::127.0.0.1 localhost127.0.0.1 localhost192.100.77.3 ratree.psu.ac.th ratree loghost192.100.77.3 ratree.psu.ac.th ratree loghost192.100.77.5 ns.psu.ac.th ns192.100.77.5 ns.psu.ac.th ns203.154.130.11 ratree2.psu.ac.th ratree2203.154.130.11 ratree2.psu.ac.th ratree2

/etc/hosts/etc/hosts


/etc/protocols/etc/protocols

Stores details about network protocols suppStores details about network protocols supported by the system.orted by the system.

Fragment of Fragment of /etc/protocols/etc/protocols::tcp 6 TCP tcp 6 TCP

# transmission control protocol# transmission control protocol::

udp 17 UDP udp 17 UDP # user datagram protocol# user datagram protocol

: :


/etc/services/etc/services

Stores details on the network services supporteStores details on the network services supported by the systemd by the system– built on top of network protocolsbuilt on top of network protocols

Fragment of Fragment of /etc/services/etc/servicesftpftp 21/tcp21/tcpsmtpsmtp 25/tcp25/tcp mailmail

::ircirc 194/tcp194/tcp # internet relay chat# internet relay chatircirc 194/udp194/udp ::


Login AccountingLogin Accounting

/var/run/utmp/var/run/utmp

– records which users are currently logged inrecords which users are currently logged in– used by used by whowho, , usersusers, , fingerfinger, , psps– may be located in may be located in /var/adm//var/adm/

/var/log/wtmp/var/log/wtmp

– records all logins, logouts, shutdowns, rebootsrecords all logins, logouts, shutdowns, reboots– used by used by lastlast

– may be located in may be located in /var/adm//var/adm/


lastlast (reboot) (reboot) Displays Displays wtmpwtmp in an understandable form. in an understandable form.

Lists all logins, logouts, etc. since file creation.Lists all logins, logouts, etc. since file creation.

$ last | grep boot$ last | grep bootreboot System boot Fri Aug 15 22:15reboot System boot Fri Aug 15 22:15reboot System boot Fri Aug 15 15:21reboot System boot Fri Aug 15 15:21reboot System boot Fri Aug 4 17:24reboot System boot Fri Aug 4 17:24reboot System boot Fri Aug 4 15:41reboot System boot Fri Aug 4 15:41

continued


lastlast (user) (user)

$ last$ lastrich rich ttypbttypb mit.usa mit.usa Tue Aug 19 Tue Aug 19 13:19 still logged in13:19 still logged inzonkzonk ttyp3ttyp3 129.10.1.22 Tue Aug 19 13:12 - 13:14 (00:02)129.10.1.22 Tue Aug 19 13:12 - 13:14 (00:02)rich rich ttypattypa lisa.ac.thlisa.ac.thTue Aug 19 Tue Aug 19 13:11 still logged in13:11 still logged inzonk zonk ttyp3ttyp3 lennylenny Tue Aug 19 Tue Aug 19 12:06 - 12:21 (00:14)12:06 - 12:21 (00:14)

:: $ last rich$ last rich

rich rich ttypbttypb mit.usamit.usa Tue Aug 19 13:19 still logged inTue Aug 19 13:19 still logged inrich rich ttypattypa foo.lisa.ac.th Tue Aug 19 13:11 still logged infoo.lisa.ac.th Tue Aug 19 13:11 still logged inrich rich ttyp0ttyp0 goo.lisa.ac.th Mon Aug 18 11:01 - 11:45 (00:44)goo.lisa.ac.th Mon Aug 18 11:01 - 11:45 (00:44)rich rich ftpftp mit.usamit.usa Sat Aug 16 00:03 - 00:04 (00:01)Sat Aug 16 00:03 - 00:04 (00:01)


The System Log: The System Log: syslogsyslog

syslogduserprocess

/dev/log UDPport 514

/dev/klog

kernelroutines

Unix domaindatagram socket

Internet domaindatagram socket

TCP/IP network

syslog()

files, consoleor e-mail

Kernel

log()

$ man syslogd


Logging MessagesLogging Messages Any program can generate log messagesAny program can generate log messages using using syslog()syslog()..

A log message includeA log message includess::– the program name, a facility, a priority, and the messathe program name, a facility, a priority, and the messa

ge textge text

Example:Example:login: Root LOGIN REFUSED on ttyalogin: Root LOGIN REFUSED on ttya

– sent by an authorization facility (sent by an authorization facility (loginlogin); it is critical); it is critical


Some Some syslogsyslog Facilities Facilities

NameName FacilityFacilitykernkern The kernel.The kernel.useruser Regular user processes.Regular user processes.mailmail The mail system.The mail system.lprlpr The printer system.The printer system.

::authauth The authorization system, or The authorization system, or

programs that ask for user names programs that ask for user names and passwords (e.g. and passwords (e.g. loginlogin, , susu, , gettygetty, , ftpftp).).


Some Syslog Priorities (levels)Some Syslog Priorities (levels)

PriorityPriority MeaningMeaningemergemerg Emergency (e.g. crash).Emergency (e.g. crash).alertalert Fix immediately (e.g. bad db).Fix immediately (e.g. bad db).critcrit Critical (e.g. hardware error).Critical (e.g. hardware error).errerr Ordinary error.Ordinary error.

::noticenotice Not an error, but important.Not an error, but important.

::debugdebug Debug messages.Debug messages.


Other system info commandsOther system info commandsuptime uptime system since last rebootsystem since last rebootw who. Lists users, login times, and status.w who. Lists users, login times, and status.finger Shows personal information.finger Shows personal information.date Shows current date and time.date Shows current date and time.man MANual pages. Complete online reference.man MANual pages. Complete online reference.ps ProceSses. Show programs are being run.ps ProceSses. Show programs are being run.toptop shows top users of CPU and RAM shows top users of CPU and RAM

(see also ps -aux and vmstat)(see also ps -aux and vmstat)unameuname Display UNIX informationDisplay UNIX informationiostatiostat device utilizationdevice utilizationvmstatvmstat virtual memory statisticsvirtual memory statisticssarsar system activity reportersystem activity reporteriostat iostat some systems, displays disk IO activitysome systems, displays disk IO activity

df (-v) df (-v) display file system utilizationdisplay file system utilizationdudu display directory utilizationdisplay directory utilizationmount mount display file system mountpoints, typedisplay file system mountpoints, typehostnamehostname display the hostnamedisplay the hostnamedmesgdmesg display OS startup infodisplay OS startup infoulimitulimit system resource limits (see /etc/security/limits.conf)system resource limits (see /etc/security/limits.conf)

Date post:	11-Jan-2016
Category:	Documents
Upload:	earl-douglas
View:	223 times
Download:	3 times

CIS 218 Advanced UNIX 1 User and System Information CIS 218.

Documents