Linux Guide to Linux Certification, Third Edition - PowerPoint PPT Presentation

1 / 56
About This Presentation
Title:

Linux Guide to Linux Certification, Third Edition

Description:

Chapter 14 Troubleshooting, Performance, and Security Securing the Local Computer Limit access to physical computer itself Prevent malicious users from accessing ... – PowerPoint PPT presentation

Number of Views:257
Avg rating:3.0/5.0
Slides: 57
Provided by: Anat86
Category:

less

Transcript and Presenter's Notes

Title: Linux Guide to Linux Certification, Third Edition


1
Linux Guide to Linux Certification, Third Edition
  • Chapter 14
  • Troubleshooting, Performance, and Security

2
Objectives
  • Describe and outline good troubleshooting
    practices
  • Effectively troubleshoot common hardware- and
    software-related problems
  • Monitor system performance using command-line and
    graphical utilities
  • Identify and fix common performance problems

3
Objectives (continued)
  • Describe the different facets of Linux security
  • Increase the security of a Linux computer
  • Outline measures and utilities that can be used
    to detect a Linux security breach

4
Troubleshooting Methodology
Figure 14-1 The maintenance cycle
5
Troubleshooting Methodology (continued)
  • Monitoring observing log files and running
    performance utilities system to identify problems
    and their causes
  • Proactive maintenance minimizing chance of
    future problems
  • e.g., perform regular system backups

6
Troubleshooting Methodology (continued)
  • Reactive maintenance correcting problems when
    they arise
  • Documenting solutions
  • Developing better proactive maintenance methods
  • Documentation system information stored in a log
    book for future references
  • All maintenance actions should be documented
  • Troubleshooting procedures tasks performed when
    solving system problems

7
Troubleshooting Methodology (continued)

Figure 14-2 Common troubleshooting procedures
8
Troubleshooting Methodology (continued)
  • Two troubleshooting golden rules
  • Prioritize problems according to severity
  • Spend reasonable amount of time on each problem
    given its priority
  • Ask for help if you cant solve the problem
  • Try to solve the root of the problem
  • Avoid missing underlying cause
  • Justify why a certain solution is successful

9
Resolving Common System Problems
  • Three categories of problems
  • Hardware-related
  • Software-related
  • User interface-related

10
Hardware-Related Problems
  • Often involve improper hardware or software
    configuration
  • SCSI termination
  • Video card and monitor configuration
  • All hardware is on Hardware Compatibility List
  • POST test alerts
  • Loose hardware connections
  • Problems specific to the type of hardware
  • View output of dmesg command
  • View content of /var/log/boot.log,
    /var/log/messages

11
Hardware-Related Problems (continued)
  • Absence of device drivers prevent OS from using
    associated devices
  • dmesg command displays the hardware that is
    detected by the Linux kernel
  • lsusb command displays a list of USB devices
    detected by the Linux kernel
  • lspci command displays a list of PCI devices
    detected by the Linux kernel
  • Compare outputs of commands to output of lsmod to
    determine if driver module is missing from kernel

12
Hardware-Related Problems (continued)
  • Hardware failure can render a device unusable
  • HDDs most common hardware components to fail
  • If HDD containing partitions mounted on
    noncritical directories fails
  • Power down computer and replace failed HDD
  • Boot Linux system
  • Use fdisk to create partitions on replaced HDD
  • Use mkfs to create filesystems
  • Restore original data
  • Ensure /etc/fstab has appropriate entries to
    mount filesystems

13
Hardware-Related Problems (continued)
  • If HDD containing / filesystem fails
  • Power down computer and replace failed HDD
  • Reinstall Linux on new HDD
  • Restore original configuration and data files

14
Software-Related ProblemsApplication-Related
Problems
  • Missing program libraries/files, process
    restrictions, or conflicting applications
  • Dependencies prerequisite shared libraries or
    packages required for program execution
  • Programs usually check at installation
  • Package files may be removed accidentally

