In this tutorial, we’ll develop a simple kernel module that creates a /dev/reverse device. A string written to this device is read back with the word order reversed (“Hello World” becomes “World Hello”). It is a popular programmer interview puzzle, and you are likely to get some bonus points when you show the ability to implement it at the kernel level as well. A word of warning before we start: a bug in your module may lead to a system crash and (unlikely, but possible) data loss.
Category Archives: Operating Systems
Speeding Up Grep Log Queries with GNU Parallel
Enter GNU Parallel, a shell tool designed for executing tasks in parallel using one or more computers. For my purposes I just ran in on a single system, but wanted to take advantage of multiple cores.
Having enough memory on my system, I loaded the entire massive file into memory and pipe it to GNU Parallel along with another file consisting of thousands of different strings I want to search for in the “PATTERNFILE”:
cat BIGFILE | parallel –pipe grep -f PATTERNFILE
via Speeding Up Grep Log Queries with GNU Parallel – The State of Security.
50 UNIX / Linux Sysadmin Tutorials
I’ve collected 50 UNIX / Linux sysadmin related tutorials that we’ve posted so far. This is lot of reading. Bookmark this article for your future reference and read it whenever you get free time.
tc: Linux HTTP Outgoing Traffic Shaping (Port 80 Traffic Shaping)
I‘ve 10Mbps server port dedicated to our small business server. The server also act as a backup DNS server and I’d like to slow down outbound traffic on port 80. How do I limit bandwidth allocation to http service 5Mbps (burst to 8Mbps) at peak times so that DNS and other service will not go down due to heavy activity under Linux operating systems?
You need use the tc command which can slow down traffic for given port and services on servers and it is called traffic shaping:
via tc: Linux HTTP Outgoing Traffic Shaping (Port 80 Traffic Shaping).
Your visual how-to guide for SELinux policy enforcement
Note: SELinux does not let you side step DAC Controls. SELinux is a parallel enforcement model. An application has to be allowed by BOTH SELinux and DAC to do certain activities. This can lead to confusion for administrators since the process gets Permission Denied. Administrators see Permission Denied means something is wrong with DAC, not SELinux labels.
via Your visual how-to guide for SELinux policy enforcement | opensource.com.\
DAC=Discretionary Access Control
SELinux is a powerful labeling system, controlling access granted to individual processes by the kernel. The primary feature of this is type enforcement where rules define the access allowed to a process is allowed based on the labeled type of the process and the labeled type of the object.
For regular users SELinux can be a complete PITA which usually needs to be disabled or set to just log the violation only. I recall in past years installing some service and trying to figure out why it wouldn’t work until the logs revealed I didn’t have things set up in a way SELinux wants. Currently I try and minimize SELinux violations because it seems like it has a point most of the time.
The second operating system hiding in every mobile phone
The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s – complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
via The second operating system hiding in every mobile phone.
From: Baseband Hacking: A New Frontier for Smartphone Break-ins
Previously, mobile hacking attempts have involved the phone’s operating system or other software, but this one focuses on breaking into a phone’s baseband processor, which is the hardware that sends and receives radio signals to cell towers.
SteamOS will “really help” Linux on desktop
Should SteamOS gain traction among gamers and developers, that could force more hardware manufacturers to extend driver support beyond Windows
via Torvalds: SteamOS will “really help” Linux on desktop | News | PC Pro.
Amen. Getting NVIDIA graphic drivers working is a mind boggling exercise and must be redone with every kernel upgrade. This is one of the reasons I rarely upgrade Fedora — it’s too complicated getting video drivers working well enough to the point a video can be played and the desktop environment looks right.
Your next network operating system is Linux
Thus, the scale and agility of modern data centers put data center networking at odds with the existing network models. Some problems, such as the number of virtual networks, required the development of new technologies such as VXLAN, while others have required a redesign of the network architecture deployed in the data center. But the problem of managing the network is not rooted in any failure of networking, rather in the design of the network OS.
via Your next network operating system is Linux | Networking – InfoWorld.
Essentially, we can write the equivalent of a device driver to synchronize the kernel state of these data structures with the hardware. Silicon switching ports can be made to appear like NICs to the OS. Thanks to Linux’s Netlink model, a device driver can sit by the side and listen to everything that’s going on with the kernel state — interface up/down, routing entries added/deleted either by user or routing protocols, netfilter entries added or deleted — and synchronize that state with the hardware. Furthermore, the driver can sync the state of counters from the hardware with the kernel state allowing native Linux tools such as ethtool, iptables, or /proc/net/dev to display the correct information, completely unaware that these values are coming from the hardware. Cumulus Networks has developed the first such solution, but others with a similar model may not be far away.
netfilter/iptables project homepage
nftables is the project that aims to replace the existing {ip,ip6,arp,eb}tables framework. Basically, this project provides a new packet filtering framework, a new userspace utility and also a compatibility layer for {ip,ip6}tables. nftables is built upon the building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, the userspace queueing component and the logging subsystem.
via netfilter/iptables project homepage – The netfilter.org “nftables” project.
From: Nftables: a new packet filtering engine
Packet filtering and firewalling has a long history in Linux. The first filtering mechanism, called “ipfwadm,” was released in 1995 for the 1.2.1 kernel. This code was used until the 2.2.0 stable release (January, 1999), when the new “ipchains” module took over. While ipchains was useful, it only lasted until 2.4.0 (January, 2001), when it, too, was replaced by iptables/netfilter, which remains in the kernel now. If netfilter maintainer Patrick McHardy has his way, though, iptables, too, will be gone in the future, replaced by yet another mechanism called “nftables.” This article will give an overview of how nftables works, followed by a discussion of the motivations behind this change.
The Navy’s newest warship is powered by Linux
The design of the Zumwalt solves that problem by using off-the-shelf hardware—mostly IBM blade servers running Red Hat Linux—and putting it in a ruggedized server room. Those ruggedized server rooms are called Electronic Modular Enclosures (EMEs), sixteen self-contained, mini data centers built by Raytheon.
Measuring 35 feet long, 8 feet high, and 12 feet wide, the 16 EMEs have more than 235 equipment cabinets (racks) in total. The EMEs were all configured and pre-tested before being shipped to Bath, Maine, to be installed aboard the Zumwalt.
via The Navy’s newest warship is powered by Linux | Ars Technica.
Putting all of the pieces together is a collection of middleware running on those IBM blade servers. Many of the shipboard systems use a commercial publish/subscribe middleware platform to send updates to operator consoles. But for other systems that need to be more tightly coupled (like, for example, missile launch commands), the Navy has specified the use of the Common Object Request Broker Architecture (CORBA)—the military’s favorite mission-critical middleware model. (The software for the Joint Tactical Radio System’s software-defined radios was also developed using CORBA.)