Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

Preview Book

3.3. Directories within /proc/

Common groups of information concerning the kernel are grouped into directories and subdirectories within the /proc/ directory.

3.3.1. Process Directories

Every /proc/ directory contains a number of directories with numerical names. A listing of them may be similar to the following:

dr-xr-xr-x    3 root     root            0 Feb 13 01:28 1 
dr-xr-xr-x    3 root     root            0 Feb 13 01:28 1010
dr-xr-xr-x    3 xfs      xfs             0 Feb 13 01:28 1087
dr-xr-xr-x    3 daemon   daemon          0 Feb 13 01:28 1123
dr-xr-xr-x    3 root     root            0 Feb 13 01:28 11307
dr-xr-xr-x    3 apache   apache          0 Feb 13 01:28 13660
dr-xr-xr-x    3 rpc      rpc             0 Feb 13 01:28 637
dr-xr-xr-x    3 rpcuser  rpcuser         0 Feb 13 01:28 666

These directories are called process directories, as they are named after a program's process ID and contain information specific to that process. The owner and group of each process directory is set to the user running the process. When the process is terminated, its /proc/ process directory vanishes.

Each process directory contains the following files:

  • cmdline — Contains the command issued when starting the process.

  • cwd — A symbolic link to the current working directory for the process.

  • environ — A list of the environment variables for the process. The environment variable is given in all upper-case characters, and the value is in lower-case characters.

  • exe — A symbolic link to the executable of this process.

  • fd — A directory containing all of the file descriptors for a particular process. These are given in numbered links:

    total 0 
    lrwx------    1 root     root           64 May  8 11:31 0 -> /dev/null
    lrwx------    1 root     root           64 May  8 11:31 1 -> /dev/null
    lrwx------    1 root     root           64 May  8 11:31 2 -> /dev/null
    lrwx------    1 root     root           64 May  8 11:31 3 -> /dev/ptmx
    lrwx------    1 root     root           64 May  8 11:31 4 -> socket:[7774817] 
    lrwx------    1 root     root           64 May  8 11:31 5 -> /dev/ptmx
    lrwx------    1 root     root           64 May  8 11:31 6 -> socket:[7774829] 
    lrwx------    1 root     root           64 May  8 11:31 7 -> /dev/ptmx
    
  • maps — A list of memory maps to the various executables and library files associated with this process. This file can be rather long, depending upon the complexity of the process, but sample output from the sshd process begins like the following:

    08048000-08086000 r-xp 00000000 03:03 391479     /usr/sbin/sshd
    08086000-08088000 rw-p 0003e000 03:03 391479	/usr/sbin/sshd
    08088000-08095000 rwxp 00000000 00:00 0
    40000000-40013000 r-xp 0000000 03:03 293205	/lib/ld-2.2.5.so
    40013000-40014000 rw-p 00013000 03:03 293205	/lib/ld-2.2.5.so 
    40031000-40038000 r-xp 00000000 03:03 293282	/lib/libpam.so.0.75
    40038000-40039000 rw-p 00006000 03:03 293282	/lib/libpam.so.0.75
    40039000-4003a000 rw-p 00000000 00:00 0
    4003a000-4003c000 r-xp 00000000 03:03 293218	/lib/libdl-2.2.5.so 
    4003c000-4003d000 rw-p 00001000 03:03 293218	/lib/libdl-2.2.5.so
    
  • mem — The memory held by the process. This file cannot be read by the user.

  • root — A link to the root directory of the process.

  • stat — The status of the process.

  • statm — The status of the memory in use by the process. Below is a sample /proc/statm file:

    263 210 210 5 0 205 0
    

    The seven columns relate to different memory statistics for the process. From left to right, they report the following aspects of the memory used:

    1. Total program size, in kilobytes.

    2. Size of memory portions, in kilobytes.

    3. Number of pages that are shared.

    4. Number of pages that are code.

    5. Number of pages of data/stack.

    6. Number of library pages.

    7. Number of dirty pages.

  • status — The status of the process in a more readable form than stat or statm. Sample output for sshd looks similar to the following:

    Name:	sshd 
    State:	S (sleeping) 
    Tgid:	797 
    Pid:	797 
    PPid:	1 
    TracerPid:	0 
    Uid:	0	0	0	0 
    Gid:	0	0	0	0 
    FDSize:	32 
    Groups:	 
    VmSize:	    3072 kB 
    VmLck:	       0 kB 
    VmRSS:	     840 kB 
    VmData:	     104 kB 
    VmStk:	      12 kB 
    VmExe:	     300 kB 
    VmLib:	    2528 kB 
    SigPnd:	0000000000000000 
    SigBlk:	0000000000000000 
    SigIgn:	8000000000001000 
    SigCgt:	0000000000014005 
    CapInh:	0000000000000000 
    CapPrm:	00000000fffffeff 
    CapEff:	00000000fffffeff
    

    The information in this output includes the process name and ID, the state (such as S (sleeping) or R (running)), user/group ID running the process, and detailed data regarding memory usage.

3.3.1.1. /proc/self/

The /proc/self/ directory is a link to the currently running process. This allows a process to look at itself without having to know its process ID.

