5.11. Tutorial: combined practices of the different sections
We will begin by examining the general state of our system. We will carry out different steps in a Debian system. It is an unstable Debian system (the unstable version, but more updated); however, the procedures are, mostly, transferable to other distributions such as Fedora/Red Hat (we will mention some of the most important changes). The hardware consists of a Pentium 4 at 2.66 Ghz with 768 MB RAM and various disks, DVD and CD-writer, as well as other peripherals, on which we will obtain information as we proceed step by step.
First we will see how our system booted up the last time:
# uptime 17:38:22 up 2:46, 5 users, load average: 0.05, 0.03, 0.04
This command tells us the time that the system has been up since it last booted, 2 hours and 47 minutes and, in this case, we have 5 users. These will not necessarily correspond to five different users, but they will usually be opened user sessions (for example, through one terminal). The who command provides a list of these users. The load average is the system's average load over the last 1, 5 and 15 minutes.
Let's look at system's boot log (dmesg command), and the lines that were generated when the system booted up (we have removed some lines for the purpose of clarity):
Linux version 2.6.20-1-686 (Debian 2.6.20-2) (waldi@debian.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sun Apr 15 21:03:57 UTC 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ce000 - 00000000000d0000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000002f6e0000 (usable) BIOS-e820: 000000002f6e0000 - 000000002f6f0000 (ACPI data) BIOS-e820: 000000002f6f0000 - 000000002f700000 (ACPI NVS) BIOS-e820: 000000002f700000 - 000000002f780000 (usable) BIOS-e820: 000000002f780000 - 0000000030000000 (reserved) BIOS-e820: 00000000ff800000 - 00000000ffc00000 (reserved) BIOS-e820: 00000000fffffc00 - 0000000100000000 (reserved) 0MB HIGHMEM available. 759MB LOWMEM available.
These first lines already indicate some interesting data: the Linux kernel is version 2.6.20-1-686, one version 2.6 revision 20 at revision 1 of Debian and for 686 machines (Intel x86 32 bits architecture). They also indicate that we are booting a Debian system, with this kernel which was compiled with a GNU gcc compiler, version 4.1.2 and the date. There is then a map of the memory zones used (reserved) by the BIOS and then the total memory detected in the machine: 759 MB, to which we would have to add the first 1 MB, making a total of 760 MB.
 |
Kernel command line: BOOT_IMAGE=LinuxNEW ro root=302 lang=es acpi=force Initializing CPU#0 Console: colour dummy device 80x25 Memory: 766132k/777728k available (1641k kernel code, 10968k reserved, 619k data, 208k init, 0k highmem) Calibrating delay using timer specific routine.. 5320.63 BogoMIPS (lpj=10641275) |
Here, we are told how the machine booted up and which command line has been passed to the kernel (different options may be passed, such as lilo or grub). And we are booting in console mode with 80 x 25 characters (this can be changed). The BogoMIPS are internal measurements of the kernel of the CPU speed. There are architectures in which it is difficult to detect how many MHz the CPU works with and this is why this speed measurement is used. Subsequently, we are given more data on the main memory and what it is being used for at this booting stage.
|
CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 512K CPU: Hyper-Threading is disabled Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. CPU0: Intel P4/Xeon Extended MCE MSRs (12) available CPU0: Intel(R) Pentium(R) 4 CPU 2.66GHz stepping 09 |
Likewise, we are given various data on the CPU: the size of the first-level cache, the internal CPU cache, L1 divided in a TraceCache of the Pentium 4 (or cache instruction), and the data cache and the unified second-level cache (L2), the type of CPU, its speed and the system's bus.
|
PCI: PCI BIOS revision 2.10 entry at 0xfd994, last bus=3 Setting up standard PCI resources ... NET: Registered protocol IP route cache hash table entries: 32768 (order: 5, 131072 bytes) TCP: Hash tables configured (established 131072 bind 65536) checking if image is initramfs... it is Freeing initrd memory: 1270k freed fb0: VESA VGA frame buffer device Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A 00:09: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize PNP: PS/2 Controller [PNP0303:KBC0,PNP0f13:MSE0] at 0x60,0x64 irq 1,12 i8042.c: Detected active multiplexing controller, rev 1.1. serial: i8042 KBD port at 0x60,0x64 irq 1 serial: i8042 AUX0 port at 0x60,0x64 irq 12 serial: i8042 AUX1 port at 0x60,0x64 irq 12 serial: i8042 AUX2 port at 0x60,0x64 irq 12 serial: i8042 AUX3 port at 0x60,0x64 irq 12 mice: PS/2 mouse device common for all mice |
The kernel and devices continue to boot, mentioning the initiation of the network protocols. The terminals, the serial ports ttyS0 (which would be com1) and ttyS01 (com2). It provides information on the RAM disks that are being used, the detection of PS2 devices, keyboard and mouse.
