How to monitor the loaded kernel modules
A Linux system administrator may be required to watching the loaded kernel modules. The command that help to achieve this is “lsmod”.
Example :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$ /sbin/lsmod Module Size Used by ctr 16384 1 ccm 20480 1 ipt_MASQUERADE 16384 3 nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE iptable_nat 16384 1 nf_nat_ipv4 16384 1 iptable_nat nf_nat 24576 2 nf_nat_ipv4,nf_nat_masquerade_ipv4 nf_conntrack_ipv4 16384 2 nf_defrag_ipv4 16384 1 nf_conntrack_ipv4 xt_conntrack 16384 1 nf_conntrack 106496 5 nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4 ipt_REJECT 16384 2 nf_reject_ipv4 16384 1 ipt_REJECT xt_CHECKSUM 16384 1 iptable_mangle 16384 1 xt_tcpudp 16384 6 bridge 110592 0 stp 16384 1 bridge llc 16384 2 stp,bridge ip6table_filter 16384 0 ip6_tables 28672 1 ip6table_filter iptable_filter 16384 1 |
Another way to list all currently loaded kernel modules is to use “cat /proc/modules”.
Example :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$ cat /proc/modules ctr 16384 1 - Live 0x0000000000000000 ccm 20480 1 - Live 0x0000000000000000 ipt_MASQUERADE 16384 3 - Live 0x0000000000000000 nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE, Live 0x0000000000000000 iptable_nat 16384 1 - Live 0x0000000000000000 nf_nat_ipv4 16384 1 iptable_nat, Live 0x0000000000000000 nf_nat 24576 2 nf_nat_masquerade_ipv4,nf_nat_ipv4, Live 0x0000000000000000 nf_conntrack_ipv4 16384 2 - Live 0x0000000000000000 nf_defrag_ipv4 16384 1 nf_conntrack_ipv4, Live 0x0000000000000000 xt_conntrack 16384 1 - Live 0x0000000000000000 nf_conntrack 106496 5 nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat,nf_conntrack_ipv4,xt_conntrack, Live 0x0000000000000000 ipt_REJECT 16384 2 - Live 0x0000000000000000 nf_reject_ipv4 16384 1 ipt_REJECT, Live 0x0000000000000000 xt_CHECKSUM 16384 1 - Live 0x0000000000000000 iptable_mangle 16384 1 - Live 0x0000000000000000 xt_tcpudp 16384 6 - Live 0x0000000000000000 bridge 110592 0 - Live 0x0000000000000000 stp 16384 1 bridge, Live 0x0000000000000000 llc 16384 2 bridge,stp, Live 0x0000000000000000 ip6table_filter 16384 0 - Live 0x0000000000000000 ip6_tables 28672 1 ip6table_filter, Live 0x0000000000000000 iptable_filter 16384 1 - Live 0x0000000000000000 ip_tables 28672 3 iptable_nat,iptable_mangle,iptable_filter, Live 0x0000000000000000 |
Getting information about files
The “ls -la” command usually provides the access informaion about files and directories. Also the “fuser” command is used for identifying processes using files or sockets.
Example :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ ls -la total 40 drwxrwxrwt 9 root root 4096 Jun 20 15:10 . drwxr-xr-x 24 root root 4096 Jan 29 10:44 .. drwx------ 2 falcon falcon 4096 Jun 20 14:50 .com.google.Chrome.21YCdx drwx------ 2 falcon falcon 4096 Jun 20 14:56 .com.google.Chrome.EAhpC0 srwxr-xr-x 1 mdm mdm 0 Jun 20 14:48 filer8Gwbx drwxrwxrwt 2 root root 4096 Jun 20 14:48 .ICE-unix drwxrwxrwx 2 falcon falcon 4096 Jun 20 14:49 mintUpdate drwx------ 2 root mdm 4096 Jun 20 14:48 pulse-PKdhtXMmr18n drwx------ 2 falcon falcon 4096 Jun 20 14:48 ssh-vXSbTprUIQ3V -r--r--r-- 1 root root 11 Jun 20 14:48 .X0-lock drwxrwxrwt 2 root root 4096 Jun 20 14:48 .X11-unix |
|
1 2 |
$ fuser /opt/google/chrome/chrome /opt/google/chrome/chrome: 2886e 2897e 2902e 2948e 2953e 3023e 3105e |
In order to modify the file access permissions, use the command “chmod”. To change file ownership, use command “chown”.
