Unit4 - Subjective Questions

Purpose of /proc:
The /proc directory is a virtual file system (pseudo-file system) that provides an interface to kernel data structures. It does not contain real files on the disk; instead, it contains runtime system information (system memory, devices mounted, hardware configuration, etc.). It is created in memory at boot time.

Gathering Information:

1. CPU Information:
   The file /proc/cpuinfo contains details about individual CPU cores.

   • Command: cat /proc/cpuinfo
   • Details: It shows the processor type, model name, cache size, and speed (MHz).

2. Memory Information:
   The file /proc/meminfo provides statistics about memory usage.

   • Command: cat /proc/meminfo
   • Details: It displays total memory (MemTotal), free memory (MemFree), buffers, cached memory, and swap details.

Differences:

• SysVinit Runlevels: In the traditional SysVinit system, the system operates in one of several distinct states called "runlevels" (numbered 0-6). Scripts located in /etc/rc.d/ are executed sequentially to start or stop services based on the runlevel.
• Systemd Targets: Systemd uses "targets" (.target files) instead of runlevels. Targets are more flexible and allow for parallel starting of services. Targets can inherit from other targets, allowing for a more modular structure.

Equivalents:

A process in Linux goes through various states from its creation to its termination. This is often referred to as the process life cycle.

Process States:

1. Running (R): The process is currently running on the CPU or is in the queue waiting for a CPU slot.
2. Sleeping:
   • Interruptible Sleep (S): The process is waiting for an event (like I/O) to complete. It can be woken up by signals.
   • Uninterruptible Sleep (D): The process is waiting for an I/O operation and cannot be interrupted or killed until the operation completes.
3. Stopped (T): The process has been suspended, usually by receiving a signal (e.g., SIGSTOP or Ctrl+Z).
4. Zombie (Z): The process has finished execution, but its entry remains in the process table because the parent process has not yet read its exit status.
5. Dead (X): The process is dead and is being removed from the system.

Kernel Modules:
Kernel modules are pieces of code that can be loaded into the kernel and unloaded from the kernel on demand. They extend the functionality of the kernel (e.g., device drivers, filesystem drivers) without the need to reboot the system.

Management Commands:

1. lsmod:

   • Usage: Lists all currently loaded kernel modules.
   • Output: Shows Module name, Size, and Used by (dependencies).

2. modprobe:

   • Usage: Used to add or remove modules from the Linux Kernel intelligently (it handles dependencies automatically).
   • Add: modprobe <module_name>
   • Remove: modprobe -r <module_name>

3. modinfo:

   • Usage: Displays detailed information about a Linux kernel module.
   • Output: Includes the filename, license, description, author, and available parameters.

Significance of Swap Memory:
Swap memory is a space on a disk that is used when the amount of physical RAM is full. When the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. It prevents the system from crashing due to Out of Memory (OOM) errors, though it is significantly slower than RAM.

Steps to add a 1GB Swap File:

1. Create the file:
   dd if=/dev/zero of=/swapfile bs=1M count=1024
2. Set permissions (security):
   chmod 600 /swapfile
3. Set up the swap area:
   mkswap /swapfile
4. Enable the swap file:
   swapon /swapfile
5. Make it permanent (edit /etc/fstab):
   Add the line: /swapfile swap swap defaults 0 0

The systemctl command:
systemctl is the central control utility for the systemd init system and service manager. It is used to inspect and control the state of the systemd system and service manager.

Syntax for httpd service:

1. Start the service:
   Starts the service immediately.
   systemctl start httpd

2. Stop the service:
   Stops the running service immediately.
   systemctl stop httpd

3. Enable the service:
   Configures the service to start automatically at system boot.
   systemctl enable httpd

4. Check status:
   Shows whether the service is active, running, failed, or dead, along with recent log entries.
   systemctl status httpd

Purpose of Nice Value:
The "Nice" value is a user-space indicator of priority that determines how much CPU time a process receives relative to other processes. The values range from -20 (highest priority) to +19 (lowest priority). The default niceness is usually 0.

Changing Priority:

1. Starting a process with specific priority (nice):
   Command: nice -n <value> <command>
   Example: nice -n -5 ./backup.sh (Requires root for negative values).

2. Changing priority of a running process (renice):
   To change the priority, the administrator needs the Process ID (PID).
   Command: renice -n <new_value> -p <PID>
   Example: renice -n 10 -p 1234

Note: Only the root user can decrease the nice value (increase priority). for a process.

