252 Part III ✦ Administering Linux # <file <mount # system> point> <type> <options> <dump> <pass> /dev/hdb1 / ext2 defaults,errors=remount-ro,usrquota 0 1 Lastly, activate disk quota monitoring by starting the daemon with the following command: $ /etc/init.d/quota start Now you have quotas monitoring the drive space of all users on your system. When users reach the limit of their quota, they are notified. If users are curious about their current status, they can issue the quota command to find this information. Likewise, quotas can be stopped by issuing the following command: $ /etc/init.d/quota stop Using edquota A little utility that comes with quota when you install it is edquota. This program sets and edits the limitations to each person’s account. This is the syntax for the command: edquota [ -ug ] name The options u and g specify whether the quota values should apply the name as a user or as a group, because you can apply quotas to either. When you execute the edquota command for a user or group, an editor opens (vi by default unless you change the EDITOR environment variable) to create a temporary file that displays the current setting for the account, as shown here: /dev/hdb1: blocks in use: 44, limits (soft = 1000, hard = 1500) inodes in use: 12, limits (soft = 500, hard = 550) This shows that a user has a quota set on the hdb1 device setting both user and group limits. This user has a limitation on the number of blocks he or she can use. Each block consists of 1,024 bytes. The soft setting indicates when the user begins to be notified with warnings that he or she has reached the quota (giving this user around 1MB before warning start). The hard limitation (1.5MB in this example) is the absolute setting. Once reached, you cannot store any more data. At this time, the user must delete data or have the administrator increase the quota. To change these hard and soft limit settings, just edit the file directly at this time. The second line indicates the number of inodes, or objects (such as files and direc- tories), available to the user. Each inode is an object; therefore, every file, directory, and such counts against this setting. This limits the number of objects an account can create. You can change, add to, or set new quotas for other devices with these settings. 4710-0 ch12.F 4/10/01 11:24 AM Page 252 253 Chapter 12 ✦ System Administration Once the user reaches the soft quota setting, he or she has a time limit to comply with the limit or it is treated as a hard limit. This is considered a grace period, which is seven days by default. You can change this time frame using edquota -t (similarly to changing user quotas). When you use quotas to control the amount of drive space an individual con- sumes, set up the quota amount when you create the account. You can set it up by modifying the /etc/adduser.conf file. At the end of the configuration file is a line resembling QUOTAUSER=””. Add a value for the quota amount variable between the double quotes (“”) to enable setting up quotas when you create the accounts. By default, this is left empty. Quota reporting To be a good administrator, it’s important that you know what’s going on with the system. Therefore, checking on the status of your system quotas is crucial. There are two ways to get report information from the system. The first is by using the quota command. quota [ -gv | q ] [name] This command gives you instant information about anyone. By default, quota (when used without anything after it) shows the current user’s quota information. Alternatively, employing one of the options shown in Table 12-3 produces the same results. Table 12-3 Reporting options for quota Option Description -g Displays the quota for the group of which the user is a member -v Displays a report for those users who are not currently using the system -q Displays a concise message showing only the information on filesystems where usage is over quota Both users and administrators can employ this command. However, some of the features— such as checking on users’ account information — are only available to the administrator. The second way to get information from the system is through the repquota com- mand. This command provides a more thorough listing of all accounts. Administrators use this command to get complete accounting information. Here is the syntax for this command: Note 4710-0 ch12.F 4/10/01 11:24 AM Page 253 254 Part III ✦ Administering Linux repquota [ -vug ] -a|filesystem The options listed in Table 12-4 explain the choices for the repquota command. These options give you the ability to report on combinations of filesystems, users, and groups. Table 12-4 Reporting options for repquota Option Description -a Reports on all filesystems indicated in /etc/fstab that use quotas -v Reports on all quotas, regardless of usage -g Reports on quotas for all groups -u Reports on quotas for all users The following example shows a report on all (-a) users on the root filesystem. A comprehensive report is generated. This particular report shows only one account with user quotas set for this filesystem. You can generate more individualized reports by using combinations of options. $ repquota -a Block limits File limits User used soft hard grace used soft hard grace root 548440 0 0 54337 0 0 daemon 8 0 0 3 0 0 man 768 0 0 50 0 0 lp 12 0 0 3 0 0 mail 80 0 0 19 0 0 news 4 0 0 1 0 0 www-data 24 0 0 11 0 0 identd 4 0 0 1 0 0 gdm 4 0 0 1 0 0 jo 28 0 0 7 0 0 jane 44 0 0 12 500 550 jake 24 0 0 6 0 0 Using this type of reporting can also help track suspicious activity — both from abusers among legitimate users and would-be hackers attempting to crack your system. One indication of potential abuse is when the limits for one user are set higher than all others. The user may have a legitimate use for all the space or not. At minimum, the discrepancy merits further investigation. (See Chapter 19 for more information about preventing hackers.) 4710-0 ch12.F 4/10/01 11:24 AM Page 254 255 Chapter 12 ✦ System Administration Using System Monitoring Tools One of the most important duties of the administrator is to monitor the system. This can be one of the most mundane of tasks; but when done properly, it reveals weaknesses with the system, areas where resources are running low, and areas where possible abuse has taken place. Monitoring the system becomes a skill over time as you become familiar with the system. Several aspects of the Linux system need monitoring. The first and foremost are the log files. Monitoring system log files Log files keep track of the system’s activities. Consider them bank transactions. Each time money enters or leaves an account at a bank, a record is made of the transaction. The same goes for the Linux system. Each time a process starts, a per- son logs in, e-mail gets sent, or any number of other activities, a transaction is writ- ten to a file recording the activity. There are a couple of processes that take care of this record keeping. These pro- cesses run as daemons, monitoring the activity of other daemons while recording various activities to text files. System logging with syslogd The syslogd daemon collects log information from the applications and functions specified in the /etc/syslog.conf file that is read at startup. Included in this con- figuration file are reports on login information, mail, news, and so on. The type of information that is put in the log files includes time of the event, hostname, and program name. Kernel logging with klogd The klogd daemon records information from the kernel. These Linux kernel mes- sages report on the kernel’s interaction with the hardware in the system — from the processor to the hard drives to the serial ports. All this information is placed in the /var/log/kern.log file. Both the syslogd and klogd daemons start with the system when you first initial- ize it. These daemons must start first to capture the information from the other applications as they start. Watching the system with top When you want to know what processes are consuming the most resources, turn to the top program to view a text display of this information. This program lists the top processes and shows a variety of information about them. Each process is listed on a separate line. The display lists the process ID, the user, the status, the percentage of CPU usage, the percentage of memory usage, and other information. The following shows an example of how the top program displays the information: 4710-0 ch12.F 4/10/01 11:24 AM Page 255 256 Part III ✦ Administering Linux 8:24pm up 21:46, 4 users, load average: 0.07, 0.02, 0.00 57 processes: 56 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 0.3% user, 0.9% system, 0.0% nice, 98.6% idle Mem: 46984K av, 46156K used, 828K free, 4368K shrd, 24012K buff Swap: 48380K av, 10248K used, 38132K free 4680K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 1771 jo 15 0 1264 1264 700 R 0 1.3 2.6 0:00 top 1 root 0 0 108 64 48 S 0 0.0 0.1 0:05 init 2 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 kflushd 3 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 kupdate 4 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 kpiod 5 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 kswapd 81 daemon 0 0 80 0 0 SW 0 0.0 0.0 0:00 portmap 163 root 0 0 264 216 164 S 0 0.0 0.4 0:00 syslogd 167 root 0 0 396 0 0 SW 0 0.0 0.0 0:00 klogd 173 root 0 0 76 0 0 SW 0 0.0 0.0 0:00 rpc.statd 175 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 lockd 176 root 0 0 0 0 0 SW 0 0.0 0.0 0:00 rpciod 183 root 0 0 72 0 0 SW 0 0.0 0.0 0:00 inetd 