Within a shell environment, a listing of the /proc/self/ directory produces the same contents as listing the process directory for that process.

3.3.2. /proc/bus/

This directory contains information specific to the various buses available on the system. For example, on a standard system containing PCI and USB buses, current data on each of these buses is available within a subdirectory within /proc/bus/ by the same name, such as /proc/bus/pci/.

The subdirectories and files available within /proc/bus/ vary depending on the devices connected to the system. However, each bus type has at least one directory. Within these bus directories are normally at least one subdirectory with a numerical name, such as 001, which contain binary files.

For example, the /proc/bus/usb/ subdirectory contains files that track the various devices on any USB buses, as well as the drivers required for them. The following is a sample listing of a /proc/bus/usb/ directory:

total 0 dr-xr-xr-x    1 root     root            0 May  3 16:25 001 
-r--r--r--    1 root     root            0 May  3 16:25 devices 
-r--r--r--    1 root     root            0 May  3 16:25 drivers

The /proc/bus/usb/001/ directory contains all devices on the first USB bus and the devices file identifies the USB root hub on the motherboard.

The following is a example of a /proc/bus/usb/devices file:

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=12  MxCh= 2 
B:  Alloc=  0/900 us ( 0%), #Int=  0, #Iso=  0 
D:  Ver= 1.00 Cls=09(hub  ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1 
P:  Vendor=0000 ProdID=0000 Rev= 0.00 
S:  Product=USB UHCI Root Hub 
S:  SerialNumber=d400 
C:* #Ifs= 1 Cfg#= 1 Atr=40 MxPwr=  0mA 
I:  If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub 
E:  Ad=81(I) Atr=03(Int.) MxPS=   8 Ivl=255ms

3.3.3. /proc/driver/

This directory contains information for specific drivers in use by the kernel.

A common file found here is rtc which provides output from the driver for the system's Real Time Clock (RTC), the device that keeps the time while the system is switched off. Sample output from /proc/driver/rtc looks like the following:

rtc_time        : 16:21:00 
rtc_date        : 2004-08-31 
rtc_epoch       : 1900 
alarm           : 21:16:27 
DST_enable      : no 
BCD             : yes 
24hr            : yes 
square_wave     : no 
alarm_IRQ       : no 
update_IRQ      : no 
periodic_IRQ    : no 
periodic_freq   : 1024 
batt_status     : okay

For more information about the RTC, refer to the following installed documentation:

/usr/share/doc/kernel-doc-<version>/Documentation/rtc.txt.

3.3.4. /proc/fs

This directory shows which file systems are exported. If running an NFS server, typing cat /proc/fs/nfsd/exports displays the file systems being shared and the permissions granted for those file systems. For more on file system sharing with NFS, refer to Chapter 18, Network File System (NFS).

3.3.5. /proc/ide/

This directory contains information about IDE devices on the system. Each IDE channel is represented as a separate directory, such as /proc/ide/ide0 and /proc/ide/ide1. In addition, a drivers file is available, providing the version number of the various drivers used on the IDE channels:

ide-floppy version 0.99.
newide ide-cdrom version 4.61 
ide-disk version 1.18

Many chipsets also provide a file in this directory with additional data concerning the drives connected through the channels. For example, a generic Intel PIIX4 Ultra 33 chipset produces the /proc/ide/piix file which reveals whether DMA or UDMA is enabled for the devices on the IDE channels:

Intel PIIX4 Ultra 33 Chipset. 
------------- Primary Channel ---------------- Secondary Channel -------------                  
		enabled                          enabled 
		
------------- drive0 --------- drive1 -------- drive0 ---------- drive1 ------ 
DMA enabled:    yes              no              yes               no  
UDMA enabled:   yes              no              no                no  
UDMA enabled:   2                X               X                 X 
UDMA DMA PIO

Navigating into the directory for an IDE channel, such as ide0, provides additional information. The channel file provides the channel number, while the model identifies the bus type for the channel (such as pci).

3.3.5.1. Device Directories

Within each IDE channel directory is a device directory. The name of the device directory corresponds to the drive letter in the /dev/ directory. For instance, the first IDE drive on ide0 would be hda.

Note

There is a symbolic link to each of these device directories in the /proc/ide/ directory.

Each device directory contains a collection of information and statistics. The contents of these directories vary according to the type of device connected. Some of the more useful files common to many devices include:

  • cache — The device cache.

  • capacity — The capacity of the device, in 512 byte blocks.

  • driver — The driver and version used to control the device.

  • geometry — The physical and logical geometry of the device.

  • media — The type of device, such as a disk.

  • model — The model name or number of the device.

