Credits: This site powered by the vi text editor, apache webserver, perl scripting, and Debian linux.

Unix Admin Pt 3 - Day 4

Goals

In this session you will:

understand memory-related bottlenecks
Understand how your box fits in with its network
discuss NIS
discuss NFS
review the basics of security

POST

set your puppet's quota to 4MB soft and 10MB hard discspace limits
change your puppets max CPU time to 20 minutes

managing memory

virtual memory
swap partitions - amounts (X? 2X? 200MB?) - placement
swapping - writing out entire processes
paging - writing out pages of memory (unused routines)
free
vmstat interval
top

NIS

Central repository for authorization on a closed, protected network. p 616-617.

NFS

NFS is to Unix as SMB (file sharing) is to Windows.

Developed by Sun, NFS is the standard disc-sharing app for unix boxes (samba to talk between unix and windows).
mount at boot time or upon demand (fewer resources, retries). See /etc/vfstab
mount -t nfs host:/path /localpath
various authentication models:
/etc/exports or /etc/shares controls which dirs are shareable - exportfs

Security

physical
social
inside issues
local logins and passes
groups!
only run necessary services from inetd.conf or startup. Do a ps -aux to see what's running on your box.
SATAN and tripwire, snort

hard disk additions

power down, physically install (scsi #s)
watch for bootup sequence to find new drive; may give warnings about inaccessibility
format
partition with fdisk
check with fsck
create directory mountpoint and mount
edit your /etc/[v]fstab
set up quotas on partitions as desired

modem configuration

physically install dipswitch-settable modem plug/play may confuse
run script if possible; if not set up dialout /dev/cua0 and/or /dec/ttyd0 receive.
link /dec/cua0 to /dev/modem
ta dahhh - reseting a stuck serial port -
- dead mouse - gpm -k and restart it
- berserk terminal - stty sane, reset
- confused modem - echo ATZ | /dev/modem
- dead console (can't log in) - try killing the ttys one at a time
- toggle runlevels
- reboot (power down!)

unix signals

SIGNAL ID DEFAULT DESCRIPTION
=========================================================
SIGHUP 1 Termin. Hang up on controlling terminal
SIGINT 2 Termin. Interrupt. Generated when we enter CTRL-C
SIGQUIT 3 Core Generated when at terminal we enter CTRL-
SIGILL 4 Core Generated when we executed an illegal instruction
SIGTRAP 5 Core Trace trap (not reset when caught)
SIGABRT 6 Core Generated by the abort function
SIGFPE 8 Core Floating Point error
SIGKILL 9 Termin. Termination (can't catch, block, ignore)
SIGBUS 10 Core Generated in case of hardware fault
SIGSEGV 11 Core Generated in case of illegal address
SIGSYS 12 Core Generated when we use a bad argument in a system service call
SIGPIPE 13 Termin. Generated when writing to a pipe or a socket while no process is reading at other end
SIGALRM 14 Termin. Generated by clock when alarm expires
SIGTERM 15 Termin. Software termination signal
SIGURG 16 Ignore Urgent condition on IO channel
SIGTSTP 18 ??? Interactive Suspend
SIGCHLD 20 Ignore A child process has terminated or stopped
SIGTTIN 21 Stop Generated when a background process reads from terminal
SIGTTOUT 22 Stop Generated when a background process writes to terminal
SIGXCPU 24 Discard CPU time has expired
SIGUSR1 30 Termin. User defiled signal 1
SIGUSR2 31 Termin. User defined signal 2

final project

write a script that locks your dummy user into several well-known applications. You will identify the applications. Criteria:

should not be able to ctrl-c of the script; if they do, should be dropped into a safe directory
must be locked into a "jail" directory.
must not be able to shell out
exiting the menu will exit the script and log them out
limit user to 5mb discspace and 100 inodes.
limit user to 20MB memory and 30 minutes of CPU time.

Conclusion

take care of yourself and your resources
take care of your box
keep your head above water by reading news, and industry mags
keep your ears to the rail by reading your admin email
Go forth and conquer!

Where to go from here

other coursework - sys admin coursework - sun certs
outside work - build a unix box!

http://www.mousetrap.net/syllabus/admin_unix_pt3/day4.html
$Id: day4.orb,v 1.10 2002/05/22 20:00:58 mouse Exp $

Remember, your login is based on your machine's hostname, not on any other number.
~/[initials] refers to the subdirectory under your homedir, named after your initials. Everything except for .dotfiles will be stored in your ~/[initials] directory.