Lab 3 Configuring the kernel

Goal: Develop skills tuning the /proc filesystem.

Gain some experience working with device special files and modules.

Use the tools available to explore hardware resources.

Estimated Duration: 45 minutes

Sequence 1: Turning off ping responses

Scenario: You want to reduce the exposure of a critical system. One of your strategies is to “hide” it from easy discovery by ICMP ECHO requests.

Deliverable: A system that does not respond to ping.

Instructions:

1. Configure your system, so that it does not respond to any ping request. This configuration should survive a reboot.

Hint: Install the kernel-doc package and check the kernel documentation on /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ipsysctl.txt.

a. Check the present value of /proc/sys/net/ipv4/icmp_echo_ignore_all

# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

It should be currently set to zero which means your system will respond normally to pings.

b. Change the value of /proc/sys/net/ipv4/icmp_echo_ignore_all to a 1 which will prevent other hosts from successfully pinging your host while not affecting your ability to ping them. Verify your work.

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

c. Now test pinging server1.example.com. Pressing Ctrl-C will stop the ping command and display some statistics for you. You should have been able to ping server1.

d. Next have someone else try pinging your station. They should not receive any responses back from your system. Alternatively, try to ping your own network address. This should not work either.

e. Now reboot your system and try to ping your station again. What happened? Why?

f. Remember that changes to the /proc filesystem are temporary and if you want them to persist across reboots you need to put an entry in /etc/sysctl.conf. Edit /etc/sysctl.conf and put the following line at the bottom:

net.ipv4.icmp_echo_ignore_all=1

g. To activate this change run:

# sysctl -p

h. Check the value in /proc. If it is not set to a 1 then recheck the previous two steps. Next reboot your system and check the value in /proc again.

2. MANDATORY CLEANUP

a. Comment out or remove net.ipv4.icmp_echo_ignore_all=1 from /etc/sysctl.conf

b. Remember that changing this file does not affect the system's current configuration, so you will want to undo your change directly as well:

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

This is to prevent other things from breaking during the week and help preserve your and your instructor's sanity.

Optional Sequence 2: Creating a file persistently under /dev/

Scenario: You want to make sure the /dev/myusbdisk filename is available after a reboot and can be used to mount a USB device.

Deliverable: A system that provides /dev/myusbdisk automatically after a reboot.

System Setup: System running in runlevel 5.

Instructions:

1. Modify the udev subsystem in such a way that /dev/myusbdisk gets automatically created at boot time.

Create a file named /etc/udev/rules.d/99-usb.rules and insert the following statement in it:

KERNEL=="sdb1", NAME="myusbdisk"

Note: Systems with IDE harddrives use sda for the first USB disk.

2. Reboot the system.

init 6

Plug a USB key to your system and verify that you now have a file named /dev/myusbdisk.

ls -l /dev/myusbdisk

3. MANDATORY CLEANUP: Remove the file you have created under /etc/udev/rules.d/ and unplug the USB device.

rm /etc/udev/rules.d/99-usb.rules

Sequence 3: Exploring processes, hardware and memory resources

Scenario: You want to determine what processes are running on your system, which hardware devices are available, and how much RAM is left.

Deliverable:

System Setup: System running in runlevel 5.

Instructions:

1. Determine the top-three processes with the largest memory footprint.

# top

Type “M” to sort processes in order of decreasing memory usage. The three processes at the top of the list are the three largest.

2. Determine the top-three processes with the largest cpu usage.

# top

Type “P” to sort processes in order of decreasing CPU usage. The three processes at the top of the list are the three busiest processes.

3. Start a window in which, using vmstat, a memory snapshot will be obtained every 5
seconds.

# vmstat 5

In parallel, start a memory-intensive application and observe the results.

# cat /dev/hda > /dev/null

4. Determine what network card (brand and/or model) is currently connected to your system.

You might first want to take a look at the lspci command.

The hal-device -manager will also display more information about the network interface card.

RH133读书 笔记(3) - Lab 3 Configuring the kernel的更多相关文章

  1. RH133读书笔记(1)-Lab 1 Managing Startup

    Lab 1 Managing Startup Goal: To familiarize yourself with the startup process System Setup: A system ...