  • settings — A collection of current device parameters. This file usually contains quite a bit of useful, technical information. A sample settings file for a standard IDE hard disk looks similar to the following:

    name                value          min          max          mode 
    ----                -----          ---          ---          ---- 
    acoustic            0              0            254          rw 
    address             0              0            2            rw 
    bios_cyl            38752          0            65535        rw 
    bios_head           16             0            255          rw 
    bios_sect           63             0            63           rw 
    bswap               0              0            1            r 
    current_speed       68             0            70           rw 
    failures            0              0            65535        rw 
    init_speed          68             0            70           rw 
    io_32bit            0              0            3            rw 
    keepsettings        0              0            1            rw 
    lun                 0              0            7            rw 
    max_failures        1              0            65535        rw 
    multcount           16             0            16           rw 
    nice1               1              0            1            rw 
    nowerr              0              0            1            rw 
    number              0              0            3            rw 
    pio_mode            write-only     0            255          w 
    unmaskirq           0              0            1            rw 
    using_dma           1              0            1            rw 
    wcache              1              0            1            rw
    

3.3.6. /proc/irq/

This directory is used to set IRQ to CPU affinity, which allows the system to connect a particular IRQ to only one CPU. Alternatively, it can exclude a CPU from handling any IRQs.

Each IRQ has its own directory, allowing for the individual configuration of each IRQ. The /proc/irq/prof_cpu_mask file is a bitmask that contains the default values for the smp_affinity file in the IRQ directory. The values in smp_affinity specify which CPUs handle that particular IRQ.

For more information about the /proc/irq/ directory, refer to the following installed documentation:

/usr/share/doc/kernel-doc-<version>/Documentation/filesystems/proc.txt

3.3.7. /proc/net/

This directory provides a comprehensive look at various networking parameters and statistics. Each directory and virtual file within this directory describes aspects of the system's network configuration. Below is a partial list of the /proc/net/ directory:

  • arp — Lists the kernel's ARP table. This file is particularly useful for connecting a hardware address to an IP address on a system.

  • atm/ directory — The files within this directory contain Asynchronous Transfer Mode (ATM) settings and statistics. This directory is primarily used with ATM networking and ADSL cards.

  • dev — Lists the various network devices configured on the system, complete with transmit and receive statistics. This file displays the number of bytes each interface has sent and received, the number of packets inbound and outbound, the number of errors seen, the number of packets dropped, and more.

  • dev_mcast — Lists Layer2 multicast groups on which each device is listening.

  • igmp — Lists the IP multicast addresses which this system joined.

  • ip_conntrack — Lists tracked network connections for machines that are forwarding IP connections.

  • ip_tables_names — Lists the types of iptables in use. This file is only present if iptables is active on the system and contains one or more of the following values: filter, mangle, or nat.

  • ip_mr_cache — Lists the multicast routing cache.

  • ip_mr_vif — Lists multicast virtual interfaces.

  • netstat — Contains a broad yet detailed collection of networking statistics, including TCP timeouts, SYN cookies sent and received, and much more.

  • psched — Lists global packet scheduler parameters.

  • raw — Lists raw device statistics.

  • route — Lists the kernel's routing table.

  • rt_cache — Contains the current routing cache.

  • snmp — List of Simple Network Management Protocol (SNMP) data for various networking protocols in use.

  • sockstat — Provides socket statistics.

  • tcp — Contains detailed TCP socket information.

  • tr_rif — Lists the token ring RIF routing table.

  • udp — Contains detailed UDP socket information.

  • unix — Lists UNIX domain sockets currently in use.

  • wireless — Lists wireless interface data.

3.3.8. /proc/scsi/

This directory is analogous to the /proc/ide/ directory, but it is for connected SCSI devices.

The primary file in this directory is /proc/scsi/scsi, which contains a list of every recognized SCSI device. From this listing, the type of device, as well as the model name, vendor, SCSI channel and ID data is available.

For example, if a system contains a SCSI CD-ROM, a tape drive, a hard drive, and a RAID controller, this file looks similar to the following:

Attached devices:  
Host: scsi1 
Channel: 00 
Id: 05 
Lun: 00   
Vendor: NEC      
Model: CD-ROM DRIVE:466 
Rev: 1.06   
Type:   CD-ROM                          
ANSI SCSI revision: 02 
Host: scsi1 
Channel: 00 
Id: 06 
Lun: 00   
Vendor: ARCHIVE  
Model: Python 04106-XXX 
Rev: 7350   
Type:   Sequential-Access                
ANSI SCSI revision: 02 
Host: scsi2 
Channel: 00 
Id: 06 
Lun: 00   
Vendor: DELL     
Model: 1x6 U2W SCSI BP  
Rev: 5.35   
Type:   Processor                        
ANSI SCSI revision: 02 
Host: scsi2 
Channel: 02 
Id: 00 
Lun: 00   
Vendor: MegaRAID 
Model: LD0 RAID5 34556R 
Rev: 1.01   
Type:   Direct-Access                    
ANSI SCSI revision: 02

Each SCSI driver used by the system has its own directory within /proc/scsi/, which contains files specific to each SCSI controller using that driver. From the previous example, aic7xxx/ and megaraid/ directories are present, since two drivers are in use. The files in each of the directories typically contain an I/O address range, IRQ information, and statistics for the SCSI controller using that driver. Each controller can report a different type and amount of information. The Adaptec AIC-7880 Ultra SCSI host adapter's file in this example system produces the following output:

