Chapter 9 - RHCSA Level System Administration
Configure Access with VNC
yum install vinagre tigetvnc tigervnc-server -y[root@server01 ~]# tail /etc/sysconfig/vncservers
# http://kbase.redhat.com/faq/docs/DOC-7028
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
# VNCSERVERS="2:myusername"
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
[root@server01 ~]# service vncserver status
Xvnc is stopped
[root@server01 ~]# chkconfig --list vncserver
vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off
NOTE : Better and more complete VNC Client + Server Config examples later !!!
# vncviewer
Configure the firewall
[root@server01 ~]# iptables -L | grep -i vnc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:vnc-server:5905
[root@server01 ~]#
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:vnc-server:5905
[root@server01 ~]#
Process Control :
List all of a user's processes
[root@server01 ~]# ps -u dick
PID TTY TIME CMD
4638 pts/1 00:00:00 bash
4662 pts/1 00:00:00 vim
PID TTY TIME CMD
4638 pts/1 00:00:00 bash
4662 pts/1 00:00:00 vim
top command
Elementary System Admin Commands
Process Displays :
[root@server01 ~]# ps -ef | head
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 09:23 ? 00:00:01 /sbin/init
root 2 0 0 09:23 ? 00:00:00 [kthreadd]
root 3 2 0 09:23 ? 00:00:00 [migration/0]
root 4 2 0 09:23 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 09:23 ? 00:00:00 [migration/0]
root 6 2 0 09:23 ? 00:00:00 [watchdog/0]
root 7 2 0 09:23 ? 00:00:00 [events/0]
root 8 2 0 09:23 ? 00:00:00 [cpuset]
root 9 2 0 09:23 ? 00:00:00 [khelper]
[root@server01 ~]# ps aux | head
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 19324 1504 ? Ss 09:23 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 09:23 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 09:23 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S 09:23 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S 09:23 0:00 [migration/0]
root 6 0.0 0.0 0 0 ? S 09:23 0:00 [watchdog/0]
root 7 0.0 0.0 0 0 ? S 09:23 0:00 [events/0]
root 8 0.0 0.0 0 0 ? S 09:23 0:00 [cpuset]
root 9 0.0 0.0 0 0 ? S 09:23 0:00 [khelper]
[root@server01 ~]#
That was exciting....tell me I haven't run those two commands about a million times in my career ... :) ....zzzzZZZzzzzzz..Zzzz
ahhh...ooohh..(just like at the fireworks display, except two colors only :)
[root@server01 ~]# ps eux | head
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 19324 1504 ? Ss 09:23 0:01 /sbin/init HOME=/ TERM=linux PATH=/sbin:/bin:/usr/sbin:/usr/bin
root 2 0.0 0.0 0 0 ? S 09:23 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 09:23 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S 09:23 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S 09:23 0:00 [migration/0]
root 6 0.0 0.0 0 0 ? S 09:23 0:00 [watchdog/0]
root 7 0.0 0.0 0 0 ? S 09:23 0:00 [events/0]
root 8 0.0 0.0 0 0 ? S 09:23 0:00 [cpuset]
root 9 0.0 0.0 0 0 ? S 09:23 0:00 [khelper]
[root@server01 ~]#