15
Software-Related ProblemsApplication-Related
Problems (continued)
  • rpm V command identify missing files in a
    package or package dependency
  • ldd command display shared libraries used by a
    program
  • ldconfig command updates list of shared library
    directories (/etc/ld.so.conf) and list of shared
    libraries (/etc/ld.so.cache)

16
Software-Related ProblemsApplication-Related
Problems (continued)
  • Too many running processes
  • Solve by killing parent process of zombie
    processes
  • Filehandles connections programs make to files
  • ulimit command modify process limit parameters
    in current shell
  • Can also modify max number of filehandles

17
Software-Related ProblemsApplication-Related
Problems (continued)
  • /var/log directory contains most system log
    files
  • Some are hard linked to /var/log directory
  • If applications stop functioning due to
    difficulty gaining resources, restart using
    SIGHUP
  • Do determine if another process trying to access
    the same resources attempt to start application
    in Single User Mode
  • If resource conflict is the cause of the problem,
    download newer version of application or
    application fix

18
Software-Related ProblemsOperating
System-Related Problems
  • Most software-related problems related to OS
  • X windows, boot loader, and filesystem problems
  • Problem detecting video card or monitors by the
    kernel
  • To isolate problem starting X Windows or gdm
  • View /var/log/Xorg.0.log file
  • Execute xwininfo or xdpyinfo

19
Software-Related ProblemsOS-Related Problems
(continued)
  • LILO problems place linear in, remove
    compact from /etc/lilo.conf file
  • GRUB problems typically result of missing files
    in /boot directory
  • Ensure Linux kernel resides before 1024th
    cylinder and lba32 keyword is in configuration
    file
  • Eliminates BIOS problems with large HDDs

20
Software-Related ProblemsOS-Related Problems
(continued)
  • If filesystem on partition mounted to noncritical
    directory becomes corrupted
  • Unmount filesystem
  • Run fsck command with f (full) option
  • If fsck command cannot repair filesystem, use
    mkfs command to re-create the filesystem
  • Restore filesystems original data

21
Software-Related ProblemsOS-Related Problems
(continued)
  • If / filesystem is corrupted
  • Boot from Fedora installation media and enter
    System Rescue
  • At shell prompt within System Rescue
  • Use mkfs to recreate the filesystem
  • Use backup utility to restore original data to
    the re-created / filesystem
  • Exit System Rescue and reboot system
  • Knoppix Linux and BBC Linux bootable Linux
    distributions with many filesystem repair
    utilities

22
Software-Related Problems User
Interface-Related Problems
  • Assistive technologies tools that users can use
    to modify their desktop experience
  • Assistive Technologies Preference utility within
    GNOME Desktop Environment
  • Preferred Applications to configure Web browser,
    multimedia player and terminal applications to be
    opened automatically
  • Mouse Accessibility to configure speed and click
    behavior
  • Keyboard Accessibility to configure keyboard
    related assistive technologies

23
Software-Related Problems User
Interface-Related Problems (continued)

Figure 14-3 The Assistive Technologies
Preferences utility
24
Performance Monitoring
  • Jabbering failing hardware components send large
    amounts of information to CPU
  • Other causes of poor performance
  • Software monopolizes system resources
  • Too many processes
  • Too many read/write requests to HDD
  • Rogue processes

25
Performance Monitoring (continued)
  • To solve software performance issues
  • Remove software from the system
  • Move software to another Linux system
  • Add CPU or otherwise alter hardware
  • Bus mastering peripheral components perform
    tasks normally executed by CPU

26
Performance Monitoring (continued)
  • To increase performance
  • Add RAM
  • Upgrade to faster HDDs
  • Disk Striping RAID
  • Keep CD/DVD drives on a separate HDD controller
  • Run performance utilities on a regular basis
  • Record results in a system log book
  • Eases identification of performance problems
  • Baseline measure of normal system activity

27
Monitoring Performance with sysstat Utilities
  • System Statistics (sysstat) package contains
    wide range of system monitoring utilities
  • Use yum install sysstat command to install
  • mpstat (multiple processor statistics) command
    displays CPU statistics
  • Used to monitor CPU performance
  • Can specify interval and number of measurements
    rather than displaying average values
  • sys should be smaller than usr and nice
    combined

