Title: Linux Guide to Linux Certification, Third Edition
1Linux Guide to Linux Certification, Third Edition
- Chapter 14
- Troubleshooting, Performance, and Security
2Objectives
- Describe and outline good troubleshooting
practices - Effectively troubleshoot common hardware- and
software-related problems - Monitor system performance using command-line and
graphical utilities - Identify and fix common performance problems
3Objectives (continued)
- Describe the different facets of Linux security
- Increase the security of a Linux computer
- Outline measures and utilities that can be used
to detect a Linux security breach
4Troubleshooting Methodology
Figure 14-1 The maintenance cycle
5Troubleshooting Methodology (continued)
- Monitoring observing log files and running
performance utilities system to identify problems
and their causes - Proactive maintenance minimizing chance of
future problems - e.g., perform regular system backups
6Troubleshooting Methodology (continued)
- Reactive maintenance correcting problems when
they arise - Documenting solutions
- Developing better proactive maintenance methods
- Documentation system information stored in a log
book for future references - All maintenance actions should be documented
- Troubleshooting procedures tasks performed when
solving system problems
7Troubleshooting Methodology (continued)
Figure 14-2 Common troubleshooting procedures
8Troubleshooting Methodology (continued)
- Two troubleshooting golden rules
- Prioritize problems according to severity
- Spend reasonable amount of time on each problem
given its priority - Ask for help if you cant solve the problem
- Try to solve the root of the problem
- Avoid missing underlying cause
- Justify why a certain solution is successful
9Resolving Common System Problems
- Three categories of problems
- Hardware-related
- Software-related
- User interface-related
10Hardware-Related Problems
- Often involve improper hardware or software
configuration - SCSI termination
- Video card and monitor configuration
- All hardware is on Hardware Compatibility List
- POST test alerts
- Loose hardware connections
- Problems specific to the type of hardware
- View output of dmesg command
- View content of /var/log/boot.log,
/var/log/messages
11Hardware-Related Problems (continued)
- Absence of device drivers prevent OS from using
associated devices - dmesg command displays the hardware that is
detected by the Linux kernel - lsusb command displays a list of USB devices
detected by the Linux kernel - lspci command displays a list of PCI devices
detected by the Linux kernel - Compare outputs of commands to output of lsmod to
determine if driver module is missing from kernel
12Hardware-Related Problems (continued)
- Hardware failure can render a device unusable
- HDDs most common hardware components to fail
- If HDD containing partitions mounted on
noncritical directories fails - Power down computer and replace failed HDD
- Boot Linux system
- Use fdisk to create partitions on replaced HDD
- Use mkfs to create filesystems
- Restore original data
- Ensure /etc/fstab has appropriate entries to
mount filesystems
13Hardware-Related Problems (continued)
- If HDD containing / filesystem fails
- Power down computer and replace failed HDD
- Reinstall Linux on new HDD
- Restore original configuration and data files
14Software-Related ProblemsApplication-Related
Problems
- Missing program libraries/files, process
restrictions, or conflicting applications - Dependencies prerequisite shared libraries or
packages required for program execution - Programs usually check at installation
- Package files may be removed accidentally
15Software-Related ProblemsApplication-Related
Problems (continued)
- rpm V command identify missing files in a
package or package dependency - ldd command display shared libraries used by a
program - ldconfig command updates list of shared library
directories (/etc/ld.so.conf) and list of shared
libraries (/etc/ld.so.cache)
16Software-Related ProblemsApplication-Related
Problems (continued)
- Too many running processes
- Solve by killing parent process of zombie
processes - Filehandles connections programs make to files
- ulimit command modify process limit parameters
in current shell - Can also modify max number of filehandles
17Software-Related ProblemsApplication-Related
Problems (continued)
- /var/log directory contains most system log
files - Some are hard linked to /var/log directory
- If applications stop functioning due to
difficulty gaining resources, restart using
SIGHUP - Do determine if another process trying to access
the same resources attempt to start application
in Single User Mode - If resource conflict is the cause of the problem,
download newer version of application or
application fix
18Software-Related ProblemsOperating
System-Related Problems
- Most software-related problems related to OS
- X windows, boot loader, and filesystem problems
- Problem detecting video card or monitors by the
kernel - To isolate problem starting X Windows or gdm
- View /var/log/Xorg.0.log file
- Execute xwininfo or xdpyinfo
19Software-Related ProblemsOS-Related Problems
(continued)
- LILO problems place linear in, remove
compact from /etc/lilo.conf file - GRUB problems typically result of missing files
in /boot directory - Ensure Linux kernel resides before 1024th
cylinder and lba32 keyword is in configuration
file - Eliminates BIOS problems with large HDDs
20Software-Related ProblemsOS-Related Problems
(continued)
- If filesystem on partition mounted to noncritical
directory becomes corrupted - Unmount filesystem
- Run fsck command with f (full) option
- If fsck command cannot repair filesystem, use
mkfs command to re-create the filesystem - Restore filesystems original data
21Software-Related ProblemsOS-Related Problems
(continued)
- If / filesystem is corrupted
- Boot from Fedora installation media and enter
System Rescue - At shell prompt within System Rescue
- Use mkfs to recreate the filesystem
- Use backup utility to restore original data to
the re-created / filesystem - Exit System Rescue and reboot system
- Knoppix Linux and BBC Linux bootable Linux
distributions with many filesystem repair
utilities
22Software-Related Problems User
Interface-Related Problems
- Assistive technologies tools that users can use
to modify their desktop experience - Assistive Technologies Preference utility within
GNOME Desktop Environment - Preferred Applications to configure Web browser,
multimedia player and terminal applications to be
opened automatically - Mouse Accessibility to configure speed and click
behavior - Keyboard Accessibility to configure keyboard
related assistive technologies
23Software-Related Problems User
Interface-Related Problems (continued)
Figure 14-3 The Assistive Technologies
Preferences utility
24Performance Monitoring
- Jabbering failing hardware components send large
amounts of information to CPU - Other causes of poor performance
- Software monopolizes system resources
- Too many processes
- Too many read/write requests to HDD
- Rogue processes
25Performance Monitoring (continued)
- To solve software performance issues
- Remove software from the system
- Move software to another Linux system
- Add CPU or otherwise alter hardware
- Bus mastering peripheral components perform
tasks normally executed by CPU
26Performance Monitoring (continued)
- To increase performance
- Add RAM
- Upgrade to faster HDDs
- Disk Striping RAID
- Keep CD/DVD drives on a separate HDD controller
- Run performance utilities on a regular basis
- Record results in a system log book
- Eases identification of performance problems
- Baseline measure of normal system activity
27Monitoring Performance with sysstat Utilities
- System Statistics (sysstat) package contains
wide range of system monitoring utilities - Use yum install sysstat command to install
- mpstat (multiple processor statistics) command
displays CPU statistics - Used to monitor CPU performance
- Can specify interval and number of measurements
rather than displaying average values - sys should be smaller than usr and nice
combined
28Monitoring Performance with sysstat Utilities
(continued)
- iostat (Input/Output Statistics) command
measures flow of information to and from disk
devices - Displays CPU statistics similar to mpstat
- Displays statistics for each disk device on the
system - Output includes
- Transfers per second
- Number of blocks read and written per second
- Total number of blocks read and written for the
device
29Monitoring Performance with sysstat Utilities
(continued)
- sar (System Activity Reporter) command displays
various system statistics taken in the last day - Provides more information than mpstat and iostat
- By default scheduled to run every 10 minutes
- Output logged to a file in /var/log/sa directory
- -f option View statistics from a specific file
- Can be used to take current system measurements
30Monitoring Performance with sysstat Utilities
(continued)
- Additional sar options
- -q option Displays processor queue statistics
- runq -sz value Number of processes waiting for
execution on processor run queue - plist -sz value Indicates number of processes
currently running - ldavg values Represent average CPU load
- -W option Displays number of pages sent to and
taken from swap partition - Large number causes slower performance
- Add RAM to resolve
31Monitoring Performance with sysstat Utilities
(continued)
Table 14-1 Common options to the sar command
32Other Performance Monitoring Utilities
- top command displays CPU statistics, swap usage,
memory usage and average CPU load - free command displays total amounts of physical
and swap memory and their utilizations - Can be used to indicate whether more physical
memory is required - vmstat command displays memory, CPU, and swap
statistics - Can be used to indicate whether more physical
memory is required
33Security
- Linux systems typically made available across
networks such as the Internet - More prone to security loopholes and attacks
- Should improve local and network security
- Understand how to detect intruders who breach the
system
34Securing the Local Computer
- Limit access to physical computer itself
- Prevent malicious users from accessing files by
directly booting the computer with their own
device - Server closet secured room to store servers
- Remove floppy, CD, and DVD drives from
workstations - Ensure BIOS prevents booting from USB ports
35Securing the Local Computer (continued)
- Ensure BIOS password is set
- Set boot loader password in LILO or GRUB
configuration file - Prevents intruder from interacting with boot
loader - Limit access to graphical desktops and shells
- Exit command-line shell before leaving computer
- nohup command prevents background processes from
being killed when parent shell is killed or
exited - Lock screen using GNOME or KDE
36Securing the Local Computer (continued)
- Minimize root users time logged in
- su (switch user) command switch current user
account to another - Used to switch between root user and regular user
- sudo command perform commands as another user if
you have the rights to do that listed in
/etc/sudoers file
37Protecting Against Network Attacks
- Always a possibility that hackers can manipulate
a network service by interacting with it in