Adaptec AIC7xxx driver version: 5.1.20/3.2.4 
Compile Options:   
TCQ Enabled By Default : Disabled   
AIC7XXX_PROC_STATS     : Enabled   
AIC7XXX_RESET_DELAY    : 5  
Adapter Configuration:            
SCSI Adapter: Adaptec AIC-7880 Ultra SCSI host adapter                            
Ultra Narrow Controller     PCI MMAPed 
I/O Base: 0xfcffe000  
Adapter SEEPROM Config: SEEPROM found and used.       
Adaptec SCSI BIOS: Enabled                     
IRQ: 30                    
SCBs: Active 0, Max Active 1, Allocated 15, HW 16, Page 255              
Interrupts: 33726       
BIOS Control Word: 0x18a6    
Adapter Control Word: 0x1c5f   
Extended Translation: Enabled 
Disconnect Enable Flags: 0x00ff      
Ultra Enable Flags: 0x0020  
Tag Queue Enable Flags: 0x0000 
Ordered Queue Tag Flags: 0x0000 
Default Tag Queue Depth: 8     
Tagged Queue By Device array for aic7xxx 
host instance 1:       {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}     
Actual queue depth per device for aic7xxx host instance 1:       {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}
Statistics:   

(scsi1:0:5:0) Device using Narrow/Sync transfers at 20.0 MByte/sec, offset 15   
Transinfo settings: current(12/15/0/0), goal(12/15/0/0), user(12/15/0/0)   
Total transfers 0 (0 reads and 0 writes)              
		< 2K      2K+     4K+     8K+    16K+    32K+    64K+   128K+    
Reads:        0       0       0       0       0       0       0       0   
Writes:       0       0       0       0       0       0       0       0   

(scsi1:0:6:0) Device using Narrow/Sync transfers at 10.0 MByte/sec, offset 15   
Transinfo settings: current(25/15/0/0), goal(12/15/0/0), user(12/15/0/0)   
Total transfers 132 (0 reads and 132 writes)              
		< 2K      2K+     4K+     8K+    16K+    32K+    64K+   128K+    
Reads:        0       0       0       0       0       0       0       0   
Writes:       0       0       0       1     131       0       0       0

This output reveals the transfer speed to the SCSI devices connected to the controller based on channel ID, as well as detailed statistics concerning the amount and sizes of files read or written by that device. For example, this controller is communicating with the CD-ROM at 20 megabytes per second, while the tape drive is only communicating at 10 megabytes per second.

3.3.9. /proc/sys/

The /proc/sys/ directory is different from others in /proc/ because it not only provides information about the system but also allows the system administrator to immediately enable and disable kernel features.

Caution

Use caution when changing settings on a production system using the various files in the /proc/sys/ directory. Changing the wrong setting may render the kernel unstable, requiring a system reboot.

For this reason, be sure the options are valid for that file before attempting to change any value in /proc/sys/.

A good way to determine if a particular file can be configured, or if it is only designed to provide information, is to list it with the -l option at the shell prompt. If the file is writable, it may be used to configure the kernel. For example, a partial listing of /proc/sys/fs looks like the following:

-r--r--r--    1 root     root            0 May 10 16:14 dentry-state
-rw-r--r--    1 root     root            0 May 10 16:14 dir-notify-enable 
-r--r--r--    1 root     root            0 May 10 16:14 dquot-nr 
-rw-r--r--    1 root     root            0 May 10 16:14 file-max 
-r--r--r--    1 root     root            0 May 10 16:14 file-nr

In this listing, the files dir-notify-enable and file-max can be written to and, therefore, can be used to configure the kernel. The other files only provide feedback on current settings.

Changing a value within a /proc/sys/ file is done by echoing the new value into the file. For example, to enable the System Request Key on a running kernel, type the command:

echo 1 > /proc/sys/kernel/sysrq

This changes the value for sysrq from 0 (off) to 1 (on).

A few /proc/sys/ configuration files contain more than one value. To correctly send new values to them, place a space character between each value passed with the echo command, such as is done in this example:

echo 4 2 45 > /proc/sys/kernel/acct

Note

Any configuration changes made using the echo command disappear when the system is restarted. To make configuration changes take effect after the system is rebooted, refer to Section 3.4, “Using the sysctl Command”.

The /proc/sys/ directory contains several subdirectories controlling different aspects of a running kernel.

3.3.9.1. /proc/sys/dev/

This directory provides parameters for particular devices on the system. Most systems have at least two directories, cdrom/ and raid/. Customized kernels can have other directories, such as parport/, which provides the ability to share one parallel port between multiple device drivers.

The cdrom/ directory contains a file called info, which reveals a number of important CD-ROM parameters:

CD-ROM information, Id: cdrom.c 3.20 2003/12/17   
drive name:             hdc 
drive speed:            48 
drive # of slots:       1 
Can close tray:         1 
Can open tray:          1 
Can lock tray:          1 
Can change speed:       1 
Can select disk:        0 
Can read multisession:  1 
Can read MCN:           1 
Reports media changed:  1 
Can play audio:         1 
Can write CD-R:         0 
Can write CD-RW:        0 
Can read DVD:           0 
Can write DVD-R:        0 
Can write DVD-RAM:      0 
Can read MRW:           0 
Can write MRW:          0 
Can write RAM:          0

This file can be quickly scanned to discover the qualities of an unknown CD-ROM. If multiple CD-ROMs are available on a system, each device is given its own column of information.

