Saturday, May 17, 2008

Linux Init and System Initialization


Init and Runlevels

The init process reads the file "/etc/inittab" and uses this file to determine how to create processes. Read the init man page for more information. Also note that init is always running and can dynamically do things and run processes based upon various signals. The administrator can also cause it to dynamically change system processes and runlevels by using the telinit program or editing the "/etc/inittab" file. Unix and Linux utilize what is called "runlevels". A runlevel is a software configuration of the system that allows only a selected group of processes to exist. Init can run the system in one of eight runlevels. These runlevels are 0-6 and S or s. The system runs in only one of these runlevels at a time. Typically these runlevels are used for different purposes. For Redhat Linux version 6, they are:

0

-

halt

1

-

Single user mode

2

-

Multiuser, without NFS (The same as 3, if you don't have networking)

3

-

Full multiuser mode

4

-

unused

5

-

X11

6

-

Reboot

The Inittab file

The "/etc/inittab" file instructs init which runlevel to start the system at and describes the processes to be run at each runlevel.. An entry in the inittab file has the following format:

id:runlevels:action:process

  • id – A unique sequence of 1-4 characters which identifies an entry in inittab.
  • runlevels – Lists the runlevels for which the specified action should be taken. This field may contain multiple characters for different runlevels allowing a particular process to run at multiple runlevels. For example, 123 specifies that the process should be started in runlevels 1, 2, and 3.
  • action - Describes which action should be taken. Valid actions are listed below
    • respawn - The process will be restarted whenever it terminates.
    • wait – The process will be started once when the specified runlevel is entered and init will wait for its termination.
    • once – The process will be executed once when the specified runlevel is entered
    • boot – The process will be executed during system boot. The runlevels field is ignored.
    • bootwait – Same as "boot" above, but init waits for its termination
    • off – This does nothing.
    • ondemand – This process will be executed whenever the specified ondemand runlevel is called.
    • initdefault – Specifies the runlevel which should be entered after system boot. If none exists, init will ask for a runlevel on the console. The process field is ignored.
    • sysinit – The process will be executed during system boot. It will be executed before any boot or bootwait entries. The runlevels field is ignored.
    • powerwait – The process will be executed when init receives the SIGPWR signal. Init will wait for the process to finish before continuing.
    • powerfail – Same as powerwait but init does not wait for the process to complete.
    • powerokwait – The process will be executed when init receives the SIGPWR signal provided there is a file called "/etc/powerstatus" containing the word "OK". This means that the power has come back again.
    • ctrlaltdel – This process is executed when init receives the SIGINT signal. This means someone on the system console has pressed the "CTRL-ALT-DEL" key combination.
    • kbrequest – The process will be executed when init receives a signal from the keyboard handler that a special key combination was pressed on the console keyboard.
    • process – Specifies the process to be executed. If the process starts with the '+' character, init will not do utmp and wtmp accounting for that process. This is needed for gettys that insist on doing their own utmp/wtmp housekeeping (a historic bug).

Below is an example file:

        # inittab       This file describes how the INIT process should set up
        #               the system in a certain run-level.
        #
        # Author:       Miquel van Smoorenburg, 
        #               Modified for RHS Linux by Marc Ewing and Donnie Barnes
        #
 
        # Default runlevel. The runlevels used by RHS are:
        #   0 - halt (Do NOT set initdefault to this)
        #   1 - Single user mode
        #   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
        #   3 - Full multiuser mode
        #   4 - unused
        #   5 - X11
        #   6 - reboot (Do NOT set initdefault to this)
        # 
1)        id:3:initdefault:
 
        # System initialization.
2)        si::sysinit:/etc/rc.d/rc.sysinit
 
3)        l0:0:wait:/etc/rc.d/rc 0
4)        l1:1:wait:/etc/rc.d/rc 1
5)        l2:2:wait:/etc/rc.d/rc 2
6)        l3:3:wait:/etc/rc.d/rc 3
7)        l4:4:wait:/etc/rc.d/rc 4
8)        l5:5:wait:/etc/rc.d/rc 5
9)        l6:6:wait:/etc/rc.d/rc 6
 
        # Things to run in every runlevel.
10)        ud::once:/sbin/update
 
        # Trap CTRL-ALT-DELETE
11)        ca::ctrlaltdel:/sbin/shutdown -t3 -r now
 
        # When our UPS tells us power has failed, assume we have a few minutes
        # of power left.  Schedule a shutdown for 2 minutes from now.
        # This does, of course, assume you have powerd installed and your
        # UPS connected and working correctly.  
12)        pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
 
        # If power was restored before the shutdown kicked in, cancel it.
13)        pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"
 
 
        # Run gettys in standard runlevels
14)        1:2345:respawn:/sbin/mingetty tty1
15)        2:2345:respawn:/sbin/mingetty tty2
16)        3:2345:respawn:/sbin/mingetty tty3
17)        4:2345:respawn:/sbin/mingetty tty4
18)        5:2345:respawn:/sbin/mingetty tty5
19)        6:2345:respawn:/sbin/mingetty tty6
 
        # Run xdm in runlevel 5
        # xdm is now a separate service
20)        x:5:respawn:/etc/X11/prefdm -nodaemon

On the left side of the file listing, above, are added numbers to help describe lines. Those lines without line numbers are either blank or begin with a "#" which means the line is a comment.

  • On line 1 above you see "id:3:initdefault:". The id is "id" which stands for initdefault. Note it is unique on all the numbered lines. The runlevel is 3 which sets the default starting runlevel to runlevel 3. The action is initdefault which tells init to make this runlevel the default runlevel. Note that the process field is blank since it is ignored by the initdefault action.
  • Line 2 tells init to run the program "/etc/rc.d/rc.sysinit" during system boot, before any other processes.
  • Lines 3 through 9 tell init to run the program "/etc/rc.d/rc" for runlevels 0 through 6. Note that for each line the appropriate runlevel is passed to the "/etc/rc.d/rc" script program on the command line. For example note on line 5 above the second field is the runlevel specifying 2. At the end of the line there is a space and a 2 which allows the variable 2 to be passed on the command line to the program.
  • Line 10 specifies that the program "/sbin/update" will run once for every runlevel.
  • Line 11 sets up the program "/sbin/shutdown" to run when someone on the system console has pressed the "CTRL-ALT-DEL" key combination.
  • Line 12 specifies "/sbin/shutdown" to run if the power fails. Note that there are different options passed on the command line for lines 11 and 12 although they run the same program.
  • Line 13 specified "/sbin/shutdown" will run if power is restored for any of runlevels 1 through 5.
  • Lines 14 through 19 specifies the "/sbin/mingetty" program to run on 6 different terminals for runlevels 2 through 5. This means that you can run 6 virtual terminals from your keyboard simultaneously by pressing "ALT-F1" through "ALT-F6". Note pressing "ALT-F&" or above will do nothing, but the screen will not change from your current terminal.

Note the order of programs to run as specified above are:

  1. /etc/rc.d/rc.sysinit
  2. /etc/sbin/update
  3. /etc/rc.d/rc 3 - Note: we are running runlevel 3 here.

Linux Boot Sequence

1) BIOS

2) Master Boot Record (MBR)

3) LILO or GRUB

4) Kernel

5) init

6) Run Levels

1) BIOS

Load boot sector from one of:

Floppy

CDROM

Hard drive

The boot order can be changed from within the BIOS. BIOS setup can be entered by pressing a key during boot up. The exact key depends varies, but is often one of Del, F1, F2, or F10.

2)(DOS) Master Boot Record (MBR)

DOS in the context includes MS-DOS, Win95, and Win98.

BIOS loads and execute the first 512 bytes off the disk (/dev/hda)

Standard DOS MBR will:

look for a primary partition (/dev/hda1-4) marked bootable

load and execute first 512 bytes of this partition

can be restored with fdisk /mbr from DOS

3) LILO

does not understand filesystems

code and kernel image to be loaded is stored as raw disk offsets

uses the BIOS routines to load

Loading sequence

load menu code, typically /boot/boot.b

prompt for (or timeout to default) partition or kernel

for "image=" (ie Linux) option load kernel image

for "other=" (ie DOS) option load first 512 bytes of the partition

Reconfiguring LILO

One minute guide to installing a new kernel

copy kernel image (bzImage) and modules to /boot and /lib/modules

edit /etc/lilo.conf

duplicate image= section, eg:

image=/bzImage-2.4.14

label=14

read-only

man lilo.conf for details.Click here for manpage of lilo.conf

run /sbin/lilo

reboot to test

GRUB

Understands file systems

config lives in /boot/grub/menu.lst or /boot/boot/menu.lst

4)Kernel

initialise devices

(optionally loads initrd, see below)

mounts root filesystem

specified by lilo or loadin with root= parameter

kernel prints: VFS: Mounted root (ext2 filesystem) readonly.

runs /sbin/init which is process number 1 (PID=1)

init prints: INIT: version 2.76 booting

can be changed with boot= parameter to lilo, eg boot=/bin/sh can be useful to rescue a system which is having trouble booting.

initrd

Allows setup to be performed before root FS is mounted

lilo or loadlin loads ram disk image

kernel runs /linuxrc

load modules

initialise devices

/linuxrc exits

"real" root is mounted

kernel runs /sbin/init

Details in /usr/src/linux/Documentation/initrd.txt (part of the kernel source).

5) /sbin/init

reads /etc/inittab (see man inittab which specifies the scripts below for manpage click here)

Run boot scripts:

debian: run /etc/init.d/rcS which runs:

/etc/rcS.d/S* scripts

/etc/rc.boot/* (depreciated)

run programs specified in /etc/inittab

6)Run Levels

0 halt

1 single user

2 Full Multi-User mode (default)

3-5 Same as 2

6 Reboot

Default is defined in /etc/inittab, eg:

id:3:initdefault:

The current runlevel can be changed by running /sbin/telinit # where # is the new runlevel, eg typing telinit 6 will reboot.

Run Level programs

Scripts in /etc/rc*.d/* are symlinks to /etc/init.d

Scripts prefixed with S will be started when the runlevel is entered, eg /etc/rc5.d/S99xdm

Scripts prefixed with K will be killed when the runlevel is entered, eg /etc/rc6.d/K20apache

X11 login screen is typically started by one of S99xdm, S99kdm, or S99gdm.

Run programs for specified run level

/etc/inittab lines:

1:2345:respawn:/sbin/getty 9600 tty1

Always running in runlevels 2, 3, 4, or 5

Displays login on console (tty1)

2:234:respawn:/sbin/getty 9600 tty2

Always running in runlevels 2, 3, or 4

Displays login on console (tty2)

l3:3:wait:/etc/init.d/rc 3

Run once when switching to runlevel 3.

Uses scripts stored in /etc/rc3.d/

ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Run when control-alt-d

Friday, May 16, 2008

Linux: Monitor hard disks temperature with hddtemp

There is a nice utility to monitor hard drive temperature. Most modern x86 computer hard disk comes with S.M.A.R.T (Self-Monitoring, Analysis, and Reporting Technology). It is a monitoring system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.

hddtemp utility will give you the temperature of your hard drive by reading data from S.M.A.R.T. on drives that support this feature. Only modern hard drives have a temperature sensor. hddtemp supports reading S.M.A.R.T. information from SCSI drives too. hddtemp can work as simple command line tool or as a daemon to get information from all servers.

Install hddtemp

To install hddtemp under Debian / Ubuntu Linux, enter:
$ sudo apt-get install hddtemp
You can also perform source code installation. Download source code tar ball here.
$ wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp-0.3-beta15.tar.bz2
Untar and install hddtemp:
$ tar -jxvf hddtemp-0.3-beta15.tar.bz2
$ cd hddtemp-0.3-beta15
$ ./configure
$ make
$ sudo make install

Install hard disk temperature database at /usr/share/misc or /etc directory:
$ cd /usr/share/misc
# wget http://download.savannah.nongnu.org/releases/hddtemp/hddtemp.db

How do I monitor hard disk temperature?

To see temperature for /dev/sda, enter the following command:
# hddtemp /dev/sda
Output:

/dev/sdb: WDC WD2500YS-01SHB1:  25°C

Above output indicate that my hard disk temperature is 25°C. if temperature is higher than 60°ะก , consider cooling options immediately.

How do I find out remote server temperature?

