Lab 3 Configuring the kernel

Goal: Develop skills tuning the /proc filesystem.

Gain some experience working with device special files and modules.

Use the tools available to explore hardware resources.

Estimated Duration: 45 minutes

Sequence 1: Turning off ping responses

Scenario: You want to reduce the exposure of a critical system. One of your strategies is to “hide” it from easy discovery by ICMP ECHO requests.

Deliverable: A system that does not respond to ping.

Instructions:

1. Configure your system, so that it does not respond to any ping request. This configuration should survive a reboot.

Hint: Install the kernel-doc package and check the kernel documentation on /usr/share/doc/kernel-doc-2.6.18/Documentation/networking/ipsysctl.txt.

a. Check the present value of /proc/sys/net/ipv4/icmp_echo_ignore_all

# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

It should be currently set to zero which means your system will respond normally to pings.

b. Change the value of /proc/sys/net/ipv4/icmp_echo_ignore_all to a 1 which will prevent other hosts from successfully pinging your host while not affecting your ability to ping them. Verify your work.

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

c. Now test pinging server1.example.com. Pressing Ctrl-C will stop the ping command and display some statistics for you. You should have been able to ping server1.

d. Next have someone else try pinging your station. They should not receive any responses back from your system. Alternatively, try to ping your own network address. This should not work either.

e. Now reboot your system and try to ping your station again. What happened? Why?

f. Remember that changes to the /proc filesystem are temporary and if you want them to persist across reboots you need to put an entry in /etc/sysctl.conf. Edit /etc/sysctl.conf and put the following line at the bottom:

net.ipv4.icmp_echo_ignore_all=1

g. To activate this change run:

# sysctl -p

h. Check the value in /proc. If it is not set to a 1 then recheck the previous two steps. Next reboot your system and check the value in /proc again.

2. MANDATORY CLEANUP

a. Comment out or remove net.ipv4.icmp_echo_ignore_all=1 from /etc/sysctl.conf

b. Remember that changing this file does not affect the system's current configuration, so you will want to undo your change directly as well:

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

This is to prevent other things from breaking during the week and help preserve your and your instructor's sanity.

Optional Sequence 2: Creating a file persistently under /dev/

Scenario: You want to make sure the /dev/myusbdisk filename is available after a reboot and can be used to mount a USB device.

Deliverable: A system that provides /dev/myusbdisk automatically after a reboot.

System Setup: System running in runlevel 5.

Instructions:

1. Modify the udev subsystem in such a way that /dev/myusbdisk gets automatically created at boot time.

Create a file named /etc/udev/rules.d/99-usb.rules and insert the following statement in it:

KERNEL=="sdb1", NAME="myusbdisk"

Note: Systems with IDE harddrives use sda for the first USB disk.

2. Reboot the system.

init 6

Plug a USB key to your system and verify that you now have a file named /dev/myusbdisk.

ls -l /dev/myusbdisk

3. MANDATORY CLEANUP: Remove the file you have created under /etc/udev/rules.d/ and unplug the USB device.

rm /etc/udev/rules.d/99-usb.rules

Sequence 3: Exploring processes, hardware and memory resources

Scenario: You want to determine what processes are running on your system, which hardware devices are available, and how much RAM is left.

Deliverable:

System Setup: System running in runlevel 5.

Instructions:

1. Determine the top-three processes with the largest memory footprint.

# top

Type “M” to sort processes in order of decreasing memory usage. The three processes at the top of the list are the three largest.

2. Determine the top-three processes with the largest cpu usage.

# top

Type “P” to sort processes in order of decreasing CPU usage. The three processes at the top of the list are the three busiest processes.

3. Start a window in which, using vmstat, a memory snapshot will be obtained every 5
seconds.

# vmstat 5

In parallel, start a memory-intensive application and observe the results.

# cat /dev/hda > /dev/null

4. Determine what network card (brand and/or model) is currently connected to your system.

You might first want to take a look at the lspci command.

The hal-device -manager will also display more information about the network interface card.

RH133读书 笔记(3) - Lab 3 Configuring the kernel的更多相关文章

  1. RH133读书笔记(1)-Lab 1 Managing Startup

    Lab 1 Managing Startup Goal: To familiarize yourself with the startup process System Setup: A system ...