191 root 0 0 84 0 0 SW 0 0.0 0.0 0:00 lpd 201 daemon 0 0 116 52 44 S 0 0.0 0.1 0:00 atd 204 root 0 0 224 176 120 S 0 0.0 0.3 0:00 cron 209 root 0 0 752 56 40 S 0 0.0 0.1 0:00 apache The header information (the first five lines) lists the current time, how long the sys- tem has been running, the number of users connected to the system, and statistics on the system CPU, memory, and swap memory. Quickly perusing this information can help you to evaluate the status of your system and locate any trouble spots. In this case, the information in the columns list in descending order the processes using the CPU. As only one process is using the %CPU, all other processes are listed according to their process ID (PID). top only shows the processes that can fit on the screen. Table 12-5 shows the available commands for top. Table 12-5 Commands for top Command Description space Updates the display ^L Redraws the screen f or F Adds and removes fields o or O Changes the order of displayed fields h or ? Prints this list S Toggles cumulative mode i Toggles display of idle processes 4710-0 ch12.F 4/10/01 11:24 AM Page 256 257 Chapter 12 ✦ System Administration Command Description c Toggle display of command name/line l Toggles display of load average m Toggles display of memory information t Toggles display of summary information k Kills a task (with any signal) N Sorts by PID (numerically) A Sorts by age P Sorts by CPU usage M Sorts by resident memory usage T Sorts by time/cumulative time U Shows only a specific user n or # Sets the number of processes to show s Sets the delay in seconds between updates W Writes configuration file ~/.toprc Q Quits Figure 12-1: You can graphically monitor your system resources with gtop. 4710-0 ch12.F 4/10/01 11:24 AM Page 257 258 Part III ✦ Administering Linux Watching the system with gtop If you are interested in viewing the system information of top, but in a graphical interface, use gtop. This interface enables you to view, at a glance, how your sys- tem is currently performing. You get graphical representations of the CPU usage, memory usage, and swap space usage. Furthermore, the Memory tab contains a graphical representation of the used memory, the proportion used by each process, and the corresponding name of each of the processes. Figure 12-1 shows the gtop application launched from a command line. The only advantage of gtop is the point-and-click interface and menu features. top only uses keyboard interaction. gtop is more limited; for instance, you cannot kill a command from within gtop, whereas you can using top. These more advanced fea- tures have not yet been developed for gtop. Disk monitoring Another aspect of monitoring involves looking at the consumable space on the hard drives. The first Linux system I built used a 120MB hard drive. Granted not much was installed on it, but I was very concerned about the usable space on the drive. Users are not the only ones that consume disk space. Quotas can help to control user consumption, but the system itself can eat up a drive if you do not take some care. To track down these problem areas on the disk, you have to use disk utilities to monitor them. A couple of common disk utilities are du and df. They provide the useful information on the disks and filesystem, respectively. Displaying used space with du The du utility displays the space currently used by a file or directory. Here is the syntax for the du command: du [OPTION] [FILE] By default, the results are displayed in units of 1,024 bytes. Therefore, by issuing the du command of your home directory, you should get something that looks like this: $ du 36 ./docs 5640 ./pics 48 ./misc 4 ./newfiles 2912 ./programs 8668 . 4710-0 ch12.F 4/10/01 11:24 AM Page 258 259 Chapter 12 ✦ System Administration Each directory is listed separately, but the accumulation shows up as a period (.), which represents the current directory. As you can see from the example, the pics directory contains nearly 5.5MB of data while the newfiles directory contains only 4KB of data. You may be interested in some of the options, which help to make the results more readable. You can combine these options to get the results in the form you most prefer (see Table 12-6). Table 12-6 Disk usage options Option Description -a, all Prints the size of all files and directories -c, total Prints the total of all listed directories. (This is useful when listing more than one directory location.) -h, human-readable Prints sizes in human readable format for easier reading, such as 10K, 256MB, or 3GB -S, separate-dirs Excludes the size of subdirectories in the listing -s, summarize Prints only a total for each specified file or directory Checking used space on the filesystem with df When a filesystem is spread across different drives or