unusual ways - Buffer overrun program information for a network
service altered in memory
38Network Security Essentials
- Minimize number of running network services
- nmap (network mapper) command scans ports on
network computers - User can determine what network services are
running - Ensure that services that are not needed are not
automatically started when entering the runlevel
39Network Security Essentials (continued)
- Ensure network service daemons for essential
services not run as root user when possible - Ensure that shell listed in /etc/passwd for
daemons is set to /sbin/nologin - Hacker will not be able to get BASH shell
- New network service versions usually include
fixes for known network attacks - Keep network services up-to-date
40Network Security Essentials (continued)
- TCP wrapper program that can start a network
daemon - Checks /etc/hosts.allow and /etc/hosts.deny files
before starting a network daemon - Examine permissions for files and directories
associated with system and network services
41Configuring a Firewall
- netfilter/iptables used to configure a firewall
- Discard network packets according to chains of
rules - Chains specify general type of network traffic
to apply rules to - Rules match network traffic to be allowed or
dropped - Three chain types
- INPUT incoming packets
- FORWARD packets passing through computer
- OUTPUT chain outgoing packets
42Configuring a Firewall (continued)
- iptables command creates rules for a chain
- Can be based on source IP, destination IP,
protocol used, or packet status - Stateful packet filter Remembers traffic allowed
in an existing session and adjust rules
appropriately - Easier to use graphical utility to configure
firewalls
43Table 14-2 Common iptables options
44Configuring a Firewall (continued)
Figure 14-4 The Firewall Configuration utility
45Configuring SELinux
- SELinux Security Enhanced Linux
- By default, configured and enabled during Fedora
installation - Series of kernel patches and utilities created by
NSA - Enforces role-based security
- To enable, edit /etc/selinux/config file
- Configure SELINUXTYPE option
- Reboot and relabel the system
- sestatus command view current SELinux status
46Using Encryption to Protect Network Data
- Use encryption algorithms to protect data before
it is transmitted on a network - Asymmetric encryption uses a pair of keys
uniquely generated on each system - Public key freely distributed
- Private key used only by the system, never
distributed - Can be used to authenticate messages
- Digital signature message that has been
encrypted using a private key
47Working with SSH
- By default, SSH uses RSA to encrypt data and DSA
to digitally sign data - System wide RSA and DSA key pairs are generated
the first time SSH daemon is started - Tunneling enclosing network traffic within
encrypted SSH packets - SSH identity used to automatically authenticate
to other computers using digital signatures - Manage keys using Password and Encryption Keys
utility
48Working with SSH (continued)
Figure 14-5 The Passwords and Encryption Keys
utility
49Working with GPG
- Open source version of PGP
- Each user has a key pair used for encryption and
authentication - Authentication uses trust model
- Typically uses RSA and DSA key pairs for
asymmetric encryption and digital signing - Can manage GPG keys and encrypt data using
- gpg command
- Graphical utility such as Passwords and
Encryption Keys utility
50Detecting Intrusion
- Log files can contain information or
irregularities indicating an intrusion - Review log files in /var/log associated with
network services - At minimum, review system log files associated
with authentication - Pluggable Authentication Module (PAM) handles
authentication requests by network applications - Log file in /var/log/secure
51Detecting Intrusion (continued)
- Check /var/log/wtmp log file
- Lists users who receive BASH shells
- Use who command to view the file
- lsof (list open files) command lists files that
are currently being edited - Periodically search for files that have SUID bit
set - Tripwire monitors important files and
directories - Intrusion Detection System (IDS) program used to
detect intruders on a Linux system
52Detecting Intrusion (continued)
Table 14-3 Common Linux Intrusion Detection
Systems
53Summary
- Administrators monitor the system, perform
proactive/reactive maintenance, and document
system information - Common troubleshooting procedures involve
- Isolating and determining the cause of system
problems and implementing and testing solutions
that can be documented for future use - Invalid hardware settings, absence of device
drivers, and hard disk failure are common
hardware-related problems
54Summary (continued)
- Software-related problems can be
application-related or OS-related - Users can use assistive technologies to modify
their desktop experience - System performance is affected by a variety of
hardware and software factors - Using performance monitoring utilities to create
a baseline is helpful for diagnosing future
performance problems
55Summary (continued)
- Securing a Linux computer involves
- Improving local and network security and
monitoring to detect intruders - Greatly improve local security by
- Restricting access to the computer and using root
account only when required via su and sudo
commands
56Summary (continued)
- Reduce chance of network attacks by
- Reducing number of network services, implementing
firewalls, SELinux, service updates, encryption,
and TCP wrappers, and restricting services from
running as root user and permissions on key files - Analyzing log files and key system files and
running IDS applications can be used to detect
intruders