Various files in /proc/sys/dev/cdrom, such as autoclose and checkmedia, can be used to control the system's CD-ROM. Use the echo command to enable or disable these features.

If RAID support is compiled into the kernel, a /proc/sys/dev/raid/ directory becomes available with at least two files in it: speed_limit_min and speed_limit_max. These settings determine the acceleration of RAID devices for I/O intensive tasks, such as resyncing the disks.

3.3.9.2. /proc/sys/fs/

This directory contains an array of options and information concerning various aspects of the file system, including quota, file handle, inode, and dentry information.

The binfmt_misc/ directory is used to provide kernel support for miscellaneous binary formats.

The important files in /proc/sys/fs/ include:

  • dentry-state — Provides the status of the directory cache. The file looks similar to the following:

    57411	52939	45	0	0	0
    

    The first number reveals the total number of directory cache entries, while the second number displays the number of unused entries. The third number tells the number of seconds between when a directory has been freed and when it can be reclaimed, and the fourth measures the pages currently requested by the system. The last two numbers are not used and display only zeros.

  • dquot-nr — Lists the maximum number of cached disk quota entries.

  • file-max — Lists the maximum number of file handles that the kernel allocates. Raising the value in this file can resolve errors caused by a lack of available file handles.

  • file-nr — Lists the number of allocated file handles, used file handles, and the maximum number of file handles.

  • overflowgid and overflowuid — Defines the fixed group ID and user ID, respectively, for use with file systems that only support 16-bit group and user IDs.

  • super-max — Controls the maximum number of superblocks available.

  • super-nr — Displays the current number of superblocks in use.

3.3.9.3. /proc/sys/kernel/

This directory contains a variety of different configuration files that directly affect the operation of the kernel. Some of the most important files include:

  • acct — Controls the suspension of process accounting based on the percentage of free space available on the file system containing the log. By default, the file looks like the following:

    4	2	30
    

    The first value dictates the percentage of free space required for logging to resume, while the second value sets the threshold percentage of free space when logging is suspended. The third value sets the interval, in seconds, that the kernel polls the file system to see if logging should be suspended or resumed.

  • cap-bound — Controls the capability bounding settings, which provides a list of capabilities for any process on the system. If a capability is not listed here, then no process, no matter how privileged, can do it. The idea is to make the system more secure by ensuring that certain things cannot happen, at least beyond a certain point in the boot process.

    For a valid list of values for this virtual file, refer to the following installed documentation:

    /lib/modules/<kernel-version>/build/include/linux/capability.h.

  • ctrl-alt-del — Controls whether Ctrl-Alt-Delete gracefully restarts the computer using init (0) or forces an immediate reboot without syncing the dirty buffers to disk (1).

  • domainname — Configures the system domain name, such as example.com.

  • exec-shield — Configures the Exec Shield feature of the kernel. Exec Shield provides protection against certain types of buffer overflow attacks.

    There are two possible values for this virtual file:

    • 0 — Disables Exec Shield.

    • 1 — Enables Exec Shield. This is the default value.

    Important

    If a system is running security-sensitive applications that were started while Exec Shield was disabled, these applications must be restarted when Exec Shield is enabled in order for Exec Shield to take effect.

  • exec-shield-randomize — Enables location randomization of various items in memory. This helps deter potential attackers from locating programs and daemons in memory. Each time a program or daemon starts, it is put into a different memory location each time, never in a static or absolute memory address.

    There are two possible values for this virtual file:

    • 0 — Disables randomization of Exec Shield. This may be useful for application debugging purposes.

    • 1 — Enables randomization of Exec Shield. This is the default value. Note: The exec-shield file must also be set to 1 for exec-shield-randomize to be effective.

  • hostname — Configures the system hostname, such as www.example.com.

  • hotplug — Configures the utility to be used when a configuration change is detected by the system. This is primarily used with USB and Cardbus PCI. The default value of /sbin/hotplug should not be changed unless testing a new program to fulfill this role.

  • modprobe — Sets the location of the program used to load kernel modules. The default value is /sbin/modprobe which means kmod calls it to load the module when a kernel thread calls kmod.

  • msgmax — Sets the maximum size of any message sent from one process to another and is set to 8192 bytes by default. Be careful when raising this value, as queued messages between processes are stored in non-swappable kernel memory. Any increase in msgmax would increase RAM requirements for the system.

  • msgmnb — Sets the maximum number of bytes in a single message queue. The default is 16384.

  • msgmni — Sets the maximum number of message queue identifiers. The default is 16.

  • osrelease — Lists the Linux kernel release number. This file can only be altered by changing the kernel source and recompiling.

  • ostype — Displays the type of operating system. By default, this file is set to Linux, and this value can only be changed by changing the kernel source and recompiling.

  • overflowgid and overflowuid — Defines the fixed group ID and user ID, respectively, for use with system calls on architectures that only support 16-bit group and user IDs.

  • panic — Defines the number of seconds the kernel postpones rebooting when the system experiences a kernel panic. By default, the value is set to 0, which disables automatic rebooting after a panic.

  • printk — This file controls a variety of settings related to printing or logging error messages. Each error message reported by the kernel has a loglevel associated with it that defines the importance of the message. The loglevel values break down in this order:

    • 0 — Kernel emergency. The system is unusable.