28
Monitoring Performance with sysstat Utilities
(continued)
  • iostat (Input/Output Statistics) command
    measures flow of information to and from disk
    devices
  • Displays CPU statistics similar to mpstat
  • Displays statistics for each disk device on the
    system
  • Output includes
  • Transfers per second
  • Number of blocks read and written per second
  • Total number of blocks read and written for the
    device

29
Monitoring Performance with sysstat Utilities
(continued)
  • sar (System Activity Reporter) command displays
    various system statistics taken in the last day
  • Provides more information than mpstat and iostat
  • By default scheduled to run every 10 minutes
  • Output logged to a file in /var/log/sa directory
  • -f option View statistics from a specific file
  • Can be used to take current system measurements

30
Monitoring Performance with sysstat Utilities
(continued)
  • Additional sar options
  • -q option Displays processor queue statistics
  • runq -sz value Number of processes waiting for
    execution on processor run queue
  • plist -sz value Indicates number of processes
    currently running
  • ldavg values Represent average CPU load
  • -W option Displays number of pages sent to and
    taken from swap partition
  • Large number causes slower performance
  • Add RAM to resolve

31
Monitoring Performance with sysstat Utilities
(continued)
Table 14-1 Common options to the sar command
32
Other Performance Monitoring Utilities
  • top command displays CPU statistics, swap usage,
    memory usage and average CPU load
  • free command displays total amounts of physical
    and swap memory and their utilizations
  • Can be used to indicate whether more physical
    memory is required
  • vmstat command displays memory, CPU, and swap
    statistics
  • Can be used to indicate whether more physical
    memory is required

33
Security
  • Linux systems typically made available across
    networks such as the Internet
  • More prone to security loopholes and attacks
  • Should improve local and network security
  • Understand how to detect intruders who breach the
    system

34
Securing the Local Computer
  • Limit access to physical computer itself
  • Prevent malicious users from accessing files by
    directly booting the computer with their own
    device
  • Server closet secured room to store servers
  • Remove floppy, CD, and DVD drives from
    workstations
  • Ensure BIOS prevents booting from USB ports

35
Securing the Local Computer (continued)
  • Ensure BIOS password is set
  • Set boot loader password in LILO or GRUB
    configuration file
  • Prevents intruder from interacting with boot
    loader
  • Limit access to graphical desktops and shells
  • Exit command-line shell before leaving computer
  • nohup command prevents background processes from
    being killed when parent shell is killed or
    exited
  • Lock screen using GNOME or KDE

36
Securing the Local Computer (continued)
  • Minimize root users time logged in
  • su (switch user) command switch current user
    account to another
  • Used to switch between root user and regular user
  • sudo command perform commands as another user if
    you have the rights to do that listed in
    /etc/sudoers file

37
Protecting Against Network Attacks
  • Always a possibility that hackers can manipulate
    a network service by interacting with it in
    unusual ways
  • Buffer overrun program information for a network
    service altered in memory

38
Network Security Essentials
  • Minimize number of running network services
  • nmap (network mapper) command scans ports on
    network computers
  • User can determine what network services are
    running
  • Ensure that services that are not needed are not
    automatically started when entering the runlevel

39
Network Security Essentials (continued)
  • Ensure network service daemons for essential
    services not run as root user when possible
  • Ensure that shell listed in /etc/passwd for
    daemons is set to /sbin/nologin
  • Hacker will not be able to get BASH shell
  • New network service versions usually include
    fixes for known network attacks
  • Keep network services up-to-date

40
Network Security Essentials (continued)
  • TCP wrapper program that can start a network
    daemon
  • Checks /etc/hosts.allow and /etc/hosts.deny files
    before starting a network daemon
  • Examine permissions for files and directories
    associated with system and network services

41
Configuring a Firewall
  • netfilter/iptables used to configure a firewall
  • Discard network packets according to chains of
    rules
  • Chains specify general type of network traffic
    to apply rules to
  • Rules match network traffic to be allowed or
    dropped
  • Three chain types
  • INPUT incoming packets
  • FORWARD packets passing through computer
  • OUTPUT chain outgoing packets

