Linux program management and SELinux

Linux program management and SELinux 1 What is a program file: usually stored in the storage media in the form of a binary file program and permissions: when a program is executed, the executor's permissions and attributes, program code (binary file content) and other data will be loaded into the memory by the operating system, the operating system gives the memory unit an identifier (PID ). Subprogram www.2cto.com and parent program: a shell, such as a bash program, is obtained after you log on to the system. Start another bash in this bash. The newly started bash is the original bash subroutine, and the original bash is the new bash parent program. You can know the Parent program of a program through the Parent PID (PPID. The following is an example: minix007 :~ $ Ps-lF s uid pid ppid c pri ni addr sz wchan tty time spent 0 S 1000 7538 7530 5 80 0-2315 wait pts/1 00:00:00 bash0 R 1000 7598 7538 0 80 0 0- 1177-pts/1 00:00:00 psminix007: ~ $ Bashminix007 :~ $ Ps-lF s uid pid ppid c pri ni addr sz wchan tty time spent 0 S 1000 7538 7530 0 80 0-2315 wait pts/1 00:00:00 bash0 S 1000 7599 7538 9 80 0- 2316 wait pts/1 00:00:00 bash0 R 1000 7655 7599 0 80 0-1177-pts/1 00:00:00 ps first input ps-l, we found two programs. The first bash is the shell we are using. The PID is 7538, and the second bash is ps. It is the program we just started in this shell, the PPID of ps is 7538, that is, the PID of its parent program is 7538. The second command starts another bash. You can see that the PID of this bash is 7599. Its PPID is 7538, that is, the third command of the shell PID is in use to start the ps program. You can see that the PPID of this ps program is 7599, that is, its parent program is the bash just started. The Startup Process of www.2cto.com fork and exec program: first, the parent program fork has an identical subroutine, and then execute the program resident memory program to be executed in exec mode: commands, such as ls, are executed once, but some programs need to be executed all the time, such as detection programs, which are resident in the memory. In a Linux multi-person, multi-task environment, Linux allows multiple users to log on to the system at the same time without interfering with each other. By default, Linux provides six command line terminals and one graphic terminal: tty1 ~ Tty7. Tty7 is a graphical terminal. In Ubuntu, you can use Ctrl + Alt + F1 ~ F7 switches between the seven terminals. When a program in a terminal dies, you can switch to another terminal, use ps-aux to check which program has an error, and kill it. 2. Why does job control put a program in the background for execution? If a program has been executed for a long time, we need to execute it in shell before entering the next command, linux is a multi-task operating system. In this way, it becomes a command and a command for execution. to execute a program and continue to use the terminal, you can put the program into the background for execution, in this way, the use of the terminal in the foreground is not affected. Www.2cto.com: You can add the & Symbol after the program command to be executed, for example, tar-jcv-f tctar.tar.bz2 t. c & Note: programs executed in the background cannot interact with users, and cannot be interrupted using ctrl + c. Enter Ctrl + Z in vim to temporarily transfer vim to the background, so that you can execute commands on the foreground without exiting vim. Observe the background program status: jobs $ jobs [1] + Stopped vim t. c $ jobs-l [1] + 8705 Stopped vim t. c. Call the background program to the foreground and execute: fg % num # num is the ID number of the job $ fg % 1vim t. c. Pause and resume the background program. Execute Ctrl + z: Pause bg % num: Pause the program in the background to stop or restart the program: kill $ kill-9% 1 # force remove 1 when the job is offline: nohup $ nohup. /foo. sh & now, even if you log out, the system will still execute foo. sh Program 3 The hypervisor observes ps-l: observe the program f s uid pid ppid c pri ni addr sz wchan tty time spent 0 S 1000 8594 8583 0 80 0-2318 wait pts/1 00:00:00 bash0 T 1000 882 8 8594 0 80 0-12020 signal pts/1 00:00:00 vim0 R 1000 8877 8594 0 80 0-1177-pts/1 00:00:00 psF: Program permission S: Program Status R: running state, s: sleep mode, can wake up, D: Can not wake up the sleep state, such as waiting for I/OT: Stop State, Z: BotNet state, the program has been terminated but cannot be removed from the memory UID: IDPID of the user who started the program: program id www.2cto.com PPID: parent program id C: cpu usage PRI/NI: Priority-related