Usage of ip command:
The ip command is a powerful tool from the iproute2 package used to assign IP addresses, manipulate routing, and manage network interfaces.

• View IP addresses: ip addr show
• Bring interface up/down: ip link set dev eth0 up
• Add an IP: ip addr add 192.168.1.10/24 dev eth0
• View routing table: ip route show

Difference from ifconfig:

1. Package: ifconfig is part of net-tools (deprecated), while ip is part of iproute2 (modern standard).
2. Capabilities: ifconfig cannot handle multiple IP addresses per interface easily (needs aliases like eth0:1), whereas ip treats multiple addresses natively.
3. Scope: The ip command unifies the functionality of ifconfig, route, and arp into a single command suite.

Configuring Timezone (timedatectl):

1. List available timezones:
   timedatectl list-timezones
2. Set the timezone:
   timedatectl set-timezone Region/City
   Example: sudo timedatectl set-timezone Asia/Kolkata
3. Verify:
   timedatectl

Configuring Locale (localectl):

1. List available locales:
   localectl list-locales
2. Set the system locale:
   localectl set-locale LANG=<locale>
   Example: sudo localectl set-locale LANG=en_US.UTF-8
3. Effect: This updates configuration files like /etc/locale.conf.

Key-based authentication uses a pair of cryptographic keys (public and private) instead of a password.

Steps:

1. Generate Key Pair (Client Side):
   Run the following command on the local machine (client).
   ssh-keygen -t rsa -b 4096
   Press Enter to save to the default location (~/.ssh/id_rsa) and optionally set a passphrase.

2. Copy Public Key to Server:
   Transfer the public key (id_rsa.pub) to the remote server's authorized keys list.
   ssh-copy-id username@remote_host_ip
   Alternatively, manually append the content of id_rsa.pub to ~/.ssh/authorized_keys on the server.

3. Adjust Permissions (Server Side):
   Ensure permissions are secure on the server:
   chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

4. Test Connection:
   Login from the client:
   ssh username@remote_host_ip
   You should log in without the remote user's password (unless a passphrase was set for the key).

NetworkManager:
NetworkManager is a daemon that sits on top of libudev and other kernel interfaces and provides a high-level interface for the configuration of the network interfaces. It ensures networking connectivity and attempts to maintain active network connections.

Setting Static IP using nmcli:

Assuming the connection name is 'eth0'.

1. Set the IPv4 address and subnet mask:
   nmcli con mod eth0 ipv4.addresses 192.168.1.50/24
2. Set the Gateway:
   nmcli con mod eth0 ipv4.gateway 192.168.1.1
3. Set the DNS:
   nmcli con mod eth0 ipv4.dns "8.8.8.8,8.8.4.4"
4. Set the method to manual:
   nmcli con mod eth0 ipv4.method manual
5. Restart the interface to apply changes:
   nmcli con up eth0

OSI Layer:
Both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at the Transport Layer (Layer 4) of the OSI model.

Comparison:

When using the kill command to terminate processes, signals are sent to the Process ID (PID).

SIGTERM (Signal 15):

• Nature: This is the default signal sent by the kill command. It is considered the "polite" way to ask a process to stop.
• Behavior: The process receives the signal and can handle it. It allows the process to close files, finish current tasks, and clean up resources (save state) before exiting.
• Catchable: The process can technically ignore or block this signal (though usually, it terminates).

SIGKILL (Signal 9):

• Nature: This is the "force kill" signal.
• Behavior: The kernel immediately removes the process from execution. The process is given no opportunity to clean up, save data, or close files.
• Catchable: This signal cannot be caught, blocked, or ignored by the process.

1. ping:

• Usage: Used to test the reachability of a host on an Internet Protocol (IP) network and measure the round-trip time.
• Command: ping google.com or ping 192.168.1.1.
• Mechanism: Sends ICMP Echo Request packets and waits for ICMP Echo Reply.

2. traceroute (or tracepath):

• Usage: Displays the path (route) and measuring transit delays of packets across an IP network.
• Command: traceroute google.com.
• Mechanism: Helps identify where a connection is dropping (at which router/hop) by incrementing the TTL (Time To Live) value of packets.

3. ss (Socket Statistics):

• Usage: A utility to investigate sockets. It is the modern replacement for netstat.
• Command: ss -tuln
  • -t: TCP
  • -u: UDP
  • -l: Listening sockets
  • -n: Show numeric ports instead of service names.
• Mechanism: It dumps socket statistics directly from the kernel, making it faster than netstat.

