Lab 3 Configuring the kernel

Goal: Develop skills tuning the /proc filesystem.

Gain some experience working with device special files and modules.

Use the tools available to explore hardware resources.

Estimated Duration: 45 minutes

Sequence 1: Turning off ping responses

Scenario: You want to reduce the exposure of a critical system. One of your strategies is to “hide” it from easy discovery by ICMP ECHO requests.

Deliverable: A system that does not respond to ping.

Instructions:

1. Configure your system, so that it does not respond to any ping request. This configuration should survive a reboot.

Hint: Install the kernel-doc package and check the kernel documentation on /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ipsysctl.txt.

a. Check the present value of /proc/sys/net/ipv4/icmp_echo_ignore_all

# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

It should be currently set to zero which means your system will respond normally to pings.

b. Change the value of /proc/sys/net/ipv4/icmp_echo_ignore_all to a 1 which will prevent other hosts from successfully pinging your host while not affecting your ability to ping them. Verify your work.

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

c. Now test pinging server1.example.com. Pressing Ctrl-C will stop the ping command and display some statistics for you. You should have been able to ping server1.

d. Next have someone else try pinging your station. They should not receive any responses back from your system. Alternatively, try to ping your own network address. This should not work either.

e. Now reboot your system and try to ping your station again. What happened? Why?

f. Remember that changes to the /proc filesystem are temporary and if you want them to persist across reboots you need to put an entry in /etc/sysctl.conf. Edit /etc/sysctl.conf and put the following line at the bottom:

net.ipv4.icmp_echo_ignore_all=1

g. To activate this change run:

# sysctl -p

h. Check the value in /proc. If it is not set to a 1 then recheck the previous two steps. Next reboot your system and check the value in /proc again.

2. MANDATORY CLEANUP

a. Comment out or remove net.ipv4.icmp_echo_ignore_all=1 from /etc/sysctl.conf

b. Remember that changing this file does not affect the system's current configuration, so you will want to undo your change directly as well:

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

This is to prevent other things from breaking during the week and help preserve your and your instructor's sanity.

Optional Sequence 2: Creating a file persistently under /dev/

Scenario: You want to make sure the /dev/myusbdisk filename is available after a reboot and can be used to mount a USB device.

Deliverable: A system that provides /dev/myusbdisk automatically after a reboot.

System Setup: System running in runlevel 5.

Instructions:

1. Modify the udev subsystem in such a way that /dev/myusbdisk gets automatically created at boot time.

Create a file named /etc/udev/rules.d/99-usb.rules and insert the following statement in it:

KERNEL=="sdb1", NAME="myusbdisk"

Note: Systems with IDE harddrives use sda for the first USB disk.

2. Reboot the system.

init 6

Plug a USB key to your system and verify that you now have a file named /dev/myusbdisk.

ls -l /dev/myusbdisk

3. MANDATORY CLEANUP: Remove the file you have created under /etc/udev/rules.d/ and unplug the USB device.

rm /etc/udev/rules.d/99-usb.rules

Sequence 3: Exploring processes, hardware and memory resources

Scenario: You want to determine what processes are running on your system, which hardware devices are available, and how much RAM is left.

Deliverable:

System Setup: System running in runlevel 5.

Instructions:

1. Determine the top-three processes with the largest memory footprint.

# top

Type “M” to sort processes in order of decreasing memory usage. The three processes at the top of the list are the three largest.

2. Determine the top-three processes with the largest cpu usage.

# top

Type “P” to sort processes in order of decreasing CPU usage. The three processes at the top of the list are the three busiest processes.

3. Start a window in which, using vmstat, a memory snapshot will be obtained every 5
seconds.

# vmstat 5

In parallel, start a memory-intensive application and observe the results.

# cat /dev/hda > /dev/null

4. Determine what network card (brand and/or model) is currently connected to your system.

You might first want to take a look at the lspci command.

The hal-device -manager will also display more information about the network interface card.

RH133读书 笔记(3) - Lab 3 Configuring the kernel的更多相关文章

  1. RH133读书笔记(1)-Lab 1 Managing Startup

    Lab 1 Managing Startup Goal: To familiarize yourself with the startup process System Setup: A system ...

