The 17th chapter, the procedure management and the SELinux research

1. What is a program (process)
1.1 programs and programs (Process & program): Subroutines and parent programs, FORK-AND-EXEC, System services
1.2 multi-worker environment for Linux
2. Work Management (Job control)
2.1 What is Job Management
2.2 job control management: &, [Ctrl]-z, Jobs, FG, BG, kill
2.3 offline management issues: Nohup
3 . Program Management
3.1 program observation: PS (ps-l, PS aux, zombie), Top, Pstree
3.2 Program management: Signal, kill, Killall
3.3 in the order of operation of the program: PRI Ority, Nice, renice
3.4 System Resource observations: Free, uname, uptime, netstat, DMESG, Vmstat
4. Special files and Programs
4.1 with Suid/sgid permissions Make the running state
4.2/proc/* the meaning of the
4.3 query for files opened or opened by the running program: Fuser, Lsof, Pidof
5. SELinux discussion of
5.1 What is SELinux: Target, DAC, MAC
5.2 selinux operating mode: components, security This article, Domain/type
5.3 SELinux startup, shutdown and observation: g Etenforce, Sestatus, startup and shutdown, Setenforce
5.4 SELinux Network Service Run Example: Startup (ps-z), error condition, resolution (Chcon, Restorecon)
5.5 Selinu X Services Required: Setroubleshoot, Sealert, AUDITD, audit2why
5.6 SELinux Policy and Code management: Seinfo, Sesearch, Getsebool, Setsebool, SEM Anage
6. Focus Review

1. What is a program (process)

From the data in the previous chapters, we have always emphasized that all commands under Linux are related to the permissions that you can perform, and how does the system determine your permissions? Of course, the 14th chapter of account management refers to the uid/gid of the relevant concepts, as well as the attributes of the file correlation rom! To explain further, you probably know now that in Linux systems:" when triggering any event, the system will define him as a program, and give the program an ID, called the PID, and based on the user who inspired the program and the related attribute relationship , give this PID a set of valid permissions configuration. " from then on, this PID can be carried on the system above the action, and this PID permissions related!"

There seems to be nothing strange about this definition, but you have to understand what is called a "trigger event"!

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

1.1 Programs and programs (Process & program): Subroutines and parent programs, FORK-AND-EXEC, System services

1. Programs and Procedures (Process & program)

How do we generate a program? Actually very simple, is "running a program or command" can trigger an event and get a PID ROM! We said that the system should be only known binary file, then when we want to make the system work, of course, it is necessary to start a binary file, the binary file is the program!

We know that each program has three groups of people's rights , each group of people have r/w/x permissions, so: "Different user identity when you run this program, the system gives the same permissions!" "For example, we can use touch to create an empty file, and when Root runs the touch command, he gets the Uid/gid = 0/0 permission, and when Dmtsai (uid/gid=501/501) runs the touch, his permissions are Root is different! Let's look at this concept as a diagram to see the following:

As shown, the program is usually placed in the physical disk, and then through the user's operation to trigger. Triggered and then loaded into memory as an individual, that is the program. For the operating system to manage the program, so the program has to give the user permissions/attributes and other parameters, and include the program required command code and data or file data, and finally give a PID. The system is through this PID to determine whether the process has permission to work! He's very important!

When we want the operating system, we usually use the connection program or login directly in front of the host, and then get our shell, right? So, our shell is bash, right, this bash in/bin/bash right, then everyone at the same time landing is running/bin/bash right! However, each person's access is different! In other words, we can look at this:

That is, when we landed and run bash, the system has given us a PID , This PID is based on the uid/gid of the lander (/ETC/PASSWD) to the above figure 1.1.2 with the diagram 1.1.1 to do Ming, we know/bin/bash is a program, when Dmtsai landed, he obtained a PID number of 2234 program, the program User/group is Dmtsai, and when the program to do other jobs, such as the above mentioned T When ouch this command,

Let's make a summary of the program and the program:

• programs: Usually binary program, placed in the storage media (such as hard disk, CD-ROM, floppy disk, tape, etc.), the form of the entity file exists;
  
  
• Program (process): After the program is triggered, the user's permissions and properties, program code and required data will be loaded in memory, the operating system and give the memory of the Unit an identification code (PID), it can be said that the program is a running program.

----------------------------------------------------------------------

2. Subroutine and Parent program:

In the above note, we refer to the so-called "derivative procedure", what is a knock? Well, when we log into the system, we get a bash shell, and then we use this bash interface to run another command, such as/USR/BIN/PASSWD or touch and so on, those other running commands will be triggered to become PID, OH Oh! The PID that was then generated by running the command was "subroutine" , and in our original bash environment, it was called "The Parent program"! Let 's borrow the illustrations we used in Chapter 11 Bash for export :

So you have to know that the program is relevant to each other! In the above illustration, after running two bash in a row, the second bash's parent program is the previous bash. Because each program has a PID, how does the parent program of a program judge? it can be judged by the Parent PID (PPID) . In addition, from the export content of Chapter 11 We also discussed the inheritance of environmental variables, subroutines can get the parent program environment variables! Let's do the exercises below to see what the subroutine/parent program is.