  2. RH133读书笔记(2)-Lab 2 Working with packages

    Lab 2 Working with packages Goal: To gain working experience with package management System Setup: A ...

  3. RH033读书笔记(11)-Lab 12 Configuring the bash Shell

    Sequence 1: Configuring the bash Shell Deliverable: A system with new aliases that clear the screen, ...

  4. RH133读书 笔记(5) - Lab 5 User and Group Administration

    Lab 5 User and Group Administration Goal: To build skills for user and group administration. Estimat ...

  5. RH133读书 笔记(4) - Lab 4 System Services

    Lab 4 System Services Goal: Develop skills using system administration tools and setting up and admi ...

  6. RH133读书笔记(6) - Lab 6 Adding New Filesystems to the Filesystem Tree

    Lab 6 Adding New Filesystems to the Filesystem Tree Goal: Develop skills and knowlege related to par ...

  7. RH133读书笔记(9)-Lab 9 Installation and System-Initialization

    Lab 9 Installation and System-Initialization Goal: Successfully install Red Hat Enterprise Linux. Sy ...

  8. RH133读书笔记(8)-Lab 8 Manage Network Settings

    Lab 8 Manage Network Settings Goal: To build skills needed to manually configure networking Estimate ...

  9. RH133读书笔记(7)-Lab 7 Advanced Filesystem Mangement

    Lab 7 Advanced Filesystem Mangement Goal: Develop skills and knowlege related to Software RAID, LVM, ...

随机推荐

  1. Cocos2d-x教程(28)-ttf 字体库的使用

    欢迎增加 Cocos2d-x 交流群: 193411763 转载请注明原文出处:http://blog.csdn.net/u012945598/article/details/37650843 通常为 ...

  2. HttpAsyncClient 做并发长连接的一个实例

    HttpAsyncClient 做并发长连接的一个实例 import java.util.concurrent.CountDownLatch; import org.apache.http.HttpR ...

  3. 云计算分布式大数据神器Spark实战高手之旅

    从2012年1月份研究Spark到如今已经两年多的时间了. 在这两年多的时间里比較彻底的研究了Spark的源码并已经在2014年4月24日编写完毕了世界上第一本Spark书籍. 鉴于CSDN在大陆IT ...

  4. WebGL自学教程——WebGL演示样例:開始

    最终開始WebGL的演示样例了,...... 開始 使用WebGL的步骤,非常easy: 1. 获得WebGL的渲染环境(也叫渲染上下文). 2. 发挥你的想象力,利用<WebGL參考手冊> ...

  5. php中遍历数组的方法

    参考网址:http://www.jb51.net/article/29949.htm 这三种方法中效率最高的是使用foreach语句遍历数组.从PHP4开始就引入了foreach结构,是PHP中专门为 ...

  6. Android网络服务发现(NSD)协议的使用

    Android的网络服务发现协议(NSD)能够用于在小范围的网络中发现邻近设备上的某个应用.这对于一些社交网络.多人游戏类的应用会很有帮助. Android的NSD的用法大致上分为四种操作: 1. 注 ...

  7. XSS漏洞的分类

    XSS漏洞依照攻击利用手法的不同,有下面三种类型: 类型A,本地利用漏洞,这样的漏洞存在于页面中client脚本自身.其攻击步骤例如以下所看到的: Alice给Bob发送一个恶意构造了Web的URL. ...

  8. centos一些命令

    1.查看系统使用端口并释放端口 [root@my_nn_01 WEB-INF]# lsof -w -n -i tcp:80 COMMAND   PID USER   FD   TYPE DEVICE ...

  9. Jetty开发指导:Jetty Websocket API

    Jetty WebSocket API使用 Jetty提供了功能更强的WebSocket API,使用一个公共的核心API供WebSockets的服务端和client使用. 他是一个基于WebSock ...

  10. [Windwos Phone 8]多个按钮的共用事件

    原文:[Windwos Phone 8]多个按钮的共用事件 前言 ------------------------------------------------------------------- ...