Kernel https://tech.feedyourhead.at/ en Anatomy of a Linux container rootkit https://tech.feedyourhead.at/content/anatomy-of-a-linux-container-rootkit <span class="field field--name-title field--type-string field--label-hidden">Anatomy of a Linux container rootkit </span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>This year I gave a talk at the <a href="https://eh19.easterhegg.eu">Easterhegg 2019</a> about a Linux kernel rootkit that can handle containers. I mainly presented my Bachelor work from 2017 with some improvements.</p> <h2>Abstract</h2> <p>Linux Containers are becoming increasingly popular. Therefore, it is likely that there will be an increase of attacks against container systems. After successfully attacking all the security mechanisms of a container system, a “rootkit“ could be planted. This talk provides details of the anatomy of such a rootkit. First the main functions of rootkits are explained. After a brief introduction of Linux Containers and Linux Kernel Rootkits, a Kernel Rootkit called “themaster“, developed by the author of this thesis, is described and explained. Well known rootkit methods are used to implement functions to hide resources and escalate privileges. Results indicate that in container systems, patching system calls are the preferred method for functions which are globally accessible. For providing rootkit functionality in specific containers, patching the virtual file system is the better approach. A special backdoor for breaking out of the container is also applied and “themaster“ operates stealthily.</p> <h2>Talk</h2> <p><iframe allowfullscreen="" frameborder="0" height="576" src="https://media.ccc.de/v/eh19-168-anatomie-eines-containerfhigen-linux-kernel-rootkits/oembed" width="800"></iframe></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 07 2019</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/docker" hreflang="en">Docker</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=277&amp;2=comment&amp;3=comment" token="A4P5IdLVLXs7imc4kAPeqdjBNNH5UZ2lfM9NktsbF-U"></drupal-render-placeholder> </section> Tue, 07 May 2019 20:03:34 +0000 Hoti 277 at https://tech.feedyourhead.at Kernel-Programming: execute call_usermodehelper() within a systemcall https://tech.feedyourhead.at/content/kernel-programming-execute-call-usermodehelper-within-a-systemcall <span class="field field--name-title field--type-string field--label-hidden">Kernel-Programming: execute call_usermodehelper() within a systemcall </span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>In kernel-programming we should avoid doing call_usermodehelper() which allows to execute a command from kernel-space. And sometimes we even want to call this function within a systemcall.&nbsp; Normally, we really don't wanna do this. But, desperate times require extraordinary methods.</p> <p>When I first tried to execute call_usermodehelper() within a systemcall() I got a kernel failure. <a href="http://kernelnewbies.kernelnewbies.narkive.com/2n6EBkVX/call-usermodehelper-kernel-panic">So I googled and what I found was</a>:</p> <blockquote> <p>Are you calling call_usermodehelper() from within an interrupt handler ?<br /> <br /> I believe call_usermodehelper() must be called from a context that can<br /> wait.</p> </blockquote> <p>Seems like I need a context that can wait. So I created a worker_queue and inside the systemcall I just schedule a worker:</p> <div class="geshifilter"><pre class="c geshifilter-c" style="font-family:monospace;"><span style="color: #993333;">struct</span> work_cont <span style="color: #009900;">&#123;</span> <span style="color: #993333;">struct</span> work_struct real_work<span style="color: #339933;">;</span> <span style="color: #993333;">char</span> cmd<span style="color: #009900;">&#91;</span>MAX_STRING_LEN<span style="color: #009900;">&#93;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">struct</span> work_cont <span style="color: #339933;">*</span>execwq<span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">void</span> cmdexec_worker<span style="color: #009900;">&#40;</span><span style="color: #993333;">struct</span> work_struct <span style="color: #339933;">*</span>work<span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> <span style="color: #993333;">struct</span> work_cont <span style="color: #339933;">*</span>c_ptr <span style="color: #339933;">=</span> container_of<span style="color: #009900;">&#40;</span>work<span style="color: #339933;">,</span> <span style="color: #993333;">struct</span> work_cont<span style="color: #339933;">,</span> real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> set_current_state<span style="color: #009900;">&#40;</span>TASK_INTERRUPTIBLE<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">char</span> <span style="color: #339933;">*</span>argv<span style="color: #009900;">&#91;</span><span style="color: #009900;">&#93;</span> <span style="color: #339933;">=</span> <span style="color: #009900;">&#123;</span> <span style="color: #ff0000;">&quot;/bin/sh&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;-c&quot;</span><span style="color: #339933;">,</span> c_ptr<span style="color: #339933;">-&gt;</span>cmd<span style="color: #339933;">,</span> NULL <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> <span style="color: #993333;">static</span> <span style="color: #993333;">char</span> <span style="color: #339933;">*</span>envp<span style="color: #009900;">&#91;</span><span style="color: #009900;">&#93;</span> <span style="color: #339933;">=</span> <span style="color: #009900;">&#123;</span> <span style="color: #ff0000;">&quot;HOME=/&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;TERM=linux&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;PATH=/sbin:/bin:/usr/sbin:/usr/bin&quot;</span><span style="color: #339933;">,</span> NULL <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> &nbsp; call_usermodehelper<span style="color: #009900;">&#40;</span> argv<span style="color: #009900;">&#91;</span><span style="color: #0000dd;">0</span><span style="color: #009900;">&#93;</span><span style="color: #339933;">,</span> argv<span style="color: #339933;">,</span> envp<span style="color: #339933;">,</span> UMH_WAIT_PROC<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #b1b100;">return</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; DEFINE_MUTEX<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #808080; font-style: italic;">/* Please note that this code is just an incomplete example to give an idea how to call call_usermodehelper from a systemcall. You have to include/implement my_own_systemcall() by yourself */</span> asmlinkage <span style="color: #993333;">long</span> my_own_systemcall<span style="color: #009900;">&#40;</span><span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span>filename<span style="color: #339933;">,</span> <span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span><span style="color: #993333;">const</span> __user <span style="color: #339933;">*</span>argv<span style="color: #339933;">,</span> <span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span><span style="color: #993333;">const</span> __user <span style="color: #339933;">*</span>envp<span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> mutex_lock<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <a href="http://www.opengroup.org/onlinepubs/009695399/functions/strncpy.html"><span style="color: #000066;">strncpy</span></a><span style="color: #009900;">&#40;</span>execwq<span style="color: #339933;">-&gt;</span>cmd<span style="color: #339933;">,</span>argv<span style="color: #009900;">&#91;</span><span style="color: #0000dd;">1</span><span style="color: #009900;">&#93;</span><span style="color: #339933;">,</span>MAX_STRING_LEN<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> mutex_unlock<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; schedule_work<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; <span style="color: #993333;">int</span> __init loadlkm<span style="color: #009900;">&#40;</span><span style="color: #993333;">void</span><span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> execwq <span style="color: #339933;">=</span> kmalloc<span style="color: #009900;">&#40;</span><span style="color: #993333;">sizeof</span><span style="color: #009900;">&#40;</span><span style="color: #339933;">*</span>execwq<span style="color: #009900;">&#41;</span><span style="color: #339933;">,</span>GFP_KERNEL<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> INIT_WORK<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #339933;">,</span> cmdexec_worker<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #b1b100;">return</span> <span style="color: #0000dd;">0</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; <span style="color: #993333;">void</span> __exit clean_up<span style="color: #009900;">&#40;</span><span style="color: #993333;">void</span><span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> flush_work<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> kfree<span style="color: #009900;">&#40;</span>execwq<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span></pre></div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 05 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <div class="node__links"> <ul class="links inline"><li class="comment-add"><a href="/content/kernel-programming-execute-call-usermodehelper-within-a-systemcall#comment-form" title="Share your thoughts and opinions." hreflang="en">Add new comment</a></li></ul> </div> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class="title">Comments</h2> <article data-comment-user-id="0" id="comment-96" about="/comment/96" typeof="schema:Comment" class="comment js-comment by-anonymous"> <mark class="hidden" data-comment-timestamp="1531212387"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/user/0" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" typeof="schema:Person" property="schema:name" datatype="">Adi (not verified)</span> on Jul 10 2018</span> <span property="schema:dateCreated" content="2018-07-09T23:46:06+00:00" class="rdf-meta hidden"></span> </p> <a href="/comment/96#comment-96" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/96#comment-96" class="permalink" rel="bookmark" hreflang="en">usermode-helper</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item"><p>If you want to use call_usermodehelper in an interrupt handler (ie a context that can&#039;t wait), you can simply pass UMH_NO_WAIT in as an argument.