1. lspci (PCI Devices):

• Usage: Lists all PCI (Peripheral Component Interconnect) devices. This includes components like graphics cards, network adapters, and sound cards connected to the motherboard.
• Interpretation: Output shows the Bus ID, Device class (e.g., VGA compatible controller), and the Manufacturer/Model.
• Example: 00:02.0 VGA compatible controller: Intel Corporation...

2. lsusb (USB Devices):

• Usage: Lists all USB ports and connected USB devices (mice, keyboards, external drives).
• Interpretation: Output shows the Bus number, Device number, Vendor ID:Product ID, and the device name.
• Example: Bus 001 Device 003: ID 046d:c077 Logitech, Inc. Mouse

3. lscpu (CPU Architecture):

• Usage: Displays information about the CPU architecture.
• Interpretation: It provides a structured summary of sysfs and /proc/cpuinfo. It lists the number of CPUs, threads per core, cores per socket, CPU family, Model, and Virtualization features.

The SSH daemon configuration file controls how the SSH server behaves. It is located at /etc/ssh/sshd_config.

Key Security Settings:

1. PermitRootLogin no:
   Prevents the root user from logging in directly via SSH. Admins should login as a regular user and use sudo.

2. PasswordAuthentication no:
   Disables password-based login. Requires the user to have SSH Key-based authentication set up. This drastically reduces brute-force risks.

3. Port 22 (Change Port):
   Changing the default port (e.g., to 2222) can reduce noise from automated bot scanners, though it is not a complete security fix (security by obscurity).

4. AllowUsers user1 user2:
   Whitelists specific users. Only the listed users are allowed to connect via SSH; all others are rejected.

5. Protocol 2:
   Ensures the server uses SSH Protocol 2 (more secure) and disables the legacy, insecure Protocol 1.

OOM (Out of Memory) Killer:
The OOM Killer is a process that the Linux kernel employs when the system is critically low on memory. It is a protective mechanism.

Trigger Circumstances:

1. Memory Exhaustion: When the physical RAM and Swap space are completely full.
2. Overcommit: Linux allows processes to allocate more memory than is physically available (Overcommit Memory). If processes actually try to use all that allocated memory simultaneously, the system runs out.

Behavior:
When triggered, the OOM Killer reviews all running processes and assigns them a score (oom_score). The process with the highest score (usually one consuming a lot of memory but not critical to the kernel) is killed to free up resources and prevent the entire system from panicking or freezing.

Role of NTP:
NTP is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. For system administrators, accurate time is critical for:

• Log analysis: Correlating events across different servers.
• Authentication: Kerberos and other protocols rely on timestamps.
• Scheduled tasks: Cron jobs running at the correct time.

chronyd:
chronyd is the daemon for the Chrony NTP client/server (default in many modern distros like RHEL 8/9).

• Configuration: Configured in /etc/chrony.conf.
• Management:
  • Start/Enable: systemctl enable --now chronyd
  • Check sources: chronyc sources (shows the time servers the system is syncing with).
  • Check tracking: chronyc tracking (shows system clock performance and offset).

Function of udev:
udev (userspace /dev) is the device manager for the Linux kernel. It manages device nodes in the /dev directory dynamically.

Relation to Device Management:

1. Dynamic Population: Unlike traditional static /dev directories, udev creates or removes device nodes (like /dev/sda, /dev/usb0) only when a device is actually connected or disconnected.
2. Kernel Events: It listens for "uevents" sent by the kernel when hardware is added or removed.
3. Rules: It uses rules (located in /etc/udev/rules.d/ and /usr/lib/udev/rules.d/) to handle specific devices. Administrators can write rules to:
   • Assign persistent names to devices (e.g., ensuring a specific hard drive is always named /dev/backup_disk).
   • Set permissions or ownership for specific devices.
   • Execute a script when a device is plugged in.

Load Average:
Load average represents the average system load (number of processes currently running on the CPU + processes waiting for the CPU + processes in uninterruptible sleep) over a period of time.

The Three Numbers:
The output (e.g., load average: 0.50, 0.80, 1.20) represents averages over three distinct time intervals:

1. 1-minute average: The average load over the last 1 minute.
2. 5-minute average: The average load over the last 5 minutes.
3. 15-minute average: The average load over the last 15 minutes.

Interpretation:

• If the number is 0.0, the system is idle.
• If the number equals the number of CPU cores (e.g., 1.0 on a single-core system), the CPU is fully utilized.
• If the number is greater than the CPU cores, processes are waiting for CPU time (bottleneck).