partitions, it is important that you monitor each filesystem to make sure that enough space remains for files to be written properly. When a filesystem reaches 100 percent capacity, you must create more room in order for more information to be written again. The df com- mand shows the vital information you need to quickly check on the filesystem. Here is the syntax for the command: df [OPTION] [FILE] Here is an example of a system with its filesystem spread over several partitions of the same drive. This is not always necessary, but it illustrates how you can use the df command to get an immediate sense of a system’s capacity. $ df Filesystem 1k-blocks Used Available Use% Mounted on /dev/hdb1 992088 550464 391228 58% / Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda8 257598 24038 220256 10% / /dev/hda1 19485 593 17886 3% /boot Continued 4710-0 ch12.F 4/10/01 11:24 AM Page 259 260 Part III ✦ Administering Linux /dev/hda6 909178 268815 593392 31% /home /dev/hda5 909178 515082 347125 60% /usr /dev/hda7 257598 51210 193084 21% /var Table 12-7 lists some of the options for this command. Use these options to get a listing in the format that makes the most sense to you. Table 12-7 Display filesystem options Option Description -a, all Includes all filesystems, even those having 0 blocks -h, human-readable Prints filesystem sizes in human readable format for easy reading, such as 10K, 256MB, or 3GB -i, inodes Lists the inode information instead of block usage -l, local Limits the listing to only local filesystems no-sync Does not invoke sync before getting usage information sync Invokes sync before getting usage information sync forces any blocks stored in cache to be written to the disk. Depending on the system, this can accumulate to a significant amount of stored data in cache. Some administrators invoke the sync command as a ritual step to assure that the disk cache gets flushed. User monitoring A third form of monitoring involves monitoring the users. This is not a Big-Brother approach, but rather a means of tracking who uses the system. Tracking users as they log in helps you track login information (who is using the system, when, and for how long). This information helps you to manage the resources. Each time anyone logs into the system, an entry is made in the /var/log/wtmp file. This includes only those who are currently logged directly into the system from the console or through a remote connection. The last command The last command filters through the /var/log/wtmp file and prints all users who have logged into the machine since the file was created (which can be a long list). It also searches based on certain criteria such as user and tty number (the tty stands for teletype and refers to the virtual terminal connection someone is using). Here is the syntax for the last command: 4710-0 ch12.F 4/10/01 11:24 AM Page 260 261 Chapter 12 ✦ System Administration last [option] [name ] [tty ] If at some point you feel the need to keep a record of the wtmp file for later review, make a copy of the file. If wtmp gets moved or deleted, nothing will be logged. For this reason, it is best to make a copy of the file. Some of the options for the last command are found in Table 12-8. Table 12-8 Options used with last Option Description -num or A count indicating last how many lines to show –n num -R Suppresses the display of the hostname field -a Displays the hostname in the last column. Useful in combination with the next flag. -d For remote logins, the host name of the remote host and its IP number get stored. This option translates the IP number back into a hostname. -i This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation. -o Reads an old-type wtmp file -x Displays the system shutdown entries and run level changes /var/log/wtmp keeps a log of all successful login attempts, so what happens when a bad attempt is made? Adding a /var/log/btmp file to the system starts recording all failed login attempts to the system. It makes sure that the mode, user, and group match the wtmp file — which is usually read/write for user and group only, root as user, and utmp for group. You can then use the lastb com- mand to view a report on the bad attempts to login to the system. This command works the same as the last command, only it defaults to the btmp file. If either file doesn’t exist, then the system makes no attempts to record any login informa- tion. Debian normally installs the wtmp file only. When you reboot the system, a pseudo-user named reboot logs in. You can search on reboot to see all the times the system has been rebooted. The system logs remote hosts during log in, so it records the host IP address. Using the -d option prints a remote host as the hostname, while using the -i option displays the host as an IP address. Note 4710-0 ch12.F 4/10/01 11:24 AM Page 261 [...]