[root@server01 ~]# ps axl | head
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 1 0 20 0 19324 1504 poll_s Ss ? 0:01 /sbin/init
1 0 2 0 20 0 0 0 kthrea S ? 0:00 [kthreadd]
1 0 3 2 -100 - 0 0 migrat S ? 0:00 [migration/0]
1 0 4 2 20 0 0 0 ksofti S ? 0:00 [ksoftirqd/0]
1 0 5 2 -100 - 0 0 cpu_st S ? 0:00 [migration/0]
5 0 6 2 -100 - 0 0 watchd S ? 0:00 [watchdog/0]
1 0 7 2 20 0 0 0 worker S ? 0:00 [events/0]
1 0 8 2 20 0 0 0 worker S ? 0:00 [cpuset]
1 0 9 2 20 0 0 0 worker S ? 0:00 [khelper]
[root@server01 ~]#
System Activty Reporter
[root@server01 ~]# sar -A | head
Linux 2.6.32-131.0.15.el6.x86_64 (server01) 06/15/2012 _x86_64_ (1 CPU)
08:33:11 AM LINUX RESTART
08:40:01 AM CPU %usr %nice %sys %iowait %steal %irq %soft %guest %idle
08:50:02 AM all 14.50 0.00 17.16 2.70 0.00 0.93 38.19 0.00 26.52
08:50:02 AM 0 14.50 0.00 17.16 2.70 0.00 0.93 38.19 0.00 26.52
09:00:01 AM all 0.03 0.00 0.09 0.15 0.00 0.00 0.06 0.00 99.68
09:00:01 AM 0 0.03 0.00 0.09 0.15 0.00 0.00 0.06 0.00 99.68
09:10:02 AM all 0.07 0.00 0.12 0.16 0.00 0.00 0.06 0.00 99.59
[root@server01 ~]#
Daily repots are in /var/log/sa directory
[root@server01 ~]# ls -lrt /var/log/sa
total 3992
-rw-r--r--. 1 root root 83700 Jun 6 19:30 sa06
-rw-r--r--. 1 root root 226676 Jun 7 23:50 sa07
-rw-r--r--. 1 root root 277187 Jun 7 23:53 sar07
-rw-r--r--. 1 root root 337956 Jun 8 23:50 sa08
-rw-r--r--. 1 root root 358721 Jun 8 23:53 sar08
-rw-r--r--. 1 root root 342612 Jun 9 23:50 sa09
-rw-r--r--. 1 root root 362358 Jun 9 23:53 sar09
-rw-r--r--. 1 root root 342612 Jun 10 23:50 sa10
-rw-r--r--. 1 root root 362358 Jun 10 23:53 sar10
-rw-r--r--. 1 root root 78876 Jun 11 05:20 sa11
-rw-r--r--. 1 root root 206116 Jun 12 23:50 sa12
-rw-r--r--. 1 root root 252127 Jun 12 23:53 sar12
-rw-r--r--. 1 root root 333396 Jun 13 23:50 sa13
-rw-r--r--. 1 root root 371080 Jun 13 23:53 sar13
-rw-r--r--. 1 root root 43580 Jun 14 02:40 sa14
-rw-r--r--. 1 root root 34740 Jun 15 11:10 sa15
[root@server01 ~]# cat /etc/cron.d/sysstat
# Run system activity accounting tool every 10 minutes
*/10 * * * * root /usr/lib64/sa/sa1 -S DISK 1 1
# 0 * * * * root /usr/lib64/sa/sa1 -S DISK 600 6 &
# Generate a daily summary of process accounting at 23:53
53 23 * * * root /usr/lib64/sa/sa2 -A
IOstat usage to monitor disk activity :
[root@server01 ~]# iostat /dev/sdb1Linux 2.6.32-131.0.15.el6.x86_64 (server01) 06/15/2012 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.30 0.01 0.52 0.61 0.00 98.56
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
sdb1 0.03 0.20 0.00 1384 0
[root@server01 ~]#
Nice and Renice :
[root@server01 ~]# ps -u dickPID TTY TIME CMD
4638 pts/1 00:00:00 bash
4890 pts/1 00:00:00 vim
[root@server01 ~]# top -u dick
top - 11:29:18 up 2:05, 3 users, load average: 0.00, 0.04, 0.02
Tasks: 155 total, 1 running, 154 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3%us, 0.4%sy, 0.0%ni, 98.7%id, 0.6%wa, 0.0%hi, 0.1%si, 0.0%st
Mem: 2055876k total, 685640k used, 1370236k free, 50324k buffers