Many friends often find:"Gee!" Clearly I will have the problem of the program closed, how can he be automatically generated after a while? and the new program's PID is not the same as the original, what is the matter? "Do not doubt, if not the impact of crontab work scheduling , Ken has a parent program exists, so you kill the subroutine, the parent program will actively regenerate one!" So what? This is the so-called: "The thief first to seize the King", find out the Father program, and then delete it is right!

----------------------------------------------------------------------

3.fork and EXEC: Process for program calls
In fact, the relationship between the subroutine and the parent program is quite complicated, the biggest complication is the call between the program and the other. Program calls in Linux are usually called fork-and-exec processes ( NOTE 1)! The program will be copied (fork) by the parent program to produce an identical subroutine, and then copied out of the subroutine to run the actual program, and eventually become a subroutine exists. the whole process is a bit like the bottom picture:

(1) The system first to fork the same cache program as the parent program, the only difference between this program and the parent program is the PID is different! But this cache program will also have a PPID parameter, PPID as described earlier, is the program identification code of the parent program! Then (2) The cache program starts to exec load the actual program to run, as described above, the new program name is QQQ, the final subroutine program code will become QQQ! You know that!

----------------------------------------------------------------------
4. System or Network services: resident in-memory program

If we have learned some of the command data, in fact, our orders are very simple, including using LS display files Ah, with touch to create files Ah, RM/MKDIR/CP/MV and other commands to manage files Ah, chmod/chown/passwd and so on the command to manage permissions and so on , However, these commands end when they run out . In other words, the PID generated after the command is triggered will soon be terminated! Is there a program that's been running? Yes, of course! And many of them!

As a simple example, we know that the system scans the/etc/crontab and related configuration files every minute to schedule the work. So who's responsible for that job schedule? Of course not Brother Bird! Oh! is Crond this program to manage, we will he started in the background has been continuously running, set a sentence before the DOS era often said, that is "resident in Memory Program" !

The programs that reside in memory are usually responsible for the functions provided by some systems to serve the user's tasks, so These residency procedures are referred to as: Services (daemon). The service of the system is very much, but it is mainly divided into the services needed by the system itself, such as the Crond and ATD, and the syslog and so on. Some are also responsible for network connection services, such as Apache, named, Postfix, vsftpd ... Wait a minute. These network services are interesting places, and after these programs are run, he initiates a port that can be responsible for network monitoring to provide the connection requirements of the external client (client).

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

1.2 Linux Multi-person multi-work environment

We now know, in fact, under the Linux run a command, the system will be related to the permissions, properties, code and data, such as loading memory, and give the unit a Program identification code (PID), and finally the command can be carried out by the task of the PID is related to the permissions. According to this note, we can simply understand why Linux is so many users, but everyone can have their own environment! ^_^! Let's talk about the features of the Linux multi-person and multi-work environment:

• Multi-person Environment:

The best part of Linux is his multi-worker environment! So what is "multi-person and multi-worker"? The Linux system has a number of different accounts, each account has its own special permissions, only one person has the supremacy of power, that is, root (System administrator). Except for Root, others must be subject to some restrictions! And everyone's environment configuration that goes into Linux can be configured with everyone's preference (remember the ~/.BASHRC we mentioned in the 11th chapter of BASH?). That's right! That's the light! )！ Now you know why? Because each person landed after the shell PID has different!

• Multi-ICBC for:

We talked about CPU speed in the 0th chapter, and the current CPU speed can be up to several GHz. This means that the CPU can run 109 so many commands per second. Our Linux allows the CPU to switch between the various jobs, that is, each job only takes up a few commands of the CPU, so the CPU can switch between the various programs every second! The CPU can run so many commands in a second.

CPU switching programs work, and these work into the CPU to run the scheduling (CPU scheduling, non-crontab scheduling) will affect the overall performance of the system! The current multi-switch behavior used by Linux is a great mechanism for almost all of the performance of the PC to be squeezed out! Because the performance is very good, so when many people at the same time landing system, in fact, will feel the entire host as if you exist in general! This is a multi-worker environment! (Note 2)

• Seven basic terminal windows for multiple landing environments:

In Linux, the default provides six text interface landing Windows, as well as a graphical interface, you can use [ALT]+[F1] ... [F7] To switch between the different terminal interface, and each terminal interface of the lander can also be different people! It's gorgeous! This thing can be very useful! Especially when a program dies!

