Difference between revisions of "Category:Linux troubleshooting"
(→External links) |
(→Hacked?) |
||
| Line 40: | Line 40: | ||
* Check for failed logins in: <code>/var/log/messages</code> | * Check for failed logins in: <code>/var/log/messages</code> | ||
* Regularly monitor: | * Regularly monitor: | ||
| + | ** <pre>grep -i failed /var/log/auth.log</pre> | ||
** <tt>last</tt> | ** <tt>last</tt> | ||
** <tt>w</tt> and/or <tt>who</tt> | ** <tt>w</tt> and/or <tt>who</tt> | ||
| Line 47: | Line 48: | ||
* Search for portscans in server report. | * Search for portscans in server report. | ||
* Check for weird processing hogging the CPU. | * Check for weird processing hogging the CPU. | ||
| + | * Use [[Fail2ban|fail2ban]], [[DenyHosts]], etc. | ||
== Notes == | == Notes == | ||
Revision as of 00:13, 15 October 2006
This category will contain a collection of articles on troubleshooting Linux. It will be highly biased towards SuSE Linux (version 10.1 or later), as that is my primary OS. I am also using a 64-bit (x86_64) kernel, so my articles will also be biased towards these systems.
System information
% cat /proc/cpuinfo % cat /proc/partitions % cat /proc/meminfo % cat /etc/X11/xorg.conf
% uname -a # system architecture % grep ^VERSION /etc/SuSE-release # To see which SuSE Linux version you are using % pstree
% getconf # print system configuration variables % getconfig # get configuration information for the Xorg server % systool # view system device information by bus, class, and topology
% cat /proc/scsi/scsi WDC WD2000JD-22H Rev: 08.0 SATA-I, 200 GB, 150 MB/s, 8 MB Cache, 7200 RPM
% cat /proc/net/arp IP address HW type Flags HW address Mask Device 192.168.xxx.xxx 0x1 0x2 00:00:00:00:00:00 * eth0 192.168.xxx.xxx 0x1 0x2 00:00:00:00:00:00 * eth0
Sound problems
Note, my sound card specs: Intel Corporation 82801EB/ER (ICH5/ICH5R) AC'97 Audio Controller
- Un-mute PCM sound
- Check the following:
% lsmod | grep snd % cat /etc/modprobe.conf % vi /etc/modprobe.d/sound
(change "snd-intel8x0" to "snd_intel8x0")
% ./sbin/lspci
(list sound specs / Multimedia audio controller)
% modprobe snd-via82xx
Hacked?
- Check for failed logins in:
/var/log/messages - Regularly monitor:
-
grep -i failed /var/log/auth.log
- last
- w and/or who
- uptime
-
- Verify that
/etc/passwdhasn't changed. - Check fuser for ports.
- Search for portscans in server report.
- Check for weird processing hogging the CPU.
- Use fail2ban, DenyHosts, etc.
Notes
- pstree — display a tree of processes
- lsmod — program to show the status of modules in the Linux Kernel
- modprobe — program to add and remove modules from the Linux Kernel
- netstat — Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
- lspci — list all PCI devices
- more /usr/share/pci.ids — A list of all known PCI ID's (vendors, devices, classes, and subclasses). Maintained at The Linux PCI ID Repository, use the update-pciids utility to download the most recent version.
External links
This article is curently a "stub". This means it is an incomplete article needing further elaboration.
I always welcome suggestions, comments, and criticism. If you have something to contribute to this site, please follow this link: Contributing Information. Thank you!
This category currently contains no pages or media.