... Working with Perl Perl is one of the largest and most complex scripting systems on Linux Perl has its roots in several other scripting systems, such as the shell and awk Debian ships with the Perl interpreter and a large collection of additional Perl modules To begin with Perl, you should install the perl -5. 0 05 and perl -5. 0 05- doc packages These packages provide you with a Perl environment and its documentation... fashion Debian contains the entire GNU compiler toolchain; that is, the collection of C and C++ compilers plus all of the supporting programs necessary to make them work Table 13 -5 includes a list of the programs that make up toolchain and its related utilities 4710-0 ch13.F 4/10/01 11:24 AM Page 283 Chapter 13 ✦ Scripting Table 13 -5 C and C++ toolchain programs Program Description gcc The GNU C compiler... package in Debian named package-doc If so, chances are it contains the documentation you seek Documentation for the C++ standard library is more difficult to find As of this writing, the Debian distribution does not include C++ standard library documentation However, you may find some C++ documentation in deb form at 4710-0 ch13.F 4/10/01 11:24 AM Page 2 85 Chapter 13 ✦ Scripting ftp .debian. org /debian/ project/experimental... manipulation routines libnet-ldap-perl An interface to the Lightweight Directory Access Protocol (LDAP) libcgi-pm-perl One of several different CGI interfaces for Perl GnuPG::Interface libgnupg-interface-perl An interface to GnuPG, the GNU Privacy Guard for Perl DBI libdbi-perl DBI, the Perl database interface With DBI, you can write a single program that is capable of communicating with many different... can see it Because you are using the Debian package manager to install it, this module also is upgraded automatically when Debian is Installing modules from CPAN Installing modules from CPAN is more complicated There are a couple of reasons that you might opt to install modules from CPAN rather than from Debian First, if CPAN has a newer version of a module than Debian and you need features from it,... compilers and interpreters available for use on Debian systems: ✦ kaffe is a JVM (Java Virtual Machine — a bytecode interpreter) that is included with Debian It can also function as a development environment, but it does not implement the entire Java specification from SunSoft yet Unlike Sun JDK, kaffe is portable and runs on many Debian platforms ✦ gcj is the GNU Compiler for Java This program can compile... jdk1.1-native, and jdk1.1-native-dev packages are Linux versions of Sun’s official JDK (Java Development Kit) version 1.1 However, Sun licensed these products under a license that is not compatible with the Debian Free Software Guidelines, so you will not find these as Debian packages You can find them under the devel directory in the non-free section of ftp .debian. org or with your favorite package management... those Java libraries that come with Debian If you want to install one of the many third-party Java libraries, please consult the documentation that accompanies the library for installation instructions Table 13-2 highlights some of the most popular and useful Java libraries in Debian 4710-0 ch13.F 4/10/01 11:24 AM Page 2 75 Chapter 13 ✦ Scripting Table 13-2 Java libraries Debian package name Description... Note that both packages might be in the “contrib” area of ftp .debian. org instead of on your CD lib -gnu. regexp-java This package provides regular expression support for Java With it, you can get some of the pattern matching features that you are accustomed to in languages such as Perl and awk lib -gnu. getopt-java An implementation of the GNU getopt command line parsing library for Java libpgjava A JDBC... finding Perl modules: Debian and CPAN CPAN is the Comprehensive Perl Archive Network; one of its primary functions is to serve as a repository of Perl modules The CPAN site, www.cpan.org, has hundreds of modules available for download — more than are present in Debian However, the packages that you can find in Debian are generally easier to install than those on CPAN You can install Debian packages with . 11:24 AM Page 259 260 Part III ✦ Administering Linux /dev/hda6 909178 2688 15 593392 31% /home /dev/hda5 909178 51 5082 3471 25 60% /usr /dev/hda7 257 598 51 210 193084 21% /var Table 12-7 lists some. 55 0464 391228 58 % / Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda8 257 598 24038 220 256 10% / /dev/hda1 194 85 593 17886 3% /boot Continued 4710-0 ch12.F 4/10/01 11:24 AM Page 259 260 Part. information: 4710-0 ch12.F 4/10/01 11:24 AM Page 255 256 Part III ✦ Administering Linux 8:24pm up 21:46, 4 users, load average: 0.07, 0.02, 0.00 57 processes: 56 sleeping, 1 running, 0 zombie, 0 stopped CPU