Swap: 4128760k total, 0k used, 4128760k free, 305288k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4638 dick 20 0 105m 1792 1452 S 0.0 0.1 0:00.01 bash
4890 dick 20 0 140m 3700 2536 S 0.0 0.2 0:00.04 vim
[root@server01 ~]# renice -10 4890
4890: old priority 0, new priority -10
[root@server01 ~]# top -u dick
top - 11:32:05 up 2:08, 3 users, load average: 0.00, 0.02, 0.01
Tasks: 155 total, 1 running, 154 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3%us, 0.4%sy, 0.0%ni, 98.7%id, 0.5%wa, 0.0%hi, 0.1%si, 0.0%st
Mem: 2055876k total, 685764k used, 1370112k free, 50340k buffers
Swap: 4128760k total, 0k used, 4128760k free, 305288k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4638 dick 20 0 105m 1792 1452 S 0.0 0.1 0:00.01 bash
4890 dick 10 -10 140m 3700 2536 S 0.0 0.2 0:00.04 vim
Run the web server with less priority in scheduler (normal = 0)
[root@server01 ~]# nice -n 12 /etc/init.d/httpd start
Starting httpd: [ OK ]
[root@server01 ~]#
root 4973 1 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4975 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4976 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4977 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4978 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4979 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4980 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4981 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4982 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
root 4984 2148 0 11:34 pts/0 00:00:00 grep httpd
[root@server01 ~]#
[root@server01 ~]# top -p 4973
top - 11:36:09 up 2:12, 3 users, load average: 0.00, 0.00, 0.00
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 2055876k total, 726540k used, 1329336k free, 50400k buffers
Swap: 4128760k total, 0k used, 4128760k free, 309740k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4973 root 32 12 291m 12m 6700 S 0.0 0.6 0:00.06 httpd
Kill command and signals :
[root@server01 ~]# kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX
[root@server01 ~]#
[root@server01 ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@server01 ~]# ps -ef | grep ftp
root 5043 1 0 11:39 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 5046 2148 0 11:39 pts/0 00:00:00 grep ftp
[root@server01 ~]#
[root@server01 ~]# kill -1 5043
[root@server01 ~]# ps -ef | grep ftp
root 5043 1 0 11:39 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 5077 2148 0 11:42 pts/0 00:00:00 grep ftp
[root@server01 ~]# kill -15 5043
[root@server01 ~]# ps -ef | grep ftp
root 5087 2148 0 11:43 pts/0 00:00:00 grep ftp
[root@server01 ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@server01 ~]# ps -ef | grep ftp
root 5101 1 0 11:43 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 5103 2148 0 11:43 pts/0 00:00:00 grep ftp
[root@server01 ~]#
NOTE : kill -HUP <pidno> will not 'kill the process' but will cause an internal restart of the application and re-reading of it's config files .
