1
00:00:00,000 --> 00:00:17,280
Hey guys and welcome back. So in the previous nugget we learned a little bit more about

2
00:00:17,280 --> 00:00:24,120
the kernel modules. We could see how we could manually intervene and load and remove and

3
00:00:24,120 --> 00:00:30,120
list these modules but we understand that the kernel itself largely is going to work

4
00:00:30,120 --> 00:00:35,399
in an automatic fashion. This is just making your life much much easier we don't have to

5
00:00:35,399 --> 00:00:40,760
think so hard so it really is quite handy. But now we have that information under our

6
00:00:40,760 --> 00:00:46,439
belt. I want to turn our attention to some general kernel configuration information.

7
00:00:46,439 --> 00:00:51,719
So the first thing I want to talk to you about is a particular location and that location

8
00:00:51,719 --> 00:01:00,439
is in the proc directory and then the sys directory and then the kernel directory. Now within here

9
00:01:00,439 --> 00:01:06,120
we're going to house what are effectively the live settings that are running for the kernel.

10
00:01:06,120 --> 00:01:11,799
Now one thing to note is that these settings are very different from the actual modules themselves

11
00:01:11,799 --> 00:01:17,400
to try not to confuse the two. So if I would happen to go in to this particular directory

12
00:01:17,480 --> 00:01:23,719
go into the proc directory and then into sys do an ls we see we have our kernel directory right

13
00:01:23,719 --> 00:01:30,200
here. Right here we can see a whole bunch of configurations and options relating to how our

14
00:01:30,200 --> 00:01:34,920
kernel is going to operate. So things like the bootloader type or the bootloader version

15
00:01:34,920 --> 00:01:41,880
or maybe the maximum amount of threads all of this information we can find within this location

16
00:01:41,879 --> 00:01:49,319
right here proc sys kernel. Now like I say these actually denote settings which are running live

17
00:01:49,319 --> 00:01:56,759
on the system right now. Now if you actually want to make changes to the system such that the changes

18
00:01:56,759 --> 00:02:02,199
take effect when the boot operation starts we would have to use a very particular configuration

19
00:02:02,199 --> 00:02:06,919
file so let me show you what this file is going to be going to be in the sys directory which

20
00:02:06,920 --> 00:02:15,479
should come as no surprise this is a system-wide configuration file and we go into sysctl.conf

21
00:02:15,479 --> 00:02:21,319
and again like I say this file right here is where you can tell the system when it boots up

22
00:02:21,319 --> 00:02:28,599
how you want all the settings within proc sys kernel how you want those settings to be stored

23
00:02:28,599 --> 00:02:34,680
and you can make this permanent by making these changes within this file right here. So if we go

24
00:02:34,680 --> 00:02:43,879
to the sys directory doing ls and in fact let me just grip for sysctl notice we have our sysctl

25
00:02:43,879 --> 00:02:49,960
conf file so if I happen to go in here and hit enter notice this is the configuration file for

26
00:02:49,960 --> 00:02:57,240
system variables and we can do things like setting the kernel domain name or we can allow for certain

27
00:02:57,240 --> 00:03:03,080
activities say for example if we want to have packet forwarding i.e network address translation

28
00:03:03,080 --> 00:03:08,840
this is something we talked about in the lpik one examination we could for example uncomment out

29
00:03:08,840 --> 00:03:16,280
this line and allow for this setting to take place upon boot now notice that this is all in this file

30
00:03:16,280 --> 00:03:25,240
right here but actually it's worth noting is that we also have this sysctl.d what this is is basically

31
00:03:25,240 --> 00:03:31,080
a directory now the thing to note about this directory is that within this directory you

32
00:03:31,080 --> 00:03:38,440
can ultimately specify similar settings so again i go into my directory and to enter we do an ls we

33
00:03:38,440 --> 00:03:44,520
see multiple configuration files for different operations but really what i want to stress is