|
ICH4: IDE controller at PCI slot 0000:00:1f.1 ide0: BM-DMA at 0x1860-0x1867, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0x1868-0x186f, BIOS settings: hdc:DMA, hdd:pio Probing IDE interface ide0... hda: FUJITSU MHT2030AT, ATA DISK drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Probing IDE interface ide1... hdc: SAMSUNG CDRW/DVD SN-324F, ATAPI CD/DVD-ROM drive ide1 at 0x170-0x177,0x376 on irq 15 SCSI subsystem initialized libata version 2.00 loaded. hda: max request size: 128KiB hda: 58605120 sectors (30005 MB) w/2048KiB Cache, CHS=58140/16/63<6>hda: hw_config=600b , UDMA(100) hda: cache flushes supported hda: hda1 hda2 hda3 kjournald starting. Commit interval 5 seconds EXT3-fs: mounted file system with ordered data mode. hdc: ATAPI 24X DVD-ROM CD-R/RW drive, 2048kB Cache, UDMA(33) Uniform CD-ROM driver Revision: 3.20 Addinf 618492 swap on /dev/hda3. |
Detection of IDE devices, detecting the IDE chip in the PCI bus and reporting what is driving the devices: hda, and hdc, which are, respectively: a hard disk (Fujitsu), a second hard disk, a Samsung DVD Samsung, and a CD-writer (given that in this case, we have a combo unit). It indicates active partitions. Subsequently, the machine detects the main Linux file system, a journaled ext3, that activates and adds the swap space available in a partition.
|
usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb input: PC Speaker as /class/input/input1 USB Universal Host Controller Interface driver v3.0 hub 1-0:1.0: USB hub found hub 1-0:1.0: 2 ports detected uhci_hcd 0000:00:1d.1: UHCI Host Controller uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 uhci_hcd 0000:00:1d.1: irq 11, io base 0x00001820 usb usb2: configuration #1 chosen from 1 choice hub 2-0:1.0: USB hub found hub 2-0:1.0: 2 ports detected hub 4-0:1.0: USB hub found hub 4-0:1.0: 6 ports detected |
More detection of devices, USB (and the corresponding modules); in this case, two hub devices (with a total of 8 USB ports) have been detected.
|
parport: PnPBIOS parport detected. parport0: PC-style at 0x378 (0x778), irq 7, dma 1 [PCSPP,TRISTATE,COMPAT,EPP,ECP,DMA] input: ImPS/2 Logitech Wheel Mouse as /class/input/input2 ieee1394: Initialized config rom entry 'ip1394' eepro100.c:v1.09j-t 9/29/99 Donald Becker Synaptics Touchpad, model: 1, fw: 5.9, id: 0x2e6eb1, caps: 0x944713/0xc0000 input: SynPS/2 Synaptics TouchPad as /class/input/input3agpgart: Detected an Intel 845G Chipset agpgart: Detected 8060K stolen Memory agpgart: AGP aperture is 128M eth0: OEM i82557/i82558 10/100 Ethernet, 00:00:F0:84:D3:A9, IRQ 11. Board assembly 000000-000, Physical connectors present: RJ45 e100: Intel(R) PRO/100 Network Driver, 3.5.17-k2-NAPI usbcore: registered new interface driver usbkbd Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered.lp0: using parport0 (interrupt-driven). ppdev: user-space parallel port driver |
And the final detection of the rest of the devices: Parallel port, mouse model, FireWire port (IEEE1394) network card (Intel), a touchscreen, the AGP video card (i845). More data on the network card, an intel pro 100, registry of usb as mass storage (indicates a USB storage device as an external disk) and detection of parallel port.