ADDR/SZ/WCHAN: memory-related, ADDR: memory part, SZ: Memory occupied, WCHAN: running status,-Indicates running TTY: logon terminal location TIME: used cpu time cmd: used command ps aux: observe all programs running in the System user pid % CPU % MEM VSZ RSS TTY STAT START TIME COM MANDminix007 8828 0.0 0.2 48080 8568 pts/1 Tl vim t. croot 8988 0.6 0.0 0 0? S [kworker/] root 9045 0.2 0.0 0 0? S [kworker/] minix007 9100 0.0 0.0 4948 pts/1 R + p.m. ps auxVSZ: The amount of virtual memory occupied by the program RSS: the fixed amount of memory occupied by the program top: Dynamic Observation of program changes Tasks: 193 total, 2 running, 189 sleeping, 1 stopped, 1 zombieCpu (s): 0.5% us, 1.8% sy, 0.0% ni, 97.6% id, 0.1% wa, 0.0% hi, 0.0% si, 0.0% stMem: 3962820 k total, 3283620 k used, 679200 k free, 400800 k buffersSwap: 3905532 k total, 0 k used, 3905532 k free, 1915036 k cached PID USER PR NI Virt res shr s % CPU % mem time + COMMAND 9156 root 20 0 0 0 R 4 0.0. 21 kworker/1900 minix007 20 0 247 m 71 m 32 m S 3 1.8. 01 compiz 1089 root 20 0 126 m 65 m 8904 S 1 1.7. 94 Xorg 18 root 20 0 0 0 S 1 0.0. 87 kworker/1969 minix007 20 0 113 m 20 m 10 m S 0 0.5. 10 unity-panel-ser 6651 minix007 20 0 268 m 26 m 8880 S 0 0.7. 59 chrome operation: sort by P by CPU usage, sort by M by memory usage, change the NI value by r, and help by h, Press q to exit. Pstree: displays the program tree and shows the relationship between programs. Basic Principle of program management: you can send a signal to the program to tell the program what you want it to do. These signals include SIGNUP (restart), SIGINT (equivalent to ctrl + c), and so on. You can use man 7 signal to query details. Basic Methods: kill-signal PIDkillall processNamekillall priority (PRI) of emacs program execution: the lower the PRI, the higher the priority. The kernel dynamically adjusts the priority. Users cannot change nicePRI (new) = PRI (old) + nice, so you can adjust the PRI value through nice, but it does not take effect after modification, the system also needs to analyze and judge. Method 1: When you start a program, use nice-n command to set the nice value. The value range is-20 ~ 19 Method 2: The program has been started. Use renice [number] PID to set system resources. Observe free: Observe memory $ free total used free shared buffers cachedMem: 3962820 2067520 1895300 0 379912-/+ buffers/cache: 925868 761740 Swap: 3201080 0 3905532 uname: view system and kernel information (eg: uname-) $ uname-aLinux minix007-ubuntu-desktop 3.2.0-37-generic-pae # 58-Ubuntu SMP Thu Jan 24 15:51:02 UTC 2013 i686 i686 i386 GNU/Linuxuptime: Observe the system startup time and workload $ uptime 15:14:15 1, 2 users, load average: 0.23, 0.24, 0.23 netstat: View Network Status $ netstat-t # list tcp network packet data Active Internet connections (w/o servers) proto Recv-Q Send-Q Local Address Foreign Address State tcp 1 0 minix007-ubuntu-des: 44769 mistletoe. canonica: http CLOSE_WAIT tcp 0 0 minix007-ubuntu-des: 37063 112.90.137.192: http ESTABLISHEDdmesg: Check the kernel generated information when the kernel boot, the kernel will detect hardware information, running, the kernel will also generate some information, this information is stored in a protected area in the memory and can be obtained using dmesg. Vmstat: detects system resource changes. $ vmstat 1 3 # checks the system status once per second, three times in total: procs ----------- memory ---------- --- swap -- ----- io -----system -- ---- cpu ---- r B swpd free buff cache si so bi bo in cs us sy id wa 1 0 0 1889048 380780 929772 0 0 17 14 160 286 2 2 96 1 2 0 1889172 380780 929772 0 0 0 0 435 1 1 1 99 0 2 0 788 1889164 0 0 0 0 380780 929772 1 1 99 04 Special files and programs this section discusses the relationship between SUID/SGID/SBIT and program permissions passwd: why do common users have Root permission? This is because a new program and PID will be obtained when passwd is executed. When this PID is generated, SUID is used to grant the corresponding permissions to this program. Www.2cto.com/proc: All programs running in the memory are stored in the/proc directory as files or directories. Fuser: Find the program that uses the specified file, file system, or directory. For example, if [device is busy] is found when umount is used, you can use fuser to find out which program is using the file system. Lsof: Find out the file pidof used by the Program: Find out the PID of the program being executed $ pidof emacs70215 SELinux what is SELinux: Security Enhanced Linux, Security Enhanced Linux. SELinux is a core module for detailed permission settings such as programs and archives.