Книга: Fedora™ Unleashed, 2008 edition

Use the Contents of the /proc Directory to Interact with the Kernel

Use the Contents of the /proc Directory to Interact with the Kernel

The content of the /proc directory is created from memory and exists only while Linux is running. This directory contains special "files" that either extract information from or send information to the kernel. Many Linux utilities extract information from dynamically created directories and files under this directory, also known as a virtual file system. For example, the free command obtains its information from a file named meminfo:
$ free
      total          used    free shared buffers cached
Mem:  1026320      822112  204208      0   41232 481412
-/+ buffers/cache: 299468  726852
Swap: 2031608           0 2031608

This information constantly changes as the system is used. You can get the same information by using the cat command to see the contents of the meminfo file:

$ cat /proc/meminfo
MemTotal:    1026320 kB
MemFree:      204200 kB
Buffers:       41252 kB
Cached:       481412 kB
SwapCached:        0 kB
Active:       307232 kB
Inactive:     418224 kB
HighTotal:    122692 kB
HighFree:        244 kB
LowTotal:     903628 kB
LowFree:      203956 kB
SwapTotal:   2031608 kB
SwapFree:    2031608 kB
Dirty:             0 kB
Writeback:         0 kB
AnonPages:    202804 kB
Mapped:        87864 kB
Slab:          21736 kB
SReclaimable:  12484 kB
SUnreclaim:     9252 kB
PageTables:     5060 kB
NFS_Unstable:      0 kB
Bounce:            0 kB
CommitLimit: 2544768 kB
Committed_AS: 712024 kB
VmallocTotal: 114680 kB
VmallocUsed:    6016 kB
VmallocChunk: 108148 kB
HugePages_Total:   0
HugePages_Free:    0
HugePages_Rsvd:    0
Hugepagesize:   4096 kB

The /proc directory can also be used to dynamically alter the behavior of a running Linux kernel by "echoing" numeric values to specific files under the /proc/sys directory. For example, to "turn on" kernel protection against one type of denial-of-service (DoS) attack known as SYN flooding, use the echo command to send the number 1 (one) to the following /proc path:

# echo 1 >/proc/sys/net/ipv4/tcp_syncookies

NOTE

The Linux kernel has a number of built-in protections, but good system administration security policies and a secure firewall protecting your gateway, router, or Internet-connected system are the best protection you can use. See Chapter 30, "Securing Your Machines," for an overview of firewalling and examples of how to implement network security tools included with Fedora.

Other ways to use the /proc directory include

? Getting CPU information, such as the family, type, and speed from / proc/cpuinfo.

? Viewing important networking information under /proc/net, such as active interfaces information under /proc/net/dev, routing information in /proc/net/route, and network statistics in /proc/net/netstat.

? Retrieving file system information.

? Reporting media mount point information via USB; for example, the Linux kernel reports what device to use to access files (such as /dev/sda) if a USB camera or hard drive is detected on the system. You can use the dmesg command to see this information.

? Getting the kernel version in /proc/version, performance information such as uptime in /proc/uptime, or other statistics such as CPU load, swap file usage, and processes in /proc/stat.

Оглавление книги


Генерация: 0.635. Запросов К БД/Cache: 3 / 0
поделиться
Вверх Вниз