In fact, this is a multi-work environment generated by a situation! Our Linux default will start the six Terminal Landing Environment program, so we will have six terminal interface. You can also reduce AH! is to reduce the startup of the terminal program is good. Detailed data can first consult/etc/inittab this file, in the future we start the management process (20th chapter) will be carefully introduced!

• Special Program Management Behavior:

Old bird brother Stupid, always think that using Windows 98 is OK! Later, because of the work of the relationship, need to use the UNIX system, I want to say that I just in front of the work machine, not to run to the UNIX workstation in front of it! So just use Windows to work with my Unix workstation! Good to die, I a program to run down to 2-3 days, alas ~ often to the first 2.5 days, Windows 98 will give him to hang points! He was really scared to death.

Later because of the new computer, with a random version of Windows 2000, Oh, this thing is really good (refers to single person), in the crash, he can only the wrong program kicked off, and not interfere with other procedures, hehe! From then on, you don't have to worry about the crash! However, 2000 is not good enough, because sometimes it will die!

So does Linux have this problem? To be honest, Linux can almost say that it will never crash! Because he can kill a trapped program at any time and then rerun the program without restarting! That's cool! So if I am in the Linux under the text interface Landing, in the screen display error message after hanging up ~ Move can not move, how is good!? This time the default of seven Windows to help! You can press [ALT]+[F1] at will. [F7] To switch to the other terminal interface, and then to ps-aux to find out just the wrong program, and then give him kill , haha, back to just the terminal interface! Yes, great! Return to normal again!

Why is it possible to do so? Didn't we just mention it? Each program may be independent, or may have dependencies, as long as the independent program, delete the problem of the program, of course, he can be removed by the system! ^_^

• Job Management in bash environments (Job control)

We mentioned in the previous section the so-called "parent program, subroutine" relationship, then after we landed bash, we got a PID called Bash, and the other commands running under this environment are almost all called subroutines. So, under this single bash, can I do multiple jobs? Of course you can! You can do it "at the same time." For example, I can do this:

In this sequence of commands, focusing on that & function, he said to copy file1 this file as File2, and put it in the background to run, that is, after running this command, in this one terminal interface can still do other work! And when this command (CP file1 File2) is finished, the system will display the completed message in your terminal interface! Very convenient!

• The system resource allocation problem of multi-person and multi-work is considered:

Many people and many workers do have a lot of benefits, but in fact there are management problems, because users are more and more, will lead to your management of the trouble! In addition, due to the user of the day, when the user reached a certain number of people, usually your machine will need to upgrade, because the CPU operation and the size of the RAM may not be used!

For example, bird Brother's previous site management is a bit bad, because the use of a very complex number of statistical procedures, the program will continue to fetch data from the MySQL database, but because of the large traffic, resulting in MySQL is very busy. In this case, when Brother Bird wants to log in to write Web data, or to use the resources of the discussion area, wow! It's slow! It's "Turtle speed"! Later finally, the program stopped the use of a small program to write their own to replace, hehe! In this way, the CPU load (loading) down the whole down ~ use more smoothly! ^_^

2. Work management (Job control)

This job control is used in a bash environment, which means: " when we log into the system and get the bash shell, we perform multiple actions simultaneously under a single terminal interface ." For example, when we landed bash, we wanted to copy files, search the data, compile on one side, and write the VI program on the side! Of course we can repeat the landing on the six-text interface in the terminal environment, but can it be achieved within a bash? Of course you can! Just use job control ! ^_^

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

2.1 What is Job management

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

2.2 Job control management: &, [Ctrl]-z, Jobs, FG, BG, kill

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

2.3 Offline management issues: Nohup

3. Program Management

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

3.1 Program observations: PS (ps-l, PS aux, zombie), Top, Pstree

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

3.2 Program Management: Signal, Kill, Killall

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

3.3 about the order in which the program is run: priority, nice, Renice

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

3.4 System Resource observations: Free, uname, uptime, netstat, DMESG, vmstat

4. Special Documents and procedures

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

4.1 Command run state with Suid/sgid permissions

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

The meaning of the representative of 4.2/proc/*

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

4.3 Querying open files or running programs open files: Fuser, lsof, pidof

5. SELinux Research
　　

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.1 What is SELinux: Target, DAC, MAC

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.2 SELinux Operating mode: components, security this article, Domain/type

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.3 SELinux startup, shutdown and observation: Getenforce, Sestatus, start and close, Setenforce

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.4 SELinux Network SERVICE Operation Example: Startup (ps-z), error condition, resolution (Chcon, Restorecon)

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.5 SELinux Services Required: Setroubleshoot, Sealert, AUDITD, audit2why

--------------------------------------------------------------------------------------------------------------- -------------------------------------------

5.6 SELinux Policy and Code management: Seinfo, Sesearch, Getsebool, Setsebool, Semanage

6. Key reviews

The 17th chapter, the procedure management and the SELinux research