Troubleshooting Errors While Using Linux

Linux FileSystem Crush, ulimit, firewalld, startup scripts, gdb dump

PC 강제 종료로 vmware 리눅스 FileSystem Crush

# ls -alrt /home
ls: cannot access home: 입력/출력 오류

# df -k
Filesystem              1K-blocks     Used Available Use% Mounted on
devtmpfs                  3978008        0   3978008   0% /dev
tmpfs                     3995028        0   3995028   0% /dev/shm
tmpfs                     3995028    12712   3982316   1% /run
tmpfs                     3995028        0   3995028   0% /sys/fs/cgroup
/dev/mapper/centos-root  52403200 21723032  30680168  42% /
/dev/sda1                 1038336   189032    849304  19% /boot
/dev/mapper/centos-home 147899844  7036480 140863364   5% /home
tmpfs                      799008        0    799008   0% /run/user/0
tmpfs                      799008        8    799000   1% /run/user/42

# umount /dev/mapper/centos-home
# mount -a
mount: mount /dev/mapper/centos-home on /home failed: 구조에 청소가 필요합니다

# xfs_repair -v -L /dev/mapper/centos-home
# mount -a

Common Settings

ulimit , firewalld Settings

1. ulimit settings
    a. list
        # ulimit -a     # Soft Settings
        # ulimit -aH    # Hard Settings
    b. config file
        /etc/security/ulimits.conf

2. systemctl
    a. firewalld control
        # systemctl {start|stop} firewalld
        # systemctl {enable|disable} firewalld        

Automatically run program on Linux startup

1. create init.d script
    # vi /etc/init.d/{scriptName}
    #!/bin/sh
    # chkconfig: 345 99 10
    # description: auto start-stop script.
    #
    USER={userid}
    case "$1" in
        'start')
            # Start the Program.
            su $USER -c {sciprtFile} &
            touch /var/lock/subsys/{scriptName}
            ;;
        'stop')
            # Stop the Program.
            su $USER -c {sciprtFile} &
            rm -f /var/lock/subsys/{scriptName}
            ;;
    esac

    # chmod 750 /etc/init.d/{scriptName}

2. register init.d script
    # chkconfig --add {scriptName}
    
3. start, stop init.d script
    # service {scriptName} start
    # service {scriptName} stop

fail2ban

1. There were xxxx failed login attempts since the last successful login.

    1.1. rpm install
        - RHEL 7
            $ rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
        - RHEL 8
            $ rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

    1.2. fail2ban install        
        $ yum install fail2ban

    1.3. start fail2ban
        $ systemctl enable fail2ban
        $ systemctl start fail2ban

firewalld

firewall-cmd --state
firewall-cmd --reload
firewall-cmd --get-zones
firewall-cmd --get-default-zone
firewall-cmd --get-active-zones
firewall-cmd --list-all
firewall-cmd --zone=public --list-all
firewall-cmd --permanent --add-service=ftp
firewall-cmd --permanent --remove-service=ftp
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --remove-port=21/tcp 
firewall-cmd --permanent --zone=trusted --add-service=ftp
firewall-cmd --permanent --add-service=ftp
firewall-cmd --permanent --add-source=10.10.10.10
firewall-cmd --permanent --remove-source=10.10.10.10
firewall-cmd --permanent --add-source=192.168.253.0/24
firewall-cmd --permanent --remove-source=10.10.10.0/24
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address=192.168.253.0/24 port port="1-65535" protocol="tcp" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address=192.168.253.0/24 port port="1-65535" protocol="tcp" drop'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address=192.168.253.0/24 port port="1-65535" protocol="tcp" reject'

China IP drop

wget http://www.ipdeny.com/ipblocks/data/countries/cn.zone
firewall-cmd --permanent --new-ipset=cnlist --type=hash:net --option=family=inet --option=hashsize=4096 --option=maxelem=200000
firewall-cmd --permanent --ipset=cnlist --add-entries-from-file=./cn.zone 
firewall-cmd --permanent --zone=drop --add-source=ipset:cnlist
firewall-cmd --reload

Network packet

1. cat /proc/net/softnet_stat
   
    Column-01: packet_process: Packet processed by each CPU.
    Column-02: packet_drop: Packets dropped.
    Column-03: time_squeeze: net_rx_action.
    Column-09: cpu_collision: collision occur while obtaining device lock while transmitting.
    Column-10: received_rps: number of times cpu woken up received_rps.
    Column-11: flow_limit_count: number of times reached flow limit count.
    Column-12: softnet_backlog_len: Backlog status
    Column-13: index: core id owning this softnet_data
    
    013e4252 00000000 00000096 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
    014ca9a0 00000000 000000a3 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001
    03dff404 00000000 00000504 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000002
    01598e2e 00000000 000000a1 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000003
    01579b1c 00000000 00000092 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000004
    0157d055 00000000 0000009a 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005
    01547cf6 00000000 00000088 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000006
    015023fd 00000000 00000093 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000007

2. ss -nl | grep {Listen Port}
    | Recv-Q
        Established: The count of bytes not copied by the user program connected to this
        socket.  (소켓에 연결된 사용자 프로그램에서 아직 처리하지 못한 바이트 수)
        Listening: Since Kernel 2.6.18 this column contains the current syn backlog.
        (해당 소켓에 현재 쌓여있는 SYN backlog  수)

    | Send-Q
        Established: The count of bytes not acknowledged by the remote host.  
        ( 원격 호스트로부터 아직 ACK 신호를 받지 못한 패킷의 바이트 수 )
        Listening: Since Kernel 2.6.18 this column contains the maximum size of the syn backlog.
        ( 커널 2.6.18 버전 이후부터 적용 - SYN backlog의 최대 크기)

3. cat /var/log/messages

3 way handshake

Client                                                      Server
        SYN(SYN_SEND)       ->(OS)
                            <-(OS)      SYN-ACK(SYN_RECV)
        ACK(ESTABLISHED)    ->(OS)      
                              (APP)     ACCEPT(ESTABLISHED)

Vmware Linux shrink

$ sudo vmware-toolbox-cmd disk list
$ sudo vmware-toolbox-cmd disk shrink /

Ram Disk Mount

$ mount -t tmpfs -o size=4G tmpfs /mnt/ramdisk

Java Process gdb dump

$ pmap -x [pid] | sort -k 3 -n -r

$ vi /proc/[pid]/smaps
    - pss 값이 높은 주소 확인 (pmap 주소 앞자리 4자리 제외)

$ gdb -pid [pid]
    (gdb) dump memory [dump_file] 0x[address] 0x[address]
                                    
$ strings [dump_file]

GUI Program run

# cat ~/.Xauthority | sudo -u [user] -i tee .Xauthority > /dev/null
# su - [user]
# export DISPLAY=:0

RHEL 8.x 외부 Repository 설정

# cat /etc/yum.repos.d/centos.repo
 
    [AppStream] 
    name=CentOS-$releasever - AppStream
    baseurl=https://vault.centos.org/8.4.2105/AppStream/x86_64/os/ 
    gpgcheck=1 
    enabled=1 
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Official

    [BaseOS] 
    name=CentOS-$releasever - Base
    baseurl=https://vault.centos.org/8.4.2105/BaseOS/x86_64/os/ 
    gpgcheck=1 
    enabled=1 
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Official

    [extras] 
    name=CentOS-$releasever - Extras
    baseurl=https://vault.centos.org/8.4.2105/extras/x86_64/os/ 
    gpgcheck=1 
    enabled=1 
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Official

# cd /etc/pki/rpm-gpg/
# wget https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official

# yum clean all
# yum update -y