We can also see all this information, which we accessed through the dmesg command, dumped in the system's main log, /var/log/messages. In this log, we will find the kernel messages, among others, the messages of the daemons and network or device errors, which communicate their messages to a special daemon called syslogd, which is in charge of writing the messages in this file. If we have recently booted the machine, we will observe that the last lines contain exactly the same information as the dmesg command,
for example, if we look at the final part of the file (which is usually very large):
# tail 200 /var/log/messages
We observe the same lines as before and some more information such as:
|
shutdown[13325]: shutting down for system reboot kernel: usb 4-1: USB disconnect, address 3 kernel: nfsd: last server has exited kernel: nfsd: unexporting all file systems kernel: Kernel logging (proc) stopped. kernel: Kernel log daemon terminating.exiting on signal 15 syslogd 1.4.1#20: restart.kernel: klogd 1.4.1#20, log source = /proc/kmsg started. Linux version 2.6.20-1-686 (Debian 2.6.20-2) (waldi@debian.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sun Apr 15 21:03:57 UTC 2007 kernel: BIOS-provided physical RAM map: |
The first part corresponds to the preceding shutdown of the system, informing us that the kernel has stopped placing information in /proc, that the system is shutting down... At the beginning of the new boot, the Syslogd daemon that generates the log is activated, and the system begins to load, which tells us that the kernel will begin to write information in its system, /proc; we look at the first lines of the dmesg mentioning the version of the kernel that is being loaded and we then find what we have seen with dmesg.
At this point, another useful command for finding out how the load process has taken place is Ismod, which will tell us which modules have been loaded in the kernel (summarised version):
# lsmod Module Size Used by nfs 219468 0 nfsd 202192 17 exportfs 5632 1 nfsd lockd 58216 3 nfs,nfsd nfs_acl 3616 2 nfs,nfsd sunrpc 148380 13 nfs,nfsd,lockd,nfs_acl ppdev 8740 0 lp 11044 0 button 7856 0 ac 5220 0 battery 9924 0 md_mod 71860 1 dm_snapshot 16580 0 dm_mirror 20340 0 dm_mod 52812 2 dm_snapshot,dm_mirror i810fb 30268 0 vgastate 8512 1 i810fb eeprom 7184 0 thermal 13928 0 processor 30536 1 thermal fan 4772 0 udf 75876 0 ntfs 205364 0 usb_storage 75552 0 hid 22784 0 usbkbd 6752 0 eth1394 18468 0 e100 32648 0 eepro100 30096 0 ohci1394 32656 0 ieee1394 89208 2 eth1394,ohci1394 snd_intel8x0 31420 1 snd_ac97_codec 89412 1 snd_intel8x0 ac97_bus 2432 1 snd_ac97_codec parport_pc 32772 1 snd 48196 6 snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer ehci_hcd 29132 0 ide_cd 36672 0 cdrom 32960 1 ide_cd soundcore 7616 1 snd psmouse 35208 0 uhci_hcd 22160 0 parport 33672 3 ppdev,lp,parport_pc intelfb 34596 0 serio_raw 6724 0 pcspkr 3264 0 pci_hotplug 29312 1 shpchp usbcore 122312 6 dvb_usb,usb_storage,usbkbd,ehci_hcd,uhci_hcd intel_agp 22748 1 agpgart 30504 5 i810fb,drm,intelfb,intel_agp ext3 121032 1 jbd 55368 1 ext3 ide_disk 15744 3 ata_generic 7876 0 ata_piix 15044 0 libata 100052 2 ata_generic,ata_piix scsi_mod 133100 2 usb_storage,libata generic 4932 0 [permanent] piix 9540 0 [permanent] ide_core 114728 5 usb_storage,ide_cd,ide_disk,generic,piix
We see that we basically have the drivers for the hardware that we have detected and other related elements or those necessary by dependencies.
This gives us, then, an idea of how the kernel and its modules have been loaded. In this process, we may already have observed an error, if the hardware is not properly configured or there are kernel modules that are not properly compiled (they were not compiled for the appropriate kernel version), inexistent etc.
The next step for examining the processes in the system, such as the ps (for process status) command, for example (only the system processes are shown, not the user ones):
|
# ps -ef UID PID PPID C STIME TTY TIME CMD |
Processes information, UID user that has launched the process (or the identifier with which it has been launched), PID and process code assigned by the system are consecutively shown, as the processes launch; the first is always 0, which corresponds to the init process. PPID is the id of the current parent process. STIME, time in which the process was booted, TTY, terminal assigned to the process (if there is one), CMD, command line with which it was launched.