[root@server01 ~]# ps -ef | grep httpd
root 4973 1 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4975 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4976 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4977 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4978 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4979 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4980 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4981 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
apache 4982 4973 0 11:34 ? 00:00:00 /usr/sbin/httpd
root 5062 2148 0 11:40 pts/0 00:00:00 grep httpd
[root@server01 ~]#
[root@server01 ~]#
[root@server01 ~]# killall httpd
[root@server01 ~]# ps -ef | grep httpd
root 5065 2148 0 11:41 pts/0 00:00:00 grep httpd
Examples with gzip bzip2 and tar commands :
[root@server01 img]# ls -l IMG00673-20120601-1026.jpg-rw-r--r--. 1 root root 327533 Jun 15 15:40 IMG00673-20120601-1026.jpg
[root@server01 img]#
[root@server01 img]# gzip IMG00673-20120601-1026.jpg
[root@server01 img]# ls -lrt IMG00673-20120601-1026.jpg
ls: cannot access IMG00673-20120601-1026.jpg: No such file or directory
[root@server01 img]# ls -lrt IMG00673-20120601-1026.jpg.gz
-rw-r--r--. 1 root root 327133 Jun 15 15:40 IMG00673-20120601-1026.jpg.gz
[root@server01 img]# ls -lrt
total 2348
-rw-r--r--. 1 root root 327133 Jun 15 15:40 IMG00673-20120601-1026.jpg.gz
-rw-r--r--. 1 root root 81084 Jun 15 15:40 rhce10.png
-rw-r--r--. 1 root root 1688479 Jun 15 15:40 rhce1.png
-rw-r--r--. 1 root root 99753 Jun 15 15:40 rhce12.png
-rw-r--r--. 1 root root 92287 Jun 15 15:40 rhce13.png
-rw-r--r--. 1 root root 103120 Jun 15 15:40 rhce11.png
[root@server01 img]#
[root@server01 img]# bzip2 rhce1.png
[root@server01 img]# ls -lrt rhce1.png
ls: cannot access rhce1.png: No such file or directory
[root@server01 img]# ls -lrt rhce1.png.bz2
-rw-r--r--. 1 root root 1689708 Jun 15 15:40 rhce1.png.bz2
[root@server01 img]#
Unpacking :
[root@server01 img]# gzip -d IMG00673-20120601-1026.jpg.gz
[root@server01 img]# ls -lrt IMG00673-20120601-1026.jpg-rw-r--r--. 1 root root 327533 Jun 15 15:40 IMG00673-20120601-1026.jpg
[root@server01 img]# bzip2 -d rhce1.png.bz2
[root@server01 img]# ls -l rhce1.png
-rw-r--r--. 1 root root 1688479 Jun 15 15:40 rhce1.png
[root@server01 img]# tar czvf dick.home.tar.gz /home/dick
tar: Removing leading `/' from member names
/home/dick/
/home/dick/newdir4/
/home/dick/.bash_logout
/home/dick/newdir777/
/home/dick/newfile1000.txt
/home/dick/.gnome2/
/home/dick/.mozilla/
/home/dick/.mozilla/plugins/
/home/dick/.mozilla/extensions/
/home/dick/.file1.txt.swp
/home/dick/.viminfo
/home/dick/.bash_profile
/home/dick/.bashrc
/home/dick/file1.txt
/home/dick/.bash_history
/home/dick/newfile1.txt
[root@server01 img]# ls -lrt dick.home.tar.gz
-rw-r--r--. 1 root root 1381 Jun 15 16:28 dick.home.tar.gz
Just view contents inside the tar file :
[root@server01 img]# tar -tzvf dick.home.tar.gz
drwx------ dick/dick 0 2012-06-15 11:26 home/dick/
drwxrwxr-x dick/dick 0 2012-06-15 09:27 home/dick/newdir4/
-rw-r--r-- dick/dick 18 2011-01-27 07:41 home/dick/.bash_logout
drwx------ dick/dick 0 2012-06-15 09:30 home/dick/newdir777/
-rw------- dick/dick 0 2012-06-15 10:23 home/dick/newfile1000.txt
drwxr-xr-x dick/dick 0 2010-07-14 10:55 home/dick/.gnome2/
drwxr-xr-x dick/dick 0 2012-06-06 06:51 home/dick/.mozilla/
drwxr-xr-x dick/dick 0 2009-12-02 20:21 home/dick/.mozilla/plugins/
drwxr-xr-x dick/dick 0 2009-12-02 20:21 home/dick/.mozilla/extensions/
-rw-r--r-- dick/dick 12288 2012-06-15 11:26 home/dick/.file1.txt.swp
-rw------- dick/dick 761 2012-06-15 11:06 home/dick/.viminfo
-rw-r--r-- dick/dick 187 2012-06-15 09:29 home/dick/.bash_profile
-rw-r--r-- dick/dick 124 2011-01-27 07:41 home/dick/.bashrc
-rw-rw-r-- dick/dick 0 2012-06-15 09:27 home/dick/file1.txt
-rw------- dick/dick 620 2012-06-15 10:35 home/dick/.bash_history
-rw------- dick/dick 0 2012-06-15 09:30 home/dick/newfile1.txt
[root@server01 img]# yum install star -y
[root@server01 img]# star -xattr -H=exustar -c -f=dick.home.star /home/dick
star: 5 blocks + 0 bytes (total of 51200 bytes = 50.00k).
[root@server01 img]# ls dick.home.star
dick.home.star
To unpack a star archive
[root@server01 img]# cp -p dick.home.star /home/gina/[root@server01 img]# cd /home/gina/
[root@server01 gina]# ll
total 52
-rw-r--r--. 1 root root 51200 Jun 15 16:32 dick.home.star
[root@server01 gina]# star -x -f=dick.home.star
star: WARNING: skipping leading '/' on filenames.
star: 5 blocks + 0 bytes (total of 51200 bytes = 50.00k).
[root@server01 gina]# ls -lrt
total 56
-rw-r--r--. 1 root root 51200 Jun 15 16:32 dick.home.star
drwxr-xr-x. 3 root root 4096 Jun 15 16:35 home
[root@server01 gina]#
Automate System Administration : cron and at
The crontab conf file is :/etc/crontab
[root@server01 gina]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * command to be executed
The directory /var/spool/cron is where user cronjobs go to :
[root@server01 gina]# ls -ld /var/spool/cron/
drwx------. 2 root root 4096 Mar 4 2011 /var/spool/cron/
The anacron system in new to RHEL6, and will help run crontabs on machines that were power off at cron job time, after systems are booted back up :
[root@server01 gina]# cat /etc/anacrontab
# /etc/anacrontab: configuration file for anacron
# See anacron(8) and anacrontab(5) for details.
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# the maximal random delay added to the base delay of the jobs
RANDOM_DELAY=45
# the jobs will be started during the following hours only
START_HOURS_RANGE=3-22
#period in days delay in minutes job-identifier command
1 5 cron.daily nice run-parts /etc/cron.daily
7 25 cron.weekly nice run-parts /etc/cron.weekly
@monthly 45 cron.monthly nice run-parts /etc/cron.monthly
Also another directory for cron jobs :
[root@server01 gina]# ls -lrt /etc/cron.d
total 16
-rw-r--r--. 1 root root 459 Mar 17 2010 sa-update
-rw-r--r--. 1 root root 113 Mar 4 2011 0hourly
-rw-r--r--. 1 root root 108 Mar 28 2011 raid-check
-rw-r--r--. 1 root root 251 Mar 31 2011 sysstat
Cronjob example :
[root@server01 gina]# crontab -eno crontab for root - using an empty one
*/3 * 15 6 * /bin/date >> /tmp/`uname -n`.date.report
every 3 minutes, every hour, on the 15th of june, dow does not matter, run following command.
[root@server01 gina]# crontab -l
*/2 * 15 6 * /bin/date >> /tmp/`uname -n`.`date +%m%d%y%H%M`.report
[root@server01 gina]# ls -lrt /tmp/*.report
ls: cannot access /tmp/*.report: No such file or directory
Ooops ...heh heh ...
[root@server01 gina]# mail
Heirloom Mail version 12.4 7/29/08. Type ? for help.
