2001 08 23

                    LINUX NEWS
             Thursday, August 23, 2001
       Read By 7,000 Linux Enthusiasts Weekly!


1) Sean’s Notes

2) Linux News

RSA's Official Guide to Cryptography
Mandrake 8.1 Beta Available
I Can't Believe It's Not Linux!
Red Hat Stands Behind ext3

3) Linux Resources

The Linux Cookbook
Some Tips and Tricks for Samba
NIST Special Publication on Intrusion Detection Systems
RHCE Essentials
Various Handy Commands

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Overview of Java 2 for $9.95 plus shipping and handling. Save $95 and learn the skills you need for today’s demanding job market. Save yourself Time and Money by having the training you need at your fingertips.


For information on how to advertise in this newsletter
please contact mailto:adsales@BrainBuzz.com or visit

1) Sean's Notes
So, everything's been running fine on your web server ever
since you converted it to Linux.  You locked it down,
verified it, and now stuff like Code Red doesn't worry you.
Suddenly, your daydream of how you'll spend your raise is
interrupted by the phone ringing!  It appears your company's
web site is responding very slowly!

You log in, sure enough, everything is slow.  What's causing
it?  Too many hits?  Evil crackers?  How do you fix it?
More RAM?  Extra CPUs?  Maybe move the database off to a
separate server?

Your first indication of how your server is running is the
Load Average.  The quickest way to get this is through the
"w" or "uptime" commands.  The load average is returned as
three numbers:

load average: 0.13, 0.12, 0.09

These numbers represent the average number of processes in
the run queue over 1, 5, and 15 minutes respectively.  The
run queue contains all the processes that are waiting for
the CPU...that is, they aren't waiting on IO, and haven't
been suspended.

In the case above, the numbers are very low, and fairly
consistent across the three time periods.  The latter
indicates a level load, i.e. there were no bursts.  If you
had a 15 in the first column, but 0.10 in the other two,
you're either temporarily loaded, or just starting into
some heavy processing.

On a system with one CPU, anything above one would mean that
processes are contending for the CPU.  This isn't a bad
thing, things will just be slower.  Obscene numbers like 20
are usually a sign that things have run away.  Check your
process listing (ps -ef) for processes you don't expect,
such as 100 odd sendmail processes.

On a system that normally sits at, say, 0.20 across the
board, but is at 1.20, check for a process that is spinning,
or otherwise taking more than its fair share of CPU.  To do
that, we'll look at the "top" program.

Top, as its name implies, shows the most intensive
processes.  You'll see some status information first:

7:42pm  up 18 days,  1:16,  3 users,  load average: 1.10, 1.08, 1.08
98 processes: 95 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: 99.6% user,  1.1% system,  0.0% nice,  0.0% idle
Mem:  384392K av,  351296K used,  33096K free,  0K shrd,  87940K buff
Swap:      0K av,       0K used,      0K free  165224K cached

We'll read more into this another day, but for now, notice
the consistent load average of around 1.10.  Look at the CPU
state line -- 98.8% user load, so it's going to be user
process as opposed to the kernel.  Skipping down to the list
of processes:

28598 root      19   0   304  304   248 R    99.4  0.0 346:24 cpusucker

There we are -- that "cpusucker" process has been hogging
the CPU!  Take a peek at the "time" column, it's been going
for a while.  This time represents the seconds of CPU usage
that the process has soaked up.  A process that spends most
of its time on the CPU will thus have a high time.  Processes
like these are rare, most programs do a lot of IO.  Examples
of heavy CPU using programs would be SETI, raytracers, and
password crackers.

After killing off PID 28598, your system returns to normal,
and everyone is happy.  The next thing you do is find out
what that process was, and plan your resources around it.
On a web server, this could be a sign of some sloppy coding
in a CGI.

This time, we were lucky and it was an easily spottable CPU
hog.  Next week, we'll look at how to check on the status of
memory and other resources.

A final note about the load average -- It's a good indicator,
but it doesn't tell the whole story.  You can have a busy
system with a low load, or an idle system with a high load.
More often than not, though, a high load is a sign of some

Long live the Penguin,


Visit the Linux News Board at

2) Linux News

RSA's Official Guide to Cryptography
Yep, it's by the same guys that made the algorithms that
protect your e-commerce transactions. This book provides a
great introduction to cryptography and its applications,
without getting into the math.


Mandrake 8.1 Beta Available
Looking at the software list, this thing is still smoking
hot! KDE 2.2, GNOME 1.4, Kernel 2.4.8 with ReiserFS, JFS,
and ext3 as options right out of the install, not to mention
a bunch of updates to the tools.


I Can't Believe It's Not Linux!
Caldera, who makes a Linux distribution, bought SCO, who
has its own version of UNIX (Unixware) for Intel. Then it
announces that it's added support for Linux binaries to
Unixware, and that it's going to come bundled with the
"Linux Environment". So is it Linux? Or isn't it? How is
this different from FreeBSD or Solaris?


Red Hat Stands Behind ext3
This one was a surprise to me...Red Hat is going to push
the ext3 filesystem. Like ReiserFS, it's journalled, but
according to this story, it has a lot of added features.

http://linuxtoday.com/news_story.php3?ltsn 01-08-22-004-20-NW-RH

3) Linux Resources

The Linux Cookbook
This book is made for people who use Linux for their
everyday work, and want to know how to get the job done.
Lots of examples and clear organization make this one a
winner. You can even read the book online, but this is one
you'll want in dead tree format.


Some Tips and Tricks for Samba
This site provides some handy tips for working with Samba,
the daemon that emulates Windows filesharing. Examples
include policies and profiles, and how to increase speed.


NIST Special Publication on Intrusion Detection Systems
The US National Institute of Standards and Technology wrote
a paper on the proper use of Intrusion Detection Systems,
which was converted to HTML and mirrored on cryptome.org.
It is a very complete paper, covering network, host, and
application IDS.


RHCE Essentials
The Red Hat Certified Expert certification combines both
written and practical tests, and successful candidates must
have a mastery of Linux in order to pass. This article
chronicles one person's trip through the program, and offers
some insight for those looking to make it themselves.


Various Handy Commands
This collection of tips shows the use of strace, od, and
even some parts of ls that I'll bet you didn't know about.
There are even some commands to help you find who's hogging
all your disk space!


4) App o' the week

Thought switches protect from sniffing? Think again. Dsniff
is a tool for network security auditing. It does some really
interesting things with your network, such as impersonating
the gateway. It's also a great tool for learning about how
the lower levels of the network work.


(C) 2001 BrainBuzz.com. All Rights Reserved.


         This message is from BrainBuzz.com.

You are currently subscribed to the
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail:
   send a blank email message to:


To Subscribe to this newsletter by e-mail:
   send a blank email message to: