Cramsession Linux Newsletter

home

Aug 23 2001

                    LINUX NEWS
        RESOURCES & LINKS FROM BRAINBUZZ.COM
             Thursday, August 23, 2001
       Read By 7,000 Linux Enthusiasts Weekly!

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

RSA's Official Guide to Cryptography
Mandrake 8.1 Beta Available
I Can't Believe It's Not Linux!
Red Hat Stands Behind ext3

3) Linux Resources

The Linux Cookbook
Some Tips and Tricks for Samba
NIST Special Publication on Intrusion Detection Systems
RHCE Essentials
Various Handy Commands

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Overview of Java 2 for $9.95 plus shipping and handling. Save $95 and learn the skills you need for today’s demanding job market. Save yourself Time and Money by having the training you need at your fingertips.

http://ad.brainbuzz.com/?RC06&AI772

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@BrainBuzz.com or visit http://cramsession.brainbuzz.com/marketing/default.asp

1) Sean’s Notes

So, everything’s been running fine on your web server ever since you converted it to Linux. You locked it down, verified it, and now stuff like Code Red doesn’t worry you. Suddenly, your daydream of how you’ll spend your raise is interrupted by the phone ringing! It appears your company’s web site is responding very slowly!

You log in, sure enough, everything is slow. What’s causing it? Too many hits? Evil crackers? How do you fix it? More RAM? Extra CPUs? Maybe move the database off to a separate server?

Your first indication of how your server is running is the Load Average. The quickest way to get this is through the “w” or “uptime” commands. The load average is returned as three numbers:

load average: 0.13, 0.12, 0.09

These numbers represent the average number of processes in the run queue over 1, 5, and 15 minutes respectively. The run queue contains all the processes that are waiting for the CPU…that is, they aren’t waiting on IO, and haven’t been suspended.

In the case above, the numbers are very low, and fairly consistent across the three time periods. The latter indicates a level load, i.e. there were no bursts. If you had a 15 in the first column, but 0.10 in the other two, you’re either temporarily loaded, or just starting into some heavy processing.

On a system with one CPU, anything above one would mean that processes are contending for the CPU. This isn’t a bad thing, things will just be slower. Obscene numbers like 20 are usually a sign that things have run away. Check your process listing (ps -ef) for processes you don’t expect, such as 100 odd sendmail processes.

On a system that normally sits at, say, 0.20 across the board, but is at 1.20, check for a process that is spinning, or otherwise taking more than its fair share of CPU. To do that, we’ll look at the “top” program.

Top, as its name implies, shows the most intensive processes. You’ll see some status information first:

7:42pm up 18 days, 1:16, 3 users, load average: 1.10, 1.08, 1.08 98 processes: 95 sleeping, 3 running, 0 zombie, 0 stopped CPU states: 99.6% user, 1.1% system, 0.0% nice, 0.0% idle Mem: 384392K av, 351296K used, 33096K free, 0K shrd, 87940K buff Swap: 0K av, 0K used, 0K free 165224K cached

We’ll read more into this another day, but for now, notice the consistent load average of around 1.10. Look at the CPU state line – 98.8% user load, so it’s going to be user process as opposed to the kernel. Skipping down to the list of processes:

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 28598 root 19 0 304 304 248 R 99.4 0.0 346:24 cpusucker

There we are – that “cpusucker” process has been hogging the CPU! Take a peek at the “time” column, it’s been going for a while. This time represents the seconds of CPU usage that the process has soaked up. A process that spends most of its time on the CPU will thus have a high time. Processes like these are rare, most programs do a lot of IO. Examples of heavy CPU using programs would be SETI, raytracers, and password crackers.

After killing off PID 28598, your system returns to normal, and everyone is happy. The next thing you do is find out what that process was, and plan your resources around it. On a web server, this could be a sign of some sloppy coding in a CGI.

This time, we were lucky and it was an easily spottable CPU hog. Next week, we’ll look at how to check on the status of memory and other resources.

A final note about the load average – It’s a good indicator, but it doesn’t tell the whole story. You can have a busy system with a low load, or an idle system with a high load. More often than not, though, a high load is a sign of some trouble.

Long live the Penguin,

Sean mailto:swalberg@brainbuzz.com

Visit the Linux News Board at http://boards.brainbuzz.com/boards/vbt.asp?b2

2) Linux News

RSA’s Official Guide to Cryptography

Yep, it’s by the same guys that made the algorithms that protect your e-commerce transactions. This book provides a great introduction to cryptography and its applications, without getting into the math.

http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1390

Mandrake 8.1 Beta Available

Looking at the software list, this thing is still smoking hot! KDE 2.2, GNOME 1.4, Kernel 2.4.8 with ReiserFS, JFS, and ext3 as options right out of the install, not to mention a bunch of updates to the tools.

http://www.linux-mandrake.com/en/test81beta1.php3

I Can’t Believe It’s Not Linux!

Caldera, who makes a Linux distribution, bought SCO, who has its own version of UNIX (Unixware) for Intel. Then it announces that it’s added support for Linux binaries to Unixware, and that it’s going to come bundled with the “Linux Environment”. So is it Linux? Or isn’t it? How is this different from FreeBSD or Solaris?

http://www.sco.com/press/releases/2000/6948.html

Red Hat Stands Behind ext3

This one was a surprise to me…Red Hat is going to push the ext3 filesystem. Like ReiserFS, it’s journalled, but according to this story, it has a lot of added features.

http://linuxtoday.com/news_story.php3?ltsn 01-08-22-004-20-NW-RH

3) Linux Resources

The Linux Cookbook

This book is made for people who use Linux for their everyday work, and want to know how to get the job done. Lots of examples and clear organization make this one a winner. You can even read the book online, but this is one you’ll want in dead tree format.

http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1416

Some Tips and Tricks for Samba

This site provides some handy tips for working with Samba, the daemon that emulates Windows filesharing. Examples include policies and profiles, and how to increase speed.

http://www.patoche.org/LTT/samba/

NIST Special Publication on Intrusion Detection Systems

The US National Institute of Standards and Technology wrote a paper on the proper use of Intrusion Detection Systems, which was converted to HTML and mirrored on cryptome.org. It is a very complete paper, covering network, host, and application IDS.

http://cryptome.org/sp800-31.htm

RHCE Essentials

The Red Hat Certified Expert certification combines both written and practical tests, and successful candidates must have a mastery of Linux in order to pass. This article chronicles one person’s trip through the program, and offers some insight for those looking to make it themselves.

http://certcities.com/editorial/exams/story.asp?EditorialsID!

Various Handy Commands

This collection of tips shows the use of strace, od, and even some parts of ls that I’ll bet you didn’t know about. There are even some commands to help you find who’s hogging all your disk space!

http://www.linuxlookup.com/html/totw/2001/july.html

4) App o’ the week

Thought switches protect from sniffing? Think again. Dsniff is a tool for network security auditing. It does some really interesting things with your network, such as impersonating the gateway. It’s also a great tool for learning about how the lower levels of the network work.

http://www.monkey.org/~dugsong/dsniff/

(C) 2001 BrainBuzz.com. All Rights Reserved.

     This message is from BrainBuzz.com.

You are currently subscribed to the Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail: send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To Subscribe to this newsletter by e-mail: send a blank email message to:

mailto:join-linuxnews@list.brainbuzz.com

github.com/swalberg
twitter.com/seanwalberg