"/var/spool/mail/root": 17 messages 15 new
1 Cron Daemon Wed Jun 6 08:01 25/824 "Cron <root@server01> run-parts /etc/cron.hourly"
2 Cron Daemon Wed Jun 6 19:01 25/824 "Cron <root@server01> run-parts /etc/cron.hourly"
>N 3 Cron Daemon Thu Jun 7 06:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 4 Cron Daemon Fri Jun 8 05:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 5 Cron Daemon Fri Jun 8 06:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 6 Cron Daemon Tue Jun 12 08:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 7 Cron Daemon Wed Jun 13 05:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 8 abrt@localhost.local Wed Jun 13 06:00 107/2669 "[abrt] new crash was detected"
N 9 Cron Daemon Wed Jun 13 06:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 10 Cron Daemon Wed Jun 13 10:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 11 Cron Daemon Wed Jun 13 11:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 12 Cron Daemon Fri Jun 15 09:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 13 Cron Daemon Fri Jun 15 10:01 24/813 "Cron <root@server01> run-parts /etc/cron.hourly"
N 14 Cron Daemon Fri Jun 15 17:10 22/856 "Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +"
N 15 Cron Daemon Fri Jun 15 17:12 22/856 "Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +"
N 16 Cron Daemon Fri Jun 15 17:14 22/856 "Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +"
N 17 Cron Daemon Fri Jun 15 17:16 22/856 "Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +"
& 17
Message 17:
From root@server01.localdomain Fri Jun 15 17:16:02 2012
Return-Path: <root@server01.localdomain>
X-Original-To: root
Delivered-To: root@server01.localdomain
From: root@server01.localdomain (Cron Daemon)
To: root@server01.localdomain
Subject: Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Date: Fri, 15 Jun 2012 17:16:02 -0500 (CDT)
Status: R
/bin/sh: -c: line 0: unexpected EOF while looking for matching ``'
/bin/sh: -c: line 1: syntax error: unexpected end of file
New mail has arrived.
Loaded 1 new message
N 18 Cron Daemon Fri Jun 15 17:18 22/856 "Cron <root@server01> /bin/date >> /tmp/`uname -n`.`date +"
&
...wait for it , wait for it ...
[root@server01 gina]# watch -n 5 "ls -lrt /tmp/*.report"
...nothin...
Had to change to ...
[root@server01 gina]# crontab -l
*/2 * 15 6 * /bin/date >> /tmp/`uname -n`.$(date \+\%m\%d\%y\%H\%M).report
What a pain in the ass crontab thy are !!!
[root@server01 gina]# watch -n 5 "ls -lrt /tmp/*.report"Every 5.0s: ls -lrt /tmp/*.report Fri Jun 15 17:30:30 2012
-rw-r--r--. 1 root root 29 Jun 15 17:28 /tmp/server01.0615121728.report
-rw-r--r--. 1 root root 29 Jun 15 17:30 /tmp/server01.0615121730.report
Yeah baby...yeah ..!
Ranges can be defined in fields like :
*/5 = Every 5 minutes, hours, whatever the field is
5,15,20 = 5, 15, 20 minutes past the hour
7-10 = 7, 8th, 9th, 10th
Crontab switches :
-u user-l list all current crontab entries
-r removes crontab entries
-e edit crontab
Anacron job format :
# period in days delay_in_minutes job-id command
At Command Examples :
[root@server01 gina]# at now + 2 minuteat> /sbin/ifconfig eth0 >> /tmp/eth0.txt
at> <EOT>
job 1 at 2012-06-15 17:34
[root@server01 gina]# atq
1 2012-06-15 17:34 a root
[root@server01 gina]# ls -lrt /tmp/eth0.txt
-rw-r--r--. 1 root root 494 Jun 15 17:34 /tmp/eth0.txt
[root@server01 gina]# cat /tmp/eth0.txt
eth0 Link encap:Ethernet HWaddr 00:0C:29:3A:FF:14
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe3a:ff14/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:414016 errors:0 dropped:0 overruns:0 frame:0
TX packets:9463 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29177222 (27.8 MiB) TX bytes:1427051 (1.3 MiB)