  2. RH133读书笔记(2)-Lab 2 Working with packages

    Lab 2 Working with packages Goal: To gain working experience with package management System Setup: A ...

  3. RH033读书笔记(11)-Lab 12 Configuring the bash Shell

    Sequence 1: Configuring the bash Shell Deliverable: A system with new aliases that clear the screen, ...

  4. RH133读书 笔记(5) - Lab 5 User and Group Administration

    Lab 5 User and Group Administration Goal: To build skills for user and group administration. Estimat ...

  5. RH133读书 笔记(4) - Lab 4 System Services

    Lab 4 System Services Goal: Develop skills using system administration tools and setting up and admi ...

  6. RH133读书笔记(6) - Lab 6 Adding New Filesystems to the Filesystem Tree

    Lab 6 Adding New Filesystems to the Filesystem Tree Goal: Develop skills and knowlege related to par ...

  7. RH133读书笔记(9)-Lab 9 Installation and System-Initialization

    Lab 9 Installation and System-Initialization Goal: Successfully install Red Hat Enterprise Linux. Sy ...

  8. RH133读书笔记(8)-Lab 8 Manage Network Settings

    Lab 8 Manage Network Settings Goal: To build skills needed to manually configure networking Estimate ...

  9. RH133读书笔记(7)-Lab 7 Advanced Filesystem Mangement

    Lab 7 Advanced Filesystem Mangement Goal: Develop skills and knowlege related to Software RAID, LVM, ...

随机推荐

  1. C# 通信学习笔记

    C# 通信学习笔记 DNS 是域名系统 (Domain Name System) 的缩写,是因特网的一项核心服务,它作为可以将域名和IP地址相互映射的一个分布式数据库,能够使人更方便的访问互联网,而不 ...

  2. 让ecshop显示商品销量或者月销量

    首先,ecshop的信息显示模块在. ./includes/lib_goods.php文件 在其末尾添加下面这个函数 月销量:(和总销量二选一) function ec_buysum($goods_i ...

  3. What the difference between rebuild index and re-organize index?

    avg_fragmentation_in_percent value Corrective statement > 5% and < = 30% ALTER INDEX REORGANIZ ...

  4. Windows Phone开发(35):使用Express Blend绘图

    原文:Windows Phone开发(35):使用Express Blend绘图 上一节中我们简单扯了一下绘图指令,然而那也不是最简单的绘图法,今天,我再向大家推荐一种更好的绘图方案--Express ...

  5. Android PackageInstaller 安装和卸载

    应用的安装方式:adb install或者下载安装 过程分析请參考老罗的blog,这里记录一下第三方应用程序安装apk的过程. 安装的过程主要是调用PackageInstaller这个App,源码的位 ...

  6. 初识google多语言通信框架gRPC系列(二)编译gRPC

    目录 一.概述 二.编译gRPC 三.C#中使用gRPC 四.C++中使用gRPC 无论通过哪种语言调用gRPC,都必须要编译gRPC,因为生成proto访问类时,除了产生标准的数据定义类之外,还需要 ...

  7. Oracle SQL Lesson (11) - 创建其他数据库对象(试图/序列/索引/同义词)

    schema(模式)一个用户下一组对象的集合,一般与用户名一致. 视图 CREATE [OR REPLACE] [FORCE|NOFORCE] VIEW view [(alias[, alias].. ...

  8. [网络]_[0基础]_[使用putty备份远程数据]

    场景: 1. putty是windows上訪问linux服务的免费client之中的一个.用它来ssh到远程server备份数据是常见的做法(在没做好自己主动备份机制前), 通过putty界面尽管也不 ...

  9. SplitContainer如何实现左侧导航,正确显示和导航内容

    关于这种类型的设计有很多的实现,这样,我首先解释一下我使用: 我的原则是实现方式,将form嵌panel在,作为一个子窗口. 如下面的代码细节: Form form = new DataSelect( ...

  10. 你怎么知道你的网站K

    最近有朋友问我关于网站K问题,你怎么知道被提及哪些网站K方面.总结了六个方法后,,至于有没有其他办法.欢迎和我交流讨论. 检测方法是网站的搜索引擎惩罚:   首先要明白的是.搜索引擎不惩罚easy侦查 ...