    • 1 — Kernel alert. Action must be taken immediately.

    • 2 — Condition of the kernel is considered critical.

    • 3 — General kernel error condition.

    • 4 — General kernel warning condition.

    • 5 — Kernel notice of a normal but significant condition.

    • 6 — Kernel informational message.

    • 7 — Kernel debug-level messages.

    Four values are found in the printk file:

    6     4     1     7
    

    Each of these values defines a different rule for dealing with error messages. The first value, called the console loglevel, defines the lowest priority of messages printed to the console. (Note that, the lower the priority, the higher the loglevel number.) The second value sets the default loglevel for messages without an explicit loglevel attached to them. The third value sets the lowest possible loglevel configuration for the console loglevel. The last value sets the default value for the console loglevel.

  • random/ directory — Lists a number of values related to generating random numbers for the kernel.

  • rtsig-max — Configures the maximum number of POSIX real-time signals that the system may have queued at any one time. The default value is 1024.

  • rtsig-nr — Lists the current number of POSIX real-time signals queued by the kernel.

  • sem — Configures semaphore settings within the kernel. A semaphore is a System V IPC object that is used to control utilization of a particular process.

  • shmall — Sets the total amount of shared memory that can be used at one time on the system, in bytes. By default, this value is 2097152.

  • shmmax — Sets the largest shared memory segment size allowed by the kernel, in bytes. By default, this value is 33554432. However, the kernel supports much larger values than this.

  • shmmni — Sets the maximum number of shared memory segments for the whole system, in bytes. By default, this value is 4096

  • sysrq — Activates the System Request Key, if this value is set to anything other than zero (0), the default.

    The System Request Key allows immediate input to the kernel through simple key combinations. For example, the System Request Key can be used to immediately shut down or restart a system, sync all mounted file systems, or dump important information to the console. To initiate a System Request Key, type Alt-SysRq-<system request code> . Replace <system request code> with one of the following system request codes:

    • r — Disables raw mode for the keyboard and sets it to XLATE (a limited keyboard mode which does not recognize modifiers such as Alt, Ctrl, or Shift for all keys).

    • k — Kills all processes active in a virtual console. Also called Secure Access Key (SAK), it is often used to verify that the login prompt is spawned from init and not a trojan copy designed to capture usernames and passwords.

    • b — Reboots the kernel without first unmounting file systems or syncing disks attached to the system.

    • c — Crashes the system without first unmounting file systems or syncing disks attached to the system.

    • o — Shuts off the system.

    • s — Attempts to sync disks attached to the system.

    • u — Attempts to unmount and remount all file systems as read-only.

    • p — Outputs all flags and registers to the console.

    • t — Outputs a list of processes to the console.

    • m — Outputs memory statistics to the console.

    • 0 through 9 — Sets the log level for the console.

    • e — Kills all processes except init using SIGTERM.

    • i — Kills all processes except init using SIGKILL.

    • l — Kills all processes using SIGKILL (including init). The system is unusable after issuing this System Request Key code.

    • h — Displays help text.

    This feature is most beneficial when using a development kernel or when experiencing system freezes.

    Caution

    The System Request Key feature is considered a security risk because an unattended console provides an attacker with access to the system. For this reason, it is turned off by default.

    Refer to /usr/share/doc/kernel-doc-<version>/Documentation/sysrq.txt for more information about the System Request Key.

  • sysrq-key — Defines the key code for the System Request Key (84 is the default).

  • sysrq-sticky — Defines whether the System Request Key is a chorded key combination. The accepted values are as follows:

    • 0Alt-SysRq and the system request code must be pressed simultaneously. This is the default value.

    • 1Alt-SysRq must be pressed simultaneously, but the system request code can be pressed anytime before the number of seconds specified in /proc/sys/kernel/sysrq-timer elapses.

  • sysrq-timer — Specifies the number of seconds allowed to pass before the system request code must be pressed. The default value is 10.

  • tainted — Indicates whether a non-GPL module is loaded.

    • 0 — No non-GPL modules are loaded.

    • 1 — At least one module without a GPL license (including modules with no license) is loaded.

    • 2 — At least one module was force-loaded with the command insmod -f.

  • threads-max — Sets the maximum number of threads to be used by the kernel, with a default value of 2048.

  • version — Displays the date and time the kernel was last compiled. The first field in this file, such as #3, relates to the number of times a kernel was built from the source base.

3.3.9.4. /proc/sys/net/

This directory contains subdirectories concerning various networking topics. Various configurations at the time of kernel compilation make different directories available here, such as ethernet/, ipv4/, ipx/, and ipv6/. By altering the files within these directories, system administrators are able to adjust the network configuration on a running system.

Given the wide variety of possible networking options available with Linux, only the most common /proc/sys/net/ directories are discussed.

The /proc/sys/net/core/ directory contains a variety of settings that control the interaction between the kernel and networking layers. The most important of these files are:

  • message_burst — Sets the amount of time in tenths of a second required to write a new warning message. This setting is used to mitigate Denial of Service (DoS) attacks. The default setting is 50.

  • message_cost — Sets a cost on every warning message. The higher the value of this file (default of 5), the more likely the warning message is ignored. This setting is used to mitigate DoS attacks.