[root@server01 gina]#
Removing an 'at' job :
[root@server01 gina]# at now + 1 hour
at> date >> /tmp/date.txt
at> <EOT>
job 2 at 2012-06-15 18:35
[root@server01 gina]# atq
2 2012-06-15 18:35 a root
[root@server01 gina]# atrm 2
[root@server01 gina]# atq
[root@server01 gina]#
Securing at and cron :
/etc/cron.allow only users listed in here can run crontab
/etc/cron.deny all uses listed in here CANNOT use crontab
[root@server01 gina]# ls -lrt /etc | grep cron
drwxr-xr-x. 2 root root 4096 Dec 2 2009 cron.weekly
-rw-r--r--. 1 root root 448 Dec 2 2009 crontab
-rw-r--r--. 1 root root 0 Mar 4 2011 cron.deny
-rw-r--r--. 1 root root 541 Mar 4 2011 anacrontab
drwxr-xr-x. 2 root root 4096 Jun 6 06:56 cron.monthly
drwxr-xr-x. 2 root root 4096 Jun 6 06:57 cron.d
drwxr-xr-x. 2 root root 4096 Jun 6 06:57 cron.daily
drwxr-xr-x. 2 root root 4096 Jun 6 06:57 cron.hourly
/etc/cron.allow does NOT exist by default
If cron.allow file exists, then you must be listed therein in order to be allowed to use this command. If the cron.allow file does not exist but the cron.deny file does exist, then you must not be listed in the cron.deny file in order to use this command.
-----------------------------------------------------------------------------
/etc/at.allow
/etc/at.deny
If the file /etc/at.allow exists, only usernames mentioned in it are allowed to use at. If /etc/at.allow does not exist, /etc/at.deny is checked, every username not mentioned in it is then allowed to use at.
Local Log File Analysis
rsyslog daemon on rhel6 handles logging :/etc/init.d/rsyslog
/etc/rsyslog.conf
The main configuration file for
rsyslog is /etc/rsyslog.conf. It is essentially divided in the following parts:- Modules
- Global directives
- Rules
- Templates
- Filter conditions
- Output channels
Good link for rsyslog : http://en.gentoo-wiki.com/wiki/Rsyslog
Facility
Numerical Code  | Facility | Description |
|---|---|---|
| 0 | kern | kernel messages |
| 1 | user | user-level messages |
| 2 | mail system | |
| 3 | daemon | system daemons |
| 4 | auth | security/authorization messages |
| 5 | syslog | messages generated internally by syslogd |
| 6 | lpr | line printer subsystem |
| 7 | news | network news subsystem |
| 8 | uucp | UUCP subsystem |
| 9 | cron | clock daemon |
| 10 | security | security/authorization messages |
| 11 | ftp | FTP daemon |
| 12 | ntp | NTP subsystem |
| 13 | logaudit | log audit |
| 14 | logalert | log alert |
| 15 | clock | clock daemon (note 2) |
| 16 | local0 | local use 0 (local0) |
| 17 | local1 | local use 1 (local1) |
| 18 | local2 | local use 2 (local2) |
| 19 | local3 | local use 3 (local3) |
| 20 | local4 | local use 4 (local4) |
| 21 | local5 | local use 5 (local5) |
| 22 | local6 | local use 6 (local6) |
| 23 | local7 | local use 7 (local7) |
Severity
| Numerical Code | Severity | Description |
|---|---|---|
| 0 | emerg | system is unusable |
| 1 | alert | action must be taken immediately |
| 2 | crit | critical conditions |
| 3 | error | error conditions |
| 4 | warning | warning conditions |
| 5 | notice | normal but significant condition |
| 6 | info | informational messages |
| 7 | debug | debug-level messages |
Format is then like :
*.info;mail.none;authpriv.none;cron.none /var/log/messagesLog Rotation and Log File Management :
/etc/logrotate.conf/etc/logrotate.d
Logrotate config file is fairly straightforward :
[root@server01 gina]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
Most servrices are logged into the /var/log directory by default .
Some services like vsftp and apache httpd have their own logging mechanisms and don't use logrotate facility .
No comments:
Post a Comment