34
00:03:44,520 --> 00:03:50,200
that if you happen to make some type of configuration change to a file within this directory and it

35
00:03:50,200 --> 00:03:57,480
happens to conflict with something you have specified directly in the sysctl.conf file understand

36
00:03:57,479 --> 00:04:04,519
that the sysctl.conf file is going to take precedence i.e anything within this file right here

37
00:04:04,519 --> 00:04:11,959
will override anything you have within the sysctl.d directory so this conf file is going to take

38
00:04:11,959 --> 00:04:18,759
priority if we have additional information which is not specified here but is specified in the

39
00:04:18,759 --> 00:04:24,199
directory then that can take effect but any conflicts are going to be resolved by having

40
00:04:24,199 --> 00:04:29,959
the sysctl.conf file take that priority now one thing to note is that we can actually make such

41
00:04:29,959 --> 00:04:35,959
changes manually using a particular command as opposed to modifying a configuration file

42
00:04:35,959 --> 00:04:44,599
and that is by using the sspin sysctl within the sspin directory so let's actually explore

43
00:04:44,599 --> 00:04:50,519
this command right here then so what i will do i'll just clear my screen and what i'll do is i'll

44
00:04:50,599 --> 00:04:56,680
actually go back to my home directory right now and i'll just say man sysctl now it's going to say

45
00:04:56,680 --> 00:05:03,560
here this command allows us to configure kernel parameters at runtime and the parameters are

46
00:05:03,560 --> 00:05:10,680
going to be located again within proc sys and note we can use this command to both read the sysctl

47
00:05:10,680 --> 00:05:17,879
data as well as to write new sysctl data so if we happen to scroll on down we're going to see a

48
00:05:17,879 --> 00:05:24,439
whole bunch of different options here is one right here dash a or dash dash all this is going to

49
00:05:24,439 --> 00:05:30,360
allow us to display all the values currently available so if we happen to try and use this one

50
00:05:30,360 --> 00:05:40,360
so sysctl dash a these are all our current kernel settings right now so things like net ipv4 ip

51
00:05:40,360 --> 00:05:47,240
forwarding this is set to the value zero pretty much this means this is inactive and not enabled

52
00:05:47,240 --> 00:05:54,040
this behavior so we could make a change to this behavior directly within the sysctl.conf

53
00:05:54,040 --> 00:06:00,120
file which would allow this behavior to stick and be persistent over multiple reboots or we could

54
00:06:00,120 --> 00:06:06,280
change this behavior in real time using the sysctl command so if i would happen to take

55
00:06:07,000 --> 00:06:13,480
this configuration right here let me copy this and if i wanted to write a new change using the sysctl

56
00:06:13,480 --> 00:06:20,360
command again if i check the man page we can see we have the dash w option or dash dash right and

57
00:06:20,360 --> 00:06:26,840
this is going to allow us to ultimately write in particular changes so let's press q clear the screen

58
00:06:26,840 --> 00:06:34,520
i'll say sysctl dash w to write a change and now i'll actually type in the value i want to modify so

59
00:06:34,520 --> 00:06:39,400
i'll paste this in open i've pasted this in and correctly what i want to do is to actually get

60
00:06:39,399 --> 00:06:45,799
rid of the spaces here and i'll actually modify the value so that it is one instead so if i hit

61
00:06:45,799 --> 00:06:55,079
enter now notice the value has indeed been updated so if i now do sysctl dash a and in fact let me

62
00:06:55,079 --> 00:07:00,359
just grip for the word forwards and that's that's still a little bit too verbose just to make it a

63
00:07:00,359 --> 00:07:06,599
little bit easier i'll say grip ip forward we can see the actual value here has now been modified

64
00:07:06,600 --> 00:07:11,800
and again if we wanted to make this change persistence so that it takes effect when the

65
00:07:11,800 --> 00:07:18,439
system is booted up or rebooted whereabouts would we make that change well we know it's going to be

