From Colwiki.org

Contents 1 Module 14 2 Linux System Administration 3 Introduction 4 Logfiles and Configuration files 4.1 Automatic Tasks 4.2 Backups and Compressions 5 Backup strategies

Module 14

Linux System Administration

Introduction

In this module you will learn about:

Logfiles and Configuration files

The /var/log/ directory

This is the directory where most logfiles are kept. Some applications generate their own log files (such as squid or samba). Most of the system logs are managed by the syslogd daemon. Common system files are :

• cron keeps track of messages generated when cron executes
• mail messages relating to mail
• messages logs all messages except private authentication authpriv, cron, mail and news
• secure logs all failed authentications, users added/deleted etc

The most important log file is messages where most activities are logged.

The /etc/syslog.conf file'

When syslogd is started it reads the /etc/syslog.conf configuration file by default. One can also start syslogd with -f and the path to an alternative config file. This file must contain a list of items followed by a priority, followed by the path to the log-file:

item1.priority1 ; item2.priority2 /path-to-log-file

Valid items are :

auth and authpriv user general and private authentication cron cron daemon messages kern kernel messages mail news user user processes uucp

    Valid priorities are:  (from highest to lowest) 

emerg alert crit err warning notice info debug * none Priorities are minimal! All higher priorities will be logged too. To force a priority to be info only you need to use an '=' sign as in:

	user.=info            /var/log/user_activity

Listing of /etc/syslog.conf

1. Log all kernel messages to the console.
2. Logging much else clutters up the screen.
3. kern.* /dev/console
4. Log anything (except mail) of level info or higher.
5. Don't log private authentication messages!

• .info;mail.none;news.none;authpriv.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* /var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages, plus log them on another

1. machine.

• .emerg *
• .emerg @10.1.1.254

 # Save boot messages also to boot.log

local7.* /var/log/boot.log

#

news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice

Log Utilities The logger command The first utility logger conveniently logs messages to the /var/log/messages file: If you type the following:

      logger  program myscipt ERR

The end of /var/log/messages should now have a message similar to this:

Jul 17 19:31:00 localhost penguin: program myscript ERR

local settings The logger utility logs messages to /var/log/messages by default. There are local items defined that can help you create your own logfiles as follows. local0 to local7 are available items for administrators to use. The availability depends on the system (RedHat local7 logs boot-time information in /var/log/boot.log). Add the following line to /etc/syslog.conf:

local4.* /dev/tty9

Restart the syslogd

      killall -HUP syslogd

The next command will be logged on the /dev/tty9

      logger -p local4.notice  "This script is writing to /dev/tty9"

An interesting device is the /dev/speech this is installed with the Festival tools.

logrotate

The log files are updated using logrotate. Usually logrotate is run daily as a cron job. The configuration file /etc/logrotate.conf contains commands to create or compress files. Listing of logrotate.conf

1. rotate log files weekly

weekly

1. keep 4 weeks worth of backlogs

rotate 4

1. send errors to root

errors root

1. create new (empty) log files after rotating old ones

create

1. uncomment this if you want your log files compressed

compress

1. RPM packages drop log rotation information into this directory

include /etc/logrotate.d

1. no packages own lastlog or wtmp -- we'll rotate them here

/var/log/wtmp {

   monthly
   create 0664 root utmp
   rotate 1

}

Automatic Tasks

Using cron

The program responsible for running crons is called crond. Every minute the crond will read specific files containing command to be executed. These files are called crontabs.

User crontabs are in /var/spool/cron/<username>. These files should not be edited directly by non-root users and need to be edited using the crontab tool (see below).

The system crontab is /etc/crontab. This file will periodically exectute all the scripts in /etc/cron.* this includes any symbolic link pointing to scripts or binaries on the system. To manipulate cron entries one uses the crontab utility. Scheduled tasks are view with the -l option as seen below:

    crontab -l

➔ # DO NOT EDIT THIS FILE - edit the master and reinstall

  	# (/tmp/crontab.1391 installed on Tue Jul 17 17:56:48 2001)
       # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
       # 0 * * 07 2 /usr/bin/find /home/penguin -name core -exec rm {} \;

Does the user root have any crontabs? Similarly the -e option will open your default editor and lets you enter a cron entry. User root can use the -u to view and change any user's cron entries. To delete your crontab file use crontab -r. This is the format for crontabs :

Minutes(0-59) Hours(0-23) Day of Month(1-31) Month(1-12) Day of Week(0-6) command

Permissions: By default any user can use crontab. However you can control the accessibility with /etc/cron.deny and /etc/cron.allow.

Scheduling with “at”

The at jobs are run by the atd daemon. At jobs are spooled in /var/spool/at/. The at command is used to schedule a one off task with the syntax

     at [time]

Where time can be expressed as: now 3am + 2days midnight 10:15 Apr 12 'teatime

For a complete list of valid time formats see /usr/share/doc/at-xxx/timespec. You can list commands that are scheduled with atq or at -l. The at jobs are saved in /var/spool/at/:

      ls /var/spool/at/

➔ a0000100fd244d spool When using atq you should have a list of jobs proceeded by a number. You can use this number to dequeue it:

     atq

➔ 1 2001-07-17 18:21 a root From the atq listing we see that the job number is 1, so we can remove the job from the spool as follows:

 at -d 1

Permissions: By default at is restricted to the root user. To override this you must either have an empty /etc/at.deny or have a /etc/at.allow with the appropriate names.

Backups and Compressions

Backup strategies

There are three main strategies to back up a system: 1. Full: copy all files 2. Incremental: The first incremental copies all files added or changed since the last full backup, and subsequently copies all the files added or changed since the last incremental backup 3. Differential: Copies all files added or changed since the last full backup

Example: If you made a full backup and 3 differential backups before a crash, how many tapes would you need to restore ?

Creating archives with tar The main option to create an archive with tar is -c. You can also specify the name of the archive as the first argument if you use the -f flag.

tar -cf home.tar /home/ If you don't specify the file as an argument tar -c will simply output the archive as standard output:

tar -c /home/ > home.tar

Extracting archives with tar Extracting is straight forward. Replace the -c flag with an -x. This will cause the archive file to create directories if necessary and copy the archived files in your current directory. To redirect the output of the extracted archive into the directory /usr/share/doc, for example, you can do:

tar xf backeddocs.tar -C /usr/share/doc

Compressions

All archives can be compressed using different compression utilities. These flags are available when creating, testing or extracting an archive:

tar option compression type

Z 	 compress  
z	 gzip 
j	 bzip2.

The cpio utility

The cpio utility is used to copy files to and from archives. List of files must be given to cpio either through a pipe (as when used with find) or via a file redirection such as with; - Extract an archive on a tape:

   	cpio -i < /dev/tape

- Create an archive for the /etc directory: find /etc | cpio -o > etc.cpio

Documentation

Manpages and the whatis database

These are the main sections one would expect within a manpage. The whatis database stores the NAME section of all the manpages on the system. This is done through a daily cron. The whatis database has the following two entries:

name(key) – one line description

The syntax for whatis is:

whatis <string>

The output is the full NAME section of the manpages where string matched named(key) . One can also use the man command to query the whatis database. The syntax is

man -k <string>

Unlike whatis this will query both the “name” and the “one line description” entries of the database. If the string matches a word in any of these fields the above query will return the full NAME section.

Example: (the matching string has been highlighted)

whatis lilo lilo (8) - install boot loader lilo.conf [lilo] (5) - configuration file for lilo

man -k lilo grubby (8) - command line tool for configuring grub, lilo, and elilo lilo (8) - install boot loader lilo.conf [lilo] (5) - configuration file for lilo

The FHS recommends manpages to be kept in /usr/share/man

Manpage Sections Section 1 Information on executables Section 2 System calls, e.g mkdir(2) Section 3 Library calls, e.g stdio(3) Section 4 Devices (files in /dev) Section 5 Configuration files and formats Section 6 Games Section 7 Macro packages Section 8 Administration commands Section 9 Kernel routines

To access a specific section N one has to enter:

man N command Examples:

man mkdir man 2 mkdir

man crontab man 5 crontab

Info pages

The FHS recommends info pages be kept in /usr/share/info. These pages are compressed files that can be read with the info tool. The original GNU tools used info pages rather than manpages. Since then most info pages have been rewritten as manpages. However information about GNU projects such as gcc or glibc is still more extensive in the info pages compared to the manpages.

Online documents

GNU projects include documents such as a FAQ, README, CHANGELOG and sometimes user/admin guides. The formats can either be ASCII text, HTML, LateX or postscript. These documents are kept in the /usr/share/doc/ directory.

HOWTOs and The Linux Documentation Project

The Linux Documentation Project provides many detailed documents on specific topics. These are structured guides explaining concepts and implementations. The website URL is www.tldp.org. The LDP documents are freely redistributable and can be contributed too using a GPL type licence.

Usenet News Groups

The main newsgroups for Linux are the comp.os.linux.* groups (e.g comp.os.linux.networking, comp.os.linux.security ...). Once you have setup a news reader to connect to a news server (usually available through an ISP or a University campus) one downloads a list of all existing discussion groups and subscribes/unsubscribes to a given group.

There are many experienced as well as new users which rely on the newsgroups to get information on specific tasks or projects. Take the time to answer some of these questions if you feel you have the relevant experience.

NOTICE The man -k option queries both fields in the whatis database. This will find everything about a given item. There is a tool called apropos (meaning about) which will do the same thing as man -k. Module summary

This work is licenced under a Creative Commons - By Attribution Licence - Share Alike License.