By default hddtemp bind to TCP/IP port 7634.
You need to run hddtemp in daemon mode. Login on remote box and start it as follows to monitor /dev/sda, /dev/sdb..,/dev/sdd:
# hddtemp -d /dev/sd[abcd]
Use telnet or nc / netcat command to to get a temperature from a remote box:
$ telnet remotebox 7634
OR
$ nc 192.168.1.100 7634

Shutdown Linux computer if temperature >= 55

To power off / shutdown computer, run following command via cron tab file:
[ $(hddtemp /dev/sda | awk '{ print $4}' | awk -F '°' '{ print $1}') -ge 55 ] && /sbin/shutdown -h 0 || :
Sample shell script to shutdown box if temperature >= 55°C (download link):

#!/bin/bash
HDDS="/dev/sda /dev/sdb /dev/sdc"
HDT=/usr/sbin/hddtemp
LOG=/usr/bin/logger
DOWN=/sbin/shutdown
ALERT_LEVEL=55
for disk in $HDDS
do
  if [ -b $disk ]; then
        HDTEMP=$($HDT $disk | awk '{ print $4}' | awk -F '°' '{ print $1}')
        if [ $HDTEMP -ge $ALERT_LEVEL ]; then
           $LOG "System going down as hard disk : $disk temperature $HDTEMP°C crossed its limit"
           sync;sync
           $DOWN -h 0
        fi
  fi
done

smartctl utility

If you have smartctl utility installed, try it as follows:
# smartctl -d ata -A /dev/sda | grep -i temperature
Output:

194 Temperature_Celsius     0x0022   122   095   000    Old_age   Always       -       28

Set ALERT_LEVEL as per your requirements. Please refer to your hard disk manual for working temperature guideline. Here is general temperature guideline (extracted from Seagate SV35.2 Series Hard Drives Web Page):

Operating

0 to 60 degrees C

Nonoperating

-40 to 70 degrees C

Maximum operating temperature change

20 degrees C per hour

Maximum nonoperating temperature change

30 degrees C per hour

Maximum operating case temperature

69 degrees C

A note for Windows XP / Vista / Server users

hddtemp is UNIX / Linux only program. You can download hddtemp trial version here. There is also Dtemp (it is not updated in ages).

Thursday, May 15, 2008

Howto: Squid proxy authentication

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user's authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Configure an NCSA-style username and password authentication

I am going to assume that squid is installed and working fine.

Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:

New password:
Re-type new password:
Adding password for user user1

Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep nsca_auth
Output:

/usr/lib/squid/ncsa_auth

If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep nsca_auth
Output:

/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file.

Where,

  • auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
  • auth_param basic children 5 : The number of authenticator processes to spawn.
  • auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
  • auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
  • auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
  • acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
  • http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.

Restart squid:
# /etc/init.d/squid restart


Now user is prompted for username and password


Wednesday, May 14, 2008

Linux MRTG Configuration with SNMP


Step:1 To check snmp rpm package is installed or not which is required to MRTG.

# rpm –qa | grep snmp

Step:2 If not installed please install it by using rpm package or by yum

# yum install net-snmp-utils net-snmp

Step:3 Run snmpwalk utility to request for tree of information about network entity. In simple words query snmp server for your IP address

# snmpwalk -v 1 -c public localhost

or

# snmpwalk -v 1 -c public 192.168.10.95

If not installed please configure the following step

Step:A Rename the existing file snmpd.conf with snmpd.conf.old

# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old

Step:B Create new snmpd.conf file & Enter the following line in the new configuration file to set the Read Only community string to craz33guy.

# vi /etc/snmp/snmpd.conf

 
Add the Line in the snmpd.conf file: rocommunity craz33guy

Step:C Restart the snmp service and check the snmp configuration of the snmp service

# service snmpd restart

# snmpwalk -v 1 -c public 192.168.8.5

Step: 4 Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:

# rpm -qa | grep mrtg

If not installed please install it by using rpm package or by yum

#yum install mrtg

Step: 5 Create document root to store mrtg graphs/html pages:

# mkdir -p /var/www/html/mymrtg/

Step: 6 Run the following cfgmaker command to create mrtg configuration file:

# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/8.5.cfg craz33guy@192.168.8.5

Step: 7 Create default index page for your MRTG configuration:

# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/8.5.cfg

Step: 8 Copy all tiny png files to your mrtg path:

        # cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/
 
Step: 9 Run mrtg command from command line with your configuration file:
               #  env LANG=C /usr/bin/mrtg /etc/mrtg/8.5.cfg

Step: 10 Add a new MRTG line in /etc/cron.d/mrtg for each new configuration file you create and restart the crond service.

 
0-59/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/8.5.cfg
               
        # service crond restart