    The idea of a DoS attack is to bombard the targeted system with requests that generate errors and fill up disk partitions with log files or require all of the system's resources to handle the error logging. The settings in message_burst and message_cost are designed to be modified based on the system's acceptable risk versus the need for comprehensive logging.

  • netdev_max_backlog — Sets the maximum number of packets allowed to queue when a particular interface receives packets faster than the kernel can process them. The default value for this file is 300.

  • optmem_max — Configures the maximum ancillary buffer size allowed per socket.

  • rmem_default — Sets the receive socket buffer default size in bytes.

  • rmem_max — Sets the receive socket buffer maximum size in bytes.

  • wmem_default — Sets the send socket buffer default size in bytes.

  • wmem_max — Sets the send socket buffer maximum size in bytes.

The /proc/sys/net/ipv4/ directory contains additional networking settings. Many of these settings, used in conjunction with one another, are useful in preventing attacks on the system or when using the system to act as a router.

Caution

An erroneous change to these files may affect remote connectivity to the system.

The following is a list of some of the more important files within the /proc/sys/net/ipv4/ directory:

  • icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate, and icmp_timeexeed_rate — Set the maximum ICMP send packet rate, in 1/100 of a second, to hosts under certain conditions. A setting of 0 removes any delay and is not a good idea.

  • icmp_echo_ignore_all and icmp_echo_ignore_broadcasts — Allows the kernel to ignore ICMP ECHO packets from every host or only those originating from broadcast and multicast addresses, respectively. A value of 0 allows the kernel to respond, while a value of 1 ignores the packets.

  • ip_default_ttl — Sets the default Time To Live (TTL), which limits the number of hops a packet may make before reaching its destination. Increasing this value can diminish system performance.

  • ip_forward — Permits interfaces on the system to forward packets to one other. By default, this file is set to 0. Setting this file to 1 enables network packet forwarding.

  • ip_local_port_range — Specifies the range of ports to be used by TCP or UDP when a local port is needed. The first number is the lowest port to be used and the second number specifies the highest port. Any systems that expect to require more ports than the default 1024 to 4999 should use a range from 32768 to 61000.

  • tcp_syn_retries — Provides a limit on the number of times the system re-transmits a SYN packet when attempting to make a connection.

  • tcp_retries1 — Sets the number of permitted re-transmissions attempting to answer an incoming connection. Default of 3.

  • tcp_retries2 — Sets the number of permitted re-transmissions of TCP packets. Default of 15.

The file called

/usr/share/doc/kernel-doc-<version>/Documentation/networking/ ip-sysctl.txt

contains a complete list of files and options available in the /proc/sys/net/ipv4/ directory.

A number of other directories exist within the /proc/sys/net/ipv4/ directory and each covers a different aspect of the network stack. The /proc/sys/net/ipv4/conf/ directory allows each system interface to be configured in different ways, including the use of default settings for unconfigured devices (in the /proc/sys/net/ipv4/conf/default/ subdirectory) and settings that override all special configurations (in the /proc/sys/net/ipv4/conf/all/ subdirectory).

The /proc/sys/net/ipv4/neigh/ directory contains settings for communicating with a host directly connected to the system (called a network neighbor) and also contains different settings for systems more than one hop away.

Routing over IPV4 also has its own directory, /proc/sys/net/ipv4/route/. Unlike conf/ and neigh/, the /proc/sys/net/ipv4/route/ directory contains specifications that apply to routing with any interfaces on the system. Many of these settings, such as max_size, max_delay, and min_delay, relate to controlling the size of the routing cache. To clear the routing cache, write any value to the flush file.

Additional information about these directories and the possible values for their configuration files can be found in:

/usr/share/doc/kernel-doc-<version>/Documentation/filesystems/proc.txt

3.3.9.5. /proc/sys/vm/

This directory facilitates the configuration of the Linux kernel's virtual memory (VM) subsystem. The kernel makes extensive and intelligent use of virtual memory, which is commonly referred to as swap space.

The following files are commonly found in the /proc/sys/vm/ directory:

  • block_dump — Configures block I/O debugging when enabled. All read/write and block dirtying operations done to files are logged accordingly. This can be useful if diagnosing disk spin up and spin downs for laptop battery conservation. All output when block_dump is enabled can be retrieved via dmesg. The default value is 0.

    Tip

    If block_dump is enabled at the same time as kernel debugging, it is prudent to stop the klogd daemon, as it generates erroneous disk activity caused by block_dump.

  • dirty_background_ratio — Starts background writeback of dirty data at this percentage of total memory, via a pdflush daemon. The default value is 10.

  • dirty_expire_centisecs — Defines when dirty in-memory data is old enough to be eligible for writeout. Data which has been dirty in-memory for longer than this interval is written out next time a pdflush daemon wakes up. The default value is 3000, expressed in hundredths of a second.

  • dirty_ratio — Starts active writeback of dirty data at this percentage of total memory for the generator of dirty data, via pdflush. The default value is 40.

  • dirty_writeback_centisecs — Defines the interval between pdflush daemon wakeups, which periodically writes dirty in-memory data out to disk. The default value is 500, expressed in hundredths of a second.

