Linux basic configuration and management 8-program management and SELinux

1. what is process 1 in Linux, when any event is triggered, the system will define it as a process and give the process an ID called PID, at the same time, based on the relationship between the user who triggered the process and related properties, the PID is given a valid set of permissions.

1. what is a process?

1 in Linux, when an event is triggered, the system will define it as a process and give the process an ID called PID, at the same time, based on the relationship between the user who triggered the process and the relevant properties, give this PID a set of valid permission settings

2. as we said, the system should only recognize binary files. when we want the system to work, of course, we need to start a binary file, which is a program.

3 Programs: Binary programs are usually stored in storage media (such as hard disks, optical disks, floppy disks, and tapes) and exist as physical files.

Process: After a program is triggered, the executor's permissions and attributes, program code and required data will be loaded into the memory. the operating system then gives the unit in the memory an identifier PID, A process is a running program.

4. After two bash statements are executed consecutively, the parent process of the second bash statement is the previous bash statement. because each process has a PID, the parent process of a process can be determined by PPID.

5 in Linux process calling, it is usually called the fork-and-exec process: the process will generate an identical process through the parent process in the fork copy mode, then the copied sub-process executes the actual process in exec mode, and eventually becomes the existence of a sub-process.

6. the system first copies a temporary process identical to the parent process in fork mode. the unique difference between the process and the parent process is that the PID is different, but the temporary process will have an additional PPID parameter, then, the temporary process starts to load the program to be executed in exec mode, and eventually becomes a sub-process.

2. work management

1. in work management, every job is a subprocess of bash, that is, it is related to each other. That is, we cannot manage the bash of tty2 from the tty1 environment in the way of work management.

2. assume that I only have one terminal. Therefore, when a prompt is displayed, the environment you operate on is called the foreground. for other work, you can put it in the background to pause or run it. It should be noted that when the work put into the background is to be run, it must not be able to interact with the user.

3 In short, the limits for job management are:

1. the processes triggered by these jobs must come from your shell sub-processes.

2 front-end: the environment in which you can control and execute commands is called front-end work.

3. backend: you can run the job on your own. you cannot use Ctrl + c to terminate the job. you can use bg/fg to call the job.

4. the "executed" process on the background cannot wait for terminal input.

4. directly drop the command to the "execute" & in the background, which indicates "throwing work to the background is not afraid of being interrupted by Ctrl + c.

5. drop the current job to "pause" on the background, Ctrl + z

6 in normal vi mode, press Ctrl + z and [1] will appear on the screen, indicating that this is the first job, that + represents the most recent job that has been thrown into the background and will be used by default in the background. Stopped indicates that the job is paused.

7 In fact, the background work + represents The Work Number recently put in the background,-represents the last two work numbers placed in the background, and more than the last three work numbers, no +/-symbol exists.

8. get the background work to the foreground to process fg, fg % jobnumber, and jobnumber is The Work Number.

9. change the working background to running bg, bg % jobnumber, and jobnumber is the working number.

10 management background work kill

Kill-signal % jobnumber

-1. read the parameter configuration file again.

-2 indicates that the same operation is performed by entering Ctrl + c on the keyboard.

-9. immediately force delete a job.

-15. terminate a job with a normal program and force delete the job.

The number followed by 11 kill will be PID by default. if you want to manage bash's work control, you have to add % number.

12 offline management problems

1 The "background" mentioned in work management refers to a situation that can avoid Ctrl + c interruptions in terminal mode, rather than putting it on the background of the system.

2. we can run the nohup command in the system background.

Nohup commands and parameters --> work on the terminal's front-end

Nohup commands and parameters & --> work in the background of the system

3 nohup does not support bash built-in commands, so your commands must be external commands.

4 if we want to enable the background work to continue executing after you log out, we can use the nohup command

3. Process Management

1. process View is divided into two types of static ps and dynamic top

2 ps related commands

Ps aux --> view all process data of the system

Ps-lA --> view data of all systems

Ps axjf --> along with the status of some process trees

3. Generally, the cause of a botnet process is that the process should be completed or terminated for some reason, but the parent process of the process cannot completely end the process, the process is always in the memory. Run the ps axu command to view the process status. It indicates a Zombie process.

4. view the process changes dynamically. The top-d number --> number indicates that it takes several seconds to refresh the process.

5 in general, we often need to find the process that consumes the most resources. most of them use the top program and then force the process to sort resources with the CPU.

6. all processes are attached to the init process. The PID of the init process is No. 1, because it is the first process actively called by the Linux kernel.

7. View system resources

1 free View memory usage

2 uname: View system and kernel information

3. view the system startup time and workload in uptime.

4. netstat tracking network

5 dmesg analyzes the information generated by the kernel

Research on SELinux

1. what is SELinux? In fact, this is what security enhancement Linux means.

2 SELinux controls the process through MAC. it controls the process, and the target is the file resource that the process can read.

3. SELinux supports three modes.

Ecforcing: Forced mode, indicating that SELinux is running

Permissive: the tolerant mode, which indicates that SELinux is running. However, only warning information is provided, which does not actually limit domain/type access.

Disabeld: Disabled. SELinux is not actually running.

4. you can use getenforce to view the current SELinux mode.

5. if SELinux is to be started, modify/etc/selinux/config, set SELINUX = enforing in this file, and specify SELINUXTYPE = targeted, and to/boot/grub/menu. run the lst file to check whether SELinux is disabled in the kernel.