66
00:07:18,439 --> 00:07:26,280
an xt sysctl dot conf in this case here we could just uncomment this out and save the file to get

67
00:07:26,280 --> 00:07:31,080
the similar effects but with persistence now another thing which i want to talk to you about

68
00:07:31,079 --> 00:07:38,199
that is very important with respect to the kernel is udev now in modern linux systems

69
00:07:38,199 --> 00:07:45,639
the files that we have within the dev directory ultimately tell us what is attached to our system

70
00:07:45,639 --> 00:07:51,799
so imagine something like say a usb gets attached information relating to this device is going to

71
00:07:51,799 --> 00:07:59,399
be within the dev directory now we have this daemon called udevd and this actually works

72
00:07:59,399 --> 00:08:05,719
directly with the kernel so that we can manage the files that we would have within the dev directory

73
00:08:05,719 --> 00:08:13,719
so you can imagine udev as a type of watchdog and if a particular device is attached to our system

74
00:08:13,719 --> 00:08:20,439
udev is going to watch the system and then load in the kernel module that happens to be needed

75
00:08:20,439 --> 00:08:27,959
so again the example being usb is plugged in udev notices this and then loads the necessary

76
00:08:27,959 --> 00:08:34,439
usb module into the kernel and everything works on the fly this is what i'm talking about with the

77
00:08:34,439 --> 00:08:41,639
automated process udev is making this much much easier for us than having to manually go in locate

78
00:08:41,639 --> 00:08:48,519
a particular kernel module and load it in as appropriate now similarly if you happen to remove

79
00:08:48,519 --> 00:08:56,600
that usb stick udev again is going to handle the kernel module and remove that module since it's

80
00:08:56,600 --> 00:09:03,960
no longer needed and we know that the kernel is indeed modular so if this particular module is

81
00:09:03,960 --> 00:09:11,080
no longer needed then strip it down and keep things more efficient again everything handled under

82
00:09:11,080 --> 00:09:20,040
the hood by udev or the udevd daemon so if udev is looking for what exactly is plugged in how do we

83
00:09:20,040 --> 00:09:26,440
see as the system administrator what those devices actually are well we do have a bunch of options

84
00:09:26,440 --> 00:09:35,160
available to us and tools to help us with this task the very first one is ls usb now you can

85
00:09:35,160 --> 00:09:41,160
probably guess what this actually does from the terminology we have ls that is going to list and

86
00:09:41,160 --> 00:09:49,480
we're going to list the usb devices attached to our system so what i could do is say man ls usb

87
00:09:49,480 --> 00:09:56,120
and we can see here this is a utility for displaying information about the usb buses in the system and

88
00:09:56,120 --> 00:10:01,560
devices connected to them and we can see all these additional options that we have to get

89
00:10:01,560 --> 00:10:07,720
different types of information so if i press q and i shoot the command ls usb what i'm actually

90
00:10:07,720 --> 00:10:13,720
seeing right here is information relating to my virtual machine this is because i am running

91
00:10:13,720 --> 00:10:19,399
zbuntu on virtual box but if this happened to be a real-life physical machine then of course i would

92
00:10:19,399 --> 00:10:25,799
get information relating to that instead now the other command we have available to us is ls pc i

93
00:10:25,799 --> 00:10:35,159
if i say man ls pc i again similar to ls usb this is not going to show us usb buses but instead pc

94
00:10:35,159 --> 00:10:41,240
i buses in the system and the device is connected to them and again just like we saw before we have

95
00:10:41,240 --> 00:10:47,079
a whole bunch of different options if i scroll on down we can do things like be verbose or be very

96
00:10:47,079 --> 00:10:55,479
verbose or show kernel drivers so on so forth if i press q i can say ls pc i we can see all the pc i

97
00:10:55,560 --> 00:11:03,800
information i can say ls pc i with a dash v to get more verbose information or i can say dash k to get

98
00:11:03,800 --> 00:11:09,960
the kernel related information with respect to the pc i devices now another command we have