42
Configuring a Firewall (continued)
  • iptables command creates rules for a chain
  • Can be based on source IP, destination IP,
    protocol used, or packet status
  • Stateful packet filter Remembers traffic allowed
    in an existing session and adjust rules
    appropriately
  • Easier to use graphical utility to configure
    firewalls

43
Table 14-2 Common iptables options
44
Configuring a Firewall (continued)
Figure 14-4 The Firewall Configuration utility
45
Configuring SELinux
  • SELinux Security Enhanced Linux
  • By default, configured and enabled during Fedora
    installation
  • Series of kernel patches and utilities created by
    NSA
  • Enforces role-based security
  • To enable, edit /etc/selinux/config file
  • Configure SELINUXTYPE option
  • Reboot and relabel the system
  • sestatus command view current SELinux status

46
Using Encryption to Protect Network Data
  • Use encryption algorithms to protect data before
    it is transmitted on a network
  • Asymmetric encryption uses a pair of keys
    uniquely generated on each system
  • Public key freely distributed
  • Private key used only by the system, never
    distributed
  • Can be used to authenticate messages
  • Digital signature message that has been
    encrypted using a private key

47
Working with SSH
  • By default, SSH uses RSA to encrypt data and DSA
    to digitally sign data
  • System wide RSA and DSA key pairs are generated
    the first time SSH daemon is started
  • Tunneling enclosing network traffic within
    encrypted SSH packets
  • SSH identity used to automatically authenticate
    to other computers using digital signatures
  • Manage keys using Password and Encryption Keys
    utility

48
Working with SSH (continued)
Figure 14-5 The Passwords and Encryption Keys
utility
49
Working with GPG
  • Open source version of PGP
  • Each user has a key pair used for encryption and
    authentication
  • Authentication uses trust model
  • Typically uses RSA and DSA key pairs for
    asymmetric encryption and digital signing
  • Can manage GPG keys and encrypt data using
  • gpg command
  • Graphical utility such as Passwords and
    Encryption Keys utility

50
Detecting Intrusion
  • Log files can contain information or
    irregularities indicating an intrusion
  • Review log files in /var/log associated with
    network services
  • At minimum, review system log files associated
    with authentication
  • Pluggable Authentication Module (PAM) handles
    authentication requests by network applications
  • Log file in /var/log/secure

51
Detecting Intrusion (continued)
  • Check /var/log/wtmp log file
  • Lists users who receive BASH shells
  • Use who command to view the file
  • lsof (list open files) command lists files that
    are currently being edited
  • Periodically search for files that have SUID bit
    set
  • Tripwire monitors important files and
    directories
  • Intrusion Detection System (IDS) program used to
    detect intruders on a Linux system

52
Detecting Intrusion (continued)
Table 14-3 Common Linux Intrusion Detection
Systems
53
Summary
  • Administrators monitor the system, perform
    proactive/reactive maintenance, and document
    system information
  • Common troubleshooting procedures involve
  • Isolating and determining the cause of system
    problems and implementing and testing solutions
    that can be documented for future use
  • Invalid hardware settings, absence of device
    drivers, and hard disk failure are common
    hardware-related problems

54
Summary (continued)
  • Software-related problems can be
    application-related or OS-related
  • Users can use assistive technologies to modify
    their desktop experience
  • System performance is affected by a variety of
    hardware and software factors
  • Using performance monitoring utilities to create
    a baseline is helpful for diagnosing future
    performance problems

55
Summary (continued)
  • Securing a Linux computer involves
  • Improving local and network security and
    monitoring to detect intruders
  • Greatly improve local security by
  • Restricting access to the computer and using root
    account only when required via su and sudo
    commands

56
Summary (continued)
  • Reduce chance of network attacks by
  • Reducing number of network services, implementing
    firewalls, SELinux, service updates, encryption,
    and TCP wrappers, and restricting services from
    running as root user and permissions on key files
  • Analyzing log files and key system files and
    running IDS applications can be used to detect
    intruders
Write a Comment
User Comments (0)
About PowerShow.com