  2. RH133读书笔记(2)-Lab 2 Working with packages

    Lab 2 Working with packages Goal: To gain working experience with package management System Setup: A ...

  3. RH033读书笔记(11)-Lab 12 Configuring the bash Shell

    Sequence 1: Configuring the bash Shell Deliverable: A system with new aliases that clear the screen, ...

  4. RH133读书 笔记(5) - Lab 5 User and Group Administration

    Lab 5 User and Group Administration Goal: To build skills for user and group administration. Estimat ...

  5. RH133读书 笔记(4) - Lab 4 System Services

    Lab 4 System Services Goal: Develop skills using system administration tools and setting up and admi ...

  6. RH133读书笔记(6) - Lab 6 Adding New Filesystems to the Filesystem Tree

    Lab 6 Adding New Filesystems to the Filesystem Tree Goal: Develop skills and knowlege related to par ...

  7. RH133读书笔记(9)-Lab 9 Installation and System-Initialization

    Lab 9 Installation and System-Initialization Goal: Successfully install Red Hat Enterprise Linux. Sy ...

  8. RH133读书笔记(8)-Lab 8 Manage Network Settings

    Lab 8 Manage Network Settings Goal: To build skills needed to manually configure networking Estimate ...

  9. RH133读书笔记(7)-Lab 7 Advanced Filesystem Mangement

    Lab 7 Advanced Filesystem Mangement Goal: Develop skills and knowlege related to Software RAID, LVM, ...

随机推荐

  1. SE 2014年4月5日

    背景需求: 缺省情况下,Level-1路由器只将去往其它区域的报文发送到最近的Level-1-2路由器. 路由渗透使Level-1-2路由器将Level-2区域的路由信息发布到Level-1区域. 4 ...

  2. SWT的CheckBoxTreeView

    其实CheckBoxTreeView和TreeView基本上是一样的,他们共同的方法有: TreeViewer 类封装了tree控件.树查看器按照父子关系来显示分等级的对象列表.此查看器需要设置标签供 ...

  3. Android 一些错误

    android fragment里面放viewpager 嵌套fragment 报错: 解决:在adapter的构造方法里加上 super(fragment.getChildFragmentManag ...

  4. android maven eclipse里面新建mavenprojectThe desired archetype does not exist

    这个问题头疼死我了 又一次配置下你看我的教程 watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvY2hlbmFpbmkxMTk=/font/5a6L5L2T/f ...

  5. 堆栈帧的组织——C/C++内存管理必须掌握

    程序栈 说到堆栈帧,你得先说说程序栈. 记忆功能程序堆栈区是支持操作,通常共享堆. 程序栈通常占领内存区域的下部,而堆用的是上部. 程序栈存放栈帧,栈帧有时候也称为活跃记录或活跃帧.栈帧存放函数參数和 ...

  6. maven 打包 时出现非法字符: /65279错误

    maven 打包 时出现非法字符: /65279错误 碰到的一个问题: 使用下面的命令给工程打包时, maven mvn clean package -Ptest01 -Dmaven.test.ski ...

  7. windows phone (16) UI变换 下

    原文:windows phone (16) UI变换 下 上一篇中说到四个变换类,都是比较简单的,这里要说到四个变换类,分别为: MatrixTransfrom矩阵变换,一句标准矩阵表示的变换 Tra ...

  8. Apple Watch视频教程(连载)

    发展Apple Watch 必须Xcode 6.2上述号码,所有视频.课件.Demo须要的能够加我私人微信 wanghj29(扫描头像也能够),在微信里面给我发email,我都发过去,另外也提供在线播 ...

  9. 多线程——达到Runnable介面

    部分博客(多线程--继承Thread类)介绍了java多线程的第一种实现方法--继承Thread类.这篇博客介绍另外一种方法--实现Runnable接口,并实现run方法. 还用上篇博客的样例.如今用 ...

  10. iOS执行时与method swizzling

    C语言是静态语言,它的工作方式是通过函数调用,这样在编译时我们就已经确定程序怎样执行的.而Objective-C是动态语言,它并不是通过调用类的方法来执行功能,而是给对象发送消息,对象在接收到消息之后 ...