99
00:11:09,960 --> 00:11:15,879
available to us is ls dev this is not going to be installed by default but what i can do is say

100
00:11:15,879 --> 00:11:24,200
apt install proc info and to enter so now if i say man ls dev we can see here this is going to give us

101
00:11:24,200 --> 00:11:30,759
information relating to installed hardware so we'll see things such as interrupt requests

102
00:11:31,400 --> 00:11:39,000
and direct memory access channels so if i happen to use this command ls dev we can see all of that

103
00:11:39,000 --> 00:11:43,960
information now the way the ls dev command actually worked is that it's going to gather

104
00:11:43,960 --> 00:11:49,640
information from some particular locations and these locations will be within the proc directory

105
00:11:49,639 --> 00:11:56,519
so for direct memory access it will be in proc dma for our input output information we will get it

106
00:11:56,519 --> 00:12:04,439
from proc i o ports to show the input output and with respect to our interrupt requests the ls dev

107
00:12:04,439 --> 00:12:09,879
command will look into the proc folder and then the interrupts file now one thing you may notice

108
00:12:09,879 --> 00:12:16,039
with respect to the ls dev command is that it's a very simple command it does not have any additional

109
00:12:16,039 --> 00:12:23,639
options i.e if you happen to do ls dev dash maybe s it actually has no effect on the output we get

110
00:12:23,639 --> 00:12:31,319
the exact same output similarly if you do dash q the exact same output or dash f or dash y it really

111
00:12:31,319 --> 00:12:38,919
is a singular command pulling from those files now one more command we have to understand that is

112
00:12:38,919 --> 00:12:44,599
very important with respect to you dev in fact i should clarify we're going to have two important

113
00:12:44,600 --> 00:12:50,360
commands the first of which is going to be a deprecated command that is no longer recommended

114
00:12:50,360 --> 00:12:56,920
but again we have to understand it for the purposes of the exam and the second command is the modern

115
00:12:56,920 --> 00:13:03,560
way to use the command so the first one is going to be you dev monitor all one word this is going

116
00:13:03,560 --> 00:13:11,000
to allow us to see real-time information relating to our devices as we plug stuff in and unplug them

117
00:13:11,000 --> 00:13:17,960
so say for example you run you dev monitor and you plug in a usb stick this information in real

118
00:13:17,960 --> 00:13:23,799
time is going to be displayed when you are running the you dev monitor command and again like i say

119
00:13:23,799 --> 00:13:30,039
this is a deprecated implementation so you may see it on older linux systems but this is not the

120
00:13:30,039 --> 00:13:39,000
recommended way any longer instead we have the command you dev a dm for administrator and then

121
00:13:39,000 --> 00:13:45,720
a space and then the word monitor this is the modern way to get the same type of information

122
00:13:45,720 --> 00:13:53,159
so if we happen to run this command i'll say you dev monitor which is the deprecated way notice it

123
00:13:53,159 --> 00:14:01,240
says the command is not found but if we happen to say you dev adm space monitor we are now waiting

124
00:14:01,240 --> 00:14:08,200
and are ready to receive any real-time information relating to our devices as they're plugged in and

125
00:14:08,200 --> 00:14:13,320
plugged out again now as it transpires i am on a virtual machine i'm not going to be attaching

126
00:14:13,320 --> 00:14:19,400
any usb's but if i did you would know that this information would be ultimately reported to me

127
00:14:19,400 --> 00:14:26,759
on my terminal window via the udf adm monitor command so this really is a valuable tool for us

128
00:14:26,759 --> 00:14:33,800
as linux systems administrators to be able to monitor our system as external devices are attached

129
00:14:33,879 --> 00:14:39,319
and detached okay doctor that is us for kernel configuration options we still have

130
00:14:39,319 --> 00:14:44,519
more information to get to so how about we keep on going so i hope this has been informative for you

131
00:14:44,519 --> 00:14:50,039
and i'd like to thank you for viewing