</p> </div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=96&amp;1=default&amp;2=en&amp;3=" token="uioC_j2NrmmUdDySdm89lsoQVT5yCJBDLQ5-nwiV8ko"></drupal-render-placeholder> </div> </article> <div class="indented"> <article data-comment-user-id="1" id="comment-97" about="/comment/97" typeof="schema:Comment" class="comment js-comment by-node-author"> <mark class="hidden" data-comment-timestamp="1531212682"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/users/hoti" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span> on Jul 10 2018</span> <span property="schema:dateCreated" content="2018-07-10T08:51:22+00:00" class="rdf-meta hidden"></span> </p> <p class="parent visually-hidden">In reply to <a href="/comment/96#comment-96" class="permalink" rel="bookmark" hreflang="en">usermode-helper</a> by <span lang="" typeof="schema:Person" property="schema:name" datatype="">Adi (not verified)</span></p> <a href="/comment/97#comment-97" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/97#comment-97" class="permalink" rel="bookmark" hreflang="en">The argument-name &quot;UMH_NO…</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item">The argument-name "UMH_NO_WAIT" sounds funny ^^ Thank you for your input.</div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=97&amp;1=default&amp;2=en&amp;3=" token="kdhERFD-_mC0u9uYzEP7UBG0oqViyAFp2felWvlsXR0"></drupal-render-placeholder> </div> </article> </div> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=237&amp;2=comment&amp;3=comment" token="P7KlDPQpsZqjJjomBm5cZBXxoIUhy9Qw3z0TJq9Bz24"></drupal-render-placeholder> </section> Fri, 05 May 2017 08:47:52 +0000 Hoti 237 at https://tech.feedyourhead.at Perf - More than just counters https://tech.feedyourhead.at/content/perf-more-than-just-counters <span class="field field--name-title field--type-string field--label-hidden">Perf - More than just counters</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Perf is a profiler tool for Linux 2.6+ based systems that abstracts away CPU hardware differences in Linux performance measurements and presents a simple commandline interface. Perf is based on the perf_events interface exported by recent versions of the Linux kernel. <a href="https://perf.wiki.kernel.org/index.php/Tutorial">This article demonstrates the perf tool through example runs.</a></p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 20 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=181&amp;2=comment&amp;3=comment" token="YOdrOSIe4aDiIBeTePOfVRw1_M_VKRZn0VLJclz6Ufs"></drupal-render-placeholder> </section> Fri, 20 May 2016 11:56:36 +0000 Hoti 181 at https://tech.feedyourhead.at Git: Using Git for building the Linux-Kernel from sources https://tech.feedyourhead.at/node/148 <span class="field field--name-title field--type-string field--label-hidden">Git: Using Git for building the Linux-Kernel from sources</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="http://git-scm.com/">Git</a> was invented by Linus Thorvalds for managing the <a href="kernel.org">Linux-kernel-sources</a>. So it's pretty clear that it is the best tool for managing our own kernel-builds too. I love to use Docker. That's why I also need the <a href="http://aufs.sourceforge.net/">AUFS-Support</a> which is not included in the Linux-Tree. Git can also help us to easily include external kernel-patches. In this article I will clone the linux tree and create an own branch with my prefered kernel-version(and my customized kernel-config). I will pull the AUFS-Patches directly into this branch and compile this kernel afterwards.</p> <p>&nbsp;</p> <h3>Cloning the Linux-Kernel:</h3> <pre> <code>git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git</code></pre> <h3>List all Tags:</h3> <pre> <code>git tag ... ... v4.3 v4.3-rc1 v4.3-rc2 v4.3-rc3 v4.3-rc4 v4.3-rc5 v4.3-rc6 v4.3-rc7 v4.4 v4.4-rc1 v4.4-rc2 v4.4-rc3 v4.4-rc4 v4.4-rc5 v4.4-rc6 v4.4-rc7 v4.4-rc8 </code></pre> <h3>Add AUFS-Remote:</h3> <pre> <code>git remote add aufs4 git://github.com/sfjro/aufs4-linux.git</code></pre> <h3>Fetch AUFS:</h3> <pre> <code>git fetch aufs4</code></pre> <h3>Create a new branch with kernel v4.4:</h3> <pre> <code>git checkout -b own4.4 v4.4</code></pre> <h3>Pull AUFS into our new branch:</h3> <pre> <code> git pull aufs4 aufs4.4 </code></pre> <h3>Configure the kernel:</h3> <pre> <code> make menuconfig </code></pre> <h3>Compile the kernel(using 8 cpu-cores) and create a Debian-package</h3> <pre> <code> make-kpkg -j 8 --initrd kernel_image modules