|
root 1 0 0 14:52 ? 00:00:00 init [2] root 3 1 0 14:52 ? 00:00:00 [ksoftirqd/0] root 143 6 0 14:52 ? 00:00:00 [bdflush] root 145 6 0 14:52 ? 00:00:00 [kswapd0] root 357 6 0 14:52 ? 00:00:01 [kjournald] root 477 1 0 14:52 ? 00:00:00 udevd --daemon root 719 6 0 14:52 ? 00:00:00 [khubd] |
Various system daemons, such as the kswapd daemon, which controls the virtual memory swaps. Handling of system buffers (bdflush). Handling of file system journal (kjournald), USB handling (khubd). Or the udev daemon that controls the hot device connection. In general, the daemons are not always identified by a d at the end, and if they have a k at the beginning, they are normally internal threads of the kernel.
|
root 1567 1 0 14:52 ? 00:00:00 dhclient -e -pf ... root 1653 1 0 14:52 ? 00:00:00 /sbin/portmap root 1829 1 0 14:52 ? 00:00:00 /sbin/syslogd root 1839 1 0 14:52 ? 00:00:00 /sbin/klogd -x root 1983 1 0 14:52 ? 00:00:09 /usr/sbin/cupsd root 2178 1 0 14:53 ? 00:00:00 /usr/sbin/inetd |
We have dhclient, which indicates that the machine is the client of a DHCP server, for obtaining its IP. Syslogd, a daemon that sends messages to the log. The cups daemon, which, as we have discussed, is related to the printing system. And inetd, which, as we shall see in the section on networks, is a type of "superserver" or intermediary of other daemons related to network services.
|
root 2154 1 0 14:53 ? 00:00:00 /usr/sbin/rpc.mountd root 2241 1 0 14:53 ? 00:00:00 /usr/sbin/sshd root 2257 1 0 14:53 ? 00:00:00 /usr/bin/xfs -daemon root 2573 1 0 14:53 ? 00:00:00 /usr/sbin/atd root 2580 1 0 14:53 ? 00:00:00 /usr/sbin/cron root 2675 1 0 14:53 ? 00:00:00 /usr/sbin/apache www-data 2684 2675 0 14:53 ? 00:00:00 /usr/sbin/apache www-data 2685 2675 0 14:53 ? 00:00:00 /usr/sbin/apache |
There is also sshd, a safe remote access server (an improved version that permits services compatible with telnet and FTP). xfs is the fonts server (character types) of X Window. The atd and cron commands can be used for handling programmed tasks at a determined moment. Apache is a web server, which may have various active threads for attending to different requests.
|
root 2499 2493 0 14:53 ? 00:00:00 /usr/sbin/gdm root 2502 2499 4 14:53 tty7 00:09:18 /usr/bin/X :0 -dpi 96 ... root 2848 1 0 14:53 tty2 00:00:00 /sbin/getty 38400 tty2 root 2849 1 0 14:53 tty3 00:00:00 /sbin/getty 38400 tty3 root 3941 2847 0 14:57 tty1 00:00:00 -bash root 16453 12970 0 18:10 pts/2 00:00:00 ps -ef |
gdm is the graphical login of the Gnome desktop system (the entry point where we are asked for the login name and password) and the getty processes are the ones that manage the virtual text terminals (which we can see by pressing Alt+Fx (or Ctrl+Alt+Fx if we are in graphic mode). X is the process of the X Window System graphic server and is essential for executing any desktop environment above this. An open shell (bash), and finally, the process that we have generated when requesting this ps from the command line.
The ps command provides various command line options for adjusting the information that we want on each process, whether it is the time that it has been executing, the percentage of CPU used, memory used etc. (see man of ps). Another very interesting command is top, which does the same as ps but dynamically; in other words, it updates every certain period of time, we can classify the processes by use of CPU or memory and it also provides information on the state of the overall memory.
Other useful commands for resources management are free and vmstat, which provide information on the memory used and the virtual memory system:
# free total used free shared buffers cached Mem: 767736 745232 22504 0 89564 457612 -/+ buffers/cache: 198056 569680 Swap: 618492 1732 616760
# vmstat procs -----------memory---------- ---swap-- -----io-- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 1 0 1732 22444 89584 457640 0 0 68 137 291 418 7 1 85 7
The free command also shows the swap size, approximately 600 MB, which are not currently used intensely as there is sufficient physical memory space; there are still 22 MB free (which indicates a high use of the physical memory and the need to use swap soon). The memory space and swap (as of kernels 2.4) add to each other to comprise the total memory in the system, which in this case, means that there is a total of 1.4 GB available. This may seem a lot, but it will depend on the applications that are being executed.