  • laptop_mode — Minimizes the number of times that a hard disk needs to spin up by keeping the disk spun down for as long as possible, therefore conserving battery power on laptops. This increases efficiency by combining all future I/O processes together, reducing the frequency of spin ups. The default value is 0, but is automatically enabled in case a battery on a laptop is used.

    This value is controlled automatically by the acpid daemon once a user is notified battery power is enabled. No user modifications or interactions are necessary if the laptop supports the ACPI (Advanced Configuration and Power Interface) specification.

    For more information, refer to the following installed documentation:

    /usr/share/doc/kernel-doc-<version>/Documentation/laptop-mode.txt

  • lower_zone_protection — Determines how aggressive the kernel is in defending lower memory allocation zones. This is effective when utilized with machines configured with highmem memory space enabled. The default value is 0, no protection at all. All other integer values are in megabytes, and lowmem memory is therefore protected from being allocated by users.

    For more information, refer to the following installed documentation:

    /usr/share/doc/kernel-doc-<version>/Documentation/filesystems/proc.txt

  • max_map_count — Configures the maximum number of memory map areas a process may have. In most cases, the default value of 65536 is appropriate.

  • min_free_kbytes — Forces the Linux VM (virtual memory manager) to keep a minimum number of kilobytes free. The VM uses this number to compute a pages_min value for each lowmem zone in the system. The default value is in respect to the total memory on the machine.

  • nr_hugepages — Indicates the current number of configured hugetlb pages in the kernel.

    For more information, refer to the following installed documentation:

    /usr/share/doc/kernel-doc-<version>/Documentation/vm/hugetlbpage.txt

  • nr_pdflush_threads — Indicates the number of pdflush daemons that are currently running. This file is read-only, and should not be changed by the user. Under heavy I/O loads, the default value of two is increased by the kernel.

  • overcommit_memory — Configures the conditions under which a large memory request is accepted or denied. The following three modes are available:

    • 0 — The kernel performs heuristic memory over commit handling by estimating the amount of memory available and failing requests that are blatantly invalid. Unfortunately, since memory is allocated using a heuristic rather than a precise algorithm, this setting can sometimes allow available memory on the system to be overloaded. This is the default setting.

    • 1 — The kernel performs no memory over commit handling. Under this setting, the potential for memory overload is increased, but so is performance for memory intensive tasks (such as those executed by some scientific software).

    • 2 — The kernel fails requests for memory that add up to all of swap plus the percent of physical RAM specified in /proc/sys/vm/overcommit_ratio. This setting is best for those who desire less risk of memory overcommitment.

      Note

      This setting is only recommended for systems with swap areas larger than physical memory.

  • overcommit_ratio — Specifies the percentage of physical RAM considered when /proc/sys/vm/overcommit_memory is set to 2. The default value is 50.

  • page-cluster — Sets the number of pages read in a single attempt. The default value of 3, which actually relates to 16 pages, is appropriate for most systems.

  • swappiness — Determines how much a machine should swap. The higher the value, the more swapping occurs. The default value, as a percentage, is set to 60.

All kernel-based documentation can be found in the following locally installed location:

/usr/share/doc/kernel-doc-<version>/Documentation/, which contains additional information.

3.3.10. /proc/sysvipc/

This directory contains information about System V IPC resources. The files in this directory relate to System V IPC calls for messages (msg), semaphores (sem), and shared memory (shm).

3.3.11. /proc/tty/

This directory contains information about the available and currently used tty devices on the system. Originally called teletype devices, any character-based data terminals are called tty devices.

In Linux, there are three different kinds of tty devices. Serial devices are used with serial connections, such as over a modem or using a serial cable. Virtual terminals create the common console connection, such as the virtual consoles available when pressing Alt-<F-key> at the system console. Pseudo terminals create a two-way communication that is used by some higher level applications, such as XFree86. The drivers file is a list of the current tty devices in use, as in the following example:

serial               /dev/cua        5  64-127 serial:callout 
serial               /dev/ttyS       4  64-127 serial 
pty_slave            /dev/pts      136   0-255 pty:slave 
pty_master           /dev/ptm      128   0-255 pty:master 
pty_slave            /dev/ttyp       3   0-255 pty:slave 
pty_master           /dev/pty        2   0-255 pty:master 
/dev/vc/0            /dev/vc/0       4       0 system:vtmaster 
/dev/ptmx            /dev/ptmx       5       2 system 
/dev/console         /dev/console    5       1 system:console 
/dev/tty             /dev/tty        5       0 system:/dev/tty 
unknown              /dev/vc/%d      4    1-63 console

The /proc/tty/driver/serial file lists the usage statistics and status of each of the serial tty lines.

In order for tty devices to be used as network devices, the Linux kernel enforces line discipline on the device. This allows the driver to place a specific type of header with every block of data transmitted over the device, making it possible for the remote end of the connection to a block of data as just one in a stream of data blocks. SLIP and PPP are common line disciplines, and each are commonly used to connect systems to one other over a serial link.

Registered line disciplines are stored in the ldiscs file, and more detailed information is available within the ldisc/ directory.


 
 
  Published under the terms of the Open Publication License Design by Interspire