modules_image kernel_headers </code></pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jan 19 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/git" hreflang="en">git</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=148&amp;2=comment&amp;3=comment" token="vmyEvyDHkO205FAqZmhHSW9Hd66MZmekRfQSoDC8gk0"></drupal-render-placeholder> </section> Tue, 19 Jan 2016 07:48:22 +0000 Hoti 148 at https://tech.feedyourhead.at List the last shutdown(s) of a server https://tech.feedyourhead.at/node/138 <span class="field field--name-title field--type-string field--label-hidden">List the last shutdown(s) of a server</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If you want to list the last shutdown's of a server just type:</p> <pre> <code> # last -x shutdown shutdown system down 3.16.0-4-amd64 Sun Dec 20 22:14 - 08:28 (10:14) shutdown system down 3.16.0-4-amd64 Sat Dec 19 15:26 - 10:41 (19:15) shutdown system down 3.16.0-4-amd64 Sat Dec 19 14:35 - 15:24 (00:48) shutdown system down 3.16.0-4-amd64 Fri Dec 18 18:04 - 09:46 (15:42) shutdown system down 3.16.0-4-amd64 Fri Dec 18 10:01 - 15:46 (05:44) </code> </pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Dec 21 2015</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/shell" hreflang="en">Shell</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=138&amp;2=comment&amp;3=comment" token="nIaFLnLhuMdzGXHOU9dWh9I_4L0DR0Bwu6FnuvMl_-U"></drupal-render-placeholder> </section> Mon, 21 Dec 2015 17:49:05 +0000 Hoti 138 at https://tech.feedyourhead.at Kernel: boost your harddisk performance with an additional ssd-drive https://tech.feedyourhead.at/content/kernel-boost-your-harddisk-performance-additional-ssd-drive <span class="field field--name-title field--type-string field--label-hidden">Kernel: boost your harddisk performance with an additional ssd-drive</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>If you have any harddisk, you can boost it's performance using a ssd-cache. The linux-kernel ships a function called bcache. Checkout the <a href="https://www.kernel.org/doc/Documentation/bcache.txt">kernel-documentation</a> for it.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Nov 11 2015</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/storage" hreflang="en">Storage</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/cache" hreflang="en">Cache</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/external" hreflang="en">External</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=131&amp;2=comment&amp;3=comment" token="-rzhXWk28BhVlD3bVtiTi7oCtWuFX34-dVDOA3URR1g"></drupal-render-placeholder> </section> Wed, 11 Nov 2015 14:47:36 +0000 Hoti 131 at https://tech.feedyourhead.at Finding informations about built-in kernel-modules https://tech.feedyourhead.at/content/finding-informations-about-built-kernel-modules <span class="field field--name-title field--type-string field--label-hidden">Finding informations about built-in kernel-modules</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="http://ask.xmodulo.com/find-information-builtin-kernel-modules-linux.html">http://ask.xmodulo.com/find-information-builtin-kernel-modules-linux.html</a></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Sep 18 2015</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=107&amp;2=comment&amp;3=comment" token="2KngjqS-KGXD0OHwQtWwMnAw4AeCzBizmuL6F-a6Y_Y"></drupal-render-placeholder> </section> Fri, 18 Sep 2015 12:09:14 +0000 Hoti 107 at https://tech.feedyourhead.at Auto-restart Linux-Sytem after a Kernel-Panic https://tech.feedyourhead.at/content/auto-restart-linux-sytem-after-kernel-panic <span class="field field--name-title field--type-string field--label-hidden">Auto-restart Linux-Sytem after a Kernel-Panic</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Sometimes Kernel-Panics happen. It's awful, and nobody wants them, but sh** happens. Sometimes it's because of a hardware problem, sometimes it's just a software problem. Mostly the system hangs then and administratos have to reboot the system. But it is possible to tell Linux to automatic reboot when a kernel-panic happens...</p> <p>A sysctl-key existists named "kernel.panic". We can set a value, how long the system will wait until it reboots. Just edit the /etc/sysctl.conf:</p> <pre> <code> kernel.panic = 30 </code></pre> <p>Now we can use sysctl to take over the changes:</p> <pre> <code> dr@tardis:/# sysctl -p kernel.panic = 30 </code></pre> <p>Finish, but there is something more connected to this topic... The Kernel-Documentations are very thrilling bed-lectures for all the geeks who love to read crime novels. In those docs there is a file called "sysrq.txt". I'll just post all the very interesting paragraphs here:</p> <pre> <code> Linux Magic System Request Key Hacks Documentation for sysrq.c * What is the magic SysRq key? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It is a 'magical' key combo you can hit which the kernel will respond to regardless of whatever else it is doing, unless it is completely locked up. * How do I enable the magic SysRq key? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You need to say "yes" to 'Magic SysRq key (CONFIG_MAGIC_SYSRQ)' when configuring the kernel. When running a kernel with SysRq compiled in, /proc/sys/kernel/sysrq controls the functions allowed to be invoked via the SysRq key. The default value in this file is set by the CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE config symbol, which itself defaults to 1. Here is the list of possible values in /proc/sys/kernel/sysrq: 0 - disable sysrq completely 1 - enable all functions of sysrq >1 - bitmask of allowed sysrq functions (see below for detailed function description): 2 = 0x2 - enable control of console logging level 4 = 0x4 - enable control of keyboard (SAK, unraw) 8 = 0x8 - enable debugging dumps of processes etc. 16 = 0x10 - enable sync command 32 = 0x20 - enable remount read-only 64 = 0x40 - enable signalling of processes (term, kill, oom-kill) 128 = 0x80 - allow reboot/poweroff 256 = 0x100 - allow nicing of all RT tasks You can set the value in the file by the following command: echo "number" >/proc/sys/kernel/sysrq The number may be written here either as decimal or as hexadecimal with the 0x prefix. CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE must always be written in hexadecimal. Note that the value of /proc/sys/kernel/sysrq influences only the invocation via a keyboard. Invocation of any operation via /proc/sysrq-trigger is always allowed (by a user with admin privileges). * How do I use the magic SysRq key? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On x86 - You press the key combo 'ALT-SysRq-<command key>'. Note - Some keyboards may not have a key labeled 'SysRq'. The 'SysRq' key is also known as the 'Print Screen' key. Also some keyboards cannot handle so many keys being pressed at the same time, so you might have better luck with "press Alt", "press SysRq", "release SysRq", "press <command key>", release everything. On SPARC - You press 'ALT-STOP-<command key>', I believe. On the serial console (PC style standard serial ports only) - You send a BREAK, then within 5 seconds a command key. Sending BREAK twice is interpreted as a normal BREAK. On PowerPC - Press 'ALT - Print Screen (or F13) - <command key>, Print Screen (or F13) - <command key> may suffice. On other - If you know of the key combos for other architectures, please let me know so I can add them to this section. On all - write a character to /proc/sysrq-trigger. e.g.: echo t > /proc/sysrq-trigger * What are the 'command' keys? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'b' - Will immediately reboot the system without syncing or unmounting your disks. 'c' - Will perform a system crash by a NULL pointer dereference. A crashdump will be taken if configured. 'd' - Shows all locks that are held. 'e' - Send a SIGTERM to all processes, except for init. 'f' - Will call oom_kill to kill a memory hog process. 'g' - Used by kgdb (kernel debugger) 'h' - Will display help (actually any other key than those listed here will display help. but 'h' is easy to remember :-) 'i' - Send a SIGKILL to all processes, except for init. 'j' - Forcibly "Just thaw it" - filesystems frozen by the FIFREEZE ioctl. 'k' - Secure Access Key (SAK) Kills all programs on the current virtual console. NOTE: See important comments below in SAK section. 'l' - Shows a stack backtrace for all active CPUs. 'm' - Will dump current memory info to your console. 'n' - Used to make RT tasks nice-able 'o' - Will shut your system off (if configured and supported). 'p' - Will dump the current registers and flags to your console. 'q' - Will dump per CPU lists of all armed hrtimers (but NOT regular timer_list timers) and detailed information about all clockevent devices. 'r' - Turns off keyboard raw mode and sets it to XLATE. 's' - Will attempt to sync all mounted filesystems. 't' - Will dump a list of current tasks and their information to your console. 'u' - Will attempt to remount all mounted filesystems read-only. 'v' - Forcefully restores framebuffer console 'v' - Causes ETM buffer dump [ARM-specific] 'w' - Dumps tasks that are in uninterruptable (blocked) state. 'x' - Used by xmon interface on ppc/powerpc platforms. Show global PMU Registers on sparc64. 'y' - Show global CPU Registers [SPARC-64 specific] 'z' - Dump the ftrace buffer '0'-'9' - Sets the console log level, controlling which kernel messages will be printed to your console. ('0', for example would make it so that only emergency messages like PANICs or OOPSes would make it to your console.) </code></pre> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Feb 20 2015</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/tricks" hreflang="en">Tricks</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=56&amp;2=comment&amp;3=comment" token="M4b-dZUipIUpWVgirGLeUps0c4ci785nqMyIq0mFVB8"></drupal-render-placeholder> </section> Fri, 20 Feb 2015 09:38:27 +0000 Hoti 56 at https://tech.feedyourhead.at