Example : To change the file permissions of the file “testfile” to have the following permissions, use “chmod 775 testfile”
| Permissions | Read | Write | Execute | Final Value to use |
| Owner | Yes – 1 | Yes – 1 | Yes – 1 | 7 |
| Group | Yes – 1 | Yes – 1 | Yes – 1 | 7 |
| Other | Yes – 1 | No – 0 | Yes – 1 | 5 |
|
1 2 3 4 5 |
$ ls -al testfile -rw-r--r-- 1 falcon falcon 0 Jun 20 16:29 testfile $ chmod 775 testfile $ ls -al testfile -rwxrwxr-x 1 falcon falcon 0 Jun 20 16:29 testfile |
In order to change the ownership of a file, use the command “chown user:group file”.
Example :
|
1 |
$ chown mdm:mdm testfile |
How to restrict user resources
There might be a situation where the resources allocated for shell and processes need to be restricted. In such cases, use the command “ulimit”. The existing limits can be displayed using “ulimit -a”.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 63593 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 63593 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |
How to display the processes attached to open files
In order to display the list of processes attached to open files, use the command “lsof”.
Example :
|
1 2 3 4 5 6 7 8 9 10 |
$ lsof /opt/google/chrome/chrome COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chrome 2886 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 2897 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 2902 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 2948 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 2953 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 3023 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 3105 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome chrome 4004 falcon txt REG 8,4 117980200 23079677 /opt/google/chrome/chrome |
To see the list of all the files opened by a specific user, use the command “lsof -u uid”.
Example :
|
1 2 3 4 5 6 7 8 |
$ lsof -u 1000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME gnome-key 2317 falcon cwd unknown /proc/2317/cwd (readlink: Permission denied) gnome-key 2317 falcon rtd unknown /proc/2317/root (readlink: Permission denied) gnome-key 2317 falcon txt unknown /proc/2317/exe (readlink: Permission denied) gnome-key 2317 falcon NOFD /proc/2317/fd (opendir: Permission denied) cinnamon- 2393 falcon cwd DIR 8,4 4096 3145730 /home/falcon cinnamon- 2393 falcon rtd DIR 8,4 4096 2 / |
System Log Files
There are various system logs. These are mainly used for troubleshooting issues and problems.
Some of the important logs are :
/var/log/syslog
/var/log/secure
/var/log/maillog
To view the timestamp of the last login of system users, use “lastlog” command.
Example :
To get the latest system messages to roll on the screen as they occur –
|
1 2 3 4 5 6 7 8 9 10 11 |
$ tail -f /var/log/syslog Jun 20 17:05:01 alban-ThinkPad-T420 CRON[4517]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Jun 20 17:06:13 alban-ThinkPad-T420 wpa_supplicant[1667]: wlan0: CTRL-EVENT-SCAN-STARTED Jun 20 17:06:19 alban-ThinkPad-T420 wpa_supplicant[1667]: nl80211: send_and_recv->nl_recvmsgs failed: -33 Jun 20 17:08:13 alban-ThinkPad-T420 wpa_supplicant[1667]: wlan0: CTRL-EVENT-SCAN-STARTED Jun 20 17:09:01 alban-ThinkPad-T420 CRON[4528]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jun 20 17:10:13 alban-ThinkPad-T420 wpa_supplicant[1667]: wlan0: CTRL-EVENT-SCAN-STARTED Jun 20 17:11:05 alban-ThinkPad-T420 wpa_supplicant[1667]: wlan0: WPA: Group rekeying completed with 10:be:f5:d3:a4:68 [GTK=TKIP] Jun 20 17:12:13 alban-ThinkPad-T420 wpa_supplicant[1667]: wlan0: CTRL-EVENT-SCAN-STARTED Jun 20 17:15:01 alban-ThinkPad-T420 CRON[4554]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Jun 20 17:17:01 alban-ThinkPad-T420 CRON[4634]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) |